Commit bcfb760a1d rewrote the init from a shell
script to a go implementation. However, unlike `mknod`, the active umask is
applied when using Go's unix.Mknod().
This patch:
- sets the correct mode when calling unix.Mknod()
- temporarily overrides the umask during doMounts()
Steps I used to reproduce the original issue, and to verify the changes in this
patch (tried inside a container):
docker run -it --rm -w /app golang bash
cat > mknod.go <<'EOF'
package main
import (
"log"
"golang.org/x/sys/unix"
)
func main() {
mkchar("/dev/null2", 0666, 1, 3)
umask := unix.Umask(0000)
defer unix.Umask(umask)
mkchar2("/dev/null3", 0666, 1, 3)
}
// make a character device
func mkchar(path string, mode, major, minor uint32) {
// unix.Mknod only supports int dev numbers; this is ok for us
dev := int(unix.Mkdev(major, minor))
err := unix.Mknod(path, mode, dev)
if err != nil {
if err.Error() == "file exists" {
return
}
log.Printf("error making device %s: %v", path, err)
}
}
// make a character device
func mkchar2(path string, mode, major, minor uint32) {
// unix.Mknod only supports int dev numbers; this is ok for us
dev := int(unix.Mkdev(major, minor))
err := unix.Mknod(path, mode|unix.S_IFCHR, dev)
if err != nil {
if err.Error() == "file exists" {
return
}
log.Printf("error making device %s: %v", path, err)
}
}
EOF
Initialize module and fetch dependencies:
go mod init foo && go mod tidy
Check active umask:
umask
0022
Run the test code:
go run mknod.go
Check the results:
ls -la /dev/null*
crw-rw-rw- 1 root root 1, 3 Apr 13 11:45 /dev/null
-rw-r--r-- 1 root root 0 Apr 13 11:45 /dev/null2
crw-rw-rw- 1 root root 1, 3 Apr 13 11:45 /dev/null3
Notice that:
- `/dev/null2` (before) was created with active umask (`0022`) applied, and did not create a character device
- `/dev/null3` (after) has both the correct (0666) permissions and mode
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- Introduce separate os/arch to the matrix
- Pass os/arch to the local build
- Switch to upload-artifact@v0 and cache@v2
- Fetch linuxkit binary from artefacts rather than using cache
- Add some debug (print file and hashes)
While at it, add some debug for the generated artefacts.
fixes https://github.com/linuxkit/linuxkit/issues/3522
Signed-off-by: Rolf Neugebauer <rn@rneugeba.io>
`go get -u` will try to update modules dependencies
`go get` (no `-u`) incorrectly resolves dependencies
we should instead advise users to `go install`
Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
This commit removes Notary and Content Trust.
Notary v1 is due to be replaced with Notary v2 soon.
There is no clean migration path from one to the other.
For now, this removes all signing from LinuxKit.
We will look to add this back once a new Notary alternative
becomes available.
Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
From Kubernetes v1.20.0 Release notes:
The label applied to control-plane nodes "node-role.kubernetes.io/master"
is now deprecated and will be removed in a future release after a GA
deprecation period.
Introduce a new label "node-role.kubernetes.io/control-plane" that will
be applied in parallel to "node-role.kubernetes.io/master" until the
removal of the "node-role.kubernetes.io/master" label.
xref: https://kubernetes.io/docs/setup/release/notes/#no-really-you-must-read-this-before-you-upgrade
Signed-off-by: Alex Szakaly <alex.szakaly@gmail.com>
