25102 Commits

Author SHA1 Message Date
f1b8a61b1d Merge pull request #25462 from Luap99/healthcheck-error
report healthcheck start errors
2025-03-05 10:42:49 +00:00
c1e1f6d187 Merge pull request #25445 from lsm5/rpm-git-commit-sha
[skip-ci] Packit/RPM: Display upstream commit SHA in all rpm builds
2025-03-05 10:04:33 +00:00
27f42775ce Merge pull request #25471 from containers/renovate/github.com-containers-buildah-1.x
fix(deps): update module github.com/containers/buildah to v1.39.2
2025-03-05 08:11:22 +00:00
73cfef57b9 fix(deps): update module github.com/containers/buildah to v1.39.2
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-03-05 01:54:30 +00:00
9e397d8e4d podman-import only supports gz and tar
according to the conversation in #18193, we only support plain tar or
gzipped tar as input.

Fixes: #18193

Signed-off-by: Brent Baude <bbaude@redhat.com>
2025-03-04 14:11:46 -06:00
7f27a6661a Merge pull request #25451 from baude/issue25435
Update documentation for podman-machine-os-apply
2025-03-04 20:04:32 +00:00
7f4282a7e8 Update documentation for podman-machine-os-apply
A user reported that it was a surprise to receive an unsupported os
error when trying to use `podman machine os apply` with WSL machines.
This is intentional however the documentation needed to be updated to
explicitly state why (it is not based on FCOS).

Fixes: #25435

Signed-off-by: Brent Baude <bbaude@redhat.com>
2025-03-04 13:43:15 -06:00
c37a47ae52 Merge pull request #25431 from containers/renovate/github.com-digitalocean-go-qemu-digest
fix(deps): update github.com/digitalocean/go-qemu digest to ee9b066
2025-03-04 16:02:58 +00:00
47a743bba2 report healthcheck start errors
When starting a container consider healthcheck errors fatal. That way
user know when systemd-run failed to setup the timer to run the
healthcheck and we don't get into a state where the container is running
but not the healthcheck.

This also fixes the broken error reporting from the systemd-run exec, if
the binary could not be run the output was just empty leaving the users
with no idea what failed.

Fixes #25034

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
2025-03-04 16:48:50 +01:00
1c711103eb Merge pull request #25456 from containers/renovate/github.com-opencontainers-image-spec-1.x
fix(deps): update module github.com/opencontainers/image-spec to v1.1.1
2025-03-04 13:37:12 +00:00
4ac061f383 Merge pull request #25423 from Honny1/hc-kill-status
Add stopped status for HealthCheck
2025-03-04 13:17:58 +00:00
84c56243a2 [skip-ci] Packit/RPM: Display upstream commit SHA in all rpm builds
Packit's `pre-sync` action allows modification of spec file prior to
dist-git PR creation. This is already being done on containers-common
rpm to update c/storage and c/image verions tags in spec.

This commit will allow `podman version` to show `Git Commit: $SHA` for
copr as well as koji builds.

Ref: https://raw.githubusercontent.com/containers/common/refs/heads/main/.packit.yaml

Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
2025-03-04 17:50:44 +05:30
ebec104391 Merge pull request #25453 from flouthoc/kube-play-docs
docs,kube: add configMap as supported volume option
2025-03-03 20:56:55 +00:00
0a9a1b3748 Merge pull request #25430 from mtrmac/enforce-digests
Use UnparsedInstance.Manifest instead of ImageSource.GetManifest
2025-03-03 19:29:08 +00:00
30d8fcbc03 fix(deps): update module github.com/opencontainers/image-spec to v1.1.1
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-03-03 18:51:55 +00:00
3109feac2c Merge pull request #25448 from containers/renovate/github.com-shirou-gopsutil-v4-4.x
fix(deps): update module github.com/shirou/gopsutil/v4 to v4.25.2
2025-03-03 18:50:19 +00:00
1e9bfeb1f8 docs,kube: add configMap as supported volume option
Closes: https://github.com/containers/podman/issues/25436

[NO NEW TESTS NEEDED]
[NO TESTS NEEDED]

Signed-off-by: flouthoc <flouthoc.git@gmail.com>
2025-03-03 08:53:05 -08:00
511d912685 Add stopped status for HealthCheck
If the container is stopped and the ongoing HealthCheck has no chance to complete the check is evaluated as stopped.

