Add containers-common spec and command to podman

Since containers-common package is tied to specific versions of Podman, add tools to build the package into the contrib directory This should help other distributions to figure out which commont package to ship. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2025-09-25 15:55:32 +08:00 · 2022-02-17 13:46:51 -05:00
parent d3903a8591
commit 80c5962dba
113 changed files with 3629 additions and 1317 deletions
--- a/vendor/github.com/containers/common/libnetwork/cni/config.go
+++ b/vendor/github.com/containers/common/libnetwork/cni/config.go
@ -69,7 +69,7 @@ func (n *cniNetwork) networkCreate(newNetwork *types.Network, defaultNet bool) (

 	switch newNetwork.Driver {
 	case types.BridgeNetworkDriver:
-		err = internalutil.CreateBridge(n, newNetwork, usedNetworks)
+		err = internalutil.CreateBridge(n, newNetwork, usedNetworks, n.defaultsubnetPools)
 		if err != nil {
 			return nil, err
 		}
--- a/vendor/github.com/containers/common/libnetwork/cni/network.go
+++ b/vendor/github.com/containers/common/libnetwork/cni/network.go
@ -13,6 +13,7 @@ import (

 	"github.com/containernetworking/cni/libcni"
 	"github.com/containers/common/libnetwork/types"
+	"github.com/containers/common/pkg/config"
 	"github.com/containers/storage/pkg/lockfile"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
@ -31,6 +32,9 @@ type cniNetwork struct {
 	// defaultSubnet is the default subnet for the default network.
 	defaultSubnet types.IPNet

+	// defaultsubnetPools contains the subnets which must be used to allocate a free subnet by network create
+	defaultsubnetPools []config.SubnetPool
+
 	// isMachine describes whenever podman runs in a podman machine environment.
 	isMachine bool

@ -62,6 +66,9 @@ type InitConfig struct {
 	// DefaultSubnet is the default subnet for the default network.
 	DefaultSubnet string

+	// DefaultsubnetPools contains the subnets which must be used to allocate a free subnet by network create
+	DefaultsubnetPools []config.SubnetPool
+
 	// IsMachine describes whenever podman runs in a podman machine environment.
 	IsMachine bool
 }
@ -89,15 +96,21 @@ func NewCNINetworkInterface(conf *InitConfig) (types.ContainerNetwork, error) {
 		return nil, errors.Wrap(err, "failed to parse default subnet")
 	}

+	defaultSubnetPools := conf.DefaultsubnetPools
+	if defaultSubnetPools == nil {
+		defaultSubnetPools = config.DefaultSubnetPools
+	}
+
 	cni := libcni.NewCNIConfig(conf.CNIPluginDirs, &cniExec{})
 	n := &cniNetwork{
-		cniConfigDir:   conf.CNIConfigDir,
-		cniPluginDirs:  conf.CNIPluginDirs,
-		cniConf:        cni,
-		defaultNetwork: defaultNetworkName,
-		defaultSubnet:  defaultNet,
-		isMachine:      conf.IsMachine,
-		lock:           lock,
+		cniConfigDir:       conf.CNIConfigDir,
+		cniPluginDirs:      conf.CNIPluginDirs,
+		cniConf:            cni,
+		defaultNetwork:     defaultNetworkName,
+		defaultSubnet:      defaultNet,
+		defaultsubnetPools: defaultSubnetPools,
+		isMachine:          conf.IsMachine,
+		lock:               lock,
 	}

 	return n, nil
--- a/vendor/github.com/containers/common/libnetwork/internal/util/bridge.go
+++ b/vendor/github.com/containers/common/libnetwork/internal/util/bridge.go
@ -5,11 +5,12 @@ import (

 	"github.com/containers/common/libnetwork/types"
 	"github.com/containers/common/libnetwork/util"
+	"github.com/containers/common/pkg/config"
 	pkgutil "github.com/containers/common/pkg/util"
 	"github.com/pkg/errors"
 )

