Update containerd vendor

Signed-off-by: Daniel Nephin <dnephin@gmail.com>
2017-11-28 14:09:58 -05:00 · 2017-11-28 14:09:58 -05:00 · bf5f17ac1e
commit bf5f17ac1e
parent 4b4714eaca
25 changed files with 380 additions and 415 deletions
--- a/vendor.conf
+++ b/vendor.conf
@ -2,7 +2,7 @@ github.com/blang/semver v3.1.0
 github.com/boltdb/bolt e9cf4fae01b5a8ff89d0ec6b32f0d9c9f79aefdd
 github.com/BurntSushi/toml a368813c5e648fee92e5f6c30e3944ff9d5e8895
 github.com/containerd/cgroups f7dd103d3e4e696aa67152f6b4ddd1779a3455a9
-github.com/containerd/containerd 70e0c8443ff15dcbd2ad8e0d07ed087fc2a83e05
+github.com/containerd/containerd 9e04cff8e9e3a1bf13c088cb3db1c368e93b33ea
 github.com/containerd/continuity cf279e6ac893682272b4479d4c67fd3abf878b4e
 github.com/containerd/fifo fbfb6a11ec671efbe94ad1c12c2e98773f19e1e6
 github.com/containerd/typeurl f6943554a7e7e88b3c14aad190bf05932da84788
--- a/vendor/github.com/containerd/containerd/README.md
+++ b/vendor/github.com/containerd/containerd/README.md
@ -78,7 +78,7 @@ containerd fully supports the OCI runtime specification for running containers.
 You can specify options when creating a container about how to modify the specification.
 ```go
-redis, err := client.NewContainer(context, "redis-master", containerd.WithNewSpec(containerd.WithImageConfig(image)))
+redis, err := client.NewContainer(context, "redis-master", containerd.WithNewSpec(oci.WithImageConfig(image)))
 ```
 ### Root Filesystems
@ -92,7 +92,7 @@ image, err := client.Pull(context, "docker.io/library/redis:latest", containerd.
 // allocate a new RW root filesystem for a container based on the image
 redis, err := client.NewContainer(context, "redis-master",
 	containerd.WithNewSnapshot("redis-rootfs", image),
-	containerd.WithNewSpec(containerd.WithImageConfig(image)),
+	containerd.WithNewSpec(oci.WithImageConfig(image)),
 )
@ -101,7 +101,7 @@ for i := 0; i < 10; i++ {
 	id := fmt.Sprintf("id-%s", i)
 	container, err := client.NewContainer(ctx, id,
 		containerd.WithNewSnapshotView(id, image),
-		containerd.WithNewSpec(containerd.WithImageConfig(image)),
+		containerd.WithNewSpec(oci.WithImageConfig(image)),
 	)
 }
 ```
--- a/vendor/github.com/containerd/containerd/api/services/images/v1/images.pb.go
+++ b/vendor/github.com/containerd/containerd/api/services/images/v1/images.pb.go
@ -163,6 +163,11 @@ func (*ListImagesResponse) Descriptor() ([]byte, []int) { return fileDescriptorI
 type DeleteImageRequest struct {
 	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
 	// Sync indicates that the delete and cleanup should be done
 	// synchronously before returning to the caller
 	//
 	// Default is false
 	Sync bool `protobuf:"varint,2,opt,name=sync,proto3" json:"sync,omitempty"`
 }
 func (m *DeleteImageRequest) Reset()                    { *m = DeleteImageRequest{} }
@ -717,6 +722,16 @@ func (m *DeleteImageRequest) MarshalTo(dAtA []byte) (int, error) {
 		i = encodeVarintImages(dAtA, i, uint64(len(m.Name)))
 		i += copy(dAtA[i:], m.Name)
 	}
 	if m.Sync {
 		dAtA[i] = 0x10
 		i++
 		if m.Sync {
 			dAtA[i] = 1
 		} else {
 			dAtA[i] = 0
 		}
 		i++
 	}
 	return i, nil
 }
@ -840,6 +855,9 @@ func (m *DeleteImageRequest) Size() (n int) {
 	if l > 0 {
 		n += 1 + l + sovImages(uint64(l))
 	}
 	if m.Sync {
 		n += 2
 	}
 	return n
 }
@ -967,6 +985,7 @@ func (this *DeleteImageRequest) String() string {
 	}
 	s := strings.Join([]string{`&DeleteImageRequest{`,
 		`Name:` + fmt.Sprintf("%v", this.Name) + `,`,
 		`Sync:` + fmt.Sprintf("%v", this.Sync) + `,`,
 		`}`,
 	}, "")
 	return s
@ -1999,6 +2018,26 @@ func (m *DeleteImageRequest) Unmarshal(dAtA []byte) error {
 			}
 			m.Name = string(dAtA[iNdEx:postIndex])
 			iNdEx = postIndex
 		case 2:
 			if wireType != 0 {
 				return fmt.Errorf("proto: wrong wireType = %d for field Sync", wireType)
 			}
 			var v int
 			for shift := uint(0); ; shift += 7 {
 				if shift >= 64 {
 					return ErrIntOverflowImages
 				}
 				if iNdEx >= l {
 					return io.ErrUnexpectedEOF
 				}
 				b := dAtA[iNdEx]
 				iNdEx++
 				v |= (int(b) & 0x7F) << shift
 				if b < 0x80 {
 					break
 				}
 			}
 			m.Sync = bool(v != 0)
 		default:
 			iNdEx = preIndex
 			skippy, err := skipImages(dAtA[iNdEx:])
@ -2130,46 +2169,47 @@ func init() {
 }
 var fileDescriptorImages = []byte{
-	// 650 bytes of a gzipped FileDescriptorProto
+	// 659 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xac, 0x55, 0x4f, 0x6f, 0xd3, 0x4e,
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xac, 0x55, 0xcd, 0x6e, 0xd3, 0x40,
