22392 Commits

Author SHA1 Message Date
e1f49529fa Merge pull request #22229 from giuseppe/fix-idmap-existing-volume
libpod: use original IDs if idmap is provided
2024-04-01 19:08:29 +00:00
d81319eb71 libpod: use original IDs if idmap is provided
if the volume is mounted with "idmap", there should not be any mapping
using the user namespace mappings since this is done at runtime using
the "idmap" kernel feature.

Closes: https://github.com/containers/podman/issues/22228

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2024-03-31 23:46:17 +02:00
45b809c063 Merge pull request #22201 from cgwalters/doc-man
docs/podman-login: Give an example of writing the persistent path
2024-03-29 11:16:19 +00:00
fb046fc24a Merge pull request #22202 from edsantiago/new-vms-pasta-0326
CI: Bump VMs to 2024-03-28
2024-03-28 21:01:04 +00:00
07a03c453b Merge pull request #22205 from n1hility/fix-action
[CI:DOCS] Switch back to checking out the same branch the action script runs in
2024-03-28 19:07:33 +00:00
f3434298df Switch back to checking out the same branch the action script runs in
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
2024-03-28 13:30:03 -05:00
f7b9168649 docs/podman-login: Give an example of writing the persistent path
The way `podman login` works by default is fundamentally different
from `docker login` and this causes a lot of confusion, and I
have seen multiple bad suggestions for ways to address this
such as setting `XDG_RUNTIME_DIR`.

Let's document up front how to write to the persistent path.

Signed-off-by: Colin Walters <walters@verbum.org>
2024-03-28 13:04:47 -04:00
aab4674feb CI: Bump VMs to 2024-03-28
Emergency update to get pasta 03-26. Also gives us crun 1.14.4.

One unexplained difference: fc39 and rawhide now create:

    /run/log/journal/SOMETHING/system.journal

...and the SOMETHING is o-rwx. This triggers journalctl to spit out a warning:

    Hint: You are currently not seeing messages from the system.
          Users in groups 'adm', 'systemd-journal', 'wheel' can see all messages.
          Pass -q to turn off this notice.

...which in turn causes ExitCleanly() to fail.

It is not clear who/what is creating this journal directory, or
why it allofasudden started just now. Workaround is to add -q
to journalctl in one test.

One more difference, another test now requires SYSLOG capability.

VM package info:
    https://github.com/containers/automation_images/pull/342

Signed-off-by: Ed Santiago <santiago@redhat.com>
2024-03-28 08:35:29 -06:00
4c2a44ef9b [skip-ci] Update dawidd6/action-send-mail action to v3.12.0
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-03-27 23:22:18 +00:00
8ec8214525 Merge pull request #22189 from containers/renovate/github.com-openshift-imagebuilder-1.x
fix(deps): update module github.com/openshift/imagebuilder to v1.2.7
2024-03-27 23:21:23 +00:00
a1a5bd3bd5 Merge pull request #21493 from mporrato/fix-21211
kube play: always pull when both imagePullPolicy and tag are missing
2024-03-27 21:58:45 +00:00
fc18dbad70 fix(deps): update module github.com/openshift/imagebuilder to v1.2.7
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-03-27 21:17:03 +00:00
71eef631c8 Merge pull request #22163 from baude/docker26
Fix reference to deprecated types.Info
2024-03-27 21:14:29 +00:00
a77f705dcb Merge pull request #21991 from l0rd/logformatter-for-win
CI: Run logformatter for podman_machine_windows_task
2024-03-27 13:48:58 +00:00
f84a22cf3d Merge pull request #22181 from baude/addmario
[CI:DOCS]Add Mario to reviewers list
2024-03-27 13:32:28 +00:00
ffb8b2dc36 Fix reference to deprecated types.Info
upstream docker folks deprecated types.Info in favor of system.Info.

fixes #22132 and #22117

Signed-off-by: Brent Baude <bbaude@redhat.com>
2024-03-27 08:17:10 -05:00
5758376705 Merge pull request #22182 from cfergeau/vfkit-debug
applehv: Print vfkit logs in --log-level debug
2024-03-27 13:13:15 +00:00
c25d114e1b Merge pull request #22136 from lsm5/packit-c10s
[skip-ci] Packit: Enable CentOS Stream 10 update job
2024-03-27 12:26:29 +00:00
c0e32e93c0 Use logformatter for podman_machine_windows_task
https://github.com/containers/podman/issues/21760

Signed-off-by: Mario Loriedo <mario.loriedo@gmail.com>
2024-03-27 12:59:49 +01:00
d305e70af8 applehv: Print vfkit logs in --log-level debug
There has been various issues with vfkit exiting with
"Error: vfkit exited unexpectedly with exit code 1"

Among other reasons, this can be caused by vfkit being
built without the com.apple.security.virtualization
entitlement, and this can also happen when running
vfkit.x86_64 on Apple silicon hardware.

