diff options
19 files changed, 303 insertions, 33 deletions
diff --git a/cmd/podman/machine/rm.go b/cmd/podman/machine/rm.go index 38873084a..3e5d5fb0b 100644 --- a/cmd/podman/machine/rm.go +++ b/cmd/podman/machine/rm.go @@ -37,7 +37,7 @@ func init() { flags := rmCmd.Flags() formatFlagName := "force" - flags.BoolVar(&destoryOptions.Force, formatFlagName, false, "Do not prompt before rming") + flags.BoolVarP(&destoryOptions.Force, formatFlagName, "f", false, "Stop and do not prompt before rming") keysFlagName := "save-keys" flags.BoolVar(&destoryOptions.SaveKeys, keysFlagName, false, "Do not delete SSH keys") @@ -64,7 +64,7 @@ func rm(cmd *cobra.Command, args []string) error { if err != nil { return err } - confirmationMessage, remove, err := vm.Remove(vmName, machine.RemoveOptions{}) + confirmationMessage, remove, err := vm.Remove(vmName, destoryOptions) if err != nil { return err } diff --git a/docs/source/markdown/podman-machine-rm.1.md b/docs/source/markdown/podman-machine-rm.1.md index 7c9eb65c5..4eea1d2e4 100644 --- a/docs/source/markdown/podman-machine-rm.1.md +++ b/docs/source/markdown/podman-machine-rm.1.md @@ -23,9 +23,9 @@ is used. Print usage statement. -#### **--force** +#### **--force**, **-f** -Delete without confirmation +Stop and delete without confirmation #### **--save-ignition** @@ -58,6 +58,10 @@ The following files will be deleted: Are you sure you want to continue? [y/N] y ``` +``` +$ podman machine rm -f test1 +$ +``` ## SEE ALSO **[podman(1)](podman.1.md)**, **[podman-machine(1)](podman-machine.1.md)** @@ -23,7 +23,7 @@ require ( github.com/cyphar/filepath-securejoin v0.2.3 github.com/davecgh/go-spew v1.1.1 github.com/digitalocean/go-qemu v0.0.0-20210326154740-ac9e0b687001 - github.com/docker/distribution v2.8.0+incompatible + github.com/docker/distribution v2.8.1+incompatible github.com/docker/docker v20.10.12+incompatible github.com/docker/go-connections v0.4.1-0.20210727194412-58542c764a11 github.com/docker/go-plugins-helpers v0.0.0-20211224144127-6eecb7beb651 @@ -436,8 +436,9 @@ github.com/docker/cli v0.0.0-20191017083524-a8ff7f821017/go.mod h1:JLrzqnKDaYBop github.com/docker/distribution v0.0.0-20190905152932-14b96e55d84c/go.mod h1:0+TTO4EOBfRPhZXAeF1Vu+W3hHZ8eLp8PgKVZlcvtFY= github.com/docker/distribution v2.7.1-0.20190205005809-0d3efadf0154+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= -github.com/docker/distribution v2.8.0+incompatible h1:l9EaZDICImO1ngI+uTifW+ZYvvz7fKISBAKpg+MbWbY= github.com/docker/distribution v2.8.0+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= +github.com/docker/distribution v2.8.1+incompatible h1:Q50tZOPR6T/hjNsyc9g8/syEs6bk8XXApsHjKukMl68= +github.com/docker/distribution v2.8.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= github.com/docker/docker v1.4.2-0.20190924003213-a8608b5b67c7/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker v20.10.3-0.20220208084023-a5c757555091+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker v20.10.12+incompatible h1:CEeNmFM0QZIsJCZKMkZx0ZcahTiewkrgiwfYD+dfl1U= diff --git a/libpod/networking_linux.go b/libpod/networking_linux.go index 29b9941fe..7fd80927b 100644 --- a/libpod/networking_linux.go +++ b/libpod/networking_linux.go @@ -30,6 +30,7 @@ import ( "github.com/containers/podman/v4/pkg/util" "github.com/containers/podman/v4/utils" "github.com/containers/storage/pkg/lockfile" + spec "github.com/opencontainers/runtime-spec/specs-go" "github.com/opencontainers/selinux/go-selinux/label" "github.com/pkg/errors" "github.com/sirupsen/logrus" @@ -990,8 +991,20 @@ func (c *Container) getContainerNetworkInfo() (*define.InspectNetworkSettings, e return nil, err } - // We can't do more if the network is down. if c.state.NetNS == nil { + if networkNSPath := c.joinedNetworkNSPath(); networkNSPath != "" { + if result, err := c.inspectJoinedNetworkNS(networkNSPath); err == nil { + if basicConfig, err := resultToBasicNetworkConfig(result); err == nil { + // fallback to dummy configuration + settings.InspectBasicNetworkConfig = basicConfig + return settings, nil + } + } + // do not propagate error inspecting a joined network ns + logrus.Errorf("Error inspecting network namespace: %s of container %s: %v", networkNSPath, c.ID(), err) + } + // We can't do more if the network is down. + // We still want to make dummy configurations for each CNI net // the container joined. if len(networks) > 0 { @@ -1065,11 +1078,84 @@ func (c *Container) getContainerNetworkInfo() (*define.InspectNetworkSettings, e return settings, nil } +func (c *Container) joinedNetworkNSPath() string { + for _, namespace := range c.config.Spec.Linux.Namespaces { + if namespace.Type == spec.NetworkNamespace { + return namespace.Path + } + } + return "" +} + +func (c *Container) inspectJoinedNetworkNS(networkns string) (q types.StatusBlock, retErr error) { + var result types.StatusBlock + err := ns.WithNetNSPath(networkns, func(_ ns.NetNS) error { + ifaces, err := net.Interfaces() + if err != nil { + return err + } + routes, err := netlink.RouteList(nil, netlink.FAMILY_ALL) + if err != nil { + return err + } + var gateway net.IP + for _, route := range routes { + // default gateway + if route.Dst == nil { + gateway = route.Gw + } + } + result.Interfaces = make(map[string]types.NetInterface) + for _, iface := range ifaces { + if iface.Flags&net.FlagLoopback != 0 { + continue + } + addrs, err := iface.Addrs() + if err != nil { + continue + } + if len(addrs) == 0 { + continue + } + subnets := make([]types.NetAddress, 0, len(addrs)) + for _, address := range addrs { + if ipnet, ok := address.(*net.IPNet); ok { + if ipnet.IP.IsLinkLocalMulticast() || ipnet.IP.IsLinkLocalUnicast() { + continue + } + subnet := types.NetAddress{ + IPNet: types.IPNet{ + IPNet: *ipnet, + }, + } + if ipnet.Contains(gateway) { + subnet.Gateway = gateway + } + subnets = append(subnets, subnet) + } + } + result.Interfaces[iface.Name] = types.NetInterface{ + Subnets: subnets, + MacAddress: types.HardwareAddr(iface.HardwareAddr), + } + } + return nil + }) + return result, err +} + // resultToBasicNetworkConfig produces an InspectBasicNetworkConfig from a CNI // result func resultToBasicNetworkConfig(result types.StatusBlock) (define.InspectBasicNetworkConfig, error) { config := define.InspectBasicNetworkConfig{} - for _, netInt := range result.Interfaces { + interfaceNames := make([]string, len(result.Interfaces)) + for interfaceName := range result.Interfaces { + interfaceNames = append(interfaceNames, interfaceName) + } + // ensure consistent inspect results by sorting + sort.Strings(interfaceNames) + for _, interfaceName := range interfaceNames { + netInt := result.Interfaces[interfaceName] for _, netAddress := range netInt.Subnets { size, _ := netAddress.IPNet.Mask.Size() if netAddress.IPNet.IP.To4() != nil { diff --git a/pkg/machine/qemu/machine.go b/pkg/machine/qemu/machine.go index 43a79dae8..3b4548c17 100644 --- a/pkg/machine/qemu/machine.go +++ b/pkg/machine/qemu/machine.go @@ -679,7 +679,7 @@ func (v *MachineVM) Remove(name string, opts machine.RemoveOptions) (string, fun if err != nil { return "", nil, err } - if running { + if running && !opts.Force { return "", nil, errors.Errorf("running vm %q cannot be destroyed", v.Name) } @@ -1104,16 +1104,15 @@ func waitAndPingAPI(sock string) { func waitAPIAndPrintInfo(forwardState apiForwardingState, forwardSock string, rootFul bool, name string) { if forwardState != noForwarding { + suffix := "" + if name != machine.DefaultMachineName { + suffix = " " + name + } waitAndPingAPI(forwardSock) if !rootFul { fmt.Printf("\nThis machine is currently configured in rootless mode. If your containers\n") fmt.Printf("require root permissions (e.g. ports < 1024), or if you run into compatibility\n") fmt.Printf("issues with non-podman clients, you can switch using the following command: \n") - - suffix := "" - if name != machine.DefaultMachineName { - suffix = " " + name - } fmt.Printf("\n\tpodman machine set --rootful%s\n\n", suffix) } @@ -1127,8 +1126,9 @@ func waitAPIAndPrintInfo(forwardState apiForwardingState, forwardSock string, ro fmt.Printf("\nThe system helper service is not installed; the default Docker API socket\n") fmt.Printf("address can't be used by podman. ") if helper := findClaimHelper(); len(helper) > 0 { - fmt.Printf("If you would like to install it run the\nfollowing command:\n") - fmt.Printf("\n\tsudo %s install\n\n", helper) + fmt.Printf("If you would like to install it run the\nfollowing commands:\n") + fmt.Printf("\n\tsudo %s install\n", helper) + fmt.Printf("\tpodman machine stop%s; podman machine start%s\n\n", suffix, suffix) } case machineLocal: fmt.Printf("\nAnother process was listening on the default Docker API socket address.\n") diff --git a/test/e2e/build/Dockerfile.with-multiple-secret b/test/e2e/build/Containerfile.with-multiple-secret index f3478914f..f3478914f 100644 --- a/test/e2e/build/Dockerfile.with-multiple-secret +++ b/test/e2e/build/Containerfile.with-multiple-secret diff --git a/test/e2e/build/Dockerfile.with-secret b/test/e2e/build/Containerfile.with-secret index 920663a92..920663a92 100644 --- a/test/e2e/build/Dockerfile.with-secret +++ b/test/e2e/build/Containerfile.with-secret diff --git a/test/e2e/build/Dockerfile.test-cp-root-dir b/test/e2e/build/Dockerfile.test-cp-root-dir deleted file mode 100644 index 9f7de7c32..000000000 --- a/test/e2e/build/Dockerfile.test-cp-root-dir +++ /dev/null @@ -1,2 +0,0 @@ -FROM scratch -COPY Dockerfile.test-cp-root-dir / diff --git a/test/e2e/build/Dockerfile.with-secret-verify-leak b/test/e2e/build/secret-verify-leak/Containerfile.with-secret-verify-leak index 0957ac6a6..0957ac6a6 100644 --- a/test/e2e/build/Dockerfile.with-secret-verify-leak +++ b/test/e2e/build/secret-verify-leak/Containerfile.with-secret-verify-leak diff --git a/test/e2e/build_test.go b/test/e2e/build_test.go index 14fa12fa2..c5903f037 100644 --- a/test/e2e/build_test.go +++ b/test/e2e/build_test.go @@ -60,7 +60,7 @@ var _ = Describe("Podman build", func() { }) It("podman build with a secret from file", func() { - session := podmanTest.Podman([]string{"build", "-f", "build/Dockerfile.with-secret", "-t", "secret-test", "--secret", "id=mysecret,src=build/secret.txt", "build/"}) + session := podmanTest.Podman([]string{"build", "-f", "build/Containerfile.with-secret", "-t", "secret-test", "--secret", "id=mysecret,src=build/secret.txt", "build/"}) session.WaitWithDefaultTimeout() Expect(session).Should(Exit(0)) Expect(session.OutputToString()).To(ContainSubstring("somesecret")) @@ -71,7 +71,7 @@ var _ = Describe("Podman build", func() { }) It("podman build with multiple secrets from files", func() { - session := podmanTest.Podman([]string{"build", "-f", "build/Dockerfile.with-multiple-secret", "-t", "multiple-secret-test", "--secret", "id=mysecret,src=build/secret.txt", "--secret", "id=mysecret2,src=build/anothersecret.txt", "build/"}) + session := podmanTest.Podman([]string{"build", "-f", "build/Containerfile.with-multiple-secret", "-t", "multiple-secret-test", "--secret", "id=mysecret,src=build/secret.txt", "--secret", "id=mysecret2,src=build/anothersecret.txt", "build/"}) session.WaitWithDefaultTimeout() Expect(session).Should(Exit(0)) Expect(session.OutputToString()).To(ContainSubstring("somesecret")) @@ -83,7 +83,7 @@ var _ = Describe("Podman build", func() { }) It("podman build with a secret from file and verify if secret file is not leaked into image", func() { - session := podmanTest.Podman([]string{"build", "-f", "build/Dockerfile.with-secret-verify-leak", "-t", "secret-test-leak", "--secret", "id=mysecret,src=build/secret.txt", "build/"}) + session := podmanTest.Podman([]string{"build", "-f", "build/secret-verify-leak/Containerfile.with-secret-verify-leak", "-t", "secret-test-leak", "--secret", "id=mysecret,src=build/secret.txt", "build/"}) session.WaitWithDefaultTimeout() Expect(session).Should(Exit(0)) Expect(session.OutputToString()).To(ContainSubstring("somesecret")) diff --git a/test/e2e/run_networking_test.go b/test/e2e/run_networking_test.go index aa1887f84..2202cadd8 100644 --- a/test/e2e/run_networking_test.go +++ b/test/e2e/run_networking_test.go @@ -2,15 +2,19 @@ package integration import ( "fmt" + "net" "os" "strings" + "syscall" + "github.com/containernetworking/plugins/pkg/ns" . "github.com/containers/podman/v4/test/utils" "github.com/containers/storage/pkg/stringid" . "github.com/onsi/ginkgo" . "github.com/onsi/gomega" . "github.com/onsi/gomega/gexec" "github.com/uber/jaeger-client-go/utils" + "github.com/vishvananda/netlink" ) var _ = Describe("Podman run networking", func() { @@ -694,6 +698,157 @@ EXPOSE 2004-2005/tcp`, ALPINE) Expect(session.OutputToString()).To(ContainSubstring("11.11.11.11")) }) + addAddr := func(cidr string, containerInterface netlink.Link) error { + _, ipnet, err := net.ParseCIDR(cidr) + Expect(err).To(BeNil()) + addr := &netlink.Addr{IPNet: ipnet, Label: ""} + if err := netlink.AddrAdd(containerInterface, addr); err != nil && err != syscall.EEXIST { + return err + } + return nil + } + + loopbackup := func() { + lo, err := netlink.LinkByName("lo") + Expect(err).To(BeNil()) + err = netlink.LinkSetUp(lo) + Expect(err).To(BeNil()) + } + + linkup := func(name string, mac string, addresses []string) { + linkAttr := netlink.NewLinkAttrs() + linkAttr.Name = name + m, err := net.ParseMAC(mac) + Expect(err).To(BeNil()) + linkAttr.HardwareAddr = net.HardwareAddr(m) + eth := &netlink.Dummy{LinkAttrs: linkAttr} + err = netlink.LinkAdd(eth) + Expect(err).To(BeNil()) + err = netlink.LinkSetUp(eth) + Expect(err).To(BeNil()) + for _, address := range addresses { + err := addAddr(address, eth) + Expect(err).To(BeNil()) + } + } + + routeAdd := func(gateway string) { + gw := net.ParseIP(gateway) + route := &netlink.Route{Dst: nil, Gw: gw} + netlink.RouteAdd(route) + } + + setupNetworkNs := func(networkNSName string) { + ns.WithNetNSPath("/run/netns/"+networkNSName, func(_ ns.NetNS) error { + loopbackup() + linkup("eth0", "46:7f:45:6e:4f:c8", []string{"10.25.40.0/24", "fd04:3e42:4a4e:3381::/64"}) + linkup("eth1", "56:6e:35:5d:3e:a8", []string{"10.88.0.0/16"}) + + routeAdd("10.25.40.0") + return nil + }) + } + + checkNetworkNsInspect := func(name string) { + inspectOut := podmanTest.InspectContainer(name) + Expect(inspectOut[0].NetworkSettings.IPAddress).To(Equal("10.25.40.0")) + Expect(inspectOut[0].NetworkSettings.IPPrefixLen).To(Equal(24)) + Expect(len(inspectOut[0].NetworkSettings.SecondaryIPAddresses)).To(Equal(1)) + Expect(inspectOut[0].NetworkSettings.SecondaryIPAddresses[0].Addr).To(Equal("10.88.0.0")) + Expect(inspectOut[0].NetworkSettings.SecondaryIPAddresses[0].PrefixLength).To(Equal(16)) + Expect(inspectOut[0].NetworkSettings.GlobalIPv6Address).To(Equal("fd04:3e42:4a4e:3381::")) + Expect(inspectOut[0].NetworkSettings.GlobalIPv6PrefixLen).To(Equal(64)) + Expect(len(inspectOut[0].NetworkSettings.SecondaryIPv6Addresses)).To(Equal(0)) + Expect(inspectOut[0].NetworkSettings.MacAddress).To(Equal("46:7f:45:6e:4f:c8")) + Expect(len(inspectOut[0].NetworkSettings.AdditionalMacAddresses)).To(Equal(1)) + Expect(inspectOut[0].NetworkSettings.AdditionalMacAddresses[0]).To(Equal("56:6e:35:5d:3e:a8")) + Expect(inspectOut[0].NetworkSettings.Gateway).To(Equal("10.25.40.0")) + + } + + It("podman run newtork inspect fails gracefully on non-reachable network ns", func() { + SkipIfRootless("ip netns is not supported for rootless users") + + networkNSName := RandomString(12) + addNamedNetwork := SystemExec("ip", []string{"netns", "add", networkNSName}) + Expect(addNamedNetwork).Should(Exit(0)) + + setupNetworkNs(networkNSName) + + name := RandomString(12) + session := podmanTest.Podman([]string{"run", "-d", "--name", name, "--net", "ns:/run/netns/" + networkNSName, ALPINE, "top"}) + session.WaitWithDefaultTimeout() + + // delete the named network ns before inspect + delNetworkNamespace := SystemExec("ip", []string{"netns", "delete", networkNSName}) + Expect(delNetworkNamespace).Should(Exit(0)) + + inspectOut := podmanTest.InspectContainer(name) + Expect(inspectOut[0].NetworkSettings.IPAddress).To(Equal("")) + Expect(len(inspectOut[0].NetworkSettings.Networks)).To(Equal(0)) + }) + + It("podman inspect can handle joined network ns with multiple interfaces", func() { + SkipIfRootless("ip netns is not supported for rootless users") + + networkNSName := RandomString(12) + addNamedNetwork := SystemExec("ip", []string{"netns", "add", networkNSName}) + Expect(addNamedNetwork).Should(Exit(0)) + defer func() { + delNetworkNamespace := SystemExec("ip", []string{"netns", "delete", networkNSName}) + Expect(delNetworkNamespace).Should(Exit(0)) + }() + setupNetworkNs(networkNSName) + + name := RandomString(12) + session := podmanTest.Podman([]string{"run", "--name", name, "--net", "ns:/run/netns/" + networkNSName, ALPINE}) + session.WaitWithDefaultTimeout() + + session = podmanTest.Podman([]string{"container", "rm", name}) + session.WaitWithDefaultTimeout() + + // no network teardown should touch joined network ns interfaces + session = podmanTest.Podman([]string{"run", "-d", "--replace", "--name", name, "--net", "ns:/run/netns/" + networkNSName, ALPINE, "top"}) + session.WaitWithDefaultTimeout() + + checkNetworkNsInspect(name) + }) + + It("podman do not tamper with joined network ns interfaces", func() { + SkipIfRootless("ip netns is not supported for rootless users") + + networkNSName := RandomString(12) + addNamedNetwork := SystemExec("ip", []string{"netns", "add", networkNSName}) + Expect(addNamedNetwork).Should(Exit(0)) + defer func() { + delNetworkNamespace := SystemExec("ip", []string{"netns", "delete", networkNSName}) + Expect(delNetworkNamespace).Should(Exit(0)) + }() + + setupNetworkNs(networkNSName) + + name := RandomString(12) + session := podmanTest.Podman([]string{"run", "--name", name, "--net", "ns:/run/netns/" + networkNSName, ALPINE}) + session.WaitWithDefaultTimeout() + + checkNetworkNsInspect(name) + + name = RandomString(12) + session = podmanTest.Podman([]string{"run", "--name", name, "--net", "ns:/run/netns/" + networkNSName, ALPINE}) + session.WaitWithDefaultTimeout() + + checkNetworkNsInspect(name) + + // delete container, the network inspect should not change + session = podmanTest.Podman([]string{"container", "rm", name}) + session.WaitWithDefaultTimeout() + + session = podmanTest.Podman([]string{"run", "-d", "--replace", "--name", name, "--net", "ns:/run/netns/" + networkNSName, ALPINE, "top"}) + session.WaitWithDefaultTimeout() + + checkNetworkNsInspect(name) + }) + It("podman run network in bogus user created network namespace", func() { session := podmanTest.Podman([]string{"run", "-dt", "--net", "ns:/run/netns/xxy", ALPINE, "wget", "www.podman.io"}) session.Wait(90) diff --git a/test/e2e/system_service_test.go b/test/e2e/system_service_test.go index dcf5e03b2..2bc7756d6 100644 --- a/test/e2e/system_service_test.go +++ b/test/e2e/system_service_test.go @@ -58,6 +58,7 @@ var _ = Describe("podman system service", func() { const magicComment = "pprof service listening on" It("are available", func() { + Skip("FIXME: Test is too flaky (#12624)") SkipIfRemote("service subcommand not supported remotely") address := url.URL{ @@ -97,6 +98,7 @@ var _ = Describe("podman system service", func() { }) It("are not available", func() { + Skip("FIXME: Test is too flaky (#12624)") SkipIfRemote("service subcommand not supported remotely") address := url.URL{ diff --git a/troubleshooting.md b/troubleshooting.md index 93f716e00..32f14c1ee 100644 --- a/troubleshooting.md +++ b/troubleshooting.md @@ -991,12 +991,15 @@ less: dir1/a: Permission denied #### Solution -If you want to read or remove such a file, you can do so by entering a user namespace. -Instead of running commands such as `less dir1/a` or `rm dir1/a`, you would need to -prepend the command-line with `podman unshare`, i.e., -`podman unshare less dir1/a` or `podman unshare rm dir1/a`. To be able to use Bash -features, such as variable expansion and globbing, you need to wrap the command with -`bash -c`, e.g. `podman unshare bash -c 'ls $HOME/dir1/a*'`. +If you want to read, chown, or remove such a file, enter a user +namespace. Instead of running commands such as `less dir1/a` or `rm dir1/a`, you +need to prepend the command-line with `podman unshare`, i.e., +`podman unshare less dir1/a` or `podman unshare rm dir1/a`. To change the ownership +of the file _dir1/a_ to your regular user's UID and GID, run `podman unshare chown 0:0 dir1/a`. +A file having the ownership _0:0_ in the user namespace is owned by the regular +user on the host. To use Bash features, such as variable expansion and +globbing, you need to wrap the command with `bash -c`, e.g. +`podman unshare bash -c 'ls $HOME/dir1/a*'`. Would it have been possible to run Podman in another way so that your regular user would have become the owner of the file? Yes, you can use the options diff --git a/vendor/github.com/docker/distribution/.mailmap b/vendor/github.com/docker/distribution/.mailmap index 34421a4ec..8f3738f3d 100644 --- a/vendor/github.com/docker/distribution/.mailmap +++ b/vendor/github.com/docker/distribution/.mailmap @@ -44,3 +44,6 @@ Thomas Berger <loki@lokis-chaos.de> Thomas Berger <tbe@users.noreply.github.com> Samuel Karp <skarp@amazon.com> Samuel Karp <samuelkarp@users.noreply.github.com> Justin Cormack <justin.cormack@docker.com> sayboras <sayboras@yahoo.com> +CrazyMax <github@crazymax.dev> +CrazyMax <github@crazymax.dev> <1951866+crazy-max@users.noreply.github.com> +CrazyMax <github@crazymax.dev> <crazy-max@users.noreply.github.com> diff --git a/vendor/github.com/docker/distribution/Dockerfile b/vendor/github.com/docker/distribution/Dockerfile index 9d30d3771..ae8c040c7 100644 --- a/vendor/github.com/docker/distribution/Dockerfile +++ b/vendor/github.com/docker/distribution/Dockerfile @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:1.3 -ARG GO_VERSION=1.16 +ARG GO_VERSION=1.16.15 ARG GORELEASER_XX_VERSION=1.2.5 FROM --platform=$BUILDPLATFORM crazymax/goreleaser-xx:${GORELEASER_XX_VERSION} AS goreleaser-xx @@ -12,6 +12,10 @@ WORKDIR /go/src/github.com/docker/distribution FROM base AS build ENV GO111MODULE=auto ENV CGO_ENABLED=0 +# GIT_REF is used by goreleaser-xx to handle the proper git ref when available. +# It will fallback to the working tree info if empty and use "git tag --points-at" +# or "git describe" to define the version info. +ARG GIT_REF ARG TARGETPLATFORM ARG PKG="github.com/distribution/distribution" ARG BUILDTAGS="include_oss include_gcs" @@ -28,7 +32,7 @@ RUN --mount=type=bind,rw \ --files="LICENSE" \ --files="README.md" -FROM scratch AS artifacts +FROM scratch AS artifact COPY --from=build /out/*.tar.gz / COPY --from=build /out/*.zip / COPY --from=build /out/*.sha256 / diff --git a/vendor/github.com/docker/distribution/README.md b/vendor/github.com/docker/distribution/README.md index 998878850..e513c18e9 100644 --- a/vendor/github.com/docker/distribution/README.md +++ b/vendor/github.com/docker/distribution/README.md @@ -2,7 +2,7 @@ The Docker toolset to pack, ship, store, and deliver content. -This repository's main product is the Docker Registry 2.0 implementation +This repository provides the Docker Registry 2.0 implementation for storing and distributing Docker images. It supersedes the [docker/docker-registry](https://github.com/docker/docker-registry) project with a new API design, focused around security and performance. diff --git a/vendor/github.com/docker/distribution/docker-bake.hcl b/vendor/github.com/docker/distribution/docker-bake.hcl index e1457bb81..4dd5a100c 100644 --- a/vendor/github.com/docker/distribution/docker-bake.hcl +++ b/vendor/github.com/docker/distribution/docker-bake.hcl @@ -1,3 +1,15 @@ +// GITHUB_REF is the actual ref that triggers the workflow +// https://docs.github.com/en/actions/learn-github-actions/environment-variables#default-environment-variables +variable "GITHUB_REF" { + default = "" +} + +target "_common" { + args = { + GIT_REF = GITHUB_REF + } +} + group "default" { targets = ["image-local"] } @@ -8,12 +20,14 @@ target "docker-metadata-action" { } target "binary" { + inherits = ["_common"] target = "binary" output = ["./bin"] } target "artifact" { - target = "artifacts" + inherits = ["_common"] + target = "artifact" output = ["./bin"] } @@ -30,7 +44,7 @@ target "artifact-all" { } target "image" { - inherits = ["docker-metadata-action"] + inherits = ["_common", "docker-metadata-action"] } target "image-local" { diff --git a/vendor/modules.txt b/vendor/modules.txt index 319a3592f..8214e0b98 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -312,7 +312,7 @@ github.com/digitalocean/go-libvirt/internal/go-xdr/xdr2 github.com/digitalocean/go-qemu/qmp # github.com/disiqueira/gotree/v3 v3.0.2 github.com/disiqueira/gotree/v3 -# github.com/docker/distribution v2.8.0+incompatible +# github.com/docker/distribution v2.8.1+incompatible ## explicit github.com/docker/distribution github.com/docker/distribution/digestset |