diff options
92 files changed, 1058 insertions, 666 deletions
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index c4e208894..8e921dcf3 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -180,6 +180,27 @@ Use your real name (sorry, no pseudonyms or anonymous contributions.) If you set your `user.name` and `user.email` git configs, you can sign your commit automatically with `git commit -s`. +### Go Format and lint + +All code changes must pass ``make validate`` and ``make lint``, as +executed in a standard container. The container image for this +purpose is provided at: ``quay.io/libpod/gate:latest``. However, +for changes to the image itself, it may also be built locally +from the repository root, with the command: + +``` +sudo podman build -t quay.io/libpod/gate:latest -f contrib/gate/Dockerfile . +``` + +The container executes 'make' by default, on a copy of the repository. +This avoids changing or leaving build artifacts in your working directory. +Execution does not require any special permissions from the host. However, +the repository root must be bind-mounted into the container at +'/usr/src/libpod'. For example, running `make lint` is done (from +the repository root) with the command: + +``sudo podman run -it --rm -v $PWD:/usr/src/libpod:z quay.io/libpod/gate:latest lint`` + ### Integration Tests Our primary means of performing integration testing for libpod is with the @@ -1,6 +1,6 @@ GO ?= go DESTDIR ?= / -EPOCH_TEST_COMMIT ?= 921ccac10c47e0865ec5e4ba00ebb69a03d89473 +EPOCH_TEST_COMMIT ?= 1b52843cfd2ae254a6e52c74e564730f1c875c4c HEAD ?= HEAD CHANGELOG_BASE ?= HEAD~ CHANGELOG_TARGET ?= HEAD @@ -3,9 +3,14 @@ approvers: - baude - mrunalp - rhatdan + - TomSweeneyRedHat + - umohnani8 + - giuseppe + - vrothberg reviewers: - mheon - baude + - mrunalp - rhatdan - TomSweeneyRedHat - umohnani8 @@ -1,9 +1,11 @@  # libpod - library for running OCI-based containers in Pods -### Latest Version: 0.10.1.3 +### Latest Version: 0.11.1.1 ### Status: Active Development +### Continuous Integration: [](https://cirrus-ci.com/github/containers/libpod) + ## What is the scope of this project? libpod provides a library for applications looking to use the Container Pod concept popularized by Kubernetes. diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md index 9cdf3faae..05854c8d7 100644 --- a/RELEASE_NOTES.md +++ b/RELEASE_NOTES.md @@ -1,5 +1,18 @@ # Release Notes +## 0.11.1.1 +### Bugfixes +- Fixed a bug where Podman was not correctly adding firewall rules for containers, preventing them from accessing the network +- Fixed a bug where full error messages were being lost when creating containers with user namespaces +- Fixed a bug where container state was not properly updated if a failure occurred during network setup, which could cause mounts to be left behind when the container was removed +- Fixed a bug where `podman exec` could time out on slower systems by increasing the relevant timeout + +### Misc +- `podman rm -f` now removes paused containers. As such, `podman rm -af` completing successfully guarantees all Podman containers have been removed +- Added a field to `podman info` to show if Podman is being run as rootless +- Made a small output format change to `podman images` - image sizes now feature a space between number and unit (e.g. `123 MB` now instead of `123MB`) +- Vendored an updated version of `containers/storage` to fix several bugs reported upstream + ## 0.11.1 ### Features - Added `--all` and `--latest` flags to `podman checkpoint` and `podman restore` diff --git a/changelog.txt b/changelog.txt index 9aaec0e74..7b0f0f3af 100644 --- a/changelog.txt +++ b/changelog.txt @@ -1,3 +1,32 @@ +- Changelog for v0.11.1.1 (2018-11-15) + * Vendor in containers/storage + * Add release notes for 0.11.1.1 + * Increase pidWaitTimeout to 60s + * Cirrus: Add master branch testing status badge + * rootless: call IsRootless just once + * Bump golang to v1.10 in install.md + * Standardized container image for gofmt and lint + * Make list of approvers same as reviewers + * vendor: update ostree-go + * vendor.conf: fix typo + * Cleanup podman spec to not show git checkout is dirty + * Add space between num & unit in images output + * Update troubleshooting guide to deal with rootless path + * troubleshooting.md: add a recipe for rootless ping + * remove $-prefix from (most) shell examples + * docs: Fix duplicated entry for pod-container-unmount + * Better document rootless containers + * info: add rootless field + * Accurately update state if prepare() partially fails + * Do not hide errors when creating container with UserNSRoot + * rm -f now removes a paused container + * correct assignment of networkStatus + * podman_tutorial: cni build path has changed + * Bump gitvalidation epoch + * Bump to v0.11.2-dev + * Cirrus: Ignore any error from the IRC messenger + * rootless: default to fuse-overlayfs when available + - Changelog for v0.11.1 (2018-11-08) * Update release notes for 0.11.1 * update seccomp.json diff --git a/cmd/podman/build.go b/cmd/podman/build.go index 14bf226f9..880cb892f 100644 --- a/cmd/podman/build.go +++ b/cmd/podman/build.go @@ -1,6 +1,11 @@ package main import ( + "io/ioutil" + "os" + "path/filepath" + "strings" + "github.com/containers/buildah" "github.com/containers/buildah/imagebuildah" buildahcli "github.com/containers/buildah/pkg/cli" @@ -10,15 +15,15 @@ import ( "github.com/pkg/errors" "github.com/sirupsen/logrus" "github.com/urfave/cli" - "io/ioutil" - "os" - "path/filepath" - "strings" ) var ( layerFlags = []cli.Flag{ cli.BoolTFlag{ + Name: "force-rm", + Usage: "Always remove intermediate containers after a build, even if the build is unsuccessful. (default true)", + }, + cli.BoolTFlag{ Name: "layers", Usage: "cache intermediate layers during build. Use BUILDAH_LAYERS environment variable to override. ", }, @@ -230,7 +235,7 @@ func buildCmd(c *cli.Context) error { Layers: layers, NoCache: c.Bool("no-cache"), RemoveIntermediateCtrs: c.BoolT("rm"), - ForceRmIntermediateCtrs: c.Bool("force-rm"), + ForceRmIntermediateCtrs: c.BoolT("force-rm"), } if c.Bool("quiet") { diff --git a/cmd/podman/images.go b/cmd/podman/images.go index a8955e49e..c52b26260 100644 --- a/cmd/podman/images.go +++ b/cmd/podman/images.go @@ -6,8 +6,7 @@ import ( "sort" "strings" "time" - - "github.com/sirupsen/logrus" + "unicode" "github.com/containers/libpod/cmd/podman/formats" "github.com/containers/libpod/cmd/podman/libpodruntime" @@ -16,6 +15,7 @@ import ( "github.com/docker/go-units" digest "github.com/opencontainers/go-digest" "github.com/pkg/errors" + "github.com/sirupsen/logrus" "github.com/urfave/cli" ) @@ -289,6 +289,8 @@ func getImagesTemplateOutput(ctx context.Context, runtime *libpod.Runtime, image sizeStr = err.Error() } else { sizeStr = units.HumanSizeWithPrecision(float64(*size), 3) + lastNumIdx := strings.LastIndexFunc(sizeStr, unicode.IsNumber) + sizeStr = sizeStr[:lastNumIdx+1] + " " + sizeStr[lastNumIdx+1:] } params := imagesTemplateParams{ Repository: repo, diff --git a/contrib/gate/Dockerfile b/contrib/gate/Dockerfile new file mode 100644 index 000000000..0c0e4aaf9 --- /dev/null +++ b/contrib/gate/Dockerfile @@ -0,0 +1,69 @@ +FROM fedora:28 +RUN dnf -y install \ + atomic-registries \ + btrfs-progs-devel \ + buildah \ + bzip2 \ + conmon \ + container-selinux \ + containernetworking-cni \ + containernetworking-cni-devel \ + device-mapper-devel \ + findutils \ + git \ + glib2-devel \ + glibc-static \ + gnupg \ + golang \ + gpgme-devel \ + iptables \ + libassuan-devel \ + libseccomp-devel \ + libselinux-devel \ + lsof \ + make \ + nmap-ncat \ + ostree-devel \ + procps-ng \ + python \ + python3-dateutil \ + python3-psutil \ + python3-pytoml \ + python3-varlink \ + skopeo-containers \ + slirp4netns \ + rsync \ + which \ + xz \ + && dnf clean all + +ENV GOPATH="/go" \ + PATH="/go/bin:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin" \ + SRCPATH="/usr/src/libpod" \ + GOSRC="/go/src/github.com/containers/libpod" + +# Only needed for installing build-time dependencies +COPY / $GOSRC + +WORKDIR $GOSRC + +# Install dependencies +RUN set -x && \ + go get -u github.com/mailru/easyjson/... && \ + install -D -m 755 "$GOPATH"/bin/easyjson /usr/bin/ && \ + make install.tools && \ + install -D -m 755 $GOSRC/contrib/gate/entrypoint.sh /usr/local/bin/ && \ + rm -rf "$GOSRC" + +# Install cni config +#RUN make install.cni +RUN mkdir -p /etc/cni/net.d/ +COPY cni/87-podman-bridge.conflist /etc/cni/net.d/87-podman-bridge.conflist + +# Make sure we have some policy for pulling images +RUN mkdir -p /etc/containers +COPY test/policy.json /etc/containers/policy.json +COPY test/redhat_sigstore.yaml /etc/containers/registries.d/registry.access.redhat.com.yaml + +VOLUME ["/usr/src/libpod"] +ENTRYPOINT ["/usr/local/bin/entrypoint.sh"] diff --git a/contrib/gate/README.md b/contrib/gate/README.md new file mode 100644 index 000000000..709e6035f --- /dev/null +++ b/contrib/gate/README.md @@ -0,0 +1,4 @@ + + +A standard container image for `gofmt` and lint-checking the libpod +repository. The [contributors guide contains the documentation for usage.](https://github.com/containers/libpod/blob/master/CONTRIBUTING.md#go-format-and-lint) diff --git a/contrib/gate/entrypoint.sh b/contrib/gate/entrypoint.sh new file mode 100755 index 000000000..e16094cc0 --- /dev/null +++ b/contrib/gate/entrypoint.sh @@ -0,0 +1,15 @@ +#!/bin/bash + +[[ -n "$SRCPATH" ]] || \ + ( echo "ERROR: \$SRCPATH must be non-empty" && exit 1 ) +[[ -n "$GOSRC" ]] || \ + ( echo "ERROR: \$GOSRC must be non-empty" && exit 2 ) +[[ -r "${SRCPATH}/contrib/gate/Dockerfile" ]] || \ + ( echo "ERROR: Expecting libpod repository root at $SRCPATH" && exit 3 ) + +# Working from a copy avoids needing to perturb the actual source files +mkdir -p "$GOSRC" +/usr/bin/rsync --recursive --links --quiet --safe-links \ + --perms --times "${SRCPATH}/" "${GOSRC}/" +cd "$GOSRC" +make "$@" diff --git a/contrib/spec/podman.spec.in b/contrib/spec/podman.spec.in index f6ebfa148..3192cbfed 100644 --- a/contrib/spec/podman.spec.in +++ b/contrib/spec/podman.spec.in @@ -378,10 +378,6 @@ providing packages with %{import_path} prefix. %prep %autosetup -Sgit -n %{repo}-%{shortcommit0} -sed -i '/\/bin\/env/d' completions/bash/%{name} -sed -i 's/0.0.0/%{version}/' contrib/python/%{name}/setup.py -sed -i 's/0.0.0/%{version}/' contrib/python/py%{name}/setup.py -mv pkg/hooks/README.md pkg/hooks/README-hooks.md # untar cri-o tar zxf %{SOURCE1} @@ -416,15 +412,17 @@ popd %install install -dp %{buildroot}%{_unitdir} -%{__make} PREFIX=%{buildroot}%{_prefix} ETCDIR=%{buildroot}%{_sysconfdir} \ +PODMAN_VERSION=%{version} %{__make} PREFIX=%{buildroot}%{_prefix} ETCDIR=%{buildroot}%{_sysconfdir} \ install.bin \ install.man \ install.cni \ install.systemd \ install.completions +mv pkg/hooks/README.md pkg/hooks/README-hooks.md + %if %{with varlink} -%{__make} DESTDIR=%{buildroot} install.python +PODMAN_VERSION=%{version} %{__make} DESTDIR=%{buildroot} install.python %endif # varlink # install libpod.conf diff --git a/docs/podman-container.1.md b/docs/podman-container.1.md index eac3343d5..67d42bfef 100644 --- a/docs/podman-container.1.md +++ b/docs/podman-container.1.md @@ -38,7 +38,6 @@ The container command allows you to manage containers | stop | [podman-stop(1)](podman-stop.1.md) | Stop one or more running containers. | | top | [podman-top(1)](podman-top.1.md) | Display the running processes of a container. | | umount | [podman-umount(1)](podman-umount.1.md) | Unmount a working container's root filesystem. | -| unmount | [podman-umount(1)](podman-umount.1.md) | Unmount a working container's root filesystem. | | unpause | [podman-unpause(1)](podman-unpause.1.md) | Unpause one or more containers. | | wait | [podman-wait(1)](podman-wait.1.md) | Wait on one or more containers to stop and print their exit codes. | diff --git a/docs/podman-images.1.md b/docs/podman-images.1.md index 0bd829a8e..832df0e23 100644 --- a/docs/podman-images.1.md +++ b/docs/podman-images.1.md @@ -49,9 +49,9 @@ Sort by created, id, repository, size or tag (default: created) ``` # podman images REPOSITORY TAG IMAGE ID CREATED SIZE -docker.io/kubernetes/pause latest e3d42bcaf643 3 years ago 251kB -<none> <none> ebb91b73692b 4 weeks ago 27.2MB -docker.io/library/ubuntu latest 4526339ae51c 6 weeks ago 126MB +docker.io/kubernetes/pause latest e3d42bcaf643 3 years ago 251 kB +<none> <none> ebb91b73692b 4 weeks ago 27.2 MB +docker.io/library/ubuntu latest 4526339ae51c 6 weeks ago 126 MB ``` ``` @@ -63,17 +63,17 @@ ebb91b73692b ``` # podman images --noheading -docker.io/kubernetes/pause latest e3d42bcaf643 3 years ago 251kB -<none> <none> ebb91b73692b 4 weeks ago 27.2MB -docker.io/library/ubuntu latest 4526339ae51c 6 weeks ago 126MB +docker.io/kubernetes/pause latest e3d42bcaf643 3 years ago 251 kB +<none> <none> ebb91b73692b 4 weeks ago 27.2 MB +docker.io/library/ubuntu latest 4526339ae51c 6 weeks ago 126 MB ``` ``` # podman images --no-trunc REPOSITORY TAG IMAGE ID CREATED SIZE -docker.io/kubernetes/pause latest sha256:e3d42bcaf643097dd1bb0385658ae8cbe100a80f773555c44690d22c25d16b27 3 years ago 251kB -<none> <none> sha256:ebb91b73692bd27890685846412ae338d13552165eacf7fcd5f139bfa9c2d6d9 4 weeks ago 27.2MB -docker.io/library/ubuntu latest sha256:4526339ae51c3cdc97956a7a961c193c39dfc6bd9733b0d762a36c6881b5583a 6 weeks ago 126MB +docker.io/kubernetes/pause latest sha256:e3d42bcaf643097dd1bb0385658ae8cbe100a80f773555c44690d22c25d16b27 3 years ago 251 kB +<none> <none> sha256:ebb91b73692bd27890685846412ae338d13552165eacf7fcd5f139bfa9c2d6d9 4 weeks ago 27.2 MB +docker.io/library/ubuntu latest sha256:4526339ae51c3cdc97956a7a961c193c39dfc6bd9733b0d762a36c6881b5583a 6 weeks ago 126 MB ``` ``` @@ -87,7 +87,7 @@ ebb91b73692b <none> <none> ``` # podman images --filter dangling=true REPOSITORY TAG IMAGE ID CREATED SIZE -<none> <none> ebb91b73692b 4 weeks ago 27.2MB +<none> <none> ebb91b73692b 4 weeks ago 27.2 MB ``` ``` @@ -126,25 +126,25 @@ REPOSITORY TAG IMAGE ID CREATED SIZE ``` # podman images --sort repository REPOSITORY TAG IMAGE ID CREATED SIZE -<none> <none> 2460217d76fc About a minute ago 4.41MB -docker.io/library/alpine latest 3fd9065eaf02 5 months ago 4.41MB -localhost/myapp latest b2e0ad03474a About a minute ago 4.41MB -registry.access.redhat.com/rhel7 latest 7a840db7f020 2 weeks ago 211MB -registry.fedoraproject.org/fedora 27 801894bc0e43 6 weeks ago 246MB +<none> <none> 2460217d76fc About a minute ago 4.41 MB +docker.io/library/alpine latest 3fd9065eaf02 5 months ago 4.41 MB +localhost/myapp latest b2e0ad03474a About a minute ago 4.41 MB +registry.access.redhat.com/rhel7 latest 7a840db7f020 2 weeks ago 211 MB +registry.fedoraproject.org/fedora 27 801894bc0e43 6 weeks ago 246 MB ``` ``` # podman images REPOSITORY TAG IMAGE ID CREATED SIZE -localhost/test latest 18f0c080cd72 4 seconds ago 4.42MB -docker.io/library/alpine latest 3fd9065eaf02 5 months ago 4.41MB +localhost/test latest 18f0c080cd72 4 seconds ago 4.42 MB +docker.io/library/alpine latest 3fd9065eaf02 5 months ago 4.41 MB # podman images -a REPOSITORY TAG IMAGE ID CREATED SIZE -localhost/test latest 18f0c080cd72 6 seconds ago 4.42MB -<none> <none> 270e70dc54c0 7 seconds ago 4.42MB -<none> <none> 4ed6fbe43414 8 seconds ago 4.41MB -<none> <none> 6b0df8e71508 8 seconds ago 4.41MB -docker.io/library/alpine latest 3fd9065eaf02 5 months ago 4.41MB +localhost/test latest 18f0c080cd72 6 seconds ago 4.42 MB +<none> <none> 270e70dc54c0 7 seconds ago 4.42 MB +<none> <none> 4ed6fbe43414 8 seconds ago 4.41 MB +<none> <none> 6b0df8e71508 8 seconds ago 4.41 MB +docker.io/library/alpine latest 3fd9065eaf02 5 months ago 4.41 MB ``` ## SEE ALSO diff --git a/docs/podman.1.md b/docs/podman.1.md index c66a9cf05..b7433d850 100644 --- a/docs/podman.1.md +++ b/docs/podman.1.md @@ -192,7 +192,7 @@ the exit codes follow the `chroot` standard, see below: When Podman runs in rootless mode, the file `$HOME/.config/containers/storage.conf` is also loaded. ## Rootless mode -Podman can also be used as non-root user. When podman runs in rootless mode, an user namespace is automatically created. +Podman can also be used as non-root user. When podman runs in rootless mode, a user namespace is automatically created for the user, defined in /etc/subuid and /etc/subgid. Containers created by a non-root user are not visible to other