-func CreateBridge(n NetUtil, network *types.Network, usedNetworks []*net.IPNet) error {
+func CreateBridge(n NetUtil, network *types.Network, usedNetworks []*net.IPNet, subnetPools []config.SubnetPool) error {
 	if network.NetworkInterface != "" {
 		bridges := GetBridgeInterfaceNames(n)
 		if pkgutil.StringInSlice(network.NetworkInterface, bridges) {
@ -28,7 +29,7 @@ func CreateBridge(n NetUtil, network *types.Network, usedNetworks []*net.IPNet)

 	if network.IPAMOptions["driver"] != types.DHCPIPAMDriver {
 		if len(network.Subnets) == 0 {
-			freeSubnet, err := GetFreeIPv4NetworkSubnet(usedNetworks)
+			freeSubnet, err := GetFreeIPv4NetworkSubnet(usedNetworks, subnetPools)
 			if err != nil {
 				return err
 			}
@ -48,7 +49,7 @@ func CreateBridge(n NetUtil, network *types.Network, usedNetworks []*net.IPNet)
 				}
 			}
 			if !ipv4 {
-				freeSubnet, err := GetFreeIPv4NetworkSubnet(usedNetworks)
+				freeSubnet, err := GetFreeIPv4NetworkSubnet(usedNetworks, subnetPools)
 				if err != nil {
 					return err
 				}
--- a/vendor/github.com/containers/common/libnetwork/internal/util/ip.go
+++ b/vendor/github.com/containers/common/libnetwork/internal/util/ip.go
@ -11,11 +11,15 @@ func incByte(subnet *net.IPNet, idx int, shift uint) error {
 	if idx < 0 {
 		return errors.New("no more subnets left")
 	}
-	if subnet.IP[idx] == 255 {
-		subnet.IP[idx] = 0
-		return incByte(subnet, idx-1, 0)
+
+	var val byte = 1 << shift
+	// if overflow we have to inc the previous byte
+	if uint(subnet.IP[idx])+uint(val) > 255 {
+		if err := incByte(subnet, idx-1, 0); err != nil {
+			return err
+		}
 	}
-	subnet.IP[idx] += 1 << shift
+	subnet.IP[idx] += val
 	return nil
 }

@ -31,10 +35,7 @@ func NextSubnet(subnet *net.IPNet) (*net.IPNet, error) {
 	}
 	zeroes := uint(bits - ones)
 	shift := zeroes % 8
-	idx := ones/8 - 1
-	if idx < 0 {
-		idx = 0
-	}
+	idx := (ones - 1) / 8
 	if err := incByte(newSubnet, idx, shift); err != nil {
 		return nil, err
 	}
--- a/vendor/github.com/containers/common/libnetwork/internal/util/util.go
+++ b/vendor/github.com/containers/common/libnetwork/internal/util/util.go
@ -6,6 +6,7 @@ import (
 	"net"

 	"github.com/containers/common/libnetwork/types"
+	"github.com/containers/common/pkg/config"
 	"github.com/containers/common/pkg/util"
 	"github.com/sirupsen/logrus"
 )
@ -79,28 +80,36 @@ func GetUsedSubnets(n NetUtil) ([]*net.IPNet, error) {
 }

 // GetFreeIPv4NetworkSubnet returns a unused ipv4 subnet
-func GetFreeIPv4NetworkSubnet(usedNetworks []*net.IPNet) (*types.Subnet, error) {
-	// the default podman network is 10.88.0.0/16
-	// start locking for free /24 networks
-	network := &net.IPNet{
-		IP:   net.IP{10, 89, 0, 0},
-		Mask: net.IPMask{255, 255, 255, 0},
+func GetFreeIPv4NetworkSubnet(usedNetworks []*net.IPNet, subnetPools []config.SubnetPool) (*types.Subnet, error) {
+	var err error
+	for _, pool := range subnetPools {
+		// make sure to copy the netip to prevent overwriting the subnet pool
+		netIP := make(net.IP, net.IPv4len)
+		copy(netIP, pool.Base.IP)
+		network := &net.IPNet{
+			IP:   netIP,
+			Mask: net.CIDRMask(pool.Size, 32),
+		}
+		for pool.Base.Contains(network.IP) {
+			if !NetworkIntersectsWithNetworks(network, usedNetworks) {
+				logrus.Debugf("found free ipv4 network subnet %s", network.String())
+				return &types.Subnet{
+					Subnet: types.IPNet{IPNet: *network},
+				}, nil
+			}
+			network, err = NextSubnet(network)
+			if err != nil {
+				// when error go to next pool, we return the error only when all pools are done
+				break
+			}
+		}
 	}

