The rest of the code has been using golang.org/x/* for the IsTerminal()
API for a long time, not github.com/mattn/go-isatty. It seems better to
stick to packages from the golang.org domain, whenever possible, and one
less dependency is always a good thing.
The modules were not cleaned up with 'make vendor' because 'go mod tidy'
was running into:
go: error loading go 1.16 module graph:
github.com/containers/image/v5@v5.23.1-0.20221015133641-1921a1993c67
requires
github.com/honeycombio/beeline-go@v1.9.0 requires
github.com/mattn/go-sqlite3@v2.0.3+incompatible: reading
github.com/mattn/go-sqlite3/go.mod at revision v2.0.3: unknown
revision v2.0.3
If reproducibility with go 1.16 is not needed:
go mod tidy -compat=1.17
Since go.mod already requires Go 1.17, the following commands were
manually run:
$ go mod tidy -compat=1.17
$ go mod vendor
$ go mod verify
Further modifications to go.sum were done manually based on the
complaints from postbuild.sh run by the CI.
[NO NEW TESTS NEEDED] as it's not a functional change.
Fixes: 85db895012 ("logging: new mode -l passthrough")
Signed-off-by: Debarshi Ray <rishi@fedoraproject.org>
Fix two bugs in `system df`:
1. The total size was calculated incorrectly as it was creating the sum
of all image sizes but did not consider that a) the same image may
be listed more than once (i.e., for each repo-tag pair), and that
b) images share layers.
The total size is now calculated directly in `libimage` by taking
multi-layer use into account.
2. The reclaimable size was calculated incorrectly. This number
indicates which data we can actually remove which means the total
size minus what containers use (i.e., the "unique" size of the image
in use by containers).
NOTE: The c/storage version is pinned back to the previous commit as it
is buggy. c/common already requires the buggy version, so use a
`replace` to force/pin.
Fixes: #16135
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Mainly to pull in fixes for #1382 which is impossible to reproduce
locally so let's optimistically mark it as fixed and reopen if needed
in the future.
Fixes: #1382
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
... to fix reads of compressed data by docker-archive:
> go get github.com/klauspost/pgzip@master
> make vendor
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
add the key used in newly initialized machines to the user's known_hosts file. This ensures that golang will be able to ssh into the machine using
podman-remote. Also, remove the /dev/null redirection for podman machine ssh's known_hosts file.
resolves#15347
Signed-off-by: Charlie Doern <cdoern@redhat.com>
Signed-off-by: cdoern <cbdoer23@g.holycross.edu>
Code from this dependency was replaced with a simple version. As a
result Podman's memory consumption has been reduced by ~10%.
[NO NEW TESTS NEEDED]
Signed-off-by: Mikhail Khachayants <tyler92@inbox.ru>
Add three new capabilities that would otherwise be reported as unknown.
Also add an e2e test making sure that `podman top` knows all
capabilities of the current kernel. I refrained from adding a system
test since this may blow up in gating tests.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Also, do a general cleanup of all the timeout code. Changes
include:
- Convert from int to *uint where possible. Timeouts cannot be
negative, hence the uint change; and a timeout of 0 is valid,
so we need a new way to detect that the user set a timeout
(hence, pointer).
- Change name in the database to avoid conflicts between new data
type and old one. This will cause timeouts set with 4.2.0 to be
lost, but considering nobody is using the feature at present
(and the lack of validation means we could have invalid,
negative timeouts in the DB) this feels safe.
- Ensure volume plugin timeouts can only be used with volumes
created using a plugin. Timeouts on the local driver are
nonsensical.
- Remove the existing test, as it did not use a volume plugin.
Write a new test that does.
The actual plumbing of the containers.conf timeout in is one line
in volume_api.go; the remainder are the above-described cleanups.
Signed-off-by: Matthew Heon <mheon@redhat.com>
implement new ssh interface into podman
this completely redesigns the entire functionality of podman image scp,
podman system connection add, and podman --remote. All references to golang.org/x/crypto/ssh
have been moved to common as have native ssh/scp execs and the new usage of the sftp package.
this PR adds a global flag, --ssh to podman which has two valid inputs `golang` and `native` where golang is the default.
Users should not notice any difference in their everyday workflows if they continue using the golang option. UNLESS they have been using an improperly verified ssh key, this will now fail. This is because podman was incorrectly using the
ssh callback method to IGNORE the ssh known hosts file which is very insecure and golang tells you not yo use this in production.
The native paths allows for immense flexibility, with a new containers.conf field `SSH_CONFIG` that specifies a specific ssh config file to be used in all operations. Else the users ~/.ssh/config file will be used.
podman --remote currently only uses the golang path, given its deep interconnection with dialing multiple clients and urls.
My goal after this PR is to go back and abstract the idea of podman --remote from golang's dialed clients, as it should not be so intrinsically connected. Overall, this is a v1 of a long process of offering native ssh, and one that covers some good ground with podman system connection add and podman image scp.
Signed-off-by: Charlie Doern <cdoern@redhat.com>
As the title says.
Vendor Buildah v1.27.0 into Podman in preparation for Buildah v4.2
[No New Tests Needed]
Signed-off-by: tomsweeneyredhat <tsweeney@redhat.com>
Improve the error message when attempting to remove an image that is in
use by an external/build container. Prior, the error only indicated
that the image was in use but did not aid in resolving the issue.
Fixes: #15006
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
- Allow creating sigstore signatures via --sign-by-sigstore-private-key .
Like existing --sign-by, it does not work remote (in this case
because we would have to copy the private key to the server).
- Allow passing a passphrase (which is mandatory for sigstore private keys)
via --sign-passphrase-file; if it is not provided, prompt interactively.
- Also, use that passphrase for --sign-by as well, allowing non-interactive
GPG use. (But --sign-passphrase-file can only be used with _one of_
--sign-by and --sign-by-sigstore-private-key.)
Note that unlike the existing code, (podman build) does not yet
implement sigstore (I'm not sure why it needs to, it seems not to
push images?) because Buildah does not expose the feature yet.
Also, (podman image sign) was not extended to support sigstore.
The test for this follows existing (podman image sign) tests
and doesn't work rootless; that could be improved by exposing
a registries.d override option.
The test for push is getting large; I didn't want to
start yet another registry container, but that would be an
alternative. In the future, Ginkgo's Ordered/BeforeAll
would allow starting a registry once and using it for two
tests.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
