`--format json` should not be the same as `--format {{json .}}`, the
later should actually run through the go template and thus create one
json object per entry instead of an json array.
Includes a vendor of c/common@main since it requires a fix from there as
well.
This matches docker compat.
Fixes#16436
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This pulls in https://github.com/godbus/dbus/pull/332 allowing dbus to
build without cgo on FreeBSD. This will allow freebsd targets in the cross
build.
[NO NEW TESTS NEEDED]
Signed-off-by: Doug Rabson <dfr@rabson.org>
Only want to report if user created local customized storage in
/etc/containers/storage.conf or in
$HOME/.config/containers/storage.conf, when resetting storage.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
The rest of the code has been using golang.org/x/* for the IsTerminal()
API for a long time, not github.com/mattn/go-isatty. It seems better to
stick to packages from the golang.org domain, whenever possible, and one
less dependency is always a good thing.
The modules were not cleaned up with 'make vendor' because 'go mod tidy'
was running into:
go: error loading go 1.16 module graph:
github.com/containers/image/v5@v5.23.1-0.20221015133641-1921a1993c67
requires
github.com/honeycombio/beeline-go@v1.9.0 requires
github.com/mattn/go-sqlite3@v2.0.3+incompatible: reading
github.com/mattn/go-sqlite3/go.mod at revision v2.0.3: unknown
revision v2.0.3
If reproducibility with go 1.16 is not needed:
go mod tidy -compat=1.17
Since go.mod already requires Go 1.17, the following commands were
manually run:
$ go mod tidy -compat=1.17
$ go mod vendor
$ go mod verify
Further modifications to go.sum were done manually based on the
complaints from postbuild.sh run by the CI.
[NO NEW TESTS NEEDED] as it's not a functional change.
Fixes: 85db895012 ("logging: new mode -l passthrough")
Signed-off-by: Debarshi Ray <rishi@fedoraproject.org>
Fix two bugs in `system df`:
1. The total size was calculated incorrectly as it was creating the sum
of all image sizes but did not consider that a) the same image may
be listed more than once (i.e., for each repo-tag pair), and that
b) images share layers.
The total size is now calculated directly in `libimage` by taking
multi-layer use into account.
2. The reclaimable size was calculated incorrectly. This number
indicates which data we can actually remove which means the total
size minus what containers use (i.e., the "unique" size of the image
in use by containers).
NOTE: The c/storage version is pinned back to the previous commit as it
is buggy. c/common already requires the buggy version, so use a
`replace` to force/pin.
Fixes: #16135
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Mainly to pull in fixes for #1382 which is impossible to reproduce
locally so let's optimistically mark it as fixed and reopen if needed
in the future.
Fixes: #1382
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
... to fix reads of compressed data by docker-archive:
> go get github.com/klauspost/pgzip@master
> make vendor
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
add the key used in newly initialized machines to the user's known_hosts file. This ensures that golang will be able to ssh into the machine using
podman-remote. Also, remove the /dev/null redirection for podman machine ssh's known_hosts file.
resolves#15347
Signed-off-by: Charlie Doern <cdoern@redhat.com>
Signed-off-by: cdoern <cbdoer23@g.holycross.edu>
Bumps [github.com/vbauerster/mpb/v7](https://github.com/vbauerster/mpb) from 7.5.2 to 7.5.3.
- [Release notes](https://github.com/vbauerster/mpb/releases)
- [Commits](https://github.com/vbauerster/mpb/compare/v7.5.2...v7.5.3)
---
updated-dependencies:
- dependency-name: github.com/vbauerster/mpb/v7
dependency-type: direct:production
update-type: version-update:semver-patch
...
Also bump the go module to 1.17 to be able to compile the new code.
Given containers/common and others already require go 1.17+ we're
safe to go.
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Code from this dependency was replaced with a simple version. As a
result Podman's memory consumption has been reduced by ~10%.
[NO NEW TESTS NEEDED]
Signed-off-by: Mikhail Khachayants <tyler92@inbox.ru>
Add three new capabilities that would otherwise be reported as unknown.
Also add an e2e test making sure that `podman top` knows all
capabilities of the current kernel. I refrained from adding a system
test since this may blow up in gating tests.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Also, do a general cleanup of all the timeout code. Changes
include:
- Convert from int to *uint where possible. Timeouts cannot be
negative, hence the uint change; and a timeout of 0 is valid,
so we need a new way to detect that the user set a timeout
(hence, pointer).
- Change name in the database to avoid conflicts between new data
type and old one. This will cause timeouts set with 4.2.0 to be
lost, but considering nobody is using the feature at present
(and the lack of validation means we could have invalid,
negative timeouts in the DB) this feels safe.
- Ensure volume plugin timeouts can only be used with volumes
created using a plugin. Timeouts on the local driver are
nonsensical.
- Remove the existing test, as it did not use a volume plugin.
Write a new test that does.
The actual plumbing of the containers.conf timeout in is one line
in volume_api.go; the remainder are the above-described cleanups.
