github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

Merge pull request #1550 from thaJeztah/bump_containerd_v1.4.0-rc.0

Browse Source 
Bump containerd v1.4.0 rc.0
This commit is contained in:
Mike Brown 2020-08-05 17:56:08 -05:00 committed by GitHub
commit 5c6c6b2ac7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
30 changed files with 149 additions and 68 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
vendor.conf
View File

@ -10,8 +10,8 @@ github.com/BurntSushi/toml v0.3.1
github.com/cespare/xxhash/v2 v2.1.1
github.com/containerd/cgroups 318312a373405e5e91134d8063d04d59768a1bff
github.com/containerd/console v1.0.0
github.com/containerd/containerd d184a0a3430dc4a17a47cce37fb36126ac0c699a
github.com/containerd/continuity d3ef23f19fbb106bb73ffde425d07a9187e30745
github.com/containerd/containerd v1.4.0-rc.0
github.com/containerd/continuity efbc4488d8fe1bdc16bde3b2d2990d9b3a899165
github.com/containerd/fifo f15a3290365b9d2627d189e619ab4008e0069caf
github.com/containerd/go-runc 7016d3ce2328dd2cb1192b2076ebd565c4e8df0c
github.com/containerd/ttrpc v1.0.1
@ -37,7 +37,7 @@ github.com/Microsoft/go-winio v0.4.14
github.com/Microsoft/hcsshim v0.8.9
github.com/opencontainers/go-digest v1.0.0
github.com/opencontainers/image-spec v1.0.1
github.com/opencontainers/runc v1.0.0-rc91
github.com/opencontainers/runc 67169a9d43456ff0d5ae12b967acb8e366e2f181 # v1.0.0-rc91-48-g67169a9d
github.com/opencontainers/runtime-spec 237cc4f519e2e8f9b235bacccfa8ef5a84df2875 # v1.0.2-14-g8e2f17c
github.com/pkg/errors v0.9.1
github.com/prometheus/client_golang v1.6.0

2
vendor/github.com/containerd/containerd/container.go generated vendored
View File

@ -290,6 +290,7 @@ func (c *container) NewTask(ctx context.Context, ioCreate cio.Creator, opts ...N
client: c.client,
io: i,
id: c.id,
c: c,
}
if info.Checkpoint != nil {
request.Checkpoint = info.Checkpoint
@ -407,6 +408,7 @@ func (c *container) loadTask(ctx context.Context, ioAttach cio.Attach) (Task, er
io: i,
id: response.Process.ID,
pid: response.Process.Pid,
c: c,
}
return t, nil
}

7
vendor/github.com/containerd/containerd/oci/spec_opts_unix.go generated vendored
View File

@ -118,3 +118,10 @@ func deviceFromPath(path, permissions string) (*specs.LinuxDevice, error) {
GID: &stat.Gid,
}, nil
}
// WithCPUCFS sets the container's Completely fair scheduling (CFS) quota and period
func WithCPUCFS(quota int64, period uint64) SpecOpts {
return func(ctx context.Context, _ Client, c *containers.Container, s *Spec) error {
return nil
}
}

2
vendor/github.com/containerd/containerd/remotes/docker/authorizer.go generated vendored
View File

@ -273,7 +273,7 @@ func (ah *authHandler) doBearerAuth(ctx context.Context) (string, error) {
// copy common tokenOptions
to := ah.common
to.scopes = getTokenScopes(ctx, to.scopes)
to.scopes = GetTokenScopes(ctx, to.scopes)
// Docs: https://docs.docker.com/registry/spec/auth/scope
scoped := strings.Join(to.scopes, " ")

6
vendor/github.com/containerd/containerd/remotes/docker/fetcher.go generated vendored
View File

