Some time ago, we moved the Seccomp policy (and related setup
code) to a place where all our tools could share it [1]. We did
not, however, remove the in-repo seccomp.json file. Over the last
year or so, the in-repo seccomp policy has become progressively
more and more outdated, with no effort made to maintain it
(because what sense is there in keeping a duplicate?). Today, a
friend came to me and asked if a Podman container could access
keyctl, assuming it could not because he was reading the outdated
Seccomp policy which does not allow it. Since it's becoming clear
that this file is doing no good and actively causing confusion,
let's just drop it.
[1] https://github.com/seccomp/containers-golang
Signed-off-by: Matthew Heon <mheon@redhat.com>
We want to add this configuration file so that users can descover
how to configure the permanent connection to a remote podman instance.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Reversion of one part of #6679: my handling of 'realpath'
would not work when $PODMAN is 'podman-remote --url etc'.
Trying to handle that case got unmaintainable; so instead
let's just force 'make {local,remote}system' to invoke
with a full PODMAN path. This breaks down if someone
runs the tests with a manual 'bats' invocation, but I
think I'm the only one who ever does that.
Since podman path will now be very long in the logs,
add code to logformatter to abbreviate it like we do
for the ginkgo logs.
And, one thing that has bugged me for a long time:
in the error logs, show a different prompt ('#' vs '$')
to distinguish root vs rootless. This should make it
much easier to see at-a-glance whether a log file
is root or not. Add tests for it.
Signed-off-by: Ed Santiago <santiago@redhat.com>
podman-remote has not been tested. A principal part of the
problem was #5387 - the YAML I wrote did not have the
intended effect, it did not set TEST_REMOTE_CLIENT=true
and because of my multiple iterations I did not catch this
during testing.
Part 1 of this PR is to fix .cirrus.yml to enable remote tests.
Part 2 -- what I had first noticed and tried to fix -- is that
rootless_test.sh was never running remote because, of course,
envariables are not sent via ssh. I reworked integration_test.sh
and rootless_test.sh to use a command-line decision instead.
Part 3, sigh, is to disable one failing integration test
and *all* system tests, because so many of the latter are
failing. Addressing those failures needs to be done in
subsequent PRs. Issues #6538, #6539, #6540 are filed for
some of the problems I isolated. There will be more.
Also, minor, fixed some stale references to varlink.
Signed-off-by: Ed Santiago <santiago@redhat.com>
We experienced regression when using the latest `v1.2.0-dev` bats in
Ubuntu 20.04 (see github.com/containers/libpod/pull/6418). Using
bats v1.1.0 worked in the Ubuntu test VM.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
We need to default to building podman. If you specify no build
tags you will not build podman, not podman-remote.
Just using remote flag to indicate podman-remote and !remote for
podman.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Issue gh#6286 was already fixed in a prior commit but the Makefile still
ran some varlink steps by default.
This commit makes any varlink build steps dependent on the varlink
build tag and also makes the contrib rpm spec file independent of
varlink.
Endpoint tests will be run only if BUILDTAGS contains varlink.
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
1) fix lost credentials.
must_pass(), added in #6375, eats the credentials
generated via 'podman run --entrypoint htpasswd'.
Run that podman instance directly, and add explicit
error check.
(The error and stdout/stderr handling here has gotten
cumbersome. There must be something I'm missing that
could make it all simpler.)
2) fix default podman path.
When setting $PODMAN, default to the locally built
one -- there may not be one in $PATH (e.g. in
Ubuntu, see #6366). This in turn requires us to:
3) run registry test in integration, not unit test
It looks like unit tests run before podman is built,
causing a chicken-egg dilemma. Try to solve that by
running the new hack/podman-registry-go test in
integration tests, not unit tests.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Handle REMOTETAGS the same way for all remote commands.
This fixes issues where remote commands are not building correctly on rhel7 and centos7 systems.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Now that we're shipping containers.conf, we don't want to provide
a libpod.conf anymore. This removes libpod.conf from the repo and
as many direct uses as I can find.
There are a few more mentions in the documentation, but someone
more familiar with containers.conf should make those edits.
Signed-off-by: Matthew Heon <mheon@redhat.com>
We’re now able to build a static podman binary based on a custom nix
derivation. This is integrated in cirrus as well, whereas a later target
would be to provide a self-contained static binary bundle which can be
installed on any Linux x64-bit system.
Fixes: https://github.com/containers/libpod/issues/1399
Signed-off-by: Sascha Grunert <sgrunert@suse.com>
Instead of being depended by docs, targets '.install.md2man' and
'docdir' should be depended by 'MANPAGES', or else the path
'docs/build/man' or 'GOMD2MAN' might not exist when it tries to
generate files in it.
