241 lines
8.0 KiB
Diff
241 lines
8.0 KiB
Diff
|
From 424cc42fba3cb182a360dcdda68caf20d9141ae6 Mon Sep 17 00:00:00 2001
|
|||
|
From: Debarshi Ray <rishi@fedoraproject.org>
|
|||
|
Date: Tue, 28 Feb 2023 17:12:04 +0100
|
|||
|
Subject: [PATCH 1/4] cmd/root: Don't use podman(1) when generating the
|
|||
|
completions
|
|||
|
|
|||
|
Ever since commit bafbbe81c9220cb3, the shell completions are generated
|
|||
|
while building Toolbx using the 'completion' command. This involves
|
|||
|
running toolbox(1) itself, and hence invoking 'podman version' to decide
|
|||
|
if 'podman system migrate' is needed or not.
|
|||
|
|
|||
|
Unfortunately, some build environments, like Fedora's, are set up inside
|
|||
|
a chroot(2) or systemd-nspawn(1) or similar, where 'podman version' may
|
|||
|
not work because it does various things with namespaces(7) and clone(2)
|
|||
|
that can, under certain circumstances, encounter an EPERM.
|
|||
|
|
|||
|
Therefore, it's better to avoid using podman(1) when generating the
|
|||
|
shell completions, especially, since they are generated by Cobra itself
|
|||
|
and podman(1) is not involved at all.
|
|||
|
|
|||
|
Note that podman(1) is needed when the generated shell completions are
|
|||
|
actually used in interactive command line environments. The shell
|
|||
|
completions invoke the hidden '__complete' command to get the results
|
|||
|
that are presented to the user, and, if needed, 'podman system migrate'
|
|||
|
will continue to be run as part of that.
|
|||
|
|
|||
|
This partially reverts commit f3e005d0142d7ec76d5ac8f0a2f331a52fd46011
|
|||
|
because podman(1) is now only an optional runtime dependency for the
|
|||
|
system tests.
|
|||
|
|
|||
|
https://github.com/containers/podman/issues/17657
|
|||
|
---
|
|||
|
meson.build | 2 +-
|
|||
|
src/cmd/root.go | 9 +++++++--
|
|||
|
2 files changed, 8 insertions(+), 3 deletions(-)
|
|||
|
|
|||
|
diff --git a/meson.build b/meson.build
|
|||
|
index 6f044bb204e3..653a3d3ac588 100644
|
|||
|
--- a/meson.build
|
|||
|
+++ b/meson.build
|
|||
|
@@ -18,12 +18,12 @@ subid_dep = cc.find_library('subid', has_headers: ['shadow/subid.h'])
|
|||
|
|
|||
|
go = find_program('go')
|
|||
|
go_md2man = find_program('go-md2man')
|
|||
|
-podman = find_program('podman')
|
|||
|
|
|||
|
bats = find_program('bats', required: false)
|
|||
|
codespell = find_program('codespell', required: false)
|
|||
|
htpasswd = find_program('htpasswd', required: false)
|
|||
|
openssl = find_program('openssl', required: false)
|
|||
|
+podman = find_program('podman', required: false)
|
|||
|
shellcheck = find_program('shellcheck', required: false)
|
|||
|
skopeo = find_program('skopeo', required: false)
|
|||
|
|
|||
|
diff --git a/src/cmd/root.go b/src/cmd/root.go
|
|||
|
index 304b03dcd889..9975ccc7a4c8 100644
|
|||
|
--- a/src/cmd/root.go
|
|||
|
+++ b/src/cmd/root.go
|
|||
|
@@ -166,7 +166,7 @@ func preRun(cmd *cobra.Command, args []string) error {
|
|||
|
|
|||
|
logrus.Debugf("TOOLBOX_PATH is %s", toolboxPath)
|
|||
