0ct0pu5/moby
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge pull request #45477 from thaJeztah/23.0_backport_vendor_containerd_1.6.21

Browse source 
[23.0 backport] vendor: github.com/containerd/containerd v1.6.21
This commit is contained in:
Tianon Gravi 2023-05-05 20:43:10 +00:00 committed by GitHub
commit e1c053637b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
47 changed files with 486 additions and 126 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
vendor.mod
View file

@ -12,14 +12,14 @@ require (
github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1
github.com/Graylog2/go-gelf v0.0.0-20191017102106-1550ee647df0
github.com/Microsoft/go-winio v0.5.2
github.com/Microsoft/hcsshim v0.9.7
github.com/Microsoft/hcsshim v0.9.8
github.com/RackSec/srslog v0.0.0-20180709174129-a4725f04ec91
github.com/armon/go-radix v1.0.1-0.20221118154546-54df44f2176c
github.com/aws/aws-sdk-go v1.37.0
github.com/bsphere/le_go v0.0.0-20200109081728-fc06dab2caa8
github.com/cloudflare/cfssl v0.0.0-20180323000720-5d63dbd981b5
github.com/containerd/cgroups v1.0.4
github.com/containerd/containerd v1.6.19
github.com/containerd/containerd v1.6.21
github.com/containerd/continuity v0.3.0
github.com/containerd/fifo v1.1.0
github.com/containerd/typeurl v1.0.2
@ -64,7 +64,7 @@ require (
github.com/moby/term v0.0.0-20221120202655-abb19827d345
github.com/morikuni/aec v1.0.0
github.com/opencontainers/go-digest v1.0.0
github.com/opencontainers/image-spec v1.0.3-0.20220303224323-02efb9a75ee1
github.com/opencontainers/image-spec v1.1.0-rc2.0.20221005185240-3a7f492d3f1b
github.com/opencontainers/runc v1.1.5
github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417
github.com/opencontainers/selinux v1.10.2
@ -105,7 +105,7 @@ require (
github.com/containerd/console v1.0.3 // indirect
github.com/containerd/go-runc v1.0.0 // indirect
github.com/containerd/stargz-snapshotter/estargz v0.11.3 // indirect
github.com/containerd/ttrpc v1.1.0 // indirect
github.com/containerd/ttrpc v1.1.1 // indirect
github.com/cyphar/filepath-securejoin v0.2.3 // indirect
github.com/dustin/go-humanize v1.0.0 // indirect
github.com/felixge/httpsnoop v1.0.2 // indirect

17
vendor.sum
View file

@ -100,8 +100,8 @@ github.com/Microsoft/hcsshim v0.8.14/go.mod h1:NtVKoYxQuTLx6gEq0L96c9Ju4JbRJ4nY2
github.com/Microsoft/hcsshim v0.8.15/go.mod h1:x38A4YbHbdxJtc0sF6oIz+RG0npwSCAvn69iY6URG00=
github.com/Microsoft/hcsshim v0.8.16/go.mod h1:o5/SZqmR7x9JNKsW3pu+nqHm0MF8vbA+VxGOoXdC600=
github.com/Microsoft/hcsshim v0.8.21/go.mod h1:+w2gRZ5ReXQhFOrvSQeNfhrYB/dg3oDwTOcER2fw4I4=
github.com/Microsoft/hcsshim v0.9.7 h1:mKNHW/Xvv1aFH87Jb6ERDzXTJTLPlmzfZ28VBFD/bfg=
github.com/Microsoft/hcsshim v0.9.7/go.mod h1:7pLA8lDk46WKDWlVsENo92gC0XFa8rbKfyFRBqxEbCc=
github.com/Microsoft/hcsshim v0.9.8 h1:lf7xxK2+Ikbj9sVf2QZsouGjRjEp2STj1yDHgoVtU5k=
github.com/Microsoft/hcsshim v0.9.8/go.mod h1:7pLA8lDk46WKDWlVsENo92gC0XFa8rbKfyFRBqxEbCc=
github.com/Microsoft/hcsshim/test v0.0.0-20201218223536-d3e5debf77da/go.mod h1:5hlzMzRKMLyo42nCZ9oml8AdTlq/0cvIaBv6tK1RehU=
github.com/Microsoft/hcsshim/test v0.0.0-20210227013316-43a75bb4edd3/go.mod h1:mw7qgWloBUl75W/gVH3cQszUg1+gUITj7D6NY7ywVnY=
github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ=
@ -243,8 +243,8 @@ github.com/containerd/containerd v1.5.0-beta.4/go.mod h1:GmdgZd2zA2GYIBZ0w09Zvgq
github.com/containerd/containerd v1.5.0-rc.0/go.mod h1:V/IXoMqNGgBlabz3tHD2TWDoTJseu1FGOKuoA4nNb2s=
github.com/containerd/containerd v1.5.1/go.mod h1:0DOxVqwDy2iZvrZp2JUx/E+hS0UNTVn7dJnIOwtYR4g=
github.com/containerd/containerd v1.5.7/go.mod h1:gyvv6+ugqY25TiXxcZC3L5yOeYgEw0QMhscqVp1AR9c=
github.com/containerd/containerd v1.6.19 h1:F0qgQPrG0P2JPgwpxWxYavrVeXAG0ezUIB9Z/4FTUAU=
github.com/containerd/containerd v1.6.19/go.mod h1:HZCDMn4v/Xl2579/MvtOC2M206i+JJ6VxFWU/NetrGY=
github.com/containerd/containerd v1.6.21 h1:eSTAmnvDKRPWan+MpSSfNyrtleXd86ogK9X8fMWpe/Q=
github.com/containerd/containerd v1.6.21/go.mod h1:apei1/i5Ux2FzrK6+DM/suEsGuK/MeVOfy8tR2q7Wnw=
github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
github.com/containerd/continuity v0.0.0-20190815185530-f2a389ac0a02/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
github.com/containerd/continuity v0.0.0-20191127005431-f65d91d395eb/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
@ -285,8 +285,9 @@ github.com/containerd/ttrpc v0.0.0-20190828172938-92c8520ef9f8/go.mod h1:PvCDdDG
github.com/containerd/ttrpc v0.0.0-20191028202541-4f1b8fe65a5c/go.mod h1:LPm1u0xBw8r8NOKoOdNMeVHSawSsltak+Ihv+etqsE8=
github.com/containerd/ttrpc v1.0.1/go.mod h1:UAxOpgT9ziI0gJrmKvgcZivgxOp8iFPSk8httJEt98Y=
github.com/containerd/ttrpc v1.0.2/go.mod h1:UAxOpgT9ziI0gJrmKvgcZivgxOp8iFPSk8httJEt98Y=
github.com/containerd/ttrpc v1.1.0 h1:GbtyLRxb0gOLR0TYQWt3O6B0NvT8tMdorEHqIQo/lWI=
github.com/containerd/ttrpc v1.1.0/go.mod h1:XX4ZTnoOId4HklF4edwc4DcqskFZuvXB1Evzy5KFQpQ=
github.com/containerd/ttrpc v1.1.1 h1:NoRHS/z8UiHhpY1w0xcOqoJDGf2DHyzXrF0H4l5AE8c=
github.com/containerd/ttrpc v1.1.1/go.mod h1:XX4ZTnoOId4HklF4edwc4DcqskFZuvXB1Evzy5KFQpQ=
github.com/containerd/typeurl v0.0.0-20180627222232-a93fcdb778cd/go.mod h1:Cm3kwCdlkCfMSHURc+r6fwoGH6/F1hH3S4sg0rLFWPc=
github.com/containerd/typeurl v0.0.0-20190911142611-5eb25027c9fd/go.mod h1:GeKYzf2pQcqv7tJ0AoCuuhtnqhva5LNU3U+OyKxxJpk=
github.com/containerd/typeurl v1.0.1/go.mod h1:TB1hUtrpaiO88KEK56ijojHS1+NeF0izUACaJW2mdXg=
@ -802,8 +803,8 @@ github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8
github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
github.com/opencontainers/image-spec v1.0.0/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0=
github.com/opencontainers/image-spec v1.0.1/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0=
github.com/opencontainers/image-spec v1.0.3-0.20220303224323-02efb9a75ee1 h1:9iFHD5Kt9hkOfeawBNiEeEaV7bmC4/Z5wJp8E9BptMs=
github.com/opencontainers/image-spec v1.0.3-0.20220303224323-02efb9a75ee1/go.mod h1:K/JAU0m27RFhDRX4PcFdIKntROP6y5Ed6O91aZYDQfs=
github.com/opencontainers/image-spec v1.1.0-rc2.0.20221005185240-3a7f492d3f1b h1:YWuSjZCQAPM8UUBLkYUk1e+rZcvWHJmFb6i6rM44Xs8=
github.com/opencontainers/image-spec v1.1.0-rc2.0.20221005185240-3a7f492d3f1b/go.mod h1:3OVijpioIKYWTqjiG0zfF6wvoJ4fAXGbjdZuI2NgsRQ=
github.com/opencontainers/runc v0.0.0-20190115041553-12f6a991201f/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
github.com/opencontainers/runc v0.1.1/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
github.com/opencontainers/runc v1.0.0-rc8.0.20190926000215-3e425f80a8c9/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
@ -899,7 +900,6 @@ github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6L
github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
github.com/rootless-containers/rootlesskit v1.1.0 h1:cRaRIYxY8oce4eE/zeAUZhgKu/4tU1p9YHN4+suwV7M=
github.com/rootless-containers/rootlesskit v1.1.0/go.mod h1:H+o9ndNe7tS91WqU0/+vpvc+VaCd7TCIWaJjnV0ujUo=
github.com/russross/blackfriday v1.6.0/go.mod h1:ti0ldHuxg49ri4ksnFxlkCfN+hvslNlmVHqNRXXJNAY=
github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
@ -1001,7 +1001,6 @@ github.com/willf/bitset v1.1.11/go.mod h1:83CECat5yLh5zVOf4P1ErAgKA5UDvKtgyUABdr
github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ=
github.com/xeipuuv/gojsonschema v0.0.0-20180618132009-1d523034197f/go.mod h1:5yf86TLmAcydyeJq5YvxkGPE2fm/u4myDekKRoLuqhs=
github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y=
github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU=
github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q=
github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=

