diff options
40 files changed, 289 insertions, 87 deletions
diff --git a/.cirrus.yml b/.cirrus.yml index 1458e2cc6..276623607 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -417,8 +417,6 @@ testing_task: gce_instance: image_name: "${PRIOR_UBUNTU_CACHE_IMAGE_NAME}" - timeout_in: 120m - env: ADD_SECOND_PARTITION: 'true' matrix: @@ -473,8 +471,6 @@ special_testing_rootless_task: - RCLI: 'true' - RCLI: 'false' - timeout_in: 60m - networking_script: '${CIRRUS_WORKING_DIR}/${SCRIPT_BASE}/networking.sh' setup_environment_script: '$SCRIPT_BASE/setup_environment.sh |& ${TIMESTAMP}' integration_test_script: '$SCRIPT_BASE/integration_test.sh |& ${TIMESTAMP} | ${LOGFORMAT} integration_test' @@ -515,8 +511,6 @@ special_testing_in_podman_task: MOD_CONTAINERS_CONF: 'false' # Use existing/native setup SPECIALMODE: 'in_podman' # See docs - timeout_in: 60m - networking_script: '${CIRRUS_WORKING_DIR}/${SCRIPT_BASE}/networking.sh' setup_environment_script: '$SCRIPT_BASE/setup_environment.sh |& ${TIMESTAMP}' integration_test_script: '$SCRIPT_BASE/integration_test.sh |& ${TIMESTAMP} | ${LOGFORMAT} integration_test' @@ -62,7 +62,7 @@ else BUILD_INFO ?= $(shell date "+$(DATE_FMT)") ISODATE ?= $(shell date --iso-8601) endif -LIBPOD := ${PROJECT}/libpod +LIBPOD := ${PROJECT}/v2/libpod GCFLAGS ?= all=-trimpath=${PWD} ASMFLAGS ?= all=-trimpath=${PWD} LDFLAGS_PODMAN ?= \ diff --git a/cmd/podman/registry/remote.go b/cmd/podman/registry/remote.go index 9b7523ac0..78b820269 100644 --- a/cmd/podman/registry/remote.go +++ b/cmd/podman/registry/remote.go @@ -15,13 +15,14 @@ var remoteFromCLI = struct { }{} // IsRemote returns true if podman was built to run remote or --remote flag given on CLI -// Use in init() functions as a initialization check +// Use in init() functions as an initialization check func IsRemote() bool { remoteFromCLI.sync.Do(func() { fs := pflag.NewFlagSet("remote", pflag.ContinueOnError) - fs.BoolVarP(&remoteFromCLI.Value, "remote", "r", false, "") fs.ParseErrorsWhitelist.UnknownFlags = true + fs.Usage = func() {} fs.SetInterspersed(false) + fs.BoolVarP(&remoteFromCLI.Value, "remote", "r", false, "") _ = fs.Parse(os.Args[1:]) }) return podmanOptions.EngineMode == entities.TunnelMode || remoteFromCLI.Value diff --git a/cmd/podman/system/service_abi.go b/cmd/podman/system/service_abi.go index 6c6dd42a4..95cbd19d9 100644 --- a/cmd/podman/system/service_abi.go +++ b/cmd/podman/system/service_abi.go @@ -5,8 +5,12 @@ package system import ( "context" "net" + "os" + "os/signal" "strings" + "github.com/containers/podman/v2/cmd/podman/utils" + "github.com/containers/podman/v2/libpod" api "github.com/containers/podman/v2/pkg/api/server" "github.com/containers/podman/v2/pkg/domain/entities" "github.com/containers/podman/v2/pkg/domain/infra" @@ -39,6 +43,7 @@ func restService(opts entities.ServiceOptions, flags *pflag.FlagSet, cfg *entiti return err } + startWatcher(rt) server, err := api.NewServerWithSettings(rt, opts.Timeout, listener) if err != nil { return err @@ -55,3 +60,24 @@ func restService(opts entities.ServiceOptions, flags *pflag.FlagSet, cfg *entiti } return err } + +// startWatcher starts a new SIGHUP go routine for the current config. +func startWatcher(rt *libpod.Runtime) { + // Setup the signal notifier + ch := make(chan os.Signal, 1) + signal.Notify(ch, utils.SIGHUP) + + go func() { + for { + // Block until the signal is received + logrus.Debugf("waiting for SIGHUP to reload configuration") + <-ch + if err := rt.Reload(); err != nil { + logrus.Errorf("unable to reload configuration: %v", err) + continue + } + } + }() + + logrus.Debugf("registered SIGHUP watcher for config") +} diff --git a/cmd/podman/utils/signals_linux.go b/cmd/podman/utils/signals_linux.go new file mode 100644 index 000000000..f0a14aff0 --- /dev/null +++ b/cmd/podman/utils/signals_linux.go @@ -0,0 +1,14 @@ +// +build !windows + +package utils + +import ( + "os" + + "golang.org/x/sys/unix" +) + +// Platform specific signal synonyms +var ( + SIGHUP os.Signal = unix.SIGHUP +) diff --git a/cmd/podman/utils/signals_windows.go b/cmd/podman/utils/signals_windows.go new file mode 100644 index 000000000..30b058cb9 --- /dev/null +++ b/cmd/podman/utils/signals_windows.go @@ -0,0 +1,14 @@ +// +build windows + +package