13 files changed, 191 insertions, 28 deletions
diff --git a/Makefile b/Makefile
index 140b2e149..3c7f9d74b 100644
--- a/Makefile
+++ b/Makefile
@@ -20,6 +20,7 @@ SHAREDIR_CONTAINERS ?= ${PREFIX}/share/containers
 ETCDIR ?= /etc
 TMPFILESDIR ?= ${PREFIX}/lib/tmpfiles.d
 SYSTEMDDIR ?= ${PREFIX}/lib/systemd/system
+BUILDFLAGS ?=
 BUILDTAGS ?= \
 	$(shell hack/apparmor_tag.sh) \
 	$(shell hack/btrfs_installed_tag.sh) \
@@ -147,10 +148,10 @@ test/goecho/goecho: .gopathok $(wildcard test/goecho/*.go)
 	$(GO) build -ldflags '$(LDFLAGS)' -o $@ $(PROJECT)/test/goecho
 
 podman: .gopathok $(PODMAN_VARLINK_DEPENDENCIES) ## Build with podman
-	$(GO) build -gcflags '$(GCFLAGS)' -asmflags '$(ASMFLAGS)' -ldflags '$(LDFLAGS_PODMAN)' -tags "$(BUILDTAGS)" -o bin/$@ $(PROJECT)/cmd/podman
+	$(GO) build $(BUILDFLAGS) -gcflags '$(GCFLAGS)' -asmflags '$(ASMFLAGS)' -ldflags '$(LDFLAGS_PODMAN)' -tags "$(BUILDTAGS)" -o bin/$@ $(PROJECT)/cmd/podman
 
 podman-remote: .gopathok $(PODMAN_VARLINK_DEPENDENCIES) ## Build with podman on remote environment
-	$(GO) build -gcflags '$(GCFLAGS)' -asmflags '$(ASMFLAGS)' -ldflags '$(LDFLAGS_PODMAN)' -tags "$(BUILDTAGS) remoteclient" -o bin/$@ $(PROJECT)/cmd/podman
+	$(GO) build $(BUILDFLAGS) -gcflags '$(GCFLAGS)' -asmflags '$(ASMFLAGS)' -ldflags '$(LDFLAGS_PODMAN)' -tags "$(BUILDTAGS) remoteclient" -o bin/$@ $(PROJECT)/cmd/podman
 
 podman-remote-darwin: .gopathok $(PODMAN_VARLINK_DEPENDENCIES) ## Build with podman on remote OSX environment
 	CGO_ENABLED=0 GOOS=darwin $(GO) build -gcflags '$(GCFLAGS)' -asmflags '$(ASMFLAGS)' -ldflags '$(LDFLAGS_PODMAN)' -tags "remoteclient containers_image_openpgp exclude_graphdriver_devicemapper" -o bin/$@ $(PROJECT)/cmd/podman
diff --git a/cmd/podman/shared/create.go b/cmd/podman/shared/create.go
index be1a731cc..fd319e215 100644
--- a/cmd/podman/shared/create.go
+++ b/cmd/podman/shared/create.go
@@ -26,7 +26,6 @@ import (
 	"github.com/docker/docker/pkg/signal"
 	"github.com/docker/go-connections/nat"
 	"github.com/docker/go-units"
-	"github.com/google/shlex"
 	"github.com/opencontainers/selinux/go-selinux/label"
 	"github.com/opentracing/opentracing-go"
 	"github.com/pkg/errors"
@@ -116,6 +115,30 @@ func CreateContainer(ctx context.Context, c *GenericCLIResults, runtime *libpod.
 					if err != nil {
 						return nil, nil, errors.Wrapf(err, "unable to get healthcheck for %s", c.InputArgs[0])
 					}
+
+					if healthCheck != nil {
+						hcCommand := healthCheck.Test
+						if len(hcCommand) < 1 || hcCommand[0] == "" || hcCommand[0] == "NONE" {
+							// disable health check
+							healthCheck = nil
+						} else {
+							// apply defaults if image doesn't override them
+							if healthCheck.Interval == 0 {
+								healthCheck.Interval = 30 * time.Second
+							}
+							if healthCheck.Timeout == 0 {
+								healthCheck.Timeout = 30 * time.Second
+							}
+							/* Docker default is 0s, so the following would be a no-op
+							if healthCheck.StartPeriod == 0 {
+								healthCheck.StartPeriod = 0 * time.Second
+							}
+							*/
+							if healthCheck.Retries == 0 {
+								healthCheck.Retries = 3
+							}
+						}
+					}
 				}
 			}
 		}
@@ -788,9 +811,12 @@ func makeHealthCheckFromCli(c *GenericCLIResults) (*manifest.Schema2HealthConfig
 		return nil, errors.New("Must define a healthcheck command for all healthchecks")
 	}
 