-	0x10, 0x8d, 0x93, 0xd4, 0x6d, 0x27, 0x87, 0x5f, 0x7f, 0x4b, 0x85, 0x2c, 0x03, 0x69, 0x14, 0x81,
+	0x10, 0x8e, 0x93, 0xd4, 0x6d, 0x27, 0x07, 0xca, 0x52, 0x21, 0xcb, 0x40, 0x1a, 0x45, 0x20, 0xe5,
-	0x94, 0x0b, 0x6b, 0x1a, 0x2e, 0xd0, 0x4a, 0x88, 0xa6, 0x2d, 0x05, 0xa9, 0x70, 0x30, 0xff, 0x2a,
+	0xc2, 0x9a, 0x86, 0x0b, 0xb4, 0x08, 0xd1, 0xb4, 0xa5, 0x20, 0x15, 0x0e, 0xe6, 0xaf, 0xe2, 0x52,
-	0x2e, 0xd5, 0x26, 0x99, 0x18, 0x2b, 0x76, 0x6c, 0xbc, 0x9b, 0x48, 0xb9, 0xf1, 0x11, 0x90, 0xe0,
+	0x6d, 0x92, 0x89, 0xb1, 0x62, 0xc7, 0xc6, 0xbb, 0x89, 0x94, 0x1b, 0x8f, 0x80, 0x04, 0x0f, 0xd5,
-	0x43, 0xf5, 0xc8, 0x91, 0x13, 0xd0, 0x1c, 0xf8, 0x1c, 0xc8, 0xbb, 0x1b, 0x9a, 0x26, 0x11, 0x6e,
+	0x23, 0x47, 0x4e, 0x40, 0x73, 0xe0, 0x39, 0x90, 0x77, 0x37, 0x34, 0x4d, 0x22, 0x92, 0x94, 0xde,
-	0x4a, 0x6f, 0xe3, 0xf8, 0xbd, 0x79, 0x33, 0x6f, 0x66, 0x62, 0xd8, 0xf3, 0x7c, 0xf1, 0xbe, 0xdf,
+	0x66, 0xed, 0xef, 0x9b, 0x9f, 0x6f, 0x66, 0x76, 0x61, 0xcf, 0xf3, 0xc5, 0x87, 0x6e, 0x9d, 0x36,
-	0xa4, 0xad, 0x28, 0x74, 0x5a, 0x51, 0x4f, 0x30, 0xbf, 0x87, 0x49, 0x7b, 0x32, 0x64, 0xb1, 0xef,
+	0xa2, 0xd0, 0x69, 0x44, 0x1d, 0xc1, 0xfc, 0x0e, 0x26, 0xcd, 0x51, 0x93, 0xc5, 0xbe, 0xc3, 0x31,
-	0x70, 0x4c, 0x06, 0x7e, 0x0b, 0xb9, 0xe3, 0x87, 0xcc, 0x43, 0xee, 0x0c, 0x36, 0x75, 0x44, 0xe3,
+	0xe9, 0xf9, 0x0d, 0xe4, 0x8e, 0x1f, 0x32, 0x0f, 0xb9, 0xd3, 0xdb, 0xd4, 0x16, 0x8d, 0x93, 0x48,
-	0x24, 0x12, 0x11, 0xb9, 0x75, 0x86, 0xa7, 0x63, 0x2c, 0xd5, 0x88, 0xc1, 0xa6, 0xbd, 0xee, 0x45,
+	0x44, 0xe4, 0xd6, 0x19, 0x9e, 0x0e, 0xb1, 0x54, 0x23, 0x7a, 0x9b, 0xf6, 0xba, 0x17, 0x79, 0x91,
-	0x5e, 0x24, 0x91, 0x4e, 0x1a, 0x29, 0x92, 0x7d, 0xc3, 0x8b, 0x22, 0x2f, 0x40, 0x47, 0x3e, 0x35,
+	0x44, 0x3a, 0xa9, 0xa5, 0x48, 0xf6, 0x0d, 0x2f, 0x8a, 0xbc, 0x00, 0x1d, 0x79, 0xaa, 0x77, 0x5b,
-	0xfb, 0x1d, 0x07, 0xc3, 0x58, 0x0c, 0xf5, 0xcb, 0xca, 0xf4, 0xcb, 0x8e, 0x8f, 0x41, 0xfb, 0x38,
+	0x0e, 0x86, 0xb1, 0xe8, 0xeb, 0x9f, 0xa5, 0xf1, 0x9f, 0x2d, 0x1f, 0x83, 0xe6, 0x71, 0xc8, 0x78,
-	0x64, 0xbc, 0xab, 0x11, 0x1b, 0xd3, 0x08, 0xe1, 0x87, 0xc8, 0x05, 0x0b, 0x63, 0x0d, 0xd8, 0xbe,
+	0x5b, 0x23, 0x36, 0xc6, 0x11, 0xc2, 0x0f, 0x91, 0x0b, 0x16, 0xc6, 0x1a, 0xb0, 0x3d, 0x57, 0x69,
-	0x50, 0x6b, 0x62, 0x18, 0x23, 0x77, 0xda, 0xc8, 0x5b, 0x89, 0x1f, 0x8b, 0x28, 0x51, 0xe4, 0xea,
+	0xa2, 0x1f, 0x23, 0x77, 0x9a, 0xc8, 0x1b, 0x89, 0x1f, 0x8b, 0x28, 0x51, 0xe4, 0xf2, 0xef, 0x2c,
-	0xaf, 0x3c, 0x2c, 0x3d, 0x4b, 0x1b, 0x20, 0x04, 0x8a, 0x3d, 0x16, 0xa2, 0x65, 0x54, 0x8c, 0xda,
+	0x2c, 0x3d, 0x4f, 0x0b, 0x20, 0x04, 0xf2, 0x1d, 0x16, 0xa2, 0x65, 0x94, 0x8c, 0xca, 0xaa, 0x2b,
-	0xaa, 0x2b, 0x63, 0xf2, 0x14, 0xcc, 0x80, 0x35, 0x31, 0xe0, 0x56, 0xbe, 0x52, 0xa8, 0x95, 0xea,
+	0x6d, 0xf2, 0x0c, 0xcc, 0x80, 0xd5, 0x31, 0xe0, 0x56, 0xb6, 0x94, 0xab, 0x14, 0xaa, 0xf7, 0xe8,
-	0xf7, 0xe8, 0x5f, 0x0d, 0xa0, 0x32, 0x13, 0x3d, 0x94, 0x94, 0xfd, 0x9e, 0x48, 0x86, 0xae, 0xe6,
+	0x3f, 0x05, 0xa0, 0xd2, 0x13, 0x3d, 0x94, 0x94, 0xfd, 0x8e, 0x48, 0xfa, 0xae, 0xe6, 0x93, 0x2d,
-	0x93, 0x2d, 0x30, 0x05, 0x4b, 0x3c, 0x14, 0x56, 0xa1, 0x62, 0xd4, 0x4a, 0xf5, 0x9b, 0x93, 0x99,
+	0x30, 0x05, 0x4b, 0x3c, 0x14, 0x56, 0xae, 0x64, 0x54, 0x0a, 0xd5, 0x9b, 0xa3, 0x9e, 0x64, 0x6e,
-	0x64, 0x6d, 0x74, 0xef, 0x4f, 0x6d, 0x8d, 0xe2, 0xc9, 0xf7, 0x8d, 0x9c, 0xab, 0x19, 0x64, 0x17,
+	0x74, 0xef, 0x6f, 0x6e, 0xb5, 0xfc, 0xc9, 0x8f, 0x8d, 0x8c, 0xab, 0x19, 0x64, 0x17, 0xa0, 0x91,
-	0xa0, 0x95, 0x20, 0x13, 0xd8, 0x3e, 0x66, 0xc2, 0x5a, 0x96, 0x7c, 0x9b, 0x2a, 0x5b, 0xe8, 0xd8,
+	0x20, 0x13, 0xd8, 0x3c, 0x66, 0xc2, 0x5a, 0x96, 0x7c, 0x9b, 0x2a, 0x59, 0xe8, 0x50, 0x16, 0xfa,
-	0x16, 0xfa, 0x6a, 0x6c, 0x4b, 0x63, 0x25, 0x65, 0x7f, 0xfa, 0xb1, 0x61, 0xb8, 0xab, 0x9a, 0xb7,
+	0x7a, 0x28, 0x4b, 0x6d, 0x25, 0x65, 0x7f, 0xfe, 0xb9, 0x61, 0xb8, 0xab, 0x9a, 0xb7, 0x23, 0x9d,
-	0x23, 0x93, 0xf4, 0xe3, 0xf6, 0x38, 0xc9, 0xca, 0x22, 0x49, 0x34, 0x6f, 0x47, 0xd8, 0x0f, 0xa1,
+	0x74, 0xe3, 0xe6, 0xd0, 0xc9, 0xca, 0x22, 0x4e, 0x34, 0x6f, 0x47, 0xd8, 0x0f, 0xa1, 0x30, 0x52,
-	0x34, 0xd1, 0x1c, 0x59, 0x83, 0x42, 0x17, 0x87, 0xda, 0xb1, 0x34, 0x24, 0xeb, 0xb0, 0x34, 0x60,
+	0x1c, 0x59, 0x83, 0x5c, 0x1b, 0xfb, 0x5a, 0xb1, 0xd4, 0x24, 0xeb, 0xb0, 0xd4, 0x63, 0x41, 0x17,
-	0x41, 0x1f, 0xad, 0xbc, 0xfc, 0x4d, 0x3d, 0x6c, 0xe5, 0x1f, 0x18, 0xd5, 0x3b, 0xf0, 0xdf, 0x01,
+	0xad, 0xac, 0xfc, 0xa6, 0x0e, 0x5b, 0xd9, 0x07, 0x46, 0xf9, 0x0e, 0x5c, 0x39, 0x40, 0x21, 0x05,
-	0x0a, 0x69, 0x90, 0x8b, 0x1f, 0xfa, 0xc8, 0xc5, 0x3c, 0xc7, 0xab, 0x2f, 0x60, 0xed, 0x0c, 0xc6,
+	0x72, 0xf1, 0x63, 0x17, 0xb9, 0x98, 0xa6, 0x78, 0xf9, 0x25, 0xac, 0x9d, 0xc1, 0x78, 0x1c, 0x75,
-	0xe3, 0xa8, 0xc7, 0x91, 0x6c, 0xc1, 0x92, 0xb4, 0x58, 0x02, 0x4b, 0xf5, 0xdb, 0x17, 0x19, 0x82,
