diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md
deleted file mode 100644
index 31b6551..0000000
--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ /dev/null
@@ -1,73 +0,0 @@
----
-name: Bug report
-about: Create a bug report to help improve containerd
-title: ''
-labels: kind/bug
-assignees: ''
----
-
-
-
-**Description**
-
-
-
-**Steps to reproduce the issue:**
-1.
-2.
-3.
-
-**Describe the results you received:**
-
-
-**Describe the results you expected:**
-
-
-**What version of containerd are you using:**
-
-```
-$ containerd --version
-
-```
-
-**Any other relevant information (runC version, CRI configuration, OS/Kernel version, etc.):**
-
-
-
-runc --version
-$ runc --version
-
-
crictl info
-$ crictl info
-
-
uname -a
-$ uname -a
-
-
+ * If containerd gets stuck on something and enables debug socket, `ctr pprof goroutines`
+ dumps the golang stack of containerd, which is helpful! If containerd runs
+ without debug socket, `kill -SIGUSR1 $(pidof containerd)` also dumps the stack
+ as well.
+
+ * If there is something about running containerd, like consuming more CPU resources,
+ `ctr pprof` subcommands will help you to get some useful profiles. Enable debug
+ socket makes life easier.
+
+ * `ctr` can't be used for testing CRI configs, as it does not use CRI API.
+
+
+ - type: textarea
+ attributes:
+ label: Description
+ description: |
+ Briefly describe the problem you are having in a few paragraphs.
+ validations:
+ required: true
+
+ - type: textarea
+ attributes:
+ label: Steps to reproduce the issue
+ value: |
+ 1.
+ 2.
+ 3.
+
+ - type: textarea
+ attributes:
+ label: Describe the results you received and expected
+ validations:
+ required: true
+
+ - type: input
+ attributes:
+ label: What version of containerd are you using?
+ placeholder: $ containerd --version
+ validations:
+ required: true
+
+ - type: textarea
+ attributes:
+ label: Any other relevant information
+ description: |
+ runc version, CRI configuration, OS/Kernel version, etc.
+ Use the following commands:
+ $ runc --version
+ $ crictl info (if you use Kubernetes)
+ $ uname -a
+
+ - type: textarea
+ attributes:
+ label: Show configuration if it is related to CRI plugin.
+ placeholder: $ cat /etc/containerd/config.toml
diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md
deleted file mode 100644
index e123919..0000000
--- a/.github/ISSUE_TEMPLATE/feature_request.md
+++ /dev/null
@@ -1,16 +0,0 @@
----
-name: Feature request
-about: Suggest an idea for containerd
-title: ''
-labels: kind/feature
-assignees: ''
----
-
-**What is the problem you're trying to solve**
-A clear and concise description of what the problem is.
-
-**Describe the solution you'd like**
-A clear and concise description of what you'd like to happen.
-
-**Additional context**
-Add any other context about the feature request here.
\ No newline at end of file
diff --git a/.github/ISSUE_TEMPLATE/feature_request.yaml b/.github/ISSUE_TEMPLATE/feature_request.yaml
new file mode 100644
index 0000000..161656e
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/feature_request.yaml
@@ -0,0 +1,25 @@
+name: Feature request
+description: Suggest an idea for containerd
+labels: kind/feature
+body:
+ - type: textarea
+ attributes:
+ label: What is the problem you're trying to solve
+ description: |
+ A clear and concise description of what the problem is.
+ validations:
+ required: true
+
+ - type: textarea
+ attributes:
+ label: Describe the solution you'd like
+ description: |
+ A clear and concise description of what you'd like to happen.
+ validations:
+ required: true
+
+ - type: textarea
+ attributes:
+ label: Additional context
+ description: |
+ Add any other context about the feature request here.
diff --git a/.github/workflows/build-test-images.yml b/.github/workflows/build-test-images.yml
new file mode 100644
index 0000000..940312a
--- /dev/null
+++ b/.github/workflows/build-test-images.yml
@@ -0,0 +1,167 @@
+name: "Build volume test images"
+on:
+ workflow_dispatch:
+ inputs:
+ push_to_project:
+ description: "Project to build images for"
+ required: true
+ default: "ghcr.io/containerd"
+ azure_windows_image_id:
+ description: Windows image URN to deploy
+ required: true
+ default: MicrosoftWindowsServer:WindowsServer:2022-datacenter:20348.350.2111030009
+ azure_vm_size:
+ description: Windows image builder VM size
+ required: true
+ default: Standard_D2s_v3
+ azure_location:
+ description: The Azure region to deploy to
+ required: true
+ default: westeurope
+
+permissions:
+ contents: read
+
+env:
+ AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUB_ID }}
+ DEFAULT_ADMIN_USERNAME: azureuser
+ SSH_OPTS: "-o ServerAliveInterval=20 -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null"
+ AZURE_RESOURCE_GROUP: ctrd-test-image-build-${{ github.run_id }}
+
+jobs:
+ images:
+ permissions:
+ packages: write
+ name: "Build volume test images"
+ runs-on: ubuntu-latest
+ defaults:
+ run:
+ working-directory: src/github.com/containerd/containerd
+
+ steps:
+ - uses: actions/setup-go@v3
+ with:
+ go-version: "1.20.8"
+
+ - uses: actions/checkout@v3
+ with:
+ path: src/github.com/containerd/containerd
+
+ - name: Set env
+ shell: bash
+ run: |
+ echo "GOPATH=${{ github.workspace }}" >> $GITHUB_ENV
+ echo "${{ github.workspace }}/bin" >> $GITHUB_PATH
+
+ - name: Install docker
+ shell: bash
+ run: |
+ sudo apt update
+ sudo apt install -y ca-certificates curl gnupg lsb-release
+ curl -fsSL https://download.docker.com/linux/ubuntu/gpg > /tmp/docker.gpg
+ sudo gpg --yes --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg /tmp/docker.gpg
+ echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
+ sudo apt update
+ sudo apt install -y docker-ce docker-ce-cli containerd.io jq
+ sudo adduser $USER docker
+
+ - name: Generate ssh key pair
+ run: |
+ mkdir -p $HOME/.ssh/
+ ssh-keygen -t rsa -b 4096 -C "ci@containerd.com" -f $HOME/.ssh/id_rsa -q -N ""
+ echo "SSH_PUB_KEY=$(cat ~/.ssh/id_rsa.pub)" >> $GITHUB_ENV
+
+ - name: Azure Login
+ uses: azure/login@v1
+ with:
+ creds: ${{ secrets.AZURE_CREDS }}
+
+ - name: Create Azure Resource Group
+ uses: azure/CLI@v1
+ with:
+ inlinescript: |
+ az group create -n ${{ env.AZURE_RESOURCE_GROUP }} -l ${{ github.event.inputs.azure_location }} --tags creationTimestamp=$(date +%Y-%m-%dT%T%z)
+
+ - name: Create Windows Helper VM
+ uses: azure/CLI@v1
+ with:
+ inlinescript: |
+ PASSWORD="$(/usr/bin/tr -dc "a-zA-Z0-9@#$%^&*()_+?><~\`;" < /dev/urandom | /usr/bin/head -c 24; echo '')"
+ az vm create -n WinDockerHelper \
+ --admin-username ${{ env.DEFAULT_ADMIN_USERNAME }} \
+ --public-ip-sku Basic \
+ --admin-password "::add-mask::$PASSWORD" \
+ --image ${{ github.event.inputs.azure_windows_image_id }} \
+ -g ${{ env.AZURE_RESOURCE_GROUP }} \
+ --size ${{ github.event.inputs.azure_vm_size }}
+ az vm open-port --resource-group ${{ env.AZURE_RESOURCE_GROUP }} --name WinDockerHelper --port 22 --priority 101
+ az vm open-port --resource-group ${{ env.AZURE_RESOURCE_GROUP }} --name WinDockerHelper --port 2376 --priority 102
+
+ - name: Prepare Windows image helper
+ uses: azure/CLI@v1
+ with:
+ inlinescript: |
+ # Installs Windows features, opens SSH and Docker port
+ az vm run-command invoke \
+ --command-id RunPowerShellScript \
+ -n WinDockerHelper \
+ -g ${{ env.AZURE_RESOURCE_GROUP }} \
+ --scripts @$GITHUB_WORKSPACE/src/github.com/containerd/containerd/script/setup/prepare_windows_docker_helper.ps1
+ # The prepare_windows_docker_helper.ps1 script reboots the server after enabling the Windows features
+ # Give it a chance to reboot. Running another run-command via azure CLI should work even without this
+ # sleep, but we want to avoid the possibility that it may run before the server reboots.
+ sleep 30
+ # Enable SSH and import public key
+ az vm run-command invoke \
+ --command-id RunPowerShellScript \
+ -n WinDockerHelper \
+ -g ${{ env.AZURE_RESOURCE_GROUP }} \
+ --scripts @$GITHUB_WORKSPACE/src/github.com/containerd/containerd/script/setup/enable_ssh_windows.ps1 \
+ --parameters 'SSHPublicKey=${{ env.SSH_PUB_KEY }}'
+
+ - name: Get Windows Helper IPs
+ uses: azure/CLI@v1
+ with:
+ inlinescript: |
+ VM_DETAILS=$(az vm show -d -g ${{ env.AZURE_RESOURCE_GROUP }} -n WinDockerHelper -o json)
+ echo "PUBLIC_IP=$(echo $VM_DETAILS | jq -r .publicIps)" >> $GITHUB_ENV
+ echo "PRIVATE_IP=$(echo $VM_DETAILS | jq -r .privateIps)" >> $GITHUB_ENV
+
+ - name: Enable Docker TLS
+ shell: bash
+ run: |
+ scp -i $HOME/.ssh/id_rsa ${{ env.SSH_OPTS }} $GITHUB_WORKSPACE/src/github.com/containerd/containerd/script/setup/enable_docker_tls_on_windows.ps1 azureuser@${{ env.PUBLIC_IP }}:/enable_docker_tls_on_windows.ps1
+ ssh -i $HOME/.ssh/id_rsa ${{ env.SSH_OPTS }} azureuser@${{ env.PUBLIC_IP }} "powershell.exe -command { C:/enable_docker_tls_on_windows.ps1 -IPAddresses ${{ env.PUBLIC_IP }},${{ env.PRIVATE_IP }} }"
+
+ - name: Fetch client certificate and key
+ shell: bash
+ run: |
+ mkdir -p $HOME/.docker
+ scp -i $HOME/.ssh/id_rsa ${{ env.SSH_OPTS }} azureuser@${{ env.PUBLIC_IP }}:/Users/azureuser/.docker/ca.pem $HOME/.docker/ca.pem
+ scp -i $HOME/.ssh/id_rsa ${{ env.SSH_OPTS }} azureuser@${{ env.PUBLIC_IP }}:/Users/azureuser/.docker/cert.pem $HOME/.docker/cert.pem
+ scp -i $HOME/.ssh/id_rsa ${{ env.SSH_OPTS }} azureuser@${{ env.PUBLIC_IP }}:/Users/azureuser/.docker/key.pem $HOME/.docker/key.pem
+
+ - name: Login to GitHub Container Registry
+ uses: docker/login-action@v1
+ with:
+ registry: ghcr.io
+ username: ${{ github.actor }}
+ password: ${{ secrets.GITHUB_TOKEN }}
+
+ - name: Build and push images
+ shell: bash
+ run: |
+ make -C $GITHUB_WORKSPACE/src/github.com/containerd/containerd/integration/images/volume-copy-up setup-buildx
+
+ make -C $GITHUB_WORKSPACE/src/github.com/containerd/containerd/integration/images/volume-copy-up build-registry PROJ=${{ github.event.inputs.push_to_project }} REMOTE_DOCKER_URL=${{ env.PUBLIC_IP }}:2376
+ make -C $GITHUB_WORKSPACE/src/github.com/containerd/containerd/integration/images/volume-copy-up push-manifest PROJ=${{ github.event.inputs.push_to_project }} REMOTE_DOCKER_URL=${{ env.PUBLIC_IP }}:2376
+
+ make -C $GITHUB_WORKSPACE/src/github.com/containerd/containerd/integration/images/volume-ownership build-registry PROJ=${{ github.event.inputs.push_to_project }} REMOTE_DOCKER_URL=${{ env.PUBLIC_IP }}:2376
+ make -C $GITHUB_WORKSPACE/src/github.com/containerd/containerd/integration/images/volume-ownership push-manifest PROJ=${{ github.event.inputs.push_to_project }} REMOTE_DOCKER_URL=${{ env.PUBLIC_IP }}:2376
+
+ - name: Cleanup resources
+ if: always()
+ uses: azure/CLI@v1
+ with:
+ inlinescript: |
+ az group delete -g ${{ env.AZURE_RESOURCE_GROUP }} --yes
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index c2944e0..93b4d3a 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -2,77 +2,91 @@ name: CI
on:
push:
branches:
- - master
+ - main
- 'release/**'
pull_request:
branches:
- - master
+ - main
- 'release/**'
+env:
+ # Go version we currently use to build containerd across all CI.
+ # Note: don't forget to update `Binaries` step, as it contains the matrix of all supported Go versions.
+ GO_VERSION: "1.20.8"
+
+permissions: # added using https://github.com/step-security/secure-workflows
+ contents: read
+
jobs:
#
# golangci-lint
#
linters:
+ permissions:
+ contents: read # for actions/checkout to fetch code
+ pull-requests: read # for golangci/golangci-lint-action to fetch pull requests
name: Linters
runs-on: ${{ matrix.os }}
timeout-minutes: 10
strategy:
matrix:
- go-version: [1.16.12]
- os: [ubuntu-18.04, macos-10.15, windows-2019]
+ os: [ubuntu-20.04, macos-12, windows-2019]
steps:
- - uses: actions/checkout@v2
- with:
- path: src/github.com/containerd/containerd
-
- - name: Set env
- shell: bash
+ - name: Install dependencies
+ if: matrix.os == 'ubuntu-20.04'
run: |
- echo "GOPATH=${{ github.workspace }}" >> $GITHUB_ENV
- echo "${{ github.workspace }}/bin" >> $GITHUB_PATH
+ sudo apt-get update
+ sudo apt-get install -y libbtrfs-dev
- - uses: golangci/golangci-lint-action@v2
+ - uses: actions/setup-go@v3
with:
- version: v1.36.0
- working-directory: src/github.com/containerd/containerd
- args: --timeout=5m
+ go-version: ${{ env.GO_VERSION }}
+
+ - uses: actions/checkout@v3
+ - uses: golangci/golangci-lint-action@v3
+ with:
+ version: v1.51.1
+ skip-cache: true
+ args: --timeout=8m
#
# Project checks
#
project:
name: Project Checks
- runs-on: ubuntu-18.04
+ if: github.repository == 'containerd/containerd'
+ runs-on: ubuntu-20.04
timeout-minutes: 5
steps:
- - uses: actions/setup-go@v2
+ - uses: actions/setup-go@v3
with:
- go-version: '1.16.12'
+ go-version: ${{ env.GO_VERSION }}
- - shell: bash
- run: |
- echo "GOPATH=${{ github.workspace }}" >> $GITHUB_ENV
- echo "${{ github.workspace }}/bin" >> $GITHUB_PATH
-
- - uses: actions/checkout@v2
+ - uses: actions/checkout@v3
with:
path: src/github.com/containerd/containerd
fetch-depth: 100
- - uses: containerd/project-checks@v1
+ - uses: containerd/project-checks@v1.1.0
with:
working-directory: src/github.com/containerd/containerd
+ repo-access-token: ${{ secrets.GITHUB_TOKEN }}
+
+ - name: verify go modules and vendor directory
+ run: |
+ sudo apt-get install -y jq
+ make verify-vendor
+ working-directory: src/github.com/containerd/containerd
#
# Protobuf checks
#
protos:
name: Protobuf
- runs-on: ubuntu-18.04
+ runs-on: ubuntu-20.04
timeout-minutes: 5
defaults:
@@ -80,11 +94,11 @@ jobs:
working-directory: src/github.com/containerd/containerd
steps:
- - uses: actions/setup-go@v2
+ - uses: actions/setup-go@v3
with:
- go-version: '1.16.12'
+ go-version: ${{ env.GO_VERSION }}
- - uses: actions/checkout@v2
+ - uses: actions/checkout@v3
with:
path: src/github.com/containerd/containerd
@@ -92,7 +106,6 @@ jobs:
shell: bash
run: |
echo "GOPATH=${{ github.workspace }}" >> $GITHUB_ENV
- echo "GO111MODULE=off" >> $GITHUB_ENV
echo "${{ github.workspace }}/bin" >> $GITHUB_PATH
- name: Install protobuf
@@ -109,34 +122,22 @@ jobs:
man:
name: Manpages
- runs-on: ubuntu-18.04
+ runs-on: ubuntu-20.04
timeout-minutes: 5
steps:
- - uses: actions/setup-go@v2
+ - uses: actions/setup-go@v3
with:
- go-version: '1.16.12'
-
- - name: Set env
- shell: bash
- run: |
- echo "GOPATH=${{ github.workspace }}" >> $GITHUB_ENV
- echo "${{ github.workspace }}/bin" >> $GITHUB_PATH
-
- - uses: actions/checkout@v2
- with:
- path: src/github.com/containerd/containerd
-
- - run: GO111MODULE=on go get github.com/cpuguy83/go-md2man/v2@v2.0.0
-
+ go-version: ${{ env.GO_VERSION }}
+ - uses: actions/checkout@v3
+ - run: go install github.com/cpuguy83/go-md2man/v2@v2.0.1
- run: make man
- working-directory: src/github.com/containerd/containerd
# Make sure binaries compile with other platforms
crossbuild:
name: Crossbuild Binaries
- needs: [project, linters, protos, man]
- runs-on: ubuntu-18.04
+ needs: [linters, protos, man]
+ runs-on: ubuntu-20.04
timeout-minutes: 10
strategy:
fail-fast: false
@@ -150,6 +151,10 @@ jobs:
- goos: linux
goarch: arm
goarm: "5"
+ - goos: linux
+ goarch: ppc64le
+ - goos: linux
+ goarch: riscv64
- goos: freebsd
goarch: amd64
- goos: freebsd
@@ -159,21 +164,14 @@ jobs:
goarm: "7"
steps:
- - uses: actions/setup-go@v2
+ - uses: actions/setup-go@v3
with:
- go-version: '1.16.12'
- - name: Set env
- shell: bash
- run: |
- echo "GOPATH=${{ github.workspace }}" >> $GITHUB_ENV
- echo "${{ github.workspace }}/bin" >> $GITHUB_PATH
- - uses: actions/checkout@v2
- with:
- path: src/github.com/containerd/containerd
+ go-version: ${{ env.GO_VERSION }}
+ - uses: actions/checkout@v3
- run: |
set -e -x
- packages=""
+ packages="libbtrfs-dev"
platform="${{matrix.goos}}/${{matrix.goarch}}"
if [ -n "${{matrix.goarm}}" ]; then
platform+="/v${{matrix.goarm}}"
@@ -195,6 +193,16 @@ jobs:
echo "CGO_ENABLED=1" >> $GITHUB_ENV
echo "CC=aarch64-linux-gnu-gcc" >> $GITHUB_ENV
;;
+ linux/ppc64le)
+ packages+=" crossbuild-essential-ppc64el"
+ echo "CGO_ENABLED=1" >> $GITHUB_ENV
+ echo "CC=powerpc64le-linux-gnu-gcc" >> $GITHUB_ENV
+ ;;
+ linux/riscv64)
+ packages+=" crossbuild-essential-riscv64"
+ echo "CGO_ENABLED=1" >> $GITHUB_ENV
+ echo "CC=riscv64-linux-gnu-gcc" >> $GITHUB_ENV
+ ;;
windows/arm/v7)
echo "CGO_ENABLED=0" >> $GITHUB_ENV
;;
@@ -203,9 +211,8 @@ jobs:
if [ -n "${packages}" ]; then
sudo apt-get update && sudo apt-get install -y ${packages}
fi
- name: install deps
+ name: Install deps
- name: Build
- working-directory: src/github.com/containerd/containerd
env:
GOOS: ${{matrix.goos}}
GOARCH: ${{matrix.goarch}}
@@ -221,19 +228,20 @@ jobs:
name: Binaries
runs-on: ${{ matrix.os }}
timeout-minutes: 10
- needs: [project, linters, protos, man]
+ needs: [linters, protos, man]
strategy:
matrix:
- os: [ubuntu-18.04, macos-10.15, windows-2019]
- go-version: ['1.16.12']
- include:
- # Go 1.13.x is still used by Docker/Moby
- - go-version: '1.13.x'
- os: ubuntu-18.04
-
+ os: [ubuntu-20.04, macos-12, windows-2019, windows-2022]
+ go-version: ["1.20.8", "1.19.12"]
steps:
- - uses: actions/setup-go@v2
+ - name: Install dependencies
+ if: matrix.os == 'ubuntu-20.04'
+ run: |
+ sudo apt-get update
+ sudo apt-get install -y libbtrfs-dev
+
+ - uses: actions/setup-go@v3
with:
go-version: ${{ matrix.go-version }}
@@ -243,7 +251,7 @@ jobs:
echo "GOPATH=${{ github.workspace }}" >> $GITHUB_ENV
echo "${{ github.workspace }}/bin" >> $GITHUB_PATH
- - uses: actions/checkout@v2
+ - uses: actions/checkout@v3
with:
path: src/github.com/containerd/containerd
@@ -258,27 +266,32 @@ jobs:
#
integration-windows:
name: Windows Integration
- runs-on: windows-2019
- timeout-minutes: 30
- needs: [project, linters, protos, man]
+ runs-on: ${{ matrix.os }}
+ timeout-minutes: 35
+ needs: [linters, protos, man]
env:
GOTEST: gotestsum --
+ strategy:
+ fail-fast: false
+ matrix:
+ os: [windows-2019, windows-2022]
+
defaults:
run:
shell: bash
working-directory: src/github.com/containerd/containerd
steps:
- - uses: actions/setup-go@v2
+ - uses: actions/setup-go@v3
with:
- go-version: '1.16.12'
+ go-version: ${{ env.GO_VERSION }}
- - uses: actions/checkout@v2
+ - uses: actions/checkout@v3
with:
path: src/github.com/containerd/containerd
- - uses: actions/checkout@v2
+ - uses: actions/checkout@v3
with:
repository: Microsoft/hcsshim
path: src/github.com/Microsoft/hcsshim
@@ -321,10 +334,11 @@ jobs:
- name: Integration 2
env:
TESTFLAGS_PARALLEL: 1
+ EXTRA_TESTFLAGS: "-short"
CGO_ENABLED: 1
GOTESTSUM_JUNITFILE: ${{github.workspace}}/test-integration-parallel-junit.xml
run: mingw32-make.exe integration
- - uses: actions/upload-artifact@v2
+ - uses: actions/upload-artifact@v3
if: always()
with:
name: TestResults Windows
@@ -333,9 +347,9 @@ jobs:
integration-linux:
name: Linux Integration
- runs-on: ubuntu-18.04
+ runs-on: ubuntu-20.04
timeout-minutes: 40
- needs: [project, linters, protos, man]
+ needs: [linters, protos, man]
strategy:
fail-fast: false
@@ -351,116 +365,88 @@ jobs:
env:
GOTEST: gotestsum --
steps:
- - uses: actions/setup-go@v2
+ - uses: actions/setup-go@v3
with:
- go-version: '1.16.12'
+ go-version: ${{ env.GO_VERSION }}
- - uses: actions/checkout@v2
- with:
- path: src/github.com/containerd/containerd
-
- - name: Set env
- run: |
- echo "GOPATH=${{ github.workspace }}" >> $GITHUB_ENV
- echo "${{ github.workspace }}/bin" >> $GITHUB_PATH
+ - uses: actions/checkout@v3
- name: Install containerd dependencies
env:
RUNC_FLAVOR: ${{ matrix.runc }}
run: |
- sudo apt-get install -y gperf
- sudo -E PATH=$PATH script/setup/install-seccomp
- sudo -E PATH=$PATH script/setup/install-runc
- sudo -E PATH=$PATH script/setup/install-cni
- sudo -E PATH=$PATH script/setup/install-critools
- working-directory: src/github.com/containerd/containerd
+ sudo apt-get install -y gperf libbtrfs-dev
+ script/setup/install-seccomp
+ script/setup/install-runc
+ script/setup/install-cni $(grep containernetworking/plugins go.mod | awk '{print $2}')
+ script/setup/install-critools
+ script/setup/install-failpoint-binaries
- name: Install criu
run: |
- sudo apt-get install -y \
- libprotobuf-dev \
- libprotobuf-c-dev \
- protobuf-c-compiler \
- protobuf-compiler \
- python-protobuf \
- libnl-3-dev \
- libnet-dev \
- libcap-dev \
- python-future
- wget https://github.com/checkpoint-restore/criu/archive/v3.13.tar.gz -O criu.tar.gz
- tar -zxf criu.tar.gz
- cd criu-3.13
- sudo make install-criu
+ sudo add-apt-repository ppa:criu/ppa
+ sudo apt-get update
+ sudo apt-get install -y criu
- name: Install containerd
env:
CGO_ENABLED: 1
run: |
- make binaries
+ make binaries GO_BUILD_FLAGS="-mod=vendor"
sudo -E PATH=$PATH make install
- working-directory: src/github.com/containerd/containerd
- - run: sudo -E PATH=$PATH script/setup/install-gotestsum
- working-directory: src/github.com/containerd/containerd
+ - run: script/setup/install-gotestsum
- name: Tests
env:
- GOPROXY: direct
GOTESTSUM_JUNITFILE: ${{github.workspace}}/test-unit-root-junit.xml
run: |
make test
sudo -E PATH=$PATH make root-test
- working-directory: src/github.com/containerd/containerd
- name: Integration 1
env:
- GOPROXY: direct
TEST_RUNTIME: ${{ matrix.runtime }}
RUNC_FLAVOR: ${{ matrix.runc }}
GOTESTSUM_JUNITFILE: ${{github.workspace}}/test-integration-serial-junit.xml
run: |
- sudo -E PATH=$PATH make integration EXTRA_TESTFLAGS=-no-criu TESTFLAGS_RACE=-race
- working-directory: src/github.com/containerd/containerd
+ extraflags=""
+ [ "${RUNC_FLAVOR}" == "crun" ] && {
+ extraflags="EXTRA_TESTFLAGS=-no-criu";
+ }
+ sudo -E PATH=$PATH make integration ${extraflags} TESTFLAGS_RACE=-race
# Run the integration suite a second time. See discussion in github.com/containerd/containerd/pull/1759
- name: Integration 2
env:
- GOPROXY: direct
TEST_RUNTIME: ${{ matrix.runtime }}
RUNC_FLAVOR: ${{ matrix.runc }}
GOTESTSUM_JUNITFILE: ${{github.workspace}}/test-integration-parallel-junit.xml
run: |
- sudo -E PATH=$PATH TESTFLAGS_PARALLEL=1 make integration EXTRA_TESTFLAGS=-no-criu
- working-directory: src/github.com/containerd/containerd
-
- # CRIU wouldn't work with overlay snapshotter yet.
- # See https://github.com/containerd/containerd/pull/4708#issuecomment-724322294.
- - name: CRIU Integration
- env:
- GOPROXY: direct
- TEST_RUNTIME: ${{ matrix.runtime }}
- RUNC_FLAVOR: ${{ matrix.runc }}
- GOTESTSUM_JUNITFILE: ${{github.workspace}}/test-integration-criu-junit.xml
- # crun doesn't have "checkpoint" command.
- if: ${{ matrix.runc == 'runc' }}
- run: |
- sudo -E PATH=$PATH \
- TESTFLAGS_PARALLEL=1 \
- TEST_SNAPSHOTTER=native \
- make integration EXTRA_TESTFLAGS='-run TestCheckpoint'
- working-directory: src/github.com/containerd/containerd
+ extraflags=""
+ [ "${RUNC_FLAVOR}" == "crun" ] && {
+ extraflags="EXTRA_TESTFLAGS=-no-criu";
+ }
+ sudo -E PATH=$PATH TESTFLAGS_PARALLEL=1 make integration ${extraflags}
- name: CRI Integration Test
env:
TEST_RUNTIME: ${{ matrix.runtime }}
run: |
CONTAINERD_RUNTIME=$TEST_RUNTIME make cri-integration
- working-directory: src/github.com/containerd/containerd
- name: cri-tools critest
env:
TEST_RUNTIME: ${{ matrix.runtime }}
run: |
BDIR="$(mktemp -d -p $PWD)"
+
+ function cleanup() {
+ sudo pkill containerd || true
+ cat ${BDIR}/containerd-cri.log
+ sudo -E rm -rf ${BDIR}
+ }
+ trap cleanup EXIT
+
mkdir -p ${BDIR}/{root,state}
cat > ${BDIR}/config.toml < ${BDIR}/containerd-cri.log &
sudo -E PATH=$PATH /usr/local/bin/ctr -a ${BDIR}/c.sock version
sudo -E PATH=$PATH critest --report-dir "${{github.workspace}}/critestreport" --runtime-endpoint=unix:///${BDIR}/c.sock --parallel=8
- TEST_RC=$?
- test $TEST_RC -ne 0 && cat ${BDIR}/containerd-cri.log
- sudo pkill containerd
- sudo -E rm -rf ${BDIR}
- test $TEST_RC -eq 0 || /bin/false
# Log the status of this VM to investigate issues like
# https://github.com/containerd/containerd/issues/4969
@@ -486,7 +467,7 @@ jobs:
mount
df
losetup -l
- - uses: actions/upload-artifact@v2
+ - uses: actions/upload-artifact@v3
if: always()
with:
name: TestResults ${{ matrix.runtime }} ${{matrix.runc}}
@@ -496,65 +477,62 @@ jobs:
tests-mac-os:
name: MacOS unit tests
- runs-on: macos-10.15
+ runs-on: macos-12
timeout-minutes: 10
- needs: [project, linters, protos, man]
+ needs: [linters, protos, man]
env:
GOTEST: gotestsum --
steps:
- - uses: actions/setup-go@v2
+ - uses: actions/setup-go@v3
with:
- go-version: '1.16.12'
- - uses: actions/checkout@v2
- with:
- path: src/github.com/containerd/containerd
-
- - name: Set env
- run: |
- echo "GOPATH=${{ github.workspace }}" >> $GITHUB_ENV
- echo "${{ github.workspace }}/bin" >> $GITHUB_PATH
-
- - run: sudo -E PATH=$PATH script/setup/install-gotestsum
- working-directory: src/github.com/containerd/containerd
+ go-version: ${{ env.GO_VERSION }}
+ - uses: actions/checkout@v3
+ - run: script/setup/install-gotestsum
- name: Tests
env:
- GOPROXY: direct
GOTESTSUM_JUNITFILE: "${{ github.workspace }}/macos-test-junit.xml"
- run: |
- make test
- working-directory: src/github.com/containerd/containerd
- - uses: actions/upload-artifact@v2
+ run: make test
+ - uses: actions/upload-artifact@v3
if: always()
with:
name: TestResults MacOS
path: |
*-junit.xml
- cgroup2:
- name: CGroupsV2 and SELinux Integration
+ vagrant:
+ name: Vagrant
# nested virtualization is only available on macOS hosts
- runs-on: macos-10.15
+ runs-on: macos-12
timeout-minutes: 45
- needs: [project, linters, protos, man]
+ needs: [linters, protos, man]
strategy:
+ fail-fast: false
matrix:
# Currently crun is disabled to decrease CI flakiness.
# We can enable crun again when we get a better CI infra.
runc: [runc]
+ # Fedora is for testing cgroup v2 functionality, Rocky Linux is for testing on an enterprise-grade environment
+ box: ["fedora/37-cloud-base", "rockylinux/8"]
env:
GOTEST: gotestsum --
steps:
- - uses: actions/checkout@v2
+ - uses: actions/checkout@v3
- name: "Cache ~/.vagrant.d/boxes"
- uses: actions/cache@v2
+ uses: actions/cache@v3
with:
path: ~/.vagrant.d/boxes
key: vagrant-${{ hashFiles('Vagrantfile*') }}
- name: Vagrant start
+ env:
+ BOX: ${{ matrix.box }}
run: |
+ if [ "$BOX" = "rockylinux/8" ]; then
+ # The latest version 5.0.0 seems 404 (as of March 30, 2022)
+ export BOX_VERSION="4.0.0"
+ fi
# Retry if it fails (download.fedoraproject.org returns 404 sometimes)
vagrant up || vagrant up
@@ -571,6 +549,11 @@ jobs:
SELINUX: Enforcing
REPORT_DIR: /tmp/critestreport
run: vagrant up --provision-with=selinux,install-runc,install-gotestsum,test-cri
+
+ - name: Collect the VM's IP address for Docker Hub's throttling issue
+ if: failure()
+ run: vagrant ssh -- curl https://api64.ipify.org/
+
- name: Get test reports
if: always()
run: |
@@ -579,10 +562,43 @@ jobs:
vagrant plugin install vagrant-scp
vagrant scp :/tmp/test-integration-junit.xml "${{ github.workspace }}/"
vagrant scp :/tmp/critestreport "${{ github.workspace }}/critestreport"
- - uses: actions/upload-artifact@v2
+ - uses: actions/upload-artifact@v3
if: always()
with:
- name: TestResults cgroup2 ${{ matrix.runtime }} ${{matrix.runc}}
+ # ${{ matrix.box }} cannot be used here due to character limitation
+ name: TestResults vagrant ${{ github.run_id }} ${{ matrix.runtime }} ${{matrix.runc}}
path: |
${{github.workspace}}/*-junit.xml
${{github.workspace}}/critestreport/*
+
+ cgroup2-misc:
+ name: CGroupsV2 - rootless CRI test
+ # nested virtualization is only available on macOS hosts
+ runs-on: macos-12
+ timeout-minutes: 45
+ needs: [linters, protos, man]
+ steps:
+ - uses: actions/checkout@v3
+
+ - name: "Cache ~/.vagrant.d/boxes"
+ uses: actions/cache@v3
+ with:
+ path: ~/.vagrant.d/boxes
+ key: vagrant-${{ hashFiles('Vagrantfile*') }}
+
+ - name: Vagrant start
+ run: |
+ # Retry if it fails (download.fedoraproject.org returns 404 sometimes)
+ vagrant up || vagrant up
+
+ # slow, so separated from the regular cgroup2 task
+ - name: CRI-in-UserNS test with Rootless Podman
+ run: |
+ vagrant up --provision-with=install-rootless-podman
+ # Execute rootless podman to create the UserNS env
+ vagrant ssh -- podman build --target cri-in-userns -t cri-in-userns -f /vagrant/contrib/Dockerfile.test /vagrant
+ vagrant ssh -- podman run --rm --privileged cri-in-userns
+
+ - name: Collect the VM's IP address for Docker Hub's throttling issue
+ if: failure()
+ run: vagrant ssh -- curl https://api64.ipify.org/
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 3eb7bd3..19f5625 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -2,15 +2,24 @@ name: "CodeQL Scan"
on:
push:
- schedule:
- - cron: '0 0 * * 0'
+ branches:
+ - main
+ - 'release/**'
pull_request:
- paths:
- - '.github/workflows/codeql.yml'
+ branches:
+ - main
+ - 'release/**'
+
+permissions: # added using https://github.com/step-security/secure-workflows
+ contents: read
jobs:
CodeQL-Build:
-
+ if: github.repository == 'containerd/containerd'
+ permissions:
+ actions: read # for github/codeql-action/init to get workflow details
+ contents: read # for actions/checkout to fetch code
+ security-events: write # for github/codeql-action/analyze to upload SARIF results
strategy:
fail-fast: false
@@ -20,30 +29,22 @@ jobs:
steps:
- name: Checkout repository
- uses: actions/checkout@v2
+ uses: actions/checkout@v3
+
+ - uses: actions/setup-go@v3
+ with:
+ go-version: 1.20.8
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
- uses: github/codeql-action/init@v1
+ uses: github/codeql-action/init@v2
# Override language selection by uncommenting this and choosing your languages
# with:
# languages: go, javascript, csharp, python, cpp, java
- # Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
- # If this step fails, then you should remove it and run the build manually (see below).
- - name: Autobuild
- uses: github/codeql-action/autobuild@v1
-
- # ℹ️ Command-line programs to run using the OS shell.
- # 📚 https://git.io/JvXDl
-
- # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
- # and modify them (or add more) to build your code if your project
- # uses a compiled language
-
- #- run: |
- # make bootstrap
- # make release
+ - run: |
+ sudo apt-get install -y libseccomp-dev libbtrfs-dev
+ make
- name: Perform CodeQL Analysis
- uses: github/codeql-action/analyze@v1
+ uses: github/codeql-action/analyze@v2
diff --git a/.github/workflows/images.yml b/.github/workflows/images.yml
new file mode 100644
index 0000000..8462235
--- /dev/null
+++ b/.github/workflows/images.yml
@@ -0,0 +1,77 @@
+name: "Mirror Test Image"
+on:
+ workflow_dispatch:
+ inputs:
+ upstream:
+ description: "Upstream image to mirror"
+ required: true
+ default: "docker.io/library/busybox:1.32"
+ image:
+ description: "Target image name (override)"
+
+permissions: # added using https://github.com/step-security/secure-workflows
+ contents: read
+
+jobs:
+ mirror:
+ name: "Mirror Image"
+ runs-on: ubuntu-latest
+ permissions:
+ packages: write
+
+ defaults:
+ run:
+ working-directory: src/github.com/containerd/containerd
+
+ steps:
+ - uses: actions/setup-go@v3
+ with:
+ go-version: "1.20.8"
+
+ - uses: actions/checkout@v3
+ with:
+ path: src/github.com/containerd/containerd
+
+ - name: Set env
+ shell: bash
+ run: |
+ echo "GOPATH=${{ github.workspace }}" >> $GITHUB_ENV
+ echo "${{ github.workspace }}/bin" >> $GITHUB_PATH
+
+ - name: Install containerd dependencies
+ env:
+ RUNC_FLAVOR: ${{ matrix.runc }}
+ GOFLAGS: -modcacherw
+ run: |
+ sudo apt-get install -y gperf
+ sudo -E PATH=$PATH script/setup/install-seccomp
+
+ - name: Install containerd
+ env:
+ CGO_ENABLED: 1
+ run: |
+ make binaries GO_BUILD_FLAGS="-mod=vendor" GO_BUILDTAGS="no_btrfs"
+ sudo -E PATH=$PATH make install
+
+ - name: Pull and push image
+ shell: bash
+ run: |
+ sudo containerd -l debug & > /tmp/containerd.out
+ containerd_pid=$!
+ sleep 5
+
+ upstream=${{ github.event.inputs.upstream }}
+ target=${{ github.event.inputs.image }}
+ if [[ "$target" == "" ]]; then
+ mirror="ghcr.io/containerd/${upstream##*/}"
+ else
+ mirror="ghcr.io/containerd/${target}"
+ fi
+
+ echo "Mirroring $upstream to $mirror"
+
+ sudo ctr content fetch --all-platforms ${upstream}
+ sudo ctr images ls
+ sudo ctr --debug images push -u ${{ github.actor }}:${{ secrets.GITHUB_TOKEN }} ${mirror} ${upstream}
+
+ sudo kill $containerd_pid
diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml
index 97320a1..8babdce 100644
--- a/.github/workflows/nightly.yml
+++ b/.github/workflows/nightly.yml
@@ -6,6 +6,12 @@ on:
paths:
- '.github/workflows/nightly.yml'
+env:
+ GO_VERSION: "1.20.8"
+
+permissions: # added using https://github.com/step-security/secure-workflows
+ contents: read
+
jobs:
linux:
name: Linux
@@ -16,11 +22,11 @@ jobs:
working-directory: src/github.com/containerd/containerd
steps:
- - uses: actions/setup-go@v2
+ - uses: actions/setup-go@v3
with:
- go-version: '1.16.12'
+ go-version: ${{ env.GO_VERSION }}
- - uses: actions/checkout@v2
+ - uses: actions/checkout@v3
with:
path: src/github.com/containerd/containerd
@@ -36,12 +42,13 @@ jobs:
- name: Install dependencies
run: |
- sudo add-apt-repository "deb [arch=arm64,s390x,ppc64el] http://ports.ubuntu.com/ubuntu-ports/ $(lsb_release -sc) main" || true
- sudo add-apt-repository "deb [arch=arm64,s390x,ppc64el] http://ports.ubuntu.com/ubuntu-ports/ $(lsb_release -sc)-updates main" || true
+ sudo add-apt-repository "deb [arch=arm64,s390x,ppc64el,riscv64] http://ports.ubuntu.com/ubuntu-ports/ $(lsb_release -sc) main" || true
+ sudo add-apt-repository "deb [arch=arm64,s390x,ppc64el,riscv64] http://ports.ubuntu.com/ubuntu-ports/ $(lsb_release -sc)-updates main" || true
sudo dpkg --add-architecture arm64
sudo dpkg --add-architecture s390x
sudo dpkg --add-architecture ppc64el
+ sudo dpkg --add-architecture riscv64
sudo apt-get update || true
@@ -49,14 +56,12 @@ jobs:
crossbuild-essential-arm64 \
crossbuild-essential-s390x \
crossbuild-essential-ppc64el \
- libseccomp-dev:amd64 \
- libseccomp-dev:arm64 \
- libseccomp-dev:s390x \
- libseccomp-dev:ppc64el \
+ crossbuild-essential-riscv64 \
libbtrfs-dev:amd64 \
libbtrfs-dev:arm64 \
libbtrfs-dev:s390x \
- libbtrfs-dev:ppc64el
+ libbtrfs-dev:ppc64el \
+ libbtrfs-dev:riscv64
- name: Build amd64
env:
@@ -96,6 +101,16 @@ jobs:
make binaries
mv bin bin_ppc64le
+ - name: Build riscv64
+ env:
+ GOOS: linux
+ GOARCH: riscv64
+ CGO_ENABLED: 1
+ CC: riscv64-linux-gnu-gcc
+ run: |
+ make binaries
+ mv bin bin_riscv64
+
#
# Upload
#
@@ -124,6 +139,12 @@ jobs:
name: linux_ppc64le
path: src/github.com/containerd/containerd/bin_ppc64le
+ - name: Upload artifacts (linux_riscv64)
+ uses: actions/upload-artifact@v1
+ with:
+ name: linux_riscv64
+ path: src/github.com/containerd/containerd/bin_riscv64
+
windows:
name: Windows
runs-on: windows-latest
@@ -133,11 +154,11 @@ jobs:
working-directory: src/github.com/containerd/containerd
steps:
- - uses: actions/setup-go@v2
+ - uses: actions/setup-go@v3
with:
- go-version: '1.16.12'
+ go-version: ${{ env.GO_VERSION }}
- - uses: actions/checkout@v2
+ - uses: actions/checkout@v3
with:
path: src/github.com/containerd/containerd
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 9ac8310..01082fa 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -5,17 +5,23 @@ on:
name: Containerd Release
+env:
+ GO_VERSION: "1.20.8"
+
+permissions: # added using https://github.com/step-security/secure-workflows
+ contents: read
+
jobs:
check:
name: Check Signed Tag
- runs-on: ubuntu-18.04
+ runs-on: ubuntu-20.04
timeout-minutes: 5
outputs:
stringver: ${{ steps.contentrel.outputs.stringver }}
steps:
- name: Checkout code
- uses: actions/checkout@v2
+ uses: actions/checkout@v3
with:
ref: ${{ github.ref }}
path: src/github.com/containerd/containerd
@@ -38,218 +44,110 @@ jobs:
id: contentrel
run: |
RELEASEVER=${{ github.ref }}
- echo "::set-output name=stringver::${RELEASEVER#refs/tags/v}"
+ echo "stringver=${RELEASEVER#refs/tags/v}" >> $GITHUB_OUTPUT
git tag -l ${RELEASEVER#refs/tags/} -n20000 | tail -n +3 | cut -c 5- >release-notes.md
working-directory: src/github.com/containerd/containerd
- name: Save release notes
- uses: actions/upload-artifact@v2
+ uses: actions/upload-artifact@v3
with:
name: containerd-release-notes
path: src/github.com/containerd/containerd/release-notes.md
build:
name: Build Release Binaries
- runs-on: ${{ matrix.os }}
+ runs-on: ubuntu-20.04
needs: [check]
- timeout-minutes: 10
-
+ timeout-minutes: 30
strategy:
matrix:
- os: [ubuntu-18.04, windows-2019]
-
+ include:
+ # Choose an old release of Ubuntu to avoid glibc issue https://github.com/containerd/containerd/issues/7255
+ - dockerfile-ubuntu: 18.04
+ dockerfile-platform: linux/amd64
+ - dockerfile-ubuntu: 18.04
+ dockerfile-platform: linux/arm64
+ - dockerfile-ubuntu: 18.04
+ dockerfile-platform: linux/ppc64le
+ # riscv64 isn't supported by Ubuntu 18.04
+ - dockerfile-ubuntu: 22.04
+ dockerfile-platform: linux/riscv64
+ - dockerfile-ubuntu: 18.04
+ dockerfile-platform: windows/amd64
steps:
- name: Install Go
- uses: actions/setup-go@v2
+ uses: actions/setup-go@v3
with:
- go-version: '1.16.12'
-
+ go-version: ${{ env.GO_VERSION }}
- name: Set env
shell: bash
env:
- MOS: ${{ matrix.os }}
+ MOS: ubuntu-20.04
run: |
releasever=${{ github.ref }}
releasever="${releasever#refs/tags/}"
- os=linux
- [[ "${MOS}" =~ "windows" ]] && {
- os=windows
- }
echo "RELEASE_VER=${releasever}" >> $GITHUB_ENV
echo "GOPATH=${{ github.workspace }}" >> $GITHUB_ENV
- echo "OS=${os}" >> $GITHUB_ENV
- echo "${{ github.workspace }}/bin" >> $GITHUB_PATH
-
- name: Checkout containerd
- uses: actions/checkout@v2
+ uses: actions/checkout@v3
with:
- repository: containerd/containerd
+ # Intentionally use github.repository instead of containerd/containerd to
+ # make this action runnable on forks.
+ # See https://github.com/containerd/containerd/issues/5098 for the context.
+ repository: ${{ github.repository }}
ref: ${{ github.ref }}
path: src/github.com/containerd/containerd
- - name: HCS Shim commit
- id: hcsshim_commit
- if: startsWith(matrix.os, 'windows')
- shell: bash
- run: echo "::set-output name=sha::$(grep 'Microsoft/hcsshim ' go.mod | awk '{print $2}')"
- working-directory: src/github.com/containerd/containerd
-
- - name: Checkout hcsshim source
- if: startsWith(matrix.os, 'windows')
- uses: actions/checkout@v2
+ - name: Setup buildx instance
+ uses: docker/setup-buildx-action@v2
with:
- repository: Microsoft/hcsshim
- ref: ${{ steps.hcsshim_commit.outputs.sha }}
- path: src/github.com/Microsoft/hcsshim
-
+ use: true
+ - uses: crazy-max/ghaction-github-runtime@v2 # sets up needed vars for caching to github
- name: Make
shell: bash
run: |
- make build
- make binaries
- rm bin/containerd-stress*
- [[ "${OS}" == "windows" ]] && {
- (
- bindir="$(pwd)/bin"
- cd ../../Microsoft/hcsshim
- GO111MODULE=on go build -mod=vendor -o "${bindir}/containerd-shim-runhcs-v1.exe" ./cmd/containerd-shim-runhcs-v1
- )
- }
- TARFILE="containerd-${RELEASE_VER#v}-${OS}-amd64.tar.gz"
- tar czf ${TARFILE} bin/
- sha256sum ${TARFILE} >${TARFILE}.sha256sum
- working-directory: src/github.com/containerd/containerd
-
- - name: Save build binaries
- uses: actions/upload-artifact@v2
- with:
- name: containerd-binaries-${{ matrix.os }}
- path: src/github.com/containerd/containerd/*.tar.gz*
-
- - name: Make cri-containerd tar
- shell: bash
- env:
- RUNC_FLAVOR: runc
- run: |
- if [[ "${OS}" == "linux" ]]; then
- sudo apt-get update
- sudo apt-get install -y gperf
- sudo -E PATH=$PATH script/setup/install-seccomp
+ cache="--cache-from=type=gha,scope=containerd-release --cache-to=type=gha,scope=containerd-release"
+ if [[ "${PLATFORM}" =~ "windows" ]]; then
+ # For Windows the cni build script generates a config but shells out to powershell (and also assume it is running on windows) to get a gateway and subnet.
+ # The values provided here are taken from packages that we previously generated.
+ export GATEWAY=172.21.16.1
+ export PREFIX_LEN=12
+ BUILD_ARGS="--build-arg GATEWAY --build-arg PREFIX_LEN"
fi
- make cri-cni-release
- working-directory: src/github.com/containerd/containerd
+ docker buildx build ${cache} --build-arg RELEASE_VER --build-arg UBUNTU_VERSION=${{ matrix.dockerfile-ubuntu }} --build-arg GO_VERSION ${BUILD_ARGS} -f .github/workflows/release/Dockerfile --platform=${PLATFORM} -o releases/ .
+ echo PLATFORM_CLEAN=${PLATFORM/\//-} >> $GITHUB_ENV
- - name: Save cri-containerd binaries
- uses: actions/upload-artifact@v2
+ # Remove symlinks since we don't want these in the release Artifacts
+ find ./releases/ -maxdepth 1 -type l | xargs rm
+ working-directory: src/github.com/containerd/containerd
+ env:
+ PLATFORM: ${{ matrix.dockerfile-platform }}
+ - name: Save Artifacts
+ uses: actions/upload-artifact@v3
with:
- name: cri-containerd-binaries-${{ matrix.os }}
- path: src/github.com/containerd/containerd/releases/cri-containerd-cni-*.tar.gz*
+ name: release-tars-${{env.PLATFORM_CLEAN}}
+ path: src/github.com/containerd/containerd/releases/*.tar.gz*
release:
name: Create containerd Release
- runs-on: ubuntu-18.04
+ permissions:
+ contents: write
+ runs-on: ubuntu-20.04
timeout-minutes: 10
needs: [build, check]
-
steps:
- name: Download builds and release notes
- uses: actions/download-artifact@v2
+ uses: actions/download-artifact@v3
with:
path: builds
- - name: Catalog build assets for upload
- id: catalog
- run: |
- _filenum=1
- for i in "ubuntu-18.04" "windows-2019"; do
- for f in `ls builds/containerd-binaries-${i}`; do
- echo "::set-output name=file${_filenum}::${f}"
- let "_filenum+=1"
- done
- for f in `ls builds/cri-containerd-binaries-${i}`; do
- echo "::set-output name=file${_filenum}::${f}"
- let "_filenum+=1"
- done
- done
- name: Create Release
- id: create_release
- uses: actions/create-release@v1.1.2
- env:
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ uses: softprops/action-gh-release@v1
with:
- tag_name: ${{ github.ref }}
- release_name: containerd ${{ needs.check.outputs.stringver }}
- body_path: ./builds/containerd-release-notes/release-notes.md
+ token: ${{ secrets.GITHUB_TOKEN }}
+ fail_on_unmatched_files: true
+ name: containerd ${{ needs.check.outputs.stringver }}
draft: false
prerelease: ${{ contains(github.ref, 'beta') || contains(github.ref, 'rc') }}
- - name: Upload Linux containerd tarball
- uses: actions/upload-release-asset@v1
- env:
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- with:
- upload_url: ${{ steps.create_release.outputs.upload_url }}
- asset_path: ./builds/containerd-binaries-ubuntu-18.04/${{ steps.catalog.outputs.file1 }}
- asset_name: ${{ steps.catalog.outputs.file1 }}
- asset_content_type: application/gzip
- - name: Upload Linux sha256 sum
- uses: actions/upload-release-asset@v1
- env:
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- with:
- upload_url: ${{ steps.create_release.outputs.upload_url }}
- asset_path: ./builds/containerd-binaries-ubuntu-18.04/${{ steps.catalog.outputs.file2 }}
- asset_name: ${{ steps.catalog.outputs.file2 }}
- asset_content_type: text/plain
- - name: Upload Linux cri containerd tarball
- uses: actions/upload-release-asset@v1
- env:
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- with:
- upload_url: ${{ steps.create_release.outputs.upload_url }}
- asset_path: ./builds/cri-containerd-binaries-ubuntu-18.04/${{ steps.catalog.outputs.file3 }}
- asset_name: ${{ steps.catalog.outputs.file3 }}
- asset_content_type: application/gzip
- - name: Upload Linux cri sha256 sum
- uses: actions/upload-release-asset@v1
- env:
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- with:
- upload_url: ${{ steps.create_release.outputs.upload_url }}
- asset_path: ./builds/cri-containerd-binaries-ubuntu-18.04/${{ steps.catalog.outputs.file4 }}
- asset_name: ${{ steps.catalog.outputs.file4 }}
- asset_content_type: text/plain
- - name: Upload Windows containerd tarball
- uses: actions/upload-release-asset@v1
- env:
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- with:
- upload_url: ${{ steps.create_release.outputs.upload_url }}
- asset_path: ./builds/containerd-binaries-windows-2019/${{ steps.catalog.outputs.file5 }}
- asset_name: ${{ steps.catalog.outputs.file5 }}
- asset_content_type: application/gzip
- - name: Upload Windows sha256 sum
- uses: actions/upload-release-asset@v1
- env:
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- with:
- upload_url: ${{ steps.create_release.outputs.upload_url }}
- asset_path: ./builds/containerd-binaries-windows-2019/${{ steps.catalog.outputs.file6 }}
- asset_name: ${{ steps.catalog.outputs.file6 }}
- asset_content_type: text/plain
- - name: Upload Windows cri containerd tarball
- uses: actions/upload-release-asset@v1
- env:
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- with:
- upload_url: ${{ steps.create_release.outputs.upload_url }}
- asset_path: ./builds/cri-containerd-binaries-windows-2019/${{ steps.catalog.outputs.file7 }}
- asset_name: ${{ steps.catalog.outputs.file7 }}
- asset_content_type: application/gzip
- - name: Upload Windows cri sha256 sum
- uses: actions/upload-release-asset@v1
- env:
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- with:
- upload_url: ${{ steps.create_release.outputs.upload_url }}
- asset_path: ./builds/cri-containerd-binaries-windows-2019/${{ steps.catalog.outputs.file8 }}
- asset_name: ${{ steps.catalog.outputs.file8 }}
- asset_content_type: text/plain
+ body_path: ./builds/containerd-release-notes/release-notes.md
+ files: |
+ builds/release-tars-**/*
diff --git a/.github/workflows/release/Dockerfile b/.github/workflows/release/Dockerfile
new file mode 100644
index 0000000..489087d
--- /dev/null
+++ b/.github/workflows/release/Dockerfile
@@ -0,0 +1,62 @@
+# Copyright The containerd Authors.
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# UBUNTU_VERSION can be set to 18.04 (bionic), 20.04 (focal), or 22.04 (jammy)
+ARG UBUNTU_VERSION=18.04
+ARG BASE_IMAGE=ubuntu:${UBUNTU_VERSION}
+ARG GO_VERSION
+ARG GO_IMAGE=golang:${GO_VERSION}
+FROM --platform=$BUILDPLATFORM $GO_IMAGE AS go
+FROM --platform=$BUILDPLATFORM tonistiigi/xx:1.1.0@sha256:76a8510b1798f66fcc87e7ec2f4684aa1b16756df2a397ec307b9efb6023f6c5 AS xx
+
+FROM --platform=$BUILDPLATFORM ${BASE_IMAGE} AS base
+COPY --from=xx / /
+SHELL ["/bin/bash", "-xec"]
+ENV DEBIAN_FRONTEND=noninteractive
+RUN apt-get update && \
+ apt-get install -y dpkg-dev git make pkg-config
+ARG TARGETPLATFORM
+RUN xx-apt-get install -y libseccomp-dev btrfs-progs gcc
+RUN if grep -qE 'UBUNTU_CODENAME=(focal|jammy)' /etc/os-release; then xx-apt-get install -y libbtrfs-dev; fi
+ENV PATH=/usr/local/go/bin:$PATH
+ENV GOPATH=/go
+ENV CGO_ENABLED=1
+
+FROM base AS linux
+FROM base AS windows
+# Set variables used by cni script which would otherwise shell out to powershell
+ARG GATEWAY
+ARG PREFIX_LEN
+
+FROM ${TARGETOS} AS target
+WORKDIR /go/src/github.com/containerd/containerd
+COPY . .
+ARG TARGETPLATFORM
+ARG RELEASE_VER
+ENV VERSION=$RELEASE_VER
+RUN \
+ --mount=type=bind,from=go,source=/usr/local/go,target=/usr/local/go \
+ --mount=type=cache,target=/root/.cache/go-build \
+ --mount=type=cache,target=/go/pkg \
+ export CC=$(xx-info)-gcc && xx-go --wrap && \
+ make release cri-release cri-cni-release && \
+ for f in $(find bin -executable -type f); do xx-verify $f; done
+
+# check git working tree after build
+RUN \
+ export GIT_STATUS_OUTPUT=$(git status --porcelain) && \
+ test -z $GIT_STATUS_OUTPUT || (echo $GIT_STATUS_OUTPUT && exit 1)
+
+FROM scratch AS release
+COPY --from=target /go/src/github.com/containerd/containerd/releases/ /
diff --git a/.github/workflows/windows-periodic-trigger.yml b/.github/workflows/windows-periodic-trigger.yml
new file mode 100644
index 0000000..48aad09
--- /dev/null
+++ b/.github/workflows/windows-periodic-trigger.yml
@@ -0,0 +1,32 @@
+# Workflow intended to periodically run the Windows Integration test workflow.
+
+name: Windows Periodic Tests
+
+on:
+ workflow_dispatch:
+ schedule:
+ - cron: "0 1 * * *"
+
+permissions: # added using https://github.com/step-security/secure-workflows
+ contents: read
+
+jobs:
+
+ triggerWinIntegration:
+ # NOTE: the following permissions are required by `google-github-actions/auth`:
+ permissions:
+ contents: 'read'
+ id-token: 'write'
+ if: github.repository == 'containerd/containerd'
+ # NOTE(aznashwan, 11/24/21): GitHub actions do not currently support referencing
+ # or evaluating any kind of variables in the `uses` clause, but this will
+ # ideally be added in the future in which case the hardcoded reference to the
+ # upstream containerd repository should be replaced with the following to
+ # potentially allow contributors to enable periodic Windows tests on forks as well:
+ # uses: "${{ github.repository }}/.github/workflows/windows-periodic.yml@${{ github.ref_name }}"
+ uses: containerd/containerd/.github/workflows/windows-periodic.yml@main
+ secrets:
+ AZURE_SUB_ID: "${{ secrets.AZURE_SUB_ID }}"
+ AZURE_CREDS: "${{ secrets.AZURE_CREDS }}"
+ GCP_SERVICE_ACCOUNT: "${{ secrets.GCP_SERVICE_ACCOUNT }}"
+ GCP_WORKLOAD_IDENTITY_PROVIDER: "${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }}"
diff --git a/.github/workflows/windows-periodic.yml b/.github/workflows/windows-periodic.yml
new file mode 100644
index 0000000..0ed183f
--- /dev/null
+++ b/.github/workflows/windows-periodic.yml
@@ -0,0 +1,256 @@
+# Workflow intended to run containerd integration tests on Windows.