42
vendor/github.com/containerd/containerd/.golangci.yml generated vendored
View file

@ -1,27 +1,55 @@
linters:
enable:
- structcheck
- varcheck
- staticcheck
- unconvert
- exportloopref # Checks for pointers to enclosing loop variables
- gofmt
- goimports
- revive
- gosec
- ineffassign
- vet
- unused
- misspell
- nolintlint
- revive
- staticcheck
- tenv # Detects using os.Setenv instead of t.Setenv since Go 1.17
- unconvert
- unused
- vet
- dupword # Checks for duplicate words in the source code
disable:
- errcheck
issues:
include:
- EXC0002
max-issues-per-linter: 0
max-same-issues: 0
# Only using / doesn't work due to https://github.com/golangci/golangci-lint/issues/1398.
exclude-rules:
- path: 'archive[\\/]tarheader[\\/]'
# conversion is necessary on Linux, unnecessary on macOS
text: "unnecessary conversion"
linters-settings:
gosec:
# The following issues surfaced when `gosec` linter
# was enabled. They are temporarily excluded to unblock
# the existing workflow, but still to be addressed by
# future works.
excludes:
- G204
- G305
- G306
- G402
- G404
run:
timeout: 8m
skip-dirs:
- api
- cluster
- design
- docs
- docs/man
- releases
- reports
- test # e2e scripts

2
vendor/github.com/containerd/containerd/Vagrantfile generated vendored
View file

@ -93,7 +93,7 @@ EOF
config.vm.provision "install-golang", type: "shell", run: "once" do |sh|
sh.upload_path = "/tmp/vagrant-install-golang"
sh.env = {
'GO_VERSION': ENV['GO_VERSION'] || "1.19.6",
'GO_VERSION': ENV['GO_VERSION'] || "1.19.9",
}
sh.inline = <<~SHELL
#!/usr/bin/env bash

2
vendor/github.com/containerd/containerd/api/services/containers/v1/containers.pb.go generated vendored
View file

@ -246,7 +246,7 @@ type ListContainersRequest struct {
// filters. Expanded, containers that match the following will be
// returned:
//
// filters[0] or filters[1] or ... or filters[n-1] or filters[n]
// filters[0] or filters[1] or ... or filters[n-1] or filters[n]
//
// If filters is zero-length or nil, all items will be returned.
Filters []string `protobuf:"bytes,1,rep,name=filters,proto3" json:"filters,omitempty"`

2
vendor/github.com/containerd/containerd/api/services/containers/v1/containers.proto generated vendored
View file

@ -132,7 +132,7 @@ message ListContainersRequest {
// filters. Expanded, containers that match the following will be
// returned:
//
// filters[0] or filters[1] or ... or filters[n-1] or filters[n]
// filters[0] or filters[1] or ... or filters[n-1] or filters[n]
//
// If filters is zero-length or nil, all items will be returned.
repeated string filters = 1;

2
vendor/github.com/containerd/containerd/api/services/content/v1/content.proto generated vendored
View file

@ -141,7 +141,7 @@ message ListContentRequest {
// filters. Expanded, containers that match the following will be
// returned:
//
// filters[0] or filters[1] or ... or filters[n-1] or filters[n]
// filters[0] or filters[1] or ... or filters[n-1] or filters[n]
//
// If filters is zero-length or nil, all items will be returned.
repeated string filters = 1;

2
vendor/github.com/containerd/containerd/api/services/images/v1/images.pb.go generated vendored
View file

