From 508e25b6d6e9a81edb6ddf8738450b79898b446a Mon Sep 17 00:00:00 2001 From: Adin Scannell Date: Mon, 27 Apr 2020 22:24:58 -0700 Subject: Adapt website to use g3doc sources and bazel. This adapts the merged website repository to use the image and bazel build framework. It explicitly avoids the container_image rules provided by bazel, opting instead to build with direct docker commands when necessary. The relevant build commands are incorporated into the top-level Makefile. --- website/_includes/byline.html | 18 +++ website/_includes/footer-links.html | 37 ++++++ website/_includes/footer.html | 71 ++++++++++++ website/_includes/graph.html | 205 ++++++++++++++++++++++++++++++++++ website/_includes/header-links.html | 19 ++++ website/_includes/header.html | 30 +++++ website/_includes/paginator.html | 10 ++ website/_includes/required_linux.html | 2 + 8 files changed, 392 insertions(+) create mode 100644 website/_includes/byline.html create mode 100644 website/_includes/footer-links.html create mode 100644 website/_includes/footer.html create mode 100644 website/_includes/graph.html create mode 100644 website/_includes/header-links.html create mode 100644 website/_includes/header.html create mode 100644 website/_includes/paginator.html create mode 100644 website/_includes/required_linux.html (limited to 'website/_includes') diff --git a/website/_includes/byline.html b/website/_includes/byline.html new file mode 100644 index 000000000..d8ae22cb0 --- /dev/null +++ b/website/_includes/byline.html @@ -0,0 +1,18 @@ +By +{% assign last_pos=include.authors.size | minus: 1 %} +{% assign and_pos=include.authors.size | minus: 2 %} +{% for i in (0..last_pos) %} + {% assign author_id=include.authors[i] %} + {% assign author=site.authors[author_id] %} + {% if author %} + {{ author.name }} + {% else %} + {{ author_id }} + {% endif %} + {% if i == and_pos %} + and + {% elsif i < and_pos %} + , + {% endif %} +{% endfor %} +on {{ include.date | date_to_long_string }} diff --git a/website/_includes/footer-links.html b/website/_includes/footer-links.html new file mode 100644 index 000000000..b6a9771ca --- /dev/null +++ b/website/_includes/footer-links.html @@ -0,0 +1,37 @@ +
+
+
+

About

+ +
+
+

Support

+ +
+
+

Connect

+ +
+
+
+
+

© {{ 'now' | date: "%Y" }} The gVisor Authors

+
+
+
diff --git a/website/_includes/footer.html b/website/_includes/footer.html new file mode 100644 index 000000000..9946fc592 --- /dev/null +++ b/website/_includes/footer.html @@ -0,0 +1,71 @@ + + + + + + +{% if site.analytics %} + + +{% endif %} + + diff --git a/website/_includes/graph.html b/website/_includes/graph.html new file mode 100644 index 000000000..f3a999341 --- /dev/null +++ b/website/_includes/graph.html @@ -0,0 +1,205 @@ +{::nomarkdown} +{% assign fn = include.id | remove: " " | remove: "-" | downcase %} +
{{ include.title }}
+ +{:/} diff --git a/website/_includes/header-links.html b/website/_includes/header-links.html new file mode 100644 index 000000000..467bb1e72 --- /dev/null +++ b/website/_includes/header-links.html @@ -0,0 +1,19 @@ + diff --git a/website/_includes/header.html b/website/_includes/header.html new file mode 100644 index 000000000..8323c26f8 --- /dev/null +++ b/website/_includes/header.html @@ -0,0 +1,30 @@ + + + + + {% if page.title %} + {{ page.title }} - gVisor + {% else %} + gVisor + {% endif %} + + + + + + + + + + + + {% if page.title %} + + {% else %} + + {% endif %} + {% if page.description %} + + {% endif %} + + diff --git a/website/_includes/paginator.html b/website/_includes/paginator.html new file mode 100644 index 000000000..b4ff4c3b1 --- /dev/null +++ b/website/_includes/paginator.html @@ -0,0 +1,10 @@ + diff --git a/website/_includes/required_linux.html b/website/_includes/required_linux.html new file mode 100644 index 000000000..e9d1b7548 --- /dev/null +++ b/website/_includes/required_linux.html @@ -0,0 +1,2 @@ +> Note: gVisor supports only x86\_64 and requires Linux 4.14.77+ +> ([older Linux](/docs/user_guide/networking/#gso)). -- cgit v1.2.3 From cf86ec5e40bd1abf5be45fabbc7591a0452747ea Mon Sep 17 00:00:00 2001 From: Adin Scannell Date: Wed, 29 Apr 2020 10:53:25 -0700 Subject: Add powered by gVisor logo. --- website/_includes/footer-links.html | 12 +++++++++--- website/assets/logos/powered-gvisor.png | Bin 0 -> 5193 bytes 2 files changed, 9 insertions(+), 3 deletions(-) create mode 100644 website/assets/logos/powered-gvisor.png (limited to 'website/_includes') diff --git a/website/_includes/footer-links.html b/website/_includes/footer-links.html index b6a9771ca..10c28ead4 100644 --- a/website/_includes/footer-links.html +++ b/website/_includes/footer-links.html @@ -1,6 +1,6 @@
-
+

