diff options
Diffstat (limited to 'contrib')
| l--------- | contrib/cirrus/apiv2_test.sh | 1 | ||||
| -rwxr-xr-x | contrib/cirrus/integration_test.sh | 14 | ||||
| -rw-r--r-- | contrib/cirrus/lib.sh | 7 | ||||
| -rwxr-xr-x | contrib/cirrus/logcollector.sh | 6 | ||||
| -rwxr-xr-x | contrib/cirrus/logformatter | 441 | ||||
| -rw-r--r-- | contrib/cirrus/packer/fedora_setup.sh | 14 | ||||
| -rw-r--r-- | contrib/cirrus/packer/libpod_base_images.yml | 2 | ||||
| -rwxr-xr-x | contrib/cirrus/setup_environment.sh | 80 | ||||
| -rwxr-xr-x | contrib/cirrus/upload_release_archive.sh | 39 | ||||
| -rw-r--r-- | contrib/fedora-minimal/Dockerfile | 2 | ||||
| -rw-r--r-- | contrib/gate/Dockerfile | 29 | ||||
| -rw-r--r-- | contrib/gate/README.md | 6 | ||||
| -rwxr-xr-x | contrib/gate/entrypoint.sh | 22 | ||||
| -rw-r--r-- | contrib/podmanimage/README.md | 8 | ||||
| -rw-r--r-- | contrib/podmanimage/stable/manual/Containerfile | 39 | ||||
| -rw-r--r-- | contrib/podmanimage/upstream/Dockerfile | 4 | ||||
| -rw-r--r-- | contrib/spec/podman.spec.in | 6 | ||||
| -rw-r--r-- | contrib/systemd/auto-update/podman-auto-update.service | 11 | ||||
| -rw-r--r-- | contrib/systemd/auto-update/podman-auto-update.timer | 9 |
19 files changed, 631 insertions, 109 deletions
diff --git a/contrib/cirrus/apiv2_test.sh b/contrib/cirrus/apiv2_test.sh new file mode 120000 index 000000000..cbc481d6b --- /dev/null +++ b/contrib/cirrus/apiv2_test.sh @@ -0,0 +1 @@ +integration_test.sh
\ No newline at end of file diff --git a/contrib/cirrus/integration_test.sh b/contrib/cirrus/integration_test.sh index d5e6ec884..6341bcb4a 100755 --- a/contrib/cirrus/integration_test.sh +++ b/contrib/cirrus/integration_test.sh @@ -16,16 +16,6 @@ fi cd "$GOSRC" -# Transition workaround: runc is still the default for upstream development -handle_crun() { - # For systems with crun installed, assume CgroupsV2 and use it - if type -P crun &> /dev/null - then - warn "Replacing runc -> crun in libpod.conf" - sed -i -r -e 's/^runtime = "runc"/runtime = "crun"/' /usr/share/containers/libpod.conf - fi -} - case "$SPECIALMODE" in in_podman) ${CONTAINER_RUNTIME} run --rm --privileged --net=host \ @@ -49,21 +39,19 @@ case "$SPECIALMODE" in endpoint) make make install PREFIX=/usr ETCDIR=/etc - #handle_crun make test-binaries make endpoint ;; bindings) make make install PREFIX=/usr ETCDIR=/etc - cd pkg/bindings/test && ginkgo -r + cd pkg/bindings/test && ginkgo -trace -noColor -debug -r ;; none) make make install PREFIX=/usr ETCDIR=/etc make install.config PREFIX=/usr make test-binaries - handle_crun if [[ "$TEST_REMOTE_CLIENT" == "true" ]] then make remote${TESTSUITE} VARLINK_LOG=$VARLINK_LOG diff --git a/contrib/cirrus/lib.sh b/contrib/cirrus/lib.sh index 71ad67c74..5895d84f4 100644 --- a/contrib/cirrus/lib.sh +++ b/contrib/cirrus/lib.sh @@ -68,9 +68,9 @@ export FEDORA_BASE_IMAGE="fedora-cloud-base-31-1-9-1578586410" export PRIOR_FEDORA_BASE_IMAGE="fedora-cloud-base-30-1-2-1578586410" export BUILT_IMAGE_SUFFIX="${BUILT_IMAGE_SUFFIX:--$CIRRUS_REPO_NAME-${CIRRUS_BUILD_ID}}" # IN_PODMAN container image -IN_PODMAN_IMAGE="quay.io/libpod/in_podman:latest" +IN_PODMAN_IMAGE="quay.io/libpod/in_podman:$DEST_BRANCH" # Image for uploading releases -UPLDREL_IMAGE="quay.io/libpod/upldrel:latest" +UPLDREL_IMAGE="quay.io/libpod/upldrel:master" # Avoid getting stuck waiting for user input export DEBIAN_FRONTEND="noninteractive" @@ -88,6 +88,7 @@ ROOTLESS_ENV_RE='(CIRRUS_.+)|(ROOTLESS_.+)|(.+_IMAGE.*)|(.+_BASE)|(.*DIRPATH)|(. SECRET_ENV_RE='(IRCID)|(ACCOUNT)|(GC[EP]..+)|(SSH)' SPECIALMODE="${SPECIALMODE:-none}" +MOD_LIBPOD_CONF="${MOD_LIBPOD_CONF:false}" TEST_REMOTE_CLIENT="${TEST_REMOTE_CLIENT:-false}" export CONTAINER_RUNTIME=${CONTAINER_RUNTIME:-podman} @@ -105,6 +106,8 @@ OS_RELEASE_ID="$(source /etc/os-release; echo $ID)" OS_RELEASE_VER="$(source /etc/os-release; echo $VERSION_ID | cut -d '.' -f 1)" # Combined to ease soe usage OS_REL_VER="${OS_RELEASE_ID}-${OS_RELEASE_VER}" +# Type of filesystem used for cgroups +CG_FS_TYPE="$(stat -f -c %T /sys/fs/cgroup)" # Installed into cache-images, supports overrides # by user-data in case of breakage or for debugging. diff --git a/contrib/cirrus/logcollector.sh b/contrib/cirrus/logcollector.sh index 44a62ce58..0b179591a 100755 --- a/contrib/cirrus/logcollector.sh +++ b/contrib/cirrus/logcollector.sh @@ -32,7 +32,7 @@ case $1 in df) showrun df -lhTx tmpfs ;; ginkgo) showrun cat $CIRRUS_WORKING_DIR/test/e2e/ginkgo-node-*.log ;; journal) showrun journalctl -b ;; - podman) showrun podman system info ;; + podman) showrun ./bin/podman system info ;; varlink) if [[ "$TEST_REMOTE_CLIENT" == "true" ]] then @@ -56,6 +56,7 @@ case $1 in ) case $OS_RELEASE_ID in fedora*) + cat /etc/fedora-release PKG_LST_CMD='rpm -q --qf=%{N}-%{V}-%{R}-%{ARCH}\n' PKG_NAMES+=(\ container-selinux \ @@ -65,6 +66,7 @@ case $1 in ) ;; ubuntu*) + cat /etc/issue PKG_LST_CMD='dpkg-query --show --showformat=${Package}-${Version}-${Architecture}\n' PKG_NAMES+=(\ cri-o-runc \ @@ -73,6 +75,8 @@ case $1 in ;; *) bad_os_id_ver ;; esac + echo "Kernel: " $(uname -r) + echo "Cgroups: " $(stat -f -c %T /sys/fs/cgroup) # Any not-present packages will be listed as such $PKG_LST_CMD ${PKG_NAMES[@]} | sort -u ;; diff --git a/contrib/cirrus/logformatter b/contrib/cirrus/logformatter new file mode 100755 index 000000000..6a86f6a49 --- /dev/null +++ b/contrib/cirrus/logformatter @@ -0,0 +1,441 @@ +#!