From 7d16c2b69ea38ba615b392fbe2a86befec198508 Mon Sep 17 00:00:00 2001 From: Ygal Blum Date: Mon, 5 Dec 2022 15:39:18 +0200 Subject: [PATCH] Update containers common package The new version adds NetworkCreateOptions. For now pass nil [NO NEW TESTS NEEDED] Signed-off-by: Ygal Blum --- go.mod | 4 ++-- go.sum | 8 ++++---- pkg/domain/infra/abi/network.go | 2 +- .../containers/common/libnetwork/cni/cni_types.go | 2 +- .../github.com/containers/common/libnetwork/cni/config.go | 7 ++++++- .../containers/common/libnetwork/cni/network.go | 4 ++-- .../containers/common/libnetwork/netavark/config.go | 7 ++++++- .../containers/common/libnetwork/netavark/network.go | 2 +- .../containers/common/libnetwork/types/network.go | 7 ++++++- .../github.com/containers/common/pkg/cgroups/cgroups.go | 2 +- vendor/github.com/containers/common/pkg/config/config.go | 3 +++ .../containers/common/pkg/config/containers.conf | 4 ++++ .../common/pkg/secrets/filedriver/filedriver.go | 2 +- .../github.com/containers/common/pkg/secrets/secrets.go | 2 +- vendor/golang.org/x/sys/execabs/execabs_go119.go | 8 +++++--- vendor/golang.org/x/sys/windows/syscall_windows.go | 1 + vendor/golang.org/x/sys/windows/zsyscall_windows.go | 7 +++++++ vendor/modules.txt | 4 ++-- 18 files changed, 54 insertions(+), 22 deletions(-) diff --git a/go.mod b/go.mod index dd95c586f8..8863a5cc40 100644 --- a/go.mod +++ b/go.mod @@ -12,7 +12,7 @@ require ( github.com/containernetworking/cni v1.1.2 github.com/containernetworking/plugins v1.1.1 github.com/containers/buildah v1.28.1-0.20221130132810-cf661299d14f - github.com/containers/common v0.50.2-0.20221128124429-24d78208a290 + github.com/containers/common v0.50.2-0.20221206110749-eb48ebbf8ca9 github.com/containers/conmon v2.0.20+incompatible github.com/containers/image/v5 v5.23.1-0.20221130170538-333c50e3eac8 github.com/containers/ocicrypt v1.1.6 @@ -62,7 +62,7 @@ require ( go.etcd.io/bbolt v1.3.6 golang.org/x/net v0.2.0 golang.org/x/sync v0.1.0 - golang.org/x/sys v0.2.0 + golang.org/x/sys v0.3.0 golang.org/x/term v0.2.0 golang.org/x/text v0.4.0 google.golang.org/protobuf v1.28.1 diff --git a/go.sum b/go.sum index c9eebef20e..aa4e9b825c 100644 --- a/go.sum +++ b/go.sum @@ -264,8 +264,8 @@ github.com/containernetworking/plugins v1.1.1 h1:+AGfFigZ5TiQH00vhR8qPeSatj53eNG github.com/containernetworking/plugins v1.1.1/go.mod h1:Sr5TH/eBsGLXK/h71HeLfX19sZPp3ry5uHSkI4LPxV8= github.com/containers/buildah v1.28.1-0.20221130132810-cf661299d14f h1:Nzbda2tG7/aimoKnDxysqFgS1Q/gSsbcn88lFPj9LwY= github.com/containers/buildah v1.28.1-0.20221130132810-cf661299d14f/go.mod h1:0HcSoS6BHXWzMKqtxY1L0gupebEX33oPC+X62lPi6+c= -github.com/containers/common v0.50.2-0.20221128124429-24d78208a290 h1:ds8YJg3Z91jOcqVR31aFFMH+BOobolXBeGktas58VgY= -github.com/containers/common v0.50.2-0.20221128124429-24d78208a290/go.mod h1:rzuZglPq/5sz6n29nhyDPCXh44CZymkCR2sacEZb7zw= +github.com/containers/common v0.50.2-0.20221206110749-eb48ebbf8ca9 h1:L54LXA/DGRhp1cDN11HLaXcLCYh/ftqDhKYn9S1uetc= +github.com/containers/common v0.50.2-0.20221206110749-eb48ebbf8ca9/go.mod h1:M1epBsHlUAeySDuMx+HdbvKBVf0odzLciecS5AQa6FA= github.com/containers/conmon v2.0.20+incompatible h1:YbCVSFSCqFjjVwHTPINGdMX1F6JXHGTUje2ZYobNrkg= github.com/containers/conmon v2.0.20+incompatible/go.mod h1:hgwZ2mtuDrppv78a/cOBNiCm6O0UMWGx1mu7P00nu5I= github.com/containers/image/v5 v5.23.1-0.20221130170538-333c50e3eac8 