diff options
Diffstat (limited to 'tools')
-rw-r--r-- | tools/checkunsafe/BUILD | 13 | ||||
-rw-r--r-- | tools/checkunsafe/check_unsafe.go | 56 | ||||
-rwxr-xr-x | tools/go_branch.sh | 2 | ||||
-rw-r--r-- | tools/go_generics/generics.go | 8 | ||||
-rw-r--r-- | tools/go_generics/globals/BUILD | 2 | ||||
-rw-r--r-- | tools/go_generics/globals/globals_visitor.go | 4 | ||||
-rw-r--r-- | tools/go_generics/imports.go | 2 | ||||
-rw-r--r-- | tools/go_stateify/defs.bzl | 4 | ||||
-rw-r--r-- | tools/nogo.js | 7 | ||||
-rwxr-xr-x | tools/run_tests.sh | 45 |
10 files changed, 122 insertions, 21 deletions
diff --git a/tools/checkunsafe/BUILD b/tools/checkunsafe/BUILD new file mode 100644 index 000000000..d85c56131 --- /dev/null +++ b/tools/checkunsafe/BUILD @@ -0,0 +1,13 @@ +load("@io_bazel_rules_go//go:def.bzl", "go_tool_library") + +package(licenses = ["notice"]) + +go_tool_library( + name = "checkunsafe", + srcs = ["check_unsafe.go"], + importpath = "checkunsafe", + visibility = ["//visibility:public"], + deps = [ + "@org_golang_x_tools//go/analysis:go_tool_library", + ], +) diff --git a/tools/checkunsafe/check_unsafe.go b/tools/checkunsafe/check_unsafe.go new file mode 100644 index 000000000..4ccd7cc5a --- /dev/null +++ b/tools/checkunsafe/check_unsafe.go @@ -0,0 +1,56 @@ +// Copyright 2019 The gVisor Authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Package checkunsafe allows unsafe imports only in files named appropriately. +package checkunsafe + +import ( + "fmt" + "path" + "strconv" + "strings" + + "golang.org/x/tools/go/analysis" +) + +// Analyzer defines the entrypoint. +var Analyzer = &analysis.Analyzer{ + Name: "checkunsafe", + Doc: "allows unsafe use only in specified files", + Run: run, +} + +func run(pass *analysis.Pass) (interface{}, error) { + for _, f := range pass.Files { + for _, imp := range f.Imports { + // Is this an unsafe import? + pkg, err := strconv.Unquote(imp.Path.Value) + if err != nil || pkg != "unsafe" { + continue + } + + // Extract the filename. + filename := pass.Fset.File(imp.Pos()).Name() + + // Allow files named _unsafe.go or _test.go to opt out. + if strings.HasSuffix(filename, "_unsafe.go") || strings.HasSuffix(filename, "_test.go") { + continue + } + + // Throw the error. + pass.Reportf(imp.Pos(), fmt.Sprintf("package unsafe imported by %s; must end with _unsafe.go", path.Base(filename))) + } + } + return nil, nil +} diff --git a/tools/go_branch.sh b/tools/go_branch.sh index 8ea6a6d8d..d9e79401d 100755 --- a/tools/go_branch.sh +++ b/tools/go_branch.sh @@ -19,6 +19,7 @@ set -eo pipefail # Discovery the package name from the go.mod file. declare -r gomod="$(pwd)/go.mod" declare -r module=$(cat "${gomod}" | grep -E "^module" | cut -d' ' -f2) +declare -r gosum="$(pwd)/go.sum" # Check that gopath has been built. declare -r gopath_dir="$(pwd)/bazel-bin/gopath/src/${module}" @@ -63,6 +64,7 @@ git merge --allow-unrelated-histories --no-commit --strategy ours ${head} # Sync the entire gopath_dir and go.mod. rsync --recursive --verbose --delete --exclude .git --exclude README.md -L "${gopath_dir}/" . cp "${gomod}" . +cp "${gosum}" . # There are a few solitary files that can get left behind due to the way bazel # constructs the gopath target. Note that we don't find all Go files here diff --git