From a4894643977c39b95aa04da09da621cac51fb3de Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert Date: Wed, 16 Mar 2022 16:33:09 -0400 Subject: [PATCH 1/9] workflows: apt-get update before installing packages Old package versions can be removed from the mirror, which could cause job failures. --- .github/workflows/go.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml index 0ed513190e..795463a50c 100644 --- a/.github/workflows/go.yml +++ b/.github/workflows/go.yml @@ -24,7 +24,9 @@ jobs: - name: Checkout Repository uses: actions/checkout@v2 - name: Install libblkid-dev - run: sudo apt-get install libblkid-dev + run: | + sudo apt-get update + sudo apt-get install libblkid-dev - name: Run tests run: ./test - name: Run linter From 7a3e79bcc8865374936ae3e4c62d58e6f0f1c5a1 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert Date: Thu, 17 Mar 2022 17:10:20 -0400 Subject: [PATCH 2/9] go.mod: update vmw-guestinfo Short-term/partial fix for https://github.com/coreos/ignition/issues/1092. --- go.mod | 2 +- go.sum | 4 +- internal/providers/vmware/vmware_amd64.go | 2 +- .../vmware/vmw-guestinfo/bdoor/bdoor.go | 3 + .../vmware/vmw-guestinfo/bdoor/bdoor_386.s | 74 +++++---------- .../vmware/vmw-guestinfo/bdoor/bdoor_amd64.s | 64 ++++--------- .../vmware/vmw-guestinfo/vmcheck/vmcheck.go | 92 ++++++++++++------- .../vmw-guestinfo/vmcheck/vmcheck_386.s | 8 +- .../vmw-guestinfo/vmcheck/vmcheck_amd64.s | 9 +- vendor/modules.txt | 2 +- 10 files changed, 124 insertions(+), 136 deletions(-) diff --git a/go.mod b/go.mod index 8bacb1113a..a9c3c52981 100644 --- a/go.mod +++ b/go.mod @@ -16,7 +16,7 @@ require ( github.com/spf13/pflag v1.0.6-0.20210604193023-d5e0c0615ace github.com/stretchr/testify v1.7.0 github.com/vincent-petithory/dataurl v1.0.0 - github.com/vmware/vmw-guestinfo v0.0.0-20170707015358-25eff159a728 + github.com/vmware/vmw-guestinfo v0.0.0-20220317130741-510905f0efa3 github.com/vmware/vmw-ovflib v0.0.0-20170608004843-1f217b9dc714 go.opencensus.io v0.22.5 // indirect golang.org/x/net v0.0.0-20200602114024-627f9648deb9 diff --git a/go.sum b/go.sum index 3dccd8cb7e..d57d450940 100644 --- a/go.sum +++ b/go.sum @@ -153,8 +153,8 @@ github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5Cc github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/vincent-petithory/dataurl v1.0.0 h1:cXw+kPto8NLuJtlMsI152irrVw9fRDX8AbShPRpg2CI= github.com/vincent-petithory/dataurl v1.0.0/go.mod h1:FHafX5vmDzyP+1CQATJn7WFKc9CvnvxyvZy6I1MrG/U= -github.com/vmware/vmw-guestinfo v0.0.0-20170707015358-25eff159a728 h1:sH9mEk+flyDxiUa5BuPiuhDETMbzrt9A20I2wktMvRQ= -github.com/vmware/vmw-guestinfo v0.0.0-20170707015358-25eff159a728/go.mod h1:x9oS4Wk2s2u4tS29nEaDLdzvuHdB19CvSGJjPgkZJNk= +github.com/vmware/vmw-guestinfo v0.0.0-20220317130741-510905f0efa3 h1:v6jG/tdl4O07LNVp74Nt7/OyL+1JsIW1M2f/nSvQheY= +github.com/vmware/vmw-guestinfo v0.0.0-20220317130741-510905f0efa3/go.mod h1:CSBTxrhePCm0cmXNKDGeu+6bOQzpaEklfCqEpn89JWk= github.com/vmware/vmw-ovflib v0.0.0-20170608004843-1f217b9dc714 h1:wJqF3m4Tj8I4beSi6vGxIyNtsq6wwGqhK3UnA99ltL4= github.com/vmware/vmw-ovflib v0.0.0-20170608004843-1f217b9dc714/go.mod h1:jiPk45kn7klhByRvUq5i2vo1RtHKBHj+iWGFpxbXuuI= github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= diff --git a/internal/providers/vmware/vmware_amd64.go b/internal/providers/vmware/vmware_amd64.go index b4ad39a7c5..6447987de1 100644 --- a/internal/providers/vmware/vmware_amd64.go +++ b/internal/providers/vmware/vmware_amd64.go @@ -30,7 +30,7 @@ import ( ) func FetchConfig(f *resource.Fetcher) (types.Config, report.Report, error) { - if isVM, err := vmcheck.IsVirtualWorld(); err != nil { + if isVM, err := vmcheck.IsVirtualWorld(true); err != nil { return types.Config{}, report.Report{}, err } else if !isVM { return types.Config{}, report.Report{}, providers.ErrNoProvider diff --git a/vendor/github.com/vmware/vmw-guestinfo/bdoor/bdoor.go b/vendor/github.com/vmware/vmw-guestinfo/bdoor/bdoor.go index 43ee14cf63..b46c91b8e0 100644 --- a/vendor/github.com/vmware/vmw-guestinfo/bdoor/bdoor.go +++ b/vendor/github.com/vmware/vmw-guestinfo/bdoor/bdoor.go @@ -12,6 +12,9 @@ // See the License for the specific language governing permissions and // limitations under the License. +//go:generate go run asm.go -out bdoor_amd64.s -arch amd64 +//go:generate go run asm.go -out bdoor_386.s -arch 386 + package bdoor const ( diff --git