|
|
|||
|
- if err := migrate(); err != nil {
|
|||
|
+ if err := migrate(cmd, args); err != nil {
|
|||
|
return err
|
|||
|
}
|
|||
|
|
|||
|
@@ -211,13 +211,18 @@ func rootRun(cmd *cobra.Command, args []string) error {
|
|||
|
return rootRunImpl(cmd, args)
|
|||
|
}
|
|||
|
|
|||
|
-func migrate() error {
|
|||
|
+func migrate(cmd *cobra.Command, args []string) error {
|
|||
|
logrus.Debug("Migrating to newer Podman")
|
|||
|
|
|||
|
if utils.IsInsideContainer() {
|
|||
|
return nil
|
|||
|
}
|
|||
|
|
|||
|
+ if cmdName, completionCmdName := cmd.Name(), completionCmd.Name(); cmdName == completionCmdName {
|
|||
|
+ logrus.Debugf("Migration not needed: command %s doesn't need it", cmdName)
|
|||
|
+ return nil
|
|||
|
+ }
|
|||
|
+
|
|||
|
configDir, err := os.UserConfigDir()
|
|||
|
if err != nil {
|
|||
|
logrus.Debugf("Migrating to newer Podman: failed to get the user config directory: %s", err)
|
|||
|
--
|
|||
|
2.41.0
|
|||
|
|
|||
|
|
|||
|
From 0723706168a1bde708bc9acc203c5e9870bc94d5 Mon Sep 17 00:00:00 2001
|
|||
|
From: Debarshi Ray <rishi@fedoraproject.org>
|
|||
|
Date: Wed, 1 Mar 2023 19:41:56 +0100
|
|||
|
Subject: [PATCH 2/4] cmd/root: Sprinkle a debug log
|
|||
|
|
|||
|
https://github.com/containers/toolbox/pull/1251
|
|||
|
---
|
|||
|
src/cmd/root.go | 1 +
|
|||
|
1 file changed, 1 insertion(+)
|
|||
|
|
|||
|
diff --git a/src/cmd/root.go b/src/cmd/root.go
|
|||
|
index 9975ccc7a4c8..2e7428a20b24 100644
|
|||
|
--- a/src/cmd/root.go
|
|||
|
+++ b/src/cmd/root.go
|
|||
|
@@ -215,6 +215,7 @@ func migrate(cmd *cobra.Command, args []string) error {
|
|||
|
logrus.Debug("Migrating to newer Podman")
|
|||
|
|
|||
|
if utils.IsInsideContainer() {
|
|||
|
+ logrus.Debug("Migration not needed: running inside a container")
|
|||
|
return nil
|
|||
|
}
|
|||
|
|
|||
|
--
|
|||
|
2.41.0
|
|||
|
|
|||
|
|
|||
|
From 0736db58456bb635854493e28a0c36bda49988ce Mon Sep 17 00:00:00 2001
|
|||
|
From: Debarshi Ray <rishi@fedoraproject.org>
|
|||
|
Date: Wed, 1 Mar 2023 19:46:11 +0100
|
|||
|
Subject: [PATCH 3/4] cmd/root: Shuffle some code around and sprinkle some
|
|||
|
debug logs
|
|||
|
|
|||
|
Having a separate convenience function reduces the indentation levels by
|
|||
|
at least one, and sometimes two, and makes it easy to have more detailed
|
|||
|
debug logs.
|
|||
|
|
|||
|
This will make the subsequent commit easier to read.
|
|||
|
|
|||
|
https://github.com/containers/toolbox/issues/1246
|
|||
|
---
|
|||
|
src/cmd/root.go | 32 ++++++++++++++++++++++++--------
|
|||
|
1 file changed, 24 insertions(+), 8 deletions(-)
|
|||
|
|
|||
|
diff --git a/src/cmd/root.go b/src/cmd/root.go
|
|||
|
index 2e7428a20b24..9aafe3e0d3be 100644
|
|||
|
--- a/src/cmd/root.go
|
|||
|
+++ b/src/cmd/root.go
|
|||
|
@@ -1,5 +1,5 @@
|
|||
|
/*
|
|||
|
- * Copyright © 2019 – 2022 Red Hat Inc.
|
|||
|
+ * Copyright © 2019 – 2023 Red Hat Inc.
|
|||
|
*
|
|||
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|||
|
* you may not use this file except in compliance with the License.
