Fixes#14021
Substitution values built from `$(shell ...)` output can easily be empty
due to the shell's default `pipefail` behavior. This can also hide
non-zero exit codes, similarly resulting in empty values being set.
While not a perfect fix, the situation is improved by using the
`err_if_empty` function in all cases where empty values would be
unexpected. Remove the definitions for `GIT_BRANCH` and
`GIT_BRANCH_CLEAN` which don't seem to actually be used anywhere
(including in code).
Add a simple release-test to verify `podman info` outputs a non-empty
value for "GitCommit".
Signed-off-by: Chris Evich <cevich@redhat.com>
Some of the targets overwrite $GOOS. Since podman-remote-static should
always build for linux we can force linux GOOS here.
Fixes#14201
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
GOPROXY's default value is "https://proxy.golang.org,direct"
since go 1.13, so it is redundant to set it explicitly.
For some reason though, GOPROXY in Cirrus CI is set to direct,
which makes things such as go mod tidy very slow. So, set the
proper (default) value for in in .cirrus.yml. Do the same for GOSUMDB.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Remove GOPATH setting as since Go 1.9 it defaults to $HOME/go (for
earlier versions it had to be specified explicitly).
Remove GOPATH-related code from the spec, using relative paths when
compiling packages, and enable Go modules, simplifying the spec.
Remove support for multiple paths in GOPATH (which is rarely used and
doesn't really work with modules).
Remove setting GOBIN, rely on $GOPATH/bin instead. In case GOBIN is
explicitly set (which is highly unlikely), forcefully ignore by
unsetting it.
Remove GOBIN from tools invocation since we added GOPATH/bin to PATH.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Since about Go 1.10 (or whereabouts) the specific package structure
is no longer required.
This also removes GOPKGDIR and GOPKGBASEDIR as they were only used by
gopathok.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
This was originally added in commit a824186ac9 to be used from
Travis CI. Travis was removed in commit 8771a03af1 and there is
no need to have this target ever since (October 2018).
Also, remove the comment about BUILD_TAGS, which originally belonged to
varlink target (removed by commit f62a356515) but got misplaced
later.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Support running `podman play kube` in systemd by exploiting the
previously added "service containers". During `play kube`, a service
container is started before all the pods and containers, and is stopped
last. The service container communicates its conmon PID via sdnotify.
Add a new systemd template to dispatch such k8s workloads. The argument
of the template is the path to the k8s file. Note that the path must be
escaped for systemd not to bark:
Let's assume we have a `top.yaml` file in the home directory:
```
$ escaped=$(systemd-escape ~/top.yaml)
$ systemctl --user start podman-play-kube@$escaped.service
```
Closes: https://issues.redhat.com/browse/RUN-1287
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Since `./hack` has been removed from the Makefile's path, add it back
for `make localbenchmarks` to make `podman-registry` binary available
for running local registries.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
This path should never, ever, ever be included in `$PATH` as it is
almost guaranteed to cause serious and non-obvious breakage in CI. Fix
it and include a warning comment.
Signed-off-by: Chris Evich <cevich@redhat.com>
Instead of using the main module we should vendor the test tools in a
different directory. That way we do not add extra dependencies to the
main module which can be problemetic for packages or other users.
This is already done in buildah so this makes us more consitent.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
We can vendor the test dependencies such as go-md2man, git-validation
and goimports. This allows us to always install the same version as
specified in go.mod. Also we do not rely on a network connection for
this.
The advantage with this method is that dependabot will also update the
dependencies for us and we do not have to hardcode versions in the
Makefile.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
go get is deprecated, we should use go install instead.
Also for some reason go get -u golang.org/x/tools/cmd/goimports is
broken at the moment, thus failing CI jobs where we have to install
this. Switching to go install seems to fix it.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Add more benchmarks for the most common and performance-critical image
commands. Benchmarks for `podman build` should go into a separate
section.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
This PR introduces a test suite for podman machine. It can currently be
run on developers' local machines and is not part of the official CI
testing; however, the expectation is that any work on machine should
come with an accompanying test.
At present, the test must be run on Linux. It is untested on Darwin.
There is no Makefile target for the test. It can be run like `ginkgo -v
pkg/machine/test/.`. It should be run as a unprivileged user.
Signed-off-by: Brent Baude <bbaude@redhat.com>
The default verbosity level does not show the classes or function names.
This makes it difficult to debug problems like hangs. Also, separate
the bats and python-based tests into two sections. This allows for
easier debugging, since isolation can be done in `runner.sh` rather than
mucking with the `Makefile`. Lastly, update the logformatter script
to `autoflush stdout` (thanks @edsantiago).
Signed-off-by: Chris Evich <cevich@redhat.com>
Add a proof of concept for benchmarking Podman. The benchmarks are
implemented by means of the end-to-end test suite but hidden behind
a `benchmarks` build tag. Running `make localbenchmarks` will run
`test/e2e` with the specific build tag and set ginkgo's "focus" to
the specific "Podman Benchmark Suite" to only run this spec and skip
all others.
ginkgo will print a report before terminating listing the CPU and memory
stats for each benchmark. New benchmarks can easily be added via the
`newBenchmark` function that also supports adding an `init()` function
to each benchmark which allows for performing certain setups for the
specific benchmark. For instance, benchmarking `podman start` requires
creating a container beforehand.
Podman may be called more than once in the main function of a benchmark
but note that the displayed memory consumption is then a sum of all
Podman invocations. The memory consumption is collected via
`/usr/bin/time`.
