diff options
24 files changed, 197 insertions, 29 deletions
diff --git a/.cirrus.yml b/.cirrus.yml index 5d810fa65..7f295e22e 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -363,6 +363,7 @@ testing_task: failed_branch_script: '$CIRRUS_WORKING_DIR/$SCRIPT_BASE/notice_branch_failure.sh' always: &standardlogs + package_versions_script: '$SCRIPT_BASE/logcollector.sh packages' ginkgo_node_logs_script: '$SCRIPT_BASE/logcollector.sh ginkgo' df_script: '$SCRIPT_BASE/logcollector.sh df' audit_log_script: '$SCRIPT_BASE/logcollector.sh audit' diff --git a/Dockerfile b/Dockerfile index 1f51cd874..3c65bf5a8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -8,6 +8,7 @@ RUN apt-get update && apt-get install -y \ build-essential \ curl \ e2fslibs-dev \ + file \ gawk \ gettext \ go-md2man \ diff --git a/Dockerfile.centos b/Dockerfile.centos index 513c4bdfd..9af7ef7f1 100644 --- a/Dockerfile.centos +++ b/Dockerfile.centos @@ -2,9 +2,12 @@ FROM registry.centos.org/centos/centos:7 RUN yum -y install btrfs-progs-devel \ atomic-registries \ + autoconf \ + automake \ bzip2 \ device-mapper-devel \ findutils \ + file \ git \ glibc-static \ glib2-devel \ @@ -15,6 +18,7 @@ RUN yum -y install btrfs-progs-devel \ libassuan-devel \ libseccomp-devel \ libselinux-devel \ + libtool \ containers-common \ runc \ make \ @@ -3,7 +3,7 @@ export GOPROXY=https://proxy.golang.org GO ?= go DESTDIR ?= -EPOCH_TEST_COMMIT ?= 0000afc1af06b04ececeb91637bb3d80d6f47e14 +EPOCH_TEST_COMMIT ?= d7eba026876e4a6a362464dcf08fe6757ebedd1a HEAD ?= HEAD CHANGELOG_BASE ?= HEAD~ CHANGELOG_TARGET ?= HEAD diff --git a/changelog.txt b/changelog.txt index 1e9d17d06..7d6522c4d 100644 --- a/changelog.txt +++ b/changelog.txt @@ -1,3 +1,44 @@ +- Changelog for v1.6.0 (2019-09-30) + * info: add cgroups2 + * Finalize release notes for 1.6.0 final + * Bump github.com/onsi/ginkgo from 1.8.0 to 1.10.1 + * Bump github.com/docker/docker-credential-helpers from 0.6.2 to 0.6.3 + * Bump github.com/stretchr/testify from 1.3.0 to 1.4.0 + * Bump github.com/uber/jaeger-client-go + * Bump github.com/spf13/pflag from 1.0.3 to 1.0.5 + * update c/storage to v1.13.4 + * Cirrus: Minor, fix env. var. intention + * new examples added updated two examples with supported CMD and ENTRYPOINT syntax. + * new testcase for podman import --change added + * syntax updated for podman import --change + * Correct use of reexec.Init() + * Add a missing escape in the Makefile + * Change ginkgo Wait() to Eventually() test + * Set log-level immediately, before rootless setup + * Cirrus: Implement newly built VM images + * Add README note about security reporting process. + * Cirrus: Disable boottime Ubuntu package update + * Move noCache logic lower in stack + * cirrus: Add bash-completion support + * Add an error for pods without a name + * Make links relative in Tutorial README + * docs/podman-derivative-api.md: New file + * fix cp none exists dest path ends with '/' + * Dockerfile.fedora: install packages to build catatonit + * README: add Communications section + * drop OWNERS link for CONTRIBUTING.md + * Bump gitvalidation epoch + * Bump to v1.6.0-dev + * Handle conflict between volumes and --read-only-tmpfs + * Cirrus: Upload windows MSI release file + * conditionally send stdin on remote run + * Cirrus: VM Image accounting doc update + * Force a CNI Delete on refreshing containers + * Document the required varlink build args + * Update mac_client link + * Cirrus: Fail early on CI script unit test + * Unconditionally remove conmon files