github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

Run gofmt 1.19

Browse Source 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
This commit is contained in:
Maksym Pavlenko 2022-08-04 18:18:33 -07:00
parent 4a11a40189
commit ca3b9b50fe
31 changed files with 206 additions and 192 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cmd/ctr/commands/cni.go
View File

@ -36,7 +36,7 @@ const (
CtrCniMetadataExtension = "ctr.cni-containerd.metadata"
)
//ctr pass cni network metadata to containerd if ctr run use option of --cni
// ctr pass cni network metadata to containerd if ctr run use option of --cni
type NetworkMetaData struct {
EnableCni bool
}

3
content/local/store.go
View File

@ -34,7 +34,7 @@ import (
"github.com/containerd/containerd/log"
"github.com/sirupsen/logrus"
digest "github.com/opencontainers/go-digest"
"github.com/opencontainers/go-digest"
ocispec "github.com/opencontainers/image-spec/specs-go/v1"
)
@ -643,7 +643,6 @@ func (s *store) ingestRoot(ref string) string {
// - root: entire ingest directory
// - ref: name of the starting ref, must be unique
// - data: file where data is written
//
func (s *store) ingestPaths(ref string) (string, string, string) {
var (
fp = s.ingestRoot(ref)

22
contrib/fuzz/daemon.go
View File

@ -2,16 +2,18 @@
// +build gofuzz
/*
Copyright The containerd Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
Copyright The containerd Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package fuzz

1
filters/filter.go
View File

@ -65,7 +65,6 @@
// ```
// name==foo,labels.bar
// ```
//
package filters
import (

1
filters/parser.go
View File

@ -45,7 +45,6 @@ field := quoted | [A-Za-z] [A-Za-z0-9_]+
operator := "==" | "!=" | "~="
value := quoted | [^\s,]+
quoted := <go string syntax>
*/
func Parse(s string) (Filter, error) {
// special case empty to match all

8
filters/quote.go
View File

@ -31,10 +31,10 @@ var errQuoteSyntax = errors.New("quote syntax error")
// or character literal represented by the string s.
// It returns four values:
//
// 1) value, the decoded Unicode code point or byte value;
// 2) multibyte, a boolean indicating whether the decoded character requires a multibyte UTF-8 representation;
// 3) tail, the remainder of the string after the character; and
// 4) an error that will be nil if the character is syntactically valid.
// 1. value, the decoded Unicode code point or byte value;
// 2. multibyte, a boolean indicating whether the decoded character requires a multibyte UTF-8 representation;
// 3. tail, the remainder of the string after the character; and
// 4. an error that will be nil if the character is syntactically valid.
//
// The second argument, quote, specifies the type of literal being parsed
// and therefore which escaped quote character is permitted.

12
images/archive/importer.go
View File

@ -55,12 +55,12 @@ func WithImportCompression() ImportOpt {
}
// ImportIndex imports an index from a tar archive image bundle
// - implements Docker v1.1, v1.2 and OCI v1.
// - prefers OCI v1 when provided
// - creates OCI index for Docker formats
// - normalizes Docker references and adds as OCI ref name
// e.g. alpine:latest -> docker.io/library/alpine:latest
// - existing OCI reference names are untouched
// - implements Docker v1.1, v1.2 and OCI v1.
// - prefers OCI v1 when provided
// - creates OCI index for Docker formats
// - normalizes Docker references and adds as OCI ref name
// e.g. alpine:latest -> docker.io/library/alpine:latest
// - existing OCI reference names are untouched
func ImportIndex(ctx context.Context, store content.Store, reader io.Reader, opts ...ImportOpt) (ocispec.Descriptor, error) {
var (
tr = tar.NewReader(reader)

4
integration/failpoint/cmd/cni-bridge-fp/main_linux.go
View File

@ -20,7 +20,7 @@ import (
"context"
"encoding/json"
"fmt"
"io/ioutil"
"io"
"os"
"path/filepath"
"syscall"
@ -168,7 +168,7 @@ func (c *failpointControl) updateTx(updateFn func(conf *failpointConf) error) er
}
defer unflock(f.Fd())
data, err := ioutil.ReadAll(f)
data, err := io.ReadAll(f)
if err != nil {
return fmt.Errorf("failed to read failpoint setting %s: %w", c.confPath, err)
}