+	0x38, 0x92, 0x2d, 0x58, 0x92, 0x12, 0x4b, 0x60, 0xa1, 0x7a, 0x7b, 0x9e, 0x26, 0xb8, 0x8a, 0x52,
-	0xab, 0x28, 0xd5, 0x37, 0x40, 0x76, 0xa5, 0x07, 0xe7, 0x94, 0x1f, 0x5f, 0x22, 0xa3, 0x1e, 0x8a,
+	0x7e, 0x0b, 0x64, 0x57, 0x6a, 0x70, 0x2e, 0xf2, 0x93, 0x0b, 0x78, 0xd4, 0x4d, 0xd1, 0x7e, 0xdf,
-	0xce, 0xfb, 0x16, 0xae, 0x9d, 0xcb, 0xab, 0x4b, 0xfd, 0xf7, 0xc4, 0x9f, 0x0d, 0x20, 0xaf, 0xa5,
+	0xc1, 0xb5, 0x73, 0x7e, 0x75, 0xaa, 0xff, 0xef, 0xf8, 0x8b, 0x01, 0xe4, 0x8d, 0x14, 0xfc, 0x72,
-	0xe1, 0x57, 0x5b, 0x31, 0xd9, 0x86, 0x92, 0x1a, 0xa4, 0x3c, 0x2e, 0x39, 0xa0, 0x79, 0x1b, 0xf0,
+	0x33, 0x26, 0xdb, 0x50, 0x50, 0x8d, 0x94, 0xcb, 0x25, 0x1b, 0x34, 0x6d, 0x02, 0x9e, 0xa6, 0xfb,
-	0x24, 0xbd, 0xbf, 0xe7, 0x8c, 0x77, 0x5d, 0xbd, 0x2f, 0x69, 0x9c, 0xb6, 0x7b, 0xae, 0xa8, 0x2b,
+	0xf7, 0x82, 0xf1, 0xb6, 0xab, 0xe7, 0x25, 0xb5, 0xd3, 0x72, 0xcf, 0x25, 0x75, 0x69, 0xe5, 0xde,
-	0x6b, 0xf7, 0x2e, 0xfc, 0x7f, 0xe8, 0x73, 0x35, 0x70, 0x3e, 0x6e, 0xd6, 0x82, 0xe5, 0x8e, 0x1f,
+	0x85, 0xab, 0x87, 0x3e, 0x57, 0x0d, 0xe7, 0xc3, 0x62, 0x2d, 0x58, 0x6e, 0xf9, 0x81, 0xc0, 0x84,
-	0x08, 0x4c, 0xb8, 0x65, 0x54, 0x0a, 0xb5, 0x55, 0x77, 0xfc, 0x58, 0x3d, 0x02, 0x32, 0x09, 0xd7,
+	0x5b, 0x46, 0x29, 0x57, 0x59, 0x75, 0x87, 0xc7, 0xf2, 0x11, 0x90, 0x51, 0xb8, 0x4e, 0xa3, 0x06,
-	0x65, 0x34, 0xc0, 0x54, 0x22, 0x12, 0xbe, 0x58, 0x1d, 0x9a, 0x59, 0xad, 0x01, 0xd9, 0xc3, 0x00,
+	0xa6, 0x0a, 0x22, 0xe1, 0x8b, 0xe5, 0xa1, 0x99, 0xe5, 0x47, 0x40, 0xf6, 0x30, 0xc0, 0x31, 0xd9,
-	0xa7, 0x6c, 0x9f, 0xb3, 0xa2, 0xf5, 0x2f, 0x45, 0x30, 0x55, 0x01, 0xa4, 0x03, 0x85, 0x03, 0x14,
+	0xa7, 0x5d, 0x0a, 0x04, 0xf2, 0xbc, 0xdf, 0x69, 0x48, 0x05, 0x57, 0x5c, 0x69, 0x57, 0xbf, 0xe6,
-	0x84, 0x66, 0xe8, 0x4d, 0x2d, 0xbe, 0xed, 0x5c, 0x18, 0xaf, 0x1b, 0xec, 0x42, 0x31, 0x6d, 0x9b,
+	0xc1, 0x54, 0x49, 0x91, 0x16, 0xe4, 0x0e, 0x50, 0x10, 0x3a, 0x23, 0x87, 0xb1, 0x65, 0xb0, 0x9d,
-	0x64, 0xfd, 0xff, 0xcc, 0x58, 0x69, 0x6f, 0x2e, 0xc0, 0xd0, 0x62, 0x11, 0x98, 0x6a, 0xb5, 0x49,
+	0xb9, 0xf1, 0xba, 0xe8, 0x36, 0xe4, 0x53, 0x29, 0xc8, 0xac, 0x3b, 0x69, 0x42, 0x5e, 0x7b, 0x73,
-	0x16, 0x79, 0xf6, 0xb2, 0xec, 0xfa, 0x22, 0x94, 0x33, 0x41, 0xb5, 0x5c, 0x99, 0x82, 0xb3, 0x87,
+	0x01, 0x86, 0x0e, 0x16, 0x81, 0xa9, 0xc6, 0x9d, 0xcc, 0x22, 0x4f, 0x6e, 0x9b, 0x5d, 0x5d, 0x84,
-	0x91, 0x29, 0x38, 0x6f, 0x6d, 0x5f, 0x82, 0xa9, 0x66, 0x9d, 0x29, 0x38, 0xbb, 0x12, 0xf6, 0xf5,
+	0x72, 0x16, 0x50, 0x0d, 0xdc, 0xcc, 0x80, 0x93, 0xcb, 0x32, 0x33, 0xe0, 0xb4, 0x51, 0x7e, 0x05,
-	0x99, 0x93, 0xd9, 0x4f, 0xbf, 0x67, 0x8d, 0xa3, 0x93, 0xd3, 0x72, 0xee, 0xdb, 0x69, 0x39, 0xf7,
+	0xa6, 0xea, 0xff, 0xcc, 0x80, 0x93, 0x63, 0x62, 0x5f, 0x9f, 0x58, 0xa3, 0xfd, 0xf4, 0x8d, 0xab,
-	0x71, 0x54, 0x36, 0x4e, 0x46, 0x65, 0xe3, 0xeb, 0xa8, 0x6c, 0xfc, 0x1c, 0x95, 0x8d, 0x77, 0x8f,
+	0x1d, 0x9d, 0x9c, 0x16, 0x33, 0xdf, 0x4f, 0x8b, 0x99, 0x4f, 0x83, 0xa2, 0x71, 0x32, 0x28, 0x1a,
-	0x2e, 0xf9, 0xed, 0xdd, 0x56, 0xd1, 0x51, 0xae, 0x69, 0x4a, 0xad, 0xfb, 0xbf, 0x03, 0x00, 0x00,
+	0xdf, 0x06, 0x45, 0xe3, 0xd7, 0xa0, 0x68, 0xbc, 0x7f, 0x7c, 0xc1, 0xf7, 0x78, 0x5b, 0x59, 0x47,
-	0xff, 0xff, 0x86, 0xe6, 0x32, 0x0a, 0xc6, 0x07, 0x00, 0x00,
+	0x99, 0xba, 0x29, 0x63, 0xdd, 0xff, 0x13, 0x00, 0x00, 0xff, 0xff, 0x24, 0x4e, 0xca, 0x64, 0xda,
 	0x07, 0x00, 0x00,
 }
--- a/vendor/github.com/containerd/containerd/api/services/images/v1/images.proto
+++ b/vendor/github.com/containerd/containerd/api/services/images/v1/images.proto
@ -115,4 +115,10 @@ message ListImagesResponse {
 message DeleteImageRequest {
 	string name = 1;
 	// Sync indicates that the delete and cleanup should be done
 	// synchronously before returning to the caller
 	//
 	// Default is false
 	bool sync = 2;
 }
--- a/vendor/github.com/containerd/containerd/container_opts.go
+++ b/vendor/github.com/containerd/containerd/container_opts.go
@ -5,10 +5,12 @@ import (
 	"github.com/containerd/containerd/containers"
 	"github.com/containerd/containerd/errdefs"
 	"github.com/containerd/containerd/oci"
 	"github.com/containerd/containerd/platforms"
 	"github.com/containerd/typeurl"
 	"github.com/gogo/protobuf/types"
 	"github.com/opencontainers/image-spec/identity"
 	specs "github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/pkg/errors"
 )
@ -164,3 +166,29 @@ func WithContainerExtension(name string, extension interface{}) NewContainerOpts
 		return nil
 	}
 }
 // WithNewSpec generates a new spec for a new container
 func WithNewSpec(opts ...oci.SpecOpts) NewContainerOpts {
 	return func(ctx context.Context, client *Client, c *containers.Container) error {
 		s, err := oci.GenerateSpec(ctx, client, c, opts...)
