- Bump version: 3.1.26 → 3.1.27
- Add support for --force option for remove
Add support for podman remove --force mode. In this
mode the referenced application will be force removed
and no sanity checks if this is pointing to a flake
registration will be done. Eventually missing files
do not cause an error.
- Fix spec file
Allow to build for Fedora, fix packager e-mail
- Bump version: 3.1.25 → 3.1.26
- Allow force registration with arbitrary data
When using --force also register even if the eventually
conflicting file does not belong to a flake registration
- Add --force option for register command
Allow to force writing the registration even if a
registration of the same name already exists. Also
update the man pages.
- Bump version: 3.1.24 → 3.1.25
- Improve command debug log
Make sure the command called is part of the log message
and not only the arguments
- drop obsolete permission settings
OBS-URL: https://build.opensuse.org/request/show/1329371
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/flake-pilot?expand=0&rev=18
- Allow force registration with arbitrary data
When using --force also register even if the eventually
conflicting file does not belong to a flake registration
- Add --force option for register command
Allow to force writing the registration even if a
registration of the same name already exists. Also
update the man pages.
- Bump version: 3.1.24 → 3.1.25
- Improve command debug log
Make sure the command called is part of the log message
and not only the arguments
- drop obsolete permission settings
With the proper user vs. system wide setup there is no
need for the hacky permission adaptions. This also
improves the runtime performance
- Fixup flake lookup
system wide first, then user specific
- Fix podman remove for both workloads
Make sure podman remove functions properly when called
in system and/or user mode. Sanity checks must be performed
before any file/directory removal starts.
OBS-URL: https://build.opensuse.org/package/show/Virtualization:Appliances:Builder/flake-pilot?expand=0&rev=60
- Clippy fixes
Avoid unneeded unwrap
- Use pull policy set to: newer
if the image on the registry is newer than the one in the
local flake registry, make sure to fetch the latest version
automatically. Pull errors are suppressed if a local image
was found and we can't pull from the source location e.g an
image that was provided by a package and the blob was loaded
from the local storage.
OBS-URL: https://build.opensuse.org/package/show/Virtualization:Appliances:Builder/flake-pilot?expand=0&rev=58
- Improve error handling
Check for the presence of the main flake registration.
Even though this should never happen because the file
is the result of a successful flake-ctl registration we
cannot prevent users from working with it outside
flake-ctl. In addition explicitly match on potential
parse errors from aml_rust::YamlLoader instead of looking
at the error message as result from an Err unwrap.
- Better error handling for config_from_str()
If the provided source data is empty this is not an error
for YamlLoader and the empty data is just passed along as
a None value. The unconditional unwrap of a None value
however, let the application to panic into a stacktrace.
This commit catches the condition and provides a better
error message.
- Use derive statement for Writeback
replaced the manual implementation with a derive attribute
and marked the default variant instead of adding a default()
implementation
- Add information about potential firewall conflicts
Add a note about the NAT setup for firecracker guests to
connect with the host.
OBS-URL: https://build.opensuse.org/package/show/Virtualization:Appliances:Builder/flake-pilot?expand=0&rev=56
- Fixes to use flakes as normal user
Running a flake is a container based instance provisioning
and startup. Some part of this process requires root permissions
for example mounting the container instance store for the
provisioning step. This commit fixes the required calls to
be properly managed by sudo.
OBS-URL: https://build.opensuse.org/package/show/Virtualization:Appliances:Builder/flake-pilot?expand=0&rev=54
- Bump version: 3.1.20 → 3.1.21
- seed from entropy
- Fix assignment of random sequence number
We should use a seed for the sequence as described in
https://rust-random.github.io/book/guide-seeding.html#a-simple-number
In addition the logic when a random sequence number should
be used was wrong and needed a fix regarding resume and
attach type flakes which must not use a random sequence
- Pass --init option for resume type flakes
In resume mode a sleep command is used to keep the container
open. However, without the --init option there is no signal
handling available. This commit fixes it
- Revert "kill prior remove when using %remove flag"
This reverts commit 06c7d4aa71f74865dfecba399fd08cc2fde2e1f2.
no hard killing needed with the event loop entrypoint
- Fixed CVE-2025-55159 slab: incorrect bounds check
Update to slab 0.4.11 to fix the mentioned CVE.
