| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Allow creating sigstore signatures via --sign-by-sigstore-private-key .
Like existing --sign-by, it does not work remote (in this case
because we would have to copy the private key to the server).
- Allow passing a passphrase (which is mandatory for sigstore private keys)
via --sign-passphrase-file; if it is not provided, prompt interactively.
- Also, use that passphrase for --sign-by as well, allowing non-interactive
GPG use. (But --sign-passphrase-file can only be used with _one of_
--sign-by and --sign-by-sigstore-private-key.)
Note that unlike the existing code, (podman build) does not yet
implement sigstore (I'm not sure why it needs to, it seems not to
push images?) because Buildah does not expose the feature yet.
Also, (podman image sign) was not extended to support sigstore.
The test for this follows existing (podman image sign) tests
and doesn't work rootless; that could be improved by exposing
a registries.d override option.
The test for push is getting large; I didn't want to
start yet another registry container, but that would be an
alternative. In the future, Ginkgo's Ordered/BeforeAll
would allow starting a registry once and using it for two
tests.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
... primarily so that it can support OCI artifacts.
2.8 already seems to exist in the repo.
This requires changing WaitContainerReady to also check
stderr (ultimately because docker/distribution was
updated to a more recent sirupsen/logrus, which logs
by default to stderr instead of stdout).
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
... instead of hard-coding a copy of the value.
Notably this makes hack/podman_registry actually
support the documented -i option.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
htpasswd is no longer included in docker.io/library/distribution
after 2.7.0, per https://github.com/docker/distribution-library-image/issues/107 ,
and we want to upgrade to a recent version.
At least system tests currently execute htpasswd from the OS,
so it seems that it is likely to be available.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
| |
|
|
|
|
|
| |
The key used in the tests has expired. Remove the expiration date to
turn CI happy and green.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
| |
|
|
|
|
|
|
| |
Probably a result of the Ubuntu images being bumped on Main but
not in this branch. Not worth chasing down exactly what's going
wrong, so let's just disable it.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
|
| |
|
|
|
|
|
|
|
|
|
| |
for podman pod create, when we are not sharing any namespaces there is no point for the infra container.
This is especially true since resources have also been decoupled from the container recently.
handle this on the cmd level so that we can still create infra if set explicitly
resolves #15048
Signed-off-by: Charlie Doern <cdoern@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Option defaults in API must be the same as in CLI.
```
% podman image push --help
% podman image pull --help
% podman manifest push --help
% podman image search --help
```
All of these CLI commands them have --tls-verify=true by default:
```
--tls-verify require HTTPS and verify certificates when accessing the registry (default true)
```
As for `podman image build`, it doesn't have any means to control
`tlsVerify` parameter but it must be true by default.
Signed-off-by: Vladimir Kochnev <hashtable@yandex.ru>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some refer to issues that are closed. Remove them.
Some are runc bugs that will never be fixed. Say so, and remove
the FIXME.
One (bps/iops) should probably be fixed. File an issue for it, and
update comment to include the issue# so my find-obsolete-skips script
can track it.
And one (rootless mount with a "kernel bug?" comment) is still
not fixed. Leave the skip, but add a comment documenting the symptom.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |
|
|
|
|
| |
And a new one for `run --detach`.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
I honestly do not understand all this extra option parsing here but
there is really no reason to exclude the option for remote, all the
other global options are also set there.
This fixes a problem with mixed cni/netavark use because the option was
unset.
Fixes #15017
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Make sure containers created via API have the correct umask from
containers.conf set.
Fixes #15036
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |
|
|
|
|
|
| |
The network backend always has default config in memory so there is no
need to copy it. Also netavark cannot use it.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Docker uses "bridge" as default network name so some tools expect this
to work with network list or inspect. To fix this we change "bridge" to
the podman default ("podman") name.
Fixes #14983
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
`podman-remote push` has shown absolutely no progress at all. Fix that
by doing essentially the same as the remote-pull code does.
The get-free-out-of-jail-card for backwards compatibility is to let the
`quiet` parameter default to true. Since the --quioet flag wasn't
working before either, older Podman clients do not set it.
Also add regression tests to make sure we won't regress again.
Fixes: #11554
Fixes: #14971
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
create the /etc/passwd and /etc/group files if they are missing in the
image.
Closes: https://github.com/containers/podman/issues/14966
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
| |
|
|
|
|
|
| |
To make debugging easier we should see the command and its output when a
failure happens.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |
|
|
|
|
|
| |
By vendoring the fixes from containers/image. Also add a test (thanks
@edsantiago) to make sure we won't regress in the future again.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Update the init container type default to once instead
of always to match k8s behavior.
Add a new annotation that can be used to change the init
ctr type in the kube yaml.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Followup to #14957, which added a new test that doesn't
actually belong in the 250-systemd.bats file. It was
copy-pasted from another test that doesn't belong there.
Move both tests to a new .bats file, because (1) they
need a custom cleanup, and (2) one of the tests should
very definitely run under podman-remote, and the 250
bats file has a global skip_if_remote().
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As you run --sync, please update this commit message with your
actual changes.
Changes since 2022-06-14:
- apply-podman-deltas: (minor) buildah 4057 changed the name
of a test; make corresponding change here
- apply-podman-deltas: buildah 4071 adds a new OCI-hook
test that's failing in remote. Skip it.
