The path mentioned above is linked in the sysadmin
article on running podman inside containers. The content
has since been moved and users are getting a 404 there now.
Add the path back with a readme pointing to the new location
of the content.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
podman.msi GUI has a radio-button to select WSL or Hyper-V
The checkbox in podman.msi GUI allow the user to specify if
the machine provider installation (WSL or Hyper-V) should
be part of podman installation or not.
podman-setup.exe supports 2 new variables: MachineProvider
(valid values are `wsl` and `hyperv`) and HyperVCheckbox
(valid values are `0` and `1`)
Installation creates the configuration file
`99-podman-machine-provider.conf` under folder
`%APPDATA\containers\containers.conf.d` with the selected
machine provider
Cirrus CI `win_installer_task` tests the installation with
both `hyperv` and `wsl` and verifies the configuration.
Uninstallation is tested too.
Note that podman-setup.exe GUI doesn't allow to choose the
provider yet. See https://github.com/containers/podman/issues/22492
Signed-off-by: Mario Loriedo <mario.loriedo@gmail.com>
Previously, the mac podman-machine tests installed rosetta before
executing any tests. As a best-practice (and because the Macs in CI are
shared) tests should never permanently modify the system. As of this
commit, the system setup script used for the CI Macs does the rosetta
installation. Remove the test setup code that installed rosetta and
add a CI-level confirmation that it's been pre-installed.
Signed-off-by: Chris Evich <cevich@redhat.com>
First, setup a custom TMPDIR to ensure we have no special assumptions
about hard coded paths. Second, make sure it is actually on a tmpfs so
we can catch regressions in the VM setup immediately.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Small usability improvements for our containerized validate target.
- Responds to SIGINT
- Exits if build fails, only validate if builds succeed
- Warns about potential of insufficient memory
- Document `make validatepr`
Signed-off-by: Ashley Cui <acui@redhat.com>
A long time ago, `passthrough_envars()` was defined in `lib.sh`. It has
since been moved, but the related comments were never updated. Update
the env. var. comments pointing future maintainers to the function that
relies on them. Otherwise a simple search w/in this repo. won't turn up
anything.
Signed-off-by: Chris Evich <cevich@redhat.com>
Followup to #13936 : add an exclusion to localmachine tests
so we can avoid running those on test- or doc-only PRs.
Reason: #22551, the machine-start-timeout flake, is causing
hours of wasted time.
Signed-off-by: Ed Santiago <santiago@redhat.com>
TMPDIR is typically /tmp which is typically(*) a tmpfs.
This PR ignores $TMPDIR when $CI is defined, forcing all
e2e tests to set up one central working directory in /var/tmp
instead.
Also, lots of cleanup.
(*) For many years, up to and still including the time of
this PR, /tmp on Fedora CI VMs is actually NOT tmpfs,
it is just / (root). This is nonstandard and undesirable.
Efforts are underway to remove this special case.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Both tests need the podman-registry script in $PATH, this never worked
locally as only the cirrus specific CI setup scripts configured this.
To make it work correctly locally add the hack dir to $PATH for these
Makefile targets.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
compose v1 has been deprecated for some time now, since July 2023 it no
longer receives any updates[1]. As such testing it on every PR is
pointless, it also does not provide any more coverage then compose v2.
At least I never saw only compose v1 test fails (except for flakes) so
it doesn't help us to catch regressions.
We tried to remove it before but decided against it at that time[2].
[1] https://docs.docker.com/compose/migrate/
[2] https://github.com/containers/podman/issues/18688
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
First of all this removes the need for a network connection, second
renovate can update the version as it is tracked in go.mod.
However the real important part is that the binary downloads are
broken[1]. For some reason the swagger created with them does not
include all the type information for the examples. However when building
from source the same thing works fine.
[1] https://github.com/go-swagger/go-swagger/issues/2842
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This PR is only a first step towards being able to validate developer
code locally prior to pushing a PR and using CI. Right now, we have a
prepared image in a temporary spot (will change when done). That image
can be used to exercise various podman builds, make validate, and DCO
check.
