summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rwxr-xr-xcontrib/cirrus/setup_environment.sh5
-rw-r--r--docs/source/markdown/podman-container-checkpoint.1.md6
-rw-r--r--docs/source/markdown/podman-container-restore.1.md10
-rw-r--r--go.mod2
-rw-r--r--go.sum4
-rwxr-xr-xhack/libsubid_tag.sh10
-rw-r--r--libpod/kube.go2
-rw-r--r--pkg/api/handlers/utils/images.go2
-rw-r--r--pkg/specgen/generate/container_create.go7
-rw-r--r--test/apiv2/10-images.at4
-rw-r--r--test/e2e/generate_kube_test.go24
-rw-r--r--test/python/docker/compat/test_images.py1
-rw-r--r--test/system/170-run-userns.bats38
-rw-r--r--vendor/github.com/containers/storage/go.mod2
-rw-r--r--vendor/github.com/containers/storage/go.sum3
-rw-r--r--vendor/github.com/containers/storage/layers.go43
-rw-r--r--vendor/github.com/containers/storage/pkg/homedir/homedir.go52
-rw-r--r--vendor/github.com/containers/storage/pkg/homedir/homedir_others.go15
-rw-r--r--vendor/github.com/containers/storage/pkg/homedir/homedir_unix.go45
-rw-r--r--vendor/github.com/containers/storage/pkg/homedir/homedir_windows.go7
-rw-r--r--vendor/github.com/containers/storage/pkg/idtools/idtools_supported.go10
-rw-r--r--vendor/github.com/containers/storage/types/options.go33
-rw-r--r--vendor/modules.txt2
23 files changed, 224 insertions, 103 deletions
diff --git a/contrib/cirrus/setup_environment.sh b/contrib/cirrus/setup_environment.sh
index 8f535c7e7..43c709228 100755
--- a/contrib/cirrus/setup_environment.sh
+++ b/contrib/cirrus/setup_environment.sh
@@ -118,6 +118,11 @@ fi
case "$OS_RELEASE_ID" in
ubuntu) ;;
fedora)
+ # Force a crun version that has this fix: https://github.com/containers/crun/pull/819
+ # FIXME: Remove once a fixed crun made its way into Fedora
+ if test "$OS_RELEASE_VER" == "35"; then
+ yum upgrade -y https://kojipkgs.fedoraproject.org//work/tasks/684/80280684/crun-1.3-2.fc35.x86_64.rpm
+ fi
if ((CONTAINER==0)); then
# All SELinux distros need this for systemd-in-a-container
msg "Enabling container_manage_cgroup"
diff --git a/docs/source/markdown/podman-container-checkpoint.1.md b/docs/source/markdown/podman-container-checkpoint.1.md
index 200920ca9..e54274775 100644
--- a/docs/source/markdown/podman-container-checkpoint.1.md
+++ b/docs/source/markdown/podman-container-checkpoint.1.md
@@ -9,6 +9,8 @@ podman\-container\-checkpoint - Checkpoints one or more running containers
## DESCRIPTION
**podman container checkpoint** checkpoints all the processes in one or more *containers*. A *container* can be restored from a checkpoint with **[podman-container-restore](podman-container-restore.1.md)**. The *container IDs* or *names* are used as input.
+*IMPORTANT: If the container is using __systemd__ as __entrypoint__ checkpointing the container might not be possible.*
+
## OPTIONS
#### **--all**, **-a**
@@ -37,7 +39,7 @@ root file-system, if not explicitly disabled using **--ignore-rootfs**.
If a checkpoint is exported to a tar.gz file it is possible with the help of **--ignore-rootfs** to explicitly disable including changes to the root file-system into the checkpoint archive file.\
The default is **false**.\
-*IMPORTANT: This OPTION only works in combination with **--export, -e**.*
+*IMPORTANT: This OPTION only works in combination with __--export, -e__.*
#### **--ignore-volumes**
@@ -122,7 +124,7 @@ The default is **false**.
Check out the *container* with previous criu image files in pre-dump. It only works on `runc 1.0-rc3` or `higher`.\
The default is **false**.\
-*IMPORTANT: This OPTION is not available with **--pre-checkpoint***.
+*IMPORTANT: This OPTION is not available with __--pre-checkpoint__*.
