| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
bc293057 bcm-2xxx-rpi: Fix configuration audit warnings (LEDS, BACKLIGHT)
8ef043d5 kver: bumping to v6.18.16
104a5c9d bcm-2xxx-rpi: Add raspberry pi5 config and add input feature by default
9b173d3a genericarm64: drop CONFIG_PINCTRL_SM8350_LPASS_LPI
0b1ea0e5 genericarm64.cfg: enable CONFIG_INTERCONNECT_QCOM_QCS8300
2fa1b419 genericarm64-pinctrl.cfg: enable CONFIG_PINCTRL_QCS8300
53f6a3a8 kver: bumping to v6.18.13
98a36302 cfgs/nfc: create an intel-nfc-vendor specific feature
6350b56a netfilter.cfg: enable NF_CONNTRACK_SNMP
a425fdd0 pmem.cfg: enable DEV_DAX and DEV_DAX_HMEM
70eeaeff genericarm64.scc: enable TRANSPARENT_HUGEPAGE support
d62a1267 security-arm64.cfg: rename CFI_CLANG to CFI
b925ef94 security-arm64.cfg: correctly enable KASAN
1fdb98a4 security-arm64.cfg: add comment for ARM64_BTI_KERNEL
6d8bf6f0 security.cfg: move RANDOMIZE_MEMORY to x86_64
18fcb6dc arm.scc: move ARM_CPUIDLE to arm only
7e1d9b2b numa_x86_64.scc: move x86_64 config from numa.cfg to numa_x86_64.cfg
e93e999e sound.cfg: split SND_SOC_WM8731 to I2C and SPI variants
5a567776 sound_x86.scc: take over x86 configs from sound.scc
1ae7ce94 genericarm64.cfg: enable MTD NAND ECC support
15d48f71 genericarm64.cfg: enable TI MTD NAND support
40a67254 genericarm64-serial.cfg: set SERIAL_8250_CONSOLE to y
5ee6148e qemu-kvm.cfg: remove extra space
9f780417 firmware.cfg: whitespace fixes
bc221187 genericarm64.cfg: fix CONFIG_PM_DEVFREQ_EVENT
aef69bf3 Revert "genericarm64.scc: enable OP-TEE support"
6f597e1a genericarm64.cfg: enable SCSI support for HiSilicon etc
f1f313cf genericarm64.scc: enable RPMB support
a4565911 genericarm64.scc: enable GNSS support
391566e2 gnss.scc: add feature
d40a455d genericarm64.cfg: enable more bus drivers
20e41104 genericarm64.cfg: enable PCI_PASID support
0b2967f5 genericarm64.scc: enable NFC support
2643b37e nfc-vendor.scc: move Intel configs to nfc-vendor-intel.cfg
b1d00b01 genericarm64.scc: enable RFKILL LED, INPUT and GPIO
92610953 rfkill-extra.scc: add fragment for RFKILL LEDs, input and GPIO support
fc7d5f45 bluetooth.cfg: enable BT_LEDS support
f18ec272 genericarm64.scc: enable HSR
79fa2c17 hsr.scc: add feature for High-availability Seamless Redundancy (HSR & PRP)
1313923a genericarm64.scc: enable Time Sensitive Networking
e190eeff intel-x86.scc: enable hibernation with feature
c941f4ee genericarm64.scc: enable hibernation support
ce5c6d9d hibernation.scc: add feature
83620a7d bluetooth-usb.cfg: enable MediaTek and RealTek support
cf6e1261 bluetooth-hw.cfg: enable BT_MTK
ffdd0769 genericarm64.cfg: enable Microchip PHY support
9e9536d1 features/iommu: remove CONFIG_INTEL_IOMMU_FLOPPY_WA=y
61265288 genericarm64.cfg: enable CONFIG_QCA808X_PHY
8e6a09c7 kver: bumping to v6.18.11
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Remove the global IMAGE_FEATURES[validitems] registration entirely.
Setting it in layer.conf or a globally-inherited bbclass changes the
varflag value, which gets pulled into the signature of every recipe
that depends on IMAGE_FEATURES — causing yocto-check-layer signature
change failures.
Image recipes that use the container-registry feature already set
IMAGE_FEATURES[validitems] locally (e.g. container-image-host.bb).
Users who want the feature in their own images add the one-liner:
IMAGE_FEATURES[validitems] += "container-registry"
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Avoid a yocto-check-layer issue:
qemu-system-native:do_recipe_qa: 05c723e48cb4253cb80f1e5dcb63767b266c72cf8a83d3d7ff36a6622e43eb50 -> 7f42888db4f5572303288c58ad79c5267fa81da05a3a71288f91f309b50ed614
bitbake-diffsigs --task qemu-system-native do_recipe_qa --signature 05c723e48cb4253cb80f1e5dcb63767b266c72cf8a83d3d7ff36a6622e43eb50 7f42888db4f5572303288c58ad79c5267fa81da05a3a71288f91f309b50ed614
NOTE: Reconnecting to bitbake server...
basehash changed from 1b770ad4a9b79d38c928331d17651d3d66a6ebc45822c336d7ab98bfa8ebfd94 to 6bc5e5507534603aa6f6ab862ab27ef9c0b9ffcfaa9922d7ef25cb563fab6ab9
Variable PACKAGECONFIG value changed:
"fdt alsa kvm pie slirp png pixman sdl virglrenderer epoxy {++}" (whitespace changed)
but moving the whitespace into the added option.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Move the container-registry IMAGE_FEATURES[validitems] registration
from layer.conf into meta-virt-container-cfg.bbclass where it can be
gated on DISTRO_FEATURES. The validitems varflag is now only registered
when vcontainer or virtualization is in DISTRO_FEATURES.
layer.conf is parsed before distro features are known, so inline
Python cannot be used there. The bbclass is loaded via USER_CLASSES
(deferred parsing) and already handles container profile configuration.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
While we need the buildpaths QA skip due to the 3rd party
nature of some bundles, we don't need the installed-vs-shipped.
There's no reason why a bundled guest isn't packaging all its
files (or deleting them).
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Somehow we have two similar registry recipes that were developed
from a different pont of view.
We don't need both.
container-registry-index is the mature, QA-compliant version
that also generates the standalone container-registry.sh helper
script.
container-registry-populate is an older, simpler version that
does only the push, so we drop it here
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This recipe can't be built without the main recipe, which is
in meta-oe meta-webserver.
Fix a S assigment, so it'll parse
And then skip if meta-webserver isn't in bblayers (not in
collections).
This will ensure that world builds don't try and pick it up
when processing meta-virt.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
to match the image recipe from XEN_GUEST_BUNDLES
Fixes:
ERROR: Nothing PROVIDES 'xen-guest-image-minimal'
xen-guest-image-minimal was skipped: using DISTRO 'distro', which is missing required DISTRO_FEATURES: 'xen'
in bitbake world builds
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We've terrorized the users of meta-virt for long enough with
the warning about the virtualization distro feature not
being set.
Modern OE has the features_check capability so recipes and
functionality that need the distro feature to be set can
just check it themselves. No need to warn over and over
again.
For now, it just default to off, but the check can be
completely removed in the future (since it does cause some
parse time overhead).
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
The upgrade of binutils in OE core broke the xen build on
arm64 due to unsupported instructions.
We cherry-pick a patch from xen master to fix the issue.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Block backfill features not needed by container runtime environments.
OE-core's DISTRO_FEATURES_BACKFILL auto-appends these to DISTRO_FEATURES
unless explicitly listed here. Without this, gobject-introspection-data
enables python3-pygobject (which DEPENDS on cairo), and wayland enables
pygobject's cairo PACKAGECONFIG — both are masked in vruntime builds.