users and are not seen or managed by podman running as root. @@ -209,13 +209,14 @@ Or just add the content manually. $ echo USERNAME:10000:65536 >> /etc/subuid $ echo USERNAME:10000:65536 >> /etc/subgid +See the `subuid(5)` and `subgid(5)` man pages for more information. + Images are pulled under `XDG_DATA_HOME` when specified, otherwise in the home directory of the user under `.local/share/containers/storage`. -Currently it is not possible to create a network device, so rootless containers need to run in the host network namespace. If a rootless container creates a network namespace, -then only the loopback device will be available. +Currently the slirp4netns package is required to be installed to create a network device, otherwise rootless containers need to run in the network namespace of the host. ## SEE ALSO -`containers-mounts.conf(5)`, `containers-registries.conf(5)`, `containers-storage.conf(5)`, `crio(8)`, `libpod.conf(5)`, `oci-hooks(5)`, `policy.json(5)` +`containers-mounts.conf(5)`, `containers-registries.conf(5)`, `containers-storage.conf(5)`, `crio(8)`, `libpod.conf(5)`, `oci-hooks(5)`, `policy.json(5)`, `subuid(5)`, `subgid(5)`, `slirp4netns(1)` ## HISTORY Dec 2016, Originally compiled by Dan Walsh <dwalsh@redhat.com> diff --git a/docs/tutorials/podman_tutorial.md b/docs/tutorials/podman_tutorial.md index d48df289f..5a8f997b8 100644 --- a/docs/tutorials/podman_tutorial.md +++ b/docs/tutorials/podman_tutorial.md @@ -5,10 +5,13 @@ Podman is a utility provided as part of the libpod library. It can be used to c containers. The following tutorial will teach you how to set up Podman and perform some basic commands with Podman. +**NOTE**: the code samples are intended to be run as a non-root user, and use `sudo` where +root escalation is required. + ## Install Podman on Fedora from RPM Repositories Fedora 27 and later provide Podman via the package manager. ```console -$ sudo dnf install -y podman +sudo dnf install -y podman ``` ## Install Podman on Fedora from Source @@ -18,10 +21,10 @@ acquire the source, and build it. ### Installing build and runtime dependencies ```console -$ sudo dnf install -y git runc libassuan-devel golang golang-github-cpuguy83-go-md2man glibc-static \ - gpgme-devel glib2-devel device-mapper-devel libseccomp-devel \ - atomic-registries iptables skopeo-containers containernetworking-cni \ - conmon +sudo dnf install -y git runc libassuan-devel golang golang-github-cpuguy83-go-md2man glibc-static \ + gpgme-devel glib2-devel device-mapper-devel libseccomp-devel \ + atomic-registries iptables skopeo-containers containernetworking-cni \ + conmon ``` ### Building and installing podman @@ -29,12 +32,12 @@ First, configure a `GOPATH` (if you are using go1.8 or later, this defaults to ` and make libpod. ```console -$ export GOPATH=~/go -$ mkdir -p $GOPATH -$ git clone https://github.com/containers/libpod/ $GOPATH/src/github.com/containers/libpod -$ cd $GOPATH/src/github.com/containers/libpod -$ make -$ sudo make install PREFIX=/usr +export GOPATH=~/go +mkdir -p $GOPATH +git clone https://github.com/containers/libpod/ $GOPATH/src/github.com/containers/libpod +cd $GOPATH/src/github.com/containers/libpod +make +sudo make install PREFIX=/usr ``` You now have a working podman environment. Jump to [Familiarizing yourself with Podman](#familiarizing-yourself-with-podman) @@ -50,8 +53,8 @@ tutorial. For this tutorial, the Ubuntu **artful-server-cloudimg** image was use #### Installing base packages ```console -$ sudo apt-get update -$ sudo apt-get install libdevmapper-dev libglib2.0-dev libgpgme11-dev golang libseccomp-dev \ +sudo apt-get update +sudo apt-get install libdevmapper-dev libglib2.0-dev libgpgme11-dev golang libseccomp-dev \ go-md2man libprotobuf-dev libprotobuf-c0-dev libseccomp-dev python3-setuptools ``` #### Building and installing conmon @@ -59,42 +62,42 @@ First, configure a `GOPATH` (if you are using go1.8 or later, this defaults to ` and make libpod. ```console -$ export GOPATH=~/go -$ mkdir -p $GOPATH -$ git clone https://github.com/kubernetes-sigs/cri-o $GOPATH/src/github.com/kubernetes-sigs/cri-o -$ cd $GOPATH/src/github.com/kubernetes-sigs/cri-o -$ mkdir bin -$ make bin/conmon -$ sudo install -D -m 755 bin/conmon /usr/libexec/podman/conmon +export GOPATH=~/go +mkdir -p $GOPATH +git clone https://github.com/kubernetes-sigs/cri-o $GOPATH/src/github.com/kubernetes-sigs/cri-o +cd $GOPATH/src/github.com/kubernetes-sigs/cri-o +mkdir bin +make bin/conmon +sudo install -D -m 755 bin/conmon /usr/libexec/podman/conmon ``` #### Adding required configuration files ```console -$ sudo mkdir -p /etc/containers -$ sudo curl https://raw.githubusercontent.com/projectatomic/registries/master/registries.fedora -o /etc/containers/registries.conf -$ sudo curl https://raw.githubusercontent.com/containers/skopeo/master/default-policy.json -o /etc/containers/policy.json +sudo mkdir -p /etc/containers +sudo curl https://raw.githubusercontent.com/projectatomic/registries/master/registries.fedora -o /etc/containers/registries.conf +sudo curl https://raw.githubusercontent.com/containers/skopeo/master/default-policy.json -o /etc/containers/policy.json ``` #### Installing CNI plugins ```console -$ git clone https://github.com/containernetworking/plugins.git $GOPATH/src/github.com/containernetworking/plugins -$ cd $GOPATH/src/github.com/containernetworking/plugins -$ ./build_linux.sh -$ sudo mkdir -p /usr/libexec/cni -$ sudo cp bin/* /usr/libexec/cni +git clone https://github.com/containernetworking/plugins.git $GOPATH/src/github.com/containernetworking/plugins +cd $GOPATH/src/github.com/containernetworking/plugins +./build_linux.sh +sudo mkdir -p /usr/libexec/cni +sudo cp bin/* /usr/libexec/cni ``` #### Installing runc ```console -$ git clone https://github.com/opencontainers/runc.git $GOPATH/src/github.com/opencontainers/runc -$ cd $GOPATH/src/github.com/opencontainers/runc -$ make BUILDTAGS="seccomp" -$ sudo cp runc /usr/bin/runc +git clone https://github.com/opencontainers/runc.git $GOPATH/src/github.com/opencontainers/runc +cd $GOPATH/src/github.com/opencontainers/runc +make BUILDTAGS="seccomp" +sudo cp runc /usr/bin/runc ``` ### Building and installing Podman ```console -$ git clone https://github.com/containers/libpod/ $GOPATH/src/github.com/containers/libpod -$ cd $GOPATH/src/github.com/containers/libpod -$ make -$ sudo make install PREFIX=/usr +git clone https://github.com/containers/libpod/ $GOPATH/src/github.com/containers/libpod +cd $GOPATH/src/github.com/containers/libpod +make +sudo make install PREFIX=/usr ``` ## Familiarizing yourself with Podman @@ -103,10 +106,10 @@ $ sudo make install PREFIX=/usr This sample container will run a very basic httpd server that serves only its index page. ```console -$ sudo podman run -dt -e HTTPD_VAR_RUN=/var/run/httpd -e HTTPD_MAIN_CONF_D_PATH=/etc/httpd/conf.d \ - -e HTTPD_MAIN_CONF_PATH=/etc/httpd/conf \ - -e HTTPD_CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/httpd/ \ - registry.fedoraproject.org/f27/httpd /usr/bin/run-httpd +sudo podman run -dt -e HTTPD_VAR_RUN=/var/run/httpd -e HTTPD_MAIN_CONF_D_PATH=/etc/httpd/conf.d \ + -e HTTPD_MAIN_CONF_PATH=/etc/httpd/conf \ + -e HTTPD_CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/httpd/ \ + registry.fedoraproject.org/f27/httpd /usr/bin/run-httpd ``` Because the container is being run in detached mode, represented by the *-d* in the podman run command, podman will print the container ID after it has run. @@ -114,7 +117,7 @@ will print the container ID after it has run. ### Listing running containers The Podman *ps* command is used to list creating and running containers. ```console -$ sudo podman ps +sudo podman ps ``` Note: If you add *-a* to the *ps* command, Podman will show all containers. @@ -134,7 +137,7 @@ Now that we have the IP address of the container, we can test the network commun operating system and the container using curl. The following command should display the index page of our containerized httpd server. ```console -# curl http://<IP_address>:8080 +curl http://<IP_address>:8080 ``` ### Viewing the container's logs @@ -163,7 +166,7 @@ With this a container can later be restored and continue running at exactly the checkpoint. This capability requires CRIU 3.11 or later installed on the system. To checkpoint the container use: ```console -$ sudo podman container checkpoint <container_id> +sudo podman container checkpoint <container_id> ``` ### Restoring the container @@ -171,29 +174,29 @@ Restoring a container is only possible for a previously checkpointed container. continue to run at exactly the same point in time it was checkpointed. To restore the container use: ```console -$ sudo podman container restore <container_id> +sudo podman container restore <container_id> ``` After being restored, the container will answer requests again as it did before checkpointing. ```console -# curl http://<IP_address>:8080 +curl http://<IP_address>:8080 ``` ### Stopping the container To stop the httpd container: ```console -$ sudo podman stop --latest +sudo podman stop --latest ``` You can also check the status of one or more containers using the *ps* subcommand. In this case, we should use the *-a* argument to list all containers. ```console -$ sudo podman ps -a +sudo podman ps -a ``` ### Removing the container To remove the httpd container: ```console -$ sudo podman rm --latest +sudo podman rm --latest ``` You can verify the deletion of the container by running *podman ps -a*. diff --git a/install.md b/install.md index 33224c810..efb568b66 100644 --- a/install.md +++ b/install.md @@ -83,7 +83,7 @@ Debian, Ubuntu, and related distributions will also need to do the following set If using an older release or a long-term support release, be careful to double-check that the version of `runc` is new enough (running `runc --version` should produce `spec: 1.0.0`), or else [build](https://github.com/containers/libpod/blob/master/docs/tutorials/podman_tutorial.md#installing-runc) your own. -Be careful to double-check that the version of golang is new enough, version 1.8.x or higher is required. If needed, golang kits are available at https://golang.org/dl/ +Be careful to double-check that the version of golang is new enough, version 1.10.x or higher is required. If needed, golang kits are available at https://golang.org/dl/ **Optional** diff --git a/libpod/container_api.go b/libpod/container_api.go index d99aec5b4..390987394 100644 --- a/libpod/container_api.go +++ b/libpod/container_api.go @@ -330,9 +330,10 @@ func (c *Container) Exec(tty, privileged bool, env, cmd []string, user string) e } pidFile := c.execPidPath(sessionID) - // 1 second seems a reasonable time to wait - // See https://github.com/containers/libpod/issues/1495 - const pidWaitTimeout = 1000 + // 60 second seems a reasonable time to wait + // https://github.com/containers/libpod/issues/1495 + // https://github.com/containers/libpod/issues/1816 + const pidWaitTimeout = 60000 // Wait until the runtime makes the pidfile // TODO: If runtime errors before the PID file is created, we have to diff --git a/pkg/rootless/rootless_linux.go b/pkg/rootless/rootless_linux.go index 5c45f2694..85b0ef392 100644 --- a/pkg/rootless/rootless_linux.go +++ b/pkg/rootless/rootless_linux.go @@ -12,6 +12,7 @@ import ( "runtime" "strconv" "strings" + "sync" "syscall" "unsafe" @@ -33,9 +34,17 @@ func runInUser() error { return nil } +var ( + isRootlessOnce sync.Once + isRootless bool +) + // IsRootless tells us if we are running in rootless mode func IsRootless() bool { - return os.Geteuid() != 0 || os.Getenv("_LIBPOD_USERNS_CONFIGURED") != "" + isRootlessOnce.Do(func() { + isRootless = os.Geteuid() != 0 || os.Getenv("_LIBPOD_USERNS_CONFIGURED") != "" + }) + return isRootless } var ( @@ -187,6 +196,9 @@ func BecomeRootInUserNS() (bool, int, error) { if username == "" { user, err := user.LookupId(fmt.Sprintf("%d", os.Getuid())) if err != nil && os.Getenv("PODMAN_ALLOW_SINGLE_ID_MAPPING_IN_USERNS") == "" { + if os.IsNotExist(err) { + return false, 0, errors.Wrapf(err, "/etc/subuid or /etc/subgid does not exist, see subuid/subgid man pages for information on these files") + } return false, 0, errors.Wrapf(err, "could not find user by UID nor USER env was set") } if err == nil { diff --git a/troubleshooting.md b/troubleshooting.md index db36d1bb8..574196a69 100644 --- a/troubleshooting.md +++ b/troubleshooting.md @@ -10,7 +10,7 @@ A large number of issues reported against Podman are often found to already be fixed in more current versions of the project. Before reporting an issue, please verify the version you are running with `podman version` and compare it to the lastest release -documented on the top of Podman's [README.md](README.md). +documented on the top of Podman's [README.md](README.md). If they differ, please update your version of PODMAN to the latest possible and retry your command before reporting the issue. @@ -68,4 +68,62 @@ communicate with a registry and not use tls verification. * Turn off tls verification by passing false to the tls-verification option. * I.e. `podman push --tls-verify=false alpine docker://localhost:5000/myalpine:latest` + +--- +### 4) Rootless: could not get runtime - database configuration mismatch + +In Podman release 0.11.1, a default path for rootless containers was changed, +potentially causing rootless Podman to be unable to function. The new default +path is not a problem for new installations, but existing installations will +need to work around it with the following fix. + +#### Symptom + +```console +$ podman info +could not get runtime: database run root /run/user/1000/run does not match our run root /run/user/1000: database configuration mismatch +``` + +#### Solution + +To work around the new default path, we can manually set the path Podman is +expecting in a configuration file. + +First, we need to make a new local configuration file for rootless Podman. +* `mkdir -p ~/.config/containers` +* `cp /usr/share/containers/libpod.conf ~/.config/containers` + +Next, edit the new local configuration file +(`~/.config/containers/libpod.conf`) with your favorite editor. Comment out the +line starting with `cgroup_manager` by adding a `#` character at the beginning +of the line, and change the path in the line starting with `tmp_dir` to point to +the first path in the error message Podman gave (in this case, +`/run/user/1000/run`). + --- +### 4) rootless containers cannot ping hosts + +When using the ping command from a non-root container, the command may +fail because of a lack of privileges. + +#### Symptom + +```console +$ podman run --rm fedora ping -W10 -c1 redhat.com +PING redhat.com (209.132.183.105): 56 data bytes + +--- redhat.com ping statistics --- +1 packets transmitted, 0 packets received, 100% packet loss +``` + +#### Solution + +It is most likely necessary to enable unprivileged pings on the host. +Be sure the UID of the user is part of the range in the +`/proc/sys/net/ipv4/ping_group_range` file. + +To change its value you can use something like: `sysctl -w +"net.ipv4.ping_group_range=0 2000000"`. + +To make the change persistent, you'll need to add a file in +`/etc/sysctl.d` that contains `net.ipv4.ping_group_range=0 $MAX_UID`. diff --git a/vendor.conf b/vendor.conf index 85b784d9b..a16975bf9 100644 --- a/vendor.conf +++ b/vendor.conf @@ -12,7 +12,7 @@ github.com/containerd/continuity master github.com/containernetworking/cni v0.7.0-alpha1 github.com/containernetworking/plugins 1562a1e60ed101aacc5e08ed9dbeba8e9f3d4ec1 github.com/containers/image bd10b1b53b2976f215b3f2f848fb8e7cad779aeb -github.com/containers/storage 09abf3a26b8a3aa69e29fd7faeb260b98d675759 +github.com/containers/storage 3161726d1db0d0d4e86a9667dd476f09b997f497 github.com/containers/psgo 5dde6da0bc8831b35243a847625bcf18183bd1ee github.com/coreos/go-systemd v14 github.com/cri-o/ocicni 2d2983e40c242322a56c22a903785e7f83eb378c @@ -77,7 +77,7 @@ golang.org/x/sys master golang.org/x/text f72d8390a633d5dfb0cc84043294db9f6c935756 golang.org/x/time f51c12702a4d776e4c1fa9b0fabab841babae631 golang.org/x/sync master -google.golang.org/grpc v1.0.4 https://github.com/grpc/grpc-go< +google.golang.org/grpc v1.0.4 https://github.com/grpc/grpc-go gopkg.in/cheggaaa/pb.v1 v1.0.7 gopkg.in/inf.v0 v0.9.0 gopkg.in/mgo.v2 v2 @@ -92,7 +92,7 @@ k8s.io/kube-openapi 