## EXAMPLES
diff --git a/docs/source/markdown/podman-container-restore.1.md b/docs/source/markdown/podman-container-restore.1.md
index a4630dedf..3dfa063b8 100644
--- a/docs/source/markdown/podman-container-restore.1.md
+++ b/docs/source/markdown/podman-container-restore.1.md
@@ -39,7 +39,7 @@ The default is **false**.\
If a *container* is restored from a checkpoint tar.gz file it is possible that it also contains all root file-system changes. With **--ignore-rootfs** it is possible to explicitly disable applying these root file-system changes to the restored *container*.\
The default is **false**.\
-*IMPORTANT: This OPTION is only available in combination with **--import, -i**.*
+*IMPORTANT: This OPTION is only available in combination with __--import, -i__.*
#### **--ignore-static-ip**
@@ -98,14 +98,14 @@ If the **--name, -n** option is used, Podman will not attempt to assign the same
address to the *container* it was using before checkpointing as each IP address can only
be used once and the restored *container* will have another IP address. This also means
that **--name, -n** cannot be used in combination with **--tcp-established**.\
-*IMPORTANT: This OPTION is only available in combination with **--import, -i**.*
+*IMPORTANT: This OPTION is only available in combination with __--import, -i__.*
#### **--pod**=*name*
Restore a container into the pod *name*. The destination pod for this restore
has to have the same namespaces shared as the pod this container was checkpointed
-from (see **[podman pod create --share](podman-pod-create.1.md#--share)**).
-*IMPORTANT: This OPTION is only available in combination with **--import, -i**.*
+from (see **[podman pod create --share](podman-pod-create.1.md#--share)**).\
+*IMPORTANT: This OPTION is only available in combination with __--import, -i__.*
This option requires at least CRIU 3.16.
@@ -168,7 +168,7 @@ Import a checkpoint file and a pre-checkpoint file.
# podman container restore --import-previous pre-checkpoint.tar.gz --import checkpoint.tar.gz
```
-Remove the container "mywebserver". Make a checkpoint of the container and export it. Restore the container with other port ranges from the exported file.
+Start the container "mywebserver". Make a checkpoint of the container and export it. Restore the container with other port ranges from the exported file.
```
$ podman run --rm -p 2345:80 -d webserver
# podman container checkpoint -l --export=dump.tar
diff --git a/go.mod b/go.mod
index 663bad753..7e2226c91 100644
--- a/go.mod
+++ b/go.mod
@@ -17,7 +17,7 @@ require (
github.com/containers/image/v5 v5.17.1-0.20211207161909-6f3c8453e1a7
github.com/containers/ocicrypt v1.1.2
github.com/containers/psgo v1.7.1
- github.com/containers/storage v1.37.1-0.20211130181259-1a158c89a518
+ github.com/containers/storage v1.37.1-0.20211213220314-73a749e4fec5
github.com/coreos/go-systemd/v22 v22.3.2
github.com/coreos/stream-metadata-go v0.0.0-20210225230131-70edb9eb47b3
github.com/cyphar/filepath-securejoin v0.2.3
diff --git a/go.sum b/go.sum
index 0f832d974..a4c155ed1 100644
--- a/go.sum
+++ b/go.sum
@@ -308,8 +308,8 @@ github.com/containers/storage v1.35.0/go.mod h1:qzYhasQP2/V9D9XdO+vRwkHBhsBO0ozn
github.com/containers/storage v1.36.0/go.mod h1:vbd3SKVQNHdmU5qQI6hTEcKPxnZkGqydG4f6uwrI5a8=
github.com/containers/storage v1.37.0/go.mod h1:kqeJeS0b7DO2ZT1nVWs0XufrmPFbgV3c+Q/45RlH6r4=
github.com/containers/storage v1.37.1-0.20211119174841-bf170b3ddac0/go.mod h1:XjCNlt5JUUmRuTJXhFxHb9hHGPho7DNg3o4N/14prdQ=
-github.com/containers/storage v1.37.1-0.20211130181259-1a158c89a518 h1:p44O35V8XCefRxOxU1aY6eT9XNMxkWA1drtJpsl211c=
-github.com/containers/storage v1.37.1-0.20211130181259-1a158c89a518/go.mod h1:T5DX08T/eKKRs0WGDhC/ztngMSth6YuHq15eF8C/Y5A=
+github.com/containers/storage v1.37.1-0.20211213220314-73a749e4fec5 h1:DOpYQGCHIJfrErey3FyondnZGfZrbfGpHAN6nQssE1o=
