Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package rootlesskit for openSUSE:Factory
checked in at 2024-07-18 19:15:22
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/rootlesskit (Old)
and /work/SRC/openSUSE:Factory/.rootlesskit.new.17339 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rootlesskit"
Thu Jul 18 19:15:22 2024 rev:10 rq:1188119 version:2.2.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/rootlesskit/rootlesskit.changes 2024-06-11
18:27:23.768714509 +0200
+++ /work/SRC/openSUSE:Factory/.rootlesskit.new.17339/rootlesskit.changes
2024-07-18 19:15:29.085074277 +0200
@@ -1,0 +2,20 @@
+Wed Jul 17 05:36:39 UTC 2024 - danish.prak...@suse.com
+
+- Update to version 2.2.0:
+ * v2.2.0
+ * go.mod: update
+ * CI: update dependencies
+ * Build(deps): Bump github.com/gofrs/flock from 0.8.1 to 0.12.0
+ * Add reexec branch for socket activation to correct LISTEN_PID
+ * Build(deps): Bump golang.org/x/sys from 0.21.0 to 0.22.0
+ * Build(deps): Bump github.com/containernetworking/plugins
+ * Build(deps): Bump golang.org/x/sys from 0.20.0 to 0.21.0
+ * Build(deps): Bump github.com/containernetworking/plugins
+ * pkg/network/slirp4netns: advertise IPv6 nameserver when it's enabled
+ * pkg/network: allow network drivers to advertise multiple nameservers
+ * CI: update slirp4netns to v1.3.1
+ * Build(deps): Bump golang.org/x/sys from 0.19.0 to 0.20.0
+ * Build(deps): Bump github.com/urfave/cli/v2 from 2.27.1 to 2.27.2
+ * v2.1.0+dev
+
+-------------------------------------------------------------------
Old:
----
rootlesskit-2.1.0.tar.gz
New:
----
rootlesskit-2.2.0.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ rootlesskit.spec ++++++
--- /var/tmp/diff_new_pack.ch7osK/_old 2024-07-18 19:15:30.341124031 +0200
+++ /var/tmp/diff_new_pack.ch7osK/_new 2024-07-18 19:15:30.341124031 +0200
@@ -17,7 +17,7 @@
Name: rootlesskit
-Version: 2.1.0
+Version: 2.2.0
Release: 0
Summary: Linux-native fakeroot using user namespaces
License: Apache-2.0
++++++ _service ++++++
--- /var/tmp/diff_new_pack.ch7osK/_old 2024-07-18 19:15:30.373125298 +0200
+++ /var/tmp/diff_new_pack.ch7osK/_new 2024-07-18 19:15:30.377125457 +0200
@@ -4,7 +4,7 @@
<param
name="url">https://github.com/rootless-containers/rootlesskit.git</param>
<param name="scm">git</param>
<param name="exclude">.git</param>
- <param name="revision">v2.1.0</param>
+ <param name="revision">v2.2.0</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="changesgenerate">enable</param>
<param name="versionrewrite-pattern">v(.*)</param>
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.ch7osK/_old 2024-07-18 19:15:30.401126408 +0200
+++ /var/tmp/diff_new_pack.ch7osK/_new 2024-07-18 19:15:30.405126566 +0200
@@ -1,6 +1,6 @@
<servicedata>
<service name="tar_scm">
<param
name="url">https://github.com/rootless-containers/rootlesskit.git</param>
- <param
name="changesrevision">da77c66a62412f8631fd9ce17653a3ee36802215</param></service></servicedata>
+ <param
name="changesrevision">17a2cd4db1a98072b0e3454577139ceee685622c</param></service></servicedata>
(No newline at EOF)
++++++ rootlesskit-2.1.0.tar.gz -> rootlesskit-2.2.0.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/rootlesskit-2.1.0/.github/workflows/main.yaml
new/rootlesskit-2.2.0/.github/workflows/main.yaml
--- old/rootlesskit-2.1.0/.github/workflows/main.yaml 2024-04-26
02:16:44.000000000 +0200
+++ new/rootlesskit-2.2.0/.github/workflows/main.yaml 2024-07-16
17:59:36.000000000 +0200
@@ -3,27 +3,38 @@
jobs:
test-unit:
name: "Unit test"
- runs-on: ubuntu-22.04
+ runs-on: ubuntu-24.04
steps:
- name: "Check out"
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
- name: "Build unit test image"
run: DOCKER_BUILDKIT=1 docker build -t rootlesskit:test-unit --target
test-unit .
- name: "Unit test"
run: docker run --rm --privileged rootlesskit:test-unit
test-cross:
name: "Cross compilation test"
- runs-on: ubuntu-22.04
+ runs-on: ubuntu-24.04
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
- name: "Build binaries"
run: DOCKER_BUILDKIT=1 docker build -o /tmp/artifact --target
cross-artifact .
test-integration:
name: "Integration test"
- runs-on: ubuntu-22.04
+ runs-on: ubuntu-24.04
steps:
+ - name: "Set up AppArmor"
+ run: |
+ cat <<EOT | sudo tee "/etc/apparmor.d/home.user.bin.rootlesskit"
+ abi <abi/4.0>,
+ include <tunables/global>
+
+ /home/user/bin/rootlesskit flags=(unconfined) {
+ userns,
+ }
+ EOT
+ sudo systemctl restart apparmor.service
- name: "Check out"
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
- name: "Build integration test image"
run: DOCKER_BUILDKIT=1 docker build -t rootlesskit:test-integration
--target test-integration .
- name: "Integration test: exit-code"
@@ -39,6 +50,8 @@
run: docker run --rm --net=host --privileged
rootlesskit:test-integration ./integration-port.sh
- name: "Integration test: IPv6 routing"
run: docker run --rm --privileged --sysctl
net.ipv6.conf.all.disable_ipv6=0 rootlesskit:test-integration
./integration-ipv6.sh
+ - name: "Integration test: systemd socket activation"
+ run: docker run --rm --net=none --privileged
rootlesskit:test-integration ./integration-systemd-socket.sh
- name: "Integration test: Network (network driver=slirp4netns)"
run: |
docker run --rm --privileged rootlesskit:test-integration
./integration-net.sh slirp4netns
@@ -172,10 +185,21 @@
test-integration-docker:
name: "Integration test (Docker)"
- runs-on: ubuntu-latest
+ runs-on: ubuntu-24.04
steps:
+ - name: "Set up AppArmor"
+ run: |
+ cat <<EOT | sudo tee "/etc/apparmor.d/home.user.bin.rootlesskit"
+ abi <abi/4.0>,
+ include <tunables/global>
+
+ /home/user/bin/rootlesskit flags=(unconfined) {
+ userns,
+ }
+ EOT
+ sudo systemctl restart apparmor.service
- name: "Check out"
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
- name: "Build integration test image"
run: DOCKER_BUILDKIT=1 docker build -t
rootlesskit:test-integration-docker --target test-integration-docker .
- name: "Create a custom network to avoid IP confusion"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/rootlesskit-2.1.0/.github/workflows/release.yaml
new/rootlesskit-2.2.0/.github/workflows/release.yaml
--- old/rootlesskit-2.1.0/.github/workflows/release.yaml 2024-04-26
02:16:44.000000000 +0200
+++ new/rootlesskit-2.2.0/.github/workflows/release.yaml 2024-07-16
17:59:36.000000000 +0200
@@ -18,7 +18,7 @@
release:
runs-on: ubuntu-22.04
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
- name: "Build binaries"
run: DOCKER_BUILDKIT=1 docker build -o /tmp/artifact --target
cross-artifact .
- name: "SHA256SUMS"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/rootlesskit-2.1.0/Dockerfile
new/rootlesskit-2.2.0/Dockerfile
--- old/rootlesskit-2.1.0/Dockerfile 2024-04-26 02:16:44.000000000 +0200
+++ new/rootlesskit-2.2.0/Dockerfile 2024-07-16 17:59:36.000000000 +0200
@@ -1,10 +1,10 @@
ARG GO_VERSION=1.22
-ARG UBUNTU_VERSION=22.04
-ARG SHADOW_VERSION=4.13
-ARG SLIRP4NETNS_VERSION=v1.2.0
+ARG UBUNTU_VERSION=24.04
+ARG SHADOW_VERSION=4.16.0
+ARG SLIRP4NETNS_VERSION=v1.3.1
ARG VPNKIT_VERSION=0.5.0
-ARG PASST_VERSION=2023_12_30.f091893
-ARG DOCKER_VERSION=25.0.2
+ARG PASST_VERSION=2024_06_24.1ee2eca
+ARG DOCKER_VERSION=27.0.3
ARG DOCKER_CHANNEL=stable
FROM golang:${GO_VERSION}-alpine AS build
@@ -35,7 +35,7 @@
# idmap runnable without --privileged (but still requires seccomp=unconfined
apparmor=unconfined)
FROM ubuntu:${UBUNTU_VERSION} AS idmap
ENV DEBIAN_FRONTEND=noninteractive
-RUN apt-get update && apt-get install -y automake autopoint bison gettext git
gcc libcap-dev libtool make
+RUN apt-get update && apt-get install -y automake autopoint bison gettext git
gcc libbsd-dev libcap-dev libtool make pkg-config
RUN git clone https://github.com/shadow-maint/shadow.git /shadow
WORKDIR /shadow
ARG SHADOW_VERSION
@@ -63,13 +63,15 @@
# sudo: only for lxc-user-nic benchmark and rootful veth benchmark (for
comparison)
# libcap2-bin and curl: used by the RUN instructions in this Dockerfile.
# bind9-dnsutils: for `nslookup` command used by integration-net.sh
-RUN apt-get update && apt-get install -y iproute2 liblxc-common lxc-utils
iperf3 busybox sudo libcap2-bin curl bind9-dnsutils
+# systemd and uuid-runtime: for systemd-socket-activate used by
integration-systemd-socket.sh
+# iptables: for Docker
+RUN apt-get update && apt-get install -y iproute2 liblxc-common lxc-utils
iperf3 busybox sudo libcap2-bin curl bind9-dnsutils systemd uuid-runtime
iptables
COPY --from=idmap /usr/bin/newuidmap /usr/bin/newuidmap
COPY --from=idmap /usr/bin/newgidmap /usr/bin/newgidmap
RUN /sbin/setcap cap_setuid+eip /usr/bin/newuidmap && \
/sbin/setcap cap_setgid+eip /usr/bin/newgidmap && \
- useradd --create-home --home-dir /home/user --uid 1000 user && \
- mkdir -p /run/user/1000 /etc/lxc && \
+ useradd --create-home --home-dir /home/user --uid 2000 user && \
+ mkdir -p /run/user/2000 /etc/lxc && \
echo "user veth lxcbr0 32" > /etc/lxc/lxc-usernet && \
echo "user ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/user
COPY --from=artifact /rootlesskit /home/user/bin/
@@ -80,11 +82,11 @@
COPY --from=vpnkit /vpnkit /home/user/bin/vpnkit
COPY --from=passt /usr/local /usr/local
ADD ./hack /home/user/hack
-RUN chown -R user:user /run/user/1000 /home/user
+RUN chown -R user:user /run/user/2000 /home/user
USER user
ENV HOME /home/user
ENV USER user
-ENV XDG_RUNTIME_DIR=/run/user/1000
+ENV XDG_RUNTIME_DIR=/run/user/2000
ENV PATH
/home/user/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
ENV LD_LIBRARY_PATH=/home/user/lib
WORKDIR /home/user/hack
@@ -98,7 +100,7 @@
chmod +x /home/user/bin/dockerd-rootless.sh
ENV DOCKERD_ROOTLESS_ROOTLESSKIT_NET=slirp4netns
ENV DOCKERD_ROOTLESS_ROOTLESSKIT_PORT_DRIVER=builtin
-ENV DOCKER_HOST=unix:///run/user/1000/docker.sock
+ENV DOCKER_HOST=unix:///run/user/2000/docker.sock
RUN mkdir -p /home/user/.local
VOLUME /home/user/.local
CMD ["dockerd-rootless.sh"]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/rootlesskit-2.1.0/cmd/rootlesskit/main.go
new/rootlesskit-2.2.0/cmd/rootlesskit/main.go
--- old/rootlesskit-2.1.0/cmd/rootlesskit/main.go 2024-04-26
02:16:44.000000000 +0200
+++ new/rootlesskit-2.2.0/cmd/rootlesskit/main.go 2024-07-16
17:59:36.000000000 +0200
@@ -8,12 +8,14 @@
"os/exec"
"path/filepath"
"strings"
+ "strconv"
"syscall"
"github.com/Masterminds/semver/v3"
"github.com/sirupsen/logrus"
"github.com/urfave/cli/v2"
+ "github.com/rootless-containers/rootlesskit/v2/pkg/systemd/activation"
"github.com/rootless-containers/rootlesskit/v2/pkg/child"
"github.com/rootless-containers/rootlesskit/v2/pkg/common"
"github.com/rootless-containers/rootlesskit/v2/pkg/copyup/tmpfssymlink"
@@ -29,17 +31,24 @@
"github.com/rootless-containers/rootlesskit/v2/pkg/version"
)
+
+const (
+ pipeFDEnvKey = "_ROOTLESSKIT_PIPEFD_UNDOCUMENTED"
+ childUseActivationEnvKey =
"_ROOTLESSKIT_SYSTEMD_ACTIVATION_CHILD_USE_UNDOCUMENTED"
+ runActivationHelperEnvKey =
"_ROOTLESSKIT_SYSTEMD_ACTIVATION_RUN_HELPER_UNDOCUMENTED"
+ stateDirEnvKey = "ROOTLESSKIT_STATE_DIR" // documented
+ parentEUIDEnvKey = "ROOTLESSKIT_PARENT_EUID" // documented
+ parentEGIDEnvKey = "ROOTLESSKIT_PARENT_EGID" // documented
+)
+
func main() {
- const (
- pipeFDEnvKey = "_ROOTLESSKIT_PIPEFD_UNDOCUMENTED"
