Commit graph

2865 commits

Author SHA1 Message Date
Sebastiaan van Stijn
26e9face5a
[23.0] update containerd binary to v1.6.16
Notable Updates

- Fix push error propagation
- Fix slice append error with HugepageLimits for Linux
- Update default seccomp profile for PKU and CAP_SYS_NICE
- Fix overlayfs error when upperdirlabel option is set

full diff: https://github.com/containerd/containerd/compare/v1.6.15...v1.6.16

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-01-30 09:16:22 +01:00
CrazyMax
8fc49af4ab
hack: check if cross-compiling before setting ARM target name
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
(cherry picked from commit 67aa86f1e0)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-01-20 16:40:33 +01:00
Kevin Alvarez
8c12a6648b
hack: name for target ARM architecture not specified
Build currently doesn't set the right name for target ARM
architecture through switches in CGO_CFLAGS and CGO_CXXFLAGS
when doing cross-compilation. This was previously fixed in https://github.com/moby/moby/pull/43474

Also removes the toolchain configuration. Following changes for
cross-compilation in https://github.com/moby/moby/pull/44546,
we forgot to remove the toolchain configuration that is
not used anymore as xx already sets correct cc/cxx envs already.

Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
(cherry picked from commit 945704208a)
2023-01-17 20:17:18 +01:00
CrazyMax
10c4ada049
hack: typo in displayed platform name
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
(cherry picked from commit 94639eb66f)
2023-01-17 20:17:08 +01:00
Sebastiaan van Stijn
5aa0c2cae2
[23.0] update containerd binary to v1.6.15
release notes: https://github.com/containerd/containerd/releases/tag/v1.6.15

> Welcome to the v1.6.15 release of containerd!
>
> The fifteenth patch release for containerd 1.6 fixes an issue with CNI in the CRI plugin
>
> Notable Updates
>
> - Fix no CNI info for pod sandbox on restart in CRI plugin

full diff: https://github.com/containerd/containerd/compare/v1.6.14...v1.6.15

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-01-09 13:12:29 +01:00
CrazyMax
8dfd907478
hack: restore copy_binaries func
This function is still useful for the dev environment.

Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
(cherry picked from commit 7e7b0622a6)
2023-01-06 08:38:33 +01:00
Paweł Gronowski
0d1aba547e
hack/make: Don't add -buildmode=pie with -race
Make it possible to add `-race` to the BUILDFLAGS without making the
build fail with error:
"-buildmode=pie not supported when -race is enabled"

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
(cherry picked from commit bbe6e9e8d1)
2023-01-05 20:27:08 +01:00
CrazyMax
7e286efcd3
ci: use GITHUB_REF and GITHUB_SHA to set version and commit
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
(cherry picked from commit 27ba1766e7)
2023-01-02 18:46:03 +01:00
CrazyMax
171471b613
hack: update buildmode pie condition
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
(cherry picked from commit 491467b0b9)
2023-01-02 18:46:02 +01:00
CrazyMax
7d8c689923
hack: do not set buildmode pie for statically linked binary
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
(cherry picked from commit 347a5f68da)
2023-01-02 18:46:02 +01:00
CrazyMax
75596bee28
hack: use PKG_CONFIG var when checking libdevmapper
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
(cherry picked from commit e37985f590)
2023-01-02 18:46:02 +01:00
CrazyMax
29758a067f
IAmStatic not used anymore
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
(cherry picked from commit 84ea9ee0f9)
2023-01-02 18:46:02 +01:00
CrazyMax
5d4ddce5ed
hack: remove containerutility script
this script is not used anymore. containerutility is
built in the Dockerfile.

Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
(cherry picked from commit 04c90b8cf5)
2023-01-02 18:46:01 +01:00
CrazyMax
a85bdbe1ca
Dockerfile: use TARGETPLATFORM to build Docker
Better support for cross compilation so we can fully rely
on `--platform` flag of buildx for a seamless integration.

This removes unnecessary extra cross logic in the Dockerfile,
DOCKER_CROSSPLATFORMS and CROSS vars and some hack scripts as well.

Non-sandboxed build invocation is still supported and dev stages
in the Dockerfile have been updated accordingly.

Bake definition and GitHub Actions workflows have been updated
accordingly as well.

Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
(cherry picked from commit 8086f40123)
2023-01-02 18:46:01 +01:00
Sebastiaan van Stijn
5ebd78d5f8
update containerd binary to v1.6.14
Notable Updates

- Fix `memory.memsw.limit_in_bytes: no such file or directory` error in CRI plugin

full diff: https://github.com/containerd/containerd/compare/v1.6.13...v1.6.14

See the changelog for complete list of changes:
https://github.com/containerd/containerd/releases/tag/v1.6.14

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-19 18:38:04 +01:00
Sebastiaan van Stijn
d8d11bca37
update containerd binary to v1.6.13
Notable Updates

- Update overlay snapshotter to check for tmpfs when evaluating usage of userxattr
- Update hcsschim to v0.9.6 to fix resource leak on exec
- Make swapping disabled with memory limit in CRI plugin
- Allow clients to remove created tasks with PID 0
- Fix concurrent map iteration and map write in CRI port forwarding
- Check for nil HugepageLimits to avoid panic in CRI plugin

See the changelog for complete list of changes:
https://github.com/containerd/containerd/releases/tag/v1.6.13

full diff: https://github.com/containerd/containerd/compare/v1.6.12...v1.6.13

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-15 19:26:40 +01:00
Bjorn Neergaard
a6818fd4cb
hack: introduce validate/no-module
Moby is not a Go module; to prevent anyone from mistakenly trying to
convert it to one before we are ready, introduce a check (usable in CI
and locally) for a go.mod file.

This is preferable to trying to .gitignore the file as we can ensure
that a mistakenly created go.mod is surfaced by Git-based tooling and is
less likely to surprise a contributor.

Signed-off-by: Bjorn Neergaard <bneergaard@mirantis.com>
(cherry picked from commit 25c3421802)
Signed-off-by: Bjorn Neergaard <bneergaard@mirantis.com>
2022-12-13 14:42:07 -07:00
Bjorn Neergaard
45fe08c93c
hack: replace go-mod-prepare.sh with wrapper script
To make the local build environment more correct and consistent, we
should never leave an uncommitted go.mod in the tree; however, we need a
go.mod for certain commands to work properly. Use a wrapper script to
create and destroy the go.mod as needed instead of potentially changing
tooling behavior by leaving it.

If a go.mod already exists, this script will warn and call the wrapped
command with GO111MODULE=on.

Signed-off-by: Bjorn Neergaard <bneergaard@mirantis.com>
(cherry picked from commit a449f77774)
Signed-off-by: Bjorn Neergaard <bneergaard@mirantis.com>
2022-12-13 14:42:05 -07:00
Bjorn Neergaard
c508d13372
hack/go-mod-prepare.sh: find root robustly; make steps transparent
Signed-off-by: Bjorn Neergaard <bneergaard@mirantis.com>
(cherry picked from commit af8e955e8f)
Signed-off-by: Bjorn Neergaard <bneergaard@mirantis.com>
2022-12-13 14:41:28 -07:00
Bjorn Neergaard
036398f512
hack/validate/vendor: clean up license validation step
Signed-off-by: Bjorn Neergaard <bneergaard@mirantis.com>
(cherry picked from commit 9f004830a5)
Signed-off-by: Bjorn Neergaard <bneergaard@mirantis.com>
2022-12-13 14:41:27 -07:00
Bjorn Neergaard
a4957d2585
hack/validate/vendor: split tidy from vendor
Signed-off-by: Bjorn Neergaard <bneergaard@mirantis.com>
(cherry picked from commit dbd76848ca)
Signed-off-by: Bjorn Neergaard <bneergaard@mirantis.com>
2022-12-13 14:41:25 -07:00
Bjorn Neergaard
394eaa8495
hack/vendor.sh: allow running tidy & vendor separately
Signed-off-by: Bjorn Neergaard <bneergaard@mirantis.com>
(cherry picked from commit 72568286ab)
Signed-off-by: Bjorn Neergaard <bneergaard@mirantis.com>
2022-12-13 14:41:23 -07:00
Sebastiaan van Stijn
48a0d8a8d1
[23.0] update containerd binary to v1.6.12 (addresses CVE-2022-23471)
The twelfth patch release for containerd 1.6 contains a fix for CVE-2022-23471.