+github.com/containers/storage v1.37.1-0.20211213220314-73a749e4fec5/go.mod h1:5qRpx96WJRTCQCsArfrWjUh398JSNCaTJG6RbOhMlqY=
github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
diff --git a/hack/libsubid_tag.sh b/hack/libsubid_tag.sh
index ab6af9e30..31412b3e6 100755
--- a/hack/libsubid_tag.sh
+++ b/hack/libsubid_tag.sh
@@ -7,9 +7,19 @@ mkdir -p "$tmpdir"
trap 'rm -fr "$tmpdir"' EXIT
cc -o "$tmpdir"/libsubid_tag -l subid -x c - > /dev/null 2> /dev/null << EOF
#include <shadow/subid.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+const char *Prog = "test";
+FILE *shadow_logfd = NULL;
+
int main() {
struct subid_range *ranges = NULL;
+#if SUBID_ABI_MAJOR >= 4
+ subid_get_uid_ranges("root", &ranges);
+#else
get_subuid_ranges("root", &ranges);
+#endif
free(ranges);
return 0;
}
diff --git a/libpod/kube.go b/libpod/kube.go
index 4e61b5377..d667616d0 100644
--- a/libpod/kube.go
+++ b/libpod/kube.go
@@ -747,7 +747,7 @@ func libpodEnvVarsToKubeEnvVars(envs []string, imageEnvs []string) ([]v1.EnvVar,
defaultEnv := env.DefaultEnvVariables()
envVars := make([]v1.EnvVar, 0, len(envs))
imageMap := make(map[string]string, len(imageEnvs))
- for _, ie := range envs {
+ for _, ie := range imageEnvs {
split := strings.SplitN(ie, "=", 2)
imageMap[split[0]] = split[1]
}
diff --git a/pkg/api/handlers/utils/images.go b/pkg/api/handlers/utils/images.go
index d874165e3..3f3f48193 100644
--- a/pkg/api/handlers/utils/images.go
+++ b/pkg/api/handlers/utils/images.go
@@ -35,7 +35,7 @@ func NormalizeToDockerHub(r *http.Request, nameOrID string) (string, error) {
if errors.Cause(err) != storage.ErrImageUnknown {
return "", fmt.Errorf("normalizing name for compat API: %v", err)
}
- } else if strings.HasPrefix(img.ID(), nameOrID) {
+ } else if strings.HasPrefix(img.ID(), strings.TrimPrefix(nameOrID, "sha256:")) {
return img.ID(), nil
}
diff --git a/pkg/specgen/generate/container_create.go b/pkg/specgen/generate/container_create.go
index 7d8ef576a..1debf6c0e 100644
--- a/pkg/specgen/generate/container_create.go
+++ b/pkg/specgen/generate/container_create.go
@@ -9,6 +9,7 @@ import (
cdi "github.com/container-orchestrated-devices/container-device-interface/pkg"
"github.com/containers/common/libimage"
"github.com/containers/podman/v3/libpod"
+ "github.com/containers/podman/v3/pkg/namespaces"
"github.com/containers/podman/v3/pkg/specgen"
"github.com/containers/podman/v3/pkg/util"
spec "github.com/opencontainers/runtime-spec/specs-go"
@@ -96,6 +97,12 @@ func MakeContainer(ctx context.Context, rt *libpod.Runtime, s *specgen.SpecGener
return nil, nil, nil, err
}
s.UserNS = defaultNS
+
+ mappings, err := util.ParseIDMapping(namespaces.UsernsMode(s.UserNS.NSMode), nil, nil, "", "")
+ if err != nil {
+ return nil, nil, nil, err
+ }
+ s.IDMappings = mappings
}
if s.NetNS.IsDefault() {
defaultNS, err := GetDefaultNamespaceMode("net", rtc, pod)
diff --git a/test/apiv2/10-images.at b/test/apiv2/10-images.at
index 07b63e566..36c2fc6aa 100644
--- a/test/apiv2/10-images.at
+++ b/test/apiv2/10-images.at
@@ -53,8 +53,8 @@ t POST "images/create?fromImage=alpine" 200 .error~null .status~".*Download comp
t POST "images/create?fromImage=alpine&tag=latest" 200
# 10977 - handle platform parameter correctly
-t POST "images/create?fromImage=alpine&platform=linux/arm64" 200
-t GET "images/alpine/json" 200 \
+t POST "images/create?fromImage=testimage:20210610&platform=linux/arm64" 200
+t GET "images/testimage:20210610/json" 200 \
.Architecture=arm64
# Make sure that new images are pulled
diff --git a/test/e2e/generate_kube_test.go b/test/e2e/generate_kube_test.go
index cfa264de2..16f2c4272 100644
--- a/test/e2e/generate_kube_test.go
+++ b/test/e2e/generate_kube_test.go
@@ -1100,4 +1100,28 @@ USER test1`
Expect(pod.GetAnnotations()).To(HaveKeyWithValue("io.containers.autoupdate.authfile/"+ctr, "/some/authfile.json"))
}
})
+
