diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 02c59d38420..5ae223289b4 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -126,7 +126,7 @@ jobs: run: make cross - misc: + cfmt: runs-on: ubuntu-20.04 steps: - name: checkout @@ -136,8 +136,23 @@ jobs: - name: install deps run: | sudo apt -qq update - sudo apt -qq install libseccomp-dev indent - - name: make validate - run: make validate + sudo apt -qq install indent + - name: cfmt + run: | + make cfmt + git diff --exit-code + + + release: + runs-on: ubuntu-20.04 + steps: + - name: checkout + uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: install deps + run: | + sudo apt -qq update + sudo apt -qq install libseccomp-dev - name: make release run: make release diff --git a/Makefile b/Makefile index 6f65d0dcd13..448fde65e77 100644 --- a/Makefile +++ b/Makefile @@ -114,8 +114,9 @@ clean: rm -rf release rm -rf man/man8 -validate: - script/validate-c +cfmt: C_SRC=$(shell git ls-files '*.c' | grep -v '^vendor/') +cfmt: + indent -linux -l120 -il0 -ppi2 -cp1 -T size_t -T jmp_buf $(C_SRC) shellcheck: shellcheck tests/integration/*.bats tests/integration/*.sh tests/*.sh @@ -150,5 +151,5 @@ localcross: .PHONY: runc all recvtty static release dbuild lint man runcimage \ test localtest unittest localunittest integration localintegration \ rootlessintegration localrootlessintegration shell install install-bash \ - install-man clean validate shfmt shellcheck \ + install-man clean cfmt shfmt shellcheck \ vendor verify-dependencies cross localcross diff --git a/libcontainer/nsenter/cloned_binary.c b/libcontainer/nsenter/cloned_binary.c index 2667cd65c29..402659c510f 100644 --- a/libcontainer/nsenter/cloned_binary.c +++ b/libcontainer/nsenter/cloned_binary.c @@ -65,19 +65,20 @@ # else /* These values come from . */ # warning "libc is outdated -- using hard-coded SYS_memfd_create" -# if defined(__x86_64__) // x86_64 +# if defined(__x86_64__) // x86_64 # define SYS_memfd_create 319 -# elif defined(__i386__) // i386 +# elif defined(__i386__) // i386 # define SYS_memfd_create 356 -# elif defined(__ia64__) // ia64 +# elif defined(__ia64__) // ia64 # define SYS_memfd_create 1340 -# elif defined(__arm__) // arm +# elif defined(__arm__) // arm # define SYS_memfd_create 385 -# elif defined(__aarch64__) // arm64 +# elif defined(__aarch64__) // arm64 # define SYS_memfd_create 279 -# elif defined(__ppc__) || defined(__ppc64__) // ppc + ppc64 +# elif defined(__ppc__) || defined(__ppc64__)// ppc + ppc64 # define SYS_memfd_create 360 -# elif defined(__s390__) || defined(__s390x__) // s390(x) +# elif defined(__s390__) || defined(__s390x__) + // s390(x) # define SYS_memfd_create 350 # else # error "unknown architecture -- cannot hard-code SYS_memfd_create" @@ -101,7 +102,6 @@ int memfd_create(const char *name, unsigned int flags) #endif } - /* This comes directly from . */ #ifndef F_LINUX_SPECIFIC_BASE # define F_LINUX_SPECIFIC_BASE 1024 @@ -127,7 +127,7 @@ static void *must_realloc(void *ptr, size_t size) void *old = ptr; do { ptr = realloc(old, size); - } while(!ptr); + } while (!ptr); return ptr; } @@ -139,10 +139,10 @@ static void *must_realloc(void *ptr, size_t size) static int is_self_cloned(void) { int fd, ret, is_cloned = 0; - struct stat statbuf = {}; - struct statfs fsbuf = {}; + struct stat statbuf = { }; + struct statfs fsbuf = { }; - fd = open("/proc/self/exe", O_RDONLY|O_CLOEXEC); + fd = open("/proc/self/exe", O_RDONLY | O_CLOEXEC); if (fd < 0) { fprintf(stderr, "you have no read