From 8b52204baa9a2715c4a976edfeb7b420b6336c0c Mon Sep 17 00:00:00 2001 From: Valentin Rothberg Date: Wed, 30 Jun 2021 11:32:48 +0200 Subject: vendor containers/common@7482cf851dcc Make sure that image events are written *after* execution. Fixes: #10812 Signed-off-by: Valentin Rothberg --- go.mod | 2 +- go.sum | 5 ++- .../github.com/containers/common/libimage/image.go | 10 +++--- .../github.com/containers/common/libimage/load.go | 2 +- .../containers/common/libimage/manifest_list.go | 2 +- .../github.com/containers/common/libimage/pull.go | 41 ++++++++++++++-------- .../github.com/containers/common/libimage/push.go | 2 +- .../github.com/containers/common/libimage/save.go | 4 +-- .../containers/common/pkg/sysinfo/numcpu_linux.go | 1 - .../containers/common/pkg/sysinfo/nummem_linux.go | 30 ++++++++++++++++ .../common/pkg/sysinfo/nummem_unsupported.go | 9 +++++ vendor/modules.txt | 2 +- 12 files changed, 79 insertions(+), 31 deletions(-) create mode 100644 vendor/github.com/containers/common/pkg/sysinfo/nummem_linux.go create mode 100644 vendor/github.com/containers/common/pkg/sysinfo/nummem_unsupported.go diff --git a/go.mod b/go.mod index 75b06af47..dbcb34319 100644 --- a/go.mod +++ b/go.mod @@ -12,7 +12,7 @@ require ( github.com/containernetworking/cni v0.8.1 github.com/containernetworking/plugins v0.9.1 github.com/containers/buildah v1.21.1-0.20210628174543-eadb10a12336 - github.com/containers/common v0.40.2-0.20210624120009-b1d3c4dc2515 + github.com/containers/common v0.40.2-0.20210630092122-7482cf851dcc github.com/containers/conmon v2.0.20+incompatible github.com/containers/image/v5 v5.13.2 github.com/containers/ocicrypt v1.1.2 diff --git a/go.sum b/go.sum index 1ced3a1c4..cc56a1d33 100644 --- a/go.sum +++ b/go.sum @@ -221,8 +221,8 @@ github.com/containernetworking/plugins v0.9.1/go.mod h1:xP/idU2ldlzN6m4p5LmGiwRD github.com/containers/buildah v1.21.1-0.20210628174543-eadb10a12336 h1:LAjAsDE6sxZnDoSzE384o/cRuTGGn1OMjkd9YIPT2bg= github.com/containers/buildah v1.21.1-0.20210628174543-eadb10a12336/go.mod h1:HZ2k0W/EREpNxr+AnRZQzjjBdhXLItp9yuzwAaVa6zM= github.com/containers/common v0.40.1/go.mod h1:X4F+6vmeAWKMMTNHlOBwOnkf5TQAkQACcuNsKjfcodw= -github.com/containers/common v0.40.2-0.20210624120009-b1d3c4dc2515 h1:ih6akqzrwgKFRxLzdoRBFRUlIGbDWPoDYxhn5GihfXM= -github.com/containers/common v0.40.2-0.20210624120009-b1d3c4dc2515/go.mod h1:J23CfuhN1fAg85q5HxS6SKYhKbGqmqieKQqoHaQbEI8= +github.com/containers/common v0.40.2-0.20210630092122-7482cf851dcc h1:7fqEcoNUaEHmg7gIFui2BDGU8sFpEU6xDxABxhYPOPw= +github.com/containers/common v0.40.2-0.20210630092122-7482cf851dcc/go.mod h1:H3H/223r/e2uAVUdwZxuiRkWPvxynORzh5iChjFJ43o= github.com/containers/conmon v2.0.20+incompatible h1:YbCVSFSCqFjjVwHTPINGdMX1F6JXHGTUje2ZYobNrkg= github.com/containers/conmon v2.0.20+incompatible/go.mod h1:hgwZ2mtuDrppv78a/cOBNiCm6O0UMWGx1mu7P00nu5I= github.com/containers/image/v5 v5.13.2 h1:AgYunV/9d2fRkrmo23wH2MkqeHolFd6oQCkK+1PpuFA= @@ -238,7 +238,6 @@ github.com/containers/psgo v1.5.2 h1:3aoozst/GIwsrr/5jnFy3FrJay98uujPCu9lTuSZ/Cw github.com/containers/psgo v1.5.2/go.mod h1:2ubh0SsreMZjSXW1Hif58JrEcFudQyIy9EzPUWfawVU= github.com/containers/storage v1.23.5/go.mod h1:ha26Q6ngehFNhf3AWoXldvAvwI4jFe3ETQAf/CeZPyM= github.com/containers/storage v1.32.2/go.mod h1:YIBxxjfXZTi04Ah49sh1uSGfmT1V89+I5i3deRobzQo= -github.com/containers/storage v1.32.3/go.mod h1:s1xFaWvj8qwm1+OnlbPE8RBzdTTpIWuHzVivOqzRKiQ= github.com/containers/storage v1.32.5 h1:DXgmyA+oOs7YAzKkEqgC5O8l2UuDGJcwEFbdt49qiak= github.com/containers/storage v1.32.5/go.mod h1:8/DVVDqniaUlUV0D0q7cEnXK6Bs2uU3FPqNZVPumwEs= github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= diff --git a/vendor/github.com/containers/common/libimage/image.go b/vendor/github.com/containers/common/libimage/image.go index f1272f507..19b929dc7 100644 --- a/vendor/github.com/containers/common/libimage/image.go +++ b/vendor/github.com/containers/common/libimage/image.go @@ -298,7 +298,7 @@ func (i *Image) remove(ctx context.Context, rmMap map[string]*RemoveImageReport, } if i.runtime.eventChannel != nil { - i.runtime.writeEvent(&Event{ID: i.ID(), Name: referencedBy, Time: time.Now(), Type: EventTypeImageRemove}) + defer i.runtime.writeEvent(&Event{ID: i.ID(), Name: referencedBy, Time: time.Now(), Type: EventTypeImageRemove}) } // Check if already visisted this image. @@ -450,7 +450,7 @@ func (i *Image) Tag(name string) error { logrus.Debugf("Tagging image %s with %q", i.ID(), ref.String()) if i.runtime.eventChannel != nil { - i.runtime.writeEvent(&Event{ID: i.ID(), Name: name, Time: time.Now(), Type: EventTypeImageTag}) + defer i.runtime.writeEvent(&Event{ID: i.ID(), Name: name, Time: time.Now(), Type: EventTypeImageTag}) } newNames := append(i.Names(), ref.String()) @@ -484,7 +484,7 @@ func (i *Image) Untag(name string) error { logrus.Debugf("Untagging %q from image %s", ref.String(), i.ID()) if i.runtime.eventChannel != nil { - i.runtime.writeEvent(&Event{ID: i.ID(), Name: name, Time: time.Now(), Type: EventTypeImageUntag}) + defer i.runtime.writeEvent(&Event{ID: i.ID(), Name: name, Time: time.Now(), Type: EventTypeImageUntag}) } removedName := false @@ -626,7 +626,7 @@ func (i *Image) RepoDigests() ([]string, error) { // evaluated path to the mount point. func (i *Image) Mount(ctx context.Context, mountOptions []string, mountLabel string) (string, error) { if i.runtime.eventChannel != nil { - i.runtime.writeEvent(&Event{ID: i.ID(), Name: "", Time: time.Now(), Type: EventTypeImageMount}) + defer i.runtime.writeEvent(&Event{ID: i.ID(), Name: "", Time: time.Now(), Type: EventTypeImageMount}) } mountPoint, err := i.runtime.store.MountImage(i.ID(), mountOptions, mountLabel) @@ -671,7 +671,7 @@ func (i *Image) Mountpoint() (string, error) { // unmount. func (i *Image) Unmount(force bool) error { if i.runtime.eventChannel != nil { - i.runtime.writeEvent(&Event{ID: i.ID(), Name: "", Time: time.Now(), Type: EventTypeImageUnmount}) + defer i.runtime.writeEvent(&Event{ID: i.ID(), Name: "", Time: time.Now(), Type: EventTypeImageUnmount}) } logrus.Debugf("Unmounted image %s", i.ID()) _, err := i.runtime.store.UnmountImage(i.ID(), force) diff --git a/vendor/github.com/containers/common/libimage/load.go b/vendor/github.com/containers/common/libimage/load.go index 856813356..33dc1a22f 100644 --- a/vendor/github.com/containers/common/libimage/load.go +++ b/vendor/github.com/containers/common/libimage/load.go @@ -25,7 +25,7 @@ func (r *Runtime) Load(ctx context.Context, path string, options *LoadOptions) ( logrus.Debugf("Loading image from %q", path) if r.eventChannel != nil { - r.writeEvent(&Event{ID: "", Name: path, Time: time.Now(), Type: EventTypeImageLoad}) + defer r.writeEvent(&Event{ID: "", Name: path, Time: time.Now(), Type: EventTypeImageLoad}) } var ( diff --git a/vendor/github.com/containers/common/libimage/manifest_list.go b/vendor/github.com/containers/common/libimage/manifest_list.go index e0673176c..73678131c 100644 --- a/vendor/github.com/containers/common/libimage/manifest_list.go +++ b/vendor/github.com/containers/common/libimage/manifest_list.go @@ -374,7 +374,7 @@ func (m *ManifestList) Push(ctx context.Context, destination string, options *Ma } if m.image.runtime.eventChannel != nil { - m.image.runtime.writeEvent(&Event{ID: m.ID(), Name: destination, Time: time.Now(), Type: EventTypeImagePush}) + defer m.image.runtime.writeEvent(&Event{ID: m.ID(), Name: destination, Time: time.Now(), Type: EventTypeImagePush}) } // NOTE: we're using the logic in copier to create a proper diff --git a/vendor/github.com/containers/common/libimage/pull.go