+ It("podman generate kube can export env variables correctly", func() {
+ // Fixes https://github.com/containers/podman/issues/12647
+ // PR https://github.com/containers/podman/pull/12648
+
+ ctrName := "gen-kube-env-ctr"
+ podName := "gen-kube-env"
+ session1 := podmanTest.Podman([]string{"run", "-d", "--pod", "new:" + podName, "--name", ctrName,
+ "-e", "FOO=bar",
+ "-e", "HELLO=WORLD",
+ "alpine", "top"})
+ session1.WaitWithDefaultTimeout()
+ Expect(session1).Should(Exit(0))
+
+ kube := podmanTest.Podman([]string{"generate", "kube", podName})
+ kube.WaitWithDefaultTimeout()
+ Expect(kube).Should(Exit(0))
+
+ pod := new(v1.Pod)
+ err := yaml.Unmarshal(kube.Out.Contents(), pod)
+ Expect(err).To(BeNil())
+
+ Expect(pod.Spec.Containers[0].Env).To(HaveLen(2))
+ })
})
diff --git a/test/python/docker/compat/test_images.py b/test/python/docker/compat/test_images.py
index 1e2b531b7..485a0e419 100644
--- a/test/python/docker/compat/test_images.py
+++ b/test/python/docker/compat/test_images.py
@@ -79,6 +79,7 @@ class TestImages(unittest.TestCase):
# Add more images
self.client.images.pull(constant.BB)
self.assertEqual(len(self.client.images.list()), 2)
+ self.assertEqual(len(self.client.images.list(all=True)), 2)
# List images with filter
self.assertEqual(len(self.client.images.list(filters={"reference": "alpine"})), 1)
diff --git a/test/system/170-run-userns.bats b/test/system/170-run-userns.bats
index eb6c4e259..a5be591ef 100644
--- a/test/system/170-run-userns.bats
+++ b/test/system/170-run-userns.bats
@@ -17,7 +17,7 @@ function _require_crun() {
skip_if_rootless "chroot is not allowed in rootless mode"
skip_if_remote "--group-add keep-groups not supported in remote mode"
_require_crun
- run chroot --groups 1234 / ${PODMAN} run --uidmap 0:200000:5000 --group-add keep-groups $IMAGE id
+ run chroot --groups 1234 / ${PODMAN} run --rm --uidmap 0:200000:5000 --group-add keep-groups $IMAGE id
is "$output" ".*65534(nobody)" "Check group leaked into user namespace"
}
@@ -25,30 +25,56 @@ function _require_crun() {
skip_if_rootless "chroot is not allowed in rootless mode"
skip_if_remote "--group-add keep-groups not supported in remote mode"
_require_crun
- run chroot --groups 1234,5678 / ${PODMAN} run --group-add keep-groups $IMAGE id
+ run chroot --groups 1234,5678 / ${PODMAN} run --rm --group-add keep-groups $IMAGE id
is "$output" ".*1234" "Check group leaked into container"
}
@test "podman --group-add without keep-groups while in a userns" {
skip_if_rootless "chroot is not allowed in rootless mode"
skip_if_remote "--group-add keep-groups not supported in remote mode"
- run chroot --groups 1234,5678 / ${PODMAN} run --uidmap 0:200000:5000 --group-add 457 $IMAGE id
+ run chroot --groups 1234,5678 / ${PODMAN} run --rm --uidmap 0:200000:5000 --group-add 457 $IMAGE id
is "$output" ".*457" "Check group leaked into container"
}
@test "podman --remote --group-add keep-groups " {
if is_remote; then
- run_podman 125 run --group-add keep-groups $IMAGE id
+ run_podman 125 run --rm --group-add keep-groups $IMAGE id
is "$output" ".*not supported in remote mode" "Remote check --group-add keep-groups"
fi
}
@test "podman --group-add without keep-groups " {
- run_podman run --group-add 457 $IMAGE id
+ run_podman run --rm --group-add 457 $IMAGE id
is "$output" ".*457" "Check group leaked into container"
}
@test "podman --group-add keep-groups plus added groups " {
- run_podman 125 run --group-add keep-groups --group-add 457 $IMAGE id
+ run_podman 125 run --rm --group-add keep-groups --group-add 457 $IMAGE id
is "$output" ".*the '--group-add keep-groups' option is not allowed with any other --group-add options" "Check group leaked into container"
}
+
+@test "podman userns=auto in config file" {
+ skip_if_remote "userns=auto is set on the server"
+
+ if is_rootless; then
+ egrep -q "^$(id -un):" /etc/subuid || skip "no IDs allocated for current user"