-	// TODO: make sure to not use public subnets
-	for {
-		if intersectsConfig := NetworkIntersectsWithNetworks(network, usedNetworks); !intersectsConfig {
-			logrus.Debugf("found free ipv4 network subnet %s", network.String())
-			return &types.Subnet{
-				Subnet: types.IPNet{IPNet: *network},
-			}, nil
-		}
-		var err error
-		network, err = NextSubnet(network)
-		if err != nil {
-			return nil, err
-		}
+	if err != nil {
+		return nil, err
 	}
+	return nil, errors.New("could not find free subnet from subnet pools")
+
 }

 // GetFreeIPv6NetworkSubnet returns a unused ipv6 subnet
--- a/vendor/github.com/containers/common/libnetwork/netavark/config.go
+++ b/vendor/github.com/containers/common/libnetwork/netavark/config.go
@ -83,7 +83,7 @@ func (n *netavarkNetwork) networkCreate(newNetwork *types.Network, defaultNet bo

 	switch newNetwork.Driver {
 	case types.BridgeNetworkDriver:
-		err = internalutil.CreateBridge(n, newNetwork, usedNetworks)
+		err = internalutil.CreateBridge(n, newNetwork, usedNetworks, n.defaultsubnetPools)
 		if err != nil {
 			return nil, err
 		}
--- a/vendor/github.com/containers/common/libnetwork/netavark/network.go
+++ b/vendor/github.com/containers/common/libnetwork/netavark/network.go
@ -12,6 +12,7 @@ import (

 	"github.com/containers/common/libnetwork/internal/util"
 	"github.com/containers/common/libnetwork/types"
+	"github.com/containers/common/pkg/config"
 	"github.com/containers/storage/pkg/lockfile"
 	"github.com/containers/storage/pkg/unshare"
 	"github.com/pkg/errors"
@ -38,6 +39,9 @@ type netavarkNetwork struct {
 	// defaultSubnet is the default subnet for the default network.
 	defaultSubnet types.IPNet

+	// defaultsubnetPools contains the subnets which must be used to allocate a free subnet by network create
+	defaultsubnetPools []config.SubnetPool
+
 	// ipamDBPath is the path to the ip allocation bolt db
 	ipamDBPath string

@ -72,6 +76,9 @@ type InitConfig struct {
 	// DefaultSubnet is the default subnet for the default network.
 	DefaultSubnet string

+	// DefaultsubnetPools contains the subnets which must be used to allocate a free subnet by network create
+	DefaultsubnetPools []config.SubnetPool
+
 	// Syslog describes whenever the netavark debbug output should be log to the syslog as well.
 	// This will use logrus to do so, make sure logrus is set up to log to the syslog.
 	Syslog bool
@ -108,17 +115,23 @@ func NewNetworkInterface(conf *InitConfig) (types.ContainerNetwork, error) {
 		return nil, err
 	}

