diff options
238 files changed, 2895 insertions, 1746 deletions
@@ -51,10 +51,20 @@ BUILDTAGS ?= \ $(shell hack/libsubid_tag.sh) \ exclude_graphdriver_devicemapper \ seccomp +ifeq ($(shell uname -s),FreeBSD) +# Use bash for make's shell function - the default shell on FreeBSD +# has a command builtin is not compatible with the way its used below +SHELL := $(shell command -v bash) +endif PYTHON ?= $(shell command -v python3 python|head -n1) PKG_MANAGER ?= $(shell command -v dnf yum|head -n1) # ~/.local/bin is not in PATH on all systems PRE_COMMIT = $(shell command -v bin/venv/bin/pre-commit ~/.local/bin/pre-commit pre-commit | head -n1) +ifeq ($(shell uname -s),FreeBSD) +SED=gsed +else +SED=sed +endif # This isn't what we actually build; it's a superset, used for target # dependencies. Basically: all *.go and *.c files, except *_test.go, @@ -180,7 +190,11 @@ default: all all: binaries docs .PHONY: binaries +ifeq ($(shell uname -s),FreeBSD) +binaries: podman podman-remote ## Build podman and podman-remote binaries +else binaries: podman podman-remote rootlessport ## Build podman, podman-remote and rootlessport binaries +endif # Extract text following double-# for targets, as their description for # the `help` target. Otherwise These simple-substitutions are resolved @@ -423,7 +437,7 @@ $(MANPAGES): %: %.md .install.md2man docdir ### replaces "\" at the end of a line with two spaces ### this ensures that manpages are renderd correctly - @sed -e 's/\((podman[^)]*\.md\(#.*\)\?)\)//g' \ + @$(SED) -e 's/\((podman[^)]*\.md\(#.*\)\?)\)//g' \ -e 's/\[\(podman[^]]*\)\]/\1/g' \ -e 's/\[\([^]]*\)](http[^)]\+)/\1/g' \ -e 's;<\(/\)\?\(a\|a\s\+[^>]*\|sup\)>;;g' \ @@ -739,7 +753,9 @@ install.bin: install ${SELINUXOPT} -m 755 bin/podman $(DESTDIR)$(BINDIR)/podman test -z "${SELINUXOPT}" || chcon --verbose --reference=$(DESTDIR)$(BINDIR)/podman bin/podman install ${SELINUXOPT} -d -m 755 $(DESTDIR)$(LIBEXECPODMAN) +ifneq ($(shell uname -s),FreeBSD) install ${SELINUXOPT} -m 755 bin/rootlessport $(DESTDIR)$(LIBEXECPODMAN)/rootlessport +endif test -z "${SELINUXOPT}" || chcon --verbose --reference=$(DESTDIR)$(LIBEXECPODMAN)/rootlessport bin/rootlessport install ${SELINUXOPT} -m 755 -d ${DESTDIR}${TMPFILESDIR} install ${SELINUXOPT} -m 644 contrib/tmpfile/podman.conf ${DESTDIR}${TMPFILESDIR}/podman.conf @@ -753,9 +769,9 @@ install.modules-load: # This should only be used by distros which might use ipta install.man: install ${SELINUXOPT} -d -m 755 $(DESTDIR)$(MANDIR)/man1 install ${SELINUXOPT} -d -m 755 $(DESTDIR)$(MANDIR)/man5 - install ${SELINUXOPT} -m 644 $(filter %.1,$(MANPAGES_DEST)) -t $(DESTDIR)$(MANDIR)/man1 - install ${SELINUXOPT} -m 644 $(filter %.5,$(MANPAGES_DEST)) -t $(DESTDIR)$(MANDIR)/man5 - install ${SELINUXOPT} -m 644 docs/source/markdown/links/*1 -t $(DESTDIR)$(MANDIR)/man1 + install ${SELINUXOPT} -m 644 $(filter %.1,$(MANPAGES_DEST)) $(DESTDIR)$(MANDIR)/man1 + install ${SELINUXOPT} -m 644 $(filter %.5,$(MANPAGES_DEST)) $(DESTDIR)$(MANDIR)/man5 + install ${SELINUXOPT} -m 644 docs/source/markdown/links/*1 $(DESTDIR)$(MANDIR)/man1 .PHONY: install.completions install.completions: @@ -792,7 +808,7 @@ ifneq (,$(findstring systemd,$(BUILDTAGS))) PODMAN_UNIT_FILES = contrib/systemd/auto-update/podman-auto-update.service \ contrib/systemd/system/podman.service \ contrib/systemd/system/podman-restart.service \ - contrib/systemd/system/podman-play-kube@.service + contrib/systemd/system/podman-kube@.service %.service: %.service.in sed -e 's;@@PODMAN@@;$(BINDIR)/podman;g' $< >$@.tmp.$$ \ @@ -806,14 +822,14 @@ install.systemd: $(PODMAN_UNIT_FILES) install ${SELINUXOPT} -m 644 contrib/systemd/system/podman.socket ${DESTDIR}${USERSYSTEMDDIR}/podman.socket install ${SELINUXOPT} -m 644 contrib/systemd/system/podman.service ${DESTDIR}${USERSYSTEMDDIR}/podman.service install ${SELINUXOPT} -m 644 contrib/systemd/system/podman-restart.service ${DESTDIR}${USERSYSTEMDDIR}/podman-restart.service - install ${SELINUXOPT} -m 644 contrib/systemd/system/podman-play-kube@.service ${DESTDIR}${USERSYSTEMDDIR}/podman-play-kube@.service + install ${SELINUXOPT} -m 644 contrib/systemd/system/podman-kube@.service ${DESTDIR}${USERSYSTEMDDIR}/podman-kube@.service # System services install ${SELINUXOPT} -m 644 contrib/systemd/auto-update/podman-auto-update.service ${DESTDIR}${SYSTEMDDIR}/podman-auto-update.service install ${SELINUXOPT} -m 644 contrib/systemd/auto-update/podman-auto-update.timer ${DESTDIR}${SYSTEMDDIR}/podman-auto-update.timer install ${SELINUXOPT} -m 644 contrib/systemd/system/podman.socket ${DESTDIR}${SYSTEMDDIR}/podman.socket install ${SELINUXOPT} -m 644 contrib/systemd/system/podman.service ${DESTDIR}${SYSTEMDDIR}/podman.service install ${SELINUXOPT} -m 644 contrib/systemd/system/podman-restart.service ${DESTDIR}${SYSTEMDDIR}/podman-restart.service - install ${SELINUXOPT} -m 644 contrib/systemd/system/podman-play-kube@.service ${DESTDIR}${SYSTEMDDIR}/podman-play-kube@.service + install ${SELINUXOPT} -m 644 contrib/systemd/system/podman-kube@.service ${DESTDIR}${SYSTEMDDIR}/podman-kube@.service rm -f $(PODMAN_UNIT_FILES) else install.systemd: diff --git a/cmd/podman-mac-helper/install.go b/cmd/podman-mac-helper/install.go index a1b99e66c..713bdfcdf 100644 --- a/cmd/podman-mac-helper/install.go +++ b/cmd/podman-mac-helper/install.go @@ -5,6 +5,7 @@ package main import ( "bytes" + "errors" "fmt" "io" "io/fs" @@ -14,7 +15,6 @@ import ( "syscall" "text/template" - "github.com/pkg/errors" "github.com/spf13/cobra" ) @@ -111,7 +111,7 @@ func install(cmd *cobra.Command, args []string) error { file, err := os.OpenFile(fileName, os.O_WRONLY|os.O_CREATE|os.O_EXCL, rw_r_r) if err != nil { - return errors.Wrap(err, "error creating helper plist file") + return fmt.Errorf("creating helper plist file: %w", err) } defer file.Close() _, err = buf.WriteTo(file) @@ -120,7 +120,7 @@ func install(cmd *cobra.Command, args []string) error { } if err = runDetectErr("launchctl", "load", fileName); err != nil { - return errors.Wrap(err, "launchctl failed loading service") + return fmt.Errorf("launchctl failed loading service: %w", err) } return nil @@ -133,13 +133,13 @@ func restrictRecursive(targetDir string, until string) error { return err } if info.Mode()&fs.ModeSymlink != 0 { - return errors.Errorf("symlinks not allowed in helper paths (remove them and rerun): %s", targetDir) + return fmt.Errorf("symlinks not allowed in helper paths (remove them and rerun): %s", targetDir) } if err = os.Chown(targetDir, 0, 0); err != nil { - return errors.Wrap(err, "could not update ownership of helper path") + return fmt.Errorf("could not update ownership of helper path: %w", err) } if err = os.Chmod(targetDir, rwx_rx_rx|fs.ModeSticky); err != nil { - return errors.Wrap(err, "could not update permissions of helper path") + return fmt.Errorf("could not update permissions of helper path: %w", err) } targetDir = filepath.Dir(targetDir) } @@ -162,7 +162,7 @@ func verifyRootDeep(path string) error { stat := info.Sys().(*syscall.Stat_t) if stat.Uid != 0 { - return errors.Errorf("installation target path must be solely owned by root: %s is not", current) + return fmt.Errorf("installation target path must be solely owned by root: %s is not", current) } if info.Mode()&fs.ModeSymlink != 0 { @@ -193,7 +193,7 @@ func verifyRootDeep(path string) error { func installExecutable(user string) (string, error) { // Since the installed executable runs as root, as a precaution verify root ownership of - // the entire installation path, and utilize sticky + read only perms for the helper path + // the entire installation path, and utilize sticky + read-only perms for the helper path // suffix. The goal is to help users harden against privilege escalation from loose // filesystem permissions. // @@ -206,7 +206,7 @@ func installExecutable(user string) (string, error) { targetDir := filepath.Join(installPrefix, "podman", "helper", user) if err := os.MkdirAll(targetDir, rwx_rx_rx); err != nil { - return "", errors.Wrap(err, "could not create helper directory structure") + return "", fmt.Errorf("could not create helper directory structure: %w", err) } // Correct any incorrect perms on previously existing directories and verify no symlinks diff --git a/cmd/podman-mac-helper/main.go b/cmd/podman-mac-helper/main.go index 735d9898f..937cb8433 100644 --- a/cmd/podman-mac-helper/main.go +++ b/cmd/podman-mac-helper/main.go @@ -4,6 +4,7 @@ package main import ( + "errors" "fmt" "io" "io/ioutil" @@ -13,7 +14,6 @@ import ( "strconv" "strings" - "github.com/pkg/errors" "github.com/spf13/cobra" ) @@ -97,7 +97,7 @@ func getUser() (string, string, string, error) { return "", "", "", fmt.Errorf("invalid uid for user: %s", name) } if id == 0 { - return "", "", "", fmt.Errorf("unexpected root user") + return "", "", "", errors.New("unexpected root user") } return name, uid, home, nil diff --git a/cmd/podman-mac-helper/uninstall.go b/cmd/podman-mac-helper/uninstall.go index f72d0efd1..0c21b27e9 100644 --- a/cmd/podman-mac-helper/uninstall.go +++ b/cmd/podman-mac-helper/uninstall.go @@ -9,7 +9,6 @@ import ( "os/exec" "path/filepath" - "github.com/pkg/errors" "github.com/spf13/cobra" ) @@ -48,13 +47,13 @@ func uninstall(cmd *cobra.Command, args []string) error { if err := os.Remove(fileName); err != nil { if !os.IsNotExist(err) { - return errors.Errorf("could not remove plist file: %s", fileName) + return fmt.Errorf("could not remove plist file: %s", fileName) } } helperPath := filepath.Join(installPrefix, "podman", "helper", userName) if err := os.RemoveAll(helperPath); err != nil { - return errors.Errorf("could not remove helper binary path: %s", helperPath) + return fmt.Errorf("could not remove helper binary path: %s", helperPath) } return nil } diff --git a/cmd/podman/auto-update.go b/cmd/podman/auto-update.go index 1dc29530e..88ef0ec88 100644 --- a/cmd/podman/auto-update.go +++ b/cmd/podman/auto-update.go @@ -13,7 +13,6 @@ import ( "github.com/containers/podman/v4/cmd/podman/registry" "github.com/containers/podman/v4/pkg/domain/entities" "github.com/containers/podman/v4/pkg/errorhandling" - "github.com/pkg/errors" "github.com/spf13/cobra" ) @@ -63,7 +62,7 @@ func init() { func autoUpdate(cmd *cobra.Command, args []string) error { if len(args) > 0 { // Backwards compat. System tests expect this error string. - return errors.Errorf("`%s` takes no arguments", cmd.CommandPath()) + return fmt.Errorf("`%s` takes no arguments", cmd.CommandPath()) } allReports, failures := registry.ContainerEngine().AutoUpdate(registry.GetContext(), autoUpdateOptions.AutoUpdateOptions) diff --git a/cmd/podman/common/create.go b/cmd/podman/common/create.go index e25bdd241..f05549a8d 100644 --- a/cmd/podman/common/create.go +++ b/cmd/podman/common/create.go @@ -863,14 +863,6 @@ func DefineCreateFlags(cmd *cobra.Command, cf *entities.ContainerCreateOptions, ) _ = cmd.RegisterFlagCompletionFunc(cpusetMemsFlagName, completion.AutocompleteNone) - memoryFlagName := "memory" - createFlags.StringVarP( - &cf.Memory, - memoryFlagName, "m", "", - "Memory limit "+sizeWithUnitFormat, - ) - _ = cmd.RegisterFlagCompletionFunc(memoryFlagName, completion.AutocompleteNone) - memoryReservationFlagName := "memory-reservation" createFlags.StringVar( &cf.MemoryReservation, @@ -912,4 +904,12 @@ func DefineCreateFlags(cmd *cobra.Command, cf *entities.ContainerCreateOptions, "CPUs in which to allow execution (0-3, 0,1)", ) _ = cmd.RegisterFlagCompletionFunc(cpusetCpusFlagName, completion.AutocompleteNone) + + memoryFlagName := "memory" + createFlags.StringVarP( + &cf.Memory, + memoryFlagName, "m", "", + "Memory limit "+sizeWithUnitFormat, + ) + _ = cmd.RegisterFlagCompletionFunc(memoryFlagName, completion.AutocompleteNone) } diff --git a/cmd/podman/common/diffChanges.go b/cmd/podman/common/diffChanges.go index 99b5f1dcd..6d4c7154a 100644 --- a/cmd/podman/common/diffChanges.go +++ b/cmd/podman/common/diffChanges.go @@ -6,7 +6,6 @@ import ( "github.com/containers/podman/v4/pkg/domain/entities" "github.com/containers/storage/pkg/archive" - "github.com/pkg/errors" ) type ChangesReportJSON struct { @@ -26,7 +25,7 @@ func ChangesToJSON(diffs *entities.DiffReport) error { case archive.ChangeModify: body.Changed = append(body.Changed, row.Path) default: - return errors.Errorf("output kind %q not recognized", row.Kind) + return fmt.Errorf("output kind %q not recognized", row.Kind) } } diff --git a/cmd/podman/common/netflags.go b/cmd/podman/common/netflags.go index 9dfe81d62..e7aa265d1 100644 --- a/cmd/podman/common/netflags.go +++ b/cmd/podman/common/netflags.go @@ -1,6 +1,8 @@ package common import ( + "errors" + "fmt" "net" "github.com/containers/common/libnetwork/types" @@ -10,7 +12,6 @@ import ( "github.com/containers/podman/v4/pkg/domain/entities" "github.com/containers/podman/v4/pkg/specgen" "github.com/containers/podman/v4/pkg/specgenutil" - "github.com/pkg/errors" "github.com/spf13/cobra" "github.com/spf13/pflag" ) @@ -125,13 +126,13 @@ func NetFlagsToNetOptions(opts *entities.NetOptions, flags pflag.FlagSet) (*enti if d == "none" { opts.UseImageResolvConf = true if len(servers) > 1 { - return nil, errors.Errorf("%s is not allowed to be specified with other DNS ip addresses", d) + return nil, fmt.Errorf("%s is not allowed to be specified with other DNS ip addresses", d) } break } dns := net.ParseIP(d) if dns == nil { - return nil, errors.Errorf("%s is not an ip address", d) + return nil, fmt.Errorf("%s is not an ip address", d) } opts.DNSServers = append(opts.DNSServers, dns) } @@ -154,7 +155,7 @@ func NetFlagsToNetOptions(opts *entities.NetOptions, flags pflag.FlagSet) (*enti for _, dom := range dnsSearches { if dom == "." { if len(dnsSearches) > 1 { - return nil, errors.Errorf("cannot pass additional search domains when also specifying '.'") + return nil, errors.New("cannot pass additional search domains when also specifying '.'") } continue } @@ -218,18 +219,18 @@ func NetFlagsToNetOptions(opts *entities.NetOptions, flags pflag.FlagSet) (*enti if ip != "" { // if pod create --infra=false if infra, err := flags.GetBool("infra"); err == nil && !infra { - return nil, errors.Wrapf(define.ErrInvalidArg, "cannot set --%s without infra container", ipFlagName) + return nil, fmt.Errorf("cannot set --%s without infra container: %w", ipFlagName, define.ErrInvalidArg) } staticIP := net.ParseIP(ip) if staticIP == nil { - return nil, errors.Errorf("%q is not an ip address", ip) + return nil, fmt.Errorf("%q is not an ip address", ip) } if !opts.Network.IsBridge() && !opts.Network.IsDefault() { - return nil, errors.Wrapf(define.ErrInvalidArg, "--%s can only be set when the network mode is bridge", ipFlagName) + return nil, fmt.Errorf("--%s can only be set when the network mode is bridge: %w", ipFlagName, define.ErrInvalidArg) } if len(opts.Networks) != 1 { - return nil, errors.Wrapf(define.ErrInvalidArg, "--%s can only be set for a single network", ipFlagName) + return nil, fmt.Errorf("--%s can only be set for a single network: %w", ipFlagName, define.ErrInvalidArg) } for name, netOpts := range opts.Networks { netOpts.StaticIPs = append(netOpts.StaticIPs, staticIP) @@ -245,17 +246,17 @@ func NetFlagsToNetOptions(opts *entities.NetOptions, flags pflag.FlagSet) (*enti if len(m) > 0 { // if pod create --infra=false if infra, err := flags.GetBool("infra"); err == nil && !infra { - return nil, errors.Wrap(define.ErrInvalidArg, "cannot set --mac without infra container") + return nil, fmt.Errorf("cannot set --mac without infra container: %w", define.ErrInvalidArg) } mac, err := net.ParseMAC(m) if err != nil { return nil, err } if !opts.Network.IsBridge() && !opts.Network.IsDefault() { - return nil, errors.Wrap(define.ErrInvalidArg, "--mac-address can only be set when the network mode is bridge") + return nil, fmt.Errorf("--mac-address can only be set when the network mode is bridge: %w", define.ErrInvalidArg) } if len(opts.Networks) != 1 { - return nil, errors.Wrap(define.ErrInvalidArg, "--mac-address can only be set for a single network") + return nil, fmt.Errorf("--mac-address can only be set for a single network: %w", define.ErrInvalidArg) } for name, netOpts := range opts.Networks { netOpts.StaticMAC = types.HardwareAddr(mac) @@ -270,10 +271,10 @@ func NetFlagsToNetOptions(opts *entities.NetOptions, flags pflag.FlagSet) (*enti if len(aliases) > 0 { // if pod create --infra=false if infra, err := flags.GetBool("infra"); err == nil && !infra { - return nil, errors.Wrap(define.ErrInvalidArg, "cannot set --network-alias without infra container") + return nil, fmt.Errorf("cannot set --network-alias without infra container: %w", define.ErrInvalidArg) } if !opts.Network.IsBridge() && !opts.Network.IsDefault() { - return nil, errors.Wrap(define.ErrInvalidArg, "--network-alias can only be set when the network mode is bridge") + return nil, fmt.Errorf("--network-alias can only be set when the network mode is bridge: %w", define.ErrInvalidArg) } for name, netOpts := range opts.Networks { netOpts.Aliases = aliases diff --git a/cmd/podman/containers/attach.go b/cmd/podman/containers/attach.go index 1a05ea5c3..52adb1fcb 100644 --- a/cmd/podman/containers/attach.go +++ b/cmd/podman/containers/attach.go @@ -1,13 +1,13 @@ package containers import ( + "errors" "os" "github.com/containers/podman/v4/cmd/podman/common" "github.com/containers/podman/v4/cmd/podman/registry" "github.com/containers/podman/v4/cmd/podman/validate" "github.com/containers/podman/v4/pkg/domain/entities" - "github.com/pkg/errors" "github.com/spf13/cobra" ) @@ -70,7 +70,7 @@ func init() { func attach(cmd *cobra.Command, args []string) error { if len(args) > 1 || (len(args) == 0 && !attachOpts.Latest) { - return errors.Errorf("attach requires the name or id of one running container or the latest flag") + return errors.New("attach requires the name or id of one running container or the latest flag") } var name string diff --git a/cmd/podman/containers/checkpoint.go b/cmd/podman/containers/checkpoint.go index e0891f7a1..0eb0db394 100644 --- a/cmd/podman/containers/checkpoint.go +++ b/cmd/podman/containers/checkpoint.go @@ -2,6 +2,7 @@ package containers import ( "context" + "errors" "fmt" "strings" "time" @@ -15,7 +16,6 @@ import ( "github.com/containers/podman/v4/pkg/domain/entities" "github.com/containers/podman/v4/pkg/rootless" "github.com/containers/storage/pkg/archive" - "github.com/pkg/errors" "github.com/spf13/cobra" ) @@ -90,7 +90,7 @@ func checkpoint(cmd *cobra.Command, args []string) error { podmanStart := time.Now() if cmd.Flags().Changed("compress") { if checkpointOptions.Export == "" { - return errors.Errorf("--compress can only be used with --export") + return errors.New("--compress can only be used with --export") } compress, _ := cmd.Flags().GetString("compress") switch strings.ToLower(compress) { @@ -101,7 +101,7 @@ func checkpoint(cmd *cobra.Command, args []string) error { case "zstd": checkpointOptions.Compression = archive.Zstd default: - return errors.Errorf("Selected compression algorithm (%q) not supported. Please select one from: gzip, none, zstd", compress) + return fmt.Errorf("selected compression algorithm (%q) not supported. Please select one from: gzip, none, zstd", compress) } } else { checkpointOptions.Compression = archive.Zstd @@ -110,13 +110,13 @@ func checkpoint(cmd *cobra.Command, args []string) error { return errors.New("checkpointing a container requires root") } if checkpointOptions.Export == "" && checkpointOptions.IgnoreRootFS { - return errors.Errorf("--ignore-rootfs can only be used with --export") + return errors.New("--ignore-rootfs can only be used with --export") } if checkpointOptions.Export == "" && checkpointOptions.IgnoreVolumes { - return errors.Errorf("--ignore-volumes can only be used with --export") + return errors.New("--ignore-volumes can only be used with --export") } if checkpointOptions.WithPrevious && checkpointOptions.PreCheckPoint { - return errors.Errorf("--with-previous can not be used with --pre-checkpoint") + return errors.New("--with-previous can not be used with --pre-checkpoint") } if (checkpointOptions.WithPrevious || checkpointOptions.PreCheckPoint) && !criu.MemTrack() { return errors.New("system (architecture/kernel/CRIU) does not support memory tracking") diff --git a/cmd/podman/containers/cleanup.go b/cmd/podman/containers/cleanup.go index 18cec097c..c9a5cb28b 100644 --- a/cmd/podman/containers/cleanup.go +++ b/cmd/podman/containers/cleanup.go @@ -1,6 +1,7 @@ package containers import ( + "errors" "fmt" "github.com/containers/common/pkg/completion" @@ -9,7 +10,6 @@ import ( "github.com/containers/podman/v4/cmd/podman/utils" "github.com/containers/podman/v4/cmd/podman/validate" "github.com/containers/podman/v4/pkg/domain/entities" - "github.com/pkg/errors" "github.com/sirupsen/logrus" "github.com/spf13/cobra" ) @@ -65,11 +65,11 @@ func cleanup(cmd *cobra.Command, args []string) error { if cleanupOptions.Exec != "" { switch { case cleanupOptions.All: - return errors.Errorf("exec and all options conflict") + return errors.New("exec and all options conflict") case len(args) > 1: - return errors.Errorf("cannot use exec option when more than one container is given") + return errors.New("cannot use exec option when more than one container is given") case cleanupOptions.RemoveImage: - return errors.Errorf("exec and rmi options conflict") + return errors.New("exec and rmi options conflict") } } diff --git a/cmd/podman/containers/clone.go b/cmd/podman/containers/clone.go index 2763adf3c..9881a791c 100644 --- a/cmd/podman/containers/clone.go +++ b/cmd/podman/containers/clone.go @@ -7,7 +7,6 @@ import ( "github.com/containers/podman/v4/cmd/podman/registry" "github.com/containers/podman/v4/libpod/define" "github.com/containers/podman/v4/pkg/domain/entities" - "github.com/pkg/errors" "github.com/spf13/cobra" ) @@ -56,7 +55,7 @@ func init() { func clone(cmd *cobra.Command, args []string) error { switch len(args) { case 0: - return errors.Wrapf(define.ErrInvalidArg, "must specify at least 1 argument") + return fmt.Errorf("must specify at least 1 argument: %w", define.ErrInvalidArg) case 2: ctrClone.CreateOpts.Name = args[1] case 3: @@ -64,7 +63,7 @@ func clone(cmd *cobra.Command, args []string) error { ctrClone.Image = args[2] if !cliVals.RootFS { rawImageName := args[0] - name, err := PullImage(ctrClone.Image, ctrClone.CreateOpts) + name, err := PullImage(ctrClone.Image, &ctrClone.CreateOpts) if err != nil { return err } @@ -73,7 +72,7 @@ func clone(cmd *cobra.Command, args []string) error { } } if ctrClone.Force && !ctrClone.Destroy { - return errors.Wrapf(define.ErrInvalidArg, "cannot set --force without --destroy") + return fmt.Errorf("cannot set --force without --destroy: %w", define.ErrInvalidArg) } ctrClone.ID = args[0] diff --git a/cmd/podman/containers/commit.go b/cmd/podman/containers/commit.go index e0cadd5b0..fb6dccad4 100644 --- a/cmd/podman/containers/commit.go +++ b/cmd/podman/containers/commit.go @@ -11,7 +11,6 @@ import ( "github.com/containers/podman/v4/cmd/podman/common" "github.com/containers/podman/v4/cmd/podman/registry" "github.com/containers/podman/v4/pkg/domain/entities" - "github.com/pkg/errors" "github.com/spf13/cobra" ) @@ -109,7 +108,7 @@ func commit(cmd *cobra.Command, args []string) error { } if len(iidFile) > 0 { if err = ioutil.WriteFile(iidFile, []byte(response.Id), 0644); err != nil { - return errors.Wrap(err, "failed to write image ID") + return fmt.Errorf("failed to write image ID: %w", err) } } fmt.Println(response.Id) diff --git a/cmd/podman/containers/cp.go b/cmd/podman/containers/cp.go index a5842afc8..c38cba66e 100644 --- a/cmd/podman/containers/cp.go +++ b/cmd/podman/containers/cp.go @@ -1,6 +1,7 @@ package containers import ( + "fmt" "io" "io/ioutil" "os" @@ -9,6 +10,8 @@ import ( "strconv" "strings" + "errors" + buildahCopiah "github.com/containers/buildah/copier" "github.com/containers/podman/v4/cmd/podman/common" "github.com/containers/podman/v4/cmd/podman/registry" @@ -17,7 +20,6 @@ import ( "github.com/containers/podman/v4/pkg/errorhandling" "github.com/containers/storage/pkg/archive" "github.com/containers/storage/pkg/idtools" - "github.com/pkg/errors" "github.com/sirupsen/logrus" "github.com/spf13/cobra" ) @@ -102,7 +104,7 @@ func containerMustExist(container string) error { return err } if !exists.Value { - return errors.Errorf("container %q does not exist", container) + return fmt.Errorf("container %q does not exist", container) } return nil } @@ -131,7 +133,7 @@ func copyContainerToContainer(sourceContainer string, sourcePath string, destCon sourceContainerInfo, err := registry.ContainerEngine().ContainerStat(registry.GetContext(), sourceContainer, sourcePath) if err != nil { - return errors.Wrapf(err, "%q could not be found on container %s", sourcePath, sourceContainer) + return fmt.Errorf("%q could not be found on container %s: %w", sourcePath, sourceContainer, err) } destContainerBaseName, destContainerInfo, destResolvedToParentDir, err := resolvePathOnDestinationContainer(destContainer, destPath, false) @@ -170,7 +172,7 @@ func copyContainerToContainer(sourceContainer string, sourcePath string, destCon return err } if err := copyFunc(); err != nil { - return errors.Wrap(err, "error copying from container") + return fmt.Errorf("error copying from container: %w", err) } return nil } @@ -190,7 +192,7 @@ func copyContainerToContainer(sourceContainer string, sourcePath string, destCon return err } if err := copyFunc(); err != nil { - return errors.Wrap(err, "error copying to container") + return fmt.Errorf("error copying to container: %w", err) } return nil } @@ -212,7 +214,7 @@ func copyFromContainer(container string, containerPath string, hostPath string) containerInfo, err := registry.ContainerEngine().ContainerStat(registry.GetContext(), container, containerPath) if err != nil { - return errors.Wrapf(err, "%q could not be found on container %s", containerPath, container) + return fmt.Errorf("%q could not be found on container %s: %w", containerPath, container, err) } var hostBaseName string @@ -220,13 +222,13 @@ func copyFromContainer(container string, containerPath string, hostPath string) hostInfo, hostInfoErr := copy.ResolveHostPath(hostPath) if hostInfoErr != nil { if strings.HasSuffix(hostPath, "/") { - return errors.Wrapf(hostInfoErr, "%q could not be found on the host", hostPath) + return fmt.Errorf("%q could not be found on the host: %w", hostPath, hostInfoErr) } // If it doesn't exist, then let's have a look at the parent dir. parentDir := filepath.Dir(hostPath) hostInfo, err = copy.ResolveHostPath(parentDir) if err != nil { - return errors.Wrapf(hostInfoErr, "%q could not be found on the host", hostPath) + return fmt.Errorf("%q could not be found on the host: %w", hostPath, hostInfoErr) } // If the specified path does not exist, we need to assume that // it'll be created while copying. Hence, we use it as the @@ -241,7 +243,7 @@ func copyFromContainer(container string, containerPath string, hostPath string) if !isStdout { if err := validateFileInfo(hostInfo); err != nil { - return errors.Wrap(err, "invalid destination") + return fmt.Errorf("invalid destination: %w", err) } } @@ -313,7 +315,7 @@ func copyFromContainer(container string, containerPath string, hostPath string) dir = filepath.Dir(dir) } if err := buildahCopiah.Put(dir, "", putOptions, reader); err != nil { - return errors.Wrap(err, "error copying to host") + return fmt.Errorf("error copying to host: %w", err) } return nil } @@ -325,7 +327,7 @@ func copyFromContainer(container string, containerPath string, hostPath string) return err } if err := copyFunc(); err != nil { - return errors.Wrap(err, "error copying from container") + return fmt.Errorf("error copying from container: %w", err) } return nil } @@ -347,7 +349,7 @@ func copyToContainer(container string, containerPath string, hostPath string) er // Make sure that host path exists. hostInfo, err := copy.ResolveHostPath(hostPath) if err != nil { - return errors.Wrapf(err, "%q could not be found on the host", hostPath) + return fmt.Errorf("%q could not be found on the host: %w", hostPath, err) } containerBaseName, containerInfo, containerResolvedToParentDir, err := resolvePathOnDestinationContainer(container, containerPath, isStdin) @@ -422,7 +424,7 @@ func copyToContainer(container string, containerPath string, hostPath string) er getOptions.Rename = map[string]string{filepath.Base(hostTarget): containerBaseName} } if err := buildahCopiah.Get("/", "", getOptions, []string{hostTarget}, writer); err != nil { - return errors.Wrap(err, "error copying from host") + return fmt.Errorf("error copying from host: %w", err) } return nil } @@ -439,7 +441,7 @@ func copyToContainer(container string, containerPath string, hostPath string) er return err } if err := copyFunc(); err != nil { - return errors.Wrap(err, "error copying to container") + return fmt.Errorf("error copying to container: %w", err) } return nil } @@ -458,7 +460,7 @@ func resolvePathOnDestinationContainer(container string, containerPath string, i } if strings.HasSuffix(containerPath, "/") { - err = errors.Wrapf(err, "%q could not be found on container %s", containerPath, container) + err = fmt.Errorf("%q could not be found on container %s: %w", containerPath, container, err) return } if isStdin { @@ -479,13 +481,13 @@ func resolvePathOnDestinationContainer(container string, containerPath string, i parentDir, err := containerParentDir(container, path) if err != nil { - err = errors.Wrapf(err, "could not determine parent dir of %q on container %s", path, container) + err = fmt.Errorf("could not determine parent dir of %q on container %s: %w", path, container, err) return } containerInfo, err = registry.ContainerEngine().ContainerStat(registry.GetContext(), container, parentDir) if err != nil { - err = errors.Wrapf(err, "%q could not be found on container %s", containerPath, container) + err = fmt.Errorf("%q could not be found on container %s: %w", containerPath, container, err) return } @@ -505,7 +507,7 @@ func containerParentDir(container string, containerPath string) (string, error) return "", err } if len(inspectData) != 1 { - return "", errors.Errorf("inspecting container %q: expected 1 data item but got %d", container, len(inspectData)) + return "", fmt.Errorf("inspecting container %q: expected 1 data item but got %d", container, len(inspectData)) } workDir := filepath.Join("/", inspectData[0].Config.WorkingDir) workDir = filepath.Join(workDir, containerPath) @@ -518,5 +520,5 @@ func validateFileInfo(info *copy.FileInfo) error { if info.Mode.IsDir() || info.Mode.IsRegular() { return nil } - return errors.Errorf("%q must be a directory or a regular file", info.LinkTarget) + return fmt.Errorf("%q must be a directory or a regular file", info.LinkTarget) } diff --git a/cmd/podman/containers/create.go b/cmd/podman/containers/create.go index c021aa031..05a59ce7b 100644 --- a/cmd/podman/containers/create.go +++ b/cmd/podman/containers/create.go @@ -2,6 +2,7 @@ package containers import ( "context" + "errors" "fmt" "os" "strconv" @@ -21,7 +22,6 @@ import ( "github.com/containers/podman/v4/pkg/specgenutil" "github.com/containers/podman/v4/pkg/util" "github.com/mattn/go-isatty" - "github.com/pkg/errors" "github.com/sirupsen/logrus" "github.com/spf13/cobra" ) @@ -128,7 +128,7 @@ func create(cmd *cobra.Command, args []string) error { return errors.New("must specify pod value with init-ctr") } if !cutil.StringInSlice(initctr, []string{define.AlwaysInitContainer, define.OneShotInitContainer}) { - return errors.Errorf("init-ctr value must be '%s' or '%s'", define.AlwaysInitContainer, define.OneShotInitContainer) + return fmt.Errorf("init-ctr value must be '%s' or '%s'", define.AlwaysInitContainer, define.OneShotInitContainer) } cliVals.InitContainerType = initctr } @@ -141,7 +141,7 @@ func create(cmd *cobra.Command, args []string) error { rawImageName := "" if !cliVals.RootFS { rawImageName = args[0] - name, err := PullImage(args[0], cliVals) + name, err := PullImage(args[0], &cliVals) if err != nil { return err } @@ -218,10 +218,10 @@ func CreateInit(c *cobra.Command, vals entities.ContainerCreateOptions, isInfra if !isInfra { if c.Flag("cpu-period").Changed && c.Flag("cpus").Changed { - return vals, errors.Errorf("--cpu-period and --cpus cannot be set together") + return vals, errors.New("--cpu-period and --cpus cannot be set together") } if c.Flag("cpu-quota").Changed && c.Flag("cpus").Changed { - return vals, errors.Errorf("--cpu-quota and --cpus cannot be set together") + return vals, errors.New("--cpu-quota and --cpus cannot be set together") } vals.IPC = c.Flag("ipc").Value.String() vals.UTS = c.Flag("uts").Value.String() @@ -268,30 +268,30 @@ func CreateInit(c *cobra.Command, vals entities.ContainerCreateOptions, isInfra if c.Flags().Changed("env") { env, err := c.Flags().GetStringArray("env") if err != nil { - return vals, errors.Wrapf(err, "retrieve env flag") + return vals, fmt.Errorf("retrieve env flag: %w", err) } vals.Env = env } if c.Flag("cgroups").Changed && vals.CgroupsMode == "split" && registry.IsRemote() { - return vals, errors.Errorf("the option --cgroups=%q is not supported in remote mode", vals.CgroupsMode) + return vals, fmt.Errorf("the option --cgroups=%q is not supported in remote mode", vals.CgroupsMode) } if c.Flag("pod").Changed && !strings.HasPrefix(c.Flag("pod").Value.String(), "new:") && c.Flag("userns").Changed { - return vals, errors.Errorf("--userns and --pod cannot be set together") + return vals, errors.New("--userns and --pod cannot be set together") } } if c.Flag("shm-size").Changed { vals.ShmSize = c.Flag("shm-size").Value.String() } if (c.Flag("dns").Changed || c.Flag("dns-opt").Changed || c.Flag("dns-search").Changed) && vals.Net != nil && (vals.Net.Network.NSMode == specgen.NoNetwork || vals.Net.Network.IsContainer()) { - return vals, errors.Errorf("conflicting options: dns and the network mode: " + string(vals.Net.Network.NSMode)) + return vals, fmt.Errorf("conflicting options: dns and the network mode: " + string(vals.Net.Network.NSMode)) } noHosts, err := c.Flags().GetBool("no-hosts") if err != nil { return vals, err } if noHosts && c.Flag("add-host").Changed { - return vals, errors.Errorf("--no-hosts and --add-host cannot be set together") + return vals, errors.New("--no-hosts and --add-host cannot be set together") } if !isInfra && c.Flag("entrypoint").Changed { @@ -305,7 +305,8 @@ func CreateInit(c *cobra.Command, vals entities.ContainerCreateOptions, isInfra return vals, nil } -func PullImage(imageName string, cliVals entities.ContainerCreateOptions) (string, error) { +// Pulls image if any also parses and populates OS, Arch and Variant in specified container create options +func PullImage(imageName string, cliVals *entities.ContainerCreateOptions) (string, error) { pullPolicy, err := config.ParsePullPolicy(cliVals.Pull) if err != nil { return "", err @@ -314,7 +315,7 @@ func PullImage(imageName string, cliVals entities.ContainerCreateOptions) (strin if cliVals.Platform != "" || cliVals.Arch != "" || cliVals.OS != "" { if cliVals.Platform != "" { if cliVals.Arch != "" || cliVals.OS != "" { - return "", errors.Errorf("--platform option can not be specified with --arch or --os") + return "", errors.New("--platform option can not be specified with --arch or --os") } split := strings.SplitN(cliVals.Platform, "/", 2) cliVals.OS = split[0] @@ -362,7 +363,7 @@ func createPodIfNecessary(cmd *cobra.Command, s *specgen.SpecGenerator, netOpts } podName := strings.Replace(s.Pod, "new:", "", 1) if len(podName) < 1 { - return errors.Errorf("new pod name must be at least one character") + return errors.New("new pod name must be at least one character") } var err error diff --git a/cmd/podman/containers/diff.go b/cmd/podman/containers/diff.go index 15d3a3eff..ce501f890 100644 --- a/cmd/podman/containers/diff.go +++ b/cmd/podman/containers/diff.go @@ -1,13 +1,14 @@ package containers import ( + "errors" + "github.com/containers/podman/v4/cmd/podman/common" "github.com/containers/podman/v4/cmd/podman/diff" "github.com/containers/podman/v4/cmd/podman/registry" "github.com/containers/podman/v4/cmd/podman/validate" "github.com/containers/podman/v4/libpod/define" "github.com/containers/podman/v4/pkg/domain/entities" - "github.com/pkg/errors" "github.com/spf13/cobra" ) diff --git a/cmd/podman/containers/exec.go b/cmd/podman/containers/exec.go index f5b93a96a..303795489 100644 --- a/cmd/podman/containers/exec.go +++ b/cmd/podman/containers/exec.go @@ -2,6 +2,7 @@ package containers import ( "bufio" + "errors" "fmt" "os" @@ -13,7 +14,6 @@ import ( "github.com/containers/podman/v4/pkg/domain/entities" envLib "github.com/containers/podman/v4/pkg/env" "github.com/containers/podman/v4/pkg/rootless" - "github.com/pkg/errors" "github.com/spf13/cobra" ) @@ -126,14 +126,14 @@ func exec(_ *cobra.Command, args []string) error { cliEnv, err := envLib.ParseSlice(envInput) if err != nil { - return errors.Wrap(err, "error parsing environment variables") + return fmt.Errorf("error parsing environment variables: %w", err) } execOpts.Envs = envLib.Join(execOpts.Envs, cliEnv) for fd := 3; fd < int(3+execOpts.PreserveFDs); fd++ { if !rootless.IsFdInherited(fd) { - return errors.Errorf("file descriptor %d is not available - the preserve-fds option requires that file descriptors must be passed", fd) + return fmt.Errorf("file descriptor %d is not available - the preserve-fds option requires that file descriptors must be passed", fd) } } diff --git a/cmd/podman/containers/export.go b/cmd/podman/containers/export.go index 681df93e0..d78bfe960 100644 --- a/cmd/podman/containers/export.go +++ b/cmd/podman/containers/export.go @@ -2,6 +2,7 @@ package containers import ( "context" + "errors" "os" "github.com/containers/common/pkg/completion" @@ -9,7 +10,6 @@ import ( "github.com/containers/podman/v4/cmd/podman/parse" "github.com/containers/podman/v4/cmd/podman/registry" "github.com/containers/podman/v4/pkg/domain/entities" - "github.com/pkg/errors" "github.com/spf13/cobra" "golang.org/x/term" ) @@ -70,7 +70,7 @@ func export(cmd *cobra.Command, args []string) error { if len(exportOpts.Output) == 0 { file := os.Stdout if term.IsTerminal(int(file.Fd())) { - return errors.Errorf("refusing to export to terminal. Use -o flag or redirect") + return errors.New("refusing to export to terminal. Use -o flag or redirect") } exportOpts.Output = "/dev/stdout" } else if err := parse.ValidateFileName(exportOpts.Output); err != nil { diff --git a/cmd/podman/containers/kill.go b/cmd/podman/containers/kill.go index eddefd196..5a5379389 100644 --- a/cmd/podman/containers/kill.go +++ b/cmd/podman/containers/kill.go @@ -2,6 +2,7 @@ package containers import ( "context" + "errors" "fmt" "io/ioutil" "strings" @@ -13,7 +14,6 @@ import ( "github.com/containers/podman/v4/cmd/podman/validate" "github.com/containers/podman/v4/pkg/domain/entities" "github.com/containers/podman/v4/pkg/signal" - "github.com/pkg/errors" "github.com/spf13/cobra" ) @@ -97,7 +97,7 @@ func kill(_ *cobra.Command, args []string) error { for _, cidFile := range cidFiles { content, err := ioutil.ReadFile(cidFile) if err != nil { - return errors.Wrap(err, "error reading CIDFile") + return fmt.Errorf("error reading CIDFile: %w", err) } id := strings.Split(string(content), "\n")[0] args = append(args, id) diff --git a/cmd/podman/containers/logs.go b/cmd/podman/containers/logs.go index 374bf6b1c..9a9749210 100644 --- a/cmd/podman/containers/logs.go +++ b/cmd/podman/containers/logs.go @@ -1,6 +1,8 @@ package containers import ( + "errors" + "fmt" "os" "github.com/containers/common/pkg/completion" @@ -9,7 +11,6 @@ import ( "github.com/containers/podman/v4/cmd/podman/validate" "github.com/containers/podman/v4/pkg/domain/entities" "github.com/containers/podman/v4/pkg/util" - "github.com/pkg/errors" "github.com/spf13/cobra" ) @@ -125,7 +126,7 @@ func logs(_ *cobra.Command, args []string) error { // parse time, error out if something is wrong since, err := util.ParseInputTime(logsOptions.SinceRaw, true) if err != nil { - return errors.Wrapf(err, "error parsing --since %q", logsOptions.SinceRaw) + return fmt.Errorf("error parsing --since %q: %w", logsOptions.SinceRaw, err) } logsOptions.Since = since } @@ -133,7 +134,7 @@ func logs(_ *cobra.Command, args []string) error { // parse time, error out if something is wrong until, err := util.ParseInputTime(logsOptions.UntilRaw, false) if err != nil { - return errors.Wrapf(err, "error parsing --until %q", logsOptions.UntilRaw) + return fmt.Errorf("error parsing --until %q: %w", logsOptions.UntilRaw, err) } logsOptions.Until = until } diff --git a/cmd/podman/containers/mount.go b/cmd/podman/containers/mount.go index 16eb5d452..a1f0b0cf3 100644 --- a/cmd/podman/containers/mount.go +++ b/cmd/podman/containers/mount.go @@ -1,6 +1,7 @@ package containers import ( + "errors" "fmt" "os" @@ -10,7 +11,6 @@ import ( "github.com/containers/podman/v4/cmd/podman/utils" "github.com/containers/podman/v4/cmd/podman/validate" "github.com/containers/podman/v4/pkg/domain/entities" - "github.com/pkg/errors" "github.com/spf13/cobra" ) @@ -83,7 +83,7 @@ func init() { func mount(cmd *cobra.Command, args []string) error { if len(args) > 0 && mountOpts.Latest { - return errors.Errorf("--latest and containers cannot be used together") + return errors.New("--latest and containers cannot be used together") } reports, err := registry.ContainerEngine().ContainerMount(registry.GetContext(), args, mountOpts) if err != nil { @@ -108,7 +108,7 @@ func mount(cmd *cobra.Command, args []string) error { case mountOpts.Format == "": break // print defaults default: - return errors.Errorf("unknown --format argument: %q", mountOpts.Format) + return fmt.Errorf("unknown --format argument: %q", mountOpts.Format) } mrs := make([]mountReporter, 0, len(reports)) diff --git a/cmd/podman/containers/pause.go b/cmd/podman/containers/pause.go index 9dbe97d11..3c26fd5c8 100644 --- a/cmd/podman/containers/pause.go +++ b/cmd/podman/containers/pause.go @@ -2,6 +2,7 @@ package containers import ( "context" + "errors" "fmt" "github.com/containers/common/pkg/cgroups" @@ -10,7 +11,6 @@ import ( "github.com/containers/podman/v4/cmd/podman/utils" "github.com/containers/podman/v4/pkg/domain/entities" "github.com/containers/podman/v4/pkg/rootless" - "github.com/pkg/errors" "github.com/spf13/cobra" "github.com/spf13/pflag" ) @@ -73,7 +73,7 @@ func pause(cmd *cobra.Command, args []string) error { } if len(args) < 1 && !pauseOpts.All { - return errors.Errorf("you must provide at least one container name or id") + return errors.New("you must provide at least one container name or id") } responses, err := registry.ContainerEngine().ContainerPause(context.Background(), args, pauseOpts) if err != nil { diff --git a/cmd/podman/containers/port.go b/cmd/podman/containers/port.go index fdb2f6c46..74bfdf5c6 100644 --- a/cmd/podman/containers/port.go +++ b/cmd/podman/containers/port.go @@ -1,6 +1,7 @@ package containers import ( + "errors" "fmt" "strconv" "strings" @@ -9,7 +10,6 @@ import ( "github.com/containers/podman/v4/cmd/podman/registry" "github.com/containers/podman/v4/cmd/podman/validate" "github.com/containers/podman/v4/pkg/domain/entities" - "github.com/pkg/errors" "github.com/spf13/cobra" "github.com/spf13/pflag" ) @@ -77,14 +77,14 @@ func port(_ *cobra.Command, args []string) error { ) if len(args) == 0 && !portOpts.Latest && !portOpts.All { - return errors.Errorf("you must supply a running container name or id") + return errors.New("you must supply a running container name or id") } if !portOpts.Latest && len(args) >= 1 { container = args[0] } port := "" if len(args) > 2 { - return errors.Errorf("`port` accepts at most 2 arguments") + return errors.New("`port` accepts at most 2 arguments") } if len(args) > 1 && !portOpts.Latest { port = args[1] @@ -95,7 +95,7 @@ func port(_ *cobra.Command, args []string) error { if len(port) > 0 { fields := strings.Split(port, "/") if len(fields) > 2 || len(fields) < 1 { - return errors.Errorf("port formats are port/protocol. '%s' is invalid", port) + return fmt.Errorf("port formats are port/protocol. '%s' is invalid", port) } if len(fields) == 1 { fields = append(fields, "tcp") @@ -149,7 +149,7 @@ func port(_ *cobra.Command, args []string) error { } } if !found && port != "" { - return errors.Errorf("failed to find published port %q", port) + return fmt.Errorf("failed to find published port %q", port) } } return nil diff --git a/cmd/podman/containers/ps.go b/cmd/podman/containers/ps.go index a011a8ae6..12b7f5dae 100644 --- a/cmd/podman/containers/ps.go +++ b/cmd/podman/containers/ps.go @@ -1,6 +1,7 @@ package containers import ( + "errors" "fmt" "os" "strings" @@ -16,7 +17,6 @@ import ( "github.com/containers/podman/v4/cmd/podman/validate" "github.com/containers/podman/v4/pkg/domain/entities" "github.com/docker/go-units" - "github.com/pkg/errors" "github.com/sirupsen/logrus" "github.com/spf13/cobra" ) @@ -108,18 +108,18 @@ func listFlagSet(cmd *cobra.Command) { func checkFlags(c *cobra.Command) error { // latest, and last are mutually exclusive. if listOpts.Last >= 0 && listOpts.Latest { - return errors.Errorf("last and latest are mutually exclusive") + return errors.New("last and latest are mutually exclusive") } // Quiet conflicts with size and namespace and is overridden by a Go // template. if listOpts.Quiet { if listOpts.Size || listOpts.Namespace { - return errors.Errorf("quiet conflicts with size and namespace") + return errors.New("quiet conflicts with size and namespace") } } // Size and namespace conflict with each other if listOpts.Size && listOpts.Namespace { - return errors.Errorf("size and namespace options conflict") + return errors.New("size and namespace options conflict") } if listOpts.Watch > 0 && listOpts.Latest { @@ -191,7 +191,7 @@ func ps(cmd *cobra.Command, _ []string) error { for _, f := range filters { split := strings.SplitN(f, "=", 2) if len(split) == 1 { - return errors.Errorf("invalid filter %q", f) + return fmt.Errorf("invalid filter %q", f) } listOpts.Filters[split[0]] = append(listOpts.Filters[split[0]], split[1]) } diff --git a/cmd/podman/containers/rename.go b/cmd/podman/containers/rename.go index 1c0b28ce3..d78492ae4 100644 --- a/cmd/podman/containers/rename.go +++ b/cmd/podman/containers/rename.go @@ -1,10 +1,11 @@ package containers import ( + "errors" + "github.com/containers/podman/v4/cmd/podman/common" "github.com/containers/podman/v4/cmd/podman/registry" "github.com/containers/podman/v4/pkg/domain/entities" - "github.com/pkg/errors" "github.com/spf13/cobra" ) @@ -44,7 +45,7 @@ func init() { func rename(cmd *cobra.Command, args []string) error { if len(args) > 2 { - return errors.Errorf("must provide at least two arguments to rename") + return errors.New("must provide at least two arguments to rename") } renameOpts := entities.ContainerRenameOptions{ NewName: args[1], diff --git a/cmd/podman/containers/restart.go b/cmd/podman/containers/restart.go index 25bbb61e3..9d704d671 100644 --- a/cmd/podman/containers/restart.go +++ b/cmd/podman/containers/restart.go @@ -11,7 +11,6 @@ import ( "github.com/containers/podman/v4/cmd/podman/validate" "github.com/containers/podman/v4/libpod/define" "github.com/containers/podman/v4/pkg/domain/entities" - "github.com/pkg/errors" "github.com/spf13/cobra" ) @@ -85,10 +84,10 @@ func restart(cmd *cobra.Command, args []string) error { errs utils.OutputErrors ) if len(args) < 1 && !restartOptions.Latest && !restartOptions.All { - return errors.Wrapf(define.ErrInvalidArg, "you must provide at least one container name or ID") + return fmt.Errorf("you must provide at least one container name or ID: %w", define.ErrInvalidArg) } if len(args) > 0 && restartOptions.Latest { - return errors.Wrapf(define.ErrInvalidArg, "--latest and containers cannot be used together") + return fmt.Errorf("--latest and containers cannot be used together: %w", define.ErrInvalidArg) } if cmd.Flag("time").Changed { diff --git a/cmd/podman/containers/rm.go b/cmd/podman/containers/rm.go index bcbe86947..9fa688d23 100644 --- a/cmd/podman/containers/rm.go +++ b/cmd/podman/containers/rm.go @@ -2,6 +2,7 @@ package containers import ( "context" + "errors" "fmt" "io/ioutil" "strings" @@ -13,7 +14,6 @@ import ( "github.com/containers/podman/v4/cmd/podman/validate" "github.com/containers/podman/v4/libpod/define" "github.com/containers/podman/v4/pkg/domain/entities" - "github.com/pkg/errors" "github.com/sirupsen/logrus" "github.com/spf13/cobra" ) @@ -104,7 +104,7 @@ func rm(cmd *cobra.Command, args []string) error { for _, cidFile := range cidFiles { content, err := ioutil.ReadFile(cidFile) if err != nil { - return errors.Wrap(err, "error reading CIDFile") + return fmt.Errorf("error reading CIDFile: %w", err) } id := strings.Split(string(content), "\n")[0] args = append(args, id) @@ -133,9 +133,7 @@ func removeContainers(namesOrIDs []string, rmOptions entities.RmOptions, setExit } for _, r := range responses { if r.Err != nil { - // When using the API, errors.Cause(err) will never equal constant define.ErrWillDeadLock - if errors.Cause(r.Err) == define.ErrWillDeadlock || - errors.Cause(r.Err).Error() == define.ErrWillDeadlock.Error() { + if errors.Is(r.Err, define.ErrWillDeadlock) { logrus.Errorf("Potential deadlock detected - please run 'podman system renumber' to resolve") } if setExit { @@ -154,15 +152,9 @@ func setExitCode(err error) { if registry.GetExitCode() == 1 { return } - cause := errors.Cause(err) - switch { - case cause == define.ErrNoSuchCtr: + if errors.Is(err, define.ErrNoSuchCtr) || strings.Contains(err.Error(), define.ErrNoSuchCtr.Error()) { registry.SetExitCode(1) - case strings.Contains(cause.Error(), define.ErrNoSuchCtr.Error()): - registry.SetExitCode(1) - case cause == define.ErrCtrStateInvalid: - registry.SetExitCode(2) - case strings.Contains(cause.Error(), define.ErrCtrStateInvalid.Error()): + } else if errors.Is(err, define.ErrCtrStateInvalid) || strings.Contains(err.Error(), define.ErrCtrStateInvalid.Error()) { registry.SetExitCode(2) } } diff --git a/cmd/podman/containers/run.go b/cmd/podman/containers/run.go index e49bdaee4..ef13ea95e 100644 --- a/cmd/podman/containers/run.go +++ b/cmd/podman/containers/run.go @@ -15,7 +15,6 @@ import ( "github.com/containers/podman/v4/pkg/rootless" "github.com/containers/podman/v4/pkg/specgen" "github.com/containers/podman/v4/pkg/specgenutil" - "github.com/pkg/errors" "github.com/sirupsen/logrus" "github.com/spf13/cobra" "golang.org/x/term" @@ -134,7 +133,7 @@ func run(cmd *cobra.Command, args []string) error { for fd := 3; fd < int(3+runOpts.PreserveFDs); fd++ { if !rootless.IsFdInherited(fd) { - return errors.Errorf("file descriptor %d is not available - the preserve-fds option requires that file descriptors must be passed", fd) + return fmt.Errorf("file descriptor %d is not available - the preserve-fds option requires that file descriptors must be passed", fd) } } @@ -142,7 +141,7 @@ func run(cmd *cobra.Command, args []string) error { rawImageName := "" if !cliVals.RootFS { rawImageName = args[0] - name, err := PullImage(args[0], cliVals) + name, err := PullImage(args[0], &cliVals) if err != nil { return err } @@ -165,7 +164,7 @@ func run(cmd *cobra.Command, args []string) error { // If attach is set, clear stdin/stdout/stderr and only attach requested if cmd.Flag("attach").Changed { if passthrough { - return errors.Wrapf(define.ErrInvalidArg, "cannot specify --attach with --log-driver=passthrough") + return fmt.Errorf("cannot specify --attach with --log-driver=passthrough: %w", define.ErrInvalidArg) } runOpts.OutputStream = nil runOpts.ErrorStream = nil @@ -182,7 +181,7 @@ func run(cmd *cobra.Command, args []string) error { case "stdin": runOpts.InputStream = os.Stdin default: - return errors.Wrapf(define.ErrInvalidArg, "invalid stream %q for --attach - must be one of stdin, stdout, or stderr", stream) + return fmt.Errorf("invalid stream %q for --attach - must be one of stdin, stdout, or stderr: %w", stream, define.ErrInvalidArg) } } } @@ -193,6 +192,9 @@ func run(cmd *cobra.Command, args []string) error { return err } s.RawImageName = rawImageName + s.ImageOS = cliVals.OS + s.ImageArch = cliVals.Arch + s.ImageVariant = cliVals.Variant s.Passwd = &runOpts.Passwd runOpts.Spec = s diff --git a/cmd/podman/containers/start.go b/cmd/podman/containers/start.go index b70e975b7..cd4fa17b8 100644 --- a/cmd/podman/containers/start.go +++ b/cmd/podman/containers/start.go @@ -1,6 +1,7 @@ package containers import ( + "errors" "fmt" "os" "strings" @@ -11,7 +12,6 @@ import ( "github.com/containers/podman/v4/cmd/podman/validate" "github.com/containers/podman/v4/libpod/define" "github.com/containers/podman/v4/pkg/domain/entities" - "github.com/pkg/errors" "github.com/spf13/cobra" ) @@ -88,19 +88,19 @@ func validateStart(cmd *cobra.Command, args []string) error { return errors.New("start requires at least one argument") } if startOptions.All && startOptions.Latest { - return errors.Errorf("--all and --latest cannot be used together") + return errors.New("--all and --latest cannot be used together") } if len(args) > 0 && startOptions.Latest { - return errors.Errorf("--latest and containers cannot be used together") + return errors.New("--latest and containers cannot be used together") } if len(args) > 1 && startOptions.Attach { - return errors.Errorf("you cannot start and attach multiple containers at once") + return errors.New("you cannot start and attach multiple containers at once") } if (len(args) > 0 || startOptions.Latest) && startOptions.All { - return errors.Errorf("either start all containers or the container(s) provided in the arguments") + return errors.New("either start all containers or the container(s) provided in the arguments") } if startOptions.Attach && startOptions.All { - return errors.Errorf("you cannot start and attach all containers at once") + return errors.New("you cannot start and attach all containers at once") } return nil } @@ -114,7 +114,7 @@ func start(cmd *cobra.Command, args []string) error { startOptions.SigProxy = sigProxy if sigProxy && !startOptions.Attach { - return errors.Wrapf(define.ErrInvalidArg, "you cannot use sig-proxy without --attach") + return fmt.Errorf("you cannot use sig-proxy without --attach: %w", define.ErrInvalidArg) } if startOptions.Attach { startOptions.Stdin = os.Stdin @@ -127,7 +127,7 @@ func start(cmd *cobra.Command, args []string) error { for _, f := range filters { split := strings.SplitN(f, "=", 2) if len(split) == 1 { - return errors.Errorf("invalid filter %q", f) + return fmt.Errorf("invalid filter %q", f) } startOptions.Filters[split[0]] = append(startOptions.Filters[split[0]], split[1]) } diff --git a/cmd/podman/containers/stats.go b/cmd/podman/containers/stats.go index 89c7f2b08..0dd8ce80a 100644 --- a/cmd/podman/containers/stats.go +++ b/cmd/podman/containers/stats.go @@ -1,6 +1,7 @@ package containers import ( + "errors" "fmt" "os" @@ -14,7 +15,6 @@ import ( "github.com/containers/podman/v4/pkg/domain/entities" "github.com/containers/podman/v4/utils" "github.com/docker/go-units" - "github.com/pkg/errors" "github.com/spf13/cobra" ) @@ -105,7 +105,7 @@ func checkStatOptions(cmd *cobra.Command, args []string) error { opts++ } if opts > 1 { - return errors.Errorf("--all, --latest and containers cannot be used together") + return errors.New("--all, --latest and containers cannot be used together") } return nil } diff --git a/cmd/podman/containers/stop.go b/cmd/podman/containers/stop.go index def608fea..2ddd169a1 100644 --- a/cmd/podman/containers/stop.go +++ b/cmd/podman/containers/stop.go @@ -12,7 +12,6 @@ import ( "github.com/containers/podman/v4/cmd/podman/utils" "github.com/containers/podman/v4/cmd/podman/validate" "github.com/containers/podman/v4/pkg/domain/entities" - "github.com/pkg/errors" "github.com/spf13/cobra" ) @@ -102,7 +101,7 @@ func stop(cmd *cobra.Command, args []string) error { for _, cidFile := range cidFiles { content, err := ioutil.ReadFile(cidFile) if err != nil { - return errors.Wrap(err, "error reading CIDFile") + return fmt.Errorf("error reading CIDFile: %w", err) } id := strings.Split(string(content), "\n")[0] args = append(args, id) diff --git a/cmd/podman/containers/top.go b/cmd/podman/containers/top.go index 389034e37..9340acd9a 100644 --- a/cmd/podman/containers/top.go +++ b/cmd/podman/containers/top.go @@ -2,6 +2,7 @@ package containers import ( "context" + "errors" "fmt" "os" "strings" @@ -12,7 +13,6 @@ import ( "github.com/containers/podman/v4/cmd/podman/validate" "github.com/containers/podman/v4/pkg/domain/entities" "github.com/containers/podman/v4/pkg/util" - "github.com/pkg/errors" "github.com/spf13/cobra" "github.com/spf13/pflag" ) @@ -88,7 +88,7 @@ func top(cmd *cobra.Command, args []string) error { } if len(args) < 1 && !topOptions.Latest { - return errors.Errorf("you must provide the name or id of a running container") + return errors.New("you must provide the name or id of a running container") } if topOptions.Latest { diff --git a/cmd/podman/containers/unpause.go b/cmd/podman/containers/unpause.go index eaf50f2c7..a5375e737 100644 --- a/cmd/podman/containers/unpause.go +++ b/cmd/podman/containers/unpause.go @@ -2,6 +2,7 @@ package containers import ( "context" + "errors" "fmt" "github.com/containers/common/pkg/cgroups" @@ -10,7 +11,6 @@ import ( "github.com/containers/podman/v4/cmd/podman/utils" "github.com/containers/podman/v4/pkg/domain/entities" "github.com/containers/podman/v4/pkg/rootless" - "github.com/pkg/errors" "github.com/spf13/cobra" "github.com/spf13/pflag" ) @@ -70,7 +70,7 @@ func unpause(cmd *cobra.Command, args []string) error { } } if len(args) < 1 && !unPauseOptions.All { - return errors.Errorf("you must provide at least one container name or id") + return errors.New("you must provide at least one container name or id") } responses, err := registry.ContainerEngine().ContainerUnpause(context.Background(), args, unPauseOptions) if err != nil { diff --git a/cmd/podman/containers/wait.go b/cmd/podman/containers/wait.go index 720a696ce..5b8480781 100644 --- a/cmd/podman/containers/wait.go +++ b/cmd/podman/containers/wait.go @@ -2,6 +2,7 @@ package containers import ( "context" + "errors" "fmt" "time" @@ -12,7 +13,6 @@ import ( "github.com/containers/podman/v4/cmd/podman/validate" "github.com/containers/podman/v4/libpod/define" "github.com/containers/podman/v4/pkg/domain/entities" - "github.com/pkg/errors" "github.com/spf13/cobra" ) @@ -86,7 +86,7 @@ func wait(cmd *cobra.Command, args []string) error { } if !waitOptions.Latest && len(args) == 0 { - return errors.Errorf("%q requires a name, id, or the \"--latest\" flag", cmd.CommandPath()) + return fmt.Errorf("%q requires a name, id, or the \"--latest\" flag", cmd.CommandPath()) } if waitOptions.Latest && len(args) > 0 { return errors.New("--latest and containers cannot be used together") diff --git a/cmd/podman/diff/diff.go b/cmd/podman/diff/diff.go index 15c55852a..06df767d0 100644 --- a/cmd/podman/diff/diff.go +++ b/cmd/podman/diff/diff.go @@ -2,6 +2,7 @@ package diff import ( "encoding/json" + "errors" "fmt" "os" @@ -9,7 +10,6 @@ import ( "github.com/containers/podman/v4/cmd/podman/registry" "github.com/containers/podman/v4/pkg/domain/entities" "github.com/containers/storage/pkg/archive" - "github.com/pkg/errors" "github.com/spf13/cobra" ) @@ -46,7 +46,7 @@ func changesToJSON(diffs *entities.DiffReport) error { case archive.ChangeModify: body.Changed = append(body.Changed, row.Path) default: - return errors.Errorf("output kind %q not recognized", row.Kind) + return fmt.Errorf("output kind %q not recognized", row.Kind) } } @@ -73,7 +73,7 @@ func ValidateContainerDiffArgs(cmd *cobra.Command, args []string) error { return errors.New("--latest and containers cannot be used together") } if len(args) == 0 && !given { - return errors.Errorf("%q requires a name, id, or the \"--latest\" flag", cmd.CommandPath()) + return fmt.Errorf("%q requires a name, id, or the \"--latest\" flag", cmd.CommandPath()) } return nil } diff --git a/cmd/podman/early_init_linux.go b/cmd/podman/early_init_linux.go index dfd9d1e30..e26c4264e 100644 --- a/cmd/podman/early_init_linux.go +++ b/cmd/podman/early_init_linux.go @@ -6,7 +6,6 @@ import ( "syscall" "github.com/containers/podman/v4/libpod/define" - "github.com/pkg/errors" ) func setRLimits() error { @@ -15,11 +14,11 @@ func setRLimits() error { rlimits.Max = define.RLimitDefaultValue if err := syscall.Setrlimit(syscall.RLIMIT_NOFILE, rlimits); err != nil { if err := syscall.Getrlimit(syscall.RLIMIT_NOFILE, rlimits); err != nil { - return errors.Wrapf(err, "error getting rlimits") + return fmt.Errorf("error getting rlimits: %w", err) } rlimits.Cur = rlimits.Max if err := syscall.Setrlimit(syscall.RLIMIT_NOFILE, rlimits); err != nil { - return errors.Wrapf(err, "error setting new rlimits") + return fmt.Errorf("error setting new rlimits: %w", err) } } return nil diff --git a/cmd/podman/generate/kube.go b/cmd/podman/generate/kube.go index c4c92799c..7bfc3dcf7 100644 --- a/cmd/podman/generate/kube.go +++ b/cmd/podman/generate/kube.go @@ -11,7 +11,6 @@ import ( "github.com/containers/podman/v4/cmd/podman/registry" "github.com/containers/podman/v4/cmd/podman/utils" "github.com/containers/podman/v4/pkg/domain/entities" - "github.com/pkg/errors" "github.com/spf13/cobra" ) @@ -68,10 +67,10 @@ func kube(cmd *cobra.Command, args []string) error { if cmd.Flags().Changed("filename") { if _, err := os.Stat(kubeFile); err == nil { - return errors.Errorf("cannot write to %q; file exists", kubeFile) + return fmt.Errorf("cannot write to %q; file exists", kubeFile) } if err := ioutil.WriteFile(kubeFile, content, 0644); err != nil { - return errors.Wrapf(err, "cannot write to %q", kubeFile) + return fmt.Errorf("cannot write to %q: %w", kubeFile, err) } return nil } diff --git a/cmd/podman/generate/systemd.go b/cmd/podman/generate/systemd.go index 0dab6299d..1ece64a30 100644 --- a/cmd/podman/generate/systemd.go +++ b/cmd/podman/generate/systemd.go @@ -2,6 +2,7 @@ package pods import ( "encoding/json" + "errors" "fmt" "os" "path/filepath" @@ -13,7 +14,6 @@ import ( "github.com/containers/podman/v4/cmd/podman/utils" "github.com/containers/podman/v4/pkg/domain/entities" systemDefine "github.com/containers/podman/v4/pkg/systemd/define" - "github.com/pkg/errors" "github.com/sirupsen/logrus" "github.com/spf13/cobra" ) @@ -156,7 +156,7 @@ func systemd(cmd *cobra.Command, args []string) error { if files { cwd, err := os.Getwd() if err != nil { - return errors.Wrap(err, "error getting current working directory") + return fmt.Errorf("error getting current working directory: %w", err) } for name, content := range reports.Units { path := filepath.Join(cwd, fmt.Sprintf("%s.service", name)) @@ -189,7 +189,7 @@ func systemd(cmd *cobra.Command, args []string) error { case format == "": return printDefault(reports.Units) default: - return errors.Errorf("unknown --format argument: %s", format) + return fmt.Errorf("unknown --format argument: %s", format) } } diff --git a/cmd/podman/images/build.go b/cmd/podman/images/build.go index 94b7c43a2..9f1b86eb4 100644 --- a/cmd/podman/images/build.go +++ b/cmd/podman/images/build.go @@ -1,6 +1,7 @@ package images import ( + "errors" "fmt" "io" "io/ioutil" @@ -23,7 +24,6 @@ import ( "github.com/containers/podman/v4/cmd/podman/registry" "github.com/containers/podman/v4/cmd/podman/utils" "github.com/containers/podman/v4/pkg/domain/entities" - "github.com/pkg/errors" "github.com/sirupsen/logrus" "github.com/spf13/cobra" ) @@ -222,7 +222,7 @@ func build(cmd *cobra.Command, args []string) error { // The context directory could be a URL. Try to handle that. tempDir, subDir, err := buildahDefine.TempDirForURL("", "buildah", args[0]) if err != nil { - return errors.Wrapf(err, "error prepping temporary context directory") + return fmt.Errorf("error prepping temporary context directory: %w", err) } if tempDir != "" { // We had to download it to a temporary directory. @@ -237,7 +237,7 @@ func build(cmd *cobra.Command, args []string) error { // Nope, it was local. Use it as is. absDir, err := filepath.Abs(args[0]) if err != nil { - return errors.Wrapf(err, "error determining path to directory %q", args[0]) + return fmt.Errorf("error determining path to directory %q: %w", args[0], err) } contextDir = absDir } @@ -253,7 +253,7 @@ func build(cmd *cobra.Command, args []string) error { } absFile, err := filepath.Abs(containerFiles[i]) if err != nil { - return errors.Wrapf(err, "error determining path to file %q", containerFiles[i]) + return fmt.Errorf("error determining path to file %q: %w", containerFiles[i], err) } contextDir = filepath.Dir(absFile) containerFiles[i] = absFile @@ -262,10 +262,10 @@ func build(cmd *cobra.Command, args []string) error { } if contextDir == "" { - return errors.Errorf("no context directory and no Containerfile specified") + return errors.New("no context directory and no Containerfile specified") } if !utils.IsDir(contextDir) { - return errors.Errorf("context must be a directory: %q", contextDir) + return fmt.Errorf("context must be a directory: %q", contextDir) } if len(containerFiles) == 0 { if utils.FileExists(filepath.Join(contextDir, "Containerfile")) { @@ -296,14 +296,15 @@ func build(cmd *cobra.Command, args []string) error { if registry.IsRemote() { // errors from server does not contain ExitCode // so parse exit code from error message - remoteExitCode, parseErr := utils.ExitCodeFromBuildError(fmt.Sprint(errors.Cause(err))) + remoteExitCode, parseErr := utils.ExitCodeFromBuildError(err.Error()) if parseErr == nil { exitCode = remoteExitCode } } - if ee, ok := (errors.Cause(err)).(*exec.ExitError); ok { - exitCode = ee.ExitCode() + exitError := &exec.ExitError{} + if errors.As(err, &exitError) { + exitCode = exitError.ExitCode() } registry.SetExitCode(exitCode) @@ -356,7 +357,7 @@ func buildFlagsWrapperToOptions(c *cobra.Command, contextDir string, flags *buil } if pullFlagsCount > 1 { - return nil, errors.Errorf("can only set one of 'pull' or 'pull-always' or 'pull-never'") + return nil, errors.New("can only set one of 'pull' or 'pull-always' or 'pull-never'") } // Allow for --pull, --pull=true, --pull=false, --pull=never, --pull=always @@ -477,7 +478,7 @@ func buildFlagsWrapperToOptions(c *cobra.Command, contextDir string, flags *buil case strings.HasPrefix(flags.Format, buildahDefine.DOCKER): format = buildahDefine.Dockerv2ImageManifest default: - return nil, errors.Errorf("unrecognized image type %q", flags.Format) + return nil, fmt.Errorf("unrecognized image type %q", flags.Format) } runtimeFlags := []string{} @@ -500,7 +501,7 @@ func buildFlagsWrapperToOptions(c *cobra.Command, contextDir string, flags *buil decConfig, err := getDecryptConfig(flags.DecryptionKeys) if err != nil { - return nil, errors.Wrapf(err, "unable to obtain decrypt config") + return nil, fmt.Errorf("unable to obtain decrypt config: %w", err) } additionalBuildContext := make(map[string]*buildahDefine.AdditionalBuildContext) @@ -510,7 +511,7 @@ func buildFlagsWrapperToOptions(c *cobra.Command, contextDir string, flags *buil if len(av) > 1 { parseAdditionalBuildContext, err := parse.GetAdditionalBuildContext(av[1]) if err != nil { - return nil, errors.Wrapf(err, "while parsing additional build context") + return nil, fmt.Errorf("while parsing additional build context: %w", err) } additionalBuildContext[av[0]] = &parseAdditionalBuildContext } else { @@ -580,7 +581,7 @@ func buildFlagsWrapperToOptions(c *cobra.Command, contextDir string, flags *buil if flags.IgnoreFile != "" { excludes, err := parseDockerignore(flags.IgnoreFile) if err != nil { - return nil, errors.Wrapf(err, "unable to obtain decrypt config") + return nil, fmt.Errorf("unable to obtain decrypt config: %w", err) } opts.Excludes = excludes } @@ -599,7 +600,7 @@ func getDecryptConfig(decryptionKeys []string) (*encconfig.DecryptConfig, error) // decryption dcc, err := enchelpers.CreateCryptoConfig([]string{}, decryptionKeys) if err != nil { - return nil, errors.Wrapf(err, "invalid decryption keys") + return nil, fmt.Errorf("invalid decryption keys: %w", err) } cc := encconfig.CombineCryptoConfigs([]encconfig.CryptoConfig{dcc}) decConfig = cc.DecryptConfig diff --git a/cmd/podman/images/history.go b/cmd/podman/images/history.go index e190941e7..8f910f82d 100644 --- a/cmd/podman/images/history.go +++ b/cmd/podman/images/history.go @@ -13,7 +13,6 @@ import ( "github.com/containers/podman/v4/cmd/podman/utils" "github.com/containers/podman/v4/pkg/domain/entities" "github.com/docker/go-units" - "github.com/pkg/errors" "github.com/spf13/cobra" ) @@ -132,7 +131,7 @@ func history(cmd *cobra.Command, args []string) error { }) if err := rpt.Execute(hdrs); err != nil { - return errors.Wrapf(err, "failed to write report column headers") + return fmt.Errorf("failed to write report column headers: %w", err) } } return rpt.Execute(hr) diff --git a/cmd/podman/images/import.go b/cmd/podman/images/import.go index 1910fef6d..8343a0bda 100644 --- a/cmd/podman/images/import.go +++ b/cmd/podman/images/import.go @@ -2,6 +2,7 @@ package images import ( "context" + "errors" "fmt" "io" "io/ioutil" @@ -14,7 +15,6 @@ import ( "github.com/containers/podman/v4/cmd/podman/registry" "github.com/containers/podman/v4/pkg/domain/entities" "github.com/hashicorp/go-multierror" - "github.com/pkg/errors" "github.com/spf13/cobra" ) @@ -102,7 +102,7 @@ func importCon(cmd *cobra.Command, args []string) error { ) switch len(args) { case 0: - return errors.Errorf("need to give the path to the tarball, or must specify a tarball of '-' for stdin") + return errors.New("need to give the path to the tarball, or must specify a tarball of '-' for stdin") case 1: source = args[0] case 2: @@ -112,20 +112,20 @@ func importCon(cmd *cobra.Command, args []string) error { // instead of the localhost ones reference = args[1] default: - return errors.Errorf("too many arguments. Usage TARBALL [REFERENCE]") + return errors.New("too many arguments. Usage TARBALL [REFERENCE]") } if source == "-" { outFile, err := ioutil.TempFile("", "podman") if err != nil { - return errors.Errorf("creating file %v", err) + return fmt.Errorf("creating file %v", err) } defer os.Remove(outFile.Name()) defer outFile.Close() _, err = io.Copy(outFile, os.Stdin) if err != nil { - return errors.Errorf("copying file %v", err) + return fmt.Errorf("copying file %v", err) } source = outFile.Name() } diff --git a/cmd/podman/images/list.go b/cmd/podman/images/list.go index 81011f9b1..94d8412e5 100644 --- a/cmd/podman/images/list.go +++ b/cmd/podman/images/list.go @@ -1,6 +1,7 @@ package images import ( + "errors" "fmt" "os" "sort" @@ -15,7 +16,6 @@ import ( "github.com/containers/podman/v4/cmd/podman/registry" "github.com/containers/podman/v4/pkg/domain/entities" "github.com/docker/go-units" - "github.com/pkg/errors" "github.com/spf13/cobra" ) @@ -225,7 +225,7 @@ func sortImages(imageS []*entities.ImageSummary) ([]imageReporter, error) { h.ImageSummary = *e h.Repository, h.Tag, err = tokenRepoTag(tag) if err != nil { - return nil, errors.Wrapf(err, "error parsing repository tag: %q", tag) + return nil, fmt.Errorf("error parsing repository tag: %q: %w", tag, err) } if h.Tag == "<none>" { untagged = append(untagged, h) diff --git a/cmd/podman/images/load.go b/cmd/podman/images/load.go index c18c32387..367b628c7 100644 --- a/cmd/podman/images/load.go +++ b/cmd/podman/images/load.go @@ -2,6 +2,7 @@ package images import ( "context" + "errors" "fmt" "io" "io/ioutil" @@ -14,7 +15,6 @@ import ( "github.com/containers/podman/v4/cmd/podman/validate" "github.com/containers/podman/v4/pkg/domain/entities" "github.com/containers/podman/v4/pkg/util" - "github.com/pkg/errors" "github.com/spf13/cobra" "golang.org/x/term" ) @@ -91,18 +91,18 @@ func load(cmd *cobra.Command, args []string) error { } } else { if term.IsTerminal(int(os.Stdin.Fd())) { - return errors.Errorf("cannot read from terminal, use command-line redirection or the --input flag") + return errors.New("cannot read from terminal, use command-line redirection or the --input flag") } outFile, err := ioutil.TempFile(util.Tmpdir(), "podman") if err != nil { - return errors.Errorf("creating file %v", err) + return fmt.Errorf("creating file %v", err) } defer os.Remove(outFile.Name()) defer outFile.Close() _, err = io.Copy(outFile, os.Stdin) if err != nil { - return errors.Errorf("copying file %v", err) + return fmt.Errorf("copying file %v", err) } loadOpts.Input = outFile.Name() } diff --git a/cmd/podman/images/mount.go b/cmd/podman/images/mount.go index 532d96196..cd54e24ae 100644 --- a/cmd/podman/images/mount.go +++ b/cmd/podman/images/mount.go @@ -1,6 +1,7 @@ package images import ( + "errors" "fmt" "os" @@ -8,7 +9,6 @@ import ( "github.com/containers/podman/v4/cmd/podman/common" "github.com/containers/podman/v4/cmd/podman/registry" "github.com/containers/podman/v4/pkg/domain/entities" - "github.com/pkg/errors" "github.com/spf13/cobra" ) @@ -84,7 +84,7 @@ func mount(cmd *cobra.Command, args []string) error { case mountOpts.Format == "": break // see default format below default: - return errors.Errorf("unknown --format argument: %q", mountOpts.Format) + return fmt.Errorf("unknown --format argument: %q", mountOpts.Format) } mrs := make([]mountReporter, 0, len(reports)) diff --git a/cmd/podman/images/pull.go b/cmd/podman/images/pull.go index a7da5518a..6e3ec1517 100644 --- a/cmd/podman/images/pull.go +++ b/cmd/podman/images/pull.go @@ -1,6 +1,7 @@ package images import ( + "errors" "fmt" "os" "strings" @@ -13,7 +14,6 @@ import ( "github.com/containers/podman/v4/cmd/podman/utils" "github.com/containers/podman/v4/pkg/domain/entities" "github.com/containers/podman/v4/pkg/util" - "github.com/pkg/errors" "github.com/spf13/cobra" ) @@ -138,7 +138,7 @@ func imagePull(cmd *cobra.Command, args []string) error { } if platform != "" { if pullOptions.Arch != "" || pullOptions.OS != "" { - return errors.Errorf("--platform option can not be specified with --arch or --os") + return errors.New("--platform option can not be specified with --arch or --os") } split := strings.SplitN(platform, "/", 2) pullOptions.OS = split[0] diff --git a/cmd/podman/images/rm.go b/cmd/podman/images/rm.go index 13dab62d4..18b22e51d 100644 --- a/cmd/podman/images/rm.go +++ b/cmd/podman/images/rm.go @@ -1,13 +1,13 @@ package images import ( + "errors" "fmt" "github.com/containers/podman/v4/cmd/podman/common" "github.com/containers/podman/v4/cmd/podman/registry" "github.com/containers/podman/v4/pkg/domain/entities" "github.com/containers/podman/v4/pkg/errorhandling" - "github.com/pkg/errors" "github.com/spf13/cobra" "github.com/spf13/pflag" ) @@ -62,10 +62,10 @@ func imageRemoveFlagSet(flags *pflag.FlagSet) { func rm(cmd *cobra.Command, args []string) error { if len(args) < 1 && !imageOpts.All { - return errors.Errorf("image name or ID must be specified") + return errors.New("image name or ID must be specified") } if len(args) > 0 && imageOpts.All { - return errors.Errorf("when using the --all switch, you may not pass any images names or IDs") + return errors.New("when using the --all switch, you may not pass any images names or IDs") } // Note: certain image-removal errors are non-fatal. Hence, the report diff --git a/cmd/podman/images/save.go b/cmd/podman/images/save.go index d85d688ee..43366e1b3 100644 --- a/cmd/podman/images/save.go +++ b/cmd/podman/images/save.go @@ -2,6 +2,8 @@ package images import ( "context" + "errors" + "fmt" "os" "strings" @@ -12,7 +14,6 @@ import ( "github.com/containers/podman/v4/cmd/podman/registry" "github.com/containers/podman/v4/libpod/define" "github.com/containers/podman/v4/pkg/domain/entities" - "github.com/pkg/errors" "github.com/spf13/cobra" "golang.org/x/term" ) @@ -31,14 +32,14 @@ var ( RunE: save, Args: func(cmd *cobra.Command, args []string) error { if len(args) == 0 { - return errors.Errorf("need at least 1 argument") + return errors.New("need at least 1 argument") } format, err := cmd.Flags().GetString("format") if err != nil { return err } if !util.StringInSlice(format, common.ValidSaveFormats) { - return errors.Errorf("format value must be one of %s", strings.Join(common.ValidSaveFormats, " ")) + return fmt.Errorf("format value must be one of %s", strings.Join(common.ValidSaveFormats, " ")) } return nil }, @@ -103,13 +104,13 @@ func save(cmd *cobra.Command, args []string) (finalErr error) { succeeded = false ) if cmd.Flag("compress").Changed && (saveOpts.Format != define.OCIManifestDir && saveOpts.Format != define.V2s2ManifestDir) { - return errors.Errorf("--compress can only be set when --format is either 'oci-dir' or 'docker-dir'") + return errors.New("--compress can only be set when --format is either 'oci-dir' or 'docker-dir'") } if len(saveOpts.Output) == 0 { saveOpts.Quiet = true fi := os.Stdout if term.IsTerminal(int(fi.Fd())) { - return errors.Errorf("refusing to save to terminal. Use -o flag or redirect") + return errors.New("refusing to save to terminal. Use -o flag or redirect") } pipePath, cleanup, err := setupPipe() if err != nil { diff --git a/cmd/podman/images/scp.go b/cmd/podman/images/scp.go index 3dbc9c331..a7aa43e61 100644 --- a/cmd/podman/images/scp.go +++ b/cmd/podman/images/scp.go @@ -1,28 +1,12 @@ package images import ( - "context" - "fmt" - "io/ioutil" - urlP "net/url" "os" - "os/exec" - "os/user" - "strconv" "strings" - "github.com/containers/common/pkg/config" "github.com/containers/podman/v4/cmd/podman/common" "github.com/containers/podman/v4/cmd/podman/registry" - "github.com/containers/podman/v4/cmd/podman/system/connection" - "github.com/containers/podman/v4/libpod/define" - "github.com/containers/podman/v4/pkg/domain/entities" - "github.com/containers/podman/v4/utils" - scpD "github.com/dtylman/scp" - "github.com/pkg/errors" - "github.com/sirupsen/logrus" "github.com/spf13/cobra" - "golang.org/x/crypto/ssh" ) var ( @@ -32,7 +16,6 @@ var ( Annotations: map[string]string{ registry.UnshareNSRequired: "", registry.ParentNSRequired: "", - registry.EngineMode: registry.ABIMode, }, Long: saveScpDescription, Short: "securely copy images", @@ -46,9 +29,6 @@ var ( var ( parentFlags []string quiet bool - source entities.ImageScpOptions - dest entities.ImageScpOptions - sshInfo entities.ImageScpConnections ) func init() { @@ -66,7 +46,6 @@ func scpFlags(cmd *cobra.Command) { func scp(cmd *cobra.Command, args []string) (finalErr error) { var ( - // TODO add tag support for images err error ) for i, val := range os.Args { @@ -81,288 +60,17 @@ func scp(cmd *cobra.Command, args []string) (finalErr error) { } parentFlags = append(parentFlags, val) } - podman, err := os.Executable() - if err != nil { - return err - } - f, err := ioutil.TempFile("", "podman") // open temp file for load/save output - if err != nil { - return err - } - confR, err := config.NewConfig("") // create a hand made config for the remote engine since we might use remote and native at once - if err != nil { - return errors.Wrapf(err, "could not make config") - } - - abiEng, err := registry.NewImageEngine(cmd, args) // abi native engine - if err != nil { - return err - } - - cfg, err := config.ReadCustomConfig() // get ready to set ssh destination if necessary - if err != nil { - return err - } - locations := []*entities.ImageScpOptions{} - cliConnections := []string{} - var flipConnections bool - for _, arg := range args { - loc, connect, err := parseImageSCPArg(arg) - if err != nil { - return err - } - locations = append(locations, loc) - cliConnections = append(cliConnections, connect...) - } - source = *locations[0] - switch { - case len(locations) > 1: - if flipConnections, err = validateSCPArgs(locations); err != nil { - return err - } - if flipConnections { // the order of cliConnections matters, we need to flip both arrays since the args are parsed separately sometimes. - cliConnections[0], cliConnections[1] = cliConnections[1], cliConnections[0] - locations[0], locations[1] = locations[1], locations[0] - } - dest = *locations[1] - case len(locations) == 1: - switch { - case len(locations[0].Image) == 0: - return errors.Wrapf(define.ErrInvalidArg, "no source image specified") - case len(locations[0].Image) > 0 && !locations[0].Remote && len(locations[0].User) == 0: // if we have podman image scp $IMAGE - return errors.Wrapf(define.ErrInvalidArg, "must specify a destination") - } - } - - source.Quiet = quiet - source.File = f.Name() // after parsing the arguments, set the file for the save/load - dest.File = source.File - if err = os.Remove(source.File); err != nil { // remove the file and simply use its name so podman creates the file upon save. avoids umask errors - return err - } - - allLocal := true // if we are all localhost, do not validate connections but if we are using one localhost and one non we need to use sshd - for _, val := range cliConnections { - if !strings.Contains(val, "@localhost::") { - allLocal = false - break - } - } - if allLocal { - cliConnections = []string{} - } - - var serv map[string]config.Destination - serv, err = GetServiceInformation(cliConnections, cfg) - if err != nil { - return err - } - - // TODO: Add podman remote support - confR.Engine = config.EngineConfig{Remote: true, CgroupManager: "cgroupfs", ServiceDestinations: serv} // pass the service dest (either remote or something else) to engine - saveCmd, loadCmd := createCommands(podman) - switch { - case source.Remote: // if we want to load FROM the remote, dest can either be local or remote in this case - err = saveToRemote(source.Image, source.File, "", sshInfo.URI[0], sshInfo.Identities[0]) - if err != nil { - return err - } - if dest.Remote { // we want to load remote -> remote, both source and dest are remote - rep, err := loadToRemote(dest.File, "", sshInfo.URI[1], sshInfo.Identities[1]) - if err != nil { - return err - } - fmt.Println(rep) - break - } - err = execPodman(podman, loadCmd) - if err != nil { - return err - } - case dest.Remote: // remote host load, implies source is local - err = execPodman(podman, saveCmd) - if err != nil { - return err - } - rep, err := loadToRemote(source.File, "", sshInfo.URI[0], sshInfo.Identities[0]) - if err != nil { - return err - } - fmt.Println(rep) - if err = os.Remove(source.File); err != nil { - return err - } - // TODO: Add podman remote support - default: // else native load, both source and dest are local and transferring between users - if source.User == "" { // source user has to be set, destination does not - source.User = os.Getenv("USER") - if source.User == "" { - u, err := user.Current() - if err != nil { - return errors.Wrapf(err, "could not obtain user, make sure the environmental variable $USER is set") - } - source.User = u.Username - } - } - err := abiEng.Transfer(context.Background(), source, dest, parentFlags) - if err != nil { - return err - } - } - return nil -} - -// loadToRemote takes image and remote connection information. it connects to the specified client -// and copies the saved image dir over to the remote host and then loads it onto the machine -// returns a string containing output or an error -func loadToRemote(localFile string, tag string, url *urlP.URL, iden string) (string, error) { - dial, remoteFile, err := createConnection(url, iden) - if err != nil { - return "", err - } - defer dial.Close() - - n, err := scpD.CopyTo(dial, localFile, remoteFile) - if err != nil { - errOut := strconv.Itoa(int(n)) + " Bytes copied before error" - return " ", errors.Wrapf(err, errOut) - } - var run string - if tag != "" { - return "", errors.Wrapf(define.ErrInvalidArg, "Renaming of an image is currently not supported") - } - podman := os.Args[0] - run = podman + " image load --input=" + remoteFile + ";rm " + remoteFile // run ssh image load of the file copied via scp - out, err := connection.ExecRemoteCommand(dial, run) - if err != nil { - return "", err + src := args[0] + dst := "" + if len(args) > 1 { + dst = args[1] } - return strings.TrimSuffix(string(out), "\n"), nil -} - -// saveToRemote takes image information and remote connection information. it connects to the specified client -// and saves the specified image on the remote machine and then copies it to the specified local location -// returns an error if one occurs. -func saveToRemote(image, localFile string, tag string, uri *urlP.URL, iden string) error { - dial, remoteFile, err := createConnection(uri, iden) + err = registry.ImageEngine().Scp(registry.Context(), src, dst, parentFlags, quiet) if err != nil { return err } - defer dial.Close() - if tag != "" { - return errors.Wrapf(define.ErrInvalidArg, "Renaming of an image is currently not supported") - } - podman := os.Args[0] - run := podman + " image save " + image + " --format=oci-archive --output=" + remoteFile // run ssh image load of the file copied via scp. Files are reverse in this case... - _, err = connection.ExecRemoteCommand(dial, run) - if err != nil { - return err - } - n, err := scpD.CopyFrom(dial, remoteFile, localFile) - if _, conErr := connection.ExecRemoteCommand(dial, "rm "+remoteFile); conErr != nil { - logrus.Errorf("Removing file on endpoint: %v", conErr) - } - if err != nil { - errOut := strconv.Itoa(int(n)) + " Bytes copied before error" - return errors.Wrapf(err, errOut) - } return nil } - -// makeRemoteFile creates the necessary remote file on the host to -// save or load the image to. returns a string with the file name or an error -func makeRemoteFile(dial *ssh.Client) (string, error) { - run := "mktemp" - remoteFile, err := connection.ExecRemoteCommand(dial, run) - if err != nil { - return "", err - } - return strings.TrimSuffix(string(remoteFile), "\n"), nil -} - -// createConnections takes a boolean determining which ssh client to dial -// and returns the dials client, its newly opened remote file, and an error if applicable. -func createConnection(url *urlP.URL, iden string) (*ssh.Client, string, error) { - cfg, err := connection.ValidateAndConfigure(url, iden) - if err != nil { - return nil, "", err - } - dialAdd, err := ssh.Dial("tcp", url.Host, cfg) // dial the client - if err != nil { - return nil, "", errors.Wrapf(err, "failed to connect") - } - file, err := makeRemoteFile(dialAdd) - if err != nil { - return nil, "", err - } - - return dialAdd, file, nil -} - -// GetSerivceInformation takes the parsed list of hosts to connect to and validates the information -func GetServiceInformation(cliConnections []string, cfg *config.Config) (map[string]config.Destination, error) { - var serv map[string]config.Destination - var url string - var iden string - for i, val := range cliConnections { - splitEnv := strings.SplitN(val, "::", 2) - sshInfo.Connections = append(sshInfo.Connections, splitEnv[0]) - if len(splitEnv[1]) != 0 { - err := validateImageName(splitEnv[1]) - if err != nil { - return nil, err - } - source.Image = splitEnv[1] - //TODO: actually use the new name given by the user - } - conn, found := cfg.Engine.ServiceDestinations[sshInfo.Connections[i]] - if found { - url = conn.URI - iden = conn.Identity - } else { // no match, warn user and do a manual connection. - url = "ssh://" + sshInfo.Connections[i] - iden = "" - logrus.Warnf("Unknown connection name given. Please use system connection add to specify the default remote socket location") - } - urlT, err := urlP.Parse(url) // create an actual url to pass to exec command - if err != nil { - return nil, err - } - if urlT.User.Username() == "" { - if urlT.User, err = connection.GetUserInfo(urlT); err != nil { - return nil, err - } - } - sshInfo.URI = append(sshInfo.URI, urlT) - sshInfo.Identities = append(sshInfo.Identities, iden) - } - return serv, nil -} - -// execPodman executes the podman save/load command given the podman binary -func execPodman(podman string, command []string) error { - cmd := exec.Command(podman) - utils.CreateSCPCommand(cmd, command[1:]) - logrus.Debugf("Executing podman command: %q", cmd) - return cmd.Run() -} - -// createCommands forms the podman save and load commands used by SCP -func createCommands(podman string) ([]string, []string) { - var parentString string - quiet := "" - if source.Quiet { - quiet = "-q " - } - if len(parentFlags) > 0 { - parentString = strings.Join(parentFlags, " ") + " " // if there are parent args, an extra space needs to be added - } else { - parentString = strings.Join(parentFlags, " ") - } - loadCmd := strings.Split(fmt.Sprintf("%s %sload %s--input %s", podman, parentString, quiet, dest.File), " ") - saveCmd := strings.Split(fmt.Sprintf("%s %vsave %s--output %s %s", podman, parentString, quiet, source.File, source.Image), " ") - return saveCmd, loadCmd -} diff --git a/cmd/podman/images/scp_test.go b/cmd/podman/images/scp_test.go deleted file mode 100644 index 315fda2ab..000000000 --- a/cmd/podman/images/scp_test.go +++ /dev/null @@ -1,46 +0,0 @@ -package images - -import ( - "testing" - - "github.com/containers/podman/v4/pkg/domain/entities" - "github.com/stretchr/testify/assert" -) - -func TestParseSCPArgs(t *testing.T) { - args := []string{"alpine", "root@localhost::"} - var source *entities.ImageScpOptions - var dest *entities.ImageScpOptions - var err error - source, _, err = parseImageSCPArg(args[0]) - assert.Nil(t, err) - assert.Equal(t, source.Image, "alpine") - - dest, _, err = parseImageSCPArg(args[1]) - assert.Nil(t, err) - assert.Equal(t, dest.Image, "") - assert.Equal(t, dest.User, "root") - - args = []string{"root@localhost::alpine"} - source, _, err = parseImageSCPArg(args[0]) - assert.Nil(t, err) - assert.Equal(t, source.User, "root") - assert.Equal(t, source.Image, "alpine") - - args = []string{"charliedoern@192.168.68.126::alpine", "foobar@192.168.68.126::"} - source, _, err = parseImageSCPArg(args[0]) - assert.Nil(t, err) - assert.True(t, source.Remote) - assert.Equal(t, source.Image, "alpine") - - dest, _, err = parseImageSCPArg(args[1]) - assert.Nil(t, err) - assert.True(t, dest.Remote) - assert.Equal(t, dest.Image, "") - - args = []string{"charliedoern@192.168.68.126::alpine"} - source, _, err = parseImageSCPArg(args[0]) - assert.Nil(t, err) - assert.True(t, source.Remote) - assert.Equal(t, source.Image, "alpine") -} diff --git a/cmd/podman/images/scp_utils.go b/cmd/podman/images/scp_utils.go deleted file mode 100644 index a85687a42..000000000 --- a/cmd/podman/images/scp_utils.go +++ /dev/null @@ -1,88 +0,0 @@ -package images - -import ( - "strings" - - "github.com/containers/image/v5/docker/reference" - "github.com/containers/podman/v4/libpod/define" - "github.com/containers/podman/v4/pkg/domain/entities" - "github.com/pkg/errors" -) - -// parseImageSCPArg returns the valid connection, and source/destination data based off of the information provided by the user -// arg is a string containing one of the cli arguments returned is a filled out source/destination options structs as well as a connections array and an error if applicable -func parseImageSCPArg(arg string) (*entities.ImageScpOptions, []string, error) { - location := entities.ImageScpOptions{} - var err error - cliConnections := []string{} - - switch { - case strings.Contains(arg, "@localhost::"): // image transfer between users - location.User = strings.Split(arg, "@")[0] - location, err = validateImagePortion(location, arg) - if err != nil { - return nil, nil, err - } - cliConnections = append(cliConnections, arg) - case strings.Contains(arg, "::"): - location, err = validateImagePortion(location, arg) - if err != nil { - return nil, nil, err - } - location.Remote = true - cliConnections = append(cliConnections, arg) - default: - location.Image = arg - } - return &location, cliConnections, nil -} - -// validateImagePortion is a helper function to validate the image name in an SCP argument -func validateImagePortion(location entities.ImageScpOptions, arg string) (entities.ImageScpOptions, error) { - if remoteArgLength(arg, 1) > 0 { - err := validateImageName(strings.Split(arg, "::")[1]) - if err != nil { - return location, err - } - location.Image = strings.Split(arg, "::")[1] // this will get checked/set again once we validate connections - } - return location, nil -} - -// validateSCPArgs takes the array of source and destination options and checks for common errors -func validateSCPArgs(locations []*entities.ImageScpOptions) (bool, error) { - if len(locations) > 2 { - return false, errors.Wrapf(define.ErrInvalidArg, "cannot specify more than two arguments") - } - switch { - case len(locations[0].Image) > 0 && len(locations[1].Image) > 0: - return false, errors.Wrapf(define.ErrInvalidArg, "cannot specify an image rename") - case len(locations[0].Image) == 0 && len(locations[1].Image) == 0: - return false, errors.Wrapf(define.ErrInvalidArg, "a source image must be specified") - case len(locations[0].Image) == 0 && len(locations[1].Image) != 0: - if locations[0].Remote && locations[1].Remote { - return true, nil // we need to flip the cliConnections array so the save/load connections are in the right place - } - } - return false, nil -} - -// validateImageName makes sure that the image given is valid and no injections are occurring -// we simply use this for error checking, bot setting the image -func validateImageName(input string) error { - // ParseNormalizedNamed transforms a shortname image into its - // full name reference so busybox => docker.io/library/busybox - // we want to keep our shortnames, so only return an error if - // we cannot parse what the user has given us - _, err := reference.ParseNormalizedNamed(input) - return err -} - -// remoteArgLength is a helper function to simplify the extracting of host argument data -// returns an int which contains the length of a specified index in a host::image string -func remoteArgLength(input string, side int) int { - if strings.Contains(input, "::") { - return len((strings.Split(input, "::"))[side]) - } - return -1 -} diff --git a/cmd/podman/images/search.go b/cmd/podman/images/search.go index a18f7a11d..eb876d3d4 100644 --- a/cmd/podman/images/search.go +++ b/cmd/podman/images/search.go @@ -1,6 +1,7 @@ package images import ( + "errors" "fmt" "os" "strings" @@ -12,7 +13,6 @@ import ( "github.com/containers/podman/v4/cmd/podman/common" "github.com/containers/podman/v4/cmd/podman/registry" "github.com/containers/podman/v4/pkg/domain/entities" - "github.com/pkg/errors" "github.com/spf13/cobra" ) @@ -111,11 +111,11 @@ func imageSearch(cmd *cobra.Command, args []string) error { case 1: searchTerm = args[0] default: - return errors.Errorf("search requires exactly one argument") + return errors.New("search requires exactly one argument") } if searchOptions.ListTags && len(searchOptions.Filters) != 0 { - return errors.Errorf("filters are not applicable to list tags result") + return errors.New("filters are not applicable to list tags result") } // TLS verification in c/image is controlled via a `types.OptionalBool` @@ -155,7 +155,7 @@ func imageSearch(cmd *cobra.Command, args []string) error { switch { case searchOptions.ListTags: if len(searchOptions.Filters) != 0 { - return errors.Errorf("filters are not applicable to list tags result") + return errors.New("filters are not applicable to list tags result") } if isJSON { listTagsEntries := buildListTagsJSON(searchReport) @@ -181,7 +181,7 @@ func imageSearch(cmd *cobra.Command, args []string) error { if rpt.RenderHeaders { hdrs := report.Headers(entities.ImageSearchReport{}, nil) if err := rpt.Execute(hdrs); err != nil { - return errors.Wrapf(err, "failed to write report column headers") + return fmt.Errorf("failed to write report column headers: %w", err) } } return rpt.Execute(searchReport) diff --git a/cmd/podman/images/sign.go b/cmd/podman/images/sign.go index e4e201894..beea6d2b8 100644 --- a/cmd/podman/images/sign.go +++ b/cmd/podman/images/sign.go @@ -1,6 +1,7 @@ package images import ( + "errors" "os" "github.com/containers/common/pkg/auth" @@ -8,7 +9,6 @@ import ( "github.com/containers/podman/v4/cmd/podman/common" "github.com/containers/podman/v4/cmd/podman/registry" "github.com/containers/podman/v4/pkg/domain/entities" - "github.com/pkg/errors" "github.com/spf13/cobra" ) @@ -57,7 +57,7 @@ func init() { func sign(cmd *cobra.Command, args []string) error { if signOptions.SignBy == "" { - return errors.Errorf("please provide an identity") + return errors.New("please provide an identity") } var sigStoreDir string diff --git a/cmd/podman/images/trust_set.go b/cmd/podman/images/trust_set.go index f4ff0cffc..832e9f724 100644 --- a/cmd/podman/images/trust_set.go +++ b/cmd/podman/images/trust_set.go @@ -1,6 +1,7 @@ package images import ( + "fmt" "net/url" "regexp" @@ -9,7 +10,6 @@ import ( "github.com/containers/podman/v4/cmd/podman/common" "github.com/containers/podman/v4/cmd/podman/registry" "github.com/containers/podman/v4/pkg/domain/entities" - "github.com/pkg/errors" "github.com/spf13/cobra" ) @@ -61,7 +61,7 @@ func setTrust(cmd *cobra.Command, args []string) error { } if !util.StringInSlice(setOptions.Type, validTrustTypes) { - return errors.Errorf("invalid choice: %s (choose from 'accept', 'reject', 'signedBy')", setOptions.Type) + return fmt.Errorf("invalid choice: %s (choose from 'accept', 'reject', 'signedBy')", setOptions.Type) } return registry.ImageEngine().SetTrust(registry.Context(), args, setOptions) } @@ -71,17 +71,17 @@ func isValidImageURI(imguri string) (bool, error) { uri := "http://" + imguri u, err := url.Parse(uri) if err != nil { - return false, errors.Wrapf(err, "invalid image uri: %s", imguri) + return false, fmt.Errorf("invalid image uri: %s: %w", imguri, err) } reg := regexp.MustCompile(`^[a-zA-Z0-9-_\.]+\/?:?[0-9]*[a-z0-9-\/:]*$`) ret := reg.FindAllString(u.Host, -1) if len(ret) == 0 { - return false, errors.Wrapf(err, "invalid image uri: %s", imguri) + return false, fmt.Errorf("invalid image uri: %s: %w", imguri, err) } reg = regexp.MustCompile(`^[a-z0-9-:\./]*$`) ret = reg.FindAllString(u.Fragment, -1) if len(ret) == 0 { - return false, errors.Wrapf(err, "invalid image uri: %s", imguri) + return false, fmt.Errorf("invalid image uri: %s: %w", imguri, err) } return true, nil } diff --git a/cmd/podman/images/unmount.go b/cmd/podman/images/unmount.go index 3ada09937..2a3df7cbd 100644 --- a/cmd/podman/images/unmount.go +++ b/cmd/podman/images/unmount.go @@ -1,13 +1,13 @@ package images import ( + "errors" "fmt" "github.com/containers/podman/v4/cmd/podman/common" "github.com/containers/podman/v4/cmd/podman/registry" "github.com/containers/podman/v4/cmd/podman/utils" "github.com/containers/podman/v4/pkg/domain/entities" - "github.com/pkg/errors" "github.com/spf13/cobra" "github.com/spf13/pflag" ) diff --git a/cmd/podman/images/utils_linux.go b/cmd/podman/images/utils_linux.go index f7c159415..5923716ec 100644 --- a/cmd/podman/images/utils_linux.go +++ b/cmd/podman/images/utils_linux.go @@ -1,12 +1,12 @@ package images import ( + "fmt" "io" "io/ioutil" "os" "path/filepath" - "github.com/pkg/errors" "github.com/sirupsen/logrus" "golang.org/x/sys/unix" ) @@ -26,7 +26,7 @@ func setupPipe() (string, func() <-chan error, error) { if e := os.RemoveAll(pipeDir); e != nil { logrus.Errorf("Removing named pipe: %q", e) } - return "", nil, errors.Wrapf(err, "error creating named pipe") + return "", nil, fmt.Errorf("error creating named pipe: %w", err) } go func() { fpipe, err := os.Open(pipePath) diff --git a/cmd/podman/inspect/inspect.go b/cmd/podman/inspect/inspect.go index 05a6de699..edddf026e 100644 --- a/cmd/podman/inspect/inspect.go +++ b/cmd/podman/inspect/inspect.go @@ -3,6 +3,7 @@ package inspect import ( "context" "encoding/json" // due to a bug in json-iterator it cannot be used here + "errors" "fmt" "os" "regexp" @@ -16,7 +17,6 @@ import ( "github.com/containers/podman/v4/cmd/podman/validate" "github.com/containers/podman/v4/libpod/define" "github.com/containers/podman/v4/pkg/domain/entities" - "github.com/pkg/errors" "github.com/sirupsen/logrus" "github.com/spf13/cobra" ) @@ -41,7 +41,7 @@ func AddInspectFlagSet(cmd *cobra.Command) *entities.InspectOptions { return &opts } -// Inspect inspects the specified container/image names or IDs. +// Inspect inspects the specified container/image/pod/volume names or IDs. func Inspect(namesOrIDs []string, options entities.InspectOptions) error { inspector, err := newInspector(options) if err != nil { @@ -64,19 +64,19 @@ func newInspector(options entities.InspectOptions) (*inspector, error) { case common.ImageType, common.ContainerType, common.AllType, common.PodType, common.NetworkType, common.VolumeType: // Valid types. default: - return nil, errors.Errorf("invalid type %q: must be %q, %q, %q, %q, %q, or %q", options.Type, + return nil, fmt.Errorf("invalid type %q: must be %q, %q, %q, %q, %q, or %q", options.Type, common.ImageType, common.ContainerType, common.PodType, common.NetworkType, common.VolumeType, common.AllType) } if options.Type == common.ImageType { if options.Latest { - return nil, errors.Errorf("latest is not supported for type %q", common.ImageType) + return nil, fmt.Errorf("latest is not supported for type %q", common.ImageType) } if options.Size { - return nil, errors.Errorf("size is not supported for type %q", common.ImageType) + return nil, fmt.Errorf("size is not supported for type %q", common.ImageType) } } if options.Type == common.PodType && options.Size { - return nil, errors.Errorf("size is not supported for type %q", common.PodType) + return nil, fmt.Errorf("size is not supported for type %q", common.PodType) } podOpts := entities.PodInspectOptions{ Latest: options.Latest, @@ -145,8 +145,7 @@ func (i *inspector) inspect(namesOrIDs []string) error { i.podOptions.NameOrID = pod podData, err := i.containerEngine.PodInspect(ctx, i.podOptions) if err != nil { - cause := errors.Cause(err) - if !strings.Contains(cause.Error(), define.ErrNoSuchPod.Error()) { + if !strings.Contains(err.Error(), define.ErrNoSuchPod.Error()) { errs = []error{err} } else { return err @@ -159,8 +158,7 @@ func (i *inspector) inspect(namesOrIDs []string) error { if i.podOptions.Latest { // latest means there are no names in the namesOrID array podData, err := i.containerEngine.PodInspect(ctx, i.podOptions) if err != nil { - cause := errors.Cause(err) - if !strings.Contains(cause.Error(), define.ErrNoSuchPod.Error()) { + if !strings.Contains(err.Error(), define.ErrNoSuchPod.Error()) { errs = []error{err} } else { return err @@ -189,7 +187,7 @@ func (i *inspector) inspect(namesOrIDs []string) error { data = append(data, volumeData[i]) } default: - return errors.Errorf("invalid type %q: must be %q, %q, %q, %q, %q, or %q", i.options.Type, + return fmt.Errorf("invalid type %q: must be %q, %q, %q, %q, %q, or %q", i.options.Type, common.ImageType, common.ContainerType, common.PodType, common.NetworkType, common.VolumeType, common.AllType) } // Always print an empty array @@ -218,7 +216,7 @@ func (i *inspector) inspect(namesOrIDs []string) error { fmt.Fprintf(os.Stderr, "error inspecting object: %v\n", err) } } - return errors.Errorf("inspecting object: %v", errs[0]) + return fmt.Errorf("inspecting object: %w", errs[0]) } return nil } @@ -287,8 +285,7 @@ func (i *inspector) inspectAll(ctx context.Context, namesOrIDs []string) ([]inte i.podOptions.NameOrID = name podData, err := i.containerEngine.PodInspect(ctx, i.podOptions) if err != nil { - cause := errors.Cause(err) - if !strings.Contains(cause.Error(), define.ErrNoSuchPod.Error()) { + if !strings.Contains(err.Error(), define.ErrNoSuchPod.Error()) { return nil, nil, err } } else { @@ -296,7 +293,7 @@ func (i *inspector) inspectAll(ctx context.Context, namesOrIDs []string) ([]inte continue } if len(errs) > 0 { - allErrs = append(allErrs, errors.Errorf("no such object: %q", name)) + allErrs = append(allErrs, fmt.Errorf("no such object: %q", name)) continue } } diff --git a/cmd/podman/machine/init.go b/cmd/podman/machine/init.go index 9d464ad37..def3334e8 100644 --- a/cmd/podman/machine/init.go +++ b/cmd/podman/machine/init.go @@ -11,7 +11,6 @@ import ( "github.com/containers/podman/v4/cmd/podman/registry" "github.com/containers/podman/v4/libpod/events" "github.com/containers/podman/v4/pkg/machine" - "github.com/pkg/errors" "github.com/spf13/cobra" ) @@ -20,6 +19,7 @@ var ( Use: "init [options] [NAME]", Short: "Initialize a virtual machine", Long: "initialize a virtual machine ", + PersistentPreRunE: rootlessOnly, RunE: initMachine, Args: cobra.MaximumNArgs(1), Example: `podman machine init myvm`, @@ -119,12 +119,12 @@ func initMachine(cmd *cobra.Command, args []string) error { initOpts.Name = defaultMachineName if len(args) > 0 { if len(args[0]) > maxMachineNameSize { - return errors.Errorf("machine name %q must be %d characters or less", args[0], maxMachineNameSize) + return fmt.Errorf("machine name %q must be %d characters or less", args[0], maxMachineNameSize) } initOpts.Name = args[0] } if _, err := provider.LoadVMByName(initOpts.Name); err == nil { - return errors.Wrap(machine.ErrVMAlreadyExists, initOpts.Name) + return fmt.Errorf("%s: %w", initOpts.Name, machine.ErrVMAlreadyExists) } for idx, vol := range initOpts.Volumes { initOpts.Volumes[idx] = os.ExpandEnv(vol) diff --git a/cmd/podman/machine/inspect.go b/cmd/podman/machine/inspect.go index 4600a2b6d..d69c382f2 100644 --- a/cmd/podman/machine/inspect.go +++ b/cmd/podman/machine/inspect.go @@ -20,6 +20,7 @@ var ( Use: "inspect [options] [MACHINE...]", Short: "Inspect an existing machine", Long: "Provide details on a managed virtual machine", + PersistentPreRunE: rootlessOnly, RunE: inspect, Example: `podman machine inspect myvm`, ValidArgsFunction: autocompleteMachine, diff --git a/cmd/podman/machine/list.go b/cmd/podman/machine/list.go index 1ffb8690c..b1e31566f 100644 --- a/cmd/podman/machine/list.go +++ b/cmd/podman/machine/list.go @@ -4,6 +4,7 @@ package machine import ( + "fmt" "os" "sort" "strconv" @@ -17,7 +18,6 @@ import ( "github.com/containers/podman/v4/cmd/podman/validate" "github.com/containers/podman/v4/pkg/machine" "github.com/docker/go-units" - "github.com/pkg/errors" "github.com/spf13/cobra" ) @@ -27,6 +27,7 @@ var ( Aliases: []string{"ls"}, Short: "List machines", Long: "List managed virtual machines.", + PersistentPreRunE: rootlessOnly, RunE: list, Args: validate.NoArgs, ValidArgsFunction: completion.AutocompleteNone, @@ -88,7 +89,7 @@ func list(cmd *cobra.Command, args []string) error { provider := GetSystemDefaultProvider() listResponse, err = provider.List(opts) if err != nil { - return errors.Wrap(err, "error listing vms") + return fmt.Errorf("listing vms: %w", err) } // Sort by last run @@ -157,7 +158,7 @@ func outputTemplate(cmd *cobra.Command, responses []*ListReporter) error { defer w.Flush() if printHeader { if err := tmpl.Execute(w, headers); err != nil { - return errors.Wrapf(err, "failed to write report column headers") + return fmt.Errorf("failed to write report column headers: %w", err) } } return tmpl.Execute(w, responses) diff --git a/cmd/podman/machine/machine_unix.go b/cmd/podman/machine/machine_unix.go index b56d081ec..a2d9b9d8e 100644 --- a/cmd/podman/machine/machine_unix.go +++ b/cmd/podman/machine/machine_unix.go @@ -4,9 +4,20 @@ package machine import ( + "fmt" "os" + + "github.com/containers/podman/v4/pkg/rootless" + "github.com/spf13/cobra" ) func isUnixSocket(file os.DirEntry) bool { return file.Type()&os.ModeSocket != 0 } + +func rootlessOnly(cmd *cobra.Command, args []string) error { + if !rootless.IsRootless() { + return fmt.Errorf("cannot run command %q as root", cmd.CommandPath()) + } + return nil +} diff --git a/cmd/podman/machine/machine_windows.go b/cmd/podman/machine/machine_windows.go index ffd5d8827..bf1240868 100644 --- a/cmd/podman/machine/machine_windows.go +++ b/cmd/podman/machine/machine_windows.go @@ -3,9 +3,18 @@ package machine import ( "os" "strings" + + "github.com/spf13/cobra" ) func isUnixSocket(file os.DirEntry) bool { // Assume a socket on Windows, since sock mode is not supported yet https://github.com/golang/go/issues/33357 return !file.Type().IsDir() && strings.HasSuffix(file.Name(), ".sock") } + +func rootlessOnly(cmd *cobra.Command, args []string) error { + // Rootless is not relevant on Windows. In the future rootless.IsRootless + // could be switched to return true on Windows, and other codepaths migrated + + return nil +} diff --git a/cmd/podman/machine/rm.go b/cmd/podman/machine/rm.go index a6e66265c..362c9a7d3 100644 --- a/cmd/podman/machine/rm.go +++ b/cmd/podman/machine/rm.go @@ -20,6 +20,7 @@ var ( Use: "rm [options] [MACHINE]", Short: "Remove an existing machine", Long: "Remove a managed virtual machine ", + PersistentPreRunE: rootlessOnly, RunE: rm, Args: cobra.MaximumNArgs(1), Example: `podman machine rm myvm`, diff --git a/cmd/podman/machine/set.go b/cmd/podman/machine/set.go index 5777882da..1b9e1b2bd 100644 --- a/cmd/podman/machine/set.go +++ b/cmd/podman/machine/set.go @@ -18,6 +18,7 @@ var ( Use: "set [options] [NAME]", Short: "Sets a virtual machine setting", Long: "Sets an updatable virtual machine setting", + PersistentPreRunE: rootlessOnly, RunE: setMachine, Args: cobra.MaximumNArgs(1), Example: `podman machine set --rootful=false`, diff --git a/cmd/podman/machine/ssh.go b/cmd/podman/machine/ssh.go index 8261f3607..cb2f62f51 100644 --- a/cmd/podman/machine/ssh.go +++ b/cmd/podman/machine/ssh.go @@ -4,6 +4,7 @@ package machine import ( + "fmt" "net/url" "github.com/containers/common/pkg/completion" @@ -11,16 +12,16 @@ import ( "github.com/containers/podman/v4/cmd/podman/registry" "github.com/containers/podman/v4/cmd/podman/utils" "github.com/containers/podman/v4/pkg/machine" - "github.com/pkg/errors" "github.com/spf13/cobra" ) var ( sshCmd = &cobra.Command{ - Use: "ssh [options] [NAME] [COMMAND [ARG ...]]", - Short: "SSH into an existing machine", - Long: "SSH into a managed virtual machine ", - RunE: ssh, + Use: "ssh [options] [NAME] [COMMAND [ARG ...]]", + Short: "SSH into an existing machine", + Long: "SSH into a managed virtual machine ", + PersistentPreRunE: rootlessOnly, + RunE: ssh, Example: `podman machine ssh myvm podman machine ssh myvm echo hello`, ValidArgsFunction: autocompleteMachineSSH, @@ -88,7 +89,7 @@ func ssh(cmd *cobra.Command, args []string) error { vm, err = provider.LoadVMByName(vmName) if err != nil { - return errors.Wrapf(err, "vm %s not found", vmName) + return fmt.Errorf("vm %s not found: %w", vmName, err) } err = vm.SSH(vmName, sshOpts) return utils.HandleOSExecError(err) diff --git a/cmd/podman/machine/start.go b/cmd/podman/machine/start.go index 3bd7f4a25..15a75522a 100644 --- a/cmd/podman/machine/start.go +++ b/cmd/podman/machine/start.go @@ -9,7 +9,6 @@ import ( "github.com/containers/podman/v4/cmd/podman/registry" "github.com/containers/podman/v4/libpod/events" "github.com/containers/podman/v4/pkg/machine" - "github.com/pkg/errors" "github.com/spf13/cobra" ) @@ -18,6 +17,7 @@ var ( Use: "start [MACHINE]", Short: "Start an existing machine", Long: "Start a managed virtual machine ", + PersistentPreRunE: rootlessOnly, RunE: start, Args: cobra.MaximumNArgs(1), Example: `podman machine start myvm`, @@ -54,9 +54,9 @@ func start(_ *cobra.Command, args []string) error { } if active { if vmName == activeName { - return errors.Wrapf(machine.ErrVMAlreadyRunning, "cannot start VM %s", vmName) + return fmt.Errorf("cannot start VM %s: %w", vmName, machine.ErrVMAlreadyRunning) } - return errors.Wrapf(machine.ErrMultipleActiveVM, "cannot start VM %s. VM %s is currently running or starting", vmName, activeName) + return fmt.Errorf("cannot start VM %s. VM %s is currently running or starting: %w", vmName, activeName, machine.ErrMultipleActiveVM) } fmt.Printf("Starting machine %q\n", vmName) if err := vm.Start(vmName, machine.StartOptions{}); err != nil { diff --git a/cmd/podman/machine/stop.go b/cmd/podman/machine/stop.go index 993662792..ce87a44c4 100644 --- a/cmd/podman/machine/stop.go +++ b/cmd/podman/machine/stop.go @@ -17,6 +17,7 @@ var ( Use: "stop [MACHINE]", Short: "Stop an existing machine", Long: "Stop a managed virtual machine ", + PersistentPreRunE: rootlessOnly, RunE: stop, Args: cobra.MaximumNArgs(1), Example: `podman machine stop myvm`, diff --git a/cmd/podman/manifest/push.go b/cmd/podman/manifest/push.go index b96a65c4a..9479e79a3 100644 --- a/cmd/podman/manifest/push.go +++ b/cmd/podman/manifest/push.go @@ -1,6 +1,7 @@ package manifest import ( + "fmt" "io/ioutil" "github.com/containers/common/pkg/auth" @@ -11,7 +12,6 @@ import ( "github.com/containers/podman/v4/cmd/podman/utils" "github.com/containers/podman/v4/pkg/domain/entities" "github.com/containers/podman/v4/pkg/util" - "github.com/pkg/errors" "github.com/spf13/cobra" ) @@ -88,10 +88,10 @@ func push(cmd *cobra.Command, args []string) error { listImageSpec := args[0] destSpec := args[1] if listImageSpec == "" { - return errors.Errorf(`invalid image name "%s"`, listImageSpec) + return fmt.Errorf(`invalid image name "%s"`, listImageSpec) } if destSpec == "" { - return errors.Errorf(`invalid destination "%s"`, destSpec) + return fmt.Errorf(`invalid destination "%s"`, destSpec) } if manifestPushOpts.CredentialsCLI != "" { diff --git a/cmd/podman/manifest/remove.go b/cmd/podman/manifest/remove.go