a/vendor/github.com/vmware/vmw-guestinfo/bdoor/bdoor_386.s b/vendor/github.com/vmware/vmw-guestinfo/bdoor/bdoor_386.s index a6e11b113f..d75892f0b3 100644 --- a/vendor/github.com/vmware/vmw-guestinfo/bdoor/bdoor_386.s +++ b/vendor/github.com/vmware/vmw-guestinfo/bdoor/bdoor_386.s @@ -1,34 +1,11 @@ -#include "textflag.h" +// Code generated by command: go run asm.go -out bdoor_386.s -arch 386. DO NOT EDIT. + +// +build gc -// Doc of the golang plan9 assembler -// http://p9.nyx.link/labs/sys/doc/asm.html -// -// A good primer of how to write golang with some plan9 flavored assembly -// http://www.doxsey.net/blog/go-and-assembly -// -// Some x86 references -// http://www.eecg.toronto.edu/~amza/www.mindsec.com/files/x86regs.html -// https://cseweb.ucsd.edu/classes/sp10/cse141/pdf/02/S01_x86_64.key.pdf -// https://en.wikibooks.org/wiki/X86_Assembly/Other_Instructions -// -// (This one is invaluable. Has a working example of how a standard function -// call looks on the stack with the associated assembly.) -// https://www.recurse.com/blog/7-understanding-c-by-learning-assembly -// -// Reference with raw form of the Opcode -// http://x86.renejeschke.de/html/file_module_x86_id_139.html -// -// Massive x86_64 reference -// http://ref.x86asm.net/coder64.html#xED -// -// Adding instructions to the go assembler -// https://blog.klauspost.com/adding-unsupported-instructions-in-golang-assembler/ -// -// Backdoor commands -// https://sites.google.com/site/chitchatvmback/backdoor +#include "textflag.h" -// func bdoor_inout(ax, bx, cx, dx, si, di, bp uint32) (retax, retbx, retcx, retdx, retsi, retdi, retbp uint32) -TEXT ·bdoor_inout(SB), NOSPLIT|WRAPPER, $0 +// func bdoor_inout(ax uint32, bx uint32, cx uint32, dx uint32, si uint32, di uint32, bp uint32) (retax uint32, retbx uint32, retcx uint32, retdx uint32, retsi uint32, retdi uint32, retbp uint32) +TEXT ·bdoor_inout(SB), NOSPLIT|WRAPPER, $0-56 MOVL ax+0(FP), AX MOVL bx+4(FP), BX MOVL cx+8(FP), CX @@ -37,9 +14,8 @@ TEXT ·bdoor_inout(SB), NOSPLIT|WRAPPER, $0 MOVL di+20(FP), DI MOVL bp+24(FP), BP - // IN to DX from EAX + // IN to DX from AX INL - MOVL AX, retax+28(FP) MOVL BX, retbx+32(FP) MOVL CX, retcx+36(FP) @@ -49,8 +25,8 @@ TEXT ·bdoor_inout(SB), NOSPLIT|WRAPPER, $0 MOVL BP, retbp+52(FP) RET -// func bdoor_hbout(ax, bx, cx, dx, si, di, bp uint32) (retax, retbx, retcx, retdx, retsi, retdi, retbp uint32) -TEXT ·bdoor_hbout(SB), NOSPLIT|WRAPPER, $0 +// func bdoor_hbout(ax uint32, bx uint32, cx uint32, dx uint32, si uint32, di uint32, bp uint32) (retax uint32, retbx uint32, retcx uint32, retdx uint32, retsi uint32, retdi uint32, retbp uint32) +TEXT ·bdoor_hbout(SB), NOSPLIT|WRAPPER, $0-56 MOVL ax+0(FP), AX MOVL bx+4(FP), BX MOVL cx+8(FP), CX @@ -58,9 +34,9 @@ TEXT ·bdoor_hbout(SB), NOSPLIT|WRAPPER, $0 MOVL si+16(FP), SI MOVL di+20(FP), DI MOVL bp+24(FP), BP - - CLD; REP; OUTSB - + CLD + REP + OUTSB MOVL AX, retax+28(FP) MOVL BX, retbx+32(FP) MOVL CX, retcx+36(FP) @@ -70,8 +46,8 @@ TEXT ·bdoor_hbout(SB), NOSPLIT|WRAPPER, $0 MOVL BP, retbp+52(FP) RET -// func bdoor_hbin(ax, bx, cx, dx, si, di, bp uint32) (retax, retbx, retcx, retdx, retsi, retdi, retbp uint32) -TEXT ·bdoor_hbin(SB), NOSPLIT|WRAPPER, $0 +// func bdoor_hbin(ax uint32, bx uint32, cx uint32, dx uint32, si uint32, di uint32, bp uint32) (retax uint32, retbx uint32, retcx uint32, retdx uint32, retsi uint32, retdi uint32, retbp uint32) +TEXT ·bdoor_hbin(SB), NOSPLIT|WRAPPER, $0-56 MOVL ax+0(FP), AX MOVL bx+4(FP), BX MOVL cx+8(FP), CX @@ -79,20 +55,20 @@ TEXT ·bdoor_hbin(SB), NOSPLIT|WRAPPER, $0 MOVL si+16(FP), SI MOVL di+20(FP), DI MOVL bp+24(FP), BP - - CLD; REP; INSB - + CLD + REP + INSB MOVL AX, retax+28(FP) MOVL BX, retbx+32(FP) - MOVL CX, retcx+40(FP) - MOVL DX, retdx+44(FP) - MOVL SI, retsi+48(FP) - MOVL DI, retdi+52(FP) - MOVL BP, retbp+56(FP) + MOVL CX, retcx+36(FP) + MOVL DX, retdx+40(FP) + MOVL SI, retsi+44(FP) + MOVL DI, retdi+48(FP) + MOVL BP, retbp+52(FP) RET -// func bdoor_inout_test(ax, bx, cx, dx, si, di, bp uint32) (retax, retbx, retcx, retdx, retsi, retdi, retbp uint32) -TEXT ·bdoor_inout_test(SB), NOSPLIT|WRAPPER, $0 +// func bdoor_inout_test(ax uint32, bx uint32, cx uint32, dx uint32, si uint32, di uint32, bp uint32) (retax uint32, retbx uint32, retcx uint32, retdx uint32, retsi uint32, retdi uint32, retbp uint32) +TEXT ·bdoor_inout_test(SB), NOSPLIT|WRAPPER, $0-56 MOVL ax+0(FP), AX MOVL bx+4(FP), BX MOVL cx+8(FP), CX @@ -100,7 +76,6 @@ TEXT ·bdoor_inout_test(SB), NOSPLIT|WRAPPER, $0 MOVL si+16(FP), SI MOVL di+20(FP), DI MOVL bp+24(FP), BP - MOVL AX, retax+28(FP) MOVL BX, retbx+32(FP) MOVL CX, retcx+36(FP) @@ -109,4 +84,3 @@ TEXT ·bdoor_inout_test(SB), NOSPLIT|WRAPPER, $0 MOVL DI, retdi+48(FP) MOVL BP, retbp+52(FP) RET - diff --git a/vendor/github.com/vmware/vmw-guestinfo/bdoor/bdoor_amd64.s b/vendor/github.com/vmware/vmw-guestinfo/bdoor/bdoor_amd64.s index 62f0c06daf..f35db2735a 100644 --- a/vendor/github.com/vmware/vmw-guestinfo/bdoor/bdoor_amd64.s +++ b/vendor/github.com/vmware/vmw-guestinfo/bdoor/bdoor_amd64.s @@ -1,34 +1,11 @@ -#include "textflag.h" +// Code generated by command: go run asm.go -out bdoor_amd64.s -arch amd64. DO NOT EDIT. + +// +build gc -// Doc of the golang plan9 assembler -// http://p9.nyx.link/labs/sys/doc/asm.html -// -// A good primer of how to write golang with some plan9 flavored assembly -// http://www.doxsey.net/blog/go-and-assembly -// -// Some x86 references -// http://www.eecg.toronto.edu/~amza/www.mindsec.com/files/x86regs.html -// https://cseweb.ucsd.edu/classes/sp10/cse141/pdf/02/S01_x86_64.key.pdf -// https://en.wikibooks.org/wiki/X86_Assembly/Other_Instructions -// -// (This one is invaluable. Has a working example of how a standard function -// call looks on the stack with the associated assembly.) -// https://www.recurse.com/blog/7-understanding-c-by-learning-assembly -// -// Reference with raw form of the Opcode -// http://x86.renejeschke.de/html/file_module_x86_id_139.html -// -// Massive x86_64 reference -// http://ref.x86asm.net/coder64.html#xED -// -// Adding instructions to the go assembler -// https://blog.klauspost.com/adding-unsupported-instructions-in-golang-assembler/ -// -// Backdoor commands -// https://sites.google.com/site/chitchatvmback/backdoor +#include "textflag.h" -// func bdoor_inout(ax, bx, cx, dx, si, di, bp uint64) (retax, retbx, retcx, retdx, retsi, retdi, retbp uint64) -TEXT ·bdoor_inout(SB), NOSPLIT|WRAPPER, $0 +// func bdoor_inout(ax uint64, bx uint64, cx uint64, dx uint64, si uint64, di uint64, bp uint64) (retax uint64, retbx uint64, retcx uint64, retdx uint64, retsi uint64, retdi uint64, retbp uint64) +TEXT ·bdoor_inout(SB), NOSPLIT|WRAPPER, $0-112 MOVQ ax+0(FP), AX MOVQ bx+8(FP), BX MOVQ cx+16(FP), CX @@ -37,9 +14,8 @@ TEXT ·bdoor_inout(SB), NOSPLIT|WRAPPER, $0 MOVQ di+40(FP), DI MOVQ bp+48(FP), BP - // IN to DX from EAX + // IN to DX from AX INL - MOVQ AX, retax+56(FP) MOVQ BX, retbx+64(FP) MOVQ CX, retcx+72(FP) @@ -49,8 +25,8 @@ TEXT ·bdoor_inout(SB), NOSPLIT|WRAPPER, $0 MOVQ BP, retbp+104(FP) RET -// func bdoor_hbout(ax, bx, cx, dx, si, di, bp uint64) (retax, retbx, retcx, retdx, retsi, retdi, retbp uint64) -TEXT ·bdoor_hbout(SB), NOSPLIT|WRAPPER, $0 +// func bdoor_hbout(ax uint64, bx uint64, cx uint64, dx uint64, si uint64, di uint64, bp uint64) (retax uint64, retbx uint64, retcx uint64, retdx uint64, retsi uint64, retdi uint64, retbp uint64) +TEXT ·bdoor_hbout(SB), NOSPLIT|WRAPPER, $0-112 MOVQ ax+0(FP), AX MOVQ bx+8(FP), BX MOVQ cx+16(FP), CX @@ -58,9 +34,9 @@ TEXT ·bdoor_hbout(SB), NOSPLIT|WRAPPER, $0 MOVQ si+32(FP), SI MOVQ di+40(FP), DI MOVQ bp+48(FP), BP - - CLD; REP; OUTSB - + CLD + REP + OUTSB MOVQ AX, retax+56(FP) MOVQ BX, retbx+64(FP) MOVQ CX, retcx+72(FP) @@ -70,8 +46,8 @@ TEXT ·bdoor_hbout(SB), NOSPLIT|WRAPPER, $0 MOVQ BP, retbp+104(FP) RET -// func bdoor_hbin(ax, bx, cx, dx, si, di, bp uint64) (retax, retbx, retcx, retdx, retsi, retdi, retbp uint64) -TEXT ·bdoor_hbin(SB), NOSPLIT|WRAPPER, $0 +// func bdoor_hbin(ax uint64, bx uint64, cx uint64, dx uint64, si uint64, di uint64, bp uint64) (retax uint64, retbx uint64, retcx uint64, retdx uint64, retsi uint64, retdi uint64, retbp uint64) +TEXT ·bdoor_hbin(SB), NOSPLIT|WRAPPER, $0-112 MOVQ ax+0(FP), AX MOVQ bx+8(FP), BX MOVQ cx+16(FP), CX @@ -79,9 +55,9 @@ TEXT ·bdoor_hbin(SB), NOSPLIT|WRAPPER, $0 MOVQ si+32(FP), SI MOVQ di+40(FP), DI MOVQ bp+48(FP), BP - - CLD; REP; INSB - + CLD + REP + INSB MOVQ AX, retax+56(FP) MOVQ BX, retbx+64(FP) MOVQ CX, retcx+72(FP) @@ -91,8 +67,8 @@ TEXT ·bdoor_hbin(SB), NOSPLIT|WRAPPER, $0 MOVQ BP, retbp+104(FP) RET -// func bdoor_inout_test(ax, bx, cx, dx, si, di, bp uint64) (retax, retbx, retcx, retdx, retsi, retdi, retbp uint64) -TEXT ·bdoor_inout_test(SB), NOSPLIT|WRAPPER, $0 +// func bdoor_inout_test(ax uint64, bx uint64, cx uint64, dx uint64, si uint64, di