7324 Commits

Author SHA1 Message Date
a218dfa2fd chore(deps): update dependency pytest to v8.4.1
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-06-18 08:48:28 +00:00
3ef33653ff compat: RepoTags and RepoDigest return [] and not null
Signed-off-by: Nicola Sella <nsella@redhat.com>
2025-06-17 15:43:05 +02:00
f235d47e1d Merge pull request #26308 from kolyshkin/blkdev
podman-update: fix block device handling
2025-06-16 14:46:05 +00:00
63bf454d66 Refactor podman export to work with the remote client
Previously, our approach was to inspect the volume, grab its
mountpoint, and tar that up, all in the CLI code. There's no
reason why that has to be in the CLI - if we move it into
Libpod, and add a REST endpoint to stream the tar, we can
enable it for the remote client as well.

As a bonus, previously, we could not properly handle volumes that
needed to be mounted. Now, we can mount the volume if necessary,
and as such export works with more types of volumes, including
volume drivers.

Signed-off-by: Matt Heon <mheon@redhat.com>
2025-06-14 07:42:38 -04:00
0ab8a3c576 artifact mount: add new name option to specify filename
An artifact without the title annoation just gets the digest as name
which is less than ideal. While it is a decent default to avoid
conflicts users would like to configure the name.

With the name=abc option we will call the file abc in case of a signle
artifact and otherwise we use abc-x where x is the layer index starting
at 0 to avoid conflicts.

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
2025-06-14 12:25:21 +02:00
21f34601eb artifact mount: improve single blob behavior
If the artifact has a single blob then use the dst path directly as
mount in case it does not exist.

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
2025-06-14 09:16:06 +02:00
1e53cacb08 Merge pull request #26232 from 2004joshua/buildxInspect
podman buildx inspect
2025-06-12 08:02:31 +00:00
2221ca9943 test: check podman update errors on non-block devices
This is a test case for an issue fixed by the previous commit.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2025-06-10 14:25:53 -07:00
2b6c477884 quadlet: handle generate environment params that inherit from host
Fixes: #26247

Signed-off-by: Volodymyr Pankin <volopank@gmail.com>
2025-06-10 20:50:13 +02:00
5ff067cdcd Merge pull request #26282 from alaviss/push-wotrztyxpmou
quadlet: generate RequiresMountsFor for Type=bind volumes
2025-06-10 09:02:32 +00:00
087a44a8e7 Update module github.com/go-swagger/go-swagger to v0.32.3
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-06-09 11:31:23 +00:00
2825521337 tmpfs: Add support for noatime mount option
'noatime' flag disables updates to file access times when files are read. This can reduce unnecessary writes and improve performance, especially in read-heavy workloads. Previously, tmpfs did not recognize the 'noatime' mount option and would return an error.

With this change, tmpfs now properly accepts and handles the 'noatime' option.

Fixes: #26102

Signed-off-by: Arthur Wu <lion811004@gmail.com>
2025-06-06 22:21:45 -04:00
18ecd2046b quadlet: generate RequiresMountsFor for Type=bind volumes
This makes sure that the volume source is available before the volume is
created.

Fixes: https://github.com/containers/podman/issues/26125

Signed-off-by: Hiếu Lê <leorize+oss@disroot.org>
2025-06-05 18:22:28 -05:00
465578d7ec test/buildah-bud: skip new build-with-two-outputs on remote
The --output option is not supported with remote.

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
2025-06-05 14:42:12 +02:00
4286f03b34 test/buildah-bud: update buildah-tests.diff
The buildah test code chnages so I had to manually resolve the conflict.

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
2025-06-05 13:39:22 +02:00
c1653bdc29 Build the dumpspec test helper for the buildah bud tests
Newer versions expect to use a new test helper.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
2025-06-05 12:19:59 +02:00
4871ad1dc6 Merge pull request #26278 from Luap99/quadlet-network-interface
quadlet: add InterfaceName option to network unit
2025-06-04 18:08:07 +00:00
a0f7db44e8 quadlet: add InterfaceName option to network unit
I noticed this was missing, its a simple 1 to 1 mapping to
--interface-name.

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
2025-06-04 16:46:39 +02:00
badf6b8b17 Merge pull request #26111 from ninja-quokka/restful_art
feat: Add OCI Artifact support to the Podman REST API
2025-06-04 14:34:52 +00:00
4030ee62c8 Merge pull request #26221 from Luap99/resolv
libpod: don't force only network search domains
2025-06-04 08:56:08 +00:00
99cfdc04db feat: Add OCI Artifact support to the Podman REST API
This patch adds a new endpoint to the REST API called "artifacts" with
the following methods:
- Add
- Extract
- Inspect
- List
- Pull
- Push
- Remove

This API will be utilised by the Podman bindings to add OCI Artifact
support to our remote clients.