@ -98,6 +98,9 @@ func (r dockerFetcher) Fetch(ctx context.Context, desc ocispec.Descriptor) (io.R
var firstErr error
for _, host := range r.hosts {
req := r.request(host, http.MethodGet, "manifests", desc.Digest.String())
if err := req.addNamespace(r.refspec.Hostname()); err != nil {
return nil, err
}
rc, err := r.open(ctx, req, desc.MediaType, offset)
if err != nil {
@ -118,6 +121,9 @@ func (r dockerFetcher) Fetch(ctx context.Context, desc ocispec.Descriptor) (io.R
var firstErr error
for _, host := range r.hosts {
req := r.request(host, http.MethodGet, "blobs", desc.Digest.String())
if err := req.addNamespace(r.refspec.Hostname()); err != nil {
return nil, err
}
rc, err := r.open(ctx, req, desc.MediaType, offset)
if err != nil {

9
vendor/github.com/containerd/containerd/remotes/docker/registry.go generated vendored
View File

@ -73,6 +73,15 @@ type RegistryHost struct {
Header http.Header
}
func (h RegistryHost) isProxy(refhost string) bool {
if refhost != h.Host {
if refhost != "docker.io" || h.Host != "registry-1.docker.io" {
return true
}
}
return false
}
// RegistryHosts fetches the registry hosts for a given namespace,
// provided by the host component of an distribution image reference.
type RegistryHosts func(string) ([]RegistryHost, error)

38
vendor/github.com/containerd/containerd/remotes/docker/resolver.go generated vendored
View File

@ -22,6 +22,7 @@ import (
"io"
"io/ioutil"
"net/http"
"net/url"
"path"
"strings"
@ -276,6 +277,10 @@ func (r *dockerResolver) Resolve(ctx context.Context, ref string) (string, ocisp
ctx := log.WithLogger(ctx, log.G(ctx).WithField("host", host.Host))
req := base.request(host, http.MethodHead, u...)
if err := req.addNamespace(base.refspec.Hostname()); err != nil {
return "", ocispec.Descriptor{}, err
}
for key, value := range r.resolveHeader {
req.header[key] = append(req.header[key], value...)
}
@ -323,6 +328,10 @@ func (r *dockerResolver) Resolve(ctx context.Context, ref string) (string, ocisp
log.G(ctx).Debug("no Docker-Content-Digest header, fetching manifest instead")
req = base.request(host, http.MethodGet, u...)
if err := req.addNamespace(base.refspec.Hostname()); err != nil {
return "", ocispec.Descriptor{}, err
}
for key, value := range r.resolveHeader {
req.header[key] = append(req.header[key], value...)
}
@ -417,7 +426,7 @@ func (r *dockerResolver) Pusher(ctx context.Context, ref string) (remotes.Pusher
type dockerBase struct {
refspec reference.Spec
namespace string
repository string
hosts []RegistryHost
header http.Header
}
@ -430,7 +439,7 @@ func (r *dockerResolver) base(refspec reference.Spec) (*dockerBase, error) {
}
return &dockerBase{
refspec: refspec,
namespace: strings.TrimPrefix(refspec.Locator, host+"/"),
repository: strings.TrimPrefix(refspec.Locator, host+"/"),
hosts: hosts,
header: r.header,
}, nil
@ -453,7 +462,7 @@ func (r *dockerBase) request(host RegistryHost, method string, ps ...string) *re
for key, value := range host.Header {
header[key] = append(header[key], value...)
}
parts := append([]string{"/", host.Path, r.namespace}, ps...)
parts := append([]string{"/", host.Path, r.repository}, ps...)
p := path.Join(parts...)
// Join strips trailing slash, re-add ending "/" if included
if len(parts) > 0 && strings.HasSuffix(parts[len(parts)-1], "/") {
@ -478,6 +487,29 @@ func (r *request) authorize(ctx context.Context, req *http.Request) error {
return nil
}
func (r *request) addNamespace(ns string) (err error) {
if !r.host.isProxy(ns) {
return nil
}
var q url.Values
// Parse query
if i := strings.IndexByte(r.path, '?'); i > 0 {
r.path = r.path[:i+1]
q, err = url.ParseQuery(r.path[i+1:])
if err != nil {
return
}
} else {
r.path = r.path + "?"
q = url.Values{}
}
q.Add("ns", ns)
r.path = r.path + q.Encode()
return
}
type request struct {
method string
path string