This fixes a following build error:
| open docs/build/man/podman-volume-ls.1: no such file or directory
| Makefile:377: recipe for target 'docs/source/markdown/podman-volume-ls.1' failed
| make: *** [docs/source/markdown/podman-volume-ls.1] Error 1
| make: *** Waiting for unfinished jobs....
| open docs/build/man/podman-init.1: no such file or directory
| Makefile:377: recipe for target 'docs/source/markdown/podman-init.1' failed
Signed-off-by: Ming Liu <ming.liu@toradex.com>
We should not be building podman-remote with the BUILDTAGS, these
only effect server side.
CRC Group wants to use a static version of podman-remote in order
to install the same podman-remote client on any Linux box.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Distro packaging often uses non-default build and linker flags.
The current Makefile cannot be used in the package build process as it
will end up rebuilding the binaries with the default flags.
This commit introduces install targets which do not depend on the build
targets. Distro packages should prefer these if they want to use any
non-default flags.
NOTE: This commit effectively leaves prior targets unchanged, so users
won't notice any difference.
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
There is no need to search for sources in hidden dirs. In my case
there are files from development environment that stand in the way.
Signed-off-by: Anatoli Babenia <anatoli@rainforce.org>
New script cross-references r.Handle() and r.HandleFunc()
calls against the preceding '// swagger:operation' comments,
and exits failure (with descriptive error messages) if any
comments do not match the code.
This script should not be necessary: the swagger comments
should be autogenerated from the source code.
Signed-off-by: Ed Santiago <santiago@redhat.com>
(export a=b command args) does not run (command args) with a=b,
it sets $a to b, and marks variables $a $command $args as exported,
i.e. (command args) is not run.
So we were not actually running (go mod tidy).
Fix that.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
* Added support for system service
* Enabled linting on the varlinkapi source, needed to support V2
service command
* Added support for PODMAN_SOCKET
Skip linting deprecated code
Rather than introduce bugs by correcting deprecated code, linting the
code is being skipped. Code that is being ported into V2 is being
checked.
Signed-off-by: Jhon Honce <jhonce@redhat.com>
New hack/xref-helpmsgs-manpages script, added to CI 'gate'
task, runs 'podman [subcommand] --help' and cross-references
against man pages in docs/source/markdown/podman*.1.md
See #5453 and #5460 for instances of the problems the
script has found.
The careful reader will find an alarming number of special-case
bypasses. These are a tradeoff I am making: to get perfect
coverage with no handwaving, it would be necessary to make
drastic changes to some man pages, and I believe those would
be counterproductive.
Signed-off-by: Ed Santiago <santiago@redhat.com>
API v2 has been quiet for a few days, and the test script is
actually passing. Let's take advantage of this opportunity
to get them running in CI.
Requires adding a check for cgroupsv2
Signed-off-by: Ed Santiago <santiago@redhat.com>
pre-commit is required for running certain tests by the Makefile.
Adding pre-commit to install.tools allows users to easily use
and test podman.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes#5130.
varlink code generation was skipped when `uname -o` did not print "GNU/Linux".
However on some Linux systems (e.g. alpine) only "Linux" is printed
which results in cmd/podman/varlink/iopodman.go not being generated.
Thus the Makefile target condition has been changed to match "Linux".
Signed-off-by: Max Goltzsche <max.goltzsche@gmail.com>
the linting task identifies gofmt issues; therefore it makes more sense to run our make gofmt first, which actually fixes the gofmt issues.
Signed-off-by: Brent Baude <bbaude@redhat.com>
A recent Makefile change (4ec893a748) removed a side-effect necessary
for 'make validation' to pass under automation. Making things worse,
change 12bd7e927c was found upon investigation to always point at
the latest upstream HEAD. However, this is rarely a fork-point for
pull-requests. Further investigation showed the built-in Cirrus-CI,
golang-based git does not obtain sufficient data for the Makefile
command `git merge-base HEAD $${DEST_BRANCH:-master}` to function
properly (in the context of the gate container).
Fix this by customizing the clone operation and slightly adjust the
Makefile command to function as intended in the gate container. Also
add checks to the validate and lint targets which validate the
variable EPOCH_TEST_COMMIT value is never an empty string or whitespace.
Signed-off-by: Chris Evich <cevich@redhat.com>
Speed up the Makefile by removing variable references from the release
targets. Now, the variables will only be (lazily) evaluated when they
are actually needed and not for each invocation of the Makefile which
has it down considerably.
Fixes: #4829
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Add a .PHONY line over each target instead of mixing this notation with
a separate but incomplete single list.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Move the systemd-buildtag check into the `bin/podman` target.
No need to execute the check for all invocations of the
Makefile.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
