3 年之前 · 77d8292e5d
--- a/vendor.mod
+++ b/vendor.mod
@@ -18,7 +18,7 @@ require (
 
															 	github.com/bsphere/le_go v0.0.0-20170215134836-7a984a84b549
														
 
															 	github.com/cloudflare/cfssl v0.0.0-20180323000720-5d63dbd981b5
														
 
															 	github.com/containerd/cgroups v1.0.3
														
 
															-	github.com/containerd/containerd v1.5.9
														
 
															+	github.com/containerd/containerd v1.5.10
														
 
															 	github.com/containerd/continuity v0.2.2
														
 
															 	github.com/containerd/fifo v1.0.0
														
 
															 	github.com/containerd/typeurl v1.0.2
														
--- a/vendor.sum
+++ b/vendor.sum
@@ -157,8 +157,8 @@ github.com/containerd/containerd v1.5.0-rc.0/go.mod h1:V/IXoMqNGgBlabz3tHD2TWDoT
 
															 github.com/containerd/containerd v1.5.1/go.mod h1:0DOxVqwDy2iZvrZp2JUx/E+hS0UNTVn7dJnIOwtYR4g=
														
 
															 github.com/containerd/containerd v1.5.2/go.mod h1:0DOxVqwDy2iZvrZp2JUx/E+hS0UNTVn7dJnIOwtYR4g=
														
 
															 github.com/containerd/containerd v1.5.7/go.mod h1:gyvv6+ugqY25TiXxcZC3L5yOeYgEw0QMhscqVp1AR9c=
														
 
															-github.com/containerd/containerd v1.5.9 h1:rs6Xg1gtIxaeyG+Smsb/0xaSDu1VgFhOCKBXxMxbsF4=
														
 
															-github.com/containerd/containerd v1.5.9/go.mod h1:fvQqCfadDGga5HZyn3j4+dx56qj2I9YwBrlSdalvJYQ=
														
 
															+github.com/containerd/containerd v1.5.10 h1:3cQ2uRVCkJVcx5VombsE7105Gl9Wrl7ORAO3+4+ogf4=
														
 
															+github.com/containerd/containerd v1.5.10/go.mod h1:fvQqCfadDGga5HZyn3j4+dx56qj2I9YwBrlSdalvJYQ=
														
 
															 github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
														
 
															 github.com/containerd/continuity v0.0.0-20190815185530-f2a389ac0a02/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
														
 
															 github.com/containerd/continuity v0.0.0-20191127005431-f65d91d395eb/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
														
--- a/vendor/github.com/containerd/containerd/.golangci.yml
+++ b/vendor/github.com/containerd/containerd/.golangci.yml
@@ -6,7 +6,7 @@ linters:
 
															     - unconvert
														
 
															     - gofmt
														
 
															     - goimports
														
 
															-    - golint
														
 
															+    - revive
														
 
															     - ineffassign
														
 
															     - vet
														
 
															     - unused
														
--- a/vendor/github.com/containerd/containerd/Vagrantfile
+++ b/vendor/github.com/containerd/containerd/Vagrantfile
@@ -77,7 +77,7 @@ Vagrant.configure("2") do |config|
 
															   config.vm.provision "install-golang", type: "shell", run: "once" do |sh|
														
 
															     sh.upload_path = "/tmp/vagrant-install-golang"
														
 
															     sh.env = {
														
 
															-        'GO_VERSION': ENV['GO_VERSION'] || "1.16.12",
														
 
															+        'GO_VERSION': ENV['GO_VERSION'] || "1.16.14",
														
 
															     }
														
 
															     sh.inline = <<~SHELL
														
 
															         #!/usr/bin/env bash
														
--- a/vendor/github.com/containerd/containerd/oci/spec_opts.go
+++ b/vendor/github.com/containerd/containerd/oci/spec_opts.go
@@ -590,6 +590,8 @@ func WithUser(userstr string) SpecOpts {
 
															 			if err != nil {
														
 
															 				return err
														
 
															 			}
														
 
															+
														
 
															+			mounts = tryReadonlyMounts(mounts)
														
 
															 			return mount.WithTempMount(ctx, mounts, f)
														
 
															 		default:
														
 
															 			return fmt.Errorf("invalid USER value %s", userstr)
														