access to runc binary file\n"); return -ENOTRECOVERABLE; @@ -298,7 +298,7 @@ enum { static int make_execfd(int *fdtype) { int fd = -1; - char template[PATH_MAX] = {0}; + char template[PATH_MAX] = { 0 }; char *prefix = getenv("_LIBCONTAINER_STATEDIR"); if (!prefix || *prefix != '/') @@ -327,7 +327,7 @@ static int make_execfd(int *fdtype) *fdtype = EFD_FILE; fd = open(prefix, O_TMPFILE | O_EXCL | O_RDWR | O_CLOEXEC, 0700); if (fd >= 0) { - struct stat statbuf = {}; + struct stat statbuf = { }; bool working_otmpfile = false; /* @@ -372,27 +372,27 @@ static int seal_execfd(int *fd, int fdtype) switch (fdtype) { case EFD_MEMFD: return fcntl(*fd, F_ADD_SEALS, RUNC_MEMFD_SEALS); - case EFD_FILE: { - /* Need to re-open our pseudo-memfd as an O_PATH to avoid execve(2) giving -ETXTBSY. */ - int newfd; - char fdpath[PATH_MAX] = {0}; + case EFD_FILE:{ + /* Need to re-open our pseudo-memfd as an O_PATH to avoid execve(2) giving -ETXTBSY. */ + int newfd; + char fdpath[PATH_MAX] = { 0 }; - if (fchmod(*fd, 0100) < 0) - return -1; + if (fchmod(*fd, 0100) < 0) + return -1; - if (snprintf(fdpath, sizeof(fdpath), "/proc/self/fd/%d", *fd) < 0) - return -1; + if (snprintf(fdpath, sizeof(fdpath), "/proc/self/fd/%d", *fd) < 0) + return -1; - newfd = open(fdpath, O_PATH | O_CLOEXEC); - if (newfd < 0) - return -1; + newfd = open(fdpath, O_PATH | O_CLOEXEC); + if (newfd < 0) + return -1; - close(*fd); - *fd = newfd; - return 0; - } + close(*fd); + *fd = newfd; + return 0; + } default: - break; + break; } return -1; } @@ -400,7 +400,7 @@ static int seal_execfd(int *fd, int fdtype) static int try_bindfd(void) { int fd, ret = -1; - char template[PATH_MAX] = {0}; + char template[PATH_MAX] = { 0 }; char *prefix = getenv("_LIBCONTAINER_STATEDIR"); if (!prefix || *prefix != '/') @@ -428,7 +428,6 @@ static int try_bindfd(void) if (mount("", template, "", MS_REMOUNT | MS_BIND | MS_RDONLY, "") < 0) goto out_umount; - /* Get read-only handle that we're sure can't be made read-write. */ ret = open(template, O_PATH | O_CLOEXEC); @@ -472,7 +471,7 @@ static ssize_t fd_to_fd(int outfd, int infd) if (n < 0) return -1; nwritten += n; - } while(nwritten < nread); + } while (nwritten < nread); total += nwritten; } @@ -483,7 +482,7 @@ static ssize_t fd_to_fd(int outfd, int infd) static int clone_binary(void) { int binfd, execfd; - struct stat statbuf = {}; + struct stat statbuf = { }; size_t sent = 0; int fdtype = EFD_NONE; diff --git a/libcontainer/nsenter/nsexec.c b/libcontainer/nsenter/nsexec.c index 65af7401f06..c0a05920989 100644 --- a/libcontainer/nsenter/nsexec.c +++ b/libcontainer/nsenter/nsexec.c @@ -56,7 +56,7 @@ struct clone_t { * Reserve some space for clone() to locate arguments * and retcode in this place */ - char stack[4096] __attribute__ ((aligned(16))); + char stack[4096] __attribute__((aligned(16))); char stack_ptr[0]; /* There's two children. This is used to execute the different code. */ @@ -118,15 +118,15 @@ static int logfd = -1; * it, namely (glibc 2.12). */ #if __GLIBC__ == 2 && __GLIBC_MINOR__ < 14 -# define _GNU_SOURCE -# include "syscall.h" -# if !defined(SYS_setns) && defined(__NR_setns) -# define SYS_setns __NR_setns -# endif - -#ifndef SYS_setns -# error "setns(2) syscall not supported by glibc version" -#endif +# define _GNU_SOURCE +# include "syscall.h" +# if !defined(SYS_setns) && defined(__NR_setns) +# define SYS_setns __NR_setns +# endif + +# ifndef SYS_setns +# error "setns(2) syscall not supported by glibc version" +# endif int setns(int