[#137] FreeBSD support

Now that containerd supports FreeBSD, we can port nerdctl, too!
:rocket:. For full-fledged functionality, we will need to port

* buildkit. Status: POC is ready, need to upstream fixes to
  dependencies.
* runtime + containerd shim. runj/knast should work just fine.
* CNI bridge plugin for networking.

This change fixes FreeBSD compilation errors by renaming linux files
to unix where necessary, or otherwise introducing FreeBSD versions for
the necessary files.

Signed-off-by: Artem Khramov <akhramov@pm.me>

.github/workflows/test.yml

@@ -161,3 +161,20 @@ jobs:
         command: ssh default -- "CONTAINERD_SNAPSHOTTER=fuse-overlayfs /vagrant/nerdctl.test -test.v -test.kill-daemon"
     - name: "Uninstall rootless containerd"
       run: ssh default -- containerd-rootless-setuptool.sh uninstall
+
+  test-unit-freebsd-amd64:
+    runs-on: macos-latest
+
+    strategy:
+      matrix:
+        box:
+          - fbsd_13_0
+
+    steps:
+      - uses: actions/checkout@v2
+      - name: Set up vagrant
+        run: |
+          ln -sf hack/Vagrantfile Vagrantfile
+          vagrant up ${{ matrix.box }}
+      - name: "Run unit tests"
+        run: vagrant ssh ${{ matrix.box }} -- "cd /vagrant; go test -v ./pkg/..."

Makefile

@@ -82,9 +82,11 @@ artifacts: clean
 
 	GOOS=windows GOARCH=amd64     make -C $(CURDIR) binaries
 	tar $(TAR_FLAGS) -czvf $(CURDIR)/_output/nerdctl-$(VERSION_TRIMMED)-windows-amd64.tar.gz _output/nerdctl.exe
-
 	rm -f $(CURDIR)/_output/nerdctl $(CURDIR)/_output/nerdctl.exe
 
+	GOOS=freebsd GOARCH=amd64       make -C $(CURDIR)  binaries
+	tar $(TAR_FLAGS) -czvf $(CURDIR)/_output/nerdctl-$(VERSION_TRIMMED)-freebsd-amd64.tar.gz   _output/nerdctl extras/rootless/*
+
 	$(call make_artifact_full_linux,amd64)
 	$(call make_artifact_full_linux,arm64)
 

cmd/nerdctl/client_linux.go → cmd/nerdctl/client_unix.go

@@ -1,3 +1,6 @@
+//go:build freebsd || linux
+// +build freebsd linux
+
 /*
    Copyright The containerd Authors.
 

cmd/nerdctl/exec_freebsd.go

@@ -0,0 +1,29 @@
+//go:build freebsd
+// +build freebsd
+
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package main
+
+import (
+	"github.com/opencontainers/runtime-spec/specs-go"
+)
+
+func setExecCapabilities(pspec *specs.Process) error {
+	//no op freebsd
+	return nil
+}

cmd/nerdctl/login_linux.go → cmd/nerdctl/login_unix.go

@@ -1,3 +1,6 @@
+//go:build freebsd || linux
+// +build freebsd linux
+
 /*
    Copyright The containerd Authors.
 

cmd/nerdctl/main_freebsd.go

@@ -0,0 +1,32 @@
+//go:build freebsd
+// +build freebsd
+
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package main
+
+import (
+	"github.com/urfave/cli/v2"
+)
+
+func appNeedsRootlessParentMain(clicontext *cli.Context) bool {
+	return false
+}
+
+func appBashComplete(clicontext *cli.Context) {
+	return
+}

cmd/nerdctl/main_linux.go

@@ -20,10 +20,8 @@ import (
 	"fmt"
 
 	ncdefaults "github.com/containerd/nerdctl/pkg/defaults"
-	"github.com/containerd/nerdctl/pkg/infoutil"
 
 	"github.com/containerd/nerdctl/pkg/rootlessutil"
-	"github.com/sirupsen/logrus"
 	"github.com/urfave/cli/v2"
 )
 
@@ -64,45 +62,3 @@ func appBashComplete(clicontext *cli.Context) {
 		fmt.Fprintln(clicontext.App.Writer, subcomm.Name)
 	}
 }
-
-func bashCompleteNamespaceNames(clicontext *cli.Context) {
-	if rootlessutil.IsRootlessParent() {
-		_ = rootlessutil.ParentMain()
-		return
-	}
-
-	client, ctx, cancel, err := newClient(clicontext)
-	if err != nil {
-		return
-	}
-	defer cancel()
-	nsService := client.NamespaceService()
-	nsList, err := nsService.List(ctx)
-	if err != nil {
-		logrus.Warn(err)
-		return
-	}
-	for _, ns := range nsList {
-		fmt.Fprintln(clicontext.App.Writer, ns)
-	}
-}
-
-func bashCompleteSnapshotterNames(clicontext *cli.Context) {
-	if rootlessutil.IsRootlessParent() {
-		_ = rootlessutil.ParentMain()
-		return
-	}
-
-	client, ctx, cancel, err := newClient(clicontext)
-	if err != nil {
-		return
-	}
-	defer cancel()
-	snapshotterPlugins, err := infoutil.GetSnapshotterNames(ctx, client.IntrospectionService())
-	if err != nil {
-		return
-	}
-	for _, name := range snapshotterPlugins {
-		fmt.Fprintln(clicontext.App.Writer, name)
-	}
-}

