Skip to content

Commit 825eed6

Browse files
authored
Merge pull request #28475 from Luap99/v5.8-backports
[v5.8] some bugfix backports
2 parents d79d0cb + f13de01 commit 825eed6

38 files changed

Lines changed: 248 additions & 130 deletions

.cirrus.yml

Lines changed: 7 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -24,14 +24,14 @@ env:
2424
####
2525
#### Cache-image names to test with (double-quotes around names are critical)
2626
####
27-
FEDORA_NAME: "fedora-42"
27+
FEDORA_NAME: "fedora-43"
2828
FEDORA_AARCH64_NAME: "${FEDORA_NAME}-aarch64"
29-
PRIOR_FEDORA_NAME: "fedora-41"
29+
PRIOR_FEDORA_NAME: "fedora-42"
3030
RAWHIDE_NAME: "rawhide"
31-
DEBIAN_NAME: "debian-13"
31+
DEBIAN_NAME: "debian-14"
3232

3333
# Image identifiers
34-
IMAGE_SUFFIX: "c20250910t092246z-f42f41d13"
34+
IMAGE_SUFFIX: "c20260319t182308z-f43f42d14"
3535

3636
# EC2 images
3737
FEDORA_AMI: "fedora-aws-${IMAGE_SUFFIX}"
@@ -810,7 +810,7 @@ podman_machine_aarch64_task:
810810
depends_on: *build
811811
ec2_instance:
812812
<<: *standard_build_ec2_aarch64
813-
timeout_in: 40m
813+
timeout_in: 60m
814814
env:
815815
TEST_FLAVOR: "machine-linux"
816816
TEST_BUILD_TAGS: ""
@@ -1099,13 +1099,9 @@ upgrade_test_task:
10991099
depends_on: *build
11001100
matrix:
11011101
- env:
1102-
# 2024-02: as long as possible/reasonable, try to keep
1103-
# one version < 4.8 so we can test boltdb. v4.3.1 is
1104-
# the lowest we can go right now, builds before that
1105-
# have netavark <1.4 which hangs on f39 kernel (#21863).
1106-
PODMAN_UPGRADE_FROM: v4.3.1
1102+
PODMAN_UPGRADE_FROM: v5.3.1
11071103
- env:
1108-
PODMAN_UPGRADE_FROM: v4.8.0
1104+
PODMAN_UPGRADE_FROM: v5.6.2
11091105
gce_instance: *standardvm
11101106
env:
11111107
TEST_FLAVOR: upgrade_test

cmd/rootlessport/main.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -201,7 +201,7 @@ outer:
201201
_ = os.Remove(socketfile)
202202
// workaround to bypass the 108 char socket path limit
203203
// open the fd and use the path to the fd as bind argument
204-
fd, err := unix.Open(socketDir, unix.O_PATH, 0)
204+
fd, err := unix.Open(socketDir, unix.O_PATH|unix.O_CLOEXEC, 0)
205205
if err != nil {
206206
return err
207207
}

libpod/container.go

Lines changed: 13 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -1442,18 +1442,20 @@ func (c *Container) NetworkMode() string {
14421442
// If there is none, it's host networking.
14431443
// If there is one and it has a path, it's "ns:".
14441444
foundNetNS := false
1445-
for _, ns := range ctrSpec.Linux.Namespaces {
1446-
if ns.Type == spec.NetworkNamespace {
1447-
foundNetNS = true
1448-
if ns.Path != "" {
1449-
networkMode = fmt.Sprintf("ns:%s", ns.Path)
1450-
} else {
1451-
// We're making a network ns, but not
1452-
// configuring with Slirp or CNI. That
1453-
// means it's --net=none
1454-
networkMode = "none"
1445+
if ctrSpec.Linux != nil {
1446+
for _, ns := range ctrSpec.Linux.Namespaces {
1447+
if ns.Type == spec.NetworkNamespace {
1448+
foundNetNS = true
1449+
if ns.Path != "" {
1450+
networkMode = fmt.Sprintf("ns:%s", ns.Path)
1451+
} else {
1452+
// We're making a network ns, but not
1453+
// configuring with Slirp or CNI. That
1454+
// means it's --net=none
1455+
networkMode = "none"
1456+
}
1457+
break
14551458
}
1456-
break
14571459
}
14581460
}
14591461
if !foundNetNS {

