This commit adds Packit configuration files which will trigger rpm
builds on copr:`rhcontainerbot/packit-builds` on every PR as well as on
copr:`rhcontainerbot/podman-next` on every commit to main branch.
This commit will ensure main branch is always buildable on all supported
Fedora and CentOS Stream versions for aarch64 and x86_64.
TODO: enable build checks for s390x and ppc64le while ensuring they
don't take too long to build.
The packit builds reuse `buildah.spec.rpkg` present upstream and are
thus independent of Fedora / CentOS dist-git.
This change will remove the need for the current webhook based triggering
of rpm builds on rhcontainerbot/podman-next after commit to main.
That will be instead handled by the `trigger: commit` action added in this
PR. New builds will continue to get posted to the same link so users
don't need to change any existing copr repo configuration.
[NO NEW TESTS NEEDED]
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
The `containers-common-extra` subpackage of `containers-common` handles
all the dependencies common to podman and buildah. So, it's best to
remove those from podman's spec.
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
Currently we are shipping no data about quadlet, since the
podman-systemd.unit file is not shipped. Also want to add the
quadlet name to the description of the man page so that
man -k quadlet
will help users find the man page.
Also add a link file such that if the user types in
man quadlet
man will show the podman-systemd.unit file.
Also eliminate the subpackage podman-quadlet
Fixes: https://github.com/containers/podman/issues/17349
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
This is a unit that can be enabled when using transient store mode
to clean up potential leftovers from previous boots. All it does is
run "podman system prune --external" once each boot.
Signed-off-by: Alexander Larsson <alexl@redhat.com>
This is not needed since we dropped the quadlet user.
[NO NEW TESTS NEEDED] This just changes the build.
Signed-off-by: Alexander Larsson <alexl@redhat.com>
Quadlet was doing some custom handling of uid/gid remapping, originating
from pre --userns=auto support, including its own user for getting subuids
which kinda conflicts with the "container" user used for that.
This drops all the old support for id remapping in favour of a new set
of keys that more directly map to the podman run options.
We have essentially 3 modes now:
```
RemapUsers=manual
RemapUid=0:10000:10
RemapUid=10:20000:10
RemapGid=0:10000:10
RemapGid=10:20000:10
```
This maps to --uidmap and --gidmap options.
```
RemapUsers=auto
```
This maps to --userns=auto. But you can additionally specify RemapUid,
RemapGid and RemapUidSize which gets applied as options to the
--userns podman option.
```
RemapUsers=keep-id
```
This maps to --userns=keep-id and only works for user units.
Signed-off-by: Alexander Larsson <alexl@redhat.com>
containers-common now has a new `-extra` subpackage which handles
dependencies common to podman and buildah and also depends on
the main package `containers-common` itself.
The podman-next copr rebuilds containers-common from the rawhide branch
of dist-git so it will always have the latest version and will also
supersede the official containers-common packages (except on rawhide
where it will be equal).
Fixes: #16137
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
Based on the initial port in https://github.com/containers/quadlet/pull/41
This contains the unit tests and the testcases from the C code as well
as modification to the podman spec file based on what the quadlet
spec file looks like, producing a podman-quadlet subpackage.
Signed-off-by: Alexander Larsson <alexl@redhat.com>
Some users are still on f35, so we need to account for that for some
time.
[NO NEW TESTS NEEDED]
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
EL8 builds are failing because hack/markdown-preprocess needs python3
which AFAICT isn't included by default in EL8 build environments.
This commit also includes an additional `[CI:COPR]` mode which is
currently runs the same tests as `[CI:DOCS]` but could differ in future.
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
Podman is using pkg/hooks from c/common and following man page is moved
to c/common
[NO NEW TESTS NEEDED]
[NO TESTS NEEDED]
Signed-off-by: Aditya R <arajan@redhat.com>
With the upcoming plans of introducing a podman-kube command with
various subcommands, rename the podman-play-kube systemd template
to podman-kube before releasing it.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Remove GOPATH setting as since Go 1.9 it defaults to $HOME/go (for
earlier versions it had to be specified explicitly).
Remove GOPATH-related code from the spec, using relative paths when
compiling packages, and enable Go modules, simplifying the spec.
Remove support for multiple paths in GOPATH (which is rarely used and
doesn't really work with modules).
Remove setting GOBIN, rely on $GOPATH/bin instead. In case GOBIN is
explicitly set (which is highly unlikely), forcefully ignore by
unsetting it.
Remove GOBIN from tools invocation since we added GOPATH/bin to PATH.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Support running `podman play kube` in systemd by exploiting the
previously added "service containers". During `play kube`, a service
container is started before all the pods and containers, and is stopped
last. The service container communicates its conmon PID via sdnotify.
Add a new systemd template to dispatch such k8s workloads. The argument
of the template is the path to the k8s file. Note that the path must be
escaped for systemd not to bark:
Let's assume we have a `top.yaml` file in the home directory:
```
$ escaped=$(systemd-escape ~/top.yaml)
$ systemctl --user start podman-play-kube@$escaped.service
```
Closes: https://issues.redhat.com/browse/RUN-1287
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Rootless users cannot load the ip_tables module, in fedora 36 this
module is no longer loaded by default so we have to add it manually.
This is needed because rootless network setup tries to use iptables
and if iptables-legacy is used instead of iptables-nft it will fail.
To provide a better user experience we will load the module at boot.
Note that this is not needed for RHEL because iptables-legacy is not
supported on RHEL 8 and newer.
[NO NEW TESTS NEEDED]
Fixes#12661
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
containers-common rpm now `Recommends: netavark` and
`Provides: container-network-stack` which are
actually provided by both cni-plugins and netavark.
Netavark has a `Recommends: aardvark-dns` already.
So, we should only depend on the containers-common package and let it
handle everything.
Also, dnsname no longer needs to be recommended if we want new users to
use netavark / aardvark-dns.
[NO NEW TESTS NEEDED]
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
Building from source would involve separate `make` and `make install`
steps.
This removes a lot of unnecessary `-nobuild` targets which were
otherwise needed for packaging.
This commit also removes spec files for unused copr jobs.
[NO NEW TESTS NEEDED]
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
This commit removes .autocopr/podman.spec in favor of
podman.spec.rpkg to account for new recommendations for COPR builds.
The build process now enables debug packages and also uses
`%gobuild` instead of `make` or `go build` to
get the packages as close as possible to Fedora koji builds.
https://lists.fedoraproject.org/archives/list/copr-devel@lists.fedorahosted.org/message/3JORYRKDWFMJSR35Z4LIKDEXH2T5263H/
[NO NEW TESTS NEEDED]
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
