| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Allow end users to preprocess default environment variables before
injecting them into container using `--env-merge`
Usage
```
podman run -it --rm --env-merge some=${some}-edit --env-merge
some2=${some2}-edit2 myimage sh
```
Closes: https://github.com/containers/podman/issues/15288
Signed-off-by: Aditya R <arajan@redhat.com>
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumps [github.com/mattn/go-isatty](https://github.com/mattn/go-isatty) from 0.0.14 to 0.0.16.
- [Release notes](https://github.com/mattn/go-isatty/releases)
- [Commits](https://github.com/mattn/go-isatty/compare/v0.0.14...v0.0.16)
---
updated-dependencies:
- dependency-name: github.com/mattn/go-isatty
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
github.com/container-orchestrated-devices/container-device-interface
Bumps [github.com/container-orchestrated-devices/container-device-interface](https://github.com/container-orchestrated-devices/container-device-interface) from 0.4.0 to 0.5.0.
- [Release notes](https://github.com/container-orchestrated-devices/container-device-interface/releases)
- [Commits](https://github.com/container-orchestrated-devices/container-device-interface/compare/v0.4.0...v0.5.0)
---
updated-dependencies:
- dependency-name: github.com/container-orchestrated-devices/container-device-interface
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
implement new ssh interface into podman
this completely redesigns the entire functionality of podman image scp,
podman system connection add, and podman --remote. All references to golang.org/x/crypto/ssh
have been moved to common as have native ssh/scp execs and the new usage of the sftp package.
this PR adds a global flag, --ssh to podman which has two valid inputs `golang` and `native` where golang is the default.
Users should not notice any difference in their everyday workflows if they continue using the golang option. UNLESS they have been using an improperly verified ssh key, this will now fail. This is because podman was incorrectly using the
ssh callback method to IGNORE the ssh known hosts file which is very insecure and golang tells you not yo use this in production.
The native paths allows for immense flexibility, with a new containers.conf field `SSH_CONFIG` that specifies a specific ssh config file to be used in all operations. Else the users ~/.ssh/config file will be used.
podman --remote currently only uses the golang path, given its deep interconnection with dialing multiple clients and urls.
My goal after this PR is to go back and abstract the idea of podman --remote from golang's dialed clients, as it should not be so intrinsically connected. Overall, this is a v1 of a long process of offering native ssh, and one that covers some good ground with podman system connection add and podman image scp.
Signed-off-by: Charlie Doern <cdoern@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
As the title says.
Vendor Buildah v1.27.0 into Podman in preparation for Buildah v4.2
[No New Tests Needed]
Signed-off-by: tomsweeneyredhat <tsweeney@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Improve the error message when attempting to remove an image that is in
use by an external/build container. Prior, the error only indicated
that the image was in use but did not aid in resolving the issue.
Fixes: #15006
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Allow creating sigstore signatures via --sign-by-sigstore-private-key .
Like existing --sign-by, it does not work remote (in this case
because we would have to copy the private key to the server).
- Allow passing a passphrase (which is mandatory for sigstore private keys)
via --sign-passphrase-file; if it is not provided, prompt interactively.
- Also, use that passphrase for --sign-by as well, allowing non-interactive
GPG use. (But --sign-passphrase-file can only be used with _one of_
--sign-by and --sign-by-sigstore-private-key.)
Note that unlike the existing code, (podman build) does not yet
implement sigstore (I'm not sure why it needs to, it seems not to
push images?) because Buildah does not expose the feature yet.
Also, (podman image sign) was not extended to support sigstore.
The test for this follows existing (podman image sign) tests
and doesn't work rootless; that could be improved by exposing
a registries.d override option.
The test for push is getting large; I didn't want to
start yet another registry container, but that would be an
alternative. In the future, Ginkgo's Ordered/BeforeAll
would allow starting a registry once and using it for two
tests.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
|
|
|
|
|
| |
... to get https://github.com/containers/common/pull/1106 .
