Commit graph

39250 commits

Author SHA1 Message Date
Brian Goff
3148a46657 Fix various race conditions in loggerutils
Found by running with `go test -race`

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2020-10-28 20:36:32 +00:00
Brian Goff
06172ee8ab
Merge pull request #41600 from thaJeztah/defrost
contrib: remove download-frozen-image-v1 script
2020-10-28 09:33:00 -07:00
Sebastiaan van Stijn
93bd2c1336
contrib: remove download-frozen-image-v1 script
I don't think we still had a use for this script, and if someone
needs this, it'll still be accessible in older tags/releases.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-10-28 16:32:00 +01:00
Sebastiaan van Stijn
b90ef1237e
registry: minor cleanup in search code
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-10-28 15:24:50 +01:00
Sebastiaan van Stijn
3f7c62f6f6
registry: remove v1 code not related to searching
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-10-28 15:23:27 +01:00
Sebastiaan van Stijn
0ba2d7c625
registry: remove TestSameAuthDataPostSave
This test was added in 0fc11699ab as
a regression test for saving credentials by the CLI.

However, the CLI code is no longer in this repository, so it was
no longer testing anything.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-10-28 14:06:40 +01:00
Sebastiaan van Stijn
32eaf4690a
registry: DefaultService.Auth(): skip parsing default registry
There's no need to parse or validate the default registry, as it's
a constant value.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-10-28 14:06:38 +01:00
Sebastiaan van Stijn
7782d04141
registry: remove v1 authentication
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-10-28 14:06:36 +01:00
Sebastiaan van Stijn
ab47fd2f72
registry: use consts for default registry
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-10-28 14:06:28 +01:00
Sebastiaan van Stijn
a66aa12f69
Merge pull request #41597 from cpuguy83/gocache
Pass through GOCACHE to test_env
2020-10-28 09:24:10 +01:00
Brian Goff
1a1f5cc37b Pass through GOCACHE to test_env
Otherwise the cache gets written to bundles instead of to the volume
that we setup in the Makefile as expected.

Found this because vscode did not like having these huge objects in
bundles/ (didn't harm anything, just that it noticed and said hey I don't
like that).

This enables cache-reuse when building the test binaries.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2020-10-27 19:50:03 +00:00
Sebastiaan van Stijn
af14f37a11
Merge pull request #41593 from tonistiigi/swagger-fix
docs: fix builder-version swagger
2020-10-27 16:15:08 +01:00
Tonis Tiigi
8cc0fd811e docs: fix builder-version swagger
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2020-10-26 20:17:50 -07:00
Akihiro Suda
837ee91cb9
Merge pull request #41584 from fanjiyun/fix-docker-stats-panic
docker stats: fix 'panic: close of closed channel'
2020-10-26 20:35:51 +09:00
fanjiyun
1b8826beee docker stats: fix 'panic: close of closed channel'
Signed-off-by: fanjiyun <fan.jiyun@zte.com.cn>
2020-10-24 11:48:56 +08:00
Brian Goff
7cf6dfcb9e
Merge pull request #41515 from thaJeztah/seccomp_unmarshal
seccomp: implement marshal/unmarshall for MinVersion
2020-10-22 15:46:54 -07:00
Brian Goff
63184e0cff
Merge pull request #41572 from thaJeztah/containerd_console
vendor: github.com/containerd/console v1.0.1
2020-10-22 12:05:38 -07:00
Sebastiaan van Stijn
48059fa5bf
Merge pull request #41533 from cpuguy83/fix_plugin_config
testing: Init plugin config when for tests
2020-10-21 22:44:32 +02:00
Sebastiaan van Stijn
8a4671fb1f
Merge pull request #41556 from cpuguy83/41552_platform_regress
Don't set default platform on container create
2020-10-21 01:06:15 +02:00
Sebastiaan van Stijn
6f0709e033
vendor: golang.org/x/sys eeed37f84f13f52d35e095e8023ba65671ff86a1
aee5d888a8...eeed37f84f

- all: add GOOS=ios
- unix: add back IoctlCtlInfo on darwin
- windows: add SetConsoleCursorPosition
- unix: update Dockerfile to Linux 5.9 and Go 1.15.2 (adds `CAP_CHECKPOINT_RESTORE`)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-10-20 23:50:03 +02:00
Sebastiaan van Stijn
4680836f80
vendor: github.com/containerd/console v1.0.1
full diff: https://github.com/containerd/console/compare/v1.0.0...v1.0.1

Fixes compatibility with current versions of golang.org/x/sys

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-10-20 23:04:02 +02:00
Brian Goff
88c0271605 Don't set default platform on container create
This fixes a regression based on expectations of the runtime:

```
docker pull arm32v7/alpine
docker run arm32v7/alpine
```

Without this change, the `docker run` will fail due to platform
matching on non-arm32v7 systems, even though the image could run
(assuming the system is setup correctly).

