The test pulls a new image each time instead of using the cache image.
This makes it much slower than it should be and can be flaky.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This commit adds new annotation called:
io.podman.annotations.pids-limit/$ctrname
This annotation is used to define the PIDsLimit for
a particular pod. It is also automatically defined
when newly added --pids-limit option is used.
Fixes: #24418
Signed-off-by: Jan Kaluza <jkaluza@redhat.com>
This commit adds new Retry= and RetryDelay= options
to quadlet.go which result in --retry and --retry-delay
usage in podman run, image and build commands.
This allows configuring the retry logic in the systemd
files.
Fixes: #25109
Signed-off-by: Jan Kaluza <jkaluza@redhat.com>
The alpine_nginx image is a static amd64 only image, just yesterday our
CI broke because the rosetta emulation stopped working. All these tests
should have no need to test emulation and should just run on native arch
here. This should also make them faster.
If we want to test emulation work it should be done in the
podman-machine-os tests instead.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
The --env is used to add new environment variable to container or
override the existing one. The --unsetenv is used to remove
the environment variable.
It is done by sharing "env" and "unsetenv" flags between both
"update" and "create" commands and later handling these flags
in the "update" command handler.
The list of environment variables to add/remove is stored
in newly added variables in the ContainerUpdateOptions.
The Container.Update API call is refactored to take
the ContainerUpdateOptions as an input to limit the number of its
arguments.
The Env and UnsetEnv lists are later handled using the envLib
package and the Container is updated.
The remote API is also extended to handle Env and EnvUnset.
Fixes: #24875
Signed-off-by: Jan Kaluza <jkaluza@redhat.com>
Add a new target in winmake.ps1 to run unit tests and use
use it in a new cirrus task.
Fix machine_windows_test.go to make it work in CI machine.
Add the `!windows` tag on tests files that fail on Windows.
Signed-off-by: Mario Loriedo <mario.loriedo@gmail.com>
Fix a bug where SSH-ing into a named Podman Machine (not podman-machine-default)
results in the user being put in the rootless shell if the default system
connection is rootless.
Resolves: https://github.com/containers/podman/issues/25332
Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
GoLang sets unset values to the default value of the type. This means that the destination of the log is an empty string and the count and size are set to 0. However, this means that size and count are unbounded, and this is not the default behavior.
Fixes: https://github.com/containers/podman/issues/25473
Fixes: https://issues.redhat.com/browse/RHEL-83262
Signed-off-by: Jan Rodák <hony.com@seznam.cz>
The oci layout code can handle a relative path find but all paths
returned by the code then will alos be relative, this can be bad and
result in bugs if something ever changes the cwd. The graphroot path we
pass should already be always absolute, so just add a sanity check here
given libartifact is planned to be moved as sperate lib and we cannot
assume anything about the path we will be given there.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Add a new option to allow for mounting artifacts in the container, the
syntax is added to the existing --mount option:
type=artifact,src=$artifactName,dest=/path[,digest=x][,title=x]
This works very similar to image mounts. The name is passed down into
the container config and then on each start we lookup the artifact and
the figure out which blobs to mount. There is no protaction against a
user removing the artifact while still being used in a container. When
the container is running the bind mounted files will stay there (as the
kernel keeps the mounts active even if the bind source was deleted).
On the next start it will fail to start as if it does not find the
artifact. The good thing is that this technically allows someone to
update the artifact with the new file by creating a new artifact with
the same name.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Use a helper struct to hold the mounts instead of returning 5+ return
values from the functions. This allows use to easily add more volume
types without having to update all return lines every time in the
future. And 5+ return values are really not readable anymore so this
should make it easier to follow the code.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Will safe a few memory copies, we must do that only after namesOrDigests
was populated so the len() does not report zero.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Instead of duplicating the NewArtifactStore() call in many places and
having to make sure we always pass the same path to it define it as
function on the runtime. This allows any caller with access to the
libpod runtime to create the store easily.
This is suing a sync.OnceValues() function so the store is initialized
only once and only when actually needed.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
The goal of this new interface is to expose the blob source path and the
target file name for a bind mount into a container.
libpod will call this and then take care of setting up the actual mounts
based on the returned paths.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Create a getArtifactAndImageSource() function so this one can be shared
with the new mount blob API that is added next to avoid code
duplication.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
The main point of this is so that I can share the same lookup logic
between Extract() and then the new blob path API I add next.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
With go 1.23 the maps package was added in the std library. The linter
now wants us to use that. However the API chnaged as it returns an
iterator, thus we also have to use slices.Collect().
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
A lot of types are moved and now deprecated which causes lint issues.
IDResponse is copied into podman because that has no new 1 to 1
replacement. For some fields that we set as part of the docker API I
added the nolint directive as these fields might be used by API
consumers.
For the other types it is mostly a 1 to 1 move.
ParseUintList is deprecated but we can use the same function from
github.com/containers/storage/pkg/parsers instead.
Note that it containers breaking changes to pkg/bindings which we should
not do generally but given the prevoius commit already has a unavoidable
breaking change we might as well fix the IDResponse issue once now.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Update to the latest c/{common,image} which inclused an update to
docker v28, that update is NOT backwards compatible so I had to fix a
few types.
NOTE: handler.ExecCreateConfig is used directly by the bindings. Thus
this is an API break for pkg/bindings. Including docker types as part of
any stable pkg/bindings API was a very bad idea.
I see no way to avoid that unless we never want to docker v28, which is
not easy as the update comes in from c/image and maybe other packages.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
When certain directories, like /tmp, get mounted over, FCOS/Linux can
act in unexpected ways. Added a sanity check for a list of directories
think might be impacted by this. Also, moved the volume parsing earlier
in the init process so we can catch problems before the expensive
decompression of machine images.
The following destinations are forbidden for volumes:
`/bin`, `/boot`, `/dev`, `/etc`, `/home`, `/proc`, `/root`, `/run`, `/sbin`, `/sys`, `/tmp`, `/usr`, and `/var`. Subdirectories
Fixes: #18230
Signed-off-by: Brent Baude <bbaude@redhat.com>
We can use the built-in `min` and `max` functions since Go 1.21.
Reference: https://go.dev/ref/spec#Min_and_max
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
When no containers could be started we need to make sure the unit status
reflects this. This means we should not send the READ=1 message and not
keep the service container running when we were unable to start any
container.
There is the question what should happen when only a subset was started.
For systemd we can only be either running or failed. And as podman kube
play also just keeps the partial started pods running I opted to let
systemd keep considering this as success.
Fixes#20667
Fixes https://issues.redhat.com/browse/RHEL-80471
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
The first condition is checking an error where no error is returned and
the second is checking even though err == nil was matched above already
so we know the error is not nil here.
Then also replace os.IsNotExist(err) with errors.Is(err, os.ErrNotExist)
as that should be used for new code.
This should not change behavior in any way.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
It is very bad practise to print to stdout in our backend code without
nay real context. The exact same error message is returned to the caller
and printed in the cli frontend hwere it should be.
Therefore drop this print as it is redundant.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
