opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-12-04 20:28:40 +08:00
Code Issues Packages Projects Releases Wiki Activity

Vendor Bulidah 1.11.2

Browse Source 
Vendor in Buildah 1.11.2 into libpod/Podman

Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
This commit is contained in:
TomSweeneyRedHat
2019-09-13 11:22:10 -04:00
parent 5c09c4d294
commit 440392d37b
32 changed files with 398 additions and 55 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
vendor/github.com/containers/buildah/pkg/cli/common.go generated vendored
View File

@@ -87,6 +87,7 @@ type FromAndBudResults struct {
CPUSetCPUs string
CPUSetMems string
CPUShares uint64
Devices []string
DNSSearch []string
DNSServers []string
DNSOptions []string
@@ -185,6 +186,7 @@ func GetFromAndBudFlags(flags *FromAndBudResults, usernsResults *UserNSResults,
fs.Uint64VarP(&flags.CPUShares, "cpu-shares", "c", 0, "CPU shares (relative weight)")
fs.StringVar(&flags.CPUSetCPUs, "cpuset-cpus", "", "CPUs in which to allow execution (0-3, 0,1)")
fs.StringVar(&flags.CPUSetMems, "cpuset-mems", "", "memory nodes (MEMs) in which to allow execution (0-3, 0,1). Only effective on NUMA systems.")
fs.StringArrayVar(&flags.Devices, "device", []string{}, "Additional devices to be used within containers (default [])")
fs.StringSliceVar(&flags.DNSSearch, "dns-search", []string{}, "Set custom DNS search domains")
fs.StringSliceVar(&flags.DNSServers, "dns", []string{}, "Set custom DNS servers or disable it completely by setting it to 'none', which prevents the automatic creation of `/etc/resolv.conf`.")
fs.StringSliceVar(&flags.DNSOptions, "dns-option", []string{}, "Set custom DNS options")

64
vendor/github.com/containers/buildah/pkg/parse/parse.go generated vendored
View File

@@ -886,3 +886,67 @@ func RegistryFromFullName(input string) string {
}
return split[0]
}
// Device parses device mapping string to a src, dest & permissions string
// Valid values for device looklike:
// '/dev/sdc"
// '/dev/sdc:/dev/xvdc"
// '/dev/sdc:/dev/xvdc:rwm"
// '/dev/sdc:rm"
func Device(device string) (string, string, string, error) {
src := ""
dst := ""
permissions := "rwm"
arr := strings.Split(device, ":")
switch len(arr) {
case 3:
if !isValidDeviceMode(arr[2]) {
return "", "", "", fmt.Errorf("invalid device mode: %s", arr[2])
}
permissions = arr[2]
fallthrough
case 2:
if isValidDeviceMode(arr[1]) {
permissions = arr[1]
} else {
if len(arr[1]) == 0 || arr[1][0] != '/' {
return "", "", "", fmt.Errorf("invalid device mode: %s", arr[1])
}
dst = arr[1]
}
fallthrough
case 1:
if len(arr[0]) > 0 {
src = arr[0]
break
}
fallthrough
default:
return "", "", "", fmt.Errorf("invalid device specification: %s", device)
}
if dst == "" {
dst = src
}
return src, dst, permissions, nil
}
// isValidDeviceMode checks if the mode for device is valid or not.
// isValid mode is a composition of r (read), w (write), and m (mknod).
func isValidDeviceMode(mode string) bool {
var legalDeviceMode = map[rune]bool{
'r': true,
'w': true,
'm': true,
}
if mode == "" {
return false
}
for _, c := range mode {
if !legalDeviceMode[c] {
return false
}
legalDeviceMode[c] = false
}
return true
}

20
vendor/github.com/containers/buildah/pkg/parse/parse_unix.go generated vendored
View File

