diff options
-rw-r--r-- | go.mod | 4 | ||||
-rw-r--r-- | go.sum | 7 | ||||
-rw-r--r-- | libpod/runtime.go | 8 | ||||
-rw-r--r-- | vendor/github.com/containers/common/libimage/image.go | 19 | ||||
-rw-r--r-- | vendor/github.com/containers/common/libimage/pull.go | 1 | ||||
-rw-r--r-- | vendor/github.com/containers/common/libimage/runtime.go | 8 | ||||
-rw-r--r-- | vendor/github.com/containers/common/pkg/config/config.go | 5 | ||||
-rw-r--r-- | vendor/github.com/containers/common/pkg/config/containers.conf | 3 | ||||
-rw-r--r-- | vendor/github.com/containers/common/pkg/config/default.go | 50 | ||||
-rw-r--r-- | vendor/github.com/containers/common/version/version.go | 2 | ||||
-rw-r--r-- | vendor/github.com/containers/storage/VERSION | 2 | ||||
-rw-r--r-- | vendor/github.com/containers/storage/drivers/devmapper/deviceset.go | 4 | ||||
-rw-r--r-- | vendor/github.com/containers/storage/drivers/driver.go | 7 | ||||
-rw-r--r-- | vendor/github.com/containers/storage/drivers/overlay/overlay.go | 46 | ||||
-rw-r--r-- | vendor/github.com/containers/storage/layers.go | 59 | ||||
-rw-r--r-- | vendor/modules.txt | 4 |
16 files changed, 168 insertions, 61 deletions
@@ -12,12 +12,12 @@ require ( github.com/containernetworking/cni v0.8.1 github.com/containernetworking/plugins v0.9.1 github.com/containers/buildah v1.21.0 - github.com/containers/common v0.38.4 + github.com/containers/common v0.39.0 github.com/containers/conmon v2.0.20+incompatible github.com/containers/image/v5 v5.12.0 github.com/containers/ocicrypt v1.1.1 github.com/containers/psgo v1.5.2 - github.com/containers/storage v1.31.2 + github.com/containers/storage v1.32.0 github.com/coreos/go-systemd/v22 v22.3.2 github.com/coreos/stream-metadata-go v0.0.0-20210225230131-70edb9eb47b3 github.com/cri-o/ocicni v0.2.1-0.20210301205850-541cf7c703cf @@ -218,8 +218,9 @@ github.com/containernetworking/plugins v0.9.1 h1:FD1tADPls2EEi3flPc2OegIY1M9pUa9 github.com/containernetworking/plugins v0.9.1/go.mod h1:xP/idU2ldlzN6m4p5LmGiwRDjeJr6FLK6vuiUwoH7P8= github.com/containers/buildah v1.21.0 h1:LuwuqRPjan3X3AIdGwfkEkqMgmrDMNpQznFqNdHgCz8= github.com/containers/buildah v1.21.0/go.mod h1:yPdlpVd93T+i91yGxrJbW1YOWrqN64j5ZhHOZmHUejs= -github.com/containers/common v0.38.4 h1:WYv4R6Sw1qiOPZtBNbKglrmisXdPcq3fZ3bGy4prrjo= github.com/containers/common v0.38.4/go.mod h1:egfpX/Y3+19Dz4Wa1eRZDdgzoEOeneieF9CQppKzLBg= +github.com/containers/common v0.39.0 h1:MrvpFa/bM4UmUILACv2IhOif4oLmWAiD4C+CpOc/MUo= +github.com/containers/common v0.39.0/go.mod h1:vPUHCg/dHoiyqIyLN+EdbjUaGrVEhs/hAvsqsxuYepk= github.com/containers/conmon v2.0.20+incompatible h1:YbCVSFSCqFjjVwHTPINGdMX1F6JXHGTUje2ZYobNrkg= github.com/containers/conmon v2.0.20+incompatible/go.mod h1:hgwZ2mtuDrppv78a/cOBNiCm6O0UMWGx1mu7P00nu5I= github.com/containers/image/v5 v5.12.0 h1:1hNS2QkzFQ4lH3GYQLyAXB0acRMhS1Ubm6oV++8vw4w= @@ -235,8 +236,8 @@ github.com/containers/psgo v1.5.2/go.mod h1:2ubh0SsreMZjSXW1Hif58JrEcFudQyIy9EzP github.com/containers/storage v1.23.5/go.mod h1:ha26Q6ngehFNhf3AWoXldvAvwI4jFe3ETQAf/CeZPyM= github.com/containers/storage v1.30.1/go.mod h1:NDJkiwxnSHD1Is+4DGcyR3SIEYSDOa0xnAW+uGQFx9E= github.com/containers/storage v1.31.1/go.mod h1:IFEf+yRTS0pvCGQt2tBv1Kzz2XUSPvED6uFBmWG7V/E= -github.com/containers/storage v1.31.2 h1:wWi7OsNtHUydGdK0EpQiK94MfQNj5qK2GtxNLoj4tU4= -github.com/containers/storage v1.31.2/go.mod h1:J3q772EVbN9vgqoN/dkvInKnp4xK9ZXm7wHNfuiIDgE= +github.com/containers/storage v1.32.0 h1:l2O+EybfGVkisqDkRysKG1VAO6jPPIYOV5Q4/sau86c= +github.com/containers/storage v1.32.0/go.mod h1:J3q772EVbN9vgqoN/dkvInKnp4xK9ZXm7wHNfuiIDgE= github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= diff --git a/libpod/runtime.go b/libpod/runtime.go