mirror of
https://github.com/containers/podman.git
synced 2025-05-20 16:47:39 +08:00
openshift-merge-bot[bot]
@ -6,7 +6,7 @@ env:
|
|||||||
#### Global variables used for all tasks
|
#### Global variables used for all tasks
|
||||||
####
|
####
|
||||||
# Name of the ultimate destination branch for this CI run, PR or post-merge.
|
# Name of the ultimate destination branch for this CI run, PR or post-merge.
|
||||||
DEST_BRANCH: "main"
|
DEST_BRANCH: "v5.3"
|
||||||
# Sane (default) value for GOPROXY and GOSUMDB.
|
# Sane (default) value for GOPROXY and GOSUMDB.
|
||||||
GOPROXY: "https://proxy.golang.org,direct"
|
GOPROXY: "https://proxy.golang.org,direct"
|
||||||
GOSUMDB: "sum.golang.org"
|
GOSUMDB: "sum.golang.org"
|
||||||
|
|||||||
@ -7,6 +7,8 @@ Show the API documentation for version:
|
|||||||
|
|
||||||
* `latest (main branch) <_static/api.html>`_
|
* `latest (main branch) <_static/api.html>`_
|
||||||
|
|
||||||
|
* `version 5.3 <_static/api.html?version=v5.3>`_
|
||||||
|
|
||||||
* `version 5.2 <_static/api.html?version=v5.2>`_
|
* `version 5.2 <_static/api.html?version=v5.2>`_
|
||||||
|
|
||||||
* `version 5.1 <_static/api.html?version=v5.1>`_
|
* `version 5.1 <_static/api.html?version=v5.1>`_
|
||||||
|
|||||||
@ -662,7 +662,6 @@ func (c *Container) generateSpec(ctx context.Context) (s *spec.Spec, cleanupFunc
|
|||||||
// setup rlimits
|
// setup rlimits
|
||||||
nofileSet := false
|
nofileSet := false
|
||||||
nprocSet := false
|
nprocSet := false
|
||||||
isRootless := rootless.IsRootless()
|
|
||||||
isRunningInUserNs := unshare.IsRootless()
|
isRunningInUserNs := unshare.IsRootless()
|
||||||
if isRunningInUserNs && g.Config.Process != nil && g.Config.Process.OOMScoreAdj != nil {
|
if isRunningInUserNs && g.Config.Process != nil && g.Config.Process.OOMScoreAdj != nil {
|
||||||
var err error
|
var err error
|
||||||
@ -682,7 +681,7 @@ func (c *Container) generateSpec(ctx context.Context) (s *spec.Spec, cleanupFunc
|
|||||||
if !nofileSet {
|
if !nofileSet {
|
||||||
max := rlimT(define.RLimitDefaultValue)
|
max := rlimT(define.RLimitDefaultValue)
|
||||||
current := rlimT(define.RLimitDefaultValue)
|
current := rlimT(define.RLimitDefaultValue)
|
||||||
if isRootless {
|
if isRunningInUserNs {
|
||||||
var rlimit unix.Rlimit
|
var rlimit unix.Rlimit
|
||||||
if err := unix.Getrlimit(unix.RLIMIT_NOFILE, &rlimit); err != nil {
|
if err := unix.Getrlimit(unix.RLIMIT_NOFILE, &rlimit); err != nil {
|
||||||
logrus.Warnf("Failed to return RLIMIT_NOFILE ulimit %q", err)
|
logrus.Warnf("Failed to return RLIMIT_NOFILE ulimit %q", err)
|
||||||
@ -699,7 +698,7 @@ func (c *Container) generateSpec(ctx context.Context) (s *spec.Spec, cleanupFunc
|
|||||||
if !nprocSet {
|
if !nprocSet {
|
||||||
max := rlimT(define.RLimitDefaultValue)
|
max := rlimT(define.RLimitDefaultValue)
|
||||||
current := rlimT(define.RLimitDefaultValue)
|
current := rlimT(define.RLimitDefaultValue)
|
||||||
if isRootless {
|
if isRunningInUserNs {
|
||||||
var rlimit unix.Rlimit
|
var rlimit unix.Rlimit
|
||||||
if err := unix.Getrlimit(unix.RLIMIT_NPROC, &rlimit); err != nil {
|
if err := unix.Getrlimit(unix.RLIMIT_NPROC, &rlimit); err != nil {
|
||||||
logrus.Warnf("Failed to return RLIMIT_NPROC ulimit %q", err)
|
