mirrors/binctr
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

cleanup

Browse source 
Signed-off-by: Jess Frazelle <acidburn@microsoft.com>
This commit is contained in:
Jess Frazelle 2018-03-19 22:21:14 -04:00
parent 2446892a69
commit 0186c7808b
10 changed files with 85 additions and 1725 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
.gitignore vendored
View file

@ -52,6 +52,5 @@ profile.out
*.tar *.tar
rootfs rootfs
config.json config.json
bin image/data.go
rootfs.go
.ip .ip

76
Makefile
View file

@ -1,17 +1,18 @@
# Set an output prefix, which is the local directory if not specified # Set an output prefix, which is the local directory if not specified
PREFIX?=$(shell pwd) PREFIX?=$(shell pwd)
BUILDTAGS=seccomp apparmor
# Setup name variables for the package/tool # Setup name variables for the package/tool
NAME := binctr NAME := binctr
PKG := github.com/genuinetools/$(NAME) PKG := github.com/genuinetools/$(NAME)
# Set any default go build tags # Set any default go build tags
BUILDTAGS := BUILDTAGS := seccomp apparmor
# Set the build dir, where built cross-compiled binaries will be output # Set the build dir, where built cross-compiled binaries will be output
BUILDDIR := ${PREFIX}/cross BUILDDIR := ${PREFIX}/cross
IMAGE := alpine
# Populate version variables # Populate version variables
# Add to compile time flags # Add to compile time flags
VERSION := $(shell cat VERSION.txt) VERSION := $(shell cat VERSION.txt)
@ -20,28 +21,26 @@ GITUNTRACKEDCHANGES := $(shell git status --porcelain --untracked-files=no)
ifneq ($(GITUNTRACKEDCHANGES),) ifneq ($(GITUNTRACKEDCHANGES),)
GITCOMMIT := $(GITCOMMIT)-dirty GITCOMMIT := $(GITCOMMIT)-dirty
endif endif
CTIMEVAR=-X $(PKG)/version.GITCOMMIT=$(GITCOMMIT) -X $(PKG)/version.VERSION=$(VERSION) CTIMEVAR=-X $(PKG)/version.GITCOMMIT=$(GITCOMMIT) -X $(PKG)/version.VERSION=$(VERSION) \
-X main.IMAGE=$(notdir $(IMAGE)) \
-X main.IMAGESHA=$(shell docker inspect --format "{{.Id}}" $(IMAGE))
GO_LDFLAGS=-ldflags "-w $(CTIMEVAR)" GO_LDFLAGS=-ldflags "-w $(CTIMEVAR)"
GO_LDFLAGS_STATIC=-ldflags "-w $(CTIMEVAR) -extldflags -static" GO_LDFLAGS_STATIC=-ldflags "-w $(CTIMEVAR) -extldflags -static"
# List the GOOS and GOARCH to build all: clean build fmt lint test staticcheck vet ## Runs a clean, build, fmt, lint, test, staticcheck, and vet
GOOSARCHES = darwin/amd64 darwin/386 freebsd/amd64 freebsd/386 linux/arm linux/arm64 linux/amd64 linux/386 solaris/amd64 windows/amd64 windows/386
all: clean build fmt lint test staticcheck vet install ## Runs a clean, build, fmt, lint, test, staticcheck, vet and install
.PHONY: build .PHONY: build
build: $(NAME) ## Builds a dynamic executable or package build: $(BUILDDIR)/$(notdir $(IMAGE)) ## Builds a static executable or package
$(NAME): *.go VERSION.txt $(BUILDDIR):
@echo "+ $@" @mkdir -p $@
go build -tags "$(BUILDTAGS)" ${GO_LDFLAGS} -o $(NAME) .
.PHONY: static $(BUILDDIR)/$(notdir $(IMAGE)): $(BUILDDIR) image/data.go *.go VERSION.txt
static: ## Builds a static executable
@echo "+ $@" @echo "+ $@"
CGO_ENABLED=0 go build \ CGO_ENABLED=1 go build \
-tags "$(BUILDTAGS) static_build" \ -tags "$(BUILDTAGS) static_build" \
${GO_LDFLAGS_STATIC} -o $(NAME) . ${GO_LDFLAGS_STATIC} -o $@ .
@echo "Static container for $(IMAGE) created at: $@"
.PHONY: fmt .PHONY: fmt
fmt: ## Verifies all files have men `gofmt`ed fmt: ## Verifies all files have men `gofmt`ed
@ -79,40 +78,6 @@ cover: ## Runs go test with coverage
fi; \ fi; \
done; done;
.PHONY: install
install: ## Installs the executable or package
@echo "+ $@"
go install -a -tags "$(BUILDTAGS)" ${GO_LDFLAGS} .
define buildpretty
mkdir -p $(BUILDDIR)/$(1)/$(2);
GOOS=$(1) GOARCH=$(2) CGO_ENABLED=0 go build \
-o $(BUILDDIR)/$(1)/$(2)/$(NAME) \
-a -tags "$(BUILDTAGS) static_build netgo" \
-installsuffix netgo ${GO_LDFLAGS_STATIC} .;
md5sum $(BUILDDIR)/$(1)/$(2)/$(NAME) > $(BUILDDIR)/$(1)/$(2)/$(NAME).md5;
sha256sum $(BUILDDIR)/$(1)/$(2)/$(NAME) > $(BUILDDIR)/$(1)/$(2)/$(NAME).sha256;
endef
.PHONY: cross
cross: *.go VERSION.txt ## Builds the cross-compiled binaries, creating a clean directory structure (eg. GOOS/GOARCH/binary)
@echo "+ $@"
$(foreach GOOSARCH,$(GOOSARCHES), $(call buildpretty,$(subst /,,$(dir $(GOOSARCH))),$(notdir $(GOOSARCH))))
define buildrelease
GOOS=$(1) GOARCH=$(2) CGO_ENABLED=0 go build \
-o $(BUILDDIR)/$(NAME)-$(1)-$(2) \
-a -tags "$(BUILDTAGS) static_build netgo" \
-installsuffix netgo ${GO_LDFLAGS_STATIC} .;
md5sum $(BUILDDIR)/$(NAME)-$(1)-$(2) > $(BUILDDIR)/$(NAME)-$(1)-$(2).md5;
sha256sum $(BUILDDIR)/$(NAME)-$(1)-$(2) > $(BUILDDIR)/$(NAME)-$(1)-$(2).sha256;
endef
.PHONY: release
release: *.go VERSION.txt ## Builds the cross-compiled binaries, naming them in such a way for release (eg. binary-GOOS-GOARCH)
@echo "+ $@"
$(foreach GOOSARCH,$(GOOSARCHES), $(call buildrelease,$(subst /,,$(dir $(GOOSARCH))),$(notdir $(GOOSARCH))))
.PHONY: bump-version .PHONY: bump-version
BUMP := patch BUMP := patch
bump-version: ## Bump the version in the version file. Set BUMP to [ patch | major | minor ] bump-version: ## Bump the version in the version file. Set BUMP to [ patch | major | minor ]
@ -131,11 +96,24 @@ tag: ## Create a new git tag to prepare to build a release
git tag -sa $(VERSION) -m "$(VERSION)" git tag -sa $(VERSION) -m "$(VERSION)"
@echo "Run git push origin $(VERSION) to push your new tag to GitHub and trigger a travis build." @echo "Run git push origin $(VERSION) to push your new tag to GitHub and trigger a travis build."
.PHONY: image.tar
image.tar:
docker pull --disable-content-trust=false $(IMAGE)
docker export $(shell docker create $(IMAGE) sh) > $@
.PHONY: image/data.go
image/data.go: image.tar
GOMAXPROCS=1 go generate
.PHONY: clean .PHONY: clean
clean: ## Cleanup any build binaries or packages clean: ## Cleanup any build binaries or packages
@echo "+ $@" @echo "+ $@"
$(RM) $(NAME) $(RM) $(NAME)
$(RM) -r $(BUILDDIR) $(RM) -r $(BUILDDIR)
@sudo $(RM) -r rootfs
$(RM) *.tar
$(RM) image/data.go
-@docker rm $(shell docker ps -aq) /dev/null 2>&1
.PHONY: help .PHONY: help
help: help:

