Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

user: move userns package to separate module, and retract v0.2.0 #145

Merged
merged 1 commit into from
Aug 7, 2024

Conversation

thaJeztah
Copy link
Member

Relates to:

Related downstream PRs;

commit 86870e7 integrated the userns package into the github.com/moby/sys/user module, which was included in the v0.2.0 version of the module.

Upon further discussion with maintainers, this may not have been a good choice; the userns package is related to user-namespaces (uid/gid-mapping), and while there are some tangential relations with "user", we shouldn't conflate these concepts by putting both into the same module.

Some downstream projects (containerd, moby, containerd/cgroups) already accepted patches to switch to the package that's part of the moby/sys/user module, but none of those patches made it into a release.

This patch:

  • moves the userns package to a separate module
  • retracts the moby/sys/user v0.2.0 release
  • downgrades the minimum go version update for the moby/sys/user module to go1.17. Note that CI is no longer testing go1.17, but go1.18 as minimum.

@thaJeztah thaJeztah self-assigned this Aug 6, 2024
@thaJeztah thaJeztah marked this pull request as ready for review August 6, 2024 11:21
@thaJeztah
Copy link
Member Author

@tianon @AkihiroSuda @corhere PTAL

Copy link
Member

@tianon tianon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

❤️ ❤️ ❤️

Makefile Outdated
@@ -16,7 +16,7 @@ clean:
test: test-local
set -eu; \
for p in $(PACKAGES); do \
if $p = user && go version | grep -qv go1.18; then \
if $p = userns && go version | grep -qv go1.18; then \
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wait, this syntax is funky -- if $p = userns is going to run $p as an executable with arguments = userns and since $p is a directory, will probably always be false and thus this block never runs?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
if $p = userns && go version | grep -qv go1.18; then \
if [ "$p" = userns ] && go version | grep -qv go1.18; then \

(probably meant something like this here and in the other loops in this file)

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also, we only run the tests on go1.18? That seems strange? (I'm likely missing some context)

@thaJeztah thaJeztah force-pushed the separate_userns branch 2 times, most recently from 6867143 to 16e891a Compare August 6, 2024 20:53
@thaJeztah thaJeztah force-pushed the separate_userns branch 3 times, most recently from 2c44499 to dda2929 Compare August 6, 2024 21:24
@thaJeztah
Copy link
Member Author

Wah, sorry for the repeated push; I was fixing up the conditional skip; I gave up on trying to cramp it into the makefile as the combination of conditionals, subshells and windows became too fiddly; instead just made the list of modules to test conditional in the GitHub action

@tianon PTAL if you're more happy with this approach 😅

@@ -14,6 +14,9 @@ jobs:
go-version: ${{ matrix.go-version }}
- name: Checkout code
uses: actions/checkout@v4
- if: ${{ matrix.go-version == '1.18.x' }}
run: |
echo 'PACKAGES="mountinfo mount sequential signal symlink user"' >> $GITHUB_ENV
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is the same list as Makefile:1, but minus userns, right? That's somewhat clear while reviewing this diff while they're close together, but will no longer be clear the minute we merge this. 😅 How do we make sure we remember to update this list in the future? (and know how to update it correctly?)

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, no good solution for that, honestly. Unless we probably introduce more complexity.

Overall, the risk is low;

  • if we don't update, the default is still all packages from the Makefile
  • if a new module is added that doesn't support go1.18, that module will thus fail
  • if we add a new module that should support go1.18, but we forgot to update; that module is skipped in the go1.18 tests (but still tested on current versions)

I'd consider only the last one slightly problematic, but perhaps a calculated risk, given that adding more modules should be a rare event 🙈

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

erm: middle bullet is obviously wrong; so only 1st and last apply 🤦‍♂️

commit 86870e7 integrated the userns package
into the github.com/moby/sys/user module, which was included in the v0.2.0
version of the module.

Upon further discussion with maintainers, this may not have been a good
choice; the userns package is related to user-namespaces (uid/gid-mapping),
and while there are some tangential relations with "user", we shouldn't
conflate these concepts by putting both into the same module.

Some downstream projects (containerd, moby, containerd/cgroups) already
accepted patches to switch to the package that's part of the moby/sys/user
module, but none of those patches made it into a release.

This patch:

- moves the userns package to a separate module
- retracts the moby/sys/user v0.2.0 release
- downgrades the minimum go version update for the moby/sys/user module
  to go1.17. Note that CI is no longer testing go1.17, but go1.18 as minimum.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Comment on lines +19 to +20
# This corresponds with the list in Makefile:1, but omits the "userns"
# module, which requires go1.21 as minimum.
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I added a comment here to relate it to the variable in the Makefile

@@ -1,4 +1,4 @@
PACKAGES ?= mountinfo mount sequential signal symlink user
PACKAGES ?= mountinfo mount sequential signal symlink user userns # IMPORTANT: when updating this list, also update the conditional one in .github/workflows/test.yml
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

And added a comment here as a reminder to check the one in the GitHub actions workflow when updating.

Copy link
Member

@tianon tianon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🫶

@tianon
Copy link
Member

tianon commented Aug 7, 2024

Changes since Cory's review are pretty minimal overall, so I'm going to go ahead and merge, but of course we can always open a follow-up if doing so was premature. ❤️

@tianon tianon merged commit 5447519 into moby:main Aug 7, 2024
19 checks passed
@thaJeztah thaJeztah deleted the separate_userns branch August 8, 2024 07:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants