Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package rootlesskit for openSUSE:Factory checked in at 2024-09-17 18:17:02 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/rootlesskit (Old) and /work/SRC/openSUSE:Factory/.rootlesskit.new.29891 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rootlesskit" Tue Sep 17 18:17:02 2024 rev:11 rq:1201510 version:2.3.1 Changes: -------- --- /work/SRC/openSUSE:Factory/rootlesskit/rootlesskit.changes 2024-07-18 19:15:29.085074277 +0200 +++ /work/SRC/openSUSE:Factory/.rootlesskit.new.29891/rootlesskit.changes 2024-09-17 18:17:06.788291572 +0200 @@ -1,0 +2,24 @@ +Thu Sep 05 10:58:24 UTC 2024 - dcer...@suse.com + +- Update to version 2.3.1: + * v2.3.1 + * CI: attest-build-provenance: fix a subject-path issue (461) + * v2.3.0+dev + * v2.3.0 + * Enable actions/attest-build-provenance + * CI: update Docker (27.1.2) + * CI: update pasta (2024_08_14.61c0b0d) + * go.mod: golang.org/x/net v0.28.0 + * go.mod: github.com/insomniacslk/dhcp v0.0.0-20240812123929-b105c29bd1b5 + * Deprecate rootlesskit-docker-proxy (no longer needed since Docker v28) + * child, pasta: Allow drivers to configure their own interface, let pasta do that + * pasta: Let it run in background, and wait until it forks + * CI: update Go to 1.23 + * Build(deps): Bump github.com/urfave/cli/v2 from 2.27.3 to 2.27.4 + * Build(deps): Bump golang.org/x/sys from 0.22.0 to 0.24.0 + * Build(deps): Bump github.com/urfave/cli/v2 from 2.27.2 to 2.27.3 + * Build(deps): Bump github.com/gofrs/flock from 0.12.0 to 0.12.1 + * Build(deps): Bump github.com/moby/sys/mountinfo from 0.7.1 to 0.7.2 + * v2.2.0+dev + +------------------------------------------------------------------- Old: ---- rootlesskit-2.2.0.tar.gz New: ---- rootlesskit-2.3.1.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ rootlesskit.spec ++++++ --- /var/tmp/diff_new_pack.U2unzl/_old 2024-09-17 18:17:07.784332834 +0200 +++ /var/tmp/diff_new_pack.U2unzl/_new 2024-09-17 18:17:07.784332834 +0200 @@ -17,7 +17,7 @@ Name: rootlesskit -Version: 2.2.0 +Version: 2.3.1 Release: 0 Summary: Linux-native fakeroot using user namespaces License: Apache-2.0 ++++++ _service ++++++ --- /var/tmp/diff_new_pack.U2unzl/_old 2024-09-17 18:17:07.816334160 +0200 +++ /var/tmp/diff_new_pack.U2unzl/_new 2024-09-17 18:17:07.820334325 +0200 @@ -1,19 +1,19 @@ <services> - <service name="download_files" mode="disabled" /> - <service name="tar_scm" mode="disabled"> + <service name="download_files" mode="manual" /> + <service name="tar_scm" mode="manual"> <param name="url">https://github.com/rootless-containers/rootlesskit.git</param> <param name="scm">git</param> <param name="exclude">.git</param> - <param name="revision">v2.2.0</param> + <param name="revision">v2.3.1</param> <param name="versionformat">@PARENT_TAG@</param> <param name="changesgenerate">enable</param> <param name="versionrewrite-pattern">v(.*)</param> </service> - <service name="set_version" mode="disabled" /> - <service name="recompress" mode="disabled"> + <service name="set_version" mode="manual" /> + <service name="recompress" mode="manual"> <param name="file">*.tar</param> <param name="compression">gz</param> </service> - <service name="go_modules" mode="disabled" /> + <service name="go_modules" mode="manual" /> </services> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.U2unzl/_old 2024-09-17 18:17:07.840335154 +0200 +++ /var/tmp/diff_new_pack.U2unzl/_new 2024-09-17 18:17:07.844335319 +0200 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/rootless-containers/rootlesskit.git</param> - <param name="changesrevision">17a2cd4db1a98072b0e3454577139ceee685622c</param></service></servicedata> + <param name="changesrevision">fcc67feacd7deea8bca12a1a849e638704b8e7d2</param></service></servicedata> (No newline at EOF) ++++++ rootlesskit-2.2.0.tar.gz -> rootlesskit-2.3.1.