@@ -5,6 +5,10 @@ package parse
import (
"fmt"
"github.com/containers/buildah/pkg/unshare"
"github.com/opencontainers/runc/libcontainer/configs"
"github.com/opencontainers/runc/libcontainer/devices"
"github.com/pkg/errors"
"golang.org/x/sys/unix"
)
@@ -19,3 +23,19 @@ func getDefaultProcessLimits() []string {
}
return defaultLimits
}
func DeviceFromPath(device string) (configs.Device, error) {
src, dst, permissions, err := Device(device)
if err != nil {
return configs.Device{}, err
}
if unshare.IsRootless() {
return configs.Device{}, errors.Errorf("Renaming device %s to %s is not a supported in rootless containers", src, dst)
}
dev, err := devices.DeviceFromPath(src, permissions)
if err != nil {
return configs.Device{}, errors.Wrapf(err, "%s is not a valid device", src)
}
dev.Path = dst
return *dev, nil
}

10
vendor/github.com/containers/buildah/pkg/parse/parse_unsupported.go generated vendored
View File

@@ -2,6 +2,16 @@
package parse
import (
"fmt"
"github.com/opencontainers/runc/libcontainer/configs"
)
func getDefaultProcessLimits() []string {
return []string{}
}
func DeviceFromPath(device string) (configs.Device, error) {
return configs.Device{}, fmt.Errorf("devices not supported")
}

53
vendor/github.com/containers/buildah/pkg/secrets/secrets.go generated vendored
View File

