Update containerd to b382b6fe0b.

Signed-off-by: Lantao Liu <lantaol@google.com>

vendor.conf

@@ -3,13 +3,14 @@ github.com/blang/semver v3.1.0
 github.com/boltdb/bolt e9cf4fae01b5a8ff89d0ec6b32f0d9c9f79aefdd
 github.com/BurntSushi/toml a368813c5e648fee92e5f6c30e3944ff9d5e8895
 github.com/containerd/cgroups fe281dd265766145e943a034aa41086474ea6130
-github.com/containerd/console 9290d21dc56074581f619579c43d970b4514bc08
-github.com/containerd/containerd 84bebdd91d347c99069d1705b7d4e6d6f746160c
+github.com/containerd/console 5d1b48d6114b8c9666f0c8b916f871af97b0a761
+github.com/containerd/containerd b382b6fe0bdbf7604c0a4f5c2089c0b159ad58b2
 github.com/containerd/continuity d3c23511c1bf5851696cba83143d9cbcd666869b
 github.com/containerd/fifo 3d5202aec260678c48179c56f40e6f38a095738c
-github.com/containerd/go-cni 5882530828ecf62032409b298a3e8b19e08b6534 
+github.com/containerd/go-cni 5882530828ecf62032409b298a3e8b19e08b6534
 github.com/containerd/go-runc f271fa2021de855d4d918dbef83c5fe19db1bdd5
-github.com/containerd/typeurl f6943554a7e7e88b3c14aad190bf05932da84788
+github.com/containerd/ttrpc 94dde388801693c54f88a6596f713b51a8b30b2d
+github.com/containerd/typeurl a93fcdb778cd272c6e9b3028b2f42d813e785d40
 github.com/containernetworking/cni v0.6.0
 github.com/containernetworking/plugins v0.7.0
 github.com/coreos/go-systemd 48702e0da86bd25e76cfef347e2adeb434a0d0a6
@@ -35,8 +36,8 @@ github.com/json-iterator/go f2b4162afba35581b6d4a50d3b8f34e33c144682
 github.com/matttproud/golang_protobuf_extensions v1.0.0
 github.com/Microsoft/go-winio v0.4.7
 github.com/Microsoft/hcsshim v0.6.11
-github.com/modern-go/reflect2 05fbef0ca5da472bbf96c9322b84a53edc03c9fd
 github.com/modern-go/concurrent 1.0.3
+github.com/modern-go/reflect2 05fbef0ca5da472bbf96c9322b84a53edc03c9fd
 github.com/opencontainers/go-digest c9281466c8b2f606084ac71339773efd177436e7
 github.com/opencontainers/image-spec v1.0.1
 github.com/opencontainers/runc 69663f0bd4b60df09991c08812a60108003fa340
@@ -51,7 +52,6 @@ github.com/prometheus/common 89604d197083d4781071d3c65855d24ecfb0a563
 github.com/prometheus/procfs cb4147076ac75738c9a7d279075a253c0cc5acbd
 github.com/seccomp/libseccomp-golang 32f571b70023028bd57d9288c20efbcb237f3ce0
 github.com/sirupsen/logrus v1.0.0
-github.com/stevvooe/ttrpc d4528379866b0ce7e9d71f3eb96f0582fc374577
 github.com/stretchr/testify v1.1.4
 github.com/syndtr/gocapability db04d3cc01c8b54962a58ec7e491717d06cfcc16
 github.com/tchap/go-patricia 5ad6cdb7538b0097d5598c7e57f0a24072adf7dc

vendor/github.com/containerd/console/console_linux.go

@@ -262,10 +262,14 @@ func (ec *EpollConsole) Shutdown(close func(int) error) error {
 
 // signalRead signals that the console is readable.
 func (ec *EpollConsole) signalRead() {
+	ec.readc.L.Lock()
 	ec.readc.Signal()
+	ec.readc.L.Unlock()
 }
 
 // signalWrite signals that the console is writable.
 func (ec *EpollConsole) signalWrite() {
+	ec.writec.L.Lock()
 	ec.writec.Signal()
+	ec.writec.L.Unlock()
 }

vendor/github.com/containerd/containerd/cio/io.go

@@ -255,3 +255,14 @@ func (l *logIO) Wait() {
 func (l *logIO) Close() error {
 	return nil
 }
+
+// Load the io for a container but do not attach
+//
+// Allows io to be loaded on the task for deletion without
+// starting copy routines
+func Load(set *FIFOSet) (IO, error) {
+	return &cio{
+		config:  set.Config,
+		closers: []io.Closer{set},
+	}, nil
+}

vendor/github.com/containerd/containerd/cmd/containerd/command/main.go

@@ -88,6 +88,7 @@ func App() *cli.App {
 	app.Commands = []cli.Command{
 		configCommand,
 		publishCommand,
+		ociHook,
 	}
 	app.Action = func(context *cli.Context) error {
 		var (

vendor/github.com/containerd/containerd/cmd/containerd/command/oci-hook.go

@@ -0,0 +1,136 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package command
+
+import (
+	"bytes"
+	"encoding/json"
+	"io"
+	"os"
+	"path/filepath"
+	"syscall"
+	"text/template"
+
+	specs "github.com/opencontainers/runtime-spec/specs-go"
+	"github.com/urfave/cli"
+)
+
+var ociHook = cli.Command{
+	Name:  "oci-hook",
+	Usage: "provides a base for OCI runtime hooks to allow arguments to be injected.",
+	Action: func(context *cli.Context) error {
+		state, err := loadHookState(os.Stdin)
+		if err != nil {
+			return err
+		}
+		var (
+			ctx  = newTemplateContext(state)
+			args = []string(context.Args())
+			env  = os.Environ()
+		)
+		if err := newList(&args).render(ctx); err != nil {
+			return err
+		}
+		if err := newList(&env).render(ctx); err != nil {
+			return err
+		}
+		return syscall.Exec(args[0], args, env)
+	},
+}
+
+func loadHookState(r io.Reader) (*specs.State, error) {
+	var s specs.State
+	if err := json.NewDecoder(r).Decode(&s); err != nil {
+		return nil, err
+	}
+	return &s, nil
+}
+
+func newTemplateContext(state *specs.State) *templateContext {
+	t := &templateContext{
+		state: state,
+	}
+	t.funcs = template.FuncMap{
+		"id":         t.id,
+		"bundle":     t.bundle,
+		"rootfs":     t.rootfs,
+		"pid":        t.pid,
+		"annotation": t.annotation,
+		"status":     t.status,
+	}
+	return t
+}
+
+type templateContext struct {
+	state *specs.State
+	funcs template.FuncMap
+}
+
+func (t *templateContext) id() string {
+	return t.state.ID
+}
+
+func (t *templateContext) bundle() string {
+	return t.state.Bundle
+}
+
+func (t *templateContext) rootfs() string {
+	return filepath.Join(t.state.Bundle, "rootfs")
+}
+
+func (t *templateContext) pid() int {
+	return t.state.Pid
+}
+
+func (t *templateContext) annotation(k string) string {
+	return t.state.Annotations[k]
+}
+
+func (t *templateContext) status() string {
+	return t.state.Status
+}
+
+func render(ctx *templateContext, source string, out io.Writer) error {
+	t, err := template.New("oci-hook").Funcs(ctx.funcs).Parse(source)
+	if err != nil {
+		return err
+	}
+	return t.Execute(out, ctx)
+}
+
+func newList(l *[]string) *templateList {
+	return &templateList{
+		l: l,
+	}
+}
+
+type templateList struct {
+	l *[]string
+}
+
+func (l *templateList) render(ctx *templateContext) error {
+	buf := bytes.NewBuffer(nil)
+	for i, s := range *l.l {
+		buf.Reset()
+		if err := render(ctx, s, buf); err != nil {
+			return err
+		}
+		(*l.l)[i] = buf.String()
+	}
+	buf.Reset()
+	return nil
+}

vendor/github.com/containerd/containerd/cmd/ctr/commands/commands.go

@@ -21,6 +21,7 @@ import (
 	"fmt"
 	"os"
 	"path/filepath"
+	"runtime"
 	"strings"
 
 	"github.com/containerd/containerd"
@@ -63,6 +64,67 @@ var (
 			Usage: "refresh token for authorization server",
 		},
 	}
+
+	// ContainerFlags are cli flags specifying container options
+	ContainerFlags = []cli.Flag{
+		cli.StringFlag{
+			Name:  "config,c",
+			Usage: "path to the runtime-specific spec config file",
+		},
+		cli.StringFlag{
+			Name:  "checkpoint",
+			Usage: "provide the checkpoint digest to restore the container",
+		},
+		cli.StringFlag{
+			Name:  "cwd",
+			Usage: "specify the working directory of the process",
+		},
+		cli.StringSliceFlag{
+			Name:  "env",
+			Usage: "specify additional container environment variables (i.e. FOO=bar)",
+		},
+		cli.StringSliceFlag{
+			Name:  "label",
+			Usage: "specify additional labels (i.e. foo=bar)",
+		},
+		cli.StringSliceFlag{
+			Name:  "mount",
+			Usage: "specify additional container mount (ex: type=bind,src=/tmp,dst=/host,options=rbind:ro)",
+		},
+		cli.BoolFlag{
+			Name:  "net-host",
+			Usage: "enable host networking for the container",
+		},
+		cli.BoolFlag{
+			Name:  "privileged",
+			Usage: "run privileged container",
+		},
+		cli.BoolFlag{
+			Name:  "read-only",
+			Usage: "set the containers filesystem as readonly",
+		},
+		cli.StringFlag{
+			Name:  "runtime",
+			Usage: "runtime name (io.containerd.runtime.v1.linux, io.containerd.runtime.v1.windows, io.containerd.runtime.v1.com.vmware.linux)",
+			Value: fmt.Sprintf("io.containerd.runtime.v1.%s", runtime.GOOS),
+		},
+		cli.BoolFlag{
+			Name:  "tty,t",
+			Usage: "allocate a TTY for the container",
+		},
+		cli.StringSliceFlag{
+			Name:  "with-ns",
+			Usage: "specify existing Linux namespaces to join at container runtime (format '<nstype>:<path>')",
+		},
+		cli.StringFlag{
+			Name:  "pid-file",
+			Usage: "file path to write the task's pid",
+		},
+		cli.IntFlag{
+			Name:  "gpus",
+			Usage: "add gpus to the container",
+		},
+	}
 )
 
 // ObjectWithLabelArgs returns the first arg and a LabelArgs object

vendor/github.com/containerd/containerd/cmd/ctr/commands/commands_unix.go

@@ -0,0 +1,33 @@
+// +build !windows
+
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package commands
+
+import (
+	"github.com/urfave/cli"
+)
+
+func init() {
+	ContainerFlags = append(ContainerFlags, cli.BoolFlag{
+		Name:  "rootfs",
+		Usage: "use custom rootfs that is not managed by containerd snapshotter",
+	}, cli.BoolFlag{
+		Name:  "no-pivot",
+		Usage: "disable use of pivot-root (linux only)",
+	})
+}

vendor/github.com/containerd/containerd/cmd/ctr/commands/containers/containers.go

@@ -25,6 +25,7 @@ import (
 	"text/tabwriter"
 
 	"github.com/containerd/containerd"
+	"github.com/containerd/containerd/cio"
 	"github.com/containerd/containerd/cmd/ctr/commands"
 	"github.com/containerd/containerd/cmd/ctr/commands/run"
 	"github.com/containerd/containerd/log"
@@ -49,7 +50,7 @@ var createCommand = cli.Command{
 	Name:      "create",
 	Usage:     "create container",
 	ArgsUsage: "[flags] Image|RootFS CONTAINER",
-	Flags:     append(commands.SnapshotterFlags, run.ContainerFlags...),
+	Flags:     append(commands.SnapshotterFlags, commands.ContainerFlags...),
 	Action: func(context *cli.Context) error {
 		var (
 			id  = context.Args().Get(1)
@@ -162,7 +163,6 @@ var deleteCommand = cli.Command{
 				log.G(ctx).WithError(err).Errorf("failed to delete container %q", arg)
 			}
 		}
-
 		return exitErr
 	},
 }
@@ -172,7 +172,7 @@ func deleteContainer(ctx context.Context, client *containerd.Client, id string,
 	if err != nil {
 		return err
 	}
-	task, err := container.Task(ctx, nil)
+	task, err := container.Task(ctx, cio.Load)
 	if err != nil {
 		return container.Delete(ctx, opts...)
 	}

vendor/github.com/containerd/containerd/cmd/ctr/commands/plugins/plugins.go

@@ -37,6 +37,15 @@ var Command = cli.Command{
 	Name:    "plugins",
 	Aliases: []string{"plugin"},
 	Usage:   "provides information about containerd plugins",
+	Subcommands: []cli.Command{
+		listCommand,
+	},
+}
+
+var listCommand = cli.Command{
+	Name:    "list",
+	Aliases: []string{"ls"},
+	Usage:   "lists containerd plugins",
 	Flags: []cli.Flag{
 		cli.BoolFlag{
 			Name:  "quiet,q",

vendor/github.com/containerd/containerd/cmd/ctr/commands/run/run.go

@@ -22,7 +22,6 @@ import (
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
-	"runtime"
 	"strings"
 
 	"github.com/containerd/console"
@@ -38,63 +37,6 @@ import (
 	"github.com/urfave/cli"
 )
 
-// ContainerFlags are cli flags specifying container options
-var ContainerFlags = []cli.Flag{
-	cli.StringFlag{
-		Name:  "config,c",
-		Usage: "path to the runtime-specific spec config file",
-	},
-	cli.StringFlag{
-		Name:  "checkpoint",
-		Usage: "provide the checkpoint digest to restore the container",
-	},
-	cli.StringFlag{
-		Name:  "cwd",
-		Usage: "specify the working directory of the process",
-	},
-	cli.StringSliceFlag{
-		Name:  "env",
-		Usage: "specify additional container environment variables (i.e. FOO=bar)",
-	},
-	cli.StringSliceFlag{
-		Name:  "label",
-		Usage: "specify additional labels (i.e. foo=bar)",
-	},
-	cli.StringSliceFlag{
-		Name:  "mount",
-		Usage: "specify additional container mount (ex: type=bind,src=/tmp,dst=/host,options=rbind:ro)",
-	},
-	cli.BoolFlag{
-		Name:  "net-host",
-		Usage: "enable host networking for the container",
-	},
-	cli.BoolFlag{
-		Name:  "privileged",
-		Usage: "run privileged container",
-	},
-	cli.BoolFlag{
-		Name:  "read-only",
-		Usage: "set the containers filesystem as readonly",
-	},
-	cli.StringFlag{
-		Name:  "runtime",
-		Usage: "runtime name (io.containerd.runtime.v1.linux, io.containerd.runtime.v1.windows, io.containerd.runtime.v1.com.vmware.linux)",
-		Value: fmt.Sprintf("io.containerd.runtime.v1.%s", runtime.GOOS),
-	},
-	cli.BoolFlag{
-		Name:  "tty,t",
-		Usage: "allocate a TTY for the container",
-	},
-	cli.StringSliceFlag{
-		Name:  "with-ns",
-		Usage: "specify existing Linux namespaces to join at container runtime (format '<nstype>:<path>')",
-	},
-	cli.StringFlag{
-		Name:  "pid-file",
-		Usage: "file path to write the task's pid",
-	},
-}
-
 func loadSpec(path string, s *specs.Spec) error {
 	raw, err := ioutil.ReadFile(path)
 	if err != nil {
@@ -177,7 +119,7 @@ var Command = cli.Command{
 			Name:  "fifo-dir",
 			Usage: "directory used for storing IO FIFOs",
 		},
-	}, append(commands.SnapshotterFlags, ContainerFlags...)...),
+	}, append(commands.SnapshotterFlags, commands.ContainerFlags...)...),
 	Action: func(context *cli.Context) error {
 		var (
 			err error

vendor/github.com/containerd/containerd/cmd/ctr/commands/run/run_unix.go

@@ -24,22 +24,13 @@ import (
 
 	"github.com/containerd/containerd"
 	"github.com/containerd/containerd/cmd/ctr/commands"
+	"github.com/containerd/containerd/contrib/nvidia"
 	"github.com/containerd/containerd/oci"
 	specs "github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/pkg/errors"
 	"github.com/urfave/cli"
 )
 
-func init() {
-	ContainerFlags = append(ContainerFlags, cli.BoolFlag{
-		Name:  "rootfs",
-		Usage: "use custom rootfs that is not managed by containerd snapshotter",
-	}, cli.BoolFlag{
-		Name:  "no-pivot",
-		Usage: "disable use of pivot-root (linux only)",
-	})
-}
-
 // NewContainer creates a new container
 func NewContainer(ctx gocontext.Context, client *containerd.Client, context *cli.Context) (containerd.Container, error) {
 	var (
@@ -123,6 +114,9 @@ func NewContainer(ctx gocontext.Context, client *containerd.Client, context *cli
 			Path: parts[1],
 		}))
 	}
+	if context.IsSet("gpus") {
+		opts = append(opts, nvidia.WithGPUs(nvidia.WithDevices(context.Int("gpus")), nvidia.WithAllCapabilities))
+	}
 	if context.IsSet("config") {
 		var s specs.Spec
 		if err := loadSpec(context.String("config"), &s); err != nil {

vendor/github.com/containerd/containerd/cmd/ctr/commands/shim/shim.go

@@ -26,13 +26,13 @@ import (
 
 	"github.com/containerd/console"
 	"github.com/containerd/containerd/cmd/ctr/commands"
-	shim "github.com/containerd/containerd/runtime/linux/shim/v1"
+	shim "github.com/containerd/containerd/runtime/shim/v1"
+	"github.com/containerd/ttrpc"
 	"github.com/containerd/typeurl"
 	ptypes "github.com/gogo/protobuf/types"
 	"github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
-	"github.com/stevvooe/ttrpc"
 	"github.com/urfave/cli"
 )
 

vendor/github.com/containerd/containerd/cmd/ctr/commands/tasks/delete.go

@@ -18,6 +18,7 @@ package tasks
 
 import (
 	"github.com/containerd/containerd"
+	"github.com/containerd/containerd/cio"
 	"github.com/containerd/containerd/cmd/ctr/commands"
 	"github.com/urfave/cli"
 )
@@ -42,8 +43,7 @@ var deleteCommand = cli.Command{
 		if err != nil {
 			return err
 		}
-
-		task, err := container.Task(ctx, nil)
+		task, err := container.Task(ctx, cio.Load)
 		if err != nil {
 			return err
 		}

vendor/github.com/containerd/containerd/container.go

@@ -307,6 +307,12 @@ func (c *container) get(ctx context.Context) (containers.Container, error) {
 
 // get the existing fifo paths from the task information stored by the daemon
 func attachExistingIO(response *tasks.GetResponse, ioAttach cio.Attach) (cio.IO, error) {
+	fifoSet := loadFifos(response)
+	return ioAttach(fifoSet)
+}
+
+// loadFifos loads the containers fifos
+func loadFifos(response *tasks.GetResponse) *cio.FIFOSet {
 	path := getFifoDir([]string{
 		response.Process.Stdin,
 		response.Process.Stdout,
@@ -315,13 +321,12 @@ func attachExistingIO(response *tasks.GetResponse, ioAttach cio.Attach) (cio.IO,
 	closer := func() error {
 		return os.RemoveAll(path)
 	}
-	fifoSet := cio.NewFIFOSet(cio.Config{
+	return cio.NewFIFOSet(cio.Config{
 		Stdin:    response.Process.Stdin,
 		Stdout:   response.Process.Stdout,
 		Stderr:   response.Process.Stderr,
 		Terminal: response.Process.Terminal,
 	}, closer)
-	return ioAttach(fifoSet)
 }
 
