Switch the libpod references to podman in the CONTRIBUTING.md.
Update the cirrus-ci link so we can get a green build again :)
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
We no longer have to dance around the fact that the repo is named
"libpod" which simplifies the opening a bit. Also, refresh our
scope section and to-do section a bit.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
Some time ago, we moved the Seccomp policy (and related setup
code) to a place where all our tools could share it [1]. We did
not, however, remove the in-repo seccomp.json file. Over the last
year or so, the in-repo seccomp policy has become progressively
more and more outdated, with no effort made to maintain it
(because what sense is there in keeping a duplicate?). Today, a
friend came to me and asked if a Podman container could access
keyctl, assuming it could not because he was reading the outdated
Seccomp policy which does not allow it. Since it's becoming clear
that this file is doing no good and actively causing confusion,
let's just drop it.
[1] https://github.com/seccomp/containers-golang
Signed-off-by: Matthew Heon <mheon@redhat.com>
The links to latest windows and MAC versions are broken, and snapd version is i
out of date. Users should just go to release and grab packages from there.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
We’re now able to build a static podman binary based on a custom nix
derivation. This is integrated in cirrus as well, whereas a later target
would be to provide a self-contained static binary bundle which can be
installed on any Linux x64-bit system.
Fixes: https://github.com/containers/libpod/issues/1399
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
I noticed a large number of searches for Varlink on the Github
page, and that the readme still called it out as our only
supported API. This updates the readme to remove links to Varlink
API documentation, and points to docs for the new HTTP API.
I also updated other parts to reflect the current direction the
project is taking (Podman v2 and the HTTP API).
Signed-off-by: Matthew Heon <mheon@redhat.com>
The previous link pointed to the Markdown file, but the links are broken on that page. This pull request points to the actual documentation.
Grabbed from @srp33 PR https://github.com/containers/libpod/pull/4407 to help the merge process.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Add a `Communications` section to the README to make it more
approachable for new users who want to reach the community and
maintainers.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
The initial implementation was far more complicated than necessary.
Strip out the complexities in favor of a simpler and more direct
approach.
Signed-off-by: Chris Evich <cevich@redhat.com>
Touch up a number of formating issues for XDG_RUNTIME_DIRS in a number
of man pages. Make use of the XDG_CONFIG_HOME environment variable
in a rootless environment if available, or set it if not.
Also added a number of links to the Rootless Podman config page and
added the location of the auth.json files to that doc.
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Based on user feedback, refine the "Out of scope" section regarding
`docker-compose`:
* Explain why Podman uses Kubernetes YAML.
* Explain how `podman-play-kube` and `podman-generate-kube` fit into the
picture.
Addresses: https://github.com/containers/libpod/pull/2428#discussion_r259996507
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Also bump gitvalidation epoch - we usually do this every release,
but v1.0.0 is on a branch so we need a separate commit for master
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
Engineers get testing status via their PR's but another round of testing
happens post-merge, without any direct feedback. Fix this in a small
way, by adding a dynamic status badge on the front-page. If this
turns red, it means Cirrus-CI testing of the master branch failed
for some reason.
Nearly always it's something harmless, but once and a while, this
catches really nasty problems caused by merge-sequence issues.
Having that feedback on the front page ensures the right people will
eventually get called into action.
Signed-off-by: Chris Evich <cevich@redhat.com>
This shifts the matching logic out of libpod/container_internal and
into the hook package, where we can reuse it after vendoring into
CRI-O. It also adds unit tests with almost-complete coverage. Now
libpod is even more isolated from the hook internals, which makes it
fairly straightforward to bump the hook config file to 1.0.0. I've
dubbed the old format 0.1.0, although it doesn't specify an explicit
version. Motivation for some of my changes with 1.0.0:
* Add an explicit version field. This will make any future JSON
structure migrations more straightforward by avoiding the need for
version-guessing heuristics.
* Collect the matching properties in a new When sub-structure. This
makes the root Hook structure easier to understand, because you
don't have to read over all the matching properties when wrapping
your head around Hook.
