Commit Graph

117 Commits

Author SHA1 Message Date
Kir Kolyshkin 7f75aec407 [1.1] Add Go 1.23, drop 1.21
As of commit 096e6f88f0 we are ready for Go 1.23.

All that's left to do is:
 - Cirrus CI: switch from Go 1.21 to Go 1.22;
 - GHA CI: drop go 1.21, add 1.23 to test matrix;
 - Dockerfile: switch from Go 1.21.x to 1.22.x.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2024-08-13 15:26:40 -07:00
Kir Kolyshkin c9beabc8d8 ci: switch to go 1.22 as main version
Now when Go 1.22.4 is out it should no longer be a problem.

Leave Go 1.21 for CentOS testing (CentOS 7 and 8 have older glibc)
and Dockerfile (Debian 11 have older glibc).

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit a3302f2054)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2024-06-07 11:37:56 -07:00
Kir Kolyshkin ae85f058cc ci/gha: bump golangci-lint to v1.57
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit d63018c252)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2024-06-07 11:33:03 -07:00
Kir Kolyshkin 327e07e968 ci/gha: bump golangci-lint to v1.54
Currently, it is at v1.54.2.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit 17e7e230bd)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2024-06-07 11:33:03 -07:00
Kir Kolyshkin 4d097af534 ci/gha: bump golangci-lint-action from 5 to 6
Note that github-actions output format is deprecated and no longer supported,
and it is also no longer needed since setup-go problem matcher already
handles default golangci-lint output format ("colored-line-number").

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit f452f667c0)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2024-06-07 11:18:12 -07:00
Kir Kolyshkin fb23608437 ci/gha: bump golangci/golangci-lint-action to v5
Since v5 removes caching [1], re-enable setup-go cache.

[1] https://github.com/golangci/golangci-lint-action/pull/1024

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit 6bcc736122)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2024-06-07 11:18:12 -07:00
Akihiro Suda 8bfc75a25d CI: run apt with -y
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
(cherry picked from commit 30dc98f577)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2024-06-07 11:18:12 -07:00
Kir Kolyshkin e546ddeec8 ci/gha: switch some jobs to ubuntu-22.04
This is a partial backport of commits 953e1cc48 and b32655d2
from the main branch.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2024-06-07 11:18:12 -07:00
dependabot[bot] 0d19e78b84 build(deps): bump actions/setup-go from 4 to 5
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 4 to 5.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
(cherry picked from commit e66ba70f50)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2024-06-07 11:18:12 -07:00
Kir Kolyshkin b36844518a build(deps): bump actions/checkout from 3 to 4
Same as commit 2d0cd0b3 in main branch.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2024-06-07 11:18:12 -07:00
dependabot[bot] cb2d85dcde build(deps): bump tim-actions/commit-message-checker-with-regex
Bumps [tim-actions/commit-message-checker-with-regex](https://github.com/tim-actions/commit-message-checker-with-regex) from 0.3.1 to 0.3.2.
- [Release notes](https://github.com/tim-actions/commit-message-checker-with-regex/releases)
- [Commits](https://github.com/tim-actions/commit-message-checker-with-regex/compare/v0.3.1...v0.3.2)

---
updated-dependencies:
- dependency-name: tim-actions/commit-message-checker-with-regex
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
(cherry picked from commit fe6f33b2c0)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2024-06-07 11:18:12 -07:00
dependabot[bot] 25e27d7eef build(deps): bump actions/upload-artifact from 3 to 4
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3 to 4.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
(cherry picked from commit 7b655782bf)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2024-06-07 11:18:12 -07:00
dependabot[bot] 2ac8b11f48 build(deps): bump golangci/golangci-lint-action from 3 to 4
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 3 to 4.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases)
- [Commits](https://github.com/golangci/golangci-lint-action/compare/v3...v4)

---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
(cherry picked from commit 27cbabd00d)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2024-06-07 11:18:12 -07:00
Kir Kolyshkin 3b7fcf76ef ci: pin codespell
CI should not fail and require attention every time a new codespell
version is released.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit b24fc9d2c4)
Signed-off-by: lifubang <lifubang@acmcoder.com>
2024-06-03 09:04:41 +08:00
Kir Kolyshkin 03271050eb ci/gha/cross-i386: pin Go to 1.21
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2024-04-02 14:12:14 -07:00
Kir Kolyshkin 1f66027ae9 ci/gha: fix downloading Release.key
Since today, the URL from download.opensuse.org started returning a
HTTP 302 redirect, so -L option for curl is needed to follow it.