+
+name: Windows Integration Tests
+
+on:
+ workflow_dispatch:
+ workflow_call:
+ secrets:
+ AZURE_SUB_ID:
+ required: true
+ AZURE_CREDS:
+ required: true
+ GCP_SERVICE_ACCOUNT:
+ required: true
+ GCP_WORKLOAD_IDENTITY_PROVIDER:
+ required: true
+
+env:
+ AZURE_DEFAULT_LOCATION: westeurope
+ AZURE_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUB_ID }}
+ AZURE_DEFAULT_VM_SIZE: Standard_D2s_v3
+ PASSWORD: Passw0rdAdmin # temp for testing, will be generated
+ DEFAULT_ADMIN_USERNAME: azureuser
+ SSH_OPTS: "-o ServerAliveInterval=20 -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null"
+ REMOTE_VM_BIN_PATH: "c:\\containerd\\bin"
+ BUSYBOX_TESTING_IMAGE_REF: "registry.k8s.io/e2e-test-images/busybox:1.29-2"
+ RESOURCE_CONSUMER_TESTING_IMAGE_REF: "registry.k8s.io/e2e-test-images/resource-consumer:1.10"
+ WEBSERVER_TESTING_IMAGE_REF: "registry.k8s.io/e2e-test-images/nginx:1.14-2"
+
+permissions: # added using https://github.com/step-security/secure-workflows
+ contents: read
+
+jobs:
+ winIntegration:
+ # NOTE: the following permissions are required by `google-github-actions/auth`:
+ permissions:
+ contents: 'read'
+ id-token: 'write'
+ strategy:
+ matrix:
+ win_ver: [ltsc2019, ltsc2022]
+ include:
+ - win_ver: ltsc2019
+ AZURE_IMG: "MicrosoftWindowsServer:WindowsServer:2019-Datacenter-with-Containers-smalldisk:17763.1935.2105080716"
+ AZURE_RESOURCE_GROUP: ctrd-integration-ltsc2019-${{ github.run_id }}
+ GOOGLE_BUCKET: "containerd-integration/logs/windows-ltsc2019/"
+ - win_ver: ltsc2022
+ AZURE_IMG: "MicrosoftWindowsServer:WindowsServer:2022-datacenter-smalldisk-g2:20348.169.2108120020"
+ AZURE_RESOURCE_GROUP: ctrd-integration-ltsc2022-${{ github.run_id }}
+ GOOGLE_BUCKET: "containerd-integration/logs/windows-ltsc2022/"
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@v3
+
+ - name: Install required packages
+ run: |
+ sudo apt-get install xmlstarlet -y
+
+ - name: PrepareArtifacts
+ run: |
+ STARTED_TIME=$(date +%s)
+ LOGS_DIR=$HOME/$STARTED_TIME
+ echo "STARTED_TIME=$STARTED_TIME" >> $GITHUB_ENV
+ echo "LOGS_DIR=$LOGS_DIR" >> $GITHUB_ENV
+ mkdir -p $LOGS_DIR/artifacts
+
+ jq -n --arg node temp --arg timestamp $STARTED_TIME '$timestamp|tonumber|{timestamp:.,$node}' > $LOGS_DIR/started.json
+
+ - name: Generate ssh key pair
+ run: |
+ mkdir -p $HOME/.ssh/
+ ssh-keygen -t rsa -b 4096 -C "ci@containerd.com" -f $HOME/.ssh/id_rsa -q -N ""
+ echo "SSH_PUB_KEY=$(cat ~/.ssh/id_rsa.pub)" >> $GITHUB_ENV
+
+ - name: AZLogin
+ uses: azure/login@v1
+ with:
+ creds: ${{ secrets.AZURE_CREDS }}
+
+ - name: AZResourceGroupCreate
+ uses: azure/CLI@v1
+ with:
+ inlinescript: |
+ az group create -n ${{ matrix.AZURE_RESOURCE_GROUP }} -l ${{ env.AZURE_DEFAULT_LOCATION }} --tags creationTimestamp=$(date -u '+%Y-%m-%dT%H:%M:%SZ')
+
+ - name: AZTestVMCreate
+ uses: azure/CLI@v1
+ with:
+ inlinescript: |
+ DETAILS=$(az vm create -n winTestVM --admin-username ${{ env.DEFAULT_ADMIN_USERNAME }} --admin-password ${{ env.PASSWORD }} --image ${{ matrix.AZURE_IMG }} -g ${{ matrix.AZURE_RESOURCE_GROUP }} --nsg-rule SSH --size ${{ env.AZURE_DEFAULT_VM_SIZE }} --public-ip-sku Standard -o json)
+ PUB_IP=$(echo $DETAILS | jq -r .publicIpAddress)
+ if [ "$PUB_IP" == "null" ]
+ then
+ RETRY=0
+ while [ "$PUB_IP" == "null" ] || [ $RETRY -le 5 ]
+ do
+ sleep 5
+ PUB_IP=$(az vm show -d -g ${{ matrix.AZURE_RESOURCE_GROUP }} -n winTestVM -o json --query publicIps | jq -r)
+ RETRY=$(( $RETRY + 1 ))
+ done
+ fi
+
+ if [ "$PUB_IP" == "null" ]
+ then
+ echo "failed to fetch public IP"
+ exit 1
+ fi
+ echo "VM_PUB_IP=$PUB_IP" >> $GITHUB_ENV
+
+ - name: EnableAZVMSSH
+ uses: azure/CLI@v1
+ with:
+ inlinescript: |
+ az vm run-command invoke --command-id RunPowerShellScript -n winTestVM -g ${{ matrix.AZURE_RESOURCE_GROUP }} --scripts @$GITHUB_WORKSPACE/script/setup/enable_ssh_windows.ps1 --parameters 'SSHPublicKey=${{ env.SSH_PUB_KEY }}'
+
+ - name: TestSSHConnection
+ run: |
+ if ! ssh -i $HOME/.ssh/id_rsa ${{ env.SSH_OPTS }} azureuser@${{ env.VM_PUB_IP }} "hostname";
+ then
+ exit 1
+ fi
+
+ - name: InstallContainerFeatureWS2022
+ if: ${{ matrix.win_ver == 'ltsc2022' }}
+ run: |
+ ssh -i $HOME/.ssh/id_rsa ${{ env.SSH_OPTS }} azureuser@${{ env.VM_PUB_IP }} "powershell.exe -command { Install-WindowsFeature -Name 'Containers' -Restart }"
+
+ - name: WaitForVMToRestart
+ if: ${{ matrix.win_ver == 'ltsc2022' }}
+ timeout-minutes: 5
+ run: |
+ # give the vm 30 seconds to actually stop. SSH server might actually respond while server is shutting down.
+ sleep 30
+ while [ ! $( ssh -i $HOME/.ssh/id_rsa ${{ env.SSH_OPTS }} azureuser@${{ env.VM_PUB_IP }} "hostname") ];
+ do
+ echo "Unable to connect to azurevm"
+ done
+ echo "Connection reestablished. VM restarted succesfully."
+
+ - name: CreateNatNetworkWS2022
+ if: ${{ matrix.win_ver == 'ltsc2022' }}
+ run: |
+ ssh -i $HOME/.ssh/id_rsa ${{ env.SSH_OPTS }} azureuser@${{ env.VM_PUB_IP }} "powershell.exe -command { curl.exe -L 'https://raw.githubusercontent.com/microsoft/SDN/master/Kubernetes/windows/hns.psm1' -o hns.psm1 }"
+ ssh -i $HOME/.ssh/id_rsa ${{ env.SSH_OPTS }} azureuser@${{ env.VM_PUB_IP }} "powershell.exe -command { Import-Module .\hns.psm1 ; New-HnsNetwork -Type NAT -Name nat -AddressPrefix 172.19.208.0/20 -Gateway 172.19.208.1 }"
+
+ - name: PrepareTestingEnv
+ run: |
+ scp -i $HOME/.ssh/id_rsa ${{ env.SSH_OPTS }} $GITHUB_WORKSPACE/script/setup/prepare_env_windows.ps1 azureuser@${{ env.VM_PUB_IP }}:/prepare_env_windows.ps1
+ ssh -i $HOME/.ssh/id_rsa ${{ env.SSH_OPTS }} azureuser@${{ env.VM_PUB_IP }} "c:\\prepare_env_windows.ps1"
+
+ - name: MakeContainerDBins
+ run: |
+ ssh -i $HOME/.ssh/id_rsa ${{ env.SSH_OPTS }} azureuser@${{ env.VM_PUB_IP }} "git clone http://github.com/containerd/containerd c:\\containerd "
+ ssh -i $HOME/.ssh/id_rsa ${{ env.SSH_OPTS }} azureuser@${{ env.VM_PUB_IP }} "cd c:\containerd ; make binaries"
+ ssh -i $HOME/.ssh/id_rsa ${{ env.SSH_OPTS }} azureuser@${{ env.VM_PUB_IP }} "git clone http://github.com/Microsoft/hcsshim c:\containerd\hcsshim "
+
+ # Get shim commit from containerd local repo
+ SHIM_COMMIT=$(grep 'Microsoft/hcsshim' go.mod | awk '{ print $2 }');
+
+ ssh -i $HOME/.ssh/id_rsa ${{ env.SSH_OPTS }} azureuser@${{ env.VM_PUB_IP }} "cd c:\containerd\hcsshim; git fetch --tags origin $SHIM_COMMIT ; \
+ git checkout $SHIM_COMMIT ; go build -mod=vendor -o ${{ env.REMOTE_VM_BIN_PATH }}\containerd-shim-runhcs-v1.exe .\cmd\containerd-shim-runhcs-v1"
+
+ - name: RunIntegrationTests
+ run: |
+ ssh -i $HOME/.ssh/id_rsa ${{ env.SSH_OPTS }} azureuser@${{ env.VM_PUB_IP }} "sh.exe -s" << EOF
+ cd /c/containerd
+ export EXTRA_TESTFLAGS="-timeout=20m"
+ make integration | tee /c/Logs/integration.log
+ EOF
+ ssh -i $HOME/.ssh/id_rsa ${{ env.SSH_OPTS }} azureuser@${{ env.VM_PUB_IP }} "sh.exe -c 'cat /c/Logs/integration.log | go-junit-report.exe > /c/Logs/junit_00.xml'"
+
+ - name: PrepareRepoList
+ run: |
+ cat > repolist.toml << EOF
+ busybox = "${{ env.BUSYBOX_TESTING_IMAGE_REF }}"
+ ResourceConsumer = "${{ env.RESOURCE_CONSUMER_TESTING_IMAGE_REF }}"
+ EOF
+
+ cat > cri-test-images.yaml << EOF
+ defaultTestContainerImage: ${{ env.BUSYBOX_TESTING_IMAGE_REF }}
+ webServerTestImage: ${{ env.WEBSERVER_TESTING_IMAGE_REF }}
+ EOF
+
+ scp -i $HOME/.ssh/id_rsa ${{ env.SSH_OPTS }} repolist.toml azureuser@${{ env.VM_PUB_IP }}:c:/repolist.toml
+ scp -i $HOME/.ssh/id_rsa ${{ env.SSH_OPTS }} cri-test-images.yaml azureuser@${{ env.VM_PUB_IP }}:c:/cri-test-images.yaml
+
+ - name: RunCRIIntegrationTests
+ run: |
+ ssh -i $HOME/.ssh/id_rsa ${{ env.SSH_OPTS }} azureuser@${{ env.VM_PUB_IP }} "sh.exe -s" < c:/Logs/junit_01.xml' "
+
+ - name: GetCritestRepo
+ run: |
+ ssh -i $HOME/.ssh/id_rsa ${{ env.SSH_OPTS }} azureuser@${{ env.VM_PUB_IP }} "git clone https://github.com/kubernetes-sigs/cri-tools c:/cri-tools"
+
+ - name: BuildCritest
+ run: |
+ ssh -i $HOME/.ssh/id_rsa ${{ env.SSH_OPTS }} azureuser@${{ env.VM_PUB_IP }} "sh.exe -c 'cd /c/cri-tools && make critest'"
+
+ - name: RunCritest
+ run: |
+ ssh -i $HOME/.ssh/id_rsa ${{ env.SSH_OPTS }} azureuser@${{ env.VM_PUB_IP }} "powershell.exe -command { Start-Process -FilePath C:\containerd\bin\containerd.exe -NoNewWindow -RedirectStandardError true -PassThru ; get-process | sls containerd ; start-sleep 5 ; c:\cri-tools\build\bin\critest.exe --runtime-endpoint=\"npipe:\\\\.\\pipe\\containerd-containerd\" --test-images-file='c:\cri-test-images.yaml' --report-dir='c:\Logs' }"
+
+ - name: PullLogsFromWinNode
+ run: |
+ scp -i $HOME/.ssh/id_rsa ${{ env.SSH_OPTS }} azureuser@${{ env.VM_PUB_IP }}:c:/Logs/*.xml ${{ env.LOGS_DIR }}/artifacts/
+ for f in $(ls ${{ env.LOGS_DIR }}/artifacts/*.xml); do
+ xmlstarlet ed -d "/testsuites/testsuite/properties" $f > ${{ env.LOGS_DIR }}/$(basename $f)
+ mv ${{ env.LOGS_DIR }}/$(basename $f) $f
+ done
+
+ - name: FinishJob
+ run: |
+ jq -n --arg result SUCCESS --arg timestamp $(date +%s) '$timestamp|tonumber|{timestamp:.,$result}' > ${{ env.LOGS_DIR }}/finished.json
+ echo "${{ env.STARTED_TIME }}" > ${{ github.workspace }}/latest-build.txt
+
+ - name: AssignGcpCreds
+ id: AssignGcpCreds
+ run: |
+ echo 'GCP_SERVICE_ACCOUNT=${{ secrets.GCP_SERVICE_ACCOUNT }}' >> $GITHUB_OUTPUT
+ echo 'GCP_WORKLOAD_IDENTITY_PROVIDER=${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }}' >> $GITHUB_OUTPUT
+
+ - name: AuthGcp
+ uses: google-github-actions/auth@v0
+ if: steps.AssignGcpCreds.outputs.GCP_SERVICE_ACCOUNT && steps.AssignGcpCreds.outputs.GCP_WORKLOAD_IDENTITY_PROVIDER
+ with:
+ service_account: ${{ secrets.GCP_SERVICE_ACCOUNT }}
+ workload_identity_provider: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }}
+
+ - name: UploadJobReport
+ uses: google-github-actions/upload-cloud-storage@v0
+ if: steps.AssignGcpCreds.outputs.GCP_SERVICE_ACCOUNT && steps.AssignGcpCreds.outputs.GCP_WORKLOAD_IDENTITY_PROVIDER
+ with:
+ path: ${{ github.workspace }}/latest-build.txt
+ destination: ${{ matrix.GOOGLE_BUCKET }}
+ parent: false
+
+ - name: UploadLogsDir
+ uses: google-github-actions/upload-cloud-storage@v0
+ if: steps.AssignGcpCreds.outputs.GCP_SERVICE_ACCOUNT && steps.AssignGcpCreds.outputs.GCP_WORKLOAD_IDENTITY_PROVIDER
+ with:
+ path: ${{ env.LOGS_DIR }}
+ destination: ${{ matrix.GOOGLE_BUCKET }}${{ env.STARTED_TIME}}
+ parent: false
+
+ - name: ResourceCleanup
+ if: always()
+ uses: azure/CLI@v1
+ with:
+ inlinescript: |
+ az group delete -g ${{ matrix.AZURE_RESOURCE_GROUP }} --yes
diff --git a/.golangci.yml b/.golangci.yml
index 9fa9f44..e162f0a 100644
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -1,27 +1,55 @@
linters:
enable:
- - structcheck
- - varcheck
- - staticcheck
- - unconvert
+ - exportloopref # Checks for pointers to enclosing loop variables
- gofmt
- goimports
- - golint
+ - gosec
- ineffassign
- - vet
- - unused
- misspell
+ - nolintlint
+ - revive
+ - staticcheck
+ - tenv # Detects using os.Setenv instead of t.Setenv since Go 1.17
+ - unconvert
+ - unused
+ - vet
+ - dupword # Checks for duplicate words in the source code
disable:
- errcheck
issues:
include:
- EXC0002
+ max-issues-per-linter: 0
+ max-same-issues: 0
+
+ # Only using / doesn't work due to https://github.com/golangci/golangci-lint/issues/1398.
+ exclude-rules:
+ - path: 'archive[\\/]tarheader[\\/]'
+ # conversion is necessary on Linux, unnecessary on macOS
+ text: "unnecessary conversion"
+
+linters-settings:
+ gosec:
+ # The following issues surfaced when `gosec` linter
+ # was enabled. They are temporarily excluded to unblock
+ # the existing workflow, but still to be addressed by
+ # future works.
+ excludes:
+ - G204
+ - G305
+ - G306
+ - G402
+ - G404
run:
- timeout: 3m
+ timeout: 8m
skip-dirs:
- api
+ - cluster
- design
- docs
- docs/man
+ - releases
+ - reports
+ - test # e2e scripts
diff --git a/.mailmap b/.mailmap
index b6ce972..3988d47 100644
--- a/.mailmap
+++ b/.mailmap
@@ -29,13 +29,17 @@ Eric Ernst
Eric Ren
Eric Ren
Eric Ren
+Fabiano Fidêncio
Fahed Dorgaa
Frank Yang
Fupan Li
Fupan Li
+Fupan Li
+Furkan Türkal
Georgia Panoutsakopoulou
Guangming Wang
Haiyan Meng
+haoyun
Harry Zhang
Hu Shuai
Hu Shuai
@@ -53,15 +57,18 @@ John Howard
John Howard
Lorenz Brun
Luc Perkins
+Jiajun Jiang
Julien Balestra
Jun Lin Chen <1913688+mc256@users.noreply.github.com>
Justin Cormack
Justin Terry
Justin Terry
+Kante
Kenfe-Mickaël Laventure
Kevin Kern
Kevin Parsons
Kevin Xu
+Kitt Hsu
Kohei Tokunaga
Krasi Georgiev
Lantao Liu
@@ -69,16 +76,22 @@ Lantao Liu
Li Yuxuan
Lifubang
Lu Jingxiao
+Maksym Pavlenko <865334+mxpv@users.noreply.github.com>
Maksym Pavlenko
Maksym Pavlenko
Mario Hros
Mario Hros
Mario Macias
Mark Gordon
+Marvin Giessing
Michael Crosby
Michael Katsoulis
Mike Brown
Mohammad Asif Siddiqui
+Nabeel Rana
+Ng Yang
+Ning Li
+ningmingxiao
Nishchay Kumar
Oliver Stenbom
Phil Estes
@@ -89,6 +102,7 @@ Ross Boucher
Ruediger Maass
Rui Cao
Sakeven Jiang
+Samuel Karp
Samuel Karp
Seth Pellegrino <30441101+sethp-nr@users.noreply.github.com>
Shaobao Feng
@@ -104,16 +118,21 @@ Stephen J Day
Sudeesh John
Su Fei
Su Xiaolin
+Takumasa Sakao
Ted Yu
Tõnis Tiigi
Wade Lee
Wade Lee
Wade Lee <21621232@zju.edu.cn>
+Wang Bing
wanglei
+wanglei
+wangzhan
Wei Fu
Wei Fu
Xiaodong Zhang
Xuean Yan
+Yang Yang
Yue Zhang
Yuxing Liu
Zhang Wei
@@ -124,4 +143,7 @@ Zhiyu Li <404977848@qq.com>
Zhongming Chang
Zhoulin Xie
Zhoulin Xie <42261994+JoeWrightss@users.noreply.github.com>
+zounengren
张潇
+Kazuyoshi Kato
+Andrey Epifanov
diff --git a/.zuul.yaml b/.zuul.yaml
deleted file mode 100644
index 8c84572..0000000
--- a/.zuul.yaml
+++ /dev/null
@@ -1,35 +0,0 @@
-- project:
- name: containerd/containerd
- merge-mode: merge
- check:
- jobs:
- - containerd-build-arm64
- - containerd-test-arm64
- - containerd-integration-test-arm64
-
-- job:
- name: containerd-build-arm64
- parent: init-test
- description: |
- Containerd build in openlab cluster.
- run: .zuul/playbooks/containerd-build/run.yaml
- nodeset: ubuntu-xenial-arm64-openlab
- voting: false
-
-- job:
- name: containerd-test-arm64
- parent: init-test
- description: |
- Containerd unit tests in openlab cluster.
- run: .zuul/playbooks/containerd-build/unit-test.yaml
- nodeset: ubuntu-xenial-arm64-openlab
- voting: false
-
-- job:
- name: containerd-integration-test-arm64
- parent: init-test
- description: |
- Containerd unit tests in openlab cluster.
- run: .zuul/playbooks/containerd-build/integration-test.yaml
- nodeset: ubuntu-xenial-arm64-openlab
- voting: false
diff --git a/.zuul/playbooks/containerd-build/integration-test.yaml b/.zuul/playbooks/containerd-build/integration-test.yaml
deleted file mode 100644
index 9496ece..0000000
--- a/.zuul/playbooks/containerd-build/integration-test.yaml
+++ /dev/null
@@ -1,96 +0,0 @@
-- hosts: all
- become: yes
- roles:
- - role: config-golang
- go_version: '1.16.12'
- arch: arm64
- tasks:
- - name: Install pre-requisites
- shell:
- cmd: |
- set -xe
- set -o pipefail
- apt-get update
- apt-get install -y btrfs-tools libseccomp-dev git pkg-config lsof gperf apparmor
-
- go version
- chdir: '{{ zuul.project.src_dir }}'
- executable: /bin/bash
- environment: '{{ global_env }}'
- - name: Install containerd and cri dependencies
- shell:
- cmd: |
- set -xe
- make install-deps
- chdir: '{{ zuul.project.src_dir }}'
- executable: /bin/bash
- environment: '{{ global_env }}'
- - name: Install criu
- shell:
- cmd: |
- set -xe
- apt-get install -y \
- libprotobuf-dev \
- libprotobuf-c-dev \
- protobuf-c-compiler \
- protobuf-compiler \
- python-protobuf \
- libnl-3-dev \
- libnet-dev \
- libcap-dev \
- python-future
- wget https://github.com/checkpoint-restore/criu/archive/v3.13.tar.gz -O criu.tar.gz
- tar -zxf criu.tar.gz
- cd criu-3.13
- make install-criu
- chdir: '{{ zuul.project.src_dir }}'
- executable: /bin/bash
- environment: '{{ global_env }}'
- - name: Install containerd
- shell:
- cmd: |
- set -xe
- make binaries
- make install | tee $LOGS_PATH/make_install.log
- chdir: '{{ zuul.project.src_dir }}'
- executable: /bin/bash
- environment: '{{ global_env }}'
- - name: Tests
- shell:
- cmd: |
- make test | tee $LOGS_PATH/make_test.log
- make root-test | tee $LOGS_PATH/make_root-test.log
- chdir: '{{ zuul.project.src_dir }}'
- executable: /bin/bash
- environment: '{{ global_env }}'
- - name: Integration 1
- shell:
- cmd: |
- make integration EXTRA_TESTFLAGS=-no-criu TESTFLAGS_RACE=-race | tee $LOGS_PATH/make_integration-test.log
- chdir: '{{ zuul.project.src_dir }}'
- executable: /bin/bash
- environment: '{{ global_env }}'
- - name: Integration 2
- shell:
- cmd: |
- TESTFLAGS_PARALLEL=1 make integration EXTRA_TESTFLAGS=-no-criu | tee $LOGS_PATH/make_integration-test.log
- chdir: '{{ zuul.project.src_dir }}'
- executable: /bin/bash
- environment: '{{ global_env }}'
- - name: CRI Integration Test
- shell:
- cmd: |
- CONTAINERD_RUNTIME="io.containerd.runc.v2" make cri-integration | tee $LOGS_PATH/make_cri-integration-test.log
- chdir: '{{ zuul.project.src_dir }}'
- executable: /bin/bash
- environment: '{{ global_env }}'
- - name: CRI Integration Test
- shell:
- cmd: |
- if grep -q "FAIL:" $LOGS_PATH/*.log; then
- echo "FAILURE"
- exit 1
- fi
- chdir: '{{ zuul.project.src_dir }}'
- executable: /bin/bash
- environment: '{{ global_env }}'
diff --git a/.zuul/playbooks/containerd-build/run.yaml b/.zuul/playbooks/containerd-build/run.yaml
deleted file mode 100644
index a0ac088..0000000
--- a/.zuul/playbooks/containerd-build/run.yaml
+++ /dev/null
@@ -1,22 +0,0 @@
-- hosts: all
- become: yes
- roles:
- - role: config-golang
- go_version: '1.16.12'
- arch: arm64
- tasks:
- - name: Build containerd
- shell:
- cmd: |
- set -xe
- set -o pipefail
- apt-get update
- apt-get install -y btrfs-tools libseccomp-dev git pkg-config
-
- go version
- make | tee $LOGS_PATH/make.txt
-
- cp -r ./bin $RESULTS_PATH
- chdir: '{{ zuul.project.src_dir }}'
- executable: /bin/bash
- environment: '{{ global_env }}'
diff --git a/.zuul/playbooks/containerd-build/unit-test.yaml b/.zuul/playbooks/containerd-build/unit-test.yaml
deleted file mode 100644
index be354a3..0000000
--- a/.zuul/playbooks/containerd-build/unit-test.yaml
+++ /dev/null
@@ -1,20 +0,0 @@
-- hosts: all
- become: yes
- roles:
- - role: config-golang
- go_version: '1.16.12'
- arch: arm64
- tasks:
- - name: Build and test containerd
- shell:
- cmd: |
- set -xe
- set -o pipefail
- apt-get update
- apt-get install -y btrfs-tools libseccomp-dev git pkg-config
-
- go version
- make build test | tee $LOGS_PATH/make_test.txt
- chdir: '{{ zuul.project.src_dir }}'
- executable: /bin/bash
- environment: '{{ global_env }}'
diff --git a/ADOPTERS.md b/ADOPTERS.md
index 4d70cca..bbf99e7 100644
--- a/ADOPTERS.md
+++ b/ADOPTERS.md
@@ -12,10 +12,14 @@ including the Balena project listed below.
**_[IBM Cloud Private (ICP)](https://www.ibm.com/cloud/private)_** - IBM's on-premises cloud offering has containerd as a "tech preview" CRI runtime for the Kubernetes offered within this product for the past two releases, and plans to fully migrate to containerd in a future release.
-**_[Google Cloud Kubernetes Engine (GKE)](https://cloud.google.com/kubernetes-engine/)_** - offers containerd as the CRI runtime in **beta** for recent versions of Kubernetes.
+**_[Google Cloud Kubernetes Engine (GKE)](https://cloud.google.com/kubernetes-engine/)_** - containerd has been offered in GKE since version 1.14 and has been the default runtime since version 1.19. It is also the only supported runtime for GKE Autopilot from the launch. [More details](https://cloud.google.com/kubernetes-engine/docs/concepts/using-containerd)
**_[AWS Fargate](https://aws.amazon.com/fargate)_** - uses containerd + Firecracker (noted below) as the runtime and isolation technology for containers run in the Fargate platform. Fargate is a serverless, container-native compute offering from Amazon Web Services.
+**_[Amazon Elastic Kubernetes Service (EKS)](https://aws.amazon.com/eks/)_** - EKS optionally offers containerd as a CRI runtime starting with Kubernetes version 1.21. In Kubernetes 1.22 the default CRI runtime will be containerd.
+
+**_[Bottlerocket](https://aws.amazon.com/bottlerocket/)_** - Bottlerocket is a Linux distribution from Amazon Web Services purpose-built for containers using containerd as the core system runtime.
+
**_Cloud Foundry_** - The [Guardian container manager](https://github.com/cloudfoundry/guardian) for CF has been using OCI runC directly with additional code from CF managing the container image and filesystem interactions, but have recently migrated to use containerd as a replacement for the extra code they had written around runC.
**_Alibaba's PouchContainer_** - The Alibaba [PouchContainer](https://github.com/alibaba/pouch) project uses containerd as its runtime for a cloud native offering that has unique isolation and image distribution capabilities.
@@ -32,7 +36,7 @@ including the Balena project listed below.
**_BuildKit_** - The Moby project's [BuildKit](https://github.com/moby/buildkit) can use either runC or containerd as build execution backends for building container images. BuildKit support has also been built into the Docker engine in recent releases, making BuildKit provide the backend to the `docker build` command.
-**_Azure acs-engine_** - Microsoft Azure's [acs-engine](https://github.com/Azure/acs-engine) open source project has customizable deployment of Kubernetes clusters, where containerd is a selectable container runtime. At some point in the future Azure's AKS service will default to use containerd as the CRI runtime for deployed Kubernetes clusters.
+**_[Azure Kubernetes Service (AKS)](https://azure.microsoft.com/services/kubernetes-service)_** - Microsoft's managed Kubernetes offering uses containerd for Linux nodes running v1.19 or greater. Containerd for Windows nodes is currently in public preview. [More Details](https://docs.microsoft.com/azure/aks/cluster-configuration#container-runtime-configuration)
**_Amazon Firecracker_** - The AWS [Firecracker VMM project](http://firecracker-microvm.io/) has extended containerd with a new snapshotter and v2 shim to allow containerd to drive virtualized container processes via their VMM implementation. More details on their containerd integration are available in [their GitHub project](https://github.com/firecracker-microvm/firecracker-containerd).
@@ -42,6 +46,12 @@ including the Balena project listed below.
**_Inclavare Containers_** - [Inclavare Containers](https://github.com/alibaba/inclavare-containers) is an innovation of container runtime with the novel approach for launching protected containers in hardware-assisted Trusted Execution Environment (TEE) technology, aka Enclave, which can prevent the untrusted entity, such as Cloud Service Provider (CSP), from accessing the sensitive and confidential assets in use.
+**_VMware TKG_** - [Tanzu Kubernetes Grid](https://tanzu.vmware.com/kubernetes-grid) VMware's Multicloud Kubernetes offering uses containerd as the default CRI runtime.
+
+**_VMware TCE_** - [Tanzu Community Edition](https://github.com/vmware-tanzu/community-edition) VMware's fully-featured, easy to manage, Kubernetes platform for learners and users. It is a freely available, community supported, and open source distribution of VMware Tanzu. It uses containerd as the default CRI runtime.
+
+**_[Talos Linux](https://www.talos.dev/)_** - Talos Linux is Linux designed for Kubernetes – secure, immutable, and minimal. Talos Linux is using containerd as the core system runtime and CRI implementation.
+
**_Other Projects_** - While the above list provides a cross-section of well known uses of containerd, the simplicity and clear API layer for containerd has inspired many smaller projects around providing simple container management platforms. Several examples of building higher layer functionality on top of the containerd base have come from various containerd community participants:
- Michael Crosby's [boss](https://github.com/crosbymichael/boss) project,
- Evan Hazlett's [stellar](https://github.com/ehazlett/stellar) project,
diff --git a/BUILDING.md b/BUILDING.md
index b50c780..286164d 100644
--- a/BUILDING.md
+++ b/BUILDING.md
@@ -14,8 +14,8 @@ This doc includes:
To build the `containerd` daemon, and the `ctr` simple test client, the following build system dependencies are required:
-* Go 1.13.x or above except 1.14.x
-* Protoc 3.x compiler and headers (download at the [Google protobuf releases page](https://github.com/google/protobuf/releases))
+* Go 1.19.x or above
+* Protoc 3.x compiler and headers (download at the [Google protobuf releases page](https://github.com/protocolbuffers/protobuf/releases))
* Btrfs headers and libraries for your distribution. Note that building the btrfs driver can be disabled via the build tag `no_btrfs`, removing this dependency.
## Build the development environment
@@ -32,9 +32,9 @@ git clone https://github.com/containerd/containerd
For proper results, install the `protoc` release into `/usr/local` on your build system. For example, the following commands will download and install the 3.11.4 release for a 64-bit Linux host:
-```
-$ wget -c https://github.com/google/protobuf/releases/download/v3.11.4/protoc-3.11.4-linux-x86_64.zip
-$ sudo unzip protoc-3.11.4-linux-x86_64.zip -d /usr/local
+```sh
+wget -c https://github.com/protocolbuffers/protobuf/releases/download/v3.11.4/protoc-3.11.4-linux-x86_64.zip
+sudo unzip protoc-3.11.4-linux-x86_64.zip -d /usr/local
```
`containerd` uses [Btrfs](https://en.wikipedia.org/wiki/Btrfs) it means that you
@@ -46,38 +46,20 @@ need to satisfy these dependencies in your system:
At this point you are ready to build `containerd` yourself!
-## Build runc
+## Runc
-`runc` is the default container runtime used by `containerd` and is required to
-run containerd. While it is okay to download a runc binary and install that on
+Runc is the default container runtime used by `containerd` and is required to
+run containerd. While it is okay to download a `runc` binary and install that on
the system, sometimes it is necessary to build runc directly when working with
-container runtime development. You can skip this step if you already have the
-correct version of `runc` installed.
-
-`runc` requires `libseccomp`. You may need to install the missing dependencies:
-
-* CentOS/Fedora: `yum install libseccomp libseccomp-devel`
-* Debian/Ubuntu: `apt-get install libseccomp libseccomp-dev`
-
-
-For the quick and dirty installation, you can use the following:
-
-```
-git clone https://github.com/opencontainers/runc
-cd runc
-make
-sudo make install
-```
-
-Make sure to follow the guidelines for versioning in [RUNC.md](/docs/RUNC.md) for the
-best results.
+container runtime development. Make sure to follow the guidelines for versioning
+in [RUNC.md](/docs/RUNC.md) for the best results.
## Build containerd
`containerd` uses `make` to create a repeatable build flow. It means that you
can run:
-```
+```sh
cd containerd
make
```
@@ -86,22 +68,44 @@ This is going to build all the project binaries in the `./bin/` directory.
You can move them in your global path, `/usr/local/bin` with:
-```sudo
+```sh
sudo make install
```
+The install prefix can be changed by passing the `PREFIX` variable (defaults
+to `/usr/local`).
+
+Note: if you set one of these vars, set them to the same values on all make stages
+(build as well as install).
+
+If you want to prepend an additional prefix on actual installation (eg. packaging or chroot install),
+you can pass it via `DESTDIR` variable:
+
+```sh
+sudo make install DESTDIR=/tmp/install-x973234/
+```
+
+The above command installs the `containerd` binary to `/tmp/install-x973234/usr/local/bin/containerd`
+
+The current `DESTDIR` convention is supported since containerd v1.6.
+Older releases was using `DESTDIR` for a different purpose that is similar to `PREFIX`.
+
+
When making any changes to the gRPC API, you can use the installed `protoc`
compiler to regenerate the API generated code packages with:
-```sudo
+```sh
make generate
```
> *Note*: Several build tags are currently available:
-> * `no_btrfs`: A build tag disables building the btrfs snapshot driver.
> * `no_cri`: A build tag disables building Kubernetes [CRI](http://blog.kubernetes.io/2016/12/container-runtime-interface-cri-in-kubernetes.html) support into containerd.
> See [here](https://github.com/containerd/cri-containerd#build-tags) for build tags of CRI plugin.
-> * `no_devmapper`: A build tag disables building the device mapper snapshot driver.
+> * snapshotters (alphabetical order)
+> * `no_aufs`: A build tag disables building the aufs snapshot driver.
+> * `no_btrfs`: A build tag disables building the Btrfs snapshot driver.
+> * `no_devmapper`: A build tag disables building the device mapper snapshot driver.
+> * `no_zfs`: A build tag disables building the ZFS snapshot driver.
>
> For example, adding `BUILDTAGS=no_btrfs` to your environment before calling the **binaries**
> Makefile target will disable the btrfs driver within the containerd Go build.
@@ -117,26 +121,25 @@ Please refer to [RUNC.md](/docs/RUNC.md) for the currently supported version of
You can build static binaries by providing a few variables to `make`:
-```sudo
-make EXTRA_FLAGS="-buildmode pie" \
- EXTRA_LDFLAGS='-linkmode external -extldflags "-fno-PIC -static"' \
- BUILDTAGS="netgo osusergo static_build"
+```sh
+make STATIC=1
```
> *Note*:
> - static build is discouraged
> - static containerd binary does not support loading shared object plugins (`*.so`)
+> - static build binaries are not position-independent
# Via Docker container
The following instructions assume you are at the parent directory of containerd source directory.
-## Build containerd
+## Build containerd in a container
You can build `containerd` via a Linux-based Docker container.
You can build an image from this `Dockerfile`:
-```
+```dockerfile
FROM golang
RUN apt-get update && \
@@ -158,10 +161,11 @@ This mounts `containerd` repository
You are now ready to [build](#build-containerd):
```sh
- make && make install
+make && make install
```
-## Build containerd and runc
+## Build containerd and runc in a container
+
To have complete core container runtime, you will need both `containerd` and `runc`. It is possible to build both of these via Docker container.
You can use `git` to checkout `runc`:
@@ -177,7 +181,6 @@ FROM golang
RUN apt-get update && \
apt-get install -y libbtrfs-dev libseccomp-dev
-
```
In our Docker container we will build `runc` build, which includes
@@ -246,6 +249,7 @@ go test -v -run . -test.root
```
Example output from directly running `go test` to execute the `TestContainerList` test:
+
```sh
sudo go test -v -run "TestContainerList" . -test.root
INFO[0000] running tests against containerd revision=f2ae8a020a985a8d9862c9eb5ab66902c2888361 version=v1.0.0-beta.2-49-gf2ae8a0
@@ -255,6 +259,10 @@ PASS
ok github.com/containerd/containerd 4.778s
```
+> *Note*: in order to run `sudo go` you need to
+> - either keep user PATH environment variable. ex: `sudo "PATH=$PATH" env go test `
+> - or use `go test -exec` ex: `go test -exec sudo -v -run "TestTarWithXattr" ./archive/ -test.root`
+
## Additional tools
### containerd-stress
diff --git a/Makefile b/Makefile
index 6728380..f1b28ce 100644
--- a/Makefile
+++ b/Makefile
@@ -15,16 +15,22 @@
# Go command to use for build
GO ?= go
+INSTALL ?= install
# Root directory of the project (absolute path).
ROOTDIR=$(dir $(abspath $(lastword $(MAKEFILE_LIST))))
# Base path used to install.
-DESTDIR ?= /usr/local
+# The files will be installed under `$(DESTDIR)/$(PREFIX)`.
+# The convention of `DESTDIR` was changed in containerd v1.6.
+PREFIX ?= /usr/local
+DATADIR ?= $(PREFIX)/share
+MANDIR ?= $(DATADIR)/man
+
TEST_IMAGE_LIST ?=
# Used to populate variables in version package.
-VERSION=$(shell git describe --match 'v[0-9]*' --dirty='.m' --always)
+VERSION ?= $(shell git describe --match 'v[0-9]*' --dirty='.m' --always)
REVISION=$(shell git rev-parse HEAD)$(shell if ! git diff --no-ext-diff --quiet --exit-code; then echo .m; fi)
PACKAGE=github.com/containerd/containerd
SHIM_CGO_ENABLED ?= 0
@@ -57,6 +63,7 @@ else
endif
ifndef GODEBUG
+ EXTRA_LDFLAGS += -s -w
DEBUG_GO_GCFLAGS :=
DEBUG_TAGS :=
else
@@ -67,7 +74,7 @@ endif
WHALE = "🇩"
ONI = "👹"
-RELEASE=containerd-$(VERSION:v%=%).${GOOS}-${GOARCH}
+RELEASE=containerd-$(VERSION:v%=%)-${GOOS}-${GOARCH}
CRIRELEASE=cri-containerd-$(VERSION:v%=%)-${GOOS}-${GOARCH}
CRICNIRELEASE=cri-containerd-cni-$(VERSION:v%=%)-${GOOS}-${GOARCH}
@@ -82,12 +89,23 @@ ifdef BUILDTAGS
endif
GO_BUILDTAGS ?=
GO_BUILDTAGS += ${DEBUG_TAGS}
-GO_TAGS=$(if $(GO_BUILDTAGS),-tags "$(GO_BUILDTAGS)",)
-GO_LDFLAGS=-ldflags '-X $(PKG)/version.Version=$(VERSION) -X $(PKG)/version.Revision=$(REVISION) -X $(PKG)/version.Package=$(PACKAGE) $(EXTRA_LDFLAGS)'
+ifneq ($(STATIC),)
+ GO_BUILDTAGS += osusergo netgo static_build
+endif
+GO_TAGS=$(if $(GO_BUILDTAGS),-tags "$(strip $(GO_BUILDTAGS))",)
+
+GO_LDFLAGS=-ldflags '-X $(PKG)/version.Version=$(VERSION) -X $(PKG)/version.Revision=$(REVISION) -X $(PKG)/version.Package=$(PACKAGE) $(EXTRA_LDFLAGS)
+ifneq ($(STATIC),)
+ GO_LDFLAGS += -extldflags "-static"
+endif
+GO_LDFLAGS+='
+
SHIM_GO_LDFLAGS=-ldflags '-X $(PKG)/version.Version=$(VERSION) -X $(PKG)/version.Revision=$(REVISION) -X $(PKG)/version.Package=$(PACKAGE) -extldflags "-static" $(EXTRA_LDFLAGS)'
# Project packages.
PACKAGES=$(shell $(GO) list ${GO_TAGS} ./... | grep -v /vendor/ | grep -v /integration)
+API_PACKAGES=$(shell (cd api && $(GO) list ${GO_TAGS} ./... | grep -v /vendor/ | grep -v /integration))
+NON_API_PACKAGES=$(shell $(GO) list ${GO_TAGS} ./... | grep -v /vendor/ | grep -v /integration | grep -v "containerd/api")
TEST_REQUIRES_ROOT_PACKAGES=$(filter \
${PACKAGES}, \
$(shell \
@@ -132,6 +150,9 @@ CRIDIR=$(OUTPUTDIR)/cri
.PHONY: clean all AUTHORS build binaries test integration generate protos checkprotos coverage ci check help install uninstall vendor release mandir install-man genman install-cri-deps cri-release cri-cni-release cri-integration install-deps bin/cri-integration.test
.DEFAULT: default
+# Forcibly set the default goal to all, in case an include above brought in a rule definition.
+.DEFAULT_GOAL := all
+
all: binaries
check: proto-fmt ## run all linters
@@ -149,7 +170,13 @@ generate: protos
protos: bin/protoc-gen-gogoctrd ## generate protobuf
@echo "$(WHALE) $@"
- @PATH="${ROOTDIR}/bin:${PATH}" protobuild --quiet ${PACKAGES}
+ @find . -path ./vendor -prune -false -o -name '*.pb.go' | xargs rm
+ $(eval TMPDIR := $(shell mktemp -d))
+ @mv ${ROOTDIR}/vendor ${TMPDIR}
+ @(cd ${ROOTDIR}/api && PATH="${ROOTDIR}/bin:${PATH}" protobuild --quiet ${API_PACKAGES})
+ @(PATH="${ROOTDIR}/bin:${PATH}" protobuild --quiet ${NON_API_PACKAGES})
+ @mv ${TMPDIR}/vendor ${ROOTDIR}
+ @rm -rf ${TMPDIR}
check-protos: protos ## check if protobufs needs to be generated again
@echo "$(WHALE) $@"
@@ -193,9 +220,19 @@ bin/cri-integration.test:
cri-integration: binaries bin/cri-integration.test ## run cri integration tests
@echo "$(WHALE) $@"
- @./script/test/cri-integration.sh
+ @bash -x ./script/test/cri-integration.sh
@rm -rf bin/cri-integration.test
+# build runc shimv2 with failpoint control, only used by integration test
+bin/containerd-shim-runc-fp-v1: integration/failpoint/cmd/containerd-shim-runc-fp-v1 FORCE
+ @echo "$(WHALE) $@"
+ @CGO_ENABLED=${SHIM_CGO_ENABLED} $(GO) build ${GO_BUILD_FLAGS} -o $@ ${SHIM_GO_LDFLAGS} ${GO_TAGS} ./integration/failpoint/cmd/containerd-shim-runc-fp-v1
+
+# build CNI bridge plugin wrapper with failpoint support, only used by integration test
+bin/cni-bridge-fp: integration/failpoint/cmd/cni-bridge-fp FORCE
+ @echo "$(WHALE) $@"
+ @$(GO) build ${GO_BUILD_FLAGS} -o $@ ./integration/failpoint/cmd/cni-bridge-fp
+
benchmark: ## run benchmarks tests
@echo "$(WHALE) $@"
@$(GO) test ${TESTFLAGS} -bench . -run Benchmark -test.root
@@ -212,16 +249,16 @@ bin/%: cmd/% FORCE
$(call BUILD_BINARY)
bin/containerd-shim: cmd/containerd-shim FORCE # set !cgo and omit pie for a static shim build: https://github.com/golang/go/issues/17789#issuecomment-258542220
- @echo "$(WHALE) bin/containerd-shim"
- @CGO_ENABLED=${SHIM_CGO_ENABLED} $(GO) build ${GO_BUILD_FLAGS} -o bin/containerd-shim ${SHIM_GO_LDFLAGS} ${GO_TAGS} ./cmd/containerd-shim
+ @echo "$(WHALE) $@"
+ @CGO_ENABLED=${SHIM_CGO_ENABLED} $(GO) build ${GO_BUILD_FLAGS} -o $@ ${SHIM_GO_LDFLAGS} ${GO_TAGS} ./cmd/containerd-shim
bin/containerd-shim-runc-v1: cmd/containerd-shim-runc-v1 FORCE # set !cgo and omit pie for a static shim build: https://github.com/golang/go/issues/17789#issuecomment-258542220
- @echo "$(WHALE) bin/containerd-shim-runc-v1"
- @CGO_ENABLED=${SHIM_CGO_ENABLED} $(GO) build ${GO_BUILD_FLAGS} -o bin/containerd-shim-runc-v1 ${SHIM_GO_LDFLAGS} ${GO_TAGS} ./cmd/containerd-shim-runc-v1
+ @echo "$(WHALE) $@"
+ @CGO_ENABLED=${SHIM_CGO_ENABLED} $(GO) build ${GO_BUILD_FLAGS} -o $@ ${SHIM_GO_LDFLAGS} ${GO_TAGS} ./cmd/containerd-shim-runc-v1
bin/containerd-shim-runc-v2: cmd/containerd-shim-runc-v2 FORCE # set !cgo and omit pie for a static shim build: https://github.com/golang/go/issues/17789#issuecomment-258542220
- @echo "$(WHALE) bin/containerd-shim-runc-v2"
- @CGO_ENABLED=${SHIM_CGO_ENABLED} $(GO) build ${GO_BUILD_FLAGS} -o bin/containerd-shim-runc-v2 ${SHIM_GO_LDFLAGS} ${GO_TAGS} ./cmd/containerd-shim-runc-v2
+ @echo "$(WHALE) $@"
+ @CGO_ENABLED=${SHIM_CGO_ENABLED} $(GO) build ${GO_BUILD_FLAGS} -o $@ ${SHIM_GO_LDFLAGS} ${GO_TAGS} ./cmd/containerd-shim-runc-v2
binaries: $(BINARIES) ## build binaries
@echo "$(WHALE) $@"
@@ -237,30 +274,31 @@ genman: man/containerd.8 man/ctr.8
man/containerd.8: FORCE
@echo "$(WHALE) $@"
- $(GO) run cmd/gen-manpages/main.go $(@F) $(@D)
+ $(GO) run -mod=readonly ${GO_TAGS} cmd/gen-manpages/main.go $(@F) $(@D)
man/ctr.8: FORCE
@echo "$(WHALE) $@"
- $(GO) run cmd/gen-manpages/main.go $(@F) $(@D)
+ $(GO) run -mod=readonly ${GO_TAGS} cmd/gen-manpages/main.go $(@F) $(@D)
man/%: docs/man/%.md FORCE
@echo "$(WHALE) $@"
go-md2man -in "$<" -out "$@"
define installmanpage
-mkdir -p $(DESTDIR)/man/man$(2);
-gzip -c $(1) >$(DESTDIR)/man/man$(2)/$(3).gz;
+$(INSTALL) -d $(DESTDIR)$(MANDIR)/man$(2);
+gzip -c $(1) >$(DESTDIR)$(MANDIR)/man$(2)/$(3).gz;
endef
-install-man:
+install-man: man
@echo "$(WHALE) $@"
$(foreach manpage,$(addprefix man/,$(MANPAGES)), $(call installmanpage,$(manpage),$(subst .,,$(suffix $(manpage))),$(notdir $(manpage))))
+
releases/$(RELEASE).tar.gz: $(BINARIES)
@echo "$(WHALE) $@"
@rm -rf releases/$(RELEASE) releases/$(RELEASE).tar.gz
- @install -d releases/$(RELEASE)/bin
- @install $(BINARIES) releases/$(RELEASE)/bin
+ @$(INSTALL) -d releases/$(RELEASE)/bin
+ @$(INSTALL) $(BINARIES) releases/$(RELEASE)/bin
@tar -czf releases/$(RELEASE).tar.gz -C releases/$(RELEASE) bin
@rm -rf releases/$(RELEASE)
@@ -271,18 +309,18 @@ release: releases/$(RELEASE).tar.gz
# install of cri deps into release output directory
ifeq ($(GOOS),windows)
install-cri-deps: $(BINARIES)
- mkdir -p $(CRIDIR)
+ $(INSTALL) -d $(CRIDIR)
DESTDIR=$(CRIDIR) script/setup/install-cni-windows
cp bin/* $(CRIDIR)
else
install-cri-deps: $(BINARIES)
@rm -rf ${CRIDIR}
- @install -d ${CRIDIR}/usr/local/bin
- @install -D -m 755 bin/* ${CRIDIR}/usr/local/bin
- @install -d ${CRIDIR}/opt/containerd/cluster
+ @$(INSTALL) -d ${CRIDIR}/usr/local/bin
+ @$(INSTALL) -D -m 755 bin/* ${CRIDIR}/usr/local/bin
+ @$(INSTALL) -d ${CRIDIR}/opt/containerd/cluster
@cp -r contrib/gce ${CRIDIR}/opt/containerd/cluster/
- @install -d ${CRIDIR}/etc/systemd/system
- @install -m 644 containerd.service ${CRIDIR}/etc/systemd/system
+ @$(INSTALL) -d ${CRIDIR}/etc/systemd/system
+ @$(INSTALL) -m 644 containerd.service ${CRIDIR}/etc/systemd/system
echo "CONTAINERD_VERSION: '$(VERSION:v%=%)'" | tee ${CRIDIR}/opt/containerd/cluster/version
DESTDIR=$(CRIDIR) script/setup/install-runc
@@ -290,26 +328,30 @@ install-cri-deps: $(BINARIES)
DESTDIR=$(CRIDIR) script/setup/install-critools
DESTDIR=$(CRIDIR) script/setup/install-imgcrypt
- @install -d $(CRIDIR)/bin
- @install $(BINARIES) $(CRIDIR)/bin
+ @$(INSTALL) -d $(CRIDIR)/bin
+ @$(INSTALL) $(BINARIES) $(CRIDIR)/bin
endif
+$(CRIDIR)/cri-containerd.DEPRECATED.txt:
+ @mkdir -p $(CRIDIR)
+ @$(INSTALL) -m 644 releases/cri-containerd.DEPRECATED.txt $@
+
ifeq ($(GOOS),windows)
-releases/$(CRIRELEASE).tar.gz: install-cri-deps
+releases/$(CRIRELEASE).tar.gz: install-cri-deps $(CRIDIR)/cri-containerd.DEPRECATED.txt
@echo "$(WHALE) $@"
@cd $(CRIDIR) && tar -czf ../../releases/$(CRIRELEASE).tar.gz *
-releases/$(CRICNIRELEASE).tar.gz: install-cri-deps
+releases/$(CRICNIRELEASE).tar.gz: install-cri-deps $(CRIDIR)/cri-containerd.DEPRECATED.txt
@echo "$(WHALE) $@"
@cd $(CRIDIR) && tar -czf ../../releases/$(CRICNIRELEASE).tar.gz *
else
-releases/$(CRIRELEASE).tar.gz: install-cri-deps
+releases/$(CRIRELEASE).tar.gz: install-cri-deps $(CRIDIR)/cri-containerd.DEPRECATED.txt
@echo "$(WHALE) $@"
- @tar -czf releases/$(CRIRELEASE).tar.gz -C $(CRIDIR) etc/crictl.yaml etc/systemd usr opt/containerd
+ @tar -czf releases/$(CRIRELEASE).tar.gz -C $(CRIDIR) cri-containerd.DEPRECATED.txt etc/crictl.yaml etc/systemd usr opt/containerd
-releases/$(CRICNIRELEASE).tar.gz: install-cri-deps
+releases/$(CRICNIRELEASE).tar.gz: install-cri-deps $(CRIDIR)/cri-containerd.DEPRECATED.txt
@echo "$(WHALE) $@"
- @tar -czf releases/$(CRICNIRELEASE).tar.gz -C $(CRIDIR) etc usr opt
+ @tar -czf releases/$(CRICNIRELEASE).tar.gz -C $(CRIDIR) cri-containerd.DEPRECATED.txt etc usr opt
endif
cri-release: releases/$(CRIRELEASE).tar.gz
@@ -341,15 +383,17 @@ clean-test: ## clean up debris from previously failed tests
@rm -rf /run/containerd/fifo/*
@rm -rf /run/containerd-test/*
@rm -rf bin/cri-integration.test
+ @rm -rf bin/cni-bridge-fp
+ @rm -rf bin/containerd-shim-runc-fp-v1
install: ## install binaries
@echo "$(WHALE) $@ $(BINARIES)"
- @mkdir -p $(DESTDIR)/bin
- @install $(BINARIES) $(DESTDIR)/bin
+ @$(INSTALL) -d $(DESTDIR)$(PREFIX)/bin
+ @$(INSTALL) $(BINARIES) $(DESTDIR)$(PREFIX)/bin
uninstall:
@echo "$(WHALE) $@"
- @rm -f $(addprefix $(DESTDIR)/bin/,$(notdir $(BINARIES)))
+ @rm -f $(addprefix $(DESTDIR)$(PREFIX)/bin/,$(notdir $(BINARIES)))
ifeq ($(GOOS),windows)
install-deps:
@@ -393,10 +437,23 @@ root-coverage: ## generate coverage profiles for unit tests that require root
fi; \
done )
-vendor: ## vendor
+vendor: ## ensure all the go.mod/go.sum files are up-to-date including vendor/ directory
@echo "$(WHALE) $@"
@$(GO) mod tidy
@$(GO) mod vendor
+ @$(GO) mod verify
+ @(cd ${ROOTDIR}/integration/client && ${GO} mod tidy)
+
+verify-vendor: ## verify if all the go.mod/go.sum files are up-to-date
+ @echo "$(WHALE) $@"
+ $(eval TMPDIR := $(shell mktemp -d))
+ @cp -R ${ROOTDIR} ${TMPDIR}
+ @(cd ${TMPDIR}/containerd && ${GO} mod tidy)
+ @(cd ${TMPDIR}/containerd/integration/client && ${GO} mod tidy)
+ @diff -r -u -q ${ROOTDIR} ${TMPDIR}/containerd
+ @rm -rf ${TMPDIR}
+ @${ROOTDIR}/script/verify-go-modules.sh integration/client
+
help: ## this help
@awk 'BEGIN {FS = ":.*?## "} /^[a-zA-Z_-]+:.*?## / {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}' $(MAKEFILE_LIST) | sort
diff --git a/Makefile.linux b/Makefile.linux
index c338531..0541400 100644
--- a/Makefile.linux
+++ b/Makefile.linux
@@ -20,8 +20,10 @@ COMMANDS += containerd-shim containerd-shim-runc-v1 containerd-shim-runc-v2
# check GOOS for cross compile builds
ifeq ($(GOOS),linux)
- ifneq ($(GOARCH),$(filter $(GOARCH),mips mipsle mips64 mips64le ppc64 riscv64))
- GO_GCFLAGS += -buildmode=pie
+ ifneq ($(GOARCH),$(filter $(GOARCH),mips mipsle mips64 mips64le ppc64))
+ ifeq ($(STATIC),)
+ GO_GCFLAGS += -buildmode=pie
+ endif
endif
endif
diff --git a/Makefile.windows b/Makefile.windows
index 56164e4..6e62a87 100644
--- a/Makefile.windows
+++ b/Makefile.windows
@@ -22,7 +22,11 @@ ifeq ($(GOARCH),amd64)
TESTFLAGS_RACE= -race
endif
-BINARIES:=$(addsuffix .exe,$(BINARIES))
+WINDOWS_SHIM=bin/containerd-shim-runhcs-v1.exe
+BINARIES := $(addsuffix .exe,$(BINARIES)) $(WINDOWS_SHIM)
+
+$(WINDOWS_SHIM): script/setup/install-runhcs-shim go.mod
+ DESTDIR=$(CURDIR)/bin $<
bin/%.exe: cmd/% FORCE
$(BUILD_BINARY)
diff --git a/Protobuild.toml b/Protobuild.toml
index d88fcd6..ccc4e79 100644
--- a/Protobuild.toml
+++ b/Protobuild.toml
@@ -31,28 +31,11 @@ plugins = ["grpc", "fieldpath"]
"google/protobuf/duration.proto" = "github.com/gogo/protobuf/types"
"google/rpc/status.proto" = "github.com/gogo/googleapis/google/rpc"
-[[overrides]]
-prefixes = ["github.com/containerd/containerd/api/events"]
-plugins = ["fieldpath"] # disable grpc for this package
-
-[[overrides]]
-prefixes = ["github.com/containerd/containerd/api/services/ttrpc/events/v1"]
-plugins = ["ttrpc", "fieldpath"]
-
[[overrides]]
# enable ttrpc and disable fieldpath and grpc for the shim
prefixes = ["github.com/containerd/containerd/runtime/v1/shim/v1", "github.com/containerd/containerd/runtime/v2/task"]
plugins = ["ttrpc"]
-# Aggregrate the API descriptors to lock down API changes.
-[[descriptors]]
-prefix = "github.com/containerd/containerd/api"
-target = "api/next.pb.txt"
-ignore_files = [
- "google/protobuf/descriptor.proto",
- "gogoproto/gogo.proto"
-]
-
# Lock down runc config
[[descriptors]]
prefix = "github.com/containerd/containerd/runtime/linux/runctypes"
diff --git a/README.md b/README.md
index 1ecec1f..f876079 100644
--- a/README.md
+++ b/README.md
@@ -1,9 +1,9 @@
-
+
+
[](https://pkg.go.dev/github.com/containerd/containerd)
[](https://github.com/containerd/containerd/actions?query=workflow%3ACI)
[](https://github.com/containerd/containerd/actions?query=workflow%3ANightly)
-[](https://app.fossa.io/projects/git%2Bhttps%3A%2F%2Fgithub.com%2Fcontainerd%2Fcontainerd?ref=badge_shield)
[](https://goreportcard.com/report/github.com/containerd/containerd)
[](https://bestpractices.coreinfrastructure.org/projects/1271)
@@ -21,7 +21,7 @@ We are a large inclusive OSS project that is welcoming help of any kind shape or
* Documentation help is needed to make the product easier to consume and extend.
* We need OSS community outreach / organizing help to get the word out; manage
and create messaging and educational content; and to help with social media, community forums/groups, and google groups.
-* We are actively inviting new [security advisors](https://github.com/containerd/project/blob/master/GOVERNANCE.md#security-advisors) to join the team.
+* We are actively inviting new [security advisors](https://github.com/containerd/project/blob/main/GOVERNANCE.md#security-advisors) to join the team.
* New sub-projects are being created, core and non-core that could use additional development help.
* Each of the [containerd projects](https://github.com/containerd) has a list of issues currently being worked on or that need help resolving.
- If the issue has not already been assigned to someone, or has not made recent progress and you are interested, please inquire.
@@ -41,7 +41,7 @@ If you are interested in trying out containerd see our example at [Getting Start
## Nightly builds
There are nightly builds available for download [here](https://github.com/containerd/containerd/actions?query=workflow%3ANightly).
-Binaries are generated from `master` branch every night for `Linux` and `Windows`.
+Binaries are generated from `main` branch every night for `Linux` and `Windows`.
Please be aware: nightly builds might have critical bugs, it's not recommended for use in production and no support provided.
@@ -68,6 +68,14 @@ your system. See more details in [Checkpoint and Restore](#checkpoint-and-restor
Build requirements for developers are listed in [BUILDING](BUILDING.md).
+
+## Supported Registries
+
+Any registry which is compliant with the [OCI Distribution Specification](https://github.com/opencontainers/distribution-spec)
+is supported by containerd.
+
+For configuring registries, see [registry host configuration documentation](docs/hosts.md)
+
## Features
### Client
@@ -77,8 +85,11 @@ containerd offers a full client package to help you integrate containerd into yo
```go
import (
+ "context"
+
"github.com/containerd/containerd"
"github.com/containerd/containerd/cio"
+ "github.com/containerd/containerd/namespaces"
)
@@ -269,7 +280,7 @@ loaded for the user's shell environment.
`cri` is a native plugin of containerd. Since containerd 1.1, the cri plugin is built into the release binaries and enabled by default.
> **Note:** As of containerd 1.5, the `cri` plugin is merged into the containerd/containerd repo. For example, the source code previously stored under [`containerd/cri/pkg`](https://github.com/containerd/cri/tree/release/1.4/pkg)
-was moved to [`containerd/containerd/pkg/cri` package](https://github.com/containerd/containerd/tree/master/pkg/cri).
+was moved to [`containerd/containerd/pkg/cri` package](https://github.com/containerd/containerd/tree/main/pkg/cri).
The `cri` plugin has reached GA status, representing that it is:
* Feature complete
@@ -289,7 +300,7 @@ A Kubernetes incubator project, [cri-tools](https://github.com/kubernetes-sigs/c
* [CRI Plugin Testing Guide](./docs/cri/testing.md)
* [Debugging Pods, Containers, and Images with `crictl`](./docs/cri/crictl.md)
* [Configuring `cri` Plugins](./docs/cri/config.md)
-* [Configuring containerd](https://github.com/containerd/containerd/blob/master/docs/man/containerd-config.8.md)
+* [Configuring containerd](https://github.com/containerd/containerd/blob/main/docs/man/containerd-config.8.md)
### Communication
@@ -315,14 +326,14 @@ copy of the license, titled CC-BY-4.0, at http://creativecommons.org/licenses/by
## Project details
-**containerd** is the primary open source project within the broader containerd GitHub repository.
+**containerd** is the primary open source project within the broader containerd GitHub organization.
However, all projects within the repo have common maintainership, governance, and contributing
guidelines which are stored in a `project` repository commonly for all containerd projects.
Please find all these core project documents, including the:
- * [Project governance](https://github.com/containerd/project/blob/master/GOVERNANCE.md),
- * [Maintainers](https://github.com/containerd/project/blob/master/MAINTAINERS),
- * and [Contributing guidelines](https://github.com/containerd/project/blob/master/CONTRIBUTING.md)
+ * [Project governance](https://github.com/containerd/project/blob/main/GOVERNANCE.md),
+ * [Maintainers](https://github.com/containerd/project/blob/main/MAINTAINERS),
+ * and [Contributing guidelines](https://github.com/containerd/project/blob/main/CONTRIBUTING.md)
information in our [`containerd/project`](https://github.com/containerd/project) repository.
diff --git a/RELEASES.md b/RELEASES.md
index 3fda996..2476248 100644
--- a/RELEASES.md
+++ b/RELEASES.md
@@ -27,7 +27,7 @@ considered "pre-releases".
### Major and Minor Releases
-Major and minor releases of containerd will be made from master. Releases of
+Major and minor releases of containerd will be made from main. Releases of
containerd will be marked with GPG signed tags and announced at
https://github.com/containerd/containerd/releases. The tag will be of the
format `v..` and should be made with the command `git tag
@@ -43,7 +43,7 @@ done against that branch.
Pre-releases, such as alphas, betas and release candidates will be conducted
from their source branch. For major and minor releases, these releases will be
-done from master. For patch releases, these pre-releases should be done within
+done from main. For patch releases, these pre-releases should be done within
the corresponding release branch.