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/rootlesskit-2.2.0/.github/workflows/release.yaml new/rootlesskit-2.3.1/.github/workflows/release.yaml --- old/rootlesskit-2.2.0/.github/workflows/release.yaml 2024-07-16 17:59:36.000000000 +0200 +++ new/rootlesskit-2.3.1/.github/workflows/release.yaml 2024-08-17 21:25:05.000000000 +0200 @@ -17,6 +17,12 @@ jobs: release: runs-on: ubuntu-22.04 + # The maximum access is "read" for PRs from public forked repos + # https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token + permissions: + contents: write # for releases + id-token: write # for provenances + attestations: write # for provenances steps: - uses: actions/checkout@v4 - name: "Build binaries" @@ -44,6 +50,12 @@ https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }} The sha256sum of the SHA256SUMS file itself is ${shasha} . EOF + - uses: actions/attest-build-provenance@v1 + if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v') + with: + subject-path: | + /tmp/artifact/* + /tmp/SHA256SUMS - name: "Create release" env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/rootlesskit-2.2.0/Dockerfile new/rootlesskit-2.3.1/Dockerfile --- old/rootlesskit-2.2.0/Dockerfile 2024-07-16 17:59:36.000000000 +0200 +++ new/rootlesskit-2.3.1/Dockerfile 2024-08-17 21:25:05.000000000 +0200 @@ -1,10 +1,10 @@ -ARG GO_VERSION=1.22 +ARG GO_VERSION=1.23 ARG UBUNTU_VERSION=24.04 ARG SHADOW_VERSION=4.16.0 ARG SLIRP4NETNS_VERSION=v1.3.1 ARG VPNKIT_VERSION=0.5.0 -ARG PASST_VERSION=2024_06_24.1ee2eca -ARG DOCKER_VERSION=27.0.3 +ARG PASST_VERSION=2024_08_14.61c0b0d +ARG DOCKER_VERSION=27.1.2 ARG DOCKER_CHANNEL=stable FROM golang:${GO_VERSION}-alpine AS build diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/rootlesskit-2.2.0/Makefile new/rootlesskit-2.3.1/Makefile --- old/rootlesskit-2.2.0/Makefile 2024-07-16 17:59:36.000000000 +0200 +++ new/rootlesskit-2.3.1/Makefile 2024-08-17 21:25:05.000000000 +0200 @@ -16,6 +16,8 @@ $(GO) build -o $@ -v ./cmd/rootlessctl bin/rootlesskit-docker-proxy: $(GO_FILES) + @echo "NOTE: rootlesskit-docker-proxy is required only if you use Docker prior to v28." + @echo "NOTE: rootlesskit-docker-proxy is DEPRECATED and will be removed in RootlessKit v3." $(GO) build -o $@ -v ./cmd/rootlesskit-docker-proxy .PHONY: cross diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/rootlesskit-2.2.0/README.md new/rootlesskit-2.3.1/README.md --- old/rootlesskit-2.2.0/README.md 2024-07-16 17:59:36.000000000 +0200 +++ new/rootlesskit-2.3.1/README.md 2024-08-17 21:25:05.000000000 +0200 @@ -67,7 +67,7 @@ The following binaries will be installed: - `/usr/local/bin/rootlesskit` - `/usr/local/bin/rootlessctl` -- `/usr/local/bin/rootlesskit-docker-proxy` (Can be safely removed if you do not use Docker) +- `/usr/local/bin/rootlesskit-docker-proxy` (DEPRECATED; Only required for Docker prior to [v28](https://github.com/moby/moby/pull/48132/commits/dac7ffa3404138a4f291c16586e5a2c68dad4151)) ### Requirements diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/rootlesskit-2.2.0/cmd/rootlesskit-docker-proxy/main.go new/rootlesskit-2.3.1/cmd/rootlesskit-docker-proxy/main.go --- old/rootlesskit-2.2.0/cmd/rootlesskit-docker-proxy/main.go 2024-07-16 17:59:36.000000000 +0200 +++ new/rootlesskit-2.3.1/cmd/rootlesskit-docker-proxy/main.go 2024-08-17 21:25:05.000000000 +0200 @@ -1,3 +1,12 @@ +// Package main provides the `rootlesskit-docker-proxy` binary (DEPRECATED) +// that was used by Docker prior to v28 for supporting rootless mode. +// +// The rootlesskit-docker-proxy binary is no longer needed since Docker v28, +// as the functionality of rootlesskit-docker-proxy is now provided by dockerd itself. +// +// https://github.com/moby/moby/pull/48132/commits/dac7ffa3404138a4f291c16586e5a2c68dad4151 +// +// rootlesskit-docker-proxy will be removed in RootlessKit v3. package main import ( diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/rootlesskit-2.2.0/go.mod new/rootlesskit-2.3.1/go.mod --- old/rootlesskit-2.2.0/go.mod 2024-07-16 17:59:36.000000000 +0200 +++ new/rootlesskit-2.3.1/go.mod 2024-08-17 21:25:05.000000000 +0200 @@ -5,16 +5,16 @@ require ( github.com/Masterminds/semver/v3 v3.2.1 github.com/containernetworking/plugins v1.5.1 - github.com/gofrs/flock v0.12.0 + github.com/gofrs/flock v0.12.1 github.com/google/uuid v1.6.0 github.com/gorilla/mux v1.8.1 - github.com/insomniacslk/dhcp v0.0.0-20240710054256-ddd8a41251c9 - github.com/moby/sys/mountinfo v0.7.1 + github.com/insomniacslk/dhcp v0.0.0-20240812123929-b105c29bd1b5 + github.com/moby/sys/mountinfo v0.7.2 github.com/moby/vpnkit v0.5.0 github.com/sirupsen/logrus v1.9.3 github.com/songgao/water v0.0.0-20200317203138-2b4b6d7c09d8 - github.com/urfave/cli/v2 v2.27.2 - golang.org/x/sys v0.22.0 + github.com/urfave/cli/v2 v2.27.4 + golang.org/x/sys v0.24.0 gotest.tools/v3 v3.5.1 ) @@ -25,5 +25,5 @@ github.com/russross/blackfriday/v2 v2.1.0 // indirect github.com/u-root/uio v0.0.0-20240224005618-d2acac8f3701 // indirect github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1 // indirect - golang.org/x/net v0.27.0 // indirect + golang.org/x/net v0.28.0 // indirect ) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/rootlesskit-2.2.0/go.sum new/rootlesskit-2.3.1/go.sum --- old/rootlesskit-2.2.0/go.sum 2024-07-16 17:59:36.000000000 +0200 +++ new/rootlesskit-2.3.1/go.sum 2024-08-17 21:25:05.000000000 +0200 @@ -13,8 +13,8 @@ github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI= github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= -github.com/gofrs/flock v0.12.0 h1:xHW8t8GPAiGtqz7KxiSqfOEXwpOaqhpYZrTE2MQBgXY= -github.com/gofrs/flock v0.12.0/go.mod h1:FirDy1Ing0mI2+kB6wk+vyyAH+e6xiE+EYA0jnzV9jc= +github.com/gofrs/flock v0.12.1 h1:MTLVXXHf8ekldpJk3AKicLij9MdwOWkZ+a/jHHZby9E= +github.com/gofrs/flock v0.12.1/go.mod h1:9zxTsyu5xtJ9DK+1tFZyibEV7y3uwDxPPfbxeeHCoD0= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6 h1:k7nVchz72niMH6YLQNvHSdIE7iqsQxK1P41mySCvssg= @@ -23,10 +23,10 @@ github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/gorilla/mux v1.8.1 h1:TuBL49tXwgrFYWhqrNgrUNEY92u81SPhu7sTdzQEiWY= github.com/gorilla/mux v1.8.1/go.mod h1:AKf9I4AEqPTmMytcMc0KkNouC66V3BtZ4qD5fmWSiMQ= -github.com/insomniacslk/dhcp v0.0.0-20240710054256-ddd8a41251c9 h1:LZJWucZz7ztCqY6Jsu7N9g124iJ2kt/O62j3+UchZFg= -github.com/insomniacslk/dhcp