 		if err != nil {
 			return err
 		}
 		c.Spec, err = typeurl.MarshalAny(s)
 		return err
 	}
 }
 // WithSpec sets the provided spec on the container
 func WithSpec(s *specs.Spec, opts ...oci.SpecOpts) NewContainerOpts {
 	return func(ctx context.Context, client *Client, c *containers.Container) error {
 		for _, o := range opts {
 			if err := o(ctx, client, c, s); err != nil {
 				return err
 			}
 		}
 		var err error
 		c.Spec, err = typeurl.MarshalAny(s)
 		return err
 	}
 }
--- a/vendor/github.com/containerd/containerd/container_opts_unix.go
+++ b/vendor/github.com/containerd/containerd/container_opts_unix.go
@ -6,12 +6,17 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
 	"os"
 	"path/filepath"
 	"syscall"
 	"github.com/containerd/containerd/api/types"
 	"github.com/containerd/containerd/containers"
 	"github.com/containerd/containerd/content"
 	"github.com/containerd/containerd/errdefs"
 	"github.com/containerd/containerd/images"
 	"github.com/containerd/containerd/mount"
 	"github.com/containerd/containerd/platforms"
 	"github.com/gogo/protobuf/proto"
 	protobuf "github.com/gogo/protobuf/types"
@ -19,6 +24,7 @@ import (
 	"github.com/opencontainers/image-spec/identity"
 	"github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/pkg/errors"
 	"golang.org/x/sys/unix"
 )
 // WithCheckpoint allows a container to be created from the checkpointed information
@ -122,3 +128,91 @@ func decodeIndex(ctx context.Context, store content.Store, id digest.Digest) (*v
 	return &index, nil
 }
 // WithRemappedSnapshot creates a new snapshot and remaps the uid/gid for the
 // filesystem to be used by a container with user namespaces
 func WithRemappedSnapshot(id string, i Image, uid, gid uint32) NewContainerOpts {
 	return withRemappedSnapshotBase(id, i, uid, gid, false)
 }
 // WithRemappedSnapshotView is similar to WithRemappedSnapshot but rootfs is mounted as read-only.
 func WithRemappedSnapshotView(id string, i Image, uid, gid uint32) NewContainerOpts {
 	return withRemappedSnapshotBase(id, i, uid, gid, true)
 }
 func withRemappedSnapshotBase(id string, i Image, uid, gid uint32, readonly bool) NewContainerOpts {
 	return func(ctx context.Context, client *Client, c *containers.Container) error {
 		diffIDs, err := i.(*image).i.RootFS(ctx, client.ContentStore(), platforms.Default())
 		if err != nil {
 			return err
 		}
 		setSnapshotterIfEmpty(c)
 		var (
 			snapshotter = client.SnapshotService(c.Snapshotter)
 			parent      = identity.ChainID(diffIDs).String()
 			usernsID    = fmt.Sprintf("%s-%d-%d", parent, uid, gid)
 		)
 		if _, err := snapshotter.Stat(ctx, usernsID); err == nil {
 			if _, err := snapshotter.Prepare(ctx, id, usernsID); err == nil {
 				c.SnapshotKey = id
 				c.Image = i.Name()
 				return nil
 			} else if !errdefs.IsNotFound(err) {
 				return err
 			}
 		}
 		mounts, err := snapshotter.Prepare(ctx, usernsID+"-remap", parent)
 		if err != nil {
 			return err
 		}
 		if err := remapRootFS(mounts, uid, gid); err != nil {
 			snapshotter.Remove(ctx, usernsID)
 			return err
 		}
 		if err := snapshotter.Commit(ctx, usernsID, usernsID+"-remap"); err != nil {
 			return err
 		}
 		if readonly {
 			_, err = snapshotter.View(ctx, id, usernsID)
 		} else {
 			_, err = snapshotter.Prepare(ctx, id, usernsID)
 		}
 		if err != nil {
 			return err
 		}
 		c.SnapshotKey = id
 		c.Image = i.Name()
 		return nil
 	}
 }
 func remapRootFS(mounts []mount.Mount, uid, gid uint32) error {
 	root, err := ioutil.TempDir("", "ctd-remap")
 	if err != nil {
 		return err
 	}
 	defer os.RemoveAll(root)
 	for _, m := range mounts {
 		if err := m.Mount(root); err != nil {
 			return err
 		}
 	}
 	defer unix.Unmount(root, 0)
 	return filepath.Walk(root, incrementFS(root, uid, gid))
 }
 func incrementFS(root string, uidInc, gidInc uint32) filepath.WalkFunc {
 	return func(path string, info os.FileInfo, err error) error {
 		if err != nil {
 			return err
 		}
 		var (
 			stat = info.Sys().(*syscall.Stat_t)
 			u, g = int(stat.Uid + uidInc), int(stat.Gid + gidInc)
 		)
 		// be sure the lchown the path as to not de-reference the symlink to a host file
 		return os.Lchown(path, u, g)
 	}
 }
--- a/vendor/github.com/containerd/containerd/contrib/apparmor/apparmor.go
+++ b/vendor/github.com/containerd/containerd/contrib/apparmor/apparmor.go
@ -7,15 +7,15 @@ import (
 	"io/ioutil"
 	"os"
 	"github.com/containerd/containerd"
 	"github.com/containerd/containerd/containers"
 	"github.com/containerd/containerd/oci"
 	specs "github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/pkg/errors"
 )
 // WithProfile sets the provided apparmor profile to the spec
-func WithProfile(profile string) containerd.SpecOpts {
+func WithProfile(profile string) oci.SpecOpts {
-	return func(_ context.Context, _ *containerd.Client, _ *containers.Container, s *specs.Spec) error {
+	return func(_ context.Context, _ oci.Client, _ *containers.Container, s *specs.Spec) error {
 		s.Process.ApparmorProfile = profile
 		return nil
 	}
@ -23,8 +23,8 @@ func WithProfile(profile string) containerd.SpecOpts {
 // WithDefaultProfile will generate a default apparmor profile under the provided name
 // for the container.  It is only generated if a profile under that name does not exist.
-func WithDefaultProfile(name string) containerd.SpecOpts {
+func WithDefaultProfile(name string) oci.SpecOpts {
-	return func(_ context.Context, _ *containerd.Client, _ *containers.Container, s *specs.Spec) error {
+	return func(_ context.Context, _ oci.Client, _ *containers.Container, s *specs.Spec) error {
 		yes, err := isLoaded(name)
 		if err != nil {
 			return err
--- a/vendor/github.com/containerd/containerd/contrib/seccomp/seccomp.go
+++ b/vendor/github.com/containerd/containerd/contrib/seccomp/seccomp.go
@ -8,16 +8,16 @@ import (
 	"fmt"
 	"io/ioutil"
 	"github.com/containerd/containerd"
 	"github.com/containerd/containerd/containers"
 	"github.com/containerd/containerd/oci"
 	"github.com/opencontainers/runtime-spec/specs-go"
 )
 // WithProfile receives the name of a file stored on disk comprising a json
 // formated seccomp profile, as specified by the opencontainers/runtime-spec.
 // The profile is read from the file, unmarshaled, and set to the spec.
-func WithProfile(profile string) containerd.SpecOpts {
+func WithProfile(profile string) oci.SpecOpts {
-	return func(_ context.Context, _ *containerd.Client, _ *containers.Container, s *specs.Spec) error {
+	return func(_ context.Context, _ oci.Client, _ *containers.Container, s *specs.Spec) error {
 		s.Linux.Seccomp = &specs.LinuxSeccomp{}
 		f, err := ioutil.ReadFile(profile)
 		if err != nil {
@ -32,8 +32,8 @@ func WithProfile(profile string) containerd.SpecOpts {
 // WithDefaultProfile sets the default seccomp profile to the spec.
 // Note: must follow the setting of process capabilities
-func WithDefaultProfile() containerd.SpecOpts {
+func WithDefaultProfile() oci.SpecOpts {
-	return func(_ context.Context, _ *containerd.Client, _ *containers.Container, s *specs.Spec) error {
+	return func(_ context.Context, _ oci.Client, _ *containers.Container, s *specs.Spec) error {
 		s.Linux.Seccomp = DefaultProfile(s)
 		return nil
 	}
--- a/vendor/github.com/containerd/containerd/image.go
+++ b/vendor/github.com/containerd/containerd/image.go
@ -32,6 +32,8 @@ type Image interface {
 	Config(ctx context.Context) (ocispec.Descriptor, error)
 	// IsUnpacked returns whether or not an image is unpacked.