While pre-releases are done to assist in the stabilization process, no
@@ -89,7 +89,7 @@ whichever is longer. Additionally, releases may have an extended security suppor
period after the end of the active period to accept security backports. This
timeframe will be decided by maintainers before the end of the active status.
-The current state is available in the following table:
+The current state is available in the following tables:
| Release | Status | Start | End of Life |
|---------|-------------|------------------|-------------------|
@@ -100,12 +100,27 @@ The current state is available in the following table:
| [1.1](https://github.com/containerd/containerd/releases/tag/v1.1.8) | End of Life | April 23, 2018 | October 23, 2019 |
| [1.2](https://github.com/containerd/containerd/releases/tag/v1.2.13) | End of Life | October 24, 2018 | October 15, 2020 |
| [1.3](https://github.com/containerd/containerd/releases/tag/v1.3.10) | End of Life | September 26, 2019 | March 4, 2021 |
-| [1.4](https://github.com/containerd/containerd/releases/tag/v1.4.4) | Active | August 17, 2020 | max(August 17, 2021, release of 1.5.0 + 6 months) |
-| [1.5](https://github.com/containerd/containerd/milestone/30) | Next | TBD | max(TBD+1 year, release of 1.6.0 + 6 months) |
+| [1.4](https://github.com/containerd/containerd/releases/tag/v1.4.12) | Extended | August 17, 2020 | March 3, 2022 (Extended) |
+| [1.5](https://github.com/containerd/containerd/releases/tag/v1.5.9) | Active | May 3, 2021 | October 28, 2022 |
+| [1.6](https://github.com/containerd/containerd/releases/tag/v1.6.0) | Active | February 15, 2022 | max(February 15, 2023 or release of 1.7.0 + 6 months) |
+| [1.7](https://github.com/containerd/containerd/milestone/42) | Next | TBD | TBD |
Note that branches and release from before 1.0 may not follow these rules.
-This table should be updated as part of the release preparation process.
+| CRI-Containerd Version | Containerd Version | Kubernetes Version | CRI Version |
+|------------------------|--------------------|--------------------|--------------|
+| v1.0.0-alpha.x | | 1.7, 1.8 | v1alpha1 |
+| v1.0.0-beta.x | | 1.9 | v1alpha1 |
+| End-Of-Life | v1.1 (End-Of-Life) | 1.10+ | v1alpha2 |
+| | v1.2 (End-Of-Life) | 1.10+ | v1alpha2 |
+| | v1.3 (End-Of-Life) | 1.12+ | v1alpha2 |
+| | v1.4 | 1.19+ | v1alpha2 |
+| | v1.5 | 1.20+ | v1alpha2 |
+| | v1.6 | 1.23+ | v1, v1alpha2 |
+
+**Note:** The support table above specifies the Kubernetes Version that was supported at time of release of the containerd - cri integration and Kubernetes only supports n-3 minor release versions.
+
+These tables should be updated as part of the release preparation process.
### Backporting
@@ -115,11 +130,11 @@ will be features for the next _minor_ or _major_ release. For the most part,
this process is straightforward and we are here to help make it as smooth as
possible.
-If there are important fixes that need to be backported, please let use know in
+If there are important fixes that need to be backported, please let us know in
one of three ways:
1. Open an issue.
-2. Open a PR with cherry-picked change from master.
+2. Open a PR with cherry-picked change from main.
3. Open a PR with a ported fix.
__If you are reporting a security issue, please reach out discreetly at security@containerd.io__.
@@ -127,10 +142,10 @@ Remember that backported PRs must follow the versioning guidelines from this doc
Any release that is "active" can accept backports. Opening a backport PR is
fairly straightforward. The steps differ depending on whether you are pulling
-a fix from master or need to draft a new commit specific to a particular
+a fix from main or need to draft a new commit specific to a particular
branch.
-To cherry pick a straightforward commit from master, simply use the cherry pick
+To cherry pick a straightforward commit from main, simply use the cherry pick
process:
1. Pick the branch to which you want backported, usually in the format
@@ -154,7 +169,7 @@ process:
```
Make sure to replace `stevvooe` with whatever fork you are using to open
- the PR. When you open the PR, make sure to switch `master` with whatever
+ the PR. When you open the PR, make sure to switch `main` with whatever
release branch you are targeting with the fix. Make sure the PR title has
`[]` prefixed. e.g.:
@@ -162,11 +177,11 @@ process:
[release/1.4] Fix foo in bar
```
-If there is no existing fix in master, you should first fix the bug in master,
+If there is no existing fix in main, you should first fix the bug in main,
or ask us a maintainer or contributor to do it via an issue. Once that PR is
completed, open a PR using the process above.
-Only when the bug is not seen in master and must be made for the specific
+Only when the bug is not seen in main and must be made for the specific
release branch should you open a PR with new code.
## Public API Stability
@@ -177,12 +192,12 @@ containerd versions:
| Component | Status | Stabilized Version | Links |
|------------------|----------|--------------------|---------------|
-| GRPC API | Stable | 1.0 | [api/](api) |
+| GRPC API | Stable | 1.0 | [gRPC API](#grpc-api) |
| Metrics API | Stable | 1.0 | - |
| Runtime Shim API | Stable | 1.2 | - |
-| Daemon Config | Stable | 1.0 | - |
+| Daemon Config | Stable | 1.0 | - |
+| CRI GRPC API | Stable | 1.6 (_CRI v1_) | [cri-api](https://github.com/kubernetes/cri-api/tree/master/pkg/apis/runtime/v1) |
| Go client API | Unstable | _future_ | [godoc](https://godoc.org/github.com/containerd/containerd) |
-| CRI GRPC API | Unstable | v1alpha2 _current_ | [cri-api](https://github.com/kubernetes/cri-api/tree/master/pkg/apis/runtime/v1alpha2) |
| `ctr` tool | Unstable | Out of scope | - |
From the version stated in the above table, that component must adhere to the
@@ -201,7 +216,7 @@ version jump.
To ensure compatibility, we have collected the entire GRPC API symbol set into
a single file. At each _minor_ release of containerd, we will move the current
`next.pb.txt` file to a file named for the minor version, such as `1.0.pb.txt`,
-enumerating the support services and messages. See [api/](api) for details.
+enumerating the support services and messages.
Note that new services may be added in _minor_ releases. New service methods
and new fields on messages may be added if they are optional.
@@ -321,9 +336,10 @@ against total impact.
The deprecated features are shown in the following table:
-| Component | Deprecation release | Target release for removal | Recommendation |
-|----------------------------------------------------------------------|---------------------|----------------------------|-------------------------------|
-| Runtime V1 API and implementation (`io.containerd.runtime.v1.linux`) | containerd v1.4 | containerd v2.0 | Use `io.containerd.runc.v2` |
-| Runc V1 implementation of Runtime V2 (`io.containerd.runc.v1`) | containerd v1.4 | containerd v2.0 | Use `io.containerd.runc.v2` |
-| config.toml `version = 1` | containerd v1.5 | containerd v2.0 | Use config.toml `version = 2` |
-| Built-in `aufs` snapshotter | containerd v1.5 | containerd v2.0 | Use `overlayfs` snapshotter |
+| Component | Deprecation release | Target release for removal | Recommendation |
+|----------------------------------------------------------------------|---------------------|----------------------------|-----------------------------------|
+| Runtime V1 API and implementation (`io.containerd.runtime.v1.linux`) | containerd v1.4 | containerd v2.0 | Use `io.containerd.runc.v2` |
+| Runc V1 implementation of Runtime V2 (`io.containerd.runc.v1`) | containerd v1.4 | containerd v2.0 | Use `io.containerd.runc.v2` |
+| config.toml `version = 1` | containerd v1.5 | containerd v2.0 | Use config.toml `version = 2` |
+| Built-in `aufs` snapshotter | containerd v1.5 | containerd v2.0 | Use `overlayfs` snapshotter |
+| `cri-containerd-*.tar.gz` release bundles | containerd v1.6 | containerd v2.0 | Use `containerd-*.tar.gz` bundles |
diff --git a/Vagrantfile b/Vagrantfile
index 2d790a7..71946f0 100644
--- a/Vagrantfile
+++ b/Vagrantfile
@@ -15,9 +15,10 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-# Vagrantfile for cgroup2 and SELinux
+# Vagrantfile for Fedora and EL
Vagrant.configure("2") do |config|
- config.vm.box = "fedora/34-cloud-base"
+ config.vm.box = ENV["BOX"] || "fedora/37-cloud-base"
+ config.vm.box_version = ENV["BOX_VERSION"]
memory = 4096
cpus = 2
config.vm.provider :virtualbox do |v|
@@ -29,6 +30,8 @@ Vagrant.configure("2") do |config|
v.cpus = cpus
end
+ config.vm.synced_folder ".", "/vagrant", type: "rsync"
+
# Disabled by default. To run:
# vagrant up --provision-with=upgrade-packages
# To upgrade only specific packages:
@@ -67,30 +70,41 @@ Vagrant.configure("2") do |config|
libselinux-devel \
lsof \
make \
+ strace \
${INSTALL_PACKAGES}
SHELL
end
+ # EL does not have /usr/local/{bin,sbin} in the PATH by default
+ config.vm.provision "setup-etc-environment", type: "shell", run: "once" do |sh|
+ sh.upload_path = "/tmp/vagrant-setup-etc-environment"
+ sh.inline = <<~SHELL
+ #!/usr/bin/env bash
+ set -eux -o pipefail
+ cat >> /etc/environment <> /etc/environment <> /etc/profile.d/sh.local < /tmp/containerd.log
+ cat /tmp/containerd.log
systemctl stop containerd
}
selinux=$(getenforce)
@@ -253,7 +270,32 @@ EOF
fi
trap cleanup EXIT
ctr version
- critest --parallel=$(nproc) --report-dir="${REPORT_DIR}" --ginkgo.skip='HostIpc is true'
+ critest --parallel=$[$(nproc)+2] --ginkgo.skip='HostIpc is true' --report-dir="${REPORT_DIR}"
+ SHELL
+ end
+
+ # Rootless Podman is used for testing CRI-in-UserNS
+ # (We could use rootless nerdctl, but we are using Podman here because it is available in dnf)
+ config.vm.provision "install-rootless-podman", type: "shell", run: "never" do |sh|
+ sh.upload_path = "/tmp/vagrant-install-rootless-podman"
+ sh.inline = <<~SHELL
+ #!/usr/bin/env bash
+ set -eux -o pipefail
+ # Delegate cgroup v2 controllers to rootless
+ mkdir -p /etc/systemd/system/user@.service.d
+ cat > /etc/systemd/system/user@.service.d/delegate.conf << EOF
+[Service]
+Delegate=yes
+EOF
+ systemctl daemon-reload
+ # Install Podman
+ dnf install -y podman
+ # Configure Podman to resolve `golang` to `docker.io/library/golang`
+ mkdir -p /etc/containers
+ cat > /etc/containers/registries.conf < 0 {
+ i -= len(m.RuntimePath)
+ copy(dAtA[i:], m.RuntimePath)
+ i = encodeVarintTasks(dAtA, i, uint64(len(m.RuntimePath)))
+ i--
+ dAtA[i] = 0x52
+ }
if m.Options != nil {
{
size, err := m.Options.MarshalToSizedBuffer(dAtA[:i])
@@ -3198,6 +3208,10 @@ func (m *CreateTaskRequest) Size() (n int) {
l = m.Options.Size()
n += 1 + l + sovTasks(uint64(l))
}
+ l = len(m.RuntimePath)
+ if l > 0 {
+ n += 1 + l + sovTasks(uint64(l))
+ }
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
@@ -3747,6 +3761,7 @@ func (this *CreateTaskRequest) String() string {
`Terminal:` + fmt.Sprintf("%v", this.Terminal) + `,`,
`Checkpoint:` + strings.Replace(fmt.Sprintf("%v", this.Checkpoint), "Descriptor", "types.Descriptor", 1) + `,`,
`Options:` + strings.Replace(fmt.Sprintf("%v", this.Options), "Any", "types1.Any", 1) + `,`,
+ `RuntimePath:` + fmt.Sprintf("%v", this.RuntimePath) + `,`,
`XXX_unrecognized:` + fmt.Sprintf("%v", this.XXX_unrecognized) + `,`,
`}`,
}, "")
@@ -4385,6 +4400,38 @@ func (m *CreateTaskRequest) Unmarshal(dAtA []byte) error {
return err
}
iNdEx = postIndex
+ case 10:
+ if wireType != 2 {
+ return fmt.Errorf("proto: wrong wireType = %d for field RuntimePath", wireType)
+ }
+ var stringLen uint64
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return ErrIntOverflowTasks
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ stringLen |= uint64(b&0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
+ intStringLen := int(stringLen)
+ if intStringLen < 0 {
+ return ErrInvalidLengthTasks
+ }
+ postIndex := iNdEx + intStringLen
+ if postIndex < 0 {
+ return ErrInvalidLengthTasks
+ }
+ if postIndex > l {
+ return io.ErrUnexpectedEOF
+ }
+ m.RuntimePath = string(dAtA[iNdEx:postIndex])
+ iNdEx = postIndex
default:
iNdEx = preIndex
skippy, err := skipTasks(dAtA[iNdEx:])
diff --git a/api/services/tasks/v1/tasks.proto b/api/services/tasks/v1/tasks.proto
index 2fe72c6..6299c76 100644
--- a/api/services/tasks/v1/tasks.proto
+++ b/api/services/tasks/v1/tasks.proto
@@ -88,6 +88,8 @@ message CreateTaskRequest {
containerd.types.Descriptor checkpoint = 8;
google.protobuf.Any options = 9;
+
+ string runtime_path = 10;
}
message CreateTaskResponse {
diff --git a/api/services/ttrpc/events/v1/doc.go b/api/services/ttrpc/events/v1/doc.go
index b7f86da..d3d9839 100644
--- a/api/services/ttrpc/events/v1/doc.go
+++ b/api/services/ttrpc/events/v1/doc.go
@@ -14,5 +14,5 @@
limitations under the License.
*/
-// Package events defines the event pushing and subscription service.
+// Package events defines the ttrpc event service.
package events
diff --git a/api/services/version/v1/doc.go b/api/services/version/v1/doc.go
new file mode 100644
index 0000000..c5c0b85
--- /dev/null
+++ b/api/services/version/v1/doc.go
@@ -0,0 +1,18 @@
+/*
+ Copyright The containerd Authors.
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+*/
+
+// Package version defines the version service.
+package version
diff --git a/api/types/task/doc.go b/api/types/task/doc.go
new file mode 100644
index 0000000..e10c7a4
--- /dev/null
+++ b/api/types/task/doc.go
@@ -0,0 +1,18 @@
+/*
+ Copyright The containerd Authors.
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+*/
+
+// Package task defines the task service.
+package task
diff --git a/archive/compression/compression.go b/archive/compression/compression.go
index a883e4d..ceceb21 100644
--- a/archive/compression/compression.go
+++ b/archive/compression/compression.go
@@ -21,15 +21,16 @@ import (
"bytes"
"compress/gzip"
"context"
+ "encoding/binary"
"fmt"
"io"
"os"
- "os/exec"
"strconv"
"sync"
"github.com/containerd/containerd/log"
"github.com/klauspost/compress/zstd"
+ exec "golang.org/x/sys/execabs"
)
type (
@@ -125,17 +126,52 @@ func (r *bufferedReader) Peek(n int) ([]byte, error) {
return r.buf.Peek(n)
}
+const (
+ zstdMagicSkippableStart = 0x184D2A50
+ zstdMagicSkippableMask = 0xFFFFFFF0
+)
+
+var (
+ gzipMagic = []byte{0x1F, 0x8B, 0x08}
+ zstdMagic = []byte{0x28, 0xb5, 0x2f, 0xfd}
+)
+
+type matcher = func([]byte) bool
+
+func magicNumberMatcher(m []byte) matcher {
+ return func(source []byte) bool {
+ return bytes.HasPrefix(source, m)
+ }
+}
+
+// zstdMatcher detects zstd compression algorithm.
+// There are two frame formats defined by Zstandard: Zstandard frames and Skippable frames.
+// See https://tools.ietf.org/id/draft-kucherawy-dispatch-zstd-00.html#rfc.section.2 for more details.
+func zstdMatcher() matcher {
+ return func(source []byte) bool {
+ if bytes.HasPrefix(source, zstdMagic) {
+ // Zstandard frame
+ return true
+ }
+ // skippable frame
+ if len(source) < 8 {
+ return false
+ }
+ // magic number from 0x184D2A50 to 0x184D2A5F.
+ if binary.LittleEndian.Uint32(source[:4])&zstdMagicSkippableMask == zstdMagicSkippableStart {
+ return true
+ }
+ return false
+ }
+}
+
// DetectCompression detects the compression algorithm of the source.
func DetectCompression(source []byte) Compression {
- for compression, m := range map[Compression][]byte{
- Gzip: {0x1F, 0x8B, 0x08},
- Zstd: {0x28, 0xb5, 0x2f, 0xfd},
+ for compression, fn := range map[Compression]matcher{
+ Gzip: magicNumberMatcher(gzipMagic),
+ Zstd: zstdMatcher(),
} {
- if len(source) < len(m) {
- // Len too short
- continue
- }
- if bytes.Equal(m, source[:len(m)]) {
+ if fn(source) {
return compression
}
}
diff --git a/archive/compression/compression_test.go b/archive/compression/compression_test.go
index 7f00e9f..78daf38 100644
--- a/archive/compression/compression_test.go
+++ b/archive/compression/compression_test.go
@@ -20,15 +20,15 @@ import (
"bytes"
"compress/gzip"
"context"
+ "crypto/rand"
"io"
- "io/ioutil"
- "math/rand"
"os"
- "os/exec"
"path/filepath"
"runtime"
"strings"
"testing"
+
+ exec "golang.org/x/sys/execabs"
)
func TestMain(m *testing.M) {
@@ -79,7 +79,7 @@ func testCompressDecompress(t *testing.T, size int, compression Compression) Dec
if err != nil {
t.Fatal(err)
}
- decompressed, err := ioutil.ReadAll(decompressor)
+ decompressed, err := io.ReadAll(decompressor)
if err != nil {
t.Fatal(err)
}
@@ -122,10 +122,7 @@ func TestCompressDecompressUncompressed(t *testing.T) {
func TestDetectPigz(t *testing.T) {
// Create fake PATH with unpigz executable, make sure detectPigz can find it
- tempPath, err := ioutil.TempDir("", "containerd_temp_")
- if err != nil {
- t.Fatal(err)
- }
+ tempPath := t.TempDir()
filename := "unpigz"
if runtime.GOOS == "windows" {
@@ -134,15 +131,11 @@ func TestDetectPigz(t *testing.T) {
fullPath := filepath.Join(tempPath, filename)
- if err := ioutil.WriteFile(fullPath, []byte(""), 0111); err != nil {
+ if err := os.WriteFile(fullPath, []byte(""), 0111); err != nil {
t.Fatal(err)
}
- defer os.RemoveAll(tempPath)
-
- oldPath := os.Getenv("PATH")
- os.Setenv("PATH", tempPath)
- defer os.Setenv("PATH", oldPath)
+ t.Setenv("PATH", tempPath)
if pigzPath := detectPigz(); pigzPath == "" {
t.Fatal("failed to detect pigz path")
@@ -150,8 +143,7 @@ func TestDetectPigz(t *testing.T) {
t.Fatalf("wrong pigz found: %s != %s", pigzPath, fullPath)
}
- os.Setenv(disablePigzEnv, "1")
- defer os.Unsetenv(disablePigzEnv)
+ t.Setenv(disablePigzEnv, "1")
if pigzPath := detectPigz(); pigzPath != "" {
t.Fatalf("disable via %s doesn't work", disablePigzEnv)
@@ -164,7 +156,7 @@ func TestCmdStream(t *testing.T) {
t.Fatal(err)
}
- buf, err := ioutil.ReadAll(out)
+ buf, err := io.ReadAll(out)
if err != nil {
t.Fatalf("failed to read from stdout: %s", err)
}
@@ -180,7 +172,7 @@ func TestCmdStreamBad(t *testing.T) {
t.Fatalf("failed to start command: %v", err)
}
- if buf, err := ioutil.ReadAll(out); err == nil {
+ if buf, err := io.ReadAll(out); err == nil {
t.Fatal("command should have failed")
} else if err.Error() != "exit status 1: bad result\n" {
t.Fatalf("wrong error: %s", err.Error())
@@ -188,3 +180,39 @@ func TestCmdStreamBad(t *testing.T) {
t.Fatalf("wrong output: %s", string(buf))
}
}
+
+func TestDetectCompressionZstd(t *testing.T) {
+ for _, tc := range []struct {
+ source []byte
+ expected Compression
+ }{
+ {
+ // test zstd compression without skippable frames.
+ source: []byte{
+ 0x28, 0xb5, 0x2f, 0xfd, // magic number of Zstandard frame: 0xFD2FB528
+ 0x04, 0x00, 0x31, 0x00, 0x00, // frame header
+ 0x64, 0x6f, 0x63, 0x6b, 0x65, 0x72, // data block "docker"
+ 0x16, 0x0e, 0x21, 0xc3, // content checksum
+ },
+ expected: Zstd,
+ },
+ {
+ // test zstd compression with skippable frames.
+ source: []byte{
+ 0x50, 0x2a, 0x4d, 0x18, // magic number of skippable frame: 0x184D2A50 to 0x184D2A5F
+ 0x04, 0x00, 0x00, 0x00, // frame size
+ 0x5d, 0x00, 0x00, 0x00, // user data
+ 0x28, 0xb5, 0x2f, 0xfd, // magic number of Zstandard frame: 0xFD2FB528
+ 0x04, 0x00, 0x31, 0x00, 0x00, // frame header
+ 0x64, 0x6f, 0x63, 0x6b, 0x65, 0x72, // data block "docker"
+ 0x16, 0x0e, 0x21, 0xc3, // content checksum
+ },
+ expected: Zstd,
+ },
+ } {
+ compression := DetectCompression(tc.source)
+ if compression != tc.expected {
+ t.Fatalf("Unexpected compression %v, expected %v", compression, tc.expected)
+ }
+ }
+}
diff --git a/archive/issues_test.go b/archive/issues_test.go
index 9d54c7c..de6d090 100644
--- a/archive/issues_test.go
+++ b/archive/issues_test.go
@@ -19,7 +19,6 @@ package archive
import (
"bytes"
"context"
- "io/ioutil"
"os"
"path/filepath"
"strings"
@@ -37,11 +36,7 @@ func TestPrefixHeaderReadable(t *testing.T) {
// https://gist.github.com/stevvooe/e2a790ad4e97425896206c0816e1a882#file-out-go
var testFile = []byte("\x1f\x8b\x08\x08\x44\x21\x68\x59\x00\x03\x74\x2e\x74\x61\x72\x00\x4b\xcb\xcf\x67\xa0\x35\x30\x80\x00\x86\x06\x10\x47\x01\xc1\x37\x40\x00\x54\xb6\xb1\xa1\xa9\x99\x09\x48\x25\x1d\x40\x69\x71\x49\x62\x91\x02\xe5\x76\xa1\x79\x84\x21\x91\xd6\x80\x72\xaf\x8f\x82\x51\x30\x0a\x46\x36\x00\x00\xf0\x1c\x1e\x95\x00\x06\x00\x00")
- tmpDir, err := ioutil.TempDir("", "prefix-test")
- if err != nil {
- t.Fatal(err)
- }
- defer os.RemoveAll(tmpDir)
+ tmpDir := t.TempDir()
r, err := compression.DecompressStream(bytes.NewReader(testFile))
if err != nil {
diff --git a/archive/tar.go b/archive/tar.go
index 78a2873..2023db3 100644
--- a/archive/tar.go
+++ b/archive/tar.go
@@ -19,6 +19,8 @@ package archive
import (
"archive/tar"
"context"
+ "errors"
+ "fmt"
"io"
"os"
"path/filepath"
@@ -28,9 +30,10 @@ import (
"syscall"
"time"
+ "github.com/containerd/containerd/archive/tarheader"
"github.com/containerd/containerd/log"
+ "github.com/containerd/containerd/pkg/userns"
"github.com/containerd/continuity/fs"
- "github.com/pkg/errors"
)
var bufPool = &sync.Pool{
@@ -48,12 +51,15 @@ var errInvalidArchive = errors.New("invalid archive")
// Produces a tar using OCI style file markers for deletions. Deleted
// files will be prepended with the prefix ".wh.". This style is
// based off AUFS whiteouts.
-// See https://github.com/opencontainers/image-spec/blob/master/layer.md
+// See https://github.com/opencontainers/image-spec/blob/main/layer.md
func Diff(ctx context.Context, a, b string) io.ReadCloser {
r, w := io.Pipe()
go func() {
err := WriteDiff(ctx, w, a, b)
+ if err != nil {
+ log.G(ctx).WithError(err).Debugf("write diff failed")
+ }
if err = w.CloseWithError(err); err != nil {
log.G(ctx).WithError(err).Debugf("closing tar pipe failed")
}
@@ -68,12 +74,12 @@ func Diff(ctx context.Context, a, b string) io.ReadCloser {
// Produces a tar using OCI style file markers for deletions. Deleted
// files will be prepended with the prefix ".wh.". This style is
// based off AUFS whiteouts.
-// See https://github.com/opencontainers/image-spec/blob/master/layer.md
+// See https://github.com/opencontainers/image-spec/blob/main/layer.md
func WriteDiff(ctx context.Context, w io.Writer, a, b string, opts ...WriteDiffOpt) error {
var options WriteDiffOptions
for _, opt := range opts {
if err := opt(&options); err != nil {
- return errors.Wrap(err, "failed to apply option")
+ return fmt.Errorf("failed to apply option: %w", err)
}
}
if options.writeDiffFunc == nil {
@@ -89,12 +95,12 @@ func WriteDiff(ctx context.Context, w io.Writer, a, b string, opts ...WriteDiffO
// Produces a tar using OCI style file markers for deletions. Deleted
// files will be prepended with the prefix ".wh.". This style is
// based off AUFS whiteouts.
-// See https://github.com/opencontainers/image-spec/blob/master/layer.md
+// See https://github.com/opencontainers/image-spec/blob/main/layer.md
func writeDiffNaive(ctx context.Context, w io.Writer, a, b string, _ WriteDiffOptions) error {
- cw := newChangeWriter(w, b)
+ cw := NewChangeWriter(w, b)
err := fs.Changes(ctx, a, b, cw.HandleChange)
if err != nil {
- return errors.Wrap(err, "failed to create diff tar stream")
+ return fmt.Errorf("failed to create diff tar stream: %w", err)
}
return cw.Close()
}
@@ -102,7 +108,7 @@ func writeDiffNaive(ctx context.Context, w io.Writer, a, b string, _ WriteDiffOp
const (
// whiteoutPrefix prefix means file is a whiteout. If this is followed by a
// filename this means that file has been removed from the base layer.
- // See https://github.com/opencontainers/image-spec/blob/master/layer.md#whiteouts
+ // See https://github.com/opencontainers/image-spec/blob/main/layer.md#whiteouts
whiteoutPrefix = ".wh."
// whiteoutMetaPrefix prefix means whiteout has a special meaning and is not
@@ -115,17 +121,19 @@ const (
whiteoutOpaqueDir = whiteoutMetaPrefix + ".opq"
paxSchilyXattr = "SCHILY.xattr."
+
+ userXattrPrefix = "user."
)
// Apply applies a tar stream of an OCI style diff tar.
-// See https://github.com/opencontainers/image-spec/blob/master/layer.md#applying-changesets
+// See https://github.com/opencontainers/image-spec/blob/main/layer.md#applying-changesets
func Apply(ctx context.Context, root string, r io.Reader, opts ...ApplyOpt) (int64, error) {
root = filepath.Clean(root)
var options ApplyOptions
for _, opt := range opts {
if err := opt(&options); err != nil {
- return 0, errors.Wrap(err, "failed to apply option")
+ return 0, fmt.Errorf("failed to apply option: %w", err)
}
}
if options.Filter == nil {
@@ -140,7 +148,7 @@ func Apply(ctx context.Context, root string, r io.Reader, opts ...ApplyOpt) (int
// applyNaive applies a tar stream of an OCI style diff tar to a directory
// applying each file as either a whole file or whiteout.
-// See https://github.com/opencontainers/image-spec/blob/master/layer.md#applying-changesets
+// See https://github.com/opencontainers/image-spec/blob/main/layer.md#applying-changesets
func applyNaive(ctx context.Context, root string, r io.Reader, options ApplyOptions) (size int64, err error) {
var (
dirs []*tar.Header
@@ -233,7 +241,7 @@ func applyNaive(ctx context.Context, root string, r io.Reader, options ApplyOpti
ppath, base := filepath.Split(hdr.Name)
ppath, err = fs.RootPath(root, ppath)
if err != nil {
- return 0, errors.Wrap(err, "failed to get root path")
+ return 0, fmt.Errorf("failed to get root path: %w", err)
}
// Join to root before joining to parent path to ensure relative links are
@@ -263,7 +271,7 @@ func applyNaive(ctx context.Context, root string, r io.Reader, options ApplyOpti
}
writeFile, err := convertWhiteout(hdr, path)
if err != nil {
- return 0, errors.Wrapf(err, "failed to convert whiteout file %q", hdr.Name)
+ return 0, fmt.Errorf("failed to convert whiteout file %q: %w", hdr.Name, err)
}
if !writeFile {
continue
@@ -324,6 +332,7 @@ func createTarFile(ctx context.Context, path, extractDir string, hdr *tar.Header
}
}
+ //nolint:staticcheck // TypeRegA is deprecated but we may still receive an external tar with TypeRegA
case tar.TypeReg, tar.TypeRegA:
file, err := openFile(path, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, hdrInfo.Mode())
if err != nil {
@@ -370,12 +379,16 @@ func createTarFile(ctx context.Context, path, extractDir string, hdr *tar.Header
return nil
default:
- return errors.Errorf("unhandled tar header type %d\n", hdr.Typeflag)
+ return fmt.Errorf("unhandled tar header type %d", hdr.Typeflag)
}
// Lchown is not supported on Windows.
if runtime.GOOS != "windows" {
if err := os.Lchown(path, hdr.Uid, hdr.Gid); err != nil {
+ err = fmt.Errorf("failed to Lchown %q for UID %d, GID %d: %w", path, hdr.Uid, hdr.Gid, err)
+ if errors.Is(err, syscall.EINVAL) && userns.RunningInUserNS() {
+ err = fmt.Errorf("%w (Hint: try increasing the number of subordinate IDs in /etc/subuid and /etc/subgid)", err)
+ }
return err
}
}
@@ -384,11 +397,19 @@ func createTarFile(ctx context.Context, path, extractDir string, hdr *tar.Header
if strings.HasPrefix(key, paxSchilyXattr) {
key = key[len(paxSchilyXattr):]
if err := setxattr(path, key, value); err != nil {
+ if errors.Is(err, syscall.EPERM) && strings.HasPrefix(key, userXattrPrefix) {
+ // In the user.* namespace, only regular files and directories can have extended attributes.
+ // See https://man7.org/linux/man-pages/man7/xattr.7.html for details.
+ if fi, err := os.Lstat(path); err == nil && (!fi.Mode().IsRegular() && !fi.Mode().IsDir()) {
+ log.G(ctx).WithError(err).Warnf("ignored xattr %s in archive", key)
+ continue
+ }
+ }
if errors.Is(err, syscall.ENOTSUP) {
log.G(ctx).WithError(err).Warnf("ignored xattr %s in archive", key)
continue
}
- return err
+ return fmt.Errorf("failed to setxattr %q for key %q: %w", path, key, err)
}
}
}
@@ -461,7 +482,17 @@ func mkparent(ctx context.Context, path, root string, parents []string) error {
return nil
}
-type changeWriter struct {
+// ChangeWriter provides tar stream from filesystem change information.
+// The privided tar stream is styled as an OCI layer. Change information
+// (add/modify/delete/unmodified) for each file needs to be passed to this
+// writer through HandleChange method.
+//
+// This should be used combining with continuity's diff computing functionality
+// (e.g. `fs.Change` of github.com/containerd/continuity/fs).
+//
+// See also https://github.com/opencontainers/image-spec/blob/main/layer.md for details
+// about OCI layers
+type ChangeWriter struct {
tw *tar.Writer
source string
whiteoutT time.Time
@@ -470,8 +501,11 @@ type changeWriter struct {
addedDirs map[string]struct{}
}
-func newChangeWriter(w io.Writer, source string) *changeWriter {
- return &changeWriter{
+// NewChangeWriter returns ChangeWriter that writes tar stream of the source directory
+// to the privided writer. Change information (add/modify/delete/unmodified) for each
+// file needs to be passed through HandleChange method.
+func NewChangeWriter(w io.Writer, source string) *ChangeWriter {
+ return &ChangeWriter{
tw: tar.NewWriter(w),
source: source,
whiteoutT: time.Now(),
@@ -481,7 +515,10 @@ func newChangeWriter(w io.Writer, source string) *changeWriter {
}
}
-func (cw *changeWriter) HandleChange(k fs.ChangeKind, p string, f os.FileInfo, err error) error {
+// HandleChange receives filesystem change information and reflect that information to
+// the result tar stream. This function implements `fs.ChangeFunc` of continuity
+// (github.com/containerd/continuity/fs) and should be used with that package.
+func (cw *ChangeWriter) HandleChange(k fs.ChangeKind, p string, f os.FileInfo, err error) error {
if err != nil {
return err
}
@@ -501,7 +538,7 @@ func (cw *changeWriter) HandleChange(k fs.ChangeKind, p string, f os.FileInfo, e
return err
}
if err := cw.tw.WriteHeader(hdr); err != nil {
- return errors.Wrap(err, "failed to write whiteout header")
+ return fmt.Errorf("failed to write whiteout header: %w", err)
}
} else {
var (
@@ -519,7 +556,8 @@ func (cw *changeWriter) HandleChange(k fs.ChangeKind, p string, f os.FileInfo, e
}
}
- hdr, err := tar.FileInfoHeader(f, link)
+ // Use FileInfoHeaderNoLookups to avoid propagating user names and group names from the host
+ hdr, err := tarheader.FileInfoHeaderNoLookups(f, link)
if err != nil {
return err
}
@@ -536,12 +574,12 @@ func (cw *changeWriter) HandleChange(k fs.ChangeKind, p string, f os.FileInfo, e
if strings.HasPrefix(name, string(filepath.Separator)) {
name, err = filepath.Rel(string(filepath.Separator), name)
if err != nil {
- return errors.Wrap(err, "failed to make path relative")
+ return fmt.Errorf("failed to make path relative: %w", err)
}
}
name, err = tarName(name)
if err != nil {
- return errors.Wrap(err, "cannot canonicalize path")
+ return fmt.Errorf("cannot canonicalize path: %w", err)
}
// suffix with '/' for directories
if f.IsDir() && !strings.HasSuffix(name, "/") {
@@ -550,7 +588,7 @@ func (cw *changeWriter) HandleChange(k fs.ChangeKind, p string, f os.FileInfo, e
hdr.Name = name
if err := setHeaderForSpecialDevice(hdr, name, f); err != nil {
- return errors.Wrap(err, "failed to set device headers")
+ return fmt.Errorf("failed to set device headers: %w", err)
}
// additionalLinks stores file names which must be linked to
@@ -578,8 +616,8 @@ func (cw *changeWriter) HandleChange(k fs.ChangeKind, p string, f os.FileInfo, e
}
if capability, err := getxattr(source, "security.capability"); err != nil {
- return errors.Wrap(err, "failed to get capabilities xattr")
- } else if capability != nil {
+ return fmt.Errorf("failed to get capabilities xattr: %w", err)
+ } else if len(capability) > 0 {
if hdr.PAXRecords == nil {
hdr.PAXRecords = map[string]string{}
}
@@ -590,19 +628,19 @@ func (cw *changeWriter) HandleChange(k fs.ChangeKind, p string, f os.FileInfo, e
return err
}
if err := cw.tw.WriteHeader(hdr); err != nil {
- return errors.Wrap(err, "failed to write file header")
+ return fmt.Errorf("failed to write file header: %w", err)
}
if hdr.Typeflag == tar.TypeReg && hdr.Size > 0 {
file, err := open(source)
if err != nil {
- return errors.Wrapf(err, "failed to open path: %v", source)
+ return fmt.Errorf("failed to open path: %v: %w", source, err)
}
defer file.Close()
n, err := copyBuffered(context.TODO(), cw.tw, file)
if err != nil {
- return errors.Wrap(err, "failed to copy")
+ return fmt.Errorf("failed to copy: %w", err)
}
if n != hdr.Size {
return errors.New("short write copying file")
@@ -621,7 +659,7 @@ func (cw *changeWriter) HandleChange(k fs.ChangeKind, p string, f os.FileInfo, e
return err
}
if err := cw.tw.WriteHeader(hdr); err != nil {
- return errors.Wrap(err, "failed to write file header")
+ return fmt.Errorf("failed to write file header: %w", err)
}
}
}
@@ -629,14 +667,15 @@ func (cw *changeWriter) HandleChange(k fs.ChangeKind, p string, f os.FileInfo, e
return nil
}
-func (cw *changeWriter) Close() error {
+// Close closes this writer.
+func (cw *ChangeWriter) Close() error {
if err := cw.tw.Close(); err != nil {
- return errors.Wrap(err, "failed to close tar writer")
+ return fmt.Errorf("failed to close tar writer: %w", err)
}
return nil
}
-func (cw *changeWriter) includeParents(hdr *tar.Header) error {
+func (cw *ChangeWriter) includeParents(hdr *tar.Header) error {
if cw.addedDirs == nil {
return nil
}
@@ -744,7 +783,7 @@ func validateWhiteout(path string) error {
dir += string(filepath.Separator)
}
if !strings.HasPrefix(originalPath, dir) {
- return errors.Wrapf(errInvalidArchive, "invalid whiteout name: %v", base)
+ return fmt.Errorf("invalid whiteout name: %v: %w", base, errInvalidArchive)
}
}
return nil
diff --git a/archive/tar_freebsd.go b/archive/tar_freebsd.go
index ce4dffd..fb5abff 100644
--- a/archive/tar_freebsd.go
+++ b/archive/tar_freebsd.go
@@ -1,5 +1,3 @@
-// +build freebsd
-
/*
Copyright The containerd Authors.
diff --git a/archive/tar_linux_test.go b/archive/tar_linux_test.go
index 2ef8d43..bfe056f 100644
--- a/archive/tar_linux_test.go
+++ b/archive/tar_linux_test.go
@@ -1,5 +1,3 @@
-// +build linux
-
/*
Copyright The containerd Authors.
@@ -23,7 +21,6 @@ import (
"context"
"fmt"
"io"
- "io/ioutil"
"os"
"strings"
"testing"
@@ -34,17 +31,12 @@ import (
"github.com/containerd/containerd/snapshots/overlay/overlayutils"
"github.com/containerd/continuity/fs"
"github.com/containerd/continuity/fs/fstest"
- "github.com/pkg/errors"
)
func TestOverlayApply(t *testing.T) {
testutil.RequiresRoot(t)
- base, err := ioutil.TempDir("", "test-ovl-diff-apply-")
- if err != nil {
- t.Fatalf("unable to create temp dir: %+v", err)
- }
- defer os.RemoveAll(base)
+ base := t.TempDir()
if err := overlayutils.Supported(base); err != nil {
t.Skipf("skipping because overlay is not supported %v", err)
@@ -59,11 +51,7 @@ func TestOverlayApply(t *testing.T) {
func TestOverlayApplyNoParents(t *testing.T) {
testutil.RequiresRoot(t)
- base, err := ioutil.TempDir("", "test-ovl-diff-apply-")
- if err != nil {
- t.Fatalf("unable to create temp dir: %+v", err)
- }
- defer os.RemoveAll(base)
+ base := t.TempDir()
if err := overlayutils.Supported(base); err != nil {
t.Skipf("skipping because overlay is not supported %v", err)
@@ -71,11 +59,11 @@ func TestOverlayApplyNoParents(t *testing.T) {
fstest.FSSuite(t, overlayDiffApplier{
tmp: base,
diff: func(ctx context.Context, w io.Writer, a, b string, _ ...WriteDiffOpt) error {
- cw := newChangeWriter(w, b)
+ cw := NewChangeWriter(w, b)
cw.addedDirs = nil
err := fs.Changes(ctx, a, b, cw.HandleChange)
if err != nil {
- return errors.Wrap(err, "failed to create diff tar stream")
+ return fmt.Errorf("failed to create diff tar stream: %w", err)
}
return cw.Close()
},
@@ -98,9 +86,9 @@ type overlayContext struct {
type contextKey struct{}
func (d overlayDiffApplier) TestContext(ctx context.Context) (context.Context, func(), error) {
- merged, err := ioutil.TempDir(d.tmp, "merged")
+ merged, err := os.MkdirTemp(d.tmp, "merged")
if err != nil {
- return ctx, nil, errors.Wrap(err, "failed to make merged dir")
+ return ctx, nil, fmt.Errorf("failed to make merged dir: %w", err)
}
oc := &overlayContext{
@@ -119,9 +107,9 @@ func (d overlayDiffApplier) TestContext(ctx context.Context) (context.Context, f
func (d overlayDiffApplier) Apply(ctx context.Context, a fstest.Applier) (string, func(), error) {
oc := ctx.Value(contextKey{}).(*overlayContext)
- applyCopy, err := ioutil.TempDir(d.tmp, "apply-copy-")
+ applyCopy, err := os.MkdirTemp(d.tmp, "apply-copy-")
if err != nil {
- return "", nil, errors.Wrap(err, "failed to create temp dir")
+ return "", nil, fmt.Errorf("failed to create temp dir: %w", err)
}
defer os.RemoveAll(applyCopy)
@@ -131,33 +119,33 @@ func (d overlayDiffApplier) Apply(ctx context.Context, a fstest.Applier) (string
}
if err = fs.CopyDir(applyCopy, base); err != nil {
- return "", nil, errors.Wrap(err, "failed to copy base")
+ return "", nil, fmt.Errorf("failed to copy base: %w", err)
}
if err := a.Apply(applyCopy); err != nil {
- return "", nil, errors.Wrap(err, "failed to apply changes to copy of base")
+ return "", nil, fmt.Errorf("failed to apply changes to copy of base: %w", err)
}
buf := bytes.NewBuffer(nil)
if err := d.diff(ctx, buf, base, applyCopy); err != nil {
- return "", nil, errors.Wrap(err, "failed to create diff")
+ return "", nil, fmt.Errorf("failed to create diff: %w", err)
}
if oc.mounted {
if err := mount.Unmount(oc.merged, 0); err != nil {
- return "", nil, errors.Wrap(err, "failed to unmount")
+ return "", nil, fmt.Errorf("failed to unmount: %w", err)
}
oc.mounted = false
}
- next, err := ioutil.TempDir(d.tmp, "lower-")
+ next, err := os.MkdirTemp(d.tmp, "lower-")
if err != nil {
- return "", nil, errors.Wrap(err, "failed to create temp dir")
+ return "", nil, fmt.Errorf("failed to create temp dir: %w", err)
}
if _, err = Apply(ctx, next, buf, WithConvertWhiteout(OverlayConvertWhiteout), WithParents(oc.lowers)); err != nil {
- return "", nil, errors.Wrap(err, "failed to apply tar stream")
+ return "", nil, fmt.Errorf("failed to apply tar stream: %w", err)
}
oc.lowers = append([]string{next}, oc.lowers...)
@@ -175,7 +163,7 @@ func (d overlayDiffApplier) Apply(ctx context.Context, a fstest.Applier) (string
}
if err := m.Mount(oc.merged); err != nil {
- return "", nil, errors.Wrapf(err, "failed to mount: %v", m)
+ return "", nil, fmt.Errorf("failed to mount: %v: %w", m, err)
}
oc.mounted = true
diff --git a/archive/tar_mostunix.go b/archive/tar_mostunix.go
index 9cd1f0f..d2d9703 100644
--- a/archive/tar_mostunix.go
+++ b/archive/tar_mostunix.go
@@ -1,3 +1,4 @@
+//go:build !windows && !freebsd
// +build !windows,!freebsd
/*
diff --git a/archive/tar_opts_linux.go b/archive/tar_opts_linux.go
index 38ef9e9..f88d826 100644
--- a/archive/tar_opts_linux.go
+++ b/archive/tar_opts_linux.go
@@ -1,5 +1,3 @@
-// +build linux
-
/*
Copyright The containerd Authors.
diff --git a/archive/tar_opts_windows.go b/archive/tar_opts_windows.go
index d3b8f4f..0ba3cd0 100644
--- a/archive/tar_opts_windows.go
+++ b/archive/tar_opts_windows.go
@@ -1,5 +1,3 @@
-// +build windows
-
/*
Copyright The containerd Authors.
@@ -26,7 +24,7 @@ import (
)
// applyWindowsLayer applies a tar stream of an OCI style diff tar of a Windows layer
-// See https://github.com/opencontainers/image-spec/blob/master/layer.md#applying-changesets
+// See https://github.com/opencontainers/image-spec/blob/main/layer.md#applying-changesets
func applyWindowsLayer(ctx context.Context, root string, r io.Reader, options ApplyOptions) (size int64, err error) {
return ociwclayer.ImportLayerFromTar(ctx, r, root, options.Parents)
}
@@ -47,7 +45,7 @@ func AsWindowsContainerLayer() ApplyOpt {
// Produces a tar using OCI style file markers for deletions. Deleted
// files will be prepended with the prefix ".wh.". This style is
// based off AUFS whiteouts.
-// See https://github.com/opencontainers/image-spec/blob/master/layer.md
+// See https://github.com/opencontainers/image-spec/blob/main/layer.md
func writeDiffWindowsLayers(ctx context.Context, w io.Writer, _, layer string, options WriteDiffOptions) error {
return ociwclayer.ExportLayerToTar(ctx, w, layer, options.ParentLayers)
}
diff --git a/archive/tar_test.go b/archive/tar_test.go
index dcea0b4..3ffb697 100644
--- a/archive/tar_test.go
+++ b/archive/tar_test.go
@@ -1,3 +1,4 @@
+//go:build !windows && !darwin
// +build !windows,!darwin
/*
@@ -22,22 +23,20 @@ import (
"archive/tar"
"bytes"
"context"
+ _ "crypto/sha256"
+ "errors"
"fmt"
"io"
- "io/ioutil"
"os"
- "os/exec"
"path/filepath"
"testing"
"time"
- _ "crypto/sha256"
-
"github.com/containerd/containerd/archive/tartest"
"github.com/containerd/containerd/pkg/testutil"
"github.com/containerd/continuity/fs"
"github.com/containerd/continuity/fs/fstest"
- "github.com/pkg/errors"
+ exec "golang.org/x/sys/execabs"
)
const tarCmd = "tar"
@@ -58,7 +57,7 @@ var baseApplier = fstest.Apply(
func TestUnpack(t *testing.T) {
requireTar(t)
- if err := testApply(baseApplier); err != nil {
+ if err := testApply(t, baseApplier); err != nil {
t.Fatalf("Test apply failed: %+v", err)
}
}
@@ -66,7 +65,7 @@ func TestUnpack(t *testing.T) {
func TestBaseDiff(t *testing.T) {
requireTar(t)
- if err := testBaseDiff(baseApplier); err != nil {
+ if err := testBaseDiff(t, baseApplier); err != nil {
t.Fatalf("Test base diff failed: %+v", err)
}
}
@@ -102,7 +101,7 @@ func TestRelativeSymlinks(t *testing.T) {
}
for _, bo := range breakoutLinks {
- if err := testDiffApply(bo); err != nil {
+ if err := testDiffApply(t, bo); err != nil {
t.Fatalf("Test apply failed: %+v", err)
}
}
@@ -179,7 +178,7 @@ func TestSymlinks(t *testing.T) {
}
for i, l := range links {
- if err := testDiffApply(l[0], l[1]); err != nil {
+ if err := testDiffApply(t, l[0], l[1]); err != nil {
t.Fatalf("Test[%d] apply failed: %+v", i+1, err)
}
}
@@ -233,21 +232,17 @@ func TestBreakouts(t *testing.T) {
tc := tartest.TarContext{}.WithUIDGID(os.Getuid(), os.Getgid()).WithModTime(time.Now().UTC())
expected := "unbroken"
unbrokenCheck := func(root string) error {
- b, err := ioutil.ReadFile(filepath.Join(root, "etc", "unbroken"))
+ b, err := os.ReadFile(filepath.Join(root, "etc", "unbroken"))
if err != nil {
- return errors.Wrap(err, "failed to read unbroken")
+ return fmt.Errorf("failed to read unbroken: %w", err)
}
if string(b) != expected {
- return errors.Errorf("/etc/unbroken: unexpected value %s, expected %s", b, expected)
+ return fmt.Errorf("/etc/unbroken: unexpected value %s, expected %s", b, expected)
}
return nil
}
errFileDiff := errors.New("files differ")
- td, err := ioutil.TempDir("", "test-breakouts-")
- if err != nil {
- t.Fatal(err)
- }
- defer os.RemoveAll(td)
+ td := t.TempDir()
isSymlinkFile := func(f string) func(string) error {
return func(root string) error {
@@ -257,7 +252,7 @@ func TestBreakouts(t *testing.T) {
}
if got := fi.Mode() & os.ModeSymlink; got != os.ModeSymlink {
- return errors.Errorf("%s should be symlink", fi.Name())
+ return fmt.Errorf("%s should be symlink", fi.Name())
}
return nil
}
@@ -285,7 +280,7 @@ func TestBreakouts(t *testing.T) {
}
if t1 != t2 {
- return errors.Wrapf(errFileDiff, "%#v and %#v", t1, t2)
+ return fmt.Errorf("%#v and %#v: %w", t1, t2, errFileDiff)
}
return nil
}
@@ -310,7 +305,7 @@ func TestBreakouts(t *testing.T) {
return err
}
if !os.SameFile(s1, s2) {
- return errors.Wrapf(errFileDiff, "%#v and %#v", s1, s2)
+ return fmt.Errorf("%#v and %#v: %w", s1, s2, errFileDiff)
}
return nil
}
@@ -330,12 +325,12 @@ func TestBreakouts(t *testing.T) {
}
fileValue := func(f1 string, content []byte) func(string) error {
return func(root string) error {
- b, err := ioutil.ReadFile(filepath.Join(root, f1))
+ b, err := os.ReadFile(filepath.Join(root, f1))
if err != nil {
return err
}
if !bytes.Equal(b, content) {
- return errors.Errorf("content differs: expected %v, got %v", content, b)
+ return fmt.Errorf("content differs: expected %v, got %v", content, b)
}
return nil
}
@@ -420,12 +415,12 @@ func TestBreakouts(t *testing.T) {
tc.File("/localetc/emptied", []byte{}, 0644),
),
validator: func(root string) error {
- b, err := ioutil.ReadFile(filepath.Join(root, "etc", "emptied"))
+ b, err := os.ReadFile(filepath.Join(root, "etc", "emptied"))
if err != nil {
- return errors.Wrap(err, "failed to read unbroken")
+ return fmt.Errorf("failed to read unbroken: %w", err)
}
if len(b) > 0 {
- return errors.Errorf("/etc/emptied: non-empty")
+ return errors.New("/etc/emptied: non-empty")
}
return nil
},
@@ -754,11 +749,11 @@ func TestBreakouts(t *testing.T) {
name: "HardlinkSymlinkChmod",
w: func() tartest.WriterToTar {
p := filepath.Join(td, "perm400")
- if err := ioutil.WriteFile(p, []byte("..."), 0400); err != nil {
+ if err := os.WriteFile(p, []byte("..."), 0400); err != nil {
t.Fatal(err)
}
ep := filepath.Join(td, "also-exists-outside-root")
- if err := ioutil.WriteFile(ep, []byte("..."), 0640); err != nil {
+ if err := os.WriteFile(ep, []byte("..."), 0640); err != nil {
t.Fatal(err)
}
@@ -774,7 +769,7 @@ func TestBreakouts(t *testing.T) {
return err
}
if perm := fi.Mode() & os.ModePerm; perm != 0400 {
- return errors.Errorf("%s perm changed from 0400 to %04o", p, perm)
+ return fmt.Errorf("%s perm changed from 0400 to %04o", p, perm)
}
return nil
},
@@ -800,7 +795,7 @@ func TestApplyTar(t *testing.T) {
return err
}
if _, err := os.Stat(p); err != nil {
- return errors.Wrapf(err, "failure checking existence for %v", d)
+ return fmt.Errorf("failure checking existence for %v: %w", d, err)
}
}
return nil
@@ -841,26 +836,18 @@ func TestApplyTar(t *testing.T) {
}
}
-func testApply(a fstest.Applier) error {
- td, err := ioutil.TempDir("", "test-apply-")
- if err != nil {
- return errors.Wrap(err, "failed to create temp dir")
- }
- defer os.RemoveAll(td)
- dest, err := ioutil.TempDir("", "test-apply-dest-")
- if err != nil {
- return errors.Wrap(err, "failed to create temp dir")
- }
- defer os.RemoveAll(dest)
+func testApply(t *testing.T, a fstest.Applier) error {
+ td := t.TempDir()
+ dest := t.TempDir()
if err := a.Apply(td); err != nil {
- return errors.Wrap(err, "failed to apply filesystem changes")
+ return fmt.Errorf("failed to apply filesystem changes: %w", err)
}
tarArgs := []string{"c", "-C", td}
names, err := readDirNames(td)
if err != nil {
- return errors.Wrap(err, "failed to read directory names")
+ return fmt.Errorf("failed to read directory names: %w", err)
}
tarArgs = append(tarArgs, names...)
@@ -868,34 +855,26 @@ func testApply(a fstest.Applier) error {
arch, err := cmd.StdoutPipe()
if err != nil {
- return errors.Wrap(err, "failed to create stdout pipe")
+ return fmt.Errorf("failed to create stdout pipe: %w", err)
}
if err := cmd.Start(); err != nil {
- return errors.Wrap(err, "failed to start command")
+ return fmt.Errorf("failed to start command: %w", err)
}
if _, err := Apply(context.Background(), dest, arch); err != nil {
- return errors.Wrap(err, "failed to apply tar stream")
+ return fmt.Errorf("failed to apply tar stream: %w", err)
}
return fstest.CheckDirectoryEqual(td, dest)
}
-func testBaseDiff(a fstest.Applier) error {
- td, err := ioutil.TempDir("", "test-base-diff-")
- if err != nil {
- return errors.Wrap(err, "failed to create temp dir")
- }
- defer os.RemoveAll(td)
- dest, err := ioutil.TempDir("", "test-base-diff-dest-")
- if err != nil {
- return errors.Wrap(err, "failed to create temp dir")
- }
- defer os.RemoveAll(dest)
+func testBaseDiff(t *testing.T, a fstest.Applier) error {
+ td := t.TempDir()
+ dest := t.TempDir()
if err := a.Apply(td); err != nil {
- return errors.Wrap(err, "failed to apply filesystem changes")
+ return fmt.Errorf("failed to apply filesystem changes: %w", err)
}
arch := Diff(context.Background(), "", td)
@@ -903,27 +882,19 @@ func testBaseDiff(a fstest.Applier) error {
cmd := exec.Command(tarCmd, "x", "-C", dest)
cmd.Stdin = arch
if err := cmd.Run(); err != nil {
- return errors.Wrap(err, "tar command failed")
+ return fmt.Errorf("tar command failed: %w", err)
}
return fstest.CheckDirectoryEqual(td, dest)
}
-func testDiffApply(appliers ...fstest.Applier) error {
- td, err := ioutil.TempDir("", "test-diff-apply-")
- if err != nil {
- return errors.Wrap(err, "failed to create temp dir")
- }
- defer os.RemoveAll(td)
- dest, err := ioutil.TempDir("", "test-diff-apply-dest-")
- if err != nil {
- return errors.Wrap(err, "failed to create temp dir")
- }
- defer os.RemoveAll(dest)
+func testDiffApply(t *testing.T, appliers ...fstest.Applier) error {
+ td := t.TempDir()
+ dest := t.TempDir()
for _, a := range appliers {
if err := a.Apply(td); err != nil {
- return errors.Wrap(err, "failed to apply filesystem changes")
+ return fmt.Errorf("failed to apply filesystem changes: %w", err)
}
}
@@ -931,18 +902,18 @@ func testDiffApply(appliers ...fstest.Applier) error {
if len(appliers) > 1 {
for _, a := range appliers[:len(appliers)-1] {
if err := a.Apply(dest); err != nil {
- return errors.Wrap(err, "failed to apply base filesystem changes")
+ return fmt.Errorf("failed to apply base filesystem changes: %w", err)
}
}
}
- diffBytes, err := ioutil.ReadAll(Diff(context.Background(), dest, td))
+ diffBytes, err := io.ReadAll(Diff(context.Background(), dest, td))
if err != nil {
- return errors.Wrap(err, "failed to create diff")
+ return fmt.Errorf("failed to create diff: %w", err)
}
if _, err := Apply(context.Background(), dest, bytes.NewReader(diffBytes)); err != nil {
- return errors.Wrap(err, "failed to apply tar stream")
+ return fmt.Errorf("failed to apply tar stream: %w", err)
}
return fstest.CheckDirectoryEqual(td, dest)
@@ -950,11 +921,7 @@ func testDiffApply(appliers ...fstest.Applier) error {
func makeWriterToTarTest(wt tartest.WriterToTar, a fstest.Applier, validate func(string) error, applyErr error) func(*testing.T) {
return func(t *testing.T) {
- td, err := ioutil.TempDir("", "test-writer-to-tar-")
- if err != nil {
- t.Fatalf("Failed to create temp dir: %v", err)
- }
- defer os.RemoveAll(td)
+ td := t.TempDir()
if a != nil {
if err := a.Apply(td); err != nil {
@@ -1194,10 +1161,10 @@ func dirEntry(name string, mode int) tarEntryValidator {
return errors.New("not directory type")
}
if hdr.Name != name {
- return errors.Errorf("wrong name %q, expected %q", hdr.Name, name)
+ return fmt.Errorf("wrong name %q, expected %q", hdr.Name, name)
}
if hdr.Mode != int64(mode) {
- return errors.Errorf("wrong mode %o, expected %o", hdr.Mode, mode)
+ return fmt.Errorf("wrong mode %o, expected %o", hdr.Mode, mode)
}
return nil
}
@@ -1209,13 +1176,13 @@ func fileEntry(name string, expected []byte, mode int) tarEntryValidator {
return errors.New("not file type")
}
if hdr.Name != name {
- return errors.Errorf("wrong name %q, expected %q", hdr.Name, name)
+ return fmt.Errorf("wrong name %q, expected %q", hdr.Name, name)
}
if hdr.Mode != int64(mode) {
- return errors.Errorf("wrong mode %o, expected %o", hdr.Mode, mode)
+ return fmt.Errorf("wrong mode %o, expected %o", hdr.Mode, mode)
}
if !bytes.Equal(b, expected) {
- return errors.Errorf("different file content")
+ return errors.New("different file content")
}
return nil
}
@@ -1227,10 +1194,10 @@ func linkEntry(name, link string) tarEntryValidator {
return errors.New("not link type")
}
if hdr.Name != name {
- return errors.Errorf("wrong name %q, expected %q", hdr.Name, name)
+ return fmt.Errorf("wrong name %q, expected %q", hdr.Name, name)
}
if hdr.Linkname != link {
- return errors.Errorf("wrong link %q, expected %q", hdr.Linkname, link)
+ return fmt.Errorf("wrong link %q, expected %q", hdr.Linkname, link)
}
return nil
}
@@ -1243,10 +1210,10 @@ func whiteoutEntry(name string) tarEntryValidator {
return func(hdr *tar.Header, b []byte) error {
if hdr.Typeflag != tar.TypeReg {
- return errors.Errorf("not file type: %q", hdr.Typeflag)
+ return fmt.Errorf("not file type: %q", hdr.Typeflag)
}
if hdr.Name != whiteOut {
- return errors.Errorf("wrong name %q, expected whiteout %q", hdr.Name, name)
+ return fmt.Errorf("wrong name %q, expected whiteout %q", hdr.Name, name)
}
return nil
}
@@ -1254,20 +1221,12 @@ func whiteoutEntry(name string) tarEntryValidator {
func makeDiffTarTest(validators []tarEntryValidator, a, b fstest.Applier) func(*testing.T) {
return func(t *testing.T) {
- ad, err := ioutil.TempDir("", "test-make-diff-tar-")
- if err != nil {
- t.Fatalf("failed to create temp dir: %v", err)
- }
- defer os.RemoveAll(ad)
+ ad := t.TempDir()
if err := a.Apply(ad); err != nil {
t.Fatalf("failed to apply a: %v", err)
}
- bd, err := ioutil.TempDir("", "test-make-diff-tar-")
- if err != nil {
- t.Fatalf("failed to create temp dir: %v", err)
- }
- defer os.RemoveAll(bd)
+ bd := t.TempDir()
if err := fs.CopyDir(bd, ad); err != nil {
t.Fatalf("failed to copy dir: %v", err)
}
@@ -1289,7 +1248,7 @@ func makeDiffTarTest(validators []tarEntryValidator, a, b fstest.Applier) func(*
}
var b []byte
if hdr.Typeflag == tar.TypeReg && hdr.Size > 0 {
- b, err = ioutil.ReadAll(tr)
+ b, err = io.ReadAll(tr)
if err != nil {
t.Fatalf("tar read file error: %v", err)
}
@@ -1307,9 +1266,9 @@ func makeDiffTarTest(validators []tarEntryValidator, a, b fstest.Applier) func(*
type diffApplier struct{}
func (d diffApplier) TestContext(ctx context.Context) (context.Context, func(), error) {
- base, err := ioutil.TempDir("", "test-diff-apply-")
+ base, err := os.MkdirTemp("", "test-diff-apply-")
if err != nil {
- return ctx, nil, errors.Wrap(err, "failed to create temp dir")
+ return ctx, nil, fmt.Errorf("failed to create temp dir: %w", err)
}
return context.WithValue(ctx, d, base), func() {
os.RemoveAll(base)
@@ -1319,32 +1278,32 @@ func (d diffApplier) TestContext(ctx context.Context) (context.Context, func(),
func (d diffApplier) Apply(ctx context.Context, a fstest.Applier) (string, func(), error) {
base := ctx.Value(d).(string)
- applyCopy, err := ioutil.TempDir("", "test-diffapply-apply-copy-")
+ applyCopy, err := os.MkdirTemp("", "test-diffapply-apply-copy-")
if err != nil {
- return "", nil, errors.Wrap(err, "failed to create temp dir")
+ return "", nil, fmt.Errorf("failed to create temp dir: %w", err)
}
defer os.RemoveAll(applyCopy)
if err = fs.CopyDir(applyCopy, base); err != nil {
- return "", nil, errors.Wrap(err, "failed to copy base")
+ return "", nil, fmt.Errorf("failed to copy base: %w", err)
}
if err := a.Apply(applyCopy); err != nil {
- return "", nil, errors.Wrap(err, "failed to apply changes to copy of base")
+ return "", nil, fmt.Errorf("failed to apply changes to copy of base: %w", err)
}
- diffBytes, err := ioutil.ReadAll(Diff(ctx, base, applyCopy))
+ diffBytes, err := io.ReadAll(Diff(ctx, base, applyCopy))
if err != nil {
- return "", nil, errors.Wrap(err, "failed to create diff")
+ return "", nil, fmt.Errorf("failed to create diff: %w", err)
}
if _, err = Apply(ctx, base, bytes.NewReader(diffBytes)); err != nil {
- return "", nil, errors.Wrap(err, "failed to apply tar stream")
+ return "", nil, fmt.Errorf("failed to apply tar stream: %w", err)
}
return base, nil, nil
}
func readDirNames(p string) ([]string, error) {
- fis, err := ioutil.ReadDir(p)
+ fis, err := os.ReadDir(p)
if err != nil {
return nil, err
}
diff --git a/archive/tar_unix.go b/archive/tar_unix.go
index cd2be74..d84dfd8 100644
--- a/archive/tar_unix.go
+++ b/archive/tar_unix.go
@@ -1,3 +1,4 @@
+//go:build !windows
// +build !windows
/*
@@ -20,14 +21,16 @@ package archive
import (
"archive/tar"
+ "errors"
+ "fmt"
"os"
+ "runtime"
"strings"
"syscall"
"github.com/containerd/containerd/pkg/userns"
"github.com/containerd/continuity/fs"
"github.com/containerd/continuity/sysx"
- "github.com/pkg/errors"
"golang.org/x/sys/unix"
)
@@ -40,13 +43,26 @@ func chmodTarEntry(perm os.FileMode) os.FileMode {
}
func setHeaderForSpecialDevice(hdr *tar.Header, name string, fi os.FileInfo) error {
+ // Devmajor and Devminor are only needed for special devices.