-	cmd, err := shlex.Split(inCommand)
+	// first try to parse option value as JSON array of strings...
+	cmd := []string{}
+	err := json.Unmarshal([]byte(inCommand), &cmd)
 	if err != nil {
-		return nil, errors.Wrap(err, "failed to parse healthcheck command")
+		// ...otherwise pass it to "/bin/sh -c" inside the container
+		cmd = []string{"CMD-SHELL", inCommand}
 	}
 	hc := manifest.Schema2HealthConfig{
 		Test: cmd,
diff --git a/dependencies/analyses/README.md b/dependencies/analyses/README.md
new file mode 100644
index 000000000..a440a0ebd
--- /dev/null
+++ b/dependencies/analyses/README.md
@@ -0,0 +1,88 @@
+# A set of scripts and instructions that help to analyze and debloat go-lang dependencies
+
+Note that all scripts mentioned below follow the [KISS principle](https://en.wikipedia.org/wiki/KISS_principle) on purpose.
+The scripts are meant to be used in combination to aid in understanding the packages' dependencies and how they contribute to the size of the compiled binary.
+
+## Size of packages
+
+To analyze the size of all go packages used during the build process, pass the `-work -a` build flags to `go build`.
+The `-a` flag forces go to rebuild all packages even if they are already up-to-date (e.g., in the build cache), while the `-work` flag instructs go to print the temporary work directory used for compiling the packages.
+The path to the temporary work directory of `go-build` must be passed to `go-archive-analysis.sh` by setting it as an environment variable.
+The analysis script will then read and parse the build data and print a sorted table of the package size in bytes followed by the package name.
+
+Running such an analysis on libpod may look as follows:
+
+```
+# 1) Build the podman binary with `-work -a`.
+[libpod]$ BUILDFLAGS="-work -a" make podman
+[...]
+WORK=/tmp/go-build794287815
+
+# 2) Set the work directory as an environment variable and call the analysis script
+[libpod]$ WORK=/tmp/go-build794287815 ./dependencies/analyses/go-archive-analysis.sh | head -n10
+17M github.com/containers/libpod/cmd/podman/cliconfig
+13M github.com/containers/libpod/vendor/github.com/DataDog/zstd
+10M github.com/containers/libpod/vendor/k8s.io/api/core/v1
+3.7M net/http
+3.7M github.com/containers/libpod/libpod
+3.2M runtime
+2.7M github.com/containers/libpod/vendor/github.com/gogo/protobuf/proto
+2.5M github.com/containers/libpod/vendor/k8s.io/apimachinery/pkg/apis/meta/v1
+2.3M github.com/containers/libpod/vendor/github.com/vishvananda/netlink
+2.1M github.com/containers/libpod/cmd/podman/varlink
+```
+
+The output of the `go-archive-analysis.sh` script is a sorted table with the size in bytes followed by the package.
+The size denotes the size of the compiled package (i.e., the `.a` file).
+
+
+## Size of symbols in binary
+
+Once the binary is compiled, we can run another set of analyses on it.
+The `nm-symbols-analysis.sh` is a wrapper around `go tool nm` and prints a table with the size in bytes followed by the symbol's name.
+To avoid information overload, the scripts prints only symbols from the text/code segment.
+
+Running such an analysis on libpod may look as follows:
+
+```
+# 1) Compile the binary
+[libpod]$ make podman
+[...]
+
+# 2) Run the script with the binary as an argument
+[libpod]$ ./dependencies/analyses/nm-symbols-analysis.sh ./bin/podman | grep "containers/libpod/libpod" | head -n10
+299             github.com/containers/libpod/libpod.(*BoltState).AddContainer
+658             github.com/containers/libpod/libpod.(*BoltState).AddContainerToPod
+2120            github.com/containers/libpod/libpod.(*BoltState).AddPod
+3773            github.com/containers/libpod/libpod.(*BoltState).AddPod.func1
+965             github.com/containers/libpod/libpod.(*BoltState).AddVolume
