commit
4033add994
@ -12,7 +12,7 @@
|
|||||||
"features": {
|
"features": {
|
||||||
"ghcr.io/devcontainers/features/docker-in-docker:2": {},
|
"ghcr.io/devcontainers/features/docker-in-docker:2": {},
|
||||||
"ghcr.io/devcontainers/features/go:1": {
|
"ghcr.io/devcontainers/features/go:1": {
|
||||||
"version": "1.20"
|
"version": "1.21"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
|
||||||
|
2
.github/workflows/build-test-images.yml
vendored
2
.github/workflows/build-test-images.yml
vendored
@ -43,7 +43,7 @@ jobs:
|
|||||||
steps:
|
steps:
|
||||||
- uses: actions/setup-go@v3
|
- uses: actions/setup-go@v3
|
||||||
with:
|
with:
|
||||||
go-version: "1.20.7"
|
go-version: "1.21.0"
|
||||||
|
|
||||||
- uses: actions/checkout@v3
|
- uses: actions/checkout@v3
|
||||||
with:
|
with:
|
||||||
|
18
.github/workflows/ci.yml
vendored
18
.github/workflows/ci.yml
vendored
@ -9,7 +9,7 @@ on:
|
|||||||
env:
|
env:
|
||||||
# Go version we currently use to build containerd across all CI.
|
# Go version we currently use to build containerd across all CI.
|
||||||
# Note: don't forget to update `Binaries` step, as it contains the matrix of all supported Go versions.
|
# Note: don't forget to update `Binaries` step, as it contains the matrix of all supported Go versions.
|
||||||
GO_VERSION: "1.20.7"
|
GO_VERSION: "1.21.0"
|
||||||
|
|
||||||
permissions: # added using https://github.com/step-security/secure-workflows
|
permissions: # added using https://github.com/step-security/secure-workflows
|
||||||
contents: read
|
contents: read
|
||||||
@ -203,13 +203,13 @@ jobs:
|
|||||||
binaries:
|
binaries:
|
||||||
name: Binaries
|
name: Binaries
|
||||||
runs-on: ${{ matrix.os }}
|
runs-on: ${{ matrix.os }}
|
||||||
timeout-minutes: 10
|
timeout-minutes: 20
|
||||||
needs: [project, linters, protos, man]
|
needs: [project, linters, protos, man]
|
||||||
|
|
||||||
strategy:
|
strategy:
|
||||||
matrix:
|
matrix:
|
||||||
os: [ubuntu-22.04, macos-12, windows-2019, windows-2022]
|
os: [ubuntu-22.04, macos-12, windows-2019, windows-2022]
|
||||||
go-version: ["1.20.7", "1.19.12"]
|
go-version: ["1.20.7", "1.21.0"]
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/setup-go@v4
|
- uses: actions/setup-go@v4
|
||||||
with:
|
with:
|
||||||
@ -218,6 +218,12 @@ jobs:
|
|||||||
|
|
||||||
- uses: actions/checkout@v3
|
- uses: actions/checkout@v3
|
||||||
|
|
||||||
|
# NOTE(aznashwan): starting with Golang 1.21, the windows-2019 GitHub runner's
|
||||||
|
# builtin MinGW version leads to DLL loading errors during runtime.
|
||||||
|
- name: Upgrade MinGW on Windows 2019
|
||||||
|
if: matrix.os == 'windows-2019'
|
||||||
|
run: choco upgrade mingw
|
||||||
|
|
||||||
- name: Make
|
- name: Make
|
||||||
run: |
|
run: |
|
||||||
make build
|
make build
|
||||||
@ -269,6 +275,12 @@ jobs:
|
|||||||
|
|
||||||
- run: script/setup/install-dev-tools
|
- run: script/setup/install-dev-tools
|
||||||
|
|
||||||
|
# NOTE(aznashwan): starting with Golang 1.21, the windows-2019 GitHub runner's
|
||||||
|
# builtin MinGW version leads to DLL loading errors during runtime.
|
||||||
|
- name: Upgrade MinGW on Windows 2019
|
||||||
|
if: matrix.os == 'windows-2019'
|
||||||
|
run: choco upgrade mingw
|
||||||
|
|
||||||
- name: Binaries
|
- name: Binaries
|
||||||
env:
|
env:
|
||||||
CGO_ENABLED: 1
|
CGO_ENABLED: 1
|
||||||
|
2
.github/workflows/codeql.yml
vendored
2
.github/workflows/codeql.yml
vendored
@ -34,7 +34,7 @@ jobs:
|
|||||||
|
|
||||||
- uses: actions/setup-go@v3
|
- uses: actions/setup-go@v3
|
||||||
with:
|
with:
|
||||||
go-version: 1.20.7
|
go-version: 1.21.0
|
||||||
|
|
||||||
# Initializes the CodeQL tools for scanning.
|
# Initializes the CodeQL tools for scanning.
|
||||||
- name: Initialize CodeQL
|
- name: Initialize CodeQL
|
||||||
|
74
.github/workflows/fuzz.yml
vendored
74
.github/workflows/fuzz.yml
vendored
@ -4,33 +4,49 @@ permissions: # added using https://github.com/step-security/secure-workflows
|
|||||||
contents: read
|
contents: read
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
# Run all fuzzing tests. Some of them use Go 1.18's testing.F.
|
# ci_fuzz is temporarily disabled as it is not compatible with recent Go:
|
||||||
# Others use https://github.com/AdaLogics/go-fuzz-headers.
|
#
|
||||||
ci_fuzz:
|
#####
|
||||||
name: CI Fuzz
|
# >github.com/containerd/containerd/contrib/apparmor
|
||||||
if: github.repository == 'containerd/containerd'
|
# >github.com/containerd/containerd/contrib/apparmor
|
||||||
runs-on: ubuntu-latest
|
# >Running go-fuzz -tags gofuzz -func FuzzLoadDefaultProfile -o fuzz_FuzzLoadDefaultProfile.a github.com/containerd/containerd/contrib/apparmor
|
||||||
timeout-minutes: 60
|
# >/usr/bin/ld: /usr/bin/ld: DWARF error: invalid or unhandled FORM value: 0x25
|
||||||
steps:
|
# >fuzz_FuzzLoadDefaultProfile.a(000021.o): in function `_cgo_9c8efe9babca_C2func_res_search':
|
||||||
- name: Build Fuzzers
|
# >cgo_unix_cgo_res.cgo2.c:(.text+0x32): undefined reference to `__res_search'
|
||||||
id: build
|
# >/usr/bin/ld: fuzz_FuzzLoadDefaultProfile.a(000021.o): in function `_cgo_9c8efe9babca_Cfunc_res_search':
|
||||||
uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master
|
# >cgo_unix_cgo_res.cgo2.c:(.text+0x81): undefined reference to `__res_search'
|
||||||
with:
|
# >clang-15: error: linker command failed with exit code 1 (use -v to see invocation)
|
||||||
oss-fuzz-project-name: 'containerd'
|
# >2023-08-11 14:25:45,433 - root - ERROR - Building fuzzers failed.
|
||||||
language: go
|
# >2023-08-11 14:25:45,433 - root - ERROR - Error building fuzzers for (commit: 432d86b87f75cc8ddf8f8101a5540eb206ffc894, pr_ref: refs/pull/8957/merge).
|
||||||
- name: Run Fuzzers
|
#####
|
||||||
uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master
|
#
|
||||||
with:
|
# # Run all fuzzing tests. Some of them use Go 1.18's testing.F.
|
||||||
oss-fuzz-project-name: 'containerd'