4
integration/image_pull_timeout_test.go
View File

@ -64,7 +64,7 @@ func TestCRIImagePullTimeout(t *testing.T) {
// testCRIImagePullTimeoutByHoldingContentOpenWriter tests that
//
// It should not cancel if there is no active http requests.
// It should not cancel if there is no active http requests.
//
// When there are several pulling requests for the same blob content, there
// will only one active http request. It is singleflight. For the waiting pulling
@ -197,7 +197,7 @@ func testCRIImagePullTimeoutByHoldingContentOpenWriter(t *testing.T) {
// testCRIImagePullTimeoutByNoDataTransferred tests that
//
// It should fail because there is no data transferred in open http request.
// It should fail because there is no data transferred in open http request.
//
// The case uses the local mirror registry to forward request with circuit
// breaker. If the local registry has transferred a certain amount of data in

141
metadata/buckets.go
View File

@ -26,7 +26,7 @@
//
// Generically, we try to do the following:
//
// <version>/<namespace>/<object>/<key> -> <field>
// <version>/<namespace>/<object>/<key> -> <field>
//
// version: Currently, this is "v1". Additions can be made to v1 in a backwards
// compatible way. If the layout changes, a new version must be made, along
@ -46,77 +46,80 @@
// the structure is changed in addition to adding a migration and incrementing
// the database version.
// Notes:
// * `╘══*...*` refers to maps with arbitrary keys
// * `version` is a key to a numeric value identifying the minor revisions
// of schema version
// * a namespace in a schema bucket cannot be named "version"
//
// └──v1 - Schema version bucket
// - `╘══*...*` refers to maps with arbitrary keys
//
// - `version` is a key to a numeric value identifying the minor revisions
// of schema version
//
// - a namespace in a schema bucket cannot be named "version"
//
// └──v1 - Schema version bucket
// ├──version : <varint> - Latest version, see migrations
// ╘══*namespace*
// ├──labels
// │  ╘══*key* : <string> - Label value
// ├──image
// │  ╘══*image name*
// │   ├──createdat : <binary time> - Created at
// │   ├──updatedat : <binary time> - Updated at
// │   ├──target
// │   │  ├──digest : <digest> - Descriptor digest
// │   │  ├──mediatype : <string> - Descriptor media type
// │   │  └──size : <varint> - Descriptor size
// │   └──labels
// │   ╘══*key* : <string> - Label value
// ├──containers
// │  ╘══*container id*
// │   ├──createdat : <binary time> - Created at
// │   ├──updatedat : <binary time> - Updated at
// │   ├──spec : <binary> - Proto marshaled spec
// │   ├──image : <string> - Image name
// │   ├──snapshotter : <string> - Snapshotter name
// │   ├──snapshotKey : <string> - Snapshot key
// │   ├──runtime
// │   │  ├──name : <string> - Runtime name
// │   │  ├──extensions
// │   │  │  ╘══*name* : <binary> - Proto marshaled extension
// │   │  └──options : <binary> - Proto marshaled options
// │   └──labels
// │   ╘══*key* : <string> - Label value
// ├──snapshots
// │  ╘══*snapshotter*
// │   ╘══*snapshot key*
// │    ├──name : <string> - Snapshot name in backend
// │   ├──createdat : <binary time> - Created at
// │   ├──updatedat : <binary time> - Updated at
// │    ├──parent : <string> - Parent snapshot name
// │   ├──children
// │   │  ╘══*snapshot key* : <nil> - Child snapshot reference
// │   └──labels
// │   ╘══*key* : <string> - Label value
// ├──content
//   ├──blob
// │  │ ╘══*blob digest*
// │  │ ├──createdat : <binary time> - Created at
// │  │ ├──updatedat : <binary time> - Updated at
// │  │   ├──size : <varint> - Blob size
// │  │ └──labels
// │  │ ╘══*key* : <string> - Label value
//   └──ingests
// │   ╘══*ingest reference*