+1651            github.com/containers/libpod/libpod.(*BoltState).AddVolume.func1
+558             github.com/containers/libpod/libpod.(*BoltState).AllContainers
+282             github.com/containers/libpod/libpod.(*BoltState).AllContainers.func1
+1121            github.com/containers/libpod/libpod.(*BoltState).AllContainers.func1.1
+558             github.com/containers/libpod/libpod.(*BoltState).AllPods
+```
+
+Running the script can help identify sources of bloat and reveal potential candidates (e.g., entire packages, types, or function) for refactoring.
+
+
+## Dependency Tree
+
+Use the `dependency-tree.sh` script to figure out which package includes which packages.
+The output of the script has the format `package: dependency_1, dependency_2, ...`.
+Each line is followed by a blank line to make it easier to read.
+The script generates two files:
+
+ - `direct-tree.txt` - listing direct dependencies
+ - `transitive-tree.txt` - listing direct and transitive dependencies
+
+Running such a dependency-tree analysis may look as follows:
+
+
+```
+[libpod]$ ./dependencies/analyses/dependency-tree.sh github.com/containers/libpod
+[libpod]$ grep "^github.com/containers/libpod/pkg/registries" direct-tree.txt
+github.com/containers/libpod/pkg/registries: github.com/containers/libpod/vendor/github.com/containers/image/pkg/sysregistriesv2, github.com/containers/libpod/vendor/github.com/containers/image/types, github.com/containers/libpod/pkg/rootless, github.com/containers/libpod/vendor/github.com/docker/distribution/reference, github.com/containers/libpod/vendor/github.com/pkg/errors, os, path/filepath, strings
+```
+
+As shown above, the script's output can then be used to query for specific packages (e.g, with `grep`).
diff --git a/dependencies/analyses/dependency-tree.sh b/dependencies/analyses/dependency-tree.sh
new file mode 100755
index 000000000..84085a50d
--- /dev/null
+++ b/dependencies/analyses/dependency-tree.sh
@@ -0,0 +1,17 @@
+#!/usr/bin/bash
+
+if test "$#" -ne 1; then
+	echo "invalid arguments: usage: $0 path to package"
+	exit 1
+fi
+
+go list $1/... \
+	| xargs -d '\n' go list -f '{{ .ImportPath }}: {{ join .Imports ", " }}' \
+	| awk '{ printf "%s\n\n", $0 }' \
+	> direct-tree.tmp.$$ && mv -f direct-tree.tmp.$$ direct-tree.txt
+
+
+go list $1/... \
+	| xargs -d '\n' go list -f '{{ .ImportPath }}: {{ join .Deps ", " }}' \
+	| awk '{ printf "%s\n\n", $0 }' \
+	> transitive-tree.tmp.$$ && mv -f transitive-tree.tmp.$$ transitive-tree.txt
diff --git a/dependencies/analyses/go-archive-analysis.sh b/dependencies/analyses/go-archive-analysis.sh
new file mode 100755
index 000000000..f10145dad
--- /dev/null
+++ b/dependencies/analyses/go-archive-analysis.sh
@@ -0,0 +1,12 @@
+#!/usr/bin/bash
+
+if [ -z "$WORK" ]
+then
+	echo "WORK environment variable must be set"
+	exit 1
+fi
+
+grep --no-filename packagefile $WORK/**/importcfg \
+	| awk '{ split($2, data, "="); printf "%s ", data[1]; system("du -sh " data[2]) }' \
+	| awk '{ printf "%s %s\n", $2, $1 }' \
+	| sort -u | sort -rh
diff --git a/dependencies/analyses/nm-symbols-analysis.sh b/dependencies/analyses/nm-symbols-analysis.sh
new file mode 100755
index 000000000..361b746e4
--- /dev/null
+++ b/dependencies/analyses/nm-symbols-analysis.sh
@@ -0,0 +1,9 @@
+#!/usr/bin/bash
+
+if test "$#" -ne 1; then
+	echo "invalid arguments: usage: $0 path/to/binary"
+	exit 1
+fi
+
+go tool nm -size "$1" \
+	| awk 'NF==4 && $3=="t" {printf "%s\t\t%s\n", $2, $4}'
diff --git a/docs/podman-create.1.md b/docs/podman-create.1.md
index 87e18dbb9..ea01a346c 100644
--- a/docs/podman-create.1.md
+++ b/docs/podman-create.1.md
@@ -272,12 +272,15 @@ The following example maps uids 0-2000 in the container to the uids 30000-31999
 