 // getFifoDir looks for any non-empty path for a stdio fifo

vendor/github.com/containerd/containerd/contrib/nvidia/nvidia.go

@@ -0,0 +1,185 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package nvidia
+
+import (
+	"context"
+	"fmt"
+	"os"
+	"os/exec"
+	"strconv"
+	"strings"
+
+	"github.com/containerd/containerd/containers"
+	"github.com/containerd/containerd/oci"
+	specs "github.com/opencontainers/runtime-spec/specs-go"
+)
+
+const nvidiaCLI = "nvidia-container-cli"
+
+// Capability specifies capabilities for the gpu inside the container
+// Detailed explaination of options can be found:
+// https://github.com/nvidia/nvidia-container-runtime#supported-driver-capabilities
+type Capability int
+
+const (
+	// Compute capability
+	Compute Capability = iota + 1
+	// Compat32 capability
+	Compat32
+	// Graphics capability
+	Graphics
+	// Utility capability
+	Utility
+	// Video capability
+	Video
+	// Display capability
+	Display
+)
+
+// WithGPUs adds NVIDIA gpu support to a container
+func WithGPUs(opts ...Opts) oci.SpecOpts {
+	return func(_ context.Context, _ oci.Client, _ *containers.Container, s *specs.Spec) error {
+		c := &config{}
+		for _, o := range opts {
+			if err := o(c); err != nil {
+				return err
+			}
+		}
+		path, err := exec.LookPath("containerd")
+		if err != nil {
+			return err
+		}
+		nvidiaPath, err := exec.LookPath(nvidiaCLI)
+		if err != nil {
+			return err
+		}
+		if s.Hooks == nil {
+			s.Hooks = &specs.Hooks{}
+		}
+		s.Hooks.Prestart = append(s.Hooks.Prestart, specs.Hook{
+			Path: path,
+			Args: append([]string{
+				"containerd",
+				"oci-hook",
+				"--",
+				nvidiaPath,
+			}, c.args()...),
+			Env: os.Environ(),
+		})
+		return nil
+	}
+}
+
+type config struct {
+	Devices      []int
+	DeviceUUID   string
+	Capabilities []Capability
+	LoadKmods    bool
+	LDCache      string
+	LDConfig     string
+	Requirements []string
+}
+
+func (c *config) args() []string {
+	var args []string
+
+	if c.LoadKmods {
+		args = append(args, "--load-kmods")
+	}
+	if c.LDCache != "" {
+		args = append(args, fmt.Sprintf("--ldcache=%s", c.LDCache))
+	}
+	args = append(args,
+		"configure",
+	)
+	if len(c.Devices) > 0 {
+		args = append(args, fmt.Sprintf("--device=%s", strings.Join(toStrings(c.Devices), ",")))
+	}
+	if c.DeviceUUID != "" {
+		args = append(args, fmt.Sprintf("--device=%s", c.DeviceUUID))
+	}
+	for _, c := range c.Capabilities {
+		args = append(args, fmt.Sprintf("--%s", capFlags[c]))
+	}
+	if c.LDConfig != "" {
+		args = append(args, fmt.Sprintf("--ldconfig=%s", c.LDConfig))
+	}
+	for _, r := range c.Requirements {
+		args = append(args, fmt.Sprintf("--require=%s", r))
+	}
+	args = append(args, "--pid={{pid}}", "{{rootfs}}")
+	return args
+}
+
+var capFlags = map[Capability]string{
+	Compute:  "compute",
+	Compat32: "compat32",
+	Graphics: "graphics",
+	Utility:  "utility",
+	Video:    "video",
+	Display:  "display",
+}
+
+func toStrings(ints []int) []string {
+	var s []string
+	for _, i := range ints {
+		s = append(s, strconv.Itoa(i))
+	}
+	return s
+}
+
+// Opts are options for configuring gpu support
+type Opts func(*config) error
+
+// WithDevices adds the provided device indexes to the container
+func WithDevices(ids ...int) Opts {
+	return func(c *config) error {
+		c.Devices = ids
+		return nil
+	}
+}
+
+// WithDeviceUUID adds the specific device UUID to the container
+func WithDeviceUUID(guid string) Opts {
+	return func(c *config) error {
+		c.DeviceUUID = guid
+		return nil
+	}
+}
+
+// WithAllDevices adds all gpus to the container
+func WithAllDevices(c *config) error {
+	c.DeviceUUID = "all"
+	return nil
+}
+
+// WithAllCapabilities adds all capabilities to the container for the gpus
+func WithAllCapabilities(c *config) error {
+	for k := range capFlags {
+		c.Capabilities = append(c.Capabilities, k)
+	}
+	return nil
+}
+
+// WithRequiredCUDAVersion sets the required cuda version
+func WithRequiredCUDAVersion(major, minor int) Opts {
+	return func(c *config) error {
+		c.Requirements = append(c.Requirements, fmt.Sprintf("cuda>=%d.%d", major, minor))
+		return nil
+	}
+}

vendor/github.com/containerd/containerd/images/image.go

@@ -129,11 +129,14 @@ func (image *Image) Size(ctx context.Context, provider content.Provider, platfor
 // this direction because this abstraction is not needed.`
 func Manifest(ctx context.Context, provider content.Provider, image ocispec.Descriptor, platform string) (ocispec.Manifest, error) {
 	var (
-		matcher platforms.Matcher
-		m       *ocispec.Manifest
+		matcher  platforms.Matcher
+		m        *ocispec.Manifest
+		p        ocispec.Platform
+		wasIndex bool
 	)
 	if platform != "" {
-		p, err := platforms.Parse(platform)
+		var err error
+		p, err = platforms.Parse(platform)
 		if err != nil {
 			return ocispec.Manifest{}, err
 		}
@@ -201,6 +204,8 @@ func Manifest(ctx context.Context, provider content.Provider, image ocispec.Desc
 				}
 			}
 
+			wasIndex = true
+
 			return descs, nil
 
 		}
@@ -210,7 +215,11 @@ func Manifest(ctx context.Context, provider content.Provider, image ocispec.Desc
 	}
 
 	if m == nil {
-		return ocispec.Manifest{}, errors.Wrapf(errdefs.ErrNotFound, "manifest %v", image.Digest)
+		err := errors.Wrapf(errdefs.ErrNotFound, "manifest %v", image.Digest)
+		if wasIndex {
+			err = errors.Wrapf(errdefs.ErrNotFound, "no match for current platform %s in manifest %v", platforms.Format(p), image.Digest)
+		}
+		return ocispec.Manifest{}, err
 	}
 
 	return *m, nil

vendor/github.com/containerd/containerd/oci/spec_unix.go

@@ -153,7 +153,9 @@ func createDefaultSpec(ctx context.Context, id string) (*Spec, error) {
 		},
 		Linux: &specs.Linux{
 			MaskedPaths: []string{
+				"/proc/acpi",
 				"/proc/kcore",
+				"/proc/keys",
 				"/proc/latency_stats",
 				"/proc/timer_list",
 				"/proc/timer_stats",

vendor/github.com/containerd/containerd/platforms/database.go

@@ -89,18 +89,21 @@ func normalizeArch(arch, variant string) (string, string) {
 	case "x86_64", "x86-64":
 		arch = "amd64"
 		variant = ""
-	case "aarch64":
+	case "aarch64", "arm64":
 		arch = "arm64"
-		variant = "" // v8 is implied
+		switch variant {
+		case "8", "v8":
+			variant = ""
+		}
 	case "armhf":
 		arch = "arm"
-		variant = ""
+		variant = "v7"
 	case "armel":
 		arch = "arm"
 		variant = "v6"
 	case "arm":
 		switch variant {
-		case "v7", "7":
+		case "", "7":
 			variant = "v7"
 		case "5", "6", "8":
 			variant = "v" + variant

vendor/github.com/containerd/containerd/platforms/platforms.go

@@ -135,7 +135,7 @@ type Matcher interface {
 // Applications should opt to use `Match` over directly parsing specifiers.
 func NewMatcher(platform specs.Platform) Matcher {
 	return &matcher{
-		Platform: platform,
+		Platform: Normalize(platform),
 	}
 }
 
@@ -197,6 +197,9 @@ func Parse(specifier string) (specs.Platform, error) {
 		}
 
 		p.Architecture, p.Variant = normalizeArch(parts[0], "")
+		if p.Architecture == "arm" && p.Variant == "v7" {
+			p.Variant = ""
+		}
 		if isKnownArch(p.Architecture) {
 			p.OS = runtime.GOOS
 			return p, nil
@@ -208,12 +211,18 @@ func Parse(specifier string) (specs.Platform, error) {
 		// about whether or not we know of the platform.
 		p.OS = normalizeOS(parts[0])
 		p.Architecture, p.Variant = normalizeArch(parts[1], "")
+		if p.Architecture == "arm" && p.Variant == "v7" {
+			p.Variant = ""
+		}
 
 		return p, nil
 	case 3:
 		// we have a fully specified variant, this is rare
 		p.OS = normalizeOS(parts[0])
 		p.Architecture, p.Variant = normalizeArch(parts[1], parts[2])
+		if p.Architecture == "arm64" && p.Variant == "" {
+			p.Variant = "v8"
+		}
 
 		return p, nil
 	}

vendor/github.com/containerd/containerd/remotes/docker/pusher.go

@@ -155,9 +155,18 @@ func (p dockerPusher) Push(ctx context.Context, desc ocispec.Descriptor) (conten
 		location := resp.Header.Get("Location")
 		// Support paths without host in location
 		if strings.HasPrefix(location, "/") {
-			u := p.base
-			u.Path = location
-			location = u.String()
+			// Support location string containing path and query
+			qmIndex := strings.Index(location, "?")
+			if qmIndex > 0 {
+				u := p.base
+				u.Path = location[:qmIndex]
+				u.RawQuery = location[qmIndex+1:]
+				location = u.String()
+			} else {
+				u := p.base
+				u.Path = location
+				location = u.String()
+			}
 		}
 
 		req, err = http.NewRequest(http.MethodPut, location, nil)

vendor/github.com/containerd/containerd/remotes/docker/schema1/converter.go

@@ -257,15 +257,15 @@ func (c *Converter) fetchBlob(ctx context.Context, desc ocispec.Descriptor) erro
 	var (
 		ref  = remotes.MakeRefKey(ctx, desc)
 		calc = newBlobStateCalculator()
-		size = desc.Size
 	)
 
 	// size may be unknown, set to zero for content ingest
-	if size == -1 {
-		size = 0
+	ingestDesc := desc
+	if ingestDesc.Size == -1 {
+		ingestDesc.Size = 0
 	}
 
-	cw, err := content.OpenWriter(ctx, c.contentStore, content.WithRef(ref), content.WithDescriptor(desc))
+	cw, err := content.OpenWriter(ctx, c.contentStore, content.WithRef(ref), content.WithDescriptor(ingestDesc))
 	if err != nil {
 		if !errdefs.IsAlreadyExists(err) {
 			return err
@@ -317,7 +317,7 @@ func (c *Converter) fetchBlob(ctx context.Context, desc ocispec.Descriptor) erro
 		eg.Go(func() error {
 			defer pw.Close()
 
-			return content.Copy(ctx, cw, io.TeeReader(rc, pw), size, desc.Digest)
+			return content.Copy(ctx, cw, io.TeeReader(rc, pw), ingestDesc.Size, ingestDesc.Digest)
 		})
 
 		if err := eg.Wait(); err != nil {

vendor/github.com/containerd/containerd/runtime/linux/bundle.go

@@ -26,8 +26,8 @@ import (
 
 	"github.com/containerd/containerd/events/exchange"
 	"github.com/containerd/containerd/runtime/linux/runctypes"
-	"github.com/containerd/containerd/runtime/linux/shim"
-	"github.com/containerd/containerd/runtime/linux/shim/client"
+	"github.com/containerd/containerd/runtime/shim"
+	"github.com/containerd/containerd/runtime/shim/client"
 	"github.com/pkg/errors"
 )
 

vendor/github.com/containerd/containerd/runtime/linux/proc/deleted_state.go

@@ -22,6 +22,7 @@ import (
 	"context"
 
 	"github.com/containerd/console"
+	"github.com/containerd/containerd/runtime/proc"
 	google_protobuf "github.com/gogo/protobuf/types"
 	"github.com/pkg/errors"
 )
@@ -65,6 +66,6 @@ func (s *deletedState) SetExited(status int) {
 	// no op
 }
 
-func (s *deletedState) Exec(ctx context.Context, path string, r *ExecConfig) (Process, error) {
+func (s *deletedState) Exec(ctx context.Context, path string, r *ExecConfig) (proc.Process, error) {
 	return nil, errors.Errorf("cannot exec in a deleted state")
 }

vendor/github.com/containerd/containerd/runtime/linux/proc/exec.go

@@ -31,6 +31,7 @@ import (
 	"golang.org/x/sys/unix"
 
 	"github.com/containerd/console"
+	"github.com/containerd/containerd/runtime/proc"
 	"github.com/containerd/fifo"
 	runc "github.com/containerd/go-runc"
 	specs "github.com/opencontainers/runtime-spec/specs-go"
@@ -40,7 +41,7 @@ import (
 type execProcess struct {
 	wg sync.WaitGroup
 
-	State
+	proc.State
 
 	mu      sync.Mutex
 	id      string
@@ -51,7 +52,7 @@ type execProcess struct {
 	pid     int
 	closers []io.Closer
 	stdin   io.Closer
-	stdio   Stdio
+	stdio   proc.Stdio
 	path    string
 	spec    specs.Process
 
@@ -127,7 +128,7 @@ func (e *execProcess) Stdin() io.Closer {
 	return e.stdin
 }
 
-func (e *execProcess) Stdio() Stdio {
+func (e *execProcess) Stdio() proc.Stdio {
 	return e.stdio
 }
 

vendor/github.com/containerd/containerd/runtime/linux/proc/init.go

@@ -34,6 +34,7 @@ import (
 	"github.com/containerd/containerd/log"
 	"github.com/containerd/containerd/mount"
 	"github.com/containerd/containerd/runtime/linux/runctypes"
+	"github.com/containerd/containerd/runtime/proc"
 	"github.com/containerd/fifo"
 	runc "github.com/containerd/go-runc"
 	"github.com/containerd/typeurl"
@@ -63,7 +64,7 @@ type Init struct {
 	id       string
 	bundle   string
 	console  console.Console
-	platform Platform
+	platform proc.Platform
 	io       runc.IO
 	runtime  *runc.Runc
 	status   int
@@ -71,7 +72,7 @@ type Init struct {
 	pid      int
 	closers  []io.Closer
 	stdin    io.Closer
-	stdio    Stdio
+	stdio    proc.Stdio
 	rootfs   string
 	IoUID    int
 	IoGID    int
@@ -94,7 +95,7 @@ func NewRunc(root, path, namespace, runtime, criu string, systemd bool) *runc.Ru
 }
 
 // New returns a new init process
-func New(context context.Context, path, workDir, runtimeRoot, namespace, criu string, systemdCgroup bool, platform Platform, r *CreateConfig) (*Init, error) {
+func New(context context.Context, path, workDir, runtimeRoot, namespace, criu string, systemdCgroup bool, platform proc.Platform, r *CreateConfig) (*Init, error) {
 	var success bool
 
 	var options runctypes.CreateOptions
@@ -134,7 +135,7 @@ func New(context context.Context, path, workDir, runtimeRoot, namespace, criu st
 		bundle:   r.Bundle,
 		runtime:  runtime,
 		platform: platform,
-		stdio: Stdio{
+		stdio: proc.Stdio{
 			Stdin:    r.Stdin,
 			Stdout:   r.Stdout,
 			Stderr:   r.Stderr,
@@ -363,7 +364,7 @@ func (p *Init) Runtime() *runc.Runc {
 }
 
 // exec returns a new exec'd process
-func (p *Init) exec(context context.Context, path string, r *ExecConfig) (Process, error) {
+func (p *Init) exec(context context.Context, path string, r *ExecConfig) (proc.Process, error) {
 	// process exec request
 	var spec specs.Process
 	if err := json.Unmarshal(r.Spec.Value, &spec); err != nil {
@@ -376,7 +377,7 @@ func (p *Init) exec(context context.Context, path string, r *ExecConfig) (Proces
 		path:   path,
 		parent: p,
 		spec:   spec,
-		stdio: Stdio{
+		stdio: proc.Stdio{
 			Stdin:    r.Stdin,
 			Stdout:   r.Stdout,
 			Stderr:   r.Stderr,
@@ -430,7 +431,7 @@ func (p *Init) update(context context.Context, r *google_protobuf.Any) error {
 }
 
 // Stdio of the process
-func (p *Init) Stdio() Stdio {
+func (p *Init) Stdio() proc.Stdio {
 	return p.stdio
 }
 

vendor/github.com/containerd/containerd/runtime/linux/proc/init_state.go

@@ -25,6 +25,7 @@ import (
 
 	"github.com/containerd/console"
 	"github.com/containerd/containerd/errdefs"
+	"github.com/containerd/containerd/runtime/proc"
 	"github.com/containerd/fifo"
 	runc "github.com/containerd/go-runc"
 	google_protobuf "github.com/gogo/protobuf/types"
@@ -32,13 +33,13 @@ import (
 )
 
 type initState interface {
-	State
+	proc.State
 
 	Pause(context.Context) error
 	Resume(context.Context) error
 	Update(context.Context, *google_protobuf.Any) error
 	Checkpoint(context.Context, *CheckpointConfig) error
-	Exec(context.Context, string, *ExecConfig) (Process, error)
+	Exec(context.Context, string, *ExecConfig) (proc.Process, error)
 }
 
 type createdState struct {
@@ -130,7 +131,7 @@ func (s *createdState) SetExited(status int) {
 	}
 }
 
-func (s *createdState) Exec(ctx context.Context, path string, r *ExecConfig) (Process, error) {
+func (s *createdState) Exec(ctx context.Context, path string, r *ExecConfig) (proc.Process, error) {
 	s.p.mu.Lock()
 	defer s.p.mu.Unlock()
 	return s.p.exec(ctx, path, r)
@@ -272,7 +273,7 @@ func (s *createdCheckpointState) SetExited(status int) {
 	}
 }
 
-func (s *createdCheckpointState) Exec(ctx context.Context, path string, r *ExecConfig) (Process, error) {
+func (s *createdCheckpointState) Exec(ctx context.Context, path string, r *ExecConfig) (proc.Process, error) {
 	s.p.mu.Lock()
 	defer s.p.mu.Unlock()
 
@@ -364,7 +365,7 @@ func (s *runningState) SetExited(status int) {
 	}
 }
 
-func (s *runningState) Exec(ctx context.Context, path string, r *ExecConfig) (Process, error) {
+func (s *runningState) Exec(ctx context.Context, path string, r *ExecConfig) (proc.Process, error) {
 	s.p.mu.Lock()
 	defer s.p.mu.Unlock()
 	return s.p.exec(ctx, path, r)
@@ -456,7 +457,7 @@ func (s *pausedState) SetExited(status int) {
 	}
 }
 
-func (s *pausedState) Exec(ctx context.Context, path string, r *ExecConfig) (Process, error) {
+func (s *pausedState) Exec(ctx context.Context, path string, r *ExecConfig) (proc.Process, error) {
 	s.p.mu.Lock()
 	defer s.p.mu.Unlock()
 
@@ -536,7 +537,7 @@ func (s *stoppedState) SetExited(status int) {
 	// no op
 }
 
-func (s *stoppedState) Exec(ctx context.Context, path string, r *ExecConfig) (Process, error) {
+func (s *stoppedState) Exec(ctx context.Context, path string, r *ExecConfig) (proc.Process, error) {
 	s.p.mu.Lock()
 	defer s.p.mu.Unlock()
 

vendor/github.com/containerd/containerd/runtime/linux/proc/process.go

@@ -19,66 +19,12 @@
 package proc
 
 import (
-	"context"
-	"io"
-	"sync"
-	"time"
-
-	"github.com/containerd/console"
 	"github.com/pkg/errors"
 )
 
 // RuncRoot is the path to the root runc state directory
 const RuncRoot = "/run/containerd/runc"
 
-// Stdio of a process
-type Stdio struct {
-	Stdin    string
-	Stdout   string
-	Stderr   string
-	Terminal bool
-}
-
-// IsNull returns true if the stdio is not defined
-func (s Stdio) IsNull() bool {
-	return s.Stdin == "" && s.Stdout == "" && s.Stderr == ""
-}
-
-// Process on a linux system
-type Process interface {
-	State
-	// ID returns the id for the process
-	ID() string
-	// Pid returns the pid for the process
-	Pid() int
-	// ExitStatus returns the exit status
-	ExitStatus() int
-	// ExitedAt is the time the process exited
-	ExitedAt() time.Time
-	// Stdin returns the process STDIN
-	Stdin() io.Closer
-	// Stdio returns io information for the container
-	Stdio() Stdio
-	// Status returns the process status
-	Status(context.Context) (string, error)
-	// Wait blocks until the process has exited
-	Wait()
-}
-
-// State of a process
-type State interface {
-	// Resize resizes the process console
-	Resize(ws console.WinSize) error
-	// Start execution of the process
-	Start(context.Context) error
-	// Delete deletes the process and its resourcess
-	Delete(context.Context) error
-	// Kill kills the process
-	Kill(context.Context, uint32, bool) error
-	// SetExited sets the exit status for the process
-	SetExited(status int)
-}
-
 func stateName(v interface{}) string {
 	switch v.(type) {
 	case *runningState, *execRunningState:
@@ -94,12 +40,3 @@ func stateName(v interface{}) string {
 	}
 	panic(errors.Errorf("invalid state %v", v))
 }
-
-// Platform handles platform-specific behavior that may differs across
-// platform implementations
-type Platform interface {
-	CopyConsole(ctx context.Context, console console.Console, stdin, stdout, stderr string,
-		wg, cwg *sync.WaitGroup) (console.Console, error)
-	ShutdownConsole(ctx context.Context, console console.Console) error
-	Close() error
-}

vendor/github.com/containerd/containerd/runtime/linux/process.go

@@ -25,9 +25,9 @@ import (
 	"github.com/containerd/containerd/api/types/task"
 	"github.com/containerd/containerd/errdefs"
 	"github.com/containerd/containerd/runtime"
-	shim "github.com/containerd/containerd/runtime/linux/shim/v1"
+	shim "github.com/containerd/containerd/runtime/shim/v1"
+	"github.com/containerd/ttrpc"
 	"github.com/pkg/errors"
-	"github.com/stevvooe/ttrpc"
 )
 