/usr/bin/perl +# +# logformatter - highlight a Cirrus test log (ginkgo or bats) +# +# Adapted from https://raw.githubusercontent.com/edsantiago/greasemonkey/podman-ginkgo-highlight +# +package LibPod::CI::LogFormatter; + +use v5.14; +use utf8; + +# Grumble. CI system doesn't have 'open' +binmode STDIN, ':utf8'; +binmode STDOUT, ':utf8'; + +use strict; +use warnings; + +(our $ME = $0) =~ s|.*/||; + +our $VERSION = '0.1'; + +# For debugging, show data structures using DumpTree($var) +#use Data::TreeDumper; $Data::TreeDumper::Displayaddress = 0; + +############################################################################### +# BEGIN user-customizable section + +# Stylesheet for highlighting or de-highlighting parts of lines +our $CSS = <<'END_CSS'; +/* wrap long lines - don't require user to scroll right */ +pre { line-break: normal; overflow-wrap: normal; white-space: pre-wrap; } + +.boring { color: #999; } +.timestamp { color: #999; } +.log-debug { color: #999; } +.log-info { color: #333; } +.log-warn { color: #f60; } +.log-error { color: #900; font-weight: bold; } +.subtest { background: #eee; } +.subsubtest { color: #F39; font-weight: bold; } +.string { color: #00c; } +.command { font-weight: bold; color: #000; } +.changed { color: #000; font-weight: bold; } + +/* links to source files: not as prominent as links to errors */ +a.codelink:link { color: #000; } +a.codelink:visited { color: #666; } +a.codelink:hover { background: #000; color: #999; } + +/* The timing tests at bottom: remove underline, it's too cluttery. */ +a.timing { text-decoration: none; } + +/* BATS styles */ +.bats-ok { color: #393; } +.bats-notok { color: #F00; font-weight: bold; } +.bats-skip { color: #F90; } +.bats-log { color: #900; } +.bats-log-esm { color: #b00; font-weight: bold; } + +/* error titles: display next to timestamp, not on separate line */ +h2 { display: inline; } +END_CSS + +# END user-customizable section +############################################################################### + +############################################################################### +# BEGIN boilerplate args checking, usage messages + +sub usage { + print <<"END_USAGE"; +Usage: $ME [OPTIONS] TEST_NAME + +$ME is a filter; it HTMLifies an input stream (presumably +Ginkgo or BATS log results), writing HTML results to an output file +but passing stdin unmodified to stdout. It is intended to run in +the Cirrus CI environment. + +Parameters: + + TEST_NAME descriptive name; output file will be TEST_NAME.log.html + +OPTIONS: + + --help display this message + --man display program man page + --version display program name and version +END_USAGE + + exit; +} + +# Command-line options. Note that this operates directly on @ARGV ! +our $debug = 0; +our $force = 0; +our $verbose = 0; +our $NOT = ''; # print "blahing the blah$NOT\n" if $debug +sub handle_opts { + use Getopt::Long; + GetOptions( + 'debug!' => \$debug, + 'dry-run|n!' => sub { $NOT = ' [NOT]' }, + 'force' => \$force, + 'verbose|v' => \$verbose, + + help => \&usage, + version => sub { print "$ME version $VERSION\n"; exit 0 }, + ) or die "Try `$ME --help' for help\n"; +} + +# END boilerplate args checking, usage messages +############################################################################### + +############################## CODE BEGINS HERE ############################### + +# The term is "modulino". +__PACKAGE__->main() unless caller(); + +# Main code. +sub main { + # Note that we operate directly on @ARGV, not on function parameters. + # This is deliberate: it's because Getopt::Long only operates on @ARGV + # and there's no clean way to make it use @_. + handle_opts(); # will set package globals + + # In case someone is tempted to run us on the command line + die "$ME: this is a filter, not an interactive script\n" if -t *STDIN; + + # Fetch command-line arguments. Barf if too many. + my $test_name = shift(@ARGV) + or die "$ME: missing TEST_NAME argument; try $ME --help\n"; + warn "$ME: Too many arguments; ignoring extras. try $ME --help\n" if @ARGV; + + format_log($test_name); +} + + +sub format_log { + my $test_name = shift; # in: e.g. 