1
0
mirror of https://github.com/containers/youki synced 2024-11-22 17:02:00 +01:00

Using typos-cli to catch typos + fixes for existing typos (#2018)

* adds a typos configuration file

Signed-off-by: yihuaf <yihuaf@unkies.org>

* fix all the typos

Signed-off-by: yihuaf <yihuaf@unkies.org>

* add typos to justfile and CI

Signed-off-by: yihuaf <yihuaf@unkies.org>

* fix

Signed-off-by: yihuaf <yihuaf@unkies.org>

* fix

Signed-off-by: yihuaf <yihuaf@unkies.org>

* fix

Signed-off-by: yihuaf <yihuaf@unkies.org>

---------

Signed-off-by: yihuaf <yihuaf@unkies.org>
This commit is contained in:
Eric Fang 2023-06-07 21:49:17 -07:00 committed by GitHub
parent 6b4ee6181a
commit 3a790dffe9
Signed by: GitHub
GPG Key ID: 4AEE18F83AFDEB23
31 changed files with 101 additions and 57 deletions

@ -38,9 +38,15 @@ jobs:
uses: actions-rust-lang/setup-rust-toolchain@v1
with:
components: rustfmt, clippy
- name: typos-action
uses: crate-ci/typos@v1.14.12
- uses: taiki-e/install-action@just
- name: Install requirements
run: just ci-prepare
- name: Check formatting and lints
run: just lint

20
.typos.toml Normal file

@ -0,0 +1,20 @@
# Configuration Reference:
# - https://github.com/crate-ci/typos/blob/927308c726b1fba730f7aaa8bde602148b82004d/docs/reference.md
[files]
extend-exclude = [
"**/*.svg",
]
[default.extend-identifiers]
# This is a cgroup slice ID used in examples. It is easier to ignore this
# instance than write a regex.
569d5ce3afe1074769f67 = "569d5ce3afe1074769f67"
[type.rust.extend-words]
ser = "ser"
flate = "flate"
clos = "clos"
Setted = "Setted"
hve = "hve"

@ -137,7 +137,7 @@ impl Display for CgroupSetup {
}
}
/// FreezerState is given freezer contoller
/// FreezerState is given freezer controller
#[derive(Clone, Copy, Debug, Eq, PartialEq)]
pub enum FreezerState {
/// Tasks in cgroup are undefined
@ -157,7 +157,7 @@ pub struct ControllerOpt<'a> {
pub disable_oom_killer: bool,
/// Specify an oom_score_adj for container.
pub oom_score_adj: Option<i32>,
/// FreezerState is given to freezer contoller for suspending process.
/// FreezerState is given to freezer controller for suspending process.
pub freezer_state: Option<FreezerState>,
}

@ -335,7 +335,7 @@ pub enum ParseNestedKeyedDataError {
DoesNotConform { path: PathBuf },
}
/// Parses a file that is structed according to the nested keyed format
/// Parses a file that is structured according to the nested keyed format
pub fn parse_nested_keyed_data(
file_path: &Path,
) -> Result<HashMap<String, Vec<String>>, ParseNestedKeyedDataError> {

@ -13,7 +13,7 @@ pub const ALLOWED_NODES: &str = "AllowedMemoryNodes";
#[derive(thiserror::Error, Debug)]
pub enum SystemdCpuSetError {
#[error("setting cpuset restrictions requires systemd version greather than 243")]
#[error("setting cpuset restrictions requires systemd version greater than 243")]
OldSystemd,
#[error("could not create bitmask for cpus: {0}")]
CpusBitmask(BitmaskError),

@ -51,7 +51,7 @@ pub fn get_subsystem_mount_point(subsystem: &ControllerType) -> Result<PathBuf,
.find(|m| {
if m.fs_type == "cgroup" {
// Some systems mount net_prio and net_cls in the same directory
// other systems mount them in their own diretories. This
// other systems mount them in their own directories. This
// should handle both cases.
if subsystem_name == "net_cls" {
return m.mount_point.ends_with("net_cls,net_prio")

@ -86,7 +86,7 @@ impl Devices {
// 2. attach this program (not use BPF_F_REPLACE, see below)
// 3. detach all programs of 1
//
// runc will use BPF_F_REPLACE to replace currently attached progam if:
// runc will use BPF_F_REPLACE to replace currently attached program if:
// 1. BPF_F_REPLACE is supported by kernel
// 2. there is exactly one attached program
// https://github.com/opencontainers/runc/blob/8e6871a3b14bb74e0ef358aca3b9f8f9cb80f041/libcontainer/cgroups/ebpf/ebpf_linux.go#L165

