diff options
| -rw-r--r-- | go.mod | 2 | ||||
| -rw-r--r-- | go.sum | 2 | ||||
| -rw-r--r-- | pkg/env/env.go | 14 | ||||
| -rw-r--r-- | pkg/spec/spec.go | 4 | ||||
| -rw-r--r-- | pkg/systemd/generate/common.go | 13 | ||||
| -rw-r--r-- | pkg/systemd/generate/common_test.go | 25 | ||||
| -rw-r--r-- | pkg/systemd/generate/containers.go | 1 | ||||
| -rw-r--r-- | pkg/systemd/generate/containers_test.go | 4 | ||||
| -rw-r--r-- | pkg/systemd/generate/pods.go | 1 | ||||
| -rw-r--r-- | pkg/systemd/generate/pods_test.go | 4 | ||||
| -rw-r--r-- | test/system/005-info.bats | 4 | ||||
| -rw-r--r-- | test/system/010-images.bats | 2 | ||||
| -rw-r--r-- | test/system/015-help.bats | 8 | ||||
| -rw-r--r-- | test/system/030-run.bats | 4 | ||||
| -rw-r--r-- | test/system/060-mount.bats | 2 | ||||
| -rw-r--r-- | test/system/075-exec.bats | 4 | ||||
| -rw-r--r-- | test/system/120-load.bats | 18 | ||||
| -rw-r--r-- | test/system/200-pod.bats | 5 | ||||
| -rw-r--r-- | test/system/250-systemd.bats | 2 | ||||
| -rw-r--r-- | test/system/260-sdnotify.bats | 2 | ||||
| -rw-r--r-- | test/system/500-networking.bats | 4 | ||||
| -rw-r--r-- | vendor/github.com/containers/image/v5/docker/docker_client.go | 59 | ||||
| -rw-r--r-- | vendor/github.com/containers/image/v5/version/version.go | 2 | ||||
| -rw-r--r-- | vendor/modules.txt | 2 |
24 files changed, 132 insertions, 56 deletions
@@ -13,7 +13,7 @@ require ( github.com/containers/buildah v1.15.1-0.20200731151214-29f4d01c621c github.com/containers/common v0.18.0 github.com/containers/conmon v2.0.19+incompatible - github.com/containers/image/v5 v5.5.1 + github.com/containers/image/v5 v5.5.2 github.com/containers/psgo v1.5.1 github.com/containers/storage v1.23.0 github.com/coreos/go-systemd/v22 v22.1.0 @@ -79,6 +79,8 @@ github.com/containers/conmon v2.0.19+incompatible h1:1bDVRvHy2MUNTUT/SW6LlHsJHQB github.com/containers/conmon v2.0.19+incompatible/go.mod h1:hgwZ2mtuDrppv78a/cOBNiCm6O0UMWGx1mu7P00nu5I= github.com/containers/image/v5 v5.5.1 h1:h1FCOXH6Ux9/p/E4rndsQOC4yAdRU0msRTfLVeQ7FDQ= github.com/containers/image/v5 v5.5.1/go.mod h1:4PyNYR0nwlGq/ybVJD9hWlhmIsNra4Q8uOQX2s6E2uM= +github.com/containers/image/v5 v5.5.2 h1:fv7FArz0zUnjH0W0l8t90CqWFlFcQrPP6Pug+9dUtVI= +github.com/containers/image/v5 v5.5.2/go.mod h1:4PyNYR0nwlGq/ybVJD9hWlhmIsNra4Q8uOQX2s6E2uM= github.com/containers/libtrust v0.0.0-20190913040956-14b96171aa3b h1:Q8ePgVfHDplZ7U33NwHZkrVELsZP5fYj9pM5WBZB2GE= github.com/containers/libtrust v0.0.0-20190913040956-14b96171aa3b/go.mod h1:9rfv8iPl1ZP7aqh9YA68wnZv2NUDbXdcdPHVz0pFbPY= github.com/containers/ocicrypt v1.0.2/go.mod h1:nsOhbP19flrX6rE7ieGFvBlr7modwmNjsqWarIUce4M= diff --git a/pkg/env/env.go b/pkg/env/env.go index a16007a50..0d55e5560 100644 --- a/pkg/env/env.go +++ b/pkg/env/env.go @@ -12,14 +12,16 @@ import ( "github.com/pkg/errors" ) -// DefaultEnvVariables sets $PATH and $TERM. -var DefaultEnvVariables = map[string]string{ - "PATH": "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", - "TERM": "xterm", -} - const whiteSpaces = " \t" +// DefaultEnvVariables returns a default environment, with $PATH and $TERM set. +func DefaultEnvVariables() map[string]string { + return map[string]string{ + "PATH": "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", + "TERM": "xterm", + } +} + // Slice transforms the specified map of environment variables into a // slice. If a value is non-empty, the key and value