+	defaultSubnetPools := conf.DefaultsubnetPools
+	if defaultSubnetPools == nil {
+		defaultSubnetPools = config.DefaultSubnetPools
+	}
+
 	n := &netavarkNetwork{
-		networkConfigDir: conf.NetworkConfigDir,
-		networkRunDir:    conf.NetworkRunDir,
-		netavarkBinary:   conf.NetavarkBinary,
-		aardvarkBinary:   conf.AardvarkBinary,
-		networkRootless:  unshare.IsRootless(),
-		ipamDBPath:       filepath.Join(conf.NetworkRunDir, "ipam.db"),
-		defaultNetwork:   defaultNetworkName,
-		defaultSubnet:    defaultNet,
-		lock:             lock,
-		syslog:           conf.Syslog,
+		networkConfigDir:   conf.NetworkConfigDir,
+		networkRunDir:      conf.NetworkRunDir,
+		netavarkBinary:     conf.NetavarkBinary,
+		aardvarkBinary:     conf.AardvarkBinary,
+		networkRootless:    unshare.IsRootless(),
+		ipamDBPath:         filepath.Join(conf.NetworkRunDir, "ipam.db"),
+		defaultNetwork:     defaultNetworkName,
+		defaultSubnet:      defaultNet,
+		defaultsubnetPools: defaultSubnetPools,
+		lock:               lock,
+		syslog:             conf.Syslog,
 	}

 	return n, nil
--- a/vendor/github.com/containers/common/libnetwork/network/interface.go
+++ b/vendor/github.com/containers/common/libnetwork/network/interface.go
@ -82,13 +82,14 @@ func NetworkBackend(store storage.Store, conf *config.Config, syslog bool) (type
 		}

 		netInt, err := netavark.NewNetworkInterface(&netavark.InitConfig{
-			NetworkConfigDir: confDir,
-			NetworkRunDir:    runDir,
-			NetavarkBinary:   netavarkBin,
-			AardvarkBinary:   aardvarkBin,
-			DefaultNetwork:   conf.Network.DefaultNetwork,
-			DefaultSubnet:    conf.Network.DefaultSubnet,
-			Syslog:           syslog,
+			NetworkConfigDir:   confDir,
+			NetworkRunDir:      runDir,
+			NetavarkBinary:     netavarkBin,
+			AardvarkBinary:     aardvarkBin,
+			DefaultNetwork:     conf.Network.DefaultNetwork,
+			DefaultSubnet:      conf.Network.DefaultSubnet,
+			DefaultsubnetPools: conf.Network.DefaultSubnetPools,
+			Syslog:             syslog,
 		})
 		return types.Netavark, netInt, err
 	case types.CNI:
@ -171,11 +172,12 @@ func getCniInterface(conf *config.Config) (types.ContainerNetwork, error) {
 		}
 	}
 	return cni.NewCNINetworkInterface(&cni.InitConfig{
-		CNIConfigDir:   confDir,
-		CNIPluginDirs:  conf.Network.CNIPluginDirs,
-		DefaultNetwork: conf.Network.DefaultNetwork,
-		DefaultSubnet:  conf.Network.DefaultSubnet,
-		IsMachine:      conf.Engine.MachineEnabled,
+		CNIConfigDir:       confDir,
+		CNIPluginDirs:      conf.Network.CNIPluginDirs,
+		DefaultNetwork:     conf.Network.DefaultNetwork,
+		DefaultSubnet:      conf.Network.DefaultSubnet,
+		DefaultsubnetPools: conf.Network.DefaultSubnetPools,
+		IsMachine:          conf.Engine.MachineEnabled,
 	})
 }

--- a/vendor/github.com/containers/common/pkg/config/config.go
+++ b/vendor/github.com/containers/common/pkg/config/config.go
@ -10,6 +10,7 @@ import (
 	"sync"

 	"github.com/BurntSushi/toml"
+	"github.com/containers/common/libnetwork/types"
 	"github.com/containers/common/pkg/capabilities"
 	"github.com/containers/storage/pkg/unshare"
 	units "github.com/docker/go-units"
@ -486,20 +487,36 @@ type NetworkConfig struct {
 	// CNIPluginDirs is where CNI plugin binaries are stored.
 	CNIPluginDirs []string `toml:"cni_plugin_dirs,omitempty"`

-	// DefaultNetwork is the network name of the default CNI network
+	// DefaultNetwork is the network name of the default network
 	// to attach pods to.
 	DefaultNetwork string `toml:"default_network,omitempty"`