 Add additional groups to run as
 
-**--healthcheck-command**=*command*
+**--healthcheck-command**=*"command"* | *'["command", "arg1", ...]'*
 
 Set or alter a healthcheck command for a container. The command is a command to be executed inside your
 container that determines your container health.  The command is required for other healthcheck options
 to be applied.  A value of `none` disables existing healthchecks.
 
+Multiple options can be passed in the form of a JSON array; otherwise, the command will be interpreted
+as an argument to `/bin/sh -c`.
+
 **--healthcheck-interval**=*interval*
 
 Set an interval for the healthchecks (a value of `disable` results in no automatic timer setup) (default "30s")
diff --git a/docs/podman-run.1.md b/docs/podman-run.1.md
index 95499edd6..e3dca9300 100644
--- a/docs/podman-run.1.md
+++ b/docs/podman-run.1.md
@@ -279,12 +279,15 @@ The example maps gids 0-2000 in the container to the gids 30000-31999 on the hos
 
 Add additional groups to run as
 
-**--healthcheck-command**=*command*
+**--healthcheck-command**=*"command"* | *'["command", "arg1", ...]'*
 
 Set or alter a healthcheck command for a container. The command is a command to be executed inside your
 container that determines your container health.  The command is required for other healthcheck options
 to be applied.  A value of `none` disables existing healthchecks.
 
+Multiple options can be passed in the form of a JSON array; otherwise, the command will be interpreted
+as an argument to `/bin/sh -c`.
+
 **--healthcheck-interval**=*interval*
 
 Set an interval for the healthchecks (a value of `disable` results in no automatic timer setup) (default "30s")
diff --git a/libpod/healthcheck.go b/libpod/healthcheck.go
index f4ea6c694..8ed2b12e1 100644
--- a/libpod/healthcheck.go
+++ b/libpod/healthcheck.go
@@ -107,16 +107,25 @@ func (c *Container) runHealthCheck() (HealthCheckStatus, error) {
 		capture       bytes.Buffer
 		inStartPeriod bool
 	)
-	hcStatus, err := checkHealthCheckCanBeRun(c)
-	if err != nil {
-		return hcStatus, err
-	}
 	hcCommand := c.HealthCheckConfig().Test
-	if len(hcCommand) > 0 && hcCommand[0] == "CMD-SHELL" {
-		newCommand = []string{"sh", "-c", strings.Join(hcCommand[1:], " ")}
-	} else {
+	if len(hcCommand) < 1 {
+		return HealthCheckNotDefined, errors.Errorf("container %s has no defined healthcheck", c.ID())
+	}
+	switch hcCommand[0] {
+	case "", "NONE":
+		return HealthCheckNotDefined, errors.Errorf("container %s has no defined healthcheck", c.ID())
+	case "CMD":
+		newCommand = hcCommand[1:]
+	case "CMD-SHELL":
+		// TODO: SHELL command from image not available in Container - use Docker default
+		newCommand = []string{"/bin/sh", "-c", strings.Join(hcCommand[1:], " ")}
+	default:
+		// command supplied on command line - pass as-is
 		newCommand = hcCommand
 	}
+	if len(newCommand) < 1 || newCommand[0] == "" {
+		return HealthCheckNotDefined, errors.Errorf("container %s has no defined healthcheck", c.ID())
+	}
 	captureBuffer := bufio.NewWriter(&capture)
 	hcw := hcWriteCloser{
 		captureBuffer,
diff --git a/pkg/varlinkapi/transfers.go b/pkg/varlinkapi/transfers.go
index 24a91a86f..31d26c3aa 100644
--- a/pkg/varlinkapi/transfers.go
+++ b/pkg/varlinkapi/transfers.go
@@ -26,11 +26,6 @@ func (i *LibpodAPI) SendFile(call iopodman.VarlinkCall, ftype string, length int
 	defer outputFile.Close()
 
