diff options
24 files changed, 601 insertions, 64 deletions
diff --git a/changelog.txt b/changelog.txt index 324826288..b1c4b4756 100644 --- a/changelog.txt +++ b/changelog.txt @@ -1,3 +1,340 @@ +- Changelog for v3.2.0-rc1 (2021-05-05) + * migrate Podman to containers/common/libimage + * add --mac-address to podman play kube + * compat api: Networks must be empty instead of null + * System tests: honor $OCI_RUNTIME (for CI) + * is this a bug? + * system test image: add arm64v8 image + * Fix troubleshooting documentation on handling sublemental groups. + * Add --all to podman start + * Fix variable reference typo. in multi-arch image action + * cgroup: always honor --cgroup-parent with cgroupfs + * Bump github.com/uber/jaeger-client-go + * Don't require tests for github-actions & metadata + * Detect if in podman machine virtual vm + * Fix multi-arch image workflow typo + * [CI:DOCS] Add titles to remote docs (windows) + * Remove unused VolumeList* structs + * Cirrus: Update F34beta -> F34 + * Update container image docs + fix unstable execution + * Bump github.com/containers/storage from 1.30.0 to 1.30.1 + * TODO complete + * Docker returns 'die' status rather then 'died' status + * Check if another VM is running on machine start + * [CI:DOCS] Improve titles of command HTML pages + * system tests: networking: fix another race condition + * Use seccomp_profile as default profile if defined in containers.conf + * Bump github.com/json-iterator/go from 1.1.10 to 1.1.11 + * Vendored + * Autoupdate local label functional + * System tests: fix two race conditions + * Add more documentation on conmon + * Allow docker volume create API to pass without name + * Cirrus: Update Ubuntu images to 21.04 + * Skip blkio-weight test when no kernel BFQ support + * rootless: Tell the user what was led to the error, not just what it is + * Add troubleshooting advice about the --userns option. + * Fix images prune filter until + * Fix logic for pushing stable multi-arch images + * Fixes generate kube incorrect when bind-mounting "/" and "/root" + * libpod/image: unit tests: don't use system's registries.conf.d + * runtime: create userns when CAP_SYS_ADMIN is not present + * rootless: attempt to copy current mappings first + * [CI:DOCS] Restore missing content to manpages + * [CI:DOCS] Fix Markdown layout bugs + * Fix podman ps --filter ancestor to match exact ImageName/ImageID + * Add machine-enabled to containers.conf for machine + * Several multi-arch image build/push fixes + * Add podman run --timeout option + * Parse slirp4netns net options with compat api + * Fix rootlesskit port forwarder with custom slirp cidr + * Fix removal race condition in ListContainers + * Add github-action workflow to build/push multi-arch + * rootless: if root is not sub?id raise a debug message + * Bump github.com/containers/common from 0.36.0 to 0.37.0 + * Add go template shell completion for --format + * Add --group-add keep-groups: suplimentary groups into container + * Fixes from make codespell + * Typo fix to usage text of --compress option + * corrupt-image test: fix an oops + * Add --noheading flag to all list commands + * Bump github.com/containers/storage from 1.29.0 to 1.30.0 + * Bump github.com/containers/image/v5 from 5.11.0 to 5.11.1 + * [CI:DOCS] Fix Markdown table layout bugs + * podman-remote should show podman.sock info + * rmi: don't break when the image is missing a manifest + * [CI:DOCS] Rewrite --uidmap doc in podman-create.1.md and podman-run.1.md + * Add support for CDI device configuration + * [CI:DOCS] Add missing dash to verbose option + * Bump github.com/uber/jaeger-client-go + * Remove an advanced layer diff function + * Ensure mount destination is clean, no trailing slash + * add it for inspect pidfile + * [CI:DOCS] Fix introduction page typo + * support pidfile on container restore + * fix start it + * skip pidfile test on remote + * improve document + * set pidfile default value int containerconfig + * add pidfile in inspection + * add pidfile it for container start + * skip pidfile it on remote + * Modify according to comments + * WIP: drop test requirement + * runtime: bump required conmon version + * runtime: return findConmon to libpod + * oci: drop ExecContainerCleanup + * oci: use `--full-path` option for conmon + * use AttachSocketPath when removing conmon files + * hide conmon-pidfile flag on remote mode + * Fix possible panic in libpod/image/prune.go + * add --ip to podman play kube + * add flag autocomplete + * add ut + * add flag "--pidfile" for podman create/run + * Add network bindings tests: remove and list + * Fix build with GO111MODULE=off + * system tests: build --pull-never: deal with flakes + * compose test: diagnose flakes v3 + * podman play kube apply correct log driver + * Fixes podman-remote save to directories does not work + * Bump github.com/rootless-containers/rootlesskit from 0.14.1 to 0.14.2 + * Update documentation of podman-run to reflect volume "U" option + * Fix flake on failed podman-remote build : try 2 + * compose test: ongoing efforts to diagnose flakes + * Test that we don't error out on advertised --log-level values + * At trace log level, print error text using %+v instead of %v + * pkg/errorhandling.JoinErrors: don't throw away context for lone errors + * Recognize --log-level=trace + * Fix flake on failed podman-remote build + * System tests: fix racy podman-inspect + * Fixes invalid expression in save command + * Bump github.com/containers/common from 0.35.4 to 0.36.0 + * Update nix pin with `make nixpkgs` + * compose test: try to get useful data from flakes + * Remove in-memory state implementation + * Fix message about runtime to show only the actual runtime + * System tests: setup: better cleanup of stray images + * Bump github.com/containers/ocicrypt from 1.1.0 to 1.1.1 + * Reflect current state of prune implementation in docs + * Do not delete container twice + * [CI:DOCS] Correct status code for /pods/create + * vendor in containers/storage v1.29.0 + * cgroup: do not set cgroup parent when rootless and cgroupfs + * Overhaul Makefile binary and release worflows + * Reorganize