This brings over the enhancement from a506630e57.
We don't expect the systemd state to change while containerd is running,
so we can use a `sync.Once` for this, to prevent stat'ing each time.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
runc considers libcontainer to be "unstable" (not for external use),
so we try not to use it. Commit ed47d6ba76
brought back the dependency on other parts of libcontainer, but looks to
be only depending on a single utility, which in itself was borrowed from
github.com/coreos/go-systemd to not introduce CGO code in the same package.
This patch copies the version from github.com/coreos/go-systemd (adding
proper attribution, although the function is pretty trivial).
runc is in process of moving the libcontainer/user package to an external
module, which means we can remove the dependency on libcontainer entirely
in the near future. There is one more use of `libcontainer` in our vendor
tree; it looks like CDI is depending on one utility (devices.DeviceFromPath);
a943033a8b/vendor/github.com/container-orchestrated-devices/container-device-interface/pkg/cdi/container-edits_unix.go (L38)
We should remove the dependency on that utility, and add a CI check to
prevent bringing it back.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The Go stdlib does not seem to have an efficient os.File.ReadFrom
routine for other platforms like it does on Linux with
copy_file_range. For Darwin at least we can use clonefile
in its place, otherwise if we have a sparse file we'd have
a fun surprise with the io.Copy approach..
We should see if there's other platforms that we can enhance here.
I've forgotten what's the right route on Windows.
Signed-off-by: Danny Canter <danny@dcantah.dev>
Update the garbage collector to support image expiration along with
support for image leasing. This allows making images collectible during
garbage collection and using a lease to prevent removal of an image.
Signed-off-by: Derek McGowan <derek@mcg.dev>
The metadata is small and useful for viewing all platforms
for an image and enabling push back to the same registry.
Signed-off-by: Derek McGowan <derek@mcg.dev>
When a blob does not exist locally, rather than erroring on info
lookup, inherit the parent distribution sources. Push is able
to succeed even if the blob does not exist locally when a cross
repository mount is done. This is a common operation pushing a
multi-platform image to the same registry but different namespace.
Signed-off-by: Derek McGowan <derek@mcg.dev>
The failed to recover state message didn't include the ID making this
not as useful as it could be..
This additionally moves some of the other logs to include the id for
the sandbox/container as a field instead of part of a format string.
Signed-off-by: Danny Canter <danny@dcantah.dev>
The reference/docker package was a fork of github.com/distribution/distribution,
which could not easily be used as a direct dependency, as it brought many other
dependencies with it.
The "reference' package has now moved to a separate repository, which means
we can replace the local fork, and use the upstream implementation again.
The new module was extracted from the distribution repository at commit:
b9b19409cf
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This reverts commit 778ac302b2.
(slightly modified, due to changes that were merged after that).
The reverted commit had two elements;
- Make `G` an actual function to improve the documentation
- Prevent `G` from being overwritten externally
From the commit that's reverted:
> The `G` variable is exported, and not expected to be overwritten
> externally. Defining it as a function also documents it as a function
> on https://pkg.go.dev, instead of a variable; https://pkg.go.dev/github.com/containerd/containerd@v1.6.22/log#pkg-variables
While it's unclear if the ability to replace the implementation was
_intentional_, it's this part that some external consumers were (ab)using.
We should look into that part in a follow-up, and design for this, for
example by providing a utility to replace the logger, and properly document
that.
In the meantime, let's revert the change.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
hcsshim tags v0.10.* is deprecated, so using the new
v0.12.0-rc.* versioning for hcsshim tags on containerd/main
Signed-off-by: Kirtana Ashok <kiashok@microsoft.com>
- For remote snapshotters, the unpack phase serves as an important step for
preparing the remote snapshot. With the missing unpacker.Wait, the
snapshotter `Prepare` context is always canceled.
- This patch allows remote snapshotter based archives to be imported via
the transfer service or `ctr image import`
Signed-off-by: Edgar Lee <edgarhinshunlee@gmail.com>
Somewhat similar to how we supply the version of runc to grab for testing via
a file in script/, this change supplies the Windows shim version to build off
of via a file in the same directory. This seems like a decent home given it now
lives next to the script that pulls and builds the shim to include in our build
artifacts/locally.
The motivation behind this change is:
Cut down on unneccessary hcsshim vendorings if no library code for containerd
changed. It was some what clunky how the Windows builds work today. The Windows
shim is developed out of tree at github.com/microsoft/hcsshim. To let containerd know
what tag to build the shim off of we'd vendor hcsshim into containerd, and then
parse the version string from go.mod, fetch this tag, and then build the shim and
include it in our artifacts. As mentioned, often times the vendoring would bring in
no actual changes that would affect containerd's usage of hcsshim as a library, and
would just serve as a means to bump the version of the containerd shim we should build.
Now this process can be a one line change and we can avoid the possible headaches that come
with bumping go.mod (bumping other unrelated deps etc.)
Signed-off-by: Danny Canter <danny@dcantah.dev>
From the Go docs:
"For a nil slice, the number of iterations is 0." [1]
Both `info.RootFS` and `host.clientPairs` are slices. Therefore, an
additional nil check for before the loop is unnecessary.
[1]: https://go.dev/ref/spec#For_range
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
This was the only option not configurable from the toml for the plugin.
This is useful if you want to restart containerd and try a different
blockfile/size for the snapshotter.
Signed-off-by: Danny Canter <danny@dcantah.dev>
