signalk-container 1.3.1 → 1.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/jobs.d.ts +40 -0
- package/dist/jobs.d.ts.map +1 -1
- package/dist/jobs.js +86 -0
- package/dist/jobs.js.map +1 -1
- package/dist/runtime.d.ts.map +1 -1
- package/dist/runtime.js +25 -0
- package/dist/runtime.js.map +1 -1
- package/dist/types.d.ts +53 -0
- package/dist/types.d.ts.map +1 -1
- package/package.json +2 -1
package/dist/jobs.d.ts
CHANGED
|
@@ -1,4 +1,44 @@
|
|
|
1
1
|
import { ContainerJobConfig, ContainerJobResult, ContainerRuntimeInfo, CleanupOrphansResult, OrphanJobInfo } from "./types";
|
|
2
|
+
/**
|
|
3
|
+
* Test-only override for the host UID/GID resolver. Stubs let unit
|
|
4
|
+
* tests assert flag emission against deterministic UIDs without
|
|
5
|
+
* needing a particular runtime user.
|
|
6
|
+
*/
|
|
7
|
+
export declare function _setCurrentHostIdsForTesting(fn: (() => {
|
|
8
|
+
uid: number;
|
|
9
|
+
gid: number;
|
|
10
|
+
} | null) | null): void;
|
|
11
|
+
/**
|
|
12
|
+
* Build the UID-mapping flags `runJob` should pass to the runtime
|
|
13
|
+
* for one container. Pulled out of the main `runJob` flow so the
|
|
14
|
+
* decision matrix is unit-testable without spinning up a real
|
|
15
|
+
* runtime.
|
|
16
|
+
*
|
|
17
|
+
* The decision matrix:
|
|
18
|
+
*
|
|
19
|
+
* - `config.user === false` → no flag. Caller opted out (debugging,
|
|
20
|
+
* or a job that doesn't write to a host-owned bind mount).
|
|
21
|
+
* - host UID resolver returns null (Windows) → no flag. Docker
|
|
22
|
+
* Desktop / Windows handles UID translation internally.
|
|
23
|
+
* - rootless Podman → `--userns=keep-id:uid=<inImageUID>,gid=<inImageGID>`.
|
|
24
|
+
* This rewrites the in-image UID back to the host caller via the
|
|
25
|
+
* user-namespace mapping; rootful Podman would error on the same
|
|
26
|
+
* flag.
|
|
27
|
+
* - everything else (Docker, rootful Podman) →
|
|
28
|
+
* `--user <hostUID>:<hostGID>`. Sets the in-container process
|
|
29
|
+
* UID directly to the host caller's UID.
|
|
30
|
+
*
|
|
31
|
+
* `inImageUID/GID` defaults to 0 when the caller doesn't pass
|
|
32
|
+
* `config.user` — matching the historical behaviour of the helper
|
|
33
|
+
* images shipped before this field existed (osgeo/gdal, the legacy
|
|
34
|
+
* tippecanoe image, …). Images with a non-root USER directive (the
|
|
35
|
+
* new `charts-toolbox` image's `USER toolbox` at UID 1001) need the
|
|
36
|
+
* caller to declare the right value.
|
|
37
|
+
*/
|
|
38
|
+
export declare function userMappingFlags(runtime: ContainerRuntimeInfo, user: ContainerJobConfig["user"], resolveHost?: () => {
|
|
39
|
+
uid: number;
|
|
40
|
+
gid: number;
|
|
41
|
+
} | null): string[];
|
|
2
42
|
export declare function runJob(runtime: ContainerRuntimeInfo, config: ContainerJobConfig): Promise<ContainerJobResult>;
|
|
3
43
|
/**
|
|
4
44
|
* Parse one tab-separated line emitted by `podman ps --format
|
package/dist/jobs.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"jobs.d.ts","sourceRoot":"","sources":["../src/jobs.ts"],"names":[],"mappings":"AACA,OAAO,EACL,kBAAkB,EAClB,kBAAkB,EAClB,oBAAoB,EACpB,oBAAoB,EACpB,aAAa,EACd,MAAM,SAAS,CAAC;
|
|
1
|
+
{"version":3,"file":"jobs.d.ts","sourceRoot":"","sources":["../src/jobs.ts"],"names":[],"mappings":"AACA,OAAO,EACL,kBAAkB,EAClB,kBAAkB,EAClB,oBAAoB,EACpB,oBAAoB,EACpB,aAAa,EACd,MAAM,SAAS,CAAC;AAwBjB;;;;GAIG;AACH,wBAAgB,4BAA4B,CAC1C,EAAE,EAAE,CAAC,MAAM;IAAE,GAAG,EAAE,MAAM,CAAC;IAAC,GAAG,EAAE,MAAM,CAAA;CAAE,GAAG,IAAI,CAAC,GAAG,IAAI,GACrD,IAAI,CAEN;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AACH,wBAAgB,gBAAgB,CAC9B,OAAO,EAAE,oBAAoB,EAC7B,IAAI,EAAE,kBAAkB,CAAC,MAAM,CAAC,EAChC,WAAW,GAAE,MAAM;IAAE,GAAG,EAAE,MAAM,CAAC;IAAC,GAAG,EAAE,MAAM,CAAA;CAAE,GAAG,IAAqB,GACtE,MAAM,EAAE,CAuBV;AAUD,wBAAsB,MAAM,CAC1B,OAAO,EAAE,oBAAoB,EAC7B,MAAM,EAAE,kBAAkB,GACzB,OAAO,CAAC,kBAAkB,CAAC,CAoI7B;AAED;;;;;GAKG;AACH,wBAAgB,eAAe,CAC7B,IAAI,EAAE,MAAM,EACZ,aAAa,EAAE,MAAM,GACpB,aAAa,GAAG,IAAI,CAwDtB;AAED;;;;;;;;;GASG;AACH,wBAAsB,mBAAmB,CACvC,OAAO,EAAE,oBAAoB,EAC7B,aAAa,EAAE,MAAM,GACpB,OAAO,CAAC,oBAAoB,CAAC,CAsE/B"}
|
package/dist/jobs.js
CHANGED
|
@@ -1,5 +1,7 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports._setCurrentHostIdsForTesting = _setCurrentHostIdsForTesting;
|
|
4
|
+
exports.userMappingFlags = userMappingFlags;
|
|
3
5
|
exports.runJob = runJob;
|
|
4
6
|
exports.parseOrphanLine = parseOrphanLine;
|
|
5
7
|
exports.cleanupOrphanedJobs = cleanupOrphanedJobs;
|
|
@@ -7,6 +9,85 @@ const crypto_1 = require("crypto");
|
|
|
7
9
|
const runtime_1 = require("./runtime");
|
|
8
10
|
const containers_1 = require("./containers");
|
|
9
11
|
const resources_1 = require("./resources");
|
|
12
|
+
/**
|
|
13
|
+
* Resolve the host caller's UID/GID at flag-emit time. Wrapped so
|
|
14
|
+
* unit tests can stub it instead of being at the mercy of whoever
|
|
15
|
+
* runs `npm test` (root in CI vs. 1000 on a dev box). Windows has
|
|
16
|
+
* no UID concept and `process.getuid` is undefined there — we fall
|
|
17
|
+
* back to `null` and the flag emitter then skips the mapping.