@ -336,7 +336,7 @@ type ListImagesRequest struct {
// filters. Expanded, images that match the following will be
// returned:
//
// filters[0] or filters[1] or ... or filters[n-1] or filters[n]
// filters[0] or filters[1] or ... or filters[n-1] or filters[n]
//
// If filters is zero-length or nil, all items will be returned.
Filters []string `protobuf:"bytes,1,rep,name=filters,proto3" json:"filters,omitempty"`

2
vendor/github.com/containerd/containerd/api/services/images/v1/images.proto generated vendored
View file

@ -119,7 +119,7 @@ message ListImagesRequest {
// filters. Expanded, images that match the following will be
// returned:
//
// filters[0] or filters[1] or ... or filters[n-1] or filters[n]
// filters[0] or filters[1] or ... or filters[n-1] or filters[n]
//
// If filters is zero-length or nil, all items will be returned.
repeated string filters = 1;

2
vendor/github.com/containerd/containerd/api/services/introspection/v1/introspection.pb.go generated vendored
View file

@ -115,7 +115,7 @@ type PluginsRequest struct {
// filters. Expanded, plugins that match the following will be
// returned:
//
// filters[0] or filters[1] or ... or filters[n-1] or filters[n]
// filters[0] or filters[1] or ... or filters[n-1] or filters[n]
//
// If filters is zero-length or nil, all items will be returned.
Filters []string `protobuf:"bytes,1,rep,name=filters,proto3" json:"filters,omitempty"`

2
vendor/github.com/containerd/containerd/api/services/introspection/v1/introspection.proto generated vendored
View file

@ -89,7 +89,7 @@ message PluginsRequest {
// filters. Expanded, plugins that match the following will be
// returned:
//
// filters[0] or filters[1] or ... or filters[n-1] or filters[n]
// filters[0] or filters[1] or ... or filters[n-1] or filters[n]
//
// If filters is zero-length or nil, all items will be returned.
repeated string filters = 1;

2
vendor/github.com/containerd/containerd/api/services/snapshots/v1/snapshots.pb.go generated vendored
View file

@ -620,7 +620,7 @@ type ListSnapshotsRequest struct {
// filters. Expanded, images that match the following will be
// returned:
//
// filters[0] or filters[1] or ... or filters[n-1] or filters[n]
// filters[0] or filters[1] or ... or filters[n-1] or filters[n]
//
// If filters is zero-length or nil, all items will be returned.
Filters []string `protobuf:"bytes,2,rep,name=filters,proto3" json:"filters,omitempty"`

2
vendor/github.com/containerd/containerd/api/services/snapshots/v1/snapshots.proto generated vendored
View file

@ -158,7 +158,7 @@ message ListSnapshotsRequest{
// filters. Expanded, images that match the following will be
// returned:
//
// filters[0] or filters[1] or ... or filters[n-1] or filters[n]
// filters[0] or filters[1] or ... or filters[n-1] or filters[n]
//
// If filters is zero-length or nil, all items will be returned.
repeated string filters = 2;

4
vendor/github.com/containerd/containerd/archive/tar.go generated vendored
View file

@ -30,6 +30,7 @@ import (
"syscall"
"time"
"github.com/containerd/containerd/archive/tarheader"
"github.com/containerd/containerd/log"
"github.com/containerd/containerd/pkg/userns"
"github.com/containerd/continuity/fs"
@ -554,7 +555,8 @@ func (cw *ChangeWriter) HandleChange(k fs.ChangeKind, p string, f os.FileInfo, e
}
}
hdr, err := tar.FileInfoHeader(f, link)
// Use FileInfoHeaderNoLookups to avoid propagating user names and group names from the host
hdr, err := tarheader.FileInfoHeaderNoLookups(f, link)
if err != nil {
return err
}

3
vendor/github.com/containerd/containerd/archive/tar_unix.go generated vendored
View file

@ -62,8 +62,7 @@ func setHeaderForSpecialDevice(hdr *tar.Header, name string, fi os.FileInfo) err
return errors.New("unsupported stat type")
}
// Rdev is int32 on darwin/bsd, int64 on linux/solaris
rdev := uint64(s.Rdev) //nolint:unconvert
rdev := uint64(s.Rdev) //nolint:nolintlint,unconvert // rdev is int32 on darwin/bsd, int64 on linux/solaris
// Currently go does not fill in the major/minors
if s.Mode&syscall.S_IFBLK != 0 ||

82
vendor/github.com/containerd/containerd/archive/tarheader/tarheader.go generated vendored Normal file
View file

@ -0,0 +1,82 @@
/*
Copyright The containerd Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
/*
Portions from https://github.com/moby/moby/blob/v23.0.1/pkg/archive/archive.go#L419-L464
Copyright (C) Docker/Moby authors.
Licensed under the Apache License, Version 2.0
NOTICE: https://github.com/moby/moby/blob/v23.0.1/NOTICE
*/
package tarheader
import (
"archive/tar"
"os"
)
// nosysFileInfo hides the system-dependent info of the wrapped FileInfo to
// prevent tar.FileInfoHeader from introspecting it and potentially calling into
// glibc.
//
// From https://github.com/moby/moby/blob/v23.0.1/pkg/archive/archive.go#L419-L434 .
type nosysFileInfo struct {
os.FileInfo
}
func (fi nosysFileInfo) Sys() interface{} {
// A Sys value of type *tar.Header is safe as it is system-independent.
// The tar.FileInfoHeader function copies the fields into the returned
// header without performing any OS lookups.
if sys, ok := fi.FileInfo.Sys().(*tar.Header); ok {
return sys
}
return nil
}
// sysStat, if non-nil, populates hdr from system-dependent fields of fi.
//
// From https://github.com/moby/moby/blob/v23.0.1/pkg/archive/archive.go#L436-L437 .
var sysStat func(fi os.FileInfo, hdr *tar.Header) error
// FileInfoHeaderNoLookups creates a partially-populated tar.Header from fi.
//
// Compared to the archive/tar.FileInfoHeader function, this function is safe to
// call from a chrooted process as it does not populate fields which would
// require operating system lookups. It behaves identically to
// tar.FileInfoHeader when fi is a FileInfo value returned from
// tar.Header.FileInfo().
//
// When fi is a FileInfo for a native file, such as returned from os.Stat() and
// os.Lstat(), the returned Header value differs from one returned from
// tar.FileInfoHeader in the following ways. The Uname and Gname fields are not
// set as OS lookups would be required to populate them. The AccessTime and
// ChangeTime fields are not currently set (not yet implemented) although that
// is subject to change. Callers which require the AccessTime or ChangeTime
// fields to be zeroed should explicitly zero them out in the returned Header
// value to avoid any compatibility issues in the future.
//
// From https://github.com/moby/moby/blob/v23.0.1/pkg/archive/archive.go#L439-L464 .
func FileInfoHeaderNoLookups(fi os.FileInfo, link string) (*tar.Header, error) {
hdr, err := tar.FileInfoHeader(nosysFileInfo{fi}, link)
if err != nil {
return nil, err
}
if sysStat != nil {
return hdr, sysStat(fi, hdr)
}
return hdr, nil
}

