- move the ginkgo deps into test/tools which is more consitent with the
other tools there, listing in dependencies always causes errors with
linters
- do not install it globally on the system, instead we use it in a
subdir of this project
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This change adds a validate-in-container make target that can be used to run
the make validate target in a container instead of requiring the dependencies
to be available on the system. This mirrors what is already done for the vendor
target and allows additional targets to be added.
A PODMANCMD make variable is also added to allow for the podman binary to be
overridden in cases where this is not available.
Signed-off-by: Evan Lezar <elezar@nvidia.com>
Quadlet was doing some custom handling of uid/gid remapping, originating
from pre --userns=auto support, including its own user for getting subuids
which kinda conflicts with the "container" user used for that.
This drops all the old support for id remapping in favour of a new set
of keys that more directly map to the podman run options.
We have essentially 3 modes now:
```
RemapUsers=manual
RemapUid=0:10000:10
RemapUid=10:20000:10
RemapGid=0:10000:10
RemapGid=10:20000:10
```
This maps to --uidmap and --gidmap options.
```
RemapUsers=auto
```
This maps to --userns=auto. But you can additionally specify RemapUid,
RemapGid and RemapUidSize which gets applied as options to the
--userns podman option.
```
RemapUsers=keep-id
```
This maps to --userns=keep-id and only works for user units.
Signed-off-by: Alexander Larsson <alexl@redhat.com>
There is no equivalent equivalent on FreeBSD and this causes lint
failures when packaging.
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
When there is a podman pause process running the local podman ginkgo
tests will join the usernamespace. This because pkg/rootless will
automatically join the ns on startup when possible. To fix this we
need to use the remote build tag which disables that behavior.
However since the remote tag is also used in the e2e test itself we
would always run remote tests which is wrong, this is fixed by using a
new `remote_testing` tag for the test.
see discussion here: https://github.com/containers/podman/pull/16309#discussion_r1006166930
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
In each options/foo.md, keep a list of where the option is used.
This will be valuable to anyone making future edits, and to
those reviewing those edits.
This may be a controversial commit, because those crossref lists
are autogenerated as a side effect of the script that reads them.
It definitely violates POLA. And one day, some kind person will
reconcile (e.g.) --label, using it in more man pages, and maybe
forget to git-commit the rewritten file, and CI will fail.
I think this is a tough tradeoff, but worth doing. Without this,
it's much too easy for someone to change an option file in a way
that renders it inapplicable/misleading for some podman commands.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Based on the initial port in https://github.com/containers/quadlet/pull/41
This contains the unit tests and the testcases from the C code as well
as modification to the podman spec file based on what the quadlet
spec file looks like, producing a podman-quadlet subpackage.
Signed-off-by: Alexander Larsson <alexl@redhat.com>
Motivated to have a working `make lint` on Fedora 37 (beta).
Most changes come from the new `gofmt` standards.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Support swagger testing and optional runtime updates similar to
the current golangci-lint tool. This allows developers to update the
version of swagger at runtime if needed. Otherwise new CI VM images
will pick up the prescribed version at image build-time via
`make install.tools`.
Signed-off-by: Chris Evich <cevich@redhat.com>
Reintroduce .install.foo targets into Makefile, and invoke
only the bare-minimum ones needed for each individual CI
step in setup_environment.sh.
Also add a retry to the golangci-lint curl, in hopes of
dealing with network flakes. And remove the -f (fail)
because it produces unhelpful logs.
Reason: saw about 25% CI flakes yesterday due to the golangci-lint
fetch, something about a timeout, and this was especially frustrating
because none of the steps actually needed lint. Quick reminder:
avoid network fetches unless absolutely necessary.
Fixes: #15892
Signed-off-by: Ed Santiago <santiago@redhat.com>
$(CURDIR) is mounted in podman as is which causes issues on systems with SELinux
as then the container cannot read or write anything inside /src/. This has been
worked around with the --privileged flag, but that's a rather brutal
solution. Adding :Z is also suboptimal, as that requires a full relabeling after
every run. Instead, we disable security labeling via `--security-opt
label=disable` for this development container allowing us to run `make
vendor-in-container` unprivileged.
Signed-off-by: Dan Čermák <dcermak@suse.com>
`systemd-tmpfiles` reads "user" configurations in
`/usr/share/user-tmpfiles.d` when `--user` mode is set.
User unit `systemd-tmpfiles-setup.service` can be enabled to alias
rootless socket through systemd-tmpfiles.
Signed-off-by: SeongChan Lee <foriequal@gmail.com>
podman-create and -run have many options in common. To date,
these are copy-pasted and haphazardly maintained.
Solution: add an include mechanism, '@@option foo', such
that multiple md source files can fetch from one common file.
