Since compat version 1.43 the VirtualSize field in the
GET /images/{name}/json, GET /images/json, and
GET /system/df responses is deprecated and will no
longer be included in API v1.44. Use the Size field
instead, which contains the same information.
Signed-off-by: Nicola Sella <nsella@redhat.com>
- Add specific check for empty device modes in ParseDevice function
- Change error message from 'invalid device mode: ' to 'empty device mode in device specification: <device>'
- Include full device specification in error message for better context
- Add test cases for empty device mode scenarios
- Resolves issue where '/dev/fuse::' provided unhelpful error message
Fixes#26629
Signed-off-by: Devashish08 <devashish.cs025@gmail.com>
Add the Go bindings implementation necessary to support Artifacts.
Implement the tunnel interface that consumes the Artifacts Go bindings.
With this patch, users of the Podman remote clients will now be able to
manage OCI artifacts via the Podman CLI and Podman machine.
Jira: https://issues.redhat.com/browse/RUN-2714#
Signed-off-by: Lewis Roy <lewis@redhat.com>
- Remove redundant exact match checks in ancestor filter implementations
- Add comprehensive test coverage for both prefix and non-prefix substring matching
- Fix missing output verification in ID filter test
- Improve test reliability with proper length checks and consistent flags
- Remove unnecessary length check to ensure tests fail properly if image ID is too short
- Add -q and --no-trunc flags for consistent test output format
- Focus test on substring ID matching specifically (not image names)
- Restore image name matching functionality for existing tests
- Keep substring ID matching for Docker compatibility
- Ensure both regex matching and substring ID matching work together
The ancestor filter now supports both:
1. Image name matching (existing functionality)
2. Substring ID matching (new Docker compatibility feature)
Fixes: #26623
Signed-off-by: shiavm006 <shivammittal42006@gmail.com>
CLI options have no place in pkg/domain/entities, and these
are never set anyway.
Should not change behavior.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Add --creds flag to podman create and podman run commands to support
registry authentication during image pulling.
Without this flag, users must perform a separate `podman pull
--creds/--cert-dir` first and then remember to specify `--pull=never`.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Drop the inheritlabels and inheritannotations flags in the description
for the compat build endpoint, because the docker engine's build
endpoint doesn't recognize them.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Don't force the SkipUnusedStages option one way or another when the
client doesn't specifically request one or the other, so that the server
can choose to use its default behavior.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Don't force the CompatVolumes option one way or another when the client
doesn't specifically request one or the other, so that the server can
choose to use its default behavior.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Don't force the IdentityLabel option one way or another when the client
doesn't specifically request one or the other, so that the server can
choose to use its default behavior.
Fixes#26669
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
The "compat-volumes" setting shouldn't be provided by the compat build
endpoint, the docker daemon's isn't expected to recognize it.
It is also a conditional boolean flag, so if it isn't specified by the
caller, don't send a value from a client to the server, so that the
server will be able to apply its own default.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
The inherit-labels setting is a conditional boolean flag, so if it isn't
specified either way by the caller, don't send a value from a client to
the server, so that the server will be able to apply its own default.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
When parsing an entry in /proc/sys/fs/binfmt_misc, don't return an error
if we find an empty "flags" field in the file. Wine packaged for Fedora
provides a binfmt.d file that results in such a file, so... it's normal.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Wire up the source-date-epoch, rewrite-timestamp, and created-annotation
flags so that a client can correctly ask a server to honor them.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Fixed the --build-context flag to properly send files for remote builds. Previously
only the main context was sent over as a tar while additional contexts were passed as
local paths and this would cause builds to fail since the files wouldn't exist.
New changes modifies the Build API to use multipart HTTP requests allowing multiple
build contexts to be used. Each additional context is packaged and
transferred based on its type:
- Local Directories: Sent as tar archives
- Git Repositories: link sent to the server where its then cloned
- Container Images: Image reference sent to the server, it then pulls the image there
- URLs/archives: URL sent to the server, which handles the download
Fixes: #23433
Signed-off-by: Joshua Arrevillaga <2004jarrevillaga@gmail.com>
There is no reason for local and rmeote to use a different error that
just differs in quoting. Make them consitent to simplify the tests.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
I noticed recently when I made a typo that then auto-update errored but
it did not tell me which container was incorrect so I had to check all
containers myself. Include the container ID in the error to make it
clear which container has the issue.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Do not ignore ErrUnexpectedEOF from DemuxHeader(), if we fail to parse
the header there must have been a clear protocal error between client
and server which should be reported and not silently ignored. I wonder
ig this might explain why we have missing remote exec/attach output
without any error, it is possible we are eating some internal errors due
this.
Commit ba8eba83ef added the ErrUnexpectedEOF check but without any
explanation why that would be needed. The tests from that commit pass
without it locally but not in CI. With some debugging best I found the
issue is actually a test bug. The channel is not consumed until it is
closed which means the main test exists before the log reading goroutine
is done. And if the main test exists the first step it does is to kill
the podman service which then can trigger the ErrUnexpectedEOF server on
the still open http connection and thus the test case failed there.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
DemuxFrame() already returns a byte slice with the correct length so
this makes it simpler and the caller does not need to check this at all.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
io.ReadFull() already returns ErrUnexpectedEOF if there was a short read
so this check is redundant and can be dropped.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Lock access to and modification of the index.json file, to ensure
concurrent addition/removal does not result in lost state. Use a
standard c/storage lockfile, making use of its r/w locking
ability to support concurrent access, only serializing writes.
This is not a very efficient locking scheme around artifact
removal and - especially - addition. I view this as the first
step, establishing any sort of mutual exclusion to prevent state
corruption. Step 2 is to adapt the staged removal work being
done to make image removal require only minimal use of locks,
ensuring it works with artifact addition. This staged addition
means we won't have to hold the lock for the full artifact pull.
Signed-off-by: Matt Heon <mheon@redhat.com>
