When a network is created without gateway, i.e. --internal --disable-dns
then the gateway will be nil. But converting a nil ip to string produces
"<nil>" which is not what we want as we like an empty string there to
signal that the network has no gateway.
Fixes: #28705
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
- libpod/events.go & libpod/runtime.go: Added the `Artifact` event type.
Refactored and deduplicated event forwarding logic by introducing
`spawnEventForwarder[T any]`, replacing separate goroutine loops for
images and artifacts. Implemented graceful shutdown and resolved eventer
initialization race conditions.
- libpod/events: Implemented event filtering by name/ID, updated journald
and logfile readers/writers for artifact events, and added `Artifact` to
`ToHumanReadable` formatting.
- cmd/podman: Added shell auto-completion for `artifact=` and `type=artifact` filters.
- docs/test: Documented the `artifact` event type, statuses, and filters in
`podman-events.1.md`. Added an end-to-end test in `events_test.go` to verify
event emissions.
Signed-off-by: Byounguk Lee <nimdrak@gmail.com>
Add a --dry-run option to show which volumes would be pruned without removing them.
Related: #27838
Signed-off-by: KyounghoonJang <matkimchi_@naver.com>
This is a Docker compatibility change discovered while working on
cases it is practically speaking required because there are
mandatory parameters in the body, but in those cases you do not
get a JSON decode error back, you get an error about the field
that needs to be set. I see no reason for us not to match this
convention; it doesn't break our existing bindings, but makes
using the API via curl or similar somewhat easier.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
This test is currently flaking with the latest pasta update[1]. As part
of debugging this it was hard to see why socat fails 5 times in this
loop as the run function does not log the output so I had to add an echo
here.
[1] https://bugs.passt.top/show_bug.cgi?id=202
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
The Docker daemon emits a final `{"aux":{"Tag","Digest","Size"}}` JSON
object on the push event stream so clients can recover the registry-side
manifest digest without an extra registry round-trip.
Several Docker-API clients (e.g. the Pulumi and Terraform docker
providers) parse `aux.Digest` to populate their pushed-image outputs.
Without the trailer they either silently fall back to inspecting the
local image (whose digest does not always match what was pushed - see
containers/podman#14779) or emit "Push completed without reporting a
digest" warnings.
`pushReport.ManifestDigest` is already populated with the correct
on-the-wire digest from `manifest.Digest(pushedManifestBytes)`; this
change just wraps it into the same JSON shape Docker emits and adds an
apiv2 test asserting the trailer is present with Tag, Digest, and Size.
Signed-off-by: nitz <nitz.raz@gmail.com>
Autocompletion for `podman inspect` now includes artifact names,
matching the behavior of other object types like containers, images,
pods, networks, and volumes.
Signed-off-by: Byounguk Lee <nimdrak@gmail.com>
With podman 6 we have a --import-native-ca option that handles the
copying of certs much better.
As such remove our old legacy way of copying files these envs and also
the static certs.d dir. Since we now mount the full containers config
dir the certs from the cert.d are mounted already.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
The other providers use the volume mounts from containers.conf which
should take care of it. But because WSL is not using this we need to
hard code this ourselves.
Add a new custom unit to make systemd mount the path like we do for
podman socket mounts.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Each machine init boot takes a while, we can easily do this as part of
one test run to speed the overall machine test time up.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This commit addresses two concerns.
Bind dual stack when hostIP unless it is explicitly specified. Since we
use listen(), this change resulted in blocked connections on stacks
without matching DNAT rules (e.g. connecting to [::1] on an IPv4-only
network) because the TCP handshake on the reservation socket would complete
instead of returning ECONNREFUSED allowing the client to fallback to IPv4.
Replacing listen() with raw socket() and bind() syscalls fixes this by
allowing us to reserve this port without accepting connections; clients
get ECONNREFUSED and fall back to IPv4 automatically, as is desired.
Fixes: https://github.com/containers/netavark/issues/1338
Co-authored-by: Paul Holzinger <pholzing@redhat.com>
Signed-off-by: Danish Prakash <contact@danishpraka.sh>
