diff options
76 files changed, 1566 insertions, 976 deletions
diff --git a/.cirrus.yml b/.cirrus.yml index 8f355b3ba..655fa3830 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -683,9 +683,7 @@ docs_task: # Only run this for PRs on mention, and after merge only_if: >- - $CIRRUS_BRANCH == $DEST_BRANCH && - $CIRRUS_CHANGE_MESSAGE !=~ '.*CI:IMG.*' && - $CIRRUS_CHANGE_MESSAGE =~ '.*CI:DOCS.*' + $CIRRUS_BRANCH != $DEST_BRANCH depends_on: - "gating" @@ -596,7 +596,7 @@ validate.completions: completions/bash/podman if [ -x /bin/zsh ]; then /bin/zsh completions/zsh/_podman; fi .PHONY: validate -validate: lint gofmt .gitvalidation validate.completions man-page-check +validate: gofmt lint .gitvalidation validate.completions man-page-check .PHONY: build-all-new-commits build-all-new-commits: @@ -5,7 +5,7 @@ Libpod provides a library for applications looking to use the Container Pod concept, popularized by Kubernetes. Libpod also contains the Pod Manager tool `(Podman)`. Podman manages pods, containers, container images, and container volumes. -* [Latest Version: 1.7.0](https://github.com/containers/libpod/releases/latest) +* [Latest Version: 1.8.0](https://github.com/containers/libpod/releases/latest) * [Continuous Integration:](contrib/cirrus/README.md) [![Build Status](https://api.cirrus-ci.com/github/containers/libpod.svg)](https://cirrus-ci.com/github/containers/libpod/master) * [GoDoc: ![GoDoc](https://godoc.org/github.com/containers/libpod/libpod?status.svg)](https://godoc.org/github.com/containers/libpod/libpod) * Automated continuous release downloads (including remote-client): diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md index d961b713e..fc528d70f 100644 --- a/RELEASE_NOTES.md +++ b/RELEASE_NOTES.md @@ -2,7 +2,7 @@ ## 1.8.0 ### Features -- The `podman service` command has been added, providing a preview of Podman's new Docker-compatible API. This API is still very new, and not yet ready for production use, but is available for early testing +- The `podman system service` command has been added, providing a preview of Podman's new Docker-compatible API. This API is still very new, and not yet ready for production use, but is available for early testing - Rootless Podman now uses Rootlesskit for port forwarding, which should greatly improve performance and capabilities - The `podman untag` command has been added to remove tags from images without deleting them - The `podman inspect` command on images now displays previous names they used @@ -29,13 +29,20 @@ - Fixed a bug where `podman history` was not computing image sizes correctly ([#4916](https://github.com/containers/libpod/issues/4916)) - Fixed a bug where Podman would not error on invalid values to the `--sort` flag to `podman images` - Fixed a bug where providing a name for the image made by `podman commit` was mandatory, not optional as it should be ([#5027](https://github.com/containers/libpod/issues/5027)) +- Fixed a bug where the remote Podman client would append an extra `"` to `%PATH` ([#4335](https://github.com/containers/libpod/issues/4335)) +- Fixed a bug where the `podman build` command would sometimes ignore the `-f` option and build the wrong Containerfile +- Fixed a bug where the `podman ps --filter` command would only filter running containers, instead of all containers, if `--all` was not passed ([#5050](https://github.com/containers/libpod/issues/5050)) +- Fixed a bug where the `podman load` command on compressed images would leave an extra copy on disk +- Fixed a bug where the `podman restart` command would not properly clean up the network, causing it to function differently from `podman stop; podman start` ([#5051](https://github.com/containers/libpod/issues/5051)) +- Fixed a bug where setting the `--memory-swap` flag to `podman create` and `podman run` to `-1` (to indicate unlimited) was not supported ([#5091](https://github.com/containers/libpod/issues/5091)) ### Misc - Initial work on version 2 of the Podman remote API has been merged, but is still in an alpha state and not ready for use. Read more [here](https://podman.io/releases/2020/01/17/podman-new-api.html) - Many formatting corrections have been made to the manpages - The changes to address ([#5009](https://github.com/containers/libpod/issues/5009)) may cause anonymous volumes created by Podman versions 1.6.3 to 1.7.0 to not be removed when their container is removed - Updated vendored Buildah to v1.13.1 -- Updated vendored containers/storage to v1.15.7 +- Updated vendored containers/storage to v1.15.8 +- Updated vendored containers/image to v5.2.0 ## 1.7.0 ### Features diff --git a/changelog.txt b/changelog.txt index 996c87441..320526596 100644 --- a/changelog.txt +++ b/changelog.txt @@ -1,3 +1,35 @@ +- Changelog for v1.8.0 (2020-02-06) + * [CI:DOCS]update contrib systemd user + * [CI:DOCS]fix systemd files for apiv2 + * Update release notes for final release of v1.8.0 + * Move podman-service to podman-system-service + * Only modify conmon cgroup if we have running containers + * fix swagger docs and make sure docs validation runs + * Special case memory-swap=-1 + * vendor github.com/mtrmac/gpgme@v0.1.2 + * vendor github.com/containers/image/v5@v5.2.0 + * Add Containerfile location e2e test + * [CI:DOCS]addition of specgen package + * {CI:DOCS] run gofmt before lint + * build(deps): bump github.com/onsi/ginkgo from 1.11.0 to 1.12.0 + * Close tarSource when finished using it + * Force --all when --filter is passed to podman ps + * Initial implementation of a spec generator package + * Fix wrong Containerfile location on build + * Wrap error for failing ImageSize calls + * swagger: v2: libpod/images/{import,load,pull} + * seperate container create network options + * Cirrus: Fix gate task + make lint|validate + * Add a binding test to check image tag and list commands. + * Update /_ping support + * [CI:DOCS]add apiv2 endpoints for exec + * build(deps): bump github.com/containers/storage from 1.15.7 to 1.15.8 + * build(deps): bump github.com/onsi/gomega from 1.8.1 to 1.9.0 + * Tear down network when restarting containers + * Move install.md to podman.io, leave link page + * Update XML to not embed quote in PATH on windows + * Bump to v1.8.0-dev + - Changelog for v1.8.0-rc1 (2020-01-31) * Fix a syntax error in hack/release.sh * Minor update to release notes diff --git a/cmd/podman/build.go b/cmd/podman/build.go index 885f2ac51..1fcb98a0e 100644 --- a/cmd/podman/build.go +++ b/cmd/podman/build.go @@ -234,10 +234,6 @@ func buildCmd(c *cliconfig.BuildValues) error { return errors.Wrapf(err, "error determining path to file %q", containerfiles[i]) } contextDir = filepath.Dir(absFile) - containerfiles[i], err = filepath.Rel(contextDir, absFile) - if err != nil { - return errors.Wrapf(err, "error determining path to file %q", containerfiles[i]) - } break } } diff --git a/cmd/podman/commands.go b/cmd/podman/commands.go index ebd7aeb0c..d6018a6f4 100644 --- a/cmd/podman/commands.go +++ b/cmd/podman/commands.go @@ -26,9 +26,6 @@ func getMainCommands() []*cobra.Command { if len(_varlinkCommand.Use) > 0 { rootCommands = append(rootCommands, _varlinkCommand) } - if len(_serviceCommand.Use) > 0 { - rootCommands = append(rootCommands, _serviceCommand) - } return rootCommands } @@ -71,9 +68,15 @@ func getTrustSubCommands() []*cobra.Command { // Commands that the local client implements func getSystemSubCommands() []*cobra.Command { - return []*cobra.Command{ + systemCommands := []*cobra.Command{ _renumberCommand, _dfSystemCommand, _migrateCommand, } + + if len(_serviceCommand.Use) > 0 { + systemCommands = append(systemCommands, _serviceCommand) + } + + return systemCommands } diff --git a/cmd/podman/libpodruntime/runtime.go b/cmd/podman/libpodruntime/runtime.go index 9425cfb9c..e9dc87de1 100644 --- a/cmd/podman/libpodruntime/runtime.go +++ b/cmd/podman/libpodruntime/runtime.go @@ -13,32 +13,66 @@ import ( "github.com/pkg/errors" ) +type runtimeOptions struct { + name string + renumber bool + migrate bool + noStore bool + withFDS bool +} + // GetRuntimeMigrate gets a libpod runtime that will perform a migration of existing containers func GetRuntimeMigrate(ctx context.Context, c *cliconfig.PodmanCommand, newRuntime string) (*libpod.Runtime, error) { - return getRuntime(ctx, c, false, true, false, true, newRuntime) + return getRuntime(ctx, c, &runtimeOptions{ + name: newRuntime, + renumber: false, + migrate: true, + noStore: false, + withFDS: true, + }) } // GetRuntimeDisableFDs gets a libpod runtime that will disable sd notify func GetRuntimeDisableFDs(ctx context.Context, c *cliconfig.PodmanCommand) (*libpod.Runtime, error) { - return getRuntime(ctx, c, false, false, false, false, "") + return getRuntime(ctx, c, &runtimeOptions{ + renumber: false, + migrate: false, + noStore: false, + withFDS: false, + }) } // GetRuntimeRenumber gets a libpod runtime that will perform a lock renumber func GetRuntimeRenumber(ctx context.Context, c *cliconfig.PodmanCommand) (*libpod.Runtime, error) { - return getRuntime(ctx, c, true, false, false, true, "") + return getRuntime(ctx, c, &runtimeOptions{ + renumber: true, + migrate: false, + noStore: false, + withFDS: true, + }) } // GetRuntime generates a new libpod runtime configured by command line options func GetRuntime(ctx context.Context, c *cliconfig.PodmanCommand) (*libpod.Runtime, error) { - return getRuntime(ctx, c, false, false, false, true, "") + return getRuntime(ctx, c, &runtimeOptions{ + renumber: false, + migrate: false, + noStore: false, + withFDS: true, + }) } // GetRuntimeNoStore generates a new libpod runtime configured by command line options func GetRuntimeNoStore(ctx context.Context, c *cliconfig.PodmanCommand) (*libpod.Runtime, error) { - return getRuntime(ctx, c, false, false, true, true, "") + return getRuntime(ctx, c, &runtimeOptions{ + renumber: false, + migrate: false, + noStore: true, + withFDS: true, + }) } -func getRuntime(ctx context.Context, c *cliconfig.PodmanCommand, renumber, migrate, noStore, withFDS bool, newRuntime string) (*libpod.Runtime, error) { +func getRuntime(ctx context.Context, c *cliconfig.PodmanCommand, opts *runtimeOptions) (*libpod.Runtime, error) { options := []libpod.RuntimeOption{} storageOpts := storage.StoreOptions{} storageSet := false @@ -86,14 +120,14 @@ func getRuntime(ctx context.Context, c *cliconfig.PodmanCommand, renumber, migra storageSet = true storageOpts.GraphDriverOptions = c.GlobalFlags.StorageOpts } - if migrate { + if opts.migrate { options = append(options, libpod.WithMigrate()) - if newRuntime != "" { - options = append(options, libpod.WithMigrateRuntime(newRuntime)) + if opts.name != "" { + options = append(options, libpod.WithMigrateRuntime(opts.name)) } } - if renumber { + if opts.renumber { options = append(options, libpod.WithRenumber()) } @@ -102,7 +136,7 @@ func getRuntime(ctx context.Context, c *cliconfig.PodmanCommand, renumber, migra options = append(options, libpod.WithStorageConfig(storageOpts)) } - if !storageSet && noStore { + if !storageSet && opts.noStore { options = append(options, libpod.WithNoStore()) } // TODO CLI flags for image config? @@ -174,7 +208,7 @@ func getRuntime(ctx context.Context, c *cliconfig.PodmanCommand, renumber, migra options = append(options, libpod.WithDefaultInfraCommand(infraCommand)) } - if !withFDS { + if !opts.withFDS { options = append(options, libpod.WithEnableSDNotify()) } if c.Flags().Changed("config") { diff --git a/cmd/podman/ps.go b/cmd/podman/ps.go index d2c5e19e2..d93ccc24c 100644 --- a/cmd/podman/ps.go +++ b/cmd/podman/ps.go @@ -205,6 +205,10 @@ func checkFlagsPassed(c *cliconfig.PsValues) error { if c.Last >= 0 && c.Latest { return errors.Errorf("last and latest are mutually exclusive") } + // Filter forces all + if len(c.Filter) > 0 { + c.All = true + } // Quiet conflicts with size and namespace and is overridden by a Go // template. if c.Quiet { diff --git a/cmd/podman/shared/create.go b/cmd/podman/shared/create.go index 2f637694b..010c80373 100644 --- a/cmd/podman/shared/create.go +++ b/cmd/podman/shared/create.go @@ -309,9 +309,13 @@ func ParseCreateOpts(ctx context.Context, c *GenericCLIResults, runtime *libpod. } } if c.String("memory-swap") != "" { - memorySwap, err = units.RAMInBytes(c.String("memory-swap")) - if err != nil { - return nil, errors.Wrapf(err, "invalid value for memory-swap") + if c.String("memory-swap") == "-1" { + memorySwap = -1 + } else { + memorySwap, err = units.RAMInBytes(c.String("memory-swap")) + if err != nil { + return nil, errors.Wrapf(err, "invalid value for memory-swap") + } } } if c.String("kernel-memory") != "" { diff --git a/completions/bash/podman b/completions/bash/podman index 57b9547a7..56559c142 100644 --- a/completions/bash/podman +++ b/completions/bash/podman @@ -1200,6 +1200,19 @@ _podman_system_prune() { esac } +_podman_system_service() { + local options_with_args=" + -t + --timeout + " + local boolean_options=" + --help + -h + --varlink + " + _complete_ "$options_with_args" "$boolean_options" +} + _podman_system() { local boolean_options=" --help @@ -1755,19 +1768,6 @@ _podman_search() { _complete_ "$options_with_args" "$boolean_options" } -_podman_service() { - local options_with_args=" - -t - --timeout - " - local boolean_options=" - --help - -h - --varlink - " - _complete_ "$options_with_args" "$boolean_options" -} - _podman_unmount() { _podman_umount $@ } diff --git a/contrib/spec/podman.spec.in b/contrib/spec/podman.spec.in index a64f473f4..4e4dc5d21 100644 --- a/contrib/spec/podman.spec.in +++ b/contrib/spec/podman.spec.in @@ -43,7 +43,7 @@ %global shortcommit_conmon %(c=%{commit_conmon}; echo ${c:0:7}) Name: podman -Version: 1.8.0 +Version: 1.8.1 Release: #COMMITDATE#.git%{shortcommit0}%{?dist} Summary: Manage Pods, Containers and Container Images License: ASL 2.0 diff --git a/contrib/systemd/README.md b/contrib/systemd/README.md index ff266c6a5..9f1d37792 100644 --- a/contrib/systemd/README.md +++ b/contrib/systemd/README.md @@ -2,11 +2,6 @@ ## system-wide (podman service run as root) -The following unit file examples assume: - 1. copied the `service` executable into `/usr/local/bin` - 1. `chcon system_u:object_r:container_runtime_exec_t:s0 /usr/local/bin/service` - -then: 1. copy the `podman.service` and `podman.socket` files into `/etc/systemd/system` 1. `systemctl daemon-reload` 1. `systemctl enable podman.socket` @@ -16,47 +11,12 @@ then: Assuming the status messages show no errors, the libpod service is ready to respond to the APIv2 on the unix domain socket `/run/podman/podman.sock` ### podman.service -```toml -[Unit] -Description=Podman API Service -Requires=podman.socket -After=podman.socket -Documentation=man:podman-api(1) -StartLimitIntervalSec=0 - -[Service] -Type=oneshot -Environment=REGISTRIES_CONFIG_PATH=/etc/containers/registries.conf -ExecStart=/usr/local/bin/service -TimeoutStopSec=30 -KillMode=process - -[Install] -WantedBy=multi-user.target -Also=podman.socket -``` +You can refer to [this example](https://github.com/containers/libpod/blob/master/contrib/systemd/system/podman.service) for a sample podman.service file. ### podman.socket +You can refer to [this example](https://github.com/containers/libpod/blob/master/contrib/systemd/system/podman.socket) for a sample podman.socket file. -```toml -[Unit] -Description=Podman API Socket -Documentation=man:podman-api(1) - -[Socket] -ListenStream=%t/podman/podman.sock -SocketMode=0660 - -[Install] -WantedBy=sockets.target -``` ## user (podman service run as given user aka "rootless") -The following unit file examples assume: - 1. you have a created a directory `~/bin` - 1. copied the `service` executable into `~/bin` - 1. `chcon system_u:object_r:container_runtime_exec_t:s0 ~/bin/service` - -then: 1. `mkdir -p ~/.config/systemd/user` 1. copy the `podman.service` and `podman.socket` files into `~/.config/systemd/user` 1. `systemctl --user enable podman.socket` @@ -66,37 +26,7 @@ then: Assuming the status messages show no errors, the libpod service is ready to respond to the APIv2 on the unix domain socket `/run/user/$(id -u)/podman/podman.sock` ### podman.service +You can refer to [this example](https://github.com/containers/libpod/blob/master/contrib/systemd/user/podman.service) for a rootless podman.service file. -```toml -[Unit] -Description=Podman API Service -Requires=podman.socket -After=podman.socket -Documentation=man:podman-api(1) -StartLimitIntervalSec=0 - -[Service] -Type=oneshot -Environment=REGISTRIES_CONFIG_PATH=/etc/containers/registries.conf -ExecStart=%h/bin/service -TimeoutStopSec=30 -KillMode=process - -[Install] -WantedBy=multi-user.target -Also=podman.socket -``` ### podman.socket - -```toml -[Unit] -Description=Podman API Socket -Documentation=man:podman-api(1) - -[Socket] -ListenStream=%t/podman/podman.sock -SocketMode=0660 - -[Install] -WantedBy=sockets.target -``` +You can refer to [this example](https://github.com/containers/libpod/blob/master/contrib/systemd/user/podman.socket) for a rootless podman.socket file. diff --git a/contrib/systemd/system/podman.service b/contrib/systemd/system/podman.service index 13d858627..eaa2ec437 100644 --- a/contrib/systemd/system/podman.service +++ b/contrib/systemd/system/podman.service @@ -8,7 +8,7 @@ StartLimitIntervalSec=0 [Service] Type=oneshot Environment=REGISTRIES_CONFIG_PATH=/etc/containers/registries.conf -ExecStart=/usr/local/bin/service +ExecStart=/usr/bin/podman system service TimeoutStopSec=30 KillMode=process diff --git a/contrib/systemd/user/podman.service b/contrib/systemd/user/podman.service index 81fa55cf8..eaa2ec437 100644 --- a/contrib/systemd/user/podman.service +++ b/contrib/systemd/user/podman.service @@ -8,7 +8,7 @@ StartLimitIntervalSec=0 [Service] Type=oneshot Environment=REGISTRIES_CONFIG_PATH=/etc/containers/registries.conf -ExecStart=%h/bin/service +ExecStart=/usr/bin/podman system service TimeoutStopSec=30 KillMode=process diff --git a/docs/source/markdown/podman-ps.1.md b/docs/source/markdown/podman-ps.1.md index 024b85ea5..23bf9f45d 100644 --- a/docs/source/markdown/podman-ps.1.md +++ b/docs/source/markdown/podman-ps.1.md @@ -96,6 +96,7 @@ Display namespace information Filter what containers are shown in the output. Multiple filters can be given with multiple uses of the --filter flag. If multiple filters are given, only containers which match all of the given filters will be shown. +Results will be drawn from all containers, regardless of whether --all was given. Valid filters are listed below: diff --git a/docs/source/markdown/podman-service.1.md b/docs/source/markdown/podman-system-service.1.md index 5c55e20d3..a71ce9dc0 100644 --- a/docs/source/markdown/podman-service.1.md +++ b/docs/source/markdown/podman-system-service.1.md @@ -1,13 +1,13 @@ % podman-service(1) ## NAME -podman\-service - Run an API service +podman\-system\-service - Run an API service ## SYNOPSIS -**podman service** [*options*] +**podman system service** [*options*] ## DESCRIPTION -The **podman service** command creates a listening service that will answer API calls for Podman. You may +The **podman system service** command creates a listening service that will answer API calls for Podman. You may optionally provide an endpoint for the API in URI form. For example, *unix://tmp/foobar.sock* or *tcp:localhost:8080*. If no endpoint is provided, defaults will be used. The default endpoint for a rootfull service is *unix:/run/podman/podman.sock* and rootless is *unix:/$XDG_RUNTIME_DIR/podman/podman.sock* (for diff --git a/docs/source/markdown/podman-system.1.md b/docs/source/markdown/podman-system.1.md