-	// DefaultSubnet is the subnet to be used for the default CNI network.
+	// DefaultSubnet is the subnet to be used for the default network.
 	// If a network with the name given in DefaultNetwork is not present
 	// then a new network using this subnet will be created.
 	// Must be a valid IPv4 CIDR block.
 	DefaultSubnet string `toml:"default_subnet,omitempty"`

-	// NetworkConfigDir is where CNI network configuration files are stored.
+	// DefaultSubnetPools is a list of subnets and size which are used to
+	// allocate subnets automatically for podman network create.
+	// It will iterate through the list and will pick the first free subnet
+	// with the given size. This is only used for ipv4 subnets, ipv6 subnets
+	// are always assigned randomly.
+	DefaultSubnetPools []SubnetPool `toml:"default_subnet_pools,omitempty"`
+
+	// NetworkConfigDir is where network configuration files are stored.
 	NetworkConfigDir string `toml:"network_config_dir,omitempty"`
 }

+type SubnetPool struct {
+	// Base is a bigger subnet which will be used to allocate a subnet with
+	// the given size.
+	Base *types.IPNet `toml:"base,omitempty"`
+	// Size is the CIDR for the new subnet. It must be equal or small
+	// than the CIDR from the base subnet.
+	Size int `toml:"size,omitempty"`
+}
+
 // SecretConfig represents the "secret" TOML config table
 type SecretConfig struct {
 	// Driver specifies the secret driver to use.
@ -830,6 +847,21 @@ func (c *ContainersConfig) Validate() error {
 // execution checks. It returns an `error` on validation failure, otherwise
 // `nil`.
 func (c *NetworkConfig) Validate() error {
+	if &c.DefaultSubnetPools != &DefaultSubnetPools {
+		for _, pool := range c.DefaultSubnetPools {
+			if pool.Base.IP.To4() == nil {
+				return errors.Errorf("invalid subnet pool ip %q", pool.Base.IP)
+			}
+			ones, _ := pool.Base.IPNet.Mask.Size()
+			if ones > pool.Size {
+				return errors.Errorf("invalid subnet pool, size is bigger than subnet %q", &pool.Base.IPNet)
+			}
+			if pool.Size > 32 {
+				return errors.New("invalid subnet pool size, must be between 0-32")
+			}
+		}
+	}
+
 	if stringsEq(c.CNIPluginDirs, DefaultCNIPluginDirs) {
 		return nil
 	}
--- a/vendor/github.com/containers/common/pkg/config/containers.conf
+++ b/vendor/github.com/containers/common/pkg/config/containers.conf
@ -284,6 +284,20 @@ default_sysctls = [
 #
 #default_subnet = "10.88.0.0/16"

+# DefaultSubnetPools is a list of subnets and size which are used to
+# allocate subnets automatically for podman network create.
+# It will iterate through the list and will pick the first free subnet
+# with the given size. This is only used for ipv4 subnets, ipv6 subnets
+# are always assigned randomly.
+#
+#default_subnet_pools = [
+#  {"base" = "10.89.0.0/16", "size" = 24},
+#  {"base" = "10.90.0.0/15", "size" = 24},
+#  {"base" = "10.92.0.0/14", "size" = 24},
+#  {"base" = "10.96.0.0/11", "size" = 24},
+#  {"base" = "10.128.0.0/9", "size" = 24},
+#]
+
 # Path to the directory where network configuration files are located.
 # For the CNI backend the default is "/etc/cni/net.d" as root
 # and "$HOME/.config/cni/net.d" as rootless.
--- a/vendor/github.com/containers/common/pkg/config/default.go
+++ b/vendor/github.com/containers/common/pkg/config/default.go
@ -3,12 +3,14 @@ package config
 import (
 	"bytes"
 	"fmt"
+	"net"
 	"os"
 	"os/exec"
 	"path/filepath"
 	"regexp"
 	"strconv"

