Commit graph

43647 commits

Author SHA1 Message Date
Cory Snider
00ba5bdb98 Unpin grpc, protobuf dependencies
...in preparation for upgrading containerd.

Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-03-10 17:48:10 -05:00
Cory Snider
06c797f517 vendor: github.com/docker/swarmkit 616e8db4c3b0
Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-03-10 17:48:09 -05:00
Akihiro Suda
38805f20f9
Merge pull request #43352 from thaJeztah/bump_distribution
vendor: github.com/docker/distribution v2.8.1
2022-03-10 12:28:29 +09:00
Sebastiaan van Stijn
b92af14a1c
vendor: github.com/docker/distribution v2.8.1
no changes to code we use, but the v2.8.0 module was borked

full diff: https://github.com/docker/distribution/compare/v2.8.0...v2.8.1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-09 20:27:02 +01:00
Sebastiaan van Stijn
83b51522df
Merge pull request #43339 from thaJeztah/api_improve_mountpoint_doc
api:  document MountPoint fields (swagger, godoc and docs)
2022-03-09 18:26:31 +01:00
Sebastiaan van Stijn
8539d06209
Merge pull request #43347 from corhere/42452-sysinfo-remove-libcontainer
pkg/sysinfo: remove libcontainer dependency
2022-03-09 18:25:00 +01:00
Sebastiaan van Stijn
f8d0102e33
Merge pull request #43335 from thaJeztah/remove_deprecated_pkg
Remove deprecated packages: pkg/mount, pkg/term, pkg/locker, pkg/symlink
2022-03-08 23:57:12 +01:00
Sebastiaan van Stijn
14cb9d22df
api/types: add godoc on MountPoint
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-08 23:52:41 +01:00
Sebastiaan van Stijn
0a438f2612
api: docs: document MountPoint fields (v1.25-v1.41)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-08 23:52:11 +01:00
Sebastiaan van Stijn
69ba3713d5
api: swagger: document MountPoint fields
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-08 23:51:37 +01:00
Tianon Gravi
1d7e4111d6
Merge pull request #43301 from thaJeztah/remove_deprecated_RootFS_BaseLayer
api: remove deprecated RootFS.BaseLayer from type and docs
2022-03-08 12:25:32 -08:00
Sebastiaan van Stijn
2c7c092e27
Merge pull request #41675 from thaJeztah/remove_containerd_plugin_config
daemon: remove v1 shim configuration for containerd
2022-03-08 13:09:00 +01:00
Cory Snider
b0b71dbe1c pkg/sysinfo: remove libcontainer dependency
Reimplement GetCgroupMounts using the github.com/containerd/cgroups and
github.com/moby/sys/mountinfo packages.

Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-03-07 18:09:09 -05:00
Sebastiaan van Stijn
327699c313
Merge pull request #43136 from jaen/zfs-driver-fix
Add locking to the ZFS driver
2022-03-07 19:52:56 +01:00
Sebastiaan van Stijn
2c97295ad8
daemon: remove v1 shim configuration for containerd
This removes the plugin section from the containerd configuration file
(`/var/run/docker/containerd/containerd.toml`) that is generated when
starting containerd as child process;

```toml
[plugins]
  [plugins.linux]
    shim = "containerd-shim"
    runtime = "runc"
    runtime_root = "/var/lib/docker/runc"
    no_shim = false
    shim_debug = true
```

This configuration doesn't appear to be used since commit:
0b14c2b67a, which switched the default runtime
to to io.containerd.runc.v2.

Note that containerd itself uses `containerd-shim` and `runc` as default
for `shim` and `runtime` v1, so omitting that configuration doesn't seem
to make a difference.

I'm slightly confused if any of the other options in this configuration were
actually used: for example, even though `runtime_root` was configured to be
`/var/lib/docker/runc`, when starting a container with that coniguration set
on docker 19.03, `/var/lib/docker/runc` doesn't appear to exist:

```console
$ docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS               NAMES
098baa4cb0e7        nginx:alpine        "/docker-entrypoint.…"   59 minutes ago      Up 59 minutes       80/tcp              foo

$ ls /var/lib/docker/runc
ls: /var/lib/docker/runc: No such file or directory

$ ps auxf
PID   USER     TIME  COMMAND
    1 root      0:00 sh
   16 root      0:11 dockerd --debug
   26 root      0:09 containerd --config /var/run/docker/containerd/containerd.toml --log-level debug
  234 root      0:00 containerd-shim -namespace moby -workdir /var/lib/docker/containerd/daemon/io.containerd.runtime.v1.linux/moby/09
  251 root      0:00 nginx: master process nginx -g daemon off;
  304 101       0:00 nginx: worker process
...