We are using:
ISTRO_FEATURES_BACKFILL_CONSIDERED = "pulseaudio gobject-introspection-data opengl ptest multiarch wayland vulkan"
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping xen to version RELEASE-4.21.0-42-gafaf4e7b50, which comprises the following commits:
afaf4e7b50 SUPPORT.md: extend "lifetime"
056103e7ad xen: Use MFLAGS for silent-mode detection
867b7d3f97 xen/kexec: return error code for unknown hypercalls
d2a6413550 x86/domain: adjust limitation on shared_info allocation below 4G
6228ea8acd xen/mm: allow deferred scrub of physmap populate allocated pages
15cd2b8f1b xen/mm: remove aliasing of PGC_need_scrub over PGC_allocated
39c90c8dee PCI: handle PCI->PCIe bridges as well in free_pdev()
74b26c53d3 x86/EFI: correct symbol table generation with older GNU ld
3f4bf1e876 x86/amd: Fold another DE_CFG edit into amd_init_de_cfg()
8d7a0f8661 build/non-x86: fix symbol lookup in presence of build-id
25db82b062 symbols: don't omit "end" symbols upon mixed code / data aliases
fc024ebf24 symbols: ensure sorting by value yields reproducible outcome
b75f39c692 flask: fix gcov build with gcc14+
8cb60ba236 PCI: handle PCI->PCIe bridges as well in alloc_pdev()
4e3c9c2eca x86/CPU: extend is_forced_cpu_cap()'s "reach"
b3f59203a5 x86/time: deal with negative deltas in get_s_time_fixed()
bc63b09ecc xen/domain: Disallow XENMEM_claim_pages on dying domains
97593f78ea symbols: don't use symbols-dummy
ee66c42166 symbols: re-number intermediate files
3146587dbc x86/spec-ctrl: Fix incomplete IBPB flushing during context switch
41b9ae5d7e x86/shadow: don't overrun trace_emul_write_val
2872cd3121 cirrus-ci: introduce FreeBSD 15.0-RELEASE as "current" version
c692a6786b x86: fix incorrect return value for has_if_pschange_mc
fe0d896902 x86/PVH: mark pvh_setup_mmcfg() __init
82fe260552 xen/mm: move adjustment of claimed pages counters on allocation
b579e832de x86/hvm: be more strict with XENMAPSPACE_gmfn source types
e39831f590 xen/mm: reject XENMEM_claim_pages when using LLC coloring
f805b61268 x86/AMD: avoid REP MOVSB for Zen3/4
11f9427100 vPCI: avoid bogus "overlap in extended cap list" warnings
7ab1f4939a xen/x86: Pass TPM ACPI table to PVH dom0
1cacccbace x86/mm: update log-dirty bitmap when manipulating P2M
7990330478 x86/pod: fix decrease_reservation() clearing of M2P entries
16e22efbde x86/amd: Fix race editing DE_CFG
81e71ef34f x86/amd: Stop updating the Zenbleed mitigation dynamically
ba9142efd7 x86/vhpet: Fix sanitization of legacy IRQ route
747d10b76f x86/msix: fix incorrect refcount decrease in msixtlb
c7e69564e5 x86/ucode: Fix error handling during parallel ucode load
5d002b7470 x86emul/test: correct compiler checking and avoid it when merely cleaning
6adf28094f xen: Fix EFI buildid alignment
653a3dd92a x86emul/test: extend cleaning of generated files
3d966b5f13 kconfig: remove references to docs/misc/kconfig{,-language}.txt files
14ad692e3b update Xen version to 4.21.1-pre
06af9ef229 Update to Xen 4.21
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping xen to version RELEASE-4.21.0-42-gafaf4e7b50, which comprises the following commits:
afaf4e7b50 SUPPORT.md: extend "lifetime"
056103e7ad xen: Use MFLAGS for silent-mode detection
867b7d3f97 xen/kexec: return error code for unknown hypercalls
d2a6413550 x86/domain: adjust limitation on shared_info allocation below 4G
6228ea8acd xen/mm: allow deferred scrub of physmap populate allocated pages
15cd2b8f1b xen/mm: remove aliasing of PGC_need_scrub over PGC_allocated
39c90c8dee PCI: handle PCI->PCIe bridges as well in free_pdev()
74b26c53d3 x86/EFI: correct symbol table generation with older GNU ld
3f4bf1e876 x86/amd: Fold another DE_CFG edit into amd_init_de_cfg()
8d7a0f8661 build/non-x86: fix symbol lookup in presence of build-id
25db82b062 symbols: don't omit "end" symbols upon mixed code / data aliases
fc024ebf24 symbols: ensure sorting by value yields reproducible outcome
b75f39c692 flask: fix gcov build with gcc14+
8cb60ba236 PCI: handle PCI->PCIe bridges as well in alloc_pdev()
4e3c9c2eca x86/CPU: extend is_forced_cpu_cap()'s "reach"
b3f59203a5 x86/time: deal with negative deltas in get_s_time_fixed()
bc63b09ecc xen/domain: Disallow XENMEM_claim_pages on dying domains
97593f78ea symbols: don't use symbols-dummy
ee66c42166 symbols: re-number intermediate files
3146587dbc x86/spec-ctrl: Fix incomplete IBPB flushing during context switch
41b9ae5d7e x86/shadow: don't overrun trace_emul_write_val
2872cd3121 cirrus-ci: introduce FreeBSD 15.0-RELEASE as "current" version
c692a6786b x86: fix incorrect return value for has_if_pschange_mc
fe0d896902 x86/PVH: mark pvh_setup_mmcfg() __init
82fe260552 xen/mm: move adjustment of claimed pages counters on allocation
b579e832de x86/hvm: be more strict with XENMAPSPACE_gmfn source types
e39831f590 xen/mm: reject XENMEM_claim_pages when using LLC coloring
f805b61268 x86/AMD: avoid REP MOVSB for Zen3/4
11f9427100 vPCI: avoid bogus "overlap in extended cap list" warnings
7ab1f4939a xen/x86: Pass TPM ACPI table to PVH dom0
1cacccbace x86/mm: update log-dirty bitmap when manipulating P2M
7990330478 x86/pod: fix decrease_reservation() clearing of M2P entries
16e22efbde x86/amd: Fix race editing DE_CFG
81e71ef34f x86/amd: Stop updating the Zenbleed mitigation dynamically
ba9142efd7 x86/vhpet: Fix sanitization of legacy IRQ route
747d10b76f x86/msix: fix incorrect refcount decrease in msixtlb
c7e69564e5 x86/ucode: Fix error handling during parallel ucode load
5d002b7470 x86emul/test: correct compiler checking and avoid it when merely cleaning
6adf28094f xen: Fix EFI buildid alignment
653a3dd92a x86emul/test: extend cleaning of generated files
3d966b5f13 kconfig: remove references to docs/misc/kconfig{,-language}.txt files
14ad692e3b update Xen version to 4.21.1-pre
06af9ef229 Update to Xen 4.21
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Our runc is now sufficiently far ahead of the oci-image-tools
such that they aren't compatible.
But
They can still be made to work with a runc generated spec.
