Instead of duplicating the NewArtifactStore() call in many places and
having to make sure we always pass the same path to it define it as
function on the runtime. This allows any caller with access to the
libpod runtime to create the store easily.
This is suing a sync.OnceValues() function so the store is initialized
only once and only when actually needed.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
The goal of this new interface is to expose the blob source path and the
target file name for a bind mount into a container.
libpod will call this and then take care of setting up the actual mounts
based on the returned paths.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Create a getArtifactAndImageSource() function so this one can be shared
with the new mount blob API that is added next to avoid code
duplication.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
The main point of this is so that I can share the same lookup logic
between Extract() and then the new blob path API I add next.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
With go 1.23 the maps package was added in the std library. The linter
now wants us to use that. However the API chnaged as it returns an
iterator, thus we also have to use slices.Collect().
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
A lot of types are moved and now deprecated which causes lint issues.
IDResponse is copied into podman because that has no new 1 to 1
replacement. For some fields that we set as part of the docker API I
added the nolint directive as these fields might be used by API
consumers.
For the other types it is mostly a 1 to 1 move.
ParseUintList is deprecated but we can use the same function from
github.com/containers/storage/pkg/parsers instead.
Note that it containers breaking changes to pkg/bindings which we should
not do generally but given the prevoius commit already has a unavoidable
breaking change we might as well fix the IDResponse issue once now.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Update to the latest c/{common,image} which inclused an update to
docker v28, that update is NOT backwards compatible so I had to fix a
few types.
NOTE: handler.ExecCreateConfig is used directly by the bindings. Thus
this is an API break for pkg/bindings. Including docker types as part of
any stable pkg/bindings API was a very bad idea.
I see no way to avoid that unless we never want to docker v28, which is
not easy as the update comes in from c/image and maybe other packages.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
When certain directories, like /tmp, get mounted over, FCOS/Linux can
act in unexpected ways. Added a sanity check for a list of directories
think might be impacted by this. Also, moved the volume parsing earlier
in the init process so we can catch problems before the expensive
decompression of machine images.
The following destinations are forbidden for volumes:
`/bin`, `/boot`, `/dev`, `/etc`, `/home`, `/proc`, `/root`, `/run`, `/sbin`, `/sys`, `/tmp`, `/usr`, and `/var`. Subdirectories
Fixes: #18230
Signed-off-by: Brent Baude <bbaude@redhat.com>
When no containers could be started we need to make sure the unit status
reflects this. This means we should not send the READ=1 message and not
keep the service container running when we were unable to start any
container.
There is the question what should happen when only a subset was started.
For systemd we can only be either running or failed. And as podman kube
play also just keeps the partial started pods running I opted to let
systemd keep considering this as success.
Fixes#20667
Fixes https://issues.redhat.com/browse/RHEL-80471
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
The first condition is checking an error where no error is returned and
the second is checking even though err == nil was matched above already
so we know the error is not nil here.
Then also replace os.IsNotExist(err) with errors.Is(err, os.ErrNotExist)
as that should be used for new code.
This should not change behavior in any way.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
It is very bad practise to print to stdout in our backend code without
nay real context. The exact same error message is returned to the caller
and printed in the cli frontend hwere it should be.
Therefore drop this print as it is redundant.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
... to validate that the manifests match expected digests, if any.
Do this everywhere, even where we read local storage which is
mostly trusted, because it is cheap enough and being consistent
makes it less likely for the code to be copied into other
contexts shere the sources are not trusted.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
This commit adds the "secret" Event type and emits
"create" and "remove" events for this Event type
when Secret is created or removed.
This can be used for example by podman interfaces to
view and manage secrets.
Fixes: #24030
Signed-off-by: Jan Kaluza <jkaluza@redhat.com>
Add a new `podman machine cp` subcommand to allow users to copy files or
directories between a running Podman Machine and their host.
Tests cover the following cases:
- Copy a file from the host machine to the VM
- Copy a directory from the host machine to the VM
- Copy a file from the VM to the host machine
- Copy a directory from the VM to the host machine
- Copy a file to a directory
- Copy a directory to a file
Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
In a different PR review, it was noted that defined error types for
artifacts was lacking. We have these for most other commands and they
help with error differentiation. The changes here are to define the
errors, implement them in the library, and adopt test verifications to
match.
Signed-off-by: Brent Baude <bbaude@redhat.com>
This greatly simplifies the locking around these two functions,
and things end up looking a lot more elegant. This should prevent
the race flakes we were seeing before.
Fixes#25289
Signed-off-by: Matt Heon <mheon@redhat.com>
When the fs supports reflinks use that over a normal copy, this speeds
things up a lot when big files are used.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
avoid using the glibc fork() function after using directly the clone()
syscall, as it confuses glibc causing the fork() to hang in some
cases.
The issue has been observed only on s390x, and the fix was confirmed
in the issue discussion.
Closes: https://github.com/containers/podman/issues/25184
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Allowing for multiple manifest per artifact just makes the code and cli
design harder to work with it. It is not clear how mounting, extracting
or edit on a multi manifest artifact should have worked.
A single manifest should make the code much easier to work with.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Allow the user to provide an Ansible playbook file on init which will
then be run on boot.
Signed-off-by: Jake Correnti <jakecorrenti+github@proton.me>
Signed-off-by: Brent Baude <bbaude@redhat.com>
