It is pretty complicated to display the secret on the host, but is
not really secured. This patch makes it easier to examine the secret.
Partial fix for https://github.com/containers/podman/issues/18667
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
- build dnsname the old way otherwise it fails on koji
- use the binary path for go-md2man for successful ELN builds
[NO NEW TESTS NEEDED]
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
[October 2022] While mucking around in this test, I noticed that
a test was being unnecessarily skipped in rootless. Reason was,
test was creating a /etc/systemd file, which it really shouldn't
have been doing anyway.
[Flash forward to June 2023] Ugh. This got complicated, so I
abandoned it. But it's flaking in CI, so one focus-push later,
here's everything that this PR fixes:
- create systemd unit file in proper (safe) path.
- create it *with proper podman options!!!* As in, the
whole --this --that --root --tmpdir options! Sheesh!
- use a pseudorandom service name, not just "redis"
- invoke systemctl/journalctl with --system or --user
as appropriate.
- remove unnecessary "bash -c"
- remove SkipIfRootless, but add SkipIfRemote
Signed-off-by: Ed Santiago <santiago@redhat.com>
This adds define.BindOptions to declare the mount options for bind-like
mounts (nullfs on FreeBSD). Note: this mirrors identical declarations in
buildah and it may be preferable to use buildah's copies throughout
podman.
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
At various points the pasta bats tests need to know the name of the
interface that pasta will use by default, and the host addresses it will
use by default. Currently we use the pre-existing helper functions
ether_get_name and ipv[46]_get_addr_global to retreive that.
However, those just pick the first non-loopback interface or address, which
may not be the one that pasta uses if there are multiple connected host
interfaces.
Replace those helpers with local ones which examine the routing table to
more closely match pasta's internal logic about which interface to select.
This allows the tests to run successfully on a host with multiple
interfaces.
Closes: https://github.com/containers/podman/issues/19007
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
There was a huge cut and paste of mount options which were not constent
in parsing tmpfs, bind and volume mounts. Consolidated into a single
function to guarantee all parse the same.
Fixes: https://github.com/containers/podman/issues/18995
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
This is limited to images that don't depend on complex cgroup or capability
setups but does cover enough functionality to be useful.
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
This commit was automatically cherry-picked
by buildah-vendor-treadmill v0.3
from the buildah vendor treadmill PR, #13808
Changes since 2023-05-01:
- skip a new test, it fails in remote
- skip encrypted-FROM test, broken by buildah PR 4746
Signed-off-by: Ed Santiago <santiago@redhat.com>
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
After[1] c/image no longer prints "Storing signatures" so we should
not check for it.
[1] https://github.com/containers/image/pull/2001
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Sometimes this tests flakes but in the CI log I see all expected lines
printed but still for some reason the matcher fails.
Right now it will truncate the array so it is not possible to verify
what the matcher sees. Change this be removing the truncate limit for
this specific test only.
see #18501
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
we were silently ignoring --device-cgroup-rule in rootless mode. Make
sure an error is returned if the user tries to use it.
Closes: https://github.com/containers/podman/issues/18698
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Handle more TOCTOUs operating on listed images. Also pull in
containers/common/pull/1520 and containers/common/pull/1522 which do the
same on the internal layer tree.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2216700
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Add new _prefetch helper for fetching and caching images.
Use it in a few places, most importantly 120-load.bats
where our teardown() now runs 'rmi -af'.
Reason: in #17911 we discovered that podman save + load do
not actually preserve the image: annotations and other metadata
are lost. This means that a test which runs after 120-load.bats
is operating on a different $IMAGE than a test which runs before.
This is not a problem except in very obscure corner cases, like
one fixed in #18542, but it seems irresponsible to just handwave
that issue away
The _prefetch function uses skopeo for fetching and saving
images, because skopeo preserves digests and metadata.
[Side note for posterity: I tried amending basic_setup() to
always rmi -a + prefetch, instead of the current images -a +
rmi unwanted ones. That slowed down system tests by 10 minutes,
presumably because loads are much slower than queries. I reverted
that change and am documenting it as a reminder of why we do things
the way we do.]
Signed-off-by: Ed Santiago <santiago@redhat.com>
Ensures that for each hypervisor implementation, their `config.go` file
deals with implementing the `VirtProvider` interface while the
`machine.go` file is for implementing the `VM` interface.
Moves the `Virtualization` type into a common file and
created wrappers for the individual hypervisors. Allows for shared
functions that are exactly the same while providing the flexibility to
create hypervisor-specific implementations of the functions.
[NO NEW TESTS NEEDED]
Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
Somehow my error message in top was never printed for the compat API,
the libpod one using the same code worked fine. Turns out the compat one
is using this buffered writter instaed but never made sure to flush it
before closing the connection.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Wait before sending status code 200 for the first top call and if that
fails return a proper error code.
This was leading to some confusion in [1] because podman just reported
200 but did not wirte anything back.
[1] https://bugzilla.redhat.com/show_bug.cgi?id=2215572
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
