The podman module paths are moving from github.com/containers/podman to
go.podman.io/podman. This will help with future mobility.
Signed-off-by: Brent Baude <bbaude@redhat.com>
This PR reflects the upstream change of moving the buildah module from
github.com/containers/buildah to go.podman.io/buildah.
Signed-off-by: Brent Baude <bbaude@redhat.com>
Use shared configfile instead of custom policy.json path handling.
This updates ocipull to rely on signature.DefaultPolicy(), removes
explicit SignaturePolicyPath, and replaces trust's custom default-policy
path logic with common configfile code.
Replace hidden `--policypath` with --signature-policy` and require
it for `trust set` command instead of path resolution based on
configfile.
For `trust get`, the `--signature-policy` is optional.
Signed-off-by: Jan Kaluza <jkaluza@redhat.com>
The Docker client (docker run) sends /wait then /start, but it only
sends /start after receiving the 200 OK response from /wait. Previously,
the event subscription for the "died" event was set up after the 200 was
sent, creating a window where a fast-exiting container (e.g. hello-world)
could emit its "died" event before the subscription was ready, causing
the client to hang forever.
Fix this by subscribing to "died" events before flushing the 200 status
code. This guarantees the event listener is ready before the client can
send /start, eliminating the race entirely.
Fixes: https://github.com/containers/podman/issues/28514
Signed-off-by: Jan Rodák <hony.com@seznam.cz>
These are two new Buildah flags that we need to wire into Podman
(both local and remote) and document, with the interesting note
that one requires the other and a check needed to be added for
that.
Also: secret parsing was tightened up in Buildah, and was
breaking the remote build tests. Rewire it to use the new parser
Buildah made, which ends up simplifying the code considerably.
Tests are back to passing afterwards.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
This was implemented by containers/netavark #1369; this commit
completes the process by wiring it into Podman. We now respect
the CLI order for configured networks - if a user passes
`--net net1,net2` we guarantee that net1 will be configured
before net2.
For containers created before this patch, we don't retain enough
information to configure networks in CLI order, so we use
alphabetical order instead to still guarantee consistency.
No breaking API changes have been made, but we do add a new
field to supplement the existing map to (optionally) provide
ordering information. The Podman CLI will always pass this.
Existing applications that do not will, again, receive]
deterministic ordering based on an alphabetical sort of network
names.
This requires the latest version of Netavark to work properly.
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
With netavark v2 we start to default to strict isolation mode in
netavark[1] as such that already matches the docker behavior.
Therefore no longer hard code the isolate option in the compat api.
Podman v6 is requires netavark v2 for other changes already so we do
not need to worry about podman 6 + older netavark here.
[1] https://github.com/containers/netavark/pull/1438Fixes: #27349
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Just as additional hardening.
Note chrootarchive does not work on macos/windows, in that case it still
falls back to the regular pkg/archive.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
The Docker compat /containers/json endpoint was leaking podman-internal
container states ("stopped", "stopping") that are not valid Docker API
states. Docker clients that strictly validate the State field against
the documented set ("created", "running", "paused", "restarting",
"exited", "removing", "dead") would fail with deserialization errors.
LibpodToContainerJSON already performs this mapping correctly:
- "stopped" → "exited"
- "stopping" → "running"
Apply the same remapping in LibpodToContainer using a switch statement
so the list endpoint behaves consistently with the inspect endpoint.
Add a test assertion to the compat /containers/json test to verify
that a stopped container is reported with State="exited".
Fixes#28359
Signed-off-by: crawfordxx <crawfordxx@users.noreply.github.com>
In the SystemCheck HTTP handler, when parsing the
unreferenced_layer_max_age query parameter fails, the error response is
sent but execution continues to `unreferencedLayerMaximumAge = &duration`
where `duration` is the zero value. This causes the system check to run
with a zero duration instead of returning the 400 error to the client.
Add the missing `return` after the error response.
Fixes#28350
Signed-off-by: crawfordxx <crawfordxx@users.noreply.github.com>
Docker treats EndpointSettings.IPAddress as operational/state, not desired create input.
Static address requests should come from IPAMConfig fields. Using both can duplicate
the same IPv4 request and trigger already allocated IPAM errors in compose scenarios.
Ref: moby/moby#46183 (daemon validation), docker/cli#4493 (CLI IPAMConfig), moby/moby#19001 (static IP feature).
Signed-off-by: Jan Rodák <hony.com@seznam.cz>
The Docker API spec defines HTTP 409 for POST /containers/create when
the requested name is already in use. The handler was returning 500 for
all errors from ContainerCreate, including ErrCtrExists.
This mismatch breaks buildx parallel builds on Podman: buildx checks
for a conflict response to safely converge multiple concurrent builders
onto the already-running BuildKit container. With 500 it treats the
conflict as a fatal error instead, causing all but the first parallel
build to fail.
The fix follows the same pattern already used in the rename handler,
which correctly returns 409 for ErrCtrExists. The swagger annotation
for this endpoint already documents the 409 response.
Signed-off-by: Jordan Rodgers <com6056@gmail.com>
Add documentation for undocumented API parameters across multiple endpoints:
System:
- POST /libpod/system/prune: all, volumes, external, build, filters
Pods:
- DELETE /libpod/pods/{name}: timeout
- GET /libpod/pods/stats: stream, delay
Volumes:
- DELETE /volumes/{name}: timeout
- DELETE /libpod/volumes/{name}: timeout
Containers:
- GET /libpod/containers/stats: all
- POST /libpod/containers/{name}/restart: timeout
- POST /libpod/containers/{name}/resize: running
Images:
- POST /images/create: retry, retryDelay
- GET /images/json: shared-size
Exec:
- POST /libpod/exec/{id}/resize: running
Generate:
- GET /libpod/generate/{name}/systemd: templateUnitFile
Signed-off-by: Tim Zhou <tizhou@redhat.com>
Fix a few new issues reported by the linter update.
There is no need to copy the capAdd/capDrop slice in the compat create
endpoint as they are only read and not modified.
For the other code preallocate the slices so we safe memory allocations.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
The JSONProgress is not part of moby/moby API anymore:
f4127d76c5
To stay compatible with the previous client version, this commit backports
the jsonmessage.JSONProgress.String() and uses it to genereate
the progress report.
Signed-off-by: Jan Kaluza <jkaluza@redhat.com>
Replace github.com/docker/docker API imports with github.com/moby/moby
across compat handlers, swagger models, and tests to align with upstream
type definitions.
Fixes: #27536.
Signed-off-by: Jan Kaluza <jkaluza@redhat.com>
Require (linux || freebsd), because the code already does that, in practice.
This just means macOS users of IDEs aren't hit with thousands of compilation
errors (and then the IDE can open an Linux-specific file and then process it
under the Linux assumption, which works much better).
This commit ONLY replaces
//go:build !remote
with
//go:build !remote && (linux || freebsd)
and is split from the rest to allow mechanically verifying that fact,
and focusing a review on the other kinds of changes.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Pass --mount settings and the contents of the --source-policy-file
argument to remote builds.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Instead of creating a slice and then appending to it, let's inline the
initial slice into append. This may or may not result in less slice
reallocations, but it is silencing the prealloc linter warnings.
This commit is part of series fixing issues reported by prealloc linter
from golangci-lint v2.8.0.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
When we already know the resulting slice size but still need/want to use
append, it makes sense to preallocate the slice by using make with the
capacity argument.
This commit is part of series fixing issues reported by prealloc linter
from golangci-lint v2.8.0.
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
