diff options
31 files changed, 487 insertions, 124 deletions
diff --git a/.cirrus.yml b/.cirrus.yml index 87c135b78..af28b823b 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -269,36 +269,36 @@ varlink_api_task: failed_branch_script: '$CIRRUS_WORKING_DIR/$SCRIPT_BASE/notice_branch_failure.sh' -# build_each_commit_task: +build_each_commit_task: -# depends_on: -# - "gating" -# - "vendor" -# - "varlink_api" + depends_on: + - "gating" + - "vendor" + - "varlink_api" -# only_if: >- -# $CIRRUS_BRANCH != $DEST_BRANCH && -# $CIRRUS_CHANGE_MESSAGE !=~ '.*CI:IMG.*' && -# $CIRRUS_CHANGE_MESSAGE !=~ '.*CI:DOCS.*' + only_if: >- + $CIRRUS_BRANCH != $DEST_BRANCH && + $CIRRUS_CHANGE_MESSAGE !=~ '.*CI:IMG.*' && + $CIRRUS_CHANGE_MESSAGE !=~ '.*CI:DOCS.*' -# gce_instance: -# cpu: 8 -# memory: "8Gb" + gce_instance: + cpu: 8 + memory: "8Gb" -# env: -# MOD_CONTAINERS_CONF: 'false' + env: + MOD_CONTAINERS_CONF: 'false' -# timeout_in: 30m + timeout_in: 30m -# setup_environment_script: '$SCRIPT_BASE/setup_environment.sh |& ${TIMESTAMP}' -# build_each_commit_script: -# # set -x by default, no need to spew contents of lib.sh -# - 'source $SCRIPT_BASE/lib.sh &> /dev/null' -# - 'git fetch --depth 50 origin $DEST_BRANCH |& ${TIMESTAMP}' -# - 'make build-all-new-commits GIT_BASE_BRANCH=origin/$DEST_BRANCH |& ${TIMESTAMP}' + setup_environment_script: '$SCRIPT_BASE/setup_environment.sh |& ${TIMESTAMP}' + build_each_commit_script: + # set -x by default, no need to spew contents of lib.sh + - 'source $SCRIPT_BASE/lib.sh &> /dev/null' + - 'git fetch --depth 50 origin $DEST_BRANCH |& ${TIMESTAMP}' + - 'make build-all-new-commits GIT_BASE_BRANCH=origin/$DEST_BRANCH |& ${TIMESTAMP}' -# on_failure: -# failed_branch_script: '$CIRRUS_WORKING_DIR/$SCRIPT_BASE/notice_branch_failure.sh' + on_failure: + failed_branch_script: '$CIRRUS_WORKING_DIR/$SCRIPT_BASE/notice_branch_failure.sh' build_without_cgo_task: @@ -368,6 +368,7 @@ testing_task: - "gating" - "vendor" - "varlink_api" + - "build_each_commit" - "build_without_cgo" - "container_image_build" @@ -432,6 +433,7 @@ special_testing_rootless_task: - "gating" - "varlink_api" - "vendor" + - "build_each_commit" - "build_without_cgo" only_if: >- @@ -467,6 +469,7 @@ special_testing_in_podman_task: - "gating" - "varlink_api" - "vendor" + - "build_each_commit" - "build_without_cgo" only_if: >- @@ -697,6 +700,7 @@ success_task: - "gating" - "vendor" - "varlink_api" + - "build_each_commit" - "build_without_cgo" - "container_image_build" - "meta" diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md index b5eea154e..814cfe4cd 100644 --- a/RELEASE_NOTES.md +++ b/RELEASE_NOTES.md @@ -1,5 +1,12 @@ # Release Notes +## 2.0.6 +### Bugfixes +- Fixed a bug where running systemd in a container on a cgroups v1 system would fail. + +### Misc +- Updated the containers/common library to v0.14.10 + ## 2.0.5 ### Features - Rootless Podman will now add an entry to `/etc/passwd` for the user who ran Podman if run with `--userns=keep-id`. @@ -39,6 +46,8 @@ - Fixed a bug where the `podman generate systemd --new` command could incorrectly quote arguments to Podman that contained whitespace, leading to nonfunctional unit files ([#7285](https://github.com/containers/podman/issues/7285)). - Fixed a bug where the `podman version` command did not properly include build time and Git commit. - Fixed a bug where running systemd in a Podman container on a system that did not use the `systemd` cgroup manager would fail ([#6734](https://github.com/containers/podman/issues/6734)). +- Fixed a bug where capabilities from `--cap-add` were not properly added when a container was started as a non-root user via `--user`. +- Fixed a bug where Pod infra containers were not properly cleaned up when they stopped, causing networking issues ([#7103](https://github.com/containers/podman/issues/7103)). ### API - Fixed a bug where the libpod and compat Build endpoints did not accept the `application/tar` content type (instead only accepting `application/x-tar`) ([#7185](https://github.com/containers/podman/issues/7185)). diff --git a/changelog.txt b/changelog.txt index b44dfffcb..9dd24a8c6 100644 --- a/changelog.txt +++ b/changelog.txt @@ -1,3 +1,95 @@ +- Changelog for v2.0.6-rc1 (2020-08-28): + * Update release notes for v2.0.6 + * Bump c/common to v0.14.10 and c/conmon to v2.0.20 + * [CI:DOCS] Update podman-remote docs + * [CI:DOCS] Making docs build on mac + * abi: trim init command + * podman-remote fixes for msi and client + * Update c/storage to v1.20.3 + * Revert "HACK: Disable build-each-commit" + * Revert "HACK: Manually include c/storage #698" + * run test: use explicit uid/gid + +- Changelog for v2.0.5 (2020-08-24): + * HACK: Manually include c/storage #698 + * Final release notes update for v2.0.5. + * Clean up pods before returning from Pod Stop API call + * Ensure pod infra containers have an exit command + * error when adding container to pod with network information + * Vendor in containers/common v0.14.9 + * In podman 1.* regression on --cap-add + * fix pod creation with "new:" syntax followup + allow hostname + * Fix a Makefile issue + * Fix a system test failure + * Cleanup handling of podman mount/unmount + * Fix imports (podman -> libpod for v2.0 branch) + * Final set of updates to release notes + * Add support for --connection + * remove --latest for all remote commands + * Further release notes updates for v2.0.5 + * fix podman create/run UTS NS docs + * abi: fix detection for systemd + * fix podman version output to include git commit and builttime + * generate systemd: quote arguments with whitespace + * Unmount c/storage containers before removing them + * [WIP] Refactor podman system connection + * Fix `podman system connection` panic + * Revert "remove podman system connection" + * Bump github.com/containers/common to v0.14.7 + * Fix imports for runtime_img.go + * Fix one import path pointing to containers/podman + * HACK: Disable build-each-commit + * Ensure DefaultEnvVariables is used in Specgen + * Update release notes for v2.0.5 + * [CI:DOCS] BZ1860126 - Fix userns defaults in run man page + * Unconditionally retrieve pod names via API + * Default .Repository and .Tag values to <none> + * Error pass through for