uint64, bp uint64) (retax uint64, retbx uint64, retcx uint64, retdx uint64, retsi uint64, retdi uint64, retbp uint64) +TEXT ·bdoor_inout_test(SB), NOSPLIT|WRAPPER, $0-112 MOVQ ax+0(FP), AX MOVQ bx+8(FP), BX MOVQ cx+16(FP), CX @@ -100,7 +76,6 @@ TEXT ·bdoor_inout_test(SB), NOSPLIT|WRAPPER, $0 MOVQ si+32(FP), SI MOVQ di+40(FP), DI MOVQ bp+48(FP), BP - MOVQ AX, retax+56(FP) MOVQ BX, retbx+64(FP) MOVQ CX, retcx+72(FP) @@ -109,4 +84,3 @@ TEXT ·bdoor_inout_test(SB), NOSPLIT|WRAPPER, $0 MOVQ DI, retdi+96(FP) MOVQ BP, retbp+104(FP) RET - diff --git a/vendor/github.com/vmware/vmw-guestinfo/vmcheck/vmcheck.go b/vendor/github.com/vmware/vmw-guestinfo/vmcheck/vmcheck.go index c46cc5e455..2b668c9ba6 100644 --- a/vendor/github.com/vmware/vmw-guestinfo/vmcheck/vmcheck.go +++ b/vendor/github.com/vmware/vmw-guestinfo/vmcheck/vmcheck.go @@ -12,6 +12,9 @@ // See the License for the specific language governing permissions and // limitations under the License. +//go:generate go run asm.go -out vmcheck_amd64.s -arch amd64 +//go:generate go run asm.go -out vmcheck_386.s -arch 386 + package vmcheck import ( @@ -20,38 +23,71 @@ import ( "github.com/vmware/vmw-guestinfo/bdoor" ) +type platform struct { + cpuid func(uint32, uint32) (uint32, uint32, uint32, uint32) + accessPorts func() error + knock func() (bool, error) +} + +var defaultPlatform = &platform{ + cpuid: cpuid_low, + accessPorts: openPortsAccess, + knock: bdoorKnock, +} + // From https://github.com/intel-go/cpuid/blob/master/cpuidlow_amd64.s // Get the CPU ID low level leaf values. func cpuid_low(arg1, arg2 uint32) (eax, ebx, ecx, edx uint32) -// IsVirtualWorld returns true if running in a VM and the backdoor is available. -func IsVirtualWorld() (bool, error) { +func bdoorKnock() (bool, error) { + bp := &bdoor.BackdoorProto{} + + bp.CX.AsUInt32().SetWord(bdoor.CommandGetVersion) + out := bp.InOut() + // if there is no device, we get back all 1s + return (0xffffffff != out.AX.AsUInt32().Word()) && (0 != out.AX.AsUInt32().Word()), nil +} + +func (p *platform) isVirtualWorld(ignoreAccessErrors bool) (bool, error) { // Test the HV bit is set - if !IsVirtualCPU() { + if !p.isVirtualCPU() { return false, nil } // Test if backdoor port is available. - if isVM, err := hypervisorPortCheck(); err != nil || !isVM { - return isVM, err + return p.hypervisorPortCheck(ignoreAccessErrors) +} + +func (p *platform) isVirtualCPU() bool { + HV := uint32(1 << 31) + _, _, c, _ := p.cpuid(0x1, 0) + if (c & HV) != HV { + return false } - return true, nil + _, b, c, d := p.cpuid(0x40000000, 0) + + buf := make([]byte, 12) + binary.LittleEndian.PutUint32(buf, b) + binary.LittleEndian.PutUint32(buf[4:], c) + binary.LittleEndian.PutUint32(buf[8:], d) + + if string(buf) != "VMwareVMware" { + return false + } + + return true } -// hypervisorPortCheck tests the availability of the HV port. -func hypervisorPortCheck() (bool, error) { +// hypervisorPortCheck tests the availability of the backdoor port +// to the hypervisor, opportunistically tweaking I/O access level first. +func (p *platform) hypervisorPortCheck(ignoreAccessErrors bool) (bool, error) { // Privilege level 3 to access all ports above 0x3ff - if err := openPortsAccess(); err != nil { + if err := p.accessPorts(); err != nil && !ignoreAccessErrors { return false, err } - p := &bdoor.BackdoorProto{} - - p.CX.AsUInt32().SetWord(bdoor.CommandGetVersion) - out := p.InOut() - // if there is no device, we get back all 1s - return (0xffffffff != out.AX.AsUInt32().Word()) && (0 != out.AX.AsUInt32().Word()), nil + return p.knock() } // IsVirtualCPU checks if the cpu is a virtual CPU running on ESX. It checks for @@ -62,22 +98,14 @@ func hypervisorPortCheck() (bool, error) { // information from the HV to the guest. In ESX, this is the repeating string // "VMwareVMware". func IsVirtualCPU() bool { - HV := uint32(1 << 31) - _, _, c, _ := cpuid_low(0x1, 0) - if (c & HV) != HV { - return false - } - - _, b, c, d := cpuid_low(0x40000000, 0) - - buf := make([]byte, 12) - binary.LittleEndian.PutUint32(buf, b) - binary.LittleEndian.PutUint32(buf[4:], c) - binary.LittleEndian.PutUint32(buf[8:], d) - - if string(buf) != "VMwareVMware" { - return false - } + return defaultPlatform.isVirtualCPU() +} - return true +// isVirtualWorld returns `true` if running in a VM and the backdoor is available. +// It also tries to elevate I/O privileges for the calling thread, which