Fixes#24267
This commit replaces a potentially unsafe slice-assignment with a call to `slices.Clone`.
This could prevent a bug where `saveCommand` and `loadCommand` could end up sharing an underlying array if `parentFlags` has a cap > it's len.
Signed-off-by: Zachary Hanham <z.hanham00@gmail.com>
Accidentally introduced in #21639.
Thanks to Paul for the Python code to prevent this from
happening again.
Signed-off-by: Ed Santiago <santiago@redhat.com>
By default golang programs exit 2 on special exit signals that can be
cought and produce a stack trace. However this is behavior that can be
modfied via GOTRACEBACK=crash[1], in that case it does not exit(2) but
rather sends itself SIGABRT to the parent sees the signal exit and out
test sees that es exit code 134, 128 + 6 (SIGABRT), like most shells do.
As it turns out GOTRACEBACK=crash is the default mode on all fedora and
RHEL rpm builds as they patch the build with a special
"rpm_crashtraceback" go build tag.
While that change is old and existing for a very long time it was never
caught until commit 5e240ab1f5, which switched the old ExitWithError()
check that accepted anything > 0, to just accept 2. And as CI only test
upstream builds that are build without rpm_crashtraceback we did not
catch in CI either. Only once a user actually used distro build against
the source e2e test it failed.
I like to highlight that running distro builds against upstream e2e
tests is not something we really support or plan to support but given
this is a easy fix I decided to just fix it here as any user with
GOTRACEBACK=crash set would face the same issue.
While I touch this test remove the unnecessary RestoreArtifact() call
which is not needed at all as we do nothing with the image and just
slows the test down for now reason.
[1] https://pkg.go.dev/runtime#section-sourcefilesFixes#24213
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
mapMutex is initialized in the ContainerRm function and cannot be released from outside,
thus unlock mutex before returning from function.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Signed-off-by: Егор Макрушин <emakrushin@astralinux.ru>
tar should be smart enough to check the magic byte and use the correct
decompression algo based on that so there is no need to spell it out
explictly.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Recently was trying to start podman machine with krunkit and got:
Error: krunkit exited unexpectedly with exit code 1
which isn't very descriptive. Although this doesn't solve the
issue, it increases the debugability of this error.
Signed-off-by: Eric Curtin <ecurtin@redhat.com>
This reverts commit 43f6173cc6.
The netavark version with nftables default is in f41 and rawhide
already so this is no longer needed. While we do not yet test f41 in CI
we have rawhide which is good enough until we update.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
The repo tar process took over 1:20 min, with zstd it takes less than
10s so we safe over a minute by doing this.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
In particular the main build task already did a make vendor and a
regeneration of the completion scripts. This means the first tre_status
would pick up both changes so the suggestion would be off. And rerunning
the same thing again here just makes thing slower than they need to be.
In particular there was the bug that make completion even rebuild podman
because generate-bindings obviously updates the timestamps of the files
as they are overwritten.
We do however must run generate-bindings as it was not run before.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
The current podman-release-%.tar.gz target does a lot more then just
checking if we can build for the given arch, in particular it first
builds a local podman-remote for the remote-docs.sh script. This makes
things slow as we compile several things and then builda and package the
docs. Given the docs are not arch specific there is realy no point in
doing all that work. All we care about is if the bianries can build on
other arches to catch compile issue for otherwise untested arches.
This should make the CI Alt Arch. tasks much faster.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
The doc generation and the validate-binaries target can be run in
parallel as they do not depend on each other and a specific ordering. As
such we pass -j $(nproc) but also --output-sync=target to ensure the
output is not intermixed between several targets which could be harder
to read in case of errors.
Hower dus the complex podman-release target we can run podman-release
and validate-binaries at the same time as the dependencies are not right
and we run podman-release first in order to get the correct binaires
build.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This target runs several scripts in serial but they do not have any
dependencies so we can split them all into their own target so that make
-j can run the targets in parallel to speed this up.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Builds now take over 10 mins, given golang compilation is parallelized
by default we can give more cores to speed it up.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
They no longer work in the latest image update, it is not clear why and
I do not have the time to debug that stuff. I opened #24230 to track it.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
In debian EST and MST7MDT are gone by default and moved to a special
package[1], instead of also installing that in the images lets use
different timezones in the test.
[1] 42c0008f86
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Run pasta with --trace and a log file to see if the hangs are caused by
pasta not correctly closing connections as assumed in #24219.
As the log is super verbose do not log it by default so I added some
extra logic to make sure it is only logged when the test fails.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This command sequence causes SizeRootFs to change on foo:
podman tag foo newimagename
podman save ... newimagename
podman load ...
Solution: get foo completely out of the picture. Use an
airgapped image: new image, new digest, new everything.
Fixes: #23756
Signed-off-by: Ed Santiago <santiago@redhat.com>
Quadlet inserts network-online.target Wants/After dependencies to ensure pulling works.
Those systemd statements cannot be subsequently reset.
In the cases where those dependencies are not wanted, we add a new
configuration item called `DefaultDependencies=` in a new section called
[Quadlet]. This section is shared between different unit types.
fixes#24193
Signed-off-by: Farya L. Maerten <me@ltow.me>
In the common scenario of podman-remote run --rm the API is required to
attach + start + wait to get exit code. This has the problem that the
wait call races against the container removal from the cleanup process
so it may not get the exit code back. However we keep the exit code
around for longer than the container so we can just look it up in the
endpoint. Of course this only works when we get a full id as param but
podman-remote will do that.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Call the wait endpoint right away when a container is started and not
only when attach is done, this allows us for wait to work when the
container has been removed otherwise (i.e. podman-remote run --rm). In
that case it was possible that wait failed and we then fall back to
reading events. However based on some reports there seems to be the
chance that the event readin is not working for them either and returns
a bad error "Cannot get exit code: <nil>" which does not help anybody.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Zachary Hanham
openshift-merge-bot[bot]
Ed Santiago
Paul Holzinger
Nicola Sella
Егор Макрушин
Matt Heon
Eric Curtin
Daniel J Walsh
Lokesh Mandvekar
Farya L. M
renovate[bot]