10
generate.go
View file

@ -9,19 +9,23 @@ import (
"path/filepath" "path/filepath"
) )
// Reads static/index.html and saves as a constant in static.go // Reads image.tar and saves as a constant in rootfs.go
func main() { func main() {
wd, err := os.Getwd() wd, err := os.Getwd()
if err != nil { if err != nil {
panic(err) panic(err)
} }
out, err := os.Create(filepath.Join(wd, "rootfs.go")) out, err := os.Create(filepath.Join(wd, "image", "data.go"))
if err != nil { if err != nil {
panic(err) panic(err)
} }
tarPath := filepath.Join(wd, "image.tar") tarPath := filepath.Join(wd, "image.tar")
out.Write([]byte("// This file is autogenerated; DO NOT EDIT DIRECTLY\n// See generate.go for more info\npackage main\n\nconst (\n")) out.Write([]byte("// Package image is autogenerated; DO NOT EDIT DIRECTLY\n"))
out.Write([]byte("// See generate.go for more info\n"))
out.Write([]byte("package image\n\n"))
out.Write([]byte("const (\n"))
out.Write([]byte("\t// DATA is the image data that is embessed at compile time.\n"))
out.Write([]byte("\tDATA = `")) out.Write([]byte("\tDATA = `"))
f, err := ioutil.ReadFile(tarPath) f, err := ioutil.ReadFile(tarPath)
if err != nil { if err != nil {

