Merge db0d65edcd into f5e5a4b848

.gitignore

@@ -1,14 +1,16 @@
-.artifacts/
+/.artifacts/
-conmon/conmon
+/.vscode
-conmon/conmon.o
+/conmon/conmon
-pause/pause
+/conmon/conmon.o
-pause/pause.o
+/pause/pause
+/pause/pause.o
 /docs/*.[158]
 /docs/*.[158].gz
-ocid.conf
+/_output
+/ocid.conf
+/test/bin2img/bin2img
+/test/copyimg/copyimg
+/test/testdata/redis-image
+/test/checkseccomp/checkseccomp
 *.orig
 *.rej
-test/bin2img/bin2img
-test/copyimg/copyimg
-test/testdata/redis-image
-test/checkseccomp/checkseccomp

.tool/lint

@@ -5,7 +5,7 @@ set -o nounset
 set -o pipefail
 
 for d in $(find . -type d -not -iwholename '*.git*' -a -not -iname '.tool' -a -not -iwholename '*vendor*'); do
-	${GOPATH}/bin/gometalinter \
+	gometalinter \
 		 --exclude='error return value not checked.*(Close|Log|Print).*\(errcheck\)$' \
 		 --exclude='.*_test\.go:.*error return value not checked.*\(errcheck\)$' \
 		 --exclude='duplicate of.*_test.go.*\(dupl\)$' \

Makefile

@@ -13,8 +13,11 @@ ETCDIR ?= ${DESTDIR}/etc
 ETCDIR_OCID ?= ${ETCDIR}/ocid
 BUILDTAGS := selinux seccomp $(shell hack/btrfs_tag.sh) $(shell hack/libdm_tag.sh)
 BASHINSTALLDIR=${PREFIX}/share/bash-completion/completions
-GOBINDIR := $(word 1,$(subst :, ,$(GOPATH)))
+SYSTEM_GOPATH := ${GOPATH}
-PATH := $(GOBINDIR)/bin:$(PATH)
+OUTDIR ?= _output
+GOPATH := $(abspath $(OUTDIR))$(if $(GOPATH),:$(GOPATH))
+GOBIN := $(OUTDIR)/bin
+PATH := $(GOBIN):$(PATH)
 
 all: binaries ocid.conf docs
 
@@ -30,14 +33,15 @@ help:
 	@echo " * 'lint' - Execute the source code linter"
 	@echo " * 'gofmt' - Verify the source code gofmt"
 
-.PHONY: check-gopath
+$(OUTDIR): $(OUTDIR)/.ok
 
-check-gopath:
+$(OUTDIR)/.ok:
-ifndef GOPATH
+	mkdir -p "$(dir $(OUTDIR)/src/$(PROJECT))"
-	$(error GOPATH is not set)
+	ln -s ../../../.. "$(OUTDIR)/src/$(PROJECT)"
-endif
+	mkdir -p $(GOBIN)
+	touch $@
 
-lint: check-gopath
+lint: $(OUTDIR)
 	@echo "checking lint"
 	@./.tool/lint
 
@@ -56,18 +60,20 @@ bin2img:
 copyimg:
 	$(MAKE) -C test/$@ BUILDTAGS="$(BUILDTAGS)"
 
-checkseccomp: check-gopath
+checkseccomp:
-	$(MAKE) -C test/$@
+	$(GO) test \
+		-tags "$(BUILDTAGS)" \
+		$(PROJECT)/test/bin2img
 
-ocid: check-gopath
+ocid: $(OUTDIR)
 	$(GO) install \
 		-tags "$(BUILDTAGS)" \
 		$(PROJECT)/cmd/ocid
 
-ocic: check-gopath
+ocic: $(OUTDIR)
 	$(GO) install $(PROJECT)/cmd/ocic
 
-kpod: check-gopath
+kpod: $(OUTDIR)
 	$(GO) install $(PROJECT)/cmd/kpod
 
 ocid.conf: ocid
@@ -101,21 +107,21 @@ binaries: ocid ocic kpod conmon pause bin2img copyimg checkseccomp
 MANPAGES_MD := $(wildcard docs/*.md)
 MANPAGES    := $(MANPAGES_MD:%.md=%)
 
-docs/%.1: docs/%.1.md check-gopath
+docs/%.1: docs/%.1.md $(OUTDIR)
 	go-md2man -in $< -out $@.tmp && touch $@.tmp && mv $@.tmp $@
 
-docs/%.5: docs/%.5.md check-gopath
+docs/%.5: docs/%.5.md $(OUTDIR)
 	go-md2man -in $< -out $@.tmp && touch $@.tmp && mv $@.tmp $@
 
-docs/%.8: docs/%.8.md check-gopath
+docs/%.8: docs/%.8.md $(OUTDIR)
 	go-md2man -in $< -out $@.tmp && touch $@.tmp && mv $@.tmp $@
 
 docs: $(MANPAGES)
 
-install: check-gopath
+install: $(OUTDIR)
-	install -D -m 755 $(GOBINDIR)/bin/ocid $(BINDIR)/ocid
+	install -D -m 755 $(GOBIN)/ocid $(BINDIR)/ocid
-	install -D -m 755 $(GOBINDIR)/bin/ocic $(BINDIR)/ocic
+	install -D -m 755 $(GOBIN)/ocic $(BINDIR)/ocic
-	install -D -m 755 $(GOBINDIR)/bin/kpod $(BINDIR)/kpod
+	install -D -m 755 $(GOBIN)/kpod $(BINDIR)/kpod
 	install -D -m 755 conmon/conmon $(LIBEXECDIR)/ocid/conmon
 	install -D -m 755 pause/pause $(LIBEXECDIR)/ocid/pause
 	install -d -m 755 $(MANDIR)/man1
@@ -153,7 +159,7 @@ uninstall:
 
