From b8d8ff14b2e806d8d95efef27397b2b5ab653858 Mon Sep 17 00:00:00 2001 From: Sascha Grunert Date: Thu, 27 Apr 2023 08:43:57 +0200 Subject: [PATCH] Update c/common to v0.53.0 This fixes the umask `0` bug because it contains: https://github.com/containers/common/pull/1421 Signed-off-by: Sascha Grunert --- go.mod | 4 +- go.sum | 8 +-- .../common/pkg/config/containers.conf | 5 ++ .../common/pkg/config/containers.conf-freebsd | 5 ++ .../common/pkg/subscriptions/subscriptions.go | 33 ++++++----- .../containers/common/pkg/sysinfo/numcpu.go | 14 ++--- .../common/pkg/sysinfo/numcpu_linux.go | 33 ++--------- .../common/pkg/sysinfo/numcpu_other.go | 10 ++++ .../common/pkg/sysinfo/numcpu_windows.go | 9 --- .../containers/common/pkg/umask/umask.go | 58 +++++++++++++++++++ .../containers/common/version/version.go | 2 +- vendor/modules.txt | 4 +- 12 files changed, 118 insertions(+), 67 deletions(-) create mode 100644 vendor/github.com/containers/common/pkg/sysinfo/numcpu_other.go create mode 100644 vendor/github.com/containers/common/pkg/umask/umask.go diff --git a/go.mod b/go.mod index 69f7daa6d3f..f4e32378d8d 100644 --- a/go.mod +++ b/go.mod @@ -20,7 +20,7 @@ require ( github.com/containernetworking/cni v1.1.2 github.com/containernetworking/plugins v1.2.0 github.com/containers/buildah v1.30.0 - github.com/containers/common v0.52.0 + github.com/containers/common v0.53.0 github.com/containers/conmon v2.0.20+incompatible github.com/containers/conmon-rs v0.5.1 github.com/containers/image/v5 v5.25.0 @@ -113,7 +113,7 @@ require ( github.com/cyberphone/json-canonicalization v0.0.0-20220623050100-57a0ce2678a7 // indirect github.com/davecgh/go-spew v1.1.1 // indirect github.com/disiqueira/gotree/v3 v3.0.2 // indirect - github.com/docker/docker v23.0.3+incompatible // indirect + github.com/docker/docker v23.0.4+incompatible // indirect github.com/docker/docker-credential-helpers v0.7.0 // indirect github.com/docker/go-connections v0.4.1-0.20210727194412-58542c764a11 // indirect github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c // indirect diff --git a/go.sum b/go.sum index 73b89988815..55c2a564e33 100644 --- a/go.sum +++ b/go.sum @@ -325,8 +325,8 @@ github.com/containernetworking/plugins v1.2.0 h1:SWgg3dQG1yzUo4d9iD8cwSVh1VqI+bP github.com/containernetworking/plugins v1.2.0/go.mod h1:/VjX4uHecW5vVimFa1wkG4s+r/s9qIfPdqlLF4TW8c4= github.com/containers/buildah v1.30.0 h1:mdp2COGKFFEZNEGP8VZ5ITuUFVNPFoH+iK2sSesNfTA= github.com/containers/buildah v1.30.0/go.mod h1:lyMLZIevpAa6zSzjRl7z4lFJMCMQLFjfo56YIefaB/U= -github.com/containers/common v0.52.0 h1:S5GApgpNEGBuPhDHTFgMc55y5gsuxHcQeElvUpO5kp4= -github.com/containers/common v0.52.0/go.mod h1:dNJJVNBu1wJtAH+vFIMXV+fQHBdEVNmNP3ImjbKper4= +github.com/containers/common v0.53.0 h1:Ax814cLeX5VXSnkKUdxz762g+27fJj1st4UvKoXmkKs= +github.com/containers/common v0.53.0/go.mod h1:pABPxJwlTE8oYk9/2BW0e0mumkuhJHIPsABHTGRXN3w= github.com/containers/conmon v2.0.20+incompatible h1:YbCVSFSCqFjjVwHTPINGdMX1F6JXHGTUje2ZYobNrkg= github.com/containers/conmon v2.0.20+incompatible/go.mod h1:hgwZ2mtuDrppv78a/cOBNiCm6O0UMWGx1mu7P00nu5I= github.com/containers/conmon-rs v0.5.1 h1:Qquw9pE0KOeJkb3MhuUIFTvUzI08m9f4SpkuSY0kVSs= @@ -412,8 +412,8 @@ github.com/docker/distribution v2.8.1+incompatible h1:Q50tZOPR6T/hjNsyc9g8/syEs6 github.com/docker/distribution v2.8.