|
|
18
|
+
*/
|
|
19
|
+
function defaultCurrentHostIds() {
|
|
20
|
+
const getuid = process.getuid;
|
|
21
|
+
const getgid = process.getgid;
|
|
22
|
+
if (typeof getuid !== "function" || typeof getgid !== "function") {
|
|
23
|
+
return null;
|
|
24
|
+
}
|
|
25
|
+
return { uid: getuid(), gid: getgid() };
|
|
26
|
+
}
|
|
27
|
+
let currentHostIds = defaultCurrentHostIds;
|
|
28
|
+
/**
|
|
29
|
+
* Test-only override for the host UID/GID resolver. Stubs let unit
|
|
30
|
+
* tests assert flag emission against deterministic UIDs without
|
|
31
|
+
* needing a particular runtime user.
|
|
32
|
+
*/
|
|
33
|
+
function _setCurrentHostIdsForTesting(fn) {
|
|
34
|
+
currentHostIds = fn ?? defaultCurrentHostIds;
|
|
35
|
+
}
|
|
36
|
+
/**
|
|
37
|
+
* Build the UID-mapping flags `runJob` should pass to the runtime
|
|
38
|
+
* for one container. Pulled out of the main `runJob` flow so the
|
|
39
|
+
* decision matrix is unit-testable without spinning up a real
|
|
40
|
+
* runtime.
|
|
41
|
+
*
|
|
42
|
+
* The decision matrix:
|
|
43
|
+
*
|
|
44
|
+
* - `config.user === false` → no flag. Caller opted out (debugging,
|
|
45
|
+
* or a job that doesn't write to a host-owned bind mount).
|
|
46
|
+
* - host UID resolver returns null (Windows) → no flag. Docker
|
|
47
|
+
* Desktop / Windows handles UID translation internally.
|
|
48
|
+
* - rootless Podman → `--userns=keep-id:uid=<inImageUID>,gid=<inImageGID>`.
|
|
49
|
+
* This rewrites the in-image UID back to the host caller via the
|
|
50
|
+
* user-namespace mapping; rootful Podman would error on the same
|
|
51
|
+
* flag.
|
|
52
|
+
* - everything else (Docker, rootful Podman) →
|
|
53
|
+
* `--user <hostUID>:<hostGID>`. Sets the in-container process
|
|
54
|
+
* UID directly to the host caller's UID.
|
|
55
|
+
*
|
|
56
|
+
* `inImageUID/GID` defaults to 0 when the caller doesn't pass
|
|
57
|
+
* `config.user` — matching the historical behaviour of the helper
|
|
58
|
+
* images shipped before this field existed (osgeo/gdal, the legacy
|
|
59
|
+
* tippecanoe image, …). Images with a non-root USER directive (the
|
|
60
|
+
* new `charts-toolbox` image's `USER toolbox` at UID 1001) need the
|
|
61
|
+
* caller to declare the right value.
|
|
62
|
+
*/
|
|
63
|
+
function userMappingFlags(runtime, user, resolveHost = currentHostIds) {
|
|
64
|
+
if (user === false) {
|
|
65
|
+
return [];
|
|
66
|
+
}
|
|
67
|
+
const host = resolveHost();
|
|
68
|
+
if (host === null) {
|
|
69
|
+
return [];
|
|
70
|
+
}
|
|
71
|
+
const inImageUid = user?.inImageUid ?? 0;
|
|
72
|
+
const inImageGid = user?.inImageGid ?? 0;
|
|
73
|
+
// Reject negatives, NaN, and non-integers. The TS shape says
|
|
74
|
+
// `number` but JS callers can still pass garbage — emitting
|
|
75
|
+
// `--userns=keep-id:uid=NaN,gid=-1` would let podman/docker
|
|
76
|
+
// produce an obscure runtime error far from the call site.
|
|
77
|
+
// Throw here so the consumer plugin's promise rejects with a
|
|
78
|
+
// clear message before the container even starts.
|
|
79
|
+
assertNonNegativeInt("inImageUid", inImageUid);
|
|
80
|
+
assertNonNegativeInt("inImageGid", inImageGid);
|
|
81
|
+
if (runtime.runtime === "podman" && runtime.isRootless === true) {
|
|
82
|
+
return ["--userns", `keep-id:uid=${inImageUid},gid=${inImageGid}`];
|
|
83
|
+
}
|
|
84
|
+
return ["--user", `${host.uid}:${host.gid}`];
|
|
85
|
+
}
|
|
86
|
+
function assertNonNegativeInt(field, value) {
|
|
87
|
+
if (!Number.isInteger(value) || value < 0) {
|
|
88
|
+
throw new Error(`ContainerJobConfig.user.${field} must be a non-negative integer, got ${String(value)}`);
|
|
89
|
+
}
|
|
90
|
+
}
|
|
10
91
|
async function runJob(runtime, config) {
|
|
11
92
|
const id = (0, crypto_1.randomUUID)();
|
|
12
93
|
const jobName = `sk-job-${id.slice(0, 8)}`;
|
|
@@ -84,6 +165,11 @@ async function runJob(runtime, config) {
|
|
|
84
165
|
if (config.resources) {
|
|
85
166
|
args.push(...(0, resources_1.resourceFlagsForRun)(config.resources, runtime));
|
|
86
167
|
}
|
|
168
|
+
// UID/GID alignment so files written into bind-mounted output
|
|
169
|
+
// dirs land owned by the host caller, not by an unrelated
|
|
170
|
+
// container UID. See `userMappingFlags` for the per-runtime
|
|
171
|
+
// flag-form decision matrix.