 .PHONY: .gitvalidation
 # When this is running in travis, it will only check the travis commit range
-.gitvalidation: check-gopath
+.gitvalidation: $(OUTDIR)
 ifeq ($(TRAVIS),true)
 	git-validation -q -run DCO,short-subject
 else
@@ -165,14 +171,14 @@ endif
 install.tools: .install.gitvalidation .install.gometalinter .install.md2man
 
 .install.gitvalidation:
-	go get -u github.com/vbatts/git-validation
+	GOPATH=${SYSTEM_GOPATH} go get -u github.com/vbatts/git-validation
 
 .install.gometalinter:
-	go get -u github.com/alecthomas/gometalinter
+	GOPATH=${SYSTEM_GOPATH} go get -u github.com/alecthomas/gometalinter
-	gometalinter --install
+	GOPATH=${SYSTEM_GOPATH} gometalinter --install
 
 .install.md2man:
-	go get -u github.com/cpuguy83/go-md2man
+	GOPATH=${SYSTEM_GOPATH} go get -u github.com/cpuguy83/go-md2man
 
 .PHONY: \
 	bin2img \

README.md

@@ -38,33 +38,74 @@ It is currently in active development in the Kubernetes community through the [d
 ## Getting started
 
 ### Prerequisites
+
 `runc` version 1.0.0.rc1 or greater is expected to be installed on the system. It is picked up as the default runtime by ocid.
 
+### Build Dependencies
+
+**Required**
+
+Fedora, CentOS, RHEL, and related distributions:
+
+```bash
+yum install -y \
+  runc \
+  btrfs-progs-devel \
+  device-mapper-devel \
+  glib2-devel \
+  glibc-devel \
+  gpgme-devel \
+  libassuan-devel \
+  libgpg-error-devel
+```
+
+Debian, Ubuntu, and related distributions:
+
+```bash
+apt install -y \
+  runc \
+  btrfs-tools \
+  libassuan-dev \
+  libdevmapper-dev \
+  libglib2.0-dev \
+  libc6-dev \
+  libgpgme11-dev \
+  libgpg-error-dev
+```
+
+If using an older release or a long-term support release, be careful to double-check that the version of `runc` is new enough, or else build your own.
+
+**Optional**
+
+Fedora, CentOS, RHEL, and related distributions:
+
+```bash
+yum install -y \
+  libseccomp-devel \
+  libapparmor
+```
+
+Debian, Ubuntu, and related distributions:
+
+```bash
+apt install -y \
+  libseccomp-dev \
+  libapparmor-dev
+```
+
 ### Build
 
-`btrfs-progs-devel`, `device-mapper-devel`, `glib2-devel`, `glibc-devel`, `gpgme-devel`, `libassuan-devel`, `libgpg-error-devel`, and `pkg-config` packages on CentOS/Fedora or `btrfs-tools`, `libassuan-dev`, `libc6-dev`, `libdevmapper-dev`, `libglib2.0-dev`, `libgpg-error-dev`, `libgpgme11-dev`, and `pkg-config` on Ubuntu or equivalent is required.
-In order to enable seccomp support you will need to install development files for `libseccomp` on your platform.
-> e.g. `libseccomp-devel` for CentOS/Fedora, or `libseccomp-dev` for Ubuntu
-In order to enable apparmor support you will need to install development files for `libapparmor` on your platform.
-> e.g. `libapparmor-dev` for Ubuntu
-
 ```bash
-$ GOPATH=/path/to/gopath
+git clone https://github.com/kubernetes-incubator/cri-o # or your fork
-$ mkdir $GOPATH
-$ go get -d github.com/kubernetes-incubator/cri-o
-$ cd $GOPATH/src/github.com/kubernetes-incubator/cri-o
-$ make install.tools
-$ make
-$ sudo make install
-```
-Otherwise, if you do not want to build `cri-o` with seccomp support you can add `BUILDTAGS=""` when running make.
-
-```bash
-# create a 'github.com/kubernetes-incubator' in your $GOPATH/src
-cd github.com/kubernetes-incubator
-git clone https://github.com/kubernetes-incubator/cri-o
 cd cri-o
+make install.tools
+make
+sudo make install
+```
 
+To avoid building `cri-o` with seccomp support, add `BUILDTAGS=""` when running `make` instead:
+
+```bash
 make BUILDTAGS=""
 sudo make install
 ```

test/helpers.bash

@@ -9,10 +9,14 @@ TESTDATA="${INTEGRATION_ROOT}/testdata"
 # Root directory of the repository.
 OCID_ROOT=${OCID_ROOT:-$(cd "$INTEGRATION_ROOT/../.."; pwd -P)}
 
+# Installation directory for Go binaries
+GOPATH=${GOPATH:-${OCID_ROOT}/cri-o/_output}
+GOBIN=${GOBIN:-${GOPATH}/bin}
+
 # Path of the ocid binary.
-OCID_BINARY=${OCID_BINARY:-${GOPATH}/bin/ocid}
+OCID_BINARY=${OCID_BINARY:-${GOBIN}/ocid}
 # Path of the ocic binary.
-OCIC_BINARY=${OCIC_BINARY:-${GOPATH}/bin/ocic}
+OCIC_BINARY=${OCIC_BINARY:-${GOBIN}/ocic}
 # Path of the conmon binary.
 CONMON_BINARY=${CONMON_BINARY:-${OCID_ROOT}/cri-o/conmon/conmon}
 # Path of the pause binary.