275e2ce91dec4c05a4094a7b1daee5560b555ac9 https://github.com/ k8s.io/utils 258e2a2fa64568210fbd6267cf1d8fd87c3cb86e https://github.com/kubernetes/utils github.com/mrunalp/fileutils master github.com/varlink/go master -github.com/containers/buildah 46c577c87d5a7ab30ef40cfa695cd2b96b32b117 +github.com/containers/buildah 795d43e60e5a1ab283981b79eeda1dd14a65a0bd github.com/Nvveen/Gotty master github.com/fsouza/go-dockerclient master github.com/openshift/imagebuilder master diff --git a/vendor/github.com/containers/buildah/README.md b/vendor/github.com/containers/buildah/README.md index 6a79e524b..2b539bba8 100644 --- a/vendor/github.com/containers/buildah/README.md +++ b/vendor/github.com/containers/buildah/README.md @@ -107,6 +107,7 @@ $ sudo ./lighttpd.sh | [buildah-images(1)](/docs/buildah-images.md) | List images in local storage. | | [buildah-inspect(1)](/docs/buildah-inspect.md) | Inspects the configuration of a container or image. | | [buildah-mount(1)](/docs/buildah-mount.md) | Mount the working container's root filesystem. | +| [buildah-pull(1)](/docs/buildah-pull.md) | Pull an image from the specified location. | | [buildah-push(1)](/docs/buildah-push.md) | Push an image from local storage to elsewhere. | | [buildah-rename(1)](/docs/buildah-rename.md) | Rename a local container. | | [buildah-rm(1)](/docs/buildah-rm.md) | Removes one or more working containers. | diff --git a/vendor/github.com/containers/buildah/buildah.go b/vendor/github.com/containers/buildah/buildah.go index 9994d6cd0..1a642ed3d 100644 --- a/vendor/github.com/containers/buildah/buildah.go +++ b/vendor/github.com/containers/buildah/buildah.go @@ -224,6 +224,7 @@ func GetBuildInfo(b *Builder) BuilderInfo { ContainerID: b.ContainerID, MountPoint: b.MountPoint, ProcessLabel: b.ProcessLabel, + MountLabel: b.MountLabel, ImageAnnotations: b.ImageAnnotations, ImageCreatedBy: b.ImageCreatedBy, OCIv1: b.OCIv1, diff --git a/vendor/github.com/containers/buildah/chroot/run.go b/vendor/github.com/containers/buildah/chroot/run.go index 51e2d2bd4..8cfefb3de 100644 --- a/vendor/github.com/containers/buildah/chroot/run.go +++ b/vendor/github.com/containers/buildah/chroot/run.go @@ -1147,7 +1147,7 @@ func setupChrootBindMounts(spec *specs.Spec, bundlePath string) (undoBinds func( } if uintptr(fs.Flags)&expectedFlags != expectedFlags { if err := unix.Mount(target, target, "bind", requestFlags|unix.MS_REMOUNT, ""); err != nil { - return undoBinds, errors.Wrapf(err, "error remounting %q in mount namespace with expected flags") + return undoBinds, errors.Wrapf(err, "error remounting %q in mount namespace with expected flags", target) } } } diff --git a/vendor/github.com/containers/buildah/common.go b/vendor/github.com/containers/buildah/common.go index 56a901925..be59215df 100644 --- a/vendor/github.com/containers/buildah/common.go +++ b/vendor/github.com/containers/buildah/common.go @@ -2,12 +2,14 @@ package buildah import ( "io" - - "github.com/sirupsen/logrus" + "os" + "path/filepath" cp "github.com/containers/image/copy" "github.com/containers/image/transports" "github.com/containers/image/types" + "github.com/containers/libpod/pkg/rootless" + "github.com/sirupsen/logrus" ) const ( @@ -17,10 +19,20 @@ const ( DOCKER = "docker" ) +// userRegistriesFile is the path to the per user registry configuration file. +var userRegistriesFile = filepath.Join(os.Getenv("HOME"), ".config/containers/registries.conf") + func getCopyOptions(reportWriter io.Writer, sourceReference types.ImageReference, sourceSystemContext *types.SystemContext, destinationReference types.ImageReference, destinationSystemContext *types.SystemContext, manifestType string) *cp.Options { sourceCtx := &types.SystemContext{} if sourceSystemContext != nil { *sourceCtx = *sourceSystemContext + } else { + if rootless.IsRootless() { + if _, err := os.Stat(userRegistriesFile); err == nil { + sourceCtx.SystemRegistriesConfPath = userRegistriesFile + } + + } } sourceInsecure, err := isReferenceInsecure(sourceReference, sourceCtx) if err != nil { @@ -33,6 +45,12 @@ func getCopyOptions(reportWriter io.Writer, sourceReference types.ImageReference destinationCtx := &types.SystemContext{} if destinationSystemContext != nil { *destinationCtx = *destinationSystemContext + } else { + if rootless.IsRootless() { + if _, err := os.Stat(userRegistriesFile); err == nil { + destinationCtx.SystemRegistriesConfPath = userRegistriesFile + } + } } destinationInsecure, err := isReferenceInsecure(destinationReference, destinationCtx) if err != nil { @@ -58,5 +76,11 @@ func getSystemContext(defaults *types.SystemContext, signaturePolicyPath string) if signaturePolicyPath != "" { sc.SignaturePolicyPath = signaturePolicyPath } + if sc.SystemRegistriesConfPath == "" && rootless.IsRootless() { + if _, err := os.Stat(userRegistriesFile); err == nil { + sc.SystemRegistriesConfPath = userRegistriesFile + } + + } return sc } diff --git a/vendor/github.com/containers/buildah/delete.go b/vendor/github.com/containers/buildah/delete.go index 25f76cf74..e3bddba20 100644 --- a/vendor/github.com/containers/buildah/delete.go +++ b/vendor/github.com/containers/buildah/delete.go @@ -1,7 +1,6 @@ package buildah import ( - "github.com/opencontainers/selinux/go-selinux/label" "github.com/pkg/errors" ) @@ -14,5 +13,5 @@ func (b *Builder) Delete() error { b.MountPoint = "" b.Container = "" b.ContainerID = "" - return label.ReleaseLabel(b.ProcessLabel) + return nil } diff --git a/vendor/github.com/containers/buildah/image.go b/vendor/github.com/containers/buildah/image.go index 31aff9eea..c0bf90ddd 100644 --- a/vendor/github.com/containers/buildah/image.go +++ b/vendor/github.com/containers/buildah/image.go @@ -107,7 +107,6 @@ func expectedDockerDiffIDs(image docker.V2Image) int { // compression that we'll be applying. func (i *containerImageRef) computeLayerMIMEType(what string) (omediaType, dmediaType string, err error) { omediaType = v1.MediaTypeImageLayer - //TODO: Convert to manifest.DockerV2Schema2LayerUncompressedMediaType once available dmediaType = docker.V2S2MediaTypeUncompressedLayer if i.compression != archive.Uncompressed { switch i.compression { diff --git a/vendor/github.com/containers/buildah/imagebuildah/build.go b/vendor/github.com/containers/buildah/imagebuildah/build.go index 41d85cbc6..292ff9541 100644 --- a/vendor/github.com/containers/buildah/imagebuildah/build.go +++ b/vendor/github.com/containers/buildah/imagebuildah/build.go @@ -563,39 +563,39 @@ func NewExecutor(store storage.Store, options BuildOptions) (*Executor, error) { registry: options.Registry, transport: options.Transport, ignoreUnrecognizedInstructions: options.IgnoreUnrecognizedInstructions, - quiet: options.Quiet, - runtime: options.Runtime, - runtimeArgs: options.RuntimeArgs, - transientMounts: options.TransientMounts, - compression: options.Compression, - output: options.Output, - outputFormat: options.OutputFormat, - additionalTags: options.AdditionalTags, - signaturePolicyPath: options.SignaturePolicyPath, - systemContext: options.SystemContext, - volumeCache: make(map[string]string), - volumeCacheInfo: make(map[string]os.FileInfo), - log: options.Log, - in: options.In, - out: options.Out, - err: options.Err, - reportWriter: options.ReportWriter, - isolation: options.Isolation, - namespaceOptions: options.NamespaceOptions, - configureNetwork: options.ConfigureNetwork, - cniPluginPath: options.CNIPluginPath, - cniConfigDir: options.CNIConfigDir, - idmappingOptions: options.IDMappingOptions, - commonBuildOptions: options.CommonBuildOpts, - defaultMountsFilePath: options.DefaultMountsFilePath, - iidfile: options.IIDFile, - squash: options.Squash, - labels: append([]string{}, options.Labels...), - annotations: append([]string{}, options.Annotations...), - layers: options.Layers, - noCache: options.NoCache, - removeIntermediateCtrs: options.RemoveIntermediateCtrs, - forceRmIntermediateCtrs: options.ForceRmIntermediateCtrs, + quiet: options.Quiet, + runtime: options.Runtime, + runtimeArgs: options.RuntimeArgs, + transientMounts: options.TransientMounts, + compression: options.Compression, + output: options.Output, + outputFormat: options.OutputFormat, + additionalTags: options.AdditionalTags, + signaturePolicyPath: options.SignaturePolicyPath, + systemContext: options.SystemContext, + volumeCache: make(map[string]string), + volumeCacheInfo: make(map[string]os.FileInfo), + log: options.Log, + in: options.In, + out: options.Out, + err: options.Err, + reportWriter: options.ReportWriter, + isolation: options.Isolation, + namespaceOptions: options.NamespaceOptions, + configureNetwork: options.ConfigureNetwork, + cniPluginPath: options.CNIPluginPath, + cniConfigDir: options.CNIConfigDir, + idmappingOptions: options.IDMappingOptions, + commonBuildOptions: options.CommonBuildOpts, + defaultMountsFilePath: options.DefaultMountsFilePath, + iidfile: options.IIDFile, + squash: options.Squash, + labels: append([]string{}, options.Labels...), + annotations: append([]string{}, options.Annotations...), + layers: options.Layers, + noCache: options.NoCache, + removeIntermediateCtrs: options.RemoveIntermediateCtrs, + forceRmIntermediateCtrs: options.ForceRmIntermediateCtrs, } if exec.err == nil { exec.err = os.Stderr @@ -764,7 +764,7 @@ func (b *Executor) resolveNameToImageRef() (types.ImageReference, error) { if err != nil { candidates, _, err := util.ResolveName(b.output, "", b.systemContext, b.store) if err != nil { - return nil, errors.Wrapf(err, "error parsing target image name %q: %v", b.output) + return nil, errors.Wrapf(err, "error parsing target image name %q", b.output) } if len(candidates) == 0 { return nil, errors.Errorf("error parsing target image name %q", b.output) @@ -1044,17 +1044,14 @@ func (b *Executor) copiedFilesMatch(node *parser.Node, historyTime *time.Time) ( } continue } - // For local files, walk the file tree and check the time stamps. - timeIsGreater := false - err := filepath.Walk(item, func(path string, info os.FileInfo, err error) error { - if info.ModTime().After(*historyTime) { - timeIsGreater = true - return nil - } - return nil - }) + // Walks the file tree for local files and uses chroot to ensure we don't escape out of the allowed path + // when resolving any symlinks. + // Change the time format to ensure we don't run into a parsing error when converting again from string + // to time.Time. It is a known Go issue that the conversions cause errors sometimes, so specifying a particular + // time format here when converting to a string. + timeIsGreater, err := resolveModifiedTime(b.contextDir, item, historyTime.Format(time.RFC3339Nano)) if err != nil { - return false, errors.Wrapf(err, "error walking file tree %q", item) + return false, errors.Wrapf(err, "error resolving symlinks and comparing modified times: %q", item) } if timeIsGreater { return false, nil @@ -1289,15 +1286,24 @@ func BuildDockerfiles(ctx context.Context, store storage.Store, options BuildOpt } else { // If the Dockerfile isn't found try prepending the // context directory to it. - if _, err := os.Stat(dfile); os.IsNotExist(err) { + dinfo, err := os.Stat(dfile) + if os.IsNotExist(err) { dfile = filepath.Join(options.ContextDirectory, dfile) } + dinfo, err = os.Stat(dfile) + if err != nil { + return "", nil, errors.Wrapf(err, "error reading info about %q", dfile) + } + // If given a directory, add '/Dockerfile' to it. + if dinfo.Mode().IsDir() { + dfile = filepath.Join(dfile, "Dockerfile") + } logrus.Debugf("reading local Dockerfile %q", dfile) contents, err := os.Open(dfile) if err != nil { return "", nil, errors.Wrapf(err, "error reading %q", dfile) } - dinfo, err := contents.Stat() + dinfo, err = contents.Stat() if err != nil { contents.Close() return "", nil, errors.Wrapf(err, "error reading info about %q", dfile) diff --git a/vendor/github.com/containers/buildah/imagebuildah/chroot_symlink.go b/vendor/github.com/containers/buildah/imagebuildah/chroot_symlink.go index 20e396f1f..2269b8dcc 100644 --- a/vendor/github.com/containers/buildah/imagebuildah/chroot_symlink.go +++ b/vendor/github.com/containers/buildah/imagebuildah/chroot_symlink.go @@ -6,6 +6,7 @@ import ( "os" "path/filepath" "strings" + "time" "github.com/containers/storage/pkg/reexec" "github.com/pkg/errors" @@ -14,13 +15,18 @@ import ( const ( symlinkChrootedCommand = "chrootsymlinks-resolve" + symlinkModifiedTime = "modtimesymlinks-resolve" maxSymlinksResolved = 40 ) func init() { reexec.Register(symlinkChrootedCommand, resolveChrootedSymlinks) + reexec.Register(symlinkModifiedTime, resolveSymlinkTimeModified) } +// main() for grandparent subprocess. Its main job is to shuttle stdio back +// and forth, managing a pseudo-terminal if we want one, for our child, the +// parent subprocess. func resolveChrootedSymlinks() { status := 0 flag.Parse() @@ -39,7 +45,7 @@ func resolveChrootedSymlinks() { } // Our second parameter is the path name to evaluate for symbolic links - symLink, err := getSymbolicLink(flag.Arg(0), flag.Arg(1)) + symLink, err := getSymbolicLink(flag.Arg(1)) if err != nil { fmt.Fprintf(os.Stderr, "error getting symbolic links: %v\n", err) os.Exit(1) @@ -51,7 +57,8 @@ func resolveChrootedSymlinks() { os.Exit(status) } -// ResolveSymlink resolves any symlink in filename in the context of rootdir. +// ResolveSymLink (in the grandparent process) resolves any symlink in filename +// in the context of rootdir. func ResolveSymLink(rootdir, filename string) (string, error) { // The child process expects a chroot and one path that // will be consulted relative to the chroot directory and evaluated @@ -62,32 +69,121 @@ func ResolveSymLink(rootdir, filename string) (string, error) { return "", errors.Wrapf(err, string(output)) } - // Hand back the resolved symlink, will be "" if a symlink is not found + // Hand back the resolved symlink, will be filename if a symlink is not found return string(output), nil } +// main() for grandparent subprocess. Its main job is to shuttle stdio back +// and forth, managing a pseudo-terminal if we want one, for our child, the +// parent subprocess. +func resolveSymlinkTimeModified() { + status := 0 + flag.Parse() + if len(flag.Args()) < 1 { + os.Exit(1) + } + // Our first parameter is the directory to chroot into. + if err := unix.Chdir(flag.Arg(0)); err != nil { + fmt.Fprintf(os.Stderr, "chdir(): %v\n", err) + os.Exit(1) + } + if err := unix.Chroot(flag.Arg(0)); err != nil { + fmt.Fprintf(os.Stderr, "chroot(): %v\n", err) + os.Exit(1) + } + + // Our second parameter is the path name to evaluate for symbolic links. + // Our third parameter is the time the cached intermediate image was created. + // We check whether the modified time of the filepath we provide is after the time the cached image was created. + timeIsGreater, err := modTimeIsGreater(flag.Arg(0), flag.Arg(1), flag.Arg(2)) + if err != nil { + fmt.Fprintf(os.Stderr, "error checking if modified time of resolved symbolic link is greater: %v\n", err) + os.Exit(1) + } + if _, err := os.Stdout.WriteString(fmt.Sprintf("%v", timeIsGreater)); err != nil { + fmt.Fprintf(os.Stderr, "error writing string to stdout: %v\n", err) + os.Exit(1) + } + os.Exit(status) +} + +// resolveModifiedTime (in the grandparent process) checks filename for any symlinks, +// resolves it and compares the modified time of the file with historyTime, which is +// the creation time of the cached image. It returns true if filename was modified after +// historyTime, otherwise returns false. +func resolveModifiedTime(rootdir, filename, historyTime string) (bool, error) { + // The child process expects a chroot and one path that + // will be consulted relative to the chroot directory and evaluated + // for any symbolic links present. + cmd := reexec.Command(symlinkModifiedTime, rootdir, filename, historyTime) + output, err := cmd.CombinedOutput() + if err != nil { + return false, errors.Wrapf(err, string(output)) + } + // Hand back true/false depending on in the file was modified after the caches image was created. + return string(output) == "true", nil +} + +// modTimeIsGreater goes through the files added/copied in using the Dockerfile and +// checks the time stamp (follows symlinks) with the time stamp of when the cached +// image was created. IT compares the two and returns true if the file was modified +// after the cached image was created, otherwise