This reverts commit 1ef4bda433.
Previously we were downgrading mingw to work around an issue in the race
detector in Go on Windows when used with a newer version of GCC. The
issue was first reported here:
golang/go#46099
Shortly after the release of 1.19 someone had commented this issue was
solved for them, and after trying it out in some test runs on actions
machines, it seems to be the case. Disabling ASLR got things in order, and
PIE was disabled for -race builds in 1.19, so this is likely the reason
things work now:
0c7fcf6bd1.
The downgrade was mostly harmless except for two shortcomings:
1. It took quite a while for the package to get downloaded+installed.
2. Chocolatey would frequently fail to download with `The remote file
either doesn't exist, is unauthorized, or is forbidden for url ...
Exception calling "GetResponse" with "0" argument(s): "The request
was aborted: Could not create SSL/TLS secure channel."` Restarting the
failed run would often resolve this, but a 50-50 shot of things working
is not a great situation.
Signed-off-by: Daniel Canter <dcanter@microsoft.com>
It is follow-up of #7254. This commit will increase ReadHeaderTimeout
from 3s to 30m, which prevent from unexpected timeout when the node is
running with high-load. 30 Minutes is longer enough to get close to
before what #7254 changes.
And ideally, we should allow user to configure the streaming server if
the users want this feature.
Signed-off-by: Wei Fu <fuweid89@gmail.com>
Previously in the Windows shim, killing a task that has already exited
or a task that has not yet been started, yielded an ErrNotFound. We now
return nil, which is in line with how the linux runtime behaves, so remove
the special case we had in TestContainerdRestart for this.
Signed-off-by: Daniel Canter <dcanter@microsoft.com>
This contains quite a bit (also bumps google/uuid to 1.3.0). Some HostProcess
container improvements to get ready for whenever it goes to stable in
Kubernetes, Hyper-V (windows) container support for CRI, and a plethora of
other small additions and fixes.
Signed-off-by: Daniel Canter <dcanter@microsoft.com>
Release builds are performed from within a Dockerfile-defined
environment and do not require Go to be installed in the GitHub Actions
runner environment.
Signed-off-by: Samuel Karp <samuelkarp@google.com>
In the 1.6.7 release, we saw significantly longer execution time for
producing builds that exceeded the previous timeout of 10 minutes,
causing the workflow to fail. After increasing to 20 minutes in the
release/1.6 branch, we continued to see one failure (which succeeded on
retry).
Increase to 30 minutes to provide additional buffer for the build to
complete.
Signed-off-by: Samuel Karp <samuelkarp@google.com>
Partially revert 0e56e4f9ff
Rollback the build environment from Ubuntu 22.04 to 18.04, except for riscv64 that isn't supported by Ubuntu 18.04.
Fix issue 7255 (`1.6.7 can't be run on Ubuntu LTS 20.04 (GLIBC_2.34 not found)`)
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
Update Go runtime to 1.18.5 to address CVE-2022-32189.
Full diff:
https://github.com/golang/go/compare/go1.18.4...go1.18.5
--------------------------------------------------------
From the security announcement:
https://groups.google.com/g/golang-announce/c/YqYYG87xB10
We have just released Go versions 1.18.5 and 1.17.13, minor point
releases.
These minor releases include 1 security fixes following the security
policy:
encoding/gob & math/big: decoding big.Float and big.Rat can panic
Decoding big.Float and big.Rat types can panic if the encoded message is
too short.
This is CVE-2022-32189 and Go issue https://go.dev/issue/53871.
View the release notes for more information:
https://go.dev/doc/devel/release#go1.18.5
Signed-off-by: Daniel Canter <dcanter@microsoft.com>
Previously we were reassigning os.Stderr to the panic.log file we create
when getting asked to run Containerd as a Windows service. The panic.log
file was used as a means to easily collect panic stacks as Windows
services don't have regular standard IO, and the usual recommendation
is to either write to the event log or just to a file in the case of
running as a service.
One place where this panic.log flow was biting us was with shim logging,
which is forwarded from the shim and copied to os.Stderr directly which was
causing shim logs to get forwarded to this panic.log file instead of just
panics. We expose an additional `--log-file` flag if you ask to run a
windows service which is the main way you'd get Containerd logs, and with
this change all of the shim logging which would today end up in panic.log
will now also go to this log file.
Signed-off-by: Daniel Canter <dcanter@microsoft.com>