'integration_test' + + my $outfile = "$test_name.log.html"; + my $out_tmp = "$outfile.tmp.$$"; + open my $out_fh, '>:utf8', $out_tmp + or warn "$ME: Cannot create $out_tmp: $!\n"; + + # Boilerplate: HTML headers for output file + print { $out_fh } <<"END_HTML" if $out_fh; +<?xml version="1.0" encoding="utf-8"?> +<!DOCTYPE html + PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" + "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> +<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US"> +<head> +<meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> +<title>$test_name</title> +<style type="text/css"> +$CSS +</style> + +<!-- on page load, go to bottom: that's where the error summary is --> +<script language="javascript"> +function scrollToBottom() { + if (window.scrollY < 10) { + window.scrollTo(0, document.body.scrollHeight); + } +} +window.addEventListener("load", scrollToBottom, false); +</script> +</head> +<body> +<pre> +END_HTML + + # State variables + my $previous_timestamp = ''; # timestamp of previous line + my $cirrus_task; # Cirrus task number, used for linking + my $git_commit; # git SHA, used for linking to source files + my $in_failure; # binary flag: are we in an error dump? + my $in_timing; # binary flag: are we in the timing section? + my $after_divider = 0; # Count of lines after seeing '-----' + my $current_output; # for removing duplication + my $looks_like_bats; # binary flag: for detecting BATS results + + # Main loop: read input, one line at a time, and write out reformatted + LINE: + while (my $line = <STDIN>) { + print $line; # Immediately dump back to stdout + + # Remain robust in face of errors: always write stdout even if no HTML + next LINE if ! $out_fh; + + chomp $line; + $line =~ s/\0//g; # Some log files have NULs???? + $line = escapeHTML($line); + + # Temporarily strip off leading timestamp + $line =~ s/^(\[\+\d+s\]\s)//; + my $timestamp = $1 || ''; + if ($previous_timestamp && $timestamp eq $previous_timestamp) { + $timestamp = ' ' x length($timestamp); + } + elsif ($timestamp) { + $previous_timestamp = $timestamp; + } + + # Try to identify the git commit we're working with... + if ($line =~ m!libpod/define.gitCommit=([0-9a-f]+)!) { + $git_commit = $1; + } + # ...so we can link to specific lines in source files + if ($git_commit) { + # 1 12 3 34 4 5 526 6 + $line =~ s{^(.*)(\/(containers\/libpod)(\/\S+):(\d+))(.*)$} + {$1<a class="codelink" href='https://github.com/$3/blob/$git_commit$4#L$5'>$2</a>$6}; + } + + # Try to identify the cirrus task + if ($line =~ /cirrus-task-(\d+)/) { + $cirrus_task = $1; + } + + # BATS handling + if ($line =~ /^1\.\.\d+$/) { + $looks_like_bats = 1; + } + if ($looks_like_bats) { + my $css; + + if ($line =~ /^ok\s.*\s# skip/) { $css = 'skip' } + elsif ($line =~ /^ok\s/) { $css = 'ok' } + elsif ($line =~ /^not\s+ok\s/) { $css = 'notok' } + elsif ($line =~ /^#\s#\|\s/) { $css = 'log-esm' } + elsif ($line =~ /^#\s/) { $css = 'log' } + + if ($css) { + $line = "<span class='bats-$css'>$line</span>"; + } + + print { $out_fh } "<span class=\"timestamp\">$timestamp</span>" + if $timestamp; + print { $out_fh } $line, "\n"; + next LINE; + } + + # Timing section at the bottom of the page + if ($line =~ / timing results\s*$/) { + $in_timing = 1; + } + elsif ($in_timing) { + if ($line =~ /^(\S.*\S)\s+(\d+\.\d+)\s*$/) { + my ($name, $time) = ($1, $2); + my $id = make_id($1, 'timing'); + + # Try to column-align the timing numbers. Some test names + # will be longer than our max - oh well. + my $spaces = 80 - length(unescapeHTML($name)); + $spaces = 1 if $spaces < 1; + $spaces++ if $time < 10; + my $spacing = ' ' x $spaces; + $line = qq{<a class="timing" href="#t--$id">$name</a>$spacing$time}; + } + else { + $in_timing = 0; + } + } + + # + # Ginkgo error reformatting + # + if ($line =~ /^.{1,4} (Failure|Panic)( in .*)? \[/) { + # Begins a block of multiple lines including a stack trace + print { $out_fh } "<div class='log-error'>\n"; + $in_failure = 1; + } + elsif ($line =~ /^-----------/) { + if ($in_failure) { + # Ends a stack trace block + $in_failure = 0; + print { $out_fh } "</div>\n"; + } + $after_divider = 1; + + print { $out_fh } "</pre>\n<hr />\n<pre>\n"; + # Always show timestamp at start of each new test + $previous_timestamp = ''; + next LINE; + } + # (bindings test sometimes emits 'Running' with leading bullet char) + elsif ($line =~ /^•?Running:/) { + # Highlight the important (non-boilerplate) podman command. + # Strip out the global podman options, but show them on hover + $line =~ s{(\S+\/podman)((\s+--(root|runroot|runtime|tmpdir|storage-opt|conmon|cgroup-manager|cni-config-dir|storage-driver|events-backend) \S+)*)(.