it returns false. +func modTimeIsGreater(rootdir, path string, historyTime string) (bool, error) { + var timeIsGreater bool + + // Convert historyTime from string to time.Time for comparison + histTime, err := time.Parse(time.RFC3339Nano, historyTime) + if err != nil { + return false, errors.Wrapf(err, "error converting string to time.Time %q", historyTime) + } + // Walk the file tree and check the time stamps. + // Since we are chroot in rootdir, only want the path of the actual filename, i.e path - rootdir. + // +1 to account for the extra "/" (e.g rootdir=/home/user/mydir, path=/home/user/mydir/myfile.json) + err = filepath.Walk(path[len(rootdir)+1:], func(path string, info os.FileInfo, err error) error { + modTime := info.ModTime() + if info.Mode()&os.ModeSymlink == os.ModeSymlink { + // Evaluate any symlink that occurs to get updated modified information + resolvedPath, err := filepath.EvalSymlinks(path) + if err != nil { + return errors.Wrapf(err, "error evaluating symlink %q", path) + } + fileInfo, err := os.Stat(resolvedPath) + if err != nil { + return errors.Wrapf(err, "error getting file info %q", resolvedPath) + } + modTime = fileInfo.ModTime() + } + if modTime.After(histTime) { + timeIsGreater = true + return nil + } + return nil + }) + if err != nil { + return false, errors.Wrapf(err, "error walking file tree %q", path) + } + return timeIsGreater, err +} + // getSymbolic link goes through each part of the path and continues resolving symlinks as they appear. // Returns what the whole target path for what "path" resolves to. -func getSymbolicLink(rootdir, path string) (string, error) { +func getSymbolicLink(path string) (string, error) { var ( symPath string symLinksResolved int ) - - // Splitting path as we need to resolve each parth of the path at a time + // Splitting path as we need to resolve each part of the path at a time splitPath := strings.Split(path, "/") if splitPath[0] == "" { splitPath = splitPath[1:] symPath = "/" } - for _, p := range splitPath { // If we have resolved 40 symlinks, that means something is terribly wrong // will return an error and exit if symLinksResolved >= maxSymlinksResolved { return "", errors.Errorf("have resolved %q symlinks, something is terribly wrong!", maxSymlinksResolved) } - symPath = filepath.Join(symPath, p) isSymlink, resolvedPath, err := hasSymlink(symPath) if err != nil { @@ -119,16 +215,21 @@ func getSymbolicLink(rootdir, path string) (string, error) { // otherwise it returns false and path func hasSymlink(path string) (bool, string, error) { info, err := os.Lstat(path) - if os.IsNotExist(err) { - if err = os.MkdirAll(path, 0755); err != nil { - return false, "", errors.Wrapf(err, "error ensuring volume path %q exists", path) - } - info, err = os.Lstat(path) - if err != nil { - return false, "", errors.Wrapf(err, "error running lstat on %q", path) + if err != nil { + if os.IsNotExist(err) { + if err = os.MkdirAll(path, 0755); err != nil { + return false, "", errors.Wrapf(err, "error ensuring volume path %q exists", path) + } + info, err = os.Lstat(path) + if err != nil { + return false, "", errors.Wrapf(err, "error running lstat on %q", path) + } + } else { + return false, path, errors.Wrapf(err, "error get stat of path %q", path) } } - // Return false and path as path is not a symlink + + // Return false and path as path if not a symlink if info.Mode()&os.ModeSymlink != os.ModeSymlink { return false, path, nil } diff --git a/vendor/github.com/containers/buildah/new.go b/vendor/github.com/containers/buildah/new.go index 8b0e774ba..13bebf420 100644 --- a/vendor/github.com/containers/buildah/new.go +++ b/vendor/github.com/containers/buildah/new.go @@ -3,6 +3,7 @@ package buildah import ( "context" "fmt" + "math/rand" "strings" "github.com/containers/buildah/util" @@ -12,7 +13,6 @@ import ( "github.com/containers/image/transports/alltransports" "github.com/containers/image/types" "github.com/containers/storage" - "github.com/opencontainers/selinux/go-selinux/label" "github.com/openshift/imagebuilder" "github.com/pkg/errors" "github.com/sirupsen/logrus" @@ -23,11 +23,6 @@ const ( // as "no image". BaseImageFakeName = imagebuilder.NoBaseImageSpecifier - // DefaultTransport is a prefix that we apply to an image name if we - // can't find one in the local Store, in order to generate a source - // reference for the image that we can then copy to the local Store. - DefaultTransport = "docker://" - // minimumTruncatedIDLength is the minimum length of an identifier that // we'll accept as possibly being a truncated image ID. minimumTruncatedIDLength = 3 @@ -150,7 +145,7 @@ func resolveImage(ctx context.Context, systemContext *types.SystemContext, store } logrus.Debugf("error parsing image name %q as given, trying with transport %q: %v", image, options.Transport, err) transport := options.Transport - if transport != DefaultTransport { + if transport != util.DefaultTransport { transport = transport + ":" } srcRef2, err := alltransports.ParseImageName(transport + image) @@ -232,6 +227,27 @@ func resolveImage(ctx context.Context, systemContext *types.SystemContext, store } } +func containerNameExist(name string, containers []storage.Container) bool { + for _, container := range containers { + for _, cname := range container.Names { + if cname == name { + return true + } + } + } + return false +} + +func findUnusedContainer(name string, containers []storage.Container) string { + suffix := 1 + tmpName := name + for containerNameExist(tmpName, containers) { + tmpName = fmt.Sprintf("%s-%d", name, suffix) + suffix++ + } + return tmpName +} + func newBuilder(ctx context.Context, store storage.Store, options BuilderOptions) (*Builder, error) { var ref types.ImageReference var img *storage.Image @@ -241,7 +257,7 @@ func newBuilder(ctx context.Context, store storage.Store, options BuilderOptions options.FromImage = "" } if options.Transport == "" { - options.Transport = DefaultTransport + options.Transport = util.DefaultTransport } systemContext := getSystemContext(options.SystemContext, options.SignaturePolicyPath) @@ -277,23 +293,33 @@ func newBuilder(ctx context.Context, store storage.Store, options BuilderOptions name = imageNamePrefix(image) + "-" + name } } + var container *storage.Container + tmpName := name + if options.Container == "" { + containers, err := store.Containers() + if err != nil { + return nil, errors.Wrapf(err, "unable to check for container names") + } + tmpName = findUnusedContainer(tmpName, containers) + } - coptions := storage.ContainerOptions{} - coptions.IDMappingOptions = newContainerIDMappingOptions(options.IDMappingOptions) - - container, err := store.CreateContainer("", []string{name}, imageID, "", "", &coptions) - suffix := 1 - for err != nil && errors.Cause(err) == storage.ErrDuplicateName && options.Container == "" { - suffix++ - tmpName := fmt.Sprintf("%s-%d", name, suffix) - if container, err = store.CreateContainer("", []string{tmpName}, imageID, "", "", &coptions); err == nil { + conflict := 100 + for true { + coptions := storage.ContainerOptions{ + LabelOpts: options.CommonBuildOpts.LabelOpts, + IDMappingOptions: newContainerIDMappingOptions(options.IDMappingOptions), + } + container, err = store.CreateContainer("", []string{tmpName}, imageID, "", "", &coptions) + if err == nil { name = tmpName + break } + if errors.Cause(err) != storage.ErrDuplicateName || options.Container != "" { + return nil, errors.Wrapf(err, "error creating container") + } + tmpName = fmt.Sprintf("%s-%d", name, rand.Int()%conflict) + conflict = conflict * 10 } - if err != nil { - return nil, errors.Wrapf(err, "error creating container") - } - defer func() { if err != nil { if err2 := store.DeleteContainer(container.ID); err2 != nil { @@ -302,13 +328,6 @@ func newBuilder(ctx context.Context, store storage.Store, options BuilderOptions } }() - if err = ReserveSELinuxLabels(store, container.ID); err != nil { - return nil, err - } - processLabel, mountLabel, err := label.InitLabels(options.CommonBuildOpts.LabelOpts) - if err != nil { - return nil, err - } uidmap, gidmap := convertStorageIDMaps(container.UIDMap, container.GIDMap) defaultNamespaceOptions, err := DefaultNamespaceOptions() @@ -328,8 +347,8 @@ func newBuilder(ctx context.Context, store storage.Store, options BuilderOptions ContainerID: container.ID, ImageAnnotations: map[string]string{}, ImageCreatedBy: "", - ProcessLabel: processLabel, - MountLabel: mountLabel, + ProcessLabel: container.ProcessLabel(), + MountLabel: container.MountLabel(), DefaultMountsFilePath: options.DefaultMountsFilePath, Isolation: options.Isolation, NamespaceOptions: namespaceOptions, @@ -351,7 +370,7 @@ func newBuilder(ctx context.Context, store storage.Store, options BuilderOptions } if options.Mount { - _, err = builder.Mount(mountLabel) + _, err = builder.Mount(container.MountLabel()) if err != nil { return nil, errors.Wrapf(err, "error mounting build container %q", builder.ContainerID) } diff --git a/vendor/github.com/containers/buildah/pkg/cli/common.go b/vendor/github.com/containers/buildah/pkg/cli/common.go index b54663f5d..03b340294 100644 --- a/vendor/github.com/containers/buildah/pkg/cli/common.go +++ b/vendor/github.com/containers/buildah/pkg/cli/common.go @@ -71,6 +71,10 @@ var ( LayerFlags = []cli.Flag{ cli.BoolFlag{ + Name: "force-rm", + Usage: "Always remove intermediate containers after a build, even if the build is unsuccessful.", + }, + cli.BoolFlag{ Name: "layers", Usage: fmt.Sprintf("cache intermediate layers during build. Use BUILDAH_LAYERS environment variable to override. (default %t)", UseLayers()), }, @@ -115,10 +119,6 @@ var ( Name: "file, f", Usage: "`pathname or URL` of a Dockerfile", }, - cli.BoolFlag{ - Name: "force-rm", - Usage: "Always remove intermediate containers after a build, even if the build is unsuccessful.", - }, cli.StringFlag{ Name: "format", Usage: "`format` of the built image's manifest and metadata. Use BUILDAH_FORMAT environment variable to override.", diff --git a/vendor/github.com/containers/buildah/pull.go b/vendor/github.com/containers/buildah/pull.go index 52269541a..1a51edb0e 100644 --- a/vendor/github.com/containers/buildah/pull.go +++ b/vendor/github.com/containers/buildah/pull.go @@ -146,11 +146,11 @@ func pullImage(ctx context.Context, store storage.Store, imageName string, optio srcRef, err := alltransports.ParseImageName(spec) if err != nil { if options.Transport == "" { - options.Transport = DefaultTransport + options.Transport = util.DefaultTransport } logrus.Debugf("error parsing image name %q, trying with transport %q: %v", spec, options.Transport, err) transport := options.Transport - if transport != DefaultTransport { + if transport != util.DefaultTransport { transport = transport + ":" } spec = transport + spec @@ -201,6 +201,7 @@ func pullImage(ctx context.Context, store storage.Store, imageName string, optio logrus.Debugf("copying %q to %q", spec, destName) if _, err := cp.Image(ctx, policyContext, destRef, srcRef, getCopyOptions(options.ReportWriter, srcRef, sc, destRef, nil, "")); err != nil { + logrus.Debugf("error copying src image [%q] to dest image [%q] err: %v", spec, destName, err) return nil, err } return destRef, nil diff --git a/vendor/github.com/containers/buildah/run.go b/vendor/github.com/containers/buildah/run.go index 718ef4e36..636a204b3 100644 --- a/vendor/github.com/containers/buildah/run.go +++ b/vendor/github.com/containers/buildah/run.go @@ -451,7 +451,7 @@ func (b *Builder) setupMounts(mountPoint string, spec *specs.Spec, bundlePath st // Add temporary copies of the contents of volume locations at the // volume locations, unless we already have something there. copyWithTar := b.copyWithTar(nil, nil) - builtins, err := runSetupBuiltinVolumes(b.MountLabel, mountPoint, cdir, copyWithTar, builtinVolumes) + builtins, err := runSetupBuiltinVolumes(b.MountLabel, mountPoint, cdir, copyWithTar, builtinVolumes, int(rootUID), int(rootGID)) if err != nil { return err } @@ -493,15 +493,21 @@ func runSetupBoundFiles(bundlePath string, bindFiles map[string]string) (mounts return mounts, nil } -func runSetupBuiltinVolumes(mountLabel, mountPoint, containerDir string, copyWithTar func(srcPath, dstPath string) error, builtinVolumes []string) ([]specs.Mount, error) { +func runSetupBuiltinVolumes(mountLabel, mountPoint, containerDir string, copyWithTar func(srcPath, dstPath string) error, builtinVolumes []string, rootUID, rootGID int) ([]specs.Mount, error) { var mounts []specs.Mount + hostOwner := idtools.IDPair{UID: rootUID, GID: rootGID} // Add temporary copies of the contents of volume locations at the // volume locations, unless we already have something there. for _, volume := range builtinVolumes { subdir := digest.Canonical.FromString(volume).Hex() volumePath := filepath.Join(containerDir, "buildah-volumes", subdir) + srcPath := filepath.Join(mountPoint, volume) + initializeVolume := false // If we need to, initialize the volume path's initial contents. - if _, err := os.Stat(volumePath); err != nil && os.IsNotExist(err) { + if _, err := os.Stat(volumePath); err != nil { + if !os.IsNotExist(err) { + return nil, errors.Wrapf(err, "failed to stat %q for volume %q", volumePath, volume) + } logrus.Debugf("setting up built-in volume at %q", volumePath) if err = os.MkdirAll(volumePath, 0755); err != nil { return nil, errors.Wrapf(err, "error creating directory %q for volume %q", volumePath, volume) @@ -509,11 +515,21 @@ func runSetupBuiltinVolumes(mountLabel, mountPoint, containerDir string, copyWit if err = label.Relabel(volumePath, mountLabel, false); err != nil { return nil, errors.Wrapf(err, "error relabeling directory %q for volume %q", volumePath, volume) } - srcPath := filepath.Join(mountPoint, volume) - stat, err := os.Stat(srcPath) - if err != nil { + initializeVolume = true + } + stat, err := os.Stat(srcPath) + if err != nil { + if !os.IsNotExist(err) { return nil, errors.Wrapf(err, "failed to stat %q for volume %q", srcPath, volume) } + if err = idtools.MkdirAllAndChownNew(srcPath, 0755, hostOwner); err != nil { + return nil, errors.Wrapf(err, "error creating directory %q for volume %q", srcPath, volume) + } + if stat, err = os.Stat(srcPath); err != nil { + return nil, errors.Wrapf(err, "failed to stat %q for volume %q", srcPath, volume) + } + } + if initializeVolume { if err = os.Chmod(volumePath, stat.Mode().Perm()); err != nil { return nil, errors.Wrapf(err, "failed to chmod %q for volume %q", volumePath, volume) } @@ -1044,24 +1060,31 @@ func (b *Builder) Run(command []string, options RunOptions) error { } rootIDPair := &idtools.IDPair{UID: int(rootUID), GID: int(rootGID)} - hostFile, err := b.addNetworkConfig(path, "/etc/hosts", rootIDPair) - if err != nil { - return err - } - resolvFile, err := b.addNetworkConfig(path, "/etc/resolv.conf", rootIDPair) - if err != nil { - return err - } + bindFiles := make(map[string]string) + namespaceOptions := append(b.NamespaceOptions, options.NamespaceOptions...) + volumes := b.Volumes() - if err := addHostsToFile(b.CommonBuildOpts.AddHost, hostFile); err != nil { - return err + if !contains(volumes, "/etc/hosts") { + hostFile, err := b.addNetworkConfig(path, "/etc/hosts", rootIDPair) + if err != nil { + return err + } + bindFiles["/etc/hosts"] = hostFile + + if err := addHostsToFile(b.CommonBuildOpts.AddHost, hostFile); err != nil { + return err + } } - bindFiles := map[string]string{ - "/etc/hosts": hostFile, - "/etc/resolv.conf": resolvFile, + if !contains(volumes, "/etc/resolv.conf") { + resolvFile, err := b.addNetworkConfig(path, "/etc/resolv.conf", rootIDPair) + if err != nil { + return err + } + bindFiles["/etc/resolv.conf"] = resolvFile } - err = b.setupMounts(mountPoint, spec, path, options.Mounts, bindFiles, b.Volumes(), b.CommonBuildOpts.Volumes, b.CommonBuildOpts.ShmSize, append(b.NamespaceOptions, options.NamespaceOptions...)) + + err = b.setupMounts(mountPoint, spec, path, options.Mounts, bindFiles, volumes, b.CommonBuildOpts.Volumes, b.CommonBuildOpts.ShmSize, namespaceOptions) if err != nil { return errors.Wrapf(err, "error resolving mountpoints for container %q", b.ContainerID) } @@ -1095,7 +1118,7 @@ func (b *Builder) Run(command []string, options RunOptions) error { } else { moreCreateArgs = nil } - err = b.runUsingRuntimeSubproc(options, configureNetwork, configureNetworks, moreCreateArgs, spec, mountPoint, path, Package+"-"+filepath.Base(path)) + err = b.runUsingRuntimeSubproc(isolation, options, configureNetwork, configureNetworks, moreCreateArgs, spec, mountPoint, path, Package+"-"+filepath.Base(path)) case IsolationChroot: err = chroot.RunUsingChroot(spec, path, options.Stdin, options.Stdout, options.Stderr) case IsolationOCIRootless: @@ -1109,13 +1132,22 @@ func (b *Builder) Run(command []string, options RunOptions) error { } } options.Args = append(options.Args, rootlessFlag...) - err = b.runUsingRuntimeSubproc(options, configureNetwork, configureNetworks, []string{"--no-new-keyring"}, spec, mountPoint, path, Package+"-"+filepath.Base(path)) + err = b.runUsingRuntimeSubproc(isolation, options, configureNetwork, configureNetworks, []string{"--no-new-keyring"}, spec, mountPoint, path, Package+"-"+filepath.Base(path)) default: err = errors.Errorf("don't know how to run this command") } return err } +func contains(volumes []string, v string) bool { + for _, i := range volumes { + if i == v { + return true + } + } + return false +} + func checkAndOverrideIsolationOptions(isolation Isolation, options *RunOptions) error { switch isolation { case IsolationOCIRootless: @@ -1123,10 +1155,22 @@ func checkAndOverrideIsolationOptions(isolation Isolation, options *RunOptions) logrus.Debugf("Forcing use of an IPC namespace.") } options.NamespaceOptions.AddOrReplace(NamespaceOption{Name: string(specs.IPCNamespace)}) - if ns := options.NamespaceOptions.Find(string(specs.NetworkNamespace)); ns != nil && !ns.Host { - logrus.Debugf("Disabling network namespace.") + _, err := exec.LookPath("slirp4netns") + hostNetworking := err != nil + networkNamespacePath := "" + if ns := options.NamespaceOptions.Find(string(specs.NetworkNamespace)); ns != nil { + hostNetworking = ns.Host + networkNamespacePath = ns.Path + if !hostNetworking && networkNamespacePath != "" && !filepath.IsAbs(networkNamespacePath) { + logrus.Debugf("Disabling network namespace configuration.") + networkNamespacePath = "" + } } - options.NamespaceOptions.AddOrReplace(NamespaceOption{Name: string(specs.NetworkNamespace), Host: true}) + options.NamespaceOptions.AddOrReplace(NamespaceOption{ + Name: string(specs.NetworkNamespace), + Host: hostNetworking, + Path: networkNamespacePath, + }) if ns := options.NamespaceOptions.Find(string(specs.PIDNamespace)); ns == nil || ns.Host { logrus.Debugf("Forcing use of a PID namespace.") } @@ -1227,9 +1271,10 @@ type runUsingRuntimeSubprocOptions struct { ConfigureNetworks []string MoreCreateArgs []string ContainerName string + Isolation Isolation } -func (b *Builder) runUsingRuntimeSubproc(options RunOptions, configureNetwork bool, configureNetworks, moreCreateArgs []string, spec *specs.Spec, rootPath, bundlePath, containerName string) (err error) { +func (b *Builder) runUsingRuntimeSubproc(isolation Isolation, options RunOptions, configureNetwork bool, configureNetworks, moreCreateArgs []string, spec *specs.Spec, rootPath, bundlePath, containerName string) (err error) { var confwg sync.WaitGroup config, conferr := json.Marshal(runUsingRuntimeSubprocOptions{ Options: options, @@ -1240,6 +1285,7 @@ func (b *Builder) runUsingRuntimeSubproc(options RunOptions, configureNetwork bo ConfigureNetworks: configureNetworks, MoreCreateArgs: moreCreateArgs, ContainerName: containerName, + Isolation: isolation, }) if conferr != nil { return errors.Wrapf(conferr, "error encoding configuration for %q", runUsingRuntimeCommand) @@ -1318,7 +1364,7 @@ func runUsingRuntimeMain() { os.Exit(1) } // Run the container, start to finish. - status, err := runUsingRuntime(options.Options, options.ConfigureNetwork, options.ConfigureNetworks, options.MoreCreateArgs, options.Spec, options.RootPath, options.BundlePath, options.ContainerName) + status, err := runUsingRuntime(options.Isolation, options.Options, options.ConfigureNetwork, options.ConfigureNetworks, options.MoreCreateArgs, options.Spec, options.RootPath, options.BundlePath, options.ContainerName) if err != nil { fmt.Fprintf(os.Stderr, "error running container: %v\n", err) os.Exit(1) @@ -1333,7 +1379,7 @@ func runUsingRuntimeMain() { os.Exit(1) } -func runUsingRuntime(options RunOptions, configureNetwork bool, configureNetworks, moreCreateArgs []string, spec *specs.Spec, rootPath, bundlePath, containerName string) (wstatus unix.WaitStatus, err error) { +func runUsingRuntime(isolation Isolation, options RunOptions, configureNetwork bool, configureNetworks, moreCreateArgs []string, spec *specs.Spec, rootPath, bundlePath, containerName string) (wstatus unix.WaitStatus, err error) { // Lock the caller to a single OS-level thread. runtime.LockOSThread() @@ -1490,7 +1536,7 @@ func runUsingRuntime(options RunOptions, configureNetwork bool, configureNetwork }() if configureNetwork { - teardown, err := runConfigureNetwork(options, configureNetworks, pid, containerName, spec.Process.Args) + teardown, err := runConfigureNetwork(isolation, options, configureNetworks, pid, containerName, spec.Process.Args) if teardown != nil { defer teardown() } @@ -1623,9 +1669,81 @@ func runCollectOutput(fds, closeBeforeReadingFds []int) string { } return b.String() } +func setupRootlessNetwork(pid int) (teardown func(), err error) { + slirp4netns, err := exec.LookPath("slirp4netns") + if err != nil { + return nil, errors.Wrapf(err, "cannot find slirp4netns") + } + + rootlessSlirpSyncR, rootlessSlirpSyncW, err := os.Pipe() + if err != nil { + return nil, errors.Wrapf(err, "cannot create slirp4netns sync pipe") + } + defer rootlessSlirpSyncR.Close() + + // Be sure there are no fds inherited to slirp4netns except the sync pipe + files, err := ioutil.ReadDir("/proc/self/fd") + if err != nil { + return nil, errors.Wrapf(err, "cannot list open fds") + } + for _, f := range files { + fd, err := strconv.Atoi(f.Name()) + if err != nil { + return nil, errors.Wrapf(err, "cannot parse fd") + } + if fd == int(rootlessSlirpSyncW.Fd()) { + continue + } + unix.CloseOnExec(fd) + } + + cmd := exec.Command(slirp4netns, "-r", "3", "-c", fmt.Sprintf("%d", pid), "tap0") + cmd.Stdin, cmd.Stdout, cmd.Stderr = nil, nil, nil + cmd.ExtraFiles = []*os.File{rootlessSlirpSyncW} + + err = cmd.Start() + rootlessSlirpSyncW.Close() + if err != nil { + return nil, errors.Wrapf(err, "cannot start slirp4netns") + } -func runConfigureNetwork(options RunOptions, configureNetworks []string, pid int, containerName string, command []string) (teardown func(), err error) { + b := make([]byte, 1) + for { + if err := rootlessSlirpSyncR.SetDeadline(time.Now().Add(1 * time.Second)); err != nil { + return nil, errors.Wrapf(err, "error setting slirp4netns pipe timeout") + } + if _, err := rootlessSlirpSyncR.Read(b); err == nil { + break + } else { + if os.IsTimeout(err) { + // Check if the process is still running. + var status syscall.WaitStatus + _, err := syscall.Wait4(cmd.Process.Pid, &status, syscall.WNOHANG, nil) + if err != nil { + return nil, errors.Wrapf(err, "failed to read slirp4netns process status") + } + if status.Exited() || status.Signaled() { + return nil, errors.New("slirp4netns failed") + } + + continue + } + return nil, errors.Wrapf(err, "failed to read from slirp4netns sync pipe") + } + } + + return func() { + cmd.Process.Kill() + cmd.Wait() + }, nil +} + +func runConfigureNetwork(isolation Isolation, options RunOptions, configureNetworks []string, pid int, containerName string, command []string) (teardown func(), err error) { var netconf, undo []*libcni.NetworkConfigList + + if isolation == IsolationOCIRootless { + return setupRootlessNetwork(pid) + } // Scan for CNI configuration files. confdir := options.CNIConfigDir files, err := libcni.ConfFiles(confdir, []string{".conf"}) @@ -1956,7 +2074,7 @@ func runAcceptTerminal(consoleListener *net.UnixListener, terminalSize *specs.Bo for i := range scm { fds, err := unix.ParseUnixRights(&scm[i]) if err != nil { - return -1, errors.Wrapf(err, "error parsing unix rights control message: %v") + return -1, errors.Wrapf(err, "error parsing unix rights control message: %v", &scm[i]) } logrus.Debugf("fds: %v", fds) if len(fds) == 0 { diff --git a/vendor/github.com/containers/buildah/unshare/unshare.go b/vendor/github.com/containers/buildah/unshare/unshare.go index fbe623660..2a970b8d6 100644 --- a/vendor/github.com/containers/buildah/unshare/unshare.go +++ b/vendor/github.com/containers/buildah/unshare/unshare.go @@ -55,6 +55,10 @@ func (c *Cmd) Start() error { } c.Env = append(c.Env, fmt.Sprintf("_Buildah-unshare=%d", c.UnshareFlags)) + // Please the libpod "rootless" package to find the expected env variables. + c.Env = append(c.Env, "_LIBPOD_USERNS_CONFIGURED=done") + c.Env = append(c.Env, fmt.Sprintf("_LIBPOD_ROOTLESS_UID=%d", os.Geteuid())) + // Create the pipe for reading the child's PID. pidRead, pidWrite, err := os.Pipe() if err != nil { diff --git a/vendor/github.com/containers/buildah/util/util.go b/vendor/github.com/containers/buildah/util/util.go index 3a415a7f3..b2451b78b 100644 --- a/vendor/github.com/containers/buildah/util/util.go +++ b/vendor/github.com/containers/buildah/util/util.go @@ -7,10 +7,8 @@ import ( "net/url" "os" "path" - "path/filepath" "strconv" "strings" - "syscall" "github.com/containers/image/directory" dockerarchive "github.com/containers/image/docker/archive" @@ -31,6 +29,10 @@ import ( const ( minimumTruncatedIDLength = 3 + // DefaultTransport is a prefix that we apply to an image name if we + // can't find one in the local Store, in order to generate a source + // reference for the image that we can then copy to the local Store. + DefaultTransport = "docker://" ) var ( @@ -89,6 +91,7 @@ func ResolveName(name string, firstRegistry string, sc *types.SystemContext, sto } } + name = strings.TrimPrefix(name, DefaultTransport) // If the image name already included a domain component, we're done. named, err := reference.ParseNormalizedNamed(name) if err != nil { @@ -450,60 +453,6 @@ func ParseIDMappings(uidmap, gidmap []string) ([]idtools.IDMap, []idtools.IDMap, return uid, gid, nil } -// UnsharedRootPath returns a location under ($XDG_DATA_HOME/containers/storage, -// or $HOME/.local/share/containers/storage, or -// (the user's home directory)/.local/share/containers/storage, or an error. -func UnsharedRootPath(homedir string) (string, error) { - // If $XDG_DATA_HOME is defined... - if envDataHome, haveDataHome := os.LookupEnv("XDG_DATA_HOME"); haveDataHome { - return filepath.Join(envDataHome, "containers", "storage"), nil - } - // If $XDG_DATA_HOME is not defined, but $HOME is defined... - if envHomedir, haveHomedir := os.LookupEnv("HOME"); haveHomedir { - // Default to the user's $HOME/.local/share/containers/storage subdirectory. - return filepath.Join(envHomedir, ".local", "share", "containers", "storage"), nil - } - // If we know where our home directory is... - if homedir != "" { - // Default to the user's homedir/.local/share/containers/storage subdirectory. - return filepath.Join(homedir, ".local", "share", "containers", "storage"), nil - } - return "", errors.New("unable to determine a --root location: neither $XDG_DATA_HOME nor $HOME is set") -} - -// UnsharedRunrootPath returns $XDG_RUNTIME_DIR/run, /var/run/user/(the user's UID)/run, or an error. -func UnsharedRunrootPath(uid string) (string, error) { - // If $XDG_RUNTIME_DIR is defined... - if envRuntimeDir, haveRuntimeDir := os.LookupEnv("XDG_RUNTIME_DIR"); haveRuntimeDir { - return filepath.Join(envRuntimeDir, "run"), nil - } - var runtimeDir string - // If $XDG_RUNTIME_DIR is not defined, but we know our UID... - if uid != "" { - tmpDir := filepath.Join("/var/run/user", uid) - os.MkdirAll(tmpDir, 0700) - st, err := os.Stat(tmpDir) - if err == nil && int(st.Sys().(*syscall.Stat_t).Uid) == os.Getuid() && st.Mode().Perm() == 0700 { - runtimeDir = tmpDir - } - } - if runtimeDir == "" { - home := os.Getenv("HOME") - if home == "" { - return "", errors.New("neither XDG_RUNTIME_DIR nor HOME was set non-empty") - } - resolvedHome, err := filepath.EvalSymlinks(home) - if err != nil { - return "", errors.Wrapf(err, "cannot resolve %s", home) - } - runtimeDir = filepath.Join(resolvedHome, "rundir") - } - if err := os.Setenv("XDG_RUNTIME_DIR", runtimeDir); err != nil { - return "", errors.New("could not set XDG_RUNTIME_DIR") - } - return runtimeDir, nil -} - // GetPolicyContext sets up, initializes and returns a new context for the specified policy func GetPolicyContext(ctx *types.SystemContext) (*signature.PolicyContext, error) { policy, err := signature.DefaultPolicy(ctx) diff --git a/vendor/github.com/containers/buildah/vendor.conf b/vendor/github.com/containers/buildah/vendor.conf index d79412afc..c4410d0af 100644 --- a/vendor/github.com/containers/buildah/vendor.conf +++ b/vendor/github.com/containers/buildah/vendor.conf @@ -4,8 +4,8 @@ github.com/BurntSushi/toml master github.com/containerd/continuity master github.com/containernetworking/cni v0.7.0-alpha1 github.com/containers/image 5e5b67d6b1cf43cc349128ec3ed7d5283a6cc0d1 -github.com/containers/libpod 2afadeec6696fefac468a49c8ba24b0bc275aa75 -github.com/containers/storage 41294c85d97bef688e18f710402895dbecde3308 +github.com/containers/libpod e75469ab99c48e9fbe2b36ade229d384bdea9144 +github.com/containers/storage 09abf3a26b8a3aa69e29fd7faeb260b98d675759 github.com/docker/distribution 5f6282db7d65e6d72ad7c2cc66310724a57be716 github.com/docker/docker 86f080cff0914e9694068ed78d503701667c4c00 github.com/docker/docker-credential-helpers d68f9aeca33f5fd3f08eeae5e9d175edf4e731d1 @@ -36,7 +36,7 @@ github.com/opencontainers/image-spec v1.0.0 github.com/opencontainers/runc master github.com/opencontainers/runtime-spec v1.0.0 github.com/opencontainers/runtime-tools master -github.com/opencontainers/selinux b6fa367ed7f534f9ba25391cc2d467085dbb445a +github.com/opencontainers/selinux master github.com/openshift/imagebuilder master github.com/ostreedev/ostree-go aeb02c6b6aa2889db3ef62f7855650755befd460 github.com/pborman/uuid master diff --git a/vendor/github.com/containers/storage/README.md b/vendor/github.com/containers/storage/README.md index f68cc55c3..fef46a689 100644 --- a/vendor/github.com/containers/storage/README.md +++ b/vendor/github.com/containers/storage/README.md @@ -2,7 +2,7 @@ layers, container images, and containers. A `containers-storage` CLI wrapper is also included for manual and scripting use. -To build the CLI wrapper, use 'make build-binary'. +To build the CLI wrapper, use 'make binary'. Operations which use VMs expect to launch them using 'vagrant', defaulting to using its 'libvirt' provider. The boxes used are also available for the diff --git a/vendor/github.com/containers/storage/drivers/aufs/aufs.go b/vendor/github.com/containers/storage/drivers/aufs/aufs.go index f14ba24b9..474c7574d 100644 --- a/vendor/github.com/containers/storage/drivers/aufs/aufs.go +++ b/vendor/github.com/containers/storage/drivers/aufs/aufs.go @@ -405,7 +405,7 @@ func atomicRemove(source string) error { case os.IsExist(err): // Got error saying the target dir already exists, maybe the source doesn't exist due to a previous (failed) remove if _, e := os.Stat(source); !os.IsNotExist(e) { - return errors.Wrapf(err, "target rename dir '%s' exists but should not, this needs to be manually cleaned up") + return errors.Wrapf(err, "target rename dir '%s' exists but should not, this needs to be manually cleaned up", target) } default: return errors.Wrapf(err, "error preparing atomic delete") diff --git a/vendor/github.com/containers/storage/drivers/overlay/overlay.go b/vendor/github.com/containers/storage/drivers/overlay/overlay.go index d2cc65bca..b7e15a7f6 100644 --- a/vendor/github.com/containers/storage/drivers/overlay/overlay.go +++ b/vendor/github.com/containers/storage/drivers/overlay/overlay.go @@ -340,6 +340,10 @@ func supportsOverlay(home string, homeMagic graphdriver.FsMagic, rootUID, rootGI func (d *Driver) useNaiveDiff() bool { useNaiveDiffLock.Do(func() { + if d.options.mountProgram != "" { + useNaiveDiffOnly = true + return + } if err := doesSupportNativeDiff(d.home, d.options.mountOptions); err != nil { logrus.Warnf("Not using native diff for overlay, this may cause degraded performance for building images: %v", err) useNaiveDiffOnly = true @@ -841,6 +845,17 @@ func (d *Driver) isParent(id, parent string) bool { return ld == parentDir } +func (d *Driver) getWhiteoutFormat() archive.WhiteoutFormat { + whiteoutFormat := archive.OverlayWhiteoutFormat + if d.options.mountProgram != "" { + // If we are using a mount program, we are most likely running + // as an unprivileged user that cannot use mknod, so fallback to the + // AUFS whiteout format. + whiteoutFormat = archive.AUFSWhiteoutFormat + } + return whiteoutFormat +} + // ApplyDiff applies the new layer into a root func (d *Driver) ApplyDiff(id string, idMappings *idtools.IDMappings, parent string, mountLabel string, diff io.Reader) (size int64, err error) { if !d.isParent(id, parent) { @@ -858,7 +873,7 @@ func (d *Driver) ApplyDiff(id string, idMappings *idtools.IDMappings, parent str if err := untar(diff, applyDir, &archive.TarOptions{ UIDMaps: idMappings.UIDs(), GIDMaps: idMappings.GIDs(), - WhiteoutFormat: archive.OverlayWhiteoutFormat, + WhiteoutFormat: d.getWhiteoutFormat(), }); err != nil { return 0, err } @@ -911,7 +926,7 @@ func (d *Driver) Diff(id string, idMappings *idtools.IDMappings, parent string, Compression: archive.Uncompressed, UIDMaps: idMappings.UIDs(), GIDMaps: idMappings.GIDs(), - WhiteoutFormat: archive.OverlayWhiteoutFormat, + WhiteoutFormat: d.getWhiteoutFormat(), WhiteoutData: lowerDirs, }) } diff --git a/vendor/github.com/containers/storage/drivers/zfs/zfs.go b/vendor/github.com/containers/storage/drivers/zfs/zfs.go index cb4424f2d..4e27a0a6f 100644 --- a/vendor/github.com/containers/storage/drivers/zfs/zfs.go +++ b/vendor/github.com/containers/storage/drivers/zfs/zfs.go @@ -52,7 +52,7 @@ func Init(base string, opt []string, uidMaps, gidMaps []idtools.IDMap) (graphdri return nil, errors.Wrap(graphdriver.ErrPrerequisites, "the 'zfs' command is not available") } - file, err := os.OpenFile("/dev/zfs", os.O_RDWR, 600) + file, err := os.OpenFile("/dev/zfs", os.O_RDWR, 0600) if err != nil { logrus.Debugf("[zfs] cannot open /dev/zfs: %v", err) return nil, errors.Wrapf(graphdriver.ErrPrerequisites, "could not open /dev/zfs: %v", err) diff --git a/vendor/github.com/containers/storage/layers.go b/vendor/github.com/containers/storage/layers.go index 1275ab47c..6c8f59b8b 100644 --- a/vendor/github.com/containers/storage/layers.go +++ b/vendor/github.com/containers/storage/layers.go @@ -542,8 +542,8 @@ func (r *layerStore) Put(id string, parentLayer *Layer, names []string, mountLab _, idInUse = r.byid[id] } } - if _, idInUse := r.byid[id]; idInUse { - return nil, -1, ErrDuplicateID + if duplicateLayer, idInUse := r.byid[id]; idInUse { + return duplicateLayer, -1, ErrDuplicateID } names = dedupeNames(names) for _, name := range names { @@ -841,8 +841,12 @@ func (r *layerStore) Delete(id string) error { return ErrLayerUnknown } id = layer.ID - if _, err := r.Unmount(id, true); err != nil { - return err + // This check is needed for idempotency of delete where the layer could have been + // already unmounted (since c/storage gives you that API directly) + for layer.MountCount > 0 { + if _, err := r.Unmount(id, false); err != nil { + return err + } } err := r.driver.Remove(id) if err == nil { diff --git a/vendor/github.com/containers/storage/pkg/archive/example_changes.go b/vendor/github.com/containers/storage/pkg/archive/example_changes.go deleted file mode 100644 index 70f9c5564..000000000 --- a/vendor/github.com/containers/storage/pkg/archive/example_changes.go +++ /dev/null @@ -1,97 +0,0 @@ -// +build ignore - -// Simple tool to create an archive stream from an old and new directory -// -// By default it will stream the comparison of two temporary directories with junk files -package main - -import ( - "flag" - "fmt" - "io" - "io/ioutil" - "os" - "path" - - "github.com/containers/storage/pkg/archive" - "github.com/sirupsen/logrus" -) - -var ( - flDebug = flag.Bool("D", false, "debugging output") - flNewDir = flag.String("newdir", "", "") - flOldDir = flag.String("olddir", "", "") - log = logrus.New() -) - -func main() { - flag.Usage = func() { - fmt.Println("Produce a tar from comparing two directory paths. By default a demo tar is created of around 200 files (including hardlinks)") - fmt.Printf("%s [OPTIONS]\n", os.Args[0]) - flag.PrintDefaults() - } - flag.Parse() - log.Out = os.Stderr - if (len(os.Getenv("DEBUG")) > 0) || *flDebug { - logrus.SetLevel(logrus.DebugLevel) - } - var newDir, oldDir string - - if len(*flNewDir) == 0 { - var err error - newDir, err = ioutil.TempDir("", "storage-test-newDir") - if err != nil { - log.Fatal(err) - } - defer os.RemoveAll(newDir) - if _, err := prepareUntarSourceDirectory(100, newDir, true); err != nil { - log.Fatal(err) - } - } else { - newDir = *flNewDir - } - - if len(*flOldDir) == 0 { - oldDir, err := ioutil.TempDir("", "storage-test-oldDir") - if err != nil { - log.Fatal(err) - } - defer os.RemoveAll(oldDir) - } else { - oldDir = *flOldDir - } - - changes, err := archive.ChangesDirs(newDir, oldDir) - if err != nil { - log.Fatal(err) - } - - a, err := archive.ExportChanges(newDir, changes) - if err != nil { - log.Fatal(err) - } - defer a.Close() - - i, err := io.Copy(os.Stdout, a) - if err != nil && err != io.EOF { - log.Fatal(err) - } - fmt.Fprintf(os.Stderr, "wrote archive of %d bytes", i) -} - -func prepareUntarSourceDirectory(numberOfFiles int, targetPath string, makeLinks bool) (int, error) { - fileData := []byte("fooo") - for n := 0; n < numberOfFiles; n++ { - fileName := fmt.Sprintf("file-%d", n) - if err := ioutil.WriteFile(path.Join(targetPath, fileName), fileData, 0700); err != nil { - return 0, err - } - if makeLinks { - if err := os.Link(path.Join(targetPath, fileName), path.Join(targetPath, fileName+"-link")); err != nil { - return 0, err - } - } - } - totalSize := numberOfFiles * len(fileData) - return totalSize, nil -} diff --git a/vendor/github.com/containers/storage/pkg/idtools/parser.go b/vendor/github.com/containers/storage/pkg/idtools/parser.go new file mode 100644 index 000000000..9b76395c2 --- /dev/null +++ b/vendor/github.com/containers/storage/pkg/idtools/parser.go @@ -0,0 +1,56 @@ +package idtools + +import ( + "fmt" + "strconv" + "strings" +) + +func nonDigitsToWhitespace(r rune) rune { + if !strings.ContainsRune("0123456789", r) { + return ' ' + } + return r +} + +func parseTriple(spec []string) (container, host, size uint32, err error) { + cid, err := strconv.ParseUint(spec[0], 10, 32) + if err != nil { + return 0, 0, 0, fmt.Errorf("error parsing id map value %q: %v", spec[0], err) + } + hid, err := strconv.ParseUint(spec[1], 10, 32) + if err != nil { + return 0, 0, 0, fmt.Errorf("error parsing id map value %q: %v", spec[1], err) + } + sz, err := strconv.ParseUint(spec[2], 10, 32) + if err != nil { + return 0, 0, 0, fmt.Errorf("error parsing id map value %q: %v", spec[2], err) + } + return uint32(cid), uint32(hid), uint32(sz), nil +} + +// ParseIDMap parses idmap triples from string. +func ParseIDMap(idMapSpec, mapSetting string) (idmap []IDMap, err error) { + if len(idMapSpec) > 0 { + idSpec := strings.Fields(strings.Map(nonDigitsToWhitespace, idMapSpec)) + if len(idSpec)%3 != 0 { + return nil, fmt.Errorf("error initializing ID mappings: %s setting is malformed", mapSetting) + } + for i := range idSpec { + if i%3 != 0 { + continue + } + cid, hid, size, err := parseTriple(idSpec[i : i+3]) + if err != nil { + return nil, fmt.Errorf("error initializing ID mappings: %s setting is malformed", mapSetting) + } + mapping := IDMap{ + ContainerID: int(cid), + HostID: int(hid), + Size: int(size), + } + idmap = append(idmap, mapping) + } + } + return idmap, nil +} diff --git a/vendor/github.com/containers/storage/store.go b/vendor/github.com/containers/storage/store.go index 7eaa82910..dfc30c43f 100644 --- a/vendor/github.com/containers/storage/store.go +++ b/vendor/github.com/containers/storage/store.go @@ -8,7 +8,6 @@ import ( "os" "path/filepath" "reflect" - "strconv" "strings" "sync" "time" @@ -1069,7 +1068,7 @@ func (s *store) imageTopLayerForMapping(image *Image, ristore ROImageStore, read } mappedLayer, _, err := rlstore.Put("", parentLayer, nil, layer.MountLabel, nil, &layerOptions, false, nil, rc) if err != nil { - return nil, errors.Wrapf(err, "error creating ID-mapped copy of layer %q") + return nil, errors.Wrapf(err, "error creating ID-mapped copy of layer %q", parentLayer.ID) } if err = istore.addMappedTopLayer(image.ID, mappedLayer.ID); err != nil { if err2 := rlstore.Delete(mappedLayer.ID); err2 != nil { @@ -3203,56 +3202,19 @@ func ReloadConfigurationFile(configFile string, storeOptions *StoreOptions) { storeOptions.UIDMap = mappings.UIDs() storeOptions.GIDMap = mappings.GIDs() } - nonDigitsToWhitespace := func(r rune) rune { - if strings.IndexRune("0123456789", r) == -1 { - return ' ' - } else { - return r - } - } - parseTriple := func(spec []string) (container, host, size uint32, err error) { - cid, err := strconv.ParseUint(spec[0], 10, 32) - if err != nil { - return 0, 0, 0, fmt.Errorf("error parsing id map value %q: %v", spec[0], err) - } - hid, err := strconv.ParseUint(spec[1], 10, 32) - if err != nil { - return 0, 0, 0, fmt.Errorf("error parsing id map value %q: %v", spec[1], err) - } - sz, err := strconv.ParseUint(spec[2], 10, 32) - if err != nil { - return 0, 0, 0, fmt.Errorf("error parsing id map value %q: %v", spec[2], err) - } - return uint32(cid), uint32(hid), uint32(sz), nil + + uidmap, err := idtools.ParseIDMap(config.Storage.Options.RemapUIDs, "remap-uids") + if err != nil { + fmt.Print(err) + } else { + storeOptions.UIDMap = append(storeOptions.UIDMap, uidmap...) } - parseIDMap := func(idMapSpec, mapSetting string) (idmap []idtools.IDMap) { - if len(idMapSpec) > 0 { - idSpec := strings.Fields(strings.Map(nonDigitsToWhitespace, idMapSpec)) - if len(idSpec)%3 != 0 { - fmt.Printf("Error initializing ID mappings: %s setting is malformed.\n", mapSetting) - return nil - } - for i := range idSpec { - if i%3 != 0 { - continue - } - cid, hid, size, err := parseTriple(idSpec[i : i+3]) - if err != nil { - fmt.Printf("Error initializing ID mappings: %s setting is malformed.\n", mapSetting) - return nil - } - mapping := idtools.IDMap{ - ContainerID: int(cid), - HostID: int(hid), - Size: int(size), - } - idmap = append(idmap, mapping) - } - } - return idmap + gidmap, err := idtools.ParseIDMap(config.Storage.Options.RemapGIDs, "remap-gids") + if err != nil { + fmt.Print(err) + } else { + storeOptions.GIDMap = append(storeOptions.GIDMap, gidmap...) } - storeOptions.UIDMap = append(storeOptions.UIDMap, parseIDMap(config.Storage.Options.RemapUIDs, "remap-uids")...) - storeOptions.GIDMap = append(storeOptions.GIDMap, parseIDMap(config.Storage.Options.RemapGIDs, "remap-gids")...) if os.Getenv("STORAGE_DRIVER") != "" { storeOptions.GraphDriverName = os.Getenv("STORAGE_DRIVER") } diff --git a/vendor/github.com/containers/storage/vendor.conf b/vendor/github.com/containers/storage/vendor.conf index 2276d5531..059ae94f0 100644 --- a/vendor/github.com/containers/storage/vendor.conf +++ b/vendor/github.com/containers/storage/vendor.conf @@ -2,13 +2,14 @@ github.com/BurntSushi/toml master github.com/Microsoft/go-winio 307e919c663683a9000576fdc855acaf9534c165 github.com/Microsoft/hcsshim a8d9cc56cbce765a7eebdf4792e6ceceeff3edb8 github.com/davecgh/go-spew 346938d642f2ec3594ed81d874461961cd0faa76 -github.com/docker/engine-api 4290f40c056686fcaa5c9caf02eac1dde9315adf +github.com/docker/docker 86f080cff0914e9694068ed78d503701667c4c00 github.com/docker/go-units 0dadbb0345b35ec7ef35e228dabb8de89a65bf52 github.com/mattn/go-shellwords 753a2322a99f87c0eff284980e77f53041555bc6 github.com/mistifyio/go-zfs c0224de804d438efd11ea6e52ada8014537d6062 github.com/opencontainers/go-digest master github.com/opencontainers/runc 6c22e77604689db8725fa866f0f2ec0b3e8c3a07 github.com/opencontainers/selinux 36a9bc45a08c85f2c52bd9eb32e20267876773bd +github.com/ostreedev/ostree-go aeb02c6b6aa2889db3ef62f7855650755befd460 github.com/pborman/uuid 1b00554d822231195d1babd97ff4a781231955c9 github.com/pkg/errors master github.com/pmezard/go-difflib v1.0.0 @@ -20,4 +21,3 @@ github.com/tchap/go-patricia v2.2.6 github.com/vbatts/tar-split v0.10.2 golang.org/x/net 7dcfb8076726a3fdd9353b6b8a1f1b6be6811bd6 golang.org/x/sys 07c182904dbd53199946ba614a412c61d3c548f5 -github.com/ostreedev/ostree-go aeb02c6b6aa2889db3ef62f7855650755befd460 diff --git a/vendor/github.com/ostreedev/ostree-go/pkg/otadmin/admin.go b/vendor/github.com/ostreedev/ostree-go/pkg/otadmin/admin.go deleted file mode 100644 index e69de29bb..000000000 --- a/vendor/github.com/ostreedev/ostree-go/pkg/otadmin/admin.go +++ /dev/null diff --git a/vendor/github.com/ostreedev/ostree-go/pkg/otadmin/admin.go.h b/vendor/github.com/ostreedev/ostree-go/pkg/otadmin/admin.go.h deleted file mode 100644 index e69de29bb..000000000 --- a/vendor/github.com/ostreedev/ostree-go/pkg/otadmin/admin.go.h +++ /dev/null diff --git a/vendor/github.com/ostreedev/ostree-go/pkg/otadmin/admincleanup.go b/vendor/github.com/ostreedev/ostree-go/pkg/otadmin/admincleanup.go deleted file mode 100644 index e69de29bb..000000000 --- a/vendor/github.com/ostreedev/ostree-go/pkg/otadmin/admincleanup.go +++ /dev/null diff --git a/vendor/github.com/ostreedev/ostree-go/pkg/otadmin/admindeploy.go b/vendor/github.com/ostreedev/ostree-go/pkg/otadmin/admindeploy.go deleted file mode 100644 index e69de29bb..000000000 --- a/vendor/github.com/ostreedev/ostree-go/pkg/otadmin/admindeploy.go +++ /dev/null diff --git a/vendor/github.com/ostreedev/ostree-go/pkg/otadmin/admindiff.go b/vendor/github.com/ostreedev/ostree-go/pkg/otadmin/admindiff.go deleted file mode 100644 index e69de29bb..000000000 --- a/vendor/github.com/ostreedev/ostree-go/pkg/otadmin/admindiff.go +++ /dev/null diff --git a/vendor/github.com/ostreedev/ostree-go/pkg/otadmin/admininit.go b/vendor/github.com/ostreedev/ostree-go/pkg/otadmin/admininit.go deleted file mode 100644 index e69de29bb..000000000 --- a/vendor/github.com/ostreedev/ostree-go/pkg/otadmin/admininit.go +++ /dev/null diff --git a/vendor/github.com/ostreedev/ostree-go/pkg/otadmin/admininstutil.go b/vendor/github.com/ostreedev/ostree-go/pkg/otadmin/admininstutil.go deleted file mode 100644 index e69de29bb..000000000 --- a/vendor/github.com/ostreedev/ostree-go/pkg/otadmin/admininstutil.go +++ /dev/null diff --git a/vendor/github.com/ostreedev/ostree-go/pkg/otadmin/adminosinit.go b/vendor/github.com/ostreedev/ostree-go/pkg/otadmin/adminosinit.go deleted file mode 100644 index e69de29bb..000000000 --- a/vendor/github.com/ostreedev/ostree-go/pkg/otadmin/adminosinit.go +++ /dev/null diff --git a/vendor/github.com/ostreedev/ostree-go/pkg/otadmin/adminsetorigin.go b/vendor/github.com/ostreedev/ostree-go/pkg/otadmin/adminsetorigin.go deleted file mode 100644 index e69de29bb..000000000 --- a/vendor/github.com/ostreedev/ostree-go/pkg/otadmin/adminsetorigin.go +++ /dev/null diff --git a/vendor/github.com/ostreedev/ostree-go/pkg/otadmin/adminstatus.go b/vendor/github.com/ostreedev/ostree-go/pkg/otadmin/adminstatus.go deleted file mode 100644 index e69de29bb..000000000 --- a/vendor/github.com/ostreedev/ostree-go/pkg/otadmin/adminstatus.go +++ /dev/null diff --git a/vendor/github.com/ostreedev/ostree-go/pkg/otadmin/adminswitch.go b/vendor/github.com/ostreedev/ostree-go/pkg/otadmin/adminswitch.go deleted file mode 100644 index e69de29bb..000000000 --- a/vendor/github.com/ostreedev/ostree-go/pkg/otadmin/adminswitch.go +++ /dev/null diff --git a/vendor/github.com/ostreedev/ostree-go/pkg/otadmin/adminundeploy.go b/vendor/github.com/ostreedev/ostree-go/pkg/otadmin/adminundeploy.go deleted file mode 100644 index e69de29bb..000000000 --- a/vendor/github.com/ostreedev/ostree-go/pkg/otadmin/adminundeploy.go +++ /dev/null diff --git a/vendor/github.com/ostreedev/ostree-go/pkg/otadmin/adminunlock.go b/vendor/github.com/ostreedev/ostree-go/pkg/otadmin/adminunlock.go deleted file mode 100644 index e69de29bb..000000000 --- a/vendor/github.com/ostreedev/ostree-go/pkg/otadmin/adminunlock.go +++ /dev/null diff --git a/vendor/github.com/ostreedev/ostree-go/pkg/otadmin/adminupgrade.go b/vendor/github.com/ostreedev/ostree-go/pkg/otadmin/adminupgrade.go deleted file mode 100644 index e69de29bb..000000000 --- a/vendor/github.com/ostreedev/ostree-go/pkg/otadmin/adminupgrade.go +++ /dev/null diff --git a/vendor/github.com/ostreedev/ostree-go/pkg/otbuiltin/builtin.go b/vendor/github.com/ostreedev/ostree-go/pkg/otbuiltin/builtin.go index d3a8ae5fd..24822b2b7 100644 --- a/vendor/github.com/ostreedev/ostree-go/pkg/otbuiltin/builtin.go +++ b/vendor/github.com/ostreedev/ostree-go/pkg/otbuiltin/builtin.go @@ -18,76 +18,102 @@ import ( // #include "builtin.go.h" import "C" +// Repo represents a local ostree repository type Repo struct { - //*glib.GObject ptr unsafe.Pointer } -// Converts an ostree repo struct to its C equivalent +// isInitialized checks if the repo has been initialized +func (r *Repo) isInitialized() bool { + if r == nil || r.ptr == nil { + return false + } + return true +} + +// native converts an ostree repo struct to its C equivalent func (r *Repo) native() *C.OstreeRepo { - //return (*C.OstreeRepo)(r.Ptr()) + if !r.isInitialized() { + return nil + } return (*C.OstreeRepo)(r.ptr) } -// Takes a C ostree repo and converts it to a Go struct -func repoFromNative(p *C.OstreeRepo) *Repo { - if p == nil { +// repoFromNative takes a C ostree repo and converts it to a Go struct +func repoFromNative(or *C.OstreeRepo) *Repo { + if or == nil { return nil } - //o := (*glib.GObject)(unsafe.Pointer(p)) - //r := &Repo{o} - r := &Repo{unsafe.Pointer(p)} + r := &Repo{unsafe.Pointer(or)} return r } -// Checks if the repo has been initialized -func (r *Repo) isInitialized() bool { - if r.ptr != nil { - return true +// OpenRepo attempts to open the repo at the given path +func OpenRepo(path string) (*Repo, error) { + if path == "" { + return nil, errors.New("empty path") } - return false -} -// Attempts to open the repo at the given path -func OpenRepo(path string) (*Repo, error) { - var cerr *C.GError = nil cpath := C.CString(path) - pathc := C.g_file_new_for_path(cpath) - defer C.g_object_unref(C.gpointer(pathc)) - crepo := C.ostree_repo_new(pathc) + defer C.free(unsafe.Pointer(cpath)) + repoPath := C.g_file_new_for_path(cpath) + defer C.g_object_unref(C.gpointer(repoPath)) + crepo := C.ostree_repo_new(repoPath) repo := repoFromNative(crepo) + + var cerr *C.GError r := glib.GoBool(glib.GBoolean(C.ostree_repo_open(crepo, nil, &cerr))) if !r { return nil, generateError(cerr) } + return repo, nil } -// Enable support for tombstone commits, which allow the repo to distinguish between -// commits that were intentionally deleted and commits that were removed accidentally -func enableTombstoneCommits(repo *Repo) error { - var tombstoneCommits bool - var config *C.GKeyFile = C.ostree_repo_get_config(repo.native()) - var cerr *C.GError +// enableTombstoneCommits enables support for tombstone commits. +// +// This allows to distinguish between intentional deletions and accidental removals +// of commits. +func (r *Repo) enableTombstoneCommits() error { + if !r.isInitialized() { + return errors.New("repo not initialized") + } - tombstoneCommits = glib.GoBool(glib.GBoolean(C.g_key_file_get_boolean(config, (*C.gchar)(C.CString("core")), (*C.gchar)(C.CString("tombstone-commits")), nil))) + config := C.ostree_repo_get_config(r.native()) + groupC := C.CString("core") + defer C.free(unsafe.Pointer(groupC)) + keyC := C.CString("tombstone-commits") + defer C.free(unsafe.Pointer(keyC)) + valueC := C.g_key_file_get_boolean(config, (*C.gchar)(groupC), (*C.gchar)(keyC), nil) + tombstoneCommits := glib.GoBool(glib.GBoolean(valueC)) - //tombstoneCommits is false only if it really is false or if it is set to FALSE in the config file + // tombstoneCommits is false only if it really is false or if it is set to FALSE in the config file if !tombstoneCommits { - C.g_key_file_set_boolean(config, (*C.gchar)(C.CString("core")), (*C.gchar)(C.CString("tombstone-commits")), C.TRUE) - if !glib.GoBool(glib.GBoolean(C.ostree_repo_write_config(repo.native(), config, &cerr))) { + var cerr *C.GError + C.g_key_file_set_boolean(config, (*C.gchar)(groupC), (*C.gchar)(keyC), C.TRUE) + if !glib.GoBool(glib.GBoolean(C.ostree_repo_write_config(r.native(), config, &cerr))) { return generateError(cerr) } } return nil } +// generateError wraps a GLib error into a Go one. func generateError(err *C.GError) error { + if err == nil { + return errors.New("nil GError") + } + goErr := glib.ConvertGError(glib.ToGError(unsafe.Pointer(err))) _, file, line, ok := runtime.Caller(1) if ok { - return errors.New(fmt.Sprintf("%s:%d - %s", file, line, goErr)) - } else { - return goErr + return fmt.Errorf("%s:%d - %s", file, line, goErr) } + return goErr +} + +// isOk wraps a return value (gboolean/gint) into a bool. +// 0 is false/error, everything else is true/ok. +func isOk(v C.int) bool { + return glib.GoBool(glib.GBoolean(v)) } diff --git a/vendor/github.com/ostreedev/ostree-go/pkg/otbuiltin/builtin.go.h b/vendor/github.com/ostreedev/ostree-go/pkg/otbuiltin/builtin.go.h index 734de9821..76171554d 100644 --- a/vendor/github.com/ostreedev/ostree-go/pkg/otbuiltin/builtin.go.h +++ b/vendor/github.com/ostreedev/ostree-go/pkg/otbuiltin/builtin.go.h @@ -33,24 +33,12 @@ _ostree_repo_file(GFile *file) return OSTREE_REPO_FILE (file); } -static guint -_gpointer_to_uint (gpointer ptr) -{ - return GPOINTER_TO_UINT (ptr); -} - static gpointer _guint_to_pointer (guint u) { return GUINT_TO_POINTER (u); } -static void -_g_clear_object (volatile GObject **object_ptr) -{ - g_clear_object(object_ptr); -} - static const GVariantType* _g_variant_type (char *type) { diff --git a/vendor/github.com/ostreedev/ostree-go/pkg/otbuiltin/cat.go b/vendor/github.com/ostreedev/ostree-go/pkg/otbuiltin/cat.go deleted file mode 100644 index d43ea07c7..000000000 --- a/vendor/github.com/ostreedev/ostree-go/pkg/otbuiltin/cat.go +++ /dev/null @@ -1 +0,0 @@ -package otbuiltin diff --git a/vendor/github.com/ostreedev/ostree-go/pkg/otbuiltin/checkout.go b/vendor/github.com/ostreedev/ostree-go/pkg/otbuiltin/checkout.go index 55b51bfbd..04ada1792 100644 --- a/vendor/github.com/ostreedev/ostree-go/pkg/otbuiltin/checkout.go +++ b/vendor/github.com/ostreedev/ostree-go/pkg/otbuiltin/checkout.go @@ -1,7 +1,7 @@ package otbuiltin import ( - "strings" + "errors" "unsafe" glib "github.com/ostreedev/ostree-go/pkg/glibobject" @@ -14,34 +14,42 @@ import ( // #include "builtin.go.h" import "C" -// Global variable for options -var checkoutOpts checkoutOptions - -// Contains all of the options for checking commits out of -// an ostree repo +// checkoutOptions defines all of the options for checking commits +// out of an ostree repo +// +// Note: while this is private, fields are public and part of the API. type checkoutOptions struct { - UserMode bool // Do not change file ownership or initialize extended attributes - Union bool // Keep existing directories and unchanged files, overwriting existing filesystem - AllowNoent bool // Do nothing if the specified filepath does not exist - DisableCache bool // Do not update or use the internal repository uncompressed object caceh - Whiteouts bool // Process 'whiteout' (docker style) entries - RequireHardlinks bool // Do not fall back to full copies if hard linking fails - Subpath string // Checkout sub-directory path - FromFile string // Process many checkouts from the given file + // UserMode defines whether to checkout a repo in `bare-user` mode + UserMode bool + // Union specifies whether to overwrite existing filesystem entries + Union bool + // AllowNoEnt defines whether to skip filepaths that do not exist + AllowNoent bool + // DisableCache defines whether to disable internal repository uncompressed object cache + DisableCache bool + // Whiteouts defines whether to Process 'whiteout' (docker style) entries + Whiteouts bool + // RequireHardlinks defines whether to fall back to full copies if hard linking fails + RequireHardlinks bool + // SubPath specifies a sub-directory to use for checkout + Subpath string + // FromFile specifies an optional file containing many checkouts to process + FromFile string } -// Instantiates and returns a checkoutOptions struct with default values set +// NewCheckoutOptions instantiates and returns a checkoutOptions struct with default values set func NewCheckoutOptions() checkoutOptions { return checkoutOptions{} } -// Checks out a commit with the given ref from a repository at the location of repo path to to the destination. Returns an error if the checkout could not be processed -func Checkout(repoPath, destination, commit string, opts checkoutOptions) error { - checkoutOpts = opts - +// Checkout checks out commit `commitRef` from a repository at `repoPath`, +// writing it to `destination`. Returns an error if the checkout could not be processed. +func Checkout(repoPath, destination, commitRef string, opts checkoutOptions) error { var cancellable *glib.GCancellable - ccommit := C.CString(commit) + + ccommit := C.CString(commitRef) defer C.free(unsafe.Pointer(ccommit)) + var gerr = glib.NewGError() cerr := (*C.GError)(gerr.Ptr()) defer C.free(unsafe.Pointer(cerr)) @@ -53,50 +61,48 @@ func Checkout(repoPath, destination, commit string, opts checkoutOptions) error return generateError(cerr) } - if strings.Compare(checkoutOpts.FromFile, "") != 0 { - err := processManyCheckouts(crepo, destination, cancellable) - if err != nil { - return err - } - } else { - var resolvedCommit *C.char - defer C.free(unsafe.Pointer(resolvedCommit)) - if !glib.GoBool(glib.GBoolean(C.ostree_repo_resolve_rev(crepo, ccommit, C.FALSE, &resolvedCommit, &cerr))) { - return generateError(cerr) - } - err := processOneCheckout(crepo, resolvedCommit, checkoutOpts.Subpath, destination, cancellable) - if err != nil { - return err - } + // Multiple checkouts to process + if opts.FromFile != "" { + return processManyCheckouts(crepo, destination, cancellable) } - return nil + + // Simple single checkout + var resolvedCommit *C.char + defer C.free(unsafe.Pointer(resolvedCommit)) + if !glib.GoBool(glib.GBoolean(C.ostree_repo_resolve_rev(crepo, ccommit, C.FALSE, &resolvedCommit, &cerr))) { + return generateError(cerr) + } + + return processOneCheckout(crepo, resolvedCommit, destination, opts, cancellable) } -// Processes one checkout from the repo -func processOneCheckout(crepo *C.OstreeRepo, resolvedCommit *C.char, subpath, destination string, cancellable *glib.GCancellable) error { +// processOneCheckout processes one checkout from the repo +func processOneCheckout(crepo *C.OstreeRepo, resolvedCommit *C.char, destination string, opts checkoutOptions, cancellable *glib.GCancellable) error { cdest := C.CString(destination) defer C.free(unsafe.Pointer(cdest)) + var gerr = glib.NewGError() cerr := (*C.GError)(gerr.Ptr()) defer C.free(unsafe.Pointer(cerr)) - var repoCheckoutAtOptions C.OstreeRepoCheckoutAtOptions - if checkoutOpts.UserMode { + // Process options into bitflags + var repoCheckoutAtOptions C.OstreeRepoCheckoutAtOptions + if opts.UserMode { repoCheckoutAtOptions.mode = C.OSTREE_REPO_CHECKOUT_MODE_USER } - if checkoutOpts.Union { + if opts.Union { repoCheckoutAtOptions.overwrite_mode = C.OSTREE_REPO_CHECKOUT_OVERWRITE_UNION_FILES } - checkedOut := glib.GoBool(glib.GBoolean(C.ostree_repo_checkout_at(crepo, &repoCheckoutAtOptions, C._at_fdcwd(), cdest, resolvedCommit, nil, &cerr))) - if !checkedOut { + // Checkout commit to destination + if !glib.GoBool(glib.GBoolean(C.ostree_repo_checkout_at(crepo, &repoCheckoutAtOptions, C._at_fdcwd(), cdest, resolvedCommit, nil, &cerr))) { return generateError(cerr) } return nil } -// process many checkouts +// processManyCheckouts processes many checkouts in a single batch func processManyCheckouts(crepo *C.OstreeRepo, target string, cancellable *glib.GCancellable) error { - return nil + return errors.New("batch checkouts processing: not implemented") } diff --git a/vendor/github.com/ostreedev/ostree-go/pkg/otbuiltin/checksum.go b/vendor/github.com/ostreedev/ostree-go/pkg/otbuiltin/checksum.go deleted file mode 100644 index d43ea07c7..000000000 --- a/vendor/github.com/ostreedev/ostree-go/pkg/otbuiltin/checksum.go +++ /dev/null @@ -1 +0,0 @@ -package otbuiltin diff --git a/vendor/github.com/ostreedev/ostree-go/pkg/otbuiltin/commit.go b/vendor/github.com/ostreedev/ostree-go/pkg/otbuiltin/commit.go index 9550f802c..ccaff7a10 100644 --- a/vendor/github.com/ostreedev/ostree-go/pkg/otbuiltin/commit.go +++ b/vendor/github.com/ostreedev/ostree-go/pkg/otbuiltin/commit.go @@ -59,11 +59,11 @@ func NewCommitOptions() commitOptions { } type OstreeRepoTransactionStats struct { - metadata_objects_total int32 + metadata_objects_total int32 metadata_objects_written int32 - content_objects_total int32 - content_objects_written int32 - content_bytes_written uint64 + content_objects_total int32 + content_objects_written int32 + content_bytes_written uint64 } func (repo *Repo) PrepareTransaction() (bool, error) { @@ -125,6 +125,7 @@ func (repo *Repo) RegenerateSummary() error { // Commits a directory, specified by commitPath, to an ostree repo as a given branch func (repo *Repo) Commit(commitPath, branch string, opts commitOptions) (string, error) { + // TODO(lucab): `options` is global un-synchronized mutable state, get rid of it. options = opts var err error @@ -140,7 +141,7 @@ func (repo *Repo) Commit(commitPath, branch string, opts commitOptions) (string, var cerr *C.GError defer C.free(unsafe.Pointer(cerr)) var metadata *C.GVariant = nil - defer func(){ + defer func() { if metadata != nil { defer C.g_variant_unref(metadata) } @@ -196,7 +197,7 @@ func (repo *Repo) Commit(commitPath, branch string, opts commitOptions) (string, } if options.AddDetachedMetadataString != nil { - _, err := parseKeyValueStrings(options.AddDetachedMetadataString) + _, err = parseKeyValueStrings(options.AddDetachedMetadataString) if err != nil { goto out } @@ -476,7 +477,7 @@ func handleStatOverrideLine(line string, table *glib.GHashTable) error { // Handle an individual line from a Skiplist file func handleSkipListline(line string, table *glib.GHashTable) error { - C.g_hash_table_add((*C.GHashTable)(table.Ptr()), C.gpointer( C.g_strdup((*C.gchar)(C.CString(line))))) + C.g_hash_table_add((*C.GHashTable)(table.Ptr()), C.gpointer(C.g_strdup((*C.gchar)(C.CString(line))))) return nil } diff --git a/vendor/github.com/ostreedev/ostree-go/pkg/otbuiltin/config.go b/vendor/github.com/ostreedev/ostree-go/pkg/otbuiltin/config.go deleted file mode 100644 index d43ea07c7..000000000 --- a/vendor/github.com/ostreedev/ostree-go/pkg/otbuiltin/config.go +++ /dev/null @@ -1 +0,0 @@ -package otbuiltin diff --git a/vendor/github.com/ostreedev/ostree-go/pkg/otbuiltin/diff.go b/vendor/github.com/ostreedev/ostree-go/pkg/otbuiltin/diff.go deleted file mode 100644 index d43ea07c7..000000000 --- a/vendor/github.com/ostreedev/ostree-go/pkg/otbuiltin/diff.go +++ /dev/null @@ -1 +0,0 @@ -package otbuiltin diff --git a/vendor/github.com/ostreedev/ostree-go/pkg/otbuiltin/export.go b/vendor/github.com/ostreedev/ostree-go/pkg/otbuiltin/export.go deleted file mode 100644 index d43ea07c7..000000000 --- a/vendor/github.com/ostreedev/ostree-go/pkg/otbuiltin/export.go +++ /dev/null @@ -1 +0,0 @@ -package otbuiltin diff --git a/vendor/github.com/ostreedev/ostree-go/pkg/otbuiltin/fsck.go b/vendor/github.com/ostreedev/ostree-go/pkg/otbuiltin/fsck.go deleted file mode 100644 index d43ea07c7..000000000 --- a/vendor/github.com/ostreedev/ostree-go/pkg/otbuiltin/fsck.go +++ /dev/null @@ -1 +0,0 @@ -package otbuiltin diff --git a/vendor/github.com/ostreedev/ostree-go/pkg/otbuiltin/gpgsign.go b/vendor/github.com/ostreedev/ostree-go/pkg/otbuiltin/gpgsign.go deleted file mode 100644 index d43ea07c7..000000000 --- a/vendor/github.com/ostreedev/ostree-go/pkg/otbuiltin/gpgsign.go +++ /dev/null @@ -1 +0,0 @@ -package otbuiltin diff --git a/vendor/github.com/ostreedev/ostree-go/pkg/otbuiltin/init.go b/vendor/github.com/ostreedev/ostree-go/pkg/otbuiltin/init.go index c1ca2dc7e..6ee6671b4 100644 --- a/vendor/github.com/ostreedev/ostree-go/pkg/otbuiltin/init.go +++ b/vendor/github.com/ostreedev/ostree-go/pkg/otbuiltin/init.go @@ -1,11 +1,8 @@ package otbuiltin import ( - "errors" "strings" "unsafe" - - glib "github.com/ostreedev/ostree-go/pkg/glibobject" ) // #cgo pkg-config: ostree-1 @@ -15,43 +12,37 @@ import ( // #include "builtin.go.h" import "C" -// Declare variables for options -var initOpts initOptions - -// Contains all of the options for initializing an ostree repo +// initOptions contains all of the options for initializing an ostree repo +// +// Note: while this is private, exported fields are public and part of the API. type initOptions struct { - Mode string // either bare, archive-z2, or bare-user - - repoMode