| Commit message (Collapse) | Author | Age |
|---|
| |\
| |
| | |
system tests: avoid rmi -a ... plus cleanup
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
I noticed 'rmi -a' in a test. I tried to fix it. Hilarity ensued.
'rmi -a' is evil: it forces a fresh pull of our test image,
which in turn almost guarantees a flake some day. We avoid
it, but once in a while it slips in.
While fixing it, I noticed a bevy of other problems that
needed cleanup.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changes:
- use --timestamp option to produce 'created' stamps
that can be reliably tested in the image-history test
- podman now supports manifest & multiarch run, so we
no longer need buildah
- bump up base alpine & busybox images
This turned out to be WAY more complicated than it should've been,
because:
- alpine 3.14 fixed 'date -Iseconds' to include a colon in
the TZ offset ("-07:00", was "-0700"). This is now consistent
with GNU date's --iso-8601 format, yay, so we can eliminate
a minor workaround.
- with --timestamp, all ADDed files are set to that timestamp,
including the custom-reference-timestamp file that many tests
rely on. So we need to split the build into two steps. But:
- ...with a two-step build I need to use --squash-all, not --squash, but:
- ... (deep sigh) --squash-all doesn't work with --timestamp (#14536)
so we need to alter existing tests to deal with new image layers.
- And, long and sordid story relating to --rootfs. TL;DR that option
only worked by a miracle relating to something special in one
specific test image; it doesn't work with any other images. Fix
seems to be complicated, so we're bypassing with a FIXME (#14505).
And, unrelated:
- remove obsolete skip and workaround in run-basic test (dating
back to varlink days)
- add a pause-image cleanup to avoid icky red warnings in logs
Fixes: #14456
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Problem: the system test 'is()' checker was poorly thought out.
For example, there is no way to check for inequality or for
absence of a substring.
Solution, step 1: introduce new assert(), copied almost verbatim
from buildah, where it has been successful in addressing the
gaps in is().
The logical next step is to search the tests for 'die' and
for 'run', looking for negative assertions which we can
replace with assert(). There were a lot, and in the process
I found a number of ugly bugs in the tests themselves. I've
taken the liberty of fixing these.
Important note: at this time we have both assert() and is().
Replacing all instances of is() would be impossible to review.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Make sure to ignore local {container,docker}ignore files when building a
local pause image. Otherwise, we may mistakenly not be able to copy
catatonit into the build container.
Fixes: #13529
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Invoking parallel/concurrent builds from podman race against each other
following behviour was fixed in
https://github.com/containers/storage/pull/1153 and https://github.com/containers/image/pull/1480
Test verifies if following bug is fixed in new race-free API or not.
Read more about this issue, see bz 2055487 for more details.
More details here: https://github.com/containers/buildah/pull/3794 and https://github.com/containers/podman/pull/13339
Co-authored-by: Ed Santiago <santiago@redhat.com>
Signed-off-by: Aditya R <arajan@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
When removing a container created with a --volumes-from a container
created with a built in volume, we complain if the original container
still exists. Since this is an expected state, we should not complain
about it.
Fixes: https://github.com/containers/podman/issues/12808
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
| |
Fixes: https://github.com/containers/podman/issues/12763
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* Replace https://github.com/containers/podman/blob/master
with https://github.com/containers/podman/blob/main
to match the new default branch "main". Previously
the default branch was "master". This is the only
occurence found in the code.
* Replace https://raw.githubusercontent.com/containers/libpod/master
with https://raw.githubusercontent.com/containers/podman/main
Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Old build tests were expecting genric error code `125` however another
commit in this PR ensures that we relay exact exit code from build to
registry.
Hence adjusting tests
Signed-off-by: Aditya Rajan <arajan@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Volume test: add a sequence of stat()s to confirm that volumes
are mounted as a different device than root.
Network test: add debugging code for #11825 (dnsmasq inotify
failure in bodhi only).
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Make Podman more tolerant when parsing image volumes during container
creation and further fix an infinite loop when checking them.
