diff options
33 files changed, 239 insertions, 132 deletions
diff --git a/cmd/podman/images/save.go b/cmd/podman/images/save.go index 19dadb2ad..4f45cb912 100644 --- a/cmd/podman/images/save.go +++ b/cmd/podman/images/save.go @@ -84,6 +84,8 @@ func saveFlags(cmd *cobra.Command) { flags.BoolVar(&saveOpts.Compress, "compress", false, "Compress tarball image layers when saving to a directory using the 'dir' transport. (default is same compression type as source)") + flags.BoolVar(&saveOpts.OciAcceptUncompressedLayers, "uncompressed", false, "Accept uncompressed layers when copying OCI images") + formatFlagName := "format" flags.StringVar(&saveOpts.Format, formatFlagName, define.V2s2Archive, "Save image to oci-archive, oci-dir (directory with oci manifest type), docker-archive, docker-dir (directory with v2s2 manifest type)") _ = cmd.RegisterFlagCompletionFunc(formatFlagName, common.AutocompleteImageSaveFormat) diff --git a/docs/source/markdown/podman-save.1.md b/docs/source/markdown/podman-save.1.md index 1f1f60b22..842bc8b41 100644 --- a/docs/source/markdown/podman-save.1.md +++ b/docs/source/markdown/podman-save.1.md @@ -29,6 +29,10 @@ Note: `:` is a restricted character and cannot be part of the file name. Compress tarball image layers when pushing to a directory using the 'dir' transport. (default is same compression type, compressed or uncompressed, as source) Note: This flag can only be set when using the **dir** transport i.e --format=oci-dir or --format=docker-dir +#### **--uncompressed** + +Accept uncompressed layers when copying OCI images. + #### **--output**, **-o**=*file* Write to a file, default is STDOUT @@ -12,11 +12,11 @@ require ( github.com/containernetworking/cni v1.0.1 github.com/containernetworking/plugins v1.0.1 github.com/containers/buildah v1.23.0 - github.com/containers/common v0.44.1-0.20210920093543-bf187ada7d0e + github.com/containers/common v0.44.1-0.20210921143342-f2f10e650c73 github.com/containers/conmon v2.0.20+incompatible github.com/containers/image/v5 v5.16.0 github.com/containers/ocicrypt v1.1.2 - github.com/containers/psgo v1.6.0 + github.com/containers/psgo v1.7.1 github.com/containers/storage v1.36.0 github.com/coreos/go-systemd/v22 v22.3.2 github.com/coreos/stream-metadata-go v0.0.0-20210225230131-70edb9eb47b3 @@ -250,8 +250,8 @@ github.com/containernetworking/plugins v1.0.1/go.mod h1:QHCfGpaTwYTbbH+nZXKVTxNB github.com/containers/buildah v1.23.0 h1:qGIeSNOczUHzvnaaOS29HSMiYAjw6JgIXYksAyvqnLs= github.com/containers/buildah v1.23.0/go.mod h1:K0iMKgy/MffkkgELBXhSXwTy2HTT6hM0X8qruDR1FwU= github.com/containers/common v0.44.0/go.mod h1:7sdP4vmI5Bm6FPFxb3lvAh1Iktb6tiO1MzjUzhxdoGo= -github.com/containers/common v0.44.1-0.20210920093543-bf187ada7d0e h1:p21+CJSeryr0Vb3dottjXRNYTaRND1QSPm36NogQ7cQ= -github.com/containers/common v0.44.1-0.20210920093543-bf187ada7d0e/go.mod h1:zxv7KjdYddSGoWuLUVp6eSb++Ow1zmSMB2jwxuNB4cU= +github.com/containers/common v0.44.1-0.20210921143342-f2f10e650c73 h1:+qKOyTHbuFo3GPsrUksphfHxYMIJQmPgwpDdQnARGAI= +github.com/containers/common v0.44.1-0.20210921143342-f2f10e650c73/go.mod h1:zxv7KjdYddSGoWuLUVp6eSb++Ow1zmSMB2jwxuNB4cU= github.com/containers/conmon v2.0.20+incompatible h1:YbCVSFSCqFjjVwHTPINGdMX1F6JXHGTUje2ZYobNrkg= github.com/containers/conmon v2.0.20+incompatible/go.mod h1:hgwZ2mtuDrppv78a/cOBNiCm6O0UMWGx1mu7P00nu5I= github.com/containers/image/v5 v5.16.0 h1:WQcNSzb7+ngS2cfynx0vUwhk+scpgiKlldVcsF8GPbI= @@ -263,8 +263,8 @@ github.com/containers/ocicrypt v1.1.0/go.mod h1:b8AOe0YR67uU8OqfVNcznfFpAzu3rdgU github.com/containers/ocicrypt v1.1.1/go.mod h1:Dm55fwWm1YZAjYRaJ94z2mfZikIyIN4B0oB3dj3jFxY= github.com/containers/ocicrypt v1.1.2 h1:Ez+GAMP/4GLix5Ywo/fL7O0nY771gsBIigiqUm1aXz0= github.com/containers/ocicrypt v1.1.2/go.mod h1:Dm55fwWm1YZAjYRaJ94z2mfZikIyIN4B0oB3dj3jFxY= -github.com/containers/psgo v1.6.0 h1:jkl/5kndKmJ/bnSFq8in6xRDAzgW26GnNuTxoycNFvk= -github.com/containers/psgo v1.6.0/go.mod h1:ggVhB2KQi9qGZdqSlczqN0BwcJdotmpRru87S1anRO8= +github.com/containers/psgo v1.7.1 h1:2N6KADeFvBm1aI2iXxu6+/Xh7CCkdh8p8F3F/cpIU5I= +github.com/containers/psgo v1.7.1/go.mod h1:mWGpFzW73qWFA+blhF6l7GuKzbrACkYgr/ajiNQR+RM= github.com/containers/storage v1.23.5/go.mod h1:ha26Q6ngehFNhf3AWoXldvAvwI4jFe3ETQAf/CeZPyM= github.com/containers/storage v1.35.0/go.mod h1:qzYhasQP2/V9D9XdO+vRwkHBhsBO0oznMLzzRDQ8s20= github.com/containers/storage v1.36.0 h1:OelxllCW19tnNngYuZw2ty/zLabVMG5rSs3KSwO1Lzc= diff --git a/libpod/network/types/network.go b/libpod/network/types/network.go index 6053ceb29..68a32d499 100644 --- a/libpod/network/types/network.go +++ b/libpod/network/types/network.go @@ -32,11 +32,11 @@ type ContainerNetwork interface { // Network describes the Network attributes. type Network struct { // Name of the Network. - Name string `json:"name,omitempty"` + Name string `json:"name"` // ID of the Network. - ID string `json:"id,omitempty"` + ID string `json:"id"` // Driver for this Network, e.g. bridge, macvlan... - Driver string `json:"driver,omitempty"` + Driver string `json:"driver"` // InterfaceName is the network interface name on the host. NetworkInterface string `json:"network_interface,omitempty"` // Created contains the timestamp when this network was created. @@ -97,7 +97,7 @@ func (n *IPNet) UnmarshalText(text []byte) error { type Subnet struct { // Subnet for this Network in CIDR form. // swagger:strfmt string - Subnet IPNet `json:"subnet,omitempty"` + Subnet IPNet `json:"subnet"` // Gateway IP for this Network. // swagger:strfmt string Gateway net.IP `json:"gateway,omitempty"` @@ -134,14 +134,14 @@ type NetInterface struct { // Networks list of assigned subnets with their gateway. Networks []NetAddress `json:"networks,omitempty"` // MacAddress for this Interface. - MacAddress net.HardwareAddr `json:"mac_address,omitempty"` + MacAddress net.HardwareAddr `json:"mac_address"` } // NetAddress contains the subnet and gatway. type NetAddress struct { // Subnet of this NetAddress. Note that the subnet contains the // actual ip of the net interface and not the network address. - Subnet IPNet `json:"subnet,omitempty"` + Subnet IPNet `json:"subnet"` // Gateway for the Subnet. This can be nil if there is no gateway, e.g. internal network. Gateway net.IP `json:"gateway,omitempty"` } @@ -157,27 +157,27 @@ type PerNetworkOptions struct { // StaticMac for this container. Optional. StaticMAC net.HardwareAddr `json:"static_mac,omitempty"` // InterfaceName for this container. Required. - InterfaceName string `json:"interface_name,omitempty"` + InterfaceName string `json:"interface_name"` } // NetworkOptions for a given container. type NetworkOptions struct { // ContainerID is the container id, used for iptables comments and ipam allocation. - ContainerID string `json:"container_id,omitempty"` + ContainerID string `json:"container_id"` // ContainerName is the container name, used as dns name. - ContainerName string `json:"container_name,omitempty"` + ContainerName string `json:"container_name"` // PortMappings contains the port mappings for this container PortMappings []PortMapping `json:"port_mappings,omitempty"` // Networks contains all networks with the PerNetworkOptions. // The map should contain at least one element. - Networks map[string]PerNetworkOptions `json:"networks,omitempty"` + Networks map[string]PerNetworkOptions `json:"networks"` } // PortMapping is one or more ports that will be mapped into the container. type PortMapping struct { // HostIP is the IP that we will bind to on the host. // If unset, assumed to be 0.0.0.0 (all interfaces). - HostIP string `json:"host_ip,omitempty"` + HostIP string `json:"host_ip"` // ContainerPort is the port number that will be exposed from the // container. // Mandatory. @@ -186,7 +186,7 @@ type PortMapping struct { // the container. // If omitted, a random port on the host (guaranteed to be over 1024) // will be assigned. - HostPort uint16 `json:"host_port,omitempty"` + HostPort uint16 `json:"host_port"` // Range is the number of ports that will be forwarded, starting at // HostPort and ContainerPort and counting up. // This is 1-indexed, so 1 is assumed to be a single port (only the @@ -195,12 +195,12 @@ type PortMapping struct { // If unset, assumed to be 1 (a single port). // Both hostport + range and containerport + range must be less than // 65536. - Range uint16 `json:"range,omitempty"` + Range uint16 `json:"range"` // Protocol is the protocol forward. // Must be either "tcp", "udp", and "sctp", or some combination of these // separated by commas. // If unset, assumed to be TCP. - Protocol string `json:"protocol,omitempty"` + Protocol string `json:"protocol"` } // OCICNIPortMapping maps to the standard CNI portmapping Capability. diff --git a/pkg/api/handlers/libpod/images.go b/pkg/api/handlers/libpod/images.go index b4f08a746..51157d204 100644 --- a/pkg/api/handlers/libpod/images.go +++ b/pkg/api/handlers/libpod/images.go @@ -289,9 +289,10 @@ func ExportImages(w http.ResponseWriter, r *http.Request) { runtime := r.Context().Value(api.RuntimeKey).(*libpod.Runtime) decoder := r.Context().Value(api.DecoderKey).