Merge pull request containers#9163 from mheon/backports_rc2

Backports for v3.0 RC2
vrothberg · Jan 29, 2021 · 745fa4a · 745fa4a
2 parents b633607 + c1f05be
commit 745fa4a
Show file tree

Hide file tree

Showing 33 changed files with 628 additions and 286 deletions.
diff --git a/.cirrus.yml b/.cirrus.yml
@@ -274,17 +274,19 @@ swagger_task:
 
 
 # Check that all included go modules from other sources match
-# what is expected in `vendor/modules.txt` vs `go.mod`.
-vendor_task:
-    name: "Test Vendoring"
-    alias: vendor
+# what is expected in `vendor/modules.txt` vs `go.mod`.  Also
+# make sure that the generated bindings in pkg/bindings/...
+# are in sync with the code.
+consistency_task:
+    name: "Test Code Consistency"
+    alias: consistency
     skip: *tags
     depends_on:
         - build
     container: *smallcontainer
     env:
         <<: *stdenvars
-        TEST_FLAVOR: vendor
+        TEST_FLAVOR: consistency
         TEST_ENVIRON: container
         CTR_FQIN: ${FEDORA_CONTAINER_FQIN}
     clone_script: *full_clone  # build-cache not available to container tasks
@@ -642,7 +644,7 @@ success_task:
         - validate
         - bindings
         - swagger
-        - vendor
+        - consistency
         - alt_build
         - static_alt_build
         - osx_alt_build

diff --git a/Makefile b/Makefile
@@ -86,7 +86,7 @@ PODMAN_SERVER_LOG ?=
 
 # If GOPATH not specified, use one in the local directory
 ifeq ($(GOPATH),)
-export GOPATH := $(CURDIR)/_output
+export GOPATH := $(HOME)/go
 unexport GOBIN
 endif
 FIRST_GOPATH := $(firstword $(subst :, ,$(GOPATH)))
@@ -98,6 +98,8 @@ ifeq ($(GOBIN),)
 GOBIN := $(FIRST_GOPATH)/bin
 endif
 
+export PATH := $(PATH):$(GOBIN)
+
 GOMD2MAN ?= $(shell command -v go-md2man || echo '$(GOBIN)/go-md2man')
 
 CROSS_BUILD_TARGETS := \
@@ -206,7 +208,7 @@ endif
 podman: bin/podman
 
 .PHONY: bin/podman-remote
-bin/podman-remote: .gopathok .generate-bindings $(SOURCES) go.mod go.sum ## Build with podman on remote environment
+bin/podman-remote: .gopathok $(SOURCES) go.mod go.sum ## Build with podman on remote environment
 	$(GO) build $(BUILDFLAGS) -gcflags '$(GCFLAGS)' -asmflags '$(ASMFLAGS)' -ldflags '$(LDFLAGS_PODMAN)' -tags "${REMOTETAGS}" -o $@ ./cmd/podman
 
 .PHONY: bin/podman-remote-static
@@ -277,7 +279,6 @@ clean: ## Clean artifacts
 		libpod/container_easyjson.go \
 		libpod/pod_easyjson.go \
 		.install.goimports \
-		.generate-bindings \
 		docs/build
 	make -C docs clean
 
@@ -459,20 +460,11 @@ podman-remote-%-release:
 	rm -f release.txt
 	$(MAKE) podman-remote-release-$*.zip
 
-BINDINGS_SOURCE = $(wildcard pkg/bindings/**/types.go)
-.generate-bindings: $(BINDINGS_SOURCE)
+.PHONY: generate-bindings
+generate-bindings:
 ifneq ($(shell uname -s), Darwin)
-	for i in $(BINDINGS_SOURCE); do \
-		dirname=$$(dirname $${i}); \
-		shortname=$$(basename $${dirname}); \
-		pushd $${dirname}>/dev/null;  \
-		echo $${dirname}; \
-		echo $(GO) generate; \
-		$(GO) generate; \
-		popd > /dev/null; \
-	done;
+	GO111MODULE=off $(GO) generate ./pkg/bindings/... ;
 endif
-	touch .generate-bindings
 