+
+ // In FreeBSD, RDev for regular files is -1 (unless overridden by FS):
+ // https://cgit.freebsd.org/src/tree/sys/kern/vfs_default.c?h=stable/13#n1531
+ // (NODEV is -1: https://cgit.freebsd.org/src/tree/sys/sys/param.h?h=stable/13#n241).
+
+ // ZFS in particular does not override the default:
+ // https://cgit.freebsd.org/src/tree/sys/contrib/openzfs/module/os/freebsd/zfs/zfs_vnops_os.c?h=stable/13#n2027
+
+ // Since `Stat_t.Rdev` is uint64, the cast turns -1 into (2^64 - 1).
+ // Such large values cannot be encoded in a tar header.
+ if runtime.GOOS == "freebsd" && hdr.Typeflag != tar.TypeBlock && hdr.Typeflag != tar.TypeChar {
+ return nil
+ }
s, ok := fi.Sys().(*syscall.Stat_t)
if !ok {
return errors.New("unsupported stat type")
}
- // Rdev is int32 on darwin/bsd, int64 on linux/solaris
- rdev := uint64(s.Rdev) // nolint: unconvert
+ rdev := uint64(s.Rdev) //nolint:nolintlint,unconvert // rdev is int32 on darwin/bsd, int64 on linux/solaris
// Currently go does not fill in the major/minors
if s.Mode&syscall.S_IFBLK != 0 ||
@@ -69,6 +85,7 @@ func openFile(name string, flag int, perm os.FileMode) (*os.File, error) {
}
// Call chmod to avoid permission mask
if err := os.Chmod(name, perm); err != nil {
+ f.Close()
return nil, err
}
return f, err
@@ -122,7 +139,7 @@ func getxattr(path, attr string) ([]byte, error) {
func setxattr(path, key, value string) error {
// Do not set trusted attributes
if strings.HasPrefix(key, "trusted.") {
- return errors.Wrap(unix.ENOTSUP, "admin attributes from archive not supported")
+ return fmt.Errorf("admin attributes from archive not supported: %w", unix.ENOTSUP)
}
return unix.Lsetxattr(path, key, []byte(value), 0)
}
@@ -142,12 +159,12 @@ func copyDirInfo(fi os.FileInfo, path string) error {
}
}
if err != nil {
- return errors.Wrapf(err, "failed to chown %s", path)
+ return fmt.Errorf("failed to chown %s: %w", path, err)
}
}
if err := os.Chmod(path, fi.Mode()); err != nil {
- return errors.Wrapf(err, "failed to chmod %s", path)
+ return fmt.Errorf("failed to chmod %s: %w", path, err)
}
timespec := []unix.Timespec{
@@ -155,7 +172,7 @@ func copyDirInfo(fi os.FileInfo, path string) error {
unix.NsecToTimespec(syscall.TimespecToNsec(fs.StatMtime(st))),
}
if err := unix.UtimesNanoAt(unix.AT_FDCWD, path, timespec, unix.AT_SYMLINK_NOFOLLOW); err != nil {
- return errors.Wrapf(err, "failed to utime %s", path)
+ return fmt.Errorf("failed to utime %s: %w", path, err)
}
return nil
@@ -167,7 +184,7 @@ func copyUpXAttrs(dst, src string) error {
if err == unix.ENOTSUP || err == sysx.ENODATA {
return nil
}
- return errors.Wrapf(err, "failed to list xattrs on %s", src)
+ return fmt.Errorf("failed to list xattrs on %s: %w", src, err)
}
for _, xattr := range xattrKeys {
// Do not copy up trusted attributes
@@ -179,10 +196,10 @@ func copyUpXAttrs(dst, src string) error {
if err == unix.ENOTSUP || err == sysx.ENODATA {
continue
}
- return errors.Wrapf(err, "failed to get xattr %q on %s", xattr, src)
+ return fmt.Errorf("failed to get xattr %q on %s: %w", xattr, src, err)
}
if err := lsetxattrCreate(dst, xattr, data); err != nil {
- return errors.Wrapf(err, "failed to set xattr %q on %s", xattr, dst)
+ return fmt.Errorf("failed to set xattr %q on %s: %w", xattr, dst, err)
}
}
diff --git a/archive/tar_windows.go b/archive/tar_windows.go
index 3184070..4b71c1e 100644
--- a/archive/tar_windows.go
+++ b/archive/tar_windows.go
@@ -1,5 +1,3 @@
-// +build windows
-
/*
Copyright The containerd Authors.
@@ -20,12 +18,12 @@ package archive
import (
"archive/tar"
+ "errors"
"fmt"
"os"
"strings"
"github.com/containerd/containerd/sys"
- "github.com/pkg/errors"
)
// tarName returns platform-specific filepath
@@ -114,7 +112,7 @@ func setxattr(path, key, value string) error {
func copyDirInfo(fi os.FileInfo, path string) error {
if err := os.Chmod(path, fi.Mode()); err != nil {
- return errors.Wrapf(err, "failed to chmod %s", path)
+ return fmt.Errorf("failed to chmod %s: %w", path, err)
}
return nil
}
diff --git a/archive/tarheader/tarheader.go b/archive/tarheader/tarheader.go
new file mode 100644
index 0000000..2f93842
--- /dev/null
+++ b/archive/tarheader/tarheader.go
@@ -0,0 +1,82 @@
+/*
+ Copyright The containerd Authors.
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+*/
+
+/*
+ Portions from https://github.com/moby/moby/blob/v23.0.1/pkg/archive/archive.go#L419-L464
+ Copyright (C) Docker/Moby authors.
+ Licensed under the Apache License, Version 2.0
+ NOTICE: https://github.com/moby/moby/blob/v23.0.1/NOTICE
+*/
+
+package tarheader
+
+import (
+ "archive/tar"
+ "os"
+)
+
+// nosysFileInfo hides the system-dependent info of the wrapped FileInfo to
+// prevent tar.FileInfoHeader from introspecting it and potentially calling into
+// glibc.
+//
+// From https://github.com/moby/moby/blob/v23.0.1/pkg/archive/archive.go#L419-L434 .
+type nosysFileInfo struct {
+ os.FileInfo
+}
+
+func (fi nosysFileInfo) Sys() interface{} {
+ // A Sys value of type *tar.Header is safe as it is system-independent.
+ // The tar.FileInfoHeader function copies the fields into the returned
+ // header without performing any OS lookups.
+ if sys, ok := fi.FileInfo.Sys().(*tar.Header); ok {
+ return sys
+ }
+ return nil
+}
+
+// sysStat, if non-nil, populates hdr from system-dependent fields of fi.
+//
+// From https://github.com/moby/moby/blob/v23.0.1/pkg/archive/archive.go#L436-L437 .
+var sysStat func(fi os.FileInfo, hdr *tar.Header) error
+
+// FileInfoHeaderNoLookups creates a partially-populated tar.Header from fi.
+//
+// Compared to the archive/tar.FileInfoHeader function, this function is safe to
+// call from a chrooted process as it does not populate fields which would
+// require operating system lookups. It behaves identically to
+// tar.FileInfoHeader when fi is a FileInfo value returned from
+// tar.Header.FileInfo().
+//
+// When fi is a FileInfo for a native file, such as returned from os.Stat() and
+// os.Lstat(), the returned Header value differs from one returned from
+// tar.FileInfoHeader in the following ways. The Uname and Gname fields are not
+// set as OS lookups would be required to populate them. The AccessTime and
+// ChangeTime fields are not currently set (not yet implemented) although that
+// is subject to change. Callers which require the AccessTime or ChangeTime
+// fields to be zeroed should explicitly zero them out in the returned Header
+// value to avoid any compatibility issues in the future.
+//
+// From https://github.com/moby/moby/blob/v23.0.1/pkg/archive/archive.go#L439-L464 .
+func FileInfoHeaderNoLookups(fi os.FileInfo, link string) (*tar.Header, error) {
+ hdr, err := tar.FileInfoHeader(nosysFileInfo{fi}, link)
+ if err != nil {
+ return nil, err
+ }
+ if sysStat != nil {
+ return hdr, sysStat(fi, hdr)
+ }
+ return hdr, nil
+}
diff --git a/archive/tarheader/tarheader_unix.go b/archive/tarheader/tarheader_unix.go
new file mode 100644
index 0000000..98ad8f9
--- /dev/null
+++ b/archive/tarheader/tarheader_unix.go
@@ -0,0 +1,59 @@
+//go:build !windows
+
+/*
+ Copyright The containerd Authors.
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+*/
+
+/*
+ Portions from https://github.com/moby/moby/blob/v23.0.1/pkg/archive/archive_unix.go#L52-L70
+ Copyright (C) Docker/Moby authors.
+ Licensed under the Apache License, Version 2.0
+ NOTICE: https://github.com/moby/moby/blob/v23.0.1/NOTICE
+*/
+
+package tarheader
+
+import (
+ "archive/tar"
+ "os"
+ "syscall"
+
+ "golang.org/x/sys/unix"
+)
+
+func init() {
+ sysStat = statUnix
+}
+
+// statUnix populates hdr from system-dependent fields of fi without performing
+// any OS lookups.
+// From https://github.com/moby/moby/blob/v23.0.1/pkg/archive/archive_unix.go#L52-L70
+func statUnix(fi os.FileInfo, hdr *tar.Header) error {
+ s, ok := fi.Sys().(*syscall.Stat_t)
+ if !ok {
+ return nil
+ }
+
+ hdr.Uid = int(s.Uid)
+ hdr.Gid = int(s.Gid)
+
+ if s.Mode&unix.S_IFBLK != 0 ||
+ s.Mode&unix.S_IFCHR != 0 {
+ hdr.Devmajor = int64(unix.Major(uint64(s.Rdev)))
+ hdr.Devminor = int64(unix.Minor(uint64(s.Rdev)))
+ }
+
+ return nil
+}
diff --git a/archive/time_unix.go b/archive/time_unix.go
index e05ca71..043e374 100644
--- a/archive/time_unix.go
+++ b/archive/time_unix.go
@@ -1,3 +1,4 @@
+//go:build !windows
// +build !windows
/*
@@ -19,11 +20,10 @@
package archive
import (
+ "fmt"
"time"
"golang.org/x/sys/unix"
-
- "github.com/pkg/errors"
)
func chtimes(path string, atime, mtime time.Time) error {
@@ -32,7 +32,7 @@ func chtimes(path string, atime, mtime time.Time) error {
utimes[1] = unix.NsecToTimespec(mtime.UnixNano())
if err := unix.UtimesNanoAt(unix.AT_FDCWD, path, utimes[0:], unix.AT_SYMLINK_NOFOLLOW); err != nil {
- return errors.Wrapf(err, "failed call to UtimesNanoAt for %s", path)
+ return fmt.Errorf("failed call to UtimesNanoAt for %s: %w", path, err)
}
return nil
diff --git a/cio/io_test.go b/cio/io_test.go
index 3f4ceb9..3df46a7 100644
--- a/cio/io_test.go
+++ b/cio/io_test.go
@@ -1,3 +1,4 @@
+//go:build !windows
// +build !windows
/*
@@ -22,7 +23,6 @@ import (
"bytes"
"context"
"io"
- "io/ioutil"
"net/url"
"os"
"path/filepath"
@@ -49,9 +49,7 @@ func TestNewFIFOSetInDir(t *testing.T) {
t.Skip("NewFIFOSetInDir has different behaviour on windows")
}
- root, err := ioutil.TempDir("", "test-new-fifo-set")
- assert.NilError(t, err)
- defer os.RemoveAll(root)
+ root := t.TempDir()
fifos, err := NewFIFOSetInDir(root, "theid", true)
assert.NilError(t, err)
@@ -68,12 +66,12 @@ func TestNewFIFOSetInDir(t *testing.T) {
}
assert.Assert(t, is.DeepEqual(fifos, expected, cmpFIFOSet))
- files, err := ioutil.ReadDir(root)
+ files, err := os.ReadDir(root)
assert.NilError(t, err)
assert.Check(t, is.Len(files, 1))
assert.NilError(t, fifos.Close())
- files, err = ioutil.ReadDir(root)
+ files, err = os.ReadDir(root)
assert.NilError(t, err)
assert.Check(t, is.Len(files, 0))
}
@@ -101,19 +99,19 @@ func TestNewAttach(t *testing.T) {
fifos, err := NewFIFOSetInDir("", "theid", false)
assert.NilError(t, err)
- io, err := attacher(fifos)
+ attachedFifos, err := attacher(fifos)
assert.NilError(t, err)
- defer io.Close()
+ defer attachedFifos.Close()
- producers := setupFIFOProducers(t, io.Config())
+ producers := setupFIFOProducers(t, attachedFifos.Config())
initProducers(t, producers, expectedStdout, expectedStderr)
- actualStdin, err := ioutil.ReadAll(producers.Stdin)
+ actualStdin, err := io.ReadAll(producers.Stdin)
assert.NilError(t, err)
- io.Wait()
- io.Cancel()
- assert.NilError(t, io.Close())
+ attachedFifos.Wait()
+ attachedFifos.Cancel()
+ assert.NilError(t, attachedFifos.Close())
assert.Check(t, is.Equal(expectedStdout, stdout.String()))
assert.Check(t, is.Equal(expectedStderr, stderr.String()))
diff --git a/cio/io_unix.go b/cio/io_unix.go
index 8b60067..5606cc8 100644
--- a/cio/io_unix.go
+++ b/cio/io_unix.go
@@ -1,3 +1,4 @@
+//go:build !windows
// +build !windows
/*
@@ -20,15 +21,14 @@ package cio
import (
"context"
+ "fmt"
"io"
- "io/ioutil"
"os"
"path/filepath"
"sync"
"syscall"
"github.com/containerd/fifo"
- "github.com/pkg/errors"
)
// NewFIFOSetInDir returns a new FIFOSet with paths in a temporary directory under root
@@ -38,7 +38,7 @@ func NewFIFOSetInDir(root, id string, terminal bool) (*FIFOSet, error) {
return nil, err
}
}
- dir, err := ioutil.TempDir(root, "")
+ dir, err := os.MkdirTemp(root, "")
if err != nil {
return nil, err
}
@@ -112,7 +112,7 @@ func openFifos(ctx context.Context, fifos *FIFOSet) (f pipes, retErr error) {
if fifos.Stdin != "" {
if f.Stdin, retErr = fifo.OpenFifo(ctx, fifos.Stdin, syscall.O_WRONLY|syscall.O_CREAT|syscall.O_NONBLOCK, 0700); retErr != nil {
- return f, errors.Wrapf(retErr, "failed to open stdin fifo")
+ return f, fmt.Errorf("failed to open stdin fifo: %w", retErr)
}
defer func() {
if retErr != nil && f.Stdin != nil {
@@ -122,7 +122,7 @@ func openFifos(ctx context.Context, fifos *FIFOSet) (f pipes, retErr error) {
}
if fifos.Stdout != "" {
if f.Stdout, retErr = fifo.OpenFifo(ctx, fifos.Stdout, syscall.O_RDONLY|syscall.O_CREAT|syscall.O_NONBLOCK, 0700); retErr != nil {
- return f, errors.Wrapf(retErr, "failed to open stdout fifo")
+ return f, fmt.Errorf("failed to open stdout fifo: %w", retErr)
}
defer func() {
if retErr != nil && f.Stdout != nil {
@@ -132,7 +132,7 @@ func openFifos(ctx context.Context, fifos *FIFOSet) (f pipes, retErr error) {
}
if !fifos.Terminal && fifos.Stderr != "" {
if f.Stderr, retErr = fifo.OpenFifo(ctx, fifos.Stderr, syscall.O_RDONLY|syscall.O_CREAT|syscall.O_NONBLOCK, 0700); retErr != nil {
- return f, errors.Wrapf(retErr, "failed to open stderr fifo")
+ return f, fmt.Errorf("failed to open stderr fifo: %w", retErr)
}
}
return f, nil
diff --git a/cio/io_unix_test.go b/cio/io_unix_test.go
index 6e0a9fc..d4e0a70 100644
--- a/cio/io_unix_test.go
+++ b/cio/io_unix_test.go
@@ -1,3 +1,4 @@
+//go:build !windows
// +build !windows
/*
@@ -20,9 +21,6 @@ package cio
import (
"context"
- "fmt"
- "io/ioutil"
- "os"
"path/filepath"
"testing"
@@ -65,11 +63,7 @@ func TestOpenFifosWithTerminal(t *testing.T) {
var ctx, cancel = context.WithCancel(context.Background())
defer cancel()
- ioFifoDir, err := ioutil.TempDir("", fmt.Sprintf("cio-%s", t.Name()))
- if err != nil {
- t.Fatalf("unexpected error during creating temp dir: %v", err)
- }
- defer os.RemoveAll(ioFifoDir)
+ ioFifoDir := t.TempDir()
cfg := Config{
Stdout: filepath.Join(ioFifoDir, "test-stdout"),
diff --git a/cio/io_windows.go b/cio/io_windows.go
index ded4757..f3d736a 100644
--- a/cio/io_windows.go
+++ b/cio/io_windows.go
@@ -23,7 +23,6 @@ import (
winio "github.com/Microsoft/go-winio"
"github.com/containerd/containerd/log"
- "github.com/pkg/errors"
)
const pipeRoot = `\\.\pipe`
@@ -54,7 +53,7 @@ func copyIO(fifos *FIFOSet, ioset *Streams) (_ *cio, retErr error) {
if fifos.Stdin != "" {
l, err := winio.ListenPipe(fifos.Stdin, nil)
if err != nil {
- return nil, errors.Wrapf(err, "failed to create stdin pipe %s", fifos.Stdin)
+ return nil, fmt.Errorf("failed to create stdin pipe %s: %w", fifos.Stdin, err)
}
cios.closers = append(cios.closers, l)
@@ -77,7 +76,7 @@ func copyIO(fifos *FIFOSet, ioset *Streams) (_ *cio, retErr error) {
if fifos.Stdout != "" {
l, err := winio.ListenPipe(fifos.Stdout, nil)
if err != nil {
- return nil, errors.Wrapf(err, "failed to create stdout pipe %s", fifos.Stdout)
+ return nil, fmt.Errorf("failed to create stdout pipe %s: %w", fifos.Stdout, err)
}
cios.closers = append(cios.closers, l)
@@ -100,7 +99,7 @@ func copyIO(fifos *FIFOSet, ioset *Streams) (_ *cio, retErr error) {
if fifos.Stderr != "" {
l, err := winio.ListenPipe(fifos.Stderr, nil)
if err != nil {
- return nil, errors.Wrapf(err, "failed to create stderr pipe %s", fifos.Stderr)
+ return nil, fmt.Errorf("failed to create stderr pipe %s: %w", fifos.Stderr, err)
}
cios.closers = append(cios.closers, l)
diff --git a/cio/io_windows_test.go b/cio/io_windows_test.go
index 92fa1ff..e34457d 100644
--- a/cio/io_windows_test.go
+++ b/cio/io_windows_test.go
@@ -1,5 +1,3 @@
-// +build windows
-
/*
Copyright The containerd Authors.
diff --git a/client.go b/client.go
index ace9bf6..1c2202e 100644
--- a/client.go
+++ b/client.go
@@ -21,7 +21,6 @@ import (
"context"
"encoding/json"
"fmt"
- "net/http"
"runtime"
"strconv"
"strings"
@@ -62,10 +61,10 @@ import (
ptypes "github.com/gogo/protobuf/types"
ocispec "github.com/opencontainers/image-spec/specs-go/v1"
specs "github.com/opencontainers/runtime-spec/specs-go"
- "github.com/pkg/errors"
"golang.org/x/sync/semaphore"
"google.golang.org/grpc"
"google.golang.org/grpc/backoff"
+ "google.golang.org/grpc/credentials/insecure"
"google.golang.org/grpc/health/grpc_health_v1"
)
@@ -119,31 +118,33 @@ func New(address string, opts ...ClientOpt) (*Client, error) {
}
gopts := []grpc.DialOption{
grpc.WithBlock(),
- grpc.WithInsecure(),
+ grpc.WithTransportCredentials(insecure.NewCredentials()),
grpc.FailOnNonTempDialError(true),
grpc.WithConnectParams(connParams),
grpc.WithContextDialer(dialer.ContextDialer),
-
- // TODO(stevvooe): We may need to allow configuration of this on the client.
- grpc.WithDefaultCallOptions(grpc.MaxCallRecvMsgSize(defaults.DefaultMaxRecvMsgSize)),
- grpc.WithDefaultCallOptions(grpc.MaxCallSendMsgSize(defaults.DefaultMaxSendMsgSize)),
+ grpc.WithReturnConnectionError(),
}
if len(copts.dialOptions) > 0 {
gopts = copts.dialOptions
}
+ gopts = append(gopts, grpc.WithDefaultCallOptions(
+ grpc.MaxCallRecvMsgSize(defaults.DefaultMaxRecvMsgSize),
+ grpc.MaxCallSendMsgSize(defaults.DefaultMaxSendMsgSize)))
+ if len(copts.callOptions) > 0 {
+ gopts = append(gopts, grpc.WithDefaultCallOptions(copts.callOptions...))
+ }
if copts.defaultns != "" {
unary, stream := newNSInterceptors(copts.defaultns)
- gopts = append(gopts,
- grpc.WithUnaryInterceptor(unary),
- grpc.WithStreamInterceptor(stream),
- )
+ gopts = append(gopts, grpc.WithChainUnaryInterceptor(unary))
+ gopts = append(gopts, grpc.WithChainStreamInterceptor(stream))
}
+
connector := func() (*grpc.ClientConn, error) {
ctx, cancel := context.WithTimeout(context.Background(), copts.timeout)
defer cancel()
conn, err := grpc.DialContext(ctx, dialer.DialAddress(address), gopts...)
if err != nil {
- return nil, errors.Wrapf(err, "failed to dial %q", address)
+ return nil, fmt.Errorf("failed to dial %q: %w", address, err)
}
return conn, nil
}
@@ -154,7 +155,7 @@ func New(address string, opts ...ClientOpt) (*Client, error) {
c.conn, c.connector = conn, connector
}
if copts.services == nil && c.conn == nil {
- return nil, errors.Wrap(errdefs.ErrUnavailable, "no grpc connection or services is available")
+ return nil, fmt.Errorf("no grpc connection or services is available: %w", errdefs.ErrUnavailable)
}
// check namespace labels for default runtime
@@ -214,7 +215,7 @@ type Client struct {
// Reconnect re-establishes the GRPC connection to the containerd daemon
func (c *Client) Reconnect() error {
if c.connector == nil {
- return errors.Wrap(errdefs.ErrUnavailable, "unable to reconnect to containerd, no connector available")
+ return fmt.Errorf("unable to reconnect to containerd, no connector available: %w", errdefs.ErrUnavailable)
}
c.connMu.Lock()
defer c.connMu.Unlock()
@@ -242,7 +243,7 @@ func (c *Client) IsServing(ctx context.Context) (bool, error) {
c.connMu.Lock()
if c.conn == nil {
c.connMu.Unlock()
- return false, errors.Wrap(errdefs.ErrUnavailable, "no grpc connection available")
+ return false, fmt.Errorf("no grpc connection available: %w", errdefs.ErrUnavailable)
}
c.connMu.Unlock()
r, err := c.HealthService().Check(ctx, &grpc_health_v1.HealthCheckRequest{}, grpc.WaitForReady(true))
@@ -265,8 +266,8 @@ func (c *Client) Containers(ctx context.Context, filters ...string) ([]Container
return out, nil
}
-// NewContainer will create a new container in container with the provided id
-// the id must be unique within the namespace
+// NewContainer will create a new container with the provided id.
+// The id must be unique within the namespace.
func (c *Client) NewContainer(ctx context.Context, id string, opts ...NewContainerOpts) (Container, error) {
ctx, done, err := c.WithLease(ctx)
if err != nil {
@@ -369,9 +370,7 @@ type RemoteContext struct {
func defaultRemoteContext() *RemoteContext {
return &RemoteContext{
- Resolver: docker.NewResolver(docker.ResolverOptions{
- Client: http.DefaultClient,
- }),
+ Resolver: docker.NewResolver(docker.ResolverOptions{}),
}
}
@@ -386,7 +385,7 @@ func (c *Client) Fetch(ctx context.Context, ref string, opts ...RemoteOpt) (imag
}
if fetchCtx.Unpack {
- return images.Image{}, errors.Wrap(errdefs.ErrNotImplemented, "unpack on fetch not supported, try pull")
+ return images.Image{}, fmt.Errorf("unpack on fetch not supported, try pull: %w", errdefs.ErrNotImplemented)
}
if fetchCtx.PlatformMatcher == nil {
@@ -397,7 +396,7 @@ func (c *Client) Fetch(ctx context.Context, ref string, opts ...RemoteOpt) (imag
for _, s := range fetchCtx.Platforms {
p, err := platforms.Parse(s)
if err != nil {
- return images.Image{}, errors.Wrapf(err, "invalid platform %s", s)
+ return images.Image{}, fmt.Errorf("invalid platform %s: %w", s, err)
}
ps = append(ps, p)
}
@@ -433,7 +432,7 @@ func (c *Client) Push(ctx context.Context, ref string, desc ocispec.Descriptor,
for _, platform := range pushCtx.Platforms {
p, err := platforms.Parse(platform)
if err != nil {
- return errors.Wrapf(err, "invalid platform %s", platform)
+ return fmt.Errorf("invalid platform %s: %w", platform, err)
}
ps = append(ps, p)
}
@@ -716,7 +715,7 @@ func (c *Client) Version(ctx context.Context) (Version, error) {
c.connMu.Lock()
if c.conn == nil {
c.connMu.Unlock()
- return Version{}, errors.Wrap(errdefs.ErrUnavailable, "no grpc connection available")
+ return Version{}, fmt.Errorf("no grpc connection available: %w", errdefs.ErrUnavailable)
}
c.connMu.Unlock()
response, err := c.VersionService().Version(ctx, &ptypes.Empty{})
@@ -739,7 +738,7 @@ func (c *Client) Server(ctx context.Context) (ServerInfo, error) {
c.connMu.Lock()
if c.conn == nil {
c.connMu.Unlock()
- return ServerInfo{}, errors.Wrap(errdefs.ErrUnavailable, "no grpc connection available")
+ return ServerInfo{}, fmt.Errorf("no grpc connection available: %w", errdefs.ErrUnavailable)
}
c.connMu.Unlock()
@@ -777,7 +776,7 @@ func (c *Client) getSnapshotter(ctx context.Context, name string) (snapshots.Sna
s := c.SnapshotService(name)
if s == nil {
- return nil, errors.Wrapf(errdefs.ErrNotFound, "snapshotter %s was not found", name)
+ return nil, fmt.Errorf("snapshotter %s was not found: %w", name, errdefs.ErrNotFound)
}
return s, nil
diff --git a/client_opts.go b/client_opts.go
index 44feaa3..2ef7575 100644
--- a/client_opts.go
+++ b/client_opts.go
@@ -34,6 +34,7 @@ type clientOpts struct {
defaultPlatform platforms.MatchComparer
services *services
dialOptions []grpc.DialOption
+ callOptions []grpc.CallOption
timeout time.Duration
}
@@ -75,6 +76,14 @@ func WithDialOpts(opts []grpc.DialOption) ClientOpt {
}
}
+// WithCallOpts allows grpc.CallOptions to be set on the connection
+func WithCallOpts(opts []grpc.CallOption) ClientOpt {
+ return func(c *clientOpts) error {
+ c.callOptions = opts
+ return nil
+ }
+}
+
// WithServices sets services used by the client.
func WithServices(opts ...ServicesOpt) ClientOpt {
return func(c *clientOpts) error {
diff --git a/cmd/containerd-shim-runc-v1/main.go b/cmd/containerd-shim-runc-v1/main.go
index 1b1b106..9db5092 100644
--- a/cmd/containerd-shim-runc-v1/main.go
+++ b/cmd/containerd-shim-runc-v1/main.go
@@ -1,3 +1,4 @@
+//go:build linux
// +build linux
/*
diff --git a/cmd/containerd-shim-runc-v2/main.go b/cmd/containerd-shim-runc-v2/main.go
index 4f5d804..c94942e 100644
--- a/cmd/containerd-shim-runc-v2/main.go
+++ b/cmd/containerd-shim-runc-v2/main.go
@@ -1,3 +1,4 @@
+//go:build linux
// +build linux
/*
@@ -19,10 +20,13 @@
package main
import (
- v2 "github.com/containerd/containerd/runtime/v2/runc/v2"
+ "context"
+
+ "github.com/containerd/containerd/runtime/v2/runc/manager"
+ _ "github.com/containerd/containerd/runtime/v2/runc/task/plugin"
"github.com/containerd/containerd/runtime/v2/shim"
)
func main() {
- shim.Run("io.containerd.runc.v2", v2.New)
+ shim.RunManager(context.Background(), manager.NewShimManager("io.containerd.runc.v2"))
}
diff --git a/cmd/containerd-shim/main_unix.go b/cmd/containerd-shim/main_unix.go
index a778f0a..024611b 100644
--- a/cmd/containerd-shim/main_unix.go
+++ b/cmd/containerd-shim/main_unix.go
@@ -1,3 +1,4 @@
+//go:build !windows
// +build !windows
/*
@@ -26,7 +27,6 @@ import (
"io"
"net"
"os"
- "os/exec"
"os/signal"
"runtime"
"runtime/debug"
@@ -45,8 +45,8 @@ import (
"github.com/containerd/ttrpc"
"github.com/containerd/typeurl"
ptypes "github.com/gogo/protobuf/types"
- "github.com/pkg/errors"
"github.com/sirupsen/logrus"
+ exec "golang.org/x/sys/execabs"
"golang.org/x/sys/unix"
)
@@ -153,7 +153,7 @@ func executeShim() error {
}
server, err := newServer()
if err != nil {
- return errors.Wrap(err, "failed creating server")
+ return fmt.Errorf("failed creating server: %w", err)
}
sv, err := shim.NewService(
shim.Config{
@@ -211,7 +211,7 @@ func serve(ctx context.Context, server *ttrpc.Server, path string) error {
p = abstractSocketPrefix + p
}
if len(p) > socketPathLimit {
- return errors.Errorf("%q: unix socket path too long (> %d)", p, socketPathLimit)
+ return fmt.Errorf("%q: unix socket path too long (> %d)", p, socketPathLimit)
}
l, err = net.Listen("unix", p)
}
@@ -307,12 +307,12 @@ func (l *remoteEventsPublisher) Publish(ctx context.Context, topic string, event
if err != nil {
return err
}
- status, err := reaper.Default.Wait(cmd, c)
+ status, err := reaper.Default.WaitTimeout(cmd, c, 30*time.Second)
if err != nil {
- return errors.Wrapf(err, "failed to publish event: %s", b.String())
+ return fmt.Errorf("failed to publish event: %s: %w", b.String(), err)
}
if status != 0 {
- return errors.Errorf("failed to publish event: %s", b.String())
+ return fmt.Errorf("failed to publish event: %s", b.String())
}
return nil
}
diff --git a/cmd/containerd-shim/shim_darwin.go b/cmd/containerd-shim/shim_darwin.go
index d6dc230..7d652da 100644
--- a/cmd/containerd-shim/shim_darwin.go
+++ b/cmd/containerd-shim/shim_darwin.go
@@ -1,5 +1,3 @@
-// +build darwin
-
/*
Copyright The containerd Authors.
diff --git a/cmd/containerd-shim/shim_freebsd.go b/cmd/containerd-shim/shim_freebsd.go
index 1fd8854..5cafaef 100644
--- a/cmd/containerd-shim/shim_freebsd.go
+++ b/cmd/containerd-shim/shim_freebsd.go
@@ -1,5 +1,3 @@
-// +build freebsd
-
/*
Copyright The containerd Authors.
diff --git a/cmd/containerd-stress/density.go b/cmd/containerd-stress/density.go
index 27b537d..8006a6d 100644
--- a/cmd/containerd-stress/density.go
+++ b/cmd/containerd-stress/density.go
@@ -21,7 +21,6 @@ import (
"context"
"encoding/json"
"fmt"
- "io/ioutil"
"os"
"os/signal"
"path/filepath"
@@ -53,6 +52,7 @@ var densityCommand = cli.Command{
Duration: cliContext.GlobalDuration("duration"),
Concurrency: cliContext.GlobalInt("concurrent"),
Exec: cliContext.GlobalBool("exec"),
+ Image: cliContext.GlobalString("image"),
JSON: cliContext.GlobalBool("json"),
Metrics: cliContext.GlobalString("metrics"),
Snapshotter: cliContext.GlobalString("snapshotter"),
@@ -66,8 +66,8 @@ var densityCommand = cli.Command{
if err := cleanup(ctx, client); err != nil {
return err
}
- logrus.Infof("pulling %s", imageName)
- image, err := client.Pull(ctx, imageName, containerd.WithPullUnpack, containerd.WithPullSnapshotter(config.Snapshotter))
+ logrus.Infof("pulling %s", config.Image)
+ image, err := client.Pull(ctx, config.Image, containerd.WithPullUnpack, containerd.WithPullSnapshotter(config.Snapshotter))
if err != nil {
return err
}
@@ -76,9 +76,6 @@ var densityCommand = cli.Command{
s := make(chan os.Signal, 1)
signal.Notify(s, syscall.SIGTERM, syscall.SIGINT)
- if err != nil {
- return err
- }
var (
pids []uint32
count = cliContext.Int("count")
@@ -172,7 +169,7 @@ func getMaps(pid int) (map[string]int, error) {
}
func getppid(pid int) (int, error) {
- bytes, err := ioutil.ReadFile(filepath.Join("/proc", strconv.Itoa(pid), "stat"))
+ bytes, err := os.ReadFile(filepath.Join("/proc", strconv.Itoa(pid), "stat"))
if err != nil {
return 0, err
}
diff --git a/cmd/containerd-stress/exec_worker.go b/cmd/containerd-stress/exec_worker.go
index 9810554..9b990d1 100644
--- a/cmd/containerd-stress/exec_worker.go
+++ b/cmd/containerd-stress/exec_worker.go
@@ -63,6 +63,12 @@ func (w *execWorker) exec(ctx, tctx context.Context) {
logrus.WithError(err).Error("wait exec container's task")
return
}
+
+ if err := task.Start(ctx); err != nil {
+ logrus.WithError(err).Error("exec container start failure")
+ return
+ }
+
spec, err := c.Spec(ctx)
if err != nil {
logrus.WithError(err).Error("failed to get spec")
diff --git a/cmd/containerd-stress/main.go b/cmd/containerd-stress/main.go
index 2706b82..1218b2a 100644
--- a/cmd/containerd-stress/main.go
+++ b/cmd/containerd-stress/main.go
@@ -36,8 +36,6 @@ import (
"github.com/urfave/cli"
)
-const imageName = "docker.io/library/alpine:latest"
-
var (
ct metrics.LabeledTimer
execTimer metrics.LabeledTimer
@@ -136,6 +134,11 @@ func main() {
Name: "exec",
Usage: "add execs to the stress tests",
},
+ cli.StringFlag{
+ Name: "image,i",
+ Value: "docker.io/library/alpine:latest",
+ Usage: "image to be utilized for testing",
+ },
cli.BoolFlag{
Name: "json,j",
Usage: "output results in json format",
@@ -173,6 +176,7 @@ func main() {
Duration: context.GlobalDuration("duration"),
Concurrency: context.GlobalInt("concurrent"),
Exec: context.GlobalBool("exec"),
+ Image: context.GlobalString("image"),
JSON: context.GlobalBool("json"),
Metrics: context.GlobalString("metrics"),
Runtime: context.GlobalString("runtime"),
@@ -194,6 +198,7 @@ type config struct {
Duration time.Duration
Address string
Exec bool
+ Image string
JSON bool
Metrics string
Runtime string
@@ -206,7 +211,12 @@ func (c config) newClient() (*containerd.Client, error) {
func serve(c config) error {
go func() {
- if err := http.ListenAndServe(c.Metrics, metrics.Handler()); err != nil {
+ srv := &http.Server{
+ Addr: c.Metrics,
+ Handler: metrics.Handler(),
+ ReadHeaderTimeout: 5 * time.Minute, // "G112: Potential Slowloris Attack (gosec)"; not a real concern for our use, so setting a long timeout.
+ }
+ if err := srv.ListenAndServe(); err != nil {
logrus.WithError(err).Error("listen and serve")
}
}()
@@ -228,8 +238,8 @@ func test(c config) error {
if err := cleanup(ctx, client); err != nil {
return err
}
- logrus.Infof("pulling %s", imageName)
- image, err := client.Pull(ctx, imageName, containerd.WithPullUnpack, containerd.WithPullSnapshotter(c.Snapshotter))
+ logrus.Infof("pulling %s", c.Image)
+ image, err := client.Pull(ctx, c.Image, containerd.WithPullUnpack, containerd.WithPullSnapshotter(c.Snapshotter))
if err != nil {
return err
}
diff --git a/cmd/containerd-stress/rlimit_freebsd.go b/cmd/containerd-stress/rlimit_freebsd.go
index a1b39de..92b299a 100644
--- a/cmd/containerd-stress/rlimit_freebsd.go
+++ b/cmd/containerd-stress/rlimit_freebsd.go
@@ -1,5 +1,3 @@
-// +build freebsd
-
/*
Copyright The containerd Authors.
diff --git a/cmd/containerd-stress/rlimit_unix.go b/cmd/containerd-stress/rlimit_unix.go
index 492f604..e8fa749 100644
--- a/cmd/containerd-stress/rlimit_unix.go
+++ b/cmd/containerd-stress/rlimit_unix.go
@@ -1,3 +1,4 @@
+//go:build !windows && !freebsd
// +build !windows,!freebsd
/*
diff --git a/cmd/containerd-stress/rlimit_windows.go b/cmd/containerd-stress/rlimit_windows.go
index 22678ad..d98ec36 100644
--- a/cmd/containerd-stress/rlimit_windows.go
+++ b/cmd/containerd-stress/rlimit_windows.go
@@ -1,5 +1,3 @@
-// +build windows
-
/*
Copyright The containerd Authors.
diff --git a/cmd/containerd/builtins.go b/cmd/containerd/builtins.go
index b120b60..8c6f1fe 100644
--- a/cmd/containerd/builtins.go
+++ b/cmd/containerd/builtins.go
@@ -19,8 +19,10 @@ package main
// register containerd builtins here
import (
_ "github.com/containerd/containerd/diff/walking/plugin"
+ _ "github.com/containerd/containerd/events/plugin"
_ "github.com/containerd/containerd/gc/scheduler"
_ "github.com/containerd/containerd/runtime/restart/monitor"
+ _ "github.com/containerd/containerd/runtime/v2"
_ "github.com/containerd/containerd/services/containers"
_ "github.com/containerd/containerd/services/content"
_ "github.com/containerd/containerd/services/diff"
@@ -34,4 +36,5 @@ import (
_ "github.com/containerd/containerd/services/snapshots"
_ "github.com/containerd/containerd/services/tasks"
_ "github.com/containerd/containerd/services/version"
+ _ "github.com/containerd/containerd/tracing/plugin"
)
diff --git a/cmd/containerd/builtins_aufs_linux.go b/cmd/containerd/builtins_aufs_linux.go
index b6a9773..f06e01f 100644
--- a/cmd/containerd/builtins_aufs_linux.go
+++ b/cmd/containerd/builtins_aufs_linux.go
@@ -1,3 +1,4 @@
+//go:build !no_aufs
// +build !no_aufs
/*
diff --git a/cmd/containerd/builtins_btrfs_linux.go b/cmd/containerd/builtins_btrfs_linux.go
index 7eb7095..a6b11ca 100644
--- a/cmd/containerd/builtins_btrfs_linux.go
+++ b/cmd/containerd/builtins_btrfs_linux.go
@@ -1,3 +1,4 @@
+//go:build !no_btrfs && cgo
// +build !no_btrfs,cgo
/*
diff --git a/cmd/containerd/builtins_cri.go b/cmd/containerd/builtins_cri.go
index 4d5129d..c2d2825 100644
--- a/cmd/containerd/builtins_cri.go
+++ b/cmd/containerd/builtins_cri.go
@@ -1,3 +1,4 @@
+//go:build (linux && !no_cri) || (windows && !no_cri)
// +build linux,!no_cri windows,!no_cri
/*
diff --git a/cmd/containerd/builtins_devmapper_linux.go b/cmd/containerd/builtins_devmapper_linux.go
index 2d22d8c..0c03624 100644
--- a/cmd/containerd/builtins_devmapper_linux.go
+++ b/cmd/containerd/builtins_devmapper_linux.go
@@ -1,3 +1,4 @@
+//go:build !no_devmapper
// +build !no_devmapper
/*
diff --git a/cmd/containerd/builtins_linux.go b/cmd/containerd/builtins_linux.go
index 6505144..bb0defd 100644
--- a/cmd/containerd/builtins_linux.go
+++ b/cmd/containerd/builtins_linux.go
@@ -20,7 +20,6 @@ import (
_ "github.com/containerd/containerd/metrics/cgroups"
_ "github.com/containerd/containerd/metrics/cgroups/v2"
_ "github.com/containerd/containerd/runtime/v1/linux"
- _ "github.com/containerd/containerd/runtime/v2"
_ "github.com/containerd/containerd/runtime/v2/runc/options"
_ "github.com/containerd/containerd/snapshots/native/plugin"
_ "github.com/containerd/containerd/snapshots/overlay/plugin"
diff --git a/cmd/containerd/builtins_unix.go b/cmd/containerd/builtins_unix.go
index 143b249..2e5c1fa 100644
--- a/cmd/containerd/builtins_unix.go
+++ b/cmd/containerd/builtins_unix.go
@@ -1,3 +1,4 @@
+//go:build darwin || freebsd || solaris
// +build darwin freebsd solaris
/*
diff --git a/cmd/containerd/builtins_windows.go b/cmd/containerd/builtins_windows.go
index 3fdea10..8861ca3 100644
--- a/cmd/containerd/builtins_windows.go
+++ b/cmd/containerd/builtins_windows.go
@@ -1,5 +1,3 @@
-// +build windows
-
/*
Copyright The containerd Authors.
@@ -21,7 +19,6 @@ package main
import (
_ "github.com/containerd/containerd/diff/lcow"
_ "github.com/containerd/containerd/diff/windows"
- _ "github.com/containerd/containerd/runtime/v2"
_ "github.com/containerd/containerd/snapshots/lcow"
_ "github.com/containerd/containerd/snapshots/windows"
)
diff --git a/cmd/containerd/builtins_zfs_linux.go b/cmd/containerd/builtins_zfs_linux.go
index 8bc26e5..bde126a 100644
--- a/cmd/containerd/builtins_zfs_linux.go
+++ b/cmd/containerd/builtins_zfs_linux.go
@@ -1,3 +1,4 @@
+//go:build !no_zfs
// +build !no_zfs
/*
diff --git a/cmd/containerd/command/config_unsupported.go b/cmd/containerd/command/config_unsupported.go
index 8dc92bc..3d935de 100644
--- a/cmd/containerd/command/config_unsupported.go
+++ b/cmd/containerd/command/config_unsupported.go
@@ -1,3 +1,4 @@
+//go:build !linux && !windows && !solaris
// +build !linux,!windows,!solaris
/*
diff --git a/cmd/containerd/command/main.go b/cmd/containerd/command/main.go
index ca6acfe..42a09dc 100644
--- a/cmd/containerd/command/main.go
+++ b/cmd/containerd/command/main.go
@@ -19,7 +19,7 @@ package command
import (
gocontext "context"
"fmt"
- "io/ioutil"
+ "io"
"net"
"os"
"os/signal"
@@ -30,12 +30,13 @@ import (
"github.com/containerd/containerd/defaults"
"github.com/containerd/containerd/errdefs"
"github.com/containerd/containerd/log"
+ _ "github.com/containerd/containerd/metrics" // import containerd build info
"github.com/containerd/containerd/mount"
"github.com/containerd/containerd/services/server"
srvconfig "github.com/containerd/containerd/services/server/config"
"github.com/containerd/containerd/sys"
+ "github.com/containerd/containerd/tracing"
"github.com/containerd/containerd/version"
- "github.com/pkg/errors"
"github.com/sirupsen/logrus"
"github.com/urfave/cli"
"google.golang.org/grpc/grpclog"
@@ -53,7 +54,7 @@ high performance container runtime
func init() {
// Discard grpc logs so that they don't mess with our stdio
- grpclog.SetLoggerV2(grpclog.NewLoggerV2(ioutil.Discard, ioutil.Discard, ioutil.Discard))
+ grpclog.SetLoggerV2(grpclog.NewLoggerV2(io.Discard, io.Discard, io.Discard))
cli.VersionPrinter = func(c *cli.Context) {
fmt.Println(c.App.Name, version.Package, c.App.Version, version.Revision)
@@ -108,13 +109,15 @@ can be used and modified as necessary as a custom configuration.`
}
app.Action = func(context *cli.Context) error {
var (
- start = time.Now()
- signals = make(chan os.Signal, 2048)
- serverC = make(chan *server.Server, 1)
- ctx = gocontext.Background()
- config = defaultConfig()
+ start = time.Now()
+ signals = make(chan os.Signal, 2048)
+ serverC = make(chan *server.Server, 1)
+ ctx, cancel = gocontext.WithCancel(gocontext.Background())
+ config = defaultConfig()
)
+ defer cancel()
+
// Only try to load the config if it either exists, or the user explicitly
// told us to load this path.
configPath := context.GlobalString("config")
@@ -138,20 +141,20 @@ can be used and modified as necessary as a custom configuration.`
// Stop if we are registering or unregistering against Windows SCM.
stop, err := registerUnregisterService(config.Root)
if err != nil {
- logrus.Fatal(err)
+ log.L.Fatal(err)
}
if stop {
return nil
}
- done := handleSignals(ctx, signals, serverC)
+ done := handleSignals(ctx, signals, serverC, cancel)
// start the signal handler as soon as we can to make sure that
// we don't miss any signals during boot
signal.Notify(signals, handledSignals...)
// cleanup temp mounts
if err := mount.SetTempMountLocation(filepath.Join(config.Root, "tmpmounts")); err != nil {
- return errors.Wrap(err, "creating temp mount location")
+ return fmt.Errorf("creating temp mount location: %w", err)
}
// unmount all temp mounts on boot for the server
warnings, err := mount.CleanupTempMounts(0)
@@ -163,7 +166,7 @@ can be used and modified as necessary as a custom configuration.`
}
if config.GRPC.Address == "" {
- return errors.Wrap(errdefs.ErrInvalidArgument, "grpc address cannot be empty")
+ return fmt.Errorf("grpc address cannot be empty: %w", errdefs.ErrInvalidArgument)
}
if config.TTRPC.Address == "" {
// If TTRPC was not explicitly configured, use defaults based on GRPC.
@@ -176,27 +179,66 @@ can be used and modified as necessary as a custom configuration.`
"revision": version.Revision,
}).Info("starting containerd")
- server, err := server.New(ctx, config)
- if err != nil {
- return err
+ type srvResp struct {
+ s *server.Server
+ err error
}
- // Launch as a Windows Service if necessary
- if err := launchService(server, done); err != nil {
- logrus.Fatal(err)
+ // run server initialization in a goroutine so we don't end up blocking important things like SIGTERM handling
+ // while the server is initializing.
+ // As an example opening the bolt database will block forever if another containerd is already running and containerd
+ // will have to be `kill -9`'ed to recover.
+ chsrv := make(chan srvResp)
+ go func() {
+ defer close(chsrv)
+
+ server, err := server.New(ctx, config)
+ if err != nil {
+ select {
+ case chsrv <- srvResp{err: err}:
+ case <-ctx.Done():
+ }
+ return
+ }
+
+ // Launch as a Windows Service if necessary
+ if err := launchService(server, done); err != nil {
+ log.L.Fatal(err)
+ }
+ select {
+ case <-ctx.Done():
+ server.Stop()
+ case chsrv <- srvResp{s: server}:
+ }
+ }()
+
+ var server *server.Server
+ select {
+ case <-ctx.Done():
+ return ctx.Err()
+ case r := <-chsrv:
+ if r.err != nil {
+ return r.err
+ }
+ server = r.s
}
- serverC <- server
+ // We don't send the server down serverC directly in the goroutine above because we need it lower down.
+ select {
+ case <-ctx.Done():
+ return ctx.Err()
+ case serverC <- server:
+ }
if config.Debug.Address != "" {
var l net.Listener
if isLocalAddress(config.Debug.Address) {
if l, err = sys.GetLocalListener(config.Debug.Address, config.Debug.UID, config.Debug.GID); err != nil {
- return errors.Wrapf(err, "failed to get listener for debug endpoint")
+ return fmt.Errorf("failed to get listener for debug endpoint: %w", err)
}
} else {
if l, err = net.Listen("tcp", config.Debug.Address); err != nil {
- return errors.Wrapf(err, "failed to get listener for debug endpoint")
+ return fmt.Errorf("failed to get listener for debug endpoint: %w", err)
}
}
serve(ctx, l, server.ServeDebug)
@@ -204,37 +246,46 @@ can be used and modified as necessary as a custom configuration.`
if config.Metrics.Address != "" {
l, err := net.Listen("tcp", config.Metrics.Address)
if err != nil {
- return errors.Wrapf(err, "failed to get listener for metrics endpoint")
+ return fmt.Errorf("failed to get listener for metrics endpoint: %w", err)
}
serve(ctx, l, server.ServeMetrics)
}
// setup the ttrpc endpoint
tl, err := sys.GetLocalListener(config.TTRPC.Address, config.TTRPC.UID, config.TTRPC.GID)
if err != nil {
- return errors.Wrapf(err, "failed to get listener for main ttrpc endpoint")
+ return fmt.Errorf("failed to get listener for main ttrpc endpoint: %w", err)
}
serve(ctx, tl, server.ServeTTRPC)
if config.GRPC.TCPAddress != "" {
l, err := net.Listen("tcp", config.GRPC.TCPAddress)
if err != nil {
- return errors.Wrapf(err, "failed to get listener for TCP grpc endpoint")
+ return fmt.Errorf("failed to get listener for TCP grpc endpoint: %w", err)
}
serve(ctx, l, server.ServeTCP)
}
// setup the main grpc endpoint
l, err := sys.GetLocalListener(config.GRPC.Address, config.GRPC.UID, config.GRPC.GID)
if err != nil {
- return errors.Wrapf(err, "failed to get listener for main endpoint")
+ return fmt.Errorf("failed to get listener for main endpoint: %w", err)
}
serve(ctx, l, server.ServeGRPC)
- if err := notifyReady(ctx); err != nil {
- log.G(ctx).WithError(err).Warn("notify ready failed")
- }
+ readyC := make(chan struct{})
+ go func() {
+ server.Wait()
+ close(readyC)
+ }()
- log.G(ctx).Infof("containerd successfully booted in %fs", time.Since(start).Seconds())
- <-done
+ select {
+ case <-readyC:
+ if err := notifyReady(ctx); err != nil {
+ log.G(ctx).WithError(err).Warn("notify ready failed")
+ }
+ log.G(ctx).Infof("containerd successfully booted in %fs", time.Since(start).Seconds())
+ <-done
+ case <-done:
+ }
return nil
}
return app
@@ -260,6 +311,8 @@ func applyFlags(context *cli.Context, config *srvconfig.Config) error {
if err := setLogFormat(config); err != nil {
return err
}
+ setLogHooks()
+
for _, v := range []struct {
name string
d *string
@@ -293,36 +346,22 @@ func setLogLevel(context *cli.Context, config *srvconfig.Config) error {
l = config.Debug.Level
}
if l != "" {
- lvl, err := logrus.ParseLevel(l)
- if err != nil {
- return err
- }
- logrus.SetLevel(lvl)
+ return log.SetLevel(l)
}
return nil
}
func setLogFormat(config *srvconfig.Config) error {
- f := config.Debug.Format
+ f := log.OutputFormat(config.Debug.Format)
if f == "" {
f = log.TextFormat
}
- switch f {
- case log.TextFormat:
- logrus.SetFormatter(&logrus.TextFormatter{
- TimestampFormat: log.RFC3339NanoFixed,
- FullTimestamp: true,
- })
- case log.JSONFormat:
- logrus.SetFormatter(&logrus.JSONFormatter{
- TimestampFormat: log.RFC3339NanoFixed,
- })
- default:
- return errors.Errorf("unknown log format: %s", f)
- }
+ return log.SetFormat(f)
+}
- return nil
+func setLogHooks() {
+ logrus.StandardLogger().AddHook(tracing.NewLogrusHook())
}
func dumpStacks(writeToFile bool) {
@@ -337,7 +376,7 @@ func dumpStacks(writeToFile bool) {
bufferLen *= 2
}
buf = buf[:stackSize]
- logrus.Infof("=== BEGIN goroutine stack dump ===\n%s\n=== END goroutine stack dump ===", buf)
+ log.L.Infof("=== BEGIN goroutine stack dump ===\n%s\n=== END goroutine stack dump ===", buf)
if writeToFile {
// Also write to file to aid gathering diagnostics
@@ -348,6 +387,6 @@ func dumpStacks(writeToFile bool) {
}
defer f.Close()
f.WriteString(string(buf))
- logrus.Infof("goroutine stack dump written to %s", name)
+ log.L.Infof("goroutine stack dump written to %s", name)
}
}
diff --git a/cmd/containerd/command/main_unix.go b/cmd/containerd/command/main_unix.go
index 98fd698..e81de63 100644
--- a/cmd/containerd/command/main_unix.go
+++ b/cmd/containerd/command/main_unix.go
@@ -1,3 +1,4 @@
+//go:build linux || darwin || freebsd || solaris
// +build linux darwin freebsd solaris
/*
@@ -35,7 +36,7 @@ var handledSignals = []os.Signal{
unix.SIGPIPE,
}
-func handleSignals(ctx context.Context, signals chan os.Signal, serverC chan *server.Server) chan struct{} {
+func handleSignals(ctx context.Context, signals chan os.Signal, serverC chan *server.Server, cancel func()) chan struct{} {
done := make(chan struct{}, 1)
go func() {
var server *server.Server
@@ -60,11 +61,10 @@ func handleSignals(ctx context.Context, signals chan os.Signal, serverC chan *se
log.G(ctx).WithError(err).Error("notify stopping failed")
}
- if server == nil {
- close(done)
- return
+ cancel()
+ if server != nil {
+ server.Stop()
}
- server.Stop()
close(done)
return
}
diff --git a/cmd/containerd/command/main_windows.go b/cmd/containerd/command/main_windows.go
index 1803e18..6027035 100644
--- a/cmd/containerd/command/main_windows.go
+++ b/cmd/containerd/command/main_windows.go
@@ -39,7 +39,7 @@ var (
}
)
-func handleSignals(ctx context.Context, signals chan os.Signal, serverC chan *server.Server) chan struct{} {
+func handleSignals(ctx context.Context, signals chan os.Signal, serverC chan *server.Server, cancel func()) chan struct{} {
done := make(chan struct{})
go func() {
var server *server.Server
@@ -54,12 +54,12 @@ func handleSignals(ctx context.Context, signals chan os.Signal, serverC chan *se
log.G(ctx).WithError(err).Error("notify stopping failed")
}
- if server == nil {
- close(done)
- return
+ cancel()
+ if server != nil {
+ server.Stop()
}
- server.Stop()
close(done)
+ return
}
}
}()
diff --git a/cmd/containerd/command/notify_linux.go b/cmd/containerd/command/notify_linux.go
index be3d580..f97a1d3 100644
--- a/cmd/containerd/command/notify_linux.go
+++ b/cmd/containerd/command/notify_linux.go
@@ -1,5 +1,3 @@
-// +build linux
-
/*
Copyright The containerd Authors.
diff --git a/cmd/containerd/command/notify_unsupported.go b/cmd/containerd/command/notify_unsupported.go
index 3a05137..76b3f85 100644
--- a/cmd/containerd/command/notify_unsupported.go
+++ b/cmd/containerd/command/notify_unsupported.go
@@ -1,3 +1,4 @@
+//go:build !linux
// +build !linux
/*
diff --git a/cmd/containerd/command/publish.go b/cmd/containerd/command/publish.go
index 82e75f3..b18f19f 100644
--- a/cmd/containerd/command/publish.go
+++ b/cmd/containerd/command/publish.go
@@ -18,8 +18,8 @@ package command
import (
gocontext "context"
+ "fmt"
"io"
- "io/ioutil"
"net"
"os"
"time"
@@ -29,10 +29,10 @@ import (
"github.com/containerd/containerd/namespaces"
"github.com/containerd/containerd/pkg/dialer"
"github.com/gogo/protobuf/types"
- "github.com/pkg/errors"
"github.com/urfave/cli"
"google.golang.org/grpc"
"google.golang.org/grpc/backoff"
+ "google.golang.org/grpc/credentials/insecure"
)
var publishCommand = cli.Command{
@@ -52,7 +52,7 @@ var publishCommand = cli.Command{
ctx := namespaces.WithNamespace(gocontext.Background(), context.String("namespace"))
topic := context.String("topic")
if topic == "" {
- return errors.Wrap(errdefs.ErrInvalidArgument, "topic required to publish event")
+ return fmt.Errorf("topic required to publish event: %w", errdefs.ErrInvalidArgument)
}
payload, err := getEventPayload(os.Stdin)
if err != nil {
@@ -73,7 +73,7 @@ var publishCommand = cli.Command{
}
func getEventPayload(r io.Reader) (*types.Any, error) {
- data, err := ioutil.ReadAll(r)
+ data, err := io.ReadAll(r)
if err != nil {
return nil, err
}
@@ -87,7 +87,7 @@ func getEventPayload(r io.Reader) (*types.Any, error) {
func connectEvents(address string) (eventsapi.EventsClient, error) {
conn, err := connect(address, dialer.ContextDialer)
if err != nil {
- return nil, errors.Wrapf(err, "failed to dial %q", address)
+ return nil, fmt.Errorf("failed to dial %q: %w", address, err)
}
return eventsapi.NewEventsClient(conn), nil
}
@@ -100,7 +100,7 @@ func connect(address string, d func(gocontext.Context, string) (net.Conn, error)
}
gopts := []grpc.DialOption{
grpc.WithBlock(),
- grpc.WithInsecure(),
+ grpc.WithTransportCredentials(insecure.NewCredentials()),
grpc.WithContextDialer(d),
grpc.FailOnNonTempDialError(true),
grpc.WithConnectParams(connParams),
@@ -109,7 +109,7 @@ func connect(address string, d func(gocontext.Context, string) (net.Conn, error)
defer cancel()
conn, err := grpc.DialContext(ctx, dialer.DialAddress(address), gopts...)
if err != nil {
- return nil, errors.Wrapf(err, "failed to dial %q", address)
+ return nil, fmt.Errorf("failed to dial %q: %w", address, err)
}
return conn, nil
}
diff --git a/cmd/containerd/command/service_unsupported.go b/cmd/containerd/command/service_unsupported.go
index b282052..2ea02af 100644
--- a/cmd/containerd/command/service_unsupported.go
+++ b/cmd/containerd/command/service_unsupported.go
@@ -1,3 +1,4 @@
+//go:build !windows
// +build !windows
/*
diff --git a/cmd/containerd/command/service_windows.go b/cmd/containerd/command/service_windows.go
index d683c18..eb2062c 100644
--- a/cmd/containerd/command/service_windows.go
+++ b/cmd/containerd/command/service_windows.go
@@ -18,19 +18,17 @@ package command
import (
"fmt"
- "io/ioutil"
"log"
"os"
- "os/exec"
"path/filepath"
"time"
"unsafe"
"github.com/containerd/containerd/errdefs"
"github.com/containerd/containerd/services/server"
- "github.com/pkg/errors"
"github.com/sirupsen/logrus"
"github.com/urfave/cli"
+ exec "golang.org/x/sys/execabs"
"golang.org/x/sys/windows"
"golang.org/x/sys/windows/svc"
"golang.org/x/sys/windows/svc/debug"
@@ -215,10 +213,9 @@ func unregisterService() error {
// to handle (un-)registering against Windows Service Control Manager (SCM).
