summaryrefslogtreecommitdiff
path: root/pkg/domain
diff options
context:
space:
mode:
Diffstat (limited to 'pkg/domain')
-rw-r--r--pkg/domain/entities/images.go3
-rw-r--r--pkg/domain/entities/secrets.go4
-rw-r--r--pkg/domain/infra/abi/images.go6
-rw-r--r--pkg/domain/infra/abi/play.go7
-rw-r--r--pkg/domain/infra/abi/secrets.go8
-rw-r--r--pkg/domain/infra/abi/terminal/sigproxy_commn.go16
-rw-r--r--pkg/domain/infra/abi/trust.go4
-rw-r--r--pkg/domain/infra/tunnel/containers.go10
-rw-r--r--pkg/domain/infra/tunnel/images.go3
-rw-r--r--pkg/domain/infra/tunnel/runtime.go31
-rw-r--r--pkg/domain/infra/tunnel/secrets.go3
-rw-r--r--pkg/domain/utils/scp.go3
12 files changed, 69 insertions, 29 deletions
diff --git a/pkg/domain/entities/images.go b/pkg/domain/entities/images.go
index cad11b0ab..b1eb3b005 100644
--- a/pkg/domain/entities/images.go
+++ b/pkg/domain/entities/images.go
@@ -335,7 +335,8 @@ type ImageSaveOptions struct {
// Output - write image to the specified path.
Output string
// Quiet - suppress output when copying images
- Quiet bool
+ Quiet bool
+ SignaturePolicy string
}
// ImageScpOptions provide options for securely copying images to and from a remote host
diff --git a/pkg/domain/entities/secrets.go b/pkg/domain/entities/secrets.go
index d8af937a7..5686b90e9 100644
--- a/pkg/domain/entities/secrets.go
+++ b/pkg/domain/entities/secrets.go
@@ -13,6 +13,7 @@ type SecretCreateReport struct {
type SecretCreateOptions struct {
Driver string
DriverOpts map[string]string
+ Labels map[string]string
}
type SecretListRequest struct {
@@ -55,6 +56,7 @@ type SecretVersion struct {
type SecretSpec struct {
Name string
Driver SecretDriverSpec
+ Labels map[string]string
}
type SecretDriverSpec struct {
@@ -70,6 +72,8 @@ type SecretCreateRequest struct {
Data string
// Driver represents a driver (default "file")
Driver SecretDriverSpec
+ // Labels are labels on the secret
+ Labels map[string]string
}
// Secret create response
diff --git a/pkg/domain/infra/abi/images.go b/pkg/domain/infra/abi/images.go
index 6934de60e..16b75829f 100644
--- a/pkg/domain/infra/abi/images.go
+++ b/pkg/domain/infra/abi/images.go
@@ -5,7 +5,6 @@ import (
"errors"
"fmt"
"io/fs"
- "io/ioutil"
"net/url"
"os"
"os/exec"
@@ -340,7 +339,7 @@ func (ir *ImageEngine) Push(ctx context.Context, source string, destination stri
return err
}
- if err := ioutil.WriteFile(options.DigestFile, []byte(manifestDigest.String()), 0644); err != nil {
+ if err := os.WriteFile(options.DigestFile, []byte(manifestDigest.String()), 0644); err != nil {
return err
}
}
@@ -406,6 +405,7 @@ func (ir *ImageEngine) Save(ctx context.Context, nameOrID string, tags []string,
saveOptions := &libimage.SaveOptions{}
saveOptions.DirForceCompress = options.Compress
saveOptions.OciAcceptUncompressedLayers = options.OciAcceptUncompressedLayers
+ saveOptions.SignaturePolicyPath = options.SignaturePolicy
// Force signature removal to preserve backwards compat.
