This is needed by podman desktop CI, to ensure their 'latest' testing
jobs continuously and exactly match the podman repository state +
related binaries.
Signed-off-by: Chris Evich <cevich@redhat.com>
vfkit needs the com.apple.security.virtualization entitlement or it
wont' be able to start virtual machines:
Error: Error Domain=VZErrorDomain Code=2 Description="Invalid virtual machine configuration. The process doesn’t have the “com.apple.security.virtualization” entitlement." UserInfo={
NSLocalizedFailure = "Invalid virtual machine configuration.";
NSLocalizedFailureReason = "The process doesn\U2019t have the \U201ccom.apple.security.virtualization\U201d entitlement.";
}
This fixes https://github.com/containers/podman/issues/21842
Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
When there is no signing identity to pass to the macOS `codesign` tool,
we can use `-` instead as the identity to perform ad-hoc signing.
From `man codesign`:
> If identity is the single letter "-" (dash), ad-hoc signing is
> performed. Ad-hoc signing does not use an identity at all
This makes it easier to test the sign() code-path in package.sh as
we'll run the same code regardless of `NO_CODESIGN` being set or not.
Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
At least in all recent Fedora releases, SOURCE_DATE_EPOCH would be set. But the
build should work even if it not set, e.g. in copr builds on c8s. Add 'date +%s'
as a fallback.
From: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
This is a copy-paste of commit eaa62a52 in podman fedora dist-git.
[NO NEW TESTS NEEDED]
Signed-off-by: Lokesh Mandvekar <lsm5@redhat.com>
This config needs to be included for podman machine pulls to work and
set MACHINE_POLICY_JSON_DIR so that the file should be located next to
the binary.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
So that this file can be inculded in our windows/macos packages and also
by other packagers.
Right now the default policy is allow everything but we plan to add
signing in the future.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Allow users to set MACHINE_POLICY_JSON_DIR to the policy.json directory
which is used for podman machine pulls.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
The default policy file /etc/containers/policy.json location does not
work on windows and for packages that ship a default.
Now we search for the policy.json in the following overwrite locations:
macos and linux:
- ~/.config/containers/policy.json
- /etc/containers/policy.json
windows:
- %APPDATA%\containers\policy.json
Also it offers an additional DefaultPolicyJSONPath var that should be
overwritten at built time with the path of the file that is shipped by
packagers. Thile file is used when none of the overwrite paths exist.
[NO NEW TESTS NEEDED]
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
For a unix socket we should not trim this at all. The problem exists for
ssh only so make sure we only do this when a ssh URL is given.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Make the logic here much simpler, we already pass all the conection info
before so just use the parsed URL here.
Fixes#20943
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Machine only works on amd64 and arm64 but the compose command can still
be used without machine so split out the machine only logic to make it
build for all arches.
[NO NEW TESTS NEEDED]
Fixes#21757
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Too many tests use port 5000. Although there's a putative GetPortLock()
it seems to be unreliable, and we often get what appear to be collisions
between tests.
A proper solution would be to pseudorandomly allocate ports, verify
that they're not being reused, Sprintf() these everywhere that
needs them, and sprinkle some powdered cinnamon on top.
This is not that proper solution.
Fixes: #20655
Signed-off-by: Ed Santiago <santiago@redhat.com>
Use $SOURCE_DATE_EPOCH instead of the current date
Using the current timestamp makes every build slightly different, breaking build
reproducibility.
From: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
This is a copy-paste of commit a87dd6f50 in podman fedora dist-git.
[NO NEW TESTS NEEDED]
Signed-off-by: Lokesh Mandvekar <lsm5@redhat.com>
There is no reason for us to use v2 here, we use v3 already in most
places. The go-openapi dependency still uses v2 so we do not get rid of
it yet but it looks like they migrated upstream so once a new version
is released there and finds our way to us then we should get some nice
binary size reduction.
[NO NEW TESTS NEEDED]
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
The spec file had
%if %{defined rhel} && 0%{?rhel} < 10
%define gobuild(o:) ...
%endif
...
%if !%{defined gobuild}
BuildRequires: go-rpm-macros
%endif
The intent apparently was to use BR:go-rpm-macros where available, and define
%gobuild as a fallback where they are not available. This was unreliable,
because the package may have been installed already, and then %gobuild would be
defined when the srpm was being built, and then the srpm would NOT have the BR.
Instead, use the same condition to wrap the definition of %gobuild and the BR
lines to that the BR is always emitted when appropriate.
From: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
This is a copy-paste of commit be971d6fb in podman fedora dist-git.
[NO NEW TESTS NEEDED]
Signed-off-by: Lokesh Mandvekar <lsm5@redhat.com>
Currently if a user specifies a negative time to stop a container the
code ends up specifying the negative time to time.Duration which treats
it as 0. By settine the default to max.Unint32 we end up with a positive
number which indicates > 68 years which is probably close enough to
infinity for our use case.
Fixes: https://github.com/containers/podman/issues/21811
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
This change migrates to new QEMU stream netdev added in 7.2.0.
It also unifies how gvproxy is used in QEMU and AppleHV.
Signed-off-by: Arthur Sengileyev <arthur.sengileyev@gmail.com>
Added some tests to verify that files extractions works
with different compression format.
Created a decompressor interface with 2 main methods:
reader(): returns an io.Reader for the specific compression algorithm
copy(): extracts the compressed file into the file provided as param
Created 5 decompressor types:
- gzip: extract gzip files
- xz: extract xz files
- zip: extract zip files
- generic: extract any other file using github.com/containers/image/v5/pkg/compression
- uncompressed: only do a copy of the file
Minor fix to the progress bar instances: added a call to bar.Abort(false)
that happens before Progress.Wait() to avoid that it hangs when a bar is
not set as completed although extraction is done.
Signed-off-by: Mario Loriedo <mario.loriedo@gmail.com>