 // Process implements a linux process

vendor/github.com/containerd/containerd/runtime/linux/runtime.go

@@ -42,7 +42,7 @@ import (
 	"github.com/containerd/containerd/runtime"
 	"github.com/containerd/containerd/runtime/linux/proc"
 	"github.com/containerd/containerd/runtime/linux/runctypes"
-	shim "github.com/containerd/containerd/runtime/linux/shim/v1"
+	shim "github.com/containerd/containerd/runtime/shim/v1"
 	runc "github.com/containerd/go-runc"
 	"github.com/containerd/typeurl"
 	ptypes "github.com/gogo/protobuf/types"

vendor/github.com/containerd/containerd/runtime/linux/task.go

@@ -29,12 +29,12 @@ import (
 	"github.com/containerd/containerd/events/exchange"
 	"github.com/containerd/containerd/identifiers"
 	"github.com/containerd/containerd/runtime"
-	"github.com/containerd/containerd/runtime/linux/shim/client"
-	shim "github.com/containerd/containerd/runtime/linux/shim/v1"
+	"github.com/containerd/containerd/runtime/shim/client"
+	shim "github.com/containerd/containerd/runtime/shim/v1"
 	runc "github.com/containerd/go-runc"
+	"github.com/containerd/ttrpc"
 	"github.com/gogo/protobuf/types"
 	"github.com/pkg/errors"
-	"github.com/stevvooe/ttrpc"
 )
 
 // Task on a linux based system

vendor/github.com/containerd/containerd/runtime/proc/proc.go

@@ -0,0 +1,83 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package proc
+
+import (
+	"context"
+	"io"
+	"sync"
+	"time"
+
+	"github.com/containerd/console"
+)
+
+// Stdio of a process
+type Stdio struct {
+	Stdin    string
+	Stdout   string
+	Stderr   string
+	Terminal bool
+}
+
+// IsNull returns true if the stdio is not defined
+func (s Stdio) IsNull() bool {
+	return s.Stdin == "" && s.Stdout == "" && s.Stderr == ""
+}
+
+// Process on a system
+type Process interface {
+	State
+	// ID returns the id for the process
+	ID() string
+	// Pid returns the pid for the process
+	Pid() int
+	// ExitStatus returns the exit status
+	ExitStatus() int
+	// ExitedAt is the time the process exited
+	ExitedAt() time.Time
+	// Stdin returns the process STDIN
+	Stdin() io.Closer
+	// Stdio returns io information for the container
+	Stdio() Stdio
+	// Status returns the process status
+	Status(context.Context) (string, error)
+	// Wait blocks until the process has exited
+	Wait()
+}
+
+// State of a process
+type State interface {
+	// Resize resizes the process console
+	Resize(ws console.WinSize) error
+	// Start execution of the process
+	Start(context.Context) error
+	// Delete deletes the process and its resourcess
+	Delete(context.Context) error
+	// Kill kills the process
+	Kill(context.Context, uint32, bool) error
+	// SetExited sets the exit status for the process
+	SetExited(status int)
+}
+
+// Platform handles platform-specific behavior that may differs across
+// platform implementations
+type Platform interface {
+	CopyConsole(ctx context.Context, console console.Console, stdin, stdout, stderr string,
+		wg, cwg *sync.WaitGroup) (console.Console, error)
+	ShutdownConsole(ctx context.Context, console console.Console) error
+	Close() error
+}

vendor/github.com/containerd/containerd/runtime/shim/client/client.go

@@ -31,14 +31,14 @@ import (
 
 	"golang.org/x/sys/unix"
 
+	"github.com/containerd/ttrpc"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
-	"github.com/stevvooe/ttrpc"
 
 	"github.com/containerd/containerd/events"
 	"github.com/containerd/containerd/log"
-	"github.com/containerd/containerd/runtime/linux/shim"
-	shimapi "github.com/containerd/containerd/runtime/linux/shim/v1"
+	"github.com/containerd/containerd/runtime/shim"
+	shimapi "github.com/containerd/containerd/runtime/shim/v1"
 	"github.com/containerd/containerd/sys"
 	ptypes "github.com/gogo/protobuf/types"
 )
@@ -136,6 +136,7 @@ func newCommand(binary, daemonAddress string, debug bool, config shim.Config, so
 	// will be mounted by the shim
 	cmd.SysProcAttr = getSysProcAttr()
 	cmd.ExtraFiles = append(cmd.ExtraFiles, socket)
+	cmd.Env = append(os.Environ(), "GOMAXPROCS=2")
 	if debug {
 		cmd.Stdout = os.Stdout
 		cmd.Stderr = os.Stderr

vendor/github.com/containerd/containerd/runtime/shim/local.go

@@ -23,7 +23,7 @@ import (
 	"path/filepath"
 
 	"github.com/containerd/containerd/mount"
-	shimapi "github.com/containerd/containerd/runtime/linux/shim/v1"
+	shimapi "github.com/containerd/containerd/runtime/shim/v1"
 	ptypes "github.com/gogo/protobuf/types"
 )
 

vendor/github.com/containerd/containerd/runtime/shim/service.go

@@ -34,7 +34,8 @@ import (
 	"github.com/containerd/containerd/runtime"
 	"github.com/containerd/containerd/runtime/linux/proc"
 	"github.com/containerd/containerd/runtime/linux/runctypes"
-	shimapi "github.com/containerd/containerd/runtime/linux/shim/v1"
+	rproc "github.com/containerd/containerd/runtime/proc"
+	shimapi "github.com/containerd/containerd/runtime/shim/v1"
 	runc "github.com/containerd/go-runc"
 	"github.com/containerd/typeurl"
 	ptypes "github.com/gogo/protobuf/types"
@@ -78,7 +79,7 @@ func NewService(config Config, publisher events.Publisher) (*Service, error) {
 	s := &Service{
 		config:    config,
 		context:   ctx,
-		processes: make(map[string]proc.Process),
+		processes: make(map[string]rproc.Process),
 		events:    make(chan interface{}, 128),
 		ec:        Default.Subscribe(),
 	}
@@ -96,9 +97,9 @@ type Service struct {
 
 	config    Config
 	context   context.Context
-	processes map[string]proc.Process
+	processes map[string]rproc.Process
 	events    chan interface{}
-	platform  proc.Platform
+	platform  rproc.Platform
 	ec        chan runc.Exit
 
 	// Filled by Create()

vendor/github.com/containerd/containerd/runtime/shim/v1/shim.pb.go

@@ -1,11 +1,11 @@
 // Code generated by protoc-gen-gogo. DO NOT EDIT.
-// source: github.com/containerd/containerd/runtime/linux/shim/v1/shim.proto
+// source: github.com/containerd/containerd/runtime/shim/v1/shim.proto
 
 /*
 	Package shim is a generated protocol buffer package.
 
 	It is generated from these files:
-		github.com/containerd/containerd/runtime/linux/shim/v1/shim.proto
+		github.com/containerd/containerd/runtime/shim/v1/shim.proto
 
 	It has these top-level messages:
 		CreateTaskRequest
@@ -50,7 +50,7 @@ import strings "strings"
 import reflect "reflect"
 
 import context "context"
-import ttrpc "github.com/stevvooe/ttrpc"
+import ttrpc "github.com/containerd/ttrpc"
 
 import io "io"
 
@@ -4352,80 +4352,80 @@ var (
 )
 
 func init() {
-	proto.RegisterFile("github.com/containerd/containerd/runtime/linux/shim/v1/shim.proto", fileDescriptorShim)
+	proto.RegisterFile("github.com/containerd/containerd/runtime/shim/v1/shim.proto", fileDescriptorShim)
 }
 