@ -1,6 +1,6 @@
use oci_spec::runtime::{LinuxDeviceCgroup, LinuxDeviceType};
// For cgroup v1 compatibility, runc implements a device emulator to caculate the final rules given
// For cgroup v1 compatibility, runc implements a device emulator to calculate the final rules given
// a list of user-defined rules.
// https://github.com/opencontainers/runc/commit/2353ffec2bb670a200009dc7a54a56b93145f141
//

@ -21,7 +21,7 @@ pub enum V2FreezerError {
#[error("freezer not supported: {0}")]
NotSupported(WrappedIoError),
#[error("expected \"cgroup.freeze\" to be in state {expected:?} but was in {actual:?}")]
ExepectedToBe {
ExpectedToBe {
expected: FreezerState,
actual: FreezerState,
},
@ -74,7 +74,7 @@ impl Freezer {
// confirm that the cgroup did actually change states.
let actual_state = Self::read_freezer_state(path)?;
if !actual_state.eq(&freezer_state) {
return Err(V2FreezerError::ExepectedToBe {
return Err(V2FreezerError::ExpectedToBe {
expected: freezer_state,
actual: actual_state,
});

@ -8,15 +8,15 @@ Do this by using adding flags to Cargo. Use the `--no-default-features` flag fol
Next you will also need the `+nightly` flags when building with `rustup` and `cargo`.
```bash
# Add rustup +nigthly musl to toolchain
```bash
# Add rustup +nightly musl to toolchain
rustup +nightly target add $(uname -m)-unknown-linux-musl
# Build rustup +nigthly stdlib with musl
# Build rustup +nightly stdlib with musl
rustup +nightly toolchain install nightly-$(uname -m)-unknown-linux-musl
# Build musl standard library
cargo +nightly build -Zbuild-std --target $(uname -m)-unknown-linux-musl --no-default-features -F v2
cargo +nightly build --target $(uname -m)-unknown-linux-musl --no-default-features -F v2
```
```

@ -27,7 +27,7 @@ pub(super) struct ContainerBuilderImpl<'a> {
pub use_systemd: bool,
/// Id of the container
pub container_id: String,
/// OCI complient runtime spec
/// OCI compliant runtime spec
pub spec: &'a Spec,
/// Root filesystem of the container
pub rootfs: PathBuf,

@ -40,7 +40,7 @@ pub fn run_hooks(hooks: Option<&Vec<Hook>>, container: Option<&Container>) -> Re
// Based on OCI spec, the first argument of the args vector is the
// arg0, which can be different from the path. For example, path
// may be "/usr/bin/true" and arg0 is set to "true". However, rust
// command differenciates arg0 from args, where rust command arg
// command differentiates arg0 from args, where rust command arg
// doesn't include arg0. So we have to make the split arg0 from the
// rest of args.
if let Some((arg0, args)) = hook.args().as_ref().and_then(|a| a.split_first()) {

@ -18,7 +18,7 @@ pub struct ContainerArgs<'a> {
pub container_type: ContainerType,
/// Interface to operating system primitives
pub syscall: &'a dyn Syscall,
/// OCI complient runtime spec
/// OCI compliant runtime spec
pub spec: &'a Spec,
/// Root filesystem of the container
pub rootfs: &'a PathBuf,

@ -267,7 +267,7 @@ mod tests {
#[test]
#[serial]
fn setup_gid_mapping_should_successed() -> Result<()> {
fn setup_gid_mapping_should_succeed() -> Result<()> {
let gid_mapping = LinuxIdMappingBuilder::default()
.host_id(getgid())
.container_id(0u32)

@ -80,7 +80,7 @@ fn sync_seccomp_send_msg(listener_path: &Path, msg: &[u8], fd: i32) -> Result<()
tracing::error!(
?err,
?listener_path,
"failed to connect to seccomp notify listerner path"
"failed to connect to seccomp notify listener path"
);
SeccompListenerError::UnixOther(err)
})?;

@ -46,8 +46,8 @@ impl RootFS {
Some("shared") => flags |= MsFlags::MS_SHARED,
Some("private") => flags |= MsFlags::MS_PRIVATE,
Some("slave" | "unbindable") | None => flags |= MsFlags::MS_SLAVE,
Some(uknown) => {
return Err(RootfsError::UnknownRootfsPropagation(uknown.to_string()));
Some(unknown) => {
return Err(RootfsError::UnknownRootfsPropagation(unknown.to_string()));
}
}

@ -11,7 +11,7 @@ pub struct MountOptionConfig {
/// Mount data applied to the mount.
pub data: String,
/// RecAttr represents mount properties to be applied recrusively.
/// RecAttr represents mount properties to be applied recursively.
pub rec_attr: Option<linux::MountAttr>,
}

