podman in Fedora gets seccomp.json from containers-common while
the one in Ubuntu PPA gets seccomp.json from containers-golang.
This change will let me use install.config target unmodified
in downstream packages.
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
The final versions of the documentation has been shifted from `docs/` to
`docs/build/man`. Most of the Makefile has been changed accordingly, but
the docker documentation generation was not.
Introduced by #4354
Signed-off-by: Morten Linderud <morten@linderud.pw>
* Refactored code and Makefile to support new docs layout
* Removed some old code packaging code
* Add Readme.md to document what we're doing
Signed-off-by: Jhon Honce <jhonce@redhat.com>
Signed-off-by: baude <bbaude@redhat.com>
Restructuring the docs dir to make integration with sphinx easier. man
pages now exist in docs/source/man and the sphinx make files exists in
docs.
Signed-off-by: baude <bbaude@redhat.com>
Refactor the `RuntimeConfig` along with related code from libpod into
libpod/config. Note that this is a first step of consolidating code
into more coherent packages to make the code more maintainable and less
prone to regressions on the long runs.
Some libpod definitions were moved to `libpod/define` to resolve
circular dependencies.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
`multi-user.target` doesn't exist in the systemd *user* instance.
We can't hook up the startup of a user unit to a system target.
Doing so causes systemd to error out in Fedora CoreOS builds
during presets.
Make it depend on `default.target` instead.
(Having the same unit in both system and user sessions has some
tricky bits like this)
Signed-off-by: Colin Walters <walters@verbum.org>
When executing 'make remotesystem' testing, a varlink process is started
up but it's stdio is dumped due to the production of excessive data.
However, this also means if the process has a problem, any errors will
not be accessible.
Instead, grab only the last 100 lines and direct them into a file. Also
update automation's log collection to retrieve this file when the
`$REMOTE_CLIENT` env. var. is `true`.
Signed-off-by: Chris Evich <cevich@redhat.com>
* Update scipts to produce darwin and windows output
* Update batch file to re-direct help requests to browser
* Add pandoc filter for markdown to html links
Signed-off-by: Jhon Honce <jhonce@redhat.com>
* Update Makefile to build msi
* Add podman.wxs to define podman.msi
* Version information provided by Makefile
* Add podman.bat wrapper for podman-remote-windows.exe to ensure environment
* Add wix xml schemas for reference
Signed-off-by: Jhon Honce <jhonce@redhat.com>
The bsd variant of `ln` does not support the ``-T`` option.
Testing for existence using wildcard before creating new symlinks
should be sufficient here. Furthermore the target directory is
managed internally by this Makefile anyway.
Signed-off-by: Christian Felder <c.felder@fz-juelich.de>
Use GOPROXY=https://proxy.golang.org to speed up fetching dependencies.
Setting it makes `make vendor` three times faster in my local env.
For details please refer to https://proxy.golang.org/.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
The initial implementation was far more complicated than necessary.
Strip out the complexities in favor of a simpler and more direct
approach.
Signed-off-by: Chris Evich <cevich@redhat.com>
This enables user to interact with varlink and create/manage rootless
containers through it.
Using as:
`varlink call unix:/run/user/1000/podman/io.podman/io.podman.ListContainers`
Signed-off-by: Matej Marusak <mmarusak@redhat.com>
podman-remote rm now works; that's the only thing we were
waiting for to enable podman-remote (varlink) system tests.
Add a (too-complicated, sorry) Makefile target that will
define a random socket path, start the podman varlink server,
and run the test suite using podman-remote.
Also: add two convenience functions, is_rootless and is_remote,
and use those in skip_if_rootless/if_remote and elsewhere
Also: workarounds for broken tests:
- basic version test: podman-remote emits an empty 'Client'
line. Just ignore it.
- looks like 'podman-remote pod' doesn't work; skip test.
Also: minor documentation update
Signed-off-by: Ed Santiago <santiago@redhat.com>
as issue #2702 describes, we want to make podman and podman-remote as
part of make install.
Fixes: #2702
Signed-off-by: baude <bbaude@redhat.com>
avoid `make` in `make install` in the rpmbuild process.
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
Go 1.13.x isn't sensitive to the GO111MODULE environment variable
causing builds to not use the vendored sources in ./vendor. Force builds
of module-supporting go versions to use the vendored sources by setting
-mod=vendor.
Verified in a fedora:rawhide container.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
The release-task ***must*** always execute last, in order to guarantee a
consistent cache of release archives from dependent tasks. It
accomplishes this by verifying it's task-number matches one-less than
the total number of tasks. Previous to this commit, a YAML anchor/alias
was used to avoid duplication of the dependency list between 'success'
and 'release'
However, it's been observed that this opens the possibility for
'release' and 'success' tasks to race when running on a PR. Because
YAML anchor/aliases cannot be used to modify lists, duplication is
required to make 'release' actually depend upon 'success'.
This duplication will introduce an additional maintenance burden.
Though when adding a new task, it's already very easy to forget to
update the 'depends_on' list. Assist both cases by the addition
unit-tests to verify ``.cirrus.yml`` dependency contents and structure.