are joined with '='. func Slice(m map[string]string) []string { diff --git a/pkg/spec/spec.go b/pkg/spec/spec.go index c7a838d4c..893ae3cab 100644 --- a/pkg/spec/spec.go +++ b/pkg/spec/spec.go @@ -321,13 +321,13 @@ func (config *CreateConfig) createConfigToOCISpec(runtime *libpod.Runtime, userM // config. var defaultEnv map[string]string if runtimeConfig == nil { - defaultEnv = env.DefaultEnvVariables + defaultEnv = env.DefaultEnvVariables() } else { defaultEnv, err = env.ParseSlice(runtimeConfig.Containers.Env) if err != nil { return nil, errors.Wrap(err, "Env fields in containers.conf failed ot parse") } - defaultEnv = env.Join(env.DefaultEnvVariables, defaultEnv) + defaultEnv = env.Join(env.DefaultEnvVariables(), defaultEnv) } if err := addRlimits(config, &g); err != nil { diff --git a/pkg/systemd/generate/common.go b/pkg/systemd/generate/common.go index d6d18a810..1fc4479ff 100644 --- a/pkg/systemd/generate/common.go +++ b/pkg/systemd/generate/common.go @@ -1,6 +1,7 @@ package generate import ( + "strconv" "strings" "github.com/pkg/errors" @@ -53,3 +54,15 @@ func filterPodFlags(command []string) []string { } return processed } + +// quoteArguments makes sure that all arguments with at least one whitespace +// are quoted to make sure those are interpreted as one argument instead of +// multiple ones. +func quoteArguments(command []string) []string { + for i := range command { + if strings.ContainsAny(command[i], " \t") { + command[i] = strconv.Quote(command[i]) + } + } + return command +} diff --git a/pkg/systemd/generate/common_test.go b/pkg/systemd/generate/common_test.go index 389c30f59..d0ec5637c 100644 --- a/pkg/systemd/generate/common_test.go +++ b/pkg/systemd/generate/common_test.go @@ -28,3 +28,28 @@ func TestFilterPodFlags(t *testing.T) { } } } + +func TestQuoteArguments(t *testing.T) { + tests := []struct { + input []string + output []string + }{ + { + []string{"foo", "bar=\"arg\""}, + []string{"foo", "bar=\"arg\""}, + }, + { + []string{"foo", "bar=\"arg with space\""}, + []string{"foo", "\"bar=\\\"arg with space\\\"\""}, + }, + { + []string{"foo", "bar=\"arg with\ttab\""}, + []string{"foo", "\"bar=\\\"arg with\\ttab\\\"\""}, + }, + } + + for _, test := range tests { + quoted := quoteArguments(test.input) + assert.Equal(t, test.output, quoted) + } +} diff --git a/pkg/systemd/generate/containers.go b/pkg/systemd/generate/containers.go index 3d266a7a1..5f6376977 100644 --- a/pkg/systemd/generate/containers.go +++ b/pkg/systemd/generate/containers.go @@ -241,6 +241,7 @@ func executeContainerTemplate(info *containerInfo, options entities.GenerateSyst startCommand = append(startCommand, "--replace") } startCommand = append(startCommand, info.CreateCommand[index:]...) + startCommand = quoteArguments(startCommand) info.ExecStartPre = "/bin/rm -f {{.PIDFile}} {{.ContainerIDFile}}" info.ExecStart = strings.Join(startCommand, " ") diff --git a/pkg/systemd/generate/containers_test.go b/pkg/systemd/generate/containers_test.go index 41817c03c..b5c736c5a 100644 --- a/pkg/systemd/generate/containers_test.go +++ b/pkg/systemd/generate/containers_test.go @@ -117,7 +117,7 @@ After=network-online.target Environment=PODMAN_SYSTEMD_UNIT=%n Restart=always ExecStartPre=/bin/rm -f %t/jadda-jadda.pid %t/jadda-jadda.ctr-id -ExecStart=/usr/bin/podman run --conmon-pidfile %t/jadda-jadda.pid --cidfile %t/jadda-jadda.ctr-id --cgroups=no-conmon -d --replace --name jadda-jadda --hostname hello-world awesome-image:latest command arg1 ... argN +ExecStart=/usr/bin/podman run --conmon-pidfile %t/jadda-jadda.pid --cidfile %t/jadda-jadda.ctr-id --cgroups=no-conmon -d --replace --name jadda-jadda --hostname hello-world awesome-image:latest command arg1 ... argN "foo=arg \"with \" space" ExecStop=/usr/bin/podman stop --ignore --cidfile %t/jadda-jadda.ctr-id -t 42 ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/jadda-jadda.ctr-id PIDFile=%t/jadda-jadda.pid @@ -296,7 +296,7 @@ WantedBy=multi-user.target default.target` PIDFile: "/var/run/containers/storage/overlay-containers/639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401/userdata/conmon.pid", StopTimeout: 42, PodmanVersion: "CI", - CreateCommand: []string{"I'll get stripped", "container", "run", "--name", "jadda-jadda", "--hostname", "hello-world", "awesome-image:latest", "command", "arg1", "...", "argN"}, + CreateCommand: []string{"I'll get stripped", "container", "run", "--name", "jadda-jadda", "--hostname", "hello-world", "awesome-image:latest", "command", "arg1", "...", "argN", "foo=arg \"with \" space"}, EnvVariable: EnvVariable, }, goodWithNameAndGeneric, diff --git a/pkg/systemd/generate/pods.go b/pkg/systemd/generate/pods.go index ec28dfe84..dec9587d9 100644 --- a/pkg/systemd/generate/pods.go +++ b/pkg/systemd/generate/pods.go @@ -292,6 +292,7 @@ func executePodTemplate(info *podInfo, options entities.GenerateSystemdOptions) } startCommand = append(startCommand, podCreateArgs...) + startCommand = quoteArguments(startCommand) info.ExecStartPre1 = "/bin/rm -f {{.PIDFile}} {{.PodIDFile}}" info.ExecStartPre2 = strings.Join(startCommand, " ") diff --git a/pkg/systemd/generate/pods_test.go b/pkg/systemd/generate/pods_test.go index 32c760956..8bf4705a7 100644 --- a/pkg/systemd/generate/pods_test.go +++ b/pkg/systemd/generate/pods_test.go @@ -75,7 +75,7 @@ Before=container-1.service container-2.service Environment=PODMAN_SYSTEMD_UNIT=%n Restart=on-failure ExecStartPre=/bin/rm -f %t/pod-123abc.pid %t/pod-123abc.pod-id -ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-123abc.pid --pod-id-file %t/pod-123abc.pod-id --name foo --replace +ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-123abc.pid --pod-id-file %t/pod-123abc.pod-id --name foo "bar=arg with space" --replace ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-123abc.pod-id ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-123abc.pod-id -t 10 ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-123abc.pod-id @@ -118,7 +118,7 @@ WantedBy=multi-user.target default.target` StopTimeout: 10, PodmanVersion: "CI", RequiredServices: []string{"container-1", "container-2"}, - CreateCommand: []string{"podman", "pod", "create", "--name", "foo"}, + CreateCommand: []string{"podman", "pod", "create", "--name", "foo", "bar=arg with space"}, }, podGoodNamedNew, true, diff --git a/test/system/005-info.bats b/test/system/005-info.bats index c53ba8125..3f1efd364 100644 --- a/test/system/005-info.bats +++ b/test/system/005-info.bats @@ -3,8 +3,6 @@ load helpers @test "podman info - basic test" { - skip_if_remote "capitalization inconsistencies" - run_podman info expected_keys=" @@ -28,8 +26,6 @@ runRoot: } @test "podman info - json" { - skip_if_remote "capitalization inconsistencies" - run_podman info --format=json expr_nvr="[a-z0-9-]\\\+-[a-z0-9.]\\\+-[a-z0-9]\\\+\." diff --git a/test/system/010-images.bats b/test/system/010-images.bats index 2b1845d72..7fd731ca0 100644 --- a/test/system/010-images.bats +++ b/test/system/010-images.bats @@ -75,8 +75,6 @@ Size | [0-9]\\\+ } @test "podman images - filter" { - skip_if_remote "podman commit -q is broken in podman-remote" - run_podman inspect --format '{{.ID}}' $IMAGE iid=$output diff --git a/test/system/015-help.bats b/test/system/015-help.bats index 76d29d22c..4a3781012 100644 --- a/test/system/015-help.bats +++ b/test/system/015-help.bats @@ -178,6 +178,14 @@ function check_help() { # Called with no args -- start with 'podman --help'. check_help() will # recurse for any subcommands. check_help + + # Test for regression of #7273 (spurious "--remote" help on output) + for helpopt in help --help; do + run_podman $helpopt + is "${lines[0]}" "Manage pods, containers and images" \ + "podman $helpopt: first line of output" + done + } # vim: filetype=sh diff --git a/test/system/030-run.bats b/test/system/030-run.bats index 41863ba04..34afd5bae 100644 --- a/test/system/030-run.bats +++ b/test/system/030-run.bats @@ -63,7 +63,7 @@ echo $rand | 0 | $rand # 'run --preserve-fds' passes a number of additional file descriptors into the container @test "podman run --preserve-fds" { - skip_if_remote + skip_if_remote "preserve-fds is meaningless over remote" content=$(random_string 20) echo "$content" > $PODMAN_TMPDIR/tempfile @@ -150,8 +150,6 @@ echo $rand | 0 | $rand # 'run --rmi' deletes the image in the end unless it's used by another container @test "podman run --rmi" { - skip_if_remote - # Name of a nonlocal image. It should be pulled in by the first 'run' NONLOCAL_IMAGE=busybox run_podman 1 image exists $NONLOCAL_IMAGE diff --git a/test/system/060-mount.bats b/test/system/060-mount.bats index 7570f3ac4..d98a3eeb1 100644 --- a/test/system/060-mount.bats +++ b/test/system/060-mount.bats @@ -6,7 +6,7 @@ load helpers @test "podman mount - basic test" { # Only works with root (FIXME: does it work with rootless + vfs?) skip_if_rootless "mount does not work rootless" - skip_if_remote + skip_if_remote "mounting remote is meaningless" f_path=/tmp/tmpfile_$(random_string 8) f_content=$(random_string 30) diff --git a/test/system/075-exec.bats b/test/system/075-exec.bats index 38c6c2312..5f71e2acb 100644 --- a/test/system/075-exec.bats +++ b/test/system/075-exec.bats @@ -39,7 +39,7 @@ load helpers } @test "podman exec - leak check" { - skip_if_remote + skip_if_remote "test is meaningless over remote" # Start a container in the background then run exec command # three times and make sure no any exec pid hash file leak @@ -61,7 +61,7 @@ load helpers # Issue #4785 - piping to exec statement - fixed in #4818 # Issue #5046 - piping to exec truncates results (actually a conmon issue) @test "podman exec - cat from stdin" { - skip_if_remote + skip_if_remote "FIXME: pending #7360" run_podman run -d $IMAGE sh -c 'while [ ! -e /stop ]; do sleep 0.1;done' cid="$output" diff --git a/test/system/120-load.bats b/test/system/120-load.bats index 14dae4c8a..86b396c4a 100644 --- a/test/system/120-load.bats +++ b/test/system/120-load.bats @@ -27,13 +27,25 @@ verify_iid_and_name() { } @test "podman save to pipe and load" { + get_iid_and_name + # We can't use run_podman because that uses the BATS 'run' function # which redirects stdout and stderr. Here we need to guarantee # that podman's stdout is a pipe, not any