logrus.Warnf("Failed to return RLIMIT_NPROC ulimit %q", err)
|
||||||
|
|||||||
@ -11,6 +11,7 @@ import (
|
|||||||
"net/url"
|
"net/url"
|
||||||
"os"
|
"os"
|
||||||
"os/user"
|
"os/user"
|
||||||
|
"path/filepath"
|
||||||
"strconv"
|
"strconv"
|
||||||
"strings"
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
@ -147,59 +148,87 @@ func NewConnectionWithIdentity(ctx context.Context, uri string, identity string,
|
|||||||
|
|
||||||
func sshClient(_url *url.URL, uri string, identity string, machine bool) (Connection, error) {
|
func sshClient(_url *url.URL, uri string, identity string, machine bool) (Connection, error) {
|
||||||
var (
|
var (
|
||||||
err error
|
err error
|
||||||
|
port int
|
||||||
)
|
)
|
||||||
connection := Connection{
|
connection := Connection{
|
||||||
URI: _url,
|
URI: _url,
|
||||||
}
|
}
|
||||||
userinfo := _url.User
|
userinfo := _url.User
|
||||||
if _url.User == nil {
|
|
||||||
u, err := user.Current()
|
|
||||||
if err != nil {
|
|
||||||
return connection, fmt.Errorf("current user could not be determined: %w", err)
|
|
||||||
}
|
|
||||||
userinfo = url.User(u.Username)
|
|
||||||
}
|
|
||||||
port := 22
|
|
||||||
if _url.Port() != "" {
|
if _url.Port() != "" {
|
||||||
port, err = strconv.Atoi(_url.Port())
|
port, err = strconv.Atoi(_url.Port())
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return connection, err
|
return connection, err
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
// ssh_config
|
|
||||||
alias := _url.Hostname()
|
// only parse ssh_config when we are not connecting to a machine
|
||||||
cfg := ssh_config.DefaultUserSettings
|
// For machine connections we always have the full URL in the
|
||||||
found := false
|
// system connection so reading the file is just unnecessary.
|
||||||
if val := cfg.Get(alias, "User"); val != "" {
|
if !machine {
|
||||||
userinfo = url.User(val)
|
alias := _url.Hostname()
|
||||||
found = true
|
cfg := ssh_config.DefaultUserSettings
|
||||||
}
|
cfg.IgnoreErrors = true
|
||||||
if val := cfg.Get(alias, "Hostname"); val != "" {
|
found := false
|
||||||
uri = val
|
|
||||||
found = true
|
if userinfo == nil {
|
||||||
}
|
if val := cfg.Get(alias, "User"); val != "" {
|
||||||
if val := cfg.Get(alias, "Port"); val != "" {
|
userinfo = url.User(val)
|
||||||
if val != ssh_config.Default("Port") {
|
found = true
|
||||||
port, err = strconv.Atoi(val)
|
|
||||||
if err != nil {
|
|
||||||
return connection, fmt.Errorf("port is not an int: %s: %w", val, err)
|
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
// not in url or ssh_config so default to current user
|
||||||
|
if userinfo == nil {
|
||||||
|
u, err := user.Current()
|
||||||
|
if err != nil {
|
||||||
|
return connection, fmt.Errorf("current user could not be determined: %w", err)
|
||||||
|
}
|
||||||
|
userinfo = url.User(u.Username)
|
||||||
|
}
|
||||||
|
|
||||||
|
if val := cfg.Get(alias, "Hostname"); val != "" {
|
||||||
|
uri = val
|
||||||
found = true
|
found = true
|
||||||
}
|
}
|
||||||
}
|
|
||||||
if val := cfg.Get(alias, "IdentityFile"); val != "" {
|
if port == 0 {
|
||||||
if val != ssh_config.Default("IdentityFile") {
|
if val := cfg.Get(alias, "Port"); val != "" {
|
||||||
identity = strings.Trim(val, "\"")
|
if val != ssh_config.Default("Port") {