utils + +import ( + "os" + + "golang.org/x/sys/windows" +) + +// Platform specific signal synonyms +var ( + SIGHUP os.Signal = windows.SIGHUP +) diff --git a/docs/source/markdown/podman-create.1.md b/docs/source/markdown/podman-create.1.md index 05aea53b6..976a1e681 100644 --- a/docs/source/markdown/podman-create.1.md +++ b/docs/source/markdown/podman-create.1.md @@ -339,7 +339,7 @@ value can be expressed in a time format such as `1m22s`. The default value is ` Container host name -Sets the container host name that is available inside the container. +Sets the container host name that is available inside the container. Can only be used with a private UTS namespace `--uts=private` (default). If `--pod` is specified and the pod shares the UTS namespace (default) the pods hostname will be used. **--help** @@ -898,12 +898,14 @@ Set the user namespace mode for the container. It defaults to the **PODMAN_USER This option is incompatible with --gidmap, --uidmap, --subuid and --subgid -**--uts**=*host* +**--uts**=*mode* -Set the UTS mode for the container - **host**: use the host's UTS namespace inside the container. - **ns**: specify the user namespace to use. - Note: the host mode gives the container access to changing the host's hostname and is therefore considered insecure. +Set the UTS namespace mode for the container. The following values are supported: + +- **host**: use the host's UTS namespace inside the container. +- **private**: create a new namespace for the container (default). +- **ns:[path]**: run the container in the given existing UTS namespace. +- **container:[container]**: join the UTS namespace of the specified container. **--volume**, **-v**[=*[[SOURCE-VOLUME|HOST-DIR:]CONTAINER-DIR[:OPTIONS]]*] diff --git a/docs/source/markdown/podman-run.1.md b/docs/source/markdown/podman-run.1.md index ef78e15e3..b6c1fab17 100644 --- a/docs/source/markdown/podman-run.1.md +++ b/docs/source/markdown/podman-run.1.md @@ -358,7 +358,7 @@ Print usage statement Container host name -Sets the container host name that is available inside the container. +Sets the container host name that is available inside the container. Can only be used with a private UTS namespace `--uts=private` (default). If `--pod` is specified and the pod shares the UTS namespace (default) the pods hostname will be used. **--http-proxy**=**true**|**false** @@ -938,10 +938,9 @@ This option is incompatible with **--gidmap**, **--uidmap**, **--subuid** and ** Set the UTS namespace mode for the container. The following values are supported: - **host**: use the host's UTS namespace inside the container. -- **private**: create a new namespace for the container (default) -- **ns**: use own UTS namespace. - -**NOTE**: the host mode gives the container access to changing the host's hostname and is therefore considered insecure. +- **private**: create a new namespace for the container (default). +- **ns:[path]**: run the container in the given existing UTS namespace. +- **container:[container]**: join the UTS namespace of the specified container. **--volume**, **-v**[=[[_source-volume_|_host-dir_:]_container-dir_[:_options_]]] @@ -13,7 +13,7 @@ require ( github.com/containers/buildah v1.15.1-0.20200731151214-29f4d01c621c github.com/containers/common v0.18.0 github.com/containers/conmon v2.0.19+incompatible - github.com/containers/image/v5 v5.5.1 + github.com/containers/image/v5 v5.5.2 github.com/containers/psgo v1.5.1 github.com/containers/storage v1.23.0 github.com/coreos/go-systemd/v22 v22.1.0 @@ -79,6 +79,8 @@ github.com/containers/conmon v2.0.19+incompatible h1:1bDVRvHy2MUNTUT/SW6LlHsJHQB github.com/containers/conmon v2.0.19+incompatible/go.mod h1:hgwZ2mtuDrppv78a/cOBNiCm6O0UMWGx1mu7P00nu5I= github.com/containers/image/v5 v5.5.1 h1:h1FCOXH6Ux9/p/E4rndsQOC4yAdRU0msRTfLVeQ7FDQ= github.com/containers/image/v5 v5.5.1/go.mod h1:4PyNYR0nwlGq/ybVJD9hWlhmIsNra4Q8uOQX2s6E2uM= +github.com/containers/image/v5 v5.5.2 h1:fv7FArz0zUnjH0W0l8t90CqWFlFcQrPP6Pug+9dUtVI= +github.com/containers/image/v5 v5.5.2/go.mod h1:4PyNYR0nwlGq/ybVJD9hWlhmIsNra4Q8uOQX2s6E2uM= github.com/containers/libtrust v0.0.0-20190913040956-14b96171aa3b h1:Q8ePgVfHDplZ7U33NwHZkrVELsZP5fYj9pM5WBZB2GE= github.com/containers/libtrust v0.0.0-20190913040956-14b96171aa3b/go.mod