- stateDirEnvKey = "ROOTLESSKIT_STATE_DIR" // documented
- parentEUIDEnvKey = "ROOTLESSKIT_PARENT_EUID" // documented
- parentEGIDEnvKey = "ROOTLESSKIT_PARENT_EGID" // documented
- )
+ iAmActivationHelper := checkActivationHelper()
iAmChild := os.Getenv(pipeFDEnvKey) != ""
id := "parent"
if iAmChild {
id = "child " // padded to len("parent")
+ } else if iAmActivationHelper {
+ id = "activation_helper"
}
debug := false
app := cli.NewApp()
@@ -252,15 +261,21 @@
if clicontext.NArg() < 1 {
return errors.New("no command specified")
}
+ if iAmActivationHelper {
+ activationOpt, err := createActivationOpts(clicontext)
+ if err != nil {
+ return err
+ }
+ return activation.ActivationHelper(activationOpt)
+ }
if iAmChild {
- childOpt, err := createChildOpt(clicontext,
pipeFDEnvKey, stateDirEnvKey, clicontext.Args().Slice())
+ childOpt, err := createChildOpt(clicontext)
if err != nil {
return err
}
return child.Child(childOpt)
}
- parentOpt, err := createParentOpt(clicontext, pipeFDEnvKey,
stateDirEnvKey,
- parentEUIDEnvKey, parentEGIDEnvKey)
+ parentOpt, err := createParentOpt(clicontext)
if err != nil {
return err
}
@@ -305,11 +320,12 @@
return ipnet, nil
}
-func createParentOpt(clicontext *cli.Context, pipeFDEnvKey, stateDirEnvKey,
parentEUIDEnvKey, parentEGIDEnvKey string) (parent.Opt, error) {
+func createParentOpt(clicontext *cli.Context) (parent.Opt, error) {
var err error
opt := parent.Opt{
PipeFDEnvKey: pipeFDEnvKey,
StateDirEnvKey: stateDirEnvKey,
+ ChildUseActivationEnvKey: childUseActivationEnvKey,
CreatePIDNS: clicontext.Bool("pidns"),
CreateCgroupNS: clicontext.Bool("cgroupns"),
CreateUTSNS: clicontext.Bool("utsns"),
@@ -575,13 +591,15 @@
return len(p), nil
}
-func createChildOpt(clicontext *cli.Context, pipeFDEnvKey, stateDirEnvKey
string, targetCmd []string) (child.Opt, error) {
+func createChildOpt(clicontext *cli.Context) (child.Opt, error) {
pidns := clicontext.Bool("pidns")
detachNetNS := clicontext.Bool("detach-netns")
opt := child.Opt{
PipeFDEnvKey: pipeFDEnvKey,
+ RunActivationHelperEnvKey: runActivationHelperEnvKey,
+ ChildUseActivationEnvKey: childUseActivationEnvKey,
StateDirEnvKey: stateDirEnvKey,
- TargetCmd: targetCmd,
+ TargetCmd: clicontext.Args().Slice(),
MountProcfs: pidns,
DetachNetNS: detachNetNS,
Propagation: clicontext.String("propagation"),
@@ -664,3 +682,23 @@
}
return machine
}
+
+func checkActivationHelper() bool {
+ envValue, envSet := os.LookupEnv(runActivationHelperEnvKey)
+ if !envSet {
+ return false
+ }
+ activationHelperValue, err := strconv.ParseBool(envValue)
+ if err != nil {
+ panic(fmt.Sprintf("Env variable [%s] is set to [%s] and cannot be
parsed", runActivationHelperEnvKey, envValue))
+ }
+ return activationHelperValue
+}
+
+func createActivationOpts(clicontext *cli.Context) (activation.Opt, error) {
+ opt := activation.Opt {
+ RunActivationHelperEnvKey: runActivationHelperEnvKey,
+ TargetCmd: clicontext.Args().Slice(),
+ }
+ return opt, nil
+}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/rootlesskit-2.1.0/go.mod new/rootlesskit-2.2.0/go.mod
--- old/rootlesskit-2.1.0/go.mod 2024-04-26 02:16:44.000000000 +0200
+++ new/rootlesskit-2.2.0/go.mod 2024-07-16 17:59:36.000000000 +0200
@@ -1,30 +1,29 @@
module github.com/rootless-containers/rootlesskit/v2
-go 1.19
+go 1.21.0
require (
github.com/Masterminds/semver/v3 v3.2.1
- github.com/containernetworking/plugins v1.4.1
- github.com/gofrs/flock v0.8.1
+ github.com/containernetworking/plugins v1.5.1
+ github.com/gofrs/flock v0.12.0
github.com/google/uuid v1.6.0
github.com/gorilla/mux v1.8.1
- github.com/insomniacslk/dhcp v0.0.0-20230516061539-49801966e6cb
+ github.com/insomniacslk/dhcp v0.0.0-20240710054256-ddd8a41251c9
github.com/moby/sys/mountinfo v0.7.1
github.com/moby/vpnkit v0.5.0
github.com/sirupsen/logrus v1.9.3
github.com/songgao/water v0.0.0-20200317203138-2b4b6d7c09d8
- github.com/urfave/cli/v2 v2.27.1
- golang.org/x/sys v0.19.0
+ github.com/urfave/cli/v2 v2.27.2
+ golang.org/x/sys v0.22.0
gotest.tools/v3 v3.5.1
)
require (
- github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect
+ github.com/cpuguy83/go-md2man/v2 v2.0.4 // indirect
github.com/google/go-cmp v0.6.0 // indirect
- github.com/josharian/native v1.1.0 // indirect
- github.com/pierrec/lz4/v4 v4.1.17 // indirect
+ github.com/pierrec/lz4/v4 v4.1.21 // indirect
github.com/russross/blackfriday/v2 v2.1.0 // indirect
- github.com/u-root/uio v0.0.0-20230305220412-3e8cd9d6bf63 // indirect
- github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673 // indirect
- golang.org/x/net v0.23.0 // indirect
+ github.com/u-root/uio v0.0.0-20240224005618-d2acac8f3701 // indirect
+ github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1 // indirect
+ golang.org/x/net v0.27.0 // indirect
)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/rootlesskit-2.1.0/go.sum new/rootlesskit-2.2.0/go.sum
--- old/rootlesskit-2.1.0/go.sum 2024-04-26 02:16:44.000000000 +0200
+++ new/rootlesskit-2.2.0/go.sum 2024-07-16 17:59:36.000000000 +0200
@@ -1,38 +1,40 @@
github.com/Masterminds/semver/v3 v3.2.1
h1:RN9w6+7QoMeJVGyfmbcgs28Br8cvmnucEXnY0rYXWg0=
github.com/Masterminds/semver/v3 v3.2.1/go.mod
h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ=
github.com/containernetworking/cni v1.1.2