+ else
+ egrep -q "^containers:" /etc/subuid || skip "no IDs allocated for user 'containers'"
+ fi
+
+ cat > $PODMAN_TMPDIR/userns_auto.conf <<EOF
+[containers]
+userns="auto"
+EOF
+ # First make sure a user namespace is created
+ CONTAINERS_CONF=$PODMAN_TMPDIR/userns_auto.conf run_podman run -d $IMAGE sleep infinity
+ cid=$output
+
+ run_podman inspect --format '{{.HostConfig.UsernsMode}}' $cid
+ is "$output" "private" "Check that a user namespace was created for the container"
+
+ run_podman rm -t 0 -f $cid
+
+ # Then check that the main user is not mapped into the user namespace
+ CONTAINERS_CONF=$PODMAN_TMPDIR/userns_auto.conf run_podman 0 run --rm $IMAGE awk '{if($2 == "0"){exit 1}}' /proc/self/uid_map /proc/self/gid_map
+}
diff --git a/vendor/github.com/containers/storage/go.mod b/vendor/github.com/containers/storage/go.mod
index 57b634f17..96ca1f0b2 100644
--- a/vendor/github.com/containers/storage/go.mod
+++ b/vendor/github.com/containers/storage/go.mod
@@ -18,7 +18,7 @@ require (
github.com/mistifyio/go-zfs v2.1.2-0.20190413222219-f784269be439+incompatible
github.com/moby/sys/mountinfo v0.5.0
github.com/opencontainers/go-digest v1.0.0
- github.com/opencontainers/runc v1.0.2
+ github.com/opencontainers/runc v1.0.3
github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417
github.com/opencontainers/selinux v1.10.0
github.com/pkg/errors v0.9.1
diff --git a/vendor/github.com/containers/storage/go.sum b/vendor/github.com/containers/storage/go.sum
index 94d46b21a..c7262fe7a 100644
--- a/vendor/github.com/containers/storage/go.sum
+++ b/vendor/github.com/containers/storage/go.sum
@@ -514,8 +514,9 @@ github.com/opencontainers/runc v0.1.1/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59P
github.com/opencontainers/runc v1.0.0-rc8.0.20190926000215-3e425f80a8c9/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
github.com/opencontainers/runc v1.0.0-rc9/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
github.com/opencontainers/runc v1.0.0-rc93/go.mod h1:3NOsor4w32B2tC0Zbl8Knk4Wg84SM2ImC1fxBuqJ/H0=
-github.com/opencontainers/runc v1.0.2 h1:opHZMaswlyxz1OuGpBE53Dwe4/xF7EZTY0A2L/FpCOg=
github.com/opencontainers/runc v1.0.2/go.mod h1:aTaHFFwQXuA71CiyxOdFFIorAoemI04suvGRQFzWTD0=
+github.com/opencontainers/runc v1.0.3 h1:1hbqejyQWCJBvtKAfdO0b1FmaEf2z/bxnjqbARass5k=
+github.com/opencontainers/runc v1.0.3/go.mod h1:aTaHFFwQXuA71CiyxOdFFIorAoemI04suvGRQFzWTD0=
github.com/opencontainers/runtime-spec v0.1.2-0.20190507144316-5b71a03e2700/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
github.com/opencontainers/runtime-spec v1.0.1/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
github.com/opencontainers/runtime-spec v1.0.2-0.20190207185410-29686dbc5559/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
diff --git a/vendor/github.com/containers/storage/layers.go b/vendor/github.com/containers/storage/layers.go
index fbf6ad362..e2357c540 100644
--- a/vendor/github.com/containers/storage/layers.go
+++ b/vendor/github.com/containers/storage/layers.go
@@ -23,6 +23,7 @@ import (
"github.com/containers/storage/pkg/system"
"github.com/containers/storage/pkg/tarlog"
"github.com/containers/storage/pkg/truncindex"
+ multierror "github.com/hashicorp/go-multierror"
"github.com/klauspost/pgzip"
digest "github.com/opencontainers/go-digest"
"github.com/opencontainers/selinux/go-selinux/label"
@@ -1463,34 +1464,48 @@ func (r *layerStore) Diff(from, to string, options *DiffOptions) (io.ReadCloser,
}
return maybeCompressReadCloser(diff)
}
- defer tsfile.Close()
decompressor, err := pgzip.NewReader(tsfile)
if err != nil {
- return nil, err
- }
- defer decompressor.Close()
-
- tsbytes, err := ioutil.ReadAll(decompressor)
- if err != nil {
+ if e := tsfile.Close(); e != nil {
+ logrus.Debug(e)
+ }
return nil, err
}
- metadata = storage.NewJSONUnpacker(bytes.NewBuffer(tsbytes))
