From 194eaa5c0f843257e66b68bd735786308a9d93b2 Mon Sep 17 00:00:00 2001 From: John Starks Date: Wed, 16 Mar 2016 18:45:40 -0700 Subject: [PATCH] Add os_version and os_features to Image These fields are needed to specify the exact version of Windows that an image can run on. They may be useful for other platforms in the future. This also changes image.store.Create to validate that the loaded image is supported on the current machine. This change affects Linux as well, since it now validates the architecture and OS fields. Signed-off-by: John Starks --- daemon/commit.go | 10 ++++- daemon/daemon_windows.go | 28 ++++++-------- daemon/graphdriver/windows/windows.go | 17 +++++++++ distribution/pull_v2.go | 4 +- image/compat.go | 38 ++++++++++++++++++ image/compat_test.go | 28 ++++++++++++++ image/compat_unix.go | 13 +++++++ image/compat_windows.go | 27 +++++++++++++ image/image.go | 8 ++-- image/store.go | 5 +++ image/v1/imagev1.go | 12 +++++- image/v1/imagev1_test.go | 55 +++++++++++++++++++++++++++ pkg/system/syscall_windows.go | 21 ++++++++-- pkg/system/syscall_windows_test.go | 9 +++++ pkg/term/term_windows.go | 5 +-- 15 files changed, 248 insertions(+), 32 deletions(-) create mode 100644 image/compat.go create mode 100644 image/compat_test.go create mode 100644 image/compat_unix.go create mode 100644 image/compat_windows.go create mode 100644 image/v1/imagev1_test.go create mode 100644 pkg/system/syscall_windows_test.go diff --git a/daemon/commit.go b/daemon/commit.go index 2dd1f7c49d..c8bf230c2e 100644 --- a/daemon/commit.go +++ b/daemon/commit.go @@ -138,6 +138,8 @@ func (daemon *Daemon) Commit(name string, c *backend.ContainerCommitConfig) (str var history []image.History rootFS := image.NewRootFS() + osVersion := "" + var osFeatures []string if container.ImageID != "" { img, err := daemon.imageStore.Get(container.ImageID) @@ -146,6 +148,8 @@ func (daemon *Daemon) Commit(name string, c *backend.ContainerCommitConfig) (str } history = img.History rootFS = img.RootFS + osVersion = img.OSVersion + osFeatures = img.OSFeatures } l, err := daemon.layerStore.Register(rwTar, rootFS.ChainID()) @@ -180,8 +184,10 @@ func (daemon *Daemon) Commit(name string, c *backend.ContainerCommitConfig) (str Author: c.Author, Created: h.Created, }, - RootFS: rootFS, - History: history, + RootFS: rootFS, + History: history, + OSFeatures: osFeatures, + OSVersion: osVersion, }) if err != nil { diff --git a/daemon/daemon_windows.go b/daemon/daemon_windows.go index 2d07011ad4..b1ad26c11b 100644 --- a/daemon/daemon_windows.go +++ b/daemon/daemon_windows.go @@ -110,10 +110,7 @@ func verifyDaemonSettings(config *Config) error { func checkSystem() error { // Validate the OS version. Note that docker.exe must be manifested for this // call to return the correct version. - osv, err := system.GetOSVersion() - if err != nil { - return err - } + osv := system.GetOSVersion() if osv.MajorVersion < 10 { return fmt.Errorf("This version of Windows does not support the docker daemon") } @@ -135,10 +132,7 @@ func configureMaxThreads(config *Config) error { func (daemon *Daemon) initNetworkController(config *Config) (libnetwork.NetworkController, error) { // TODO Windows: Remove this check once TP4 is no longer supported - osv, err := system.GetOSVersion() - if err != nil { - return nil, err - } + osv := system.GetOSVersion() if osv.Build < 14260 { // Set the name of the virtual switch if not specified by -b on daemon start @@ -364,8 +358,8 @@ func restoreCustomImage(is image.Store, ls layer.Store, rs reference.Store) erro } // Convert imageData to valid image configuration - for i := range imageInfos { - name := strings.ToLower(imageInfos[i].Name) + for _, info := range imageInfos { + name := strings.ToLower(info.Name) type registrar interface { RegisterDiffID(graphID string, size int64) (layer.Layer, error) @@ -374,13 +368,13 @@ func restoreCustomImage(is image.Store, ls layer.Store, rs reference.Store) erro if !ok { return errors.New("Layerstore doesn't support RegisterDiffID") } - if _, err := r.RegisterDiffID(imageInfos[i].ID, imageInfos[i].Size); err != nil { + if _, err := r.RegisterDiffID(info.ID, info.Size); err != nil { return err } // layer is intentionally not released rootFS := image.NewRootFS() - rootFS.BaseLayer = filepath.Base(imageInfos[i].Path) + rootFS.BaseLayer = filepath.Base(info.Path) // Create history for base layer config, err := json.Marshal(&image.Image{ @@ -388,10 +382,12 @@ func restoreCustomImage(is image.Store, ls layer.Store, rs reference.Store) erro DockerVersion: dockerversion.Version, Architecture: runtime.GOARCH, OS: runtime.GOOS, - Created: imageInfos[i].CreatedTime, + Created: info.CreatedTime, }, - RootFS: rootFS, - History: []image.History{}, + RootFS: rootFS, + History: []image.History{}, + OSVersion: info.OSVersion, + OSFeatures: info.OSFeatures, }) named, err := reference.ParseNamed(name) @@ -399,7 +395,7 @@ func restoreCustomImage(is image.Store, ls layer.Store, rs reference.Store) erro return err } - ref, err := reference.WithTag(named, imageInfos[i].Version) + ref, err := reference.WithTag(named, info.Version) if err != nil { return err } diff --git a/daemon/graphdriver/windows/windows.go b/daemon/graphdriver/windows/windows.go index dd659dad0a..0ad079eaf5 100644 --- a/daemon/graphdriver/windows/windows.go +++ b/daemon/graphdriver/windows/windows.go @@ -401,6 +401,8 @@ type CustomImageInfo struct { Path string Size int64 CreatedTime time.Time + OSVersion string `json:"-"` + OSFeatures []string `json:"-"` } // GetCustomImageInfos returns the image infos for window specific @@ -441,6 +443,21 @@ func (d *Driver) GetCustomImageInfos() ([]CustomImageInfo, error) { } imageData.ID = id + + // For now, hard code that all base images except nanoserver depend on win32k support + if imageData.Name != "nanoserver" { + imageData.OSFeatures = append(imageData.OSFeatures, "win32k") + } + + versionData := strings.Split(imageData.Version, ".") + if len(versionData) != 4 { + logrus.Warn("Could not parse Windows version %s", imageData.Version) + } else { + // Include just major.minor.build, skip the fourth version field, which does not influence + // OS compatibility. + imageData.OSVersion = strings.Join(versionData[:3], ".") + } + images = append(images, imageData) } diff --git a/distribution/pull_v2.go b/distribution/pull_v2.go index 596d1c1321..6266c5b566 100644 --- a/distribution/pull_v2.go +++ b/distribution/pull_v2.go @@ -616,7 +616,9 @@ func (p *v2Puller) pullManifestList(ctx context.Context, ref reference.Named, mf // TODO(aaronl): The manifest list spec supports optional // "features" and "variant" fields. These are not yet used. // Once they are, their values should be interpreted here. - if manifestDescriptor.Platform.Architecture == runtime.GOARCH && manifestDescriptor.Platform.OS == runtime.GOOS { + // TODO(jstarks): Once os.version and os.features are present, + // pass these, too. + if image.ValidateOSCompatibility(manifestDescriptor.Platform.OS, manifestDescriptor.Platform.Architecture, "", nil) == nil { manifestDigest = manifestDescriptor.Digest break } diff --git a/image/compat.go b/image/compat.go new file mode 100644 index 0000000000..2873dcf6b3 --- /dev/null +++ b/image/compat.go @@ -0,0 +1,38 @@ +package image + +import ( + "fmt" + "runtime" + "strings" +) + +func archMatches(arch string) bool { + // Special case x86_64 as an alias for amd64 + return arch == runtime.GOARCH || (arch == "x86_64" && runtime.GOARCH == "amd64") +} + +// ValidateOSCompatibility validates that an image with the given properties can run on this machine. +func ValidateOSCompatibility(os string, arch string, osVersion string, osFeatures []string) error { + if os != "" && os != runtime.GOOS { + return fmt.Errorf("image is for OS %s, expected %s", os, runtime.GOOS) + } + if arch != "" && !archMatches(arch) { + return fmt.Errorf("image is for architecture %s, expected %s", arch, runtime.GOARCH) + } + if osVersion != "" { + thisOSVersion := getOSVersion() + if thisOSVersion != osVersion { + return fmt.Errorf("image is for OS version '%s', expected '%s'", osVersion, thisOSVersion) + } + } + var missing []string + for _, f := range osFeatures { + if !hasOSFeature(f) { + missing = append(missing, f) + } + } + if len(missing) > 0 { + return fmt.Errorf("image requires missing OS features: %s", strings.Join(missing, ", ")) + } + return nil +} diff --git a/image/compat_test.go b/image/compat_test.go new file mode 100644 index 0000000000..dace5a843d --- /dev/null +++ b/image/compat_test.go @@ -0,0 +1,28 @@ +package image + +import ( + "runtime" + "testing" +) + +func TestValidateOSCompatibility(t *testing.T) { + err := ValidateOSCompatibility(runtime.GOOS, runtime.GOARCH, getOSVersion(), nil) + if err != nil { + t.Error(err) + } + + err = ValidateOSCompatibility("DOS", runtime.GOARCH, getOSVersion(), nil) + if err == nil { + t.Error("expected OS compat error") + } + + err = ValidateOSCompatibility(runtime.GOOS, "pdp-11", getOSVersion(), nil) + if err == nil { + t.Error("expected architecture compat error") + } + + err = ValidateOSCompatibility(runtime.GOOS, runtime.GOARCH, "98 SE", nil) + if err == nil { + t.Error("expected OS version compat error") + } +} diff --git a/image/compat_unix.go b/image/compat_unix.go new file mode 100644 index 0000000000..ba5d6a0937 --- /dev/null +++ b/image/compat_unix.go @@ -0,0 +1,13 @@ +// +build !windows + +package image + +func getOSVersion() string { + // For Linux, images do not specify a version. + return "" +} + +func hasOSFeature(_ string) bool { + // Linux currently has no OS features + return false +} diff --git a/image/compat_windows.go b/image/compat_windows.go new file mode 100644 index 0000000000..a8d488b0df --- /dev/null +++ b/image/compat_windows.go @@ -0,0 +1,27 @@ +package image + +import ( + "fmt" + + "github.com/docker/docker/pkg/system" +) + +// Windows OS features +const ( + FeatureWin32k = "win32k" // The kernel windowing stack is required +) + +func getOSVersion() string { + v := system.GetOSVersion() + return fmt.Sprintf("%d.%d.%d", v.MajorVersion, v.MinorVersion, v.Build) +} + +func hasOSFeature(f string) bool { + switch f { + case FeatureWin32k: + return system.HasWin32KSupport() + default: + // Unrecognized feature. + return false + } +} diff --git a/image/image.go b/image/image.go index 524714083e..7a05e649fb 100644 --- a/image/image.go +++ b/image/image.go @@ -48,9 +48,11 @@ type V1Image struct { // Image stores the image configuration type Image struct { V1Image - Parent ID `json:"parent,omitempty"` - RootFS *RootFS `json:"rootfs,omitempty"` - History []History `json:"history,omitempty"` + Parent ID `json:"parent,omitempty"` + RootFS *RootFS `json:"rootfs,omitempty"` + History []History `json:"history,omitempty"` + OSVersion string `json:"os.version,omitempty"` + OSFeatures []string `json:"os.features,omitempty"` // rawJSON caches the immutable JSON associated with this image. rawJSON []byte diff --git a/image/store.go b/image/store.go index 92ac438db7..0512203938 100644 --- a/image/store.go +++ b/image/store.go @@ -127,6 +127,11 @@ func (is *store) Create(config []byte) (ID, error) { return "", errors.New("too many non-empty layers in History section") } + err = ValidateOSCompatibility(img.OS, img.Architecture, img.OSVersion, img.OSFeatures) + if err != nil { + return "", err + } + dgst, err := is.fs.Set(config) if err != nil { return "", err diff --git a/image/v1/imagev1.go b/image/v1/imagev1.go index e27ebd4c0a..0e2e72bda5 100644 --- a/image/v1/imagev1.go +++ b/image/v1/imagev1.go @@ -3,6 +3,7 @@ package v1 import ( "encoding/json" "fmt" + "reflect" "regexp" "strings" @@ -118,8 +119,15 @@ func MakeV1ConfigFromConfig(img *image.Image, v1ID, parentV1ID string, throwaway } // Delete fields that didn't exist in old manifest - delete(configAsMap, "rootfs") - delete(configAsMap, "history") + imageType := reflect.TypeOf(img).Elem() + for i := 0; i < imageType.NumField(); i++ { + f := imageType.Field(i) + jsonName := strings.Split(f.Tag.Get("json"), ",")[0] + // Parent is handled specially below. + if jsonName != "" && jsonName != "parent" { + delete(configAsMap, jsonName) + } + } configAsMap["id"] = rawJSON(v1ID) if parentV1ID != "" { configAsMap["parent"] = rawJSON(parentV1ID) diff --git a/image/v1/imagev1_test.go b/image/v1/imagev1_test.go new file mode 100644 index 0000000000..936c55e4c5 --- /dev/null +++ b/image/v1/imagev1_test.go @@ -0,0 +1,55 @@ +package v1 + +import ( + "encoding/json" + "testing" + + "github.com/docker/docker/image" +) + +func TestMakeV1ConfigFromConfig(t *testing.T) { + img := &image.Image{ + V1Image: image.V1Image{ + ID: "v2id", + Parent: "v2parent", + OS: "os", + }, + OSVersion: "osversion", + RootFS: &image.RootFS{ + Type: "layers", + }, + } + v2js, err := json.Marshal(img) + if err != nil { + t.Fatal(err) + } + + // Convert the image back in order to get RawJSON() support. + img, err = image.NewFromJSON(v2js) + if err != nil { + t.Fatal(err) + } + + js, err := MakeV1ConfigFromConfig(img, "v1id", "v1parent", false) + if err != nil { + t.Fatal(err) + } + + newimg := &image.Image{} + err = json.Unmarshal(js, newimg) + if err != nil { + t.Fatal(err) + } + + if newimg.V1Image.ID != "v1id" || newimg.Parent != "v1parent" { + t.Error("ids should have changed", newimg.V1Image.ID, newimg.V1Image.Parent) + } + + if newimg.RootFS != nil { + t.Error("rootfs should have been removed") + } + + if newimg.V1Image.OS != "os" { + t.Error("os should have been preserved") + } +} diff --git a/pkg/system/syscall_windows.go b/pkg/system/syscall_windows.go index 061e220f79..ef596f343f 100644 --- a/pkg/system/syscall_windows.go +++ b/pkg/system/syscall_windows.go @@ -1,11 +1,14 @@ package system import ( - "fmt" "syscall" "unsafe" ) +var ( + ntuserApiset = syscall.NewLazyDLL("ext-ms-win-ntuser-window-l1-1-0") +) + // OSVersion is a wrapper for Windows version information // https://msdn.microsoft.com/en-us/library/windows/desktop/ms724439(v=vs.85).aspx type OSVersion struct { @@ -17,17 +20,18 @@ type OSVersion struct { // GetOSVersion gets the operating system version on Windows. Note that // docker.exe must be manifested to get the correct version information. -func GetOSVersion() (OSVersion, error) { +func GetOSVersion() OSVersion { var err error osv := OSVersion{} osv.Version, err = syscall.GetVersion() if err != nil { - return osv, fmt.Errorf("Failed to call GetVersion()") + // GetVersion never fails. + panic(err) } osv.MajorVersion = uint8(osv.Version & 0xFF) osv.MinorVersion = uint8(osv.Version >> 8 & 0xFF) osv.Build = uint16(osv.Version >> 16) - return osv, nil + return osv } // Unmount is a platform-specific helper function to call @@ -58,3 +62,12 @@ func CommandLineToArgv(commandLine string) ([]string, error) { return newArgs, nil } + +// HasWin32KSupport determines whether containers that depend on win32k can +// run on this machine. Win32k is the driver used to implement windowing. +func HasWin32KSupport() bool { + // For now, check for ntuser API support on the host. In the future, a host + // may support win32k in containers even if the host does not support ntuser + // APIs. + return ntuserApiset.Load() == nil +} diff --git a/pkg/system/syscall_windows_test.go b/pkg/system/syscall_windows_test.go new file mode 100644 index 0000000000..4886b2b9b4 --- /dev/null +++ b/pkg/system/syscall_windows_test.go @@ -0,0 +1,9 @@ +package system + +import "testing" + +func TestHasWin32KSupport(t *testing.T) { + s := HasWin32KSupport() // make sure this doesn't panic + + t.Logf("win32k: %v", s) // will be different on different platforms -- informative only +} diff --git a/pkg/term/term_windows.go b/pkg/term/term_windows.go index a02e681f44..905c02253d 100644 --- a/pkg/term/term_windows.go +++ b/pkg/term/term_windows.go @@ -59,10 +59,7 @@ func StdStreams() (stdIn io.ReadCloser, stdOut, stdErr io.Writer) { // console which supports ANSI emulation, or fall-back to the golang emulator // (github.com/azure/go-ansiterm). func useNativeConsole() bool { - osv, err := system.GetOSVersion() - if err != nil { - return false - } + osv := system.GetOSVersion() // Native console is not available before major version 10 if osv.MajorVersion < 10 {