- apply-podman-deltas: buildah 4096 changed an error message
- apply-podman-deltas: buildah 4097 added a test that doesn't
work with podman-remote
- run-buildah-bud-tests: only run 'sudo --validate' if we
need to sudo later (for running tests). Otherwise, same
thing: I run the treadmill script, step away, and come
back to an unnecessary sudo prompt.
- system tests: the new containers-storage changes some
error messages; fix tests to reflect that. (And, unrelated,
fix a red cleanup warning)
Signed-off-by: Ed Santiago <santiago@redhat.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
| |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Docker supports -H and --host for specify the listening socket. Podman
should support them also in order to match the CLI.
These will not be documented since Podman defaults to using the
--url option.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
|
| |
I added the shorthand option for `podman pull --all-tags`. Like Docker,
Podman can now do `podman pull -a`.
Signed-off-by: Jake Correnti <jcorrenti13@gmail.com>
|
| |
|
|
|
|
|
| |
Filter flag is added for podman stop and podman --remote stop. Filtering logic is implemented in
getContainersAndInputByContext(). Start filtering can be manipulated to use this logic as well to limit redundancy.
Signed-off-by: Karthik Elango <kelango@redhat.com>
|
| |
|
|
|
|
| |
Needed for Docker compatibility.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
|
| |
Add support for -c as an alias for --cpu-shares to be compatible with
Docker.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As part of fix for https://github.com/openshift/imagebuilder/issues/231
`FROM` does not expands `ARGS` which are not declared so
`TARGETPLATFORM`
Note: I think a patch should be added at imagebuilder to allow using
inbuilt ARGS in FROM without declaring it as well but it is something
to be discussed so lets declare it manually in our tests
[NO NEW TESTS NEEDED]
[NO TESTS NEEDED]
Signed-off-by: Aditya R <arajan@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
* Correct spelling and typos.
* Improve language.
Co-authored-by: Ed Santiago <santiago@redhat.com>
Signed-off-by: Erik Sjölund <erik.sjolund@gmail.com>
|
| |\
| |
| | |
Add ports and hostname correctly in kube yaml
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
If a pod is created without net sharing, allow adding
separate ports for each container to the kube yaml
and also set the pod level hostname correctly if the
uts namespace is not being shared.
Add a warning if the default namespace sharing options
have been modified by the user.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
|
| |\ \
| | |
| | | |
exit code improvements
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
Make sure to return/exit with 0 when waiting for a container that never
ran.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | | |
A copy-paste error led to use `alpine` instead.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
| |\ \ \
| |/ /
|/| | |
Refactored networkPrune function
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Refactored the networkPrune function to improve readability.
This commit changes the `networkPrune` function to
use the `PrintNetworkPruneResults` function.
[NO NEW TESTS NEEDED]
Signed-off-by: Toshiki Sonoda <sonoda.toshiki@fujitsu.com>
|
| |\ \ \
| | | |
| | | | |
podman wait can take multiple conditions
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Podman wait should not be defaulting to just stopped. By default
wait API waits for stopped and exited. We should not override this on
the client side.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |\ \ \ \
| | | | |
| | | | | |
Bump Compat API maximum version to v1.41
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Docker bumped their API, so we should do the same.
Fixes #14204
Signed-off-by: Matthew Heon <mheon@redhat.com>
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Followup to #14845: use defer(), not fragile global context,
to stop registry and clean up temporary envariable. Thanks
to mitr for the suggestion.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |\ \ \ \ \
| |_|/ / /
|/| | | | |
pkg: switch to golang native error wrapping
|
| | | |/ /
| |/| |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
We now use the golang error wrapping format specifier `%w` instead of
the deprecated github.com/pkg/errors package.
[NO NEW TESTS NEEDED]
Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
|
| |/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
manifest_test:authenticated_push() is the final test left to
fix before merging #14397. The reason it's failing _seems_ to be
that podman is running with a mix of netavark and CNI, and
that _seems_ to be because this test invokes hack/podman-registry
which invokes plain podman without whatever options used in e2e.
Starting a registry directly from the test is insane: there is
no reusable code for doing that (see login_logout_test.go and
push_test.go. Yeesh.)
Solution: set $PODMAN, by inspecting the podmanTest object
which includes both a path and a list of options. podman-registry
will invoke that. (It will also override --root and --runroot.
This is the desired behavior).
Also: add cleanup. If auth-push test fails, stop the registry.
Also: add a sanity check to podman-registry script, have it
wait for the registry port to activate. Die if it doesn't.
That could've saved us a nice bit of debugging time.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |\ \ \
| | | |
| | | | |
[minor] fix duplicate test name
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
copy/paste error in #14501.
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |\ \ \ \
| |/ / /
|/| | | |
port forward range test: fix an oops
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Wrong variable. And, wrong index range. And, wrong bash
syntax for extracting end_port. And, add explicit check
for valid range, because die() inside 'foo=$(...)' will not
actually die. And, refactor some confusing code. And,
reformat/clean up a confusing and too-wide comment.
Fixes: #14854
Signed-off-by: Ed Santiago <santiago@redhat.com>
|
| |\ \ \ \
| |/ / /
|/| | | |
fix namespace reporting
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
somehow, #14501 got through CI even though the remote tests fail. The testa are failing
due to the PodSpecGenerator not containing the UTSNs entitiy and infra's spec is not yet allowed to be accessed remotely
[NO NEW TESTS NEEDED]
resolves #14847
Signed-off-by: Charlie Doern <cdoern@redhat.com>
|