59
vendor/github.com/containerd/containerd/archive/tarheader/tarheader_unix.go generated vendored Normal file
View file

@ -0,0 +1,59 @@
//go:build !windows
/*
Copyright The containerd Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
/*
Portions from https://github.com/moby/moby/blob/v23.0.1/pkg/archive/archive_unix.go#L52-L70
Copyright (C) Docker/Moby authors.
Licensed under the Apache License, Version 2.0
NOTICE: https://github.com/moby/moby/blob/v23.0.1/NOTICE
*/
package tarheader
import (
"archive/tar"
"os"
"syscall"
"golang.org/x/sys/unix"
)
func init() {
sysStat = statUnix
}
// statUnix populates hdr from system-dependent fields of fi without performing
// any OS lookups.
// From https://github.com/moby/moby/blob/v23.0.1/pkg/archive/archive_unix.go#L52-L70
func statUnix(fi os.FileInfo, hdr *tar.Header) error {
s, ok := fi.Sys().(*syscall.Stat_t)
if !ok {
return nil
}
hdr.Uid = int(s.Uid)
hdr.Gid = int(s.Gid)
if s.Mode&unix.S_IFBLK != 0 ||
s.Mode&unix.S_IFCHR != 0 {
hdr.Devmajor = int64(unix.Major(uint64(s.Rdev)))
hdr.Devminor = int64(unix.Minor(uint64(s.Rdev)))
}
return nil
}

1
vendor/github.com/containerd/containerd/container.go generated vendored
View file

@ -279,6 +279,7 @@ func (c *container) NewTask(ctx context.Context, ioCreate cio.Creator, opts ...N
})
}
}
request.RuntimePath = info.RuntimePath
if info.Options != nil {
any, err := typeurl.MarshalAny(info.Options)
if err != nil {

1
vendor/github.com/containerd/containerd/containerstore.go generated vendored
View file

@ -189,6 +189,7 @@ func containersFromProto(containerspb []containersapi.Container) []containers.Co
var containers []containers.Container
for _, container := range containerspb {
container := container
containers = append(containers, containerFromProto(&container))
}

3
vendor/github.com/containerd/containerd/content/local/store.go generated vendored
View file

@ -34,7 +34,7 @@ import (
"github.com/containerd/containerd/log"
"github.com/sirupsen/logrus"
digest "github.com/opencontainers/go-digest"
"github.com/opencontainers/go-digest"
ocispec "github.com/opencontainers/image-spec/specs-go/v1"
)
@ -505,6 +505,7 @@ func (s *store) resumeStatus(ref string, total int64, digester digest.Digester)
return status, fmt.Errorf("provided total differs from status: %v != %v", total, status.Total)
}
//nolint:dupword
// TODO(stevvooe): slow slow slow!!, send to goroutine or use resumable hashes
fp, err := os.Open(data)
if err != nil {

2
vendor/github.com/containerd/containerd/diff/walking/differ.go generated vendored
View file

@ -87,7 +87,7 @@ func (s *walkingDiff) Compare(ctx context.Context, lower, upper []mount.Mount, o
var ocidesc ocispec.Descriptor
if err := mount.WithTempMount(ctx, lower, func(lowerRoot string) error {
return mount.WithTempMount(ctx, upper, func(upperRoot string) error {
return mount.WithReadonlyTempMount(ctx, upper, func(upperRoot string) error {
var newReference bool
if config.Reference == "" {
newReference = true

1
vendor/github.com/containerd/containerd/image_store.go generated vendored
View file

@ -129,6 +129,7 @@ func imagesFromProto(imagespb []imagesapi.Image) []images.Image {
var images []images.Image
for _, image := range imagespb {
image := image
images = append(images, imageFromProto(&image))
}

40
vendor/github.com/containerd/containerd/images/archive/exporter.go generated vendored
View file

@ -176,7 +176,7 @@ func Export(ctx context.Context, store content.Provider, writer io.Writer, opts
}
name := desc.Annotations[images.AnnotationImageName]
if name != "" && !eo.skipDockerManifest {
if name != "" {
mt.names = append(mt.names, name)
}
case images.MediaTypeDockerSchema2ManifestList, ocispec.MediaTypeImageIndex:
@ -215,26 +215,24 @@ func Export(ctx context.Context, store content.Provider, writer io.Writer, opts
records = append(records, r...)
}
if !eo.skipDockerManifest {
if len(manifests) >= 1 {
if len(manifests) > 1 {
sort.SliceStable(manifests, func(i, j int) bool {
if manifests[i].Platform == nil {
return false
}
if manifests[j].Platform == nil {
return true
}
return eo.platform.Less(*manifests[i].Platform, *manifests[j].Platform)
})
}
d = manifests[0].Digest
dManifests[d] = &exportManifest{
manifest: manifests[0],
}
} else if eo.platform != nil {
return fmt.Errorf("no manifest found for platform: %w", errdefs.ErrNotFound)
if len(manifests) >= 1 {
if len(manifests) > 1 {
sort.SliceStable(manifests, func(i, j int) bool {
if manifests[i].Platform == nil {
return false
}
if manifests[j].Platform == nil {
return true
}
return eo.platform.Less(*manifests[i].Platform, *manifests[j].Platform)
})
}
d = manifests[0].Digest
dManifests[d] = &exportManifest{
manifest: manifests[0],
}
} else if eo.platform != nil {
return fmt.Errorf("no manifest found for platform: %w", errdefs.ErrNotFound)
}
resolvedIndex[desc.Digest] = d
}
@ -250,7 +248,7 @@ func Export(ctx context.Context, store content.Provider, writer io.Writer, opts
}
}
if len(dManifests) > 0 {
if !eo.skipDockerManifest && len(dManifests) > 0 {
tr, err := manifestsRecord(ctx, store, dManifests)
if err != nil {
return fmt.Errorf("unable to create manifests file: %w", err)

2
vendor/github.com/containerd/containerd/images/converter/default.go generated vendored
View file

@ -132,7 +132,7 @@ func copyDesc(desc ocispec.Descriptor) *ocispec.Descriptor {
return &descCopy
}
// convertLayer converts image image layers if c.layerConvertFunc is set.
// convertLayer converts image layers if c.layerConvertFunc is set.
//
// c.layerConvertFunc can be nil, e.g., for converting Docker media types to OCI ones.
func (c *defaultConverter) convertLayer(ctx context.Context, cs content.Store, desc ocispec.Descriptor) (*ocispec.Descriptor, error) {

1
vendor/github.com/containerd/containerd/metadata/boltutil/helpers.go generated vendored
View file

@ -162,6 +162,7 @@ func WriteExtensions(bkt *bolt.Bucket, extensions map[string]types.Any) error {
}
for name, ext := range extensions {
ext := ext
p, err := proto.Marshal(&ext)
if err != nil {
return err