Signed-off-by: Matthew Heon <mheon@redhat.com>
implement new ssh interface into podman
this completely redesigns the entire functionality of podman image scp,
podman system connection add, and podman --remote. All references to golang.org/x/crypto/ssh
have been moved to common as have native ssh/scp execs and the new usage of the sftp package.
this PR adds a global flag, --ssh to podman which has two valid inputs `golang` and `native` where golang is the default.
Users should not notice any difference in their everyday workflows if they continue using the golang option. UNLESS they have been using an improperly verified ssh key, this will now fail. This is because podman was incorrectly using the
ssh callback method to IGNORE the ssh known hosts file which is very insecure and golang tells you not yo use this in production.
The native paths allows for immense flexibility, with a new containers.conf field `SSH_CONFIG` that specifies a specific ssh config file to be used in all operations. Else the users ~/.ssh/config file will be used.
podman --remote currently only uses the golang path, given its deep interconnection with dialing multiple clients and urls.
My goal after this PR is to go back and abstract the idea of podman --remote from golang's dialed clients, as it should not be so intrinsically connected. Overall, this is a v1 of a long process of offering native ssh, and one that covers some good ground with podman system connection add and podman image scp.
Signed-off-by: Charlie Doern <cdoern@redhat.com>
As the title says.
Vendor Buildah v1.27.0 into Podman in preparation for Buildah v4.2
[No New Tests Needed]
Signed-off-by: tomsweeneyredhat <tsweeney@redhat.com>
Improve the error message when attempting to remove an image that is in
use by an external/build container. Prior, the error only indicated
that the image was in use but did not aid in resolving the issue.
Fixes: #15006
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
- Allow creating sigstore signatures via --sign-by-sigstore-private-key .
Like existing --sign-by, it does not work remote (in this case
because we would have to copy the private key to the server).
- Allow passing a passphrase (which is mandatory for sigstore private keys)
via --sign-passphrase-file; if it is not provided, prompt interactively.
- Also, use that passphrase for --sign-by as well, allowing non-interactive
GPG use. (But --sign-passphrase-file can only be used with _one of_
--sign-by and --sign-by-sigstore-private-key.)
Note that unlike the existing code, (podman build) does not yet
implement sigstore (I'm not sure why it needs to, it seems not to
push images?) because Buildah does not expose the feature yet.
Also, (podman image sign) was not extended to support sigstore.
The test for this follows existing (podman image sign) tests
and doesn't work rootless; that could be improved by exposing
a registries.d override option.
The test for push is getting large; I didn't want to
start yet another registry container, but that would be an
alternative. In the future, Ginkgo's Ordered/BeforeAll
would allow starting a registry once and using it for two
tests.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
By vendoring the fixes from containers/image. Also add a test (thanks
@edsantiago) to make sure we won't regress in the future again.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
add support for both creating a secret using yaml and mounting a secret as a volume given a yaml file.
Kubernetes secrets have a different structure than podman and therefore have to be handeled differently.
In this PR, I have introduced the basic usecases of kube secrets with more implementations like env secrets
to come!
resolves#12396
Signed-off-by: Charlie Doern <cdoern@redhat.com>
Since conmon-rs also uses this code we moved it to c/common. Now podman
should has this also to prevent duplication.
[NO NEW TESTS NEEDED]
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
using the new resource backend, implement podman pod create --memory which enables
users to modify memory.max inside of the parent cgroup (the pod), implicitly impacting all
children unless overriden
Signed-off-by: Charlie Doern <cdoern@redhat.com>
Pull in fixes for platform checks to silence annoying warnings when
pulling images by platforms using uname values.
Fixes: #14669
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
currently, setting any sort of resource limit in a pod does nothing. With the newly refactored creation process in c/common, podman ca now set resources at a pod level
meaning that resource related flags can now be exposed to podman pod create.
cgroupfs and systemd are both supported with varying completion. cgroupfs is a much simpler process and one that is virtually complete for all resource types, the flags now just need to be added. systemd on the other hand
has to be handeled via the dbus api meaning that the limits need to be passed as recognized properties to systemd. The properties added so far are the ones that podman pod create supports as well as `cpuset-mems` as this will
be the next flag I work on.
Signed-off-by: Charlie Doern <cdoern@redhat.com>
Update cobra to latest version. Remove workaround for podman -h.
Also regenerate the completion scripts.
[NO NEW TESTS NEEDED]
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Changes since 2022-05-31:
- add --omit-history option (buildah PR 4028)
Signed-off-by: Ed Santiago <santiago@redhat.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Note that the bud-logfile-with-split-logfile-by-platform test is skipped
on the remote client (see #14544).
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Podman and Buildah should use the same code the generate the resolv.conf
file. This mostly moved the podman code into c/common and created a
better API for it so buildah can use it as well.
[NO NEW TESTS NEEDED] All existing tests should continue to pass.
Fixes#13599 (There is no way to test this in CI without breaking the
hosts resolv.conf)
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Daniel J Walsh
OpenShift Merge Robot
dependabot[bot]
Paul Holzinger
Prajwal S N
Doug Rabson
Debarshi Ray
Valentin Rothberg
Piotr Resztak
Miloslav Trmač
Aditya R
Charlie Doern
Ashley Cui
Mikhail Khachayants
Matthew Heon
Giuseppe Scrivano
tomsweeneyredhat
Sascha Grunert
openshift-ci[bot]