Tag a new release to incorporate the recent security advisory, and make
a minor update to the CI configuration and Makefile.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Bump the c/* projects as noted in the title.
This is in preparation for Podman v5.3.2
Added the change to .cirrus.yml to make the "VM img. keepalive" test
happy per @cevich 's recomendation.
Signed-off-by: tomsweeneyredhat <tsweeney@redhat.com>
Rootless users cannot set the `security.ima` xattr on files
(presumably for security reasons, they get an EPERM on trying to
do so). We will normally try and preserve that xattr, so when
trying to add a file with an IMA xattr to a build on a Buildah
without this patch, you get an error. With this patch, the error
is downgraded to a warning, as it's better to successfully build
with a missing xattr than blocking all builds which want to
include the offending file.
The urgency on this has become somewhat higher as it seems like
F41/Rawhide are installing rpm-plugin-ima by default, which is
setting IMA xattrs on some files that Podman relies on - for
example, the catatonit binary we use for pid pause images.
Without this patch, building the pause image as rootless will
always fail on a system with rpm-plugin-ima installed.
Fixes: https://github.com/containers/podman/issues/18543
Signed-off-by: Matt Heon <mheon@redhat.com>
The golang version is not new enough, this needs to be turned back on
when we upgrade VMs to f41/40 so it is only commented out.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
The fedora version where wrong in the name causing the task names to
show the wrong distro versions.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
As of https://github.com/containers/automation_images/pull/357
our CI VMs include a local registry preloaded with all(*)
images used in tests.
* where "all" means "most".
This commit defines a new registries-cached.conf, used in tests,
that redirects docker and quay to the new local registry. The
hope is that this will reduce CI flakes.
Since tests change over time, and new tests may require new
images, this commit also adds a mechanism for pulling in
remote images at test run time. Obviously this negates
the purpose of the cache, since it introduces a flake
pain point. The idea is: DO NOT DO THIS UNLESS ABSOLUTELY
NECESSARY, and then, if we have to do this, hurry up and
spin new CI VMs that include the new image(s).
Signed-off-by: Ed Santiago <santiago@redhat.com>
The conformance tests use the default temporary directory for storing
content when running, and the vfs driver easily needs more than the size
of the tmpfs we have on /tmp when we're running conformance tests.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Executing a golang cross-compile on an expensive resource such as a Mac
has questionable overall value. Switch to running on a default Fedora
VM instead.
Signed-off-by: Chris Evich <cevich@redhat.com>
Per consent in 2024-03-20 Planning, remove support for cgroups v1.
And, per discovery on 2024-05-28, systemd 256 no longer even
boots on a cgroups v1 system.
This commit switches to VMs built in:
https://github.com/containers/automation_images/pull/338
...in which Debian is now cgroups v2 with crun.
Requires disabling two conformance tests which fail when run
against docker 26.1; see #5526 for context on those.
Also requires disabling two bats tests on debian because
something changed there in ulimits. I'll look into them
later but right now this gives us breathing space.
And, latest git on f40 refuses to serve non-root files when
run as root ("dubious ownership"); so, in start_git_daemon(),
chown the extracted files.
Signed-off-by: Ed Santiago <santiago@redhat.com>
For many other CI tasks, the platform is included in the name. For
whatever reason this was never done for the conformance tests and can be
confusing for maintainers. Make it clear that they are running on
Debian.
Signed-off-by: Chris Evich <cevich@redhat.com>
For the last long time, Fedora CI VMs have had a disk /tmp.
Real-world setups typically have tmpfs /tmp. This switches
to CI VMs that reflect the real world.
See https://github.com/containers/automation_images/pull/340
Signed-off-by: Ed Santiago <santiago@redhat.com>
We seem to be running up against the timeout when running the unit tests
in CI. Give them 90 minutes to complete instead of 60.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
These jobs have been failing since early August due to
technical/scripting problems. Disable/remove entirely since a fix is
unlikely to be implemented anytime soon.
Ref: Abandoned recent attempt at debugging
https://github.com/containers/podman/pull/19720
Signed-off-by: Chris Evich <cevich@redhat.com>
During the nightly cirrus-cron job on main, this error occured:
```
Using built-in Git...
Limiting clone depth to 1!
Cloning refs/heads/main...
Enumerating objects: 9246, done.
...cut...
Compressing objects: 100% (7182/7182), done.
Total 9246 (delta 1519), reused 6078 (delta 1101), pack-reused 0
HEAD is at f35369055d.
Hard resetting to 3908816d5310ac1f7bcd4399d23d75c1da0c2678...
Failed to force reset to 3908816d5310ac1f7bcd4399d23d75c1da0c2678:
object not found!
```
However, the repository code isn't needed or used for the meta task.
Fix this by running `/bin/true` as the `clone_script`.
Signed-off-by: Chris Evich <cevich@redhat.com>
It is already required in practice, see
> grep 'func .*]('
This also renders the -compat=1.17 option to (go mod tidy)
unnecessary, so drop it.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
As of this commit, the build script runs the process on x86_64 hardware
(4cpus/8gig) using emulation for foreign architectures. Due to various
delays, inefficiencies, and other emulation-related slowdowns, it's
possible for dnf to timeout and/or mis-measure a minimum repository
download rate. Bump up the minimum download rate by 10x and timeout
interval by double. This should allow the builds to complete more
consistently.
Signed-off-by: Chris Evich <cevich@redhat.com>
The latest cirrus image bump will use fewer downloaded dependencies in
favor of installation from copr / distro repos.
Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
Nalin Dahyabhai
tomsweeneyredhat
Ed Santiago
renovate[bot]
Matt Heon
Paul Holzinger
Chris Evich
openshift-merge-bot[bot]
Daniel J Walsh
Giuseppe Scrivano
Aditya R
Miloslav Trmač
Ashley Cui
Lokesh Mandvekar