About

-
+

Support

-
+

Connect

+
+
diff --git a/website/assets/logos/powered-gvisor.png b/website/assets/logos/powered-gvisor.png new file mode 100644 index 000000000..e00c74a33 Binary files /dev/null and b/website/assets/logos/powered-gvisor.png differ -- cgit v1.2.3 From 1847165a8c034e82cb35a0dc23878921cab30b5d Mon Sep 17 00:00:00 2001 From: Adin Scannell Date: Fri, 15 May 2020 09:29:52 -0700 Subject: Minor text updates and jquery ordering. PiperOrigin-RevId: 311744091 --- g3doc/architecture_guide/README.md | 3 +++ g3doc/user_guide/quick_start/docker.md | 2 +- g3doc/user_guide/quick_start/kubernetes.md | 2 +- g3doc/user_guide/quick_start/oci.md | 2 +- website/_includes/footer.html | 2 +- website/_layouts/docs.html | 2 +- website/index.md | 2 +- 7 files changed, 9 insertions(+), 6 deletions(-) (limited to 'website/_includes') diff --git a/g3doc/architecture_guide/README.md b/g3doc/architecture_guide/README.md index 1364a5358..ab9ef7174 100644 --- a/g3doc/architecture_guide/README.md +++ b/g3doc/architecture_guide/README.md @@ -71,6 +71,9 @@ race detector. (The use of Go has its challenges too, and isn't free.) +Gofers mediate file system interactions, and are used to provide additional +isolation. For more details, see the [Platform Guide](./platforms.md). + [apparmor]: https://wiki.ubuntu.com/AppArmor [golang]: https://golang.org [kvm]: https://www.linux-kvm.org diff --git a/g3doc/user_guide/quick_start/docker.md b/g3doc/user_guide/quick_start/docker.md index 5228db4c0..fa8b9076b 100644 --- a/g3doc/user_guide/quick_start/docker.md +++ b/g3doc/user_guide/quick_start/docker.md @@ -1,4 +1,4 @@ -# Docker +# Docker Quick Start > Note: This guide requires Docker version 17.09.0 or greater. Refer to the > [Docker documentation][docker] for how to install it. diff --git a/g3doc/user_guide/quick_start/kubernetes.md b/g3doc/user_guide/quick_start/kubernetes.md index b1f67252e..f875d8002 100644 --- a/g3doc/user_guide/quick_start/kubernetes.md +++ b/g3doc/user_guide/quick_start/kubernetes.md @@ -1,4 +1,4 @@ -# Kubernetes +# Kubernetes Quick Start gVisor can be used to run Kubernetes pods and has several integration points with Kubernetes. diff --git a/g3doc/user_guide/quick_start/oci.md b/g3doc/user_guide/quick_start/oci.md index 57bcc4f63..877169145 100644 --- a/g3doc/user_guide/quick_start/oci.md +++ b/g3doc/user_guide/quick_start/oci.md @@ -1,4 +1,4 @@ -# OCI +# OCI Quick Start This guide will quickly get you started running your first gVisor sandbox container using the runtime directly with the default platform. diff --git a/website/_includes/footer.html b/website/_includes/footer.html index 5d9267f35..9cc8176f7 100644 --- a/website/_includes/footer.html +++ b/website/_includes/footer.html @@ -2,9 +2,9 @@ {% include footer-links.html %} + - {% if site.analytics %} diff --git a/website/_layouts/docs.html b/website/_layouts/docs.html index e11492915..33ea8e1de 100644 --- a/website/_layouts/docs.html +++ b/website/_layouts/docs.html @@ -47,7 +47,7 @@ categories:

{{ page.title }}

{% if page.editpath %}

- Edit this page + Edit this page Create issue

{% endif %} diff --git a/website/index.md b/website/index.md index 34d3ee23d..95d5d16f0 100644 --- a/website/index.md +++ b/website/index.md @@ -43,7 +43,7 @@ The pluggable platform architecture of gVisor allows it to run anywhere, enabling consistent security policies across multiple environments without having to rearchitect your infrastructure.

- Read More » + Get Started »
-- cgit v1.2.3 From 068716ddf36f4dcb3d88e92b90774dcba2fe4db8 Mon Sep 17 00:00:00 2001 From: Michael Pratt Date: Wed, 1 Jul 2020 08:51:57 -0700 Subject: Fix FAQ URL The existing gvisor.dev/faq link returns 404 because the full URL has mistakenly been capitalized. PiperOrigin-RevId: 319233173 --- g3doc/user_guide/BUILD | 2 +- website/_includes/footer-links.html | 2 +- website/cmd/server/main.go | 4 ++++ 3 files changed, 6 insertions(+), 2 deletions(-) (limited to 'website/_includes') diff --git a/g3doc/user_guide/BUILD b/g3doc/user_guide/BUILD index 5568e1ba4..b69aee12c 100644 --- a/g3doc/user_guide/BUILD +++ b/g3doc/user_guide/BUILD @@ -33,7 +33,7 @@ doc( name = "FAQ", src = "FAQ.md", category = "User Guide", - permalink = "/docs/user_guide/FAQ/", + permalink = "/docs/user_guide/faq/", weight = "90", ) diff --git a/website/_includes/footer-links.html b/website/_includes/footer-links.html index 10c28ead4..2036dbaa9 100644 --- a/website/_includes/footer-links.html +++ b/website/_includes/footer-links.html @@ -15,7 +15,7 @@
diff --git a/website/cmd/server/main.go b/website/cmd/server/main.go index 7c8bc9bfa..c401b6abd 100644 --- a/website/cmd/server/main.go +++ b/website/cmd/server/main.go @@ -35,6 +35,10 @@ var redirects = map[string]string{ // For links. "/faq": "/docs/user_guide/faq/", + // From 2020-05-12 to 2020-06-30, the FAQ URL was uppercase. Redirect that + // back to maintain any links. + "/docs/user_guide/FAQ/": "/docs/user_guide/faq/", + // Redirects to compatibility docs. "/c": "/docs/user_guide/compatibility/", "/c/linux/amd64": "/docs/user_guide/compatibility/linux/amd64/", -- cgit v1.2.3 From feb1d3d5a7d9c26ab1533b350a9d6088148641aa Mon Sep 17 00:00:00 2001 From: Ian Lewis Date: Fri, 17 Jul 2020 18:26:08 -0700 Subject: Clean up html on the website. - Fixes some html validation issues. - Fixes links on security basics blog post. - Adds rel=noopener to links with target=_blank and adds a check to htmlproofer. - Add favicon check to htmlproofer. Fixes #3286 Fixes #3284 PiperOrigin-RevId: 321892602 --- g3doc/README.md | 10 +++------ images/jekyll/Dockerfile | 1 + images/jekyll/checks.rb | 36 ++++++++++++++++++++++++++++++ tools/bazeldefs/defs.bzl | 3 +++ tools/defs.bzl | 3 ++- website/BUILD | 4 +--- website/_includes/footer.html | 2 +- website/_includes/graph.html | 2 +- website/_includes/header-links.html | 2 +- website/_layouts/docs.html | 4 ++-- website/blog/2019-11-18-security-basics.md | 23 ++++++++++++------- website/defs.bzl | 4 +++- 12 files changed, 69 insertions(+), 25 deletions(-) create mode 100644 images/jekyll/checks.rb (limited to 'website/_includes') diff --git a/g3doc/README.md b/g3doc/README.md index 7956fe739..22bfb15f7 100644 --- a/g3doc/README.md +++ b/g3doc/README.md @@ -117,9 +117,7 @@ for more information on filesystem bundles. `runsc` implements multiple commands