This is a Phase One commit, a very small subset of what's
possible. Purpose of this commit is ease of review. If this
passes review, much more (trickier stuff) will be forthcoming.
Signed-off-by: Ed Santiago <santiago@redhat.com>
While convenient, it can be problematic to rely on a Makefile to install
software. This was found to be the case across multiple environments
WRT `bats`. Fix this by removing the install script and target. A
future commit will ensure the correct version of `bats` is present in
all CI environments where it's required.
Signed-off-by: Chris Evich <cevich@redhat.com>
podman-remote has a dependency on $(SRCBINDIR), because on
Mac and Windows that's a special dir that may not exist.
But depending on a directory means depending on its mtime,
which changes every time a file in it is updated, which
means running 'make' twice in a row will rebuild podman-remote
for no good reason.
Solution: GNU Make has the concept of "order-only" prerequisites,
precisely for this situation. Use it. Since it's an obscure
feature, document it.
UPDATE: This exposed some nasty duplication wrt podman-remote rules.
Clean those up, and add comments to some confusing sections.
Fixes: #14756
(Also, drive-by edit to remove a stray misdocumented non-option)
Signed-off-by: Ed Santiago <santiago@redhat.com>
The podman-machine integration tests are designed to execute on
bare-metal, since they perform significant work with virtual-machines.
This test is costly to run at scale, so it is limited to being manually
triggered by developers (for now). A 'trigger' button will appear in the
task status page of the Github WebUI once all test dependencies are met.
In the Cirrus-CI WebUI, there is also a 'pre-trigger' button that may be
pressed if a developer doesn't wish to wait. Also:
* Add a `localmachine` target in the `Makefile` on the off-chance
developers wish to execute locally. Update the `ginkgo-run` target
to accommodate re-use by the new `localmachine` target.
* Exclude `podman_machine` task from `success` dependency verification.
This also involves adding an exception to `cirrus_yaml_test.py`
otherwise it will complain loudly.
* ***NOTE*** Inclusion of `ec2_instance` in *any* task will cause
`hack/get_ci_vm.sh` to barf and be non-functional. Future updates will
be made to restore functionality. Before then, simply comment out
the `ec2_instance` section as a temporarily workaround.
Signed-off-by: Chris Evich <cevich@redhat.com>
With the upcoming plans of introducing a podman-kube command with
various subcommands, rename the podman-play-kube systemd template
to podman-kube before releasing it.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Rootless containers are not possible on FreeBSD. While I would like to
close that gap, getting the necessary changes into the FreeBSD kernel
is a long term project so until then, this removes the rootlessport
helper from the build on FreeBSD.
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
This option doesn't exist on freebsd or macos' install utility. In this
case, we can use the 'install file1 file2 ... dir' pattern which is
supported by all implementations of install that I'm aware of. The
makefile rule already creates the target directory so there is no
ambiguity.
No new tests are needed here since the same files are being installed
in the same places.
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
The sed implementation on FreeBSD has a strict interpretation of posix
'basic' regular expressions. It would be better to re-implement this
using 'extended' regular expressions but for now, just use GNU sed.
This should have no functional difference on currently supported
platforms.
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
The makefile uses the pattern $(shell command -v path1 path2 ...) to
deduce pathnames for various executables. On FreeBSD, the default shell
does have a 'command' builtin which supports the '-v' option but only
allows a single path as argument. Rather than work around this limitation
with alternatives like for, just set bash as the default shell. We
already require bash to be installed for various helper scripts.
This change only affects FreeBSD so no new tests are needed.
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
Add 4 new subcommands to the testvol binary, instead of just serving the
volume api it now also can create/list/remove plugins. This is required
to test new functionality where volumes are create outside of podman in
the plugin. Podman should then be able to pick up the new volumes.
The new testvol commands are:
- serve: serve the podman api like the the testvol command before
- create: create a volume with the given name
- list: list all volume names
- remove: remove the volume with the given name
Also make a small update to the testvol Containerfile so that it can
build correctly.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Update the golang verion for the testvol image to the latest version
1.18. This requires us to build with GO111MODULE=off.
Use the FQDN to prevent the shortnames prompt.
Also add --network none to the podman build command to make sure we are
only using the copied deps and nothing else.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
I think it is confusion to have this Containerfile in the repo root. It
is used for the tests only so we should move it into the same dir.
Also adapt the Makefile target to use the new path and add the current
date as tag instead of using latest which can break CI easily when we
have to update the image.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Update to the latest golangci-lint version. v1.46 added new linters.
I disabled nonamedreturns and exhaustruct since they enforce a certain
code style and using them would require big changes to the code base.