47
vendor/github.com/containerd/containerd/mount/mount.go generated vendored
View file

@ -16,6 +16,10 @@
package mount
import (
"strings"
)
// Mount is the lingua franca of containerd. A mount represents a
// serialized mount syscall. Components either emit or consume mounts.
type Mount struct {
@ -38,3 +42,46 @@ func All(mounts []Mount, target string) error {
}
return nil
}
// readonlyMounts modifies the received mount options
// to make them readonly
func readonlyMounts(mounts []Mount) []Mount {
for i, m := range mounts {
if m.Type == "overlay" {
mounts[i].Options = readonlyOverlay(m.Options)
continue
}
opts := make([]string, 0, len(m.Options))
for _, opt := range m.Options {
if opt != "rw" && opt != "ro" { // skip `ro` too so we don't append it twice
opts = append(opts, opt)
}
}
opts = append(opts, "ro")
mounts[i].Options = opts
}
return mounts
}
// readonlyOverlay takes mount options for overlay mounts and makes them readonly by
// removing workdir and upperdir (and appending the upperdir layer to lowerdir) - see:
// https://www.kernel.org/doc/html/latest/filesystems/overlayfs.html#multiple-lower-layers
func readonlyOverlay(opt []string) []string {
out := make([]string, 0, len(opt))
upper := ""
for _, o := range opt {
if strings.HasPrefix(o, "upperdir=") {
upper = strings.TrimPrefix(o, "upperdir=")
} else if !strings.HasPrefix(o, "workdir=") {
out = append(out, o)
}
}
if upper != "" {
for i, o := range out {
if strings.HasPrefix(o, "lowerdir=") {
out[i] = "lowerdir=" + upper + ":" + strings.TrimPrefix(o, "lowerdir=")
}
}
}
return out
}

7
vendor/github.com/containerd/containerd/mount/temp.go generated vendored
View file

@ -67,6 +67,13 @@ func WithTempMount(ctx context.Context, mounts []Mount, f func(root string) erro
return nil
}
// WithReadonlyTempMount mounts the provided mounts to a temp dir as readonly,
// and pass the temp dir to f. The mounts are valid during the call to the f.
// Finally we will unmount and remove the temp dir regardless of the result of f.
func WithReadonlyTempMount(ctx context.Context, mounts []Mount, f func(root string) error) (err error) {
return WithTempMount(ctx, readonlyMounts(mounts), f)
}
func getTempDir() string {
if xdg := os.Getenv("XDG_RUNTIME_DIR"); xdg != "" {
return xdg

113
vendor/github.com/containerd/containerd/oci/spec_opts.go generated vendored
View file

@ -76,7 +76,6 @@ func setLinux(s *Spec) {
}
}
// nolint
func setResources(s *Spec) {
if s.Linux != nil {
if s.Linux.Resources == nil {
@ -90,7 +89,7 @@ func setResources(s *Spec) {
}
}
// nolint
//nolint:nolintlint,unused // not used on all platforms
func setCPU(s *Spec) {
setResources(s)
if s.Linux != nil {
@ -229,6 +228,7 @@ func WithProcessArgs(args ...string) SpecOpts {
return func(_ context.Context, _ Client, _ *containers.Container, s *Spec) error {
setProcess(s)
s.Process.Args = args
s.Process.CommandLine = ""
return nil
}
}
@ -358,17 +358,19 @@ func WithImageConfigArgs(image Image, args []string) SpecOpts {
return err
}
var (
ociimage v1.Image
config v1.ImageConfig
imageConfigBytes []byte
ociimage v1.Image
config v1.ImageConfig
)
switch ic.MediaType {
case v1.MediaTypeImageConfig, images.MediaTypeDockerSchema2Config:
p, err := content.ReadBlob(ctx, image.ContentStore(), ic)
var err error
imageConfigBytes, err = content.ReadBlob(ctx, image.ContentStore(), ic)
if err != nil {
return err
}
if err := json.Unmarshal(p, &ociimage); err != nil {
if err := json.Unmarshal(imageConfigBytes, &ociimage); err != nil {
return err
}
config = ociimage.Config
@ -405,11 +407,55 @@ func WithImageConfigArgs(image Image, args []string) SpecOpts {
return WithAdditionalGIDs("root")(ctx, client, c, s)
} else if s.Windows != nil {
s.Process.Env = replaceOrAppendEnvValues(config.Env, s.Process.Env)
// To support Docker ArgsEscaped on Windows we need to combine the
// image Entrypoint & (Cmd Or User Args) while taking into account
// if Docker has already escaped them in the image config. When
// Docker sets `ArgsEscaped==true` in the config it has pre-escaped
// either Entrypoint or Cmd or both. Cmd should always be treated as
// arguments appended to Entrypoint unless:
//
// 1. Entrypoint does not exist, in which case Cmd[0] is the
// executable.
//
// 2. The user overrides the Cmd with User Args when activating the
// container in which case those args should be appended to the
// Entrypoint if it exists.
//
// To effectively do this we need to know if the arguments came from
// the user or if the arguments came from the image config when
// ArgsEscaped==true. In this case we only want to escape the
// additional user args when forming the complete CommandLine. This
// is safe in both cases of Entrypoint or Cmd being set because
// Docker will always escape them to an array of length one. Thus in
// both cases it is the "executable" portion of the command.
//
// In the case ArgsEscaped==false, Entrypoint or Cmd will contain
// any number of entries that are all unescaped and can simply be
// combined (potentially overwriting Cmd with User Args if present)
// and forwarded the container start as an Args array.
cmd := config.Cmd
cmdFromImage := true
if len(args) > 0 {
cmd = args
cmdFromImage = false
}
cmd = append(config.Entrypoint, cmd...)
if len(cmd) == 0 {
return errors.New("no arguments specified")
}
if config.ArgsEscaped && (len(config.Entrypoint) > 0 || cmdFromImage) {
s.Process.Args = nil
s.Process.CommandLine = cmd[0]
if len(cmd) > 1 {
s.Process.CommandLine += " " + escapeAndCombineArgs(cmd[1:])
}
} else {
s.Process.Args = cmd
s.Process.CommandLine = ""
}
s.Process.Args = append(config.Entrypoint, cmd...)
s.Process.Cwd = config.WorkingDir
s.Process.User = specs.User{
@ -617,8 +663,11 @@ func WithUser(userstr string) SpecOpts {
return err
}
mounts = tryReadonlyMounts(mounts)
return mount.WithTempMount(ctx, mounts, f)
// Use a read-only mount when trying to get user/group information
// from the container's rootfs. Since the option does read operation
// only, we append ReadOnly mount option to prevent the Linux kernel
// from syncing whole filesystem in umount syscall.
return mount.WithReadonlyTempMount(ctx, mounts, f)
default:
return fmt.Errorf("invalid USER value %s", userstr)
}
@ -678,8 +727,11 @@ func WithUserID(uid uint32) SpecOpts {
return err
}
mounts = tryReadonlyMounts(mounts)
return mount.WithTempMount(ctx, mounts, setUser)
// Use a read-only mount when trying to get user/group information
// from the container's rootfs. Since the option does read operation
// only, we append ReadOnly mount option to prevent the Linux kernel
// from syncing whole filesystem in umount syscall.
return mount.WithReadonlyTempMount(ctx, mounts, setUser)
}
}
@ -723,8 +775,11 @@ func WithUsername(username string) SpecOpts {
return err
}
mounts = tryReadonlyMounts(mounts)
return mount.WithTempMount(ctx, mounts, setUser)
// Use a read-only mount when trying to get user/group information
// from the container's rootfs. Since the option does read operation
// only, we append ReadOnly mount option to prevent the Linux kernel
// from syncing whole filesystem in umount syscall.
return mount.WithReadonlyTempMount(ctx, mounts, setUser)
} else if s.Windows != nil {
s.Process.User.Username = username
} else {
@ -802,8 +857,11 @@ func WithAdditionalGIDs(userstr string) SpecOpts {
return err
}
mounts = tryReadonlyMounts(mounts)
return mount.WithTempMount(ctx, mounts, setAdditionalGids)
// Use a read-only mount when trying to get user/group information
// from the container's rootfs. Since the option does read operation
// only, we append ReadOnly mount option to prevent the Linux kernel
// from syncing whole filesystem in umount syscall.
return mount.WithReadonlyTempMount(ctx, mounts, setAdditionalGids)
}
}
@ -864,8 +922,11 @@ func WithAppendAdditionalGroups(groups ...string) SpecOpts {
return err
}
mounts = tryReadonlyMounts(mounts)
return mount.WithTempMount(ctx, mounts, setAdditionalGids)
// Use a read-only mount when trying to get user/group information
// from the container's rootfs. Since the option does read operation
// only, we append ReadOnly mount option to prevent the Linux kernel
// from syncing whole filesystem in umount syscall.
return mount.WithReadonlyTempMount(ctx, mounts, setAdditionalGids)
}
}
@ -1343,21 +1404,3 @@ func WithDevShmSize(kb int64) SpecOpts {
return ErrNoShmMount
}
}
// tryReadonlyMounts is used by the options which are trying to get user/group
// information from container's rootfs. Since the option does read operation
// only, this helper will append ReadOnly mount option to prevent linux kernel
// from syncing whole filesystem in umount syscall.
//
// TODO(fuweid):
//
// Currently, it only works for overlayfs. I think we can apply it to other
// kinds of filesystem. Maybe we can return `ro` option by `snapshotter.Mount`
// API, when the caller passes that experimental annotation
// `containerd.io/snapshot/readonly.mount` something like that.
func tryReadonlyMounts(mounts []mount.Mount) []mount.Mount {
if len(mounts) == 1 && mounts[0].Type == "overlay" {
mounts[0].Options = append(mounts[0].Options, "ro")
}
return mounts
}