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|
|\
| |
| |
| |
| | |
containers/dependabot/go_modules/github.com/BurntSushi/toml-1.2.0
Bump github.com/BurntSushi/toml from 1.1.0 to 1.2.0
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Bumps [github.com/BurntSushi/toml](https://github.com/BurntSushi/toml) from 1.1.0 to 1.2.0.
- [Release notes](https://github.com/BurntSushi/toml/releases)
- [Commits](https://github.com/BurntSushi/toml/compare/v1.1.0...v1.2.0)
---
updated-dependencies:
- dependency-name: github.com/BurntSushi/toml
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Bumps [google.golang.org/protobuf](https://github.com/protocolbuffers/protobuf-go) from 1.28.0 to 1.28.1.
- [Release notes](https://github.com/protocolbuffers/protobuf-go/releases)
- [Changelog](https://github.com/protocolbuffers/protobuf-go/blob/master/release.bash)
- [Commits](https://github.com/protocolbuffers/protobuf-go/compare/v1.28.0...v1.28.1)
---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Bumps [github.com/containernetworking/cni](https://github.com/containernetworking/cni) from 1.1.1 to 1.1.2.
- [Release notes](https://github.com/containernetworking/cni/releases)
- [Commits](https://github.com/containernetworking/cni/compare/v1.1.1...v1.1.2)
---
updated-dependencies:
- dependency-name: github.com/containernetworking/cni
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
|\ \
| | |
| | | |
Implement kubernetes secret handling for podman play kube
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
add support for both creating a secret using yaml and mounting a secret as a volume given a yaml file.
Kubernetes secrets have a different structure than podman and therefore have to be handeled differently.
In this PR, I have introduced the basic usecases of kube secrets with more implementations like env secrets
to come!
resolves #12396
Signed-off-by: Charlie Doern <cdoern@redhat.com>
|
| |/
|/|
| |
| |
| |
| |
| | |
By vendoring the fixes from containers/image. Also add a test (thanks
@edsantiago) to make sure we won't regress in the future again.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
|/
|
|
|
|
|
|
|
| |
Some deps cleaned by `make vendor`
[NO NEW TESTS NEEDED]
[NO TESTS NEEDED]
Signed-off-by: Aditya R <arajan@redhat.com>
|
|
|
|
| |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|
|
|
| |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|
|
|
|
|
|
|
| |
Switch to the latest version of the now go module compatible release.
[NO NEW TESTS NEEDED]
Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
|
|
|
|
|
|
|
|
|
| |
We now use the golang error wrapping format specifier `%w` instead of
the deprecated github.com/pkg/errors package.
[NO NEW TESTS NEEDED]
Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Since conmon-rs also uses this code we moved it to c/common. Now podman
should has this also to prevent duplication.
[NO NEW TESTS NEEDED]
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|
|
|
|
|
|
|
| |
using the new resource backend, implement podman pod create --memory which enables
users to modify memory.max inside of the parent cgroup (the pod), implicitly impacting all
children unless overriden
Signed-off-by: Charlie Doern <cdoern@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.7.5 to 1.8.0.
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](https://github.com/stretchr/testify/compare/v1.7.5...v1.8.0)
---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
|
|
|
|
|
|
|
|
| |
Pull in fixes for platform checks to silence annoying warnings when
pulling images by platforms using uname values.
Fixes: #14669
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
|
|
|
| |
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
|
|\
| |
| | |
podman cgroup enhancement
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
currently, setting any sort of resource limit in a pod does nothing. With the newly refactored creation process in c/common, podman ca now set resources at a pod level
meaning that resource related flags can now be exposed to podman pod create.
cgroupfs and systemd are both supported with varying completion. cgroupfs is a much simpler process and one that is virtually complete for all resource types, the flags now just need to be added. systemd on the other hand
has to be handeled via the dbus api meaning that the limits need to be passed as recognized properties to systemd. The properties added so far are the ones that podman pod create supports as well as `cpuset-mems` as this will
be the next flag I work on.
