Update the `native-builder` branch with the latest changes in the `main` branch by dkovba · Pull Request #632 · apple/container
…556) This PR improves the user experience when using the uninstall script to include usage output when an incorrect number of options are provided to the script. Signed-off-by: Kathryn Baldauf <k_baldauf@apple.com>
## Type of Change - [x] Bug fix ## Description Resolves #565. Relative paths in type=bind mounts now resolve to absolute paths instead of being validated as volume names. Added some tests generated using gen AI for this scenario.
## Type of Change - [x] Bug fix ## Description This PR checks if the found entry in the archive for the requested kernel path is a symlink, and if so, follows the symlink. I've opened a separate issue to track creating tests for kernel downloading here #574 and will create a follow-up PR for those. ## Motivation and Context This PR fixes an issue reported in #475 where installing a kernel from a tar archive does not follow symlinks in the archive. ## Testing - [x] Tested locally Signed-off-by: Kathryn Baldauf <k_baldauf@apple.com>
## Type of Change - [x] New feature ## Description Add option to force kernel setting and tests for CLI `kernel set`. Related to #575. ## Motivation and Context This PR adds additional tests to ensure that we can set kernels from local files, remote tar files, and local tar files. A new option `force` is added to the `kernel set` subcommand which will overwrite an existing kernel with the same name if one exists to make testing easier. The tests ensure that a container can be started with the newly set kernel and resets to the default recommended kernel when complete. ## Testing - [x] Tested locally - [x] Added/updated tests Signed-off-by: Kathryn Baldauf <k_baldauf@apple.com>
## Type of Change - [x] Bug fix ## Description Allow kernel set with tar to use relative paths to tar file. Fixes #573. ## Motivation and Context `absoluteString` will prefix a scheme to the file path that looks like "file://". This will cause file manager to fail to find the file at the file path even if it exists. Change to instead just get the `path` of the file, which does not add a scheme prefix. ## Testing - [x] Tested locally Signed-off-by: Kathryn Baldauf <k_baldauf@apple.com>
## Type of Change - [x] Process update ## Description Remove description field in PR template ## Motivation and Context I think having separate `Description` and `Motivation and Context` sections have been redundant in recent usage of the PR template. This PR removes the `Description` section. Ideally the PR title should cover the same content previously in the `Description` section. Signed-off-by: Kathryn Baldauf <k_baldauf@apple.com>
## Type of Change - [x] Bug fix - [ ] New feature - [ ] Breaking change - [ ] Documentation update ## Description Correct signal semantics for plugins: Container binary currently execs into plugin binaries. If the parent CLI keeps SIGINT/SIGTERM handlers installed, it can intercept/alter signal behavior intended for the plugin (e.g., preventing graceful shutdown in foreground workflows). ## Motivation and Context During the development of a plugin (docker compose compatibility plugin), I encountered a major issues where CTRL-C (SIGTERM) was not being sent to my plugin. CLI plugins, especially those that have long running tasks need a way to handle signals from the OS. Current, we exec into plugin binaries. If the parent CLI keeps SIGINT/SIGTERM handlers installed, it can intercept/alter signal behavior intended for the plugin (e.g., preventing graceful shutdown in foreground workflows). ### What we changed: - Signals handed back to plugins: - DefaultCommand resets SIGINT/SIGTERM to defaults immediately before exec’ing the plugin. - Rationale: since exec replaces the process image, signals should be delivered to (and handled by) the plugin without parent interference. - Non‑plugin commands remain unaffected by this change. - Compatibility: No change to plugin ABI or exec flow. ### Alternatives considered: - Supervising child instead of exec: central forwarding of signals from parent to plugin. Rejected for now to avoid changing process tree/stdio semantics; resetting to defaults before exec preserves current model while fixing signal interference. ## Testing - [X] Tested locally - [ ] Added/updated tests - [ ] Added/updated docs
Closes #585 Has a fix for if a uid doesn't exist in /etc/passwd.
Users frequently saw “failed to find plugin …” when the system services weren’t running; the message didn’t explain the root cause or where plugins are looked up. No change to plugin execution flow; only error messaging and path discovery hints are improved for a better UX.