h1:wtRGZVv7olUHMOqouPpn3cXJWpJgM6+EUl31EQbXALQ=
-github.com/containernetworking/plugins v1.4.1
h1:+sJRRv8PKhLkXIl6tH1D7RMi+CbbHutDGU+ErLBORWA=
-github.com/containernetworking/plugins v1.4.1/go.mod
h1:n6FFGKcaY4o2o5msgu/UImtoC+fpQXM3076VHfHbj60=
-github.com/cpuguy83/go-md2man/v2 v2.0.2
h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHHBfMQ6w=
-github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod
h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
+github.com/containernetworking/cni v1.1.2/go.mod
h1:sDpYKmGVENF3s6uvMvGgldDWeG8dMxakj/u+i9ht9vw=
+github.com/containernetworking/plugins v1.5.1
h1:T5ji+LPYjjgW0QM+KyrigZbLsZ8jaX+E5J/EcKOE4gQ=
+github.com/containernetworking/plugins v1.5.1/go.mod
h1:MIQfgMayGuHYs0XdNudf31cLLAC+i242hNm6KuDGqCM=
+github.com/cpuguy83/go-md2man/v2 v2.0.4
h1:wfIWP927BUkWJb2NmU/kNDYIBTh/ziUX91+lVfRxZq4=
+github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod
h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
github.com/davecgh/go-spew v1.1.0/go.mod
h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.1
h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
github.com/davecgh/go-spew v1.1.1/go.mod
h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ=
-github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572
h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI=
-github.com/gofrs/flock v0.8.1 h1:+gYjHKf32LDeiEEFhQaotPbLuUXjY5ZqxKgXy7n59aw=
-github.com/gofrs/flock v0.8.1/go.mod
h1:F1TvTiK9OcQqauNUHlbJvyl9Qa1QvF/gOUDKA14jxHU=
+github.com/go-logr/logr v1.4.1/go.mod
h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
+github.com/go-task/slim-sprig/v3 v3.0.0
h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI=
+github.com/go-task/slim-sprig/v3 v3.0.0/go.mod
h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8=
+github.com/gofrs/flock v0.12.0 h1:xHW8t8GPAiGtqz7KxiSqfOEXwpOaqhpYZrTE2MQBgXY=
+github.com/gofrs/flock v0.12.0/go.mod
h1:FirDy1Ing0mI2+kB6wk+vyyAH+e6xiE+EYA0jnzV9jc=
github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
github.com/google/go-cmp v0.6.0/go.mod
h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
-github.com/google/pprof v0.0.0-20230323073829-e72429f035bd
h1:r8yyd+DJDmsUhGrRBxH5Pj7KeFK5l+Y3FsgT8keqKtk=
+github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6
h1:k7nVchz72niMH6YLQNvHSdIE7iqsQxK1P41mySCvssg=
+github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6/go.mod
h1:kf6iHlnVGwgKolg33glAes7Yg/8iWP8ukqeldJSO7jw=
github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
github.com/google/uuid v1.6.0/go.mod
h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
github.com/gorilla/mux v1.8.1 h1:TuBL49tXwgrFYWhqrNgrUNEY92u81SPhu7sTdzQEiWY=
github.com/gorilla/mux v1.8.1/go.mod
h1:AKf9I4AEqPTmMytcMc0KkNouC66V3BtZ4qD5fmWSiMQ=
-github.com/insomniacslk/dhcp v0.0.0-20230516061539-49801966e6cb
h1:6fDKEAXwe3rsfS4khW3EZ8kEqmSiV9szhMPcDrD+Y7Q=
-github.com/insomniacslk/dhcp v0.0.0-20230516061539-49801966e6cb/go.mod
h1:7474bZ1YNCvarT6WFKie4kEET6J0KYRDC4XJqqXzQW4=
-github.com/josharian/native v1.0.1-0.20221213033349-c1e37c09b531/go.mod
h1:7X/raswPFr05uY3HiLlYeyQntB6OO7E/d2Cu7qoaN2w=
-github.com/josharian/native v1.1.0
h1:uuaP0hAbW7Y4l0ZRQ6C9zfb7Mg1mbFKry/xzDAfmtLA=
-github.com/josharian/native v1.1.0/go.mod
h1:7X/raswPFr05uY3HiLlYeyQntB6OO7E/d2Cu7qoaN2w=
+github.com/insomniacslk/dhcp v0.0.0-20240710054256-ddd8a41251c9
h1:LZJWucZz7ztCqY6Jsu7N9g124iJ2kt/O62j3+UchZFg=
+github.com/insomniacslk/dhcp v0.0.0-20240710054256-ddd8a41251c9/go.mod
h1:KclMyHxX06VrVr0DJmeFSUb1ankt7xTfoOA35pCkoic=
github.com/moby/sys/mountinfo v0.7.1
h1:/tTvQaSJRr2FshkhXiIpux6fQ2Zvc4j7tAhMTStAG2g=
github.com/moby/sys/mountinfo v0.7.1/go.mod
h1:IJb6JQeOklcdMU9F5xQ8ZALD+CUr5VlGpwtX+VE0rpI=
github.com/moby/vpnkit v0.5.0 h1:VcDpS9y+PmT9itf+mH5Qdh9GME7ungLMt9yjf9o4REY=
github.com/moby/vpnkit v0.5.0/go.mod
h1:KyjUrL9cb6ZSNNAUwZfqRjhwwgJ3BJN+kXh0t43WTUQ=
-github.com/onsi/ginkgo/v2 v2.16.0
h1:7q1w9frJDzninhXxjZd+Y/x54XNjG/UlRLIYPZafsPM=
-github.com/onsi/gomega v1.31.1 h1:KYppCUK+bUgAZwHOu7EXVBKyQA6ILvOESHkn/tgoqvo=
-github.com/pierrec/lz4/v4 v4.1.14/go.mod
h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4=
-github.com/pierrec/lz4/v4 v4.1.17
h1:kV4Ip+/hUBC+8T6+2EgburRtkE9ef4nbY3f4dFhGjMc=
-github.com/pierrec/lz4/v4 v4.1.17/go.mod
h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4=
+github.com/onsi/ginkgo/v2 v2.19.0
h1:9Cnnf7UHo57Hy3k6/m5k3dRfGTMXGvxhHFvkDTCTpvA=
+github.com/onsi/ginkgo/v2 v2.19.0/go.mod
h1:rlwLi9PilAFJ8jCg9UE1QP6VBpd6/xj3SRC0d6TU0To=
+github.com/onsi/gomega v1.33.1 h1:dsYjIxxSR755MDmKVsaFQTE22ChNBcuuTWgkUDSubOk=
+github.com/onsi/gomega v1.33.1/go.mod
h1:U4R44UsT+9eLIaYRB2a5qajjtQYn0hauxvRm16AVYg0=
+github.com/pierrec/lz4/v4 v4.1.21
h1:yOVMLb6qSIDP67pl/5F7RepeKYu/VmTyEXvuMI5d9mQ=
+github.com/pierrec/lz4/v4 v4.1.21/go.mod
h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4=
github.com/pmezard/go-difflib v1.0.0
h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
github.com/pmezard/go-difflib v1.0.0/go.mod
h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/russross/blackfriday/v2 v2.1.0
h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk=
@@ -43,25 +45,27 @@
github.com/songgao/water v0.0.0-20200317203138-2b4b6d7c09d8/go.mod