// See https://github.com/containers/podman/pull/11669#issuecomment-925250264
@@ -910,5 +910,5 @@ func putSignature(manifestBlob []byte, mech signature.SigningMechanism, sigStore
if err != nil {
return err
}
- return ioutil.WriteFile(filepath.Join(signatureDir, sigFilename), newSig, 0644)
+ return os.WriteFile(filepath.Join(signatureDir, sigFilename), newSig, 0644)
}
diff --git a/pkg/domain/infra/abi/play.go b/pkg/domain/infra/abi/play.go
index d447b4d00..847e81e69 100644
--- a/pkg/domain/infra/abi/play.go
+++ b/pkg/domain/infra/abi/play.go
@@ -6,7 +6,6 @@ import (
"errors"
"fmt"
"io"
- "io/ioutil"
"os"
"path/filepath"
"strconv"
@@ -116,7 +115,7 @@ func (ic *ContainerEngine) PlayKube(ctx context.Context, body io.Reader, options
validKinds := 0
// read yaml document
- content, err := ioutil.ReadAll(body)
+ content, err := io.ReadAll(body)
if err != nil {
return nil, err
}
@@ -873,7 +872,7 @@ func (ic *ContainerEngine) playKubePVC(ctx context.Context, pvcYAML *v1.Persiste
func readConfigMapFromFile(r io.Reader) (v1.ConfigMap, error) {
var cm v1.ConfigMap
- content, err := ioutil.ReadAll(r)
+ content, err := io.ReadAll(r)
if err != nil {
return cm, fmt.Errorf("unable to read ConfigMap YAML content: %w", err)
}
@@ -1005,7 +1004,7 @@ func (ic *ContainerEngine) PlayKubeDown(ctx context.Context, body io.Reader, _ e
reports := new(entities.PlayKubeReport)
// read yaml document
- content, err := ioutil.ReadAll(body)
+ content, err := io.ReadAll(body)
if err != nil {
return nil, err
}
diff --git a/pkg/domain/infra/abi/secrets.go b/pkg/domain/infra/abi/secrets.go
index 47159d65a..929858c5c 100644
--- a/pkg/domain/infra/abi/secrets.go
+++ b/pkg/domain/infra/abi/secrets.go
@@ -4,7 +4,6 @@ import (
"context"
"fmt"
"io"
- "io/ioutil"
"path/filepath"
"strings"
@@ -14,7 +13,7 @@ import (
)
func (ic *ContainerEngine) SecretCreate(ctx context.Context, name string, reader io.Reader, options entities.SecretCreateOptions) (*entities.SecretCreateReport, error) {
- data, _ := ioutil.ReadAll(reader)
+ data, _ := io.ReadAll(reader)
secretsPath := ic.Libpod.GetSecretsStorageDir()
manager, err := ic.Libpod.SecretsManager()
if err != nil {
@@ -45,6 +44,7 @@ func (ic *ContainerEngine) SecretCreate(ctx context.Context, name string, reader
storeOpts := secrets.StoreOptions{
DriverOpts: options.DriverOpts,
+ Labels: options.Labels,
}
secretID, err := manager.Store(name, data, options.Driver, storeOpts)
@@ -74,6 +74,9 @@ func (ic *ContainerEngine) SecretInspect(ctx context.Context, nameOrIDs []string
return nil, nil, fmt.Errorf("inspecting secret %s: %w", nameOrID, err)
}
}
+ if secret.Labels == nil {
+ secret.Labels = make(map[string]string)
+ }
report := &entities.SecretInfoReport{
ID: secret.ID,
CreatedAt: secret.CreatedAt,
@@ -84,6 +87,7 @@ func (ic *ContainerEngine) SecretInspect(ctx context.Context, nameOrIDs []string
Name: secret.Driver,
Options: secret.DriverOptions,
},
+ Labels: secret.Labels,
},
}
reports = append(reports, report)
diff --git a/pkg/domain/infra/abi/terminal/sigproxy_commn.go b/pkg/domain/infra/abi/terminal/sigproxy_commn.go
index 3a0132ef3..d42685508 100644
--- a/pkg/domain/infra/abi/terminal/sigproxy_commn.go
+++ b/pkg/domain/infra/abi/terminal/sigproxy_commn.go
@@ -15,33 +15,25 @@ import (
"github.com/sirupsen/logrus"
)
-// Make sure the signal buffer is sufficiently big.