// │    ├──ref : <string> - Ingest reference in backend
// │   ├──expireat : <binary time> - Time to expire ingest
// │   └──expected : <digest> - Expected commit digest
// └──leases
// ╘══*lease id*
//   ├──createdat : <binary time> - Created at
// ├──labels
// │ ╘══*key* : <string> - Label value
//   ├──snapshots
// │  ╘══*snapshotter*
// │   ╘══*snapshot key* : <nil> - Snapshot reference
//   ├──content
// │  ╘══*blob digest* : <nil> - Content blob reference
// └──ingests
//   ╘══*ingest reference* : <nil> - Content ingest reference
// ├──labels
// │  ╘══*key* : <string> - Label value
// ├──image
// │  ╘══*image name*
// │   ├──createdat : <binary time> - Created at
// │   ├──updatedat : <binary time> - Updated at
// │   ├──target
// │   │  ├──digest : <digest> - Descriptor digest
// │   │  ├──mediatype : <string> - Descriptor media type
// │   │  └──size : <varint> - Descriptor size
// │   └──labels
// │   ╘══*key* : <string> - Label value
// ├──containers
// │  ╘══*container id*
// │   ├──createdat : <binary time> - Created at
// │   ├──updatedat : <binary time> - Updated at
// │   ├──spec : <binary> - Proto marshaled spec
// │   ├──image : <string> - Image name
// │   ├──snapshotter : <string> - Snapshotter name
// │   ├──snapshotKey : <string> - Snapshot key
// │   ├──runtime
// │   │  ├──name : <string> - Runtime name
// │   │  ├──extensions
// │   │  │  ╘══*name* : <binary> - Proto marshaled extension
// │   │  └──options : <binary> - Proto marshaled options
// │   └──labels
// │   ╘══*key* : <string> - Label value
// ├──snapshots
// │  ╘══*snapshotter*
// │   ╘══*snapshot key*
// │    ├──name : <string> - Snapshot name in backend
// │   ├──createdat : <binary time> - Created at
// │   ├──updatedat : <binary time> - Updated at
// │    ├──parent : <string> - Parent snapshot name
// │   ├──children
// │   │  ╘══*snapshot key* : <nil> - Child snapshot reference
// │   └──labels
// │   ╘══*key* : <string> - Label value
// ├──content
//   ├──blob
// │  │ ╘══*blob digest*
// │  │ ├──createdat : <binary time> - Created at
// │  │ ├──updatedat : <binary time> - Updated at
// │  │   ├──size : <varint> - Blob size
// │  │ └──labels
// │  │ ╘══*key* : <string> - Label value
//   └──ingests
// │   ╘══*ingest reference*
// │    ├──ref : <string> - Ingest reference in backend
// │   ├──expireat : <binary time> - Time to expire ingest
// │   └──expected : <digest> - Expected commit digest
// └──leases
// ╘══*lease id*
// ├──createdat : <binary time> - Created at
// ├──labels
// │ ╘══*key* : <string> - Label value
// ├──snapshots
// │  ╘══*snapshotter*
// │   ╘══*snapshot key* : <nil> - Snapshot reference
// ├──content
// │  ╘══*blob digest* : <nil> - Content blob reference
// └──ingests
// ╘══*ingest reference* : <nil> - Content ingest reference
package metadata
import (

10
metadata/db.go
View File

@ -274,11 +274,11 @@ func (m *DB) RegisterMutationCallback(fn func(bool)) {
// to be tracked by go away after reboot or process restart.
//
// A few limitations to consider:
// - Collectible Resources cannot reference other resources.
// - A failure to complete collection will not fail the garbage collection,
// however, the resources can be collected in a later run.
// - Collectible Resources must track whether the resource is active and/or
// lease membership.
// - Collectible Resources cannot reference other resources.
// - A failure to complete collection will not fail the garbage collection,
// however, the resources can be collected in a later run.
// - Collectible Resources must track whether the resource is active and/or
// lease membership.
func (m *DB) RegisterCollectibleResource(t gc.ResourceType, c Collector) {
if t < resourceEnd {
panic("cannot re-register metadata resource")

