Fixes#14021
Substitution values built from `$(shell ...)` output can easily be empty
due to the shell's default `pipefail` behavior. This can also hide
non-zero exit codes, similarly resulting in empty values being set.
While not a perfect fix, the situation is improved by using the
`err_if_empty` function in all cases where empty values would be
unexpected. Remove the definitions for `GIT_BRANCH` and
`GIT_BRANCH_CLEAN` which don't seem to actually be used anywhere
(including in code).
Add a simple release-test to verify `podman info` outputs a non-empty
value for "GitCommit".
Signed-off-by: Chris Evich <cevich@redhat.com>
As of Fedora 36, `/etc/containers/storage.conf` with defaults is
installed under `/usr/share/containers/`. This was causing builds
to fail in the necessary `sed` command that enables fuse-overlayfs.
Fix this by using sed on the new location with an output redirect
into the `etc` location.
Also, perform a mass-cleanup of the three files to make them easier
to read/maintain. Including renaming them to `Containerfile`,
since all native build tooling is now used to produce them.
Lastly, take advantage of the `podman-next` copr repository to install
the latest/greatest podman from `main`, rather than building it from
scratch. This will greatly speed up the image build speed.
Signed-off-by: Chris Evich <cevich@redhat.com>
podmans remote API does not marshal infra's spec due to
the fact that if it did, all of those options would be available to
the users on the command line. This means we need to manually map "backwards"
some container spec items -> pod spec items before calling PodCreate, this was
one of them that was forgotten
resolves#14233
Signed-off-by: cdoern <cbdoer23@g.holycross.edu>
Signed-off-by: cdoern <cdoern@redhat.com>
For consumers of the podman.sock who want a predictable way to find the
podman sock, we now include it under 'ConnectionConfig' in podman
machine inspect.
Fixes: #14231
Signed-off-by: Brent Baude <bbaude@redhat.com>
[NO NEW TESTS NEEDED] Removed `imageStream` hardcoded value that was set to
testing. Since podman4 is in the fcos trees, it should be removed. The
respective comments have also been removed.
Signed-off-by: Jake Correnti <jcorrenti13@gmail.com>
When podman-remote is used we should not resolve the default network
mode on the client. Defaults should be set on the server. In this case
this is important because we have different defaults for root/rootless.
So when the client is rootless and the server is root we must pick the
root default.
Note that this already worked when --network was set since we did not
parsed the flag in this case. To reproduce you need --network=default.
Also removed a unused function.
[NO NEW TESTS NEEDED] I tested it manually but I am not sure how I can
hook a test like this up in CI. The client would need to run as rootless
and the server as root or the other way around.
Fixes#14368
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
The test calls podman run -d followed by podman logs. There is no
guarantee the the container or conmon has written all its output.
Adding an extra podman wait should fix this.
Do not remove the -d to not print 1000 unnecessary lines in the logs.
Fixes#14362
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Some of the targets overwrite $GOOS. Since podman-remote-static should
always build for linux we can force linux GOOS here.
Fixes#14201
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
v3.0.1 resolves GHSA-hp87-p4gw-j4gq - CVE-2022-28948.
While podman doesn't appear to be vulnerable to the CVE as the concerned
code isn't being called, this update should silence a dependabot alert.
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
When a container does not use the default podman netns, for example
--network none or --network ns:/path a restore would fail because the
specgen check validates that c.config.StaticMAC is nil but the
unmarshaller sets it to an empty slice.
While we could make the check use len() > 0 I feel like it is more
common to check with != nil for ip and mac addresses.
Adding omitempty tag makes the json marshal/unmarshal work correctly.
This should not cause any issues.
Fixes#14389
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Hardcoding the interface name is a bad idea. We have no control over the
actual interface name since the user can change it.
The correct thing is to read them from the network status. Since the
contianer can have more than one interface we have to add the RX/TX
values. The other values are currently not used.
For podman 5.0 we should change it so that the API can return the
statistics per interface and the client should sum the TX/RX for the
command output. This is what docker is doing.