-// runc is using the same value.
-const signalBufferSize = 2048
-
// ProxySignals ...
func ProxySignals(ctr *libpod.Container) {
// Stop catching the shutdown signals (SIGINT, SIGTERM) - they're going
// to the container now.
shutdown.Stop() //nolint: errcheck
- sigBuffer := make(chan os.Signal, signalBufferSize)
+ sigBuffer := make(chan os.Signal, signal.SignalBufferSize)
signal.CatchAll(sigBuffer)
logrus.Debugf("Enabling signal proxying")
go func() {
for s := range sigBuffer {
- // Ignore SIGCHLD and SIGPIPE - these are mostly likely
- // intended for the podman command itself.
- // SIGURG was added because of golang 1.14 and its preemptive changes
- // causing more signals to "show up".
- // https://github.com/containers/podman/issues/5483
- if s == syscall.SIGCHLD || s == syscall.SIGPIPE || s == syscall.SIGURG {
+ syscallSignal := s.(syscall.Signal)
+ if signal.IsSignalIgnoredBySigProxy(syscallSignal) {
continue
}
- if err := ctr.Kill(uint(s.(syscall.Signal))); err != nil {
+ if err := ctr.Kill(uint(syscallSignal)); err != nil {
if errors.Is(err, define.ErrCtrStateInvalid) {
logrus.Infof("Ceasing signal forwarding to container %s as it has stopped", ctr.ID())
} else {
diff --git a/pkg/domain/infra/abi/trust.go b/pkg/domain/infra/abi/trust.go
index c58ddff06..9b30920d7 100644
--- a/pkg/domain/infra/abi/trust.go
+++ b/pkg/domain/infra/abi/trust.go
@@ -3,7 +3,7 @@ package abi
import (
"context"
"fmt"
- "io/ioutil"
+ "os"
"github.com/containers/podman/v4/pkg/domain/entities"
"github.com/containers/podman/v4/pkg/trust"
@@ -18,7 +18,7 @@ func (ir *ImageEngine) ShowTrust(ctx context.Context, args []string, options ent
if len(options.PolicyPath) > 0 {
policyPath = options.PolicyPath
}
- report.Raw, err = ioutil.ReadFile(policyPath)
+ report.Raw, err = os.ReadFile(policyPath)
if err != nil {
return nil, err
}
diff --git a/pkg/domain/infra/tunnel/containers.go b/pkg/domain/infra/tunnel/containers.go
index 0dc73081d..0b573686f 100644
--- a/pkg/domain/infra/tunnel/containers.go
+++ b/pkg/domain/infra/tunnel/containers.go
@@ -620,6 +620,9 @@ func (ic *ContainerEngine) ContainerExecDetached(ctx context.Context, nameOrID s
}
func startAndAttach(ic *ContainerEngine, name string, detachKeys *string, input, output, errput *os.File) error {
+ if output == nil && errput == nil {
+ fmt.Printf("%s\n", name)
+ }
attachErr := make(chan error)
attachReady := make(chan bool)
options := new(containers.AttachOptions).WithStream(true)
@@ -825,6 +828,13 @@ func (ic *ContainerEngine) ContainerRun(ctx context.Context, opts entities.Conta
}
// Attach
+ if opts.SigProxy {
+ remoteProxySignals(con.ID, func(signal string) error {
+ killOpts := entities.KillOptions{All: false, Latest: false, Signal: signal}
+ _, err := ic.ContainerKill(ctx, []string{con.ID}, killOpts)
+ return err
+ })
+ }
if err := startAndAttach(ic, con.ID, &opts.DetachKeys, opts.InputStream, opts.OutputStream, opts.ErrorStream); err != nil {
if err == define.ErrDetach {
return &report, nil
diff --git a/pkg/domain/infra/tunnel/images.go b/pkg/domain/infra/tunnel/images.go