 .PHONY: docker-docs
 docker-docs: docs

diff --git a/cmd/podman/common/create_opts.go b/cmd/podman/common/create_opts.go
@@ -3,6 +3,7 @@ package common
 import (
 	"fmt"
 	"net"
+	"path/filepath"
 	"strconv"
 	"strings"
 
@@ -383,8 +384,29 @@ func ContainerCreateToContainerCLIOpts(cc handlers.CreateContainerConfig, cgroup
 	}
 
 	// volumes
-	if volumes := cc.HostConfig.Binds; len(volumes) > 0 {
-		cliOpts.Volume = volumes
+	volDestinations := make(map[string]bool)
+	for _, vol := range cc.HostConfig.Binds {
+		cliOpts.Volume = append(cliOpts.Volume, vol)
+		// Extract the destination so we don't add duplicate mounts in
+		// the volumes phase.
+		splitVol := strings.SplitN(vol, ":", 3)
+		switch len(splitVol) {
+		case 1:
+			volDestinations[vol] = true
+		default:
+			volDestinations[splitVol[1]] = true
+		}
+	}
+	// Anonymous volumes are added differently from other volumes, in their
+	// own special field, for reasons known only to Docker. Still use the
+	// format of `-v` so we can just append them in there.
+	// Unfortunately, these may be duplicates of existing mounts in Binds.
+	// So... We need to catch that.
+	for vol := range cc.Volumes {
+		if _, ok := volDestinations[filepath.Clean(vol)]; ok {
+			continue
+		}
+		cliOpts.Volume = append(cliOpts.Volume, vol)
 	}
 	if len(cc.HostConfig.BlkioWeightDevice) > 0 {
 		devices := make([]string, 0, len(cc.HostConfig.BlkioWeightDevice))

diff --git a/cmd/podman/images/history.go b/cmd/podman/images/history.go
@@ -162,7 +162,7 @@ func (h historyReporter) Size() string {
 }
 
 func (h historyReporter) CreatedBy() string {
-	if len(h.ImageHistoryLayer.CreatedBy) > 45 {
+	if !opts.noTrunc && len(h.ImageHistoryLayer.CreatedBy) > 45 {
 		return h.ImageHistoryLayer.CreatedBy[:45-3] + "..."
 	}
 	return h.ImageHistoryLayer.CreatedBy

diff --git a/contrib/cirrus/runner.sh b/contrib/cirrus/runner.sh
@@ -142,9 +142,11 @@ function _run_swagger() {
     cp -v $GOSRC/pkg/api/swagger.yaml $GOSRC/
 }
 
-function _run_vendor() {
+function _run_consistency() {
     make vendor
-    ./hack/tree_status.sh
+    SUGGESTION="run 'make vendor' and commit all changes" ./hack/tree_status.sh
+    make generate-bindings
+    SUGGESTION="run 'make generate-bindings' and commit all changes" ./hack/tree_status.sh
 }
 
 function _run_build() {

diff --git a/contrib/cirrus/setup_environment.sh b/contrib/cirrus/setup_environment.sh
@@ -214,7 +214,7 @@ case "$TEST_FLAVOR" in
 
         install_test_configs
         ;;
-    vendor) make clean ;;
+    consistency) make clean ;;
     release) ;;
     *) die_unknown TEST_FLAVOR
 esac