Update the comments to show a flow that works if using runc
directly is desired.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping buildah to version v1.43.0-1-gbbc4bd12f, which comprises the following commits:
0158b5b31 [release-1.43] Bump Buildah to v1.43.0
f40d38a2f [release-1.43] fix source test
07b8495c8 [release-1.43] Bump common 0.67.0, image 5.39.1, storage 1.62.0
7178b10ac [release-1.43] Bump dest branch in cirrus to 1.43
acca15722 fix(build): make --tag oci-archive:xxx.tar work with simple images
40b5e371e test: do not untar archive into fs when checking file names
45b48af90 tests: use cached images instead of fedoraproject.org
662aa1598 chroot.bats(chroot with overlay root): ensure we can overlay
3877dc97d Run: don't try to encode SystemContext with json
c0cc97255 [release-1.42] Bump Buildah to v1.42.2
307d1a3a4 [release-1.42] Bump runc to v1.3.4
de21106b6 [release-1.42] Bump Buildah to v1.42.1
f0700c546 [release-1.42] bump runc to v1.3.3 - CVE-2025-52881
22cd531e9 RPM: build with sequoia on F43+
1ba41f035 Bump to Buildah v1.42.0
c23bf6bf1 Bump to storage v1.61.0, image v5.38.0, common v0.66.0
858a514ff fix(deps): update module github.com/openshift/imagebuilder to v1.2.19
a0bc52535 fix(deps): update module github.com/openshift/imagebuilder to v1.2.18
4caee77d1 copier: ignore user.overlay.* xattrs
5a849d176 commit: always return the config digest as the image ID
92b342392 fix(deps): update module golang.org/x/crypto to v0.43.0
114aa3d8c fix(deps): update module golang.org/x/sys to v0.37.0
58f0f862b fix(deps): update module github.com/docker/docker to v28.5.1+incompatible
65929b93a fix(deps): update module github.com/moby/buildkit to v0.25.1
31cb2af46 fix(deps): update module github.com/opencontainers/runc to v1.3.2
8efc91385 fix(deps): update module github.com/docker/docker to v28.5.0+incompatible
ceff05295 fix(deps): update module github.com/moby/buildkit to v0.25.0
b7961ac34 fix(deps): update github.com/containers/luksy digest to 2cf5bc9
a654d3534 Make some test files different from each other
82702b493 Revert "fix(deps): update module github.com/cyphar/filepath-securejoin to v0.5.0"
3748cda03 Also run integration tests with the Sequoia backend
c9c1d764c Allow users to build against podman-sequoia in non-default locations
e3468665b fix(deps): update module github.com/cyphar/filepath-securejoin to v0.5.0
5bb6d9e48 .cirrus.yml: Test Vendoring bump golang
e3f55fec6 vendor: bump go.podman.io/{common,image,storage} to main
6d0c9ed7e fix(deps): update module golang.org/x/crypto to v0.42.0
fbe61f730 fix(deps): update module github.com/docker/docker to v28.4.0+incompatible
881f14f01 fix(deps): update module github.com/moby/buildkit to v0.24.0
bea03a01d fix(deps): update module github.com/spf13/pflag to v1.0.10
dcb6da097 fix(deps): update module github.com/fsouza/go-dockerclient to v1.12.2
477dd3563 fix(deps): update module github.com/opencontainers/runc to v1.3.1
296a8f3eb fix(deps): update module github.com/opencontainers/cgroups to v0.0.5
1c384c959 fix(deps): update module golang.org/x/sync to v0.17.0
9cd4768bd tests/run.bats: "run masks" test: accept "unreadable" masked directories
a18468f70 Run: create parent directories of mount targets with mode 0755
6e4d1ca83 tests/run.bats: "run masks" test: accept "unreadable" masked directories
af18a2ea6 New VM images
42d6b68db Suppress a linter warning
7aedebdcc modernize: JSON doesn't do "omitempty" structs, so stop asking
802b06979 modernize: use maps.Copy() instead of iterating over a map to copy it
16680a4df modernize: use strings.CutPrefix/SplitSeq/FieldsSeq
ebc9b4049 Update expected/minimum version of Go to 1.24
76c18c897 chroot: use $PATH when finding commands
02e42929f [skip-ci] Update actions/stale action to v10
95591dbc8 Update module github.com/ulikunitz/xz to v0.5.15 [SECURITY]
dd4f9fcd6 Update go.sum
7c0c647d6 New VM images
ac8573525 Update module github.com/openshift/imagebuilder to v1
3acceccf6 Update module github.com/spf13/cobra to v1.10.1
a0a9ac638 Switch common, storage and image to monorepo.
c448438ef Update module github.com/stretchr/testify to v1.11.1
57c9d52c6 Update module go.etcd.io/bbolt to v1.4.3
c4cfbcda8 Handle tagged+digested references when processing --all-platforms
fc8d43482 Update module github.com/stretchr/testify to v1.11.0
b436176d4 Add --transient-store global option
fc748f85a Support "--imagestore" global flags
a20e25136 Commit: don't depend on MountImage(), because .imagestore
13db28cdb Adding mohanboddu as community manager to MAINTAINERS.md
69a50588c Rework how we decide what to filter out of layer diffs
bf2cbe164 Note that we have to build `true` first for the sake of its tests
473656b9d copier.Stat(): return owner UID and GID if available
738fa0d3c copier.Get(): ensure that directory entries end in "/"
9461dd61d copier.Get(): strip user and group names from entries
fd498cbf5 imagebuildah.Executor/StageExecutor: check numeric --from= values
fceb8d9ed Losen the dependency on go-connections/tlsconfig
e78c0ad5a fix(deps): update module golang.org/x/crypto to v0.41.0
b49f0e2a5 fix(deps): update module golang.org/x/term to v0.34.0
494fd9dfa fix(deps): update module github.com/docker/go-connections to v0.6.0
4912cf45d fix(deps): update module golang.org/x/sys to v0.35.0
2ae2ec75b copy: assume a destination with basename "." is a directory
e31b04729 generatePathChecksum: ignore ModTime, AccessTime and ChangeTime
3e92772f6 fix(deps): update module github.com/seccomp/libseccomp-golang to v0.11.1
11e32da8d fix(deps): update module github.com/containers/common to v0.64.1
70d0451b8 History should note unset-label, timestamp, and rewrite-timestamp
7cecaa79e pkg/cli.GenBuildOptions(): don't hardwire optional bools
7cf2b7fb7 fix(deps): update module github.com/containers/image/v5 to v5.36.1
fb6ce9d07 imagebuildah.StageExecutor.Execute: commit more "no instructions" cases
0d1d1a4df fix(deps): update module github.com/containers/storage to v1.59.1
87f60f60c Only suppress "noted" items when not squashing
27c40b3db Reap stray processes
b271aecf4 fix(deps): update github.com/containers/luksy digest to 8fccf78
06207266f fix(deps): update module github.com/docker/docker to v28.3.3+incompatible
f949a49ab Restore the default meaning of `--pull` (should be `always`).
ff07ebc3e Test that pulled up parent directories are excluded at commit
7d302c38d Exclude pulled up parent directories at commit-time
95013b363 copier.Ensure(): also return parent directories
8807a0097 copier.MkdirOptions: add ModTimeNew
e729f60d5 fix(deps): update module github.com/containers/common to v0.64.0
cce5f9c32 Bump to Buildah v1.42.0-dev
8b5354ee8 fix(deps): update module github.com/spf13/pflag to v1.0.7
7a986ebcf CI: make runc tests non-blocking
2df30a83c build,add: add support for corporate proxies
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
README-xen.md:
- Add vxn and containerd integration section describing all execution
paths (containerd, vxn standalone, vdkr/vpdmn, native Docker/Podman)
- Add memory requirements section explaining QB_MEM_VALUE=1024 is
insufficient for vxn/vctr and documenting qemuparams="-m 4096"
- Add runtime tests section with build prerequisites, test commands,
and skip behavior
- Fix x86-64 runqemu command to include qemuparams="-m 4096"
vxn/README.md:
- Add testing section referencing the pytest runtime test suite
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
New test_xen_runtime.py boots xen-image-minimal via runqemu and verifies:
- Xen hypervisor running (xl list, dmesg, Dom0 memory cap)
- Bundled guest autostart (alpine visible in xl list)
- vxn standalone (vxn run --rm alpine echo hello)
- containerd/vctr integration (ctr pull + vctr run)
Uses pexpect-based XenRunner with module-scoped fixture (boot once,
run all tests). TERM=dumb set after login to suppress terminal UI
from ctr/vxn progress bars. Free memory check skips vxn/vctr tests
gracefully when insufficient Xen memory available.