While at it, remove apt-key as per its man page recommendation:

> Note: Instead of using this command a keyring should be placed
> directly in the /etc/apt/trusted.gpg.d/ directory with a descriptive
> name and either "gpg" or "asc" as file extension.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit f944d7b653)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2023-10-19 21:24:08 -07:00
Kir Kolyshkin bdbfe0425f ci: bump golangci-lint, remove fixed exception
The exception was fixed by https://github.com/polyfloyd/go-errorlint/pull/12
which eventually made its way into golangci-lint.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit 98317c16ed)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2023-08-09 16:44:50 -07:00
Kir Kolyshkin d398ad2a31 gha: disable setup-go cache for golangci job
Since commit e3cf217cf1 actions/setup-go@v4 uses caching
implicitly, and olangci/golangci-lint-action also uses caching.

These two caches clash, resulting in multiple warnings in CI logs.

The official golangci-lint-action solution is to disable caching
for setup-go job (see [1]). Do the same.

[1] https://github.com/golangci/golangci-lint-action/pull/704

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit 62cc13ea1a)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2023-08-09 16:44:50 -07:00
Kir Kolyshkin 5888c55d75 ci/gha: rm actions/cache from validate/deps job
Since commit e3cf217cf1 actions/setup-go@v4 uses caching
implicitly, so it is no longer required.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit 083e9789b8)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2023-08-09 16:44:42 -07:00
dependabot[bot] a47c15b452 build(deps): bump actions/setup-go from 3 to 4
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3 to 4.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
(cherry picked from commit e3cf217cf1)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2023-08-08 18:48:40 -07:00
Kir Kolyshkin 1c52424228 [1.1] ci/gha: rm unsup Go 1.19.x, add 1.21.x
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2023-08-08 18:44:33 -07:00
Akhil Mohan 7c36375ae5 Update github actions packages in validate workflow
Resolve nodejs 12 deprecation warnings by updating
lumaxis/shellcheck-problem-matchers and actions/upload-artifact

Signed-off-by: Akhil Mohan <makhil@vmware.com>
2023-08-02 17:10:10 +05:30
Kir Kolyshkin ed47e31a05 Makefile: set CGO_ENABLED=1 when needed
It doesn't matter whether static or dynamic linking is used, runc
always needs libcontainer/nsenter, which is written in C and thus
requires cgo. Same is true for libcontainer/integration.

In addition, contrib/pkg/seccompagent also needs cgo (if seccomp build
tag is set), as it need to be linked against libseccomp C library.

By default, cgo is disabled when cross-compiling, meaning that
CGO_ENABLED=1 has to be set explicitly in such cases.

In all other cases (e.g. other contrib binaries) we do not need cgo.

Remove CGO_ENABLED=1 from GO_BUILD_STATIC (as it does not have anything
to do with static linking), and add it to all targets that require it.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit dafcacb522)
2023-06-28 22:34:45 +03:00
Kir Kolyshkin e2265a92cd ci: bump bats 1.8.2 -> 1.9.0
As Fedora 38 uses bats 1.9.0, let's switch to this version in other
places.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit 13091eeefa)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2023-06-06 14:14:59 -07:00
Kir Kolyshkin 1eadcede2f ci: bump bats 1.3.0 -> 1.8.2
This version is already used by Cirrus CI Fedora 37 job, but other CI
jobs are still using 1.3.0.

Bump it everywhere so we can enjoy new version features and fixes.

