diff options
Diffstat (limited to 'vendor/github.com')
10 files changed, 100 insertions, 69 deletions
diff --git a/vendor/github.com/containers/common/pkg/apparmor/apparmor.go b/vendor/github.com/containers/common/pkg/apparmor/apparmor.go index 8046f45f5..146280df2 100644 --- a/vendor/github.com/containers/common/pkg/apparmor/apparmor.go +++ b/vendor/github.com/containers/common/pkg/apparmor/apparmor.go @@ -15,7 +15,6 @@ const ( ) var ( - // ErrApparmorUnsupported indicates that AppArmor support is not supported. ErrApparmorUnsupported = errors.New("AppArmor is not supported") // ErrApparmorRootless indicates that AppArmor support is not supported in rootless mode. diff --git a/vendor/github.com/containers/common/pkg/apparmor/apparmor_linux.go b/vendor/github.com/containers/common/pkg/apparmor/apparmor_linux.go index 307249f3d..e0b5c5677 100644 --- a/vendor/github.com/containers/common/pkg/apparmor/apparmor_linux.go +++ b/vendor/github.com/containers/common/pkg/apparmor/apparmor_linux.go @@ -5,7 +5,6 @@ package apparmor import ( "bufio" "bytes" - "fmt" "io" "os" "os/exec" @@ -47,7 +46,7 @@ type profileData struct { func (p *profileData) generateDefault(out io.Writer) error { compiled, err := template.New("apparmor_profile").Parse(defaultProfileTemplate) if err != nil { - return err + return errors.Wrap(err, "create AppArmor profile from template") } if macroExists("tunables/global") { @@ -62,11 +61,11 @@ func (p *profileData) generateDefault(out io.Writer) error { ver, err := getAAParserVersion() if err != nil { - return err + return errors.Wrap(err, "get AppArmor version") } p.Version = ver - return compiled.Execute(out, p) + return errors.Wrap(compiled.Execute(out, p), "execute compiled profile") } // macrosExists checks if the passed macro exists. @@ -89,28 +88,29 @@ func InstallDefault(name string) error { cmd := exec.Command("apparmor_parser", "-Kr") pipe, err := cmd.StdinPipe() if err != nil { - return err + return errors.Wrap(err, "execute apparmor_parser") } if err := cmd.Start(); err != nil { if pipeErr := pipe.Close(); pipeErr != nil { - logrus.Errorf("unable to close apparmor pipe: %q", pipeErr) + logrus.Errorf("unable to close AppArmor pipe: %q", pipeErr) } - return err + return errors.Wrap(err, "start apparmor_parser command") } if err := p.generateDefault(pipe); err != nil { if pipeErr := pipe.Close(); pipeErr != nil { - logrus.Errorf("unable to close apparmor pipe: %q", pipeErr) + logrus.Errorf("unable to close AppArmor pipe: %q", pipeErr) } if cmdErr := cmd.Wait(); cmdErr != nil { - logrus.Errorf("unable to wait for apparmor command: %q", cmdErr) + logrus.Errorf("unable to wait for AppArmor command: %q", cmdErr) } - return err + return errors.Wrap(err, "generate default profile into pipe") } if pipeErr := pipe.Close(); pipeErr != nil { - logrus.Errorf("unable to close apparmor pipe: %q", pipeErr) + logrus.Errorf("unable to close AppArmor pipe: %q", pipeErr) } - return cmd.Wait() + + return errors.Wrap(cmd.Wait(), "wait for AppArmor command") } // DefaultContent returns the default profile content as byte slice. The @@ -120,7 +120,7 @@ func DefaultContent(name string) ([]byte, error) { p := profileData{Name: name} var bytes bytes.Buffer if err := p.generateDefault(&bytes); err != nil { - return nil, err + return nil, errors.Wrap(err, "generate default AppAmor profile") } return bytes.Bytes(), nil } @@ -137,7 +137,7 @@ func IsLoaded(name string) (bool, error) { if os.IsNotExist(err) { return false, nil } - return false, err + return false, errors.Wrap(err, "open AppArmor profile path") } defer file.Close() @@ -148,7 +148,7 @@ func IsLoaded(name string) (bool, error) { break } if err != nil { - return false, err + return false, errors.Wrap(err, "reading AppArmor profile") } if strings.HasPrefix(p, name+" ") { return true, nil @@ -163,9 +163,9 @@ func