4
vendor/github.com/containerd/containerd/remotes/docker/scope.go generated vendored
View File

@ -72,8 +72,8 @@ func contextWithAppendPullRepositoryScope(ctx context.Context, repo string) cont
return WithScope(ctx, fmt.Sprintf("repository:%s:pull", repo))
}
// getTokenScopes returns deduplicated and sorted scopes from ctx.Value(tokenScopesKey{}) and common scopes.
func getTokenScopes(ctx context.Context, common []string) []string {
// GetTokenScopes returns deduplicated and sorted scopes from ctx.Value(tokenScopesKey{}) and common scopes.
func GetTokenScopes(ctx context.Context, common []string) []string {
var scopes []string
if x := ctx.Value(tokenScopesKey{}); x != nil {
scopes = append(scopes, x.([]string)...)

5
vendor/github.com/containerd/containerd/services/tasks/local.go generated vendored
View File

@ -184,6 +184,11 @@ func (l *local) Create(ctx context.Context, r *api.CreateTaskRequest, _ ...grpc.
Options: m.Options,
})
}
if strings.HasPrefix(container.Runtime.Name, "io.containerd.runtime.v1.") {
log.G(ctx).Warn("runtime v1 is deprecated since containerd v1.4, consider using runtime v2")
} else if container.Runtime.Name == plugin.RuntimeRuncV1 {
log.G(ctx).Warnf("%q is deprecated since containerd v1.4, consider using %q", plugin.RuntimeRuncV1, plugin.RuntimeRuncV2)
}
rtime, err := l.getRuntime(container.Runtime.Name)
if err != nil {
return nil, err

9
vendor/github.com/containerd/containerd/task.go generated vendored
View File

@ -35,6 +35,7 @@ import (
"github.com/containerd/containerd/errdefs"
"github.com/containerd/containerd/images"
"github.com/containerd/containerd/mount"
"github.com/containerd/containerd/oci"
"github.com/containerd/containerd/plugin"
"github.com/containerd/containerd/rootfs"
"github.com/containerd/containerd/runtime/linux/runctypes"
@ -175,18 +176,26 @@ type Task interface {
// For the built in Linux runtime, github.com/containerd/cgroups.Metrics
// are returned in protobuf format
Metrics(context.Context) (*types.Metric, error)
// Spec returns the current OCI specification for the task
Spec(context.Context) (*oci.Spec, error)
}
var _ = (Task)(&task{})
type task struct {
client *Client
c Container
io cio.IO
id string
pid uint32
}
// Spec returns the current OCI specification for the task
func (t *task) Spec(ctx context.Context) (*oci.Spec, error) {
return t.c.Spec(ctx)
}
// ID of the task
func (t *task) ID() string {
return t.id

7
vendor/github.com/containerd/containerd/vendor.conf generated vendored
View File

