diff options
-rw-r--r-- | .cirrus.yml | 16 | ||||
-rw-r--r-- | .gitignore | 1 | ||||
-rw-r--r-- | Containerfile-nix | 10 | ||||
-rw-r--r-- | Makefile | 26 | ||||
-rw-r--r-- | README.md | 6 | ||||
-rw-r--r-- | cmd/podman/containers/unmount.go | 3 | ||||
-rw-r--r-- | libpod/define/info.go | 1 | ||||
-rw-r--r-- | libpod/info.go | 2 | ||||
-rw-r--r-- | libpod/linkmode/linkmode_dynamic.go | 8 | ||||
-rw-r--r-- | libpod/linkmode/linkmode_static.go | 8 | ||||
-rw-r--r-- | libpod/lock/shm/shm_lock_test.go | 1 | ||||
-rw-r--r-- | nix/default.nix | 53 | ||||
-rw-r--r-- | nix/nixpkgs.json | 9 | ||||
-rw-r--r-- | nix/nixpkgs.nix | 8 | ||||
-rw-r--r-- | pkg/spec/spec.go | 20 | ||||
-rw-r--r-- | test/e2e/generate_kube_test.go | 1 | ||||
-rw-r--r-- | test/e2e/mount_test.go | 1 | ||||
-rw-r--r-- | test/e2e/play_kube_test.go | 1 |
18 files changed, 162 insertions, 13 deletions
diff --git a/.cirrus.yml b/.cirrus.yml index 10e78404a..e53788c6c 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -820,6 +820,7 @@ success_task: - "test_build_cache_images" - "verify_test_built_images" - "docs" + - "static_build" # FIXME remove when all v2 tests pass - "integration_test_temporary" @@ -835,3 +836,18 @@ success_task: memory: 1 success_script: '/usr/local/bin/entrypoint.sh ./$SCRIPT_BASE/success.sh |& ${TIMESTAMP}' + +static_build_task: + container: + image: quay.io/podman/nix-podman:1.0.0 + cpu: 8 + memory: 12 + timeout_in: 20m + depends_on: + - "gating" + build_script: + - nix build -f nix + binaries_artifacts: + path: "result-bin/bin/podman" + on_failure: + failed_branch_script: '$CIRRUS_WORKING_DIR/$SCRIPT_BASE/notice_branch_failure.sh |& ${TIMESTAMP}' diff --git a/.gitignore b/.gitignore index e60b8c03a..9af705caa 100644 --- a/.gitignore +++ b/.gitignore @@ -31,3 +31,4 @@ release.txt /test/copyimg/copyimg /test/goecho/goecho .vscode* +result-bin diff --git a/Containerfile-nix b/Containerfile-nix new file mode 100644 index 000000000..5eea71af6 --- /dev/null +++ b/Containerfile-nix @@ -0,0 +1,10 @@ +# vim: set syntax=dockerfile: +FROM nixos/nix:latest + +RUN apk add --no-cache bash git + +COPY . /work +WORKDIR work/nix +RUN nix-build +WORKDIR / +RUN rm -rf work @@ -74,7 +74,7 @@ LDFLAGS_PODMAN ?= \ -X $(LIBPOD)/define.buildInfo=$(BUILD_INFO) \ -X $(LIBPOD)/config._installPrefix=$(PREFIX) \ -X $(LIBPOD)/config._etcDir=$(ETCDIR) \ - -extldflags "$(LDFLAGS)" + $(EXTRA_LDFLAGS) #Update to LIBSECCOMP_COMMIT should reflect in Dockerfile too. LIBSECCOMP_COMMIT := v2.3.3 # Rarely if ever should integration tests take more than 50min, @@ -217,6 +217,30 @@ bin/podman.cross.%: .gopathok GOARCH="$${TARGET##*.}" \ $(GO_BUILD) -gcflags '$(GCFLAGS)' -asmflags '$(ASMFLAGS)' -ldflags '$(LDFLAGS_PODMAN)' -tags '$(BUILDTAGS_CROSS)' -o "$@" $(PROJECT)/cmd/podman +# Update nix/nixpkgs.json its latest master commit +.PHONY: nixpkgs +nixpkgs: + @nix run -f channel:nixpkgs-unstable nix-prefetch-git -c nix-prefetch-git \ + --no-deepClone https://github.com/nixos/nixpkgs > nix/nixpkgs.json + +NIX_IMAGE ?= quay.io/podman/nix-podman:1.0.0 + +# Build the nix image as base for static builds +.PHONY: nix-image +nix-image: + $(CONTAINER_RUNTIME) build -t $(NIX_IMAGE) -f Containerfile-nix . + +# Build podman statically linked based on the default nix container image +.PHONY: build-static +build-static: + $(CONTAINER_RUNTIME) run \ + --rm -it \ + -v $(shell pwd):/work \ + -w /work $(NIX_IMAGE) \ + sh -c "nix build -f nix && \ + mkdir -p bin && \ + cp result-*bin/bin/podman bin/podman-static" + .PHONY: run-docker-py-tests run-docker-py-tests: $(eval testLogs=$(shell mktemp)) @@ -180,3 +180,9 @@ Podman offers a Varlink-based API for remote management of containers. However, this API has been deprecated by the REST API. Varlink support is in maintenance mode, and will be removed in a future release. For more details, you can see [this