Also registers 'boot' marker in conftest.py and documents build
prerequisites, test options and skip behavior in README.md.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
DAEMON_SHARE_DIR was referenced in the CA certificate copy and idle
watchdog paths but never assigned, causing 'cp: cannot create regular
file /ca.crt: Permission denied' when starting the daemon.
Create the share directory under DAEMON_SOCKET_DIR and register it
as a 9p mount, matching the path expected by daemon_run().
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Add TestXenImageMinimalX86Config test class verifying:
- QB_CPU_KVM host passthrough for Xen CPUID filtering
- QB_MEM_VALUE override (not QB_MEM which can't override bbclass)
- dom0_mem in both QB_XEN_CMDLINE_EXTRA and WKS syslinux config
- vgabios SAVANNAH_GNU_MIRROR usage
Update Alpine recipe tests for per-arch checksums (name=${ALPINE_ARCH})
and S variable. Add qemux86-64 build and boot section to README-xen.md.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix several issues found during x86-64 Xen testing:
- xen-image-minimal: use -cpu host for KVM to avoid Xen CPUID
filtering stripping AVX/AVX2 from x86-64-v3 builds, causing
illegal instruction crashes in Dom0
- xen-image-minimal: use QB_MEM_VALUE (not QB_MEM) to properly
override the hard assignment in qemuboot-xen-defaults.bbclass
- xen-image-minimal: set dom0_mem=512M via QB_XEN_CMDLINE_EXTRA
- qemuboot-xen-x86-64.cfg: add dom0_mem=512M to static syslinux
config so guest autostart has memory available
- vgabios: use ${SAVANNAH_GNU_MIRROR} for reliable downloads
- alpine-xen-guest-bundle: add per-architecture checksums for
aarch64 and x86_64 tarballs, fix S variable warning
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a host-side OCI image cache at ~/.vxn/images/ for the vdkr/vpdmn
standalone Xen path. Images pulled via skopeo are stored in a
content-addressed layout (refs/ symlinks + store/ OCI dirs) so
subsequent runs hit the cache without network access.
New commands on Xen: pull, images, rmi, tag, inspect, image <subcmd>.
The run path is unchanged — cache integration into hv_prepare_container
is deferred to a follow-up.
Also fix Docker iptables conflict: when docker-moby and vxn-docker-config
coexist on Dom0, Docker's default FORWARD DROP policy blocks DHCP for
Xen DomU vifs on xenbr0. Adding "iptables": false to daemon.json
prevents Docker from modifying iptables since VM-based containers
manage their own network stack.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Add vdkr/vpdmn as Dom0 target packages with Xen auto-detection,
native Docker/Podman config sub-packages, and OCI runtime fixes
for Docker compatibility (JSON logging, root.path, kill --all,
monitor PID lifecycle).
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Use setsid -c to establish a controlling terminal for the container
shell, fixing "can't access tty; job control turned off" and enabling
Ctrl-C signal delivery. Run in a subshell so setsid() succeeds without
forking (PID 1 is already a session leader).
Remove [vxn] diagnostic markers from interactive output now that
terminal mode is working. Suppress mount warning on read-only input
disk.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The containerd shim's Create RPC hung indefinitely because go-runc
captures the OCI runtime's stdout via a pipe, and cmd.Wait() blocks
until all holders of the pipe's write end close it. The background
monitor subshell inherited this pipe fd and held it open, preventing
the shim from ever proceeding to ReceiveMaster() or calling Start.
Fix by closing inherited stdout/stderr in the terminal-mode monitor
with exec >/dev/null before entering the domain poll loop. Non-terminal
mode is unaffected because the shim configures IO via FIFO dup2, where
cmd.Wait() only waits for process exit.
Additional changes for terminal mode support:
- vxn-sendtty: set PTY to raw mode (cfmakeraw) before sending fd
- vxn-oci-runtime: wait up to 5s for xenconsoled PTY, capture sendtty
return code, write persistent debug file to /root/vxn-tty-debug,
log every runtime invocation, remove stale debug logging
- vxn-init.sh: add [vxn] diagnostic markers for terminal visibility,
suppress kernel console messages early in interactive mode
- vcontainer-preinit.sh: suppress kernel messages in quiet mode
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Update SUMMARY and DESCRIPTION to note that runx is unmaintained
(upstream dormant since 2022) and that vxn provides the same Xen DomU
container functionality with pluggable hypervisor backends. go-build
is the serial FD handler companion to runx and is similarly superseded.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Add 'vxn' to DISTRO_FEATURES in vruntime.conf to enable Xen PV guest
kernel configuration. When set, linux-yocto_virtualization.inc includes
vxn.cfg which enables Xen PVH frontend drivers and the 9p Xen transport
(NET_9P_XEN). The base 9p stack comes from the existing vcontainer
feature via cfg/container.scc.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Add xen-guest-cross-install.bbclass for bundling Xen guest images into
Dom0 host images at build time. Supports per-guest configuration via
varflags (memory, vcpus, vif, kernel extra), custom config files,
external/pre-built guests, and autostart via /etc/xen/auto/ symlinks.
Also add example-xen-guest-bundle recipe as a template, and simplify
xen-guest-image-minimal by removing the old XEN_GUEST_AUTO_BUNDLE
do_deploy mechanism in favor of the new class-based approach.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Install vxn-init.sh alongside the existing init scripts in both vdkr
and vpdmn rootfs images. The Xen backend selects it at boot via the
vcontainer.init=/vxn-init.sh kernel command line parameter. Add
file-checksums tracking so rootfs rebuilds when the script changes.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Add 'bundle' command to the vcontainer CLI for creating OCI runtime
bundles from container images. Pulls the image via skopeo, extracts
layers into rootfs/, resolves entrypoint/cmd/env from OCI config, and
generates config.json. Supports command override via -- separator.
Only available on the Xen (vxn) backend.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Make preinit and guest init scripts hypervisor-agnostic:
- vcontainer-preinit.sh: add vcontainer.init= cmdline parameter for
init script selection and vcontainer.blk= for block device prefix
(QEMU uses /dev/vda, Xen uses /dev/xvda)
- vdkr-init.sh, vpdmn-init.sh: use NINE_P_TRANSPORT variable for 9p
mount transport (virtio for QEMU, xen for Xen)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Add vrunner-backend-qemu.sh implementing the hypervisor interface for
QEMU (arch setup, KVM detection, disk/network/9p options, VM lifecycle,
QMP control). Register backend scripts in vcontainer-native and
vcontainer-tarball recipes so they are available in both build-time
and standalone tarball contexts.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add shell-based OCI runtime (vxn-oci-runtime) that enables containerd
to manage Xen DomU containers through the standard runc shim. Non-terminal
container output flows back to ctr via the shim's pipe mechanism.