Notable Updates

- Fix goroutine leak during Exec in CRI plugin (GHSA-2qjp-425j-52j9)

full diff: https://github.com/containerd/containerd/compare/v1.6.11...v1.6.12

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-08 00:51:01 +01:00
Sebastiaan van Stijn
3d902fe719
[23.0] update containerd binary to v1.6.11
Welcome to the v1.6.11 release of containerd!

The eleventh patch release for containerd 1.6 contains a various fixes and updates.

Notable Updates

- Add pod UID annotation in CRI plugin
- Fix nil pointer deference for Windows containers in CRI plugin
- Fix lease labels unexpectedly overwriting expiration
- Fix for simultaneous diff creation using the same parent snapshot

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-06 23:33:27 +01:00
Bjorn Neergaard
6f581c1808
hack/generate-authors.sh: refactor and simplify
Signed-off-by: Bjorn Neergaard <bneergaard@mirantis.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit b94d1604a9)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-11-30 12:06:21 +01:00
Sebastiaan van Stijn
a8184baf3b
Merge pull request #44523 from crazy-max/22.06_dockerfile-vpnkit-platform
[22.06 backport] Dockerfile: remove hardcoded platforms for vpnkit stage
2022-11-25 00:47:12 +01:00
CrazyMax
acb8204a7f
Dockerfile: remove hardcoded platforms for vpnkit stage
Current Dockerfile downloads vpnkit for both linux/amd64
and linux/arm64 platforms even if target platform does not
match. This change will download vpnkit only if target
platform matches, otherwise it will just use a dummy scratch
stage.

Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
(cherry picked from commit 8a46a2a364)
2022-11-24 14:21:28 +01:00
CrazyMax
313f105443
hack: remove obsolete sources for go-autogen
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
(cherry picked from commit 40069797ef)
2022-11-24 14:20:48 +01:00
Sebastiaan van Stijn
27982c186e
Merge pull request #44480 from neersighted/drop_changelog_22.06
[22.06 backport] cleanup: drop historical CHANGELOG.md
2022-11-17 10:48:08 +01:00
Sebastiaan van Stijn
9d990cbae8
Merge pull request #44471 from thaJeztah/22.06_backport_containerd_v1.6.10
[22.06 backport] update containerd v1.6.10 (binary and vendor)
2022-11-17 10:46:14 +01:00
Bjorn Neergaard
3508cfb149
hack/validate: drop changelog-related steps
Signed-off-by: Bjorn Neergaard <bneergaard@mirantis.com>
(cherry picked from commit be18f92bf4)
Signed-off-by: Bjorn Neergaard <bneergaard@mirantis.com>
2022-11-16 13:35:40 -07:00
Akihiro Suda
abe6b3dc9b
rootlesskit.installer: s/vendor.conf/vendor.mod/
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
(cherry picked from commit 7ca03c1a79)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-11-16 14:33:40 +01:00
Akihiro Suda
297f224a92
update RootlessKit to v1.1.0
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
(cherry picked from commit d9fb730148)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-11-16 14:33:40 +01:00
Jintao Zhang
2dce69e001
update containerd binary to v1.6.10
Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com>
(cherry picked from commit a5979a2106)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-11-16 14:03:34 +01:00
Bjorn Neergaard
f9ab209417
chore: update supported go version to 1.18+
The 1.16 `io/fs` compatibility code was being built on 1.18 and 1.19.
Drop it completely as 1.16 is long EOL, and additionally drop 1.17 as it
has been EOL for a month and 1.18 is both the minimum Go supported by
the 20.10 branch, as well as a very easy jump from 1.17.

Signed-off-by: Bjorn Neergaard <bneergaard@mirantis.com>
(cherry picked from commit 85fa72c599)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-11-11 18:01:58 +01:00
Sebastiaan van Stijn
21feb1808d
Revert "validation: temporarily allows changes in integration-cli"
This reverts commit 7ed823ead9.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 9b71a46899)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-11-05 18:35:47 +01:00
Sebastiaan van Stijn
c4685540e4
update containerd binary to v1.6.9
release notes: https://github.com/containerd/containerd/releases/tag/v1.6.9

full diff: containerd/containerd@v1.6.8...v1.6.9

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit ac79a02ace)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-10-24 13:55:25 -04:00
Brian Goff
4669418731
Volume prune: only prune anonymous volumes by default
This adds a new filter argument to the volume prune endpoint "all".
When this is not set, or it is a false-y value, then only anonymous
volumes are considered for pruning.