 	IsUnpacked(context.Context, string) (bool, error)
 	// ContentStore provides a content store which contains image blob data
 	ContentStore() content.Store
 }
 var _ = (Image)(&image{})
@ -166,3 +168,7 @@ func (i *image) getLayers(ctx context.Context, platform string) ([]rootfs.Layer,
 	}
 	return layers, nil
 }
 func (i *image) ContentStore() content.Store {
 	return i.client.ContentStore()
 }
--- a/vendor/github.com/containerd/containerd/image_store.go
+++ b/vendor/github.com/containerd/containerd/image_store.go
@ -74,9 +74,16 @@ func (s *remoteImages) Update(ctx context.Context, image images.Image, fieldpath
 	return imageFromProto(&updated.Image), nil
 }
-func (s *remoteImages) Delete(ctx context.Context, name string) error {
+func (s *remoteImages) Delete(ctx context.Context, name string, opts ...images.DeleteOpt) error {
 	var do images.DeleteOptions
 	for _, opt := range opts {
 		if err := opt(ctx, &do); err != nil {
 			return err
 		}
 	}
 	_, err := s.client.Delete(ctx, &imagesapi.DeleteImageRequest{
 		Name: name,
 		Sync: do.Synchronous,
 	})
 	return errdefs.FromGRPC(err)
--- a/vendor/github.com/containerd/containerd/images/image.go
+++ b/vendor/github.com/containerd/containerd/images/image.go
@ -38,6 +38,23 @@ type Image struct {
 	CreatedAt, UpdatedAt time.Time
 }
 // DeleteOptions provide options on image delete
 type DeleteOptions struct {
 	Synchronous bool
 }
 // DeleteOpt allows configuring a delete operation
 type DeleteOpt func(context.Context, *DeleteOptions) error
 // SynchronousDelete is used to indicate that an image deletion and removal of
 // the image resources should occur synchronously before returning a result.
 func SynchronousDelete() DeleteOpt {
 	return func(ctx context.Context, o *DeleteOptions) error {
 		o.Synchronous = true
 		return nil
 	}
 }
 // Store and interact with images
 type Store interface {
 	Get(ctx context.Context, name string) (Image, error)
@ -48,7 +65,7 @@ type Store interface {
 	// one or more fieldpaths are provided, only those fields will be updated.
 	Update(ctx context.Context, image Image, fieldpaths ...string) (Image, error)
-	Delete(ctx context.Context, name string) error
+	Delete(ctx context.Context, name string, opts ...DeleteOpt) error
 }
 // TODO(stevvooe): Many of these functions make strong platform assumptions,
--- a/vendor/github.com/containerd/containerd/oci/client.go
+++ b/vendor/github.com/containerd/containerd/oci/client.go
@ -0,0 +1,22 @@
 package oci
 import (
 	"context"
 	"github.com/containerd/containerd/content"
 	"github.com/containerd/containerd/snapshot"
 	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
 )
 // Client interface used by SpecOpt
 type Client interface {
 	SnapshotService(snapshotterName string) snapshot.Snapshotter
 }
 // Image interface used by some SpecOpt to query image configuration
 type Image interface {
 	// Config descriptor for the image.
 	Config(ctx context.Context) (ocispec.Descriptor, error)
 	// ContentStore provides a content store which contains image blob data
 	ContentStore() content.Store
 }
--- a/vendor/github.com/containerd/containerd/oci/spec.go
+++ b/vendor/github.com/containerd/containerd/oci/spec.go
@ -1,4 +1,4 @@
-package containerd
+package oci
 import (
 	"context"
@ -9,7 +9,7 @@ import (
 // GenerateSpec will generate a default spec from the provided image
 // for use as a containerd container
-func GenerateSpec(ctx context.Context, client *Client, c *containers.Container, opts ...SpecOpts) (*specs.Spec, error) {
+func GenerateSpec(ctx context.Context, client Client, c *containers.Container, opts ...SpecOpts) (*specs.Spec, error) {
 	s, err := createDefaultSpec(ctx, c.ID)
 	if err != nil {
 		return nil, err
--- a/vendor/github.com/containerd/containerd/oci/spec_opts.go
+++ b/vendor/github.com/containerd/containerd/oci/spec_opts.go
@ -0,0 +1,35 @@
 package oci
 import (
 	"context"
 	"github.com/containerd/containerd/containers"
 	specs "github.com/opencontainers/runtime-spec/specs-go"
 )
 // SpecOpts sets spec specific information to a newly generated OCI spec
 type SpecOpts func(context.Context, Client, *containers.Container, *specs.Spec) error
 // WithProcessArgs replaces the args on the generated spec
 func WithProcessArgs(args ...string) SpecOpts {
 	return func(_ context.Context, _ Client, _ *containers.Container, s *specs.Spec) error {
 		s.Process.Args = args
 		return nil
 	}
 }
 // WithProcessCwd replaces the current working directory on the generated spec
 func WithProcessCwd(cwd string) SpecOpts {
 	return func(_ context.Context, _ Client, _ *containers.Container, s *specs.Spec) error {
 		s.Process.Cwd = cwd
 		return nil
 	}
 }
 // WithHostname sets the container's hostname
 func WithHostname(name string) SpecOpts {
 	return func(_ context.Context, _ Client, _ *containers.Container, s *specs.Spec) error {
 		s.Hostname = name
 		return nil
 	}
 }
--- a/vendor/github.com/containerd/containerd/oci/spec_opts_unix.go
+++ b/vendor/github.com/containerd/containerd/oci/spec_opts_unix.go
@ -1,6 +1,6 @@
 // +build !windows
-package containerd
+package oci
 import (
 	"context"
@ -16,12 +16,9 @@ import (
 	"github.com/containerd/containerd/containers"
 	"github.com/containerd/containerd/content"
 	"github.com/containerd/containerd/errdefs"
 	"github.com/containerd/containerd/fs"
 	"github.com/containerd/containerd/images"
 	"github.com/containerd/containerd/namespaces"
 	"github.com/containerd/containerd/platforms"
 	"github.com/opencontainers/image-spec/identity"
 	"github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/opencontainers/runc/libcontainer/user"
 	specs "github.com/opencontainers/runtime-spec/specs-go"
@ -30,7 +27,7 @@ import (
 // WithTTY sets the information on the spec as well as the environment variables for
 // using a TTY
-func WithTTY(_ context.Context, _ *Client, _ *containers.Container, s *specs.Spec) error {
+func WithTTY(_ context.Context, _ Client, _ *containers.Container, s *specs.Spec) error {
 	s.Process.Terminal = true
 	s.Process.Env = append(s.Process.Env, "TERM=xterm")
 	return nil
@ -38,7 +35,7 @@ func WithTTY(_ context.Context, _ *Client, _ *containers.Container, s *specs.Spe
 // WithHostNamespace allows a task to run inside the host's linux namespace
 func WithHostNamespace(ns specs.LinuxNamespaceType) SpecOpts {
-	return func(_ context.Context, _ *Client, _ *containers.Container, s *specs.Spec) error {
+	return func(_ context.Context, _ Client, _ *containers.Container, s *specs.Spec) error {
 		for i, n := range s.Linux.Namespaces {
 			if n.Type == ns {
 				s.Linux.Namespaces = append(s.Linux.Namespaces[:i], s.Linux.Namespaces[i+1:]...)