in +// some cases may be forbidden by the system (e.g Linux in `kernel_lockdown` mode +// does not allow `iopl` calls); the `ignoreAccessErrors` parameter allows +// to control library behavior in order to treat such errors as non-fatal. +func IsVirtualWorld(ignoreAccessErrors bool) (bool, error) { + return defaultPlatform.isVirtualWorld(ignoreAccessErrors) } diff --git a/vendor/github.com/vmware/vmw-guestinfo/vmcheck/vmcheck_386.s b/vendor/github.com/vmware/vmw-guestinfo/vmcheck/vmcheck_386.s index c029ece200..da5fac57a4 100644 --- a/vendor/github.com/vmware/vmw-guestinfo/vmcheck/vmcheck_386.s +++ b/vendor/github.com/vmware/vmw-guestinfo/vmcheck/vmcheck_386.s @@ -1,8 +1,12 @@ +// Code generated by command: go run asm.go -out vmcheck_386.s -arch 386. DO NOT EDIT. +// +build gc + #include "textflag.h" -// From https://github.com/intel-go/cpuid/blob/master/cpuidlow_amd64.s -// func cpuid_low(arg1, arg2 uint32) (eax, ebx, ecx, edx uint32) +// func cpuid_low(arg1 uint32, arg2 uint32) (eax uint32, ebx uint32, ecx uint32, edx uint32) +// Requires: CPUID TEXT ·cpuid_low(SB), NOSPLIT, $0-24 + // From https://github.com/intel-go/cpuid/blob/master/cpuidlow_amd64.s MOVL arg1+0(FP), AX MOVL arg2+4(FP), CX CPUID diff --git a/vendor/github.com/vmware/vmw-guestinfo/vmcheck/vmcheck_amd64.s b/vendor/github.com/vmware/vmw-guestinfo/vmcheck/vmcheck_amd64.s index c029ece200..e05d81a0a1 100644 --- a/vendor/github.com/vmware/vmw-guestinfo/vmcheck/vmcheck_amd64.s +++ b/vendor/github.com/vmware/vmw-guestinfo/vmcheck/vmcheck_amd64.s @@ -1,8 +1,13 @@ +// Code generated by command: go run asm.go -out vmcheck_amd64.s -arch amd64. DO NOT EDIT. + +// +build gc + #include "textflag.h" -// From https://github.com/intel-go/cpuid/blob/master/cpuidlow_amd64.s -// func cpuid_low(arg1, arg2 uint32) (eax, ebx, ecx, edx uint32) +// func cpuid_low(arg1 uint32, arg2 uint32) (eax uint32, ebx uint32, ecx uint32, edx uint32) +// Requires: CPUID TEXT ·cpuid_low(SB), NOSPLIT, $0-24 + // From https://github.com/intel-go/cpuid/blob/master/cpuidlow_amd64.s MOVL arg1+0(FP), AX MOVL arg2+4(FP), CX CPUID diff --git a/vendor/modules.txt b/vendor/modules.txt index 7a9a7d8b8f..8b22eaa22a 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -121,7 +121,7 @@ github.com/stretchr/testify/assert # github.com/vincent-petithory/dataurl v1.0.0 ## explicit github.com/vincent-petithory/dataurl -# github.com/vmware/vmw-guestinfo v0.0.0-20170707015358-25eff159a728 +# github.com/vmware/vmw-guestinfo v0.0.0-20220317130741-510905f0efa3 ## explicit github.com/vmware/vmw-guestinfo/bdoor github.com/vmware/vmw-guestinfo/message From ad86deffc6ef386c3994db6661408c17782eea05 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert Date: Thu, 17 Mar 2022 23:06:23 -0400 Subject: [PATCH 3/9] dracut: point service Documentation field at docs site --- dracut/30ignition/ignition-disks.service | 2 +- dracut/30ignition/ignition-fetch-offline.service | 2 +- dracut/30ignition/ignition-fetch.service | 2 +- dracut/30ignition/ignition-files.service | 2 +- dracut/30ignition/ignition-kargs.service | 2 +- dracut/30ignition/ignition-mount.service | 2 +- dracut/30ignition/ignition-remount-sysroot.service | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/dracut/30ignition/ignition-disks.service b/dracut/30ignition/ignition-disks.service index 92c8d242e6..9b225257f8 100644 --- a/dracut/30ignition/ignition-disks.service +++ b/dracut/30ignition/ignition-disks.service @@ -1,6 +1,6 @@ [Unit] Description=Ignition (disks) -Documentation=https://github.com/coreos/ignition +Documentation=https://coreos.github.io/ignition/ ConditionPathExists=/etc/initrd-release DefaultDependencies=false Before=ignition-complete.target diff --git a/dracut/30ignition/ignition-fetch-offline.service b/dracut/30ignition/ignition-fetch-offline.service index b8ae7a7d43..0d1284abda 100644 --- a/dracut/30ignition/ignition-fetch-offline.service +++ b/dracut/30ignition/ignition-fetch-offline.service @@ -5,7 +5,7 @@ [Unit] Description=Ignition (fetch-offline) -Documentation=https://github.com/coreos/ignition +Documentation=https://coreos.github.io/ignition/ ConditionPathExists=/etc/initrd-release DefaultDependencies=false Before=ignition-complete.target diff --git a/dracut/30ignition/ignition-fetch.service b/dracut/30ignition/ignition-fetch.service index d914362dc4..a61c3ad44b 100644 --- a/dracut/30ignition/ignition-fetch.service +++ b/dracut/30ignition/ignition-fetch.service @@ -1,6 +1,6 @@ [Unit] Description=Ignition (fetch) -Documentation=https://github.com/coreos/ignition +Documentation=https://coreos.github.io/ignition/ ConditionPathExists=/etc/initrd-release DefaultDependencies=false Before=ignition-complete.target diff --git a/dracut/30ignition/ignition-files.service b/dracut/30ignition/ignition-files.service index aa64fb6887..c4d43ca077 100644 --- a/dracut/30ignition/ignition-files.service +++ b/dracut/30ignition/ignition-files.service @@ -1,6 +1,6 @@ [Unit] Description=Ignition (files) -Documentation=https://github.com/coreos/ignition +Documentation=https://coreos.github.io/ignition/ ConditionPathExists=/etc/initrd-release DefaultDependencies=false Before=ignition-complete.target diff --git a/dracut/30ignition/ignition-kargs.service b/dracut/30ignition/ignition-kargs.service index 6272ccff4e..599fcc06ad 100644 --- a/dracut/30ignition/ignition-kargs.service +++ b/dracut/30ignition/ignition-kargs.service @@ -1,6 +1,6 @@ [Unit] Description=Ignition (kargs) -Documentation=https://github.com/coreos/ignition +Documentation=https://coreos.github.io/ignition/ ConditionPathExists=/etc/initrd-release DefaultDependencies=false Before=ignition-complete.target diff --git a/dracut/30ignition/ignition-mount.service b/dracut/30ignition/ignition-mount.service index 0d25afabfe..cb0d6ff4c6 100644 --- a/dracut/30ignition/ignition-mount.service +++ b/dracut/30ignition/ignition-mount.service @@ -1,6 +1,6 @@ [Unit] Description=Ignition (mount) -Documentation=https://github.com/coreos/ignition +Documentation=https://coreos.github.io/ignition/ ConditionPathExists=/etc/initrd-release DefaultDependencies=false Before=ignition-complete.target diff --git a/dracut/30ignition/ignition-remount-sysroot.service b/dracut/30ignition/ignition-remount-sysroot.service index f004d20510..692313ff3d 100644 --- a/dracut/30ignition/ignition-remount-sysroot.service +++ b/dracut/30ignition/ignition-remount-sysroot.service @@ -1,6 +1,6 @@ [Unit] Description=Remount /sysroot read-write for Ignition -Documentation=https://github.com/coreos/ignition +Documentation=https://coreos.github.io/ignition/ ConditionPathExists=/etc/initrd-release # Some Linux Distributions don't pass a rw option on the kernel # commandline and thus mount the root filesystem ro by default. In From 32e64da53d779aec5c181b3f47670825d3279531 Mon Sep 17 00:00:00 2001 From: Micah Abbott Date: Wed, 16 Mar 2022 09:49:20 -0400 Subject: [PATCH 4/9] ci: add testing with Go 1.18 Update `golangci-lint` to version v1.45.0 which has support for go 1.18 --- .github/workflows/go.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml index 0ed513190e..54faf252c8 100644 --- a/.github/workflows/go.yml +++ b/.github/workflows/go.yml @@ -14,7 +14,7 @@ jobs: name: test build strategy: matrix: - go-version: [1.15.x, 1.16.x, 1.17.x] + go-version: [1.15.x, 1.16.x, 1.17.x, 1.18.x] runs-on: ubuntu-latest steps: - name: Set up Go 1.x @@ -30,13 +30,13 @@ jobs: - name: Run linter uses: golangci/golangci-lint-action@v2 with: - version: v1.42.0 + version: v1.45.0 args: -E=gofmt --timeout=30m0s test-validate: name: test ignition-validate strategy: matrix: - go-version: [1.17.x] + go-version: [1.18.x] os: [macos-latest, windows-latest] runs-on: ${{ matrix.os }} steps: From 37ecf0b20c8787d80a2837d79c5123ae169addac Mon Sep 17 00:00:00 2001 From: Micah Abbott Date: Mon, 21 Mar 2022 13:03:20 -0400 Subject: [PATCH 5/9] config: update headers_test to stop using strings.Title() `strings.Title()` is deprecated in go 1.18, so change the affected tests to use different constants --- config/v3_1/types/headers_test.go | 5 ++--- config/v3_2/types/headers_test.go | 5 ++--- config/v3_3/types/headers_test.go | 5 ++--- config/v3_4_experimental/types/headers_test.go | 5 ++--- 4 files changed, 8 insertions(+), 12 deletions(-) diff --git a/config/v3_1/types/headers_test.go b/config/v3_1/types/headers_test.go index 22546c60b8..40380b684c 100644 --- a/config/v3_1/types/headers_test.go +++ b/config/v3_1/types/headers_test.go @@ -15,7 +15,6 @@ package types import ( - "strings" "testing" "github.com/coreos/ignition/v2/config/shared/errors" @@ -133,7 +132,7 @@ func TestValidHeadersParse(t *testing.T) { if err != nil { t.Errorf("error during parsing valid headers: %v", err) } - if !equal(parseHeaders[strings.Title("header1")], []string{"header1value"}) || !equal(parseHeaders[strings.Title("header2")], []string{"header2value"}) { + if !equal(parseHeaders["Header1"], []string{"header1value"}) || !equal(parseHeaders["Header2"], []string{"header2value"}) { t.Errorf("parsed HTTP headers values are wrong") } } @@ -154,7 +153,7 @@ func TestDuplicateHeadersParse(t *testing.T) { if err != nil { t.Errorf("error during parsing valid headers: %v", err) } - if !equal(parseHeaders[strings.Title("header1")], []string{"header1value", "header2value"}) { + if !equal(parseHeaders["Header1"], []string{"header1value", "header2value"}) { t.Errorf("parsed HTTP headers values are wrong") } } diff --git a/config/v3_2/types/headers_test.go b/config/v3_2/types/headers_test.go index 22546c60b8..40380b684c 100644 --- a/config/v3_2/types/headers_test.go +++ b/config/v3_2/types/headers_test.go @@ -15,7 +15,6 @@ package types import ( - "strings" "testing" "github.com/coreos/ignition/v2/config/shared/errors" @@ -133,7 +132,7 @@ func TestValidHeadersParse(t *testing.T) { if err != nil { t.Errorf("error during parsing valid headers: %v", err) } - if !equal(parseHeaders[strings.Title("header1")], []string{"header1value"}) || !equal(parseHeaders[strings.Title("header2")], []string{"header2value"}) { + if !equal(parseHeaders["Header1"], []string{"header1value"}) || !equal(parseHeaders["Header2"], []string{"header2value"}) { t.Errorf("parsed HTTP headers values are wrong") } } @@ -154,7 +153,7 @@ func TestDuplicateHeadersParse(t *testing.T) { if err != nil { t.Errorf("error during parsing valid headers: %v", err) } - if !equal(parseHeaders[strings.Title("header1")], []string{"header1value", "header2value"}) { + if !equal(parseHeaders["Header1"], []string{"header1value", "header2value"}) { t.Errorf("parsed HTTP headers values are wrong") } } diff --git a/config/v3_3/types/headers_test.go b/config/v3_3/types/headers_test.go index 22546c60b8..40380b684c 100644 --- a/config/v3_3/types/headers_test.go +++ b/config/v3_3/types/headers_test.go @@ -15,7 +15,6 @@ package types import ( - "strings" "testing" "github.com/coreos/ignition/v2/config/shared/errors" @@ -133,7 +132,7 @@ func TestValidHeadersParse(t *testing.T) { if err != nil { t.Errorf("error during parsing valid headers: %v", err) } - if !equal(parseHeaders[strings.Title("header1")], []string{"header1value"}) || !equal(parseHeaders[strings.Title("header2")], []string{"header2value"}) { + if !equal(parseHeaders["Header1"], []string{"header1value"}) || !equal(parseHeaders["Header2"], []string{"header2value"}) { t.Errorf("parsed HTTP headers values are wrong") } } @@ -154,7 +153,7 @@ func TestDuplicateHeadersParse(t *testing.T) { if err != nil { t.Errorf("error during parsing valid headers: %v", err) } - if !equal(parseHeaders[strings.Title("header1")], []string{"header1value", "header2value"}) { + if !equal(parseHeaders["Header1"], []string{"header1value", "header2value"}) { t.Errorf("parsed HTTP headers values are wrong") } } diff --git a/config/v3_4_experimental/types/headers_test.go b/config/v3_4_experimental/types/headers_test.go index 22546c60b8..40380b684c 100644 --- a/config/v3_4_experimental/types/headers_test.go +++ b/config/v3_4_experimental/types/headers_test.go @@ -15,7 +15,6 @@ package types import ( - "strings" "testing" "github.com/coreos/ignition/v2/config/shared/errors" @@ -133,7 +132,7 @@ func TestValidHeadersParse(t *testing.T) { if err != nil { t.Errorf("error during parsing valid headers: %v", err) } - if !equal(parseHeaders[strings.Title("header1")], []string{"header1value"}) || !equal(parseHeaders[strings.Title("header2")], []string{"header2value"}) { + if !equal(parseHeaders["Header1"], []string{"header1value"}) || !equal(parseHeaders["Header2"], []string{"header2value"}) { t.Errorf("parsed HTTP headers values are wrong") } } @@ -154,7 +153,7 @@ func TestDuplicateHeadersParse(t *testing.T) { if err != nil { t.Errorf("error during parsing valid headers: %v", err) } - if !equal(parseHeaders[strings.Title("header1")], []string{"header1value", "header2value"}) { + if !equal(parseHeaders["Header1"], []string{"header1value", "header2value"}) { t.Errorf("parsed HTTP headers values are wrong") } } From 0f66a240ed79b4fccd93a3cf9a4b6d9e1efcb157 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert Date: Fri, 18 Mar 2022 20:46:52 -0400 Subject: [PATCH 6/9] Dockerfile.validate: minimize git install in builder Reduce overhead by pulling in fewer