+ metadata = storage.NewJSONUnpacker(decompressor)
fgetter, err := r.newFileGetter(to)
if err != nil {
- return nil, err
+ errs := multierror.Append(nil, errors.Wrapf(err, "creating file-getter"))
+ if err := decompressor.Close(); err != nil {
+ errs = multierror.Append(errs, errors.Wrapf(err, "closing decompressor"))
+ }
+ if err := tsfile.Close(); err != nil {
+ errs = multierror.Append(errs, errors.Wrapf(err, "closing tarstream headers"))
+ }
+ return nil, errs.ErrorOrNil()
}
tarstream := asm.NewOutputTarStream(fgetter, metadata)
rc := ioutils.NewReadCloserWrapper(tarstream, func() error {
- err1 := tarstream.Close()
- err2 := fgetter.Close()
- if err2 == nil {
- return err1
+ var errs *multierror.Error
+ if err := decompressor.Close(); err != nil {
+ errs = multierror.Append(errs, errors.Wrapf(err, "closing decompressor"))
+ }
+ if err := tsfile.Close(); err != nil {
+ errs = multierror.Append(errs, errors.Wrapf(err, "closing tarstream headers"))
+ }
+ if err := tarstream.Close(); err != nil {
+ errs = multierror.Append(errs, errors.Wrapf(err, "closing reconstructed tarstream"))
+ }
+ if err := fgetter.Close(); err != nil {
+ errs = multierror.Append(errs, errors.Wrapf(err, "closing file-getter"))
+ }
+ if errs != nil {
+ return errs.ErrorOrNil()
}
- return err2
+ return nil
})
return maybeCompressReadCloser(rc)
}
diff --git a/vendor/github.com/containers/storage/pkg/homedir/homedir.go b/vendor/github.com/containers/storage/pkg/homedir/homedir.go
new file mode 100644
index 000000000..85c5e76c8
--- /dev/null
+++ b/vendor/github.com/containers/storage/pkg/homedir/homedir.go
@@ -0,0 +1,52 @@
+package homedir
+
+import (
+ "errors"
+ "os"
+ "path/filepath"
+)
+
+// GetConfigHome returns XDG_CONFIG_HOME.
+// GetConfigHome returns $HOME/.config and nil error if XDG_CONFIG_HOME is not set.
+//
+// See also https://standards.freedesktop.org/basedir-spec/latest/ar01s03.html
+func GetConfigHome() (string, error) {
+ if xdgConfigHome := os.Getenv("XDG_CONFIG_HOME"); xdgConfigHome != "" {
+ return xdgConfigHome, nil
+ }
+ home := Get()
+ if home == "" {
+ return "", errors.New("could not get either XDG_CONFIG_HOME or HOME")
+ }
+ return filepath.Join(home, ".config"), nil
+}
+
+// GetDataHome returns XDG_DATA_HOME.
+// GetDataHome returns $HOME/.local/share and nil error if XDG_DATA_HOME is not set.
+//
+// See also https://standards.freedesktop.org/basedir-spec/latest/ar01s03.html
+func GetDataHome() (string, error) {
+ if xdgDataHome := os.Getenv("XDG_DATA_HOME"); xdgDataHome != "" {
+ return xdgDataHome, nil
+ }
+ home := Get()
+ if home == "" {
+ return "", errors.New("could not get either XDG_DATA_HOME or HOME")
+ }
+ return filepath.Join(home, ".local", "share"), nil
+}
+
+// GetCacheHome returns XDG_CACHE_HOME.
+// GetCacheHome returns $HOME/.cache and nil error if XDG_CACHE_HOME is not set.
+//
+// See also https://standards.freedesktop.org/basedir-spec/latest/ar01s03.html
+func GetCacheHome() (string, error) {
+ if xdgCacheHome := os.Getenv("XDG_CACHE_HOME"); xdgCacheHome != "" {
+ return xdgCacheHome, nil
+ }
+ home := Get()
+ if home == "" {
+ return "", errors.New("could not get either XDG_CACHE_HOME or HOME")
+ }
+ return filepath.Join(home, ".cache"), nil
+}
diff --git a/vendor/github.com/containers/storage/pkg/homedir/homedir_others.go b/vendor/github.com/containers/storage/pkg/homedir/homedir_others.go
index 06b53854b..027db259c 100644
--- a/vendor/github.com/containers/storage/pkg/homedir/homedir_others.go
+++ b/vendor/github.com/containers/storage/pkg/homedir/homedir_others.go
@@ -18,18 +18,3 @@ func GetRuntimeDir() (string, error) {
func StickRuntimeDirContents(files []string) ([]string, error) {
return nil, errors.New("homedir.StickRuntimeDirContents() is not supported on this system")
}
-
-// GetDataHome is unsupported on non-linux system.
