aboutsummaryrefslogtreecommitdiff
path: root/pkg/domain/infra/abi
diff options
context:
space:
mode:
Diffstat (limited to 'pkg/domain/infra/abi')
-rw-r--r--pkg/domain/infra/abi/images.go6
-rw-r--r--pkg/domain/infra/abi/play.go29
-rw-r--r--pkg/domain/infra/abi/secrets.go8
-rw-r--r--pkg/domain/infra/abi/terminal/sigproxy_commn.go16
-rw-r--r--pkg/domain/infra/abi/trust.go4
5 files changed, 37 insertions, 26 deletions
diff --git a/pkg/domain/infra/abi/images.go b/pkg/domain/infra/abi/images.go
index 6934de60e..16b75829f 100644
--- a/pkg/domain/infra/abi/images.go
+++ b/pkg/domain/infra/abi/images.go
@@ -5,7 +5,6 @@ import (
"errors"
"fmt"
"io/fs"
- "io/ioutil"
"net/url"
"os"
"os/exec"
@@ -340,7 +339,7 @@ func (ir *ImageEngine) Push(ctx context.Context, source string, destination stri
return err
}
- if err := ioutil.WriteFile(options.DigestFile, []byte(manifestDigest.String()), 0644); err != nil {
+ if err := os.WriteFile(options.DigestFile, []byte(manifestDigest.String()), 0644); err != nil {
return err
}
}
@@ -406,6 +405,7 @@ func (ir *ImageEngine) Save(ctx context.Context, nameOrID string, tags []string,
saveOptions := &libimage.SaveOptions{}
saveOptions.DirForceCompress = options.Compress
saveOptions.OciAcceptUncompressedLayers = options.OciAcceptUncompressedLayers
+ saveOptions.SignaturePolicyPath = options.SignaturePolicy
// Force signature removal to preserve backwards compat.
// See https://github.com/containers/podman/pull/11669#issuecomment-925250264
@@ -910,5 +910,5 @@ func putSignature(manifestBlob []byte, mech signature.SigningMechanism, sigStore
if err != nil {
return err
}
- return ioutil.WriteFile(filepath.Join(signatureDir, sigFilename), newSig, 0644)
+ return os.WriteFile(filepath.Join(signatureDir, sigFilename), newSig, 0644)
}
diff --git a/pkg/domain/infra/abi/play.go b/pkg/domain/infra/abi/play.go
index d447b4d00..bd9117f72 100644
--- a/pkg/domain/infra/abi/play.go
+++ b/pkg/domain/infra/abi/play.go
@@ -6,11 +6,11 @@ import (
"errors"
"fmt"
"io"
- "io/ioutil"
"os"
"path/filepath"
"strconv"
"strings"
+ "sync"
buildahDefine "github.com/containers/buildah/define"
"github.com/containers/common/libimage"
@@ -116,7 +116,7 @@ func (ic *ContainerEngine) PlayKube(ctx context.Context, body io.Reader, options
validKinds := 0
// read yaml document
- content, err := ioutil.ReadAll(body)
+ content, err := io.ReadAll(body)
if err != nil {
return nil, err
}
@@ -699,9 +699,24 @@ func (ic *ContainerEngine) playKubePod(ctx context.Context, podName string, podY
fmt.Println(playKubePod.ContainerErrors)
}
- // Wait for each proxy to receive a READY message.
- for _, proxy := range sdNotifyProxies {
- if err := proxy.WaitAndClose(); err != nil {
+ // Wait for each proxy to receive a READY message. Use a wait
+ // group to prevent the potential for ABBA kinds of deadlocks.