v0.0.0-20240710054256-ddd8a41251c9/go.mod h1:KclMyHxX06VrVr0DJmeFSUb1ankt7xTfoOA35pCkoic= -github.com/moby/sys/mountinfo v0.7.1 h1:/tTvQaSJRr2FshkhXiIpux6fQ2Zvc4j7tAhMTStAG2g= -github.com/moby/sys/mountinfo v0.7.1/go.mod h1:IJb6JQeOklcdMU9F5xQ8ZALD+CUr5VlGpwtX+VE0rpI= +github.com/insomniacslk/dhcp v0.0.0-20240812123929-b105c29bd1b5 h1:GkMacU5ftc+IEg1449N3UEy2XLDz58W4fkrRu2fibb8= +github.com/insomniacslk/dhcp v0.0.0-20240812123929-b105c29bd1b5/go.mod h1:KclMyHxX06VrVr0DJmeFSUb1ankt7xTfoOA35pCkoic= +github.com/moby/sys/mountinfo v0.7.2 h1:1shs6aH5s4o5H2zQLn796ADW1wMrIwHsyJ2v9KouLrg= +github.com/moby/sys/mountinfo v0.7.2/go.mod h1:1YOa8w8Ih7uW0wALDUgT1dTTSBrZ+HiBLGws92L2RU4= github.com/moby/vpnkit v0.5.0 h1:VcDpS9y+PmT9itf+mH5Qdh9GME7ungLMt9yjf9o4REY= github.com/moby/vpnkit v0.5.0/go.mod h1:KyjUrL9cb6ZSNNAUwZfqRjhwwgJ3BJN+kXh0t43WTUQ= github.com/onsi/ginkgo/v2 v2.19.0 h1:9Cnnf7UHo57Hy3k6/m5k3dRfGTMXGvxhHFvkDTCTpvA= @@ -49,16 +49,17 @@ github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/u-root/uio v0.0.0-20240224005618-d2acac8f3701 h1:pyC9PaHYZFgEKFdlp3G8RaCKgVpHZnecvArXvPXcFkM= github.com/u-root/uio v0.0.0-20240224005618-d2acac8f3701/go.mod h1:P3a5rG4X7tI17Nn3aOIAYr5HbIMukwXG0urG0WuL8OA= -github.com/urfave/cli/v2 v2.27.2 h1:6e0H+AkS+zDckwPCUrZkKX38mRaau4nL2uipkJpbkcI= -github.com/urfave/cli/v2 v2.27.2/go.mod h1:g0+79LmHHATl7DAcHO99smiR/T7uGLw84w8Y42x+4eM= +github.com/urfave/cli/v2 v2.27.4 h1:o1owoI+02Eb+K107p27wEX9Bb8eqIoZCfLXloLUSWJ8= +github.com/urfave/cli/v2 v2.27.4/go.mod h1:m4QzxcD2qpra4z7WhzEGn74WZLViBnMpb1ToCAKdGRQ= github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1 h1:gEOO8jv9F4OT7lGCjxCBTO/36wtF6j2nSip77qHd4x4= github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1/go.mod h1:Ohn+xnUBiLI6FVj/9LpzZWtj1/D6lUovWYBkxHVV3aM= golang.org/x/net v0.27.0 h1:5K3Njcw06/l2y9vpGCSdcxWOYHOUk3dVNGDXN+FvAys= golang.org/x/net v0.27.0/go.mod h1:dDi0PyhWNoiUOrAS8uXv/vnScO4wnHQO4mj9fn/RytE= -golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/net v0.28.0 h1:a9JDOJc5GMUJ0+UDqmLT86WiEy7iWyIhz8gz8E4e5hE= +golang.org/x/net v0.28.0/go.mod h1:yqtgsTWOOnlGLG9GFRrK3++bGOUEkNBoHZc8MEDWPNg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.22.0 h1:RI27ohtqKCnwULzJLqkv897zojh5/DwS/ENaMzUOaWI= -golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.24.0 h1:Twjiwq9dn6R1fQcyiK+wQyHWfaz/BJB+YIpzU/Cv3Xg= +golang.org/x/sys v0.24.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4= golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI= golang.org/x/tools v0.21.0 h1:qc0xYgIbsSDt9EyWz05J5wfa7LOVW0YTLOXrqdLAWIw= diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/rootlesskit-2.2.0/pkg/child/child.go new/rootlesskit-2.3.1/pkg/child/child.go --- old/rootlesskit-2.2.0/pkg/child/child.go 2024-07-16 17:59:36.000000000 +0200 +++ new/rootlesskit-2.3.1/pkg/child/child.go 2024-08-17 21:25:05.000000000 +0200 @@ -215,8 +215,11 @@ if err := os.WriteFile(stateDirResolvConf, generateResolvConf(msg.DNS), 0644); err != nil { return fmt.Errorf("writing %s: %w", stateDirResolvConf, err) } - if err := activateDev(dev, msg.IP, msg.Netmask, msg.Gateway, msg.MTU); err != nil { - return err + Info, _ := driver.ChildDriverInfo() + if !Info.ConfiguresInterface { + if err := activateDev(dev, msg.IP, msg.Netmask, msg.Gateway, msg.MTU); err != nil { + return err + } } if etcWasCopied { // remove copied-up link @@ -255,7 +258,11 @@ return fmt.Errorf("writing %s: %w", stateDirResolvConf, err) } if err := ns.WithNetNSPath(detachedNetNSPath, func(_ ns.NetNS) error { - return activateDev(dev, msg.IP, msg.Netmask, msg.Gateway, msg.MTU) + Info, _ := driver.ChildDriverInfo() + if !Info.ConfiguresInterface { + return activateDev(dev, msg.IP, msg.Netmask, msg.Gateway, msg.MTU) + } + return nil }); err != nil { return err } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/rootlesskit-2.2.0/pkg/network/lxcusernic/lxcusernic.go new/rootlesskit-2.3.1/pkg/network/lxcusernic/lxcusernic.go --- old/rootlesskit-2.2.0/pkg/network/lxcusernic/lxcusernic.go 2024-07-16 17:59:36.000000000 +0200 +++ new/rootlesskit-2.3.1/pkg/network/lxcusernic/lxcusernic.go 2024-08-17 21:25:05.000000000 +0200 @@ -148,6 +148,12 @@ return ack, nil } +func (d *childDriver) ChildDriverInfo() (*network.ChildDriverInfo, error) { + return &network.ChildDriverInfo { + ConfiguresInterface: false, + }, nil +} + func (d *childDriver) ConfigureNetworkChild(netmsg *messages.ParentInitNetworkDriverCompleted, detachedNetNSPath string) (string, error) { dev := netmsg.Dev if dev == "" { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/rootlesskit-2.2.0/pkg/network/network.go new/rootlesskit-2.3.1/pkg/network/network.go --- old/rootlesskit-2.2.0/pkg/network/network.go 2024-07-16 17:59:36.000000000 +0200 +++ new/rootlesskit-2.3.1/pkg/network/network.go 2024-08-17 21:25:05.000000000 +0200 @@ -17,6 +17,10 @@ ConfigureNetwork(childPID int, stateDir, detachedNetNSPath string) (netmsg *messages.ParentInitNetworkDriverCompleted, cleanup func() error, err error) } +type ChildDriverInfo struct { + ConfiguresInterface bool // Driver configures own namespace interface +} + // ChildDriver is called from the child namespace type ChildDriver interface { // ConfigureNetworkChild is executed in the child's namespaces, excluding detached-netns. @@ -24,4 +28,6 @@ // netmsg MAY be modified. // devName is like "tap" or "eth0" ConfigureNetworkChild(netmsg *messages.ParentInitNetworkDriverCompleted, detachedNetNSPath string) (devName string, err error) + + ChildDriverInfo() (*ChildDriverInfo, error) } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/rootlesskit-2.2.0/pkg/network/pasta/pasta.go new/rootlesskit-2.3.1/pkg/network/pasta/pasta.go --- old/rootlesskit-2.2.0/pkg/network/pasta/pasta.go 2024-07-16 17:59:36.000000000 +0200 +++ new/rootlesskit-2.3.1/pkg/network/pasta/pasta.go 2024-08-17 21:25:05.000000000 +0200 @@ -17,7 +17,6 @@ "github.com/rootless-containers/rootlesskit/v2/pkg/messages" "github.com/rootless-containers/rootlesskit/v2/pkg/network" "github.com/rootless-containers/rootlesskit/v2/pkg/network/iputils" - "github.com/rootless-containers/rootlesskit/v2/pkg/network/parentutils" ) // NewParentDriver instantiates new parent driver. @@ -92,9 +91,6 @@ func (d *parentDriver) ConfigureNetwork(childPID int, stateDir, detachedNetNSPath string) (*messages.ParentInitNetworkDriverCompleted, func() error, error) { tap := d.ifname var cleanups []func() error - if err := parentutils.PrepareTap(childPID, detachedNetNSPath, tap); err != nil { - return nil, common.Seq(cleanups), fmt.Errorf("setting up tap %s: %w", tap, err) - } address, err := iputils.AddIPInt(d.ipnet.IP, 100) if err != nil { @@ -111,12 +107,10 @@ } opts := []string{ - "--foreground", "--stderr", "--ns-ifname=" + d.ifname, "--mtu=" + strconv.Itoa(d.mtu), - "--no-dhcp", - "--no-ra", + "--config-net", "--address=" + address.String(), "--netmask=" + strconv.Itoa(netmask), "--gateway=" + gateway.String(), @@ -147,21 +141,18 @@ // `Couldn't open user namespace /proc/51813/ns/user: Permission denied` // Possibly related to AppArmor. cmd := exec.Command(d.binary, opts...) - cmd.Stdout = d.logWriter - cmd.Stderr = d.logWriter - cleanups = append(cleanups, func() error { - logrus.Debugf("killing pasta") - if cmd.Process != nil { - _ = cmd.Process.Kill() - } - wErr := cmd.Wait() - logrus.Debugf("killed pasta: %v", wErr) - return nil - }) logrus.Debugf("Executing %v", cmd.Args) - if err := cmd.Start(); err != nil { + out, err := cmd.CombinedOutput() + if err != nil { + exitErr := &exec.ExitError{} + if errors.As(err, &exitErr) { + return nil, common.Seq(cleanups), + fmt.Errorf("pasta failed with exit code %d:\n%s", + exitErr.ExitCode(), string(out)) + } return nil, common.Seq(cleanups), fmt.Errorf("executing %v: %w", cmd, err) } + netmsg := messages.ParentInitNetworkDriverCompleted{ Dev: tap, MTU: d.mtu, @@ -191,6 +182,12 @@ type childDriver struct { } +func (d *childDriver) ChildDriverInfo() (*network.ChildDriverInfo, error) { + return &network.ChildDriverInfo { + ConfiguresInterface: true, + }, nil +} + func (d *childDriver) ConfigureNetworkChild(netmsg *messages.ParentInitNetworkDriverCompleted, detachedNetNSPath string) (string, error) { // NOP return netmsg.Dev, nil diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/rootlesskit-2.2.0/pkg/network/slirp4netns/slirp4netns.go new/rootlesskit-2.3.1/pkg/network/slirp4netns/slirp4netns.go --- old/rootlesskit-2.2.0/pkg/network/slirp4netns/slirp4netns.go 2024-07-16 17:59:36.000000000 +0200 +++ new/rootlesskit-2.3.1/pkg/network/slirp4netns/slirp4netns.go 2024-08-17 21:25:05.000000000 +0200 @@ -337,6 +337,12 @@ type childDriver struct { } +func (d *childDriver) ChildDriverInfo() (*network.ChildDriverInfo, error) { + return &network.ChildDriverInfo { + ConfiguresInterface: false, + }, nil +} + func (d *childDriver) ConfigureNetworkChild(netmsg *messages.ParentInitNetworkDriverCompleted, detachedNetNSPath string) (string, error) { tap := netmsg.Dev if tap == "" { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/rootlesskit-2.2.0/pkg/network/vpnkit/vpnkit.go new/rootlesskit-2.3.1/pkg/network/vpnkit/vpnkit.go --- old/rootlesskit-2.2.0/pkg/network/vpnkit/vpnkit.go 2024-07-16 17:59:36.000000000 +0200 +++ new/rootlesskit-2.3.1/pkg/network/vpnkit/vpnkit.go 2024-08-17 21:25:05.000000000 +0200 @@ -172,6 +172,12 @@ type childDriver struct { } +func (d *childDriver) ChildDriverInfo() (*network.ChildDriverInfo, error) { + return &network.ChildDriverInfo { + ConfiguresInterface: false, + }, nil +} + func (d *childDriver) ConfigureNetworkChild(netmsg *messages.ParentInitNetworkDriverCompleted, detachedNetNSPath string) (tap string, err error) { tapName := netmsg.Dev if tapName == "" { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/rootlesskit-2.2.0/pkg/version/version.go new/rootlesskit-2.3.1/pkg/version/version.go --- old/rootlesskit-2.2.0/pkg/version/version.go 2024-07-16 17:59:36.000000000 +0200 +++ new/rootlesskit-2.3.1/pkg/version/version.go 2024-08-17 21:25:05.000000000 +0200 @@ -1,3 +1,3 @@ package version -const Version = "2.2.0" +const Version = "2.3.1" ++++++ vendor.tar.gz ++++++ ++++ 1701 lines of diff (skipped)