The install script only reuses the binary from $PATH if the version
matches otherwise installs into ./bin, if the version of $PATH matches
then the binary from ./bin is removed there.
That means the actual run must prefer ./bin as this has a known good
version when it exists unlike $PATH which can be the wrong version.
This fixes the logic added in commit cf021c4ba9.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
When a specific version of golangci-lint is already available in $PATH,
use it instead of installing one locally.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Since commit def70012b9 git-validation is only used to check if the
commit subject is less than 90 characters.
Drop the vendored git-validation Go tool and the .gitvalidation make
target in favor of hack/commit-subject-check.sh.
This removes a Go build dependency and a vendored tree from
test/tools/ while keeping the same CI and local behavior.
Note the now-removed GIT_CHECK_EXCLUDE was not used by gitvalidation
since commit def70012b9 because it was not checking any specific
files, just the commit subject lengths.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
The Quadlet documentation rewrite added a render() pass that handles
`<<if VAR>>...<<endif>>` and `<<X if cond else Y>>` conditionals before
the existing `<<a|b>>` substitution and `<<subcommand>>` replacement run.
Tokens that didn't match the new conditional grammar were silently
consumed instead of passed through, so any `<<a|b>>` whose content
didn't fit the conditional shape disappeared from the rendered output.
The user-visible regression (containers/podman#28645) was the line in
options/sysctl.md:
Note: <<if using the **--ipc=host** option|...>>, the above sysctls
are not allowed.
Both halves of the substitution start with "if", so the inner string
matched `inner.startswith("if ")`, but the rest of the conditional
recogniser fell through and the whole token was dropped. The same
codepath also dropped `<<subcommand>>` tokens, which insert_file()
expects to replace later.
Fix: when none of the conditional/inline-if branches match, append the
original `<<...>>` token verbatim so downstream replace_type and
`<<subcommand>>` replacement can handle it. Add render() tests covering
the conditional grammar plus the regression case.
Verified by rendering all 307 files under docs/source/markdown/options/
in both is_quadlet=True and is_quadlet=False contexts; no failures.
Closes#28645
Signed-off-by: Matt Van Horn <mvanhorn@gmail.com>
This commit does the following:
- Splits the podman-systemd.unit.5.md into multiple files - one for each quadlet file type.
- Adds the podman-quadlet-basic-usage.7.md for quadlet examples.
- Majority of the text in the new files is copied from the podman-systemd.unit.5.md
- Adds support for very simple condditional in the markdown_preprocess.
- Uses new logic in markdown_preprocess in options/*.md to use a single .md file for both
podman subcommands man-pages and quadlet man-pages. This deduplicates the Quadlet man-pages a lot.
- Adds new `@@option quadlet:source.md`` preprocess command to import such .md files from options directory.
Signed-off-by: Jan Kaluza <jkaluza@redhat.com>
Introducing a new `podmand system` subcommand to prepare a Windows host
to run Hyper-V based Podman machines: `hyperv-prep`.
When executed it:
- creates of the registry keys for VSocks
- adds the current user to the Hyper-V administrators group
This command requires an administrator terminal.
Signed-off-by: Mario Loriedo <mario.loriedo@gmail.com>
The podman module paths are moving from github.com/containers/podman to
go.podman.io/podman. This will help with future mobility.
Signed-off-by: Brent Baude <bbaude@redhat.com>
This PR reflects the upstream change of moving the buildah module from
github.com/containers/buildah to go.podman.io/buildah.
Signed-off-by: Brent Baude <bbaude@redhat.com>
Implements automatic OS upgrade functionality for Podman machines that requires no user input beyond running the command. The upgrade logic automatically determines the appropriate upgrade path using a three-way comparison between client version, machine version, and OCI registry:
* When the client version is older than the machine version, no action is taken and an error is returned.
* When the client version matches the machine version, the OCI registry is queried to check for in-band updates by comparing image digests. This handles minor, patch level, and updates oci image use cases.
* When the client version is newer than the machine version, the machine is upgraded to match the client's major.minor version.
* No manual image selection or version specification required.
The command supports dry-run mode and JSON (only) output format for automation.