index 713026a9e..e551e6fe8 100644 --- a/libpod/runtime.go +++ b/libpod/runtime.go @@ -217,8 +217,6 @@ func newRuntimeFromConfig(ctx context.Context, conf *config.Config, options ...R return nil, err } - runtime.libimageEventsShutdown = make(chan bool) - return runtime, nil } @@ -701,6 +699,8 @@ var libimageEventsMap = map[libimage.EventType]events.Status{ // events on the libimage.Runtime. The gourtine will be cleaned up implicitly // when the main() exists. func (r *Runtime) libimageEvents() { + r.libimageEventsShutdown = make(chan bool) + toLibpodEventStatus := func(e *libimage.Event) events.Status { status, found := libimageEventsMap[e.Type] if !found { @@ -780,7 +780,9 @@ func (r *Runtime) Shutdown(force bool) error { // attempt to shut it down if r.store != nil { // Wait for the events to be written. - r.libimageEventsShutdown <- true + if r.libimageEventsShutdown != nil { + r.libimageEventsShutdown <- true + } // Note that the libimage runtime shuts down the store. if err := r.libimageRuntime.Shutdown(force); err != nil { diff --git a/vendor/github.com/containers/common/libimage/image.go b/vendor/github.com/containers/common/libimage/image.go index 1f76d4ae5..de0b4b2c5 100644 --- a/vendor/github.com/containers/common/libimage/image.go +++ b/vendor/github.com/containers/common/libimage/image.go @@ -658,25 +658,6 @@ func (i *Image) Unmount(force bool) error { return err } -// MountPoint returns the fully-evaluated mount point of the image. If the -// image isn't mounted, an empty string is returned. -func (i *Image) MountPoint() (string, error) { - counter, err := i.runtime.store.Mounted(i.TopLayer()) - if err != nil { - return "", err - } - - if counter == 0 { - return "", nil - } - - layer, err := i.runtime.store.Layer(i.TopLayer()) - if err != nil { - return "", err - } - return filepath.EvalSymlinks(layer.MountPoint) -} - // Size computes the size of the image layers and associated data. func (i *Image) Size() (int64, error) { return i.runtime.store.ImageSize(i.ID()) diff --git a/vendor/github.com/containers/common/libimage/pull.go b/vendor/github.com/containers/common/libimage/pull.go index d93715279..5fa888251 100644 --- a/vendor/github.com/containers/common/libimage/pull.go +++ b/vendor/github.com/containers/common/libimage/pull.go @@ -279,6 +279,7 @@ func (r *Runtime) copyFromRegistry(ctx context.Context, ref types.ImageReference return r.copySingleImageFromRegistry(ctx, inputName, pullPolicy, options) } + // Copy all tags named := reference.TrimNamed(ref.DockerReference()) tags, err := registryTransport.GetRepositoryTags(ctx, &r.systemContext, ref) if err != nil { diff --git a/vendor/github.com/containers/common/libimage/runtime.go b/vendor/github.com/containers/common/libimage/runtime.go index 422cd6069..aa798d008 100644 --- a/vendor/github.com/containers/common/libimage/runtime.go +++ b/vendor/github.com/containers/common/libimage/runtime.go @@ -516,8 +516,9 @@ type RemoveImagesOptions struct { WithSize bool } -// RemoveImages removes images specified by names. All images are expected to -// exist in the local containers storage. +// RemoveImages removes images specified by names. If no names are specified, +// remove images as specified via the options' filters. All images are +// expected to exist in the local containers storage. // // If an image has more names than one name, the image will be untagged with // the specified name. RemoveImages returns a slice of untagged and removed @@ -557,6 +558,9 @@ func (r *Runtime) RemoveImages(ctx context.Context, names []string, options *Rem // orderedIDs and the deleteMap. switch { case len(names) > 0: + // Look up the images one-by-one. That allows for