Merge pull request #9327 from mheon/30_final

Bump to v3.0 Final

Author: openshift-merge-robot

RELEASE_NOTES.md

@@ -112,6 +112,10 @@
 - Fixed a bug where failures during the resizing of a container's TTY would print the wrong error.
 - Fixed a bug where the `podman network disconnect` command could cause the `podman inspect` command to fail for a container until it was restarted ([#9234](https://github.com/containers/podman/issues/9234)).
 - Fixed a bug where containers created from a read-only rootfs (using the `--rootfs` option to `podman create` and `podman run`) would fail ([#9230](https://github.com/containers/podman/issues/9230)).
+- Fixed a bug where specifying Go templates to the `--format` option to multiple Podman commands did not support the `join` function ([#8773](https://github.com/containers/podman/issues/8773)).
+- Fixed a bug where the `podman rmi` command could, when run in parallel on multiple images, return `layer not known` errors ([#6510](https://github.com/containers/podman/issues/6510)).
+- Fixed a bug where the `podman inspect` command on containers displayed unlimited ulimits incorrectly ([#9303](https://github.com/containers/podman/issues/9303)).
+- Fixed a bug where Podman would fail to start when a volume was mounted over a directory in a container that contained symlinks that terminated outside the directory and its subdirectories ([#6003](https://github.com/containers/podman/issues/6003)).
 
 ### API
 - Libpod API version has been bumped to v3.0.0.
@@ -134,10 +138,12 @@
 - Fixed a bug where the Compat Load API for Images did not properly clean up temporary files.
 - Fixed a bug where the Compat Create API for Networks could panic when an empty IPAM configuration was specified.
 - Fixed a bug where the Compat Inspect and List APIs for Networks did not include Scope.
+- Fixed a bug where the Compat Wait endpoint for Containers did not support the same wait conditions that Docker did.
 
 ### Misc
 - Updated Buildah to v1.19.2
 - Updated the containers/storage library to v1.24.5
+- Updated the containers/image library to v5.10.2
 - Updated the containers/common library to v0.33.4
 