index 1af97290d..5f163c6f0 100644 --- a/docs/source/markdown/podman-system.1.md +++ b/docs/source/markdown/podman-system.1.md @@ -19,6 +19,8 @@ The system command allows you to manage the podman systems | prune | [podman-system-prune(1)](podman-system-prune.1.md) | Remove all unused container, image and volume data. | | renumber | [podman-system-renumber(1)](podman-system-renumber.1.md)| Migrate lock numbers to handle a change in maximum number of locks. | | reset | [podman-system-reset(1)](podman-system-reset.1.md) | Reset storage back to initial state. | +| service | [podman-service(1)](podman-system-service.1.md) | Run an API service | + ## SEE ALSO podman(1) diff --git a/docs/source/markdown/podman.1.md b/docs/source/markdown/podman.1.md index af0e55925..853b5ecec 100644 --- a/docs/source/markdown/podman.1.md +++ b/docs/source/markdown/podman.1.md @@ -191,7 +191,6 @@ the exit codes follow the `chroot` standard, see below: | [podman-rmi(1)](podman-rmi.1.md) | Removes one or more locally stored images. | | [podman-run(1)](podman-run.1.md) | Run a command in a new container. | | [podman-save(1)](podman-save.1.md) | Save an image to a container archive. | -| [podman-service(1)](podman-service.1.md) | Run an API service | | [podman-search(1)](podman-search.1.md) | Search a registry for an image. | | [podman-start(1)](podman-start.1.md) | Start one or more containers. | | [podman-stats(1)](podman-stats.1.md) | Display a live stream of one or more container's resource usage statistics. | @@ -12,7 +12,7 @@ require ( github.com/containernetworking/plugins v0.8.5 github.com/containers/buildah v1.13.1 github.com/containers/conmon v2.0.10+incompatible - github.com/containers/image/v5 v5.1.0 + github.com/containers/image/v5 v5.2.1 github.com/containers/psgo v1.4.0 github.com/containers/storage v1.15.8 github.com/coreos/go-systemd v0.0.0-20190719114852-fd7a80b32e1f @@ -46,7 +46,7 @@ require ( github.com/mrtazz/checkmake v0.0.0-20191009095831-03dd76b964dd // indirect github.com/mrunalp/fileutils v0.0.0-20171103030105-7d4729fb3618 github.com/olekukonko/tablewriter v0.0.4 // indirect - github.com/onsi/ginkgo v1.11.0 + github.com/onsi/ginkgo v1.12.0 github.com/onsi/gomega v1.9.0 github.com/opencontainers/go-digest v1.0.0-rc1 github.com/opencontainers/image-spec v1.0.2-0.20190823105129-775207bd45b6 @@ -30,6 +30,8 @@ github.com/PuerkitoBio/urlesc v0.0.0-20160726150825-5bd2802263f2/go.mod h1:uGdko github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= github.com/VividCortex/ewma v1.1.1 h1:MnEK4VOv6n0RSY4vtRe3h11qjxL3+t0B8yOL8iMXdcM= github.com/VividCortex/ewma v1.1.1/go.mod h1:2Tkkvm3sRDVXaiyucHiACn4cqf7DpdyLvmxzcbUokwA= +github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d h1:licZJFw2RwpHMqeKTCYkitsPqHNxTmd4SNR5r94FGM8= +github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d/go.mod h1:asat636LX7Bqt5lYEZ27JNDcqxfjdBQuJ/MM4CN/Lzo= github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alexflint/go-filemutex v0.0.0-20171022225611-72bdc8eae2ae/go.mod h1:CgnQgUtFrFz9mxFNtED3jI5tLDjKlOM+oUF/sTk6ps0= @@ -91,6 +93,10 @@ github.com/containers/image/v5 v5.0.0 h1:arnXgbt1ucsC/ndtSpiQY87rA0UjhF+/xQnPzqd github.com/containers/image/v5 v5.0.0/go.mod h1:MgiLzCfIeo8lrHi+4Lb8HP+rh513sm0Mlk6RrhjFOLY= github.com/containers/image/v5 v5.1.0 h1:5FjAvPJniamuNNIQHkh4PnsL+n+xzs6Aonzaz5dqTEo= github.com/containers/image/v5 v5.1.0/go.mod h1:BKlMD34WxRo1ruGHHEOrPQP0Qci7SWoPwU6fS7arsCU= +github.com/containers/image/v5 v5.2.0 h1:DowY5OII5x9Pb6Pt76vnHU79BgG4/jdwhZjeAj2R+t8= +github.com/containers/image/v5 v5.2.0/go.mod h1:IAub4gDGvXoxaIAdNy4e3FbVTDPVNMv9F0UfVVFbYCU= +github.com/containers/image/v5 v5.2.1 h1:rQR6QSUneWBoW1bTFpP9EJJTevQFv27YsKYQVJIzg+s= +github.com/containers/image/v5 v5.2.1/go.mod h1:TfhmLwH+v1/HBVPIWH7diLs8XwcOkP3c7t7JFgqaUEc= github.com/containers/libtrust v0.0.0-20190913040956-14b96171aa3b h1:Q8ePgVfHDplZ7U33NwHZkrVELsZP5fYj9pM5WBZB2GE= github.com/containers/libtrust v0.0.0-20190913040956-14b96171aa3b/go.mod h1:9rfv8iPl1ZP7aqh9YA68wnZv2NUDbXdcdPHVz0pFbPY= github.com/containers/ocicrypt v0.0.0-20190930154801-b87a4a69c741 h1:8tQkOcednLJtUcZgK7sPglscXtxvMOnFOa6wd09VWLM= @@ -370,6 +376,10 @@ github.com/mrunalp/fileutils v0.0.0-20171103030105-7d4729fb3618 h1:7InQ7/zrOh6Sl github.com/mrunalp/fileutils v0.0.0-20171103030105-7d4729fb3618/go.mod h1:x8F1gnqOkIEiO4rqoeEEEqQbo7HjGMTvyoq3gej4iT0= github.com/mtrmac/gpgme v0.0.0-20170102180018-b2432428689c h1:xa+eQWKuJ9MbB9FBL/eoNvDFvveAkz2LQoz8PzX7Q/4= github.com/mtrmac/gpgme v0.0.0-20170102180018-b2432428689c/go.mod h1:GhAqVMEWnTcW2dxoD/SO3n2enrgWl3y6Dnx4m59GvcA= +github.com/mtrmac/gpgme v0.1.1 h1:a5ISnvahzTzBH0m/klhehN68N+9+/jLwhpPFtH3oPAQ= +github.com/mtrmac/gpgme v0.1.1/go.mod h1:GYYHnGSuS7HK3zVS2n3y73y0okK/BeKzwnn5jgiVFNI= +github.com/mtrmac/gpgme v0.1.2 h1:dNOmvYmsrakgW7LcgiprD0yfRuQQe8/C8F6Z+zogO3s= +github.com/mtrmac/gpgme v0.1.2/go.mod h1:GYYHnGSuS7HK3zVS2n3y73y0okK/BeKzwnn5jgiVFNI= github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= @@ -386,6 +396,8 @@ github.com/onsi/ginkgo v1.10.3 h1:OoxbjfXVZyod1fmWYhI7SEyaD8B00ynP3T+D5GiyHOY= github.com/onsi/ginkgo v1.10.3/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.11.0 h1:JAKSXpt1YjtLA7YpPiqO9ss6sNXEsPfSGdwN0UHqzrw= github.com/onsi/ginkgo v1.11.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= +github.com/onsi/ginkgo v1.12.0 h1:Iw5WCbBcaAAd0fpRb1c9r5YCylv4XDoCSigm1zLevwU= +github.com/onsi/ginkgo v1.12.0/go.mod h1:oUhWkIvk5aDxtKvDDuw8gItl8pKl42LzjC9KZE0HfGg= github.com/onsi/gomega v0.0.0-20151007035656-2152b45fa28a/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v0.0.0-20190113212917-5533ce8a0da3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= @@ -544,6 +556,8 @@ github.com/vbauerster/mpb v3.4.0+incompatible h1:mfiiYw87ARaeRW6x5gWwYRUawxaW1tL github.com/vbauerster/mpb v3.4.0+incompatible/go.mod h1:zAHG26FUhVKETRu+MWqYXcI70POlC6N8up9p1dID7SU= github.com/vbauerster/mpb/v4 v4.11.1 h1:ZOYQSVHgmeanXsbyC44aDg76tBGCS/54Rk8VkL8dJGA= github.com/vbauerster/mpb/v4 v4.11.1/go.mod h1:vMLa1J/ZKC83G2lB/52XpqT+ZZtFG4aZOdKhmpRL1uM= +github.com/vbauerster/mpb/v4 v4.11.2 h1:ynkUoKzi65DZ1UsQPx7sgi/KN6G9f7br+Us2nKm35AM= +github.com/vbauerster/mpb/v4 v4.11.2/go.mod h1:jIuIRCltGJUnm6DCyPVkwjlLUk4nHTH+m4eD14CdFF0= github.com/vishvananda/netlink v0.0.0-20181108222139-023a6dafdcdf/go.mod h1:+SR5DhBJrl6ZM7CoCKvpw5BKroDKQ+PJqOg65H/2ktk= github.com/vishvananda/netlink v1.0.0 h1:bqNY2lgheFIu1meHUFSH3d7vG93AFyqg3oGbJCOJgSM= github.com/vishvananda/netlink v1.0.0/go.mod h1:+SR5DhBJrl6ZM7CoCKvpw5BKroDKQ+PJqOg65H/2ktk= @@ -652,6 +666,7 @@ golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3 h1:7TYNF4UdlohbFwpNH04CoPMp1 golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191113165036-4c7a9d0fe056/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191115151921-52ab43148777/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191127021746-63cb32ae39b2 h1:/J2nHFg1MTqaRLFO7M+J78ASNsJoz3r0cvHBPQ77fsE= golang.org/x/sys v0.0.0-20191127021746-63cb32ae39b2/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= diff --git a/install.md b/install.md index b143c7f7a..12dc62b32 100644 --- a/install.md +++ b/install.md @@ -1,530 +1,5 @@ # libpod Installation Instructions -## Installing packaged versions of Podman +The installation instructions for Podman and libpod now reside **[here](https://podman.io/getting-started/installation)** in the **[podman.io](https://podman.io)** site. From the hompage, the installation instructions can be found under "Get Started->Installing Podman". -#### [Arch Linux](https://www.archlinux.org) & [Manjaro Linux](https://manjaro.org) - -```bash -sudo pacman -S podman -``` - -If you have problems when running Podman in [rootless](README.md#rootless) mode follow the instructions [here](https://wiki.archlinux.org/index.php/Linux_Containers#Enable_support_to_run_unprivileged_containers_(optional)) - -#### [Debian](https://debian.org) - -The libpod package is [being worked on](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930440) -for inclusion in the default Debian repos. Relevant status updates can also be -found [here](https://github.com/containers/libpod/issues/1742). - -Alternatively, the [Kubic project](https://build.opensuse.org/project/show/devel:kubic:libcontainers:stable) -provides packages for Debian 10, testing and unstable. - -```bash -# Debian Unstable/Sid -echo 'deb http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/Debian_Unstable/ /' > /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list -wget -nv https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable/Debian_Unstable/Release.key -O Release.key - -# Debian Testing -echo 'deb http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/Debian_Testing/ /' > /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list -wget -nv https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable/Debian_Testing/Release.key -O Release.key - -# Debian 10 -echo 'deb http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/Debian_10/ /' > /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list -wget -nv https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable/Debian_10/Release.key -O Release.key - -sudo apt-key add - < Release.key -sudo apt-get update -qq -sudo apt-get -qq -y install podman -``` - -There are many [packages](https://packages.debian.org/search?keywords=libpod&searchon=names&suite=stable§ion=all) -with the libpod prefix available already on Debian. However, those are -unrelated to this project. - - -#### [Fedora](https://www.fedoraproject.org), [CentOS](https://www.centos.org) - -```bash -sudo yum -y install podman -``` - -#### [Fedora-CoreOS](https://coreos.fedoraproject.org), [Fedora SilverBlue](https://silverblue.fedoraproject.org) - -Built-in, no need to install - -#### [Gentoo](https://www.gentoo.org) - -```bash -sudo emerge app-emulation/libpod -``` - -#### [MacOS](https://www.apple.com/macos) - -Using [Homebrew](https://brew.sh/): - -```bash -brew cask install podman -``` - -#### [OpenEmbedded](https://www.openembedded.org) - -Bitbake recipes for podman and its dependencies are available in the -[meta-virtualization layer](https://git.yoctoproject.org/cgit/cgit.cgi/meta-virtualization/). -Add the layer to your OpenEmbedded build environment and build podman using: - -```bash -bitbake podman -``` - -#### [openSUSE](https://www.opensuse.org) - -```bash -sudo zypper install podman -``` - -#### [openSUSE Kubic](https://kubic.opensuse.org) - -Built-in, no need to install - - -#### [Raspbian](https://raspbian.org) - -The Kubic project provides packages for Raspbian 10. - -```bash -# Raspbian 10 -echo 'deb http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/Raspbian_10/ /' > /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list -wget -nv https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable/Raspbian_10/Release.key -O Release.key -sudo apt-key add - < Release.key -sudo apt-get update -qq -sudo apt-get -qq -y install podman -``` - - -#### [RHEL7](https://www.redhat.com/en/technologies/linux-platforms/enterprise-linux) - -Subscribe, then enable Extras channel and install Podman. - -```bash -sudo subscription-manager repos --enable=rhel-7-server-extras-rpms -sudo yum -y install podman -``` - -#### [RHEL8 Beta](https://www.redhat.com/en/blog/powering-its-future-while-preserving-present-introducing-red-hat-enterprise-linux-8-beta?intcmp=701f2000001Cz6OAAS) - -```bash -sudo yum module enable -y container-tools:1.0 -sudo yum module install -y container-tools:1.0 -``` - - -#### [Ubuntu](https://www.ubuntu.com) - -The Kubic project provides packages for Ubuntu 18.04, 19.04 and 19.10. - -```bash -. /etc/os-release -sudo sh -c "echo 'deb http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_${VERSION_ID}/ /' > /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list" -wget -q https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable/xUbuntu_${VERSION_ID}/Release.key -O- | sudo apt-key add - -sudo apt-get update -qq -sudo apt-get -qq -y install podman -``` - -There are many [packages](https://packages.ubuntu.com/search?keywords=libpod&searchon=names&suite=eoan§ion=all) -with the libpod prefix available already on Ubuntu. However, those are -unrelated to this project. - - -### Installing development versions of Podman - -#### Debian - -The Kubic project provides RC/testing packages for Debian 10, testing and -unstable. - -```bash -# Debian Unstable/Sid -echo 'deb http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/testing/Debian_Unstable/ /' > /etc/apt/sources.list.d/devel:kubic:libcontainers:testing.list -wget -nv https://download.opensuse.org/repositories/devel:kubic:libcontainers:testing/Debian_Unstable/Release.key -O Release.key - -# Debian Testing -echo 'deb http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/testing/Debian_Testing/ /' > /etc/apt/sources.list.d/devel:kubic:libcontainers:testing.list -wget -nv https://download.opensuse.org/repositories/devel:kubic:libcontainers:testing/Debian_Testing/Release.key -O Release.key - -# Debian 10 -echo 'deb http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/testing/Debian_10/ /' > /etc/apt/sources.list.d/devel:kubic:libcontainers:testing.list -wget -nv https://download.opensuse.org/repositories/devel:kubic:libcontainers:testing/Debian_10/Release.key -O Release.key - -# Raspbian 10 -echo 'deb http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/testing/Raspbian_10/ /' > /etc/apt/sources.list.d/devel:kubic:libcontainers:testing.list -wget -nv https://download.opensuse.org/repositories/devel:kubic:libcontainers:testing/Raspbian_10/Release.key -O Release.key - -sudo apt-key add - < Release.key -sudo apt-get update -qq -sudo apt-get -qq -y install podman -``` - - -#### Fedora - -You can test the very latest Podman in Fedora's `updates-testing` -repository before it goes out to all Fedora users. - -```console -sudo yum distro-sync --enablerepo=updates-testing podman -``` - -If you use a newer Podman package from Fedora's `updates-testing`, we would -appreciate your `+1` feedback in [Bodhi, Fedora's update management -system](https://bodhi.fedoraproject.org/updates/?packages=podman). - -If you are running a non-rawhide Fedora distribution, you can also test the latest packages -with our [COPR repository](https://copr.fedorainfracloud.org/coprs/baude/Upstream_CRIO_Family/). - -#### [Raspbian](https://raspbian.org) - -The Kubic project provides RC/testing packages for Raspbian 10. - -```bash -# Raspbian 10 -echo 'deb http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/testing/Raspbian_10/ /' > /etc/apt/sources.list.d/devel:kubic:libcontainers:testing.list -wget -nv https://download.opensuse.org/repositories/devel:kubic:libcontainers:testing/Raspbian_10/Release.key -O Release.key -sudo apt-key add - < Release.key -sudo apt-get update -qq -sudo apt-get -qq -y install podman -``` - - -#### Ubuntu - -The Kubic project provides RC/testing packages for Ubuntu 18.04, 19.04 and 19.10. - -```bash -. /etc/os-release -sudo sh -c "echo 'deb http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/testing/x${NAME}_${VERSION_ID}/ /' > /etc/apt/sources.list.d/devel:kubic:libcontainers:testing.list" -wget -nv https://download.opensuse.org/repositories/devel:kubic:libcontainers:testing/x${NAME}_${VERSION_ID}/Release.key -O Release.key -sudo apt-key add - < Release.key -sudo apt-get update -qq -sudo apt-get -qq -y install podman -``` - - -## Building from scratch - -### Build and Run Dependencies - -**Required** - -Fedora, CentOS, RHEL, and related distributions you should try to run -`make package-install` which will install dependencies, build the source, -produce rpms for the current platform and install them in the end. - -```bash -sudo yum install -y \ - atomic-registries \ - btrfs-progs-devel \ - containernetworking-cni \ - device-mapper-devel \ - git \ - glib2-devel \ - glibc-devel \ - glibc-static \ - go \ - golang-github-cpuguy83-go-md2man \ - gpgme-devel \ - iptables \ - libassuan-devel \ - libgpg-error-devel \ - libseccomp-devel \ - libselinux-devel \ - make \ - pkgconfig \ - runc \ - containers-common -``` - -Debian, Ubuntu, and related distributions: - -```bash -sudo apt-get install \ - btrfs-tools \ - git \ - golang-go \ - go-md2man \ - iptables \ - libassuan-dev \ - libbtrfs-dev \ - libc6-dev \ - libdevmapper-dev \ - libglib2.0-dev \ - libgpgme-dev \ - libgpg-error-dev \ - libprotobuf-dev \ - libprotobuf-c0-dev \ - libseccomp-dev \ - libselinux1-dev \ - libsystemd-dev \ - pkg-config \ - runc \ - uidmap -``` - -On openSUSE Leap 15.x and Tumbleweed: - -```bash -sudo zypper -n in libseccomp-devel libgpgme-devel -``` - -On Manjaro (and maybe other Linux distributions): - -Make sure that the Linux kernel supports user namespaces: - -``` -> zgrep CONFIG_USER_NS /proc/config.gz -CONFIG_USER_NS=y - -``` - -If not, please update the kernel. -For Manjaro Linux the instructions can be found here: -https://wiki.manjaro.org/index.php/Manjaro_Kernels - -After that enable user namespaces: - -``` -sudo sysctl kernel.unprivileged_userns_clone=1 -``` - -To enable the user namespaces permanently: - -``` -echo 'kernel.unprivileged_userns_clone=1' > /etc/sysctl.d/userns.conf -``` - -### Building missing dependencies - -If any dependencies cannot be installed or are not sufficiently current, they have to be built from source. -This will mainly affect Debian, Ubuntu, and related distributions, or RHEL where no subscription is active (e.g. Cloud VMs). - -#### golang - -Be careful to double-check that the version of golang is new enough (i.e. `go version`), version 1.10.x or higher is required. -If needed, golang kits are available at https://golang.org/dl/. Alternatively, go can be built from source as follows -(it's helpful to leave the system-go installed, to avoid having to [bootstrap go](https://golang.org/doc/install/source): - -```bash -export GOPATH=~/go -git clone https://go.googlesource.com/go $GOPATH -cd $GOPATH -git checkout tags/go1.10.8 # optional -cd src -./all.bash -export PATH=$GOPATH/bin:$PATH -``` - -#### conmon - -The latest version of `conmon` is expected to be installed on the system. Conmon is used to monitor OCI Runtimes. -To build from source, use the following: - -```bash -git clone https://github.com/containers/conmon -cd conmon -export GOCACHE="$(mktemp -d)" -make -sudo make podman -``` - -#### runc - -The latest version of `runc` is expected to be installed on the system. It is picked up as the default runtime by Podman. -Version 1.0.0-rc4 is the minimal requirement, which is available in Ubuntu 18.04 already. -To double-check, `runc --version` should produce at least `spec: 1.0.1`, otherwise build your own: - -```bash -git clone https://github.com/opencontainers/runc.git $GOPATH/src/github.com/opencontainers/runc -cd $GOPATH/src/github.com/opencontainers/runc -make BUILDTAGS="selinux seccomp" -sudo cp runc /usr/bin/runc -``` - -#### CNI plugins - -#### Setup CNI networking - -A proper description of setting up CNI networking is given in the [`cni` README](cni/README.md). - -A basic setup for CNI networking is done by default during the installation or make processes and -no further configuration is needed to start using Podman. - -#### Add configuration - -```bash -sudo mkdir -p /etc/containers -sudo curl https://raw.githubusercontent.com/projectatomic/registries/master/registries.fedora -o /etc/containers/registries.conf -sudo curl https://raw.githubusercontent.com/containers/skopeo/master/default-policy.json -o /etc/containers/policy.json -``` - - -#### Optional packages - -Fedora, CentOS, RHEL, and related distributions: - -(no optional packages) - -Debian, Ubuntu, and related distributions: - -```bash -apt-get install -y \ - libapparmor-dev -``` - -### Get Source Code - -As with other Go projects, Podman must be cloned into a directory structure like: - -``` -GOPATH -└── src - └── github.com - └── containers - └── libpod -``` - -First, ensure that the go version that is found first on the $PATH (in case you built your own; see [above](#golang)) is sufficiently recent - -`go version` must be higher than 1.10.x). Then we can finally build Podman (assuming we already have a `$GOPATH` and the corresponding folder, -`export GOPATH=~/go && mkdir -p $GOPATH`): - -```bash -git clone https://github.com/containers/libpod/ $GOPATH/src/github.com/containers/libpod -cd $GOPATH/src/github.com/containers/libpod -make BUILDTAGS="selinux seccomp" -sudo make install PREFIX=/usr -``` - -#### Build Tags - -Otherwise, if you do not want to build Podman with seccomp or selinux support you can add `BUILDTAGS=""` when running make. - -```bash -make BUILDTAGS="" -sudo make install -``` - -Podman supports optional build tags for compiling support of various features. -To add build tags to the make option the `BUILDTAGS` variable must be set, for example: - -```bash -make BUILDTAGS='seccomp apparmor' -``` - -| Build Tag | Feature | Dependency | -|----------------------------------|------------------------------------|----------------------| -| apparmor | apparmor support | libapparmor | -| exclude_graphdriver_btrfs | exclude btrfs | libbtrfs | -| exclude_graphdriver_devicemapper | exclude device-mapper | libdm | -| libdm_no_deferred_remove | exclude deferred removal in libdm | libdm | -| seccomp | syscall filtering | libseccomp | -| selinux | selinux process and mount labeling | | -| systemd | journald logging | libsystemd | - -Note that Podman does not officially support device-mapper. Thus, the `exclude_graphdriver_devicemapper` tag is mandatory. - -### Vendoring - Dependency Management - -This project is using [go modules](https://github.com/golang/go/wiki/Modules) for dependency management. If the CI is complaining about a pull request leaving behind an unclean state, it is very likely right about it. After changing dependencies, make sure to run `make vendor` to synchronize the code with the go module and repopulate the `./vendor` directory. - -## Configuration files - -### [registries.conf](https://src.fedoraproject.org/rpms/skopeo/blob/master/f/registries.conf) - -#### Man Page: [registries.conf.5](https://github.com/containers/image/blob/master/docs/registries.conf.5.md) - -`/etc/containers/registries.conf` - -registries.conf is the configuration file which specifies which container registries should be consulted when completing image names which do not include a registry or domain portion. - -#### Example from the Fedora `containers-common` package - -``` -cat /etc/containers/registries.conf -# This is a system-wide configuration file used to -# keep track of registries for various container backends. -# It adheres to TOML format and does not support recursive -# lists of registries. - -# The default location for this configuration file is /etc/containers/registries.conf. - -# The only valid categories are: 'registries.search', 'registries.insecure', -# and 'registries.block'. - -[registries.search] -registries = ['docker.io', 'registry.fedoraproject.org', 'quay.io', 'registry.access.redhat.com', 'registry.centos.org'] - -# If you need to access insecure registries, add the registry's fully-qualified name. -# An insecure registry is one that does not have a valid SSL certificate or only does HTTP. -[registries.insecure] -registries = [] - - -# If you need to block pull access from a registry, uncomment the section below -# and add the registries fully-qualified name. -# -[registries.block] -registries = [] -``` - -### [mounts.conf](https://src.fedoraproject.org/rpms/skopeo/blob/master/f/mounts.conf) - -`/usr/share/containers/mounts.conf` and optionally `/etc/containers/mounts.conf` - -The mounts.conf files specify volume mount directories that are automatically mounted inside containers when executing the `podman run` or `podman build` commands. Container process can then use this content. The volume mount content does not get committed to the final image. - -Usually these directories are used for passing secrets or credentials required by the package software to access remote package repositories. - -For example, a mounts.conf with the line "`/usr/share/rhel/secrets:/run/secrets`", the content of `/usr/share/rhel/secrets` directory is mounted on `/run/secrets` inside the container. This mountpoint allows Red Hat Enterprise Linux subscriptions from the host to be used within the container. - -Note this is not a volume mount. The content of the volumes is copied into container storage, not bind mounted directly from the host. - -#### Example from the Fedora `containers-common` package: - -``` -cat /usr/share/containers/mounts.conf -/usr/share/rhel/secrets:/run/secrets -``` - -### [seccomp.json](https://src.fedoraproject.org/rpms/skopeo/blob/master/f/seccomp.json) - -`/usr/share/containers/seccomp.json` - -seccomp.json contains the whitelist of seccomp rules to be allowed inside of -containers. This file is usually provided by the containers-common package. - -The link above takes you to the seccomp.json - -### [policy.json](https://github.com/containers/skopeo/blob/master/default-policy.json) - -`/etc/containers/policy.json` - -#### Man Page: [policy.json.5](https://github.com/containers/image/blob/master/docs/policy.json.md) - - -#### Example from the Fedora `containers-common` package: - -``` -cat /etc/containers/policy.json -{ - "default": [ - { - "type": "insecureAcceptAnything" - } - ], - "transports": - { - "docker-daemon": - { - "": [{"type":"insecureAcceptAnything"}] - } - } -} -``` +The podman.io site resides in a GitHub under the Containers repository at [https://github.com/containers/podman.io](https://github.com/containers/podman.io). If you see a change that needs to happen to the installation instructions, please feel free to open a pull request there, we're always happy to have new contributors! diff --git a/libpod/container.go b/libpod/container.go index f29cebf20..5e5c8ab26 100644 --- a/libpod/container.go +++ b/libpod/container.go @@ -244,7 +244,7 @@ type ContainerConfig struct { // UID/GID mappings used by the storage IDMappings storage.IDMappingOptions `json:"idMappingsOptions,omitempty"` - // Information on the image used for the root filesystem/ + // Information on the image used for the root filesystem RootfsImageID string `json:"rootfsImageID,omitempty"` RootfsImageName string `json:"rootfsImageName,omitempty"` // Rootfs to use for the container, this conflicts with RootfsImageID diff --git a/libpod/container_internal.go b/libpod/container_internal.go index 0e883588c..78ec09f29 100644 --- a/libpod/container_internal.go +++ b/libpod/container_internal.go @@ -1254,6 +1254,12 @@ func (c *Container) restartWithTimeout(ctx context.Context, timeout uint) (err e } } } + // Ensure we tear down the container network so it will be + // recreated - otherwise, behavior of restart differs from stop + // and start + if err := c.cleanupNetwork(); err != nil { + return err + } } defer func() { if err != nil { diff --git a/libpod/image/pull.go b/libpod/image/pull.go index 76294ba06..fd359d593 100644 --- a/libpod/image/pull.go +++ b/libpod/image/pull.go @@ -126,6 +126,7 @@ func (ir *Runtime) pullGoalFromImageReference(ctx context.Context, srcRef types. if err != nil { return nil, err } + defer tarSource.Close() manifest, err := tarSource.LoadTarManifest() if err != nil { diff --git a/libpod/runtime_pod_linux.go b/libpod/runtime_pod_linux.go index 5b0111b85..4afd5760a 100644 --- a/libpod/runtime_pod_linux.go +++ b/libpod/runtime_pod_linux.go @@ -193,8 +193,6 @@ func (r *Runtime) removePod(ctx context.Context, p *Pod, removeCtrs, force bool) } } - var removalErr error - // We're going to be removing containers. // If we are CGroupfs cgroup driver, to avoid races, we need to hit // the pod and conmon CGroups with a PID limit to prevent them from @@ -205,7 +203,7 @@ func (r *Runtime) removePod(ctx context.Context, p *Pod, removeCtrs, force bool) conmonCgroupPath := filepath.Join(p.state.CgroupPath, "conmon") conmonCgroup, err := cgroups.Load(conmonCgroupPath) if err != nil && err != cgroups.ErrCgroupDeleted && err != cgroups.ErrCgroupV1Rootless { - removalErr = errors.Wrapf(err, "error retrieving pod %s conmon cgroup %s", p.ID(), conmonCgroupPath) + logrus.Errorf("Error retrieving pod %s conmon cgroup %s: %v", p.ID(), conmonCgroupPath, err) } // New resource limits @@ -216,15 +214,13 @@ func (r *Runtime) removePod(ctx context.Context, p *Pod, removeCtrs, force bool) // Don't try if we failed to retrieve the cgroup if err == nil { if err := conmonCgroup.Update(resLimits); err != nil { - if removalErr == nil { - removalErr = errors.Wrapf(err, "error updating pod %s conmon group", p.ID()) - } else { - logrus.Errorf("Error updating pod %s conmon cgroup %s: %v", p.ID(), conmonCgroupPath, err) - } + logrus.Warnf("Error updating pod %s conmon cgroup %s PID limit: %v", p.ID(), conmonCgroupPath, err) } } } + var removalErr error + ctrNamedVolumes := make(map[string]*ContainerNamedVolume) // Second loop - all containers are good, so we should be clear to diff --git a/pkg/api/server/register_images.go b/pkg/api/server/register_images.go index 2959e604a..4a46b6ee6 100644 --- a/pkg/api/server/register_images.go +++ b/pkg/api/server/register_images.go @@ -638,25 +638,24 @@ func (s *APIServer) registerImagesHandlers(r *mux.Router) error { // summary: Load image // description: Load an image (oci-archive or docker-archive) stream. // parameters: - // - in: query - // name: change - // description: "Apply the following possible instructions to the created image (default []): CMD | ENTRYPOINT | ENV | EXPOSE | LABEL | STOPSIGNAL | USER | VOLUME | WORKDIR. JSON encoded string" - // type: string - // - in: query - // name: message - // description: Set commit message for imported image - // type: string - // - in: body - // name: request - // description: tarball of container image - // required: true - // schema: - // type: string + // - in: query + // name: change + // description: "Apply the following possible instructions to the created image (default []): CMD | ENTRYPOINT | ENV | EXPOSE | LABEL | STOPSIGNAL | USER | VOLUME | WORKDIR. JSON encoded string" + // type: string + // - in: query + // name: message + // description: Set commit message for imported image + // type: string + // - in: formData + // name: upload + // description: tarball of container image + // type: file + // required: true // produces: // - application/json // responses: // 200: - // $ref: "#/response/LibpodImagesLoadResponse" + // $ref: "#/responses/DocsLibpodImagesLoadResponse" // 500: // $ref: '#/responses/InternalError' r.Handle(VersionedPath("/libpod/images/load"), APIHandler(s.Context, libpod.ImagesLoad)).Methods(http.MethodPost) @@ -665,31 +664,30 @@ func (s *APIServer) registerImagesHandlers(r *mux.Router) error { // tags: // - images // summary: Import image - // description: Import a previosly exported tarball as an image. + // description: Import a previously exported tarball as an image. // parameters: - // - in: query - // name: change - // description: "Apply the following possible instructions to the created image (default []): CMD | ENTRYPOINT | ENV | EXPOSE | LABEL | STOPSIGNAL | USER | VOLUME | WORKDIR. JSON encoded string" - // type: string - // - in: query - // name: message - // description: Set commit message for imported image - // type: string - // - in: query - // name: url - // description: Specify a URL instead of a tarball - // type: bool - // - in: body - // name: request - // description: Tarball of (or URL to) container image - // required: true - // schema: - // type: string + // - in: query + // name: change + // description: "Apply the following possible instructions to the created image (default []): CMD | ENTRYPOINT | ENV | EXPOSE | LABEL | STOPSIGNAL | USER | VOLUME | WORKDIR. JSON encoded string" + // type: string + // - in: query + // name: message + // description: Set commit message for imported image + // type: string + // - in: query + // name: url + // description: Specify a URL instead of a tarball + // type: boolean + // - in: formData + // name: upload + // type: file + // required: true + // description: tarball for imported image // produces: // - application/json // responses: // 200: - // $ref: "#/response/LibpodImagesImportResponse" + // $ref: "#/responses/DocsLibpodImagesImportResponse" // 500: // $ref: '#/responses/InternalError' r.Handle(VersionedPath("/libpod/images/import"), APIHandler(s.Context, libpod.ImagesImport)).Methods(http.MethodPost) @@ -711,13 +709,13 @@ func (s *APIServer) registerImagesHandlers(r *mux.Router) error { // - in: query // name: tls-verify // description: Require TLS verification. - // type: bool + // type: boolean // default: true // produces: // - application/json // responses: // 200: - // $ref: "#/response/LibpodImagesPullResponse" + // $ref: "#/responses/DocsLibpodImagesPullResponse" // 500: // $ref: '#/responses/InternalError' r.Handle(VersionedPath("/libpod/images/pull"), APIHandler(s.Context, libpod.ImagesPull)).Methods(http.MethodPost) diff --git a/pkg/bindings/errors.go b/pkg/bindings/errors.go index 8bd40f804..1bcaac3f0 100644 --- a/pkg/bindings/errors.go +++ b/pkg/bindings/errors.go @@ -3,7 +3,6 @@ package bindings import ( "encoding/json" "io/ioutil" - "net/http" "github.com/containers/libpod/pkg/api/handlers/utils" "github.com/pkg/errors" @@ -26,7 +25,7 @@ func (a APIResponse) Process(unmarshalInto interface{}) error { if err != nil { return errors.Wrap(err, "unable to process API response") } - if a.Response.StatusCode == http.StatusOK { + if a.IsSuccess() { if unmarshalInto != nil { return json.Unmarshal(data, unmarshalInto) } diff --git a/pkg/bindings/test/images_test.go b/pkg/bindings/test/images_test.go index 227f28d16..f2dc856b2 100644 --- a/pkg/bindings/test/images_test.go +++ b/pkg/bindings/test/images_test.go @@ -89,4 +89,39 @@ var _ = Describe("Podman images", func() { }) + //Tests to validate the image tag command. + It("tag image", func() { + // Validates if invalid image name is given a bad response is encountered. + err = images.Tag(connText, "dummy", "demo", "alpine") + Expect(err).ToNot(BeNil()) + code, _ := bindings.CheckResponseCode(err) + Expect(code).To(BeNumerically("==", 404)) + + // Validates if the image is tagged sucessfully. + err = images.Tag(connText, "alpine", "demo", "alpine") + Expect(err).To(BeNil()) + + //Validates if name updates when the image is retagged. + _, err := images.GetImage(connText, "alpine:demo", nil) + Expect(err).To(BeNil()) + + }) + + //Test to validate the List images command. + It("List image", func() { + //Array to hold the list of images returned + imageSummary, err := images.List(connText, nil, nil) + //There Should be no errors in the response. + Expect(err).To(BeNil()) + //Since in the begin context only one image is created the list context should have only one image + Expect(len(imageSummary)).To(Equal(1)) + + //To be written create a new image and check list count again + //imageSummary, err = images.List(connText, nil, nil) + + //Since in the begin context only one image adding one more image should + ///Expect(len(imageSummary)).To(Equal(2) + + }) + }) diff --git a/pkg/specgen/specgen.go b/pkg/specgen/specgen.go new file mode 100644 index 000000000..e22ee598f --- /dev/null +++ b/pkg/specgen/specgen.go @@ -0,0 +1,399 @@ +package specgen + +import ( + "net" + + "github.com/containers/image/v5/manifest" + "github.com/containers/libpod/libpod" + "github.com/containers/libpod/libpod/define" + "github.com/containers/storage" + "github.com/cri-o/ocicni/pkg/ocicni" + spec "github.com/opencontainers/runtime-spec/specs-go" +) + +// TODO +// mheon provided this an off the cuff suggestion. Adding it here to retain +// for history as we implement it. When this struct is implemented, we need +// to remove the nolints. +type Namespace struct { + isHost bool //nolint + isPath string //nolint + isContainer string //nolint + isPod bool //nolint +} + +// ContainerBasicConfig contains the basic parts of a container. +type ContainerBasicConfig struct { + // Name is the name the container will be given. + // If no name is provided, one will be randomly generated. + // Optional. + Name string `json:"name,omitempty"` + // Pod is the ID of the pod the container will join. + // Optional. + Pod string `json:"pod,omitempty"` + // Entrypoint is the container's entrypoint. + // If not given and Image is specified, this will be populated by the + // image's configuration. + // Optional. + Entrypoint []string `json:"entrypoint,omitempty"` + // Command is the container's command. + // If not given and Image is specified, this will be populated by the + // image's configuration. + // Optional. + Command []string `json:"command,omitempty"` + // Env is a set of environment variables that will be set in the + // container. + // Optional. + Env map[string]string `json:"env,omitempty"` + // Terminal is whether the container will create a PTY. + Terminal bool `json:"terminal,omitempty"` + // Stdin is whether the container will keep its STDIN open. + Stdin bool `json:"stdin,omitempty"` + // Labels are key-valid labels that are used to add metadata to + // containers. + // Optional. + Labels map[string]string `json:"labels,omitempty"` + // Annotations are key-value options passed into the container runtime + // that can be used to trigger special behavior. + // Optional. + Annotations map[string]string `json:"annotations,omitempty"` + // StopSignal is the signal that will be used to stop the container. + // Must be a non-zero integer below SIGRTMAX. + // If not provided, the default, SIGTERM, will be used. + // Will conflict with Systemd if Systemd is set to "true" or "always". + // Optional. + StopSignal *uint `json:"stop_signal,omitempty"` + // StopTimeout is a timeout between the container's stop signal being + // sent and SIGKILL being sent. + // If not provided, the default will be used. + // If 0 is used, stop signal will not be sent, and SIGKILL will be sent + // instead. + // Optional. + StopTimeout *uint `json:"stop_timeout,omitempty"` + // LogDriver is the container's log driver. + // Optional. + LogDriver string `json:"log_driver,omitempty"` + // LogPath is the path the container's logs will be stored at. + // Only available if LogDriver is set to "json-file" or "k8s-file". + // Optional. + LogPath string `json:"log_path,omitempty"` + // ConmonPidFile is a path at which a PID file for Conmon will be + // placed. + // If not given, a default location will be used. + // Optional. + ConmonPidFile string `json:"conmon_pid_file,omitempty"` + // RestartPolicy is the container's restart policy - an action which + // will be taken when the container exits. + // If not given, the default policy, which does nothing, will be used. + // Optional. + RestartPolicy string `json:"restart_policy,omitempty"` + // RestartRetries is the number of attempts that will be made to restart + // the container. + // Only available when RestartPolicy is set to "on-failure". + // Optional. + RestartRetries *uint `json:"restart_tries,omitempty"` + // OCIRuntime is the name of the OCI runtime that