diff options
Diffstat (limited to 'pkg')
71 files changed, 646 insertions, 286 deletions
diff --git a/pkg/api/handlers/compat/containers_export.go b/pkg/api/handlers/compat/containers_export.go index 66e1dcca5..03e547411 100644 --- a/pkg/api/handlers/compat/containers_export.go +++ b/pkg/api/handlers/compat/containers_export.go @@ -2,7 +2,6 @@ package compat import ( "fmt" - "io/ioutil" "net/http" "os" @@ -19,7 +18,7 @@ func ExportContainer(w http.ResponseWriter, r *http.Request) { utils.ContainerNotFound(w, name, err) return } - tmpfile, err := ioutil.TempFile("", "api.tar") + tmpfile, err := os.CreateTemp("", "api.tar") if err != nil { utils.Error(w, http.StatusInternalServerError, fmt.Errorf("unable to create tempfile: %w", err)) return diff --git a/pkg/api/handlers/compat/images.go b/pkg/api/handlers/compat/images.go index 0493c6ffb..cce482441 100644 --- a/pkg/api/handlers/compat/images.go +++ b/pkg/api/handlers/compat/images.go @@ -4,7 +4,6 @@ import ( "encoding/json" "errors" "fmt" - "io/ioutil" "net/http" "os" "strings" @@ -49,7 +48,7 @@ func ExportImage(w http.ResponseWriter, r *http.Request) { // 500 server runtime := r.Context().Value(api.RuntimeKey).(*libpod.Runtime) - tmpfile, err := ioutil.TempFile("", "api.tar") + tmpfile, err := os.CreateTemp("", "api.tar") if err != nil { utils.Error(w, http.StatusInternalServerError, fmt.Errorf("unable to create tempfile: %w", err)) return @@ -193,7 +192,7 @@ func CreateImageFromSrc(w http.ResponseWriter, r *http.Request) { // fromSrc – Source to import. The value may be a URL from which the image can be retrieved or - to read the image from the request body. This parameter may only be used when importing an image. source := query.FromSrc if source == "-" { - f, err := ioutil.TempFile("", "api_load.tar") + f, err := os.CreateTemp("", "api_load.tar") if err != nil { utils.Error(w, http.StatusInternalServerError, fmt.Errorf("failed to create tempfile: %w", err)) return @@ -480,7 +479,7 @@ func LoadImages(w http.ResponseWriter, r *http.Request) { // First write the body to a temporary file that we can later attempt // to load. - f, err := ioutil.TempFile("", "api_load.tar") + f, err := os.CreateTemp("", "api_load.tar") if err != nil { utils.Error(w, http.StatusInternalServerError, fmt.Errorf("failed to create tempfile: %w", err)) return @@ -547,7 +546,7 @@ func ExportImages(w http.ResponseWriter, r *http.Request) { images[i] = possiblyNormalizedName } - tmpfile, err := ioutil.TempFile("", "api.tar") + tmpfile, err := os.CreateTemp("", "api.tar") if err != nil { utils.Error(w, http.StatusInternalServerError, fmt.Errorf("unable to create tempfile: %w", err)) return diff --git a/pkg/api/handlers/compat/images_build.go b/pkg/api/handlers/compat/images_build.go index 4035b4315..d4c8c0743 100644 --- a/pkg/api/handlers/compat/images_build.go +++ b/pkg/api/handlers/compat/images_build.go @@ -6,7 +6,6 @@ import ( "errors" "fmt" "io" - "io/ioutil" "net/http" "os" "path/filepath" @@ -131,6 +130,7 @@ func BuildImage(w http.ResponseWriter, r *http.Request) { Secrets string `schema:"secrets"` SecurityOpt string `schema:"securityopt"` ShmSize int `schema:"shmsize"` + SkipUnusedStages bool `schema:"skipunusedstages"` Squash bool `schema:"squash"` TLSVerify bool `schema:"tlsVerify"` Tags []string `schema:"t"` @@ -139,12 +139,13 @@ func BuildImage(w http.ResponseWriter, r *http.Request) { Ulimits string `schema:"ulimits"` UnsetEnvs []string `schema:"unsetenv"` }{ - Dockerfile: "Dockerfile", - IdentityLabel: true, - Registry: "docker.io", - Rm: true, - ShmSize: 64 * 1024 * 1024, - TLSVerify: true, + Dockerfile: "Dockerfile", + IdentityLabel: true, + Registry: "docker.io", + Rm: true, + ShmSize: 64 * 1024 * 1024, + TLSVerify: true, + SkipUnusedStages: true, } decoder := r.Context().Value(api.DecoderKey).(*schema.Decoder) @@ -182,7 +183,7 @@ func BuildImage(w http.ResponseWriter, r *http.Request) { dockerFileSet := false if utils.IsLibpodRequest(r) && query.Remote != "" { // The context directory could be a URL. Try to handle that. - anchorDir, err := ioutil.TempDir(parse.GetTempDir(), "libpod_builder") + anchorDir, err := os.MkdirTemp(parse.GetTempDir(), "libpod_builder") if err != nil { utils.InternalServerError(w, err) } @@ -676,6 +677,7 @@ func BuildImage(w http.ResponseWriter, r *http.Request) { RemoveIntermediateCtrs: query.Rm, ReportWriter: reporter, RusageLogFile: query.RusageLogFile, + SkipUnusedStages: types.NewOptionalBool(query.SkipUnusedStages), Squash: query.Squash, SystemContext: systemContext, Target: query.Target, @@ -730,7 +732,7 @@ func BuildImage(w http.ResponseWriter, r *http.Request) { if logrus.IsLevelEnabled(logrus.DebugLevel) { if v, found := os.LookupEnv("PODMAN_RETAIN_BUILD_ARTIFACT"); found { if keep, _ := strconv.ParseBool(v); keep { - t, _ := ioutil.TempFile("", "build_*_server") + t, _ := os.CreateTemp("", "build_*_server") defer t.Close() body = io.MultiWriter(t, w) } @@ -852,7 +854,7 @@ func parseLibPodIsolation(isolation string) (buildah.Isolation, error) { func extractTarFile(r *http.Request) (string, error) { // build a home for the request body - anchorDir, err := ioutil.TempDir("", "libpod_builder") + anchorDir, err := os.MkdirTemp("", "libpod_builder") if err != nil { return "", err } diff --git a/pkg/api/handlers/compat/images_push.go b/pkg/api/handlers/compat/images_push.go index a1173de0b..e1655a3bc 100644 --- a/pkg/api/handlers/compat/images_push.go +++ b/pkg/api/handlers/compat/images_push.go @@ -4,8 +4,9 @@ import ( "encoding/json" "errors" "fmt" - "io/ioutil" + "io" "net/http" + "os" "strings" "github.com/containers/image/v5/types" @@ -26,7 +27,7 @@ func PushImage(w http.ResponseWriter, r *http.Request) { decoder := r.Context().Value(api.DecoderKey).(*schema.Decoder) runtime := r.Context().Value(api.RuntimeKey).(*libpod.Runtime) - digestFile, err := ioutil.TempFile("", "digest.txt") + digestFile, err := os.CreateTemp("", "digest.txt") if err != nil { utils.Error(w, http.StatusInternalServerError, fmt.Errorf("unable to create tempfile: %w", err)) return @@ -186,7 +187,7 @@ loop: // break out of for/select infinite loop break loop } - digestBytes, err := ioutil.ReadAll(digestFile) + digestBytes, err := io.ReadAll(digestFile) if err != nil { report.Error = &jsonmessage.JSONError{ Message: err.Error(), diff --git a/pkg/api/handlers/compat/secrets.go b/pkg/api/handlers/compat/secrets.go index 13b3c4e24..847f05f27 100644 --- a/pkg/api/handlers/compat/secrets.go +++ b/pkg/api/handlers/compat/secrets.go @@ -111,14 +111,11 @@ func CreateSecret(w http.ResponseWriter, r *http.Request) { utils.Error(w, http.StatusInternalServerError, fmt.Errorf("Decode(): %w", err)) return } - if len(createParams.Labels) > 0 { - utils.Error(w, http.StatusBadRequest, fmt.Errorf("labels not supported: %w", errors.New("bad parameter"))) - return - } decoded, _ := base64.StdEncoding.DecodeString(createParams.Data) reader := bytes.NewReader(decoded) opts.Driver = createParams.Driver.Name + opts.Labels = createParams.Labels ic := abi.ContainerEngine{Libpod: runtime} report, err := ic.SecretCreate(r.Context(), createParams.Name, reader, opts) diff --git a/pkg/api/handlers/libpod/containers.go b/pkg/api/handlers/libpod/containers.go index a76e3d988..854740b17 100644 --- a/pkg/api/handlers/libpod/containers.go +++ b/pkg/api/handlers/libpod/containers.go @@ -4,7 +4,6 @@ import ( "encoding/json" "errors" "fmt" - "io/ioutil" "net/http" "os" "strings" @@ -248,7 +247,7 @@ func Checkpoint(w http.ResponseWriter, r *http.Request) { } if query.Export { - f, err := ioutil.TempFile("", "checkpoint") + f, err := os.CreateTemp("", "checkpoint") if err != nil { utils.InternalServerError(w, err) return @@ -329,7 +328,7 @@ func Restore(w http.ResponseWriter, r *http.Request) { var names []string if query.Import { - t, err := ioutil.TempFile("", "restore") + t, err := os.CreateTemp("", "restore") if err != nil { utils.InternalServerError(w, err) return diff --git a/pkg/api/handlers/libpod/images.go b/pkg/api/handlers/libpod/images.go index 82c1971cd..412532954 100644 --- a/pkg/api/handlers/libpod/images.go +++ b/pkg/api/handlers/libpod/images.go @@ -4,7 +4,6 @@ import ( "errors" "fmt" "io" - "io/ioutil" "net/http" "os" "strconv" @@ -182,7 +181,7 @@ func ExportImage(w http.ResponseWriter, r *http.Request) { switch query.Format { case define.OCIArchive, define.V2s2Archive: - tmpfile, err := ioutil.TempFile("", "api.tar") + tmpfile, err := os.CreateTemp("", "api.tar") if err != nil { utils.Error(w, http.StatusInternalServerError, fmt.Errorf("unable to create tempfile: %w", err)) return @@ -193,7 +192,7 @@ func ExportImage(w http.ResponseWriter, r *http.Request) { return } case define.OCIManifestDir, define.V2s2ManifestDir: - tmpdir, err := ioutil.TempDir("", "save") + tmpdir, err := os.MkdirTemp("", "save") if err != nil { utils.Error(w, http.StatusInternalServerError, fmt.Errorf("unable to create tempdir: %w", err)) return @@ -279,7 +278,7 @@ func ExportImages(w http.ResponseWriter, r *http.Request) { switch query.Format { case define.V2s2Archive, define.OCIArchive: - tmpfile, err := ioutil.TempFile("", "api.tar") + tmpfile, err := os.CreateTemp("", "api.tar") if err != nil { utils.Error(w, http.StatusInternalServerError, fmt.Errorf("unable to create tempfile: %w", err)) return @@ -290,7 +289,7 @@ func ExportImages(w http.ResponseWriter, r *http.Request) { return } case define.OCIManifestDir, define.V2s2ManifestDir: - tmpdir, err := ioutil.TempDir("", "save") + tmpdir, err := os.MkdirTemp("", "save") if err != nil { utils.Error(w, http.StatusInternalServerError, fmt.Errorf("unable to create tmpdir: %w", err)) return @@ -329,7 +328,7 @@ func ExportImages(w http.ResponseWriter, r *http.Request) { func ImagesLoad(w http.ResponseWriter, r *http.Request) { runtime := r.Context().Value(api.RuntimeKey).(*libpod.Runtime) - tmpfile, err := ioutil.TempFile("", "libpod-images-load.tar") + tmpfile, err := os.CreateTemp("", "libpod-images-load.tar") if err != nil { utils.Error(w, http.StatusInternalServerError, fmt.Errorf("unable to create tempfile: %w", err)) return @@ -378,7 +377,7 @@ func ImagesImport(w http.ResponseWriter, r *http.Request) { // Check if we need to load the image from a URL or from the request's body. source := query.URL if len(query.URL) == 0 { - tmpfile, err := ioutil.TempFile("", "libpod-images-import.tar") + tmpfile, err := os.CreateTemp("", "libpod-images-import.tar") if err != nil { utils.Error(w, http.StatusInternalServerError, fmt.Errorf("unable to create tempfile: %w", err)) return diff --git a/pkg/api/handlers/libpod/manifests.go b/pkg/api/handlers/libpod/manifests.go index d5af72a61..c96e4936b 100644 --- a/pkg/api/handlers/libpod/manifests.go +++ b/pkg/api/handlers/libpod/manifests.go @@ -5,7 +5,7 @@ import ( "encoding/json" "errors" "fmt" - "io/ioutil" + "io" "net/http" "net/url" "strconv" @@ -83,7 +83,7 @@ func ManifestCreate(w http.ResponseWriter, r *http.Request) { status = http.StatusCreated } - buffer, err := ioutil.ReadAll(r.Body) + buffer, err := io.ReadAll(r.Body) if err != nil { utils.InternalServerError(w, err) return diff --git a/pkg/api/handlers/libpod/secrets.go b/pkg/api/handlers/libpod/secrets.go index 6eba65f2b..c24ac8563 100644 --- a/pkg/api/handlers/libpod/secrets.go +++ b/pkg/api/handlers/libpod/secrets.go @@ -22,6 +22,7 @@ func CreateSecret(w http.ResponseWriter, r *http.Request) { Name string `schema:"name"` Driver string `schema:"driver"` DriverOpts map[string]string `schema:"driveropts"` + Labels map[string]string `schema:"labels"` }{ // override any golang type defaults } @@ -33,6 +34,7 @@ func CreateSecret(w http.ResponseWriter, r *http.Request) { opts.Driver = query.Driver opts.DriverOpts = query.DriverOpts + opts.Labels = query.Labels ic := abi.ContainerEngine{Libpod: runtime} report, err := ic.SecretCreate(r.Context(), query.Name, r.Body, opts) diff --git a/pkg/api/server/handler_logging.go b/pkg/api/server/handler_logging.go index 699fab7a5..38ee8321c 100644 --- a/pkg/api/server/handler_logging.go +++ b/pkg/api/server/handler_logging.go @@ -2,7 +2,6 @@ package server import ( "io" - "io/ioutil" "net/http" "time" @@ -41,7 +40,7 @@ func loggingHandler() mux.MiddlewareFunc { "API": "request", "X-Reference-Id": r.Header.Get("X-Reference-Id"), }) - r.Body = ioutil.NopCloser( + r.Body = io.NopCloser( io.TeeReader(r.Body, annotated.WriterLevel(logrus.TraceLevel))) w = responseWriter{ResponseWriter: w} diff --git a/pkg/api/server/handler_rid.go b/pkg/api/server/handler_rid.go index ee278071a..3e404cc31 100644 --- a/pkg/api/server/handler_rid.go +++ b/pkg/api/server/handler_rid.go @@ -2,7 +2,7 @@ package server import ( "fmt" - "io/ioutil" + "io" "net/http" "github.com/containers/podman/v4/pkg/api/types" @@ -17,7 +17,7 @@ import ( func referenceIDHandler() mux.MiddlewareFunc { return func(h http.Handler) http.Handler { // Only log Apache access_log-like entries at Info level or below - out := ioutil.Discard + out := io.Discard if logrus.IsLevelEnabled(logrus.InfoLevel) { out = logrus.StandardLogger().Out } diff --git a/pkg/api/server/register_secrets.go b/pkg/api/server/register_secrets.go index 8918ad238..a60145958 100644 --- a/pkg/api/server/register_secrets.go +++ b/pkg/api/server/register_secrets.go @@ -25,6 +25,14 @@ func (s *APIServer) registerSecretHandlers(r *mux.Router) error { // type: string // description: Secret driver // default: "file" + // - in: query + // name: driveropts + // type: string + // description: Secret driver options + // - in: query + // name: labels + // type: string + // description: Labels on the secret // - in: body // name: request // description: Secret diff --git a/pkg/auth/auth.go b/pkg/auth/auth.go index 270cd4207..52a632b33 100644 --- a/pkg/auth/auth.go +++ b/pkg/auth/auth.go @@ -4,7 +4,6 @@ import ( "encoding/base64" "encoding/json" "fmt" - "io/ioutil" "net/http" "os" "strings" @@ -233,7 +232,7 @@ func encodeMultiAuthConfigs(authConfigs map[string]types.DockerAuthConfig) (stri // TMPDIR will be used. func authConfigsToAuthFile(authConfigs map[string]types.DockerAuthConfig) (string, error) { // Initialize an empty temporary JSON file. - tmpFile, err := ioutil.TempFile("", "auth.json.") + tmpFile, err := os.CreateTemp("", "auth.json.") if err != nil { return "", err } diff --git a/pkg/auth/auth_test.go b/pkg/auth/auth_test.go index f25cbf2cc..90a81ac9a 100644 --- a/pkg/auth/auth_test.go +++ b/pkg/auth/auth_test.go @@ -3,7 +3,6 @@ package auth import ( "encoding/base64" "encoding/json" - "io/ioutil" "net/http" "os" "testing" @@ -37,10 +36,10 @@ func systemContextForAuthFile(t *testing.T, fileContents string) (*types.SystemC return nil, func() {} } - f, err := ioutil.TempFile("", "auth.json") + f, err := os.CreateTemp("", "auth.json") require.NoError(t, err) path := f.Name() - err = ioutil.WriteFile(path, []byte(fileContents), 0700) + err = os.WriteFile(path, []byte(fileContents), 0700) require.NoError(t, err) return &types.SystemContext{AuthFilePath: path}, func() { os.Remove(path) } } @@ -347,7 +346,7 @@ func TestAuthConfigsToAuthFile(t *testing.T) { assert.Empty(t, filePath) } else { assert.NoError(t, err) - content, err := ioutil.ReadFile(filePath) + content, err := os.ReadFile(filePath) require.NoError(t, err) assert.Contains(t, string(content), tc.expectedContains) os.Remove(filePath) diff --git a/pkg/bindings/errors.go b/pkg/bindings/errors.go index 29f087c22..d9dfa95a6 100644 --- a/pkg/bindings/errors.go +++ b/pkg/bindings/errors.go @@ -4,7 +4,7 @@ import ( "encoding/json" "errors" "fmt" - "io/ioutil" + "io" "github.com/containers/podman/v4/pkg/errorhandling" ) @@ -29,7 +29,7 @@ func (h APIResponse) Process(unmarshalInto interface{}) error { // ProcessWithError drains the response body, and processes the HTTP status code // Note: Closing the response.Body is left to the caller func (h APIResponse) ProcessWithError(unmarshalInto interface{}, unmarshalErrorInto interface{}) error { - data, err := ioutil.ReadAll(h.Response.Body) + data, err := io.ReadAll(h.Response.Body) if err != nil { return fmt.Errorf("unable to process API response: %w", err) } diff --git a/pkg/bindings/generator/generator.go b/pkg/bindings/generator/generator.go index 06be52451..78244b502 100644 --- a/pkg/bindings/generator/generator.go +++ b/pkg/bindings/generator/generator.go @@ -12,7 +12,6 @@ import ( "go/ast" "go/parser" "go/token" - "io/ioutil" "os" "os/exec" "strings" @@ -72,7 +71,7 @@ func main() { ) srcFile := os.Getenv("GOFILE") inputStructName := os.Args[1] - b, err := ioutil.ReadFile(srcFile) + b, err := os.ReadFile(srcFile) if err != nil { panic(err) } diff --git a/pkg/bindings/images/build.go b/pkg/bindings/images/build.go index ef875c9eb..f8552cddb 100644 --- a/pkg/bindings/images/build.go +++ b/pkg/bindings/images/build.go @@ -9,7 +9,6 @@ import ( "fmt" "io" "io/fs" - "io/ioutil" "net/http" "net/url" "os" @@ -234,6 +233,14 @@ func Build(ctx context.Context, containerFiles []string, options entities.BuildO if options.CacheFrom != nil { params.Set("cachefrom", options.CacheFrom.String()) } + + switch options.SkipUnusedStages { + case types.OptionalBoolTrue: + params.Set("skipunusedstages", "1") + case types.OptionalBoolFalse: + params.Set("skipunusedstages", "0") + } + if options.CacheTo != nil { params.Set("cacheto", options.CacheTo.String()) } @@ -395,11 +402,11 @@ func Build(ctx context.Context, containerFiles []string, options entities.BuildO dontexcludes := []string{"!Dockerfile", "!Containerfile", "!.dockerignore", "!.containerignore"} for _, c := range containerFiles { if c == "/dev/stdin" { - content, err := ioutil.ReadAll(os.Stdin) + content, err := io.ReadAll(os.Stdin) if err != nil { return nil, err } - tmpFile, err := ioutil.TempFile("", "build") + tmpFile, err := os.CreateTemp("", "build") if err != nil { return nil, err } @@ -465,7 +472,7 @@ func Build(ctx context.Context, containerFiles []string, options entities.BuildO if arr[0] == "src" { // read specified secret into a tmp file // move tmp file to tar and change secret source to relative tmp file - tmpSecretFile, err := ioutil.TempFile(options.ContextDirectory, "podman-build-secret") + tmpSecretFile, err := os.CreateTemp(options.ContextDirectory, "podman-build-secret") if err != nil { return nil, err } @@ -531,7 +538,7 @@ func Build(ctx context.Context, containerFiles []string, options entities.BuildO if logrus.IsLevelEnabled(logrus.DebugLevel) { if v, found := os.LookupEnv("PODMAN_RETAIN_BUILD_ARTIFACT"); found { if keep, _ := strconv.ParseBool(v); keep { - t, _ := ioutil.TempFile("", "build_*_client") + t, _ := os.CreateTemp("", "build_*_client") defer t.Close() body = io.TeeReader(response.Body, t) } @@ -737,10 +744,10 @@ func nTar(excludes []string, sources ...string) (io.ReadCloser, error) { } func parseDockerignore(root string) ([]string, error) { - ignore, err := ioutil.ReadFile(filepath.Join(root, ".containerignore")) + ignore, err := os.ReadFile(filepath.Join(root, ".containerignore")) if err != nil { var dockerIgnoreErr error - ignore, dockerIgnoreErr = ioutil.ReadFile(filepath.Join(root, ".dockerignore")) + ignore, dockerIgnoreErr = os.ReadFile(filepath.Join(root, ".dockerignore")) if dockerIgnoreErr != nil && !os.IsNotExist(dockerIgnoreErr) { return nil, err } diff --git a/pkg/bindings/manifests/manifests.go b/pkg/bindings/manifests/manifests.go index 752366937..d987e51d8 100644 --- a/pkg/bindings/manifests/manifests.go +++ b/pkg/bindings/manifests/manifests.go @@ -6,7 +6,6 @@ import ( "errors" "fmt" "io" - "io/ioutil" "net/http" "os" "strconv" @@ -257,7 +256,7 @@ func Modify(ctx context.Context, name string, images []string, options *ModifyOp } defer response.Body.Close() - data, err := ioutil.ReadAll(response.Body) + data, err := io.ReadAll(response.Body) if err != nil { return "", fmt.Errorf("unable to process API response: %w", err) } diff --git a/pkg/bindings/secrets/types.go b/pkg/bindings/secrets/types.go index 01c3c248d..d2f449556 100644 --- a/pkg/bindings/secrets/types.go +++ b/pkg/bindings/secrets/types.go @@ -22,4 +22,5 @@ type CreateOptions struct { Name *string Driver *string DriverOpts map[string]string + Labels map[string]string } diff --git a/pkg/bindings/secrets/types_create_options.go b/pkg/bindings/secrets/types_create_options.go index 6b1666a42..c9c88e1f3 100644 --- a/pkg/bindings/secrets/types_create_options.go +++ b/pkg/bindings/secrets/types_create_options.go @@ -61,3 +61,18 @@ func (o *CreateOptions) GetDriverOpts() map[string]string { } return o.DriverOpts } + +// WithLabels set field Labels to given value +func (o *CreateOptions) WithLabels(value map[string]string) *CreateOptions { + o.Labels = value + return o +} + +// GetLabels returns value of field Labels +func (o *CreateOptions) GetLabels() map[string]string { + if o.Labels == nil { + var z map[string]string + return z + } + return o.Labels +} diff --git a/pkg/bindings/test/auth_test.go b/pkg/bindings/test/auth_test.go index c4c4b16d8..5b148a51c 100644 --- a/pkg/bindings/test/auth_test.go +++ b/pkg/bindings/test/auth_test.go @@ -1,7 +1,6 @@ package bindings_test import ( - "io/ioutil" "os" "time" @@ -76,7 +75,7 @@ var _ = Describe("Podman images", func() { imageRef := imageRep + ":" + imageTag // Create a temporary authentication file. - tmpFile, err := ioutil.TempFile("", "auth.json.") + tmpFile, err := os.CreateTemp("", "auth.json.") Expect(err).To(BeNil()) _, err = tmpFile.Write([]byte{'{', '}'}) Expect(err).To(BeNil()) diff --git a/pkg/bindings/test/common_test.go b/pkg/bindings/test/common_test.go index 6b0175f59..f174b84f8 100644 --- a/pkg/bindings/test/common_test.go +++ b/pkg/bindings/test/common_test.go @@ -3,7 +3,6 @@ package bindings_test import ( "context" "fmt" - "io/ioutil" "os" "os/exec" "path/filepath" @@ -146,7 +145,7 @@ func newBindingTest() *bindingTest { // createTempDirinTempDir create a temp dir with prefix podman_test func createTempDirInTempDir() (string, error) { - return ioutil.TempDir("", "libpod_api") + return os.MkdirTemp("", "libpod_api") } func (b *bindingTest) startAPIService() *gexec.Session { @@ -264,7 +263,7 @@ var _ = ginkgo.SynchronizedBeforeSuite(func() []byte { // If running localized tests, the cache dir is created and populated. if the // tests are remote, this is a no-op createCache() - path, err := ioutil.TempDir("", "libpodlock") + path, err := os.MkdirTemp("", "libpodlock") if err != nil { fmt.Println(err) os.Exit(1) diff --git a/pkg/checkpoint/checkpoint_restore.go b/pkg/checkpoint/checkpoint_restore.go index e7c843143..248b9cdbf 100644 --- a/pkg/checkpoint/checkpoint_restore.go +++ b/pkg/checkpoint/checkpoint_restore.go @@ -4,7 +4,6 @@ import ( "context" "errors" "fmt" - "io/ioutil" "os" metadata "github.com/checkpoint-restore/checkpointctl/lib" @@ -26,7 +25,7 @@ import ( func CRImportCheckpointTar(ctx context.Context, runtime *libpod.Runtime, restoreOptions entities.RestoreOptions) ([]*libpod.Container, error) { // First get the container definition from the // tarball to a temporary directory - dir, err := ioutil.TempDir("", "checkpoint") + dir, err := os.MkdirTemp("", "checkpoint") if err != nil { return nil, err } diff --git a/pkg/checkpoint/crutils/checkpoint_restore_utils.go b/pkg/checkpoint/crutils/checkpoint_restore_utils.go index 132632322..b9db9562a 100644 --- a/pkg/checkpoint/crutils/checkpoint_restore_utils.go +++ b/pkg/checkpoint/crutils/checkpoint_restore_utils.go @@ -5,7 +5,6 @@ import ( "errors" "fmt" "io" - "io/ioutil" "os" "os/exec" "path/filepath" @@ -237,7 +236,7 @@ func CRRuntimeSupportsPodCheckpointRestore(runtimePath string) bool { // given checkpoint archive and returns