@ -52,7 +49,7 @@ func WithHostNamespace(ns specs.LinuxNamespaceType) SpecOpts {
 // WithLinuxNamespace uses the passed in namespace for the spec. If a namespace of the same type already exists in the
 // spec, the existing namespace is replaced by the one provided.
 func WithLinuxNamespace(ns specs.LinuxNamespace) SpecOpts {
-	return func(_ context.Context, _ *Client, _ *containers.Container, s *specs.Spec) error {
+	return func(_ context.Context, _ Client, _ *containers.Container, s *specs.Spec) error {
 		for i, n := range s.Linux.Namespaces {
 			if n.Type == ns.Type {
 				before := s.Linux.Namespaces[:i]
@ -68,13 +65,9 @@ func WithLinuxNamespace(ns specs.LinuxNamespace) SpecOpts {
 }
 // WithImageConfig configures the spec to from the configuration of an Image
-func WithImageConfig(i Image) SpecOpts {
+func WithImageConfig(image Image) SpecOpts {
-	return func(ctx context.Context, client *Client, c *containers.Container, s *specs.Spec) error {
+	return func(ctx context.Context, client Client, c *containers.Container, s *specs.Spec) error {
-		var (
+		ic, err := image.Config(ctx)
 			image = i.(*image)
 			store = client.ContentStore()
 		)
 		ic, err := image.i.Config(ctx, store, platforms.Default())
 		if err != nil {
 			return err
 		}
@ -84,7 +77,7 @@ func WithImageConfig(i Image) SpecOpts {
 		)
 		switch ic.MediaType {
 		case v1.MediaTypeImageConfig, images.MediaTypeDockerSchema2Config:
-			p, err := content.ReadBlob(ctx, store, ic.Digest)
+			p, err := content.ReadBlob(ctx, image.ContentStore(), ic.Digest)
 			if err != nil {
 				return err
 			}
@ -96,6 +89,11 @@ func WithImageConfig(i Image) SpecOpts {
 		default:
 			return fmt.Errorf("unknown image config media type %s", ic.MediaType)
 		}
 		if s.Process == nil {
 			s.Process = &specs.Process{}
 		}
 		s.Process.Env = append(s.Process.Env, config.Env...)
 		cmd := config.Cmd
 		s.Process.Args = append(config.Entrypoint, cmd...)
@ -140,7 +138,7 @@ func WithImageConfig(i Image) SpecOpts {
 // WithRootFSPath specifies unmanaged rootfs path.
 func WithRootFSPath(path string) SpecOpts {
-	return func(_ context.Context, _ *Client, _ *containers.Container, s *specs.Spec) error {
+	return func(_ context.Context, _ Client, _ *containers.Container, s *specs.Spec) error {
 		if s.Root == nil {
 			s.Root = &specs.Root{}
 		}
@ -152,7 +150,7 @@ func WithRootFSPath(path string) SpecOpts {
 // WithRootFSReadonly sets specs.Root.Readonly to true
 func WithRootFSReadonly() SpecOpts {
-	return func(_ context.Context, _ *Client, _ *containers.Container, s *specs.Spec) error {
+	return func(_ context.Context, _ Client, _ *containers.Container, s *specs.Spec) error {
 		if s.Root == nil {
 			s.Root = &specs.Root{}
 		}
@ -161,22 +159,14 @@ func WithRootFSReadonly() SpecOpts {
 	}
 }
 // WithResources sets the provided resources on the spec for task updates
 func WithResources(resources *specs.LinuxResources) UpdateTaskOpts {
 	return func(ctx context.Context, client *Client, r *UpdateTaskInfo) error {
 		r.Resources = resources
 		return nil
 	}
 }
 // WithNoNewPrivileges sets no_new_privileges on the process for the container
-func WithNoNewPrivileges(_ context.Context, _ *Client, _ *containers.Container, s *specs.Spec) error {
+func WithNoNewPrivileges(_ context.Context, _ Client, _ *containers.Container, s *specs.Spec) error {
 	s.Process.NoNewPrivileges = true
 	return nil
 }
 // WithHostHostsFile bind-mounts the host's /etc/hosts into the container as readonly
-func WithHostHostsFile(_ context.Context, _ *Client, _ *containers.Container, s *specs.Spec) error {
+func WithHostHostsFile(_ context.Context, _ Client, _ *containers.Container, s *specs.Spec) error {
 	s.Mounts = append(s.Mounts, specs.Mount{
 		Destination: "/etc/hosts",
 		Type:        "bind",
@ -187,7 +177,7 @@ func WithHostHostsFile(_ context.Context, _ *Client, _ *containers.Container, s
 }
 // WithHostResolvconf bind-mounts the host's /etc/resolv.conf into the container as readonly
-func WithHostResolvconf(_ context.Context, _ *Client, _ *containers.Container, s *specs.Spec) error {
+func WithHostResolvconf(_ context.Context, _ Client, _ *containers.Container, s *specs.Spec) error {
 	s.Mounts = append(s.Mounts, specs.Mount{
 		Destination: "/etc/resolv.conf",
 		Type:        "bind",
@ -198,7 +188,7 @@ func WithHostResolvconf(_ context.Context, _ *Client, _ *containers.Container, s
 }
 // WithHostLocaltime bind-mounts the host's /etc/localtime into the container as readonly
-func WithHostLocaltime(_ context.Context, _ *Client, _ *containers.Container, s *specs.Spec) error {
+func WithHostLocaltime(_ context.Context, _ Client, _ *containers.Container, s *specs.Spec) error {
 	s.Mounts = append(s.Mounts, specs.Mount{
 		Destination: "/etc/localtime",
 		Type:        "bind",
@ -211,7 +201,7 @@ func WithHostLocaltime(_ context.Context, _ *Client, _ *containers.Container, s
 // WithUserNamespace sets the uid and gid mappings for the task
 // this can be called multiple times to add more mappings to the generated spec
 func WithUserNamespace(container, host, size uint32) SpecOpts {
-	return func(_ context.Context, _ *Client, _ *containers.Container, s *specs.Spec) error {
+	return func(_ context.Context, _ Client, _ *containers.Container, s *specs.Spec) error {
 		var hasUserns bool
 		for _, ns := range s.Linux.Namespaces {
 			if ns.Type == specs.UserNamespace {
@ -235,68 +225,9 @@ func WithUserNamespace(container, host, size uint32) SpecOpts {
 	}
 }
 // WithRemappedSnapshot creates a new snapshot and remaps the uid/gid for the
 // filesystem to be used by a container with user namespaces
 func WithRemappedSnapshot(id string, i Image, uid, gid uint32) NewContainerOpts {
 	return withRemappedSnapshotBase(id, i, uid, gid, false)
 }
 // WithRemappedSnapshotView is similar to WithRemappedSnapshot but rootfs is mounted as read-only.
 func WithRemappedSnapshotView(id string, i Image, uid, gid uint32) NewContainerOpts {
 	return withRemappedSnapshotBase(id, i, uid, gid, true)
 }
 func withRemappedSnapshotBase(id string, i Image, uid, gid uint32, readonly bool) NewContainerOpts {
 	return func(ctx context.Context, client *Client, c *containers.Container) error {
 		diffIDs, err := i.(*image).i.RootFS(ctx, client.ContentStore(), platforms.Default())
 		if err != nil {
 			return err
 		}
 		setSnapshotterIfEmpty(c)
 		var (
 			snapshotter = client.SnapshotService(c.Snapshotter)
 			parent      = identity.ChainID(diffIDs).String()
 			usernsID    = fmt.Sprintf("%s-%d-%d", parent, uid, gid)
 		)
 		if _, err := snapshotter.Stat(ctx, usernsID); err == nil {
 			if _, err := snapshotter.Prepare(ctx, id, usernsID); err == nil {
 				c.SnapshotKey = id
 				c.Image = i.Name()
 				return nil
 			} else if !errdefs.IsNotFound(err) {
 				return err
 			}
 		}
 		mounts, err := snapshotter.Prepare(ctx, usernsID+"-remap", parent)
 		if err != nil {
 			return err
 		}
 		if err := remapRootFS(mounts, uid, gid); err != nil {
 			snapshotter.Remove(ctx, usernsID)
 			return err
 		}
 		if err := snapshotter.Commit(ctx, usernsID, usernsID+"-remap"); err != nil {
 			return err
 		}
 		if readonly {
 			_, err = snapshotter.View(ctx, id, usernsID)
 		} else {
 			_, err = snapshotter.Prepare(ctx, id, usernsID)
 		}
 		if err != nil {
 			return err
 		}
 		c.SnapshotKey = id
 		c.Image = i.Name()
 		return nil
 	}
 }
 // WithCgroup sets the container's cgroup path
 func WithCgroup(path string) SpecOpts {
-	return func(_ context.Context, _ *Client, _ *containers.Container, s *specs.Spec) error {
+	return func(_ context.Context, _ Client, _ *containers.Container, s *specs.Spec) error {
 		s.Linux.CgroupsPath = path
 		return nil
 	}
@ -305,7 +236,7 @@ func WithCgroup(path string) SpecOpts {
 // WithNamespacedCgroup uses the namespace set on the context to create a
 // root directory for containers in the cgroup with the id as the subcgroup
 func WithNamespacedCgroup() SpecOpts {
-	return func(ctx context.Context, _ *Client, c *containers.Container, s *specs.Spec) error {
+	return func(ctx context.Context, _ Client, c *containers.Container, s *specs.Spec) error {
 		namespace, err := namespaces.NamespaceRequired(ctx)
 		if err != nil {
 			return err
@ -317,7 +248,7 @@ func WithNamespacedCgroup() SpecOpts {
 // WithUIDGID allows the UID and GID for the Process to be set
 func WithUIDGID(uid, gid uint32) SpecOpts {
-	return func(_ context.Context, _ *Client, _ *containers.Container, s *specs.Spec) error {
+	return func(_ context.Context, _ Client, _ *containers.Container, s *specs.Spec) error {
 		s.Process.User.UID = uid
 		s.Process.User.GID = gid
 		return nil
@ -329,7 +260,7 @@ func WithUIDGID(uid, gid uint32) SpecOpts {
 // or uid is not found in /etc/passwd, it sets gid to be the same with
 // uid, and not returns error.