libpod/container_internal_common.go

Lines changed: 11 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -54,6 +54,7 @@ import (
5454
"go.podman.io/common/pkg/umask"
5555
is "go.podman.io/image/v5/storage"
5656
"go.podman.io/storage/pkg/archive"
57+
"go.podman.io/storage/pkg/chrootarchive"
5758
"go.podman.io/storage/pkg/fileutils"
5859
"go.podman.io/storage/pkg/idtools"
5960
"go.podman.io/storage/pkg/lockfile"
@@ -1207,11 +1208,10 @@ func (c *Container) exportCheckpoint(options ContainerCheckpointOptions) error {
12071208
if mp == "" {
12081209
return fmt.Errorf("volume %s is not mounted, cannot export: %w", volume.Name(), define.ErrInternal)
12091210
}
1210-
1211-
input, err := archive.TarWithOptions(mp, &archive.TarOptions{
1211+
input, err := chrootarchive.Tar(mp, &archive.TarOptions{
12121212
Compression: archive.Uncompressed,
12131213
IncludeSourceDir: true,
1214-
})
1214+
}, mp)
12151215
if err != nil {
12161216
return fmt.Errorf("reading volume directory %q: %w", v.Dest, err)
12171217
}
@@ -1226,12 +1226,12 @@ func (c *Container) exportCheckpoint(options ContainerCheckpointOptions) error {
12261226
}
12271227
}
12281228

1229-
input, err := archive.TarWithOptions(c.bundlePath(), &archive.TarOptions{
1229+
bundle := c.bundlePath()
1230+
input, err := chrootarchive.Tar(bundle, &archive.TarOptions{
12301231
Compression: options.Compression,
12311232
IncludeSourceDir: true,
12321233
IncludeFiles: includeFiles,
1233-
})
1234-
1234+
}, bundle)
12351235
if err != nil {
12361236
return fmt.Errorf("reading checkpoint directory %q: %w", c.ID(), err)
12371237
}
@@ -1312,10 +1312,10 @@ func (c *Container) checkpoint(ctx context.Context, options ContainerCheckpointO
13121312
}
13131313
defer shmDirTarFile.Close()
13141314

1315-
input, err := archive.TarWithOptions(c.config.ShmDir, &archive.TarOptions{
1315+
input, err := chrootarchive.Tar(c.config.ShmDir, &archive.TarOptions{
13161316
Compression: archive.Uncompressed,
13171317
IncludeSourceDir: true,
1318-
})
1318+
}, c.config.ShmDir)
13191319
if err != nil {
13201320
return nil, 0, err
13211321
}
@@ -1488,7 +1488,7 @@ func (c *Container) importPreCheckpoint(input string) error {
14881488

14891489
defer archiveFile.Close()
14901490

1491-
err = archive.Untar(archiveFile, c.bundlePath(), nil)
1491+
err = chrootarchive.Untar(archiveFile, c.bundlePath(), nil)
14921492
if err != nil {
14931493
return fmt.Errorf("unpacking of pre-checkpoint archive %s failed: %w", input, err)
14941494
}
@@ -1751,7 +1751,7 @@ func (c *Container) restore(ctx context.Context, options ContainerCheckpointOpti
17511751
}
17521752
defer shmDirTarFile.Close()
17531753

1754-
if err := archive.UntarUncompressed(shmDirTarFile, c.config.ShmDir, nil); err != nil {
1754+
if err := chrootarchive.UntarUncompressed(shmDirTarFile, c.config.ShmDir, nil); err != nil {
17551755
return nil, 0, err
17561756
}
17571757
}
@@ -1791,7 +1791,7 @@ func (c *Container) restore(ctx context.Context, options ContainerCheckpointOpti
17911791
if mountPoint == "" {
17921792
return nil, 0, fmt.Errorf("unable to import volume %s as it is not mounted: %w", volume.Name(), err)
17931793
}
1794-
if err := archive.UntarUncompressed(volumeFile, mountPoint, nil); err != nil {
1794+
if err := chrootarchive.UntarUncompressed(volumeFile, mountPoint, nil); err != nil {
17951795
return nil, 0, fmt.Errorf("failed to extract volume %s to %s: %w", volumeFilePath, mountPoint, err)
17961796
}
17971797
}

libpod/oci_conmon_attach_linux.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@ import (
1010
)
1111

1212
func openUnixSocket(path string) (*net.UnixConn, error) {
13-
fd, err := unix.Open(path, unix.O_PATH, 0)
13+
fd, err := unix.Open(path, unix.O_PATH|unix.O_CLOEXEC, 0)
1414
if err != nil {
1515
return nil, err
1616
}

libpod/oci_conmon_exec_common.go

Lines changed: 12 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -510,6 +510,13 @@ func attachExecHTTP(c *Container, sessionID string, r *http.Request, w http.Resp
510510
return err
511511
}
512512