New files:
- vxn-oci-runtime: OCI runtime (create/start/state/kill/delete/features/logs)
- vxn-sendtty.c: SCM_RIGHTS helper for terminal mode PTY passing
- containerd-shim-vxn-v2: PATH trick wrapper for runc shim coexistence
- containerd-config-vxn.toml: CRI config (vxn default, runc fallback)
- vctr: convenience wrapper injecting --runtime io.containerd.vxn.v2
Key design:
- Monitor subprocess uses wait on xl console (not sleep-polling) for
instant reaction when domain dies, then extracts output markers and
writes to stdout (shim pipe -> containerd FIFO -> ctr client)
- cmd_state checks monitor PID liveness (not domain status) to prevent
premature cleanup race that killed monitor before output
- cmd_delete always destroys remnant domains (no --force needed)
- Coexists with runc: /usr/libexec/vxn/shim/runc symlink + PATH trick
Verified: vctr run --rm, vctr run -d, vxn standalone, vxn daemon mode.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Per-container DomU lifecycle:
- run -d: per-container DomU with daemon loop and PTY-based IPC
- ps: show Running vs Exited(code) via ===STATUS=== PTY query
- exec/stop/rm: send commands to per-container DomU
- logs: retrieve entrypoint output from running DomU
- Entrypoint death detection with configurable grace period
- Graceful error messages for ~25 unsupported commands
- Command quoting fix: word-count+cut preserves internal spaces
Memres (persistent DomU for fast container dispatch):
- vxn memres start/stop/status/list for persistent DomU management
- vxn run auto-dispatches to memres via xl block-attach + RUN_CONTAINER
- Guest daemon loop handles ===RUN_CONTAINER===: mount hot-plugged
xvdb, extract OCI rootfs, chroot exec entrypoint, unmount, report
- Falls back to ephemeral mode when memres is occupied (PING timeout)
- Xen-specific memres list shows xl domains and orphan detection
Tested: vxn memres start + vxn run --rm alpine echo hello +
vxn run --rm hello-world both produce correct output.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
| |
To avoid check layer issues, and distros without systemd trying
to build this package group, add a check and requirement for
systemd to be defined.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix several issues preventing non-interactive mode (vxn --no-daemon run)
from showing clean container output:
- Fix console capture: check DAEMON_MODE instead of DAEMON_SOCKET in Xen
backend so ephemeral runs use xl console capture instead of the daemon
socat bridge (DAEMON_SOCKET is always set, DAEMON_MODE is only "start"
for actual daemon launches)
- Fix race condition: add post-loop marker detection after VM exits,
with 2s delay for xl console to flush its buffer
- Add stdbuf -oL to xl console for line-buffered output
- Suppress mke2fs stdout (was only redirecting stderr)
- Suppress kernel console messages during VM lifecycle in non-verbose mode
- Fix grep -P (Perl regex) for BusyBox compatibility in exit code parsing
- Preserve temp directory on failure for debugging
- Fix hardcoded "QEMU" in error messages to "VM"
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
vxn runs OCI containers as Xen DomU guests — the VM IS the container.
No Docker/containerd runs inside the guest; the init script directly
mounts the container rootfs and execs the entrypoint via chroot.
Host-side (Dom0):
- vxn.sh: Docker-like CLI wrapper (sets HYPERVISOR=xen)
- vrunner-backend-xen.sh: Xen xl backend for vrunner
- hv_prepare_container(): pulls OCI images via skopeo,
resolves entrypoint from OCI config using jq on host
- xl create for VM lifecycle (PVH on aarch64, PV on x86_64)
- Bridge networking with iptables DNAT for port forwards
- Console capture via xl console for ephemeral mode
Guest-side (DomU):
- vxn-init.sh: mounts container rootfs from input disk,
extracts OCI layers, execs entrypoint via chroot
- Supports containers with or without /bin/sh
- grep/sed fallback for OCI config parsing (no jq needed)
- Daemon mode with command loop on hvc1
- vcontainer-init-common.sh: hypervisor detection, head -n fix
- vcontainer-preinit.sh: init selection via vcontainer.init=
Build system:
- vxn-initramfs-create.inc: assembles boot blobs from vruntime
multiconfig, injects vxn-init.sh into rootfs squashfs
- vxn_1.0.bb: Dom0 package with scripts + blobs
- nostamp on install/package chain (blobs from DEPLOY_DIR
are untracked by sstate)
- vxn.cfg: Xen PV kernel config fragment
Tested: vxn -it --no-daemon run --rm hello-world
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Add 3rd-party guest import section to README-xen.md covering
import types, kernel modes, Alpine example, and how to add
custom import handlers.
Add test_xen_guest_bundle.py with 46 pytest tests covering
bbclass structure, import handlers, kernel modes, license
warning, Alpine recipe, and README content.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Fetches Alpine Linux 3.23 minirootfs tarball and uses the
xen-guest-bundle import system (rootfs_dir type) to create a
128MB ext4 disk image. Packages as an autostarting PV guest
using the shared host kernel.
Install into a Dom0 image with:
IMAGE_INSTALL:append:pn-xen-image-minimal = " alpine-xen-guest-bundle"
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add extensible import system to convert fetched source formats
(tarballs, qcow2, etc.) into Xen-ready disk images at build time.
Built-in import types:
- rootfs_dir: extracted directory → ext4 via mkfs.ext4 -d
- qcow2: QCOW2 → raw via qemu-img convert
- ext4/raw: copy passthrough
Per-guest varflags control the import:
XEN_GUEST_SOURCE_TYPE[guest] = "rootfs_dir"
XEN_GUEST_SOURCE_FILE[guest] = "alpine-rootfs"
XEN_GUEST_IMAGE_SIZE[guest] = "128"
Also adds three kernel modes for resolve_bundle_kernel():
- (not set): shared host kernel from DEPLOY_DIR_IMAGE
- "path": custom kernel, checks UNPACKDIR then DEPLOY_DIR_IMAGE
- "none": HVM guest, omits kernel= from config
Native tool dependencies and fakeroot are resolved automatically
at parse time. External guests emit a single license warning at
do_compile time (prefunc, not parse-time).
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
New bbclass that creates installable packages bundling Xen guest
images (rootfs + kernel + config). When installed via IMAGE_INSTALL
into a Dom0 image that inherits xen-guest-cross-install, guests are
automatically deployed by merge_installed_xen_bundles().
Features:
- Parse-time dependency generation from XEN_GUEST_BUNDLES
- Per-guest varflags for memory, vcpus, vif, extra, disk, name
- Custom config file support via XEN_GUEST_CONFIG_FILE varflag
- Explicit rootfs/kernel path overrides for external guests
- Manifest-based packaging for cross-install integration
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
The recipe sets REQUIRED_DISTRO_FEATURES:class-native but never
inherits features_check, so the requirement was silently ignored.
OE-core now has an unhandled-features-check QA test that catches
this and fails the build.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
| |
6.12 has been removed from OEcore, so we drop our appends
as well.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
irqbalance: correct to install /etc/default for sysvinit
1.This commit uses option --with-pkgconfdir for sysvinit to correct to install /etc/default
Without this fix, there will show do_package QA Issue when sysvinit is used
ERROR: irqbalance-1.9.4+git-r0 do_package: QA Issue: irqbalance: Files/directories were installed but not shipped in any package:
/usr/etc
/usr/etc/default
/usr/etc/default/irqbalance.env
Previous PACKAGECONFIG[systemd] only works when systemd is used. So making this patch to fix it.
2.Merge DEPENDS for systemd into PACKAGECONFIG[systemd]
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
The anonymous python function prints a banner unconditionally at
parse time, which means it appears when building any recipe (e.g.
xen-image-minimal), not just vcontainer-tarball. Remove the
parse-time banner since the post-build banner in
do_populate_sdk:append() already provides the same information
and only fires when actually building the tarball.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
libxenmanage was introduced in Xen 4.21, but its packaging was added
to the shared xen-tools.inc. When building older versions (e.g. 4.20),
the library is not produced and the empty package breaks the hard
RDEPENDS from xen-tools, causing do_rootfs failures.