The nosprintfhostport is new and I fixed one problem in the tests. While
the test itself is fine because it uses ipv4 only the linter still looks
good because the sprintf use will fail for ipv6 addresses.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Fixes#14021
Substitution values built from `$(shell ...)` output can easily be empty
due to the shell's default `pipefail` behavior. This can also hide
non-zero exit codes, similarly resulting in empty values being set.
While not a perfect fix, the situation is improved by using the
`err_if_empty` function in all cases where empty values would be
unexpected. Remove the definitions for `GIT_BRANCH` and
`GIT_BRANCH_CLEAN` which don't seem to actually be used anywhere
(including in code).
Add a simple release-test to verify `podman info` outputs a non-empty
value for "GitCommit".
Signed-off-by: Chris Evich <cevich@redhat.com>
Some of the targets overwrite $GOOS. Since podman-remote-static should
always build for linux we can force linux GOOS here.
Fixes#14201
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
GOPROXY's default value is "https://proxy.golang.org,direct"
since go 1.13, so it is redundant to set it explicitly.
For some reason though, GOPROXY in Cirrus CI is set to direct,
which makes things such as go mod tidy very slow. So, set the
proper (default) value for in in .cirrus.yml. Do the same for GOSUMDB.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Remove GOPATH setting as since Go 1.9 it defaults to $HOME/go (for
earlier versions it had to be specified explicitly).
Remove GOPATH-related code from the spec, using relative paths when
compiling packages, and enable Go modules, simplifying the spec.
Remove support for multiple paths in GOPATH (which is rarely used and
doesn't really work with modules).
Remove setting GOBIN, rely on $GOPATH/bin instead. In case GOBIN is
explicitly set (which is highly unlikely), forcefully ignore by
unsetting it.
Remove GOBIN from tools invocation since we added GOPATH/bin to PATH.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Recent commit 3b9177995e removes
this target, but some artifacts remain. Remove those.
Fixes: 3b9177995e
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Since about Go 1.10 (or whereabouts) the specific package structure
is no longer required.
This also removes GOPKGDIR and GOPKGBASEDIR as they were only used by
gopathok.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
This was originally added in commit a824186ac9 to be used from
Travis CI. Travis was removed in commit 8771a03af1 and there is
no need to have this target ever since (October 2018).
Also, remove the comment about BUILD_TAGS, which originally belonged to
varlink target (removed by commit f62a356515) but got misplaced
later.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Support running `podman play kube` in systemd by exploiting the
previously added "service containers". During `play kube`, a service
container is started before all the pods and containers, and is stopped
last. The service container communicates its conmon PID via sdnotify.
Add a new systemd template to dispatch such k8s workloads. The argument
of the template is the path to the k8s file. Note that the path must be
escaped for systemd not to bark:
Let's assume we have a `top.yaml` file in the home directory:
```
$ escaped=$(systemd-escape ~/top.yaml)
$ systemctl --user start podman-play-kube@$escaped.service
```
Closes: https://issues.redhat.com/browse/RUN-1287
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Since `./hack` has been removed from the Makefile's path, add it back
for `make localbenchmarks` to make `podman-registry` binary available
for running local registries.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
This path should never, ever, ever be included in `$PATH` as it is
almost guaranteed to cause serious and non-obvious breakage in CI. Fix
it and include a warning comment.
Signed-off-by: Chris Evich <cevich@redhat.com>
Instead of using the main module we should vendor the test tools in a
different directory. That way we do not add extra dependencies to the
main module which can be problemetic for packages or other users.
This is already done in buildah so this makes us more consitent.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
We can vendor the test dependencies such as go-md2man, git-validation
and goimports. This allows us to always install the same version as
specified in go.mod. Also we do not rely on a network connection for
this.
The advantage with this method is that dependabot will also update the
dependencies for us and we do not have to hardcode versions in the
Makefile.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
go get is deprecated, we should use go install instead.
Also for some reason go get -u golang.org/x/tools/cmd/goimports is
broken at the moment, thus failing CI jobs where we have to install
this. Switching to go install seems to fix it.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Add more benchmarks for the most common and performance-critical image
commands. Benchmarks for `podman build` should go into a separate
section.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
This PR introduces a test suite for podman machine. It can currently be
run on developers' local machines and is not part of the official CI
testing; however, the expectation is that any work on machine should
come with an accompanying test.
At present, the test must be run on Linux. It is untested on Darwin.
There is no Makefile target for the test. It can be run like `ginkgo -v
pkg/machine/test/.`. It should be run as a unprivileged user.
Signed-off-by: Brent Baude <bbaude@redhat.com>
The default verbosity level does not show the classes or function names.
This makes it difficult to debug problems like hangs. Also, separate
the bats and python-based tests into two sections. This allows for
easier debugging, since isolation can be done in `runner.sh` rather than
mucking with the `Makefile`. Lastly, update the logformatter script
to `autoflush stdout` (thanks @edsantiago).