 ## v2.2.1

changelog.txt

@@ -1,3 +1,95 @@
+- Changelog for v3.0.0 (2021-02-11):
+  * Update release notes for v3.0 final
+  * Rewrite copy-up to use buildah Copier
+  * Display correct value for unlimited ulimit
+  * make `podman rmi` more robust
+  * Allow path completion for podman create/run --rootfs
+  * vendor github.com/containers/image v5.10.2
+  * Add default template functions
+  * Fix per review request
+  * Increase timeouts in some tests
+  * Add test for Docker APIv2 wait
+  * Implement Docker wait conditions
+  * Improve ContainerEngine.ContainerWait()
+  * Improve container libpod.Wait*() functions
+  * [NO TESTS NEEDED] style: indendation
+  * [NO TESTS NEEDED] fixup: remove debug code
+  * [NO TESTS NEEDED] Generated files
+  * Cleanup bindings for image pull
+  * [NO TESTS NEEDED] Improve generator
+  * Fix invalid wait condition on kill
+  * Switch podman image push handlers to use abi
+  * podman-remote ps --external --pod --sort do not work.
+  * Fix --arch and --os flags to work correctly
+  * Switch podman stop/kill/wait handlers to use abi
+  * Fix handling of container remove
+  * Bump to v3.0.0-dev
+  * Bump to v3.0.0-RC3
+  * Further release notes for v3.0
+  * Bump remote API version to 3.0.0
+  * fix logic when not creating a workdir
+  * play kube selinux test case
+  * play kube selinux test case
+  * play kube selinux label test case
+  * play kube selinux label issue
+  * Fix podman network disconnect wrong NetworkStatus number
+  * Bump to v0.33.4
+  * Bump github.com/containernetworking/cni from 0.8.0 to 0.8.1
+  * Update release notes for v3.0.0-RC3
+  * generate kube: handle entrypoint
+  * Allow pods to use --net=none
+  * Report StatusConflict on Pod opt partial failures
+  * bindings: attach: warn correct error
+  * Make slirp MTU configurable (network_cmd_options)
+  * Fix podman generate systemd --new special char handling
+  * Fix --network parsing for podman pod create
+  * Endpoint that lists containers does not return correct Status value
+  * Docker ignores mount flags that begin with constency
+  * podman generate kube ignores --network=host
+  * Honor custom DNS in play|generate kube
+  * Don't fail if one of the cgroups is not setup
+  * Fix #9100 Change console mode message to debug
+  * Update release notes from master
+  * libpod: move slirp magic IPs to consts
+  * rootlessport: set source IP to slirp4netns device
+  * Bump rootless-containers/rootlesskit to v0.12.0
+  * Gating tests: diff test: workaround for RHEL8 failure
+  * Bump to containers/common v0.33.3
+  * add macvlan as a supported network driver
+  * podman build --pull: refine help message and docs
+  * Cirrus: Build static podman-remote
+  * Fix static build cache by using cachix
+  * Cirrus: Fix running Validate task on branches
+  * Bump to v3.0.0-dev
+  * Bump to v3.0.0-RC2
+  * Cirrus: add bindings checks
+  * make bindings generation explicit
+  * make bindings generation more robuts
+  * simplify bindings generation
+  * make: generate bindings: use vendor
+  * Make generate systemd --new robust against double curly braces
+  * Ensure shutdown handler access is syncronized
+  * workdir presence checks
+  * libpod: add (*Container).ResolvePath()
+  * Add default net info in container inspect
+  * Fix podman history --no-trunc for the CREATED BY field
+  * Ensure the Volumes field in Compat Create is honored
+  * remote exec: write conmon error on hijacked connection
+  * Add support for rootless network-aliases
+  * Allow static ip and mac with rootless cni network
+  * [CI:DOCS]Correct static API html path
+  * disable dnsname when --internal
+  * Use random network names in the e2e tests
+  * [v3.0] fix RHEL gating test: the /sys thing
+  * Bump golang.org/x/crypto v3.0
+  * Set log driver for compatability containers
+  * [CI:DOCS] Cirrus: Skip smoke task on branch-push
+  * [CI:DOCS]Do not run compose tests with CI:DOCS
+  * Add binding options for container|pod exists
+  * runner.sh : deal with bash 'set -e'
+  * [CI:DOCS]Add readthedoc link for 3.0 docs
+  * [CI:DOCS]Add static HTML for api docs for v3.0
+
 - Changelog for v3.0.0-rc1 (2021-01-17):
   * Create release notes for V3.0.0
   * Rename AutocompletePortCommand func

cmd/podman/common/completion.go

@@ -426,6 +426,12 @@ func AutocompleteCreateRun(cmd *cobra.Command, args []string, toComplete string)
 		return nil, cobra.ShellCompDirectiveNoFileComp
 	}
 	if len(args) < 1 {
+		// check if the rootfs flag is set
+		// if it is set to true provide directory completion
+		rootfs, err := cmd.Flags().GetBool("rootfs")
+		if err == nil && rootfs {
+			return nil, cobra.ShellCompDirectiveFilterDirs
+		}
 		return getImages(cmd, toComplete)
 	}
 	// TODO: add path completion for files in the image

contrib/spec/podman.spec.in

@@ -42,7 +42,7 @@ Epoch: 99
 %else
 Epoch: 0
 %endif
-Version: 3.0.0
+Version: 3.0.1
 Release: #COMMITDATE#.git%{shortcommit0}%{?dist}
 Summary: Manage Pods, Containers and Container Images
 License: ASL 2.0

libpod/container_inspect.go

@@ -864,8 +864,8 @@ func (c *Container) generateInspectContainerHostConfig(ctrSpec *spec.Spec, named
 		for _, limit := range ctrSpec.Process.Rlimits {
 			newLimit := define.InspectUlimit{}
 			newLimit.Name = limit.Type
-			newLimit.Soft = limit.Soft
-			newLimit.Hard = limit.Hard
+			newLimit.Soft = int64(limit.Soft)
+			newLimit.Hard = int64(limit.Hard)
 			hostConfig.Ulimits = append(hostConfig.Ulimits, newLimit)
 		}
 	}

libpod/container_internal.go

@@ -13,6 +13,7 @@ import (
 	"strings"
 	"time"
 
