ctr: improve error relative shim path error msg#6519
Conversation
|
Hi @ginglis13. Thanks for your PR. I'm waiting for a containerd member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
| // runtime name should format like $prefix.name.version | ||
| parts := strings.Split(runtime, ".") | ||
| if len(parts) < 2 { | ||
| if len(parts) < 3 { |
There was a problem hiding this comment.
This logic doesn’t seem correct.
The right way would be to check filepath.IsAbs in ctr.
containerd/cmd/ctr/commands/run/run_unix.go
Line 337 in 4f5ce56
There was a problem hiding this comment.
My reason for making this change here is to my understanding, the value passed to --runtime is evaluated in ShimManager's resolveRuntimePath method. This method uses filepath.IsAbs to check if the runtime provided is an absolute path to an existing file.
In resolveRuntimePath's fallthrough logic for when the provided value is not an absolute filepath, the BinaryName util is used to check for a value like io.containerd.runc.v1 and return containerd-shim-runc-v1 in that case. A string like ./containerd-shim-runc-v2 passed to BinaryName results in a parts slice ["" "/containerd-shim-runc-v2"] of length 2 and will miss this error check on the parts length.
I'm not too familiar with all the possible runtime name formats - if a format like runc.v1 is acceptable then these changes could be updated to add an additional check for if the first element of parts is ""
There was a problem hiding this comment.
if a format like runc.v1 is acceptable
Yes. Actually --runtime aws.firecracker appears in https://github.com/firecracker-microvm/firecracker-containerd/blob/main/docs/getting-started.md#usage
ginglis13
force-pushed
the
ctr-runtime-path
branch
from
2829316 to
926e489
Compare
| // runtime name should format like $prefix.name.version | ||
| parts := strings.Split(runtime, ".") | ||
| if len(parts) < 2 { | ||
| if len(parts) < 2 || parts[0] == "" { |
There was a problem hiding this comment.
Still not robust to catch a case like foo/bar.
Probably, we should just do :
runtime := clicontext.String("runtime")
if strings.Contains(runtime, "/") && !filepath.IsAbs(runtime) {
return fmt.Errorf("runtime must be a runtime name (e.g., \"io.containerd.runc.v2\") or absolute path to the runtime binary (e.g., \"/usr/local/bin/containerd-shim-runc-v2\"), got %q", runtime)
}There was a problem hiding this comment.
From my testing, the existing check len(parts) < 2 already covers this case as strings.Split("foo/bar", ".") will result in a slice of length 1 : ["foo/bar"]
It doesn't however cover foo/bar.baz.foo - I'll go ahead with this suggestion 🙂
There was a problem hiding this comment.
Would you like this to go in runtime/v2/manager.go here ? or would it belong better in cmd/ctr/commands/run/run_unix.go ?
There was a problem hiding this comment.
I prefer to have that under runtime/ rather than cmd/
ginglis13
force-pushed
the
ctr-runtime-path
branch
from
926e489 to
a721f38
Compare
kzys
left a comment
kzys
left a comment
There was a problem hiding this comment.
Looks good! Can you write some tests?
sure thing - looked around for a bit and didn't see any existing unit tests for v2 ShimManager, or Shim utils. Should I make some tests in a new file |
It's fine to make Overall LGTM |
ginglis13
force-pushed
the
ctr-runtime-path
branch
from
a721f38 to
7fc1027
Compare
|
Build succeeded.
|
ginglis13
force-pushed
the
ctr-runtime-path
branch
from
7fc1027 to
ca6bab0
Compare
|
Build succeeded.
|
ginglis13
force-pushed
the
ctr-runtime-path
branch
2 times, most recently
from
d9acb71 to
2effd9f
Compare
|
Build succeeded.
|
| return "", err | ||
| } | ||
|
|
||
| err = os.Setenv("PATH", tempShimDir+":"+os.Getenv("PATH")) |
There was a problem hiding this comment.
It is bit scary to set the PATH here since it will affect all tests in the same process. How about using t.Setenv?
| // setupAbsoluteShimPath creates a temporary directory with an empty shim executable file in it. | ||
| // This is to test the exec.LookPath branch of resolveRuntimePath | ||
| func setupAbsoluteShimPath() (string, error) { | ||
| tempShimDir, err := ioutil.TempDir("", "test-resolve-runtime-path") |
There was a problem hiding this comment.
- You need to remove the directory
- If it is okay to take testing.T, you can use t.TempDir
addresses containerd#6464 Return an error if a runtime provided is relative. Add context to the usage for `ctr run --runtime` indicating that absolute path to runtime binary must be provided. Signed-off-by: Gavin Inglis <[email protected]>
ginglis13
force-pushed
the
ctr-runtime-path
branch
from
2effd9f to
7b045ea
Compare
|
Build succeeded.
|
|
@mxpv @AkihiroSuda PTAL |
6 participants
addresses #6464
Slice returned by
strings.Split("./path/to/shim", ".")is oflength 2 - first element being the empty string "". Check for this to
see if a runtime provided is relative.
With these changes, the example from #6464 becomes:
Additionally adds context to the usage for
ctr run --runtimeindicating thatabsolute path to shim binary must be provided.
Signed-off-by: Gavin Inglis [email protected]