vendor: containerd v1.4.0-rc.0

full diff: d184a0a343...v1.4.0-rc.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

vendor.conf

@@ -10,7 +10,7 @@ github.com/BurntSushi/toml                          v0.3.1
 github.com/cespare/xxhash/v2                        v2.1.1
 github.com/containerd/cgroups                       318312a373405e5e91134d8063d04d59768a1bff
 github.com/containerd/console                       v1.0.0
-github.com/containerd/containerd                    d184a0a3430dc4a17a47cce37fb36126ac0c699a
+github.com/containerd/containerd                    v1.4.0-rc.0
 github.com/containerd/continuity                    efbc4488d8fe1bdc16bde3b2d2990d9b3a899165
 github.com/containerd/fifo                          f15a3290365b9d2627d189e619ab4008e0069caf
 github.com/containerd/go-runc                       7016d3ce2328dd2cb1192b2076ebd565c4e8df0c

vendor/github.com/containerd/containerd/container.go

@@ -290,6 +290,7 @@ func (c *container) NewTask(ctx context.Context, ioCreate cio.Creator, opts ...N
 		client: c.client,
 		io:     i,
 		id:     c.id,
+		c:      c,
 	}
 	if info.Checkpoint != nil {
 		request.Checkpoint = info.Checkpoint
@@ -407,6 +408,7 @@ func (c *container) loadTask(ctx context.Context, ioAttach cio.Attach) (Task, er
 		io:     i,
 		id:     response.Process.ID,
 		pid:    response.Process.Pid,
+		c:      c,
 	}
 	return t, nil
 }

vendor/github.com/containerd/containerd/oci/spec_opts_unix.go

@@ -118,3 +118,10 @@ func deviceFromPath(path, permissions string) (*specs.LinuxDevice, error) {
 		GID:      &stat.Gid,
 	}, nil
 }
+
+// WithCPUCFS sets the container's Completely fair scheduling (CFS) quota and period
+func WithCPUCFS(quota int64, period uint64) SpecOpts {
+	return func(ctx context.Context, _ Client, c *containers.Container, s *Spec) error {
+		return nil
+	}
+}

vendor/github.com/containerd/containerd/remotes/docker/authorizer.go

@@ -273,7 +273,7 @@ func (ah *authHandler) doBearerAuth(ctx context.Context) (string, error) {
 	// copy common tokenOptions
 	to := ah.common
 
-	to.scopes = getTokenScopes(ctx, to.scopes)
+	to.scopes = GetTokenScopes(ctx, to.scopes)
 
 	// Docs: https://docs.docker.com/registry/spec/auth/scope
 	scoped := strings.Join(to.scopes, " ")

vendor/github.com/containerd/containerd/remotes/docker/fetcher.go

@@ -98,6 +98,9 @@ func (r dockerFetcher) Fetch(ctx context.Context, desc ocispec.Descriptor) (io.R
 			var firstErr error
 			for _, host := range r.hosts {
 				req := r.request(host, http.MethodGet, "manifests", desc.Digest.String())
+				if err := req.addNamespace(r.refspec.Hostname()); err != nil {
+					return nil, err
+				}
 
 				rc, err := r.open(ctx, req, desc.MediaType, offset)
 				if err != nil {
@@ -118,6 +121,9 @@ func (r dockerFetcher) Fetch(ctx context.Context, desc ocispec.Descriptor) (io.R
 		var firstErr error
 		for _, host := range r.hosts {
 			req := r.request(host, http.MethodGet, "blobs", desc.Digest.String())
+			if err := req.addNamespace(r.refspec.Hostname()); err != nil {
+				return nil, err
+			}
 
 			rc, err := r.open(ctx, req, desc.MediaType, offset)
 			if err != nil {

vendor/github.com/containerd/containerd/remotes/docker/registry.go

@@ -73,6 +73,15 @@ type RegistryHost struct {
 	Header       http.Header
 }
 
+func (h RegistryHost) isProxy(refhost string) bool {
+	if refhost != h.Host {
+		if refhost != "docker.io" || h.Host != "registry-1.docker.io" {
+			return true
+		}
+	}
+	return false
+}
+
 // RegistryHosts fetches the registry hosts for a given namespace,
 // provided by the host component of an distribution image reference.
 type RegistryHosts func(string) ([]RegistryHost, error)

vendor/github.com/containerd/containerd/remotes/docker/resolver.go

@@ -22,6 +22,7 @@ import (
 	"io"
 	"io/ioutil"
 	"net/http"
+	"net/url"
 	"path"
 	"strings"
 
