From 117c169992ff63d246b38e4899b5a4b2e6d844af Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Wed, 5 Aug 2020 15:38:30 +0200 Subject: [PATCH] vendor: containerd v1.4.0-rc.0 full diff: https://github.com/containerd/containerd/compare/d184a0a3430dc4a17a47cce37fb36126ac0c699a...v1.4.0-rc.0 Signed-off-by: Sebastiaan van Stijn --- vendor.conf | 2 +- .../containerd/containerd/container.go | 2 + .../containerd/oci/spec_opts_unix.go | 7 +++ .../containerd/remotes/docker/authorizer.go | 2 +- .../containerd/remotes/docker/fetcher.go | 6 +++ .../containerd/remotes/docker/registry.go | 9 ++++ .../containerd/remotes/docker/resolver.go | 50 +++++++++++++++---- .../containerd/remotes/docker/scope.go | 4 +- .../containerd/services/tasks/local.go | 5 ++ .../github.com/containerd/containerd/task.go | 9 ++++ .../containerd/containerd/vendor.conf | 7 ++- .../containerd/containerd/version/version.go | 2 +- 12 files changed, 87 insertions(+), 18 deletions(-) diff --git a/vendor.conf b/vendor.conf index 11d164763..25c7423a1 100644 --- a/vendor.conf +++ b/vendor.conf @@ -10,7 +10,7 @@ github.com/BurntSushi/toml v0.3.1 github.com/cespare/xxhash/v2 v2.1.1 github.com/containerd/cgroups 318312a373405e5e91134d8063d04d59768a1bff github.com/containerd/console v1.0.0 -github.com/containerd/containerd d184a0a3430dc4a17a47cce37fb36126ac0c699a +github.com/containerd/containerd v1.4.0-rc.0 github.com/containerd/continuity efbc4488d8fe1bdc16bde3b2d2990d9b3a899165 github.com/containerd/fifo f15a3290365b9d2627d189e619ab4008e0069caf github.com/containerd/go-runc 7016d3ce2328dd2cb1192b2076ebd565c4e8df0c diff --git a/vendor/github.com/containerd/containerd/container.go b/vendor/github.com/containerd/containerd/container.go index a893364c5..8384a481f 100644 --- a/vendor/github.com/containerd/containerd/container.go +++ b/vendor/github.com/containerd/containerd/container.go @@ -290,6 +290,7 @@ func (c *container) NewTask(ctx context.Context, ioCreate cio.Creator, opts ...N client: c.client, io: i, id: c.id, + c: c, } if info.Checkpoint != nil { request.Checkpoint = info.Checkpoint @@ -407,6 +408,7 @@ func (c *container) loadTask(ctx context.Context, ioAttach cio.Attach) (Task, er io: i, id: response.Process.ID, pid: response.Process.Pid, + c: c, } return t, nil } diff --git a/vendor/github.com/containerd/containerd/oci/spec_opts_unix.go b/vendor/github.com/containerd/containerd/oci/spec_opts_unix.go index bcabf0efb..972c11c8f 100644 --- a/vendor/github.com/containerd/containerd/oci/spec_opts_unix.go +++ b/vendor/github.com/containerd/containerd/oci/spec_opts_unix.go @@ -118,3 +118,10 @@ func deviceFromPath(path, permissions string) (*specs.LinuxDevice, error) { GID: &stat.Gid, }, nil } + +// WithCPUCFS sets the container's Completely fair scheduling (CFS) quota and period +func WithCPUCFS(quota int64, period uint64) SpecOpts { + return func(ctx context.Context, _ Client, c *containers.Container, s *Spec) error { + return nil + } +} diff --git a/vendor/github.com/containerd/containerd/remotes/docker/authorizer.go b/vendor/github.com/containerd/containerd/remotes/docker/authorizer.go index 59d989eff..001423a0d 100644 --- a/vendor/github.com/containerd/containerd/remotes/docker/authorizer.go +++ b/vendor/github.com/containerd/containerd/remotes/docker/authorizer.go @@ -273,7 +273,7 @@ func (ah *authHandler) doBearerAuth(ctx context.Context) (string, error) { // copy common tokenOptions to := ah.common - to.scopes = getTokenScopes(ctx, to.scopes) + to.scopes = GetTokenScopes(ctx, to.scopes) // Docs: https://docs.docker.com/registry/spec/auth/scope scoped := strings.Join(to.scopes, " ") diff --git a/vendor/github.com/containerd/containerd/remotes/docker/fetcher.go b/vendor/github.com/containerd/containerd/remotes/docker/fetcher.go index 55c01beaf..cd0168be5 100644 --- a/vendor/github.com/containerd/containerd/remotes/docker/fetcher.go +++ b/vendor/github.com/containerd/containerd/remotes/docker/fetcher.go @@ -98,6 +98,9 @@ func (r dockerFetcher) Fetch(ctx context.Context, desc ocispec.Descriptor) (io.R var firstErr error for _, host := range r.hosts { req := r.request(host, http.MethodGet, "manifests", desc.Digest.String()) + if err := req.addNamespace(r.refspec.Hostname()); err != nil { + return nil, err + } rc, err := r.open(ctx, req, desc.MediaType, offset) if err != nil { @@ -118,6 +121,9 @@ func (r dockerFetcher) Fetch(ctx context.Context, desc ocispec.Descriptor) (io.R var firstErr error for _, host := range r.hosts { req := r.request(host, http.MethodGet, "blobs", desc.Digest.String()) + if err := req.addNamespace(r.refspec.Hostname()); err != nil { + return nil, err + } rc, err := r.open(ctx, req, desc.MediaType, offset) if err != nil { diff --git a/vendor/github.com/containerd/containerd/remotes/docker/registry.go b/vendor/github.com/containerd/containerd/remotes/docker/registry.go index ffc939b40..7c231d928 100644 --- a/vendor/github.com/containerd/containerd/remotes/docker/registry.go +++ b/vendor/github.com/containerd/containerd/remotes/docker/registry.go @@ -73,6 +73,15 @@ type RegistryHost struct { Header http.Header } +func (h RegistryHost) isProxy(refhost string) bool { + if refhost != h.Host { + if refhost != "docker.io" || h.Host != "registry-1.docker.io" { + return true + } + } + return false +} + // RegistryHosts fetches the registry hosts for a given namespace, // provided by the host component of an distribution image reference. type RegistryHosts func(string) ([]RegistryHost, error) diff --git a/vendor/github.com/containerd/containerd/remotes/docker/resolver.go b/vendor/github.com/containerd/containerd/remotes/docker/resolver.go index 32b6abd90..53e42ecc5 100644 --- a/vendor/github.com/containerd/containerd/remotes/docker/resolver.go +++ b/vendor/github.com/containerd/containerd/remotes/docker/resolver.go @@ -22,6 +22,7 @@ import ( "io" "io/ioutil" "net/http" + "net/url" "path" "strings" @@ -276,6 +277,10 @@ func (r *dockerResolver) Resolve(ctx context.Context, ref string) (string, ocisp ctx := log.WithLogger(ctx, log.G(ctx).WithField("host", host.Host)) req := base.request(host, http.MethodHead, u...) + if err := req.addNamespace(base.refspec.Hostname()); err != nil { + return "", ocispec.Descriptor{}, err + } + for key, value := range r.resolveHeader { req.header[key] = append(req.header[key], value...) } @@ -323,6 +328,10 @@ func (r *dockerResolver) Resolve(ctx context.Context, ref string) (string, ocisp log.G(ctx).Debug("no Docker-Content-Digest header, fetching manifest instead") req = base.request(host, http.MethodGet, u...) + if err := req.addNamespace(base.refspec.Hostname()); err != nil { + return "", ocispec.Descriptor{}, err + } + for key, value := range r.resolveHeader { req.header[key] = append(req.header[key], value...) } @@ -416,10 +425,10 @@ func (r *dockerResolver) Pusher(ctx context.Context, ref string) (remotes.Pusher } type dockerBase struct { - refspec reference.Spec - namespace string - hosts []RegistryHost - header http.Header + refspec reference.Spec + repository string + hosts []RegistryHost + header http.Header } func (r *dockerResolver) base(refspec reference.Spec) (*dockerBase, error) { @@ -429,10 +438,10 @@ func (r *dockerResolver) base(refspec