Signed-off-by: Chris Evich <cevich@redhat.com>
Created shell script to automatically compile remote-only docs & rename
Added make brew-pkg to automatically package files needed for homebrew
Add missing docs
Signed-off-by: Ashley Cui <ashleycui16@gmail.com>
clean up some final linter issues and add a make target for
golangci-lint. in addition, begin running the tests are part of the
gating tasks in cirrus ci.
we cannot fully shift over to the new linter until we fix the image on
the openshift side. for short term, we will use both
Signed-off-by: baude <bbaude@redhat.com>
This change tweaks the symlink commands that are invoked when libpod is
not on GOPATH. This has the following effects:
- If the working directory is not "libpod", it will still create the
symlink at the correct github.com/containers/libpod path.
- If the github.com/varlink directory/symlink already exists, it will
still create the symlink at the intended path.
Signed-off-by: Lawrence Chan <element103@gmail.com>
Analyse the size of all go-packages used during the build process via
the newly added `hack/analyses/go-archive-analysis.sh` script. The
script expects the `WORK` environment variable to be set, which points
to a temporary work directory generated by `go build`. To generate such
a work directory, set the `BUILDFLAGS="-work -a"`:
* `-work` for creating the work directory
* `-a` to force rebuilding all packages even when already cached
The workflow may look as follows:
```
$ BUILDFLAGS="-work -a" make podman
[...]
WORK=/tmp/go-build127001249
$ WORK=/tmp/go-build127001249 ./hack/analyses/go-archive-analysis.sh
```
The output of the script has the format `$SIZE $PACKAGE` where $SIZE is
the size of the compiled version of the go package (i.e., `.a` file) and
$PACKAGE for the corresponding package, for instance, `math/big` for a
stdlib package or vendor/... for vendored packages.
Credits to the authors of https://github.com/jondot/goweight, which
inspired this work.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
CI is experiencing failures in the system_test step, caused by
podman commands issuing the following warning:
time="2019-07-09T13:30:19-04:00" level=error msg="User-selected graph driver \"overlay\" overwritten by graph driver \"vfs\" from database - delete libpod local files to resolve
Hypothesis: integration tests, which run just before us, are
leaving user config files in an unstable state.
Workaround: delete all user cache and config and db before
running system tests. This should be safe, and should be
a NOP when running as root.
Signed-off-by: Ed Santiago <santiago@redhat.com>
It's desirable to make archives available of builds containing actual
tested content. While not official distro-releases, these will enable
third-party testing, experimentation, and development for both branches
(e.g. "master") and pull requests (e.g. "pr3106").
* Add a Makefile targets for archiving both regular podman binaries
and the remote-client. Encode release metadata within these
archives so that their exact source can be identified.
* Fix bug with cross-compiling remote clients for the Windows and Darwin
platforms.
* Add unit-testing of cross-compiles for Windows and Darwin platforms.
* A few small CI-script typo-fixes
* Add a script which operates in two modes:
1. Call Makefile targets which produce release archives.
Upload the archive to Cirrus-CI's built-in caching system
using reproducible cache keys.
2. Utilize reproduced cache keys to attempt download of cache
from each tasks. When successful, parse the file's
release metadata, using it to name the archive file. Upload
all recovered archives to a publicly accessible storage bucket
for future reference.
* Update the main testing task to call the script in mode #1 for
all primary platforms.
* Add a new `$SPECIALMODE` task to call the script in mode #1 for
Windows and Darwin targets.
* Add a new 'release' task to the CI system, dependent upon all other
tasks. This new tasks executes the script in mode #2.
* Update CI documentation
Signed-off-by: Chris Evich <cevich@redhat.com>
Turn of go modules to avoid breaking build environments to accidentally
try pulling the dependencies instead of using the ./vendor directory.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Add a `go-get` function to the Makefile to wrap `go get -u` into a
wrapper disabling go modules.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
An issue for achieving reproducible builds is build artifacts where
build paths are embedded. We remove them by passing the current working
directory to -gcflags and -asmflags which prefix trims the paths.
Note: Go 1.13 includes `-trimpath`
https://reproducible-builds.org/docs/build-path/
Signed-off-by: Morten Linderud <morten@linderud.pw>
Build artifacts embeds the current date of the build into the artifact.
If anyone want to reproduce the software at a later date there is no way
to pass a recorded date or fake it in the build system at a later point.
https://reproducible-builds.org/docs/source-date-epoch/
Signed-off-by: Morten Linderud <morten@linderud.pw>
I'm running the BATS tests manually once in a while, and
catching several problems each week that make it past
the rest of CI. Since the BATS tests run at RPM gating
time, we need to catch problems earlier. Try running
the tests from Cirrus.
Tests will be skipped on Ubuntu due to a too-ancient
version of coreutils (8.28; the 'timeout -v' we use
requires 8.29).
Tests are run *after* integration tests, even though
these take three minutes and would be nice to have
fail quickly, because running before causes bizarre
CI failures. Shrug.
UPDATE: also fix run test, broken by #3311.
Signed-off-by: Ed Santiago <santiago@redhat.com>
- PREFIX is now passed saved in the binary at build-time so that default
paths match installation paths.