-func GetDataHome() (string, error) {
- return "", errors.New("homedir.GetDataHome() is not supported on this system")
-}
-
-// GetConfigHome is unsupported on non-linux system.
-func GetConfigHome() (string, error) {
- return "", errors.New("homedir.GetConfigHome() is not supported on this system")
-}
-
-// GetCacheHome is unsupported on non-linux system.
-func GetCacheHome() (string, error) {
- return "", errors.New("homedir.GetCacheHome() is not supported on this system")
-}
diff --git a/vendor/github.com/containers/storage/pkg/homedir/homedir_unix.go b/vendor/github.com/containers/storage/pkg/homedir/homedir_unix.go
index 2475e351b..33177bdf3 100644
--- a/vendor/github.com/containers/storage/pkg/homedir/homedir_unix.go
+++ b/vendor/github.com/containers/storage/pkg/homedir/homedir_unix.go
@@ -93,48 +93,3 @@ func stick(f string) error {
m |= os.ModeSticky
return os.Chmod(f, m)
}
-
-// GetDataHome returns XDG_DATA_HOME.
-// GetDataHome returns $HOME/.local/share and nil error if XDG_DATA_HOME is not set.
-//
-// See also https://standards.freedesktop.org/basedir-spec/latest/ar01s03.html
-func GetDataHome() (string, error) {
- if xdgDataHome := os.Getenv("XDG_DATA_HOME"); xdgDataHome != "" {
- return xdgDataHome, nil
- }
- home := Get()
- if home == "" {
- return "", errors.New("could not get either XDG_DATA_HOME or HOME")
- }
- return filepath.Join(home, ".local", "share"), nil
-}
-
-// GetConfigHome returns XDG_CONFIG_HOME.
-// GetConfigHome returns $HOME/.config and nil error if XDG_CONFIG_HOME is not set.
-//
-// See also https://standards.freedesktop.org/basedir-spec/latest/ar01s03.html
-func GetConfigHome() (string, error) {
- if xdgConfigHome := os.Getenv("XDG_CONFIG_HOME"); xdgConfigHome != "" {
- return xdgConfigHome, nil
- }
- home := Get()
- if home == "" {
- return "", errors.New("could not get either XDG_CONFIG_HOME or HOME")
- }
- return filepath.Join(home, ".config"), nil
-}
-
-// GetCacheHome returns XDG_CACHE_HOME.
-// GetCacheHome returns $HOME/.cache and nil error if XDG_CACHE_HOME is not set.
-//
-// See also https://standards.freedesktop.org/basedir-spec/latest/ar01s03.html
-func GetCacheHome() (string, error) {
- if xdgCacheHome := os.Getenv("XDG_CACHE_HOME"); xdgCacheHome != "" {
- return xdgCacheHome, nil
- }
- home := Get()
- if home == "" {
- return "", errors.New("could not get either XDG_CACHE_HOME or HOME")
- }
- return filepath.Join(home, ".cache"), nil
-}
diff --git a/vendor/github.com/containers/storage/pkg/homedir/homedir_windows.go b/vendor/github.com/containers/storage/pkg/homedir/homedir_windows.go
index 4f2615ed3..af65f2c03 100644
--- a/vendor/github.com/containers/storage/pkg/homedir/homedir_windows.go
+++ b/vendor/github.com/containers/storage/pkg/homedir/homedir_windows.go
@@ -17,7 +17,12 @@ func Key() string {
// environment variables depending on the target operating system.
// Returned path should be used with "path/filepath" to form new paths.
