We can use cross repository push feature to reuse the existing blobs in
the same registry. Before make push fast, we know where the blob comes
from.
Use the `containerd.io/distribution.source. = [,]` as label format. For
example, the blob is downloaded by the docker.io/library/busybox:latest
and the label will be
containerd.io/distribution.source.docker.io = library/busybox
If the blob is shared by different repos in the same registry, the repo
name will be appended, like:
containerd.io/distribution.source.docker.io = library/busybox,x/y
NOTE:
1. no need to apply for legacy docker image schema1.
2. the concurrent fetch actions might miss some repo names in label, but
it is ok.
3. it is optional. no need to add label if the engine only uses images
not push.
Signed-off-by: Wei Fu <fuweid89@gmail.com>
This includes an improved fix for CVE-2019-5736 to reduce the
increased memory-consumption introduced by the original patch,
RHEL 7.6 getting into a loop due to a kernel bug in those kernels,
and improve compatibility with older kernels.
changes included:
- opencontainers/runc#1973 Vendor opencontainers/runtime-spec 29686dbc
- opencontainers/runc#1978 Remove detection for scope properties, which have always been broken
- opencontainers/runc#1963 Vendor in go-criu and use it for CRIU's RPC definition
- opencontainers/runc#1995 exec: expose --preserve-fds
- opencontainers/runc#2000 fix preserve-fds flag may cause runc hang
- opencontainers/runc#1968 Create bind mount mountpoints during restore
- opencontainers/runc#1984 nsenter: cloned_binary: "memfd" cleanups
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Containerd has its own ParseSignal and AtomicWriteFile implementation.
So there's no need to use these function from github.com/docker/docker.
Signed-off-by: Shengjing Zhu <i@zhsj.me>
Make sure that Annotations we write into ocispec.Descriptors are
written into the store and can be read back.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
If user sets debug mode, the command push should only show the debug log
information. If the stdout is with flush by the progress status, it is
hard to see the debug log.
Signed-off-by: Wei Fu <fuweid89@gmail.com>
Currently the objects which can retain content from labels
are limited. This limitation has required clients to work
around this and and in some cases add outside reference
counting (e.g. buildkit keeping content for snapshots).
Updated the logic to treat content and snapshot labels equally
and simplified the code in the process.
Signed-off-by: Derek McGowan <derek@mcgstyle.net>
This removes the signalMap on unix platform, since
the signalMap on different architectures is not same,
especially it's wrong on mipsx.
golang.org/x/sys/unix now has a SignalNum func to convert
signal name to a number, thus there's no need to keep
this redundant map.
Windows platform still needs to have a signalMap, since
golang.org/x/sys/windows doesn't have corresponding
functions.
Address: #3061
Signed-off-by: Shengjing Zhu <zhsj@debian.org>
With the change to unified shims (ie: 1 shim per multiple tasks) the shimLog
on Windows for the 2nd-Nth worload containers will not have an associated
named pipe listener.
Due to a subtle bug in errors.Wrap passing a nil error we would unblock the
disconnected listener and return 0 byte successfull reads which would cause go
to continually read and cap the CPU.
Signed-off-by: Justin Terry (VM) <juterry@microsoft.com>