2
namespaces/store.go
View File

@ -24,8 +24,6 @@ import "context"
// oriented. A namespace is really just a name and a set of labels. Objects
// that belong to a namespace are returned when the namespace is assigned to a
// given context.
//
//
type Store interface {
Create(ctx context.Context, namespace string, labels map[string]string) error
Labels(ctx context.Context, namespace string) (map[string]string, error)

3
oci/spec_opts.go
View File

@ -591,7 +591,8 @@ func WithNamespacedCgroup() SpecOpts {
// WithUser sets the user to be used within the container.
// It accepts a valid user string in OCI Image Spec v1.0.0:
// user, uid, user:group, uid:gid, uid:group, user:gid
//
// user, uid, user:group, uid:gid, uid:group, user:gid
func WithUser(userstr string) SpecOpts {
return func(ctx context.Context, client Client, c *containers.Container, s *Spec) error {
setProcess(s)

8
oci/spec_opts_nonlinux.go
View File

@ -28,19 +28,19 @@ import (
// WithAllCurrentCapabilities propagates the effective capabilities of the caller process to the container process.
// The capability set may differ from WithAllKnownCapabilities when running in a container.
//nolint: deadcode, unused
// nolint: deadcode, unused
var WithAllCurrentCapabilities = func(ctx context.Context, client Client, c *containers.Container, s *Spec) error {
return WithCapabilities(nil)(ctx, client, c, s)
}
// WithAllKnownCapabilities sets all the the known linux capabilities for the container process
//nolint: deadcode, unused
// nolint: deadcode, unused
var WithAllKnownCapabilities = func(ctx context.Context, client Client, c *containers.Container, s *Spec) error {
return WithCapabilities(nil)(ctx, client, c, s)
}
// WithBlockIO sets the container's blkio parameters
//nolint: deadcode, unused
// nolint: deadcode, unused
func WithBlockIO(blockio interface{}) SpecOpts {
return func(ctx context.Context, _ Client, c *containers.Container, s *Spec) error {
return errors.New("blkio not supported")
@ -48,7 +48,7 @@ func WithBlockIO(blockio interface{}) SpecOpts {
}
// WithCPUShares sets the container's cpu shares
//nolint: deadcode, unused
// nolint: deadcode, unused
func WithCPUShares(shares uint64) SpecOpts {
return func(ctx context.Context, _ Client, c *containers.Container, s *Spec) error {
return nil

7
pkg/apparmor/apparmor.go
View File

@ -18,10 +18,11 @@ package apparmor
// HostSupports returns true if apparmor is enabled for the host, // On non-Linux returns false
// On Linux returns true if apparmor_parser is enabled, and if we
// are not running docker-in-docker.
//
// It is a modified version of libcontainer/apparmor.IsEnabled(), which does not
// check for apparmor_parser to be present, or if we're running docker-in-docker.
// are not running docker-in-docker.
//
// It is a modified version of libcontainer/apparmor.IsEnabled(), which does not
// check for apparmor_parser to be present, or if we're running docker-in-docker.
func HostSupports() bool {
return hostSupports()
}

3
pkg/cri/opts/spec.go
View File

@ -77,7 +77,8 @@ func WithProcessArgs(config *runtime.ContainerConfig, image *imagespec.ImageConf
// mounts defines how to sort runtime.Mount.
// This is the same with the Docker implementation:
// https://github.com/moby/moby/blob/17.05.x/daemon/volumes.go#L26
//
// https://github.com/moby/moby/blob/17.05.x/daemon/volumes.go#L26
type orderedMounts []*runtime.Mount
// Len returns the number of mounts. Used in sorting.

10
pkg/cri/sbserver/events.go
View File

@ -234,11 +234,11 @@ func convertEvent(e typeurl.Any) (string, interface{}, error) {
// event monitor.
//
// NOTE:
// 1. start must be called after subscribe.
// 2. The task exit event has been handled in individual startSandboxExitMonitor
// or startContainerExitMonitor goroutine at the first. If the goroutine fails,
// it puts the event into backoff retry queue and event monitor will handle
// it later.
// 1. start must be called after subscribe.
// 2. The task exit event has been handled in individual startSandboxExitMonitor
// or startContainerExitMonitor goroutine at the first. If the goroutine fails,
// it puts the event into backoff retry queue and event monitor will handle
// it later.
func (em *eventMonitor) start() <-chan error {
errCh := make(chan error)
if em.ch == nil || em.errCh == nil {