+	nettypes "github.com/containers/common/libnetwork/types"
 	"github.com/containers/common/pkg/apparmor"
 	"github.com/containers/common/pkg/cgroupv2"
 	"github.com/containers/common/pkg/util"
@ -85,8 +87,26 @@ var (
 		"/usr/lib/cni",
 		"/opt/cni/bin",
 	}
+	DefaultSubnetPools = []SubnetPool{
+		// 10.89.0.0/24-10.255.255.0/24
+		parseSubnetPool("10.89.0.0/16", 24),
+		parseSubnetPool("10.90.0.0/15", 24),
+		parseSubnetPool("10.92.0.0/14", 24),
+		parseSubnetPool("10.96.0.0/11", 24),
+		parseSubnetPool("10.128.0.0/9", 24),
+	}
 )

+// nolint:unparam
+func parseSubnetPool(subnet string, size int) SubnetPool {
+	_, n, _ := net.ParseCIDR(subnet)
+	return SubnetPool{
+		Base: &nettypes.IPNet{IPNet: *n},
+		Size: size,
+	}
+
+}
+
 const (
 	// _etcDir is the sysconfdir where podman should look for system config files.
 	// It can be overridden at build time.
@ -111,7 +131,7 @@ const (
 	// DefaultSignaturePolicyPath is the default value for the
 	// policy.json file.
 	DefaultSignaturePolicyPath = "/etc/containers/policy.json"
-	// DefaultSubnet is the subnet that will be used for the default CNI
+	// DefaultSubnet is the subnet that will be used for the default
 	// network.
 	DefaultSubnet = "10.88.0.0/16"
 	// DefaultRootlessSignaturePolicyPath is the location within
@ -195,9 +215,10 @@ func DefaultConfig() (*Config, error) {
 			UserNSSize: DefaultUserNSSize,
 		},
 		Network: NetworkConfig{
-			DefaultNetwork: "podman",
-			DefaultSubnet:  DefaultSubnet,
-			CNIPluginDirs:  DefaultCNIPluginDirs,
+			DefaultNetwork:     "podman",
+			DefaultSubnet:      DefaultSubnet,
+			DefaultSubnetPools: DefaultSubnetPools,
+			CNIPluginDirs:      DefaultCNIPluginDirs,
 		},
 		Engine:  *defaultEngineConfig,
 		Secrets: defaultSecretConfig(),
@ -385,15 +406,14 @@ func probeConmon(conmonBinary string) error {
 	cmd := exec.Command(conmonBinary, "--version")
 	var out bytes.Buffer
 	cmd.Stdout = &out
-	err := cmd.Run()
-	if err != nil {
+	if err := cmd.Run(); err != nil {
 		return err
 	}
 	r := regexp.MustCompile(`^conmon version (?P<Major>\d+).(?P<Minor>\d+).(?P<Patch>\d+)`)

 	matches := r.FindStringSubmatch(out.String())
 	if len(matches) != 4 {
-		return errors.Wrap(err, _conmonVersionFormatErr)
+		return errors.New(_conmonVersionFormatErr)
 	}
 	major, err := strconv.Atoi(matches[1])
 	if err != nil {
--- a/vendor/github.com/containers/common/pkg/parse/parse.go
+++ b/vendor/github.com/containers/common/pkg/parse/parse.go
@ -34,6 +34,10 @@ func ValidateVolumeOpts(options []string) ([]string, error) {
 			finalOpts = append(finalOpts, opt)
 			continue
 		}
+		if strings.HasPrefix(opt, "idmap") {
+			finalOpts = append(finalOpts, opt)
+			continue
+		}

 		switch opt {
 		case "noexec", "exec":
@ -84,7 +88,6 @@ func ValidateVolumeOpts(options []string) ([]string, error) {
 			// are intended to be always safe to use, even not on OS
 			// X).
 			continue
-		case "idmap":
 		default:
 			return nil, errors.Errorf("invalid option type %q", opt)
 		}
--- a/vendor/github.com/containers/common/version/version.go
+++ b/vendor/github.com/containers/common/version/version.go
@ -1,4 +1,4 @@
 package version

 // Version is the version of the build.
-const Version = "0.47.4"
+const Version = "0.47.4+dev"