For one thing, I noticed that new bats is reporting error location
correctly.

We will also be able to use "run !" and "run -N" commands.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit 9dbb9f90b9)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2023-06-06 14:14:59 -07:00
Aleksa Sarai 3bdb63bf44 keyring: verify runc.keyring has legitimate maintainer keys
These checks ensure that all of the keys in the runc.keyring list are
actually the keys of the specified user and that the users themselves
are actually maintainers.

Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
2023-04-22 17:18:23 +10:00
Kir Kolyshkin 3531cc2d4e ci: add call to check-config.sh
This is done to make sure the script is working correctly in different
environments (distro and kernel versions). In addition, we can see in
test logs which kernel features are enabled.

Note that I didn't want to have a separate job for GHA CI, so I just
added this to the end of shellcheck one.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit cacc823724)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2023-04-05 10:11:22 -07:00
Kir Kolyshkin ed9a0e1de7 ci/gha: bump actions/cache to v3
This corresponds to commit 6bf2c3b67e in main branch.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2023-04-05 10:11:22 -07:00
Kir Kolyshkin 7683e5085a ci/gha: switch to Go 1.19.x for validate
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2023-04-05 10:11:22 -07:00
Kir Kolyshkin 568d440756 ci/gha: bump golangci-lint to 1.48
This version works with go 1.19, i.e. it fixes
https://github.com/golangci/golangci-lint/issues/2922.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit 0f4bf2c840)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2023-04-05 10:11:22 -07:00
Kir Kolyshkin 50f06554f2 ci: bump golangci-lint to 1.46
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit 7481c3c97b)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2023-04-05 10:11:22 -07:00
Kir Kolyshkin 403ea1f088 ci/gha: convert lint-extra from a job to a step
There is no need to parallelize lint and lint-extra jobs,
and they only differ with the arguments to golangci-lint.
Given that the longest time spent in these jobs is installing
libseccomp-dev, and that the second linter run can probably
benefit a lot from caching, it makes sense to merge them.

Move lint-extra from a separate job to a step in lint job.

The implementation is motivated by [1] and relies on the fact
that the last commit being fetched is the merge commit. So,
we need to set fetch-depth to 2 to be able to see the diff of
the merge commit -- and this is what golangci-lint is using.

[1] https://github.com/golangci/golangci-lint-action/issues/449#issuecomment-1096995821

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit fa83a17c57)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2023-04-05 10:11:22 -07:00
Kir Kolyshkin d2c83bdf28 ci/gha: switch to Go 1.18.x for validate
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2023-04-05 10:11:22 -07:00
Kir Kolyshkin 03a631df4e ci: switch to golangci-lint 1.45
For release notes, see
https://github.com/golangci/golangci-lint/releases/tag/v1.45.0

Notably, it adds support for Go 1.18.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit fcab941e4d)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2023-04-05 10:11:22 -07:00
Kir Kolyshkin e5a5522ab6 Add supported Go releases (1.19, 1.20)
- Dockerfile: use latest Go version (1.20.x) for release binaries
- .github/workflows: add Go 1.19.x, 1.20.x
- .cirrus.yml: switch to latest Go 1.19.x

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2023-04-05 10:10:53 -07:00
Kir Kolyshkin bac06cf6be ci/gha: remove stable: when installing Go
Since the recent bump of actions/setup-go to v3 (commit
9d2268b9db), specifying "stable:" is no longer needed
when we want to try a beta or rc version of Go.

Remove it.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit 66be704d02)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2023-04-05 09:55:25 -07:00
dependabot[bot] e74040e01f build(deps): bump actions/setup-go from 2 to 3
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 2 to 3.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/v2...v3)
2023-04-05 09:55:25 -07:00
Kir Kolyshkin 55462355d6 Require Go 1.17, bump x/sys and x/net
1. bump golang.org/x/sys to v0.6.0;
2. bump golang.org/x/net to v0.8.0
3. require Go 1.17.

Newer x/sys is needed to fix [1].