before starting + - Changelog for v1.6.0-rc2 (2019-09-24) * Add release notes for new-in-RC2 changes * system tests: run test: reenable and fix diff --git a/contrib/cirrus/logcollector.sh b/contrib/cirrus/logcollector.sh index 425a619b0..3393ac9b5 100755 --- a/contrib/cirrus/logcollector.sh +++ b/contrib/cirrus/logcollector.sh @@ -32,5 +32,42 @@ case $1 in df) showrun df -lhTx tmpfs ;; ginkgo) showrun cat $CIRRUS_WORKING_DIR/test/e2e/ginkgo-node-*.log ;; journal) showrun journalctl -b ;; + packages) + case $OS_RELEASE_ID in + fedora*) + PKG_LST_CMD='rpm -q --qf=%{N}-%{V}-%{R}-%{ARCH}\n' + PKG_NAMES=(\ + container-selinux \ + containernetworking-plugins \ + containers-common \ + criu \ + golang \ + podman \ + slirp4netns \ + ) + if [[ "$OS_RELEASE_VER" -lt "31" ]]; then + PKG_NAMES+=(runc) + else + PKG_NAMES+=(crun) + fi + ;; + ubuntu*) + PKG_LST_CMD='dpkg-query --show --showformat=${Package}-${Version}-${Architecture}\n' + PKG_NAMES=(\ + containernetworking-plugins \ + containers-common \ + cri-o-runc \ + criu \ + golang \ + libvarlink \ + podman \ + skopeo \ + slirp4netns \ + ) + ;; + *) bad_os_id_ver ;; + esac + $PKG_LST_CMD ${PKG_NAMES[@]} | sort -u + ;; *) die 1 "Warning, $(basename $0) doesn't know how to handle the parameter '$1'" esac diff --git a/contrib/cirrus/packer/fedora_setup.sh b/contrib/cirrus/packer/fedora_setup.sh index 8e0a2b2ee..679ad3b8d 100644 --- a/contrib/cirrus/packer/fedora_setup.sh +++ b/contrib/cirrus/packer/fedora_setup.sh @@ -37,6 +37,7 @@ ooe.sh sudo dnf install -y \ criu \ device-mapper-devel \ emacs-nox \ + file \ findutils \ fuse3 \ fuse3-devel \ @@ -61,6 +62,7 @@ ooe.sh sudo dnf install -y \ libseccomp \ libseccomp-devel \ libselinux-devel \ + libtool \ libvarlink-util \ lsof \ make \ diff --git a/contrib/cirrus/packer/ubuntu_setup.sh b/contrib/cirrus/packer/ubuntu_setup.sh index c94e74a08..2f54da9ed 100644 --- a/contrib/cirrus/packer/ubuntu_setup.sh +++ b/contrib/cirrus/packer/ubuntu_setup.sh @@ -61,6 +61,7 @@ $BIGTO $SUDOAPTGET install \ curl \ e2fslibs-dev \ emacs-nox \ + file \ gawk \ gcc \ gettext \ diff --git a/contrib/spec/podman.spec.in b/contrib/spec/podman.spec.in index 6ac324499..dc734a6b4 100644 --- a/contrib/spec/podman.spec.in +++ b/contrib/spec/podman.spec.in @@ -39,7 +39,7 @@ %global shortcommit_conmon %(c=%{commit_conmon}; echo ${c:0:7}) Name: podman -Version: 1.6.0 +Version: 1.6.1 Release: #COMMITDATE#.git%{shortcommit0}%{?dist} Summary: Manage Pods, Containers and Container Images License: ASL 2.0 diff --git a/docs/podman-derivative-api.md b/docs/tutorials/podman-derivative-api.md index 0342bb740..0342bb740 100644 --- a/docs/podman-derivative-api.md +++ b/docs/tutorials/podman-derivative-api.md @@ -12,7 +12,7 @@ require ( github.com/checkpoint-restore/go-criu v0.0.0-20190109184317-bdb7599cd87b github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc // indirect github.com/containernetworking/cni v0.7.1 - github.com/containernetworking/plugins v0.8.1 + github.com/containernetworking/plugins v0.8.2 github.com/containers/buildah v1.11.2 github.com/containers/conmon v0.3.0 // indirect github.com/containers/image v3.0.2+incompatible @@ -20,7 +20,6 @@ require ( github.com/containers/storage v1.13.4 github.com/coreos/bbolt v1.3.3 // indirect github.com/coreos/etcd v3.3.13+incompatible // indirect - github.com/coreos/go-iptables v0.4.2 // indirect github.com/coreos/go-semver v0.3.0 // indirect github.com/coreos/go-systemd v0.0.0-20190719114852-fd7a80b32e1f github.com/cri-o/ocicni v0.1.1-0.20190702175919-7762645d18ca @@ -76,7 +75,6 @@ require ( github.com/pmezard/go-difflib v1.0.0 github.com/prometheus/common v0.6.0 // indirect github.com/rogpeppe/fastuuid v1.1.0 // indirect - github.com/safchain/ethtool v0.0.0-20190326074333-42ed695e3de8 // indirect github.com/seccomp/containers-golang v0.0.0-20190312124753-8ca8945ccf5f // indirect github.com/seccomp/libseccomp-golang v0.9.1 // indirect github.com/sirupsen/logrus v1.4.2 @@ -106,7 +104,6 @@ require ( google.golang.org/genproto v0.0.0-20190620144150-6af8c5fc6601 // indirect google.golang.org/grpc v1.21.1 // indirect gopkg.in/inf.v0 v0.9.1 // indirect - gopkg.in/mgo.v2 v2.0.0-20180705113604-9856a29383ce // indirect gopkg.in/yaml.v2 v2.2.2 k8s.io/api v0.0.0-20190813020757-36bff7324fb7 k8s.io/apimachinery v0.0.0-20190809020650-423f5d784010 @@ -34,6 +34,7 @@ github.com/VividCortex/ewma v1.1.1 h1:MnEK4VOv6n0RSY4vtRe3h11qjxL3+t0B8yOL8iMXdc github.com/VividCortex/ewma v1.1.1/go.mod h1:2Tkkvm3sRDVXaiyucHiACn4cqf7DpdyLvmxzcbUokwA= github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= +github.com/alexflint/go-filemutex v0.0.0-20171022225611-72bdc8eae2ae/go.mod h1:CgnQgUtFrFz9mxFNtED3jI5tLDjKlOM+oUF/sTk6ps0= github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0 h1:HWo1m869IqiPhD389kmkxeTalrjNbbJTC8LXupb+sl0= @@ -44,6 +45,7 @@ github.com/blang/semver v3.5.1+incompatible h1:cQNTCjp13qL8KC3Nbxr/y2Bqb63oX6wdn github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= github.com/buger/goterm v0.0.0-20181115115552-c206103e1f37 h1:uxxtrnACqI9zK4ENDMf0WpXfUsHP5V8liuq5QdgDISU= github.com/buger/goterm v0.0.0-20181115115552-c206103e1f37/go.mod h1:u9UyCz2eTrSGy6fbupqJ54eY5c4IC8gREQ1053dK12U= +github.com/buger/jsonparser v0.0.0-20180808090653-f4dd9f5a6b44/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s= github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= github.com/checkpoint-restore/go-criu v0.0.0-20181120144056-17b0214f6c48 h1:AQMF0Xixllgf29MKlx/TGEhRk7bEDX5kxz8Ui8lOvEs= github.com/checkpoint-restore/go-criu v0.0.0-20181120144056-17b0214f6c48/go.mod h1:TrMrLQfeENAPYPRsJuq3jsqdlRh3lvi6trTZJG8+tho= @@ -62,12 +64,15 @@ github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc h1:TP+534wVl github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y= github.com/containernetworking/cni v0.7.0-rc2 h1:2GGDhbwdWPY53iT7LXy+LBP76Ch2D/hnw1U2zVFfGbk= github.com/containernetworking/cni v0.7.0-rc2/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY= +github.com/containernetworking/cni v0.7.0/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY= github.com/containernetworking/cni v0.7.1 h1:fE3r16wpSEyaqY4Z4oFrLMmIGfBYIKpPrHK31EJ9FzE= github.com/containernetworking/cni v0.7.1/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY= github.com/containernetworking/plugins v0.7.4 h1:ugkuXfg1Pdzm54U5DGMzreYIkZPSCmSq4rm5TIXVICA= github.com/containernetworking/plugins v0.7.4/go.mod h1:dagHaAhNjXjT9QYOklkKJDGaQPTg4pf//FrUcJeb7FU= github.com/containernetworking/plugins v0.8.1 h1:dJbykiiSIS3Xvo8d+A6rSXcUEFGfvCjUA+bUED4qegQ= github.com/containernetworking/plugins v0.8.1/go.mod h1:dagHaAhNjXjT9QYOklkKJDGaQPTg4pf//FrUcJeb7FU= +github.com/containernetworking/plugins v0.8.2 h1:5lnwfsAYO+V7yXhysJKy3E1A2Gy9oVut031zfdOzI9w= +github.com/containernetworking/plugins v0.8.2/go.mod h1:TxALKWZpWL79BC3GOYKJzzXr7U8R23PdhwaLp6F3adc= github.com/containers/buildah v1.8.4-0.20190821140209-376e52ee0142 h1:RxJ7MbdmorTHiKcJDOz6SwRPasZVp4LOdRWoZ1fdlsQ= github.com/containers/buildah v1.8.4-0.20190821140209-376e52ee0142/go.mod h1:QIIw13J1YIwWQskItX1wqZPQtUOOKrOnHE+LTibbLLA= github.com/containers/buildah v1.9.0 h1:ktVRCGNoVfW8PlTuCKUeh+zGdqn1Nik80DSWvGX+v4Y= @@ -145,6 +150,10 @@ github.com/cyphar/filepath-securejoin v0.2.1 h1:5DPkzz/0MwUpvR4fxASKzgApeq2OMFY5 github.com/cyphar/filepath-securejoin v0.2.1/go.mod h1:FpkQEhXnPnOthhzymB7CGsFk2G9VLXONKD9G7QGMM+4= github.com/cyphar/filepath-securejoin v0.2.2 h1:jCwT2GTP+PY5nBz3c/YL5PAIbusElVrPujOBSCj8xRg= github.com/cyphar/filepath-securejoin v0.2.2/go.mod h1:FpkQEhXnPnOthhzymB7CGsFk2G9VLXONKD9G7QGMM+4= +github.com/d2g/dhcp4 v0.0.0-20170904100407-a1d1b6c41b1c/go.mod h1:Ct2BUK8SB0YC1SMSibvLzxjeJLnrYEVLULFNiHY9YfQ= +github.com/d2g/dhcp4client v1.0.0/go.mod h1:j0hNfjhrt2SxUOw55nL0ATM/z4Yt3t2Kd1mW34z5W5s= +github.com/d2g/dhcp4server v0.0.0-20181031114812-7d4a0a7f59a5/go.mod h1:Eo87+Kg/IX2hfWJfwxMzLyuSZyxSoAug2nGa1G2QAi8= +github.com/d2g/hardwareaddr v0.0.0-20190221164911-e7d9fbe030e4/go.mod h1:bMl4RjIciD2oAxI7DmWRx6gbeqrkoLqv3MV0vzNad+I= github.com/davecgh/go-spew v0.0.0-20151105211317-5215b55f46b2/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= @@ -226,6 +235,7 @@ github.com/go-openapi/spec v0.19.2/go.mod h1:sCxk3jxKgioEJikev4fgkNmwS+3kuYdJtcs github.com/go-openapi/swag v0.0.0-20160704191624-1d0bd113de87/go.mod h1:DXUve3Dpr1UfpPtxFw+EFuQ41HhCWZfha5jSVRG7C7I= github.com/go-openapi/swag v0.19.2/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= +github.com/godbus/dbus v0.0.0-20180201030542-885f9cc04c9c/go.mod h1:/YcGZj5zSblfDWMMoOzV4fas9FZnQYTkDnsGvmh2Grw= github.com/godbus/dbus v0.0.0-20181101234600-2ff6f7ffd60f h1:zlOR3rOlPAVvtfuxGKoghCmop5B0TRyu/ZieziZuGiM= github.com/godbus/dbus v0.0.0-20181101234600-2ff6f7ffd60f/go.mod h1:/YcGZj5zSblfDWMMoOzV4fas9FZnQYTkDnsGvmh2Grw= github.com/godbus/dbus v4.1.0+incompatible h1:WqqLRTsQic3apZUK9qC5sGNfXthmPXzUZ7nQPrNITa4= @@ -311,6 +321,7 @@ github.com/ishidawataru/sctp v0.0.0-20180213033435-07191f837fed h1:3MJOWnAfq3T9e github.com/ishidawataru/sctp v0.0.0-20180213033435-07191f837fed/go.mod h1:DM4VvS+hD/kDi1U1QsX2fnZowwBhqD0Dk3bRPKF/Oc8= github.com/ishidawataru/sctp v0.0.0-20180918013207-6e2cb1366111 h1:NAAiV9ass6VReWFjuxqrMIq12WKlSULI6Gs3PxQghLA= github.com/ishidawataru/sctp v0.0.0-20180918013207-6e2cb1366111/go.mod h1:DM4VvS+hD/kDi1U1QsX2fnZowwBhqD0Dk3bRPKF/Oc8= +github.com/j-keck/arping v0.0.0-20160618110441-2cf9dc699c56/go.mod h1:ymszkNOg6tORTn+6F6j+Jc8TOr5osrynvN6ivFWZ2GA= github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo= github.com/json-iterator/go v0.0.0-20180612202835-f2b4162afba3/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= github.com/json-iterator/go v0.0.0-20180701071628-ab8a2e0c74be/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= @@ -321,6 +332,9 @@ github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCV github.com/json-iterator/go v1.1.7 h1:KfgG9LzI+pYjr4xvmz/5H4FXjokeP+rlHLhv3iH62Fo= github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= +github.com/juju/errors v0.0.0-20180806074554-22422dad46e1/go.mod h1:W54LbzXuIE0boCoNJfwqpmkKJ1O4TCTZMetAt6jGk7Q= +github.com/juju/loggo v0.0.0-20190526231331-6e530bcce5d8/go.mod h1:vgyd7OREkbtVEN/8IXZe5Ooef3LQePvuBm9UWj6ZL8U= +github.com/juju/testing v0.0.0-20190613124551-e81189438503/go.mod h1:63prj8cnj0tU0S9OHjGJn+b1h0ZghCndfnbQolrYTwA= github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q= github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00= @@ -380,6 +394,7 @@ github.com/munnerz/goautoneg v0.0.0-20190414153302-2ae31c8b6b30/go.mod h1:+n7T8m github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= +github.com/onsi/ginkgo v0.0.0-20151202141238-7f8ab55aaf3b/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.7.0 h1:WSHQ+IS43OoUrWtD1/bbclrwK8TTH5hzp+umCiuxHgs= @@ -388,6 +403,7 @@ github.com/onsi/ginkgo v1.8.0 h1:VkHVNpR4iVnU8XQR6DBm8BqYjN7CRzw+xKUbVVbbW9w= github.com/onsi/ginkgo v1.8.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.10.1 h1:q/mM8GF/n0shIN8SaAZ0V+jnLPzen6WIVZdiwrRlMlo= github.com/onsi/ginkgo v1.10.1/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= +github.com/onsi/gomega v0.0.0-20151007035656-2152b45fa28a/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v0.0.0-20190113212917-5533ce8a0da3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= github.com/onsi/gomega v1.4.1/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= @@ -561,6 +577,7 @@ github.com/vbauerster/mpb v3.3.4+incompatible h1:DDIhnwmgTQIDZo+SWlEr5d6mJBxkOLB github.com/vbauerster/mpb v3.3.4+incompatible/go.mod h1:zAHG26FUhVKETRu+MWqYXcI70POlC6N8up9p1dID7SU= github.com/vbauerster/mpb v3.4.0+incompatible h1:mfiiYw87ARaeRW6x5gWwYRUawxaW1tLAD8IceomUCNw= github.com/vbauerster/mpb v3.4.0+incompatible/go.mod h1:zAHG26FUhVKETRu+MWqYXcI70POlC6N8up9p1dID7SU= +github.com/vishvananda/netlink v0.0.0-20181108222139-023a6dafdcdf/go.mod h1:+SR5DhBJrl6ZM7CoCKvpw5BKroDKQ+PJqOg65H/2ktk= github.com/vishvananda/netlink v1.0.0 h1:bqNY2lgheFIu1meHUFSH3d7vG93AFyqg3oGbJCOJgSM= github.com/vishvananda/netlink v1.0.0/go.mod h1:+SR5DhBJrl6ZM7CoCKvpw5BKroDKQ+PJqOg65H/2ktk= github.com/vishvananda/netns v0.0.0-20180720170159-13995c7128cc h1:R83G5ikgLMxrBvLh22JhdfI8K6YXEPHx5P03Uu3DRs4= @@ -584,6 +601,7 @@ go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/ go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= golang.org/x/crypto v0.0.0-20180820150726-614d502a4dac/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= +golang.org/x/crypto v0.0.0-20181009213950-7c1a557ab941/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20181025213731-e84da0312774/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190103213133-ff983b9c42bc h1:F5tKCVGp+MUAHhKp5MZtGqAlGX3+oCsiL1Q629FL90M= @@ -613,6 +631,7 @@ golang.org/x/net v0.0.0-20170114055629-f2499483f923/go.mod h1:mL1N/T3taQHkDXs73r golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20181011144130-49bb7cea24b1/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190107210223-45ffb0cd1ba0 h1:1DW40AJQ7AP4nY6ORUGUdkpXyEC9W2GAXcOPaMZK0K8= diff --git a/hack/install_catatonit.sh b/hack/install_catatonit.sh index e5532a200..7fd7592a9 100755 --- a/hack/install_catatonit.sh +++ b/hack/install_catatonit.sh @@ -1,15 +1,24 @@ #!/bin/bash -e BASE_PATH="/usr/libexec/podman" CATATONIT_PATH="${BASE_PATH}/catatonit" -CATATONIT_VERSION="v0.1.3" +CATATONIT_VERSION="v0.1.4" if [ -f $CATATONIT_PATH ]; then echo "skipping ... catatonit is already installed" else - echo "downloading catatonit to $CATATONIT_PATH" - curl -o catatonit -L https://github.com/openSUSE/catatonit/releases/download/$CATATONIT_VERSION/catatonit.x86_64 - chmod +x catatonit + echo "installing catatonit to $CATATONIT_PATH" + buildDir=$(mktemp -d) + git clone https://github.com/openSUSE/catatonit.git $buildDir + + pushd $buildDir + echo `pwd` + git reset --hard ${CATATONIT_VERSION} + autoreconf -fi + ./configure + make install ${SELINUXOPT} -d -m 755 $BASE_PATH install ${SELINUXOPT} -m 755 catatonit $CATATONIT_PATH - rm catatonit + popd + + rm -rf $buildDir fi diff --git a/install.md b/install.md index eb4ecfa68..b90f20395 100644 --- a/install.md +++ b/install.md @@ -130,6 +130,7 @@ sudo apt-get install \ go-md2man \ iptables \ libassuan-dev \ + libbtrfs-dev \ libc6-dev \ libdevmapper-dev \ libglib2.0-dev \ diff --git a/libpod/container_internal.go b/libpod/container_internal.go index f1456548b..a4dcd23be 100644 --- a/libpod/container_internal.go +++ b/libpod/container_internal.go @@ -622,6 +622,10 @@ func (c *Container) refresh() error { return err } + if rootless.IsRootless() { + return nil + } + return c.refreshCNI() } diff --git a/libpod/networking_linux.go b/libpod/networking_linux.go index d854a2de6..61ab57d65 100644 --- a/libpod/networking_linux.go +++ b/libpod/networking_linux.go @@ -201,6 +201,12 @@ func (r *Runtime) setupRootlessNetNS(ctr *Container) (err error) { Setpgid: true, } + // workaround for https://github.com/rootless-containers/slirp4netns/pull/153 + if sandbox { + cmd.SysProcAttr.Cloneflags = syscall.CLONE_NEWNS + cmd.SysProcAttr.Unshareflags = syscall.CLONE_NEWNS + } + // Leak one end of the pipe in slirp4netns, the other will be sent to conmon cmd.ExtraFiles = append(cmd.ExtraFiles, ctr.rootlessSlirpSyncR, syncW) diff --git a/libpod/oci_internal_linux.go b/libpod/oci_internal_linux.go index a5cce795b..437b7cf4d 100644 --- a/libpod/oci_internal_linux.go +++ b/libpod/oci_internal_linux.go @@ -137,8 +137,12 @@ func (r *OCIRuntime) createOCIContainer(ctr *Container, restoreOptions *Containe return errors.Wrapf(err, "failed to create rootless network sync pipe") } } else { - defer errorhandling.CloseQuiet(ctr.rootlessSlirpSyncR) - defer errorhandling.CloseQuiet(ctr.rootlessSlirpSyncW) + if ctr.rootlessSlirpSyncR != nil { + defer errorhandling.CloseQuiet(ctr.rootlessSlirpSyncR) + } + if ctr.rootlessSlirpSyncW != nil { + defer errorhandling.CloseQuiet(ctr.rootlessSlirpSyncW) + } } // Leak one end in conmon, the other one will be leaked into slirp4netns cmd.ExtraFiles = append(cmd.ExtraFiles, ctr.rootlessSlirpSyncW) diff --git a/libpod/runtime.go b/libpod/runtime.go index 675c92b7a..9f3549e00 100644 --- a/libpod/runtime.go +++ b/libpod/runtime.go @@ -387,6 +387,13 @@ func SetXdgDirs() error { return errors.Wrapf(err, "cannot set XDG_RUNTIME_DIR") } + if rootless.IsRootless() && os.Getenv("DBUS_SESSION_BUS_ADDRESS") == "" { + sessionAddr := filepath.Join(runtimeDir, "bus") + if _, err := os.Stat(sessionAddr); err == nil { + os.Setenv("DBUS_SESSION_BUS_ADDRESS", fmt.Sprintf("unix:path=%s", sessionAddr)) + } + } + // Setup XDG_CONFIG_HOME if cfgHomeDir := os.Getenv("XDG_CONFIG_HOME"); cfgHomeDir == "" { if cfgHomeDir, err = util.GetRootlessConfigHomeDir(); err != nil { diff --git a/pkg/netns/netns_linux.go b/pkg/netns/netns_linux.go index a62296549..e765bd46f 100644 --- a/pkg/netns/netns_linux.go +++ b/pkg/netns/netns_linux.go @@ -126,9 +126,12 @@ func NewNS() (ns.NetNS, error) { // Don't unlock. By not unlocking, golang will kill the OS thread when the // goroutine is done (for go1.10+) + threadNsPath := getCurrentThreadNetNSPath() + var origNS ns.NetNS - origNS, err = ns.GetNS(getCurrentThreadNetNSPath()) + origNS, err = ns.GetNS(threadNsPath) if err != nil { + logrus.Warnf("cannot open current network namespace %s: %q", threadNsPath, err) return } defer func() { @@ -140,13 +143,19 @@ func NewNS() (ns.NetNS, error) { // create a new netns on the current thread err = unix.Unshare(unix.CLONE_NEWNET) if err != nil { + logrus.Warnf("cannot create a new network namespace: %q", err) return } // Put this thread back to the orig ns, since it might get reused (pre go1.10) defer func() { if err := origNS.Set(); err != nil { - logrus.Warnf("unable to set namespace: %q", err) + if rootless.IsRootless() && strings.Contains(err.Error(), "operation not permitted") { + // When running in rootless mode it will fail to re-join + // the network namespace owned by root on the host. + return + } + logrus.Warnf("unable to reset namespace: %q", err) } }() @@ -154,7 +163,7 @@ func NewNS() (ns.NetNS, error) { // mount point. This causes the namespace to persist, even when there // are no threads in the ns. Make this a shared mount; it needs to be // back-propogated to the host - err = unix.Mount(getCurrentThreadNetNSPath(), nsPath, "none", unix.MS_BIND|unix.MS_SHARED|unix.MS_REC, "") + err = unix.Mount(threadNsPath, nsPath, "none", unix.MS_BIND|unix.MS_SHARED|unix.MS_REC, "") if err != nil { err = fmt.Errorf("failed to bind mount ns at %s: %v", nsPath, err) } diff --git a/vendor/github.com/containernetworking/plugins/pkg/ip/link_linux.go b/vendor/github.com/containernetworking/plugins/pkg/ip/link_linux.go index 909afd04e..c0053cabe 100644 --- a/vendor/github.com/containernetworking/plugins/pkg/ip/link_linux.go +++ b/vendor/github.com/containernetworking/plugins/pkg/ip/link_linux.go @@ -60,11 +60,15 @@ func peerExists(name string) bool { return true } -func makeVeth(name string, mtu int) (peerName string, veth netlink.Link, err error) { +func makeVeth(name, vethPeerName string, mtu int) (peerName string, veth netlink.Link, err error) { for i := 0; i < 10; i++ { - peerName, err = RandomVethName() - if err != nil { - return + if vethPeerName != "" { + peerName = vethPeerName + } else { + peerName, err = RandomVethName() + if err != nil { + return + } } veth, err = makeVethPair(name, peerName, mtu) @@ -73,7 +77,7 @@ func makeVeth(name string, mtu int) (peerName string, veth netlink.Link, err err return case os.IsExist(err): - if peerExists(peerName) { + if peerExists(peerName) && vethPeerName == "" { continue } err = fmt.Errorf("container veth name provided (%v) already exists", name) @@ -121,12 +125,13 @@ func ifaceFromNetlinkLink(l netlink.Link) net.Interface { } } -// SetupVeth sets up a pair of virtual ethernet devices. -// Call SetupVeth from inside the container netns. It will create both veth +// SetupVethWithName sets up a pair of virtual ethernet devices. +// Call SetupVethWithName from inside the container netns. It will create both veth // devices and move the host-side veth into the provided hostNS namespace. -// On success, SetupVeth returns (hostVeth, containerVeth, nil) -func SetupVeth(contVethName string, mtu int, hostNS ns.NetNS) (net.Interface, net.Interface, error) { - hostVethName, contVeth, err := makeVeth(contVethName, mtu) +// hostVethName: If hostVethName is not specified, the host-side veth name will use a random string. +// On success, SetupVethWithName returns (hostVeth, containerVeth, nil) +func SetupVethWithName(contVethName, hostVethName string, mtu int, hostNS ns.NetNS) (net.Interface, net.Interface, error) { + hostVethName, contVeth, err := makeVeth(contVethName, hostVethName, mtu) if err != nil { return net.Interface{}, net.Interface{}, err } @@ -161,6 +166,14 @@ func SetupVeth(contVethName string, mtu int, hostNS ns.NetNS) (net.Interface, ne return ifaceFromNetlinkLink(hostVeth), ifaceFromNetlinkLink(contVeth), nil } +// SetupVeth sets up a pair of virtual ethernet devices. +// Call SetupVeth from inside the container netns. It will create both veth +// devices and move the host-side veth into the provided