@ -189,7 +189,7 @@ pub fn open<P: AsRef<Path>>(path: P) -> Result<File, std::io::Error> {
pub enum MkdirWithModeError {
#[error("IO error")]
Io(#[from] std::io::Error),
#[error("metada doesn't match the expected attributes")]
#[error("metadata doesn't match the expected attributes")]
MetadataMismatch,
}

@ -194,7 +194,7 @@ mod tests {
fn test_foreground_exit() -> Result<()> {
// The setup is similar to `handle_foreground`, but instead of
// forwarding signal, the container init process will exit. Again, we
// use `sleep` to simulate the conditions to aovid fine grained
// use `sleep` to simulate the conditions to avoid fine grained
// synchronization for now.
match unsafe { unistd::fork()? } {
unistd::ForkResult::Parent { child } => {

@ -25,7 +25,7 @@ sequenceDiagram
participant U as User
participant D as Docker
participant Y_Main as Youki(Main Process)
participant Y_Intermediate as Youki(Intermeidate Process)
participant Y_Intermediate as Youki(Intermediate Process)
participant Y_init as Youki(Init Process)
@ -122,5 +122,7 @@ This contains functionality regarding pausing and resuming container. Pausing a
- [cgroups man page](https://man7.org/linux/man-pages/man7/cgroups.7.html)
- [freezer cgroup kernel documentation](https://www.kernel.org/doc/Documentation/cgroup-v1/freezer-subsystem.txt)
[oci runtime specification]: https://github.com/opencontainers/runtime-spec/blob/master/runtime.md
[runc man pages]: (https://github.com/opencontainers/runc/blob/master/man/runc.8.md)
## Other references
- [oci runtime specification](https://github.com/opencontainers/runtime-spec/blob/master/runtime.md)
- [runc man pages](https://github.com/opencontainers/runc/blob/master/man/runc.8.md)

@ -16,7 +16,7 @@ This crates exposes several functions and modules that can be used to work with
- CPU stats including usage and throttling
- Memory stats including usage of normal and swap memory, usage of kernel memory, page cache in bytes etc
- Pid stat including current active pids nd maximum allowed pids
- Pid stat including current active pids and maximum allowed pids
- Block IO stats such as number of bytest transferred to/from a device in the cgroup, io operations performed by a device in the cgroup, amount of time cgroup had access to a device etc
- Huge TLB stats such as usage and maximum usage etc.
- Function to get pid stats

@ -8,7 +8,7 @@ The simple control flow of youki can be explained as :
<img src="../assets/control_flow.drawio.svg">
</p>
When given the create command, Youki will load the specification, configuration, sockets etc., and use clone syscall to create an intermediate process. This process will set the cgroups and capabilities, and then fork to the init process. Reason to create this intermediate prcoess is that the clone syscall cannot enter into existing pid namespace that has been created for the container. Thus first we need to make a transition to that namespace in the intermediate process and fork that to the container process. After that the main youki process is requested the uid and gid mappings, and after receiving them the intermediate process sets these mapping, fork the init process and return pid of this init process to the main youki process before exiting.
When given the create command, Youki will load the specification, configuration, sockets etc., and use clone syscall to create an intermediate process. This process will set the cgroups and capabilities, and then fork to the init process. Reason to create this intermediate process is that the clone syscall cannot enter into existing pid namespace that has been created for the container. Thus first we need to make a transition to that namespace in the intermediate process and fork that to the container process. After that the main youki process is requested the uid and gid mappings, and after receiving them the intermediate process sets these mapping, fork the init process and return pid of this init process to the main youki process before exiting.
The init process then transition completely into the new namespace setup for the container (the init process only transitions the pid namespace). It changes the root mountpoint for the process using [pivot_root](https://man7.org/linux/man-pages/man2/pivot_root.2.html), so that the container process can get impression that it has a complete root path access. After that the init process sets up the capabilities and seccomp, and sends the seccomp notify fd to the main youki process. When the seccomp agent running on the host system sets up the seccomp profile, it notifies the init process, after which it can execute the programto be executed inside the container. Thus the init process then sends ready notification to the main youki process, and waits for the start signal.