(*schema.Decoder) query := struct { - Compress bool `schema:"compress"` - Format string `schema:"format"` - References []string `schema:"references"` + Compress bool `schema:"compress"` + Format string `schema:"format"` + OciAcceptUncompressedLayers bool `schema:"ociAcceptUncompressedLayers"` + References []string `schema:"references"` }{ Format: define.OCIArchive, } @@ -353,11 +354,12 @@ func ExportImages(w http.ResponseWriter, r *http.Request) { // Use the ABI image engine to share as much code as possible. opts := entities.ImageSaveOptions{ - Compress: query.Compress, - Format: query.Format, - MultiImageArchive: len(query.References) > 1, - Output: output, - RemoveSignatures: true, + Compress: query.Compress, + Format: query.Format, + MultiImageArchive: len(query.References) > 1, + OciAcceptUncompressedLayers: query.OciAcceptUncompressedLayers, + Output: output, + RemoveSignatures: true, } imageEngine := abi.ImageEngine{Libpod: runtime} diff --git a/pkg/api/server/register_images.go b/pkg/api/server/register_images.go index 95981226c..dce609a4e 100644 --- a/pkg/api/server/register_images.go +++ b/pkg/api/server/register_images.go @@ -1150,6 +1150,10 @@ func (s *APIServer) registerImagesHandlers(r *mux.Router) error { // name: compress // type: boolean // description: use compression on image + // - in: query + // name: ociAcceptUncompressedLayers + // type: boolean + // description: accept uncompressed layers when copying OCI images // produces: // - application/json // responses: diff --git a/pkg/bindings/images/types.go b/pkg/bindings/images/types.go index 801f5ed96..6ff9f18ec 100644 --- a/pkg/bindings/images/types.go +++ b/pkg/bindings/images/types.go @@ -65,6 +65,8 @@ type ExportOptions struct { Compress *bool // Format of the output Format *string + // Accept uncompressed layers when copying OCI images. + OciAcceptUncompressedLayers *bool } //go:generate go run ../generator/generator.go PruneOptions diff --git a/pkg/bindings/images/types_export_options.go b/pkg/bindings/images/types_export_options.go index 6229e435c..649b6814e 100644 --- a/pkg/bindings/images/types_export_options.go +++ b/pkg/bindings/images/types_export_options.go @@ -46,3 +46,18 @@ func (o *ExportOptions) GetFormat() string { } return *o.Format } + +// WithOciAcceptUncompressedLayers set field OciAcceptUncompressedLayers to given value +func (o *ExportOptions) WithOciAcceptUncompressedLayers(value bool) *ExportOptions { + o.OciAcceptUncompressedLayers = &value + return o +} + +// GetOciAcceptUncompressedLayers returns value of field OciAcceptUncompressedLayers +func (o *ExportOptions) GetOciAcceptUncompressedLayers() bool { + if o.OciAcceptUncompressedLayers == nil { + var z bool + return z + } + return *o.OciAcceptUncompressedLayers +} diff --git a/pkg/domain/entities/images.go b/pkg/domain/entities/images.go index c575212b1..edd23e662 100644 --- a/pkg/domain/entities/images.go +++ b/pkg/domain/entities/images.go @@ -301,6 +301,8 @@ type ImageSaveOptions struct { // than one image. Additional tags will be interpreted as references // to images which are added to the archive. MultiImageArchive bool + // Accept uncompressed layers when copying OCI images. + OciAcceptUncompressedLayers bool // Output - write image to the specified path. Output string // Do not save the signature from the source image diff --git a/pkg/domain/infra/abi/containers.go b/pkg/domain/infra/abi/containers.go index dc5f7a0df..affed64d1 100644 --- a/pkg/domain/infra/abi/containers.go +++ b/pkg/domain/infra/abi/containers.go @@ -830,21 +830,7 @@ func (ic *ContainerEngine) ContainerStart(ctx context.Context, namesOrIds []stri } return reports, errors.Wrapf(err, "unable to start container %s", ctr.ID()) } - - if ecode, err := ctr.Wait(ctx); err != nil { - if errors.Cause(err) == define.ErrNoSuchCtr { - // Check events - event, err := ic.Libpod.GetLastContainerEvent(ctx, ctr.ID(), events.Exited) - if err != nil { - logrus.Errorf("Cannot get exit code: %v", err) - exitCode = define.ExecErrorCodeNotFound - } else { - exitCode = event.ContainerExitCode - } - } - } else { - exitCode = int(ecode) - } + exitCode = ic.GetContainerExitCode(ctx, ctr) reports = append(reports, &entities.ContainerStartReport{ Id: ctr.ID(), RawInput: rawInput, @@ -985,21 +971,7 @@ func (ic *ContainerEngine) ContainerRun(ctx context.Context, opts entities.Conta report.ExitCode = define.ExitCode(err) return &report, err } - - if ecode, err := ctr.Wait(ctx); err != nil { - if errors.Cause(err) == define.ErrNoSuchCtr { - // Check events - event, err := ic.Libpod.GetLastContainerEvent(ctx, ctr.ID(), events.Exited) - if err != nil { - logrus.Errorf("Cannot get exit code: %v", err) - report.ExitCode = define.ExecErrorCodeNotFound - } else { - report.ExitCode = event.ContainerExitCode - } - } - } else { - report.ExitCode = int(ecode) - } + report.ExitCode = ic.GetContainerExitCode(ctx, ctr) if opts.Rm && !ctr.ShouldRestart(ctx) { if err := ic.Libpod.RemoveContainer(ctx, ctr, false, true); err != nil { if errors.Cause(err) == define.ErrNoSuchCtr || @@ -1013,6 +985,29 @@ func (ic *ContainerEngine) ContainerRun(ctx context.Context, opts entities.Conta return &report, nil } +func (ic *ContainerEngine) GetContainerExitCode(ctx context.Context, ctr *libpod.Container) int { + exitCode, err := ctr.Wait(ctx) + if err == nil { + return int(exitCode) + } + if errors.Cause(err) != define.ErrNoSuchCtr { + logrus.Errorf("Could not retrieve exit code: %v", err) + return define.ExecErrorCodeNotFound + } + // Make 4 attempt with 0.25s backoff between each for 1 second total + var event *events.Event + for i := 