more accurate error reporting + * Fix handling of working dir + * Do not use image CMD if user gave ENTRYPOINT + * Ensure WORKDIR from images is created + * Allow specifying seccomp profiles for privileged containers + * Use set for systemd commands + * Enable systemd mode for /usr/local/sbin/init + * Replace deepcopy on history results + * Add parameter verification for api creation network + * add event for image build + * Change /sys/fs/cgroup/systemd mount to rprivate + * podman save use named pipe + * Fix hang when `path` doesn't exist + * podman.service: use sdnotiy + * podman support for IPv6 networks + * vendor c/image v5.5.2 + * Fix v2.0.x CI + * system tests: invoke with abs path to podman + * Make changes to /etc/passwd on disk for non-read only + * Add username to /etc/passwd inside of container if --userns keep-id + * Fix close fds of exec --preserve-fds + * fix pod creation with "new:" syntax + * Fix podman service --valink timeout + * Add versioned _ping endpoint + * Change recommended systemd unit path for root. + * API returns 500 in case network is not found instead of 404 + * podman.service: drop install section + * Handle podman-remote run --rm + * correct go-binding key for volumes + * cherry-pick: Reenable remote system tests + * system tests: new tests for run, exec + * implement the exitcode when start a container with attach + * Do not set host IP on ports when 0.0.0.0 requested + * Missing return after early exit + * docker-compose uses application/tar + * rootless: system service joins immediately the namespaces + * fix bug podman sign storage path + * podman-remote send name and tag + * Ensure that exec errors write exit codes to the DB + * fix podman logs --tail when log is bigger than pagesize + * image list: speed up + * generate systemd: fix error handling + * Publish IP from YAML (podman play kube) + * Add containers.conf default file for windows and MAC Installs + * Bump Buildah to v1.15.1 on v2.0 branch + - Changelog for v2.0.4 (2020-07-31): * Update release notes for v2.0.4 * Disable a nonfunctional build test diff --git a/cmd/podman/system/connection/add.go b/cmd/podman/system/connection/add.go index 77a2edf8a..14bd94d5a 100644 --- a/cmd/podman/system/connection/add.go +++ b/cmd/podman/system/connection/add.go @@ -124,6 +124,7 @@ func add(cmd *cobra.Command, args []string) error { cfg.Engine.ServiceDestinations = map[string]config.Destination{ args[0]: dst, } + cfg.Engine.ActiveService = args[0] } else { cfg.Engine.ServiceDestinations[args[0]] = dst } @@ -181,12 +182,20 @@ func getUDS(cmd *cobra.Command, uri *url.URL) (string, error) { authMethods = append(authMethods, ssh.PublicKeysCallback(a.Signers)) } - config := &ssh.ClientConfig{ + if len(authMethods) == 0 { + pass, err := terminal.ReadPassword(fmt.Sprintf("%s's login password:", uri.User.Username())) + if err != nil { + return "", err + } + authMethods = append(authMethods, ssh.Password(string(pass))) + } + + cfg := &ssh.ClientConfig{ User: uri.User.Username(), Auth: authMethods, HostKeyCallback: ssh.InsecureIgnoreHostKey(), } - dial, err := ssh.Dial("tcp", uri.Host, config) + dial, err := ssh.Dial("tcp", uri.Host, cfg) if err != nil { return "", errors.Wrapf(err, "failed to connect to %q", uri.Host) } diff --git a/contrib/msi/podman.wxs b/contrib/msi/podman.wxs index c2c2cea4f..ff8160a53 100644 --- a/contrib/msi/podman.wxs +++ b/contrib/msi/podman.wxs @@ -24,8 +24,7 @@ <CreateFolder/> </Component> <Component Id="MainExecutable" Guid="73752F94-6589-4C7B-ABED-39D655A19714"> - <File Id="520C6E17-77A2-4F41-9611-30FA763A0702" Name="podman-remote-windows.exe" Source="bin/podman-remote-windows.exe"/> - <File Id="A14218A0-4180-44AC-B109-7C63B3099DCA" Name="podman.bat" Source="podman.bat" KeyPath="yes"/> + <File Id="520C6E17-77A2-4F41-9611-30FA763A0702" Name="podman.exe" Source="bin/podman-remote-windows.exe" KeyPath="yes"/> </Component> </Directory> </Directory> @@ -33,7 +32,7 @@ </Directory> <Property Id="setx" Value="setx.exe"/> - <CustomAction Id="ChangePath" ExeCommand="PATH "%PATH%;[INSTALLDIR] "" Property="setx" Execute="deferred" Impersonate="yes" Return="check"/> + <CustomAction Id="ChangePath" ExeCommand="PATH "%PATH%;[INSTALLDIR]"" Property="setx" Execute="deferred" Impersonate="yes" Return="check"/> <Feature Id="Complete" Level="1"> <ComponentRef Id="INSTALLDIR_Component"/> diff --git a/contrib/spec/podman.spec.in b/contrib/spec/podman.spec.in index 787309f09..8414b70c9 100644 --- a/contrib/spec/podman.spec.in +++ b/contrib/spec/podman.spec.in @@ -42,7 +42,7 @@ Epoch: 99 %else Epoch: 0 %endif -Version: 2.0.5 +Version: 2.0.6 Release: #COMMITDATE#.git%{shortcommit0}%{?dist} Summary: Manage Pods, Containers and Container Images License: ASL 2.0 diff --git a/docs/remote-docs.sh b/docs/remote-docs.sh index 4774b94a3..4535616f0 100755 --- a/docs/remote-docs.sh +++ b/docs/remote-docs.sh @@ -11,21 +11,22 @@ function usage() { echo >&2 "$0 PLATFORM TARGET SOURCES..." echo >&2 "PLATFORM: Is either linux, darwin or windows." echo >&2 "TARGET: Is the directory where files will be staged. eg, docs/build/remote/linux" - echo >&2 "SOURCES: Are the directories of source files. eg, docs/markdown" + echo >&2 "SOURCES: Are the directories of source files. eg, docs/source/markdown" } function fail() { - echo >&2 -e "$@\n" - usage + echo >&2 -e "$(dirname $0): $@\n" exit 1 } case $PLATFORM in darwin|linux) PUBLISHER=man_fn + ext=1 ;; windows) PUBLISHER=html_fn + ext=1.md ;; -help) usage @@ -53,7 +54,7 @@ function man_fn() { local dir=$(dirname $page) if [[ ! -f $page ]]; then - page=$dir/links/${file%.*}.1 + page=$dir/links/${file%.*}.$ext fi install $page $TARGET/${file%%.*}.1 } @@ -71,6 +72,22 @@ function html_fn() { pandoc --ascii --lua-filter=docs/links-to-html.lua -o $TARGET/${file%%.*}.html $markdown } +# Run 'podman help' (possibly against a subcommand, e.g. 