10
pkg/cri/server/events.go
View File

@ -234,11 +234,11 @@ func convertEvent(e typeurl.Any) (string, interface{}, error) {
// event monitor.
//
// NOTE:
// 1. start must be called after subscribe.
// 2. The task exit event has been handled in individual startSandboxExitMonitor
// or startContainerExitMonitor goroutine at the first. If the goroutine fails,
// it puts the event into backoff retry queue and event monitor will handle
// it later.
// 1. start must be called after subscribe.
// 2. The task exit event has been handled in individual startSandboxExitMonitor
// or startContainerExitMonitor goroutine at the first. If the goroutine fails,
// it puts the event into backoff retry queue and event monitor will handle
// it later.
func (em *eventMonitor) start() <-chan error {
errCh := make(chan error)
if em.ch == nil || em.errCh == nil {

9
pkg/cri/streaming/server.go
View File

@ -45,7 +45,7 @@ import (
"google.golang.org/grpc/codes"
"google.golang.org/grpc/status"
restful "github.com/emicklei/go-restful/v3"
"github.com/emicklei/go-restful/v3"
"k8s.io/apimachinery/pkg/types"
remotecommandconsts "k8s.io/apimachinery/pkg/util/remotecommand"
@ -162,9 +162,10 @@ func NewServer(config Config, runtime Runtime) (Server, error) {
handler.Add(ws)
s.handler = handler
s.server = &http.Server{
Addr: s.config.Addr,
Handler: s.handler,
TLSConfig: s.config.TLSConfig,
Addr: s.config.Addr,
Handler: s.handler,
TLSConfig: s.config.TLSConfig,
ReadHeaderTimeout: 3 * time.Second, // Fix linter G112: Potential Slowloris Attack because ReadHeaderTimeout is not configured in the http.Server
}
return s, nil

2
pkg/failpoint/fail.go
View File

@ -68,7 +68,7 @@ func (t Type) String() string {
// user. The user controlled variable will be parsed for how the error injected
// code should fire. There is the way to set the rule for failpoint.
//
// <count>*<type>[(arg)][-><more terms>]
// <count>*<type>[(arg)][-><more terms>]
//
// The <type> argument specifies which action to take; it can be one of:
//

8
pkg/ioutil/write_closer.go
View File

@ -73,10 +73,10 @@ func (n *nopWriteCloser) Close() error {
// serialWriteCloser wraps a write closer and makes sure all writes
// are done in serial.
// Parallel write won't intersect with each other. Use case:
// 1) Pipe: Write content longer than PIPE_BUF.
// See http://man7.org/linux/man-pages/man7/pipe.7.html
// 2) <3.14 Linux Kernel: write is not atomic
// See http://man7.org/linux/man-pages/man2/write.2.html
// 1. Pipe: Write content longer than PIPE_BUF.
// See http://man7.org/linux/man-pages/man7/pipe.7.html
// 2. <3.14 Linux Kernel: write is not atomic
// See http://man7.org/linux/man-pages/man2/write.2.html
type serialWriteCloser struct {
mu sync.Mutex
wc io.WriteCloser

8
pkg/os/os_windows.go
View File

@ -29,9 +29,10 @@ import (
// It works for both file and directory paths.
//
// We are not able to use builtin Go functionality for opening a directory path:
// - os.Open on a directory returns a os.File where Fd() is a search handle from FindFirstFile.
// - syscall.Open does not provide a way to specify FILE_FLAG_BACKUP_SEMANTICS, which is needed to
// open a directory.
// - os.Open on a directory returns a os.File where Fd() is a search handle from FindFirstFile.
// - syscall.Open does not provide a way to specify FILE_FLAG_BACKUP_SEMANTICS, which is needed to
// open a directory.
//
// We could use os.Open if the path is a file, but it's easier to just use the same code for both.
// Therefore, we call windows.CreateFile directly.
func openPath(path string) (windows.Handle, error) {
@ -58,6 +59,7 @@ func openPath(path string) (windows.Handle, error) {
}
// GetFinalPathNameByHandle flags.
//
//nolint:revive // SNAKE_CASE is not idiomatic in Go, but aligned with Win32 API.
const (
cFILE_NAME_OPENED = 0x8