6
vendor/github.com/containerd/containerd/oci/spec_opts_linux.go generated vendored
View file

@ -131,7 +131,7 @@ var WithAllCurrentCapabilities = func(ctx context.Context, client Client, c *con
return WithCapabilities(caps)(ctx, client, c, s)
}
// WithAllKnownCapabilities sets all the the known linux capabilities for the container process
// WithAllKnownCapabilities sets all the known linux capabilities for the container process
var WithAllKnownCapabilities = func(ctx context.Context, client Client, c *containers.Container, s *Spec) error {
caps := cap.Known()
return WithCapabilities(caps)(ctx, client, c, s)
@ -153,3 +153,7 @@ func WithRdt(closID, l3CacheSchema, memBwSchema string) SpecOpts {
return nil
}
}
func escapeAndCombineArgs(args []string) string {
panic("not supported")
}

8
vendor/github.com/containerd/containerd/oci/spec_opts_nonlinux.go generated vendored
View file

@ -28,22 +28,16 @@ import (
// WithAllCurrentCapabilities propagates the effective capabilities of the caller process to the container process.
// The capability set may differ from WithAllKnownCapabilities when running in a container.
//
//nolint:deadcode,unused
var WithAllCurrentCapabilities = func(ctx context.Context, client Client, c *containers.Container, s *Spec) error {
return WithCapabilities(nil)(ctx, client, c, s)
}
// WithAllKnownCapabilities sets all the the known linux capabilities for the container process
//
//nolint:deadcode,unused
// WithAllKnownCapabilities sets all the known linux capabilities for the container process
var WithAllKnownCapabilities = func(ctx context.Context, client Client, c *containers.Container, s *Spec) error {
return WithCapabilities(nil)(ctx, client, c, s)
}
// WithCPUShares sets the container's cpu shares
//
//nolint:deadcode,unused
func WithCPUShares(shares uint64) SpecOpts {
return func(ctx context.Context, _ Client, c *containers.Container, s *Spec) error {
return nil

4
vendor/github.com/containerd/containerd/oci/spec_opts_unix.go generated vendored
View file

@ -57,3 +57,7 @@ func WithCPUCFS(quota int64, period uint64) SpecOpts {
return nil
}
}
func escapeAndCombineArgs(args []string) string {
panic("not supported")
}

21
vendor/github.com/containerd/containerd/oci/spec_opts_windows.go generated vendored
View file

@ -19,9 +19,12 @@ package oci
import (
"context"
"errors"
"strings"
"github.com/containerd/containerd/containers"
specs "github.com/opencontainers/runtime-spec/specs-go"
"golang.org/x/sys/windows"
)
// WithWindowsCPUCount sets the `Windows.Resources.CPU.Count` section to the
@ -65,6 +68,16 @@ func WithWindowNetworksAllowUnqualifiedDNSQuery() SpecOpts {
}
}
// WithProcessCommandLine replaces the command line on the generated spec
func WithProcessCommandLine(cmdLine string) SpecOpts {
return func(_ context.Context, _ Client, _ *containers.Container, s *Spec) error {
setProcess(s)
s.Process.Args = nil
s.Process.CommandLine = cmdLine
return nil
}
}
// WithHostDevices adds all the hosts device nodes to the container's spec
//
// Not supported on windows
@ -89,3 +102,11 @@ func WithWindowsNetworkNamespace(ns string) SpecOpts {
return nil
}
}
func escapeAndCombineArgs(args []string) string {
escaped := make([]string, len(args))
for i, a := range args {
escaped[i] = windows.EscapeArg(a)
}
return strings.Join(escaped, " ")
}

4
vendor/github.com/containerd/containerd/oci/utils_unix.go generated vendored
View file