- ETCDIR is also overridable in a similar way.
- DESTDIR is now applied on top of PREFIX for install/uninstall steps.
Previously, a DESTDIR=/foo PREFIX=/bar make would install into /bar,
rather than /foo/bar.
Signed-off-by: Lawrence Chan <element103@gmail.com>
For people who want to install podman remote or podman
only we need to separate out the two install commands.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
We want the remote tests for our distributions to be tested in a
different VM than the local tests. This allows for faster CI runs and
easier debug as well as seperation of flakes.
Signed-off-by: baude <bbaude@redhat.com>
If the systemd development files are not present on the system which
builds podman, then `podman events` will error on runtime creation.
Beside this, a warning will be printed when compiling podman.
This commit mainly exists because projects which depend on libpod
would not need the podman event support and therefore do not need to
rely on the systemd headers.
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
Existing code was not working due to a bash gotcha ('exit'
from a pipeline). It also had unnecessary duplication.
New version is safer; also includes unit tests run under localunit.
Existing invocations of req_env_var replaced via:
$ [ edit setup_environment.sh, move one closing quote to its own line ]
$ perl -ni -e 's/(?<=req_env_var )"(\S+)\s+\$\1"/$1/; if (/req_env_var "$/ .. /^\s*"/) { chomp; s/(?<=\S)\s.*//; if (/^\s*"/) { print "\n" } else { unless (/req_env_var/) { s/^\s+//; print " ";} print;} } else { print }' $(ack -l req_env_var)
$ [ hand-massage an incorrect instance of '@' in lib.sh:ircmsg() ]
Signed-off-by: Ed Santiago <santiago@redhat.com>
build a podman-remote binary for windows that allows users to use the
remote client on windows and interact with podman on linux system.
Signed-off-by: baude <bbaude@redhat.com>
Weekend hack by someone who doesn't grok zsh completion
but who finds it deeply offensive that most completion
files have an unmaintainable duplication of options
and arguments. The idea behind this one is to discover
the command line using --help, with a few hardcoded
helpers for discovering containers, images, pods,
and figuring out which args take files/dirs as args.
Working remarkably well. I am using this in my daily
routine and wondering how I ever managed without it.
It's not perfect -- a future version can perhaps
show only stopped containers for podman rm, only
running ones for podman stop -- but ROI seems low
on that given my limited zsh completion skills.
Sadly, I can't figure out how to write a regression
test suite for this. It would be lovely to have a
list if partial command lines and expected completions,
because the history of this change is that (seemingly)
minor tweaks in one place cause breakage in another.
Does anyone know of such a framework?
Still... working well enough to ship, IMO.
Signed-off-by: Ed Santiago <santiago@redhat.com>
to protect against regressions, we need to add a few gating tasks:
* build with varlink
* build podman-remote
* build podman-remote-darwin
we already have a gating task for building without varlink
Signed-off-by: baude <bbaude@redhat.com>
It also causes conflicts with CRI-O packages.
Also, change the path on seccomp.json so it lives in /usr/share
by default, with everything else.
Fixes#2596
Signed-off-by: Matthew Heon <mheon@redhat.com>
a series of improvements to our ginkgo test framework so we can
get better ideas of whats going on when run in CI
Signed-off-by: baude <bbaude@redhat.com>
when gopath was not explicitly set, make would fail due
to the varlink generator. this symlink in the makefile
addresses that.
fixes: #1842
Signed-off-by: baude <bbaude@redhat.com>
This is the final cleanup to remove urfave/sli from libpod. Removed
old, disabled tests that have not been run in over a year.
Signed-off-by: baude <bbaude@redhat.com>
We intend to migrate to the cobra cli from urfave/cli because the
project is more well maintained. There are also some technical reasons
as well which extend into our remote client work.
Signed-off-by: baude <bbaude@redhat.com>
@baude and I have recently debugged a `make vendor` issue, where
different versions of `vndr` leave slightly different states behind.
This ultimately leads to inconsistencies with the CI, which always
fetches the latest version.
To avoid such issues in the future, always use the latest version of
`vndr` by checking for new versions of it prior to execution.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Generate make helping message dynamicaly by using
python code snippet inside Makefile.
All commented make targets will be added to the
help message. To be added to the helping message
comment need to start with '## '.
These specials comments are detected by the python code.
Python code generate the helping output from these results.
Notice that this commit introduce a dependency with python (compatible python 2 and 3).
Signed-off-by: Hervé Beraud <hberaud@redhat.com>
PR #2259 removed the .install.gomega Makefile target but
didn't clean up two references to it. Do so now.
Also, when setting up GOPKGBASEDIR symlink, use -f (force)
flag; otherwise subsequent makes will fail.
Signed-off-by: Ed Santiago <santiago@redhat.com>
* Make sure that all vendored dependencies are in sync with the code and
the vendor.conf by running `make vendor` with a follow-up status check
of the git tree.
* Vendor ginkgo and gomega to include the test dependencies.
Signed-off-by: Chris Evic <cevich@redhat.com>
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
IMHO, longer than this waiting for automated testing is "too long".