cmd/nerdctl/main_unix.go

@@ -0,0 +1,72 @@
+//go:build freebsd || linux
+// +build freebsd linux
+
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package main
+
+import (
+	"fmt"
+
+	"github.com/containerd/nerdctl/pkg/infoutil"
+
+	"github.com/containerd/nerdctl/pkg/rootlessutil"
+	"github.com/sirupsen/logrus"
+	"github.com/urfave/cli/v2"
+)
+
+func bashCompleteNamespaceNames(clicontext *cli.Context) {
+	if rootlessutil.IsRootlessParent() {
+		_ = rootlessutil.ParentMain()
+		return
+	}
+
+	client, ctx, cancel, err := newClient(clicontext)
+	if err != nil {
+		return
+	}
+	defer cancel()
+	nsService := client.NamespaceService()
+	nsList, err := nsService.List(ctx)
+	if err != nil {
+		logrus.Warn(err)
+		return
+	}
+	for _, ns := range nsList {
+		fmt.Fprintln(clicontext.App.Writer, ns)
+	}
+}
+
+func bashCompleteSnapshotterNames(clicontext *cli.Context) {
+	if rootlessutil.IsRootlessParent() {
+		_ = rootlessutil.ParentMain()
+		return
+	}
+
+	client, ctx, cancel, err := newClient(clicontext)
+	if err != nil {
+		return
+	}
+	defer cancel()
+	snapshotterPlugins, err := infoutil.GetSnapshotterNames(ctx, client.IntrospectionService())
+	if err != nil {
+		return
+	}
+	for _, name := range snapshotterPlugins {
+		fmt.Fprintln(clicontext.App.Writer, name)
+	}
+}

cmd/nerdctl/run.go

@@ -25,6 +25,7 @@ import (
 	"os"
 	"path"
 	"path/filepath"
+	"runtime"
 	"strings"
 
 	"github.com/containerd/console"
@@ -319,12 +320,16 @@ func runAction(clicontext *cli.Context) error {
 	opts = append(opts,
 		oci.WithDefaultSpec(),
 		oci.WithDefaultUnixDevices,
-		oci.WithMounts([]specs.Mount{
-			{Type: "cgroup", Source: "cgroup", Destination: "/sys/fs/cgroup", Options: []string{"ro", "nosuid", "noexec", "nodev"}},
-		}),
 		WithoutRunMount(), // unmount default tmpfs on "/run": https://github.com/containerd/nerdctl/issues/157
 	)
 
+	if runtime.GOOS == "linux" {
+		opts = append(opts,
+			oci.WithMounts([]specs.Mount{
+				{Type: "cgroup", Source: "cgroup", Destination: "/sys/fs/cgroup", Options: []string{"ro", "nosuid", "noexec", "nodev"}},
+			}))
+	}
+
 	rootfsOpts, rootfsCOpts, ensuredImage, err := generateRootfsOpts(ctx, client, clicontext, id)
 	if err != nil {
 		return err
@@ -757,7 +762,7 @@ func withCustomHosts(src string) func(context.Context, oci.Client, *containers.C
 }
 
 func generateLogURI(dataStore string) (*url.URL, error) {
-	selfExe, err := os.Readlink("/proc/self/exe")
+	selfExe, err := executablePath()
 	if err != nil {
 		return nil, err
 	}

cmd/nerdctl/run_cgroup_freebsd.go

@@ -0,0 +1,29 @@
+//go:build freebsd
+// +build freebsd
+
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package main
+
+import (
+	"github.com/containerd/containerd/oci"
+	"github.com/urfave/cli/v2"
+)
+
+func generateCgroupOpts(clicontext *cli.Context, id string) ([]oci.SpecOpts, error) {
+	return []oci.SpecOpts{}, nil
+}

cmd/nerdctl/run_freebsd.go

@@ -0,0 +1,74 @@
+//go:build freebsd
+// +build freebsd
+
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package main
+
+import (
+	"context"
+	"fmt"
+	"os"
+	"path/filepath"
+
+	"github.com/containerd/containerd/containers"
+	"github.com/containerd/containerd/oci"
+	"github.com/urfave/cli/v2"
+)
+
+func runBashComplete(clicontext *cli.Context) {
+	coco := parseCompletionContext(clicontext)
+	if coco.boring {
+		defaultBashComplete(clicontext)
+		return
+	}
+	if coco.flagTakesValue {
+		w := clicontext.App.Writer
+		switch coco.flagName {
+		case "restart":
+			fmt.Fprintln(w, "always")
+			fmt.Fprintln(w, "no")
+			return
+		case "pull":
+			fmt.Fprintln(w, "always")
+			fmt.Fprintln(w, "missing")
+			fmt.Fprintln(w, "never")
+			return
+		case "net", "network":
+			bashCompleteNetworkNames(clicontext, nil)
+			return
+		}
+		defaultBashComplete(clicontext)
+		return
+	}
+	// show image names, unless we have "--rootfs" flag
+	if clicontext.Bool("rootfs") {
+		defaultBashComplete(clicontext)
+		return
+	}
+	bashCompleteImageNames(clicontext)
+}
+
+func WithoutRunMount() func(ctx context.Context, client oci.Client, c *containers.Container, s *oci.Spec) error {
+	// not valid on freebsd
+	return func(_ context.Context, _ oci.Client, _ *containers.Container, s *oci.Spec) error { return nil }
+}
+
+// executablePath returns the absolute path to the current binary
+func executablePath() (string, error) {
+	return filepath.Abs(os.Args[0])
+}

cmd/nerdctl/run_linux.go

@@ -19,6 +19,7 @@ package main
 import (
 	"context"
 	"fmt"
+	"os"
 	"strings"
 
 	"github.com/containerd/containerd/containers"
@@ -80,3 +81,7 @@ func runBashComplete(clicontext *cli.Context) {
 	}
 	bashCompleteImageNames(clicontext)
 }
+
+func executablePath() (string, error) {
+	return os.Readlink("/proc/self/exe")
+}