h1:P5HUIBuIWKbyjl083/loAegFkfbFNx5i2qEP4CNbm7E=
github.com/stretchr/objx v0.1.0/go.mod
h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
github.com/stretchr/testify v1.7.0/go.mod
h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.8.2
h1:+h33VjcLVPDHtOdpUCuF+7gSuG3yGIftsP1YvFihtJ8=
-github.com/u-root/uio v0.0.0-20230305220412-3e8cd9d6bf63
h1:YcojQL98T/OO+rybuzn2+5KrD5dBwXIvYBvQ2cD3Avg=
-github.com/u-root/uio v0.0.0-20230305220412-3e8cd9d6bf63/go.mod
h1:eLL9Nub3yfAho7qB0MzZizFhTU2QkLeoVsWdHtDW264=
-github.com/urfave/cli/v2 v2.27.1
h1:8xSQ6szndafKVRmfyeUMxkNUJQMjL1F2zmsZ+qHpfho=
-github.com/urfave/cli/v2 v2.27.1/go.mod
h1:8qnjx1vcq5s2/wpsqoZFndg2CE5tNFyrTvS6SinrnYQ=
-github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673
h1:bAn7/zixMGCfxrRTfdpNzjtPYqr8smhKouy9mxVdGPU=
-github.com/xrash/smetrics v0.0.0-20201216005158-039620a65673/go.mod
h1:N3UwUGtsrSj3ccvlPHLoLsHnpR27oXr4ZE984MbSER8=
-golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs=
-golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg=
+github.com/stretchr/testify v1.9.0
h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
+github.com/stretchr/testify v1.9.0/go.mod
h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+github.com/u-root/uio v0.0.0-20240224005618-d2acac8f3701
h1:pyC9PaHYZFgEKFdlp3G8RaCKgVpHZnecvArXvPXcFkM=
+github.com/u-root/uio v0.0.0-20240224005618-d2acac8f3701/go.mod
h1:P3a5rG4X7tI17Nn3aOIAYr5HbIMukwXG0urG0WuL8OA=
+github.com/urfave/cli/v2 v2.27.2
h1:6e0H+AkS+zDckwPCUrZkKX38mRaau4nL2uipkJpbkcI=
+github.com/urfave/cli/v2 v2.27.2/go.mod
h1:g0+79LmHHATl7DAcHO99smiR/T7uGLw84w8Y42x+4eM=
+github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1
h1:gEOO8jv9F4OT7lGCjxCBTO/36wtF6j2nSip77qHd4x4=
+github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1/go.mod
h1:Ohn+xnUBiLI6FVj/9LpzZWtj1/D6lUovWYBkxHVV3aM=
+golang.org/x/net v0.27.0 h1:5K3Njcw06/l2y9vpGCSdcxWOYHOUk3dVNGDXN+FvAys=
+golang.org/x/net v0.27.0/go.mod h1:dDi0PyhWNoiUOrAS8uXv/vnScO4wnHQO4mj9fn/RytE=
golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod
h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220622161953-175b2fd9d664/go.mod
h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod
h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o=
-golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
-golang.org/x/tools v0.17.0 h1:FvmRgNOcs3kOa+T20R1uhfP9F6HgG2mfxDv1vrx1Htc=
-gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405
h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
+golang.org/x/sys v0.22.0 h1:RI27ohtqKCnwULzJLqkv897zojh5/DwS/ENaMzUOaWI=
+golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4=
+golang.org/x/text v0.16.0/go.mod
h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI=
+golang.org/x/tools v0.21.0 h1:qc0xYgIbsSDt9EyWz05J5wfa7LOVW0YTLOXrqdLAWIw=
+golang.org/x/tools v0.21.0/go.mod
h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod
h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod
h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
gotest.tools/v3 v3.5.1 h1:EENdUnS3pdur5nybKYIh2Vfgc8IUNBjxDPSjtiJcOzU=
gotest.tools/v3 v3.5.1/go.mod h1:isy3WKz7GK6uNw/sbHzfKBLvlvXwUyV06n6brMxxopU=
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/rootlesskit-2.1.0/hack/benchmark-iperf3-net.sh
new/rootlesskit-2.2.0/hack/benchmark-iperf3-net.sh
--- old/rootlesskit-2.1.0/hack/benchmark-iperf3-net.sh 2024-04-26
02:16:44.000000000 +0200
+++ new/rootlesskit-2.2.0/hack/benchmark-iperf3-net.sh 2024-07-16
17:59:36.000000000 +0200
@@ -42,7 +42,7 @@
dev=lxcbr0
set -x
# ignore "lxc-net is already running" error
- sudo /usr/lib/$(uname -m)-linux-gnu/lxc/lxc-net start || true
+ sudo /usr/lib/$(uname -m)-linux-gnu/lxc/lxc-net start || sudo
/etc/init.d/lxc-net start || true
ip=$(ip -4 -o addr show $dev | awk '{print $4}' | cut -d "/" -f 1)
$ROOTLESSKIT --state-dir=$statedir --net=lxc-user-nic $@ -- $IPERF3C $ip
set +x
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/rootlesskit-2.1.0/hack/integration-net.sh
new/rootlesskit-2.2.0/hack/integration-net.sh
--- old/rootlesskit-2.1.0/hack/integration-net.sh 2024-04-26
02:16:44.000000000 +0200
+++ new/rootlesskit-2.2.0/hack/integration-net.sh 2024-07-16
17:59:36.000000000 +0200
@@ -16,6 +16,6 @@
set -x
if [ "${net}" = "lxc-user-nic" ]; then
# ignore "lxc-net is already running" error
- sudo /usr/lib/$(uname -m)-linux-gnu/lxc/lxc-net start || true
+ sudo /usr/lib/$(uname -m)-linux-gnu/lxc/lxc-net start || sudo
/etc/init.d/lxc-net start || true
fi
$ROOTLESSKIT --net=${net} --copy-up=/etc --copy-up=/run
--disable-host-loopback ${flags} -- nslookup example.com
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/rootlesskit-2.1.0/hack/integration-systemd-socket-check-env.sh
new/rootlesskit-2.2.0/hack/integration-systemd-socket-check-env.sh
--- old/rootlesskit-2.1.0/hack/integration-systemd-socket-check-env.sh
1970-01-01 01:00:00.000000000 +0100
+++ new/rootlesskit-2.2.0/hack/integration-systemd-socket-check-env.sh
2024-07-16 17:59:36.000000000 +0200
@@ -0,0 +1,33 @@
+#!/bin/bash
+
+set -eu -o pipefail
+
+OK_FILE=$1
+ERR_FILE=$2
+EXPECTED_LISTEN_FDS=$3
+
+fail() {
+ echo "$@" > "$ERR_FILE"
+ exit 1
+}
+
+if ! [[ "${LISTEN_FDS:-}" =~ [1-9] ]]; then
+ fail "LISTEN_FDS (${LISTEN_FDS:-}) is not set or not positive a number."