Add ALLOW_EMPTY following the existing pattern used for other
version/arch-conditional packages in this file.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping libpod to version v5.7.1-5-gec1b7c989f, which comprises the following commits:
2b52342af9 Use explicit download-artifact name and path for win-installer release
36c405582a Bump Podman to v5.7.2-dev
f845d14e94 Bump to v5.7.1
6ecc622841 Final release notes update for v5.7.1
d0558385ec kube play: Fix fd leak when handling symlinks
214f5b2fd9 Update release notes for v5.7.1
678d1b4bfd avoid potential nil ptr deref in image rm
ba6e527289 fix: check err returned by newGenericDecompressor
68022802fc pkg/specgen/generate: Fix adding host devices on FreeBSD
a27cc24f80 Replace FindExecutablePeer with FindHelperBinary
dc7509fe38 [v5.7] Bump common to v0.66.1
7ce2e00ab1 libpod: simplify resolveWorkDir()
e576e002e9 libpod: fix workdir MkdirAll() all check
f348d1bd5b [v5.7] Bump Buildah to v1.42.2, runc to v1.3.4
9538a7d976 rootless_linux.c: use shortcut for system commands
0647387bfe SetupRootless handle case where conmon pid are not valid
118ec04065 preallocate paths in SetupRootless
6a9ce66e5c fix noMoveProcess in SetupRootless
973ab34078 use return error handling in SetupRootless
363665a456 pkg/machine: make mount units hook into local-fs
db82b92d0a docs: fix redoc swagger URL
9257ac4822 Bump Podman to v5.7.1-dev
0370128fc8 Bump to v5.7.0
84c31b8fae Create release notes for v5.7.0
b6b8d23abd hack/bats: port it to use the new remote support
129c344b49 test/system: fix broken podman_runtime
708f7a14f3 test/system: fix artifact test cleanup
e737d75b2f test/system: merge artifact tests into single file
58733d714a test/system: rework artifact created test
372e142252 test/system: remove 701-artifact-created.bats
bfddcb3384 test/system: do not run artifact test in parallel
199254f039 test/system: skip flaky restore test on debian
0c99f623aa test/e2e: try to fix clean up after terminated build flake
ec1efdbdac [v5.7] Packit/TMT: remove podman-next repos from release branches
97ad660c0c [v5.7] fix lint issues with github.com/cyphar/filepath-securejoin
e6deadcc34 [v5.7] Bump to runc v1.3.3 - CVE-2025-52881
cbda92e6b3 rotate aws meta_task keys
3d23aa4a6b rotate aws key
da8d069e6a Bump Podman to v5.7.0-dev
85a6e7f8d7 Bump to v5.7.0-rc3
b7d1f77147 Update release notes for v5.7.0-rc3
fb8644d551 Fix cache misses when pulling WSL machine image
c4357e7112 test: organize search tests with BeforeEach/AfterEach patterns
64fbc2557e test: refactor search_test.go to use helper functions and PodmanExitCleanly
d6f660076b test: Replace external registry deps with mock server in search tests
a59eaccbe2 Add tmt integration plan
bfae53709c Bump bundled krunkit from 1.1.0 to 1.1.1
f12c838fb7 Allow RC Windows Installer to be built
d0b45ff1f0 Allow failures on WSL machine tests
e68cecbb60 Bump Podman to v5.7.0-dev
fa892f1df0 Bump to v5.7.0-rc2
e16a54c6bc Add release notes for v5.7.0-rc2
667757583b Bump bundled krunkit from 0.2.2 to 1.1.0
537a0233ae Fix Windows Installer GH release
829864ba74 Add CreatedAt format option to podman artifact ls
7f780d866b Bump Podman to v5.7.0-dev
03f8a02983 Bump to v5.7.0-rc1
9b5751089b Add release notes for v5.7.0-rc1
61291e8c70 quadlet: add `cat` alias for `print`
c72102d1b2 Bump Buidah to v1.42.0 for Podman v5.7
f957852e4a fix: failing tests
8e013c0012 feat(quadlet: kube): support multiple Yaml entries
9ea18b78fa Warn on boltdb use
339a432dd9 fix artifact inspect issues
9bda788edf feat(cmd): podman kube play support multiple arguments
0ea4eaee70 cmd/podman: add replace flag to quadlet install
ca106301f8 fix: typo in uidmap option doc
0b1e9a76a5 RPM: build with sequoia for F43+
1fbf24b65b feat: add `--format` flag to artifact inspect
538229da90 artifact: added CREATED column to artifact ls Fixes: #27314
bb4fa066b3 fix remote command parameters
43ff7a4c13 Add a test for containers.conf runtime options
f87c8b9cba docs: introduce custom version selector in api.html
f6dd05d9c4 add test for container name without Pod name prefix feature
a27fd9bd89 Allow artifact add to override org.opencontainers.image.title annotation
bc571ae542 Vendor in latest go.podman.io/common
74788a3fe1 fileperms: newer Go 1.13+ octal literal format
1800b34b51 Quadlet build - add support for IgnoreFile key
0a20e22384 Add default runtime flags in config
cfd4cc0932 remove libartifact from podman
b394fe1a87 chore: remove repetitive word in cmd/podman/README.md
098d8efecc add option to remove Pod name prefix in resulting container name
9dbc33bb25 Add a new Windows installer supporting user scope
fa5d6cc103 docs: initialize redoc via JS API
858150288f docs: generate Reference version list from json file
56fee79d3c fix: system prune JSON unmarshalling error in remote client
73e42b3c9c [skip-ci] Update actions/setup-node action to v6
b2aefd4cf9 docs: add missing manifest parameter to build API endpoints
1e713c1a5f Add BuildArg example into documentation
34254cd1d0 Add artifact quadlet unit type support
6d63d165ef Fix flaky sysctl completion by handling /proc/sys errors gracefully
b4d81c0338 Run `make validatepr`
c0a09e7f10 Update docs/source/markdown/podman-systemd.unit.5.md
1656c90c6e Iterate through all machine providers in FindMachineByPort
a1e7e9a46d Add local build API for direct filesystem builds on MacOS and Windows (only WSL)
1f1354c2a4 fix(deps): update module golang.org/x/term to v0.36.0
e3c9fa6ddd Update docs for StopTimeOut
6786f59648 SECURITY.md: point to container-libs
a696f8bccb Update documentation to include BuildArg key
196be4b813 Test for multiple key/val arguments
720e263767 Add BuildArg key to quadlets
aaf957edf9 fix(deps): update module golang.org/x/sys to v0.37.0
d1c43e3ae8 Fixed #27120: Pod Quadlet can configure podman pod stop --time
928a50d228 fix(deps): update module golang.org/x/net to v0.45.0
79ecc1d56b Fix --userns=ns:<path> conflicting with runc 1.1.11+
98cb7b75d9 quadlet: standardize Convert function signatures
b765c91580 Add --replace option to podman artifact add command
3e774ee285 test/system: actually wait for container removal
fdb5ac5e8f test/system: run_podman ? needs quoting
09e535fb46 quadlet: remove unused 'name' parameter from ConvertNetwork and ConvertVolume
4bd6aff4b6 fix: #23915 podman build is not parsing sbom command line arguments
3a98b6dc0e test: Wait for killed container to avoid leak
b415b0ad3e Update pkg/api/server/register_artifacts.go
fb3eaf0c87 [DOCS] Add missing stable swagger API links
72ffd00c5a fix(deps): update module github.com/onsi/ginkgo/v2 to v2.26.0
00309d3955 secret ls: align docs, completion, and tests; fix formatting
6405925f79 Add artifact fallback to podman inspect command
a724fce8aa pkg/api: api list quadlets resource
3c3b805ea7 cmd/podman: --ignore errors flag to artifact rm
090304a054 lint: reenable revive unused-parameter check
88bca78c6e stop service instances
004e6ced76 test: remove outdated skip in podman run check personality support test