'podman help image') +# and return a list of each first word under 'Available Commands', that is, +# the command name but not its description. +function podman_commands() { + $PODMAN help "$@" |\ + awk '/^Available Commands:/{ok=1;next}/^Flags:/{ok=0}ok { print $1 }' |\ + grep . +} + +function podman_all_commands(){ + for cmd in $(podman_commands "$@") ; do + echo $@ $cmd + podman_all_commands $@ $cmd + done +} + ## pub_pages finds and publishes the remote manual pages function pub_pages() { local source=$1 @@ -79,12 +96,29 @@ function pub_pages() { $publisher $f done - for c in "container" "image" "pod" "volume" ""; do - local cmd=${c:+-$c} - for s in $($PODMAN $c --help | sed -n '/^Available Commands:/,/^Flags:/p' | sed -e '1d;$d' -e '/^$/d' | awk '{print $1}'); do - $publisher $(echo $source/podman$cmd-$s.*) - done - done + + while IFS= read -r cmd; do + file="podman-${cmd// /-}" + + # Source dir may have man (.1) files (linux/darwin) or .1.md (windows) + # but the links subdir will always be .1 (man) files + if [ -f $source/$file.$ext -o -f $source/links/$file.1 ]; then + $publisher $(echo $source/$file.$ext) + else + # This is worth failing CI for + fail "no doc file nor link $source/$file.$ext for 'podman $cmd'" + fi + done <<< "$(podman_all_commands)" +} + +## sed syntax is different on darwin and linux +## sed --help fails on mac, meaning we have to use mac syntax +function sed_os(){ + if sed --help > /dev/null 2>&1 ; then + $(sed -i "$@") + else + $(sed -i "" "$@") + fi } ## rename renames podman-remote.ext to podman.ext, and fixes up contents to reflect change @@ -94,14 +128,14 @@ function rename (){ local ext=${remote##*.} mv $remote $TARGET/podman.$ext - $(sed -i "s/podman\\\*-remote/podman/g" $TARGET/podman.$ext) - $(sed -i "s/A\ remote\ CLI\ for\ Podman\:\ //g" $TARGET/podman.$ext) + sed_os "s/podman\\\*-remote/podman/g" $TARGET/podman.$ext + sed_os "s/A\ remote\ CLI\ for\ Podman\:\ //g" $TARGET/podman.$ext case $PLATFORM in darwin|linux) - $(sed -i "s/Podman\\\*-remote/Podman\ for\ Mac/g" $TARGET/podman.$ext) + sed_os "s/Podman\\\*-remote/Podman\ for\ Mac/g" $TARGET/podman.$ext ;; windows) - $(sed -i "s/Podman\\\*-remote/Podman\ for\ Windows/g" $TARGET/podman.$ext) + sed_os "s/Podman\\\*-remote/Podman\ for\ Windows/g" $TARGET/podman.$ext ;; esac fi diff --git a/docs/source/markdown/podman-remote.1.md b/docs/source/markdown/podman-remote.1.md index 23ccaf0e6..3dcfae606 100644 --- a/docs/source/markdown/podman-remote.1.md +++ b/docs/source/markdown/podman-remote.1.md @@ -17,7 +17,9 @@ Podman uses Buildah(1) internally to create container images. Both tools share i (not container) storage, hence each can use or manipulate images (but not containers) created by the other. -Podman-remote provides a local client interacting with a Podman backend node through a RESTful API tunneled through a ssh connection. In this context, a Podman node is a Linux system with Podman installed on it and the API service activated. Credentials for this session can be passed in using flags, environment variables, or in `podman-remote.conf` +Podman-remote provides a local client interacting with a Podman backend node through a RESTful API tunneled through a ssh connection. In this context, a Podman node is a Linux system with Podman installed on it and the API service activated. Credentials for this session can be passed in using flags, environment variables, or in `containers.conf`. + +The `containers.conf` file should be placed under `$HOME/.config/containers/containers.conf` on Linux and Mac and `%APPDATA%\containers\containers.conf` on Windows. **podman [GLOBAL OPTIONS]** @@ -31,29 +33,19 @@ Remote connection name Print usage statement -**--log-level**=*level* - -Log messages above specified level: debug, info, warn, error (default), fatal or panic - -**--port**=*integer* - -Use an alternative port for the ssh connections. The default port is 22 +**--identity**=*path* -**--remote-config-path**=*path* +Path to ssh identity file. If the identity file has been encrypted, Podman prompts the user for the passphrase. +If no identity file is provided and no user is given, Podman defaults to the user running the podman command. +Podman prompts for the login password on the remote server. -Alternate path for configuration file - -**--remote-host**=*ip* - -Remote host IP - -**--syslog** +**--log-level**=*level* -Output logging information to syslog as well as the console +Log messages above specified level: debug, info, warn, error (default), fatal or panic -**--username**=*string* +**--url**=*value* -Username on the remote host (defaults to current username) +URL to access Podman service (default from `containers.conf`, rootless "unix://run/user/$UID/podman/podman.sock" or as root "unix://run/podman/podman.sock). **--version** @@ -11,11 +11,11 @@ require ( github.com/containernetworking/cni v0.7.2-0.20200304161608-4fae32b84921 github.com/containernetworking/plugins v0.8.6 github.com/containers/buildah v1.15.1 - github.com/containers/common v0.14.9 - github.com/containers/conmon v2.0.18+incompatible + github.com/containers/common v0.14.10 + github.com/containers/conmon v2.0.20+incompatible github.com/containers/image/v5 v5.5.2 github.com/containers/psgo v1.5.1 - github.com/containers/storage v1.20.2 + github.com/containers/storage v1.20.3 github.com/coreos/go-systemd/v22 v22.1.0 github.com/cri-o/ocicni v0.2.0 github.com/cyphar/filepath-securejoin v0.2.2 @@ -70,10 +70,10 @@ github.com/containers/buildah v1.15.1 h1:fVYZedNKir1B7qW43KR3zmkjHH+ZAmPoPQix9zH github.com/containers/buildah v1.15.1/go.mod h1:AQPeirYl0bqtXuJaxM9d/xslMm+1qrABc73AEFw0M9U= github.com/containers/common v0.14.0 h1:hiZFDPf6ajKiDmojN5f5X3gboKPO73NLrYb0RXfrQiA= github.com/containers/common v0.14.0/go.mod h1:9olhlE+WhYof1npnMJdyRMX14/yIUint6zyHzcyRVAg= -github.com/containers/common v0.14.9 h1:P8WH2O2W7y796NCJHiwecF5bjOFAVr30stVGAAHtcJA= -github.com/containers/common v0.14.9/go.mod h1:9olhlE+WhYof1npnMJdyRMX14/yIUint6zyHzcyRVAg= -github.com/containers/conmon v2.0.18+incompatible h1:rjwjNnE756NuXcdE/uUmj4kDbrykslPuBMHI31wh43E= -github.com/containers/conmon v2.0.18+incompatible/go.mod h1:hgwZ2mtuDrppv78a/cOBNiCm6O0UMWGx1mu7P00nu5I= +github.com/containers/common v0.14.10 h1:tSCwAnTFt3Q0tH29YK0ia6dOOzKVTdlPjQG4bza3Dn0= +github.com/containers/common v0.14.10/go.mod h1:9olhlE+WhYof1npnMJdyRMX14/yIUint6zyHzcyRVAg= +github.com/containers/conmon v2.0.20+incompatible h1:YbCVSFSCqFjjVwHTPINGdMX1F6JXHGTUje2ZYobNrkg= +github.com/containers/conmon v2.0.20+incompatible/go.mod h1:hgwZ2mtuDrppv78a/cOBNiCm6O0UMWGx1mu7P00nu5I= github.com/containers/image/v5 