When building the dev image, the Makefile generates a tag-name for the image,
based on the current git branch. As a result of this naming, old images will
collect on a developer's machine (especially when building from different
branches, for example when reviewing pull requests):
REPOSITORY TAG IMAGE ID CREATED SIZE
docker-dev HEAD 9785a8fb82f5 30 hours ago 2.13GB
docker-dev master 9785a8fb82f5 30 hours ago 2.13GB
docker-dev seccomp-closer-to-oci 9785a8fb82f5 30 hours ago 2.13GB
docker-dev move-stackdump 06882c142bfd 2 days ago 2.13GB
docker-dev add-dns-to-docker-info 2961ed1b99bd 10 days ago 2.13GB
docker-dev add-platform-info 2961ed1b99bd 10 days ago 2.13GB
docker-dev rata-seccomp-new-fields 2961ed1b99bd 10 days ago 2.13GB
docker-dev swagger-wip 2961ed1b99bd 10 days ago 2.13GB
docker-dev system-df-types 2961ed1b99bd 10 days ago 2.13GB
docker-dev use-oci-platform 2961ed1b99bd 10 days ago 2.13GB
docker-dev update-swagger-fork 3eeedecca85a 2 weeks ago 2.13GB
docker-dev remove-lcow-step5-alternative 51f9720bbc19 2 weeks ago 2.13GB
docker-dev update-s390x-ubuntu-2004 51f9720bbc19 2 weeks ago 2.13GB
docker-dev fix-image-shared-size 09e9aa46694a 2 weeks ago 2.13GB
docker-dev remove-discovery 11823223ae83 3 weeks ago 2.13GB
docker-dev daemon-config 355643e371b0 4 weeks ago 2.12GB
docker-dev jenkins-windows-containerd 68199214b860 4 weeks ago 2.11GB
docker-dev unfork-buildkit 68199214b860 4 weeks ago 2.11GB
docker-dev warn-on-non-matching-platform bc014b94017f 5 weeks ago 2.11GB
docker-dev remove-lcow 3a43c0900282 6 weeks ago 2.11GB
docker-dev remove-lcow-part5 3a43c0900282 6 weeks ago 2.11GB
docker-dev remove-lcow-step3 3a43c0900282 6 weeks ago 2.11GB
docker-dev remove-lcow-step4 3a43c0900282 6 weeks ago 2.11GB
docker-dev seccomp-unconfined-daemon 3a43c0900282 6 weeks ago 2.11GB
docker-dev update-authors 3a43c0900282 6 weeks ago 2.11GB
docker-dev payall4u-fix-creating-sandbox-when-disable-bridge 114c0f2ceb17 6 weeks ago 2.12GB
docker-dev catch-almost-all f437d2bc512b 8 weeks ago 2.12GB
docker-dev bin-criu c72894ae66f3 2 months ago 2.12GB
docker-dev bump-golang-1-14 395932141809 2 months ago 2.14GB
docker-dev upstream-systemd-units d0cb07f9473c 2 months ago 2.12GB
docker-dev bump-criu 6ed9e8fcf59f 2 months ago 2.12GB
This images are a bit of a pain to clean up, and because they are tagged,
`docker image prune` or `docker system prune` doesn't help (unless `--all` is
used).
Looking at the background of this naming, a found that it was originally added
in a95712899e, after a discussion on PR 3471.
At the time, the image name was used to check if the image needed building, and
otherwise building was skipped in the makefile.
This is no longer the case; the image is built unconditionally, and the build-
cache helps (where possible) speed up rebuilding the image.
In _theory_ having unique names would allow for multiple dev containers (from
different branches) to be started in parallel, but in most situations, the
source-code will be mounted (`BIND_MOUNT=.`), so I'm not sure if that should
be a compelling reason to keep the current naming.
This patch removes the unique tag, and will always tag the image locally as
`docker-dev:latest`.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This patch, similar to d92739713c, embeds the
`LinuxSeccomp` type of the runtime-spec, so that we can support all options
provided by the spec, and decorates it with our own fields.
With this, profiles can make use of the recently added "Flags" field, to
specify flags that must be passed to seccomp(2) when installing the filter.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Make the error message slightly more informative, and remove the redundant
`len(config.ArchMap) != 0` check, as iterating over an empty, or 'nil' slice
is a no-op already. This allows to use a slightly more idiomatic "if ok := xx; ok"
condition.