other form of redirection - $PODMAN save --format oci-archive $IMAGE | cat >$PODMAN_TMPDIR/test.tar - [ $status -eq 0 ] + $PODMAN save --format oci-archive $IMAGE | cat >$archive + if [ "$status" -ne 0 ]; then + die "Command failed: podman save ... | cat" + fi + + # Make sure we can reload it + # FIXME: when/if 7337 gets fixed, add a random tag instead of rmi'ing + # FIXME: when/if 7371 gets fixed, use verify_iid_and_name() + run_podman rmi $iid + run_podman load -i $archive - run_podman load -i $PODMAN_TMPDIR/test.tar + # FIXME: cannot compare IID, see #7371 + run_podman images -a --format '{{.Repository}}:{{.Tag}}' + is "$output" "$IMAGE" "image preserves name across save/load" } diff --git a/test/system/200-pod.bats b/test/system/200-pod.bats index f3ec8a67c..7189d7e4b 100644 --- a/test/system/200-pod.bats +++ b/test/system/200-pod.bats @@ -96,9 +96,8 @@ function teardown() { run_podman rm $cid1 # ...then, from pause container, find the image ID of the pause image... - # FIXME: if #6283 gets implemented, use 'inspect --format ...' - run_podman pod inspect $podname - pause_cid=$(jq -r '.Containers[0].Id' <<<"$output") + run_podman pod inspect --format '{{(index .Containers 0).ID}}' $podname + pause_cid="$output" run_podman container inspect --format '{{.Image}}' $pause_cid pause_iid="$output" diff --git a/test/system/250-systemd.bats b/test/system/250-systemd.bats index b7035cdda..bbb5a10fb 100644 --- a/test/system/250-systemd.bats +++ b/test/system/250-systemd.bats @@ -18,7 +18,7 @@ fi UNIT_FILE="$UNIT_DIR/$SERVICE_NAME.service" function setup() { - skip_if_remote + skip_if_remote "systemd tests are meaningless over remote" basic_setup } diff --git a/test/system/260-sdnotify.bats b/test/system/260-sdnotify.bats index 7be4be983..62d3c1497 100644 --- a/test/system/260-sdnotify.bats +++ b/test/system/260-sdnotify.bats @@ -10,7 +10,7 @@ _SOCAT_PID= _SOCAT_LOG= function setup() { - skip_if_remote + skip_if_remote "systemd tests are meaningless over remote" skip "FIXME FIXME FIXME, is this what's causing the CI hang???" diff --git a/test/system/500-networking.bats b/test/system/500-networking.bats index 234bc1187..0fae3dcd3 100644 --- a/test/system/500-networking.bats +++ b/test/system/500-networking.bats @@ -7,7 +7,7 @@ load helpers # Copied from tsweeney's https://github.com/containers/podman/issues/4827 @test "podman networking: port on localhost" { - skip_if_remote + skip_if_remote "FIXME: reevaluate this one after #7360 is fixed" random_1=$(random_string 30) random_2=$(random_string 30) @@ -62,8 +62,6 @@ load helpers # Issue #5466 - port-forwarding doesn't work with this option and -d @test "podman networking: port with --userns=keep-id" { - skip_if_remote - # FIXME: randomize port, and create second random host port myport=54321 diff --git a/vendor/github.com/containers/image/v5/docker/docker_client.go b/vendor/github.com/containers/image/v5/docker/docker_client.go index 9461bc91a..e4308def1 100644 --- a/vendor/github.com/containers/image/v5/docker/docker_client.go +++ b/vendor/github.com/containers/image/v5/docker/docker_client.go @@ -331,7 +331,6 @@ func SearchRegistry(ctx context.Context, sys *types.SystemContext, registry, ima // Results holds the results returned by the /v1/search endpoint Results []SearchResult `json:"results"` } - v2Res := &V2Results{} v1Res := &V1Results{} // Get credentials from authfile for the underlying