This also emits a warning to make sure that the user is aware that a
platform that does not match the default platform of the system is being
run, for the cases like:

```
docker pull --platform armhf busybox
docker run busybox
```

Not typically an issue if the requests are done together like that, but
if the image was already there and someone did `docker run` without an
explicit `--platform`, they may very well be expecting to run a native
version of the image instead of the armhf one.

This warning does add some extra noise in the case of platform specific
images being run, such as `arm32v7/alpine`, but this can be supressed by
explicitly setting the platform.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2020-10-20 20:17:23 +00:00
Sebastiaan van Stijn
80c3199c18
vendor: github.com/spf13/cobra v1.1.1
full diff: https://github.com/spf13/cobra/compare/v1.0.0...v1.1.1

Notable changes:

- Extend Go completions and revamp zsh comp
- Add completion for help command
- Complete subcommands when TraverseChildren is set
- Fix stderr printing functions
- fix: fish output redirection
- fix manpage building with new go-md2man

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-10-20 21:25:10 +02:00
Brian Goff
73dc6a680c
Merge pull request #41440 from tianon/rm-mkimage.sh
Remove "mkimage.sh" and associated scripts
2020-10-20 12:19:47 -07:00
Brian Goff
6f78b438b8
Merge pull request #41505 from cpuguy83/frozen_targetach
Add TARGETARCH var to frozen images stage
2020-10-19 10:52:45 -07:00
Tibor Vass
33be8d4b40
Merge pull request #41563 from thaJeztah/hold_that_cap
Temporarily disable CAP_PERFMON, CAP_BPF, and CAP_CHECKPOINT_RESTORE
2020-10-19 09:46:57 -07:00
Sebastiaan van Stijn
b94f565bd6
Merge pull request #41555 from thaJeztah/bump_vndr
Bump vndr v0.1.2
2020-10-19 18:09:38 +02:00
Brian Goff
e180525bb4
Merge pull request #41528 from thaJeztah/remove_default_oom_score_adj 2020-10-16 13:43:44 -07:00
Sebastiaan van Stijn
561b8014c0
testutil: set -500 OOM score for test daemons
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-10-16 18:49:55 +02:00
Sebastiaan van Stijn
2b8e68ef06
dockerd: remove default -500 oom-score-adjust
dockerd currently sets the oom-score-adjust itself. This functionality
was added when we did not yet run dockerd as a systemd service.

Now that we do, it's better to instead have systemd handle this.

Keeping the option itself for situations where dockerd is started
manually or without using systemd.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-10-16 18:49:52 +02:00
Sebastiaan van Stijn
a6129c57e6
Bump vndr v0.1.2
full diff: https://github.com/lk4d4/vndr/compare/v0.1.1...v0.1.2

- cleanVCS: prevent panic
- Consider '.syso' as a Go file for vendoring

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-10-16 17:53:56 +02:00
Sebastiaan van Stijn
a38b96b8cd
Temporarily disable CAP_PERFMON, CAP_BPF, and CAP_CHECKPOINT_RESTORE
This prevents docker from setting CAP_PERFMON, CAP_BPF, and CAP_CHECKPOINT_RESTORE
capabilities on privileged (or CAP_ALL) containers on Kernel 5.8 and up.

While these kernels support these capabilities, the current release of
runc ships with an older version of /gocapability/capability, and does
not know about them, causing an error to be produced.

We can remove this restriction once 6dfbe9b807
is included in a runc release and once we stop supporting containerd 1.3.x
(which ships with runc v1.0.0-rc92).