Scientificaly speaking, based on thousands of runs across many
platforms, successful runs always happen in less time. Normally
Ubuntu passes in 35-40 minutes, and the Fedoras do it in 25-30.
If they take longer, something is likely badly broken. In that
case, it's better to fail within a short/defined time, than wait
for the (much longer) automation-level timeout and inevitable
failure.
Signed-off-by: Chris Evich <cevich@redhat.com>
libpod code added at end of Dockerfile, avoids
git clone of other packages in Dockerfile on subsequent builds.
Signed-off-by: Kunal Kushwaha <kushwaha_kunal_v7@lab.ntt.co.jp>
Different components of testing reference the podman binary differently.
While they are identical in content, their SELinux types are not the
same, depending on build location. Avoid confusion and test failures
by always matching the bin/podman SELinux type to that of $BINDIR/podman
**after** install. This ensures even if the code or default contexts
change, a subsequent `make install` will re-match the SELinux type.
Signed-off-by: Chris Evich <cevich@redhat.com>
Also bump gitvalidation epoch - we usually do this every release,
but v1.0.0 is on a branch so we need a separate commit for master
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
Add the ability to run the integration (ginkgo) suite using
the remote client.
Only the images_test.go file is run right now; all the rest are
isolated with a // +build !remotelinux. As more content is
developed for the remote client, we can unblock the files and
just block single tests as needed.
Signed-off-by: baude <bbaude@redhat.com>
Add a `make vendor` target calls `vndr` with a specified whitelist to
avoid deleting important files (currently the varlink/go project).
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
The jsoniter library does not require code generation, which is a
massive advantage over easyjson (it's also about the same in
performance). Begin moving over to it by removing the existing
easyjson code.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
In podman 0.12.0 we have invalid completions. These should have been
caught during testing. This check will throw an error if the completions
do not successfully execute.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Add the ability to build a remote client in golang that uses all
the same front-end cli code and output code. The initial limitations
here are that it can only be a local client while the bridge and
resolver code is being written for the golang varlink client.
Tests and docs will be added in subsequent PRs.
Signed-off-by: baude <bbaude@redhat.com>
It's impossible to get good debug out of the python tests, so
nuke them for now so I can figure out what's wrong.
DO NOT MERGE THIS COMMIT
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
Add support for executing an init binary as PID 1 in a container to
forward signals and reap processes. When the `--init` flag is set for
podman-create or podman-run, the init binary is bind-mounted to
`/dev/init` in the container and "/dev/init --" is prepended to the
container's command.
The default base path of the container-init binary is `/usr/libexec/podman`
while the default binary is catatonit [1]. This default can be changed
permanently via the `init_path` field in the `libpod.conf` configuration
file (which is recommended for packaging) or temporarily via the
`--init-path` flag of podman-create and podman-run.
[1] https://github.com/openSUSE/catatonitFixes: #1670
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Also, bump the Dockerfile to use the latest Golang image, as most
of our testing is now done on 1.11
Fixes: #1999
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
> The go build command now maintains a cache of recently built
packages, separate from the installed packages in $GOROOT/pkg or
$GOPATH/pkg. The effect of the cache should be to speed builds that
do not explicitly install packages or when switching between
different copies of source code (for example, when changing back and
forth between different branches in a version control system). The
old advice to add the -i flag for speed, as in go build -i or go
test -i, is no longer necessary: builds run just as fast without -i.
This should also fix podman builds for NixOS, snap-installed go, …
Signed-off-by: Vincent Demeester <vdemeest@redhat.com>
The packer tool takes JSON as input for the details of producing VM
images to be used for PR CI-testing. JSON is not a very human-friendly
format, without support for comments and frequently containing lots of
duplicate data.
Fix this by using a Makefile + simple python one-liner to convert
from a human-friendly YAML format into packer-native JSON. This allows
use of anchors/aliases to reduce duplication, and allows inline comments
for easier maintainability. This also allows separating the 'test'
action from the 'build' action, for earlier and better syntax problem
detection.
Lastly, there are some minor ``lib.sh`` and ``integration_test.sh``
updates to support future work, and slightly improve the build and
test environments.
Signed-off-by: Chris Evich <cevich@redhat.com>
The tests can be filter by --focus and --skip to fit different test
target. Also be able to set global options and cmd options by export
it to ENV to fit different test matrix.
Signed-off-by: Yiqiao Pu <ypu@redhat.com>
We fixated on old metalinter dependency in past based on experience of
metalinter being oftentimes broke and hence broking our build. See
762f508d9ca97cdbaee6053b663e98aee9cae081 in cri-o for more details.
Now, dated metalinter is messing up with my environment (like it is
panicing on containters/storage) so let's see if we can move to more
current version of metalinter.
Signed-off-by: Šimon Lukašík <slukasik@redhat.com>
It was setting the wrong variable (CamelCase)
in the wrong module ("main", not "libpod")...
Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
The docker-in-docker was script was needed to run AppArmor tests in
Travis, which is not required anymore since Travis isn't being used
for a while. Removing the script will also cure some hiccups on
some atomic testing nodes.