v5.4.4/go.mod h1:g7cxNXitiLi6pEr9/L9n/0wfazRuhDKXU15kV86N8h8= github.com/containers/image/v5 v5.5.1 h1:h1FCOXH6Ux9/p/E4rndsQOC4yAdRU0msRTfLVeQ7FDQ= github.com/containers/image/v5 v5.5.1/go.mod h1:4PyNYR0nwlGq/ybVJD9hWlhmIsNra4Q8uOQX2s6E2uM= @@ -88,6 +88,8 @@ github.com/containers/psgo v1.5.1/go.mod h1:2ubh0SsreMZjSXW1Hif58JrEcFudQyIy9EzP github.com/containers/storage v1.19.1/go.mod h1:KbXjSwKnx17ejOsjFcCXSf78mCgZkQSLPBNTMRc3XrQ= github.com/containers/storage v1.20.2 h1:tw/uKRPDnmVrluIzer3dawTFG/bTJLP8IEUyHFhltYk= github.com/containers/storage v1.20.2/go.mod h1:oOB9Ie8OVPojvoaKWEGSEtHbXUAs+tSyr7RO7ZGteMc= +github.com/containers/storage v1.20.3 h1:OB2Vo4SidUGgfSCPyBMskkXEtE5Wqxy5k5cdyezQUpw= +github.com/containers/storage v1.20.3/go.mod h1:L21V7HElfNsMeMdif5JdxtCvzS8LKKhv4movqpFbiOk= github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= github.com/coreos/go-iptables v0.4.5 h1:DpHb9vJrZQEFMcVLFKAAGMUVX0XoRC0ptCthinRYm38= diff --git a/libpod/define/errors.go b/libpod/define/errors.go index 5cadce396..e27626fcc 100644 --- a/libpod/define/errors.go +++ b/libpod/define/errors.go @@ -160,4 +160,8 @@ var ( // ErrImageInUse indicates the requested operation failed because the image was in use ErrImageInUse = errors.New("image is being used") + + // ErrNetworkOnPodContainer indicates the user wishes to alter network attributes on a container + // in a pod. This cannot be done as the infra container has all the network information + ErrNetworkOnPodContainer = errors.New("network cannot be configured when it is shared with a pod") ) diff --git a/libpod/options.go b/libpod/options.go index a4e4b99e9..45775e73b 100644 --- a/libpod/options.go +++ b/libpod/options.go @@ -2036,3 +2036,23 @@ func WithPodHostNetwork() PodCreateOption { return nil } } + +// WithPodInfraExitCommand sets an exit command for the pod's infra container. +// Semantics are identical to WithExitCommand() above - the ID of the container +// will be appended to the end of the provided command (note that this will +// specifically be the ID of the infra container *and not the pod's id*. +func WithPodInfraExitCommand(exitCmd []string) PodCreateOption { + return func(pod *Pod) error { + if pod.valid { + return define.ErrPodFinalized + } + + if !pod.config.InfraContainer.HasInfraContainer { + return errors.Wrapf(define.ErrInvalidArg, "cannot configure pod infra container exit command as no infra container is being created") + } + + pod.config.InfraContainer.ExitCommand = exitCmd + + return nil + } +} diff --git a/libpod/pod.go b/libpod/pod.go index 00ba5d53c..4ce66b751 100644 --- a/libpod/pod.go +++ b/libpod/pod.go @@ -81,7 +81,15 @@ type podState struct { InfraContainerID string } -// InfraContainerConfig is the configuration for the pod's infra container +// InfraContainerConfig is the configuration for the pod's infra container. +// Generally speaking, these are equivalent to container configuration options +// you will find in container_config.go (and even named identically), save for +// HasInfraContainer (which determines if an infra container is even created - +// if it is false, no other options in this struct will be used) and HostNetwork +// (this involves the created OCI spec, and as such is not represented directly +// in container_config.go). +// Generally speaking, aside from those two exceptions, these options will set +// the equivalent field in the container's configuration. type InfraContainerConfig struct { ConmonPidFile string `json:"conmonPidFile"` HasInfraContainer bool `json:"makeInfraContainer"` @@ -96,6 +104,7 @@ type InfraContainerConfig struct { UseImageHosts bool `json:"useImageHosts,omitempty"` HostAdd []string `json:"hostsAdd,omitempty"` Networks []string `json:"networks,omitempty"` + ExitCommand []string `json:"exitCommand,omitempty"` } // ID retrieves the pod's ID diff --git a/libpod/pod_api.go b/libpod/pod_api.go index f2ef81bec..3316b3b31 100644 --- a/libpod/pod_api.go +++ b/libpod/pod_api.go @@ -11,20 +11,20 @@ import ( "github.com/sirupsen/logrus" ) -// Start starts all containers within a pod -// It combines the effects of Init() and Start() on a container +// Start starts all containers within a pod. +// It combines the effects of Init() and Start() on a container. // If a container has already been initialized it will be started, // otherwise it will be initialized then started. // Containers that are already running or have been paused are ignored // All containers are started independently, in order dictated by their // dependencies. -// An error and a map[string]error are returned +// An error and a map[string]error are returned. // If the error is not nil and the map is nil, an error was encountered before -// any containers were started +// any containers were started. // If map is not nil, an error was encountered when starting one or more // containers. The container ID is mapped to the error encountered. The error is -// set to ErrCtrExists -// If both error and the map are nil, all containers were started successfully +// set to ErrPodPartialFail. +// If both error and the map are nil, all containers were started successfully. func (p *Pod) Start(ctx context.Context) (map[string]error, error) { p.lock.Lock() defer p.lock.Unlock() @@ -72,20 +72,20 @@ func (p *Pod) Stop(ctx context.Context, cleanup bool) (map[string]error, error) } // StopWithTimeout stops all containers within a pod that are not already stopped -// Each container will use its own stop timeout +// Each container will use its own stop timeout. // Only running containers will be stopped. Paused, stopped, or created // containers will be ignored. // If cleanup is true, mounts and network namespaces will be cleaned up after // the container is stopped. // All containers are stopped independently. An error stopping one container // will not prevent other containers being stopped. -// An error and a map[string]error are returned +// An error and a map[string]error are returned. // If the error is not nil and the map is nil, an error was encountered before -// any containers were stopped +// any containers were stopped. // If map is not nil, an error was encountered when stopping one or more // containers. The container