 var fileDescriptorShim = []byte{
 	// 1135 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x9c, 0x57, 0x4f, 0x4f, 0xdc, 0x46,
-	0x14, 0xc7, 0x66, 0xff, 0xbe, 0xcd, 0x52, 0x98, 0x12, 0xea, 0x6c, 0xa4, 0x65, 0x65, 0xa9, 0x11,
-	0x55, 0x15, 0xbb, 0x2c, 0x55, 0xd2, 0x36, 0x52, 0x24, 0x20, 0x51, 0x85, 0xda, 0x28, 0xc8, 0x40,
-	0x13, 0xb5, 0xaa, 0x90, 0x59, 0x0f, 0xbb, 0x23, 0x76, 0x6d, 0xc7, 0x33, 0xa6, 0xd0, 0x53, 0x4f,
-	0x3d, 0xf7, 0xe3, 0xf4, 0x23, 0x70, 0xc8, 0xa1, 0xc7, 0x9e, 0xd2, 0x86, 0x7b, 0xbf, 0x43, 0x35,
-	0x7f, 0x16, 0x7b, 0x77, 0x71, 0x6c, 0xb8, 0xb0, 0x7e, 0x33, 0xbf, 0x37, 0xf3, 0xe6, 0xfd, 0x7e,
-	0xf3, 0xde, 0x00, 0x9b, 0x7d, 0xc2, 0x06, 0xf1, 0x91, 0xd5, 0x0b, 0x46, 0x76, 0x2f, 0xf0, 0x99,
-	0x4b, 0x7c, 0x1c, 0x79, 0xe9, 0xcf, 0x28, 0xf6, 0x19, 0x19, 0x61, 0x7b, 0x48, 0xfc, 0xf8, 0xcc,
-	0xa6, 0x03, 0x32, 0xb2, 0x4f, 0xd7, 0xc5, 0xaf, 0x15, 0x46, 0x01, 0x0b, 0x50, 0x27, 0x01, 0x5b,
-	0x0a, 0x6c, 0x09, 0xb0, 0x25, 0x40, 0xa7, 0xeb, 0xad, 0x7b, 0xfd, 0x20, 0xe8, 0x0f, 0xb1, 0x2d,
-	0xf0, 0x47, 0xf1, 0xb1, 0xed, 0xfa, 0xe7, 0xd2, 0xb9, 0x75, 0x7f, 0x7a, 0x0a, 0x8f, 0x42, 0x36,
-	0x9e, 0x5c, 0xee, 0x07, 0xfd, 0x40, 0x7c, 0xda, 0xfc, 0x4b, 0x8d, 0xae, 0x4e, 0xbb, 0xf0, 0x1d,
-	0x29, 0x73, 0x47, 0xa1, 0x02, 0x3c, 0xca, 0x3d, 0x93, 0x1b, 0x12, 0x9b, 0x9d, 0x87, 0x98, 0xda,
-	0xa3, 0x20, 0xf6, 0x99, 0xf2, 0xfb, 0xe6, 0x06, 0x7e, 0xcc, 0xa5, 0x27, 0xe2, 0x8f, 0xf4, 0x35,
-	0xff, 0xd3, 0x61, 0x69, 0x3b, 0xc2, 0x2e, 0xc3, 0xfb, 0x2e, 0x3d, 0x71, 0xf0, 0x9b, 0x18, 0x53,
-	0x86, 0x56, 0x40, 0x27, 0x9e, 0xa1, 0x75, 0xb4, 0xb5, 0xfa, 0x56, 0xe5, 0xf2, 0xdd, 0xaa, 0xbe,
-	0xf3, 0xcc, 0xd1, 0x89, 0x87, 0x56, 0xa0, 0x72, 0x14, 0xfb, 0xde, 0x10, 0x1b, 0x3a, 0x9f, 0x73,
-	0x94, 0x85, 0x0c, 0xa8, 0xaa, 0x0c, 0x1a, 0xf3, 0x62, 0x62, 0x6c, 0x22, 0x1b, 0x2a, 0x51, 0x10,
-	0xb0, 0x63, 0x6a, 0x94, 0x3a, 0xf3, 0x6b, 0x8d, 0xee, 0x27, 0x56, 0x2a, 0xeb, 0x22, 0x24, 0xeb,
-	0x05, 0x3f, 0x8a, 0xa3, 0x60, 0xa8, 0x05, 0x35, 0x86, 0xa3, 0x11, 0xf1, 0xdd, 0xa1, 0x51, 0xee,
-	0x68, 0x6b, 0x35, 0xe7, 0xca, 0x46, 0xcb, 0x50, 0xa6, 0xcc, 0x23, 0xbe, 0x51, 0x11, 0x9b, 0x48,
-	0x83, 0x07, 0x45, 0x99, 0x17, 0xc4, 0xcc, 0xa8, 0xca, 0xa0, 0xa4, 0xa5, 0xc6, 0x71, 0x14, 0x19,
-	0xb5, 0xab, 0x71, 0x1c, 0x45, 0xa8, 0x0d, 0xd0, 0x1b, 0xe0, 0xde, 0x49, 0x18, 0x10, 0x9f, 0x19,
-	0x75, 0x31, 0x97, 0x1a, 0x41, 0x9f, 0xc3, 0x52, 0xe8, 0x46, 0xd8, 0x67, 0x87, 0x29, 0x18, 0x08,
-	0xd8, 0xa2, 0x9c, 0xd8, 0x4e, 0xc0, 0x16, 0x54, 0x83, 0x90, 0x91, 0xc0, 0xa7, 0x46, 0xa3, 0xa3,
-	0xad, 0x35, 0xba, 0xcb, 0x96, 0xa4, 0xd9, 0x1a, 0xd3, 0x6c, 0x6d, 0xfa, 0xe7, 0xce, 0x18, 0x64,
-	0x3e, 0x00, 0x94, 0x4e, 0x37, 0x0d, 0x03, 0x9f, 0x62, 0xb4, 0x08, 0xf3, 0xa1, 0x4a, 0x78, 0xd3,
-	0xe1, 0x9f, 0xe6, 0xef, 0x1a, 0x2c, 0x3c, 0xc3, 0x43, 0xcc, 0x70, 0x36, 0x08, 0xad, 0x42, 0x03,
-	0x9f, 0x11, 0x76, 0x48, 0x99, 0xcb, 0x62, 0x2a, 0x38, 0x69, 0x3a, 0xc0, 0x87, 0xf6, 0xc4, 0x08,
-	0xda, 0x84, 0x3a, 0xb7, 0xb0, 0x77, 0xe8, 0x32, 0xc1, 0x4c, 0xa3, 0xdb, 0x9a, 0x89, 0x6f, 0x7f,
-	0x2c, 0xc3, 0xad, 0xda, 0xc5, 0xbb, 0xd5, 0xb9, 0x3f, 0xfe, 0x59, 0xd5, 0x9c, 0x9a, 0x74, 0xdb,
-	0x64, 0xa6, 0x05, 0xcb, 0x32, 0x8e, 0xdd, 0x28, 0xe8, 0x61, 0x4a, 0x73, 0x24, 0x62, 0xfe, 0xa9,
-	0x01, 0x7a, 0x7e, 0x86, 0x7b, 0xc5, 0xe0, 0x13, 0x74, 0xeb, 0x59, 0x74, 0xcf, 0x5f, 0x4f, 0x77,
-	0x29, 0x83, 0xee, 0xf2, 0x04, 0xdd, 0x6b, 0x50, 0xa2, 0x21, 0xee, 0x09, 0xcd, 0x64, 0xd1, 0x23,
-	0x10, 0xe6, 0x5d, 0xf8, 0x78, 0x22, 0x72, 0x99, 0x77, 0xf3, 0x35, 0x2c, 0x3a, 0x98, 0x92, 0x5f,
-	0xf1, 0x2e, 0x3b, 0xcf, 0x3b, 0xce, 0x32, 0x94, 0x7f, 0x21, 0x1e, 0x1b, 0x28, 0x2e, 0xa4, 0xc1,
-	0x43, 0x1b, 0x60, 0xd2, 0x1f, 0x48, 0x0e, 0x9a, 0x8e, 0xb2, 0xcc, 0x07, 0x70, 0x87, 0x13, 0x85,
-	0xf3, 0x72, 0xfa, 0x56, 0x87, 0xa6, 0x02, 0x2a, 0x2d, 0xdc, 0xf4, 0x82, 0x2a, 0xed, 0xcc, 0x27,
-	0xda, 0xd9, 0xe0, 0xe9, 0x12, 0xb2, 0xe1, 0x69, 0x5c, 0xe8, 0xde, 0x4f, 0x5f, 0xcc, 0xd3, 0x75,
-	0x75, 0x37, 0xa5, 0x8e, 0x1c, 0x05, 0x4d, 0x18, 0x29, 0x5f, 0xcf, 0x48, 0x25, 0x83, 0x91, 0xea,
-	0x04, 0x23, 0x69, 0xce, 0x6b, 0x53, 0x9c, 0x4f, 0x49, 0xba, 0xfe, 0x61, 0x49, 0xc3, 0xad, 0x24,
-	0xfd, 0x12, 0x1a, 0xdf, 0x91, 0xe1, 0xb0, 0x40, 0xb1, 0xa3, 0xa4, 0x3f, 0x16, 0x66, 0xd3, 0x51,
-	0x16, 0xcf, 0xa5, 0x3b, 0x1c, 0x8a, 0x5c, 0xd6, 0x1c, 0xfe, 0x69, 0x3e, 0x85, 0x85, 0xed, 0x61,
-	0x40, 0xf1, 0xce, 0xcb, 0x02, 0xfa, 0x90, 0x09, 0x94, 0x5a, 0x97, 0x86, 0xf9, 0x19, 0x7c, 0xf4,
-	0x3d, 0xa1, 0x6c, 0x97, 0x78, 0xb9, 0xd7, 0xcb, 0x81, 0xc5, 0x04, 0xaa, 0xc4, 0xf0, 0x14, 0xea,
-	0xa1, 0xd4, 0x2c, 0xa6, 0x86, 0x26, 0xca, 0x6c, 0xe7, 0x5a, 0x36, 0x95, 0xb2, 0x77, 0xfc, 0xe3,
-	0xc0, 0x49, 0x5c, 0xcc, 0x9f, 0xe0, 0x6e, 0x52, 0xd1, 0xd2, 0x6d, 0x00, 0x41, 0x29, 0x74, 0xd9,
-	0x40, 0x86, 0xe1, 0x88, 0xef, 0x74, 0xc1, 0xd3, 0x8b, 0x14, 0xbc, 0x87, 0xb0, 0xb8, 0x37, 0x20,
-	0x23, 0xb1, 0xe7, 0x38, 0xe0, 0x7b, 0x50, 0xe3, 0x2d, 0xf6, 0x30, 0x29, 0x67, 0x55, 0x6e, 0xef,
-	0x12, 0xcf, 0xfc, 0x16, 0x96, 0x0e, 0x42, 0x6f, 0xaa, 0x1d, 0x75, 0xa1, 0x1e, 0x61, 0x1a, 0xc4,
-	0x51, 0x4f, 0x1c, 0x30, 0x7b, 0xd7, 0x04, 0xa6, 0xee, 0x56, 0xc4, 0xf2, 0x12, 0xfa, 0xb5, 0xb8,
-	0x5a, 0x1c, 0x97, 0x73, 0xb5, 0xd4, 0x15, 0xd2, 0x93, 0x1a, 0xfd, 0x29, 0x34, 0x5e, 0xb9, 0x24,
-	0x77, 0x87, 0x08, 0xee, 0x48, 0x98, 0xda, 0x60, 0x4a, 0xe2, 0xda, 0x87, 0x25, 0xae, 0xdf, 0x46,
-	0xe2, 0xdd, 0xb7, 0x0d, 0x28, 0xf1, 0xb4, 0xa3, 0x01, 0x94, 0x45, 0xe5, 0x40, 0x96, 0x95, 0xf7,
-	0xdc, 0xb1, 0xd2, 0xb5, 0xa8, 0x65, 0x17, 0xc6, 0xab, 0x63, 0x51, 0xa8, 0xc8, 0xce, 0x86, 0x36,
-	0xf2, 0x5d, 0x67, 0x9e, 0x1c, 0xad, 0x2f, 0x6f, 0xe6, 0xa4, 0x36, 0x95, 0xc7, 0x8b, 0x58, 0xc1,
-	0xe3, 0x5d, 0xc9, 0xa1, 0xe0, 0xf1, 0x52, 0xb2, 0x70, 0xa0, 0x22, 0xfb, 0x20, 0x5a, 0x99, 0xe1,
-	0xe2, 0x39, 0x7f, 0xfb, 0xb5, 0xbe, 0xc8, 0x5f, 0x72, 0xaa, 0xa3, 0x9f, 0x43, 0x73, 0xa2, 0xb7,
-	0xa2, 0x47, 0x45, 0x97, 0x98, 0xec, 0xae, 0xb7, 0xd8, 0xfa, 0x0d, 0xd4, 0xc6, 0x75, 0x04, 0xad,
-	0xe7, 0x7b, 0x4f, 0x95, 0xa7, 0x56, 0xf7, 0x26, 0x2e, 0x6a, 0xcb, 0xc7, 0x50, 0xde, 0x75, 0x63,
-	0x9a, 0x9d, 0xc0, 0x8c, 0x71, 0xf4, 0x15, 0x54, 0x1c, 0x4c, 0xe3, 0xd1, 0xcd, 0x3d, 0x7f, 0x06,
-	0x48, 0xbd, 0xd5, 0x1e, 0x17, 0x90, 0xd8, 0x75, 0x75, 0x30, 0x73, 0xf9, 0x17, 0x50, 0xe2, 0x8d,
-	0x04, 0x3d, 0xcc, 0x5f, 0x38, 0xd5, 0x70, 0x32, 0x97, 0xdb, 0x87, 0x12, 0x7f, 0x7f, 0xa0, 0x02,
-	0x57, 0x61, 0xf6, 0x85, 0x95, 0xb9, 0xea, 0x2b, 0xa8, 0x5f, 0x3d, 0x5f, 0x50, 0x01, 0xde, 0xa6,
-	0xdf, 0x3a, 0x99, 0x0b, 0xef, 0x41, 0x55, 0x75, 0x3d, 0x54, 0x40, 0x7f, 0x93, 0x0d, 0x32, 0x73,
-	0xd1, 0x1f, 0xa0, 0x36, 0x6e, 0x17, 0x99, 0x6c, 0x17, 0x38, 0xc4, 0x4c, 0xcb, 0x39, 0x80, 0x8a,
-	0xec, 0x2b, 0x45, 0xaa, 0xd3, 0x4c, 0x07, 0xca, 0x0c, 0x17, 0x43, 0x89, 0xd7, 0xf6, 0x22, 0x0a,
-	0x48, 0xb5, 0x8a, 0x96, 0x55, 0x14, 0x2e, 0xa3, 0xdf, 0x3a, 0xb8, 0x78, 0xdf, 0x9e, 0xfb, 0xfb,
-	0x7d, 0x7b, 0xee, 0xb7, 0xcb, 0xb6, 0x76, 0x71, 0xd9, 0xd6, 0xfe, 0xba, 0x6c, 0x6b, 0xff, 0x5e,
-	0xb6, 0xb5, 0x1f, 0x9f, 0xdc, 0xee, 0xff, 0xe0, 0x27, 0xfc, 0xf7, 0xb5, 0x7e, 0x54, 0x11, 0xe7,
-	0xd9, 0xf8, 0x3f, 0x00, 0x00, 0xff, 0xff, 0xfb, 0xc9, 0x30, 0x0d, 0x4f, 0x0f, 0x00, 0x00,
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x9c, 0x57, 0x4d, 0x6f, 0xdb, 0x46,
+	0x13, 0x36, 0x69, 0x7d, 0x8e, 0x22, 0xbf, 0xf6, 0xbe, 0x8e, 0xcb, 0x28, 0x80, 0x2c, 0x10, 0x68,
+	0xe0, 0xa2, 0x08, 0x55, 0xcb, 0x6d, 0xd2, 0x36, 0x40, 0x00, 0xdb, 0x09, 0x0a, 0xa3, 0x0d, 0x6c,
+	0xd0, 0x4e, 0x13, 0xb4, 0x28, 0x0c, 0x5a, 0x5c, 0x4b, 0x0b, 0x4b, 0x24, 0xc3, 0x5d, 0xba, 0x76,
+	0x4f, 0x3d, 0xf5, 0xdc, 0x9f, 0xd3, 0x9f, 0xe0, 0x43, 0x0e, 0x3d, 0xf6, 0x94, 0x36, 0xba, 0xf7,
+	0x3f, 0x14, 0xfb, 0x21, 0x93, 0x92, 0xcc, 0x90, 0xf2, 0xc5, 0xe2, 0xec, 0x3e, 0xb3, 0x3b, 0x3b,
+	0xcf, 0xb3, 0x33, 0x6b, 0x78, 0xd2, 0x23, 0xac, 0x1f, 0x9d, 0x58, 0x5d, 0x7f, 0xd8, 0xee, 0xfa,
+	0x1e, 0x73, 0x88, 0x87, 0x43, 0x37, 0xf9, 0x19, 0x46, 0x1e, 0x23, 0x43, 0xdc, 0xa6, 0x7d, 0x32,
+	0x6c, 0x9f, 0x6f, 0x8a, 0x5f, 0x2b, 0x08, 0x7d, 0xe6, 0xa3, 0x56, 0x0c, 0xb3, 0x14, 0xcc, 0x1a,
+	0x10, 0x2f, 0xba, 0xb0, 0x04, 0xe8, 0x7c, 0xb3, 0x71, 0xaf, 0xe7, 0xfb, 0xbd, 0x01, 0x6e, 0x0b,
+	0xfc, 0x49, 0x74, 0xda, 0x76, 0xbc, 0x4b, 0xe9, 0xdc, 0xb8, 0x3f, 0x3d, 0x85, 0x87, 0x01, 0x1b,
+	0x4f, 0xae, 0xf6, 0xfc, 0x9e, 0x2f, 0x3e, 0xdb, 0xfc, 0x4b, 0x8d, 0xae, 0x4f, 0xbb, 0xf0, 0x1d,
+	0x29, 0x73, 0x86, 0x81, 0x02, 0x3c, 0xca, 0x3c, 0x8d, 0x13, 0x90, 0x36, 0xbb, 0x0c, 0x30, 0x6d,
+	0x0f, 0xfd, 0xc8, 0x63, 0xca, 0xef, 0xeb, 0x39, 0xfc, 0x98, 0x43, 0xcf, 0xc4, 0x1f, 0xe9, 0x6b,
+	0xfe, 0xab, 0xc3, 0xca, 0x6e, 0x88, 0x1d, 0x86, 0x8f, 0x1c, 0x7a, 0x66, 0xe3, 0x37, 0x11, 0xa6,
+	0x0c, 0xad, 0x81, 0x4e, 0x5c, 0x43, 0x6b, 0x69, 0x1b, 0xd5, 0x9d, 0xd2, 0xe8, 0xdd, 0xba, 0xbe,
+	0xf7, 0xcc, 0xd6, 0x89, 0x8b, 0xd6, 0xa0, 0x74, 0x12, 0x79, 0xee, 0x00, 0x1b, 0x3a, 0x9f, 0xb3,
+	0x95, 0x85, 0x0c, 0x28, 0xab, 0x0c, 0x1a, 0x8b, 0x62, 0x62, 0x6c, 0xa2, 0x36, 0x94, 0x42, 0xdf,
+	0x67, 0xa7, 0xd4, 0x28, 0xb4, 0x16, 0x37, 0x6a, 0x9d, 0x8f, 0xac, 0x44, 0xd6, 0x45, 0x48, 0xd6,
+	0x0b, 0x7e, 0x14, 0x5b, 0xc1, 0x50, 0x03, 0x2a, 0x0c, 0x87, 0x43, 0xe2, 0x39, 0x03, 0xa3, 0xd8,
+	0xd2, 0x36, 0x2a, 0xf6, 0xb5, 0x8d, 0x56, 0xa1, 0x48, 0x99, 0x4b, 0x3c, 0xa3, 0x24, 0x36, 0x91,
+	0x06, 0x0f, 0x8a, 0x32, 0xd7, 0x8f, 0x98, 0x51, 0x96, 0x41, 0x49, 0x4b, 0x8d, 0xe3, 0x30, 0x34,
+	0x2a, 0xd7, 0xe3, 0x38, 0x0c, 0x51, 0x13, 0xa0, 0xdb, 0xc7, 0xdd, 0xb3, 0xc0, 0x27, 0x1e, 0x33,
+	0xaa, 0x62, 0x2e, 0x31, 0x82, 0x3e, 0x85, 0x95, 0xc0, 0x09, 0xb1, 0xc7, 0x8e, 0x13, 0x30, 0x10,
+	0xb0, 0x65, 0x39, 0xb1, 0x1b, 0x83, 0x2d, 0x28, 0xfb, 0x01, 0x23, 0xbe, 0x47, 0x8d, 0x5a, 0x4b,
+	0xdb, 0xa8, 0x75, 0x56, 0x2d, 0x49, 0xb3, 0x35, 0xa6, 0xd9, 0xda, 0xf6, 0x2e, 0xed, 0x31, 0xc8,
+	0x7c, 0x00, 0x28, 0x99, 0x6e, 0x1a, 0xf8, 0x1e, 0xc5, 0x68, 0x19, 0x16, 0x03, 0x95, 0xf0, 0xba,
+	0xcd, 0x3f, 0xcd, 0xdf, 0x34, 0x58, 0x7a, 0x86, 0x07, 0x98, 0xe1, 0x74, 0x10, 0x5a, 0x87, 0x1a,
+	0xbe, 0x20, 0xec, 0x98, 0x32, 0x87, 0x45, 0x54, 0x70, 0x52, 0xb7, 0x81, 0x0f, 0x1d, 0x8a, 0x11,
+	0xb4, 0x0d, 0x55, 0x6e, 0x61, 0xf7, 0xd8, 0x61, 0x82, 0x99, 0x5a, 0xa7, 0x31, 0x13, 0xdf, 0xd1,
+	0x58, 0x86, 0x3b, 0x95, 0xab, 0x77, 0xeb, 0x0b, 0xbf, 0xff, 0xbd, 0xae, 0xd9, 0x15, 0xe9, 0xb6,
+	0xcd, 0x4c, 0x0b, 0x56, 0x65, 0x1c, 0x07, 0xa1, 0xdf, 0xc5, 0x94, 0x66, 0x48, 0xc4, 0xfc, 0x43,
+	0x03, 0xf4, 0xfc, 0x02, 0x77, 0xf3, 0xc1, 0x27, 0xe8, 0xd6, 0xd3, 0xe8, 0x5e, 0xbc, 0x99, 0xee,
+	0x42, 0x0a, 0xdd, 0xc5, 0x09, 0xba, 0x37, 0xa0, 0x40, 0x03, 0xdc, 0x15, 0x9a, 0x49, 0xa3, 0x47,
+	0x20, 0xcc, 0xbb, 0xf0, 0xff, 0x89, 0xc8, 0x65, 0xde, 0xcd, 0xd7, 0xb0, 0x6c, 0x63, 0x4a, 0x7e,
+	0xc1, 0x07, 0xec, 0x32, 0xeb, 0x38, 0xab, 0x50, 0xfc, 0x99, 0xb8, 0xac, 0xaf, 0xb8, 0x90, 0x06,
+	0x0f, 0xad, 0x8f, 0x49, 0xaf, 0x2f, 0x39, 0xa8, 0xdb, 0xca, 0x32, 0x1f, 0xc0, 0x1d, 0x4e, 0x14,
+	0xce, 0xca, 0xe9, 0x5b, 0x1d, 0xea, 0x0a, 0xa8, 0xb4, 0x30, 0xef, 0x05, 0x55, 0xda, 0x59, 0x8c,
+	0xb5, 0xb3, 0xc5, 0xd3, 0x25, 0x64, 0xc3, 0xd3, 0xb8, 0xd4, 0xb9, 0x9f, 0xbc, 0x98, 0xe7, 0x9b,
+	0xea, 0x6e, 0x4a, 0x1d, 0xd9, 0x0a, 0x1a, 0x33, 0x52, 0xbc, 0x99, 0x91, 0x52, 0x0a, 0x23, 0xe5,
+	0x09, 0x46, 0x92, 0x9c, 0x57, 0xa6, 0x38, 0x9f, 0x92, 0x74, 0xf5, 0xc3, 0x92, 0x86, 0x5b, 0x49,
+	0x7a, 0x1f, 0x6a, 0xdf, 0x92, 0xc1, 0x20, 0x47, 0xb1, 0xa3, 0xa4, 0x37, 0x16, 0x66, 0xdd, 0x56,
+	0x16, 0xcf, 0xa5, 0x33, 0x18, 0x88, 0x5c, 0x56, 0x6c, 0xfe, 0x69, 0x3e, 0x85, 0xa5, 0xdd, 0x81,
+	0x4f, 0xf1, 0xde, 0x7e, 0x0e, 0x7d, 0xc8, 0x04, 0x4a, 0xad, 0x4b, 0xc3, 0xfc, 0x04, 0xfe, 0xf7,
+	0x1d, 0xa1, 0xec, 0x80, 0xb8, 0x99, 0xd7, 0xcb, 0x86, 0xe5, 0x18, 0xaa, 0xc4, 0xf0, 0x14, 0xaa,
+	0x81, 0xd4, 0x2c, 0xa6, 0x86, 0x26, 0xca, 0x6c, 0xeb, 0x46, 0x36, 0x95, 0xb2, 0xf7, 0xbc, 0x53,
+	0xdf, 0x8e, 0x5d, 0xcc, 0x1f, 0xe1, 0x6e, 0x5c, 0xd1, 0x92, 0x6d, 0x00, 0x41, 0x21, 0x70, 0x58,
+	0x5f, 0x86, 0x61, 0x8b, 0xef, 0x64, 0xc1, 0xd3, 0xf3, 0x14, 0xbc, 0x87, 0xb0, 0x7c, 0xd8, 0x27,
+	0x43, 0xb1, 0xe7, 0x38, 0xe0, 0x7b, 0x50, 0xe1, 0x2d, 0xf6, 0x38, 0x2e, 0x67, 0x65, 0x6e, 0x1f,
+	0x10, 0xd7, 0xfc, 0x06, 0x56, 0x5e, 0x06, 0xee, 0x54, 0x3b, 0xea, 0x40, 0x35, 0xc4, 0xd4, 0x8f,
+	0xc2, 0xae, 0x38, 0x60, 0xfa, 0xae, 0x31, 0x4c, 0xdd, 0xad, 0x90, 0x65, 0x25, 0xf4, 0x2b, 0x71,
+	0xb5, 0x38, 0x2e, 0xe3, 0x6a, 0xa9, 0x2b, 0xa4, 0xc7, 0x35, 0xfa, 0x63, 0xa8, 0xbd, 0x72, 0x48,
+	0xe6, 0x0e, 0x21, 0xdc, 0x91, 0x30, 0xb5, 0xc1, 0x94, 0xc4, 0xb5, 0x0f, 0x4b, 0x5c, 0xbf, 0x8d,
+	0xc4, 0x3b, 0x6f, 0x6b, 0x50, 0xe0, 0x69, 0x47, 0x7d, 0x28, 0x8a, 0xca, 0x81, 0x2c, 0x2b, 0xeb,
+	0xb9, 0x63, 0x25, 0x6b, 0x51, 0xa3, 0x9d, 0x1b, 0xaf, 0x8e, 0x45, 0xa1, 0x24, 0x3b, 0x1b, 0xda,
+	0xca, 0x76, 0x9d, 0x79, 0x72, 0x34, 0x3e, 0x9f, 0xcf, 0x49, 0x6d, 0x2a, 0x8f, 0x17, 0xb2, 0x9c,
+	0xc7, 0xbb, 0x96, 0x43, 0xce, 0xe3, 0x25, 0x64, 0x61, 0x43, 0x49, 0xf6, 0x41, 0xb4, 0x36, 0xc3,
+	0xc5, 0x73, 0xfe, 0xf6, 0x6b, 0x7c, 0x96, 0xbd, 0xe4, 0x54, 0x47, 0xbf, 0x84, 0xfa, 0x44, 0x6f,
+	0x45, 0x8f, 0xf2, 0x2e, 0x31, 0xd9, 0x5d, 0x6f, 0xb1, 0xf5, 0x1b, 0xa8, 0x8c, 0xeb, 0x08, 0xda,
+	0xcc, 0xf6, 0x9e, 0x2a, 0x4f, 0x8d, 0xce, 0x3c, 0x2e, 0x6a, 0xcb, 0xc7, 0x50, 0x3c, 0x70, 0x22,
+	0x9a, 0x9e, 0xc0, 0x94, 0x71, 0xf4, 0x25, 0x94, 0x6c, 0x4c, 0xa3, 0xe1, 0xfc, 0x9e, 0x3f, 0x01,
+	0x24, 0xde, 0x6a, 0x8f, 0x73, 0x48, 0xec, 0xa6, 0x3a, 0x98, 0xba, 0xfc, 0x0b, 0x28, 0xf0, 0x46,
+	0x82, 0x1e, 0x66, 0x2f, 0x9c, 0x68, 0x38, 0xa9, 0xcb, 0x1d, 0x41, 0x81, 0xbf, 0x3f, 0x50, 0x8e,
+	0xab, 0x30, 0xfb, 0xc2, 0x4a, 0x5d, 0xf5, 0x15, 0x54, 0xaf, 0x9f, 0x2f, 0x28, 0x07, 0x6f, 0xd3,
+	0x6f, 0x9d, 0xd4, 0x85, 0x0f, 0xa1, 0xac, 0xba, 0x1e, 0xca, 0xa1, 0xbf, 0xc9, 0x06, 0x99, 0xba,
+	0xe8, 0xf7, 0x50, 0x19, 0xb7, 0x8b, 0x54, 0xb6, 0x73, 0x1c, 0x62, 0xa6, 0xe5, 0xbc, 0x84, 0x92,
+	0xec, 0x2b, 0x79, 0xaa, 0xd3, 0x4c, 0x07, 0x4a, 0x0d, 0x17, 0x43, 0x81, 0xd7, 0xf6, 0x3c, 0x0a,
+	0x48, 0xb4, 0x8a, 0x86, 0x95, 0x17, 0x2e, 0xa3, 0xdf, 0xd9, 0xbf, 0x7a, 0xdf, 0x5c, 0xf8, 0xeb,
+	0x7d, 0x73, 0xe1, 0xd7, 0x51, 0x53, 0xbb, 0x1a, 0x35, 0xb5, 0x3f, 0x47, 0x4d, 0xed, 0x9f, 0x51,
+	0x53, 0xfb, 0xe1, 0x8b, 0x79, 0xff, 0x03, 0x7e, 0xc2, 0x7f, 0x5f, 0xeb, 0x27, 0x25, 0x71, 0x92,
+	0xad, 0xff, 0x02, 0x00, 0x00, 0xff, 0xff, 0x5b, 0x88, 0x3a, 0x56, 0x43, 0x0f, 0x00, 0x00,
 }

vendor/github.com/containerd/containerd/runtime/shim/v1/shim.proto

@@ -9,7 +9,7 @@ import "google/protobuf/timestamp.proto";
 import "github.com/containerd/containerd/api/types/mount.proto";
 import "github.com/containerd/containerd/api/types/task/task.proto";
 
-option go_package = "github.com/containerd/containerd/runtime/linux/shim/v1;shim";
+option go_package = "github.com/containerd/containerd/runtime/shim/v1;shim";
 
 // Shim service is launched for each container and is responsible for owning the IO
 // for the container and its additional processes.  The shim is also the parent of

vendor/github.com/containerd/containerd/vendor.conf

@@ -1,7 +1,7 @@
 github.com/containerd/go-runc f271fa2021de855d4d918dbef83c5fe19db1bdd5
-github.com/containerd/console cb7008ab3d8359b78c5f464cb7cf160107ad5925
+github.com/containerd/console 5d1b48d6114b8c9666f0c8b916f871af97b0a761
 github.com/containerd/cgroups fe281dd265766145e943a034aa41086474ea6130
-github.com/containerd/typeurl f6943554a7e7e88b3c14aad190bf05932da84788
+github.com/containerd/typeurl a93fcdb778cd272c6e9b3028b2f42d813e785d40
 github.com/containerd/fifo 3d5202aec260678c48179c56f40e6f38a095738c
 github.com/containerd/btrfs 2e1aa0ddf94f91fa282b6ed87c23bf0d64911244
 github.com/containerd/continuity d3c23511c1bf5851696cba83143d9cbcd666869b
@@ -22,7 +22,6 @@ github.com/golang/protobuf v1.1.0
 github.com/opencontainers/runtime-spec v1.0.1
 github.com/opencontainers/runc 69663f0bd4b60df09991c08812a60108003fa340
 github.com/sirupsen/logrus v1.0.0
-github.com/pmezard/go-difflib v1.0.0
 github.com/urfave/cli 7bc6a0acffa589f415f88aca16cc1de5ffd66f9c
 golang.org/x/net b3756b4b77d7b13260a0a2ec658753cf48922eac
 google.golang.org/grpc v1.12.0
@@ -38,14 +37,14 @@ github.com/Microsoft/hcsshim v0.6.11
 github.com/boltdb/bolt e9cf4fae01b5a8ff89d0ec6b32f0d9c9f79aefdd
 google.golang.org/genproto d80a6e20e776b0b17a324d0ba1ab50a39c8e8944
 golang.org/x/text 19e51611da83d6be54ddafce4a4af510cb3e9ea4
-github.com/stevvooe/ttrpc d4528379866b0ce7e9d71f3eb96f0582fc374577
+github.com/containerd/ttrpc 94dde388801693c54f88a6596f713b51a8b30b2d
 github.com/syndtr/gocapability db04d3cc01c8b54962a58ec7e491717d06cfcc16
-github.com/gotestyourself/gotestyourself 44dbf532bbf5767611f6f2a61bded572e337010a
+gotest.tools v2.1.0
 github.com/google/go-cmp v0.1.0
 