 func WithUserID(uid uint32) SpecOpts {
-	return func(ctx context.Context, client *Client, c *containers.Container, s *specs.Spec) error {
+	return func(ctx context.Context, client Client, c *containers.Container, s *specs.Spec) error {
 		if c.Snapshotter == "" {
 			return errors.Errorf("no snapshotter set for container")
 		}
@ -386,7 +317,7 @@ func WithUserID(uid uint32) SpecOpts {
 // does not exist, or the username is not found in /etc/passwd,
 // it returns error.
 func WithUsername(username string) SpecOpts {
-	return func(ctx context.Context, client *Client, c *containers.Container, s *specs.Spec) error {
+	return func(ctx context.Context, client Client, c *containers.Container, s *specs.Spec) error {
 		if c.Snapshotter == "" {
 			return errors.Errorf("no snapshotter set for container")
 		}
--- a/vendor/github.com/containerd/containerd/oci/spec_opts_windows.go
+++ b/vendor/github.com/containerd/containerd/oci/spec_opts_windows.go
@ -1,6 +1,6 @@
 // +build windows
-package containerd
+package oci
 import (
 	"context"
@ -10,19 +10,14 @@ import (
 	"github.com/containerd/containerd/containers"
 	"github.com/containerd/containerd/content"
 	"github.com/containerd/containerd/images"
 	"github.com/containerd/containerd/platforms"
 	"github.com/opencontainers/image-spec/specs-go/v1"
 	specs "github.com/opencontainers/runtime-spec/specs-go"
 )
 // WithImageConfig configures the spec to from the configuration of an Image
-func WithImageConfig(i Image) SpecOpts {
+func WithImageConfig(image Image) SpecOpts {
-	return func(ctx context.Context, client *Client, _ *containers.Container, s *specs.Spec) error {
+	return func(ctx context.Context, client Client, _ *containers.Container, s *specs.Spec) error {
-		var (
+		ic, err := image.Config(ctx)
 			image = i.(*image)
 			store = client.ContentStore()
 		)
 		ic, err := image.i.Config(ctx, store, platforms.Default())
 		if err != nil {
 			return err
 		}
@ -32,7 +27,7 @@ func WithImageConfig(i Image) SpecOpts {
 		)
 		switch ic.MediaType {
 		case v1.MediaTypeImageConfig, images.MediaTypeDockerSchema2Config:
-			p, err := content.ReadBlob(ctx, store, ic.Digest)
+			p, err := content.ReadBlob(ctx, image.ContentStore(), ic.Digest)
 			if err != nil {
 				return err
 			}
@ -55,7 +50,7 @@ func WithImageConfig(i Image) SpecOpts {
 // WithTTY sets the information on the spec as well as the environment variables for
 // using a TTY
 func WithTTY(width, height int) SpecOpts {
-	return func(_ context.Context, _ *Client, _ *containers.Container, s *specs.Spec) error {
+	return func(_ context.Context, _ Client, _ *containers.Container, s *specs.Spec) error {
 		s.Process.Terminal = true
 		if s.Process.ConsoleSize == nil {
 			s.Process.ConsoleSize = &specs.Box{}
@ -65,11 +60,3 @@ func WithTTY(width, height int) SpecOpts {
 		return nil
 	}
 }
 // WithResources sets the provided resources on the spec for task updates
 func WithResources(resources *specs.WindowsResources) UpdateTaskOpts {
 	return func(ctx context.Context, client *Client, r *UpdateTaskInfo) error {
 		r.Resources = resources
 		return nil
 	}
 }
--- a/vendor/github.com/containerd/containerd/oci/spec_unix.go
+++ b/vendor/github.com/containerd/containerd/oci/spec_unix.go
@ -1,17 +1,11 @@
 // +build !windows
-package containerd
+package oci
 import (
 	"context"
 	"io/ioutil"
 	"os"
 	"path/filepath"
 	"syscall"
 	"golang.org/x/sys/unix"
 	"github.com/containerd/containerd/mount"
 	"github.com/containerd/containerd/namespaces"
 	specs "github.com/opencontainers/runtime-spec/specs-go"
 )
@ -173,32 +167,3 @@ func createDefaultSpec(ctx context.Context, id string) (*specs.Spec, error) {
 	}
 	return s, nil
 }
 func remapRootFS(mounts []mount.Mount, uid, gid uint32) error {
 	root, err := ioutil.TempDir("", "ctd-remap")
 	if err != nil {
 		return err
 	}
 	defer os.RemoveAll(root)
 	for _, m := range mounts {
 		if err := m.Mount(root); err != nil {
 			return err
 		}
 	}
 	defer unix.Unmount(root, 0)
 	return filepath.Walk(root, incrementFS(root, uid, gid))
 }
 func incrementFS(root string, uidInc, gidInc uint32) filepath.WalkFunc {
 	return func(path string, info os.FileInfo, err error) error {
 		if err != nil {
 			return err
 		}
 		var (
 			stat = info.Sys().(*syscall.Stat_t)
 			u, g = int(stat.Uid + uidInc), int(stat.Gid + gidInc)
 		)
 		// be sure the lchown the path as to not de-reference the symlink to a host file
 		return os.Lchown(path, u, g)
 	}
 }
--- a/vendor/github.com/containerd/containerd/oci/spec_windows.go
+++ b/vendor/github.com/containerd/containerd/oci/spec_windows.go
@ -1,4 +1,4 @@
-package containerd
+package oci
 import (
 	"context"
--- a/vendor/github.com/containerd/containerd/plugin/plugin.go
+++ b/vendor/github.com/containerd/containerd/plugin/plugin.go
@ -54,6 +54,8 @@ const (
 	MetadataPlugin Type = "io.containerd.metadata.v1"
 	// ContentPlugin implements a content store
 	ContentPlugin Type = "io.containerd.content.v1"
 	// GCPlugin implements garbage collection policy
 	GCPlugin Type = "io.containerd.gc.v1"
 )
 // Registration contains information for registering a plugin
--- a/vendor/github.com/containerd/containerd/spec_opts.go
+++ b/vendor/github.com/containerd/containerd/spec_opts.go
@ -1,74 +0,0 @@
 package containerd
 import (
 	"context"
 	"github.com/containerd/containerd/containers"
 	"github.com/containerd/typeurl"
 	specs "github.com/opencontainers/runtime-spec/specs-go"
 )
 // SpecOpts sets spec specific information to a newly generated OCI spec
 type SpecOpts func(context.Context, *Client, *containers.Container, *specs.Spec) error
 // WithProcessArgs replaces the args on the generated spec
 func WithProcessArgs(args ...string) SpecOpts {
 	return func(_ context.Context, _ *Client, _ *containers.Container, s *specs.Spec) error {
 		s.Process.Args = args
 		return nil
 	}
 }
 // WithProcessCwd replaces the current working directory on the generated spec
 func WithProcessCwd(cwd string) SpecOpts {
 	return func(_ context.Context, _ *Client, _ *containers.Container, s *specs.Spec) error {
 		s.Process.Cwd = cwd
 		return nil
 	}
 }
 // WithHostname sets the container's hostname
 func WithHostname(name string) SpecOpts {
 	return func(_ context.Context, _ *Client, _ *containers.Container, s *specs.Spec) error {
 		s.Hostname = name
 		return nil
 	}
 }
 // WithNewSpec generates a new spec for a new container
 func WithNewSpec(opts ...SpecOpts) NewContainerOpts {
 	return func(ctx context.Context, client *Client, c *containers.Container) error {
 		s, err := createDefaultSpec(ctx, c.ID)
 		if err != nil {
 			return err
 		}
 		for _, o := range opts {
 			if err := o(ctx, client, c, s); err != nil {
 				return err
 			}
 		}
 		any, err := typeurl.MarshalAny(s)
 		if err != nil {
 			return err
 		}
 		c.Spec = any
 		return nil
 	}
 }
 // WithSpec sets the provided spec on the container
 func WithSpec(s *specs.Spec, opts ...SpecOpts) NewContainerOpts {
 	return func(ctx context.Context, client *Client, c *containers.Container) error {
 		for _, o := range opts {
 			if err := o(ctx, client, c, s); err != nil {
 				return err
 			}
 		}
 		any, err := typeurl.MarshalAny(s)
 		if err != nil {
 			return err
 		}
 		c.Spec = any
 		return nil