ID is mapped to the error encountered. The error is -// set to ErrCtrExists -// If both error and the map are nil, all containers were stopped without error +// set to ErrPodPartialFail. +// If both error and the map are nil, all containers were stopped without error. func (p *Pod) StopWithTimeout(ctx context.Context, cleanup bool, timeout int) (map[string]error, error) { p.lock.Lock() defer p.lock.Unlock() @@ -138,10 +138,82 @@ func (p *Pod) StopWithTimeout(ctx context.Context, cleanup bool, timeout int) (m ctr.lock.Unlock() } + p.newPodEvent(events.Stop) + if len(ctrErrors) > 0 { return ctrErrors, errors.Wrapf(define.ErrPodPartialFail, "error stopping some containers") } - defer p.newPodEvent(events.Stop) + return nil, nil +} + +// Cleanup cleans up all containers within a pod that have stopped. +// All containers are cleaned up independently. An error with one container will +// not prevent other containers being cleaned up. +// An error and a map[string]error are returned. +// If the error is not nil and the map is nil, an error was encountered before +// any containers were cleaned up. +// If map is not nil, an error was encountered when working on one or more +// containers. The container ID is mapped to the error encountered. The error is +// set to ErrPodPartialFail. +// If both error and the map are nil, all containers were paused without error +func (p *Pod) Cleanup(ctx context.Context) (map[string]error, error) { + p.lock.Lock() + defer p.lock.Unlock() + + if !p.valid { + return nil, define.ErrPodRemoved + } + + allCtrs, err := p.runtime.state.PodContainers(p) + if err != nil { + return nil, err + } + + ctrErrors := make(map[string]error) + + // Clean up all containers + for _, ctr := range allCtrs { + ctr.lock.Lock() + + if err := ctr.syncContainer(); err != nil { + ctr.lock.Unlock() + ctrErrors[ctr.ID()] = err + continue + } + + // Ignore containers that are running/paused + if !ctr.ensureState(define.ContainerStateConfigured, define.ContainerStateCreated, define.ContainerStateStopped, define.ContainerStateExited) { + ctr.lock.Unlock() + continue + } + + // Check for running exec sessions, ignore containers with them. + sessions, err := ctr.getActiveExecSessions() + if err != nil { + ctr.lock.Unlock() + ctrErrors[ctr.ID()] = err + continue + } + if len(sessions) > 0 { + ctr.lock.Unlock() + continue + } + + // TODO: Should we handle restart policy here? + + ctr.newContainerEvent(events.Cleanup) + + if err := ctr.cleanup(ctx); err != nil { + ctrErrors[ctr.ID()] = err + } + + ctr.lock.Unlock() + } + + if len(ctrErrors) > 0 { + return ctrErrors, errors.Wrapf(define.ErrPodPartialFail, "error cleaning up some containers") + } + return nil, nil } @@ -150,12 +222,12 @@ func (p *Pod) StopWithTimeout(ctx context.Context, cleanup bool, timeout int) (m // containers will be ignored. // All containers are paused independently. An error pausing one container // will not prevent other containers being paused. -// An error and a map[string]error are returned +// An error and a map[string]error are returned. // If the error is not nil and the map is nil, an error was encountered before -// any containers were paused +// any containers were paused. // If map is not nil, an error was encountered when pausing one or more // containers. The container ID is mapped to the error encountered. The error is -// set to ErrCtrExists +// set to ErrPodPartialFail. // If both error and the map are nil, all containers were paused without error func (p *Pod) Pause() (map[string]error, error) { p.lock.Lock() @@ -219,13 +291,13 @@ func (p *Pod) Pause() (map[string]error, error) { // containers will be ignored. // All containers are unpaused independently. An error unpausing one container // will not prevent other containers being unpaused. -// An error and a map[string]error are returned +// An error and a map[string]error are returned. // If the error is not nil and the map is nil, an error was encountered before -// any containers were unpaused +// any containers were unpaused. // If map is not nil, an error was encountered when unpausing one or more // containers. The container ID is mapped to the error encountered. The error is -// set to ErrCtrExists -// If both error and the map are nil, all containers were unpaused without error +// set to ErrPodPartialFail. +// If both error and the map are nil, all containers were unpaused without error. func (p *Pod) Unpause() (map[string]error, error) { p.lock.Lock() defer p.lock.Unlock() @@ -280,13 +352,13 @@ func (p *Pod) Unpause() (map[string]error, error) { // All containers are started independently, in order dictated by their // dependencies. An error restarting one container // will not prevent other containers being restarted. -// An error and a map[string]error are returned +// An error and a map[string]error are returned. // If the error is not nil and the map is nil, an error was encountered before -// any containers were restarted +// any containers were restarted. // If map is not nil, an error was encountered when restarting one or more // containers. The container ID is mapped to the error encountered. The error is -// set to ErrCtrExists -// If both error and the map are nil, all containers were restarted without error +// set to ErrPodPartialFail. +// If both error and the map are nil, all containers were restarted without error. func (p *Pod) Restart(ctx context.Context) (map[string]error, error) { p.lock.Lock() defer p.lock.Unlock() @@ -328,17 +400,17 @@ func (p *Pod) Restart(ctx context.Context) (map[string]error, error) { return nil, nil } -// Kill sends a signal to all running containers within a pod +// Kill sends a signal to all running containers within a pod. // Signals will only be sent to running containers. Containers that are not // running will be ignored. All signals are sent independently, and sending will // continue even if some containers encounter errors. -// An error and a map[string]error are returned +// An error and a map[string]error are returned. // If the error is not nil and the map is nil, an error was encountered before -// any containers were signalled +// any containers were signalled. // If map is not nil, an error was encountered