b/vendor/github.com/containers/common/libimage/pull.go index 0a5e49fd2..d41bcd57b 100644 --- a/vendor/github.com/containers/common/libimage/pull.go +++ b/vendor/github.com/containers/common/libimage/pull.go @@ -102,7 +102,7 @@ func (r *Runtime) Pull(ctx context.Context, name string, pullPolicy config.PullP } if r.eventChannel != nil { - r.writeEvent(&Event{ID: "", Name: name, Time: time.Now(), Type: EventTypeImagePull}) + defer r.writeEvent(&Event{ID: "", Name: name, Time: time.Now(), Type: EventTypeImagePull}) } // Some callers may set the platform via the system context at creation @@ -384,18 +384,22 @@ func (r *Runtime) copySingleImageFromRegistry(ctx context.Context, imageName str } } - // Unless the pull policy is "always", we must pessimistically assume - // that the local image has an invalid architecture (see - // containers/podman/issues/10682). Hence, whenever the user requests - // a custom platform, set the pull policy to "always" to make sure - // we're pulling down the image. - // - // NOTE that this is will even override --pull={false,never}. This is - // very likely a bug but a consistent one in Podman/Buildah and should - // be addressed at a later point. - if pullPolicy != config.PullPolicyAlways && len(options.Architecture)+len(options.OS)+len(options.Variant) > 0 { - logrus.Debugf("Enforcing pull policy to %q to support custom platform (arch: %q, os: %q, variant: %q)", "always", options.Architecture, options.OS, options.Variant) - pullPolicy = config.PullPolicyAlways + customPlatform := false + if len(options.Architecture)+len(options.OS)+len(options.Variant) > 0 { + customPlatform = true + // Unless the pull policy is "always", we must pessimistically assume + // that the local image has an invalid architecture (see + // containers/podman/issues/10682). Hence, whenever the user requests + // a custom platform, set the pull policy to "always" to make sure + // we're pulling down the image. + // + // NOTE that this is will even override --pull={false,never}. This is + // very likely a bug but a consistent one in Podman/Buildah and should + // be addressed at a later point. + if pullPolicy != config.PullPolicyAlways { + logrus.Debugf("Enforcing pull policy to %q to support custom platform (arch: %q, os: %q, variant: %q)", "always", options.Architecture, options.OS, options.Variant) + pullPolicy = config.PullPolicyAlways + } } if pullPolicy == config.PullPolicyNever { @@ -422,8 +426,15 @@ func (r *Runtime) copySingleImageFromRegistry(ctx context.Context, imageName str } // If we found a local image, we should use it's locally resolved name - // (see containers/buildah #2904). - if localImage != nil { + // (see containers/buildah/issues/2904). An exception is if a custom + // platform is specified (e.g., `--arch=arm64`). In that case, we need + // to pessimistically pull the image since some images declare wrong + // platforms making platform checks absolutely unreliable (see + // containers/podman/issues/10682). + // + // In other words: multi-arch support can only be as good as the images + // in the wild. + if localImage != nil && !customPlatform { if imageName != resolvedImageName { logrus.Debugf("Image %s resolved to local image %s which will be used for pulling", imageName, resolvedImageName) } diff --git a/vendor/github.com/containers/common/libimage/push.go b/vendor/github.com/containers/common/libimage/push.go index a5e0cc11a..1896b796f 100644 --- a/vendor/github.com/containers/common/libimage/push.go +++ b/vendor/github.com/containers/common/libimage/push.go @@ -65,7 +65,7 @@ func (r *Runtime) Push(ctx context.Context, source, destination string, options } if r.eventChannel != nil { - r.writeEvent(&Event{ID: image.ID(), Name: destination, Time: time.Now(), Type: EventTypeImagePush}) + defer r.writeEvent(&Event{ID: image.ID(), Name: destination, Time: time.Now(), Type: EventTypeImagePush}) } // Buildah compat: Make sure to tag the destination image if it's a diff --git a/vendor/github.com/containers/common/libimage/save.go b/vendor/github.com/containers/common/libimage/save.go index 7afde6e17..e1b8c3f75 100644 --- a/vendor/github.com/containers/common/libimage/save.go +++ b/vendor/github.com/containers/common/libimage/save.go @@ -80,7 +80,7 @@ func (r *Runtime) saveSingleImage(ctx context.Context, name, format, path string } if r.eventChannel != nil { - r.writeEvent(&Event{ID: image.ID(), Name: path, Time: time.Now(), Type: EventTypeImageSave}) + defer r.writeEvent(&Event{ID: image.ID(), Name: path, Time: time.Now(), Type: EventTypeImageSave}) } // Unless the image was referenced by ID, use the resolved name as a @@ -183,7 +183,7 @@ func (r *Runtime) saveDockerArchive(ctx context.Context, names []string, path st } localImages[image.ID()] = local if r.eventChannel != nil { - r.writeEvent(&Event{ID: image.ID(), Name: path, Time: time.Now(), Type: EventTypeImageSave}) + defer r.writeEvent(&Event{ID: image.ID(), Name: path, Time: time.Now(), Type: EventTypeImageSave}) } } diff --git a/vendor/github.com/containers/common/pkg/sysinfo/numcpu_linux.go b/vendor/github.com/containers/common/pkg/sysinfo/numcpu_linux.go index f1d2d9db3..2b664c7f8 100644 --- a/vendor/github.com/containers/common/pkg/sysinfo/numcpu_linux.go +++ b/vendor/github.com/containers/common/pkg/sysinfo/numcpu_linux.go @@ -23,7 +23,6 @@ func numCPU() int { if err != 0 { return 0 } - // For every available thread a bit is set in the mask. ncpu := 0 for _, e := range mask { diff --git a/vendor/github.com/containers/common/pkg/sysinfo/nummem_linux.go b/vendor/github.com/containers/common/pkg/sysinfo/nummem_linux.go new file mode 100644 index 000000000..1fc4e6d19 --- /dev/null +++ b/vendor/github.com/containers/common/pkg/sysinfo/nummem_linux.go @@ -0,0 +1,30 @@ +// +build linux + +package sysinfo + +import ( + "unsafe" + + "golang.org/x/sys/unix" +) + +// NUMANodeCount queries the system for the count of Memory Nodes available +// for use to this process. +func NUMANodeCount() int { + MPOL_F_MEMS_ALLOWED := (1 << 2) + var mask [1024 / 64]uintptr + _, _, err := unix.RawSyscall6(unix.SYS_GET_MEMPOLICY, 0, uintptr(unsafe.Pointer(&mask[0])), uintptr(len(mask)*8), 0, uintptr(MPOL_F_MEMS_ALLOWED), 0) + if err != 0 { + return 0 + } + + // For every available thread a bit is set in the mask. + nmem := 0 + for _, e := range mask { + if e == 0 { + continue + } + nmem += int(popcnt(uint64(e))) + } + return nmem +} diff --git a/vendor/github.com/containers/common/pkg/sysinfo/nummem_unsupported.go b/vendor/github.com/containers/common/pkg/sysinfo/nummem_unsupported.go new file mode 100644 index 000000000..e3c851fe6 --- /dev/null +++ b/vendor/github.com/containers/common/pkg/sysinfo/nummem_unsupported.go @@ -0,0 +1,9 @@ +// +build windows, osx + +package sysinfo + +// NUMANodeCount queries the system for the count of Memory Nodes available +// for use to this process. Returns 0 on non NUMAs systems. +func NUMANodeCount() int { + return 0 +} diff --git a/vendor/modules.txt b/vendor/modules.txt index 3017646f0..f961939fb 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -93,7 +93,7 @@ github.com/containers/buildah/pkg/overlay github.com/containers/buildah/pkg/parse github.com/containers/buildah/pkg/rusage github.com/containers/buildah/util -# github.com/containers/common v0.40.2-0.20210624120009-b1d3c4dc2515 +# github.com/containers/common v0.40.2-0.20210630092122-7482cf851dcc github.com/containers/common/libimage github.com/containers/common/libimage/manifests github.com/containers/common/pkg/apparmor -- cgit v1.2.3-54-g00ecf