a/tools/go_generics/generics.go b/tools/go_generics/generics.go index ca414d8cb..22c714c13 100644 --- a/tools/go_generics/generics.go +++ b/tools/go_generics/generics.go @@ -98,7 +98,7 @@ import ( "regexp" "strings" - "gvisor.googlesource.com/gvisor/tools/go_generics/globals" + "gvisor.dev/gvisor/tools/go_generics/globals" ) var ( @@ -222,7 +222,11 @@ func main() { // Modify the state tag appropriately. if m := stateTagRegexp.FindStringSubmatch(ident.Name); m != nil { if t := identifierRegexp.FindStringSubmatch(m[2]); t != nil { - ident.Name = m[1] + `state:".(` + t[1] + *prefix + t[2] + *suffix + t[3] + `)"` + m[3] + typeName := *prefix + t[2] + *suffix + if n, ok := types[t[2]]; ok { + typeName = n + } + ident.Name = m[1] + `state:".(` + t[1] + typeName + t[3] + `)"` + m[3] } } } diff --git a/tools/go_generics/globals/BUILD b/tools/go_generics/globals/BUILD index 6628132f5..74853c7d2 100644 --- a/tools/go_generics/globals/BUILD +++ b/tools/go_generics/globals/BUILD @@ -8,6 +8,6 @@ go_library( "globals_visitor.go", "scope.go", ], - importpath = "gvisor.googlesource.com/gvisor/tools/go_generics/globals", + importpath = "gvisor.dev/gvisor/tools/go_generics/globals", visibility = ["//tools/go_generics:__pkg__"], ) diff --git a/tools/go_generics/globals/globals_visitor.go b/tools/go_generics/globals/globals_visitor.go index 7ae48c662..3f948637b 100644 --- a/tools/go_generics/globals/globals_visitor.go +++ b/tools/go_generics/globals/globals_visitor.go @@ -132,7 +132,7 @@ func (v *globalsVisitor) visitFields(l *ast.FieldList, kind SymKind) { } } -// visitGenDecl is called when a generic declation is encountered, for example, +// visitGenDecl is called when a generic declaration is encountered, for example, // on variable, constant and type declarations. It adds all newly defined // symbols to the current scope and reports them if the current scope is the // global one. @@ -490,7 +490,7 @@ func (v *globalsVisitor) visitBlockStmt(s *ast.BlockStmt) { v.popScope() } -// visitFuncDecl is called when a function or method declation is encountered. +// visitFuncDecl is called when a function or method declaration is encountered. // it creates a new scope for the function [optional] receiver, parameters and // results, and visits all children nodes. func (v *globalsVisitor) visitFuncDecl(d *ast.FuncDecl) { diff --git a/tools/go_generics/imports.go b/tools/go_generics/imports.go index 3a7230c97..148dc7216 100644 --- a/tools/go_generics/imports.go +++ b/tools/go_generics/imports.go @@ -23,7 +23,7 @@ import ( "go/token" "strconv" - "gvisor.googlesource.com/gvisor/tools/go_generics/globals" + "gvisor.dev/gvisor/tools/go_generics/globals" ) type importedPackage struct { diff --git a/tools/go_stateify/defs.bzl b/tools/go_stateify/defs.bzl index 70ce73d7b..aeba197e2 100644 --- a/tools/go_stateify/defs.bzl +++ b/tools/go_stateify/defs.bzl @@ -50,7 +50,7 @@ def _go_stateify_impl(ctx): args += ["-imports=%s" % ",".join(ctx.attr.imports)] args += ["--"] for src in ctx.attr.srcs: - args += [f.path for f in src.files] + args += [f.path for f in src.files.to_list()] ctx.actions.run( inputs = ctx.files.srcs, outputs = [output], @@ -76,7 +76,7 @@ go_stateify = rule( "package": attr.string(mandatory = True), "out": attr.output(mandatory = True), "_tool": attr.label(executable = True, cfg = "host", default = Label("//tools/go_stateify:stateify")), - "_statepkg": attr.string(default = "gvisor.googlesource.com/gvisor/pkg/state"), + "_statepkg": attr.string(default = "gvisor.dev/gvisor/pkg/state"), }, ) diff --git a/tools/nogo.js b/tools/nogo.js new file mode 100644 index 000000000..fc0a4d1f0 --- /dev/null +++ b/tools/nogo.js @@ -0,0 +1,7 @@ +{ + "checkunsafe": { + "exclude_files": { + "/external/": "not subject to constraint" + } + } +} diff --git a/tools/run_tests.sh b/tools/run_tests.sh index b35d2e4b8..483b9cb50 100755 --- a/tools/run_tests.sh +++ b/tools/run_tests.sh @@ -45,7 +45,8 @@ readonly TEST_PACKAGES=("//pkg/..." "//runsc/..." "//tools/...") ####################### # Install the latest version of Bazel and log the version. -(which use_bazel.sh && use_bazel.sh latest) || which bazel +# FIXME(b/137285694): Unable to build runsc with bazel 0.28.0. +(which use_bazel.sh && use_bazel.sh 0.27.1) || which bazel bazel version # Load the kvm module. @@ -92,6 +93,14 @@ build_everything() { "${BUILD_PACKAGES[@]}" } +build_runsc_debian() { + cd ${WORKSPACE_DIR} + + # TODO(b/135475885): pkg_deb is incompatible with Python3. + # https://github.com/bazelbuild/bazel/issues/8443 + bazel build --host_force_python=py2 runsc:runsc-debian +} + # Run simple tests runs the tests that require no special setup or # configuration. run_simple_tests() { @@ -173,16 +182,24 @@ run_docker_tests() { # These names are used to exclude tests not supported in certain # configuration, e.g. save/restore not supported with hostnet. - declare -a variations=("" "-kvm" "-hostnet" "-overlay") - for v in "${variations[@]}"; do - # Run runsc tests with docker that are tagged manual. - bazel test \ - "${BAZEL_BUILD_FLAGS[@]}" \ - --test_env=RUNSC_RUNTIME="${RUNTIME}${v}" \ - --test_output=all \ - //runsc/test/image:image_test \ - //runsc/test/integration:integration_test - done + # Run runsc tests with docker that are tagged manual. + # + # The --nocache_test_results option is used here to eliminate cached results + # from the previous run for the runc runtime. + bazel test \ + "${BAZEL_BUILD_FLAGS[@]}" \ + --test_env=RUNSC_RUNTIME="${RUNTIME}" \ + --test_output=all \ + --nocache_test_results \ + --test_output=streamed \ + //runsc/test/integration:integration_test \ + //runsc/test/integration:integration_test_hostnet \ + //runsc/test/integration:integration_test_overlay \ + //runsc/test/integration:integration_test_kvm \ + //runsc/test/image:image_test \ + //runsc/test/image:image_test_overlay \ + //runsc/test/image:image_test_hostnet \ + //runsc/test/image:image_test_kvm } # Run the tests that require root. @@ -208,8 +225,8 @@ run_runsc_do_tests() { local runsc=$(find bazel-bin/runsc -type f -executable -name "runsc" | head -n1) # run runsc do without root privileges. - unshare -Ur ${runsc} --network=none --TESTONLY-unsafe-nonroot do true - unshare -Ur ${runsc} --TESTONLY-unsafe-nonroot --network=host do --netns=false true + ${runsc} --rootless do true + ${runsc} --rootless --network=none do true # run runsc do with root privileges. sudo -n -E ${runsc} do true @@ -273,6 +290,8 @@ main() { run_syscall_tests run_runsc_do_tests + build_runsc_debian + # Build other flavors too. build_everything dbg |