Locally building the windows installer requires to
build the documentation. And building documentation
requires Pandoc.
There is no pre-built binaries for Windows arm64
and this makes it complicated to build the Podman
Windows installer on Windows arm64.
To unlock this scenario we are adding a new winmake.ps1
target to build the documentation in a container (where
Pandoc is pre-installed).
Signed-off-by: Mario Loriedo <mario.loriedo@gmail.com>
Bumps to Buildah v1.40.0 and adds the `--inherits-labels` option to
build and farm build man pages.
Also turn off the inherit-labels option test for now as it seems to be
rathr unhappy.
Issue for inherit-labels test failure: https://github.com/containers/podman/issues/25938
Signed-off-by: tomsweeneyredhat <tsweeney@redhat.com>
in #25884, it was pointed out that the standard detection used to
determine the artifact's file type can be wrong. in those cases, it
would be handy for the user to be able to override the media type of the
layer. as such, added a new option called `--file-type`, which is
optional, and allows users to do just that.
`podman artifact add --file-type text/yaml
quay.io/artifact/config:latest ./config.yaml `
Fixes: #25884
Signed-off-by: Brent Baude <bbaude@redhat.com>
Table header in Pod units section was referring to podman container... instead of podman pod...
Signed-off-by: Andreas <43118918+eulores@users.noreply.github.com>
If the --health-cmd flag is not specified, other flags such as --health-interval, --health-timeout, --health-retries, and --health-start-period are ignored if the image contains a Healthcheck. This makes it impossible to modify these Healthcheck configuration when a container is created.
Fixes: https://github.com/containers/podman/issues/20212
Fixes: https://issues.redhat.com/browse/RUN-2629
Signed-off-by: Jan Rodák <hony.com@seznam.cz>
First, remove wrong sentence that says ports are forwarded dynamically
by default. That is wrong and contradicts what is written below.
Second, document that we also set --dns-forward and --map-guest-addr by
default. And lastly document the containers.conf field so users know
they are not forced to set the options on each command.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
- Fix links to other man-pages in podman-build.1.md.in
- Fix markup and add link to oci-hooks manpage in podman.1.md
Signed-off-by: Paul Lettich <paul.lettich@netknights.it>
It seems support was added into Buildah for no-new-privileges [1]
however the Podman build documentation was not updated.
Fixes#25731
[1] d4c661a774
Signed-off-by: Lewis Denny <lewis@redhat.com>
- Bzip2, not bzip
- Add Zstd
- List compression algorithms, not file extensions, to
decrease redundancy (and because the code doesn't actually
rely on file extensions)
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
We can now accept the other formats again.
This reverts commit 9e397d8e4d8d520cf48594c8b5bb126209897486.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
This commit adds new --cdi-spec-dir global option. This
option is used to add additional CDI spec paths.
Signed-off-by: Micah Chambers (eos) <mchambers@anduril.com>
Signed-off-by: Jan Kaluza <jkaluza@redhat.com>
This adds support for the UpheldBy option in quadlet files. The UpheldBy option
is the counterpart to the Upholds option added in systemd v249 and is
similar to the existing WantedBy and RequiredBy options.
See https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#Upholds=.
Signed-off-by: John Schug <john.ips.schug@gmail.com>
This commit adds new annotation called:
io.podman.annotations.pids-limit/$ctrname
This annotation is used to define the PIDsLimit for
a particular pod. It is also automatically defined
when newly added --pids-limit option is used.
Fixes: #24418
Signed-off-by: Jan Kaluza <jkaluza@redhat.com>
This commit adds new Retry= and RetryDelay= options
to quadlet.go which result in --retry and --retry-delay
usage in podman run, image and build commands.
This allows configuring the retry logic in the systemd
files.
Fixes: #25109
Signed-off-by: Jan Kaluza <jkaluza@redhat.com>
The current max size is defined as `maxSecretSize = 512000` in
`github.com/containers/common/blob/main/pkg/secrets/secrets.go`.
Signed-off-by: Alexander Gramiak <agrambot@gmail.com>
The --env is used to add new environment variable to container or
override the existing one. The --unsetenv is used to remove
the environment variable.
It is done by sharing "env" and "unsetenv" flags between both
"update" and "create" commands and later handling these flags
in the "update" command handler.
The list of environment variables to add/remove is stored
in newly added variables in the ContainerUpdateOptions.
The Container.Update API call is refactored to take
the ContainerUpdateOptions as an input to limit the number of its
arguments.
The Env and UnsetEnv lists are later handled using the envLib
package and the Container is updated.
The remote API is also extended to handle Env and EnvUnset.
Fixes: #24875
Signed-off-by: Jan Kaluza <jkaluza@redhat.com>
Our calculation is just wrong and the way the entire API is designed it
cannot work. This is the same interface as docker is using and they have
the same bug there. So simply document this as known problem, in case
users complain we at least have something to point to.
An actual fix might be possible but not without reworking the full API
and because this is exposed in the docker compat and libpod REST API we
cannot really change it.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Add a new option to allow for mounting artifacts in the container, the
syntax is added to the existing --mount option:
type=artifact,src=$artifactName,dest=/path[,digest=x][,title=x]
This works very similar to image mounts. The name is passed down into
the container config and then on each start we lookup the artifact and
the figure out which blobs to mount. There is no protaction against a
user removing the artifact while still being used in a container. When
the container is running the bind mounted files will stay there (as the
kernel keeps the mounts active even if the bind source was deleted).
On the next start it will fail to start as if it does not find the
artifact. The good thing is that this technically allows someone to
update the artifact with the new file by creating a new artifact with
the same name.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
The `podman system reset` removes the `RunDirectory` directory as part of the machine reset, where `podman.sock` is usually stored.
Fixes: https://issues.redhat.com/browse/RHEL-71320
Signed-off-by: Jan Rodák <hony.com@seznam.cz>
When certain directories, like /tmp, get mounted over, FCOS/Linux can
act in unexpected ways. Added a sanity check for a list of directories
think might be impacted by this. Also, moved the volume parsing earlier
in the init process so we can catch problems before the expensive
decompression of machine images.
The following destinations are forbidden for volumes:
`/bin`, `/boot`, `/dev`, `/etc`, `/home`, `/proc`, `/root`, `/run`, `/sbin`, `/sys`, `/tmp`, `/usr`, and `/var`. Subdirectories
Fixes: #18230
Signed-off-by: Brent Baude <bbaude@redhat.com>
A user has reported that a previously used URL in our Introduction
documentation is no longer working. It apparently has missing files and
so forth. We now use a Containerfile that is more reliable and less
chance of change.
Fixes: #25449
Signed-off-by: Brent Baude <bbaude@redhat.com>
according to the conversation in #18193, we only support plain tar or
gzipped tar as input.
Fixes: #18193
Signed-off-by: Brent Baude <bbaude@redhat.com>