Jira: https://issues.redhat.com/browse/RUN-2711

Signed-off-by: Lewis Roy <lewis@redhat.com>
2025-06-04 15:49:34 +10:00
6a39f37845 Merge pull request #26216 from flouthoc/reuse-excludes
build: reuse `parse.ContainerIgnoreFile` from buildah
2025-06-03 23:59:19 +00:00
eadded9154 build: reuse parse.ContainerIgnoreFile from buildah
podman's logic to parse excludes from `--ignorefile` is not consistent
with buildah, use code directly from imagebuilder.

Closes: https://github.com/containers/podman/issues/25746

Signed-off-by: flouthoc <flouthoc.git@gmail.com>
2025-06-03 12:03:06 -07:00
87450b8f8b podman buildx inspect support
Added support for "podman buildx inspect". The goal was to replicate the default output from "docker buildx inspect" as
much as possible but a problem encountered was podman not supporting BuildKit. To replicate the output I resorted to
printing the statements with default values but only changed the driver name to use podman instead of docker. Since
there was no buildkit, gave it the value of "N/A" to depict it's not supported. For Platforms, I resorted to using
the emulated architectures found on your linux system + the host architecture of your local machine or podman server. The
bootstrap flag was also added but is considered a NOP since there is no buildkit container to run before running inspect.
An extra field was added to the HostInfo struct so when you run "podman info" the emulated architectures will show, this
was used so you can grab the information from the podman engine.

Fixes #13014

Signed-off-by: Joshua Arrevillaga <2004jarrevillaga@gmail.com>
2025-06-03 11:07:08 -04:00
0719acbe7f chore(deps): update dependency pytest to v8.4.0
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-06-02 18:27:42 +00:00
89b8e23385 test/system: check --dns-option behavior
We should fully replace the options, now that we vendored the
libnetwork/resolvconf changes into podman this just works.

Fixes: #22399

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
2025-06-02 19:02:13 +02:00
75dc508e98 libpod: don't force only network search domains
We like to append the host servers in that case so that we do not only
force dns.podman.

Fixes: #24713
Fixes: https://issues.redhat.com/browse/RHEL-83787

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
2025-06-02 18:45:11 +02:00
27593b9e33 Merge pull request #26225 from Luap99/df-panic
system df --verbose don't crash
2025-05-30 22:04:53 +00:00
3b91669cd4 Merge pull request #26235 from mheon/fix_26101
Allow not specifying type with --mount flag
2025-05-30 20:50:20 +00:00
3837339e0e Allow not specifying type with --mount flag
Docker does not require `--type` to be passed, defaulting to
`type=volume` in cases where it's not passed. Do the same in our
volume parsing, and add a test to verify this works as expected.

Fixes #26101

Signed-off-by: Matthew Heon <matthew.heon@pm.me>
2025-05-30 14:47:13 -04:00
5e4adb661c Merge pull request #26174 from fpoirotte/kube_cpuset_cgroup
Support --cpuset-cpus and --cpuset-mems in podman kube play
2025-05-30 14:37:57 +00:00
db53f6240d e2e: ref full URL for aarch64 criu precheckpoint issues
Followup on #26234.

Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
2025-05-30 08:50:55 -04:00
398594ea5f Merge pull request #26237 from p12tic/fix-log-tag-priority
specgen/generate: Fix log tag priority
2025-05-30 12:43:04 +00:00
39692c5648 Merge pull request #26230 from jankaluza/26078
Handle "Entrypoint":[] in compat containers/create API.
2025-05-30 10:38:54 +00:00
a17f8afbbc specgen/generate: Fix log tag priority
Currently setting log_tag from containers.conf will override any value
set via --log-opt tag=value option. This commit fixes this.

Fixes: https://github.com/containers/podman/issues/26236

Signed-off-by: Povilas Kanapickas <povilas@radix.lt>
2025-05-30 01:37:21 +03:00
5e7c0a66ce e2e: skip pre-checkpoint tests on aarch64
Per Adrian Reber, the aarch64 kernel doesn't support the soft dirty bit
and support isn't expected anytime soon.

Ref: https://github.com/checkpoint-restore/criu/issues/2676

Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
2025-05-29 12:25:37 -04:00
3a981915f0 Handle "Entrypoint":[] in compat containers/create API.
When using `docker compose run --entrypoint ''`, docker sends
`"Entrypoint": []` in the JSON. Podman currently treats that
as `nil` and fallback to default image entrypoint.

This is not what is expected by the user. Instead, it should
not use any entrypoint.

