From 9e941c2a780e9b34f482c5a150c1e237e4687639 Mon Sep 17 00:00:00 2001 From: "W. Trevor King" Date: Fri, 8 Mar 2019 21:10:35 -0800 Subject: [PATCH 1/6] docker/docker_client: Drop redundant Domain(ref.ref) call There have been redundant calls here since two ref.ref.Hostname() calls were added in aaedc642 (Implement lookaside storage for signatures for Docker registries, 2016-08-11, #52). At that point the two calls were separated by a dockerHostname check which could have been shifted by two lines to avoid the doubled function calls. But in f28367e1 (Add docker/config package to containers/image/pkg, 2017-08-29, #333) the dockerHostname check moved to a separate function entirely (newDockerClientWithDetails) while the Domain() calls remained together in newDockerClientFromRef. So now there is no longer any reason for the second call, and this commit drops it. Signed-off-by: W. Trevor King --- docker/docker_client.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/docker_client.go b/docker/docker_client.go index 43eb22ba22..40f11c62a9 100644 --- a/docker/docker_client.go +++ b/docker/docker_client.go @@ -197,7 +197,7 @@ func dockerCertDir(sys *types.SystemContext, hostPort string) (string, error) { // “write” specifies whether the client will be used for "write" access (in particular passed to lookaside.go:toplevelFromSection) func newDockerClientFromRef(sys *types.SystemContext, ref dockerReference, write bool, actions string) (*dockerClient, error) { registry := reference.Domain(ref.ref) - username, password, err := config.GetAuthentication(sys, reference.Domain(ref.ref)) + username, password, err := config.GetAuthentication(sys, registry) if err != nil { return nil, errors.Wrapf(err, "error getting username and password") } From 8e62d9f073a8698ad7766b2433d415c8f7a43603 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Tue, 19 Mar 2019 11:23:16 -0400 Subject: [PATCH 2/6] Vendor in latest containers/storage DefaultStorageOptions now is a function and takes a rootless argument and the UID of root within the container. Signed-off-by: Daniel J Walsh --- storage/storage_transport.go | 6 +++++- vendor.conf | 2 +- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/storage/storage_transport.go b/storage/storage_transport.go index 02d2f5c088..3a6be6e001 100644 --- a/storage/storage_transport.go +++ b/storage/storage_transport.go @@ -4,6 +4,7 @@ package storage import ( "fmt" + "os" "path/filepath" "strings" @@ -180,7 +181,10 @@ func (s *storageTransport) GetStore() (storage.Store, error) { // Return the transport's previously-set store. If we don't have one // of those, initialize one now. if s.store == nil { - options := storage.DefaultStoreOptions + options, err := storage.DefaultStoreOptions(os.Getuid() != 0, os.Getuid()) + if err != nil { + return nil, err + } options.UIDMap = s.defaultUIDMap options.GIDMap = s.defaultGIDMap store, err := storage.GetStore(options) diff --git a/vendor.conf b/vendor.conf index 1c5b6b3785..89b29722b9 100644 --- a/vendor.conf +++ b/vendor.conf @@ -1,7 +1,7 @@ github.com/containers/image github.com/sirupsen/logrus v1.0.0 -github.com/containers/storage master +github.com/containers/storage v1.12.1 github.com/davecgh/go-spew 346938d642f2ec3594ed81d874461961cd0faa76 github.com/docker/docker-credential-helpers d68f9aeca33f5fd3f08eeae5e9d175edf4e731d1 github.com/docker/distribution 5f6282db7d65e6d72ad7c2cc66310724a57be716 From a2ecef50c1f931f02fbc84ac3a85abaa508314b9 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Thu, 21 Mar 2019 17:39:25 -0400 Subject: [PATCH 3/6] release v1.6.0 Signed-off-by: Daniel J Walsh --- version/version.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/version/version.go b/version/version.go index 9915cb2fae..d65841ca14 100644 --- a/version/version.go +++ b/version/version.go @@ -4,14 +4,14 @@ import "fmt" const ( // VersionMajor is for an API incompatible changes - VersionMajor = 0 + VersionMajor = 1 // VersionMinor is for functionality in a backwards-compatible manner - VersionMinor = 1 + VersionMinor = 6 // VersionPatch is for backwards-compatible bug fixes - VersionPatch = 6 + VersionPatch = 0 // VersionDev indicates development branch. Releases will be empty string. - VersionDev = "-dev" + VersionDev = "" ) // Version is the specification version that the package types support. From 82d52f354298757050914e6d08f88fee36b960e3 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Thu, 21 Mar 2019 17:40:15 -0400 Subject: [PATCH 4/6] bump version to 1.7.0-dev Signed-off-by: Daniel J Walsh --- version/version.