Signed-off-by: Chris Evich <cevich@redhat.com>
Add a proof of concept for benchmarking Podman. The benchmarks are
implemented by means of the end-to-end test suite but hidden behind
a `benchmarks` build tag. Running `make localbenchmarks` will run
`test/e2e` with the specific build tag and set ginkgo's "focus" to
the specific "Podman Benchmark Suite" to only run this spec and skip
all others.
ginkgo will print a report before terminating listing the CPU and memory
stats for each benchmark. New benchmarks can easily be added via the
`newBenchmark` function that also supports adding an `init()` function
to each benchmark which allows for performing certain setups for the
specific benchmark. For instance, benchmarking `podman start` requires
creating a container beforehand.
Podman may be called more than once in the main function of a benchmark
but note that the displayed memory consumption is then a sum of all
Podman invocations. The memory consumption is collected via
`/usr/bin/time`.
A benchmark's report is split into CPU and memory as displayed below:
```
[CPU] podman images:
Fastest Time: 0.146s
Slowest Time: 0.187s
Average Time: 0.180s ± 0.015s
[MEM] podman images:
Smallest: 41892.0KB
Largest: 42792.0KB
Average: 42380.7KB ± 286.4KB
```
Note that the benchmarks are not wired into the CI yet. They are meant
as a proof of concept. More benchmarks and the plumbing into CI will
happen in a later change.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Add a CI check to prevent unwanted bloat in binary images,
by building a baseline (pre-PR) binary then comparing file
sizes post-PR.
Part 1 (#13518) added a new script that runs multiple 'make's,
comparing image sizes against an original, and failing loudly
if growth is too big. An override mechanism is defined.
This is part 2 of 2: adding the CI rule. We couldn't do that
in part 1, because the rule would call a script that didn't
exist in the pre-PR commit.
Signed-off-by: Ed Santiago <santiago@redhat.com>
* supports Go 1.18
* disable a number of new linters
* fix minor stylecheck issues
[NO NEW TESTS NEEDED]
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* Add configuration to add report header for python client used in tests
* Move report headers into the individual test runners vs runner.sh
Signed-off-by: Jhon Honce <jhonce@redhat.com>
* Add which python client is being used to run tests, see "python
client" below.
* Remove redundate code from test classes
* Update/Add comments to modules and classes
======================================================= test session starts ========================================================
platform linux -- Python 3.10.0, pytest-6.2.4, py-1.10.0, pluggy-0.13.1
python client -- DockerClient
rootdir: /home/jhonce/Projects/go/src/github.com/containers/podman
plugins: requests-mock-1.8.0
collected 33 items
test/python/docker/compat/test_containers.py ...s.............. [ 54%]
test/python/docker/compat/test_images.py ............ [ 90%]
test/python/docker/compat/test_system.py ... [100%]
Note: Follow-up PRs will verify the test results and expand the tests.
Signed-off-by: Jhon Honce <jhonce@redhat.com>
Packagers for other distributions and package managers may put their helper binaries in other location prefixes.
Add HELPER_BINARIES_DIR to the makefile so packagers can set the prefix when building Podman.
HELPER_BINARIES_DIR will be set at link-time.
Example usage: make podman-remote HELPER_BINARIES_DIR=/my/location/prefix
Signed-off-by: Ashley Cui <acui@redhat.com>
Rootless users cannot load the ip_tables module, in fedora 36 this
module is no longer loaded by default so we have to add it manually.
This is needed because rootless network setup tries to use iptables
and if iptables-legacy is used instead of iptables-nft it will fail.
To provide a better user experience we will load the module at boot.
Note that this is not needed for RHEL because iptables-legacy is not
supported on RHEL 8 and newer.
[NO NEW TESTS NEEDED]
Fixes#12661
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Building from source would involve separate `make` and `make install`
steps.
This removes a lot of unnecessary `-nobuild` targets which were
otherwise needed for packaging.
This commit also removes spec files for unused copr jobs.
[NO NEW TESTS NEEDED]
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
Heuristic to initialize TunnelMode/remote podman:
- Podman built with remote tag
- Podman running on darwin or windows GOOS
- CONTAINER_HOST or CONTAINER_CONNECTION set in environment
- --remote flag given on command line
- From containers.conf, Engine.Remote == true and GOOS == linux
Otherwise, podman will run in ABIMode/linked against libpod library.