+fi
+
+if [[ "${LISTEN_FDS:-}" != "${EXPECTED_LISTEN_FDS}" ]]; then
+ fail "LISTEN_FDS (${LISTEN_FDS}) is not equal to expected
${EXPECTED_LISTEN_FDS}."
+fi
+
+if [[ "${LISTEN_PID}" != "$$" ]]; then
+ fail "LISTEN_PID (${LISTEN_PID}) is not equal to \$\$ ($$)."
+fi
+
+for ((i=0,fdnum=3; i<LISTEN_FDS; fdnum++, i++)); do
+ fdpath="/proc/$$/fd/${fdnum}"
+ if [[ ! -e "$fdpath" ]]; then
+ fail "FD #${fdnum} does not exists"
+ fi
+done
+
+touch "${OK_FILE}"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/rootlesskit-2.1.0/hack/integration-systemd-socket.sh
new/rootlesskit-2.2.0/hack/integration-systemd-socket.sh
--- old/rootlesskit-2.1.0/hack/integration-systemd-socket.sh 2024-04-26
02:16:44.000000000 +0200
+++ new/rootlesskit-2.2.0/hack/integration-systemd-socket.sh 2024-07-16
17:59:36.000000000 +0200
@@ -1,17 +1,55 @@
-#!/bin/sh
-set -e
-if [ -z "$EXECED" ]
-then
- systemd-socket-activate -E EXECED=1 -l /tmp/activate.sock socat
ACCEPT-FD:3 EXEC:"rootlesskit $0",nofork 2>/dev/null &
- OUTPUT="$(curl --unix-socket /tmp/activate.sock http://localhost/hello
2>/dev/null)"
- [ "$(printf 'Hello\n' )" = "$OUTPUT" ] || exit 1
-else
- [ "$LISTEN_FDS" = "1" ] || exit 1
- read -r REQUEST
- if [ "$(printf 'GET /hello HTTP/1.1\r\n')" = "$REQUEST" ]
- then
- printf 'HTTP/1.1 200 OK\r\nContent-Length: 6\r\n\r\nHello\n'
- else
- printf 'HTTP/1.1 400 Bad Request\r\nContent-Length: 5\r\n\r\nBad!\n'
- fi
-fi
+#!/bin/bash
+
+srcdir=$(realpath $(dirname $0))
+source "${srcdir}/common.inc.sh"
+
+test_with_uuidd_daemon() {
+ uuidd_tmpdir=$(mktemp -d)
+ uuidd_sock="${uuidd_tmpdir}/uuidd.sock"
+ systemd-socket-activate -l "${uuidd_sock}" "$ROOTLESSKIT" uuidd --no-pid
--no-fork --socket-activation &
+ pid=$!
+ sleep 2
+ uuidd -d -r -n 1 -s "${uuidd_sock}" || return 1
+ uuidd -d -t -n 1 -s "${uuidd_sock}" || return 1
+ uuidd -d -k -s "${uuidd_sock}" || return 1
+ rm -r "${uuidd_tmpdir}" || return 1
+ wait $pid || return 1
+}
+
+test_env_variables() {
+ tmpdir=$(mktemp -d)
+ sock1="${tmpdir}/sock1.sock"
+ sock2="${tmpdir}/sock2.sock"
+ sock3="${tmpdir}/sock3.sock"
+ ## Test 1 socket
+ timeout 30 systemd-socket-activate -l "${sock1}" "$ROOTLESSKIT"
"${srcdir}/integration-systemd-socket-check-env.sh" "${tmpdir}/ok1"
"${tmpdir}/fail1" 1 &
+ pid=$!
+ sleep 2
+ curl --unix-socket "${sock1}" "http//example.com" >/dev/null 2>&1 || true #
just trigger
+ wait $pid
+ if [[ ! -e "${tmpdir}/ok1" ]]; then return 1; fi
+ ## Test 2 sockets
+ timeout 30 systemd-socket-activate -l "${sock1}" -l "${sock2}"
"$ROOTLESSKIT" "${srcdir}/integration-systemd-socket-check-env.sh"
"${tmpdir}/ok2" "${tmpdir}/fail2" 2 &
+ pid=$!
+ sleep 2
+ curl --unix-socket "${sock1}" "http//example.com" >/dev/null 2>&1 || true
+ wait $pid
+ if [[ ! -e "${tmpdir}/ok2" ]]; then return 1; fi
+ ## Test 3 sockets
+ timeout 30 systemd-socket-activate -l "${sock1}" -l "${sock2}" -l
"${sock3}" "$ROOTLESSKIT" "${srcdir}/integration-systemd-socket-check-env.sh"
"${tmpdir}/ok3" "${tmpdir}/fail3" 3 &
+ pid=$!
+ sleep 2
+ curl --unix-socket "${sock1}" "http//example.com" >/dev/null 2>&1 || true
+ wait $pid
+ if [[ ! -e "${tmpdir}/ok3" ]]; then return 1; fi
+
+ rm -r "${tmpdir}"
+}
+
+INFO "===== Systemd socket activation: uuidd daemon ====="
+test_with_uuidd_daemon
+
+INFO "===== Systemd socket activation: LISTEN_* variables check ====="
+test_env_variables
+
+INFO "===== PASSING ====="
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/rootlesskit-2.1.0/pkg/child/child.go
new/rootlesskit-2.2.0/pkg/child/child.go
--- old/rootlesskit-2.1.0/pkg/child/child.go 2024-04-26 02:16:44.000000000
+0200
+++ new/rootlesskit-2.2.0/pkg/child/child.go 2024-07-16 17:59:36.000000000
+0200
@@ -51,16 +51,29 @@
}
-func createCmd(targetCmd []string) (*exec.Cmd, error) {
- var args []string
- if len(targetCmd) > 1 {
- args = targetCmd[1:]
- }
- cmd := exec.Command(targetCmd[0], args...)
+func createCmd(opt Opt) (*exec.Cmd, error) {
+ fixListenPidEnv, err :=
strconv.ParseBool(os.Getenv(opt.ChildUseActivationEnvKey))
+ if err != nil {
+ fixListenPidEnv = false
+ }
+ os.Unsetenv(opt.ChildUseActivationEnvKey)
+ targetCmd := opt.TargetCmd
+ var cmd *exec.Cmd
+ cmdEnv := os.Environ()
+ if fixListenPidEnv {
+ cmd = exec.Command("/proc/self/exe", os.Args[1:]...)