|
|
172
|
+
args.push(...userMappingFlags(runtime, config.user, currentHostIds));
|
|
87
173
|
args.push(config.image, ...config.command);
|
|
88
174
|
// No default timeout for the run phase: chart conversions and other
|
|
89
175
|
// legitimate workloads can take hours. Caller passes `config.timeout`
|
package/dist/jobs.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"jobs.js","sourceRoot":"","sources":["../src/jobs.ts"],"names":[],"mappings":";;
|
|
1
|
+
{"version":3,"file":"jobs.js","sourceRoot":"","sources":["../src/jobs.ts"],"names":[],"mappings":";;AAoCA,oEAIC;AA6BD,4CA2BC;AAUD,wBAuIC;AAQD,0CA2DC;AAYD,kDAyEC;AAzYD,mCAAoC;AAQpC,uCAAyD;AACzD,6CAAyC;AACzC,2CAAkD;AAElD;;;;;;GAMG;AACH,SAAS,qBAAqB;IAC5B,MAAM,MAAM,GAAI,OAAqC,CAAC,MAAM,CAAC;IAC7D,MAAM,MAAM,GAAI,OAAqC,CAAC,MAAM,CAAC;IAC7D,IAAI,OAAO,MAAM,KAAK,UAAU,IAAI,OAAO,MAAM,KAAK,UAAU,EAAE,CAAC;QACjE,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,EAAE,GAAG,EAAE,MAAM,EAAE,EAAE,GAAG,EAAE,MAAM,EAAE,EAAE,CAAC;AAC1C,CAAC;AAED,IAAI,cAAc,GAChB,qBAAqB,CAAC;AAExB;;;;GAIG;AACH,SAAgB,4BAA4B,CAC1C,EAAsD;IAEtD,cAAc,GAAG,EAAE,IAAI,qBAAqB,CAAC;AAC/C,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AACH,SAAgB,gBAAgB,CAC9B,OAA6B,EAC7B,IAAgC,EAChC,cAAyD,cAAc;IAEvE,IAAI,IAAI,KAAK,KAAK,EAAE,CAAC;QACnB,OAAO,EAAE,CAAC;IACZ,CAAC;IACD,MAAM,IAAI,GAAG,WAAW,EAAE,CAAC;IAC3B,IAAI,IAAI,KAAK,IAAI,EAAE,CAAC;QAClB,OAAO,EAAE,CAAC;IACZ,CAAC;IACD,MAAM,UAAU,GAAG,IAAI,EAAE,UAAU,IAAI,CAAC,CAAC;IACzC,MAAM,UAAU,GAAG,IAAI,EAAE,UAAU,IAAI,CAAC,CAAC;IACzC,8DAA8D;IAC9D,4DAA4D;IAC5D,4DAA4D;IAC5D,2DAA2D;IAC3D,6DAA6D;IAC7D,kDAAkD;IAClD,oBAAoB,CAAC,YAAY,EAAE,UAAU,CAAC,CAAC;IAC/C,oBAAoB,CAAC,YAAY,EAAE,UAAU,CAAC,CAAC;IAE/C,IAAI,OAAO,CAAC,OAAO,KAAK,QAAQ,IAAI,OAAO,CAAC,UAAU,KAAK,IAAI,EAAE,CAAC;QAChE,OAAO,CAAC,UAAU,EAAE,eAAe,UAAU,QAAQ,UAAU,EAAE,CAAC,CAAC;IACrE,CAAC;IACD,OAAO,CAAC,QAAQ,EAAE,GAAG,IAAI,CAAC,GAAG,IAAI,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;AAC/C,CAAC;AAED,SAAS,oBAAoB,CAAC,KAAa,EAAE,KAAa;IACxD,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,CAAC,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;QAC1C,MAAM,IAAI,KAAK,CACb,2BAA2B,KAAK,wCAAwC,MAAM,CAAC,KAAK,CAAC,EAAE,CACxF,CAAC;IACJ,CAAC;AACH,CAAC;AAEM,KAAK,UAAU,MAAM,CAC1B,OAA6B,EAC7B,MAA0B;IAE1B,MAAM,EAAE,GAAG,IAAA,mBAAU,GAAE,CAAC;IACxB,MAAM,OAAO,GAAG,UAAU,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;IAC3C,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAE3C,MAAM,MAAM,GAAuB;QACjC,EAAE;QACF,MAAM,EAAE,SAAS;QACjB,KAAK,EAAE,MAAM,CAAC,KAAK;QACnB,OAAO,EAAE,MAAM,CAAC,OAAO;QACvB,KAAK,EAAE,MAAM,CAAC,KAAK;QACnB,GAAG,EAAE,EAAE;QACP,SAAS;QACT,OAAO,EAAE,OAAO,CAAC,OAAO;KACzB,CAAC;IAEF,IAAI,CAAC;QACH,MAAM,aAAa,GAAG,MAAM,IAAA,qBAAW,EAAC,OAAO,EAAE;YAC/C,OAAO;YACP,SAAS;YACT,MAAM,CAAC,KAAK;SACb,CAAC,CAAC;QACH,IAAI,aAAa,CAAC,QAAQ,KAAK,CAAC,EAAE,CAAC;YACjC,MAAM,CAAC,MAAM,GAAG,SAAS,CAAC;YAC1B,MAAM,CAAC,UAAU,EAAE,CAAC,WAAW,MAAM,CAAC,KAAK,KAAK,CAAC,CAAC;YAClD,mEAAmE;YACnE,+DAA+D;YAC/D,8DAA8D;YAC9D,oDAAoD;YACpD,MAAM,UAAU,GAAG,MAAM,IAAA,yBAAe,EACtC,OAAO,EACP,CAAC,MAAM,EAAE,MAAM,CAAC,KAAK,CAAC,EACtB,MAAM,CAAC,UAAU,EACjB,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,GAAG,IAAI,CAAC,CAAC,CAAC,MAAM,CAChD,CAAC;YACF,IAAI,UAAU,CAAC,QAAQ,KAAK,CAAC,EAAE,CAAC;gBAC9B,MAAM,CAAC,MAAM,GAAG,QAAQ,CAAC;gBACzB,MAAM,CAAC,KAAK,GAAG,gBAAgB,UAAU,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;gBACrE,MAAM,CAAC,GAAG,GAAG,UAAU,CAAC,GAAG,CAAC;gBAC5B,OAAO,MAAM,CAAC;YAChB,CAAC;QACH,CAAC;QAED,MAAM,CAAC,MAAM,GAAG,SAAS,CAAC;QAC1B,MAAM,CAAC,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QAE5C,MAAM,IAAI,GAAG,CAAC,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;QAEhD,iEAAiE;QACjE,kEAAkE;QAClE,kEAAkE;QAClE,+DAA+D;QAC/D,+DAA+D;QAC/D,mBAAmB;QACnB,EAAE;QACF,kEAAkE;QAClE,+DAA+D;QAC/D,gEAAgE;QAChE,iDAAiD;QACjD,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,iBAAiB,CAAC,CAAC;QACxC,IAAI,MAAM,CAAC,aAAa,EAAE,CAAC;YACzB,IAAI,CAAC,IAAI,CACP,SAAS,EACT,gBAAgB,kBAAkB,CAAC,MAAM,CAAC,aAAa,CAAC,EAAE,CAC3D,CAAC;QACJ,CAAC;QACD,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;YACjB,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,gBAAgB,kBAAkB,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QAC3E,CAAC;QAED,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;YAClB,KAAK,MAAM,CAAC,aAAa,EAAE,QAAQ,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC;gBACtE,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,IAAA,sBAAS,EAAC,QAAQ,EAAE,aAAa,EAAE,OAAO,EAAE,IAAI,CAAC,CAAC,CAAC;YACrE,CAAC;QACH,CAAC;QAED,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;YACnB,KAAK,MAAM,CAAC,aAAa,EAAE,QAAQ,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC;gBACvE,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,IAAA,sBAAS,EAAC,QAAQ,EAAE,aAAa,EAAE,OAAO,CAAC,CAAC,CAAC;YAC/D,CAAC;QACH,CAAC;QAED,IAAI,MAAM,CAAC,GAAG,EAAE,CAAC;YACf,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;gBACtD,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,GAAG,IAAI,KAAK,EAAE,CAAC,CAAC;YACrC,CAAC;QACH,CAAC;QAED,iEAAiE;QACjE,oEAAoE;QACpE,sDAAsD;QACtD,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;YACrB,IAAI,CAAC,IAAI,CAAC,GAAG,IAAA,+BAAmB,EAAC,MAAM,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC,CAAC;QAC/D,CAAC;QAED,8DAA8D;QAC9D,0DAA0D;QAC1D,6DAA6D;QAC7D,6BAA6B;QAC7B,IAAI,CAAC,IAAI,CAAC,GAAG,gBAAgB,CAAC,OAAO,EAAE,MAAM,CAAC,IAAI,EAAE,cAAc,CAAC,CAAC,CAAC;QAErE,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC;QAE3C,oEAAoE;QACpE,uEAAuE;QACvE,gDAAgD;QAChD,MAAM,SAAS,GAAG,MAAM,IAAA,yBAAe,EACrC,OAAO,EACP,IAAI,EACJ,MAAM,CAAC,UAAU,EACjB,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,GAAG,IAAI,CAAC,CAAC,CAAC,SAAS,EAClD,MAAM,CAAC,YAAY,EACnB,MAAM,CAAC,YAAY,CACpB,CAAC;QAEF,MAAM,CAAC,QAAQ,GAAG,SAAS,CAAC,QAAQ,CAAC;QACrC,MAAM,CAAC,GAAG,GAAG,SAAS,CAAC,GAAG,CAAC;QAC3B,MAAM,CAAC,WAAW,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QAC9C,MAAM,CAAC,MAAM,GAAG,SAAS,CAAC,QAAQ,KAAK,CAAC,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,QAAQ,CAAC;QAElE,IAAI,SAAS,CAAC,QAAQ,KAAK,CAAC,EAAE,CAAC;YAC7B,MAAM,CAAC,KAAK,GAAG,8BAA8B,SAAS,CAAC,QAAQ,EAAE,CAAC;QACpE,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,CAAC,MAAM,GAAG,QAAQ,CAAC;QACzB,MAAM,CAAC,KAAK,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAChE,MAAM,CAAC,WAAW,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;QAE9C,MAAM,IAAA,qBAAW,EAAC,OAAO,EAAE,CAAC,IAAI,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;IACpE,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;GAKG;AACH,SAAgB,eAAe,CAC7B,IAAY,EACZ,aAAqB;IAErB,gEAAgE;IAChE,mEAAmE;IACnE,oEAAoE;IACpE,gEAAgE;IAChE,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;QACrB,OAAO,IAAI,CAAC;IACd,CAAC;IACD,mEAAmE;IACnE,+DAA+D;IAC/D,kEAAkE;IAClE,mDAAmD;IACnD,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC/B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvB,OAAO,IAAI,CAAC;IACd,CAAC;IACD,MAAM,CAAC,IAAI,EAAE,KAAK,EAAE,MAAM,CAAC,GAAG,KAAK,CAAC;IACpC,IAAI,CAAC,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;QACpB,OAAO,IAAI,CAAC;IACd,CAAC;IACD,qEAAqE;IACrE,kEAAkE;IAClE,kEAAkE;IAClE,uCAAuC;IACvC,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAkB,CAAC;IAC3C,KAAK,MAAM,EAAE,IAAI,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC;QAC3C,MAAM,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QAC3B,IAAI,EAAE,GAAG,CAAC,EAAE,CAAC;YACX,IAAI,CAAC;gBACH,QAAQ,CAAC,GAAG,CACV,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,EACtB,kBAAkB,CAAC,EAAE,CAAC,KAAK,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAC5C,CAAC;YACJ,CAAC;YAAC,MAAM,CAAC;gBACP,4DAA4D;gBAC5D,6DAA6D;gBAC7D,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,EAAE,EAAE,CAAC,KAAK,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;YAChE,CAAC;QACH,CAAC;IACH,CAAC;IACD,sDAAsD;IACtD,kEAAkE;IAClE,kEAAkE;IAClE,kEAAkE;IAClE,mEAAmE;IACnE,MAAM,UAAU,GAAG,QAAQ,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;IAChD,IAAI,UAAU,KAAK,aAAa,EAAE,CAAC;QACjC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO;QACL,IAAI;QACJ,KAAK;QACL,aAAa;QACb,KAAK,EAAE,QAAQ,CAAC,GAAG,CAAC,cAAc,CAAC;KACpC,CAAC;AACJ,CAAC;AAED;;;;;;;;;GASG;AACI,KAAK,UAAU,mBAAmB,CACvC,OAA6B,EAC7B,aAAqB;IAErB,qEAAqE;IACrE,mEAAmE;IACnE,iEAAiE;IACjE,gCAAgC;IAChC,MAAM,QAAQ,GAAG,MAAM,IAAA,qBAAW,EAAC,OAAO,EAAE;QAC1C,IAAI;QACJ,IAAI;QACJ,UAAU;QACV,uBAAuB;QACvB,+DAA+D;QAC/D,6DAA6D;QAC7D,wCAAwC;QACxC,UAAU;QACV,sBAAsB,kBAAkB,CAAC,aAAa,CAAC,EAAE;QACzD,UAAU;QACV,qCAAqC;KACtC,CAAC,CAAC;IAEH,mEAAmE;IACnE,mEAAmE;IACnE,iEAAiE;IACjE,oEAAoE;IACpE,kEAAkE;IAClE,wDAAwD;IACxD,IAAI,QAAQ,CAAC,QAAQ,KAAK,CAAC,EAAE,CAAC;QAC5B,MAAM,IAAI,KAAK,CACb,mCAAmC,QAAQ,CAAC,MAAM,CAAC,IAAI,EAAE,IAAI,eAAe,EAAE,CAC/E,CAAC;IACJ,CAAC;IACD,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC;QACrB,OAAO,EAAE,MAAM,EAAE,EAAE,EAAE,CAAC;IACxB,CAAC;IAED,MAAM,MAAM,GAAoB,EAAE,CAAC;IACnC,KAAK,MAAM,IAAI,IAAI,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;QAC/C,MAAM,MAAM,GAAG,eAAe,CAAC,IAAI,EAAE,aAAa,CAAC,CAAC;QACpD,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,SAAS;QACX,CAAC;QAED,gEAAgE;QAChE,2DAA2D;QAC3D,+DAA+D;QAC/D,6DAA6D;QAC7D,gEAAgE;QAChE,+DAA+D;QAC/D,iEAAiE;QACjE,iCAAiC;QACjC,IAAI,QAAQ,CAAC;QACb,IAAI,CAAC;YACH,QAAQ,GAAG,MAAM,IAAA,qBAAW,EAAC,OAAO,EAAE,CAAC,IAAI,EAAE,SAAS,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;QACxE,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,CAAC,IAAI,CACV,uDAAuD,MAAM,CAAC,IAAI,WAChE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CACjD,EAAE,CACH,CAAC;YACF,SAAS;QACX,CAAC;QACD,IAAI,QAAQ,CAAC,QAAQ,KAAK,CAAC,EAAE,CAAC;YAC5B,OAAO,CAAC,IAAI,CACV,uDAAuD,MAAM,CAAC,IAAI,WAAW,QAAQ,CAAC,QAAQ,KAAK,QAAQ,CAAC,MAAM,CAAC,IAAI,EAAE,EAAE,CAC5H,CAAC;QACJ,CAAC;QAED,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IACtB,CAAC;IAED,OAAO,EAAE,MAAM,EAAE,CAAC;AACpB,CAAC"}
|
package/dist/runtime.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"runtime.d.ts","sourceRoot":"","sources":["../src/runtime.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,oBAAoB,EAAe,iBAAiB,EAAE,MAAM,SAAS,CAAC;AAE/E;;;;;;GAMG;AACH,wBAAgB,eAAe,IAAI,OAAO,CAMzC;