38
platforms/platforms.go
View File

@ -27,40 +27,40 @@
// The vast majority of use cases should simply use the match function with
// user input. The first step is to parse a specifier into a matcher:
//
// m, err := Parse("linux")
// if err != nil { ... }
// m, err := Parse("linux")
// if err != nil { ... }
//
// Once you have a matcher, use it to match against the platform declared by a
// component, typically from an image or runtime. Since extracting an images
// platform is a little more involved, we'll use an example against the
// platform default:
//
// if ok := m.Match(Default()); !ok { /* doesn't match */ }
// if ok := m.Match(Default()); !ok { /* doesn't match */ }
//
// This can be composed in loops for resolving runtimes or used as a filter for
// fetch and select images.
//
// More details of the specifier syntax and platform spec follow.
//
// Declaring Platform Support
// # Declaring Platform Support
//
// Components that have strict platform requirements should use the OCI
// platform specification to declare their support. Typically, this will be
// images and runtimes that should make these declaring which platform they
// support specifically. This looks roughly as follows:
//
// type Platform struct {
// Architecture string
// OS string
// Variant string
// }
// type Platform struct {
// Architecture string
// OS string
// Variant string
// }
//
// Most images and runtimes should at least set Architecture and OS, according
// to their GOARCH and GOOS values, respectively (follow the OCI image
// specification when in doubt). ARM should set variant under certain
// discussions, which are outlined below.
//
// Platform Specifiers
// # Platform Specifiers
//
// While the OCI platform specifications provide a tool for components to
// specify structured information, user input typically doesn't need the full
@ -77,7 +77,7 @@
// where the architecture may be known but a runtime may support images from
// different operating systems.
//
// Normalization
// # Normalization
//
// Because not all users are familiar with the way the Go runtime represents
// platforms, several normalizations have been provided to make this package
@ -85,17 +85,17 @@
//
// The following are performed for architectures:
//
// Value Normalized
// aarch64 arm64
// armhf arm
// armel arm/v6
// i386 386
// x86_64 amd64
// x86-64 amd64
// Value Normalized
// aarch64 arm64
// armhf arm
// armel arm/v6
// i386 386
// x86_64 amd64
// x86-64 amd64
//
// We also normalize the operating system `macos` to `darwin`.
//
// ARM Support
// # ARM Support
//
// To qualify ARM architecture, the Variant field is used to qualify the arm
// version. The most common arm version, v7, is represented without the variant

6
process.go
View File

@ -72,8 +72,10 @@ type ExitStatus struct {
// Result returns the exit code and time of the exit status.
// An error may be returned here to which indicates there was an error
// at some point while waiting for the exit status. It does not signify
// an error with the process itself.
//
// at some point while waiting for the exit status. It does not signify
// an error with the process itself.
//
// If an error is returned, the process may still be running.
func (s ExitStatus) Result() (uint32, time.Time, error) {
return s.code, s.exitedAt, s.err

4
reference/docker/reference.go
View File

@ -19,13 +19,13 @@
//
// Grammar
//
// reference := name [ ":" tag ] [ "@" digest ]
// reference := name [ ":" tag ] [ "@" digest ]
// name := [domain '/'] path-component ['/' path-component]*
// domain := domain-component ['.' domain-component]* [':' port-number]
// domain-component := /([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])/
// port-number := /[0-9]+/
// path-component := alpha-numeric [separator alpha-numeric]*
// alpha-numeric := /[a-z0-9]+/
// alpha-numeric := /[a-z0-9]+/
// separator := /[_.]|__|[-]*/
//
// tag := /[\w][\w.-]{0,127}/