Thanks to Anca Iordache for reporting.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-10-16 17:52:27 +02:00
Sebastiaan van Stijn
bebbec4e89
Merge pull request #41560 from thaJeztah/fix_golang_ci_lint_version
Dockerfile: fix golang-ci-lint installer
2020-10-16 17:52:05 +02:00
Sebastiaan van Stijn
5338478546
Dockerfile: fix golang-ci-lint installer
We were using "go get", whith would try to fetch some dependencies
that are not in the version we're installing,

    go get -d github.com/golangci/golangci-lint/cmd/golangci-lint

Causing the build to fail;

    package 4d63.com/gochecknoglobals/checknoglobals: unrecognized import path "4d63.com/gochecknoglobals/checknoglobals" (parse https://4d63.com/gochecknoglobals/checknoglobals?go-get=1: no go-import meta tags ())

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-10-16 13:39:22 +02:00
Tibor Vass
cf867587b9
Merge pull request #41527 from thaJeztah/no_oom_score_adj
daemon: don't adjust oom-score if score is 0
2020-10-15 15:00:18 -07:00
Tianon Gravi
a637034ee4
Merge pull request #41156 from AkihiroSuda/rootless-new-shim-socket-path
dockerd-rootless.sh: support new containerd shim socket path convention
2020-10-15 12:37:14 -07:00
Sebastiaan van Stijn
b26ce6756f
Merge pull request #41546 from cpuguy83/fix_checkpoint_runtimev2
"Fix" checkpoint on v2 runtime
2020-10-15 20:59:36 +02:00
Brian Goff
f14aea63c9 "Fix" checkpoint on v2 runtime
Checkpoint/Restore is horribly broken all around.
But on the, now default, v2 runtime it's even more broken.

This at least makes checkpoint equally broken on both runtimes.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2020-10-12 22:35:37 +00:00
Akihiro Suda
9c15e82f19
Merge pull request #41537 from tianon/apparmor-tilde
Also trim "~..." from AppArmor versions
2020-10-10 01:03:26 +09:00
Tianon Gravi
654cad4d9d Also trim "~..." from AppArmor versions
Signed-off-by: Tianon Gravi <admwiggin@gmail.com>
2020-10-08 17:03:51 -07:00
Brian Goff
f6f294bd83 testing: Init plugin config when for tests
This fixes a panic when running this test for me locally.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
2020-10-07 22:29:49 +00:00
Sebastiaan van Stijn
d6b1f2ae7d
Merge pull request #41530 from thaJeztah/bump_flock
vendor: github.com/gofrs/flock v0.7.3
2020-10-07 23:51:34 +02:00
Tianon Gravi
e246a85e68
Merge pull request #41518 from AkihiroSuda/fix-41517
pkg/aaparser: support parsing version like "3.0.0-beta1"
2020-10-07 13:00:07 -07:00
Sebastiaan van Stijn
ffd0861b8b
Merge pull request #41330 from BtbN/vol-pquota
Add size option to volumes on linux/unix via xfs pquota
2020-10-07 17:50:39 +02:00
Sebastiaan van Stijn
4539e7f0eb
seccomp: implement marshal/unmarshall for MinVersion
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-10-07 17:48:25 +02:00
Sebastiaan van Stijn
266bf2b2f5
Merge pull request #41493 from thaJeztah/seccomp_kernel_parsing
seccomp: remove dependency on pkg/parsers/kernel
2020-10-07 17:47:03 +02:00
Sebastiaan van Stijn
6b538ffbca
vendor: github.com/gofrs/flock v0.7.3
full diff: https://github.com/gofrs/flock/compare/v0.7.1...v0.7.3

Relevant changes:

- fix: close/Unlock won't close the file descriptor if not locked
- fix license text, update year

Note that there's also a v0.8.0 release; that release only adds aix support,
which is currently of no interest to us, so skipping that version for now.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-10-06 12:12:33 +02:00
Akihiro Suda
1b34a49fef
Merge pull request #41523 from pfandzelter/patch-2
Update documentation to reflect deprecation of "NewEnvClient"
2020-10-06 06:21:01 +09:00
Sebastiaan van Stijn
cf7a5be0f2
daemon: don't adjust oom-score if score is 0
This patch makes two changes if --oom-score-adj is set to 0

- do not adjust the oom-score-adjust cgroup for dockerd
- do not set the hard-coded -999 score for containerd if
  containerd is running as child process

Before this change:

oom-score-adj | dockerd       | containerd as child-process
--------------|---------------|----------------------------
-             | -500          | -500 (same as dockerd)
-100          | -100          | -100 (same as dockerd)
 0            |  0            | -999 (hard-coded default)

With this change:

oom-score-adj | dockerd       | containerd as child-process
--------------|---------------|----------------------------
-             | -500          | -500 (same as dockerd)
-100          | -100          | -100 (same as dockerd)
0             | not adjusted  | not adjusted

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-10-05 19:52:02 +02:00
Timo Rothenpieler
8c31e4536a volume/local: add tests for size quota
Signed-off-by: Timo Rothenpieler <timo@rothenpieler.org>
2020-10-05 13:28:25 +00:00