hostNS namespace. +// On success, SetupVeth returns (hostVeth, containerVeth, nil) +func SetupVeth(contVethName string, mtu int, hostNS ns.NetNS) (net.Interface, net.Interface, error) { + return SetupVethWithName(contVethName, "", mtu, hostNS) +} + // DelLinkByName removes an interface link. func DelLinkByName(ifName string) error { iface, err := netlink.LinkByName(ifName) diff --git a/vendor/github.com/containernetworking/plugins/plugins/ipam/host-local/backend/allocator/allocator.go b/vendor/github.com/containernetworking/plugins/plugins/ipam/host-local/backend/allocator/allocator.go index d1c2b1018..4cec1a74e 100644 --- a/vendor/github.com/containernetworking/plugins/plugins/ipam/host-local/backend/allocator/allocator.go +++ b/vendor/github.com/containernetworking/plugins/plugins/ipam/host-local/backend/allocator/allocator.go @@ -40,7 +40,7 @@ func NewIPAllocator(s *RangeSet, store backend.Store, id int) *IPAllocator { } } -// Get alocates an IP +// Get allocates an IP func (a *IPAllocator) Get(id string, ifname string, requestedIP net.IP) (*current.IPConfig, error) { a.store.Lock() defer a.store.Unlock() @@ -73,6 +73,17 @@ func (a *IPAllocator) Get(id string, ifname string, requestedIP net.IP) (*curren gw = r.Gateway } else { + // try to get allocated IPs for this given id, if exists, just return error + // because duplicate allocation is not allowed in SPEC + // https://github.com/containernetworking/cni/blob/master/SPEC.md + allocatedIPs := a.store.GetByID(id, ifname) + for _, allocatedIP := range allocatedIPs { + // check whether the existing IP belong to this range set + if _, err := a.rangeset.RangeFor(allocatedIP); err == nil { + return nil, fmt.Errorf("%s has been allocated to %s, duplicate allocation is not allowed", allocatedIP.String(), id) + } + } + iter, err := a.GetIter() if err != nil { return nil, err diff --git a/vendor/github.com/containernetworking/plugins/plugins/ipam/host-local/backend/store.go b/vendor/github.com/containernetworking/plugins/plugins/ipam/host-local/backend/store.go index 4ea845da7..7211ddf6a 100644 --- a/vendor/github.com/containernetworking/plugins/plugins/ipam/host-local/backend/store.go +++ b/vendor/github.com/containernetworking/plugins/plugins/ipam/host-local/backend/store.go @@ -24,4 +24,5 @@ type Store interface { LastReservedIP(rangeID string) (net.IP, error) Release(ip net.IP) error ReleaseByID(id string, ifname string) error + GetByID(id string, ifname string) []net.IP } diff --git a/vendor/modules.txt b/vendor/modules.txt index 9a94c1f09..dc113b619 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -43,7 +43,7 @@ github.com/containernetworking/cni/pkg/version github.com/containernetworking/cni/libcni github.com/containernetworking/cni/pkg/invoke github.com/containernetworking/cni/pkg/types/020 -# github.com/containernetworking/plugins v0.8.1 +# github.com/containernetworking/plugins v0.8.2 github.com/containernetworking/plugins/pkg/ns github.com/containernetworking/plugins/pkg/ip github.com/containernetworking/plugins/plugins/ipam/host-local/backend/allocator diff --git a/version/version.go b/version/version.go index 348a69594..9fcd5faa7 100644 --- a/version/version.go +++ b/version/version.go @@ -4,7 +4,7 @@ package version // NOTE: remember to bump the version at the top // of the top-level README.md file when this is // bumped. -const Version = "1.6.0-dev" +const Version = "1.6.1-dev" // RemoteAPIVersion is the version for the remote // client API. It is used to determine compatibility |