This Fixes bsc#1248004
- Apply clippy fixes
- Create sequence number for the same invocation
If a flake which is not a resume or attach flake is called twice
with the same invocation arguments an error message is displayed
to give this invocation a new name via the @NAME runtime option.
OBS-URL: https://build.opensuse.org/request/show/1300815
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/flake-pilot?expand=0&rev=14
- seed from entropy
- Fix assignment of random sequence number
We should use a seed for the sequence as described in
https://rust-random.github.io/book/guide-seeding.html#a-simple-number
In addition the logic when a random sequence number should
be used was wrong and needed a fix regarding resume and
attach type flakes which must not use a random sequence
- Pass --init option for resume type flakes
In resume mode a sleep command is used to keep the container
open. However, without the --init option there is no signal
handling available. This commit fixes it
- Revert "kill prior remove when using %remove flag"
This reverts commit 06c7d4aa71f74865dfecba399fd08cc2fde2e1f2.
no hard killing needed with the event loop entrypoint
- Fixed CVE-2025-55159 slab: incorrect bounds check
Update to slab 0.4.11 to fix the mentioned CVE.
This Fixes bsc#1248004
- Apply clippy fixes
- Create sequence number for the same invocation
If a flake which is not a resume or attach flake is called twice
with the same invocation arguments an error message is displayed
to give this invocation a new name via the @NAME runtime option.
OBS-URL: https://build.opensuse.org/package/show/Virtualization:Appliances:Builder/flake-pilot?expand=0&rev=52
Require firefracker only for TW as it exists in no
other version of SUSE. In case the firecracker-pilot
is installed on a system that has no firecracker it
must be installed to this system in an alternative
way which is easily possible because firefracker
is also a rust application only depending on libc
OBS-URL: https://build.opensuse.org/package/show/Virtualization:Appliances:Builder/flake-pilot?expand=0&rev=46
- Bump version: 3.1.17 → 3.1.18
- Style fixes
- Fix error handling for container check methods
The condition to setup permissions and redo the call
was done when the exec of the call was not possible.
But this is not the right place to check for a permission
denied error. This commit fixes the evaluation of the
error data
- Bump version: 3.1.16 → 3.1.17
- Don't use perform for bool status methods
The perform() call checks the status code and raises an
ExecutionError. This does not allow us to return a
false boolean. Use output() call instead
- Bump version: 3.1.15 → 3.1.16
- No error return for bool method
- Bump version: 3.1.14 → 3.1.15
- Fix call for podman_setup_permissions
Make sure podman_setup_permissions is only called if there
is a permission problem detected.
OBS-URL: https://build.opensuse.org/request/show/1245362
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/flake-pilot?expand=0&rev=10
- Style fixes
- Fix error handling for container check methods
The condition to setup permissions and redo the call
was done when the exec of the call was not possible.
But this is not the right place to check for a permission
denied error. This commit fixes the evaluation of the
error data
- Bump version: 3.1.16 → 3.1.17
- Don't use perform for bool status methods
The perform() call checks the status code and raises an
ExecutionError. This does not allow us to return a
false boolean. Use output() call instead
- Bump version: 3.1.15 → 3.1.16
- No error return for bool method
- Bump version: 3.1.14 → 3.1.15
- Fix call for podman_setup_permissions
Make sure podman_setup_permissions is only called if there
is a permission problem detected.
OBS-URL: https://build.opensuse.org/package/show/Virtualization:Appliances:Builder/flake-pilot?expand=0&rev=44
- Use actions/upload-artifact: v4
- Make clippy happy
- Fix building runtime arguments
Use get_run_cmdline method everywhere
- Fix container cleanup
A flake configured to be attached can also be re-started
using the same container storage. However, the container
was always removed when the command exited. This commit
fixes it to avoid removing the container of attach type
flakes. In addition a flake option %remove was added to
allow removing the container created for resume and attach
type flakes
OBS-URL: https://build.opensuse.org/package/show/Virtualization:Appliances:Builder/flake-pilot?expand=0&rev=39
- Allow env placeholders for the podman pilot
The podman runtime arguments allows to set environment
variable placeholders starting with '%' and followed by
the name of the environment variable. For example %HOME
will be replaced to the value of $HOME of the calling user.