+ cmdEnv = append(cmdEnv, opt.RunActivationHelperEnvKey + "=true")
+ } else {
+ var args []string
+ if len(targetCmd) > 1 {
+ args = targetCmd[1:]
+ }
+ cmd = exec.Command(targetCmd[0], args...)
+ }
cmd.Stdin = os.Stdin
cmd.Stdout = os.Stdout
cmd.Stderr = os.Stderr
- cmd.Env = os.Environ()
+ cmd.Env = cmdEnv
cmd.SysProcAttr = &syscall.SysProcAttr{
Pdeathsig: syscall.SIGKILL,
}
@@ -252,6 +265,8 @@
type Opt struct {
PipeFDEnvKey string // needs to be set
+ RunActivationHelperEnvKey string // needs to be set
+ ChildUseActivationEnvKey string // needs to be set
StateDirEnvKey string // needs to be set
TargetCmd []string // needs to be set
NetworkDriver network.ChildDriver // nil for HostNetwork
@@ -458,7 +473,7 @@
}()
}
- cmd, err := createCmd(opt.TargetCmd)
+ cmd, err := createCmd(opt)
if err != nil {
return err
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/rootlesskit-2.1.0/pkg/child/resolvconf.go
new/rootlesskit-2.2.0/pkg/child/resolvconf.go
--- old/rootlesskit-2.1.0/pkg/child/resolvconf.go 2024-04-26
02:16:44.000000000 +0200
+++ new/rootlesskit-2.2.0/pkg/child/resolvconf.go 2024-07-16
17:59:36.000000000 +0200
@@ -1,5 +1,12 @@
package child
-func generateResolvConf(dns string) []byte {
- return []byte("nameserver " + dns + "\n")
+import "strings"
+
+func generateResolvConf(dns []string) []byte {
+ var sb strings.Builder
+
+ for _, nameserver := range dns {
+ sb.WriteString("nameserver " + nameserver + "\n")
+ }
+ return []byte(sb.String())
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/rootlesskit-2.1.0/pkg/messages/messages.go
new/rootlesskit-2.2.0/pkg/messages/messages.go
--- old/rootlesskit-2.1.0/pkg/messages/messages.go 2024-04-26
02:16:44.000000000 +0200
+++ new/rootlesskit-2.2.0/pkg/messages/messages.go 2024-07-16
17:59:36.000000000 +0200
@@ -59,7 +59,7 @@
IP string
Netmask int
Gateway string
- DNS string
+ DNS []string
MTU int
// NetworkDriverOpaque strings are specific to driver
NetworkDriverOpaque map[string]string
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/rootlesskit-2.1.0/pkg/network/lxcusernic/lxcusernic.go
new/rootlesskit-2.2.0/pkg/network/lxcusernic/lxcusernic.go
--- old/rootlesskit-2.1.0/pkg/network/lxcusernic/lxcusernic.go 2024-04-26
02:16:44.000000000 +0200
+++ new/rootlesskit-2.2.0/pkg/network/lxcusernic/lxcusernic.go 2024-07-16
17:59:36.000000000 +0200
@@ -184,7 +184,7 @@
netmask, _ := p.SubnetMask().Size()
netmsg.Netmask = netmask
netmsg.Gateway = p.Router()[0].To4().String()
- netmsg.DNS = p.DNS()[0].To4().String()
+ netmsg.DNS = []string{p.DNS()[0].To4().String()}
go dhcpRenewRoutine(c, dev, p.YourIPAddr.To4(),
p.IPAddressLeaseTime(time.Hour), detachedNetNSPath)
return dev, nil
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/rootlesskit-2.1.0/pkg/network/pasta/pasta.go
new/rootlesskit-2.2.0/pkg/network/pasta/pasta.go
--- old/rootlesskit-2.1.0/pkg/network/pasta/pasta.go 2024-04-26
02:16:44.000000000 +0200
+++ new/rootlesskit-2.2.0/pkg/network/pasta/pasta.go 2024-07-16
17:59:36.000000000 +0200
@@ -169,13 +169,13 @@
netmsg.IP = address.String()
netmsg.Netmask = netmask
netmsg.Gateway = gateway.String()
- netmsg.DNS = dns.String()
+ netmsg.DNS = []string{dns.String()}
d.infoMu.Lock()
d.info = func() *api.NetworkDriverInfo {
return &api.NetworkDriverInfo{
Driver: DriverName,
- DNS: []net.IP{net.ParseIP(netmsg.DNS)},
+ DNS: []net.IP{net.ParseIP(netmsg.DNS[0])},
ChildIP: net.ParseIP(netmsg.IP),
DynamicChildIP: false,
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/rootlesskit-2.1.0/pkg/network/slirp4netns/slirp4netns.go
new/rootlesskit-2.2.0/pkg/network/slirp4netns/slirp4netns.go
--- old/rootlesskit-2.1.0/pkg/network/slirp4netns/slirp4netns.go
2024-04-26 02:16:44.000000000 +0200
+++ new/rootlesskit-2.2.0/pkg/network/slirp4netns/slirp4netns.go
2024-07-16 17:59:36.000000000 +0200
@@ -243,6 +243,7 @@
}
netmsg := messages.ParentInitNetworkDriverCompleted{
Dev: tap,
+ DNS: make([]string, 0, 2),
MTU: d.mtu,
}
if d.ipnet != nil {
@@ -262,19 +263,30 @@
if err != nil {
return nil, common.Seq(cleanups), err
}
- netmsg.DNS = x.String()
+ netmsg.DNS = append(netmsg.DNS, x.String())
} else {
netmsg.IP = "10.0.2.100"
netmsg.Netmask = 24
netmsg.Gateway = "10.0.2.2"
- netmsg.DNS = "10.0.2.3"
+ netmsg.DNS = append(netmsg.DNS, "10.0.2.3")
+ }
+
+ if d.enableIPv6 {
+ // for now slirp4netns only supports fd00::3 as v6 nameserver
+ //
https://github.com/rootless-containers/slirp4netns/blob/ee1542e1532e6a7f266b8b6118973ab3b10a8bb5/slirp4netns.c#L272
+ netmsg.DNS = append(netmsg.DNS, "fd00::3")
+ }
+
+ apiDNS := make([]net.IP, 0, cap(netmsg.DNS))
+ for _, nameserver := range netmsg.DNS {
+ apiDNS = append(apiDNS, net.ParseIP(nameserver))
}
d.infoMu.Lock()
d.info = func() *api.NetworkDriverInfo {
return &api.NetworkDriverInfo{
Driver: DriverName,
- DNS: []net.IP{net.ParseIP(netmsg.DNS)},
+ DNS: apiDNS,
ChildIP: net.ParseIP(netmsg.IP),
DynamicChildIP: false,
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/rootlesskit-2.1.0/pkg/network/vpnkit/vpnkit.go