@ -4,7 +4,7 @@ github.com/cespare/xxhash/v2 v2.1.1
github.com/containerd/btrfs 153935315f4ab9be5bf03650a1341454b05efa5d
github.com/containerd/cgroups 318312a373405e5e91134d8063d04d59768a1bff
github.com/containerd/console v1.0.0
github.com/containerd/continuity d3ef23f19fbb106bb73ffde425d07a9187e30745
github.com/containerd/continuity efbc4488d8fe1bdc16bde3b2d2990d9b3a899165
github.com/containerd/fifo f15a3290365b9d2627d189e619ab4008e0069caf
github.com/containerd/go-runc 7016d3ce2328dd2cb1192b2076ebd565c4e8df0c
github.com/containerd/ttrpc v1.0.1
@ -31,7 +31,7 @@ github.com/Microsoft/go-winio v0.4.14
github.com/Microsoft/hcsshim v0.8.9
github.com/opencontainers/go-digest v1.0.0
github.com/opencontainers/image-spec v1.0.1
github.com/opencontainers/runc v1.0.0-rc91
github.com/opencontainers/runc 67169a9d43456ff0d5ae12b967acb8e366e2f181 # v1.0.0-rc91-48-g67169a9d
github.com/opencontainers/runtime-spec 237cc4f519e2e8f9b235bacccfa8ef5a84df2875 # v1.0.3-0.20200520003142-237cc4f519e2
github.com/pkg/errors v0.9.1
github.com/prometheus/client_golang v1.6.0
@ -57,7 +57,7 @@ gotest.tools/v3 v3.0.2
github.com/cilium/ebpf 1c8d4c9ef7759622653a1d319284a44652333b28
# cri dependencies
github.com/containerd/cri 8448b92d237e877bed1e4aa7a0baf0dee234dbcb # master
github.com/containerd/cri 8871d5cdf8102a7d5989c307f2a366946feb54ee # master
github.com/davecgh/go-spew v1.1.1
github.com/docker/docker 4634ce647cf2ce2c6031129ccd109e557244986f
github.com/docker/spdystream 449fdfce4d962303d702fec724ef0ad181c92528
@ -68,7 +68,6 @@ github.com/json-iterator/go v1.1.9
github.com/modern-go/concurrent 1.0.3
github.com/modern-go/reflect2 v1.0.1
github.com/opencontainers/selinux v1.6.0
github.com/seccomp/libseccomp-golang v0.9.1
github.com/tchap/go-patricia v2.2.6
github.com/willf/bitset d5bec3311243426a3c6d1b7a795f24b17c686dbb # 1.1.10+ used by selinux pkg
golang.org/x/crypto bac4c82f69751a6dd76e702d54b3ceb88adab236

2
vendor/github.com/containerd/containerd/version/version.go generated vendored
View File

@ -23,7 +23,7 @@ var (
Package = "github.com/containerd/containerd"
// Version holds the complete version number. Filled in at linking time.
Version = "1.4.0-beta.2+unknown"
Version = "1.4.0-rc.0+unknown"
// Revision is filled with the VCS (e.g. git) revision being used to build
// the program at linking time.

8
vendor/github.com/containerd/continuity/context.go generated vendored
View File

@ -596,7 +596,7 @@ func (c *context) Walk(fn filepath.WalkFunc) error {
return err
}
}
return c.pathDriver.Walk(root, func(p string, fi os.FileInfo, err error) error {
return c.pathDriver.Walk(root, func(p string, fi os.FileInfo, _ error) error {
contained, err := c.containWithRoot(p, root)
return fn(contained, fi, err)
})
@ -613,12 +613,6 @@ func (c *context) fullpath(p string) (string, error) {
return p, nil
}
// contain cleans and santizes the filesystem path p to be an absolute path,
// effectively relative to the context root.
func (c *context) contain(p string) (string, error) {
return c.containWithRoot(p, c.root)
}
// containWithRoot cleans and santizes the filesystem path p to be an absolute path,
// effectively relative to the passed root. Extra care should be used when calling this
// instead of contain. This is needed for Walk, as if context root is a symlink,

1
vendor/github.com/containerd/continuity/devices/devices_unix.go generated vendored
View File

@ -32,6 +32,7 @@ func DeviceInfo(fi os.FileInfo) (uint64, uint64, error) {
return 0, 0, fmt.Errorf("cannot extract device from os.FileInfo")
}
//nolint:unconvert
dev := uint64(sys.Rdev)
return uint64(unix.Major(dev)), uint64(unix.Minor(dev)), nil
}

6
vendor/github.com/containerd/continuity/digests.go generated vendored
View File

@ -88,13 +88,9 @@ func digestsMatch(as, bs []digest.Digest) bool {
}
disjoint := len(as) + len(bs)
if len(uniqified) == disjoint {
// if these two sets have the same cardinality, we know both sides
// didn't share any digests.
return false
}
return true
return len(uniqified) != disjoint
}
type digestSlice []digest.Digest

4
vendor/github.com/containerd/continuity/driver/driver_windows.go generated vendored
View File

@ -1,3 +1,5 @@
// +build go1.13
/*
Copyright The containerd Authors.
@ -14,8 +16,6 @@
limitations under the License.
*/
// +build go1.13
// Go 1.13 is the minimally supported version for Windows.
// Earlier golang releases have bug in os.Readlink
// (see https://github.com/golang/go/issues/30463).