@@ -7,6 +7,7 @@ import (
"path/filepath"
"strings"
"github.com/containers/buildah/pkg/umask"
"github.com/containers/storage/pkg/idtools"
rspec "github.com/opencontainers/runtime-spec/specs-go"
"github.com/opencontainers/selinux/go-selinux/label"
@@ -28,20 +29,22 @@ var (
// secretData stores the name of the file and the content read from it
type secretData struct {
name string
data []byte
name string
data []byte
mode os.FileMode
dirMode os.FileMode
}
// saveTo saves secret data to given directory
func (s secretData) saveTo(dir string) error {
path := filepath.Join(dir, s.name)
if err := os.MkdirAll(filepath.Dir(path), 0700); err != nil && !os.IsExist(err) {
if err := os.MkdirAll(filepath.Dir(path), s.dirMode); err != nil && !os.IsExist(err) {
return err
}
return ioutil.WriteFile(path, s.data, 0700)
return ioutil.WriteFile(path, s.data, s.mode)
}
func readAll(root, prefix string) ([]secretData, error) {
func readAll(root, prefix string, parentMode os.FileMode) ([]secretData, error) {
path := filepath.Join(root, prefix)
data := []secretData{}
@@ -56,7 +59,7 @@ func readAll(root, prefix string) ([]secretData, error) {
}
for _, f := range files {
fileData, err := readFile(root, filepath.Join(prefix, f.Name()))
fileData, err := readFileOrDir(root, filepath.Join(prefix, f.Name()), parentMode)
if err != nil {
// If the file did not exist, might be a dangling symlink
// Ignore the error
@@ -71,7 +74,7 @@ func readAll(root, prefix string) ([]secretData, error) {
return data, nil
}
func readFile(root, name string) ([]secretData, error) {
func readFileOrDir(root, name string, parentMode os.FileMode) ([]secretData, error) {
path := filepath.Join(root, name)
s, err := os.Stat(path)
@@ -80,7 +83,7 @@ func readFile(root, name string) ([]secretData, error) {
}
if s.IsDir() {
dirData, err := readAll(root, name)
dirData, err := readAll(root, name, s.Mode())
if err != nil {
return nil, err
}
@@ -90,12 +93,17 @@ func readFile(root, name string) ([]secretData, error) {
if err != nil {
return nil, err
}
return []secretData{{name: name, data: bytes}}, nil
return []secretData{{
name: name,
data: bytes,
mode: s.Mode(),
dirMode: parentMode,
}}, nil
}
func getHostSecretData(hostDir string) ([]secretData, error) {
func getHostSecretData(hostDir string, mode os.FileMode) ([]secretData, error) {
var allSecrets []secretData
hostSecrets, err := readAll(hostDir, "")
hostSecrets, err := readAll(hostDir, "", mode)
if err != nil {
return nil, errors.Wrapf(err, "failed to read secrets from %q", hostDir)
}
@@ -130,10 +138,13 @@ func getMounts(filePath string) []string {
// getHostAndCtrDir separates the host:container paths
func getMountsMap(path string) (string, string, error) {
arr := strings.SplitN(path, ":", 2)
if len(arr) == 2 {
switch len(arr) {
case 1:
return arr[0], arr[0], nil
case 2:
return arr[0], arr[1], nil
}
return "", "", errors.Errorf("unable to get host and container dir")
return "", "", errors.Errorf("unable to get host and container dir from path: %s", path)
}
// SecretMounts copies, adds, and mounts the secrets to the container root filesystem
@@ -162,7 +173,7 @@ func SecretMountsWithUIDGID(mountLabel, containerWorkingDir, mountFile, mountPre
if _, err := os.Stat(file); err == nil {
mounts, err := addSecretsFromMountsFile(file, mountLabel, containerWorkingDir, mountPrefix, uid, gid)
if err != nil {
logrus.Warnf("error mounting secrets, skipping: %v", err)
logrus.Warnf("error mounting secrets, skipping entry in %s: %v", file, err)
}
secretMounts = mounts
break
@@ -220,12 +231,16 @@ func addSecretsFromMountsFile(filePath, mountLabel, containerWorkingDir, mountPr
return nil, err
}
// Don't let the umask have any influence on the file and directory creation
oldUmask := umask.SetUmask(0)
defer umask.SetUmask(oldUmask)
switch mode := fileInfo.Mode(); {
case mode.IsDir():
if err = os.MkdirAll(ctrDirOrFileOnHost, 0755); err != nil {
if err = os.MkdirAll(ctrDirOrFileOnHost, mode.Perm()); err != nil {
return nil, errors.Wrapf(err, "making container directory %q failed", ctrDirOrFileOnHost)
}
data, err := getHostSecretData(hostDirOrFile)
data, err := getHostSecretData(hostDirOrFile, mode.Perm())
if err != nil {
return nil, errors.Wrapf(err, "getting host secret data failed")
}
@@ -235,16 +250,16 @@ func addSecretsFromMountsFile(filePath, mountLabel, containerWorkingDir, mountPr
}
}
case mode.IsRegular():
data, err := readFile("", hostDirOrFile)
data, err := readFileOrDir("", hostDirOrFile, mode.Perm())
if err != nil {
return nil, errors.Wrapf(err, "error reading file %q", hostDirOrFile)
}
for _, s := range data {
if err := os.MkdirAll(filepath.Dir(ctrDirOrFileOnHost), 0700); err != nil {
if err := os.MkdirAll(filepath.Dir(ctrDirOrFileOnHost), s.dirMode); err != nil {
return nil, err
}
if err := ioutil.WriteFile(ctrDirOrFileOnHost, s.data, 0700); err != nil {
if err := ioutil.WriteFile(ctrDirOrFileOnHost, s.data, s.mode); err != nil {
return nil, errors.Wrapf(err, "error saving data to container filesystem on host %q", ctrDirOrFileOnHost)
}
}

20
vendor/github.com/containers/buildah/pkg/umask/umask_unix.go generated vendored Normal file
View File

@@ -0,0 +1,20 @@
// +build linux darwin
package umask
import (
"syscall"
"github.com/sirupsen/logrus"
)
func CheckUmask() {
oldUmask := syscall.Umask(0022)
if (oldUmask & ^0022) != 0 {
logrus.Debugf("umask value too restrictive. Forcing it to 022")
}
}
func SetUmask(value int) int {
return syscall.Umask(value)
}

7
vendor/github.com/containers/buildah/pkg/umask/umask_unsupported.go generated vendored Normal file
View File

@@ -0,0 +1,7 @@
// +build !linux,!darwin
package umask
func CheckUmask() {}
func SetUmask(int) int { return 0 }