diff options
-rw-r--r-- | .cirrus.yml | 5 | ||||
-rw-r--r-- | cmd/podman/checkpoint.go | 6 | ||||
-rw-r--r-- | cmd/podman/cliconfig/commands.go | 56 | ||||
-rw-r--r-- | cmd/podman/commands.go | 2 | ||||
-rw-r--r-- | cmd/podman/common.go | 2 | ||||
-rw-r--r-- | cmd/podman/create.go | 38 | ||||
-rw-r--r-- | cmd/podman/exists.go | 9 | ||||
-rw-r--r-- | cmd/podman/generate_kube.go | 2 | ||||
-rw-r--r-- | cmd/podman/image.go | 6 | ||||
-rw-r--r-- | cmd/podman/images.go | 7 | ||||
-rw-r--r-- | cmd/podman/main.go | 2 | ||||
-rw-r--r-- | cmd/podman/ps.go | 7 | ||||
-rw-r--r-- | cmd/podman/restart.go | 2 | ||||
-rw-r--r-- | cmd/podman/stop.go | 14 | ||||
-rw-r--r-- | cmd/podman/trust_set_show.go | 4 | ||||
-rw-r--r-- | contrib/gate/Dockerfile | 2 | ||||
-rw-r--r-- | pkg/secrets/secrets.go | 12 |
17 files changed, 117 insertions, 59 deletions
diff --git a/.cirrus.yml b/.cirrus.yml index ad9edd404..4521866d1 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -118,6 +118,11 @@ gating_task: - '/usr/local/bin/entrypoint.sh vendor' - 'cd /go/src/github.com/containers/libpod && ./hack/tree_status.sh' + # This task builds Podman with different buildtags to ensure the build does + # not break. + build_script: + - '/usr/local/bin/entrypoint.sh clean podman BUILDTAGS="exclude_graphdriver_devicemapper selinux seccomp"' + build_each_commit_task: diff --git a/cmd/podman/checkpoint.go b/cmd/podman/checkpoint.go index 8c4b8ad3c..367065766 100644 --- a/cmd/podman/checkpoint.go +++ b/cmd/podman/checkpoint.go @@ -32,9 +32,9 @@ var ( Args: func(cmd *cobra.Command, args []string) error { return checkAllAndLatest(cmd, args, false) }, - Example: `podman checkpoint --keep ctrID - podman checkpoint --all - podman checkpoint --leave-running --latest`, + Example: `podman container checkpoint --keep ctrID + podman container checkpoint --all + podman container checkpoint --leave-running --latest`, } ) diff --git a/cmd/podman/cliconfig/commands.go b/cmd/podman/cliconfig/commands.go index 7d1e762d9..3361c14b8 100644 --- a/cmd/podman/cliconfig/commands.go +++ b/cmd/podman/cliconfig/commands.go @@ -1,5 +1,7 @@ package cliconfig +import "github.com/sirupsen/logrus" + // GlobalIsSet is a compatibility method for urfave func (p *PodmanCommand) GlobalIsSet(opt string) bool { flag := p.PersistentFlags().Lookup(opt) @@ -22,9 +24,13 @@ func (p *PodmanCommand) IsSet(opt string) bool { func (p *PodmanCommand) Bool(opt string) bool { flag := p.Flags().Lookup(opt) if flag == nil { + logrus.Errorf("Could not find flag %s", opt) return false } - val, _ := p.Flags().GetBool(opt) + val, err := p.Flags().GetBool(opt) + if err != nil { + logrus.Errorf("Error getting flag %s: %v", opt, err) + } return val } @@ -32,9 +38,13 @@ func (p *PodmanCommand) Bool(opt string) bool { func (p *PodmanCommand) String(opt string) string { flag := p.Flags().Lookup(opt) if flag == nil { + logrus.Errorf("Could not find flag %s", opt) return "" } - val, _ := p.Flags().GetString(opt) + val, err := p.Flags().GetString(opt) + if err != nil { + logrus.Errorf("Error getting flag %s: %v", opt, err) + } return val } @@ -42,9 +52,13 @@ func (p *PodmanCommand) String(opt string) string { func (p *PodmanCommand) StringArray(opt string) []string { flag := p.Flags().Lookup(opt) if flag == nil { + logrus.Errorf("Could not find flag %s", opt) return []string{} } - val, _ := p.Flags().GetStringArray(opt) + val, err := p.Flags().GetStringArray(opt) + if err != nil { + logrus.Errorf("Error getting flag %s: %v", opt, err) + } return val } @@ -52,9 +66,13 @@ func (p *PodmanCommand) StringArray(opt string) []string { func (p *PodmanCommand) StringSlice(opt