execAAParser(dir string, args ...string) (string, error) { c := exec.Command("apparmor_parser", args...) c.Dir = dir - output, err := c.CombinedOutput() + output, err := c.Output() if err != nil { - return "", fmt.Errorf("running `%s %s` failed with output: %s\nerror: %v", c.Path, strings.Join(c.Args, " "), output, err) + return "", errors.Errorf("running `%s %s` failed with output: %s\nerror: %v", c.Path, strings.Join(c.Args, " "), output, err) } return string(output), nil @@ -175,7 +175,7 @@ func execAAParser(dir string, args ...string) (string, error) { func getAAParserVersion() (int, error) { output, err := execAAParser("", "--version") if err != nil { - return -1, err + return -1, errors.Wrap(err, "execute apparmor_parser") } return parseAAParserVersion(output) } @@ -194,7 +194,7 @@ func parseAAParserVersion(output string) (int, error) { // split by major minor version v := strings.Split(version, ".") if len(v) == 0 || len(v) > 3 { - return -1, fmt.Errorf("parsing version failed for output: `%s`", output) + return -1, errors.Errorf("parsing version failed for output: `%s`", output) } // Default the versions to 0. @@ -202,19 +202,19 @@ func parseAAParserVersion(output string) (int, error) { majorVersion, err := strconv.Atoi(v[0]) if err != nil { - return -1, err + return -1, errors.Wrap(err, "convert AppArmor major version") } if len(v) > 1 { minorVersion, err = strconv.Atoi(v[1]) if err != nil { - return -1, err + return -1, errors.Wrap(err, "convert AppArmor minor version") } } if len(v) > 2 { patchLevel, err = strconv.Atoi(v[2]) if err != nil { - return -1, err + return -1, errors.Wrap(err, "convert AppArmor patch version") } } @@ -251,7 +251,7 @@ func CheckProfileAndLoadDefault(name string) (string, error) { if name == "" { return "", nil } else { - return "", fmt.Errorf("profile %q specified but AppArmor is disabled on the host", name) + return "", errors.Errorf("profile %q specified but AppArmor is disabled on the host", name) } } @@ -262,10 +262,10 @@ func CheckProfileAndLoadDefault(name string) (string, error) { // name. isLoaded, err := IsLoaded(name) if err != nil { - return "", err + return "", errors.Wrapf(err, "verify if profile %s is loaded", name) } if !isLoaded { - return "", fmt.Errorf("AppArmor profile %q specified but not loaded", name) + return "", errors.Errorf("AppArmor profile %q specified but not loaded", name) } return name, nil } @@ -274,12 +274,12 @@ func CheckProfileAndLoadDefault(name string) (string, error) { // if it's loaded before installing it. isLoaded, err := IsLoaded(name) if err != nil { - return "", err + return "", errors.Wrapf(err, "verify if profile %s is loaded", name) } if !isLoaded { err = InstallDefault(name) if err != nil { - return "", err + return "", errors.Wrapf(err, "install profile %s", name) } logrus.Infof("successfully loaded AppAmor profile %q", name) } else { diff --git a/vendor/github.com/containers/common/pkg/auth/auth.go b/vendor/github.com/containers/common/pkg/auth/auth.go index c52dfa01f..91ab45f0d 100644 --- a/vendor/github.com/containers/common/pkg/auth/auth.go +++ b/vendor/github.com/containers/common/pkg/auth/auth.go @@ -150,9 +150,6 @@ func getRegistryName(server string) string { // gets the registry from the input. If the input is of the form // quay.io/myuser/myimage, it will parse it and just return quay.io split := strings.Split(server, "/") - if len(split) > 1 { - return split[0] - } return split[0] } diff --git a/vendor/github.com/containers/common/pkg/capabilities/capabilities.go b/vendor/github.com/containers/common/pkg/capabilities/capabilities.go index 941177489..ddfa53be8 100644 --- a/vendor/github.com/containers/common/pkg/capabilities/capabilities.go +++ b/vendor/github.com/containers/common/pkg/capabilities/capabilities.go @@ -57,9 +57,9 @@ func AllCapabilities() []string { return capabilityList } -// normalizeCapabilities normalizes caps by adding a "CAP_" prefix (if not yet +// NormalizeCapabilities normalizes caps by adding a "CAP_" prefix (if not yet // present). -func normalizeCapabilities(caps []string) ([]string, error) { +func NormalizeCapabilities(caps []string) ([]string, error) { normalized := make([]string, len(caps)) for i, c := range caps { c = strings.ToUpper(c) @@ -98,7 +98,7 @@ func MergeCapabilities(base, adds, drops []string) ([]string, error) { var caps []string // Normalize the base capabilities - base, err := normalizeCapabilities(base) + base, err := NormalizeCapabilities(base) if err != nil { return nil, err } @@ -106,11 +106,11 @@ func MergeCapabilities(base, adds, drops []string) ([]string, error) { // Nothing to tweak; we're done return base, nil } - capDrop, err := normalizeCapabilities(drops) + capDrop, err := NormalizeCapabilities(drops) if err != nil { return nil, err } - capAdd, err := normalizeCapabilities(adds) + capAdd, err := NormalizeCapabilities(adds) if err != nil { return nil, err } diff --git a/vendor/github.com/containers/common/pkg/config/config.go b/vendor/github.com/containers/common/pkg/config/config.go index 80c478505..e1bd4fc27 100644 --- a/vendor/github.com/containers/common/pkg/config/config.go +++ b/vendor/github.com/containers/common/pkg/config/config.go @@ -244,6 +244,11 @@ type EngineConfig struct { // LockType is the type of locking to use. LockType string `toml:"lock_type,omitempty"` + // MultiImageArchive - if true, the container engine allows for storing + // archives (e.g., of the docker-archive transport) with multiple + // images. By default, Podman creates single-image archives. + MultiImageArchive bool `toml:"multi_image_archive,omitempty"` + // Namespace is the engine namespace to use. Namespaces are used to create // scopes to separate containers and pods in the state. When namespace is // set, engine will only view containers and pods in the same namespace. All diff --git a/vendor/github.com/containers/common/pkg/config/config_local.go b/vendor/github.com/containers/common/pkg/config/config_local.go index 282eb80b7..b1d1644dd 100644 --- a/vendor/github.com/containers/common/pkg/config/config_local.go +++ b/vendor/github.com/containers/common/pkg/config/config_local.go @@ -7,6 +7,7 @@ import ( "os" "path/filepath" "regexp" + "strings" "syscall" units "github.com/docker/go-units" @@ -81,12 +82,24 @@ func (c *ContainersConfig) validateTZ() error { if c.TZ == "local" { return nil } - zonePath := filepath.Join("/usr/share/zoneinfo", c.TZ) - _, err := os.Stat(zonePath) - if err != nil { - return fmt.Errorf("Unrecognized timezone %s", zonePath) + + lookupPaths := []string{ + "/usr/share/zoneinfo", + "/etc/zoneinfo", } - return nil + + for _, paths := range lookupPaths { + zonePath := filepath.Join(paths, c.TZ) + if _, err := os.Stat(zonePath); err == nil { + // found zone information + return nil + } + } + + return fmt.Errorf( + "unable to find timezone %s in paths: %s", + c.TZ, strings.Join(lookupPaths, ", "), + ) } func (c *ContainersConfig) validateUmask() error { diff --git a/vendor/github.com/containers/common/pkg/config/containers.conf b/vendor/github.com/containers/common/pkg/config/containers.conf index 780df2a22..ff4d99bda 100644 --- a/vendor/github.com/containers/common/pkg/config/containers.conf +++ b/vendor/github.com/containers/common/pkg/config/containers.conf @@ -116,18 +116,13 @@ # # env = [ # "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", +# "TERM=xterm", # ] # Pass all host environment variables into the container. # # env_host = false -# Path to OCI hooks directories for automatically executed hooks. -# -# hooks_dir = [ -# "/usr/share/containers/oci/hooks.d", -# ] - # Default proxy environment variables passed into the container. # The environment variables passed in