@ -127,7 +127,7 @@ func getDevices(path, containerPath string) ([]specs.LinuxDevice, error) {
// TODO consider adding these consts to the OCI runtime-spec.
const (
wildcardDevice = "a" //nolint // currently unused, but should be included when upstreaming to OCI runtime-spec.
wildcardDevice = "a" //nolint:nolintlint,unused,varcheck // currently unused, but should be included when upstreaming to OCI runtime-spec.
blockDevice = "b"
charDevice = "c" // or "u"
fifoDevice = "p"
@ -148,7 +148,7 @@ func DeviceFromPath(path string) (*specs.LinuxDevice, error) {
}
var (
devNumber = uint64(stat.Rdev) //nolint: unconvert // the type is 32bit on mips.
devNumber = uint64(stat.Rdev) //nolint:nolintlint,unconvert // the type is 32bit on mips.
major = unix.Major(devNumber)
minor = unix.Minor(devNumber)
)

2
vendor/github.com/containerd/containerd/reference/docker/reference.go generated vendored
View file

@ -683,7 +683,7 @@ func splitDockerDomain(name string) (domain, remainder string) {
}
// familiarizeName returns a shortened version of the name familiar
// to to the Docker UI. Familiar names have the default domain
// to the Docker UI. Familiar names have the default domain
// "docker.io" and "library/" repository prefix removed.
// For example, "docker.io/library/redis" will have the familiar
// name "redis" and "docker.io/dmcgowan/myapp" will be "dmcgowan/myapp".

18
vendor/github.com/containerd/containerd/runtime/v2/shim/shim.go generated vendored
View file

@ -52,6 +52,7 @@ type StartOpts struct {
ContainerdBinary string
Address string
TTRPCAddress string
Debug bool
}
type StopStatus struct {
@ -175,7 +176,7 @@ func setLogger(ctx context.Context, id string) (context.Context, error) {
l.Logger.SetLevel(logrus.DebugLevel)
}
f, err := openLog(ctx, id)
if err != nil { //nolint:staticcheck // Ignore SA4023 as some platforms always return error
if err != nil { //nolint:nolintlint,staticcheck // Ignore SA4023 as some platforms always return error
return ctx, err
}
l.Logger.SetOutput(f)
@ -261,12 +262,12 @@ func run(ctx context.Context, manager Manager, initFunc Init, name string, confi
setRuntime()
signals, err := setupSignals(config)
if err != nil { //nolint:staticcheck // Ignore SA4023 as some platforms always return error
if err != nil { //nolint:nolintlint,staticcheck // Ignore SA4023 as some platforms always return error
return err
}
if !config.NoSubreaper {
if err := subreaper(); err != nil { //nolint:staticcheck // Ignore SA4023 as some platforms always return error
if err := subreaper(); err != nil { //nolint:nolintlint,staticcheck // Ignore SA4023 as some platforms always return error
return err
}
}
@ -333,6 +334,7 @@ func run(ctx context.Context, manager Manager, initFunc Init, name string, confi
ContainerdBinary: containerdBinaryFlag,
Address: addressFlag,
TTRPCAddress: ttrpcAddress,
Debug: debugFlag,
}
address, err := manager.Start(ctx, id, opts)
@ -395,14 +397,14 @@ func run(ctx context.Context, manager Manager, initFunc Init, name string, confi
initContext.TTRPCAddress = ttrpcAddress
// load the plugin specific configuration if it is provided
//TODO: Read configuration passed into shim, or from state directory?
//if p.Config != nil {
// TODO: Read configuration passed into shim, or from state directory?
// if p.Config != nil {
// pc, err := config.Decode(p)
// if err != nil {
// return nil, err
// }
// initContext.Config = pc
//}
// }
result := p.Init(initContext)
if err := initialized.Add(result); err != nil {
@ -445,7 +447,7 @@ func run(ctx context.Context, manager Manager, initFunc Init, name string, confi
}
}
if err := serve(ctx, server, signals, sd.Shutdown); err != nil { //nolint:staticcheck // Ignore SA4023 as some platforms always return error
if err := serve(ctx, server, signals, sd.Shutdown); err != nil { //nolint:nolintlint,staticcheck // Ignore SA4023 as some platforms always return error
if err != shutdown.ErrShutdown {
return err
}
@ -477,7 +479,7 @@ func serve(ctx context.Context, server *ttrpc.Server, signals chan os.Signal, sh
}
l, err := serveListener(socketFlag)
if err != nil { //nolint:staticcheck // Ignore SA4023 as some platforms always return error
if err != nil { //nolint:nolintlint,staticcheck // Ignore SA4023 as some platforms always return error
return err
}
go func() {

5
vendor/github.com/containerd/containerd/task.go generated vendored
View file

@ -139,6 +139,11 @@ type TaskInfo struct {
RootFS []mount.Mount
// Options hold runtime specific settings for task creation
Options interface{}
// RuntimePath is an absolute path that can be used to overwrite path
// to a shim runtime binary.
RuntimePath string
// runtime is the runtime name for the container, and cannot be changed.
runtime string
}

2
vendor/github.com/containerd/containerd/task_opts.go generated vendored
View file

@ -49,7 +49,7 @@ func WithRootFS(mounts []mount.Mount) NewTaskOpts {
// instead of resolving it from runtime name.
func WithRuntimePath(absRuntimePath string) NewTaskOpts {
return func(ctx context.Context, client *Client, info *TaskInfo) error {
info.runtime = absRuntimePath
info.RuntimePath = absRuntimePath
return nil
}
}

2
vendor/github.com/containerd/containerd/version/version.go generated vendored
View file

@ -23,7 +23,7 @@ var (
Package = "github.com/containerd/containerd"
// Version holds the complete version number. Filled in at linking time.
Version = "1.6.19+unknown"
Version = "1.6.21+unknown"
// Revision is filled with the VCS (e.g. git) revision being used to build
// the program at linking time.

7
vendor/github.com/containerd/ttrpc/server.go generated vendored
View file

@ -24,6 +24,7 @@ import (
"net"
"sync"
"sync/atomic"
"syscall"
"time"
"github.com/sirupsen/logrus"
@ -467,14 +468,12 @@ func (c *serverConn) run(sctx context.Context) {
// branch. Basically, it means that we are no longer receiving
// requests due to a terminal error.
recvErr = nil // connection is now "closing"
if err == io.EOF || err == io.ErrUnexpectedEOF {
if err == io.EOF || err == io.ErrUnexpectedEOF || errors.Is(err, syscall.ECONNRESET) {
// The client went away and we should stop processing
// requests, so that the client connection is closed
return
}
if err != nil {
logrus.WithError(err).Error("error receiving message")
}
logrus.WithError(err).Error("error receiving message")
case <-shutdown:
return
}

9
vendor/github.com/opencontainers/image-spec/specs-go/v1/annotations.go generated vendored
View file