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/version/version.go b/version/version.go index d65841ca14..184274736d 100644 --- a/version/version.go +++ b/version/version.go @@ -6,12 +6,12 @@ const ( // VersionMajor is for an API incompatible changes VersionMajor = 1 // VersionMinor is for functionality in a backwards-compatible manner - VersionMinor = 6 + VersionMinor = 7 // VersionPatch is for backwards-compatible bug fixes VersionPatch = 0 // VersionDev indicates development branch. Releases will be empty string. - VersionDev = "" + VersionDev = "-dev" ) // Version is the specification version that the package types support. From 1802aab0bfdf89028f576e15b88de7e521f49757 Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Fri, 5 Apr 2019 09:54:49 +0200 Subject: [PATCH 5/6] blobinfocache: correctly detect the UID in a namespace for tools in containers/ we are using the env variable _CONTAINERS_ROOTLESS_UID when running in a user namespace to refer to the rootless UID that created the user namespace. Closes: https://github.com/containers/libpod/issues/2510#issuecomment-480066763 Signed-off-by: Giuseppe Scrivano --- pkg/blobinfocache/default.go | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/pkg/blobinfocache/default.go b/pkg/blobinfocache/default.go index 1e6e543b2f..357333215d 100644 --- a/pkg/blobinfocache/default.go +++ b/pkg/blobinfocache/default.go @@ -4,6 +4,7 @@ import ( "fmt" "os" "path/filepath" + "strconv" "github.com/containers/image/pkg/blobinfocache/boltdb" "github.com/containers/image/pkg/blobinfocache/memory" @@ -47,9 +48,18 @@ func blobInfoCacheDir(sys *types.SystemContext, euid int) (string, error) { return filepath.Join(dataDir, "containers", "cache"), nil } +func getRootlessUID() int { + uidEnv := os.Getenv("_CONTAINERS_ROOTLESS_UID") + if uidEnv != "" { + u, _ := strconv.Atoi(uidEnv) + return u + } + return os.Geteuid() +} + // DefaultCache returns the default BlobInfoCache implementation appropriate for sys. func DefaultCache(sys *types.SystemContext) types.BlobInfoCache { - dir, err := blobInfoCacheDir(sys, os.Geteuid()) + dir, err := blobInfoCacheDir(sys, getRootlessUID()) if err != nil { logrus.Debugf("Error determining a location for %s, using a memory-only cache", blobInfoCacheFilename) return memory.New() From 43fdadd31676cdfc4667a0cafec198cf5ed82b22 Mon Sep 17 00:00:00 2001 From: Giuseppe Scrivano Date: Sat, 6 Apr 2019 10:01:49 +0200 Subject: [PATCH 6/6] storage: fix UID detection in a namespace correctly detect the UID when running in rootless mode. Signed-off-by: Giuseppe Scrivano --- storage/storage_transport.go | 3 +-- vendor.conf | 2 +- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/storage/storage_transport.go b/storage/storage_transport.go index 3a6be6e001..c9a05e6c01 100644 --- a/storage/storage_transport.go +++ b/storage/storage_transport.go @@ -4,7 +4,6 @@ package storage import ( "fmt" - "os" "path/filepath" "strings" @@ -181,7 +180,7 @@ func (s *storageTransport) GetStore() (storage.Store, error) { // Return the transport's previously-set store. If we don't have one // of those, initialize one now. if s.store == nil { - options, err := storage.DefaultStoreOptions(os.Getuid() != 0, os.Getuid()) + options, err := storage.DefaultStoreOptionsAutoDetectUID() if err != nil { return nil, err } diff --git a/vendor.conf b/vendor.conf index 89b29722b9..477bba8f0d 100644 --- a/vendor.conf +++ b/vendor.conf @@ -1,7 +1,7 @@ github.com/containers/image github.com/sirupsen/logrus v1.0.0 -github.com/containers/storage v1.12.1 +github.com/containers/storage v1.12.2 github.com/davecgh/go-spew 346938d642f2ec3594ed81d874461961cd0faa76 github.com/docker/docker-credential-helpers d68f9aeca33f5fd3f08eeae5e9d175edf4e731d1 github.com/docker/distribution 5f6282db7d65e6d72ad7c2cc66310724a57be716