3b509022cd fix(deps): update module github.com/shirou/gopsutil/v4 to v4.25.9
83e65f91a4 Quadlet - Support template dependency
87b4f842de test: fix "run healthcheck" bindings test
ebde5d1563 cmd: add auto completion for network create --interface-name
e667532110 docs: point Go Report Card badge to v5 module path
ef0a7dd486 pkg/api/handlers/compat: use strings.CutPrefix
f198fe6b13 pkg/machine/wsl: use any instead of interface{}
5824197774 pkg/machine/e2e: remove obsoleted comment
8e55b67410 docs: fix Go Report Card badge to reference current repository
b5de5efb3e cmd/podman/system: fix error handling in renumber and migrate commands
571866775d [compat api] Remove ContainerConfig field
c11941eadb [DOCS] Update volume mount docs for subpath support
feb36e4fe6 Implement TLS API Support
a27929aaaf test/e2e: fmt artifact list with virtual size
32c962a177 Add Podman 6 HLD
9bca0d01d2 Add a design document for Conmon v3
4764b0e403 Add creation timestamp to podman artifacts
4652f5c3c6 docs: clarify that --userns=keep-id runs container as host UID
5ae0e0de3d cmd/podman: added virtual size option in artifact ls
63c40feb8c test: Fix test race in 030-run
f0f05e22c6 cmd/podman: completion for --sysctl in create/run
f26483ba7d fix: standardize casing for cgroups in documentation
15fdbe9442 test: remove hack workaround in 'use plugin in containers'
51f4e614e9 test: remove skip_if_remote from podman run - uidmapping has no /sys/kernel mounts
4b9be9c218 chore(deps): update dependency golangci/golangci-lint to v2.5.0
7c9aa72c55 add containerfile doc link
a0238fb19f libpod: Fill out OnlineCPUs in the FreeBSD stats handler
602ba415c6 libpod: Implement getOnlineCPUs() on FreeBSD
39750faab3 test/system: fix test race in exec leak check
b8258a53dd Update github action to use pull_request_target
b24220b0a2 Revert "test/e2e: try debug potential pasta issue"
ab5e400a9a docs: remove remote limitation note for --build-context option
8d06a9e9f7 fix: Correct typo in chrootdirs option
2702156bd7 pkg/bindings: on terminal attach always wait for stdout to be done
7ff07b6e0c pkg/bindings: use HTTP 101 upgrade request for attach
9e2850d0a8 Add --sign-by-sq-fingerprint to push operations
2f005b67f4 Exercise containers_image_sequoia in CI
070d7c3ad3 Revert "Rewrite the Quadlet documentation."
bb422c8372 Revert "Change the syntax to not depend on jinja2."
fd60d63bf4 Revert "Deduplicate more options."
4ae8e386ef Revert "docs: restore podman-systemd.unit.5"
04af9ae3fc fix(emulation): handle fs.ErrNotExist in registeredBinfmtMisc
80f1d48d44 [skip-ci] Update actions/setup-node action to v5
aa8bbbb1ff [skip-ci] Update actions/github-script action to v8
796be1e4bf troubleshooting: document lsetxattr error
e1c1961d48 [skip-ci] Update actions/checkout action to v5
43a294fa94 vendor: update golang.org/x packages
4417e6269c use maps.Clone() over Copy() when possible
637de6022f libpod/oci_conmon_linux.go: fix false postive in linter
9e4fad8d06 pkg/systemd/quadletL silence one lint warning
78e5a521b0 inline some conditionals
8631032556 run modernize -fix ./...
dc5a791f58 use bytes.SplitSeq where possible
b97525a78d use strings.SplitSeq where possible
4e3e9bfb70 update to go 1.24
8537afca66 test/e2e: fix podman run default mask test with crun 1.24
3bb32d846b test/system: skip noswap memory mounts correctly
52fcdcf64c test/system: skip idmapped mount correctly
bd7aada776 cirrus: update to freebsd 14.3
710e216390 cirrus: fix golangci-lint cache leak
a720139dd8 New VM images 2025-09-10
5b10b51788 Add a directory for design documents
936a01e088 Quadlet build - consider File path that starts with a systemd specifier as absolute
d0be0e9659 Makefile: restore HELPER_BINARIES_DIR
2bed9a40bc fix(deps): update module google.golang.org/protobuf to v1.36.9
c70c0ac13e refactor: Modularize binding build functions
c38babff57 Adding github action to generate a badge for first time contributor
8566ef71c0 fix: set header fields before response status code to prevent missing fields
50a3e3cf8a fix(deps): update module github.com/opencontainers/cgroups to v0.0.5
6c4b98c940 test/e2e: add CVE-2025-9566 regression test
cab3c6de6d docs: restore podman-systemd.unit.5
6756eb3412 Deduplicate more options.
fdeaf2905f Update module github.com/onsi/ginkgo/v2 to v2.25.3
163bdf2df8 quadlet: fix runtime error for invalid Mount value
792bbd2046 [skip-ci] Update actions/labeler action to v6
853dd36da3 Update dependency pytest to v8.4.2
43fbde4e66 kube play: don't follow volume symlinks onto the host
4b66e5a27b Add R! to systemd-tmpfiles script for all /tmp dirs
c2506656c4 spf13/pflag: replace deprecated ParseErrorsWhitelist
ca9c8d104e update module github.com/spf13/pflag to v1.0.10
889a5fd0ac [skip-ci] Update actions/stale action to v10
f22506b74f [skip-ci] Update actions/setup-go action to v6
310f196aea fix(deps): update module github.com/docker/docker to v28.4.0+incompatible
faceb67782 test/buildah-bud: enable one skipped test
dbfddb82cb vendor: update go.podman.io/{common,image,storage}
2c6dadd724 Fix a locking bug in that could cause a double-unlock
5c810ea1c8 Makefile: add SOURCES dep to bin/podman.cross.% target
b62f887fbd Makefile: add proper docs for bin/podman.cross.%
3633cd53e8 Revert "Remove bin/podman.cross Make target"
98072bfcea refactor: modularize build REST API with utility functions
2acf5c0119 libpod: Fix the jailName helper
a250fee0ec libpod: Fix "top" support on FreeBSD
5ba23ccad5 compat: Deduplicate the Linux and FreeBSD containers/stats helpers
a341a4ee24 compat: Add a stub container/stats handler for FreeBSD
9de737bf29 Change the syntax to not depend on jinja2.
c12b1b32bc Rewrite the Quadlet documentation.
247a80db45 test/system: remove distro-integration bats tag
ee45782079 test/system: fix podman load - from URL
20fb712872 test/system: do not connect to github server
59df0782f2 Handle SIGPIPE to prevent machine stuck in Starting state
9b8e785e3c fix(deps): update module github.com/spf13/cobra to v1.10.1
c65fd9a2c2 quadlet: add HttpProxy option for Container sections
26aafb21d2 fix(deps): update module github.com/checkpoint-restore/checkpointctl to v1.4.0
46d757501a do not pass [no]copy as bind mounts options to runtime
4e2a04dedc do not pass volume-opt as bind mounts options to runtime
a98154a978 Switch common, storage and image to monorepo.
c8681b6028 chore(deps): update module github.com/ulikunitz/xz to v0.5.15 [security]
0f477eaaa6 fix(deps): update module github.com/spf13/pflag to v1.0.9
573fd0d7eb fix(deps): update module github.com/shirou/gopsutil/v4 to v4.25.8
b9812e3d9e Mention zstandard tarball import support
80348a50d0 chore(deps): update module github.com/go-viper/mapstructure/v2 to v2.4.0 [security]
3d4f8153be fix(deps): update module github.com/onsi/ginkgo/v2 to v2.25.2
3effff42eb tests: Get rid of netcat on the host and use Bash's /dev/tcp
0ff079d320 tests: Replace ncat for socat
9c3652c188 Add support for criu's tcp-close functionality.