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
This PR makes several key changes to our CI testing. Firstly, we now test
podman on fedora 28, fedora 29, and centos VMS (rather than containers). Any
of these that having failing tests are not marked as required yet. We
still preserve the podman in podman and podman in docker tests as well and
they are marked as required.
The lint and validate work is now done on a openshift container. We also
removed the rpm verification on papr and perform this test under the "images"
test on the openshift ci.
This PR exposes integration test fails on some of our OSs. My expectation is we
will fix those in additional PRs and as they are fixed, we should be flipping
the boolean bit to required.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #1492
Approved by: mheon
This line landed in 8493dba2 (Initial varlink implementation,
2018-03-26, #627), but this Makefile has never consumed that variable.
Signed-off-by: W. Trevor King <wking@tremily.us>
The only Python dependency in contrib/python's clean is:
$(PYTHON) setup.py clean --all
and our setup.pys work on both major Python versions:
$ make -C contrib/python/podman PYTHON=python2 clean
make: Entering directory `/.../libpod/contrib/python/podman'
python2 setup.py clean --all
/usr/lib64/python2.7/distutils/dist.py:267: UserWarning: Unknown distribution option: 'python_requires'
warnings.warn(msg)
running clean
'build/lib' does not exist -- can't clean it
'build/bdist.linux-x86_64' does not exist -- can't clean it
'build/scripts-2.7' does not exist -- can't clean it
rm -rf podman.egg-info dist
find . -depth -name __pycache__ -exec rm -rf {} \;
find . -depth -name \*.pyc -exec rm -f {} \;
make: Leaving directory `/.../libpod/contrib/python/podman'
$ echo $?
0
$ make -C contrib/python/pypodman PYTHON=python2 clean
make: Entering directory `/.../libpod/contrib/python/pypodman'
python2 setup.py clean --all
/usr/lib64/python2.7/distutils/dist.py:267: UserWarning: Unknown distribution option: 'python_requires'
warnings.warn(msg)
running clean
removing 'build/lib' (and everything under it)
removing 'build/bdist.linux-x86_64' (and everything under it)
'build/scripts-2.7' does not exist -- can't clean it
removing 'build'
rm -rf pypodman.egg-info dist
find . -depth -name __pycache__ -exec rm -rf {} \;
find . -depth -name \*.pyc -exec rm -f {} \;
make: Leaving directory `/.../libpod/contrib/python/pypodman'
$ echo $?
0
This rolls back part of 390bd16d (tidy up the copr spec, 2018-05-20, #813).
I've also shifted the submake cleans to the end of the main clean
recipe. That way, if one of the submake cleans dies (e.g. because the
system lacks Python entirely), the temp-file removal will still
happen. The way I have it setup now, the podman clean dying will keep
any of the pypodman clean from happening. You could probably work
around that with something like:
$(MAKE) -C contrib/python/podman clean & \
$(MAKE) -C contrib/python/pypodman clean & \
wait
but that seems too fancy for such a corner case.
Signed-off-by: W. Trevor King <wking@tremily.us>
Waiting uses a lot of CPU, so drop back to checking once/second
and allow user to pass in the interval.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
FFJSON has serialization differences versus stock Go - namely, it
does not respect the MarshalText() and UnmarshalText() methods,
particularly on []byte, which causes incompatability with
pre-FFJSON containers which contained DNS servers.
EasyJSON does not have these issues, and might even be slightly
faster.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #1322
Approved by: mheon
Need to get some small changes into libpod to pull back into buildah
to complete buildah transition.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1270
Approved by: mheon
In order to get a cleaner build out of the rpms we should
pass down the DESTDIR to the python Makefiles. Then we
can use them instead of hard coding other inteligence into
the spec files.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #1214
Approved by: baude
Homu merged a commit without a signoff, update our Gitvalidation
epoch to after said commit to prevent problems.
Signed-off-by: Matthew Heon <mheon@redhat.com>
Closes: #1105
Approved by: vrothberg
Make users of libpod more secure by adding the libpod/apparmor package
to load a pre-defined AppArmor profile. Large chunks of libpod/apparmor
come from github.com/moby/moby.
Also check if a specified AppArmor profile is actually loaded and throw
an error if necessary.
The default profile is loaded only on Linux builds with the `apparmor`
buildtag enabled.
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
Closes: #1063
Approved by: rhatdan
Pattern-rule documentation is in [1]. This commit follows the basic
approach from [2], with the portable build tags from [3].
Using --keep-going allows folks to see errors for multiple target
platforms. For example, if the Darwin target dies, we'll still
attempt to build the Linux target before erroring out.
I've added an ALLOWED_TO_FAIL environment variable to mark script
blocks for the the allow_failures block. Currently we're requiring
builds from Linux for Linux and OS X to succeed, but allowing builds
from OS X to both targets to fail.