when signalling one or more // containers. The container ID is mapped to the error encountered. The error is -// set to ErrCtrExists -// If both error and the map are nil, all containers were signalled successfully +// set to ErrPodPartialFail. +// If both error and the map are nil, all containers were signalled successfully. func (p *Pod) Kill(signal uint) (map[string]error, error) { p.lock.Lock() defer p.lock.Unlock() @@ -393,8 +465,8 @@ func (p *Pod) Kill(signal uint) (map[string]error, error) { return nil, nil } -// Status gets the status of all containers in the pod -// Returns a map of Container ID to Container Status +// Status gets the status of all containers in the pod. +// Returns a map of Container ID to Container Status. func (p *Pod) Status() (map[string]define.ContainerStatus, error) { p.lock.Lock() defer p.lock.Unlock() @@ -430,7 +502,7 @@ func containerStatusFromContainers(allCtrs []*Container) (map[string]define.Cont return status, nil } -// Inspect returns a PodInspect struct to describe the pod +// Inspect returns a PodInspect struct to describe the pod. func (p *Pod) Inspect() (*define.InspectPodData, error) { p.lock.Lock() defer p.lock.Unlock() diff --git a/libpod/runtime_pod_infra_linux.go b/libpod/runtime_pod_infra_linux.go index 24802f89e..faa627ff1 100644 --- a/libpod/runtime_pod_infra_linux.go +++ b/libpod/runtime_pod_infra_linux.go @@ -83,6 +83,9 @@ func (r *Runtime) makeInfraContainer(ctx context.Context, p *Pod, imgName, rawIm return nil, errors.Wrapf(err, "error removing network namespace from pod %s infra container", p.ID()) } + // For each option in InfraContainerConfig - if set, pass into + // the infra container we're creating with the appropriate + // With... option. if p.config.InfraContainer.StaticIP != nil { options = append(options, WithStaticIP(p.config.InfraContainer.StaticIP)) } @@ -107,6 +110,9 @@ func (r *Runtime) makeInfraContainer(ctx context.Context, p *Pod, imgName, rawIm if len(p.config.InfraContainer.HostAdd) > 0 { options = append(options, WithHosts(p.config.InfraContainer.HostAdd)) } + if len(p.config.InfraContainer.ExitCommand) > 0 { + options = append(options, WithExitCommand(p.config.InfraContainer.ExitCommand)) + } } g.SetRootReadonly(true) diff --git a/pkg/api/handlers/libpod/pods.go b/pkg/api/handlers/libpod/pods.go index dee5a7d33..7e3f00472 100644 --- a/pkg/api/handlers/libpod/pods.go +++ b/pkg/api/handlers/libpod/pods.go @@ -123,10 +123,17 @@ func PodStop(w http.ResponseWriter, r *http.Request) { } else { responses, stopError = pod.Stop(r.Context(), false) } - if stopError != nil { + if stopError != nil && errors.Cause(stopError) != define.ErrPodPartialFail { utils.Error(w, "Something went wrong", http.StatusInternalServerError, err) return } + // Try to clean up the pod - but only warn on failure, it's nonfatal. + if cleanupCtrs, cleanupErr := pod.Cleanup(r.Context()); cleanupErr != nil { + logrus.Errorf("Error cleaning up pod %s: %v", pod.ID(), cleanupErr) + for id, err := range cleanupCtrs { + logrus.Errorf("Error cleaning up pod %s container %s: %v", pod.ID(), id, err) + } + } var errs []error //nolint for _, err := range responses { errs = append(errs, err) diff --git a/pkg/bindings/connection.go b/pkg/bindings/connection.go index 4fed48237..ea659ad94 100644 --- a/pkg/bindings/connection.go +++ b/pkg/bindings/connection.go @@ -180,8 +180,9 @@ func pingNewConnection(ctx context.Context) error { } func sshClient(_url *url.URL, secure bool, passPhrase string, identity string) (Connection, error) { + // if you modify the authmethods or their conditionals, you will also need to make similar + // changes in the client (currently cmd/podman/system/connection/add getUDS). authMethods := []ssh.AuthMethod{} - if len(identity) > 0 { auth, err := terminal.PublicKey(identity, []byte(passPhrase)) if err != nil { @@ -205,6 +206,13 @@ func sshClient(_url *url.URL, secure bool, passPhrase string, identity string) ( if pw, found := _url.User.Password(); found { authMethods = append(authMethods, ssh.Password(pw)) } + if len(authMethods) == 0 { + pass, err := terminal.ReadPassword("Login password:") + if err != nil { + return Connection{}, err + } + authMethods = append(authMethods, ssh.Password(string(pass))) + } callback := ssh.InsecureIgnoreHostKey() if secure { diff --git a/pkg/bindings/test/pods_test.go b/pkg/bindings/test/pods_test.go index 2ad6f38c1..65336f1f1 100644 --- a/pkg/bindings/test/pods_test.go +++ b/pkg/bindings/test/pods_test.go @@ -244,7 +244,7 @@ var _ = Describe("Podman pods", func() { Expect(response.State).To(Equal(define.PodStateExited)) for _, i := range response.Containers { Expect(define.StringToContainerStatus(i.State)). - To(Equal(define.ContainerStateStopped)) + To(Equal(define.ContainerStateExited)) } // Stop an already stopped pod @@ -309,7 +309,7 @@ var _ = Describe("Podman pods", func() { Expect(response.State).To(Equal(define.PodStateExited)) for _, i := range response.Containers { Expect(define.StringToContainerStatus(i.State)). - To(Equal(define.ContainerStateStopped)) + To(Equal(define.ContainerStateExited)) } _, err = pods.Stop(bt.conn, newpod2, nil) Expect(err).To(BeNil()) @@ -318,7 +318,7 @@ var _ = Describe("Podman pods", func() { Expect(response.State).To(Equal(define.PodStateExited)) for _, i := range response.Containers { Expect(define.StringToContainerStatus(i.State)). - To(Equal(define.ContainerStateStopped)) + To(Equal(define.ContainerStateExited)) } _, err = pods.Prune(bt.conn) Expect(err).To(BeNil()) diff --git a/pkg/domain/infra/abi/system.go b/pkg/domain/infra/abi/system.go index 043dfe49e..4f95588a9 100644 --- a/pkg/domain/infra/abi/system.go +++ b/pkg/domain/infra/abi/system.go @@ -8,6 +8,7 @@ import ( "os/exec" "path/filepath" "strconv" + "strings" "github.com/containers/common/pkg/config" "github.com/containers/libpod/v2/libpod/define" @@ -73,7 +74,7 @@ func (ic *ContainerEngine) SetupRootless(_ context.Context, cmd *cobra.Command) initCommand, err := ioutil.ReadFile("/proc/1/comm") // On errors, default to systemd - runsUnderSystemd := err != nil || string(initCommand) == "systemd" + runsUnderSystemd := err != nil || strings.TrimRight(string(initCommand), "\n") == "systemd" unitName := fmt.Sprintf("podman-%d.scope", os.Getpid()) if runsUnderSystemd || conf.Engine.CgroupManager == config.SystemdCgroupsManager { diff --git a/pkg/specgen/container_validate.go b/pkg/specgen/container_validate.go index 4dd2ab0b3..c4449ba3a 100644 --- a/pkg/specgen/container_validate.go +++ b/pkg/specgen/container_validate.go @@ -3,6 +3,7 @@ package specgen import ( "strings" + "github.com/containers/libpod/v2/libpod/define" "github.com/containers/libpod/v2/pkg/rootless" "github.com/containers/libpod/v2/pkg/util" "github.com/pkg/errors" @@ -34,6 +35,23 @@ func (s *SpecGenerator) Validate() error { } } + // Containers being added to a pod cannot have certain network attributes + // associated with them because those should be on the infra container. + if len(s.Pod) > 0 && s.NetNS.NSMode == FromPod { + if s.StaticIP != nil || s.StaticIPv6 != nil { + return errors.Wrap(define.ErrNetworkOnPodContainer, "static ip addresses must be defined when the pod is created") + } + if s.StaticMAC != nil { + return errors.Wrap(define.ErrNetworkOnPodContainer, "MAC addresses must be defined when the pod is created") + } + if len(s.CNINetworks) > 0 { + return errors.Wrap(define.ErrNetworkOnPodContainer, "networks must be defined when the pod is created") + } + if len(s.PortMappings) > 0 || s.PublishExposedPorts { + return errors.Wrap(define.ErrNetworkOnPodContainer, "published or exposed ports must be defined when the pod is created") + } + } + // // ContainerBasicConfig // diff --git a/pkg/specgen/generate/pod_create.go b/pkg/specgen/generate/pod_create.go index 4fe1b6435..09972da4a 100644 --- a/pkg/specgen/generate/pod_create.go +++ b/pkg/specgen/generate/pod_create.go @@ -13,14 +13,14 @@ func MakePod(p *specgen.PodSpecGenerator, rt *libpod.Runtime) (*libpod.Pod, erro if err := p.Validate(); err != nil { return nil, err } - options, err := createPodOptions(p) + options, err := createPodOptions(p, rt) if err != nil { return nil, err } return rt.NewPod(context.Background(), options...) } -func createPodOptions(p *specgen.PodSpecGenerator) ([]libpod.PodCreateOption, error) { +func createPodOptions(p *specgen.PodSpecGenerator, rt *libpod.Runtime) ([]libpod.PodCreateOption, error) { var ( options []libpod.PodCreateOption ) @@ -31,6 +31,18 @@ func createPodOptions(p *specgen.PodSpecGenerator) ([]libpod.PodCreateOption, er return nil, err } options = append(options, nsOptions...) + + // Make our exit command + storageConfig := rt.StorageConfig() + runtimeConfig, err := rt.GetConfig() + if err != nil { + return nil, err + } + exitCommand, err := CreateExitCommandArgs(storageConfig, runtimeConfig, logrus.IsLevelEnabled(logrus.DebugLevel), false, false) + if err != nil { + return nil, errors.Wrapf(err, "error creating infra container exit command") + } + options = append(options, libpod.WithPodInfraExitCommand(exitCommand)) } if len(p.CgroupParent) > 0 { options = append(options, libpod.WithPodCgroupParent(p.CgroupParent)) diff --git a/test/e2e/create_test.go b/test/e2e/create_test.go index 5f96f96b1..9fce1aa67 100644 --- a/test/e2e/create_test.go +++ b/test/e2e/create_test.go @@ -471,4 +471,65 @@ var _ = Describe("Podman create", func() { Expect(len(data)).To(Equal(1)) Expect(data[0].Config.StopSignal).To(Equal(uint(15))) }) + + It("create container in pod with IP should fail", func() { + SkipIfRootless() + name := "createwithstaticip" + pod := podmanTest.RunTopContainerInPod("", "new:"+name) + pod.WaitWithDefaultTimeout() + Expect(pod.ExitCode()).To(BeZero()) + + session := podmanTest.Podman([]string{"create", "--pod", name, "--ip", "192.168.1.2", ALPINE, "top"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).ToNot(BeZero()) + }) + + It("create container in pod with mac should fail", func() { + SkipIfRootless() + name := "createwithstaticmac" + pod := podmanTest.RunTopContainerInPod("", "new:"+name) + pod.WaitWithDefaultTimeout() + Expect(pod.ExitCode()).To(BeZero()) + + session := podmanTest.Podman([]string{"create", "--pod", name, "--mac-address", "52:54:00:6d:2f:82", ALPINE, "top"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).ToNot(BeZero()) + }) + + It("create container in pod with network should fail", func() { + SkipIfRootless() + name := "createwithnetwork" + pod := podmanTest.RunTopContainerInPod("", "new:"+name) + pod.WaitWithDefaultTimeout() + Expect(pod.ExitCode()).To(BeZero()) + + session := podmanTest.Podman([]string{"create", "--pod", name, "--network", "foobar", ALPINE, "top"}) + session.WaitWithDefaultTimeout() + //Expect(session.ExitCode()).ToNot(BeZero()) + Expect(session.ExitCode()).To(BeZero()) + }) + + It("create container in pod with ports should fail", func() { + SkipIfRootless() + name := "createwithports" + pod := podmanTest.RunTopContainerInPod("", "new:"+name) + pod.WaitWithDefaultTimeout() + Expect(pod.ExitCode()).To(BeZero()) + + session := podmanTest.Podman([]string{"create", "--pod", name, "-p", "80:80", ALPINE, "top"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).ToNot(BeZero()) + }) + + It("create container in pod ppublish ports should fail", func() { + SkipIfRootless() + name := "createwithpublishports" + pod := podmanTest.RunTopContainerInPod("", "new:"+name) + pod.WaitWithDefaultTimeout() + Expect(pod.ExitCode()).To(BeZero()) + + session := podmanTest.Podman([]string{"create", "--pod", name, "-P", ALPINE, "top"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).ToNot(BeZero()) + }) }) diff --git a/test/system/030-run.bats b/test/system/030-run.bats index 12c82bc4c..5e0ab3d6a 100644 --- a/test/system/030-run.bats +++ b/test/system/030-run.bats @@ -286,10 +286,10 @@ echo $rand | 0 | $rand cid="$output" gecos="$(random_string 6) $(random_string 8)" - run_podman exec --user root $cid adduser -D -g "$gecos" -s /bin/sh newuser3 + run_podman exec --user root $cid adduser -u 4242 -G ping -D -g "$gecos" -s /bin/sh newuser3 is "$output" "" "output from adduser" run_podman exec $cid tail -1 /etc/passwd - is "$output" "newuser3:x:1000:1000:$gecos:/home/newuser3:/bin/sh" \ + is "$output" "newuser3:x:4242:999:$gecos:/home/newuser3:/bin/sh" \ "newuser3 added to /etc/passwd in container" run_podman exec $cid touch /stop diff --git a/vendor/github.com/containers/common/pkg/config/config_windows.go