Makefile with sections and guide + * Simplify Makefile help target + * Don't shell to obtain current directory + * Remove unnecessary/not-needed release.txt target + * Fix incorrect version number output + * Exclude .gitignore from test req. + * Fix handling of $NAME and $IMAGE in runlabel + * Update podman image Dockerfile to support Podman in container + * Bump github.com/containers/image/v5 from 5.10.5 to 5.11.0 + * Fix slashes in socket URLs + * Add network prune filters support to bindings + * Add support for play/generate kube volumes + * Update manifest API endpoints + * Fix panic when not giving a machine name for ssh + * cgroups: force 64 bits to ParseUint + * Bump k8s.io/api from 0.20.5 to 0.21.0 + * [CI:DOCS] Fix formatting of podman-build man page + * buildah-bud tests: simplify + * Add missing return + * Bump github.com/onsi/ginkgo from 1.16.0 to 1.16.1 + * speed up CI handling of images + * Volumes prune endpoint should use only prune filters + * Cirrus: Use Fedora 34beta images + * Bump go.sum + Makefile for golang 1.16 + * Exempt Makefile changes from test requirements + * Adjust libpod API Container Wait documentation to the code + * [CI:DOCS] Update swagger definition of inspect manifest + * use updated ubuntu images + * podman unshare: add --rootless-cni to join the ns + * Update swagger-check + * swagger: remove name wildcards + * Update buildah-bud diffs + * Handle podman-remote --arch, --platform, --os + * buildah-bud tests: handle go pseudoversions, plus... + * Fix flaking rootless compose test + * rootless cni add /usr/sbin to PATH if not present + * System tests: special case for RHEL: require runc + * Add --requires flag to podman run/create + * [CI:DOCS] swagger-check: compare operations + * [CI:DOCS] Polish swagger OpertionIDs + * [NO TESTS NEEDED] Update nix pin with `make nixpkgs` + * Ensure that `--userns=keep-id` sets user in config + * [CI:DOCS] Set all operation id to be compatibile + * Move operationIds to swagger:operation line + * swagger: add operationIds that match with docker + * Cirrus: Make use of shared get_ci_vm container + * Don't relabel volumes if running in a privileged container + * Allow users to override default storage opts with --storage-opt + * Add support for podman --context default + * Verify existence of auth file if specified + * fix machine naming conventions + * Initial network bindings tests + * Update release notes to indicate CVE fix + * Move socket activation check into init() and set global condition. + * Bump github.com/onsi/ginkgo from 1.15.2 to 1.16.0 + * Http api tests for network prune with until filter + * podman-run.1.md, podman-create.1.md : Adjust Markdown layout for --userns + * Fix typos --uidmapping and --gidmapping + * Add transport and destination info to manifest doc + * Bump github.com/rootless-containers/rootlesskit from 0.14.0 to 0.14.1 + * Add default template functions + * Fix missing podman-remote build options + * Bump github.com/coreos/go-systemd/v22 from 22.3.0 to 22.3.1 + * Add ssh connection to root user + * Add rootless docker-compose test to the CI + * Use the slrip4netns dns in the rootless cni ns + * Cleanup the rootless cni namespace + * Add new docker-compose test for two networks + * Make the docker-compose test work rootless + * Remove unused rootless-cni-infra container files + * Only use rootless RLK when the container has ports + * Fix dnsname test + * Enable rootless network connect/disconnect + * Move slirp4netns functions into an extra file + * Fix pod infra container cni network setup + * Add rootless support for cni and --uidmap + * rootless cni without infra container + * Recreate until container prune tests for bindings + * Remove --execute from podman machine ssh + * Fixed podman-remote --network flag + * Makefile: introduce install.docker-full + * Makefile: ensure install.docker creates BINDIR + * Fix unmount doc reference in image.rst + * Should send the OCI runtime path not just the name to buildah + * podman machine shell completion + * Fix handling of remove --log-rusage param + * Fix bindings prune containers flaky test + * [CI:DOCS] Add local html build info to docs/README.md + * Add podman machine list + * Trim white space from /top endpoint results + * Remove semantic version suffices from API calls + * podman machine init --ignition-path + * Document --volume from podman-remote run/create client + * Update main branch to reflect the release of v3.1.0 + * Silence podman network reload errors with iptables-nft + * Containers prune endpoint should use only prune filters + * resolve proper aarch64 image names + * APIv2 basic test: relax APIVersion check + * Add machine support for qemu-system-aarch64 + * podman machine init user input + * manpage xref: helpful diagnostic for unescaped dash-dash + * Bump to v3.2.0-dev + * swagger: update system version response body + * buildah-bud tests: reenable pull-never test + * [NO TESTS NEEDED] Shrink the size of podman-remote + * Add powershell completions + * [NO TESTS NEEDED] Drop Warning to Info, if cgroups not mounted + * Fix long option format on docs.podman.io + * system tests: friendier messages for 2-arg is() + * service: use LISTEN_FDS + * man pages: correct seccomp-policy label + * rootless: use is_fd_inherited + * podman generate systemd --new do not duplicate params + * play kube: add support for env vars defined from secrets + * play kube: support optional/mandatory env var from config map + * play kube: prepare supporting other env source than config maps + * Add machine support for more Linux distros + * [NO TESTS NEEDED] Use same function podman-remote rmi as podman + * Podman machine enhancements + * Add problematic volume name to kube play error messages + * Fix podman build --pull-never + * [NO TESTS NEEDED] Fix for kernel without CONFIG_USER_NS + * [NO TESTS NEEDED] Turn on podman-remote build --isolation + * Fix list pods filter handling in libpod api + * Remove resize race condition + * [NO TESTS NEEDED] Vendor in containers/buildah v1.20.0 + * Use TMPDIR when commiting images + * Add RequiresMountsFor= to systemd generate + * Bump