Fixes#12866
Signed-off-by: Jhon Honce <jhonce@redhat.com>
Fixes#11089 - cleanup PATH on MSI uninstall
Additionally fixes scenarios where the path can be overwritten by setx
Also removes the console flash, since the helper is built as a silent gui
Helper executable can be rerun by user to repair PATHs broken by other tools
Utilizes executable location instead of passed parameters to remove delicate escaping requirements
[NO NEW TESTS NEEDED]
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
The Docker-compatible REST API has historically behaved just as the rest
of Podman and Buildah (and the atomic Docker in older RHEL/Fedora) where
`containers-registries.conf` is centrally controlling which registries
a short name may resolve to during pull or local image lookups. Please
refer to a blog for more details [1].
Docker, however, is only resolving short names to docker.io which has
been reported (see #12320) to break certain clients who rely on this
behavior. In order to support this scenario, `containers.conf(5)`
received a new option to control whether Podman's compat API resolves
to docker.io only or behaves as before.
Most endpoints allow for directly normalizing parameters that represent
an image. If set in containers.conf, Podman will then normalize the
references directly to docker.io. The build endpoint is an outlier
since images are also referenced in Dockerfiles. The Buildah API,
however, supports specifying a custom `types.SystemContext` in which
we can set a field that enforces short-name resolution to docker.io
in `c/image/pkg/shortnames`.
Notice that this a "hybrid" approach of doing the normalization directly
in the compat endpoints *and* in `pkg/shortnames` by passing a system
context. Doing such a hybrid approach is neccessary since the compat
and the libpod endpoints share the same `libimage.Runtime` which makes
a global enforcement via the `libimage.Runtime.systemContext`
impossible. Having two separate runtimes for the compat and the libpod
endpoints seems risky and not generally applicable to all endpoints.
[1] https://www.redhat.com/sysadmin/container-image-short-namesFixes: #12320
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
This reverts commit 9d2b8d2791 since
catatonit's new pause functionality can replace the `pause` binary
entirely.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Add the k8s pause binary to `pause/pause.c` and do the plumbing in the
Makefile to install it in $libexec/podman/pause/pause. It is intended to
replace the k8s pause image and hence the need for network connectivity
when creating pods.
[NO NEW TESTS NEEDED] since it will be tested in a following commit.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Need to use CGO for mDNS resolution, but cross builds need CGO disabled
See https://github.com/golang/go/issues/12524 for details
Note: Homebrew forumla will need to be updated to pick up this change
Fixes#10737
Signed-off-by: Jhon Honce <jhonce@redhat.com>
Don't use reexec for the rootlessport process, instead make it a
separate binary to reduce the memory usage. The problem with reexec is
that it will import all packages that podman uses and therefore loads a
lot of stuff into the heap. The rootlessport process however only needs
the rootlesskit library.
The memory usage is a concern since the rootlessport process will spawn
two process per container which has ports forwarded. The processes stay
until the container dies. On my laptop the current reexec version uses
47800 KB RSS. The new separate binary only uses 4540 KB RSS. This is
more than a 90% improvement.
The Makefile has been updated to compile the new binary and install it
to the libexec directory.
Fixes#10790
[NO TESTS NEEDED]
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Don't hardcode /usr/bin/podman in unit files: instead, use
template files with a path replaced at install time.
Because 'make' can be invoked repeatedly, with different
PREFIX, do not leave the generated files behind in our
work directory: wipe them immediately after install.
To get this to work, fix a longstanding bug in podman.spec.in,
a PREFIX that should've been DESTDIR.
Side note: #7023 made contrib/systemd/user a symlink
to .../system but did not update paths in Makefile.
The unrelated-looking path change you see here is
a belated correction for that.
Fixes: #10787
Signed-off-by: Ed Santiago <santiago@redhat.com>
containers-common now ships a containerfile man page,
this patch adds a link to dockerfile.5 so that if user
installs podman-docker package man dockerfile will work.
[NO TESTS NEEDED] since this is just a man page change.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Hi there! I noticed that the MSI file built for Windows was building in 32-bit mode, even though Podman is 64-bit only. I added a flag to wixl in the Makefile to tell it to build a 64-bit MSI, and I adjusted the podman.wxs file to use the right settings for 64-bit programs.
Signed-off-by: GitHub <noreply@github.com>
Insisting on “DCO” imposes formalities, that serve self-purpose. One cannot
assume that the submitter has time or will to read texts about symbolism in
software contributions. If the system wants to see the text
nrEAUIEUAIe eanuitdnuae EAIUEAUIAIE »ℓ§444.3.72b)°»°ℓ§euaieauuae
in each commit, people will write this, or any other text, that the system wants to
see. All such text, which presence is mandated by the system, has the same value.
Signed-off-by: Дилян Палаузов <git-dpa@aegee.org>
Fixes#11417
Cross-building the podman-remote documentation requires a functional
native architecture executable. However `make` only deals with
files/timestamps, it doesn't understand if an existing binary will
function on the system or not. This makes building cross-platform
releases incredibly accident-prone and fragile.