The idea here is we have a make target that spins a podman container (or
machine) and then execute a small script to perform the actual builds.
Note, these builds are to verify code, not make production binaries so
corners are cut. As of now, we choose to not build cross-arch binaries
because most of our problems thus far have been operating system builds
and not arch.
Of course this can be expanded in the future. This is just step one to
start getting some of it in place. The rest of the work is tracked in
JIRA under two cards.
Signed-off-by: Brent Baude <bbaude@redhat.com>
make validate should work locally, this check makes no sense in a local
context as it checks for a github label.
To fix this remove this check from the validate target and only use it
as part of the CI validate run.
While at it remove old dnf install step, the issue has been closed for a
long time and it should already be part of our base images.
Fixes#22031
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
we are having second thoughts about *requiring* a policy.json on podman
machine hosts. we are concerned that we need to work out some more use
cases to be sure we do not make choices now that limit us in the near
term future. for example, should the policy files be the same for
container images and machine images? And should one live on the host
machine and the other live in the machine?
therefore, if a policy.json *is* present in the correct location, we will use and honor it; however, if it does not, we will allow the machine image to be pulled without a policy.
Signed-off-by: Brent Baude <baude@redhat.com>
Co-authored-by: Paul Holzinger <45212748+Luap99@users.noreply.github.com>
Signed-off-by: Brent Baude <bbaude@redhat.com>
For consistency with linux/osx makefile
I have added the win-gvproxy target as
an alias of win-sshproxy
[NO NEW TESTS NEEDED]
Signed-off-by: Mario Loriedo <mario.loriedo@gmail.com>
- Sets default search location to always be the peer directory
+ make podman-remote now creates binaries that work the same as release zips
- Updates release zip to match expected search location
- Updates win installer to include the file if present in the repo cross-build
archive
[NO NEW TESTS NEEDED]
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
Lots of small special-case tweaks to logformatter because Macs
have to be different.
Also fix:
- Wrong slash in printf-newline, leading to gray [It] blocks
- echo gitCommit, so we can link to sources
- --image-path is deprecated
Signed-off-by: Ed Santiago <santiago@redhat.com>
Old way: edit commit message, add magic string, re-push
New way: repo maintainer adds a Github label to PR, hits Rerun
I've looked and looked for the history behind this script
and why I didn't do it this way in the first place. I've
concluded that I just never thought of it.
Signed-off-by: Ed Santiago <santiago@redhat.com>
It works (verified in #17831). Imperfectly, because Macs don't
have a useful awk, so we can't get timestamps. I will, in time,
look into adding the timestamp functionality to logformatter
itself.
Also imperfect because it's not linkifying: source code paths
are dead text. I need to fix that, too, in logformatter, by
having it recognize /Users/Mac paths.
Imperfect as it may be, it was quick, and I think could provide
good bang for the buck in these Mac-intensive debugging days.
Signed-off-by: Ed Santiago <santiago@redhat.com>
We used to use ignition to perform any customization required for podman
machine because our input was a generic FCOS image. Now that we are
building our own images, some of this customization can be migrated to
the Containerfile itself and be less of a burden in our code at boot up.
At the time of this PR, the Containerfile can be found at
https://github.com/baude/podman-machine-images/tree/main. It is only
present for a so-called daily image. There is little liklihood that
this would the final location for the Containerfile so consider it a
working version only.
Split WSL and rest apart in the e2e tests so we no longer ppull the
generic FCOS image for testing.
Note: the change to the pull image name is so PRs are not immediately
broken that are already in the queue.
[NO NEW TESTS REQUIRED]
Signed-off-by: Brent Baude <bbaude@redhat.com>
vfkit needs the com.apple.security.virtualization entitlement or it
wont' be able to start virtual machines:
Error: Error Domain=VZErrorDomain Code=2 Description="Invalid virtual machine configuration. The process doesn’t have the “com.apple.security.virtualization” entitlement." UserInfo={
NSLocalizedFailure = "Invalid virtual machine configuration.";
NSLocalizedFailureReason = "The process doesn\U2019t have the \U201ccom.apple.security.virtualization\U201d entitlement.";
}
This fixes https://github.com/containers/podman/issues/21842
Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
When there is no signing identity to pass to the macOS `codesign` tool,
we can use `-` instead as the identity to perform ad-hoc signing.
