We need to update the import path over the variable overwrite after the
monorepo move.
Fixes: #27029
Fixes: a98154a9 ("Switch common, storage and image to monorepo.")
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
- Split the monolithic Build() function into focused helper functions.
- Add a TempFileManager for proper temporary file lifecycle management.
This refactoring is in preparation for implementing a local build API.
Signed-off-by: Jan Rodák <hony.com@seznam.cz>
This github action uses the certficate_generator.html from automation
repo to generate the badge for first time contributors and commits the
badge to the same repo which will be commented on the PR once its get
merged.
Signed-off-by: Mohan Boddu <mboddu@redhat.com>
There are endless of links pointing to this document we should not get
rid of that.
Also I find having two podman-quadlet with different numbers rather
confusing, while I understand the motivation I think for most users this
is not intuitive. Most people will not type the man section numbers.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
If the `Mount` option inside a quadlet is missing the source=... part,
the code today panics with the following message.
```
panic: runtime error: index out of range [0] with length 0
goroutine 1 [running]:
github.com/containers/podman/v5/pkg/systemd/quadlet.handleStorageSource(0xc000140de0?, 0x1d?, {0x0?, 0x1?}, 0x5634e39e233e?, 0x10?)
...
```
This commit checks for the missing source and returns an error to avoid the panic.
Signed-off-by: Jakob Meier <mail@jakobmeier.ch>
For ConfigMap and Secret kube play volumes podman populates the data
from the yaml. However the volume content is not controlled by us and we
can be tricked following a symlink to a file on the host instead.
Fixes: CVE-2025-9566
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
We already used `x` in tmpfiles, to ensure systemd did not remove
our directories or clean their contents (we really need them to
be left unmodified). However, systemd-tmpfiles lets us use more
than one directive per line, which means we can safely add an R!
(recursive remove on reboot) to these lines to ensure that, if
/tmp is not a tmpfs, systemd-tmpfiles will still remove our
temporary files, ensuring reboots are still accurately detected.
Signed-off-by: Matt Heon <mheon@redhat.com>
For podman build --squash is different from the buildah bud --squash
option, in podman it must use --squash-all.
Fixes: #26906
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
The `cleanupExecBundle` function was only meant to be called on a
locked container, as it does some state mutation operations. It
also has a timed wait (if the directory is busy and can't be
removed yet, give it a few milliseconds) in which it deliberately
yields the lock to not block the container for that time.
The `healthCheckExec()` function calls `cleanupExecBundle` out of
a `defer` block. This is after the `defer c.lock.Unlock()` so it
fires afterwards when the function returns, so we're normally
fine - the container is still locked when our defer runs. The
problem is that `healthCheckExec()` also unlocks the container
during the expensive exec operation, and can actually fail and
return while not holding the lock - meaning our `defer` can fire
on an unlocked container, leading to a potential double unlock
in `cleanupExecBundle`.
We could, potentially, re-lock the container after the exec
occurs, but we're actually waiting for a `select` to trigger to
end the function, so that's not a good solution. Instead, just
re-lock (if necessary) in the defer, before invoking
`cleanupExecBundle()`. The `defer c.lock.Unlock()` will fire
right after and unlock after us.
Fixes#26968
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
Without this the corss binaries will never get rebuild until the user
manually deletes them which is not very useful.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This reverts commit c45b27ffb0.
This commit was just wrong, local-cross depends on this target as it
calls a target like "bin/podman.cross.linux.amd64". Without this it is
just broken as there is no matching target.
$ make bin/podman.cross.linux.amd64
make: *** No rule to make target 'bin/podman.cross.linux.amd64'. Stop.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
