The docker-in-docker was script was needed to run AppArmor tests in
Travis, which is not required anymore since Travis isn't being used
for a while. Removing the script will also cure some hiccups on
some atomic testing nodes.
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
Make users of libpod more secure by adding the libpod/apparmor package
to load a pre-defined AppArmor profile. Large chunks of libpod/apparmor
come from github.com/moby/moby.
Also check if a specified AppArmor profile is actually loaded and throw
an error if necessary.
The default profile is loaded only on Linux builds with the `apparmor`
buildtag enabled.
Signed-off-by: Valentin Rothberg <vrothberg@suse.com>
Closes: #1063
Approved by: rhatdan
This makes fixing errors easier. Before this commit, errors looked
like [1]:
$ make gofmt
libpod/container_linux.go:1:⚠️ file is not gofmted with -s (gofmt)
make: *** [gofmt] Error 1
But that's not very helpful when your local gofmt thinks the file is
fine. With this commit, errors will look like:
$ make gofmt
find . -name '*.go' ! -path './vendor/*' -exec gofmt -s -w {} \+
git diff --exit-code
diff --git a/libpod/container_internal.go b/libpod/container_internal.go
index df4de3fe..22b39870 100644
--- a/libpod/container_internal.go
+++ b/libpod/container_internal.go
@@ -1,7 +1,7 @@
package libpod
import (
-"bytes"
+ "bytes"
"context"
"encoding/json"
"fmt"
make: *** [Makefile:87: gofmt] Error 1
(or whatever, I just stuffed in a formatting error for demonstration
purposes).
Also remove the helper script in favor of direct Makefile calls,
because with Git handling difference reporting and exit status, this
becomes a simpler check. find's -exec, !, and -path arguments are
specified in POSIX [2].
[1]: https://travis-ci.org/kubernetes-incubator/cri-o/jobs/331949394#L1075
[2]: http://pubs.opengroup.org/onlinepubs/9699919799/utilities/find.html
Signed-off-by: W. Trevor King <wking@tremily.us>
Closes: #1038
Approved by: rhatdan
Copying the libraries from:
$ git grep pkg-config vendor/github.com/containers/image/
vendor/github.com/containers/image/ostree/ostree_dest.go:// #cgo pkg-config: glib-2.0 gobject-2.0 ostree-1 libselinux
vendor/github.com/containers/image/ostree/ostree_src.go:// #cgo pkg-config: glib-2.0 gobject-2.0 ostree-1
We need all of those to compile the vendored Go dependency, not just
ostree-1.
Signed-off-by: W. Trevor King <wking@tremily.us>
Closes: #958
Approved by: giuseppe
Because it's easier to recover from that if we fail early instead of
going through and creating a "Bump to v1.2.3-dev-dev" commit, etc.
Signed-off-by: W. Trevor King <wking@tremily.us>
Closes: #926
Approved by: rhatdan
Bump it to the next version (without a -dev suffix), based on the
precedent set by 70672652 (Bump to v0.6.1-dev, 2018-05-25, #834).
Previously I had VERSION there, which was a copy/paste error.
I've also added an explicit write_spec_version to release_commit.
That *should* be a no-op, with the spec version having already been
set by the previous release's dev_version_commit. But better to be
safe than to cut a release with the wrong version number in the spec
file (e.g. maybe we guessed NEXT_VERSION wrong during the last
release).
Signed-off-by: W. Trevor King <wking@tremily.us>
Closes: #879
Approved by: mheon
Since 727ecfea (Use Version from spec file in setup.py, 2018-05-18, #807),
setup.py has been pulling this from a PODMAN_VERSION environment
variable (which can be set in spec files), and there's no need for us
to bump it as part of our releases.
Signed-off-by: W. Trevor King <wking@tremily.us>
Closes: #879
Approved by: mheon
Matthew had expressed interest in a lovely release script on IRC.
Here's my attempt to encode the changes from the v0.5.4 release
branch. I've also added tag signing, so you may be prompted for your
passphrase during that step.
The version scheme for 0.x.y is 0.${month}.${count_that_month} [1].
We could automatically calculate those with a dozen or so lines of
shell script, but we don't think that's worth the maintenance burden
when it's easy enough for the caller to think them up on their own
[2].
The spec sed also bumps the Python package version to match, which
seems like the intended behavior until 1.0 when the Python code will
move into its own repository [3].
[1]: https://github.com/projectatomic/libpod/pull/867#issuecomment-393731907
[2]: https://github.com/projectatomic/libpod/pull/867#issuecomment-393743295
[3]: https://github.com/projectatomic/libpod/issues/786#issuecomment-390682012
Signed-off-by: W. Trevor King <wking@tremily.us>
We inherited this from a031b83a (Initial checkin from CRI-O repo,
2017-11-01), but:
* The output is actually going into bin/podman, so Make will rebuild
this target every time. You'll never be able to save compilation
because the target is newer than all the prerequisites.
* Make expands prerequisites immediately when loading a Makefile [1],
and on my wimpy Chromebook SD Card, this is *slow*:
$ time hack/find-godeps.sh ~/.local/lib/go/src/github.com/projectatomic/libpod cmd/podman github.com/projectatomic/libpod
...
real 0m56.225s
user 0m44.918s
sys 0m21.918s
* Go is pretty good at this on its own, so having make call 'go build'
every time will almost certainly be faster than us trying to mimic
this in a shell script. And by punting to Go in the recipe, Make
invocations that do not need the podman target (e.g. 'make help')
can skip the dependency lookup entirely.
[1]: https://www.gnu.org/software/make/manual/html_node/Reading-Makefiles.html#Rule-Definition
Signed-off-by: W. Trevor King <wking@tremily.us>
Closes: #776
Approved by: rhatdan
fix_gofmt will run gofmt -s -w on files that need to be
formatted. Useful for developers prior to checking code
in.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #125
Approved by: baude