 	}
 }
--- a/vendor/github.com/containerd/containerd/task_opts_linux.go
+++ b/vendor/github.com/containerd/containerd/task_opts_linux.go
@ -0,0 +1,15 @@
 package containerd
 import (
 	"context"
 	"github.com/opencontainers/runtime-spec/specs-go"
 )
 // WithResources sets the provided resources for task updates
 func WithResources(resources *specs.LinuxResources) UpdateTaskOpts {
 	return func(ctx context.Context, client *Client, r *UpdateTaskInfo) error {
 		r.Resources = resources
 		return nil
 	}
 }
--- a/vendor/github.com/containerd/containerd/task_opts_windows.go
+++ b/vendor/github.com/containerd/containerd/task_opts_windows.go
@ -0,0 +1,15 @@
 package containerd
 import (
 	"context"
 	specs "github.com/opencontainers/runtime-spec/specs-go"
 )
 // WithResources sets the provided resources on the spec for task updates
 func WithResources(resources *specs.WindowsResources) UpdateTaskOpts {
 	return func(ctx context.Context, client *Client, r *UpdateTaskInfo) error {
 		r.Resources = resources
 		return nil
 	}
 }
--- a/vendor/github.com/docker/docker/hack/README.md
+++ b/vendor/github.com/docker/docker/hack/README.md
@ -1,60 +0,0 @@
 ## About
 This directory contains a collection of scripts used to build and manage this
 repository. If there are any issues regarding the intention of a particular
 script (or even part of a certain script), please reach out to us.
 It may help us either refine our current scripts, or add on new ones
 that are appropriate for a given use case.
 ## DinD (dind.sh)
 DinD is a wrapper script which allows Docker to be run inside a Docker
 container. DinD requires the container to
 be run with privileged mode enabled.
 ## Generate Authors (generate-authors.sh)
 Generates AUTHORS; a file with all the names and corresponding emails of
 individual contributors. AUTHORS can be found in the home directory of
 this repository.
 ## Make
 There are two make files, each with different extensions. Neither are supposed
 to be called directly; only invoke `make`. Both scripts run inside a Docker
 container.
 ### make.ps1
 - The Windows native build script that uses PowerShell semantics; it is limited
 unlike `hack\make.sh` since it does not provide support for the full set of
 operations provided by the Linux counterpart, `make.sh`. However, `make.ps1`
 does provide support for local Windows development and Windows to Windows CI.
 More information is found within `make.ps1` by the author, @jhowardmsft
 ### make.sh
 - Referenced via `make test` when running tests on a local machine,
 or directly referenced when running tests inside a Docker development container.  
 - When running on a local machine, `make test` to run all tests found in
 `test`, `test-unit`, `test-integration`, and `test-docker-py` on
 your local machine. The default timeout is set in `make.sh` to 60 minutes
 (`${TIMEOUT:=60m}`), since it currently takes up to an hour to run
 all of the tests.
 - When running inside a Docker development container, `hack/make.sh` does
 not have a single target that runs all the tests. You need to provide a
 single command line with multiple targets that performs the same thing.
 An example referenced from [Run targets inside a development container](https://docs.docker.com/opensource/project/test-and-docs/#run-targets-inside-a-development-container): `root@5f8630b873fe:/go/src/github.com/moby/moby# hack/make.sh dynbinary binary cross test-unit test-integration test-docker-py`
 - For more information related to testing outside the scope of this README,
 refer to
 [Run tests and test documentation](https://docs.docker.com/opensource/project/test-and-docs/)
 ## Release (release.sh)
 Releases any bundles built by `make` on a public AWS S3 bucket.
 For information regarding configuration, please view `release.sh`.
 ## Vendor (vendor.sh)
 A shell script that is a wrapper around Vndr. For information on how to use
 this, please refer to [vndr's README](https://github.com/LK4D4/vndr/blob/master/README.md)
--- a/vendor/github.com/docker/docker/hack/integration-cli-on-swarm/README.md
+++ b/vendor/github.com/docker/docker/hack/integration-cli-on-swarm/README.md
@ -1,69 +0,0 @@
 # Integration Testing on Swarm
 IT on Swarm allows you to execute integration test in parallel across a Docker Swarm cluster
 ## Architecture
 ### Master service
  - Works as a funker caller
  - Calls a worker funker (`-worker-service`) with a chunk of `-check.f` filter strings (passed as a file via `-input` flag, typically `/mnt/input`)
 ### Worker service
  - Works as a funker callee
  - Executes an equivalent of `TESTFLAGS=-check.f TestFoo|TestBar|TestBaz ... make test-integration-cli` using the bind-mounted API socket (`docker.sock`)
 ### Client
  - Controls master and workers via `docker stack`
  - No need to have a local daemon
 Typically, the master and workers are supposed to be running on a cloud environment,
 while the client is supposed to be running on a laptop, e.g. Docker for Mac/Windows.
 ## Requirement
  - Docker daemon 1.13 or later
  - Private registry for distributed execution with multiple nodes
 ## Usage
 ### Step 1: Prepare images
    $ make build-integration-cli-on-swarm
 Following environment variables are known to work in this step:
 - `BUILDFLAGS`
 - `DOCKER_INCREMENTAL_BINARY`
 Note: during the transition into Moby Project, you might need to create a symbolic link `$GOPATH/src/github.com/docker/docker` to `$GOPATH/src/github.com/moby/moby`. 
 ### Step 2: Execute tests
    $ ./hack/integration-cli-on-swarm/integration-cli-on-swarm -replicas 40 -push-worker-image YOUR_REGISTRY.EXAMPLE.COM/integration-cli-worker:latest 
 Following environment variables are known to work in this step:
 - `DOCKER_GRAPHDRIVER`
 - `DOCKER_EXPERIMENTAL`
 #### Flags
 Basic flags:
 - `-replicas N`: the number of worker service replicas. i.e. degree of parallelism.
 - `-chunks N`: the number of chunks. By default, `chunks` == `replicas`.
 - `-push-worker-image REGISTRY/IMAGE:TAG`: push the worker image to the registry. Note that if you have only single node and hence you do not need a private registry, you do not need to specify `-push-worker-image`.
 Experimental flags for mitigating makespan nonuniformity:
 - `-shuffle`: Shuffle the test filter strings
 Flags for debugging IT on Swarm itself:
 - `-rand-seed N`: the random seed. This flag is useful for deterministic replaying. By default(0), the timestamp is used.
 - `-filters-file FILE`: the file contains `-check.f` strings. By default, the file is automatically generated.
 - `-dry-run`: skip the actual workload
 - `keep-executor`: do not auto-remove executor containers, which is used for running privileged programs on Swarm
--- a/vendor/github.com/docker/docker/hack/integration-cli-on-swarm/agent/vendor.conf
+++ b/vendor/github.com/docker/docker/hack/integration-cli-on-swarm/agent/vendor.conf
@ -1,2 +0,0 @@
 # dependencies specific to worker (i.e. github.com/docker/docker/...) are not vendored here
 github.com/bfirsh/funker-go eaa0a2e06f30e72c9a0b7f858951e581e26ef773
		`@ -1,2 +0,0 @@`
			`# dependencies specific to worker (i.e. github.com/docker/docker/...) are not vendored here`
			`github.com/bfirsh/funker-go eaa0a2e06f30e72c9a0b7f858951e581e26ef773`