If the given placeholder cannot be translated into an
existing environment variable it will be turned into the
variable name, $HOME in the above example.
OBS-URL: https://build.opensuse.org/package/show/Virtualization:Appliances:Builder/flake-pilot?expand=0&rev=37
- Include systemfiles.libs for host provisioning
Only use copy-links for the files mentioned in
systemfiles.libs. The other systemfiles are synced in the
usual way.
- Make sure interactive processes can run
- Fixed podman call dead lock
When calling the flake and stdout/stderr gets redirected into
a pipe like `flake | grep ... | cut ...` the pilot binary runs
in a dead lock because there is no reader/writer to feed the
pipe from the child process (podman) executed via the pilot.
This commit fixes it by making sure all data from the child
gets read first and then passed along to stdout/stderr of the
caller.
OBS-URL: https://build.opensuse.org/package/show/Virtualization:Appliances:Builder/flake-pilot?expand=0&rev=34
- Copy symlinks for host dependencies
For provisioning of host dependencies copy symlinks such
that they appear under their name as a file and not as a
symlink. We use this logic for the host dependency sync
only to be less strict on versioned library syncing
- Clippy fix
elide the lifetimes for User instances
OBS-URL: https://build.opensuse.org/package/show/Virtualization:Appliances:Builder/flake-pilot?expand=0&rev=33
- Fixed the runroot permission fixup
podman differentiates the runroot between root and rootless
calls. If you initially call a flake as a user the initial
podman database gets setup as rootless variant which also
allows root based workloads without permission issues.
However, if you do it the other way round the runroot is
setup for root only which prevents the flake to be called
as normal user. To handle this permission issues we have
fix methods in the flake common code to change the
permissions according to the calling user via sudo. The
code to handle permissions for the runroot target has to
apply for all users as we can't predict if the storage
will be setup initially as rootless or for root only
OBS-URL: https://build.opensuse.org/package/show/Virtualization:Appliances:Builder/flake-pilot?expand=0&rev=31
- Add support for systemfiles provisioning
If the base container comes with a systemfiles metadata file
it will be used to transfer all the data mentioned in the file
from the host to the instance. In contrast to the removed files
the systemfiles sync will not continue when failed and this
can only be overwritten via the %ignore_sync_error flake option
- Doc clarification
Using the term "container name" can be confusing and interpreted as simply
the name of the container itself. What we really need to make registration
work is the path of the container in the local registry. Clarify the
documentation by adding a not ethat points out this potential pitfall.
OBS-URL: https://build.opensuse.org/package/show/Virtualization:Appliances:Builder/flake-pilot?expand=0&rev=29
- Fixed code still not using flakes config file
- Allow to mount podman storage in rootless mode
Temporary gain root permissions via sudo for mounting
and modifying instance storage. This allows for provisioning
transparent containers also for non root users but still
requires sudo to be configured properly.
- Make sure flake-ctl also reads /etc/flakes.yml
The system wide configuration file was not read by flake-ctl
only by the pilots. This commit fixes it
OBS-URL: https://build.opensuse.org/package/show/Virtualization:Appliances:Builder/flake-pilot?expand=0&rev=19
- Turn terminal flag setup into function
- Bump version: 3.0.11 → 3.0.12
- Fix race condition on connection check
- set PS1 prompt via sci env
- Add terminal settings for pty stdout in sci
disable ECHO
- Fix invalid early exit condition
- Bump version: 3.0.10 → 3.0.11
- Fix build for Leap
Issues on the gcc side for static targets, disable
sci static build for older targets, e.g Leap
- Prevent use of socat in firecracker-pilot
Do not shell out socat and use proper UnixListener/UnixStream
to do this job. This version of the commit works but I stumbled
across a few issues:
1. Permission denied when the UnixListener runs as user and the
firecracker process was called as root (run_as: root in the flake).
The former implementation ran socat via sudo in the same way as
the firecracker process. Thus if you register the flake to
run as root it can now also only be called as root, which is
acceptable.
2. The behavior in interactive sessions differs compared to socat.
OBS-URL: https://build.opensuse.org/request/show/1166791
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/flake-pilot?expand=0&rev=3