|
# # Others use https://github.com/AdaLogics/go-fuzz-headers.
|
||||||
fuzz-seconds: 300
|
# ci_fuzz:
|
||||||
language: go
|
# name: CI Fuzz
|
||||||
continue-on-error: true
|
# if: github.repository == 'containerd/containerd'
|
||||||
- name: Upload Crash
|
# runs-on: ubuntu-latest
|
||||||
uses: actions/upload-artifact@v1
|
# timeout-minutes: 60
|
||||||
if: failure() && steps.build.outcome == 'success'
|
# steps:
|
||||||
with:
|
# - name: Build Fuzzers
|
||||||
name: artifacts
|
# id: build
|
||||||
path: ./out/artifacts
|
# uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master
|
||||||
|
# with:
|
||||||
|
# oss-fuzz-project-name: 'containerd'
|
||||||
|
# language: go
|
||||||
|
# - name: Run Fuzzers
|
||||||
|
# uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master
|
||||||
|
# with:
|
||||||
|
# oss-fuzz-project-name: 'containerd'
|
||||||
|
# fuzz-seconds: 300
|
||||||
|
# language: go
|
||||||
|
# continue-on-error: true
|
||||||
|
# - name: Upload Crash
|
||||||
|
# uses: actions/upload-artifact@v1
|
||||||
|
# if: failure() && steps.build.outcome == 'success'
|
||||||
|
# with:
|
||||||
|
# name: artifacts
|
||||||
|
# path: ./out/artifacts
|
||||||
|
|
||||||
# Make sure all fuzzing tests which use Go 1.18's testing.F are
|
# Make sure all fuzzing tests which use Go 1.18's testing.F are
|
||||||
# runnable with go test -fuzz.
|
# runnable with go test -fuzz.
|
||||||
@ -42,8 +58,6 @@ jobs:
|
|||||||
steps:
|
steps:
|
||||||
- uses: actions/setup-go@v3
|
- uses: actions/setup-go@v3
|
||||||
with:
|
with:
|
||||||
# FIXME: go-fuzz fails with Go 1.20: `cgo_unix_cgo_res.cgo2.c:(.text+0x32): undefined reference to `__res_search'`
|
go-version: 1.21.x
|
||||||
# https://github.com/containerd/containerd/pull/8103#issuecomment-1429256152
|
|
||||||
go-version: 1.18
|
|
||||||
- uses: actions/checkout@v3
|
- uses: actions/checkout@v3
|
||||||
- run: script/go-test-fuzz.sh
|
- run: script/go-test-fuzz.sh
|
||||||
|
2
.github/workflows/images.yml
vendored
2
.github/workflows/images.yml
vendored
@ -28,7 +28,7 @@ jobs:
|
|||||||
steps:
|
steps:
|
||||||
- uses: actions/setup-go@v3
|
- uses: actions/setup-go@v3
|
||||||
with:
|
with:
|
||||||
go-version: "1.20.7"
|
go-version: "1.21.0"
|
||||||
|
|
||||||
- uses: actions/checkout@v3
|
- uses: actions/checkout@v3
|
||||||
with:
|
with:
|
||||||
|
2
.github/workflows/nightly.yml
vendored
2
.github/workflows/nightly.yml
vendored
@ -7,7 +7,7 @@ on:
|
|||||||
- ".github/workflows/nightly.yml"
|
- ".github/workflows/nightly.yml"
|
||||||
|
|
||||||
env:
|
env:
|
||||||
GO_VERSION: "1.20.7"
|
GO_VERSION: "1.21.0"
|
||||||
|
|
||||||
permissions: # added using https://github.com/step-security/secure-workflows
|
permissions: # added using https://github.com/step-security/secure-workflows
|
||||||
contents: read
|
contents: read
|
||||||
|
2
.github/workflows/release.yml
vendored
2
.github/workflows/release.yml
vendored
@ -13,7 +13,7 @@ on:
|
|||||||
name: Release
|
name: Release
|
||||||
|
|
||||||
env:
|
env:
|
||||||
GO_VERSION: "1.20.7"
|
GO_VERSION: "1.21.0"
|
||||||
|
|
||||||
permissions: # added using https://github.com/step-security/secure-workflows
|
permissions: # added using https://github.com/step-security/secure-workflows
|
||||||
contents: read
|
contents: read
|
||||||
|
@ -25,7 +25,7 @@ A codespace will open in a web-based version of Visual Studio Code. The [dev con
|
|||||||
|
|
||||||
To build the `containerd` daemon, and the `ctr` simple test client, the following build system dependencies are required:
|
To build the `containerd` daemon, and the `ctr` simple test client, the following build system dependencies are required:
|
||||||
|
|
||||||
* Go 1.19.x or above
|
* Go 1.20.x or above
|
||||||
* Protoc 3.x compiler and headers (download at the [Google protobuf releases page](https://github.com/protocolbuffers/protobuf/releases))
|
* Protoc 3.x compiler and headers (download at the [Google protobuf releases page](https://github.com/protocolbuffers/protobuf/releases))
|
||||||
* Btrfs headers and libraries for your distribution. Note that building the btrfs driver can be disabled via the build tag `no_btrfs`, removing this dependency.