// It returns an indication to stop on successful SCM operation, and an error.
func registerUnregisterService(root string) (bool, error) {
-
if unregisterServiceFlag {
if registerServiceFlag {
- return true, errors.Wrap(errdefs.ErrInvalidArgument, "--register-service and --unregister-service cannot be used together")
+ return true, fmt.Errorf("--register-service and --unregister-service cannot be used together: %w", errdefs.ErrInvalidArgument)
}
return true, unregisterService()
}
@@ -242,29 +239,64 @@ func registerUnregisterService(root string) (bool, error) {
// and we want to make sure stderr goes to the panic file.
r, _, err := allocConsole.Call()
if r == 0 && err != nil {
- return true, fmt.Errorf("error allocating conhost: %s", err)
+ return true, fmt.Errorf("error allocating conhost: %w", err)
}
if err := initPanicFile(filepath.Join(root, "panic.log")); err != nil {
return true, err
}
- logOutput := ioutil.Discard
+ // The usual advice for Windows services is to either write to a log file or to the windows event
+ // log, the former of which we've exposed here via a --log-file flag. We additionally write panic
+ // stacks to a panic.log file to diagnose crashes. Below details the two different outcomes if
+ // --log-file is specified or not:
+ //
+ // --log-file is *not* specified.
+ // -------------------------------
+ // -logrus, the stdlibs logging package and os.Stderr output will go to
+ // NUL (Windows' /dev/null equivalent).
+ // -Panics will write their stack trace to the panic.log file.
+ // -Writing to the handle returned from GetStdHandle(STD_ERROR_HANDLE) will write
+ // to the panic.log file as the underlying handle itself has been redirected.
+ //
+ // --log-file *is* specified
+ // -------------------------------
+ // -Logging to logrus, the stdlibs logging package or directly to
+ // os.Stderr will all go to the log file specified.
+ // -Panics will write their stack trace to the panic.log file.
+ // -Writing to the handle returned from GetStdHandle(STD_ERROR_HANDLE) will write
+ // to the panic.log file as the underlying handle itself has been redirected.
+ var f *os.File
if logFileFlag != "" {
- f, err := os.OpenFile(logFileFlag, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644)
+ f, err = os.OpenFile(logFileFlag, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644)
if err != nil {
- return true, errors.Wrapf(err, "open log file %q", logFileFlag)
+ return true, fmt.Errorf("open log file %q: %w", logFileFlag, err)
+ }
+ } else {
+ // Windows services start with NULL stdio handles, and thus os.Stderr and friends will be
+ // backed by an os.File with a NULL handle. This means writes to os.Stderr will fail, which
+ // isn't a huge issue as we want output to be discarded if the user doesn't ask for the log
+ // file. However, writes succeeding but just going to the ether is a much better construct
+ // so use devnull instead of relying on writes failing. We use devnull instead of io.Discard
+ // as os.Stderr is an os.File and can't be assigned to io.Discard.
+ f, err = os.OpenFile(os.DevNull, os.O_WRONLY, 0)
+ if err != nil {
+ return true, err
}
- logOutput = f
}
- logrus.SetOutput(logOutput)
+ // Reassign os.Stderr to the log file or NUL. Shim logs are copied to os.Stderr
+ // directly so this ensures those will end up in the log file as well if specified.
+ os.Stderr = f
+ // Assign the stdlibs log package in case of any miscellaneous uses by
+ // dependencies.
+ log.SetOutput(f)
+ logrus.SetOutput(f)
}
return false, nil
}
// launchService is the entry point for running the daemon under SCM.
func launchService(s *server.Server, done chan struct{}) error {
-
if !runServiceFlag {
return nil
}
@@ -275,7 +307,7 @@ func launchService(s *server.Server, done chan struct{}) error {
done: done,
}
- interactive, err := svc.IsAnInteractiveSession() // nolint:staticcheck
+ interactive, err := svc.IsAnInteractiveSession() //nolint:staticcheck
if err != nil {
return err
}
@@ -360,12 +392,6 @@ func initPanicFile(path string) error {
return err
}
- // Reset os.Stderr to the panic file (so fmt.Fprintf(os.Stderr,...) actually gets redirected)
- os.Stderr = os.NewFile(panicFile.Fd(), "/dev/stderr")
-
- // Force threads that panic to write to stderr (the panicFile handle now), otherwise it will go into the ether
- log.SetOutput(os.Stderr)
-
return nil
}
diff --git a/cmd/containerd/main.go b/cmd/containerd/main.go
index 10bde45..dcfa66b 100644
--- a/cmd/containerd/main.go
+++ b/cmd/containerd/main.go
@@ -21,10 +21,11 @@ import (
"os"
"github.com/containerd/containerd/cmd/containerd/command"
- "github.com/containerd/containerd/pkg/seed"
+ "github.com/containerd/containerd/pkg/seed" //nolint:staticcheck // Global math/rand seed is deprecated, but still used by external dependencies
)
func init() {
+ //nolint:staticcheck // Global math/rand seed is deprecated, but still used by external dependencies
seed.WithTimeAndRand()
}
diff --git a/cmd/ctr/app/main.go b/cmd/ctr/app/main.go
index bf27438..4beb24b 100644
--- a/cmd/ctr/app/main.go
+++ b/cmd/ctr/app/main.go
@@ -18,7 +18,7 @@ package app
import (
"fmt"
- "io/ioutil"
+ "io"
"github.com/containerd/containerd/cmd/ctr/commands/containers"
"github.com/containerd/containerd/cmd/ctr/commands/content"
@@ -46,7 +46,7 @@ var extraCmds = []cli.Command{}
func init() {
// Discard grpc logs so that they don't mess with our stdio
- grpclog.SetLoggerV2(grpclog.NewLoggerV2(ioutil.Discard, ioutil.Discard, ioutil.Discard))
+ grpclog.SetLoggerV2(grpclog.NewLoggerV2(io.Discard, io.Discard, io.Discard))
cli.VersionPrinter = func(c *cli.Context) {
fmt.Println(c.App.Name, version.Package, c.App.Version)
diff --git a/cmd/ctr/app/main_unix.go b/cmd/ctr/app/main_unix.go
index c0eb1b6..f922e4e 100644
--- a/cmd/ctr/app/main_unix.go
+++ b/cmd/ctr/app/main_unix.go
@@ -1,3 +1,4 @@
+//go:build !windows
// +build !windows
/*
diff --git a/cmd/ctr/commands/commands.go b/cmd/ctr/commands/commands.go
index 5a58e9a..7823aa4 100644
--- a/cmd/ctr/commands/commands.go
+++ b/cmd/ctr/commands/commands.go
@@ -24,6 +24,8 @@ import (
"strings"
"github.com/containerd/containerd/defaults"
+ "github.com/containerd/containerd/pkg/atomicfile"
+
"github.com/urfave/cli"
)
@@ -37,6 +39,12 @@ var (
},
}
+ // SnapshotterLabels are cli flags specifying labels which will be add to the new snapshot for container.
+ SnapshotterLabels = cli.StringSliceFlag{
+ Name: "snapshotter-label",
+ Usage: "labels added to the new snapshot for this container.",
+ }
+
// LabelFlag is a cli flag specifying labels
LabelFlag = cli.StringSliceFlag{
Name: "label",
@@ -110,6 +118,10 @@ var (
Name: "label",
Usage: "specify additional labels (e.g. foo=bar)",
},
+ cli.StringSliceFlag{
+ Name: "annotation",
+ Usage: "specify additional OCI annotations (e.g. foo=bar)",
+ },
cli.StringSliceFlag{
Name: "mount",
Usage: "specify additional container mount (e.g. type=bind,src=/tmp,dst=/host,options=rbind:ro)",
@@ -147,7 +159,7 @@ var (
Name: "pid-file",
Usage: "file path to write the task's pid",
},
- cli.IntFlag{
+ cli.IntSliceFlag{
Name: "gpus",
Usage: "add gpus to the container",
},
@@ -163,6 +175,14 @@ var (
Name: "device",
Usage: "file path to a device to add to the container; or a path to a directory tree of devices to add to the container",
},
+ cli.StringSliceFlag{
+ Name: "cap-add",
+ Usage: "add Linux capabilities (Set capabilities with 'CAP_' prefix)",
+ },
+ cli.StringSliceFlag{
+ Name: "cap-drop",
+ Usage: "drop Linux capabilities (Set capabilities with 'CAP_' prefix)",
+ },
cli.BoolFlag{
Name: "seccomp",
Usage: "enable the default seccomp profile",
@@ -179,6 +199,10 @@ var (
Name: "apparmor-profile",
Usage: "enable AppArmor with an existing custom profile",
},
+ cli.StringFlag{
+ Name: "rdt-class",
+ Usage: "name of the RDT class to associate the container with. Specifies a Class of Service (CLOS) for cache and memory bandwidth management.",
+ },
}
)
@@ -209,6 +233,19 @@ func LabelArgs(labelStrings []string) map[string]string {
return labels
}
+// AnnotationArgs returns a map of annotation key,value pairs.
+func AnnotationArgs(annoStrings []string) (map[string]string, error) {
+ annotations := make(map[string]string, len(annoStrings))
+ for _, anno := range annoStrings {
+ parts := strings.SplitN(anno, "=", 2)
+ if len(parts) != 2 {
+ return nil, fmt.Errorf("invalid key=value format annotation: %v", anno)
+ }
+ annotations[parts[0]] = parts[1]
+ }
+ return annotations, nil
+}
+
// PrintAsJSON prints input in JSON format
func PrintAsJSON(x interface{}) {
b, err := json.MarshalIndent(x, "", " ")
@@ -224,15 +261,14 @@ func WritePidFile(path string, pid int) error {
if err != nil {
return err
}
- tempPath := filepath.Join(filepath.Dir(path), fmt.Sprintf(".%s", filepath.Base(path)))
- f, err := os.OpenFile(tempPath, os.O_RDWR|os.O_CREATE|os.O_EXCL|os.O_SYNC, 0666)
+ f, err := atomicfile.New(path, 0o666)
if err != nil {
return err
}
_, err = fmt.Fprintf(f, "%d", pid)
- f.Close()
if err != nil {
+ f.Cancel()
return err
}
- return os.Rename(tempPath, path)
+ return f.Close()
}
diff --git a/cmd/ctr/commands/commands_unix.go b/cmd/ctr/commands/commands_unix.go
index 38ee594..44b81e1 100644
--- a/cmd/ctr/commands/commands_unix.go
+++ b/cmd/ctr/commands/commands_unix.go
@@ -1,3 +1,4 @@
+//go:build !windows
// +build !windows
/*
@@ -36,5 +37,8 @@ func init() {
}, cli.Uint64Flag{
Name: "cpu-period",
Usage: "Limit CPU CFS period",
+ }, cli.StringFlag{
+ Name: "rootfs-propagation",
+ Usage: "set the propagation of the container rootfs",
})
}
diff --git a/cmd/ctr/commands/commands_windows.go b/cmd/ctr/commands/commands_windows.go
index 4bd3d25..5c1d98e 100644
--- a/cmd/ctr/commands/commands_windows.go
+++ b/cmd/ctr/commands/commands_windows.go
@@ -1,5 +1,3 @@
-// +build windows
-
/*
Copyright The containerd Authors.
diff --git a/cmd/ctr/commands/containers/checkpoint.go b/cmd/ctr/commands/containers/checkpoint.go
index 53bf70b..62804f4 100644
--- a/cmd/ctr/commands/containers/checkpoint.go
+++ b/cmd/ctr/commands/containers/checkpoint.go
@@ -17,12 +17,12 @@
package containers
import (
+ "errors"
"fmt"
"github.com/containerd/containerd"
"github.com/containerd/containerd/cmd/ctr/commands"
"github.com/containerd/containerd/errdefs"
- "github.com/pkg/errors"
"github.com/urfave/cli"
)
@@ -88,7 +88,7 @@ var checkpointCommand = cli.Command{
}
defer func() {
if err := task.Resume(ctx); err != nil {
- fmt.Println(errors.Wrap(err, "error resuming task"))
+ fmt.Println(fmt.Errorf("error resuming task: %w", err))
}
}()
}
diff --git a/cmd/ctr/commands/containers/containers.go b/cmd/ctr/commands/containers/containers.go
index f87b0c6..d102534 100644
--- a/cmd/ctr/commands/containers/containers.go
+++ b/cmd/ctr/commands/containers/containers.go
@@ -31,7 +31,6 @@ import (
"github.com/containerd/containerd/errdefs"
"github.com/containerd/containerd/log"
"github.com/containerd/typeurl"
- "github.com/pkg/errors"
"github.com/urfave/cli"
)
@@ -55,7 +54,7 @@ var createCommand = cli.Command{
Name: "create",
Usage: "create container",
ArgsUsage: "[flags] Image|RootFS CONTAINER [COMMAND] [ARG...]",
- Flags: append(commands.SnapshotterFlags, commands.ContainerFlags...),
+ Flags: append(append(commands.SnapshotterFlags, []cli.Flag{commands.SnapshotterLabels}...), commands.ContainerFlags...),
Action: func(context *cli.Context) error {
var (
id string
@@ -66,17 +65,17 @@ var createCommand = cli.Command{
if config {
id = context.Args().First()
if context.NArg() > 1 {
- return errors.Wrap(errdefs.ErrInvalidArgument, "with spec config file, only container id should be provided")
+ return fmt.Errorf("with spec config file, only container id should be provided: %w", errdefs.ErrInvalidArgument)
}
} else {
id = context.Args().Get(1)
ref = context.Args().First()
if ref == "" {
- return errors.Wrap(errdefs.ErrInvalidArgument, "image ref must be provided")
+ return fmt.Errorf("image ref must be provided: %w", errdefs.ErrInvalidArgument)
}
}
if id == "" {
- return errors.Wrap(errdefs.ErrInvalidArgument, "container id must be provided")
+ return fmt.Errorf("container id must be provided: %w", errdefs.ErrInvalidArgument)
}
client, ctx, cancel, err := commands.NewClient(context)
if err != nil {
@@ -149,7 +148,7 @@ var deleteCommand = cli.Command{
Name: "delete",
Usage: "delete one or more existing containers",
ArgsUsage: "[flags] CONTAINER [CONTAINER, ...]",
- Aliases: []string{"del", "rm"},
+ Aliases: []string{"del", "remove", "rm"},
Flags: []cli.Flag{
cli.BoolFlag{
Name: "keep-snapshot",
@@ -169,7 +168,7 @@ var deleteCommand = cli.Command{
}
if context.NArg() == 0 {
- return errors.Wrap(errdefs.ErrInvalidArgument, "must specify at least one container to delete")
+ return fmt.Errorf("must specify at least one container to delete: %w", errdefs.ErrInvalidArgument)
}
for _, arg := range context.Args() {
if err := deleteContainer(ctx, client, arg, deleteOpts...); err != nil {
@@ -215,7 +214,7 @@ var setLabelsCommand = cli.Command{
Action: func(context *cli.Context) error {
containerID, labels := commands.ObjectWithLabelArgs(context)
if containerID == "" {
- return errors.Wrap(errdefs.ErrInvalidArgument, "container id must be provided")
+ return fmt.Errorf("container id must be provided: %w", errdefs.ErrInvalidArgument)
}
client, ctx, cancel, err := commands.NewClient(context)
if err != nil {
@@ -257,7 +256,7 @@ var infoCommand = cli.Command{
Action: func(context *cli.Context) error {
id := context.Args().First()
if id == "" {
- return errors.Wrap(errdefs.ErrInvalidArgument, "container id must be provided")
+ return fmt.Errorf("container id must be provided: %w", errdefs.ErrInvalidArgument)
}
client, ctx, cancel, err := commands.NewClient(context)
if err != nil {
diff --git a/cmd/ctr/commands/containers/restore.go b/cmd/ctr/commands/containers/restore.go
index 85337b3..2847340 100644
--- a/cmd/ctr/commands/containers/restore.go
+++ b/cmd/ctr/commands/containers/restore.go
@@ -17,11 +17,12 @@
package containers
import (
+ "errors"
+
"github.com/containerd/containerd"
"github.com/containerd/containerd/cio"
"github.com/containerd/containerd/cmd/ctr/commands"
"github.com/containerd/containerd/errdefs"
- "github.com/pkg/errors"
"github.com/urfave/cli"
)
diff --git a/cmd/ctr/commands/content/content.go b/cmd/ctr/commands/content/content.go
index 6f61fca..f0458dd 100644
--- a/cmd/ctr/commands/content/content.go
+++ b/cmd/ctr/commands/content/content.go
@@ -17,11 +17,10 @@
package content
import (
+ "errors"
"fmt"
"io"
- "io/ioutil"
"os"
- "os/exec"
"strings"
"text/tabwriter"
"time"
@@ -33,8 +32,8 @@ import (
units "github.com/docker/go-units"
digest "github.com/opencontainers/go-digest"
ocispec "github.com/opencontainers/image-spec/specs-go/v1"
- "github.com/pkg/errors"
"github.com/urfave/cli"
+ exec "golang.org/x/sys/execabs"
)
var (
@@ -519,7 +518,7 @@ func edit(context *cli.Context, rd io.Reader) (io.ReadCloser, error) {
return nil, fmt.Errorf("editor is required")
}
- tmp, err := ioutil.TempFile(os.Getenv("XDG_RUNTIME_DIR"), "edit-")
+ tmp, err := os.CreateTemp(os.Getenv("XDG_RUNTIME_DIR"), "edit-")
if err != nil {
return nil, err
}
diff --git a/cmd/ctr/commands/content/fetch.go b/cmd/ctr/commands/content/fetch.go
index 4dc1087..aef9e86 100644
--- a/cmd/ctr/commands/content/fetch.go
+++ b/cmd/ctr/commands/content/fetch.go
@@ -280,7 +280,7 @@ outer:
info, err := cs.Info(ctx, j.Digest)
if err != nil {
if !errdefs.IsNotFound(err) {
- log.G(ctx).WithError(err).Errorf("failed to get content info")
+ log.G(ctx).WithError(err).Error("failed to get content info")
continue outer
} else {
statuses[key] = StatusInfo{
diff --git a/cmd/ctr/commands/images/convert.go b/cmd/ctr/commands/images/convert.go
index 3baec0b..e2bcd0d 100644
--- a/cmd/ctr/commands/images/convert.go
+++ b/cmd/ctr/commands/images/convert.go
@@ -17,6 +17,7 @@
package images
import (
+ "errors"
"fmt"
"github.com/containerd/containerd/cmd/ctr/commands"
@@ -24,7 +25,6 @@ import (
"github.com/containerd/containerd/images/converter/uncompress"
"github.com/containerd/containerd/platforms"
ocispec "github.com/opencontainers/image-spec/specs-go/v1"
- "github.com/pkg/errors"
"github.com/urfave/cli"
)
@@ -74,7 +74,7 @@ When '--all-platforms' is given all images in a manifest list must be available.
for _, ps := range pss {
p, err := platforms.Parse(ps)
if err != nil {
- return errors.Wrapf(err, "invalid platform %q", ps)
+ return fmt.Errorf("invalid platform %q: %w", ps, err)
}
all = append(all, p)
}
diff --git a/cmd/ctr/commands/images/export.go b/cmd/ctr/commands/images/export.go
index 41d8893..5050ff4 100644
--- a/cmd/ctr/commands/images/export.go
+++ b/cmd/ctr/commands/images/export.go
@@ -17,6 +17,8 @@
package images
import (
+ "errors"
+ "fmt"
"io"
"os"
@@ -24,7 +26,6 @@ import (
"github.com/containerd/containerd/images/archive"
"github.com/containerd/containerd/platforms"
ocispec "github.com/opencontainers/image-spec/specs-go/v1"
- "github.com/pkg/errors"
"github.com/urfave/cli"
)
@@ -73,13 +74,13 @@ When '--all-platforms' is given all images in a manifest list must be available.
for _, ps := range pss {
p, err := platforms.Parse(ps)
if err != nil {
- return errors.Wrapf(err, "invalid platform %q", ps)
+ return fmt.Errorf("invalid platform %q: %w", ps, err)
}
all = append(all, p)
}
exportOpts = append(exportOpts, archive.WithPlatform(platforms.Ordered(all...)))
} else {
- exportOpts = append(exportOpts, archive.WithPlatform(platforms.Default()))
+ exportOpts = append(exportOpts, archive.WithPlatform(platforms.DefaultStrict()))
}
if context.Bool("all-platforms") {
diff --git a/cmd/ctr/commands/images/images.go b/cmd/ctr/commands/images/images.go
index 077afd8..a68d216 100644
--- a/cmd/ctr/commands/images/images.go
+++ b/cmd/ctr/commands/images/images.go
@@ -17,6 +17,7 @@
package images
import (
+ "errors"
"fmt"
"os"
"sort"
@@ -29,7 +30,6 @@ import (
"github.com/containerd/containerd/log"
"github.com/containerd/containerd/pkg/progress"
"github.com/containerd/containerd/platforms"
- "github.com/pkg/errors"
"github.com/urfave/cli"
)
@@ -82,7 +82,7 @@ var listCommand = cli.Command{
)
imageList, err := imageStore.List(ctx, filters...)
if err != nil {
- return errors.Wrap(err, "failed to list images")
+ return fmt.Errorf("failed to list images: %w", err)
}
if quiet {
for _, image := range imageList {
@@ -224,7 +224,7 @@ var checkCommand = cli.Command{
args := []string(context.Args())
imageList, err := client.ListImages(ctx, args...)
if err != nil {
- return errors.Wrap(err, "failed listing images")
+ return fmt.Errorf("failed listing images: %w", err)
}
if len(imageList) == 0 {
log.G(ctx).Debugf("no images found")
@@ -248,7 +248,7 @@ var checkCommand = cli.Command{
available, required, present, missing, err := images.Check(ctx, contentStore, image.Target(), platforms.Default())
if err != nil {
if exitErr == nil {
- exitErr = errors.Wrapf(err, "unable to check %v", image.Name())
+ exitErr = fmt.Errorf("unable to check %v: %w", image.Name(), err)
}
log.G(ctx).WithError(err).Errorf("unable to check %v", image.Name())
status = "error"
@@ -284,7 +284,7 @@ var checkCommand = cli.Command{
unpacked, err := image.IsUnpacked(ctx, context.String("snapshotter"))
if err != nil {
if exitErr == nil {
- exitErr = errors.Wrapf(err, "unable to check unpack for %v", image.Name())
+ exitErr = fmt.Errorf("unable to check unpack for %v: %w", image.Name(), err)
}
log.G(ctx).WithError(err).Errorf("unable to check unpack for %v", image.Name())
}
@@ -311,8 +311,8 @@ var checkCommand = cli.Command{
}
var removeCommand = cli.Command{
- Name: "remove",
- Aliases: []string{"rm"},
+ Name: "delete",
+ Aliases: []string{"del", "remove", "rm"},
Usage: "remove one or more images by reference",
ArgsUsage: "[flags] [ [][, ...]",
Description: "remove one or more images by reference",
@@ -340,7 +340,7 @@ var removeCommand = cli.Command{
if err := imageStore.Delete(ctx, target, opts...); err != nil {
if !errdefs.IsNotFound(err) {
if exitErr == nil {
- exitErr = errors.Wrapf(err, "unable to delete %v", target)
+ exitErr = fmt.Errorf("unable to delete %v: %w", target, err)
}
log.G(ctx).WithError(err).Errorf("unable to delete %v", target)
continue
diff --git a/cmd/ctr/commands/images/import.go b/cmd/ctr/commands/images/import.go
index e7a4945..850b8a2 100644
--- a/cmd/ctr/commands/images/import.go
+++ b/cmd/ctr/commands/images/import.go
@@ -26,6 +26,7 @@ import (
"github.com/containerd/containerd/cmd/ctr/commands"
"github.com/containerd/containerd/images/archive"
"github.com/containerd/containerd/log"
+ "github.com/containerd/containerd/platforms"
"github.com/urfave/cli"
)
@@ -60,6 +61,10 @@ If foobar.tar contains an OCI ref named "latest" and anonymous ref "sha256:deadb
Name: "digests",
Usage: "whether to create digest images (default: false)",
},
+ cli.BoolFlag{
+ Name: "skip-digest-for-named",
+ Usage: "skip applying --digests option to images named in the importing tar (use it in conjunction with --digests)",
+ },
cli.StringFlag{
Name: "index-name",
Usage: "image name to keep index as, by default index is discarded",
@@ -68,6 +73,10 @@ If foobar.tar contains an OCI ref named "latest" and anonymous ref "sha256:deadb
Name: "all-platforms",
Usage: "imports content for all platforms, false by default",
},
+ cli.StringFlag{
+ Name: "platform",
+ Usage: "imports content for specific platform",
+ },
cli.BoolFlag{
Name: "no-unpack",
Usage: "skip unpacking the images, false by default",
@@ -80,8 +89,9 @@ If foobar.tar contains an OCI ref named "latest" and anonymous ref "sha256:deadb
Action: func(context *cli.Context) error {
var (
- in = context.Args().First()
- opts []containerd.ImportOpt
+ in = context.Args().First()
+ opts []containerd.ImportOpt
+ platformMatcher platforms.MatchComparer
)
prefix := context.String("base-name")
@@ -96,6 +106,12 @@ If foobar.tar contains an OCI ref named "latest" and anonymous ref "sha256:deadb
if context.Bool("digests") {
opts = append(opts, containerd.WithDigestRef(archive.DigestTranslator(prefix)))
}
+ if context.Bool("skip-digest-for-named") {
+ if !context.Bool("digests") {
+ return fmt.Errorf("--skip-digest-for-named must be specified with --digests option")
+ }
+ opts = append(opts, containerd.WithSkipDigestRef(func(name string) bool { return name != "" }))
+ }
if idxName := context.String("index-name"); idxName != "" {
opts = append(opts, containerd.WithIndexName(idxName))
@@ -105,6 +121,15 @@ If foobar.tar contains an OCI ref named "latest" and anonymous ref "sha256:deadb
opts = append(opts, containerd.WithImportCompression())
}
+ if platform := context.String("platform"); platform != "" {
+ platSpec, err := platforms.Parse(platform)
+ if err != nil {
+ return err
+ }
+ platformMatcher = platforms.OnlyStrict(platSpec)
+ opts = append(opts, containerd.WithImportPlatform(platformMatcher))
+ }
+
opts = append(opts, containerd.WithAllPlatforms(context.Bool("all-platforms")))
client, ctx, cancel, err := commands.NewClient(context)
@@ -135,8 +160,10 @@ If foobar.tar contains an OCI ref named "latest" and anonymous ref "sha256:deadb
log.G(ctx).Debugf("unpacking %d images", len(imgs))
for _, img := range imgs {
- // TODO: Allow configuration of the platform
- image := containerd.NewImage(client, img)
+ if platformMatcher == nil { // if platform not specified use default.
+ platformMatcher = platforms.Default()
+ }
+ image := containerd.NewImageWithPlatform(client, img, platformMatcher)
// TODO: Show unpack status
fmt.Printf("unpacking %s (%s)...", img.Name, img.Target.Digest)
diff --git a/cmd/ctr/commands/images/mount.go b/cmd/ctr/commands/images/mount.go
index c0e03dc..a907ad5 100644
--- a/cmd/ctr/commands/images/mount.go
+++ b/cmd/ctr/commands/images/mount.go
@@ -27,7 +27,6 @@ import (
"github.com/containerd/containerd/mount"
"github.com/containerd/containerd/platforms"
"github.com/opencontainers/image-spec/identity"
- "github.com/pkg/errors"
"github.com/urfave/cli"
)
@@ -93,7 +92,7 @@ When you are done, use the unmount command.
ps := context.String("platform")
p, err := platforms.Parse(ps)
if err != nil {
- return errors.Wrapf(err, "unable to parse platform %s", ps)
+ return fmt.Errorf("unable to parse platform %s: %w", ps, err)
}
img, err := client.ImageService().Get(ctx, ref)
@@ -103,7 +102,7 @@ When you are done, use the unmount command.
i := containerd.NewImageWithPlatform(client, img, platforms.Only(p))
if err := i.Unpack(ctx, snapshotter); err != nil {
- return errors.Wrap(err, "error unpacking image")
+ return fmt.Errorf("error unpacking image: %w", err)
}
diffIDs, err := i.RootFS(ctx)
diff --git a/cmd/ctr/commands/images/pull.go b/cmd/ctr/commands/images/pull.go
index 7a5db21..c46dcd4 100644
--- a/cmd/ctr/commands/images/pull.go
+++ b/cmd/ctr/commands/images/pull.go
@@ -28,7 +28,6 @@ import (
"github.com/containerd/containerd/platforms"
"github.com/opencontainers/image-spec/identity"
ocispec "github.com/opencontainers/image-spec/specs-go/v1"
- "github.com/pkg/errors"
"github.com/urfave/cli"
)
@@ -106,13 +105,13 @@ command. As part of this process, we do the following:
if context.Bool("all-platforms") {
p, err = images.Platforms(ctx, client.ContentStore(), img.Target)
if err != nil {
- return errors.Wrap(err, "unable to resolve image platforms")
+ return fmt.Errorf("unable to resolve image platforms: %w", err)
}
} else {
for _, s := range context.StringSlice("platform") {
ps, err := platforms.Parse(s)
if err != nil {
- return errors.Wrapf(err, "unable to parse platform %s", s)
+ return fmt.Errorf("unable to parse platform %s: %w", s, err)
}
p = append(p, ps)
}
diff --git a/cmd/ctr/commands/images/push.go b/cmd/ctr/commands/images/push.go
index da9e896..7123878 100644
--- a/cmd/ctr/commands/images/push.go
+++ b/cmd/ctr/commands/images/push.go
@@ -18,6 +18,8 @@ package images
import (
gocontext "context"
+ "errors"
+ "fmt"
"net/http/httptrace"
"os"
"sync"
@@ -35,7 +37,6 @@ import (
"github.com/containerd/containerd/remotes/docker"
digest "github.com/opencontainers/go-digest"
ocispec "github.com/opencontainers/image-spec/specs-go/v1"
- "github.com/pkg/errors"
"github.com/urfave/cli"
"golang.org/x/sync/errgroup"
)
@@ -67,6 +68,9 @@ var pushCommand = cli.Command{
}, cli.IntFlag{
Name: "max-concurrent-uploaded-layers",
Usage: "Set the max concurrent uploaded layers for each push",
+ }, cli.BoolFlag{
+ Name: "allow-non-distributable-blobs",
+ Usage: "Allow pushing blobs that are marked as non-distributable",
}),
Action: func(context *cli.Context) error {
var (
@@ -88,7 +92,7 @@ var pushCommand = cli.Command{
if manifest := context.String("manifest"); manifest != "" {
desc.Digest, err = digest.Parse(manifest)
if err != nil {
- return errors.Wrap(err, "invalid manifest digest")
+ return fmt.Errorf("invalid manifest digest: %w", err)
}
desc.MediaType = context.String("manifest-type")
} else {
@@ -97,14 +101,14 @@ var pushCommand = cli.Command{
}
img, err := client.ImageService().Get(ctx, local)
if err != nil {
- return errors.Wrap(err, "unable to resolve image to manifest")
+ return fmt.Errorf("unable to resolve image to manifest: %w", err)
}
desc = img.Target
if pss := context.StringSlice("platform"); len(pss) == 1 {
p, err := platforms.Parse(pss[0])
if err != nil {
- return errors.Wrapf(err, "invalid platform %q", pss[0])
+ return fmt.Errorf("invalid platform %q: %w", pss[0], err)
}
cs := client.ContentStore()
@@ -113,7 +117,7 @@ var pushCommand = cli.Command{
for _, manifest := range manifests {
if manifest.Platform != nil && matcher.Match(*manifest.Platform) {
if _, err := images.Children(ctx, cs, manifest); err != nil {
- return errors.Wrap(err, "no matching manifest")
+ return fmt.Errorf("no matching manifest: %w", err)
}
desc = manifest
break
@@ -143,13 +147,21 @@ var pushCommand = cli.Command{
log.G(ctx).WithField("image", ref).WithField("digest", desc.Digest).Debug("pushing")
jobHandler := images.HandlerFunc(func(ctx gocontext.Context, desc ocispec.Descriptor) ([]ocispec.Descriptor, error) {
+ if !context.Bool("allow-non-distributable-blobs") && images.IsNonDistributable(desc.MediaType) {
+ return nil, nil
+ }
ongoing.add(remotes.MakeRefKey(ctx, desc))
return nil, nil
})
+ handler := jobHandler
+ if !context.Bool("allow-non-distributable-blobs") {
+ handler = remotes.SkipNonDistributableBlobs(handler)
+ }
+
ropts := []containerd.RemoteOpt{
containerd.WithResolver(resolver),
- containerd.WithImageHandler(jobHandler),
+ containerd.WithImageHandler(handler),
}
if context.IsSet("max-concurrent-uploaded-layers") {
diff --git a/cmd/ctr/commands/images/unmount.go b/cmd/ctr/commands/images/unmount.go
index 3f54f63..f98570d 100644
--- a/cmd/ctr/commands/images/unmount.go
+++ b/cmd/ctr/commands/images/unmount.go
@@ -23,7 +23,6 @@ import (
"github.com/containerd/containerd/errdefs"
"github.com/containerd/containerd/leases"
"github.com/containerd/containerd/mount"
- "github.com/pkg/errors"
"github.com/urfave/cli"
)
@@ -60,10 +59,10 @@ var unmountCommand = cli.Command{
snapshotter := context.String("snapshotter")
s := client.SnapshotService(snapshotter)
if err := client.LeasesService().Delete(ctx, leases.Lease{ID: target}); err != nil && !errdefs.IsNotFound(err) {
- return errors.Wrap(err, "error deleting lease")
+ return fmt.Errorf("error deleting lease: %w", err)
}
if err := s.Remove(ctx, target); err != nil && !errdefs.IsNotFound(err) {
- return errors.Wrap(err, "error removing snapshot")
+ return fmt.Errorf("error removing snapshot: %w", err)
}
}
diff --git a/cmd/ctr/commands/leases/leases.go b/cmd/ctr/commands/leases/leases.go
index d0b107d..d9f1025 100644
--- a/cmd/ctr/commands/leases/leases.go
+++ b/cmd/ctr/commands/leases/leases.go
@@ -26,7 +26,6 @@ import (
"github.com/containerd/containerd/cmd/ctr/commands"
"github.com/containerd/containerd/leases"
- "github.com/pkg/errors"
"github.com/urfave/cli"
)
@@ -69,7 +68,7 @@ var listCommand = cli.Command{
leaseList, err := ls.List(ctx, filters...)
if err != nil {
- return errors.Wrap(err, "failed to list leases")
+ return fmt.Errorf("failed to list leases: %w", err)
}
if quiet {
for _, l := range leaseList {
@@ -159,7 +158,7 @@ var createCommand = cli.Command{
var deleteCommand = cli.Command{
Name: "delete",
- Aliases: []string{"rm"},
+ Aliases: []string{"del", "remove", "rm"},
Usage: "delete a lease",
ArgsUsage: "[flags] ...",
Description: "delete a lease",
diff --git a/cmd/ctr/commands/namespaces/namespaces.go b/cmd/ctr/commands/namespaces/namespaces.go
index 93455b1..ddab3f5 100644
--- a/cmd/ctr/commands/namespaces/namespaces.go
+++ b/cmd/ctr/commands/namespaces/namespaces.go
@@ -17,6 +17,7 @@
package namespaces
import (
+ "errors"
"fmt"
"os"
"sort"
@@ -26,7 +27,6 @@ import (
"github.com/containerd/containerd/cmd/ctr/commands"
"github.com/containerd/containerd/errdefs"
"github.com/containerd/containerd/log"
- "github.com/pkg/errors"
"github.com/urfave/cli"
)
@@ -47,7 +47,7 @@ var createCommand = cli.Command{
Name: "create",
Aliases: []string{"c"},
Usage: "create a new namespace",
- ArgsUsage: " [= [=]",
Description: "create a new namespace. it must be unique",
Action: func(context *cli.Context) error {
namespace, labels := commands.ObjectWithLabelArgs(context)
@@ -68,7 +68,7 @@ var setLabelsCommand = cli.Command{
Name: "label",
Usage: "set and clear labels for a namespace",
ArgsUsage: " [=, ...]",
- Description: "set and clear labels for a namespace",
+ Description: "set and clear labels for a namespace. empty value clears the label",
Action: func(context *cli.Context) error {
namespace, labels := commands.ObjectWithLabelArgs(context)
if namespace == "" {
@@ -167,7 +167,7 @@ var removeCommand = cli.Command{
if err := namespaces.Delete(ctx, target, opts...); err != nil {
if !errdefs.IsNotFound(err) {
if exitErr == nil {
- exitErr = errors.Wrapf(err, "unable to delete %v", target)
+ exitErr = fmt.Errorf("unable to delete %v: %w", target, err)
}
log.G(ctx).WithError(err).Errorf("unable to delete %v", target)
continue
diff --git a/cmd/ctr/commands/namespaces/namespaces_other.go b/cmd/ctr/commands/namespaces/namespaces_other.go
index b0f12e5..4e99d60 100644
--- a/cmd/ctr/commands/namespaces/namespaces_other.go
+++ b/cmd/ctr/commands/namespaces/namespaces_other.go
@@ -1,3 +1,4 @@
+//go:build !linux
// +build !linux
/*
diff --git a/cmd/ctr/commands/oci/oci.go b/cmd/ctr/commands/oci/oci.go
index d27d026..cbd64fe 100644
--- a/cmd/ctr/commands/oci/oci.go
+++ b/cmd/ctr/commands/oci/oci.go
@@ -17,7 +17,8 @@
package oci
import (
- "github.com/pkg/errors"
+ "fmt"
+
"github.com/urfave/cli"
"github.com/containerd/containerd/cmd/ctr/commands"
@@ -43,7 +44,7 @@ var defaultSpecCommand = cli.Command{
spec, err := oci.GenerateSpec(ctx, nil, &containers.Container{})
if err != nil {
- return errors.Wrap(err, "failed to generate spec")
+ return fmt.Errorf("failed to generate spec: %w", err)
}
commands.PrintAsJSON(spec)
diff --git a/cmd/ctr/commands/pprof/pprof.go b/cmd/ctr/commands/pprof/pprof.go
index acaf2f9..1eafcf2 100644
--- a/cmd/ctr/commands/pprof/pprof.go
+++ b/cmd/ctr/commands/pprof/pprof.go
@@ -24,7 +24,6 @@ import (
"time"
"github.com/containerd/containerd/defaults"
- "github.com/pkg/errors"
"github.com/urfave/cli"
)
@@ -183,7 +182,7 @@ func httpGetRequest(client *http.Client, request string) (io.ReadCloser, error)
return nil, err
}
if resp.StatusCode != 200 {
- return nil, errors.Errorf("http get failed with status: %s", resp.Status)
+ return nil, fmt.Errorf("http get failed with status: %s", resp.Status)
}
return resp.Body, nil
}
diff --git a/cmd/ctr/commands/pprof/pprof_unix.go b/cmd/ctr/commands/pprof/pprof_unix.go
index 9314ca5..de662a2 100644
--- a/cmd/ctr/commands/pprof/pprof_unix.go
+++ b/cmd/ctr/commands/pprof/pprof_unix.go
@@ -1,3 +1,4 @@
+//go:build !windows
// +build !windows
/*
diff --git a/cmd/ctr/commands/resolver.go b/cmd/ctr/commands/resolver.go
index 3571ecf..729d514 100644
--- a/cmd/ctr/commands/resolver.go
+++ b/cmd/ctr/commands/resolver.go
@@ -21,12 +21,13 @@ import (
gocontext "context"
"crypto/tls"
"crypto/x509"
+ "errors"
"fmt"
"io"
- "io/ioutil"
"net/http"
"net/http/httptrace"
"net/http/httputil"
+ "os"
"strings"
"github.com/containerd/console"
@@ -34,7 +35,6 @@ import (
"github.com/containerd/containerd/remotes"
"github.com/containerd/containerd/remotes/docker"
"github.com/containerd/containerd/remotes/docker/config"
- "github.com/pkg/errors"
"github.com/urfave/cli"
)
@@ -46,12 +46,12 @@ func passwordPrompt() (string, error) {
defer c.Reset()
if err := c.DisableEcho(); err != nil {
- return "", errors.Wrap(err, "failed to disable echo")
+ return "", fmt.Errorf("failed to disable echo: %w", err)
}
line, _, err := bufio.NewReader(c).ReadLine()
if err != nil {
- return "", errors.Wrap(err, "failed to read line")
+ return "", fmt.Errorf("failed to read line: %w", err)
}
return string(line), nil
}
@@ -124,9 +124,9 @@ func resolverDefaultTLS(clicontext *cli.Context) (*tls.Config, error) {
}
if tlsRootPath := clicontext.String("tlscacert"); tlsRootPath != "" {
- tlsRootData, err := ioutil.ReadFile(tlsRootPath)
+ tlsRootData, err := os.ReadFile(tlsRootPath)
if err != nil {
- return nil, errors.Wrapf(err, "failed to read %q", tlsRootPath)
+ return nil, fmt.Errorf("failed to read %q: %w", tlsRootPath, err)
}
config.RootCAs = x509.NewCertPool()
@@ -143,7 +143,7 @@ func resolverDefaultTLS(clicontext *cli.Context) (*tls.Config, error) {
}
keyPair, err := tls.LoadX509KeyPair(tlsCertPath, tlsKeyPath)
if err != nil {
- return nil, errors.Wrapf(err, "failed to load TLS client credentials (cert=%q, key=%q)", tlsCertPath, tlsKeyPath)
+ return nil, fmt.Errorf("failed to load TLS client credentials (cert=%q, key=%q): %w", tlsCertPath, tlsKeyPath, err)
}
config.Certificates = []tls.Certificate{keyPair}
}
@@ -161,7 +161,7 @@ type DebugTransport struct {
func (t DebugTransport) RoundTrip(req *http.Request) (*http.Response, error) {
in, err := httputil.DumpRequest(req, true)
if err != nil {
- return nil, errors.Wrap(err, "failed to dump request")
+ return nil, fmt.Errorf("failed to dump request: %w", err)
}
if _, err := t.writer.Write(in); err != nil {
@@ -175,7 +175,7 @@ func (t DebugTransport) RoundTrip(req *http.Request) (*http.Response, error) {
out, err := httputil.DumpResponse(resp, true)
if err != nil {
- return nil, errors.Wrap(err, "failed to dump response")
+ return nil, fmt.Errorf("failed to dump response: %w", err)
}
if _, err := t.writer.Write(out); err != nil {
diff --git a/cmd/ctr/commands/run/run.go b/cmd/ctr/commands/run/run.go
index 697e579..55cff7a 100644
--- a/cmd/ctr/commands/run/run.go
+++ b/cmd/ctr/commands/run/run.go
@@ -20,6 +20,7 @@ import (
"context"
gocontext "context"
"encoding/csv"
+ "errors"
"fmt"
"strings"
@@ -34,7 +35,6 @@ import (
"github.com/containerd/containerd/oci"
gocni "github.com/containerd/go-cni"
specs "github.com/opencontainers/runtime-spec/specs-go"
- "github.com/pkg/errors"
"github.com/sirupsen/logrus"
"github.com/urfave/cli"
)
@@ -64,8 +64,8 @@ func parseMountFlag(m string) (specs.Mount, error) {
}
for _, field := range fields {
- v := strings.Split(field, "=")
- if len(v) != 2 {
+ v := strings.SplitN(field, "=", 2)
+ if len(v) < 2 {
return mount, fmt.Errorf("invalid mount specification: expected key=val")
}
@@ -97,7 +97,7 @@ var Command = cli.Command{
Flags: append([]cli.Flag{
cli.BoolFlag{
Name: "rm",
- Usage: "remove the container after running",
+ Usage: "remove the container after running, cannot be used with --detach",
},
cli.BoolFlag{
Name: "null-io",
@@ -109,7 +109,7 @@ var Command = cli.Command{
},
cli.BoolFlag{
Name: "detach,d",
- Usage: "detach from the task after it has started execution",
+ Usage: "detach from the task after it has started execution, cannot be used with --rm",
},
cli.StringFlag{
Name: "fifo-dir",
@@ -123,13 +123,20 @@ var Command = cli.Command{
Name: "platform",
Usage: "run image for specific platform",
},
- }, append(platformRunFlags, append(commands.SnapshotterFlags, commands.ContainerFlags...)...)...),
+ cli.BoolFlag{
+ Name: "cni",
+ Usage: "enable cni networking for the container",
+ },
+ }, append(platformRunFlags,
+ append(append(commands.SnapshotterFlags, []cli.Flag{commands.SnapshotterLabels}...),
+ commands.ContainerFlags...)...)...),
Action: func(context *cli.Context) error {
var (
err error
id string
ref string
+ rm = context.Bool("rm")
tty = context.Bool("tty")
detach = context.Bool("detach")
config = context.IsSet("config")
@@ -152,6 +159,10 @@ var Command = cli.Command{
if id == "" {
return errors.New("container id must be provided")
}
+ if rm && detach {
+ return errors.New("flags --detach and --rm cannot be specified together")
+ }
+
client, ctx, cancel, err := commands.NewClient(context)
if err != nil {
return err
@@ -161,7 +172,7 @@ var Command = cli.Command{
if err != nil {
return err
}
- if context.Bool("rm") && !detach {
+ if rm && !detach {
defer container.Delete(ctx, containerd.WithSnapshotCleanup)
}
var con console.Console
@@ -207,7 +218,12 @@ var Command = cli.Command{
}
}
if enableCNI {
- if _, err := network.Setup(ctx, fullID(ctx, container), fmt.Sprintf("/proc/%d/ns/net", task.Pid())); err != nil {
+ netNsPath, err := getNetNSPath(ctx, task)
+ if err != nil {
+ return err
+ }
+
+ if _, err := network.Setup(ctx, fullID(ctx, container), netNsPath); err != nil {
return err
}
}
diff --git a/cmd/ctr/commands/run/run_unix.go b/cmd/ctr/commands/run/run_unix.go
index a277e22..6ee3940 100644
--- a/cmd/ctr/commands/run/run_unix.go
+++ b/cmd/ctr/commands/run/run_unix.go
@@ -1,3 +1,4 @@
+//go:build !windows
// +build !windows
/*
@@ -20,13 +21,16 @@ package run
import (
gocontext "context"
+ "errors"
"fmt"
+ "os"
"path/filepath"
"strconv"
"strings"
"github.com/containerd/containerd"
"github.com/containerd/containerd/cmd/ctr/commands"
+ "github.com/containerd/containerd/containers"
"github.com/containerd/containerd/contrib/apparmor"
"github.com/containerd/containerd/contrib/nvidia"
"github.com/containerd/containerd/contrib/seccomp"
@@ -34,8 +38,8 @@ import (
runtimeoptions "github.com/containerd/containerd/pkg/runtimeoptions/v1"
"github.com/containerd/containerd/platforms"
"github.com/containerd/containerd/runtime/v2/runc/options"
+ "github.com/containerd/containerd/snapshots"
"github.com/opencontainers/runtime-spec/specs-go"
- "github.com/pkg/errors"
"github.com/sirupsen/logrus"
"github.com/urfave/cli"
)
@@ -70,9 +74,10 @@ var platformRunFlags = []cli.Flag{
Usage: "set the CFS cpu quota",
Value: 0.0,
},
- cli.BoolFlag{
- Name: "cni",
- Usage: "enable cni networking for the container",
+ cli.IntFlag{
+ Name: "cpu-shares",
+ Usage: "set the cpu shares",
+ Value: 1024,
},
}
@@ -95,7 +100,7 @@ func NewContainer(ctx gocontext.Context, client *containerd.Client, context *cli
)
if config {
- cOpts = append(cOpts, containerd.WithContainerLabels(commands.LabelArgs(context.StringSlice("labels"))))
+ cOpts = append(cOpts, containerd.WithContainerLabels(commands.LabelArgs(context.StringSlice("label"))))
opts = append(opts, oci.WithSpecFromFile(context.String("config")))
} else {
var (
@@ -116,7 +121,7 @@ func NewContainer(ctx gocontext.Context, client *containerd.Client, context *cli
return nil, err
}
opts = append(opts, oci.WithRootFSPath(rootfs))
- cOpts = append(cOpts, containerd.WithContainerLabels(commands.LabelArgs(context.StringSlice("labels"))))
+ cOpts = append(cOpts, containerd.WithContainerLabels(commands.LabelArgs(context.StringSlice("label"))))
} else {
snapshotter := context.String("snapshotter")
var image containerd.Image
@@ -174,7 +179,10 @@ func NewContainer(ctx gocontext.Context, client *containerd.Client, context *cli
// Even when "read-only" is set, we don't use KindView snapshot here. (#1495)
// We pass writable snapshot to the OCI runtime, and the runtime remounts it as read-only,
// after creating some mount points on demand.
- cOpts = append(cOpts, containerd.WithNewSnapshot(id, image))
+ // For some snapshotter, such as overlaybd, it can provide 2 kind of writable snapshot(overlayfs dir or block-device)
+ // by command label values.
+ cOpts = append(cOpts, containerd.WithNewSnapshot(id, image,
+ snapshots.WithLabels(commands.LabelArgs(context.StringSlice("snapshotter-label")))))
}
cOpts = append(cOpts, containerd.WithImageStopSignal(image, "SIGTERM"))
}
@@ -194,7 +202,41 @@ func NewContainer(ctx gocontext.Context, client *containerd.Client, context *cli
opts = append(opts, oci.WithPrivileged, oci.WithAllDevicesAllowed, oci.WithHostDevices)
}
if context.Bool("net-host") {
- opts = append(opts, oci.WithHostNamespace(specs.NetworkNamespace), oci.WithHostHostsFile, oci.WithHostResolvconf)
+ hostname, err := os.Hostname()
+ if err != nil {
+ return nil, fmt.Errorf("get hostname: %w", err)
+ }
+ opts = append(opts,
+ oci.WithHostNamespace(specs.NetworkNamespace),
+ oci.WithHostHostsFile,
+ oci.WithHostResolvconf,
+ oci.WithEnv([]string{fmt.Sprintf("HOSTNAME=%s", hostname)}),
+ )
+ }
+ if annoStrings := context.StringSlice("annotation"); len(annoStrings) > 0 {
+ annos, err := commands.AnnotationArgs(annoStrings)
+ if err != nil {
+ return nil, err
+ }
+ opts = append(opts, oci.WithAnnotations(annos))
+ }
+
+ if caps := context.StringSlice("cap-add"); len(caps) > 0 {
+ for _, cap := range caps {
+ if !strings.HasPrefix(cap, "CAP_") {
+ return nil, fmt.Errorf("capabilities must be specified with 'CAP_' prefix")
+ }
+ }
+ opts = append(opts, oci.WithAddedCapabilities(caps))
+ }
+
+ if caps := context.StringSlice("cap-drop"); len(caps) > 0 {
+ for _, cap := range caps {
+ if !strings.HasPrefix(cap, "CAP_") {
+ return nil, fmt.Errorf("capabilities must be specified with 'CAP_' prefix")
+ }
+ }
+ opts = append(opts, oci.WithDroppedCapabilities(caps))
}
seccompProfile := context.String("seccomp-profile")
@@ -230,6 +272,10 @@ func NewContainer(ctx gocontext.Context, client *containerd.Client, context *cli
opts = append(opts, oci.WithCPUCFS(quota, period))
}
+ if shares := context.Int("cpu-shares"); shares > 0 {
+ opts = append(opts, oci.WithCPUShares(uint64(shares)))
+ }
+
quota := context.Int64("cpu-quota")
period := context.Uint64("cpu-period")
if quota != -1 || period != 0 {
@@ -254,7 +300,7 @@ func NewContainer(ctx gocontext.Context, client *containerd.Client, context *cli
}))
}
if context.IsSet("gpus") {
- opts = append(opts, nvidia.WithGPUs(nvidia.WithDevices(context.Int("gpus")), nvidia.WithAllCapabilities))
+ opts = append(opts, nvidia.WithGPUs(nvidia.WithDevices(context.IntSlice("gpus")...), nvidia.WithAllCapabilities))
}
if context.IsSet("allow-new-privs") {
opts = append(opts, oci.WithNewPrivileges)
@@ -270,6 +316,25 @@ func NewContainer(ctx gocontext.Context, client *containerd.Client, context *cli
for _, dev := range context.StringSlice("device") {
opts = append(opts, oci.WithDevices(dev, "", "rwm"))
}
+
+ rootfsPropagation := context.String("rootfs-propagation")
+ if rootfsPropagation != "" {
+ opts = append(opts, func(_ gocontext.Context, _ oci.Client, _ *containers.Container, s *oci.Spec) error {
+ if s.Linux != nil {
+ s.Linux.RootfsPropagation = rootfsPropagation
+ } else {
+ s.Linux = &specs.Linux{
+ RootfsPropagation: rootfsPropagation,
+ }
+ }
+
+ return nil
+ })
+ }
+
+ if c := context.String("rdt-class"); c != "" {
+ opts = append(opts, oci.WithRdt(c, "", ""))
+ }
}
runtimeOpts, err := getRuntimeOptions(context)
@@ -359,15 +424,15 @@ func parseIDMapping(mapping string) (specs.LinuxIDMapping, error) {
}
cID, err := strconv.ParseUint(parts[0], 0, 32)
if err != nil {
- return specs.LinuxIDMapping{}, errors.Wrapf(err, "invalid container id for user namespace remapping")
+ return specs.LinuxIDMapping{}, fmt.Errorf("invalid container id for user namespace remapping: %w", err)
}
hID, err := strconv.ParseUint(parts[1], 0, 32)
if err != nil {
- return specs.LinuxIDMapping{}, errors.Wrapf(err, "invalid host id for user namespace remapping")
+ return specs.LinuxIDMapping{}, fmt.Errorf("invalid host id for user namespace remapping: %w", err)
}
size, err := strconv.ParseUint(parts[2], 0, 32)
if err != nil {
- return specs.LinuxIDMapping{}, errors.Wrapf(err, "invalid size for user namespace remapping")
+ return specs.LinuxIDMapping{}, fmt.Errorf("invalid size for user namespace remapping: %w", err)
}
return specs.LinuxIDMapping{
ContainerID: uint32(cID),
@@ -391,3 +456,7 @@ func validNamespace(ns string) bool {
return false
}
}
+
+func getNetNSPath(_ gocontext.Context, task containerd.Task) (string, error) {
+ return fmt.Sprintf("/proc/%d/ns/net", task.Pid()), nil
+}
diff --git a/cmd/ctr/commands/run/run_windows.go b/cmd/ctr/commands/run/run_windows.go
index 292d60e..a2d85d7 100644
--- a/cmd/ctr/commands/run/run_windows.go
+++ b/cmd/ctr/commands/run/run_windows.go
@@ -18,14 +18,15 @@ package run
import (
gocontext "context"
+ "errors"
"github.com/Microsoft/hcsshim/cmd/containerd-shim-runhcs-v1/options"
"github.com/containerd/console"
"github.com/containerd/containerd"
"github.com/containerd/containerd/cmd/ctr/commands"
"github.com/containerd/containerd/oci"
+ "github.com/containerd/containerd/pkg/netns"
specs "github.com/opencontainers/runtime-spec/specs-go"
- "github.com/pkg/errors"
"github.com/sirupsen/logrus"
"github.com/urfave/cli"
)
@@ -116,6 +117,13 @@ func NewContainer(ctx gocontext.Context, client *containerd.Client, context *cli
if context.Bool("net-host") {
return nil, errors.New("Cannot use host mode networking with Windows containers")
}
+ if context.Bool("cni") {
+ ns, err := netns.NewNetNS("")
+ if err != nil {
+ return nil, err
+ }
+ opts = append(opts, oci.WithWindowsNetworkNamespace(ns.GetPath()))
+ }
if context.Bool("isolated") {
opts = append(opts, oci.WithWindowsHyperV)
}
@@ -149,3 +157,14 @@ func NewContainer(ctx gocontext.Context, client *containerd.Client, context *cli
func getNewTaskOpts(_ *cli.Context) []containerd.NewTaskOpts {
return nil
}
+
+func getNetNSPath(ctx gocontext.Context, t containerd.Task) (string, error) {
+ s, err := t.Spec(ctx)
+ if err != nil {
+ return "", err
+ }
+ if s.Windows == nil || s.Windows.Network == nil {
+ return "", nil
+ }
+ return s.Windows.Network.NetworkNamespace, nil
+}
diff --git a/cmd/ctr/commands/shim/io_unix.go b/cmd/ctr/commands/shim/io_unix.go
index 1200e19..7806ad8 100644
--- a/cmd/ctr/commands/shim/io_unix.go
+++ b/cmd/ctr/commands/shim/io_unix.go
@@ -1,3 +1,4 @@
+//go:build !windows
// +build !windows
/*
diff --git a/cmd/ctr/commands/shim/shim.go b/cmd/ctr/commands/shim/shim.go
index c210dbc..36d75e3 100644
--- a/cmd/ctr/commands/shim/shim.go
+++ b/cmd/ctr/commands/shim/shim.go
@@ -1,3 +1,4 @@
+//go:build !windows
// +build !windows
/*
@@ -20,9 +21,10 @@ package shim
import (
gocontext "context"
+ "errors"
"fmt"
- "io/ioutil"
"net"
+ "os"
"path/filepath"
"strings"
@@ -35,7 +37,6 @@ import (
"github.com/containerd/typeurl"
ptypes "github.com/gogo/protobuf/types"
"github.com/opencontainers/runtime-spec/specs-go"
- "github.com/pkg/errors"
"github.com/sirupsen/logrus"
"github.com/urfave/cli"
)
@@ -173,7 +174,7 @@ var execCommand = cli.Command{
}
// read spec file and extract Any object
- spec, err := ioutil.ReadFile(context.String("spec"))
+ spec, err := os.ReadFile(context.String("spec"))
if err != nil {
return err
}
diff --git a/cmd/ctr/commands/signals_notlinux.go b/cmd/ctr/commands/signals_notlinux.go
index 6a9dccb..1e0fbe6 100644
--- a/cmd/ctr/commands/signals_notlinux.go
+++ b/cmd/ctr/commands/signals_notlinux.go
@@ -1,4 +1,5 @@
-//+build !linux
+//go:build !linux
+// +build !linux
/*
Copyright The containerd Authors.
diff --git a/cmd/ctr/commands/snapshots/snapshots.go b/cmd/ctr/commands/snapshots/snapshots.go
index cb8f059..1d69b0a 100644
--- a/cmd/ctr/commands/snapshots/snapshots.go
+++ b/cmd/ctr/commands/snapshots/snapshots.go
@@ -18,6 +18,7 @@ package snapshots
import (
gocontext "context"
+ "errors"
"fmt"
"io"
"os"
@@ -35,7 +36,6 @@ import (
"github.com/containerd/containerd/snapshots"
digest "github.com/opencontainers/go-digest"
ocispec "github.com/opencontainers/image-spec/specs-go/v1"
- "github.com/pkg/errors"
"github.com/urfave/cli"
)
@@ -133,8 +133,6 @@ var diffCommand = cli.Command{
labels := commands.LabelArgs(context.StringSlice("label"))
snapshotter := client.SnapshotService(context.GlobalString("snapshotter"))
- fmt.Println(context.String("media-type"))
-
if context.Bool("keep") {
labels["containerd.io/gc.root"] = time.Now().UTC().Format(time.RFC3339)
}
@@ -164,6 +162,7 @@ var diffCommand = cli.Command{
if err != nil {
return err
}
+ defer ra.Close()
_, err = io.Copy(os.Stdout, content.NewReader(ra))
return err
@@ -249,8 +248,8 @@ var usageCommand = cli.Command{
}
var removeCommand = cli.Command{
- Name: "remove",
- Aliases: []string{"rm"},
+ Name: "delete",
+ Aliases: []string{"del", "remove", "rm"},
ArgsUsage: " [, ...]",
Usage: "remove snapshots",
Action: func(context *cli.Context) error {
@@ -263,7 +262,7 @@ var removeCommand = cli.Command{
for _, key := range context.Args() {
err = snapshotter.Remove(ctx, key)
if err != nil {
- return errors.Wrapf(err, "failed to remove %q", key)
+ return fmt.Errorf("failed to remove %q: %w", key, err)
}
}
diff --git a/cmd/ctr/commands/tasks/checkpoint.go b/cmd/ctr/commands/tasks/checkpoint.go
index e6d1b73..3271aa1 100644
--- a/cmd/ctr/commands/tasks/checkpoint.go
+++ b/cmd/ctr/commands/tasks/checkpoint.go
@@ -17,6 +17,7 @@
package tasks
import (
+ "errors"
"fmt"
"github.com/containerd/containerd"
@@ -24,7 +25,6 @@ import (
"github.com/containerd/containerd/plugin"
"github.com/containerd/containerd/runtime/linux/runctypes"
"github.com/containerd/containerd/runtime/v2/runc/options"
- "github.com/pkg/errors"
"github.com/urfave/cli"
)
diff --git a/cmd/ctr/commands/tasks/delete.go b/cmd/ctr/commands/tasks/delete.go
index 9f43655..c0edbe7 100644
--- a/cmd/ctr/commands/tasks/delete.go
+++ b/cmd/ctr/commands/tasks/delete.go
@@ -30,7 +30,7 @@ var deleteCommand = cli.Command{
Name: "delete",
Usage: "delete one or more tasks",
ArgsUsage: "CONTAINER [CONTAINER, ...]",
- Aliases: []string{"rm"},
+ Aliases: []string{"del", "remove", "rm"},
Flags: []cli.Flag{
cli.BoolFlag{
Name: "force, f",
diff --git a/cmd/ctr/commands/tasks/exec.go b/cmd/ctr/commands/tasks/exec.go
index 3f31e27..dd29525 100644
--- a/cmd/ctr/commands/tasks/exec.go
+++ b/cmd/ctr/commands/tasks/exec.go
@@ -31,7 +31,6 @@ import (
"github.com/urfave/cli"
)
-//TODO:(jessvalarezo) exec-id is optional here, update to required arg
var execCommand = cli.Command{
Name: "exec",
Usage: "execute additional processes in an existing container",
@@ -51,8 +50,9 @@ var execCommand = cli.Command{
Usage: "detach from the task after it has started execution",
},
cli.StringFlag{
- Name: "exec-id",
- Usage: "exec specific id for the process",
+ Name: "exec-id",
+ Required: true,
+ Usage: "exec specific id for the process",
},
cli.StringFlag{
Name: "fifo-dir",
@@ -104,6 +104,10 @@ var execCommand = cli.Command{
pspec.Terminal = tty
pspec.Args = args
+ if cwd := context.String("cwd"); cwd != "" {
+ pspec.Cwd = cwd
+ }
+
task, err := container.Task(ctx, nil)
if err != nil {
return err
@@ -114,29 +118,35 @@ var execCommand = cli.Command{
stdinC = &stdinCloser{
stdin: os.Stdin,
}
+ con console.Console
)
- if logURI := context.String("log-uri"); logURI != "" {
+ fifoDir := context.String("fifo-dir")
+ logURI := context.String("log-uri")
+ ioOpts := []cio.Opt{cio.WithFIFODir(fifoDir)}
+ switch {
+ case tty && logURI != "":
+ return errors.New("can't use log-uri with tty")
+ case logURI != "" && fifoDir != "":
+ return errors.New("can't use log-uri with fifo-dir")
+
+ case tty:
+ con = console.Current()
+ defer con.Reset()
+ if err := con.SetRaw(); err != nil {
+ return err
+ }
+ ioCreator = cio.NewCreator(append([]cio.Opt{cio.WithStreams(con, con, nil), cio.WithTerminal}, ioOpts...)...)