Consider `VOLUME ['/etc/foo', '/etc/bar']` in a Containerfile. While
it looks correct to the human eye, the single quotes are wrong and yield
the two volumes to be `[/etc/foo,` and `/etc/bar]` in Podman and Docker.
When running the container, it'll create a directory `bar]` in `/etc`
and a directory `[` in `/` with two subdirectories `etc/foo,`. This
behavior is surprising to me but how Docker behaves. We may improve on
that in the future. Note that the correct way to syntax for volumes in
a Containerfile is `VOLUME /A /B /C` or `VOLUME ["/A", "/B", "/C"]`;
single quotes are not supported.
This change restores this behavior without breaking container creation
or ending up in an infinite loop.
BZ: https://bugzilla.redhat.com/show_bug.cgi?id=2014149
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Add --time flag to podman container rm
Add --time flag to podman pod rm
Add --time flag to podman volume rm
Add --time flag to podman network rm
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- logs: remove unnecessary sleeps. This saves ~25s.
Unfortunately, journald seems to have some sort of lag,
so we need to keep retrying until we get the 'after' string.
- ps: add placeholder test for once buildah 3544 is fixed
- cp: bulk-kill containers when finished, instead of one by one.
This is a big change and only saves about 8s per run, but hey.
- mount,pause,healthcheck: 'podman stop -t 0' before rm'ing containers.
Easy 50s.
Have I mentioned, lately, that 'podman rm -f' needs a '-t 0' flag?
- play: same, and also 'podman pod stop'. Seems to shave ~20s.
- socket-activation: UGH! Buggy and useless tests! They were
running "sleep 90" containers for no reason whatsoever. I
assume the intention was to run them with "-d", so that's
what I've done here. Also fixed some language. 180 seconds!
(Unrelated: cleanup in 070-build, use $IMAGE, not alpine)
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |
|
|
|
|
|
| |
Use EvalSymlinks() to find the context directory, in case there's
shenanigans.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* 070-build:
- remove workaround for #9567, which is closed.
- add many more cases to the ignorefile test,
to test complicated special cases of Buildah PR 3486.
* 160-volumes:
- remove a skip_if_remote, volumes now work on remote
- use a random name for tarball, and clean up when
done using it. This fixes a gating-test failure
(test runs as root, then rootless, and rootless
can't clobber root's file).
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |
|
|
|
|
|
|
| |
Fix copy tests after https://github.com/containers/buildah/pull/3486
[NO TESTS NEEDED]
Signed-off-by: Aditya Rajan <arajan@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When attempting to run remote builds, users with UID/GID values that
were high enough that they wouldn't be mapped into their default user
namespace configurations would see their builds fail when the server
attempted to extract the build contexts that they supplied, and failed
to set ownership of the build context content to the UID/GID that were
originally assigned to them.
When archiving the build context at the client, set ownership of
everything to 0:0, which we know is always mapped. Both ADD and COPY
require that we set the ownership of newly-added content to 0:0 (unless
the --chown flag is used), so throwing away the original ownership
information doesn't hurt, anyway. As usual, tarballs that we extract
as part of ADD aren't going to be affected.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
|
| |
|
|
|
|
| |
Add hidden --load and --progress flag as well.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Address a number of issues in the streaming logic in remote build, most
importantly an error in using buffered channels on the server side.
The pattern below does not guarantee that the channel is entirely read
before the context fires.
for {
select {
case <- bufferedChannel:
...
case <- ctx.Done():
...
}
}
Fixes: #10154
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The multi-image load test was failing on non-x86_64 arch,
because the images used by the test (:00000000, :20200902)
did not have manifests for the given arch.
Solution: all we need are two nonlocal images. Use the
predefined NONLOCAL_IMAGE for one, and a new :multiimage
tag (manually created, currently == :20210610) for the other.
Document, so if/when RHEL adds new supported arches, the
test will fail but a maintainer will have a clue what to do.
Also, as long as I'm in here: add 'image prune -f' to teardown
in build.bats, to avoid seeing lots of red "stray image"
warnings in test logs.