## Type of Change
- [ ] Bug fix
- [x] New feature
- [ ] Breaking change
- [ ] Documentation update
## Description
```bash
% container image save -o container.tar python:alpine alpine:latest
Warning! Running debug build. Performance may be degraded.
Image(s) saved
% tar tf container.tar
oci-layout
blobs/
blobs/sha256/
blobs/sha256/02f8efbefad605a169e89926147edd0676646263268f303c6fb3cdfdbc4a9612
blobs/sha256/a4bb08daca6b0385b17761b170fc91b20ab2ec072f70f9260149f8d61846ac13
blobs/sha256/588270f913bc82b4dbeee27bc249e4d314894becd18cccdc13645f669972c91e
blobs/sha256/692b7bac6678f5809640189eb1d95a3277689ec643201c465ecd44e72db7d029
blobs/sha256/1d24a57b1de9b287d9a9e1e231b71a235b836dc1852155b943b927a411d8c394
blobs/sha256/f9841e55dcbf5a6fcc702b25ce6e411ebdcb30680f94afd8060cb20bb20bd75c
blobs/sha256/0b83d017db6efafadf6b3f18d087d2ce1d67d8f0e927dc7254b0ad088074cd3a
blobs/sha256/b2236d9e1563c507613962c1ebbd7b3d307969ec2ee355b781b68440f4f0bee3
blobs/sha256/6e174226ea690ced550e5641249a412cdbefd2d09871f3e64ab52137a54ba606
blobs/sha256/c879780ac011609647c8714eef9e6490c42bf20128b32f4b31c4daad1242647b
blobs/sha256/26a1da51444d4cbbba3233caa342d0397ac4f93dc8e305e31989fd782b3107da
index.json
% tar -xOf container.tar index.json | python3 -m json.tool
{
"schemaVersion": 2,
"mediaType": "application/vnd.oci.image.index.v1+json",
"manifests": [
{
"mediaType": "application/vnd.oci.image.index.v1+json",
"annotations": {
"org.opencontainers.image.ref.name": "docker.io/library/python:alpine",
"io.containerd.image.name": "docker.io/library/python:alpine",
"com.apple.containerization.image.name": "docker.io/library/python:alpine"
},
"size": 944,
"digest": "sha256:1d24a57b1de9b287d9a9e1e231b71a235b836dc1852155b943b927a411d8c394"
},
{
"mediaType": "application/vnd.oci.image.index.v1+json",
"annotations": {
"io.containerd.image.name": "docker.io/library/alpine:latest",
"org.opencontainers.image.ref.name": "docker.io/library/alpine:latest",
"com.apple.containerization.image.name": "docker.io/library/alpine:latest"
},
"size": 497,
"digest": "sha256:692b7bac6678f5809640189eb1d95a3277689ec643201c465ecd44e72db7d029"
}
]
}
```
## Motivation and Context
`image load` can read multiple images from a tar file, but `image save`
cannot save multiple images today.
## Testing
- [x] Tested locally
- [ ] Added/updated tests (TODO: roundtrip test pull-save-rm-load)
- [ ] Added/updated docs (TODO: check command reference)
To handle warnings as errors when building, use make. To allow warnings, use make WARNINGS_AS_ERRORS=false test. Also see apple/containerization#271.
- Closes #596. ## Type of Change - [ ] Bug fix - [ ] New feature - [x] Breaking change - [ ] Documentation update ## Motivation and Context - Part of UX audit #385. - All other resource subcommands are singular and have no plural alias. - `container image` corresponds to `docker image`; `container images` does not. ## Testing - [x] Tested locally - [x] Added/updated tests - [x] Added/updated docs
- Closes #568. ## Type of Change - [ ] Bug fix - [ ] New feature - [ ] Breaking change - [x] Documentation update ## Motivation and Context Uninstall script will fail with an informative message if the users doesn't run `container system stop`, but including this step in the upgrade process reinforces the need to do this. Upgrading without restarting the service can lead to unexpected failures due to API or persistent data incompatibility. ## Testing - [ ] Tested locally - [ ] Added/updated tests - [x] Added/updated docs
- Closes #547. - Reduce DNS test count, make tests more readable. ## Type of Change - [x] Bug fix - [ ] New feature - [ ] Breaking change - [ ] Documentation update ## Motivation and Context Painful to have to unset the default domain on a dev system to pass local integration tests. ## Testing - [x] Tested locally - [x] Added/updated tests - [ ] Added/updated docs
With `swift-tools-version: 6.2`, strict concurrency checking is enabled by default - there is no need to enable it explicitly.