github.com/vbauerster/mpb/v6 from 6.0.2 to 6.0.3 + * Fix swapped dimensions from terminal.GetSize + * Rename podman machine create to init and clean up + * Correct json field name + * system tests: new interactive tests + * Improvements for machine + * libpod/image: unit tests: use a `registries.conf` for aliases + * libpod/image: unit tests: defer cleanup + * libpod/image: unit tests: use `require.NoError` + * Add --execute flag to podman machine ssh + * introduce podman machine + * Podman machine CLI and interface stub + * Support multi doc yaml for generate/play kube + * Fix filters in image http compat/libpod api endpoints + * Bump github.com/containers/common from 0.35.3 to 0.35.4 + * Bump github.com/containers/storage from 1.28.0 to 1.28.1 + * Check if stdin is a term in --interactive --tty mode + * [NO TESTS NEEDED] Remove /tmp/containers-users-* files on reboot + * [NO TESTS NEEDED] Fix rootless volume plugins + * Ensure manually-created volumes have correct ownership + * Bump github.com/rootless-containers/rootlesskit + * Unification of until filter across list/prune endpoints + * Unification of label filter across list/prune endpoints + * fixup + * fix: build endpoint for compat API + * [CI:DOCS] Add note to mappings for user/group userns in build + * Bump github.com/coreos/go-systemd/v22 from 22.1.0 to 22.3.0 + * Bump k8s.io/api from 0.20.1 to 0.20.5 + * Validate passed in timezone from tz option + * Fix system prune cmd user message with options + * WIP: run buildah bud tests using podman + * Fix containers list/prune http api filter behaviour + * System tests: reenable a bunch of skipped tests + * Generate Kubernetes PersistentVolumeClaims from named volumes + * Cleanup /libpod/images/load handler + * vendor: drop replace for github.com/syndtr/gocapability + * security: use the bounding caps with --privileged + * Bump github.com/containers/common from 0.35.0 to 0.35.3 + * Bump k8s.io/apimachinery from 0.20.4 to 0.20.5 + * Fix volumes and networks list/prune filters in http api + * Bump github.com/containers/storage from 1.25.0 to 1.28.0 + * add a dependabot config to automate vendoring + * Bump github.com/onsi/ginkgo from 1.15.1 to 1.15.2 + * network prune filters for http compat and libpod api + * test: check for io.stat existence on cgroup v2 + * test: fix test for last crun/runc + * test: simplify cgroup path + * Latest crun/runc should handle blkio-weight test + * fix user message image prune --all + * Docs: removing secrets is safe for in-use secrets + * Downgrade github.com/coreos/go-systemd/v22 + * pkg/bindings/images.Build(): fix a race condition in error reporting + * Switch all builds to pull-never + * System test cleanup + * Fix for volumes prune in http compat api + * Fix remote client timezone test + * Do not leak libpod package into the remote client + * Split libpod/network package + * fix use with localhost (testing) + * add /auth for docker compatibility + * create endpoint for querying libpod networks + * Bump github.com/sirupsen/logrus from 1.8.0 to 1.8.1 + * sdnotify tests: try real hard to kill socat processes + * Fix array instead of one elem network http api + * Delete all containers and pods between tests + * apiv2 tests: finally fix POST as originally intended + * Document CONTAINERS_CONF/CONTAINERS_STORAGE_CONF Env variables + * Removing a non existing container API should return 404 + * Docs: Add docs to access APIs inside container + * options: append CLI graph driver options + * podman load: fix error handling + * podman cp: evaluate symlink correctly when copying from container + * rm pkg/api/handlers/libpod/copy.go + * podman cp: fix copying to a non-existent dir + * podman cp: fix ownership + * podman cp: ignore EPERMs in rootless mode + * vendor buildah@v1.19.8 + * apiv2 tests: add helpers to start/stop a local registry + * Bump to v3.1.0-dev + * allow the removal of storage images + * podman-remote build does not support volumes + * Update nix pin with `make nixpkgs` + * Bump github.com/coreos/go-systemd/v22 from 22.1.0 to 22.2.0 + * [Compat API] Also print successfully tagging images in /build endpoint + - Changelog for v3.1.0-rc1 (2021-03-08) * Compat API: Avoid trying to create volumes if they already exist * Bump github.com/onsi/gomega from 1.10.5 to 1.11.0 diff --git a/cmd/podman/common/specgen.go b/cmd/podman/common/specgen.go index f889a0169..7896ddfc1 100644 --- a/cmd/podman/common/specgen.go +++ b/cmd/podman/common/specgen.go @@ -540,7 +540,7 @@ func FillOutSpecGen(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string return fmt.Errorf("invalid systempaths option %q, only `unconfined` is supported", con[1]) } case "unmask": - s.ContainerSecurityConfig.Unmask = append(s.ContainerSecurityConfig.Unmask, strings.Split(con[1], ":")...) + s.ContainerSecurityConfig.Unmask = append(s.ContainerSecurityConfig.Unmask, con[1:]...) default: return fmt.Errorf("invalid --security-opt 2: %q", opt) } @@ -646,6 +646,7 @@ func FillOutSpecGen(s *specgen.SpecGenerator, c *ContainerCLIOpts, args []string s.Umask = c.Umask s.Secrets = c.Secrets s.PidFile = c.PidFile + s.Volatile = c.Rm return nil } diff --git a/contrib/podmanimage/stable/containers.conf b/contrib/podmanimage/stable/containers.conf index e6b806da3..7f0e36224 100644 --- a/contrib/podmanimage/stable/containers.conf +++ b/contrib/podmanimage/stable/containers.conf @@ -5,6 +5,7 @@ ipcns="host" utsns="host" cgroupns="host" cgroups="disabled" +log_driver = "k8s_file" [engine] cgroup_manager = "cgroupfs" events_logger="file" diff --git a/docs/source/markdown/podman-create.1.md b/docs/source/markdown/podman-create.1.md index ff3f86ec9..25b2fe11a 100644 --- a/docs/source/markdown/podman-create.1.md +++ b/docs/source/markdown/podman-create.1.md @@ -882,8 +882,7 @@ Note: Labeling can be disabled for all containers by setting label=false in the - `proc-opts=OPTIONS` : Comma-separated list of options to use for the /proc mount. More details for the possible mount options are specified in the **proc(5)** man page. -- `unmask=ALL or /path/1:/path/2` : Paths to unmask separated by a colon. If set to **ALL**, it will - unmask all the paths that are masked or made read only by default. +- **unmask**=_ALL_ or _/path/1:/path/2_, or shell expanded paths (/proc/*): Paths to unmask separated by a colon. If set to **ALL**, it will unmask all the paths that are masked or made read only by default. The default masked paths are **/proc/acpi, /proc/kcore, /proc/keys, /proc/latency_stats, /proc/sched_debug, /proc/scsi, /proc/timer_list, /proc/timer_stats, /sys/firmware, and /sys/fs/selinux.