 	if err = call.ReplySendFile(outputFile.Name()); err != nil {
-		return call.ReplyErrorOccurred(err.Error())
-	}
-
-	// FIXME return parameter
-	if err = call.ReplySendFile("FIXME_file_handle"); err != nil {
 		// If an error occurs while sending the reply, return the error
 		return err
 	}
diff --git a/test/e2e/common_test.go b/test/e2e/common_test.go
index 21afc4b84..b233a772a 100644
--- a/test/e2e/common_test.go
+++ b/test/e2e/common_test.go
@@ -375,7 +375,7 @@ func (p *PodmanTestIntegration) RunNginxWithHealthCheck(name string) (*PodmanSes
 	if name != "" {
 		podmanArgs = append(podmanArgs, "--name", name)
 	}
-	podmanArgs = append(podmanArgs, "-dt", "-P", "--healthcheck-command", "CMD-SHELL curl http://localhost/", nginx)
+	podmanArgs = append(podmanArgs, "-dt", "-P", "--healthcheck-command", "curl http://localhost/", nginx)
 	session := p.Podman(podmanArgs)
 	session.WaitWithDefaultTimeout()
 	return session, session.OutputToString()
diff --git a/test/e2e/healthcheck_run_test.go b/test/e2e/healthcheck_run_test.go
index 125002bf9..dee86f3d9 100644
--- a/test/e2e/healthcheck_run_test.go
+++ b/test/e2e/healthcheck_run_test.go
@@ -95,7 +95,7 @@ var _ = Describe("Podman healthcheck run", func() {
 	})
 
 	It("podman healthcheck should be starting", func() {
-		session := podmanTest.Podman([]string{"run", "-dt", "--name", "hc", "--healthcheck-retries", "2", "--healthcheck-command", "\"CMD-SHELL ls /foo || exit 1\"", ALPINE, "top"})
+		session := podmanTest.Podman([]string{"run", "-dt", "--name", "hc", "--healthcheck-retries", "2", "--healthcheck-command", "ls /foo || exit 1", ALPINE, "top"})
 		session.WaitWithDefaultTimeout()
 		Expect(session.ExitCode()).To(Equal(0))
 		inspect := podmanTest.InspectContainer("hc")
@@ -103,7 +103,7 @@ var _ = Describe("Podman healthcheck run", func() {
 	})
 
 	It("podman healthcheck failed checks in start-period should not change status", func() {
-		session := podmanTest.Podman([]string{"run", "-dt", "--name", "hc", "--healthcheck-start-period", "2m", "--healthcheck-retries", "2", "--healthcheck-command", "\"CMD-SHELL ls /foo || exit 1\"", ALPINE, "top"})
+		session := podmanTest.Podman([]string{"run", "-dt", "--name", "hc", "--healthcheck-start-period", "2m", "--healthcheck-retries", "2", "--healthcheck-command", "ls /foo || exit 1", ALPINE, "top"})
 		session.WaitWithDefaultTimeout()
 		Expect(session.ExitCode()).To(Equal(0))
 
@@ -124,7 +124,7 @@ var _ = Describe("Podman healthcheck run", func() {
 	})
 