14
remotes/docker/config/hosts.go
View File

@ -530,13 +530,13 @@ func makeAbsPath(p string, base string) string {
// loadCertsDir loads certs from certsDir like "/etc/docker/certs.d" .
// Compatible with Docker file layout
// - files ending with ".crt" are treated as CA certificate files
// - files ending with ".cert" are treated as client certificates, and
// files with the same name but ending with ".key" are treated as the
// corresponding private key.
// NOTE: If a ".key" file is missing, this function will just return
// the ".cert", which may contain the private key. If the ".cert" file
// does not contain the private key, the caller should detect and error.
// - files ending with ".crt" are treated as CA certificate files
// - files ending with ".cert" are treated as client certificates, and
// files with the same name but ending with ".key" are treated as the
// corresponding private key.
// NOTE: If a ".key" file is missing, this function will just return
// the ".cert", which may contain the private key. If the ".cert" file
// does not contain the private key, the caller should detect and error.
func loadCertFiles(ctx context.Context, certsDir string) ([]hostConfig, error) {
fs, err := os.ReadDir(certsDir)
if err != nil && !os.IsNotExist(err) {

4
remotes/handlers.go
View File

@ -257,8 +257,8 @@ func PushContent(ctx context.Context, pusher Pusher, desc ocispec.Descriptor, st
// An example of this kind of content would be a Windows base layer, which is not supposed to be redistributed.
//
// This is based on the media type of the content:
// - application/vnd.oci.image.layer.nondistributable
// - application/vnd.docker.image.rootfs.foreign
// - application/vnd.oci.image.layer.nondistributable
// - application/vnd.docker.image.rootfs.foreign
func SkipNonDistributableBlobs(f images.HandlerFunc) images.HandlerFunc {
return func(ctx context.Context, desc ocispec.Descriptor) ([]ocispec.Descriptor, error) {
if images.IsNonDistributable(desc.MediaType) {

9
snapshots/devmapper/dmsetup/dmsetup.go
View File

@ -353,7 +353,8 @@ func BlockDeviceSize(path string) (int64, error) {
}
// DiscardBlocks discards all blocks for the given thin device
// ported from https://github.com/moby/moby/blob/7b9275c0da707b030e62c96b679a976f31f929d3/pkg/devicemapper/devmapper.go#L416
//
// ported from https://github.com/moby/moby/blob/7b9275c0da707b030e62c96b679a976f31f929d3/pkg/devicemapper/devmapper.go#L416
func DiscardBlocks(deviceName string) error {
inUse, err := isInUse(deviceName)
if err != nil {
@ -402,8 +403,10 @@ func tryGetUnixError(output string) (unix.Errno, bool) {
}
// dmsetup returns error messages in format:
// device-mapper: message ioctl on <name> failed: File exists\n
// Command failed\n
//
// device-mapper: message ioctl on <name> failed: File exists\n
// Command failed\n
//
// parseDmsetupError extracts text between "failed: " and "\n"
func parseDmsetupError(output string) string {
lines := strings.SplitN(output, "\n", 2)

4
snapshots/devmapper/pool_device.go
View File

@ -484,7 +484,9 @@ func (p *PoolDevice) IsLoaded(deviceName string) bool {
// GetUsage reports total size in bytes consumed by a thin-device.
// It relies on the number of used blocks reported by 'dmsetup status'.
// The output looks like:
// device2: 0 204800 thin 17280 204799
//
// device2: 0 204800 thin 17280 204799
//
// Where 17280 is the number of used sectors
func (p *PoolDevice) GetUsage(deviceName string) (int64, error) {
status, err := dmsetup.Status(deviceName)