will be used to create + // the container. + // If not specified, the default will be used. + // Optional. + OCIRuntime string `json:"oci_runtime,omitempty"` + // Systemd is whether the container will be started in systemd mode. + // Valid options are "true", "false", and "always". + // "true" enables this mode only if the binary run in the container is + // /sbin/init or systemd. "always" unconditionally enables systemd mode. + // "false" unconditionally disables systemd mode. + // If enabled, mounts and stop signal will be modified. + // If set to "always" or set to "true" and conditionally triggered, + // conflicts with StopSignal. + // If not specified, "false" will be assumed. + // Optional. + Systemd string `json:"systemd,omitempty"` + // Namespace is the libpod namespace the container will be placed in. + // Optional. + Namespace string `json:"namespace,omitempty"` + + // PidNS is the container's PID namespace. + // It defaults to private. + // Mandatory. + PidNS Namespace `json:"pidns,omitempty"` + + // UtsNS is the container's UTS namespace. + // It defaults to private. + // Must be set to Private to set Hostname. + // Mandatory. + UtsNS Namespace `json:"utsns,omitempty"` + // Hostname is the container's hostname. If not set, the hostname will + // not be modified (if UtsNS is not private) or will be set to the + // container ID (if UtsNS is private). + // Conflicts with UtsNS if UtsNS is not set to private. + // Optional. + Hostname string `json:"hostname,omitempty"` +} + +// ContainerStorageConfig contains information on the storage configuration of a +// container. +type ContainerStorageConfig struct { + // Image is the image the container will be based on. The image will be + // used as the container's root filesystem, and its environment vars, + // volumes, and other configuration will be applied to the container. + // Conflicts with Rootfs. + // At least one of Image or Rootfs must be specified. + Image string `json:"image"` + // Rootfs is the path to a directory that will be used as the + // container's root filesystem. No modification will be made to the + // directory, it will be directly mounted into the container as root. + // Conflicts with Image. + // At least one of Image or Rootfs must be specified. + Rootfs string `json:"rootfs,omitempty"` + // ImageVolumeMode indicates how image volumes will be created. + // Supported modes are "ignore" (do not create), "tmpfs" (create as + // tmpfs), and "anonymous" (create as anonymous volumes). + // The default is anonymous. + // Optional. + ImageVolumeMode string `json:"image_volume_mode,omitempty"` + // VolumesFrom is a list of containers whose volumes will be added to + // this container. Supported mount options may be added after the + // container name with a : and include "ro" and "rw". + // Optional. + VolumesFrom []string `json:"volumes_from,omitempty"` + // Mounts are mounts that will be added to the container. + // These will supersede Image Volumes and VolumesFrom volumes where + // there are conflicts. + // Optional. + Mounts []spec.Mount `json:"mounts,omitempty"` + // Volumes are named volumes that will be added to the container. + // These will supersede Image Volumes and VolumesFrom volumes where + // there are conflicts. + // Optional. + Volumes []*libpod.ContainerNamedVolume `json:"volumes,omitempty"` + // Devices are devices that will be added to the container. + // Optional. + Devices []spec.LinuxDevice `json:"devices,omitempty"` + // IpcNS is the container's IPC namespace. + // Default is private. + // Conflicts with ShmSize if not set to private. + // Mandatory. + IpcNS Namespace `json:"ipcns,omitempty"` + // ShmSize is the size of the tmpfs to mount in at /dev/shm, in bytes. + // Conflicts with ShmSize if ShmSize is not private. + // Optional. + ShmSize *int64 `json:"shm_size,omitempty"` + // WorkDir is the container's working directory. + // If unset, the default, /, will be used. + // Optional. + WorkDir string `json:"work_dir,omitempty"` + // RootfsPropagation is the rootfs propagation mode for the container. + // If not set, the default of rslave will be used. + // Optional. + RootfsPropagation string `json:"rootfs_propagation,omitempty"` +} + +// ContainerSecurityConfig is a container's security features, including +// SELinux, Apparmor, and Seccomp. +type ContainerSecurityConfig struct { + // Privileged is whether the container is privileged. + // Privileged does the following: + // - Adds all devices on the system to the container. + // - Adds all capabilities to the container. + // - Disables Seccomp, SELinux, and Apparmor confinement. + // TODO: this conflicts with things. + // TODO: this does more. + Privileged bool `json:"privileged,omitempty"` + // User is the user the container will be run as. + // Can be given as a UID or a username; if a username, it will be + // resolved within the container, using the container's /etc/passwd. + // If unset, the container will be run as root. + // Optional. + User string `json:"user,omitempty"` + // Groups are a list of supplemental groups the container's user will + // be granted access to. + // Optional. + Groups []string `json:"groups,omitempty"` + // CapAdd are capabilities which will be added to the container. + // Conflicts with Privileged. + // Optional. + CapAdd []string `json:"cap_add,omitempty"` + // CapDrop are capabilities which will be removed from the container. + // Conflicts with Privileged. + // Optional. + CapDrop []string `json:"cap_drop,omitempty"` + // SelinuxProcessLabel is the process label the container will use. + // If SELinux is enabled and this is not specified, a label will be + // automatically generated if not specified. + // Optional. + SelinuxProcessLabel string `json:"selinux_process_label,omitempty"` + // SelinuxMountLabel is the mount label the container will use. + // If SELinux is enabled and this is not specified, a label will be + // automatically generated if not specified. + // Optional. + SelinuxMountLabel string `json:"selinux_mount_label,omitempty"` + // SelinuxOpts are options for configuring SELinux. + // Optional. + SelinuxOpts []string `json:"selinux_opts,omitempty"` + // ApparmorProfile is the name of the Apparmor profile the container + // will use. + // Optional. + ApparmorProfile string `json:"apparmor_profile,omitempty"` + // SeccompProfilePath is the path to a JSON file containing the + // container's Seccomp profile. + // If not specified, no Seccomp profile will be used. + // Optional. + SeccompProfilePath string `json:"seccomp_profile_path,omitempty"` + // NoNewPrivileges is whether the container will set the no new + // privileges flag on create, which disables gaining additional + // privileges (e.g. via setuid) in the container. + NoNewPrivileges bool `json:"no_new_privileges,omitempty"` + // UserNS is the container's user namespace. + // It defaults to host, indicating that no user namespace will be + // created. + // If set to private, IDMappings must be set. + // Mandatory. + UserNS Namespace `json:"userns,omitempty"` + // IDMappings are UID and GID mappings that will be used by user + // namespaces. + // Required if UserNS is private. + IDMappings storage.IDMappingOptions `json:"idmappings,omitempty"` +} + +// ContainerCgroupConfig contains configuration information about a container's +// cgroups. +type ContainerCgroupConfig struct { + // CgroupNS is the container's cgroup namespace. + // It defaults to private. + // Conflicts with NoCgroups if not set to host. + // Mandatory. + CgroupNS Namespace `json:"cgroupns,omitempty"` + // NoCgroups indicates that the container should not create CGroups. + // Conflicts with CgroupParent and CgroupNS if CgroupNS is not set to + // host. + NoCgroups bool `json:"no_cgroups,omitempty"` + // CgroupParent is the container's CGroup parent. + // If not set, the default for the current cgroup driver will be used. + // Conflicts with NoCgroups. + // Optional. + CgroupParent string `json:"cgroup_parent,omitempty"` +} + +// ContainerNetworkConfig contains information on a container's network +// configuration. +type ContainerNetworkConfig struct { + // NetNS is the configuration to use for the container's network + // namespace. + // Mandatory. + NetNS Namespace `json:"netns,omitempty"` + // ConfigureNetNS is whether Libpod will configure the container's + // network namespace to send and receive traffic. + // Only available is NetNS is private - conflicts with other NetNS + // modes. + ConfigureNetNS bool `json:"configure_netns,omitempty"` + // StaticIP is the a IPv4 address of the container. + // Only available if ConfigureNetNS is true. + // Optional. + StaticIP *net.IP `json:"static_ip,omitempty"` + // StaticIPv6 is a static IPv6 address to set in the container. + // Only available if ConfigureNetNS is true. + // Optional. + StaticIPv6 *net.IP `json:"static_ipv6,omitempty"` + // StaticMAC is a static MAC address to set in the container. + // Only available if ConfigureNetNS is true. + // Optional. + StaticMAC *net.HardwareAddr `json:"static_mac,omitempty"` + // PortBindings is a set of ports to map into the container. + // Only available if ConfigureNetNS is true. + // Optional. + PortMappings []ocicni.PortMapping `json:"portmappings,omitempty"` + // PublishImagePorts will publish ports specified in the image to random + // ports outside. + // Requires Image to be set. + PublishImagePorts bool `json:"publish_image_ports,omitempty"` + // CNINetworks is a list of CNI networks to join the container to. + // If this list is empty, the default CNI network will be joined + // instead. If at least one entry is present, we will not join the + // default network (unless it is part of this list). + // Only available if ConfigureNetNS is true. + // Optional. + CNINetworks []string `json:"cni_networks,omitempty"` + // UseImageResolvConf indicates that resolv.conf should not be managed + // by Podman, but instead sourced from the image. + // Conflicts with DNSServer, DNSSearch, DNSOption. + UseImageResolvConf bool `json:"use_image_resolve_conf,omitempty"` + // DNSServer is a set of DNS servers that will be used in the + // container's resolv.conf, replacing the host's DNS Servers which are + // used by default. + // Conflicts with UseImageResolvConf. + // Optional. + DNSServer []net.IP `json:"dns_server,omitempty"` + // DNSSearch is a set of DNS search domains that will be used in the + // container's resolv.conf, replacing the host's DNS search domains + // which are used by default. + // Conflicts with UseImageResolvConf. + // Optional. + DNSSearch []string `json:"dns_search,omitempty"` + // DNSOption is a set of DNS options that will be used in the + // container's resolv.conf, replacing the host's DNS options which are + // used by default. + // Conflicts with UseImageResolvConf. + // Optional. + DNSOption []string `json:"dns_option,omitempty"` + // UseImageHosts indicates that /etc/hosts should not be managed by + // Podman, and instead sourced from the image. + // Conflicts with HostAdd. + UseImageHosts bool `json:"use_image_hosts,omitempty"` + // HostAdd is a set of hosts which will be added to the container's + // /etc/hosts file. + // Conflicts with UseImageHosts. + // Optional. + HostAdd []string `json:"hostadd,omitempty"` +} + +// ContainerResourceConfig contains information on container resource limits. +type ContainerResourceConfig struct { + // ResourceLimits are resource limits to apply to the container. + // Can only be set as root on cgroups v1 systems, but can be set as + // rootless as well for cgroups v2. + // Optional. + ResourceLimits *spec.LinuxResources `json:"resource_limits,omitempty"` + // Rlimits are POSIX rlimits to apply to the container. + // Optional. + Rlimits []spec.POSIXRlimit `json:"r_limits,omitempty"` + // OOMScoreAdj adjusts the score used by the OOM killer to determine + // processes to kill for the container's process. + // Optional. + OOMScoreAdj *int `json:"oom_score_adj,omitempty"` +} + +// ContainerHealthCheckConfig describes a container healthcheck with attributes +// like command, retries, interval, start period, and timeout. +type ContainerHealthCheckConfig struct { + HealthConfig manifest.Schema2HealthConfig `json:"healthconfig,omitempty"` +} + +// SpecGenerator creates an OCI spec and Libpod configuration options to create +// a container based on the given configuration. +type SpecGenerator struct { + ContainerBasicConfig + ContainerStorageConfig + ContainerSecurityConfig + ContainerCgroupConfig + ContainerNetworkConfig + ContainerResourceConfig + ContainerHealthCheckConfig +} + +// NewSpecGenerator returns a SpecGenerator struct given one of two mandatory inputs +func NewSpecGenerator(image, rootfs *string) (*SpecGenerator, error) { + _ = image + _ = rootfs + return &SpecGenerator{}, define.ErrNotImplemented +} + +// Validate verifies that the given SpecGenerator is valid and satisfies required +// input for creating a container. +func (s *SpecGenerator) Validate() error { + return define.ErrNotImplemented +} + +// MakeContainer creates a container based on the SpecGenerator +func (s *SpecGenerator) MakeContainer() (*libpod.Container, error) { + return nil, define.ErrNotImplemented +} diff --git a/pkg/varlinkapi/images.go b/pkg/varlinkapi/images.go index 333595a96..b144bfa5e 100644 --- a/pkg/varlinkapi/images.go +++ b/pkg/varlinkapi/images.go @@ -143,6 +143,7 @@ func (i *LibpodAPI) GetImage(call iopodman.VarlinkCall, id string) error { func (i *LibpodAPI) BuildImage(call iopodman.VarlinkCall, config iopodman.BuildInfo) error { var ( namespace []buildah.NamespaceOption + imageID string err error ) @@ -249,7 +250,8 @@ func (i *LibpodAPI) BuildImage(call iopodman.VarlinkCall, config iopodman.BuildI c := make(chan error) go func() { - _, _, err := i.Runtime.Build(getContext(), options, newPathDockerFiles...) + iid, _, err := i.Runtime.Build(getContext(), options, newPathDockerFiles...) + imageID = iid c <- err close(c) }() @@ -291,13 +293,9 @@ func (i *LibpodAPI) BuildImage(call iopodman.VarlinkCall, config iopodman.BuildI } call.Continues = false - newImage, err := i.Runtime.ImageRuntime().NewFromLocal(config.Output) - if err != nil { - return call.ReplyErrorOccurred(err.Error()) - } br := iopodman.MoreResponse{ Logs: log, - Id: newImage.ID(), + Id: imageID, } return call.ReplyBuildImage(br) } diff --git a/test/e2e/build_test.go b/test/e2e/build_test.go index 71f5d1b02..b4e400549 100644 --- a/test/e2e/build_test.go +++ b/test/e2e/build_test.go @@ -3,7 +3,9 @@ package integration import ( + "io/ioutil" "os" + "path/filepath" "strings" . "github.com/containers/libpod/test/utils" @@ -105,4 +107,39 @@ var _ = Describe("Podman build", func() { session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) }) + + It("podman build Containerfile locations", func() { + // Given + // Switch to temp dir and restore it afterwards + cwd, err := os.Getwd() + Expect(err).To(BeNil()) + Expect(os.Chdir(os.TempDir())).To(BeNil()) + defer Expect(os.Chdir(cwd)).To(BeNil()) + + // Write target and fake files + targetPath := filepath.Join(os.TempDir(), "dir") + Expect(os.MkdirAll(targetPath, 0755)).To(BeNil()) + + fakeFile := filepath.Join(os.TempDir(), "Containerfile") + Expect(ioutil.WriteFile(fakeFile, []byte("FROM alpine"), 0755)).To(BeNil()) + + targetFile := filepath.Join(targetPath, "Containerfile") + Expect(ioutil.WriteFile(targetFile, []byte("FROM scratch"), 0755)).To(BeNil()) + + defer func() { + Expect(os.RemoveAll(fakeFile)).To(BeNil()) + Expect(os.RemoveAll(targetFile)).To(BeNil()) + }() + + // When + session := podmanTest.PodmanNoCache([]string{ + "build", "-f", targetFile, "-t", "test-locations", + }) + session.WaitWithDefaultTimeout() + + // Then + Expect(session.ExitCode()).To(Equal(0)) + Expect(strings.Fields(session.OutputToString())). + To(ContainElement("scratch")) + }) }) diff --git a/test/e2e/ps_test.go b/test/e2e/ps_test.go index 12bfdfe41..fccc5c93b 100644 --- a/test/e2e/ps_test.go +++ b/test/e2e/ps_test.go @@ -227,6 +227,22 @@ var _ = Describe("Podman ps", func() { Expect(output[0]).To(Equal(fullCid)) }) + It("podman ps filter by exited does not need all", func() { + ctr := podmanTest.Podman([]string{"run", "-t", "-i", ALPINE, "ls", "/"}) + ctr.WaitWithDefaultTimeout() + Expect(ctr.ExitCode()).To(Equal(0)) + + psAll := podmanTest.Podman([]string{"ps", "-aq", "--no-trunc"}) + psAll.WaitWithDefaultTimeout() + Expect(psAll.ExitCode()).To(Equal(0)) + + psFilter := podmanTest.Podman([]string{"ps", "--no-trunc", "--quiet", "--filter", "status=exited"}) + psFilter.WaitWithDefaultTimeout() + Expect(psFilter.ExitCode()).To(Equal(0)) + + Expect(psAll.OutputToString()).To(Equal(psFilter.OutputToString())) + }) + It("podman ps mutually exclusive flags", func() { session := podmanTest.Podman([]string{"ps", "-aqs"}) session.WaitWithDefaultTimeout() diff --git a/vendor/github.com/acarl005/stripansi/LICENSE b/vendor/github.com/acarl005/stripansi/LICENSE new file mode 100644 index 000000000..00abe0dbf --- /dev/null +++ b/vendor/github.com/acarl005/stripansi/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2018 Andrew Carlson + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/vendor/github.com/acarl005/stripansi/README.md b/vendor/github.com/acarl005/stripansi/README.md new file mode 100644 index 000000000..8bdb1f505 --- /dev/null +++ b/vendor/github.com/acarl005/stripansi/README.md @@ -0,0 +1,30 @@ +Strip ANSI +========== + +This Go package removes ANSI escape codes from strings. + +Ideally, we would prevent these from appearing in any text we want to process. +However, sometimes this can't be helped, and we need to be able to deal with that noise. +This will use a regexp to remove those unwanted escape codes. + + +## Install + +```sh +$ go get -u github.com/acarl005/stripansi +``` + +## Usage + +```go +import ( + "fmt" + "github.com/acarl005/stripansi" +) + +func main() { + msg := "\x1b[38;5;140m foo\x1b[0m bar" + cleanMsg := stripansi.Strip(msg) + fmt.Println(cleanMsg) // " foo bar" +} +``` diff --git a/vendor/github.com/acarl005/stripansi/stripansi.go b/vendor/github.com/acarl005/stripansi/stripansi.go new file mode 100644 index 000000000..235732a78 --- /dev/null +++ b/vendor/github.com/acarl005/stripansi/stripansi.go @@ -0,0 +1,13 @@ +package stripansi + +import ( + "regexp" +) + +const ansi = "[\u001B\u009B][[\\]()#;?]*(?:(?:(?:[a-zA-Z\\d]*(?:;[a-zA-Z\\d]*)*)?\u0007)|(?:(?:\\d{1,4}(?:;\\d{0,4})*)?[\\dA-PRZcf-ntqry=><~]))" + +var re = regexp.MustCompile(ansi) + +func Strip(str string) string { + return re.ReplaceAllString(str, "") +} diff --git a/vendor/github.com/containers/image/v5/copy/copy.go b/vendor/github.com/containers/image/v5/copy/copy.go index 29660b6b2..8432dbe32 100644 --- a/vendor/github.com/containers/image/v5/copy/copy.go +++ b/vendor/github.com/containers/image/v5/copy/copy.go @@ -380,6 +380,7 @@ func (c *copier) copyMultipleImages(ctx context.Context, policyContext *signatur return nil, "", errors.Wrap(err, "Can not copy signatures") } } + canModifyManifestList := (len(sigs) == 0) // Determine if we'll need to convert the manifest list to a different format. forceListMIMEType := options.ForceManifestMIMEType @@ -394,7 +395,6 @@ func (c *copier) copyMultipleImages(ctx context.Context, policyContext *signatur return nil, "", errors.Wrapf(err, "Error determining manifest list type to write to destination") } if selectedListType != list.MIMEType() { - canModifyManifestList := (len(sigs) == 0) if !canModifyManifestList { return nil, "", errors.Errorf("Error: manifest list must be converted to type %q to be written to destination, but that would invalidate signatures", selectedListType) } @@ -451,12 +451,6 @@ func (c *copier) copyMultipleImages(ctx context.Context, policyContext *signatur return nil, "", errors.Wrapf(err, "Error updating manifest list") } - // Check if the updates meaningfully changed the list of images. - listIsModified := false - if !reflect.DeepEqual(list.Instances(), originalList.Instances()) { - listIsModified = true - } - // Perform the list conversion. if selectedListType != list.MIMEType() { list, err = list.ConvertToMIMEType(selectedListType) @@ -465,12 +459,23 @@ func (c *copier) copyMultipleImages(ctx context.Context, policyContext *signatur } } - // If we can't use the original value, but we have to change it, flag an error. - if listIsModified { - manifestList, err = list.Serialize() - if err != nil { - return nil, "", errors.Wrapf(err, "Error encoding updated manifest list (%q: %#v)", list.MIMEType(), list.Instances()) + // Check if the updates or a type conversion meaningfully changed the list of images + // by serializing them both so that we can compare them. + updatedManifestList, err := list.Serialize() + if err != nil { + return nil, "", errors.Wrapf(err, "Error encoding updated manifest list (%q: %#v)", list.MIMEType(), list.Instances()) + } + originalManifestList, err := originalList.Serialize() + if err != nil { + return nil, "", errors.Wrapf(err, "Error encoding original manifest list for comparison (%q: %#v)", originalList.MIMEType(), originalList.Instances()) + } + + // If we can't just use the original value, but we have to change it, flag an error. + if !bytes.Equal(updatedManifestList, originalManifestList) { + if !canModifyManifestList { + return nil, "", errors.Errorf("Error: manifest list must be converted to type %q to be written to destination, but that would invalidate signatures", selectedListType) } + manifestList = updatedManifestList logrus.Debugf("Manifest list has been updated") } @@ -709,7 +714,7 @@ func checkImageDestinationForCurrentRuntime(ctx context.Context, sys *types.Syst wantedOS = sys.OSChoice } if wantedOS != c.OS { - return fmt.Errorf("Image operating system mismatch: image uses %q, expecting %q", c.OS, wantedOS) + logrus.Infof("Image operating system mismatch: image uses %q, expecting %q", c.OS, wantedOS) } wantedArch := runtime.GOARCH @@ -717,7 +722,7 @@ func checkImageDestinationForCurrentRuntime(ctx context.Context, sys *types.Syst wantedArch = sys.ArchitectureChoice } if wantedArch != c.Architecture { - return fmt.Errorf("Image architecture mismatch: image uses %q, expecting %q", c.Architecture, wantedArch) + logrus.Infof("Image architecture mismatch: image uses %q, expecting %q", c.Architecture, wantedArch) } } return nil diff --git a/vendor/github.com/containers/image/v5/copy/manifest.go b/vendor/github.com/containers/image/v5/copy/manifest.go index bcf082df3..5a3cf06a4 100644 --- a/vendor/github.com/containers/image/v5/copy/manifest.go +++ b/vendor/github.com/containers/image/v5/copy/manifest.go @@ -127,14 +127,14 @@ func isMultiImage(ctx context.Context, img types.UnparsedImage) (bool, error) { // forced value, and returns the MIME type to which we should convert the list // of manifests, whether we are converting to it or using it unmodified. func (c *copier) determineListConversion(currentListMIMEType string, destSupportedMIMETypes []string, forcedListMIMEType string) (string, error) { - // If we're forcing it, we prefer the forced value over everything else. - if forcedListMIMEType != "" { - return forcedListMIMEType, nil - } // If there's no list of supported types, then anything we support is expected to be supported. if len(destSupportedMIMETypes) == 0 { destSupportedMIMETypes = manifest.SupportedListMIMETypes } + // If we're forcing it, replace the list of supported types with the forced value. + if forcedListMIMEType != "" { + destSupportedMIMETypes = []string{forcedListMIMEType} + } var selectedType string for i := range destSupportedMIMETypes { // The second priority is the first member of the list of acceptable types that is a list, @@ -148,9 +148,15 @@ func (c *copier) determineListConversion(currentListMIMEType string, destSupport selectedType = destSupportedMIMETypes[i] } } + logrus.Debugf("Manifest list has MIME type %s, ordered candidate list [%s]", currentListMIMEType, strings.Join(destSupportedMIMETypes, ", ")) if selectedType == "" { return "", errors.Errorf("destination does not support any supported manifest list types (%v)", manifest.SupportedListMIMETypes) } + if selectedType != currentListMIMEType { + logrus.Debugf("... will convert to %s", selectedType) + } else { + logrus.Debugf("... will use the original manifest list type") + } // Done. return selectedType, nil } diff --git a/vendor/github.com/containers/image/v5/directory/directory_dest.go b/vendor/github.com/containers/image/v5/directory/directory_dest.go index caa7a207f..d70b6c07f 100644 --- a/vendor/github.com/containers/image/v5/directory/directory_dest.go +++ b/vendor/github.com/containers/image/v5/directory/directory_dest.go @@ -6,6 +6,7 @@ import ( "io/ioutil" "os" "path/filepath" + "runtime" "github.com/containers/image/v5/types" "github.com/opencontainers/go-digest" @@ -142,8 +143,11 @@ func (d *dirImageDestination) PutBlob(ctx context.Context, stream io.Reader, inp return types.BlobInfo{}, err } succeeded := false + explicitClosed := false defer func() { - blobFile.Close() + if !explicitClosed { + blobFile.Close() + } if !succeeded { os.Remove(blobFile.Name()) } @@ -164,10 +168,21 @@ func (d *dirImageDestination) PutBlob(ctx context.Context, stream io.Reader, inp if err := blobFile.Sync(); err != nil { return types.BlobInfo{}, err } - if err := blobFile.Chmod(0644); err != nil { - return types.BlobInfo{}, err + + // On POSIX systems, blobFile was created with mode 0600, so we need to make it readable. + // On Windows, the “permissions of newly created files” argument to syscall.Open is + // ignored and the file is already readable; besides, blobFile.Chmod, i.e. syscall.Fchmod, + // always fails on Windows. + if runtime.GOOS != "windows" { + if err := blobFile.Chmod(0644); err != nil { + return types.BlobInfo{}, err + } } + blobPath := d.ref.layerPath(computedDigest) + // need to explicitly close the file, since a rename won't otherwise not work on Windows + blobFile.Close() + explicitClosed = true if err := os.Rename(blobFile.Name(), blobPath); err != nil { return types.BlobInfo{}, err } diff --git a/vendor/github.com/containers/image/v5/docker/docker_client.go b/vendor/github.com/containers/image/v5/docker/docker_client.go index 986bcb986..aa8463d18 100644 --- a/vendor/github.com/containers/image/v5/docker/docker_client.go +++ b/vendor/github.com/containers/image/v5/docker/docker_client.go @@ -6,7 +6,6 @@ import ( "encoding/json" "fmt" "io" - "io/ioutil" "net/http" "net/url" "os" @@ -17,6 +16,7 @@ import ( "time" "github.com/containers/image/v5/docker/reference" + "github.com/containers/image/v5/internal/iolimits" "github.com/containers/image/v5/pkg/docker/config" "github.com/containers/image/v5/pkg/sysregistriesv2" "github.com/containers/image/v5/pkg/tlsclientconfig" @@ -45,6 +45,10 @@ const ( extensionSignatureSchemaVersion = 2 // extensionSignature.Version extensionSignatureTypeAtomic = "atomic" // extensionSignature.Type + + backoffNumIterations = 5 + backoffInitialDelay = 2 * time.Second + backoffMaxDelay = 60 * time.Second ) var systemPerHostCertDirPaths = [2]string{"/etc/containers/certs.d", "/etc/docker/certs.d"} @@ -277,7 +281,7 @@ func CheckAuth(ctx context.Context, sys *types.SystemContext, username, password } defer resp.Body.Close() - return httpResponseToError(resp) + return httpResponseToError(resp, "") } // SearchResult holds the information of each matching image @@ -351,7 +355,7 @@ func SearchRegistry(ctx context.Context, sys *types.SystemContext, registry, ima } else { defer resp.Body.Close() if resp.StatusCode != http.StatusOK { - logrus.Debugf("error getting search results from v1 endpoint %q: %v", registry, httpResponseToError(resp)) + logrus.Debugf("error getting search results from v1 endpoint %q: %v", registry, httpResponseToError(resp, "")) } else { if err := json.NewDecoder(resp.Body).Decode(v1Res); err != nil { return nil, err @@ -368,7 +372,7 @@ func SearchRegistry(ctx context.Context, sys *types.SystemContext, registry, ima } else { defer resp.Body.Close() if resp.StatusCode != http.StatusOK { - logrus.Errorf("error getting search results from v2 endpoint %q: %v", registry, httpResponseToError(resp)) + logrus.Errorf("error getting search results from v2 endpoint %q: %v", registry, httpResponseToError(resp, "")) } else { if err := json.NewDecoder(resp.Body).Decode(v2Res); err != nil { return nil, err @@ -400,74 +404,64 @@ func (c *dockerClient) makeRequest(ctx context.Context, method, path string, hea return c.makeRequestToResolvedURL(ctx, method, url, headers, stream, -1, auth, extraScope) } +// parseRetryAfter determines the delay required by the "Retry-After" header in res and returns it, +// silently falling back to fallbackDelay if the header is missing or invalid. +func parseRetryAfter(res *http.Response, fallbackDelay time.Duration) time.Duration { + after := res.Header.Get("Retry-After") + if after == "" { + return fallbackDelay + } + logrus.Debugf("Detected 'Retry-After' header %q", after) + // First, check if we have a numerical value. + if num, err := strconv.ParseInt(after, 10, 64); err == nil { + return time.Duration(num) * time.Second + } + // Second, check if we have an HTTP date. + // If the delta between the date and now is positive, use it. + // Otherwise, fall back to using the default exponential back off. + if t, err := http.ParseTime(after); err == nil { + delta := time.Until(t) + if delta > 0 { + return delta + } + logrus.Debugf("Retry-After date in the past, ignoring it") + return fallbackDelay + } + // If the header contents are bogus, fall back to using the default exponential back off. + logrus.Debugf("Invalid Retry-After format, ignoring it") + return fallbackDelay +} + // makeRequestToResolvedURL creates and executes a http.Request with the specified parameters, adding authentication and TLS options for the Docker client. // streamLen, if not -1, specifies the length of the data expected on stream. // makeRequest should generally be preferred. -// In case of an http 429 status code in the response, it performs an exponential back off starting at 2 seconds for at most 5 iterations. -// If the `Retry-After` header is set in the response, the specified value or date is -// If the stream is non-nil, no back off will be performed. +// In case of an HTTP 429 status code in the response, it may automatically retry a few times. // TODO(runcom): too many arguments here, use a struct func (c *dockerClient) makeRequestToResolvedURL(ctx context.Context, method, url string, headers map[string][]string, stream io.Reader, streamLen int64, auth sendAuth, extraScope *authScope) (*http.Response, error) { - var ( - res *http.Response - err error - delay int64 - ) - delay = 2 - const numIterations = 5 - const maxDelay = 60 - - // math.Min() only supports float64, so have an anonymous func to avoid - // casting. - min := func(a int64, b int64) int64 { - if a < b { - return a + delay := backoffInitialDelay + attempts := 0 + for { + res, err := c.makeRequestToResolvedURLOnce(ctx, method, url, headers, stream, streamLen, auth, extraScope) + attempts++ + if res == nil || res.StatusCode != http.StatusTooManyRequests || // Only retry on StatusTooManyRequests, success or other failure is returned to caller immediately + stream != nil || // We can't retry with a body (which is not restartable in the general case) + attempts == backoffNumIterations { + return res, err } - return b - } - nextDelay := func(r *http.Response, delay int64) int64 { - after := res.Header.Get("Retry-After") - if after == "" { - return min(delay, maxDelay) - } - logrus.Debugf("detected 'Retry-After' header %q", after) - // First check if we have a numerical value. - if num, err := strconv.ParseInt(after, 10, 64); err == nil { - return min(num, maxDelay) + delay = parseRetryAfter(res, delay) + if delay > backoffMaxDelay { + delay = backoffMaxDelay } - // Secondly check if we have an http date. - // If the delta between the date and now is positive, use it. - // Otherwise, fall back to using the default exponential back off. - if t, err := http.ParseTime(after); err == nil { - delta := int64(time.Until(t).Seconds()) - if delta > 0 { - return min(delta, maxDelay) - } - logrus.Debugf("negative date: falling back to using %d seconds", delay) - return min(delay, maxDelay) + logrus.Debugf("Too many requests to %s: sleeping for %f seconds before next attempt", url, delay.Seconds()) + select { + case <-ctx.Done(): + return nil, ctx.Err() + case <-time.After(delay): + // Nothing } - // If the header contains bogus, fall back to using the default - // exponential back off. - logrus.Debugf("invalid format: falling back to using %d seconds", delay) - return min(delay, maxDelay) - } - - for i := 0; i < numIterations; i++ { - res, err = c.makeRequestToResolvedURLOnce(ctx, method, url, headers, stream, streamLen, auth, extraScope) - if stream == nil && res != nil && res.StatusCode == http.StatusTooManyRequests { - if i < numIterations-1 { - logrus.Errorf("HEADER %v", res.Header) - delay = nextDelay(res, delay) // compute next delay - does NOT exceed maxDelay - logrus.Debugf("too many request to %s: sleeping for %d seconds before next attempt", url, delay) - time.Sleep(time.Duration(delay) * time.Second) - delay = delay * 2 // exponential back off - } - continue - } - break + delay = delay * 2 // exponential back off } - return res, err } // makeRequestToResolvedURLOnce creates and executes a http.Request with the specified parameters, adding authentication and TLS options for the Docker client. @@ -597,7 +591,7 @@ func (c *dockerClient) getBearerToken(ctx context.Context, challenge challenge, default: return nil, errors.Errorf("unexpected http code: %d (%s), URL: %s", res.StatusCode, http.StatusText(res.StatusCode), authReq.URL) } - tokenBlob, err := ioutil.ReadAll(res.Body) + tokenBlob, err := iolimits.ReadAtMost(res.Body, iolimits.MaxAuthTokenBodySize) if err != nil { return nil, err } @@ -627,7 +621,7 @@ func (c *dockerClient) detectPropertiesHelper(ctx context.Context) error { defer resp.Body.Close() logrus.Debugf("Ping %s status %d", url, resp.StatusCode) if resp.StatusCode != http.StatusOK && resp.StatusCode != http.StatusUnauthorized { - return httpResponseToError(resp) + return httpResponseToError(resp, "") } c.challenges = parseAuthHeader(resp.Header) c.scheme = scheme @@ -690,7 +684,7 @@ func (c *dockerClient) getExtensionsSignatures(ctx context.Context, ref dockerRe return nil, errors.Wrapf(clientLib.HandleErrorResponse(res), "Error downloading signatures for %s in %s", manifestDigest, ref.ref.Name()) } - body, err := ioutil.ReadAll(res.Body) + body, err := iolimits.ReadAtMost(res.Body, iolimits.MaxSignatureListBodySize) if err != nil { return nil, err } diff --git a/vendor/github.com/containers/image/v5/docker/docker_image.go b/vendor/github.com/containers/image/v5/docker/docker_image.go index dad382cd0..483581dbc 100644 --- a/vendor/github.com/containers/image/v5/docker/docker_image.go +++ b/vendor/github.com/containers/image/v5/docker/docker_image.go @@ -70,7 +70,7 @@ func GetRepositoryTags(ctx context.Context, sys *types.SystemContext, ref types. return nil, err } defer res.Body.Close() - if err := httpResponseToError(res); err != nil { + if err := httpResponseToError(res, "Error fetching tags list"); err != nil { return nil, err } diff --git a/vendor/github.com/containers/image/v5/docker/docker_image_dest.go b/vendor/github.com/containers/image/v5/docker/docker_image_dest.go index 47a73d868..ab74e1607 100644 --- a/vendor/github.com/containers/image/v5/docker/docker_image_dest.go +++ b/vendor/github.com/containers/image/v5/docker/docker_image_dest.go @@ -15,6 +15,7 @@ import ( "strings" "github.com/containers/image/v5/docker/reference" + "github.com/containers/image/v5/internal/iolimits" "github.com/containers/image/v5/manifest" "github.com/containers/image/v5/pkg/blobinfocache/none" "github.com/containers/image/v5/types" @@ -58,14 +59,16 @@ func (d *dockerImageDestination) Close() error { } func (d *dockerImageDestination) SupportedManifestMIMETypes() []string { - return []string{ + mimeTypes := []string{ imgspecv1.MediaTypeImageManifest, manifest.DockerV2Schema2MediaType, imgspecv1.MediaTypeImageIndex, manifest.DockerV2ListMediaType, - manifest.DockerV2Schema1SignedMediaType, - manifest.DockerV2Schema1MediaType, } + if d.c.sys == nil || !d.c.sys.DockerDisableDestSchema1MIMETypes { + mimeTypes = append(mimeTypes, manifest.DockerV2Schema1SignedMediaType, manifest.DockerV2Schema1MediaType) + } + return mimeTypes } // SupportsSignatures returns an error (to be displayed to the user) if the destination certainly can't store signatures. @@ -620,7 +623,7 @@ sigExists: } defer res.Body.Close() if res.StatusCode != http.StatusCreated { - body, err := ioutil.ReadAll(res.Body) + body, err := iolimits.ReadAtMost(res.Body, iolimits.MaxErrorBodySize) if err == nil { logrus.Debugf("Error body %s", string(body)) } diff --git a/vendor/github.com/containers/image/v5/docker/docker_image_src.go b/vendor/github.com/containers/image/v5/docker/docker_image_src.go index 35beb30e5..967845e72 100644 --- a/vendor/github.com/containers/image/v5/docker/docker_image_src.go +++ b/vendor/github.com/containers/image/v5/docker/docker_image_src.go @@ -10,8 +10,10 @@ import ( "net/url" "os" "strconv" + "strings" "github.com/containers/image/v5/docker/reference" + "github.com/containers/image/v5/internal/iolimits" "github.com/containers/image/v5/manifest" "github.com/containers/image/v5/pkg/sysregistriesv2" "github.com/containers/image/v5/types" @@ -53,43 +55,77 @@ func newImageSource(ctx context.Context, sys *types.SystemContext, ref dockerRef // non-mirror original location last; this both transparently handles the case // of no mirrors configured, and ensures we return the error encountered when // acessing the upstream location if all endpoints fail. - manifestLoadErr := errors.New("Internal error: newImageSource returned without trying any endpoint") pullSources, err := registry.PullSourcesFromReference(ref.ref) if err != nil { return nil, err } + type attempt struct { + ref reference.Named + err error + } + attempts := []attempt{} for _, pullSource := range pullSources { - logrus.Debugf("Trying to pull %q", pullSource.Reference) - dockerRef, err := newReference(pullSource.Reference) - if err != nil { - return nil, err + logrus.Debugf("Trying to access %q", pullSource.Reference) + s, err := newImageSourceAttempt(ctx, sys, pullSource, primaryDomain) + if err == nil { + return s, nil } - - endpointSys := sys - // sys.DockerAuthConfig does not explicitly specify a registry; we must not blindly send the credentials intended for the primary endpoint to mirrors. - if endpointSys != nil && endpointSys.DockerAuthConfig != nil && reference.Domain(dockerRef.ref) != primaryDomain { - copy := *endpointSys - copy.DockerAuthConfig = nil - endpointSys = © + logrus.Debugf("Accessing %q failed: %v", pullSource.Reference, err) + attempts = append(attempts, attempt{ + ref: pullSource.Reference, + err: err, + }) + } + switch len(attempts) { + case 0: + return nil, errors.New("Internal error: newImageSource returned without trying