genuinetools / img

Standalone, daemon-less, unprivileged Dockerfile and OCI compatible container image builder.

https://blog.jessfraz.com/post/building-container-images-securely-on-kubernetes/

MIT License

3.9k stars 231 forks source link

Embedded runc fixes #232

Closed kekoav closed 5 years ago

kekoav commented 5 years ago

Closes #231 . Depends on #230 being merged.

There was some flakiness with the embedded runc. A system installed runc would previously be used inadvertently. This is an attempt to fix bugs, but also harden some of the logic and error handling around embedding to make sure we are using the runc that the user expected.

What I did

[x] Moved embedded runc from temporary directory to the state directory. (eg. .local/share/img/bin)
[x] Require runc to be installed for all commands. This improves UX because users don't have to guess which commands require runc, and they will get quick feedback whether their img installation is fully working.
[x] If the embedded runc is requested, ensure the runc found on the PATH is indeed the embedded runc.
[x] Add debugging to the version endpoint to show which runc is being used.
[x] Added debugging log statements to help debug runc issues.
[x] Remove requirement of installed runc from builds.

`img version` Improvements

$ ./img version
img:
 version     : v0.5.6
 git hash    : 5d5df1b-dirty
 go version  : go1.11.9
 go compiler : gc
 platform    : linux/amd64
runc:
 version     : 1.0.0-rc6+dev
 commit      : 7cb3cde1f49eae53fb8fff5012c0750a64eb928b
 spec        : 1.0.1-dev

codecov-io commented 5 years ago

Codecov Report

Merging #232 into master will not change coverage. The diff coverage is 0%.

@@          Coverage Diff           @@
##           master   #232    +/-   ##
======================================
  Coverage       0%     0%            
======================================
  Files          14     16     +2     
  Lines         782    957   +175     
======================================
- Misses        782    957   +175

Impacted Files	Coverage Δ
push.go	`0% <0%> (ø)`	:arrow_up:
unpack.go	`0% <0%> (ø)`	:arrow_up:
pull.go	`0% <0%> (ø)`	:arrow_up:
login.go	`0% <0%> (ø)`	:arrow_up:
tag.go	`0% <0%> (ø)`	:arrow_up:
main.go	`0% <0%> (ø)`	:arrow_up:
diskusage.go	`0% <0%> (ø)`	:arrow_up:
prune.go	`0% <0%> (ø)`	:arrow_up:
build.go	`0% <0%> (ø)`	:arrow_up:
list.go	`0% <0%> (ø)`	:arrow_up:
... and 6 more

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update 158ee8b...52e6930. Read the comment docs.

jessfraz commented 5 years ago

waaah so sorry for the delay seems like it needs a rebase, @AkihiroSuda i think you have merge rights please feel free to merge in the future I feel badly being the hold up :)

kekoav commented 5 years ago

@jessfraz no worries, we are all busy 😄

@AkihiroSuda @jessfraz I have rebased. Reminder, this PR is on top of #230 .

genuinetools / img

Embedded runc fixes #232

What I did

img version Improvements

Codecov Report

`img version` Improvements