As indicated in #21849, loading the machine config can flake/fail with
an EOF JSON error indicating an incomplete file. Address the issue by
atomically writing the config. This way, it is not possible to load an
incomplete or partially written file. The lock can be acquired later on
to sync state.
[NO NEW TESTS NEEDED] as it's a hard-to-hit race.
Fixes: #21849
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Before, we required that the mount target exist and be a
directory for the 9p mount to successfully complete, which is not
how things are supposed to work - the user should be able to
mount anywhere. This should just be a simple mkdir, but with FCOS
the root directory is immutable so we need to undo that before we
can mkdir, and unfortunately we don't have a library that can do
chattr (and I didn't want to drag in a new dependency just for
that), so let's be gross and add it to the SSH command. I
aggressively dislike this but it does work.
[NO NEW TESTS NEEDED] Can worry about getting a more generic
mount test together for Machine later.
Signed-off-by: Matt Heon <mheon@redhat.com>
Matt found a bug where if a machine start did not run to completion, a
gvproxy was left around running. This gvproxy then subsequently stopped
the next attempt to start.
Signed-off-by: Brent Baude <bbaude@redhat.com>
[NO NEW TESTS NEEDED]
I'm tired of this flake, it's hitting us ~once/day. Root cause
still unknown.
Workaround: add a READY file to the http server, and run 'curl'
until we get it. Tested in #17831 for the last two weeks, flake
has not been seen even once since then.
Closes: #21649
Signed-off-by: Ed Santiago <santiago@redhat.com>
This is needed by podman desktop CI, to ensure their 'latest' testing
jobs continuously and exactly match the podman repository state +
related binaries.
Signed-off-by: Chris Evich <cevich@redhat.com>
vfkit needs the com.apple.security.virtualization entitlement or it
wont' be able to start virtual machines:
Error: Error Domain=VZErrorDomain Code=2 Description="Invalid virtual machine configuration. The process doesn’t have the “com.apple.security.virtualization” entitlement." UserInfo={
NSLocalizedFailure = "Invalid virtual machine configuration.";
NSLocalizedFailureReason = "The process doesn\U2019t have the \U201ccom.apple.security.virtualization\U201d entitlement.";
}
This fixes https://github.com/containers/podman/issues/21842
Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
When there is no signing identity to pass to the macOS `codesign` tool,
we can use `-` instead as the identity to perform ad-hoc signing.
From `man codesign`:
> If identity is the single letter "-" (dash), ad-hoc signing is
> performed. Ad-hoc signing does not use an identity at all
This makes it easier to test the sign() code-path in package.sh as
we'll run the same code regardless of `NO_CODESIGN` being set or not.
Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
Source: https://github.com/containers/automation_images/pull/331#issuecomment-1966677347
Kludgy VM build, because rawhide rc6 kernel is still not stable.
I would like to merge this anyway, because the rawhide hang is
hurting us badly. (I am not guaranteeing that this fixes the hang).
Also: new Windows VM has WiX 3.14 (up from 3.11).
Signed-off-by: Ed Santiago <santiago@redhat.com>
At least in all recent Fedora releases, SOURCE_DATE_EPOCH would be set. But the
build should work even if it not set, e.g. in copr builds on c8s. Add 'date +%s'
as a fallback.
From: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
This is a copy-paste of commit eaa62a52 in podman fedora dist-git.
[NO NEW TESTS NEEDED]
Signed-off-by: Lokesh Mandvekar <lsm5@redhat.com>
This config needs to be included for podman machine pulls to work and
set MACHINE_POLICY_JSON_DIR so that the file should be located next to
the binary.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
So that this file can be inculded in our windows/macos packages and also
by other packagers.
Right now the default policy is allow everything but we plan to add
signing in the future.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Allow users to set MACHINE_POLICY_JSON_DIR to the policy.json directory
which is used for podman machine pulls.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
The default policy file /etc/containers/policy.json location does not
work on windows and for packages that ship a default.
Now we search for the policy.json in the following overwrite locations:
macos and linux:
- ~/.config/containers/policy.json
- /etc/containers/policy.json
windows:
- %APPDATA%\containers\policy.json
Also it offers an additional DefaultPolicyJSONPath var that should be
overwritten at built time with the path of the file that is shipped by
packagers. Thile file is used when none of the overwrite paths exist.
[NO NEW TESTS NEEDED]
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
For a unix socket we should not trim this at all. The problem exists for
ssh only so make sure we only do this when a ssh URL is given.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Make the logic here much simpler, we already pass all the conection info
before so just use the parsed URL here.
Fixes#20943
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Machine only works on amd64 and arm64 but the compose command can still
be used without machine so split out the machine only logic to make it
build for all arches.
[NO NEW TESTS NEEDED]
Fixes#21757
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Too many tests use port 5000. Although there's a putative GetPortLock()
it seems to be unreliable, and we often get what appear to be collisions
between tests.
A proper solution would be to pseudorandomly allocate ports, verify
that they're not being reused, Sprintf() these everywhere that
needs them, and sprinkle some powdered cinnamon on top.
This is not that proper solution.
Fixes: #20655
Signed-off-by: Ed Santiago <santiago@redhat.com>
Use $SOURCE_DATE_EPOCH instead of the current date
Using the current timestamp makes every build slightly different, breaking build
reproducibility.
From: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
This is a copy-paste of commit a87dd6f50 in podman fedora dist-git.
[NO NEW TESTS NEEDED]
Signed-off-by: Lokesh Mandvekar <lsm5@redhat.com>
There is no reason for us to use v2 here, we use v3 already in most
places. The go-openapi dependency still uses v2 so we do not get rid of
it yet but it looks like they migrated upstream so once a new version
is released there and finds our way to us then we should get some nice
binary size reduction.
[NO NEW TESTS NEEDED]
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
The spec file had
%if %{defined rhel} && 0%{?rhel} < 10
%define gobuild(o:) ...
%endif
...
%if !%{defined gobuild}
BuildRequires: go-rpm-macros
%endif
The intent apparently was to use BR:go-rpm-macros where available, and define
%gobuild as a fallback where they are not available. This was unreliable,
because the package may have been installed already, and then %gobuild would be
defined when the srpm was being built, and then the srpm would NOT have the BR.
Instead, use the same condition to wrap the definition of %gobuild and the BR
lines to that the BR is always emitted when appropriate.
From: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
This is a copy-paste of commit be971d6fb in podman fedora dist-git.
[NO NEW TESTS NEEDED]
Signed-off-by: Lokesh Mandvekar <lsm5@redhat.com>
Currently if a user specifies a negative time to stop a container the
code ends up specifying the negative time to time.Duration which treats
it as 0. By settine the default to max.Unint32 we end up with a positive
number which indicates > 68 years which is probably close enough to
infinity for our use case.
Fixes: https://github.com/containers/podman/issues/21811
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
This change migrates to new QEMU stream netdev added in 7.2.0.
It also unifies how gvproxy is used in QEMU and AppleHV.
Signed-off-by: Arthur Sengileyev <arthur.sengileyev@gmail.com>