b/vendor/github.com/containers/common/pkg/config/config_windows.go index 7dbd665bb..1c9806e6b 100644 --- a/vendor/github.com/containers/common/pkg/config/config_windows.go +++ b/vendor/github.com/containers/common/pkg/config/config_windows.go @@ -6,5 +6,5 @@ func customConfigFile() (string, error) { if path, found := os.LookupEnv("CONTAINERS_CONF"); found { return path, nil } - return os.Getenv("LOCALAPPDATA"), nil + return os.Getenv("APPDATA") + "\\containers\\containers.conf", nil } diff --git a/vendor/github.com/containers/common/version/version.go b/vendor/github.com/containers/common/version/version.go index 39ff43d9a..8afce9816 100644 --- a/vendor/github.com/containers/common/version/version.go +++ b/vendor/github.com/containers/common/version/version.go @@ -1,4 +1,4 @@ package version // Version is the version of the build. -const Version = "0.14.9" +const Version = "0.14.10" diff --git a/vendor/github.com/containers/storage/VERSION b/vendor/github.com/containers/storage/VERSION index 769e37e15..f5b00dc26 100644 --- a/vendor/github.com/containers/storage/VERSION +++ b/vendor/github.com/containers/storage/VERSION @@ -1 +1 @@ -1.20.2 +1.20.3 diff --git a/vendor/github.com/containers/storage/drivers/counter.go b/vendor/github.com/containers/storage/drivers/counter.go index 72551a38d..3fc45495b 100644 --- a/vendor/github.com/containers/storage/drivers/counter.go +++ b/vendor/github.com/containers/storage/drivers/counter.go @@ -51,6 +51,10 @@ func (c *RefCounter) incdec(path string, infoOp func(minfo *minfo)) int { if c.checker.IsMounted(path) { m.count++ } + } else if !c.checker.IsMounted(path) { + // if the unmount was performed outside of this process (e.g. conmon cleanup) + //the ref counter would lose track of it. Check if it is still mounted. + m.count = 0 } infoOp(m) count := m.count diff --git a/vendor/github.com/containers/storage/go.mod b/vendor/github.com/containers/storage/go.mod index 01ac1827b..2480cae44 100644 --- a/vendor/github.com/containers/storage/go.mod +++ b/vendor/github.com/containers/storage/go.mod @@ -6,7 +6,7 @@ require ( github.com/Microsoft/hcsshim v0.8.9 github.com/docker/go-units v0.4.0 github.com/hashicorp/go-multierror v1.0.0 - github.com/klauspost/compress v1.10.7 + github.com/klauspost/compress v1.10.8 github.com/klauspost/pgzip v1.2.4 github.com/mattn/go-shellwords v1.0.10 github.com/mistifyio/go-zfs v2.1.1+incompatible @@ -17,7 +17,7 @@ require ( github.com/pkg/errors v0.9.1 github.com/pquerna/ffjson v0.0.0-20181028064349-e517b90714f7 github.com/sirupsen/logrus v1.6.0 - github.com/stretchr/testify v1.6.0 + github.com/stretchr/testify v1.6.1 github.com/syndtr/gocapability v0.0.0-20180916011248-d98352740cb2 github.com/tchap/go-patricia v2.3.0+incompatible github.com/vbatts/tar-split v0.11.1 diff --git a/vendor/github.com/containers/storage/go.sum b/vendor/github.com/containers/storage/go.sum index 2b5a279c6..123c835c8 100644 --- a/vendor/github.com/containers/storage/go.sum +++ b/vendor/github.com/containers/storage/go.sum @@ -46,8 +46,8 @@ github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q= github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/klauspost/compress v1.10.7 h1:7rix8v8GpI3ZBb0nSozFRgbtXKv+hOe+qfEpZqybrAg= -github.com/klauspost/compress v1.10.7/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= +github.com/klauspost/compress v1.10.8 h1:eLeJ3dr/Y9+XRfJT4l+8ZjmtB5RPJhucH2HeCV5+IZY= +github.com/klauspost/compress v1.10.8/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= github.com/klauspost/pgzip v1.2.4 h1:TQ7CNpYKovDOmqzRHKxJh0BeaBI7UdQZYc6p7pMQh1A= github.com/klauspost/pgzip v1.2.4/go.mod h1:Ch1tH69qFZu15pkjo5kYi6mth2Zzwzt50oCQKQE9RUs= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= @@ -89,8 +89,8 @@ github.com/stretchr/objx v0.1.1 h1:2vfRuCMp5sSVIDSqO8oNnWJq7mPa6KVP3iPIwFBuy8A= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= -github.com/stretchr/testify v1.6.0 h1:jlIyCplCJFULU/01vCkhKuTyc3OorI3bJFuw6obfgho= -github.com/stretchr/testify v1.6.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.6.1 h1:hDPOHmpOpP40lSULcqw7IrRb/u7w6RpDC9399XyoNd0= +github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/syndtr/gocapability v0.0.0-20180916011248-d98352740cb2 h1:b6uOv7YOFK0TYG7HtkIgExQo+2RdLuwRft63jn2HWj8= github.com/syndtr/gocapability v0.0.0-20180916011248-d98352740cb2/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= github.com/tchap/go-patricia v2.3.0+incompatible h1:GkY4dP3cEfEASBPPkWd+AmjYxhmDkqO9/zg7R0lSQRs= diff --git a/vendor/modules.txt b/vendor/modules.txt index 656311dff..68a99c238 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -84,7 +84,7 @@ github.com/containers/buildah/pkg/secrets github.com/containers/buildah/pkg/supplemented github.com/containers/buildah/pkg/umask github.com/containers/buildah/util -# github.com/containers/common v0.14.9 +# github.com/containers/common v0.14.10 github.com/containers/common/pkg/apparmor github.com/containers/common/pkg/auth github.com/containers/common/pkg/capabilities @@ -92,7 +92,7 @@ github.com/containers/common/pkg/cgroupv2 github.com/containers/common/pkg/config github.com/containers/common/pkg/sysinfo github.com/containers/common/version -# github.com/containers/conmon v2.0.18+incompatible +# github.com/containers/conmon v2.0.20+incompatible github.com/containers/conmon/runner/config # github.com/containers/image/v5 v5.5.2 github.com/containers/image/v5/copy @@ -155,7 +155,7 @@ github.com/containers/psgo/internal/dev github.com/containers/psgo/internal/host github.com/containers/psgo/internal/proc github.com/containers/psgo/internal/process -# github.com/containers/storage v1.20.2 +# github.com/containers/storage v1.20.3 github.com/containers/storage github.com/containers/storage/drivers github.com/containers/storage/drivers/aufs diff --git a/version/version.go b/version/version.go index 2a4816277..8dd18e100 100644 --- a/version/version.go +++ b/version/version.go @@ -4,7 +4,7 @@ package version // NOTE: remember to bump the version at the top // of the top-level README.md file when this is // bumped. -const Version = "2.0.5-dev" +const Version = "2.0.6-dev" // APIVersion is the version for the remote // client API. It is used to determine compatibility |