A practical way to deal with this, is via multiple conditional (nested)
`make` calls along with careful manipulation of `$GOOS` and `$GOARCH`.
Also, when cross-building releases be kind to humans and cleanup
any non-native binaries left behind.
Update the `Alt Arch. Cross` Cirrus-CI task to build release archives
for all Linux architectures supported by golang and podman. Update
the `OSX Cross` task to additionally build for the M1 (arm64)
architecture.
Finally, update the release process documentation to reflect the
new locations (Cirrus-CI task names) for the release archives. Include
a note about additional manual work being required to produce the
signed `.dmg` file for MacOS.
Signed-off-by: Chris Evich <cevich@redhat.com>
When building releases, the definitive canonical version of podman (or
podman-remote) is needed. Previously this was accomplished by scraping
`version/version.go`. However, due to tooling differences across
platforms, this has proven problematic, unreliable, and hard to
maintain.
Fix this by building and caching a small golang binary who's only purpose
is to print the version number to stdout. This not only provides a quick
and reliable way to determine the current version, it also acts as a check
on the version API vs tooling that relies on it.
Lastly, remove several `RELEASE_*` Makefile definitions which aren't
actually used anywhere. These were originally added a very long time
ago to serve as part of a long since retired release process. The
remaining items, were updated to make use of the new `.podmanversion`
binary on an as-required basis (i.e. not every time `make` is run).
Signed-off-by: Chris Evich <cevich@redhat.com>
Previously (for various reasons) the unittests were limited by the
Makefile to root-only. However, experimentation via PR #11490
shows they will actually execute and pass when run as a regular user.
Enable this for only the latest Fedora VMs, so as to only add one new
task to the (already large) set.
Signed-off-by: Chris Evich <cevich@redhat.com>
The changelog.txt file hasn't been kept in sync with release tags,
especially on main, so remove it.
The release notes will be featured in RELEASE_NOTES.md.
Signed-off-by: jesperpedersen <jesper.pedersen@redhat.com>
[NO TESTS NEEDED]
This will enable remote access to /etc/subuid and /etc/subgid
information from ldap services, if shadow-utils ships with a libsubid.
[NO TESTS NEEDED] Since we have no way to test this.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Significant bitrot results in almost immediate test failure. This
commit adds only the very basic, bare-minimum needed to get them
started.
***TESTING RESULTS ARE IGNORED***
Signed-off-by: Chris Evich <cevich@redhat.com>
In the new check for preventing 'Expect(ExitCode...)',
include source line numbers.
Response to #11034, which I totally didn't even understand
because it was referencing a different test. Sorry, Brent.
Signed-off-by: Ed Santiago <santiago@redhat.com>
New functionality -- mostly in the diffs we apply to
buildah's helpers.bash -- to enable running buildah-bud
tests under podman-remote. The gist of it is, we start
a 'podman system service' before each test, and clean
it up on test exit.
Design decision: the diff file for helpers.bash is no
longer trailing-whitespace-clean: that ended up producing
diffs that git wouldn't apply, because in some cases
the whitespace is actually important. In order to pass CI,
we need to exclude this file from some checks.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Followup to #10932: add a validation check to prevent introduction
of new 'Expect(foo.ExitCode()).To(...)' patterns. If such use is
absolutely necessary -- there is one such instance in the code
already -- require that the assertion include a description.
Also: clean up instances that were introduced since the merging
of #10932.
Also: fix one remaining instance in run_exit_test.go: it had
a FIXME comment mentioning a race condition, but unfortunately
there was no issue or bug ID, hence no way to know if the race
is fixed or not. We will assume it is.
Signed-off-by: Ed Santiago <santiago@redhat.com>
We no longer need to install /etc/cni/net.d/87-podman-bridge.conflist
so install.cni isn't needed either.
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
As near as I can tell, sometime between `v1.6.4` and `v1.9` the definition
of `LDFLAGS_PODMAN_STATIC` was both created and lost. Additionally, after
a refactoring of the `Makefile` it was possible to enable CGO (which
will cause a dynamic binary to be built). Fix both issues by adding the
missing definition and forcing CGO to be disabled.