[1]: https://www.gnu.org/software/make/manual/html_node/Pattern-Intro.html#Pattern-Intro
[2]: e5031fcf9a
[3]: https://github.com/kubernetes-incubator/cri-o/pull/1653
Signed-off-by: W. Trevor King <wking@tremily.us>
Closes: #1034
Approved by: baude
this should represent the last major changes to get darwin to **compile**. again,
the purpose here is to get darwin to compile so that we can eventually implement a
ci task that would protect against regressions for darwin compilation.
i have left the manual darwin compilation largely static still and in fact now only
interject (manually) two build tags to assist with the build. trevor king has great
ideas on how to make this better and i will defer final implementation of those
to him.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #1047
Approved by: rhatdan
This makes fixing errors easier. Before this commit, errors looked
like [1]:
$ make gofmt
libpod/container_linux.go:1:⚠️ file is not gofmted with -s (gofmt)
make: *** [gofmt] Error 1
But that's not very helpful when your local gofmt thinks the file is
fine. With this commit, errors will look like:
$ make gofmt
find . -name '*.go' ! -path './vendor/*' -exec gofmt -s -w {} \+
git diff --exit-code
diff --git a/libpod/container_internal.go b/libpod/container_internal.go
index df4de3fe..22b39870 100644
--- a/libpod/container_internal.go
+++ b/libpod/container_internal.go
@@ -1,7 +1,7 @@
package libpod
import (
-"bytes"
+ "bytes"
"context"
"encoding/json"
"fmt"
make: *** [Makefile:87: gofmt] Error 1
(or whatever, I just stuffed in a formatting error for demonstration
purposes).
Also remove the helper script in favor of direct Makefile calls,
because with Git handling difference reporting and exit status, this
becomes a simpler check. find's -exec, !, and -path arguments are
specified in POSIX [2].
[1]: https://travis-ci.org/kubernetes-incubator/cri-o/jobs/331949394#L1075
[2]: http://pubs.opengroup.org/onlinepubs/9699919799/utilities/find.html
Signed-off-by: W. Trevor King <wking@tremily.us>
Closes: #1038
Approved by: rhatdan
podman image and podman container have alternate CLI
to standard CLI for a lot of commands. The man pages
can be shared between both. This patch adds links so that
of some executes
`podman image load`, they will actually see the `podman load` man page.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #993
Approved by: mheon
some platforms and operating systems do not have varlink. in those cases,
we need to be able to turn off enablement of varlink in podman. this can now
be done with BUILDTAGS passed to the build though perhaps in the future
will be better.
the default is to build with varlink
Signed-off-by: baude <bbaude@redhat.com>
squash! make varlink optional for podman
The API.md and cmd/podman/varlink/ioprojectatomicpodman.go targets
will continue to work regardless of the presence (or not) of 'varlink'
is in BUILDTAGS. However, cmd/podman/varlink/ioprojectatomicpodman.go
is now only required by the podman target when BUILDTAGS contains
'varlink'.
API.md had also been an podman dependency since 5b2627dd (Makefile:
Drop find-godeps.sh for podman target, 2018-05-15, #776) when I
expanded varlink_api_generate. It had been an indirect podman
dependency (via varlink_api_generate) since 25263558 (Generate varlink
API documentation automatically, 2018-05-07, #734). But the podman
executable obviously doesn't depend on the Markdown file, so I'm
removing that dependency here.
Signed-off-by: baude <bbaude@redhat.com>
squash! make varlink optional for podman
The command-pointer approach will scale well if/when we add additional
optional commands behind their own build tags, because those tags
won't all be competing for the same getOptionalCommands namespace.
Signed-off-by: W. Trevor King <wking@tremily.us>
Closes: #987
Approved by: rhatdan
A commit snuck through without a DCO, update to a commit after
the broken one.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #957
Approved by: mheon
For two reasons:
* When a system is missing python3, we don't need to spam them with
"Command not found" in their stderr.
* Without the redirect, GNU Make (at least version 4.2.1) is overly
clever and tries to invoke the command itself, not realizing that
it's a shell builtin [1].
$ make --version
GNU Make 4.2.1
Built for aarch64-unknown-linux-gnu
Copyright (C) 1988-2016 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
$ cat Makefile
PYTHON3_A := $(shell command -v python3)
PYTHON3_B := $(shell command -v python3 2>/dev/null)
test:
@echo "SHELL: '$(SHELL)'"
@echo "PYTHON3_A: '$(PYTHON3_A)'"
@echo "PYTHON3_B: '$(PYTHON3_B)'"
$ make
make: command: Command not found
SHELL: '/bin/sh'
PYTHON3_A: ''
PYTHON3_B: '/usr/bin/python3'
By adding the redirect we actually hit the shell and can
successfully invoke command.
[1]: https://stackoverflow.com/a/17550243
Signed-off-by: W. Trevor King <wking@tremily.us>
Closes: #856
Approved by: rhatdan
Format md files to work properly when converted to man pages.
Add sed command to cleanup table in podman man page.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #842
Approved by: mheon
on os's (like centos) where python3 might not be installed, do not attempt to build
the python3 varlink client. varlink python is only supported on python3.
also, change the conditions for f28 to match the fedora official specs.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #813
Approved by: baude
We only want root to be allowed to access this socket.