index c32ffad78..4aa3b66b7 100644 --- a/cmd/podman/manifest/remove.go +++ b/cmd/podman/manifest/remove.go @@ -5,7 +5,6 @@ import ( "github.com/containers/podman/v4/cmd/podman/common" "github.com/containers/podman/v4/cmd/podman/registry" - "github.com/pkg/errors" "github.com/spf13/cobra" ) @@ -31,7 +30,7 @@ func init() { func remove(cmd *cobra.Command, args []string) error { updatedListID, err := registry.ImageEngine().ManifestRemoveDigest(registry.Context(), args[0], args[1]) if err != nil { - return errors.Wrapf(err, "error removing from manifest list %s", args[0]) + return fmt.Errorf("removing from manifest list %s: %w", args[0], err) } fmt.Println(updatedListID) return nil diff --git a/cmd/podman/networks/create.go b/cmd/podman/networks/create.go index 84c58d4dc..2cf7023f3 100644 --- a/cmd/podman/networks/create.go +++ b/cmd/podman/networks/create.go @@ -1,6 +1,7 @@ package network import ( + "errors" "fmt" "net" @@ -11,7 +12,6 @@ import ( "github.com/containers/podman/v4/cmd/podman/parse" "github.com/containers/podman/v4/cmd/podman/registry" "github.com/containers/podman/v4/pkg/domain/entities" - "github.com/pkg/errors" "github.com/sirupsen/logrus" "github.com/spf13/cobra" ) @@ -97,11 +97,11 @@ func networkCreate(cmd *cobra.Command, args []string) error { var err error networkCreateOptions.Labels, err = parse.GetAllLabels([]string{}, labels) if err != nil { - return errors.Wrap(err, "failed to parse labels") + return fmt.Errorf("failed to parse labels: %w", err) } networkCreateOptions.Options, err = parse.GetAllLabels([]string{}, opts) if err != nil { - return errors.Wrapf(err, "unable to parse options") + return fmt.Errorf("unable to parse options: %w", err) } network := types.Network{ @@ -181,11 +181,11 @@ func parseRange(iprange string) (*types.LeaseRange, error) { startIP, err := util.FirstIPInSubnet(subnet) if err != nil { - return nil, errors.Wrap(err, "failed to get first ip in range") + return nil, fmt.Errorf("failed to get first ip in range: %w", err) } lastIP, err := util.LastIPInSubnet(subnet) if err != nil { - return nil, errors.Wrap(err, "failed to get last ip in range") + return nil, fmt.Errorf("failed to get last ip in range: %w", err) } return &types.LeaseRange{ StartIP: startIP, diff --git a/cmd/podman/networks/rm.go b/cmd/podman/networks/rm.go index f71f59eea..c2d3f655f 100644 --- a/cmd/podman/networks/rm.go +++ b/cmd/podman/networks/rm.go @@ -1,6 +1,7 @@ package network import ( + "errors" "fmt" "strings" @@ -10,7 +11,6 @@ import ( "github.com/containers/podman/v4/cmd/podman/utils" "github.com/containers/podman/v4/libpod/define" "github.com/containers/podman/v4/pkg/domain/entities" - "github.com/pkg/errors" "github.com/spf13/cobra" "github.com/spf13/pflag" ) @@ -78,15 +78,9 @@ func networkRm(cmd *cobra.Command, args []string) error { } func setExitCode(err error) { - cause := errors.Cause(err) - switch { - case cause == define.ErrNoSuchNetwork: + if errors.Is(err, define.ErrNoSuchNetwork) || strings.Contains(err.Error(), define.ErrNoSuchNetwork.Error()) { registry.SetExitCode(1) - case strings.Contains(cause.Error(), define.ErrNoSuchNetwork.Error()): - registry.SetExitCode(1) - case cause == define.ErrNetworkInUse: - registry.SetExitCode(2) - case strings.Contains(cause.Error(), define.ErrNetworkInUse.Error()): + } else if errors.Is(err, define.ErrNetworkInUse) || strings.Contains(err.Error(), define.ErrNetworkInUse.Error()) { registry.SetExitCode(2) } } diff --git a/cmd/podman/parse/filters.go b/cmd/podman/parse/filters.go index 8a10f2a97..e4ab942af 100644 --- a/cmd/podman/parse/filters.go +++ b/cmd/podman/parse/filters.go @@ -1,10 +1,9 @@ package parse import ( + "fmt" "net/url" "strings" - - "github.com/pkg/errors" ) func FilterArgumentsIntoFilters(filters []string) (url.Values, error) { @@ -12,7 +11,7 @@ func FilterArgumentsIntoFilters(filters []string) (url.Values, error) { for _, f := range filters { t := strings.SplitN(f, "=", 2) if len(t) < 2 { - return parsedFilters, errors.Errorf("filter input must be in the form of filter=value: %s is invalid", f) + return parsedFilters, fmt.Errorf("filter input must be in the form of filter=value: %s is invalid", f) } parsedFilters.Add(t[0], t[1]) } diff --git a/cmd/podman/parse/net.go b/cmd/podman/parse/net.go index ba70c7ba5..9228c7127 100644 --- a/cmd/podman/parse/net.go +++ b/cmd/podman/parse/net.go @@ -10,8 +10,6 @@ import ( "os" "regexp" "strings" - - "github.com/pkg/errors" ) const ( @@ -81,7 +79,7 @@ func GetAllLabels(labelFile, inputLabels []string) (map[string]string, error) { for _, label := range inputLabels { split := strings.SplitN(label, "=", 2) if split[0] == "" { - return nil, errors.Errorf("invalid label format: %q", label) + return nil, fmt.Errorf("invalid label format: %q", label) } value := "" if len(split) > 1 { @@ -97,13 +95,13 @@ func parseEnvOrLabel(env map[string]string, line, configType string) error { // catch invalid variables such as "=" or "=A" if data[0] == "" { - return errors.Errorf("invalid environment variable: %q", line) + return fmt.Errorf("invalid environment variable: %q", line) } // trim the front of a variable, but nothing else name := strings.TrimLeft(data[0], whiteSpaces) if strings.ContainsAny(name, whiteSpaces) { - return errors.Errorf("name %q has white spaces, poorly formatted name", name) + return fmt.Errorf("name %q has white spaces, poorly formatted name", name) } if len(data) > 1 { @@ -157,7 +155,7 @@ func parseEnvOrLabelFile(envOrLabel map[string]string, filename, configType stri // as it is currently not supported func ValidateFileName(filename string) error { if strings.Contains(filename, ":") { - return errors.Errorf("invalid filename (should not contain ':') %q", filename) + return fmt.Errorf("invalid filename (should not contain ':') %q", filename) } return nil } @@ -166,10 +164,10 @@ func ValidateFileName(filename string) error { func ValidURL(urlStr string) error { url, err := url.ParseRequestURI(urlStr) if err != nil { - return errors.Wrapf(err, "invalid url %q", urlStr) + return fmt.Errorf("invalid url %q: %w", urlStr, err) } if url.Scheme == "" { - return errors.Errorf("invalid url %q: missing scheme", urlStr) + return fmt.Errorf("invalid url %q: missing scheme", urlStr) } return nil } diff --git a/cmd/podman/play/kube.go b/cmd/podman/play/kube.go index f5b121009..8fd12baaf 100644 --- a/cmd/podman/play/kube.go +++ b/cmd/podman/play/kube.go @@ -1,6 +1,7 @@ package pods import ( + "errors" "fmt" "net" "os" @@ -16,7 +17,6 @@ import ( "github.com/containers/podman/v4/pkg/domain/entities" "github.com/containers/podman/v4/pkg/errorhandling" "github.com/containers/podman/v4/pkg/util" - "github.com/pkg/errors" "github.com/spf13/cobra" ) @@ -188,14 +188,14 @@ func kube(cmd *cobra.Command, args []string) error { for _, annotation := range annotations { splitN := strings.SplitN(annotation, "=", 2) if len(splitN) > 2 { - return errors.Errorf("annotation %q must include an '=' sign", annotation) + return fmt.Errorf("annotation %q must include an '=' sign", annotation) } if kubeOptions.Annotations == nil { kubeOptions.Annotations = make(map[string]string) } annotation := splitN[1] if len(annotation) > define.MaxKubeAnnotation { - return errors.Errorf("annotation exceeds maximum size, %d, of kubernetes annotation: %s", define.MaxKubeAnnotation, annotation) + return fmt.Errorf("annotation exceeds maximum size, %d, of kubernetes annotation: %s", define.MaxKubeAnnotation, annotation) } kubeOptions.Annotations[splitN[0]] = annotation } @@ -235,7 +235,7 @@ func teardown(yamlfile string) error { defer f.Close() reports, err := registry.ContainerEngine().PlayKubeDown(registry.GetContext(), f, *options) if err != nil { - return errors.Wrap(err, yamlfile) + return fmt.Errorf("%v: %w", yamlfile, err) } // Output stopped pods @@ -273,7 +273,7 @@ func playkube(yamlfile string) error { defer f.Close() report, err := registry.ContainerEngine().PlayKube(registry.GetContext(), f, kubeOptions.PlayKubeOptions) if err != nil { - return errors.Wrap(err, yamlfile) + return fmt.Errorf("%s: %w", yamlfile, err) } // Print volumes report for i, volume := range report.Volumes { @@ -320,7 +320,7 @@ func playkube(yamlfile string) error { } if ctrsFailed > 0 { - return errors.Errorf("failed to start %d containers", ctrsFailed) + return fmt.Errorf("failed to start %d containers", ctrsFailed) } return nil diff --git a/cmd/podman/pods/clone.go b/cmd/podman/pods/clone.go index 391af1cf7..9558c6aed 100644 --- a/cmd/podman/pods/clone.go +++ b/cmd/podman/pods/clone.go @@ -9,7 +9,6 @@ import ( "github.com/containers/podman/v4/cmd/podman/registry" "github.com/containers/podman/v4/libpod/define" "github.com/containers/podman/v4/pkg/domain/entities" - "github.com/pkg/errors" "github.com/spf13/cobra" ) @@ -67,7 +66,7 @@ func init() { func clone(cmd *cobra.Command, args []string) error { switch len(args) { case 0: - return errors.Wrapf(define.ErrInvalidArg, "must specify at least 1 argument") + return fmt.Errorf("must specify at least 1 argument: %w", define.ErrInvalidArg) case 2: podClone.CreateOpts.Name = args[1] } diff --git a/cmd/podman/pods/create.go b/cmd/podman/pods/create.go index ca9d60174..45ad2dfd0 100644 --- a/cmd/podman/pods/create.go +++ b/cmd/podman/pods/create.go @@ -2,6 +2,7 @@ package pods import ( "context" + "errors" "fmt" "io/ioutil" "os" @@ -23,7 +24,6 @@ import ( "github.com/containers/podman/v4/pkg/specgenutil" "github.com/containers/podman/v4/pkg/util" "github.com/docker/docker/pkg/parsers" - "github.com/pkg/errors" "github.com/sirupsen/logrus" "github.com/spf13/cobra" "github.com/spf13/pflag" @@ -127,7 +127,7 @@ func create(cmd *cobra.Command, args []string) error { labels = infraOptions.Label createOptions.Labels, err = parse.GetAllLabels(labelFile, labels) if err != nil { - return errors.Wrapf(err, "unable to process labels") + return fmt.Errorf("unable to process labels: %w", err) } if cmd.Flag("infra-image").Changed { @@ -165,7 +165,7 @@ func create(cmd *cobra.Command, args []string) error { return err } if strings.Contains(share, "cgroup") && shareParent { - return errors.Wrapf(define.ErrInvalidArg, "cannot define the pod as the cgroup parent at the same time as joining the infra container's cgroupNS") + return fmt.Errorf("cannot define the pod as the cgroup parent at the same time as joining the infra container's cgroupNS: %w", define.ErrInvalidArg) } if strings.HasPrefix(share, "+") { @@ -193,10 +193,10 @@ func create(cmd *cobra.Command, args []string) error { if cmd.Flag("pod-id-file").Changed { podIDFD, err = util.OpenExclusiveFile(podIDFile) if err != nil && os.IsExist(err) { - return errors.Errorf("pod id file exists. Ensure another pod is not using it or delete %s", podIDFile) + return fmt.Errorf("pod id file exists. Ensure another pod is not using it or delete %s", podIDFile) } if err != nil { - return errors.Errorf("opening pod-id-file %s", podIDFile) + return fmt.Errorf("opening pod-id-file %s", podIDFile) } defer errorhandling.CloseQuiet(podIDFD) defer errorhandling.SyncQuiet(podIDFD) @@ -204,7 +204,7 @@ func create(cmd *cobra.Command, args []string) error { if len(createOptions.Net.PublishPorts) > 0 { if !createOptions.Infra { - return errors.Errorf("you must have an infra container to publish port bindings to the host") + return fmt.Errorf("you must have an infra container to publish port bindings to the host") } } @@ -231,7 +231,7 @@ func create(cmd *cobra.Command, args []string) error { ret, err := parsers.ParseUintList(copy) copy = "" if err != nil { - return errors.Wrapf(err, "could not parse list") + return fmt.Errorf("could not parse list: %w", err) } var vals []int for ind, val := range ret { @@ -301,7 +301,7 @@ func create(cmd *cobra.Command, args []string) error { if len(podIDFile) > 0 { if err = ioutil.WriteFile(podIDFile, []byte(response.Id), 0644); err != nil { - return errors.Wrapf(err, "failed to write pod ID to file") + return fmt.Errorf("failed to write pod ID to file: %w", err) } } fmt.Println(response.Id) diff --git a/cmd/podman/pods/inspect.go b/cmd/podman/pods/inspect.go index bb30fe6e6..082e8d9a1 100644 --- a/cmd/podman/pods/inspect.go +++ b/cmd/podman/pods/inspect.go @@ -2,6 +2,7 @@ package pods import ( "context" + "errors" "os" "text/template" @@ -10,7 +11,6 @@ import ( "github.com/containers/podman/v4/cmd/podman/registry" "github.com/containers/podman/v4/cmd/podman/validate" "github.com/containers/podman/v4/pkg/domain/entities" - "github.com/pkg/errors" "github.com/spf13/cobra" ) @@ -49,10 +49,10 @@ func init() { func inspect(cmd *cobra.Command, args []string) error { if len(args) < 1 && !inspectOptions.Latest { - return errors.Errorf("you must provide the name or id of a running pod") + return errors.New("you must provide the name or id of a running pod") } if len(args) > 0 && inspectOptions.Latest { - return errors.Errorf("--latest and containers cannot be used together") + return errors.New("--latest and containers cannot be used together") } if !inspectOptions.Latest { diff --git a/cmd/podman/pods/logs.go b/cmd/podman/pods/logs.go index 28e7b7a43..0102d4b71 100644 --- a/cmd/podman/pods/logs.go +++ b/cmd/podman/pods/logs.go @@ -1,6 +1,8 @@ package pods import ( + "errors" + "fmt" "os" "github.com/containers/common/pkg/completion" @@ -10,7 +12,6 @@ import ( "github.com/containers/podman/v4/libpod/define" "github.com/containers/podman/v4/pkg/domain/entities" "github.com/containers/podman/v4/pkg/util" - "github.com/pkg/errors" "github.com/spf13/cobra" ) @@ -100,7 +101,7 @@ func logs(_ *cobra.Command, args []string) error { // parse time, error out if something is wrong since, err := util.ParseInputTime(logsPodOptions.SinceRaw, true) if err != nil { - return errors.Wrapf(err, "error parsing --since %q", logsPodOptions.SinceRaw) + return fmt.Errorf("error parsing --since %q: %w", logsPodOptions.SinceRaw, err) } logsPodOptions.Since = since } @@ -108,14 +109,14 @@ func logs(_ *cobra.Command, args []string) error { // parse time, error out if something is wrong until, err := util.ParseInputTime(logsPodOptions.UntilRaw, false) if err != nil { - return errors.Wrapf(err, "error parsing --until %q", logsPodOptions.UntilRaw) + return fmt.Errorf("error parsing --until %q: %w", logsPodOptions.UntilRaw, err) } logsPodOptions.Until = until } // Remote can only process one container at a time if registry.IsRemote() && logsPodOptions.ContainerName == "" { - return errors.Wrapf(define.ErrInvalidArg, "-c or --container cannot be empty") + return fmt.Errorf("-c or --container cannot be empty: %w", define.ErrInvalidArg) } logsPodOptions.StdoutWriter = os.Stdout diff --git a/cmd/podman/pods/ps.go b/cmd/podman/pods/ps.go index c98b4ef4e..681c9c42e 100644 --- a/cmd/podman/pods/ps.go +++ b/cmd/podman/pods/ps.go @@ -2,6 +2,7 @@ package pods import ( "context" + "errors" "fmt" "os" "sort" @@ -15,7 +16,6 @@ import ( "github.com/containers/podman/v4/cmd/podman/validate" "github.com/containers/podman/v4/pkg/domain/entities" "github.com/docker/go-units" - "github.com/pkg/errors" "github.com/spf13/cobra" ) @@ -80,7 +80,7 @@ func pods(cmd *cobra.Command, _ []string) error { for _, f := range inputFilters { split := strings.SplitN(f, "=", 2) if len(split) < 2 { - return errors.Errorf("filter input must be in the form of filter=value: %s is invalid", f) + return fmt.Errorf("filter input must be in the form of filter=value: %s is invalid", f) } psInput.Filters[split[0]] = append(psInput.Filters[split[0]], split[1]) } @@ -276,7 +276,7 @@ func sortPodPsOutput(sortBy string, lprs []*entities.ListPodsReport) error { case "status": sort.Sort(podPsSortedStatus{lprs}) default: - return errors.Errorf("invalid option for --sort, options are: id, names, or number") + return errors.New("invalid option for --sort, options are: id, names, or number") } return nil } diff --git a/cmd/podman/pods/rm.go b/cmd/podman/pods/rm.go index 16b7191c9..2ffd968f9 100644 --- a/cmd/podman/pods/rm.go +++ b/cmd/podman/pods/rm.go @@ -2,6 +2,7 @@ package pods import ( "context" + "errors" "fmt" "strings" @@ -13,7 +14,6 @@ import ( "github.com/containers/podman/v4/libpod/define" "github.com/containers/podman/v4/pkg/domain/entities" "github.com/containers/podman/v4/pkg/specgenutil" - "github.com/pkg/errors" "github.com/spf13/cobra" ) @@ -112,11 +112,7 @@ func removePods(namesOrIDs []string, rmOptions entities.PodRmOptions, printIDs b } func setExitCode(err error) { - cause := errors.Cause(err) - switch { - case cause == define.ErrNoSuchPod: - registry.SetExitCode(1) - case strings.Contains(cause.Error(), define.ErrNoSuchPod.Error()): + if errors.Is(err, define.ErrNoSuchPod) || strings.Contains(err.Error(), define.ErrNoSuchPod.Error()) { registry.SetExitCode(1) } } diff --git a/cmd/podman/pods/top.go b/cmd/podman/pods/top.go index 4e9c7a3ee..34f3d1c33 100644 --- a/cmd/podman/pods/top.go +++ b/cmd/podman/pods/top.go @@ -2,6 +2,7 @@ package pods import ( "context" + "errors" "fmt" "os" "strings" @@ -12,7 +13,6 @@ import ( "github.com/containers/podman/v4/cmd/podman/validate" "github.com/containers/podman/v4/pkg/domain/entities" "github.com/containers/podman/v4/pkg/util" - "github.com/pkg/errors" "github.com/spf13/cobra" ) @@ -67,7 +67,7 @@ func top(_ *cobra.Command, args []string) error { } if len(args) < 1 && !topOptions.Latest { - return errors.Errorf("you must provide the name or id of a running pod") + return errors.New("you must provide the name or id of a running pod") } if topOptions.Latest { diff --git a/cmd/podman/registry/config.go b/cmd/podman/registry/config.go index e06de034d..cae618b44 100644 --- a/cmd/podman/registry/config.go +++ b/cmd/podman/registry/config.go @@ -11,7 +11,6 @@ import ( "github.com/containers/podman/v4/pkg/domain/entities" "github.com/containers/podman/v4/pkg/rootless" "github.com/containers/podman/v4/pkg/util" - "github.com/pkg/errors" ) const ( @@ -99,7 +98,7 @@ func setXdgDirs() error { return err } if err := os.Setenv("XDG_RUNTIME_DIR", dir); err != nil { - return errors.Wrapf(err, "cannot set XDG_RUNTIME_DIR="+dir) + return fmt.Errorf("cannot set XDG_RUNTIME_DIR=%s: %w", dir, err) } } @@ -117,7 +116,7 @@ func setXdgDirs() error { return err } if err := os.Setenv("XDG_CONFIG_HOME", cfgHomeDir); err != nil { - return errors.Wrapf(err, "cannot set XDG_CONFIG_HOME="+cfgHomeDir) + return fmt.Errorf("cannot set XDG_CONFIG_HOME=%s: %w", cfgHomeDir, err) } } return nil diff --git a/cmd/podman/root.go b/cmd/podman/root.go index 1892ff9f7..f28d92e2f 100644 --- a/cmd/podman/root.go +++ b/cmd/podman/root.go @@ -1,6 +1,7 @@ package main import ( + "errors" "fmt" "os" "path/filepath" @@ -20,7 +21,6 @@ import ( "github.com/containers/podman/v4/pkg/parallel" "github.com/containers/podman/v4/pkg/rootless" "github.com/containers/podman/v4/version" - "github.com/pkg/errors" "github.com/sirupsen/logrus" "github.com/spf13/cobra" "github.com/spf13/pflag" @@ -137,22 +137,20 @@ func persistentPreRunE(cmd *cobra.Command, args []string) error { if cmd.Flag("import").Changed { runtime, err := crutils.CRGetRuntimeFromArchive(cmd.Flag("import").Value.String()) if err != nil { - return errors.Wrapf( - err, - "failed extracting runtime information from %s", - cmd.Flag("import").Value.String(), + return fmt.Errorf( + "failed extracting runtime information from %s: %w", + cmd.Flag("import").Value.String(), err, ) } - if cfg.RuntimePath == "" { + + runtimeFlag := cmd.Root().Flag("runtime") + if runtimeFlag == nil { + return errors.New("failed to load --runtime flag") + } + + if !runtimeFlag.Changed { // If the user did not select a runtime, this takes the one from // the checkpoint archives and tells Podman to use it for the restore. - runtimeFlag := cmd.Root().Flags().Lookup("runtime") - if runtimeFlag == nil { - return errors.Errorf( - "setting runtime to '%s' for restore", - *runtime, - ) - } if err := runtimeFlag.Value.Set(*runtime); err != nil { return err } @@ -161,7 +159,7 @@ func persistentPreRunE(cmd *cobra.Command, args []string) error { } else if cfg.RuntimePath != *runtime { // If the user selected a runtime on the command-line this checks if // it is the same then during checkpointing and errors out if not. - return errors.Errorf( + return fmt.Errorf( "checkpoint archive %s was created with runtime '%s' and cannot be restored with runtime '%s'", cmd.Flag("import").Value.String(), *runtime, @@ -179,15 +177,15 @@ func persistentPreRunE(cmd *cobra.Command, args []string) error { var err error cfg.URI, cfg.Identity, err = cfg.ActiveDestination() if err != nil { - return errors.Wrap(err, "failed to resolve active destination") + return fmt.Errorf("failed to resolve active destination: %w", err) } if err := cmd.Root().LocalFlags().Set("url", cfg.URI); err != nil { - return errors.Wrap(err, "failed to override --url flag") + return fmt.Errorf("failed to override --url flag: %w", err) } if err := cmd.Root().LocalFlags().Set("identity", cfg.Identity); err != nil { - return errors.Wrap(err, "failed to override --identity flag") + return fmt.Errorf("failed to override --identity flag: %w", err) } } @@ -256,7 +254,7 @@ func persistentPreRunE(cmd *cobra.Command, args []string) error { } if cfg.MaxWorks <= 0 { - return errors.Errorf("maximum workers must be set to a positive number (got %d)", cfg.MaxWorks) + return fmt.Errorf("maximum workers must be set to a positive number (got %d)", cfg.MaxWorks) } if err := parallel.SetMaxThreads(uint(cfg.MaxWorks)); err != nil { return err @@ -298,12 +296,12 @@ func persistentPostRunE(cmd *cobra.Command, args []string) error { if cmd.Flag("memory-profile").Changed { f, err := os.Create(registry.PodmanConfig().MemoryProfile) if err != nil { - return errors.Wrap(err, "creating memory profile") + return fmt.Errorf("creating memory profile: %w", err) } defer f.Close() runtime.GC() // get up-to-date GC statistics if err := pprof.WriteHeapProfile(f); err != nil { - return errors.Wrap(err, "writing memory profile") + return fmt.Errorf("writing memory profile: %w", err) } } @@ -482,7 +480,7 @@ func resolveDestination() (string, string, string) { cfg, err := config.ReadCustomConfig() if err != nil { - logrus.Warning(errors.Wrap(err, "unable to read local containers.conf")) + logrus.Warning(fmt.Errorf("unable to read local containers.conf: %w", err)) return "", registry.DefaultAPIAddress(), "" } @@ -495,7 +493,7 @@ func resolveDestination() (string, string, string) { func formatError(err error) string { var message string - if errors.Cause(err) == define.ErrOCIRuntime { + if errors.Is(err, define.ErrOCIRuntime) { // OCIRuntimeErrors include the reason for the failure in the // second to last message in the error chain. message = fmt.Sprintf( diff --git a/cmd/podman/root_test.go b/cmd/podman/root_test.go index 0a73afdc4..98a3de79d 100644 --- a/cmd/podman/root_test.go +++ b/cmd/podman/root_test.go @@ -1,12 +1,12 @@ package main import ( + "errors" "fmt" "strings" "testing" "github.com/containers/podman/v4/libpod/define" - "github.com/pkg/errors" ) func TestFormatError(t *testing.T) { @@ -22,7 +22,7 @@ func TestFormatError(t *testing.T) { func TestFormatOCIError(t *testing.T) { expectedPrefix := "Error: " expectedSuffix := "OCI runtime output" - err := errors.Wrap(define.ErrOCIRuntime, expectedSuffix) + err := fmt.Errorf("%s: %w", expectedSuffix, define.ErrOCIRuntime) output := formatError(err) if !strings.HasPrefix(output, expectedPrefix) { diff --git a/cmd/podman/secrets/create.go b/cmd/podman/secrets/create.go index 01ee3d256..8ecfecf69 100644 --- a/cmd/podman/secrets/create.go +++ b/cmd/podman/secrets/create.go @@ -2,6 +2,7 @@ package secrets import ( "context" + "errors" "fmt" "io" "os" @@ -11,7 +12,6 @@ import ( "github.com/containers/podman/v4/cmd/podman/common" "github.com/containers/podman/v4/cmd/podman/registry" "github.com/containers/podman/v4/pkg/domain/entities" - "github.com/pkg/errors" "github.com/spf13/cobra" ) @@ -66,7 +66,7 @@ func create(cmd *cobra.Command, args []string) error { case env: envValue := os.Getenv(path) if envValue == "" { - return errors.Errorf("cannot create store secret data: environment variable %s is not set", path) + return fmt.Errorf("cannot create store secret data: environment variable %s is not set", path) } reader = strings.NewReader(envValue) case path == "-" || path == "/dev/stdin": diff --git a/cmd/podman/secrets/inspect.go b/cmd/podman/secrets/inspect.go index 473d5620c..1fcc676b4 100644 --- a/cmd/podman/secrets/inspect.go +++ b/cmd/podman/secrets/inspect.go @@ -10,7 +10,6 @@ import ( "github.com/containers/podman/v4/cmd/podman/common" "github.com/containers/podman/v4/cmd/podman/registry" "github.com/containers/podman/v4/pkg/domain/entities" - "github.com/pkg/errors" "github.com/spf13/cobra" ) @@ -78,7 +77,7 @@ func inspect(cmd *cobra.Command, args []string) error { fmt.Fprintf(os.Stderr, "error inspecting secret: %v\n", err) } } - return errors.Errorf("inspecting secret: %v", errs[0]) + return fmt.Errorf("inspecting secret: %w", errs[0]) } return nil } diff --git a/cmd/podman/secrets/list.go b/cmd/podman/secrets/list.go index 558a16ccf..8b1956eab 100644 --- a/cmd/podman/secrets/list.go +++ b/cmd/podman/secrets/list.go @@ -2,6 +2,7 @@ package secrets import ( "context" + "fmt" "os" "time" @@ -13,7 +14,6 @@ import ( "github.com/containers/podman/v4/cmd/podman/validate" "github.com/containers/podman/v4/pkg/domain/entities" "github.com/docker/go-units" - "github.com/pkg/errors" "github.com/spf13/cobra" ) @@ -108,7 +108,7 @@ func outputTemplate(cmd *cobra.Command, responses []*entities.SecretListReport) if !listFlag.noHeading { if err := tmpl.Execute(w, headers); err != nil { - return errors.Wrapf(err, "failed to write report column headers") + return fmt.Errorf("failed to write report column headers: %w", err) } } return tmpl.Execute(w, responses) diff --git a/cmd/podman/system/connection/add.go b/cmd/podman/system/connection/add.go index d77a39bcc..191603718 100644 --- a/cmd/podman/system/connection/add.go +++ b/cmd/podman/system/connection/add.go @@ -2,25 +2,22 @@ package connection import ( "encoding/json" + "errors" "fmt" "net" "net/url" "os" - "os/user" "regexp" - "time" "github.com/containers/common/pkg/completion" "github.com/containers/common/pkg/config" "github.com/containers/podman/v4/cmd/podman/registry" "github.com/containers/podman/v4/cmd/podman/system" "github.com/containers/podman/v4/libpod/define" - "github.com/containers/podman/v4/pkg/terminal" - "github.com/pkg/errors" + "github.com/containers/podman/v4/pkg/domain/utils" "github.com/sirupsen/logrus" "github.com/spf13/cobra" "golang.org/x/crypto/ssh" - "golang.org/x/crypto/ssh/agent" ) var ( @@ -79,7 +76,7 @@ func add(cmd *cobra.Command, args []string) error { // Default to ssh schema if none given dest := args[1] if match, err := regexp.Match("^[A-Za-z][A-Za-z0-9+.-]*://", []byte(dest)); err != nil { - return errors.Wrapf(err, "invalid destination") + return fmt.Errorf("invalid destination: %w", err) } else if !match { dest = "ssh://" + dest } @@ -95,7 +92,7 @@ func add(cmd *cobra.Command, args []string) error { switch uri.Scheme { case "ssh": if uri.User.Username() == "" { - if uri.User, err = GetUserInfo(uri); err != nil { + if uri.User, err = utils.GetUserInfo(uri); err != nil { return err } } @@ -180,44 +177,20 @@ func add(cmd *cobra.Command, args []string) error { return cfg.Write() } -func GetUserInfo(uri *url.URL) (*url.Userinfo, error) { - var ( - usr *user.User - err error - ) - if u, found := os.LookupEnv("_CONTAINERS_ROOTLESS_UID"); found { - usr, err = user.LookupId(u) - if err != nil { - return nil, errors.Wrapf(err, "failed to look up rootless user") - } - } else { - usr, err = user.Current() - if err != nil { - return nil, errors.Wrapf(err, "failed to obtain current user") - } - } - - pw, set := uri.User.Password() - if set { - return url.UserPassword(usr.Username, pw), nil - } - return url.User(usr.Username), nil -} - func getUDS(uri *url.URL, iden string) (string, error) { - cfg, err := ValidateAndConfigure(uri, iden) + cfg, err := utils.ValidateAndConfigure(uri, iden) if err != nil { - return "", errors.Wrapf(err, "failed to validate") + return "", fmt.Errorf("failed to validate: %w", err) } dial, err := ssh.Dial("tcp", uri.Host, cfg) if err != nil { - return "", errors.Wrapf(err, "failed to connect") + return "", fmt.Errorf("failed to connect: %w", err) } defer dial.Close() session, err := dial.NewSession() if err != nil { - return "", errors.Wrapf(err, "failed to create new ssh session on %q", uri.Host) + return "", fmt.Errorf("failed to create new ssh session on %q: %w", uri.Host, err) } defer session.Close() @@ -226,94 +199,18 @@ func getUDS(uri *url.URL, iden string) (string, error) { if v, found := os.LookupEnv("PODMAN_BINARY"); found { podman = v } - infoJSON, err := ExecRemoteCommand(dial, podman+" info --format=json") + infoJSON, err := utils.ExecRemoteCommand(dial, podman+" info --format=json") if err != nil { return "", err } var info define.Info if err := json.Unmarshal(infoJSON, &info); err != nil { - return "", errors.Wrapf(err, "failed to parse 'podman info' results") + return "", fmt.Errorf("failed to parse 'podman info' results: %w", err) } if info.Host.RemoteSocket == nil || len(info.Host.RemoteSocket.Path) == 0 { - return "", errors.Errorf("remote podman %q failed to report its UDS socket", uri.Host) + return "", fmt.Errorf("remote podman %q failed to report its UDS socket", uri.Host) } return info.Host.RemoteSocket.Path, nil } - -// ValidateAndConfigure will take a ssh url and an identity key (rsa and the like) and ensure the information given is valid -// iden iden can be blank to mean no identity key -// once the function validates the information it creates and returns an ssh.ClientConfig. -func ValidateAndConfigure(uri *url.URL, iden string) (*ssh.ClientConfig, error) { - var signers []ssh.Signer - passwd, passwdSet := uri.User.Password() - if iden != "" { // iden might be blank if coming from image scp or if no validation is needed - value := iden - s, err := terminal.PublicKey(value, []byte(passwd)) - if err != nil { - return nil, errors.Wrapf(err, "failed to read identity %q", value) - } - signers = append(signers, s) - logrus.Debugf("SSH Ident Key %q %s %s", value, ssh.FingerprintSHA256(s.PublicKey()), s.PublicKey().Type()) - } - if sock, found := os.LookupEnv("SSH_AUTH_SOCK"); found { // validate ssh information, specifically the unix file socket used by the ssh agent. - logrus.Debugf("Found SSH_AUTH_SOCK %q, ssh-agent signer enabled", sock) - - c, err := net.Dial("unix", sock) - if err != nil { - return nil, err - } - agentSigners, err := agent.NewClient(c).Signers() - if err != nil { - return nil, err - } - - signers = append(signers, agentSigners...) - - if logrus.IsLevelEnabled(logrus.DebugLevel) { - for _, s := range agentSigners { - logrus.Debugf("SSH Agent Key %s %s", ssh.FingerprintSHA256(s.PublicKey()), s.PublicKey().Type()) - } - } - } - var authMethods []ssh.AuthMethod // now we validate and check for the authorization methods, most notaibly public key authorization - if len(signers) > 0 { - var dedup = make(map[string]ssh.Signer) - for _, s := range signers { - fp := ssh.FingerprintSHA256(s.PublicKey()) - if _, found := dedup[fp]; found { - logrus.Debugf("Dedup SSH Key %s %s", ssh.FingerprintSHA256(s.PublicKey()), s.PublicKey().Type()) - } - dedup[fp] = s - } - - var uniq []ssh.Signer - for _, s := range dedup { - uniq = append(uniq, s) - } - authMethods = append(authMethods, ssh.PublicKeysCallback(func() ([]ssh.Signer, error) { - return uniq, nil - })) - } - if passwdSet { // if password authentication is given and valid, add to the list - authMethods = append(authMethods, ssh.Password(passwd)) - } - if len(authMethods) == 0 { - authMethods = append(authMethods, ssh.PasswordCallback(func() (string, error) { - pass, err := terminal.ReadPassword(fmt.Sprintf("%s's login password:", uri.User.Username())) - return string(pass), err - })) - } - tick, err := time.ParseDuration("40s") - if err != nil { - return nil, err - } - cfg := &ssh.ClientConfig{ - User: uri.User.Username(), - Auth: authMethods, - HostKeyCallback: ssh.InsecureIgnoreHostKey(), - Timeout: tick, - } - return cfg, nil -} diff --git a/cmd/podman/system/connection/remove.go b/cmd/podman/system/connection/remove.go index 463eae9fa..29bf98c43 100644 --- a/cmd/podman/system/connection/remove.go +++ b/cmd/podman/system/connection/remove.go @@ -1,11 +1,12 @@ package connection import ( + "errors" + "github.com/containers/common/pkg/config" "github.com/containers/podman/v4/cmd/podman/common" "github.com/containers/podman/v4/cmd/podman/registry" "github.com/containers/podman/v4/cmd/podman/system" - "github.com/pkg/errors" "github.com/spf13/cobra" ) diff --git a/cmd/podman/system/connection/shared.go b/cmd/podman/system/connection/shared.go deleted file mode 100644 index 714ae827d..000000000 --- a/cmd/podman/system/connection/shared.go +++ /dev/null @@ -1,27 +0,0 @@ -package connection - -import ( - "bytes" - - "github.com/pkg/errors" - "golang.org/x/crypto/ssh" -) - -// ExecRemoteCommand takes a ssh client connection and a command to run and executes the -// command on the specified client. The function returns the Stdout from the client or the Stderr -func ExecRemoteCommand(dial *ssh.Client, run string) ([]byte, error) { - sess, err := dial.NewSession() // new ssh client session - if err != nil { - return nil, err - } - defer sess.Close() - - var buffer bytes.Buffer - var bufferErr bytes.Buffer - sess.Stdout = &buffer // output from client funneled into buffer - sess.Stderr = &bufferErr // err form client funneled into buffer - if err := sess.Run(run); err != nil { // run the command on the ssh client - return nil, errors.Wrapf(err, bufferErr.String()) - } - return buffer.Bytes(), nil -} diff --git a/cmd/podman/system/dial_stdio.go b/cmd/podman/system/dial_stdio.go index 8b665bedc..42ce65746 100644 --- a/cmd/podman/system/dial_stdio.go +++ b/cmd/podman/system/dial_stdio.go @@ -2,13 +2,15 @@ package system import ( "context" + "fmt" "io" "os" + "errors" + "github.com/containers/podman/v4/cmd/podman/registry" "github.com/containers/podman/v4/cmd/podman/validate" "github.com/containers/podman/v4/pkg/bindings" - "github.com/pkg/errors" "github.com/sirupsen/logrus" "github.com/spf13/cobra" ) @@ -40,15 +42,15 @@ func runDialStdio() error { defer cancel() bindCtx, err := bindings.NewConnection(ctx, cfg.URI) if err != nil { - return errors.Wrap(err, "failed to open connection to podman") + return fmt.Errorf("failed to open connection to podman: %w", err) } conn, err := bindings.GetClient(bindCtx) if err != nil { - return errors.Wrap(err, "failed to get connection after initialization") + return fmt.Errorf("failed to get connection after initialization: %w", err) } netConn, err := conn.GetDialer(bindCtx) if err != nil { - return errors.Wrap(err, "failed to open the raw stream connection") + return fmt.Errorf("failed to open the raw stream connection: %w", err) } defer netConn.Close() @@ -95,7 +97,7 @@ func copier(to halfWriteCloser, from halfReadCloser, debugDescription string) er } }() if _, err := io.Copy(to, from); err != nil { - return errors.Wrapf(err, "error while Copy (%s)", debugDescription) + return fmt.Errorf("error while Copy (%s): %w", debugDescription, err) } return nil } diff --git a/cmd/podman/system/service_abi.go b/cmd/podman/system/service_abi.go index 7cb1b8084..6823d77ba 100644 --- a/cmd/podman/system/service_abi.go +++ b/cmd/podman/system/service_abi.go @@ -4,24 +4,46 @@ package system import ( + "errors" "fmt" "net" "net/url" "os" "path/filepath" + "github.com/containers/common/pkg/cgroups" "github.com/containers/podman/v4/cmd/podman/registry" api "github.com/containers/podman/v4/pkg/api/server" "github.com/containers/podman/v4/pkg/domain/entities" "github.com/containers/podman/v4/pkg/domain/infra" "github.com/containers/podman/v4/pkg/servicereaper" + "github.com/containers/podman/v4/utils" "github.com/coreos/go-systemd/v22/activation" - "github.com/pkg/errors" "github.com/sirupsen/logrus" "github.com/spf13/pflag" "golang.org/x/sys/unix" ) +// maybeMoveToSubCgroup moves the current process in a sub cgroup when +// it is running in the root cgroup on a system that uses cgroupv2. +func maybeMoveToSubCgroup() error { + unifiedMode, err := cgroups.IsCgroup2UnifiedMode() + if err != nil { + return err + } + if !unifiedMode { + return nil + } + cgroup, err := utils.GetOwnCgroup() + if err != nil { + return err + } + if cgroup == "/" { + return utils.MoveUnderCgroupSubtree("init") + } + return nil +} + func restService(flags *pflag.FlagSet, cfg *entities.PodmanConfig, opts entities.ServiceOptions) error { var ( listener net.Listener @@ -48,13 +70,13 @@ func restService(flags *pflag.FlagSet, cfg *entities.PodmanConfig, opts entities listener = listeners[0] // note that activation.Listeners() returns nil when it cannot listen on the fd (i.e. udp connection) if listener == nil { - return fmt.Errorf("unexpected fd received from systemd: cannot listen on it") + return errors.New("unexpected fd received from systemd: cannot listen on it") } libpodRuntime.SetRemoteURI(listeners[0].Addr().String()) } else { uri, err := url.Parse(opts.URI) if err != nil { - return errors.Errorf("%s is an invalid socket destination", opts.URI) + return fmt.Errorf("%s is an invalid socket destination", opts.URI) } switch uri.Scheme { @@ -74,7 +96,7 @@ func restService(flags *pflag.FlagSet, cfg *entities.PodmanConfig, opts entities } else { listener, err = net.Listen(uri.Scheme, path) if err != nil { - return errors.Wrapf(err, "unable to create socket") + return fmt.Errorf("unable to create socket: %w", err) } } case "tcp": @@ -85,7 +107,7 @@ func restService(flags *pflag.FlagSet, cfg *entities.PodmanConfig, opts entities } listener, err = net.Listen(uri.Scheme, host) if err != nil { - return errors.Wrapf(err, "unable to create socket %v", host) + return fmt.Errorf("unable to create socket %v: %w", host, err) } default: logrus.Debugf("Attempting API Service endpoint scheme %q", uri.Scheme) @@ -103,6 +125,10 @@ func restService(flags *pflag.FlagSet, cfg *entities.PodmanConfig, opts entities return err } + if err := maybeMoveToSubCgroup(); err != nil { + return err + } + servicereaper.Start() infra.StartWatcher(libpodRuntime) server, err := api.NewServerWithSettings(libpodRuntime, listener, opts) diff --git a/cmd/podman/system/unshare.go b/cmd/podman/system/unshare.go index 1ed08eac3..6d9c33b64 100644 --- a/cmd/podman/system/unshare.go +++ b/cmd/podman/system/unshare.go @@ -1,6 +1,7 @@ package system import ( + "errors" "os" "github.com/containers/common/pkg/completion" @@ -8,7 +9,6 @@ import ( "github.com/containers/podman/v4/cmd/podman/utils" "github.com/containers/podman/v4/pkg/domain/entities" "github.com/containers/podman/v4/pkg/rootless" - "github.com/pkg/errors" "github.com/spf13/cobra" "github.com/spf13/pflag" ) @@ -47,14 +47,14 @@ func init() { func unshare(cmd *cobra.Command, args []string) error { if isRootless := rootless.IsRootless(); !isRootless { - return errors.Errorf("please use unshare with rootless") + return errors.New("please use unshare with rootless") } // exec the specified command, if there is one if len(args) < 1 { // try to exec the shell, if one's set shell, shellSet := os.LookupEnv("SHELL") if !shellSet { - return errors.Errorf("no command specified and no $SHELL specified") + return errors.New("no command specified and no $SHELL specified") } args = []string{shell} } diff --git a/cmd/podman/validate/args.go b/cmd/podman/validate/args.go index ae405e0e5..39eedca64 100644 --- a/cmd/podman/validate/args.go +++ b/cmd/podman/validate/args.go @@ -1,12 +1,12 @@ package validate import ( + "errors" "fmt" "strconv" "strings" "github.com/containers/podman/v4/cmd/podman/registry" - "github.com/pkg/errors" "github.com/spf13/cobra" ) @@ -23,12 +23,12 @@ func SubCommandExists(cmd *cobra.Command, args []string) error { if len(args) > 0 { suggestions := cmd.SuggestionsFor(args[0]) if len(suggestions) == 0 { - return errors.Errorf("unrecognized command `%[1]s %[2]s`\nTry '%[1]s --help' for more information", cmd.CommandPath(), args[0]) + return fmt.Errorf("unrecognized command `%[1]s %[2]s`\nTry '%[1]s --help' for more information", cmd.CommandPath(), args[0]) } - return errors.Errorf("unrecognized command `%[1]s %[2]s`\n\nDid you mean this?\n\t%[3]s\n\nTry '%[1]s --help' for more information", cmd.CommandPath(), args[0], strings.Join(suggestions, "\n\t")) + return fmt.Errorf("unrecognized command `%[1]s %[2]s`\n\nDid you mean this?\n\t%[3]s\n\nTry '%[1]s --help' for more information", cmd.CommandPath(), args[0], strings.Join(suggestions, "\n\t")) } cmd.Help() //nolint: errcheck - return errors.Errorf("missing command '%[1]s COMMAND'", cmd.CommandPath()) + return fmt.Errorf("missing command '%[1]s COMMAND'", cmd.CommandPath()) } // IDOrLatestArgs used to validate a nameOrId was provided or the "--latest" flag @@ -44,7 +44,7 @@ func IDOrLatestArgs(cmd *cobra.Command, args []string) error { return fmt.Errorf("%q requires a name, id, or the \"--latest\" flag", cmd.CommandPath()) } if len(args) > 0 && given { - return fmt.Errorf("--latest and containers cannot be used together") + return errors.New("--latest and containers cannot be used together") } } return nil @@ -75,7 +75,7 @@ func CheckAllLatestAndIDFile(c *cobra.Command, args []string, ignoreArgLen bool, if idFileFlag == "" { return errors.New("unable to look up values for 'latest' or 'all'") } else if c.Flags().Lookup(idFileFlag) == nil { - return errors.Errorf("unable to look up values for 'latest', 'all', or '%s'", idFileFlag) + return fmt.Errorf("unable to look up values for 'latest', 'all', or '%s'", idFileFlag) } } } @@ -87,13 +87,13 @@ func CheckAllLatestAndIDFile(c *cobra.Command, args []string, ignoreArgLen bool, } if specifiedIDFile && (specifiedAll || specifiedLatest) { - return errors.Errorf("--all, --latest, and --%s cannot be used together", idFileFlag) + return fmt.Errorf("--all, --latest, and --%s cannot be used together", idFileFlag) } else if specifiedAll && specifiedLatest { - return errors.Errorf("--all and --latest cannot be used together") + return errors.New("--all and --latest cannot be used together") } if (argLen > 0) && specifiedAll { - return errors.Errorf("no arguments are needed with --all") + return errors.New("no arguments are needed with --all") } if ignoreArgLen { @@ -102,9 +102,9 @@ func CheckAllLatestAndIDFile(c *cobra.Command, args []string, ignoreArgLen bool, if argLen > 0 { if specifiedLatest { - return errors.Errorf("--latest and containers cannot be used together") + return errors.New("--latest and containers cannot be used together") } else if idFileFlag != "" && (specifiedLatest || specifiedIDFile) { - return errors.Errorf("no arguments are needed with --latest or --%s", idFileFlag) + return fmt.Errorf("no arguments are needed with --latest or --%s", idFileFlag) } } @@ -113,7 +113,7 @@ func CheckAllLatestAndIDFile(c *cobra.Command, args []string, ignoreArgLen bool, } if argLen < 1 && !specifiedAll && !specifiedLatest && !specifiedIDFile { - return errors.Errorf("you must provide at least one name or id") + return errors.New("you must provide at least one name or id") } return nil } diff --git a/cmd/podman/volumes/create.go b/cmd/podman/volumes/create.go index b47ae16ce..0d19fab47 100644 --- a/cmd/podman/volumes/create.go +++ b/cmd/podman/volumes/create.go @@ -8,7 +8,6 @@ import ( "github.com/containers/podman/v4/cmd/podman/parse" "github.com/containers/podman/v4/cmd/podman/registry" "github.com/containers/podman/v4/pkg/domain/entities" - "github.com/pkg/errors" "github.com/spf13/cobra" ) @@ -65,11 +64,11 @@ func create(cmd *cobra.Command, args []string) error { } createOpts.Label, err = parse.GetAllLabels([]string{}, opts.Label) if err != nil { - return errors.Wrapf(err, "unable to process labels") + return fmt.Errorf("unable to process labels: %w", err) } createOpts.Options, err = parse.GetAllLabels([]string{}, opts.Opts) if err != nil { - return errors.Wrapf(err, "unable to process options") + return fmt.Errorf("unable to process options: %w", err) } response, err := registry.ContainerEngine().VolumeCreate(context.Background(), createOpts) if err != nil { diff --git a/cmd/podman/volumes/export.go b/cmd/podman/volumes/export.go index 113f79a0b..f9e08be87 100644 --- a/cmd/podman/volumes/export.go +++ b/cmd/podman/volumes/export.go @@ -2,6 +2,7 @@ package volumes import ( "context" + "errors" "fmt" "github.com/containers/common/pkg/completion" @@ -10,7 +11,6 @@ import ( "github.com/containers/podman/v4/pkg/domain/entities" "github.com/containers/podman/v4/pkg/errorhandling" "github.com/containers/podman/v4/utils" - "github.com/pkg/errors" "github.com/sirupsen/logrus" "github.com/spf13/cobra" ) diff --git a/cmd/podman/volumes/import.go b/cmd/podman/volumes/import.go index 76a311643..8f3c7f27e 100644 --- a/cmd/podman/volumes/import.go +++ b/cmd/podman/volumes/import.go @@ -1,6 +1,7 @@ package volumes import ( + "errors" "fmt" "os" @@ -10,7 +11,6 @@ import ( "github.com/containers/podman/v4/pkg/domain/entities" "github.com/containers/podman/v4/pkg/errorhandling" "github.com/containers/podman/v4/utils" - "github.com/pkg/errors" "github.com/spf13/cobra" ) diff --git a/cmd/podman/volumes/inspect.go b/cmd/podman/volumes/inspect.go index 7cf363f36..68ba2976a 100644 --- a/cmd/podman/volumes/inspect.go +++ b/cmd/podman/volumes/inspect.go @@ -1,12 +1,13 @@ package volumes import ( + "errors" + "github.com/containers/podman/v4/cmd/podman/common" "github.com/containers/podman/v4/cmd/podman/inspect" "github.com/containers/podman/v4/cmd/podman/registry" "github.com/containers/podman/v4/libpod/define" "github.com/containers/podman/v4/pkg/domain/entities" - "github.com/pkg/errors" "github.com/spf13/cobra" ) diff --git a/cmd/podman/volumes/list.go b/cmd/podman/volumes/list.go index c14cf08bd..06118513d 100644 --- a/cmd/podman/volumes/list.go +++ b/cmd/podman/volumes/list.go @@ -2,6 +2,7 @@ package volumes import ( "context" + "errors" "fmt" "os" @@ -12,7 +13,6 @@ import ( "github.com/containers/podman/v4/cmd/podman/registry" "github.com/containers/podman/v4/cmd/podman/validate" "github.com/containers/podman/v4/pkg/domain/entities" - "github.com/pkg/errors" "github.com/spf13/cobra" ) @@ -119,7 +119,7 @@ func outputTemplate(cmd *cobra.Command, responses []*entities.VolumeListReport) if !(noHeading || cliOpts.Quiet || cmd.Flag("format").Changed) { if err := tmpl.Execute(w, headers); err != nil { - return errors.Wrapf(err, "failed to write report column headers") + return fmt.Errorf("failed to write report column headers: %w", err) } } return tmpl.Execute(w, responses) diff --git a/cmd/podman/volumes/rm.go b/cmd/podman/volumes/rm.go index 2012b7d3a..c160b8623 100644 --- a/cmd/podman/volumes/rm.go +++ b/cmd/podman/volumes/rm.go @@ -2,6 +2,7 @@ package volumes import ( "context" + "errors" "fmt" "strings" @@ -11,7 +12,6 @@ import ( "github.com/containers/podman/v4/cmd/podman/utils" "github.com/containers/podman/v4/libpod/define" "github.com/containers/podman/v4/pkg/domain/entities" - "github.com/pkg/errors" "github.com/spf13/cobra" ) @@ -80,15 +80,9 @@ func rm(cmd *cobra.Command, args []string) error { } func setExitCode(err error) { - cause := errors.Cause(err) - switch { - case cause == define.ErrNoSuchVolume: + if errors.Is(err, define.ErrNoSuchVolume) || strings.Contains(err.Error(), define.ErrNoSuchVolume.Error()) { registry.SetExitCode(1) - case strings.Contains(cause.Error(), define.ErrNoSuchVolume.Error()): - registry.SetExitCode(1) - case cause == define.ErrVolumeBeingUsed: - registry.SetExitCode(2) - case strings.Contains(cause.Error(), define.ErrVolumeBeingUsed.Error()): + } else if errors.Is(err, define.ErrVolumeBeingUsed) || strings.Contains(err.Error(), define.ErrVolumeBeingUsed.Error()) { registry.SetExitCode(2) } } diff --git a/cmd/rootlessport/main.go b/cmd/rootlessport/main.go index f01b9e4a6..5410cd14a 100644 --- a/cmd/rootlessport/main.go +++ b/cmd/rootlessport/main.go @@ -6,6 +6,7 @@ package main import ( "context" "encoding/json" + "errors" "fmt" "io" "io/ioutil" @@ -18,7 +19,6 @@ import ( "github.com/containernetworking/plugins/pkg/ns" "github.com/containers/common/libnetwork/types" "github.com/containers/podman/v4/pkg/rootlessport" - "github.com/pkg/errors" rkport "github.com/rootless-containers/rootlesskit/pkg/port" rkbuiltin "github.com/rootless-containers/rootlesskit/pkg/port/builtin" rkportutil "github.com/rootless-containers/rootlesskit/pkg/port/portutil" @@ -269,16 +269,16 @@ func handler(ctx context.Context, conn io.Reader, pm rkport.Manager) error { dec := json.NewDecoder(conn) err := dec.Decode(&childIP) if err != nil { - return errors.Wrap(err, "rootless port failed to decode ports") + return fmt.Errorf("rootless port failed to decode ports: %w", err) } portStatus, err := pm.ListPorts(ctx) if err != nil { - return errors.Wrap(err, "rootless port failed to list ports") + return fmt.Errorf("rootless port failed to list ports: %w", err) } for _, status := range portStatus { err = pm.RemovePort(ctx, status.ID) if err != nil { - return errors.Wrap(err, "rootless port failed to remove port") + return fmt.Errorf("rootless port failed to remove port: %w", err) } } // add the ports with the new child IP @@ -287,7 +287,7 @@ func handler(ctx context.Context, conn io.Reader, pm rkport.Manager) error { status.Spec.ChildIP = childIP _, err = pm.AddPort(ctx, status.Spec) if err != nil { - return errors.Wrap(err, "rootless port failed to add port") + return fmt.Errorf("rootless port failed to add port: %w", err) } } return nil diff --git a/contrib/cirrus/lib.sh b/contrib/cirrus/lib.sh index 2624af385..e7ea05867 100644 --- a/contrib/cirrus/lib.sh +++ b/contrib/cirrus/lib.sh @@ -135,6 +135,7 @@ setup_rootless() { req_env_vars GOPATH GOSRC SECRET_ENV_RE ROOTLESS_USER="${ROOTLESS_USER:-some${RANDOM}dude}" + ROOTLESS_UID="" local rootless_uid local rootless_gid @@ -158,6 +159,7 @@ setup_rootless() { cd $GOSRC || exit 1 # Guarantee independence from specific values rootless_uid=$[RANDOM+1000] + ROOTLESS_UID=$rootless_uid rootless_gid=$[RANDOM+1000] msg "creating $rootless_uid:$rootless_gid $ROOTLESS_USER user" groupadd -g $rootless_gid $ROOTLESS_USER diff --git a/contrib/cirrus/setup_environment.sh b/contrib/cirrus/setup_environment.sh index f31cd6eeb..9bd35bd06 100755 --- a/contrib/cirrus/setup_environment.sh +++ b/contrib/cirrus/setup_environment.sh @@ -186,10 +186,11 @@ esac # Required to be defined by caller: Are we testing as root or a regular user case "$PRIV_NAME" in root) - if [[ "$TEST_FLAVOR" = "sys" ]]; then + if [[ "$TEST_FLAVOR" = "sys" || "$TEST_FLAVOR" = "apiv2" ]]; then # Used in local image-scp testing setup_rootless echo "PODMAN_ROOTLESS_USER=$ROOTLESS_USER" >> /etc/ci_environment + echo "PODMAN_ROOTLESS_UID=$ROOTLESS_UID" >> /etc/ci_environment fi ;; rootless) @@ -203,6 +204,7 @@ esac if [[ -n "$ROOTLESS_USER" ]]; then echo "ROOTLESS_USER=$ROOTLESS_USER" >> /etc/ci_environment + echo "ROOTLESS_UID=$ROOTLESS_UID" >> /etc/ci_environment fi # Required to be defined by caller: Are we testing podman or podman-remote client diff --git a/contrib/podmanimage/stable/Containerfile b/contrib/podmanimage/stable/Containerfile index 9121c5cde..70ff439d9 100644 --- a/contrib/podmanimage/stable/Containerfile +++ b/contrib/podmanimage/stable/Containerfile @@ -11,6 +11,9 @@ FROM registry.fedoraproject.org/fedora:latest # Don't include container-selinux and remove # directories used by dnf that are just taking # up space. +# TODO: rpm --setcaps... needed due to Fedora (base) image builds +# being (maybe still?) affected by +# https://bugzilla.redhat.com/show_bug.cgi?id=1995337#c3 RUN dnf -y update && \ rpm --setcaps shadow-utils 2>/dev/null && \ dnf -y install podman fuse-overlayfs \ diff --git a/contrib/podmanimage/testing/Containerfile b/contrib/podmanimage/testing/Containerfile index 16314a633..65c06f98c 100644 --- a/contrib/podmanimage/testing/Containerfile +++ b/contrib/podmanimage/testing/Containerfile @@ -11,6 +11,9 @@ FROM registry.fedoraproject.org/fedora:latest # Don't include container-selinux and remove # directories used by dnf that are just taking # up space. +# TODO: rpm --setcaps... needed due to Fedora (base) image builds +# being (maybe still?) affected by +# https://bugzilla.redhat.com/show_bug.cgi?id=1995337#c3 RUN dnf -y update && \ rpm --setcaps shadow-utils 2>/dev/null && \ dnf -y install podman fuse-overlayfs \ diff --git a/contrib/podmanimage/upstream/Containerfile b/contrib/podmanimage/upstream/Containerfile index c3a07a8d6..96e39c949 100644 --- a/contrib/podmanimage/upstream/Containerfile +++ b/contrib/podmanimage/upstream/Containerfile @@ -14,6 +14,9 @@ FROM registry.fedoraproject.org/fedora:latest # directories used by dnf that are just taking # up space. The latest podman + deps. come from # https://copr.fedorainfracloud.org/coprs/rhcontainerbot/podman-next/ +# TODO: rpm --setcaps... needed due to Fedora (base) image builds +# being (maybe still?) affected by +# https://bugzilla.redhat.com/show_bug.cgi?id=1995337#c3 RUN dnf -y update && \ rpm --setcaps shadow-utils 2>/dev/null && \ dnf -y install 'dnf-command(copr)' --enablerepo=updates-testing && \ diff --git a/contrib/systemd/system/podman-play-kube@.service.in b/contrib/systemd/system/podman-kube@.service.in index 824f71eb0..824f71eb0 100644 --- a/contrib/systemd/system/podman-play-kube@.service.in +++ b/contrib/systemd/system/podman-kube@.service.in diff --git a/docs/source/markdown/podman-create.1.md b/docs/source/markdown/podman-create.1.md index 40fca0f3a..403327d82 100644 --- a/docs/source/markdown/podman-create.1.md +++ b/docs/source/markdown/podman-create.1.md @@ -881,11 +881,11 @@ Suppress output information when pulling images #### **--read-only** -Mount the container's root filesystem as read only. +Mount the container's root filesystem as read-only. By default a container will have its root filesystem writable allowing processes to write files anywhere. By specifying the `--read-only` flag the container will have -its root filesystem mounted as read only prohibiting any writes. +its root filesystem mounted as read-only prohibiting any writes. #### **--read-only-tmpfs** @@ -1006,8 +1006,8 @@ Note: Labeling can be disabled for all containers by setting label=false in the possible mount options are specified in the **proc(5)** man page. -- **unmask**=_ALL_ or _/path/1:/path/2_, or shell expanded paths (/proc/*): Paths to unmask separated by a colon. If set to **ALL**, it will unmask all the paths that are masked or made read only by default. - The default masked paths are **/proc/acpi, /proc/kcore, /proc/keys, /proc/latency_stats, /proc/sched_debug, /proc/scsi, /proc/timer_list, /proc/timer_stats, /sys/firmware, and /sys/fs/selinux.** The default paths that are read only are **/proc/asound, /proc/bus, /proc/fs, /proc/irq, /proc/sys, /proc/sysrq-trigger, /sys/fs/cgroup**. +- **unmask**=_ALL_ or _/path/1:/path/2_, or shell expanded paths (/proc/*): Paths to unmask separated by a colon. If set to **ALL**, it will unmask all the paths that are masked or made read-only by default. + The default masked paths are **/proc/acpi, /proc/kcore, /proc/keys, /proc/latency_stats, /proc/sched_debug, /proc/scsi, /proc/timer_list, /proc/timer_stats, /sys/firmware, and /sys/fs/selinux.