+
+ case logURI != "":
uri, err := url.Parse(logURI)
if err != nil {
return err
}
-
- if dir := context.String("fifo-dir"); dir != "" {
- return errors.New("can't use log-uri with fifo-dir")
- }
-
- if tty {
- return errors.New("can't use log-uri with tty")
- }
-
ioCreator = cio.LogURI(uri)
- } else {
- cioOpts := []cio.Opt{cio.WithStreams(stdinC, os.Stdout, os.Stderr), cio.WithFIFODir(context.String("fifo-dir"))}
- if tty {
- cioOpts = append(cioOpts, cio.WithTerminal)
- }
- ioCreator = cio.NewCreator(cioOpts...)
+
+ default:
+ ioCreator = cio.NewCreator(append([]cio.Opt{cio.WithStreams(stdinC, os.Stdout, os.Stderr)}, ioOpts...)...)
}
process, err := task.Exec(ctx, context.String("exec-id"), pspec, ioCreator)
@@ -156,31 +166,20 @@ var execCommand = cli.Command{
return err
}
- var con console.Console
- if tty {
- con = console.Current()
- defer con.Reset()
- if err := con.SetRaw(); err != nil {
- return err
- }
- }
- if !detach {
- if tty {
- if err := HandleConsoleResize(ctx, process, con); err != nil {
- logrus.WithError(err).Error("console resize")
- }
- } else {
- sigc := commands.ForwardAllSignals(ctx, process)
- defer commands.StopCatch(sigc)
- }
- }
-
if err := process.Start(ctx); err != nil {
return err
}
if detach {
return nil
}
+ if tty {
+ if err := HandleConsoleResize(ctx, process, con); err != nil {
+ logrus.WithError(err).Error("console resize")
+ }
+ } else {
+ sigc := commands.ForwardAllSignals(ctx, process)
+ defer commands.StopCatch(sigc)
+ }
status := <-statusC
code, _, err := status.Result()
if err != nil {
diff --git a/cmd/ctr/commands/tasks/kill.go b/cmd/ctr/commands/tasks/kill.go
index 080ffa0..3aef2c9 100644
--- a/cmd/ctr/commands/tasks/kill.go
+++ b/cmd/ctr/commands/tasks/kill.go
@@ -17,9 +17,11 @@
package tasks
import (
+ "errors"
+
"github.com/containerd/containerd"
"github.com/containerd/containerd/cmd/ctr/commands"
- "github.com/pkg/errors"
+ "github.com/moby/sys/signal"
"github.com/urfave/cli"
)
@@ -49,7 +51,7 @@ var killCommand = cli.Command{
if id == "" {
return errors.New("container id must be provided")
}
- signal, err := containerd.ParseSignal(defaultSignal)
+ sig, err := signal.ParseSignal(defaultSignal)
if err != nil {
return err
}
@@ -77,12 +79,12 @@ var killCommand = cli.Command{
return err
}
if context.String("signal") != "" {
- signal, err = containerd.ParseSignal(context.String("signal"))
+ sig, err = signal.ParseSignal(context.String("signal"))
if err != nil {
return err
}
} else {
- signal, err = containerd.GetStopSignal(ctx, container, signal)
+ sig, err = containerd.GetStopSignal(ctx, container, sig)
if err != nil {
return err
}
@@ -91,6 +93,6 @@ var killCommand = cli.Command{
if err != nil {
return err
}
- return task.Kill(ctx, signal, opts...)
+ return task.Kill(ctx, sig, opts...)
},
}
diff --git a/cmd/ctr/commands/tasks/metrics.go b/cmd/ctr/commands/tasks/metrics.go
index a83e45e..b2c18f2 100644
--- a/cmd/ctr/commands/tasks/metrics.go
+++ b/cmd/ctr/commands/tasks/metrics.go
@@ -1,5 +1,3 @@
-// +build linux
-
/*
Copyright The containerd Authors.
diff --git a/cmd/ctr/commands/tasks/ps.go b/cmd/ctr/commands/tasks/ps.go
index 0442a1e..cb444b3 100644
--- a/cmd/ctr/commands/tasks/ps.go
+++ b/cmd/ctr/commands/tasks/ps.go
@@ -17,13 +17,13 @@
package tasks
import (
+ "errors"
"fmt"
"os"
"text/tabwriter"
"github.com/containerd/containerd/cmd/ctr/commands"
"github.com/containerd/typeurl"
- "github.com/pkg/errors"
"github.com/urfave/cli"
)
diff --git a/cmd/ctr/commands/tasks/start.go b/cmd/ctr/commands/tasks/start.go
index de55767..4639c28 100644
--- a/cmd/ctr/commands/tasks/start.go
+++ b/cmd/ctr/commands/tasks/start.go
@@ -17,11 +17,12 @@
package tasks
import (
+ "errors"
+
"github.com/containerd/console"
"github.com/containerd/containerd"
"github.com/containerd/containerd/cio"
"github.com/containerd/containerd/cmd/ctr/commands"
- "github.com/pkg/errors"
"github.com/sirupsen/logrus"
"github.com/urfave/cli"
)
diff --git a/cmd/ctr/commands/tasks/tasks_unix.go b/cmd/ctr/commands/tasks/tasks_unix.go
index 0ec6dc0..0e5311a 100644
--- a/cmd/ctr/commands/tasks/tasks_unix.go
+++ b/cmd/ctr/commands/tasks/tasks_unix.go
@@ -1,3 +1,4 @@
+//go:build !windows
// +build !windows
/*
@@ -20,6 +21,7 @@ package tasks
import (
gocontext "context"
+ "errors"
"net/url"
"os"
"os/signal"
@@ -28,7 +30,6 @@ import (
"github.com/containerd/containerd"
"github.com/containerd/containerd/cio"
"github.com/containerd/containerd/log"
- "github.com/pkg/errors"
"github.com/urfave/cli"
"golang.org/x/sys/unix"
)
diff --git a/cmd/ctr/commands/tasks/tasks_windows.go b/cmd/ctr/commands/tasks/tasks_windows.go
index 8905c5b..0d5e19b 100644
--- a/cmd/ctr/commands/tasks/tasks_windows.go
+++ b/cmd/ctr/commands/tasks/tasks_windows.go
@@ -18,6 +18,7 @@ package tasks
import (
gocontext "context"
+ "errors"
"net/url"
"time"
@@ -25,7 +26,6 @@ import (
"github.com/containerd/containerd"
"github.com/containerd/containerd/cio"
"github.com/containerd/containerd/log"
- "github.com/pkg/errors"
"github.com/urfave/cli"
)
diff --git a/cmd/ctr/main.go b/cmd/ctr/main.go
index cf72de2..d675536 100644
--- a/cmd/ctr/main.go
+++ b/cmd/ctr/main.go
@@ -21,13 +21,14 @@ import (
"os"
"github.com/containerd/containerd/cmd/ctr/app"
- "github.com/containerd/containerd/pkg/seed"
+ "github.com/containerd/containerd/pkg/seed" //nolint:staticcheck // Global math/rand seed is deprecated, but still used by external dependencies
"github.com/urfave/cli"
)
var pluginCmds = []cli.Command{}
func init() {
+ //nolint:staticcheck // Global math/rand seed is deprecated, but still used by external dependencies
seed.WithTimeAndRand()
}
diff --git a/cmd/gen-manpages/main.go b/cmd/gen-manpages/main.go
index 6f3d2f1..61ec6a3 100644
--- a/cmd/gen-manpages/main.go
+++ b/cmd/gen-manpages/main.go
@@ -19,7 +19,6 @@ package main
import (
"flag"
"fmt"
- "io/ioutil"
"os"
"path/filepath"
"strings"
@@ -57,13 +56,12 @@ func run() error {
// clear out the usage as we use banners that do not display in man pages
appName.Usage = ""
- appName.ToMan()
data, err := appName.ToMan()
if err != nil {
return err
}
_ = os.MkdirAll(dir, os.ModePerm)
- if err := ioutil.WriteFile(filepath.Join(dir, fmt.Sprintf("%s.%s", name, section)), []byte(data), 0644); err != nil {
+ if err := os.WriteFile(filepath.Join(dir, fmt.Sprintf("%s.%s", name, section)), []byte(data), 0644); err != nil {
return err
}
return nil
diff --git a/container.go b/container.go
index d5da55e..2cf1566 100644
--- a/container.go
+++ b/container.go
@@ -19,6 +19,7 @@ package containerd
import (
"context"
"encoding/json"
+ "fmt"
"os"
"path/filepath"
"strings"
@@ -38,7 +39,6 @@ import (
ver "github.com/opencontainers/image-spec/specs-go"
ocispec "github.com/opencontainers/image-spec/specs-go/v1"
"github.com/opencontainers/selinux/go-selinux/label"
- "github.com/pkg/errors"
)
const (
@@ -173,7 +173,7 @@ func (c *container) Spec(ctx context.Context) (*oci.Spec, error) {
// an error is returned if the container has running tasks
func (c *container) Delete(ctx context.Context, opts ...DeleteOpts) error {
if _, err := c.loadTask(ctx, nil); err == nil {
- return errors.Wrapf(errdefs.ErrFailedPrecondition, "cannot delete running task %v", c.id)
+ return fmt.Errorf("cannot delete running task %v: %w", c.id, errdefs.ErrFailedPrecondition)
}
r, err := c.get(ctx)
if err != nil {
@@ -198,11 +198,11 @@ func (c *container) Image(ctx context.Context) (Image, error) {
return nil, err
}
if r.Image == "" {
- return nil, errors.Wrap(errdefs.ErrNotFound, "container not created from an image")
+ return nil, fmt.Errorf("container not created from an image: %w", errdefs.ErrNotFound)
}
i, err := c.client.ImageService().Get(ctx, r.Image)
if err != nil {
- return nil, errors.Wrapf(err, "failed to get image %s for container", r.Image)
+ return nil, fmt.Errorf("failed to get image %s for container: %w", r.Image, err)
}
return NewImage(c.client, i), nil
}
@@ -232,7 +232,7 @@ func (c *container) NewTask(ctx context.Context, ioCreate cio.Creator, opts ...N
}
if r.SnapshotKey != "" {
if r.Snapshotter == "" {
- return nil, errors.Wrapf(errdefs.ErrInvalidArgument, "unable to resolve rootfs mounts without snapshotter on container")
+ return nil, fmt.Errorf("unable to resolve rootfs mounts without snapshotter on container: %w", errdefs.ErrInvalidArgument)
}
// get the rootfs from the snapshotter and add it to the request
@@ -279,6 +279,7 @@ func (c *container) NewTask(ctx context.Context, ioCreate cio.Creator, opts ...N
})
}
}
+ request.RuntimePath = info.RuntimePath
if info.Options != nil {
any, err := typeurl.MarshalAny(info.Options)
if err != nil {
@@ -391,7 +392,7 @@ func (c *container) loadTask(ctx context.Context, ioAttach cio.Attach) (Task, er
if err != nil {
err = errdefs.FromGRPC(err)
if errdefs.IsNotFound(err) {
- return nil, errors.Wrapf(err, "no running task found")
+ return nil, fmt.Errorf("no running task found: %w", err)
}
return nil, err
}
diff --git a/container_checkpoint_opts.go b/container_checkpoint_opts.go
index 5108636..a64ef61 100644
--- a/container_checkpoint_opts.go
+++ b/container_checkpoint_opts.go
@@ -19,6 +19,7 @@ package containerd
import (
"bytes"
"context"
+ "errors"
"fmt"
"runtime"
@@ -31,7 +32,6 @@ import (
"github.com/containerd/containerd/runtime/v2/runc/options"
"github.com/containerd/typeurl"
imagespec "github.com/opencontainers/image-spec/specs-go/v1"
- "github.com/pkg/errors"
)
var (
diff --git a/container_opts.go b/container_opts.go
index 024d6e1..4d630ea 100644
--- a/container_opts.go
+++ b/container_opts.go
@@ -19,6 +19,7 @@ package containerd
import (
"context"
"encoding/json"
+ "errors"
"fmt"
"github.com/containerd/containerd/containers"
@@ -31,7 +32,6 @@ import (
"github.com/gogo/protobuf/types"
"github.com/opencontainers/image-spec/identity"
v1 "github.com/opencontainers/image-spec/specs-go/v1"
- "github.com/pkg/errors"
)
// DeleteOpts allows the caller to set options for the deletion of a container
@@ -227,7 +227,7 @@ func WithNewSnapshot(id string, i Image, opts ...snapshots.Opt) NewContainerOpts
func WithSnapshotCleanup(ctx context.Context, client *Client, c containers.Container) error {
if c.SnapshotKey != "" {
if c.Snapshotter == "" {
- return errors.Wrapf(errdefs.ErrInvalidArgument, "container.Snapshotter must be set to cleanup rootfs snapshot")
+ return fmt.Errorf("container.Snapshotter must be set to cleanup rootfs snapshot: %w", errdefs.ErrInvalidArgument)
}
s, err := client.getSnapshotter(ctx, c.Snapshotter)
if err != nil {
@@ -276,15 +276,15 @@ func WithNewSnapshotView(id string, i Image, opts ...snapshots.Opt) NewContainer
func WithContainerExtension(name string, extension interface{}) NewContainerOpts {
return func(ctx context.Context, client *Client, c *containers.Container) error {
if name == "" {
- return errors.Wrapf(errdefs.ErrInvalidArgument, "extension key must not be zero-length")
+ return fmt.Errorf("extension key must not be zero-length: %w", errdefs.ErrInvalidArgument)
}
any, err := typeurl.MarshalAny(extension)
if err != nil {
if errors.Is(err, typeurl.ErrNotFound) {
- return errors.Wrapf(err, "extension %q is not registered with the typeurl package, see `typeurl.Register`", name)
+ return fmt.Errorf("extension %q is not registered with the typeurl package, see `typeurl.Register`: %w", name, err)
}
- return errors.Wrap(err, "error marshalling extension")
+ return fmt.Errorf("error marshalling extension: %w", err)
}
if c.Extensions == nil {
diff --git a/container_opts_unix.go b/container_opts_unix.go
index b109a10..b6fc37d 100644
--- a/container_opts_unix.go
+++ b/container_opts_unix.go
@@ -1,3 +1,4 @@
+//go:build !windows
// +build !windows
/*
diff --git a/container_restore_opts.go b/container_restore_opts.go
index fb60e8d..bdc8650 100644
--- a/container_restore_opts.go
+++ b/container_restore_opts.go
@@ -18,6 +18,8 @@ package containerd
import (
"context"
+ "errors"
+ "fmt"
"github.com/containerd/containerd/containers"
"github.com/containerd/containerd/content"
@@ -26,7 +28,6 @@ import (
ptypes "github.com/gogo/protobuf/types"
"github.com/opencontainers/image-spec/identity"
imagespec "github.com/opencontainers/image-spec/specs-go/v1"
- "github.com/pkg/errors"
)
var (
@@ -46,7 +47,7 @@ func WithRestoreImage(ctx context.Context, id string, client *Client, checkpoint
return func(ctx context.Context, client *Client, c *containers.Container) error {
name, ok := index.Annotations[checkpointImageNameLabel]
if !ok || name == "" {
- return ErrRuntimeNameNotFoundInIndex
+ return ErrImageNameNotFoundInIndex
}
snapshotter, ok := index.Annotations[checkpointSnapshotterNameLabel]
if !ok || name == "" {
@@ -92,7 +93,7 @@ func WithRestoreRuntime(ctx context.Context, id string, client *Client, checkpoi
store := client.ContentStore()
data, err := content.ReadBlob(ctx, store, *m)
if err != nil {
- return errors.Wrap(err, "unable to read checkpoint runtime")
+ return fmt.Errorf("unable to read checkpoint runtime: %w", err)
}
if err := proto.Unmarshal(data, &options); err != nil {
return err
@@ -117,7 +118,7 @@ func WithRestoreSpec(ctx context.Context, id string, client *Client, checkpoint
store := client.ContentStore()
data, err := content.ReadBlob(ctx, store, *m)
if err != nil {
- return errors.Wrap(err, "unable to read checkpoint config")
+ return fmt.Errorf("unable to read checkpoint config: %w", err)
}
var any ptypes.Any
if err := proto.Unmarshal(data, &any); err != nil {
diff --git a/containerstore.go b/containerstore.go
index 2756e2a..bdd1c60 100644
--- a/containerstore.go
+++ b/containerstore.go
@@ -189,6 +189,7 @@ func containersFromProto(containerspb []containersapi.Container) []containers.Co
var containers []containers.Container
for _, container := range containerspb {
+ container := container
containers = append(containers, containerFromProto(&container))
}
diff --git a/content/adaptor_test.go b/content/adaptor_test.go
new file mode 100644
index 0000000..0479f8a
--- /dev/null
+++ b/content/adaptor_test.go
@@ -0,0 +1,89 @@
+/*
+ Copyright The containerd Authors.
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+*/
+
+package content
+
+import (
+ "testing"
+
+ "github.com/stretchr/testify/assert"
+)
+
+func TestAdaptInfo(t *testing.T) {
+ tests := []struct {
+ name string
+ info Info
+ fieldpath []string
+ wantValue string
+ wantPresent bool
+ }{
+ {
+ "empty fieldpath",
+ Info{},
+ []string{},
+ "",
+ false,
+ },
+ {
+ "digest fieldpath",
+ Info{
+ Digest: "foo",
+ },
+ []string{"digest"},
+ "foo",
+ true,
+ },
+ {
+ "size fieldpath",
+ Info{},
+ []string{"size"},
+ "",
+ false,
+ },
+ {
+ "labels fieldpath",
+ Info{
+ Labels: map[string]string{
+ "foo": "bar",
+ },
+ },
+ []string{"labels", "foo"},
+ "bar",
+ true,
+ },
+ {
+ "labels join fieldpath",
+ Info{
+ Labels: map[string]string{
+ "foo.bar.qux": "quux",
+ },
+ },
+ []string{"labels", "foo", "bar", "qux"},
+ "quux",
+ true,
+ },
+ }
+ for _, tt := range tests {
+ t.Run(tt.name, func(t *testing.T) {
+ adaptInfo := AdaptInfo(tt.info)
+
+ value, present := adaptInfo.Field(tt.fieldpath)
+
+ assert.Equal(t, tt.wantValue, value)
+ assert.Equal(t, tt.wantPresent, present)
+ })
+ }
+}
diff --git a/content/helpers.go b/content/helpers.go
index 00fae1f..23ddc45 100644
--- a/content/helpers.go
+++ b/content/helpers.go
@@ -18,18 +18,24 @@ package content
import (
"context"
+ "errors"
+ "fmt"
"io"
- "io/ioutil"
- "math/rand"
"sync"
"time"
"github.com/containerd/containerd/errdefs"
+ "github.com/containerd/containerd/log"
+ "github.com/containerd/containerd/pkg/randutil"
"github.com/opencontainers/go-digest"
ocispec "github.com/opencontainers/image-spec/specs-go/v1"
- "github.com/pkg/errors"
)
+// maxResets is the no.of times the Copy() method can tolerate a reset of the body
+const maxResets = 5
+
+var ErrReset = errors.New("writer has been reset")
+
var bufPool = sync.Pool{
New: func() interface{} {
buffer := make([]byte, 1<<20)
@@ -77,10 +83,10 @@ func WriteBlob(ctx context.Context, cs Ingester, ref string, r io.Reader, desc o
cw, err := OpenWriter(ctx, cs, WithRef(ref), WithDescriptor(desc))
if err != nil {
if !errdefs.IsAlreadyExists(err) {
- return errors.Wrap(err, "failed to open writer")
+ return fmt.Errorf("failed to open writer: %w", err)
}
- return nil // all ready present
+ return nil // already present
}
defer cw.Close()
@@ -107,7 +113,7 @@ func OpenWriter(ctx context.Context, cs Ingester, opts ...WriterOpt) (Writer, er
// error or abort. Requires asserting for an ingest manager
select {
- case <-time.After(time.Millisecond * time.Duration(rand.Intn(retry))):
+ case <-time.After(time.Millisecond * time.Duration(randutil.Intn(retry))):
if retry < 2048 {
retry = retry << 1
}
@@ -131,35 +137,63 @@ func OpenWriter(ctx context.Context, cs Ingester, opts ...WriterOpt) (Writer, er
// the size or digest is unknown, these values may be empty.
//
// Copy is buffered, so no need to wrap reader in buffered io.
-func Copy(ctx context.Context, cw Writer, r io.Reader, size int64, expected digest.Digest, opts ...Opt) error {
+func Copy(ctx context.Context, cw Writer, or io.Reader, size int64, expected digest.Digest, opts ...Opt) error {
ws, err := cw.Status()
if err != nil {
- return errors.Wrap(err, "failed to get status")
+ return fmt.Errorf("failed to get status: %w", err)
}
-
+ r := or
if ws.Offset > 0 {
- r, err = seekReader(r, ws.Offset, size)
+ r, err = seekReader(or, ws.Offset, size)
if err != nil {
- return errors.Wrapf(err, "unable to resume write to %v", ws.Ref)
+ return fmt.Errorf("unable to resume write to %v: %w", ws.Ref, err)
}
}
- copied, err := copyWithBuffer(cw, r)
- if err != nil {
- return errors.Wrap(err, "failed to copy")
- }
- if size != 0 && copied < size-ws.Offset {
- // Short writes would return its own error, this indicates a read failure
- return errors.Wrapf(io.ErrUnexpectedEOF, "failed to read expected number of bytes")
- }
-
- if err := cw.Commit(ctx, size, expected, opts...); err != nil {
- if !errdefs.IsAlreadyExists(err) {
- return errors.Wrapf(err, "failed commit on ref %q", ws.Ref)
+ for i := 0; i < maxResets; i++ {
+ if i >= 1 {
+ log.G(ctx).WithField("digest", expected).Debugf("retrying copy due to reset")
}
+ copied, err := copyWithBuffer(cw, r)
+ if errors.Is(err, ErrReset) {
+ ws, err := cw.Status()
+ if err != nil {
+ return fmt.Errorf("failed to get status: %w", err)
+ }
+ r, err = seekReader(or, ws.Offset, size)
+ if err != nil {
+ return fmt.Errorf("unable to resume write to %v: %w", ws.Ref, err)
+ }
+ continue
+ }
+ if err != nil {
+ return fmt.Errorf("failed to copy: %w", err)
+ }
+ if size != 0 && copied < size-ws.Offset {
+ // Short writes would return its own error, this indicates a read failure
+ return fmt.Errorf("failed to read expected number of bytes: %w", io.ErrUnexpectedEOF)
+ }
+ if err := cw.Commit(ctx, size, expected, opts...); err != nil {
+ if errors.Is(err, ErrReset) {
+ ws, err := cw.Status()
+ if err != nil {
+ return fmt.Errorf("failed to get status: %w", err)
+ }
+ r, err = seekReader(or, ws.Offset, size)
+ if err != nil {
+ return fmt.Errorf("unable to resume write to %v: %w", ws.Ref, err)
+ }
+ continue
+ }
+ if !errdefs.IsAlreadyExists(err) {
+ return fmt.Errorf("failed commit on ref %q: %w", ws.Ref, err)
+ }
+ }
+ return nil
}
- return nil
+ log.G(ctx).WithField("digest", expected).Errorf("failed to copy after %d retries", maxResets)
+ return fmt.Errorf("failed to copy after %d retries", maxResets)
}
// CopyReaderAt copies to a writer from a given reader at for the given
@@ -172,11 +206,11 @@ func CopyReaderAt(cw Writer, ra ReaderAt, n int64) error {
copied, err := copyWithBuffer(cw, io.NewSectionReader(ra, ws.Offset, n))
if err != nil {
- return errors.Wrap(err, "failed to copy")
+ return fmt.Errorf("failed to copy: %w", err)
}
if copied < n {
// Short writes would return its own error, this indicates a read failure
- return errors.Wrap(io.ErrUnexpectedEOF, "failed to read expected number of bytes")
+ return fmt.Errorf("failed to read expected number of bytes: %w", io.ErrUnexpectedEOF)
}
return nil
}
@@ -190,13 +224,13 @@ func CopyReaderAt(cw Writer, ra ReaderAt, n int64) error {
func CopyReader(cw Writer, r io.Reader) (int64, error) {
ws, err := cw.Status()
if err != nil {
- return 0, errors.Wrap(err, "failed to get status")
+ return 0, fmt.Errorf("failed to get status: %w", err)
}
if ws.Offset > 0 {
r, err = seekReader(r, ws.Offset, 0)
if err != nil {
- return 0, errors.Wrapf(err, "unable to resume write to %v", ws.Ref)
+ return 0, fmt.Errorf("unable to resume write to %v: %w", ws.Ref, err)
}
}
@@ -212,7 +246,10 @@ func seekReader(r io.Reader, offset, size int64) (io.Reader, error) {
if ok {
nn, err := seeker.Seek(offset, io.SeekStart)
if nn != offset {
- return nil, errors.Wrapf(err, "failed to seek to offset %v", offset)
+ if err == nil {
+ err = fmt.Errorf("unexpected seek location without seek error")
+ }
+ return nil, fmt.Errorf("failed to seek to offset %v: %w", offset, err)
}
if err != nil {
@@ -230,12 +267,12 @@ func seekReader(r io.Reader, offset, size int64) (io.Reader, error) {
}
// well then, let's just discard up to the offset
- n, err := copyWithBuffer(ioutil.Discard, io.LimitReader(r, offset))
+ n, err := copyWithBuffer(io.Discard, io.LimitReader(r, offset))
if err != nil {
- return nil, errors.Wrap(err, "failed to discard to offset")
+ return nil, fmt.Errorf("failed to discard to offset: %w", err)
}
if n != offset {
- return nil, errors.Errorf("unable to discard to offset")
+ return nil, errors.New("unable to discard to offset")
}
return r, nil
diff --git a/content/helpers_test.go b/content/helpers_test.go
index be52f04..4a57cf3 100644
--- a/content/helpers_test.go
+++ b/content/helpers_test.go
@@ -20,6 +20,7 @@ import (
"bytes"
"context"
_ "crypto/sha256" // required by go-digest
+ "fmt"
"io"
"strings"
"testing"
@@ -39,38 +40,107 @@ type copySource struct {
func TestCopy(t *testing.T) {
defaultSource := newCopySource("this is the source to copy")
+ cf1 := func(buf *bytes.Buffer, st Status) commitFunction {
+ i := 0
+ return func() error {
+ // function resets the first time
+ if i == 0 {
+ // this is the case where, the pipewriter to which the data was being written has
+ // changed. which means we need to clear the buffer
+ i++
+ buf.Reset()
+ st.Offset = 0
+ return ErrReset
+ }
+ return nil
+ }
+ }
+
+ cf2 := func(buf *bytes.Buffer, st Status) commitFunction {
+ i := 0
+ return func() error {
+ // function resets for more than the maxReset value
+ if i < maxResets+1 {
+ // this is the case where, the pipewriter to which the data was being written has
+ // changed. which means we need to clear the buffer
+ i++
+ buf.Reset()
+ st.Offset = 0
+ return ErrReset
+ }
+ return nil
+ }
+ }
+
+ s1 := Status{}
+ s2 := Status{}
+ b1 := bytes.Buffer{}
+ b2 := bytes.Buffer{}
+
var testcases = []struct {
- name string
- source copySource
- writer fakeWriter
- expected string
+ name string
+ source copySource
+ writer fakeWriter
+ expected string
+ expectedErr error
}{
{
- name: "copy no offset",
- source: defaultSource,
- writer: fakeWriter{},
+ name: "copy no offset",
+ source: defaultSource,
+ writer: fakeWriter{
+ Buffer: &bytes.Buffer{},
+ },
expected: "this is the source to copy",
},
{
- name: "copy with offset from seeker",
- source: defaultSource,
- writer: fakeWriter{status: Status{Offset: 8}},
+ name: "copy with offset from seeker",
+ source: defaultSource,
+ writer: fakeWriter{
+ Buffer: &bytes.Buffer{},
+ status: Status{Offset: 8},
+ },
expected: "the source to copy",
},
{
- name: "copy with offset from unseekable source",
- source: copySource{reader: bytes.NewBufferString("foobar"), size: 6},
- writer: fakeWriter{status: Status{Offset: 3}},
+ name: "copy with offset from unseekable source",
+ source: copySource{reader: bytes.NewBufferString("foobar"), size: 6},
+ writer: fakeWriter{
+ Buffer: &bytes.Buffer{},
+ status: Status{Offset: 3},
+ },
expected: "bar",
},
{
name: "commit already exists",
source: newCopySource("this already exists"),
- writer: fakeWriter{commitFunc: func() error {
- return errdefs.ErrAlreadyExists
- }},
+ writer: fakeWriter{
+ Buffer: &bytes.Buffer{},
+ commitFunc: func() error {
+ return errdefs.ErrAlreadyExists
+ }},
expected: "this already exists",
},
+ {
+ name: "commit fails first time with ErrReset",
+ source: newCopySource("content to copy"),
+ writer: fakeWriter{
+ Buffer: &b1,
+ status: s1,
+ commitFunc: cf1(&b1, s1),
+ },
+ expected: "content to copy",
+ },
+ {
+ name: "write fails more than maxReset times due to reset",
+ source: newCopySource("content to copy"),
+ writer: fakeWriter{
+ Buffer: &b2,
+ status: s2,
+ commitFunc: cf2(&b2, s2),
+ },
+ expected: "",
+ expectedErr: fmt.Errorf("failed to copy after %d retries", maxResets),
+ },
}
for _, testcase := range testcases {
@@ -81,6 +151,12 @@ func TestCopy(t *testing.T) {
testcase.source.size,
testcase.source.digest)
+ // if an error is expected then further comparisons are not required
+ if testcase.expectedErr != nil {
+ assert.Check(t, is.Equal(testcase.expectedErr.Error(), err.Error()))
+ return
+ }
+
assert.NilError(t, err)
assert.Check(t, is.Equal(testcase.source.digest, testcase.writer.committedDigest))
assert.Check(t, is.Equal(testcase.expected, testcase.writer.String()))
@@ -96,11 +172,13 @@ func newCopySource(raw string) copySource {
}
}
+type commitFunction func() error
+
type fakeWriter struct {
- bytes.Buffer
+ *bytes.Buffer
committedDigest digest.Digest
status Status
- commitFunc func() error
+ commitFunc commitFunction
}
func (f *fakeWriter) Close() error {
diff --git a/content/local/locks.go b/content/local/locks.go
index d1d2d56..1e59f39 100644
--- a/content/local/locks.go
+++ b/content/local/locks.go
@@ -17,11 +17,11 @@
package local
import (
+ "fmt"
"sync"
"time"
"github.com/containerd/containerd/errdefs"
- "github.com/pkg/errors"
)
// Handles locking references
@@ -41,7 +41,13 @@ func tryLock(ref string) error {
defer locksMu.Unlock()
if v, ok := locks[ref]; ok {
- return errors.Wrapf(errdefs.ErrUnavailable, "ref %s locked since %s", ref, v.since)
+ // Returning the duration may help developers distinguish dead locks (long duration) from
+ // lock contentions (short duration).
+ now := time.Now()
+ return fmt.Errorf(
+ "ref %s locked for %s (since %s): %w", ref, now.Sub(v.since), v.since,
+ errdefs.ErrUnavailable,
+ )
}
locks[ref] = &lock{time.Now()}
diff --git a/content/local/locks_test.go b/content/local/locks_test.go
index c9d0034..3d1912d 100644
--- a/content/local/locks_test.go
+++ b/content/local/locks_test.go
@@ -28,5 +28,5 @@ func TestTryLock(t *testing.T) {
defer unlock("testref")
err = tryLock("testref")
- assert.ErrorContains(t, err, "ref testref locked since ")
+ assert.ErrorContains(t, err, "ref testref locked for ")
}
diff --git a/content/local/readerat.go b/content/local/readerat.go
index 5d3ae03..a83c171 100644
--- a/content/local/readerat.go
+++ b/content/local/readerat.go
@@ -17,10 +17,9 @@
package local
import (
+ "fmt"
"os"
- "github.com/pkg/errors"
-
"github.com/containerd/containerd/content"
"github.com/containerd/containerd/errdefs"
)
@@ -40,7 +39,7 @@ func OpenReader(p string) (content.ReaderAt, error) {
return nil, err
}
- return nil, errors.Wrap(errdefs.ErrNotFound, "blob not found")
+ return nil, fmt.Errorf("blob not found: %w", errdefs.ErrNotFound)
}
fp, err := os.Open(p)
@@ -49,7 +48,7 @@ func OpenReader(p string) (content.ReaderAt, error) {
return nil, err
}
- return nil, errors.Wrap(errdefs.ErrNotFound, "blob not found")
+ return nil, fmt.Errorf("blob not found: %w", errdefs.ErrNotFound)
}
return sizeReaderAt{size: fi.Size(), fp: fp}, nil
diff --git a/content/local/store.go b/content/local/store.go
index 314d913..1b01790 100644
--- a/content/local/store.go
+++ b/content/local/store.go
@@ -20,8 +20,6 @@ import (
"context"
"fmt"
"io"
- "io/ioutil"
- "math/rand"
"os"
"path/filepath"
"strconv"
@@ -33,11 +31,11 @@ import (
"github.com/containerd/containerd/errdefs"
"github.com/containerd/containerd/filters"
"github.com/containerd/containerd/log"
+ "github.com/containerd/containerd/pkg/randutil"
"github.com/sirupsen/logrus"
- digest "github.com/opencontainers/go-digest"
+ "github.com/opencontainers/go-digest"
ocispec "github.com/opencontainers/image-spec/specs-go/v1"
- "github.com/pkg/errors"
)
var bufPool = sync.Pool{
@@ -94,13 +92,13 @@ func NewLabeledStore(root string, ls LabelStore) (content.Store, error) {
func (s *store) Info(ctx context.Context, dgst digest.Digest) (content.Info, error) {
p, err := s.blobPath(dgst)
if err != nil {
- return content.Info{}, errors.Wrapf(err, "calculating blob info path")
+ return content.Info{}, fmt.Errorf("calculating blob info path: %w", err)
}
fi, err := os.Stat(p)
if err != nil {
if os.IsNotExist(err) {
- err = errors.Wrapf(errdefs.ErrNotFound, "content %v", dgst)
+ err = fmt.Errorf("content %v: %w", dgst, errdefs.ErrNotFound)
}
return content.Info{}, err
@@ -129,12 +127,12 @@ func (s *store) info(dgst digest.Digest, fi os.FileInfo, labels map[string]strin
func (s *store) ReaderAt(ctx context.Context, desc ocispec.Descriptor) (content.ReaderAt, error) {
p, err := s.blobPath(desc.Digest)
if err != nil {
- return nil, errors.Wrapf(err, "calculating blob path for ReaderAt")
+ return nil, fmt.Errorf("calculating blob path for ReaderAt: %w", err)
}
reader, err := OpenReader(p)
if err != nil {
- return nil, errors.Wrapf(err, "blob %s expected at %s", desc.Digest, p)
+ return nil, fmt.Errorf("blob %s expected at %s: %w", desc.Digest, p, err)
}
return reader, nil
@@ -147,7 +145,7 @@ func (s *store) ReaderAt(ctx context.Context, desc ocispec.Descriptor) (content.
func (s *store) Delete(ctx context.Context, dgst digest.Digest) error {
bp, err := s.blobPath(dgst)
if err != nil {
- return errors.Wrapf(err, "calculating blob path for delete")
+ return fmt.Errorf("calculating blob path for delete: %w", err)
}
if err := os.RemoveAll(bp); err != nil {
@@ -155,7 +153,7 @@ func (s *store) Delete(ctx context.Context, dgst digest.Digest) error {
return err
}
- return errors.Wrapf(errdefs.ErrNotFound, "content %v", dgst)
+ return fmt.Errorf("content %v: %w", dgst, errdefs.ErrNotFound)
}
return nil
@@ -163,18 +161,18 @@ func (s *store) Delete(ctx context.Context, dgst digest.Digest) error {
func (s *store) Update(ctx context.Context, info content.Info, fieldpaths ...string) (content.Info, error) {
if s.ls == nil {
- return content.Info{}, errors.Wrapf(errdefs.ErrFailedPrecondition, "update not supported on immutable content store")
+ return content.Info{}, fmt.Errorf("update not supported on immutable content store: %w", errdefs.ErrFailedPrecondition)
}
p, err := s.blobPath(info.Digest)
if err != nil {
- return content.Info{}, errors.Wrapf(err, "calculating blob path for update")
+ return content.Info{}, fmt.Errorf("calculating blob path for update: %w", err)
}
fi, err := os.Stat(p)
if err != nil {
if os.IsNotExist(err) {
- err = errors.Wrapf(errdefs.ErrNotFound, "content %v", info.Digest)
+ err = fmt.Errorf("content %v: %w", info.Digest, errdefs.ErrNotFound)
}
return content.Info{}, err
@@ -201,7 +199,7 @@ func (s *store) Update(ctx context.Context, info content.Info, fieldpaths ...str
all = true
labels = info.Labels
default:
- return content.Info{}, errors.Wrapf(errdefs.ErrInvalidArgument, "cannot update %q field on content info %q", path, info.Digest)
+ return content.Info{}, fmt.Errorf("cannot update %q field on content info %q: %w", path, info.Digest, errdefs.ErrInvalidArgument)
}
}
} else {
@@ -378,7 +376,7 @@ func (s *store) status(ingestPath string) (content.Status, error) {
fi, err := os.Stat(dp)
if err != nil {
if os.IsNotExist(err) {
- err = errors.Wrap(errdefs.ErrNotFound, err.Error())
+ err = fmt.Errorf("%s: %w", err.Error(), errdefs.ErrNotFound)
}
return content.Status{}, err
}
@@ -386,19 +384,19 @@ func (s *store) status(ingestPath string) (content.Status, error) {
ref, err := readFileString(filepath.Join(ingestPath, "ref"))
if err != nil {
if os.IsNotExist(err) {
- err = errors.Wrap(errdefs.ErrNotFound, err.Error())
+ err = fmt.Errorf("%s: %w", err.Error(), errdefs.ErrNotFound)
}
return content.Status{}, err
}
startedAt, err := readFileTimestamp(filepath.Join(ingestPath, "startedat"))
if err != nil {
- return content.Status{}, errors.Wrapf(err, "could not read startedat")
+ return content.Status{}, fmt.Errorf("could not read startedat: %w", err)
}
updatedAt, err := readFileTimestamp(filepath.Join(ingestPath, "updatedat"))
if err != nil {
- return content.Status{}, errors.Wrapf(err, "could not read updatedat")
+ return content.Status{}, fmt.Errorf("could not read updatedat: %w", err)
}
// because we don't write updatedat on every write, the mod time may
@@ -461,7 +459,7 @@ func (s *store) Writer(ctx context.Context, opts ...content.WriterOpt) (content.
// TODO(AkihiroSuda): we could create a random string or one calculated based on the context
// https://github.com/containerd/containerd/issues/2129#issuecomment-380255019
if wOpts.Ref == "" {
- return nil, errors.Wrap(errdefs.ErrInvalidArgument, "ref must not be empty")
+ return nil, fmt.Errorf("ref must not be empty: %w", errdefs.ErrInvalidArgument)
}
var lockErr error
for count := uint64(0); count < 10; count++ {
@@ -475,7 +473,7 @@ func (s *store) Writer(ctx context.Context, opts ...content.WriterOpt) (content.
lockErr = nil
break
}
- time.Sleep(time.Millisecond * time.Duration(rand.Intn(1< 0 && status.Total > 0 && total != status.Total {
- return status, errors.Errorf("provided total differs from status: %v != %v", total, status.Total)
+ return status, fmt.Errorf("provided total differs from status: %v != %v", total, status.Total)
}
+ //nolint:dupword
// TODO(stevvooe): slow slow slow!!, send to goroutine or use resumable hashes
fp, err := os.Open(data)
if err != nil {
@@ -528,10 +527,10 @@ func (s *store) writer(ctx context.Context, ref string, total int64, expected di
if expected != "" {
p, err := s.blobPath(expected)
if err != nil {
- return nil, errors.Wrap(err, "calculating expected blob path for writer")
+ return nil, fmt.Errorf("calculating expected blob path for writer: %w", err)
}
if _, err := os.Stat(p); err == nil {
- return nil, errors.Wrapf(errdefs.ErrAlreadyExists, "content %v", expected)
+ return nil, fmt.Errorf("content %v: %w", expected, errdefs.ErrAlreadyExists)
}
}
@@ -568,7 +567,7 @@ func (s *store) writer(ctx context.Context, ref string, total int64, expected di
// the ingest is new, we need to setup the target location.
// write the ref to a file for later use
- if err := ioutil.WriteFile(refp, []byte(ref), 0666); err != nil {
+ if err := os.WriteFile(refp, []byte(ref), 0666); err != nil {
return nil, err
}
@@ -581,7 +580,7 @@ func (s *store) writer(ctx context.Context, ref string, total int64, expected di
}
if total > 0 {
- if err := ioutil.WriteFile(filepath.Join(path, "total"), []byte(fmt.Sprint(total)), 0666); err != nil {
+ if err := os.WriteFile(filepath.Join(path, "total"), []byte(fmt.Sprint(total)), 0666); err != nil {
return nil, err
}
}
@@ -589,11 +588,12 @@ func (s *store) writer(ctx context.Context, ref string, total int64, expected di
fp, err := os.OpenFile(data, os.O_WRONLY|os.O_CREATE, 0666)
if err != nil {
- return nil, errors.Wrap(err, "failed to open data file")
+ return nil, fmt.Errorf("failed to open data file: %w", err)
}
if _, err := fp.Seek(offset, io.SeekStart); err != nil {
- return nil, errors.Wrap(err, "could not seek to current write offset")
+ fp.Close()
+ return nil, fmt.Errorf("could not seek to current write offset: %w", err)
}
return &writer{
@@ -615,7 +615,7 @@ func (s *store) Abort(ctx context.Context, ref string) error {
root := s.ingestRoot(ref)
if err := os.RemoveAll(root); err != nil {
if os.IsNotExist(err) {
- return errors.Wrapf(errdefs.ErrNotFound, "ingest ref %q", ref)
+ return fmt.Errorf("ingest ref %q: %w", ref, errdefs.ErrNotFound)
}
return err
@@ -626,7 +626,7 @@ func (s *store) Abort(ctx context.Context, ref string) error {
func (s *store) blobPath(dgst digest.Digest) (string, error) {
if err := dgst.Validate(); err != nil {
- return "", errors.Wrapf(errdefs.ErrInvalidArgument, "cannot calculate blob path from invalid digest: %v", err)
+ return "", fmt.Errorf("cannot calculate blob path from invalid digest: %v: %w", err, errdefs.ErrInvalidArgument)
}
return filepath.Join(s.root, "blobs", dgst.Algorithm().String(), dgst.Hex()), nil
@@ -644,7 +644,6 @@ func (s *store) ingestRoot(ref string) string {
// - root: entire ingest directory
// - ref: name of the starting ref, must be unique
// - data: file where data is written
-//
func (s *store) ingestPaths(ref string) (string, string, string) {
var (
fp = s.ingestRoot(ref)
@@ -656,23 +655,23 @@ func (s *store) ingestPaths(ref string) (string, string, string) {
}
func readFileString(path string) (string, error) {
- p, err := ioutil.ReadFile(path)
+ p, err := os.ReadFile(path)
return string(p), err
}
// readFileTimestamp reads a file with just a timestamp present.
func readFileTimestamp(p string) (time.Time, error) {
- b, err := ioutil.ReadFile(p)
+ b, err := os.ReadFile(p)
if err != nil {
if os.IsNotExist(err) {
- err = errors.Wrap(errdefs.ErrNotFound, err.Error())
+ err = fmt.Errorf("%s: %w", err.Error(), errdefs.ErrNotFound)
}
return time.Time{}, err
}
var t time.Time
if err := t.UnmarshalText(b); err != nil {
- return time.Time{}, errors.Wrapf(err, "could not parse timestamp file %v", p)
+ return time.Time{}, fmt.Errorf("could not parse timestamp file %v: %w", p, err)
}
return t, nil
@@ -683,19 +682,23 @@ func writeTimestampFile(p string, t time.Time) error {
if err != nil {
return err
}
- return atomicWrite(p, b, 0666)
+ return writeToCompletion(p, b, 0666)
}
-func atomicWrite(path string, data []byte, mode os.FileMode) error {
+func writeToCompletion(path string, data []byte, mode os.FileMode) error {
tmp := fmt.Sprintf("%s.tmp", path)
f, err := os.OpenFile(tmp, os.O_RDWR|os.O_CREATE|os.O_TRUNC|os.O_SYNC, mode)
if err != nil {
- return errors.Wrap(err, "create tmp file")
+ return fmt.Errorf("create tmp file: %w", err)
}
_, err = f.Write(data)
f.Close()
if err != nil {
- return errors.Wrap(err, "write atomic data")
+ return fmt.Errorf("write tmp file: %w", err)
}
- return os.Rename(tmp, path)
+ err = os.Rename(tmp, path)
+ if err != nil {
+ return fmt.Errorf("rename tmp file: %w", err)
+ }
+ return nil
}
diff --git a/content/local/store_bsd.go b/content/local/store_bsd.go
index da149a2..42fddd3 100644
--- a/content/local/store_bsd.go
+++ b/content/local/store_bsd.go
@@ -1,3 +1,4 @@
+//go:build darwin || freebsd || netbsd
// +build darwin freebsd netbsd
/*
@@ -26,7 +27,7 @@ import (
func getATime(fi os.FileInfo) time.Time {
if st, ok := fi.Sys().(*syscall.Stat_t); ok {
- return time.Unix(int64(st.Atimespec.Sec), int64(st.Atimespec.Nsec)) //nolint: unconvert // int64 conversions ensure the line compiles for 32-bit systems as well.
+ return time.Unix(st.Atimespec.Unix())
}
return fi.ModTime()
diff --git a/content/local/store_openbsd.go b/content/local/store_openbsd.go
index f34f0da..2b58b61 100644
--- a/content/local/store_openbsd.go
+++ b/content/local/store_openbsd.go
@@ -1,3 +1,4 @@
+//go:build openbsd
// +build openbsd
/*
@@ -26,7 +27,7 @@ import (
func getATime(fi os.FileInfo) time.Time {
if st, ok := fi.Sys().(*syscall.Stat_t); ok {
- return time.Unix(int64(st.Atim.Sec), int64(st.Atim.Nsec)) //nolint: unconvert // int64 conversions ensure the line compiles for 32-bit systems as well.
+ return time.Unix(st.Atim.Unix())
}
return fi.ModTime()
diff --git a/content/local/store_test.go b/content/local/store_test.go
index 156fcd1..59c0151 100644
--- a/content/local/store_test.go
+++ b/content/local/store_test.go
@@ -20,11 +20,10 @@ import (
"bufio"
"bytes"
"context"
+ "crypto/rand"
_ "crypto/sha256" // required for digest package
"fmt"
"io"
- "io/ioutil"
- "math/rand"
"os"
"path/filepath"
"reflect"
@@ -36,6 +35,7 @@ import (
"github.com/containerd/containerd/content"
"github.com/containerd/containerd/content/testsuite"
"github.com/containerd/containerd/errdefs"
+ "github.com/containerd/containerd/pkg/randutil"
"github.com/containerd/containerd/pkg/testutil"
"github.com/opencontainers/go-digest"
@@ -158,7 +158,7 @@ func TestContentWriter(t *testing.T) {
}
expected := digest.FromBytes(p)
- checkCopy(t, int64(len(p)), cw, bufio.NewReader(ioutil.NopCloser(bytes.NewReader(p))))
+ checkCopy(t, int64(len(p)), cw, bufio.NewReader(io.NopCloser(bytes.NewReader(p))))
if err := cw.Commit(ctx, int64(len(p)), expected); err != nil {
t.Fatal(err)
@@ -174,7 +174,7 @@ func TestContentWriter(t *testing.T) {
}
// now, attempt to write the same data again
- checkCopy(t, int64(len(p)), cw, bufio.NewReader(ioutil.NopCloser(bytes.NewReader(p))))
+ checkCopy(t, int64(len(p)), cw, bufio.NewReader(io.NopCloser(bytes.NewReader(p))))
if err := cw.Commit(ctx, int64(len(p)), expected); err == nil {
t.Fatal("expected already exists error")
} else if !errdefs.IsAlreadyExists(err) {
@@ -184,7 +184,7 @@ func TestContentWriter(t *testing.T) {
path := checkBlobPath(t, cs, expected)
// read the data back, make sure its the same
- pp, err := ioutil.ReadFile(path)
+ pp, err := os.ReadFile(path)
if err != nil {
t.Fatal(err)
}
@@ -269,7 +269,7 @@ func generateBlobs(t checker, nblobs, maxsize int64) map[digest.Digest][]byte {
blobs := map[digest.Digest][]byte{}
for i := int64(0); i < nblobs; i++ {
- p := make([]byte, rand.Int63n(maxsize))
+ p := make([]byte, randutil.Int63n(maxsize))
if _, err := rand.Read(p); err != nil {
t.Fatal(err)
@@ -292,28 +292,17 @@ func populateBlobStore(ctx context.Context, t checker, cs content.Store, nblobs,
return blobs
}
-func contentStoreEnv(t checker) (context.Context, string, content.Store, func()) {
- pc, _, _, ok := runtime.Caller(1)
- if !ok {
- t.Fatal("failed to resolve caller")
- }
- fn := runtime.FuncForPC(pc)
-
- tmpdir, err := ioutil.TempDir("", filepath.Base(fn.Name())+"-")
- if err != nil {
- t.Fatal(err)
- }
+func contentStoreEnv(t testing.TB) (context.Context, string, content.Store, func()) {
+ tmpdir := t.TempDir()
cs, err := NewStore(tmpdir)
if err != nil {
- os.RemoveAll(tmpdir)
t.Fatal(err)
}
ctx, cancel := context.WithCancel(context.Background())
return ctx, tmpdir, cs, func() {
cancel()
- os.RemoveAll(tmpdir)
}
}
@@ -362,11 +351,7 @@ func checkWrite(ctx context.Context, t checker, cs content.Store, dgst digest.Di
}
func TestWriterTruncateRecoversFromIncompleteWrite(t *testing.T) {
- tmpdir, err := ioutil.TempDir("", "test-local-content-store-recover")
- assert.NilError(t, err)
- defer os.RemoveAll(tmpdir)
-
- cs, err := NewStore(tmpdir)
+ cs, err := NewStore(t.TempDir())
assert.NilError(t, err)
ctx, cancel := context.WithCancel(context.Background())
@@ -401,11 +386,7 @@ func setupIncompleteWrite(ctx context.Context, t *testing.T, cs content.Store, r
}
func TestWriteReadEmptyFileTimestamp(t *testing.T) {
- root, err := ioutil.TempDir("", "test-write-read-file-timestamp")
- if err != nil {
- t.Errorf("failed to create a tmp dir: %v", err)
- }
- defer os.RemoveAll(root)
+ root := t.TempDir()
emptyFile := filepath.Join(root, "updatedat")
if err := writeTimestampFile(emptyFile, time.Time{}); err != nil {
diff --git a/content/local/store_unix.go b/content/local/store_unix.go
index 69a74ba..efa2eb9 100644
--- a/content/local/store_unix.go
+++ b/content/local/store_unix.go
@@ -1,3 +1,4 @@
+//go:build linux || solaris
// +build linux solaris
/*
@@ -26,7 +27,7 @@ import (
func getATime(fi os.FileInfo) time.Time {
if st, ok := fi.Sys().(*syscall.Stat_t); ok {
- return time.Unix(int64(st.Atim.Sec), int64(st.Atim.Nsec)) //nolint: unconvert // int64 conversions ensure the line compiles for 32-bit systems as well.
+ return time.Unix(st.Atim.Unix())
}
return fi.ModTime()
diff --git a/content/local/writer.go b/content/local/writer.go
index 0a11f4d..b187e52 100644
--- a/content/local/writer.go
+++ b/content/local/writer.go
@@ -18,6 +18,8 @@ package local
import (
"context"
+ "errors"
+ "fmt"
"io"
"os"
"path/filepath"
@@ -28,7 +30,6 @@ import (
"github.com/containerd/containerd/errdefs"
"github.com/containerd/containerd/log"
"github.com/opencontainers/go-digest"
- "github.com/pkg/errors"
)
// writer represents a write transaction against the blob store.
@@ -88,30 +89,30 @@ func (w *writer) Commit(ctx context.Context, size int64, expected digest.Digest,
w.fp = nil
if fp == nil {
- return errors.Wrap(errdefs.ErrFailedPrecondition, "cannot commit on closed writer")
+ return fmt.Errorf("cannot commit on closed writer: %w", errdefs.ErrFailedPrecondition)
}
if err := fp.Sync(); err != nil {
fp.Close()
- return errors.Wrap(err, "sync failed")
+ return fmt.Errorf("sync failed: %w", err)
}
fi, err := fp.Stat()
closeErr := fp.Close()
if err != nil {
- return errors.Wrap(err, "stat on ingest file failed")
+ return fmt.Errorf("stat on ingest file failed: %w", err)
}
if closeErr != nil {
- return errors.Wrap(err, "failed to close ingest file")
+ return fmt.Errorf("failed to close ingest file: %w", closeErr)
}
if size > 0 && size != fi.Size() {
- return errors.Wrapf(errdefs.ErrFailedPrecondition, "unexpected commit size %d, expected %d", fi.Size(), size)
+ return fmt.Errorf("unexpected commit size %d, expected %d: %w", fi.Size(), size, errdefs.ErrFailedPrecondition)
}
dgst := w.digester.Digest()
if expected != "" && expected != dgst {
- return errors.Wrapf(errdefs.ErrFailedPrecondition, "unexpected commit digest %s, expected %s", dgst, expected)
+ return fmt.Errorf("unexpected commit digest %s, expected %s: %w", dgst, expected, errdefs.ErrFailedPrecondition)
}
var (
@@ -127,9 +128,9 @@ func (w *writer) Commit(ctx context.Context, size int64, expected digest.Digest,
if _, err := os.Stat(target); err == nil {
// collision with the target file!
if err := os.RemoveAll(w.path); err != nil {
- log.G(ctx).WithField("ref", w.ref).WithField("path", w.path).Errorf("failed to remove ingest directory")
+ log.G(ctx).WithField("ref", w.ref).WithField("path", w.path).Error("failed to remove ingest directory")
}
- return errors.Wrapf(errdefs.ErrAlreadyExists, "content %v", dgst)
+ return fmt.Errorf("content %v: %w", dgst, errdefs.ErrAlreadyExists)
}
if err := os.Rename(ingest, target); err != nil {
@@ -142,17 +143,17 @@ func (w *writer) Commit(ctx context.Context, size int64, expected digest.Digest,
commitTime := time.Now()
if err := os.Chtimes(target, commitTime, commitTime); err != nil {
- log.G(ctx).WithField("digest", dgst).Errorf("failed to change file time to commit time")
+ log.G(ctx).WithField("digest", dgst).Error("failed to change file time to commit time")
}
// clean up!!
if err := os.RemoveAll(w.path); err != nil {
- log.G(ctx).WithField("ref", w.ref).WithField("path", w.path).Errorf("failed to remove ingest directory")
+ log.G(ctx).WithField("ref", w.ref).WithField("path", w.path).Error("failed to remove ingest directory")
}
if w.s.ls != nil && base.Labels != nil {
if err := w.s.ls.Set(dgst, base.Labels); err != nil {
- log.G(ctx).WithField("digest", dgst).Errorf("failed to set labels")
+ log.G(ctx).WithField("digest", dgst).Error("failed to set labels")
}
}
@@ -165,7 +166,7 @@ func (w *writer) Commit(ctx context.Context, size int64, expected digest.Digest,
// NOTE: Windows does not support this operation
if runtime.GOOS != "windows" {
if err := os.Chmod(target, (fi.Mode()&os.ModePerm)&^0333); err != nil {
- log.G(ctx).WithField("ref", w.ref).Errorf("failed to make readonly")
+ log.G(ctx).WithField("ref", w.ref).Error("failed to make readonly")
}
}
diff --git a/content/proxy/content_writer.go b/content/proxy/content_writer.go
index 8423335..ffc0f50 100644
--- a/content/proxy/content_writer.go
+++ b/content/proxy/content_writer.go
@@ -18,13 +18,13 @@ package proxy
import (
"context"
+ "fmt"
"io"
contentapi "github.com/containerd/containerd/api/services/content/v1"
"github.com/containerd/containerd/content"
"github.com/containerd/containerd/errdefs"
digest "github.com/opencontainers/go-digest"
- "github.com/pkg/errors"
)
type remoteWriter struct {
@@ -57,7 +57,7 @@ func (rw *remoteWriter) Status() (content.Status, error) {
Action: contentapi.WriteActionStat,
})
if err != nil {
- return content.Status{}, errors.Wrap(errdefs.FromGRPC(err), "error getting writer status")
+ return content.Status{}, fmt.Errorf("error getting writer status: %w", errdefs.FromGRPC(err))
}
return content.Status{
@@ -82,7 +82,7 @@ func (rw *remoteWriter) Write(p []byte) (n int, err error) {
Data: p,
})
if err != nil {
- return 0, errors.Wrap(errdefs.FromGRPC(err), "failed to send write")
+ return 0, fmt.Errorf("failed to send write: %w", errdefs.FromGRPC(err))
}
n = int(resp.Offset - offset)
@@ -119,15 +119,15 @@ func (rw *remoteWriter) Commit(ctx context.Context, size int64, expected digest.