@@ -276,6 +277,10 @@ func (r *dockerResolver) Resolve(ctx context.Context, ref string) (string, ocisp
 			ctx := log.WithLogger(ctx, log.G(ctx).WithField("host", host.Host))
 
 			req := base.request(host, http.MethodHead, u...)
+			if err := req.addNamespace(base.refspec.Hostname()); err != nil {
+				return "", ocispec.Descriptor{}, err
+			}
+
 			for key, value := range r.resolveHeader {
 				req.header[key] = append(req.header[key], value...)
 			}
@@ -323,6 +328,10 @@ func (r *dockerResolver) Resolve(ctx context.Context, ref string) (string, ocisp
 				log.G(ctx).Debug("no Docker-Content-Digest header, fetching manifest instead")
 
 				req = base.request(host, http.MethodGet, u...)
+				if err := req.addNamespace(base.refspec.Hostname()); err != nil {
+					return "", ocispec.Descriptor{}, err
+				}
+
 				for key, value := range r.resolveHeader {
 					req.header[key] = append(req.header[key], value...)
 				}
@@ -417,7 +426,7 @@ func (r *dockerResolver) Pusher(ctx context.Context, ref string) (remotes.Pusher
 
 type dockerBase struct {
 	refspec    reference.Spec
-	namespace string
+	repository string
 	hosts      []RegistryHost
 	header     http.Header
 }
@@ -430,7 +439,7 @@ func (r *dockerResolver) base(refspec reference.Spec) (*dockerBase, error) {
 	}
 	return &dockerBase{
 		refspec:    refspec,
-		namespace: strings.TrimPrefix(refspec.Locator, host+"/"),
+		repository: strings.TrimPrefix(refspec.Locator, host+"/"),
 		hosts:      hosts,
 		header:     r.header,
 	}, nil
@@ -453,7 +462,7 @@ func (r *dockerBase) request(host RegistryHost, method string, ps ...string) *re
 	for key, value := range host.Header {
 		header[key] = append(header[key], value...)
 	}
-	parts := append([]string{"/", host.Path, r.namespace}, ps...)
+	parts := append([]string{"/", host.Path, r.repository}, ps...)
 	p := path.Join(parts...)
 	// Join strips trailing slash, re-add ending "/" if included
 	if len(parts) > 0 && strings.HasSuffix(parts[len(parts)-1], "/") {
@@ -478,6 +487,29 @@ func (r *request) authorize(ctx context.Context, req *http.Request) error {
 	return nil
 }
 
+func (r *request) addNamespace(ns string) (err error) {
+	if !r.host.isProxy(ns) {
+		return nil
+	}
+	var q url.Values
+	// Parse query
+	if i := strings.IndexByte(r.path, '?'); i > 0 {
+		r.path = r.path[:i+1]
+		q, err = url.ParseQuery(r.path[i+1:])
+		if err != nil {
+			return
+		}
+	} else {
+		r.path = r.path + "?"
+		q = url.Values{}
+	}
+	q.Add("ns", ns)
+
+	r.path = r.path + q.Encode()
+
+	return
+}
+
 type request struct {
 	method string
 	path   string

vendor/github.com/containerd/containerd/remotes/docker/scope.go

@@ -72,8 +72,8 @@ func contextWithAppendPullRepositoryScope(ctx context.Context, repo string) cont
 	return WithScope(ctx, fmt.Sprintf("repository:%s:pull", repo))
 }
 
-// getTokenScopes returns deduplicated and sorted scopes from ctx.Value(tokenScopesKey{}) and common scopes.
+// GetTokenScopes returns deduplicated and sorted scopes from ctx.Value(tokenScopesKey{}) and common scopes.
-func getTokenScopes(ctx context.Context, common []string) []string {
+func GetTokenScopes(ctx context.Context, common []string) []string {
 	var scopes []string
 	if x := ctx.Value(tokenScopesKey{}); x != nil {
 		scopes = append(scopes, x.([]string)...)

vendor/github.com/containerd/containerd/services/tasks/local.go

@@ -184,6 +184,11 @@ func (l *local) Create(ctx context.Context, r *api.CreateTaskRequest, _ ...grpc.
 			Options: m.Options,
 		})
 	}
+	if strings.HasPrefix(container.Runtime.Name, "io.containerd.runtime.v1.") {
+		log.G(ctx).Warn("runtime v1 is deprecated since containerd v1.4, consider using runtime v2")
+	} else if container.Runtime.Name == plugin.RuntimeRuncV1 {
+		log.G(ctx).Warnf("%q is deprecated since containerd v1.4, consider using %q", plugin.RuntimeRuncV1, plugin.RuntimeRuncV2)
+	}
 	rtime, err := l.getRuntime(container.Runtime.Name)
 	if err != nil {
 		return nil, err