Go 1.17 is needed because x/sys/unix is using unsafe.Slice which
requires go1.17 or later.

This reuses parts of main commit a0f8847e2a.

[1] https://github.com/opencontainers/runc/issues/3715

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2023-04-05 09:55:25 -07:00
Kir Kolyshkin abd6addeb2 ci: bump shfmt to 3.5.1, simplify CI setup
1. Bump shfmt to v3.5.1. Release notes:
   https://github.com/mvdan/sh/releases

2. Since shfmt v3.5.0, specifying -l bash (or -l bats) is no longer
   necessary. Therefore, we can use shfmt to find all the files.
   Add .editorconfig to ignore vendor subdirectory.

3. Use shfmt docker image, so that we don't have to install anything
   explicitly. This greatly simplifies the shfmt CI job. Add
   localshfmt target so developers can still use a local shfmt binary
   when necessary.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit 56edc41ca6)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2023-04-05 09:55:25 -07:00
Kir Kolyshkin e6a8287c1f ci: shellcheck: update to 0.8.0, fix/suppress new warnings
1. This valid warning is reported by shellcheck v0.8.0:

	In tests/integration/helpers.bash line 38:
	KERNEL_MINOR="${KERNEL_VERSION#$KERNEL_MAJOR.}"
				       ^-----------^ SC2295 (info): Expansions inside ${..} need to be quoted separately, otherwise they match as patterns.

	Did you mean:
	KERNEL_MINOR="${KERNEL_VERSION#"$KERNEL_MAJOR".}"

Fix this.

2. These (invalid) warnings are also reported by the new version:

	In tests/integration/events.bats line 13:
	@test "events --stats" {
	^-- SC2030 (info): Modification of status is local (to subshell caused by @bats test).

	In tests/integration/events.bats line 41:
		[ "$status" -eq 0 ]
		   ^-----^ SC2031 (info): status was modified in a subshell. That change might be lost.

Basically, this is happening because shellcheck do not really track
the call tree and/or local variables. This is a known (and reported)
deficiency, and the alternative to disabling these warnings is moving
the code around, which is worse due to more changes in git history.

So we have to silence/disable these.

3. Update shellcheck to 0.8.0.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit be00ae07c3)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-10-27 11:30:24 -07:00
Kir Kolyshkin c778598c44 [1.1] ci/gha: fix cross-386 job vs go 1.19
When golang 1.19 is used to build unit tests on 386, it fails like this:

 sudo -E PATH="$PATH" -- make GOARCH=386 CGO_ENABLED=1 localunittest
 <...>
 go test -timeout 3m -tags "seccomp"  -v ./...
 <...>
 # github.com/opencontainers/runc/libcontainer/capabilities.test
 runtime/cgo(.text): unknown symbol __stack_chk_fail_local in pcrel
 runtime/cgo(.text): unknown symbol __stack_chk_fail_local in pcrel
 runtime/cgo(.text): unknown symbol __stack_chk_fail_local in pcrel
 runtime/cgo(.text): unknown symbol __stack_chk_fail_local in pcrel
 runtime/cgo(.text): unknown symbol __stack_chk_fail_local in pcrel
 runtime/cgo(.text): relocation target __stack_chk_fail_local not defined
 runtime/cgo(.text): relocation target __stack_chk_fail_local not defined

The fix is to add CGO_CFLAGS=-fno-stack-protector.

See also:
 - https://github.com/docker-library/golang/pull/426
 - https://go.dev/issue/52919
 - https://go.dev/issue/54313
 - https://go-review.googlesource.com/c/go/+/421935

Cherry picked from commit 589a9d5082.

Conflict in .github/workflows/test.yml due to missing commit dafcacb522.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-08-16 10:07:32 -07:00
Kir Kolyshkin 91fa032da4 ci: add basic checks for CHANGELOG.md
Perform some basic checks for CHANGELOG.md.

In particular, check for
 - missing periods;
 - extra spaces at EOL;
 - non-ASCII characters.