removing + // images that have been looked up successfully while reporting + // lookup errors at the end. lookupOptions := LookupImageOptions{IgnorePlatform: true} for _, name := range names { img, resolvedName, err := r.LookupImage(name, &lookupOptions) diff --git a/vendor/github.com/containers/common/pkg/config/config.go b/vendor/github.com/containers/common/pkg/config/config.go index 9ac71c6c8..edd52f49d 100644 --- a/vendor/github.com/containers/common/pkg/config/config.go +++ b/vendor/github.com/containers/common/pkg/config/config.go @@ -150,6 +150,11 @@ type ContainersConfig struct { // PidNS indicates how to create a pid namespace for the container PidNS string `toml:"pidns,omitempty"` + // RootlessNetworking depicts the "kind" of networking for rootless + // containers. Valid options are `slirp4netns` and `cni`. Default is + // `slirp4netns` + RootlessNetworking string `toml:"rootless_networking,omitempty"` + // SeccompProfile is the seccomp.json profile path which is used as the // default for the runtime. SeccompProfile string `toml:"seccomp_profile,omitempty"` diff --git a/vendor/github.com/containers/common/pkg/config/containers.conf b/vendor/github.com/containers/common/pkg/config/containers.conf index 8770ebda0..d9b379eae 100644 --- a/vendor/github.com/containers/common/pkg/config/containers.conf +++ b/vendor/github.com/containers/common/pkg/config/containers.conf @@ -389,6 +389,9 @@ default_sysctls = [ # `podman --remote=true` for access to the remote Podman service. # remote = false +# Indicates the networking to be used for rootless containers +# rootless_networking="slirp4netns" + # Directory for persistent engine files (database, etc) # By default, this will be configured relative to where the containers/storage # stores containers diff --git a/vendor/github.com/containers/common/pkg/config/default.go b/vendor/github.com/containers/common/pkg/config/default.go index 04aaac94d..2b660d1ab 100644 --- a/vendor/github.com/containers/common/pkg/config/default.go +++ b/vendor/github.com/containers/common/pkg/config/default.go @@ -82,6 +82,10 @@ var ( "/usr/local/lib/cni", "/opt/cni/bin", } + + // DefaultRootlessNetwork is the kind of of rootless networking + // for containers + DefaultRootlessNetwork = "slirp4netns" ) const ( @@ -186,24 +190,25 @@ func DefaultConfig() (*Config, error) { "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "TERM=xterm", }, - EnvHost: false, - HTTPProxy: true, - Init: false, - InitPath: "", - IPCNS: "private", - LogDriver: DefaultLogDriver, - LogSizeMax: DefaultLogSizeMax, - NetNS: netns, - NoHosts: false, - PidsLimit: DefaultPidsLimit, - PidNS: "private", - SeccompProfile: SeccompDefaultPath, - ShmSize: DefaultShmSize, - TZ: "", - Umask: "0022", - UTSNS: "private", - UserNS: "host", - UserNSSize: DefaultUserNSSize, + EnvHost: false, + HTTPProxy: true, + Init: false, + InitPath: "", + IPCNS: "private", + LogDriver: DefaultLogDriver, + LogSizeMax: DefaultLogSizeMax, + NetNS: netns, + NoHosts: false, + PidsLimit: DefaultPidsLimit, + PidNS: "private", + RootlessNetworking: DefaultRootlessNetwork, + SeccompProfile: SeccompDefaultPath, + ShmSize: DefaultShmSize, + TZ: "", + Umask: "0022", + UTSNS: "private", + UserNS: "host", + UserNSSize: DefaultUserNSSize, }, Network: NetworkConfig{ DefaultNetwork: "podman", @@ -410,9 +415,6 @@ func probeConmon(conmonBinary string) error { // NetNS returns the default network namespace func (c *Config) NetNS() string { - if c.Containers.NetNS == "private" && unshare.IsRootless() { - return "slirp4netns" - } return c.Containers.NetNS } @@ -544,3 +546,9 @@ func (c *Config) LogDriver() string { func (c *Config) MachineEnabled() bool { return c.Engine.MachineEnabled } + +// RootlessNetworking returns the "kind" of networking +// rootless containers should use +func (c *Config) RootlessNetworking() string { + return c.Containers.RootlessNetworking +} diff --git a/vendor/github.com/containers/common/version/version.go b/vendor/github.com/containers/common/version/version.go index f6f6d1608..54661f433 100644 --- a/vendor/github.com/containers/common/version/version.go +++ b/vendor/github.com/containers/common/version/version.go @@ -1,4 +1,4 @@ package version // Version is the version of the build. -const Version = "0.38.4" +const Version = "0.39.0" diff --git a/vendor/github.com/containers/storage/VERSION b/vendor/github.com/containers/storage/VERSION index 3492b09b4..359c41089 100644 --- a/vendor/github.com/containers/storage/VERSION +++ b/vendor/github.com/containers/storage/VERSION @@ -1 +1 @@ -1.31.2 +1.32.0 diff --git a/vendor/github.com/containers/storage/drivers/devmapper/deviceset.go b/vendor/github.com/containers/storage/drivers/devmapper/deviceset.go index d9d19a0e1..19fb3fda9 100644 --- a/vendor/github.com/containers/storage/drivers/devmapper/deviceset.go +++ b/vendor/github.com/containers/storage/drivers/devmapper/deviceset.go @@ -2446,7 +2446,9 @@ func (devices *DeviceSet) UnmountDevice(hash, mountPath string) error { logrus.Debugf("devmapper: Unmount(%s)", mountPath) if err := mount.Unmount(mountPath); err != nil { - return err + if ok, _ := Mounted(mountPath); ok { + return err + } } logrus.Debug("devmapper: Unmount done") diff --git a/vendor/github.com/containers/storage/drivers/driver.go b/vendor/github.com/containers/storage/drivers/driver.go index 1d2a65966..770b431bd 100644 --- a/vendor/github.com/containers/storage/drivers/driver.go +++ b/vendor/github.com/containers/storage/drivers/driver.go @@ -230,6 +230,9 @@ type AdditionalLayer interface { // Info returns arbitrary information stored along with this layer (i.e. `info` file) Info() (io.ReadCloser, error) + // Blob returns a reader of the raw contents of this layer. + Blob() (io.ReadCloser, error) + // Release tells the additional layer store that we don't use this handler. Release() } @@ -243,6 +246,10 @@ type AdditionalLayerStoreDriver interface { // LookupAdditionalLayer looks up additional layer store by the specified // digest and ref and returns an object representing that layer. LookupAdditionalLayer(d digest.Digest, ref string) (AdditionalLayer, error) + + // LookupAdditionalLayer looks up additional layer store by the specified + // ID and returns an object representing that layer. + LookupAdditionalLayerByID(id string) (AdditionalLayer, error) } // DiffGetterDriver is the interface for layered file system drivers that diff --git a/vendor/github.com/containers/storage/drivers/overlay/overlay.go b/vendor/github.com/containers/storage/drivers/overlay/overlay.go index aed3899f8..d5d161bfd 100644 --- a/vendor/github.com/containers/storage/drivers/overlay/overlay.go +++ b/vendor/github.com/containers/storage/drivers/overlay/overlay.go @@ -721,6 +721,7 @@ func (d *Driver) Cleanup() error { // LookupAdditionalLayer looks up additional layer store by the specified // digest and ref and returns an object representing that layer. // This API is experimental and can be changed without bumping the major version number. +// TODO: to remove the comment once it's no longer experimental. func (d *Driver) LookupAdditionalLayer(dgst digest.Digest, ref string) (graphdriver.AdditionalLayer, error) { l, err := d.getAdditionalLayerPath(dgst, ref) if err != nil { @@ -736,6 +737,25 @@ func (d *Driver) LookupAdditionalLayer(dgst digest.Digest, ref string) (graphdri }, nil } +// LookupAdditionalLayerByID looks up