The userns package in libcontainer was integrated into the moby/sys/user
module at commit [3778ae603c706494fd1e2c2faf83b406e38d687d][1].
This patch deprecates the containerd fork of that package, and adds it as
an alias for the moby/sys/user/userns package.
[1]: 3778ae603c
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
There's a couple spots where we know exactly how large
the destination buffer should be, so pre-size these to
avoid any reallocs to a higher capacity.
Signed-off-by: Danny Canter <danny@dcantah.dev>
This functionality is not directly related to containerd and could move
to external package at some point.
Signed-off-by: Derek McGowan <derek@mcg.dev>
Implement calls to the fsverity kernel module, allowing containerd to
enable fsverity on blob data in the content store. This causes fsverity
to veirfy the integrity of blob data when the blob is read.
Signed-off-by: James Jenkins <James.Jenkins@ibm.com>
The behavior of this function is quite counter-intuitive, as it preserves
the delimiter in the result, and its use for external consumers would be
very limited.
Spec.Digest no longer uses this function, and it appears that BuildKit is
currently the only (publicly visible) external consumer of it.
This patch deprecates the function.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The behavior of this function is quite counter-intuitive, as it preserves
the delimiter in the result. This function should probably have been an
internal function, as its use for external consumers would be very limited,
but let's at least document the (surprising) behavior for those that are
considering to use it.
It appears that BuildKit is currently the only (publicly visible) external
consumer of this function; I am planning to inline its functionality in
Spec.Digest() and to deprecate this function so that it can be removed.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
These were straight concatenations of strings; reduce some allocations by
removing fmt.Sprintf for this.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
While the hook is intended to be used with logrus, we don't need to have
the direct import; use the aliases provided by the containerd/log module
instead.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This just replaces some type casts to check whether a few dial errors are
a specific syscall with the stdlibs errors.As/errors.Is pals.
Signed-off-by: Danny Canter <danny@dcantah.dev>
Allow the api to stay at the same v1 go package name and keep using a
1.x version number. This indicates the API is still at 1.x and allows
sharing proto types with containerd 1.6 and 1.7 releases.
Signed-off-by: Derek McGowan <derek@mcg.dev>
This makes use of pkg/sys's IgnoringEintr function
to clean up some of the redundant eintr loops we
had laying around.
Signed-off-by: Danny Canter <danny@dcantah.dev>
We have quite a few pieces of code laying around containerd
that all loop and ignore eintr as they make syscalls directly
(or use a unix/syscall wrapper) because there's no stdlib
equivalent. This adds a small utility to pkg/sys that we can
use for all of these spots.
Signed-off-by: Danny Canter <danny@dcantah.dev>
This includes migrating from cdi.GetRegistry() to cdi.Configure() and
using top-level cdi Refresh and InjectDevices functions as applicable.
Signed-off-by: Evan Lezar <elezar@nvidia.com>
This pacakge is only used internally in the cri package, which is an internal
packages, so we can make the utility internal as well.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This pacakge is only used internally in the cri package, which is an internal
packages, so we can make the utility internal as well.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
NRI is still newer and mostly used by CRI plugin. Keep the package in
internal to allow for interfaces as the project matures.
Signed-off-by: Derek McGowan <derek@mcg.dev>
These are standard environment variables described by the otel spec in
https://opentelemetry.io/docs/specs/otel/configuration/sdk-environment-variables/.
The old config options are removed
Also since otel will by default try to connect to https://localhost:4318
if no endpoint is set, this will also just disable the otlp plugin when
there is no endpoint so we don't have otel continuously trying to
connect to the default endpoint, littering the logs with connection
failure messages and collecting traces that won't go anywhere.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