Also move socket to /run/podman directory. This requires
us to drop a podman.conf tmpfiles.d file.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #806
Approved by: mheon
This allows us to reference the hooks docs from podman(1) in a way
that will survive system installation. The downside is that the
GitHub rendered pages become less usable, now that we can no longer
embed links as freely as we could before.
I've followed the "Sections within a manual page" suggestions from
[1].
locale(7) is [2], which is Linux-specific. Even section numbering is
platform-dependent [3], so it's unlikely that these external man
references are particularly portable. Platform packagers can adjust
our local references to match their target system, but that leaves the
GitHub rendering in an awkward place. For now, I think a
Linux-centric GitHub rendering without clickable links may be the best
we can do without moving away from go-md2man.
As far as I can tell, there's not a nice way to get go-md2man to wrap
the links in SEE ALSO without sometimes hyphenating a URL (which makes
it harder for man-page readers to copy/paste those links into their
browser).
I've also fixed some "extention" -> "extension" typos.
[1]: http://man7.org/linux/man-pages/man7/man-pages.7.html
[2]: http://man7.org/linux/man-pages/man7/locale.7.html
[3]: https://en.wikipedia.org/wiki/Man_page#Manual_sections
Signed-off-by: W. Trevor King <wking@tremily.us>
Closes: #772
Approved by: mheon
Previously, Make would execute these shell commands even if we didn't
need the resulting variable. With ?='s recursive expansion [1], we
only expand the variable when it's consumed. For example, the ISODATE
variable is only needed in the recipe for the changelog target, so
most Make invocations won't need the value, and the computation is
just making whatever Make actually is doing slower.
I've shifted the GIT_COMMIT and BUILD_INFO values over to
LDFLAGS_PODMAN, because the test/*/* targets don't care about those.
I've also moved the Go-specific -ldflags from the variables into the
recipes themselves, because callers probably expect C semantics for
LDFLAGS and not Go's wrapper. That means that there's no longer a
need for the LDFLAGS/BASE_LDFLAGS separation, so I'm just using
LDFLAGS (and LDFLAGS_PODMAN) now. That reduces the declared variables
to just LDFLAGS_PODMAN, so I've shifted that declaration up to get it
closer to its GIT_COMMIT and BUILD_INFO precursors.
[1]: https://www.gnu.org/software/make/manual/html_node/Setting.html
Signed-off-by: W. Trevor King <wking@tremily.us>
Closes: #777
Approved by: rhatdan
And use 'go env GOBIN' to detect the user's existing preference. From
[1]:
> The bin directory holds compiled commands. Each command is named
> for its source directory, but only the final element, not the entire
> path. That is, the command with source in DIR/src/foo/quux is
> installed into DIR/bin/quux, not DIR/bin/foo/quux. The "foo/"
> prefix is stripped so that you can add DIR/bin to your PATH to get
> at the installed commands. If the GOBIN environment variable is
> set, commands are installed to the directory it names instead of
> DIR/bin. GOBIN must be an absolute path.
> ...
> Go searches each directory listed in GOPATH to find source code, but
> new packages are always downloaded into the first directory in the
> list.
So if GOBIN is set, it will be non-empty, and we can use $(GOBIN)/...
If GOBIN is unset, 'go env GOBIN' will return an empty string (as it
does on Travis [2]). In that case, I'm assuming that the package in
question is in the first directory in GOPATH and using the new
FIRST_GOPATH (firstword and subst are documented in [3]). That's
probably fairly safe, since our previous GOPATH handling assumed it
only contained a single path, and nobody was complaining about that.
Using ?= allows us to skip the 'dirname' call if we end up not needing
GOPKGBASEDIR [4] (e.g. for the 'help' target). The recursive
expansion could cause an issue if the result of the shell expansions
included a '$', but those seem unlikely in GOPKGBASEDIR, GOMD2MAN, or
the manpage paths. I haven't used ?= for GOBIN, because we'll always
need the expanded value for the if check.
Using GOMD2MAN allows us to collapse old ||-based recipe into a less
confusing invocation. And using a static pattern rule [5] for
$(MANPAGES) lets us write a single rule to handle both section 1 and
section 5.
While I was updating the GOPATH handling, I moved .gopathok from the
possibly-shared $(GOPATH)/.gopathok to the
definitely-specific-to-this-project .gopathok. That may cause some
issues if you rebuild after changing your GOPATH without calling
'clean', but I don't expect folks to change their GOPATH frequently.
And the old approach would fail if different consumers were also using
the same flag path to mean something else (as CRI-O does [6]).
As part of cleaning up .gopathok, I've also collapsed clean's rm calls
into a single invocation. That will give us the same results with
less process setup/teardown penalties.
[1]: https://golang.org/cmd/go/#hdr-GOPATH_environment_variable
[2]: https://travis-ci.org/projectatomic/libpod/jobs/379345071#L459
[3]: https://www.gnu.org/software/make/manual/html_node/Text-Functions.html
[4]: https://www.gnu.org/software/make/manual/html_node/Setting.html
[5]: https://www.gnu.org/software/make/manual/html_node/Static-Usage.html
[6]: https://github.com/kubernetes-incubator/cri-o/blob/v1.10.1/Makefile#L62
Signed-off-by: W. Trevor King <wking@tremily.us>
Closes: #774
Approved by: mheon
We inherited this from a031b83a (Initial checkin from CRI-O repo,
2017-11-01), but:
* The output is actually going into bin/podman, so Make will rebuild
this target every time. You'll never be able to save compilation
because the target is newer than all the prerequisites.