** The default paths that are read-only are **/proc/asound, /proc/bus, /proc/fs, /proc/irq, /proc/sys, /proc/sysrq-trigger, /sys/fs/cgroup**. Note: Labeling can be disabled for all containers by setting label=false in the **containers.conf** (`/etc/containers/containers.conf` or `$HOME/.config/containers/containers.conf`) file. @@ -1295,13 +1295,14 @@ The _options_ is a comma-separated list and can be: * **rw**|**ro** * **z**|**Z** -* [**r**]**shared**|[**r**]**slave**|[**r**]**private**[**r**]**unbindable** -* [**r**]**bind** -* [**no**]**exec** -* [**no**]**dev** -* [**no**]**suid** * [**O**] * [**U**] +* [**no**]**copy** +* [**no**]**dev** +* [**no**]**exec** +* [**no**]**suid** +* [**r**]**bind** +* [**r**]**shared**|[**r**]**slave**|[**r**]**private**[**r**]**unbindable** The `CONTAINER-DIR` must be an absolute path such as `/src/docs`. The volume will be mounted into the container at this directory. diff --git a/docs/source/markdown/podman-generate-systemd.1.md b/docs/source/markdown/podman-generate-systemd.1.md index 8c3c32d04..56ad4e446 100644 --- a/docs/source/markdown/podman-generate-systemd.1.md +++ b/docs/source/markdown/podman-generate-systemd.1.md @@ -14,6 +14,17 @@ Generating unit files for a pod requires the pod to be created with an infra con _Note: If you use this command with the remote client, including Mac and Windows (excluding WSL2) machines, you would still have to place the generated units on the remote system. Moreover, please make sure that the XDG_RUNTIME_DIR environment variable is set. If unset, you may set it via `export XDG_RUNTIME_DIR=/run/user/$(id -u)`._ +### Kubernetes Integration + +A Kubernetes YAML can be executed in systemd via the `podman-kube@.service` systemd template. The template's argument is the path to the YAML file. Given a `workload.yaml` file in the home directory, it can be executed as follows: + +``` +$ escaped=$(systemd-escape ~/sysadmin.yaml) +$ systemctl --user start podman-kube@$escaped.service +$ systemctl --user is-active podman-kube@$escaped.service +active +``` + ## OPTIONS #### **--after**=*dependency_name* diff --git a/docs/source/markdown/podman-machine-init.1.md b/docs/source/markdown/podman-machine-init.1.md index 33947bbba..2adb15e6a 100644 --- a/docs/source/markdown/podman-machine-init.1.md +++ b/docs/source/markdown/podman-machine-init.1.md @@ -10,9 +10,12 @@ podman\-machine\-init - Initialize a new virtual machine Initialize a new virtual machine for Podman. -Podman on macOS requires a virtual machine. This is because containers are Linux - +Rootless only. + +Podman on MacOS and Windows requires a virtual machine. This is because containers are Linux - containers do not run on any other OS because containers' core functionality are -tied to the Linux kernel. +tied to the Linux kernel. Podman machine must be used to manage MacOS and Windows machines, +but can be optionally used on Linux. **podman machine init** initializes a new Linux virtual machine where containers are run. SSH keys are automatically generated to access the VM, and system connections to the root account diff --git a/docs/source/markdown/podman-machine-inspect.1.md b/docs/source/markdown/podman-machine-inspect.1.md index 38eb66b0d..29cd775c2 100644 --- a/docs/source/markdown/podman-machine-inspect.1.md +++ b/docs/source/markdown/podman-machine-inspect.1.md @@ -13,6 +13,8 @@ Inspect one or more virtual machines Obtain greater detail about Podman virtual machines. More than one virtual machine can be inspected at once. +Rootless only. + ## OPTIONS #### **--format** diff --git a/docs/source/markdown/podman-machine-list.1.md b/docs/source/markdown/podman-machine-list.1.md index 0c5310463..a25aae090 100644 --- a/docs/source/markdown/podman-machine-list.1.md +++ b/docs/source/markdown/podman-machine-list.1.md @@ -12,9 +12,12 @@ podman\-machine\-list - List virtual machines List Podman managed virtual machines. -Podman on macOS requires a virtual machine. This is because containers are Linux - -containers do not run on any other OS because containers' core functionality is -tied to the Linux kernel. +Podman on MacOS and Windows requires a virtual machine. This is because containers are Linux - +containers do not run on any other OS because containers' core functionality are +tied to the Linux kernel. Podman machine must be used to manage MacOS and Windows machines, +but can be optionally used on Linux. + +Rootless only. ## OPTIONS diff --git a/docs/source/markdown/podman-machine-rm.1.md b/docs/source/markdown/podman-machine-rm.1.md index 4a2c59173..d90b615ce 100644 --- a/docs/source/markdown/podman-machine-rm.1.md +++ b/docs/source/markdown/podman-machine-rm.1.md @@ -16,6 +16,7 @@ generated for that VM are also removed as is its image file on the filesystem. Users get a display of what will be deleted and are required to confirm unless the option `--force` is used. +Rootless only. ## OPTIONS diff --git a/docs/source/markdown/podman-machine-set.1.md b/docs/source/markdown/podman-machine-set.1.md index de90ee4b0..1daf97a61 100644 --- a/docs/source/markdown/podman-machine-set.1.md +++ b/docs/source/markdown/podman-machine-set.1.md @@ -10,6 +10,8 @@ podman\-machine\-set - Sets a virtual machine setting Change a machine setting. +Rootless only. + ## OPTIONS #### **--cpus**=*number* diff --git a/docs/source/markdown/podman-machine-ssh.1.md b/docs/source/markdown/podman-machine-ssh.1.md index 6a1455df1..5432f0e9f 100644 --- a/docs/source/markdown/podman-machine-ssh.1.md +++ b/docs/source/markdown/podman-machine-ssh.1.md @@ -16,6 +16,8 @@ with the virtual machine is established. The exit code from ssh command will be forwarded to the podman machine ssh caller, see [Exit Codes](#Exit-Codes). +Rootless only. + ## OPTIONS #### **--help** diff --git a/docs/source/markdown/podman-machine-start.1.md b/docs/source/markdown/podman-machine-start.1.md index e55dcab13..b92494dda 100644 --- a/docs/source/markdown/podman-machine-start.1.md +++ b/docs/source/markdown/podman-machine-start.1.md @@ -10,9 +10,12 @@ podman\-machine\-start - Start a virtual machine Starts a virtual machine for Podman. -Podman on macOS requires a virtual machine. This is because containers are Linux - +Rootless only. + +Podman on MacOS and Windows requires a virtual machine. This is because containers are Linux - containers do not run on any other OS because containers' core functionality are -tied to the Linux kernel. +tied to the Linux kernel. Podman machine must be used to manage MacOS and Windows machines, +but can be optionally used on Linux. Only one Podman managed VM can be active at a time. If a VM is already running, `podman machine start` will return an error. diff --git a/docs/source/markdown/podman-machine-stop.1.md b/docs/source/markdown/podman-machine-stop.1.md index 9aa781561..29f3e81f4 100644 --- a/docs/source/markdown/podman-machine-stop.1.md +++ b/docs/source/markdown/podman-machine-stop.1.md @@ -10,9 +10,12 @@ podman\-machine\-stop - Stop a virtual machine Stops a virtual machine. -Podman on macOS requires a virtual machine. This is because containers are Linux - +Rootless only. + +Podman on MacOS and Windows requires a virtual machine. This is because containers are Linux - containers do not run on any other OS because containers' core functionality are -tied to the Linux kernel. +tied to the Linux kernel. Podman machine must be used to manage MacOS and Windows machines, +but can be optionally used on Linux. **podman machine stop** stops a Linux virtual machine where containers are run. diff --git a/docs/source/markdown/podman-machine.1.md b/docs/source/markdown/podman-machine.1.md index e9f6c7d20..c55226e02 100644 --- a/docs/source/markdown/podman-machine.1.md +++ b/docs/source/markdown/podman-machine.1.md @@ -7,7 +7,14 @@ podman\-machine - Manage Podman's virtual machine **podman machine** *subcommand* ## DESCRIPTION -`podman machine` is a set of subcommands that manage Podman's virtual machine on macOS. +`podman machine` is a set of subcommands that manage Podman's virtual machine. + +Podman on MacOS and Windows requires a virtual machine. This is because containers are Linux - +containers do not run on any other OS because containers' core functionality are +tied to the Linux kernel. Podman machine must be used to manage MacOS and Windows machines, +but can be optionally used on Linux. + +All `podman machine` commands are rootless only. ## SUBCOMMANDS diff --git a/docs/source/markdown/podman-play-kube.1.md b/docs/source/markdown/podman-play-kube.1.md index 1c7fc99a2..92cb694b0 100644 --- a/docs/source/markdown/podman-play-kube.1.md +++ b/docs/source/markdown/podman-play-kube.1.md @@ -103,6 +103,19 @@ spec: and as a result environment variable `FOO` will be set to `bar` for container `container-1`. +### Systemd Integration + +A Kubernetes YAML can be executed in systemd via the `podman-kube@.service` systemd template. The template's argument is the path to the YAML file. Given a `workload.yaml` file in the home directory, it can be executed as follows: + +``` +$ escaped=$(systemd-escape ~/sysadmin.yaml) +$ systemctl --user start podman-kube@$escaped.service +$ systemctl --user is-active podman-kube@$escaped.service +active +``` + +Note that the path to the YAML file must be escaped via `systemd-escape`. + ## OPTIONS #### **--annotation**=*key=value* diff --git a/docs/source/markdown/podman-pod-clone.1.md b/docs/source/markdown/podman-pod-clone.1.md index e44e9fa3c..a18f7dbfe 100644 --- a/docs/source/markdown/podman-pod-clone.1.md +++ b/docs/source/markdown/podman-pod-clone.1.md @@ -80,6 +80,16 @@ Add metadata to a pod (e.g., --label com.example.key=value). Read in a line delimited file of labels. +#### **--memory**, **-m**=*limit* + +Memory limit (format: `<number>[<unit>]`, where unit = b (bytes), k (kibibytes), m (mebibytes), or g (gibibytes)) + +Constrains the memory available to a container. If the host +supports swap memory, then the **-m** memory setting can be larger than physical +RAM. If a limit of 0 is specified (not using **-m**), the container's memory is +not limited. The actual limit may be rounded up to a multiple of the operating +system's page size (the value would be very large, that's millions of trillions). + #### **--name**, **-n** Set a custom name for the cloned pod. The default if not specified is of the syntax: **<ORIGINAL_NAME>-clone** @@ -119,8 +129,8 @@ Note: Labeling can be disabled for all pods/containers by setting label=false in - `proc-opts=OPTIONS` : Comma-separated list of options to use for the /proc mount. More details for the possible mount options are specified in the **proc(5)** man page. -- **unmask**=_ALL_ or _/path/1:/path/2_, or shell expanded paths (/proc/*): Paths to unmask separated by a colon. If set to **ALL**, it will unmask all the paths that are masked or made read only by default. - The default masked paths are **/proc/acpi, /proc/kcore, /proc/keys, /proc/latency_stats, /proc/sched_debug, /proc/scsi, /proc/timer_list, /proc/timer_stats, /sys/firmware, and /sys/fs/selinux.** The default paths that are read only are **/proc/asound, /proc/bus, /proc/fs, /proc/irq, /proc/sys, /proc/sysrq-trigger, /sys/fs/cgroup**. +- **unmask**=_ALL_ or _/path/1:/path/2_, or shell expanded paths (/proc/*): Paths to unmask separated by a colon. If set to **ALL**, it will unmask all the paths that are masked or made read-only by default. + The default masked paths are **/proc/acpi, /proc/kcore, /proc/keys, /proc/latency_stats, /proc/sched_debug, /proc/scsi, /proc/timer_list, /proc/timer_stats, /sys/firmware, and /sys/fs/selinux.** The default paths that are read-only are **/proc/asound, /proc/bus, /proc/fs, /proc/irq, /proc/sys, /proc/sysrq-trigger, /sys/fs/cgroup**. Note: Labeling can be disabled for all containers by setting label=false in the **containers.conf** (`/etc/containers/containers.conf` or `$HOME/.config/containers/containers.conf`) file. diff --git a/docs/source/markdown/podman-pod-create.1.md b/docs/source/markdown/podman-pod-create.1.md index e63623169..75d2bb611 100644 --- a/docs/source/markdown/podman-pod-create.1.md +++ b/docs/source/markdown/podman-pod-create.1.md @@ -164,6 +164,16 @@ according to RFC4862. To specify multiple static MAC addresses per pod, set multiple networks using the **--network** option with a static MAC address specified for each using the `mac` mode for that option. +#### **--memory**, **-m**=*limit* + +Memory limit (format: `<number>[<unit>]`, where unit = b (bytes), k (kibibytes), m (mebibytes), or g (gibibytes)) + +Constrains the memory available to a container. If the host +supports swap memory, then the **-m** memory setting can be larger than physical +RAM. If a limit of 0 is specified (not using **-m**), the container's memory is +not limited. The actual limit may be rounded up to a multiple of the operating +system's page size (the value would be very large, that's millions of trillions). + #### **--name**=*name*, **-n** @@ -283,8 +293,8 @@ Note: Labeling can be disabled for all pods/containers by setting label=false in - `proc-opts=OPTIONS` : Comma-separated list of options to use for the /proc mount. More details for the possible mount options are specified in the **proc(5)** man page. -- **unmask**=_ALL_ or _/path/1:/path/2_, or shell expanded paths (/proc/*): Paths to unmask separated by a colon. If set to **ALL**, it will unmask all the paths that are masked or made read only by default. - The default masked paths are **/proc/acpi, /proc/kcore, /proc/keys, /proc/latency_stats, /proc/sched_debug, /proc/scsi, /proc/timer_list, /proc/timer_stats, /sys/firmware, and /sys/fs/selinux.** The default paths that are read only are **/proc/asound, /proc/bus, /proc/fs, /proc/irq, /proc/sys, /proc/sysrq-trigger, /sys/fs/cgroup**. +- **unmask**=_ALL_ or _/path/1:/path/2_, or shell expanded paths (/proc/*): Paths to unmask separated by a colon. If set to **ALL**, it will unmask all the paths that are masked or made read-only by default. + The default masked paths are **/proc/acpi, /proc/kcore, /proc/keys, /proc/latency_stats, /proc/sched_debug, /proc/scsi, /proc/timer_list, /proc/timer_stats, /sys/firmware, and /sys/fs/selinux.** The default paths that are read-only are **/proc/asound, /proc/bus, /proc/fs, /proc/irq, /proc/sys, /proc/sysrq-trigger, /sys/fs/cgroup**. Note: Labeling can be disabled for all containers by setting label=false in the **containers.conf** (`/etc/containers/containers.conf` or `$HOME/.config/containers/containers.conf`) file. diff --git a/docs/source/markdown/podman-run.1.md b/docs/source/markdown/podman-run.1.md index 488bf6777..8f71c3706 100644 --- a/docs/source/markdown/podman-run.1.md +++ b/docs/source/markdown/podman-run.1.md @@ -919,11 +919,11 @@ Suppress output information when pulling images #### **--read-only** -Mount the container's root filesystem as read only. +Mount the container's root filesystem as read-only. By default a container will have its root filesystem writable allowing processes to write files anywhere. By specifying the **--read-only** flag, the container will have -its root filesystem mounted as read only prohibiting any writes. +its root filesystem mounted as read-only prohibiting any writes. #### **--read-only-tmpfs** @@ -1051,8 +1051,8 @@ Note: Labeling can be disabled for all containers by setting label=false in the - **proc-opts**=_OPTIONS_ : Comma-separated list of options to use for the /proc mount. More details for the possible mount options are specified in the **proc(5)** man page. -- **unmask**=_ALL_ or _/path/1:/path/2_, or shell expanded paths (/proc/*): Paths to unmask separated by a colon. If set to **ALL**, it will unmask all the paths that are masked or made read only by default. - The default masked paths are **/proc/acpi, /proc/kcore, /proc/keys, /proc/latency_stats, /proc/sched_debug, /proc/scsi, /proc/timer_list, /proc/timer_stats, /sys/firmware, and /sys/fs/selinux.**. The default paths that are read only are **/proc/asound**, **/proc/bus**, **/proc/fs**, **/proc/irq**, **/proc/sys**, **/proc/sysrq-trigger**, **/sys/fs/cgroup**. +- **unmask**=_ALL_ or _/path/1:/path/2_, or shell expanded paths (/proc/*): Paths to unmask separated by a colon. If set to **ALL**, it will unmask all the paths that are masked or made read-only by default. + The default masked paths are **/proc/acpi, /proc/kcore, /proc/keys, /proc/latency_stats, /proc/sched_debug, /proc/scsi, /proc/timer_list, /proc/timer_stats, /sys/firmware, and /sys/fs/selinux.**. The default paths that are read-only are **/proc/asound**, **/proc/bus**, **/proc/fs**, **/proc/irq**, **/proc/sys**, **/proc/sysrq-trigger**, **/sys/fs/cgroup**. Note: Labeling can be disabled for all containers by setting **label=false** in the **containers.conf**(5) file. @@ -1362,13 +1362,14 @@ The _options_ is a comma-separated list and can be: <sup>[[1]](#Footnote1)</sup> * **rw**|**ro** * **z**|**Z** -* [**r**]**shared**|[**r**]**slave**|[**r**]**private**[**r**]**unbindable** -* [**r**]**bind** -* [**no**]**exec** -* [**no**]**dev** -* [**no**]**suid** * [**O**] * [**U**] +* [**no**]**copy** +* [**no**]**dev** +* [**no**]**exec** +* [**no**]**suid** +* [**r**]**bind** +* [**r**]**shared**|[**r**]**slave**|[**r**]**private**[**r**]**unbindable** The `CONTAINER-DIR` must be an absolute path such as `/src/docs`. The volume will be mounted into the container at this directory. @@ -1602,7 +1603,7 @@ content. Installing packages into _/usr_, for example. In production, applications seldom need to write to the image. Container applications write to volumes if they need to write to file systems at all. Applications can be made more secure by running them in read-only mode using the **--read-only** switch. -This protects the containers image from modification. Read only containers may +This protects the containers image from modification. Read-only containers may still need to write temporary data. The best way to handle this is to mount tmpfs directories on _/run_ and _/tmp_. diff --git a/docs/source/markdown/podman-volume-create.1.md b/docs/source/markdown/podman-volume-create.1.md index 31e109791..f43e647bf 100644 --- a/docs/source/markdown/podman-volume-create.1.md +++ b/docs/source/markdown/podman-volume-create.1.md @@ -31,16 +31,17 @@ Set metadata for a volume (e.g., --label mykey=value). Set driver specific options. For the default driver, **local**, this allows a volume to be configured to mount a filesystem on the host. -For the `local` driver the following options are supported: `type`, `device`, and `o`. +For the `local` driver the following options are supported: `type`, `device`, `o`, and `[no]copy`. The `type` option sets the type of the filesystem to be mounted, and is equivalent to the `-t` flag to **mount(8)**. The `device` option sets the device to be mounted, and is equivalent to the `device` argument to **mount(8)**. +The `copy` option enables copying files from the container image path where the mount is created to the newly created volume on the first run. `copy` is the default. The `o` option sets options for the mount, and is equivalent to the `-o` flag to **mount(8)** with these exceptions: - The `o` option supports `uid` and `gid` options to set the UID and GID of the created volume that are not normally supported by **mount(8)**. - The `o` option supports the `size` option to set the maximum size of the created volume, the `inodes` option to set the maximum number of inodes for the volume and `noquota` to completely disable quota support even for tracking of disk usage. Currently these flags are only supported on "xfs" file system mounted with the `prjquota` flag described in the **xfs_quota(8)** man page. - - The `o` option supports . - - Using volume options other then the UID/GID options with the **local** driver requires root privileges. + - The `o` option supports using volume options other than the UID/GID options with the **local** driver and requires root privileges. + - The `o` options supports the `timeout` option which allows users to set a driver specific timeout in seconds before volume creation fails. For example, **--opts=o=timeout=10** sets a driver timeout of 10 seconds. When not using the **local** driver, the given options are passed directly to the volume plugin. In this case, supported options are dictated by the plugin in question, not Podman. diff --git a/docs/tutorials/remote_client.md b/docs/tutorials/remote_client.md index 27b97e6f5..5cd679193 100644 --- a/docs/tutorials/remote_client.md +++ b/docs/tutorials/remote_client.md @@ -54,7 +54,7 @@ host: In order for the Podman client to communicate with the server you need to enable and start the SSH daemon on your Linux machine, if it is not currently enabled. ``` -sudo systemctl enable --now -s sshd +sudo systemctl enable --now sshd ``` #### Setting up SSH @@ -12,7 +12,7 @@ require ( github.com/containernetworking/cni v1.1.1 github.com/containernetworking/plugins v1.1.1 github.com/containers/buildah v1.26.1-0.20220609225314-e66309ebde8c - github.com/containers/common v0.48.1-0.20220624132904-722a80e139ec + github.com/containers/common v0.48.1-0.20220630172158-178929cf063e github.com/containers/conmon v2.0.20+incompatible github.com/containers/image/v5 v5.21.2-0.20220617075545-929f14a56f5c github.com/containers/ocicrypt v1.1.5 @@ -57,7 +57,7 @@ require ( github.com/sirupsen/logrus v1.8.1 github.com/spf13/cobra v1.5.0 github.com/spf13/pflag v1.0.5 - github.com/stretchr/testify v1.7.5 + github.com/stretchr/testify v1.8.0 github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 github.com/uber/jaeger-client-go v2.30.0+incompatible github.com/ulikunitz/xz v0.5.10 @@ -338,8 +338,8 @@ github.com/containernetworking/plugins v1.1.1/go.mod h1:Sr5TH/eBsGLXK/h71HeLfX19 github.com/containers/buildah v1.26.1-0.20220609225314-e66309ebde8c h1:/fKyiLFFuceBPZGJ0Lig7ElURhfsslAOw1BOcItD+X8= github.com/containers/buildah v1.26.1-0.20220609225314-e66309ebde8c/go.mod h1:b0L+u2Dam7soWGn5sVTK31L++Xrf80AbGvK5z9D2+lw= github.com/containers/common v0.48.1-0.20220608111710-dbecabbe82c9/go.mod h1:WBLwq+i7bicCpH54V70HM6s7jqDAESTlYnd05XXp0ac= -github.com/containers/common v0.48.1-0.20220624132904-722a80e139ec h1:kcfKciMCi6/A72M8TSX2ZYJFa5Yu9hC2Mct8FkuW1Xw= -github.com/containers/common v0.48.1-0.20220624132904-722a80e139ec/go.mod h1:KDNk8Lazjjjqs9643cKH9dnq6IXB4Lf7evya5GiFcg0= +github.com/containers/common v0.48.1-0.20220630172158-178929cf063e h1:Vf5tsGrLC2B2omVBP3AdDA7YlE/VoMdNyQ5yPF8GRoY= +github.com/containers/common v0.48.1-0.20220630172158-178929cf063e/go.mod h1:Zt3D/IhgFyG1oaBrqsbn9NdH/4fkjsO2Y0ahP12ieu4= github.com/containers/conmon v2.0.20+incompatible h1:YbCVSFSCqFjjVwHTPINGdMX1F6JXHGTUje2ZYobNrkg= github.com/containers/conmon v2.0.20+incompatible/go.mod h1:hgwZ2mtuDrppv78a/cOBNiCm6O0UMWGx1mu7P00nu5I= github.com/containers/image/v5 v5.21.2-0.20220511203756-fe4fd4ed8be4/go.mod h1:OsX9sFexyGF0FCNAjfcVFv3IwMqDyLyV/WQY/roLPcE= @@ -1268,9 +1268,8 @@ github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/ github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals= -github.com/stretchr/testify v1.7.4/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= -github.com/stretchr/testify v1.7.5 h1:s5PTfem8p8EbKQOctVV53k6jCJt3UX4IEJzwh+C324Q= -github.com/stretchr/testify v1.7.5/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= +github.com/stretchr/testify v1.8.0 h1:pSgiaMZlXftHpm5L7V1+rVB+AZJydKsMxsQBIJw4PKk= +github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw= github.com/sylabs/sif/v2 v2.7.0/go.mod h1:TiyBWsgWeh5yBeQFNuQnvROwswqK7YJT8JA1L53bsXQ= github.com/sylabs/sif/v2 v2.7.1 h1:XXt9AP39sQfsMCGOGQ/XP9H47yqZOvAonalkaCaNIYM= diff --git a/hack/podman-registry-go/registry.go b/hack/podman-registry-go/registry.go index af8f3117c..d66d092b6 100644 --- a/hack/podman-registry-go/registry.go +++ b/hack/podman-registry-go/registry.go @@ -1,10 +1,10 @@ package registry import ( + "fmt" "strings" "github.com/containers/podman/v4/utils" - "github.com/pkg/errors" "github.com/sirupsen/logrus" ) @@ -57,7 +57,7 @@ func StartWithOptions(options *Options) (*Registry, error) { // Start a registry. out, err := utils.ExecCmd(binary, args...) if err != nil { - return nil, errors.Wrapf(err, "error running %q: %s", binary, out) + return nil, fmt.Errorf("error running %q: %s: %w", binary, out, err) } // Parse the output. @@ -68,7 +68,7 @@ func StartWithOptions(options *Options) (*Registry, error) { } spl := strings.Split(s, "=") if len(spl) != 2 { - return nil, errors.Errorf("unexpected output format %q: want 'PODMAN_...=...'", s) + return nil, fmt.Errorf("unexpected output format %q: want 'PODMAN_...=...'", s) } key := spl[0] val := strings.TrimSuffix(strings.TrimPrefix(spl[1], "\""), "\"") @@ -88,16 +88,16 @@ func StartWithOptions(options *Options) (*Registry, error) { // Extra sanity check. if registry.Image == "" { - return nil, errors.Errorf("unexpected output %q: %q missing", out, ImageKey) + return nil, fmt.Errorf("unexpected output %q: %q missing", out, ImageKey) } if registry.User == "" { - return nil, errors.Errorf("unexpected output %q: %q missing", out, UserKey) + return nil, fmt.Errorf("unexpected output %q: %q missing", out, UserKey) } if registry.Password == "" { - return nil, errors.Errorf("unexpected output %q: %q missing", out, PassKey) + return nil, fmt.Errorf("unexpected output %q: %q missing", out, PassKey) } if registry.Port == "" { - return nil, errors.Errorf("unexpected output %q: %q missing", out, PortKey) + return nil, fmt.Errorf("unexpected output %q: %q missing", out, PortKey) } registry.running = true @@ -112,7 +112,7 @@ func (r *Registry) Stop() error { return nil } if _, err := utils.ExecCmd(binary, "-P", r.Port, "stop"); err != nil { - return errors.Wrapf(err, "error stopping registry (%v) with %q", *r, binary) + return fmt.Errorf("error stopping registry (%v) with %q: %w", *r, binary, err) } r.running = false return nil diff --git a/libpod/boltdb_state_internal.go b/libpod/boltdb_state_internal.go index edba78d6d..11b4aa049 100644 --- a/libpod/boltdb_state_internal.go +++ b/libpod/boltdb_state_internal.go @@ -530,7 +530,7 @@ func (s *BoltState) getVolumeFromDB(name []byte, volume *Volume, volBkt *bolt.Bu // Retrieve volume driver if volume.UsesVolumeDriver() { - plugin, err := s.runtime.getVolumePlugin(volume.config.Driver) + plugin, err := s.runtime.getVolumePlugin(volume.config) if err != nil { // We want to fail gracefully here, to ensure that we // can still remove volumes even if their plugin is diff --git a/libpod/container.go b/libpod/container.go index 3a15cfbdb..0619471b4 100644 --- a/libpod/container.go +++ b/libpod/container.go @@ -1118,7 +1118,7 @@ func (c *Container) IsInitCtr() bool { return len(c.config.InitContainerType) > 0 } -// IsReadOnly returns whether the container is running in read only mode +// IsReadOnly returns whether the container is running in read-only mode func (c *Container) IsReadOnly() bool { return c.config.Spec.Root.Readonly } diff --git a/libpod/container_api.go b/libpod/container_api.go index c14fe95b0..39303eef6 100644 --- a/libpod/container_api.go +++ b/libpod/container_api.go @@ -666,6 +666,15 @@ func (c *Container) Cleanup(ctx context.Context) error { defer c.lock.Unlock() if err := c.syncContainer(); err != nil { + switch errors.Cause(err) { + // When the container has already been removed, the OCI runtime directory remain. + case define.ErrNoSuchCtr, define.ErrCtrRemoved: + if err := c.cleanupRuntime(ctx); err != nil { + return errors.Wrapf(err, "error cleaning up container %s from OCI runtime", c.ID()) + } + default: + logrus.Errorf("Syncing container %s status: %v", c.ID(), err) + } return err } } @@ -752,19 +761,8 @@ func (c *Container) Sync() error { defer c.lock.Unlock() } - // If runtime knows about the container, update its status in runtime - // And then save back to disk - if c.ensureState(define.ContainerStateCreated, define.ContainerStateRunning, define.ContainerStatePaused, define.ContainerStateStopped, define.ContainerStateStopping) { - oldState := c.state.State - if err := c.ociRuntime.UpdateContainerStatus(c); err != nil { - return err - } - // Only save back to DB if state changed - if c.state.State != oldState { - if err := c.save(); err != nil { - return err - } - } + if err := c.syncContainer(); err != nil { + return err } defer c.newContainerEvent(events.Sync) diff --git a/libpod/container_internal.go b/libpod/container_internal.go index ae61298f3..3b01ee6c8 100644 --- a/libpod/container_internal.go +++ b/libpod/container_internal.go @@ -21,6 +21,7 @@ import ( "github.com/containers/common/pkg/cgroups" "github.com/containers/common/pkg/chown" "github.com/containers/common/pkg/config" + cutil "github.com/containers/common/pkg/util" "github.com/containers/podman/v4/libpod/define" "github.com/containers/podman/v4/libpod/events" "github.com/containers/podman/v4/pkg/ctime" @@ -1288,8 +1289,9 @@ func (c *Container) stop(timeout uint) error { if err := c.syncContainer(); err != nil { switch errors.Cause(err) { // If the container has already been removed (e.g., via - // the cleanup process), there's nothing left to do. + // the cleanup process), set the container state to "stopped". case define.ErrNoSuchCtr, define.ErrCtrRemoved: + c.state.State = define.ContainerStateStopped return stopErr default: if stopErr != nil { @@ -1639,30 +1641,16 @@ func (c *Container) mountNamedVolume(v *ContainerNamedVolume, mountpoint string) if err := vol.update(); err != nil { return nil, err } - if vol.state.NeedsCopyUp { + _, hasNoCopy := vol.config.Options["nocopy"] + if vol.state.NeedsCopyUp && !cutil.StringInSlice("nocopy", v.Options) && !hasNoCopy { logrus.Debugf("Copying up contents from container %s to volume %s", c.ID(), vol.Name()) - // If the volume is not empty, we should not copy up. - volMount := vol.mountPoint() - contents, err := ioutil.ReadDir(volMount) - if err != nil { - return nil, errors.Wrapf(err, "error listing contents of volume %s mountpoint when copying up from container %s", vol.Name(), c.ID()) - } - if len(contents) > 0 { - // The volume is not empty. It was likely modified - // outside of Podman. For safety, let's not copy up into - // it. Fixes CVE-2020-1726. - return vol, nil - } - srcDir, err := securejoin.SecureJoin(mountpoint, v.Dest) if err != nil { return nil, errors.Wrapf(err, "error calculating destination path to copy up container %s volume %s", c.ID(), vol.Name()) } // Do a manual stat on the source directory to verify existence. // Skip the rest if it exists. - // TODO: Should this be stat or lstat? I'm using lstat because I - // think copy-up doesn't happen when the source is a link. srcStat, err := os.Lstat(srcDir) if err != nil { if os.IsNotExist(err) { @@ -1688,6 +1676,19 @@ func (c *Container) mountNamedVolume(v *ContainerNamedVolume, mountpoint string) return vol, nil } + // If the volume is not empty, we should not copy up. + volMount := vol.mountPoint() + contents, err := ioutil.ReadDir(volMount) + if err != nil { + return nil, errors.Wrapf(err, "error listing contents of volume %s mountpoint when copying up from container %s", vol.Name(), c.ID()) + } + if len(contents) > 0 { + // The volume is not empty. It was likely modified + // outside of Podman. For safety, let's not copy up into + // it. Fixes CVE-2020-1726. + return vol, nil + } + // Set NeedsCopyUp to false since we are about to do first copy // Do not copy second time. vol.state.NeedsCopyUp = false diff --git a/libpod/define/pod_inspect.go b/libpod/define/pod_inspect.go index c387856e5..935e0f5f9 100644 --- a/libpod/define/pod_inspect.go +++ b/libpod/define/pod_inspect.go @@ -69,6 +69,8 @@ type InspectPodData struct { VolumesFrom []string `json:"volumes_from,omitempty"` // SecurityOpt contains the specified security labels and related SELinux information SecurityOpts []string `json:"security_opt,omitempty"` + // MemoryLimit contains the specified cgroup memory limit for the pod + MemoryLimit uint64 `json:"memory_limit,omitempty"` } // InspectPodInfraConfig contains the configuration of the pod's infra diff --git a/libpod/define/volume_inspect.go b/libpod/define/volume_inspect.go index aaa23b4fc..f731a8735 100644 --- a/libpod/define/volume_inspect.go +++ b/libpod/define/volume_inspect.go @@ -56,6 +56,8 @@ type InspectVolumeData struct { // a container, the container will chown the volume to the container process // UID/GID. NeedsChown bool `json:"NeedsChown,omitempty"` + // Timeout is the specified driver timeout if given + Timeout int `json:"Timeout,omitempty"` } type VolumeReload struct { diff --git a/libpod/options.go b/libpod/options.go index 9a29fb279..3f9a0424a 100644 --- a/libpod/options.go +++ b/libpod/options.go @@ -1693,6 +1693,18 @@ func withSetAnon() VolumeCreateOption { } } +// WithVolumeDriverTimeout sets the volume creation timeout period +func WithVolumeDriverTimeout(timeout int) VolumeCreateOption { + return func(volume *Volume) error { + if volume.valid { + return define.ErrVolumeFinalized + } + + volume.config.Timeout = timeout + return nil + } +} + // WithTimezone sets the timezone in the container func WithTimezone(path string) CtrCreateOption { return func(ctr *Container) error { diff --git a/libpod/plugin/volume_api.go b/libpod/plugin/volume_api.go index 2de7db32c..332ab912b 100644 --- a/libpod/plugin/volume_api.go +++ b/libpod/plugin/volume_api.go @@ -127,7 +127,7 @@ func validatePlugin(newPlugin *VolumePlugin) error { // GetVolumePlugin gets a single volume plugin, with the given name, at the // given path. -func GetVolumePlugin(name string, path string) (*VolumePlugin, error) { +func GetVolumePlugin(name string, path string, timeout int) (*VolumePlugin, error) { pluginsLock.Lock() defer pluginsLock.Unlock() @@ -151,6 +151,13 @@ func GetVolumePlugin(name string, path string) (*VolumePlugin, error) { // And since we can reuse it, might as well cache it. client := new(http.Client) client.Timeout = defaultTimeout + // if the user specified a non-zero timeout, use their value. Else, keep the default. + if timeout != 0 { + if time.Duration(timeout)*time.Second < defaultTimeout { + logrus.Warnf("the default timeout for volume creation is %d seconds, setting a time less than that may break this feature.", defaultTimeout) + } + client.Timeout = time.Duration(timeout) * time.Second + } // This bit borrowed from pkg/bindings/connection.go client.Transport = &http.Transport{ DialContext: func(ctx context.Context, _, _ string) (net.Conn, error) { diff --git a/libpod/pod.go b/libpod/pod.go index 2502c41a9..c8c6790e8 100644 --- a/libpod/pod.go +++ b/libpod/pod.go @@ -169,6 +169,23 @@ func (p *Pod) CPUQuota() int64 { return 0 } +// MemoryLimit returns the pod Memory Limit +func (p *Pod) MemoryLimit() uint64 { + if p.state.InfraContainerID == "" { + return 0 + } + infra, err := p.runtime.GetContainer(p.state.InfraContainerID) + if err != nil { + return 0 + } + conf := infra.config.Spec + if conf != nil && conf.Linux != nil && conf.Linux.Resources != nil && conf.Linux.Resources.Memory != nil && conf.Linux.Resources.Memory.Limit != nil { + val := *conf.Linux.Resources.Memory.Limit + return uint64(val) + } + return 0 +} + // NetworkMode returns the Network mode given by the user ex: pod, private... func (p *Pod) NetworkMode() string { infra, err := p.runtime.GetContainer(p.state.InfraContainerID) diff --git a/libpod/pod_api.go b/libpod/pod_api.go index fefe0e329..f06e62007 100644 --- a/libpod/pod_api.go +++ b/libpod/pod_api.go @@ -751,6 +751,7 @@ func (p *Pod) Inspect() (*define.InspectPodData, error) { CPUSetCPUs: p.ResourceLim().CPU.Cpus, CPUPeriod: p.CPUPeriod(), CPUQuota: p.CPUQuota(), + MemoryLimit: p.MemoryLimit(), Mounts: inspectMounts, Devices: devices, BlkioDeviceReadBps: deviceLimits, diff --git a/libpod/runtime.go b/libpod/runtime.go index 11ec750b1..ea4b34954 100644 --- a/libpod/runtime.go +++ b/libpod/runtime.go @@ -4,6 +4,7 @@ import ( "bufio" "bytes" "context" + "errors" "fmt" "os" "os/exec" @@ -40,7 +41,6 @@ import ( "github.com/containers/storage/pkg/unshare" "github.com/docker/docker/pkg/namesgenerator" spec "github.com/opencontainers/runtime-spec/specs-go" - "github.com/pkg/errors" "github.com/sirupsen/logrus" ) @@ -146,7 +146,7 @@ func SetXdgDirs() error { } } if err := os.Setenv("XDG_RUNTIME_DIR", runtimeDir); err != nil { - return errors.Wrapf(err, "cannot set XDG_RUNTIME_DIR") + return fmt.Errorf("cannot set XDG_RUNTIME_DIR: %w", err) } if rootless.IsRootless() && os.Getenv("DBUS_SESSION_BUS_ADDRESS") == "" { @@ -163,7 +163,7 @@ func SetXdgDirs() error { return err } if err := os.Setenv("XDG_CONFIG_HOME", cfgHomeDir); err != nil { - return errors.Wrapf(err, "cannot set XDG_CONFIG_HOME") + return fmt.Errorf("cannot set XDG_CONFIG_HOME: %w", err) } } return nil @@ -214,7 +214,7 @@ func newRuntimeFromConfig(conf *config.Config, options ...RuntimeOption) (*Runti // Overwrite config with user-given configuration options for _, opt := range options { if err := opt(runtime); err != nil { - return nil, errors.Wrapf(err, "error configuring runtime") + return nil, fmt.Errorf("error configuring runtime: %w", err) } } @@ -225,12 +225,12 @@ func newRuntimeFromConfig(conf *config.Config, options ...RuntimeOption) (*Runti } os.Exit(1) return nil - }); err != nil && errors.Cause(err) != shutdown.ErrHandlerExists { + }); err != nil && !errors.Is(err, shutdown.ErrHandlerExists) { logrus.Errorf("Registering shutdown handler for libpod: %v", err) } if err := shutdown.Start(); err != nil { - return nil, errors.Wrapf(err, "error starting shutdown signal handler") + return nil, fmt.Errorf("error starting shutdown signal handler: %w", err) } if err := makeRuntime(runtime); err != nil { @@ -256,10 +256,10 @@ func getLockManager(runtime *Runtime) (lock.Manager, error) { lockPath := filepath.Join(runtime.config.Engine.TmpDir, "locks") manager, err = lock.OpenFileLockManager(lockPath) if err != nil { - if os.IsNotExist(errors.Cause(err)) { + if errors.Is(err, os.ErrNotExist) { manager, err = lock.NewFileLockManager(lockPath) if err != nil { - return nil, errors.Wrapf(err, "failed to get new file lock manager") + return nil, fmt.Errorf("failed to get new file lock manager: %w", err) } } else { return nil, err @@ -275,19 +275,19 @@ func getLockManager(runtime *Runtime) (lock.Manager, error) { manager, err = lock.OpenSHMLockManager(lockPath, runtime.config.Engine.NumLocks) if err != nil { switch { - case os.IsNotExist(errors.Cause(err)): + case errors.Is(err, os.ErrNotExist): manager, err = lock.NewSHMLockManager(lockPath, runtime.config.Engine.NumLocks) if err != nil { - return nil, errors.Wrapf(err, "failed to get new shm lock manager") + return nil, fmt.Errorf("failed to get new shm lock manager: %w", err) } - case errors.Cause(err) == syscall.ERANGE && runtime.doRenumber: + case errors.Is(err, syscall.ERANGE) && runtime.doRenumber: logrus.Debugf("Number of locks does not match - removing old locks") // ERANGE indicates a lock numbering mismatch. // Since we're renumbering, this is not fatal. // Remove the earlier set of locks and recreate. if err := os.Remove(filepath.Join("/dev/shm", lockPath)); err != nil { - return nil, errors.Wrapf(err, "error removing libpod locks file %s", lockPath) + return nil, fmt.Errorf("error removing libpod locks file %s: %w", lockPath, err) } manager, err = lock.NewSHMLockManager(lockPath, runtime.config.Engine.NumLocks) @@ -299,7 +299,7 @@ func getLockManager(runtime *Runtime) (lock.Manager, error) { } } default: - return nil, errors.Wrapf(define.ErrInvalidArg, "unknown lock type %s", runtime.config.Engine.LockType) + return nil, fmt.Errorf("unknown lock type %s: %w", runtime.config.Engine.LockType, define.ErrInvalidArg) } return manager, nil } @@ -315,17 +315,17 @@ func makeRuntime(runtime *Runtime) (retErr error) { runtime.conmonPath = cPath if runtime.noStore && runtime.doReset { - return errors.Wrapf(define.ErrInvalidArg, "cannot perform system reset if runtime is not creating a store") + return fmt.Errorf("cannot perform system reset if runtime is not creating a store: %w", define.ErrInvalidArg) } if runtime.doReset && runtime.doRenumber { - return errors.Wrapf(define.ErrInvalidArg, "cannot perform system reset while renumbering locks") + return fmt.Errorf("cannot perform system reset while renumbering locks: %w", define.ErrInvalidArg) } // Make the static files directory if it does not exist if err := os.MkdirAll(runtime.config.Engine.StaticDir, 0700); err != nil { // The directory is allowed to exist - if !os.IsExist(err) { - return errors.Wrap(err, "error creating runtime static files directory") + if !errors.Is(err, os.ErrExist) { + return fmt.Errorf("error creating runtime static files directory: %w", err) } } @@ -337,9 +337,9 @@ func makeRuntime(runtime *Runtime) (retErr error) { // package. switch runtime.config.Engine.StateType { case config.InMemoryStateStore: - return errors.Wrapf(define.ErrInvalidArg, "in-memory state is currently disabled") + return fmt.Errorf("in-memory state is currently disabled: %w", define.ErrInvalidArg) case config.SQLiteStateStore: - return errors.Wrapf(define.ErrInvalidArg, "SQLite state is currently disabled") + return fmt.Errorf("SQLite state is currently disabled: %w", define.ErrInvalidArg) case config.BoltDBStateStore: dbPath := filepath.Join(runtime.config.Engine.StaticDir, "bolt_state.db") @@ -349,7 +349,7 @@ func makeRuntime(runtime *Runtime) (retErr error) { } runtime.state = state default: - return errors.Wrapf(define.ErrInvalidArg, "unrecognized state type passed (%v)", runtime.config.Engine.StateType) + return fmt.Errorf("unrecognized state type passed (%v): %w", runtime.config.Engine.StateType, define.ErrInvalidArg) } // Grab config from the database so we can reset some defaults @@ -369,7 +369,7 @@ func makeRuntime(runtime *Runtime) (retErr error) { } } - return errors.Wrapf(err, "error retrieving runtime configuration from database") + return fmt.Errorf("error retrieving runtime configuration from database: %w", err) } runtime.mergeDBConfig(dbConfig) @@ -412,7 +412,7 @@ func makeRuntime(runtime *Runtime) (retErr error) { } if err := runtime.state.SetNamespace(runtime.config.Engine.Namespace); err != nil { - return errors.Wrapf(err, "error setting libpod namespace in state") + return fmt.Errorf("error setting libpod namespace in state: %w", err) } logrus.Debugf("Set libpod namespace to %q", runtime.config.Engine.Namespace) @@ -468,16 +468,16 @@ func makeRuntime(runtime *Runtime) (retErr error) { // Create the tmpDir if err := os.MkdirAll(runtime.config.Engine.TmpDir, 0751); err != nil { // The directory is allowed to exist - if !os.IsExist(err) { - return errors.Wrap(err, "error creating tmpdir") + if !errors.Is(err, os.ErrExist) { + return fmt.Errorf("error creating tmpdir: %w", err) } } // Create events log dir if err := os.MkdirAll(filepath.Dir(runtime.config.Engine.EventsLogFilePath), 0700); err != nil { // The directory is allowed to exist - if !os.IsExist(err) { - return errors.Wrap(err, "error creating events dirs") + if !errors.Is(err, os.ErrExist) { + return fmt.Errorf("error creating events dirs: %w", err) } } @@ -514,7 +514,7 @@ func makeRuntime(runtime *Runtime) (retErr error) { } else { ociRuntime, ok := runtime.ociRuntimes[runtime.config.Engine.OCIRuntime] if !ok { - return errors.Wrapf(define.ErrInvalidArg, "default OCI runtime %q not found", runtime.config.Engine.OCIRuntime) + return fmt.Errorf("default OCI runtime %q not found: %w", runtime.config.Engine.OCIRuntime, define.ErrInvalidArg) } runtime.defaultOCIRuntime = ociRuntime } @@ -523,19 +523,19 @@ func makeRuntime(runtime *Runtime) (retErr error) { // Do we have at least one valid OCI runtime? if len(runtime.ociRuntimes) == 0 { - return errors.Wrapf(define.ErrInvalidArg, "no OCI runtime has been configured") + return fmt.Errorf("no OCI runtime has been configured: %w", define.ErrInvalidArg) } // Do we have a default runtime? if runtime.defaultOCIRuntime == nil { - return errors.Wrapf(define.ErrInvalidArg, "no default OCI runtime was configured") + return fmt.Errorf("no default OCI runtime was configured: %w", define.ErrInvalidArg) } // Make the per-boot files directory if it does not exist if err := os.MkdirAll(runtime.config.Engine.TmpDir, 0755); err != nil { // The directory is allowed to exist - if !os.IsExist(err) { - return errors.Wrapf(err, "error creating runtime temporary files directory") + if !errors.Is(err, os.ErrExist) { + return fmt.Errorf("error creating runtime temporary files directory: %w", err) } } @@ -556,7 +556,7 @@ func makeRuntime(runtime *Runtime) (retErr error) { runtimeAliveFile := filepath.Join(runtime.config.Engine.TmpDir, "alive") aliveLock, err := storage.GetLockfile(runtimeAliveLock) if err != nil { - return errors.Wrapf(err, "error acquiring runtime init lock") + return fmt.Errorf("error acquiring runtime init lock: %w", err) } // Acquire the lock and hold it until we return // This ensures that no two processes will be in runtime.refresh at once @@ -586,7 +586,7 @@ func makeRuntime(runtime *Runtime) (retErr error) { aliveLock.Unlock() // Unlock to avoid deadlock as BecomeRootInUserNS will reexec. pausePid, err := util.GetRootlessPauseProcessPidPathGivenDir(runtime.config.Engine.TmpDir) if err != nil { - return errors.Wrapf(err, "could not get pause process pid file path") + return fmt.Errorf("could not get pause process pid file path: %w", err) } became, ret, err := rootless.BecomeRootInUserNS(pausePid) if err != nil { @@ -607,10 +607,10 @@ func makeRuntime(runtime *Runtime) (retErr error) { // This will trigger on first use as well, but refreshing an // empty state only creates a single file // As such, it's not really a performance concern - if os.IsNotExist(err) { + if errors.Is(err, os.ErrNotExist) { doRefresh = true } else { - return errors.Wrapf(err, "error reading runtime status file %s", runtimeAliveFile) + return fmt.Errorf("error reading runtime status file %s: %w", runtimeAliveFile, err) } } @@ -704,14 +704,14 @@ func findConmon(conmonPaths []string) (string, error) { } if foundOutdatedConmon { - return "", errors.Wrapf(define.ErrConmonOutdated, - "please update to v%d.%d.%d or later", - conmonMinMajorVersion, conmonMinMinorVersion, conmonMinPatchVersion) + return "", fmt.Errorf( + "please update to v%d.%d.%d or later: %w", + conmonMinMajorVersion, conmonMinMinorVersion, conmonMinPatchVersion, define.ErrConmonOutdated) } - return "", errors.Wrapf(define.ErrInvalidArg, - "could not find a working conmon binary (configured options: %v)", - conmonPaths) + return "", fmt.Errorf( + "could not find a working conmon binary (configured options: %v): %w", + conmonPaths, define.ErrInvalidArg) } // probeConmon calls conmon --version and verifies it is a new enough version for @@ -728,11 +728,11 @@ func probeConmon(conmonBinary string) error { matches := r.FindStringSubmatch(out.String()) if len(matches) != 4 { - return errors.Wrap(err, define.ErrConmonVersionFormat) + return fmt.Errorf("%v: %w", define.ErrConmonVersionFormat, err) } major, err := strconv.Atoi(matches[1]) if err != nil { - return errors.Wrap(err, define.ErrConmonVersionFormat) + return fmt.Errorf("%v: %w", define.ErrConmonVersionFormat, err) } if major < conmonMinMajorVersion { return define.ErrConmonOutdated @@ -743,7 +743,7 @@ func probeConmon(conmonBinary string) error { minor, err := strconv.Atoi(matches[2]) if err != nil { - return errors.Wrap(err, define.ErrConmonVersionFormat) + return fmt.Errorf("%v: %w", define.ErrConmonVersionFormat, err) } if minor < conmonMinMinorVersion { return define.ErrConmonOutdated @@ -754,7 +754,7 @@ func probeConmon(conmonBinary string) error { patch, err := strconv.Atoi(matches[3]) if err != nil { - return errors.Wrap(err, define.ErrConmonVersionFormat) + return fmt.Errorf("%v: %w", define.ErrConmonVersionFormat, err) } if patch < conmonMinPatchVersion { return define.ErrConmonOutdated @@ -798,7 +798,7 @@ func (r *Runtime) GetConfig() (*config.Config, error) { // Copy so the caller won't be able to modify the actual config if err := JSONDeepCopy(rtConfig, config); err != nil { - return nil, errors.Wrapf(err, "error copying config") + return nil, fmt.Errorf("error copying config: %w", err) } return config, nil @@ -909,7 +909,7 @@ func (r *Runtime) Shutdown(force bool) error { // Note that the libimage runtime shuts down the store. if err := r.libimageRuntime.Shutdown(force); err != nil { - lastError = errors.Wrapf(err, "error shutting down container storage") + lastError = fmt.Errorf("error shutting down container storage: %w", err) } } if err := r.state.Close(); err != nil { @@ -941,15 +941,15 @@ func (r *Runtime) refresh(alivePath string) error { // Containers, pods, and volumes must also reacquire their locks. ctrs, err := r.state.AllContainers() if err != nil { - return errors.Wrapf(err, "error retrieving all containers from state") + return fmt.Errorf("error retrieving all containers from state: %w", err) } pods, err := r.state.AllPods() if err != nil { - return errors.Wrapf(err, "error retrieving all pods from state") + return fmt.Errorf("error retrieving all pods from state: %w", err) } vols, err := r.state.AllVolumes() if err != nil { - return errors.Wrapf(err, "error retrieving all volumes from state") + return fmt.Errorf("error retrieving all volumes from state: %w", err) } // No locks are taken during pod, volume, and container refresh. // Furthermore, the pod/volume/container refresh() functions are not @@ -977,7 +977,7 @@ func (r *Runtime) refresh(alivePath string) error { // Create a file indicating the runtime is alive and ready file, err := os.OpenFile(alivePath, os.O_RDONLY|os.O_CREATE, 0644) if err != nil { - return errors.Wrap(err, "error creating runtime status file") + return fmt.Errorf("error creating runtime status file: %w", err) } defer file.Close() @@ -998,13 +998,13 @@ func (r *Runtime) generateName() (string, error) { // Make sure container with this name does not exist if _, err := r.state.LookupContainer(name); err == nil { continue - } else if errors.Cause(err) != define.ErrNoSuchCtr { + } else if !errors.Is(err, define.ErrNoSuchCtr) { return "", err } // Make sure pod with this name does not exist if _, err := r.state.LookupPod(name); err == nil { continue - } else if errors.Cause(err) != define.ErrNoSuchPod { + } else if !errors.Is(err, define.ErrNoSuchPod) { return "", err } return name, nil @@ -1194,19 +1194,21 @@ func (r *Runtime) reloadStorageConf() error { return nil } -// getVolumePlugin gets a specific volume plugin given its name. -func (r *Runtime) getVolumePlugin(name string) (*plugin.VolumePlugin, error) { +// getVolumePlugin gets a specific volume plugin. +func (r *Runtime) getVolumePlugin(volConfig *VolumeConfig) (*plugin.VolumePlugin, error) { // There is no plugin for local. + name := volConfig.Driver + timeout := volConfig.Timeout if name == define.VolumeDriverLocal || name == "" { return nil, nil } pluginPath, ok := r.config.Engine.VolumePlugins[name] if !ok { - return nil, errors.Wrapf(define.ErrMissingPlugin, "no volume plugin with name %s available", name) + return nil, fmt.Errorf("no volume plugin with name %s available: %w", name, define.ErrMissingPlugin) } - return plugin.GetVolumePlugin(name, pluginPath) + return plugin.GetVolumePlugin(name, pluginPath, timeout) } // GetSecretsStorageDir returns the directory that the secrets manager should take diff --git a/libpod/runtime_cstorage.go b/libpod/runtime_cstorage.go index 1c528e1b8..047375628 100644 --- a/libpod/runtime_cstorage.go +++ b/libpod/runtime_cstorage.go @@ -1,11 +1,12 @@ package libpod import ( + "errors" + "fmt" "time" "github.com/containers/podman/v4/libpod/define" "github.com/containers/storage" - "github.com/pkg/errors" "github.com/sirupsen/logrus" ) @@ -38,7 +39,7 @@ func (r *Runtime) ListStorageContainers() ([]*StorageContainer, error) { // Look up if container is in state hasCtr, err := r.state.HasContainer(ctr.ID) if err != nil { - return nil, errors.Wrapf(err, "error looking up container %s in state", ctr.ID) + return nil, fmt.Errorf("error looking up container %s in state: %w", ctr.ID, err) } storageCtr.PresentInLibpod = hasCtr @@ -60,20 +61,20 @@ func (r *Runtime) StorageContainer(idOrName string) (*storage.Container, error) func (r *Runtime) RemoveStorageContainer(idOrName string, force bool) error { targetID, err := r.store.Lookup(idOrName) if err != nil { - if errors.Cause(err) == storage.ErrLayerUnknown { - return errors.Wrapf(define.ErrNoSuchCtr, "no container with ID or name %q found", idOrName) + if errors.Is(err, storage.ErrLayerUnknown) { + return fmt.Errorf("no container with ID or name %q found: %w", idOrName, define.ErrNoSuchCtr) } - return errors.Wrapf(err, "error looking up container %q", idOrName) + return fmt.Errorf("error looking up container %q: %w", idOrName, err) } // Lookup returns an ID but it's not guaranteed to be a container ID. // So we can still error here. ctr, err := r.store.Container(targetID) if err != nil { - if errors.Cause(err) == storage.ErrContainerUnknown { - return errors.Wrapf(define.ErrNoSuchCtr, "%q does not refer to a container", idOrName) + if errors.Is(err, storage.ErrContainerUnknown) { + return fmt.Errorf("%q does not refer to a container: %w", idOrName, define.ErrNoSuchCtr) } - return errors.Wrapf(err, "error retrieving container %q", idOrName) + return fmt.Errorf("error retrieving container %q: %w", idOrName, err) } // Error out if the container exists in libpod @@ -82,13 +83,13 @@ func (r *Runtime) RemoveStorageContainer(idOrName string, force bool) error { return err } if exists { - return errors.Wrapf(define.ErrCtrExists, "refusing to remove %q as it exists in libpod as container %s", idOrName, ctr.ID) + return fmt.Errorf("refusing to remove %q as it exists in libpod as container %s: %w", idOrName, ctr.ID, define.ErrCtrExists) } if !force { timesMounted, err := r.store.Mounted(ctr.ID) if err != nil { - if errors.Cause(err) == storage.ErrContainerUnknown { + if errors.Is(err, storage.ErrContainerUnknown) { // Container was removed from under us. // It's gone, so don't bother erroring. logrus.Infof("Storage for container %s already removed", ctr.ID) @@ -97,7 +98,7 @@ func (r *Runtime) RemoveStorageContainer(idOrName string, force bool) error { logrus.Warnf("Checking if container %q is mounted, attempting to delete: %v", idOrName, err) } if timesMounted > 0 { - return errors.Wrapf(define.ErrCtrStateInvalid, "container %q is mounted and cannot be removed without using force", idOrName) + return fmt.Errorf("container %q is mounted and cannot be removed without using force: %w", idOrName, define.ErrCtrStateInvalid) } } else if _, err := r.store.Unmount(ctr.ID, true); err != nil { if errors.Is(err, storage.ErrContainerUnknown) { @@ -109,12 +110,12 @@ func (r *Runtime) RemoveStorageContainer(idOrName string, force bool) error { } if err := r.store.DeleteContainer(ctr.ID); err != nil { - if errors.Cause(err) == storage.ErrNotAContainer || errors.Cause(err) == storage.ErrContainerUnknown { + if errors.Is(err, storage.ErrNotAContainer) || errors.Is(err, storage.ErrContainerUnknown) { // Container again gone, no error logrus.Infof("Storage for container %s already removed", ctr.ID) return nil } - return errors.Wrapf(err, "error removing storage for container %q", idOrName) + return fmt.Errorf("error removing storage for container %q: %w", idOrName, err) } return nil diff --git a/libpod/runtime_ctr.go b/libpod/runtime_ctr.go index 459514d47..ce0fd869d 100644 --- a/libpod/runtime_ctr.go +++ b/libpod/runtime_ctr.go @@ -2,6 +2,7 @@ package libpod import ( "context" + "errors" "fmt" "os" "path" @@ -26,7 +27,6 @@ import ( "github.com/docker/go-units" spec "github.com/opencontainers/runtime-spec/specs-go" "github.com/opencontainers/runtime-tools/generate" - "github.com/pkg/errors" "github.com/sirupsen/logrus" ) @@ -86,7 +86,7 @@ func (r *Runtime) RestoreContainer(ctx context.Context, rSpec *spec.Spec, config ctr, err := r.initContainerVariables(rSpec, config) if err != nil { - return nil, errors.Wrapf(err, "error initializing container variables") + return nil, fmt.Errorf("error initializing container variables: %w", err) } // For an imported checkpoint no one has ever set the StartedTime. Set it now. ctr.state.StartedTime = time.Now() @@ -126,7 +126,7 @@ func (r *Runtime) RenameContainer(ctx context.Context, ctr *Container, newName s // the config was re-written. newConf, err := r.state.GetContainerConfig(ctr.ID()) if err != nil { - return nil, errors.Wrapf(err, "error retrieving container %s configuration from DB to remove", ctr.ID()) + return nil, fmt.Errorf("error retrieving container %s configuration from DB to remove: %w", ctr.ID(), err) } ctr.config = newConf @@ -143,7 +143,7 @@ func (r *Runtime) RenameContainer(ctx context.Context, ctr *Container, newName s // Set config back to the old name so reflect what is actually // present in the DB. ctr.config.Name = oldName - return nil, errors.Wrapf(err, "error renaming container %s", ctr.ID()) + return nil, fmt.Errorf("error renaming container %s: %w", ctr.ID(), err) } // Step 3: rename the container in c/storage. @@ -162,7 +162,7 @@ func (r *Runtime) RenameContainer(ctx context.Context, ctr *Container, newName s func (r *Runtime) initContainerVariables(rSpec *spec.Spec, config *ContainerConfig) (*Container, error) { if rSpec == nil { - return nil, errors.Wrapf(define.ErrInvalidArg, "must provide a valid runtime spec to create container") + return nil, fmt.Errorf("must provide a valid runtime spec to create container: %w", define.ErrInvalidArg) } ctr := new(Container) ctr.config = new(ContainerConfig) @@ -172,7 +172,7 @@ func (r *Runtime) initContainerVariables(rSpec *spec.Spec, config *ContainerConf ctr.config.ID = stringid.GenerateNonCryptoID() size, err := units.FromHumanSize(r.config.Containers.ShmSize) if err != nil { - return nil, errors.Wrapf(err, "converting containers.conf ShmSize %s to an int", r.config.Containers.ShmSize) + return nil, fmt.Errorf("converting containers.conf ShmSize %s to an int: %w", r.config.Containers.ShmSize, err) } ctr.config.ShmSize = size ctr.config.NoShm = false @@ -184,7 +184,7 @@ func (r *Runtime) initContainerVariables(rSpec *spec.Spec, config *ContainerConf // This is a restore from an imported checkpoint ctr.restoreFromCheckpoint = true if err := JSONDeepCopy(config, ctr.config); err != nil { - return nil, errors.Wrapf(err, "error copying container config for restore") + return nil, fmt.Errorf("error copying container config for restore: %w", err) } // If the ID is empty a new name for the restored container was requested if ctr.config.ID == "" { @@ -224,12 +224,12 @@ func (r *Runtime) newContainer(ctx context.Context, rSpec *spec.Spec, options .. ctr, err = r.initContainerVariables(rSpec, nil) if err != nil { - return nil, errors.Wrapf(err, "error initializing container variables") + return nil, fmt.Errorf("error initializing container variables: %w", err) } for _, option := range options { if err := option(ctr); err != nil { - return nil, errors.Wrapf(err, "error running container create option") + return nil, fmt.Errorf("error running container create option: %w", err) } } @@ -248,7 +248,7 @@ func (r *Runtime) setupContainer(ctx context.Context, ctr *Container) (_ *Contai if opts.InterfaceName != "" { // check that no name is assigned to more than network if cutil.StringInSlice(opts.InterfaceName, usedIfNames) { - return nil, errors.Errorf("network interface name %q is already assigned to another network", opts.InterfaceName) + return nil, fmt.Errorf("network interface name %q is already assigned to another network", opts.InterfaceName) } usedIfNames = append(usedIfNames, opts.InterfaceName) } @@ -296,7 +296,7 @@ func (r *Runtime) setupContainer(ctx context.Context, ctr *Container) (_ *Contai // Allocate a lock for the container lock, err := r.lockManager.AllocateLock() if err != nil { - return nil, errors.Wrapf(err, "error allocating lock for new container") + return nil, fmt.Errorf("error allocating lock for new container: %w", err) } ctr.lock = lock ctr.config.LockID = ctr.lock.ID() @@ -319,7 +319,7 @@ func (r *Runtime) setupContainer(ctx context.Context, ctr *Container) (_ *Contai } else { ociRuntime, ok := r.ociRuntimes[ctr.config.OCIRuntime] if !ok { - return nil, errors.Wrapf(define.ErrInvalidArg, "requested OCI runtime %s is not available", ctr.config.OCIRuntime) + return nil, fmt.Errorf("requested OCI runtime %s is not available: %w", ctr.config.OCIRuntime, define.ErrInvalidArg) } ctr.ociRuntime = ociRuntime } @@ -327,7 +327,7 @@ func (r *Runtime) setupContainer(ctx context.Context, ctr *Container) (_ *Contai // Check NoCgroups support if ctr.config.NoCgroups { if !ctr.ociRuntime.SupportsNoCgroups() { - return nil, errors.Wrapf(define.ErrInvalidArg, "requested OCI runtime %s is not compatible with NoCgroups", ctr.ociRuntime.Name()) + return nil, fmt.Errorf("requested OCI runtime %s is not compatible with NoCgroups: %w", ctr.ociRuntime.Name(), define.ErrInvalidArg) } } @@ -336,7 +336,7 @@ func (r *Runtime) setupContainer(ctx context.Context, ctr *Container) (_ *Contai // Get the pod from state pod, err = r.state.Pod(ctr.config.Pod) if err != nil { - return nil, errors.Wrapf(err, "cannot add container %s to pod %s", ctr.ID(), ctr.config.Pod) + return nil, fmt.Errorf("cannot add container %s to pod %s: %w", ctr.ID(), ctr.config.Pod, err) } } @@ -350,14 +350,14 @@ func (r *Runtime) setupContainer(ctx context.Context, ctr *Container) (_ *Contai if pod != nil && pod.config.UsePodCgroup && !ctr.IsInfra() { podCgroup, err := pod.CgroupPath() if err != nil { - return nil, errors.Wrapf(err, "error retrieving pod %s cgroup", pod.ID()) + return nil, fmt.Errorf("error retrieving pod %s cgroup: %w", pod.ID(), err) } expectPodCgroup, err := ctr.expectPodCgroup() if err != nil { return nil, err } if expectPodCgroup && podCgroup == "" { - return nil, errors.Wrapf(define.ErrInternal, "pod %s cgroup is not set", pod.ID()) + return nil, fmt.Errorf("pod %s cgroup is not set: %w", pod.ID(), define.ErrInternal) } canUseCgroup := !rootless.IsRootless() || isRootlessCgroupSet(podCgroup) if canUseCgroup { @@ -367,7 +367,7 @@ func (r *Runtime) setupContainer(ctx context.Context, ctr *Container) (_ *Contai ctr.config.CgroupParent = CgroupfsDefaultCgroupParent } } else if strings.HasSuffix(path.Base(ctr.config.CgroupParent), ".slice") { - return nil, errors.Wrapf(define.ErrInvalidArg, "systemd slice received as cgroup parent when using cgroupfs") + return nil, fmt.Errorf("systemd slice received as cgroup parent when using cgroupfs: %w", define.ErrInvalidArg) } case config.SystemdCgroupsManager: if ctr.config.CgroupParent == "" { @@ -375,7 +375,7 @@ func (r *Runtime) setupContainer(ctx context.Context, ctr *Container) (_ *Contai case pod != nil && pod.config.UsePodCgroup && !ctr.IsInfra(): podCgroup, err := pod.CgroupPath() if err != nil { - return nil, errors.Wrapf(err, "error retrieving pod %s cgroup", pod.ID()) + return nil, fmt.Errorf("error retrieving pod %s cgroup: %w", pod.ID(), err) } ctr.config.CgroupParent = podCgroup case rootless.IsRootless() && ctr.config.CgroupsMode != cgroupSplit: @@ -384,10 +384,10 @@ func (r *Runtime) setupContainer(ctx context.Context, ctr *Container) (_ *Contai ctr.config.CgroupParent = SystemdDefaultCgroupParent } } else if len(ctr.config.CgroupParent) < 6 || !strings.HasSuffix(path.Base(ctr.config.CgroupParent), ".slice") { - return nil, errors.Wrapf(define.ErrInvalidArg, "did not receive systemd slice as cgroup parent when using systemd to manage cgroups") + return nil, fmt.Errorf("did not receive systemd slice as cgroup parent when using systemd to manage cgroups: %w", define.ErrInvalidArg) } default: - return nil, errors.Wrapf(define.ErrInvalidArg, "unsupported Cgroup manager: %s - cannot validate cgroup parent", r.config.Engine.CgroupManager) + return nil, fmt.Errorf("unsupported Cgroup manager: %s - cannot validate cgroup parent: %w", r.config.Engine.CgroupManager, define.ErrInvalidArg) } } @@ -470,8 +470,8 @@ func (r *Runtime) setupContainer(ctx context.Context, ctr *Container) (_ *Contai ctrNamedVolumes = append(ctrNamedVolumes, dbVol) // The volume exists, we're good continue - } else if errors.Cause(err) != define.ErrNoSuchVolume { - return nil, errors.Wrapf(err, "error retrieving named volume %s for new container", vol.Name) + } else if !errors.Is(err, define.ErrNoSuchVolume) { + return nil, fmt.Errorf("error retrieving named volume %s for new container: %w", vol.Name, err) } } @@ -504,7 +504,7 @@ func (r *Runtime) setupContainer(ctx context.Context, ctr *Container) (_ *Contai } newVol, err := r.newVolume(false, volOptions...) if err != nil { - return nil, errors.Wrapf(err, "error creating named volume %q", vol.Name) + return nil, fmt.Errorf("error creating named volume %q: %w", vol.Name, err) } ctrNamedVolumes = append(ctrNamedVolumes, newVol) @@ -527,7 +527,7 @@ func (r *Runtime) setupContainer(ctx context.Context, ctr *Container) (_ *Contai ctr.config.ShmDir = filepath.Join(ctr.bundlePath(), "shm") if err := os.MkdirAll(ctr.config.ShmDir, 0700); err != nil { if !os.IsExist(err) { - return nil, errors.Wrap(err, "unable to create shm dir") + return nil, fmt.Errorf("unable to create shm dir: %w", err) } } ctr.config.Mounts = append(ctr.config.Mounts, ctr.config.ShmDir) @@ -596,7 +596,7 @@ func (r *Runtime) removeContainer(ctx context.Context, c *Container, force, remo // exist once we're done. newConf, err := r.state.GetContainerConfig(c.ID()) if err != nil { - return errors.Wrapf(err, "error retrieving container %s configuration from DB to remove", c.ID()) + return fmt.Errorf("error retrieving container %s configuration from DB to remove: %w", c.ID(), err) } c.config = newConf @@ -611,12 +611,12 @@ func (r *Runtime) removeContainer(ctx context.Context, c *Container, force, remo if c.config.Pod != "" && !removePod { pod, err = r.state.Pod(c.config.Pod) if err != nil { - return errors.Wrapf(err, "container %s is in pod %s, but pod cannot be retrieved", c.ID(), pod.ID()) + return fmt.Errorf("container %s is in pod %s, but pod cannot be retrieved: %w", c.ID(), pod.ID(), err) } // Lock the pod while we're removing container if pod.config.LockID == c.config.LockID { - return errors.Wrapf(define.ErrWillDeadlock, "container %s and pod %s share lock ID %d", c.ID(), pod.ID(), c.config.LockID) + return fmt.Errorf("container %s and pod %s share lock ID %d: %w", c.ID(), pod.ID(), c.config.LockID, define.ErrWillDeadlock) } pod.lock.Lock() defer pod.lock.Unlock() @@ -626,7 +626,7 @@ func (r *Runtime) removeContainer(ctx context.Context, c *Container, force, remo infraID := pod.state.InfraContainerID if c.ID() == infraID { - return errors.Errorf("container %s is the infra container of pod %s and cannot be removed without removing the pod", c.ID(), pod.ID()) + return fmt.Errorf("container %s is the infra container of pod %s and cannot be removed without removing the pod", c.ID(), pod.ID()) } } @@ -664,9 +664,6 @@ func (r *Runtime) removeContainer(ctx context.Context, c *Container, force, remo } if c.state.State == define.ContainerStatePaused { - if err := c.ociRuntime.KillContainer(c, 9, false); err != nil { - return err - } isV2, err := cgroups.IsCgroup2UnifiedMode() if err != nil { return err @@ -677,6 +674,9 @@ func (r *Runtime) removeContainer(ctx context.Context, c *Container, force, remo return err } } + if err := c.ociRuntime.KillContainer(c, 9, false); err != nil { + return err + } // Need to update container state to make sure we know it's stopped if err := c.waitForExitFileAndSync(); err != nil { return err @@ -693,7 +693,7 @@ func (r *Runtime) removeContainer(ctx context.Context, c *Container, force, remo } if len(deps) != 0 { depsStr := strings.Join(deps, ", ") - return errors.Wrapf(define.ErrCtrExists, "container %s has dependent containers which must be removed before it: %s", c.ID(), depsStr) + return fmt.Errorf("container %s has dependent containers which must be removed before it: %s: %w", c.ID(), depsStr, define.ErrCtrExists) } } @@ -705,8 +705,8 @@ func (r *Runtime) removeContainer(ctx context.Context, c *Container, force, remo } // Ignore ErrConmonDead - we couldn't retrieve the container's // exit code properly, but it's still stopped. - if err := c.stop(time); err != nil && errors.Cause(err) != define.ErrConmonDead { - return errors.Wrapf(err, "cannot remove container %s as it could not be stopped", c.ID()) + if err := c.stop(time); err != nil && !errors.Is(err, define.ErrConmonDead) { + return fmt.Errorf("cannot remove container %s as it could not be stopped: %w", c.ID(), err) } // We unlocked as part of stop() above - there's a chance someone @@ -715,6 +715,10 @@ func (r *Runtime) removeContainer(ctx context.Context, c *Container, force, remo // Do a quick ping of the database to check if the container // still exists. if ok, _ := r.state.HasContainer(c.ID()); !ok { + // When the container has already been removed, the OCI runtime directory remain. + if err := c.cleanupRuntime(ctx); err != nil { + return fmt.Errorf("error cleaning up container %s from OCI runtime: %w", c.ID(), err) + } return nil } } @@ -725,7 +729,7 @@ func (r *Runtime) removeContainer(ctx context.Context, c *Container, force, remo // Do this before we set ContainerStateRemoving, to ensure that we can // actually remove from the OCI runtime. if err := c.cleanup(ctx); err != nil { - cleanupErr = errors.Wrapf(err, "error cleaning up container %s", c.ID()) + cleanupErr = fmt.Errorf("error cleaning up container %s: %w", c.ID(), err) } // Set ContainerStateRemoving @@ -735,7 +739,7 @@ func (r *Runtime) removeContainer(ctx context.Context, c *Container, force, remo if cleanupErr != nil { logrus.Errorf(err.Error()) } - return errors.Wrapf(err, "unable to set container %s removing state in database", c.ID()) + return fmt.Errorf("unable to set container %s removing state in database: %w", c.ID(), err) } // Remove all active exec sessions @@ -785,7 +789,7 @@ func (r *Runtime) removeContainer(ctx context.Context, c *Container, force, remo // Deallocate the container's lock if err := c.lock.Free(); err != nil { if cleanupErr == nil { - cleanupErr = errors.Wrapf(err, "error freeing lock for container %s", c.ID()) + cleanupErr = fmt.Errorf("error freeing lock for container %s: %w", c.ID(), err) } else { logrus.Errorf("Free container lock: %v", err) } @@ -805,8 +809,8 @@ func (r *Runtime) removeContainer(ctx context.Context, c *Container, force, remo if !volume.Anonymous() { continue } - if err := runtime.removeVolume(ctx, volume, false, timeout, false); err != nil && errors.Cause(err) != define.ErrNoSuchVolume { - if errors.Cause(err) == define.ErrVolumeBeingUsed { + if err := runtime.removeVolume(ctx, volume, false, timeout, false); err != nil && !errors.Is(err, define.ErrNoSuchVolume) { + if errors.Is(err, define.ErrVolumeBeingUsed) { // Ignore error, since podman will report original error volumesFrom, _ := c.volumesFrom() if len(volumesFrom) > 0 { @@ -887,7 +891,7 @@ func (r *Runtime) evictContainer(ctx context.Context, idOrName string, removeVol c := new(Container) c.config, err = r.state.GetContainerConfig(id) if err != nil { - return id, errors.Wrapf(err, "failed to retrieve config for ctr ID %q", id) + return id, fmt.Errorf("failed to retrieve config for ctr ID %q: %w", id, err) } c.state = new(ContainerState) @@ -899,7 +903,7 @@ func (r *Runtime) evictContainer(ctx context.Context, idOrName string, removeVol if c.config.Pod != "" { pod, err = r.state.Pod(c.config.Pod) if err != nil { - return id, errors.Wrapf(err, "container %s is in pod %s, but pod cannot be retrieved", c.ID(), pod.ID()) + return id, fmt.Errorf("container %s is in pod %s, but pod cannot be retrieved: %w", c.ID(), pod.ID(), err) } // Lock the pod while we're removing container @@ -914,7 +918,7 @@ func (r *Runtime) evictContainer(ctx context.Context, idOrName string, removeVol return "", err } if c.ID() == infraID { - return id, errors.Errorf("container %s is the infra container of pod %s and cannot be removed without removing the pod", c.ID(), pod.ID()) + return id, fmt.Errorf("container %s is the infra container of pod %s and cannot be removed without removing the pod", c.ID(), pod.ID()) } } @@ -1111,7 +1115,7 @@ func (r *Runtime) GetContainersByList(containers []string) ([]*Container, error) for _, inputContainer := range containers { ctr, err := r.LookupContainer(inputContainer) if err != nil { - return ctrs, errors.Wrapf(err, "unable to look up container %s", inputContainer) + return ctrs, fmt.Errorf("unable to look up container %s: %w", inputContainer, err) } ctrs = append(ctrs, ctr) } @@ -1124,7 +1128,7 @@ func (r *Runtime) GetLatestContainer() (*Container, error) { var lastCreatedTime time.Time ctrs, err := r.GetAllContainers() if err != nil { - return nil, errors.Wrapf(err, "unable to find latest container") + return nil, fmt.Errorf("unable to find latest container: %w", err) } if len(ctrs) == 0 { return nil, define.ErrNoSuchCtr @@ -1205,7 +1209,7 @@ func (r *Runtime) PruneContainers(filterFuncs []ContainerFilter) ([]*reports.Pru // MountStorageContainer mounts the storage container's root filesystem func (r *Runtime) MountStorageContainer(id string) (string, error) { if _, err := r.GetContainer(id); err == nil { - return "", errors.Wrapf(define.ErrCtrExists, "ctr %s is a libpod container", id) + return "", fmt.Errorf("ctr %s is a libpod container: %w", id, define.ErrCtrExists) } container, err := r.store.Container(id) if err != nil { @@ -1213,7 +1217,7 @@ func (r *Runtime) MountStorageContainer(id string) (string, error) { } mountPoint, err := r.store.Mount(container.ID, "") if err != nil { - return "", errors.Wrapf(err, "error mounting storage for container %s", id) + return "", fmt.Errorf("error mounting storage for container %s: %w", id, err) } return mountPoint, nil } @@ -1221,7 +1225,7 @@ func (r *Runtime) MountStorageContainer(id string) (string, error) { // UnmountStorageContainer unmounts the storage container's root filesystem func (r *Runtime) UnmountStorageContainer(id string, force bool) (bool, error) { if _, err := r.GetContainer(id); err == nil { - return false, errors.Wrapf(define.ErrCtrExists, "ctr %s is a libpod container", id) + return false, fmt.Errorf("ctr %s is a libpod container: %w", id, define.ErrCtrExists) } container, err := r.store.Container(id) if err != nil { @@ -1235,7 +1239,7 @@ func (r *Runtime) UnmountStorageContainer(id string, force bool) (bool, error) { func (r *Runtime) IsStorageContainerMounted(id string) (bool, string, error) { var path string if _, err := r.GetContainer(id); err == nil { - return false, "", errors.Wrapf(define.ErrCtrExists, "ctr %s is a libpod container", id) + return false, "", fmt.Errorf("ctr %s is a libpod container: %w", id, define.ErrCtrExists) } mountCnt, err := r.storageService.MountedContainerImage(id) @@ -1261,13 +1265,13 @@ func (r *Runtime) StorageContainers() ([]storage.Container, error) { storeContainers, err := r.store.Containers() if err != nil { - return nil, errors.Wrapf(err, "error reading list of all storage containers") + return nil, fmt.Errorf("error reading list of all storage containers: %w", err) } retCtrs := []storage.Container{} for _, container := range storeContainers { exists, err := r.state.HasContainer(container.ID) if err != nil && err != define.ErrNoSuchCtr { - return nil, errors.Wrapf(err, "failed to check if %s container exists in database", container.ID) + return nil, fmt.Errorf("failed to check if %s container exists in database: %w", container.ID, err) } if exists { continue diff --git a/libpod/runtime_img.go b/libpod/runtime_img.go index b13482722..d04607d2e 100644 --- a/libpod/runtime_img.go +++ b/libpod/runtime_img.go @@ -2,6 +2,8 @@ package libpod import ( "context" + "errors" + "fmt" "io" "io/ioutil" "os" @@ -13,7 +15,6 @@ import ( "github.com/containers/podman/v4/libpod/define" "github.com/containers/podman/v4/libpod/events" "github.com/containers/podman/v4/pkg/util" - "github.com/pkg/errors" "github.com/sirupsen/logrus" ) @@ -40,14 +41,14 @@ func (r *Runtime) RemoveContainersForImageCallback(ctx context.Context) libimage if ctr.config.IsInfra { pod, err := r.state.Pod(ctr.config.Pod) if err != nil { - return errors.Wrapf(err, "container %s is in pod %s, but pod cannot be retrieved", ctr.ID(), ctr.config.Pod) + return fmt.Errorf("container %s is in pod %s, but pod cannot be retrieved: %w", ctr.ID(), ctr.config.Pod, err) } if err := r.removePod(ctx, pod, true, true, timeout); err != nil { - return errors.Wrapf(err, "removing image %s: container %s using image could not be removed", imageID, ctr.ID()) + return fmt.Errorf("removing image %s: container %s using image could not be removed: %w", imageID, ctr.ID(), err) } } else { if err := r.removeContainer(ctx, ctr, true, false, false, timeout); err != nil { - return errors.Wrapf(err, "removing image %s: container %s using image could not be removed", imageID, ctr.ID()) + return fmt.Errorf("removing image %s: container %s using image could not be removed: %w", imageID, ctr.ID(), err) } } } @@ -106,7 +107,7 @@ func (r *Runtime) Build(ctx context.Context, options buildahDefine.BuildOptions, func DownloadFromFile(reader *os.File) (string, error) { outFile, err := ioutil.TempFile(util.Tmpdir(), "import") if err != nil { - return "", errors.Wrap(err, "error creating file") + return "", fmt.Errorf("error creating file: %w", err) } defer outFile.Close() @@ -114,7 +115,7 @@ func DownloadFromFile(reader *os.File) (string, error) { _, err = io.Copy(outFile, reader) if err != nil { - return "", errors.Wrapf(err, "error saving %s to %s", reader.Name(), outFile.Name()) + return "", fmt.Errorf("error saving %s to %s: %w", reader.Name(), outFile.Name(), err) } return outFile.Name(), nil diff --git a/libpod/runtime_migrate.go b/libpod/runtime_migrate.go index f56cb83a4..139638a6b 100644 --- a/libpod/runtime_migrate.go +++ b/libpod/runtime_migrate.go @@ -14,7 +14,6 @@ import ( "github.com/containers/podman/v4/libpod/define" "github.com/containers/podman/v4/pkg/rootless" "github.com/containers/podman/v4/pkg/util" - "github.com/pkg/errors" "github.com/sirupsen/logrus" ) @@ -22,21 +21,21 @@ func (r *Runtime) stopPauseProcess() error { if rootless.IsRootless() { pausePidPath, err := util.GetRootlessPauseProcessPidPathGivenDir(r.config.Engine.TmpDir) if err != nil { - return errors.Wrapf(err, "could not get pause process pid file path") + return fmt.Errorf("could not get pause process pid file path: %w", err) } data, err := ioutil.ReadFile(pausePidPath) if err != nil { if os.IsNotExist(err) { return nil } - return errors.Wrap(err, "cannot read pause process pid file") + return fmt.Errorf("cannot read pause process pid file: %w", err) } pausePid, err := strconv.Atoi(string(data)) if err != nil { - return errors.Wrapf(err, "cannot parse pause pid file %s", pausePidPath) + return fmt.Errorf("cannot parse pause pid file %s: %w", pausePidPath, err) } if err := os.Remove(pausePidPath); err != nil { - return errors.Wrapf(err, "cannot delete pause pid file %s", pausePidPath) + return fmt.Errorf("cannot delete pause pid file %s: %w", pausePidPath, err) } if err := syscall.Kill(pausePid, syscall.SIGKILL); err != nil { return err @@ -60,7 +59,7 @@ func (r *Runtime) migrate() error { for _, ctr := range runningContainers { fmt.Printf("stopped %s\n", ctr.ID()) if err := ctr.Stop(); err != nil { - return errors.Wrapf(err, "cannot stop container %s", ctr.ID()) + return fmt.Errorf("cannot stop container %s: %w", ctr.ID(), err) } } @@ -68,7 +67,7 @@ func (r *Runtime) migrate() error { runtimeChangeRequested := r.migrateRuntime != "" requestedRuntime, runtimeExists := r.ociRuntimes[r.migrateRuntime] if !runtimeExists && runtimeChangeRequested { - return errors.Wrapf(define.ErrInvalidArg, "change to runtime %q requested but no such runtime is defined", r.migrateRuntime) + return fmt.Errorf("change to runtime %q requested but no such runtime is defined: %w", r.migrateRuntime, define.ErrInvalidArg) } for _, ctr := range allCtrs { @@ -93,7 +92,7 @@ func (r *Runtime) migrate() error { if needsWrite { if err := r.state.RewriteContainerConfig(ctr, ctr.config); err != nil { - return errors.Wrapf(err, "error rewriting config for container %s", ctr.ID()) + return fmt.Errorf("error rewriting config for container %s: %w", ctr.ID(), err) } } } diff --git a/libpod/runtime_pod.go b/libpod/runtime_pod.go index ee3d40484..25e48de14 100644 --- a/libpod/runtime_pod.go +++ b/libpod/runtime_pod.go @@ -2,11 +2,12 @@ package libpod import ( "context" + "errors" + "fmt" "time" "github.com/containers/common/pkg/util" "github.com/containers/podman/v4/libpod/define" - "github.com/pkg/errors" ) // Contains the public Runtime API for pods @@ -112,7 +113,7 @@ func (r *Runtime) GetLatestPod() (*Pod, error) { var lastCreatedTime time.Time pods, err := r.GetAllPods() if err != nil { - return nil, errors.Wrapf(err, "unable to get all pods") + return nil, fmt.Errorf("unable to get all pods: %w", err) } if len(pods) == 0 { return nil, define.ErrNoSuchPod @@ -146,7 +147,7 @@ func (r *Runtime) GetRunningPods() ([]*Pod, error) { pods = append(pods, c.PodID()) pod, err := r.GetPod(c.PodID()) if err != nil { - if errors.Cause(err) == define.ErrPodRemoved || errors.Cause(err) == define.ErrNoSuchPod { + if errors.Is(err, define.ErrPodRemoved) || errors.Is(err, define.ErrNoSuchPod) { continue } return nil, err diff --git a/libpod/runtime_pod_linux.go b/libpod/runtime_pod_linux.go index 00017ca21..75ff24e41 100644 --- a/libpod/runtime_pod_linux.go +++ b/libpod/runtime_pod_linux.go @@ -5,6 +5,7 @@ package libpod import ( "context" + "errors" "fmt" "os" "path" @@ -18,7 +19,6 @@ import ( "github.com/containers/podman/v4/pkg/rootless" "github.com/containers/podman/v4/pkg/specgen" runcconfig "github.com/opencontainers/runc/libcontainer/configs" - "github.com/pkg/errors" "github.com/sirupsen/logrus" ) @@ -38,14 +38,14 @@ func (r *Runtime) NewPod(ctx context.Context, p specgen.PodSpecGenerator, option for _, option := range options { if err := option(pod); err != nil { - return nil, errors.Wrapf(err, "error running pod create option") + return nil, fmt.Errorf("error running pod create option: %w", err) } } // Allocate a lock for the pod lock, err := r.lockManager.AllocateLock() if err != nil { - return nil, errors.Wrapf(err, "error allocating lock for new pod") + return nil, fmt.Errorf("error allocating lock for new pod: %w", err) } pod.lock = lock pod.config.LockID = pod.lock.ID() @@ -70,7 +70,7 @@ func (r *Runtime) NewPod(ctx context.Context, p specgen.PodSpecGenerator, option if pod.config.CgroupParent == "" { pod.config.CgroupParent = CgroupfsDefaultCgroupParent } else if strings.HasSuffix(path.Base(pod.config.CgroupParent), ".slice") { - return nil, errors.Wrapf(define.ErrInvalidArg, "systemd slice received as cgroup parent when using cgroupfs") + return nil, fmt.Errorf("systemd slice received as cgroup parent when using cgroupfs: %w", define.ErrInvalidArg) } // If we are set to use pod cgroups, set the cgroup parent that // all containers in the pod will share @@ -78,21 +78,24 @@ func (r *Runtime) NewPod(ctx context.Context, p specgen.PodSpecGenerator, option pod.state.CgroupPath = filepath.Join(pod.config.CgroupParent, pod.ID()) if p.InfraContainerSpec != nil { p.InfraContainerSpec.CgroupParent = pod.state.CgroupPath - res, err := GetLimits(p.InfraContainerSpec.ResourceLimits) - if err != nil { - return nil, err - } - // Need to both create and update the cgroup - // rather than create a new path in c/common for pod cgroup creation - // just create as if it is a ctr and then update figures out that we need to - // populate the resource limits on the pod level - cgc, err := cgroups.New(pod.state.CgroupPath, &res) - if err != nil { - return nil, err - } - err = cgc.Update(&res) - if err != nil { - return nil, err + // cgroupfs + rootless = permission denied when creating the cgroup. + if !rootless.IsRootless() { + res, err := GetLimits(p.InfraContainerSpec.ResourceLimits) + if err != nil { + return nil, err + } + // Need to both create and update the cgroup + // rather than create a new path in c/common for pod cgroup creation + // just create as if it is a ctr and then update figures out that we need to + // populate the resource limits on the pod level + cgc, err := cgroups.New(pod.state.CgroupPath, &res) + if err != nil { + return nil, err + } + err = cgc.Update(&res) + if err != nil { + return nil, err + } } } } @@ -105,14 +108,14 @@ func (r *Runtime) NewPod(ctx context.Context, p specgen.PodSpecGenerator, option pod.config.CgroupParent = SystemdDefaultCgroupParent } } else if len(pod.config.CgroupParent) < 6 || !strings.HasSuffix(path.Base(pod.config.CgroupParent), ".slice") { - return nil, errors.Wrapf(define.ErrInvalidArg, "did not receive systemd slice as cgroup parent when using systemd to manage cgroups") + return nil, fmt.Errorf("did not receive systemd slice as cgroup parent when using systemd to manage cgroups: %w", define.ErrInvalidArg) } // If we are set to use pod cgroups, set the cgroup parent that // all containers in the pod will share if pod.config.UsePodCgroup { cgroupPath, err := systemdSliceFromPath(pod.config.CgroupParent, fmt.Sprintf("libpod_pod_%s", pod.ID()), p.InfraContainerSpec.ResourceLimits) if err != nil { - return nil, errors.Wrapf(err, "unable to create pod cgroup for pod %s", pod.ID()) + return nil, fmt.Errorf("unable to create pod cgroup for pod %s: %w", pod.ID(), err) } pod.state.CgroupPath = cgroupPath if p.InfraContainerSpec != nil { @@ -120,7 +123,7 @@ func (r *Runtime) NewPod(ctx context.Context, p specgen.PodSpecGenerator, option } } default: - return nil, errors.Wrapf(define.ErrInvalidArg, "unsupported Cgroup manager: %s - cannot validate cgroup parent", r.config.Engine.CgroupManager) + return nil, fmt.Errorf("unsupported Cgroup manager: %s - cannot validate cgroup parent: %w", r.config.Engine.CgroupManager, define.ErrInvalidArg) } } @@ -129,7 +132,7 @@ func (r *Runtime) NewPod(ctx context.Context, p specgen.PodSpecGenerator, option } if !pod.HasInfraContainer() && pod.SharesNamespaces() { - return nil, errors.Errorf("Pods must have an infra container to share namespaces") + return nil, errors.New("Pods must have an infra container to share namespaces") } if pod.HasInfraContainer() && !pod.SharesNamespaces() { logrus.Infof("Pod has an infra container, but shares no namespaces") @@ -154,12 +157,12 @@ func (r *Runtime) NewPod(ctx context.Context, p specgen.PodSpecGenerator, option if addPodErr = r.state.AddPod(pod); addPodErr == nil { return pod, nil } - if !generateName || (errors.Cause(addPodErr) != define.ErrPodExists && errors.Cause(addPodErr) != define.ErrCtrExists) { + if !generateName || (!errors.Is(addPodErr, define.ErrPodExists) && !errors.Is(addPodErr, define.ErrCtrExists)) { break } } if addPodErr != nil { - return nil, errors.Wrapf(addPodErr, "error adding pod to state") + return nil, fmt.Errorf("error adding pod to state: %w", addPodErr) } return pod, nil @@ -208,7 +211,7 @@ func (r *Runtime) removePod(ctx context.Context, p *Pod, removeCtrs, force bool, force = true } if !removeCtrs && numCtrs > 0 { - return errors.Wrapf(define.ErrCtrExists, "pod %s contains containers and cannot be removed", p.ID()) + return fmt.Errorf("pod %s contains containers and cannot be removed: %w", p.ID(), define.ErrCtrExists) } // Go through and lock all containers so we can operate on them all at @@ -236,7 +239,7 @@ func (r *Runtime) removePod(ctx context.Context, p *Pod, removeCtrs, force bool, // Ensure state appropriate for removal if err := ctr.checkReadyForRemoval(); err != nil { - return errors.Wrapf(err, "pod %s has containers that are not ready to be removed", p.ID()) + return fmt.Errorf("pod %s has containers that are not ready to be removed: %w", p.ID(), err) } } @@ -308,7 +311,7 @@ func (r *Runtime) removePod(ctx context.Context, p *Pod, removeCtrs, force bool, for volName := range ctrNamedVolumes { volume, err := r.state.Volume(volName) - if err != nil && errors.Cause(err) != define.ErrNoSuchVolume { + if err != nil && !errors.Is(err, define.ErrNoSuchVolume) { logrus.Errorf("Retrieving volume %s: %v", volName, err) continue } @@ -316,7 +319,7 @@ func (r *Runtime) removePod(ctx context.Context, p *Pod, removeCtrs, force bool, continue } if err := r.removeVolume(ctx, volume, false, timeout, false); err != nil { - if errors.Cause(err) == define.ErrNoSuchVolume || errors.Cause(err) == define.ErrVolumeRemoved { + if errors.Is(err, define.ErrNoSuchVolume) || errors.Is(err, define.ErrVolumeRemoved) { continue } logrus.Errorf("Removing volume %s: %v", volName, err) @@ -337,7 +340,7 @@ func (r *Runtime) removePod(ctx context.Context, p *Pod, removeCtrs, force bool, case config.SystemdCgroupsManager: if err := deleteSystemdCgroup(p.state.CgroupPath, p.ResourceLim()); err != nil { if removalErr == nil { - removalErr = errors.Wrapf(err, "error removing pod %s cgroup", p.ID()) + removalErr = fmt.Errorf("error removing pod %s cgroup: %w", p.ID(), err) } else { logrus.Errorf("Deleting pod %s cgroup %s: %v", p.ID(), p.state.CgroupPath, err) } @@ -351,7 +354,7 @@ func (r *Runtime) removePod(ctx context.Context, p *Pod, removeCtrs, force bool, conmonCgroup, err := cgroups.Load(conmonCgroupPath) if err != nil && err != cgroups.ErrCgroupDeleted && err != cgroups.ErrCgroupV1Rootless { if removalErr == nil { - removalErr = errors.Wrapf(err, "error retrieving pod %s conmon cgroup", p.ID()) + removalErr = fmt.Errorf("error retrieving pod %s conmon cgroup: %w", p.ID(), err) } else { logrus.Debugf("Error retrieving pod %s conmon cgroup %s: %v", p.ID(), conmonCgroupPath, err) } @@ -359,7 +362,7 @@ func (r *Runtime) removePod(ctx context.Context, p *Pod, removeCtrs, force bool, if err == nil { if err = conmonCgroup.Delete(); err != nil { if removalErr == nil { - removalErr = errors.Wrapf(err, "error removing pod %s conmon cgroup", p.ID()) + removalErr = fmt.Errorf("error removing pod %s conmon cgroup: %w", p.ID(), err) } else { logrus.Errorf("Deleting pod %s conmon cgroup %s: %v", p.ID(), conmonCgroupPath, err) } @@ -368,7 +371,7 @@ func (r *Runtime) removePod(ctx context.Context, p *Pod, removeCtrs, force bool, cgroup, err := cgroups.Load(p.state.CgroupPath) if err != nil && err != cgroups.ErrCgroupDeleted && err != cgroups.ErrCgroupV1Rootless { if removalErr == nil { - removalErr = errors.Wrapf(err, "error retrieving pod %s cgroup", p.ID()) + removalErr = fmt.Errorf("error retrieving pod %s cgroup: %w", p.ID(), err) } else { logrus.Errorf("Retrieving pod %s cgroup %s: %v", p.ID(), p.state.CgroupPath, err) } @@ -376,7 +379,7 @@ func (r *Runtime) removePod(ctx context.Context, p *Pod, removeCtrs, force bool, if err == nil { if err := cgroup.Delete(); err != nil { if removalErr == nil { - removalErr = errors.Wrapf(err, "error removing pod %s cgroup", p.ID()) + removalErr = fmt.Errorf("error removing pod %s cgroup: %w", p.ID(), err) } else { logrus.Errorf("Deleting pod %s cgroup %s: %v", p.ID(), p.state.CgroupPath, err) } @@ -387,7 +390,7 @@ func (r *Runtime) removePod(ctx context.Context, p *Pod, removeCtrs, force bool, // keep going so we make sure to evict the pod before // ending up with an inconsistent state. if removalErr == nil { - removalErr = errors.Wrapf(define.ErrInternal, "unrecognized cgroup manager %s when removing pod %s cgroups", p.runtime.config.Engine.CgroupManager, p.ID()) + removalErr = fmt.Errorf("unrecognized cgroup manager %s when removing pod %s cgroups: %w", p.runtime.config.Engine.CgroupManager, p.ID(), define.ErrInternal) } else { logrus.Errorf("Unknown cgroups manager %s specified - cannot remove pod %s cgroup", p.runtime.config.Engine.CgroupManager, p.ID()) } @@ -413,7 +416,7 @@ func (r *Runtime) removePod(ctx context.Context, p *Pod, removeCtrs, force bool, // Deallocate the pod lock if err := p.lock.Free(); err != nil { if removalErr == nil { - removalErr = errors.Wrapf(err, "error freeing pod %s lock", p.ID()) + removalErr = fmt.Errorf("error freeing pod %s lock: %w", p.ID(), err) } else { logrus.Errorf("Freeing pod %s lock: %v", p.ID(), err) } diff --git a/libpod/runtime_renumber.go b/libpod/runtime_renumber.go index db055f40b..9149dd72f 100644 --- a/libpod/runtime_renumber.go +++ b/libpod/runtime_renumber.go @@ -1,8 +1,9 @@ package libpod import ( + "fmt" + "github.com/containers/podman/v4/libpod/events" - "github.com/pkg/errors" ) // renumberLocks reassigns lock numbers for all containers and pods in the @@ -26,7 +27,7 @@ func (r *Runtime) renumberLocks() error { for _, ctr := range allCtrs { lock, err := r.lockManager.AllocateLock() if err != nil { - return errors.Wrapf(err, "error allocating lock for container %s", ctr.ID()) + return fmt.Errorf("error allocating lock for container %s: %w", ctr.ID(), err) } ctr.config.LockID = lock.ID() @@ -43,7 +44,7 @@ func (r *Runtime) renumberLocks() error { for _, pod := range allPods { lock, err := r.lockManager.AllocateLock() if err != nil { - return errors.Wrapf(err, "error allocating lock for pod %s", pod.ID()) + return fmt.Errorf("error allocating lock for pod %s: %w", pod.ID(), err) } pod.config.LockID = lock.ID() @@ -60,7 +61,7 @@ func (r *Runtime) renumberLocks() error { for _, vol := range allVols { lock, err := r.lockManager.AllocateLock() if err != nil { - return errors.Wrapf(err, "error allocating lock for volume %s", vol.Name()) + return fmt.Errorf("error allocating lock for volume %s: %w", vol.Name(), err) } vol.config.LockID = lock.ID() diff --git a/libpod/runtime_volume.go b/libpod/runtime_volume.go index 6872db21d..9efb30e03 100644 --- a/libpod/runtime_volume.go +++ b/libpod/runtime_volume.go @@ -2,11 +2,11 @@ package libpod import ( "context" + "errors" "github.com/containers/podman/v4/libpod/define" "github.com/containers/podman/v4/libpod/events" "github.com/containers/podman/v4/pkg/domain/entities/reports" - "github.com/pkg/errors" ) // Contains the public Runtime API for volumes @@ -133,7 +133,7 @@ func (r *Runtime) PruneVolumes(ctx context.Context, filterFuncs []VolumeFilter) report.Id = vol.Name() var timeout *uint if err := r.RemoveVolume(ctx, vol, false, timeout); err != nil { - if errors.Cause(err) != define.ErrVolumeBeingUsed && errors.Cause(err) != define.ErrVolumeRemoved { + if !errors.Is(err, define.ErrVolumeBeingUsed) && !errors.Is(err, define.ErrVolumeRemoved) { report.Err = err } else { // We didn't remove the volume for some reason diff --git a/libpod/runtime_volume_linux.go b/libpod/runtime_volume_linux.go index 877f3a1fd..a751d75d2 100644 --- a/libpod/runtime_volume_linux.go +++ b/libpod/runtime_volume_linux.go @@ -5,6 +5,7 @@ package libpod import ( "context" + "errors" "fmt" "os" "path/filepath" @@ -17,7 +18,6 @@ import ( "github.com/containers/storage/drivers/quota" "github.com/containers/storage/pkg/stringid" pluginapi "github.com/docker/go-plugins-helpers/volume" - "github.com/pkg/errors" "github.com/sirupsen/logrus" ) @@ -36,7 +36,7 @@ func (r *Runtime) newVolume(noCreatePluginVolume bool, options ...VolumeCreateOp volume := newVolume(r) for _, option := range options { if err := option(volume); err != nil { - return nil, errors.Wrapf(err, "running volume create option") + return nil, fmt.Errorf("running volume create option: %w", err) } } @@ -51,17 +51,17 @@ func (r *Runtime) newVolume(noCreatePluginVolume bool, options ...VolumeCreateOp // Check if volume with given name exists. exists, err := r.state.HasVolume(volume.config.Name) if err != nil { - return nil, errors.Wrapf(err, "checking if volume with name %s exists", volume.config.Name) + return nil, fmt.Errorf("checking if volume with name %s exists: %w", volume.config.Name, err) } if exists { - return nil, errors.Wrapf(define.ErrVolumeExists, "volume with name %s already exists", volume.config.Name) + return nil, fmt.Errorf("volume with name %s already exists: %w", volume.config.Name, define.ErrVolumeExists) } // Plugin can be nil if driver is local, but that's OK - superfluous // assignment doesn't hurt much. - plugin, err := r.getVolumePlugin(volume.config.Driver) + plugin, err := r.getVolumePlugin(volume.config) if err != nil { - return nil, errors.Wrapf(err, "volume %s uses volume plugin %s but it could not be retrieved", volume.config.Name, volume.config.Driver) + return nil, fmt.Errorf("volume %s uses volume plugin %s but it could not be retrieved: %w", volume.config.Name, volume.config.Driver, err) } volume.plugin = plugin @@ -73,13 +73,13 @@ func (r *Runtime) newVolume(noCreatePluginVolume bool, options ...VolumeCreateOp case "device": if strings.ToLower(volume.config.Options["type"]) == "bind" { if _, err := os.Stat(val); err != nil { - return nil, errors.Wrapf(err, "invalid volume option %s for driver 'local'", key) + return nil, fmt.Errorf("invalid volume option %s for driver 'local': %w", key, err) } } - case "o", "type", "uid", "gid", "size", "inodes", "noquota": + case "o", "type", "uid", "gid", "size", "inodes", "noquota", "copy", "nocopy": // Do nothing, valid keys default: - return nil, errors.Wrapf(define.ErrInvalidArg, "invalid mount option %s for driver 'local'", key) + return nil, fmt.Errorf("invalid mount option %s for driver 'local': %w", key, define.ErrInvalidArg) } } } @@ -99,17 +99,17 @@ func (r *Runtime) newVolume(noCreatePluginVolume bool, options ...VolumeCreateOp // Create the mountpoint of this volume volPathRoot := filepath.Join(r.config.Engine.VolumePath, volume.config.Name) if err := os.MkdirAll(volPathRoot, 0700); err != nil { - return nil, errors.Wrapf(err, "creating volume directory %q", volPathRoot) + return nil, fmt.Errorf("creating volume directory %q: %w", volPathRoot, err) } if err := os.Chown(volPathRoot, volume.config.UID, volume.config.GID); err != nil { - return nil, errors.Wrapf(err, "chowning volume directory %q to %d:%d", volPathRoot, volume.config.UID, volume.config.GID) + return nil, fmt.Errorf("chowning volume directory %q to %d:%d: %w", volPathRoot, volume.config.UID, volume.config.GID, err) } fullVolPath := filepath.Join(volPathRoot, "_data") if err := os.MkdirAll(fullVolPath, 0755); err != nil { - return nil, errors.Wrapf(err, "creating volume directory %q", fullVolPath) + return nil, fmt.Errorf("creating volume directory %q: %w", fullVolPath, err) } if err := os.Chown(fullVolPath, volume.config.UID, volume.config.GID); err != nil { - return nil, errors.Wrapf(err, "chowning volume directory %q to %d:%d", fullVolPath, volume.config.UID, volume.config.GID) + return nil, fmt.Errorf("chowning volume directory %q to %d:%d: %w", fullVolPath, volume.config.UID, volume.config.GID, err) } if err := LabelVolumePath(fullVolPath); err != nil { return nil, err @@ -134,7 +134,7 @@ func (r *Runtime) newVolume(noCreatePluginVolume bool, options ...VolumeCreateOp } if projectQuotaSupported { if err := q.SetQuota(fullVolPath, quota); err != nil { - return nil, errors.Wrapf(err, "failed to set size quota size=%d inodes=%d for volume directory %q", volume.config.Size, volume.config.Inodes, fullVolPath) + return nil, fmt.Errorf("failed to set size quota size=%d inodes=%d for volume directory %q: %w", volume.config.Size, volume.config.Inodes, fullVolPath, err) } } } @@ -144,7 +144,7 @@ func (r *Runtime) newVolume(noCreatePluginVolume bool, options ...VolumeCreateOp lock, err := r.lockManager.AllocateLock() if err != nil { - return nil, errors.Wrapf(err, "allocating lock for new volume") + return nil, fmt.Errorf("allocating lock for new volume: %w", err) } volume.lock = lock volume.config.LockID = volume.lock.ID() @@ -161,7 +161,7 @@ func (r *Runtime) newVolume(noCreatePluginVolume bool, options ...VolumeCreateOp // Add the volume to state if err := r.state.AddVolume(volume); err != nil { - return nil, errors.Wrapf(err, "adding volume to state") + return nil, fmt.Errorf("adding volume to state: %w", err) } defer volume.newVolumeEvent(events.Create) return volume, nil @@ -183,7 +183,7 @@ func (r *Runtime) UpdateVolumePlugins(ctx context.Context) *define.VolumeReload ) for driverName, socket := range r.config.Engine.VolumePlugins { - driver, err := volplugin.GetVolumePlugin(driverName, socket) + driver, err := volplugin.GetVolumePlugin(driverName, socket, 0) if err != nil { errs = append(errs, err) continue @@ -272,7 +272,7 @@ func makeVolumeInPluginIfNotExist(name string, options map[string]string, plugin createReq.Name = name createReq.Options = options if err := plugin.CreateVolume(createReq); err != nil { - return errors.Wrapf(err, "creating volume %q in plugin %s", name, plugin.Name) + return fmt.Errorf("creating volume %q in plugin %s: %w", name, plugin.Name, err) } } @@ -305,7 +305,7 @@ func (r *Runtime) removeVolume(ctx context.Context, v *Volume, force bool, timeo if len(deps) != 0 { depsStr := strings.Join(deps, ", ") if !force { - return errors.Wrapf(define.ErrVolumeBeingUsed, "volume %s is being used by the following container(s): %s", v.Name(), depsStr) + return fmt.Errorf("volume %s is being used by the following container(s): %s: %w", v.Name(), depsStr, define.ErrVolumeBeingUsed) } // We need to remove all containers using the volume @@ -314,17 +314,17 @@ func (r *Runtime) removeVolume(ctx context.Context, v *Volume, force bool, timeo if err != nil { // If the container's removed, no point in // erroring. - if errors.Cause(err) == define.ErrNoSuchCtr || errors.Cause(err) == define.ErrCtrRemoved { + if errors.Is(err, define.ErrNoSuchCtr) || errors.Is(err, define.ErrCtrRemoved) { continue } - return errors.Wrapf(err, "removing container %s that depends on volume %s", dep, v.Name()) + return fmt.Errorf("removing container %s that depends on volume %s: %w", dep, v.Name(), err) } logrus.Debugf("Removing container %s (depends on volume %q)", ctr.ID(), v.Name()) if err := r.removeContainer(ctx, ctr, force, false, false, timeout); err != nil { - return errors.Wrapf(err, "removing container %s that depends on volume %s", ctr.ID(), v.Name()) + return fmt.Errorf("removing container %s that depends on volume %s: %w", ctr.ID(), v.Name(), err) } } } @@ -337,7 +337,7 @@ func (r *Runtime) removeVolume(ctx context.Context, v *Volume, force bool, timeo // them. logrus.Errorf("Unmounting volume %s: %v", v.Name(), err) } else { - return errors.Wrapf(err, "unmounting volume %s", v.Name()) + return fmt.Errorf("unmounting volume %s: %w", v.Name(), err) } } @@ -353,7 +353,7 @@ func (r *Runtime) removeVolume(ctx context.Context, v *Volume, force bool, timeo // Do we have a volume driver? if v.plugin == nil { canRemove = false - removalErr = errors.Wrapf(define.ErrMissingPlugin, "cannot remove volume %s from plugin %s, but it has been removed from Podman", v.Name(), v.Driver()) + removalErr = fmt.Errorf("cannot remove volume %s from plugin %s, but it has been removed from Podman: %w", v.Name(), v.Driver(), define.ErrMissingPlugin) } else { // Ping the plugin first to verify the volume still // exists. @@ -364,14 +364,14 @@ func (r *Runtime) removeVolume(ctx context.Context, v *Volume, force bool, timeo getReq.Name = v.Name() if _, err := v.plugin.GetVolume(getReq); err != nil { canRemove = false - removalErr = errors.Wrapf(err, "volume %s could not be retrieved from plugin %s, but it has been removed from Podman", v.Name(), v.Driver()) + removalErr = fmt.Errorf("volume %s could not be retrieved from plugin %s, but it has been removed from Podman: %w", v.Name(), v.Driver(), err) } } if canRemove { req := new(pluginapi.RemoveRequest) req.Name = v.Name() if err := v.plugin.RemoveVolume(req); err != nil { - return errors.Wrapf(err, "volume %s could not be removed from plugin %s", v.Name(), v.Driver()) + return fmt.Errorf("volume %s could not be removed from plugin %s: %w", v.Name(), v.Driver(), err) } } } @@ -381,13 +381,13 @@ func (r *Runtime) removeVolume(ctx context.Context, v *Volume, force bool, timeo if removalErr != nil { logrus.Errorf("Removing volume %s from plugin %s: %v", v.Name(), v.Driver(), removalErr) } - return errors.Wrapf(err, "removing volume %s", v.Name()) + return fmt.Errorf("removing volume %s: %w", v.Name(), err) } // Free the volume's lock if err := v.lock.Free(); err != nil { if removalErr == nil { - removalErr = errors.Wrapf(err, "freeing lock for volume %s", v.Name()) + removalErr = fmt.Errorf("freeing lock for volume %s: %w", v.Name(), err) } else { logrus.Errorf("Freeing lock for volume %q: %v", v.Name(), err) } @@ -397,7 +397,7 @@ func (r *Runtime) removeVolume(ctx context.Context, v *Volume, force bool, timeo // from /var/lib/containers/storage/volumes if err := v.teardownStorage(); err != nil { if removalErr == nil { - removalErr = errors.Wrapf(err, "cleaning up volume storage for %q", v.Name()) + removalErr = fmt.Errorf("cleaning up volume storage for %q: %w", v.Name(), err) } else { logrus.Errorf("Cleaning up volume storage for volume %q: %v", v.Name(), err) } diff --git a/libpod/volume.go b/libpod/volume.go index ab461a37f..2e8cd77a5 100644 --- a/libpod/volume.go +++ b/libpod/volume.go @@ -55,6 +55,8 @@ type VolumeConfig struct { // DisableQuota indicates that the volume should completely disable using any // quota tracking. DisableQuota bool `json:"disableQuota,omitempty"` + // Timeout allows users to override the default driver timeout of 5 seconds + Timeout int } // VolumeState holds the volume's mutable state. diff --git a/libpod/volume_inspect.go b/libpod/volume_inspect.go index 3d721410b..2182f04e6 100644 --- a/libpod/volume_inspect.go +++ b/libpod/volume_inspect.go @@ -63,6 +63,7 @@ func (v *Volume) Inspect() (*define.InspectVolumeData, error) { data.MountCount = v.state.MountCount data.NeedsCopyUp = v.state.NeedsCopyUp data.NeedsChown = v.state.NeedsChown + data.Timeout = v.config.Timeout return data, nil } diff --git a/libpod/volume_internal.go b/libpod/volume_internal.go index e0ebb729d..24522c0f9 100644 --- a/libpod/volume_internal.go +++ b/libpod/volume_internal.go @@ -55,6 +55,12 @@ func (v *Volume) needsMount() bool { if _, ok := v.config.Options["NOQUOTA"]; ok { index++ } + if _, ok := v.config.Options["nocopy"]; ok { + index++ + } + if _, ok := v.config.Options["copy"]; ok { + index++ + } // when uid or gid is set there is also the "o" option // set so we have to ignore this one as well if index > 0 { diff --git a/pkg/api/handlers/compat/containers.go b/pkg/api/handlers/compat/containers.go index 616f0a138..38fe0196a 100644 --- a/pkg/api/handlers/compat/containers.go +++ b/pkg/api/handlers/compat/containers.go @@ -2,6 +2,7 @@ package compat import ( "encoding/json" + "errors" "fmt" "net/http" "sort" @@ -27,7 +28,6 @@ import ( "github.com/docker/go-connections/nat" "github.com/docker/go-units" "github.com/gorilla/schema" - "github.com/pkg/errors" "github.com/sirupsen/logrus" ) @@ -46,7 +46,7 @@ func RemoveContainer(w http.ResponseWriter, r *http.Request) { } if err := decoder.Decode(&query, r.URL.Query()); err != nil { - utils.Error(w, http.StatusBadRequest, errors.Wrapf(err, "failed to parse parameters for %s", r.URL.String())) + utils.Error(w, http.StatusBadRequest, fmt.Errorf("failed to parse parameters for %s: %w", r.URL.String(), err)) return } @@ -73,7 +73,7 @@ func RemoveContainer(w http.ResponseWriter, r *http.Request) { name := utils.GetName(r) reports, err := containerEngine.ContainerRm(r.Context(), []string{name}, options) if err != nil { - if errors.Cause(err) == define.ErrNoSuchCtr { + if errors.Is(err, define.ErrNoSuchCtr) { utils.ContainerNotFound(w, name, err) return } @@ -83,7 +83,7 @@ func RemoveContainer(w http.ResponseWriter, r *http.Request) { } if len(reports) > 0 && reports[0].Err != nil { err = reports[0].Err - if errors.Cause(err) == define.ErrNoSuchCtr { + if errors.Is(err, define.ErrNoSuchCtr) { utils.ContainerNotFound(w, name, err) return } @@ -110,12 +110,12 @@ func ListContainers(w http.ResponseWriter, r *http.Request) { filterMap, err := util.PrepareFilters(r) if err != nil { - utils.Error(w, http.StatusInternalServerError, errors.Wrapf(err, "failed to decode filter parameters for %s", r.URL.String())) + utils.Error(w, http.StatusInternalServerError, fmt.Errorf("failed to decode filter parameters for %s: %w", r.URL.String(), err)) return } if err := decoder.Decode(&query, r.URL.Query()); err != nil { - utils.Error(w, http.StatusInternalServerError, errors.Wrapf(err, "failed to parse parameters for %s", r.URL.String())) + utils.Error(w, http.StatusInternalServerError, fmt.Errorf("failed to parse parameters for %s: %w", r.URL.String(), err)) return } @@ -164,7 +164,7 @@ func ListContainers(w http.ResponseWriter, r *http.Request) { for _, ctnr := range containers { api, err := LibpodToContainer(ctnr, query.Size) if err != nil { - if errors.Cause(err) == define.ErrNoSuchCtr { + if errors.Is(err, define.ErrNoSuchCtr) { // container was removed between the initial fetch of the list and conversion logrus.Debugf("Container %s removed between initial fetch and conversion, ignoring in output", ctnr.ID()) continue @@ -187,7 +187,7 @@ func GetContainer(w http.ResponseWriter, r *http.Request) { } if err := decoder.Decode(&query, r.URL.Query()); err != nil { - utils.Error(w, http.StatusBadRequest, errors.Wrapf(err, "failed to parse parameters for %s", r.URL.String())) + utils.Error(w, http.StatusBadRequest, fmt.Errorf("failed to parse parameters for %s: %w", r.URL.String(), err)) return } @@ -215,7 +215,7 @@ func KillContainer(w http.ResponseWriter, r *http.Request) { Signal: "KILL", } if err := decoder.Decode(&query, r.URL.Query()); err != nil { - utils.Error(w, http.StatusBadRequest, errors.Wrapf(err, "failed to parse parameters for %s", r.URL.String())) + utils.Error(w, http.StatusBadRequest, fmt.Errorf("failed to parse parameters for %s: %w", r.URL.String(), err)) return } @@ -228,12 +228,12 @@ func KillContainer(w http.ResponseWriter, r *http.Request) { } report, err := containerEngine.ContainerKill(r.Context(), []string{name}, options) if err != nil { - if errors.Cause(err) == define.ErrCtrStateInvalid || - errors.Cause(err) == define.ErrCtrStopped { + if errors.Is(err, define.ErrCtrStateInvalid) || + errors.Is(err, define.ErrCtrStopped) { utils.Error(w, http.StatusConflict, err) return } - if errors.Cause(err) == define.ErrNoSuchCtr { + if errors.Is(err, define.ErrNoSuchCtr) { utils.ContainerNotFound(w, name, err) return } @@ -289,8 +289,10 @@ func LibpodToContainer(l *libpod.Container, sz bool) (*handlers.Container, error return nil, err } stateStr := state.String() - if stateStr == "configured" { - stateStr = "created" + + // Some docker states are not the same as ours. This makes sure the state string stays true to the Docker API + if state == define.ContainerStateCreated { + stateStr = define.ContainerStateConfigured.String() } switch state { @@ -420,9 +422,9 @@ func LibpodToContainerJSON(l *libpod.Container, sz bool) (*types.ContainerJSON, state.Running = true } - // docker calls the configured state "created" - if state.Status == define.ContainerStateConfigured.String() { - state.Status = define.ContainerStateCreated.String() + // Dockers created state is our configured state + if state.Status == define.ContainerStateCreated.String() { + state.Status = define.ContainerStateConfigured.String() } if l.HasHealthCheck() && state.Status != "created" { @@ -510,7 +512,7 @@ func LibpodToContainerJSON(l *libpod.Container, sz bool) (*types.ContainerJSON, for ep := range inspect.HostConfig.PortBindings { splitp := strings.SplitN(ep, "/", 2) if len(splitp) != 2 { - return nil, errors.Errorf("PORT/PROTOCOL Format required for %q", ep) + return nil, fmt.Errorf("PORT/PROTOCOL Format required for %q", ep) } exposedPort, err := nat.NewPort(splitp[1], splitp[0]) if err != nil { @@ -614,7 +616,7 @@ func RenameContainer(w http.ResponseWriter, r *http.Request) { Name string `schema:"name"` }{} if err := decoder.Decode(&query, r.URL.Query()); err != nil { - utils.Error(w, http.StatusBadRequest, errors.Wrapf(err, "failed to parse parameters for %s", r.URL.String())) + utils.Error(w, http.StatusBadRequest, fmt.Errorf("failed to parse parameters for %s: %w", r.URL.String(), err)) return } @@ -625,7 +627,7 @@ func RenameContainer(w http.ResponseWriter, r *http.Request) { } if _, err := runtime.RenameContainer(r.Context(), ctr, query.Name); err != nil { - if errors.Cause(err) == define.ErrPodExists || errors.Cause(err) == define.ErrCtrExists { + if errors.Is(err, define.ErrPodExists) || errors.Is(err, define.ErrCtrExists) { utils.Error(w, http.StatusConflict, err) return } diff --git a/pkg/api/handlers/libpod/images.go b/pkg/api/handlers/libpod/images.go index a8a50ae58..b71217efa 100644 --- a/pkg/api/handlers/libpod/images.go +++ b/pkg/api/handlers/libpod/images.go @@ -21,7 +21,9 @@ import ( api "github.com/containers/podman/v4/pkg/api/types" "github.com/containers/podman/v4/pkg/auth" "github.com/containers/podman/v4/pkg/domain/entities" + "github.com/containers/podman/v4/pkg/domain/entities/reports" "github.com/containers/podman/v4/pkg/domain/infra/abi" + domainUtils "github.com/containers/podman/v4/pkg/domain/utils" "github.com/containers/podman/v4/pkg/errorhandling" "github.com/containers/podman/v4/pkg/util" utils2 "github.com/containers/podman/v4/utils" @@ -613,10 +615,11 @@ func ImagesBatchRemove(w http.ResponseWriter, r *http.Request) { runtime := r.Context().Value(api.RuntimeKey).(*libpod.Runtime) decoder := r.Context().Value(api.DecoderKey).(*schema.Decoder) query := struct { - All bool `schema:"all"` - Force bool `schema:"force"` - Ignore bool `schema:"ignore"` - Images []string `schema:"images"` + All bool `schema:"all"` + Force bool `schema:"force"` + Ignore bool `schema:"ignore"` + LookupManifest bool `schema:"lookupManifest"` + Images []string `schema:"images"` }{} if err := decoder.Decode(&query, r.URL.Query()); err != nil { @@ -624,7 +627,7 @@ func ImagesBatchRemove(w http.ResponseWriter, r *http.Request) { return } - opts := entities.ImageRemoveOptions{All: query.All, Force: query.Force, Ignore: query.Ignore} + opts := entities.ImageRemoveOptions{All: query.All, Force: query.Force, Ignore: query.Ignore, LookupManifest: query.LookupManifest} imageEngine := abi.ImageEngine{Libpod: runtime} rmReport, rmErrors := imageEngine.Remove(r.Context(), query.Images, opts) strErrs := errorhandling.ErrorsToStrings(rmErrors) @@ -637,7 +640,8 @@ func ImagesRemove(w http.ResponseWriter, r *http.Request) { runtime := r.Context().Value(api.RuntimeKey).