2019-06-11 18:11:25 +00:00
|
|
|
# Contributing
|
|
|
|
|
2018-04-27 17:37:02 +00:00
|
|
|
Want to contribute? Great! First, read this page.
|
|
|
|
|
2018-09-28 18:11:12 +00:00
|
|
|
### Contributor License Agreement
|
|
|
|
|
|
|
|
Contributions to this project must be accompanied by a Contributor License
|
|
|
|
Agreement. You (or your employer) retain the copyright to your contribution;
|
|
|
|
this simply gives us permission to use and redistribute your contributions as
|
|
|
|
part of the project. Head over to <https://cla.developers.google.com/> to see
|
|
|
|
your current agreements on file or to sign a new one.
|
|
|
|
|
|
|
|
You generally only need to submit a CLA once, so if you've already submitted one
|
|
|
|
(even if it was for a different project), you probably don't need to do it
|
|
|
|
again.
|
2018-04-27 17:37:02 +00:00
|
|
|
|
2019-04-05 00:04:30 +00:00
|
|
|
### Using GOPATH
|
|
|
|
|
|
|
|
Some editors may require the code to be structured in a `GOPATH` directory tree.
|
|
|
|
In this case, you may use the `:gopath` target to generate a directory tree with
|
|
|
|
symlinks to the original source files.
|
|
|
|
|
|
|
|
```
|
|
|
|
bazel build :gopath
|
|
|
|
```
|
|
|
|
|
|
|
|
You can then set the `GOPATH` in your editor to `bazel-bin/gopath`.
|
|
|
|
|
|
|
|
If you use this mechanism, keep in mind that the generated tree is not the
|
|
|
|
canonical source. You will still need to build and test with `bazel`. New files
|
|
|
|
will need to be added to the appropriate `BUILD` files, and the `:gopath` target
|
|
|
|
will need to be re-run to generate appropriate symlinks in the `GOPATH`
|
|
|
|
directory tree.
|
|
|
|
|
2020-02-12 00:01:42 +00:00
|
|
|
Dependencies can be added by using `go mod get`. In order to keep the
|
|
|
|
`WORKSPACE` file in sync, run `tools/go_mod.sh` in place of `go mod`.
|
|
|
|
|
2018-04-27 17:37:02 +00:00
|
|
|
### Coding Guidelines
|
2018-07-12 17:36:16 +00:00
|
|
|
|
2019-04-11 21:17:03 +00:00
|
|
|
All Go code should conform to the [Go style guidelines][gostyle]. C++ code
|
|
|
|
should conform to the [Google C++ Style Guide][cppstyle] and the guidelines
|
2020-01-28 02:26:26 +00:00
|
|
|
described for [tests][teststyle]. Note that code may be automatically formatted
|
|
|
|
per the guidelines when merged.
|
2018-04-27 17:37:02 +00:00
|
|
|
|
|
|
|
As a secure runtime, we need to maintain the safety of all of code included in
|
|
|
|
gVisor. The following rules help mitigate issues.
|
|
|
|
|
|
|
|
Definitions for the rules below:
|
|
|
|
|
|
|
|
`core`:
|
|
|
|
|
2018-07-12 17:36:16 +00:00
|
|
|
* `//pkg/sentry/...`
|
2020-02-10 22:11:04 +00:00
|
|
|
* Transitive dependencies in `//pkg/...`, etc.
|
2018-04-27 17:37:02 +00:00
|
|
|
|
|
|
|
`runsc`:
|
|
|
|
|
2018-07-12 17:36:16 +00:00
|
|
|
* `//runsc/...`
|
2018-04-27 17:37:02 +00:00
|
|
|
|
|
|
|
Rules:
|
|
|
|
|
2018-07-12 17:36:16 +00:00
|
|
|
* No cgo in `core` or `runsc`. The final binary must be a statically-linked
|
2018-04-27 17:37:02 +00:00
|
|
|
pure Go binary.
|
|
|
|
|
2018-07-12 17:36:16 +00:00
|
|
|
* Any files importing "unsafe" must have a name ending in `_unsafe.go`.
|
|
|
|
|
|
|
|
* `core` may only depend on the following packages:
|
|
|
|
|
|
|
|
* Itself.
|
|
|
|
* Go standard library.
|
|
|
|
* Except (transitively) package "net" (this will result in a non-cgo
|
|
|
|
binary). Use `//pkg/unet` instead.
|
|
|
|
* `@org_golang_x_sys//unix:go_default_library` (Go import
|
|
|
|
`golang.org/x/sys/unix`).
|
|
|
|
* Generated Go protobuf packages.
|
|
|
|
* `@com_github_golang_protobuf//proto:go_default_library` (Go import
|
|
|
|
`github.com/golang/protobuf/proto`).
|
|
|
|
* `@com_github_golang_protobuf//ptypes:go_default_library` (Go import
|
|
|
|
`github.com/golang/protobuf/ptypes`).