10
vendor/github.com/containerd/continuity/fs/path.go generated vendored
View File

@ -117,15 +117,13 @@ func sameFile(f1, f2 *currentPath) (bool, error) {
// If the timestamp may have been truncated in both of the
// files, check content of file to determine difference
if t1.Nanosecond() == 0 && t2.Nanosecond() == 0 {
var eq bool
if (f1.f.Mode() & os.ModeSymlink) == os.ModeSymlink {
eq, err = compareSymlinkTarget(f1.fullPath, f2.fullPath)
} else if f1.f.Size() > 0 {
eq, err = compareFileContent(f1.fullPath, f2.fullPath)
return compareSymlinkTarget(f1.fullPath, f2.fullPath)
}
if err != nil || !eq {
return eq, err
if f1.f.Size() == 0 { // if file sizes are zero length, the files are the same by definition
return true, nil
}
return compareFileContent(f1.fullPath, f2.fullPath)
} else if t1.Nanosecond() != t2.Nanosecond() {
return false, nil
}

2
vendor/github.com/containerd/continuity/go.mod generated vendored
View File

@ -1,6 +1,6 @@
module github.com/containerd/continuity
go 1.11
go 1.13
require (
bazil.org/fuse v0.0.0-20160811212531-371fbbdaa898

1
vendor/github.com/containerd/continuity/groups_unix.go generated vendored
View File

@ -14,6 +14,7 @@
limitations under the License.
*/
//nolint:unused,deadcode
package continuity
import (

1
vendor/github.com/containerd/continuity/hardlinks_unix.go generated vendored
View File

@ -48,5 +48,6 @@ func newHardlinkKey(fi os.FileInfo) (hardlinkKey, error) {
return hardlinkKey{}, errNotAHardLink
}
//nolint:unconvert
return hardlinkKey{dev: uint64(sys.Dev), inode: uint64(sys.Ino)}, nil
}

2
vendor/github.com/containerd/continuity/manifest.go generated vendored
View File

@ -114,11 +114,13 @@ func BuildManifest(ctx Context) (*Manifest, error) {
}
// merge and post-process the hardlinks.
// nolint:misspell
hardlinked, err := hardlinks.Merge()
if err != nil {
return nil, err
}
// nolint:misspell
for _, resource := range hardlinked {
resourcesByPath[resource.Path()] = resource
}

12
vendor/github.com/containerd/continuity/sysx/xattr_unsupported.go generated vendored
View File

@ -23,7 +23,7 @@ import (
"runtime"
)
var unsupported = errors.New("extended attributes unsupported on " + runtime.GOOS)
var errUnsupported = errors.New("extended attributes unsupported on " + runtime.GOOS)
// Listxattr calls syscall listxattr and reads all content
// and returns a string array
@ -33,17 +33,17 @@ func Listxattr(path string) ([]string, error) {
// Removexattr calls syscall removexattr
func Removexattr(path string, attr string) (err error) {
return unsupported
return errUnsupported
}
// Setxattr calls syscall setxattr
func Setxattr(path string, attr string, data []byte, flags int) (err error) {
return unsupported
return errUnsupported
}
// Getxattr calls syscall getxattr
func Getxattr(path, attr string) ([]byte, error) {
return []byte{}, unsupported
return []byte{}, errUnsupported
}
// LListxattr lists xattrs, not following symlinks
@ -53,12 +53,12 @@ func LListxattr(path string) ([]string, error) {
// LRemovexattr removes an xattr, not following symlinks
func LRemovexattr(path string, attr string) (err error) {
return unsupported
return errUnsupported
}
// LSetxattr sets an xattr, not following symlinks
func LSetxattr(path string, attr string, data []byte, flags int) (err error) {
return unsupported
return errUnsupported
}
// LGetxattr gets an xattr, not following symlinks