From `man codesign`:
> If identity is the single letter "-" (dash), ad-hoc signing is
> performed. Ad-hoc signing does not use an identity at all
This makes it easier to test the sign() code-path in package.sh as
we'll run the same code regardless of `NO_CODESIGN` being set or not.
Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
Source: https://github.com/containers/automation_images/pull/331#issuecomment-1966677347
Kludgy VM build, because rawhide rc6 kernel is still not stable.
I would like to merge this anyway, because the rawhide hang is
hurting us badly. (I am not guaranteeing that this fixes the hang).
Also: new Windows VM has WiX 3.14 (up from 3.11).
Signed-off-by: Ed Santiago <santiago@redhat.com>
The `Makefile` makes assumptions about git repo. clone details.
Because fixing the `Makefile` would likely be problematic, fix
the clone operation used on the Mac so that it matches what's used
on Linux.
Also, simplify git repo clone operations. At some point in the
distant past, a git identity was required for CI to function properly.
That has since changed, so remove the unnecessary complexities.
Signed-off-by: Chris Evich <cevich@redhat.com>
There's are sometimes conflicting purposes in podman CI:
1. Have the pipeline proceed in an orderly and progressive manner
to sometimes save resources and unnecessary runtime.
2. Complete all testing as quickly as possible in support of
human-developers moving on to other areas of work.
3. Ideally/hopefully, accomplish both items above safely,
preventing untested and/or unintended changes from merging.
This commit shifts the balance of these slightly more toward the second
point. It rearranges most CI tasks into essentially three buckets with
a single (new) aggregation task in-between the first two:
1. Build + Verify all the things
2. Test all the things
3. Minor/accessory things
The intention is that while we may unnecessarily spin some number of
testing tasks while others have failed, the best-case scenario
(everything passes) has a much shorter runtime. In other words, it
potentially wastes more resources in favor of a chance to have
developers wait less.
Signed-off-by: Chris Evich <cevich@redhat.com>
aardvark-dns, netavark and passt are installed on both debian and
fedora. cri-o-runc is not installed anymore and it just uses the normal
runc package on debian. containers-common is called
golang-github-containers-common on debian and also uses
golang-github-containers-image for further config files from c/image.
This makes sure we correctly log all the package versions on debian
correctly.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
According to https://go.dev/ref/mod#module-cache golang will leave
behind read-only bits. It was observed that these cause the find/rm
cleanup operations to fail fail with `permission denied` on thousands
of files. This is preventing cleanup of cruft from unrelated Cirrus-tasks
leading to unnecessary occupation of critical, local-ssd storage space.
Fix this by ensuring the user has at least write access to the entire
contents of `$TMPDIR` and `$HOME`, `ci` subdirs.
Signed-off-by: Chris Evich <cevich@redhat.com>
Ref:
https://github.com/containers/podman/pull/21570#issuecomment-1935709148
This tool is really intended/best used from git pre-commit on developers
local machines, to prevent addition of secret leaks. When used as a
check against PRs, it tends to turn up more false-positives than helpful
warnings. There's no good way to fix this, and maintaining the scanner
is an additional burden. Rather than continue struggling to improve/fix
the situation, let's just remove the tool entirely.
Signed-off-by: Chris Evich <cevich@redhat.com>
Fixes: #21574
The documentation for this image references a quay repository that
doesn't exist. It doesn't appear any of these files have been touched
since late 2022. Instead of updating the docs, let's just remove the
source. It's trivial to recreate if anybody actually needs it for
something.
Users needing to access remote podman can simply use the `podman` binary
present in existing images `quay.io/containers/podman`,
`quay.io/podman/stable`, etc.
Signed-off-by: Chris Evich <cevich@redhat.com>