Also: skip a broken/flaky python test
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
$ mkdir zzz;cd zzz
$ printf "FROM quay.io/libpod/testimage:20210610\nCOPY ./ ./\nCOPY subdir ./\n" >Dockerfile
$ printf "*\nsubdir\n\!*/sub1*\n" >.dockerignore
$ mkdir subdir; touch subdir/sub1.txt
$ ../bin/podman-remote build .
Should fail, but succeeds because we are not sending over the
.dockerignore file to the server side. This PR will send the
.dockerignore so the server side and use it.
Fixes: #10907
Also if both .containerignore and .dockerignore in the context
directory, podman-remote should prefer .containerignore and not use
.dockerignore.
Fixes: #10908
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
If the user specifies "*" in a .dockerignore or a .containerignore
then podman-remote build should not exclude the Dockerfile or
Containerfile or any content pointed to by `-f` in the context
directory.
We still need these files on the server side to complete the build.
Fixes: https://github.com/containers/podman/issues/9867
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumps [github.com/containers/storage](https://github.com/containers/storage) from 1.32.3 to 1.32.5.
- [Release notes](https://github.com/containers/storage/releases)
- [Changelog](https://github.com/containers/storage/blob/main/docs/containers-storage-changes.md)
- [Commits](https://github.com/containers/storage/compare/v1.32.3...v1.32.5)
---
updated-dependencies:
- dependency-name: github.com/containers/storage
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
| |
Fixes: https://github.com/containers/podman/issues/10621
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
podman-remote build has to handle multiple different locations
for the Containerfile. Currently this works in local mode but not
when using podman-remote.
Fixes: https://github.com/containers/podman/issues/9871
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
| |
Fixes: https://github.com/containers/podman/issues/10444
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
| |
Fixes: https://github.com/containers/podman/issues/9893
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The initial version of libimage changed the order of layers which has
now been restored to remain backwards compatible.
Further changes:
* Fix a bug in the journald logging which requires to strip trailing
new lines from the message. The system tests did not pass due to
empty new lines. Triggered by changing the default logger to
journald in containers/common.
* Fix another bug in the journald logging which embedded the container
ID inside the message rather than the specifid field. That surfaced
in a preceeding whitespace of each log line which broke the system
tests.
* Alter the system tests to make sure that the k8s-file and the
journald logging drivers are executed.
* A number of e2e tests have been changed to force the k8s-file driver
to make them pass when running inside a root container.
* Increase the timeout in a kill test which seems to take longer now.
Reasons are unknown. Tests passed earlier and no signal-related
changes happend. It may be CI VM flake since some system tests but
other flaked.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Migrate the Podman code base over to `common/libimage` which replaces
`libpod/image` and a lot of glue code entirely.
Note that I tried to leave bread crumbs for changed tests.
Miscellaneous changes:
* Some errors yield different messages which required to alter some
tests.
* I fixed some pre-existing issues in the code. Others were marked as
`//TODO`s to prevent the PR from exploding.
* The `NamesHistory` of an image is returned as is from the storage.
Previously, we did some filtering which I think is undesirable.
Instead we should return the data as stored in the storage.
* Touched handlers use the ABI interfaces where possible.
* Local image resolution: previously Podman would match "foo" on
"myfoo". This behaviour has been changed and Podman will now
only match on repository boundaries such that "foo" would match
"my/foo" but not "myfoo". I consider the old behaviour to be a
bug, at the very least an exotic corner case.
* Futhermore, "foo:none" does *not* resolve to a local image "foo"
without tag anymore. It's a hill I am (almost) willing to die on.
* `image prune` prints the IDs of pruned images. Previously, in some
cases, the names were printed instead. The API clearly states ID,
so we should stick to it.
* Compat endpoint image removal with _force_ deletes the entire not
only the specified tag.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |
|
|
| |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
|
|
| |
This test continues to flake on podman-remote (especially Ubuntu)
even after #10030 and #10034. I give up. Stop checking the error
message in podman-remote tests.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |
|
|
|
|
| |
Fixes: https://github.com/containers/podman/issues/9572
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Fix handling of SecurityOpts
LabelOpts
SeccompProfilePath
ApparmorProfile
Fix Ulimits
Fixes: https://github.com/containers/podman/issues/9869
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Currently pull policy is set incorrectly when users set --pull-never.