Signed-off-by: Chris Evich <cevich@redhat.com>
* Add podman-restart systemd unit file and add it to podman RPM package
* Fix podman start to filter all containers + unit test
Signed-off-by: Boaz Shuster <boaz.shuster.github@gmail.com>
The following manpages have been adapted to the MANPAGE_SYNTAX:
- podman-completion
- podman-container-checkpoint
- podman-container-cleanup
- podman-container-exists
The following manpages have had little changes:
- podman-attach
- podman-commit
- MANPAGE_SYNTAX
- Makefile
Signed-off-by: Alexander Richter <67486332+Procyhon@users.noreply.github.com>
- Bugfix `make nixpkgs` which pin with branch `nixos-21.05`
- Code lint with `nixpkgs-fmt`
- Code sync between x86\_64 and aarch64
Signed-off-by: Wong Hoi Sing Edison <hswong3i@pantarei-design.com>
Updated version for the MANPAGE_SYNTAX and adaption of the syntax for
the manpages of podman-commit, podman-attach, and podman-auto-update.
Signed-off-by: Alexander Richter <67486332+Procyhon@users.noreply.github.com>
* Tests broken up into areas of concern
* Introduced fixtures to reduce duplicated code
* Introduced new assert methods with APITestCase
* General cleanup of code while visiting
* Tests now targeting quay.io
Known issues:
* is-official against quay.io not working
Fixes: #9238
Signed-off-by: Jhon Honce <jhonce@redhat.com>
Once we settle on the wording for short-names in podman-pull, I will
add the same section to all of the podman commands that use pull.
Also ran through all man pages with a spell checker.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
The following content was omitted:
- Text after the first markdown link on a line to the end of the last
(in lines with multiple markdown links)
- Email addresses of the form <a...@...>
Fixed by:
- Making the first two regexes match each link individually, instead
of matching from the start of the first link to the end of the last
- Making the last regex specifically match <a> and </a> tags
Signed-off-by: Rob Cowsill <42620235+rcowsill@users.noreply.github.com>
* Incorporate changes from abandoned #9918: Use dedicated `bin`
sub-directories for `windows` and `darwin` when building
`podman-remote`. The linux flavor remains under `bin` as before.
* Fix MacOS Documentation-generation for release-packaging.
The `install-podman-remote-%-docs` target requires local execution
of `podman-remote`, but it was assuming GOOS=linux. Fix this
by dynamically discovering the local OS/architecture type while
still permitting cross-building of MacOS binaries under Linux.
* Unify temporary directory/file behavior to use a common template.
In case of left-over temporary items left in the repository,
update the `clean` target accordingly to remove them.
* Fix broken podman-remote-static and MacOS release archive targets
mismatching the `podman-remote-%` target. Disambiguate this target
for all platforms by spelling each out in full, instead of using
a wild-card recipe.
* Fix Windows-installer target to properly recognize existing
output files and not constantly rebuild every time.
* Include the podman version number in the Windows-installer target
in case a user downloads multiple releases.
* Include a subdirectory containing the podman version number for
both `tar.gz` and `zip` targets. This prevents users clobbering
existing directories when un-archiving from releases.
Signed-off-by: Chris Evich <cevich@redhat.com>
Over several years the podman Makefile has become a
bloated complex mess. This impedes both debugging
and maintenance, besides causing general eye-strain.
Fix this by adding a simple navigation/layout guide, to help
developers quickly find what's needed. Re-organize the entire
file according to the new layout guide. Add section headers
that call out the purpose of the encompassed content, and
are easy to locate with search-tools.
Note: No recipes or definitions have been altered by this
commit, only re-arranged.
Signed-off-by: Chris Evich <cevich@redhat.com>
An in-line Python script, while flexible, is arguably
more complex and less stable than the long-lived `grep`,
`awk`, and `printf`. Make use of these simple tools
to display a column-aligned table of target and description
help output.
Also, the first target that appears in a Makefile is considered
the default (when no target is specified on the command-line).
However, despite it's name, the `default` target was not listed
first. Fix this, and redefine "default" target to "all" as
intended, instead of "help".
Lastly, add a small workaround for a vim syntax-hilighting bug.
Signed-off-by: Chris Evich <cevich@redhat.com>
Instead of shelling out frequently to resolve the current
directory, use the Makefile built-in `$(CURDIR)`. It has
the exact same meaning w/in the context of a `Makefile`.
Ref.:
https://www.gnu.org/software/make/manual/html_node/Quick-Reference.html
Signed-off-by: Chris Evich <cevich@redhat.com>
Previously this was needed for an automated release process. That
automation has long since been removed. Simplify the Makefile
by removing the target and references.
Signed-off-by: Chris Evich <cevich@redhat.com>
- Bugfix `make nixpkgs` which pin with branch `nixos-20.09`
- Code lint with `nixpkgs-fmt`
- Code sync between x86\_64 and aarch64
Signed-off-by: Wong Hoi Sing Edison <hswong3i@pantarei-design.com>
The split of install.docker and install.docker-docs makes some sense but
there should be some way to specify both for packagers.
This introduces `make install.docker-full` which installs both the
docker binary and the documentation.
