From 58cf0d4622ea280382dccdb527c483afd3f16562 Mon Sep 17 00:00:00 2001 From: Valentin Rothberg Date: Mon, 8 Nov 2021 14:16:13 +0100 Subject: [PATCH 1/3] Revert "add kubernetes pause" This reverts commit 9d2b8d2791c23b83b6155b046099a83483860c56 since catatonit's new pause functionality can replace the `pause` binary entirely. Signed-off-by: Valentin Rothberg --- Makefile | 23 +++---------- contrib/spec/podman.spec.in | 1 - pause/pause.c | 69 ------------------------------------- 3 files changed, 4 insertions(+), 89 deletions(-) delete mode 100644 pause/pause.c diff --git a/Makefile b/Makefile index 47f30e5faf..2b8154752f 100644 --- a/Makefile +++ b/Makefile @@ -186,10 +186,6 @@ ifdef HOMEBREW_PREFIX endif endif -# For building pause/pause.c -GCC ?= gcc -PAUSE_CFLAGS = -Os -static -Wall -Werror -DVERSION=v$(RELEASE_VERSION) - ### ### Primary entry-point targets ### @@ -201,7 +197,7 @@ default: all all: binaries docs .PHONY: binaries -binaries: podman podman-remote rootlessport pause +binaries: podman podman-remote rootlessport ## Build podman, podman-remote and rootlessport binaries # Extract text following double-# for targets, as their description for # the `help` target. Otherwise These simple-substitutions are resolved @@ -379,12 +375,6 @@ bin/rootlessport: .gopathok $(SOURCES) go.mod go.sum .PHONY: rootlessport rootlessport: bin/rootlessport -bin/pause: pause/pause.c - $(GCC) $(PAUSE_CFLAGS) pause/pause.c -o bin/pause - -.PHONY: pause -pause: bin/pause - ### ### Secondary binary-build targets ### @@ -744,7 +734,7 @@ install.remote-nobuild: install.remote: podman-remote install.remote-nobuild .PHONY: install.bin-nobuild -install.bin-nobuild: install.pause +install.bin-nobuild: install ${SELINUXOPT} -d -m 755 $(DESTDIR)$(BINDIR) install ${SELINUXOPT} -m 755 bin/podman $(DESTDIR)$(BINDIR)/podman test -z "${SELINUXOPT}" || chcon --verbose --reference=$(DESTDIR)$(BINDIR)/podman bin/podman @@ -798,10 +788,8 @@ install.docker-docs-nobuild: .PHONY: install.docker-docs install.docker-docs: docker-docs install.docker-docs-nobuild -.PHONY: install.pause -install.pause: pause - install ${SELINUXOPT} -m 755 -d $(DESTDIR)$(LIBEXECPODMAN)/pause - install ${SELINUXOPT} -m 755 bin/pause $(DESTDIR)$(LIBEXECPODMAN)/pause/pause +.PHONY: install.docker-full +install.docker-full: install.docker install.docker-docs .PHONY: install.systemd ifneq (,$(findstring systemd,$(BUILDTAGS))) @@ -832,9 +820,6 @@ else install.systemd: endif -.PHONY: install.pause -install.pause: pause - .PHONY: install.tools install.tools: .install.goimports .install.gitvalidation .install.md2man .install.ginkgo .install.golangci-lint .install.bats ## Install needed tools diff --git a/contrib/spec/podman.spec.in b/contrib/spec/podman.spec.in index 474add1af9..95c3cb5e2c 100644 --- a/contrib/spec/podman.spec.in +++ b/contrib/spec/podman.spec.in @@ -529,7 +529,6 @@ export GOPATH=%{buildroot}/%{gopath}:$(pwd)/vendor:%{gopath} %{_usr}/lib/tmpfiles.d/podman.conf %dir %{_libexecdir}/%{name} %{_libexecdir}/%{name}/rootlessport -%{_libexecdir}/%{name}/pause/pause %if 0%{?with_devel} %files -n libpod-devel -f devel.file-list diff --git a/pause/pause.c b/pause/pause.c deleted file mode 100644 index 1e363bd7a7..0000000000 --- a/pause/pause.c +++ /dev/null @@ -1,69 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. -Copyright 2021 The Podman Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -#include -#include -#include -#include -#include -#include -#include - -#define STRINGIFY(x) #x -#define VERSION_STRING(x) STRINGIFY(x) - -#ifndef