(*libpod.Runtime) decoder := r.Context().Value(api.DecoderKey).(*schema.Decoder) query := struct { - Force bool `schema:"force"` + Force bool `schema:"force"` + LookupManifest bool `schema:"lookupManifest"` }{ Force: false, } @@ -647,7 +651,7 @@ func ImagesRemove(w http.ResponseWriter, r *http.Request) { return } - opts := entities.ImageRemoveOptions{Force: query.Force} + opts := entities.ImageRemoveOptions{Force: query.Force, LookupManifest: query.LookupManifest} imageEngine := abi.ImageEngine{Libpod: runtime} rmReport, rmErrors := imageEngine.Remove(r.Context(), []string{utils.GetName(r)}, opts) @@ -670,3 +674,32 @@ func ImagesRemove(w http.ResponseWriter, r *http.Request) { utils.Error(w, http.StatusInternalServerError, errorhandling.JoinErrors(rmErrors)) } } + +func ImageScp(w http.ResponseWriter, r *http.Request) { + decoder := r.Context().Value(api.DecoderKey).(*schema.Decoder) + query := struct { + Destination string `schema:"destination"` + Quiet bool `schema:"quiet"` + }{ + // This is where you can override the golang default value for one of fields + } + if err := decoder.Decode(&query, r.URL.Query()); err != nil { + utils.Error(w, http.StatusBadRequest, errors.Wrapf(err, "failed to parse parameters for %s", r.URL.String())) + return + } + + sourceArg := utils.GetName(r) + + rep, source, dest, _, err := domainUtils.ExecuteTransfer(sourceArg, query.Destination, []string{}, query.Quiet) + if err != nil { + utils.Error(w, http.StatusInternalServerError, err) + return + } + + if source != nil || dest != nil { + utils.Error(w, http.StatusBadRequest, errors.Wrapf(define.ErrInvalidArg, "cannot use the user transfer function on the remote client")) + return + } + + utils.WriteResponse(w, http.StatusOK, &reports.ScpReport{Id: rep.Names[0]}) +} diff --git a/pkg/api/handlers/libpod/pods.go b/pkg/api/handlers/libpod/pods.go index 5b92358fa..92fd94390 100644 --- a/pkg/api/handlers/libpod/pods.go +++ b/pkg/api/handlers/libpod/pods.go @@ -2,6 +2,7 @@ package libpod import ( "encoding/json" + "errors" "fmt" "net/http" "strings" @@ -19,7 +20,6 @@ import ( "github.com/containers/podman/v4/pkg/specgenutil" "github.com/containers/podman/v4/pkg/util" "github.com/gorilla/schema" - "github.com/pkg/errors" "github.com/sirupsen/logrus" ) @@ -33,11 +33,11 @@ func PodCreate(w http.ResponseWriter, r *http.Request) { ) psg := specgen.PodSpecGenerator{InfraContainerSpec: &specgen.SpecGenerator{}} if err := json.NewDecoder(r.Body).Decode(&psg); err != nil { - utils.Error(w, http.StatusInternalServerError, errors.Wrap(err, failedToDecodeSpecgen)) + utils.Error(w, http.StatusInternalServerError, fmt.Errorf("%v: %w", failedToDecodeSpecgen, err)) return } if err != nil { - utils.Error(w, http.StatusInternalServerError, errors.Wrap(err, failedToDecodeSpecgen)) + utils.Error(w, http.StatusInternalServerError, fmt.Errorf("%v: %w", failedToDecodeSpecgen, err)) return } if !psg.NoInfra { @@ -51,17 +51,17 @@ func PodCreate(w http.ResponseWriter, r *http.Request) { } err = specgenutil.FillOutSpecGen(psg.InfraContainerSpec, &infraOptions, []string{}) // necessary for default values in many cases (userns, idmappings) if err != nil { - utils.Error(w, http.StatusInternalServerError, errors.Wrap(err, "error filling out specgen")) + utils.Error(w, http.StatusInternalServerError, fmt.Errorf("error filling out specgen: %w", err)) return } out, err := json.Marshal(psg) // marshal our spec so the matching options can be unmarshaled into infra if err != nil { - utils.Error(w, http.StatusInternalServerError, errors.Wrap(err, failedToDecodeSpecgen)) + utils.Error(w, http.StatusInternalServerError, fmt.Errorf("%v: %w", failedToDecodeSpecgen, err)) return } err = json.Unmarshal(out, psg.InfraContainerSpec) // unmarhal matching options if err != nil { - utils.Error(w, http.StatusInternalServerError, errors.Wrap(err, failedToDecodeSpecgen)) + utils.Error(w, http.StatusInternalServerError, fmt.Errorf("%v: %w", failedToDecodeSpecgen, err)) return } // a few extra that do not have the same json tags @@ -75,10 +75,10 @@ func PodCreate(w http.ResponseWriter, r *http.Request) { pod, err := generate.MakePod(&podSpecComplete, runtime) if err != nil { httpCode := http.StatusInternalServerError - if errors.Cause(err) == define.ErrPodExists { + if errors.Is(err, define.ErrPodExists) { httpCode = http.StatusConflict } - utils.Error(w, httpCode, errors.Wrap(err, "failed to make pod")) + utils.Error(w, httpCode, fmt.Errorf("failed to make pod: %w", err)) return } utils.WriteResponse(w, http.StatusCreated, entities.IDResponse{ID: pod.ID()}) @@ -89,7 +89,7 @@ func Pods(w http.ResponseWriter, r *http.Request) { filterMap, err := util.PrepareFilters(r) if err != nil { - utils.Error(w, http.StatusBadRequest, errors.Wrapf(err, "failed to parse parameters for %s", r.URL.String())) + utils.Error(w, http.StatusBadRequest, fmt.Errorf("failed to parse parameters for %s: %w", r.URL.String(), err)) return } @@ -139,7 +139,7 @@ func PodStop(w http.ResponseWriter, r *http.Request) { } if err := decoder.Decode(&query, r.URL.Query()); err != nil { - utils.Error(w, http.StatusBadRequest, errors.Wrapf(err, "failed to parse parameters for %s", r.URL.String())) + utils.Error(w, http.StatusBadRequest, fmt.Errorf("failed to parse parameters for %s: %w", r.URL.String(), err)) return } name := utils.GetName(r) @@ -164,7 +164,7 @@ func PodStop(w http.ResponseWriter, r *http.Request) { } else { responses, stopError = pod.Stop(r.Context(), false) } - if stopError != nil && errors.Cause(stopError) != define.ErrPodPartialFail { + if stopError != nil && !errors.Is(stopError, define.ErrPodPartialFail) { utils.Error(w, http.StatusInternalServerError, err) return } @@ -178,7 +178,7 @@ func PodStop(w http.ResponseWriter, r *http.Request) { report := entities.PodStopReport{Id: pod.ID()} for id, err := range responses { - report.Errs = append(report.Errs, errors.Wrapf(err, "error stopping container %s", id)) + report.Errs = append(report.Errs, fmt.Errorf("error stopping container %s: %w", id, err)) } code := http.StatusOK @@ -207,14 +207,14 @@ func PodStart(w http.ResponseWriter, r *http.Request) { } responses, err := pod.Start(r.Context()) - if err != nil && errors.Cause(err) != define.ErrPodPartialFail { + if err != nil && !errors.Is(err, define.ErrPodPartialFail) { utils.Error(w, http.StatusConflict, err) return } report := entities.PodStartReport{Id: pod.ID()} for id, err := range responses { - report.Errs = append(report.Errs, errors.Wrapf(err, "error starting container "+id)) + report.Errs = append(report.Errs, fmt.Errorf("%v: %w", "error starting container "+id, err)) } code := http.StatusOK @@ -237,7 +237,7 @@ func PodDelete(w http.ResponseWriter, r *http.Request) { } if err := decoder.Decode(&query, r.URL.Query()); err != nil { - utils.Error(w, http.StatusBadRequest, errors.Wrapf(err, "failed to parse parameters for %s", r.URL.String())) + utils.Error(w, http.StatusBadRequest, fmt.Errorf("failed to parse parameters for %s: %w", r.URL.String(), err)) return } name := utils.GetName(r) @@ -263,14 +263,14 @@ func PodRestart(w http.ResponseWriter, r *http.Request) { return } responses, err := pod.Restart(r.Context()) - if err != nil && errors.Cause(err) != define.ErrPodPartialFail { + if err != nil && !errors.Is(err, define.ErrPodPartialFail) { utils.Error(w, http.StatusInternalServerError, err) return } report := entities.PodRestartReport{Id: pod.ID()} for id, err := range responses { - report.Errs = append(report.Errs, errors.Wrapf(err, "error restarting container %s", id)) + report.Errs = append(report.Errs, fmt.Errorf("error restarting container %s: %w", id, err)) } code := http.StatusOK @@ -314,14 +314,14 @@ func PodPause(w http.ResponseWriter, r *http.Request) { return } responses, err := pod.Pause(r.Context()) - if err != nil && errors.Cause(err) != define.ErrPodPartialFail { + if err != nil && !errors.Is(err, define.ErrPodPartialFail) { utils.Error(w, http.StatusInternalServerError, err) return } report := entities.PodPauseReport{Id: pod.ID()} for id, v := range responses { - report.Errs = append(report.Errs, errors.Wrapf(v, "error pausing container %s", id)) + report.Errs = append(report.Errs, fmt.Errorf("error pausing container %s: %w", id, v)) } code := http.StatusOK @@ -340,14 +340,14 @@ func PodUnpause(w http.ResponseWriter, r *http.Request) { return } responses, err := pod.Unpause(r.Context()) - if err != nil && errors.Cause(err) != define.ErrPodPartialFail { + if err != nil && !errors.Is(err, define.ErrPodPartialFail) { utils.Error(w, http.StatusInternalServerError, err) return } report := entities.PodUnpauseReport{Id: pod.ID()} for id, v := range responses { - report.Errs = append(report.Errs, errors.Wrapf(v, "error unpausing container %s", id)) + report.Errs = append(report.Errs, fmt.Errorf("error unpausing container %s: %w", id, v)) } code := http.StatusOK @@ -374,7 +374,7 @@ func PodTop(w http.ResponseWriter, r *http.Request) { PsArgs: psArgs, } if err := decoder.Decode(&query, r.URL.Query()); err != nil { - utils.Error(w, http.StatusBadRequest, errors.Wrapf(err, "failed to parse parameters for %s", r.URL.String())) + utils.Error(w, http.StatusBadRequest, fmt.Errorf("failed to parse parameters for %s: %w", r.URL.String(), err)) return } @@ -456,7 +456,7 @@ func PodKill(w http.ResponseWriter, r *http.Request) { // override any golang type defaults } if err := decoder.Decode(&query, r.URL.Query()); err != nil { - utils.Error(w, http.StatusBadRequest, errors.Wrapf(err, "failed to parse parameters for %s", r.URL.String())) + utils.Error(w, http.StatusBadRequest, fmt.Errorf("failed to parse parameters for %s: %w", r.URL.String(), err)) return } if _, found := r.URL.Query()["signal"]; found { @@ -465,7 +465,7 @@ func PodKill(w http.ResponseWriter, r *http.Request) { sig, err := util.ParseSignal(signal) if err != nil { - utils.InternalServerError(w, errors.Wrapf(err, "unable to parse signal value")) + utils.InternalServerError(w, fmt.Errorf("unable to parse signal value: %w", err)) return } name := utils.GetName(r) @@ -488,12 +488,12 @@ func PodKill(w http.ResponseWriter, r *http.Request) { } } if !hasRunning { - utils.Error(w, http.StatusConflict, errors.Errorf("cannot kill a pod with no running containers: %s", pod.ID())) + utils.Error(w, http.StatusConflict, fmt.Errorf("cannot kill a pod with no running containers: %s", pod.ID())) return } responses, err := pod.Kill(r.Context(), uint(sig)) - if err != nil && errors.Cause(err) != define.ErrPodPartialFail { + if err != nil && !errors.Is(err, define.ErrPodPartialFail) { utils.Error(w, http.StatusInternalServerError, err) return } @@ -534,7 +534,7 @@ func PodStats(w http.ResponseWriter, r *http.Request) { // default would go here } if err := decoder.Decode(&query, r.URL.Query()); err != nil { - utils.Error(w, http.StatusBadRequest, errors.Wrapf(err, "failed to parse parameters for %s", r.URL.String())) + utils.Error(w, http.StatusBadRequest, fmt.Errorf("failed to parse parameters for %s: %w", r.URL.String(), err)) return } @@ -549,13 +549,12 @@ func PodStats(w http.ResponseWriter, r *http.Request) { reports, err := containerEngine.PodStats(r.Context(), query.NamesOrIDs, options) // Error checks as documented in swagger. - switch errors.Cause(err) { - case define.ErrNoSuchPod: - utils.Error(w, http.StatusNotFound, err) - return - case nil: - // Nothing to do. - default: + if err != nil { + if errors.Is(err, define.ErrNoSuchPod) { + utils.Error(w, http.StatusNotFound, err) + return + } + utils.InternalServerError(w, err) return } diff --git a/pkg/api/handlers/libpod/volumes.go b/pkg/api/handlers/libpod/volumes.go index e792dea35..5eac76f5b 100644 --- a/pkg/api/handlers/libpod/volumes.go +++ b/pkg/api/handlers/libpod/volumes.go @@ -2,9 +2,12 @@ package libpod import ( "encoding/json" + "fmt" "net/http" "net/url" + "errors" + "github.com/containers/podman/v4/libpod" "github.com/containers/podman/v4/libpod/define" "github.com/containers/podman/v4/pkg/api/handlers/utils" @@ -16,7 +19,6 @@ import ( "github.com/containers/podman/v4/pkg/domain/infra/abi/parse" "github.com/containers/podman/v4/pkg/util" "github.com/gorilla/schema" - "github.com/pkg/errors" ) func CreateVolume(w http.ResponseWriter, r *http.Request) { @@ -30,14 +32,14 @@ func CreateVolume(w http.ResponseWriter, r *http.Request) { } if err := decoder.Decode(&query, r.URL.Query()); err != nil { utils.Error(w, http.StatusInternalServerError, - errors.Wrapf(err, "failed to parse parameters for %s", r.URL.String())) + fmt.Errorf("failed to parse parameters for %s: %w", r.URL.String(), err)) return } input := entities.VolumeCreateOptions{} // decode params from body if err := json.NewDecoder(r.Body).Decode(&input); err != nil { - utils.Error(w, http.StatusInternalServerError, errors.Wrap(err, "Decode()")) + utils.Error(w, http.StatusInternalServerError, fmt.Errorf("Decode(): %w", err)) return } @@ -108,7 +110,7 @@ func ListVolumes(w http.ResponseWriter, r *http.Request) { filterMap, err := util.PrepareFilters(r) if err != nil { utils.Error(w, http.StatusInternalServerError, - errors.Wrapf(err, "failed to parse parameters for %s", r.URL.String())) + fmt.Errorf("failed to parse parameters for %s: %w", r.URL.String(), err)) return } @@ -181,7 +183,7 @@ func RemoveVolume(w http.ResponseWriter, r *http.Request) { if err := decoder.Decode(&query, r.URL.Query()); err != nil { utils.Error(w, http.StatusInternalServerError, - errors.Wrapf(err, "failed to parse parameters for %s", r.URL.String())) + fmt.Errorf("failed to parse parameters for %s: %w", r.URL.String(), err)) return } name := utils.GetName(r) @@ -191,7 +193,7 @@ func RemoveVolume(w http.ResponseWriter, r *http.Request) { return } if err := runtime.RemoveVolume(r.Context(), vol, query.Force, query.Timeout); err != nil { - if errors.Cause(err) == define.ErrVolumeBeingUsed { + if errors.Is(err, define.ErrVolumeBeingUsed) { utils.Error(w, http.StatusConflict, err) return } diff --git a/pkg/api/handlers/swagger/responses.go b/pkg/api/handlers/swagger/responses.go index 55fc1a77f..93a508b39 100644 --- a/pkg/api/handlers/swagger/responses.go +++ b/pkg/api/handlers/swagger/responses.go @@ -41,6 +41,13 @@ type imagesLoadResponseLibpod struct { Body entities.ImageLoadReport } +// Image Scp +// swagger:response +type imagesScpResponseLibpod struct { + // in:body + Body reports.ScpReport +} + // Image Import // swagger:response type imagesImportResponseLibpod struct { diff --git a/pkg/api/handlers/utils/errors.go b/pkg/api/handlers/utils/errors.go index bf60b2c84..ab1b6f227 100644 --- a/pkg/api/handlers/utils/errors.go +++ b/pkg/api/handlers/utils/errors.go @@ -1,17 +1,18 @@ package utils import ( + "errors" + "fmt" "net/http" "github.com/containers/podman/v4/libpod/define" "github.com/containers/podman/v4/pkg/errorhandling" "github.com/containers/storage" - "github.com/pkg/errors" log "github.com/sirupsen/logrus" ) var ( - ErrLinkNotSupport = errors.New("Link is not supported") + ErrLinkNotSupport = errors.New("link is not supported") ) // TODO: document the exported functions in this file and make them more @@ -25,7 +26,7 @@ func Error(w http.ResponseWriter, code int, err error) { // Log detailed message of what happened to machine running podman service log.Infof("Request Failed(%s): %s", http.StatusText(code), err.Error()) em := errorhandling.ErrorModel{ - Because: (errors.Cause(err)).Error(), + Because: errorhandling.Cause(err).Error(), Message: err.Error(), ResponseCode: code, } @@ -33,51 +34,50 @@ func Error(w http.ResponseWriter, code int, err error) { } func VolumeNotFound(w http.ResponseWriter, name string, err error) { - if errors.Cause(err) != define.ErrNoSuchVolume { + if !errors.Is(err, define.ErrNoSuchVolume) { InternalServerError(w, err) } Error(w, http.StatusNotFound, err) } func ContainerNotFound(w http.ResponseWriter, name string, err error) { - switch errors.Cause(err) { - case define.ErrNoSuchCtr, define.ErrCtrExists: + if errors.Is(err, define.ErrNoSuchCtr) || errors.Is(err, define.ErrCtrExists) { Error(w, http.StatusNotFound, err) - default: + } else { InternalServerError(w, err) } } func ImageNotFound(w http.ResponseWriter, name string, err error) { - if errors.Cause(err) != storage.ErrImageUnknown { + if !errors.Is(err, storage.ErrImageUnknown) { InternalServerError(w, err) } Error(w, http.StatusNotFound, err) } func NetworkNotFound(w http.ResponseWriter, name string, err error) { - if errors.Cause(err) != define.ErrNoSuchNetwork { + if !errors.Is(err, define.ErrNoSuchNetwork) { InternalServerError(w, err) } Error(w, http.StatusNotFound, err) } func PodNotFound(w http.ResponseWriter, name string, err error) { - if errors.Cause(err) != define.ErrNoSuchPod { + if !errors.Is(err, define.ErrNoSuchPod) { InternalServerError(w, err) } Error(w, http.StatusNotFound, err) } func SessionNotFound(w http.ResponseWriter, name string, err error) { - if errors.Cause(err) != define.ErrNoSuchExecSession { + if !errors.Is(err, define.ErrNoSuchExecSession) { InternalServerError(w, err) } Error(w, http.StatusNotFound, err) } func SecretNotFound(w http.ResponseWriter, nameOrID string, err error) { - if errors.Cause(err).Error() != "no such secret" { + if errorhandling.Cause(err).Error() != "no such secret" { InternalServerError(w, err) } Error(w, http.StatusNotFound, err) @@ -92,7 +92,7 @@ func InternalServerError(w http.ResponseWriter, err error) { } func BadRequest(w http.ResponseWriter, key string, value string, err error) { - e := errors.Wrapf(err, "failed to parse query parameter '%s': %q", key, value) + e := fmt.Errorf("failed to parse query parameter '%s': %q: %w", key, value, err) Error(w, http.StatusBadRequest, e) } diff --git a/pkg/api/server/register_images.go b/pkg/api/server/register_images.go index 1617a5dd7..a2f46cb35 100644 --- a/pkg/api/server/register_images.go +++ b/pkg/api/server/register_images.go @@ -948,6 +948,10 @@ func (s *APIServer) registerImagesHandlers(r *mux.Router) error { // name: ignore // description: Ignore if a specified image does not exist and do not throw an error. // type: boolean + // - in: query + // name: lookupManifest + // description: Resolves to manifest list instead of image. + // type: boolean // produces: // - application/json // responses: @@ -1615,5 +1619,39 @@ func (s *APIServer) registerImagesHandlers(r *mux.Router) error { // 500: // $ref: "#/responses/internalError" r.Handle(VersionedPath("/libpod/build"), s.APIHandler(compat.BuildImage)).Methods(http.MethodPost) + + // swagger:operation POST /libpod/images/scp/{name} libpod ImageScpLibpod + // --- + // tags: + // - images + // summary: Copy an image from one host to another + // description: Copy an image from one host to another + // parameters: + // - in: path + // name: name + // required: true + // description: source connection/image + // type: string + // - in: query + // name: destination + // required: false + // description: dest connection/image + // type: string + // - in: query + // name: quiet + // required: false + // description: quiet output + // type: boolean + // default: false + // produces: + // - application/json + // responses: + // 200: + // $ref: "#/responses/imagesScpResponseLibpod" + // 400: + // $ref: "#/responses/badParamError" + // 500: + // $ref: '#/responses/internalError' + r.Handle(VersionedPath("/libpod/images/scp/{name:.*}"), s.APIHandler(libpod.ImageScp)).Methods(http.MethodPost) return nil } diff --git a/pkg/bindings/images/images.go b/pkg/bindings/images/images.go index 32372019b..57c8bd597 100644 --- a/pkg/bindings/images/images.go +++ b/pkg/bindings/images/images.go @@ -346,3 +346,23 @@ func Search(ctx context.Context, term string, options *SearchOptions) ([]entitie return results, nil } + +func Scp(ctx context.Context, source, destination *string, options ScpOptions) (reports.ScpReport, error) { + rep := reports.ScpReport{} + + conn, err := bindings.GetClient(ctx) + if err != nil { + return rep, err + } + params, err := options.ToParams() + if err != nil { + return rep, err + } + response, err := conn.DoRequest(ctx, nil, http.MethodPost, fmt.Sprintf("/images/scp/%s", *source), params, nil) + if err != nil { + return rep, err + } + defer response.Body.Close() + + return rep, response.Process(&rep) +} diff --git a/pkg/bindings/images/types.go b/pkg/bindings/images/types.go index 16dbad380..3728ae5c0 100644 --- a/pkg/bindings/images/types.go +++ b/pkg/bindings/images/types.go @@ -13,6 +13,8 @@ type RemoveOptions struct { Force *bool // Ignore if a specified image does not exist and do not throw an error. Ignore *bool + // Confirms if given name is a manifest list and removes it, otherwise returns error. + LookupManifest *bool } //go:generate go run ../generator/generator.go DiffOptions @@ -188,3 +190,8 @@ type BuildOptions struct { // ExistsOptions are optional options for checking if an image exists type ExistsOptions struct { } + +type ScpOptions struct { + Quiet *bool + Destination *string +} diff --git a/pkg/bindings/images/types_remove_options.go b/pkg/bindings/images/types_remove_options.go index 613a33183..559ebcfd5 100644 --- a/pkg/bindings/images/types_remove_options.go +++ b/pkg/bindings/images/types_remove_options.go @@ -61,3 +61,18 @@ func (o *RemoveOptions) GetIgnore() bool { } return *o.Ignore } + +// WithLookupManifest set field LookupManifest to given value +func (o *RemoveOptions) WithLookupManifest(value bool) *RemoveOptions { + o.LookupManifest = &value + return o +} + +// GetLookupManifest returns value of field LookupManifest +func (o *RemoveOptions) GetLookupManifest() bool { + if o.LookupManifest == nil { + var z bool + return z + } + return *o.LookupManifest +} diff --git a/pkg/bindings/images/types_scp_options.go b/pkg/bindings/images/types_scp_options.go new file mode 100644 index 000000000..5a1178cb1 --- /dev/null +++ b/pkg/bindings/images/types_scp_options.go @@ -0,0 +1,12 @@ +package images + +import ( + "net/url" + + "github.com/containers/podman/v4/pkg/bindings/internal/util" +) + +// ToParams formats struct fields to be passed to API service +func (o *ScpOptions) ToParams() (url.Values, error) { + return util.ToParams(o) +} diff --git a/pkg/bindings/manifests/manifests.go b/pkg/bindings/manifests/manifests.go index feff5d6e8..a68dd5a4e 100644 --- a/pkg/bindings/manifests/manifests.go +++ b/pkg/bindings/manifests/manifests.go @@ -117,6 +117,26 @@ func Remove(ctx context.Context, name, digest string, _ *RemoveOptions) (string, return Modify(ctx, name, []string{digest}, optionsv4) } +// Delete removes specified manifest from local storage. +func Delete(ctx context.Context, name string) (*entities.ManifestRemoveReport, error) { + var report entities.ManifestRemoveReport + conn, err := bindings.GetClient(ctx) + if err != nil { + return nil, err + } + response, err := conn.DoRequest(ctx, nil, http.MethodDelete, "/manifests/%s", nil, nil, name) + if err != nil { + return nil, err + } + defer response.Body.Close() + + if err := response.Process(&report); err != nil { + return nil, err + } + + return &report, errorhandling.JoinErrors(errorhandling.StringsToErrors(report.Errors)) +} + // Push takes a manifest list and pushes to a destination. If the destination is not specified, // the name will be used instead. If the optional all boolean is specified, all images specified // in the list will be pushed as well. @@ -211,7 +231,7 @@ func Modify(ctx context.Context, name string, images []string, options *ModifyOp err = errorhandling.JoinErrors(report.Errors) if err != nil { errModel := errorhandling.ErrorModel{ - Because: (errors.Cause(err)).Error(), + Because: errorhandling.Cause(err).Error(), Message: err.Error(), ResponseCode: response.StatusCode, } diff --git a/pkg/bindings/test/manifests_test.go b/pkg/bindings/test/manifests_test.go index e6c93817d..6a34ef5a6 100644 --- a/pkg/bindings/test/manifests_test.go +++ b/pkg/bindings/test/manifests_test.go @@ -62,6 +62,19 @@ var _ = Describe("podman manifest", func() { Expect(len(list.Manifests)).To(BeNumerically("==", 1)) }) + It("delete manifest", func() { + id, err := manifests.Create(bt.conn, "quay.io/libpod/foobar:latest", []string{}, nil) + Expect(err).ToNot(HaveOccurred(), err) + list, err := manifests.Inspect(bt.conn, id, nil) + Expect(err).ToNot(HaveOccurred()) + + Expect(len(list.Manifests)).To(BeZero()) + + removeReport, err := manifests.Delete(bt.conn, "quay.io/libpod/foobar:latest") + Expect(err).ToNot(HaveOccurred()) + Expect(len(removeReport.Deleted)).To(BeNumerically("==", 1)) + }) + It("inspect", func() { _, err := manifests.Inspect(bt.conn, "larry", nil) Expect(err).To(HaveOccurred()) diff --git a/pkg/domain/entities/engine_image.go b/pkg/domain/entities/engine_image.go index 5011d82aa..5f76ae50b 100644 --- a/pkg/domain/entities/engine_image.go +++ b/pkg/domain/entities/engine_image.go @@ -22,12 +22,12 @@ type ImageEngine interface { Push(ctx context.Context, source string, destination string, opts ImagePushOptions) error Remove(ctx context.Context, images []string, opts ImageRemoveOptions) (*ImageRemoveReport, []error) Save(ctx context.Context, nameOrID string, tags []string, options ImageSaveOptions) error + Scp(ctx context.Context, src, dst string, parentFlags []string, quiet bool) error Search(ctx context.Context, term string, opts ImageSearchOptions) ([]ImageSearchReport, error) SetTrust(ctx context.Context, args []string, options SetTrustOptions) error ShowTrust(ctx context.Context, args []string, options ShowTrustOptions) (*ShowTrustReport, error) Shutdown(ctx context.Context) Tag(ctx context.Context, nameOrID string, tags []string, options ImageTagOptions) error - Transfer(ctx context.Context, source ImageScpOptions, dest ImageScpOptions, parentFlags []string) error Tree(ctx context.Context, nameOrID string, options ImageTreeOptions) (*ImageTreeReport, error) Unmount(ctx context.Context, images []string, options ImageUnmountOptions) ([]*ImageUnmountReport, error) Untag(ctx context.Context, nameOrID string, tags []string, options ImageUntagOptions) error diff --git a/pkg/domain/entities/images.go b/pkg/domain/entities/images.go index 11f6e8687..da317cfad 100644 --- a/pkg/domain/entities/images.go +++ b/pkg/domain/entities/images.go @@ -325,6 +325,8 @@ type ImageScpOptions struct { Image string `json:"image,omitempty"` // User is used in conjunction with Transfer to determine if a valid user was given to save from/load into User string `json:"user,omitempty"` + // Tag is the name to be used for the image on the destination + Tag string `json:"tag,omitempty"` } // ImageScpConnections provides the ssh related information used in remote image transfer diff --git a/pkg/domain/entities/manifest.go b/pkg/domain/entities/manifest.go index 81f3e837b..e88c5f854 100644 --- a/pkg/domain/entities/manifest.go +++ b/pkg/domain/entities/manifest.go @@ -67,6 +67,21 @@ type ManifestModifyOptions struct { type ManifestRemoveOptions struct { } +// ManifestRemoveReport provides the model for the removed manifest +// +// swagger:model +type ManifestRemoveReport struct { + // Deleted manifest list. + Deleted []string `json:",omitempty"` + // Untagged images. Can be longer than Deleted. + Untagged []string `json:",omitempty"` + // Errors associated with operation + Errors []string `json:",omitempty"` + // ExitCode describes the exit codes as described in the `podman rmi` + // man page. + ExitCode int +} + // ManifestModifyReport provides the model for removed digests and changed manifest // // swagger:model diff --git a/pkg/domain/entities/reports/scp.go b/pkg/domain/entities/reports/scp.go new file mode 100644 index 000000000..1e102bab3 --- /dev/null +++ b/pkg/domain/entities/reports/scp.go @@ -0,0 +1,5 @@ +package reports + +type ScpReport struct { + Id string `json:"Id"` //nolint:revive,stylecheck +} diff --git a/pkg/domain/infra/abi/containers.go b/pkg/domain/infra/abi/containers.go index 281e448f6..1688be57e 100644 --- a/pkg/domain/infra/abi/containers.go +++ b/pkg/domain/infra/abi/containers.go @@ -2,6 +2,7 @@ package abi import ( "context" + "errors" "fmt" "io/ioutil" "os" @@ -32,7 +33,6 @@ import ( "github.com/containers/podman/v4/pkg/specgenutil" "github.com/containers/podman/v4/pkg/util" "github.com/containers/storage" - "github.com/pkg/errors" "github.com/sirupsen/logrus" ) @@ -80,7 +80,7 @@ func getContainersByContext(all, latest bool, names []string, runtime *libpod.Ru func (ic *ContainerEngine) ContainerExists(ctx context.Context, nameOrID string, options entities.ContainerExistsOptions) (*entities.BoolReport, error) { _, err := ic.Libpod.LookupContainer(nameOrID) if err != nil { - if errors.Cause(err) != define.ErrNoSuchCtr { + if !errors.Is(err, define.ErrNoSuchCtr) { return nil, err } if options.External { @@ -120,7 +120,7 @@ func (ic *ContainerEngine) ContainerPause(ctx context.Context, namesOrIds []stri report := make([]*entities.PauseUnpauseReport, 0, len(ctrs)) for _, c := range ctrs { err := c.Pause() - if err != nil && options.All && errors.Cause(err) == define.ErrCtrStateInvalid { + if err != nil && options.All && errors.Is(err, define.ErrCtrStateInvalid) { logrus.Debugf("Container %s is not running", c.ID()) continue } @@ -137,7 +137,7 @@ func (ic *ContainerEngine) ContainerUnpause(ctx context.Context, namesOrIds []st report := make([]*entities.PauseUnpauseReport, 0, len(ctrs)) for _, c := range ctrs { err := c.Unpause() - if err != nil && options.All && errors.Cause(err) == define.ErrCtrStateInvalid { + if err != nil && options.All && errors.Is(err, define.ErrCtrStateInvalid) { logrus.Debugf("Container %s is not paused", c.ID()) continue } @@ -148,7 +148,7 @@ func (ic *ContainerEngine) ContainerUnpause(ctx context.Context, namesOrIds []st func (ic *ContainerEngine) ContainerStop(ctx context.Context, namesOrIds []string, options entities.StopOptions) ([]*entities.StopReport, error) { names := namesOrIds ctrs, rawInputs, err := getContainersAndInputByContext(options.All, options.Latest, names, ic.Libpod) - if err != nil && !(options.Ignore && errors.Cause(err) == define.ErrNoSuchCtr) { + if err != nil && !(options.Ignore && errors.Is(err, define.ErrNoSuchCtr)) { return nil, err } ctrMap := map[string]string{} @@ -166,13 +166,13 @@ func (ic *ContainerEngine) ContainerStop(ctx context.Context, namesOrIds []strin } if err != nil { switch { - case errors.Cause(err) == define.ErrCtrStopped: + case errors.Is(err, define.ErrCtrStopped): logrus.Debugf("Container %s is already stopped", c.ID()) - case options.All && errors.Cause(err) == define.ErrCtrStateInvalid: + case options.All && errors.Is(err, define.ErrCtrStateInvalid): logrus.Debugf("Container %s is not running, could not stop", c.ID()) // container never created in OCI runtime // docker parity: do nothing just return container id - case errors.Cause(err) == define.ErrCtrStateInvalid: + case errors.Is(err, define.ErrCtrStateInvalid): logrus.Debugf("Container %s is either not created on runtime or is in a invalid state", c.ID()) default: return err @@ -238,7 +238,7 @@ func (ic *ContainerEngine) ContainerKill(ctx context.Context, namesOrIds []strin reports := make([]*entities.KillReport, 0, len(ctrs)) for _, con := range ctrs { err := con.Kill(uint(sig)) - if options.All && errors.Cause(err) == define.ErrCtrStateInvalid { + if options.All && errors.Is(err, define.ErrCtrStateInvalid) { logrus.Debugf("Container %s is not running", con.ID()) continue } @@ -289,8 +289,7 @@ func (ic *ContainerEngine) removeContainer(ctx context.Context, ctr *libpod.Cont return nil } logrus.Debugf("Failed to remove container %s: %s", ctr.ID(), err.Error()) - switch errors.Cause(err) { - case define.ErrNoSuchCtr: + if errors.Is(err, define.ErrNoSuchCtr) { // Ignore if the container does not exist (anymore) when either // it has been requested by the user of if the container is a // service one. Service containers are removed along with its @@ -301,7 +300,7 @@ func (ic *ContainerEngine) removeContainer(ctx context.Context, ctr *libpod.Cont logrus.Debugf("Ignoring error (--allow-missing): %v", err) return nil } - case define.ErrCtrRemoved: + } else if errors.Is(err, define.ErrCtrRemoved) { return nil } return err @@ -317,15 +316,15 @@ func (ic *ContainerEngine) ContainerRm(ctx context.Context, namesOrIds []string, for _, ctr := range names { report := reports.RmReport{Id: ctr} report.Err = ic.Libpod.RemoveStorageContainer(ctr, options.Force) - switch errors.Cause(report.Err) { - case nil: + //nolint:gocritic + if report.Err == nil { // remove container names that we successfully deleted rmReports = append(rmReports, &report) - case define.ErrNoSuchCtr, define.ErrCtrExists: + } else if errors.Is(report.Err, define.ErrNoSuchCtr) || errors.Is(report.Err, define.ErrCtrExists) { // There is still a potential this is a libpod container tmpNames = append(tmpNames, ctr) - default: - if _, err := ic.Libpod.LookupContainer(ctr); errors.Cause(err) == define.ErrNoSuchCtr { + } else { + if _, err := ic.Libpod.LookupContainer(ctr); errors.Is(err, define.ErrNoSuchCtr) { // remove container failed, but not a libpod container rmReports = append(rmReports, &report) continue @@ -337,7 +336,7 @@ func (ic *ContainerEngine) ContainerRm(ctx context.Context, namesOrIds []string, names = tmpNames ctrs, err := getContainersByContext(options.All, options.Latest, names, ic.Libpod) - if err != nil && !(options.Ignore && errors.Cause(err) == define.ErrNoSuchCtr) { + if err != nil && !(options.Ignore && errors.Is(err, define.ErrNoSuchCtr)) { // Failed to get containers. If force is specified, get the containers ID // and evict them if !options.Force { @@ -349,7 +348,7 @@ func (ic *ContainerEngine) ContainerRm(ctx context.Context, namesOrIds []string, report := reports.RmReport{Id: ctr} _, err := ic.Libpod.EvictContainer(ctx, ctr, options.Volumes) if err != nil { - if options.Ignore && errors.Cause(err) == define.ErrNoSuchCtr { + if options.Ignore && errors.Is(err, define.ErrNoSuchCtr) { logrus.Debugf("Ignoring error (--allow-missing): %v", err) rmReports = append(rmReports, &report) continue @@ -426,7 +425,7 @@ func (ic *ContainerEngine) ContainerInspect(ctx context.Context, namesOrIds []st ctr, err := ic.Libpod.GetLatestContainer() if err != nil { if errors.Is(err, define.ErrNoSuchCtr) { - return nil, []error{errors.Wrapf(err, "no containers to inspect")}, nil + return nil, []error{fmt.Errorf("no containers to inspect: %w", err)}, nil } return nil, nil, err } @@ -452,7 +451,7 @@ func (ic *ContainerEngine) ContainerInspect(ctx context.Context, namesOrIds []st // ErrNoSuchCtr is non-fatal, other errors will be // treated as fatal. if errors.Is(err, define.ErrNoSuchCtr) { - errs = append(errs, errors.Errorf("no such container %s", name)) + errs = append(errs, fmt.Errorf("no such container %s", name)) continue } return nil, nil, err @@ -463,7 +462,7 @@ func (ic *ContainerEngine) ContainerInspect(ctx context.Context, namesOrIds []st // ErrNoSuchCtr is non-fatal, other errors will be // treated as fatal. if errors.Is(err, define.ErrNoSuchCtr) { - errs = append(errs, errors.Errorf("no such container %s", name)) + errs = append(errs, fmt.Errorf("no such container %s", name)) continue } return nil, nil, err @@ -487,7 +486,7 @@ func (ic *ContainerEngine) ContainerTop(ctx context.Context, options entities.To container, err = ic.Libpod.LookupContainer(options.NameOrID) } if err != nil { - return nil, errors.Wrap(err, "unable to look up requested container") + return nil, fmt.Errorf("unable to look up requested container: %w", err) } // Run Top. @@ -512,12 +511,12 @@ func (ic *ContainerEngine) ContainerCommit(ctx context.Context, nameOrID string, case "oci": mimeType = buildah.OCIv1ImageManifest if len(options.Message) > 0 { - return nil, errors.Errorf("messages are only compatible with the docker image format (-f docker)") + return nil, fmt.Errorf("messages are only compatible with the docker image format (-f docker)") } case "docker": mimeType = manifest.DockerV2Schema2MediaType default: - return nil, errors.Errorf("unrecognized image format %q", options.Format) + return nil, fmt.Errorf("unrecognized image format %q", options.Format) } sc := ic.Libpod.SystemContext() @@ -660,7 +659,7 @@ func (ic *ContainerEngine) ContainerRestore(ctx context.Context, namesOrIds []st // CRImportCheckpoint is expected to import exactly one container from checkpoint image checkpointImageImportErrors = append( checkpointImageImportErrors, - errors.Errorf("unable to import checkpoint from image: %q: %v", nameOrID, err), + fmt.Errorf("unable to import checkpoint from image: %q: %v", nameOrID, err), ) } else { containers = append(containers, importedContainers[0]) @@ -720,16 +719,16 @@ func (ic *ContainerEngine) ContainerAttach(ctx context.Context, nameOrID string, ctr := ctrs[0] conState, err := ctr.State() if err != nil { - return errors.Wrapf(err, "unable to determine state of %s", ctr.ID()) + return fmt.Errorf("unable to determine state of %s: %w", ctr.ID(), err) } if conState != define.ContainerStateRunning { - return errors.Errorf("you can only attach to running containers") + return fmt.Errorf("you can only attach to running containers") } // If the container is in a pod, also set to recursively start dependencies err = terminal.StartAttachCtr(ctx, ctr, options.Stdout, options.Stderr, options.Stdin, options.DetachKeys, options.SigProxy, false) - if err != nil && errors.Cause(err) != define.ErrDetach { - return errors.Wrapf(err, "error attaching to container %s", ctr.ID()) + if err != nil && !errors.Is(err, define.ErrDetach) { + return fmt.Errorf("error attaching to container %s: %w", ctr.ID(), err) } os.Stdout.WriteString("\n") return nil @@ -751,12 +750,12 @@ func makeExecConfig(options entities.ExecOptions, rt *libpod.Runtime) (*libpod.E storageConfig := rt.StorageConfig() runtimeConfig, err := rt.GetConfig() if err != nil { - return nil, errors.Wrapf(err, "error retrieving Libpod configuration to build exec exit command") + return nil, fmt.Errorf("error retrieving Libpod configuration to build exec exit command: %w", err) } // TODO: Add some ability to toggle syslog exitCommandArgs, err := specgenutil.CreateExitCommandArgs(storageConfig, runtimeConfig, logrus.IsLevelEnabled(logrus.DebugLevel), false, true) if err != nil { - return nil, errors.Wrapf(err, "error constructing exit command for exec session") + return nil, fmt.Errorf("error constructing exit command for exec session: %w", err) } execConfig.ExitCommand = exitCommandArgs @@ -774,7 +773,7 @@ func checkExecPreserveFDs(options entities.ExecOptions) error { for _, e := range entries { i, err := strconv.Atoi(e.Name()) if err != nil { - return errors.Wrapf(err, "cannot parse %s in /proc/self/fd", e.Name()) + return fmt.Errorf("cannot parse %s in /proc/self/fd: %w", e.Name(), err) } m[i] = true } @@ -891,7 +890,7 @@ func (ic *ContainerEngine) ContainerStart(ctx context.Context, namesOrIds []stri if options.Attach { err = terminal.StartAttachCtr(ctx, ctr, options.Stdout, options.Stderr, options.Stdin, options.DetachKeys, options.SigProxy, !ctrRunning) - if errors.Cause(err) == define.ErrDetach { + if errors.Is(err, define.ErrDetach) { // User manually detached // Exit cleanly immediately reports = append(reports, &entities.ContainerStartReport{ @@ -903,7 +902,7 @@ func (ic *ContainerEngine) ContainerStart(ctx context.Context, namesOrIds []stri return reports, nil } - if errors.Cause(err) == define.ErrWillDeadlock { + if errors.Is(err, define.ErrWillDeadlock) { logrus.Debugf("Deadlock error: %v", err) reports = append(reports, &entities.ContainerStartReport{ Id: ctr.ID(), @@ -911,7 +910,7 @@ func (ic *ContainerEngine) ContainerStart(ctx context.Context, namesOrIds []stri Err: err, ExitCode: define.ExitCode(err), }) - return reports, errors.Errorf("attempting to start container %s would cause a deadlock; please run 'podman system renumber' to resolve", ctr.ID()) + return reports, fmt.Errorf("attempting to start container %s would cause a deadlock; please run 'podman system renumber' to resolve", ctr.ID()) } if ctrRunning { @@ -936,7 +935,7 @@ func (ic *ContainerEngine) ContainerStart(ctx context.Context, namesOrIds []stri logrus.Errorf("Removing container %s: %v", ctr.ID(), err) } } - return reports, errors.Wrapf(err, "unable to start container %s", ctr.ID()) + return reports, fmt.Errorf("unable to start container %s: %w", ctr.ID(), err) } exitCode = ic.GetContainerExitCode(ctx, ctr) @@ -960,12 +959,12 @@ func (ic *ContainerEngine) ContainerStart(ctx context.Context, namesOrIds []stri } if err := ctr.Start(ctx, true); err != nil { report.Err = err - if errors.Cause(err) == define.ErrWillDeadlock { - report.Err = errors.Wrapf(err, "please run 'podman system renumber' to resolve deadlocks") + if errors.Is(err, define.ErrWillDeadlock) { + report.Err = fmt.Errorf("please run 'podman system renumber' to resolve deadlocks: %w", err) reports = append(reports, report) continue } - report.Err = errors.Wrapf(err, "unable to start container %q", ctr.ID()) + report.Err = fmt.Errorf("unable to start container %q: %w", ctr.ID(), err) reports = append(reports, report) if ctr.AutoRemove() { if err := ic.removeContainer(ctx, ctr, entities.RmOptions{}); err != nil { @@ -1001,7 +1000,7 @@ func (ic *ContainerEngine) Diff(ctx context.Context, namesOrIDs []string, opts e if opts.Latest { ctnr, err := ic.Libpod.GetLatestContainer() if err != nil { - return nil, errors.Wrap(err, "unable to get latest container") + return nil, fmt.Errorf("unable to get latest container: %w", err) } base = ctnr.ID() } @@ -1064,7 +1063,7 @@ func (ic *ContainerEngine) ContainerRun(ctx context.Context, opts entities.Conta // We've manually detached from the container // Do not perform cleanup, or wait for container exit code // Just exit immediately - if errors.Cause(err) == define.ErrDetach { + if errors.Is(err, define.ErrDetach) { report.ExitCode = 0 return &report, nil } @@ -1074,10 +1073,10 @@ func (ic *ContainerEngine) ContainerRun(ctx context.Context, opts entities.Conta logrus.Debugf("unable to remove container %s after failing to start and attach to it", ctr.ID()) } } - if errors.Cause(err) == define.ErrWillDeadlock { + if errors.Is(err, define.ErrWillDeadlock) { logrus.Debugf("Deadlock error on %q: %v", ctr.ID(), err) report.ExitCode = define.ExitCode(err) - return &report, errors.Errorf("attempting to start container %s would cause a deadlock; please run 'podman system renumber' to resolve", ctr.ID()) + return &report, fmt.Errorf("attempting to start container %s would cause a deadlock; please run 'podman system renumber' to resolve", ctr.ID()) } report.ExitCode = define.ExitCode(err) return &report, err @@ -1086,8 +1085,8 @@ func (ic *ContainerEngine) ContainerRun(ctx context.Context, opts entities.Conta if opts.Rm && !ctr.ShouldRestart(ctx) { var timeout *uint if err := ic.Libpod.RemoveContainer(ctx, ctr, false, true, timeout); err != nil { - if errors.Cause(err) == define.ErrNoSuchCtr || - errors.Cause(err) == define.ErrCtrRemoved { + if errors.Is(err, define.ErrNoSuchCtr) || + errors.Is(err, define.ErrCtrRemoved) { logrus.Infof("Container %s was already removed, skipping --rm", ctr.ID()) } else { logrus.Errorf("Removing container %s: %v", ctr.ID(), err) @@ -1180,12 +1179,12 @@ func (ic *ContainerEngine) ContainerCleanup(ctx context.Context, namesOrIds []st var timeout *uint err = ic.Libpod.RemoveContainer(ctx, ctr, false, true, timeout) if err != nil { - report.RmErr = errors.Wrapf(err, "failed to clean up and remove container %v", ctr.ID()) + report.RmErr = fmt.Errorf("failed to clean up and remove container %v: %w", ctr.ID(), err) } } else { err := ctr.Cleanup(ctx) if err != nil { - report.CleanErr = errors.Wrapf(err, "failed to clean up container %v", ctr.ID()) + report.CleanErr = fmt.Errorf("failed to clean up container %v: %w", ctr.ID(), err) } } @@ -1212,7 +1211,7 @@ func (ic *ContainerEngine) ContainerInit(ctx context.Context, namesOrIds []strin err := ctr.Init(ctx, ctr.PodID() != "") // If we're initializing all containers, ignore invalid state errors - if options.All && errors.Cause(err) == define.ErrCtrStateInvalid { + if options.All && errors.Is(err, define.ErrCtrStateInvalid) { err = nil } report.Err = err @@ -1323,7 +1322,7 @@ func (ic *ContainerEngine) ContainerUnmount(ctx context.Context, nameOrIDs []str if mounted { report := entities.ContainerUnmountReport{Id: sctr.ID} if _, report.Err = ic.Libpod.UnmountStorageContainer(sctr.ID, options.Force); report.Err != nil { - if errors.Cause(report.Err) != define.ErrCtrExists { + if !errors.Is(report.Err, define.ErrCtrExists) { reports = append(reports, &report) } } else { @@ -1357,11 +1356,11 @@ func (ic *ContainerEngine) ContainerUnmount(ctx context.Context, nameOrIDs []str report := entities.ContainerUnmountReport{Id: ctr.ID()} if err := ctr.Unmount(options.Force); err != nil { - if options.All && errors.Cause(err) == storage.ErrLayerNotMounted { + if options.All && errors.Is(err, storage.ErrLayerNotMounted) { logrus.Debugf("Error umounting container %s, storage.ErrLayerNotMounted", ctr.ID()) continue } - report.Err = errors.Wrapf(err, "error unmounting container %s", ctr.ID()) + report.Err = fmt.Errorf("error unmounting container %s: %w", ctr.ID(), err) } reports = append(reports, &report) } @@ -1410,7 +1409,7 @@ func (ic *ContainerEngine) Shutdown(_ context.Context) { func (ic *ContainerEngine) ContainerStats(ctx context.Context, namesOrIds []string, options entities.ContainerStatsOptions) (statsChan chan entities.ContainerStatsReport, err error) { if options.Interval < 1 { - return nil, errors.New("Invalid interval, must be a positive number greater zero") + return nil, errors.New("invalid interval, must be a positive number greater zero") } if rootless.IsRootless() { unified, err := cgroups.IsCgroup2UnifiedMode() @@ -1465,19 +1464,18 @@ func (ic *ContainerEngine) ContainerStats(ctx context.Context, namesOrIds []stri computeStats := func() ([]define.ContainerStats, error) { containers, err = containerFunc() if err != nil { - return nil, errors.Wrapf(err, "unable to get list of containers") + return nil, fmt.Errorf("unable to get list of containers: %w", err) } reportStats := []define.ContainerStats{} for _, ctr := range containers { stats, err := ctr.GetContainerStats(containerStats[ctr.ID()]) if err != nil { - cause := errors.Cause(err) - if queryAll && (cause == define.ErrCtrRemoved || cause == define.ErrNoSuchCtr || cause == define.ErrCtrStateInvalid) { + if queryAll && (errors.Is(err, define.ErrCtrRemoved) || errors.Is(err, define.ErrNoSuchCtr) || errors.Is(err, define.ErrCtrStateInvalid)) { continue } - if cause == cgroups.ErrCgroupV1Rootless { - err = cause + if errors.Is(err, cgroups.ErrCgroupV1Rootless) { + err = cgroups.ErrCgroupV1Rootless } return nil, err } diff --git a/pkg/domain/infra/abi/images.go b/pkg/domain/infra/abi/images.go index d63de2424..02aa5923d 100644 --- a/pkg/domain/infra/abi/images.go +++ b/pkg/domain/infra/abi/images.go @@ -3,6 +3,7 @@ package abi import ( "context" "fmt" + "io/fs" "io/ioutil" "net/url" "os" @@ -29,7 +30,6 @@ import ( domainUtils "github.com/containers/podman/v4/pkg/domain/utils" "github.com/containers/podman/v4/pkg/errorhandling" "github.com/containers/podman/v4/pkg/rootless" - "github.com/containers/podman/v4/utils" "github.com/containers/storage" dockerRef "github.com/docker/distribution/reference" "github.com/opencontainers/go-digest" @@ -350,22 +350,6 @@ func (ir *ImageEngine) Push(ctx context.Context, source string, destination stri } return pushError } - -// Transfer moves images between root and rootless storage so the user specified in the scp call can access and use the image modified by root -func (ir *ImageEngine) Transfer(ctx context.Context, source entities.ImageScpOptions, dest entities.ImageScpOptions, parentFlags []string) error { - if source.User == "" { - return errors.Wrapf(define.ErrInvalidArg, "you must define a user when transferring from root to rootless storage") - } - podman, err := os.Executable() - if err != nil { - return err - } - if rootless.IsRootless() && (len(dest.User) == 0 || dest.User == "root") { // if we are rootless and do not have a destination user we can just use sudo - return transferRootless(source, dest, podman, parentFlags) - } - return transferRootful(source, dest, podman, parentFlags) -} - func (ir *ImageEngine) Tag(ctx context.Context, nameOrID string, tags []string, options entities.ImageTagOptions) error { // Allow tagging manifest list instead of resolving instances from manifest lookupOptions := &libimage.LookupImageOptions{ManifestList: true} @@ -694,53 +678,32 @@ func (ir *ImageEngine) Sign(ctx context.Context, names []string, options entitie return nil, nil } -func getSigFilename(sigStoreDirPath string) (string, error) { - sigFileSuffix := 1 - sigFiles, err := ioutil.ReadDir(sigStoreDirPath) +func (ir *ImageEngine) Scp(ctx context.Context, src, dst string, parentFlags []string, quiet bool) error { + rep, source, dest, flags, err := domainUtils.ExecuteTransfer(src, dst, parentFlags, quiet) if err != nil { - return "", err - } - sigFilenames := make(map[string]bool) - for _, file := range sigFiles { - sigFilenames[file.Name()] = true + return err } - for { - sigFilename := "signature-" + strconv.Itoa(sigFileSuffix) - if _, exists := sigFilenames[sigFilename]; !exists { - return sigFilename, nil + if (rep == nil && err == nil) && (source != nil && dest != nil) { // we need to execute the transfer + err := Transfer(ctx, *source, *dest, flags) + if err != nil { + return err } - sigFileSuffix++ - } -} - -func localPathFromURI(url *url.URL) (string, error) { - if url.Scheme != "file" { - return "", errors.Errorf("writing to %s is not supported. Use a supported scheme", url.String()) } - return url.Path, nil + return nil } -// putSignature creates signature and saves it to the signstore file -func putSignature(manifestBlob []byte, mech signature.SigningMechanism, sigStoreDir string, instanceDigest digest.Digest, dockerReference dockerRef.Reference, options entities.SignOptions) error { - newSig, err := signature.SignDockerManifest(manifestBlob, dockerReference.String(), mech, options.SignBy) - if err != nil { - return err - } - signatureDir := fmt.Sprintf("%s@%s=%s", sigStoreDir, instanceDigest.Algorithm(), instanceDigest.Hex()) - if err := os.MkdirAll(signatureDir, 0751); err != nil { - // The directory is allowed to exist - if !os.IsExist(err) { - return err - } +func Transfer(ctx context.Context, source entities.ImageScpOptions, dest entities.ImageScpOptions, parentFlags []string) error { + if source.User == "" { + return errors.Wrapf(define.ErrInvalidArg, "you must define a user when transferring from root to rootless storage") } - sigFilename, err := getSigFilename(signatureDir) + podman, err := os.Executable() if err != nil { return err } - if err = ioutil.WriteFile(filepath.Join(signatureDir, sigFilename), newSig, 0644); err != nil { - return err + if rootless.IsRootless() && (len(dest.User) == 0 || dest.User == "root") { // if we are rootless and do not have a destination user we can just use sudo + return transferRootless(source, dest, podman, parentFlags) } - return nil + return transferRootful(source, dest, podman, parentFlags) } // TransferRootless creates new podman processes using exec.Command and sudo, transferring images between the given source and destination users @@ -763,7 +726,7 @@ func transferRootless(source entities.ImageScpOptions, dest entities.ImageScpOpt } else { cmdSave = exec.Command(podman) } - cmdSave = utils.CreateSCPCommand(cmdSave, saveCommand) + cmdSave = domainUtils.CreateSCPCommand(cmdSave, saveCommand) logrus.Debugf("Executing save command: %q", cmdSave) err := cmdSave.Run() if err != nil { @@ -776,8 +739,11 @@ func transferRootless(source entities.ImageScpOptions, dest entities.ImageScpOpt } else { cmdLoad = exec.Command(podman) } - cmdLoad = utils.CreateSCPCommand(cmdLoad, loadCommand) + cmdLoad = domainUtils.CreateSCPCommand(cmdLoad, loadCommand) logrus.Debugf("Executing load command: %q", cmdLoad) + if len(dest.Tag) > 0 { + return domainUtils.ScpTag(cmdLoad, podman, dest) + } return cmdLoad.Run() } @@ -833,11 +799,20 @@ func transferRootful(source entities.ImageScpOptions, dest entities.ImageScpOpti return err } } - err = execPodman(uSave, saveCommand) + _, err = execTransferPodman(uSave, saveCommand, false) + if err != nil { + return err + } + out, err := execTransferPodman(uLoad, loadCommand, (len(dest.Tag) > 0)) if err != nil { return err } - return execPodman(uLoad, loadCommand) + if out != nil { + image := domainUtils.ExtractImage(out) + _, err := execTransferPodman(uLoad, []string{podman, "tag", image, dest.Tag}, false) + return err + } + return nil } func lookupUser(u string) (*user.User, error) { @@ -847,10 +822,10 @@ func lookupUser(u string) (*user.User, error) { return user.Lookup(u) } -func execPodman(execUser *user.User, command []string) error { - cmdLogin, err := utils.LoginUser(execUser.Username) +func execTransferPodman(execUser *user.User, command []string, needToTag bool) ([]byte, error) { + cmdLogin, err := domainUtils.LoginUser(execUser.Username) if err != nil { - return err + return nil, err } defer func() { @@ -864,11 +839,11 @@ func execPodman(execUser *user.User, command []string) error { cmd.Stdout = os.Stdout uid, err := strconv.ParseInt(execUser.Uid, 10, 32) if err != nil { - return err + return nil, err } gid, err := strconv.ParseInt(execUser.Gid, 10, 32) if err != nil { - return err + return nil, err } cmd.SysProcAttr = &syscall.SysProcAttr{ Credential: &syscall.Credential{ @@ -878,5 +853,55 @@ func execPodman(execUser *user.User, command []string) error { NoSetGroups: false, }, } - return cmd.Run() + if needToTag { + cmd.Stdout = nil + return cmd.Output() + } + return nil, cmd.Run() +} + +func getSigFilename(sigStoreDirPath string) (string, error) { + sigFileSuffix := 1 + sigFiles, err := ioutil.ReadDir(sigStoreDirPath) + if err != nil { + return "", err + } + sigFilenames := make(map[string]bool) + for _, file := range sigFiles { + sigFilenames[file.Name()] = true + } + for { + sigFilename := "signature-" + strconv.Itoa(sigFileSuffix) + if _, exists := sigFilenames[sigFilename]; !exists { + return sigFilename, nil + } + sigFileSuffix++ + } +} + +func localPathFromURI(url *url.URL) (string, error) { + if url.Scheme != "file" { + return "", errors.Errorf("writing to %s is not supported. Use a supported scheme", url.String()) + } + return url.Path, nil +} + +// putSignature creates signature and saves it to the signstore file +func putSignature(manifestBlob []byte, mech signature.SigningMechanism, sigStoreDir string, instanceDigest digest.Digest, dockerReference dockerRef.Reference, options entities.SignOptions) error { + newSig, err := signature.SignDockerManifest(manifestBlob, dockerReference.String(), mech, options.SignBy) + if err != nil { + return err + } + signatureDir := fmt.Sprintf("%s@%s=%s", sigStoreDir, instanceDigest.Algorithm(), instanceDigest.Hex()) + if err := os.MkdirAll(signatureDir, 0751); err != nil { + // The directory is allowed to exist + if !errors.Is(err, fs.ErrExist) { + return err + } + } + sigFilename, err := getSigFilename(signatureDir) + if err != nil { + return err + } + return ioutil.WriteFile(filepath.Join(signatureDir, sigFilename), newSig, 0644) } diff --git a/pkg/domain/infra/abi/parse/parse.go b/pkg/domain/infra/abi/parse/parse.go index 66794e592..4e8c2e508 100644 --- a/pkg/domain/infra/abi/parse/parse.go +++ b/pkg/domain/infra/abi/parse/parse.go @@ -78,6 +78,16 @@ func VolumeOptions(opts map[string]string) ([]libpod.VolumeCreateOption, error) libpodOptions = append(libpodOptions, libpod.WithVolumeDisableQuota()) // set option "NOQUOTA": "true" volumeOptions["NOQUOTA"] = "true" + case "timeout": + if len(splitO) != 2 { + return nil, errors.Wrapf(define.ErrInvalidArg, "timeout option must provide a valid timeout in seconds") + } + intTimeout, err := strconv.Atoi(splitO[1]) + if err != nil { + return nil, errors.Wrapf(err, "cannot convert Timeout %s to an integer", splitO[1]) + } + logrus.Debugf("Removing timeout from options and adding WithTimeout for Timeout %d", intTimeout) + libpodOptions = append(libpodOptions, libpod.WithVolumeDriverTimeout(intTimeout)) default: finalVal = append(finalVal, o) } diff --git a/pkg/domain/infra/abi/system.go b/pkg/domain/infra/abi/system.go index 6e26026d4..2bd88ed85 100644 --- a/pkg/domain/infra/abi/system.go +++ b/pkg/domain/infra/abi/system.go @@ -319,8 +319,8 @@ func (ic *ContainerEngine) SystemDf(ctx context.Context, options entities.System } dfVolumes := make([]*entities.SystemDfVolumeReport, 