vendor/github.com/containerd/containerd/task.go

@@ -35,6 +35,7 @@ import (
 	"github.com/containerd/containerd/errdefs"
 	"github.com/containerd/containerd/images"
 	"github.com/containerd/containerd/mount"
+	"github.com/containerd/containerd/oci"
 	"github.com/containerd/containerd/plugin"
 	"github.com/containerd/containerd/rootfs"
 	"github.com/containerd/containerd/runtime/linux/runctypes"
@@ -175,18 +176,26 @@ type Task interface {
 	// For the built in Linux runtime, github.com/containerd/cgroups.Metrics
 	// are returned in protobuf format
 	Metrics(context.Context) (*types.Metric, error)
+	// Spec returns the current OCI specification for the task
+	Spec(context.Context) (*oci.Spec, error)
 }
 
 var _ = (Task)(&task{})
 
 type task struct {
 	client *Client
+	c      Container
 
 	io  cio.IO
 	id  string
 	pid uint32
 }
 
+// Spec returns the current OCI specification for the task
+func (t *task) Spec(ctx context.Context) (*oci.Spec, error) {
+	return t.c.Spec(ctx)
+}
+
 // ID of the task
 func (t *task) ID() string {
 	return t.id

vendor/github.com/containerd/containerd/vendor.conf

@@ -4,7 +4,7 @@ github.com/cespare/xxhash/v2                        v2.1.1
 github.com/containerd/btrfs                         153935315f4ab9be5bf03650a1341454b05efa5d
 github.com/containerd/cgroups                       318312a373405e5e91134d8063d04d59768a1bff
 github.com/containerd/console                       v1.0.0
-github.com/containerd/continuity                    d3ef23f19fbb106bb73ffde425d07a9187e30745
+github.com/containerd/continuity                    efbc4488d8fe1bdc16bde3b2d2990d9b3a899165
 github.com/containerd/fifo                          f15a3290365b9d2627d189e619ab4008e0069caf
 github.com/containerd/go-runc                       7016d3ce2328dd2cb1192b2076ebd565c4e8df0c
 github.com/containerd/ttrpc                         v1.0.1
@@ -31,7 +31,7 @@ github.com/Microsoft/go-winio                       v0.4.14
 github.com/Microsoft/hcsshim                        v0.8.9
 github.com/opencontainers/go-digest                 v1.0.0
 github.com/opencontainers/image-spec                v1.0.1
-github.com/opencontainers/runc                      v1.0.0-rc91
+github.com/opencontainers/runc                      67169a9d43456ff0d5ae12b967acb8e366e2f181 # v1.0.0-rc91-48-g67169a9d
 github.com/opencontainers/runtime-spec              237cc4f519e2e8f9b235bacccfa8ef5a84df2875 # v1.0.3-0.20200520003142-237cc4f519e2
 github.com/pkg/errors                               v0.9.1
 github.com/prometheus/client_golang                 v1.6.0
@@ -57,7 +57,7 @@ gotest.tools/v3                                     v3.0.2
 github.com/cilium/ebpf                              1c8d4c9ef7759622653a1d319284a44652333b28
 
 # cri dependencies
-github.com/containerd/cri                           8448b92d237e877bed1e4aa7a0baf0dee234dbcb # master
+github.com/containerd/cri                           8871d5cdf8102a7d5989c307f2a366946feb54ee # master
 github.com/davecgh/go-spew                          v1.1.1
 github.com/docker/docker                            4634ce647cf2ce2c6031129ccd109e557244986f
 github.com/docker/spdystream                        449fdfce4d962303d702fec724ef0ad181c92528
@@ -68,7 +68,6 @@ github.com/json-iterator/go                         v1.1.9
 github.com/modern-go/concurrent                     1.0.3
 github.com/modern-go/reflect2                       v1.0.1
 github.com/opencontainers/selinux                   v1.6.0
-github.com/seccomp/libseccomp-golang                v0.9.1
 github.com/tchap/go-patricia                        v2.2.6
 github.com/willf/bitset                             d5bec3311243426a3c6d1b7a795f24b17c686dbb # 1.1.10+ used by selinux pkg
 golang.org/x/crypto                                 bac4c82f69751a6dd76e702d54b3ceb88adab236

vendor/github.com/containerd/containerd/version/version.go

@@ -23,7 +23,7 @@ var (
 	Package = "github.com/containerd/containerd"
 
 	// Version holds the complete version number. Filled in at linking time.
-	Version = "1.4.0-beta.2+unknown"
+	Version = "1.4.0-rc.0+unknown"
 
 	// Revision is filled with the VCS (e.g. git) revision being used to build
 	// the program at linking time.