Signed-off-by: Brent Baude <bbaude@redhat.com>
The system tests can setup their own server now so just use that and
don't require the user to spawn its own.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Tremendous amount of changes in here, but all should amount to
the same thing: changing Go import paths from v5 to v6.
Also bumped go.mod to github.com/containers/podman/v6 and updated
version to v6.0.0-dev.
Signed-off-by: Matt Heon <mheon@redhat.com>
This reverts commit c12b1b32bc.
The content contains incorrect information and misses a lot of details
from the previous page that must be restored.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Using golang.org/x/tools/gopls/internal/analysis/modernize/cmd/modernize
+ some manual cleanup in libpod/lock/shm/shm_lock_test.go as it
generated an unused variable
+ restored one removed comment
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
There are endless of links pointing to this document we should not get
rid of that.
Also I find having two podman-quadlet with different numbers rather
confusing, while I understand the motivation I think for most users this
is not intuitive. Most people will not type the man section numbers.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This commit does the following:
- Splits the podman-systemd.unit.5.md into multiple files - one for each
quadlet file type, podman-quadlet.7.md for general quadlet information
and podman-quadlet-basic-usage.7.md for quadlet examples.
- Removes the original podman-systemd.unit.5.md file.
- Adds support for jinja2 templating language in the markdown_preprocess.
- Uses jinja2 in options/*.md to use the single .md file for both podman
subcommands man-pages and quadlet man-pages. This deduplicates
the Quadlet man-pages a lot.
- Adds new `@@option quadlet:source.md` preprocess command to import
such .md files from options directory.
Signed-off-by: Jan Kaluza <jkaluza@redhat.com>
The distro-integration tag was added for fedora openQA to only run a
subset of tests. However since it was added only a few new tests have
been labelled like that and in general a normal contributor or even
maintianer has no idea when to add this tag.
We also have been seeing several regressions getting into fedora that
these tests would have caught. As such I worked with Adam to enable all
tests for fedora openQA so we actually have proper coverage. This has
been working for a few weeks so I think we can dop these tags so
upstream does not need to bother with them at all.
https://pagure.io/fedora-qa/os-autoinst-distri-fedora/issue/373
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
It seems the new bpftrace version since 0.22 logs a warning if we try to
delete a key that does not exist.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
On bpftrace 0.22 this fails to compile and load so the script currently
does not show us anything in CI there.
We need to clamp the string size a bit 128 chars seems more than enough
for the podman/conmon binary path length.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
The default has been set to 1024 which should bee good enough and better
than having to unroll this loop like that.
This is supported since bpftrace 0.22 which is in fedora 42.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This was not updated to the latest versions and CI and basically any
user should get in from their distro repos.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This script is no longer used as the device mapper storage driver was
removed over a year ago.
Commit 60692ca already removed the build tag reference but not this
script which set a buildtag for it.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Dynamically link sqlite3 when installed, the main motivation is that we
reduce the podman binary size with that. I see about 2.5 MB savings.
But also dynamically linking it means if there a vulnerabilities only
the sqlite3 distro package needs updating and we don't have to make a
new podman release with the vendored update.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This reverts commit d633824a95.
The issue has been fixed in commit 9a0c0b2eef and I have not seen it
since so remove this special case.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This could have been done by simply running
GOOS=freebsd ./bin/golangci-lint run [options] ./...
on Linux, but some freebsd code is using cgo (i.e. is linked to C
libraries), so real freebsd environment is required.
This also fixes the issue of ignoring linter errors for Windows and
Darwin (exit 0), introduced by commit c9b108d5b3.
Fixes: c9b108d5b3 ("Bump golangci-lint to v2.0.2")
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
1. Strip leading v from VERSION.
This will allow to simplify renovate rule at [1].
2. Fix git branch in the URL.
In golangci-lint v2 they've switched from master to main,
and it's not clear what will happen to master over time,
so let's just switch to main prophylactically.
3. Use -b option instead of undocumented hack.
Instead of relying on an undocumented feature of having BINDIR,
let's use -b option as recommended by the official docs at [2].