0; i < 4; i++ { + event, err = ic.Libpod.GetLastContainerEvent(ctx, ctr.ID(), events.Exited) + if err != nil { + time.Sleep(250 * time.Millisecond) + continue + } + return int(event.ContainerExitCode) + } + logrus.Errorf("Could not retrieve exit code from event: %v", err) + return define.ExecErrorCodeNotFound +} + func (ic *ContainerEngine) ContainerLogs(ctx context.Context, containers []string, options entities.ContainerLogsOptions) error { if options.StdoutWriter == nil && options.StderrWriter == nil { return errors.New("no io.Writer set for container logs") diff --git a/pkg/domain/infra/abi/images.go b/pkg/domain/infra/abi/images.go index a88d38a10..f8ee0304d 100644 --- a/pkg/domain/infra/abi/images.go +++ b/pkg/domain/infra/abi/images.go @@ -367,6 +367,7 @@ func (ir *ImageEngine) Load(ctx context.Context, options entities.ImageLoadOptio func (ir *ImageEngine) Save(ctx context.Context, nameOrID string, tags []string, options entities.ImageSaveOptions) error { saveOptions := &libimage.SaveOptions{} saveOptions.DirForceCompress = options.Compress + saveOptions.OciAcceptUncompressedLayers = options.OciAcceptUncompressedLayers saveOptions.RemoveSignatures = options.RemoveSignatures if !options.Quiet { diff --git a/pkg/domain/infra/tunnel/images.go b/pkg/domain/infra/tunnel/images.go index 9a746d68c..282770613 100644 --- a/pkg/domain/infra/tunnel/images.go +++ b/pkg/domain/infra/tunnel/images.go @@ -256,6 +256,7 @@ func (ir *ImageEngine) Save(ctx context.Context, nameOrID string, tags []string, err error ) options := new(images.ExportOptions).WithFormat(opts.Format).WithCompress(opts.Compress) + options = options.WithOciAcceptUncompressedLayers(opts.OciAcceptUncompressedLayers) switch opts.Format { case "oci-dir", "docker-dir": diff --git a/test/e2e/top_test.go b/test/e2e/top_test.go index 3cf6244b6..93c4f3f12 100644 --- a/test/e2e/top_test.go +++ b/test/e2e/top_test.go @@ -73,6 +73,12 @@ var _ = Describe("Podman top", func() { result.WaitWithDefaultTimeout() Expect(result).Should(Exit(0)) Expect(len(result.OutputToStringArray())).To(BeNumerically(">", 1)) + + // Just a smoke test since groups may change over time. + result = podmanTest.Podman([]string{"container", "top", "test", "groups", "hgroups"}) + result.WaitWithDefaultTimeout() + Expect(result).Should(Exit(0)) + Expect(len(result.OutputToStringArray())).To(BeNumerically(">", 1)) }) It("podman top with options", func() { diff --git a/test/system/120-load.bats b/test/system/120-load.bats index 97ea0f528..f2f9bf4d4 100644 --- a/test/system/120-load.bats +++ b/test/system/120-load.bats @@ -183,4 +183,16 @@ verify_iid_and_name() { run_podman rmi -f $img1 $img2 } +@test "podman save --oci-accept-uncompressed-layers" { + archive=$PODMAN_TMPDIR/myimage-$(random_string 8).tar + untar=$PODMAN_TMPDIR/myuntar-$(random_string 8) + mkdir -p $untar + + # Create a tarball, unpack it and make sure the layers are uncompressed. + run_podman save -o $archive --format oci-archive --uncompressed $IMAGE + run tar -C $untar -xvf $archive + run file $untar/blobs/sha256/* + is "$output" ".*POSIX tar archive" "layers are uncompressed" +} + # vim: filetype=sh diff --git a/vendor/github.com/containers/common/libimage/copier.go b/vendor/github.com/containers/common/libimage/copier.go index a44f098ad..42d3690b9 100644 --- a/vendor/github.com/containers/common/libimage/copier.go +++ b/vendor/github.com/containers/common/libimage/copier.go @@ -12,6 +12,7 @@ import ( "github.com/containers/common/pkg/retry" "github.com/containers/image/v5/copy" "github.com/containers/image/v5/docker/reference" + "github.com/containers/image/v5/pkg/compression" "github.com/containers/image/v5/signature" storageTransport "github.com/containers/image/v5/storage" "github.com/containers/image/v5/types" @@ -40,6 +41,10 @@ type CopyOptions struct { // Allows for customizing the destination reference lookup. This can // be used to use custom blob caches. DestinationLookupReferenceFunc LookupReferenceFunc + // CompressionFormat is the format to use for the compression of the blobs + CompressionFormat *compression.Algorithm + // CompressionLevel specifies what compression level is used + CompressionLevel *int // containers-auth.json(5) file to use when authenticating against // container registries. @@ -65,6 +70,8 @@ type CopyOptions struct { // types. Short forms (e.g., oci, v2s2) used by some tools are not // supported. ManifestMIMEType string + // Accept uncompressed layers when copying OCI images. + OciAcceptUncompressedLayers bool // If OciEncryptConfig is non-nil, it indicates that an image should be // encrypted. The encryption options is derived from the construction // of EncryptConfig object. Note: During initial encryption process of @@ -242,6 +249,17 @@ func (r *Runtime) newCopier(options *CopyOptions) (*copier, error) { c.systemContext.DockerCertPath = options.CertDirPath } + if options.CompressionFormat != nil { + c.systemContext.CompressionFormat = options.CompressionFormat + } + + if options.CompressionLevel != nil { + c.systemContext.CompressionLevel = options.CompressionLevel + } + + // NOTE: for the sake of consistency it's called Oci* in the CopyOptions. + c.systemContext.OCIAcceptUncompressedLayers = options.OciAcceptUncompressedLayers + policy, err := signature.DefaultPolicy(c.systemContext) if err != nil { return nil, err diff --git a/vendor/github.com/containers/common/pkg/config/default.go b/vendor/github.com/containers/common/pkg/config/default.go index a3fdc9529..34d17d72c 100644 --- a/vendor/github.com/containers/common/pkg/config/default.go +++ b/vendor/github.com/containers/common/pkg/config/default.go @@ -198,7 +198,6 @@ func DefaultConfig() (*Config, error) { TZ: "", Umask: "0022", UTSNS: "private", - UserNS: "host", UserNSSize: DefaultUserNSSize, }, Network: NetworkConfig{ diff --git a/vendor/github.com/containers/common/pkg/secrets/secrets.go b/vendor/github.com/containers/common/pkg/secrets/secrets.go index 2e7802369..aea983cb1 100644 --- a/vendor/github.com/containers/common/pkg/secrets/secrets.go +++ b/vendor/github.com/containers/common/pkg/secrets/secrets.go @@ -24,8 +24,8 @@ const secretIDLength = 25 // errInvalidPath indicates that the secrets path is invalid var errInvalidPath = errors.New("invalid secrets path") -// errNoSuchSecret indicates that the secret does not exist -var errNoSuchSecret = errors.New("no such secret") +// ErrNoSuchSecret indicates that the secret does not exist +var ErrNoSuchSecret = errors.New("no such secret") // errSecretNameInUse indicates that the secret name is already in use var errSecretNameInUse = errors.New("secret name in use") @@ -152,7 +152,7 @@ func (s *SecretsManager) Store(name string, data []byte, driverType string, driv newID = newID[0:secretIDLength] _, err := s.lookupSecret(newID) if err != nil { - if errors.Cause(err) == errNoSuchSecret { + if errors.Cause(err) == ErrNoSuchSecret { secr.ID = newID break } else { diff --git a/vendor/github.com/containers/common/pkg/secrets/secretsdb.go b/vendor/github.com/containers/common/pkg/secrets/secretsdb.go index 1395d103c..0c4929995 100644 --- a/vendor/github.com/containers/common/pkg/secrets/secretsdb.go +++ b/vendor/github.com/containers/common/pkg/secrets/secretsdb.go @@ -71,14 +71,14 @@ func (s *SecretsManager) getNameAndID(nameOrID string) (name, id string, err err name, id, err = s.getExactNameAndID(nameOrID) if err == nil { return name, id, nil - } else if errors.Cause(err) != errNoSuchSecret { + } else if errors.Cause(err) != ErrNoSuchSecret { return "", "", err } // ID prefix may have been given, iterate through all IDs. // ID and partial ID has a max length of 25, so we return if its greater than that. if len(nameOrID) > secretIDLength { - return "", "", errors.Wrapf(errNoSuchSecret, "no secret with name or id %q", nameOrID) + return "", "", errors.Wrapf(ErrNoSuchSecret, "no secret with name or id %q", nameOrID) } exists := false var foundID, foundName string @@ -96,7 +96,7 @@ func (s *SecretsManager) getNameAndID(nameOrID string) (name, id string, err err if exists { return foundName, foundID, nil } - return "", "", errors.Wrapf(errNoSuchSecret, "no secret with name or id %q", nameOrID) + return "", "", errors.Wrapf(ErrNoSuchSecret, "no secret with name or id %q", nameOrID) } // getExactNameAndID takes a secret's name or ID and returns both its name and full ID. @@ -115,7 +115,7 @@ func (s *SecretsManager) getExactNameAndID(nameOrID string) (name, id string, er return name, id, nil } - return "", "", errors.Wrapf(errNoSuchSecret, "no secret with name or id %q", nameOrID) + return "", "", errors.Wrapf(ErrNoSuchSecret, "no secret with name or id %q", nameOrID) } // exactSecretExists checks if the secret exists, given a name or ID @@ -123,7 +123,7 @@ func (s *SecretsManager) getExactNameAndID(nameOrID string) (name, id string, er func (s *SecretsManager) exactSecretExists(nameOrID string) (bool, error) { _, _, err := s.getExactNameAndID(nameOrID) if err != nil { - if errors.Cause(err) == errNoSuchSecret { + if errors.Cause(err) == ErrNoSuchSecret { return false, nil } return false, err @@ -158,7 +158,7 @@ func (s *SecretsManager) lookupSecret(nameOrID string) (*Secret, error) { return &secret, nil } - return nil, errors.Wrapf(errNoSuchSecret, "no secret with name or id %q", nameOrID) + return nil, errors.Wrapf(ErrNoSuchSecret, "no secret with name or id %q", nameOrID) } // Store creates a new secret in the secrets database. diff --git a/vendor/github.com/containers/psgo/.codespellrc b/vendor/github.com/containers/psgo/.codespellrc new file mode 100644 index 000000000..604bc21da --- /dev/null +++ b/vendor/github.com/containers/psgo/.codespellrc @@ -0,0 +1,2 @@ +[codespell] +skip = ./vendor,./.git diff --git a/vendor/github.com/containers/psgo/.golangci.yml