func Get() string {
- return os.Getenv(Key())
+ home := os.Getenv(Key())
+ if home != "" {
+ return home
+ }
+ home, _ = os.UserHomeDir()
+ return home
}
// GetShortcutString returns the string that is shortcut to user's home directory
diff --git a/vendor/github.com/containers/storage/pkg/idtools/idtools_supported.go b/vendor/github.com/containers/storage/pkg/idtools/idtools_supported.go
index db50a62e4..e444a1bcc 100644
--- a/vendor/github.com/containers/storage/pkg/idtools/idtools_supported.go
+++ b/vendor/github.com/containers/storage/pkg/idtools/idtools_supported.go
@@ -17,6 +17,12 @@ struct subid_range get_range(struct subid_range *ranges, int i)
{
return ranges[i];
}
+
+#if !defined(SUBID_ABI_MAJOR) || (SUBID_ABI_MAJOR < 4)
+# define subid_get_uid_ranges get_subuid_ranges
+# define subid_get_gid_ranges get_subgid_ranges
+#endif
+
*/
import "C"
@@ -32,9 +38,9 @@ func readSubid(username string, isUser bool) (ranges, error) {
var nRanges C.int
var cRanges *C.struct_subid_range
if isUser {
- nRanges = C.get_subuid_ranges(cUsername, &cRanges)
+ nRanges = C.subid_get_uid_ranges(cUsername, &cRanges)
} else {
- nRanges = C.get_subgid_ranges(cUsername, &cRanges)
+ nRanges = C.subid_get_gid_ranges(cUsername, &cRanges)
}
if nRanges < 0 {
return nil, errors.New("cannot read subids")
diff --git a/vendor/github.com/containers/storage/types/options.go b/vendor/github.com/containers/storage/types/options.go
index fe4274efd..7586cd5ae 100644
--- a/vendor/github.com/containers/storage/types/options.go
+++ b/vendor/github.com/containers/storage/types/options.go
@@ -27,6 +27,13 @@ type tomlConfig struct {
} `toml:"storage"`
}
+const (
+ // these are default path for run and graph root for rootful users
+ // for rootless path is constructed via getRootlessStorageOpts
+ defaultRunRoot string = "/run/containers/storage"
+ defaultGraphRoot string = "/var/lib/containers/storage"
+)
+
// defaultConfigFile path to the system wide storage.conf file
var (
defaultConfigFile = "/usr/share/containers/storage.conf"
@@ -36,9 +43,14 @@ var (
defaultStoreOptions StoreOptions
)
+const (
+ overlayDriver = "overlay"
+ overlay2 = "overlay2"
+)
+
func init() {
- defaultStoreOptions.RunRoot = "/run/containers/storage"
- defaultStoreOptions.GraphRoot = "/var/lib/containers/storage"
+ defaultStoreOptions.RunRoot = defaultRunRoot
+ defaultStoreOptions.GraphRoot = defaultGraphRoot
defaultStoreOptions.GraphDriverName = ""
if _, err := os.Stat(defaultOverrideConfigFile); err == nil {
@@ -53,6 +65,13 @@ func init() {
}
ReloadConfigurationFileIfNeeded(defaultConfigFile, &defaultStoreOptions)
}
+ // reload could set values to empty for run and graph root if config does not contains anything
+ if defaultStoreOptions.RunRoot == "" {
+ defaultStoreOptions.RunRoot = defaultRunRoot
+ }
+ if defaultStoreOptions.GraphRoot == "" {
+ defaultStoreOptions.GraphRoot = defaultGraphRoot
+ }
}
// defaultStoreOptionsIsolated is an internal implementation detail of DefaultStoreOptions to allow testing.
@@ -180,7 +199,6 @@ func isRootlessDriver(driver string) bool {
// getRootlessStorageOpts returns the storage opts for containers running as non root
func getRootlessStorageOpts(rootlessUID int, systemOpts StoreOptions) (StoreOptions, error) {
var opts StoreOptions
- const overlayDriver = "overlay"
dataDir, rootlessRuntime, err := getRootlessDirInfo(rootlessUID)
if err != nil {
@@ -202,6 +220,11 @@ func getRootlessStorageOpts(rootlessUID int, systemOpts StoreOptions) (StoreOpti
if driver := os.Getenv("STORAGE_DRIVER"); driver != "" {
opts.GraphDriverName = driver
}
+ if opts.GraphDriverName == overlay2 {
+ logrus.Warnf("Switching default driver from overlay2 to the equivalent overlay driver.")
+ opts.GraphDriverName = overlayDriver
+ }
+
if opts.GraphDriverName == "" || opts.GraphDriverName == overlayDriver {
supported, err := overlay.SupportsNativeOverlay(opts.GraphRoot, rootlessRuntime)
if err != nil {
@@ -307,6 +330,10 @@ func ReloadConfigurationFile(configFile string, storeOptions *StoreOptions) {
config.Storage.Driver = os.Getenv("STORAGE_DRIVER")
storeOptions.GraphDriverName = config.Storage.Driver
}
+ if storeOptions.GraphDriverName == overlay2 {
+ logrus.Warnf("Switching default driver from overlay2 to the equivalent overlay driver.")
+ storeOptions.GraphDriverName = overlayDriver
+ }
if storeOptions.GraphDriverName == "" {
logrus.Errorf("The storage 'driver' option must be set in %s, guarantee proper operation.", configFile)
}
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 02c8315fa..5302a7e50 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -220,7 +220,7 @@ github.com/containers/psgo/internal/dev
github.com/containers/psgo/internal/host
github.com/containers/psgo/internal/proc
github.com/containers/psgo/internal/process
-# github.com/containers/storage v1.37.1-0.20211130181259-1a158c89a518
+# github.com/containers/storage v1.37.1-0.20211213220314-73a749e4fec5
## explicit
github.com/containers/storage
github.com/containers/storage/drivers