Add a note to the `--userns-uid-map` and `--userns-gid-map` options in
the `podman build` man page.
Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=1930509
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Set of scripts to run buildah's bud.bats test using
podman build in podman CI.
podman build is not 100% compatible with buildah bud.
In particular:
* podman defaults to --layers=true; buildah to false
* podman defaults to --force-rm=true; buildah to false
* podman error exit status is 125; buildah is 2
* differences in error messages, command-line arguments
Some of the above can be dealt with programmatically,
by tweaking the buildah helpers.bash (BATS helpers).
Some need to be tweaked by patching bud.bats itself.
This PR includes a patch that will, I fear, need to
be periodically maintained over time.
There will likely be failures when vendoring in a
new buildah, possibly because new tests were added
for new features that don't exist in podman, possibly
(I hope unlikely) if existing tests are changed in
ways that make the patch file fail to apply. I've
tried to write good instructions and to write the run
script in such a way that it will offer helpful hints
on failure. My instructions and code will be imperfect;
I hope they will be good enough to merit continued use
of this test (possibly with improvements to the instructions
as we learn more about real-world failures).
Signed-off-by: Ed Santiago <santiago@redhat.com>
The problem described in #9711 and followed by #9758 affects
containers as well. When user provides wrong filter input, error
message should occur, not fallback to full list/prune command.
This change fixes the issue. Additionally, there are error message
fixes for docker http api compat.
Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
Checking for 'skip.*[0-9]{4,5}', and checking status on said
issues, finds several that have been closed. Let's see if
they're really fixed.
Signed-off-by: Ed Santiago <santiago@redhat.com>
* Remove orphaned code
* Add meaningful error from LoadImageFromSingleImageArchive() when
heuristic fails to determine payload format
* Correct swagger to output correct types and headers
Signed-off-by: Jhon Honce <jhonce@redhat.com>
when --privileged is used, make sure to not request more capabilities
than currently available in the current context.
[NO TESTS NEEDED] since it fixes existing tests.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
This is the continuation work started in #9711. It turns out
that list/prune commands for volumes in libpod/compat api have
very dangerous error handling when broken filter input is supplied.
Problem also affects network list/prune in libpod. This commit
unifies filter handling across libpod/compat api and adds sanity
apiv2 testcases.
Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
While dependabot has turned out great to automate updating dependencies,
a major painpoint was that we had to manually run `make vendor` for each
and every commit. It was causing noise.
Adding the config file to `.github/dependabot.yml` will take of also
updating the `./vendor` tree. `containers/common` is using this config
for a while successfully.
[NO TESTS NEEDED]
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
there was a documentation issue for the kernel that reported the range
to be different than on cgroup v1.
The issue has been fixed in crun/runc. Adapt the test.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
User message was the same as in the case of no flag provided.
This commit aligns message with the one used in docker.
[NO TESTS NEEDED]
Signed-off-by: Jakub Guzik <jakubmguzik@gmail.com>
Add docs explaining that it is safe to remove a secret that is in use by
a container: secrets are copied and mounted into the container at
creation
Signed-off-by: Ashley Cui <acui@redhat.com>
Downgrade github.com/coreos/go-systemd/v22 to a version that will build
against systemd headers that we have on CentOS 8. This also pulls in
github.com/varlink/go.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
In nTar(), don't return the error value when the goroutine that's
populating the error value can continue running long after nTar()
returns. Instead, wrap the Close() method of the pipe that we're
returning in a function that collects those errors, along with any error
we get from closing the pipe, and returns them from Close() wrapper.
In Build(), if the Close() method returns an error, at least log it.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
OpenShift Merge Robot
TomSweeneyRedHat
dependabot[bot]
Jakub Guzik
Ed Santiago
Jhon Honce
Giuseppe Scrivano
Valentin Rothberg
dependabot-preview[bot]
Daniel J Walsh
Ashley Cui
Nalin Dahyabhai