+ var wg sync.WaitGroup
+ errors := make([]error, len(sdNotifyProxies))
+ for i := range sdNotifyProxies {
+ wg.Add(1)
+ go func(i int) {
+ err := sdNotifyProxies[i].WaitAndClose()
+ if err != nil {
+ err = fmt.Errorf("waiting for sd-notify proxy: %w", err)
+ }
+ errors[i] = err
+ wg.Done()
+ }(i)
+ }
+ wg.Wait()
+ for _, err := range errors {
+ if err != nil {
return nil, err
}
}
@@ -873,7 +888,7 @@ func (ic *ContainerEngine) playKubePVC(ctx context.Context, pvcYAML *v1.Persiste
func readConfigMapFromFile(r io.Reader) (v1.ConfigMap, error) {
var cm v1.ConfigMap
- content, err := ioutil.ReadAll(r)
+ content, err := io.ReadAll(r)
if err != nil {
return cm, fmt.Errorf("unable to read ConfigMap YAML content: %w", err)
}
@@ -1005,7 +1020,7 @@ func (ic *ContainerEngine) PlayKubeDown(ctx context.Context, body io.Reader, _ e
reports := new(entities.PlayKubeReport)
// read yaml document
- content, err := ioutil.ReadAll(body)
+ content, err := io.ReadAll(body)
if err != nil {
return nil, err
}
diff --git a/pkg/domain/infra/abi/secrets.go b/pkg/domain/infra/abi/secrets.go
index 47159d65a..929858c5c 100644
--- a/pkg/domain/infra/abi/secrets.go
+++ b/pkg/domain/infra/abi/secrets.go
@@ -4,7 +4,6 @@ import (
"context"
"fmt"
"io"
- "io/ioutil"
"path/filepath"
"strings"
@@ -14,7 +13,7 @@ import (
)
func (ic *ContainerEngine) SecretCreate(ctx context.Context, name string, reader io.Reader, options entities.SecretCreateOptions) (*entities.SecretCreateReport, error) {
- data, _ := ioutil.ReadAll(reader)
+ data, _ := io.ReadAll(reader)
secretsPath := ic.Libpod.GetSecretsStorageDir()
manager, err := ic.Libpod.SecretsManager()
if err != nil {
@@ -45,6 +44,7 @@ func (ic *ContainerEngine) SecretCreate(ctx context.Context, name string, reader
storeOpts := secrets.StoreOptions{
DriverOpts: options.DriverOpts,
+ Labels: options.Labels,
}
secretID, err := manager.Store(name, data, options.Driver, storeOpts)
@@ -74,6 +74,9 @@ func (ic *ContainerEngine) SecretInspect(ctx context.Context, nameOrIDs []string
return nil, nil, fmt.Errorf("inspecting secret %s: %w", nameOrID, err)
}
}
+ if secret.Labels == nil {
+ secret.Labels = make(map[string]string)
+ }
report := &entities.SecretInfoReport{
ID: secret.ID,
CreatedAt: secret.CreatedAt,
@@ -84,6 +87,7 @@ func (ic *ContainerEngine) SecretInspect(ctx context.Context, nameOrIDs []string
Name: secret.Driver,
Options: secret.DriverOptions,
},
+ Labels: secret.Labels,
},
}
reports = append(reports, report)
diff --git a/pkg/domain/infra/abi/terminal/sigproxy_commn.go b/pkg/domain/infra/abi/terminal/sigproxy_commn.go
index 3a0132ef3..d42685508 100644
--- a/pkg/domain/infra/abi/terminal/sigproxy_commn.go
+++ b/pkg/domain/infra/abi/terminal/sigproxy_commn.go
@@ -15,33 +15,25 @@ import (
"github.com/sirupsen/logrus"
)
-// Make sure the signal buffer is sufficiently big.
-// runc is using the same value.
-const signalBufferSize = 2048
-
// ProxySignals ...
func ProxySignals(ctr *libpod.Container) {
// Stop catching the shutdown signals (SIGINT, SIGTERM) - they're going
// to the container now.
shutdown.Stop() //nolint: errcheck
- sigBuffer := make(chan os.Signal, signalBufferSize)
+ sigBuffer := make(chan os.Signal, signal.SignalBufferSize)
signal.CatchAll(sigBuffer)
logrus.Debugf("Enabling signal proxying")
go func() {
for s := range sigBuffer {
- // Ignore SIGCHLD and SIGPIPE - these are mostly likely
- // intended for the podman command itself.
- // SIGURG was added because of golang 1.14 and its preemptive changes
- // causing more signals to "show up".
- // https://github.com/containers/podman/issues/5483
- if s == syscall.SIGCHLD || s == syscall.SIGPIPE || s == syscall.SIGURG {
+ syscallSignal := s.(syscall.Signal)
+ if signal.IsSignalIgnoredBySigProxy(syscallSignal) {
continue
}
- if err := ctr.Kill(uint(s.(syscall.Signal))); err != nil {
+ if err := ctr.Kill(uint(syscallSignal)); err != nil {
if errors.Is(err, define.ErrCtrStateInvalid) {
logrus.Infof("Ceasing signal forwarding to container %s as it has stopped", ctr.ID())
} else {
diff --git a/pkg/domain/infra/abi/trust.go b/pkg/domain/infra/abi/trust.go
index c58ddff06..9b30920d7 100644
--- a/pkg/domain/infra/abi/trust.go
+++ b/pkg/domain/infra/abi/trust.go
@@ -3,7 +3,7 @@ package abi
import (
"context"
"fmt"
- "io/ioutil"
+ "os"
"github.com/containers/podman/v4/pkg/domain/entities"
"github.com/containers/podman/v4/pkg/trust"
@@ -18,7 +18,7 @@ func (ir *ImageEngine) ShowTrust(ctx context.Context, args []string, options ent
if len(options.PolicyPath) > 0 {
policyPath = options.PolicyPath
}
- report.Raw, err = ioutil.ReadFile(policyPath)
+ report.Raw, err = os.ReadFile(policyPath)
if err != nil {
return nil, err
}
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-02-07 15:25:35 +0000