* Replace the old 'hook' and 'arguments' with a direct embedding of
the runtime-spec's hook structure. This provides access to
additional upstream properties (args[0], env, and timeout) and
avoids the complication of a CRI-O-specific analog structure.
* Add a 'when.always' property. You can usually accomplish this
effect in another way (e.g. when.commands = [".*"]), but having a
boolean explicitly for this use-case makes for easier reading and
writing.
* Replace the previous annotations array with an annotations map. The
0.1.0 approach matched only the values regardless of key, and that
seems unreliable.
* Replace 'cmds' with 'when.commands', because while there are a few
ways to abbreviate "commands", there's only one way to write it out
in full ;). This gives folks one less thing to remember when
writing hook JSON.
* Replace the old "inject if any specified condition matches" with
"inject if all specified conditions match". This allows for more
precise targeting. Users that need more generous targeting can
recover the previous behavior by creating a separate 1.0.0 hook file
for each specified 0.1.0 condition.
I've added doc-compat support for the various pluralizations of the
0.1.0 properties. Previously, the docs and code were not in
agreement. More on this particular facet in [1].
I've updated the docs to point out that the annotations being matched
are the OCI config annotations. This differs from CRI-O, where the
annotations used are the Kubernetes-supplied annotations [2,3]. For
example, io.kubernetes.cri-o.Volumes [4] is part of CRI-O's runtime
config annotations [5], but not part of the Kubernetes-supplied
annotations CRI-O uses for matching hooks.
The Monitor method supports the CRI-O use-case [6]. podman doesn't
need it directly, but CRI-O will need it when we vendor this package
there.
I've used nvidia-container-runtime-hook for the annotation examples
because Dan mentioned the Nvidia folks as the motivation behind
annotation matching. The environment variables are documented in [7].
The 0.1.0 hook config, which does not allow for environment variables,
only works because runc currently leaks the host environment into the
hooks [8]. I haven't been able to find documentation for their usual
annotation trigger or hook-install path, so I'm just guessing there.
[1]: https://github.com/kubernetes-incubator/cri-o/pull/1235
[2]: https://github.com/kubernetes-incubator/cri-o/blob/v1.10.0/server/container_create.go#L760
[3]: https://github.com/kubernetes-incubator/cri-o/blob/v1.10.0/server/container_create.go#L772
[4]: https://github.com/kubernetes-incubator/cri-o/blob/v1.10.0/pkg/annotations/annotations.go#L97-L98
[5]: https://github.com/kubernetes-incubator/cri-o/blob/v1.10.0/server/container_create.go#L830-L834
[6]: https://github.com/kubernetes-incubator/cri-o/pull/1345/
[7]: https://github.com/NVIDIA/nvidia-container-runtime/tree/v1.3.0-1#environment-variables-oci-spec
[8]: https://github.com/opencontainers/runc/pull/1738
Signed-off-by: W. Trevor King <wking@tremily.us>
Closes: #686
Approved by: mheon
Using varlink's idl parser, we generate API documentation for the podman
API relying on the .varlink file as the source.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #734
Approved by: baude
Make that information more easily discoverable. And since
CONTRIBUTING.md already mentions IRC, we can drop the IRC reference
from the README to DRY things up.
Also update CONTRIBUTING.md to replace the stale #cri-o reference left
over from the initial libpod/podman fork. While I was touching this
line, I also shuffled some of the wording around to tighten that
sentence up.
Signed-off-by: W. Trevor King <wking@tremily.us>
Closes: #687
Approved by: rhatdan
Matthew Heon
Lars
Landrash
Ashley Cui
OpenShift Merge Robot
Matthew Heon
Paul Holzinger
Daniel J Walsh
Sascha Grunert
Dmitry Savintsev
TomSweeneyRedHat
Valentin Rothberg
Dmitry Smirnov
Stephen Piccolo
Chris Evich
Filip Weiss
Peter Hunt
alsadi
baude
William Entriken
Matthew Heon
jtligon
Micah Abbott
W. Trevor King