the runtime used to create // the given checkpoint archive. func CRGetRuntimeFromArchive(input string) (*string, error) { - dir, err := ioutil.TempDir("", "checkpoint") + dir, err := os.MkdirTemp("", "checkpoint") if err != nil { return nil, err } diff --git a/pkg/ctime/ctime_test.go b/pkg/ctime/ctime_test.go index abfc627da..014f15aa9 100644 --- a/pkg/ctime/ctime_test.go +++ b/pkg/ctime/ctime_test.go @@ -1,7 +1,6 @@ package ctime import ( - "io/ioutil" "os" "testing" "time" @@ -10,13 +9,13 @@ import ( func TestCreated(t *testing.T) { before := time.Now() - fileA, err := ioutil.TempFile("", "ctime-test-") + fileA, err := os.CreateTemp("", "ctime-test-") if err != nil { t.Error(err) } defer os.Remove(fileA.Name()) - fileB, err := ioutil.TempFile("", "ctime-test-") + fileB, err := os.CreateTemp("", "ctime-test-") if err != nil { t.Error(err) } diff --git a/pkg/domain/entities/events.go b/pkg/domain/entities/events.go index de218b285..34a6fe048 100644 --- a/pkg/domain/entities/events.go +++ b/pkg/domain/entities/events.go @@ -14,7 +14,7 @@ type Event struct { // TODO: it would be nice to have full control over the types at some // point and fork such Docker types. dockerEvents.Message - HealthStatus string + HealthStatus string `json:",omitempty"` } // ConvertToLibpodEvent converts an entities event to a libpod one. @@ -34,6 +34,7 @@ func ConvertToLibpodEvent(e Event) *libpodEvents.Event { image := e.Actor.Attributes["image"] name := e.Actor.Attributes["name"] details := e.Actor.Attributes + podID := e.Actor.Attributes["podId"] delete(details, "image") delete(details, "name") delete(details, "containerExitCode") @@ -47,6 +48,7 @@ func ConvertToLibpodEvent(e Event) *libpodEvents.Event { Type: t, HealthStatus: e.HealthStatus, Details: libpodEvents.Details{ + PodID: podID, Attributes: details, }, } @@ -61,6 +63,7 @@ func ConvertToEntitiesEvent(e libpodEvents.Event) *Event { attributes["image"] = e.Image attributes["name"] = e.Name attributes["containerExitCode"] = strconv.Itoa(e.ContainerExitCode) + attributes["podId"] = e.PodID message := dockerEvents.Message{ // Compatibility with clients that still look for deprecated API elements Status: e.Status.String(), diff --git a/pkg/domain/entities/images.go b/pkg/domain/entities/images.go index cad11b0ab..b1eb3b005 100644 --- a/pkg/domain/entities/images.go +++ b/pkg/domain/entities/images.go @@ -335,7 +335,8 @@ type ImageSaveOptions struct { // Output - write image to the specified path. Output string // Quiet - suppress output when copying images - Quiet bool + Quiet bool + SignaturePolicy string } // ImageScpOptions provide options for securely copying images to and from a remote host diff --git a/pkg/domain/entities/secrets.go b/pkg/domain/entities/secrets.go index d8af937a7..5686b90e9 100644 --- a/pkg/domain/entities/secrets.go +++ b/pkg/domain/entities/secrets.go @@ -13,6 +13,7 @@ type SecretCreateReport struct { type SecretCreateOptions struct { Driver string DriverOpts map[string]string + Labels map[string]string } type SecretListRequest struct { @@ -55,6 +56,7 @@ type SecretVersion struct { type SecretSpec struct { Name string Driver SecretDriverSpec + Labels map[string]string } type SecretDriverSpec struct { @@ -70,6 +72,8 @@ type SecretCreateRequest struct { Data string // Driver represents a driver (default "file") Driver SecretDriverSpec + // Labels are labels on the secret + Labels map[string]string } // Secret create response diff --git a/pkg/domain/infra/abi/images.go b/pkg/domain/infra/abi/images.go index 6934de60e..16b75829f 100644 --- a/pkg/domain/infra/abi/images.go +++ b/pkg/domain/infra/abi/images.go @@ -5,7 +5,6 @@ import ( "errors" "fmt" "io/fs" - "io/ioutil" "net/url" "os" "os/exec" @@ -340,7 +339,7 @@ func (ir *ImageEngine) Push(ctx context.Context, source string, destination stri return err } - if err := ioutil.WriteFile(options.DigestFile, []byte(manifestDigest.String()), 0644); err != nil { + if err := os.WriteFile(options.DigestFile, []byte(manifestDigest.String()), 0644); err != nil { return err } } @@ -406,6 +405,7 @@ func (ir *ImageEngine) Save(ctx context.Context, nameOrID string, tags []string, saveOptions := &libimage.SaveOptions{} saveOptions.DirForceCompress = options.Compress saveOptions.OciAcceptUncompressedLayers = options.OciAcceptUncompressedLayers + saveOptions.SignaturePolicyPath = options.SignaturePolicy // Force signature removal to preserve backwards compat. // See https://github.com/containers/podman/pull/11669#issuecomment-925250264 @@ -910,5 +910,5 @@ func putSignature(manifestBlob []byte, mech signature.SigningMechanism, sigStore if err != nil { return err } - return ioutil.WriteFile(filepath.Join(signatureDir, sigFilename), newSig, 0644) + return os.WriteFile(filepath.Join(signatureDir, sigFilename), newSig, 0644) } diff --git a/pkg/domain/infra/abi/play.go b/pkg/domain/infra/abi/play.go index a65403fb4..bd9117f72 100644 --- a/pkg/domain/infra/abi/play.go +++ b/pkg/domain/infra/abi/play.go @@ -6,7 +6,6 @@ import ( "errors" "fmt" "io" - "io/ioutil" "os" "path/filepath" "strconv" @@ -117,7 +116,7 @@ func (ic *ContainerEngine) PlayKube(ctx context.Context, body io.Reader, options validKinds := 0 // read yaml document - content, err := ioutil.ReadAll(body) + content, err := io.ReadAll(body) if err != nil { return nil, err } @@ -889,7 +888,7 @@ func (ic *ContainerEngine) playKubePVC(ctx context.Context, pvcYAML *v1.Persiste func readConfigMapFromFile(r io.Reader) (v1.ConfigMap, error) { var cm v1.ConfigMap - content, err := ioutil.ReadAll(r) + content, err := io.ReadAll(r) if err != nil { return cm, fmt.Errorf("unable to read ConfigMap YAML content: %w", err) } @@ -1021,7 +1020,7 @@ func (ic *ContainerEngine) PlayKubeDown(ctx context.Context, body io.Reader, _ e reports := new(entities.PlayKubeReport) // read yaml document - content, err := ioutil.ReadAll(body) + content, err := io.ReadAll(body) if err != nil { return nil, err } diff --git a/pkg/domain/infra/abi/secrets.go b/pkg/domain/infra/abi/secrets.go index 47159d65a..929858c5c 100644 --- a/pkg/domain/infra/abi/secrets.go +++ b/pkg/domain/infra/abi/secrets.go @@ -4,7 +4,6 @@ import ( "context" "fmt" "io" - "io/ioutil" "path/filepath" "strings" @@ -14,7 +13,7 @@ import ( ) func (ic *ContainerEngine) SecretCreate(ctx context.Context, name string, reader io.Reader, options entities.SecretCreateOptions) (*entities.SecretCreateReport, error) { - data, _ := ioutil.ReadAll(reader) + data, _ := io.ReadAll(reader) secretsPath := ic.Libpod.GetSecretsStorageDir() manager, err := ic.Libpod.SecretsManager() if err != nil { @@ -45,6 +44,7 @@ func (ic *ContainerEngine) SecretCreate(ctx context.Context, name string, reader storeOpts := secrets.StoreOptions{ DriverOpts: options.DriverOpts, + Labels: options.Labels, } secretID, err := manager.Store(name, data, options.Driver, storeOpts) @@ -74,6 +74,9 @@ func (ic *ContainerEngine) SecretInspect(ctx context.Context, nameOrIDs []string return nil, nil, fmt.Errorf("inspecting secret %s: %w", nameOrID, err) } } + if secret.Labels == nil { + secret.Labels = make(map[string]string) + } report := &entities.SecretInfoReport{ ID: secret.ID, CreatedAt: secret.CreatedAt, @@ -84,6 +87,7 @@ func (ic *ContainerEngine) SecretInspect(ctx context.Context, nameOrIDs []string Name: secret.Driver, Options: secret.DriverOptions, }, + Labels: secret.Labels, }, } reports = append(reports, report) diff --git a/pkg/domain/infra/abi/terminal/sigproxy_commn.go b/pkg/domain/infra/abi/terminal/sigproxy_commn.go index 3a0132ef3..d42685508 100644 --- a/pkg/domain/infra/abi/terminal/sigproxy_commn.go +++ b/pkg/domain/infra/abi/terminal/sigproxy_commn.go @@ -15,33 +15,25 @@ import ( "github.com/sirupsen/logrus" ) -// Make sure the signal buffer is sufficiently big. -// runc is using the same value. -const signalBufferSize = 2048 - // ProxySignals ... func ProxySignals(ctr *libpod.Container) { // Stop catching the shutdown signals (SIGINT, SIGTERM) - they're going // to the container now. shutdown.Stop() //nolint: errcheck - sigBuffer := make(chan os.Signal, signalBufferSize) + sigBuffer := make(chan os.Signal, signal.SignalBufferSize) signal.CatchAll(sigBuffer) logrus.Debugf("Enabling signal proxying") go func() { for s := range sigBuffer { - // Ignore SIGCHLD and SIGPIPE - these are mostly likely - // intended for the podman command itself. - // SIGURG was added because of golang 1.14 and its preemptive changes - // causing more signals to "show up". - // https://github.com/containers/podman/issues/5483 - if s == syscall.SIGCHLD || s == syscall.SIGPIPE || s == syscall.SIGURG { + syscallSignal := s.(syscall.Signal) + if signal.IsSignalIgnoredBySigProxy(syscallSignal) { continue } - if err := ctr.Kill(uint(s.(syscall.Signal))); err != nil { + if err := ctr.Kill(uint(syscallSignal)); err != nil { if errors.Is(err, define.ErrCtrStateInvalid) { logrus.Infof("Ceasing signal forwarding to container %s as it has stopped", ctr.ID()) } else { diff --git a/pkg/domain/infra/abi/trust.go b/pkg/domain/infra/abi/trust.go index c58ddff06..9b30920d7 100644 --- a/pkg/domain/infra/abi/trust.go +++ b/pkg/domain/infra/abi/trust.go @@ -3,7 +3,7 @@ package abi import ( "context" "fmt" - "io/ioutil" + "os" "github.com/containers/podman/v4/pkg/domain/entities" "github.com/containers/podman/v4/pkg/trust" @@ -18,7 +18,7 @@ func (ir *ImageEngine) ShowTrust(ctx context.Context, args []string, options ent if len(options.PolicyPath) > 0 { policyPath = options.PolicyPath } - report.Raw, err = ioutil.ReadFile(policyPath) + report.Raw, err = os.ReadFile(policyPath) if err != nil { return nil, err } diff --git a/pkg/domain/infra/tunnel/containers.go b/pkg/domain/infra/tunnel/containers.go index 0dc73081d..0b573686f 100644 --- a/pkg/domain/infra/tunnel/containers.go +++ b/pkg/domain/infra/tunnel/containers.go @@ -620,6 +620,9 @@ func (ic *ContainerEngine) ContainerExecDetached(ctx context.Context, nameOrID s } func startAndAttach(ic *ContainerEngine, name string, detachKeys *string, input, output, errput *os.File) error { + if output == nil && errput == nil { + fmt.Printf("%s\n", name) + } attachErr := make(chan error) attachReady := make(chan bool) options := new(containers.AttachOptions).WithStream(true) @@ -825,6 +828,13 @@ func (ic *ContainerEngine) ContainerRun(ctx context.Context, opts entities.Conta } // Attach + if opts.SigProxy { + remoteProxySignals(con.ID, func(signal string) error { + killOpts := entities.KillOptions{All: false, Latest: false, Signal: signal} + _, err := ic.ContainerKill(ctx, []string{con.ID}, killOpts) + return err + }) + } if err := startAndAttach(ic, con.ID, &opts.DetachKeys, opts.InputStream, opts.OutputStream, opts.ErrorStream); err != nil { if err == define.ErrDetach { return &report, nil diff --git a/pkg/domain/infra/tunnel/images.go b/pkg/domain/infra/tunnel/images.go index cc99b1b3a..9ae1ff959 100644 --- a/pkg/domain/infra/tunnel/images.go +++ b/pkg/domain/infra/tunnel/images.go @@ -4,7 +4,6 @@ import ( "context" "errors" "fmt" - "io/ioutil" "os" "strconv" "strings" @@ -264,7 +263,7 @@ func (ir *ImageEngine) Save(ctx context.Context, nameOrID string, tags []string, switch opts.Format { case "oci-dir", "docker-dir": - f, err = ioutil.TempFile("", "podman_save") + f, err = os.CreateTemp("", "podman_save") if err == nil { defer func() { _ = os.Remove(f.Name()) }() } diff --git a/pkg/domain/infra/tunnel/runtime.go b/pkg/domain/infra/tunnel/runtime.go index 6542ea5b7..75bd4ef5e 100644 --- a/pkg/domain/infra/tunnel/runtime.go +++ b/pkg/domain/infra/tunnel/runtime.go @@ -2,6 +2,12 @@ package tunnel import ( "context" + "os" + "syscall" + + "github.com/containers/podman/v4/libpod/define" + "github.com/containers/podman/v4/pkg/signal" + "github.com/sirupsen/logrus" ) // Image-related runtime using an ssh-tunnel to utilize Podman service @@ -18,3 +24,28 @@ type ContainerEngine struct { type SystemEngine struct { ClientCtx context.Context } + +func remoteProxySignals(ctrID string, killFunc func(string) error) { + sigBuffer := make(chan os.Signal, signal.SignalBufferSize) + signal.CatchAll(sigBuffer) + + logrus.Debugf("Enabling signal proxying") + + go func() { + for s := range sigBuffer { + syscallSignal := s.