|
2018-04-27 17:37:02 +00:00
|
|
|
|
2018-07-12 17:36:16 +00:00
|
|
|
* `runsc` may only depend on the following packages:
|
2018-04-27 17:37:02 +00:00
|
|
|
|
2018-07-12 17:36:16 +00:00
|
|
|
* All packages allowed for `core`.
|
|
|
|
* `@com_github_google_subcommands//:go_default_library` (Go import
|
|
|
|
`github.com/google/subcommands`).
|
|
|
|
* `@com_github_opencontainers_runtime_spec//specs_go:go_default_library`
|
|
|
|
(Go import `github.com/opencontainers/runtime-spec/specs_go`).
|
2018-04-27 17:37:02 +00:00
|
|
|
|
|
|
|
### Code reviews
|
|
|
|
|
2019-09-16 15:15:40 +00:00
|
|
|
Before sending code reviews, run `bazel test ...` to ensure tests are passing.
|
|
|
|
|
2019-05-30 18:46:11 +00:00
|
|
|
Code changes are accepted via [pull request][github].
|
2018-06-15 08:21:08 +00:00
|
|
|
|
|
|
|
When approved, the change will be submitted by a team member and automatically
|
|
|
|
merged into the repository.
|
2018-04-27 17:37:02 +00:00
|
|
|
|
2019-07-12 21:33:23 +00:00
|
|
|
### Presubmit checks
|
|
|
|
|
|
|
|
Accessing check logs may require membership in the
|
|
|
|
[gvisor-dev mailing list][gvisor-dev-list], which is public.
|
|
|
|
|
2019-04-29 21:03:04 +00:00
|
|
|
### Bug IDs
|
|
|
|
|
|
|
|
Some TODOs and NOTEs sprinkled throughout the code have associated IDs of the
|
2019-05-30 18:46:11 +00:00
|
|
|
form `b/1234`. These correspond to bugs in our internal bug tracker. Eventually
|
2019-04-29 21:03:04 +00:00
|
|
|
these bugs will be moved to the GitHub Issues, but until then they can simply be
|
|
|
|
ignored.
|
|
|
|
|
2019-09-16 15:15:40 +00:00
|
|
|
### Build and test with Docker
|
|
|
|
|
|
|
|
`scripts/dev.sh` is a convenient script that builds and installs `runsc` as a
|
|
|
|
new Docker runtime for you. The scripts tries to extract the runtime name from
|
|
|
|
your local environment and will print it at the end. You can also customize it.
|
|
|
|
The script creates one regular runtime and another with debug flags enabled.
|
|
|
|
Here are a few examples:
|
|
|
|
|
|
|
|
```bash
|
|
|
|
# Default case (inside branch my-branch)
|
|
|
|
$ scripts/dev.sh
|
|
|
|
...
|
|
|
|
Runtimes my-branch and my-branch-d (debug enabled) setup.
|
|
|
|
Use --runtime=my-branch with your Docker command.
|
|
|
|
docker run --rm --runtime=my-branch --rm hello-world
|
|
|
|
|
|
|
|
If you rebuild, use scripts/dev.sh --refresh.
|
|
|
|
Logs are in: /tmp/my-branch/logs
|
|
|
|
|
|
|
|
# --refresh just updates the runtime binary and doesn't restart docker.
|
|
|
|
$ git/my_branch> scripts/dev.sh --refresh
|
|
|
|
|
|
|
|
# Using a custom runtime name
|
|
|
|
$ git/my_branch> scripts/dev.sh my-runtime
|
|
|
|
...
|
|
|
|
Runtimes my-runtime and my-runtime-d (debug enabled) setup.
|
|
|
|
Use --runtime=my-runtime with your Docker command.
|
|
|
|
docker run --rm --runtime=my-runtime --rm hello-world
|
|
|
|
```
|
|
|
|
|
2018-04-27 17:37:02 +00:00
|
|
|
### The small print
|
|
|
|
|
2018-07-12 17:36:16 +00:00
|
|
|
Contributions made by corporations are covered by a different agreement than the
|
|
|
|
one above, the
|
2018-06-15 08:21:08 +00:00
|
|
|
[Software Grant and Corporate Contributor License Agreement][gccla].
|
2018-04-27 17:37:02 +00:00
|
|
|
|
2019-04-11 21:17:03 +00:00
|
|
|
[cppstyle]: https://google.github.io/styleguide/cppguide.html
|
2018-05-02 10:00:01 +00:00
|
|
|
[gcla]: https://cla.developers.google.com/about/google-individual
|
2018-06-15 08:21:08 +00:00
|
|
|
[gccla]: https://cla.developers.google.com/about/google-corporate
|
2019-05-30 18:46:11 +00:00
|
|
|
[github]: https://github.com/google/gvisor/compare
|
2019-07-12 21:33:23 +00:00
|
|
|
[gvisor-dev-list]: https://groups.google.com/forum/#!forum/gvisor-dev
|
2018-05-01 00:46:56 +00:00
|
|
|
[gostyle]: https://github.com/golang/go/wiki/CodeReviewComments
|
2019-04-11 21:17:03 +00:00
|
|
|
[teststyle]: ./test/
|