513+
// errCh receives deferredErr after all deferred cleanup in this function
514+
// has completed. The goroutine below reads from errCh so that it never
515+
// races with the deferred functions that may still be writing deferredErr
516+
// when holdConnOpen is closed by the caller.
517+
errCh := make(chan error, 1)
518+
defer func() { errCh <- deferredErr }()
519+
513520
defer func() {
514521
if !pipes.startClosed {
515522
errorhandling.CloseQuiet(pipes.startPipe)
@@ -608,7 +615,11 @@ func attachExecHTTP(c *Container, sessionID string, r *http.Request, w http.Resp
608615
// Can't be a defer, because this would block the function from
609616
// returning.
610617
<-holdConnOpen
611-
hijackWriteErrorAndClose(deferredErr, c.ID(), isTerminal, httpCon, httpBuf)
618+
// Block until all deferred cleanups in attachExecHTTP have run and
619+
// the final deferredErr value has been sent to errCh. This avoids
620+
// the data race that would occur if we read deferredErr directly
621+
// while deferred functions in this function may still be writing it.
622+
hijackWriteErrorAndClose(<-errCh, c.ID(), isTerminal, httpCon, httpBuf)
612623
}()
613624

614625
stdoutChan := make(chan error)

libpod/volume.go

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@ import (
1313
"github.com/containers/podman/v5/libpod/plugin"
1414
"github.com/containers/podman/v5/utils"
1515
"github.com/sirupsen/logrus"
16-
"go.podman.io/storage/pkg/archive"
16+
"go.podman.io/storage/pkg/chrootarchive"
1717
"go.podman.io/storage/pkg/directory"
1818
)
1919

@@ -342,7 +342,7 @@ func (v *Volume) Import(r io.Reader) error {
342342
}
343343
}()
344344

345-
if err := archive.Untar(r, mountPoint, nil); err != nil {
345+
if err := chrootarchive.Untar(r, mountPoint, nil); err != nil {
346346
return fmt.Errorf("extracting into volume %s: %w", v.Name(), err)
347347
}
348348

pkg/api/handlers/compat/images_build.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1237,6 +1237,6 @@ func extractTarFile(anchorDir string, r io.ReadCloser) (string, error) {
12371237
return "", err
12381238
}
12391239

1240-
err = archive.Untar(r, buildDir, nil)
1240+
err = chrootarchive.Untar(r, buildDir, nil)
12411241
return buildDir, err
12421242
}

pkg/api/handlers/libpod/kube.go

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -12,8 +12,6 @@ import (
1212
"os"
1313
"path/filepath"
1414

15-
"go.podman.io/storage/pkg/archive"
16-
1715
"github.com/containers/podman/v5/libpod"
1816
"github.com/containers/podman/v5/pkg/api/handlers/utils"
1917
api "github.com/containers/podman/v5/pkg/api/types"
@@ -23,6 +21,7 @@ import (
2321
"github.com/gorilla/schema"
2422
"github.com/sirupsen/logrus"
2523
"go.podman.io/image/v5/types"
24+
"go.podman.io/storage/pkg/chrootarchive"
2625
)
2726

2827
// ExtractPlayReader provide an io.Reader given a http.Request object
@@ -52,7 +51,7 @@ func extractPlayReader(anchorDir string, r *http.Request) (io.Reader, error) {
5251
reader = r.Body
5352
case "application/x-tar":
5453
// un-tar the content
55-
err := archive.Untar(r.Body, anchorDir, nil)
54+
err := chrootarchive.Untar(r.Body, anchorDir, nil)
5655
if err != nil {
5756
return nil, err
5857
}

pkg/api/handlers/libpod/quadlets.go

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -11,8 +11,6 @@ import (
1111
"path/filepath"
1212
"strings"
1313

14-
"go.podman.io/storage/pkg/archive"
15-
1614
"github.com/containers/podman/v5/libpod"
1715
"github.com/containers/podman/v5/libpod/define"
1816
"github.com/containers/podman/v5/pkg/api/handlers/utils"
@@ -23,6 +21,7 @@ import (
2321
"github.com/containers/podman/v5/pkg/util"
2422
"github.com/gorilla/schema"
2523
"github.com/sirupsen/logrus"
24+
"go.podman.io/storage/pkg/chrootarchive"
2625
)
2726

2827
func ListQuadlets(w http.ResponseWriter, r *http.Request) {
@@ -94,7 +93,7 @@ func extractQuadletFiles(tempDir string, r io.ReadCloser) ([]string, error) {
9493
return nil, err
9594
}
9695

97-
err = archive.Untar(r, quadletDir, nil)
96+
err = chrootarchive.Untar(r, quadletDir, nil)
9897
if err != nil {
9998
return nil, err
10099
}

0 commit comments

Comments
 (0)