fd, int nstype) { @@ -136,7 +136,7 @@ int setns(int fd, int nstype) static void write_log_with_info(const char *level, const char *function, int line, const char *format, ...) { - char message[1024] = {}; + char message[1024] = { }; va_list args; @@ -187,7 +187,7 @@ static int write_file(char *data, size_t data_len, char *pathfmt, ...) goto out; } - out: +out: close(fd); return ret; } @@ -328,14 +328,14 @@ static void update_oom_score_adj(char *data, size_t len) } /* A dummy function that just jumps to the given jumpval. */ -static int child_func(void *arg) __attribute__ ((noinline)); +static int child_func(void *arg) __attribute__((noinline)); static int child_func(void *arg) { struct clone_t *ca = (struct clone_t *)arg; longjmp(*ca->env, ca->jmpval); } -static int clone_parent(jmp_buf *env, int jmpval) __attribute__ ((noinline)); +static int clone_parent(jmp_buf *env, int jmpval) __attribute__((noinline)); static int clone_parent(jmp_buf *env, int jmpval) { struct clone_t ca = { diff --git a/script/.validate b/script/.validate deleted file mode 100644 index 170d67472b7..00000000000 --- a/script/.validate +++ /dev/null @@ -1,33 +0,0 @@ -#!/bin/bash - -if [ -z "$VALIDATE_UPSTREAM" ]; then - # this is kind of an expensive check, so let's not do this twice if we - # are running more than one validate bundlescript - - VALIDATE_REPO='https://github.com/opencontainers/runc.git' - VALIDATE_BRANCH='master' - - if [ "$TRAVIS" = 'true' -a "$TRAVIS_PULL_REQUEST" != 'false' ]; then - VALIDATE_REPO="https://github.com/${TRAVIS_REPO_SLUG}.git" - VALIDATE_BRANCH="${TRAVIS_BRANCH}" - fi - - VALIDATE_HEAD="$(git rev-parse --verify HEAD)" - - git fetch -q "$VALIDATE_REPO" "refs/heads/$VALIDATE_BRANCH" - VALIDATE_UPSTREAM="$(git rev-parse --verify FETCH_HEAD)" - - VALIDATE_COMMIT_LOG="$VALIDATE_UPSTREAM..$VALIDATE_HEAD" - VALIDATE_COMMIT_DIFF="$VALIDATE_UPSTREAM...$VALIDATE_HEAD" - - validate_diff() { - if [ "$VALIDATE_UPSTREAM" != "$VALIDATE_HEAD" ]; then - git diff "$VALIDATE_COMMIT_DIFF" "$@" - fi - } - validate_log() { - if [ "$VALIDATE_UPSTREAM" != "$VALIDATE_HEAD" ]; then - git log "$VALIDATE_COMMIT_LOG" "$@" - fi - } -fi diff --git a/script/validate-c b/script/validate-c deleted file mode 100755 index c5333a8fd5f..00000000000 --- a/script/validate-c +++ /dev/null @@ -1,42 +0,0 @@ -#!/bin/bash - -source "$(dirname "$BASH_SOURCE")/.validate" - -IFS=$'\n' -files=($(validate_diff --diff-filter=ACMR --name-only -- '*.c' | grep -v '^vendor/' || true)) -unset IFS - -# indent(1): "You must use the ‘-T’ option to tell indent the name of all the typenames in your program that are defined by typedef." -INDENT="indent -linux -l120 -T size_t -T jmp_buf" -if [ -z "$(indent --version 2>&1 | grep GNU)" ]; then - echo "Skipping C indentation checks, as GNU indent is not installed." - exit 0 -fi - -badFiles=() -for f in "${files[@]}"; do - orig=$(mktemp) - formatted=$(mktemp) - # we use "git show" here to validate that what's committed is formatted - git show "$VALIDATE_HEAD:$f" >${orig} - ${INDENT} ${orig} -o ${formatted} - if [ "$(diff -u ${orig} ${formatted})" ]; then - badFiles+=("$f") - fi - rm -f ${orig} ${formatted} -done - -if [ ${#badFiles[@]} -eq 0 ]; then - echo 'Congratulations! All C source files are properly formatted.' -else - { - echo "These files are not properly formatted:" - for f in "${badFiles[@]}"; do - echo " - $f" - done - echo - echo "Please reformat the above files using \"${INDENT}\" and commit the result." - echo - } >&2 - false -fi