Fix the issues found.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-06-08 11:46:47 -07:00
Kir Kolyshkin 3a09da6b5a ci: drop docker layer caching from release job
This job is failing with "No space left on device" lately, and this
helps to fix it.

Besides, it seems that caching does not help to shorten execution times
(validate/release job succeeds in under 8 minutes now; ymmv).

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-05-26 13:50:47 -07:00
Kir Kolyshkin bf1cd884d9 ci: use golangci-lint-action v3, GO_VERSION
golangci-lint-action v3 no longer installs golang itself, and the
version that comes with Ubuntu is not new/good enough.

Install go 1.17.x explicitly.

Introduce GO_VERSION environment variable to avoid duplication,
and use it instead of 1.x in other places, so that implicit go update
won't bring some unexpected failures.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit f7637defb8)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-05-11 16:46:59 -07:00
Kir Kolyshkin 1feafc31f8 ci: bump golangci-lint to v1.44
Also, remove "must be specified without patch version" as this is no
longer true.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit f7d4613492)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-05-11 16:46:59 -07:00
dependabot[bot] eeac4e7721 build(deps): bump actions/checkout from 2 to 3
Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
(cherry picked from commit a43485c92c)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2022-05-11 16:35:41 -07:00
Kir Kolyshkin c4a61aa918 ci: enable extra linters for new code
This adds a new GHA CI job which runs a few extra linters. This is only
done for pull requests, and should only warn about new code.

The justification is simple: we want more linters, but since this is not
a new project, adding a new linter meaning we have to fix all the
existing warnings. In some cases having all the warnings fixed is
difficult and takes time, plus it is usually a low priority task.

Therefore, we are stuck with inability to add new linters because we
can't fix all their warnings. Meanwhile, new pull requests add more
code which is not linted.

This is an attempt to break this vicious cycle. Let's enable godot
and revive for now and see how it is going.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2021-11-30 16:51:55 -08:00
Kir Kolyshkin 50105de1d8 Fix failure with rw bind mount of a ro fuse
As reported in [1], in a case where read-only fuse (sshfs) mount
is used as a volume without specifying ro flag, the kernel fails
to remount it (when adding various flags such as nosuid and nodev),
returning EPERM.

Here's the relevant strace line:

> [pid 333966] mount("/tmp/bats-run-PRVfWc/runc.RbNv8g/bundle/mnt", "/proc/self/fd/7", 0xc0001e9164, MS_NOSUID|MS_NODEV|MS_REMOUNT|MS_BIND|MS_REC, NULL) = -1 EPERM (Operation not permitted)

I was not able to reproduce it with other read-only mounts as the source
(tried tmpfs, read-only bind mount, and an ext2 mount), so somehow this
might be specific to fuse.

The fix is to check whether the source has RDONLY flag, and retry the
remount with this flag added.

A test case (which was kind of hard to write) is added, and it fails
without the fix. Note that rootless user need to be able to ssh to
rootless@localhost in order to sshfs to work -- amend setup scripts
to make it work, and skip the test if the setup is not working.

[1] https://github.com/containers/podman/issues/12205

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2021-11-18 13:09:41 -08:00
Kir Kolyshkin 712157f663 Revert "ci: temporarily disable criu repo gpg check"
This was a temporary kludge, which is no longer required.

This reverts commit c5ca778fa8.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2021-11-12 13:27:31 -08:00
Kir Kolyshkin 12e99a0f8d Require Go >= 1.16
Go 1.15 is not supported since Go 1.17 release (16 Aug 2021), and some
packages that we use already require Go 1.16+ (notably,
github.com/cilium/ebpf v0.7.0).

Let's require Go 1.16+.

Remove Go version requirement from README when describing dependencies,
since it is no longer needed:

	$ GO=go1.15.15 make vendor
	go1.15.15 mod tidy
	go mod tidy: go.mod file indicates go 1.16, but maximum supported version is 1.15
	make: *** [Makefile:141: vendor] Error 1

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
2021-10-14 13:46:02 -07:00