reference.Spec) (*dockerBase, error) { return nil, err } return &dockerBase{ - refspec: refspec, - namespace: strings.TrimPrefix(refspec.Locator, host+"/"), - hosts: hosts, - header: r.header, + refspec: refspec, + repository: strings.TrimPrefix(refspec.Locator, host+"/"), + hosts: hosts, + header: r.header, }, nil } @@ -453,7 +462,7 @@ func (r *dockerBase) request(host RegistryHost, method string, ps ...string) *re for key, value := range host.Header { header[key] = append(header[key], value...) } - parts := append([]string{"/", host.Path, r.namespace}, ps...) + parts := append([]string{"/", host.Path, r.repository}, ps...) p := path.Join(parts...) // Join strips trailing slash, re-add ending "/" if included if len(parts) > 0 && strings.HasSuffix(parts[len(parts)-1], "/") { @@ -478,6 +487,29 @@ func (r *request) authorize(ctx context.Context, req *http.Request) error { return nil } +func (r *request) addNamespace(ns string) (err error) { + if !r.host.isProxy(ns) { + return nil + } + var q url.Values + // Parse query + if i := strings.IndexByte(r.path, '?'); i > 0 { + r.path = r.path[:i+1] + q, err = url.ParseQuery(r.path[i+1:]) + if err != nil { + return + } + } else { + r.path = r.path + "?" + q = url.Values{} + } + q.Add("ns", ns) + + r.path = r.path + q.Encode() + + return +} + type request struct { method string path string diff --git a/vendor/github.com/containerd/containerd/remotes/docker/scope.go b/vendor/github.com/containerd/containerd/remotes/docker/scope.go index fa8401433..c8541c455 100644 --- a/vendor/github.com/containerd/containerd/remotes/docker/scope.go +++ b/vendor/github.com/containerd/containerd/remotes/docker/scope.go @@ -72,8 +72,8 @@ func contextWithAppendPullRepositoryScope(ctx context.Context, repo string) cont return WithScope(ctx, fmt.Sprintf("repository:%s:pull", repo)) } -// getTokenScopes returns deduplicated and sorted scopes from ctx.Value(tokenScopesKey{}) and common scopes. -func getTokenScopes(ctx context.Context, common []string) []string { +// GetTokenScopes returns deduplicated and sorted scopes from ctx.Value(tokenScopesKey{}) and common scopes. +func GetTokenScopes(ctx context.Context, common []string) []string { var scopes []string if x := ctx.Value(tokenScopesKey{}); x != nil { scopes = append(scopes, x.([]string)...) diff --git a/vendor/github.com/containerd/containerd/services/tasks/local.go b/vendor/github.com/containerd/containerd/services/tasks/local.go index c93421d1f..e33c30d98 100644 --- a/vendor/github.com/containerd/containerd/services/tasks/local.go +++ b/vendor/github.com/containerd/containerd/services/tasks/local.go @@ -184,6 +184,11 @@ func (l *local) Create(ctx context.Context, r *api.CreateTaskRequest, _ ...grpc. Options: m.Options, }) } + if strings.HasPrefix(container.Runtime.Name, "io.containerd.runtime.v1.") { + log.G(ctx).Warn("runtime v1 is deprecated since containerd v1.4, consider using runtime v2") + } else if container.Runtime.Name == plugin.RuntimeRuncV1 { + log.G(ctx).Warnf("%q is deprecated since containerd v1.4, consider using %q", plugin.RuntimeRuncV1, plugin.RuntimeRuncV2) + } rtime, err := l.getRuntime(container.Runtime.Name) if err != nil { return nil, err diff --git a/vendor/github.com/containerd/containerd/task.go b/vendor/github.com/containerd/containerd/task.go index a0c1dcd5b..ae966ffc4 100644 --- a/vendor/github.com/containerd/containerd/task.go +++ b/vendor/github.com/containerd/containerd/task.go @@ -35,6 +35,7 @@ import ( "github.com/containerd/containerd/errdefs" "github.com/containerd/containerd/images" "github.com/containerd/containerd/mount" + "github.com/containerd/containerd/oci" "github.com/containerd/containerd/plugin" "github.com/containerd/containerd/rootfs" "github.com/containerd/containerd/runtime/linux/runctypes" @@ -175,18 +176,26 @@ type Task interface { // For the built in Linux runtime, github.com/containerd/cgroups.Metrics // are returned in protobuf format Metrics(context.Context) (*types.Metric, error) + // Spec returns the current OCI specification for the task + Spec(context.Context) (*oci.Spec, error) } var _ = (Task)(&task{}) type task struct { client *Client + c Container io cio.IO id string pid uint32 } +// Spec returns the current OCI specification for the task +func (t *task) Spec(ctx context.Context) (*oci.Spec, error) { + return t.c.Spec(ctx) +} + // ID of the task func (t *task) ID() string { return t.id diff --git a/vendor/github.com/containerd/containerd/vendor.conf b/vendor/github.com/containerd/containerd/vendor.conf index d9eea905f..b2f332820 100644 --- a/vendor/github.com/containerd/containerd/vendor.conf +++ b/vendor/github.com/containerd/containerd/vendor.conf @@ -4,7 +4,7 @@ github.com/cespare/xxhash/v2 v2.1.1 github.com/containerd/btrfs 153935315f4ab9be5bf03650a1341454b05efa5d github.com/containerd/cgroups 318312a373405e5e91134d8063d04d59768a1bff github.com/containerd/console v1.0.0 -github.com/containerd/continuity d3ef23f19fbb106bb73ffde425d07a9187e30745 +github.com/containerd/continuity efbc4488d8fe1bdc16bde3b2d2990d9b3a899165 github.com/containerd/fifo f15a3290365b9d2627d189e619ab4008e0069caf github.com/containerd/go-runc 7016d3ce2328dd2cb1192b2076ebd565c4e8df0c github.com/containerd/ttrpc v1.0.1 @@ -31,7 +31,7 @@ github.com/Microsoft/go-winio v0.4.14 github.com/Microsoft/hcsshim v0.8.9 github.com/opencontainers/go-digest v1.0.0 github.com/opencontainers/image-spec v1.0.1 -github.com/opencontainers/runc v1.0.0-rc91 +github.com/opencontainers/runc 67169a9d43456ff0d5ae12b967acb8e366e2f181 # v1.0.0-rc91-48-g67169a9d github.com/opencontainers/runtime-spec 237cc4f519e2e8f9b235bacccfa8ef5a84df2875 # v1.0.3-0.20200520003142-237cc4f519e2 github.com/pkg/errors v0.9.1 github.com/prometheus/client_golang v1.6.0 @@ -57,7 +57,7 @@ gotest.tools/v3 v3.0.2 github.com/cilium/ebpf 1c8d4c9ef7759622653a1d319284a44652333b28 # cri dependencies -github.com/containerd/cri 8448b92d237e877bed1e4aa7a0baf0dee234dbcb # master +github.com/containerd/cri 8871d5cdf8102a7d5989c307f2a366946feb54ee # master github.com/davecgh/go-spew v1.1.1 github.com/docker/docker 4634ce647cf2ce2c6031129ccd109e557244986f github.com/docker/spdystream 449fdfce4d962303d702fec724ef0ad181c92528 @@ -68,7 +68,6 @@ github.com/json-iterator/go v1.1.9 github.com/modern-go/concurrent 1.0.3 github.com/modern-go/reflect2 v1.0.1 github.com/opencontainers/selinux v1.6.0 -github.com/seccomp/libseccomp-golang v0.9.1 github.com/tchap/go-patricia v2.2.6 github.com/willf/bitset d5bec3311243426a3c6d1b7a795f24b17c686dbb # 1.1.10+ used by selinux pkg golang.org/x/crypto bac4c82f69751a6dd76e702d54b3ceb88adab236 diff --git a/vendor/github.com/containerd/containerd/version/version.go b/vendor/github.com/containerd/containerd/version/version.go index 566ee1147..077ca2ffb 100644 --- a/vendor/github.com/containerd/containerd/version/version.go +++ b/vendor/github.com/containerd/containerd/version/version.go @@ -23,7 +23,7 @@ var ( Package = "github.com/containerd/containerd" // Version holds the complete version number. Filled in at linking time. - Version = "1.4.0-beta.2+unknown" + Version = "1.4.0-rc.0+unknown" // Revision is filled with the VCS (e.g. git) revision being used to build // the program at linking time.