-# #2135: cri is temporarily forked because of circular dependency. will be fixed immediately in a follow-up PR.
-github.com/containerd/cri 6e975823be192ad19f2ce7afcf6c57b88a991c30 https://github.com/AkihiroSuda/cri-containerd.git
-github.com/containerd/go-cni f2d7272f12d045b16ed924f50e91f9f9cecc55a7
+# cri dependencies
+github.com/containerd/cri v1.11.0
+github.com/containerd/go-cni 5882530828ecf62032409b298a3e8b19e08b6534
 github.com/blang/semver v3.1.0
 github.com/containernetworking/cni v0.6.0
 github.com/containernetworking/plugins v0.7.0
@@ -59,22 +58,26 @@ github.com/golang/glog 44145f04b68cf362d9c4df2182967c2275eaefed
 github.com/google/gofuzz 44d81051d367757e1c7c6a5a86423ece9afcf63c
 github.com/hashicorp/errwrap 7554cd9344cec97297fa6649b055a8c98c2a1e55
 github.com/hashicorp/go-multierror ed905158d87462226a13fe39ddf685ea65f1c11f
-github.com/json-iterator/go 1.0.4
-github.com/opencontainers/runtime-tools 6073aff4ac61897f75895123f7e24135204a404d
+github.com/json-iterator/go f2b4162afba35581b6d4a50d3b8f34e33c144682
+github.com/modern-go/reflect2 05fbef0ca5da472bbf96c9322b84a53edc03c9fd
+github.com/modern-go/concurrent 1.0.3
+github.com/opencontainers/runtime-tools v0.6.0
 github.com/opencontainers/selinux 4a2974bf1ee960774ffd517717f1f45325af0206
 github.com/seccomp/libseccomp-golang 32f571b70023028bd57d9288c20efbcb237f3ce0
-github.com/spf13/pflag v1.0.0
 github.com/tchap/go-patricia 5ad6cdb7538b0097d5598c7e57f0a24072adf7dc
+github.com/xeipuuv/gojsonpointer 4e3ac2762d5f479393488629ee9370b50873b3a6
+github.com/xeipuuv/gojsonreference bd5ef7bd5415a7ac448318e64f11a24cd21e594b
+github.com/xeipuuv/gojsonschema 1d523034197ff1f222f6429836dd36a2457a1874
 golang.org/x/crypto 49796115aa4b964c318aad4f3084fdb41e9aa067
 golang.org/x/time f51c12702a4d776e4c1fa9b0fabab841babae631
 gopkg.in/inf.v0 3887ee99ecf07df5b447e9b00d9c0b2adaa9f3e4
 gopkg.in/yaml.v2 53feefa2559fb8dfa8d81baad31be332c97d6c77
-k8s.io/api 7e796de92438aede7cb5d6bcf6c10f4fa65db560
-k8s.io/apimachinery fcb9a12f7875d01f8390b28faedc37dcf2e713b9
-k8s.io/apiserver 4a8377c547bbff4576a35b5b5bf4026d9b5aa763
-k8s.io/client-go b9a0cf870f239c4a4ecfd3feb075a50e7cbe1473
-k8s.io/kubernetes v1.10.0
-k8s.io/utils 258e2a2fa64568210fbd6267cf1d8fd87c3cb86e
+k8s.io/api 9e5ffd1f1320950b238cfce291b926411f0af722
+k8s.io/apimachinery ed135c5b96450fd24e5e981c708114fbbd950697
+k8s.io/apiserver a90e3a95c2e91b944bfca8225c4e0d12e42a9eb5
+k8s.io/client-go 03bfb9bdcfe5482795b999f39ca3ed9ad42ce5bb
+k8s.io/kubernetes v1.11.0
+k8s.io/utils 733eca437aa39379e4bcc25e726439dfca40fcff
 
 # zfs dependencies
 github.com/containerd/zfs 9a0b8b8b5982014b729cd34eb7cd7a11062aa6ec

vendor/github.com/containerd/ttrpc/README.md

@@ -1,6 +1,6 @@
 # ttrpc
 
-[![Build Status](https://travis-ci.org/stevvooe/ttrpc.svg?branch=master)](https://travis-ci.org/stevvooe/ttrpc)
+[![Build Status](https://travis-ci.org/containerd/ttrpc.svg?branch=master)](https://travis-ci.org/containerd/ttrpc)
 
 GRPC for low-memory environments.
 
@@ -25,7 +25,7 @@ Create a gogo vanity binary (see
 [`cmd/protoc-gen-gogottrpc/main.go`](cmd/protoc-gen-gogottrpc/main.go) for an
 example with the ttrpc plugin enabled.
 
-It's recommended to use [`protobuild`](https://github.com/stevvooe/protobuild)
+It's recommended to use [`protobuild`](https://github.com//stevvooe/protobuild)
 to build the protobufs for this project, but this will work with protoc
 directly, if required.
 

vendor/github.com/containerd/ttrpc/channel.go

@@ -1,3 +1,19 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
 package ttrpc
 
 import (

vendor/github.com/containerd/ttrpc/client.go

@@ -1,3 +1,19 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
 package ttrpc
 
 import (
@@ -9,9 +25,9 @@ import (
 	"sync"
 	"syscall"
 
-	"github.com/containerd/containerd/log"
 	"github.com/gogo/protobuf/proto"
 	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
 	"google.golang.org/grpc/status"
 )
 
@@ -180,7 +196,7 @@ func (c *Client) run() {
 		case msg := <-incoming:
 			call, ok := waiters[msg.StreamID]
 			if !ok {
-				log.L.Errorf("ttrpc: received message for unknown channel %v", msg.StreamID)
+				logrus.Errorf("ttrpc: received message for unknown channel %v", msg.StreamID)
 				continue
 			}
 

vendor/github.com/containerd/ttrpc/codec.go

@@ -0,0 +1,42 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package ttrpc
+
+import (
+	"github.com/gogo/protobuf/proto"
+	"github.com/pkg/errors"
+)
+
+type codec struct{}
+
+func (c codec) Marshal(msg interface{}) ([]byte, error) {
+	switch v := msg.(type) {
+	case proto.Message:
+		return proto.Marshal(v)
+	default:
+		return nil, errors.Errorf("ttrpc: cannot marshal unknown type: %T", msg)
+	}
+}
+
+func (c codec) Unmarshal(p []byte, msg interface{}) error {
+	switch v := msg.(type) {
+	case proto.Message:
+		return proto.Unmarshal(p, v)
+	default:
+		return errors.Errorf("ttrpc: cannot unmarshal into unknown type: %T", msg)
+	}
+}

vendor/github.com/containerd/ttrpc/config.go

@@ -0,0 +1,39 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package ttrpc
+
+import "github.com/pkg/errors"
+
+type serverConfig struct {
+	handshaker Handshaker
+}
+
+type ServerOpt func(*serverConfig) error
+
+// WithServerHandshaker can be passed to NewServer to ensure that the
+// handshaker is called before every connection attempt.
+//
+// Only one handshaker is allowed per server.
+func WithServerHandshaker(handshaker Handshaker) ServerOpt {
+	return func(c *serverConfig) error {
+		if c.handshaker != nil {
+			return errors.New("only one handshaker allowed per server")
+		}
+		c.handshaker = handshaker
+		return nil
+	}
+}

vendor/github.com/containerd/ttrpc/handshake.go

@@ -1,3 +1,19 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
 package ttrpc
 
 import (

vendor/github.com/containerd/ttrpc/server.go

@@ -1,3 +1,19 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
 package ttrpc
 
 import (
@@ -9,8 +25,8 @@ import (
 	"sync/atomic"
 	"time"
 
-	"github.com/containerd/containerd/log"
 	"github.com/pkg/errors"
+	"github.com/sirupsen/logrus"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"
 )
@@ -51,12 +67,11 @@ func (s *Server) Register(name string, methods map[string]Method) {
 	s.services.register(name, methods)
 }
 
-func (s *Server) Serve(l net.Listener) error {
+func (s *Server) Serve(ctx context.Context, l net.Listener) error {
 	s.addListener(l)
 	defer s.closeListener(l)
 
 	var (
-		ctx        = context.Background()
 		backoff    time.Duration
 		handshaker = s.config.handshaker
 	)
@@ -88,7 +103,7 @@ func (s *Server) Serve(l net.Listener) error {
 				}
 
 				sleep := time.Duration(rand.Int63n(int64(backoff)))
-				log.L.WithError(err).Errorf("ttrpc: failed accept; backoff %v", sleep)
+				logrus.WithError(err).Errorf("ttrpc: failed accept; backoff %v", sleep)
 				time.Sleep(sleep)
 				continue
 			}
@@ -100,7 +115,7 @@ func (s *Server) Serve(l net.Listener) error {
 
 		approved, handshake, err := handshaker.Handshake(ctx, conn)
 		if err != nil {
-			log.L.WithError(err).Errorf("ttrpc: refusing connection after handshake")
+			logrus.WithError(err).Errorf("ttrpc: refusing connection after handshake")
 			conn.Close()
 			continue
 		}
@@ -416,12 +431,12 @@ func (c *serverConn) run(sctx context.Context) {
 		case response := <-responses:
 			p, err := c.server.codec.Marshal(response.resp)
 			if err != nil {
-				log.L.WithError(err).Error("failed marshaling response")
+				logrus.WithError(err).Error("failed marshaling response")
 				return
 			}
 
 			if err := ch.send(ctx, response.id, messageTypeResponse, p); err != nil {
-				log.L.WithError(err).Error("failed sending message on channel")
+				logrus.WithError(err).Error("failed sending message on channel")
 				return
 			}
 
@@ -432,7 +447,7 @@ func (c *serverConn) run(sctx context.Context) {
 			// requests due to a terminal error.
 			recvErr = nil // connection is now "closing"
 			if err != nil && err != io.EOF {
-				log.L.WithError(err).Error("error receiving message")
+				logrus.WithError(err).Error("error receiving message")
 			}
 		case <-shutdown:
 			return

vendor/github.com/containerd/ttrpc/services.go

@@ -1,3 +1,19 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
 package ttrpc
 
 import (

vendor/github.com/containerd/ttrpc/types.go

@@ -1,3 +1,19 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
 package ttrpc
 
 import (

vendor/github.com/containerd/ttrpc/unixcreds_linux.go

@@ -1,3 +1,19 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
 package ttrpc
 
 import (

vendor/github.com/containerd/typeurl/types.go

@@ -1,3 +1,19 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
 package typeurl
 
 import (

vendor/github.com/docker/docker/contrib/README.md

@@ -1,4 +0,0 @@
-The `contrib` directory contains scripts, images, and other helpful things
-which are not part of the core docker distribution. Please note that they
-could be out of date, since they do not receive the same attention as the
-rest of the repository.

vendor/github.com/docker/docker/contrib/nnp-test/nnp-test.c

@@ -1,10 +0,0 @@
-#include <stdio.h>
-#include <unistd.h>
-#include <sys/types.h>
-
-int main(int argc, char *argv[])
-{
-        printf("EUID=%d\n", geteuid());
-        return 0;
-}
-

vendor/github.com/docker/docker/contrib/syscall-test/acct.c

@@ -1,16 +0,0 @@
-#define _GNU_SOURCE
-#include <unistd.h>
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
-#include <errno.h>
-
-int main(int argc, char **argv)
-{
-	int err = acct("/tmp/t");
-	if (err == -1) {
-		fprintf(stderr, "acct failed: %s\n", strerror(errno));
-		exit(EXIT_FAILURE);
-	}
-	exit(EXIT_SUCCESS);
-}

vendor/github.com/docker/docker/contrib/syscall-test/exit32.s

@@ -1,7 +0,0 @@
-.globl _start
-.text
-_start:
-	xorl	%eax, %eax
-	incl	%eax
-	movb	$0, %bl
-	int	$0x80

vendor/github.com/docker/docker/contrib/syscall-test/ns.c

@@ -1,63 +0,0 @@
-#define _GNU_SOURCE
-#include <errno.h>
-#include <sched.h>
-#include <signal.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/mman.h>
-#include <sys/wait.h>
-#include <unistd.h>
-
-#define STACK_SIZE (1024 * 1024)	/* Stack size for cloned child */
-
-struct clone_args {
-	char **argv;
-};
-
-// child_exec is the func that will be executed as the result of clone
-static int child_exec(void *stuff)
-{
-	struct clone_args *args = (struct clone_args *)stuff;
-	if (execvp(args->argv[0], args->argv) != 0) {
-		fprintf(stderr, "failed to execvp arguments %s\n",
-			strerror(errno));
-		exit(-1);
-	}
-	// we should never reach here!
-	exit(EXIT_FAILURE);
-}
-
-int main(int argc, char **argv)
-{
-	struct clone_args args;
-	args.argv = &argv[1];
-
-	int clone_flags = CLONE_NEWNS | CLONE_NEWPID | SIGCHLD;
-
-	// allocate stack for child
-	char *stack;		/* Start of stack buffer */
-	char *child_stack;	/* End of stack buffer */
-	stack =
-	    mmap(NULL, STACK_SIZE, PROT_READ | PROT_WRITE,
-		 MAP_SHARED | MAP_ANON | MAP_STACK, -1, 0);
-	if (stack == MAP_FAILED) {
-		fprintf(stderr, "mmap failed: %s\n", strerror(errno));
-		exit(EXIT_FAILURE);
-	}
-	child_stack = stack + STACK_SIZE;	/* Assume stack grows downward */
-
-	// the result of this call is that our child_exec will be run in another
-	// process returning its pid
-	pid_t pid = clone(child_exec, child_stack, clone_flags, &args);
-	if (pid < 0) {
-		fprintf(stderr, "clone failed: %s\n", strerror(errno));
-		exit(EXIT_FAILURE);
-	}
-	// lets wait on our child process here before we, the parent, exits
-	if (waitpid(pid, NULL, 0) == -1) {
-		fprintf(stderr, "failed to wait pid %d\n", pid);
-		exit(EXIT_FAILURE);
-	}
-	exit(EXIT_SUCCESS);
-}

vendor/github.com/docker/docker/contrib/syscall-test/raw.c

@@ -1,14 +0,0 @@
-#include <stdio.h>
-#include <unistd.h>
-#include <sys/socket.h>
-#include <netinet/ip.h>
-#include <netinet/udp.h>
-
-int main() {
-	if (socket(PF_INET, SOCK_RAW, IPPROTO_UDP) == -1) {
-		perror("socket");
-		return 1;
-	}
-
-	return 0;
-}

vendor/github.com/docker/docker/contrib/syscall-test/setgid.c

@@ -1,11 +0,0 @@
-#include <sys/types.h>
-#include <unistd.h>
-#include <stdio.h>
-
-int main() {
-	if (setgid(1) == -1) {
-		perror("setgid");
-		return 1;
-	}
-	return 0;
-}

vendor/github.com/docker/docker/contrib/syscall-test/setuid.c

@@ -1,11 +0,0 @@
-#include <sys/types.h>
-#include <unistd.h>
-#include <stdio.h>
-
-int main() {
-	if (setuid(1) == -1) {
-		perror("setuid");
-		return 1;
-	}
-	return 0;
-}

vendor/github.com/docker/docker/contrib/syscall-test/socket.c

@@ -1,30 +0,0 @@
-#include <stdio.h>
-#include <unistd.h>
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-#include <arpa/inet.h>
-
-int main() {
-	int s;
-	struct sockaddr_in sin;
-
-	s = socket(AF_INET, SOCK_STREAM, 0);
-	if (s == -1) {
-		perror("socket");
-		return 1;
-	}
-
-	sin.sin_family = AF_INET;
-	sin.sin_addr.s_addr = INADDR_ANY;
-	sin.sin_port = htons(80);
-
-	if (bind(s, (struct sockaddr *)&sin, sizeof(sin)) == -1) {
-		perror("bind");
-		return 1;
-	}
-
-	close(s);
-
-	return 0;
-}

vendor/github.com/docker/docker/contrib/syscall-test/userns.c

@@ -1,63 +0,0 @@
-#define _GNU_SOURCE
-#include <errno.h>
-#include <sched.h>
-#include <signal.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/mman.h>
-#include <sys/wait.h>
-#include <unistd.h>
-
-#define STACK_SIZE (1024 * 1024)	/* Stack size for cloned child */
-
-struct clone_args {
-	char **argv;
-};
-
-// child_exec is the func that will be executed as the result of clone
-static int child_exec(void *stuff)
-{
-	struct clone_args *args = (struct clone_args *)stuff;
-	if (execvp(args->argv[0], args->argv) != 0) {
-		fprintf(stderr, "failed to execvp arguments %s\n",
-			strerror(errno));
-		exit(-1);
-	}
-	// we should never reach here!
-	exit(EXIT_FAILURE);
-}
-
-int main(int argc, char **argv)
-{
-	struct clone_args args;
-	args.argv = &argv[1];
-
-	int clone_flags = CLONE_NEWUSER | SIGCHLD;
-
-	// allocate stack for child
-	char *stack;		/* Start of stack buffer */
-	char *child_stack;	/* End of stack buffer */
-	stack =
-	    mmap(NULL, STACK_SIZE, PROT_READ | PROT_WRITE,
-		 MAP_SHARED | MAP_ANON | MAP_STACK, -1, 0);
-	if (stack == MAP_FAILED) {
-		fprintf(stderr, "mmap failed: %s\n", strerror(errno));
-		exit(EXIT_FAILURE);
-	}
-	child_stack = stack + STACK_SIZE;	/* Assume stack grows downward */
-
-	// the result of this call is that our child_exec will be run in another
-	// process returning its pid
-	pid_t pid = clone(child_exec, child_stack, clone_flags, &args);
-	if (pid < 0) {
-		fprintf(stderr, "clone failed: %s\n", strerror(errno));
-		exit(EXIT_FAILURE);
-	}
-	// lets wait on our child process here before we, the parent, exits
-	if (waitpid(pid, NULL, 0) == -1) {
-		fprintf(stderr, "failed to wait pid %d\n", pid);
-		exit(EXIT_FAILURE);
-	}
-	exit(EXIT_SUCCESS);
-}

vendor/github.com/stevvooe/ttrpc/codec.go

@@ -1,26 +0,0 @@
-package ttrpc
-
-import (
-	"github.com/gogo/protobuf/proto"
-	"github.com/pkg/errors"
-)
-
-type codec struct{}
-
-func (c codec) Marshal(msg interface{}) ([]byte, error) {
-	switch v := msg.(type) {
-	case proto.Message:
-		return proto.Marshal(v)
-	default:
-		return nil, errors.Errorf("ttrpc: cannot marshal unknown type: %T", msg)
-	}
-}
-
-func (c codec) Unmarshal(p []byte, msg interface{}) error {
-	switch v := msg.(type) {
-	case proto.Message:
-		return proto.Unmarshal(p, v)
-	default:
-		return errors.Errorf("ttrpc: cannot unmarshal into unknown type: %T", msg)
-	}
-}

vendor/github.com/stevvooe/ttrpc/config.go

@@ -1,23 +0,0 @@
-package ttrpc
-
-import "github.com/pkg/errors"
-
-type serverConfig struct {
-	handshaker Handshaker
-}
-
-type ServerOpt func(*serverConfig) error
-
-// WithServerHandshaker can be passed to NewServer to ensure that the
-// handshaker is called before every connection attempt.
-//
-// Only one handshaker is allowed per server.
-func WithServerHandshaker(handshaker Handshaker) ServerOpt {
-	return func(c *serverConfig) error {
-		if c.handshaker != nil {
-			return errors.New("only one handshaker allowed per server")
-		}
-		c.handshaker = handshaker
-		return nil
-	}
-}