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= github.com/docker/docker v1.4.2-0.20190924003213-a8608b5b67c7/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker v20.10.21+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= -github.com/docker/docker v23.0.3+incompatible h1:9GhVsShNWz1hO//9BNg/dpMnZW25KydO4wtVxWAIbho= -github.com/docker/docker v23.0.3+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/docker v23.0.4+incompatible h1:Kd3Bh9V/rO+XpTP/BLqM+gx8z7+Yb0AA2Ibj+nNo4ek= +github.com/docker/docker v23.0.4+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker-credential-helpers v0.6.3/go.mod h1:WRaJzqw3CTB9bk10avuGsjVBZsD05qeibJ1/TYlvc0Y= github.com/docker/docker-credential-helpers v0.7.0 h1:xtCHsjxogADNZcdv1pKUHXryefjlVRqWqIhk/uXJp0A= github.com/docker/docker-credential-helpers v0.7.0/go.mod h1:rETQfLdHNT3foU5kuNkFR1R1V12OJRRO5lzt2D1b5X0= diff --git a/vendor/github.com/containers/common/pkg/config/containers.conf b/vendor/github.com/containers/common/pkg/config/containers.conf index 187df3103c2..5d6e2efe356 100644 --- a/vendor/github.com/containers/common/pkg/config/containers.conf +++ b/vendor/github.com/containers/common/pkg/config/containers.conf @@ -392,6 +392,11 @@ default_sysctls = [ # short-name aliases defined in containers-registries.conf(5). #compat_api_enforce_docker_hub = true +# The database backend of Podman. Supported values are "boltdb" (default) and +# "sqlite". Please run `podman-system-reset` prior to changing the database +# backend of an existing deployment, to make sure Podman can operate correctly. +#database_backend="boltdb" + # Specify the keys sequence used to detach a container. # Format is a single character [a-Z] or a comma separated sequence of # `ctrl-`, where `` is one of: diff --git a/vendor/github.com/containers/common/pkg/config/containers.conf-freebsd b/vendor/github.com/containers/common/pkg/config/containers.conf-freebsd index 531c8378bbd..7fe7538a1a1 100644 --- a/vendor/github.com/containers/common/pkg/config/containers.conf-freebsd +++ b/vendor/github.com/containers/common/pkg/config/containers.conf-freebsd @@ -29,6 +29,11 @@ # #base_hosts_file = "" +# The database backend of Podman. Supported values are "boltdb" (default) and +# "sqlite". Please run `podman-system-reset` prior to changing the database +# backend of an existing deployment, to make sure Podman can operate correctly. +#database_backend="boltdb" + # List of default capabilities for containers. If it is empty or commented out, # the default capabilities defined in the container engine will be added. # diff --git a/vendor/github.com/containers/common/pkg/subscriptions/subscriptions.go b/vendor/github.com/containers/common/pkg/subscriptions/subscriptions.go index cdece0a1cb4..b751f487724 100644 --- a/vendor/github.com/containers/common/pkg/subscriptions/subscriptions.go +++ b/vendor/github.com/containers/common/pkg/subscriptions/subscriptions.go @@ -27,9 +27,10 @@ var ( UserOverrideMountsFile = filepath.Join(os.Getenv("HOME"), ".config/containers/mounts.conf") ) -// subscriptionData stores the name of the file and the content read from it +// subscriptionData stores the relative name of the file and the content read from it type subscriptionData struct { - name string + // relPath is the relative path to the file + relPath string data []byte mode os.FileMode dirMode os.FileMode @@ -37,11 +38,16 @@ type subscriptionData struct { // saveTo saves subscription data to given directory func (s subscriptionData) saveTo(dir string) error { - path := filepath.Join(dir, s.name) - if err := os.MkdirAll(filepath.Dir(path), s.dirMode); err != nil { - return err + // We need to join the path here and create all parent directories, only + // creating dir is not good enough as relPath could also contain directories. + path := filepath.Join(dir, s.relPath) + if err := umask.MkdirAllIgnoreUmask(filepath.Dir(path), s.dirMode); err != nil { + return fmt.Errorf("create subscription directory: %w", err) } - return os.WriteFile(path, s.data, s.mode) + if err := umask.WriteFileIgnoreUmask(path, s.data, s.mode); err != nil { + return fmt.Errorf("write subscription data: %w", err) + } + return nil } func readAll(root, prefix string, parentMode os.FileMode) ([]subscriptionData, error) { @@ -94,7 +100,7 @@ func readFileOrDir(root, name