+	"github.com/containers/buildah/copier"
 	"github.com/containers/podman/v2/libpod/define"
 	"github.com/containers/podman/v2/libpod/events"
 	"github.com/containers/podman/v2/pkg/cgroups"
@@ -1580,18 +1581,8 @@ func (c *Container) mountNamedVolume(v *ContainerNamedVolume, mountpoint string)
 			return nil, err
 		}
 
-		// HACK HACK HACK - copy up into a volume driver is 100% broken
-		// right now.
-		if vol.UsesVolumeDriver() {
-			logrus.Infof("Not copying up into volume %s as it uses a volume driver", vol.Name())
-			return vol, nil
-		}
-
 		// If the volume is not empty, we should not copy up.
-		volMount, err := vol.MountPoint()
-		if err != nil {
-			return nil, err
-		}
+		volMount := vol.mountPoint()
 		contents, err := ioutil.ReadDir(volMount)
 		if err != nil {
 			return nil, errors.Wrapf(err, "error listing contents of volume %s mountpoint when copying up from container %s", vol.Name(), c.ID())
@@ -1607,8 +1598,55 @@ func (c *Container) mountNamedVolume(v *ContainerNamedVolume, mountpoint string)
 		if err != nil {
 			return nil, errors.Wrapf(err, "error calculating destination path to copy up container %s volume %s", c.ID(), vol.Name())
 		}
-		if err := c.copyWithTarFromImage(srcDir, volMount); err != nil && !os.IsNotExist(err) {
-			return nil, errors.Wrapf(err, "error copying content from container %s into volume %s", c.ID(), vol.Name())
+		// Do a manual stat on the source directory to verify existence.
+		// Skip the rest if it exists.
+		// TODO: Should this be stat or lstat? I'm using lstat because I
+		// think copy-up doesn't happen when the source is a link.
+		srcStat, err := os.Lstat(srcDir)
+		if err != nil {
+			if os.IsNotExist(err) {
+				// Source does not exist, don't bother copying
+				// up.
+				return vol, nil
+			}
+			return nil, errors.Wrapf(err, "error identifying source directory for copy up into volume %s", vol.Name())
+		}
+		// If it's not a directory we're mounting over it.
+		if !srcStat.IsDir() {
+			return vol, nil
+		}
+
+		// Buildah Copier accepts a reader, so we'll need a pipe.
+		reader, writer := io.Pipe()
+		defer reader.Close()
+
+		errChan := make(chan error, 1)
+
+		logrus.Infof("About to copy up into volume %s", vol.Name())
+
+		// Copy, container side: get a tar archive of what needs to be
+		// streamed into the volume.
+		go func() {
+			defer writer.Close()
+			getOptions := copier.GetOptions{
+				KeepDirectoryNames: false,
+			}
+			errChan <- copier.Get(mountpoint, "", getOptions, []string{v.Dest + "/."}, writer)
+		}()
+
+		// Copy, volume side: stream what we've written to the pipe, into
+		// the volume.
+		copyOpts := copier.PutOptions{}
+		if err := copier.Put(volMount, "", copyOpts, reader); err != nil {
+			err2 := <-errChan
+			if err2 != nil {
+				logrus.Errorf("Error streaming contents of container %s directory for volume copy-up: %v", c.ID(), err2)
+			}
+			return nil, errors.Wrapf(err, "error copying up to volume %s", vol.Name())
+		}
+
+		if err := <-errChan; err != nil {
+			return nil, errors.Wrapf(err, "error streaming container content for copy up into volume %s", vol.Name())
 		}
 	}
 	return vol, nil
@@ -2058,17 +2096,6 @@ func (c *Container) unmount(force bool) error {
 	return nil
 }
 