26
snapshots/snapshotter.go
View File

@ -153,10 +153,10 @@ type WalkFunc func(context.Context, Info) error
// For consistency, we define the following terms to be used throughout this
// interface for snapshotter implementations:
//
// `ctx` - refers to a context.Context
// `key` - refers to an active snapshot
// `name` - refers to a committed snapshot
// `parent` - refers to the parent in relation
// `ctx` - refers to a context.Context
// `key` - refers to an active snapshot
// `name` - refers to a committed snapshot
// `parent` - refers to the parent in relation
//
// Most methods take various combinations of these identifiers. Typically,
// `name` and `parent` will be used in cases where a method *only* takes
@ -167,7 +167,7 @@ type WalkFunc func(context.Context, Info) error
//
// We cover several examples below to demonstrate the utility of the snapshotter.
//
// Importing a Layer
// # Importing a Layer
//
// To import a layer, we simply have the snapshotter provide a list of
// mounts to be applied such that our dst will capture a changeset. We start
@ -184,7 +184,7 @@ type WalkFunc func(context.Context, Info) error
// "containerd.io/gc.root": time.Now().UTC().Format(time.RFC3339),
// })
// mounts, err := snapshotter.Prepare(ctx, key, "", noGcOpt)
// if err != nil { ... }
// if err != nil { ... }
//
// We get back a list of mounts from snapshotter.Prepare(), with the key identifying
// the active snapshot. Mount this to the temporary location with the
@ -201,8 +201,8 @@ type WalkFunc func(context.Context, Info) error
//
// layer, err := os.Open(layerPath)
// if err != nil { ... }
// digest, err := unpackLayer(tmpLocation, layer) // unpack into layer location
// if err != nil { ... }
// digest, err := unpackLayer(tmpLocation, layer) // unpack into layer location
// if err != nil { ... }
//
// When the above completes, we should have a filesystem that represents the
// contents of the layer. Careful implementations should verify that digest
@ -220,30 +220,30 @@ type WalkFunc func(context.Context, Info) error
// Now, we have a layer in the snapshotter that can be accessed with the digest
// provided during commit.
//
// Importing the Next Layer
// # Importing the Next Layer
//
// Making a layer depend on the above is identical to the process described
// above except that the parent is provided as parent when calling
// snapshotter.Prepare(), assuming a clean, unique key identifier:
//
// mounts, err := snapshotter.Prepare(ctx, key, parentDigest, noGcOpt)
// mounts, err := snapshotter.Prepare(ctx, key, parentDigest, noGcOpt)
//
// We then mount, apply and commit, as we did above. The new snapshot will be
// based on the content of the previous one.
//
// Running a Container
// # Running a Container
//
// To run a container, we simply provide snapshotter.Prepare() the committed image
// snapshot as the parent. After mounting, the prepared path can
// be used directly as the container's filesystem:
//
// mounts, err := snapshotter.Prepare(ctx, containerKey, imageRootFSChainID)
// mounts, err := snapshotter.Prepare(ctx, containerKey, imageRootFSChainID)
//
// The returned mounts can then be passed directly to the container runtime. If
// one would like to create a new image from the filesystem, snapshotter.Commit() is
// called:
//
// if err := snapshotter.Commit(ctx, newImageSnapshot, containerKey); err != nil { ... }
// if err := snapshotter.Commit(ctx, newImageSnapshot, containerKey); err != nil { ... }
//
// Alternatively, for most container runs, snapshotter.Remove() will be called to
// signal the snapshotter to abandon the changes.

15
snapshots/testsuite/testsuite.go
View File

@ -505,7 +505,7 @@ func checkDeletedFilesInChildSnapshot(ctx context.Context, t *testing.T, snapsho
}
//Create three layers. Deleting intermediate layer must fail.
// Create three layers. Deleting intermediate layer must fail.
func checkRemoveIntermediateSnapshot(ctx context.Context, t *testing.T, snapshotter snapshots.Snapshotter, work string) {
base, err := snapshotterPrepareMount(ctx, snapshotter, "base", "", work)
@ -559,12 +559,13 @@ func checkRemoveIntermediateSnapshot(ctx context.Context, t *testing.T, snapshot
// baseTestSnapshots creates a base set of snapshots for tests, each snapshot is empty
// Tests snapshots:
// c1 - committed snapshot, no parent
// c2 - committed snapshot, c1 is parent
// a1 - active snapshot, c2 is parent
// a1 - active snapshot, no parent
// v1 - view snapshot, v1 is parent
// v2 - view snapshot, no parent
//
// c1 - committed snapshot, no parent
// c2 - committed snapshot, c1 is parent
// a1 - active snapshot, c2 is parent
// a1 - active snapshot, no parent
// v1 - view snapshot, v1 is parent
// v2 - view snapshot, no parent
func baseTestSnapshots(ctx context.Context, snapshotter snapshots.Snapshotter) error {
if _, err := snapshotter.Prepare(ctx, "c1-a", "", opt); err != nil {
return err