|
* Btrfs headers and libraries for your distribution. Note that building the btrfs driver can be disabled via the build tag `no_btrfs`, removing this dependency.
|
||||||
|
|
||||||
|
2
Vagrantfile
vendored
2
Vagrantfile
vendored
@ -104,7 +104,7 @@ EOF
|
|||||||
config.vm.provision "install-golang", type: "shell", run: "once" do |sh|
|
config.vm.provision "install-golang", type: "shell", run: "once" do |sh|
|
||||||
sh.upload_path = "/tmp/vagrant-install-golang"
|
sh.upload_path = "/tmp/vagrant-install-golang"
|
||||||
sh.env = {
|
sh.env = {
|
||||||
'GO_VERSION': ENV['GO_VERSION'] || "1.20.7",
|
'GO_VERSION': ENV['GO_VERSION'] || "1.21.0",
|
||||||
}
|
}
|
||||||
sh.inline = <<~SHELL
|
sh.inline = <<~SHELL
|
||||||
#!/usr/bin/env bash
|
#!/usr/bin/env bash
|
||||||
|
@ -29,7 +29,7 @@
|
|||||||
# docker run --privileged containerd-test
|
# docker run --privileged containerd-test
|
||||||
# ------------------------------------------------------------------------------
|
# ------------------------------------------------------------------------------
|
||||||
|
|
||||||
ARG GOLANG_VERSION=1.20.7
|
ARG GOLANG_VERSION=1.21.0
|
||||||
ARG GOLANG_IMAGE=golang
|
ARG GOLANG_IMAGE=golang
|
||||||
|
|
||||||
FROM ${GOLANG_IMAGE}:${GOLANG_VERSION} AS golang
|
FROM ${GOLANG_IMAGE}:${GOLANG_VERSION} AS golang
|
||||||
|
@ -39,6 +39,11 @@ func WithProfile(profile string) oci.SpecOpts {
|
|||||||
|
|
||||||
// WithDefaultProfile will generate a default apparmor profile under the provided name
|
// WithDefaultProfile will generate a default apparmor profile under the provided name
|
||||||
// for the container. It is only generated if a profile under that name does not exist.
|
// for the container. It is only generated if a profile under that name does not exist.
|
||||||
|
//
|
||||||
|
// FIXME: pkg/cri/[sb]server/container_create_linux_test.go depends on go:noinline
|
||||||
|
// since Go 1.21.
|
||||||
|
//
|
||||||
|
//go:noinline
|
||||||
func WithDefaultProfile(name string) oci.SpecOpts {
|
func WithDefaultProfile(name string) oci.SpecOpts {
|
||||||
return func(_ context.Context, _ oci.Client, _ *containers.Container, s *specs.Spec) error {
|
return func(_ context.Context, _ oci.Client, _ *containers.Container, s *specs.Spec) error {
|
||||||
if err := LoadDefaultProfile(name); err != nil {
|
if err := LoadDefaultProfile(name); err != nil {
|
||||||
|
@ -43,11 +43,11 @@ go run main.go $SRC/containerd/images
|
|||||||
|
|
||||||
apt-get update && apt-get install -y wget
|
apt-get update && apt-get install -y wget
|
||||||
cd $SRC
|
cd $SRC
|
||||||
wget --quiet https://go.dev/dl/go1.19.5.linux-amd64.tar.gz
|
wget --quiet https://go.dev/dl/go1.21.0.linux-amd64.tar.gz
|
||||||
|
|
||||||
mkdir temp-go
|
mkdir temp-go
|
||||||
rm -rf /root/.go/*
|
rm -rf /root/.go/*
|
||||||
tar -C temp-go/ -xzf go1.19.5.linux-amd64.tar.gz
|
tar -C temp-go/ -xzf go1.21.0.linux-amd64.tar.gz
|
||||||
mv temp-go/go/* /root/.go/
|
mv temp-go/go/* /root/.go/
|
||||||
cd $SRC/containerd
|
cd $SRC/containerd
|
||||||
|
|
||||||
|
@ -30,6 +30,11 @@ import (
|
|||||||
// WithProfile receives the name of a file stored on disk comprising a json
|
// WithProfile receives the name of a file stored on disk comprising a json
|
||||||
// formatted seccomp profile, as specified by the opencontainers/runtime-spec.