any endpoint") + case 1: + return nil, attempts[0].err // If no mirrors are used, perfectly preserve the error type and add no noise. + default: + // Don’t just build a string, try to preserve the typed error. + primary := &attempts[len(attempts)-1] + extras := []string{} + for i := 0; i < len(attempts)-1; i++ { + // This is difficult to fit into a single-line string, when the error can contain arbitrary strings including any metacharacters we decide to use. + // The paired [] at least have some chance of being unambiguous. + extras = append(extras, fmt.Sprintf("[%s: %v]", attempts[i].ref.String(), attempts[i].err)) } + return nil, errors.Wrapf(primary.err, "(Mirrors also failed: %s): %s", strings.Join(extras, "\n"), primary.ref.String()) + } +} - client, err := newDockerClientFromRef(endpointSys, dockerRef, false, "pull") - if err != nil { - return nil, err - } - client.tlsClientConfig.InsecureSkipVerify = pullSource.Endpoint.Insecure +// newImageSourceAttempt is an internal helper for newImageSource. Everyone else must call newImageSource. +// Given a pullSource and primaryDomain, return a dockerImageSource if it is reachable. +// The caller must call .Close() on the returned ImageSource. +func newImageSourceAttempt(ctx context.Context, sys *types.SystemContext, pullSource sysregistriesv2.PullSource, primaryDomain string) (*dockerImageSource, error) { + ref, err := newReference(pullSource.Reference) + if err != nil { + return nil, err + } - testImageSource := &dockerImageSource{ - ref: dockerRef, - c: client, - } + endpointSys := sys + // sys.DockerAuthConfig does not explicitly specify a registry; we must not blindly send the credentials intended for the primary endpoint to mirrors. + if endpointSys != nil && endpointSys.DockerAuthConfig != nil && reference.Domain(ref.ref) != primaryDomain { + copy := *endpointSys + copy.DockerAuthConfig = nil + endpointSys = © + } - manifestLoadErr = testImageSource.ensureManifestIsLoaded(ctx) - if manifestLoadErr == nil { - return testImageSource, nil - } + client, err := newDockerClientFromRef(endpointSys, ref, false, "pull") + if err != nil { + return nil, err } - return nil, manifestLoadErr + client.tlsClientConfig.InsecureSkipVerify = pullSource.Endpoint.Insecure + + s := &dockerImageSource{ + ref: ref, + c: client, + } + + if err := s.ensureManifestIsLoaded(ctx); err != nil { + return nil, err + } + return s, nil } // Reference returns the reference used to set up this source, _as specified by the user_ @@ -156,7 +192,8 @@ func (s *dockerImageSource) fetchManifest(ctx context.Context, tagOrDigest strin if res.StatusCode != http.StatusOK { return nil, "", errors.Wrapf(client.HandleErrorResponse(res), "Error reading manifest %s in %s", tagOrDigest, s.ref.ref.Name()) } - manblob, err := ioutil.ReadAll(res.Body) + + manblob, err := iolimits.ReadAtMost(res.Body, iolimits.MaxManifestBodySize) if err != nil { return nil, "", err } @@ -239,7 +276,7 @@ func (s *dockerImageSource) GetBlob(ctx context.Context, info types.BlobInfo, ca if err != nil { return nil, 0, err } - if err := httpResponseToError(res); err != nil { + if err := httpResponseToError(res, "Error fetching blob"); err != nil { return nil, 0, err } cache.RecordKnownLocation(s.ref.Transport(), bicTransportScope(s.ref), info.Digest, newBICLocationReference(s.ref)) @@ -342,7 +379,7 @@ func (s *dockerImageSource) getOneSignature(ctx context.Context, url *url.URL) ( } else if res.StatusCode != http.StatusOK { return nil, false, errors.Errorf("Error reading signature from %s: status %d (%s)", url.String(), res.StatusCode, http.StatusText(res.StatusCode)) } - sig, err := ioutil.ReadAll(res.Body) + sig, err := iolimits.ReadAtMost(res.Body, iolimits.MaxSignatureBodySize) if err != nil { return nil, false, err } @@ -401,7 +438,7 @@ func deleteImage(ctx context.Context, sys *types.SystemContext, ref dockerRefere return err } defer get.Body.Close() - manifestBody, err := ioutil.ReadAll(get.Body) + manifestBody, err := iolimits.ReadAtMost(get.Body, iolimits.MaxManifestBodySize) if err != nil { return err } @@ -424,7 +461,7 @@ func deleteImage(ctx context.Context, sys *types.SystemContext, ref dockerRefere } defer delete.Body.Close() - body, err := ioutil.ReadAll(delete.Body) + body, err := iolimits.ReadAtMost(delete.Body, iolimits.MaxErrorBodySize) if err != nil { return err } diff --git a/vendor/github.com/containers/image/v5/docker/errors.go b/vendor/github.com/containers/image/v5/docker/errors.go index 860868f41..f626cc7da 100644 --- a/vendor/github.com/containers/image/v5/docker/errors.go +++ b/vendor/github.com/containers/image/v5/docker/errors.go @@ -14,7 +14,7 @@ var ( // docker V1 registry. ErrV1NotSupported = errors.New("can't talk to a V1 docker registry") // ErrTooManyRequests is returned when the status code returned is 429 - ErrTooManyRequests = errors.New("too many request to registry") + ErrTooManyRequests = errors.New("too many requests to registry") ) // ErrUnauthorizedForCredentials is returned when the status code returned is 401 @@ -26,9 +26,9 @@ func (e ErrUnauthorizedForCredentials) Error() string { return fmt.Sprintf("unable to retrieve auth token: invalid username/password: %s", e.Err.Error()) } -// httpResponseToError translates the https.Response into an error. It returns +// httpResponseToError translates the https.Response into an error, possibly prefixing it with the supplied context. It returns // nil if the response is not considered an error. -func httpResponseToError(res *http.Response) error { +func httpResponseToError(res *http.Response, context string) error { switch res.StatusCode { case http.StatusOK: return nil @@ -38,6 +38,9 @@ func httpResponseToError(res *http.Response) error { err := client.HandleErrorResponse(res) return ErrUnauthorizedForCredentials{Err: err} default: - return perrors.Errorf("invalid status code from registry %d (%s)", res.StatusCode, http.StatusText(res.StatusCode)) + if context != "" { + context = context + ": " + } + return perrors.Errorf("%sinvalid status code from registry %d (%s)", context, res.StatusCode, http.StatusText(res.StatusCode)) } } diff --git a/vendor/github.com/containers/image/v5/docker/tarfile/dest.go b/vendor/github.com/containers/image/v5/docker/tarfile/dest.go index c322156b5..c171da505 100644 --- a/vendor/github.com/containers/image/v5/docker/tarfile/dest.go +++ b/vendor/github.com/containers/image/v5/docker/tarfile/dest.go @@ -13,6 +13,7 @@ import ( "time" "github.com/containers/image/v5/docker/reference" + "github.com/containers/image/v5/internal/iolimits" "github.com/containers/image/v5/internal/tmpdir" "github.com/containers/image/v5/manifest" "github.com/containers/image/v5/types" @@ -143,7 +144,7 @@ func (d *Destination) PutBlob(ctx context.Context, stream io.Reader, inputInfo t } if isConfig { - buf, err := ioutil.ReadAll(stream) + buf, err := iolimits.ReadAtMost(stream, iolimits.MaxConfigBodySize) if err != nil { return types.BlobInfo{}, errors.Wrap(err, "Error reading Config file stream") } diff --git a/vendor/github.com/containers/image/v5/docker/tarfile/src.go b/vendor/github.com/containers/image/v5/docker/tarfile/src.go index 80dd753e4..c1f1a0f27 100644 --- a/vendor/github.com/containers/image/v5/docker/tarfile/src.go +++ b/vendor/github.com/containers/image/v5/docker/tarfile/src.go @@ -11,6 +11,7 @@ import ( "path" "sync" + "github.com/containers/image/v5/internal/iolimits" "github.com/containers/image/v5/internal/tmpdir" "github.com/containers/image/v5/manifest" "github.com/containers/image/v5/pkg/compression" @@ -203,13 +204,13 @@ func findTarComponent(inputFile io.Reader, path string) (*tar.Reader, *tar.Heade } // readTarComponent returns full contents of componentPath. -func (s *Source) readTarComponent(path string) ([]byte, error) { +func (s *Source) readTarComponent(path string, limit int) ([]byte, error) { file, err := s.openTarComponent(path) if err != nil { return nil, errors.Wrapf(err, "Error loading tar component %s", path) } defer file.Close() - bytes, err := ioutil.ReadAll(file) + bytes, err := iolimits.ReadAtMost(file, limit) if err != nil { return nil, err } @@ -240,7 +241,7 @@ func (s *Source) ensureCachedDataIsPresentPrivate() error { } // Read and parse config. - configBytes, err := s.readTarComponent(tarManifest[0].Config) + configBytes, err := s.readTarComponent(tarManifest[0].Config, iolimits.MaxConfigBodySize) if err != nil { return err } @@ -266,7 +267,7 @@ func (s *Source) ensureCachedDataIsPresentPrivate() error { // loadTarManifest loads and decodes the manifest.json. func (s *Source) loadTarManifest() ([]ManifestItem, error) { // FIXME? Do we need to deal with the legacy format? - bytes, err := s.readTarComponent(manifestFileName) + bytes, err := s.readTarComponent(manifestFileName, iolimits.MaxTarFileManifestSize) if err != nil { return nil, err } diff --git a/vendor/github.com/containers/image/v5/image/docker_schema2.go b/vendor/github.com/containers/image/v5/image/docker_schema2.go index 7891562b7..1e2114d7e 100644 --- a/vendor/github.com/containers/image/v5/image/docker_schema2.go +++ b/vendor/github.com/containers/image/v5/image/docker_schema2.go @@ -7,10 +7,10 @@ import ( "encoding/hex" "encoding/json" "fmt" - "io/ioutil" "strings" "github.com/containers/image/v5/docker/reference" + "github.com/containers/image/v5/internal/iolimits" "github.com/containers/image/v5/manifest" "github.com/containers/image/v5/pkg/blobinfocache/none" "github.com/containers/image/v5/types" @@ -102,7 +102,7 @@ func (m *manifestSchema2) ConfigBlob(ctx context.Context) ([]byte, error) { return nil, err } defer stream.Close() - blob, err := ioutil.ReadAll(stream) + blob, err := iolimits.ReadAtMost(stream, iolimits.MaxConfigBodySize) if err != nil { return nil, err } diff --git a/vendor/github.com/containers/image/v5/image/oci.go b/vendor/github.com/containers/image/v5/image/oci.go index 059d84977..b5ddb9aaa 100644 --- a/vendor/github.com/containers/image/v5/image/oci.go +++ b/vendor/github.com/containers/image/v5/image/oci.go @@ -4,9 +4,9 @@ import ( "context" "encoding/json" "fmt" - "io/ioutil" "github.com/containers/image/v5/docker/reference" + "github.com/containers/image/v5/internal/iolimits" "github.com/containers/image/v5/manifest" "github.com/containers/image/v5/pkg/blobinfocache/none" "github.com/containers/image/v5/types" @@ -67,7 +67,7 @@ func (m *manifestOCI1) ConfigBlob(ctx context.Context) ([]byte, error) { return nil, err } defer stream.Close() - blob, err := ioutil.ReadAll(stream) + blob, err := iolimits.ReadAtMost(stream, iolimits.MaxConfigBodySize) if err != nil { return nil, err } diff --git a/vendor/github.com/containers/image/v5/internal/iolimits/iolimits.go b/vendor/github.com/containers/image/v5/internal/iolimits/iolimits.go new file mode 100644 index 000000000..3fed1995c --- /dev/null +++ b/vendor/github.com/containers/image/v5/internal/iolimits/iolimits.go @@ -0,0 +1,60 @@ +package iolimits + +import ( + "io" + "io/ioutil" + + "github.com/pkg/errors" +) + +// All constants below are intended to be used as limits for `ReadAtMost`. The +// immediate use-case for limiting the size of in-memory copied data is to +// protect against OOM DOS attacks as described inCVE-2020-1702. Instead of +// copying data until running out of memory, we error out after hitting the +// specified limit. +const ( + // megaByte denotes one megabyte and is intended to be used as a limit in + // `ReadAtMost`. + megaByte = 1 << 20 + // MaxManifestBodySize is the maximum allowed size of a manifest. The limit + // of 4 MB aligns with the one of a Docker registry: + // https://github.com/docker/distribution/blob/a8371794149d1d95f1e846744b05c87f2f825e5a/registry/handlers/manifests.go#L30 + MaxManifestBodySize = 4 * megaByte + // MaxAuthTokenBodySize is the maximum allowed size of an auth token. + // The limit of 1 MB is considered to be greatly sufficient. + MaxAuthTokenBodySize = megaByte + // MaxSignatureListBodySize is the maximum allowed size of a signature list. + // The limit of 4 MB is considered to be greatly sufficient. + MaxSignatureListBodySize = 4 * megaByte + // MaxSignatureBodySize is the maximum allowed size of a signature. + // The limit of 4 MB is considered to be greatly sufficient. + MaxSignatureBodySize = 4 * megaByte + // MaxErrorBodySize is the maximum allowed size of an error-response body. + // The limit of 1 MB is considered to be greatly sufficient. + MaxErrorBodySize = megaByte + // MaxConfigBodySize is the maximum allowed size of a config blob. + // The limit of 4 MB is considered to be greatly sufficient. + MaxConfigBodySize = 4 * megaByte + // MaxOpenShiftStatusBody is the maximum allowed size of an OpenShift status body. + // The limit of 4 MB is considered to be greatly sufficient. + MaxOpenShiftStatusBody = 4 * megaByte + // MaxTarFileManifestSize is the maximum allowed size of a (docker save)-like manifest (which may contain multiple images) + // The limit of 1 MB is considered to be greatly sufficient. + MaxTarFileManifestSize = megaByte +) + +// ReadAtMost reads from reader and errors out if the specified limit (in bytes) is exceeded. +func ReadAtMost(reader io.Reader, limit int) ([]byte, error) { + limitedReader := io.LimitReader(reader, int64(limit+1)) + + res, err := ioutil.ReadAll(limitedReader) + if err != nil { + return nil, err + } + + if len(res) > limit { + return nil, errors.Errorf("exceeded maximum allowed size of %d bytes", limit) + } + + return res, nil +} diff --git a/vendor/github.com/containers/image/v5/openshift/openshift.go b/vendor/github.com/containers/image/v5/openshift/openshift.go index b9242da6e..28bfc456d 100644 --- a/vendor/github.com/containers/image/v5/openshift/openshift.go +++ b/vendor/github.com/containers/image/v5/openshift/openshift.go @@ -7,13 +7,13 @@ import ( "encoding/json" "fmt" "io" - "io/ioutil" "net/http" "net/url" "strings" "github.com/containers/image/v5/docker" "github.com/containers/image/v5/docker/reference" + "github.com/containers/image/v5/internal/iolimits" "github.com/containers/image/v5/manifest" "github.com/containers/image/v5/types" "github.com/containers/image/v5/version" @@ -102,7 +102,7 @@ func (c *openshiftClient) doRequest(ctx context.Context, method, path string, re return nil, err } defer res.Body.Close() - body, err := ioutil.ReadAll(res.Body) + body, err := iolimits.ReadAtMost(res.Body, iolimits.MaxOpenShiftStatusBody) if err != nil { return nil, err } diff --git a/vendor/github.com/containers/image/v5/signature/mechanism_gpgme.go b/vendor/github.com/containers/image/v5/signature/mechanism_gpgme.go index 4825ab27c..277fba16b 100644 --- a/vendor/github.com/containers/image/v5/signature/mechanism_gpgme.go +++ b/vendor/github.com/containers/image/v5/signature/mechanism_gpgme.go @@ -139,7 +139,7 @@ func (m *gpgmeSigningMechanism) Sign(input []byte, keyIdentity string) ([]byte, } // Verify parses unverifiedSignature and returns the content and the signer's identity -func (m gpgmeSigningMechanism) Verify(unverifiedSignature []byte) (contents []byte, keyIdentity string, err error) { +func (m *gpgmeSigningMechanism) Verify(unverifiedSignature []byte) (contents []byte, keyIdentity string, err error) { signedBuffer := bytes.Buffer{} signedData, err := gpgme.NewDataWriter(&signedBuffer) if err != nil { @@ -170,6 +170,6 @@ func (m gpgmeSigningMechanism) Verify(unverifiedSignature []byte) (contents []by // WARNING: The short key identifier (which correponds to "Key ID" for OpenPGP keys) // is NOT the same as a "key identity" used in other calls ot this interface, and // the values may have no recognizable relationship if the public key is not available. -func (m gpgmeSigningMechanism) UntrustedSignatureContents(untrustedSignature []byte) (untrustedContents []byte, shortKeyIdentifier string, err error) { +func (m *gpgmeSigningMechanism) UntrustedSignatureContents(untrustedSignature []byte) (untrustedContents []byte, shortKeyIdentifier string, err error) { return gpgUntrustedSignatureContents(untrustedSignature) } diff --git a/vendor/github.com/containers/image/v5/signature/mechanism_openpgp.go b/vendor/github.com/containers/image/v5/signature/mechanism_openpgp.go index eccd610c9..51f20f310 100644 --- a/vendor/github.com/containers/image/v5/signature/mechanism_openpgp.go +++ b/vendor/github.com/containers/image/v5/signature/mechanism_openpgp.go @@ -154,6 +154,6 @@ func (m *openpgpSigningMechanism) Verify(unverifiedSignature []byte) (contents [ // WARNING: The short key identifier (which correponds to "Key ID" for OpenPGP keys) // is NOT the same as a "key identity" used in other calls ot this interface, and // the values may have no recognizable relationship if the public key is not available. -func (m openpgpSigningMechanism) UntrustedSignatureContents(untrustedSignature []byte) (untrustedContents []byte, shortKeyIdentifier string, err error) { +func (m *openpgpSigningMechanism) UntrustedSignatureContents(untrustedSignature []byte) (untrustedContents []byte, shortKeyIdentifier string, err error) { return gpgUntrustedSignatureContents(untrustedSignature) } diff --git a/vendor/github.com/containers/image/v5/types/types.go b/vendor/github.com/containers/image/v5/types/types.go index d38a17fab..ba249ca25 100644 --- a/vendor/github.com/containers/image/v5/types/types.go +++ b/vendor/github.com/containers/image/v5/types/types.go @@ -547,6 +547,8 @@ type SystemContext struct { // Note that this field is used mainly to integrate containers/image into projectatomic/docker // in order to not break any existing docker's integration tests. DockerDisableV1Ping bool + // If true, dockerImageDestination.SupportedManifestMIMETypes will omit the Schema1 media types from the supported list + DockerDisableDestSchema1MIMETypes bool // Directory to use for OSTree temporary files OSTreeTmpDirPath string diff --git a/vendor/github.com/containers/image/v5/version/version.go b/vendor/github.com/containers/image/v5/version/version.go index a92774466..0fd7a4a37 100644 --- a/vendor/github.com/containers/image/v5/version/version.go +++ b/vendor/github.com/containers/image/v5/version/version.go @@ -6,9 +6,9 @@ const ( // VersionMajor is for an API incompatible changes VersionMajor = 5 // VersionMinor is for functionality in a backwards-compatible manner - VersionMinor = 1 + VersionMinor = 2 // VersionPatch is for backwards-compatible bug fixes - VersionPatch = 0 + VersionPatch = 1 // VersionDev indicates development branch. Releases will be empty string. VersionDev = "" diff --git a/vendor/github.com/mtrmac/gpgme/.appveyor.yml b/vendor/github.com/mtrmac/gpgme/.appveyor.yml new file mode 100644 index 000000000..2fdc09ab5 --- /dev/null +++ b/vendor/github.com/mtrmac/gpgme/.appveyor.yml @@ -0,0 +1,40 @@ +--- +version: 0.{build} +platform: x86 +branches: + only: + - master + +clone_folder: c:\gopath\src\github.com\proglottis\gpgme + +environment: + GOPATH: c:\gopath + GOROOT: C:\go-x86 + CGO_LDFLAGS: -LC:\gpg\lib + CGO_CFLAGS: -IC:\gpg\include + GPG_DIR: C:\gpg + +install: + - nuget install 7ZipCLI -ExcludeVersion + - set PATH=%appveyor_build_folder%\7ZipCLI\tools;%PATH% + - appveyor DownloadFile https://www.gnupg.org/ftp/gcrypt/binary/gnupg-w32-2.1.20_20170403.exe -FileName gnupg-w32-2.1.20_20170403.exe + - 7z x -o%GPG_DIR% gnupg-w32-2.1.20_20170403.exe + - copy "%GPG_DIR%\lib\libgpg-error.imp" "%GPG_DIR%\lib\libgpg-error.a" + - copy "%GPG_DIR%\lib\libassuan.imp" "%GPG_DIR%\lib\libassuan.a" + - copy "%GPG_DIR%\lib\libgpgme.imp" "%GPG_DIR%\lib\libgpgme.a" + - set PATH=%GOPATH%\bin;%GOROOT%\bin;%GPG_DIR%\bin;C:\MinGW\bin;%PATH% + - C:\cygwin\bin\sed -i 's/"GPG_AGENT_INFO"/"GPG_AGENT_INFO="/;s/C.unsetenv(v)/C.putenv(v)/' %APPVEYOR_BUILD_FOLDER%\gpgme.go + +test_script: + - go test -v github.com/proglottis/gpgme + + +build_script: + - go build -o example_decrypt.exe -i %APPVEYOR_BUILD_FOLDER%\examples\decrypt.go + - go build -o example_encrypt.exe -i %APPVEYOR_BUILD_FOLDER%\examples\encrypt.go + +artifacts: + - path: example_decrypt.exe + name: decrypt example binary + - path: example_encrypt.exe + name: encrypt example binary