2
vendor/github.com/opencontainers/runc/go.mod generated vendored
View File

@ -4,7 +4,7 @@ go 1.14
require (
github.com/checkpoint-restore/go-criu/v4 v4.0.2
github.com/cilium/ebpf v0.0.0-20200507155900-a9f01edf17e3
github.com/cilium/ebpf v0.0.0-20200702112145-1c8d4c9ef775
github.com/containerd/console v1.0.0
github.com/coreos/go-systemd/v22 v22.0.0
github.com/cyphar/filepath-securejoin v0.2.2

7
vendor/github.com/opencontainers/runc/libcontainer/configs/cgroup_linux.go generated vendored
View File

@ -126,4 +126,11 @@ type Resources struct {
// CpuWeight sets a proportional bandwidth limit.
CpuWeight uint64 `json:"cpu_weight"`
// SkipDevices allows to skip configuring device permissions.
// Used by e.g. kubelet while creating a parent cgroup (kubepods)
// common for many containers.
//
// NOTE it is impossible to start a container which has this flag set.
SkipDevices bool `json:"skip_devices"`
}

12
vendor/github.com/opencontainers/runc/libcontainer/configs/device.go generated vendored
View File

@ -1,20 +1,15 @@
package configs
import (
"errors"
"fmt"
"os"
"strconv"
"golang.org/x/sys/unix"
)
const (
Wildcard = -1
)
// TODO Windows: This can be factored out in the future
type Device struct {
DeviceRule
@ -173,10 +168,3 @@ func (d *DeviceRule) CgroupString() string {
}
return fmt.Sprintf("%c %s:%s %s", d.Type, major, minor, d.Permissions)
}
func (d *DeviceRule) Mkdev() (uint64, error) {
if d.Major == Wildcard || d.Minor == Wildcard {
return 0, errors.New("cannot mkdev() device with wildcards")
}
return unix.Mkdev(uint32(d.Major), uint32(d.Minor)), nil
}

16
vendor/github.com/opencontainers/runc/libcontainer/configs/device_unix.go generated vendored Normal file
View File

@ -0,0 +1,16 @@
// +build !windows
package configs
import (
"errors"
"golang.org/x/sys/unix"
)
func (d *DeviceRule) Mkdev() (uint64, error) {
if d.Major == Wildcard || d.Minor == Wildcard {
return 0, errors.New("cannot mkdev() device with wildcards")
}
return unix.Mkdev(uint32(d.Major), uint32(d.Minor)), nil
}

5
vendor/github.com/opencontainers/runc/libcontainer/configs/device_windows.go generated vendored Normal file
View File

@ -0,0 +1,5 @@
package configs
func (d *DeviceRule) Mkdev() (uint64, error) {
return 0, nil
}

11
vendor/github.com/opencontainers/runc/libcontainer/devices/devices.go generated vendored
View File

@ -37,12 +37,12 @@ func DeviceFromPath(path, permissions string) (*configs.Device, error) {
major = unix.Major(devNumber)
minor = unix.Minor(devNumber)
)
switch {
case mode&unix.S_IFBLK == unix.S_IFBLK:
switch mode & unix.S_IFMT {
case unix.S_IFBLK:
devType = configs.BlockDevice
case mode&unix.S_IFCHR == unix.S_IFCHR:
case unix.S_IFCHR:
devType = configs.CharDevice
case mode&unix.S_IFIFO == unix.S_IFIFO:
case unix.S_IFIFO:
devType = configs.FifoDevice
default:
return nil, ErrNotADevice
@ -104,6 +104,9 @@ func GetDevices(path string) ([]*configs.Device, error) {
}
return nil, err
}
if device.Type == configs.FifoDevice {
continue
}
out = append(out, device)
}
return out, nil

2
vendor/github.com/opencontainers/runc/libcontainer/user/user.go generated vendored
View File

@ -60,7 +60,7 @@ type Group struct {
// groupFromOS converts an os/user.(*Group) to local Group
//
// (This does not include Pass, Shell or Gecos)
// (This does not include Pass or List)
func groupFromOS(g *user.Group) (Group, error) {
newGroup := Group{
Name: g.Name,