This commit fixes it by properly propagating the `[]` downstream
to libpod.

Fixes: #26078

Signed-off-by: Jan Kaluza <jkaluza@redhat.com>
2025-05-29 08:45:35 +02:00
23ded8bcee Merge pull request #26207 from giuseppe/fix-flake-kmsg
test: fix race conditions in /dev/kmsg tests
2025-05-28 21:14:39 +00:00
415668c802 system df --verbose don't crash
When a container has no image, i.e. using rootfs like our new infra
containers then the Image function crashed trying to show the first 12
image ID chars. If there is no image simply show nothing there.

Fixes: #26224

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
2025-05-28 20:50:17 +02:00
dad0b294d4 Merge pull request #26217 from mheon/fix_26168
Fix SQLite volume lookup queries matching too liberally
2025-05-28 18:42:06 +00:00
b276e7ef21 Fix SQLite volume lookup queries matching too liberally
Specifically, this does two things:

1. Turn on case-sensitive LIKE queries. Technically, this is not
specific to volumes, as it will also affect container and pod
lookups - but there, it only affects IDs. So `podman rm abc123`
will not be the same as `podman rm ABC123` but I don't think
anyone was manually entering uppercase SHA256 hash IDs so it
shouldn't matter.

2. Escape the _ and % characters in volume lookup queries. These
are SQLite wildcards, and meant that `podman volume rm test_1`
would also match `podman volume rm testa2` (or any character in
place of the underscore). This isn't done with pod and container
lookups, but again those just use LIKE for IDs - so technically
`podman volume rm abc_123` probably works and removes containers
with an ID matching that pattern... I don't think that matters
though.

Fixes #26168

Signed-off-by: Matthew Heon <matthew.heon@pm.me>
2025-05-28 13:10:10 -04:00
a484f78c44 Merge pull request #26209 from jankaluza/26190
Recreate the Rootfs in mountStorage for infra-container.
2025-05-28 14:35:04 +00:00
e0b08fcfa3 Recreate the Rootfs in mountStorage for infra-container.
After the system reboot, the Rootfs for infra-container can
be removed. This can happen when it is stored on tmpfs.

This commit recreates the infra-container directory which is
used for Rootfs for infra-container before mounting it.

Fixes: #26190

Signed-off-by: Jan Kaluza <jkaluza@redhat.com>
2025-05-27 16:31:44 +02:00
d667e2fe51 Merge pull request #26202 from Luap99/compat-base-hosts
compat API: respect base_hosts_file containers.conf option
2025-05-27 13:40:23 +00:00
4120115c86 Merge pull request #26193 from refi64/container-graph-errors
libpod: Don't exclude running deps from the container graph inputs
2025-05-27 13:15:36 +00:00
ca20c42a52 test: fix race conditions in /dev/kmsg tests
The e2e tests for device access involving /dev/kmsg could fail
intermittently.  This was due to a race condition where concurrent
writes to the kernel log buffer by other processes, while the test
was reading from /dev/kmsg, could cause the read to fail with ESPIPE.

Fixes: https://github.com/containers/podman/issues/23882

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2025-05-27 15:12:14 +02:00
d5520ded64 chore(deps): update dependency setuptools to ~=80.9.0
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-05-27 04:00:34 +00:00
051be9b2d2 libpod: Don't exclude running deps from the container graph inputs
getAllDependencies() skips recursing into dependencies that are already
running, but BuildContainerGraph() expects a *complete* set of inputs
and returns an error if any are missing. Thus, podman will fail to start
a container with already-running direct dependencies that, in turn, have
their own dependencies.

None of the other callers of BuildContainerGraph() omit anything from
their list of containers, so follow the same approach here, and just
let startNode figure out if a start is actually needed.

Fixes: containers/podman-compose#921

Signed-off-by: Ryan Gonzalez <ryan.gonzalez@collabora.com>
2025-05-26 20:29:53 -05:00
66bf98e27c compat API: respect base_hosts_file containers.conf option
Hard coding to none without checking containers.conf is not a good idea
as users who liked the previous behavior and the podman default behavior
of keeping the hosts entries can no longer do that.

With this commit they can set base_hosts_file = "/etc/hosts" to restore
the previous behavior.

Fixes: https://issues.redhat.com/browse/RHEL-92995

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
2025-05-26 16:16:10 +02:00
9d4267c8f2 Disable the tests for rootless pods
Access to the cpuset cgroup controller is needed to run these tests.
Configuration on the CI workers prevents access to this controller
for rootless pods.

Signed-off-by: François Poirotte <clicky@erebot.net>
2025-05-22 11:45:01 +02:00