-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
generate systemd: support entrypoint JSON strings #12545
Conversation
Any idea what this flake is about? I've seen it three times this week:
Unfortunately it's not one that my flake-logger catches. |
No idea, probably need to make |
Error is:
I don't know what swagger or Egress are, so am not restarting. |
pkg/systemd/generate/common.go
Outdated
@@ -86,6 +86,32 @@ func filterCommonContainerFlags(command []string, argCount int) []string { | |||
return processed | |||
} | |||
|
|||
func escapeJSONString(s string) string { | |||
if strings.HasPrefix(s, "[") && strings.HasSuffix(s, "]") { | |||
return "'" + s + "'" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
my first question here is, what if s
includes singlequotes? But I can't figure out how to trigger this code, so I can't write a test case, and I need to move on to other stuff. Anyhow, maybe you could add that to your unit tests? Something like:
... --entrypoint "[\"sh\", \"-c\", \"date '+%s'\"]"
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This doesn't look like the correct fix to me. IMO the problem is that the quotes are not escaped what needs to be done is add "
to the match in escapeSystemdArg()
-> if strings.ContainsAny(arg, " \t\"") {
with that fix it should now correctly escape the qutoes.
Did you actually test it or do you guess? It's already escaped but the surrounding single quotes are the crux of the matter as far as I could see and test. |
It not escaped at the moment. With my proposed change:
$ git diff
diff --git a/pkg/systemd/generate/common.go b/pkg/systemd/generate/common.go
index 24c85a27e..8689e084c 100644
--- a/pkg/systemd/generate/common.go
+++ b/pkg/systemd/generate/common.go
@@ -101,7 +101,7 @@ func escapeSystemdArguments(command []string) []string {
func escapeSystemdArg(arg string) string {
arg = strings.ReplaceAll(arg, "$", "$$")
arg = strings.ReplaceAll(arg, "%", "%%")
- if strings.ContainsAny(arg, " \t") {
+ if strings.ContainsAny(arg, " \t\"") {
arg = strconv.Quote(arg)
} else if strings.Contains(arg, `\`) {
// strconv.Quote also escapes backslashes so |
@cevich PTAL |
Thanks, @Luap99. I'll take a look. |
Make sure to preserve the quoting of entrypoint JSON strings. Fixes: containers#12477 Signed-off-by: Valentin Rothberg <[email protected]>
@edsantiago @Luap99 PTanotherL |
I don't think this is us or our stuff (directly). This is coming from Let me move this download into the VM Image build process, that will help their egress limit as well as reduce the number of ways our CI can flake... |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
...opened containers/automation_images#103 I'll work it through the process into a separate PR here. |
Oh, I get it now. My earlier tests were useless because the existing I'm not convinced that this PR totally fixes everything. Could I suggest: - if strings.ContainsAny(arg, " \t\"") {
+ if strings.ContainsAny(arg, " \t\"'[]") { This will, I think, properly handle: $ ... --entrypoint "['top']" But I might be wrong. I don't understand the use cases for this. |
|
Then I don't know enough to approve this PR. What I can do is confirm that this PR behaves differently from podman-3.4.2-1.fc35, and in a way that (to my eye) looks improved: $ bin/podman create --name foo --entrypoint '["top"]' quay.io/libpod/testimage:20210610
838b457d88e3f5d9075ec41eb6fdb92e4f332f6ba3451d513a384608b23b787b
$ bin/podman generate systemd foo --new | grep -i entr
.... --entrypoint "[\"top\"]" <--- with /usr/bin/podman, yields: --entrypoint ["top"], no escapes |
LGTM |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: giuseppe, vrothberg The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Make sure to preserve the quoting of entrypoint JSON strings.
Fixes: #12477
Signed-off-by: Valentin Rothberg [email protected]