vendor/golang.org/x/crypto/otr/libotr_test_helper.c

@@ -1,197 +0,0 @@
-// Copyright 2012 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// This code can be compiled and used to test the otr package against libotr.
-// See otr_test.go.
-
-// +build ignore
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <unistd.h>
-
-#include <proto.h>
-#include <message.h>
-#include <privkey.h>
-
-static int g_session_established = 0;
-
-OtrlPolicy policy(void *opdata, ConnContext *context) {
-  return OTRL_POLICY_ALWAYS;
-}
-
-int is_logged_in(void *opdata, const char *accountname, const char *protocol,
-                 const char *recipient) {
-  return 1;
-}
-
-void inject_message(void *opdata, const char *accountname, const char *protocol,
-                    const char *recipient, const char *message) {
-  printf("%s\n", message);
-  fflush(stdout);
-  fprintf(stderr, "libotr helper sent: %s\n", message);
-}
-
-void update_context_list(void *opdata) {}
-
-void new_fingerprint(void *opdata, OtrlUserState us, const char *accountname,
-                     const char *protocol, const char *username,
-                     unsigned char fingerprint[20]) {
-  fprintf(stderr, "NEW FINGERPRINT\n");
-  g_session_established = 1;
-}
-
-void write_fingerprints(void *opdata) {}
-
-void gone_secure(void *opdata, ConnContext *context) {}
-
-void gone_insecure(void *opdata, ConnContext *context) {}
-
-void still_secure(void *opdata, ConnContext *context, int is_reply) {}
-
-int max_message_size(void *opdata, ConnContext *context) { return 99999; }
-
-const char *account_name(void *opdata, const char *account,
-                         const char *protocol) {
-  return "ACCOUNT";
-}
-
-void account_name_free(void *opdata, const char *account_name) {}
-
-const char *error_message(void *opdata, ConnContext *context,
-                          OtrlErrorCode err_code) {
-  return "ERR";
-}
-
-void error_message_free(void *opdata, const char *msg) {}
-
-void resent_msg_prefix_free(void *opdata, const char *prefix) {}
-
-void handle_smp_event(void *opdata, OtrlSMPEvent smp_event,
-                      ConnContext *context, unsigned short progress_event,
-                      char *question) {}
-
-void handle_msg_event(void *opdata, OtrlMessageEvent msg_event,
-                      ConnContext *context, const char *message,
-                      gcry_error_t err) {
-  fprintf(stderr, "msg event: %d %s\n", msg_event, message);
-}
-
-OtrlMessageAppOps uiops = {
-    policy,
-    NULL,
-    is_logged_in,
-    inject_message,
-    update_context_list,
-    new_fingerprint,
-    write_fingerprints,
-    gone_secure,
-    gone_insecure,
-    still_secure,
-    max_message_size,
-    account_name,
-    account_name_free,
-    NULL, /* received_symkey */
-    error_message,
-    error_message_free,
-    NULL, /* resent_msg_prefix */
-    resent_msg_prefix_free,
-    handle_smp_event,
-    handle_msg_event,
-    NULL /* create_instag */,
-    NULL /* convert_msg */,
-    NULL /* convert_free */,
-    NULL /* timer_control */,
-};
-
-static const char kPrivateKeyData[] =
-    "(privkeys (account (name \"account\") (protocol proto) (private-key (dsa "
-    "(p "
-    "#00FC07ABCF0DC916AFF6E9AE47BEF60C7AB9B4D6B2469E436630E36F8A489BE812486A09F"
-    "30B71224508654940A835301ACC525A4FF133FC152CC53DCC59D65C30A54F1993FE13FE63E"
-    "5823D4C746DB21B90F9B9C00B49EC7404AB1D929BA7FBA12F2E45C6E0A651689750E8528AB"
-    "8C031D3561FECEE72EBB4A090D450A9B7A857#) (q "
-    "#00997BD266EF7B1F60A5C23F3A741F2AEFD07A2081#) (g "
-    "#535E360E8A95EBA46A4F7DE50AD6E9B2A6DB785A66B64EB9F20338D2A3E8FB0E94725848F"
-    "1AA6CC567CB83A1CC517EC806F2E92EAE71457E80B2210A189B91250779434B41FC8A8873F"
-    "6DB94BEA7D177F5D59E7E114EE10A49CFD9CEF88AE43387023B672927BA74B04EB6BBB5E57"
-    "597766A2F9CE3857D7ACE3E1E3BC1FC6F26#) (y "
-    "#0AC8670AD767D7A8D9D14CC1AC6744CD7D76F993B77FFD9E39DF01E5A6536EF65E775FCEF"
-    "2A983E2A19BD6415500F6979715D9FD1257E1FE2B6F5E1E74B333079E7C880D39868462A93"
-    "454B41877BE62E5EF0A041C2EE9C9E76BD1E12AE25D9628DECB097025DD625EF49C3258A1A"
-    "3C0FF501E3DC673B76D7BABF349009B6ECF#) (x "
-    "#14D0345A3562C480A039E3C72764F72D79043216#)))))\n";
-
-int main() {
-  OTRL_INIT;
-
-  // We have to write the private key information to a file because the libotr
-  // API demands a filename to read from.
-  const char *tmpdir = "/tmp";
-  if (getenv("TMP")) {
-    tmpdir = getenv("TMP");
-  }
-
-  char private_key_file[256];
-  snprintf(private_key_file, sizeof(private_key_file),
-           "%s/libotr_test_helper_privatekeys-XXXXXX", tmpdir);
-  int fd = mkstemp(private_key_file);
-  if (fd == -1) {
-    perror("creating temp file");
-  }
-  write(fd, kPrivateKeyData, sizeof(kPrivateKeyData) - 1);
-  close(fd);
-
-  OtrlUserState userstate = otrl_userstate_create();
-  otrl_privkey_read(userstate, private_key_file);
-  unlink(private_key_file);
-
-  fprintf(stderr, "libotr helper started\n");
-
-  char buf[4096];
-
-  for (;;) {
-    char *message = fgets(buf, sizeof(buf), stdin);
-    if (strlen(message) == 0) {
-      break;
-    }
-    message[strlen(message) - 1] = 0;
-    fprintf(stderr, "libotr helper got: %s\n", message);
-
-    char *newmessage = NULL;
-    OtrlTLV *tlvs;
-    int ignore_message = otrl_message_receiving(
-        userstate, &uiops, NULL, "account", "proto", "peer", message,
-        &newmessage, &tlvs, NULL, NULL, NULL);
-    if (tlvs) {
-      otrl_tlv_free(tlvs);
-    }
-
-    if (newmessage != NULL) {
-      fprintf(stderr, "libotr got: %s\n", newmessage);
-      otrl_message_free(newmessage);
-
-      gcry_error_t err;
-      char *newmessage = NULL;
-
-      err = otrl_message_sending(userstate, &uiops, NULL, "account", "proto",
-                                 "peer", 0, "test message", NULL, &newmessage,
-                                 OTRL_FRAGMENT_SEND_SKIP, NULL, NULL, NULL);
-      if (newmessage == NULL) {
-        fprintf(stderr, "libotr didn't encrypt message\n");
-        return 1;
-      }
-      write(1, newmessage, strlen(newmessage));
-      write(1, "\n", 1);
-      fprintf(stderr, "libotr sent: %s\n", newmessage);
-      otrl_message_free(newmessage);
-
-      g_session_established = 0;
-      write(1, "?OTRv2?\n", 8);
-      fprintf(stderr, "libotr sent: ?OTRv2\n");
-    }
-  }
-
-  return 0;
-}

vendor/golang.org/x/crypto/otr/smp.go

@@ -1,572 +0,0 @@
-// Copyright 2012 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// This file implements the Socialist Millionaires Protocol as described in
-// http://www.cypherpunks.ca/otr/Protocol-v2-3.1.0.html. The protocol
-// specification is required in order to understand this code and, where
-// possible, the variable names in the code match up with the spec.
-
-package otr
-
-import (
-	"bytes"
-	"crypto/sha256"
-	"errors"
-	"hash"
-	"math/big"
-)
-
-type smpFailure string
-
-func (s smpFailure) Error() string {
-	return string(s)
-}
-
-var smpFailureError = smpFailure("otr: SMP protocol failed")
-var smpSecretMissingError = smpFailure("otr: mutual secret needed")
-
-const smpVersion = 1
-
-const (
-	smpState1 = iota
-	smpState2
-	smpState3
-	smpState4
-)
-
-type smpState struct {
-	state                  int
-	a2, a3, b2, b3, pb, qb *big.Int
-	g2a, g3a               *big.Int
-	g2, g3                 *big.Int
-	g3b, papb, qaqb, ra    *big.Int
-	saved                  *tlv
-	secret                 *big.Int
-	question               string
-}
-
-func (c *Conversation) startSMP(question string) (tlvs []tlv) {
-	if c.smp.state != smpState1 {
-		tlvs = append(tlvs, c.generateSMPAbort())
-	}
-	tlvs = append(tlvs, c.generateSMP1(question))
-	c.smp.question = ""
-	c.smp.state = smpState2
-	return
-}
-
-func (c *Conversation) resetSMP() {
-	c.smp.state = smpState1
-	c.smp.secret = nil
-	c.smp.question = ""
-}
-
-func (c *Conversation) processSMP(in tlv) (out tlv, complete bool, err error) {
-	data := in.data
-
-	switch in.typ {
-	case tlvTypeSMPAbort:
-		if c.smp.state != smpState1 {
-			err = smpFailureError
-		}
-		c.resetSMP()
-		return
-	case tlvTypeSMP1WithQuestion:
-		// We preprocess this into a SMP1 message.
-		nulPos := bytes.IndexByte(data, 0)
-		if nulPos == -1 {
-			err = errors.New("otr: SMP message with question didn't contain a NUL byte")
-			return
-		}
-		c.smp.question = string(data[:nulPos])
-		data = data[nulPos+1:]
-	}
-
-	numMPIs, data, ok := getU32(data)
-	if !ok || numMPIs > 20 {
-		err = errors.New("otr: corrupt SMP message")
-		return
-	}
-
-	mpis := make([]*big.Int, numMPIs)
-	for i := range mpis {
-		var ok bool
-		mpis[i], data, ok = getMPI(data)
-		if !ok {
-			err = errors.New("otr: corrupt SMP message")
-			return
-		}
-	}
-
-	switch in.typ {
-	case tlvTypeSMP1, tlvTypeSMP1WithQuestion:
-		if c.smp.state != smpState1 {
-			c.resetSMP()
-			out = c.generateSMPAbort()
-			return
-		}
-		if c.smp.secret == nil {
-			err = smpSecretMissingError
-			return
-		}
-		if err = c.processSMP1(mpis); err != nil {
-			return
-		}
-		c.smp.state = smpState3
-		out = c.generateSMP2()
-	case tlvTypeSMP2:
-		if c.smp.state != smpState2 {
-			c.resetSMP()
-			out = c.generateSMPAbort()
-			return
-		}
-		if out, err = c.processSMP2(mpis); err != nil {
-			out = c.generateSMPAbort()
-			return
-		}
-		c.smp.state = smpState4
-	case tlvTypeSMP3:
-		if c.smp.state != smpState3 {
-			c.resetSMP()
-			out = c.generateSMPAbort()
-			return
-		}
-		if out, err = c.processSMP3(mpis); err != nil {
-			return
-		}
-		c.smp.state = smpState1
-		c.smp.secret = nil
-		complete = true
-	case tlvTypeSMP4:
-		if c.smp.state != smpState4 {
-			c.resetSMP()
-			out = c.generateSMPAbort()
-			return
-		}
-		if err = c.processSMP4(mpis); err != nil {
-			out = c.generateSMPAbort()
-			return
-		}
-		c.smp.state = smpState1
-		c.smp.secret = nil
-		complete = true
-	default:
-		panic("unknown SMP message")
-	}
-
-	return
-}
-
-func (c *Conversation) calcSMPSecret(mutualSecret []byte, weStarted bool) {
-	h := sha256.New()
-	h.Write([]byte{smpVersion})
-	if weStarted {
-		h.Write(c.PrivateKey.PublicKey.Fingerprint())
-		h.Write(c.TheirPublicKey.Fingerprint())
-	} else {
-		h.Write(c.TheirPublicKey.Fingerprint())
-		h.Write(c.PrivateKey.PublicKey.Fingerprint())
-	}
-	h.Write(c.SSID[:])
-	h.Write(mutualSecret)
-	c.smp.secret = new(big.Int).SetBytes(h.Sum(nil))
-}
-
-func (c *Conversation) generateSMP1(question string) tlv {
-	var randBuf [16]byte
-	c.smp.a2 = c.randMPI(randBuf[:])
-	c.smp.a3 = c.randMPI(randBuf[:])
-	g2a := new(big.Int).Exp(g, c.smp.a2, p)
-	g3a := new(big.Int).Exp(g, c.smp.a3, p)
-	h := sha256.New()
-
-	r2 := c.randMPI(randBuf[:])
-	r := new(big.Int).Exp(g, r2, p)
-	c2 := new(big.Int).SetBytes(hashMPIs(h, 1, r))
-	d2 := new(big.Int).Mul(c.smp.a2, c2)
-	d2.Sub(r2, d2)
-	d2.Mod(d2, q)
-	if d2.Sign() < 0 {
-		d2.Add(d2, q)
-	}
-
-	r3 := c.randMPI(randBuf[:])
-	r.Exp(g, r3, p)
-	c3 := new(big.Int).SetBytes(hashMPIs(h, 2, r))
-	d3 := new(big.Int).Mul(c.smp.a3, c3)
-	d3.Sub(r3, d3)
-	d3.Mod(d3, q)
-	if d3.Sign() < 0 {
-		d3.Add(d3, q)
-	}
-
-	var ret tlv
-	if len(question) > 0 {
-		ret.typ = tlvTypeSMP1WithQuestion
-		ret.data = append(ret.data, question...)
-		ret.data = append(ret.data, 0)
-	} else {
-		ret.typ = tlvTypeSMP1
-	}
-	ret.data = appendU32(ret.data, 6)
-	ret.data = appendMPIs(ret.data, g2a, c2, d2, g3a, c3, d3)
-	return ret
-}
-
-func (c *Conversation) processSMP1(mpis []*big.Int) error {
-	if len(mpis) != 6 {
-		return errors.New("otr: incorrect number of arguments in SMP1 message")
-	}
-	g2a := mpis[0]
-	c2 := mpis[1]
-	d2 := mpis[2]
-	g3a := mpis[3]
-	c3 := mpis[4]
-	d3 := mpis[5]
-	h := sha256.New()
-
-	r := new(big.Int).Exp(g, d2, p)
-	s := new(big.Int).Exp(g2a, c2, p)
-	r.Mul(r, s)
-	r.Mod(r, p)
-	t := new(big.Int).SetBytes(hashMPIs(h, 1, r))
-	if c2.Cmp(t) != 0 {
-		return errors.New("otr: ZKP c2 incorrect in SMP1 message")
-	}
-	r.Exp(g, d3, p)
-	s.Exp(g3a, c3, p)
-	r.Mul(r, s)
-	r.Mod(r, p)
-	t.SetBytes(hashMPIs(h, 2, r))
-	if c3.Cmp(t) != 0 {
-		return errors.New("otr: ZKP c3 incorrect in SMP1 message")
-	}
-
-	c.smp.g2a = g2a
-	c.smp.g3a = g3a
-	return nil
-}
-
-func (c *Conversation) generateSMP2() tlv {
-	var randBuf [16]byte
-	b2 := c.randMPI(randBuf[:])
-	c.smp.b3 = c.randMPI(randBuf[:])
-	r2 := c.randMPI(randBuf[:])
-	r3 := c.randMPI(randBuf[:])
-	r4 := c.randMPI(randBuf[:])
-	r5 := c.randMPI(randBuf[:])
-	r6 := c.randMPI(randBuf[:])
-
-	g2b := new(big.Int).Exp(g, b2, p)
-	g3b := new(big.Int).Exp(g, c.smp.b3, p)
-
-	r := new(big.Int).Exp(g, r2, p)
-	h := sha256.New()
-	c2 := new(big.Int).SetBytes(hashMPIs(h, 3, r))
-	d2 := new(big.Int).Mul(b2, c2)
-	d2.Sub(r2, d2)
-	d2.Mod(d2, q)
-	if d2.Sign() < 0 {
-		d2.Add(d2, q)
-	}
-
-	r.Exp(g, r3, p)
-	c3 := new(big.Int).SetBytes(hashMPIs(h, 4, r))
-	d3 := new(big.Int).Mul(c.smp.b3, c3)
-	d3.Sub(r3, d3)
-	d3.Mod(d3, q)
-	if d3.Sign() < 0 {
-		d3.Add(d3, q)
-	}
-
-	c.smp.g2 = new(big.Int).Exp(c.smp.g2a, b2, p)
-	c.smp.g3 = new(big.Int).Exp(c.smp.g3a, c.smp.b3, p)
-	c.smp.pb = new(big.Int).Exp(c.smp.g3, r4, p)
-	c.smp.qb = new(big.Int).Exp(g, r4, p)
-	r.Exp(c.smp.g2, c.smp.secret, p)
-	c.smp.qb.Mul(c.smp.qb, r)
-	c.smp.qb.Mod(c.smp.qb, p)
-
-	s := new(big.Int)
-	s.Exp(c.smp.g2, r6, p)
-	r.Exp(g, r5, p)
-	s.Mul(r, s)
-	s.Mod(s, p)
-	r.Exp(c.smp.g3, r5, p)
-	cp := new(big.Int).SetBytes(hashMPIs(h, 5, r, s))
-
-	// D5 = r5 - r4 cP mod q and D6 = r6 - y cP mod q
-
-	s.Mul(r4, cp)
-	r.Sub(r5, s)
-	d5 := new(big.Int).Mod(r, q)
-	if d5.Sign() < 0 {
-		d5.Add(d5, q)
-	}
-
-	s.Mul(c.smp.secret, cp)
-	r.Sub(r6, s)
-	d6 := new(big.Int).Mod(r, q)
-	if d6.Sign() < 0 {
-		d6.Add(d6, q)
-	}
-
-	var ret tlv
-	ret.typ = tlvTypeSMP2
-	ret.data = appendU32(ret.data, 11)
-	ret.data = appendMPIs(ret.data, g2b, c2, d2, g3b, c3, d3, c.smp.pb, c.smp.qb, cp, d5, d6)
-	return ret
-}
-
-func (c *Conversation) processSMP2(mpis []*big.Int) (out tlv, err error) {
-	if len(mpis) != 11 {
-		err = errors.New("otr: incorrect number of arguments in SMP2 message")
-		return
-	}
-	g2b := mpis[0]
-	c2 := mpis[1]
-	d2 := mpis[2]
-	g3b := mpis[3]
-	c3 := mpis[4]
-	d3 := mpis[5]
-	pb := mpis[6]
-	qb := mpis[7]
-	cp := mpis[8]
-	d5 := mpis[9]
-	d6 := mpis[10]
-	h := sha256.New()
-
-	r := new(big.Int).Exp(g, d2, p)
-	s := new(big.Int).Exp(g2b, c2, p)
-	r.Mul(r, s)
-	r.Mod(r, p)
-	s.SetBytes(hashMPIs(h, 3, r))
-	if c2.Cmp(s) != 0 {
-		err = errors.New("otr: ZKP c2 failed in SMP2 message")
-		return
-	}
-
-	r.Exp(g, d3, p)
-	s.Exp(g3b, c3, p)
-	r.Mul(r, s)
-	r.Mod(r, p)
-	s.SetBytes(hashMPIs(h, 4, r))
-	if c3.Cmp(s) != 0 {
-		err = errors.New("otr: ZKP c3 failed in SMP2 message")
-		return
-	}
-
-	c.smp.g2 = new(big.Int).Exp(g2b, c.smp.a2, p)
-	c.smp.g3 = new(big.Int).Exp(g3b, c.smp.a3, p)
-
-	r.Exp(g, d5, p)
-	s.Exp(c.smp.g2, d6, p)
-	r.Mul(r, s)
-	s.Exp(qb, cp, p)
-	r.Mul(r, s)
-	r.Mod(r, p)
-
-	s.Exp(c.smp.g3, d5, p)
-	t := new(big.Int).Exp(pb, cp, p)
-	s.Mul(s, t)
-	s.Mod(s, p)
-	t.SetBytes(hashMPIs(h, 5, s, r))
-	if cp.Cmp(t) != 0 {
-		err = errors.New("otr: ZKP cP failed in SMP2 message")
-		return
-	}
-
-	var randBuf [16]byte
-	r4 := c.randMPI(randBuf[:])
-	r5 := c.randMPI(randBuf[:])
-	r6 := c.randMPI(randBuf[:])
-	r7 := c.randMPI(randBuf[:])
-
-	pa := new(big.Int).Exp(c.smp.g3, r4, p)
-	r.Exp(c.smp.g2, c.smp.secret, p)
-	qa := new(big.Int).Exp(g, r4, p)
-	qa.Mul(qa, r)
-	qa.Mod(qa, p)
-
-	r.Exp(g, r5, p)
-	s.Exp(c.smp.g2, r6, p)
-	r.Mul(r, s)
-	r.Mod(r, p)
-
-	s.Exp(c.smp.g3, r5, p)
-	cp.SetBytes(hashMPIs(h, 6, s, r))
-
-	r.Mul(r4, cp)
-	d5 = new(big.Int).Sub(r5, r)
-	d5.Mod(d5, q)
-	if d5.Sign() < 0 {
-		d5.Add(d5, q)
-	}
-
-	r.Mul(c.smp.secret, cp)
-	d6 = new(big.Int).Sub(r6, r)
-	d6.Mod(d6, q)
-	if d6.Sign() < 0 {
-		d6.Add(d6, q)
-	}
-
-	r.ModInverse(qb, p)
-	qaqb := new(big.Int).Mul(qa, r)
-	qaqb.Mod(qaqb, p)
-
-	ra := new(big.Int).Exp(qaqb, c.smp.a3, p)
-	r.Exp(qaqb, r7, p)
-	s.Exp(g, r7, p)
-	cr := new(big.Int).SetBytes(hashMPIs(h, 7, s, r))
-
-	r.Mul(c.smp.a3, cr)
-	d7 := new(big.Int).Sub(r7, r)
-	d7.Mod(d7, q)
-	if d7.Sign() < 0 {
-		d7.Add(d7, q)
-	}
-
-	c.smp.g3b = g3b
-	c.smp.qaqb = qaqb
-
-	r.ModInverse(pb, p)
-	c.smp.papb = new(big.Int).Mul(pa, r)
-	c.smp.papb.Mod(c.smp.papb, p)
-	c.smp.ra = ra
-
-	out.typ = tlvTypeSMP3
-	out.data = appendU32(out.data, 8)
-	out.data = appendMPIs(out.data, pa, qa, cp, d5, d6, ra, cr, d7)
-	return
-}
-
-func (c *Conversation) processSMP3(mpis []*big.Int) (out tlv, err error) {
-	if len(mpis) != 8 {
-		err = errors.New("otr: incorrect number of arguments in SMP3 message")
-		return
-	}
-	pa := mpis[0]
-	qa := mpis[1]
-	cp := mpis[2]
-	d5 := mpis[3]
-	d6 := mpis[4]
-	ra := mpis[5]
-	cr := mpis[6]
-	d7 := mpis[7]
-	h := sha256.New()
-
-	r := new(big.Int).Exp(g, d5, p)
-	s := new(big.Int).Exp(c.smp.g2, d6, p)
-	r.Mul(r, s)
-	s.Exp(qa, cp, p)
-	r.Mul(r, s)
-	r.Mod(r, p)
-
-	s.Exp(c.smp.g3, d5, p)
-	t := new(big.Int).Exp(pa, cp, p)
-	s.Mul(s, t)
-	s.Mod(s, p)
-	t.SetBytes(hashMPIs(h, 6, s, r))
-	if t.Cmp(cp) != 0 {
-		err = errors.New("otr: ZKP cP failed in SMP3 message")
-		return
-	}
-
-	r.ModInverse(c.smp.qb, p)
-	qaqb := new(big.Int).Mul(qa, r)
-	qaqb.Mod(qaqb, p)
-
-	r.Exp(qaqb, d7, p)
-	s.Exp(ra, cr, p)
-	r.Mul(r, s)
-	r.Mod(r, p)
-
-	s.Exp(g, d7, p)
-	t.Exp(c.smp.g3a, cr, p)
-	s.Mul(s, t)
-	s.Mod(s, p)
-	t.SetBytes(hashMPIs(h, 7, s, r))
-	if t.Cmp(cr) != 0 {
-		err = errors.New("otr: ZKP cR failed in SMP3 message")
-		return
-	}
-
-	var randBuf [16]byte
-	r7 := c.randMPI(randBuf[:])
-	rb := new(big.Int).Exp(qaqb, c.smp.b3, p)
-
-	r.Exp(qaqb, r7, p)
-	s.Exp(g, r7, p)
-	cr = new(big.Int).SetBytes(hashMPIs(h, 8, s, r))
-
-	r.Mul(c.smp.b3, cr)
-	d7 = new(big.Int).Sub(r7, r)
-	d7.Mod(d7, q)
-	if d7.Sign() < 0 {
-		d7.Add(d7, q)
-	}
-
-	out.typ = tlvTypeSMP4
-	out.data = appendU32(out.data, 3)
-	out.data = appendMPIs(out.data, rb, cr, d7)
-
-	r.ModInverse(c.smp.pb, p)
-	r.Mul(pa, r)
-	r.Mod(r, p)
-	s.Exp(ra, c.smp.b3, p)
-	if r.Cmp(s) != 0 {
-		err = smpFailureError
-	}
-
-	return
-}
-
-func (c *Conversation) processSMP4(mpis []*big.Int) error {
-	if len(mpis) != 3 {
-		return errors.New("otr: incorrect number of arguments in SMP4 message")
-	}
-	rb := mpis[0]
-	cr := mpis[1]
-	d7 := mpis[2]
-	h := sha256.New()
-
-	r := new(big.Int).Exp(c.smp.qaqb, d7, p)
-	s := new(big.Int).Exp(rb, cr, p)
-	r.Mul(r, s)
-	r.Mod(r, p)
-
-	s.Exp(g, d7, p)
-	t := new(big.Int).Exp(c.smp.g3b, cr, p)
-	s.Mul(s, t)
-	s.Mod(s, p)
-	t.SetBytes(hashMPIs(h, 8, s, r))
-	if t.Cmp(cr) != 0 {
-		return errors.New("otr: ZKP cR failed in SMP4 message")
-	}
-
-	r.Exp(rb, c.smp.a3, p)
-	if r.Cmp(c.smp.papb) != 0 {
-		return smpFailureError
-	}
-
-	return nil
-}
-
-func (c *Conversation) generateSMPAbort() tlv {
-	return tlv{typ: tlvTypeSMPAbort}
-}
-
-func hashMPIs(h hash.Hash, magic byte, mpis ...*big.Int) []byte {
-	if h != nil {
-		h.Reset()
-	} else {
-		h = sha256.New()
-	}
-
-	h.Write([]byte{magic})
-	for _, mpi := range mpis {
-		h.Write(appendMPI(nil, mpi))
-	}
-	return h.Sum(nil)
-}