|
|
1
|
+
{"version":3,"file":"runtime.d.ts","sourceRoot":"","sources":["../src/runtime.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,oBAAoB,EAAe,iBAAiB,EAAE,MAAM,SAAS,CAAC;AAE/E;;;;;;GAMG;AACH,wBAAgB,eAAe,IAAI,OAAO,CAMzC;AA4ID,wBAAsB,aAAa,CACjC,UAAU,EAAE,iBAAiB,GAC5B,OAAO,CAAC,oBAAoB,GAAG,IAAI,CAAC,CActC;AAED,wBAAgB,UAAU,CAAC,IAAI,EAAE,oBAAoB,GAAG,MAAM,CAE7D;AAED,wBAAsB,WAAW,CAC/B,IAAI,EAAE,oBAAoB,EAC1B,IAAI,EAAE,MAAM,EAAE,GACb,OAAO,CAAC;IAAE,MAAM,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAA;CAAE,CAAC,CAE/D;AAED;;;;;;;;;GASG;AACH,wBAAgB,gBAAgB,CAAC,IAAI,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,IAAI,GAAG;IAC9D,IAAI,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,IAAI,CAAC;IAC9B,KAAK,EAAE,MAAM,IAAI,CAAC;CACnB,CAkBA;AAED,wBAAsB,eAAe,CACnC,IAAI,EAAE,oBAAoB,EAC1B,IAAI,EAAE,MAAM,EAAE,EACd,UAAU,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,EAClC,OAAO,CAAC,EAAE,MAAM,EAChB,YAAY,CAAC,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,IAAI,EACrC,YAAY,CAAC,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,IAAI,GACpC,OAAO,CAAC;IAAE,QAAQ,EAAE,MAAM,CAAC;IAAC,GAAG,EAAE,MAAM,EAAE,CAAA;CAAE,CAAC,CA+D9C"}
|
package/dist/runtime.js
CHANGED
|
@@ -55,13 +55,38 @@ async function tryRuntime(name, env) {
|
|
|
55
55
|
}
|
|
56
56
|
const realRuntime = isPodmanDockerShim ? "podman" : name;
|
|
57
57
|
const cgroupControllers = await probeCgroupControllers(realRuntime, env);
|
|
58
|
+
const isRootless = await probeRootless(realRuntime, env);
|
|
58
59
|
return {
|
|
59
60
|
runtime: realRuntime,
|
|
60
61
|
version,
|
|
61
62
|
isPodmanDockerShim,
|
|
62
63
|
cgroupControllers,
|
|
64
|
+
isRootless,
|
|
63
65
|
};
|
|
64
66
|
}
|
|
67
|
+
/**
|
|
68
|
+
* Detect rootless mode. Matters for Podman because `--userns=keep-id`
|
|
69
|
+
* (used by `jobs.ts` to align bind-mount file ownership) is rootless-
|
|
70
|
+
* only — emitting it under rootful Podman errors out at container
|
|
71
|
+
* create time. Docker is left as `false` regardless: rootless Docker
|
|
72
|
+
* accepts the same `--user` flag form as rootful, so the distinction
|
|
73
|
+
* doesn't change our flag-emission logic.
|
|
74
|
+
*/
|
|
75
|
+
async function probeRootless(runtime, env) {
|
|
76
|
+
if (runtime !== "podman") {
|
|
77
|
+
return false;
|
|
78
|
+
}
|
|
79
|
+
const result = await exec("podman", ["info", "--format", "{{.Host.Security.Rootless}}"], env);
|
|
80
|
+
if (result.exitCode !== 0) {
|
|
81
|
+
return null;
|
|
82
|
+
}
|
|
83
|
+
const trimmed = result.stdout.trim();
|
|
84
|
+
if (trimmed === "true")
|
|
85
|
+
return true;
|
|
86
|
+
if (trimmed === "false")
|
|
87
|
+
return false;
|
|
88
|
+
return null;
|
|
89
|
+
}
|
|
65
90
|
/**
|
|
66
91
|
* Query the runtime for which cgroup v2 controllers are actually
|
|
67
92
|
* available to it. This matters for rootless podman, which on many
|
package/dist/runtime.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"runtime.js","sourceRoot":"","sources":["../src/runtime.ts"],"names":[],"mappings":";;AAWA,0CAMC;
|
|
1
|
+
{"version":3,"file":"runtime.js","sourceRoot":"","sources":["../src/runtime.ts"],"names":[],"mappings":";;AAWA,0CAMC;AA4ID,sCAgBC;AAED,gCAEC;AAED,kCAKC;AAYD,4CAqBC;AAED,0CAsEC;AAjSD,iDAAyC;AACzC,2BAAgC;AAGhC;;;;;;GAMG;AACH,SAAgB,eAAe;IAC7B,OAAO,CACL,IAAA,eAAU,EAAC,aAAa,CAAC;QACzB,IAAA,eAAU,EAAC,oBAAoB,CAAC;QAChC,OAAO,CAAC,GAAG,CAAC,SAAS,KAAK,SAAS,CACpC,CAAC;AACJ,CAAC;AAED,SAAS,QAAQ;IACf,MAAM,GAAG,GAAG,EAAE,GAAG,OAAO,CAAC,GAAG,EAAE,CAAC;IAC/B,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;QACnC,IAAI,GAAG,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YAC9B,OAAO,GAAG,CAAC,GAAG,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,SAAS,IAAI,CACX,GAAW,EACX,IAAc,EACd,GAAuB;IAEvB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;QAC7B,IAAA,wBAAQ,EACN,GAAG,EACH,IAAI,EACJ,EAAE,GAAG,EAAE,GAAG,IAAI,QAAQ,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,EAC1C,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE;YACxB,OAAO,CAAC;gBACN,MAAM,EAAE,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC,IAAI,EAAE;gBACxC,MAAM,EAAE,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC,IAAI,EAAE;gBACxC,QAAQ,EAAE,KAAK;oBACb,CAAC,CAAC,OAAQ,KAAa,CAAC,IAAI,KAAK,QAAQ;wBACvC,CAAC,CAAE,KAAa,CAAC,IAAI;wBACrB,CAAC,CAAC,CAAC;oBACL,CAAC,CAAC,CAAC;aACN,CAAC,CAAC;QACL,CAAC,CACF,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC;AAED,KAAK,UAAU,UAAU,CACvB,IAAiB,EACjB,GAAsB;IAEtB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC,WAAW,CAAC,EAAE,GAAG,CAAC,CAAC;IACpD,IAAI,MAAM,CAAC,QAAQ,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IAEvC,MAAM,OAAO,GACX,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,gBAAgB,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI,SAAS,CAAC;IAC7E,IAAI,kBAAkB,GAAG,KAAK,CAAC;IAE/B,IAAI,IAAI,KAAK,QAAQ,EAAE,CAAC;QACtB,kBAAkB,GAAG,MAAM,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IACtE,CAAC;IAED,MAAM,WAAW,GAAgB,kBAAkB,