|
|||
|
@@ -139,13 +139,8 @@ func preRun(cmd *cobra.Command, args []string) error {
|
|||
|
if !utils.IsInsideContainer() {
|
|||
|
logrus.Debugf("Running on a cgroups v%d host", cgroupsVersion)
|
|||
|
|
|||
|
- if currentUser.Uid != "0" {
|
|||
|
- logrus.Debugf("Looking for sub-GID and sub-UID ranges for user %s", currentUser.Username)
|
|||
|
-
|
|||
|
- if _, err := utils.ValidateSubIDRanges(currentUser); err != nil {
|
|||
|
- logrus.Debugf("Looking for sub-GID and sub-UID ranges: %s", err)
|
|||
|
- return newSubIDError()
|
|||
|
- }
|
|||
|
+ if _, err := validateSubIDRanges(cmd, args, currentUser); err != nil {
|
|||
|
+ return err
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
@@ -392,3 +387,24 @@ func setUpLoggers() error {
|
|||
|
|
|||
|
return nil
|
|||
|
}
|
|||
|
+
|
|||
|
+func validateSubIDRanges(cmd *cobra.Command, args []string, user *user.User) (bool, error) {
|
|||
|
+ logrus.Debugf("Looking for sub-GID and sub-UID ranges for user %s", user.Username)
|
|||
|
+
|
|||
|
+ if user.Uid == "0" {
|
|||
|
+ logrus.Debugf("Look-up not needed: user %s doesn't need them", user.Username)
|
|||
|
+ return true, nil
|
|||
|
+ }
|
|||
|
+
|
|||
|
+ if utils.IsInsideContainer() {
|
|||
|
+ logrus.Debug("Look-up not needed: running inside a container")
|
|||
|
+ return true, nil
|
|||
|
+ }
|
|||
|
+
|
|||
|
+ if _, err := utils.ValidateSubIDRanges(user); err != nil {
|
|||
|
+ logrus.Debugf("Looking for sub-GID and sub-UID ranges: %s", err)
|
|||
|
+ return false, newSubIDError()
|
|||
|
+ }
|
|||
|
+
|
|||
|
+ return true, nil
|
|||
|
+}
|
|||
|
--
|
|||
|
2.41.0
|
|||
|
|
|||
|
|
|||
|
From 02537eac420f49e96110663794ef5f2511eb6860 Mon Sep 17 00:00:00 2001
|
|||
|
From: Jan Zerebecki <jan.suse@zerebecki.de>
|
|||
|
Date: Wed, 1 Mar 2023 19:52:28 +0100
|
|||
|
Subject: [PATCH 4/4] cmd/root: Don't validate subordinate IDs when generating
|
|||
|
the completions
|
|||
|
|
|||
|
Ever since commit bafbbe81c9220cb3, the shell completions are generated
|
|||
|
while building Toolbx using the 'completion' command. This involves
|
|||
|
running toolbox(1) itself, and hence validating the subordinate user and
|
|||
|
group ID ranges.
|
|||
|
|
|||
|
Unfortunately, some build environments, like openSUSE's, don't have
|
|||
|
subordinate ID ranges set up. Therefore, it's better to not validate
|
|||
|
the subordinate ID ranges when generating the shell completions, since
|
|||
|
they are generated by Cobra itself and subordinate ID ranges are not
|
|||
|
involved at all.
|
|||
|
|
|||
|
Note that subordinate ID ranges may be needed when the generated shell
|
|||
|
completions are actually used in interactive command line environments.
|
|||
|
The shell completions invoke the hidden '__complete' command to get the
|
|||
|
results that are presented to the user, and, if needed, the subordinate
|
|||
|
ID ranges will continue to be used by podman(1) as part of that.
|
|||
|
|
|||
|
Some changes by Debarshi Ray.
|
|||
|
|
|||
|
https://github.com/containers/toolbox/issues/1246
|
|||
|
https://github.com/containers/toolbox/pull/1249
|
|||
|
---
|
|||
|
src/cmd/root.go | 5 +++++
|
|||
|
1 file changed, 5 insertions(+)
|
|||
|
|
|||
|
diff --git a/src/cmd/root.go b/src/cmd/root.go
|
|||
|
index 9aafe3e0d3be..aee9fe026ac3 100644
|
|||
|
--- a/src/cmd/root.go
|
|||
|
+++ b/src/cmd/root.go
|
|||
|
@@ -401,6 +401,11 @@ func validateSubIDRanges(cmd *cobra.Command, args []string, user *user.User) (bo
|
|||
|
return true, nil
|
|||
|
}
|
|||
|
|
|||
|
+ if cmdName, completionCmdName := cmd.Name(), completionCmd.Name(); cmdName == completionCmdName {
|
|||
|
+ logrus.Debugf("Look-up not needed: command %s doesn't need them", cmdName)
|
|||
|
+ return true, nil
|
|||
|
+ }
|
|||
|
+
|
|||
|
if _, err := utils.ValidateSubIDRanges(user); err != nil {
|
|||
|
logrus.Debugf("Looking for sub-GID and sub-UID ranges: %s", err)
|
|||
|
return false, newSubIDError()
|
|||
|
--
|
|||
|
2.41.0
|
|||
|
|