*)}{ + my ($full_path, $options, $args) = ($1, $2, $5); + + $options =~ s/^\s+//; + # Separate each '--foo bar' with newlines for readability + $options =~ s/ --/\n--/g; + qq{<span title="$full_path"><b>podman</b></span> <span class=\"boring\" title=\"$options\">[options]</span><b>$args</b>}; + }e; + $current_output = ''; + } + # Grrr. 'output:' usually just tells us what we already know. + elsif ($line =~ /^output:/) { + $current_output =~ s!^\s+|\s+$!!g; # Trim leading/trailing blanks + $current_output =~ s/\s+/ /g; # Collapse multiple spaces + if ($line eq "output: $current_output" || $line eq 'output: ') { + next LINE; + } + } + elsif ($line =~ /^Error:/ || $line =~ / level=(warning|error) /) { + $line = "<span class='log-warn'>" . $line . "</span>"; + } + elsif ($line =~ /^panic:/) { + $line = "<span class='log-error'>" . $line . "</span>"; + } + else { + $current_output .= ' ' . $line; + } + + + # Two lines after each divider, there's a test name. Make it + # an anchor so we can link to it later. + if ($after_divider++ == 2) { + # Sigh. There is no actual marker. Assume that anything with + ## two leading spaces then alpha (not slashes) is a test name. + if ($line =~ /^ [a-zA-Z]/) { + my $id = make_id($line, 'anchor'); + + $line = "<a name='t--$id'><h2>$line</h2></a>"; + } + } + + # Failure name corresponds to a previously-seen block. + ## FIXME: sometimes there are three failures with the same name. + ## ...I have no idea why or how to link to the right ones. + # 1 2 2 3 3 14 4 + if ($line =~ /^(\[(Fail|Panic!)\] .* \[(It|BeforeEach)\] )([A-Za-z].*)/) { + my ($lhs, $type, $ginkgo_fluff, $testname) = ($1, $2, $3, $4); + my $id = make_id($testname, 'link'); + + $line = "<b>$lhs<a href='#t--$id'>$testname</a></b>"; + } + + print { $out_fh } "<span class=\"timestamp\">$timestamp</span>" + if $timestamp; + print { $out_fh } $line, "\n"; + } + + my $have_formatted_log; # Set on success + + if ($out_fh) { + print { $out_fh } "</pre>\n"; + + # Did we find a cirrus task? Link back. + if ($cirrus_task) { + print { $out_fh } <<"END_HTML"; +<hr /> +<h3>Cirrus <a href="https://cirrus-ci.com/task/$cirrus_task">task $cirrus_task</a></h3> +END_HTML + } + + # FIXME: need a safe way to get TZ + printf { $out_fh } <<"END_HTML", scalar(CORE::localtime); +<hr /> +<small>Processed %s by $ME v$VERSION</small> +</body> +</html> +END_HTML + + if (close $out_fh) { + if (rename $out_tmp => $outfile) { + $have_formatted_log = 1; + } + else { + warn "$ME: Could not rename $out_tmp: $!\n"; + } + } + else { + warn "$ME: Error writing $out_tmp: $!\n"; + } + } + + # FIXME: if Cirrus magic envariables are available, write a link to results + if ($have_formatted_log && $ENV{CIRRUS_TASK_ID}) { + my $URL_BASE = "https://storage.googleapis.com"; + my $STATIC_MAGIC_BLOB = "cirrus-ci-5385732420009984-fcae48"; + my $ARTIFACT_NAME = "html"; + + my $URL = "${URL_BASE}/${STATIC_MAGIC_BLOB}/artifacts/$ENV{CIRRUS_REPO_FULL_NAME}/$ENV{CIRRUS_TASK_ID}/${ARTIFACT_NAME}/${outfile}"; + + print "\n\nAnnotated results:\n $URL\n"; + } +} + + +############# +# make_id # Given a test name, generate an anchor link name +############# +sub make_id { + my $name = shift; # in: test title + my $type = shift; # in: differentiator (anchor, link) + + state %counter; + + $name =~ s/^\s+|\s+$//g; # strip leading/trailing whitespace + $name =~ s/[^a-zA-Z0-9_-]/-/g; # Convert non-alphanumeric to dash + + # Keep a running tally of how many times we've seen this identifier + # for this given type! This lets us cross-match, in the bottom of + # the page, the first/second/third failure of a given test. + $name .= "--" . ++$counter{$type}{$name}; + + $name; +} + + + +sub escapeHTML { + my $s = shift; + + state %chars; + %chars = ('&' => '&', '<' => '<', '>' => '>', '"' => '"', "'" => ''') + if keys(%chars) == 0; + my $class = join('', sort keys %chars); + $s =~ s/([$class])/$chars{$1}/ge; + + return $s; +} + +sub unescapeHTML { + my $s = shift; + + # We don't actually care about the character, only its length + $s =~ s/\&\#?[a-z0-9]+;/./g; + + return $s; +} + + +1; diff --git a/contrib/cirrus/packer/fedora_setup.sh b/contrib/cirrus/packer/fedora_setup.sh index 591a59a05..20014e5f3 100644 --- a/contrib/cirrus/packer/fedora_setup.sh +++ b/contrib/cirrus/packer/fedora_setup.sh @@ -8,7 +8,7 @@ set -e # Load in library (copied by packer, before this script was run) source /tmp/libpod/$SCRIPT_BASE/lib.sh -req_env_var SCRIPT_BASE PACKER_BUILDER_NAME GOSRC +req_env_var SCRIPT_BASE PACKER_BUILDER_NAME GOSRC FEDORA_BASE_IMAGE OS_RELEASE_ID OS_RELEASE_VER install_ooe @@ -17,9 +17,14 @@ trap "sudo rm -rf $GOPATH" EXIT $BIGTO ooe.sh sudo dnf update -y -echo "Enabling updates-testing repository" -$LILTO ooe.sh sudo dnf install -y 'dnf-command(config-manager)' -$LILTO ooe.sh sudo dnf config-manager --set-enabled updates-testing +# Do not enable update-stesting on the