Also pull-policy is not being translated correctly when using
podman-remote.
Fixes: #9573
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- cp test: clean up stray image
- build test: add workaround for #9567 (ultra-slow ubuntu).
We're seeing CI flakes (timeouts) due to ubuntu 2004 being
absurdly slow. Workaround: double our timeout on one specific
test when ubuntu + remote.
- build test: clean up new copy-from test (from #9275).
The test was copy-pasted from buildah system tests, without
really adapting for podman environment (e.g. it was using
images that we don't use here, and would cause pulls, which
will cause flakes). Rewrite test so it references only $IMAGE,
remove some confusing/unnecessary stuff, selectively run
parts of it even when rootless or remote, and add a
test to confirm that copy-from succeeded.
- load test: add error-message test to new load-invalid (#9672).
Basically, make sure the command fails for the right reason.
- play test (kube): use $IMAGE, not alpine; and add pause-image
cleanup to teardown()
- apiv2 mounts test: add a maintainability comment in a tricky
section of code; and tighten up the mount point test.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |
|
|
| |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
| |
Fixes: https://github.com/containers/podman/issues/9574
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
| |
Fixes: https://github.com/containers/podman/issues/9570
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
buildah now supports running under emulation[1] as well as
creating manifests. Use those features to create a multiarch
testimage that can be used to test podman on other arches.
[1] on Fedora 33, this requires the qemu-user-static package
We also build a new :00000001 image, replacing :00000000,
because (sigh) some tests try to run 'true' in the container.
Include instructions on building said image.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |\
| |
| | |
Add missing params for podman-remote build
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fixes: https://github.com/containers/podman/issues/9290
Currently we still have hard coded --isolation=chroot for podman-remote build.
Implement missing arguments for podman build
Implements
--jobs, --disable-compression, --excludes
Fixes:
MaxPullPushRetries
RetryDuration
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |/
|
|
|
|
|
|
|
|
| |
Make sure that Podman's default OCI runtime is passed to Buildah in
`podman build`. In theory, Podman and Buildah should use the same
defaults but the projects move at different speeds and it turns out
we caused a regression in v3.0.
Fixes: #9365
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
This reverts commit 15caebfe561952eaadd4896b7efb56f26724cce5.
The previous behaviour of `--pull` to *always* attempt to pull the image
and error out if the pull failed aligns with Docker. Since Podman aims
at feature parity with Docker, the `--pull` behaviour must match.
Fixes: #9134
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
The `--pull` flag should be using the "pull if newer" pull policy rather
than "pull always". This aligns with what the help message states, what
Buildah does and, according to #9111, what was done before,
Also add a test to prevent future regressions.
Fixes: #9111
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |\
| |
| | |
make sure the workdir exists on container mount
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
A container's workdir can be specified via the CLI via `--workdir` and
via an image config with the CLI having precedence.
Since images have a tendency to specify workdirs without necessarily
shipping the paths with the root FS, make sure that Podman creates the
workdir. When specified via the CLI, do not create the path, but check
for its existence and return a human-friendly error.
NOTE: `crun` is performing a similar check that would yield exit code
127. With this change, however, Podman performs the check and yields
exit code 126. Since this is specific to `crun`, I do not consider it
to be a breaking change of Podman.
Fixes: #9040
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
|
| |/
|
|
|
|
|
| |
The --default-mounts-file path was not being handled in
podman build. This will enable it to use for testing.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- stop: test --all and --ignore (#9051)
- build: test /run/secrets (#8679, but see below)
- sensitive mount points: deal with 'stat' failures
- selinux: confirm useful diagnostics on unknown labels (#8946)
The 'build' test is intended as a fix for #8679, in which
'podman build' does not mount secrets from mounts.conf.
Unfortunately, as of this writing, 'podman build' does
not pass the --default-mounts-file option to buildah,
so there's no reasonable way to test this path. Still,
we can at least confirm /run/secrets on 'podman run'.
The /sys thing is related to #8949: RHEL8, rootless, cgroups v1.
It's just a workaround to get gating tests to pass on RHEL.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |\
| |
| | |
Spelling
|