Fixes: https://issues.redhat.com/browse/RUN-2520
Fixes: https://github.com/containers/podman/issues/25276

Signed-off-by: Jan Rodák <hony.com@seznam.cz>
2025-03-03 17:09:30 +01:00
d5acda2a37 fix(deps): update module github.com/shirou/gopsutil/v4 to v4.25.2
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-03-03 15:18:34 +00:00
2c3615a5ff Merge pull request #25447 from containers/renovate/pytest-8.x
chore(deps): update dependency pytest to v8.3.5
2025-03-03 15:16:33 +00:00
7bcd9c066e chore(deps): update dependency pytest to v8.3.5
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-03-03 14:49:43 +00:00
66427c7f09 Merge pull request #25432 from containers/renovate/github.com-vishvananda-netlink-digest
fix(deps): update github.com/vishvananda/netlink digest to 0af3215
2025-03-03 14:48:54 +00:00
b18dcccb28 add filter for container command
Signed-off-by: Oleksandr Krutko <alexander.krutko@gmail.com>

add a test, improve logic of command filter

Signed-off-by: Oleksandr Krutko <alexander.krutko@gmail.com>

improve a test

Signed-off-by: Oleksandr Krutko <alexander.krutko@gmail.com>

improve test, update a man page

Signed-off-by: Oleksandr Krutko <alexander.krutko@gmail.com>

improve man page, runtime functions

Signed-off-by: Oleksandr Krutko <alexander.krutko@gmail.com>

move ExternalContainerFilter type to entities package

Signed-off-by: Oleksandr Krutko <alexander.krutko@gmail.com>

add external filters

Signed-off-by: Oleksandr Krutko <alexander.krutko@gmail.com>

add tests for external containers

Signed-off-by: Oleksandr Krutko <alexander.krutko@gmail.com>

add test for ps external id, ancestor

Signed-off-by: Oleksandr Krutko <alexander.krutko@gmail.com>

add tests for ps external filters of since, before

Signed-off-by: Oleksandr Krutko <alexander.krutko@gmail.com>

fix linter warnings, add completion for the name filter

Signed-off-by: Oleksandr Krutko <alexander.krutko@gmail.com>

resolve conflicts

Signed-off-by: Oleksandr Krutko <alexander.krutko@gmail.com>

check command length, filter containers liist by external key

Signed-off-by: Oleksandr Krutko <alexander.krutko@gmail.com>

re-write test to remove buildah usage

Signed-off-by: Oleksandr Krutko <alexander.krutko@gmail.com>
2025-03-02 19:47:44 +02:00
efe8e165d8 Merge pull request #25417 from mheon/fix_25368
Fix volume quota assignment
2025-03-01 15:11:06 +00:00
67c876112b fix(deps): update github.com/vishvananda/netlink digest to 0af3215
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-03-01 05:51:37 +00:00
baf176058c fix(deps): update github.com/digitalocean/go-qemu digest to ee9b066
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-03-01 01:22:31 +00:00
b2d08f5b8f Use UnparsedInstance.Manifest instead of ImageSource.GetManifest
... to validate that the manifests match expected digests, if any.

Do this everywhere, even where we read local storage which is
mostly trusted, because it is cheap enough and being consistent
makes it less likely for the code to be copied into other
contexts shere the sources are not trusted.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
2025-02-28 20:14:11 +01:00
f8c702bd35 Rename copyImageBlobToFile to copyTrustedImageBlobToFile
... and add a warning.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
2025-02-28 20:02:10 +01:00
9737765e13 Merge pull request #25419 from containers/renovate/github.com-opencontainers-runtime-spec-1.x
fix(deps): update module github.com/opencontainers/runtime-spec to v1.2.1
2025-02-28 17:44:05 +00:00
9f8fdf6a40 Merge pull request #25420 from jankaluza/24030
Add "create" and "remove" events for secrets.
2025-02-28 17:08:22 +00:00
d91d42461e Merge pull request #25331 from jakecorrenti/machine-cp
Add `podman machine cp` subcommand
2025-02-28 16:38:15 +00:00
20523152f8 Add "create" and "remove" events for secrets.
This commit adds the "secret" Event type and emits
"create" and "remove" events for this Event type
when Secret is created or removed.

This can be used for example by podman interfaces to
view and manage secrets.

Fixes: #24030

Signed-off-by: Jan Kaluza <jkaluza@redhat.com>
2025-02-28 16:58:06 +01:00
42fb942a6f Introduce podman machine cp command
Add a new `podman machine cp` subcommand to allow users to copy files or
directories between a running Podman Machine and their host.