** The default paths that are read only are **/proc/asound, /proc/bus, /proc/fs, /proc/irq, /proc/sys, /proc/sysrq-trigger, /sys/fs/cgroup**. Note: Labeling can be disabled for all containers by setting label=false in the **containers.conf** (`/etc/containers/containers.conf` or `$HOME/.config/containers/containers.conf`) file. diff --git a/docs/source/markdown/podman-run.1.md b/docs/source/markdown/podman-run.1.md index a41938ff6..8689014c0 100644 --- a/docs/source/markdown/podman-run.1.md +++ b/docs/source/markdown/podman-run.1.md @@ -934,8 +934,7 @@ Note: Labeling can be disabled for all containers by setting label=false in the - **proc-opts**=_OPTIONS_ : Comma-separated list of options to use for the /proc mount. More details for the possible mount options are specified in the **proc(5)** man page. -- **unmask**=_ALL_ or _/path/1:/path/2_: Paths to unmask separated by a colon. If set to **ALL**, it will - unmask all the paths that are masked or made read only by default. +- **unmask**=_ALL_ or _/path/1:/path/2_, or shell expanded paths (/proc/*): Paths to unmask separated by a colon. If set to **ALL**, it will unmask all the paths that are masked or made read only by default. The default masked paths are **/proc/acpi, /proc/kcore, /proc/keys, /proc/latency_stats, /proc/sched_debug, /proc/scsi, /proc/timer_list, /proc/timer_stats, /sys/firmware, and /sys/fs/selinux.**. The default paths that are read only are **/proc/asound**, **/proc/bus**, **/proc/fs**, **/proc/irq**, **/proc/sys**, **/proc/sysrq-trigger**, **/sys/fs/cgroup**. Note: Labeling can be disabled for all containers by setting **label=false** in the **containers.conf**(5) file. @@ -1644,6 +1643,13 @@ the **mask** option. $ podman run --security-opt unmask=ALL fedora bash ``` +To unmask all the paths that start with /proc, set the **unmask** option to +**/proc/***. + +``` +$ podman run --security-opt unmask=/proc/* fedora bash +``` + ``` $ podman run --security-opt unmask=/foo/bar:/sys/firmware fedora bash ``` @@ -14,7 +14,7 @@ require ( github.com/containers/buildah v1.20.2-0.20210504130217-903dc56408ac github.com/containers/common v0.37.2-0.20210503193405-42134aa138ce github.com/containers/conmon v2.0.20+incompatible - github.com/containers/image/v5 v5.11.1 + github.com/containers/image/v5 v5.12.0 github.com/containers/ocicrypt v1.1.1 github.com/containers/psgo v1.5.2 github.com/containers/storage v1.30.1 @@ -42,7 +42,7 @@ require ( github.com/mattn/go-colorable v0.1.8 // indirect github.com/moby/term v0.0.0-20201216013528-df9cb8a40635 github.com/mrunalp/fileutils v0.5.0 - github.com/onsi/ginkgo v1.16.1 + github.com/onsi/ginkgo v1.16.2 github.com/onsi/gomega v1.11.0 github.com/opencontainers/go-digest v1.0.0 github.com/opencontainers/image-spec v1.0.2-0.20190823105129-775207bd45b6 @@ -198,8 +198,9 @@ github.com/containers/common v0.37.2-0.20210503193405-42134aa138ce h1:e7VNmGqwfU github.com/containers/common v0.37.2-0.20210503193405-42134aa138ce/go.mod h1:JjU+yvzIGyx8ZsY8nyf7snzs4VSNh1eIaYsqoSKBoRw= github.com/containers/conmon v2.0.20+incompatible h1:YbCVSFSCqFjjVwHTPINGdMX1F6JXHGTUje2ZYobNrkg= github.com/containers/conmon v2.0.20+incompatible/go.mod h1:hgwZ2mtuDrppv78a/cOBNiCm6O0UMWGx1mu7P00nu5I= -github.com/containers/image/v5 v5.11.1 h1:mNybUvU6zXUwcMsQaa3n+Idsru5pV+GE7k4oRuPzYi0= github.com/containers/image/v5 v5.11.1/go.mod h1:HC9lhJ/Nz5v3w/5Co7H431kLlgzlVlOC+auD/er3OqE= +github.com/containers/image/v5 v5.12.0 h1:1hNS2QkzFQ4lH3GYQLyAXB0acRMhS1Ubm6oV++8vw4w= +github.com/containers/image/v5 v5.12.0/go.mod h1:VasTuHmOw+uD0oHCfApQcMO2+36SfyncoSahU7513Xs= github.com/containers/libtrust v0.0.0-20190913040956-14b96171aa3b h1:Q8ePgVfHDplZ7U33NwHZkrVELsZP5fYj9pM5WBZB2GE= github.com/containers/libtrust v0.0.0-20190913040956-14b96171aa3b/go.mod h1:9rfv8iPl1ZP7aqh9YA68wnZv2NUDbXdcdPHVz0pFbPY= github.com/containers/ocicrypt v1.0.1/go.mod h1:MeJDzk1RJHv89LjsH0Sp5KTY3ZYkjXO/C+bKAeWFIrc= @@ -610,8 +611,9 @@ github.com/onsi/ginkgo v1.10.3/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+ github.com/onsi/ginkgo v1.11.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= github.com/onsi/ginkgo v1.15.0/go.mod h1:hF8qUzuuC8DJGygJH3726JnCZX4MYbRB8yFfISqnKUg= -github.com/onsi/ginkgo v1.16.1 h1:foqVmeWDD6yYpK+Yz3fHyNIxFYNxswxqNFjSKe+vI54= github.com/onsi/ginkgo v1.16.1/go.mod h1:CObGmKUOKaSC0RjmoAK7tKyn4Azo5P2IWuoMnvwxz1E= +github.com/onsi/ginkgo v1.16.2 h1:HFB2fbVIlhIfCfOW81bZFbiC/RvnpXSdhbF2/DJr134= +github.com/onsi/ginkgo v1.16.2/go.mod h1:CObGmKUOKaSC0RjmoAK7tKyn4Azo5P2IWuoMnvwxz1E= github.com/onsi/gomega v0.0.0-20151007035656-2152b45fa28a/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v1.5.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= diff --git a/libpod/container_config.go b/libpod/container_config.go index ede6b1aab..da732c05b 100644 --- a/libpod/container_config.go +++ b/libpod/container_config.go @@ -151,6 +151,9 @@ type ContainerRootFSConfig struct { Secrets []*secrets.Secret `json:"secrets,omitempty"` // SecretPath is the secrets location in storage SecretsPath string `json:"secretsPath"` + // Volatile specifies whether the container storage can be optimized + // at the cost of not syncing all the dirty files in memory. + Volatile bool `json:"volatile,omitempty"` } // ContainerSecurityConfig is an embedded sub-config providing security configuration diff --git a/libpod/container_internal.go b/libpod/container_internal.go index 132012404..051fe4b9e 100644 --- a/libpod/container_internal.go +++ b/libpod/container_internal.go @@ -451,6 +451,8 @@ func (c *Container) setupStorage(ctx context.Context) error { options.MountOpts = newOptions } + options.Volatile = c.config.Volatile + c.setupStorageMapping(&options.IDMappingOptions, &c.config.IDMappings) containerInfo, err := c.runtime.storageService.CreateContainerStorage(ctx, c.runtime.imageContext, c.config.RootfsImageName, c.config.RootfsImageID, c.config.Name, c.config.ID, options) diff --git a/libpod/options.go b/libpod/options.go index 39415a817..391cf0147 100644 --- a/libpod/options.go +++ b/libpod/options.go @@ -2318,3 +2318,16 @@ func WithPodSlirp4netns(networkOptions map[string][]string) PodCreateOption { return nil } } + +// WithVolatile sets the volatile flag for the container storage. +// The option can potentially cause data loss when used on a container that must survive a machine reboot. +func WithVolatile() CtrCreateOption { + return func(ctr *Container) error { + if ctr.valid { + return define.ErrCtrFinalized + } + + ctr.config.Volatile = true + return nil + } +} diff --git a/pkg/specgen/generate/config_linux.go b/pkg/specgen/generate/config_linux.go index 5c945cff3..6b9e9c4bf 100644 --- a/pkg/specgen/generate/config_linux.go +++ b/pkg/specgen/generate/config_linux.go @@ -10,7 +10,6 @@ import ( "github.com/containers/podman/v3/libpod/define" "github.com/containers/podman/v3/pkg/rootless" - "github.com/containers/podman/v3/pkg/util" spec "github.com/opencontainers/runtime-spec/specs-go" "github.com/opencontainers/runtime-tools/generate" "github.com/pkg/errors" @@ -151,30 +150,23 @@ func BlockAccessToKernelFilesystems(privileged, pidModeIsHost bool, mask, unmask "/sys/dev/block", } - unmaskAll := false - if unmask != nil && unmask[0] == "ALL" { - unmaskAll = true - } - if !privileged { - if !unmaskAll { - for _, mp := range defaultMaskPaths { - // check that the path to mask is not in the list of paths to unmask - if !util.StringInSlice(mp, unmask) { - g.AddLinuxMaskedPaths(mp) - } + for _, mp := range defaultMaskPaths { + // check that the path to mask is not in the list of paths to unmask + if shouldMask(mp, unmask) { + g.AddLinuxMaskedPaths(mp) } - for _, rp := range []string{ - "/proc/asound", - "/proc/bus", - "/proc/fs", - "/proc/irq", - "/proc/sys", - "/proc/sysrq-trigger", - } { - if !util.StringInSlice(rp, unmask) { - g.AddLinuxReadonlyPaths(rp) - } + } + for _, rp := range []string{ + "/proc/asound", + "/proc/bus", + "/proc/fs", + "/proc/irq", + "/proc/sys", + "/proc/sysrq-trigger", + } { + if shouldMask(rp, unmask) { + g.AddLinuxReadonlyPaths(rp) } } @@ -376,3 +368,21 @@ func supportAmbientCapabilities() bool { err := unix.Prctl(unix.PR_CAP_AMBIENT, unix.PR_CAP_AMBIENT_IS_SET, 0, 0, 0) return err == nil } + +func shouldMask(mask string, unmask []string) bool { + for _, m := range unmask { + if strings.ToLower(m) == "all" { + return false + } + for _, m1 := range strings.Split(m, ":") { + match, err := filepath.Match(m1, mask) + if err != nil { + logrus.Errorf(err.Error()) + } + if match { + return false + } + } + } + return true +} diff --git a/pkg/specgen/generate/config_linux_test.go b/pkg/specgen/generate/config_linux_test.go new file mode 100644 index 000000000..39973324b --- /dev/null +++ b/pkg/specgen/generate/config_linux_test.go @@ -0,0 +1,28 @@ +package generate + +import ( + "testing" + + "github.com/stretchr/testify/assert" +) + +func TestShouldMask(t *testing.T) { + tests := []struct { + mask string + unmask []string + shouldMask bool + }{ + {"/proc/foo", []string{"all"}, false}, + {"/proc/foo", []string{"ALL"}, false}, + {"/proc/foo", []string{"/proc/foo"}, false}, + {"/proc/foo", []string{"/proc/*"}, false}, + {"/proc/foo", []string{"/proc/bar", "all"}, false}, + {"/proc/foo", []string{"/proc/f*"}, false}, + {"/proc/foo", []string{"/proc/b*"}, true}, + {"/proc/foo", []string{}, true}, + } + for _, test := range tests { + val := shouldMask(test.mask, test.unmask) + assert.Equal(t, val, test.shouldMask) + } +} diff --git a/pkg/specgen/generate/container_create.go b/pkg/specgen/generate/container_create.go index 01f939022..0090156c9 100644 --- a/pkg/specgen/generate/container_create.go +++ b/pkg/specgen/generate/container_create.go @@ -200,6 +200,9 @@ func createContainerOptions(ctx context.Context, rt *libpod.Runtime, s *specgen. if s.Umask != "" { options = append(options, libpod.WithUmask(s.Umask)) } + if s.Volatile { + options = append(options, libpod.WithVolatile()) + } useSystemd := false switch s.Systemd { diff --git a/pkg/specgen/specgen.go b/pkg/specgen/specgen.go index fdcb7a0e0..5ef2b0653 100644 --- a/pkg/specgen/specgen.go +++ b/pkg/specgen/specgen.go @@ -256,6 +256,9 @@ type ContainerStorageConfig struct { // Secrets are the secrets that will be added to the container // Optional. Secrets []string `json:"secrets,omitempty"` + // Volatile specifies whether the container storage can be optimized + // at the cost of not syncing all the dirty files in memory. + Volatile bool `json:"volatile,omitempty"` } // ContainerSecurityConfig is a container's security features, including diff --git a/test/e2e/run_test.go b/test/e2e/run_test.go index 74bdfce2c..d8d7dab07 100644 --- a/test/e2e/run_test.go +++ b/test/e2e/run_test.go @@ -299,9 +299,17 @@ var _ = Describe("Podman run", func() { session = podmanTest.Podman([]string{"run", "-d", "--name=maskCtr5", "--security-opt", "systempaths=unconfined", ALPINE, "grep", "/proc", "/proc/self/mounts"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) - stdoutLines := session.OutputToStringArray() - Expect(stdoutLines).Should(HaveLen(1)) + Expect(session.OutputToStringArray()).Should(HaveLen(1)) + + session = podmanTest.Podman([]string{"run", "-d", "--security-opt", "unmask=/proc/*", ALPINE, "grep", "/proc", "/proc/self/mounts"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + Expect(session.OutputToStringArray()).Should(HaveLen(1)) + session = podmanTest.Podman([]string{"run", "--security-opt", "unmask=/proc/a*", ALPINE, "ls", "/proc/acpi"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + Expect(session.OutputToString()).To(Not(BeEmpty())) }) It("podman run security-opt unmask on /sys/fs/cgroup", func() { diff --git a/vendor/github.com/containers/image/v5/copy/copy.go b/vendor/github.com/containers/image/v5/copy/copy.go index fb704283b..ed76283f9 100644 --- a/vendor/github.com/containers/image/v5/copy/copy.go +++ b/vendor/github.com/containers/image/v5/copy/copy.go @@ -910,7 +910,7 @@ func (ic *imageCopier) copyLayers(ctx context.Context) error { } data := make([]copyLayerData, numLayers) - copyLayerHelper := func(index int, srcLayer types.BlobInfo, toEncrypt bool, pool *mpb.Progress) { + copyLayerHelper := func(index int, srcLayer types.BlobInfo, toEncrypt bool, pool *mpb.Progress, srcRef reference.Named) { defer copySemaphore.Release(1) defer copyGroup.Done() cld := copyLayerData{} @@ -925,7 +925,7 @@ func (ic *imageCopier) copyLayers(ctx context.Context) error { logrus.Debugf("Skipping foreign layer %q copy to %s", cld.destInfo.Digest, ic.c.dest.Reference().Transport().Name()) } } else { - cld.destInfo, cld.diffID, cld.err = ic.copyLayer(ctx, srcLayer, toEncrypt, pool, index) + cld.destInfo, cld.diffID, cld.err = ic.copyLayer(ctx, srcLayer, toEncrypt, pool, index, srcRef) } data[index] = cld } @@ -962,7 +962,7 @@ func (ic *imageCopier) copyLayers(ctx context.Context) error { return errors.Wrapf(err, "Can't acquire semaphore") } copyGroup.Add(1) - go copyLayerHelper(i, srcLayer, encLayerBitmap[i], progressPool) + go copyLayerHelper(i, srcLayer, encLayerBitmap[i], progressPool, ic.c.rawSource.Reference().DockerReference()) } // A call to copyGroup.Wait() is done at this point by the defer above. @@ -1147,7 +1147,8 @@ type diffIDResult struct { // copyLayer copies a layer with srcInfo (with known Digest and Annotations and possibly known Size) in src to dest, perhaps (de/re/)compressing it, // and returns a complete blobInfo of the copied layer, and a value for LayerDiffIDs if diffIDIsNeeded -func (ic *imageCopier) copyLayer(ctx context.Context, srcInfo types.BlobInfo, toEncrypt bool, pool *mpb.Progress, layerIndex int) (types.BlobInfo, digest.Digest, error) { +// srcRef can be used as an additional hint to the destination during checking whehter a layer can be reused but srcRef can be nil. +func (ic *imageCopier) copyLayer(ctx context.Context, srcInfo types.BlobInfo, toEncrypt bool, pool *mpb.Progress, layerIndex int, srcRef reference.Named) (types.BlobInfo, digest.Digest, error) { // If the srcInfo doesn't contain compression information, try to compute it from the // MediaType, which was either read from a manifest by way of LayerInfos() or constructed // by LayerInfosForCopy(), if it was supplied at all. If we succeed in copying the blob, @@ -1189,11 +1190,14 @@ func (ic *imageCopier) copyLayer(ctx context.Context, srcInfo types.BlobInfo, to // layers which requires passing the index of the layer. // Hence, we need to special case and cast. dest, ok := ic.c.dest.(internalTypes.ImageDestinationWithOptions) - if ok && enableEarlyCommit { + if ok { options := internalTypes.TryReusingBlobOptions{ Cache: ic.c.blobInfoCache, CanSubstitute: ic.canSubstituteBlobs, - LayerIndex: &layerIndex, + SrcRef: srcRef, + } + if enableEarlyCommit { + options.LayerIndex = &layerIndex } reused, blobInfo, err = dest.TryReusingBlobWithOptions(ctx, srcInfo, options) } else { @@ -1550,12 +1554,12 @@ func (c *copier) copyBlobFromStream(ctx context.Context, srcStream io.Reader, sr // which requires passing the index of the layer. Hence, we need to // special case and cast. dest, ok := c.dest.(internalTypes.ImageDestinationWithOptions) - if ok && enableEarlyCommit { + if ok { options := internalTypes.PutBlobOptions{ Cache: c.blobInfoCache, IsConfig: isConfig, } - if !isConfig { + if !isConfig && enableEarlyCommit { options.LayerIndex = &layerIndex } uploadedInfo, err = dest.PutBlobWithOptions(ctx, &errorAnnotationReader{destStream}, inputInfo, options) diff --git a/vendor/github.com/containers/image/v5/internal/types/types.go b/vendor/github.com/containers/image/v5/internal/types/types.go index 9adf0d536..bf89a69b8 100644 --- a/vendor/github.com/containers/image/v5/internal/types/types.go +++ b/vendor/github.com/containers/image/v5/internal/types/types.go @@ -4,6 +4,7 @@ import ( "context" "io" + "github.com/containers/image/v5/docker/reference" publicTypes "github.com/containers/image/v5/types" ) @@ -50,4 +51,6 @@ type TryReusingBlobOptions struct { CanSubstitute bool // The corresponding index in the layer slice. LayerIndex *int + // The reference of the image that contains the target blob. + SrcRef reference.Named } diff --git a/vendor/github.com/containers/image/v5/storage/storage_image.go b/vendor/github.com/containers/image/v5/storage/storage_image.go index 3a2c18c89..f4747357c 100644 --- a/vendor/github.com/containers/image/v5/storage/storage_image.go +++ b/vendor/github.com/containers/image/v5/storage/storage_image.go @@ -76,11 +76,12 @@ type storageImageDestination struct { indexToStorageID map[int]*string // All accesses to below data are protected by `lock` which is made // *explicit* in the code. - blobDiffIDs map[digest.Digest]digest.Digest // Mapping from layer blobsums to their corresponding DiffIDs - fileSizes map[digest.Digest]int64 // Mapping from layer blobsums to their sizes - filenames map[digest.Digest]string // Mapping from layer blobsums to names of files we used to hold them - currentIndex int // The index of the layer to be committed (i.e., lower indices have already been committed) - indexToPulledBlob map[int]*types.BlobInfo // Mapping from layer (by index) to pulled down blob + blobDiffIDs map[digest.Digest]digest.Digest // Mapping from layer blobsums to their corresponding DiffIDs + fileSizes map[digest.Digest]int64 // Mapping from layer blobsums to their sizes + filenames map[digest.Digest]string // Mapping from layer blobsums to names of files we used to hold them + currentIndex int // The index of the layer to be committed (i.e., lower indices have already been committed) + indexToPulledBlob map[int]*types.BlobInfo // Mapping from layer (by index) to pulled down blob + blobAdditionalLayer map[digest.Digest]storage.AdditionalLayer // Mapping from layer blobsums to their corresponding additional layer } type storageImageCloser struct { @@ -391,16 +392,17 @@ func newImageDestination(sys *types.SystemContext, imageRef storageReference) (* return nil, errors.Wrapf(err, "error