Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

podman: 3.1.2 -> 3.2.1 #125598

Merged
merged 2 commits into from
Jun 18, 2021
Merged

podman: 3.1.2 -> 3.2.1 #125598

merged 2 commits into from
Jun 18, 2021

Conversation

zowoq
Copy link
Contributor

@zowoq zowoq commented Jun 4, 2021
edited
Loading

https://github.com/containers/podman/releases/tag/v3.2.0

Motivation for this change
Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Added a release notes entry if the change is major or breaking
  • Fits CONTRIBUTING.md.

nixos tests failing ...

@ofborg ofborg bot added 11.by: package-maintainer This PR was created by the maintainer of the package it changes 10.rebuild-darwin: 1-10 10.rebuild-linux: 1-10 labels Jun 4, 2021
saschagrunert
saschagrunert approved these changes Jun 4, 2021
View reviewed changes
Copy link
Member

@saschagrunert saschagrunert left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@zowoq
Copy link
Contributor Author

zowoq commented Jun 4, 2021
edited
Loading 

podman run --rm -it docker.io/alpine
Error: opening seccomp profile failed: open /usr/share/containers/seccomp.json: no such file or directory

https://github.com/containers/podman/releases/tag/v3.2.0

  • The podman info command now includes the path of the Seccomp profile Podman is using, available cgroup controllers, and whether Podman is connected to a remote service or running containers locally.
  • Fixed a bug where setting a custom Seccomp profile via the seccomp_profile option in containers.conf had no effect, and the default profile was used instead.

Not sure if we're supposed to have been shipping seccomp.json and the upstream fixes have surfaced this or if the missing file error is actually a bug and the file isn't required by default.

I'll continue with this PR tomorrow and I'll have a dig through the podman code then.

@zowoq zowoq added the 2.status: work-in-progress This PR isn't done label Jun 4, 2021
@saschagrunert
Copy link
Member

saschagrunert commented Jun 4, 2021
edited
Loading

I'll continue with this PR tomorrow and I'll have a dig through the podman code then.

Thank you! I expect that podman falls back to the internal seccomp profile (struct) if the file is not present on disk. So maybe this is a real regression, yes.

@saschagrunert
Copy link
Member

Created containers/podman#10556 for tracking

@zowoq
Copy link
Contributor Author

zowoq commented Jun 4, 2021

Thank you @saschagrunert!

@zowoq
Copy link
Contributor Author

zowoq commented Jun 10, 2021
edited
Loading

Oh, I should have looked at the logs sooner. I'd assumed the test failure was the same as the seccomp problem I ran into trying podman manually but it's a different error.

tar cv --files-from /dev/null | podman import - scratchimg
Getting image source signatures
Copying blob 84ff92691f90 .
Error: Error reading blob sha256:84ff92691f909a05b224e1c56abb4864f01b4f8e3c854e4bb4c7baf1d3f6d652: Digest did not match, expected sha256:84ff92691f909a05b224e1c56abb4864f01b4f8e3c854e4bb4c7baf1d3f6d652, got sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

> podman system prune -af && tar cv --files-from /dev/null | podman import - scratchimg
Deleted Images
Total reclaimed space: 0B
Getting image source signatures
Copying blob 84ff92691f90 .
Error: Error reading blob sha256:84ff92691f909a05b224e1c56abb4864f01b4f8e3c854e4bb4c7baf1d3f6d652: Digest did not match, expected sha256:84ff92691f909a05b224e1c56abb4864f01b4f8e3c854e4bb4c7baf1d3f6d652, got sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

> podman system prune -af && tar cvf scratchimg.tar --files-from /dev/null && podman import scratchimg.tar scratchimg
Deleted Images
Total reclaimed space: 0B
Getting image source signatures
Copying blob 84ff92691f90 done
Copying config 2f7343ecb7 done
Writing manifest to image destination
Storing signatures
scratchimg

Bisected to containers/podman@0f7d54b.

I'll file an issue about this upstream when I have time.

@zowoq zowoq changed the title podman: 3.1.2 -> 3.2.0 podman: 3.1.2 -> 3.2.1 Jun 15, 2021
@ofborg ofborg bot requested a review from saschagrunert June 15, 2021 00:58
saschagrunert
saschagrunert approved these changes Jun 15, 2021
View reviewed changes
Copy link
Member

@saschagrunert saschagrunert left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@zowoq zowoq marked this pull request as ready for review June 18, 2021 05:44
@github-actions github-actions bot added the 6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS label Jun 18, 2021
@zowoq zowoq removed 2.status: work-in-progress This PR isn't done 6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS labels Jun 18, 2021
@github-actions github-actions bot added the 6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS label Jun 18, 2021
@ofborg ofborg bot requested a review from saschagrunert June 18, 2021 05:53
@zowoq
Copy link
Contributor Author

zowoq commented Jun 18, 2021

@ofborg build podman.tests

@adisbladis
Copy link
Member

LGTM and tests are passing so I'm feeling fine about this one.

cc @roberth as this release supposedly adds support for rootless docker-compose.
containers/podman#9169

@adisbladis adisbladis merged commit 1394a33 into NixOS:master Jun 18, 2021
@zowoq zowoq deleted the podman branch June 18, 2021 23:12
@roberth roberth mentioned this pull request Jun 21, 2021
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kalbasit kalbasit Awaiting requested review from kalbasit

@adisbladis adisbladis Awaiting requested review from adisbladis

@vdemeester vdemeester Awaiting requested review from vdemeester

@marsam marsam Awaiting requested review from marsam

@saschagrunert saschagrunert Awaiting requested review from saschagrunert

Assignees
No one assigned
Labels
6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 10.rebuild-darwin: 1-10 10.rebuild-linux: 1-10 11.by: package-maintainer This PR was created by the maintainer of the package it changes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@zowoq @saschagrunert @adisbladis