```

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-07 19:31:24 +01:00
Sebastiaan van Stijn
011e1c71ff
Merge pull request #43131 from thaJeztah/move_cpu_realtime_checks
daemon: move check for CPU-realtime daemon options
2022-03-07 19:27:12 +01:00
Sebastiaan van Stijn
eb9e42a09e
Merge pull request #42129 from michaelweidmann/42120_correct-swagger-spec
Correct type of Mounts in ContainerSummary
2022-03-06 21:34:20 +01:00
Sebastiaan van Stijn
c04dff7623
Correct type of Mounts in ContainerSummary in docs (v1.25-v1.40)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-06 18:31:28 +01:00
Michael Weidmann
16e3ca35eb
Correct type of Mounts in ContainerSummary in docs
Signed-off-by: Michael Weidmann <michaelweidmann@web.de>
2022-03-06 18:14:14 +01:00
Michael Weidmann
ed843fe42f
Correct type of Mounts in ContainerSummary
Changed the type of ContainerSummary.Mounts from Mount to MountPoint in the Swagger Spec.
Signed-off-by: Michael Weidmann <michaelweidmann@web.de>
2022-03-06 18:13:32 +01:00
Sebastiaan van Stijn
a7e27dd1a8
Merge pull request #41508 from thaJeztah/header_handling
client: use canonical names for HTTP Headers
2022-03-06 16:59:22 +01:00
Sebastiaan van Stijn
948c2c45bb
client: use canonical names for HTTP Headers
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-06 10:49:02 +01:00
Tomek Mańko
a34fe9b422 Add locking to the ZFS driver
Trying to build Docker images with buildkit using a ZFS-backed storage
was unreliable due to apparent race condition between adding and
removing layers to the storage (see: https://github.com/moby/buildkit/issues/1758).
The issue describes a similar problem with the BTRFS driver that was
resolved by adding additional locking based on the scheme used in the
OverlayFS driver. This commit replicates the scheme to the ZFS driver
which makes the problem as reported in the issue stop happening.

Signed-off-by: Tomasz Mańko <hi@jaen.me>
2022-03-06 09:45:02 +01:00
Sebastiaan van Stijn
b94a319fdf
remove deprecated builder/dockerignore
This package was deprecated in de56a90929, which
was part of the 20.10 release, so consumers of this package should've been
able to migrate to the new location.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-06 00:49:59 +01:00
Sebastiaan van Stijn
d89bfac728
remove deprecated pkg/symlink
This package was deprecated in dc3c382b34, which
was part of the 20.10 release, so consumers of this package should've been
able to migrate to the new location.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-06 00:24:22 +01:00
Sebastiaan van Stijn
7449ca078b
remove deprecated pkg/locker
This package was deprecated in 5ca758199d, which
was part of the 20.10 release, so consumers of this package should've been
able to migrate to the new location.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-06 00:20:46 +01:00
Sebastiaan van Stijn
4a6dc85e40
remove deprecated pkg/term, pkg/term/windows
This package was deprecated in 41d4112e89, which
was part of the 20.10 release, so consumers of this package should've been
able to migrate to the new location.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-06 00:18:46 +01:00
Sebastiaan van Stijn
97a235196e
remove deprecated pkg/mount
This package was deprecated in 99beb2ca02, which
was part of the 20.10 release, so consumers of this package should've been
able to migrate to the new location.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-06 00:13:05 +01:00
Sebastiaan van Stijn
85f1bfc6f7
Merge pull request #43255 from thaJeztah/imageservice_nologs
daemon/images: ImageService.Cleanup(): return error instead of logging
2022-03-05 21:23:38 +01:00
Sebastiaan van Stijn
367cd41937
Merge pull request #43302 from thaJeztah/layer_remove_getwithoutlock
layers: remove layerStore.getWithoutLock()
2022-03-05 21:18:26 +01:00
Sebastiaan van Stijn
18e20d3f37
Merge pull request #43291 from pete-woods/retry-image-schema-download
distribution: retry downloading schema config on retryable error
2022-03-05 21:11:44 +01:00
Pete Woods
9f3b1a9664
distribution: retry downloading schema config on retryable error
fixes #43267

Signed-off-by: Pete Woods <pete.woods@circleci.com>
2022-03-05 19:36:48 +01:00
Sebastiaan van Stijn
8e9c8ff7f2
api: docs: remove deprecated RootFS.BaseLayer (API v1.25-v1.41)
This field was used when Windows did not yet support regular images, and required
the base-image to pre-exist on the Windows machine (as those layers were not yet
allowed to be distributed).

Commit f342b27145 (docker 1.13.0, API v1.25) removed
usage of the field. The field was not documented in the API, but because it was not
removed from the Golang structs in the API, ended up in the API documentation when
we switched to using Swagger instead of plain MarkDown for the API docs.

Given that the field was never set in any of these API versions, and had an "omitempty",
it was never actually returned in a response, so should be fine to remove from these
API docs.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-05 17:59:44 +01:00
Sebastiaan van Stijn
fd1f34cacd
api: docs: remove deprecated RootFS.BaseLayer (current API version)
This field was used when Windows did not yet support regular images, and required
the base-image to pre-exist on the Windows machine (as those layers were not yet
allowed to be distributed).

Commit f342b27145 (docker 1.13.0, API v1.25) removed
usage of the field. The field was not documented in the API, but because it was not
removed from the Golang structs in the API, ended up in the API documentation when
we switched to using Swagger instead of plain MarkDown for the API docs.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-05 17:59:42 +01:00
Sebastiaan van Stijn
25c896fcc2
api: remove unused RootFS.BaseLayer
This field was used when Windows did not yet support regular images, and required
the base-image to pre-exist on the Windows machine (as those layers were not yet
allowed to be distributed).