-// this should be from chrootarchive.
-// Container MUST be mounted before calling.
-func (c *Container) copyWithTarFromImage(source, dest string) error {
-	mappings := idtools.NewIDMappingsFromMaps(c.config.IDMappings.UIDMap, c.config.IDMappings.GIDMap)
-	a := archive.NewArchiver(mappings)
-	if err := c.copyOwnerAndPerms(source, dest); err != nil {
-		return err
-	}
-	return a.CopyWithTar(source, dest)
-}
-
 // checkReadyForRemoval checks whether the given container is ready to be
 // removed.
 // These checks are only used if force-remove is not specified.

libpod/container_internal_linux.go

@@ -2261,23 +2261,6 @@ func (c *Container) generatePasswdAndGroup() (string, string, error) {
 	return passwdPath, groupPath, nil
 }
 
-func (c *Container) copyOwnerAndPerms(source, dest string) error {
-	info, err := os.Stat(source)
-	if err != nil {
-		if os.IsNotExist(err) {
-			return nil
-		}
-		return err
-	}
-	if err := os.Chmod(dest, info.Mode()); err != nil {
-		return err
-	}
-	if err := os.Chown(dest, int(info.Sys().(*syscall.Stat_t).Uid), int(info.Sys().(*syscall.Stat_t).Gid)); err != nil {
-		return err
-	}
-	return nil
-}
-
 // Get cgroup path in a format suitable for the OCI spec
 func (c *Container) getOCICgroupPath() (string, error) {
 	unified, err := cgroups.IsCgroup2UnifiedMode()

libpod/define/container_inspect.go

@@ -120,9 +120,9 @@ type InspectUlimit struct {
 	// Name is the name (type) of the ulimit.
 	Name string `json:"Name"`
 	// Soft is the soft limit that will be applied.
-	Soft uint64 `json:"Soft"`
+	Soft int64 `json:"Soft"`
 	// Hard is the hard limit that will be applied.
-	Hard uint64 `json:"Hard"`
+	Hard int64 `json:"Hard"`
 }
 
 // InspectDevice is a single device that will be mounted into the container.

libpod/volume.go

@@ -130,11 +130,18 @@ func (v *Volume) MountPoint() (string, error) {
 		if err := v.update(); err != nil {
 			return "", err
 		}
+	}
+
+	return v.mountPoint(), nil
+}
 
-		return v.state.MountPoint, nil
+// Internal-only helper for volume mountpoint
+func (v *Volume) mountPoint() string {
+	if v.UsesVolumeDriver() {
+		return v.state.MountPoint
 	}
 
-	return v.config.MountPoint, nil
+	return v.config.MountPoint
 }
 
 // Options return the volume's options

pkg/domain/infra/abi/images.go

@@ -580,12 +580,21 @@ func (ir *ImageEngine) Remove(ctx context.Context, images []string, opts entitie
 	// without having to pass all local data around.
 	deleteImage := func(img *image.Image) error {
 		results, err := ir.Libpod.RemoveImage(ctx, img, opts.Force)
-		if err != nil {
+		switch errors.Cause(err) {
+		case nil:
+			// Removal worked, so let's report it.
+			report.Deleted = append(report.Deleted, results.Deleted)
+			report.Untagged = append(report.Untagged, results.Untagged...)
+			return nil
+		case storage.ErrImageUnknown:
+			// The image must have been removed already (see #6510).
+			report.Deleted = append(report.Deleted, img.ID())
+			report.Untagged = append(report.Untagged, img.ID())
+			return nil
+		default:
+			// Fatal error.
 			return err
 		}
-		report.Deleted = append(report.Deleted, results.Deleted)
-		report.Untagged = append(report.Untagged, results.Untagged...)
-		return nil
 	}
 
 	// Delete all images from the local storage.