previous Fedora release +if [[ "$FEDORA_BASE_IMAGE" =~ "${OS_RELEASE_ID}-cloud-base-${OS_RELEASE_VER}" ]]; then + warn "Enabling updates-testing repository for image based on $FEDORA_BASE_IMAGE" + $LILTO ooe.sh sudo dnf install -y 'dnf-command(config-manager)' + $LILTO ooe.sh sudo dnf config-manager --set-enabled updates-testing +else + warn "NOT enabling updates-testing repository for image based on $PRIOR_FEDORA_BASE_IMAGE" +fi echo "Installing general build/test dependencies for Fedora '$OS_RELEASE_VER'" REMOVE_PACKAGES=() @@ -98,6 +103,7 @@ case "$OS_RELEASE_VER" in python2-future runc ) + REMOVE_PACKAGES+=(crun) ;; 31) INSTALL_PACKAGES+=(crun) diff --git a/contrib/cirrus/packer/libpod_base_images.yml b/contrib/cirrus/packer/libpod_base_images.yml index 21f3795f1..255723d57 100644 --- a/contrib/cirrus/packer/libpod_base_images.yml +++ b/contrib/cirrus/packer/libpod_base_images.yml @@ -12,7 +12,7 @@ variables: # Required for output from qemu builders TTYDEV: - # Ubuntu releases are mearly copied to this project for control purposes + # Ubuntu releases are merely copied to this project for control purposes UBUNTU_BASE_IMAGE: PRIOR_UBUNTU_BASE_IMAGE: diff --git a/contrib/cirrus/setup_environment.sh b/contrib/cirrus/setup_environment.sh index 5364dd510..9b4a56acd 100755 --- a/contrib/cirrus/setup_environment.sh +++ b/contrib/cirrus/setup_environment.sh @@ -6,15 +6,19 @@ source $(dirname $0)/lib.sh req_env_var USER HOME GOSRC SCRIPT_BASE SETUP_MARKER_FILEPATH -show_env_vars - # Ensure this script only executes successfully once and always logs ending timestamp -[[ ! -e "$SETUP_MARKER_FILEPATH" ]] || exit 0 +if [[ -e "$SETUP_MARKER_FILEPATH" ]]; then + show_env_vars + exit 0 +fi + exithandler() { RET=$? echo "." echo "$(basename $0) exit status: $RET" [[ "$RET" -eq "0" ]] && date +%s >> "$SETUP_MARKER_FILEPATH" + show_env_vars + [[ "$RET" -eq "0" ]] || warn "Non-zero exit caused by error ABOVE env. var. display." } trap exithandler EXIT @@ -43,45 +47,71 @@ case "${OS_RELEASE_ID}" in fi ;; fedora) + # This is temporary and should be removed once conmon is in stable + # and the images can be rebuilt properly. + if [[ "$OS_RELEASE_VER" -eq "30" ]]; then + dnf -y install https://kojipkgs.fedoraproject.org//packages/conmon/2.0.13/1.fc30/x86_64/conmon-2.0.13-1.fc30.x86_64.rpm + else + dnf -y install https://kojipkgs.fedoraproject.org//packages/conmon/2.0.13/1.fc31/x86_64/conmon-2.0.13-1.fc31.x86_64.rpm + fi + # End of temporary patch + # All SELinux distros need this for systemd-in-a-container setsebool container_manage_cgroup true if [[ "$ADD_SECOND_PARTITION" == "true" ]]; then - bash "$SCRIPT_BASE/add_second_partition.sh"; fi + bash "$SCRIPT_BASE/add_second_partition.sh" + fi - if [[ "$OS_RELEASE_VER" == "31" ]]; then - warn "Switching io schedular to deadline to avoid RHBZ 1767539" - warn "aka https://bugzilla.kernel.org/show_bug.cgi?id=205447" - echo "mq-deadline" > /sys/block/sda/queue/scheduler - cat /sys/block/sda/queue/scheduler + warn "Switching io scheduler to 'deadline' to avoid RHBZ 1767539" + warn "aka https://bugzilla.kernel.org/show_bug.cgi?id=205447" + echo "mq-deadline" > /sys/block/sda/queue/scheduler + cat /sys/block/sda/queue/scheduler - warn "Forcing systemd cgroup manager" - X=$(echo "export CGROUP_MANAGER=systemd" | \ - tee -a /etc/environment) && eval "$X" && echo "$X" + warn "Forcing systemd cgroup manager" + X=$(echo "export CGROUP_MANAGER=systemd" | \ + tee -a /etc/environment) && eval "$X" && echo "$X" + ;; + centos) # Current VM is an image-builder-image no local podman/testing + echo "No further setup required for VM image building" + exit 0 + ;; + *) bad_os_id_ver ;; +esac - warn "Testing with crun instead of runc" - X=$(echo "export OCI_RUNTIME=/usr/bin/crun" | \ - tee -a /etc/environment) && eval "$X" && echo "$X" +# Reload to incorporate any changes from above +source "$SCRIPT_BASE/lib.sh" + +case "$CG_FS_TYPE" in + tmpfs) + warn "Forcing testing with runc instead of crun" + X=$(echo "export OCI_RUNTIME=/usr/bin/runc" | \ + tee -a /etc/environment) && eval "$X" && echo "$X" + ;; + cgroup2fs) + # This is necessary since we've built/installed from source, which uses runc as the default. + warn "Forcing testing with crun instead of runc" + X=$(echo "export OCI_RUNTIME=/usr/bin/crun" | \ + tee -a /etc/environment) && eval "$X" && echo "$X" + + if [[ "$MOD_LIBPOD_CONF" == "true" ]]; then + warn "Updating runtime setting in repo. copy of libpod.conf" + sed -i -r -e 's/^runtime = "runc"/runtime = "crun"/' $GOSRC/libpod.conf + git diff $GOSRC/libpod.conf + fi + if [[ "$OS_RELEASE_ID" == "fedora" ]]; then warn "Upgrading to the latest crun" # Normally not something to do for stable testing # but crun is new, and late-breaking fixes may be required # on short notice dnf