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC;IACtE,MAAM,iBAAiB,GAAG,MAAM,sBAAsB,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC;IACzE,MAAM,UAAU,GAAG,MAAM,aAAa,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC;IAEzD,OAAO;QACL,OAAO,EAAE,WAAW;QACpB,OAAO;QACP,kBAAkB;QAClB,iBAAiB;QACjB,UAAU;KACX,CAAC;AACJ,CAAC;AAED;;;;;;;GAOG;AACH,KAAK,UAAU,aAAa,CAC1B,OAAoB,EACpB,GAAsB;IAEtB,IAAI,OAAO,KAAK,QAAQ,EAAE,CAAC;QACzB,OAAO,KAAK,CAAC;IACf,CAAC;IACD,MAAM,MAAM,GAAG,MAAM,IAAI,CACvB,QAAQ,EACR,CAAC,MAAM,EAAE,UAAU,EAAE,6BAA6B,CAAC,EACnD,GAAG,CACJ,CAAC;IACF,IAAI,MAAM,CAAC,QAAQ,KAAK,CAAC,EAAE,CAAC;QAC1B,OAAO,IAAI,CAAC;IACd,CAAC;IACD,MAAM,OAAO,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;IACrC,IAAI,OAAO,KAAK,MAAM;QAAE,OAAO,IAAI,CAAC;IACpC,IAAI,OAAO,KAAK,OAAO;QAAE,OAAO,KAAK,CAAC;IACtC,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;;;;;;;GAUG;AACH,KAAK,UAAU,sBAAsB,CACnC,OAAoB,EACpB,GAAsB;IAEtB,IAAI,OAAO,KAAK,QAAQ,EAAE,CAAC;QACzB,+DAA+D;QAC/D,+DAA+D;QAC/D,8DAA8D;QAC9D,8DAA8D;QAC9D,uDAAuD;QACvD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,IAAI,CACvB,QAAQ,EACR,CAAC,MAAM,EAAE,UAAU,EAAE,kCAAkC,CAAC,EACxD,GAAG,CACJ,CAAC;IACF,IAAI,MAAM,CAAC,QAAQ,KAAK,CAAC,EAAE,CAAC;QAC1B,4DAA4D;QAC5D,+CAA+C;QAC/C,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,CAAY,CAAC;QACpD,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC,EAAE,CAAC;YACxE,OAAO,MAAM,CAAC;QAChB,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,wCAAwC;IAC1C,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAEM,KAAK,UAAU,aAAa,CACjC,UAA6B;IAE7B,MAAM,GAAG,GAAG,QAAQ,EAAE,CAAC;IAEvB,IAAI,UAAU,KAAK,MAAM,EAAE,CAAC;QAC1B,OAAO,UAAU,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC;IACrC,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;IAC/C,IAAI,MAAM;QAAE,OAAO,MAAM,CAAC;IAE1B,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;IAC/C,IAAI,MAAM;QAAE,OAAO,MAAM,CAAC;IAE1B,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAgB,UAAU,CAAC,IAA0B;IACnD,OAAO,IAAI,CAAC,kBAAkB,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC;AAC3D,CAAC;AAEM,KAAK,UAAU,WAAW,CAC/B,IAA0B,EAC1B,IAAc;IAEd,OAAO,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,CAAC;AAClD,CAAC;AAED;;;;;;;;;GASG;AACH,SAAgB,gBAAgB,CAAC,IAA4B;IAI3D,IAAI,MAAM,GAAG,EAAE,CAAC;IAChB,OAAO;QACL,IAAI,CAAC,KAAa;YAChB,MAAM,IAAI,KAAK,CAAC;YAChB,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;YACzC,MAAM,GAAG,KAAK,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC;YAC3B,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;gBACzB,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC;oBAAE,IAAI,CAAC,IAAI,CAAC,CAAC;YAClC,CAAC;QACH,CAAC;QACD,KAAK;YACH,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACtB,IAAI,CAAC,MAAM,CAAC,CAAC;gBACb,MAAM,GAAG,EAAE,CAAC;YACd,CAAC;QACH,CAAC;KACF,CAAC;AACJ,CAAC;AAEM,KAAK,UAAU,eAAe,CACnC,IAA0B,EAC1B,IAAc,EACd,UAAkC,EAClC,OAAgB,EAChB,YAAqC,EACrC,YAAqC;IAErC,MAAM,GAAG,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC;IAC7B,MAAM,GAAG,GAAG,QAAQ,EAAE,CAAC;IACvB,MAAM,GAAG,GAAa,EAAE,CAAC;IACzB,MAAM,WAAW,GAAG,GAAG,CAAC;IAExB,MAAM,QAAQ,GAAG,CAAC,EAAwC,EAAE,IAAY,EAAE,EAAE;QAC1E,IAAI,CAAC,EAAE;YAAE,OAAO;QAChB,IAAI,CAAC;YACH,EAAE,CAAC,IAAI,CAAC,CAAC;QACX,CAAC;QAAC,MAAM,CAAC;YACP,8CAA8C;QAChD,CAAC;IACH,CAAC,CAAC;IAEF,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,sEAAsE;QACtE,qEAAqE;QACrE,qEAAqE;QACrE,mEAAmE;QACnE,sEAAsE;QACtE,uEAAuE;QACvE,EAAE;QACF,mEAAmE;QACnE,qCAAqC;QACrC,MAAM,IAAI,GAAG,IAAA,wBAAQ,EAAC,GAAG,EAAE,IAAI,EAAE;YAC/B,GAAG;YACH,SAAS,EAAE,EAAE,GAAG,IAAI,GAAG,IAAI;YAC3B,OAAO,EAAE,OAAO,IAAI,CAAC;SACtB,CAAC,CAAC;QAEH,MAAM,cAAc,GAAG,gBAAgB,CAAC,CAAC,IAAI,EAAE,EAAE;YAC/C,IAAI,GAAG,CAAC,MAAM,IAAI,WAAW;gBAAE,GAAG,CAAC,KAAK,EAAE,CAAC;YAC3C,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACf,QAAQ,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC;YAC3B,QAAQ,CAAC,YAAY,EAAE,IAAI,CAAC,CAAC;QAC/B,CAAC,CAAC,CAAC;QAEH,MAAM,cAAc,GAAG,gBAAgB,CAAC,CAAC,IAAI,EAAE,EAAE;YAC/C,IAAI,GAAG,CAAC,MAAM,IAAI,WAAW;gBAAE,GAAG,CAAC,KAAK,EAAE,CAAC;YAC3C,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACf,QAAQ,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC;YAC3B,QAAQ,CAAC,YAAY,EAAE,IAAI,CAAC,CAAC;QAC/B,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,IAAqB,EAAE,EAAE;YAChD,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC;QACvC,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,IAAqB,EAAE,EAAE;YAChD,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC;QACvC,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,IAAI,EAAE,EAAE;YACxB,cAAc,CAAC,KAAK,EAAE,CAAC;YACvB,cAAc,CAAC,KAAK,EAAE,CAAC;YACvB,OAAO,CAAC,EAAE,QAAQ,EAAE,IAAI,IAAI,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC;QACxC,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;YACvB,MAAM,CAAC,GAAG,CAAC,CAAC;QACd,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC"}
|
package/dist/types.d.ts
CHANGED
|
@@ -16,6 +16,20 @@ export interface ContainerRuntimeInfo {
|
|
|
16
16
|
* the runtime fail at container-create time.