creating a temporary directory") } image := &storageImageDestination{ - imageRef: imageRef, - directory: directory, - signatureses: make(map[digest.Digest][]byte), - blobDiffIDs: make(map[digest.Digest]digest.Digest), - fileSizes: make(map[digest.Digest]int64), - filenames: make(map[digest.Digest]string), - SignatureSizes: []int{}, - SignaturesSizes: make(map[digest.Digest][]int), - indexToStorageID: make(map[int]*string), - indexToPulledBlob: make(map[int]*types.BlobInfo), + imageRef: imageRef, + directory: directory, + signatureses: make(map[digest.Digest][]byte), + blobDiffIDs: make(map[digest.Digest]digest.Digest), + blobAdditionalLayer: make(map[digest.Digest]storage.AdditionalLayer), + fileSizes: make(map[digest.Digest]int64), + filenames: make(map[digest.Digest]string), + SignatureSizes: []int{}, + SignaturesSizes: make(map[digest.Digest][]int), + indexToStorageID: make(map[int]*string), + indexToPulledBlob: make(map[int]*types.BlobInfo), } return image, nil } @@ -411,8 +413,11 @@ func (s *storageImageDestination) Reference() types.ImageReference { return s.imageRef } -// Close cleans up the temporary directory. +// Close cleans up the temporary directory and additional layer store handlers. func (s *storageImageDestination) Close() error { + for _, al := range s.blobAdditionalLayer { + al.Release() + } return os.RemoveAll(s.directory) } @@ -532,7 +537,7 @@ func (s *storageImageDestination) PutBlob(ctx context.Context, stream io.Reader, // used the together. Mixing the two with the non "WithOptions" functions // is not supported. func (s *storageImageDestination) TryReusingBlobWithOptions(ctx context.Context, blobinfo types.BlobInfo, options internalTypes.TryReusingBlobOptions) (bool, types.BlobInfo, error) { - reused, info, err := s.TryReusingBlob(ctx, blobinfo, options.Cache, options.CanSubstitute) + reused, info, err := s.tryReusingBlobWithSrcRef(ctx, blobinfo, options.Cache, options.CanSubstitute, options.SrcRef) if err != nil || !reused || options.LayerIndex == nil { return reused, info, err } @@ -540,6 +545,33 @@ func (s *storageImageDestination) TryReusingBlobWithOptions(ctx context.Context, return reused, info, s.queueOrCommit(ctx, info, *options.LayerIndex) } +// tryReusingBlobWithSrcRef is a wrapper around TryReusingBlob. +// If ref is provided, this function first tries to get layer from Additional Layer Store. +func (s *storageImageDestination) tryReusingBlobWithSrcRef(ctx context.Context, blobinfo types.BlobInfo, cache types.BlobInfoCache, canSubstitute bool, ref reference.Named) (bool, types.BlobInfo, error) { + // lock the entire method as it executes fairly quickly + s.lock.Lock() + defer s.lock.Unlock() + + if ref != nil { + // Check if we have the layer in the underlying additional layer store. + aLayer, err := s.imageRef.transport.store.LookupAdditionalLayer(blobinfo.Digest, ref.String()) + if err != nil && errors.Cause(err) != storage.ErrLayerUnknown { + return false, types.BlobInfo{}, errors.Wrapf(err, `Error looking for compressed layers with digest %q and labels`, blobinfo.Digest) + } else if err == nil { + // Record the uncompressed value so that we can use it to calculate layer IDs. + s.blobDiffIDs[blobinfo.Digest] = aLayer.UncompressedDigest() + s.blobAdditionalLayer[blobinfo.Digest] = aLayer + return true, types.BlobInfo{ + Digest: blobinfo.Digest, + Size: aLayer.CompressedSize(), + MediaType: blobinfo.MediaType, + }, nil + } + } + + return s.tryReusingBlobLocked(ctx, blobinfo, cache, canSubstitute) +} + // TryReusingBlob checks whether the transport already contains, or can efficiently reuse, a blob, and if so, applies it to the current destination // (e.g. if the blob is a filesystem layer, this signifies that the changes it describes need to be applied again when composing a filesystem tree). // info.Digest must not be empty. @@ -553,6 +585,13 @@ func (s *storageImageDestination) TryReusingBlob(ctx context.Context, blobinfo t // lock the entire method as it executes fairly quickly s.lock.Lock() defer s.lock.Unlock() + + return s.tryReusingBlobLocked(ctx, blobinfo, cache, canSubstitute) +} + +// tryReusingBlobLocked implements a core functionality of TryReusingBlob. +// This must be called with a lock being held on storageImageDestination. +func (s *storageImageDestination) tryReusingBlobLocked(ctx context.Context, blobinfo types.BlobInfo, cache types.BlobInfoCache, canSubstitute bool) (bool, types.BlobInfo, error) { if blobinfo.Digest == "" { return false, types.BlobInfo{}, errors.Errorf(`Can not check for a blob with unknown digest`) } @@ -804,6 +843,20 @@ func (s *storageImageDestination) commitLayer(ctx context.Context, blob manifest s.indexToStorageID[index] = &lastLayer return nil } + + s.lock.Lock() + al, ok := s.blobAdditionalLayer[blob.Digest] + s.lock.Unlock() + if ok { + layer, err := al.PutAs(id, lastLayer, nil) + if err != nil { + return errors.Wrapf(err, "failed to put layer from digest and labels") + } + lastLayer = layer.ID + s.indexToStorageID[index] = &lastLayer + return nil + } + // Check if we previously cached a file with that blob's contents. If we didn't, // then we need to read the desired contents from a layer. s.lock.Lock() diff --git a/vendor/github.com/containers/image/v5/version/version.go b/vendor/github.com/containers/image/v5/version/version.go index 23b2e3571..4afb3b90b 100644 --- a/vendor/github.com/containers/image/v5/version/version.go +++ b/vendor/github.com/containers/image/v5/version/version.go @@ -6,9 +6,9 @@ const ( // VersionMajor is for an API incompatible changes VersionMajor = 5 // VersionMinor is for functionality in a backwards-compatible manner - VersionMinor = 11 + VersionMinor = 12 // VersionPatch is for backwards-compatible bug fixes - VersionPatch = 1 + VersionPatch = 0 // VersionDev indicates development branch. Releases will be empty string. VersionDev = "" diff --git a/vendor/github.com/onsi/ginkgo/CHANGELOG.md b/vendor/github.com/onsi/ginkgo/CHANGELOG.md index 4e0afc291..50631e4a9 100644 --- a/vendor/github.com/onsi/ginkgo/CHANGELOG.md +++ b/vendor/github.com/onsi/ginkgo/CHANGELOG.md @@ -1,3 +1,8 @@ +## 1.16.2 + +### Fixes +- Deprecations can be suppressed by setting an `ACK_GINKGO_DEPRECATIONS=<semver>` environment variable. + ## 1.16.1 ### Fixes diff --git a/vendor/github.com/onsi/ginkgo/config/config.go b/vendor/github.com/onsi/ginkgo/config/config.go index 5f4a4c26e..ab8863d75 100644 --- a/vendor/github.com/onsi/ginkgo/config/config.go +++ b/vendor/github.com/onsi/ginkgo/config/config.go @@ -20,7 +20,7 @@ import ( "fmt" ) -const VERSION = "1.16.1" +const VERSION = "1.16.2" type GinkgoConfigType struct { RandomSeed int64 diff --git a/vendor/github.com/onsi/ginkgo/ginkgo/run_command.go b/vendor/github.com/onsi/ginkgo/ginkgo/run_command.go index 47b586d93..c7f80d143 100644 --- a/vendor/github.com/onsi/ginkgo/ginkgo/run_command.go +++ b/vendor/github.com/onsi/ginkgo/ginkgo/run_command.go @@ -61,6 +61,7 @@ func (r *SpecRunner) RunSpecs(args []string, additionalArgs []string) { deprecationTracker.TrackDeprecation(types.Deprecation{ Message: "--stream is deprecated and will be removed in Ginkgo 2.0", DocLink: "removed--stream", + Version: "1.16.0", }) } @@ -68,6 +69,7 @@ func (r *SpecRunner) RunSpecs(args []string, additionalArgs []string) { deprecationTracker.TrackDeprecation(types.Deprecation{ Message: "--notify is deprecated and will be removed in Ginkgo 2.0", DocLink: "removed--notify", + Version: "1.16.0", }) } diff --git a/vendor/github.com/onsi/ginkgo/types/deprecation_support.go b/vendor/github.com/onsi/ginkgo/types/deprecation_support.go index 7f7a9aeb8..71420f597 100644 --- a/vendor/github.com/onsi/ginkgo/types/deprecation_support.go +++ b/vendor/github.com/onsi/ginkgo/types/deprecation_support.go @@ -1,12 +1,19 @@ package types import ( + "os" + "strconv" + "strings" + "unicode" + + "github.com/onsi/ginkgo/config" "github.com/onsi/ginkgo/formatter" ) type Deprecation struct { Message string DocLink string + Version string } type deprecations struct{} @@ -17,6 +24,7 @@ func (d deprecations) CustomReporter() Deprecation { return Deprecation{ Message: "You are using a custom reporter. Support for custom reporters will likely be removed in V2. Most users were using them to generate junit or teamcity reports and this functionality will be merged into the core reporter. In addition, Ginkgo 2.0 will support emitting a JSON-formatted report that users can then manipulate to generate custom reports.\n\n{{red}}{{bold}}If this change will be impactful to you please leave a comment on {{cyan}}{{underline}}https://github.com/onsi/ginkgo/issues/711{{/}}", DocLink: "removed-custom-reporters", + Version: "1.16.0", } } @@ -24,6 +32,7 @@ func (d deprecations) V1Reporter() Deprecation { return Deprecation{ Message: "You are using a V1 Ginkgo Reporter. Please update your custom reporter to the new V2 Reporter interface.", DocLink: "changed-reporter-interface", + Version: "1.16.0", } } @@ -31,6 +40,7 @@ func (d deprecations) Async() Deprecation { return Deprecation{ Message: "You are passing a Done channel to a test node to test asynchronous behavior. This is deprecated in Ginkgo V2. Your test will run synchronously and the timeout will be ignored.", DocLink: "removed-async-testing", + Version: "1.16.0", } } @@ -38,6 +48,7 @@ func (d deprecations) Measure() Deprecation { return Deprecation{ Message: "Measure is deprecated in Ginkgo V2", DocLink: "removed-measure", + Version: "1.16.0", } } @@ -45,12 +56,14 @@ func (d deprecations) Convert() Deprecation { return Deprecation{ Message: "The convert command is deprecated in Ginkgo V2", DocLink: "removed-ginkgo-convert", + Version: "1.16.0", } } func (d deprecations) Blur() Deprecation { return Deprecation{ Message: "The blur command is deprecated in Ginkgo V2. Use 'ginkgo unfocus' instead.", + Version: "1.16.0", } } @@ -65,6 +78,15 @@ func NewDeprecationTracker() *DeprecationTracker { } func (d *DeprecationTracker) TrackDeprecation(deprecation Deprecation, cl ...CodeLocation) { + ackVersion := os.Getenv("ACK_GINKGO_DEPRECATIONS") + if deprecation.Version != "" && ackVersion != "" { + ack := ParseSemVer(ackVersion) + version := ParseSemVer(deprecation.Version) + if ack.GreaterThanOrEqualTo(version) { + return + } + } + if len(cl) == 1 { d.deprecations[deprecation] = append(d.deprecations[deprecation], cl[0]) } else { @@ -92,5 +114,37 @@ func (d *DeprecationTracker) DeprecationsReport() string { out += formatter.Fi(2, "{{gray}}%s{{/}}\n", location) } } + out += formatter.F("\n{{gray}}To silence deprecations that can be silenced set the following environment variable:{{/}}\n") + out += formatter.Fi(1, "{{gray}}ACK_GINKGO_DEPRECATIONS=%s{{/}}\n", config.VERSION) + return out +} + +type SemVer struct { + Major int + Minor int + Patch int +} + +func (s SemVer) GreaterThanOrEqualTo(o SemVer) bool { + return (s.Major > o.Major) || + (s.Major == o.Major && s.Minor > o.Minor) || + (s.Major == o.Major && s.Minor == o.Minor && s.Patch >= o.Patch) +} + +func ParseSemVer(semver string) SemVer { + out := SemVer{} + semver = strings.TrimFunc(semver, func(r rune) bool { + return !(unicode.IsNumber(r) || r == '.') + }) + components := strings.Split(semver, ".") + if len(components) > 0 { + out.Major, _ = strconv.Atoi(components[0]) + } + if len(components) > 1 { + out.Minor, _ = strconv.Atoi(components[1]) + } + if len(components) > 2 { + out.Patch, _ = strconv.Atoi(components[2]) + } return out } diff --git a/vendor/modules.txt b/vendor/modules.txt index c30aae016..4f6410a6b 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -122,7 +122,7 @@ github.com/containers/common/pkg/umask github.com/containers/common/version # github.com/containers/conmon v2.0.20+incompatible github.com/containers/conmon/runner/config -# github.com/containers/image/v5 v5.11.1 +# github.com/containers/image/v5 v5.12.0 github.com/containers/image/v5/copy github.com/containers/image/v5/directory github.com/containers/image/v5/directory/explicitfilepath @@ -447,7 +447,7 @@ github.com/nxadm/tail/ratelimiter github.com/nxadm/tail/util github.com/nxadm/tail/watch github.com/nxadm/tail/winfile -# github.com/onsi/ginkgo v1.16.1 +# github.com/onsi/ginkgo v1.16.2 github.com/onsi/ginkgo github.com/onsi/ginkgo/config github.com/onsi/ginkgo/extensions/table |