VERSION -#define VERSION HEAD -#endif - -static void sigdown(int signo) { - psignal(signo, "Shutting down, got signal"); - exit(0); -} - -static void sigreap(int signo) { - while (waitpid(-1, NULL, WNOHANG) > 0) - ; -} - -int main(int argc, char **argv) { - int i; - for (i = 1; i < argc; ++i) { - if (!strcasecmp(argv[i], "-v")) { - printf("pause.c %s\n", VERSION_STRING(VERSION)); - return 0; - } - } - - if (getpid() != 1) - /* Not an error because pause sees use outside of infra containers. */ - fprintf(stderr, "Warning: pause should be the first process\n"); - - if (sigaction(SIGINT, &(struct sigaction){.sa_handler = sigdown}, NULL) < 0) - return 1; - if (sigaction(SIGTERM, &(struct sigaction){.sa_handler = sigdown}, NULL) < 0) - return 2; - if (sigaction(SIGCHLD, &(struct sigaction){.sa_handler = sigreap, - .sa_flags = SA_NOCLDSTOP}, - NULL) < 0) - return 3; - - for (;;) - pause(); - fprintf(stderr, "Error: infinite loop terminated\n"); - return 42; -} From 5934e4c9b50020e0099a71233ae4f9ba9356215f Mon Sep 17 00:00:00 2001 From: Valentin Rothberg Date: Mon, 8 Nov 2021 14:29:44 +0100 Subject: [PATCH 2/3] infra container: replace pause with catatonit Podman has been using catatonit for a number of years already. Thanks to @giuseppe, catatonit is now able to run as a pause process which allows us to replace the pause binary entirely. Signed-off-by: Valentin Rothberg --- contrib/spec/podman.spec.in | 1 + pkg/specgen/generate/pod_create.go | 13 +++++-------- test/apiv2/40-pods.at | 4 ++-- test/e2e/pod_create_test.go | 4 ++-- 4 files changed, 10 insertions(+), 12 deletions(-) diff --git a/contrib/spec/podman.spec.in b/contrib/spec/podman.spec.in index 95c3cb5e2c..cb041df6cc 100644 --- a/contrib/spec/podman.spec.in +++ b/contrib/spec/podman.spec.in @@ -58,6 +58,7 @@ BuildRequires: libselinux-devel BuildRequires: pkgconfig BuildRequires: make BuildRequires: systemd-devel +Requires: catatonit >= 0.1.7 Requires: containers-common Requires: conmon Requires: containernetworking-plugins >= 0.6.0-3 diff --git a/pkg/specgen/generate/pod_create.go b/pkg/specgen/generate/pod_create.go index bfd81739a1..72dd249e76 100644 --- a/pkg/specgen/generate/pod_create.go +++ b/pkg/specgen/generate/pod_create.go @@ -29,19 +29,16 @@ func buildPauseImage(rt *libpod.Runtime, rtConfig *config.Config) (string, error return imageName, nil } - // NOTE: Having the pause binary in its own directory keeps the door - // open for replacing the image building with using an overlay root FS. - // The latter turned out to be complex and error prone (see #11956) but - // we may be able to come up with a proper solution at a later point in - // time. - pausePath, err := rtConfig.FindHelperBinary("pause/pause", false) + // Also look into the path as some distributions install catatonit in + // /usr/bin. + catatonitPath, err := rtConfig.FindHelperBinary("catatonit", true) if err != nil { return "", fmt.Errorf("finding pause binary: %w", err) } buildContent := fmt.Sprintf(`FROM scratch -COPY %s /pause -ENTRYPOINT ["/pause"]`, pausePath) +COPY %s /catatonit +ENTRYPOINT ["/catatonit", "-P"]`, catatonitPath) tmpF, err := ioutil.TempFile("", "pause.containerfile") if err != nil { diff --git a/test/apiv2/40-pods.at b/test/apiv2/40-pods.at index f45e85f617..0a52012137 100644 --- a/test/apiv2/40-pods.at +++ b/test/apiv2/40-pods.at @@ -110,11 +110,11 @@ t GET libpod/pods/fakename/top 404 \ .cause="no such pod" t GET libpod/pods/foo/top 200 \ - .Processes[0][-1]="/pause" \ + .Processes[0][-1]="/catatonit -P" \ .Titles[-1]="COMMAND" t