|
// formatted seccomp profile, as specified by the opencontainers/runtime-spec.
|
||||||
// The profile is read from the file, unmarshaled, and set to the spec.
|
// The profile is read from the file, unmarshaled, and set to the spec.
|
||||||
|
//
|
||||||
|
// FIXME: pkg/cri/[sb]server/container_create_linux_test.go depends on go:noinline
|
||||||
|
// since Go 1.21.
|
||||||
|
//
|
||||||
|
//go:noinline
|
||||||
func WithProfile(profile string) oci.SpecOpts {
|
func WithProfile(profile string) oci.SpecOpts {
|
||||||
return func(_ context.Context, _ oci.Client, _ *containers.Container, s *specs.Spec) error {
|
return func(_ context.Context, _ oci.Client, _ *containers.Container, s *specs.Spec) error {
|
||||||
s.Linux.Seccomp = &specs.LinuxSeccomp{}
|
s.Linux.Seccomp = &specs.LinuxSeccomp{}
|
||||||
@ -46,6 +51,11 @@ func WithProfile(profile string) oci.SpecOpts {
|
|||||||
|
|
||||||
// WithDefaultProfile sets the default seccomp profile to the spec.
|
// WithDefaultProfile sets the default seccomp profile to the spec.
|
||||||
// Note: must follow the setting of process capabilities
|
// Note: must follow the setting of process capabilities
|
||||||
|
//
|
||||||
|
// FIXME: pkg/cri/[sb]server/container_create_linux_test.go depends on go:noinline
|
||||||
|
// since Go 1.21.
|
||||||
|
//
|
||||||
|
//go:noinline
|
||||||
func WithDefaultProfile() oci.SpecOpts {
|
func WithDefaultProfile() oci.SpecOpts {
|
||||||
return func(_ context.Context, _ oci.Client, _ *containers.Container, s *specs.Spec) error {
|
return func(_ context.Context, _ oci.Client, _ *containers.Container, s *specs.Spec) error {
|
||||||
s.Linux.Seccomp = DefaultProfile(s)
|
s.Linux.Seccomp = DefaultProfile(s)
|
||||||
|
2
go.mod
2
go.mod
@ -1,6 +1,6 @@
|
|||||||
module github.com/containerd/containerd
|
module github.com/containerd/containerd
|
||||||
|
|
||||||
go 1.19
|
go 1.20
|
||||||
|
|
||||||
require (
|
require (
|
||||||
dario.cat/mergo v1.0.0
|
dario.cat/mergo v1.0.0
|
||||||
|
@ -5,7 +5,7 @@
|
|||||||
# lived test environment.
|
# lived test environment.
|
||||||
Set-MpPreference -DisableRealtimeMonitoring:$true
|
Set-MpPreference -DisableRealtimeMonitoring:$true
|
||||||
|
|
||||||
$PACKAGES= @{ mingw = "10.2.0"; git = ""; golang = "1.20.7"; make = ""; nssm = "" }
|
$PACKAGES= @{ mingw = "10.2.0"; git = ""; golang = "1.21.0"; make = ""; nssm = "" }
|
||||||
|
|
||||||
Write-Host "Downloading chocolatey package"
|
Write-Host "Downloading chocolatey package"
|
||||||
curl.exe -L "https://packages.chocolatey.org/chocolatey.0.10.15.nupkg" -o 'c:\choco.zip'
|
curl.exe -L "https://packages.chocolatey.org/chocolatey.0.10.15.nupkg" -o 'c:\choco.zip'
|
||||||
|
Loading…
Reference in New Issue
Block a user