hostname @@ -388,31 +387,55 @@ func SearchRegistry(ctx context.Context, sys *types.SystemContext, registry, ima } logrus.Debugf("trying to talk to v2 search endpoint") - resp, err := client.makeRequest(ctx, "GET", "/v2/_catalog", nil, nil, v2Auth, nil) - if err != nil { - logrus.Debugf("error getting search results from v2 endpoint %q: %v", registry, err) - } else { + searchRes := []SearchResult{} + path := "/v2/_catalog" + for len(searchRes) < limit { + resp, err := client.makeRequest(ctx, "GET", path, nil, nil, v2Auth, nil) + if err != nil { + logrus.Debugf("error getting search results from v2 endpoint %q: %v", registry, err) + return nil, errors.Wrapf(err, "couldn't search registry %q", registry) + } defer resp.Body.Close() if resp.StatusCode != http.StatusOK { logrus.Errorf("error getting search results from v2 endpoint %q: %v", registry, httpResponseToError(resp, "")) - } else { - if err := json.NewDecoder(resp.Body).Decode(v2Res); err != nil { - return nil, err + return nil, errors.Wrapf(err, "couldn't search registry %q", registry) + } + v2Res := &V2Results{} + if err := json.NewDecoder(resp.Body).Decode(v2Res); err != nil { + return nil, err + } + + for _, repo := range v2Res.Repositories { + if len(searchRes) == limit { + break } - searchRes := []SearchResult{} - for _, repo := range v2Res.Repositories { - if strings.Contains(repo, image) { - res := SearchResult{ - Name: repo, - } - searchRes = append(searchRes, res) + if strings.Contains(repo, image) { + res := SearchResult{ + Name: repo, } + searchRes = append(searchRes, res) } - return searchRes, nil } - } - return nil, errors.Wrapf(err, "couldn't search registry %q", registry) + link := resp.Header.Get("Link") + if link == "" { + break + } + linkURLStr := strings.Trim(strings.Split(link, ";")[0], "<>") + linkURL, err := url.Parse(linkURLStr) + if err != nil { + return searchRes, err + } + + // can be relative or absolute, but we only want the path (and I + // guess we're in trouble if it forwards to a new place...) + path = linkURL.Path + if linkURL.RawQuery != "" { + path += "?" + path += linkURL.RawQuery + } + } + return searchRes, nil } // makeRequest creates and executes a http.Request with the specified parameters, adding authentication and TLS options for the Docker client. diff --git a/vendor/github.com/containers/image/v5/version/version.go b/vendor/github.com/containers/image/v5/version/version.go index 114bce387..2f56effae 100644 --- a/vendor/github.com/containers/image/v5/version/version.go +++ b/vendor/github.com/containers/image/v5/version/version.go @@ -8,7 +8,7 @@ const ( // VersionMinor is for functionality in a backwards-compatible manner VersionMinor = 5 // VersionPatch is for backwards-compatible bug fixes - VersionPatch = 1 + VersionPatch = 2 // VersionDev indicates development branch. Releases will be empty string. VersionDev = "" diff --git a/vendor/modules.txt b/vendor/modules.txt index 0ab37e30c..c6e098f58 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -95,7 +95,7 @@ github.com/containers/common/pkg/sysinfo github.com/containers/common/version # github.com/containers/conmon v2.0.19+incompatible github.com/containers/conmon/runner/config -# github.com/containers/image/v5 v5.5.1 +# github.com/containers/image/v5 v5.5.2 github.com/containers/image/v5/copy github.com/containers/image/v5/directory github.com/containers/image/v5/directory/explicitfilepath |