GET libpod/pods/foo/top?ps_args=args,pid 200 \ - .Processes[0][0]="/pause" \ + .Processes[0][0]="/catatonit -P" \ .Processes[0][1]="1" \ .Titles[0]="COMMAND" \ .Titles[1]="PID" \ diff --git a/test/e2e/pod_create_test.go b/test/e2e/pod_create_test.go index 12aeffd1b2..f5a2caad76 100644 --- a/test/e2e/pod_create_test.go +++ b/test/e2e/pod_create_test.go @@ -369,13 +369,13 @@ var _ = Describe("Podman pod create", func() { check1 := podmanTest.Podman([]string{"container", "inspect", "--format", "{{.Config.Entrypoint}}", data.Containers[0].ID}) check1.WaitWithDefaultTimeout() Expect(check1).Should(Exit(0)) - Expect(check1.OutputToString()).To(Equal("/pause")) + Expect(check1.OutputToString()).To(Equal("/catatonit -P")) // check the Path and Args check2 := podmanTest.Podman([]string{"container", "inspect", "--format", "{{.Path}}:{{.Args}}", data.Containers[0].ID}) check2.WaitWithDefaultTimeout() Expect(check2).Should(Exit(0)) - Expect(check2.OutputToString()).To(Equal("/pause:[/pause]")) + Expect(check2.OutputToString()).To(Equal("/catatonit:[-P]")) }) It("podman create pod with --infra-command", func() { From c8790bfbbb845450608adc7a0a03b77979165f42 Mon Sep 17 00:00:00 2001 From: Valentin Rothberg Date: Wed, 10 Nov 2021 17:08:57 +0100 Subject: [PATCH 3/3] cirrus: force-install catatonit A temporary workaround until the CI images are updated. Signed-off-by: Valentin Rothberg --- contrib/cirrus/setup_environment.sh | 7 ++++++ hack/install_catatonit.sh | 33 +++++++++++++++-------------- 2 files changed, 24 insertions(+), 16 deletions(-) diff --git a/contrib/cirrus/setup_environment.sh b/contrib/cirrus/setup_environment.sh index 3786054a74..90d28b7ac0 100755 --- a/contrib/cirrus/setup_environment.sh +++ b/contrib/cirrus/setup_environment.sh @@ -19,6 +19,13 @@ die_unknown() { die "Unknown/unsupported \$$var_name '$var_value'" } +msg "************************************************************" +msg "FIXME: force-install catatonit 0.17.0 until CI images are updated" +msg "************************************************************" +# FIXME: this is just a temporary workaround to force-install +# catatonit 0.17.0. Please remove once the images are updated. +./hack/install_catatonit.sh --force + msg "************************************************************" msg "Setting up runtime environment" msg "************************************************************" diff --git a/hack/install_catatonit.sh b/hack/install_catatonit.sh index 0a02b75ab2..a35e349f51 100755 --- a/hack/install_catatonit.sh +++ b/hack/install_catatonit.sh @@ -4,22 +4,23 @@ CATATONIT_PATH="${BASE_PATH}/catatonit" CATATONIT_VERSION="v0.1.7" set -e -if [ -f $CATATONIT_PATH ]; then +if [ -f $CATATONIT_PATH ] && [ -z "$1" ]; then echo "skipping ... catatonit is already installed" -else - echo "installing catatonit to $CATATONIT_PATH" - buildDir=$(mktemp -d) - git clone https://github.com/openSUSE/catatonit.git $buildDir + exit 0 +fi - pushd $buildDir - echo `pwd` - git reset --hard ${CATATONIT_VERSION} - autoreconf -fi - ./configure - make - install ${SELINUXOPT} -d -m 755 $BASE_PATH - install ${SELINUXOPT} -m 755 catatonit $CATATONIT_PATH - popd +echo "installing catatonit to $CATATONIT_PATH" +buildDir=$(mktemp -d) +git clone https://github.com/openSUSE/catatonit.git $buildDir - rm -rf $buildDir -fi +pushd $buildDir +echo `pwd` +git reset --hard ${CATATONIT_VERSION} +autoreconf -fi +./configure +make +install ${SELINUXOPT} -d -m 755 $BASE_PATH +install ${SELINUXOPT} -m 755 catatonit $CATATONIT_PATH +popd + +rm -rf $buildDir