string) []string { flag := p.Flags().Lookup(opt) if flag == nil { + logrus.Errorf("Could not find flag %s", opt) return []string{} } - val, _ := p.Flags().GetStringSlice(opt) + val, err := p.Flags().GetStringSlice(opt) + if err != nil { + logrus.Errorf("Error getting flag %s: %v", opt, err) + } return val } @@ -62,9 +80,13 @@ func (p *PodmanCommand) StringSlice(opt string) []string { func (p *PodmanCommand) Int(opt string) int { flag := p.Flags().Lookup(opt) if flag == nil { + logrus.Errorf("Could not find flag %s", opt) return 0 } - val, _ := p.Flags().GetInt(opt) + val, err := p.Flags().GetInt(opt) + if err != nil { + logrus.Errorf("Error getting flag %s: %v", opt, err) + } return val } @@ -72,9 +94,13 @@ func (p *PodmanCommand) Int(opt string) int { func (p *PodmanCommand) Uint(opt string) uint { flag := p.Flags().Lookup(opt) if flag == nil { + logrus.Errorf("Could not find flag %s", opt) return 0 } - val, _ := p.Flags().GetUint(opt) + val, err := p.Flags().GetUint(opt) + if err != nil { + logrus.Errorf("Error getting flag %s: %v", opt, err) + } return val } @@ -82,9 +108,13 @@ func (p *PodmanCommand) Uint(opt string) uint { func (p *PodmanCommand) Int64(opt string) int64 { flag := p.Flags().Lookup(opt) if flag == nil { + logrus.Errorf("Could not find flag %s", opt) return 0 } - val, _ := p.Flags().GetInt64(opt) + val, err := p.Flags().GetInt64(opt) + if err != nil { + logrus.Errorf("Error getting flag %s: %v", opt, err) + } return val } @@ -92,9 +122,13 @@ func (p *PodmanCommand) Int64(opt string) int64 { func (p *PodmanCommand) Uint64(opt string) uint64 { flag := p.Flags().Lookup(opt) if flag == nil { + logrus.Errorf("Could not find flag %s", opt) return 0 } - val, _ := p.Flags().GetUint64(opt) + val, err := p.Flags().GetUint64(opt) + if err != nil { + logrus.Errorf("Error getting flag %s: %v", opt, err) + } return val } @@ -102,8 +136,12 @@ func (p *PodmanCommand) Uint64(opt string) uint64 { func (p *PodmanCommand) Float64(opt string) float64 { flag := p.Flags().Lookup(opt) if flag == nil { + logrus.Errorf("Could not find flag %s", opt) return 0 } - val, _ := p.Flags().GetFloat64(opt) + val, err := p.Flags().GetFloat64(opt) + if err != nil { + logrus.Errorf("Error getting flag %s: %v", opt, err) + } return val } diff --git a/cmd/podman/commands.go b/cmd/podman/commands.go index 73e02e27a..fd36e77d5 100644 --- a/cmd/podman/commands.go +++ b/cmd/podman/commands.go @@ -30,7 +30,6 @@ func getMainCommands() []*cobra.Command { _rmCommand, _runCommand, _searchCommand, - _signCommand, _startCommand, _statsCommand, _stopCommand, @@ -49,7 +48,6 @@ func getMainCommands() []*cobra.Command { // Commands that the local client implements func getImageSubCommands() []*cobra.Command { return []*cobra.Command{ - _loadCommand, _signCommand, } } diff --git a/cmd/podman/common.go b/cmd/podman/common.go index e297f3921..f9dfa3759 100644 --- a/cmd/podman/common.go +++ b/cmd/podman/common.go @@ -415,7 +415,7 @@ func getCreateFlags(c *cliconfig.PodmanCommand) { "stop-signal", "", "Signal to stop a container. Default is SIGTERM", ) - createFlags.Int( + createFlags.Uint( "stop-timeout", libpod.CtrRemoveTimeout, "Timeout (in seconds) to stop a container. Default is 10", ) diff --git a/cmd/podman/create.go b/cmd/podman/create.go index 2d93c149a..95cb732d9 100644 --- a/cmd/podman/create.go +++ b/cmd/podman/create.go @@ -67,7 +67,7 @@ func init() { getCreateFlags(&createCommand.PodmanCommand) flags := createCommand.Flags() - flags.SetInterspersed(true) + flags.SetInterspersed(false) } @@ -408,7 +408,7 @@ func parseCreateOpts(ctx context.Context, c *cliconfig.PodmanCommand, runtime *l return nil, err } - if err = parseVolumesFrom(c.StringArray("volumes-from")); err != nil { + if err = parseVolumesFrom(c.StringSlice("volumes-from")); err != nil { return nil, err } @@ -707,23 +707,23 @@ func parseCreateOpts(ctx context.Context, c *cliconfig.PodmanCommand, runtime *l Entrypoint: entrypoint, Env: env, //ExposedPorts: ports, - GroupAdd: c.StringSlice("group-add"), - Hostname: c.String("hostname"), - HostAdd: c.StringSlice("add-host"), - IDMappings: idmappings, - Image: imageName, - ImageID: imageID, - Interactive: c.Bool("interactive"), - IP6Address: c.String("ipv6"), - IPAddress: c.String("ip"), - Labels: labels, - LinkLocalIP: c.StringSlice("link-local-ip"), - LogDriver: c.String("log-driver"), - LogDriverOpt: c.StringSlice("log-opt"), - MacAddress: c.String("mac-address"), - Name: c.String("name"), - Network: network, - NetworkAlias: c.StringSlice("network-alias"), + GroupAdd: c.StringSlice("group-add"), + Hostname: c.String("hostname"), + HostAdd: c.StringSlice("add-host"), + IDMappings: idmappings, + Image: imageName, + ImageID: imageID, + Interactive: c.Bool("interactive"), + //IP6Address: c.String("ipv6"), // Not implemented yet - needs CNI support for static v6 + IPAddress: c.String("ip"), + Labels: labels, + //LinkLocalIP: c.StringSlice("link-local-ip"), // Not implemented yet + LogDriver: c.String("log-driver"), + LogDriverOpt: c.StringSlice("log-opt"), + MacAddress: c.String("mac-address"), + Name: c.String("name"), + Network: network, + //NetworkAlias: c.StringSlice("network-alias"), // Not implemented - does this make sense in Podman? IpcMode: ipcMode, NetMode: netMode, UtsMode: utsMode, diff --git a/cmd/podman/exists.go b/cmd/podman/exists.go index c01a6a081..109831e74 100644 --- a/cmd/podman/exists.go +++ b/cmd/podman/exists.go @@ -40,7 +40,8 @@ var ( imageExistsCommand.GlobalFlags = MainGlobalOpts return imageExistsCmd(&imageExistsCommand) }, - Example: `podman image exists imageID`, + Example: `podman image exists imageID + podman image exists alpine || podman pull alpine`, } _containerExistsCommand = &cobra.Command{ @@ -53,7 +54,8 @@ var ( return containerExistsCmd(&containerExistsCommand) }, - Example: `podman container exists containerID`, + Example: `podman container exists containerID + podman container exists myctr || podman run --name myctr [etc...]`, } _podExistsCommand = &cobra.Command{ @@ -65,7 +67,8 @@ var ( podExistsCommand.GlobalFlags = MainGlobalOpts return podExistsCmd(&podExistsCommand) }, - Example: `podman pod exists podID`, + Example: `podman pod exists podID + podman pod exists mypod || podman pod create --name mypod`, } ) diff --git a/cmd/podman/generate_kube.go b/cmd/podman/generate_kube.go index 090f99495..fa2872b77 100644 --- a/cmd/podman/generate_kube.go +++ b/cmd/podman/generate_kube.go @@ -17,7 +17,7 @@ var ( containerKubeCommand cliconfig.GenerateKubeValues containerKubeDescription = "Generate Kubernetes Pod YAML" _containerKubeCommand = &cobra.Command{ - Use: "kube CONTAINER | POD", + Use: "kube [flags] CONTAINER | POD", Short: "Generate Kubernetes pod YAML for a container or pod", Long: containerKubeDescription, RunE: func(cmd *cobra.Command, args []string) error { diff --git a/cmd/podman/image.go b/cmd/podman/image.go index 14053cb0d..aaa1866c4 100644 --- a/cmd/podman/image.go +++ b/cmd/podman/image.go @@ -14,6 +14,7 @@ var ( Long: imageDescription, }, } + _imagesSubCommand = _imagesCommand ) //imageSubCommands are implemented both in local and remote clients @@ -21,7 +22,6 @@ var imageSubCommands = []*cobra.Command{ _buildCommand, _historyCommand, _imageExistsCommand, - _imagesCommand, _importCommand, _inspectCommand, _loadCommand, @@ -37,4 +37,8 @@ func init() { imageCommand.SetUsageTemplate(UsageTemplate()) imageCommand.AddCommand(imageSubCommands...) imageCommand.AddCommand(getImageSubCommands()...) + + _imagesSubCommand.Aliases = []string{"ls", "list"} + imageCommand.AddCommand(&_imagesSubCommand) + } diff --git a/cmd/podman/images.go b/cmd/podman/images.go index 6e82195a9..e6f4d9a60 100644 --- a/cmd/podman/images.go +++ b/cmd/podman/images.go @@ -87,8 +87,8 @@ var ( imagesCommand cliconfig.ImagesValues imagesDescription = "lists locally stored images." - _imagesCommand = &cobra.Command{ - Use: "images", + _imagesCommand = cobra.Command{ + Use: "images [flags] [IMAGE]", Short: "List images in local storage", Long: imagesDescription, RunE: func(cmd *cobra.Command, args []string) error { @@ -103,8 +103,9 @@ var ( ) func init() { - imagesCommand.Command = _imagesCommand + imagesCommand.Command = &_imagesCommand imagesCommand.SetUsageTemplate(UsageTemplate()) + flags := imagesCommand.Flags() flags.BoolVarP(&imagesCommand.All, "all", "a", false, "Show all images (default hides intermediate images)") flags.BoolVar(&imagesCommand.Digests, "digests", false, "Show digests") diff --git a/cmd/podman/main.go b/cmd/podman/main.go index 19bdb40d6..d36270853 100644 --- a/cmd/podman/main.go +++ b/cmd/podman/main.go @@ -38,7 +38,7 @@ var mainCommands = []*cobra.Command{ _buildCommand, _exportCommand, _historyCommand, - _imagesCommand, + &_imagesCommand, _importCommand, _infoCommand, _inspectCommand, diff --git a/cmd/podman/ps.go b/cmd/podman/ps.go index 9c165b836..3bc4f0b08 100644 --- a/cmd/podman/ps.go +++ b/cmd/podman/ps.go @@ -158,10 +158,9 @@ var ( psCommand cliconfig.PsValues psDescription = "Prints out information about the containers" _psCommand = &cobra.Command{ - Use: "list", - Aliases: []string{"ls", "ps"}, - Short: "List containers", - Long: psDescription, + Use: "ps", + Short: "List containers", + Long: psDescription, RunE: func(cmd *cobra.Command, args []string) error { psCommand.InputArgs = args psCommand.GlobalFlags = MainGlobalOpts diff --git a/cmd/podman/restart.go b/cmd/podman/restart.go index 2bebde4f9..5aa12070e 100644 --- a/cmd/podman/restart.go +++ b/cmd/podman/restart.go @@ -73,7 +73,7 @@ func restartCmd(c *cliconfig.RestartValues) error { defer runtime.Shutdown(false) timeout := c.Timeout - useTimeout := c.Flag("timeout").Changed + useTimeout := c.Flag("timeout").Changed || c.Flag("time").Changed // Handle --latest if c.Latest { diff --git a/cmd/podman/stop.go b/cmd/podman/stop.go index d86894a6f..ab9a2cf38 100644 --- a/cmd/podman/stop.go +++ b/cmd/podman/stop.go @@ -73,21 +73,29 @@ func stopCmd(c *cliconfig.StopValues) error { fmt.Println(err.Error()) } + if c.Flag("timeout").Changed && c.Flag("time").Changed { + return errors.New("the --timeout and --time flags are mutually exclusive") + } + var stopFuncs []shared.ParallelWorkerInput for _, ctr := range containers { con := ctr var stopTimeout uint - if c.Flag("timeout").Changed { + if c.Flag("timeout").Changed || c.Flag("time").Changed { stopTimeout = c.Timeout } else { stopTimeout = ctr.StopTimeout() + logrus.Debugf("Set timeout to container %s default (%d)", ctr.ID(), stopTimeout) } f := func() error { - if err := con.StopWithTimeout(stopTimeout); err != nil && errors.Cause(err) != libpod.ErrCtrStopped { + if err := con.StopWithTimeout(stopTimeout); err != nil { + if errors.Cause(err) == libpod.ErrCtrStopped { + logrus.Debugf("Container %s already stopped", con.ID()) + return nil + } return err } return nil - } stopFuncs = append(stopFuncs, shared.ParallelWorkerInput{ ContainerID: con.ID(), diff --git a/cmd/podman/trust_set_show.go b/cmd/podman/trust_set_show.go index 0a4783d0a..746854249 100644 --- a/cmd/podman/trust_set_show.go +++ b/cmd/podman/trust_set_show.go @@ -23,7 +23,7 @@ var ( showTrustCommand cliconfig.ShowTrustValues setTrustDescription = "Set default trust policy or add a new trust policy for a registry" _setTrustCommand = &cobra.Command{ - Use: "set", + Use: "set [flags] REGISTRY", Short: "Set default trust policy or a new trust policy for a registry", Long: setTrustDescription, Example: "", @@ -36,7 +36,7 @@ var ( showTrustDescription = "Display trust policy for the system" _showTrustCommand = &cobra.Command{ - Use: "show", + Use: "show [flags] [REGISTRY]", Short: "Display trust policy for the system", Long: showTrustDescription, RunE: func(cmd *cobra.Command, args []string) error { diff --git a/contrib/gate/Dockerfile b/contrib/gate/Dockerfile index f9b57a6da..4d88ae9a6 100644 --- a/contrib/gate/Dockerfile +++ b/contrib/gate/Dockerfile @@ -49,8 +49,6 @@ WORKDIR $GOSRC # Install dependencies RUN set -x && \ - go get -u github.com/mailru/easyjson/... && \ - install -D -m 755 "$GOPATH"/bin/easyjson /usr/bin/ && \ make install.tools && \ install -D -m 755 $GOSRC/contrib/gate/entrypoint.sh /usr/local/bin/ && \ rm -rf "$GOSRC" diff --git a/pkg/secrets/secrets.go b/pkg/secrets/secrets.go index 242953609..3b64f8952 100644 --- a/pkg/secrets/secrets.go +++ b/pkg/secrets/secrets.go @@ -8,6 +8,7 @@ import ( "strings" "github.com/containers/libpod/pkg/rootless" + "github.com/containers/storage/pkg/idtools" rspec "github.com/opencontainers/runtime-spec/specs-go" "github.com/opencontainers/selinux/go-selinux/label" "github.com/pkg/errors" @@ -176,7 +177,7 @@ func SecretMountsWithUIDGID(mountLabel, containerWorkingDir, mountFile, mountPre // Add FIPS mode secret if /etc/system-fips exists on the host _, err := os.Stat("/etc/system-fips") if err == nil { - if err := addFIPSModeSecret(&secretMounts, containerWorkingDir); err != nil { + if err := addFIPSModeSecret(&secretMounts, containerWorkingDir, mountPrefix, mountLabel, uid, gid); err != nil { logrus.Errorf("error adding FIPS mode secret to container: %v", err) } } else if os.IsNotExist(err) { @@ -264,13 +265,16 @@ func addSecretsFromMountsFile(filePath, mountLabel, containerWorkingDir, mountPr // root filesystem if /etc/system-fips exists on hosts. // This enables the container to be FIPS compliant and run openssl in // FIPS mode as the host is also in FIPS mode. -func addFIPSModeSecret(mounts *[]rspec.Mount, containerWorkingDir string) error { +func addFIPSModeSecret(mounts *[]rspec.Mount, containerWorkingDir, mountPrefix, mountLabel string, uid, gid int) error { secretsDir := "/run/secrets" ctrDirOnHost := filepath.Join(containerWorkingDir, secretsDir) if _, err := os.Stat(ctrDirOnHost); os.IsNotExist(err) { - if err = os.MkdirAll(ctrDirOnHost, 0755); err != nil { + if err = idtools.MkdirAllAs(ctrDirOnHost, 0755, uid, gid); err != nil { return errors.Wrapf(err, "making container directory on host failed") } + if err = label.Relabel(ctrDirOnHost, mountLabel, false); err != nil { + return errors.Wrap(err, "error applying correct labels") + } } fipsFile := filepath.Join(ctrDirOnHost, "system-fips") // In the event of restart, it is possible for the FIPS mode file to already exist @@ -284,7 +288,7 @@ func addFIPSModeSecret(mounts *[]rspec.Mount, containerWorkingDir string) error if !mountExists(*mounts, secretsDir) { m := rspec.Mount{ - Source: ctrDirOnHost, + Source: filepath.Join(mountPrefix, secretsDir), Destination: secretsDir, Type: "bind", Options: []string{"bind", "rprivate"}, |