At the moment, the vfkit logs are not available, so there is no easy way
to know what's happening. This PR redirects vfkit stdout/stderr to
podman's log when --log-level debug is used.

Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
2024-03-27 09:59:31 +01:00
23bf357fc3 [CI:DOCS]Add Mario to reviewers list
Signed-off-by: Brent Baude <bbaude@redhat.com>
2024-03-26 15:59:31 -05:00
52a64aa9dc Merge pull request #22073 from cevich/add_golang121_warning
[CI:BUILD] Add golang 1.21 update warning
2024-03-26 19:58:10 +00:00
73fdbf2fcc Merge pull request #22180 from cevich/maintenance_ci_note
[CI:DOCS] Document CI-maintenance job addition
2024-03-26 19:47:09 +00:00
c8e1e0034a [CI:DOCS] Document CI-maintenance job addition
This process is easy/quick to do but critically important.  It ensures
that CI will always remain available in the event a CVE (or otherwise)
backport is required.  These jobs are all actively monitored daily, and
their execution ensures the CI VM images are forever preserved.

Signed-off-by: Chris Evich <cevich@redhat.com>
2024-03-26 15:16:28 -04:00
48b8d7f8be Add golang 1.21 update warning
This is needed on the off-chance that some tool or a human suggests
updating the minimum version to 1.21 or later. Since doing so would
cause Fedora and Debian to start behaving differently WRT builds.

Signed-off-by: Chris Evich <cevich@redhat.com>
2024-03-26 14:40:57 -04:00
25ebf10967 Merge pull request #22177 from mheon/fix_22172
Add rootless network command to `podman info`
2024-03-26 17:15:53 +00:00
5c39ddca5d Merge pull request #22140 from baude/hypervrmf
hyperv: fix machine rm -r
2024-03-26 14:03:24 +00:00
b56331cd2f Add rootless network command to podman info
Useful to tell whether containers are being made with pasta or
slirp4netns by default. Info is bloated enough already that I
don't really have concerns about shoving more into it.

Fixes #22172

Signed-off-by: Matt Heon <mheon@redhat.com>
2024-03-26 09:56:48 -04:00
83903eb107 Merge pull request #22160 from ubergeek42/fix-stderr-parsing
Properly parse stderr when updating container status
2024-03-26 13:08:22 +00:00
ecdc3d255b Merge pull request #22161 from baude/hypervrequireadmin
hyperv: error if not admin
2024-03-26 12:27:09 +00:00
fdc4901e7d Merge pull request #22154 from dfr/cgroups-unsupported
libpod: don't warn about cgroupsv1 on FreeBSD
2024-03-26 12:10:54 +00:00
e64d81481d Merge pull request #22124 from diplane/annotations
Add support for annotations
2024-03-25 18:37:24 +00:00
5f5cd60a89 Merge pull request #22106 from containers/renovate/common-image-and-storage-deps
fix(deps): update github.com/containers/common digest to bc5f97c
2024-03-25 18:29:11 +00:00
099978ebca Merge pull request #22150 from n1hility/pref-builtin-ssh
Use built-in ssh impl for all non-pty operations
2024-03-25 18:18:11 +00:00
80e2bc6966 libpod: don't warn about cgroupsv1 on FreeBSD
This factors out the check for cgroupsv2 unified mode into a
platform-specific file and stops podman from generating a (harmless)
warning every time it is run on FreeBSD.

[NO NEW TESTS NEEDED]

Signed-off-by: Doug Rabson <dfr@rabson.org>
2024-03-25 17:02:03 +00:00
c62c74970f hyperv: error if not admin
creating vsocks in windows requires admin privileges.  there could be
some workarounds made in the future,but the general deal has
always been, you need to be admin.  lets enforce this with an error
until those work-arounds can be implemented.