7
image/image.go Normal file
View file

@ -0,0 +1,7 @@
package image
// NAME is the name of the image that is embedded at compile time.
var NAME string
// SHA is the sha digest of the image that is embedded at compile time.
var SHA string

12
main.go
View file

@ -10,6 +10,7 @@ import (
"strings" "strings"
aaprofile "github.com/docker/docker/profiles/apparmor" aaprofile "github.com/docker/docker/profiles/apparmor"
"github.com/genuinetools/binctr/image"
"github.com/genuinetools/binctr/version" "github.com/genuinetools/binctr/version"
"github.com/opencontainers/runc/libcontainer" "github.com/opencontainers/runc/libcontainer"
"github.com/opencontainers/runc/libcontainer/apparmor" "github.com/opencontainers/runc/libcontainer/apparmor"
@ -56,11 +57,6 @@ var (
debug bool debug bool
vrsn bool vrsn bool
// IMAGE is the name of the image that is embedded at compile time.
IMAGE = "alpine"
// IMAGESHA is the sha digest of the image that is embedded at compile time.
IMAGESHA = "sha256:70c557e50ed630deed07cbb0dc4d28aa0f2a485cf7af124cc48f06bce83f784b"
) )
// stringSlice is a slice of strings // stringSlice is a slice of strings
@ -107,7 +103,7 @@ func (s stringSlice) ParseHooks() (hooks specs.Hooks, err error) {
func init() { func init() {
// Parse flags // Parse flags
flag.StringVar(&containerID, "id", IMAGE, "container ID") flag.StringVar(&containerID, "id", image.NAME, "container ID")
flag.StringVar(&pidFile, "pid-file", "", "specify the file to write the process id to") flag.StringVar(&pidFile, "pid-file", "", "specify the file to write the process id to")
flag.StringVar(&root, "root", defaultRoot, "root directory of container state, should be tmpfs") flag.StringVar(&root, "root", defaultRoot, "root directory of container state, should be tmpfs")
@ -123,14 +119,14 @@ func init() {
flag.BoolVar(&debug, "D", false, "run in debug mode") flag.BoolVar(&debug, "D", false, "run in debug mode")
flag.Usage = func() { flag.Usage = func() {
fmt.Fprint(os.Stderr, fmt.Sprintf(BANNER, IMAGE, IMAGESHA, version.VERSION, version.GITCOMMIT)) fmt.Fprint(os.Stderr, fmt.Sprintf(BANNER, image.NAME, image.SHA, version.VERSION, version.GITCOMMIT))
flag.PrintDefaults() flag.PrintDefaults()
} }
flag.Parse() flag.Parse()
if vrsn { if vrsn {
fmt.Printf("%s, commit: %s, image: %s, image digest: %s", version.VERSION, version.GITCOMMIT, IMAGE, IMAGESHA) fmt.Printf("%s, commit: %s, image: %s, image digest: %s", version.VERSION, version.GITCOMMIT, image.NAME, image.SHA)
os.Exit(0) os.Exit(0)
} }

6
notify_socket.go
View file

@ -63,16 +63,16 @@ func (s *notifySocket) setupSocket() error {
// pid1 must be set only with -d, as it is used to set the new process as the main process // pid1 must be set only with -d, as it is used to set the new process as the main process
// for the service in butts // for the service in butts
func (notifySocket *notifySocket) run(pid1 int) { func (s *notifySocket) run(pid1 int) {
buf := make([]byte, 512) buf := make([]byte, 512)
notifySocketHostAddr := net.UnixAddr{Name: notifySocket.host, Net: "unixgram"} notifySocketHostAddr := net.UnixAddr{Name: s.host, Net: "unixgram"}
client, err := net.DialUnix("unixgram", nil, &notifySocketHostAddr) client, err := net.DialUnix("unixgram", nil, &notifySocketHostAddr)
if err != nil { if err != nil {
logrus.Error(err) logrus.Error(err)
return return
} }
for { for {
r, err := notifySocket.socket.Read(buf) r, err := s.socket.Read(buf)
if err != nil { if err != nil {
break break
} }