blog](https://podman.io/blogs/2020/01/17/podman-new-api.html). + +## Static Binary Builds +The Cirrus CI integration within this repository contains a `static_build` job +which produces a static Podman binary for testing purposes. Please note that +this binary is not officially supported with respect to feature-completeness +and functionality and should be only used for testing. diff --git a/cmd/podman/containers/unmount.go b/cmd/podman/containers/unmount.go index d0ca202fe..c8e551e28 100644 --- a/cmd/podman/containers/unmount.go +++ b/cmd/podman/containers/unmount.go @@ -27,9 +27,6 @@ var ( Args: func(cmd *cobra.Command, args []string) error { return parse.CheckAllLatestAndCIDFile(cmd, args, false, false) }, - Annotations: map[string]string{ - registry.ParentNSRequired: "", - }, Example: `podman umount ctrID podman umount ctrID1 ctrID2 ctrID3 podman umount --all`, diff --git a/libpod/define/info.go b/libpod/define/info.go index 2516cad77..906aa523f 100644 --- a/libpod/define/info.go +++ b/libpod/define/info.go @@ -33,6 +33,7 @@ type HostInfo struct { SwapFree int64 `json:"swapFree"` SwapTotal int64 `json:"swapTotal"` Uptime string `json:"uptime"` + Linkmode string `json:"linkmode"` } // SlirpInfo describes the slirp exectuable that diff --git a/libpod/info.go b/libpod/info.go index 4007e0ce7..51208a2b1 100644 --- a/libpod/info.go +++ b/libpod/info.go @@ -14,6 +14,7 @@ import ( "github.com/containers/buildah" "github.com/containers/libpod/libpod/define" + "github.com/containers/libpod/libpod/linkmode" "github.com/containers/libpod/pkg/cgroups" registries2 "github.com/containers/libpod/pkg/registries" "github.com/containers/libpod/pkg/rootless" @@ -86,6 +87,7 @@ func (r *Runtime) hostInfo() (*define.HostInfo, error) { info := define.HostInfo{ Arch: runtime.GOARCH, BuildahVersion: buildah.Version, + Linkmode: linkmode.Linkmode(), CPUs: runtime.NumCPU(), Distribution: hostDistributionInfo, EventLogger: r.eventer.String(), diff --git a/libpod/linkmode/linkmode_dynamic.go b/libpod/linkmode/linkmode_dynamic.go new file mode 100644 index 000000000..6d51d60e0 --- /dev/null +++ b/libpod/linkmode/linkmode_dynamic.go @@ -0,0 +1,8 @@ +// +build !static + +package linkmode + +// Linkmode returns the linking mode (static/dynamic) for the build. +func Linkmode() string { + return "dynamic" +} diff --git a/libpod/linkmode/linkmode_static.go b/libpod/linkmode/linkmode_static.go new file mode 100644 index 000000000..2db083f4a --- /dev/null +++ b/libpod/linkmode/linkmode_static.go @@ -0,0 +1,8 @@ +// +build static + +package linkmode + +// Linkmode returns the linking mode (static/dynamic) for the build. +func Linkmode() string { + return "static" +} diff --git a/libpod/lock/shm/shm_lock_test.go b/libpod/lock/shm/shm_lock_test.go index 41a150c59..362821c62 100644 --- a/libpod/lock/shm/shm_lock_test.go +++ b/libpod/lock/shm/shm_lock_test.go @@ -76,6 +76,7 @@ func TestCreateNewSHMBadSizeRoundsUp(t *testing.T) { // Odd number, not a power of 2, should never be a word size on a system lock, err := CreateSHMLock("/test1", 7) assert.NoError(t, err) + assert.NotNil(t, lock) assert.Equal(t, lock.GetMaxLocks(), BitmapSize) diff --git a/nix/default.nix b/nix/default.nix new file mode 100644 index 000000000..211caee93 --- /dev/null +++ b/nix/default.nix @@ -0,0 +1,53 @@ +let + pkgs = import ./nixpkgs.nix { + config = { + packageOverrides = pkg: { + go_1_12 = pkg.go_1_14; + }; + }; + }; + + static = pkg: pkg.overrideAttrs(old: { + configureFlags = (old.configureFlags or []) ++ + [ "--without-shared" "--disable-shared" ]; + dontDisableStatic = true; + enableSharedExecutables = false; + enableStatic = true; + }); + + patchLvm2 = pkg: pkg.overrideAttrs(old: { + configureFlags = [ + "--disable-cmdlib" "--disable-readline" "--disable-udev_rules" + "--disable-udev_sync" "--enable-pkgconfig" "--enable-static_link" + ]; + preConfigure = old.preConfigure + '' + substituteInPlace libdm/Makefile.in --replace \ + SUBDIRS=dm-tools SUBDIRS= + substituteInPlace tools/Makefile.in --replace \ + "TARGETS += lvm.static" "" + substituteInPlace tools/Makefile.in --replace \ + "INSTALL_LVM_TARGETS += install_tools_static" "" + ''; + postInstall = ""; + }); + + self = { + podman-static = (pkgs.podman.overrideAttrs(old: { + name = "podman-static"; + buildInputs = old.buildInputs ++ (with pkgs; [ + (static pkgs.libassuan) + (static pkgs.libgpgerror) + git + glibc + glibc.static + ]); + src = ./..; + EXTRA_LDFLAGS = ''-linkmode external -extldflags "-static -lm"''; + BUILDTAGS = ''static apparmor selinux seccomp systemd varlink containers_image_ostree_stub''; + })).override { + gpgme = (static pkgs.gpgme); + libseccomp = (static pkgs.libseccomp); + lvm2 = (patchLvm2 (static pkgs.lvm2)); + }; + }; +in self diff --git a/nix/nixpkgs.json b/nix/nixpkgs.json new file mode 100644 index 000000000..fbc774373 --- /dev/null +++ b/nix/nixpkgs.json @@ -0,0 +1,9 @@ +{ + "url": "https://github.com/nixos/nixpkgs", + "rev": "a08d4f605bca62c282ce9955d5ddf7d824e89809", + "date": "2020-03-20T10:10:15+01:00", + "sha256": "1bniq08dlmrmrz4aga1cj0d7rqbaq9xapm5ar15wdv2c6431z2m8", + "fetchSubmodules": false, + "deepClone": false, + "leaveDotGit": false +} diff --git a/nix/nixpkgs.nix b/nix/nixpkgs.nix new file mode 100644 index 000000000..21e7f17a2 --- /dev/null +++ b/nix/nixpkgs.nix @@ -0,0 +1,8 @@ +let + json = builtins.fromJSON (builtins.readFile ./nixpkgs.json); + nixpkgs = import (builtins.fetchTarball { + name = "nixos-unstable"; + url = "${json.url}/archive/${json.rev}.tar.gz"; + inherit (json) sha256; + }); +in nixpkgs diff --git a/pkg/spec/spec.go b/pkg/spec/spec.go index 77e92ae29..25cad9578 100644 --- a/pkg/spec/spec.go +++ b/pkg/spec/spec.go @@ -545,10 +545,14 @@ func addRlimits(config *CreateConfig, g *generate.Generator) error { if err := unix.Getrlimit(unix.RLIMIT_NOFILE, &rlimit); err != nil { logrus.Warnf("failed to return RLIMIT_NOFILE ulimit %q", err) } - current = rlimit.Cur - max = rlimit.Max + if rlimit.Cur < current { + current = rlimit.Cur + } + if rlimit.Max < max { + max = rlimit.Max + } } - g.AddProcessRlimits("RLIMIT_NOFILE", current, max) + g.AddProcessRlimits("RLIMIT_NOFILE", max, current) } if !nprocSet { max := kernelMax @@ -558,10 +562,14 @@ func addRlimits(config *CreateConfig, g *generate.Generator) error { if err := unix.Getrlimit(unix.RLIMIT_NPROC, &rlimit); err != nil { logrus.Warnf("failed to return RLIMIT_NPROC ulimit %q", err) } - current = rlimit.Cur - max = rlimit.Max + if rlimit.Cur < current { + current = rlimit.Cur + } + if rlimit.Max < max { + max = rlimit.Max + } } - g.AddProcessRlimits("RLIMIT_NPROC", current, max) + g.AddProcessRlimits("RLIMIT_NPROC", max, current) } return nil diff --git a/test/e2e/generate_kube_test.go b/test/e2e/generate_kube_test.go index 1650831a5..389f2c822 100644 --- a/test/e2e/generate_kube_test.go +++ b/test/e2e/generate_kube_test.go @@ -21,7 +21,6 @@ var _ = Describe("Podman generate kube", func() { ) BeforeEach(func() { - SkipIfRootlessV2() tempdir, err = CreateTempDirInTempDir() if err != nil { os.Exit(1) diff --git a/test/e2e/mount_test.go b/test/e2e/mount_test.go index bb1e129db..ac52d8c7e 100644 --- a/test/e2e/mount_test.go +++ b/test/e2e/mount_test.go @@ -18,7 +18,6 @@ var _ = Describe("Podman mount", func() { ) BeforeEach(func() { - SkipIfRootlessV2() tempdir, err = CreateTempDirInTempDir() if err != nil { os.Exit(1) diff --git a/test/e2e/play_kube_test.go b/test/e2e/play_kube_test.go index fa943c12f..9daf266b8 100644 --- a/test/e2e/play_kube_test.go +++ b/test/e2e/play_kube_test.go @@ -217,7 +217,6 @@ var _ = Describe("Podman generate kube", func() { ) BeforeEach(func() { - SkipIfRootlessV2() tempdir, err = CreateTempDirInTempDir() if err != nil { os.Exit(1) |