string, parentMode os.FileMode) ([]subscriptionDat return nil, err } return []subscriptionData{{ - name: name, + relPath: name, data: bytes, mode: s.Mode(), dirMode: parentMode, @@ -242,13 +248,9 @@ func addSubscriptionsFromMountsFile(filePath, mountLabel, containerRunDir string return nil, err } - // Don't let the umask have any influence on the file and directory creation - oldUmask := umask.Set(0) - defer umask.Set(oldUmask) - switch mode := fileInfo.Mode(); { case mode.IsDir(): - if err = os.MkdirAll(ctrDirOrFileOnHost, mode.Perm()); err != nil { + if err = umask.MkdirAllIgnoreUmask(ctrDirOrFileOnHost, mode.Perm()); err != nil { return nil, fmt.Errorf("making container directory: %w", err) } data, err := getHostSubscriptionData(hostDirOrFile, mode.Perm()) @@ -266,10 +268,11 @@ func addSubscriptionsFromMountsFile(filePath, mountLabel, containerRunDir string return nil, err } for _, s := range data { - if err := os.MkdirAll(filepath.Dir(ctrDirOrFileOnHost), s.dirMode); err != nil { - return nil, err + dir := filepath.Dir(ctrDirOrFileOnHost) + if err := umask.MkdirAllIgnoreUmask(dir, s.dirMode); err != nil { + return nil, fmt.Errorf("create container dir: %w", err) } - if err := os.WriteFile(ctrDirOrFileOnHost, s.data, s.mode); err != nil { + if err := umask.WriteFileIgnoreUmask(ctrDirOrFileOnHost, s.data, s.mode); err != nil { return nil, fmt.Errorf("saving data to container filesystem: %w", err) } } diff --git a/vendor/github.com/containers/common/pkg/sysinfo/numcpu.go b/vendor/github.com/containers/common/pkg/sysinfo/numcpu.go index d9d8cfb3e54..b63b9cfbb2d 100644 --- a/vendor/github.com/containers/common/pkg/sysinfo/numcpu.go +++ b/vendor/github.com/containers/common/pkg/sysinfo/numcpu.go @@ -1,13 +1,13 @@ -//go:build !linux && !windows -// +build !linux,!windows - package sysinfo -import ( - "runtime" -) +import "runtime" -// NumCPU returns the number of CPUs +// NumCPU returns the number of CPUs. On Linux and Windows, it returns +// the number of CPUs which are currently online. On other platforms, +// it returns [runtime.NumCPU]. func NumCPU() int { + if ncpu := numCPU(); ncpu > 0 { + return ncpu + } return runtime.NumCPU() } diff --git a/vendor/github.com/containers/common/pkg/sysinfo/numcpu_linux.go b/vendor/github.com/containers/common/pkg/sysinfo/numcpu_linux.go index 0adf5835855..c10d69c79c2 100644 --- a/vendor/github.com/containers/common/pkg/sysinfo/numcpu_linux.go +++ b/vendor/github.com/containers/common/pkg/sysinfo/numcpu_linux.go @@ -3,12 +3,7 @@ package sysinfo -import ( - "runtime" - "unsafe" - - "golang.org/x/sys/unix" -) +import "golang.org/x/sys/unix" // numCPU queries the system for the count of threads available // for use to this process. @@ -17,28 +12,12 @@ import ( // Returns 0 on errors. Use |runtime.NumCPU| in that case. func numCPU() int { // Gets the affinity mask for a process: The very one invoking this function. - pid, _, _ := unix.RawSyscall(unix.SYS_GETPID, 0, 0, 0) + pid := unix.Getpid() - var mask [1024 / 64]uintptr - _, _, err := unix.RawSyscall(unix.SYS_SCHED_GETAFFINITY, pid, uintptr(len(mask)*8), uintptr(unsafe.Pointer(&mask[0]))) - if err != 0 { + var mask unix.CPUSet + err := unix.SchedGetaffinity(pid, &mask) + if err != nil { return 0 } - // For every available thread a bit is set in the mask. - ncpu := 0 - for _, e := range mask { - if e == 0 { - continue - } - ncpu += int(popcnt(uint64(e))) - } - return ncpu -} - -// NumCPU returns the number of CPUs which are currently online -func NumCPU() int { - if ncpu := numCPU(); ncpu > 0 { - return ncpu - } - return runtime.NumCPU() + return mask.Count() } diff --git a/vendor/github.com/containers/common/pkg/sysinfo/numcpu_other.go b/vendor/github.com/containers/common/pkg/sysinfo/numcpu_other.go new file mode 100644 index 00000000000..26c543c4a2c --- /dev/null +++ b/vendor/github.com/containers/common/pkg/sysinfo/numcpu_other.go @@ -0,0 +1,10 @@ +//go:build !linux && !windows +// +build !linux,!windows + +package sysinfo + +import "runtime" + +func numCPU() int { + return runtime.NumCPU() +} diff --git a/vendor/github.com/containers/common/pkg/sysinfo/numcpu_windows.go b/vendor/github.com/containers/common/pkg/sysinfo/numcpu_windows.go index 94160ad5790..9f354eb10f8 100644 --- a/vendor/github.com/containers/common/pkg/sysinfo/numcpu_windows.go +++ b/vendor/github.com/containers/common/pkg/sysinfo/numcpu_windows.go @@ -4,7 +4,6 @@ package sysinfo import ( - "runtime" "unsafe" "golang.org/x/sys/windows" @@ -28,11 +27,3 @@ func numCPU() int { ncpu := int(popcnt(uint64(mask))) return ncpu } - -// NumCPU returns the number of CPUs which are currently online -func NumCPU() int { - if ncpu := numCPU(); ncpu > 0 { - return ncpu - } - return runtime.NumCPU() -} diff --git a/vendor/github.com/containers/common/pkg/umask/umask.go b/vendor/github.com/containers/common/pkg/umask/umask.go new file mode 100644 index 00000000000..93f1d2b3c02 --- /dev/null +++ b/vendor/github.com/containers/common/pkg/umask/umask.go @@ -0,0 +1,58 @@ +package umask + +import ( + "fmt" + "os" + "path/filepath" +) + +// MkdirAllIgnoreUmask creates a directory by ignoring the currently set umask. +func MkdirAllIgnoreUmask(dir string, mode os.FileMode) error { + parent := dir + dirs := []string{} + + // Find all parent directories which would have been created by MkdirAll + for { + if _, err := os.Stat(parent); err == nil { + break + } else if !os.IsNotExist(err) { + return fmt.Errorf("cannot stat %s: %w", dir, err) + } + + dirs = append(dirs, parent) + newParent := filepath.Dir(parent) + + // Only possible if the root paths are not existing, which would be odd + if parent == newParent { + break + } + + parent = newParent + } + + if err := os.MkdirAll(dir, mode); err != nil { + return fmt.Errorf("create directory %s: %w", dir, err) + } + + for _, d := range dirs { + if err := os.Chmod(d, mode); err != nil { + return fmt.Errorf("chmod directory %s: %w", d, err) + } + } + + return nil +} + +// WriteFileIgnoreUmask write the provided data to the path by ignoring the +// currently set umask. +func WriteFileIgnoreUmask(path string, data []byte, mode os.FileMode) error { + if err := os.WriteFile(path, data, mode); err != nil { + return fmt.Errorf("write file: %w", err) + } + + if err := os.Chmod(path, mode); err != nil { + return fmt.Errorf("chmod file: %w", err) + } + + return nil +} diff --git a/vendor/github.com/containers/common/version/version.go b/vendor/github.com/containers/common/version/version.go index 052e49e6f5c..8bd54871c09 100644 --- a/vendor/github.com/containers/common/version/version.go +++ b/vendor/github.com/containers/common/version/version.go @@ -1,4 +1,4 @@ package version // Version is the version of the build. -const Version = "0.52.0" +const Version = "0.53.0" diff --git a/vendor/modules.txt b/vendor/modules.txt index b122eefa3d5..a601c65a027 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -244,7 +244,7 @@ github.com/containers/buildah/pkg/rusage github.com/containers/buildah/pkg/sshagent github.com/containers/buildah/pkg/util github.com/containers/buildah/util -# github.com/containers/common v0.52.0 +# github.com/containers/common v0.53.0 ## explicit; go 1.18 github.com/containers/common/libimage github.com/containers/common/libimage/define @@ -543,7 +543,7 @@ github.com/docker/distribution/reference github.com/docker/distribution/registry/api/errcode github.com/docker/distribution/registry/api/v2 github.com/docker/distribution/registry/client/auth/challenge -# github.com/docker/docker v23.0.3+incompatible +# github.com/docker/docker v23.0.4+incompatible ## explicit github.com/docker/docker/api github.com/docker/docker/api/types