@ -59,4 +59,13 @@ const (
// AnnotationBaseImageName is the annotation key for the image reference of the image's base image.
AnnotationBaseImageName = "org.opencontainers.image.base.name"
// AnnotationArtifactCreated is the annotation key for the date and time on which the artifact was built, conforming to RFC 3339.
AnnotationArtifactCreated = "org.opencontainers.artifact.created"
// AnnotationArtifactDescription is the annotation key for the human readable description for the artifact.
AnnotationArtifactDescription = "org.opencontainers.artifact.description"
// AnnotationReferrersFiltersApplied is the annotation key for the comma separated list of filters applied by the registry in the referrers listing.
AnnotationReferrersFiltersApplied = "org.opencontainers.referrers.filtersApplied"
)

34
vendor/github.com/opencontainers/image-spec/specs-go/v1/artifact.go generated vendored Normal file
View file

@ -0,0 +1,34 @@
// Copyright 2022 The Linux Foundation
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package v1
// Artifact describes an artifact manifest.
// This structure provides `application/vnd.oci.artifact.manifest.v1+json` mediatype when marshalled to JSON.
type Artifact struct {
// MediaType is the media type of the object this schema refers to.
MediaType string `json:"mediaType"`
// ArtifactType is the IANA media type of the artifact this schema refers to.
ArtifactType string `json:"artifactType"`
// Blobs is a collection of blobs referenced by this manifest.
Blobs []Descriptor `json:"blobs,omitempty"`
// Subject (reference) is an optional link from the artifact to another manifest forming an association between the artifact and the other manifest.
Subject *Descriptor `json:"subject,omitempty"`
// Annotations contains arbitrary metadata for the artifact manifest.
Annotations map[string]string `json:"annotations,omitempty"`
}

9
vendor/github.com/opencontainers/image-spec/specs-go/v1/config.go generated vendored
View file

@ -48,6 +48,15 @@ type ImageConfig struct {
// StopSignal contains the system call signal that will be sent to the container to exit.
StopSignal string `json:"StopSignal,omitempty"`
// ArgsEscaped `[Deprecated]` - This field is present only for legacy
// compatibility with Docker and should not be used by new image builders.
// It is used by Docker for Windows images to indicate that the `Entrypoint`
// or `Cmd` or both, contains only a single element array, that is a
// pre-escaped, and combined into a single string `CommandLine`. If `true`
// the value in `Entrypoint` or `Cmd` should be used as-is to avoid double
// escaping.
ArgsEscaped bool `json:"ArgsEscaped,omitempty"`
}
// RootFS describes a layer content addresses

5
vendor/github.com/opencontainers/image-spec/specs-go/v1/descriptor.go generated vendored
View file

@ -1,4 +1,4 @@
// Copyright 2016 The Linux Foundation
// Copyright 2016-2022 The Linux Foundation
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@ -44,6 +44,9 @@ type Descriptor struct {
//
// This should only be used when referring to a manifest.
Platform *Platform `json:"platform,omitempty"`
// ArtifactType is the IANA media type of this artifact.
ArtifactType string `json:"artifactType,omitempty"`
}
// Platform describes the platform which the image in the manifest runs on.

5
vendor/github.com/opencontainers/image-spec/specs-go/v1/manifest.go generated vendored
View file

@ -1,4 +1,4 @@
// Copyright 2016 The Linux Foundation
// Copyright 2016-2022 The Linux Foundation
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
@ -30,6 +30,9 @@ type Manifest struct {
// Layers is an indexed list of layers referenced by the manifest.
Layers []Descriptor `json:"layers"`
// Subject is an optional link from the image manifest to another manifest forming an association between the image manifest and the other manifest.
Subject *Descriptor `json:"subject,omitempty"`
// Annotations contains arbitrary metadata for the image manifest.
Annotations map[string]string `json:"annotations,omitempty"`
}

3
vendor/github.com/opencontainers/image-spec/specs-go/v1/mediatype.go generated vendored
View file

@ -54,4 +54,7 @@ const (
// MediaTypeImageConfig specifies the media type for the image configuration.
MediaTypeImageConfig = "application/vnd.oci.image.config.v1+json"
// MediaTypeArtifactManifest specifies the media type for a content descriptor.
MediaTypeArtifactManifest = "application/vnd.oci.artifact.manifest.v1+json"
)

4
vendor/github.com/opencontainers/image-spec/specs-go/version.go generated vendored
View file

@ -20,9 +20,9 @@ const (
// VersionMajor is for an API incompatible changes
VersionMajor = 1
// VersionMinor is for functionality in a backwards-compatible manner
VersionMinor = 0
VersionMinor = 1
// VersionPatch is for backwards-compatible bug fixes
VersionPatch = 2
VersionPatch = 0
// VersionDev indicates development branch. Releases will be empty string.
VersionDev = "-dev"

11
vendor/modules.txt vendored
View file

@ -30,7 +30,7 @@ github.com/Microsoft/go-winio/pkg/fs
github.com/Microsoft/go-winio/pkg/guid
github.com/Microsoft/go-winio/pkg/security
github.com/Microsoft/go-winio/vhd
# github.com/Microsoft/hcsshim v0.9.7
# github.com/Microsoft/hcsshim v0.9.8
## explicit; go 1.13
github.com/Microsoft/hcsshim
github.com/Microsoft/hcsshim/cmd/containerd-shim-runhcs-v1/options
@ -160,7 +160,7 @@ github.com/containerd/cgroups/v2/stats
# github.com/containerd/console v1.0.3
## explicit; go 1.13
github.com/containerd/console
# github.com/containerd/containerd v1.6.19
# github.com/containerd/containerd v1.6.21
## explicit; go 1.17
github.com/containerd/containerd
github.com/containerd/containerd/api/events
@ -180,6 +180,7 @@ github.com/containerd/containerd/api/types
github.com/containerd/containerd/api/types/task
github.com/containerd/containerd/archive
github.com/containerd/containerd/archive/compression
github.com/containerd/containerd/archive/tarheader
github.com/containerd/containerd/cio
github.com/containerd/containerd/containers
github.com/containerd/containerd/content
@ -257,7 +258,7 @@ github.com/containerd/go-runc
## explicit; go 1.16
github.com/containerd/stargz-snapshotter/estargz
github.com/containerd/stargz-snapshotter/estargz/errorutil
# github.com/containerd/ttrpc v1.1.0
# github.com/containerd/ttrpc v1.1.1
## explicit; go 1.13
github.com/containerd/ttrpc
# github.com/containerd/typeurl v1.0.2
@ -706,8 +707,8 @@ github.com/morikuni/aec
## explicit; go 1.13
github.com/opencontainers/go-digest
github.com/opencontainers/go-digest/digestset
# github.com/opencontainers/image-spec v1.0.3-0.20220303224323-02efb9a75ee1
## explicit; go 1.16
# github.com/opencontainers/image-spec v1.1.0-rc2.0.20221005185240-3a7f492d3f1b
## explicit; go 1.17
github.com/opencontainers/image-spec/identity
github.com/opencontainers/image-spec/specs-go
github.com/opencontainers/image-spec/specs-go/v1