diff --git a/libpod/container_api.go b/libpod/container_api.go
@@ -776,3 +776,32 @@ func (c *Container) ShouldRestart(ctx context.Context) bool {
 	}
 	return c.shouldRestart()
 }
+
+// ResolvePath resolves the specified path on the root for the container.  The
+// root must either be the mounted image of the container or the already
+// mounted container storage.
+//
+// It returns the resolved root and the resolved path.  Note that the path may
+// resolve to the container's mount point or to a volume or bind mount.
+func (c *Container) ResolvePath(ctx context.Context, root string, path string) (string, string, error) {
+	logrus.Debugf("Resolving path %q (root %q) on container %s", path, root, c.ID())
+
+	// Minimal sanity checks.
+	if len(root)*len(path) == 0 {
+		return "", "", errors.Wrapf(define.ErrInternal, "ResolvePath: root (%q) and path (%q) must be non empty", root, path)
+	}
+	if _, err := os.Stat(root); err != nil {
+		return "", "", errors.Wrapf(err, "cannot locate root to resolve path on container %s", c.ID())
+	}
+
+	if !c.batched {
+		c.lock.Lock()
+		defer c.lock.Unlock()
+
+		if err := c.syncContainer(); err != nil {
+			return "", "", err
+		}
+	}
+
+	return c.resolvePath(root, path)
+}
diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go
@@ -174,25 +174,60 @@ func (c *Container) prepare() error {
 		return err
 	}
 
-	// Ensure container entrypoint is created (if required)
-	if c.config.CreateWorkingDir {
-		workdir, err := securejoin.SecureJoin(c.state.Mountpoint, c.WorkingDir())
-		if err != nil {
-			return errors.Wrapf(err, "error creating path to container %s working dir", c.ID())
-		}
-		rootUID := c.RootUID()
-		rootGID := c.RootGID()
+	// Make sure the workdir exists
+	if err := c.resolveWorkDir(); err != nil {
+		return err
+	}
 
-		if err := os.MkdirAll(workdir, 0755); err != nil {
-			if os.IsExist(err) {
-				return nil
+	return nil
+}
+
+// resolveWorkDir resolves the container's workdir and, depending on the
+// configuration, will create it, or error out if it does not exist.
+// Note that the container must be mounted before.
+func (c *Container) resolveWorkDir() error {
+	workdir := c.WorkingDir()
+
+	// If the specified workdir is a subdir of a volume or mount,
+	// we don't need to do anything.  The runtime is taking care of
+	// that.
+	if isPathOnVolume(c, workdir) || isPathOnBindMount(c, workdir) {
+		logrus.Debugf("Workdir %q resolved to a volume or mount", workdir)
+		return nil
+	}
+
+	_, resolvedWorkdir, err := c.resolvePath(c.state.Mountpoint, workdir)
+	if err != nil {
+		return err
+	}
+	logrus.Debugf("Workdir %q resolved to host path %q", workdir, resolvedWorkdir)
+
+	// No need to create it (e.g., `--workdir=/foo`), so let's make sure
+	// the path exists on the container.
+	if !c.config.CreateWorkingDir {
+		if _, err := os.Stat(resolvedWorkdir); err != nil {
+			if os.IsNotExist(err) {
+				return errors.Errorf("workdir %q does not exist on container %s", workdir, c.ID())
 			}
-			return errors.Wrapf(err, "error creating container %s working dir", c.ID())
+			// This might be a serious error (e.g., permission), so
+			// we need to return the full error.
+			return errors.Wrapf(err, "error detecting workdir %q on container %s", workdir, c.ID())
 		}
+	}
+
+	// Ensure container entrypoint is created (if required).
+	rootUID := c.RootUID()
+	rootGID := c.RootGID()
 
-		if err := os.Chown(workdir, rootUID, rootGID); err != nil {
-			return errors.Wrapf(err, "error chowning container %s working directory to container root", c.ID())
+	if err := os.MkdirAll(resolvedWorkdir, 0755); err != nil {
+		if os.IsExist(err) {
+			return nil
 		}
+		return errors.Wrapf(err, "error creating container %s workdir", c.ID())
+	}
+
+	if err := os.Chown(resolvedWorkdir, rootUID, rootGID); err != nil {
+		return errors.Wrapf(err, "error chowning container %s workdir to container root", c.ID())
 	}
 
 	return nil