|
|
17
17
|
*/
|
|
18
18
|
cgroupControllers?: string[] | null;
|
|
19
|
+
/**
|
|
20
|
+
* Whether the runtime is operating in rootless mode. Probed once
|
|
21
|
+
* at detection time via `podman info --format
|
|
22
|
+
* '{{.Host.Security.Rootless}}'` for Podman; assumed `false` for
|
|
23
|
+
* Docker (rootless Docker accepts the same `--user` flag form as
|
|
24
|
+
* rootful, so the distinction doesn't matter for our flag-emission
|
|
25
|
+
* logic). `null` means "not probed" — treat as not rootless.
|
|
26
|
+
*
|
|
27
|
+
* Used by `jobs.ts` to pick the right UID-mapping flag form for
|
|
28
|
+
* `runJob` containers: `--userns=keep-id:uid=N,gid=N` is rootless-
|
|
29
|
+
* Podman-only and errors out under rootful, so we have to detect
|
|
30
|
+
* before emitting it.
|
|
31
|
+
*/
|
|
32
|
+
isRootless?: boolean | null;
|
|
19
33
|
}
|
|
20
34
|
export type ContainerState = "running" | "stopped" | "missing" | "no-runtime";
|
|
21
35
|
export interface ContainerConfig {
|
|
@@ -185,6 +199,45 @@ export interface ContainerJobConfig {
|
|
|
185
199
|
* Available in signalk-container >= 1.3.0.
|
|
186
200
|
*/
|
|
187
201
|
ownerPluginId?: string;
|
|
202
|
+
/**
|
|
203
|
+
* Align the in-container UID/GID with the host caller's UID/GID so
|
|
204
|
+
* files written into bind-mounted output dirs land owned by the
|
|
205
|
+
* host signalk-server process, not by an unrelated container UID.
|
|
206
|
+
*
|
|
207
|
+
* The auto path emits the right flag form per runtime:
|
|
208
|
+
* - Docker (any flavour) and rootful Podman: `--user <hostUID>:<hostGID>`
|
|
209
|
+
* - Rootless Podman: `--userns=keep-id:uid=<inImageUID>,gid=<inImageGID>`
|
|
210
|
+
*
|
|
211
|
+
* (The two forms achieve the same end via different mechanisms.
|
|
212
|
+
* `--userns=keep-id` is rootless-Podman-only — it errors out under
|
|
213
|
+
* rootful — which is why the runtime detection matters.)
|
|
214
|
+
*
|
|
215
|
+
* - Default (`undefined`): auto-align using `process.getuid()` /
|
|
216
|
+
* `process.getgid()`, assuming the image's USER directive is
|
|
217
|
+
* root (UID 0). This matches the behaviour of the helper images
|
|
218
|
+
* shipped before this field existed (osgeo/gdal, the legacy
|
|
219
|
+
* tippecanoe image, …).
|
|
220
|
+
* - `{ inImageUid, inImageGid }`: image declares a non-root USER.
|
|
221
|
+
* Required for rootless-Podman + non-root images so `keep-id`
|
|
222
|
+
* maps the in-image UID back to the host caller. The new
|
|
223
|
+
* `charts-toolbox` image with `USER toolbox` (UID/GID 1001)
|
|
224
|
+
* passes `{ inImageUid: 1001, inImageGid: 1001 }`.
|
|
225
|
+
* - `false`: opt out entirely. Container runs as whatever the
|
|
226
|
+
* image's USER directive specifies, with no host-UID mapping.
|
|
227
|
+
* Useful only for debugging or for callers that don't need the
|
|
228
|
+
* container to write into a host-owned bind mount.
|
|
229
|
+
*
|
|
230
|
+
* Earlier signalk-container versions silently ignored the field;
|
|
231
|
+
* newly-enabled flag emission means existing root-default helper
|
|
232
|
+
* images keep working (they're now also UID-aligned, which is
|
|
233
|
+
* strictly an improvement) without any caller change. Consumer
|
|
234
|
+
* plugins relying on the flag emission should bump their declared
|
|
235
|
+
* `signalk-container` peer-dep to the version that introduced it.
|
|
236
|
+
*/
|
|
237
|
+
user?: {
|
|
238
|
+
inImageUid?: number;
|
|
239
|
+
inImageGid?: number;
|
|
240
|
+
} | false;
|
|
188
241
|
}
|
|
189
242
|
export type ContainerJobStatus = "pending" | "pulling" | "running" | "completed" | "failed";
|
|
190
243
|
export interface ContainerJobResult {
|
package/dist/types.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,WAAW,GAAG,QAAQ,GAAG,QAAQ,CAAC;AAC9C,MAAM,MAAM,iBAAiB,GAAG,MAAM,GAAG,WAAW,CAAC;AAErD,MAAM,WAAW,oBAAoB;IACnC,OAAO,EAAE,WAAW,CAAC;IACrB,OAAO,EAAE,MAAM,CAAC;IAChB,kBAAkB,EAAE,OAAO,CAAC;IAC5B;;;;;;;;;;OAUG;IACH,iBAAiB,CAAC,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC;
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,WAAW,GAAG,QAAQ,GAAG,QAAQ,CAAC;AAC9C,MAAM,MAAM,iBAAiB,GAAG,MAAM,GAAG,WAAW,CAAC;AAErD,MAAM,WAAW,oBAAoB;IACnC,OAAO,EAAE,WAAW,CAAC;IACrB,OAAO,EAAE,MAAM,CAAC;IAChB,kBAAkB,EAAE,OAAO,CAAC;IAC5B;;;;;;;;;;OAUG;IACH,iBAAiB,CAAC,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC;IACpC;;;;;;;;;;;;OAYG;IACH,UAAU,CAAC,EAAE,OAAO,GAAG,IAAI,CAAC;CAC7B;AAED,MAAM,MAAM,cAAc,GAAG,SAAS,GAAG,SAAS,GAAG,SAAS,GAAG,YAAY,CAAC;AAE9E,MAAM,WAAW,eAAe;IAC9B,KAAK,EAAE,MAAM,CAAC;IACd,GAAG,EAAE,MAAM,CAAC;IACZ,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC/B;;;;;OAKG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACjC;;;;;;;;;;;;;;;;;;;OAmBG;IACH,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B;;;;;;;;;;;;;;;;;;;;OAoBG;IACH,sBAAsB,CAAC,EAAE,MAAM,EAAE,CAAC;IAClC,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC7B,OAAO,CAAC,EAAE,IAAI,GAAG,gBAAgB,GAAG,QAAQ,CAAC;IAC7C,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;IACnB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB;;;;;;OAMG;IACH,SAAS,CAAC,EAAE,uBAAuB,CAAC;CACrC;AAED;;;;;;;;;GASG;AACH,MAAM,WAAW,uBAAuB;IACtC,sDAAsD;IACtD,IAAI,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,sDAAsD;IACtD,