deps. --- Dockerfile.validate | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile.validate b/Dockerfile.validate index 1399ddb29e..933b170315 100644 --- a/Dockerfile.validate +++ b/Dockerfile.validate @@ -1,5 +1,5 @@ FROM registry.fedoraproject.org/fedora:35 AS builder -RUN dnf install -y golang git +RUN dnf install -y golang git-core RUN mkdir /ignition-validate COPY . /ignition-validate WORKDIR /ignition-validate From 6e5de2dcc2fa15e898fe7929576c55c92b294695 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert Date: Sat, 19 Mar 2022 02:39:55 -0400 Subject: [PATCH 7/9] workflows: build and push ignition-validate container from GH Actions Quay builds are amd64-only and haven't been especially reliable. Use GitHub Actions to build both amd64 and arm64 containers for the main branch and for tags, and push them to Quay. Continue building but not pushing containers on PR. Requires the QUAY_AUTH repo secret to be set to a Docker credential. Ideally we would cross-build the arm64 container by having the Dockerfile specify FROM --platform=$BUILDPLATFORM for the builder container and set GOARCH=$TARGETARCH. However, Buildah < 1.24.1 doesn't support --platform in FROM. Build in emulation for now, and skip arm64 in PRs to speed up CI. Fixes https://github.com/coreos/ignition/issues/1321. --- .github/workflows/container.yml | 15 +++++++++++++-- build_for_container | 1 - 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml index a2d0f47280..ed90e3ed25 100644 --- a/.github/workflows/container.yml +++ b/.github/workflows/container.yml @@ -3,12 +3,17 @@ name: Container on: push: branches: [main] + tags: ["v*"] pull_request: branches: [main] permissions: contents: read +# avoid races when pushing containers built from main +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + jobs: build-container: name: Build container image @@ -16,5 +21,11 @@ jobs: steps: - name: Check out repository uses: actions/checkout@v2 - - name: Build container image - run: podman build -f Dockerfile.validate . + - name: Build and push container + uses: coreos/actions-lib/build-container@main + with: + credentials: ${{ secrets.QUAY_AUTH }} + file: Dockerfile.validate + push: quay.io/coreos/ignition-validate + # Speed up PR CI by skipping arm64 + pr-arches: amd64 diff --git a/build_for_container b/build_for_container index 02514c233d..7ddfc55d44 100755 --- a/build_for_container +++ b/build_for_container @@ -27,6 +27,5 @@ export GO11MODULE=on export CGO_ENABLED=0 export GOFLAGS='-mod=vendor' export GOOS=linux -export GOARCH=amd64 go build -ldflags "${GLDFLAGS}" -o ${BIN_PATH}/ignition-validate ${REPO_PATH}/validate From d202795a86dd73f30b2f85e85b0c0a55c80d6907 Mon Sep 17 00:00:00 2001 From: Benjamin Gilbert Date: Wed, 23 Mar 2022 07:01:56 -0400 Subject: [PATCH 8/9] workflows: include Git tag in container --version Fetch Git tags so the output of --version for the ignition-validate container isn't just a commit hash. --- .github/workflows/container.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml index ed90e3ed25..f2aa6915dd 100644 --- a/.github/workflows/container.yml +++ b/.github/workflows/container.yml @@ -21,6 +21,9 @@ jobs: steps: - name: Check out repository uses: actions/checkout@v2 + with: + # fetch tags so the compiled-in version number is useful + fetch-depth: 0 - name: Build and push container uses: coreos/actions-lib/build-container@main with: From 740f9d3fc4be0f1edf92419da8ef9b0bc072b281 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan-Otto=20Kr=C3=B6pke?= Date: Sun, 27 Mar 2022 11:14:19 +0200 Subject: [PATCH 9/9] internal/resource: enable DualStack for S3 connections DualStack endpoints allows IPv6 connections to AWS S3 buckets. This is need for IPv6 native subnets. Fixes #1340 --- internal/resource/url.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/resource/url.go b/internal/resource/url.go index 834236735d..9f9ec280f3 100644 --- a/internal/resource/url.go +++ b/internal/resource/url.go @@ -464,7 +464,7 @@ func (f *Fetcher) fetchFromS3WithCreds(ctx context.Context, dest s3target, input return err } - awsConfig := aws.NewConfig().WithHTTPClient(httpClient) + awsConfig := aws.NewConfig().WithHTTPClient(httpClient).WithUseDualStack(true) s3Client := s3.New(sess, awsConfig) downloader := s3manager.NewDownloaderWithClient(s3Client) if _, err := downloader.DownloadWithContext(ctx, dest, input); err != nil {