A benchmark's report is split into CPU and memory as displayed below:
```
[CPU] podman images:
Fastest Time: 0.146s
Slowest Time: 0.187s
Average Time: 0.180s ± 0.015s
[MEM] podman images:
Smallest: 41892.0KB
Largest: 42792.0KB
Average: 42380.7KB ± 286.4KB
```
Note that the benchmarks are not wired into the CI yet. They are meant
as a proof of concept. More benchmarks and the plumbing into CI will
happen in a later change.
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
Add a CI check to prevent unwanted bloat in binary images,
by building a baseline (pre-PR) binary then comparing file
sizes post-PR.
Part 1 (#13518) added a new script that runs multiple 'make's,
comparing image sizes against an original, and failing loudly
if growth is too big. An override mechanism is defined.
This is part 2 of 2: adding the CI rule. We couldn't do that
in part 1, because the rule would call a script that didn't
exist in the pre-PR commit.
Signed-off-by: Ed Santiago <santiago@redhat.com>
* supports Go 1.18
* disable a number of new linters
* fix minor stylecheck issues
[NO NEW TESTS NEEDED]
Signed-off-by: Valentin Rothberg <vrothberg@redhat.com>
* Add configuration to add report header for python client used in tests
* Move report headers into the individual test runners vs runner.sh
Signed-off-by: Jhon Honce <jhonce@redhat.com>
* Add which python client is being used to run tests, see "python
client" below.
* Remove redundate code from test classes
* Update/Add comments to modules and classes
======================================================= test session starts ========================================================
platform linux -- Python 3.10.0, pytest-6.2.4, py-1.10.0, pluggy-0.13.1
python client -- DockerClient
rootdir: /home/jhonce/Projects/go/src/github.com/containers/podman
plugins: requests-mock-1.8.0
collected 33 items
test/python/docker/compat/test_containers.py ...s.............. [ 54%]
test/python/docker/compat/test_images.py ............ [ 90%]
test/python/docker/compat/test_system.py ... [100%]
Note: Follow-up PRs will verify the test results and expand the tests.
Signed-off-by: Jhon Honce <jhonce@redhat.com>
Packagers for other distributions and package managers may put their helper binaries in other location prefixes.
Add HELPER_BINARIES_DIR to the makefile so packagers can set the prefix when building Podman.
HELPER_BINARIES_DIR will be set at link-time.
Example usage: make podman-remote HELPER_BINARIES_DIR=/my/location/prefix
Signed-off-by: Ashley Cui <acui@redhat.com>
Rootless users cannot load the ip_tables module, in fedora 36 this
module is no longer loaded by default so we have to add it manually.
This is needed because rootless network setup tries to use iptables
and if iptables-legacy is used instead of iptables-nft it will fail.
To provide a better user experience we will load the module at boot.
Note that this is not needed for RHEL because iptables-legacy is not
supported on RHEL 8 and newer.
[NO NEW TESTS NEEDED]
Fixes#12661
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Building from source would involve separate `make` and `make install`
steps.
This removes a lot of unnecessary `-nobuild` targets which were
otherwise needed for packaging.
This commit also removes spec files for unused copr jobs.
[NO NEW TESTS NEEDED]
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
Heuristic to initialize TunnelMode/remote podman:
- Podman built with remote tag
- Podman running on darwin or windows GOOS
- CONTAINER_HOST or CONTAINER_CONNECTION set in environment
- --remote flag given on command line
- From containers.conf, Engine.Remote == true and GOOS == linux
Otherwise, podman will run in ABIMode/linked against libpod library.
Fixes#12866
Signed-off-by: Jhon Honce <jhonce@redhat.com>
Fixes#11089 - cleanup PATH on MSI uninstall
Additionally fixes scenarios where the path can be overwritten by setx
Also removes the console flash, since the helper is built as a silent gui
Helper executable can be rerun by user to repair PATHs broken by other tools
Utilizes executable location instead of passed parameters to remove delicate escaping requirements
[NO NEW TESTS NEEDED]
Signed-off-by: Jason T. Greene <jason.greene@redhat.com>
The Docker-compatible REST API has historically behaved just as the rest
of Podman and Buildah (and the atomic Docker in older RHEL/Fedora) where
`containers-registries.conf` is centrally controlling which registries
a short name may resolve to during pull or local image lookups. Please
refer to a blog for more details [1].
Docker, however, is only resolving short names to docker.io which has
been reported (see #12320) to break certain clients who rely on this
behavior. In order to support this scenario, `containers.conf(5)`
received a new option to control whether Podman's compat API resolves
to docker.io only or behaves as before.
Most endpoints allow for directly normalizing parameters that represent
an image. If set in containers.conf, Podman will then normalize the
references directly to docker.io. The build endpoint is an outlier
since images are also referenced in Dockerfiles. The Buildah API,
however, supports specifying a custom `types.SystemContext` in which
we can set a field that enforces short-name resolution to docker.io
in `c/image/pkg/shortnames`.
Notice that this a "hybrid" approach of doing the normalization directly
in the compat endpoints *and* in `pkg/shortnames` by passing a system
context. Doing such a hybrid approach is neccessary since the compat
and the libpod endpoints share the same `libimage.Runtime` which makes
a global enforcement via the `libimage.Runtime.systemContext`
impossible. Having two separate runtimes for the compat and the libpod
endpoints seems risky and not generally applicable to all endpoints.
[1] https://www.redhat.com/sysadmin/container-image-short-namesFixes: #12320
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
This reverts commit 9d2b8d2791 since
catatonit's new pause functionality can replace the `pause` binary
entirely.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Add the k8s pause binary to `pause/pause.c` and do the plumbing in the
Makefile to install it in $libexec/podman/pause/pause. It is intended to
replace the k8s pause image and hence the need for network connectivity
when creating pods.
[NO NEW TESTS NEEDED] since it will be tested in a following commit.
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