include: # http_proxy, https_proxy, ftp_proxy, no_proxy, and the upper case versions of @@ -299,6 +294,12 @@ # # events_logger = "journald" +# Path to OCI hooks directories for automatically executed hooks. +# +# hooks_dir = [ +# "/usr/share/containers/oci/hooks.d", +# ] + # Default transport method for pulling and pushing for images # # image_default_transport = "docker://" @@ -322,6 +323,12 @@ # # lock_type** = "shm" +# MultiImageArchive - if true, the container engine allows for storing archives +# (e.g., of the docker-archive transport) with multiple images. By default, +# Podman creates single-image archives. +# +# multi_image_archive = "false" + # Default engine namespace # If engine is joined to a namespace, it will see only containers and pods # that were created in the same namespace, and will create new containers and @@ -331,6 +338,10 @@ # # namespace = "" +# Path to the slirp4netns binary +# +# network_cmd_path="" + # Whether to use chroot instead of pivot_root in the runtime # # no_pivot_root = false diff --git a/vendor/github.com/containers/common/pkg/config/default.go b/vendor/github.com/containers/common/pkg/config/default.go index 57b703f53..2c398c538 100644 --- a/vendor/github.com/containers/common/pkg/config/default.go +++ b/vendor/github.com/containers/common/pkg/config/default.go @@ -12,6 +12,7 @@ import ( "github.com/containers/common/pkg/apparmor" "github.com/containers/common/pkg/cgroupv2" "github.com/containers/storage" + "github.com/containers/storage/pkg/homedir" "github.com/containers/storage/pkg/unshare" "github.com/opencontainers/selinux/go-selinux" "github.com/pkg/errors" @@ -94,8 +95,8 @@ const ( _installPrefix = "/usr" // _cniConfigDir is the directory where cni configuration is found _cniConfigDir = "/etc/cni/net.d/" - // _cniConfigDirRootless is the directory where cni plugins are found - _cniConfigDirRootless = ".config/cni/net.d/" + // _cniConfigDirRootless is the directory in XDG_CONFIG_HOME for cni plugins + _cniConfigDirRootless = "cni/net.d/" // CgroupfsCgroupsManager represents cgroupfs native cgroup manager CgroupfsCgroupsManager = "cgroupfs" // DefaultApparmorProfile specifies the default apparmor profile for the container. @@ -115,9 +116,9 @@ const ( // DefaultSignaturePolicyPath is the default value for the // policy.json file. DefaultSignaturePolicyPath = "/etc/containers/policy.json" - // DefaultRootlessSignaturePolicyPath is the default value for the - // rootless policy.json file. - DefaultRootlessSignaturePolicyPath = ".config/containers/policy.json" + // DefaultRootlessSignaturePolicyPath is the location within + // XDG_CONFIG_HOME of the rootless policy.json file. + DefaultRootlessSignaturePolicyPath = "containers/policy.json" // DefaultShmSize default value DefaultShmSize = "65536k" // DefaultUserNSSize default value @@ -144,11 +145,11 @@ func DefaultConfig() (*Config, error) { defaultEngineConfig.SignaturePolicyPath = DefaultSignaturePolicyPath if unshare.IsRootless() { - home, err := unshare.HomeDir() + configHome, err := homedir.GetConfigHome() if err != nil { return nil, err } - sigPath := filepath.Join(home, DefaultRootlessSignaturePolicyPath) + sigPath := filepath.Join(configHome, DefaultRootlessSignaturePolicyPath) defaultEngineConfig.SignaturePolicyPath = sigPath if _, err := os.Stat(sigPath); err != nil { if _, err := os.Stat(DefaultSignaturePolicyPath); err == nil { @@ -156,7 +157,7 @@ func DefaultConfig() (*Config, error) { } } netns = "slirp4netns" - cniConfig = filepath.Join(home, _cniConfigDirRootless) + cniConfig = filepath.Join(configHome, _cniConfigDirRootless) } cgroupNS := "host" @@ -181,6 +182,7 @@ func DefaultConfig() (*Config, error) { EnableLabeling: selinuxEnabled(), Env: []string{ "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", + "TERM=xterm", }, EnvHost: false, HTTPProxy: false, @@ -222,10 +224,16 @@ func defaultConfigFromMemory() (*EngineConfig, error) { c.EventsLogFilePath = filepath.Join(c.TmpDir, "events", "events.log") - storeOpts, err := storage.DefaultStoreOptions(unshare.IsRootless(), unshare.GetRootlessUID()) - if err != nil { - return nil, err + var storeOpts storage.StoreOptions + if path, ok := os.LookupEnv("CONTAINERS_STORAGE_CONF"); ok { + storage.ReloadConfigurationFile(path, &storeOpts) + } else { + storeOpts, err = storage.DefaultStoreOptions(unshare.IsRootless(), unshare.GetRootlessUID()) + if err != nil { + return nil, err + } } + if storeOpts.GraphRoot == "" { logrus.Warnf("Storage configuration is unset - using hardcoded default graph root %q", _defaultGraphRoot) storeOpts.GraphRoot = _defaultGraphRoot diff --git a/vendor/github.com/containers/common/pkg/config/libpodConfig.go b/vendor/github.com/containers/common/pkg/config/libpodConfig.go index ab507e864..9d04da7f5 100644 --- a/vendor/github.com/containers/common/pkg/config/libpodConfig.go +++ b/vendor/github.com/containers/common/pkg/config/libpodConfig.go @@ -197,6 +197,10 @@ func newLibpodConfig(c *Config) error { return errors.Wrapf(err, "error finding config on system") } + if len(configs) == 0 { + return nil + } + for _, path := range configs { config, err = readLibpodConfigFromFile(path, config) if err != nil { @@ -226,7 +230,7 @@ func newLibpodConfig(c *Config) error { // hard code EventsLogger to "file" to match older podman versions. if config.EventsLogger != "file" { - logrus.Debugf("Ignoring libpod.conf EventsLogger setting %q. Use %q if you want to change this setting and remove libpod.conf files.", Path(), config.EventsLogger) + logrus.Warnf("Ignoring libpod.conf EventsLogger setting %q. Use %q if you want to change this setting and remove libpod.conf files.", config.EventsLogger, Path()) config.EventsLogger = "file" } @@ -260,9 +264,7 @@ func systemLibpodConfigs() ([]string, error) { if err != nil { containersConfPath = filepath.Join("$HOME", UserOverrideContainersConfig) } - // TODO: Raise to Warnf, when Podman is updated to - // remove libpod.conf by default - logrus.Debugf("Found deprecated file %s, please remove. Use %s to override defaults.\n", Path(), containersConfPath) + logrus.Warnf("Found deprecated file %s, please remove. Use %s to override defaults.\n", path, containersConfPath) return []string{path}, nil } return nil, err @@ -270,15 +272,11 @@ func systemLibpodConfigs() ([]string, error) { configs := []string{} if _, err := os.Stat(_rootConfigPath); err == nil { - // TODO: Raise to Warnf, when Podman is updated to - // remove libpod.conf by default - logrus.Debugf("Found deprecated file %s, please remove. Use %s to override defaults.\n", _rootConfigPath, OverrideContainersConfig) + logrus.Warnf("Found deprecated file %s, please remove. Use %s to override defaults.\n", _rootConfigPath, OverrideContainersConfig) configs = append(configs, _rootConfigPath) } if _, err := os.Stat(_rootOverrideConfigPath); err == nil { - // TODO: Raise to Warnf, when Podman is updated to - // remove libpod.conf by default - logrus.Debugf("Found deprecated file %s, please remove. Use %s to override defaults.\n", _rootOverrideConfigPath, OverrideContainersConfig) + logrus.Warnf("Found deprecated file %s, please remove. Use %s to override defaults.\n", _rootOverrideConfigPath, OverrideContainersConfig) configs = append(configs, _rootOverrideConfigPath) } return configs, nil diff --git a/vendor/github.com/containers/common/version/version.go b/vendor/github.com/containers/common/version/version.go index 6b226eabe..536e88076 100644 --- a/vendor/github.com/containers/common/version/version.go +++ b/vendor/github.com/containers/common/version/version.go @@ -1,4 +1,4 @@ package version // Version is the version of the build. -const Version = "0.18.0" +const Version = "0.20.3" |