e467439ab8 test/e2e: actually start container in startContainer
3a1ce1fb3d fix(deps): update module github.com/stretchr/testify to v1.11.1
8e59c948df test/buildah-bud: skip new failing test
df80fbcab6 test/e2e: remove image diff test skips
b172cf7475 vendor: update buildah to latest main
e76b08394e vendor: update c/{common, image, storage} to latest main
a5a00c1796 Add a release note for 5.6 Rosetta being disabled-by-default
413eea885b fix(deps): update module github.com/stretchr/testify to v1.11.0
2dd3111098 fix(libpod): truncate long hostnames to correct maximum length
18aa78a7e6 fix(deps): update module github.com/onsi/ginkgo/v2 to v2.25.1
877e208820 fix(deps): update module github.com/mattn/go-sqlite3 to v1.14.32
c51c6e58a7 fix(deps): update module github.com/onsi/ginkgo/v2 to v2.25.0
4b835f36b9 fix(deps): update module github.com/coreos/go-systemd/v22 to v22.6.0
249fa21e8a Improve documentation wording
5a2098cf61 windows: do not convert unconfined seccomp path
d267f8a3dd ci: log wsl --version output
40cd207437 Update module github.com/kevinburke/ssh_config to v1.4.0
fa5140771f Update module go.etcd.io/bbolt to v1.4.3
4b5ada39e4 Update release notes on main to reflect v5.6 release
514e686b4c podman events: show network create/remove event with journald
9d47477e82 cirrus: fix podman machine windows only_if condition
2c89069fa8 update tests duo to CRUN#1767 to support both values
cfe4d46d89 Optimize image loading for Podman machines
0a9d5ca75d Skip JSON parsing for non-JSON error responses
be0ad4a7aa [docs] Refactor Artifact API documentation
2e7d6135c6 fix(deps): update module github.com/onsi/ginkgo/v2 to v2.24.0
96d9a00adb docs(run,create): note remote clients support only docker transport
10f9c9a7e8 Configurable GINKGOTIMEOUT in `winmake.ps1`
e1d6dfd2c7 Fixes #26369
46ee62ca6a Fixes: #26353
4690bce8a8 2025 3Q Roadmap Update
c33af3c8dd docs: add missing groups and hgroups descriptors to podman-top documentation
fda74ee619 added system-connection-add options example
68ed0c08e6 fix(deps): update module github.com/containers/gvisor-tap-vsock to v0.8.7
700351a813 test/buildah-bud/run-buildah-bud-tests: loosen the branch regexp
21f2128d79 added example for custom socket
599c635f9f chore(deps): update dependency golangci/golangci-lint to v2.4.0
6d54a298c9 chore(deps): update docker.io/library/golang docker tag to v1.25
3ca729a2fb fix: Correct small typo foce -> force
f38e32760d feat: Add artifact remove --all option
b0febf3336 Update ADOPTERS.md
5706d2a61e make machine --user-mode-networking docs more clear
4bb4cf62cb [skip-ci] Update actions/checkout action to v5
512e04946c remove outdated dependencies/analyses scripts
5f5519607b contrib: add script and docs to analyze dependency usage
b6b8d05a52 Small changes suggested by markdown linter.
a0e6396c43 Updated with Type descriptions.
9a2dccf4f4 Add a deprecation notice for users of BoltDB
9b62438ede test/buildah-bud: fix checkout to also handle go.mod replace
8633b5edeb Update module golang.org/x/net to v0.43.0
cc465e7227 Updated with badges for Type and no extra line.
930cd25739 Feat: Add log_path support in containers.conf
e14b8acba8 Update vendor dependencies
1d6fda8eda New: initial ADOPTERS.md file.
7247d84fbe Fix typo
a75f74b1d3 Fixes: #26691
2959d9f7ec fix: drop yearly contributor badge
8ef76a6933 [skip-ci] Update actions/download-artifact action to v5
b5fce87237 Manpages: Added --filter flag examples to all the relevant podman manpages
7c95ceae57 Manpages: podman container runlabel added example with --replace
67ec2037c0 Add support for configuring tls verification with machine init
69f8f26d98 pkg/machine/e2e: remove build context skip
b8bba308b0 fix(deps): update common, image, and storage deps
ca3347cc2b doc(podman-system.unit.5.md): clarify user/group
6c27165054 Packit: do not notify on podman-next failures
1001450d77 chore(deps): update dependency golangci/golangci-lint to v2.3.1
32ec523ef6 Makefile: Clarify different `binaries` targets
f96eccb1ac docs: add examples with resource limits and mounts to podman pod create manpage
b7b7839ad3 compat: remove deprecated VirtualSize
a6fa3de870 fix(deps): update module github.com/shirou/gopsutil/v4 to v4.25.7
4a7974a7a8 [CI:DOCS] Remove Experimental from Artifacts man pages
0530a564a7 Fix: Improve error message for empty device modes in API requests
5ab92a7499 docs(kube play): clarify --annotation flag only affects containers, not pods
23ebb7d94c feat: add Podman artifact support to Go bindings and remote clients
0666b4ffbf events: add support for label filter with key only
610c4c7710 compat: GET /_ping return Builder-Version: 1
1963c6275e compat: remove GET /system/df BuilderSize
b0e7a2ec9b compat: add shared-size par to GET /images/json
e33d92ce9e docs: add LFX Insights badges
b5d18e873f Fix ancestor filter to support Docker-compatible substring matching
924e03ac97 fix(deps): update module github.com/mattn/go-sqlite3 to v1.14.30
88bb9daeab fix(deps): update module github.com/docker/docker to v28.3.3+incompatible [security]
0740b94fcd fix(deps): update module sigs.k8s.io/yaml to v1.6.0
003a4d44a1 docs: add resource limit examples to podman pod clone manpage
81d6d90195 Improve handling of --publish and incompatible NetNS modes
df2862e72c Consolidate the definition and consumption of --sign* CLI options
426e787beb Fix (podman artifact push --creds)
67927715cf Remove unused CLI options
dd8bc6ccb9 Bump main to v5.7.0-dev
7f2908afcf podman: add --creds and --cert-dir to create/run
31fafad0c1 Update module github.com/mattn/go-sqlite3 to v1.14.29
dcd187946d Skip rather than comment bad diff tests
4395ff1f25 Link to blog post
3ef33653ff compat: RepoTags and RepoDigest return [] and not null
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
yocto-check-layer reports an error for any task between do_fetch and
do_build that has network enabled. Two changes fix this:
container-bundle.bbclass: Move do_fetch_containers from a standalone
task into a do_fetch postfunc. When remote containers are configured,
the anonymous function adds extend_recipe_sysroot as a do_fetch
prefunc (so skopeo-native is available) and do_fetch_containers as a
postfunc. Network access during do_fetch is permitted by the QA check.
container-registry-index: Remove do_container_registry_index from the
build dependency chain (drop "before do_build"). Registry push is a
deployment action requiring explicit invocation:
bitbake container-registry-index -c container_registry_index
The default do_build task now prints usage instructions.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Inject the kcfg sysroot root into the scc search path so compound .scc
files (like container.scc) can resolve their include directives.
kernel-yocto.bbclass adds type=kmeta directories to -I includes via
find_kernel_feature_dirs/feat_dirs.
The prefunc replaces the placeholder directory with a symlink to the
kcfg sysroot so that spp can resolve include directives within
scc files that reference other fragments by relative path (e.g.
"include cfg/9p.scc" inside container.scc).
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
| |
Move from the meta-virt hosted fragments to common fragments
that are in the kernel-cache.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
| |
In particular we pick up the consolidated container configuration
options.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