that perform various functions such as starting, stopping, listing, and querying the status of containers. -### Sentry - - +### Sentry {#sentry} The Sentry is the largest component of gVisor. It can be thought of as a application kernel. The Sentry implements all the kernel functionality needed by @@ -136,9 +134,7 @@ calls it makes. For example, the Sentry is not able to open files directly; file system operations that extend beyond the sandbox (not internal `/proc` files, pipes, etc) are sent to the Gofer, described below. -### Gofer - - +### Gofer {#gofer} The Gofer is a standard host process which is started with each container and communicates with the Sentry via the [9P protocol][9p] over a socket or shared @@ -146,7 +142,7 @@ memory channel. The Sentry process is started in a restricted seccomp container without access to file system resources. The Gofer mediates all access to the these resources, providing an additional level of isolation. -### Application +### Application {#application} The application is a normal Linux binary provided to gVisor in an OCI runtime bundle. gVisor aims to provide an environment equivalent to Linux v4.4, so diff --git a/images/jekyll/Dockerfile b/images/jekyll/Dockerfile index 4860dd750..ba039ba15 100644 --- a/images/jekyll/Dockerfile +++ b/images/jekyll/Dockerfile @@ -10,4 +10,5 @@ RUN gem install \ jekyll-relative-links:0.6.1 \ jekyll-feed:0.13.0 \ jekyll-sitemap:1.4.0 +COPY checks.rb /checks.rb CMD ["/usr/gem/gems/jekyll-4.0.0/exe/jekyll", "build", "-t", "-s", "/input", "-d", "/output"] diff --git a/images/jekyll/checks.rb b/images/jekyll/checks.rb new file mode 100644 index 000000000..fc7e6b5a8 --- /dev/null +++ b/images/jekyll/checks.rb @@ -0,0 +1,36 @@ +#!/usr/local/bin/ruby +# +# HTMLProofer checks for the gVisor website. +# +require 'html-proofer' + +# NoOpenerCheck checks to make sure links with target=_blank include the +# rel=noopener attribute. +class NoOpenerCheck < ::HTMLProofer::Check + def run + @html.css('a').each do |node| + link = create_element(node) + line = node.line + + rel = link.respond_to?(:rel) ? link.rel.split(' ') : [] + + if link.respond_to?(:target) && link.target == "_blank" && !rel.include?("noopener") + return add_issue("You should set rel=noopener for links with target=_blank", line: line) + end + end + end +end + +def main() + options = { + :check_html => true, + :check_favicon => true, + :disable_external => true, + } + + HTMLProofer.check_directories(ARGV, options).run +end + +if __FILE__ == $0 + main +end diff --git a/tools/bazeldefs/defs.bzl b/tools/bazeldefs/defs.bzl index 620c460de..3db8e13d0 100644 --- a/tools/bazeldefs/defs.bzl +++ b/tools/bazeldefs/defs.bzl @@ -32,6 +32,9 @@ rbe_platform = native.platform rbe_toolchain = native.toolchain vdso_linker_option = "-fuse-ld=gold " +def short_path(path): + return path + def proto_library(name, has_services = None, **kwargs): native.proto_library( name = name, diff --git a/tools/defs.bzl b/tools/defs.bzl index 40afcdb79..e35e29634 100644 --- a/tools/defs.bzl +++ b/tools/defs.bzl @@ -7,7 +7,7 @@ change for Google-internal and bazel-compatible rules. load("//tools/go_stateify:defs.bzl", "go_stateify") load("//tools/go_marshal:defs.bzl", "go_marshal", "marshal_deps", "marshal_test_deps") -load("//tools/bazeldefs:defs.bzl", _build_test = "build_test", _cc_binary = "cc_binary", _cc_flags_supplier = "cc_flags_supplier", _cc_grpc_library = "cc_grpc_library", _cc_library = "cc_library", _cc_proto_library = "cc_proto_library", _cc_test = "cc_test", _cc_toolchain = "cc_toolchain", _default_installer = "default_installer", _default_net_util = "default_net_util", _gazelle = "gazelle", _gbenchmark = "gbenchmark", _go_binary = "go_binary", _go_embed_data = "go_embed_data", _go_grpc_and_proto_libraries = "go_grpc_and_proto_libraries", _go_library = "go_library", _go_path = "go_path", _go_proto_library = "go_proto_library", _go_test = "go_test", _grpcpp = "grpcpp", _gtest = "gtest", _loopback = "loopback", _pkg_deb = "pkg_deb", _pkg_tar = "pkg_tar", _proto_library = "proto_library", _py_binary = "py_binary", _py_library = "py_library", _py_requirement = "py_requirement", _py_test = "py_test", _rbe_platform = "rbe_platform", _rbe_toolchain = "rbe_toolchain", _select_arch = "select_arch", _select_system = "select_system", _vdso_linker_option = "vdso_linker_option") +load("//tools/bazeldefs:defs.bzl", _build_test = "build_test", _cc_binary = "cc_binary", _cc_flags_supplier = "cc_flags_supplier", _cc_grpc_library = "cc_grpc_library", _cc_library = "cc_library", _cc_proto_library = "cc_proto_library", _cc_test = "cc_test", _cc_toolchain = "cc_toolchain", _default_installer = "default_installer", _default_net_util = "default_net_util", _gazelle = "gazelle", _gbenchmark = "gbenchmark", _go_binary = "go_binary", _go_embed_data = "go_embed_data", _go_grpc_and_proto_libraries = "go_grpc_and_proto_libraries", _go_library = "go_library", _go_path = "go_path", _go_proto_library = "go_proto_library", _go_test = "go_test", _grpcpp = "grpcpp", _gtest = "gtest", _loopback = "loopback", _pkg_deb = "pkg_deb", _pkg_tar = "pkg_tar", _proto_library = "proto_library", _py_binary = "py_binary", _py_library = "py_library", _py_requirement = "py_requirement", _py_test = "py_test", _rbe_platform = "rbe_platform", _rbe_toolchain = "rbe_toolchain", _select_arch = "select_arch", _select_system = "select_system", _short_path = "short_path", _vdso_linker_option = "vdso_linker_option") load("//tools/bazeldefs:platforms.bzl", _default_platform = "default_platform", _platforms = "platforms") load("//tools/bazeldefs:tags.bzl", "go_suffixes") load("//tools/nogo:defs.bzl", "nogo_test") @@ -38,6 +38,7 @@ py_requirement = _py_requirement py_test = _py_test select_arch = _select_arch select_system = _select_system +short_path = _short_path rbe_platform = _rbe_platform rbe_toolchain = _rbe_toolchain vdso_linker_option = _vdso_linker_option diff --git a/website/BUILD b/website/BUILD index 4488cb543..10e0299ae 100644 --- a/website/BUILD +++ b/website/BUILD @@ -55,9 +55,7 @@ genrule( "docker run -i --user $$(id -u):$$(id -g) " + "-v $$(readlink -m $$T/output/_site):/output " + "gvisor.dev/images/jekyll " + - "/usr/gem/bin/htmlproofer " + - "--disable-external " + - "--check-html " + + "ruby /checks.rb " + "/output && " + "cp $(location //website/cmd/server) $$T/output/server && " + "tar -zcf $@ -C $$T/output . && " + diff --git a/website/_includes/footer.html b/website/_includes/footer.html index 9cc8176f7..c1a373329 100644 --- a/website/_includes/footer.html +++ b/website/_includes/footer.html @@ -8,7 +8,7 @@ {% if site.analytics %} -