(syscall.Signal) + if signal.IsSignalIgnoredBySigProxy(syscallSignal) { + continue + } + signalName, err := signal.ParseSysSignalToName(syscallSignal) + if err != nil { + logrus.Infof("Ceasing signal %v forwarding to container %s as it has stopped: %s", s, ctrID, err) + } + if err := killFunc(signalName); err != nil { + if err.Error() == define.ErrCtrStateInvalid.Error() { + logrus.Debugf("Ceasing signal %q forwarding to container %s as it has stopped", signalName, ctrID) + } + } + } + }() +} diff --git a/pkg/domain/infra/tunnel/secrets.go b/pkg/domain/infra/tunnel/secrets.go index d26718b12..aa48cb764 100644 --- a/pkg/domain/infra/tunnel/secrets.go +++ b/pkg/domain/infra/tunnel/secrets.go @@ -14,7 +14,8 @@ func (ic *ContainerEngine) SecretCreate(ctx context.Context, name string, reader opts := new(secrets.CreateOptions). WithDriver(options.Driver). WithDriverOpts(options.DriverOpts). - WithName(name) + WithName(name). + WithLabels(options.Labels) created, err := secrets.Create(ic.ClientCtx, reader, opts) if err != nil { return nil, err diff --git a/pkg/domain/utils/scp.go b/pkg/domain/utils/scp.go index 44a0d94d7..19567551e 100644 --- a/pkg/domain/utils/scp.go +++ b/pkg/domain/utils/scp.go @@ -2,7 +2,6 @@ package utils import ( "fmt" - "io/ioutil" "net/url" "os" "os/exec" @@ -29,7 +28,7 @@ func ExecuteTransfer(src, dst string, parentFlags []string, quiet bool, sshMode return nil, nil, nil, nil, err } - f, err := ioutil.TempFile("", "podman") // open temp file for load/save output + f, err := os.CreateTemp("", "podman") // open temp file for load/save output if err != nil { return nil, nil, nil, nil, err } diff --git a/pkg/machine/config.go b/pkg/machine/config.go index 54aa9e1b7..8c22ae6a3 100644 --- a/pkg/machine/config.go +++ b/pkg/machine/config.go @@ -5,7 +5,6 @@ package machine import ( "errors" - "io/ioutil" "net" "net/url" "os" @@ -283,7 +282,7 @@ func (m *VMFile) Delete() error { // Read the contents of a given file and return in []bytes func (m *VMFile) Read() ([]byte, error) { - return ioutil.ReadFile(m.GetPath()) + return os.ReadFile(m.GetPath()) } // NewMachineFile is a constructor for VMFile diff --git a/pkg/machine/e2e/init_test.go b/pkg/machine/e2e/init_test.go index c298d3b14..ebf59dcd7 100644 --- a/pkg/machine/e2e/init_test.go +++ b/pkg/machine/e2e/init_test.go @@ -1,7 +1,6 @@ package e2e_test import ( - "io/ioutil" "os" "strconv" "time" @@ -138,9 +137,9 @@ var _ = Describe("podman machine init", func() { }) It("machine init with volume", func() { - tmpDir, err := ioutil.TempDir("", "") + tmpDir, err := os.MkdirTemp("", "") Expect(err).To(BeNil()) - _, err = ioutil.TempFile(tmpDir, "example") + _, err = os.CreateTemp(tmpDir, "example") Expect(err).To(BeNil()) mount := tmpDir + ":/testmountdir" defer os.RemoveAll(tmpDir) diff --git a/pkg/machine/e2e/machine_test.go b/pkg/machine/e2e/machine_test.go index 5de04b9f7..5cd89c7ab 100644 --- a/pkg/machine/e2e/machine_test.go +++ b/pkg/machine/e2e/machine_test.go @@ -3,7 +3,6 @@ package e2e_test import ( "fmt" "io" - "io/ioutil" url2 "net/url" "os" "path" @@ -77,7 +76,7 @@ var _ = SynchronizedAfterSuite(func() {}, func setup() (string, *machineTestBuilder) { // Set TMPDIR if this needs a new directory - homeDir, err := ioutil.TempDir("", "podman_test") + homeDir, err := os.MkdirTemp("", "podman_test") if err != nil { Fail(fmt.Sprintf("failed to create home directory: %q", err)) } diff --git a/pkg/machine/fcos.go b/pkg/machine/fcos.go index 246f92a19..311891c26 100644 --- a/pkg/machine/fcos.go +++ b/pkg/machine/fcos.go @@ -6,7 +6,7 @@ package machine import ( "encoding/json" "fmt" - "io/ioutil" + "io" "net/http" url2 "net/url" "os" @@ -175,7 +175,7 @@ func GetFCOSDownload(imageStream string) (*FcosDownloadInfo, error) { if err != nil { return nil, err } - body, err := ioutil.ReadAll(resp.Body) + body, err := io.ReadAll(resp.Body) if err != nil { return nil, err } diff --git a/pkg/machine/ignition.go b/pkg/machine/ignition.go index 366d10499..39ddce14c 100644 --- a/pkg/machine/ignition.go +++ b/pkg/machine/ignition.go @@ -7,7 +7,6 @@ import ( "encoding/json" "fmt" "io/fs" - "io/ioutil" "net/url" "os" "path/filepath" @@ -227,7 +226,7 @@ WantedBy=sysinit.target if err != nil { return err } - return ioutil.WriteFile(ign.WritePath, b, 0644) + return os.WriteFile(ign.WritePath, b, 0644) } func getDirs(usrName string) []Directory { @@ -559,7 +558,7 @@ func getCerts(certsDir string, isDir bool) []File { } func prepareCertFile(path string, name string) (File, error) { - b, err := ioutil.ReadFile(path) + b, err := os.ReadFile(path) if err != nil { logrus.Warnf("Unable to read cert file %v", err) return File{}, err diff --git a/pkg/machine/keys.go b/pkg/machine/keys.go index 94cbdac04..fce405695 100644 --- a/pkg/machine/keys.go +++ b/pkg/machine/keys.go @@ -7,7 +7,6 @@ import ( "errors" "fmt" "io" - "io/ioutil" "os" "os/exec" "path/filepath" @@ -27,7 +26,7 @@ func CreateSSHKeys(writeLocation string) (string, error) { if err := generatekeys(writeLocation); err != nil { return "", err } - b, err := ioutil.ReadFile(writeLocation + ".pub") + b, err := os.ReadFile(writeLocation + ".pub") if err != nil { return "", err } @@ -45,7 +44,7 @@ func CreateSSHKeysPrefix(dir string, file string, passThru bool, skipExisting bo } else { fmt.Println("Keys already exist, reusing") } - b, err := ioutil.ReadFile(filepath.Join(dir, file) + ".pub") + b, err := os.ReadFile(filepath.Join(dir, file) + ".pub") if err != nil { return "", err } diff --git a/pkg/machine/pull.go b/pkg/machine/pull.go index 22a1b4c0a..9cba78237 100644 --- a/pkg/machine/pull.go +++ b/pkg/machine/pull.go @@ -8,7 +8,6 @@ import ( "errors" "fmt" "io" - "io/ioutil" "net/http" url2 "net/url" "os" @@ -191,7 +190,7 @@ func Decompress(localPath, uncompressedPath string) error { if err != nil { return err } - sourceFile, err := ioutil.ReadFile(localPath) + sourceFile, err := os.ReadFile(localPath) if err != nil { return err } diff --git a/pkg/machine/qemu/claim_darwin.go b/pkg/machine/qemu/claim_darwin.go index 66aed9ad8..c51d17bc9 100644 --- a/pkg/machine/qemu/claim_darwin.go +++ b/pkg/machine/qemu/claim_darwin.go @@ -2,7 +2,7 @@ package qemu import ( "fmt" - "io/ioutil" + "io" "net" "os" "os/user" @@ -43,7 +43,7 @@ func claimDockerSock() bool { return false } _ = con.SetReadDeadline(time.Now().Add(time.Second * 5)) - read, err := ioutil.ReadAll(con) + read, err := io.ReadAll(con) return err == nil && string(read) == "OK" } diff --git a/pkg/machine/qemu/machine.go b/pkg/machine/qemu/machine.go index 738cd74be..fab25aa35 100644 --- a/pkg/machine/qemu/machine.go +++ b/pkg/machine/qemu/machine.go @@ -12,7 +12,6 @@ import ( "errors" "fmt" "io/fs" - "io/ioutil" "net" "net/http" "net/url" @@ -391,11 +390,11 @@ func (v *MachineVM) Init(opts machine.InitOptions) (bool, error) { // If the user provides an ignition file, we need to // copy it into the conf dir if len(opts.IgnitionPath) > 0 { - inputIgnition, err := ioutil.ReadFile(opts.IgnitionPath) + inputIgnition, err := os.ReadFile(opts.IgnitionPath) if err != nil { return false, err } - return false, ioutil.WriteFile(v.getIgnitionFile(), inputIgnition, 0644) + return false, os.WriteFile(v.getIgnitionFile(), inputIgnition, 0644) } // Write the ignition file ign := machine.DynamicIgnition{ @@ -1109,7 +1108,7 @@ func getVMInfos() ([]*machine.ListResponse, error) { vm := new(MachineVM) if strings.HasSuffix(d.Name(), ".json") { fullPath := filepath.Join(vmConfigDir, d.Name()) - b, err := ioutil.ReadFile(fullPath) + b, err := os.ReadFile(fullPath) if err != nil { return err } @@ -1539,7 +1538,7 @@ func (v *MachineVM) writeConfig() error { if err != nil { return err } - if err := ioutil.WriteFile(v.ConfigPath.GetPath(), b, 0644); err != nil { + if err := os.WriteFile(v.ConfigPath.GetPath(), b, 0644); err != nil { return err } return nil diff --git a/pkg/machine/wsl/machine.go b/pkg/machine/wsl/machine.go index 44b82b823..81980736d 100644 --- a/pkg/machine/wsl/machine.go +++ b/pkg/machine/wsl/machine.go @@ -10,7 +10,6 @@ import ( "fmt" "io" "io/fs" - "io/ioutil" "net/url" "os" "os/exec" @@ -423,7 +422,7 @@ func (v *MachineVM) writeConfig() error { if err != nil { return err } - if err := ioutil.WriteFile(jsonFile, b, 0644); err != nil { + if err := os.WriteFile(jsonFile, b, 0644); err != nil { return fmt.Errorf("could not write machine json config: %w", err) } @@ -1285,7 +1284,7 @@ func readWinProxyTid(v *MachineVM) (uint32, uint32, string, error) { } tidFile := filepath.Join(stateDir, winSshProxyTid) - contents, err := ioutil.ReadFile(tidFile) + contents, err := os.ReadFile(tidFile) if err != nil { return 0, 0, "", err } diff --git a/pkg/machine/wsl/util_windows.go b/pkg/machine/wsl/util_windows.go index 67d1bfc5c..5f8da10ec 100644 --- a/pkg/machine/wsl/util_windows.go +++ b/pkg/machine/wsl/util_windows.go @@ -4,7 +4,6 @@ import ( "encoding/base64" "errors" "fmt" - "io/ioutil" "os" "os/exec" "path/filepath" @@ -209,7 +208,7 @@ func reboot() error { return fmt.Errorf("could not create data directory: %w", err) } commFile := filepath.Join(dataDir, "podman-relaunch.dat") - if err := ioutil.WriteFile(commFile, []byte(encoded), 0600); err != nil { + if err := os.WriteFile(commFile, []byte(encoded), 0600); err != nil { return fmt.Errorf("could not serialize command state: %w", err) } diff --git a/pkg/rootless/rootless_linux.c b/pkg/rootless/rootless_linux.c index 3588313c6..fb22ed221 100644 --- a/pkg/rootless/rootless_linux.c +++ b/pkg/rootless/rootless_linux.c @@ -235,6 +235,7 @@ can_use_shortcut () if (strcmp (argv[argc], "mount") == 0 || strcmp (argv[argc], "machine") == 0 + || strcmp (argv[argc], "context") == 0 || strcmp (argv[argc], "search") == 0 || (strcmp (argv[argc], "system") == 0 && argv[argc+1] && strcmp (argv[argc+1], "service") != 0)) { diff --git a/pkg/rootless/rootless_linux.go b/pkg/rootless/rootless_linux.go index f3453320f..7de50eaf1 100644 --- a/pkg/rootless/rootless_linux.go +++ b/pkg/rootless/rootless_linux.go @@ -9,7 +9,6 @@ import ( "errors" "fmt" "io" - "io/ioutil" "os" "os/exec" gosignal "os/signal" @@ -224,7 +223,7 @@ func GetConfiguredMappings() ([]idtools.IDMap, []idtools.IDMap, error) { } func copyMappings(from, to string) error { - content, err := ioutil.ReadFile(from) + content, err := os.ReadFile(from) if err != nil { return err } @@ -235,7 +234,7 @@ func copyMappings(from, to string) error { if bytes.Contains(content, []byte("4294967295")) { content = []byte("0 0 1\n1 1 4294967294\n") } - return ioutil.WriteFile(to, content, 0600) + return os.WriteFile(to, content, 0600) } func becomeRootInUserNS(pausePid, fileToRead string, fileOutput *os.File) (_ bool, _ int, retErr error) { @@ -343,13 +342,13 @@ func becomeRootInUserNS(pausePid, fileToRead string, fileOutput *os.File) (_ boo if !uidsMapped { logrus.Warnf("Using rootless single mapping into the namespace. This might break some images. Check /etc/subuid and /etc/subgid for adding sub*ids if not using a network user") setgroups := fmt.Sprintf("/proc/%d/setgroups", pid) - err = ioutil.WriteFile(setgroups, []byte("deny\n"), 0666) + err = os.WriteFile(setgroups, []byte("deny\n"), 0666) if err != nil { return false, -1, fmt.Errorf("cannot write setgroups file: %w", err) } logrus.Debugf("write setgroups file exited with 0") - err = ioutil.WriteFile(uidMap, []byte(fmt.Sprintf("%d %d 1\n", 0, os.Geteuid())), 0666) + err = os.WriteFile(uidMap, []byte(fmt.Sprintf("%d %d 1\n", 0, os.Geteuid())), 0666) if err != nil { return false, -1, fmt.Errorf("cannot write uid_map: %w", err) } @@ -369,7 +368,7 @@ func becomeRootInUserNS(pausePid, fileToRead string, fileOutput *os.File) (_ boo gidsMapped = err == nil } if !gidsMapped { - err = ioutil.WriteFile(gidMap, []byte(fmt.Sprintf("%d %d 1\n", 0, os.Getegid())), 0666) + err = os.WriteFile(gidMap, []byte(fmt.Sprintf("%d %d 1\n", 0, os.Getegid())), 0666) if err != nil { return false, -1, fmt.Errorf("cannot write gid_map: %w", err) } @@ -399,7 +398,7 @@ func becomeRootInUserNS(pausePid, fileToRead string, fileOutput *os.File) (_ boo // We have lost the race for writing the PID file, as probably another // process created a namespace and wrote the PID. // Try to join it. - data, err := ioutil.ReadFile(pausePid) + data, err := os.ReadFile(pausePid) if err == nil { var pid uint64 pid, err = strconv.ParseUint(string(data), 10, 0) @@ -469,7 +468,7 @@ func TryJoinFromFilePaths(pausePidPath string, needNewNamespace bool, paths []st for _, path := range paths { if !needNewNamespace { - data, err := ioutil.ReadFile(path) + data, err := os.ReadFile(path) if err != nil { lastErr = err continue diff --git a/pkg/signal/signal_common.go b/pkg/signal/signal_common.go index fc1ecc04d..a81d0461b 100644 --- a/pkg/signal/signal_common.go +++ b/pkg/signal/signal_common.go @@ -9,6 +9,10 @@ import ( "syscall" ) +// Make sure the signal buffer is sufficiently big. +// runc is using the same value. +const SignalBufferSize = 2048 + // ParseSignal translates a string to a valid syscall signal. // It returns an error if the signal map doesn't include the given signal. func ParseSignal(rawSignal string) (syscall.Signal, error) { @@ -56,3 +60,14 @@ func StopCatch(sigc chan os.Signal) { signal.Stop(sigc) close(sigc) } + +// ParseSysSignalToName translates syscall.Signal to its name in the operating system. +// For example, syscall.Signal(9) will return "KILL" on Linux system. +func ParseSysSignalToName(s syscall.Signal) (string, error) { + for k, v := range SignalMap { + if v == s { + return k, nil + } + } + return "", fmt.Errorf("unknown syscall signal: %s", s) +} diff --git a/pkg/signal/signal_common_test.go b/pkg/signal/signal_common_test.go index c4ae6b389..bd9b230f7 100644 --- a/pkg/signal/signal_common_test.go +++ b/pkg/signal/signal_common_test.go @@ -118,3 +118,52 @@ func TestParseSignalNameOrNumber(t *testing.T) { }) } } + +func TestParseSysSignalToName(t *testing.T) { + type args struct { + signal syscall.Signal + } + tests := []struct { + name string + args args + want string + wantErr bool + }{ + { + name: "Kill should work", + args: args{ + signal: syscall.SIGKILL, + }, + want: "KILL", + wantErr: false, + }, + { + name: "Non-defined signal number should not work", + args: args{ + signal: 923, + }, + want: "", + wantErr: true, + }, + { + name: "garbage should fail", + args: args{ + signal: -1, + }, + want: "", + wantErr: true, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + got, err := ParseSysSignalToName(tt.args.signal) + if (err != nil) != tt.wantErr { + t.Errorf("ParseSysSignalToName() error = %v, wantErr %v", err, tt.wantErr) + return + } + if got != tt.want { + t.Errorf("ParseSysSignalToName() got = %v, want %v", got, tt.want) + } + }) + } +} diff --git a/pkg/signal/signal_linux.go b/pkg/signal/signal_linux.go index 5103b6033..81e4ed758 100644 --- a/pkg/signal/signal_linux.go +++ b/pkg/signal/signal_linux.go @@ -89,3 +89,11 @@ var SignalMap = map[string]syscall.Signal{ "RTMAX-1": sigrtmax - 1, "RTMAX": sigrtmax, } + +// IsSignalIgnoredBySigProxy determines whether sig-proxy should ignore syscall signal +func IsSignalIgnoredBySigProxy(s syscall.Signal) bool { + // Ignore SIGCHLD and SIGPIPE - these are most likely intended for the podman command itself. + // SIGURG was added because of golang 1.14 and its preemptive changes causing more signals to "show up". + // https://github.com/containers/podman/issues/5483 + return s == syscall.SIGCHLD || s == syscall.SIGPIPE || s == syscall.SIGURG +} diff --git a/pkg/signal/signal_linux_mipsx.go b/pkg/signal/signal_linux_mipsx.go index cdf9ad4c5..c97eeb23d 100644 --- a/pkg/signal/signal_linux_mipsx.go +++ b/pkg/signal/signal_linux_mipsx.go @@ -90,3 +90,11 @@ var SignalMap = map[string]syscall.Signal{ "RTMAX-1": sigrtmax - 1, "RTMAX": sigrtmax, } + +// IsSignalIgnoredBySigProxy determines whether sig-proxy should ignore syscall signal +func IsSignalIgnoredBySigProxy(s syscall.Signal) bool { + // Ignore SIGCHLD and SIGPIPE - these are most likely intended for the podman command itself. + // SIGURG was added because of golang 1.14 and its preemptive changes causing more signals to "show up". + // https://github.com/containers/podman/issues/5483 + return s == syscall.SIGCHLD || s == syscall.SIGPIPE || s == syscall.SIGURG +} diff --git a/pkg/signal/signal_unix.go b/pkg/signal/signal_unix.go index 7919e3670..01d99d7bc 100644 --- a/pkg/signal/signal_unix.go +++ b/pkg/signal/signal_unix.go @@ -87,3 +87,11 @@ var SignalMap = map[string]syscall.Signal{ "RTMAX-1": sigrtmax - 1, "RTMAX": sigrtmax, } + +// IsSignalIgnoredBySigProxy determines whether sig-proxy should ignore syscall signal +func IsSignalIgnoredBySigProxy(s syscall.Signal) bool { + // Ignore SIGCHLD and SIGPIPE - these are most likely intended for the podman command itself. + // SIGURG was added because of golang 1.14 and its preemptive changes causing more signals to "show up". + // https://github.com/containers/podman/issues/5483 + return s == syscall.SIGCHLD || s == syscall.SIGPIPE || s == syscall.SIGURG +} diff --git a/pkg/signal/signal_unsupported.go b/pkg/signal/signal_unsupported.go index 19ae93a61..590aaf978 100644 --- a/pkg/signal/signal_unsupported.go +++ b/pkg/signal/signal_unsupported.go @@ -87,3 +87,9 @@ var SignalMap = map[string]syscall.Signal{ "RTMAX-1": sigrtmax - 1, "RTMAX": sigrtmax, } + +// IsSignalIgnoredBySigProxy determines whether to sig-proxy should ignore syscall signal +// keep the container running or not. In unsupported OS this should not ignore any syscall signal. +func IsSignalIgnoredBySigProxy(s syscall.Signal) bool { + return false +} diff --git a/pkg/specgen/generate/config_linux_cgo.go b/pkg/specgen/generate/config_linux_cgo.go index 74ba4aeeb..6903ccb51 100644 --- a/pkg/specgen/generate/config_linux_cgo.go +++ b/pkg/specgen/generate/config_linux_cgo.go @@ -7,7 +7,7 @@ import ( "context" "errors" "fmt" - "io/ioutil" + "os" "github.com/containers/common/libimage" goSeccomp "github.com/containers/common/pkg/seccomp" @@ -47,7 +47,7 @@ func getSeccompConfig(s *specgen.SpecGenerator, configSpec *spec.Spec, img *libi if s.SeccompProfilePath != "" { logrus.Debugf("Loading seccomp profile from %q", s.SeccompProfilePath) - seccompProfile, err := ioutil.ReadFile(s.SeccompProfilePath) + seccompProfile, err := os.ReadFile(s.SeccompProfilePath) if err != nil { return nil, fmt.Errorf("opening seccomp profile failed: %w", err) } diff --git a/pkg/specgen/generate/container.go b/pkg/specgen/generate/container.go index c18b5654a..736fa5ab3 100644 --- a/pkg/specgen/generate/container.go +++ b/pkg/specgen/generate/container.go @@ -352,7 +352,7 @@ func ConfigToSpec(rt *libpod.Runtime, specg *specgen.SpecGenerator, contaierID s if conf.Spec.Process != nil && conf.Spec.Process.Env != nil { env := make(map[string]string) for _, entry := range conf.Spec.Process.Env { - split := strings.Split(entry, "=") + split := strings.SplitN(entry, "=", 2) if len(split) == 2 { env[split[0]] = split[1] } diff --git a/pkg/specgen/generate/pause_image.go b/pkg/specgen/generate/pause_image.go index ddf35f230..1b502927f 100644 --- a/pkg/specgen/generate/pause_image.go +++ b/pkg/specgen/generate/pause_image.go @@ -3,7 +3,6 @@ package generate import ( "context" "fmt" - "io/ioutil" "os" buildahDefine "github.com/containers/buildah/define" @@ -62,7 +61,7 @@ func buildPauseImage(rt *libpod.Runtime, rtConfig *config.Config) (string, error COPY %s /catatonit ENTRYPOINT ["/catatonit", "-P"]`, catatonitPath) - tmpF, err := ioutil.TempFile("", "pause.containerfile") + tmpF, err := os.CreateTemp("", "pause.containerfile") if err != nil { return "", err } diff --git a/pkg/specgen/generate/validate.go b/pkg/specgen/generate/validate.go index e9ebdfce3..10997a202 100644 --- a/pkg/specgen/generate/validate.go +++ b/pkg/specgen/generate/validate.go @@ -3,7 +3,6 @@ package generate import ( "errors" "fmt" - "io/ioutil" "os" "path/filepath" @@ -180,7 +179,7 @@ func verifyContainerResourcesCgroupV2(s *specgen.SpecGenerator) ([]string, error // If running under the root cgroup try to create or reuse a "probe" cgroup to read memory values own = "podman_probe" _ = os.MkdirAll(filepath.Join("/sys/fs/cgroup", own), 0o755) - _ = ioutil.WriteFile("/sys/fs/cgroup/cgroup.subtree_control", []byte("+memory"), 0o644) + _ = os.WriteFile("/sys/fs/cgroup/cgroup.subtree_control", []byte("+memory"), 0o644) } memoryMax := filepath.Join("/sys/fs/cgroup", own, "memory.max") diff --git a/pkg/specgenutil/util.go b/pkg/specgenutil/util.go index b14e2a032..d61e57ce2 100644 --- a/pkg/specgenutil/util.go +++ b/pkg/specgenutil/util.go @@ -3,7 +3,6 @@ package specgenutil import ( "errors" "fmt" - "io/ioutil" "net" "os" "strconv" @@ -18,7 +17,7 @@ import ( // ReadPodIDFile reads the specified file and returns its content (i.e., first // line). func ReadPodIDFile(path string) (string, error) { - content, err := ioutil.ReadFile(path) + content, err := os.ReadFile(path) if err != nil { return "", fmt.Errorf("reading pod ID file: %w", err) } diff --git a/pkg/systemd/generate/containers.go b/pkg/systemd/generate/containers.go index 8510cfd42..71e9065ea 100644 --- a/pkg/systemd/generate/containers.go +++ b/pkg/systemd/generate/containers.go @@ -78,7 +78,7 @@ Requires={{{{- range $index, $value := .Requires }}}}{{{{ if $index}}}} {{{{end} {{{{- end}}}} [Service] -Environment={{{{.EnvVariable}}}}=%n{{{{- if (eq .IdentifySpecifier true) }}}}-%i{{{{- end}}}} +Environment={{{{.EnvVariable}}}}=%n{{{{- if (eq .IdentifySpecifier true) }}}}-%i {{{{- end}}}} {{{{- if .ExtraEnvs}}}} Environment={{{{- range $index, $value := .ExtraEnvs -}}}}{{{{if $index}}}} {{{{end}}}}{{{{ $value }}}}{{{{end}}}} {{{{- end}}}} @@ -254,6 +254,10 @@ func setContainerNameForTemplate(startCommand []string, info *containerInfo) ([] return startCommand, nil } +func formatOptionsString(cmd string) string { + return formatOptions(strings.Split(cmd, " ")) +} + func formatOptions(options []string) string { var formatted strings.Builder if len(options) == 0 { @@ -294,8 +298,8 @@ func executeContainerTemplate(info *containerInfo, options entities.GenerateSyst info.Type = "forking" info.EnvVariable = define.EnvVariable info.ExecStart = "{{{{.Executable}}}} start {{{{.ContainerNameOrID}}}}" - info.ExecStop = "{{{{.Executable}}}} stop {{{{if (ge .StopTimeout 0)}}}}-t {{{{.StopTimeout}}}}{{{{end}}}} {{{{.ContainerNameOrID}}}}" - info.ExecStopPost = "{{{{.Executable}}}} stop {{{{if (ge .StopTimeout 0)}}}}-t {{{{.StopTimeout}}}}{{{{end}}}} {{{{.ContainerNameOrID}}}}" + info.ExecStop = formatOptionsString("{{{{.Executable}}}} stop {{{{if (ge .StopTimeout 0)}}}} -t {{{{.StopTimeout}}}}{{{{end}}}} {{{{.ContainerNameOrID}}}}") + info.ExecStopPost = formatOptionsString("{{{{.Executable}}}} stop {{{{if (ge .StopTimeout 0)}}}} -t {{{{.StopTimeout}}}}{{{{end}}}} {{{{.ContainerNameOrID}}}}") for i, env := range info.AdditionalEnvVariables { info.AdditionalEnvVariables[i] = escapeSystemdArg(env) } @@ -312,9 +316,9 @@ func executeContainerTemplate(info *containerInfo, options entities.GenerateSyst info.NotifyAccess = "all" info.PIDFile = "" info.ContainerIDFile = "%t/%n.ctr-id" - info.ExecStartPre = "/bin/rm -f {{{{.ContainerIDFile}}}}" - info.ExecStop = "{{{{.Executable}}}} stop --ignore --cidfile={{{{.ContainerIDFile}}}}" - info.ExecStopPost = "{{{{.Executable}}}} rm -f --ignore --cidfile={{{{.ContainerIDFile}}}}" + info.ExecStartPre = formatOptionsString("/bin/rm -f {{{{.ContainerIDFile}}}}") + info.ExecStop = formatOptionsString("{{{{.Executable}}}} stop --ignore --cidfile={{{{.ContainerIDFile}}}}") + info.ExecStopPost = formatOptionsString("{{{{.Executable}}}} rm -f --ignore --cidfile={{{{.ContainerIDFile}}}}") // The create command must at least have three arguments: // /usr/bin/podman run $IMAGE index := 0 diff --git a/pkg/systemd/generate/containers_test.go b/pkg/systemd/generate/containers_test.go index 7f92e75b8..11e8f549e 100644 --- a/pkg/systemd/generate/containers_test.go +++ b/pkg/systemd/generate/containers_test.go @@ -57,8 +57,10 @@ Environment=PODMAN_SYSTEMD_UNIT=%n Restart=on-failure TimeoutStopSec=82 ExecStart=/usr/bin/podman start 639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401 -ExecStop=/usr/bin/podman stop -t 22 639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401 -ExecStopPost=/usr/bin/podman stop -t 22 639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401 +ExecStop=/usr/bin/podman stop \ + -t 22 639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401 +ExecStopPost=/usr/bin/podman stop \ + -t 22 639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401 PIDFile=/run/containers/storage/overlay-containers/639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401/userdata/conmon.pid Type=forking @@ -83,8 +85,10 @@ Environment=PODMAN_SYSTEMD_UNIT=%n Restart=on-failure TimeoutStopSec=70 ExecStart=/usr/bin/podman start foobar -ExecStop=/usr/bin/podman stop -t 10 foobar -ExecStopPost=/usr/bin/podman stop -t 10 foobar +ExecStop=/usr/bin/podman stop \ + -t 10 foobar +ExecStopPost=/usr/bin/podman stop \ + -t 10 foobar PIDFile=/run/containers/storage/overlay-containers/639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401/userdata/conmon.pid Type=forking @@ -107,8 +111,10 @@ Environment=PODMAN_SYSTEMD_UNIT=%n Restart=on-failure TimeoutStopSec=70 ExecStart=/usr/bin/podman start foobar -ExecStop=/usr/bin/podman stop -t 10 foobar -ExecStopPost=/usr/bin/podman stop -t 10 foobar +ExecStop=/usr/bin/podman stop \ + -t 10 foobar +ExecStopPost=/usr/bin/podman stop \ + -t 10 foobar PIDFile=/run/containers/storage/overlay-containers/639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401/userdata/conmon.pid Type=forking @@ -134,8 +140,10 @@ Environment=PODMAN_SYSTEMD_UNIT=%n Restart=on-failure TimeoutStopSec=70 ExecStart=/usr/bin/podman start foobar -ExecStop=/usr/bin/podman stop -t 10 foobar -ExecStopPost=/usr/bin/podman stop -t 10 foobar +ExecStop=/usr/bin/podman stop \ + -t 10 foobar +ExecStopPost=/usr/bin/podman stop \ + -t 10 foobar PIDFile=/run/containers/storage/overlay-containers/639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401/userdata/conmon.pid Type=forking @@ -161,8 +169,10 @@ Environment=PODMAN_SYSTEMD_UNIT=%n Restart=on-failure TimeoutStopSec=70 ExecStart=/usr/bin/podman start foobar -ExecStop=/usr/bin/podman stop -t 10 foobar -ExecStopPost=/usr/bin/podman stop -t 10 foobar +ExecStop=/usr/bin/podman stop \ + -t 10 foobar +ExecStopPost=/usr/bin/podman stop \ + -t 10 foobar PIDFile=/run/containers/storage/overlay-containers/639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401/userdata/conmon.pid Type=forking @@ -188,8 +198,10 @@ Environment=PODMAN_SYSTEMD_UNIT=%n Restart=on-failure TimeoutStopSec=70 ExecStart=/usr/bin/podman start foobar -ExecStop=/usr/bin/podman stop -t 10 foobar -ExecStopPost=/usr/bin/podman stop -t 10 foobar +ExecStop=/usr/bin/podman stop \ + -t 10 foobar +ExecStopPost=/usr/bin/podman stop \ + -t 10 foobar PIDFile=/run/containers/storage/overlay-containers/639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401/userdata/conmon.pid Type=forking @@ -217,8 +229,10 @@ Environment=PODMAN_SYSTEMD_UNIT=%n Restart=on-failure TimeoutStopSec=70 ExecStart=/usr/bin/podman start foobar -ExecStop=/usr/bin/podman stop -t 10 foobar -ExecStopPost=/usr/bin/podman stop -t 10 foobar +ExecStop=/usr/bin/podman stop \ + -t 10 foobar +ExecStopPost=/usr/bin/podman stop \ + -t 10 foobar PIDFile=/run/containers/storage/overlay-containers/639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401/userdata/conmon.pid Type=forking @@ -243,8 +257,10 @@ Environment=PODMAN_SYSTEMD_UNIT=%n Restart=on-failure TimeoutStopSec=70 ExecStart=/usr/bin/podman start foobar -ExecStop=/usr/bin/podman stop -t 10 foobar -ExecStopPost=/usr/bin/podman stop -t 10 foobar +ExecStop=/usr/bin/podman stop \ + -t 10 foobar +ExecStopPost=/usr/bin/podman stop \ + -t 10 foobar PIDFile=/run/containers/storage/overlay-containers/639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401/userdata/conmon.pid Type=forking @@ -266,7 +282,8 @@ RequiresMountsFor=/var/run/containers/storage Environment=PODMAN_SYSTEMD_UNIT=%n Restart=on-failure TimeoutStopSec=70 -ExecStartPre=/bin/rm -f %t/%n.ctr-id +ExecStartPre=/bin/rm \ + -f %t/%n.ctr-id ExecStart=/usr/bin/podman container run \ --cidfile=%t/%n.ctr-id \ --cgroups=no-conmon \ @@ -276,8 +293,13 @@ ExecStart=/usr/bin/podman container run \ --replace \ --name jadda-jadda \ --hostname hello-world awesome-image:latest command arg1 ... argN "foo=arg \"with \" space" -ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id -ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id +ExecStop=/usr/bin/podman stop \ + --ignore \ + --cidfile=%t/%n.ctr-id +ExecStopPost=/usr/bin/podman rm \ + -f \ + --ignore \ + --cidfile=%t/%n.ctr-id Type=notify NotifyAccess=all @@ -299,7 +321,8 @@ RequiresMountsFor=/var/run/containers/storage Environment=PODMAN_SYSTEMD_UNIT=%n Restart=on-failure TimeoutStopSec=70 -ExecStartPre=/bin/rm -f %t/%n.ctr-id +ExecStartPre=/bin/rm \ + -f %t/%n.ctr-id ExecStart=/usr/bin/podman container run \ --cidfile=%t/%n.ctr-id \ --cgroups=no-conmon \ @@ -309,8 +332,13 @@ ExecStart=/usr/bin/podman container run \ --sdnotify=container \ --name jadda-jadda \ --hostname hello-world awesome-image:latest command arg1 ... argN "foo=arg \"with \" space" -ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id -ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id +ExecStop=/usr/bin/podman stop \ + --ignore \ + --cidfile=%t/%n.ctr-id +ExecStopPost=/usr/bin/podman rm \ + -f \ + --ignore \ + --cidfile=%t/%n.ctr-id Type=notify NotifyAccess=all @@ -332,7 +360,8 @@ RequiresMountsFor=/var/run/containers/storage Environment=PODMAN_SYSTEMD_UNIT=%n Restart=on-failure TimeoutStopSec=70 -ExecStartPre=/bin/rm -f %t/%n.ctr-id +ExecStartPre=/bin/rm \ + -f %t/%n.ctr-id ExecStart=/usr/bin/podman container run \ --cidfile=%t/%n.ctr-id \ --cgroups=no-conmon \ @@ -342,8 +371,13 @@ ExecStart=/usr/bin/podman container run \ --replace \ --name jadda-jadda \ --hostname hello-world awesome-image:latest command arg1 ... argN "foo=arg \"with \" space" -ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id -ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id +ExecStop=/usr/bin/podman stop \ + --ignore \ + --cidfile=%t/%n.ctr-id +ExecStopPost=/usr/bin/podman rm \ + -f \ + --ignore \ + --cidfile=%t/%n.ctr-id Type=notify NotifyAccess=all @@ -365,7 +399,8 @@ RequiresMountsFor=/var/run/containers/storage Environment=PODMAN_SYSTEMD_UNIT=%n Restart=on-failure TimeoutStopSec=70 -ExecStartPre=/bin/rm -f %t/%n.ctr-id +ExecStartPre=/bin/rm \ + -f %t/%n.ctr-id ExecStart=/usr/bin/podman run \ --cidfile=%t/%n.ctr-id \ --cgroups=no-conmon \ @@ -375,8 +410,13 @@ ExecStart=/usr/bin/podman run \ -d \ --name jadda-jadda \ --hostname hello-world awesome-image:latest command arg1 ... argN -ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id -ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id +ExecStop=/usr/bin/podman stop \ + --ignore \ + --cidfile=%t/%n.ctr-id +ExecStopPost=/usr/bin/podman rm \ + -f \ + --ignore \ + --cidfile=%t/%n.ctr-id Type=notify NotifyAccess=all @@ -398,7 +438,8 @@ RequiresMountsFor=/var/run/containers/storage Environment=PODMAN_SYSTEMD_UNIT=%n Restart=on-failure TimeoutStopSec=70 -ExecStartPre=/bin/rm -f %t/%n.ctr-id +ExecStartPre=/bin/rm \ + -f %t/%n.ctr-id ExecStart=/usr/bin/podman run \ --cidfile=%t/%n.ctr-id \ --cgroups=no-conmon \ @@ -409,8 +450,13 @@ ExecStart=/usr/bin/podman run \ -d \ --name jadda-jadda \ --hostname hello-world awesome-image:latest command arg1 ... argN -ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id -ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id +ExecStop=/usr/bin/podman stop \ + --ignore \ + --cidfile=%t/%n.ctr-id +ExecStopPost=/usr/bin/podman rm \ + -f \ + --ignore \ + --cidfile=%t/%n.ctr-id Type=notify NotifyAccess=all @@ -432,7 +478,8 @@ RequiresMountsFor=/var/run/containers/storage Environment=PODMAN_SYSTEMD_UNIT=%n Restart=on-failure TimeoutStopSec=70 -ExecStartPre=/bin/rm -f %t/%n.ctr-id +ExecStartPre=/bin/rm \ + -f %t/%n.ctr-id ExecStart=/usr/bin/podman run \ --cidfile=%t/%n.ctr-id \ --cgroups=no-conmon \ @@ -442,8 +489,13 @@ ExecStart=/usr/bin/podman run \ --detach \ --name jadda-jadda \ --hostname hello-world awesome-image:latest command arg1 ... argN -ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id -ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id +ExecStop=/usr/bin/podman stop \ + --ignore \ + --cidfile=%t/%n.ctr-id +ExecStopPost=/usr/bin/podman rm \ + -f \ + --ignore \ + --cidfile=%t/%n.ctr-id Type=notify NotifyAccess=all @@ -465,15 +517,21 @@ RequiresMountsFor=/var/run/containers/storage Environment=PODMAN_SYSTEMD_UNIT=%n Restart=on-failure TimeoutStopSec=70 -ExecStartPre=/bin/rm -f %t/%n.ctr-id +ExecStartPre=/bin/rm \ + -f %t/%n.ctr-id ExecStart=/usr/bin/podman run \ --cidfile=%t/%n.ctr-id \ --cgroups=no-conmon \ --rm \ --sdnotify=conmon \ -d awesome-image:latest -ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id -ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id +ExecStop=/usr/bin/podman stop \ + --ignore \ + --cidfile=%t/%n.ctr-id +ExecStopPost=/usr/bin/podman rm \ + -f \ + --ignore \ + --cidfile=%t/%n.ctr-id Type=notify NotifyAccess=all @@ -496,7 +554,8 @@ RequiresMountsFor=/var/run/containers/storage Environment=PODMAN_SYSTEMD_UNIT=%n Restart=on-failure TimeoutStopSec=102 -ExecStartPre=/bin/rm -f %t/%n.ctr-id +ExecStartPre=/bin/rm \ + -f %t/%n.ctr-id ExecStart=/usr/bin/podman run \ --cidfile=%t/%n.ctr-id \ --cgroups=no-conmon \ @@ -505,8 +564,13 @@ ExecStart=/usr/bin/podman run \ ` + detachparam + ` awesome-image:latest -ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id -ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id +ExecStop=/usr/bin/podman stop \ + --ignore \ + --cidfile=%t/%n.ctr-id +ExecStopPost=/usr/bin/podman rm \ + -f \ + --ignore \ + --cidfile=%t/%n.ctr-id Type=notify NotifyAccess=all @@ -530,7 +594,8 @@ RequiresMountsFor=/var/run/containers/storage Environment=PODMAN_SYSTEMD_UNIT=%n Restart=on-failure TimeoutStopSec=102 -ExecStartPre=/bin/rm -f %t/%n.ctr-id +ExecStartPre=/bin/rm \ + -f %t/%n.ctr-id ExecStart=/usr/bin/podman run \ --cidfile=%t/%n.ctr-id \ --cgroups=no-conmon \ @@ -541,8 +606,13 @@ ExecStart=/usr/bin/podman run \ --name test \ -p 80:80 awesome-image:latest somecmd \ --detach=false -ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id -ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id +ExecStop=/usr/bin/podman stop \ + --ignore \ + --cidfile=%t/%n.ctr-id +ExecStopPost=/usr/bin/podman rm \ + -f \ + --ignore \ + --cidfile=%t/%n.ctr-id Type=notify NotifyAccess=all @@ -564,7 +634,8 @@ RequiresMountsFor=/var/run/containers/storage Environment=PODMAN_SYSTEMD_UNIT=%n Restart=on-failure TimeoutStopSec=102 -ExecStartPre=/bin/rm -f %t/%n.ctr-id +ExecStartPre=/bin/rm \ + -f %t/%n.ctr-id ExecStart=/usr/bin/podman \ --events-backend none \ --runroot /root run \ @@ -573,8 +644,13 @@ ExecStart=/usr/bin/podman \ --rm \ --sdnotify=conmon \ -d awesome-image:latest -ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id -ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id +ExecStop=/usr/bin/podman stop \ + --ignore \ + --cidfile=%t/%n.ctr-id +ExecStopPost=/usr/bin/podman rm \ + -f \ + --ignore \ + --cidfile=%t/%n.ctr-id Type=notify NotifyAccess=all @@ -596,15 +672,21 @@ RequiresMountsFor=/var/run/containers/storage Environment=PODMAN_SYSTEMD_UNIT=%n Restart=on-failure TimeoutStopSec=70 -ExecStartPre=/bin/rm -f %t/%n.ctr-id +ExecStartPre=/bin/rm \ + -f %t/%n.ctr-id ExecStart=/usr/bin/podman container run \ --cidfile=%t/%n.ctr-id \ --cgroups=no-conmon \ --rm \ --sdnotify=conmon \ -d awesome-image:latest -ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id -ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id +ExecStop=/usr/bin/podman stop \ + --ignore \ + --cidfile=%t/%n.ctr-id +ExecStopPost=/usr/bin/podman rm \ + -f \ + --ignore \ + --cidfile=%t/%n.ctr-id Type=notify NotifyAccess=all @@ -626,7 +708,8 @@ RequiresMountsFor=/var/run/containers/storage Environment=PODMAN_SYSTEMD_UNIT=%n Restart=on-failure TimeoutStopSec=70 -ExecStartPre=/bin/rm -f %t/%n.ctr-id +ExecStartPre=/bin/rm \ + -f %t/%n.ctr-id ExecStart=/usr/bin/podman run \ --cidfile=%t/%n.ctr-id \ --cgroups=no-conmon \ @@ -637,8 +720,13 @@ ExecStart=/usr/bin/podman run \ --name test \ --log-driver=journald \ --log-opt=tag={{.Name}} awesome-image:latest -ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id -ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id +ExecStop=/usr/bin/podman stop \ + --ignore \ + --cidfile=%t/%n.ctr-id +ExecStopPost=/usr/bin/podman rm \ + -f \ + --ignore \ + --cidfile=%t/%n.ctr-id Type=notify NotifyAccess=all @@ -660,7 +748,8 @@ RequiresMountsFor=/var/run/containers/storage Environment=PODMAN_SYSTEMD_UNIT=%n Restart=on-failure TimeoutStopSec=70 -ExecStartPre=/bin/rm -f %t/%n.ctr-id +ExecStartPre=/bin/rm \ + -f %t/%n.ctr-id ExecStart=/usr/bin/podman run \ --cidfile=%t/%n.ctr-id \ --cgroups=no-conmon \ @@ -670,8 +759,13 @@ ExecStart=/usr/bin/podman run \ --replace \ --name test awesome-image:latest sh \ -c "kill $$$$ && echo %%\\" -ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id -ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id +ExecStop=/usr/bin/podman stop \ + --ignore \ + --cidfile=%t/%n.ctr-id +ExecStopPost=/usr/bin/podman rm \ + -f \ + --ignore \ + --cidfile=%t/%n.ctr-id Type=notify NotifyAccess=all @@ -693,7 +787,8 @@ RequiresMountsFor=/var/run/containers/storage Environment=PODMAN_SYSTEMD_UNIT=%n Restart=on-failure TimeoutStopSec=70 -ExecStartPre=/bin/rm -f %t/%n.ctr-id +ExecStartPre=/bin/rm \ + -f %t/%n.ctr-id ExecStart=/usr/bin/podman run \ --cidfile=%t/%n.ctr-id \ --cgroups=no-conmon \ @@ -704,8 +799,13 @@ ExecStart=/usr/bin/podman run \ --cgroups=foo \ --conmon-pidfile=foo \ --cidfile=foo alpine -ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id -ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id +ExecStop=/usr/bin/podman stop \ + --ignore \ + --cidfile=%t/%n.ctr-id +ExecStopPost=/usr/bin/podman rm \ + -f \ + --ignore \ + --cidfile=%t/%n.ctr-id Type=notify NotifyAccess=all @@ -727,7 +827,8 @@ RequiresMountsFor=/var/run/containers/storage Environment=PODMAN_SYSTEMD_UNIT=%n Restart=on-failure TimeoutStopSec=70 -ExecStartPre=/bin/rm -f %t/%n.ctr-id +ExecStartPre=/bin/rm \ + -f %t/%n.ctr-id ExecStart=/usr/bin/podman run \ --cidfile=%t/%n.ctr-id \ --cgroups=no-conmon \ @@ -740,8 +841,13 @@ ExecStart=/usr/bin/podman run \ --conmon-pidfile=foo \ --cidfile=foo \ --pod-id-file /tmp/pod-foobar.pod-id-file alpine -ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id -ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id +ExecStop=/usr/bin/podman stop \ + --ignore \ + --cidfile=%t/%n.ctr-id +ExecStopPost=/usr/bin/podman rm \ + -f \ + --ignore \ + --cidfile=%t/%n.ctr-id Type=notify NotifyAccess=all @@ -764,7 +870,8 @@ Environment=PODMAN_SYSTEMD_UNIT=%n Environment=FOO=abc "BAR=my test" USER=%%a Restart=on-failure TimeoutStopSec=70 -ExecStartPre=/bin/rm -f %t/%n.ctr-id +ExecStartPre=/bin/rm \ + -f %t/%n.ctr-id ExecStart=/usr/bin/podman run \ --cidfile=%t/%n.ctr-id \ --cgroups=no-conmon \ @@ -775,8 +882,13 @@ ExecStart=/usr/bin/podman run \ --env=BAR \ --env=MYENV=2 \ -e USER awesome-image:latest -ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id -ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id +ExecStop=/usr/bin/podman stop \ + --ignore \ + --cidfile=%t/%n.ctr-id +ExecStopPost=/usr/bin/podman rm \ + -f \ + --ignore \ + --cidfile=%t/%n.ctr-id Type=notify NotifyAccess=all @@ -802,8 +914,10 @@ Environment=USER=%%a Restart=on-failure TimeoutStopSec=70 ExecStart=/usr/bin/podman start foobar -ExecStop=/usr/bin/podman stop -t 10 foobar -ExecStopPost=/usr/bin/podman stop -t 10 foobar +ExecStop=/usr/bin/podman stop \ + -t 10 foobar +ExecStopPost=/usr/bin/podman stop \ + -t 10 foobar PIDFile=/run/containers/storage/overlay-containers/639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401/userdata/conmon.pid Type=forking @@ -826,15 +940,21 @@ Environment=PODMAN_SYSTEMD_UNIT=%n Restart=on-failure StartLimitBurst=42 TimeoutStopSec=70 -ExecStartPre=/bin/rm -f %t/%n.ctr-id +ExecStartPre=/bin/rm \ + -f %t/%n.ctr-id ExecStart=/usr/bin/podman run \ --cidfile=%t/%n.ctr-id \ --cgroups=no-conmon \ --rm \ --sdnotify=conmon \ -d awesome-image:latest -ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id -ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id +ExecStop=/usr/bin/podman stop \ + --ignore \ + --cidfile=%t/%n.ctr-id +ExecStopPost=/usr/bin/podman rm \ + -f \ + --ignore \ + --cidfile=%t/%n.ctr-id Type=notify NotifyAccess=all @@ -856,7 +976,8 @@ RequiresMountsFor=/var/run/containers/storage Environment=PODMAN_SYSTEMD_UNIT=%n Restart=on-failure TimeoutStopSec=70 -ExecStartPre=/bin/rm -f %t/%n.ctr-id +ExecStartPre=/bin/rm \ + -f %t/%n.ctr-id ExecStart=/usr/bin/podman run \ --cidfile=%t/%n.ctr-id \ --cgroups=no-conmon \ @@ -864,8 +985,13 @@ ExecStart=/usr/bin/podman run \ --sdnotify=conmon \ -d \ -h hostname awesome-image:latest -ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id -ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id +ExecStop=/usr/bin/podman stop \ + --ignore \ + --cidfile=%t/%n.ctr-id +ExecStopPost=/usr/bin/podman rm \ + -f \ + --ignore \ + --cidfile=%t/%n.ctr-id Type=notify NotifyAccess=all @@ -888,7 +1014,8 @@ Environment=PODMAN_SYSTEMD_UNIT=%n-%i Restart=on-failure StartLimitBurst=42 TimeoutStopSec=70 -ExecStartPre=/bin/rm -f %t/%n.ctr-id +ExecStartPre=/bin/rm \ + -f %t/%n.ctr-id ExecStart=/usr/bin/podman run \ --name=container-foo-%i \ --cidfile=%t/%n.ctr-id \ @@ -896,8 +1023,13 @@ ExecStart=/usr/bin/podman run \ --rm \ --sdnotify=conmon \ -d awesome-image:latest -ExecStop=/usr/bin/podman stop --ignore --cidfile=%t/%n.ctr-id -ExecStopPost=/usr/bin/podman rm -f --ignore --cidfile=%t/%n.ctr-id +ExecStop=/usr/bin/podman stop \ + --ignore \ + --cidfile=%t/%n.ctr-id +ExecStopPost=/usr/bin/podman rm \ + -f \ + --ignore \ + --cidfile=%t/%n.ctr-id Type=notify NotifyAccess=all diff --git a/pkg/systemd/generate/pods.go b/pkg/systemd/generate/pods.go index 729a038a5..588bfb430 100644 --- a/pkg/systemd/generate/pods.go +++ b/pkg/systemd/generate/pods.go @@ -294,9 +294,9 @@ func executePodTemplate(info *podInfo, options entities.GenerateSystemdOptions) } info.EnvVariable = define.EnvVariable - info.ExecStart = "{{{{.Executable}}}} start {{{{.InfraNameOrID}}}}" - info.ExecStop = "{{{{.Executable}}}} stop {{{{if (ge .StopTimeout 0)}}}}-t {{{{.StopTimeout}}}}{{{{end}}}} {{{{.InfraNameOrID}}}}" - info.ExecStopPost = "{{{{.Executable}}}} stop {{{{if (ge .StopTimeout 0)}}}}-t {{{{.StopTimeout}}}}{{{{end}}}} {{{{.InfraNameOrID}}}}" + info.ExecStart = formatOptionsString("{{{{.Executable}}}} start {{{{.InfraNameOrID}}}}") + info.ExecStop = formatOptionsString("{{{{.Executable}}}} stop {{{{if (ge .StopTimeout 0)}}}} -t {{{{.StopTimeout}}}}{{{{end}}}} {{{{.InfraNameOrID}}}}") + info.ExecStopPost = formatOptionsString("{{{{.Executable}}}} stop {{{{if (ge .StopTimeout 0)}}}} -t {{{{.StopTimeout}}}}{{{{end}}}} {{{{.InfraNameOrID}}}}") // Assemble the ExecStart command when creating a new pod. // @@ -371,11 +371,11 @@ func executePodTemplate(info *podInfo, options entities.GenerateSystemdOptions) startCommand = append(startCommand, podCreateArgs...) startCommand = escapeSystemdArguments(startCommand) - info.ExecStartPre1 = "/bin/rm -f {{{{.PIDFile}}}} {{{{.PodIDFile}}}}" - info.ExecStartPre2 = strings.Join(startCommand, " ") - info.ExecStart = "{{{{.Executable}}}} {{{{if .RootFlags}}}}{{{{ .RootFlags}}}} {{{{end}}}}pod start --pod-id-file {{{{.PodIDFile}}}}" - info.ExecStop = "{{{{.Executable}}}} {{{{if .RootFlags}}}}{{{{ .RootFlags}}}} {{{{end}}}}pod stop --ignore --pod-id-file {{{{.PodIDFile}}}} {{{{if (ge .StopTimeout 0)}}}}-t {{{{.StopTimeout}}}}{{{{end}}}}" - info.ExecStopPost = "{{{{.Executable}}}} {{{{if .RootFlags}}}}{{{{ .RootFlags}}}} {{{{end}}}}pod rm --ignore -f --pod-id-file {{{{.PodIDFile}}}}" + info.ExecStartPre1 = formatOptionsString("/bin/rm -f {{{{.PIDFile}}}} {{{{.PodIDFile}}}}") + info.ExecStartPre2 = formatOptions(startCommand) + info.ExecStart = formatOptionsString("{{{{.Executable}}}} {{{{if .RootFlags}}}}{{{{ .RootFlags}}}} {{{{end}}}}pod start --pod-id-file {{{{.PodIDFile}}}}") + info.ExecStop = formatOptionsString("{{{{.Executable}}}} {{{{if .RootFlags}}}}{{{{ .RootFlags}}}} {{{{end}}}}pod stop --ignore --pod-id-file {{{{.PodIDFile}}}} {{{{if (ge .StopTimeout 0)}}}} -t {{{{.StopTimeout}}}}{{{{end}}}}") + info.ExecStopPost = formatOptionsString("{{{{.Executable}}}} {{{{if .RootFlags}}}}{{{{ .RootFlags}}}} {{{{end}}}}pod rm --ignore -f --pod-id-file {{{{.PodIDFile}}}}") } info.TimeoutStopSec = minTimeoutStopSec + info.StopTimeout diff --git a/pkg/systemd/generate/pods_test.go b/pkg/systemd/generate/pods_test.go index 000d73e9a..c44ab111e 100644 --- a/pkg/systemd/generate/pods_test.go +++ b/pkg/systemd/generate/pods_test.go @@ -79,8 +79,10 @@ Environment=PODMAN_SYSTEMD_UNIT=%n Restart=on-failure TimeoutStopSec=102 ExecStart=/usr/bin/podman start jadda-jadda-infra -ExecStop=/usr/bin/podman stop -t 42 jadda-jadda-infra -ExecStopPost=/usr/bin/podman stop -t 42 jadda-jadda-infra +ExecStop=/usr/bin/podman stop \ + -t 42 jadda-jadda-infra +ExecStopPost=/usr/bin/podman stop \ + -t 42 jadda-jadda-infra PIDFile=/run/containers/storage/overlay-containers/639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401/userdata/conmon.pid Type=forking @@ -107,8 +109,10 @@ Environment=PODMAN_SYSTEMD_UNIT=%n Restart=on-failure TimeoutStopSec=102 ExecStart=/usr/bin/podman start jadda-jadda-infra -ExecStop=/usr/bin/podman stop -t 42 jadda-jadda-infra -ExecStopPost=/usr/bin/podman stop -t 42 jadda-jadda-infra +ExecStop=/usr/bin/podman stop \ + -t 42 jadda-jadda-infra +ExecStopPost=/usr/bin/podman stop \ + -t 42 jadda-jadda-infra PIDFile=/run/containers/storage/overlay-containers/639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401/userdata/conmon.pid Type=forking @@ -136,8 +140,10 @@ Environment=PODMAN_SYSTEMD_UNIT=%n Restart=on-failure TimeoutStopSec=102 ExecStart=/usr/bin/podman start jadda-jadda-infra -ExecStop=/usr/bin/podman stop -t 42 jadda-jadda-infra -ExecStopPost=/usr/bin/podman stop -t 42 jadda-jadda-infra +ExecStop=/usr/bin/podman stop \ + -t 42 jadda-jadda-infra +ExecStopPost=/usr/bin/podman stop \ + -t 42 jadda-jadda-infra PIDFile=/run/containers/storage/overlay-containers/639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401/userdata/conmon.pid Type=forking @@ -164,8 +170,10 @@ Environment=PODMAN_SYSTEMD_UNIT=%n Restart=on-failure TimeoutStopSec=102 ExecStart=/usr/bin/podman start jadda-jadda-infra -ExecStop=/usr/bin/podman stop -t 42 jadda-jadda-infra -ExecStopPost=/usr/bin/podman stop -t 42 jadda-jadda-infra +ExecStop=/usr/bin/podman stop \ + -t 42 jadda-jadda-infra +ExecStopPost=/usr/bin/podman stop \ + -t 42 jadda-jadda-infra PIDFile=/run/containers/storage/overlay-containers/639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401/userdata/conmon.pid Type=forking @@ -192,8 +200,10 @@ Environment=PODMAN_SYSTEMD_UNIT=%n Restart=on-failure TimeoutStopSec=102 ExecStart=/usr/bin/podman start jadda-jadda-infra -ExecStop=/usr/bin/podman stop -t 42 jadda-jadda-infra -ExecStopPost=/usr/bin/podman stop -t 42 jadda-jadda-infra +ExecStop=/usr/bin/podman stop \ + -t 42 jadda-jadda-infra +ExecStopPost=/usr/bin/podman stop \ + -t 42 jadda-jadda-infra PIDFile=/run/containers/storage/overlay-containers/639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401/userdata/conmon.pid Type=forking @@ -222,8 +232,10 @@ Environment=PODMAN_SYSTEMD_UNIT=%n Restart=on-failure TimeoutStopSec=102 ExecStart=/usr/bin/podman start jadda-jadda-infra -ExecStop=/usr/bin/podman stop -t 42 jadda-jadda-infra -ExecStopPost=/usr/bin/podman stop -t 42 jadda-jadda-infra +ExecStop=/usr/bin/podman stop \ + -t 42 jadda-jadda-infra +ExecStopPost=/usr/bin/podman stop \ + -t 42 jadda-jadda-infra PIDFile=/run/containers/storage/overlay-containers/639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401/userdata/conmon.pid Type=forking @@ -246,11 +258,22 @@ Before= Environment=PODMAN_SYSTEMD_UNIT=%n Restart=on-failure TimeoutStopSec=70 -ExecStartPre=/bin/rm -f %t/pod-123abc.pid %t/pod-123abc.pod-id -ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-123abc.pid --pod-id-file %t/pod-123abc.pod-id --exit-policy=stop foo -ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-123abc.pod-id -ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-123abc.pod-id -t 10 -ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-123abc.pod-id +ExecStartPre=/bin/rm \ + -f %t/pod-123abc.pid %t/pod-123abc.pod-id +ExecStartPre=/usr/bin/podman pod create \ + --infra-conmon-pidfile %t/pod-123abc.pid \ + --pod-id-file %t/pod-123abc.pod-id \ + --exit-policy=stop foo +ExecStart=/usr/bin/podman pod start \ + --pod-id-file %t/pod-123abc.pod-id +ExecStop=/usr/bin/podman pod stop \ + --ignore \ + --pod-id-file %t/pod-123abc.pod-id \ + -t 10 +ExecStopPost=/usr/bin/podman pod rm \ + --ignore \ + -f \ + --pod-id-file %t/pod-123abc.pod-id PIDFile=%t/pod-123abc.pid Type=forking @@ -276,8 +299,10 @@ Restart=on-failure RestartSec=15 TimeoutStopSec=102 ExecStart=/usr/bin/podman start jadda-jadda-infra -ExecStop=/usr/bin/podman stop -t 42 jadda-jadda-infra -ExecStopPost=/usr/bin/podman stop -t 42 jadda-jadda-infra +ExecStop=/usr/bin/podman stop \ + -t 42 jadda-jadda-infra +ExecStopPost=/usr/bin/podman stop \ + -t 42 jadda-jadda-infra PIDFile=/run/containers/storage/overlay-containers/639c53578af4d84b8800b4635fa4e680ee80fd67e0e6a2d4eea48d1e3230f401/userdata/conmon.pid Type=forking @@ -301,11 +326,24 @@ Before=container-1.service container-2.service Environment=PODMAN_SYSTEMD_UNIT=%n Restart=on-failure TimeoutStopSec=70 -ExecStartPre=/bin/rm -f %t/pod-123abc.pid %t/pod-123abc.pod-id -ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-123abc.pid --pod-id-file %t/pod-123abc.pod-id --exit-policy=stop --name foo "bar=arg with space" --replace -ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-123abc.pod-id -ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-123abc.pod-id -t 10 -ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-123abc.pod-id +ExecStartPre=/bin/rm \ + -f %t/pod-123abc.pid %t/pod-123abc.pod-id +ExecStartPre=/usr/bin/podman pod create \ + --infra-conmon-pidfile %t/pod-123abc.pid \ + --pod-id-file %t/pod-123abc.pod-id \ + --exit-policy=stop \ + --name foo "bar=arg with space" \ + --replace +ExecStart=/usr/bin/podman pod start \ + --pod-id-file %t/pod-123abc.pod-id +ExecStop=/usr/bin/podman pod stop \ + --ignore \ + --pod-id-file %t/pod-123abc.pod-id \ + -t 10 +ExecStopPost=/usr/bin/podman pod rm \ + --ignore \ + -f \ + --pod-id-file %t/pod-123abc.pod-id PIDFile=%t/pod-123abc.pid Type=forking @@ -329,11 +367,26 @@ Before=container-1.service container-2.service Environment=PODMAN_SYSTEMD_UNIT=%n Restart=on-failure TimeoutStopSec=70 -ExecStartPre=/bin/rm -f %t/pod-123abc.pid %t/pod-123abc.pod-id -ExecStartPre=/usr/bin/podman --events-backend none --runroot /root pod create --infra-conmon-pidfile %t/pod-123abc.pid --pod-id-file %t/pod-123abc.pod-id --exit-policy=stop --name foo "bar=arg with space" --replace -ExecStart=/usr/bin/podman --events-backend none --runroot /root pod start --pod-id-file %t/pod-123abc.pod-id -ExecStop=/usr/bin/podman --events-backend none --runroot /root pod stop --ignore --pod-id-file %t/pod-123abc.pod-id -t 10 -ExecStopPost=/usr/bin/podman --events-backend none --runroot /root pod rm --ignore -f --pod-id-file %t/pod-123abc.pod-id +ExecStartPre=/bin/rm \ + -f %t/pod-123abc.pid %t/pod-123abc.pod-id +ExecStartPre=/usr/bin/podman \ + --events-backend none \ + --runroot /root pod create \ + --infra-conmon-pidfile %t/pod-123abc.pid \ + --pod-id-file %t/pod-123abc.pod-id \ + --exit-policy=stop \ + --name foo "bar=arg with space" \ + --replace +ExecStart=/usr/bin/podman --events-backend none --runroot /root pod start \ + --pod-id-file %t/pod-123abc.pod-id +ExecStop=/usr/bin/podman --events-backend none --runroot /root pod stop \ + --ignore \ + --pod-id-file %t/pod-123abc.pod-id \ + -t 10 +ExecStopPost=/usr/bin/podman --events-backend none --runroot /root pod rm \ + --ignore \ + -f \ + --pod-id-file %t/pod-123abc.pod-id PIDFile=%t/pod-123abc.pid Type=forking @@ -357,11 +410,24 @@ Before=container-1.service container-2.service Environment=PODMAN_SYSTEMD_UNIT=%n Restart=on-failure TimeoutStopSec=70 -ExecStartPre=/bin/rm -f %t/pod-123abc.pid %t/pod-123abc.pod-id -ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-123abc.pid --pod-id-file %t/pod-123abc.pod-id --exit-policy=stop --name foo --replace -ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-123abc.pod-id -ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-123abc.pod-id -t 10 -ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-123abc.pod-id +ExecStartPre=/bin/rm \ + -f %t/pod-123abc.pid %t/pod-123abc.pod-id +ExecStartPre=/usr/bin/podman pod create \ + --infra-conmon-pidfile %t/pod-123abc.pid \ + --pod-id-file %t/pod-123abc.pod-id \ + --exit-policy=stop \ + --name foo \ + --replace +ExecStart=/usr/bin/podman pod start \ + --pod-id-file %t/pod-123abc.pod-id +ExecStop=/usr/bin/podman pod stop \ + --ignore \ + --pod-id-file %t/pod-123abc.pod-id \ + -t 10 +ExecStopPost=/usr/bin/podman pod rm \ + --ignore \ + -f \ + --pod-id-file %t/pod-123abc.pod-id PIDFile=%t/pod-123abc.pid Type=forking @@ -385,11 +451,25 @@ Before=container-1.service container-2.service Environment=PODMAN_SYSTEMD_UNIT=%n Restart=on-failure TimeoutStopSec=70 -ExecStartPre=/bin/rm -f %t/pod-123abc.pid %t/pod-123abc.pod-id -ExecStartPre=/usr/bin/podman pod create --infra-conmon-pidfile %t/pod-123abc.pid --pod-id-file %t/pod-123abc.pod-id --name foo --label key={{someval}} --exit-policy=continue --replace -ExecStart=/usr/bin/podman pod start --pod-id-file %t/pod-123abc.pod-id -ExecStop=/usr/bin/podman pod stop --ignore --pod-id-file %t/pod-123abc.pod-id -t 10 -ExecStopPost=/usr/bin/podman pod rm --ignore -f --pod-id-file %t/pod-123abc.pod-id +ExecStartPre=/bin/rm \ + -f %t/pod-123abc.pid %t/pod-123abc.pod-id +ExecStartPre=/usr/bin/podman pod create \ + --infra-conmon-pidfile %t/pod-123abc.pid \ + --pod-id-file %t/pod-123abc.pod-id \ + --name foo \ + --label key={{someval}} \ + --exit-policy=continue \ + --replace +ExecStart=/usr/bin/podman pod start \ + --pod-id-file %t/pod-123abc.pod-id +ExecStop=/usr/bin/podman pod stop \ + --ignore \ + --pod-id-file %t/pod-123abc.pod-id \ + -t 10 +ExecStopPost=/usr/bin/podman pod rm \ + --ignore \ + -f \ + --pod-id-file %t/pod-123abc.pod-id PIDFile=%t/pod-123abc.pid Type=forking diff --git a/pkg/systemd/notifyproxy/notifyproxy.go b/pkg/systemd/notifyproxy/notifyproxy.go index 32fea48bf..4b92d9e6c 100644 --- a/pkg/systemd/notifyproxy/notifyproxy.go +++ b/pkg/systemd/notifyproxy/notifyproxy.go @@ -5,7 +5,6 @@ import ( "errors" "fmt" "io" - "io/ioutil" "net" "os" "strings" @@ -50,7 +49,7 @@ type NotifyProxy struct { // New creates a NotifyProxy. The specified temp directory can be left empty. func New(tmpDir string) (*NotifyProxy, error) { - tempFile, err := ioutil.TempFile(tmpDir, "-podman-notify-proxy.sock") + tempFile, err := os.CreateTemp(tmpDir, "-podman-notify-proxy.sock") if err != nil { return nil, err } diff --git a/pkg/trust/policy.go b/pkg/trust/policy.go index d746e78cf..e0c5e0689 100644 --- a/pkg/trust/policy.go +++ b/pkg/trust/policy.go @@ -7,7 +7,6 @@ import ( "encoding/json" "errors" "fmt" - "io/ioutil" "os" "os/exec" "path/filepath" @@ -72,7 +71,7 @@ type gpgIDReader func(string) []string // createTmpFile creates a temp file under dir and writes the content into it func createTmpFile(dir, pattern string, content []byte) (string, error) { - tmpfile, err := ioutil.TempFile(dir, pattern) + tmpfile, err := os.CreateTemp(dir, pattern) if err != nil { return "", err } @@ -133,7 +132,7 @@ func parseUids(colonDelimitKeys []byte) []string { // getPolicy parses policy.json into policyContent. func getPolicy(policyPath string) (policyContent, error) { var policyContentStruct policyContent - policyContent, err := ioutil.ReadFile(policyPath) + policyContent, err := os.ReadFile(policyPath) if err != nil { return policyContentStruct, fmt.Errorf("unable to read policy file: %w", err) } @@ -207,7 +206,7 @@ func AddPolicyEntries(policyPath string, input AddPolicyEntriesInput) error { _, err = os.Stat(policyPath) if !os.IsNotExist(err) { - policyContent, err := ioutil.ReadFile(policyPath) + policyContent, err := os.ReadFile(policyPath) if err != nil { return err } @@ -244,5 +243,5 @@ func AddPolicyEntries(policyPath string, input AddPolicyEntriesInput) error { if err != nil { return fmt.Errorf("setting trust policy: %w", err) } - return ioutil.WriteFile(policyPath, data, 0644) + return os.WriteFile(policyPath, data, 0644) } diff --git a/pkg/trust/registries.go b/pkg/trust/registries.go index 86d580059..ed7bca1d6 100644 --- a/pkg/trust/registries.go +++ b/pkg/trust/registries.go @@ -2,7 +2,6 @@ package trust import ( "fmt" - "io/ioutil" "os" "path/filepath" "strings" @@ -72,7 +71,7 @@ func loadAndMergeConfig(dirPath string) (*registryConfiguration, error) { continue } configPath := filepath.Join(dirPath, configName) - configBytes, err := ioutil.ReadFile(configPath) + configBytes, err := os.ReadFile(configPath) if err != nil { return nil, err } diff --git a/pkg/util/utils_freebsd.go b/pkg/util/utils_freebsd.go index 9b0d7c8c7..ba91308af 100644 --- a/pkg/util/utils_freebsd.go +++ b/pkg/util/utils_freebsd.go @@ -13,6 +13,6 @@ func GetContainerPidInformationDescriptors() ([]string, error) { return []string{}, errors.New("this function is not supported on freebsd") } -func AddPrivilegedDevices(g *generate.Generator) error { +func AddPrivilegedDevices(g *generate.Generator, systemdMode bool) error { return nil } diff --git a/pkg/util/utils_linux.go b/pkg/util/utils_linux.go index 7b2d98666..07927db1c 100644 --- a/pkg/util/utils_linux.go +++ b/pkg/util/utils_linux.go @@ -70,7 +70,7 @@ func FindDeviceNodes() (map[string]string, error) { return nodes, nil } -func AddPrivilegedDevices(g *generate.Generator) error { +func AddPrivilegedDevices(g *generate.Generator, systemdMode bool) error { hostDevices, err := getDevices("/dev") if err != nil { return err @@ -104,6 +104,9 @@ func AddPrivilegedDevices(g *generate.Generator) error { } } else { for _, d := range hostDevices { + if systemdMode && strings.HasPrefix(d.Path, "/dev/tty") { + continue + } g.AddDevice(d) } // Add resources device - need to clear the existing one first. |