new/rootlesskit-2.2.0/pkg/network/vpnkit/vpnkit.go
--- old/rootlesskit-2.1.0/pkg/network/vpnkit/vpnkit.go 2024-04-26
02:16:44.000000000 +0200
+++ new/rootlesskit-2.2.0/pkg/network/vpnkit/vpnkit.go 2024-07-16
17:59:36.000000000 +0200
@@ -127,7 +127,7 @@
IP: vif.IP.String(),
Netmask: 24,
Gateway: "192.168.65.1",
- DNS: "192.168.65.1",
+ DNS: []string{"192.168.65.1"},
MTU: d.mtu,
NetworkDriverOpaque: map[string]string{
opaqueMAC: vif.ClientMAC.String(),
@@ -139,7 +139,7 @@
d.info = func() *api.NetworkDriverInfo {
return &api.NetworkDriverInfo{
Driver: DriverName,
- DNS: []net.IP{net.ParseIP(netmsg.DNS)},
+ DNS: []net.IP{net.ParseIP(netmsg.DNS[0])},
ChildIP: net.ParseIP(netmsg.IP),
DynamicChildIP: false,
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/rootlesskit-2.1.0/pkg/parent/parent.go
new/rootlesskit-2.2.0/pkg/parent/parent.go
--- old/rootlesskit-2.1.0/pkg/parent/parent.go 2024-04-26 02:16:44.000000000
+0200
+++ new/rootlesskit-2.2.0/pkg/parent/parent.go 2024-07-16 17:59:36.000000000
+0200
@@ -30,6 +30,7 @@
type Opt struct {
PipeFDEnvKey string // needs to be set
+ ChildUseActivationEnvKey string // needs to be set
StateDir string // directory needs to be
precreated
StateDirEnvKey string // optional env key to propagate
StateDir value
NetworkDriver network.ParentDriver // nil for HostNetwork
@@ -125,25 +126,26 @@
return lock, nil
}
-func setupFilesAndEnv(cmd *exec.Cmd, readPipe *os.File, writePipe *os.File,
envKey string) {
+func setupFilesAndEnv(readPipe *os.File, writePipe *os.File, opt Opt)
([]*os.File, []string) {
// 0 1 and 2 are used for stdin. stdout, and stderr
- const firstExtraFD = 3
- systemdActivationFDs := 0
- // check for systemd socket activation sockets
- if v := os.Getenv("LISTEN_FDS"); v != "" {
- if num, err := strconv.Atoi(v); err == nil {
- systemdActivationFDs = num
- }
- }
- cmd.ExtraFiles = make([]*os.File, systemdActivationFDs + 2)
- for fd := 0; fd < systemdActivationFDs; fd++ {
- cmd.ExtraFiles[fd] = os.NewFile(uintptr(firstExtraFD + fd), "")
- }
- readIndex := systemdActivationFDs
- writeIndex := readIndex + 1
- cmd.ExtraFiles[readIndex] = readPipe
- cmd.ExtraFiles[writeIndex] = writePipe
- cmd.Env = append(os.Environ(),
envKey+"="+strconv.Itoa(firstExtraFD+readIndex)+","+strconv.Itoa(firstExtraFD+writeIndex))
+ const listenFdsStart = 3
+ listenPid, listenPidErr := strconv.Atoi(os.Getenv("LISTEN_PID"))
+ listenFds, listenFdsErr := strconv.Atoi(os.Getenv("LISTEN_FDS"))
+ useSystemdSocketFDs := listenPidErr == nil && listenFdsErr == nil &&
listenFds > 0
+ if !useSystemdSocketFDs {
+ listenFds = 0
+ }
+ extraFiles := make([]*os.File, listenFds + 2)
+ for i, fd := 0, listenFdsStart; i < listenFds; i, fd = i + 1, fd + 1 {
+ name := "LISTEN_FD_" + strconv.Itoa(fd)
+ extraFiles[i] = os.NewFile(uintptr(fd), name)
+ }
+ extraFiles[listenFds] = readPipe
+ extraFiles[listenFds + 1] = writePipe
+ cmdEnv := os.Environ()
+ cmdEnv = append(cmdEnv, opt.PipeFDEnvKey + "=" +
strconv.Itoa(listenFdsStart + listenFds) + "," + strconv.Itoa(listenFdsStart +
listenFds + 1))
+ cmdEnv = append(cmdEnv, opt.ChildUseActivationEnvKey + "=" +
strconv.FormatBool(listenPid == os.Getpid()))
+ return extraFiles, cmdEnv
}
func Parent(opt Opt) error {
@@ -199,7 +201,7 @@
cmd.Stdin = os.Stdin
cmd.Stdout = os.Stdout
cmd.Stderr = os.Stderr
- setupFilesAndEnv(cmd, pipeR, pipe2W, opt.PipeFDEnvKey)
+ cmd.ExtraFiles, cmd.Env = setupFilesAndEnv(pipeR, pipe2W, opt)
if opt.StateDirEnvKey != "" {
cmd.Env = append(cmd.Env, opt.StateDirEnvKey+"="+opt.StateDir)
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/rootlesskit-2.1.0/pkg/systemd/activation/activation.go
new/rootlesskit-2.2.0/pkg/systemd/activation/activation.go
--- old/rootlesskit-2.1.0/pkg/systemd/activation/activation.go 1970-01-01
01:00:00.000000000 +0100
+++ new/rootlesskit-2.2.0/pkg/systemd/activation/activation.go 2024-07-16
17:59:36.000000000 +0200
@@ -0,0 +1,28 @@
+package activation
+
+import (
+ "os"
+ "os/exec"
+ "syscall"
+ "strconv"
+)
+
+type Opt struct {
+ RunActivationHelperEnvKey string // needs to be set
+ TargetCmd []string // needs to be set
+}
+
+func ActivationHelper(opt Opt) error {
+ pid := os.Getpid()
+ os.Unsetenv(opt.RunActivationHelperEnvKey)
+ os.Setenv("LISTEN_PID", strconv.Itoa(pid))
+ argsv := opt.TargetCmd
+ execPath, err := exec.LookPath(argsv[0])
+ if err != nil {
+ return err
+ }
+ if err = syscall.Exec(execPath, argsv, os.Environ()); err != nil {
+ return err
+ }
+ panic("should not reach here")
+}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/rootlesskit-2.1.0/pkg/version/version.go
new/rootlesskit-2.2.0/pkg/version/version.go
--- old/rootlesskit-2.1.0/pkg/version/version.go 2024-04-26
02:16:44.000000000 +0200
+++ new/rootlesskit-2.2.0/pkg/version/version.go 2024-07-16
17:59:36.000000000 +0200
@@ -1,3 +1,3 @@
package version
-const Version = "2.1.0"
+const Version = "2.2.0"
++++++ vendor.tar.gz ++++++
++++ 18677 lines of diff (skipped)