@ -143,7 +143,7 @@ sudo ./youki list
sudo ./youki delete tutorial_container
```
The example above shows how to run Youki in a 'rootful' way. To run it without root permissions, that is, in rootless mode, few chagnes are required.
The example above shows how to run Youki in a 'rootful' way. To run it without root permissions, that is, in rootless mode, few changes are required.
First, after exporting the rootfs from docker, while generating the config, you will need to pass the rootless flag. This will generate the config withe the options needed for rootless operation of the container.

@ -10,15 +10,19 @@ There are 3 things you need to do to run a WebAssembly module with youki.
- Run `build.sh` with `-f wasm-wasmedge` option.
```console
```bash
./scripts/build.sh -o . -r -f wasm-wasmedge
```
> The `wasm-wasmedge` feature will install WasmEdge Runtime library in the `$HOME/.wasmedge` directory.
> To make the library avaible in your system, run the following command:
> The `wasm-wasmedge` feature will install WasmEdge Runtime library in the `$HOME/.wasmedge` directory.
> To make the library available in your system, run the following command:
>
> ```bash
> export LD_LIBRARY_PATH=$HOME/.wasmedge/lib
> ```
>
> or
>
> ```bash
> source $HOME/.wasmedge/env
> ```
@ -26,34 +30,35 @@ There are 3 things you need to do to run a WebAssembly module with youki.
- Run `build.sh` with `-f wasm-wasmer` option.
```console
```bash
./scripts/build.sh -o . -r -f wasm-wasmer
```
## Build a container image with the WebAssembly module
If you want to run a webassembly module with youki, your config.json has to include either **runc.oci.handler** or **module.wasm.image/variant=compat"**.
It also needs to specifiy a valid .wasm (webassembly binary) or .wat (webassembly test) module as entrypoint for the container. If a wat module is specified it will be compiled to a wasm module by youki before it is executed. The module also needs to be available in the root filesystem of the container obviously.
If you want to run a webassembly module with youki, your config.json has to include either **runc.oci.handler** or **module.wasm.image/variant=compat"**.
It also needs to specify a valid .wasm (webassembly binary) or .wat (webassembly test) module as entrypoint for the container. If a wat module is specified it will be compiled to a wasm module by youki before it is executed. The module also needs to be available in the root filesystem of the container obviously.
```json
"ociVersion": "1.0.2-dev",
"annotations": {
"run.oci.handler": "wasm"
"run.oci.handler": "wasm"
},
"process": {
"args": [
"hello.wasm",
"hello",
"hello.wasm",
"hello",
"world"
],
],
...
}
...
```
### Compile a sample wasm module
A simple wasm module can be created by running
A simple wasm module can be created by running
```console
rustup target add wasm32-wasi
@ -75,7 +80,9 @@ fn main() {
}
}
```
Then compile the program to WASI.
```console
cargo build --target wasm32-wasi
```
@ -104,7 +111,7 @@ sudo buildah build --annotation "module.wasm.image/variant=compat" -t wasm-modul
Run podman with youki as runtime. [^1]
```console
```bash
sudo podman --runtime /PATH/WHARE/YOU/BUILT/WITH/WASM-WASMER/youki run localhost/wasm-module 1 2 3
```

@ -1,4 +1,5 @@
#!/bin/bash -ue
#!/usr/bin/env bash
set -euo pipefail
# This is a simple script to stress test `cargo test` to rule out flaky tests.

@ -38,7 +38,7 @@ unittest:
cd ./crates
LD_LIBRARY_PATH=${HOME}/.wasmedge/lib cargo test --all --all-targets --all-features
# run purmutated faeture compilation tests
# run purmutated feature compilation tests
featuretest:
./scripts/features_test.sh
@ -70,6 +70,10 @@ lint:
cargo fmt --all -- --check
cargo clippy --all --all-targets --all-features -- -D warnings
# run spellcheck
spellcheck:
typos
# run format on project
format:
cargo fmt --all
@ -78,6 +82,10 @@ format:
clean:
./scripts/clean.sh {{ ROOT }}
# install tools used in dev
dev-prepare:
cargo install typos-cli
ci-prepare:
#!/usr/bin/env bash
set -euo pipefail

@ -108,7 +108,7 @@ done
for case in "${test_cases[@]}"; do
if ! check_environment $case; then
echo "Skip $case bacause your environment doesn't support this test case"
echo "Skip $case because your environment doesn't support this test case"
continue
fi
@ -122,7 +122,7 @@ for case in "${test_cases[@]}"; do
sudo RUST_BACKTRACE=1 RUNTIME=${RUNTIME} ${OCI_TEST_DIR}/validation/$case >$logfile 2>&1 || (cat $logfile && exit 1)
if [ 0 -ne $(grep "not ok" $logfile | wc -l ) ]; then
if [ 0 -eq $(grep "# cgroupv2 is not supported yet " $logfile | wc -l ) ]; then
echo "Skip $case bacause oci-runtime-tools doesn't support cgroup v2"
echo "Skip $case because oci-runtime-tools doesn't support cgroup v2"
continue;
fi
cat $logfile