- Makes available the proxy utility from containerization#288. ## Type of Change - [ ] Bug fix - [x] New feature - [ ] Breaking change - [ ] Documentation update ## Motivation and Context The proxy utility allows forward progress on #533. ## Testing - [x] Tested locally - [ ] Added/updated tests - [ ] Added/updated docs
…605) ## Type of Change - [x] Dependency update ## Motivation and Context A change was made in container-builder-shim to support BuildKit's default global args apple/container-builder-shim#44. A new tag of container-builder-shim was made with this change and this PR updates to that new tag for container-builder-shim. Signed-off-by: Kathryn Baldauf <k_baldauf@apple.com>
## Type of Change - [ ] Bug fix - [ ] New feature - [ ] Breaking change - [ ] Documentation update ## Motivation and Context 0.7.1 containerization contained a couple inadvertent commit reverts. ## Testing - [ ] Tested locally - [ ] Added/updated tests - [ ] Added/updated docs
- Closes #557. - Breaking change: removes `.upToNextOption` for labels on volumes as this is not what is done for containers, and it forces the argument to precede the options if a label is supplied, which is non-intuitive. ## Type of Change - [ ] Bug fix - [x] New feature - [x] Breaking change - [x] Documentation update ## Motivation and Context Consistent features and UX across managed resources. ## Testing - [x] Tested locally - [x] Added/updated tests - [x] Added/updated docs
- Closes #615. Improves project organization. Separates service so it can be tested and used separately from the executable target. No functional changes.
…ion of special paths like /tmp (#613) ## Type of Change - [x] Bug fix - [ ] New feature - [ ] Breaking change - [ ] Documentation update ## Motivation and Context Fixes #588. This PR changes the archiver compression file enumeration to use the [enumerator(atPath:)](https://developer.apple.com/documentation/foundation/filemanager/enumerator(atpath:)) version. This version returns relative paths instead of full file paths from the filesystem. /tmp is symlinked to /private/tmp and some swift packages will handle that path differently. While a call to Foundation's `URL.resolvingSymlinksInPath()` will return "/tmp", a call to `FileManager.enumerator(at:)` will return "/private/tmp". This difference causes a container image build to fail when the user is using a path under /tmp or other special case paths as the context directory. ## Testing - [x] Tested locally - [x] Added/updated tests - [ ] Added/updated docs Signed-off-by: Kathryn Baldauf <k_baldauf@apple.com>
Common subcommands for all defaults. - Closes #384. - Replaces `registry default` and `system dns default` subcommands with `system property`. - Users can use `system property ls` to see details about each supported default value. - `system property set` implements reasonable validation for all properties. - NOTE: Probing of the registry for `registry default set` was removed, which means users will find out about a botched setting when pulling or pushing. - Updates docs. ## Type of Change - [ ] Bug fix - [x] New feature - [x] Breaking change - [x] Documentation update ## Motivation and Context See #384. ## Testing - [x] Tested locally - [x] Added/updated tests - [x] Added/updated docs
The changes in this PR improve the consistency of using a lock in the `ExecutionContext` class.
This PR fixes failing network tests by using lowercased names. Additionally, it reduces code duplication.
## Type of Change - [ ] Bug fix - [x] New feature - [ ] Breaking change - [ ] Documentation update ## Motivation and Context Plugins technically exist, but to add shortcuts or to do existing things with functions in `container` requires calling a compiled binary. This pull request aims to remove that hurdle and instability by exposing commands as a new `ContainerCommands ` target. Simply import `ContainerCommands` and you can access almost any command as if it were a native part of the binary. This makes plugin development significantly easier. Closes #609.