If there is not specific host config, like ctr does, the resolver will
fail to get host path. And this patch is to add default host config if
needs.
And default config host config should have all caps for pull and push.
Signed-off-by: Wei Fu <fuweid89@gmail.com>
- relates to moby/buildkit 1111
- relates to moby/buildkit 1079
- relates to docker/buildx 129
full diff: 9461782956...e31b211e4f
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
I missed this in my previous change: the ctr man page is also
in Section 8, because it's considered an administrative tool,
and containerd-config is related to containerd so updating these
as well.
This commit also fixes naming of the generated files, which was
hard-coded to .1.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The generated file was incorrectly named containerd.1 and should
be in section 8 (see [MAN-PAGES(7)]: Sections of the manual pages)
This patch fixes the filename and updates references to containerd(1)
to refer to containerd(8).
The generated file itself already had the correct section set in its
header, so didn't need updating.
[MAN-PAGES(7)]: http://man7.org/linux/man-pages/man7/man-pages.7.html
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Moved registry host configuration to the config package
and allows support of loading configurations from a
directory when the hosts are being resolved.
Signed-off-by: Derek McGowan <derek@mcgstyle.net>
Add configuration toml file format and configuration
function to configure registry hosts from a directory
based configuration. Compatible with Docker registry
certificate loading.
Signed-off-by: Derek McGowan <derek@mcgstyle.net>
Add `remotes/certutil` functions for loading `ca.crt`, `client.cert`, and `client.key` into `tls.Config` from a directory like `/etc/docker/certs.d/<hostname>.
See https://docs.docker.com/engine/security/certificates/ .
Client applications including CRI plugin are expected to configure the resolver using these functions.
As an example, the `ctr` tool is extended to support `ctr images pull --certs-dir=/etc/docker/certs.d example.com/foo/bar:baz`.
Tested with Harbor 1.8.
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
This makes the metrics package more extensible by allowing the default name of
`container_id` to be changed by the package caller.
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
Only delete files which are FIFOs and only delete directories
which are empty after deleting FIFOs.
Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>
Relates to https://patchwork.kernel.org/patch/10756415/
Added to whitelist:
- `clock_getres_time64` (equivalent of `clock_getres`, which was whitelisted)
- `clock_gettime64` (equivalent of `clock_gettime`, which was whitelisted)
- `clock_nanosleep_time64` (equivalent of `clock_nanosleep`, which was whitelisted)
- `futex_time64` (equivalent of `futex`, which was whitelisted)
- `io_pgetevents_time64` (equivalent of `io_pgetevents`, which was whitelisted)
- `mq_timedreceive_time64` (equivalent of `mq_timedreceive`, which was whitelisted)
- `mq_timedsend_time64 ` (equivalent of `mq_timedsend`, which was whitelisted)
- `ppoll_time64` (equivalent of `ppoll`, which was whitelisted)
- `pselect6_time64` (equivalent of `pselect6`, which was whitelisted)
- `recvmmsg_time64` (equivalent of `recvmmsg`, which was whitelisted)
- `rt_sigtimedwait_time64` (equivalent of `rt_sigtimedwait`, which was whitelisted)
- `sched_rr_get_interval_time64` (equivalent of `sched_rr_get_interval`, which was whitelisted)
- `semtimedop_time64` (equivalent of `semtimedop`, which was whitelisted)
- `timer_gettime64` (equivalent of `timer_gettime`, which was whitelisted)
- `timer_settime64` (equivalent of `timer_settime`, which was whitelisted)
- `timerfd_gettime64` (equivalent of `timerfd_gettime`, which was whitelisted)
- `timerfd_settime64` (equivalent of `timerfd_settime`, which was whitelisted)
- `utimensat_time64` (equivalent of `utimensat`, which was whitelisted)
Not added to whitelist:
- `clock_adjtime64` (equivalent of `clock_adjtime`, which was not whitelisted)
- `clock_settime64` (equivalent of `clock_settime`, which was not whitelisted)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
If runtime is not runc, it doesn't make sense to send runc Options
as container create options, which will confuse other runtimes and
it actually causes kata shimv2 to fail to unmarshal the requset.
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
handleLChmod() does not properly check that files behind the handlinks exist
before calling os.Chmod(). We've seen base images where this results in
"no such file or directory" error from os.Chmod() when unpacking the image.
To keep the existing logic but fix the problem, this commit simply skips
IsNotExist error.
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