Labels: base.Labels,
})
if err != nil {
- return errors.Wrap(errdefs.FromGRPC(err), "commit failed")
+ return fmt.Errorf("commit failed: %w", errdefs.FromGRPC(err))
}
if size != 0 && resp.Offset != size {
- return errors.Errorf("unexpected size: %v != %v", resp.Offset, size)
+ return fmt.Errorf("unexpected size: %v != %v", resp.Offset, size)
}
if expected != "" && resp.Digest != expected {
- return errors.Errorf("unexpected digest: %v != %v", resp.Digest, expected)
+ return fmt.Errorf("unexpected digest: %v != %v", resp.Digest, expected)
}
rw.digest = resp.Digest
diff --git a/content/testsuite/testsuite.go b/content/testsuite/testsuite.go
index 8264f62..c02498f 100644
--- a/content/testsuite/testsuite.go
+++ b/content/testsuite/testsuite.go
@@ -21,7 +21,6 @@ import (
"context"
"fmt"
"io"
- "io/ioutil"
"math/rand"
"os"
"runtime"
@@ -35,7 +34,6 @@ import (
"github.com/containerd/containerd/pkg/testutil"
digest "github.com/opencontainers/go-digest"
ocispec "github.com/opencontainers/image-spec/specs-go/v1"
- "github.com/pkg/errors"
"gotest.tools/v3/assert"
)
@@ -104,7 +102,7 @@ func makeTest(t *testing.T, name string, storeFn func(ctx context.Context, root
ctx := context.WithValue(context.Background(), nameKey{}, name)
ctx = logtest.WithT(ctx, t)
- tmpDir, err := ioutil.TempDir("", "content-suite-"+name+"-")
+ tmpDir, err := os.MkdirTemp("", "content-suite-"+name+"-")
if err != nil {
t.Fatal(err)
}
@@ -713,35 +711,47 @@ func checkResume(rf func(context.Context, content.Writer, []byte, int64, int64,
func resumeTruncate(ctx context.Context, w content.Writer, b []byte, written, size int64, dgst digest.Digest) error {
if err := w.Truncate(0); err != nil {
- return errors.Wrap(err, "truncate failed")
+ return fmt.Errorf("truncate failed: %w", err)
}
if _, err := io.CopyBuffer(w, bytes.NewReader(b), make([]byte, 1024)); err != nil {
- return errors.Wrap(err, "write failed")
+ return fmt.Errorf("write failed: %w", err)
}
-
- return errors.Wrap(w.Commit(ctx, size, dgst), "commit failed")
+ if err := w.Commit(ctx, size, dgst); err != nil {
+ return fmt.Errorf("commit failed: %w", err)
+ }
+ return nil
}
func resumeDiscard(ctx context.Context, w content.Writer, b []byte, written, size int64, dgst digest.Digest) error {
if _, err := io.CopyBuffer(w, bytes.NewReader(b[written:]), make([]byte, 1024)); err != nil {
- return errors.Wrap(err, "write failed")
+ return fmt.Errorf("write failed: %w", err)
}
- return errors.Wrap(w.Commit(ctx, size, dgst), "commit failed")
+ if err := w.Commit(ctx, size, dgst); err != nil {
+ return fmt.Errorf("commit failed: %w", err)
+
+ }
+ return nil
}
func resumeCopy(ctx context.Context, w content.Writer, b []byte, _, size int64, dgst digest.Digest) error {
r := struct {
io.Reader
}{bytes.NewReader(b)}
- return errors.Wrap(content.Copy(ctx, w, r, size, dgst), "copy failed")
+ if err := content.Copy(ctx, w, r, size, dgst); err != nil {
+ return fmt.Errorf("copy failed: %w", err)
+ }
+ return nil
}
func resumeCopySeeker(ctx context.Context, w content.Writer, b []byte, _, size int64, dgst digest.Digest) error {
r := struct {
io.ReadSeeker
}{bytes.NewReader(b)}
- return errors.Wrap(content.Copy(ctx, w, r, size, dgst), "copy failed")
+ if err := content.Copy(ctx, w, r, size, dgst); err != nil {
+ return fmt.Errorf("copy failed: %w", err)
+ }
+ return nil
}
func resumeCopyReaderAt(ctx context.Context, w content.Writer, b []byte, _, size int64, dgst digest.Digest) error {
@@ -752,7 +762,10 @@ func resumeCopyReaderAt(ctx context.Context, w content.Writer, b []byte, _, size
r := struct {
readerAt
}{bytes.NewReader(b)}
- return errors.Wrap(content.Copy(ctx, w, r, size, dgst), "copy failed")
+ if err := content.Copy(ctx, w, r, size, dgst); err != nil {
+ return fmt.Errorf("copy failed: %w", err)
+ }
+ return nil
}
// checkSmallBlob tests reading a blob which is smaller than the read size.
@@ -780,8 +793,9 @@ func checkSmallBlob(ctx context.Context, t *testing.T, store content.Store) {
if err != nil {
t.Fatal(err)
}
+ defer ra.Close()
r := io.NewSectionReader(ra, 0, readSize)
- b, err := ioutil.ReadAll(r)
+ b, err := io.ReadAll(r)
if err != nil {
t.Fatal(err)
}
@@ -820,6 +834,7 @@ func checkCrossNSShare(ctx context.Context, t *testing.T, cs content.Store) {
if err != nil {
t.Fatal(err)
}
+ defer w.Close()
t2 := time.Now()
checkStatus(t, w, content.Status{
@@ -878,6 +893,7 @@ func checkCrossNSAppend(ctx context.Context, t *testing.T, cs content.Store) {
if err != nil {
t.Fatal(err)
}
+ defer w.Close()
t2 := time.Now()
checkStatus(t, w, content.Status{
@@ -940,6 +956,7 @@ func checkCrossNSIsolate(ctx context.Context, t *testing.T, cs content.Store) {
if err != nil {
t.Fatal(err)
}
+ defer w.Close()
t4 := time.Now()
checkNewlyCreated(t, w, t1, t2, t3, t4)
@@ -1015,35 +1032,35 @@ func checkNewlyCreated(t *testing.T, w content.Writer, preStart, postStart, preU
func checkInfo(ctx context.Context, cs content.Store, d digest.Digest, expected content.Info, c1, c2, u1, u2 time.Time) error {
info, err := cs.Info(ctx, d)
if err != nil {
- return errors.Wrap(err, "failed to get info")
+ return fmt.Errorf("failed to get info: %w", err)
}
if info.Digest != d {
- return errors.Errorf("unexpected info digest %s, expected %s", info.Digest, d)
+ return fmt.Errorf("unexpected info digest %s, expected %s", info.Digest, d)
}
if info.Size != expected.Size {
- return errors.Errorf("unexpected info size %d, expected %d", info.Size, expected.Size)
+ return fmt.Errorf("unexpected info size %d, expected %d", info.Size, expected.Size)
}
if info.CreatedAt.After(c2) || info.CreatedAt.Before(c1) {
- return errors.Errorf("unexpected created at time %s, expected between %s and %s", info.CreatedAt, c1, c2)
+ return fmt.Errorf("unexpected created at time %s, expected between %s and %s", info.CreatedAt, c1, c2)
}
// FIXME: broken on windows: unexpected updated at time 2017-11-14 13:43:22.178013 -0800 PST,
// expected between 2017-11-14 13:43:22.1790195 -0800 PST m=+1.022137300 and
// 2017-11-14 13:43:22.1790195 -0800 PST m=+1.022137300
if runtime.GOOS != "windows" && (info.UpdatedAt.After(u2) || info.UpdatedAt.Before(u1)) {
- return errors.Errorf("unexpected updated at time %s, expected between %s and %s", info.UpdatedAt, u1, u2)
+ return fmt.Errorf("unexpected updated at time %s, expected between %s and %s", info.UpdatedAt, u1, u2)
}
if len(info.Labels) != len(expected.Labels) {
- return errors.Errorf("mismatched number of labels\ngot:\n%#v\nexpected:\n%#v", info.Labels, expected.Labels)
+ return fmt.Errorf("mismatched number of labels\ngot:\n%#v\nexpected:\n%#v", info.Labels, expected.Labels)
}
for k, v := range expected.Labels {
actual := info.Labels[k]
if v != actual {
- return errors.Errorf("unexpected value for label %q: %q, expected %q", k, actual, v)
+ return fmt.Errorf("unexpected value for label %q: %q, expected %q", k, actual, v)
}
}
@@ -1056,16 +1073,16 @@ func checkContent(ctx context.Context, cs content.Store, d digest.Digest, expect
b, err := content.ReadBlob(ctx, cs, ocispec.Descriptor{Digest: d})
if err != nil {
- return errors.Wrap(err, "failed to read blob")
+ return fmt.Errorf("failed to read blob: %w", err)
}
if int64(len(b)) != expected.Size {
- return errors.Errorf("wrong blob size %d, expected %d", len(b), expected.Size)
+ return fmt.Errorf("wrong blob size %d, expected %d", len(b), expected.Size)
}
actual := digest.FromBytes(b)
if actual != d {
- return errors.Errorf("wrong digest %s, expected %s", actual, d)
+ return fmt.Errorf("wrong digest %s, expected %s", actual, d)
}
return nil
@@ -1079,7 +1096,7 @@ func createContent(size int64) ([]byte, digest.Digest) {
// test runs. An atomic integer works just good enough for this.
seed := atomic.AddInt64(&contentSeed, 1)
- b, err := ioutil.ReadAll(io.LimitReader(rand.New(rand.NewSource(seed)), size))
+ b, err := io.ReadAll(io.LimitReader(rand.New(rand.NewSource(seed)), size))
if err != nil {
panic(err)
}
diff --git a/contrib/Dockerfile.test b/contrib/Dockerfile.test
index 8637c4b..a9ea3ee 100644
--- a/contrib/Dockerfile.test
+++ b/contrib/Dockerfile.test
@@ -6,55 +6,94 @@
# 3.) $ make binaries install test
#
# Use the RUNC_VERSION build-arg to build with a custom version of runc, for example,
-# to build runc v1.0.0-rc93, use:
+# to build runc v1.0.0-rc94, use:
#
-# docker build -t containerd-test --build-arg RUNC_VERSION=v1.0.0-rc93 -f Dockerfile.test ../
+# docker build -t containerd-test --build-arg RUNC_VERSION=v1.0.0-rc94 -f Dockerfile.test ../
-ARG GOLANG_VERSION=1.16.12
+ARG GOLANG_VERSION=1.20.8
+ARG GOLANG_IMAGE=golang
-FROM golang:${GOLANG_VERSION} AS golang-base
-RUN mkdir -p /go/src/github.com/containerd/containerd
-WORKDIR /go/src/github.com/containerd/containerd
-
-# Install proto3
-FROM golang-base AS proto3
-RUN apt-get update && apt-get install -y \
- autoconf \
- automake \
- g++ \
- libtool \
- unzip \
- --no-install-recommends
-
-COPY script/setup/install-protobuf install-protobuf
-RUN ./install-protobuf
+FROM ${GOLANG_IMAGE}:${GOLANG_VERSION} AS golang
# Install runc
-FROM golang-base AS runc
-RUN apt-get update && apt-get install -y \
- curl \
+FROM golang AS runc
+RUN apt-get update && apt-get install -y --no-install-recommends \
libseccomp-dev \
- --no-install-recommends
+ && rm -rf /var/lib/apt/lists/*
COPY script/setup/runc-version script/setup/install-runc ./
# Allow overriding the version of runc to install through build-args
ARG RUNC_VERSION
ARG GOPROXY=direct
+ARG DESTDIR=/build
RUN ./install-runc
-FROM golang-base AS dev
-RUN apt-get update && apt-get install -y \
+FROM golang AS build-env
+RUN apt-get update && apt-get install -y --no-install-recommends \
libbtrfs-dev \
btrfs-progs \
- gcc \
- git \
libseccomp-dev \
- make \
xfsprogs \
- --no-install-recommends
+ && rm -rf /var/lib/apt/lists/*
+RUN mkdir -p /go/src/github.com/containerd/containerd
+WORKDIR /go/src/github.com/containerd/containerd
-COPY --from=proto3 /usr/local/bin/protoc /usr/local/bin/protoc
-COPY --from=proto3 /usr/local/include/google /usr/local/include/google
-COPY --from=runc /usr/local/sbin/runc /usr/local/go/bin/runc
+FROM golang AS cni
+ENV DESTDIR=/build
+COPY script/setup/install-cni go.mod /
+RUN DESTDIR=/build /install-cni
+FROM golang AS critools
+ARG DESTDIR=/build
+COPY script/setup/install-critools script/setup/critools-version ./
+RUN GOBIN=$DESTDIR/usr/local/bin ./install-critools
+
+FROM build-env AS containerd
+ARG DESTDIR=/build
+COPY . .
+RUN make BUILDTAGS="no_btrfs no_devmapper" binaries install
+
+# cri-in-userns stage is for testing "CRI-in-UserNS", which should be used in conjunction with
+# "Kubelet-in-UserNS": https://github.com/kubernetes/enhancements/tree/master/keps/sig-node/2033-kubelet-in-userns-aka-rootless
+# This feature is mostly expected to be used for `kind` and `minikube`.
+#
+# Requires Rootless Docker/Podman/nerdctl with cgroup v2 delegation: https://rootlesscontaine.rs/getting-started/common/cgroup2/
+# (Rootless Docker/Podman/nerdctl prepares the UserNS, so we do not need to create UserNS by ourselves)
+FROM build-env AS cri-in-userns
+RUN apt-get update && apt-get install -y --no-install-recommends \
+ iptables \
+ && rm -rf /var/lib/apt/lists/*
+COPY contrib/Dockerfile.test.d/cri-in-userns/etc_containerd_config.toml /etc/containerd/config.toml
+COPY contrib/Dockerfile.test.d/cri-in-userns/docker-entrypoint.sh /docker-entrypoint.sh
+COPY --from=runc /build/ /
+COPY --from=cni /build/ /
+COPY --from=critools /build/ /
+COPY --from=containerd /build/ /
+VOLUME /var/lib/containerd
+ENTRYPOINT ["/docker-entrypoint.sh"]
+# Skip "runtime should support unsafe sysctls": `container init caused: write sysctl key fs.mqueue.msg_max: open /proc/sys/fs/mqueue/msg_max: permission denied`
+# Skip "runtime should support safe sysctls": `container init caused: write sysctl key kernel.shm_rmid_forced: open /proc/sys/kernel/shm_rmid_forced: permission denied`
+# Skip "should allow privilege escalation when (NoNewPrivis is) false": expected log "Effective uid: 0\n" (stream="stdout") not found in logs [{timestamp:{wall:974487519 ext:63761339984 loc:} stream:stdout log:Effective uid: 1000) }]
+CMD ["critest", "--ginkgo.skip=should support unsafe sysctls|should support safe sysctls|should allow privilege escalation when false"]
+
+# Install proto3
+FROM golang AS proto3
+ARG DESTDIR=/build
+RUN apt-get update && apt-get install -y --no-install-recommends \
+ autoconf \
+ automake \
+ g++ \
+ libtool \
+ unzip \
+ && rm -rf /var/lib/apt/lists/*
+
+COPY script/setup/install-protobuf install-protobuf
+RUN ./install-protobuf \
+ && mkdir -p $DESTDIR/usr/local/bin $DESTDIR/usr/local/include \
+ && mv /usr/local/bin/protoc $DESTDIR/usr/local/bin/protoc \
+ && mv /usr/local/include/google $DESTDIR/usr/local/include/google
+
+FROM build-env AS dev
+COPY --from=proto3 /build/ /
+COPY --from=runc /build/ /
COPY . .
diff --git a/contrib/Dockerfile.test.d/cri-in-userns/docker-entrypoint.sh b/contrib/Dockerfile.test.d/cri-in-userns/docker-entrypoint.sh
new file mode 100755
index 0000000..e7b5882
--- /dev/null
+++ b/contrib/Dockerfile.test.d/cri-in-userns/docker-entrypoint.sh
@@ -0,0 +1,51 @@
+#!/bin/bash
+
+# Copyright The containerd Authors.
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -eu -o pipefail
+
+# Check 4294967295 to detect UserNS (https://github.com/opencontainers/runc/blob/v1.0.0/libcontainer/userns/userns_linux.go#L29-L32)
+if grep -Eq "0[[:space:]]+0[[:space:]]+4294967295" /proc/self/uid_map; then
+ echo >&2 "ERROR: Needs to be executed in UserNS (i.e., rootless Docker/Podman/nerdctl)"
+ exit 1
+fi
+
+if [ ! -f "/sys/fs/cgroup/cgroup.controllers" ]; then
+ echo >&2 "ERROR: Needs cgroup v2"
+ exit 1
+fi
+
+for f in cpu memory pids; do
+ if ! grep -qw "$f" "/sys/fs/cgroup/cgroup.controllers"; then
+ echo >&2 "ERROR: Needs cgroup v2 controller ${f} to be delegated"
+ exit 1
+ fi
+done
+
+echo >&2 "Enabling cgroup v2 nesting"
+# https://github.com/moby/moby/blob/v20.10.7/hack/dind#L28-L38
+mkdir -p /sys/fs/cgroup/init
+xargs -rn1 < /sys/fs/cgroup/cgroup.procs > /sys/fs/cgroup/init/cgroup.procs || :
+sed -e 's/ / +/g' -e 's/^/+/' < /sys/fs/cgroup/cgroup.controllers \
+ > /sys/fs/cgroup/cgroup.subtree_control
+
+set -x
+echo >&2 "Running containerd in background"
+containerd &
+
+echo >&2 "Waiting for containerd"
+until ctr plugins list; do sleep 3; done
+
+exec "$@"
diff --git a/contrib/Dockerfile.test.d/cri-in-userns/etc_containerd_config.toml b/contrib/Dockerfile.test.d/cri-in-userns/etc_containerd_config.toml
new file mode 100644
index 0000000..c69b0d8
--- /dev/null
+++ b/contrib/Dockerfile.test.d/cri-in-userns/etc_containerd_config.toml
@@ -0,0 +1,10 @@
+version = 2
+
+[plugins]
+ [plugins."io.containerd.grpc.v1.cri"]
+ disable_apparmor = true
+ restrict_oom_score_adj = true
+ disable_hugetlb_controller = true
+ [plugins."io.containerd.grpc.v1.cri".containerd]
+ # Rootless overlayfs requires kernel >= 5.11 && !selinux
+ snapshotter = "overlayfs"
diff --git a/contrib/ansible/README.md b/contrib/ansible/README.md
index bbe05d3..69f73e2 100644
--- a/contrib/ansible/README.md
+++ b/contrib/ansible/README.md
@@ -26,8 +26,8 @@ $ cat hosts
## Step 1:
At this point, the ansible playbook should be able to ssh into the machines in the hosts file.
```console
-git clone https://github.com/containerd/cri
-cd ./cri/contrib/ansible
+git clone https://github.com/containerd/containerd
+cd ./contrib/ansible
ansible-playbook -i hosts cri-containerd.yaml
```
A typical cloud login might have a username and private key file, in which case the following can be used:
diff --git a/contrib/ansible/cri-containerd.yaml b/contrib/ansible/cri-containerd.yaml
index feec362..3a2b4d2 100644
--- a/contrib/ansible/cri-containerd.yaml
+++ b/contrib/ansible/cri-containerd.yaml
@@ -61,6 +61,6 @@
# TODO This needs to be removed once we have consistent concurrent pull results
- name: "Pre-pull pause container image"
shell: |
- /usr/local/bin/ctr pull k8s.gcr.io/pause:3.5
+ /usr/local/bin/ctr pull registry.k8s.io/pause:3.6
/usr/local/bin/crictl --runtime-endpoint unix:///run/containerd/containerd.sock \
- pull k8s.gcr.io/pause:3.5
+ pull registry.k8s.io/pause:3.6
diff --git a/contrib/ansible/tasks/k8s.yaml b/contrib/ansible/tasks/k8s.yaml
index e2e017c..76bda51 100644
--- a/contrib/ansible/tasks/k8s.yaml
+++ b/contrib/ansible/tasks/k8s.yaml
@@ -13,7 +13,7 @@
when: ansible_distribution == "Ubuntu"
- name: "Update the repository cache (Ubuntu)"
- apt:
+ apt:
update_cache: yes
when: ansible_distribution == "Ubuntu"
@@ -25,8 +25,8 @@
gpgcheck: yes
enabled: yes
repo_gpgcheck: yes
- gpgkey:
- - https://packages.cloud.google.com/yum/doc/yum-key.gpg
+ gpgkey:
+ - https://packages.cloud.google.com/yum/doc/yum-key.gpg
- https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
when: ansible_distribution == "CentOS"
diff --git a/contrib/ansible/vars/vars.yaml b/contrib/ansible/vars/vars.yaml
index 9ae0e06..1ad521b 100644
--- a/contrib/ansible/vars/vars.yaml
+++ b/contrib/ansible/vars/vars.yaml
@@ -1,4 +1,4 @@
---
-containerd_release_version: 1.3.0
+containerd_release_version: 1.5.5
cni_bin_dir: /opt/cni/bin/
cni_conf_dir: /etc/cni/net.d/
diff --git a/contrib/apparmor/apparmor.go b/contrib/apparmor/apparmor.go
index ec255fc..be6a49a 100644
--- a/contrib/apparmor/apparmor.go
+++ b/contrib/apparmor/apparmor.go
@@ -1,3 +1,4 @@
+//go:build linux
// +build linux
/*
@@ -21,13 +22,12 @@ package apparmor
import (
"bytes"
"context"
- "io/ioutil"
+ "fmt"
"os"
"github.com/containerd/containerd/containers"
"github.com/containerd/containerd/oci"
specs "github.com/opencontainers/runtime-spec/specs-go"
- "github.com/pkg/errors"
)
// WithProfile sets the provided apparmor profile to the spec
@@ -64,7 +64,7 @@ func LoadDefaultProfile(name string) error {
if err != nil {
return err
}
- f, err := ioutil.TempFile(os.Getenv("XDG_RUNTIME_DIR"), p.Name)
+ f, err := os.CreateTemp(os.Getenv("XDG_RUNTIME_DIR"), p.Name)
if err != nil {
return err
}
@@ -76,7 +76,7 @@ func LoadDefaultProfile(name string) error {
return err
}
if err := load(path); err != nil {
- return errors.Wrapf(err, "load apparmor profile %s", path)
+ return fmt.Errorf("load apparmor profile %s: %w", path, err)
}
return nil
}
diff --git a/contrib/apparmor/apparmor_test.go b/contrib/apparmor/apparmor_test.go
index 478a609..8c907ef 100644
--- a/contrib/apparmor/apparmor_test.go
+++ b/contrib/apparmor/apparmor_test.go
@@ -1,3 +1,4 @@
+//go:build linux
// +build linux
/*
diff --git a/contrib/apparmor/apparmor_unsupported.go b/contrib/apparmor/apparmor_unsupported.go
index 0429954..ac00fd1 100644
--- a/contrib/apparmor/apparmor_unsupported.go
+++ b/contrib/apparmor/apparmor_unsupported.go
@@ -1,3 +1,4 @@
+//go:build !linux
// +build !linux
/*
@@ -20,11 +21,11 @@ package apparmor
import (
"context"
+ "errors"
"github.com/containerd/containerd/containers"
"github.com/containerd/containerd/oci"
specs "github.com/opencontainers/runtime-spec/specs-go"
- "github.com/pkg/errors"
)
// WithProfile sets the provided apparmor profile to the spec
diff --git a/contrib/apparmor/template.go b/contrib/apparmor/template.go
index 08f4268..ba613c3 100644
--- a/contrib/apparmor/template.go
+++ b/contrib/apparmor/template.go
@@ -1,3 +1,4 @@
+//go:build linux
// +build linux
/*
@@ -24,15 +25,13 @@ import (
"bufio"
"fmt"
"io"
- "io/ioutil"
"os"
- "os/exec"
"path"
"strconv"
"strings"
"text/template"
- "github.com/pkg/errors"
+ exec "golang.org/x/sys/execabs"
)
// NOTE: This code is copied from .
@@ -125,12 +124,12 @@ func loadData(name string) (*data, error) {
}
ver, err := getVersion()
if err != nil {
- return nil, errors.Wrap(err, "get apparmor_parser version")
+ return nil, fmt.Errorf("get apparmor_parser version: %w", err)
}
p.Version = ver
// Figure out the daemon profile.
- currentProfile, err := ioutil.ReadFile("/proc/self/attr/current")
+ currentProfile, err := os.ReadFile("/proc/self/attr/current")
if err != nil {
// If we couldn't get the daemon profile, assume we are running
// unconfined which is generally the default.
@@ -152,7 +151,7 @@ func generate(p *data, o io.Writer) error {
func load(path string) error {
out, err := aaParser("-Kr", path)
if err != nil {
- return errors.Errorf("%s: %s", err, out)
+ return fmt.Errorf("parser error(%q): %w", strings.TrimSpace(out), err)
}
return nil
}
@@ -165,10 +164,7 @@ func macroExists(m string) bool {
func aaParser(args ...string) (string, error) {
out, err := exec.Command("apparmor_parser", args...).CombinedOutput()
- if err != nil {
- return "", err
- }
- return string(out), nil
+ return string(out), err
}
func getVersion() (int, error) {
diff --git a/contrib/apparmor/template_test.go b/contrib/apparmor/template_test.go
index c49306a..9fd1a4f 100644
--- a/contrib/apparmor/template_test.go
+++ b/contrib/apparmor/template_test.go
@@ -1,3 +1,4 @@
+//go:build linux
// +build linux
package apparmor
diff --git a/contrib/fuzz/archive_fuzzer.go b/contrib/fuzz/archive_fuzzer.go
new file mode 100644
index 0000000..1fd87a1
--- /dev/null
+++ b/contrib/fuzz/archive_fuzzer.go
@@ -0,0 +1,76 @@
+//go:build gofuzz
+// +build gofuzz
+
+/*
+ Copyright The containerd Authors.
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+*/
+
+package fuzz
+
+import (
+ "bytes"
+ "context"
+ "os"
+
+ fuzz "github.com/AdaLogics/go-fuzz-headers"
+
+ "github.com/containerd/containerd/archive"
+ "github.com/containerd/containerd/content/local"
+ imageArchive "github.com/containerd/containerd/images/archive"
+)
+
+// FuzzApply implements a fuzzer that applies
+// a fuzzed tar archive on a directory
+func FuzzApply(data []byte) int {
+ f := fuzz.NewConsumer(data)
+ iters, err := f.GetInt()
+ if err != nil {
+ return 0
+ }
+ maxIters := 20
+ tmpDir, err := os.MkdirTemp("", "prefix-test")
+ if err != nil {
+ return 0
+ }
+ defer os.RemoveAll(tmpDir)
+ for i := 0; i < iters%maxIters; i++ {
+ rBytes, err := f.TarBytes()
+ if err != nil {
+ return 0
+ }
+ r := bytes.NewReader(rBytes)
+ _, _ = archive.Apply(context.Background(), tmpDir, r)
+ }
+ return 1
+}
+
+// FuzzImportIndex implements a fuzzer
+// that targets archive.ImportIndex()
+func FuzzImportIndex(data []byte) int {
+ f := fuzz.NewConsumer(data)
+ tarBytes, err := f.TarBytes()
+ if err != nil {
+ return 0
+ }
+ ctx := context.Background()
+ r := bytes.NewReader(tarBytes)
+ tmpdir, err := os.MkdirTemp("", "fuzzing-")
+ if err != nil {
+ return 0
+ }
+ cs, err := local.NewStore(tmpdir)
+ if err != nil {
+ return 0
+ }
+ _, _ = imageArchive.ImportIndex(ctx, cs, r)
+ return 1
+}
diff --git a/vendor/github.com/containerd/continuity/devices/devices_windows.go b/contrib/fuzz/cap_fuzzer.go
similarity index 74%
rename from vendor/github.com/containerd/continuity/devices/devices_windows.go
rename to contrib/fuzz/cap_fuzzer.go
index 04627c8..f03a563 100644
--- a/vendor/github.com/containerd/continuity/devices/devices_windows.go
+++ b/contrib/fuzz/cap_fuzzer.go
@@ -1,12 +1,12 @@
+//go:build gofuzz
+// +build gofuzz
+
/*
Copyright The containerd Authors.
-
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
-
http://www.apache.org/licenses/LICENSE-2.0
-
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -14,14 +14,15 @@
limitations under the License.
*/
-package devices
+package fuzz
import (
- "os"
+ "bytes"
- "github.com/pkg/errors"
+ "github.com/containerd/containerd/pkg/cap"
)
-func DeviceInfo(fi os.FileInfo) (uint64, uint64, error) {
- return 0, 0, errors.Wrap(ErrNotSupported, "cannot get device info on windows")
+func FuzzParseProcPIDStatus(data []byte) int {
+ _, _ = cap.ParseProcPIDStatus(bytes.NewReader(data))
+ return 1
}
diff --git a/contrib/fuzz/container_fuzzer.go b/contrib/fuzz/container_fuzzer.go
new file mode 100644
index 0000000..1738dbe
--- /dev/null
+++ b/contrib/fuzz/container_fuzzer.go
@@ -0,0 +1,453 @@
+//go:build gofuzz
+// +build gofuzz
+
+/*
+ Copyright The containerd Authors.
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+*/
+
+/*
+ To run this fuzzer, it must first be moved to
+ integration/client. OSS-fuzz does this automatically
+ everytime it builds the fuzzers.
+*/
+
+package client
+
+import (
+ "bytes"
+ "context"
+ "errors"
+ "fmt"
+ "io"
+ "net/http"
+ "os"
+ "strings"
+ "time"
+
+ fuzz "github.com/AdaLogics/go-fuzz-headers"
+ "github.com/containerd/containerd"
+ "github.com/containerd/containerd/oci"
+ "github.com/containerd/containerd/sys"
+ exec "golang.org/x/sys/execabs"
+)
+
+var (
+ haveDownloadedbinaries = false
+ haveExtractedBinaries = false
+ haveChangedPATH = false
+ haveInitialized = false
+
+ downloadLink = "https://github.com/containerd/containerd/releases/download/v1.5.4/containerd-1.5.4-linux-amd64.tar.gz"
+ downloadPath = "/tmp/containerd-1.5.4-linux-amd64.tar.gz"
+ binariesDir = "/tmp/containerd-binaries"
+)
+
+// downloadFile downloads a file from a url
+func downloadFile(filepath string, url string) (err error) {
+
+ out, err := os.Create(filepath)
+ if err != nil {
+ return err
+ }
+ defer out.Close()
+
+ resp, err := http.Get(url)
+ if err != nil {
+ return err
+ }
+ defer resp.Body.Close()
+
+ _, err = io.Copy(out, resp.Body)
+ if err != nil {
+ return err
+ }
+
+ return nil
+}
+
+// initInSteps() performs initialization in several steps
+// The reason for spreading the initialization out in
+// multiple steps is that each fuzz iteration can maximum
+// take 25 seconds when running through OSS-fuzz.
+// Should an iteration exceed that, then the fuzzer stops.
+func initInSteps() bool {
+ // Download binaries
+ if !haveDownloadedbinaries {
+ err := downloadFile(downloadPath, downloadLink)
+ if err != nil {
+ panic(err)
+ }
+ haveDownloadedbinaries = true
+ }
+ // Extract binaries
+ if !haveExtractedBinaries {
+ err := os.MkdirAll(binariesDir, 0777)
+ if err != nil {
+ return true
+ }
+ cmd := exec.Command("tar", "xvf", downloadPath, "-C", binariesDir)
+ err = cmd.Run()
+ if err != nil {
+ return true
+ }
+ haveExtractedBinaries = true
+ return true
+ }
+ // Add binaries to $PATH:
+ if !haveChangedPATH {
+ oldPathEnv := os.Getenv("PATH")
+ newPathEnv := fmt.Sprintf("%s/bin:%s", binariesDir, oldPathEnv)
+ err := os.Setenv("PATH", newPathEnv)
+ if err != nil {
+ return true
+ }
+ haveChangedPATH = true
+ return true
+ }
+ haveInitialized = true
+ return false
+}
+
+func tearDown() error {
+ if err := ctrd.Stop(); err != nil {
+ if err := ctrd.Kill(); err != nil {
+ return err
+ }
+ }
+ if err := ctrd.Wait(); err != nil {
+ if _, ok := err.(*exec.ExitError); !ok {
+ return err
+ }
+ }
+ if err := sys.ForceRemoveAll(defaultRoot); err != nil {
+ return err
+ }
+
+ return nil
+}
+
+// checkIfShouldRestart() checks if an error indicates that
+// the daemon is not running. If the daemon is not running,
+// it deletes it to allow the fuzzer to create a new and
+// working socket.
+func checkIfShouldRestart(err error) {
+ if strings.Contains(err.Error(), "daemon is not running") {
+ deleteSocket()
+ }
+}
+
+// startDaemon() starts the daemon.
+func startDaemon(ctx context.Context, shouldTearDown bool) {
+ buf := bytes.NewBuffer(nil)
+ stdioFile, err := os.CreateTemp("", "")
+ if err != nil {
+ // We panic here as it is a fuzz-blocker that
+ // may need fixing
+ panic(err)
+ }
+ defer func() {
+ stdioFile.Close()
+ os.Remove(stdioFile.Name())
+ }()
+ ctrdStdioFilePath = stdioFile.Name()
+ stdioWriter := io.MultiWriter(stdioFile, buf)
+ err = ctrd.start("containerd", address, []string{
+ "--root", defaultRoot,
+ "--state", defaultState,
+ "--log-level", "debug",
+ "--config", createShimDebugConfig(),
+ }, stdioWriter, stdioWriter)
+ if err != nil {
+ // We are fine if the error is that the daemon is already running,
+ // but if the error is another, then it will be a fuzz blocker,
+ // so we panic
+ if !strings.Contains(err.Error(), "daemon is already running") {
+ fmt.Fprintf(os.Stderr, "%s: %s\n", err, buf.String())
+ }
+ }
+ if shouldTearDown {
+ defer func() {
+ err = tearDown()
+ if err != nil {
+ checkIfShouldRestart(err)
+ }
+ }()
+ }
+ seconds := 4 * time.Second
+ waitCtx, waitCancel := context.WithTimeout(ctx, seconds)
+
+ _, err = ctrd.waitForStart(waitCtx)
+ waitCancel()
+ if err != nil {
+ ctrd.Stop()
+ ctrd.Kill()
+ ctrd.Wait()
+ fmt.Fprintf(os.Stderr, "%s: %s\n", err, buf.String())
+ return
+ }
+}
+
+// deleteSocket() deletes the socket in the file system.
+// This is needed because the socket occasionally will
+// refuse a connection to it, and deleting it allows us
+// to create a new socket when invoking containerd.New()
+func deleteSocket() error {
+ err := os.Remove(defaultAddress)
+ if err != nil {
+ return err
+ }
+ return nil
+}
+
+// updatePathEnv() creates an empty directory in which
+// the fuzzer will create the containerd socket.
+// updatePathEnv() furthermore adds "/out/containerd-binaries"
+// to $PATH, since the binaries are available there.
+func updatePathEnv() error {
+ // Create test dir for socket
+ err := os.MkdirAll(defaultState, 0777)
+ if err != nil {
+ return err
+ }
+
+ oldPathEnv := os.Getenv("PATH")
+ newPathEnv := oldPathEnv + ":/out/containerd-binaries"
+ err = os.Setenv("PATH", newPathEnv)
+ if err != nil {
+ return err
+ }
+ haveInitialized = true
+ return nil
+}
+
+// checkAndDoUnpack checks if an image is unpacked.
+// If it is not unpacked, then we may or may not
+// unpack it. The fuzzer decides.
+func checkAndDoUnpack(image containerd.Image, ctx context.Context, f *fuzz.ConsumeFuzzer) {
+ unpacked, err := image.IsUnpacked(ctx, testSnapshotter)
+ if err == nil && unpacked {
+ shouldUnpack, err := f.GetBool()
+ if err == nil && shouldUnpack {
+ _ = image.Unpack(ctx, testSnapshotter)
+ }
+ }
+}
+
+// getImage() returns an image from the client.
+// The fuzzer decides which image is returned.
+func getImage(client *containerd.Client, f *fuzz.ConsumeFuzzer) (containerd.Image, error) {
+ images, err := client.ListImages(nil)
+ if err != nil {
+ return nil, err
+ }
+ imageIndex, err := f.GetInt()
+ if err != nil {
+ return nil, err
+ }
+ image := images[imageIndex%len(images)]
+ return image, nil
+
+}
+
+// newContainer creates and returns a container
+// The fuzzer decides how the container is created
+func newContainer(client *containerd.Client, f *fuzz.ConsumeFuzzer, ctx context.Context) (containerd.Container, error) {
+
+ // determiner determines how we should create the container
+ determiner, err := f.GetInt()
+ if err != nil {
+ return nil, err
+ }
+ id, err := f.GetString()
+ if err != nil {
+ return nil, err
+ }
+
+ if determiner%1 == 0 {
+ // Create a container with oci specs
+ spec := &oci.Spec{}
+ err = f.GenerateStruct(spec)
+ if err != nil {
+ return nil, err
+ }
+ container, err := client.NewContainer(ctx, id,
+ containerd.WithSpec(spec))
+ if err != nil {
+ return nil, err
+ }
+ return container, nil
+ } else if determiner%2 == 0 {
+ // Create a container with fuzzed oci specs
+ // and an image
+ image, err := getImage(client, f)
+ if err != nil {
+ return nil, err
+ }
+ // Fuzz a few image APIs
+ _, _ = image.Size(ctx)
+ checkAndDoUnpack(image, ctx, f)
+
+ spec := &oci.Spec{}
+ err = f.GenerateStruct(spec)
+ if err != nil {
+ return nil, err
+ }
+ container, err := client.NewContainer(ctx,
+ id,
+ containerd.WithImage(image),
+ containerd.WithSpec(spec))
+ if err != nil {
+ return nil, err
+ }
+ return container, nil
+ } else {
+ // Create a container with an image
+ image, err := getImage(client, f)
+ if err != nil {
+ return nil, err
+ }
+ // Fuzz a few image APIs
+ _, _ = image.Size(ctx)
+ checkAndDoUnpack(image, ctx, f)
+
+ container, err := client.NewContainer(ctx,
+ id,
+ containerd.WithImage(image))
+ if err != nil {
+ return nil, err
+ }
+ return container, nil
+ }
+ return nil, errors.New("Could not create container")
+}
+
+// doFuzz() implements the logic of FuzzCreateContainerNoTearDown()
+// and FuzzCreateContainerWithTearDown() and allows for
+// the option to turn on/off teardown after each iteration.
+// From a high level it:
+// - Creates a client
+// - Imports a bunch of fuzzed tar archives
+// - Creates a bunch of containers
+func doFuzz(data []byte, shouldTearDown bool) int {
+ ctx, cancel := testContext(nil)
+ defer cancel()
+
+ // Check if daemon is running and start it if it isn't
+ if ctrd.cmd == nil {
+ startDaemon(ctx, shouldTearDown)
+ }
+ client, err := containerd.New(defaultAddress)
+ if err != nil {
+ // The error here is most likely with the socket.
+ // Deleting it will allow the creation of a new
+ // socket during next fuzz iteration.
+ deleteSocket()
+ return -1
+ }
+ defer client.Close()
+
+ f := fuzz.NewConsumer(data)
+
+ // Begin import tars:
+ noOfImports, err := f.GetInt()
+ if err != nil {
+ return 0
+ }
+ // maxImports is currently completely arbitrarily defined
+ maxImports := 30
+ for i := 0; i < noOfImports%maxImports; i++ {
+
+ // f.TarBytes() returns valid tar bytes.
+ tarBytes, err := f.TarBytes()
+ if err != nil {
+ return 0
+ }
+ _, _ = client.Import(ctx, bytes.NewReader(tarBytes))
+ }
+ // End import tars
+
+ // Begin create containers:
+ existingImages, err := client.ListImages(ctx)
+ if err != nil {
+ return 0
+ }
+ if len(existingImages) > 0 {
+ noOfContainers, err := f.GetInt()
+ if err != nil {
+ return 0
+ }
+ // maxNoOfContainers is currently
+ // completely arbitrarily defined
+ maxNoOfContainers := 50
+ for i := 0; i < noOfContainers%maxNoOfContainers; i++ {
+ container, err := newContainer(client, f, ctx)
+ if err == nil {
+ defer container.Delete(ctx, containerd.WithSnapshotCleanup)
+ }
+ }
+ }
+ // End create containers
+
+ return 1
+}
+
+// FuzzCreateContainerNoTearDown() implements a fuzzer
+// similar to FuzzCreateContainerWithTearDown() and
+// FuzzCreateContainerWithTearDown(), but it takes a
+// different approach to the initialization. Where
+// the other 2 fuzzers depend on the containerd binaries
+// that were built manually, this fuzzer downloads them
+// when starting a fuzz run.
+// This fuzzer is experimental for now and is being run
+// continuously by OSS-fuzz to collect feedback on
+// its sustainability.
+func FuzzNoTearDownWithDownload(data []byte) int {
+ if !haveInitialized {
+ shouldRestart := initInSteps()
+ if shouldRestart {
+ return 0
+ }
+ }
+ ret := doFuzz(data, false)
+ return ret
+}
+
+// FuzzCreateContainerNoTearDown() implements a fuzzer
+// similar to FuzzCreateContainerWithTearDown() with
+// with one minor distinction: One tears down the
+// daemon after each iteration whereas the other doesn't.
+// The two fuzzers' performance will be compared over time.
+func FuzzCreateContainerNoTearDown(data []byte) int {
+ if !haveInitialized {
+ err := updatePathEnv()
+ if err != nil {
+ return 0
+ }
+ }
+ ret := doFuzz(data, false)
+ return ret
+}
+
+// FuzzCreateContainerWithTearDown() is similar to
+// FuzzCreateContainerNoTearDown() except that
+// FuzzCreateContainerWithTearDown tears down the daemon
+// after each iteration.
+func FuzzCreateContainerWithTearDown(data []byte) int {
+ if !haveInitialized {
+ err := updatePathEnv()
+ if err != nil {
+ return 0
+ }
+ }
+ ret := doFuzz(data, true)
+ return ret
+}
diff --git a/contrib/fuzz/containerd_import_fuzzer.go b/contrib/fuzz/containerd_import_fuzzer.go
new file mode 100644
index 0000000..6874e8c
--- /dev/null
+++ b/contrib/fuzz/containerd_import_fuzzer.go
@@ -0,0 +1,87 @@
+//go:build gofuzz
+// +build gofuzz
+
+/*
+ Copyright The containerd Authors.
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+*/
+
+package fuzz
+
+import (
+ "bytes"
+ "context"
+ "sync"
+ "time"
+
+ fuzz "github.com/AdaLogics/go-fuzz-headers"
+
+ "github.com/containerd/containerd"
+ _ "github.com/containerd/containerd/cmd/containerd"
+ "github.com/containerd/containerd/cmd/containerd/command"
+ "github.com/containerd/containerd/namespaces"
+)
+
+const (
+ defaultRoot = "/var/lib/containerd"
+ defaultState = "/tmp/containerd"
+ defaultAddress = "/tmp/containerd/containerd.sock"
+)
+
+var (
+ initDaemon sync.Once
+)
+
+func startDaemon() {
+ args := []string{"--log-level", "debug"}
+ go func() {
+ // This is similar to invoking the
+ // containerd binary.
+ // See contrib/fuzz/oss_fuzz_build.sh
+ // for more info.
+ command.StartDaemonForFuzzing(args)
+ }()
+ time.Sleep(time.Second * 4)
+}
+
+func fuzzContext() (context.Context, context.CancelFunc) {
+ ctx, cancel := context.WithCancel(context.Background())
+ ctx = namespaces.WithNamespace(ctx, "fuzzing-namespace")
+ return ctx, cancel
+}
+
+func FuzzContainerdImport(data []byte) int {
+ initDaemon.Do(startDaemon)
+
+ client, err := containerd.New(defaultAddress)
+ if err != nil {
+ return 0
+ }
+ defer client.Close()
+
+ f := fuzz.NewConsumer(data)
+
+ noOfImports, err := f.GetInt()
+ if err != nil {
+ return 0
+ }
+ maxImports := 20
+ ctx, cancel := fuzzContext()
+ defer cancel()
+ for i := 0; i < noOfImports%maxImports; i++ {
+ tarBytes, err := f.GetBytes()
+ if err != nil {
+ return 0
+ }
+ _, _ = client.Import(ctx, bytes.NewReader(tarBytes))
+ }
+ return 1
+}
diff --git a/contrib/fuzz/content_fuzzer.go b/contrib/fuzz/content_fuzzer.go
new file mode 100644
index 0000000..da25650
--- /dev/null
+++ b/contrib/fuzz/content_fuzzer.go
@@ -0,0 +1,169 @@
+//go:build gofuzz
+// +build gofuzz
+
+/*
+ Copyright The containerd Authors.
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+*/
+
+//nolint:golint
+package fuzz
+
+import (
+ "bytes"
+ "context"
+ _ "crypto/sha256" // required by go-digest
+ "fmt"
+ "os"
+ "path/filepath"
+ "reflect"
+
+ fuzz "github.com/AdaLogics/go-fuzz-headers"
+ digest "github.com/opencontainers/go-digest"
+ ocispec "github.com/opencontainers/image-spec/specs-go/v1"
+
+ "github.com/containerd/containerd/content"
+ "github.com/containerd/containerd/content/local"
+ "github.com/containerd/containerd/images/archive"
+)
+
+// checkBlobPath performs some basic validation
+func checkBlobPath(dgst digest.Digest, root string) error {
+ if err := dgst.Validate(); err != nil {
+ return err
+ }
+ path := filepath.Join(root, "blobs", dgst.Algorithm().String(), dgst.Hex())
+ _, err := os.Stat(path)
+ if err != nil {
+ return err
+ }
+ return nil
+}
+
+// generateBlobs is a helper function to create random blobs
+func generateBlobs(f *fuzz.ConsumeFuzzer) (map[digest.Digest][]byte, error) {
+ blobs := map[digest.Digest][]byte{}
+ blobQty, err := f.GetInt()
+ if err != nil {
+ return blobs, err
+ }
+ maxsize := 4096
+ nblobs := blobQty % maxsize
+
+ for i := 0; i < nblobs; i++ {
+ digestBytes, err := f.GetBytes()
+ if err != nil {
+ return blobs, err
+ }
+
+ dgst := digest.FromBytes(digestBytes)
+ blobs[dgst] = digestBytes
+ }
+
+ return blobs, nil
+}
+
+// checkwrite is a wrapper around content.WriteBlob()
+func checkWrite(ctx context.Context, cs content.Store, dgst digest.Digest, p []byte) (digest.Digest, error) {
+ if err := content.WriteBlob(ctx, cs, dgst.String(), bytes.NewReader(p),
+ ocispec.Descriptor{Size: int64(len(p)), Digest: dgst}); err != nil {
+ return dgst, err
+ }
+ return dgst, nil
+}
+
+// populateBlobStore creates a bunch of blobs
+func populateBlobStore(ctx context.Context, cs content.Store, f *fuzz.ConsumeFuzzer) (map[digest.Digest][]byte, error) {
+ blobs, err := generateBlobs(f)
+ if err != nil {
+ return nil, err
+ }
+
+ for dgst, p := range blobs {
+ _, err := checkWrite(ctx, cs, dgst, p)
+ if err != nil {
+ return blobs, err
+ }
+ }
+ return blobs, nil
+}
+
+// FuzzCSWalk implements a fuzzer that targets contentStore.Walk()
+func FuzzCSWalk(data []byte) int {
+ ctx := context.Background()
+ expected := map[digest.Digest]struct{}{}
+ found := map[digest.Digest]struct{}{}
+ tmpdir, err := os.MkdirTemp("", "fuzzing-")
+ if err != nil {
+ return 0
+ }
+ defer os.RemoveAll(tmpdir)
+ cs, err := local.NewStore(tmpdir)
+ if err != nil {
+ return 0
+ }
+
+ f := fuzz.NewConsumer(data)
+ blobs, err := populateBlobStore(ctx, cs, f)
+ if err != nil {
+ return 0
+ }
+
+ for dgst := range blobs {
+ expected[dgst] = struct{}{}
+ }
+
+ if err := cs.Walk(ctx, func(bi content.Info) error {
+ found[bi.Digest] = struct{}{}
+ err = checkBlobPath(bi.Digest, tmpdir)
+ if err != nil {
+ return err
+ }
+ return nil
+ }); err != nil {
+ return 0
+ }
+ if !reflect.DeepEqual(expected, found) {
+ panic(fmt.Sprintf("%v != %v but should be equal", found, expected))
+ }
+ return 1
+}
+
+func FuzzArchiveExport(data []byte) int {
+ f := fuzz.NewConsumer(data)
+ manifest := ocispec.Descriptor{}
+ err := f.GenerateStruct(&manifest)
+ if err != nil {
+ return 0
+ }
+ ctx := context.Background()
+ tmpdir, err := os.MkdirTemp("", "fuzzing-")
+ if err != nil {
+ return 0
+ }
+ defer os.RemoveAll(tmpdir)
+ cs, err := local.NewStore(tmpdir)
+ if err != nil {
+ return 0
+ }
+ _, err = populateBlobStore(ctx, cs, f)
+ if err != nil {
+ return 0
+ }
+ w, err := os.Create("fuzz-output-file")
+ if err != nil {
+ return 0
+ }
+ defer w.Close()
+ defer os.Remove("fuzz-output-file")
+ _ = archive.Export(ctx, cs, w, archive.WithManifest(manifest, "name"))
+ return 1
+}
diff --git a/vendor/github.com/containerd/fifo/utils.go b/contrib/fuzz/cri_fuzzer.go
similarity index 58%
rename from vendor/github.com/containerd/fifo/utils.go
rename to contrib/fuzz/cri_fuzzer.go
index bbdf790..03d1749 100644
--- a/vendor/github.com/containerd/fifo/utils.go
+++ b/contrib/fuzz/cri_fuzzer.go
@@ -1,12 +1,12 @@
+//go:build gofuzz
+// +build gofuzz
+
/*
Copyright The containerd Authors.
-
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
-
http://www.apache.org/licenses/LICENSE-2.0
-
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -14,22 +14,26 @@
limitations under the License.
*/
-package fifo
+package fuzz
-import "os"
+import (
+ fuzz "github.com/AdaLogics/go-fuzz-headers"
+ runtime "k8s.io/cri-api/pkg/apis/runtime/v1"
-// IsFifo checks if a file is a (named pipe) fifo
-// if the file does not exist then it returns false
-func IsFifo(path string) (bool, error) {
- stat, err := os.Stat(path)
+ "github.com/containerd/containerd/pkg/cri/server"
+)
+
+func FuzzParseAuth(data []byte) int {
+ f := fuzz.NewConsumer(data)
+ auth := &runtime.AuthConfig{}
+ err := f.GenerateStruct(auth)
if err != nil {
- if os.IsNotExist(err) {
- return false, nil
- }
- return false, err
+ return 0
}
- if stat.Mode()&os.ModeNamedPipe == os.ModeNamedPipe {
- return true, nil
+ host, err := f.GetString()
+ if err != nil {
+ return 0
}
- return false, nil
+ _, _, _ = server.ParseAuth(auth, host)
+ return 1
}
diff --git a/contrib/fuzz/docker_fuzzer.go b/contrib/fuzz/docker_fuzzer.go
new file mode 100644
index 0000000..7f4213b
--- /dev/null
+++ b/contrib/fuzz/docker_fuzzer.go
@@ -0,0 +1,86 @@
+//go:build gofuzz
+// +build gofuzz
+
+/*
+ Copyright The containerd Authors.
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+*/
+
+/*
+ This fuzzer is run continuously by OSS-fuzz.
+ It is stored in contrib/fuzz for organization,
+ but in order to execute it, it must be moved to
+ remotes/docker first.
+*/
+
+package docker
+
+import (
+ "context"
+ "fmt"
+ "io"
+ "net/http"
+ "net/http/httptest"
+ "net/url"
+
+ refDocker "github.com/containerd/containerd/reference/docker"
+)
+
+func FuzzFetcher(data []byte) int {
+ dataLen := len(data)
+ if dataLen == 0 {
+ return -1
+ }
+
+ s := httptest.NewServer(http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
+ rw.Header().Set("content-range", fmt.Sprintf("bytes %d-%d/%d", 0, dataLen-1, dataLen))
+ rw.Header().Set("content-length", fmt.Sprintf("%d", dataLen))
+ rw.Write(data)
+ }))
+ defer s.Close()
+
+ u, err := url.Parse(s.URL)
+ if err != nil {
+ return 0
+ }
+
+ f := dockerFetcher{&dockerBase{
+ repository: "nonempty",
+ }}
+ host := RegistryHost{
+ Client: s.Client(),
+ Host: u.Host,
+ Scheme: u.Scheme,
+ Path: u.Path,
+ }
+
+ ctx := context.Background()
+ req := f.request(host, http.MethodGet)
+ rc, err := f.open(ctx, req, "", 0)
+ if err != nil {
+ return 0
+ }
+ b, err := io.ReadAll(rc)
+ if err != nil {
+ return 0
+ }
+
+ expected := data
+ if len(b) != len(expected) {
+ panic("len of request is not equal to len of expected but should be")
+ }
+ return 1
+}
+
+func FuzzParseDockerRef(data []byte) int {
+ _, _ = refDocker.ParseDockerRef(string(data))
+ return 1
+}
diff --git a/contrib/fuzz/filters_fuzzers.go b/contrib/fuzz/filters_fuzzers.go
index 9440c46..d78a0af 100644
--- a/contrib/fuzz/filters_fuzzers.go
+++ b/contrib/fuzz/filters_fuzzers.go
@@ -1,3 +1,4 @@
+//go:build gofuzz
// +build gofuzz
/*
diff --git a/contrib/fuzz/metadata_fuzzer.go b/contrib/fuzz/metadata_fuzzer.go
new file mode 100644
index 0000000..ba1f3db
--- /dev/null
+++ b/contrib/fuzz/metadata_fuzzer.go
@@ -0,0 +1,405 @@
+//go:build gofuzz
+// +build gofuzz
+
+/*
+ Copyright The containerd Authors.
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+*/
+
+package fuzz
+
+import (
+ "context"
+ "fmt"
+ "os"
+ "path/filepath"
+
+ fuzz "github.com/AdaLogics/go-fuzz-headers"
+ digest "github.com/opencontainers/go-digest"
+ ocispec "github.com/opencontainers/image-spec/specs-go/v1"
+ bolt "go.etcd.io/bbolt"
+
+ "github.com/containerd/containerd/containers"
+ "github.com/containerd/containerd/content"
+ "github.com/containerd/containerd/content/local"
+ "github.com/containerd/containerd/images"
+ "github.com/containerd/containerd/leases"
+ "github.com/containerd/containerd/metadata"
+ "github.com/containerd/containerd/namespaces"
+ "github.com/containerd/containerd/snapshots"
+ "github.com/containerd/containerd/snapshots/native"
+)
+
+func testEnv() (context.Context, *bolt.DB, func(), error) {
+ ctx, cancel := context.WithCancel(context.Background())
+ ctx = namespaces.WithNamespace(ctx, "testing")
+
+ dirname, err := os.MkdirTemp("", "fuzz-")
+ if err != nil {
+ return ctx, nil, nil, err
+ }
+
+ db, err := bolt.Open(filepath.Join(dirname, "meta.db"), 0644, nil)
+ if err != nil {
+ return ctx, nil, nil, err
+ }
+
+ return ctx, db, func() {
+ db.Close()
+ _ = os.RemoveAll(dirname)
+ cancel()
+ }, nil
+}
+
+func FuzzImageStore(data []byte) int {
+ ctx, db, cancel, err := testEnv()
+ if err != nil {
+ return 0
+ }
+ defer cancel()
+ store := metadata.NewImageStore(metadata.NewDB(db, nil, nil))
+ f := fuzz.NewConsumer(data)
+ noOfOperations, err := f.GetInt()
+ if err != nil {
+ return 0
+ }
+ maxOperations := 50
+ for i := 0; i < noOfOperations%maxOperations; i++ {
+ opType, err := f.GetInt()
+ if err != nil {
+ return 0
+ }
+ if opType%1 == 0 {
+ i := images.Image{}
+ err := f.GenerateStruct(&i)
+ if err != nil {
+ return 0
+ }
+ _, _ = store.Create(ctx, i)
+ } else if opType%2 == 0 {
+ newFs, err := f.GetString()
+ if err != nil {
+ return 0
+ }
+ _, _ = store.List(ctx, newFs)
+ } else if opType%3 == 0 {
+ i := images.Image{}
+ err := f.GenerateStruct(&i)
+ if err != nil {
+ return 0
+ }
+ _, _ = store.Update(ctx, i)
+ } else if opType%4 == 0 {
+ name, err := f.GetString()
+ if err != nil {
+ return 0
+ }
+ _ = store.Delete(ctx, name)
+ }
+ }
+ return 1
+}
+
+func FuzzLeaseManager(data []byte) int {
+ ctx, db, cancel, err := testEnv()
+ if err != nil {
+ return 0
+ }
+ defer cancel()
+ lm := metadata.NewLeaseManager(metadata.NewDB(db, nil, nil))
+
+ f := fuzz.NewConsumer(data)
+ noOfOperations, err := f.GetInt()
+ if err != nil {
+ return 0
+ }
+ maxOperations := 50
+ for i := 0; i < noOfOperations%maxOperations; i++ {
+ opType, err := f.GetInt()
+ if err != nil {
+ return 0
+ }
+ if opType%1 == 0 {
+ err := db.Update(func(tx *bolt.Tx) error {
+ sm := make(map[string]string)
+ err2 := f.FuzzMap(&sm)
+ if err2 != nil {
+ return err2
+ }
+ _, _ = lm.Create(ctx, leases.WithLabels(sm))
+ return nil
+ })
+ if err != nil {
+ return 0
+ }
+ } else if opType%2 == 0 {
+ _, _ = lm.List(ctx)
+ } else if opType%3 == 0 {
+ l := leases.Lease{}
+ err := f.GenerateStruct(&l)
+ if err != nil {
+ return 0
+ }
+ r := leases.Resource{}
+ err = f.GenerateStruct(&r)
+ if err != nil {
+ return 0
+ }
+ db.Update(func(tx *bolt.Tx) error {
+ _ = lm.AddResource(metadata.WithTransactionContext(ctx, tx), l, r)
+ return nil
+ })
+ } else if opType%4 == 0 {
+ l := leases.Lease{}
+ err = f.GenerateStruct(&l)
+ if err != nil {
+ return 0
+ }
+ _ = lm.Delete(ctx, l)
+ } else if opType%5 == 0 {
+ l := leases.Lease{}
+ err := f.GenerateStruct(&l)
+ if err != nil {
+ return 0
+ }
+ r := leases.Resource{}
+ err = f.GenerateStruct(&r)
+ if err != nil {
+ return 0
+ }
+ _ = lm.DeleteResource(ctx, l, r)
+ } else if opType%6 == 0 {
+ l := leases.Lease{}
+ err := f.GenerateStruct(&l)
+ if err != nil {
+ return 0
+ }
+ _, _ = lm.ListResources(ctx, l)
+ }
+ }
+ return 1
+}
+
+func FuzzContainerStore(data []byte) int {
+ ctx, db, cancel, err := testEnv()
+ if err != nil {
+ return 0
+ }
+ defer cancel()
+
+ store := metadata.NewContainerStore(metadata.NewDB(db, nil, nil))
+ c := containers.Container{}
+ f := fuzz.NewConsumer(data)
+ noOfOperations, err := f.GetInt()
+ if err != nil {
+ return 0
+ }
+ maxOperations := 50
+ for i := 0; i < noOfOperations%maxOperations; i++ {
+ opType, err := f.GetInt()
+ if err != nil {
+ return 0
+ }
+ if opType%1 == 0 {
+ err := f.GenerateStruct(&c)
+ if err != nil {
+ return 0
+ }
+ db.Update(func(tx *bolt.Tx) error {
+ _, _ = store.Create(metadata.WithTransactionContext(ctx, tx), c)
+ return nil
+ })
+ } else if opType%2 == 0 {
+ filt, err := f.GetString()
+ if err != nil {
+ return 0
+ }
+ _, _ = store.List(ctx, filt)
+ } else if opType%3 == 0 {
+ id, err := f.GetString()
+ if err != nil {
+ return 0
+ }
+ _ = store.Delete(ctx, id)
+ } else if opType%4 == 0 {
+ fieldpaths, err := f.GetString()
+ if err != nil {
+ return 0
+ }
+ _, _ = store.Update(ctx, c, fieldpaths)
+ } else if opType%5 == 0 {
+ id, err := f.GetString()
+ if err != nil {
+ return 0
+ }
+ _, _ = store.Get(ctx, id)
+ }
+ }
+ return 1
+}
+
+type testOptions struct {
+ extraSnapshots map[string]func(string) (snapshots.Snapshotter, error)
+}
+
+type testOpt func(*testOptions)
+
+func testDB(opt ...testOpt) (context.Context, *metadata.DB, func(), error) {
+ ctx, cancel := context.WithCancel(context.Background())
+ ctx = namespaces.WithNamespace(ctx, "testing")
+
+ var topts testOptions
+
+ for _, o := range opt {
+ o(&topts)
+ }
+
+ dirname, err := os.MkdirTemp("", "fuzzing-")
+ if err != nil {
+ return ctx, nil, func() { cancel() }, err
+ }
+ defer os.RemoveAll(dirname)
+
+ snapshotter, err := native.NewSnapshotter(filepath.Join(dirname, "native"))
+ if err != nil {
+ return ctx, nil, func() { cancel() }, err
+ }
+
+ snapshotters := map[string]snapshots.Snapshotter{
+ "native": snapshotter,
+ }
+
+ for name, fn := range topts.extraSnapshots {
+ snapshotter, err := fn(filepath.Join(dirname, name))
+ if err != nil {
+ return ctx, nil, func() { cancel() }, err
+ }
+ snapshotters[name] = snapshotter
+ }
+
+ cs, err := local.NewStore(filepath.Join(dirname, "content"))
+ if err != nil {
+ return ctx, nil, func() { cancel() }, err
+ }
+
+ bdb, err := bolt.Open(filepath.Join(dirname, "metadata.db"), 0644, nil)
+ if err != nil {
+ return ctx, nil, func() { cancel() }, err
+ }
+
+ db := metadata.NewDB(bdb, cs, snapshotters)
+ if err := db.Init(ctx); err != nil {
+ return ctx, nil, func() { cancel() }, err
+ }
+
+ return ctx, db, func() {
+ bdb.Close()
+ if err := os.RemoveAll(dirname); err != nil {
+ fmt.Println("Failed removing temp dir")
+ }
+ cancel()
+ }, nil
+}
+
+func FuzzContentStore(data []byte) int {
+ ctx, db, cancel, err := testDB()
+ defer cancel()
+ if err != nil {
+ return 0
+ }
+
+ cs := db.ContentStore()
+ f := fuzz.NewConsumer(data)
+ noOfOperations, err := f.GetInt()
+ if err != nil {
+ return 0
+ }
+ maxOperations := 50
+ for i := 0; i < noOfOperations%maxOperations; i++ {
+ opType, err := f.GetInt()
+ if err != nil {
+ return 0
+ }
+ if opType%1 == 0 {
+ blob, err := f.GetBytes()
+ if err != nil {
+ return 0
+ }
+ dgst := digest.FromBytes(blob)
+ err = dgst.Validate()
+ if err != nil {
+ return 0
+ }
+ _, _ = cs.Info(ctx, dgst)
+ } else if opType%2 == 0 {
+ info := content.Info{}
+ err = f.GenerateStruct(&info)
+ if err != nil {
+ return 0
+ }
+ _, _ = cs.Update(ctx, info)
+ } else if opType%3 == 0 {
+ walkFn := func(info content.Info) error {
+ return nil
+ }
+ _ = cs.Walk(ctx, walkFn)
+ } else if opType%4 == 0 {
+ blob, err := f.GetBytes()
+ if err != nil {
+ return 0
+ }
+ dgst := digest.FromBytes(blob)
+ err = dgst.Validate()
+ if err != nil {
+ return 0
+ }
+ _ = cs.Delete(ctx, dgst)
+ } else if opType%5 == 0 {
+ _, _ = cs.ListStatuses(ctx)
+ } else if opType%6 == 0 {
+ ref, err := f.GetString()
+ if err != nil {
+ return 0
+ }
+ _, _ = cs.Status(ctx, ref)
+ } else if opType%7 == 0 {
+ ref, err := f.GetString()
+ if err != nil {
+ return 0
+ }
+ _ = cs.Abort(ctx, ref)
+ } else if opType%8 == 0 {
+ desc := ocispec.Descriptor{}
+ err = f.GenerateStruct(&desc)
+ if err != nil {
+ return 0
+ }
+ ref, err := f.GetString()
+ if err != nil {
+ return 0
+ }
+ csWriter, err := cs.Writer(ctx,
+ content.WithDescriptor(desc),
+ content.WithRef(ref))
+ if err != nil {
+ return 0
+ }
+ defer csWriter.Close()
+ p, err := f.GetBytes()
+ if err != nil {
+ return 0
+ }
+ _, _ = csWriter.Write(p)
+ _ = csWriter.Commit(ctx, 0, csWriter.Digest())
+ }
+ }
+ return 1
+}
diff --git a/contrib/fuzz/oss_fuzz_build.sh b/contrib/fuzz/oss_fuzz_build.sh
new file mode 100755
index 0000000..f3814ce
--- /dev/null
+++ b/contrib/fuzz/oss_fuzz_build.sh
@@ -0,0 +1,108 @@
+#!/usr/bin/env bash
+
+# Copyright The containerd Authors.