h1:GLTTwKYkNGDhG3HagLuPvhieu1JEjDs9RsCDr8oJr9s= @@ -1232,8 +1232,8 @@ golang.org/x/sys v0.0.0-20220817070843-5a390386f1f2/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220823224334-20c2bfdbfe24/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220909162455-aba9fc2a8ff2/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.2.0 h1:ljd4t30dBnAvMZaQCevtY0xLLD0A+bRZXbgLMLU1F/A= -golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.3.0 h1:w8ZOecv6NaNa/zC8944JTU3vz4u6Lagfk4RPQxv92NQ= +golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.2.0 h1:z85xZCsEl7bi/KwbNADeBYoOP0++7W1ipu+aGnpwzRM= diff --git a/pkg/domain/infra/abi/network.go b/pkg/domain/infra/abi/network.go index 82fa1fab32..11aa83fe0d 100644 --- a/pkg/domain/infra/abi/network.go +++ b/pkg/domain/infra/abi/network.go @@ -143,7 +143,7 @@ func (ic *ContainerEngine) NetworkCreate(ctx context.Context, network types.Netw if util.StringInSlice(network.Name, []string{"none", "host", "bridge", "private", "slirp4netns", "container", "ns"}) { return nil, fmt.Errorf("cannot create network with name %q because it conflicts with a valid network mode", network.Name) } - network, err := ic.Libpod.Network().NetworkCreate(network) + network, err := ic.Libpod.Network().NetworkCreate(network, nil) if err != nil { return nil, err } diff --git a/vendor/github.com/containers/common/libnetwork/cni/cni_types.go b/vendor/github.com/containers/common/libnetwork/cni/cni_types.go index cfc5b33bd9..1d48d08056 100644 --- a/vendor/github.com/containers/common/libnetwork/cni/cni_types.go +++ b/vendor/github.com/containers/common/libnetwork/cni/cni_types.go @@ -287,7 +287,7 @@ func newVLANPlugin(pluginType, device, mode string, mtu int, ipam *ipamConfig) V caps := make(map[string]bool) caps["ips"] = true // if we use host-local set the ips cap to ensure we can set static ips via runtime config - if ipam.PluginType == types.HostLocalIPAMDriver { + if m.IPAM.PluginType == types.HostLocalIPAMDriver { m.Capabilities = caps } return m diff --git a/vendor/github.com/containers/common/libnetwork/cni/config.go b/vendor/github.com/containers/common/libnetwork/cni/config.go index 8e9418ad56..1f256f6c51 100644 --- a/vendor/github.com/containers/common/libnetwork/cni/config.go +++ b/vendor/github.com/containers/common/libnetwork/cni/config.go @@ -17,7 +17,7 @@ import ( // NetworkCreate will take a partial filled Network and fill the // missing fields. It creates the Network and returns the full Network. -func (n *cniNetwork) NetworkCreate(net types.Network) (types.Network, error) { +func (n *cniNetwork) NetworkCreate(net types.Network, options *types.NetworkCreateOptions) (types.Network, error) { n.lock.Lock() defer n.lock.Unlock() err := n.loadNetworks() @@ -26,6 +26,11 @@ func (n *cniNetwork) NetworkCreate(net types.Network) (types.Network, error) { } network, err := n.networkCreate(&net, false) if err != nil { + if options != nil && options.IgnoreIfExists && errors.Is(err, types.ErrNetworkExists) { + if network, ok := n.networks[net.Name]; ok { + return *network.libpodNet, nil + } + } return types.Network{}, err } // add the new network to the map diff --git a/vendor/github.com/containers/common/libnetwork/cni/network.go b/vendor/github.com/containers/common/libnetwork/cni/network.go index 11f1bbe141..38ead2ddf8 100644 --- a/vendor/github.com/containers/common/libnetwork/cni/network.go +++ b/vendor/github.com/containers/common/libnetwork/cni/network.go @@ -82,12 +82,12 @@ type InitConfig struct { // Note: The networks are not loaded from disk until a method is called. func NewCNINetworkInterface(conf *InitConfig) (types.ContainerNetwork, error) { // TODO: consider using a shared memory lock - lock, err := lockfile.GetLockfile(filepath.Join(conf.CNIConfigDir, "cni.lock")) + lock, err := lockfile.GetLockFile(filepath.Join(conf.CNIConfigDir, "cni.lock")) if err != nil { // If we're on a read-only filesystem, there is no risk of // contention. Fall back to a local lockfile. if errors.Is(err, unix.EROFS) { - lock, err = lockfile.GetLockfile(filepath.Join(conf.RunDir, "cni.lock")) + lock, err = lockfile.GetLockFile(filepath.Join(conf.RunDir, "cni.lock")) if err != nil { return nil, err } diff --git a/vendor/github.com/containers/common/libnetwork/netavark/config.go b/vendor/github.com/containers/common/libnetwork/netavark/config.go index 292981657e..a10632fc13 100644 --- a/vendor/github.com/containers/common/libnetwork/netavark/config.go +++ b/vendor/github.com/containers/common/libnetwork/netavark/config.go @@ -21,7 +21,7 @@ import ( // NetworkCreate will take a partial filled Network and fill the // missing fields. It creates the Network and returns the full Network. -func (n *netavarkNetwork) NetworkCreate(net types.Network) (types.Network, error) { +func (n *netavarkNetwork) NetworkCreate(net types.Network, options *types.NetworkCreateOptions) (types.Network, error) { n.lock.Lock() defer n.lock.Unlock() err := n.loadNetworks() @@ -30,6 +30,11 @@ func (n *netavarkNetwork) NetworkCreate(net types.Network) (types.Network, error } network, err := n.networkCreate(&net, false) if err != nil { + if options != nil && options.IgnoreIfExists && errors.Is(err, types.ErrNetworkExists) { + if network, ok := n.networks[net.Name]; ok { + return *network, nil + } + } return types.Network{}, err } // add the new network to the map diff --git a/vendor/github.com/containers/common/libnetwork/netavark/network.go b/vendor/github.com/containers/common/libnetwork/netavark/network.go index bb244aae41..b14f4d0fd6 100644 --- a/vendor/github.com/containers/common/libnetwork/netavark/network.go +++ b/vendor/github.com/containers/common/libnetwork/netavark/network.go @@ -95,7 +95,7 @@ type InitConfig struct { // Note: The networks are not loaded from disk until a method is called. func NewNetworkInterface(conf *InitConfig) (types.ContainerNetwork, error) { // TODO: consider using a shared memory lock - lock, err := lockfile.GetLockfile(filepath.Join(conf.NetworkConfigDir, "netavark.lock")) + lock, err := lockfile.GetLockFile(filepath.Join(conf.NetworkConfigDir, "netavark.lock")) if err != nil { return nil, err } diff --git a/vendor/github.com/containers/common/libnetwork/types/network.go b/vendor/github.com/containers/common/libnetwork/types/network.go index d0e6d1796b..eee531ea64 100644 --- a/vendor/github.com/containers/common/libnetwork/types/network.go +++ b/vendor/github.com/containers/common/libnetwork/types/network.go @@ -9,7 +9,7 @@ import ( type ContainerNetwork interface { // NetworkCreate will take a partial filled Network and fill the // missing fields. It creates the Network and returns the full Network. - NetworkCreate(Network) (Network, error) + NetworkCreate(Network, *NetworkCreateOptions) (Network, error) // NetworkRemove will remove the Network with the given name or ID. NetworkRemove(nameOrID