update -y crun - - #warn "Setting SELinux into Permissive mode" - #setenforce 0 fi ;; - centos) # Current VM is an image-builder-image no local podman/testing - echo "No further setup required for VM image building" - exit 0 + *) + die 110 "Unsure how to handle cgroup filesystem type '$CG_FS_TYPE'" ;; - *) bad_os_id_ver ;; esac -# Reload to incorporate any changes from above -source "$SCRIPT_BASE/lib.sh" - # Must execute before possible setup_rootless() make install.tools diff --git a/contrib/cirrus/upload_release_archive.sh b/contrib/cirrus/upload_release_archive.sh index a94a5cc82..e1b8937b7 100755 --- a/contrib/cirrus/upload_release_archive.sh +++ b/contrib/cirrus/upload_release_archive.sh @@ -19,36 +19,19 @@ then BUCKET="libpod-pr-releases" elif [[ -n "$CIRRUS_BRANCH" ]] then - # Only release binaries for tagged commit ranges, unless working on docs - if is_release || [[ $CIRRUS_TASK_NAME =~ "docs" ]] + # Only release binaries for docs + if [[ $CIRRUS_TASK_NAME =~ "docs" ]] then PR_OR_BRANCH="$CIRRUS_BRANCH" BUCKET="libpod-$CIRRUS_BRANCH-releases" else - warn "" "Skipping release processing: Commit range|CIRRUS_TAG is development tagged." + warn "" "Skipping release processing for non-docs task." exit 0 fi else die 1 "Expecting either \$CIRRUS_PR or \$CIRRUS_BRANCH to be non-empty." fi -echo "Parsing actual_release.txt contents: $(< actual_release.txt)" -cd $GOSRC -RELEASETXT=$(<actual_release.txt) # see build_release.sh -[[ -n "$RELEASETXT" ]] || \ - die 3 "Could not obtain metadata from actual_release.txt" -RELEASE_INFO=$(echo "$RELEASETXT" | grep -m 1 'X-RELEASE-INFO:' | sed -r -e 's/X-RELEASE-INFO:\s*(.+)/\1/') -if [[ "$?" -ne "0" ]] || [[ -z "$RELEASE_INFO" ]] -then - die 4 "Metadata is empty or invalid: '$RELEASETXT'" -fi -# Format specified in Makefile -# e.g. libpod v1.3.1-166-g60df124e fedora 29 amd64 -# or libpod-remote v1.3.1-166-g60df124e windows - amd64 -FIELDS="RELEASE_BASENAME RELEASE_VERSION RELEASE_DIST RELEASE_DIST_VER RELEASE_ARCH" -read $FIELDS <<< $RELEASE_INFO -req_env_var $FIELDS - # Functional local podman required for uploading echo "Verifying a local, functional podman, building one if necessary." [[ -n "$(type -P podman)" ]] || \ @@ -64,7 +47,7 @@ echo "$RELEASE_GCPJSON" > "$TMPF" unset RELEASE_GCPJSON cd $GOSRC -for filename in $(ls -1 *.tar.gz *.zip *.msi $SWAGGER_FILEPATH) +for filename in $(ls -1 $SWAGGER_FILEPATH) do unset EXT EXT=$(echo "$filename" | sed -r -e 's/.+\.(.+$)/\1/g') @@ -85,19 +68,7 @@ do # For doc. ref. this must always be a static filename, e.g. swagger-latest-master.yaml ALSO_FILENAME="swagger-latest-${PR_OR_BRANCH}.yaml" else - # Form the generic "latest" file for this branch or pr - TO_PREFIX="${RELEASE_BASENAME}-latest-${PR_OR_BRANCH}-${RELEASE_DIST}" - # Form the fully-versioned filename for historical sake - ALSO_PREFIX="${RELEASE_BASENAME}-${RELEASE_VERSION}-${PR_OR_BRANCH}-${RELEASE_DIST}" - TO_SUFFIX="${RELEASE_ARCH}.${EXT}" - if [[ "$RELEASE_DIST" == "windows" ]] || [[ "$RELEASE_DIST" == "darwin" ]] - then - TO_FILENAME="${TO_PREFIX}-${TO_SUFFIX}" - ALSO_FILENAME="${ALSO_PREFIX}-${TO_SUFFIX}" - else - TO_FILENAME="${TO_PREFIX}-${RELEASE_DIST_VER}-${TO_SUFFIX}" - ALSO_FILENAME="${ALSO_PREFIX}-${TO_SUFFIX}" - fi + die "Uploading non-docs files has been disabled" fi [[ "$OS_RELEASE_ID" == "ubuntu" ]] || \ diff --git a/contrib/fedora-minimal/Dockerfile b/contrib/fedora-minimal/Dockerfile index 8ea4e6765..a051b3204 100644 --- a/contrib/fedora-minimal/Dockerfile +++ b/contrib/fedora-minimal/Dockerfile @@ -1 +1 @@ -FROM fedora-minimal:latest +FROM registry.fedoraproject.org/fedora-minimal:latest diff --git a/contrib/gate/Dockerfile b/contrib/gate/Dockerfile index 2a904a202..54bd2cbde 100644 --- a/contrib/gate/Dockerfile +++ b/contrib/gate/Dockerfile @@ -33,31 +33,36 @@ RUN dnf -y install \ zip \ && dnf clean all -ENV GOPATH="/go" \ - PATH="/go/bin:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin" \ +ENV GOPATH="/var/tmp/go" \ + GOBIN="/var/tmp/go/bin" \ + PATH="/var/tmp/go/bin:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin" \ SRCPATH="/usr/src/libpod" \ - GOSRC="/go/src/github.com/containers/libpod" + GOSRC="/var/tmp/go/src/github.com/containers/libpod" -# Only needed for installing build-time dependencies +# Only needed for installing build-time dependencies, then will be removed COPY / $GOSRC -WORKDIR $GOSRC - # Install dependencies RUN set -x && \ + mkdir -p "$GOBIN" && \ + mkdir -p /etc/cni/net.d && \ + mkdir -p /etc/containers && \ install -D -m 755 $GOSRC/contrib/gate/entrypoint.sh /usr/local/bin/ && \ - python3 -m pip install pre-commit && \ - rm -rf "$GOSRC" + python3 -m pip install pre-commit # Install cni config -#RUN make install.cni -RUN mkdir -p /etc/cni/net.d/ COPY cni/87-podman-bridge.conflist /etc/cni/net.d/87-podman-bridge.conflist - # Make sure we have some policy for pulling images -RUN mkdir -p /etc/containers COPY test/policy.json /etc/containers/policy.json COPY test/redhat_sigstore.yaml /etc/containers/registries.d/registry.access.redhat.com.yaml +WORKDIR "$GOSRC" +RUN make install.tools && \ + cd / && \ + rm -rf "$GOSRC" && \ + mkdir -p "$GOSRC" VOLUME ["/usr/src/libpod"] +# This entrypoint will synchronize the above volume ($SRCPATH) to $GOSRC before +# executing make. This ensures the original source remains prestine and is never +# modified by any lint/validation checks. ENTRYPOINT ["/usr/local/bin/entrypoint.sh"] diff --git a/contrib/gate/README.md b/contrib/gate/README.md index 709e6035f..fe1205dc5 100644 --- a/contrib/gate/README.md +++ b/contrib/gate/README.md @@ -1,4 +1,6 @@  -A standard container image for `gofmt` and lint-checking the libpod -repository. The [contributors guide contains the documentation for usage.](https://github.com/containers/libpod/blob/master/CONTRIBUTING.md#go-format-and-lint) +A standard container image for lint-checking and validating changes to the libpod +repository. The +[contributors guide contains the documentation for usage.](https://github.com/containers/libpod/blob/master/CONTRIBUTING.md#go-format-and-lint). Note that this container image is also utilized +in automation, see the file [.cirrus.yml](.cirrus.yml) diff --git a/contrib/gate/entrypoint.sh b/contrib/gate/entrypoint.sh index 0189cf7c5..ab6528e00 100755 --- a/contrib/gate/entrypoint.sh +++ b/contrib/gate/entrypoint.sh @@ -1,15 +1,23 @@ #!/bin/bash -[[ -n "$SRCPATH" ]] || \ - ( echo "ERROR: \$SRCPATH must be non-empty" && exit 1 ) -[[ -n "$GOSRC" ]] || \ - ( echo "ERROR: \$GOSRC must be non-empty" && exit 2 ) +set -e + +die() { + echo "${2:-FATAL ERROR (but no message given!)} (gate container entrypoint)" + exit ${1:-1} +} + +[[ -n "$SRCPATH" ]] || die 1 "ERROR: \$SRCPATH must be non-empty" +[[ -n "$GOPATH" ]] || die 2 "ERROR: \$GOPATH must be non-empty" +[[ -n "$GOSRC" ]] || die 3 "ERROR: \$GOSRC must be non-empty" [[ -r "${SRCPATH}/contrib/gate/Dockerfile" ]] || \ - ( echo "ERROR: Expecting libpod repository root at $SRCPATH" && exit 3 ) + die 4 "ERROR: Expecting libpod repository root at $SRCPATH" # Working from a copy avoids needing to perturb the actual source files -mkdir -p "$GOSRC" +# if/when developers use gate container for local testing +echo "Copying $SRCPATH to $GOSRC" +mkdir -vp "$GOSRC" /usr/bin/rsync --recursive --links --quiet --safe-links \ --perms --times --delete "${SRCPATH}/" "${GOSRC}/" cd "$GOSRC" -make "$@" +exec make "$@" diff --git a/contrib/podmanimage/README.md b/contrib/podmanimage/README.md index ab55f3189..9d841cdba 100644 --- a/contrib/podmanimage/README.md +++ b/contrib/podmanimage/README.md @@ -10,10 +10,10 @@ the images live are public and can be pulled without credentials. These contain resulting containers can run safely with privileges within the container. The container images are built using the latest Fedora and then Podman is installed into them: - * quay.io/podman/stable - This image is built using the latest stable version of Podman in a Fedora based container. Built with podman/stable/Dockerfile. - * quay.io/podman/upstream - This image is built using the latest code found in this GitHub repository. When someone creates a commit and pushes it, the image is created. Due to that the image changes frequently and is not guaranteed to be stable. Built with podmanimage/upstream/Dockerfile. - * quay.io/podman/testing - This image is built using the latest version of Podman that is or was in updates testing for Fedora. At times this may be the same as the stable image. This container image will primarily be used by the development teams for verification testing when a new package is created. Built with podmanimage/testing/Dockerfile. - + * quay.io/podman/stable - This image is built using the latest stable version of Podman in a Fedora based container. Built with [podmanimage/stable/Dockerfile](stable/Dockerfile). + * quay.io/podman/upstream - This image is built using the latest code found in this GitHub repository. When someone creates a commit and pushes it, the image is created. Due to that the image changes frequently and is not guaranteed to be stable. Built with [podmanimage/upstream/Dockerfile](upstream/Dockerfile). + * quay.io/podman/testing - This image is built using the latest version of Podman that is or was in updates testing for Fedora. At times this may be the same as the stable image. This container image will primarily be used by the development teams for verification testing when a new package is created. Built with [podmanimage/testing/Dockerfile](testing/Dockerfile). + * quay.io/podman/stable:version - This image is built