* Make expands prerequisites immediately when loading a Makefile [1],
and on my wimpy Chromebook SD Card, this is *slow*:
$ time hack/find-godeps.sh ~/.local/lib/go/src/github.com/projectatomic/libpod cmd/podman github.com/projectatomic/libpod
...
real 0m56.225s
user 0m44.918s
sys 0m21.918s
* Go is pretty good at this on its own, so having make call 'go build'
every time will almost certainly be faster than us trying to mimic
this in a shell script. And by punting to Go in the recipe, Make
invocations that do not need the podman target (e.g. 'make help')
can skip the dependency lookup entirely.
[1]: https://www.gnu.org/software/make/manual/html_node/Reading-Makefiles.html#Rule-Definition
Signed-off-by: W. Trevor King <wking@tremily.us>
Closes: #776
Approved by: rhatdan
- More pythonic
- Leverage context managers to help with socket leaks
- Add system unittest's
- Add image unittest's
- Add container unittest's
- Add models for system, containers and images, and their collections
- Add helper functions for datetime parsing/formatting
- GetInfo() implemented
- Add support for setuptools
- Update documentation
- Support for Python 3.4-3.6
Signed-off-by: Jhon Honce <jhonce@redhat.com>
Closes: #748
Approved by: baude
Using varlink's idl parser, we generate API documentation for the podman
API relying on the .varlink file as the source.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #734
Approved by: baude
The struct of the varlink command changed to accept a URI
as input. This was never updated in the service file
Signed-off-by: baude <bbaude@redhat.com>
Closes: #691
Approved by: mheon
Vendor in buildah and use as much of commit and bug as possible for podman
build and commit.
Resolves#586
Signed-off-by: baude <bbaude@redhat.com>
Closes: #681
Approved by: mheon
implement varlink image functions for working with libpod with the exception of a
couple due to incompletions on the libpod side of things (build).
also, created a first pass at a libpodpy package which will stand as a client to
working with libpod's varlink methods using python.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #669
Approved by: baude
Maintaining a changelog for each new version or release of Podman helps
users to quickly skim for new changes. Add a `make changelog` target to
facilitate creating a new log.
There are two env variables to control the base and target commit for
the new log. The output gets prepended to the changelog.txt file, which
is a textfile in following format:
- Changelog for $(CHANGELOG_TARGET) (ISO-8601 DATE):
* Commit subject
* Commit subject...
Notice that the list of commit subjects excludes merge commits, and can
be manually modified after generation if needed.
`CHANGELOG_BASE=v0.3.2 CHANGELOG_TARGET=v0.3.3 make changelog` would
generate the following shortened output to the changelog.txt file:
Changelog for v0.3.3 (2018-03-17):
* Bump to v0.3.3
* Fix build after c/image changes
* Update containers/image
* Fix E2E tests
* Address review comments
* Fix E2E tests
* Add restart to main podman manpage
* Add podman restart to podman bash completions and commands
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
Some of the paths in the e2e tests are hard-coded, which complicates
testing a bit on systems with different paths for runc, conmon, etc.
Add a make shell target to the Makefile, which will build and run the
libpod containers, giving a shell to the user in which podman can be
built, run, tested etc.
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
Closes: #481
Approved by: rhatdan
We should not strip binaries in Make. That should be left to packages. Also,
we can not debug stripped binaries so this allows us to debug better as well.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #459
Approved by: rhatdan
The standard config has moved to /usr/share/containers/ per
discussion. An override configuration file is allowed at the
previous /etc/containers/ location. This override will be used in
place of the normal config if both are present, and exists to
override distro packaged configs without modifying the standard
config.
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #430
Approved by: rhatdan
Took duplicated code and merged it into the helper function so only a single
exec was executed.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #446
Approved by: mheon
We should be able to run nested podman containers in particular
for our testing environment. i.e. eat our own dog food.
Some privileges had to be corrected in order for this to work
correctly.
Added a third papr target that runs podman tests inside podman. I
marked the test as not required right now as we get more confident
in the results
Signed-off-by: baude <bbaude@redhat.com>
Closes: #340
Approved by: rhatdan
Upstream md2man is working again. We can revert to using it instead
of a specific commit id.
Also, add make integration.CentOS for testing
Signed-off-by: baude <bbaude@redhat.com>
Closes: #320
Approved by: rhatdan
Rename finished_amd64 to finished64.go to more accurately reflect
that it covers all 64bit arches.
Also, bumped the EPOCH for gitvalidation to speed up validations.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #318
Approved by: mheon
Completion of the migration from bats to ginkgo. This includes:
* load
* mount
* pause
* port
* run_networking
* search
Note: build will be done within a different PR
Signed-off-by: baude <bbaude@redhat.com>
Migrate the diff, exec, export, and history bats tests to
the ginkgo test suite.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #287
Approved by: baude