vendor/golang.org/x/crypto/ssh/test/doc.go

@@ -1,7 +0,0 @@
-// Copyright 2012 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// Package test contains integration tests for the
-// golang.org/x/crypto/ssh package.
-package test // import "golang.org/x/crypto/ssh/test"

vendor/golang.org/x/crypto/ssh/test/sshd_test_pw.c

@@ -1,173 +0,0 @@
-// Copyright 2017 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// sshd_test_pw.c
-// Wrapper to inject test password data for sshd PAM authentication
-//
-// This wrapper implements custom versions of getpwnam, getpwnam_r,
-// getspnam and getspnam_r. These functions first call their real
-// libc versions, then check if the requested user matches test user
-// specified in env variable TEST_USER and if so replace the password
-// with crypted() value of TEST_PASSWD env variable.
-//
-// Compile:
-// gcc -Wall -shared -o sshd_test_pw.so -fPIC sshd_test_pw.c
-//
-// Compile with debug:
-// gcc -DVERBOSE -Wall -shared -o sshd_test_pw.so -fPIC sshd_test_pw.c
-//
-// Run sshd:
-// LD_PRELOAD="sshd_test_pw.so" TEST_USER="..." TEST_PASSWD="..." sshd ...
-
-// +build ignore
-
-#define _GNU_SOURCE
-#include <string.h>
-#include <pwd.h>
-#include <shadow.h>
-#include <dlfcn.h>
-#include <stdlib.h>
-#include <unistd.h>
-#include <stdio.h>
-
-#ifdef VERBOSE
-#define DEBUG(X...) fprintf(stderr, X)
-#else
-#define DEBUG(X...) while (0) { }
-#endif
-
-/* crypt() password */
-static char *
-pwhash(char *passwd) {
-  return strdup(crypt(passwd, "$6$"));
-}
-
-/* Pointers to real functions in libc */
-static struct passwd * (*real_getpwnam)(const char *) = NULL;
-static int (*real_getpwnam_r)(const char *, struct passwd *, char *, size_t, struct passwd **) = NULL;
-static struct spwd * (*real_getspnam)(const char *) = NULL;
-static int (*real_getspnam_r)(const char *, struct spwd *, char *, size_t, struct spwd **) = NULL;
-
-/* Cached test user and test password */
-static char *test_user = NULL;
-static char *test_passwd_hash = NULL;
-
-static void
-init(void) {
-  /* Fetch real libc function pointers */
-  real_getpwnam = dlsym(RTLD_NEXT, "getpwnam");
-  real_getpwnam_r = dlsym(RTLD_NEXT, "getpwnam_r");
-  real_getspnam = dlsym(RTLD_NEXT, "getspnam");
-  real_getspnam_r = dlsym(RTLD_NEXT, "getspnam_r");
-  
-  /* abort if env variables are not defined */
-  if (getenv("TEST_USER") == NULL || getenv("TEST_PASSWD") == NULL) {
-    fprintf(stderr, "env variables TEST_USER and TEST_PASSWD are missing\n");
-    abort();
-  }
-
-  /* Fetch test user and test password from env */
-  test_user = strdup(getenv("TEST_USER"));
-  test_passwd_hash = pwhash(getenv("TEST_PASSWD"));
-
-  DEBUG("sshd_test_pw init():\n");
-  DEBUG("\treal_getpwnam: %p\n", real_getpwnam);
-  DEBUG("\treal_getpwnam_r: %p\n", real_getpwnam_r);
-  DEBUG("\treal_getspnam: %p\n", real_getspnam);
-  DEBUG("\treal_getspnam_r: %p\n", real_getspnam_r);
-  DEBUG("\tTEST_USER: '%s'\n", test_user);
-  DEBUG("\tTEST_PASSWD: '%s'\n", getenv("TEST_PASSWD"));
-  DEBUG("\tTEST_PASSWD_HASH: '%s'\n", test_passwd_hash);
-}
-
-static int
-is_test_user(const char *name) {
-  if (test_user != NULL && strcmp(test_user, name) == 0)
-    return 1;
-  return 0;
-}
-
-/* getpwnam */
-
-struct passwd *
-getpwnam(const char *name) {
-  struct passwd *pw;
-
-  DEBUG("sshd_test_pw getpwnam(%s)\n", name);
-  
-  if (real_getpwnam == NULL)
-    init();
-  if ((pw = real_getpwnam(name)) == NULL)
-    return NULL;
-
-  if (is_test_user(name))
-    pw->pw_passwd = strdup(test_passwd_hash);
-      
-  return pw;
-}
-
-/* getpwnam_r */
-
-int
-getpwnam_r(const char *name,
-	   struct passwd *pwd,
-	   char *buf,
-	   size_t buflen,
-	   struct passwd **result) {
-  int r;
-
-  DEBUG("sshd_test_pw getpwnam_r(%s)\n", name);
-  
-  if (real_getpwnam_r == NULL)
-    init();
-  if ((r = real_getpwnam_r(name, pwd, buf, buflen, result)) != 0 || *result == NULL)
-    return r;
-
-  if (is_test_user(name))
-    pwd->pw_passwd = strdup(test_passwd_hash);
-  
-  return 0;
-}
-
-/* getspnam */
-
-struct spwd *
-getspnam(const char *name) {
-  struct spwd *sp;
-
-  DEBUG("sshd_test_pw getspnam(%s)\n", name);
-  
-  if (real_getspnam == NULL)
-    init();
-  if ((sp = real_getspnam(name)) == NULL)
-    return NULL;
-
-  if (is_test_user(name))
-    sp->sp_pwdp = strdup(test_passwd_hash);
-  
-  return sp;
-}
-
-/* getspnam_r */
-
-int
-getspnam_r(const char *name,
-	   struct spwd *spbuf,
-	   char *buf,
-	   size_t buflen,
-	   struct spwd **spbufp) {
-  int r;
-
-  DEBUG("sshd_test_pw getspnam_r(%s)\n", name);
-  
-  if (real_getspnam_r == NULL)
-    init();
-  if ((r = real_getspnam_r(name, spbuf, buf, buflen, spbufp)) != 0)
-    return r;
-
-  if (is_test_user(name))
-    spbuf->sp_pwdp = strdup(test_passwd_hash);
-  
-  return r;
-}

vendor/golang.org/x/sys/windows/svc/event.go

@@ -1,48 +0,0 @@
-// Copyright 2012 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build windows
-
-package svc
-
-import (
-	"errors"
-
-	"golang.org/x/sys/windows"
-)
-
-// event represents auto-reset, initially non-signaled Windows event.
-// It is used to communicate between go and asm parts of this package.
-type event struct {
-	h windows.Handle
-}
-
-func newEvent() (*event, error) {
-	h, err := windows.CreateEvent(nil, 0, 0, nil)
-	if err != nil {
-		return nil, err
-	}
-	return &event{h: h}, nil
-}
-
-func (e *event) Close() error {
-	return windows.CloseHandle(e.h)
-}
-
-func (e *event) Set() error {
-	return windows.SetEvent(e.h)
-}
-
-func (e *event) Wait() error {
-	s, err := windows.WaitForSingleObject(e.h, windows.INFINITE)
-	switch s {
-	case windows.WAIT_OBJECT_0:
-		break
-	case windows.WAIT_FAILED:
-		return err
-	default:
-		return errors.New("unexpected result from WaitForSingleObject")
-	}
-	return nil
-}

vendor/golang.org/x/sys/windows/svc/go12.c

@@ -1,24 +0,0 @@
-// Copyright 2012 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build windows
-// +build !go1.3
-
-// copied from pkg/runtime
-typedef	unsigned int	uint32;
-typedef	unsigned long long int	uint64;
-#ifdef _64BIT
-typedef	uint64		uintptr;
-#else
-typedef	uint32		uintptr;
-#endif
-
-// from sys_386.s or sys_amd64.s
-void ·servicemain(void);
-
-void
-·getServiceMain(uintptr *r)
-{
-	*r = (uintptr)·servicemain;
-}

vendor/golang.org/x/sys/windows/svc/go12.go

@@ -1,11 +0,0 @@
-// Copyright 2014 The Go Authors.  All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build windows
-// +build !go1.3
-
-package svc
-
-// from go12.c
-func getServiceMain(r *uintptr)

vendor/golang.org/x/sys/windows/svc/go13.go

@@ -1,31 +0,0 @@
-// Copyright 2014 The Go Authors.  All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build windows
-// +build go1.3
-
-package svc
-
-import "unsafe"
-
-const ptrSize = 4 << (^uintptr(0) >> 63) // unsafe.Sizeof(uintptr(0)) but an ideal const
-
-// Should be a built-in for unsafe.Pointer?
-func add(p unsafe.Pointer, x uintptr) unsafe.Pointer {
-	return unsafe.Pointer(uintptr(p) + x)
-}
-
-// funcPC returns the entry PC of the function f.
-// It assumes that f is a func value. Otherwise the behavior is undefined.
-func funcPC(f interface{}) uintptr {
-	return **(**uintptr)(add(unsafe.Pointer(&f), ptrSize))
-}
-
-// from sys_386.s and sys_amd64.s
-func servicectlhandler(ctl uint32) uintptr
-func servicemain(argc uint32, argv **uint16)
-
-func getServiceMain(r *uintptr) {
-	*r = funcPC(servicemain)
-}

vendor/golang.org/x/sys/windows/svc/security.go

@@ -1,62 +0,0 @@
-// Copyright 2012 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build windows
-
-package svc
-
-import (
-	"unsafe"
-
-	"golang.org/x/sys/windows"
-)
-
-func allocSid(subAuth0 uint32) (*windows.SID, error) {
-	var sid *windows.SID
-	err := windows.AllocateAndInitializeSid(&windows.SECURITY_NT_AUTHORITY,
-		1, subAuth0, 0, 0, 0, 0, 0, 0, 0, &sid)
-	if err != nil {
-		return nil, err
-	}
-	return sid, nil
-}
-
-// IsAnInteractiveSession determines if calling process is running interactively.
-// It queries the process token for membership in the Interactive group.
-// http://stackoverflow.com/questions/2668851/how-do-i-detect-that-my-application-is-running-as-service-or-in-an-interactive-s
-func IsAnInteractiveSession() (bool, error) {
-	interSid, err := allocSid(windows.SECURITY_INTERACTIVE_RID)
-	if err != nil {
-		return false, err
-	}
-	defer windows.FreeSid(interSid)
-
-	serviceSid, err := allocSid(windows.SECURITY_SERVICE_RID)
-	if err != nil {
-		return false, err
-	}
-	defer windows.FreeSid(serviceSid)
-
-	t, err := windows.OpenCurrentProcessToken()
-	if err != nil {
-		return false, err
-	}
-	defer t.Close()
-
-	gs, err := t.GetTokenGroups()
-	if err != nil {
-		return false, err
-	}
-	p := unsafe.Pointer(&gs.Groups[0])
-	groups := (*[2 << 20]windows.SIDAndAttributes)(p)[:gs.GroupCount]
-	for _, g := range groups {
-		if windows.EqualSid(g.Sid, interSid) {
-			return true, nil
-		}
-		if windows.EqualSid(g.Sid, serviceSid) {
-			return false, nil
-		}
-	}
-	return false, nil
-}