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,kDAAkD;IAClD,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,0CAA0C;IAC1C,MAAM,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACvB;;;OAGG;IACH,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,qEAAqE;IACrE,iBAAiB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAClC,wDAAwD;IACxD,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,gEAAgE;IAChE,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC7B;AAED,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,cAAc,CAAC;IACtB,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,kBAAkB;IACjC,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAChC,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACjC,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC7B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB;;;;OAIG;IACH,UAAU,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAC;IACnC;;;;;OAKG;IACH,YAAY,CAAC,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,IAAI,CAAC;IACtC;;;;;OAKG;IACH,YAAY,CAAC,EAAE,CAAC,IAAI,EAAE,MAAM,KAAK,IAAI,CAAC;IACtC;;;;;;;;;;;;;;OAcG;IACH,SAAS,CAAC,EAAE,uBAAuB,CAAC;IACpC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf;;;;;;;;;;;;;;;OAeG;IACH,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAkCG;IACH,IAAI,CAAC,EAAE;QAAE,UAAU,CAAC,EAAE,MAAM,CAAC;QAAC,UAAU,CAAC,EAAE,MAAM,CAAA;KAAE,GAAG,KAAK,CAAC;CAC7D;AAED,MAAM,MAAM,kBAAkB,GAC1B,SAAS,GACT,SAAS,GACT,SAAS,GACT,WAAW,GACX,QAAQ,CAAC;AAEb,MAAM,WAAW,kBAAkB;IACjC,EAAE,EAAE,MAAM,CAAC;IACX,MAAM,EAAE,kBAAkB,CAAC;IAC3B,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,GAAG,EAAE,MAAM,EAAE,CAAC;IACd,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,OAAO,CAAC,EAAE,WAAW,CAAC;CACvB;AAED,MAAM,WAAW,WAAW;IAC1B,aAAa,EAAE,MAAM,CAAC;IACtB,cAAc,EAAE,MAAM,CAAC;CACxB;AAED;;;;;;GAMG;AACH,MAAM,WAAW,aAAa;IAC5B,qEAAqE;IACrE,IAAI,EAAE,MAAM,CAAC;IACb,uCAAuC;IACvC,KAAK,EAAE,MAAM,CAAC;IACd,gEAAgE;IAChE,aAAa,EAAE,MAAM,CAAC;IACtB,2DAA2D;IAC3D,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,oBAAoB;IACnC,MAAM,EAAE,aAAa,EAAE,CAAC;CACzB;AAED,MAAM,WAAW,kBAAkB;IACjC,WAAW,CAAC,EAAE,MAAM,OAAO,CAAC,OAAO,CAAC,CAAC;IACrC,WAAW,CAAC,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,KAAK,IAAI,CAAC;CACrD;AAED,MAAM,WAAW,mBAAmB;IAClC,UAAU,IAAI,oBAAoB,GAAG,IAAI,CAAC;IAC1C,SAAS,CAAC,KAAK,EAAE,MAAM,EAAE,UAAU,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC5E,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IAC7C;;;;OAIG;IACH,cAAc,CAAC,gBAAgB,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IACjE;;;;;;;OAOG;IACH,eAAe,CACb,IAAI,EAAE,MAAM,EACZ,MAAM,EAAE,uBAAuB,GAC9B,OAAO,CAAC,qBAAqB,CAAC,CAAC;IAClC;;;;OAIG;IACH,YAAY,CAAC,IAAI,EAAE,MAAM,GAAG,uBAAuB,CAAC;IACpD,aAAa,CACX,IAAI,EAAE,MAAM,EACZ,MAAM,EAAE,eAAe,EACvB,OAAO,CAAC,EAAE,kBAAkB,GAC3B,OAAO,CAAC,IAAI,CAAC,CAAC;IACjB;;;;;;;;OAQG;IACH,uBAAuB,IAAI,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IAClD;;;;;;;;;;;;;;;;;;;;;;;;;;;OA2BG;IACH,eAAe,CACb,OAAO,EAAE,MAAM,GACd,OAAO,CAAC;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,GAAG,IAAI,CAAC,CAAC;IACvD;;;;;;;;;;;;;;;;OAgBG;IACH,uBAAuB,CACrB,aAAa,EAAE,MAAM,EACrB,aAAa,EAAE,MAAM,GACpB,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IAC1B,KAAK,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACnC,IAAI,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAClC,MAAM,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACpC,QAAQ,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,CAAC,CAAC;IAChD,MAAM,CAAC,MAAM,EAAE,kBAAkB,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;IAChE;;;;;;;;;;;;;;;;;;OAkBG;IACH,mBAAmB,CAAC,MAAM,EAAE;QAC1B,aAAa,EAAE,MAAM,CAAC;KACvB,GAAG,OAAO,CAAC,oBAAoB,CAAC,CAAC;IAClC,KAAK,IAAI,OAAO,CAAC,WAAW,CAAC,CAAC;IAC9B,cAAc,IAAI,OAAO,CAAC,aAAa,EAAE,CAAC,CAAC;IAC3C,aAAa,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC3C,aAAa,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC3C,gBAAgB,CAAC,aAAa,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC5E,eAAe,CACb,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,MAAM,EAAE,GAChB,OAAO,CAAC;QAAE,QAAQ,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IACjE,qBAAqB,CACnB,aAAa,EAAE,MAAM,EACrB,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC,IAAI,CAAC,CAAC;IACjB;;;;;OAKG;IACH,OAAO,EAAE,OAAO,iBAAiB,EAAE,gBAAgB,CAAC;CACrD;AAED,MAAM,WAAW,YAAY;IAC3B,OAAO,EAAE,iBAAiB,CAAC;IAC3B,aAAa,EAAE,KAAK,GAAG,QAAQ,GAAG,SAAS,CAAC;IAC5C,iBAAiB,EAAE,MAAM,CAAC;IAC1B,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,sBAAsB,CAAC,EAAE,OAAO,CAAC;IACjC;;;;;OAKG;IACH,kBAAkB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,uBAAuB,CAAC,CAAC;CAC9D;AAED;;;;GAIG;AACH,MAAM,WAAW,qBAAqB;IACpC,MAAM,EAAE,MAAM,GAAG,WAAW,CAAC;IAC7B,QAAQ,CAAC,EAAE,MAAM,EAAE,CAAC;CACrB"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "signalk-container",
|
|
3
|
-
"version": "1.
|
|
3
|
+
"version": "1.4.0",
|
|
4
4
|
"description": "Shared container runtime management (Podman/Docker) for Signal K plugins",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"signalk-node-server-plugin",
|
|
@@ -27,6 +27,7 @@
|
|
|
27
27
|
"engines": {
|
|
28
28
|
"node": ">=22"
|
|
29
29
|
},
|
|
30
|
+
"author": "Dirk Wahrheit <dirkwahrheit@gmail.com>",
|
|
30
31
|
"license": "MIT",
|
|
31
32
|
"repository": {
|
|
32
33
|
"type": "git",
|