forkAndMountat forks a process to chdir then mount layers. Signals are
blocked (using runtime_beforeFork) during fork.
There is a race condition that the child process finishes before the
parent process is scheduled and can unblock signal handling. The SIGCHLD
signal sent from the finished process may have been delivered to the
shim process's reaper thread and caused the parent process fail with
ECHLD error.
This patch sets up a pipe for communication between child and parent
instead of waiting for child exit status.
Fixes#4009.
Signed-off-by: Haitao Li <hli@atlassian.com>
Also few changes to names of workflow jobs. Integration tests can get
canceled without full completing at 10 minutes. Make sure we only use
checkout v2 action.
Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>
If there is not specific host config, like ctr does, the resolver will
fail to get host path. And this patch is to add default host config if
needs.
And default config host config should have all caps for pull and push.
Signed-off-by: Wei Fu <fuweid89@gmail.com>
- relates to moby/buildkit 1111
- relates to moby/buildkit 1079
- relates to docker/buildx 129
full diff: 9461782956...e31b211e4f
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
I missed this in my previous change: the ctr man page is also
in Section 8, because it's considered an administrative tool,
and containerd-config is related to containerd so updating these
as well.
This commit also fixes naming of the generated files, which was
hard-coded to .1.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The generated file was incorrectly named containerd.1 and should
be in section 8 (see [MAN-PAGES(7)]: Sections of the manual pages)
This patch fixes the filename and updates references to containerd(1)
to refer to containerd(8).
The generated file itself already had the correct section set in its
header, so didn't need updating.
[MAN-PAGES(7)]: http://man7.org/linux/man-pages/man7/man-pages.7.html
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Moved registry host configuration to the config package
and allows support of loading configurations from a
directory when the hosts are being resolved.
Signed-off-by: Derek McGowan <derek@mcgstyle.net>
Add configuration toml file format and configuration
function to configure registry hosts from a directory
based configuration. Compatible with Docker registry
certificate loading.
Signed-off-by: Derek McGowan <derek@mcgstyle.net>
Add `remotes/certutil` functions for loading `ca.crt`, `client.cert`, and `client.key` into `tls.Config` from a directory like `/etc/docker/certs.d/<hostname>.
See https://docs.docker.com/engine/security/certificates/ .
Client applications including CRI plugin are expected to configure the resolver using these functions.
As an example, the `ctr` tool is extended to support `ctr images pull --certs-dir=/etc/docker/certs.d example.com/foo/bar:baz`.
Tested with Harbor 1.8.
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
