Merge pull request #8640 from mheon/221_backports

Backports for v2.2.1
author: OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> 2020-12-07 17:28:28 -0500
committer: GitHub <noreply@github.com> 2020-12-07 17:28:28 -0500
commit: 23d2deed30c2491a2cf59644324f27c9eebf7ba4 (patch)
tree: e191f6ea97f53e22f9b43e04900fe9df1e65eef9 /pkg/domain
parent: 4c424e845239aef6e8cdab93dc19f55f4314513c (diff)
parent: 33bde4569ccb65b447150894c56f9a351a09a471 (diff)
download: podman-23d2deed30c2491a2cf59644324f27c9eebf7ba4.tar.gz
podman-23d2deed30c2491a2cf59644324f27c9eebf7ba4.tar.bz2
podman-23d2deed30c2491a2cf59644324f27c9eebf7ba4.zip
2 files changed, 90 insertions, 74 deletions
diff --git a/pkg/domain/infra/abi/images.go b/pkg/domain/infra/abi/images.go
index ef0e15264..75ce518b6 100644
--- a/pkg/domain/infra/abi/images.go
+++ b/pkg/domain/infra/abi/images.go
@@ -714,83 +714,90 @@ func (ir *ImageEngine) Sign(ctx context.Context, names []string, options entitie
 	}
 
 	for _, signimage := range names {
-		srcRef, err := alltransports.ParseImageName(signimage)
-		if err != nil {
-			return nil, errors.Wrapf(err, "error parsing image name")
-		}
-		rawSource, err := srcRef.NewImageSource(ctx, sc)
-		if err != nil {
-			return nil, errors.Wrapf(err, "error getting image source")
-		}
-		err = rawSource.Close()
-		if err != nil {
-			logrus.Errorf("unable to close new image source %q", err)
-		}
-		getManifest, _, err := rawSource.GetManifest(ctx, nil)
-		if err != nil {
-			return nil, errors.Wrapf(err, "error getting getManifest")
-		}
-		dockerReference := rawSource.Reference().DockerReference()
-		if dockerReference == nil {
-			return nil, errors.Errorf("cannot determine canonical Docker reference for destination %s", transports.ImageName(rawSource.Reference()))
-		}
-		var sigStoreDir string
-		if options.Directory != "" {
-			sigStoreDir = options.Directory
-		}
-		if sigStoreDir == "" {
-			if rootless.IsRootless() {
-				sigStoreDir = filepath.Join(filepath.Dir(ir.Libpod.StorageConfig().GraphRoot), "sigstore")
-			} else {
-				var sigStoreURI string
-				registryInfo := trust.HaveMatchRegistry(rawSource.Reference().DockerReference().String(), registryConfigs)
-				if registryInfo != nil {
-					if sigStoreURI = registryInfo.SigStoreStaging; sigStoreURI == "" {
-						sigStoreURI = registryInfo.SigStore
-					}
+		err = func() error {
+			srcRef, err := alltransports.ParseImageName(signimage)
+			if err != nil {
+				return errors.Wrapf(err, "error parsing image name")
+			}
+			rawSource, err := srcRef.NewImageSource(ctx, sc)
+			if err != nil {
+				return errors.Wrapf(err, "error getting image source")
+			}
+			defer func() {
+				if err = rawSource.Close(); err != nil {
+					logrus.Errorf("unable to close %s image source %q", srcRef.DockerReference().Name(), err)
 				}
-				if sigStoreURI == "" {
-					return nil, errors.Errorf("no signature storage configuration found for %s", rawSource.Reference().DockerReference().String())
+			}()
+			getManifest, _, err := rawSource.GetManifest(ctx, nil)
+			if err != nil {
+				return errors.Wrapf(err, "error getting getManifest")
+			}
+			dockerReference := rawSource.Reference().DockerReference()
+			if dockerReference == nil {
+				return errors.Errorf("cannot determine canonical Docker reference for destination %s", transports.ImageName(rawSource.Reference()))
+			}
+			var sigStoreDir string
+			if options.Directory != "" {
+				sigStoreDir = options.Directory
+			}
+			if sigStoreDir == "" {
+				if rootless.IsRootless() {
+					sigStoreDir = filepath.Join(filepath.Dir(ir.Libpod.StorageConfig().GraphRoot), "sigstore")
+				} else {
+					var sigStoreURI string
+					registryInfo := trust.HaveMatchRegistry(rawSource.Reference().DockerReference().String(), registryConfigs)
+					if registryInfo != nil {
+						if sigStoreURI = registryInfo.SigStoreStaging; sigStoreURI == "" {
+							sigStoreURI = registryInfo.SigStore
+						}
+					}
+					if sigStoreURI == "" {
+						return errors.Errorf("no signature storage configuration found for %s", rawSource.Reference().DockerReference().String())
 
-				}
-				sigStoreDir, err = localPathFromURI(sigStoreURI)
-				if err != nil {
-					return nil, errors.Wrapf(err, "invalid signature storage %s", sigStoreURI)
+					}
+					sigStoreDir, err = localPathFromURI(sigStoreURI)
+					if err != nil {
+						return errors.Wrapf(err, "invalid signature storage %s", sigStoreURI)
+					}
 				}
 			}
-		}
-		manifestDigest, err := manifest.Digest(getManifest)
-		if err != nil {
-			return nil, err
-		}
-		repo := reference.Path(dockerReference)
-		if path.Clean(repo) != repo { // Coverage: This should not be reachable because /./ and /../ components are not valid in docker references
-			return nil, errors.Errorf("Unexpected path elements in Docker reference %s for signature storage", dockerReference.String())
-		}
+			manifestDigest, err := manifest.Digest(getManifest)
+			if err != nil {
+				return err
+			}
+			repo := reference.Path(dockerReference)
+			if path.Clean(repo) != repo { // Coverage: This should not be reachable because /./ and /../ components are not valid in docker references
+				return errors.Errorf("Unexpected path elements in Docker reference %s for signature storage", dockerReference.String())
+			}
 