\ No newline at end of file diff --git a/vendor/github.com/mtrmac/gpgme/.travis.yml b/vendor/github.com/mtrmac/gpgme/.travis.yml new file mode 100644 index 000000000..619e33721 --- /dev/null +++ b/vendor/github.com/mtrmac/gpgme/.travis.yml @@ -0,0 +1,32 @@ +--- +language: go +os: + - linux + - osx + - windows +dist: xenial +sudo: false + +go: + - 1.11 + - 1.12 + - 1.13 + +addons: + apt: + packages: + - libgpgme11-dev + homebrew: + packages: + - gnupg + - gnupg@1.4 + - gpgme + update: true + +matrix: + allow_failures: + - os: windows + +before_install: + - if [[ "$TRAVIS_OS_NAME" == "windows" ]]; then choco install msys2; fi + - if [[ "$TRAVIS_OS_NAME" == "windows" ]]; then choco install gpg4win; fi diff --git a/vendor/github.com/mtrmac/gpgme/data.go b/vendor/github.com/mtrmac/gpgme/data.go index eebc97263..eee32c032 100644 --- a/vendor/github.com/mtrmac/gpgme/data.go +++ b/vendor/github.com/mtrmac/gpgme/data.go @@ -50,25 +50,25 @@ func gogpgme_writefunc(handle, buffer unsafe.Pointer, size C.size_t) C.ssize_t { } //export gogpgme_seekfunc -func gogpgme_seekfunc(handle unsafe.Pointer, offset C.off_t, whence C.int) C.off_t { +func gogpgme_seekfunc(handle unsafe.Pointer, offset C.gpgme_off_t, whence C.int) C.gpgme_off_t { d := callbackLookup(uintptr(handle)).(*Data) n, err := d.s.Seek(int64(offset), int(whence)) if err != nil { C.gpgme_err_set_errno(C.EIO) return -1 } - return C.off_t(n) + return C.gpgme_off_t(n) } // The Data buffer used to communicate with GPGME type Data struct { - dh C.gpgme_data_t + dh C.gpgme_data_t // WARNING: Call runtime.KeepAlive(d) after ANY passing of d.dh to C buf []byte cbs C.struct_gpgme_data_cbs r io.Reader w io.Writer s io.Seeker - cbc uintptr + cbc uintptr // WARNING: Call runtime.KeepAlive(d) after ANY use of d.cbc in C (typically via d.dh) } func newData() *Data { @@ -154,12 +154,14 @@ func (d *Data) Close() error { callbackDelete(d.cbc) } _, err := C.gpgme_data_release(d.dh) + runtime.KeepAlive(d) d.dh = nil return err } func (d *Data) Write(p []byte) (int, error) { n, err := C.gpgme_data_write(d.dh, unsafe.Pointer(&p[0]), C.size_t(len(p))) + runtime.KeepAlive(d) if err != nil { return 0, err } @@ -171,6 +173,7 @@ func (d *Data) Write(p []byte) (int, error) { func (d *Data) Read(p []byte) (int, error) { n, err := C.gpgme_data_read(d.dh, unsafe.Pointer(&p[0]), C.size_t(len(p))) + runtime.KeepAlive(d) if err != nil { return 0, err } @@ -181,11 +184,14 @@ func (d *Data) Read(p []byte) (int, error) { } func (d *Data) Seek(offset int64, whence int) (int64, error) { - n, err := C.gpgme_data_seek(d.dh, C.off_t(offset), C.int(whence)) + n, err := C.gogpgme_data_seek(d.dh, C.gpgme_off_t(offset), C.int(whence)) + runtime.KeepAlive(d) return int64(n), err } // Name returns the associated filename if any func (d *Data) Name() string { - return C.GoString(C.gpgme_data_get_file_name(d.dh)) + res := C.GoString(C.gpgme_data_get_file_name(d.dh)) + runtime.KeepAlive(d) + return res } diff --git a/vendor/github.com/mtrmac/gpgme/go.mod b/vendor/github.com/mtrmac/gpgme/go.mod new file mode 100644 index 000000000..3dd09c9fb --- /dev/null +++ b/vendor/github.com/mtrmac/gpgme/go.mod @@ -0,0 +1,3 @@ +module github.com/mtrmac/gpgme + +go 1.11 diff --git a/vendor/github.com/mtrmac/gpgme/go_gpgme.c b/vendor/github.com/mtrmac/gpgme/go_gpgme.c index b887574e0..00da3ab30 100644 --- a/vendor/github.com/mtrmac/gpgme/go_gpgme.c +++ b/vendor/github.com/mtrmac/gpgme/go_gpgme.c @@ -8,6 +8,28 @@ void gogpgme_set_passphrase_cb(gpgme_ctx_t ctx, gpgme_passphrase_cb_t cb, uintpt gpgme_set_passphrase_cb(ctx, cb, (void *)handle); } +gpgme_off_t gogpgme_data_seek(gpgme_data_t dh, gpgme_off_t offset, int whence) { + return gpgme_data_seek(dh, offset, whence); +} + +gpgme_error_t gogpgme_op_assuan_transact_ext( + gpgme_ctx_t ctx, + char* cmd, + uintptr_t data_h, + uintptr_t inquiry_h, + uintptr_t status_h, + gpgme_error_t *operr + ){ + return gpgme_op_assuan_transact_ext( + ctx, + cmd, + (gpgme_assuan_data_cb_t) gogpgme_assuan_data_callback, (void *)data_h, + (gpgme_assuan_inquire_cb_t) gogpgme_assuan_inquiry_callback, (void *)inquiry_h, + (gpgme_assuan_status_cb_t) gogpgme_assuan_status_callback, (void *)status_h, + operr + ); +} + unsigned int key_revoked(gpgme_key_t k) { return k->revoked; } diff --git a/vendor/github.com/mtrmac/gpgme/go_gpgme.h b/vendor/github.com/mtrmac/gpgme/go_gpgme.h index a3678b127..d4826ab36 100644 --- a/vendor/github.com/mtrmac/gpgme/go_gpgme.h +++ b/vendor/github.com/mtrmac/gpgme/go_gpgme.h @@ -6,12 +6,24 @@ #include <gpgme.h> +/* GPGME_VERSION_NUMBER was introduced in 1.4.0 */ +#if !defined(GPGME_VERSION_NUMBER) || GPGME_VERSION_NUMBER < 0x010402 +typedef off_t gpgme_off_t; /* Introduced in 1.4.2 */ +#endif + extern ssize_t gogpgme_readfunc(void *handle, void *buffer, size_t size); extern ssize_t gogpgme_writefunc(void *handle, void *buffer, size_t size); extern off_t gogpgme_seekfunc(void *handle, off_t offset, int whence); extern gpgme_error_t gogpgme_passfunc(void *hook, char *uid_hint, char *passphrase_info, int prev_was_bad, int fd); extern gpgme_error_t gogpgme_data_new_from_cbs(gpgme_data_t *dh, gpgme_data_cbs_t cbs, uintptr_t handle); extern void gogpgme_set_passphrase_cb(gpgme_ctx_t ctx, gpgme_passphrase_cb_t cb, uintptr_t handle); +extern gpgme_off_t gogpgme_data_seek(gpgme_data_t dh, gpgme_off_t offset, int whence); + +extern gpgme_error_t gogpgme_op_assuan_transact_ext(gpgme_ctx_t ctx, char *cmd, uintptr_t data_h, uintptr_t inquiry_h , uintptr_t status_h, gpgme_error_t *operr); + +extern gpgme_error_t gogpgme_assuan_data_callback(void *opaque, void* data, size_t datalen ); +extern gpgme_error_t gogpgme_assuan_inquiry_callback(void *opaque, char* name, char* args); +extern gpgme_error_t gogpgme_assuan_status_callback(void *opaque, char* status, char* args); extern unsigned int key_revoked(gpgme_key_t k); extern unsigned int key_expired(gpgme_key_t k); diff --git a/vendor/github.com/mtrmac/gpgme/gpgme.go b/vendor/github.com/mtrmac/gpgme/gpgme.go index 20aad737c..c19b9aebc 100644 --- a/vendor/github.com/mtrmac/gpgme/gpgme.go +++ b/vendor/github.com/mtrmac/gpgme/gpgme.go @@ -7,7 +7,6 @@ package gpgme // #include <gpgme.h> // #include "go_gpgme.h" import "C" - import ( "fmt" "io" @@ -48,9 +47,8 @@ const ( ProtocolAssuan Protocol = C.GPGME_PROTOCOL_ASSUAN ProtocolG13 Protocol = C.GPGME_PROTOCOL_G13 ProtocolUIServer Protocol = C.GPGME_PROTOCOL_UISERVER - // ProtocolSpawn Protocol = C.GPGME_PROTOCOL_SPAWN // Unavailable in 1.4.3 - ProtocolDefault Protocol = C.GPGME_PROTOCOL_DEFAULT - ProtocolUnknown Protocol = C.GPGME_PROTOCOL_UNKNOWN + ProtocolDefault Protocol = C.GPGME_PROTOCOL_DEFAULT + ProtocolUnknown Protocol = C.GPGME_PROTOCOL_UNKNOWN ) type PinEntryMode int @@ -70,7 +68,6 @@ const ( EncryptNoEncryptTo EncryptFlag = C.GPGME_ENCRYPT_NO_ENCRYPT_TO EncryptPrepare EncryptFlag = C.GPGME_ENCRYPT_PREPARE EncryptExceptSign EncryptFlag = C.GPGME_ENCRYPT_EXPECT_SIGN - // EncryptNoCompress EncryptFlag = C.GPGME_ENCRYPT_NO_COMPRESS // Unavailable in 1.4.3 ) type HashAlgo int @@ -84,7 +81,6 @@ const ( KeyListModeExtern KeyListMode = C.GPGME_KEYLIST_MODE_EXTERN KeyListModeSigs KeyListMode = C.GPGME_KEYLIST_MODE_SIGS KeyListModeSigNotations KeyListMode = C.GPGME_KEYLIST_MODE_SIG_NOTATIONS - // KeyListModeWithSecret KeyListMode = C.GPGME_KEYLIST_MODE_WITH_SECRET // Unavailable in 1.4.3 KeyListModeEphemeral KeyListMode = C.GPGME_KEYLIST_MODE_EPHEMERAL KeyListModeModeValidate KeyListMode = C.GPGME_KEYLIST_MODE_VALIDATE ) @@ -168,39 +164,60 @@ func EngineCheckVersion(p Protocol) error { } type EngineInfo struct { - info C.gpgme_engine_info_t + next *EngineInfo + protocol Protocol + fileName string + homeDir string + version string + requiredVersion string } -func (e *EngineInfo) Next() *EngineInfo { - if e.info.next == nil { - return nil +func copyEngineInfo(info C.gpgme_engine_info_t) *EngineInfo { + res := &EngineInfo{ + next: nil, + protocol: Protocol(info.protocol), + fileName: C.GoString(info.file_name), + homeDir: C.GoString(info.home_dir), + version: C.GoString(info.version), + requiredVersion: C.GoString(info.req_version), + } + if info.next != nil { + res.next = copyEngineInfo(info.next) } - return &EngineInfo{info: e.info.next} + return res +} + +func (e *EngineInfo) Next() *EngineInfo { + return e.next } func (e *EngineInfo) Protocol() Protocol { - return Protocol(e.info.protocol) + return e.protocol } func (e *EngineInfo) FileName() string { - return C.GoString(e.info.file_name) + return e.fileName } func (e *EngineInfo) Version() string { - return C.GoString(e.info.version) + return e.version } func (e *EngineInfo) RequiredVersion() string { - return C.GoString(e.info.req_version) + return e.requiredVersion } func (e *EngineInfo) HomeDir() string { - return C.GoString(e.info.home_dir) + return e.homeDir } func GetEngineInfo() (*EngineInfo, error) { - info := &EngineInfo{} - return info, handleError(C.gpgme_get_engine_info(&info.info)) + var cInfo C.gpgme_engine_info_t + err := handleError(C.gpgme_get_engine_info(&cInfo)) + if err != nil { + return nil, err + } + return copyEngineInfo(cInfo), nil // It is up to the caller not to invalidate cInfo concurrently until this is done. } func SetEngineInfo(proto Protocol, fileName, homeDir string) error { @@ -261,9 +278,9 @@ type Context struct { KeyError error callback Callback - cbc uintptr + cbc uintptr // WARNING: Call runtime.KeepAlive(c) after ANY use of c.cbc in C (typically via c.ctx) - ctx C.gpgme_ctx_t + ctx C.gpgme_ctx_t // WARNING: Call runtime.KeepAlive(c) after ANY passing of c.ctx to C } func New() (*Context, error) { @@ -281,49 +298,68 @@ func (c *Context) Release() { callbackDelete(c.cbc) } C.gpgme_release(c.ctx) + runtime.KeepAlive(c) c.ctx = nil } func (c *Context) SetArmor(yes bool) { C.gpgme_set_armor(c.ctx, cbool(yes)) + runtime.KeepAlive(c) } func (c *Context) Armor() bool { - return C.gpgme_get_armor(c.ctx) != 0 + res := C.gpgme_get_armor(c.ctx) != 0 + runtime.KeepAlive(c) + return res } func (c *Context) SetTextMode(yes bool) { C.gpgme_set_textmode(c.ctx, cbool(yes)) + runtime.KeepAlive(c) } func (c *Context) TextMode() bool { - return C.gpgme_get_textmode(c.ctx) != 0 + res := C.gpgme_get_textmode(c.ctx) != 0 + runtime.KeepAlive(c) + return res } func (c *Context) SetProtocol(p Protocol) error { - return handleError(C.gpgme_set_protocol(c.ctx, C.gpgme_protocol_t(p))) + err := handleError(C.gpgme_set_protocol(c.ctx, C.gpgme_protocol_t(p))) + runtime.KeepAlive(c) + return err } func (c *Context) Protocol() Protocol { - return Protocol(C.gpgme_get_protocol(c.ctx)) + res := Protocol(C.gpgme_get_protocol(c.ctx)) + runtime.KeepAlive(c) + return res } func (c *Context) SetKeyListMode(m KeyListMode) error { - return handleError(C.gpgme_set_keylist_mode(c.ctx, C.gpgme_keylist_mode_t(m))) + err := handleError(C.gpgme_set_keylist_mode(c.ctx, C.gpgme_keylist_mode_t(m))) + runtime.KeepAlive(c) + return err } func (c *Context) KeyListMode() KeyListMode { - return KeyListMode(C.gpgme_get_keylist_mode(c.ctx)) + res := KeyListMode(C.gpgme_get_keylist_mode(c.ctx)) + runtime.KeepAlive(c) + return res } // Unavailable in 1.3.2: // func (c *Context) SetPinEntryMode(m PinEntryMode) error { -// return handleError(C.gpgme_set_pinentry_mode(c.ctx, C.gpgme_pinentry_mode_t(m))) +// err := handleError(C.gpgme_set_pinentry_mode(c.ctx, C.gpgme_pinentry_mode_t(m))) +// runtime.KeepAlive(c) +// return err // } // Unavailable in 1.3.2: // func (c *Context) PinEntryMode() PinEntryMode { -// return PinEntryMode(C.gpgme_get_pinentry_mode(c.ctx)) +// res := PinEntryMode(C.gpgme_get_pinentry_mode(c.ctx)) +// runtime.KeepAlive(c) +// return res // } func (c *Context) SetCallback(callback Callback) error { @@ -340,11 +376,17 @@ func (c *Context) SetCallback(callback Callback) error { c.cbc = 0 _, err = C.gogpgme_set_passphrase_cb(c.ctx, nil, 0) } + runtime.KeepAlive(c) return err } func (c *Context) EngineInfo() *EngineInfo { - return &EngineInfo{info: C.gpgme_ctx_get_engine_info(c.ctx)} + cInfo := C.gpgme_ctx_get_engine_info(c.ctx) + runtime.KeepAlive(c) + // NOTE: c must be live as long as we are accessing cInfo. + res := copyEngineInfo(cInfo) + runtime.KeepAlive(c) // for accesses to cInfo + return res } func (c *Context) SetEngineInfo(proto Protocol, fileName, homeDir string) error { @@ -357,19 +399,23 @@ func (c *Context) SetEngineInfo(proto Protocol, fileName, homeDir string) error chome = C.CString(homeDir) defer C.free(unsafe.Pointer(chome)) } - return handleError(C.gpgme_ctx_set_engine_info(c.ctx, C.gpgme_protocol_t(proto), cfn, chome)) + err := handleError(C.gpgme_ctx_set_engine_info(c.ctx, C.gpgme_protocol_t(proto), cfn, chome)) + runtime.KeepAlive(c) + return err } func (c *Context) KeyListStart(pattern string, secretOnly bool) error { cpattern := C.CString(pattern) defer C.free(unsafe.Pointer(cpattern)) - err := C.gpgme_op_keylist_start(c.ctx, cpattern, cbool(secretOnly)) - return handleError(err) + err := handleError(C.gpgme_op_keylist_start(c.ctx, cpattern, cbool(secretOnly))) + runtime.KeepAlive(c) + return err } func (c *Context) KeyListNext() bool { c.Key = newKey() err := handleError(C.gpgme_op_keylist_next(c.ctx, &c.Key.k)) + runtime.KeepAlive(c) // implies runtime.KeepAlive(c.Key) if err != nil { if e, ok := err.(Error); ok && e.Code() == ErrorEOF { c.KeyError = nil @@ -383,7 +429,9 @@ func (c *Context) KeyListNext() bool { } func (c *Context) KeyListEnd() error { - return handleError(C.gpgme_op_keylist_end(c.ctx)) + err := handleError(C.gpgme_op_keylist_end(c.ctx)) + runtime.KeepAlive(c) + return err } func (c *Context) GetKey(fingerprint string, secret bool) (*Key, error) { @@ -391,7 +439,11 @@ func (c *Context) GetKey(fingerprint string, secret bool) (*Key, error) { cfpr := C.CString(fingerprint) defer C.free(unsafe.Pointer(cfpr)) err := handleError(C.gpgme_get_key(c.ctx, cfpr, &key.k, cbool(secret))) - if e, ok := err.(Error); key.k == nil && ok && e.Code() == ErrorEOF { + runtime.KeepAlive(c) + runtime.KeepAlive(key) + keyKIsNil := key.k == nil + runtime.KeepAlive(key) + if e, ok := err.(Error); keyKIsNil && ok && e.Code() == ErrorEOF { return nil, fmt.Errorf("key %q not found", fingerprint) } if err != nil { @@ -401,11 +453,19 @@ func (c *Context) GetKey(fingerprint string, secret bool) (*Key, error) { } func (c *Context) Decrypt(ciphertext, plaintext *Data) error { - return handleError(C.gpgme_op_decrypt(c.ctx, ciphertext.dh, plaintext.dh)) + err := handleError(C.gpgme_op_decrypt(c.ctx, ciphertext.dh, plaintext.dh)) + runtime.KeepAlive(c) + runtime.KeepAlive(ciphertext) + runtime.KeepAlive(plaintext) + return err } func (c *Context) DecryptVerify(ciphertext, plaintext *Data) error { - return handleError(C.gpgme_op_decrypt_verify(c.ctx, ciphertext.dh, plaintext.dh)) + err := handleError(C.gpgme_op_decrypt_verify(c.ctx, ciphertext.dh, plaintext.dh)) + runtime.KeepAlive(c) + runtime.KeepAlive(ciphertext) + runtime.KeepAlive(plaintext) + return err } type Signature struct { @@ -432,10 +492,20 @@ func (c *Context) Verify(sig, signedText, plain *Data) (string, []Signature, err plainPtr = plain.dh } err := handleError(C.gpgme_op_verify(c.ctx, sig.dh, signedTextPtr, plainPtr)) + runtime.KeepAlive(c) + runtime.KeepAlive(sig) + if signedText != nil { + runtime.KeepAlive(signedText) + } + if plain != nil { + runtime.KeepAlive(plain) + } if err != nil { return "", nil, err } res := C.gpgme_op_verify_result(c.ctx) + runtime.KeepAlive(c) + // NOTE: c must be live as long as we are accessing res. sigs := []Signature{} for s := res.signatures; s != nil; s = s.next { sig := Signature{ @@ -455,7 +525,9 @@ func (c *Context) Verify(sig, signedText, plain *Data) (string, []Signature, err } sigs = append(sigs, sig) } - return C.GoString(res.file_name), sigs, nil + fileName := C.GoString(res.file_name) + runtime.KeepAlive(c) // for all accesses to res above + return fileName, sigs, nil } func (c *Context) Encrypt(recipients []*Key, flags EncryptFlag, plaintext, ciphertext *Data) error { @@ -467,18 +539,116 @@ func (c *Context) Encrypt(recipients []*Key, flags EncryptFlag, plaintext, ciphe *ptr = recipients[i].k } err := C.gpgme_op_encrypt(c.ctx, (*C.gpgme_key_t)(recp), C.gpgme_encrypt_flags_t(flags), plaintext.dh, ciphertext.dh) + runtime.KeepAlive(c) + runtime.KeepAlive(recipients) + runtime.KeepAlive(plaintext) + runtime.KeepAlive(ciphertext) return handleError(err) } func (c *Context) Sign(signers []*Key, plain, sig *Data, mode SigMode) error { C.gpgme_signers_clear(c.ctx) + runtime.KeepAlive(c) for _, k := range signers { - if err := handleError(C.gpgme_signers_add(c.ctx, k.k)); err != nil { + err := handleError(C.gpgme_signers_add(c.ctx, k.k)) + runtime.KeepAlive(c) + runtime.KeepAlive(k) + if err != nil { C.gpgme_signers_clear(c.ctx) + runtime.KeepAlive(c) return err } } - return handleError(C.gpgme_op_sign(c.ctx, plain.dh, sig.dh, C.gpgme_sig_mode_t(mode))) + err := handleError(C.gpgme_op_sign(c.ctx, plain.dh, sig.dh, C.gpgme_sig_mode_t(mode))) + runtime.KeepAlive(c) + runtime.KeepAlive(plain) + runtime.KeepAlive(sig) + return err +} + +type AssuanDataCallback func(data []byte) error +type AssuanInquireCallback func(name, args string) error +type AssuanStatusCallback func(status, args string) error + +// AssuanSend sends a raw Assuan command to gpg-agent +func (c *Context) AssuanSend( + cmd string, + data AssuanDataCallback, + inquiry AssuanInquireCallback, + status AssuanStatusCallback, +) error { + var operr C.gpgme_error_t + + dataPtr := callbackAdd(&data) + inquiryPtr := callbackAdd(&inquiry) + statusPtr := callbackAdd(&status) + cmdCStr := C.CString(cmd) + defer C.free(unsafe.Pointer(cmdCStr)) + err := C.gogpgme_op_assuan_transact_ext( + c.ctx, + cmdCStr, + C.uintptr_t(dataPtr), + C.uintptr_t(inquiryPtr), + C.uintptr_t(statusPtr), + &operr, + ) + runtime.KeepAlive(c) + + if handleError(operr) != nil { + return handleError(operr) + } + return handleError(err) +} + +//export gogpgme_assuan_data_callback +func gogpgme_assuan_data_callback(handle unsafe.Pointer, data unsafe.Pointer, datalen C.size_t) C.gpgme_error_t { + c := callbackLookup(uintptr(handle)).(*AssuanDataCallback) + if *c == nil { + return 0 + } + (*c)(C.GoBytes(data, C.int(datalen))) + return 0 +} + +//export gogpgme_assuan_inquiry_callback +func gogpgme_assuan_inquiry_callback(handle unsafe.Pointer, cName *C.char, cArgs *C.char) C.gpgme_error_t { + name := C.GoString(cName) + args := C.GoString(cArgs) + c := callbackLookup(uintptr(handle)).(*AssuanInquireCallback) + if *c == nil { + return 0 + } + (*c)(name, args) + return 0 +} + +//export gogpgme_assuan_status_callback +func gogpgme_assuan_status_callback(handle unsafe.Pointer, cStatus *C.char, cArgs *C.char) C.gpgme_error_t { + status := C.GoString(cStatus) + args := C.GoString(cArgs) + c := callbackLookup(uintptr(handle)).