Before we ignored an entrypoint specified in an image, which lead to crashes when a user assumed the entrypoint would be used
Signed-off-by: Peter Hunt <pehunt@redhat.com>
The build_each_commit task builds each commit in a pull request
to verify that we have a (at least minimally) functional Podman
at every point, to aid in bisecting.
This task is, right now, extremely slow, taking around 1m40s to
build each commit - which quickly grows unreasonable as PRs grow
to 10+ commits.
Upping resources available to the task should decrease time spent
in CI and reduce the risk of hitting timeouts.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
The Commit test is blatantly wrong and testing buggy behavior. We
should be commiting the destination, if anything - and more
likely nothing at all.
When force-removing volumes, don't remove the volumes of
containers we need to remove. This can lead to a chicken and the
egg problem where the container removes the volume before we can.
When we re-add volume locks this could lead to deadlocks. I don't
really want to deal with this, and this doesn't seem a
particularly harmful quirk, so we'll let this slide until we get
a bug report.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
We were never using it. It's actually a potentially quite sizable
field (very expensive to decode an array of structs!). Removing
it should do no harm.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
The flag should be substantially more durable, and no longer
relies on the create artifact.
This should allow it to properly handle our new named volume
implementation.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
Now that named volumes must be explicitly enumerated rather than
passed in with all other volumes, we need to split normal and
named volumes up before passing them into libpod. This PR does
this.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
This swaps the previous handling (parse all volume mounts on the
container and look for ones that might refer to named volumes)
for the new, explicit named volume lists stored per-container.
It also deprecates force-removing volumes that are in use. I
don't know how we want to handle this yet, but leaving containers
that depend on a volume that no longer exists is definitely not
correct.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
This commit adds unzip and python3-yaml to the Dockerfile, which are
needed to run the tests in contrib/cirrus/packer within the libpod
container image.
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
When generating headers for search, we unconditionally
access element 0 of an array, and I saw this segfault in our CI.
There's no reason we have to do this, we're just going through it
to get field names with reflect, so just make a new copy of the
struct in question.
Also, move this code, which is only for CLI display, into
cmd/podman from libpod/image.
Signed-off-by: Matthew Heon <mheon@redhat.com>
When running as a user, the order of removal is database ID dependent.
This results in this test randomly failing. This condition was
very difficult to debug and the test was missing two critical checks.
One to confirm an expected error message was produced, and another
to verify the expected running container, remains running.
Fix the container and missing error-message checks, and vastly improve
the debug-ability of this test. Fixing the random-failures requires
intensive fixes in other areas, so that task will be left up to future
work.
Signed-off-by: Chris Evich <cevich@redhat.com>
We'd need to join multiple container's user namespaces, which is
not possible for now. The rootless single userns patches under
development by Giuseppe will fix this, but won't land in 1.2.x.
For now, disable --size as rootless.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
the remote client now can run the diff command to report changes,
modifications, and deletions in an image or container.
Signed-off-by: baude <bbaude@redhat.com>
Previously libpod CI was fairly straight-forward, run unit and
integration tests in a standard set of 3 VMs. Off on the side was a
single special case of running tests as an ordinary user. There is a
desire to stop using the PAPR system to support testing inside of a
container.
Since having two special cases potentially invites more
down the road, make provisions to handle them more gracefully. This
commit introduces an environment variable: ``$SPECIALMODE``. It's
value has the following meanings within the CI scripts:
Mode 'none': Nothing special, business as usual (default)
Mode 'rootless': Rootless testing
Mode 'in_podman': Build container, run integration tests in it.
This will make adding additional special-cases later easier, as well as
extending the special cases in a Matrix across multiple OS's.
Signed-off-by: Chris Evich <cevich@redhat.com>
simplify the rootless implementation to use a single user namespace
for all the running containers.
This makes the rootless implementation behave more like root Podman,
where each container is created in the host environment.
There are multiple advantages to it: 1) much simpler implementation as
there is only one namespace to join. 2) we can join namespaces owned
by different containers. 3) commands like ps won't be limited to what
container they can access as previously we either had access to the
storage from a new namespace or access to /proc when running from the
host. 4) rootless varlink works. 5) there are only two ways to enter
in a namespace, either by creating a new one if no containers are
running or joining the existing one from any container.
Containers created by older Podman versions must be restarted.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