Commit f342b27145 (docker 1.13.0, API v1.25) removed
usage of the field.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-05 17:59:39 +01:00
Sebastiaan van Stijn
3c6c9fa180
Merge pull request #43300 from thaJeztah/api_update_imageinspect_docs
API: improve swagger and go-doc for ImageInspect structs
2022-03-05 17:54:37 +01:00
Brian Goff
df664877e3
Merge pull request #43323 from thaJeztah/unalias
remove unneeded "digest" alias for "go-digest"
2022-03-04 16:28:05 -08:00
Sebastiaan van Stijn
7025029b98
Merge pull request #43306 from corhere/logfile-data-race
daemon/logger: fix data race in LogFile
2022-03-05 00:05:58 +01:00
Sebastiaan van Stijn
fe10283449
Merge pull request #43327 from thaJeztah/update_containerd_binary_1.5.10
update containerd binary to v1.5.10
2022-03-04 21:16:24 +01:00
Sebastiaan van Stijn
9ed8cd128a
Dockerfile.windows; update containerd binary to v1.5.10
Welcome to the v1.5.10 release of containerd!

The tenth patch release for containerd 1.5 includes a fix for [CVE-2022-23648][1]
and other issues.

Notable Updates

- Use fs.RootPath when mounting volumes (GHSA-crp2-qrr5-8pq7)
- Return init pid when clean dead shim in runc.v1/v2 shims
- Handle sigint/sigterm in shimv2
- Use readonly mount to read user/group info

[1]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23648
[2]: https://github.com/containerd/containerd/security/advisories/GHSA-crp2-qrr5-8pq7

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-04 19:34:46 +01:00
Sebastiaan van Stijn
2c8f0a0c99
update containerd binary to v1.5.10
Welcome to the v1.5.10 release of containerd!

The tenth patch release for containerd 1.5 includes a fix for [CVE-2022-23648][1]
and other issues.

Notable Updates

- Use fs.RootPath when mounting volumes (GHSA-crp2-qrr5-8pq7)
- Return init pid when clean dead shim in runc.v1/v2 shims
- Handle sigint/sigterm in shimv2
- Use readonly mount to read user/group info

[1]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23648
[2]: https://github.com/containerd/containerd/security/advisories/GHSA-crp2-qrr5-8pq7

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-04 19:34:03 +01:00
Sebastiaan van Stijn
61265cf963
Merge pull request #43325 from thaJeztah/bump_go_1.17.8
update to go 1.17.8 to address CVE-2022-24921
2022-03-04 19:29:14 +01:00
Sebastiaan van Stijn
77d8292e5d
Merge pull request #43328 from thaJeztah/bump_containerd_1.5.10
vendor: github.com/containerd/containerd v1.5.10
2022-03-04 19:20:30 +01:00
Sebastiaan van Stijn
b4a943afab
vendor: github.com/containerd/containerd v1.5.10
full diff: https://github.com/containerd/containerd/compare/v1.5.9...v1.5.10

relevant changes in vendored code:

- Use readonly mount to read user/group info

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-04 18:07:09 +01:00
Sebastiaan van Stijn
e781cf5f64
update to go 1.17.8 to address CVE-2022-24921
Addresses [CVE-2022-24921](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24921)

go1.17.8 (released 2022-03-03) includes a security fix to the regexp/syntax package,
as well as bug fixes to the compiler, runtime, the go command, and the crypto/x509,
and net packages. See the Go 1.17.8 milestone on the issue tracker for details:

https://github.com/golang/go/issues?q=milestone%3AGo1.17.8+label%3ACherryPickApproved

full diff: https://github.com/golang/go/compare/go1.17.7...go1.17.8

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-04 16:36:56 +01:00
Sebastiaan van Stijn
a0230f3d9a
remove unneeded "digest" alias for "go-digest"
I think this was there for historic reasons (may have been goimports expected
this, and we used to have a linter that wanted it), but it's not needed, so
let's remove it (to make my IDE less complaining about unneeded aliases).

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-04 14:49:42 +01:00
Sebastiaan van Stijn
06df530b6d
image: improve godoc for V1Image
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-03 22:57:03 +01:00
Sebastiaan van Stijn
34c2c14775
api: improve godoc for ImageInspect struct
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-03 22:55:34 +01:00
Sebastiaan van Stijn
d19dd22257
api: docs: fix warning about comment indentation (API v1.40-v1.41)
5428:7 warning comment not indented like content (comments-indentation)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-03 22:55:32 +01:00
Sebastiaan van Stijn
9565606222
api: docs: update docs for /images/{name}/json (API v1.39-v1.41)
- rename definition in swagger from `Image` to `ImageInspect` to match the go type
- improve (or add) documentation for various fields
- move example values in-line in the "definitions" section
- remove the `required` fields from `ImageInspect`, as the type is only used as
  response type (not to make requests).

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-03 22:55:25 +01:00