(*AssuanStatusCallback) + if *c == nil { + return 0 + } + (*c)(status, args) + return 0 +} + +// ExportModeFlags defines how keys are exported from Export +type ExportModeFlags uint + +const ( + ExportModeExtern ExportModeFlags = C.GPGME_EXPORT_MODE_EXTERN + ExportModeMinimal ExportModeFlags = C.GPGME_EXPORT_MODE_MINIMAL +) + +func (c *Context) Export(pattern string, mode ExportModeFlags, data *Data) error { + pat := C.CString(pattern) + defer C.free(unsafe.Pointer(pat)) + err := handleError(C.gpgme_op_export(c.ctx, pat, C.gpgme_export_mode_t(mode), data.dh)) + runtime.KeepAlive(c) + runtime.KeepAlive(data) + return err } // ImportStatusFlags describes the type of ImportStatus.Status. The C API in gpgme.h simply uses "unsigned". @@ -517,10 +687,14 @@ type ImportResult struct { func (c *Context) Import(keyData *Data) (*ImportResult, error) { err := handleError(C.gpgme_op_import(c.ctx, keyData.dh)) + runtime.KeepAlive(c) + runtime.KeepAlive(keyData) if err != nil { return nil, err } res := C.gpgme_op_import_result(c.ctx) + runtime.KeepAlive(c) + // NOTE: c must be live as long as we are accessing res. imports := []ImportStatus{} for s := res.imports; s != nil; s = s.next { imports = append(imports, ImportStatus{ @@ -529,7 +703,7 @@ func (c *Context) Import(keyData *Data) (*ImportResult, error) { Status: ImportStatusFlags(s.status), }) } - return &ImportResult{ + importResult := &ImportResult{ Considered: int(res.considered), NoUserID: int(res.no_user_id), Imported: int(res.imported), @@ -544,11 +718,13 @@ func (c *Context) Import(keyData *Data) (*ImportResult, error) { SecretUnchanged: int(res.secret_unchanged), NotImported: int(res.not_imported), Imports: imports, - }, nil + } + runtime.KeepAlive(c) // for all accesses to res above + return importResult, nil } type Key struct { - k C.gpgme_key_t + k C.gpgme_key_t // WARNING: Call Runtime.KeepAlive(k) after ANY passing of k.k to C } func newKey() *Key { @@ -559,85 +735,122 @@ func newKey() *Key { func (k *Key) Release() { C.gpgme_key_release(k.k) + runtime.KeepAlive(k) k.k = nil } func (k *Key) Revoked() bool { - return C.key_revoked(k.k) != 0 + res := C.key_revoked(k.k) != 0 + runtime.KeepAlive(k) + return res } func (k *Key) Expired() bool { - return C.key_expired(k.k) != 0 + res := C.key_expired(k.k) != 0 + runtime.KeepAlive(k) + return res } func (k *Key) Disabled() bool { - return C.key_disabled(k.k) != 0 + res := C.key_disabled(k.k) != 0 + runtime.KeepAlive(k) + return res } func (k *Key) Invalid() bool { - return C.key_invalid(k.k) != 0 + res := C.key_invalid(k.k) != 0 + runtime.KeepAlive(k) + return res } func (k *Key) CanEncrypt() bool { - return C.key_can_encrypt(k.k) != 0 + res := C.key_can_encrypt(k.k) != 0 + runtime.KeepAlive(k) + return res } func (k *Key) CanSign() bool { - return C.key_can_sign(k.k) != 0 + res := C.key_can_sign(k.k) != 0 + runtime.KeepAlive(k) + return res } func (k *Key) CanCertify() bool { - return C.key_can_certify(k.k) != 0 + res := C.key_can_certify(k.k) != 0 + runtime.KeepAlive(k) + return res } func (k *Key) Secret() bool { - return C.key_secret(k.k) != 0 + res := C.key_secret(k.k) != 0 + runtime.KeepAlive(k) + return res } func (k *Key) CanAuthenticate() bool { - return C.key_can_authenticate(k.k) != 0 + res := C.key_can_authenticate(k.k) != 0 + runtime.KeepAlive(k) + return res } func (k *Key) IsQualified() bool { - return C.key_is_qualified(k.k) != 0 + res := C.key_is_qualified(k.k) != 0 + runtime.KeepAlive(k) + return res } func (k *Key) Protocol() Protocol { - return Protocol(k.k.protocol) + res := Protocol(k.k.protocol) + runtime.KeepAlive(k) + return res } func (k *Key) IssuerSerial() string { - return C.GoString(k.k.issuer_serial) + res := C.GoString(k.k.issuer_serial) + runtime.KeepAlive(k) + return res } func (k *Key) IssuerName() string { - return C.GoString(k.k.issuer_name) + res := C.GoString(k.k.issuer_name) + runtime.KeepAlive(k) + return res } func (k *Key) ChainID() string { - return C.GoString(k.k.chain_id) + res := C.GoString(k.k.chain_id) + runtime.KeepAlive(k) + return res } func (k *Key) OwnerTrust() Validity { - return Validity(k.k.owner_trust) + res := Validity(k.k.owner_trust) + runtime.KeepAlive(k) + return res } func (k *Key) SubKeys() *SubKey { - if k.k.subkeys == nil { + subKeys := k.k.subkeys + runtime.KeepAlive(k) + if subKeys == nil { return nil } - return &SubKey{k: k.k.subkeys, parent: k} + return &SubKey{k: subKeys, parent: k} // The parent: k reference ensures subKeys remains valid } func (k *Key) UserIDs() *UserID { - if k.k.uids == nil { + uids := k.k.uids + runtime.KeepAlive(k) + if uids == nil { return nil } - return &UserID{u: k.k.uids, parent: k} + return &UserID{u: uids, parent: k} // The parent: k reference ensures uids remains valid } func (k *Key) KeyListMode() KeyListMode { - return KeyListMode(k.k.keylist_mode) + res := KeyListMode(k.k.keylist_mode) + runtime.KeepAlive(k) + return res } type SubKey struct { @@ -737,12 +950,3 @@ func (u *UserID) Comment() string { func (u *UserID) Email() string { return C.GoString(u.u.email) } - -// This is somewhat of a horrible hack. We need to unset GPG_AGENT_INFO so that gpgme does not pass --use-agent to GPG. -// os.Unsetenv should be enough, but that only calls the underlying C library (which gpgme uses) if cgo is involved -// - and cgo can't be used in tests. So, provide this helper for test initialization. -func unsetenvGPGAgentInfo() { - v := C.CString("GPG_AGENT_INFO") - defer C.free(unsafe.Pointer(v)) - C.unsetenv(v) -} diff --git a/vendor/github.com/mtrmac/gpgme/unset_agent_info.go b/vendor/github.com/mtrmac/gpgme/unset_agent_info.go new file mode 100644 index 000000000..986aca59f --- /dev/null +++ b/vendor/github.com/mtrmac/gpgme/unset_agent_info.go @@ -0,0 +1,18 @@ +// +build !windows + +package gpgme + +// #include <stdlib.h> +import "C" +import ( + "unsafe" +) + +// This is somewhat of a horrible hack. We need to unset GPG_AGENT_INFO so that gpgme does not pass --use-agent to GPG. +// os.Unsetenv should be enough, but that only calls the underlying C library (which gpgme uses) if cgo is involved +// - and cgo can't be used in tests. So, provide this helper for test initialization. +func unsetenvGPGAgentInfo() { + v := C.CString("GPG_AGENT_INFO") + defer C.free(unsafe.Pointer(v)) + C.unsetenv(v) +} diff --git a/vendor/github.com/mtrmac/gpgme/unset_agent_info_windows.go b/vendor/github.com/mtrmac/gpgme/unset_agent_info_windows.go new file mode 100644 index 000000000..431ec86d3 --- /dev/null +++ b/vendor/github.com/mtrmac/gpgme/unset_agent_info_windows.go @@ -0,0 +1,14 @@ +package gpgme + +// #include <stdlib.h> +import "C" +import ( + "unsafe" +) + +// unsetenv is not available in mingw +func unsetenvGPGAgentInfo() { + v := C.CString("GPG_AGENT_INFO=") + defer C.free(unsafe.Pointer(v)) + C.putenv(v) +} diff --git a/vendor/github.com/onsi/ginkgo/.travis.yml b/vendor/github.com/onsi/ginkgo/.travis.yml index b454d643c..65dc3002b 100644 --- a/vendor/github.com/onsi/ginkgo/.travis.yml +++ b/vendor/github.com/onsi/ginkgo/.travis.yml @@ -4,14 +4,22 @@ go: - 1.13.x - tip +cache: + directories: + - $GOPATH/pkg/mod + # allow internal package imports, necessary for forked repositories go_import_path: github.com/onsi/ginkgo install: - - go get -v -t ./... - - go get golang.org/x/tools/cmd/cover - - go get github.com/onsi/gomega - - go install github.com/onsi/ginkgo/ginkgo + - GO111MODULE="off" go get -v -t ./... + - GO111MODULE="off" go get golang.org/x/tools/cmd/cover + - GO111MODULE="off" go get github.com/onsi/gomega + - GO111MODULE="off" go install github.com/onsi/ginkgo/ginkgo - export PATH=$PATH:$HOME/gopath/bin -script: $HOME/gopath/bin/ginkgo -r --randomizeAllSpecs --randomizeSuites --race --trace && go vet +script: + - GO111MODULE="on" go mod tidy + - diff -u <(echo -n) <(git diff go.mod) + - diff -u <(echo -n) <(git diff go.sum) + - $HOME/gopath/bin/ginkgo -r --randomizeAllSpecs --randomizeSuites --race --trace && go vet diff --git a/vendor/github.com/onsi/ginkgo/CHANGELOG.md b/vendor/github.com/onsi/ginkgo/CHANGELOG.md index 96f03ad7c..84b479404 100644 --- a/vendor/github.com/onsi/ginkgo/CHANGELOG.md +++ b/vendor/github.com/onsi/ginkgo/CHANGELOG.md @@ -1,3 +1,8 @@ +## 1.12.0 + +### Features +- Add module definition (#630) [78916ab] + ## 1.11.0 ### Features diff --git a/vendor/github.com/onsi/ginkgo/config/config.go b/vendor/github.com/onsi/ginkgo/config/config.go index 14c82ec3a..949f8130f 100644 --- a/vendor/github.com/onsi/ginkgo/config/config.go +++ b/vendor/github.com/onsi/ginkgo/config/config.go @@ -20,7 +20,7 @@ import ( "fmt" ) -const VERSION = "1.11.0" +const VERSION = "1.12.0" type GinkgoConfigType struct { RandomSeed int64 diff --git a/vendor/github.com/onsi/ginkgo/go.mod b/vendor/github.com/onsi/ginkgo/go.mod new file mode 100644 index 000000000..15a4ab571 --- /dev/null +++ b/vendor/github.com/onsi/ginkgo/go.mod @@ -0,0 +1,9 @@ +module github.com/onsi/ginkgo + +require ( + github.com/hpcloud/tail v1.0.0 + github.com/onsi/gomega v1.7.1 + golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e +) + +go 1.12 diff --git a/vendor/github.com/onsi/ginkgo/go.sum b/vendor/github.com/onsi/ginkgo/go.sum new file mode 100644 index 000000000..29adce41a --- /dev/null +++ b/vendor/github.com/onsi/ginkgo/go.sum @@ -0,0 +1,26 @@ +github.com/fsnotify/fsnotify v1.4.7 h1:IXs+QLmnXW2CcXuY+8Mzv/fWEsPGWxqefPtCP5CnV9I= +github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= +github.com/golang/protobuf v1.2.0 h1:P3YflyNX/ehuJFLhxviNdFxQPkGK5cDcApsge1SqnvM= +github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/hpcloud/tail v1.0.0 h1:nfCOvKYfkgYP8hkirhJocXT2+zOD8yUNjXaWfTlyFKI= +github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= +github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= +github.com/onsi/gomega v1.7.1 h1:K0jcRCwNQM3vFGh1ppMtDh/+7ApJrjldlX8fA0jDTLQ= +github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= +golang.org/x/net v0.0.0-20180906233101-161cd47e91fd h1:nTDtHvHSdCn1m6ITfMRqtOd/9+7a3s8RBNOZ3eYZzJA= +golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f h1:wMNYb4v58l5UBM7MYRLPG6ZhfOqbKu7X5eyFl8ZhKvA= +golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e h1:N7DeIrjYszNmSW409R3frPPwglRwMkXSBzwVbkOjLLA= +golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg= +golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/fsnotify.v1 v1.4.7 h1:xOHLXZwVvI9hhs+cLKq5+I5onOuwQLhQwiu63xxlHs4= +gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= +gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ= +gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= +gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I= +gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= diff --git a/vendor/github.com/vbauerster/mpb/v4/bar_option.go b/vendor/github.com/vbauerster/mpb/v4/bar_option.go index bb79ac6a4..7fb152562 100644 --- a/vendor/github.com/vbauerster/mpb/v4/bar_option.go +++ b/vendor/github.com/vbauerster/mpb/v4/bar_option.go @@ -10,11 +10,10 @@ import ( // BarOption is a function option which changes the default behavior of a bar. type BarOption func(*bState) -type mergeWrapper interface { - MergeUnwrap() []decor.Decorator -} - func (s *bState) addDecorators(dest *[]decor.Decorator, decorators ...decor.Decorator) { + type mergeWrapper interface { + MergeUnwrap() []decor.Decorator + } for _, decorator := range decorators { if mw, ok := decorator.(mergeWrapper); ok { *dest = append(*dest, mw.MergeUnwrap()...) diff --git a/vendor/github.com/vbauerster/mpb/v4/decor/decorator.go b/vendor/github.com/vbauerster/mpb/v4/decor/decorator.go index 5c0d16880..2271cbbe1 100644 --- a/vendor/github.com/vbauerster/mpb/v4/decor/decorator.go +++ b/vendor/github.com/vbauerster/mpb/v4/decor/decorator.go @@ -4,6 +4,8 @@ import ( "fmt" "time" "unicode/utf8" + + "github.com/acarl005/stripansi" ) const ( @@ -117,25 +119,29 @@ var ( // W represents width and C represents bit set of width related config. // A decorator should embed WC, to enable width synchronization. type WC struct { - W int - C int - dynFormat string - staticFormat string - wsync chan int + W int + C int + dynFormat string + wsync chan int } // FormatMsg formats final message according to WC.W and WC.C. // Should be called by any Decorator implementation. func (wc *WC) FormatMsg(msg string) string { + var format string + runeCount := utf8.RuneCountInString(stripansi.Strip(msg)) + ansiCount := utf8.RuneCountInString(msg) - runeCount if (wc.C & DSyncWidth) != 0 { - wc.wsync <- utf8.RuneCountInString(msg) - max := <-wc.wsync if (wc.C & DextraSpace) != 0 { - max++ + runeCount++ } - return fmt.Sprintf(fmt.Sprintf(wc.dynFormat, max), msg) + wc.wsync <- runeCount + max := <-wc.wsync + format = fmt.Sprintf(wc.dynFormat, ansiCount+max) + } else { + format = fmt.Sprintf(wc.dynFormat, ansiCount+wc.W) } - return fmt.Sprintf(wc.staticFormat, msg) + return fmt.Sprintf(format, msg) } // Init initializes width related config. @@ -145,7 +151,6 @@ func (wc *WC) Init() WC { wc.dynFormat += "-" } wc.dynFormat += "%ds" - wc.staticFormat = fmt.Sprintf(wc.dynFormat, wc.W) if (wc.C & DSyncWidth) != 0 { // it's deliberate choice to override wsync on each Init() call, // this way globals like WCSyncSpace can be reused diff --git a/vendor/github.com/vbauerster/mpb/v4/decor/merge.go b/vendor/github.com/vbauerster/mpb/v4/decor/merge.go index fdf9e107b..723869209 100644 --- a/vendor/github.com/vbauerster/mpb/v4/decor/merge.go +++ b/vendor/github.com/vbauerster/mpb/v4/decor/merge.go @@ -2,6 +2,7 @@ package decor import ( "fmt" + "strings" "unicode/utf8" ) @@ -28,10 +29,7 @@ func Merge(decorator Decorator, placeholders ...WC) Decorator { if (wc.C & DSyncWidth) == 0 { return decorator } - md.placeHolders[i] = &placeHolderDecorator{ - WC: wc.Init(), - wch: make(chan int), - } + md.placeHolders[i] = &placeHolderDecorator{wc.Init()} } return md } @@ -69,29 +67,40 @@ func (d *mergeDecorator) Base() Decorator { func (d *mergeDecorator) Decor(st *Statistics) string { msg := d.Decorator.Decor(st) msgLen := utf8.RuneCountInString(msg) - - var space int - for _, ph := range d.placeHolders { - space += <-ph.wch + if (d.wc.C & DextraSpace) != 0 { + msgLen++ } - d.wc.wsync <- msgLen - space + var total int + max := utf8.RuneCountInString(d.placeHolders[0].FormatMsg("")) + total += max + pw := (msgLen - max) / len(d.placeHolders) + rem := (msgLen - max) % len(d.placeHolders) - max := <-d.wc.wsync - if (d.wc.C & DextraSpace) != 0 { - max++ + var diff int + for i := 1; i < len(d.placeHolders); i++ { + ph := d.placeHolders[i] + width := pw - diff + if (ph.WC.C & DextraSpace) != 0 { + width-- + if width < 0 { + width = 0 + } + } + max = utf8.RuneCountInString(ph.FormatMsg(strings.Repeat(" ", width))) + total += max + diff = max - pw } - return fmt.Sprintf(fmt.Sprintf(d.wc.dynFormat, max+space), msg) + + d.wc.wsync <- pw + rem + max = <-d.wc.wsync + return fmt.Sprintf(fmt.Sprintf(d.wc.dynFormat, max+total), msg) } type placeHolderDecorator struct { WC - wch chan int } -func (d *placeHolderDecorator) Decor(st *Statistics) string { - go func() { - d.wch <- utf8.RuneCountInString(d.FormatMsg("")) - }() +func (d *placeHolderDecorator) Decor(_ *Statistics) string { return "" } diff --git a/vendor/github.com/vbauerster/mpb/v4/go.mod b/vendor/github.com/vbauerster/mpb/v4/go.mod index 0c5ce51f1..9e7287d5d 100644 --- a/vendor/github.com/vbauerster/mpb/v4/go.mod +++ b/vendor/github.com/vbauerster/mpb/v4/go.mod @@ -2,6 +2,7 @@ module github.com/vbauerster/mpb/v4 require ( github.com/VividCortex/ewma v1.1.1 + github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d golang.org/x/crypto v0.0.0-20191112222119-e1110fd1c708 golang.org/x/sys v0.0.0-20191113165036-4c7a9d0fe056 // indirect ) diff --git a/vendor/github.com/vbauerster/mpb/v4/go.sum b/vendor/github.com/vbauerster/mpb/v4/go.sum index 94a9f1a28..5a1316274 100644 --- a/vendor/github.com/vbauerster/mpb/v4/go.sum +++ b/vendor/github.com/vbauerster/mpb/v4/go.sum @@ -1,5 +1,7 @@ github.com/VividCortex/ewma v1.1.1 h1:MnEK4VOv6n0RSY4vtRe3h11qjxL3+t0B8yOL8iMXdcM= github.com/VividCortex/ewma v1.1.1/go.mod h1:2Tkkvm3sRDVXaiyucHiACn4cqf7DpdyLvmxzcbUokwA= +github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d h1:licZJFw2RwpHMqeKTCYkitsPqHNxTmd4SNR5r94FGM8= +github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d/go.mod h1:asat636LX7Bqt5lYEZ27JNDcqxfjdBQuJ/MM4CN/Lzo= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191112222119-e1110fd1c708 h1:pXVtWnwHkrWD9ru3sDxY/qFK/bfc0egRovX91EjWjf4= golang.org/x/crypto v0.0.0-20191112222119-e1110fd1c708/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= diff --git a/vendor/github.com/vbauerster/mpb/v4/proxyreader.go b/vendor/github.com/vbauerster/mpb/v4/proxyreader.go index 736142412..0e4b51f09 100644 --- a/vendor/github.com/vbauerster/mpb/v4/proxyreader.go +++ b/vendor/github.com/vbauerster/mpb/v4/proxyreader.go @@ -18,9 +18,7 @@ func (prox *proxyReader) Read(p []byte) (n int, err error) { prox.iT = time.Now() } if err == io.EOF { - go func() { - prox.bar.SetTotal(0, true) - }() + go prox.bar.SetTotal(0, true) } return } @@ -37,9 +35,7 @@ func (prox *proxyWriterTo) WriteTo(w io.Writer) (n int64, err error) { prox.iT = time.Now() } if err == io.EOF { - go func() { - prox.bar.SetTotal(0, true) - }() + go prox.bar.SetTotal(0, true) } return } diff --git a/vendor/modules.txt b/vendor/modules.txt index 2a384e865..5c2485f38 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -29,6 +29,8 @@ github.com/Microsoft/hcsshim/internal/wclayer github.com/Microsoft/hcsshim/osversion # github.com/VividCortex/ewma v1.1.1 github.com/VividCortex/ewma +# github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d +github.com/acarl005/stripansi # github.com/beorn7/perks v1.0.1 github.com/beorn7/perks/quantile # github.com/blang/semver v3.5.1+incompatible @@ -80,7 +82,7 @@ github.com/containers/common/pkg/cgroups github.com/containers/common/pkg/unshare # github.com/containers/conmon v2.0.10+incompatible github.com/containers/conmon/runner/config -# github.com/containers/image/v5 v5.1.0 +# github.com/containers/image/v5 v5.2.1 github.com/containers/image/v5/copy github.com/containers/image/v5/directory github.com/containers/image/v5/directory/explicitfilepath @@ -91,6 +93,7 @@ github.com/containers/image/v5/docker/policyconfiguration github.com/containers/image/v5/docker/reference github.com/containers/image/v5/docker/tarfile github.com/containers/image/v5/image +github.com/containers/image/v5/internal/iolimits github.com/containers/image/v5/internal/pkg/keyctl github.com/containers/image/v5/internal/tmpdir github.com/containers/image/v5/manifest @@ -337,9 +340,9 @@ github.com/modern-go/reflect2 github.com/morikuni/aec # github.com/mrunalp/fileutils v0.0.0-20171103030105-7d4729fb3618 github.com/mrunalp/fileutils -# github.com/mtrmac/gpgme v0.0.0-20170102180018-b2432428689c +# github.com/mtrmac/gpgme v0.1.2 github.com/mtrmac/gpgme -# github.com/onsi/ginkgo v1.11.0 +# github.com/onsi/ginkgo v1.12.0 github.com/onsi/ginkgo github.com/onsi/ginkgo/config github.com/onsi/ginkgo/extensions/table @@ -510,7 +513,7 @@ github.com/varlink/go/varlink/idl github.com/vbatts/tar-split/archive/tar github.com/vbatts/tar-split/tar/asm github.com/vbatts/tar-split/tar/storage -# github.com/vbauerster/mpb/v4 v4.11.1 +# github.com/vbauerster/mpb/v4 v4.11.2 github.com/vbauerster/mpb/v4 github.com/vbauerster/mpb/v4/cwriter github.com/vbauerster/mpb/v4/decor diff --git a/version/version.go b/version/version.go index 4665023a4..d5926d744 100644 --- a/version/version.go +++ b/version/version.go @@ -4,7 +4,7 @@ package version // NOTE: remember to bump the version at the top // of the top-level README.md file when this is // bumped. -const Version = "1.8.0-dev" +const Version = "1.8.1-dev" // RemoteAPIVersion is the version for the remote // client API. It is used to determine compatibility |