64
rlimit_linux.go
View file

@ -3,41 +3,41 @@ package main
import "fmt" import "fmt"
const ( const (
RLIMIT_CPU = iota // CPU time in sec rLimitCPU = iota // CPU time in sec
RLIMIT_FSIZE // Maximum filesize rLimitFsize // Maximum filesize
RLIMIT_DATA // max data size rLimitData // max data size
RLIMIT_STACK // max stack size rLimitStack // max stack size
RLIMIT_CORE // max core file size rLimitCore // max core file size
RLIMIT_RSS // max resident set size rLimitRss // max resident set size
RLIMIT_NPROC // max number of processes rLimitNproc // max number of processes
RLIMIT_NOFILE // max number of open files rLimitNofile // max number of open files
RLIMIT_MEMLOCK // max locked-in-memory address space rLimitMemlock // max locked-in-memory address space
RLIMIT_AS // address space limit rLimitAs // address space limit
RLIMIT_LOCKS // maximum file locks held rLimitLocks // maximum file locks held
RLIMIT_SIGPENDING // max number of pending signals rLimitSigpending // max number of pending signals
RLIMIT_MSGQUEUE // maximum bytes in POSIX mqueues rLimitMsgqueue // maximum bytes in POSIX mqueues
RLIMIT_NICE // max nice prio allowed to raise to rLimitNice // max nice prio allowed to raise to
RLIMIT_RTPRIO // maximum realtime priority rLimitRtprio // maximum realtime priority
RLIMIT_RTTIME // timeout for RT tasks in us rLimitRttime // timeout for RT tasks in us
) )
var rlimitMap = map[string]int{ var rlimitMap = map[string]int{
"RLIMIT_CPU": RLIMIT_CPU, "RLIMIT_CPU": rLimitCPU,
"RLIMIT_FSIZE": RLIMIT_FSIZE, "RLIMIT_FSIZE": rLimitFsize,
"RLIMIT_DATA": RLIMIT_DATA, "RLIMIT_DATA": rLimitData,
"RLIMIT_STACK": RLIMIT_STACK, "RLIMIT_STACK": rLimitStack,
"RLIMIT_CORE": RLIMIT_CORE, "RLIMIT_CORE": rLimitCore,
"RLIMIT_RSS": RLIMIT_RSS, "RLIMIT_RSS": rLimitRss,
"RLIMIT_NPROC": RLIMIT_NPROC, "RLIMIT_NPROC": rLimitNproc,
"RLIMIT_NOFILE": RLIMIT_NOFILE, "RLIMIT_NOFILE": rLimitNofile,
"RLIMIT_MEMLOCK": RLIMIT_MEMLOCK, "RLIMIT_MEMLOCK": rLimitMemlock,
"RLIMIT_AS": RLIMIT_AS, "RLIMIT_AS": rLimitAs,
"RLIMIT_LOCKS": RLIMIT_LOCKS, "RLIMIT_LOCKS": rLimitLocks,
"RLIMIT_SIGPENDING": RLIMIT_SIGPENDING, "RLIMIT_SIGPENDING": rLimitSigpending,
"RLIMIT_MSGQUEUE": RLIMIT_MSGQUEUE, "RLIMIT_MSGQUEUE": rLimitMsgqueue,
"RLIMIT_NICE": RLIMIT_NICE, "RLIMIT_NICE": rLimitNice,
"RLIMIT_RTPRIO": RLIMIT_RTPRIO, "RLIMIT_RTPRIO": rLimitRtprio,
"RLIMIT_RTTIME": RLIMIT_RTTIME, "RLIMIT_RTTIME": rLimitRttime,
} }
func strToRlimit(key string) (int, error) { func strToRlimit(key string) (int, error) {

5
rootfs_ops.go → rootfs.go
View file

@ -8,13 +8,12 @@ import (
"path/filepath" "path/filepath"
"github.com/docker/docker/pkg/archive" "github.com/docker/docker/pkg/archive"
"github.com/genuinetools/binctr/image"
"github.com/opencontainers/runtime-spec/specs-go" "github.com/opencontainers/runtime-spec/specs-go"
) )
const DATA = ""
func unpackRootfs(spec *specs.Spec) error { func unpackRootfs(spec *specs.Spec) error {
data, err := base64.StdEncoding.DecodeString(DATA) data, err := base64.StdEncoding.DecodeString(image.DATA)
if err != nil { if err != nil {
return err return err
} }

1623
seccomp.json
View file

File diff suppressed because it is too large Load diff

4
signals.go
View file

@ -67,9 +67,9 @@ func (h *signalHandler) forward(process *libcontainer.Process, tty *tty, detach
if detach { if detach {
h.notifySocket.run(pid1) h.notifySocket.run(pid1)
return 0, nil return 0, nil
} else {
go h.notifySocket.run(0)
} }
go h.notifySocket.run(0)
} }
// Perform the initial tty resize. Always ignore errors resizing because // Perform the initial tty resize. Always ignore errors resizing because