Tests cover the following cases:
- Copy a file from the host machine to the VM
- Copy a directory from the host machine to the VM
- Copy a file from the VM to the host machine
- Copy a directory from the VM to the host machine
- Copy a file to a directory
- Copy a directory to a file

Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
2025-02-28 09:56:46 -05:00
f71067d710 Create quota before _data dir for volumes
This resolves an ordering issue that prevented quotas from being
applied. XFS quotas are applied recursively, but only for
subdirectories created after the quota is applied; if we create
`_data` before the quota, and then use `_data` for all data in
the volume, the quota will never be used by the volume.

Also, add a test that volume quotas are working as designed using
an XFS formatted loop device in the system tests. This should
prevent any further regressions on basic quota functionality,
such as quotas being shared between volumes.

Fixes #25368

Signed-off-by: Matt Heon <mheon@redhat.com>
2025-02-28 09:52:55 -05:00
716eb000fa Bump to latest c/storage main
Includes a patch for quotas that is needed for this PR.

Signed-off-by: Matt Heon <mheon@redhat.com>
2025-02-28 09:07:37 -05:00
316a5dc643 fix(deps): update module github.com/opencontainers/runtime-spec to v1.2.1
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-02-28 02:10:42 +00:00
350429cc3c Merge pull request #25416 from Luap99/go-jose-v3
vendor: update github.com/go-jose/go-jose/v3 to v3.0.4
2025-02-27 17:53:13 +00:00
e44ba88686 Merge pull request #25385 from panekj/patch-1
Fix reporting summed image size for compat endpoint
2025-02-27 14:39:49 +00:00
92c5b08ebd vendor: update github.com/go-jose/go-jose/v3 to v3.0.4
Contains a fix for CVE-2025-27144

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
2025-02-27 15:36:41 +01:00
470669028f Merge pull request #25409 from containers/renovate/github.com-containers-buildah-1.x
fix(deps): update module github.com/containers/buildah to v1.39.1
2025-02-27 11:44:04 +00:00
6b93f3ee09 Merge pull request #25408 from kolyshkin/fix-pid-limit-minus-1
podman run: fix --pids-limit -1 wrt runc
2025-02-27 11:38:33 +00:00
76625edb87 Merge pull request #25411 from containers/renovate/github.com-containers-libhvee-0.x
fix(deps): update module github.com/containers/libhvee to v0.10.0
2025-02-27 10:56:34 +00:00
24af533082 fix(deps): update module github.com/containers/libhvee to v0.10.0
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-02-27 09:59:22 +00:00
e8fc1e679a fix(deps): update module github.com/containers/buildah to v1.39.1
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-02-27 02:33:29 +00:00
328c7260fc podman run: fix --pids-limit -1 wrt runc
Since commit c25cc7230 ("Allow a value of -1 to set unlimited pids
limit") podman converts the pids-limit value of -1 to 0 for OCI spec.

Unfortunately, different runtimes (crun and runc) treat pids.limit=0
differently, and the runtime-spec definition is somewhat vague
(see [1]).

Long term fix belongs to runtime-spec and then runtimes should follow
it.

Short term fix is do not convert -1 to 0 (as all runtimes treat -1 as
unlimited).

[NO NEW TESTS NEEDED] -- this is covered by test added in commit 553e53d44.

Fixes: https://issues.redhat.com/browse/RHEL-80973

[1]: https://github.com/opencontainers/runc/issues/4014#issuecomment-1888185352
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2025-02-26 17:10:12 -08:00
e264f58d0a Merge pull request #25403 from containers/renovate/go-github.com-go-jose-go-jose-v4-vulnerability
chore(deps): update module github.com/go-jose/go-jose/v4 to v4.0.5 [security]
2025-02-26 14:52:11 +00:00
45f5112777 Merge pull request #25399 from containers/renovate/github.com-vbauerster-mpb-v8-8.x
fix(deps): update module github.com/vbauerster/mpb/v8 to v8.9.3
2025-02-26 11:25:14 +00:00
bbc7f577aa chore(deps): update module github.com/go-jose/go-jose/v4 to v4.0.5 [security]
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-02-26 11:02:01 +00:00
223287cfe1 Merge pull request #25401 from containers/renovate/github.com-vbatts-git-validation-1.x
fix(deps): update module github.com/vbatts/git-validation to v1.2.2
2025-02-26 11:00:23 +00:00
6796562b50 fix(deps): update module github.com/vbatts/git-validation to v1.2.2
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-02-26 05:43:42 +00:00