 	It("podman healthcheck failed checks must reach retries before unhealthy ", func() {
-		session := podmanTest.Podman([]string{"run", "-dt", "--name", "hc", "--healthcheck-retries", "2", "--healthcheck-command", "\"CMD-SHELL ls /foo || exit 1\"", ALPINE, "top"})
+		session := podmanTest.Podman([]string{"run", "-dt", "--name", "hc", "--healthcheck-retries", "2", "--healthcheck-command", "ls /foo || exit 1", ALPINE, "top"})
 		session.WaitWithDefaultTimeout()
 		Expect(session.ExitCode()).To(Equal(0))
 
@@ -145,7 +145,7 @@ var _ = Describe("Podman healthcheck run", func() {
 	})
 
 	It("podman healthcheck good check results in healthy even in start-period", func() {
-		session := podmanTest.Podman([]string{"run", "-dt", "--name", "hc", "--healthcheck-start-period", "2m", "--healthcheck-retries", "2", "--healthcheck-command", "\"CMD-SHELL\" \"ls\" \"||\" \"exit\" \"1\"", ALPINE, "top"})
+		session := podmanTest.Podman([]string{"run", "-dt", "--name", "hc", "--healthcheck-start-period", "2m", "--healthcheck-retries", "2", "--healthcheck-command", "ls || exit 1", ALPINE, "top"})
 		session.WaitWithDefaultTimeout()
 		Expect(session.ExitCode()).To(Equal(0))
 
@@ -158,7 +158,7 @@ var _ = Describe("Podman healthcheck run", func() {
 	})
 
 	It("podman healthcheck single healthy result changes failed to healthy", func() {
-		session := podmanTest.Podman([]string{"run", "-dt", "--name", "hc", "--healthcheck-retries", "2", "--healthcheck-command", "\"CMD-SHELL\" \"ls\" \"/foo\" \"||\" \"exit\" \"1\"", ALPINE, "top"})
+		session := podmanTest.Podman([]string{"run", "-dt", "--name", "hc", "--healthcheck-retries", "2", "--healthcheck-command", "ls /foo || exit 1", ALPINE, "top"})
 		session.WaitWithDefaultTimeout()
 		Expect(session.ExitCode()).To(Equal(0))
 
diff --git a/test/e2e/run_test.go b/test/e2e/run_test.go
index 8c7830204..886e3e7a9 100644
--- a/test/e2e/run_test.go
+++ b/test/e2e/run_test.go
@@ -750,21 +750,21 @@ USER mail`
 	})
 
 	It("podman run with bad healthcheck retries", func() {
-		session := podmanTest.Podman([]string{"run", "-dt", "--healthcheck-command", "foo", "--healthcheck-retries", "0", ALPINE, "top"})
+		session := podmanTest.Podman([]string{"run", "-dt", "--healthcheck-command", "[\"foo\"]", "--healthcheck-retries", "0", ALPINE, "top"})
 		session.Wait()
 		Expect(session.ExitCode()).ToNot(Equal(0))
 		Expect(session.ErrorToString()).To(ContainSubstring("healthcheck-retries must be greater than 0"))
 	})
 
 	It("podman run with bad healthcheck timeout", func() {
-		session := podmanTest.Podman([]string{"run", "-dt", "--healthcheck-command", "foo", "--healthcheck-timeout", "0s", ALPINE, "top"})
+		session := podmanTest.Podman([]string{"run", "-dt", "--healthcheck-command", "[\"foo\"]", "--healthcheck-timeout", "0s", ALPINE, "top"})
 		session.WaitWithDefaultTimeout()
 		Expect(session.ExitCode()).ToNot(Equal(0))
 		Expect(session.ErrorToString()).To(ContainSubstring("healthcheck-timeout must be at least 1 second"))
 	})
 
 	It("podman run with bad healthcheck start-period", func() {
-		session := podmanTest.Podman([]string{"run", "-dt", "--healthcheck-command", "foo", "--healthcheck-start-period", "-1s", ALPINE, "top"})
+		session := podmanTest.Podman([]string{"run", "-dt", "--healthcheck-command", "[\"foo\"]", "--healthcheck-start-period", "-1s", ALPINE, "top"})
 		session.WaitWithDefaultTimeout()
 		Expect(session.ExitCode()).ToNot(Equal(0))
 		Expect(session.ErrorToString()).To(ContainSubstring("healthcheck-start-period must be 0 seconds or greater"))