-		// create signature
-		newSig, err := signature.SignDockerManifest(getManifest, dockerReference.String(), mech, options.SignBy)
-		if err != nil {
-			return nil, errors.Wrapf(err, "error creating new signature")
-		}
-		// create the signstore file
-		signatureDir := fmt.Sprintf("%s@%s=%s", filepath.Join(sigStoreDir, repo), manifestDigest.Algorithm(), manifestDigest.Hex())
-		if err := os.MkdirAll(signatureDir, 0751); err != nil {
-			// The directory is allowed to exist
-			if !os.IsExist(err) {
-				logrus.Error(err)
-				continue
+			// create signature
+			newSig, err := signature.SignDockerManifest(getManifest, dockerReference.String(), mech, options.SignBy)
+			if err != nil {
+				return errors.Wrapf(err, "error creating new signature")
 			}
-		}
-		sigFilename, err := getSigFilename(signatureDir)
-		if err != nil {
-			logrus.Errorf("error creating sigstore file: %v", err)
-			continue
-		}
-		err = ioutil.WriteFile(filepath.Join(signatureDir, sigFilename), newSig, 0644)
+			// create the signstore file
+			signatureDir := fmt.Sprintf("%s@%s=%s", filepath.Join(sigStoreDir, repo), manifestDigest.Algorithm(), manifestDigest.Hex())
+			if err := os.MkdirAll(signatureDir, 0751); err != nil {
+				// The directory is allowed to exist
+				if !os.IsExist(err) {
+					logrus.Error(err)
+					return nil
+				}
+			}
+			sigFilename, err := getSigFilename(signatureDir)
+			if err != nil {
+				logrus.Errorf("error creating sigstore file: %v", err)
+				return nil
+			}
+			err = ioutil.WriteFile(filepath.Join(signatureDir, sigFilename), newSig, 0644)
+			if err != nil {
+				logrus.Errorf("error storing signature for %s", rawSource.Reference().DockerReference().String())
+				return nil
+			}
+			return nil
+		}()
 		if err != nil {
-			logrus.Errorf("error storing signature for %s", rawSource.Reference().DockerReference().String())
-			continue
+			return nil, err
 		}
 	}
 	return nil, nil
diff --git a/pkg/domain/infra/abi/system.go b/pkg/domain/infra/abi/system.go
index 72fd98ac1..ec2532bea 100644
--- a/pkg/domain/infra/abi/system.go
+++ b/pkg/domain/infra/abi/system.go
@@ -11,6 +11,7 @@ import (
 	"strings"
 
 	"github.com/containers/common/pkg/config"
+	"github.com/containers/podman/v2/libpod"
 	"github.com/containers/podman/v2/libpod/define"
 	"github.com/containers/podman/v2/pkg/cgroups"
 	"github.com/containers/podman/v2/pkg/domain/entities"
@@ -86,7 +87,11 @@ func (ic *ContainerEngine) SetupRootless(_ context.Context, cmd *cobra.Command)
 		return nil
 	}
 
-	pausePidPath, err := util.GetRootlessPauseProcessPidPath()
+	tmpDir, err := ic.Libpod.TmpDir()
+	if err != nil {
+		return err
+	}
+	pausePidPath, err := util.GetRootlessPauseProcessPidPathGivenDir(tmpDir)
 	if err != nil {
 		return errors.Wrapf(err, "could not get pause process pid file path")
 	}
@@ -112,7 +117,7 @@ func (ic *ContainerEngine) SetupRootless(_ context.Context, cmd *cobra.Command)
 	}
 
 	became, ret, err = rootless.TryJoinFromFilePaths(pausePidPath, true, paths)
-	if err := movePauseProcessToScope(); err != nil {
+	if err := movePauseProcessToScope(ic.Libpod); err != nil {
 		conf, err := ic.Config(context.Background())
 		if err != nil {
 			return err
@@ -133,8 +138,12 @@ func (ic *ContainerEngine) SetupRootless(_ context.Context, cmd *cobra.Command)
 	return nil
 }
 
-func movePauseProcessToScope() error {
-	pausePidPath, err := util.GetRootlessPauseProcessPidPath()
+func movePauseProcessToScope(r *libpod.Runtime) error {
+	tmpDir, err := r.TmpDir()
+	if err != nil {
+		return err
+	}
+	pausePidPath, err := util.GetRootlessPauseProcessPidPathGivenDir(tmpDir)
 	if err != nil {
 		return errors.Wrapf(err, "could not get pause process pid file path")
 	}
author	OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com>	2020-12-07 17:28:28 -0500
committer	GitHub <noreply@github.com>	2020-12-07 17:28:28 -0500
commit	23d2deed30c2491a2cf59644324f27c9eebf7ba4 (patch)
tree	e191f6ea97f53e22f9b43e04900fe9df1e65eef9 /pkg/domain
parent	4c424e845239aef6e8cdab93dc19f55f4314513c (diff)
parent	33bde4569ccb65b447150894c56f9a351a09a471 (diff)
download	podman-23d2deed30c2491a2cf59644324f27c9eebf7ba4.tar.gz podman-23d2deed30c2491a2cf59644324f27c9eebf7ba4.tar.bz2 podman-23d2deed30c2491a2cf59644324f27c9eebf7ba4.zip