Also move validation to the start of the loop (early return), and explicitly create
a new slice for "names" if the legacy "Name" field is used.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Add test to verify profile validation, and to verify that the legacy
format actually loads the profile as expected (instead of only verifying
it doesn't produce an error).
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
It's the only location where this is used, and it's quite specific
to dockerd (not really a reusable function for external use), so
moving it into that package.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
It is not directly related to signal-handling, so can well live
in its own package.
Also added a variant that doesn't take a directory to write files
to, for easier consumption / better match to how it's used.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The "quiet" argument was only used in a single place (at daemon startup), and
every other use had to pass "false" to prevent this function from logging
warnings.
Now that SysInfo contains the warnings that occurred when collecting the
system information, we can make leave it up to the caller to use those
warnings (and log them if wanted).
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
We pass the SysInfo struct to all functions. Adding cg2Controllers as a
(non-exported) field makes passing around this information easier.
Now that infoCollector and infoCollectorV2 have the same signature, we can
simplify some bits and use a single slice for all "collectors".
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
We pass the SysInfo struct to all functions. Adding cg2GroupPath as a
(non-exported) field makes passing around this information easier.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
path.Join() already does path.Clean(), and the opts.cg2GroupPath
field is already cleaned as part of WithCgroup2GroupPath()
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
We pass the SysInfo struct to all functions. Adding cgMounts as a
(non-exported) field makes passing around this information easier.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This makes it clearer that this code is the cgroups v1 equivalent of newV2().
Also moves the "options" handling to newV2() because it's currently only used
for cgroupsv2.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
full diff: https://github.com/containerd/containerd/compare/v1.5.2...v1.5.3
- Fix User Agent sent to registry authentication server (changes default user-
agent from "Go-http-client/1.1" to "containerd/v1.5.3")
- Fix missing Body.Close() calls on push to docker remote
- Change Wrapf of non-error to an actual error
- fixes Failed to pull image (unexpected commit digest)
- fix invalid validation error checking
- Update hcsshim to 0.8.18
- Update Go to 1.16.6
- content/local: inline sys.StatATimeAsTime()
- windows: Use GetFinalPathNameByHandle for ResolveSymbolicLink
- Fix cleanup context of teardownPodNetwork
- fixes CRI fails to invoke CNI plugin to teardown network when RunPodSandbox times out
- sandbox: send pod UID to CNI plugins as K8S_POD_UID
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
full diff: https://github.com/containerd/containerd/compare/v1.5.2...v1.5.3
Welcome to the v1.5.3 release of containerd!
The third patch release for containerd 1.5 updates runc to 1.0.0 and contains
various other fixes.
Notable Updates
- Update runc binary to 1.0.0
- Send pod UID to CNI plugins as K8S_POD_UID
- Fix invalid validation error checking
- Fix error on image pull resume
- Fix User Agent sent to registry authentication server
- Fix symlink resolution for disk mounts on Windows
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- Fix the error message in hack/validate/vendor to specify that
hack/vendor.sh should be run instead of vndr.
- Fix hack/vendor.sh to also match on Windows paths for the whitelist.
This allows the script to be run on Windows via Git Bash.
Signed-off-by: Kevin Parsons <kevpar@microsoft.com>
The reasoning for this change is to be able to query image shared size without having to rely on the more heavyweight `/system/df` endpoint.
Signed-off-by: Roman Volosatovs <roman.volosatovs@docker.com>
This makes it easier to add more options to the backend without having to change
the signature.
While we're changing the signature, also adding a context.Context, which is not
currently used, but probably should be at some point.
Signed-off-by: Roman Volosatovs <roman.volosatovs@docker.com>
`github.com/hashicorp/memberlist` update caused `TestNetworkDBCRUDTableEntries`
to occasionally fail, because the test would try to check whether an entry
write is propagated to all nodes, but it would not wait for all nodes to
be available before performing the write.
It could be that the failure is caused simply by improved performance of
the dependency - it could also be that some connectivity guarantee the
test depended on is not provided by the dependency anymore.
The same fix is applied to `TestNetworkDBNodeJoinLeaveIteration` due to
same issue.
Signed-off-by: Roman Volosatovs <roman.volosatovs@docker.com>
Upstream update fixes the issue where left node would be marked as
failed, which caused `TestNetworkDBIslands` to occasionally fail.
Signed-off-by: Roman Volosatovs <roman.volosatovs@docker.com>
