As part of our database init, we perform a check of the current
values for a few fields (graph driver, graph root, static dir,
and a few more) to validate that Libpod is being started with a
sane & sensible config, and the user's containers can actually be
expected to work. Basically, we take the current runtime config
and compare against values cached in the database from the first
time Podman was run.
We've had some issues with this logic before this year around
symlink resolution, but this is a new edge case. Somehow, the
database is being loaded with the empty string for some fields
(at least graph driver) which is causing comparisons to fail
because we will never compare against "" for those fields - we
insert the default value instead, assuming we have one.
Having a value of "" in the database largely invalidates the
check so arguably we could just drop it, but what BoltDB did -
and what SQLite does after this patch - is to use the default
value for comparison instead of "". This should still catch some
edge cases, and shouldn't be too harmful.
What this does not do is identify or solve the reason that we are
seeing the empty string in the database at all. From my read on
the logic, it must mean that the graph driver is explicitly set
to "" in the c/storage config at the time Podman is first run and
I'm not precisely sure how that happens.
Fixes#24738
Signed-off-by: Matt Heon <mheon@redhat.com>
For Copr builds, it will mention the Copr info from where the rpm is
installed.
For non-copr builds, it will mention the value of the packager macro
if set, and skip this field altogether if not.
On local rpm builds, this shows:
```
Build Origin: Lokesh Mandvekar <lsm5@fedoraproject.org>
```
On koji rpm builds, this shows:
```
Build Origin: Fedora Project
```
On copr rpm builds (for eg. rhcontainerbot/playground), this shows:
```
Build Origin: Copr: rhcontainerbot/playground
```
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
The default `gobuild` macro on CentOS Stream 9 now includes support for
`BUILDTAGS`.
CentOS Stream envs now also define `_user_tmpfilesdir` macro by default.
Both these definitions are no longer needed here.
`libtrust_openssl` buildtag is also set in spec wherever relevant.
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
When trying to pass a string with spaces that broke the go command cli
parsing, the full argument must be put in quotes to avoid escaping
issues.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
avoid using the glibc fork() function after using directly the clone()
syscall, as it confuses glibc causing the fork() to hang in some
cases.
The issue has been observed only on s390x, and the fix was confirmed
in the issue discussion.
Closes: https://github.com/containers/podman/issues/25184
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
BuildOrigin is a field that can be set at build time by packagers. This helps us trace how and where the binary was built and installed from, allowing us to see if the issue is due to a specfic installation or a general podman bug. This field shows up in podman version and in podman info when populated. Note that podman info has a new field, Client, that only appears when running podman info using the remote client.
Automatically set the BuildOrigin field when building the macOS pkginstaller to pkginstaller.
Usage: make podman-remote BUILD_ORIGIN="mypackaging"
Signed-off-by: Ashley Cui <acui@redhat.com>
Allowing for multiple manifest per artifact just makes the code and cli
design harder to work with it. It is not clear how mounting, extracting
or edit on a multi manifest artifact should have worked.
A single manifest should make the code much easier to work with.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
like images and containers, it could be handy to have a --noheading
option that removes the headings on the output.
Signed-off-by: Brent Baude <bbaude@redhat.com>
added a --no-trunc flag to artifact ls, which follows what images has
done. by default now, the ls output will have the shortened 12
character digest. the --no-trunc will output the full digest.
Signed-off-by: Brent Baude <bbaude@redhat.com>
podman artifact add now supports two new command line switches.
--type string that describes the type of artifact
--annotation string slice in the form of key=val
These new options allow users to "tag" information in on their artifacts
for any number of purposes down the line
RUN-2446
Signed-off-by: Brent Baude <bbaude@redhat.com>
`argv[0]`, ie: the full buffer allocated by `get_cmd_line_args`,
was going to be freed only if `can_use_shortcut()` was called.
Instead, let `init()` always manage `argv0` lifecycle.
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
Allow the user to provide an Ansible playbook file on init which will
then be run on boot.
Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
Signed-off-by: Brent Baude <bbaude@redhat.com>
We only need qemu-system-[x86|aarch64]-core based on the architecture
along with qemu-img. So, there's no need to pull in all of qemu.
The qemu-system-[x86|aarch64]-core packages are not present on CentOS
Stream and RHEL, so we use qemu-kvm there instead.
Ref: https://github.com/containers/podman/pull/24369/files#r1883658262
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
The current macos installer gvproxy version has a number of issues
around dns handling[1,2]. They should be fixed now in 0.8.3 as they
reverted the dns changes back to the 0.7.5 code. This should make it
work like it used to be. Our 5.3.2 installer ships the 0.7.5 version so
users of the podman installer never noticed that but we got plenty of
reports from brew users. This needs to be backported into v5.4 to make
sure we do not ship the broken version as part of the installer.
[1] https://github.com/containers/gvisor-tap-vsock/issues/462
[2] https://github.com/containers/gvisor-tap-vsock/issues/466
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
podman exec support detaching early via the detach key sequence. In that
case the podman process should exit successfully but the container exec
process keeps running.
Now I wrote automated test for both podman run and exec detach but this
uncovered several larger issues:
- detach sequence parsing is broken[1]
- podman-remote exec detach is broken[2]
- detach in general seems to be buggy/racy, seeing lot of flakes that
fail to restore the terminal and get an EIO instead, i.e.
"Unable to restore terminal: input/output error"
Thus I cannot add tests for now but this commit should at least fix the
obvoius case as reported by the user so I like to get this in regardless
and I will work through the other issues once I have more time.
Fixes#24895
[1] https://github.com/containers/common/pull/2302
[2] https://github.com/containers/podman/issues/25089
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
If not already bumped, this will bump:
c/storage v1.57.1
c/image v5.34.0
c/common v0.62.0
in preparation for Podman v5.4 and beyond.
Buildah will be vendored in a separate PR.
Signed-off-by: tomsweeneyredhat <tsweeney@redhat.com>
As issue #25112 points out, it was possible to start a machine on one of the darwin providers and then switch providers and start another one with a different name. This PR firstly prevents that use which is a forbidden use case.
Secondarily, performed some minor cleanup on the error messages being used so that the error would be specific to this condition.
This bug fix is for darwin only. In the case of Windows, we probably need to answer the question I raised in #24067 first, which is whether we want to stop allowing WSL to run multiple machines.
Fixes#25112
Signed-off-by: Brent Baude <bbaude@redhat.com>
A function in the reset code does not return an error. Simply removing the error variable and check for the condition (which was always false or nil)
Signed-off-by: Brent Baude <bbaude@redhat.com>
Matt Heon
Jan Rodák
Paul Holzinger
openshift-merge-bot[bot]
Lokesh Mandvekar
Lokesh Mandvekar
Giuseppe Scrivano
Ashley Cui
Brent Baude
Federico Di Pierro
Jake Correnti
Mario Loriedo
tomsweeneyredhat