additional layer store by the specified +// ID and returns an object representing that layer. +// This API is experimental and can be changed without bumping the major version number. +// TODO: to remove the comment once it's no longer experimental. +func (d *Driver) LookupAdditionalLayerByID(id string) (graphdriver.AdditionalLayer, error) { + l, err := d.getAdditionalLayerPathByID(id) + if err != nil { + return nil, err + } + // Tell the additional layer store that we use this layer. + // This will increase reference counter on the store's side. + // This will be decreased on Release() method. + notifyUseAdditionalLayer(l) + return &additionalLayer{ + path: l, + d: d, + }, nil +} + // CreateFromTemplate creates a layer with the same contents and parent as another layer. func (d *Driver) CreateFromTemplate(id, template string, templateIDMappings *idtools.IDMappings, parent string, parentIDMappings *idtools.IDMappings, opts *graphdriver.CreateOpts, readWrite bool) error { if readWrite { @@ -1655,7 +1675,7 @@ func (d *Driver) getLowerDiffPaths(id string) ([]string, error) { // and its parent and returns the size in bytes of the changes // relative to its base filesystem directory. func (d *Driver) DiffSize(id string, idMappings *idtools.IDMappings, parent string, parentMappings *idtools.IDMappings, mountLabel string) (size int64, err error) { - if d.useNaiveDiff() || !d.isParent(id, parent) { + if d.options.mountProgram == "" && (d.useNaiveDiff() || !d.isParent(id, parent)) { return d.naiveDiff.DiffSize(id, idMappings, parent, parentMappings, mountLabel) } @@ -1833,9 +1853,7 @@ func (d *Driver) getAdditionalLayerPath(dgst digest.Digest, ref string) (string, for _, p := range []string{ filepath.Join(target, "diff"), filepath.Join(target, "info"), - // TODO(ktock): We should have an API to expose the stream data of this layer - // to enable the client to retrieve the entire contents of this - // layer when it exports this layer. + filepath.Join(target, "blob"), } { if _, err := os.Stat(p); err != nil { return "", errors.Wrapf(graphdriver.ErrLayerUnknown, @@ -1850,8 +1868,8 @@ func (d *Driver) getAdditionalLayerPath(dgst digest.Digest, ref string) (string, } func (d *Driver) releaseAdditionalLayerByID(id string) { - if al, err := ioutil.ReadFile(path.Join(d.dir(id), "additionallayer")); err == nil { - notifyReleaseAdditionalLayer(string(al)) + if al, err := d.getAdditionalLayerPathByID(id); err == nil { + notifyReleaseAdditionalLayer(al) } else if !os.IsNotExist(err) { logrus.Warnf("unexpected error on reading Additional Layer Store pointer %v", err) } @@ -1866,12 +1884,19 @@ type additionalLayer struct { // Info returns arbitrary information stored along with this layer (i.e. `info` file). // This API is experimental and can be changed without bumping the major version number. +// TODO: to remove the comment once it's no longer experimental. func (al *additionalLayer) Info() (io.ReadCloser, error) { return os.Open(filepath.Join(al.path, "info")) } +// Blob returns a reader of the raw contents of this leyer. +func (al *additionalLayer) Blob() (io.ReadCloser, error) { + return os.Open(filepath.Join(al.path, "blob")) +} + // CreateAs creates a new layer from this additional layer. // This API is experimental and can be changed without bumping the major version number. +// TODO: to remove the comment once it's no longer experimental. func (al *additionalLayer) CreateAs(id, parent string) error { // TODO: support opts if err := al.d.Create(id, parent, nil); err != nil { @@ -1891,8 +1916,17 @@ func (al *additionalLayer) CreateAs(id, parent string) error { return os.Symlink(filepath.Join(al.path, "diff"), diffDir) } +func (d *Driver) getAdditionalLayerPathByID(id string) (string, error) { + al, err := ioutil.ReadFile(path.Join(d.dir(id), "additionallayer")) + if err != nil { + return "", err + } + return string(al), nil +} + // Release tells the additional layer store that we don't use this handler. // This API is experimental and can be changed without bumping the major version number. +// TODO: to remove the comment once it's no longer experimental. func (al *additionalLayer) Release() { // Tell the additional layer store that we don't use this layer handler. // This will decrease the reference counter on the store's side, which was diff --git a/vendor/github.com/containers/storage/layers.go b/vendor/github.com/containers/storage/layers.go index 394c00731..1ed265d5d 100644 --- a/vendor/github.com/containers/storage/layers.go +++ b/vendor/github.com/containers/storage/layers.go @@ -1401,6 +1401,52 @@ func (r *layerStore) Diff(from, to string, options *DiffOptions) (io.ReadCloser, return maybeCompressReadCloser(diff) } + if ad, ok := r.driver.(drivers.AdditionalLayerStoreDriver); ok { + if aLayer, err := ad.LookupAdditionalLayerByID(to); err == nil { + // This is an additional layer. We leverage blob API for aquiring the reproduced raw blob. + info, err := aLayer.Info() + if err != nil { + aLayer.Release() + return nil, err + } + defer info.Close() + layer := &Layer{} + if err := json.NewDecoder(info).Decode(layer); err != nil { + aLayer.Release() + return nil, err + } + blob, err := aLayer.Blob() + if err != nil { + aLayer.Release() + return nil, err + } + // If layer compression type is different from the expected one, decompress and convert it. + if compression != layer.CompressionType { + diff, err := archive.DecompressStream(blob) + if err != nil { + if err2 := blob.Close(); err2 != nil { + err = errors.Wrapf(err, "failed to close blob file: %v", err2) + } + aLayer.Release() + return nil, err + } + rc, err := maybeCompressReadCloser(diff) + if err != nil { + if err2 := closeAll(blob.Close, diff.Close); err2 != nil { + err = errors.Wrapf(err, "failed to cleanup: %v", err2) + } + aLayer.Release() + return nil, err + } + return ioutils.NewReadCloserWrapper(rc, func() error { + defer aLayer.Release() + return closeAll(blob.Close, rc.Close) + }), nil + } + return ioutils.NewReadCloserWrapper(blob, func() error { defer aLayer.Release(); return blob.Close() }), nil + } + } + tsfile, err := os.Open(r.tspath(to)) if err != nil { if !os.IsNotExist(err) { @@ -1733,3 +1779,16 @@ func (r *layerStore) ReloadIfChanged() error { } return nil } + +func closeAll(closes ...func() error) (rErr error) { + for _, f := range closes { + if err := f(); err != nil { + if rErr == nil { + rErr = errors.Wrapf(err, "close error") + continue + } + rErr = errors.Wrapf(rErr, "%v", err) + } + } + return +} diff --git a/vendor/modules.txt b/vendor/modules.txt index c5d79a9b7..b4c2c6330 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -91,7 +91,7 @@ github.com/containers/buildah/pkg/overlay github.com/containers/buildah/pkg/parse github.com/containers/buildah/pkg/rusage github.com/containers/buildah/util -# github.com/containers/common v0.38.4 +# github.com/containers/common v0.39.0 github.com/containers/common/libimage github.com/containers/common/libimage/manifests github.com/containers/common/pkg/apparmor @@ -192,7 +192,7 @@ github.com/containers/psgo/internal/dev github.com/containers/psgo/internal/host github.com/containers/psgo/internal/proc github.com/containers/psgo/internal/process -# github.com/containers/storage v1.31.2 +# github.com/containers/storage v1.32.0 github.com/containers/storage github.com/containers/storage/drivers github.com/containers/storage/drivers/aufs |