manually using a Fedora based container. An RPM is first pulled from the [Fedora Updates System](https://bodhi.fedoraproject.org/) and the image is built from there. For more details, see the Containerfile used to build it, [podmanimage/stable/manual/Containerfile](stable/manual/Containerfile). ## Sample Usage diff --git a/contrib/podmanimage/stable/manual/Containerfile b/contrib/podmanimage/stable/manual/Containerfile new file mode 100644 index 000000000..d76d6d9b4 --- /dev/null +++ b/contrib/podmanimage/stable/manual/Containerfile @@ -0,0 +1,39 @@ +# stable/manual/Containerfile +# +# Build a Podman container image from the latest +# stable version of Podman on the Fedora Updates System. +# https://bodhi.fedoraproject.org/updates/?search=podman +# This image can be used to create a secured container +# that runs safely with privileges within the container. +# This Containerfile builds version 1.7.0, the version and +# the RPM name would need to be adjusted before a run as +# appropriate. +# +# To use, first copy an rpm file from bohdi to `/root/tmp` +# and then run: +# 'podman build -f ./Containerfile -t quay.io/podman/stable:v1.7.0 .' +# +# Once complete run: +# `podman push quay.io/stable:v1.7.0 docker://quay.io/podman/stable:v1.7.0` +# +# Start Build Process using the latest Fedora +FROM fedora:latest + +# Don't include container-selinux and remove +# directories used by dnf that are just taking +# up space. +# +COPY /tmp/podman-1.7.0-3.fc30.x86_64.rpm /tmp +RUN yum -y install /tmp/podman-1.7.0-3.fc30.x86_64.rpm fuse-overlayfs --exclude container-selinux; rm -rf /var/cache /var/log/dnf* /var/log/yum.* /tmp/podman*.rpm + +# Adjust storage.conf to enable Fuse storage. +RUN sed -i -e 's|^#mount_program|mount_program|g' -e '/additionalimage.*/a "/var/lib/shared",' /etc/containers/storage.conf +RUN mkdir -p /var/lib/shared/overlay-images /var/lib/shared/overlay-layers; touch /var/lib/shared/overlay-images/images.lock; touch /var/lib/shared/overlay-layers/layers.lock + +# Adjust libpod.conf to write logging to a file +RUN sed -i 's/events_logger = "journald"/events_logger = "file"/g' /usr/share/containers/libpod.conf; mkdir -p /run/systemd/journal + +# Set up environment variables to note that this is +# not starting with usernamespace and default to +# isolate the filesystem with chroot. +ENV _BUILDAH_STARTED_IN_USERNS="" BUILDAH_ISOLATION=chroot diff --git a/contrib/podmanimage/upstream/Dockerfile b/contrib/podmanimage/upstream/Dockerfile index 7c9434fa6..847097920 100644 --- a/contrib/podmanimage/upstream/Dockerfile +++ b/contrib/podmanimage/upstream/Dockerfile @@ -19,16 +19,16 @@ ENV GOPATH=/root/podman # that are needed for building but not running Podman RUN useradd build; yum -y update; yum -y reinstall shadow-utils; yum -y install --exclude container-selinux \ --enablerepo=updates-testing \ - atomic-registries \ btrfs-progs-devel \ containernetworking-cni \ + conmon \ device-mapper-devel \ git \ glib2-devel \ glibc-devel \ glibc-static \ go \ - golang-github-cpuguy83-go-md2man \ + golang-github-cpuguy83-md2man \ gpgme-devel \ iptables \ libassuan-devel \ diff --git a/contrib/spec/podman.spec.in b/contrib/spec/podman.spec.in index a9c3bc3be..817be31b7 100644 --- a/contrib/spec/podman.spec.in +++ b/contrib/spec/podman.spec.in @@ -48,7 +48,7 @@ Epoch: 99 %else Epoch: 0 %endif -Version: 1.8.1 +Version: 1.8.3 Release: #COMMITDATE#.git%{shortcommit0}%{?dist} Summary: Manage Pods, Containers and Container Images License: ASL 2.0 @@ -524,6 +524,10 @@ export GOPATH=%{buildroot}/%{gopath}:$(pwd)/vendor:%{gopath} %{_unitdir}/io.podman.socket %{_usr}/lib/systemd/user/io.podman.service %{_usr}/lib/systemd/user/io.podman.socket +%{_unitdir}/podman.service +%{_unitdir}/podman.socket +%{_usr}/lib/systemd/user/podman.service +%{_usr}/lib/systemd/user/podman.socket %{_usr}/lib/tmpfiles.d/%{name}.conf %if 0%{?with_devel} diff --git a/contrib/systemd/auto-update/podman-auto-update.service b/contrib/systemd/auto-update/podman-auto-update.service new file mode 100644 index 000000000..b63f24230 --- /dev/null +++ b/contrib/systemd/auto-update/podman-auto-update.service @@ -0,0 +1,11 @@ +[Unit] +Description=Podman auto-update service +Documentation=man:podman-auto-update(1) +Wants=network.target +After=network-online.target + +[Service] +ExecStart=/usr/bin/podman auto-update + +[Install] +WantedBy=multi-user.target default.target diff --git a/contrib/systemd/auto-update/podman-auto-update.timer b/contrib/systemd/auto-update/podman-auto-update.timer new file mode 100644 index 000000000..3e50ffa9b --- /dev/null +++ b/contrib/systemd/auto-update/podman-auto-update.timer @@ -0,0 +1,9 @@ +[Unit] +Description=Podman auto-update timer + +[Timer] +OnCalendar=daily +Persistent=true + +[Install] +WantedBy=timers.target |