Fixes#13824
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
When the volume does not exist we should output an error stating so and
not some generic one.
Fixes#14411
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Currenlty this ssh warning is printed everytime:
`Warning: Permanently added '[localhost]:33915' (ED25519) to the list of known hosts.`
Since this is very anoying and makes it harder to capture the actual
command output we should silence this. With log level error we will only
see the important messages from ssh.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
In docker, the format of no-new-privileges is
"no-new-privileges:true". However, for Podman
all that's required is "no-new-privileges", leading to issues
when attempting to use features desgined for docker in podman.
Adding support for the ":" format to be used along with the "="
format, depedning on which one is entered by the user.
fixes#14133
Signed-off-by: Niall Crowe <nicrowe@redhat.com>
Forward the ssh exit code to the podman caller. This is useful for
scripts. Use the same logic as podman unshare.
Fixes#14401
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Libpod or packages under /pkg should never import from /cmd/...
This will quickly result in import cycles and weird code paths.
Also there is no reason to use this special code we can just use
syscall.SIGHUB as SIGNAL.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Make sure to wait for the systemd operations to finish when
starting/stopping healtcheck timers and services. Also make
sure to stop the timer before the service to avoid a race
with the timer.
[NO NEW TESTS NEEDED] since it is a non-functional change and existing
tests are expected to pass.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Refactor populating uptime field to use standard library parsing and
math for populating the hour, minute, seconds fields.
Note: the go-humanize package does not cover time.Duration just
time.time.
```release-note
NONE
```
[NO NEW TESTS NEEDED]
Signed-off-by: Jhon Honce <jhonce@redhat.com>
After lgtming the latest from @flouthouc, I spotted one
more minor typo in the troubleshooting guide. This corrects it.
Signed-off-by: tomsweeneyredhat <tsweeney@redhat.com>
With conmon-rs on the horizon, we need to disentangle Libpod from
legacy Conmon to the greatest extent possible. There are
definitely opportunities for codesharing between the two, but we
have to assume the implementations will be largely disjoint given
the different architectures.
Fortunately, most of the work has already been done in the past.
The conmon-managed OCI runtime mostly sits behind an interface,
with a few exceptions - the most notable of those being attach.
This PR thus moves Attach behind the interface, to ensure that we
can have attach implementations that don't use our existing unix
socket streaming if necessary.
Still to-do is conmon cleanup. There's a lot of code that removes
Conmon-specific files, or kills the Conmon PID, and all of it
will need to be refactored behind the interface.
[NO NEW TESTS NEEDED] Just moving some things around.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
The Authorization field lists the plugins for granting access to the
Docker daemon. This field will always be nil for Podman as there is no
daemon. The field is included for compatibility.
```release-note
NONE
```
[NO NEW TESTS NEEDED]
Signed-off-by: Jhon Honce <jhonce@redhat.com>
Add a small note to troubleshooting docs regaring version parity between
podman-client and podman-server when looking for bug fixes.
[NO TESTS NEEDED]
[NO NEW TESTS NEEDED]
Closes: https://github.com/containers/podman/issues/12660
Signed-off-by: Aditya R <arajan@redhat.com>
Allowing custom flags to provider has the potential to break all the
hand-crafted commands currently in use. This could become a support
nightmare.
```release-note
NONE
```
[NO NEW TESTS NEEDED]
Signed-off-by: Jhon Honce <jhonce@redhat.com>
Buildah already supports using `--layers` with `--squash` after https://github.com/containers/buildah/pull/3674
if user wants to do so hence podman must honor similar configuration
in `--squash-all` behaviour if user wants to using cache.
PS: We cannot alter behaviour of `podman build --squash` for
docker-compat reasons hence this feature can be easily supported by
`--squash-all`.
Closes: https://github.com/containers/buildah/issues/4011
Signed-off-by: Aditya R <arajan@redhat.com>
Most were simply deleted, the main one addressed is in the
"pre-testing" `ext_svc_check.sh` script. It will now verify
accessibility of several key test images we maintain in `quay.io`.
Signed-off-by: Chris Evich <cevich@redhat.com>