index cc99b1b3a..9ae1ff959 100644
--- a/pkg/domain/infra/tunnel/images.go
+++ b/pkg/domain/infra/tunnel/images.go
@@ -4,7 +4,6 @@ import (
"context"
"errors"
"fmt"
- "io/ioutil"
"os"
"strconv"
"strings"
@@ -264,7 +263,7 @@ func (ir *ImageEngine) Save(ctx context.Context, nameOrID string, tags []string,
switch opts.Format {
case "oci-dir", "docker-dir":
- f, err = ioutil.TempFile("", "podman_save")
+ f, err = os.CreateTemp("", "podman_save")
if err == nil {
defer func() { _ = os.Remove(f.Name()) }()
}
diff --git a/pkg/domain/infra/tunnel/runtime.go b/pkg/domain/infra/tunnel/runtime.go
index 6542ea5b7..75bd4ef5e 100644
--- a/pkg/domain/infra/tunnel/runtime.go
+++ b/pkg/domain/infra/tunnel/runtime.go
@@ -2,6 +2,12 @@ package tunnel
import (
"context"
+ "os"
+ "syscall"
+
+ "github.com/containers/podman/v4/libpod/define"
+ "github.com/containers/podman/v4/pkg/signal"
+ "github.com/sirupsen/logrus"
)
// Image-related runtime using an ssh-tunnel to utilize Podman service
@@ -18,3 +24,28 @@ type ContainerEngine struct {
type SystemEngine struct {
ClientCtx context.Context
}
+
+func remoteProxySignals(ctrID string, killFunc func(string) error) {
+ sigBuffer := make(chan os.Signal, signal.SignalBufferSize)
+ signal.CatchAll(sigBuffer)
+
+ logrus.Debugf("Enabling signal proxying")
+
+ go func() {
+ for s := range sigBuffer {
+ syscallSignal := s.(syscall.Signal)
+ if signal.IsSignalIgnoredBySigProxy(syscallSignal) {
+ continue
+ }
+ signalName, err := signal.ParseSysSignalToName(syscallSignal)
+ if err != nil {
+ logrus.Infof("Ceasing signal %v forwarding to container %s as it has stopped: %s", s, ctrID, err)
+ }
+ if err := killFunc(signalName); err != nil {
+ if err.Error() == define.ErrCtrStateInvalid.Error() {
+ logrus.Debugf("Ceasing signal %q forwarding to container %s as it has stopped", signalName, ctrID)
+ }
+ }
+ }
+ }()
+}
diff --git a/pkg/domain/infra/tunnel/secrets.go b/pkg/domain/infra/tunnel/secrets.go
index d26718b12..aa48cb764 100644
--- a/pkg/domain/infra/tunnel/secrets.go
+++ b/pkg/domain/infra/tunnel/secrets.go
@@ -14,7 +14,8 @@ func (ic *ContainerEngine) SecretCreate(ctx context.Context, name string, reader
opts := new(secrets.CreateOptions).
WithDriver(options.Driver).
WithDriverOpts(options.DriverOpts).
- WithName(name)
+ WithName(name).
+ WithLabels(options.Labels)
created, err := secrets.Create(ic.ClientCtx, reader, opts)
if err != nil {
return nil, err
diff --git a/pkg/domain/utils/scp.go b/pkg/domain/utils/scp.go
index 44a0d94d7..19567551e 100644
--- a/pkg/domain/utils/scp.go
+++ b/pkg/domain/utils/scp.go
@@ -2,7 +2,6 @@ package utils
import (
"fmt"
- "io/ioutil"
"net/url"
"os"
"os/exec"
@@ -29,7 +28,7 @@ func ExecuteTransfer(src, dst string, parentFlags []string, quiet bool, sshMode
return nil, nil, nil, nil, err
}
- f, err := ioutil.TempFile("", "podman") // open temp file for load/save output
+ f, err := os.CreateTemp("", "podman") // open temp file for load/save output
if err != nil {
return nil, nil, nil, nil, err
}