@@ -643,6 +645,8 @@ func WithUserID(uid uint32) SpecOpts {
 
															 		if err != nil {
														
 
															 			return err
														
 
															 		}
														
 
															+
														
 
															+		mounts = tryReadonlyMounts(mounts)
														
 
															 		return mount.WithTempMount(ctx, mounts, func(root string) error {
														
 
															 			user, err := UserFromPath(root, func(u user.User) bool {
														
 
															 				return u.Uid == int(uid)
														
@@ -692,6 +696,8 @@ func WithUsername(username string) SpecOpts {
 
															 			if err != nil {
														
 
															 				return err
														
 
															 			}
														
 
															+
														
 
															+			mounts = tryReadonlyMounts(mounts)
														
 
															 			return mount.WithTempMount(ctx, mounts, func(root string) error {
														
 
															 				user, err := UserFromPath(root, func(u user.User) bool {
														
 
															 					return u.Name == username
														
@@ -776,6 +782,8 @@ func WithAdditionalGIDs(userstr string) SpecOpts {
 
															 		if err != nil {
														
 
															 			return err
														
 
															 		}
														
 
															+
														
 
															+		mounts = tryReadonlyMounts(mounts)
														
 
															 		return mount.WithTempMount(ctx, mounts, setAdditionalGids)
														
 
															 	}
														
 
															 }
														
@@ -1264,3 +1272,21 @@ func WithDevShmSize(kb int64) SpecOpts {
 
															 		return ErrNoShmMount
														
 
															 	}
														
 
															 }
														
 
															+
														
 
															+// tryReadonlyMounts is used by the options which are trying to get user/group
														
 
															+// information from container's rootfs. Since the option does read operation
														
 
															+// only, this helper will append ReadOnly mount option to prevent linux kernel
														
 
															+// from syncing whole filesystem in umount syscall.
														
 
															+//
														
 
															+// TODO(fuweid):
														
 
															+//
														
 
															+// Currently, it only works for overlayfs. I think we can apply it to other
														
 
															+// kinds of filesystem. Maybe we can return `ro` option by `snapshotter.Mount`
														
 
															+// API, when the caller passes that experimental annotation
														
 
															+// `containerd.io/snapshot/readonly.mount` something like that.
														
 
															+func tryReadonlyMounts(mounts []mount.Mount) []mount.Mount {
														
 
															+	if len(mounts) == 1 && mounts[0].Type == "overlay" {
														
 
															+		mounts[0].Options = append(mounts[0].Options, "ro")
														
 
															+	}
														
 
															+	return mounts
														
 
															+}
														
--- a/vendor/github.com/containerd/containerd/version/version.go
+++ b/vendor/github.com/containerd/containerd/version/version.go
@@ -23,7 +23,7 @@ var (
 
															 	Package = "github.com/containerd/containerd"
														
 
															 	// Version holds the complete version number. Filled in at linking time.
														
 
															-	Version = "1.5.9+unknown"
														
 
															+	Version = "1.5.10+unknown"
														
 
															 	// Revision is filled with the VCS (e.g. git) revision being used to build
														
 
															 	// the program at linking time.
														
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -142,7 +142,7 @@ github.com/containerd/cgroups/v2/stats
 
															 # github.com/containerd/console v1.0.3
														
 
															 ## explicit; go 1.13
														
 
															 github.com/containerd/console
														
 
															-# github.com/containerd/containerd v1.5.9
														
 
															+# github.com/containerd/containerd v1.5.10
														
 
															 ## explicit; go 1.16
														
 
															 github.com/containerd/containerd
														
 
															 github.com/containerd/containerd/api/events