Signed-off-by: Charlie Doern <cdoern@redhat.com>
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.7.4 to 1.7.5.
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](https://github.com/stretchr/testify/compare/v1.7.4...v1.7.5)
---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
|\
| |
| | |
Update to use gopkg.in/yaml.v3
|
| |
| |
| |
| |
| |
| | |
[NO NEW TESTS NEEDED]
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Update cobra to latest version. Remove workaround for podman -h.
Also regenerate the completion scripts.
[NO NEW TESTS NEEDED]
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.7.2 to 1.7.4.
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](https://github.com/stretchr/testify/compare/v1.7.2...v1.7.4)
---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
|
|
|
| |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|
|
|
| |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|
|
|
|
|
|
|
| |
Changes since 2022-05-31:
- add --omit-history option (buildah PR 4028)
Signed-off-by: Ed Santiago <santiago@redhat.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|
|
|
|
|
|
| |
Note that the bud-logfile-with-split-logfile-by-platform test is skipped
on the remote client (see #14544).
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumps [github.com/opencontainers/runc](https://github.com/opencontainers/runc) from 1.1.2 to 1.1.3.
- [Release notes](https://github.com/opencontainers/runc/releases)
- [Changelog](https://github.com/opencontainers/runc/blob/v1.1.3/CHANGELOG.md)
- [Commits](https://github.com/opencontainers/runc/compare/v1.1.2...v1.1.3)
---
updated-dependencies:
- dependency-name: github.com/opencontainers/runc
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
|\
| |
| | |
use resolvconf package from c/common/libnetwork
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Podman and Buildah should use the same code the generate the resolv.conf
file. This mostly moved the podman code into c/common and created a
better API for it so buildah can use it as well.
[NO NEW TESTS NEEDED] All existing tests should continue to pass.
Fixes #13599 (There is no way to test this in CI without breaking the
hosts resolv.conf)
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
| |
| |
| |
| | |
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 20.10.16+incompatible to 20.10.17+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Changelog](https://github.com/moby/moby/blob/master/CHANGELOG.md)
- [Commits](https://github.com/docker/docker/compare/v20.10.16...v20.10.17)
---
updated-dependencies:
- dependency-name: github.com/docker/docker
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.7.1 to 1.7.2.
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](https://github.com/stretchr/testify/compare/v1.7.1...v1.7.2)
---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumps [github.com/containernetworking/cni](https://github.com/containernetworking/cni) from 1.1.0 to 1.1.1.
- [Release notes](https://github.com/containernetworking/cni/releases)
- [Commits](https://github.com/containernetworking/cni/compare/v1.1.0...v1.1.1)
---
updated-dependencies:
- dependency-name: github.com/containernetworking/cni
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
|
|
|
|
|
|
|
|
| |
v3.0.1 resolves GHSA-hp87-p4gw-j4gq - CVE-2022-28948.
While podman doesn't appear to be vulnerable to the CVE as the concerned
code isn't being called, this update should silence a dependabot alert.
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
|
|
|
|
|
|
| |
Bump buildah to v1.26.1-0.20220524184833-5500333c2e06
Signed-off-by: Aditya R <arajan@redhat.com>
|
|\
| |
| |
| |
| | |
containers/dependabot/go_modules/github.com/vbauerster/mpb/v7-7.4.2
build(deps): bump github.com/vbauerster/mpb/v7 from 7.4.1 to 7.4.2
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Bumps [github.com/vbauerster/mpb/v7](https://github.com/vbauerster/mpb) from 7.4.1 to 7.4.2.
- [Release notes](https://github.com/vbauerster/mpb/releases)
- [Commits](https://github.com/vbauerster/mpb/compare/v7.4.1...v7.4.2)
---
updated-dependencies:
- dependency-name: github.com/vbauerster/mpb/v7
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
|
|/
|
|
| |
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
|
|
|
|
|
|
|
| |
... to bring in github.com/proglottis/gpgme 0.1.2 , and test
its new use of pkg-config to find gpgme.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
|