Signed-off-by: Brent Baude <bbaude@redhat.com>
2024-03-25 10:47:57 -05:00
83671f95d8 Properly parse stderr when updating container status
I believe the previous code meant to use cmd.Run instead of cmd.Start.
The issue is that cmd.Start returns before the command has finished
executing, so the conditional body checking for the stderr of the
command never gets executed.

Raise the cmd.Start up into it's own conditional, which is checking for
whether the process could be started. Then we consume stderr, check for
some specific strings in the output, and then finally continue on with
the rest of the code.

Signed-off-by: Keith Johnson <kj@ubergeek42.com>
2024-03-25 10:15:23 -04:00
492f0b7c5f [skip-ci] Packit: specify fedora-latest in propose-downstream
The packit alias `fedora-latest` points to the latest branched version
(regardless if released or not).

So, this configuration should work without issues through Fedora 40
release and should account for all branches until Fedora 41 release.

Ref: https://packit.dev/docs/configuration#aliases

Signed-off-by: Lokesh Mandvekar <lsm5@redhat.com>
2024-03-25 15:50:06 +05:30
11415b3e74 Use built-in ssh impl for all non-pty operations
Windows is not guaranteed to have the SSH feature installed, so prefer the use
of the built-in ssh client for all operations other than podman machine ssh,
which requires terminal pty logic. This restores previous behavior in 4.x.

Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
2024-03-24 21:25:22 -05:00
2aad385b51 Merge pull request #22131 from availhang/main
chore: remove repetitive words
2024-03-22 20:24:16 +00:00
4248d2f3e5 Merge pull request #22135 from Luap99/release-notes-5.0-env
[CI:DOCS] 5.0 release note fix typo in cgroupv1 env var
2024-03-22 19:50:56 +00:00
d42a400373 Merge pull request #22133 from Luap99/remote-buildah-isolation-client
fix remote build isolation on client side
2024-03-22 19:48:14 +00:00
83fe867c14 Add support for annotations
Fix following issues:
- create container API handler ignores Annotations from HostConfig
- inspect container API handler does not provide Annotations as
  part of HostConfig

Signed-off-by: diplane <diplane3d@gmail.com>
2024-03-22 19:38:22 +00:00
a6ffb5656f hyperv: fix machine rm -r
this pr fixes two hyperv bugs.  previous podman 5 versions of hyperv
failed to actually remove the vm from hyperv when machine rm -f was
called.

also fixes an annoying bug where removal of the hyperv ignition entries
were failing because this can only be done (with the current api) when
the vm is running.  new api in latest libhvee fixes this.

Signed-off-by: Brent Baude <bbaude@redhat.com>
2024-03-22 11:09:17 -05:00
f632663f26 [skip-ci] Packit: Enable CentOS Stream 10 update job
Packit now has recently added support to enable downstream PR updates to
CentOS Stream packages.
Ref:
https://packit.dev/docs/configuration/upstream/propose_downstream#syncing-the-release-to-centos-stream

CentOS Stream support is still in its early stages but this change
should be safe to add to upstream packit config.

Whenever there's a new Podman release, the rpm maintainer would need to
run `packit propose-downstream` using the packit CLI (not github
comment) to actually create the downstream update PR.

Signed-off-by: Lokesh Mandvekar <lsm5@redhat.com>
2024-03-22 20:31:01 +05:30
3c611c47e4 5.0 release note fix typo in cgroupv1 env var
The cgroupv1 warning uses PODMAN_IGNORE_CGROUPSV1_WARNING in the code
while the text says PODMAN_CGROUPSV1_WARNING.

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
2024-03-22 15:09:02 +01:00
4f76c7a0c7 Merge pull request #22120 from garthy/dont_stage_tarfile
Dont save remote build context in temp file but stream and extract
2024-03-22 13:34:11 +00:00
3a9968ef81 fix remote build isolation on client side
Follow up to 493179be45 which only fixed the issue on the server despite
me trying to fix it on the client as well, with this change here we
always correctly unset the default on the remote client as the
root/rootless status will be wrong.

This means it is enough for users to either have a new server or client
with the bug fix which should make the update process easier.

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
2024-03-22 11:49:47 +01:00
17aa152459 chore: remove repetitive words
Signed-off-by: availhang <mayangang@outlook.com>
2024-03-22 15:11:29 +08:00
b2d0b92db2 Dont save remote context in temp file but stream and extract
Signed-off-by: Garth Bushell <garth@garthy.com>
2024-03-21 15:39:01 +00:00