Bump to the version of Buidah in it's main branch to get the
CVE-2024-1753 fix.
[NO NEW TESTS NEEDED]
Signed-off-by: tomsweeneyredhat <tsweeney@redhat.com>
Belated followup to #21981. (Looks like I started to add this
functionality back in 2020 but left it unfinished. Tsk tsk.)
docs/source/Commands.rst is unnecessary duplication. It _should_
be autogenerated, but I can't figure out how to cleanly add
that to our Make process. This PR is an interim cross-check
until we get that resolved:
- everything in podman --help must have a matching entry
in Commands.rst (top-level commands only)
- check for dups and out-of-sequence in Commands.rst
- also for anything in Commands.rst that is not in --help
Fix existing mismatches in Commands.rst.
Also, #21784 removed a format specifier that I was using in
regression tests. Switch to using something else, to get
test passing again. Given the fact the correct solution
is autogenerating Commands.rst, I choose not to add new
tests for the rst xref.
Also, executive decision, remove volume.rst. It is not referenced
from anywhere, it looks like a lonely orphan remnant from days
of yore.
Signed-off-by: Ed Santiago <santiago@redhat.com>
In some environments, such as the one described in
https://github.com/containers/podman/issues/20927, the default route
is given as nexthop gateways. That is, it's a multipath routes with
multiple gateways.
That means that pasta(1), after commit 6c7623d07bbd ("netlink: Add
support to fetch default gateway from multipath routes"), can start
and use a default gateway from that route.
Just like in pasta(1), in these tests, the default route indicates
which upstream interface we should pick. If we ignore multipath
routes, IPv6 addresses and gateway addresses themselves won't be
available, so, while pasta is now able to configure the container,
IPv6 tests will expect to find no address and no gateway, hence fail
due to the mismatch.
Try to get routes, including gateway addresses and interface names,
from nexthop objects, in case the selection of a regular default
route yields no results.
Link: https://github.com/containers/podman/issues/20927Closes: #20927
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
This removes the need for any `Provides: bundled()` we needed in spec
files.
The updated Provides will be visible in the build logs and can also be
verified with `rpm -q --provides $RPM_FILE`.
Signed-off-by: Lokesh Mandvekar <lsm5@redhat.com>
We need to take another lock to prevent concurrent starts from different
machines.
I manually tested it by starting three VM in parallel with:
podman machine start & podman machine start test1 & podman machine start test2
I also added a CI test that seems to work as expected (failed with the
old binary, worked with the new)
Before this patch I was able to start more than VM, with this patch it
now only starts one of them and the other ones will fail to start with
a proper error.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This function is not used, it has been refactored in the general
starting good higher up the stack.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Currently we first read the conf and then lock, this is racy because
while we wait for the lock another process might change the state so
the only way to have the actual current state is to read the file
while holding the lock.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
- Fixes conflicts such as removal of second machine deleting a socket of a
the first machine while it's running
- Move API socket into runtime directory for consistency
- Add API and gvproxy sockets to removal list
- Cleanup related logic
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
make validate should work locally, this check makes no sense in a local
context as it checks for a github label.
To fix this remove this check from the validate target and only use it
as part of the CI validate run.
While at it remove old dnf install step, the issue has been closed for a
long time and it should already be part of our base images.
Fixes#22031
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
we are having second thoughts about *requiring* a policy.json on podman
machine hosts. we are concerned that we need to work out some more use
cases to be sure we do not make choices now that limit us in the near
term future. for example, should the policy files be the same for
container images and machine images? And should one live on the host
machine and the other live in the machine?
therefore, if a policy.json *is* present in the correct location, we will use and honor it; however, if it does not, we will allow the machine image to be pulled without a policy.
Signed-off-by: Brent Baude <baude@redhat.com>
Co-authored-by: Paul Holzinger <45212748+Luap99@users.noreply.github.com>
Signed-off-by: Brent Baude <bbaude@redhat.com>
This commit bumps containers-common dep such that passt and netavark become hard
deps for podman on fedora 40+.
Ref: https://bugzilla.redhat.com/show_bug.cgi?id=2269148
With this commit, f40+ envs will use the min name-version-release for
containers-common-extra while other deps will use whatever's available.
This change can be reverted after a few releases to keep conditionals to
a minimum.
Signed-off-by: Lokesh Mandvekar <lsm5@redhat.com>
1. Added the xz decompression unit tests
2. Removed the xz implementation to use the one from c/images
3. Removed the specific macos gzip, zstd compressor and use
the generic compressor but with SparseWriter if GOOS == darwin
Signed-off-by: Mario Loriedo <mario.loriedo@gmail.com>
For consistency with linux/osx makefile
I have added the win-gvproxy target as
an alias of win-sshproxy
[NO NEW TESTS NEEDED]
Signed-off-by: Mario Loriedo <mario.loriedo@gmail.com>
Adding the final machine endpoint as quay.io/podman/machine-os in the
Podman code. As a reminder, we decided we would set this in containers
conf once things settle down and this code would then be removed.
Signed-off-by: Brent Baude <bbaude@redhat.com>
Updated build_windows.md with a new section that
document how to build and run the windows podman
client without the need to install MSYS.
[NO NEW TESTS NEEDED]
Signed-off-by: Mario Loriedo <mario.loriedo@gmail.com>
Also update the website to display the correct swagger doc for the right
version, the 5.0 swagger file will not exist until we branch but I added
it anyway so we do not forget it.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Healthchecks, defined in a .yaml file as livenessProbe did not had any
effect. They were executing as intended, containers were marked as
unhealthy, yet no action was taken. This was never the intended
behaviour, as observed by the comment:
> if restart policy is in place, ensure the health check enforces it
A minimal example is tracked in containers/podman#20903 [1] with the
following YAML:
```yaml
apiVersion: v1
kind: Pod
metadata:
name: ubi-httpd-24
spec:
restartPolicy: Always
containers:
- name: ubi8-httpd
image: registry.access.redhat.com/rhscl/httpd-24-rhel7:2.4-217
livenessProbe:
httpGet:
path: "/"
port: 8081
```
By passing down the restart policy (and using constants instead of
actually wrong hard-coded ones), Podman actually restarts the container
now.
[1]: https://github.com/containers/podman/issues/20903Closes#20903.
Signed-off-by: Jasmin Oster <nachtjasmin@posteo.de>
tomsweeneyredhat
openshift-merge-bot[bot]
Ed Santiago
Stefano Brivio
Lokesh Mandvekar
Jason T. Greene
Cedric Staniewski
Garth Bushell
Paul Holzinger
renovate[bot]
Matt Heon
Brent Baude
Mario Loriedo
Denys Knertser
Brent Baude
Jasmin Oster