I don't think we still had a use for this script, and if someone
needs this, it'll still be accessible in older tags/releases.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This test was added in 0fc11699ab as
a regression test for saving credentials by the CLI.
However, the CLI code is no longer in this repository, so it was
no longer testing anything.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Otherwise the cache gets written to bundles instead of to the volume
that we setup in the Makefile as expected.
Found this because vscode did not like having these huge objects in
bundles/ (didn't harm anything, just that it noticed and said hey I don't
like that).
This enables cache-reuse when building the test binaries.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
aee5d888a8...eeed37f84f
- all: add GOOS=ios
- unix: add back IoctlCtlInfo on darwin
- windows: add SetConsoleCursorPosition
- unix: update Dockerfile to Linux 5.9 and Go 1.15.2 (adds `CAP_CHECKPOINT_RESTORE`)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This fixes a regression based on expectations of the runtime:
```
docker pull arm32v7/alpine
docker run arm32v7/alpine
```
Without this change, the `docker run` will fail due to platform
matching on non-arm32v7 systems, even though the image could run
(assuming the system is setup correctly).
This also emits a warning to make sure that the user is aware that a
platform that does not match the default platform of the system is being
run, for the cases like:
```
docker pull --platform armhf busybox
docker run busybox
```
Not typically an issue if the requests are done together like that, but
if the image was already there and someone did `docker run` without an
explicit `--platform`, they may very well be expecting to run a native
version of the image instead of the armhf one.
This warning does add some extra noise in the case of platform specific
images being run, such as `arm32v7/alpine`, but this can be supressed by
explicitly setting the platform.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
full diff: https://github.com/spf13/cobra/compare/v1.0.0...v1.1.1
Notable changes:
- Extend Go completions and revamp zsh comp
- Add completion for help command
- Complete subcommands when TraverseChildren is set
- Fix stderr printing functions
- fix: fish output redirection
- fix manpage building with new go-md2man
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
dockerd currently sets the oom-score-adjust itself. This functionality
was added when we did not yet run dockerd as a systemd service.
Now that we do, it's better to instead have systemd handle this.
Keeping the option itself for situations where dockerd is started
manually or without using systemd.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This prevents docker from setting CAP_PERFMON, CAP_BPF, and CAP_CHECKPOINT_RESTORE
capabilities on privileged (or CAP_ALL) containers on Kernel 5.8 and up.
While these kernels support these capabilities, the current release of
runc ships with an older version of /gocapability/capability, and does
not know about them, causing an error to be produced.
We can remove this restriction once 6dfbe9b807
is included in a runc release and once we stop supporting containerd 1.3.x
(which ships with runc v1.0.0-rc92).
Thanks to Anca Iordache for reporting.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
We were using "go get", whith would try to fetch some dependencies
that are not in the version we're installing,
go get -d github.com/golangci/golangci-lint/cmd/golangci-lint
Causing the build to fail;
package 4d63.com/gochecknoglobals/checknoglobals: unrecognized import path "4d63.com/gochecknoglobals/checknoglobals" (parse https://4d63.com/gochecknoglobals/checknoglobals?go-get=1: no go-import meta tags ())
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Checkpoint/Restore is horribly broken all around.
But on the, now default, v2 runtime it's even more broken.
This at least makes checkpoint equally broken on both runtimes.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
full diff: https://github.com/gofrs/flock/compare/v0.7.1...v0.7.3
Relevant changes:
- fix: close/Unlock won't close the file descriptor if not locked
- fix license text, update year
Note that there's also a v0.8.0 release; that release only adds aix support,
which is currently of no interest to us, so skipping that version for now.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This patch makes two changes if --oom-score-adj is set to 0
- do not adjust the oom-score-adjust cgroup for dockerd
- do not set the hard-coded -999 score for containerd if
containerd is running as child process
Before this change:
oom-score-adj | dockerd | containerd as child-process
--------------|---------------|----------------------------
- | -500 | -500 (same as dockerd)
-100 | -100 | -100 (same as dockerd)
0 | 0 | -999 (hard-coded default)
With this change:
oom-score-adj | dockerd | containerd as child-process
--------------|---------------|----------------------------
- | -500 | -500 (same as dockerd)
-100 | -100 | -100 (same as dockerd)
0 | not adjusted | not adjusted
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>