h1:9rfv8iPl1ZP7aqh9YA68wnZv2NUDbXdcdPHVz0pFbPY= github.com/containers/ocicrypt v1.0.2/go.mod h1:nsOhbP19flrX6rE7ieGFvBlr7modwmNjsqWarIUce4M= diff --git a/libpod/runtime.go b/libpod/runtime.go index 8a7053e33..1d2e624d8 100644 --- a/libpod/runtime.go +++ b/libpod/runtime.go @@ -10,6 +10,7 @@ import ( "syscall" "github.com/containers/common/pkg/config" + "github.com/containers/image/v5/pkg/sysregistriesv2" is "github.com/containers/image/v5/storage" "github.com/containers/image/v5/types" "github.com/containers/podman/v2/libpod/define" @@ -17,6 +18,7 @@ import ( "github.com/containers/podman/v2/libpod/image" "github.com/containers/podman/v2/libpod/lock" "github.com/containers/podman/v2/pkg/cgroups" + "github.com/containers/podman/v2/pkg/registries" "github.com/containers/podman/v2/pkg/rootless" "github.com/containers/podman/v2/pkg/util" "github.com/containers/storage" @@ -816,3 +818,50 @@ func (r *Runtime) mergeDBConfig(dbConfig *DBConfig) { func (r *Runtime) EnableLabeling() bool { return r.config.Containers.EnableLabeling } + +// Reload reloads the configurations files +func (r *Runtime) Reload() error { + if err := r.reloadContainersConf(); err != nil { + return err + } + if err := r.reloadStorageConf(); err != nil { + return err + } + if err := reloadRegistriesConf(); err != nil { + return err + } + return nil +} + +// reloadContainersConf reloads the containers.conf +func (r *Runtime) reloadContainersConf() error { + config, err := config.Reload() + if err != nil { + return err + } + r.config = config + logrus.Infof("applied new containers configuration: %v", config) + return nil +} + +// reloadRegistries reloads the registries.conf +func reloadRegistriesConf() error { + sysregistriesv2.InvalidateCache() + registries, err := sysregistriesv2.GetRegistries(&types.SystemContext{SystemRegistriesConfPath: registries.SystemRegistriesConfPath()}) + if err != nil { + return err + } + logrus.Infof("applied new registry configuration: %+v", registries) + return nil +} + +// reloadStorageConf reloads the storage.conf +func (r *Runtime) reloadStorageConf() error { + configFile, err := storage.DefaultConfigFile(rootless.IsRootless()) + if err != nil { + return err + } + storage.ReloadConfigurationFile(configFile, &r.storageConfig) + logrus.Infof("applied new storage configuration: %v", r.storageConfig) + return nil +} diff --git a/pkg/domain/infra/abi/system.go b/pkg/domain/infra/abi/system.go index 71fe478fd..478fac1d5 100644 --- a/pkg/domain/infra/abi/system.go +++ b/pkg/domain/infra/abi/system.go @@ -70,8 +70,13 @@ func (ic *ContainerEngine) SetupRootless(_ context.Context, cmd *cobra.Command) if err != nil { return err } + + initCommand, err := ioutil.ReadFile("/proc/1/comm") + // On errors, default to systemd + runsUnderSystemd := err != nil || string(initCommand) == "systemd" + unitName := fmt.Sprintf("podman-%d.scope", os.Getpid()) - if conf.Engine.CgroupManager == config.SystemdCgroupsManager { + if runsUnderSystemd || conf.Engine.CgroupManager == config.SystemdCgroupsManager { if err := utils.RunUnderSystemdScope(os.Getpid(), "user.slice", unitName); err != nil { logrus.Warnf("Failed to add podman to systemd sandbox cgroup: %v", err) } diff --git a/pkg/env/env.go b/pkg/env/env.go index a16007a50..0d55e5560 100644 --- a/pkg/env/env.go +++ b/pkg/env/env.go @@ -12,14 +12,16 @@ import ( "github.com/pkg/errors" ) -// DefaultEnvVariables sets $PATH and $TERM. -var DefaultEnvVariables = map[string]string{ - "PATH": "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", - "TERM": "xterm", -} - const whiteSpaces = " \t" +// DefaultEnvVariables returns a default environment, with $PATH and $TERM set. +func DefaultEnvVariables() map[string]string { + return map[string]string{ + "PATH": "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", + "TERM": "xterm", + } +} + // Slice transforms the specified map of environment variables into a // slice. If a value is non-empty, the key and value are joined with '='. func Slice(m map[string]string) []string { diff --git a/pkg/spec/spec.go b/pkg/spec/spec.go index c7a838d4c..893ae3cab 100644 --- a/pkg/spec/spec.go +++ b/pkg/spec/spec.go @@ -321,13 +321,13 @@ func (config *CreateConfig) createConfigToOCISpec(runtime *libpod.Runtime, userM // config. var defaultEnv map[string]string if runtimeConfig == nil { - defaultEnv = env.DefaultEnvVariables + defaultEnv = env.DefaultEnvVariables() } else { defaultEnv, err = env.ParseSlice(runtimeConfig.Containers.Env) if err != nil { return nil, errors.Wrap(err, "Env fields in containers.conf failed ot parse") } - defaultEnv = env.Join(env.DefaultEnvVariables, defaultEnv) + defaultEnv = env.Join(env.DefaultEnvVariables(), defaultEnv) } if err := addRlimits(config, &g); err != nil { diff --git a/pkg/specgen/container_validate.go b/pkg/specgen/container_validate.go index 8289e2089..76961fa80 100644 --- a/pkg/specgen/container_validate.go +++ b/pkg/specgen/container_validate.go @@ -46,6 +46,9 @@ func (s *SpecGenerator) Validate() error { } // Cannot set hostname and utsns if len(s.ContainerBasicConfig.Hostname) > 0 && !s.ContainerBasicConfig.UtsNS.IsPrivate() { + if s.ContainerBasicConfig.UtsNS.IsPod() { + return errors.Wrap(ErrInvalidSpecConfig, "cannot set hostname when joining the pod UTS namespace") + } return errors.Wrap(ErrInvalidSpecConfig, "cannot set hostname when running in the host UTS namespace") } // systemd values must be true, false, or always diff --git a/pkg/systemd/generate/common.go b/pkg/systemd/generate/common.go index d6d18a810..1fc4479ff 100644 --- a/pkg/systemd/generate/common.go +++ b/pkg/systemd/generate/common.go @@ -1,6 +1,7 @@ package generate import ( + "strconv" "strings" "github.com/pkg/errors" @@ -53,3 +54,15 @@ func filterPodFlags(command []string) []string { } return processed } + +// quoteArguments makes sure that all arguments with at least one whitespace +// are quoted to make sure those are interpreted as one argument instead of +// multiple ones. +func quoteArguments(command []string) []string { + for i := range command { + if strings.ContainsAny(command[i], " \t") { + command[i] = strconv.Quote(command[i]) + } + } + return command +} diff --git a/pkg/systemd/generate/common_test.go b/pkg/systemd/generate/common_test.go index 389c30f59..d0ec5637c 100644 --- a/pkg/systemd/generate/common_test.go +++ b/pkg/systemd/generate/common_test.go @@ -28,3 +28,28 @@ func TestFilterPodFlags(t *testing.T) { } } } + +func TestQuoteArguments(t *testing.T) { + tests := []struct { + input []string + output []string + }{ + { + []string{"foo", "bar=\"arg\""}, + []string{"foo", "bar=\"arg\""}, + }, + { + []string{"foo", "bar=\"arg with space\""}, + []string{"foo", "\"bar=\\\"arg with space\\\"\""}, + }, + { + []string{"foo", "bar=\"arg with\ttab\""}, + []string{"foo", "\"bar=\\\"arg with\\ttab\\\"\""}, + }, + } + + for _, test := range tests { + quoted := quoteArguments(test.input) + assert.Equal(t, test.output, quoted) + } +} diff --git a/pkg/systemd/generate/containers.go b/pkg/systemd/generate/containers.go index 3d266a7a1..5f6376977 100644 --- a/pkg/systemd/generate/containers.go +++ b/pkg/systemd/generate/containers.go @@ -241,6 +241,7 @@ func executeContainerTemplate(info *containerInfo, options entities.GenerateSyst startCommand = append(startCommand, "--replace") } startCommand = append(startCommand, info.CreateCommand[index:]...) + startCommand = quoteArguments(startCommand) info.ExecStartPre = "/bin/rm -f {{.PIDFile}} {{.ContainerIDFile}}" info.ExecStart = strings.Join(startCommand, " ") diff --git a/pkg/systemd/generate/containers_test.go b/pkg/systemd/generate/containers_test.go index 41817c03c..b5c736c5a 100644 --- a/pkg/systemd/generate/containers_test.go +++ b/pkg/systemd/generate/containers_test.go @@ -117,7 +117,7 @@ After=network-online.target Environment=PODMAN_SYSTEMD_UNIT=%n Restart=always ExecStartPre=/bin/rm -f %t/jadda-jadda.pid %t/jadda-jadda.ctr-id -ExecStart=/usr/bin/podman run --conmon-pidfile %t/jadda-jadda.pid --cidfile %t/jadda-jadda.ctr-id --cgroups=no-conmon -d --replace --name jadda-jadda --hostname hello-world awesome-image:latest command arg1 ... argN +ExecStart=/usr/bin/podman run --conmon-pidfile %t/jadda-jadda.pid --cidfile %t/jadda-jadda.ctr-id --cgroups=no-conmon -d --replace --name jadda-jadda --hostname hello-world awesome-image:latest command arg1 ... argN "foo=arg \"with \" space" ExecStop=/usr/bin/podman stop --ignore --cidfile %t/jadda-jadda.ctr-id -t 42 ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/jadda-jadda.ctr-id