Signed-off-by: Morten Linderud <morten@linderud.pw>
Commit 3908c00799 introduces a split for
installing the docker binary and the docker documentation. The
install line creating BINDIR and MANDIR was both moved to the
install.docker-docs path which makes `install.docker` fail.
Signed-off-by: Morten Linderud <morten@linderud.pw>
Add support for generating powershell completion files. This is especially
useful for people using the podman remote client on windows.
[NO TESTS NEEDED]
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
This will allow installation of the manpages without the need to rebuild
them in the installation stage of distro packaging.
[NO TESTS NEEDED]
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
We missed bumping the go module, so let's do it now :)
* Automated go code with github.com/sirkon/go-imports-rename
* Manually via `vgrep podman/v2` the rest
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Backstory: every time you run 'make podman' or even
just 'make', you get a full recompile. This is sub-ideal.
Cause: I don't really know. It looks complicated. #5017
introduced a .PHONY for bin/podman, for reasons not
explained in the PR. Then, much later, #5880 well-
intentionedly but improperly tweaked the 'find'
command used in defining SOURCES, adding a -prune
but without the corresponding and required -print.
Let's just say, it was an unfortunate cascade of events.
This PR fixes the SOURCES definition and removes the
highly-undesired .PHONY from podman & podman-remote,
making it so you can type 'make' and, oh joy, not
build anything if it's current. The way 'make' is
supposed to work.
Why fix this now? Because my PR (#9209) was failing in CI,
in the Validate step:
Can't exec "./bin/podman": No such file or directory at hack/xref-helpmsgs-manpages line 223.
It failed even on Re-run, and only passed once I force-pushed
the PR (with no changes, just a new commit SHA). I have no idea
why bin/podman wasn't built, and I have zero interest in pursuing
that right now, but the proper solution is to add bin/podman as
a Makefile dependency for that particular test. So done.
While I'm at it, fix what is pretty clearly a typo in a .PHONY
And, finally, fix a go-md2man warning introduced in #9189
[NO TESTS NEEDED]
Signed-off-by: Ed Santiago <santiago@redhat.com>
Create a new common target, ginkgo-run, with the main ginkgo
test incantation; ginkgo and ginkgo-remote now invoke that,
with a clearer distinction between their arguments.
Reason for this: 'make remoteintegration' was not generating
ginkgo logs in CI. Reason: '-debug' option was missing from
the ginkgo incantation. Reason: impossibility of maintaining
duplicate long-complicated lines. This PR distills the common
aspects, making the differences clearer between local & remote.
IMPORTANT NOTE: '-nodes 3' was also missing from remote ginkgo.
This PR adds it. If this was intentionally omitted, please let
me know (with reasons) so I can refactor that too.
[NO TESTS NEEDED]
Signed-off-by: Ed Santiago <santiago@redhat.com>
Generate shell completion files for podman and podman-remote
and for all known shells (bash, fish, zsh). Fix Readme file
in completions dir: it suggested running 'make completion',
singular; no such target existed. Since the install target
is plural, I choose to make the new target plural also.
This is intended for use in CI some day, in a check such as:
(in contrib/cirrus/runner.sh):
make completions
SUGGESTION="run 'make completions' and commit all changes" ./hack/tree_status.sh
The goal would be to make sure that any new podman subcommands
or flags are accompanied by their corresponding shell helpers
on all commits.
IT IS NOT POSSIBLE TO ENFORCE THIS NOW. As I understand it,
Cobra is slow to incorporate community PRs, so the podman team
has chosen to sneak in completion files generated by an
unreleased and un-vendored version of Cobra. Running 'make
completions' right now would clobber those and result in
a diminished user experience.
I'm submitting this anyway as a stepping-stone toward that
future day when we can create such a CI hook.
[NO TESTS NEEDED]
Signed-off-by: Ed Santiago <santiago@redhat.com>
Make sure that bindings are in sync with the code. The check is similar
to what's already being done with `make vendor`, so integrate the two.
[NO TESTS NEEDED]
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Evan Lezar
OpenShift Merge Robot
Paul Holzinger
Ashley Cui
Alexander Larsson
Doug Rabson
Daniel J Walsh
Ed Santiago
Valentin Rothberg
Chris Evich
Jason T. Greene
Dan Čermák
SeongChan Lee
Aditya R
Kir Kolyshkin
Brent Baude
Lokesh Mandvekar
Pascal Bourdier
Jhon Honce
Valentin Rothberg
Ian Wienand
Anders F Björklund
Easton Pillay
Дилян Палаузов
jesperpedersen
openshift-ci[bot]
kpcyrd
tobwen
Boaz Shuster
Alexander Richter
Wong Hoi Sing Edison
Rob Cowsill
Morten Linderud
Paul Holzinger
Ming Liu
Matej Vasek