0, len(vols)) - var reclaimableSize uint64 for _, v := range vols { + var reclaimableSize uint64 var consInUse int mountPoint, err := v.MountPoint() if err != nil { @@ -341,7 +341,7 @@ func (ic *ContainerEngine) SystemDf(ctx context.Context, options entities.System return nil, err } if len(inUse) == 0 { - reclaimableSize += volSize + reclaimableSize = volSize } for _, viu := range inUse { if cutil.StringInSlice(viu, runningContainers) { diff --git a/pkg/domain/infra/tunnel/images.go b/pkg/domain/infra/tunnel/images.go index 97838d596..09f8ac4c3 100644 --- a/pkg/domain/infra/tunnel/images.go +++ b/pkg/domain/infra/tunnel/images.go @@ -2,6 +2,7 @@ package tunnel import ( "context" + "fmt" "io/ioutil" "os" "strconv" @@ -12,7 +13,6 @@ import ( "github.com/containers/common/pkg/config" "github.com/containers/image/v5/docker/reference" "github.com/containers/image/v5/types" - "github.com/containers/podman/v4/libpod/define" "github.com/containers/podman/v4/pkg/bindings/images" "github.com/containers/podman/v4/pkg/domain/entities" "github.com/containers/podman/v4/pkg/domain/entities/reports" @@ -28,7 +28,7 @@ func (ir *ImageEngine) Exists(_ context.Context, nameOrID string) (*entities.Boo } func (ir *ImageEngine) Remove(ctx context.Context, imagesArg []string, opts entities.ImageRemoveOptions) (*entities.ImageRemoveReport, []error) { - options := new(images.RemoveOptions).WithForce(opts.Force).WithIgnore(opts.Ignore).WithAll(opts.All) + options := new(images.RemoveOptions).WithForce(opts.Force).WithIgnore(opts.Ignore).WithAll(opts.All).WithLookupManifest(opts.LookupManifest) return images.Remove(ir.ClientCtx, imagesArg, options) } @@ -123,10 +123,6 @@ func (ir *ImageEngine) Pull(ctx context.Context, rawImage string, opts entities. return &entities.ImagePullReport{Images: pulledImages}, nil } -func (ir *ImageEngine) Transfer(ctx context.Context, source entities.ImageScpOptions, dest entities.ImageScpOptions, parentFlags []string) error { - return errors.Wrapf(define.ErrNotImplemented, "cannot use the remote client to transfer images between root and rootless storage") -} - func (ir *ImageEngine) Tag(ctx context.Context, nameOrID string, tags []string, opt entities.ImageTagOptions) error { options := new(images.TagOptions) for _, newTag := range tags { @@ -367,3 +363,23 @@ func (ir *ImageEngine) Shutdown(_ context.Context) { func (ir *ImageEngine) Sign(ctx context.Context, names []string, options entities.SignOptions) (*entities.SignReport, error) { return nil, errors.New("not implemented yet") } + +func (ir *ImageEngine) Scp(ctx context.Context, src, dst string, parentFlags []string, quiet bool) error { + options := new(images.ScpOptions) + + var destination *string + if len(dst) > 1 { + destination = &dst + } + options.Quiet = &quiet + options.Destination = destination + + rep, err := images.Scp(ir.ClientCtx, &src, destination, *options) + if err != nil { + return err + } + + fmt.Println("Loaded Image(s):", rep.Id) + + return nil +} diff --git a/pkg/domain/utils/scp.go b/pkg/domain/utils/scp.go new file mode 100644 index 000000000..a4ff6b950 --- /dev/null +++ b/pkg/domain/utils/scp.go @@ -0,0 +1,581 @@ +package utils + +import ( + "bytes" + "fmt" + "io/ioutil" + "net" + "net/url" + "os" + "os/exec" + "os/user" + "strconv" + "strings" + "time" + + scpD "github.com/dtylman/scp" + + "github.com/containers/common/pkg/config" + "github.com/containers/podman/v4/libpod/define" + "github.com/containers/podman/v4/pkg/domain/entities" + "github.com/containers/podman/v4/pkg/terminal" + "github.com/docker/distribution/reference" + "github.com/pkg/errors" + "github.com/sirupsen/logrus" + "golang.org/x/crypto/ssh" + "golang.org/x/crypto/ssh/agent" +) + +func ExecuteTransfer(src, dst string, parentFlags []string, quiet bool) (*entities.ImageLoadReport, *entities.ImageScpOptions, *entities.ImageScpOptions, []string, error) { + source := entities.ImageScpOptions{} + dest := entities.ImageScpOptions{} + sshInfo := entities.ImageScpConnections{} + report := entities.ImageLoadReport{Names: []string{}} + + podman, err := os.Executable() + if err != nil { + return nil, nil, nil, nil, err + } + + f, err := ioutil.TempFile("", "podman") // open temp file for load/save output + if err != nil { + return nil, nil, nil, nil, err + } + + confR, err := config.NewConfig("") // create a hand made config for the remote engine since we might use remote and native at once + if err != nil { + return nil, nil, nil, nil, errors.Wrapf(err, "could not make config") + } + + cfg, err := config.ReadCustomConfig() // get ready to set ssh destination if necessary + if err != nil { + return nil, nil, nil, nil, err + } + locations := []*entities.ImageScpOptions{} + cliConnections := []string{} + args := []string{src} + if len(dst) > 0 { + args = append(args, dst) + } + for _, arg := range args { + loc, connect, err := ParseImageSCPArg(arg) + if err != nil { + return nil, nil, nil, nil, err + } + locations = append(locations, loc) + cliConnections = append(cliConnections, connect...) + } + source = *locations[0] + switch { + case len(locations) > 1: + if err = ValidateSCPArgs(locations); err != nil { + return nil, nil, nil, nil, err + } + dest = *locations[1] + case len(locations) == 1: + switch { + case len(locations[0].Image) == 0: + return nil, nil, nil, nil, errors.Wrapf(define.ErrInvalidArg, "no source image specified") + case len(locations[0].Image) > 0 && !locations[0].Remote && len(locations[0].User) == 0: // if we have podman image scp $IMAGE + return nil, nil, nil, nil, errors.Wrapf(define.ErrInvalidArg, "must specify a destination") + } + } + + source.Quiet = quiet + source.File = f.Name() // after parsing the arguments, set the file for the save/load + dest.File = source.File + if err = os.Remove(source.File); err != nil { // remove the file and simply use its name so podman creates the file upon save. avoids umask errors + return nil, nil, nil, nil, err + } + + allLocal := true // if we are all localhost, do not validate connections but if we are using one localhost and one non we need to use sshd + for _, val := range cliConnections { + if !strings.Contains(val, "@localhost::") { + allLocal = false + break + } + } + if allLocal { + cliConnections = []string{} + } + + var serv map[string]config.Destination + serv, err = GetServiceInformation(&sshInfo, cliConnections, cfg) + if err != nil { + return nil, nil, nil, nil, err + } + + confR.Engine = config.EngineConfig{Remote: true, CgroupManager: "cgroupfs", ServiceDestinations: serv} // pass the service dest (either remote or something else) to engine + saveCmd, loadCmd := CreateCommands(source, dest, parentFlags, podman) + + switch { + case source.Remote: // if we want to load FROM the remote, dest can either be local or remote in this case + err = SaveToRemote(source.Image, source.File, "", sshInfo.URI[0], sshInfo.Identities[0]) + if err != nil { + return nil, nil, nil, nil, err + } + if dest.Remote { // we want to load remote -> remote, both source and dest are remote + rep, id, err := LoadToRemote(dest, dest.File, "", sshInfo.URI[1], sshInfo.Identities[1]) + if err != nil { + return nil, nil, nil, nil, err + } + if len(rep) > 0 { + fmt.Println(rep) + } + if len(id) > 0 { + report.Names = append(report.Names, id) + } + break + } + id, err := ExecPodman(dest, podman, loadCmd) + if err != nil { + return nil, nil, nil, nil, err + } + if len(id) > 0 { + report.Names = append(report.Names, id) + } + case dest.Remote: // remote host load, implies source is local + _, err = ExecPodman(dest, podman, saveCmd) + if err != nil { + return nil, nil, nil, nil, err + } + rep, id, err := LoadToRemote(dest, source.File, "", sshInfo.URI[0], sshInfo.Identities[0]) + if err != nil { + return nil, nil, nil, nil, err + } + if len(rep) > 0 { + fmt.Println(rep) + } + if len(id) > 0 { + report.Names = append(report.Names, id) + } + if err = os.Remove(source.File); err != nil { + return nil, nil, nil, nil, err + } + default: // else native load, both source and dest are local and transferring between users + if source.User == "" { // source user has to be set, destination does not + source.User = os.Getenv("USER") + if source.User == "" { + u, err := user.Current() + if err != nil { + return nil, nil, nil, nil, errors.Wrapf(err, "could not obtain user, make sure the environmental variable $USER is set") + } + source.User = u.Username + } + } + return nil, &source, &dest, parentFlags, nil // transfer needs to be done in ABI due to cross issues + } + + return &report, nil, nil, nil, nil +} + +// CreateSCPCommand takes an existing command, appends the given arguments and returns a configured podman command for image scp +func CreateSCPCommand(cmd *exec.Cmd, command []string) *exec.Cmd { + cmd.Args = append(cmd.Args, command...) + cmd.Env = os.Environ() + cmd.Stderr = os.Stderr + cmd.Stdout = os.Stdout + return cmd +} + +// ScpTag is a helper function for native podman to tag an image after a local load from image SCP +func ScpTag(cmd *exec.Cmd, podman string, dest entities.ImageScpOptions) error { + cmd.Stdout = nil + out, err := cmd.Output() // this function captures the output temporarily in order to execute the next command + if err != nil { + return err + } + image := ExtractImage(out) + if cmd.Args[0] == "sudo" { // transferRootless will need the sudo since we are loading to sudo from a user acct + cmd = exec.Command("sudo", podman, "tag", image, dest.Tag) + } else { + cmd = exec.Command(podman, "tag", image, dest.Tag) + } + cmd.Stdout = os.Stdout + return cmd.Run() +} + +// ExtractImage pulls out the last line of output from save/load (image id) +func ExtractImage(out []byte) string { + fmt.Println(strings.TrimSuffix(string(out), "\n")) // print output + stringOut := string(out) // get all output + arrOut := strings.Split(stringOut, " ") // split it into an array + return strings.ReplaceAll(arrOut[len(arrOut)-1], "\n", "") // replace the trailing \n +} + +// LoginUser starts the user process on the host so that image scp can use systemd-run +func LoginUser(user string) (*exec.Cmd, error) { + sleep, err := exec.LookPath("sleep") + if err != nil { + return nil, err + } + machinectl, err := exec.LookPath("machinectl") + if err != nil { + return nil, err + } + cmd := exec.Command(machinectl, "shell", "-q", user+"@.host", sleep, "inf") + err = cmd.Start() + return cmd, err +} + +// loadToRemote takes image and remote connection information. it connects to the specified client +// and copies the saved image dir over to the remote host and then loads it onto the machine +// returns a string containing output or an error +func LoadToRemote(dest entities.ImageScpOptions, localFile string, tag string, url *url.URL, iden string) (string, string, error) { + dial, remoteFile, err := CreateConnection(url, iden) + if err != nil { + return "", "", err + } + defer dial.Close() + + n, err := scpD.CopyTo(dial, localFile, remoteFile) + if err != nil { + errOut := strconv.Itoa(int(n)) + " Bytes copied before error" + return " ", "", errors.Wrapf(err, errOut) + } + var run string + if tag != "" { + return "", "", errors.Wrapf(define.ErrInvalidArg, "Renaming of an image is currently not supported") + } + podman := os.Args[0] + run = podman + " image load --input=" + remoteFile + ";rm " + remoteFile // run ssh image load of the file copied via scp + out, err := ExecRemoteCommand(dial, run) + if err != nil { + return "", "", err + } + rep := strings.TrimSuffix(string(out), "\n") + outArr := strings.Split(rep, " ") + id := outArr[len(outArr)-1] + if len(dest.Tag) > 0 { // tag the remote image using the output ID + run = podman + " tag " + id + " " + dest.Tag + _, err = ExecRemoteCommand(dial, run) + if err != nil { + return "", "", err + } + } + return rep, id, nil +} + +// saveToRemote takes image information and remote connection information. it connects to the specified client +// and saves the specified image on the remote machine and then copies it to the specified local location +// returns an error if one occurs. +func SaveToRemote(image, localFile string, tag string, uri *url.URL, iden string) error { + dial, remoteFile, err := CreateConnection(uri, iden) + + if err != nil { + return err + } + defer dial.Close() + + if tag != "" { + return errors.Wrapf(define.ErrInvalidArg, "Renaming of an image is currently not supported") + } + podman := os.Args[0] + run := podman + " image save " + image + " --format=oci-archive --output=" + remoteFile // run ssh image load of the file copied via scp. Files are reverse in this case... + _, err = ExecRemoteCommand(dial, run) + if err != nil { + return err + } + n, err := scpD.CopyFrom(dial, remoteFile, localFile) + if _, conErr := ExecRemoteCommand(dial, "rm "+remoteFile); conErr != nil { + logrus.Errorf("Removing file on endpoint: %v", conErr) + } + if err != nil { + errOut := strconv.Itoa(int(n)) + " Bytes copied before error" + return errors.Wrapf(err, errOut) + } + return nil +} + +// makeRemoteFile creates the necessary remote file on the host to +// save or load the image to. returns a string with the file name or an error +func MakeRemoteFile(dial *ssh.Client) (string, error) { + run := "mktemp" + remoteFile, err := ExecRemoteCommand(dial, run) + if err != nil { + return "", err + } + return strings.TrimSuffix(string(remoteFile), "\n"), nil +} + +// createConnections takes a boolean determining which ssh client to dial +// and returns the dials client, its newly opened remote file, and an error if applicable. +func CreateConnection(url *url.URL, iden string) (*ssh.Client, string, error) { + cfg, err := ValidateAndConfigure(url, iden) + if err != nil { + return nil, "", err + } + dialAdd, err := ssh.Dial("tcp", url.Host, cfg) // dial the client + if err != nil { + return nil, "", errors.Wrapf(err, "failed to connect") + } + file, err := MakeRemoteFile(dialAdd) + if err != nil { + return nil, "", err + } + + return dialAdd, file, nil +} + +// GetSerivceInformation takes the parsed list of hosts to connect to and validates the information +func GetServiceInformation(sshInfo *entities.ImageScpConnections, cliConnections []string, cfg *config.Config) (map[string]config.Destination, error) { + var serv map[string]config.Destination + var urlS string + var iden string + for i, val := range cliConnections { + splitEnv := strings.SplitN(val, "::", 2) + sshInfo.Connections = append(sshInfo.Connections, splitEnv[0]) + conn, found := cfg.Engine.ServiceDestinations[sshInfo.Connections[i]] + if found { + urlS = conn.URI + iden = conn.Identity + } else { // no match, warn user and do a manual connection. + urlS = "ssh://" + sshInfo.Connections[i] + iden = "" + logrus.Warnf("Unknown connection name given. Please use system connection add to specify the default remote socket location") + } + urlFinal, err := url.Parse(urlS) // create an actual url to pass to exec command + if err != nil { + return nil, err + } + if urlFinal.User.Username() == "" { + if urlFinal.User, err = GetUserInfo(urlFinal); err != nil { + return nil, err + } + } + sshInfo.URI = append(sshInfo.URI, urlFinal) + sshInfo.Identities = append(sshInfo.Identities, iden) + } + return serv, nil +} + +// execPodman executes the podman save/load command given the podman binary +func ExecPodman(dest entities.ImageScpOptions, podman string, command []string) (string, error) { + cmd := exec.Command(podman) + CreateSCPCommand(cmd, command[1:]) + logrus.Debugf("Executing podman command: %q", cmd) + if strings.Contains(strings.Join(command, " "), "load") { // need to tag + if len(dest.Tag) > 0 { + return "", ScpTag(cmd, podman, dest) + } + cmd.Stdout = nil + out, err := cmd.Output() + if err != nil { + return "", err + } + img := ExtractImage(out) + return img, nil + } + return "", cmd.Run() +} + +// createCommands forms the podman save and load commands used by SCP +func CreateCommands(source entities.ImageScpOptions, dest entities.ImageScpOptions, parentFlags []string, podman string) ([]string, []string) { + var parentString string + quiet := "" + if source.Quiet { + quiet = "-q " + } + if len(parentFlags) > 0 { + parentString = strings.Join(parentFlags, " ") + " " // if there are parent args, an extra space needs to be added + } else { + parentString = strings.Join(parentFlags, " ") + } + loadCmd := strings.Split(fmt.Sprintf("%s %sload %s--input %s", podman, parentString, quiet, dest.File), " ") + saveCmd := strings.Split(fmt.Sprintf("%s %vsave %s--output %s %s", podman, parentString, quiet, source.File, source.Image), " ") + return saveCmd, loadCmd +} + +// parseImageSCPArg returns the valid connection, and source/destination data based off of the information provided by the user +// arg is a string containing one of the cli arguments returned is a filled out source/destination options structs as well as a connections array and an error if applicable +func ParseImageSCPArg(arg string) (*entities.ImageScpOptions, []string, error) { + location := entities.ImageScpOptions{} + var err error + cliConnections := []string{} + + switch { + case strings.Contains(arg, "@localhost::"): // image transfer between users + location.User = strings.Split(arg, "@")[0] + location, err = ValidateImagePortion(location, arg) + if err != nil { + return nil, nil, err + } + cliConnections = append(cliConnections, arg) + case strings.Contains(arg, "::"): + location, err = ValidateImagePortion(location, arg) + if err != nil { + return nil, nil, err + } + location.Remote = true + cliConnections = append(cliConnections, arg) + default: + location.Image = arg + } + return &location, cliConnections, nil +} + +// validateImagePortion is a helper function to validate the image name in an SCP argument +func ValidateImagePortion(location entities.ImageScpOptions, arg string) (entities.ImageScpOptions, error) { + if RemoteArgLength(arg, 1) > 0 { + err := ValidateImageName(strings.Split(arg, "::")[1]) + if err != nil { + return location, err + } + location.Image = strings.Split(arg, "::")[1] // this will get checked/set again once we validate connections + } + return location, nil +} + +// validateSCPArgs takes the array of source and destination options and checks for common errors +func ValidateSCPArgs(locations []*entities.ImageScpOptions) error { + if len(locations) > 2 { + return errors.Wrapf(define.ErrInvalidArg, "cannot specify more than two arguments") + } + switch { + case len(locations[0].Image) > 0 && len(locations[1].Image) > 0: + locations[1].Tag = locations[1].Image + locations[1].Image = "" + case len(locations[0].Image) == 0 && len(locations[1].Image) == 0: + return errors.Wrapf(define.ErrInvalidArg, "a source image must be specified") + } + return nil +} + +// validateImageName makes sure that the image given is valid and no injections are occurring +// we simply use this for error checking, bot setting the image +func ValidateImageName(input string) error { + // ParseNormalizedNamed transforms a shortname image into its + // full name reference so busybox => docker.io/library/busybox + // we want to keep our shortnames, so only return an error if + // we cannot parse what the user has given us + _, err := reference.ParseNormalizedNamed(input) + return err +} + +// remoteArgLength is a helper function to simplify the extracting of host argument data +// returns an int which contains the length of a specified index in a host::image string +func RemoteArgLength(input string, side int) int { + if strings.Contains(input, "::") { + return len((strings.Split(input, "::"))[side]) + } + return -1 +} + +// ExecRemoteCommand takes a ssh client connection and a command to run and executes the +// command on the specified client. The function returns the Stdout from the client or the Stderr +func ExecRemoteCommand(dial *ssh.Client, run string) ([]byte, error) { + sess, err := dial.NewSession() // new ssh client session + if err != nil { + return nil, err + } + defer sess.Close() + + var buffer bytes.Buffer + var bufferErr bytes.Buffer + sess.Stdout = &buffer // output from client funneled into buffer + sess.Stderr = &bufferErr // err form client funneled into buffer + if err := sess.Run(run); err != nil { // run the command on the ssh client + return nil, errors.Wrapf(err, bufferErr.String()) + } + return buffer.Bytes(), nil +} + +func GetUserInfo(uri *url.URL) (*url.Userinfo, error) { + var ( + usr *user.User + err error + ) + if u, found := os.LookupEnv("_CONTAINERS_ROOTLESS_UID"); found { + usr, err = user.LookupId(u) + if err != nil { + return nil, errors.Wrapf(err, "failed to lookup rootless user") + } + } else { + usr, err = user.Current() + if err != nil { + return nil, errors.Wrapf(err, "failed to obtain current user") + } + } + + pw, set := uri.User.Password() + if set { + return url.UserPassword(usr.Username, pw), nil + } + return url.User(usr.Username), nil +} + +// ValidateAndConfigure will take a ssh url and an identity key (rsa and the like) and ensure the information given is valid +// iden iden can be blank to mean no identity key +// once the function validates the information it creates and returns an ssh.ClientConfig. +func ValidateAndConfigure(uri *url.URL, iden string) (*ssh.ClientConfig, error) { + var signers []ssh.Signer + passwd, passwdSet := uri.User.Password() + if iden != "" { // iden might be blank if coming from image scp or if no validation is needed + value := iden + s, err := terminal.PublicKey(value, []byte(passwd)) + if err != nil { + return nil, errors.Wrapf(err, "failed to read identity %q", value) + } + signers = append(signers, s) + logrus.Debugf("SSH Ident Key %q %s %s", value, ssh.FingerprintSHA256(s.PublicKey()), s.PublicKey().Type()) + } + if sock, found := os.LookupEnv("SSH_AUTH_SOCK"); found { // validate ssh information, specifically the unix file socket used by the ssh agent. + logrus.Debugf("Found SSH_AUTH_SOCK %q, ssh-agent signer enabled", sock) + + c, err := net.Dial("unix", sock) + if err != nil { + return nil, err + } + agentSigners, err := agent.NewClient(c).Signers() + if err != nil { + return nil, err + } + + signers = append(signers, agentSigners...) + + if logrus.IsLevelEnabled(logrus.DebugLevel) { + for _, s := range agentSigners { + logrus.Debugf("SSH Agent Key %s %s", ssh.FingerprintSHA256(s.PublicKey()), s.PublicKey().Type()) + } + } + } + var authMethods []ssh.AuthMethod // now we validate and check for the authorization methods, most notaibly public key authorization + if len(signers) > 0 { + var dedup = make(map[string]ssh.Signer) + for _, s := range signers { + fp := ssh.FingerprintSHA256(s.PublicKey()) + if _, found := dedup[fp]; found { + logrus.Debugf("Dedup SSH Key %s %s", ssh.FingerprintSHA256(s.PublicKey()), s.PublicKey().Type()) + } + dedup[fp] = s + } + + var uniq []ssh.Signer + for _, s := range dedup { + uniq = append(uniq, s) + } + authMethods = append(authMethods, ssh.PublicKeysCallback(func() ([]ssh.Signer, error) { + return uniq, nil + })) + } + if passwdSet { // if password authentication is given and valid, add to the list + authMethods = append(authMethods, ssh.Password(passwd)) + } + if len(authMethods) == 0 { + authMethods = append(authMethods, ssh.PasswordCallback(func() (string, error) { + pass, err := terminal.ReadPassword(fmt.Sprintf("%s's login password:", uri.User.Username())) + return string(pass), err + })) + } + tick, err := time.ParseDuration("40s") + if err != nil { + return nil, err + } + cfg := &ssh.ClientConfig{ + User: uri.User.Username(), + Auth: authMethods, + HostKeyCallback: ssh.InsecureIgnoreHostKey(), + Timeout: tick, + } + return cfg, nil +} diff --git a/pkg/domain/utils/utils_test.go b/pkg/domain/utils/utils_test.go index 952a4b5be..291567f6b 100644 --- a/pkg/domain/utils/utils_test.go +++ b/pkg/domain/utils/utils_test.go @@ -5,6 +5,7 @@ import ( "sort" "testing" + "github.com/containers/podman/v4/pkg/domain/entities" "github.com/stretchr/testify/assert" ) @@ -74,3 +75,41 @@ func TestToURLValues(t *testing.T) { }) } } + +func TestParseSCPArgs(t *testing.T) { + args := []string{"alpine", "root@localhost::"} + var source *entities.ImageScpOptions + var dest *entities.ImageScpOptions + var err error + source, _, err = ParseImageSCPArg(args[0]) + assert.Nil(t, err) + assert.Equal(t, source.Image, "alpine") + + dest, _, err = ParseImageSCPArg(args[1]) + assert.Nil(t, err) + assert.Equal(t, dest.Image, "") + assert.Equal(t, dest.User, "root") + + args = []string{"root@localhost::alpine"} + source, _, err = ParseImageSCPArg(args[0]) + assert.Nil(t, err) + assert.Equal(t, source.User, "root") + assert.Equal(t, source.Image, "alpine") + + args = []string{"charliedoern@192.168.68.126::alpine", "foobar@192.168.68.126::"} + source, _, err = ParseImageSCPArg(args[0]) + assert.Nil(t, err) + assert.True(t, source.Remote) + assert.Equal(t, source.Image, "alpine") + + dest, _, err = ParseImageSCPArg(args[1]) + assert.Nil(t, err) + assert.True(t, dest.Remote) + assert.Equal(t, dest.Image, "") + + args = []string{"charliedoern@192.168.68.126::alpine"} + source, _, err = ParseImageSCPArg(args[0]) + assert.Nil(t, err) + assert.True(t, source.Remote) + assert.Equal(t, source.Image, "alpine") +} diff --git a/pkg/errorhandling/errorhandling.go b/pkg/errorhandling/errorhandling.go index fc6772c08..9b456c9c0 100644 --- a/pkg/errorhandling/errorhandling.go +++ b/pkg/errorhandling/errorhandling.go @@ -1,11 +1,11 @@ package errorhandling import ( + "errors" "os" "strings" "github.com/hashicorp/go-multierror" - "github.com/pkg/errors" "github.com/sirupsen/logrus" ) @@ -121,3 +121,22 @@ func (e PodConflictErrorModel) Error() string { func (e PodConflictErrorModel) Code() int { return 409 } + +// Cause returns the most underlying error for the provided one. There is a +// maximum error depth of 100 to avoid endless loops. An additional error log +// message will be created if this maximum has reached. +func Cause(err error) (cause error) { + cause = err + + const maxDepth = 100 + for i := 0; i <= maxDepth; i++ { + res := errors.Unwrap(cause) + if res == nil { + return cause + } + cause = res + } + + logrus.Errorf("Max error depth of %d reached, cannot unwrap until root cause: %v", maxDepth, err) + return cause +} diff --git a/pkg/errorhandling/errorhandling_test.go b/pkg/errorhandling/errorhandling_test.go new file mode 100644 index 000000000..ec720c5e7 --- /dev/null +++ b/pkg/errorhandling/errorhandling_test.go @@ -0,0 +1,53 @@ +package errorhandling + +import ( + "errors" + "fmt" + "testing" + + "github.com/stretchr/testify/assert" +) + +func TestCause(t *testing.T) { + t.Parallel() + + for _, tc := range []struct { + name string + err func() error + expectedErr error + }{ + { + name: "nil error", + err: func() error { return nil }, + expectedErr: nil, + }, + { + name: "equal errors", + err: func() error { return errors.New("foo") }, + expectedErr: errors.New("foo"), + }, + { + name: "wrapped error", + err: func() error { return fmt.Errorf("baz: %w", fmt.Errorf("bar: %w", errors.New("foo"))) }, + expectedErr: errors.New("foo"), + }, + { + name: "max depth reached", + err: func() error { + err := errors.New("error") + for i := 0; i <= 101; i++ { + err = fmt.Errorf("%d: %w", i, err) + } + return err + }, + expectedErr: fmt.Errorf("0: %w", errors.New("error")), + }, + } { + tc := tc + t.Run(tc.name, func(t *testing.T) { + t.Parallel() + err := Cause(tc.err()) + assert.Equal(t, tc.expectedErr, err) + }) + } +} diff --git a/pkg/k8s.io/apimachinery/pkg/api/resource/amount.go b/pkg/k8s.io/apimachinery/pkg/api/resource/amount.go index d05984dac..69613321f 100644 --- a/pkg/k8s.io/apimachinery/pkg/api/resource/amount.go +++ b/pkg/k8s.io/apimachinery/pkg/api/resource/amount.go @@ -48,7 +48,7 @@ const ( var ( Zero = int64Amount{} - // Used by quantity strings - treat as read only + // Used by quantity strings - treat as read-only zeroBytes = []byte("0") ) diff --git a/pkg/k8s.io/apimachinery/pkg/api/resource/math.go b/pkg/k8s.io/apimachinery/pkg/api/resource/math.go index 9d03f5c05..59a4c14de 100644 --- a/pkg/k8s.io/apimachinery/pkg/api/resource/math.go +++ b/pkg/k8s.io/apimachinery/pkg/api/resource/math.go @@ -29,13 +29,13 @@ const ( ) var ( - // Commonly needed big.Int values-- treat as read only! + // Commonly needed big.Int values-- treat as read-only! bigTen = big.NewInt(10) bigZero = big.NewInt(0) bigOne = big.NewInt(1) big1024 = big.NewInt(1024) - // Commonly needed inf.Dec values-- treat as read only! + // Commonly needed inf.Dec values-- treat as read-only! decZero = inf.NewDec(0, 0) decOne = inf.NewDec(1, 0) diff --git a/pkg/machine/config_test.go b/pkg/machine/config_test.go index d9fc5425e..ca08660b9 100644 --- a/pkg/machine/config_test.go +++ b/pkg/machine/config_test.go @@ -1,3 +1,6 @@ +//go:build amd64 || arm64 +// +build amd64 arm64 + package machine import ( diff --git a/pkg/machine/keys.go b/pkg/machine/keys.go index 45d9801cc..463271427 100644 --- a/pkg/machine/keys.go +++ b/pkg/machine/keys.go @@ -4,14 +4,15 @@ package machine import ( - "errors" "fmt" + "io" "io/ioutil" "os" "os/exec" "path/filepath" "strings" + "github.com/pkg/errors" "github.com/sirupsen/logrus" ) @@ -51,7 +52,23 @@ func CreateSSHKeysPrefix(dir string, file string, passThru bool, skipExisting bo // generatekeys creates an ed25519 set of keys func generatekeys(writeLocation string) error { args := append(append([]string{}, sshCommand[1:]...), writeLocation) - return exec.Command(sshCommand[0], args...).Run() + cmd := exec.Command(sshCommand[0], args...) + stdErr, err := cmd.StderrPipe() + if err != nil { + return err + } + if err := cmd.Start(); err != nil { + return err + } + waitErr := cmd.Wait() + if waitErr == nil { + return nil + } + errMsg, err := io.ReadAll(stdErr) + if err != nil { + return fmt.Errorf("key generation failed, unable to read from stderr: %w", waitErr) + } + return fmt.Errorf("failed to generate keys: %s: %w", string(errMsg), waitErr) } // generatekeys creates an ed25519 set of keys diff --git a/pkg/machine/qemu/config.go b/pkg/machine/qemu/config.go index 56c95e3b3..bada1af9b 100644 --- a/pkg/machine/qemu/config.go +++ b/pkg/machine/qemu/config.go @@ -72,8 +72,10 @@ type MachineVM struct { Mounts []machine.Mount // Name of VM Name string - // PidFilePath is the where the PID file lives + // PidFilePath is the where the Proxy PID file lives PidFilePath machine.VMFile + // VMPidFilePath is the where the VM PID file lives + VMPidFilePath machine.VMFile // QMPMonitor is the qemu monitor object for sending commands QMPMonitor Monitor // ReadySocket tells host when vm is booted diff --git a/pkg/machine/qemu/config_test.go b/pkg/machine/qemu/config_test.go index 4d96ec6e7..72cb3ed90 100644 --- a/pkg/machine/qemu/config_test.go +++ b/pkg/machine/qemu/config_test.go @@ -1,3 +1,6 @@ +//go:build (amd64 && !windows) || (arm64 && !windows) +// +build amd64,!windows arm64,!windows + package qemu import ( diff --git a/pkg/machine/qemu/machine.go b/pkg/machine/qemu/machine.go index 3a1495021..7e9c786a9 100644 --- a/pkg/machine/qemu/machine.go +++ b/pkg/machine/qemu/machine.go @@ -32,6 +32,7 @@ import ( "github.com/docker/go-units" "github.com/pkg/errors" "github.com/sirupsen/logrus" + "golang.org/x/sys/unix" ) var ( @@ -107,6 +108,9 @@ func (p *Provider) NewMachine(opts machine.InitOptions) (machine.VM, error) { if err != nil { return nil, err } + if err := vm.setPIDSocket(); err != nil { + return nil, err + } cmd := []string{execPath} // Add memory cmd = append(cmd, []string{"-m", strconv.Itoa(int(vm.Memory))}...) @@ -135,11 +139,9 @@ func (p *Provider) NewMachine(opts machine.InitOptions) (machine.VM, error) { "-device", "virtio-serial", // qemu needs to establish the long name; other connections can use the symlink'd "-chardev", "socket,path=" + vm.ReadySocket.Path + ",server=on,wait=off,id=" + vm.Name + "_ready", - "-device", "virtserialport,chardev=" + vm.Name + "_ready" + ",name=org.fedoraproject.port.0"}...) + "-device", "virtserialport,chardev=" + vm.Name + "_ready" + ",name=org.fedoraproject.port.0", + "-pidfile", vm.VMPidFilePath.GetPath()}...) vm.CmdLine = cmd - if err := vm.setPIDSocket(); err != nil { - return nil, err - } return vm, nil } @@ -753,17 +755,17 @@ func (v *MachineVM) Stop(_ string, _ machine.StopOptions) error { if _, err := os.Stat(v.PidFilePath.GetPath()); os.IsNotExist(err) { return nil } - pidString, err := v.PidFilePath.Read() + proxyPidString, err := v.PidFilePath.Read() if err != nil { return err } - pidNum, err := strconv.Atoi(string(pidString)) + proxyPid, err := strconv.Atoi(string(proxyPidString)) if err != nil { return err } - p, err := os.FindProcess(pidNum) - if p == nil && err != nil { + proxyProc, err := os.FindProcess(proxyPid) + if proxyProc == nil && err != nil { return err } @@ -772,7 +774,7 @@ func (v *MachineVM) Stop(_ string, _ machine.StopOptions) error { return err } // Kill the process - if err := p.Kill(); err != nil { + if err := proxyProc.Kill(); err != nil { return err } // Remove the pidfile @@ -788,22 +790,50 @@ func (v *MachineVM) Stop(_ string, _ machine.StopOptions) error { // FIXME: this error should probably be returned return nil //nolint: nilerr } - disconnected = true - waitInternal := 250 * time.Millisecond - for i := 0; i < 5; i++ { - state, err := v.State(false) - if err != nil { - return err - } - if state != machine.Running { - break + + if err := v.ReadySocket.Delete(); err != nil { + return err + } + + if v.VMPidFilePath.GetPath() == "" { + // no vm pid file path means it's probably a machine created before we + // started using it, so we revert to the old way of waiting for the + // machine to stop + fmt.Println("Waiting for VM to stop running...") + waitInternal := 250 * time.Millisecond + for i := 0; i < 5; i++ { + state, err := v.State(false) + if err != nil { + return err + } + if state != machine.Running { + break + } + time.Sleep(waitInternal) + waitInternal *= 2 } - time.Sleep(waitInternal) - waitInternal *= 2 + // after the machine stops running it normally takes about 1 second for the + // qemu VM to exit so we wait a bit to try to avoid issues + time.Sleep(2 * time.Second) + return nil + } + + vmPidString, err := v.VMPidFilePath.Read() + if err != nil { + return err + } + vmPid, err := strconv.Atoi(strings.TrimSpace(string(vmPidString))) + if err != nil { + return err } - return v.ReadySocket.Delete() + fmt.Println("Waiting for VM to exit...") + for isProcessAlive(vmPid) { + time.Sleep(500 * time.Millisecond) + } + + return nil } // NewQMPMonitor creates the monitor subsection of our vm @@ -896,8 +926,11 @@ func (v *MachineVM) Remove(_ string, opts machine.RemoveOptions) (string, func() // remove socket and pid file if any: warn at low priority if things fail // Remove the pidfile + if err := v.VMPidFilePath.Delete(); err != nil { + logrus.Debugf("Error while removing VM pidfile: %v", err) + } if err := v.PidFilePath.Delete(); err != nil { - logrus.Debugf("Error while removing pidfile: %v", err) + logrus.Debugf("Error while removing proxy pidfile: %v", err) } // Remove socket if err := v.QMPMonitor.Address.Delete(); err != nil { @@ -930,7 +963,12 @@ func (v *MachineVM) State(bypass bool) (machine.Status, error) { } monitor, err := qmp.NewSocketMonitor(v.QMPMonitor.Network, v.QMPMonitor.Address.GetPath(), v.QMPMonitor.Timeout) if err != nil { - // FIXME: this error should probably be returned + // If an improper cleanup was done and the socketmonitor was not deleted, + // it can appear as though the machine state is not stopped. Check for ECONNREFUSED + // almost assures us that the vm is stopped. + if errors.Is(err, syscall.ECONNREFUSED) { + return machine.Stopped, nil + } return "", err } if err := monitor.Connect(); err != nil { @@ -975,7 +1013,7 @@ func (v *MachineVM) SSH(_ string, opts machine.SSHOptions) error { port := strconv.Itoa(v.Port) args := []string{"-i", v.IdentityPath, "-p", port, sshDestination, "-o", "UserKnownHostsFile=/dev/null", - "-o", "StrictHostKeyChecking=no", "-o", "LogLevel=ERROR"} + "-o", "StrictHostKeyChecking=no", "-o", "LogLevel=ERROR", "-o", "SetEnv=LC_ALL="} if len(opts.Args) > 0 { args = append(args, opts.Args...) } else { @@ -1305,13 +1343,19 @@ func (v *MachineVM) setPIDSocket() error { if !rootless.IsRootless() { rtPath = "/run" } - pidFileName := fmt.Sprintf("%s.pid", v.Name) socketDir := filepath.Join(rtPath, "podman") - pidFilePath, err := machine.NewMachineFile(filepath.Join(socketDir, pidFileName), &pidFileName) + vmPidFileName := fmt.Sprintf("%s_vm.pid", v.Name) + proxyPidFileName := fmt.Sprintf("%s_proxy.pid", v.Name) + vmPidFilePath, err := machine.NewMachineFile(filepath.Join(socketDir, vmPidFileName), &vmPidFileName) + if err != nil { + return err + } + proxyPidFilePath, err := machine.NewMachineFile(filepath.Join(socketDir, proxyPidFileName), &proxyPidFileName) if err != nil { return err } - v.PidFilePath = *pidFilePath + v.VMPidFilePath = *vmPidFilePath + v.PidFilePath = *proxyPidFilePath return nil } @@ -1648,3 +1692,12 @@ func (p *Provider) RemoveAndCleanMachines() error { } return prevErr } + +func isProcessAlive(pid int) bool { + err := unix.Kill(pid, syscall.Signal(0)) + if err == nil || err == unix.EPERM { + return true + } + + return false +} diff --git a/pkg/machine/qemu/machine_test.go b/pkg/machine/qemu/machine_test.go index 62ca6068a..4c393d0f4 100644 --- a/pkg/machine/qemu/machine_test.go +++ b/pkg/machine/qemu/machine_test.go @@ -1,3 +1,6 @@ +//go:build (amd64 && !windows) || (arm64 && !windows) +// +build amd64,!windows arm64,!windows + package qemu import ( diff --git a/pkg/specgen/generate/container.go b/pkg/specgen/generate/container.go index 30c759495..8fdd87adf 100644 --- a/pkg/specgen/generate/container.go +++ b/pkg/specgen/generate/container.go @@ -38,10 +38,19 @@ func getImageFromSpec(ctx context.Context, r *libpod.Runtime, s *specgen.SpecGen } // Need to look up image. - image, resolvedName, err := r.LibimageRuntime().LookupImage(s.Image, nil) + lookupOptions := &libimage.LookupImageOptions{ManifestList: true} + image, resolvedName, err := r.LibimageRuntime().LookupImage(s.Image, lookupOptions) if err != nil { return nil, "", nil, err } + manifestList, err := image.ToManifestList() + // only process if manifest list found otherwise expect it to be regular image + if err == nil { + image, err = manifestList.LookupInstance(ctx, s.ImageArch, s.ImageOS, s.ImageVariant) + if err != nil { + return nil, "", nil, err + } + } s.SetImage(image, resolvedName) inspectData, err := image.Inspect(ctx, nil) if err != nil { diff --git a/pkg/specgen/generate/kube/kube.go b/pkg/specgen/generate/kube/kube.go index 689c740f0..39e15f950 100644 --- a/pkg/specgen/generate/kube/kube.go +++ b/pkg/specgen/generate/kube/kube.go @@ -810,8 +810,8 @@ func envVarValueResourceFieldRef(env v1.EnvVar, opts *CtrSpecGenOptions) (*strin } // k8s rounds up the result to the nearest integer - intValue := int(math.Ceil(value.AsApproximateFloat64() / divisor.AsApproximateFloat64())) - stringValue := strconv.Itoa(intValue) + intValue := int64(math.Ceil(value.AsApproximateFloat64() / divisor.AsApproximateFloat64())) + stringValue := strconv.FormatInt(intValue, 10) return &stringValue, nil } diff --git a/pkg/specgen/generate/kube/play_test.go b/pkg/specgen/generate/kube/play_test.go index e01d62b08..466dab610 100644 --- a/pkg/specgen/generate/kube/play_test.go +++ b/pkg/specgen/generate/kube/play_test.go @@ -2,7 +2,6 @@ package kube import ( "encoding/json" - "fmt" "math" "runtime" "strconv" @@ -777,8 +776,7 @@ func TestEnvVarValue(t *testing.T) { if test.expected == nilString { assert.Nil(t, result) } else { - fmt.Println(*result, test.expected) - assert.Equal(t, &(test.expected), result) + assert.Equal(t, test.expected, *result) } }) } diff --git a/pkg/specgen/specgen.go b/pkg/specgen/specgen.go index 79e20667b..42b89ece1 100644 --- a/pkg/specgen/specgen.go +++ b/pkg/specgen/specgen.go @@ -103,6 +103,12 @@ type ContainerBasicConfig struct { // RawImageName is the user-specified and unprocessed input referring // to a local or a remote image. RawImageName string `json:"raw_image_name,omitempty"` + // ImageOS is the user-specified image OS + ImageOS string `json:"image_os,omitempty"` + // ImageArch is the user-specified image architecture + ImageArch string `json:"image_arch,omitempty"` + // ImageVariant is the user-specified image variant + ImageVariant string `json:"image_variant,omitempty"` // RestartPolicy is the container's restart policy - an action which // will be taken when the container exits. // If not given, the default policy, which does nothing, will be used. diff --git a/pkg/specgen/volumes.go b/pkg/specgen/volumes.go index f272a5c11..c9f944abf 100644 --- a/pkg/specgen/volumes.go +++ b/pkg/specgen/volumes.go @@ -37,7 +37,7 @@ type OverlayVolume struct { // ImageVolume is a volume based on a container image. The container image is // first mounted on the host and is then bind-mounted into the container. An -// ImageVolume is always mounted read only. +// ImageVolume is always mounted read-only. type ImageVolume struct { // Source is the source of the image volume. The image can be referred // to by name and by ID. @@ -139,7 +139,13 @@ func GenVolumeMounts(volumeFlag []string) (map[string]spec.Mount, map[string]*Na // This is a overlay volume newOverlayVol := new(OverlayVolume) newOverlayVol.Destination = dest - newOverlayVol.Source = src + // convert src to absolute path so we don't end up passing + // relative values as lowerdir for overlay mounts + source, err := filepath.Abs(src) + if err != nil { + return nil, nil, nil, errors.Wrapf(err, "failed while resolving absolute path for source %v for overlay mount", src) + } + newOverlayVol.Source = source newOverlayVol.Options = options if _, ok := overlayVolumes[newOverlayVol.Destination]; ok { diff --git a/pkg/specgenutil/specgen.go b/pkg/specgenutil/specgen.go index ab45a8d47..8ad0a92e7 100644 --- a/pkg/specgenutil/specgen.go +++ b/pkg/specgenutil/specgen.go @@ -1134,17 +1134,21 @@ func parseLinuxResourcesDeviceAccess(device string) (specs.LinuxDeviceCgroup, er } number := strings.SplitN(value[1], ":", 2) - i, err := strconv.ParseInt(number[0], 10, 64) - if err != nil { - return specs.LinuxDeviceCgroup{}, err + if number[0] != "*" { + i, err := strconv.ParseUint(number[0], 10, 64) + if err != nil { + return specs.LinuxDeviceCgroup{}, err + } + m := int64(i) + major = &m } - major = &i if len(number) == 2 && number[1] != "*" { - i, err := strconv.ParseInt(number[1], 10, 64) + i, err := strconv.ParseUint(number[1], 10, 64) if err != nil { return specs.LinuxDeviceCgroup{}, err } - minor = &i + m := int64(i) + minor = &m } access = value[2] for _, c := range strings.Split(access, "") { diff --git a/pkg/specgenutil/specgenutil_test.go b/pkg/specgenutil/specgenutil_test.go index 5867b0ae0..fb2743f17 100644 --- a/pkg/specgenutil/specgenutil_test.go +++ b/pkg/specgenutil/specgenutil_test.go @@ -75,3 +75,82 @@ func TestWinPath(t *testing.T) { } } } + +func TestParseLinuxResourcesDeviceAccess(t *testing.T) { + d, err := parseLinuxResourcesDeviceAccess("a *:* rwm") + assert.Nil(t, err, "err is nil") + assert.True(t, d.Allow, "allow is true") + assert.Equal(t, d.Type, "a", "type is 'a'") + assert.Nil(t, d.Minor, "minor is nil") + assert.Nil(t, d.Major, "major is nil") + + d, err = parseLinuxResourcesDeviceAccess("b 3:* rwm") + assert.Nil(t, err, "err is nil") + assert.True(t, d.Allow, "allow is true") + assert.Equal(t, d.Type, "b", "type is 'b'") + assert.Nil(t, d.Minor, "minor is nil") + assert.NotNil(t, d.Major, "major is not nil") + assert.Equal(t, *d.Major, int64(3), "major is 3") + + d, err = parseLinuxResourcesDeviceAccess("a *:3 rwm") + assert.Nil(t, err, "err is nil") + assert.True(t, d.Allow, "allow is true") + assert.Equal(t, d.Type, "a", "type is 'a'") + assert.Nil(t, d.Major, "major is nil") + assert.NotNil(t, d.Minor, "minor is not nil") + assert.Equal(t, *d.Minor, int64(3), "minor is 3") + + d, err = parseLinuxResourcesDeviceAccess("c 1:2 rwm") + assert.Nil(t, err, "err is nil") + assert.True(t, d.Allow, "allow is true") + assert.Equal(t, d.Type, "c", "type is 'c'") + assert.NotNil(t, d.Major, "minor is not nil") + assert.Equal(t, *d.Major, int64(1), "minor is 1") + assert.NotNil(t, d.Minor, "minor is not nil") + assert.Equal(t, *d.Minor, int64(2), "minor is 2") + + _, err = parseLinuxResourcesDeviceAccess("q *:* rwm") + assert.NotNil(t, err, "err is not nil") + + _, err = parseLinuxResourcesDeviceAccess("a a:* rwm") + assert.NotNil(t, err, "err is not nil") + + _, err = parseLinuxResourcesDeviceAccess("a *:a rwm") + assert.NotNil(t, err, "err is not nil") + + _, err = parseLinuxResourcesDeviceAccess("a *:* abc") + assert.NotNil(t, err, "err is not nil") + + _, err = parseLinuxResourcesDeviceAccess("* *:* *") + assert.NotNil(t, err, "err is not nil") + + _, err = parseLinuxResourcesDeviceAccess("* *:a2 *") + assert.NotNil(t, err, "err is not nil") + + _, err = parseLinuxResourcesDeviceAccess("*") + assert.NotNil(t, err, "err is not nil") + + _, err = parseLinuxResourcesDeviceAccess("*:*") + assert.NotNil(t, err, "err is not nil") + + _, err = parseLinuxResourcesDeviceAccess("a *:*") + assert.NotNil(t, err, "err is not nil") + + _, err = parseLinuxResourcesDeviceAccess("a *:*") + assert.NotNil(t, err, "err is not nil") + + _, err = parseLinuxResourcesDeviceAccess("a 12a:* r") + assert.NotNil(t, err, "err is not nil") + + _, err = parseLinuxResourcesDeviceAccess("a a12:* r") + assert.NotNil(t, err, "err is not nil") + + _, err = parseLinuxResourcesDeviceAccess("a 0x1:* r") + assert.NotNil(t, err, "err is not nil") + + _, err = parseLinuxResourcesDeviceAccess("a -2:* r") + assert.NotNil(t, err, "err is not nil") + + _, err = parseLinuxResourcesDeviceAccess("a *:-3 r") + assert.NotNil(t, err, "err is not nil") +} diff --git a/pkg/specgenutil/volumes.go b/pkg/specgenutil/volumes.go index 50d745380..016166a20 100644 --- a/pkg/specgenutil/volumes.go +++ b/pkg/specgenutil/volumes.go @@ -605,7 +605,7 @@ func getNamedVolume(args []string) (*specgen.NamedVolume, error) { // Parse the arguments into an image volume. An image volume is a volume based // on a container image. The container image is first mounted on the host and // is then bind-mounted into the container. An ImageVolume is always mounted -// read only. +// read-only. func getImageVolume(args []string) (*specgen.ImageVolume, error) { newVolume := new(specgen.ImageVolume) diff --git a/pkg/util/mountOpts.go b/pkg/util/mountOpts.go index e37394619..d1dd75a82 100644 --- a/pkg/util/mountOpts.go +++ b/pkg/util/mountOpts.go @@ -25,7 +25,7 @@ type defaultMountOptions struct { // The sourcePath variable, if not empty, contains a bind mount source. func ProcessOptions(options []string, isTmpfs bool, sourcePath string) ([]string, error) { var ( - foundWrite, foundSize, foundProp, foundMode, foundExec, foundSuid, foundDev, foundCopyUp, foundBind, foundZ, foundU, foundOverlay, foundIdmap bool + foundWrite, foundSize, foundProp, foundMode, foundExec, foundSuid, foundDev, foundCopyUp, foundBind, foundZ, foundU, foundOverlay, foundIdmap, foundCopy bool ) newOptions := make([]string, 0, len(options)) @@ -55,6 +55,11 @@ func ProcessOptions(options []string, isTmpfs bool, sourcePath string) ([]string } switch splitOpt[0] { + case "copy", "nocopy": + if foundCopy { + return nil, errors.Wrapf(ErrDupeMntOption, "only one of 'nocopy' and 'copy' can be used") + } + foundCopy = true case "O": foundOverlay = true case "volume-opt": diff --git a/podman.spec.rpkg b/podman.spec.rpkg index c9127c2d9..30653b658 100644 --- a/podman.spec.rpkg +++ b/podman.spec.rpkg @@ -226,13 +226,13 @@ done %{_unitdir}/%{name}.service %{_unitdir}/%{name}.socket %{_unitdir}/%{name}-restart.service -%{_unitdir}/%{name}-play-kube@.service +%{_unitdir}/%{name}-kube@.service %{_userunitdir}/%{name}-auto-update.service %{_userunitdir}/%{name}-auto-update.timer %{_userunitdir}/%{name}.service %{_userunitdir}/%{name}.socket %{_userunitdir}/%{name}-restart.service -%{_userunitdir}/%{name}-play-kube@.service +%{_userunitdir}/%{name}-kube@.service %{_tmpfilesdir}/%{name}.conf %if 0%{?fedora} >= 36 %{_modulesloaddir}/%{name}-iptables.conf diff --git a/test/apiv2/12-imagesMore.at b/test/apiv2/12-imagesMore.at index 57d5e114d..fc18dd2d7 100644 --- a/test/apiv2/12-imagesMore.at +++ b/test/apiv2/12-imagesMore.at @@ -56,4 +56,17 @@ t GET libpod/images/$IMAGE/json 200 \ t DELETE libpod/images/$IMAGE 200 \ .ExitCode=0 +podman pull -q $IMAGE + +# test podman image SCP +# ssh needs to work so we can validate that the failure is past argument parsing +podman system connection add --default test ssh://$USER@localhost/run/user/$UID/podman/podman.sock +# should fail but need to check the output... +# status 125 here means that the save/load fails due to +# cirrus weirdness with exec.Command. All of the args have been parsed sucessfully. +t POST "libpod/images/scp/$IMAGE?destination=QA::" 500 \ + .cause="exit status 125" +t DELETE libpod/images/$IMAGE 200 \ + .ExitCode=0 + stop_registry diff --git a/test/apiv2/20-containers.at b/test/apiv2/20-containers.at index cfd6aab33..6ef4ef917 100644 --- a/test/apiv2/20-containers.at +++ b/test/apiv2/20-containers.at @@ -502,3 +502,27 @@ done stop_service start_service + +# Our states are different from Docker's. +# Regression test for #14700 (Docker compat returning unknown "initialized" for status.status) to ensure the stay compatible +podman create --name status-test $IMAGE sh -c "sleep 3" +t GET containers/status-test/json 200 .State.Status="created" + +podman init status-test +t GET containers/status-test/json 200 .State.Status="created" + +podman start status-test +t GET containers/status-test/json 200 .State.Status="running" + +podman pause status-test +t GET containers/status-test/json 200 .State.Status="paused" + +podman unpause status-test +t GET containers/status-test/json 200 .State.Status="running" + +podman stop status-test & +sleep 1 +t GET containers/status-test/json 200 .State.Status="stopping" + +sleep 3 +t GET containers/status-test/json 200 .State.Status="exited" diff --git a/test/apiv2/test-apiv2 b/test/apiv2/test-apiv2 index 25f648d93..8548d84e5 100755 --- a/test/apiv2/test-apiv2 +++ b/test/apiv2/test-apiv2 @@ -23,6 +23,8 @@ REGISTRY_IMAGE="${PODMAN_TEST_IMAGE_REGISTRY}/${PODMAN_TEST_IMAGE_USER}/registry ############################################################################### # BEGIN setup +USER=$PODMAN_ROOTLESS_USER +UID=$PODMAN_ROOTLESS_UID TMPDIR=${TMPDIR:-/tmp} WORKDIR=$(mktemp --tmpdir -d $ME.tmp.XXXXXX) diff --git a/test/e2e/build/Containerfile.with-platform b/test/e2e/build/Containerfile.with-platform new file mode 100644 index 000000000..3bb585a0a --- /dev/null +++ b/test/e2e/build/Containerfile.with-platform @@ -0,0 +1 @@ +FROM --platform=$TARGETPLATFORM alpine diff --git a/test/e2e/checkpoint_test.go b/test/e2e/checkpoint_test.go index 1fa67e9ba..be976207e 100644 --- a/test/e2e/checkpoint_test.go +++ b/test/e2e/checkpoint_test.go @@ -1555,6 +1555,93 @@ var _ = Describe("Podman checkpoint", func() { os.Remove(fileName) }) + It("podman checkpoint container with export and verify non-default runtime", func() { + SkipIfRemote("podman-remote does not support --runtime flag") + // This test triggers the edge case where: + // 1. Default runtime is crun + // 2. Container is created with runc + // 3. Checkpoint without setting --runtime into archive + // 4. Restore without setting --runtime from archive + // It should be expected that podman identifies runtime + // from the checkpoint archive. + + // Prevent --runtime arg from being set to force using default + // runtime unless explicitly set through passed args. + preservedMakeOptions := podmanTest.PodmanMakeOptions + podmanTest.PodmanMakeOptions = func(args []string, noEvents, noCache bool) []string { + defaultArgs := preservedMakeOptions(args, noEvents, noCache) + for i := range args { + // Runtime is set explicitly, so we should keep --runtime arg. + if args[i] == "--runtime" { + return defaultArgs + } + } + updatedArgs := make([]string, 0) + for i := 0; i < len(defaultArgs); i++ { + // Remove --runtime arg, letting podman fall back to its default + if defaultArgs[i] == "--runtime" { + i++ + } else { + updatedArgs = append(updatedArgs, defaultArgs[i]) + } + } + return updatedArgs + } + + for _, runtime := range []string{"runc", "crun"} { + if err := exec.Command(runtime, "--help").Run(); err != nil { + Skip(fmt.Sprintf("%s not found in PATH; this test requires both runc and crun", runtime)) + } + } + + // Detect default runtime + session := podmanTest.Podman([]string{"info", "--format", "{{.Host.OCIRuntime.Name}}"}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + if defaultRuntime := session.OutputToString(); defaultRuntime != "crun" { + Skip(fmt.Sprintf("Default runtime is %q; this test requires crun to be default", defaultRuntime)) + } + + // Force non-default runtime "runc" + localRunString := getRunString([]string{"--runtime", "runc", "--rm", ALPINE, "top"}) + session = podmanTest.Podman(localRunString) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + Expect(podmanTest.NumberOfContainersRunning()).To(Equal(1)) + cid := session.OutputToString() + + session = podmanTest.Podman([]string{"inspect", "--format", "{{.OCIRuntime}}", cid}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + Expect(session.OutputToString()).To(Equal("runc")) + + checkpointExportPath := "/tmp/checkpoint-" + cid + ".tar.gz" + + session = podmanTest.Podman([]string{"container", "checkpoint", cid, "-e", checkpointExportPath}) + session.WaitWithDefaultTimeout() + // As the container has been started with '--rm' it will be completely + // cleaned up after checkpointing. + Expect(session).Should(Exit(0)) + fixmeFixme14653(podmanTest, cid) + Expect(podmanTest.NumberOfContainersRunning()).To(Equal(0)) + Expect(podmanTest.NumberOfContainers()).To(Equal(0)) + + session = podmanTest.Podman([]string{"container", "restore", "-i", checkpointExportPath}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + Expect(podmanTest.NumberOfContainersRunning()).To(Equal(1)) + Expect(podmanTest.GetContainerStatus()).To(ContainSubstring("Up")) + + // The restored container should have the same runtime as the original container + session = podmanTest.Podman([]string{"inspect", "--format", "{{.OCIRuntime}}", cid}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + Expect(session.OutputToString()).To(Equal("runc")) + + // Remove exported checkpoint + os.Remove(checkpointExportPath) + }) + It("podman checkpoint container with export and try to change the runtime", func() { SkipIfRemote("podman-remote does not support --runtime flag") // This test will only run if runc and crun both exist diff --git a/test/e2e/common_test.go b/test/e2e/common_test.go index 261db8a9a..2fc967718 100644 --- a/test/e2e/common_test.go +++ b/test/e2e/common_test.go @@ -2,6 +2,7 @@ package integration import ( "bytes" + "errors" "fmt" "io/ioutil" "math/rand" @@ -30,7 +31,6 @@ import ( . "github.com/onsi/ginkgo" . "github.com/onsi/gomega" . "github.com/onsi/gomega/gexec" - "github.com/pkg/errors" "github.com/sirupsen/logrus" ) @@ -618,14 +618,14 @@ func (p *PodmanTestIntegration) RunHealthCheck(cid string) error { restart := p.Podman([]string{"restart", cid}) restart.WaitWithDefaultTimeout() if restart.ExitCode() != 0 { - return errors.Errorf("unable to restart %s", cid) + return fmt.Errorf("unable to restart %s", cid) } } } fmt.Printf("Waiting for %s to pass healthcheck\n", cid) time.Sleep(1 * time.Second) } - return errors.Errorf("unable to detect %s as running", cid) + return fmt.Errorf("unable to detect %s as running", cid) } func (p *PodmanTestIntegration) CreateSeccompJSON(in []byte) (string, error) { @@ -1042,18 +1042,15 @@ var IPRegex = `(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\.