C.OstreeRepoMode + // Mode defines repository mode: either bare, archive-z2, or bare-user + Mode string } -// Instantiates and returns an initOptions struct with default values set +// NewInitOptions instantiates and returns an initOptions struct with default values set func NewInitOptions() initOptions { - io := initOptions{} - io.Mode = "bare" - io.repoMode = C.OSTREE_REPO_MODE_BARE - return io + return initOptions{ + Mode: "bare", + } } -// Initializes a new ostree repository at the given path. Returns true +// Init initializes a new ostree repository at the given path. Returns true // if the repo exists at the location, regardless of whether it was initialized // by the function or if it already existed. Returns an error if the repo could // not be initialized func Init(path string, options initOptions) (bool, error) { - initOpts = options - err := parseMode() + repoMode, err := parseRepoMode(options.Mode) if err != nil { return false, err } // Create a repo struct from the path - var cerr *C.GError - defer C.free(unsafe.Pointer(cerr)) cpath := C.CString(path) defer C.free(unsafe.Pointer(cpath)) pathc := C.g_file_new_for_path(cpath) defer C.g_object_unref(C.gpointer(pathc)) - crepo := C.ostree_repo_new(pathc) + repo := C.ostree_repo_new(pathc) // If the repo exists in the filesystem, return an error but set exists to true /* var exists C.gboolean = 0 @@ -63,28 +54,31 @@ func Init(path string, options initOptions) (bool, error) { return false, generateError(cerr) }*/ - cerr = nil - created := glib.GoBool(glib.GBoolean(C.ostree_repo_create(crepo, initOpts.repoMode, nil, &cerr))) - if !created { - errString := generateError(cerr).Error() - if strings.Contains(errString, "File exists") { - return true, generateError(cerr) + var cErr *C.GError + defer C.free(unsafe.Pointer(cErr)) + if r := C.ostree_repo_create(repo, repoMode, nil, &cErr); !isOk(r) { + err := generateError(cErr) + if strings.Contains(err.Error(), "File exists") { + return true, err } - return false, generateError(cerr) + return false, err } return true, nil } -// Converts the mode string to a C.OSTREE_REPO_MODE enum value -func parseMode() error { - if strings.EqualFold(initOpts.Mode, "bare") { - initOpts.repoMode = C.OSTREE_REPO_MODE_BARE - } else if strings.EqualFold(initOpts.Mode, "bare-user") { - initOpts.repoMode = C.OSTREE_REPO_MODE_BARE_USER - } else if strings.EqualFold(initOpts.Mode, "archive-z2") { - initOpts.repoMode = C.OSTREE_REPO_MODE_ARCHIVE_Z2 - } else { - return errors.New("Invalid option for mode") +// parseRepoMode converts a mode string to a C.OSTREE_REPO_MODE enum value +func parseRepoMode(modeLabel string) (C.OstreeRepoMode, error) { + var cErr *C.GError + defer C.free(unsafe.Pointer(cErr)) + + cModeLabel := C.CString(modeLabel) + defer C.free(unsafe.Pointer(cModeLabel)) + + var retMode C.OstreeRepoMode + if r := C.ostree_repo_mode_from_string(cModeLabel, &retMode, &cErr); !isOk(r) { + // NOTE(lucab): zero-value for this C enum has no special/invalid meaning. + return C.OSTREE_REPO_MODE_BARE, generateError(cErr) } - return nil + + return retMode, nil } diff --git a/vendor/github.com/ostreedev/ostree-go/pkg/otbuiltin/log.go b/vendor/github.com/ostreedev/ostree-go/pkg/otbuiltin/log.go index 2ceea0925..d57498215 100644 --- a/vendor/github.com/ostreedev/ostree-go/pkg/otbuiltin/log.go +++ b/vendor/github.com/ostreedev/ostree-go/pkg/otbuiltin/log.go @@ -2,7 +2,6 @@ package otbuiltin import ( "fmt" - "strings" "time" "unsafe" @@ -16,13 +15,7 @@ import ( // #include "builtin.go.h" import "C" -// Declare variables for options -var logOpts logOptions - -// Set the format of the strings in the log -const formatString = "2006-01-02 03:04;05 -0700" - -// Struct for the various pieces of data in a log entry +// LogEntry is a struct for the various pieces of data in a log entry type LogEntry struct { Checksum []byte Variant []byte @@ -39,24 +32,25 @@ func (l LogEntry) String() string { return fmt.Sprintf("%s\n%s\n\n", l.Checksum, l.Variant) } -type OstreeDumpFlags uint +type ostreeDumpFlags uint const ( - OSTREE_DUMP_NONE OstreeDumpFlags = 0 - OSTREE_DUMP_RAW OstreeDumpFlags = 1 << iota + ostreeDumpNone ostreeDumpFlags = 0 + ostreeDumpRaw ostreeDumpFlags = 1 << iota ) -// Contains all of the options for initializing an ostree repo +// logOptions contains all of the options for initializing an ostree repo type logOptions struct { - Raw bool // Show raw variant data + // Raw determines whether to show raw variant data + Raw bool } -//Instantiates and returns a logOptions struct with default values set +// NewLogOptions instantiates and returns a logOptions struct with default values set func NewLogOptions() logOptions { return logOptions{} } -// Show the logs of a branch starting with a given commit or ref. Returns a +// Log shows the logs of a branch starting with a given commit or ref. Returns a // slice of log entries on success and an error otherwise func Log(repoPath, branch string, options logOptions) ([]LogEntry, error) { // attempt to open the repository @@ -69,12 +63,12 @@ func Log(repoPath, branch string, options logOptions) ([]LogEntry, error) { defer C.free(unsafe.Pointer(cbranch)) var checksum *C.char defer C.free(unsafe.Pointer(checksum)) - var flags OstreeDumpFlags = OSTREE_DUMP_NONE var cerr *C.GError defer C.free(unsafe.Pointer(cerr)) - if logOpts.Raw { - flags |= OSTREE_DUMP_RAW + flags := ostreeDumpNone + if options.Raw { + flags |= ostreeDumpRaw } if !glib.GoBool(glib.GBoolean(C.ostree_repo_resolve_rev(repo.native(), cbranch, C.FALSE, &checksum, &cerr))) { @@ -84,84 +78,86 @@ func Log(repoPath, branch string, options logOptions) ([]LogEntry, error) { return logCommit(repo, checksum, false, flags) } -func logCommit(repo *Repo, checksum *C.char, isRecursive bool, flags OstreeDumpFlags) ([]LogEntry, error) { +func logCommit(repo *Repo, checksum *C.char, isRecursive bool, flags ostreeDumpFlags) ([]LogEntry, error) { var variant *C.GVariant - var parent *C.char - defer C.free(unsafe.Pointer(parent)) var gerr = glib.NewGError() var cerr = (*C.GError)(gerr.Ptr()) defer C.free(unsafe.Pointer(cerr)) - entries := make([]LogEntry, 0, 1) - var err error if !glib.GoBool(glib.GBoolean(C.ostree_repo_load_variant(repo.native(), C.OSTREE_OBJECT_TYPE_COMMIT, checksum, &variant, &cerr))) { if isRecursive && glib.GoBool(glib.GBoolean(C.g_error_matches(cerr, C.g_io_error_quark(), C.G_IO_ERROR_NOT_FOUND))) { return nil, nil } - return entries, generateError(cerr) + return nil, generateError(cerr) } - nextLogEntry := dumpLogObject(C.OSTREE_OBJECT_TYPE_COMMIT, checksum, variant, flags) - - // get the parent of this commit - parent = (*C.char)(C.ostree_commit_get_parent(variant)) + // Get the parent of this commit + parent := (*C.char)(C.ostree_commit_get_parent(variant)) defer C.free(unsafe.Pointer(parent)) + + entries := make([]LogEntry, 0, 1) if parent != nil { + var err error entries, err = logCommit(repo, parent, true, flags) if err != nil { return nil, err } } - entries = append(entries, *nextLogEntry) + + nextLogEntry := dumpLogObject(C.OSTREE_OBJECT_TYPE_COMMIT, checksum, variant, flags) + entries = append(entries, nextLogEntry) + return entries, nil } -func dumpLogObject(objectType C.OstreeObjectType, checksum *C.char, variant *C.GVariant, flags OstreeDumpFlags) *LogEntry { - objLog := new(LogEntry) - objLog.Checksum = []byte(C.GoString(checksum)) +func dumpLogObject(objectType C.OstreeObjectType, checksum *C.char, variant *C.GVariant, flags ostreeDumpFlags) LogEntry { + csum := []byte(C.GoString(checksum)) - if (flags & OSTREE_DUMP_RAW) != 0 { - dumpVariant(objLog, variant) - return objLog + if (flags & ostreeDumpRaw) != 0 { + return dumpVariant(variant, csum) } switch objectType { case C.OSTREE_OBJECT_TYPE_COMMIT: - dumpCommit(objLog, variant, flags) - return objLog + return dumpCommit(variant, flags, csum) default: - return objLog + return LogEntry{ + Checksum: csum, + } } } -func dumpVariant(log *LogEntry, variant *C.GVariant) { - var byteswappedVariant *C.GVariant - +func dumpVariant(variant *C.GVariant, csum []byte) LogEntry { + var logVariant []byte if C.G_BYTE_ORDER != C.G_BIG_ENDIAN { - byteswappedVariant = C.g_variant_byteswap(variant) - log.Variant = []byte(C.GoString((*C.char)(C.g_variant_print(byteswappedVariant, C.TRUE)))) + byteswappedVariant := C.g_variant_byteswap(variant) + logVariant = []byte(C.GoString((*C.char)(C.g_variant_print(byteswappedVariant, C.TRUE)))) } else { - log.Variant = []byte(C.GoString((*C.char)(C.g_variant_print(byteswappedVariant, C.TRUE)))) + logVariant = []byte(C.GoString((*C.char)(C.g_variant_print(variant, C.TRUE)))) + } + + return LogEntry{ + Checksum: csum, + Variant: logVariant, } } -func dumpCommit(log *LogEntry, variant *C.GVariant, flags OstreeDumpFlags) { - var subject, body *C.char +func dumpCommit(variant *C.GVariant, flags ostreeDumpFlags, csum []byte) LogEntry { + var subject *C.char defer C.free(unsafe.Pointer(subject)) + var body *C.char defer C.free(unsafe.Pointer(body)) - var timestamp C.guint64 + var timeBigE C.guint64 - C._g_variant_get_commit_dump(variant, C.CString("(a{sv}aya(say)&s&stayay)"), &subject, &body, ×tamp) + C._g_variant_get_commit_dump(variant, C.CString("(a{sv}aya(say)&s&stayay)"), &subject, &body, &timeBigE) - // Timestamp is now a Unix formatted timestamp as a guint64 - timestamp = C._guint64_from_be(timestamp) - log.Timestamp = time.Unix((int64)(timestamp), 0) - - if strings.Compare(C.GoString(subject), "") != 0 { - log.Subject = C.GoString(subject) - } + // Translate to a host-endian epoch and convert to Go timestamp + timeHostE := C._guint64_from_be(timeBigE) + timestamp := time.Unix((int64)(timeHostE), 0) - if strings.Compare(C.GoString(body), "") != 0 { - log.Body = C.GoString(body) + return LogEntry{ + Timestamp: timestamp, + Subject: C.GoString(subject), + Body: C.GoString(body), } } diff --git a/vendor/github.com/ostreedev/ostree-go/pkg/otbuiltin/ls.go b/vendor/github.com/ostreedev/ostree-go/pkg/otbuiltin/ls.go deleted file mode 100644 index d43ea07c7..000000000 --- a/vendor/github.com/ostreedev/ostree-go/pkg/otbuiltin/ls.go +++ /dev/null @@ -1 +0,0 @@ -package otbuiltin diff --git a/vendor/github.com/ostreedev/ostree-go/pkg/otbuiltin/prune.go b/vendor/github.com/ostreedev/ostree-go/pkg/otbuiltin/prune.go index 8dfa40a55..532522fc5 100644 --- a/vendor/github.com/ostreedev/ostree-go/pkg/otbuiltin/prune.go +++ b/vendor/github.com/ostreedev/ostree-go/pkg/otbuiltin/prune.go @@ -145,7 +145,7 @@ func deleteCommit(repo *Repo, commitToDelete string, cancellable *glib.GCancella } } - if err := enableTombstoneCommits(repo); err != nil { + if err := repo.enableTombstoneCommits(); err != nil { return err } @@ -169,7 +169,7 @@ func pruneCommitsKeepYoungerThanDate(repo *Repo, date time.Time, cancellable *gl var cerr = (*C.GError)(gerr.Ptr()) defer C.free(unsafe.Pointer(cerr)) - if err := enableTombstoneCommits(repo); err != nil { + if err := repo.enableTombstoneCommits(); err != nil { return err } diff --git a/vendor/github.com/ostreedev/ostree-go/pkg/otbuiltin/pull.go b/vendor/github.com/ostreedev/ostree-go/pkg/otbuiltin/pull.go deleted file mode 100644 index d43ea07c7..000000000 --- a/vendor/github.com/ostreedev/ostree-go/pkg/otbuiltin/pull.go +++ /dev/null @@ -1 +0,0 @@ -package otbuiltin diff --git a/vendor/github.com/ostreedev/ostree-go/pkg/otbuiltin/pulllocal.go b/vendor/github.com/ostreedev/ostree-go/pkg/otbuiltin/pulllocal.go deleted file mode 100644 index d43ea07c7..000000000 --- a/vendor/github.com/ostreedev/ostree-go/pkg/otbuiltin/pulllocal.go +++ /dev/null @@ -1 +0,0 @@ -package otbuiltin diff --git a/vendor/github.com/ostreedev/ostree-go/pkg/otbuiltin/refs.go b/vendor/github.com/ostreedev/ostree-go/pkg/otbuiltin/refs.go deleted file mode 100644 index d43ea07c7..000000000 --- a/vendor/github.com/ostreedev/ostree-go/pkg/otbuiltin/refs.go +++ /dev/null @@ -1 +0,0 @@ -package otbuiltin diff --git a/vendor/github.com/ostreedev/ostree-go/pkg/otbuiltin/remote.go b/vendor/github.com/ostreedev/ostree-go/pkg/otbuiltin/remote.go deleted file mode 100644 index d43ea07c7..000000000 --- a/vendor/github.com/ostreedev/ostree-go/pkg/otbuiltin/remote.go +++ /dev/null @@ -1 +0,0 @@ -package otbuiltin diff --git a/vendor/github.com/ostreedev/ostree-go/pkg/otbuiltin/reset.go b/vendor/github.com/ostreedev/ostree-go/pkg/otbuiltin/reset.go deleted file mode 100644 index d43ea07c7..000000000 --- a/vendor/github.com/ostreedev/ostree-go/pkg/otbuiltin/reset.go +++ /dev/null @@ -1 +0,0 @@ -package otbuiltin diff --git a/vendor/github.com/ostreedev/ostree-go/pkg/otbuiltin/revparse.go b/vendor/github.com/ostreedev/ostree-go/pkg/otbuiltin/revparse.go deleted file mode 100644 index d43ea07c7..000000000 --- a/vendor/github.com/ostreedev/ostree-go/pkg/otbuiltin/revparse.go +++ /dev/null @@ -1 +0,0 @@ -package otbuiltin diff --git a/vendor/github.com/ostreedev/ostree-go/pkg/otbuiltin/show.go b/vendor/github.com/ostreedev/ostree-go/pkg/otbuiltin/show.go deleted file mode 100644 index d43ea07c7..000000000 --- a/vendor/github.com/ostreedev/ostree-go/pkg/otbuiltin/show.go +++ /dev/null @@ -1 +0,0 @@ -package otbuiltin diff --git a/vendor/github.com/ostreedev/ostree-go/pkg/otbuiltin/staticdelta.go b/vendor/github.com/ostreedev/ostree-go/pkg/otbuiltin/staticdelta.go deleted file mode 100644 index d43ea07c7..000000000 --- a/vendor/github.com/ostreedev/ostree-go/pkg/otbuiltin/staticdelta.go +++ /dev/null @@ -1 +0,0 @@ -package otbuiltin diff --git a/vendor/github.com/ostreedev/ostree-go/pkg/otbuiltin/summary.go b/vendor/github.com/ostreedev/ostree-go/pkg/otbuiltin/summary.go deleted file mode 100644 index d43ea07c7..000000000 --- a/vendor/github.com/ostreedev/ostree-go/pkg/otbuiltin/summary.go +++ /dev/null @@ -1 +0,0 @@ -package otbuiltin diff --git a/vendor/github.com/ostreedev/ostree-go/pkg/otbuiltin/trivialhttpd.go b/vendor/github.com/ostreedev/ostree-go/pkg/otbuiltin/trivialhttpd.go deleted file mode 100644 index d43ea07c7..000000000 --- a/vendor/github.com/ostreedev/ostree-go/pkg/otbuiltin/trivialhttpd.go +++ /dev/null @@ -1 +0,0 @@ -package otbuiltin diff --git a/vendor/github.com/ostreedev/ostree-go/pkg/otremote/remote.go.h b/vendor/github.com/ostreedev/ostree-go/pkg/otremote/remote.go.h deleted file mode 100644 index e69de29bb..000000000 --- a/vendor/github.com/ostreedev/ostree-go/pkg/otremote/remote.go.h +++ /dev/null diff --git a/vendor/github.com/ostreedev/ostree-go/pkg/otremote/remoteadd.go b/vendor/github.com/ostreedev/ostree-go/pkg/otremote/remoteadd.go deleted file mode 100644 index e69de29bb..000000000 --- a/vendor/github.com/ostreedev/ostree-go/pkg/otremote/remoteadd.go +++ /dev/null diff --git a/vendor/github.com/ostreedev/ostree-go/pkg/otremote/remotedelete.go b/vendor/github.com/ostreedev/ostree-go/pkg/otremote/remotedelete.go deleted file mode 100644 index e69de29bb..000000000 --- a/vendor/github.com/ostreedev/ostree-go/pkg/otremote/remotedelete.go +++ /dev/null diff --git a/vendor/github.com/ostreedev/ostree-go/pkg/otremote/remotegpgimport.go b/vendor/github.com/ostreedev/ostree-go/pkg/otremote/remotegpgimport.go deleted file mode 100644 index e69de29bb..000000000 --- a/vendor/github.com/ostreedev/ostree-go/pkg/otremote/remotegpgimport.go +++ /dev/null diff --git a/vendor/github.com/ostreedev/ostree-go/pkg/otremote/remotelist.go b/vendor/github.com/ostreedev/ostree-go/pkg/otremote/remotelist.go deleted file mode 100644 index e69de29bb..000000000 --- a/vendor/github.com/ostreedev/ostree-go/pkg/otremote/remotelist.go +++ /dev/null diff --git a/vendor/github.com/ostreedev/ostree-go/pkg/otremote/remoterefs.go b/vendor/github.com/ostreedev/ostree-go/pkg/otremote/remoterefs.go deleted file mode 100644 index e69de29bb..000000000 --- a/vendor/github.com/ostreedev/ostree-go/pkg/otremote/remoterefs.go +++ /dev/null diff --git a/vendor/github.com/ostreedev/ostree-go/pkg/otremote/remoteshowurl.go b/vendor/github.com/ostreedev/ostree-go/pkg/otremote/remoteshowurl.go deleted file mode 100644 index e69de29bb..000000000 --- a/vendor/github.com/ostreedev/ostree-go/pkg/otremote/remoteshowurl.go +++ /dev/null diff --git a/vendor/github.com/ostreedev/ostree-go/pkg/otremote/remotesummary.go b/vendor/github.com/ostreedev/ostree-go/pkg/otremote/remotesummary.go deleted file mode 100644 index e69de29bb..000000000 --- a/vendor/github.com/ostreedev/ostree-go/pkg/otremote/remotesummary.go +++ /dev/null |