b/vendor/github.com/containers/psgo/.golangci.yml new file mode 100644 index 000000000..a098068fe --- /dev/null +++ b/vendor/github.com/containers/psgo/.golangci.yml @@ -0,0 +1,6 @@ +# For documentation, see https://golangci-lint.run/usage/configuration/ + +linters: + enable: + - errorlint + - gofumpt diff --git a/vendor/github.com/containers/psgo/.travis.yml b/vendor/github.com/containers/psgo/.travis.yml deleted file mode 100644 index c07bb140b..000000000 --- a/vendor/github.com/containers/psgo/.travis.yml +++ /dev/null @@ -1,19 +0,0 @@ -language: go - -sudo: required - -servics: - - docker - -go: - - tip - -before_install: - - sudo add-apt-repository ppa:duggan/bats --yes - - sudo apt-get update -qq - - sudo apt-get install -qq bats - -script: - - make validate - - make build - - make test diff --git a/vendor/github.com/containers/psgo/Makefile b/vendor/github.com/containers/psgo/Makefile index 831dfa31f..fb6126e7c 100644 --- a/vendor/github.com/containers/psgo/Makefile +++ b/vendor/github.com/containers/psgo/Makefile @@ -1,28 +1,25 @@ -export GO111MODULE=off -export GOPROXY=https://proxy.golang.org - SHELL= /bin/bash GO ?= go BUILD_DIR := ./bin BIN_DIR := /usr/local/bin NAME := psgo -PROJECT := github.com/containers/psgo BATS_TESTS := *.bats -GO_SRC=$(shell find . -name \*.go) -GO_BUILD=$(GO) build -# Go module support: set `-mod=vendor` to use the vendored sources -ifeq ($(shell go help mod >/dev/null 2>&1 && echo true), true) - GO_BUILD=GO111MODULE=on $(GO) build -mod=vendor +# Not all platforms support -buildmode=pie, plus it's incompatible with -race. +ifeq ($(shell $(GO) env GOOS),linux) + ifeq (,$(filter $(shell $(GO) env GOARCH),mips mipsle mips64 mips64le ppc64 riscv64)) + ifeq (,$(findstring -race,$(EXTRA_BUILD_FLAGS))) + GO_BUILDMODE := "-buildmode=pie" + endif + endif endif - -GOBIN ?= $(GO)/bin +GO_BUILD := $(GO) build $(GO_BUILDMODE) all: validate build .PHONY: build -build: $(GO_SRC) - $(GO_BUILD) -buildmode=pie -o $(BUILD_DIR)/$(NAME) $(PROJECT)/sample +build: + $(GO_BUILD) $(EXTRA_BUILD_FLAGS) -o $(BUILD_DIR)/$(NAME) ./sample .PHONY: clean clean: @@ -30,13 +27,13 @@ clean: .PHONY: vendor vendor: - GO111MODULE=on go mod tidy - GO111MODULE=on go mod vendor - GO111MODULE=on go mod verify + go mod tidy + go mod vendor + go mod verify .PHONY: validate -validate: .install.lint - $(GOBIN)/golangci-lint run +validate: + golangci-lint run .PHONY: test test: test-unit test-integration @@ -47,17 +44,12 @@ test-integration: .PHONY: test-unit test-unit: - go test -v $(PROJECT) - go test -v $(PROJECT)/internal/... + $(GO) test -v $(EXTRA_TEST_FLAGS) ./... .PHONY: install install: sudo install -D -m755 $(BUILD_DIR)/$(NAME) $(BIN_DIR) -.PHONY: .install.lint -.install.lint: - VERSION=1.24.0 GOBIN=$(GOBIN) sh ./hack/install_golangci.sh - .PHONY: uninstall uninstall: sudo rm $(BIN_DIR)/$(NAME) diff --git a/vendor/github.com/containers/psgo/README.md b/vendor/github.com/containers/psgo/README.md index fed42c683..684c80a0c 100644 --- a/vendor/github.com/containers/psgo/README.md +++ b/vendor/github.com/containers/psgo/README.md @@ -73,8 +73,12 @@ The ps library is compatible with all AIX format descriptors of the ps command-l - Set of inheritable capabilities. See capabilities(7) for more information. - **capprm** - Set of permitted capabilities. See capabilities(7) for more information. +- **groups** + - Supplmentary groups inside the container. - **hgroup** - The corresponding effective group of a container process on the host. +- **hgroups** + - Supplmentary groups on the host. - **hpid** - The corresponding host PID of a container process. - **huser** diff --git a/vendor/github.com/containers/psgo/go.mod b/vendor/github.com/containers/psgo/go.mod index 699874cf7..fd19d9b48 100644 --- a/vendor/github.com/containers/psgo/go.mod +++ b/vendor/github.com/containers/psgo/go.mod @@ -1,10 +1,9 @@ module github.com/containers/psgo -go 1.13 +go 1.14 require ( github.com/opencontainers/runc v1.0.2 - github.com/sirupsen/logrus v1.8.1 github.com/stretchr/testify v1.7.0 golang.org/x/sys v0.0.0-20210817190340-bfb29a6856f2 ) diff --git a/vendor/github.com/containers/psgo/go.sum b/vendor/github.com/containers/psgo/go.sum index 0ba04956f..85b0f4ff7 100644 --- a/vendor/github.com/containers/psgo/go.sum +++ b/vendor/github.com/containers/psgo/go.sum @@ -39,7 +39,6 @@ github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZN github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/seccomp/libseccomp-golang v0.9.1/go.mod h1:GbW5+tmTXfcxTToHLXlScSlAvWlF4P2Ca7zGrPiEpWo= github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= -github.com/sirupsen/logrus v1.8.1 h1:dJKuHgqk1NNQlqoA6BTlM1Wf9DOH3NBjQyu0h9+AZZE= github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= diff --git a/vendor/github.com/containers/psgo/internal/host/host.go b/vendor/github.com/containers/psgo/internal/host/host.go index 33ad67a11..3c708a2b8 100644 --- a/vendor/github.com/containers/psgo/internal/host/host.go +++ b/vendor/github.com/containers/psgo/internal/host/host.go @@ -54,7 +54,7 @@ func BootTime() (int64, error) { btimeSec, err := strconv.ParseInt(btimeStr, 10, 64) if err != nil { - return 0, fmt.Errorf("error parsing boot time from /proc/stat: %s", err) + return 0, fmt.Errorf("error parsing boot time from /proc/stat: %w", err) } bootTime = &btimeSec return btimeSec, nil diff --git a/vendor/github.com/containers/psgo/internal/proc/ns.go b/vendor/github.com/containers/psgo/internal/proc/ns.go index 4778048f2..28ee6a2c9 100644 --- a/vendor/github.com/containers/psgo/internal/proc/ns.go +++ b/vendor/github.com/containers/psgo/internal/proc/ns.go @@ -59,7 +59,7 @@ func ReadMappings(path string) ([]IDMap, error) { for { line, _, err := buf.ReadLine() if err != nil { - if err == io.EOF { + if err == io.EOF { //nolint:errorlint // False positive, see https://github.com/polyfloyd/go-errorlint/pull/12 return mappings, nil } return nil, fmt.Errorf("cannot read line from %s: %w", path, err) diff --git a/vendor/github.com/containers/psgo/internal/proc/pids.go b/vendor/github.com/containers/psgo/internal/proc/pids.go index 69e8befc1..2687396e1 100644 --- a/vendor/github.com/containers/psgo/internal/proc/pids.go +++ b/vendor/github.com/containers/psgo/internal/proc/pids.go @@ -52,7 +52,7 @@ func GetPIDs() ([]string, error) { return pids, nil } -// GetPIDsFromCgroup returns a strings slice of all pids listesd in pid's pids +// GetPIDsFromCgroup returns a strings slice of all pids listed in pid's pids // cgroup. It automatically detects if we're running in unified mode or not. func GetPIDsFromCgroup(pid string) ([]string, error) { unified, err := cgroups.IsCgroup2UnifiedMode() @@ -65,11 +65,12 @@ func GetPIDsFromCgroup(pid string) ([]string, error) { return getPIDsFromCgroupV1(pid) } -// getPIDsFromCgroupV1 returns a strings slice of all pids listesd in pid's pids +// getPIDsFromCgroupV1 returns a strings slice of all pids listed in pid's pids // cgroup. func getPIDsFromCgroupV1(pid string) ([]string, error) { // First, find the corresponding path to the PID cgroup. - f, err := os.Open(fmt.Sprintf("/proc/%s/cgroup", pid)) + pidPath := fmt.Sprintf("/proc/%s/cgroup", pid) + f, err := os.Open(pidPath) if err != nil { return nil, err } @@ -83,7 +84,8 @@ func getPIDsFromCgroupV1(pid string) ([]string, error) { continue } if fields[1] == "pids" { - cgroupPath = fmt.Sprintf("/sys/fs/cgroup/pids/%s/cgroup.procs", fields[2]) + cgroupPath = filepath.Join(cgroups.CgroupRoot, "pids", fields[2], "cgroup.procs") + break } } @@ -94,7 +96,18 @@ func getPIDsFromCgroupV1(pid string) ([]string, error) { // Second, extract the PIDs inside the cgroup. f, err = os.Open(cgroupPath) if err != nil { - return nil, err + if os.IsNotExist(err) { + // OCI runtimes might mount the container cgroup at the root, breaking what it showed + // in /proc/$PID/cgroup and the path. + // Check if the PID still exists to make sure the process is still alive. + if _, errStat := os.Stat(pidPath); errStat == nil { + cgroupPath = filepath.Join(cgroups.CgroupRoot, "pids", "cgroup.procs") + f, err = os.Open(cgroupPath) + } + } + if err != nil { + return nil, err + } } defer f.Close() @@ -107,7 +120,7 @@ func getPIDsFromCgroupV1(pid string) ([]string, error) { return pids, nil } -// getPIDsFromCgroupV2 returns a strings slice of all pids listesd in pid's pids +// getPIDsFromCgroupV2 returns a strings slice of all pids listed in pid's pids // cgroup. func getPIDsFromCgroupV2(pid string) ([]string, error) { // First, find the corresponding path to the PID cgroup. @@ -124,8 +137,10 @@ func getPIDsFromCgroupV2(pid string) ([]string, error) { if len(fields) != 3 { continue } - cgroupSlice = fields[2] - break + if fields[1] == "" { + cgroupSlice = fields[2] + break + } } if cgroupSlice == "" { diff --git a/vendor/github.com/containers/psgo/internal/proc/status.go b/vendor/github.com/containers/psgo/internal/proc/status.go index 2753915fd..1896b5c07 100644 --- a/vendor/github.com/containers/psgo/internal/proc/status.go +++ b/vendor/github.com/containers/psgo/internal/proc/status.go @@ -182,7 +182,7 @@ func readStatusUserNS(pid string) ([]string, error) { c := exec.Command(args[0], args[1:]...) output, err := c.CombinedOutput() if err != nil { - return nil, fmt.Errorf("error executing %q: %v", strings.Join(args, " "), err) + return nil, fmt.Errorf("error executing %q: %w", strings.Join(args, " "), err) } return strings.Split(string(output), "\n"), nil diff --git a/vendor/github.com/containers/psgo/internal/process/process.go b/vendor/github.com/containers/psgo/internal/process/process.go index 8fd49e416..715039610 100644 --- a/vendor/github.com/containers/psgo/internal/process/process.go +++ b/vendor/github.com/containers/psgo/internal/process/process.go @@ -215,7 +215,7 @@ func (p *Process) StartTime() (time.Time, error) { return