If the context is cancelled during `shim.Create()`, such as the client
disconnects unexpectedly. The created shim will never be deleted.
What's more, if the context is cancelled during `openShimLog()`, the
fifo will be closed and block the shim output.
Signed-off-by: Li Yuxuan <liyuxuan04@baidu.com>
Though containerd gives ChainID to backend snapshotters during unpack for
searching snapshots to be skipped downloading the contents, ChainID isn't enough
for some snapshotters which require additional information of layers.
Some examples are remote snapshotters which is based on stargz filesystem
(requires image-related information to query the contents to docker registry)
and those which is based on CernVM-FS (requires manifest digest, etc. for
providing squashed rootfs).
This commit solves this issue by enabling a handler to inject additional
information of layers to snapshotters during unpack.
Signed-off-by: Kohei Tokunaga <ktokunaga.mail@gmail.com>
Previously, the platform was closed as part of the Delete method when the
process was an init for a task and there were no more tasks after its deletion.
This can create problems if another task is created within the shim right after
the delete runs, which results in the platform being closed but the shim
continuing to run.
This change moves closing the platform to the Shutdown method after the shim's
context is canceled, which ensures the platform is only closed once the shim
is sure its done servicing containers.
Signed-off-by: Erik Sipsma <sipsma@amazon.com>
Temporarily disable criu tests until the 5.0.0 CI kernel issue is
resolved. Also update criu to v3.13
Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>
Fix `buildkitd --group GROUP` issue when `/run/buildkit` already exists
and is owned by the root.
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
This commit improves the fallback behaviour when resolving and
fetching images with multiple hosts. If an error is encountered
when resolving and fetching images, and more than one host is being
used, we will try the same operation on the next host. The error
from the first host is preserved so that if all hosts fail, we can
display the error from the first host.
fixes#3850
Signed-off-by: Alex Price <aprice@atlassian.com>
Registries may allow using token authorization without
explicitly setting the scope. This may cover use cases where
no scope is required for an endpoint or the registry is only
covering authentication using the token. This aligns with the
oauth2 spec which specifies the scope as optional.
Signed-off-by: Derek McGowan <derek@mcgstyle.net>
* Only use bash where needed (scripts with pipes that use -o pipefail)
* Make string comparisons POSIX compatible
* Handle whitespace(s) in GOPATH
* Remove superfluous quotes in variable assignments
Change-Id: If1ea55f06f402ded646b5085d4837c0996f90fab
Signed-off-by: Joakim Roubert <joakimr@axis.com>