(25[0-5]|2[0-4][0-9]|[01 // digShort execs into the given container and does a dig lookup with a timeout // backoff. If it gets a response, it ensures that the output is in the correct // format and iterates a string array for match -func digShort(container, lookupName string, matchNames []string, p *PodmanTestIntegration) { +func digShort(container, lookupName, expectedIP string, p *PodmanTestIntegration) { digInterval := time.Millisecond * 250 for i := 0; i < 6; i++ { time.Sleep(digInterval * time.Duration(i)) dig := p.Podman([]string{"exec", container, "dig", "+short", lookupName}) dig.WaitWithDefaultTimeout() - if dig.ExitCode() == 0 { - output := dig.OutputToString() - Expect(output).To(MatchRegexp(IPRegex)) - for _, name := range matchNames { - Expect(output).To(Equal(name)) - } + output := dig.OutputToString() + if dig.ExitCode() == 0 && output != "" { + Expect(output).To(Equal(expectedIP)) // success return } diff --git a/test/e2e/image_scp_test.go b/test/e2e/image_scp_test.go index 53681f05b..77fe810bd 100644 --- a/test/e2e/image_scp_test.go +++ b/test/e2e/image_scp_test.go @@ -50,18 +50,12 @@ var _ = Describe("podman image scp", func() { }) It("podman image scp bogus image", func() { - if IsRemote() { - Skip("this test is only for non-remote") - } scp := podmanTest.Podman([]string{"image", "scp", "FOOBAR"}) scp.WaitWithDefaultTimeout() Expect(scp).Should(ExitWithError()) }) It("podman image scp with proper connection", func() { - if IsRemote() { - Skip("this test is only for non-remote") - } cmd := []string{"system", "connection", "add", "--default", "QA", @@ -86,7 +80,10 @@ var _ = Describe("podman image scp", func() { // This tests that the input we are given is validated and prepared correctly // The error given should either be a missing image (due to testing suite complications) or a no such host timeout on ssh Expect(scp).Should(ExitWithError()) - Expect(scp.ErrorToString()).Should(ContainSubstring("no such host")) + // podman-remote exits with a different error + if !IsRemote() { + Expect(scp.ErrorToString()).Should(ContainSubstring("no such host")) + } }) diff --git a/test/e2e/manifest_test.go b/test/e2e/manifest_test.go index 2fffc9118..06dbbb539 100644 --- a/test/e2e/manifest_test.go +++ b/test/e2e/manifest_test.go @@ -405,4 +405,32 @@ var _ = Describe("Podman manifest", func() { session.WaitWithDefaultTimeout() Expect(session).Should(Exit(0)) }) + + It("manifest rm should not remove image and should be able to remove tagged manifest list", func() { + // manifest rm should fail with `image is not a manifest list` + session := podmanTest.Podman([]string{"manifest", "rm", ALPINE}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(125)) + Expect(session.ErrorToString()).To(ContainSubstring("image is not a manifest list")) + + manifestName := "testmanifest:sometag" + session = podmanTest.Podman([]string{"manifest", "create", manifestName}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + + // verify if manifest exists + session = podmanTest.Podman([]string{"manifest", "exists", manifestName}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + + // manifest rm should be able to remove tagged manifest list + session = podmanTest.Podman([]string{"manifest", "rm", manifestName}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + + // verify that manifest should not exist + session = podmanTest.Podman([]string{"manifest", "exists", manifestName}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(1)) + }) }) diff --git a/test/e2e/play_kube_test.go b/test/e2e/play_kube_test.go index 61f2b3a1c..de4e4bfac 100644 --- a/test/e2e/play_kube_test.go +++ b/test/e2e/play_kube_test.go @@ -2507,7 +2507,7 @@ spec: Expect(kube).To(ExitWithError()) }) - It("podman play kube test with read only HostPath volume", func() { + It("podman play kube test with read-only HostPath volume", func() { hostPathLocation := filepath.Join(tempdir, "file") f, err := os.Create(hostPathLocation) Expect(err).To(BeNil()) diff --git a/test/e2e/pod_create_test.go b/test/e2e/pod_create_test.go index a48193e90..e463862f5 100644 --- a/test/e2e/pod_create_test.go +++ b/test/e2e/pod_create_test.go @@ -899,27 +899,6 @@ ENTRYPOINT ["sleep","99999"] }) - It("podman pod create --device-read-bps", func() { - SkipIfRootless("Cannot create devices in /dev in rootless mode") - SkipIfRootlessCgroupsV1("Setting device-read-bps not supported on cgroupv1 for rootless users") - - podName := "testPod" - session := podmanTest.Podman([]string{"pod", "create", "--device-read-bps", "/dev/zero:1mb", "--name", podName}) - session.WaitWithDefaultTimeout() - Expect(session).Should(Exit(0)) - - if CGROUPSV2 { - session = podmanTest.Podman([]string{"run", "--rm", "--pod", podName, ALPINE, "sh", "-c", "cat /sys/fs/cgroup/$(sed -e 's|0::||' < /proc/self/cgroup)/io.max"}) - } else { - session = podmanTest.Podman([]string{"run", "--rm", "--pod", podName, ALPINE, "cat", "/sys/fs/cgroup/blkio/blkio.throttle.read_bps_device"}) - } - session.WaitWithDefaultTimeout() - Expect(session).Should(Exit(0)) - if !CGROUPSV2 { - Expect(session.OutputToString()).To(ContainSubstring("1048576")) - } - }) - It("podman pod create --volumes-from", func() { volName := "testVol" volCreate := podmanTest.Podman([]string{"volume", "create", volName}) diff --git a/test/e2e/run_aardvark_test.go b/test/e2e/run_aardvark_test.go index 25eb8b538..4a5800d04 100644 --- a/test/e2e/run_aardvark_test.go +++ b/test/e2e/run_aardvark_test.go @@ -53,7 +53,7 @@ var _ = Describe("Podman run networking", func() { cip := ctrIP.OutputToString() Expect(cip).To(MatchRegexp(IPRegex)) - digShort(cid, "aone", []string{cip}, podmanTest) + digShort(cid, "aone", cip, podmanTest) reverseLookup := podmanTest.Podman([]string{"exec", cid, "dig", "+short", "-x", cip}) reverseLookup.WaitWithDefaultTimeout() @@ -94,9 +94,9 @@ var _ = Describe("Podman run networking", func() { cip2 := ctrIP2.OutputToString() Expect(cip2).To(MatchRegexp(IPRegex)) - digShort("aone", "atwo", []string{cip2}, podmanTest) + digShort("aone", "atwo", cip2, podmanTest) - digShort("atwo", "aone", []string{cip1}, podmanTest) + digShort("atwo", "aone", cip1, podmanTest) reverseLookup12 := podmanTest.Podman([]string{"exec", cid1, "dig", "+short", "-x", cip2}) reverseLookup12.WaitWithDefaultTimeout() @@ -143,17 +143,17 @@ var _ = Describe("Podman run networking", func() { cip2 := ctrIP2.OutputToString() Expect(cip2).To(MatchRegexp(IPRegex)) - digShort("aone", "atwo", []string{cip2}, podmanTest) + digShort("aone", "atwo", cip2, podmanTest) - digShort("aone", "alias_a2", []string{cip2}, podmanTest) + digShort("aone", "alias_a2", cip2, podmanTest) - digShort("aone", "alias_2a", []string{cip2}, podmanTest) + digShort("aone", "alias_2a", cip2, podmanTest) - digShort("atwo", "aone", []string{cip1}, podmanTest) + digShort("atwo", "aone", cip1, podmanTest) - digShort("atwo", "alias_a1", []string{cip1}, podmanTest) + digShort("atwo", "alias_a1", cip1, podmanTest) - digShort("atwo", "alias_1a", []string{cip1}, podmanTest) + digShort("atwo", "alias_1a", cip1, podmanTest) }) @@ -250,13 +250,13 @@ var _ = Describe("Podman run networking", func() { cipA2B22 := ctrIPA2B22.OutputToString() Expect(cipA2B22).To(MatchRegexp(IPRegex)) - digShort("aone", "atwobtwo", []string{cipA2B21}, podmanTest) + digShort("aone", "atwobtwo", cipA2B21, podmanTest) - digShort("bone", "atwobtwo", []string{cipA2B22}, podmanTest) + digShort("bone", "atwobtwo", cipA2B22, podmanTest) - digShort("atwobtwo", "aone", []string{cipA1}, podmanTest) + digShort("atwobtwo", "aone", cipA1, podmanTest) - digShort("atwobtwo", "bone", []string{cipB1}, podmanTest) + digShort("atwobtwo", "bone", cipB1, podmanTest) }) It("Aardvark Test 6: Three subnets, first container on 1/2 and second on 2/3, w/ network aliases", func() { @@ -304,10 +304,9 @@ var _ = Describe("Podman run networking", func() { Expect(ctrIPCB2).Should(Exit(0)) cipCB2 := ctrIPCB2.OutputToString() - digShort("aone", "testB2_nw", []string{cipCB2}, podmanTest) - - digShort("cone", "testB1_nw", []string{cipAB1}, podmanTest) + digShort("aone", "testB2_nw", cipCB2, podmanTest) + digShort("cone", "testB1_nw", cipAB1, podmanTest) }) }) diff --git a/test/e2e/run_test.go b/test/e2e/run_test.go index 828e92170..2aa5a78db 100644 --- a/test/e2e/run_test.go +++ b/test/e2e/run_test.go @@ -73,6 +73,28 @@ var _ = Describe("Podman run", func() { Expect(session.OutputToString()).To(ContainSubstring("graphRootMounted=1")) }) + It("podman run from manifest list", func() { + session := podmanTest.Podman([]string{"manifest", "create", "localhost/test:latest"}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + + session = podmanTest.Podman([]string{"build", "-f", "build/Containerfile.with-platform", "--platform", "linux/amd64,linux/arm64", "--manifest", "localhost/test:latest"}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + + session = podmanTest.Podman([]string{"run", "--platform", "linux/arm64", "localhost/test", "uname", "-a"}) + session.WaitWithDefaultTimeout() + exitCode := session.ExitCode() + // CI could either support requested platform or not, if it supports then output should contain `aarch64` + // if not run should fail with a very specific error i.e `Exec format error` anything other than this should + // be marked as failure of test. + if exitCode == 0 { + Expect(session.OutputToString()).To(ContainSubstring("aarch64")) + } else { + Expect(session.ErrorToString()).To(ContainSubstring("Exec format error")) + } + }) + It("podman run a container based on a complex local image name", func() { imageName := strings.TrimPrefix(nginx, "quay.io/") session := podmanTest.Podman([]string{"run", imageName, "ls"}) @@ -1084,7 +1106,7 @@ USER mail`, BB) Expect(session).Should(Exit(0)) ctrID := session.OutputToString() - // check that the read only option works + // check that the read-only option works session = podmanTest.Podman([]string{"run", "--volumes-from", ctrID + ":ro", ALPINE, "touch", mountpoint + "abc.txt"}) session.WaitWithDefaultTimeout() Expect(session).Should(Exit(1)) @@ -1108,13 +1130,13 @@ USER mail`, BB) Expect(session).Should(Exit(125)) Expect(session.ErrorToString()).To(ContainSubstring("cannot set :z more than once in mount options")) - // create new read only volume + // create new read-only volume session = podmanTest.Podman([]string{"create", "--volume", vol + ":" + mountpoint + ":ro", ALPINE, "cat", mountpoint + filename}) session.WaitWithDefaultTimeout() Expect(session).Should(Exit(0)) ctrID = session.OutputToString() - // check if the original volume was mounted as read only that --volumes-from also mount it as read only + // check if the original volume was mounted as read-only that --volumes-from also mount it as read-only session = podmanTest.Podman([]string{"run", "--volumes-from", ctrID, ALPINE, "touch", mountpoint + "abc.txt"}) session.WaitWithDefaultTimeout() Expect(session).Should(Exit(1)) diff --git a/test/e2e/run_volume_test.go b/test/e2e/run_volume_test.go index edb657695..5fcf340d4 100644 --- a/test/e2e/run_volume_test.go +++ b/test/e2e/run_volume_test.go @@ -452,6 +452,14 @@ var _ = Describe("Podman run with volumes", func() { separateVolumeSession.WaitWithDefaultTimeout() Expect(separateVolumeSession).Should(Exit(0)) Expect(separateVolumeSession.OutputToString()).To(Equal(baselineOutput)) + + copySession := podmanTest.Podman([]string{"run", "--rm", "-v", "testvol3:/etc/apk:copy", ALPINE, "stat", "-c", "%h", "/etc/apk/arch"}) + copySession.WaitWithDefaultTimeout() + Expect(copySession).Should(Exit(0)) + + noCopySession := podmanTest.Podman([]string{"run", "--rm", "-v", "testvol4:/etc/apk:nocopy", ALPINE, "stat", "-c", "%h", "/etc/apk/arch"}) + noCopySession.WaitWithDefaultTimeout() + Expect(noCopySession).Should(Exit(1)) }) It("podman named volume copyup symlink", func() { @@ -670,6 +678,15 @@ VOLUME /test/`, ALPINE) session.WaitWithDefaultTimeout() Expect(session).Should(Exit(0)) + // Test overlay mount when lowerdir is relative path. + f, err = os.Create("hello") + Expect(err).To(BeNil(), "os.Create") + f.Close() + session = podmanTest.Podman([]string{"run", "--rm", "-v", ".:/app:O", ALPINE, "ls", "/app"}) + session.WaitWithDefaultTimeout() + Expect(session.OutputToString()).To(ContainSubstring("hello")) + Expect(session).Should(Exit(0)) + // Make sure modifications in container do not show up on host session = podmanTest.Podman([]string{"run", "--rm", "-v", volumeFlag, ALPINE, "touch", "/run/test/container"}) session.WaitWithDefaultTimeout() diff --git a/test/e2e/system_df_test.go b/test/e2e/system_df_test.go index f41a5981f..998fa8b59 100644 --- a/test/e2e/system_df_test.go +++ b/test/e2e/system_df_test.go @@ -70,6 +70,17 @@ var _ = Describe("podman system df", func() { Expect(containers[1]).To(Equal("2"), "total containers expected") Expect(volumes[2]).To(Equal("2"), "total volumes expected") Expect(volumes[6]).To(Equal("(50%)"), "percentage usage expected") + + session = podmanTest.Podman([]string{"rm", "container1"}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + session = podmanTest.Podman([]string{"system", "df"}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + volumes = strings.Fields(session.OutputToStringArray()[3]) + // percentages on volumes were being calculated incorrectly. Make sure we only report 100% and not above + Expect(volumes[6]).To(Equal("(100%)"), "percentage usage expected") + }) It("podman system df image with no tag", func() { diff --git a/test/e2e/system_reset_test.go b/test/e2e/system_reset_test.go index 28f2e25ca..075ea435c 100644 --- a/test/e2e/system_reset_test.go +++ b/test/e2e/system_reset_test.go @@ -4,6 +4,7 @@ import ( "fmt" "os" + "github.com/containers/podman/v4/pkg/rootless" . "github.com/containers/podman/v4/test/utils" . "github.com/onsi/ginkgo" . "github.com/onsi/gomega" @@ -92,9 +93,12 @@ var _ = Describe("podman system reset", func() { // TODO: machine tests currently don't run outside of the machine test pkg // no machines are created here to cleanup - session = podmanTest.Podman([]string{"machine", "list", "-q"}) - session.WaitWithDefaultTimeout() - Expect(session).Should(Exit(0)) - Expect(session.OutputToStringArray()).To(BeEmpty()) + // machine commands are rootless only + if rootless.IsRootless() { + session = podmanTest.Podman([]string{"machine", "list", "-q"}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + Expect(session.OutputToStringArray()).To(BeEmpty()) + } }) }) diff --git a/test/e2e/volume_create_test.go b/test/e2e/volume_create_test.go index 499283cab..7a975f6a5 100644 --- a/test/e2e/volume_create_test.go +++ b/test/e2e/volume_create_test.go @@ -162,4 +162,19 @@ var _ = Describe("Podman volume create", func() { Expect(inspectOpts).Should(Exit(0)) Expect(inspectOpts.OutputToString()).To(Equal(optionStrFormatExpect)) }) + + It("podman create volume with o=timeout", func() { + volName := "testVol" + timeout := 10 + timeoutStr := "10" + session := podmanTest.Podman([]string{"volume", "create", "--opt", fmt.Sprintf("o=timeout=%d", timeout), volName}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + + inspectTimeout := podmanTest.Podman([]string{"volume", "inspect", "--format", "{{ .Timeout }}", volName}) + inspectTimeout.WaitWithDefaultTimeout() + Expect(inspectTimeout).Should(Exit(0)) + Expect(inspectTimeout.OutputToString()).To(Equal(timeoutStr)) + + }) }) diff --git a/test/system/030-run.bats b/test/system/030-run.bats index 56cf4f266..b3e3cef00 100644 --- a/test/system/030-run.bats +++ b/test/system/030-run.bats @@ -730,7 +730,7 @@ EOF run_podman 125 run --device-cgroup-rule="x 7:* rmw" --rm $IMAGE is "$output" "Error: invalid device type in device-access-add: x" run_podman 125 run --device-cgroup-rule="a a:* rmw" --rm $IMAGE - is "$output" "Error: strconv.ParseInt: parsing \"a\": invalid syntax" + is "$output" "Error: strconv.ParseUint: parsing \"a\": invalid syntax" } @test "podman run closes stdin" { diff --git a/test/system/050-stop.bats b/test/system/050-stop.bats index c2dfba84d..39002512b 100644 --- a/test/system/050-stop.bats +++ b/test/system/050-stop.bats @@ -171,4 +171,19 @@ load helpers run_podman --noout stop -t 0 stopme is "$output" "" "output should be empty" } + +@test "podman stop, with --rm container" { + OCIDir=/run/$(podman_runtime) + + if is_rootless; then + OCIDir=/run/user/$(id -u)/$(podman_runtime) + fi + + run_podman run --rm -d --name rmstop $IMAGE sleep infinity + local cid="$output" + run_podman stop rmstop + + # Check the OCI runtime directory has removed. + is "$(ls $OCIDir | grep $cid)" "" "The OCI runtime directory should have been removed" +} # vim: filetype=sh diff --git a/test/system/055-rm.bats b/test/system/055-rm.bats index 69663fafa..0ef2216b8 100644 --- a/test/system/055-rm.bats +++ b/test/system/055-rm.bats @@ -52,10 +52,20 @@ load helpers } @test "podman rm <-> run --rm race" { + OCIDir=/run/$(podman_runtime) + + if is_rootless; then + OCIDir=/run/user/$(id -u)/$(podman_runtime) + fi + # A container's lock is released before attempting to stop it. This opens # the window for race conditions that led to #9479. run_podman run --rm -d $IMAGE sleep infinity + local cid="$output" run_podman rm -af + + # Check the OCI runtime directory has removed. + is "$(ls $OCIDir | grep $cid)" "" "The OCI runtime directory should have been removed" } @test "podman rm --depend" { diff --git a/test/system/060-mount.bats b/test/system/060-mount.bats index 2735d2afd..4498e675f 100644 --- a/test/system/060-mount.bats +++ b/test/system/060-mount.bats @@ -87,7 +87,7 @@ load helpers # Run a container with an image mount run_podman run --rm --mount type=image,src=$IMAGE,dst=/image-mount $IMAGE diff /etc/os-release /image-mount/etc/os-release - # Make sure the mount is read only + # Make sure the mount is read-only run_podman 1 run --rm --mount type=image,src=$IMAGE,dst=/image-mount $IMAGE touch /image-mount/read-only is "$output" "touch: /image-mount/read-only: Read-only file system" diff --git a/test/system/120-load.bats b/test/system/120-load.bats index 5a7f63b43..7f0bcfd95 100644 --- a/test/system/120-load.bats +++ b/test/system/120-load.bats @@ -128,8 +128,24 @@ verify_iid_and_name() { run_podman image inspect --format '{{.Digest}}' $newname is "$output" "$src_digest" "Digest of re-fetched image matches original" - # Clean up + # test tagging capability + run_podman untag $IMAGE $newname + run_podman image scp ${notme}@localhost::$newname foobar:123 + + run_podman image inspect --format '{{.Digest}}' foobar:123 + is "$output" "$src_digest" "Digest of re-fetched image matches original" + + # remove root img for transfer back with another name _sudo $PODMAN image rm $newname + + # get foobar's ID, for an ID transfer test + run_podman image inspect --format '{{.ID}}' foobar:123 + run_podman image scp $output ${notme}@localhost::foobartwo + + _sudo $PODMAN image exists foobartwo + + # Clean up + _sudo $PODMAN image rm foobartwo run_podman untag $IMAGE $newname # Negative test for nonexistent image. @@ -142,12 +158,6 @@ verify_iid_and_name() { run_podman 125 image scp $nope ${notme}@localhost:: is "$output" "Error: $nope: image not known.*" "Pushing nonexistent image" - # Negative test for copying to a different name - run_podman 125 image scp $IMAGE ${notme}@localhost::newname:newtag - is "$output" "Error: cannot specify an image rename: invalid argument" \ - "Pushing with a different name: not allowed" - - # FIXME: any point in copying by image ID? What else should we test? } diff --git a/test/system/130-kill.bats b/test/system/130-kill.bats index a9456e03c..96b633a42 100644 --- a/test/system/130-kill.bats +++ b/test/system/130-kill.bats @@ -130,4 +130,14 @@ load helpers is "$output" $cname } +@test "podman kill - concurrent stop" { + # 14761 - concurrent kill/stop must record the exit code + random_name=$(random_string 10) + run_podman run -d --replace --name=$random_name alpine sh -c "trap 'echo Received SIGTERM, ignoring' SIGTERM; echo READY; while :; do sleep 0.2; done" + $PODMAN stop -t 1 $random_name & + run_podman kill $random_name + run_podman wait $random_name + run_podman rm -f $random_name +} + # vim: filetype=sh diff --git a/test/system/200-pod.bats b/test/system/200-pod.bats index 92d3966be..0e522b34d 100644 --- a/test/system/200-pod.bats +++ b/test/system/200-pod.bats @@ -479,21 +479,25 @@ spec: fi local name1="resources1" - run_podman --cgroup-manager=systemd pod create --name=$name1 --cpus=5 - run_podman --cgroup-manager=systemd pod start $name1 + run_podman --cgroup-manager=systemd pod create --name=$name1 --cpus=5 --memory=10m + run_podman --cgroup-manager=systemd pod start $name1 run_podman pod inspect --format '{{.CgroupPath}}' $name1 local path1="$output" local actual1=$(< /sys/fs/cgroup/$path1/cpu.max) is "$actual1" "500000 100000" "resource limits set properly" + local actual2=$(< /sys/fs/cgroup/$path1/memory.max) + is "$actual2" "10485760" "resource limits set properly" run_podman pod --cgroup-manager=systemd rm -f $name1 local name2="resources2" - run_podman --cgroup-manager=cgroupfs pod create --cpus=5 --name=$name2 + run_podman --cgroup-manager=cgroupfs pod create --cpus=5 --memory=10m --name=$name2 run_podman --cgroup-manager=cgroupfs pod start $name2 run_podman pod inspect --format '{{.CgroupPath}}' $name2 local path2="$output" local actual2=$(< /sys/fs/cgroup/$path2/cpu.max) is "$actual2" "500000 100000" "resource limits set properly" + local actual2=$(< /sys/fs/cgroup/$path2/memory.max) + is "$actual2" "10485760" "resource limits set properly" run_podman --cgroup-manager=cgroupfs pod rm $name2 } diff --git a/test/system/250-systemd.bats b/test/system/250-systemd.bats index e251e8a6d..fc3c33975 100644 --- a/test/system/250-systemd.bats +++ b/test/system/250-systemd.bats @@ -295,12 +295,12 @@ LISTEN_FDNAMES=listen_fdnames" | sort) run_podman network rm -f $netname } -@test "podman-play-kube@.service template" { +@test "podman-kube@.service template" { skip_if_remote "systemd units do not work with remote clients" # If running from a podman source directory, build and use the source # version of the play-kube-@ unit file - unit_name="podman-play-kube@.service" + unit_name="podman-kube@.service" unit_file="contrib/systemd/system/${unit_name}" if [[ -e ${unit_file}.in ]]; then echo "# [Building & using $unit_name from source]" >&3 @@ -329,7 +329,7 @@ spec: EOF # Dispatch the YAML file - service_name="podman-play-kube@$(systemd-escape $yaml_source).service" + service_name="podman-kube@$(systemd-escape $yaml_source).service" systemctl start $service_name systemctl is-active $service_name diff --git a/test/testvol/main.go b/test/testvol/main.go index 99c6fb694..dd4ba642d 100644 --- a/test/testvol/main.go +++ b/test/testvol/main.go @@ -1,6 +1,7 @@ package main import ( + "fmt" "io/ioutil" "os" "path/filepath" @@ -8,7 +9,6 @@ import ( "time" "github.com/docker/go-plugins-helpers/volume" - "github.com/pkg/errors" "github.com/sirupsen/logrus" "github.com/spf13/cobra" ) @@ -80,16 +80,16 @@ func startServer(socketPath string) error { if config.path == "" { path, err := ioutil.TempDir("", "test_volume_plugin") if err != nil { - return errors.Wrapf(err, "error getting directory for plugin") + return fmt.Errorf("error getting directory for plugin: %w", err) } config.path = path } else { pathStat, err := os.Stat(config.path) if err != nil { - return errors.Wrapf(err, "unable to access requested plugin state directory") + return fmt.Errorf("unable to access requested plugin state directory: %w", err) } if !pathStat.IsDir() { - return errors.Errorf("cannot use %v as plugin state dir as it is not a directory", config.path) + return fmt.Errorf("cannot use %v as plugin state dir as it is not a directory", config.path) } } @@ -98,7 +98,7 @@ func startServer(socketPath string) error { server := volume.NewHandler(handle) if err := server.ServeUnix(socketPath, 0); err != nil { - return errors.Wrapf(err, "error starting server") + return fmt.Errorf("error starting server: %w", err) } return nil } @@ -147,7 +147,7 @@ func (d *DirDriver) Create(opts *volume.CreateRequest) error { logrus.Infof("Hit Create() endpoint") if _, exists := d.volumes[opts.Name]; exists { - return errors.Errorf("volume with name %s already exists", opts.Name) + return fmt.Errorf("volume with name %s already exists", opts.Name) } newVol := new(dirVol) @@ -161,7 +161,7 @@ func (d *DirDriver) Create(opts *volume.CreateRequest) error { volPath := filepath.Join(d.volumesPath, opts.Name) if err := os.Mkdir(volPath, 0755); err != nil { - return errors.Wrapf(err, "error making volume directory") + return fmt.Errorf("error making volume directory: %w", err) } newVol.path = volPath @@ -204,7 +204,7 @@ func (d *DirDriver) Get(req *volume.GetRequest) (*volume.GetResponse, error) { vol, exists := d.volumes[req.Name] if !exists { logrus.Debugf("Did not find volume %s", req.Name) - return nil, errors.Errorf("no volume with name %s found", req.Name) + return nil, fmt.Errorf("no volume with name %s found", req.Name) } logrus.Debugf("Found volume %s", req.Name) @@ -228,19 +228,19 @@ func (d *DirDriver) Remove(req *volume.RemoveRequest) error { vol, exists := d.volumes[req.Name] if !exists { logrus.Debugf("Did not find volume %s", req.Name) - return errors.Errorf("no volume with name %s found", req.Name) + return fmt.Errorf("no volume with name %s found", req.Name) } logrus.Debugf("Found volume %s", req.Name) if len(vol.mounts) > 0 { logrus.Debugf("Cannot remove %s, is mounted", req.Name) - return errors.Errorf("volume %s is mounted and cannot be removed", req.Name) + return fmt.Errorf("volume %s is mounted and cannot be removed", req.Name) } delete(d.volumes, req.Name) if err := os.RemoveAll(vol.path); err != nil { - return errors.Wrapf(err, "error removing mountpoint of volume %s", req.Name) + return fmt.Errorf("error removing mountpoint of volume %s: %w", req.Name, err) } logrus.Debugf("Removed volume %s", req.Name) @@ -260,7 +260,7 @@ func (d *DirDriver) Path(req *volume.PathRequest) (*volume.PathResponse, error) vol, exists := d.volumes[req.Name] if !exists { logrus.Debugf("Cannot locate volume %s", req.Name) - return nil, errors.Errorf("no volume with name %s found", req.Name) + return nil, fmt.Errorf("no volume with name %s found", req.Name) } return &volume.PathResponse{ @@ -278,7 +278,7 @@ func (d *DirDriver) Mount(req *volume.MountRequest) (*volume.MountResponse, erro vol, exists := d.volumes[req.Name] if !exists { logrus.Debugf("Cannot locate volume %s", req.Name) - return nil, errors.Errorf("no volume with name %s found", req.Name) + return nil, fmt.Errorf("no volume with name %s found", req.Name) } vol.mounts[req.ID] = true @@ -298,13 +298,13 @@ func (d *DirDriver) Unmount(req *volume.UnmountRequest) error { vol, exists := d.volumes[req.Name] if !exists { logrus.Debugf("Cannot locate volume %s", req.Name) - return errors.Errorf("no volume with name %s found", req.Name) + return fmt.Errorf("no volume with name %s found", req.Name) } mount := vol.mounts[req.ID] if !mount { logrus.Debugf("Volume %s is not mounted by %s", req.Name, req.ID) - return errors.Errorf("volume %s is not mounted by %s", req.Name, req.ID) + return fmt.Errorf("volume %s is not mounted by %s", req.Name, req.ID) } delete(vol.mounts, req.ID) diff --git a/test/testvol/util.go b/test/testvol/util.go index 7a0aeba86..b50bb3afb 100644 --- a/test/testvol/util.go +++ b/test/testvol/util.go @@ -25,5 +25,5 @@ func getPluginName(pathOrName string) string { func getPlugin(sockNameOrPath string) (*plugin.VolumePlugin, error) { path := getSocketPath(sockNameOrPath) name := getPluginName(sockNameOrPath) - return plugin.GetVolumePlugin(name, path) + return plugin.GetVolumePlugin(name, path, 0) } diff --git a/troubleshooting.md b/troubleshooting.md index 05685c906..1fa044fe9 100644 --- a/troubleshooting.md +++ b/troubleshooting.md @@ -663,7 +663,7 @@ $ podman run --rm --rootfs /path/to/rootfs true The command above will create all the missing directories needed to run the container. -After that, it can be used in read only mode, by multiple containers at the same time: +After that, it can be used in read-only mode, by multiple containers at the same time: ```console $ podman run --read-only --rootfs /path/to/rootfs .... @@ -1231,3 +1231,58 @@ While running podman remote commands with the most updated Podman, issues that w When upgrading Podman to a particular version for the required fixes, users often make the mistake of only upgrading the Podman client. However, suppose a setup uses `podman-remote` or uses a client that communicates with the Podman server on a remote machine via the REST API. In that case, it is required to upgrade both the Podman client and the Podman server running on the remote machine. Both the Podman client and server must be upgraded to the same version. Example: If a particular bug was fixed in `v4.1.0` then the Podman client must have version `v4.1.0` as well the Podman server must have version `v4.1.0`. + +### 37) Unexpected carriage returns are outputted on the terminal + +When using the __--tty__ (__-t__) flag, unexpected carriage returns are outputted on the terminal. + +#### Symptom + +The container program prints a newline (`\n`) but the terminal outputs a carriage return and a newline (`\r\n`). + +``` +$ podman run --rm -t fedora echo abc | od -c +0000000 a b c \r \n +0000005 +``` + +When run directly on the host, the result is as expected. + +``` +$ echo abc | od -c +0000000 a b c \n +0000004 +``` + +Extra carriage returns can also shift the prompt to the right. + +``` +$ podman run --rm -t fedora sh -c "echo 1; echo 2; echo 3" | cat -A +1^M$ + 2^M$ + 3^M$ + $ +``` + +#### Solution + +Run Podman without the __--tty__ (__-t__) flag. + +``` +$ podman run --rm fedora echo abc | od -c +0000000 a b c \n +0000004 +``` + +The __--tty__ (__-t__) flag should only be used when the program requires user interaction in the termainal, for instance expecting +the user to type an answer to a question. + +Where does the extra carriage return `\r` come from? + +The extra `\r` is not outputted by Podman but by the terminal. In fact, a reconfiguration of the terminal can make the extra `\r` go away. + +``` +$ podman run --rm -t fedora /bin/sh -c "stty -onlcr && echo abc" | od -c +0000000 a b c \n +0000004 +``` diff --git a/utils/ports.go b/utils/ports.go index 57a6f8275..eea060433 100644 --- a/utils/ports.go +++ b/utils/ports.go @@ -1,26 +1,25 @@ package utils import ( + "fmt" "net" "strconv" - - "github.com/pkg/errors" ) // Find a random, open port on the host. func GetRandomPort() (int, error) { l, err := net.Listen("tcp", ":0") if err != nil { - return 0, errors.Wrapf(err, "unable to get free TCP port") + return 0, fmt.Errorf("unable to get free TCP port: %w", err) } defer l.Close() _, randomPort, err := net.SplitHostPort(l.Addr().String()) if err != nil { - return 0, errors.Wrapf(err, "unable to determine free port") + return 0, fmt.Errorf("unable to determine free port: %w", err) } rp, err := strconv.Atoi(randomPort) if err != nil { - return 0, errors.Wrapf(err, "unable to convert random port to int") + return 0, fmt.Errorf("unable to convert random port to int: %w", err) } return rp, nil } diff --git a/utils/utils.go b/utils/utils.go index fd66ac2ed..a20181b0a 100644 --- a/utils/utils.go +++ b/utils/utils.go @@ -16,7 +16,6 @@ import ( "github.com/containers/podman/v4/libpod/define" "github.com/containers/storage/pkg/archive" "github.com/godbus/dbus/v5" - "github.com/pkg/errors" "github.com/sirupsen/logrus" ) @@ -114,7 +113,7 @@ func UntarToFileSystem(dest string, tarball *os.File, options *archive.TarOption func CreateTarFromSrc(source string, dest string) error { file, err := os.Create(dest) if err != nil { - return errors.Wrapf(err, "Could not create tarball file '%s'", dest) + return fmt.Errorf("could not create tarball file '%s': %w", dest, err) } defer file.Close() return TarToFilesystem(source, file) @@ -154,7 +153,7 @@ func RemoveScientificNotationFromFloat(x float64) (float64, error) { } result, err := strconv.ParseFloat(bigNum, 64) if err != nil { - return x, errors.Wrapf(err, "unable to remove scientific number from calculations") + return x, fmt.Errorf("unable to remove scientific number from calculations: %w", err) } return result, nil } @@ -181,11 +180,11 @@ func moveProcessPIDFileToScope(pidPath, slice, scope string) error { if os.IsNotExist(err) { return nil } - return errors.Wrapf(err, "cannot read pid file %s", pidPath) + return fmt.Errorf("cannot read pid file %s: %w", pidPath, err) } pid, err := strconv.ParseUint(string(data), 10, 0) if err != nil { - return errors.Wrapf(err, "cannot parse pid file %s", pidPath) + return fmt.Errorf("cannot parse pid file %s: %w", pidPath, err) } return moveProcessToScope(int(pid), slice, scope) @@ -243,27 +242,3 @@ func MovePauseProcessToScope(pausePidPath string) { } } } - -// CreateSCPCommand takes an existing command, appends the given arguments and returns a configured podman command for image scp -func CreateSCPCommand(cmd *exec.Cmd, command []string) *exec.Cmd { - cmd.Args = append(cmd.Args, command...) - cmd.Env = os.Environ() - cmd.Stderr = os.Stderr - cmd.Stdout = os.Stdout - return cmd -} - -// LoginUser starts the user process on the host so that image scp can use systemd-run -func LoginUser(user string) (*exec.Cmd, error) { - sleep, err := exec.LookPath("sleep") - if err != nil { - return nil, err - } - machinectl, err := exec.LookPath("machinectl") - if err != nil { - return nil, err - } - cmd := exec.Command(machinectl, "shell", "-q", user+"@.host", sleep, "inf") - err = cmd.Start() - return cmd, err -} diff --git a/utils/utils_supported.go b/utils/utils_supported.go index c2dcc4631..d7d47b2bc 100644 --- a/utils/utils_supported.go +++ b/utils/utils_supported.go @@ -17,7 +17,6 @@ import ( "github.com/containers/podman/v4/pkg/rootless" systemdDbus "github.com/coreos/go-systemd/v22/dbus" "github.com/godbus/dbus/v5" - "github.com/pkg/errors" "github.com/sirupsen/logrus" ) @@ -77,7 +76,7 @@ func getCgroupProcess(procFile string, allowRoot bool) (string, error) { line := scanner.Text() parts := strings.SplitN(line, ":", 3) if len(parts) != 3 { - return "", errors.Errorf("cannot parse cgroup line %q", line) + return "", fmt.Errorf("cannot parse cgroup line %q", line) } if strings.HasPrefix(line, "0::") { cgroup = line[3:] @@ -88,7 +87,7 @@ func getCgroupProcess(procFile string, allowRoot bool) (string, error) { } } if len(cgroup) == 0 || (!allowRoot && cgroup == "/") { - return "", errors.Errorf("could not find cgroup mount in %q", procFile) + return "", fmt.Errorf("could not find cgroup mount in %q", procFile) } return cgroup, nil } @@ -133,11 +132,11 @@ func moveUnderCgroup(cgroup, subtree string, processes []uint32) error { line := scanner.Text() parts := strings.SplitN(line, ":", 3) if len(parts) != 3 { - return errors.Errorf("cannot parse cgroup line %q", line) + return fmt.Errorf("cannot parse cgroup line %q", line) } // root cgroup, skip it - if parts[2] == "/" { + if parts[2] == "/" && !(unifiedMode && parts[1] == "") { continue } diff --git a/utils/utils_windows.go b/utils/utils_windows.go index 1d017f5ae..18f232116 100644 --- a/utils/utils_windows.go +++ b/utils/utils_windows.go @@ -3,7 +3,7 @@ package utils -import "github.com/pkg/errors" +import "errors" func RunUnderSystemdScope(pid int, slice string, unitName string) error { return errors.New("not implemented for windows") diff --git a/vendor/github.com/containers/common/libimage/normalize.go b/vendor/github.com/containers/common/libimage/normalize.go index b36bbf396..7af125283 100644 --- a/vendor/github.com/containers/common/libimage/normalize.go +++ b/vendor/github.com/containers/common/libimage/normalize.go @@ -1,51 +1,13 @@ package libimage import ( - "runtime" "strings" - "github.com/containerd/containerd/platforms" "github.com/containers/image/v5/docker/reference" "github.com/pkg/errors" "github.com/sirupsen/logrus" ) -// NormalizePlatform normalizes (according to the OCI spec) the specified os, -// arch and variant. If left empty, the individual item will not be normalized. -func NormalizePlatform(rawOS, rawArch, rawVariant string) (os, arch, variant string) { - os, arch, variant = rawOS, rawArch, rawVariant - if os == "" { - os = runtime.GOOS - } - if arch == "" { - arch = runtime.GOARCH - } - rawPlatform := os + "/" + arch - if variant != "" { - rawPlatform += "/" + variant - } - - normalizedPlatform, err := platforms.Parse(rawPlatform) - if err != nil { - logrus.Debugf("Error normalizing platform: %v", err) - return rawOS, rawArch, rawVariant - } - logrus.Debugf("Normalized platform %s to %s", rawPlatform, normalizedPlatform) - os = rawOS - if rawOS != "" { - os = normalizedPlatform.OS - } - arch = rawArch - if rawArch != "" { - arch = normalizedPlatform.Architecture - } - variant = rawVariant - if rawVariant != "" { - variant = normalizedPlatform.Variant - } - return os, arch, variant -} - // NormalizeName normalizes the provided name according to the conventions by // Podman and Buildah. If tag and digest are missing, the "latest" tag will be // used. If it's a short name, it will be prefixed with "localhost/". diff --git a/vendor/github.com/containers/common/libimage/platform.go b/vendor/github.com/containers/common/libimage/platform.go index 8b78bce24..736a193f6 100644 --- a/vendor/github.com/containers/common/libimage/platform.go +++ b/vendor/github.com/containers/common/libimage/platform.go @@ -4,6 +4,9 @@ import ( "context" "fmt" "runtime" + + "github.com/containerd/containerd/platforms" + "github.com/sirupsen/logrus" ) // PlatformPolicy controls the behavior of image-platform matching. @@ -16,11 +19,42 @@ const ( PlatformPolicyWarn ) -func toPlatformString(architecture, os, variant string) string { +// NormalizePlatform normalizes (according to the OCI spec) the specified os, +// arch and variant. If left empty, the individual item will not be normalized. +func NormalizePlatform(rawOS, rawArch, rawVariant string) (os, arch, variant string) { + rawPlatform := toPlatformString(rawOS, rawArch, rawVariant) + normalizedPlatform, err := platforms.Parse(rawPlatform) + if err != nil { + logrus.Debugf("Error normalizing platform: %v", err) + return rawOS, rawArch, rawVariant + } + logrus.Debugf("Normalized platform %s to %s", rawPlatform, normalizedPlatform) + os = rawOS + if rawOS != "" { + os = normalizedPlatform.OS + } + arch = rawArch + if rawArch != "" { + arch = normalizedPlatform.Architecture + } + variant = rawVariant + if rawVariant != "" { + variant = normalizedPlatform.Variant + } + return os, arch, variant +} + +func toPlatformString(os, arch, variant string) string { + if os == "" { + os = runtime.GOOS + } + if arch == "" { + arch = runtime.GOARCH + } if variant == "" { - return fmt.Sprintf("%s/%s", os, architecture) + return fmt.Sprintf("%s/%s", os, arch) } - return fmt.Sprintf("%s/%s/%s", os, architecture, variant) + return fmt.Sprintf("%s/%s/%s", os, arch, variant) } // Checks whether the image matches the specified platform. @@ -28,36 +62,26 @@ func toPlatformString(architecture, os, variant string) string { // * 1) a matching error that can be used for logging (or returning) what does not match // * 2) a bool indicating whether architecture, os or variant were set (some callers need that to decide whether they need to throw an error) // * 3) a fatal error that occurred prior to check for matches (e.g., storage errors etc.) -func (i *Image) matchesPlatform(ctx context.Context, architecture, os, variant string) (error, bool, error) { - customPlatform := len(architecture)+len(os)+len(variant) != 0 - - if len(architecture) == 0 { - architecture = runtime.GOARCH - } - if len(os) == 0 { - os = runtime.GOOS - } - +func (i *Image) matchesPlatform(ctx context.Context, os, arch, variant string) (error, bool, error) { inspectInfo, err := i.inspectInfo(ctx) if err != nil { - return nil, customPlatform, fmt.Errorf("inspecting image: %w", err) + return nil, false, fmt.Errorf("inspecting image: %w", err) } - matches := true - switch { - case architecture != inspectInfo.Architecture: - matches = false - case os != inspectInfo.Os: - matches = false - case variant != "" && variant != inspectInfo.Variant: - matches = false + customPlatform := len(os)+len(arch)+len(variant) != 0 + + expected, err := platforms.Parse(toPlatformString(os, arch, variant)) + if err != nil { + return nil, false, fmt.Errorf("parsing host platform: %v", err) + } + fromImage, err := platforms.Parse(toPlatformString(inspectInfo.Os, inspectInfo.Architecture, inspectInfo.Variant)) + if err != nil { + return nil, false, fmt.Errorf("parsing image platform: %v", err) } - if matches { + if platforms.NewMatcher(expected).Match(fromImage) { return nil, customPlatform, nil } - imagePlatform := toPlatformString(inspectInfo.Architecture, inspectInfo.Os, inspectInfo.Variant) - expectedPlatform := toPlatformString(architecture, os, variant) - return fmt.Errorf("image platform (%s) does not match the expected platform (%s)", imagePlatform, expectedPlatform), customPlatform, nil + return fmt.Errorf("image platform (%s) does not match the expected platform (%s)", fromImage, expected), customPlatform, nil } diff --git a/vendor/github.com/containers/common/libimage/pull.go b/vendor/github.com/containers/common/libimage/pull.go index 5e743574c..2071cceca 100644 --- a/vendor/github.com/containers/common/libimage/pull.go +++ b/vendor/github.com/containers/common/libimage/pull.go @@ -169,7 +169,7 @@ func (r *Runtime) Pull(ctx context.Context, name string, pullPolicy config.PullP // Note that we can ignore the 2nd return value here. Some // images may ship with "wrong" platform, but we already warn // about it. Throwing an error is not (yet) the plan. - matchError, _, err := image.matchesPlatform(ctx, options.Architecture, options.OS, options.Variant) + matchError, _, err := image.matchesPlatform(ctx, options.OS, options.Architecture, options.Variant) if err != nil { return nil, fmt.Errorf("checking platform of image %s: %w", name, err) } diff --git a/vendor/github.com/containers/common/libimage/runtime.go b/vendor/github.com/containers/common/libimage/runtime.go index efae2238d..7e975b81d 100644 --- a/vendor/github.com/containers/common/libimage/runtime.go +++ b/vendor/github.com/containers/common/libimage/runtime.go @@ -396,7 +396,7 @@ func (r *Runtime) lookupImageInLocalStorage(name, candidate string, options *Loo // Ignore the (fatal) error since the image may be corrupted, which // will bubble up at other places. During lookup, we just return it as // is. - if matchError, customPlatform, _ := image.matchesPlatform(context.Background(), options.Architecture, options.OS, options.Variant); matchError != nil { + if matchError, customPlatform, _ := image.matchesPlatform(context.Background(), options.OS, options.Architecture, options.Variant); matchError != nil { if customPlatform { logrus.Debugf("%v", matchError) // Return nil if the user clearly requested a custom diff --git a/vendor/github.com/containers/common/pkg/cgroups/systemd_linux.go b/vendor/github.com/containers/common/pkg/cgroups/systemd_linux.go index a45358f9b..ee9f584de 100644 --- a/vendor/github.com/containers/common/pkg/cgroups/systemd_linux.go +++ b/vendor/github.com/containers/common/pkg/cgroups/systemd_linux.go @@ -152,10 +152,10 @@ func resourcesToProps(res *configs.Resources) (map[string]uint64, map[string]str // Mem if res.Memory != 0 { - iMap["MemoryMax"] = res.Memory + uMap["MemoryMax"] = uint64(res.Memory) } if res.MemorySwap != 0 { - iMap["MemorySwapMax"] = res.MemorySwap + uMap["MemorySwapMax"] = uint64(res.MemorySwap) } // Blkio diff --git a/vendor/github.com/containers/common/pkg/parse/parse.go b/vendor/github.com/containers/common/pkg/parse/parse.go index 6c4958cc2..43b783e0c 100644 --- a/vendor/github.com/containers/common/pkg/parse/parse.go +++ b/vendor/github.com/containers/common/pkg/parse/parse.go @@ -14,7 +14,7 @@ import ( // ValidateVolumeOpts validates a volume's options func ValidateVolumeOpts(options []string) ([]string, error) { - var foundRootPropagation, foundRWRO, foundLabelChange, bindType, foundExec, foundDev, foundSuid, foundChown, foundUpperDir, foundWorkDir int + var foundRootPropagation, foundRWRO, foundLabelChange, bindType, foundExec, foundDev, foundSuid, foundChown, foundUpperDir, foundWorkDir, foundCopy int finalOpts := make([]string, 0, len(options)) for _, opt := range options { // support advanced options like upperdir=/path, workdir=/path @@ -88,6 +88,11 @@ func ValidateVolumeOpts(options []string) ([]string, error) { // are intended to be always safe to use, even not on OS // X). continue + case "copy", "nocopy": + foundCopy++ + if foundCopy > 1 { + return nil, errors.Errorf("invalid options %q, can only specify 1 'copy' or 'nocopy' option", strings.Join(options, ", ")) + } default: return nil, errors.Errorf("invalid option type %q", opt) } diff --git a/vendor/github.com/containers/common/pkg/seccomp/default_linux.go b/vendor/github.com/containers/common/pkg/seccomp/default_linux.go index 3712afc71..0db77879c 100644 --- a/vendor/github.com/containers/common/pkg/seccomp/default_linux.go +++ b/vendor/github.com/containers/common/pkg/seccomp/default_linux.go @@ -221,6 +221,9 @@ func DefaultProfile() *Seccomp { "ipc", "keyctl", "kill", + "landlock_add_rule", + "landlock_create_ruleset", + "landlock_restrict_self", "lchown", "lchown32", "lgetxattr", diff --git a/vendor/github.com/containers/common/pkg/seccomp/seccomp.json b/vendor/github.com/containers/common/pkg/seccomp/seccomp.json index 442632e7d..18674db4d 100644 --- a/vendor/github.com/containers/common/pkg/seccomp/seccomp.json +++ b/vendor/github.com/containers/common/pkg/seccomp/seccomp.json @@ -228,6 +228,9 @@ "ipc", "keyctl", "kill", + "landlock_add_rule", + "landlock_create_ruleset", + "landlock_restrict_self", "lchown", "lchown32", "lgetxattr", diff --git a/vendor/github.com/stretchr/testify/assert/assertion_format.go b/vendor/github.com/stretchr/testify/assert/assertion_format.go index 27e2420ed..7880b8f94 100644 --- a/vendor/github.com/stretchr/testify/assert/assertion_format.go +++ b/vendor/github.com/stretchr/testify/assert/assertion_format.go @@ -736,6 +736,16 @@ func WithinDurationf(t TestingT, expected time.Time, actual time.Time, delta tim return WithinDuration(t, expected, actual, delta, append([]interface{}{msg}, args...)...) } +// WithinRangef asserts that a time is within a time range (inclusive). +// +// assert.WithinRangef(t, time.Now(), time.Now().Add(-time.Second), time.Now().Add(time.Second), "error message %s", "formatted") +func WithinRangef(t TestingT, actual time.Time, start time.Time, end time.Time, msg string, args ...interface{}) bool { + if h, ok := t.(tHelper); ok { + h.Helper() + } + return WithinRange(t, actual, start, end, append([]interface{}{msg}, args...)...) +} + // YAMLEqf asserts that two YAML strings are equivalent. func YAMLEqf(t TestingT, expected string, actual string, msg string, args ...interface{}) bool { if h, ok := t.(tHelper); ok { diff --git a/vendor/github.com/stretchr/testify/assert/assertion_forward.go b/vendor/github.com/stretchr/testify/assert/assertion_forward.go index d9ea368d0..339515b8b 100644 --- a/vendor/github.com/stretchr/testify/assert/assertion_forward.go +++ b/vendor/github.com/stretchr/testify/assert/assertion_forward.go @@ -1461,6 +1461,26 @@ func (a *Assertions) WithinDurationf(expected time.Time, actual time.Time, delta return WithinDurationf(a.t, expected, actual, delta, msg, args...) } +// WithinRange asserts that a time is within a time range (inclusive). +// +// a.WithinRange(time.Now(), time.Now().Add(-time.Second), time.Now().Add(time.Second)) +func (a *Assertions) WithinRange(actual time.Time, start time.Time, end time.Time, msgAndArgs ...interface{}) bool { + if h, ok := a.t.(tHelper); ok { + h.Helper() + } + return WithinRange(a.t, actual, start, end, msgAndArgs...) +} + +// WithinRangef asserts that a time is within a time range (inclusive). +// +// a.WithinRangef(time.Now(), time.Now().Add(-time.Second), time.Now().Add(time.Second), "error message %s", "formatted") +func (a *Assertions) WithinRangef(actual time.Time, start time.Time, end time.Time, msg string, args ...interface{}) bool { + if h, ok := a.t.(tHelper); ok { + h.Helper() + } + return WithinRangef(a.t, actual, start, end, msg, args...) +} + // YAMLEq asserts that two YAML strings are equivalent. func (a *Assertions) YAMLEq(expected string, actual string, msgAndArgs ...interface{}) bool { if h, ok := a.t.(tHelper); ok { diff --git a/vendor/github.com/stretchr/testify/assert/assertions.go b/vendor/github.com/stretchr/testify/assert/assertions.go index 580fdea4c..fa1245b18 100644 --- a/vendor/github.com/stretchr/testify/assert/assertions.go +++ b/vendor/github.com/stretchr/testify/assert/assertions.go @@ -8,6 +8,7 @@ import ( "fmt" "math" "os" + "path/filepath" "reflect" "regexp" "runtime" @@ -144,7 +145,8 @@ func CallerInfo() []string { if len(parts) > 1 { dir := parts[len(parts)-2] if (dir != "assert" && dir != "mock" && dir != "require") || file == "mock_test.go" { - callers = append(callers, fmt.Sprintf("%s:%d", file, line)) + path, _ := filepath.Abs(file) + callers = append(callers, fmt.Sprintf("%s:%d", path, line)) } } @@ -816,7 +818,6 @@ func Subset(t TestingT, list, subset interface{}, msgAndArgs ...interface{}) (ok return true // we consider nil to be equal to the nil set } - subsetValue := reflect.ValueOf(subset) defer func() { if e := recover(); e != nil { ok = false @@ -826,14 +827,32 @@ func Subset(t TestingT, list, subset interface{}, msgAndArgs ...interface{}) (ok listKind := reflect.TypeOf(list).Kind() subsetKind := reflect.TypeOf(subset).Kind() - if listKind != reflect.Array && listKind != reflect.Slice { + if listKind != reflect.Array && listKind != reflect.Slice && listKind != reflect.Map { return Fail(t, fmt.Sprintf("%q has an unsupported type %s", list, listKind), msgAndArgs...) } - if subsetKind != reflect.Array && subsetKind != reflect.Slice { + if subsetKind != reflect.Array && subsetKind != reflect.Slice && listKind != reflect.Map { return Fail(t, fmt.Sprintf("%q has an unsupported type %s", subset, subsetKind), msgAndArgs...) } + subsetValue := reflect.ValueOf(subset) + if subsetKind == reflect.Map && listKind == reflect.Map { + listValue := reflect.ValueOf(list) + subsetKeys := subsetValue.MapKeys() + + for i := 0; i < len(subsetKeys); i++ { + subsetKey := subsetKeys[i] + subsetElement := subsetValue.MapIndex(subsetKey).Interface() + listElement := listValue.MapIndex(subsetKey).Interface() + + if !ObjectsAreEqual(subsetElement, listElement) { + return Fail(t, fmt.Sprintf("\"%s\" does not contain \"%s\"", list, subsetElement), msgAndArgs...) + } + } + + return true + } + for i := 0; i < subsetValue.Len(); i++ { element := subsetValue.Index(i).Interface() ok, found := containsElement(list, element) @@ -860,7 +879,6 @@ func NotSubset(t TestingT, list, subset interface{}, msgAndArgs ...interface{}) return Fail(t, "nil is the empty set which is a subset of every set", msgAndArgs...) } - subsetValue := reflect.ValueOf(subset) defer func() { if e := recover(); e != nil { ok = false @@ -870,14 +888,32 @@ func NotSubset(t TestingT, list, subset interface{}, msgAndArgs ...interface{}) listKind := reflect.TypeOf(list).Kind() subsetKind := reflect.TypeOf(subset).Kind() - if listKind != reflect.Array && listKind != reflect.Slice { + if listKind != reflect.Array && listKind != reflect.Slice && listKind != reflect.Map { return Fail(t, fmt.Sprintf("%q has an unsupported type %s", list, listKind), msgAndArgs...) } - if subsetKind != reflect.Array && subsetKind != reflect.Slice { + if subsetKind != reflect.Array && subsetKind != reflect.Slice && listKind != reflect.Map { return Fail(t, fmt.Sprintf("%q has an unsupported type %s", subset, subsetKind), msgAndArgs...) } + subsetValue := reflect.ValueOf(subset) + if subsetKind == reflect.Map && listKind == reflect.Map { + listValue := reflect.ValueOf(list) + subsetKeys := subsetValue.MapKeys() + + for i := 0; i < len(subsetKeys); i++ { + subsetKey := subsetKeys[i] + subsetElement := subsetValue.MapIndex(subsetKey).Interface() + listElement := listValue.MapIndex(subsetKey).Interface() + + if !ObjectsAreEqual(subsetElement, listElement) { + return true + } + } + + return Fail(t, fmt.Sprintf("%q is a subset of %q", subset, list), msgAndArgs...) + } + for i := 0; i < subsetValue.Len(); i++ { element := subsetValue.Index(i).Interface() ok, found := containsElement(list, element) @@ -1110,6 +1146,27 @@ func WithinDuration(t TestingT, expected, actual time.Time, delta time.Duration, return true } +// WithinRange asserts that a time is within a time range (inclusive). +// +// assert.WithinRange(t, time.Now(), time.Now().Add(-time.Second), time.Now().Add(time.Second)) +func WithinRange(t TestingT, actual, start, end time.Time, msgAndArgs ...interface{}) bool { + if h, ok := t.(tHelper); ok { + h.Helper() + } + + if end.Before(start) { + return Fail(t, "Start should be before end", msgAndArgs...) + } + + if actual.Before(start) { + return Fail(t, fmt.Sprintf("Time %v expected to be in time range %v to %v, but is before the range", actual, start, end), msgAndArgs...) + } else if actual.After(end) { + return Fail(t, fmt.Sprintf("Time %v expected to be in time range %v to %v, but is after the range", actual, start, end), msgAndArgs...) + } + + return true +} + func toFloat(x interface{}) (float64, bool) { var xf float64 xok := true diff --git a/vendor/github.com/stretchr/testify/require/require.go b/vendor/github.com/stretchr/testify/require/require.go index 59c48277a..880853f5a 100644 --- a/vendor/github.com/stretchr/testify/require/require.go +++ b/vendor/github.com/stretchr/testify/require/require.go @@ -1864,6 +1864,32 @@ func WithinDurationf(t TestingT, expected time.Time, actual time.Time, delta tim t.FailNow() } +// WithinRange asserts that a time is within a time range (inclusive). +// +// assert.WithinRange(t, time.Now(), time.Now().Add(-time.Second), time.Now().Add(time.Second)) +func WithinRange(t TestingT, actual time.Time, start time.Time, end time.Time, msgAndArgs ...interface{}) { + if h, ok := t.(tHelper); ok { + h.Helper() + } + if assert.WithinRange(t, actual, start, end, msgAndArgs...) { + return + } + t.FailNow() +} + +// WithinRangef asserts that a time is within a time range (inclusive). +// +// assert.WithinRangef(t, time.Now(), time.Now().Add(-time.Second), time.Now().Add(time.Second), "error message %s", "formatted") +func WithinRangef(t TestingT, actual time.Time, start time.Time, end time.Time, msg string, args ...interface{}) { + if h, ok := t.(tHelper); ok { + h.Helper() + } + if assert.WithinRangef(t, actual, start, end, msg, args...) { + return + } + t.FailNow() +} + // YAMLEq asserts that two YAML strings are equivalent. func YAMLEq(t TestingT, expected string, actual string, msgAndArgs ...interface{}) { if h, ok := t.(tHelper); ok { diff --git a/vendor/github.com/stretchr/testify/require/require_forward.go b/vendor/github.com/stretchr/testify/require/require_forward.go index 5bb07c89c..960bf6f2c 100644 --- a/vendor/github.com/stretchr/testify/require/require_forward.go +++ b/vendor/github.com/stretchr/testify/require/require_forward.go @@ -1462,6 +1462,26 @@ func (a *Assertions) WithinDurationf(expected time.Time, actual time.Time, delta WithinDurationf(a.t, expected, actual, delta, msg, args...) } +// WithinRange asserts that a time is within a time range (inclusive). +// +// a.WithinRange(time.Now(), time.Now().Add(-time.Second), time.Now().Add(time.Second)) +func (a *Assertions) WithinRange(actual time.Time, start time.Time, end time.Time, msgAndArgs ...interface{}) { + if h, ok := a.t.(tHelper); ok { + h.Helper() + } + WithinRange(a.t, actual, start, end, msgAndArgs...) +} + +// WithinRangef asserts that a time is within a time range (inclusive). +// +// a.WithinRangef(time.Now(), time.Now().Add(-time.Second), time.Now().Add(time.Second), "error message %s", "formatted") +func (a *Assertions) WithinRangef(actual time.Time, start time.Time, end time.Time, msg string, args ...interface{}) { + if h, ok := a.t.(tHelper); ok { + h.Helper() + } + WithinRangef(a.t, actual, start, end, msg, args...) +} + // YAMLEq asserts that two YAML strings are equivalent. func (a *Assertions) YAMLEq(expected string, actual string, msgAndArgs ...interface{}) { if h, ok := a.t.(tHelper); ok { diff --git a/vendor/modules.txt b/vendor/modules.txt index e72779e09..aaddcaeb0 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -111,7 +111,7 @@ github.com/containers/buildah/pkg/rusage github.com/containers/buildah/pkg/sshagent github.com/containers/buildah/pkg/util github.com/containers/buildah/util -# github.com/containers/common v0.48.1-0.20220624132904-722a80e139ec +# github.com/containers/common v0.48.1-0.20220630172158-178929cf063e ## explicit github.com/containers/common/libimage github.com/containers/common/libimage/define @@ -645,7 +645,7 @@ github.com/spf13/cobra github.com/spf13/pflag # github.com/stefanberger/go-pkcs11uri v0.0.0-20201008174630-78d3cae3a980 github.com/stefanberger/go-pkcs11uri -# github.com/stretchr/testify v1.7.5 +# github.com/stretchr/testify v1.8.0 ## explicit github.com/stretchr/testify/assert github.com/stretchr/testify/require |