4. Avoid stuttering in the output.
Before:
[kir@kir-tp1 podman]$ VERSION=2.0.2 ./hack/install_golangci.sh
golangci-lint has version 2.0.2 built with go1.24.1 from 2b224c2c on 2025-03-25T21:36:18Z
Using existing ./bin/golangci-lint has version 2.0.2 built with go1.24.1 from 2b224c2c on 2025-03-25T21:36:18Z
After:
[kir@kir-tp1 podman]$ VERSION=2.0.2 ./hack/install_golangci.sh
golangci-lint has version 2.0.2 built with go1.24.1 from 2b224c2c on 2025-03-25T21:36:18Z
Using existing ./bin/golangci-lint
5. Fix shellcheck warnings.
6. Also retry when reinstalling.
The code logic to retry install for up to 5 times when installation
fails was introduced by commit dd8574022d ("CI: retry the golangci
install").
For some reason, the above commit only uses the logic when the binary is
not found. In a situation when the binary is found but is of the wrong
version, no retries are done.
Fix that.
7. Add -f option to curl.
As recommended by the official installation docs at [2].
[1]: 16f757f699/renovate/defaults.json5 (L106-L108)
[2]: https://golangci-lint.run/welcome/install/#binaries
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
This ended up slightly more complicated than anticipated, tin part
because golangci-lint v2 dropped support for --exclude-dirs, so
linter issues with GOOS=windows and GOOS=darwin which were previously
ignored had to be fixed now.
This is also the reason why the ./hack/golangci-lint was simplified.
In addition, it now runs linters on Linux without systemd tag set.
Tested locally with:
for OS in linux windows darwin; do GOOS=$OS ./hack/golangci-lint.sh; done
Linting for GOOS=linux
+ ./bin/golangci-lint run --build-tags=apparmor,seccomp,selinux
0 issues.
+ ./bin/golangci-lint run --build-tags=apparmor,seccomp,selinux,systemd
0 issues.
+ ./bin/golangci-lint run --build-tags=apparmor,seccomp,selinux,remote
0 issues.
Linting for GOOS=windows
+ ./bin/golangci-lint run --build-tags=remote,containers_image_openpgp
0 issues.
Linting for GOOS=darwin
+ ./bin/golangci-lint run --build-tags=remote,containers_image_openpgp
0 issues.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
* treadmill script: handle an obscure corner case
wherein the script would bail because it thought
there were no buildah-vendor changes.
* two new test skips
* update the diffs; line-number changes due to buildah
PRs touching helpers.bash
Signed-off-by: Ed Santiago <santiago@redhat.com>
Debug for #23913, I though if we have no idea which process is nuking
the volume then we need to figure this out. As there is no reproducer
we can (ab)use the cleanup tracer. Simply trace all unlink syscalls to
see which process deletes our special named volume. Given the volume
name is used as path on the fs and is deleted on volume rm we should
know exactly which process deleted it the next time hopefully.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Equivalent to print() + system(). Shows individual commands
being run, which may help a developer understand and replicate
actions if they fail.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Initial purpose of treadmill PR was to run buildah-bud tests
early, and not run anything else if they fail. This was to
catch vendoring problems and not be distracted by flakes.
This was done by inspecting and massaging .cirrus.yml.
As of #21639 this code was a silent NOP because the entire
CI tree was overhauled. Here we make that work again.
Also, in #20947 I enhanced this script to run rootless
bud tests but neglected to updated the comments. Do so now.
Signed-off-by: Ed Santiago <santiago@redhat.com>
Quadlet inserts network-online.target Wants/After dependencies to ensure pulling works.
Those systemd statements cannot be subsequently reset.
In the cases where those dependencies are not wanted, we add a new
configuration item called `DefaultDependencies=` in a new section called
[Quadlet]. This section is shared between different unit types.
fixes#24193
Signed-off-by: Farya L. Maerten <me@ltow.me>
Add a new program based on bpftrace[1] to trace all podman processes
with arguments and exit code/signals. Additionally this captures stderr
from all podman container cleanup processes spawned by conmon which
otherwise go to /dev/null and are never seen in any CI logs.
Hopefull this allows us to debug strange network cleanup error seen in
CI, my plan is to add this to the cirrus setup and upload the logs so we
can check them when the flakes happen.
[1] https://github.com/bpftrace/bpftrace
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