|
||||||
found = true
|
port, err = strconv.Atoi(val)
|
||||||
|
if err != nil {
|
||||||
|
return connection, fmt.Errorf("port is not an int: %s: %w", val, err)
|
||||||
|
}
|
||||||
|
found = true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
// not in ssh config or url so use default 22 port
|
||||||
|
if port == 0 {
|
||||||
|
port = 22
|
||||||
|
}
|
||||||
|
|
||||||
|
if identity == "" {
|
||||||
|
if val := cfg.Get(alias, "IdentityFile"); val != "" {
|
||||||
|
identity = strings.Trim(val, "\"")
|
||||||
|
if strings.HasPrefix(identity, "~/") {
|
||||||
|
homedir, err := os.UserHomeDir()
|
||||||
|
if err != nil {
|
||||||
|
return connection, fmt.Errorf("failed to find home dir: %w", err)
|
||||||
|
}
|
||||||
|
identity = filepath.Join(homedir, identity[2:])
|
||||||
|
}
|
||||||
|
found = true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if found {
|
||||||
|
logrus.Debugf("ssh_config alias found: %s", alias)
|
||||||
|
logrus.Debugf(" User: %s", userinfo.Username())
|
||||||
|
logrus.Debugf(" Hostname: %s", uri)
|
||||||
|
logrus.Debugf(" Port: %d", port)
|
||||||
|
logrus.Debugf(" IdentityFile: %q", identity)
|
||||||
}
|
}
|
||||||
}
|
|
||||||
if found {
|
|
||||||
logrus.Debugf("ssh_config alias found: %s", alias)
|
|
||||||
logrus.Debugf(" User: %s", userinfo.Username())
|
|
||||||
logrus.Debugf(" Hostname: %s", uri)
|
|
||||||
logrus.Debugf(" Port: %d", port)
|
|
||||||
logrus.Debugf(" IdentityFile: %q", identity)
|
|
||||||
}
|
}
|
||||||
conn, err := ssh.Dial(&ssh.ConnectionDialOptions{
|
conn, err := ssh.Dial(&ssh.ConnectionDialOptions{
|
||||||
Host: uri,
|
Host: uri,
|
||||||
|
|||||||
@ -98,6 +98,19 @@ var _ = SynchronizedAfterSuite(func() {}, func() {
|
|||||||
}
|
}
|
||||||
})
|
})
|
||||||
|
|
||||||
|
// The config does not matter to much for our testing, however we
|
||||||
|
// would like to be sure podman machine is not effected by certain
|
||||||
|
// settings as we should be using full URLs anywhere.
|
||||||
|
// https://github.com/containers/podman/issues/24567
|
||||||
|
const sshConfigContent = `
|
||||||
|
Host *
|
||||||
|
User NOT_REAL
|
||||||
|
Port 9999
|
||||||
|
Host 127.0.0.1
|
||||||
|
User blah
|
||||||
|
IdentityFile ~/.ssh/id_ed25519
|
||||||
|
`
|
||||||
|
|
||||||
func setup() (string, *machineTestBuilder) {
|
func setup() (string, *machineTestBuilder) {
|
||||||
// Set TMPDIR if this needs a new directory
|
// Set TMPDIR if this needs a new directory
|
||||||
if value, ok := os.LookupEnv("TMPDIR"); ok {
|
if value, ok := os.LookupEnv("TMPDIR"); ok {
|
||||||
@ -118,7 +131,7 @@ func setup() (string, *machineTestBuilder) {
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
Fail(fmt.Sprintf("failed to create ssh config: %q", err))
|
Fail(fmt.Sprintf("failed to create ssh config: %q", err))
|
||||||
}
|
}
|
||||||
if _, err := sshConfig.WriteString("IdentitiesOnly=yes"); err != nil {
|
if _, err := sshConfig.WriteString(sshConfigContent); err != nil {
|
||||||
Fail(fmt.Sprintf("failed to write ssh config: %q", err))
|
Fail(fmt.Sprintf("failed to write ssh config: %q", err))
|
||||||
}
|
}
|
||||||
if err := sshConfig.Close(); err != nil {
|
if err := sshConfig.Close(); err != nil {
|
||||||
|
|||||||
Reference in New Issue
Block a user