time.Unix(sinceBoot+bootTime, 0), nil } -// CPUTime returns the cumlative CPU time of process p as a time.Duration. +// CPUTime returns the cumulative CPU time of process p as a time.Duration. func (p *Process) CPUTime() (time.Duration, error) { user, err := strconv.ParseInt(p.Stat.Utime, 10, 64) if err != nil { diff --git a/vendor/github.com/containers/psgo/psgo.go b/vendor/github.com/containers/psgo/psgo.go index b0569fa1c..ea893e7ca 100644 --- a/vendor/github.com/containers/psgo/psgo.go +++ b/vendor/github.com/containers/psgo/psgo.go @@ -175,6 +175,11 @@ var ( procFn: processGROUP, }, { + normal: "groups", + header: "GROUPS", + procFn: processGROUPS, + }, + { code: "%P", normal: "ppid", header: "PPID", @@ -306,6 +311,12 @@ var ( procFn: processHGROUP, }, { + normal: "hgroups", + header: "HGROUPS", + onHost: true, + procFn: processHGROUPS, + }, + { normal: "rss", header: "RSS", procFn: processRSS, @@ -620,14 +631,29 @@ func findHostProcess(p *process.Process, ctx *psContext) *process.Process { } // processGROUP returns the effective group ID of the process. This will be -// the textual group ID, if it can be optained, or a decimal representation +// the textual group ID, if it can be obtained, or a decimal representation // otherwise. func processGROUP(p *process.Process, ctx *psContext) (string, error) { return process.LookupGID(p.Status.Gids[1]) } +// processGROUPS returns the supplementary groups of the process separated by +// comma. This will be the textual group ID, if it can be obtained, or a +// decimal representation otherwise. +func processGROUPS(p *process.Process, ctx *psContext) (string, error) { + var err error + groups := make([]string, len(p.Status.Groups)) + for i, g := range p.Status.Groups { + groups[i], err = process.LookupGID(g) + if err != nil { + return "", err + } + } + return strings.Join(groups, ","), nil +} + // processRGROUP returns the real group ID of the process. This will be -// the textual group ID, if it can be optained, or a decimal representation +// the textual group ID, if it can be obtained, or a decimal representation // otherwise. func processRGROUP(p *process.Process, ctx *psContext) (string, error) { return process.LookupGID(p.Status.Gids[0]) @@ -639,14 +665,14 @@ func processPPID(p *process.Process, ctx *psContext) (string, error) { } // processUSER returns the effective user name of the process. This will be -// the textual user ID, if it can be optained, or a decimal representation +// the textual user ID, if it can be obtained, or a decimal representation // otherwise. func processUSER(p *process.Process, ctx *psContext) (string, error) { return process.LookupUID(p.Status.Uids[1]) } // processRUSER returns the effective user name of the process. This will be -// the textual user ID, if it can be optained, or a decimal representation +// the textual user ID, if it can be obtained, or a decimal representation // otherwise. func processRUSER(p *process.Process, ctx *psContext) (string, error) { return process.LookupUID(p.Status.Uids[0]) @@ -867,6 +893,26 @@ func processHGROUP(p *process.Process, ctx *psContext) (string, error) { return "?", nil } +// processHGROUPS returns the supplementary groups of the corresponding host +// process of the (container) or "?" if no corresponding process could be +// found. +func processHGROUPS(p *process.Process, ctx *psContext) (string, error) { + if hp := findHostProcess(p, ctx); hp != nil { + groups := hp.Status.Groups + if ctx.opts != nil && len(ctx.opts.GIDMap) > 0 { + var err error + for i, g := range groups { + groups[i], err = findID(g, ctx.opts.GIDMap, process.LookupGID, "/proc/sys/fs/overflowgid") + if err != nil { + return "", err + } + } + } + return strings.Join(groups, ","), nil + } + return "?", nil +} + // processRSS returns the resident set size of process p in KiB (1024-byte // units). func processRSS(p *process.Process, ctx *psContext) (string, error) { diff --git a/vendor/modules.txt b/vendor/modules.txt index f7990917e..c25db5eca 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -97,7 +97,7 @@ github.com/containers/buildah/pkg/rusage github.com/containers/buildah/pkg/sshagent github.com/containers/buildah/pkg/util github.com/containers/buildah/util -# github.com/containers/common v0.44.1-0.20210920093543-bf187ada7d0e +# github.com/containers/common v0.44.1-0.20210921143342-f2f10e650c73 github.com/containers/common/libimage github.com/containers/common/libimage/manifests github.com/containers/common/pkg/apparmor @@ -194,7 +194,7 @@ github.com/containers/ocicrypt/keywrap/pkcs7 github.com/containers/ocicrypt/spec github.com/containers/ocicrypt/utils github.com/containers/ocicrypt/utils/keyprovider -# github.com/containers/psgo v1.6.0 +# github.com/containers/psgo v1.7.1 github.com/containers/psgo github.com/containers/psgo/internal/capabilities github.com/containers/psgo/internal/cgroups |