vendor/golang.org/x/sys/windows/svc/service.go

@@ -1,363 +0,0 @@
-// Copyright 2012 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build windows
-
-// Package svc provides everything required to build Windows service.
-//
-package svc
-
-import (
-	"errors"
-	"runtime"
-	"syscall"
-	"unsafe"
-
-	"golang.org/x/sys/windows"
-)
-
-// State describes service execution state (Stopped, Running and so on).
-type State uint32
-
-const (
-	Stopped         = State(windows.SERVICE_STOPPED)
-	StartPending    = State(windows.SERVICE_START_PENDING)
-	StopPending     = State(windows.SERVICE_STOP_PENDING)
-	Running         = State(windows.SERVICE_RUNNING)
-	ContinuePending = State(windows.SERVICE_CONTINUE_PENDING)
-	PausePending    = State(windows.SERVICE_PAUSE_PENDING)
-	Paused          = State(windows.SERVICE_PAUSED)
-)
-
-// Cmd represents service state change request. It is sent to a service
-// by the service manager, and should be actioned upon by the service.
-type Cmd uint32
-
-const (
-	Stop                  = Cmd(windows.SERVICE_CONTROL_STOP)
-	Pause                 = Cmd(windows.SERVICE_CONTROL_PAUSE)
-	Continue              = Cmd(windows.SERVICE_CONTROL_CONTINUE)
-	Interrogate           = Cmd(windows.SERVICE_CONTROL_INTERROGATE)
-	Shutdown              = Cmd(windows.SERVICE_CONTROL_SHUTDOWN)
-	ParamChange           = Cmd(windows.SERVICE_CONTROL_PARAMCHANGE)
-	NetBindAdd            = Cmd(windows.SERVICE_CONTROL_NETBINDADD)
-	NetBindRemove         = Cmd(windows.SERVICE_CONTROL_NETBINDREMOVE)
-	NetBindEnable         = Cmd(windows.SERVICE_CONTROL_NETBINDENABLE)
-	NetBindDisable        = Cmd(windows.SERVICE_CONTROL_NETBINDDISABLE)
-	DeviceEvent           = Cmd(windows.SERVICE_CONTROL_DEVICEEVENT)
-	HardwareProfileChange = Cmd(windows.SERVICE_CONTROL_HARDWAREPROFILECHANGE)
-	PowerEvent            = Cmd(windows.SERVICE_CONTROL_POWEREVENT)
-	SessionChange         = Cmd(windows.SERVICE_CONTROL_SESSIONCHANGE)
-)
-
-// Accepted is used to describe commands accepted by the service.
-// Note that Interrogate is always accepted.
-type Accepted uint32
-
-const (
-	AcceptStop                  = Accepted(windows.SERVICE_ACCEPT_STOP)
-	AcceptShutdown              = Accepted(windows.SERVICE_ACCEPT_SHUTDOWN)
-	AcceptPauseAndContinue      = Accepted(windows.SERVICE_ACCEPT_PAUSE_CONTINUE)
-	AcceptParamChange           = Accepted(windows.SERVICE_ACCEPT_PARAMCHANGE)
-	AcceptNetBindChange         = Accepted(windows.SERVICE_ACCEPT_NETBINDCHANGE)
-	AcceptHardwareProfileChange = Accepted(windows.SERVICE_ACCEPT_HARDWAREPROFILECHANGE)
-	AcceptPowerEvent            = Accepted(windows.SERVICE_ACCEPT_POWEREVENT)
-	AcceptSessionChange         = Accepted(windows.SERVICE_ACCEPT_SESSIONCHANGE)
-)
-
-// Status combines State and Accepted commands to fully describe running service.
-type Status struct {
-	State      State
-	Accepts    Accepted
-	CheckPoint uint32 // used to report progress during a lengthy operation
-	WaitHint   uint32 // estimated time required for a pending operation, in milliseconds
-}
-
-// ChangeRequest is sent to the service Handler to request service status change.
-type ChangeRequest struct {
-	Cmd           Cmd
-	EventType     uint32
-	EventData     uintptr
-	CurrentStatus Status
-}
-
-// Handler is the interface that must be implemented to build Windows service.
-type Handler interface {
-
-	// Execute will be called by the package code at the start of
-	// the service, and the service will exit once Execute completes.
-	// Inside Execute you must read service change requests from r and
-	// act accordingly. You must keep service control manager up to date
-	// about state of your service by writing into s as required.
-	// args contains service name followed by argument strings passed
-	// to the service.
-	// You can provide service exit code in exitCode return parameter,
-	// with 0 being "no error". You can also indicate if exit code,
-	// if any, is service specific or not by using svcSpecificEC
-	// parameter.
-	Execute(args []string, r <-chan ChangeRequest, s chan<- Status) (svcSpecificEC bool, exitCode uint32)
-}
-
-var (
-	// These are used by asm code.
-	goWaitsH                       uintptr
-	cWaitsH                        uintptr
-	ssHandle                       uintptr
-	sName                          *uint16
-	sArgc                          uintptr
-	sArgv                          **uint16
-	ctlHandlerExProc               uintptr
-	cSetEvent                      uintptr
-	cWaitForSingleObject           uintptr
-	cRegisterServiceCtrlHandlerExW uintptr
-)
-
-func init() {
-	k := syscall.MustLoadDLL("kernel32.dll")
-	cSetEvent = k.MustFindProc("SetEvent").Addr()
-	cWaitForSingleObject = k.MustFindProc("WaitForSingleObject").Addr()
-	a := syscall.MustLoadDLL("advapi32.dll")
-	cRegisterServiceCtrlHandlerExW = a.MustFindProc("RegisterServiceCtrlHandlerExW").Addr()
-}
-
-// The HandlerEx prototype also has a context pointer but since we don't use
-// it at start-up time we don't have to pass it over either.
-type ctlEvent struct {
-	cmd       Cmd
-	eventType uint32
-	eventData uintptr
-	errno     uint32
-}
-
-// service provides access to windows service api.
-type service struct {
-	name    string
-	h       windows.Handle
-	cWaits  *event
-	goWaits *event
-	c       chan ctlEvent
-	handler Handler
-}
-
-func newService(name string, handler Handler) (*service, error) {
-	var s service
-	var err error
-	s.name = name
-	s.c = make(chan ctlEvent)
-	s.handler = handler
-	s.cWaits, err = newEvent()
-	if err != nil {
-		return nil, err
-	}
-	s.goWaits, err = newEvent()
-	if err != nil {
-		s.cWaits.Close()
-		return nil, err
-	}
-	return &s, nil
-}
-
-func (s *service) close() error {
-	s.cWaits.Close()
-	s.goWaits.Close()
-	return nil
-}
-
-type exitCode struct {
-	isSvcSpecific bool
-	errno         uint32
-}
-
-func (s *service) updateStatus(status *Status, ec *exitCode) error {
-	if s.h == 0 {
-		return errors.New("updateStatus with no service status handle")
-	}
-	var t windows.SERVICE_STATUS
-	t.ServiceType = windows.SERVICE_WIN32_OWN_PROCESS
-	t.CurrentState = uint32(status.State)
-	if status.Accepts&AcceptStop != 0 {
-		t.ControlsAccepted |= windows.SERVICE_ACCEPT_STOP
-	}
-	if status.Accepts&AcceptShutdown != 0 {
-		t.ControlsAccepted |= windows.SERVICE_ACCEPT_SHUTDOWN
-	}
-	if status.Accepts&AcceptPauseAndContinue != 0 {
-		t.ControlsAccepted |= windows.SERVICE_ACCEPT_PAUSE_CONTINUE
-	}
-	if status.Accepts&AcceptParamChange != 0 {
-		t.ControlsAccepted |= windows.SERVICE_ACCEPT_PARAMCHANGE
-	}
-	if status.Accepts&AcceptNetBindChange != 0 {
-		t.ControlsAccepted |= windows.SERVICE_ACCEPT_NETBINDCHANGE
-	}
-	if status.Accepts&AcceptHardwareProfileChange != 0 {
-		t.ControlsAccepted |= windows.SERVICE_ACCEPT_HARDWAREPROFILECHANGE
-	}
-	if status.Accepts&AcceptPowerEvent != 0 {
-		t.ControlsAccepted |= windows.SERVICE_ACCEPT_POWEREVENT
-	}
-	if status.Accepts&AcceptSessionChange != 0 {
-		t.ControlsAccepted |= windows.SERVICE_ACCEPT_SESSIONCHANGE
-	}
-	if ec.errno == 0 {
-		t.Win32ExitCode = windows.NO_ERROR
-		t.ServiceSpecificExitCode = windows.NO_ERROR
-	} else if ec.isSvcSpecific {
-		t.Win32ExitCode = uint32(windows.ERROR_SERVICE_SPECIFIC_ERROR)
-		t.ServiceSpecificExitCode = ec.errno
-	} else {
-		t.Win32ExitCode = ec.errno
-		t.ServiceSpecificExitCode = windows.NO_ERROR
-	}
-	t.CheckPoint = status.CheckPoint
-	t.WaitHint = status.WaitHint
-	return windows.SetServiceStatus(s.h, &t)
-}
-
-const (
-	sysErrSetServiceStatusFailed = uint32(syscall.APPLICATION_ERROR) + iota
-	sysErrNewThreadInCallback
-)
-
-func (s *service) run() {
-	s.goWaits.Wait()
-	s.h = windows.Handle(ssHandle)
-	argv := (*[100]*int16)(unsafe.Pointer(sArgv))[:sArgc]
-	args := make([]string, len(argv))
-	for i, a := range argv {
-		args[i] = syscall.UTF16ToString((*[1 << 20]uint16)(unsafe.Pointer(a))[:])
-	}
-
-	cmdsToHandler := make(chan ChangeRequest)
-	changesFromHandler := make(chan Status)
-	exitFromHandler := make(chan exitCode)
-
-	go func() {
-		ss, errno := s.handler.Execute(args, cmdsToHandler, changesFromHandler)
-		exitFromHandler <- exitCode{ss, errno}
-	}()
-
-	status := Status{State: Stopped}
-	ec := exitCode{isSvcSpecific: true, errno: 0}
-	var outch chan ChangeRequest
-	inch := s.c
-	var cmd Cmd
-	var evtype uint32
-	var evdata uintptr
-loop:
-	for {
-		select {
-		case r := <-inch:
-			if r.errno != 0 {
-				ec.errno = r.errno
-				break loop
-			}
-			inch = nil
-			outch = cmdsToHandler
-			cmd = r.cmd
-			evtype = r.eventType
-			evdata = r.eventData
-		case outch <- ChangeRequest{cmd, evtype, evdata, status}:
-			inch = s.c
-			outch = nil
-		case c := <-changesFromHandler:
-			err := s.updateStatus(&c, &ec)
-			if err != nil {
-				// best suitable error number
-				ec.errno = sysErrSetServiceStatusFailed
-				if err2, ok := err.(syscall.Errno); ok {
-					ec.errno = uint32(err2)
-				}
-				break loop
-			}
-			status = c
-		case ec = <-exitFromHandler:
-			break loop
-		}
-	}
-
-	s.updateStatus(&Status{State: Stopped}, &ec)
-	s.cWaits.Set()
-}
-
-func newCallback(fn interface{}) (cb uintptr, err error) {
-	defer func() {
-		r := recover()
-		if r == nil {
-			return
-		}
-		cb = 0
-		switch v := r.(type) {
-		case string:
-			err = errors.New(v)
-		case error:
-			err = v
-		default:
-			err = errors.New("unexpected panic in syscall.NewCallback")
-		}
-	}()
-	return syscall.NewCallback(fn), nil
-}
-
-// BUG(brainman): There is no mechanism to run multiple services
-// inside one single executable. Perhaps, it can be overcome by
-// using RegisterServiceCtrlHandlerEx Windows api.
-
-// Run executes service name by calling appropriate handler function.
-func Run(name string, handler Handler) error {
-	runtime.LockOSThread()
-
-	tid := windows.GetCurrentThreadId()
-
-	s, err := newService(name, handler)
-	if err != nil {
-		return err
-	}
-
-	ctlHandler := func(ctl uint32, evtype uint32, evdata uintptr, context uintptr) uintptr {
-		e := ctlEvent{cmd: Cmd(ctl), eventType: evtype, eventData: evdata}
-		// We assume that this callback function is running on
-		// the same thread as Run. Nowhere in MS documentation
-		// I could find statement to guarantee that. So putting
-		// check here to verify, otherwise things will go bad
-		// quickly, if ignored.
-		i := windows.GetCurrentThreadId()
-		if i != tid {
-			e.errno = sysErrNewThreadInCallback
-		}
-		s.c <- e
-		// Always return NO_ERROR (0) for now.
-		return 0
-	}
-
-	var svcmain uintptr
-	getServiceMain(&svcmain)
-	t := []windows.SERVICE_TABLE_ENTRY{
-		{syscall.StringToUTF16Ptr(s.name), svcmain},
-		{nil, 0},
-	}
-
-	goWaitsH = uintptr(s.goWaits.h)
-	cWaitsH = uintptr(s.cWaits.h)
-	sName = t[0].ServiceName
-	ctlHandlerExProc, err = newCallback(ctlHandler)
-	if err != nil {
-		return err
-	}
-
-	go s.run()
-
-	err = windows.StartServiceCtrlDispatcher(&t[0])
-	if err != nil {
-		return err
-	}
-	return nil
-}
-
-// StatusHandle returns service status handle. It is safe to call this function
-// from inside the Handler.Execute because then it is guaranteed to be set.
-// This code will have to change once multiple services are possible per process.
-func StatusHandle() windows.Handle {
-	return windows.Handle(ssHandle)
-}

vendor/golang.org/x/sys/windows/svc/sys_386.s

@@ -1,68 +0,0 @@
-// Copyright 2012 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build windows
-
-// func servicemain(argc uint32, argv **uint16)
-TEXT ·servicemain(SB),7,$0
-	MOVL	argc+0(FP), AX
-	MOVL	AX, ·sArgc(SB)
-	MOVL	argv+4(FP), AX
-	MOVL	AX, ·sArgv(SB)
-
-	PUSHL	BP
-	PUSHL	BX
-	PUSHL	SI
-	PUSHL	DI
-
-	SUBL	$12, SP
-
-	MOVL	·sName(SB), AX
-	MOVL	AX, (SP)
-	MOVL	$·servicectlhandler(SB), AX
-	MOVL	AX, 4(SP)
-	MOVL	$0, 8(SP)
-	MOVL	·cRegisterServiceCtrlHandlerExW(SB), AX
-	MOVL	SP, BP
-	CALL	AX
-	MOVL	BP, SP
-	CMPL	AX, $0
-	JE	exit
-	MOVL	AX, ·ssHandle(SB)
-
-	MOVL	·goWaitsH(SB), AX
-	MOVL	AX, (SP)
-	MOVL	·cSetEvent(SB), AX
-	MOVL	SP, BP
-	CALL	AX
-	MOVL	BP, SP
-
-	MOVL	·cWaitsH(SB), AX
-	MOVL	AX, (SP)
-	MOVL	$-1, AX
-	MOVL	AX, 4(SP)
-	MOVL	·cWaitForSingleObject(SB), AX
-	MOVL	SP, BP
-	CALL	AX
-	MOVL	BP, SP
-
-exit:
-	ADDL	$12, SP
-
-	POPL	DI
-	POPL	SI
-	POPL	BX
-	POPL	BP
-
-	MOVL	0(SP), CX
-	ADDL	$12, SP
-	JMP	CX
-
-// I do not know why, but this seems to be the only way to call
-// ctlHandlerProc on Windows 7.
-
-// func servicectlhandler(ctl uint32, evtype uint32, evdata uintptr, context uintptr) uintptr {
-TEXT ·servicectlhandler(SB),7,$0
-	MOVL	·ctlHandlerExProc(SB), CX
-	JMP	CX

vendor/golang.org/x/sys/windows/svc/sys_amd64.s

@@ -1,42 +0,0 @@
-// Copyright 2012 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build windows
-
-// func servicemain(argc uint32, argv **uint16)
-TEXT ·servicemain(SB),7,$0
-	MOVL	CX, ·sArgc(SB)
-	MOVL	DX, ·sArgv(SB)
-
-	SUBQ	$32, SP		// stack for the first 4 syscall params
-
-	MOVQ	·sName(SB), CX
-	MOVQ	$·servicectlhandler(SB), DX
-	// BUG(pastarmovj): Figure out a way to pass in context in R8.
-	MOVQ	·cRegisterServiceCtrlHandlerExW(SB), AX
-	CALL	AX
-	CMPQ	AX, $0
-	JE	exit
-	MOVQ	AX, ·ssHandle(SB)
-
-	MOVQ	·goWaitsH(SB), CX
-	MOVQ	·cSetEvent(SB), AX
-	CALL	AX
-
-	MOVQ	·cWaitsH(SB), CX
-	MOVQ	$4294967295, DX
-	MOVQ	·cWaitForSingleObject(SB), AX
-	CALL	AX
-
-exit:
-	ADDQ	$32, SP
-	RET
-
-// I do not know why, but this seems to be the only way to call
-// ctlHandlerProc on Windows 7.
-
-// func ·servicectlhandler(ctl uint32, evtype uint32, evdata uintptr, context uintptr) uintptr {
-TEXT ·servicectlhandler(SB),7,$0
-	MOVQ	·ctlHandlerExProc(SB), AX
-	JMP	AX

vendor/k8s.io/kubernetes/build/README.md

@@ -1,129 +0,0 @@
-# Building Kubernetes
-
-Building Kubernetes is easy if you take advantage of the containerized build environment. This document will help guide you through understanding this build process.
-
-## Requirements
-
-1. Docker, using one of the following configurations:
-  * **macOS** You can either use Docker for Mac or docker-machine. See installation instructions [here](https://docs.docker.com/docker-for-mac/).
-     **Note**: You will want to set the Docker VM to have at least 4.5GB of initial memory or building will likely fail. (See: [#11852]( http://issue.k8s.io/11852)).
-  * **Linux with local Docker**  Install Docker according to the [instructions](https://docs.docker.com/installation/#installation) for your OS.
-  * **Remote Docker engine** Use a big machine in the cloud to build faster. This is a little trickier so look at the section later on.
-2. **Optional** [Google Cloud SDK](https://developers.google.com/cloud/sdk/)
-
-You must install and configure Google Cloud SDK if you want to upload your release to Google Cloud Storage and may safely omit this otherwise.
-
-## Overview
-
-While it is possible to build Kubernetes using a local golang installation, we have a build process that runs in a Docker container.  This simplifies initial set up and provides for a very consistent build and test environment.
-
-## Key scripts
-
-The following scripts are found in the `build/` directory. Note that all scripts must be run from the Kubernetes root directory.
-
-* `build/run.sh`: Run a command in a build docker container.  Common invocations:
-  *  `build/run.sh make`: Build just linux binaries in the container.  Pass options and packages as necessary.
-  *  `build/run.sh make cross`: Build all binaries for all platforms
-  *  `build/run.sh make test`: Run all unit tests
-  *  `build/run.sh make test-integration`: Run integration test
-  *  `build/run.sh make test-cmd`: Run CLI tests
-* `build/copy-output.sh`: This will copy the contents of `_output/dockerized/bin` from the Docker container to the local `_output/dockerized/bin`. It will also copy out specific file patterns that are generated as part of the build process. This is run automatically as part of `build/run.sh`.
-* `build/make-clean.sh`: Clean out the contents of `_output`, remove any locally built container images and remove the data container.
-* `/build/shell.sh`: Drop into a `bash` shell in a build container with a snapshot of the current repo code.
-
-## Basic Flow
-
-The scripts directly under `build/` are used to build and test.  They will ensure that the `kube-build` Docker image is built (based on `build/build-image/Dockerfile`) and then execute the appropriate command in that container.  These scripts will both ensure that the right data is cached from run to run for incremental builds and will copy the results back out of the container.
-
-The `kube-build` container image is built by first creating a "context" directory in `_output/images/build-image`.  It is done there instead of at the root of the Kubernetes repo to minimize the amount of data we need to package up when building the image.
-
-There are 3 different containers instances that are run from this image.  The first is a "data" container to store all data that needs to persist across to support incremental builds. Next there is an "rsync" container that is used to transfer data in and out to the data container.  Lastly there is a "build" container that is used for actually doing build actions.  The data container persists across runs while the rsync and build containers are deleted after each use.
-
-`rsync` is used transparently behind the scenes to efficiently move data in and out of the container.  This will use an ephemeral port picked by Docker.  You can modify this by setting the `KUBE_RSYNC_PORT` env variable.
-
-All Docker names are suffixed with a hash derived from the file path (to allow concurrent usage on things like CI machines) and a version number.  When the version number changes all state is cleared and clean build is started.  This allows the build infrastructure to be changed and signal to CI systems that old artifacts need to be deleted.
-
-## Proxy Settings
-
-If you are behind a proxy and you are letting these scripts use `docker-machine` to set up your local VM for you on macOS, you need to export proxy settings for Kubernetes build, the following environment variables should be defined.
-
-```
-export KUBERNETES_HTTP_PROXY=http://username:password@proxyaddr:proxyport
-export KUBERNETES_HTTPS_PROXY=https://username:password@proxyaddr:proxyport
-```
-
-Optionally, you can specify addresses of no proxy for Kubernetes build, for example
-
-```
-export KUBERNETES_NO_PROXY=127.0.0.1
-```
-
-If you are using sudo to make Kubernetes build for example make quick-release, you need run `sudo -E make quick-release` to pass the environment variables.
-
-## Really Remote Docker Engine
-
-It is possible to use a Docker Engine that is running remotely (under your desk or in the cloud).  Docker must be configured to connect to that machine and the local rsync port must be forwarded (via SSH or nc) from localhost to the remote machine.
-
-To do this easily with GCE and `docker-machine`, do something like this:
-```
-# Create the remote docker machine on GCE.  This is a pretty beefy machine with SSD disk.
-KUBE_BUILD_VM=k8s-build
-KUBE_BUILD_GCE_PROJECT=<project>
-docker-machine create \
-  --driver=google \
-  --google-project=${KUBE_BUILD_GCE_PROJECT} \
-  --google-zone=us-west1-a \
-  --google-machine-type=n1-standard-8 \
-  --google-disk-size=50 \
-  --google-disk-type=pd-ssd \
-  ${KUBE_BUILD_VM}
-
-# Set up local docker to talk to that machine
-eval $(docker-machine env ${KUBE_BUILD_VM})
-
-# Pin down the port that rsync will be exposed on on the remote machine
-export KUBE_RSYNC_PORT=8730
-
-# forward local 8730 to that machine so that rsync works
-docker-machine ssh ${KUBE_BUILD_VM} -L ${KUBE_RSYNC_PORT}:localhost:${KUBE_RSYNC_PORT} -N &
-```
-
-Look at `docker-machine stop`, `docker-machine start` and `docker-machine rm` to manage this VM.
-
-## Releasing
-
-The `build/release.sh` script will build a release.  It will build binaries, run tests, (optionally) build runtime Docker images.
-
-The main output is a tar file: `kubernetes.tar.gz`.  This includes:
-* Cross compiled client utilities.
-* Script (`kubectl`) for picking and running the right client binary based on platform.
-* Examples
-* Cluster deployment scripts for various clouds
-* Tar file containing all server binaries
-
-In addition, there are some other tar files that are created:
-* `kubernetes-client-*.tar.gz` Client binaries for a specific platform.
-* `kubernetes-server-*.tar.gz` Server binaries for a specific platform.
-
-When building final release tars, they are first staged into `_output/release-stage` before being tar'd up and put into `_output/release-tars`.
-
-## Reproducibility
-`make release`, its variant `make quick-release`, and Bazel all provide a
-hermetic build environment which should provide some level of reproducibility
-for builds. `make` itself is **not** hermetic.
-
-The Kubernetes build environment supports the [`SOURCE_DATE_EPOCH` environment
-variable](https://reproducible-builds.org/specs/source-date-epoch/) specified by
-the Reproducible Builds project, which can be set to a UNIX epoch timestamp.
-This will be used for the build timestamps embedded in compiled Go binaries,
-and maybe someday also Docker images.
-
-One reasonable setting for this variable is to use the commit timestamp from the
-tip of the tree being built; this is what the Kubernetes CI system uses. For
-example, you could use the following one-liner:
-
-```bash
-SOURCE_DATE_EPOCH=$(git show -s --format=format:%ct HEAD)
-```
-
-[![Analytics](https://kubernetes-site.appspot.com/UA-36037335-10/GitHub/build/README.md?pixel)]()

vendor/k8s.io/kubernetes/build/pause/orphan.c

@@ -1,36 +0,0 @@
-/*
-Copyright 2016 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-/* Creates a zombie to be reaped by init. Useful for testing. */
-
-#include <stdio.h>
-#include <unistd.h>
-
-int main() {
-  pid_t pid;
-  pid = fork();
-  if (pid == 0) {
-    while (getppid() > 1)
-      ;
-    printf("Child exiting: pid=%d ppid=%d\n", getpid(), getppid());
-    return 0;
-  } else if (pid > 0) {
-    printf("Parent exiting: pid=%d ppid=%d\n", getpid(), getppid());
-    return 0;
-  }
-  perror("Could not create child");
-  return 1;
-}

vendor/k8s.io/kubernetes/build/pause/pause.c

@@ -1,68 +0,0 @@
-/*
-Copyright 2016 The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-#include <signal.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/types.h>
-#include <sys/wait.h>
-#include <unistd.h>
-
-#define STRINGIFY(x) #x
-#define VERSION_STRING(x) STRINGIFY(x)
-
-#ifndef VERSION
-#define VERSION HEAD
-#endif
-
-static void sigdown(int signo) {
-  psignal(signo, "Shutting down, got signal");
-  exit(0);
-}
-
-static void sigreap(int signo) {
-  while (waitpid(-1, NULL, WNOHANG) > 0)
-    ;
-}
-
-int main(int argc, char **argv) {
-  int i;
-  for (i = 1; i < argc; ++i) {
-    if (!strcasecmp(argv[i], "-v")) {
-      printf("pause.c %s\n", VERSION_STRING(VERSION));
-      return 0;
-    }
-  }
-
-  if (getpid() != 1)
-    /* Not an error because pause sees use outside of infra containers. */
-    fprintf(stderr, "Warning: pause should be the first process\n");
-
-  if (sigaction(SIGINT, &(struct sigaction){.sa_handler = sigdown}, NULL) < 0)
-    return 1;
-  if (sigaction(SIGTERM, &(struct sigaction){.sa_handler = sigdown}, NULL) < 0)
-    return 2;
-  if (sigaction(SIGCHLD, &(struct sigaction){.sa_handler = sigreap,
-                                             .sa_flags = SA_NOCLDSTOP},
-                NULL) < 0)
-    return 3;
-
-  for (;;)
-    pause();
-  fprintf(stderr, "Error: infinite loop terminated\n");
-  return 42;
-}