PIDFile=%t/jadda-jadda.pid @@ -296,7 +296,7 @@ WantedBy=multi-user.target default.target` PIDFile: "/var/run/containers/storage/overlay-containers/639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401/userdata/conmon.pid", StopTimeout: 42, PodmanVersion: "CI", - CreateCommand: []string{"I'll get stripped", "container", "run", "--name", "jadda-jadda", "--hostname", "hello-world", "awesome-image:latest", "command", "arg1", "...", "argN"}, + CreateCommand: []string{"I'll get stripped", "container", "run", "--name", "jadda-jadda", "--hostname", "hello-world", "awesome-image:latest", "command", "arg1", "...", "argN", "foo=arg \"with \" space"}, EnvVariable: EnvVariable, }, goodWithNameAndGeneric, diff --git a/pkg/systemd/generate/pods.go b/pkg/systemd/generate/pods.go index ec28dfe84..dec9587d9 100644 --- a/pkg/systemd/generate/pods.go +++ b/pkg/systemd/generate/pods.go @@ -292,6 +292,7 @@ func executePodTemplate(info *podInfo, options entities.GenerateSystemdOptions) } startCommand = append(startCommand, podCreateArgs...) + startCommand = quoteArguments(startCommand) info.ExecStartPre1 = "/bin/rm -f {{.PIDFile}} {{.PodIDFile}}" info.ExecStartPre2 = strings.Join(startCommand, " ") diff --git a/pkg/systemd/generate/pods_test.go b/pkg/systemd/generate/pods_test.go index 32c760956..8bf4705a7 100644 --- a/pkg/systemd/generate/pods_test.go +++ b/pkg/systemd/generate/pods_test.go @@ -75,7 +75,7 @@ Before=container-1.service container-2.service Environment=PODMAN_SYSTEMD_UNIT=%n Restart=on-failure ExecStartPre=/bin/rm -f %t/pod-123abc.pid %t/pod-123abc.pod-id -ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-123abc.pid --pod-id-file %t/pod-123abc.pod-id --name foo --replace +ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-123abc.pid --pod-id-file %t/pod-123abc.pod-id --name foo "bar=arg with space" --replace ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-123abc.pod-id ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-123abc.pod-id -t 10 ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-123abc.pod-id @@ -118,7 +118,7 @@ WantedBy=multi-user.target default.target` StopTimeout: 10, PodmanVersion: "CI", RequiredServices: []string{"container-1", "container-2"}, - CreateCommand: []string{"podman", "pod", "create", "--name", "foo"}, + CreateCommand: []string{"podman", "pod", "create", "--name", "foo", "bar=arg with space"}, }, podGoodNamedNew, true, diff --git a/test/e2e/build_test.go b/test/e2e/build_test.go index 1046ffcea..9fd82e149 100644 --- a/test/e2e/build_test.go +++ b/test/e2e/build_test.go @@ -127,8 +127,10 @@ var _ = Describe("Podman build", func() { defer Expect(os.Chdir(cwd)).To(BeNil()) // Write target and fake files - targetPath := filepath.Join(os.TempDir(), "dir") - Expect(os.MkdirAll(targetPath, 0755)).To(BeNil()) + targetPath, err := CreateTempDirInTempDir() + if err != nil { + os.Exit(1) + } fakeFile := filepath.Join(os.TempDir(), "Containerfile") Expect(ioutil.WriteFile(fakeFile, []byte("FROM alpine"), 0755)).To(BeNil()) @@ -162,7 +164,10 @@ var _ = Describe("Podman build", func() { Expect(os.Chdir(os.TempDir())).To(BeNil()) defer Expect(os.Chdir(cwd)).To(BeNil()) - targetPath := filepath.Join(os.TempDir(), "dir") + targetPath, err := CreateTempDirInTempDir() + if err != nil { + os.Exit(1) + } targetFile := filepath.Join(targetPath, "idFile") session := podmanTest.PodmanNoCache([]string{"build", "build/basicalpine", "--iidfile", targetFile}) diff --git a/test/e2e/commit_test.go b/test/e2e/commit_test.go index c122ce50f..c1a213c00 100644 --- a/test/e2e/commit_test.go +++ b/test/e2e/commit_test.go @@ -257,8 +257,10 @@ var _ = Describe("Podman commit", func() { cwd, err := os.Getwd() Expect(err).To(BeNil()) Expect(os.Chdir(os.TempDir())).To(BeNil()) - targetPath := filepath.Join(os.TempDir(), "dir") - Expect(os.MkdirAll(targetPath, 0755)).To(BeNil()) + targetPath, err := CreateTempDirInTempDir() + if err != nil { + os.Exit(1) + } targetFile := filepath.Join(targetPath, "idFile") defer Expect(os.RemoveAll(targetFile)).To(BeNil()) defer Expect(os.Chdir(cwd)).To(BeNil()) diff --git a/test/e2e/pod_create_test.go b/test/e2e/pod_create_test.go index 5c9b41c62..f260a123a 100644 --- a/test/e2e/pod_create_test.go +++ b/test/e2e/pod_create_test.go @@ -296,8 +296,10 @@ var _ = Describe("Podman pod create", func() { cwd, err := os.Getwd() Expect(err).To(BeNil()) Expect(os.Chdir(os.TempDir())).To(BeNil()) - targetPath := filepath.Join(os.TempDir(), "dir") - Expect(os.MkdirAll(targetPath, 0755)).To(BeNil()) + targetPath, err := CreateTempDirInTempDir() + if err != nil { + os.Exit(1) + } targetFile := filepath.Join(targetPath, "idFile") defer Expect(os.RemoveAll(targetFile)).To(BeNil()) defer Expect(os.Chdir(cwd)).To(BeNil()) diff --git a/test/e2e/trust_test.go b/test/e2e/trust_test.go index ecdf27a2e..82b0f9f26 100644 --- a/test/e2e/trust_test.go +++ b/test/e2e/trust_test.go @@ -47,9 +47,12 @@ var _ = Describe("Podman trust", func() { Expect(session.ExitCode()).To(Equal(0)) outArray := session.OutputToStringArray() Expect(len(outArray)).To(Equal(3)) - Expect(outArray[0]).Should(ContainSubstring("accept")) - Expect(outArray[1]).Should(ContainSubstring("reject")) - Expect(outArray[2]).Should(ContainSubstring("signed")) + + // image order is not guaranteed. All we can do is check that + // these strings appear in output, we can't cross-check them. + Expect(session.OutputToString()).To(ContainSubstring("accept")) + Expect(session.OutputToString()).To(ContainSubstring("reject")) + Expect(session.OutputToString()).To(ContainSubstring("signed")) }) It("podman image trust set", func() { diff --git a/test/system/001-basic.bats b/test/system/001-basic.bats index b23107e79..a5a3324fb 100644 --- a/test/system/001-basic.bats +++ b/test/system/001-basic.bats @@ -24,6 +24,13 @@ function setup() { is "${lines[0]}" "Version:[ ]\+[1-9][0-9.]\+" "Version line 1" is "$output" ".*Go Version: \+" "'Go Version' in output" is "$output" ".*API Version: \+" "API version in output" + + # Test that build date is reasonable, e.g. after 2019-01-01 + local built=$(expr "$output" : ".*Built: \+\(.*\)" | head -n1) + local built_t=$(date --date="$built" +%s) + if [ $built_t -lt 1546300800 ]; then + die "Preposterous 'Built' time in podman version: '$built'" + fi } diff --git a/test/system/005-info.bats b/test/system/005-info.bats index c53ba8125..3f1efd364 100644 --- a/test/system/005-info.bats +++ b/test/system/005-info.bats @@ -3,8 +3,6 @@ load helpers @test "podman info - basic test" { - skip_if_remote "capitalization inconsistencies" - run_podman info expected_keys=" @@ -28,8 +26,6 @@ runRoot: } @test "podman info - json" { - skip_if_remote "capitalization inconsistencies" - run_podman info --format=json expr_nvr="[a-z0-9-]\\\+-[a-z0-9.]\\\+-[a-z0-9]\\\+\." diff --git a/test/system/010-images.bats b/test/system/010-images.bats index 2b1845d72..7fd731ca0 100644 --- a/test/system/010-images.bats +++ b/test/system/010-images.bats @@ -75,8 +75,6 @@ Size | [0-9]\\\+ } @test "podman images - filter" { - skip_if_remote "podman commit -q is broken in podman-remote" - run_podman inspect --format '{{.ID}}' $IMAGE iid=$output diff --git a/test/system/015-help.bats b/test/system/015-help.bats index 76d29d22c..4a3781012 100644 --- a/test/system/015-help.bats +++ b/test/system/015-help.bats @@ -178,6 +178,14 @@ function check_help() { # Called with no args -- start with 'podman --help'. check_help() will # recurse for any subcommands. check_help + + # Test for regression of #7273 (spurious "--remote" help on output) + for helpopt in help --help; do + run_podman $helpopt + is "${lines[0]}" "Manage pods, containers and images" \ + "podman $helpopt: first line of output" + done + } # vim: filetype=sh diff --git a/test/system/030-run.bats b/test/system/030-run.bats index 41863ba04..34afd5bae 100644 --- a/test/system/030-run.bats +++ b/test/system/030-run.bats @@ -63,7 +63,7 @@ echo $rand | 0 | $rand # 'run --preserve-fds' passes a number of additional file descriptors into the container @test "podman run --preserve-fds" { - skip_if_remote + skip_if_remote "preserve-fds is meaningless over remote" content=$(random_string 20) echo "$content" > $PODMAN_TMPDIR/tempfile @@ -150,8 +150,6 @@ echo $rand | 0 | $rand # 'run --rmi' deletes the image in the end unless it's used by another container @test "podman run --rmi" { - skip_if_remote - # Name of a nonlocal image. It should be pulled in by the first 'run' NONLOCAL_IMAGE=busybox run_podman 1 image exists $NONLOCAL_IMAGE diff --git a/test/system/060-mount.bats b/test/system/060-mount.bats index 7570f3ac4..d98a3eeb1 100644 --- a/test/system/060-mount.bats +++ b/test/system/060-mount.bats @@ -6,7 +6,7 @@ load helpers @test "podman mount - basic test" { # Only works with root (FIXME: does it work with rootless + vfs?) skip_if_rootless "mount does not work rootless" - skip_if_remote + skip_if_remote "mounting remote is meaningless" f_path=/tmp/tmpfile_$(random_string 8) f_content=$(random_string 30) diff --git a/test/system/075-exec.bats b/test/system/075-exec.bats index 38c6c2312..5f71e2acb 100644 --- a/test/system/075-exec.bats +++ b/test/system/075-exec.bats @@ -39,7 +39,7 @@ load helpers } @test "podman exec - leak check" { - skip_if_remote + skip_if_remote "test is meaningless over remote" # Start a container in the background then run exec command # three times and make sure no any exec pid hash file leak @@ -61,7 +61,7 @@ load helpers # Issue #4785 - piping to exec statement - fixed in #4818 # Issue #5046 - piping to exec truncates results (actually a conmon issue) @test "podman exec - cat from stdin" { - skip_if_remote + skip_if_remote "FIXME: pending #7360" run_podman run -d $IMAGE sh -c 'while [ ! -e /stop ]; do sleep 0.1;done' cid="$output" diff --git a/test/system/120-load.bats b/test/system/120-load.bats index 14dae4c8a..86b396c4a 100644 --- a/test/system/120-load.bats +++ b/test/system/120-load.bats @@ -27,13 +27,25 @@ verify_iid_and_name() { } @test "podman save to pipe and load" { + get_iid_and_name + # We can't use run_podman because that uses the BATS 'run' function # which redirects stdout and stderr. Here we need to guarantee # that podman's stdout is a pipe, not any other form of redirection - $PODMAN save --format oci-archive $IMAGE | cat >$PODMAN_TMPDIR/test.tar - [ $status -eq 0 ] + $PODMAN save --format oci-archive $IMAGE | cat >$archive + if [ "$status" -ne 0 ]; then + die "Command failed: podman save ... | cat" + fi + + # Make sure we can reload it + # FIXME: when/if 7337 gets fixed, add a random tag instead of rmi'ing + # FIXME: when/if 7371 gets fixed, use verify_iid_and_name() + run_podman rmi $iid + run_podman load -i $archive - run_podman load -i $PODMAN_TMPDIR/test.tar + # FIXME: cannot compare IID, see #7371 + run_podman images -a --format '{{.Repository}}:{{.Tag}}' + is "$output" "$IMAGE" "image preserves name across save/load" } diff --git a/test/system/200-pod.bats b/test/system/200-pod.bats index f3ec8a67c..7189d7e4b 100644 --- a/test/system/200-pod.bats +++ b/test/system/200-pod.bats @@ -96,9 +96,8 @@ function teardown() { run_podman rm $cid1 # ...then, from pause container, find the image ID of the pause image... - # FIXME: if #6283 gets implemented, use 'inspect --format ...' - run_podman pod inspect $podname - pause_cid=$(jq -r '.Containers[0].Id' <<<"$output") + run_podman pod inspect --format '{{(index .Containers 0).ID}}' $podname + pause_cid="$output" run_podman container inspect --format '{{.Image}}' $pause_cid pause_iid="$output" diff --git a/test/system/250-systemd.bats b/test/system/250-systemd.bats index b7035cdda..bbb5a10fb 100644 --- a/test/system/250-systemd.bats +++ b/test/system/250-systemd.bats @@ -18,7 +18,7 @@ fi UNIT_FILE="$UNIT_DIR/$SERVICE_NAME.service" function setup() { - skip_if_remote + skip_if_remote "systemd tests are meaningless over remote" basic_setup } diff --git a/test/system/260-sdnotify.bats b/test/system/260-sdnotify.bats index 7be4be983..62d3c1497 100644 --- a/test/system/260-sdnotify.bats +++ b/test/system/260-sdnotify.bats @@ -10,7 +10,7 @@ _SOCAT_PID= _SOCAT_LOG= function setup() { - skip_if_remote + skip_if_remote "systemd tests are meaningless over remote" skip "FIXME FIXME FIXME, is this what's causing the CI hang???" diff --git a/test/system/500-networking.bats b/test/system/500-networking.bats index 234bc1187..0fae3dcd3 100644 --- a/test/system/500-networking.bats +++ b/test/system/500-networking.bats @@ -7,7 +7,7 @@ load helpers # Copied from tsweeney's https://github.com/containers/podman/issues/4827 @test "podman networking: port on localhost" { - skip_if_remote + skip_if_remote "FIXME: reevaluate this one after #7360 is fixed" random_1=$(random_string 30) random_2=$(random_string 30) @@ -62,8 +62,6 @@ load helpers # Issue #5466 - port-forwarding doesn't work with this option and -d @test "podman networking: port with --userns=keep-id" { - skip_if_remote - # FIXME: randomize port, and create second random host port myport=54321 diff --git a/vendor/github.com/containers/image/v5/docker/docker_client.go b/vendor/github.com/containers/image/v5/docker/docker_client.go index 9461bc91a..e4308def1 100644 --- a/vendor/github.com/containers/image/v5/docker/docker_client.go +++ b/vendor/github.com/containers/image/v5/docker/docker_client.go @@ -331,7 +331,6 @@ func SearchRegistry(ctx context.Context, sys *types.SystemContext, registry, ima // Results holds the results returned by the /v1/search endpoint Results []SearchResult `json:"results"` } - v2Res := &V2Results{} v1Res := &V1Results{} // Get credentials from authfile for the underlying hostname @@ -388,31 +387,55 @@ func SearchRegistry(ctx context.Context, sys *types.SystemContext, registry, ima } logrus.Debugf("trying to talk to v2 search endpoint") - resp, err := client.makeRequest(ctx, "GET", "/v2/_catalog", nil, nil, v2Auth, nil) - if err != nil { - logrus.Debugf("error getting search results from v2 endpoint %q: %v", registry, err) - } else { + searchRes := []SearchResult{} + path := "/v2/_catalog" + for len(searchRes) < limit { + resp, err := client.makeRequest(ctx, "GET", path, nil, nil, v2Auth, nil) + if err != nil { + logrus.Debugf("error getting search results from v2 endpoint %q: %v", registry, err) + return nil, errors.Wrapf(err, "couldn't search registry %q", registry) + } defer resp.Body.Close() if resp.StatusCode != http.StatusOK { logrus.Errorf("error getting search results from v2 endpoint %q: %v", registry, httpResponseToError(resp, "")) - } else { - if err := json.NewDecoder(resp.Body).Decode(v2Res); err != nil { - return nil, err + return nil, errors.Wrapf(err, "couldn't search registry %q", registry) + } + v2Res := &V2Results{} + if err := json.NewDecoder(resp.Body).Decode(v2Res); err != nil { + return nil, err + } + + for _, repo := range v2Res.Repositories { + if len(searchRes) == limit { + break } - searchRes := []SearchResult{} - for _, repo := range v2Res.Repositories { - if strings.Contains(repo, image) { - res := SearchResult{ - Name: repo, - } - searchRes = append(searchRes, res) + if strings.Contains(repo, image) { + res := SearchResult{ + Name: repo, } + searchRes = append(searchRes, res) } - return searchRes, nil } - } - return nil, errors.Wrapf(err, "couldn't search registry %q", registry) + link := resp.Header.Get("Link") + if link == "" { + break + } + linkURLStr := strings.Trim(strings.Split(link, ";")[0], "<>") + linkURL, err := url.Parse(linkURLStr) + if err != nil { + return searchRes, err + } + + // can be relative or absolute, but we only want the path (and I + // guess we're in trouble if it forwards to a new place...) + path = linkURL.Path + if linkURL.RawQuery != "" { + path += "?" + path += linkURL.RawQuery + } + } + return searchRes, nil } // makeRequest creates and executes a http.Request with the specified parameters, adding authentication and TLS options for the Docker client. diff --git a/vendor/github.com/containers/image/v5/version/version.go b/vendor/github.com/containers/image/v5/version/version.go index 114bce387..2f56effae 100644 --- a/vendor/github.com/containers/image/v5/version/version.go +++ b/vendor/github.com/containers/image/v5/version/version.go @@ -8,7 +8,7 @@ const ( // VersionMinor is for functionality in a backwards-compatible manner VersionMinor = 5 // VersionPatch is for backwards-compatible bug fixes - VersionPatch = 1 + VersionPatch = 2 // VersionDev indicates development branch. Releases will be empty string. VersionDev = "" diff --git a/vendor/modules.txt b/vendor/modules.txt index 0ab37e30c..c6e098f58 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -95,7 +95,7 @@ github.com/containers/common/pkg/sysinfo github.com/containers/common/version # github.com/containers/conmon v2.0.19+incompatible github.com/containers/conmon/runner/config -# github.com/containers/image/v5 v5.5.1 +# github.com/containers/image/v5 v5.5.2 github.com/containers/image/v5/copy github.com/containers/image/v5/directory github.com/containers/image/v5/directory/explicitfilepath |