string) error // NetworkList will return all known Networks. Optionally you can @@ -289,3 +289,8 @@ type TeardownOptions struct { // FilterFunc can be passed to NetworkList to filter the networks. type FilterFunc func(Network) bool + +type NetworkCreateOptions struct { + // IgnoreIfExists if true, do not fail if the network already exists + IgnoreIfExists bool +} diff --git a/vendor/github.com/containers/common/pkg/cgroups/cgroups.go b/vendor/github.com/containers/common/pkg/cgroups/cgroups.go index c04a8c9844..7c9c45042c 100644 --- a/vendor/github.com/containers/common/pkg/cgroups/cgroups.go +++ b/vendor/github.com/containers/common/pkg/cgroups/cgroups.go @@ -431,7 +431,7 @@ func (c *CgroupControl) CreateSystemdUnit(path string) error { // GetUserConnection returns an user connection to D-BUS func GetUserConnection(uid int) (*systemdDbus.Conn, error) { return systemdDbus.NewConnection(func() (*dbus.Conn, error) { - return dbusAuthConnection(uid, dbus.SessionBusPrivate) + return dbusAuthConnection(uid, dbus.SessionBusPrivateNoAutoStartup) }) } diff --git a/vendor/github.com/containers/common/pkg/config/config.go b/vendor/github.com/containers/common/pkg/config/config.go index 97ab618922..5e965402c2 100644 --- a/vendor/github.com/containers/common/pkg/config/config.go +++ b/vendor/github.com/containers/common/pkg/config/config.go @@ -194,6 +194,9 @@ type ContainersConfig struct { // performance implications. PrepareVolumeOnCreate bool `toml:"prepare_volume_on_create,omitempty"` + // ReadOnly causes engine to run all containers with root file system mounted read-only + ReadOnly bool `toml:"read_only,omitempty"` + // SeccompProfile is the seccomp.json profile path which is used as the // default for the runtime. SeccompProfile string `toml:"seccomp_profile,omitempty"` diff --git a/vendor/github.com/containers/common/pkg/config/containers.conf b/vendor/github.com/containers/common/pkg/config/containers.conf index 7e33137383..55b9292a96 100644 --- a/vendor/github.com/containers/common/pkg/config/containers.conf +++ b/vendor/github.com/containers/common/pkg/config/containers.conf @@ -216,6 +216,10 @@ default_sysctls = [ # #prepare_volume_on_create = false +# Run all containers with root file system mounted read-only +# +# read_only = false + # Path to the seccomp.json profile which is used as the default seccomp profile # for the runtime. # diff --git a/vendor/github.com/containers/common/pkg/secrets/filedriver/filedriver.go b/vendor/github.com/containers/common/pkg/secrets/filedriver/filedriver.go index 0b96c87129..b63516f6f8 100644 --- a/vendor/github.com/containers/common/pkg/secrets/filedriver/filedriver.go +++ b/vendor/github.com/containers/common/pkg/secrets/filedriver/filedriver.go @@ -39,7 +39,7 @@ func NewDriver(rootPath string) (*Driver, error) { return nil, err } - lock, err := lockfile.GetLockfile(filepath.Join(rootPath, "secretsdata.lock")) + lock, err := lockfile.GetLockFile(filepath.Join(rootPath, "secretsdata.lock")) if err != nil { return nil, err } diff --git a/vendor/github.com/containers/common/pkg/secrets/secrets.go b/vendor/github.com/containers/common/pkg/secrets/secrets.go index f11546cc66..7797f0fc59 100644 --- a/vendor/github.com/containers/common/pkg/secrets/secrets.go +++ b/vendor/github.com/containers/common/pkg/secrets/secrets.go @@ -127,7 +127,7 @@ func NewManager(rootPath string) (*SecretsManager, error) { return nil, err } - lock, err := lockfile.GetLockfile(filepath.Join(rootPath, "secrets.lock")) + lock, err := lockfile.GetLockFile(filepath.Join(rootPath, "secrets.lock")) if err != nil { return nil, err } diff --git a/vendor/golang.org/x/sys/execabs/execabs_go119.go b/vendor/golang.org/x/sys/execabs/execabs_go119.go index 1e7a9ada0b..46c5b525e7 100644 --- a/vendor/golang.org/x/sys/execabs/execabs_go119.go +++ b/vendor/golang.org/x/sys/execabs/execabs_go119.go @@ -7,9 +7,11 @@ package execabs -import "strings" +import ( + "errors" + "os/exec" +) func isGo119ErrDot(err error) bool { - // TODO: return errors.Is(err, exec.ErrDot) - return strings.Contains(err.Error(), "current directory") + return errors.Is(err, exec.ErrDot) } diff --git a/vendor/golang.org/x/sys/windows/syscall_windows.go b/vendor/golang.org/x/sys/windows/syscall_windows.go index 7a6ba43a7e..a49853e9d3 100644 --- a/vendor/golang.org/x/sys/windows/syscall_windows.go +++ b/vendor/golang.org/x/sys/windows/syscall_windows.go @@ -367,6 +367,7 @@ func NewCallbackCDecl(fn interface{}) uintptr { //sys IsWindowUnicode(hwnd HWND) (isUnicode bool) = user32.IsWindowUnicode //sys IsWindowVisible(hwnd HWND) (isVisible bool) = user32.IsWindowVisible //sys GetGUIThreadInfo(thread uint32, info *GUIThreadInfo) (err error) = user32.GetGUIThreadInfo +//sys GetLargePageMinimum() (size uintptr) // Volume Management Functions //sys DefineDosDevice(flags uint32, deviceName *uint16, targetPath *uint16) (err error) = DefineDosDeviceW diff --git a/vendor/golang.org/x/sys/windows/zsyscall_windows.go b/vendor/golang.org/x/sys/windows/zsyscall_windows.go index 96ba8559c3..ac60052e44 100644 --- a/vendor/golang.org/x/sys/windows/zsyscall_windows.go +++ b/vendor/golang.org/x/sys/windows/zsyscall_windows.go @@ -252,6 +252,7 @@ var ( procGetFileType = modkernel32.NewProc("GetFileType") procGetFinalPathNameByHandleW = modkernel32.NewProc("GetFinalPathNameByHandleW") procGetFullPathNameW = modkernel32.NewProc("GetFullPathNameW") + procGetLargePageMinimum = modkernel32.NewProc("GetLargePageMinimum") procGetLastError = modkernel32.NewProc("GetLastError") procGetLogicalDriveStringsW = modkernel32.NewProc("GetLogicalDriveStringsW") procGetLogicalDrives = modkernel32.NewProc("GetLogicalDrives") @@ -2180,6 +2181,12 @@ func GetFullPathName(path *uint16, buflen uint32, buf *uint16, fname **uint16) ( return } +func GetLargePageMinimum() (size uintptr) { + r0, _, _ := syscall.Syscall(procGetLargePageMinimum.Addr(), 0, 0, 0, 0) + size = uintptr(r0) + return +} + func GetLastError() (lasterr error) { r0, _, _ := syscall.Syscall(procGetLastError.Addr(), 0, 0, 0, 0) if r0 != 0 { diff --git a/vendor/modules.txt b/vendor/modules.txt index de6333d953..834b6d25d2 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -118,7 +118,7 @@ github.com/containers/buildah/pkg/rusage github.com/containers/buildah/pkg/sshagent github.com/containers/buildah/pkg/util github.com/containers/buildah/util -# github.com/containers/common v0.50.2-0.20221128124429-24d78208a290 +# github.com/containers/common v0.50.2-0.20221206110749-eb48ebbf8ca9 ## explicit; go 1.17 github.com/containers/common/libimage github.com/containers/common/libimage/define @@ -811,7 +811,7 @@ golang.org/x/net/trace ## explicit golang.org/x/sync/errgroup golang.org/x/sync/semaphore -# golang.org/x/sys v0.2.0 +# golang.org/x/sys v0.3.0 ## explicit; go 1.17 golang.org/x/sys/cpu golang.org/x/sys/execabs