When `all` is set to a truth-y value, you get the old behavior.

This is an API change, but I think one that is what most people would
want.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 618f26ccbc)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-10-05 23:50:01 +02:00
Sebastiaan van Stijn
3ce520ec80
golangci-lint: update to v1.49.0
Remove the "deadcode", "structcheck", and "varcheck" linters, as they are
deprecated:

    WARN [runner] The linter 'deadcode' is deprecated (since v1.49.0) due to: The owner seems to have abandoned the linter.  Replaced by unused.
    WARN [runner] The linter 'structcheck' is deprecated (since v1.49.0) due to: The owner seems to have abandoned the linter.  Replaced by unused.
    WARN [runner] The linter 'varcheck' is deprecated (since v1.49.0) due to: The owner seems to have abandoned the linter.  Replaced by unused.
    WARN [linters context] structcheck is disabled because of generics. You can track the evolution of the generics support by following the https://github.com/golangci/golangci-lint/issues/2649.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 2f1c382a6d)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-09-26 11:58:07 +02:00
CrazyMax
cc7b8cc980
ci(test): send coverage to codecov
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
(cherry picked from commit 807c849431)
2022-09-08 13:50:19 +02:00
CrazyMax
0bfb1bded3
integration: TestNetworkLoopbackNat is broken on GitHub Runner
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
(cherry picked from commit df731c745a)
2022-09-08 13:50:18 +02:00
Sebastiaan van Stijn
3b9370fcf8
validate: address SC2155 (shellcheck)
see https://github.com/koalaman/shellcheck/wiki/SC2155

Looking at how these were used, I don't think we even need to
export them, so removing that.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 5cfc9c374c)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-08-29 19:54:57 +02:00
Sebastiaan van Stijn
51bf7da729
validate: format vendor script with shfmt
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit b9fd2cf605)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-08-29 19:54:56 +02:00
Sebastiaan van Stijn
f1bd611d41
validate: add yamllint validation
validate other YAML files, such as the ones used in the documentation,
and GitHub actions workflows, to prevent issues such as;

- 30295c1750
- 8e8d9a3650

With this patch:

    hack/validate/yamllint
    Congratulations! yamllint config file formatted correctly
    Congratulations! YAML files are formatted correctly

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 6cef06b940)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-08-29 19:54:54 +02:00
Sebastiaan van Stijn
e9f7c05ae1
validate: yamllint: ignore "truthy value should be one of" warnings
Suppresses warnings like:

    LANG=C.UTF-8 yamllint -c hack/validate/yamllint.yaml -f parsable .github/workflows/*.yml
    .github/workflows/ci.yml:7:1: [warning] truthy value should be one of [false, true] (truthy)
    .github/workflows/windows.yml:7:1: [warning] truthy value should be one of [false, true] (truthy)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 91bb776bb8)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-08-29 19:54:52 +02:00
Sebastiaan van Stijn
72156dd7a4
validate: yamllint: set locale in config file
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit cc2134ea83)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-08-29 19:54:50 +02:00
Sebastiaan van Stijn
554a933944
validate: yamllint: use "parsable" output
Before:

    10030:81  error    line too long (89 > 80 characters)  (line-length)

After:

    api/swagger.yaml:10030:81: [error] line too long (89 > 80 characters) (line-length)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit f679d8c821)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-08-29 19:54:48 +02:00
Sebastiaan van Stijn
8d43d7fa6b
validate: yamllint rename config-file
Don't make the file hidden, and add .yaml extension, so that editors
pick up the right formatting :)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 5f114b65b4)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-08-29 19:54:46 +02:00
Sebastiaan van Stijn
d2590dc3cd
Merge pull request #44039 from thaJeztah/22.06_backport_update_runc_1.1.4
[22.06 backport] update runc to v1.1.4
2022-08-26 13:29:28 +02:00
Sebastiaan van Stijn
87b7e40a34
update containerd binary to v1.6.8
release notes: https://github.com/containerd/containerd/releases/tag/v1.6.8

full diff: https://github.com/containerd/containerd/compare/v1.6.7...v1.6.8

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit d52ffce38f)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-08-26 00:34:11 +02:00