@ -143,7 +143,7 @@ fn test_cpu_quota_valid_set() -> TestResult {
})
}
/// Tests if the cpu quota is the defalt value (max) if a cpu quota of zero has been specified
/// Tests if the cpu quota is the default value (max) if a cpu quota of zero has been specified
fn test_cpu_quota_zero_default_set() -> TestResult {
let cpu_quota = 0;
let cpu = test_result!(LinuxCpuBuilder::default()

@ -17,7 +17,7 @@ There is currently no convention of explicit indication of tests passing, the pa
This package must be compiled as a statically linked binary, as otherwise the rust compile will make it dynamically link to /lib64/ld-linux-x86-64.so , which is not available inside the container, and thus making the binary not usable inside the container process.
**Note** that the dynamically linked binary does not give a `segmentation fault` or similar error when tried to run inside the container, but instead gives `no such file or directory found` or `executable not found` error, even though the executable exists in the container. This made this tricky to debug correctly when originally developing, so if you decide on chaing the compilation or configuration of this , please make absolutely sure that the changes work and do not accidentally break something.
**Note** that the dynamically linked binary does not give a `segmentation fault` or similar error when tried to run inside the container, but instead gives `no such file or directory found` or `executable not found` error, even though the executable exists in the container. This made this tricky to debug correctly when originally developing, so if you decide on chaining the compilation or configuration of this , please make absolutely sure that the changes work and do not accidentally break something.
you can use
@ -32,8 +32,8 @@ Reading the Readme of integration tests can be helpful to understand how the int
see
https://stackoverflow.com/questions/31770604/how-to-generate-statically-linked-executables
https://superuser.com/questions/248512/why-do-i-get-command-not-found-when-the-binary-file-exists
https://doc.rust-lang.org/cargo/reference/config.html
<https://stackoverflow.com/questions/31770604/how-to-generate-statically-linked-executables>
<https://superuser.com/questions/248512/why-do-i-get-command-not-found-when-the-binary-file-exists>
<https://doc.rust-lang.org/cargo/reference/config.html>
for more info

@ -195,7 +195,7 @@ pub fn validate_mounts_recursive(spec: &Spec) {
let rest =
utils::test_device_unaccess(mount.destination().to_str().unwrap());
if rest.is_ok() {
// beacuse /rnodev/null device not access,so rest is err
// because /rnodev/null device not access,so rest is err
eprintln!("error in testing rnodev recursive mounting");
}
}

@ -166,8 +166,8 @@ pub fn test_device_unaccess(path: &str) -> Result<(), std::io::Error> {
// change time (ctime).
// case:
// 1. create test.txt file, get one atime
// 2. cat a.txt, get two atime; check atime wheather update, conditions are met atime less than or equal mtime or ctime
// 3. cat a.txt, get three atime, check now two atime wheather equal three atime
// 2. cat a.txt, get two atime; check atime whether update, conditions are met atime less than or equal mtime or ctime
// 3. cat a.txt, get three atime, check now two atime whether equal three atime
pub fn test_mount_releatime_option(path: &str) -> Result<(), std::io::Error> {
let test_file_path = PathBuf::from(path).join("test.txt");
Command::new("touch")
@ -231,8 +231,8 @@ pub fn test_mount_releatime_option(path: &str) -> Result<(), std::io::Error> {
// case: because filesystem having relatime option
// 1. create test.txt file, get one atime
// 2. cat a.txt, get two atime; check atime wheather update
// 3. cat a.txt, get three atime, check now two atime wheather equal three atime
// 2. cat a.txt, get two atime; check atime whether update
// 3. cat a.txt, get three atime, check now two atime whether equal three atime
pub fn test_mount_noreleatime_option(path: &str) -> Result<(), std::io::Error> {
let test_file_path = PathBuf::from(path).join("noreleatime.txt");
Command::new("touch")
@ -299,7 +299,7 @@ pub fn test_mount_noreleatime_option(path: &str) -> Result<(), std::io::Error> {
// Do not update access times for (all types of) files on this mount.
// case:
// 1. touch rnoatime.txt file, get atime
// 2. cat rnoatime.txt, check atime wheather update, if update return error, else return Ok
// 2. cat rnoatime.txt, check atime whether update, if update return error, else return Ok
pub fn test_mount_rnoatime_option(path: &str) -> Result<(), std::io::Error> {
let test_file_path = PathBuf::from(path).join("rnoatime.txt");
Command::new("touch")