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -o nounset
+set -o pipefail
+set -o errexit
+set -x
+
+cd "$(dirname "${BASH_SOURCE[0]}")"
+cd ../../
+
+# Move all fuzzers that don't have the "fuzz" package out of this dir
+mv contrib/fuzz/docker_fuzzer.go remotes/docker/
+mv contrib/fuzz/container_fuzzer.go integration/client/
+
+
+# Change path of socket since OSS-fuzz does not grant access to /run
+sed -i 's/\/run\/containerd/\/tmp\/containerd/g' $SRC/containerd/defaults/defaults_unix.go
+
+# To build FuzzContainer2 we need to prepare a few things:
+# We change the name of the cmd/containerd package
+# so that we can import it.
+# We furthermore add an exported function that is similar
+# to cmd/containerd.main and call that instead of calling
+# the containerd binary.
+#
+# In the fuzzer we import cmd/containerd as a low-maintenance
+# way of initializing all the plugins.
+# Make backup of cmd/containerd:
+cp -r $SRC/containerd/cmd/containerd $SRC/cmd-containerd-backup
+# Rename package:
+find $SRC/containerd/cmd/containerd -type f -exec sed -i 's/package main/package mainfuzz/g' {} \;
+# Add an exported function
+sed -i -e '$afunc StartDaemonForFuzzing(arguments []string) {\n\tapp := App()\n\t_ = app.Run(arguments)\n}' $SRC/containerd/cmd/containerd/command/main.go
+# Build fuzzer:
+compile_go_fuzzer github.com/containerd/containerd/contrib/fuzz FuzzContainerdImport fuzz_containerd_import
+# Reinstante backup of cmd/containerd:
+mv $SRC/cmd-containerd-backup $SRC/containerd/cmd/containerd
+
+# Compile more fuzzers
+compile_go_fuzzer github.com/containerd/containerd/remotes/docker FuzzFetcher fuzz_fetcher
+compile_go_fuzzer github.com/containerd/containerd/remotes/docker FuzzParseDockerRef fuzz_parse_docker_ref
+compile_go_fuzzer github.com/containerd/containerd/contrib/fuzz FuzzFiltersParse fuzz_filters_parse
+compile_go_fuzzer github.com/containerd/containerd/contrib/fuzz FuzzPlatformsParse fuzz_platforms_parse
+compile_go_fuzzer github.com/containerd/containerd/contrib/fuzz FuzzApply fuzz_apply
+compile_go_fuzzer github.com/containerd/containerd/contrib/fuzz FuzzImportIndex fuzz_import_index
+compile_go_fuzzer github.com/containerd/containerd/contrib/fuzz FuzzCSWalk fuzz_cs_walk
+compile_go_fuzzer github.com/containerd/containerd/contrib/fuzz FuzzArchiveExport fuzz_archive_export
+compile_go_fuzzer github.com/containerd/containerd/contrib/fuzz FuzzParseAuth fuzz_parse_auth
+compile_go_fuzzer github.com/containerd/containerd/contrib/fuzz FuzzParseProcPIDStatus fuzz_parse_proc_pid_status
+compile_go_fuzzer github.com/containerd/containerd/contrib/fuzz FuzzImageStore fuzz_image_store
+compile_go_fuzzer github.com/containerd/containerd/contrib/fuzz FuzzLeaseManager fuzz_lease_manager
+compile_go_fuzzer github.com/containerd/containerd/contrib/fuzz FuzzContainerStore fuzz_container_store
+compile_go_fuzzer github.com/containerd/containerd/contrib/fuzz FuzzContentStore fuzz_content_store
+
+
+# The below fuzzers require more setup than the fuzzers above.
+# We need the binaries from "make".
+wget -c https://github.com/protocolbuffers/protobuf/releases/download/v3.11.4/protoc-3.11.4-linux-x86_64.zip
+unzip protoc-3.11.4-linux-x86_64.zip -d /usr/local
+
+export CGO_ENABLED=1
+export GOARCH=amd64
+
+# Build runc
+cd $SRC/
+git clone https://github.com/opencontainers/runc --branch release-1.0
+cd runc
+make
+make install
+
+# Build static containerd
+cd $SRC/containerd
+make EXTRA_FLAGS="-buildmode pie" \
+ EXTRA_LDFLAGS='-linkmode external -extldflags "-fno-PIC -static"' \
+ BUILDTAGS="netgo osusergo static_build"
+
+
+mkdir $OUT/containerd-binaries || true
+cd $SRC/containerd/bin && cp * $OUT/containerd-binaries/ && cd -
+
+# Change defaultState and defaultAddress fron /run/containerd-test to /tmp/containerd-test:
+sed -i 's/\/run\/containerd-test/\/tmp\/containerd-test/g' $SRC/containerd/integration/client/client_unix_test.go
+
+cd integration/client
+
+# Rename all *_test.go to *_test_fuzz.go to use their declarations:
+for i in $( ls *_test.go ); do mv $i ./${i%.*}_fuzz.go; done
+
+# Remove windows test to avoid double declarations:
+rm ./client_windows_test_fuzz.go
+rm ./helpers_windows_test_fuzz.go
+compile_go_fuzzer github.com/containerd/containerd/integration/client FuzzCreateContainerNoTearDown fuzz_create_container_no_teardown
+compile_go_fuzzer github.com/containerd/containerd/integration/client FuzzCreateContainerWithTearDown fuzz_create_container_with_teardown
+compile_go_fuzzer github.com/containerd/containerd/integration/client FuzzNoTearDownWithDownload fuzz_no_teardown_with_download
diff --git a/contrib/fuzz/platforms_fuzzers.go b/contrib/fuzz/platforms_fuzzers.go
index 8b02c83..cf418a9 100644
--- a/contrib/fuzz/platforms_fuzzers.go
+++ b/contrib/fuzz/platforms_fuzzers.go
@@ -1,3 +1,4 @@
+//go:build gofuzz
// +build gofuzz
/*
diff --git a/contrib/gce/cloud-init/master.yaml b/contrib/gce/cloud-init/master.yaml
index 35c869c..1b2aea4 100644
--- a/contrib/gce/cloud-init/master.yaml
+++ b/contrib/gce/cloud-init/master.yaml
@@ -75,7 +75,8 @@ write_files:
content: |
[Unit]
Description=Download and install k8s binaries and configurations
- After=network-online.target
+ After=network-online.target containerd.target
+ Wants=network-online.target containerd.target
[Service]
Type=oneshot
diff --git a/contrib/gce/cloud-init/node.yaml b/contrib/gce/cloud-init/node.yaml
index 97d7ad4..56dae24 100644
--- a/contrib/gce/cloud-init/node.yaml
+++ b/contrib/gce/cloud-init/node.yaml
@@ -69,7 +69,8 @@ write_files:
content: |
[Unit]
Description=Download and install k8s binaries and configurations
- After=network-online.target
+ After=network-online.target containerd.target
+ Wants=network-online.target containerd.target
[Service]
Type=oneshot
diff --git a/contrib/gce/cni.template b/contrib/gce/cni.template
index c8c0d7f..adf5439 100644
--- a/contrib/gce/cni.template
+++ b/contrib/gce/cni.template
@@ -1,6 +1,6 @@
{
"name": "k8s-pod-network",
- "cniVersion": "0.3.1",
+ "cniVersion": "1.0.0",
"plugins": [
{
"type": "ptp",
diff --git a/contrib/gce/configure.sh b/contrib/gce/configure.sh
index 741684e..0499f0b 100755
--- a/contrib/gce/configure.sh
+++ b/contrib/gce/configure.sh
@@ -114,7 +114,7 @@ if [ "${CONTAINERD_TEST:-"false"}" != "true" ]; then
# CONTAINERD_VERSION is the cri-containerd version to use.
version=${CONTAINERD_VERSION:-""}
else
- deploy_path=${CONTAINERD_DEPLOY_PATH:-"cri-containerd-staging"}
+ deploy_path=${CONTAINERD_DEPLOY_PATH:-"k8s-staging-cri-tools"}
# PULL_REFS_METADATA is the metadata key of PULL_REFS from prow.
PULL_REFS_METADATA="PULL_REFS"
@@ -176,6 +176,8 @@ if [ "${KUBERNETES_MASTER:-}" != "true" ]; then
cni_template_path=""
fi
fi
+# Use systemd cgroup if specified in env
+systemdCgroup="${CONTAINERD_SYSTEMD_CGROUP:-"false"}"
log_level="${CONTAINERD_LOG_LEVEL:-"info"}"
max_container_log_line="${CONTAINERD_MAX_CONTAINER_LOG_LINE:-16384}"
cat > ${config_path} < 0 || k.Major > 0 {
+ return fmt.Sprintf("%d.%d", k.Kernel, k.Major)
+ }
+ return ""
+}
+
+var (
+ currentKernelVersion *KernelVersion
+ kernelVersionError error
+ once sync.Once
+)
+
+// getKernelVersion gets the current kernel version.
+func getKernelVersion() (*KernelVersion, error) {
+ once.Do(func() {
+ var uts unix.Utsname
+ if err := unix.Uname(&uts); err != nil {
+ return
+ }
+ // Remove the \x00 from the release for Atoi to parse correctly
+ currentKernelVersion, kernelVersionError = parseRelease(string(uts.Release[:bytes.IndexByte(uts.Release[:], 0)]))
+ })
+ return currentKernelVersion, kernelVersionError
+}
+
+// parseRelease parses a string and creates a KernelVersion based on it.
+func parseRelease(release string) (*KernelVersion, error) {
+ var version = KernelVersion{}
+
+ // We're only make sure we get the "kernel" and "major revision". Sometimes we have
+ // 3.12.25-gentoo, but sometimes we just have 3.12-1-amd64.
+ _, err := fmt.Sscanf(release, "%d.%d", &version.Kernel, &version.Major)
+ if err != nil {
+ return nil, fmt.Errorf("failed to parse kernel version %q: %w", release, err)
+ }
+ return &version, nil
+}
+
+// GreaterEqualThan checks if the host's kernel version is greater than, or
+// equal to the given kernel version v. Only "kernel version" and "major revision"
+// can be specified (e.g., "3.12") and will be taken into account, which means
+// that 3.12.25-gentoo and 3.12-1-amd64 are considered equal (kernel: 3, major: 12).
+func GreaterEqualThan(minVersion KernelVersion) (bool, error) {
+ kv, err := getKernelVersion()
+ if err != nil {
+ return false, err
+ }
+ if kv.Kernel > minVersion.Kernel {
+ return true, nil
+ }
+ if kv.Kernel == minVersion.Kernel && kv.Major >= minVersion.Major {
+ return true, nil
+ }
+ return false, nil
+}
diff --git a/contrib/seccomp/kernelversion/kernel_linux_test.go b/contrib/seccomp/kernelversion/kernel_linux_test.go
new file mode 100644
index 0000000..a45e191
--- /dev/null
+++ b/contrib/seccomp/kernelversion/kernel_linux_test.go
@@ -0,0 +1,141 @@
+/*
+ Copyright The containerd Authors.
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+ File copied and customized based on
+ https://github.com/moby/moby/tree/v20.10.14/profiles/seccomp/kernel_linux_test.go
+*/
+
+package kernelversion
+
+import (
+ "fmt"
+ "testing"
+)
+
+func TestGetKernelVersion(t *testing.T) {
+ version, err := getKernelVersion()
+ if err != nil {
+ t.Fatal(err)
+ }
+ if version == nil {
+ t.Fatal("version is nil")
+ }
+ if version.Kernel == 0 {
+ t.Fatal("no kernel version")
+ }
+}
+
+// TestParseRelease tests the ParseRelease() function
+func TestParseRelease(t *testing.T) {
+ tests := []struct {
+ in string
+ out KernelVersion
+ expectedErr error
+ }{
+ {in: "3.8", out: KernelVersion{Kernel: 3, Major: 8}},
+ {in: "3.8.0", out: KernelVersion{Kernel: 3, Major: 8}},
+ {in: "3.8.0-19-generic", out: KernelVersion{Kernel: 3, Major: 8}},
+ {in: "3.4.54.longterm-1", out: KernelVersion{Kernel: 3, Major: 4}},
+ {in: "3.10.0-862.2.3.el7.x86_64", out: KernelVersion{Kernel: 3, Major: 10}},
+ {in: "3.12.8tag", out: KernelVersion{Kernel: 3, Major: 12}},
+ {in: "3.12-1-amd64", out: KernelVersion{Kernel: 3, Major: 12}},
+ {in: "3.12foobar", out: KernelVersion{Kernel: 3, Major: 12}},
+ {in: "99.999.999-19-generic", out: KernelVersion{Kernel: 99, Major: 999}},
+ {in: "", expectedErr: fmt.Errorf(`failed to parse kernel version "": EOF`)},
+ {in: "3", expectedErr: fmt.Errorf(`failed to parse kernel version "3": unexpected EOF`)},
+ {in: "3.", expectedErr: fmt.Errorf(`failed to parse kernel version "3.": EOF`)},
+ {in: "3a", expectedErr: fmt.Errorf(`failed to parse kernel version "3a": input does not match format`)},
+ {in: "3.a", expectedErr: fmt.Errorf(`failed to parse kernel version "3.a": expected integer`)},
+ {in: "a", expectedErr: fmt.Errorf(`failed to parse kernel version "a": expected integer`)},
+ {in: "a.a", expectedErr: fmt.Errorf(`failed to parse kernel version "a.a": expected integer`)},
+ {in: "a.a.a-a", expectedErr: fmt.Errorf(`failed to parse kernel version "a.a.a-a": expected integer`)},
+ {in: "-3", expectedErr: fmt.Errorf(`failed to parse kernel version "-3": expected integer`)},
+ {in: "-3.", expectedErr: fmt.Errorf(`failed to parse kernel version "-3.": expected integer`)},
+ {in: "-3.8", expectedErr: fmt.Errorf(`failed to parse kernel version "-3.8": expected integer`)},
+ {in: "-3.-8", expectedErr: fmt.Errorf(`failed to parse kernel version "-3.-8": expected integer`)},
+ {in: "3.-8", expectedErr: fmt.Errorf(`failed to parse kernel version "3.-8": expected integer`)},
+ }
+ for _, tc := range tests {
+ tc := tc
+ t.Run(tc.in, func(t *testing.T) {
+ version, err := parseRelease(tc.in)
+ if tc.expectedErr != nil {
+ if err == nil {
+ t.Fatal("expected an error")
+ }
+ if err.Error() != tc.expectedErr.Error() {
+ t.Fatalf("expected: %s, got: %s", tc.expectedErr, err)
+ }
+ return
+ }
+ if err != nil {
+ t.Fatal("unexpected error:", err)
+ }
+ if version == nil {
+ t.Fatal("version is nil")
+ }
+ if version.Kernel != tc.out.Kernel || version.Major != tc.out.Major {
+ t.Fatalf("expected: %d.%d, got: %d.%d", tc.out.Kernel, tc.out.Major, version.Kernel, version.Major)
+ }
+ })
+ }
+}
+
+func TestGreaterEqualThan(t *testing.T) {
+ // Get the current kernel version, so that we can make test relative to that
+ v, err := getKernelVersion()
+ if err != nil {
+ t.Fatal(err)
+ }
+
+ tests := []struct {
+ doc string
+ in KernelVersion
+ expected bool
+ }{
+ {
+ doc: "same version",
+ in: KernelVersion{v.Kernel, v.Major},
+ expected: true,
+ },
+ {
+ doc: "kernel minus one",
+ in: KernelVersion{v.Kernel - 1, v.Major},
+ expected: true,
+ },
+ {
+ doc: "kernel plus one",
+ in: KernelVersion{v.Kernel + 1, v.Major},
+ expected: false,
+ },
+ {
+ doc: "major plus one",
+ in: KernelVersion{v.Kernel, v.Major + 1},
+ expected: false,
+ },
+ }
+ for _, tc := range tests {
+ tc := tc
+ t.Run(tc.doc+": "+tc.in.String(), func(t *testing.T) {
+ ok, err := GreaterEqualThan(tc.in)
+ if err != nil {
+ t.Fatal("unexpected error:", err)
+ }
+ if ok != tc.expected {
+ t.Fatalf("expected: %v, got: %v", tc.expected, ok)
+ }
+ })
+ }
+}
diff --git a/contrib/seccomp/seccomp.go b/contrib/seccomp/seccomp.go
index b7cf176..5292cbc 100644
--- a/contrib/seccomp/seccomp.go
+++ b/contrib/seccomp/seccomp.go
@@ -20,7 +20,7 @@ import (
"context"
"encoding/json"
"fmt"
- "io/ioutil"
+ "os"
"github.com/containerd/containerd/containers"
"github.com/containerd/containerd/oci"
@@ -33,7 +33,7 @@ import (
func WithProfile(profile string) oci.SpecOpts {
return func(_ context.Context, _ oci.Client, _ *containers.Container, s *specs.Spec) error {
s.Linux.Seccomp = &specs.LinuxSeccomp{}
- f, err := ioutil.ReadFile(profile)
+ f, err := os.ReadFile(profile)
if err != nil {
return fmt.Errorf("cannot load seccomp profile %q: %v", profile, err)
}
diff --git a/contrib/seccomp/seccomp_default.go b/contrib/seccomp/seccomp_default.go
index 2876612..363bebd 100644
--- a/contrib/seccomp/seccomp_default.go
+++ b/contrib/seccomp/seccomp_default.go
@@ -1,3 +1,4 @@
+//go:build linux
// +build linux
/*
@@ -23,6 +24,7 @@ import (
"golang.org/x/sys/unix"
+ "github.com/containerd/containerd/contrib/seccomp/kernelversion"
"github.com/opencontainers/runtime-spec/specs-go"
)
@@ -42,6 +44,9 @@ func arches() []specs.Arch {
return []specs.Arch{specs.ArchMIPSEL, specs.ArchMIPSEL64, specs.ArchMIPSEL64N32}
case "s390x":
return []specs.Arch{specs.ArchS390, specs.ArchS390X}
+ case "riscv64":
+ // ArchRISCV32 (SCMP_ARCH_RISCV32) does not exist
+ return []specs.Arch{specs.ArchRISCV64}
default:
return []specs.Arch{}
}
@@ -127,6 +132,7 @@ func DefaultProfile(sp *specs.Spec) *specs.LinuxSeccomp {
"ftruncate64",
"futex",
"futex_time64",
+ "futex_waitv",
"futimesat",
"getcpu",
"getcwd",
@@ -183,6 +189,9 @@ func DefaultProfile(sp *specs.Spec) *specs.LinuxSeccomp {
"io_uring_setup",
"ipc",
"kill",
+ "landlock_add_rule",
+ "landlock_create_ruleset",
+ "landlock_restrict_self",
"lchown",
"lchown32",
"lgetxattr",
@@ -200,6 +209,7 @@ func DefaultProfile(sp *specs.Spec) *specs.LinuxSeccomp {
"madvise",
"membarrier",
"memfd_create",
+ "memfd_secret",
"mincore",
"mkdir",
"mkdirat",
@@ -228,6 +238,7 @@ func DefaultProfile(sp *specs.Spec) *specs.LinuxSeccomp {
"munlock",
"munlockall",
"munmap",
+ "name_to_handle_at",
"nanosleep",
"newfstatat",
"_newselect",
@@ -239,6 +250,9 @@ func DefaultProfile(sp *specs.Spec) *specs.LinuxSeccomp {
"pidfd_send_signal",
"pipe",
"pipe2",
+ "pkey_alloc",
+ "pkey_free",
+ "pkey_mprotect",
"poll",
"ppoll",
"ppoll_time64",
@@ -247,6 +261,7 @@ func DefaultProfile(sp *specs.Spec) *specs.LinuxSeccomp {
"preadv",
"preadv2",
"prlimit64",
+ "process_mrelease",
"pselect6",
"pselect6_time64",
"pwrite64",
@@ -460,12 +475,25 @@ func DefaultProfile(sp *specs.Spec) *specs.LinuxSeccomp {
Syscalls: syscalls,
}
+ // include by kernel version
+ if ok, err := kernelversion.GreaterEqualThan(
+ kernelversion.KernelVersion{Kernel: 4, Major: 8}); err == nil {
+ if ok {
+ s.Syscalls = append(s.Syscalls, specs.LinuxSyscall{
+ Names: []string{"ptrace"},
+ Action: specs.ActAllow,
+ Args: []specs.LinuxSeccompArg{},
+ })
+ }
+ }
+
// include by arch
switch runtime.GOARCH {
case "ppc64le":
s.Syscalls = append(s.Syscalls, specs.LinuxSyscall{
Names: []string{
"sync_file_range2",
+ "swapcontext",
},
Action: specs.ActAllow,
Args: []specs.LinuxSeccompArg{},
@@ -510,6 +538,14 @@ func DefaultProfile(sp *specs.Spec) *specs.LinuxSeccomp {
Action: specs.ActAllow,
Args: []specs.LinuxSeccompArg{},
})
+ case "riscv64":
+ s.Syscalls = append(s.Syscalls, specs.LinuxSyscall{
+ Names: []string{
+ "riscv_flush_icache",
+ },
+ Action: specs.ActAllow,
+ Args: []specs.LinuxSeccompArg{},
+ })
}
admin := false
@@ -535,11 +571,12 @@ func DefaultProfile(sp *specs.Spec) *specs.LinuxSeccomp {
"fspick",
"lookup_dcookie",
"mount",
+ "mount_setattr",
"move_mount",
- "name_to_handle_at",
"open_tree",
"perf_event_open",
"quotactl",
+ "quotactl_fd",
"setdomainname",
"sethostname",
"setns",
@@ -607,6 +644,7 @@ func DefaultProfile(sp *specs.Spec) *specs.LinuxSeccomp {
"settimeofday",
"stime",
"clock_settime",
+ "clock_settime64",
},
Action: specs.ActAllow,
Args: []specs.LinuxSeccompArg{},
@@ -617,12 +655,34 @@ func DefaultProfile(sp *specs.Spec) *specs.LinuxSeccomp {
Action: specs.ActAllow,
Args: []specs.LinuxSeccompArg{},
})
+ case "CAP_SYS_NICE":
+ s.Syscalls = append(s.Syscalls, specs.LinuxSyscall{
+ Names: []string{
+ "get_mempolicy",
+ "mbind",
+ "set_mempolicy",
+ },
+ Action: specs.ActAllow,
+ Args: []specs.LinuxSeccompArg{},
+ })
case "CAP_SYSLOG":
s.Syscalls = append(s.Syscalls, specs.LinuxSyscall{
Names: []string{"syslog"},
Action: specs.ActAllow,
Args: []specs.LinuxSeccompArg{},
})
+ case "CAP_BPF":
+ s.Syscalls = append(s.Syscalls, specs.LinuxSyscall{
+ Names: []string{"bpf"},
+ Action: specs.ActAllow,
+ Args: []specs.LinuxSeccompArg{},
+ })
+ case "CAP_PERFMON":
+ s.Syscalls = append(s.Syscalls, specs.LinuxSyscall{
+ Names: []string{"perf_event_open"},
+ Action: specs.ActAllow,
+ Args: []specs.LinuxSeccompArg{},
+ })
}
}
diff --git a/contrib/seccomp/seccomp_default_unsupported.go b/contrib/seccomp/seccomp_default_unsupported.go
index 6d70510..d06d648 100644
--- a/contrib/seccomp/seccomp_default_unsupported.go
+++ b/contrib/seccomp/seccomp_default_unsupported.go
@@ -1,3 +1,4 @@
+//go:build !linux
// +build !linux
/*
diff --git a/debian/README.Debian b/debian/README.Debian
deleted file mode 100644
index 3251b85..0000000
--- a/debian/README.Debian
+++ /dev/null
@@ -1,8 +0,0 @@
-containerd for Debian
-
-Please edit this to provide information specific to
-this containerd Debian package.
-
- (Automatically generated by debmake Version 4.3.1)
-
- -- Luoyaoming Fri, 30 Dec 2022 13:48:35 +0800
diff --git a/debian/changelog b/debian/changelog
deleted file mode 100644
index 87aa0e4..0000000
--- a/debian/changelog
+++ /dev/null
@@ -1,35 +0,0 @@
-containerd (1.5.9-ok6) yangtze; urgency=high
-
- * fat_time CVE-2022-31030 安全更新:Apache containerd 存在资源管理错误漏洞,该漏洞源于未正确控制 ExecSync API 中内部资源的消耗.
-
- -- wangdong Thu, 09 Mar 2023 18:23:38 +0800
-
-containerd (1.5.9-ok5) yangtze; urgency=high
-
- * eric-teng CVE-2022-24778 安全更新:应用CheckAuthorization函数处理带有 ManifestList 的图像并且本地主机的体系结构不是 ManifestList的情况会发生故障
-
- -- lch Wed, 08 Mar 2023 00:31:13 +0800
-
-containerd (1.5.9-ok4) yangtze; urgency=medium
-
- * eric-teng CVE-2022-24769 安全更新:在20.10.14版之前的Moby(Docker Engine)中发现了一个错误
-
- -- dht Fri, 03 Mar 2023 12:51:31 +0800
-
-containerd (1.5.9-ok3) yangtze; urgency=medium
-
- * xie_shang CVE-2022-23471 安全更新:containerd 1.6.12之前版本、1.5.16之前版本中存在资源管理错误漏洞.
-
- -- hjf Mon, 27 Feb 2023 17:06:57 +0800
-
-containerd (1.5.9-ok2) yangtze; urgency=medium
-
- * Update version info.
-
- -- Luoyaoming Fri, 30 Dec 2022 14:22:46 +0800
-
-containerd (1.5.9-ok1) yangtze; urgency=low
-
- * Initial release.
-
- -- Luoyaoming Fri, 30 Dec 2022 13:48:35 +0800
diff --git a/debian/clean b/debian/clean
deleted file mode 100644
index b938377..0000000
--- a/debian/clean
+++ /dev/null
@@ -1,3 +0,0 @@
-.gocache/
-.gopath/
-man/
diff --git a/debian/compat b/debian/compat
deleted file mode 100644
index b4de394..0000000
--- a/debian/compat
+++ /dev/null
@@ -1 +0,0 @@
-11
diff --git a/debian/containerd.docs b/debian/containerd.docs
deleted file mode 100644
index ea33e1b..0000000
--- a/debian/containerd.docs
+++ /dev/null
@@ -1,3 +0,0 @@
-README.md
-docs/*.md
-docs/*.pdf
diff --git a/debian/containerd.install b/debian/containerd.install
deleted file mode 100644
index a65408f..0000000
--- a/debian/containerd.install
+++ /dev/null
@@ -1,2 +0,0 @@
-usr/bin
-usr/share/man
diff --git a/debian/containerd.service b/debian/containerd.service
deleted file mode 120000
index 9125c4f..0000000
--- a/debian/containerd.service
+++ /dev/null
@@ -1 +0,0 @@
-../containerd.service
\ No newline at end of file
diff --git a/debian/control b/debian/control
deleted file mode 100644
index 2cc2665..0000000
--- a/debian/control
+++ /dev/null
@@ -1,42 +0,0 @@
-Source: containerd
-Section: admin
-Priority: optional
-Maintainer: Openkylin Developers
-XSBC-Original-Maintainer: Debian Go Packaging Team
-Uploaders: Luo Yaoming
-Build-Depends: debhelper (>= 11),
- dh-golang,
- go-md2man,
- golang-go,
- libbtrfs-dev | btrfs-progs (<< 4.16.1~),
- libseccomp-dev,
- pkg-config
-Standards-Version: 3.9.7
-Homepage: https://containerd.io
-Vcs-Git: https://gitee/openkylin/containerd.git
-Vcs-Browser: https://gitee/openkylin/containerd
-XS-Go-Import-Path: github.com/containerd/containerd
-
-Package: containerd
-Architecture: linux-any
-Depends: runc (>= 1.0.0~rc2~), ${misc:Depends}, ${shlibs:Depends}
-Breaks: docker.io (<< 19.03.13-0)
-Built-Using: ${misc:Built-Using}
-Description: daemon to control runC
- Containerd is a daemon to control runC, built for performance and density.
- Containerd leverages runC's advanced features such as seccomp and user
- namespace support as well as checkpoint and restore for cloning and live
- migration of containers.
- .
- This package contains the binaries.
-
-Package: golang-github-containerd-containerd-dev
-Architecture: all
-Depends: ${misc:Depends}
-Description: runC develpoment files
- Containerd is a daemon to control runC, built for performance and density.
- Containerd leverages runC's advanced features such as seccomp and user
- namespace support as well as checkpoint and restore for cloning and live
- migration of containers.
- .
- This package provides development files.
diff --git a/debian/copyright b/debian/copyright
deleted file mode 100644
index fab2ed6..0000000
--- a/debian/copyright
+++ /dev/null
@@ -1,11777 +0,0 @@
-Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
-Upstream-Name: containerd
-Source:
-#
-# Please double check copyright with the licensecheck(1) command.
-
-Files: api/events/container.proto
- api/events/content.proto
- api/events/image.proto
- api/events/namespace.proto
- api/events/snapshot.proto
- api/events/task.proto
- api/services/containers/v1/containers.proto
- api/services/content/v1/content.proto
- api/services/diff/v1/diff.proto
- api/services/events/v1/events.proto
- api/services/images/v1/docs.go
- api/services/images/v1/images.proto
- api/services/introspection/v1/doc.go
- api/services/introspection/v1/introspection.proto
- api/services/leases/v1/doc.go
- api/services/leases/v1/leases.proto
- api/services/namespaces/v1/namespace.proto
- api/services/snapshots/v1/snapshots.proto
- api/services/tasks/v1/tasks.proto
- api/services/ttrpc/events/v1/events.proto
- api/services/version/v1/version.proto
- api/types/descriptor.proto
- api/types/doc.go
- api/types/metrics.proto
- api/types/mount.proto
- api/types/platform.proto
- api/types/task/task.proto
- archive/compression/compression.go
- archive/compression/compression_test.go
- archive/issues_test.go
- archive/tar.go
- archive/tar_freebsd.go
- archive/tar_linux_test.go
- archive/tar_mostunix.go
- archive/tar_opts.go
- archive/tar_opts_linux.go
- archive/tar_opts_windows.go
- archive/tar_test.go
- archive/tar_unix.go
- archive/tar_windows.go
- archive/tartest/tar.go
- archive/time.go
- archive/time_unix.go
- archive/time_windows.go
- cio/io.go
- cio/io_test.go
- cio/io_unix.go
- cio/io_unix_test.go
- cio/io_windows.go
- cio/io_windows_test.go
- client.go
- client_opts.go
- cmd/containerd-shim-runc-v1/main.go
- cmd/containerd-shim-runc-v2/main.go
- cmd/containerd-shim/main_unix.go
- cmd/containerd-shim/shim_darwin.go
- cmd/containerd-shim/shim_freebsd.go
- cmd/containerd-shim/shim_linux.go
- cmd/containerd-stress/density.go
- cmd/containerd-stress/exec_worker.go
- cmd/containerd-stress/main.go
- cmd/containerd-stress/rlimit_freebsd.go
- cmd/containerd-stress/rlimit_unix.go
- cmd/containerd-stress/rlimit_windows.go
- cmd/containerd-stress/size.go
- cmd/containerd-stress/worker.go
- cmd/containerd/builtins.go
- cmd/containerd/builtins_aufs_linux.go
- cmd/containerd/builtins_btrfs_linux.go
- cmd/containerd/builtins_cri.go
- cmd/containerd/builtins_devmapper_linux.go
- cmd/containerd/builtins_freebsd.go
- cmd/containerd/builtins_linux.go
- cmd/containerd/builtins_unix.go
- cmd/containerd/builtins_windows.go
- cmd/containerd/builtins_zfs_linux.go
- cmd/containerd/command/config.go
- cmd/containerd/command/config_linux.go
- cmd/containerd/command/config_unsupported.go
- cmd/containerd/command/config_windows.go
- cmd/containerd/command/main.go
- cmd/containerd/command/main_unix.go
- cmd/containerd/command/main_windows.go
- cmd/containerd/command/notify_linux.go
- cmd/containerd/command/notify_unsupported.go
- cmd/containerd/command/oci-hook.go
- cmd/containerd/command/publish.go
- cmd/containerd/command/service_unsupported.go
- cmd/containerd/command/service_windows.go
- cmd/containerd/main.go
- cmd/ctr/app/main.go
- cmd/ctr/app/main_unix.go
- cmd/ctr/commands/client.go
- cmd/ctr/commands/commands.go
- cmd/ctr/commands/commands_unix.go
- cmd/ctr/commands/commands_windows.go
- cmd/ctr/commands/containers/checkpoint.go
- cmd/ctr/commands/containers/containers.go
- cmd/ctr/commands/containers/restore.go
- cmd/ctr/commands/content/content.go
- cmd/ctr/commands/content/fetch.go
- cmd/ctr/commands/content/prune.go
- cmd/ctr/commands/events/events.go
- cmd/ctr/commands/images/convert.go
- cmd/ctr/commands/images/export.go
- cmd/ctr/commands/images/images.go
- cmd/ctr/commands/images/import.go
- cmd/ctr/commands/images/mount.go
- cmd/ctr/commands/images/pull.go
- cmd/ctr/commands/images/push.go
- cmd/ctr/commands/images/tag.go
- cmd/ctr/commands/images/unmount.go
- cmd/ctr/commands/install/install.go
- cmd/ctr/commands/leases/leases.go
- cmd/ctr/commands/namespaces/namespaces.go
- cmd/ctr/commands/namespaces/namespaces_linux.go
- cmd/ctr/commands/namespaces/namespaces_other.go
- cmd/ctr/commands/oci/oci.go
- cmd/ctr/commands/plugins/plugins.go
- cmd/ctr/commands/pprof/pprof.go
- cmd/ctr/commands/pprof/pprof_unix.go
- cmd/ctr/commands/pprof/pprof_windows.go
- cmd/ctr/commands/resolver.go
- cmd/ctr/commands/run/run.go
- cmd/ctr/commands/run/run_unix.go
- cmd/ctr/commands/run/run_windows.go
- cmd/ctr/commands/shim/io_unix.go
- cmd/ctr/commands/shim/shim.go
- cmd/ctr/commands/signals.go
- cmd/ctr/commands/signals_linux.go
- cmd/ctr/commands/signals_notlinux.go
- cmd/ctr/commands/snapshots/snapshots.go
- cmd/ctr/commands/tasks/attach.go
- cmd/ctr/commands/tasks/checkpoint.go
- cmd/ctr/commands/tasks/delete.go
- cmd/ctr/commands/tasks/exec.go
- cmd/ctr/commands/tasks/kill.go
- cmd/ctr/commands/tasks/list.go
- cmd/ctr/commands/tasks/metrics.go
- cmd/ctr/commands/tasks/pause.go
- cmd/ctr/commands/tasks/ps.go
- cmd/ctr/commands/tasks/resume.go
- cmd/ctr/commands/tasks/start.go
- cmd/ctr/commands/tasks/tasks.go
- cmd/ctr/commands/tasks/tasks_unix.go
- cmd/ctr/commands/tasks/tasks_windows.go
- cmd/ctr/commands/utils.go
- cmd/ctr/commands/version/version.go
- cmd/ctr/main.go
- cmd/gen-manpages/main.go
- cmd/protoc-gen-gogoctrd/customnameid.go
- cmd/protoc-gen-gogoctrd/main.go
- container.go
- container_checkpoint_opts.go
- container_opts.go
- container_opts_unix.go
- container_restore_opts.go
- containerd.service
- containers/containers.go
- containerstore.go
- content/adaptor.go
- content/content.go
- content/helpers.go
- content/helpers_test.go
- content/local/locks.go
- content/local/locks_test.go
- content/local/readerat.go
- content/local/store.go
- content/local/store_bsd.go
- content/local/store_openbsd.go
- content/local/store_test.go
- content/local/store_unix.go
- content/local/store_windows.go
- content/local/writer.go
- content/proxy/content_reader.go
- content/proxy/content_store.go
- content/proxy/content_writer.go
- content/testsuite/testsuite.go
- contrib/apparmor/apparmor.go
- contrib/apparmor/apparmor_test.go
- contrib/apparmor/apparmor_unsupported.go
- contrib/apparmor/template.go
- contrib/fuzz/filters_fuzzers.go
- contrib/fuzz/platforms_fuzzers.go
- contrib/gce/configure.sh
- contrib/nvidia/nvidia.go
- contrib/seccomp/seccomp.go
- contrib/seccomp/seccomp_default.go
- contrib/seccomp/seccomp_default_unsupported.go
- contrib/snapshotservice/service.go
- defaults/defaults.go
- defaults/defaults_unix.go
- defaults/defaults_windows.go
- diff.go
- diff/apply/apply.go
- diff/apply/apply_linux.go
- diff/apply/apply_linux_test.go
- diff/apply/apply_other.go
- diff/diff.go
- diff/lcow/lcow.go
- diff/stream.go
- diff/stream_unix.go
- diff/stream_windows.go
- diff/walking/differ.go
- diff/walking/plugin/plugin.go
- diff/windows/windows.go
- errdefs/grpc.go
- errdefs/grpc_test.go
- events.go
- events/events.go
- events/exchange/exchange.go
- events/exchange/exchange_test.go
- export.go
- filters/adaptor.go
- filters/filter_test.go
- filters/parser.go
- filters/quote.go
- filters/scanner.go
- filters/scanner_test.go
- gc/gc_test.go
- gc/scheduler/scheduler.go
- gc/scheduler/scheduler_test.go
- grpc.go
- identifiers/validate_test.go
- image.go
- image_store.go
- images/annotations.go
- images/archive/exporter.go
- images/archive/reference.go
- images/converter/default.go
- images/converter/uncompress/uncompress.go
- images/diffid.go
- images/handlers.go
- images/image.go
- images/image_test.go
- images/importexport.go
- images/mediatypes.go
- import.go
- install.go
- install_opts.go
- integration/addition_gids_test.go
- integration/client/benchmark_test.go
- integration/client/client_test.go
- integration/client/client_ttrpc_test.go
- integration/client/client_unix_test.go
- integration/client/client_windows_test.go
- integration/client/container_checkpoint_test.go
- integration/client/container_linux_test.go
- integration/client/container_test.go
- integration/client/content_test.go
- integration/client/convert_test.go
- integration/client/daemon_config_linux_test.go
- integration/client/daemon_test.go
- integration/client/export_test.go
- integration/client/helpers_unix_test.go
- integration/client/helpers_windows_test.go
- integration/client/image_test.go
- integration/client/import_test.go
- integration/client/lease_test.go
- integration/client/restart_monitor_linux_test.go
- integration/client/signals_test.go
- integration/client/snapshot_test.go
- integration/client/task_opts_unix_test.go
- integration/common.go
- integration/container_log_test.go
- integration/container_restart_test.go
- integration/container_stats_test.go
- integration/container_stop_test.go
- integration/container_update_resources_test.go
- integration/container_without_image_ref_test.go
- integration/containerd_image_test.go
- integration/duplicate_name_test.go
- integration/image_load_test.go
- integration/imagefs_info_test.go
- integration/images/volume-copy-up/Dockerfile
- integration/images/volume-copy-up/Makefile
- integration/images/volume-ownership/Dockerfile
- integration/images/volume-ownership/Makefile
- integration/main_test.go
- integration/no_metadata_test.go
- integration/pod_dualstack_test.go
- integration/pod_hostname_test.go
- integration/restart_test.go
- integration/runtime_handler_test.go
- integration/sandbox_clean_remove_test.go
- integration/truncindex_test.go
- integration/volume_copy_up_test.go
- labels/labels.go
- labels/validate.go
- labels/validate_test.go
- lease.go
- leases/context.go
- leases/grpc.go
- leases/id.go
- leases/lease.go
- leases/proxy/manager.go
- log/context.go
- log/context_test.go
- log/logtest/context.go
- log/logtest/log_hook.go
- metadata/adaptors.go
- metadata/bolt.go
- metadata/boltutil/helpers.go
- metadata/containers.go
- metadata/containers_test.go
- metadata/content.go
- metadata/content_test.go
- metadata/db.go
- metadata/db_test.go
- metadata/gc.go
- metadata/gc_test.go
- metadata/images.go
- metadata/images_test.go
- metadata/leases.go
- metadata/leases_test.go
- metadata/migrations.go
- metadata/namespaces.go
- metadata/namespaces_test.go
- metadata/snapshot.go
- metadata/snapshot_test.go
- metrics/cgroups/cgroups.go
- metrics/cgroups/v1/blkio.go
- metrics/cgroups/v1/cgroups.go
- metrics/cgroups/v1/cpu.go
- metrics/cgroups/v1/hugetlb.go
- metrics/cgroups/v1/memory.go
- metrics/cgroups/v1/metric.go
- metrics/cgroups/v1/metrics.go
- metrics/cgroups/v1/oom.go
- metrics/cgroups/v1/pids.go
- metrics/cgroups/v2/cgroups.go
- metrics/cgroups/v2/cpu.go
- metrics/cgroups/v2/io.go
- metrics/cgroups/v2/memory.go
- metrics/cgroups/v2/metric.go
- metrics/cgroups/v2/metrics.go
- metrics/cgroups/v2/pids.go
- metrics/types/v1/types.go
- metrics/types/v2/types.go
- mount/lookup_linux_test.go
- mount/lookup_unix.go
- mount/lookup_unsupported.go
- mount/losetup_linux.go
- mount/losetup_linux_test.go
- mount/mount.go
- mount/mount_freebsd.go
- mount/mount_linux.go
- mount/mount_linux_test.go
- mount/mount_unix.go
- mount/mount_windows.go
- mount/mountinfo.go
- mount/temp.go
- mount/temp_unix.go
- mount/temp_unsupported.go
- namespaces.go
- namespaces/context.go
- namespaces/context_test.go
- namespaces/grpc.go
- namespaces/store.go
- namespaces/ttrpc.go
- namespaces/ttrpc_test.go
- oci/client.go
- oci/spec.go
- oci/spec_opts.go
- oci/spec_opts_linux.go
- oci/spec_opts_linux_test.go
- oci/spec_opts_nonlinux.go
- oci/spec_opts_test.go
- oci/spec_opts_unix.go
- oci/spec_opts_unix_test.go
- oci/spec_opts_windows.go
- oci/spec_opts_windows_test.go
- oci/spec_test.go
- oci/utils_unix.go
- pkg/apparmor/apparmor.go
- pkg/apparmor/apparmor_linux.go
- pkg/apparmor/apparmor_unsupported.go
- pkg/atomic/atomic_boolean.go
- pkg/atomic/atomic_boolean_test.go
- pkg/cap/cap_linux_test.go
- pkg/cri/annotations/annotations.go
- pkg/cri/config/config.go
- pkg/cri/config/config_test.go
- pkg/cri/config/config_unix.go
- pkg/cri/config/config_windows.go
- pkg/cri/constants/constants.go
- pkg/cri/cri.go
- pkg/cri/io/container_io.go
- pkg/cri/io/exec_io.go
- pkg/cri/io/helpers.go
- pkg/cri/io/helpers_unix.go
- pkg/cri/io/helpers_windows.go
- pkg/cri/io/logger.go
- pkg/cri/io/logger_test.go
- pkg/cri/opts/container.go
- pkg/cri/opts/spec.go
- pkg/cri/opts/spec_linux.go
- pkg/cri/opts/spec_linux_test.go
- pkg/cri/opts/spec_test.go
- pkg/cri/opts/spec_windows.go
- pkg/cri/opts/task.go
- pkg/cri/platforms/default_unix.go
- pkg/cri/platforms/default_windows.go
- pkg/cri/server/cni_conf_syncer.go
- pkg/cri/server/container_attach.go
- pkg/cri/server/container_create.go
- pkg/cri/server/container_create_linux.go
- pkg/cri/server/container_create_linux_test.go
- pkg/cri/server/container_create_other.go
- pkg/cri/server/container_create_other_test.go
- pkg/cri/server/container_create_test.go
- pkg/cri/server/container_create_windows.go
- pkg/cri/server/container_create_windows_test.go
- pkg/cri/server/container_exec.go
- pkg/cri/server/container_execsync.go
- pkg/cri/server/container_list.go
- pkg/cri/server/container_list_test.go
- pkg/cri/server/container_log_reopen.go
- pkg/cri/server/container_remove.go
- pkg/cri/server/container_remove_test.go
- pkg/cri/server/container_start.go
- pkg/cri/server/container_start_test.go
- pkg/cri/server/container_stats.go
- pkg/cri/server/container_stats_list.go
- pkg/cri/server/container_stats_list_linux.go
- pkg/cri/server/container_stats_list_linux_test.go
- pkg/cri/server/container_stats_list_other.go
- pkg/cri/server/container_stats_list_windows.go
- pkg/cri/server/container_status.go
- pkg/cri/server/container_status_test.go
- pkg/cri/server/container_stop.go
- pkg/cri/server/container_stop_test.go
- pkg/cri/server/container_update_resources_linux.go
- pkg/cri/server/container_update_resources_linux_test.go
- pkg/cri/server/container_update_resources_other.go
- pkg/cri/server/container_update_resources_windows.go
- pkg/cri/server/events.go
- pkg/cri/server/events_test.go
- pkg/cri/server/helpers.go
- pkg/cri/server/helpers_linux.go
- pkg/cri/server/helpers_linux_test.go
- pkg/cri/server/helpers_other.go
- pkg/cri/server/helpers_selinux_linux_test.go
- pkg/cri/server/helpers_test.go
- pkg/cri/server/helpers_windows.go
- pkg/cri/server/image_list.go
- pkg/cri/server/image_list_test.go
- pkg/cri/server/image_pull.go
- pkg/cri/server/image_pull_test.go
- pkg/cri/server/image_remove.go
- pkg/cri/server/image_status.go
- pkg/cri/server/image_status_test.go
- pkg/cri/server/imagefs_info.go
- pkg/cri/server/imagefs_info_test.go
- pkg/cri/server/instrumented_service.go
- pkg/cri/server/opts.go
- pkg/cri/server/restart.go
- pkg/cri/server/sandbox_list.go
- pkg/cri/server/sandbox_list_test.go
- pkg/cri/server/sandbox_portforward.go
- pkg/cri/server/sandbox_portforward_linux.go
- pkg/cri/server/sandbox_portforward_other.go
- pkg/cri/server/sandbox_portforward_windows.go
- pkg/cri/server/sandbox_remove.go
- pkg/cri/server/sandbox_run.go
- pkg/cri/server/sandbox_run_linux.go
- pkg/cri/server/sandbox_run_linux_test.go
- pkg/cri/server/sandbox_run_other.go
- pkg/cri/server/sandbox_run_other_test.go
- pkg/cri/server/sandbox_run_test.go
- pkg/cri/server/sandbox_run_windows.go
- pkg/cri/server/sandbox_run_windows_test.go
- pkg/cri/server/sandbox_status.go
- pkg/cri/server/sandbox_status_test.go
- pkg/cri/server/sandbox_stop.go
- pkg/cri/server/sandbox_stop_test.go
- pkg/cri/server/service.go
- pkg/cri/server/service_linux.go
- pkg/cri/server/service_other.go
- pkg/cri/server/service_test.go
- pkg/cri/server/service_windows.go
- pkg/cri/server/snapshots.go
- pkg/cri/server/status.go
- pkg/cri/server/streaming.go
- pkg/cri/server/streaming_test.go
- pkg/cri/server/testing/fake_cni_plugin.go
- pkg/cri/server/update_runtime_config.go
- pkg/cri/server/update_runtime_config_test.go
- pkg/cri/server/version.go
- pkg/cri/store/container/container.go
- pkg/cri/store/container/container_test.go
- pkg/cri/store/container/fake_status.go
- pkg/cri/store/container/metadata.go
- pkg/cri/store/container/metadata_test.go
- pkg/cri/store/container/status.go
- pkg/cri/store/container/status_test.go
- pkg/cri/store/errors.go
- pkg/cri/store/errors_test.go
- pkg/cri/store/image/fake_image.go
- pkg/cri/store/image/image.go
- pkg/cri/store/image/image_test.go
- pkg/cri/store/image/sort.go
- pkg/cri/store/image/sort_test.go
- pkg/cri/store/label/label.go
- pkg/cri/store/label/label_test.go
- pkg/cri/store/sandbox/metadata.go
- pkg/cri/store/sandbox/metadata_test.go
- pkg/cri/store/sandbox/sandbox.go
- pkg/cri/store/sandbox/sandbox_test.go
- pkg/cri/store/sandbox/status.go
- pkg/cri/store/sandbox/status_test.go
- pkg/cri/store/snapshot/snapshot.go
- pkg/cri/store/snapshot/snapshot_test.go
- pkg/cri/store/util.go
- pkg/cri/util/deep_copy.go
- pkg/cri/util/deep_copy_test.go
- pkg/cri/util/id.go
- pkg/cri/util/image.go
- pkg/cri/util/image_test.go
- pkg/cri/util/strings.go
- pkg/cri/util/strings_test.go
- pkg/cri/util/util.go
- pkg/dialer/dialer.go
- pkg/dialer/dialer_unix.go
- pkg/dialer/dialer_windows.go
- pkg/ioutil/read_closer.go
- pkg/ioutil/read_closer_test.go
- pkg/ioutil/write_closer.go
- pkg/ioutil/write_closer_test.go
- pkg/ioutil/writer_group.go
- pkg/ioutil/writer_group_test.go
- pkg/netns/netns_other.go
- pkg/netns/netns_windows.go
- pkg/oom/oom.go
- pkg/oom/v1/v1.go
- pkg/oom/v2/v2.go
- pkg/os/mount_linux.go
- pkg/os/mount_other.go
- pkg/os/mount_unix.go
- pkg/os/os.go
- pkg/os/os_unix.go
- pkg/os/os_windows.go
- pkg/os/os_windows_test.go
- pkg/os/testing/fake_os.go
- pkg/os/testing/fake_os_unix.go
- pkg/process/deleted_state.go
- pkg/process/exec.go
- pkg/process/exec_state.go
- pkg/process/init.go
- pkg/process/init_state.go
- pkg/process/io.go
- pkg/process/io_test.go
- pkg/process/io_util.go
- pkg/process/process.go
- pkg/process/types.go
- pkg/process/utils.go
- pkg/progress/bar.go
- pkg/progress/escape.go
- pkg/progress/humaans.go
- pkg/progress/writer.go
- pkg/registrar/registrar.go
- pkg/registrar/registrar_test.go
- pkg/seccomp/seccomp.go
- pkg/seccomp/seccomp_unsupported.go
- pkg/seed/seed.go
- pkg/seed/seed_linux.go
- pkg/seed/seed_other.go
- pkg/seutil/seutil.go
- pkg/stdio/platform.go
- pkg/stdio/stdio.go
- pkg/testutil/helpers.go
- pkg/testutil/helpers_unix.go
- pkg/testutil/helpers_windows.go
- pkg/testutil/mount_linux.go
- pkg/testutil/mount_other.go
- pkg/timeout/timeout.go
- pkg/ttrpcutil/client.go
- pkg/userns/userns_linux.go
- pkg/userns/userns_unsupported.go
- platforms/compare.go
- platforms/compare_test.go
- platforms/cpuinfo.go
- platforms/cpuinfo_test.go
- platforms/database.go
- platforms/defaults.go
- platforms/defaults_test.go
- platforms/defaults_unix.go
- platforms/defaults_windows.go
- platforms/defaults_windows_test.go
- platforms/platforms_test.go
- plugin/context.go
- plugin/plugin.go
- plugin/plugin_go18.go
- plugin/plugin_other.go
- process.go
- protobuf/plugin/doc.go
- protobuf/plugin/fieldpath/fieldpath.go
- protobuf/plugin/helpers.go
- pull.go
- reference/reference.go
- reference/reference_test.go
- remotes/docker/auth/fetch.go
- remotes/docker/auth/parse.go
- remotes/docker/authorizer.go
- remotes/docker/config/config_unix.go
- remotes/docker/config/config_windows.go
- remotes/docker/config/hosts_test.go
- remotes/docker/converter.go
- remotes/docker/errcode.go
- remotes/docker/errdesc.go
- remotes/docker/fetcher.go
- remotes/docker/fetcher_test.go
- remotes/docker/handler.go
- remotes/docker/handler_test.go
- remotes/docker/httpreadseeker.go
- remotes/docker/pusher.go
- remotes/docker/pusher_test.go
- remotes/docker/registry.go
- remotes/docker/registry_test.go
- remotes/docker/resolver.go
- remotes/docker/resolver_test.go
- remotes/docker/schema1/converter.go
- remotes/docker/scope.go
- remotes/docker/scope_test.go
- remotes/docker/status.go
- remotes/errors/errors.go
- remotes/handlers.go
- remotes/handlers_test.go
- remotes/resolver.go
- rootfs/apply.go
- rootfs/diff.go
- rootfs/init.go
- rootfs/init_linux.go
- rootfs/init_other.go
- runtime/events.go
- runtime/linux/runctypes/doc.go
- runtime/monitor.go
- runtime/opts/opts_linux.go
- runtime/restart/monitor/change.go
- runtime/restart/monitor/monitor.go
- runtime/runtime.go
- runtime/task.go
- runtime/task_list.go
- runtime/typeurl.go
- runtime/v1/linux/bundle.go
- runtime/v1/linux/bundle_test.go
- runtime/v1/linux/process.go
- runtime/v1/linux/runtime.go
- runtime/v1/linux/task.go
- runtime/v1/shim.go
- runtime/v1/shim/client/client.go
- runtime/v1/shim/client/client_linux.go
- runtime/v1/shim/client/client_unix.go
- runtime/v1/shim/local.go
- runtime/v1/shim/service.go
- runtime/v1/shim/service_linux.go
- runtime/v1/shim/service_unix.go
- runtime/v1/shim/v1/doc.go
- runtime/v1/shim/v1/shim.proto
- runtime/v2/binary.go
- runtime/v2/bundle.go
- runtime/v2/bundle_default.go
- runtime/v2/bundle_linux.go
- runtime/v2/bundle_linux_test.go
- runtime/v2/bundle_test.go
- runtime/v2/example/cmd/main.go
- runtime/v2/example/example.go
- runtime/v2/logging/logging.go
- runtime/v2/logging/logging_unix.go
- runtime/v2/logging/logging_windows.go
- runtime/v2/manager.go
- runtime/v2/manager_unix.go
- runtime/v2/manager_windows.go
- runtime/v2/process.go
- runtime/v2/runc/container.go
- runtime/v2/runc/options/doc.go
- runtime/v2/runc/platform.go
- runtime/v2/runc/util.go
- runtime/v2/runc/v1/service.go
- runtime/v2/runc/v2/service.go
- runtime/v2/shim.go
- runtime/v2/shim/publisher.go
- runtime/v2/shim/shim.go
- runtime/v2/shim/shim_darwin.go
- runtime/v2/shim/shim_freebsd.go
- runtime/v2/shim/shim_linux.go
- runtime/v2/shim/shim_test.go
- runtime/v2/shim/shim_unix.go
- runtime/v2/shim/shim_windows.go
- runtime/v2/shim/util.go
- runtime/v2/shim/util_unix.go
- runtime/v2/shim/util_windows.go
- runtime/v2/shim_unix.go
- runtime/v2/shim_unix_test.go
- runtime/v2/shim_windows.go
- runtime/v2/shim_windows_test.go
- runtime/v2/task/doc.go
- runtime/v2/task/shim.proto
- script/setup/install-cni-windows
- script/setup/install-gotestsum
- script/test/cri-integration.sh
- script/test/utils.sh
- services.go
- services/containers/helpers.go
- services/containers/local.go
- services/containers/service.go
- services/content/contentserver/contentserver.go
- services/content/service.go
- services/content/store.go
- services/diff/local.go
- services/diff/service.go
- services/diff/service_unix.go
- services/diff/service_windows.go
- services/events/service.go
- services/events/ttrpc.go
- services/healthcheck/service.go
- services/images/helpers.go
- services/images/local.go
- services/images/service.go
- services/introspection/introspection.go
- services/introspection/local.go
- services/introspection/service.go
- services/leases/local.go
- services/leases/service.go
- services/namespaces/local.go
- services/namespaces/service.go
- services/opt/path_unix.go
- services/opt/path_windows.go
- services/opt/service.go
- services/server/config/config.go
- services/server/config/config_test.go
- services/server/server.go
- services/server/server_linux.go
- services/server/server_solaris.go
- services/server/server_test.go
- services/server/server_unsupported.go
- services/server/server_windows.go
- services/services.go
- services/snapshots/service.go
- services/snapshots/snapshotters.go
- services/tasks/local.go
- services/tasks/local_freebsd.go
- services/tasks/local_unix.go
- services/tasks/local_windows.go
- services/tasks/service.go
- services/version/service.go
- signals.go
- signals_unix.go
- signals_windows.go
- snapshots/benchsuite/benchmark.go
- snapshots/benchsuite/benchmark_test.go
- snapshots/btrfs/btrfs.go
- snapshots/btrfs/btrfs_test.go
- snapshots/btrfs/plugin/plugin.go
- snapshots/devmapper/config.go
- snapshots/devmapper/config_test.go
- snapshots/devmapper/device_info.go
- snapshots/devmapper/dmsetup/dmsetup.go
- snapshots/devmapper/dmsetup/dmsetup_test.go
- snapshots/devmapper/metadata.go
- snapshots/devmapper/metadata_test.go
- snapshots/devmapper/plugin/plugin.go
- snapshots/devmapper/pool_device.go
- snapshots/devmapper/pool_device_test.go
- snapshots/devmapper/snapshotter.go
- snapshots/devmapper/snapshotter_test.go
- snapshots/lcow/lcow.go
- snapshots/native/native.go
- snapshots/native/native_default.go
- snapshots/native/native_freebsd.go
- snapshots/native/native_test.go
- snapshots/native/plugin/plugin.go
- snapshots/overlay/overlay.go
- snapshots/overlay/overlay_test.go
- snapshots/overlay/overlayutils/check.go
- snapshots/overlay/overlayutils/check_test.go
- snapshots/overlay/plugin/plugin.go
- snapshots/proxy/proxy.go
- snapshots/snapshotter.go
- snapshots/storage/bolt.go
- snapshots/storage/bolt_test.go
- snapshots/storage/metastore_bench_test.go
- snapshots/storage/metastore_test.go
- snapshots/testsuite/helpers.go
- snapshots/testsuite/helpers_linux.go
- snapshots/testsuite/helpers_other.go
- snapshots/testsuite/issues.go
- snapshots/testsuite/testsuite.go
- snapshots/testsuite/testsuite_unix.go
- snapshots/testsuite/testsuite_windows.go
- snapshots/windows/windows.go
- snapshotter_default_linux.go
- snapshotter_default_unix.go
- snapshotter_default_windows.go
- snapshotter_opts_unix.go
- sys/epoll.go
- sys/fds.go
- sys/filesys_unix.go
- sys/filesys_windows.go
- sys/mount_linux.go
- sys/mount_linux_test.go
- sys/oom_linux.go
- sys/oom_linux_test.go
- sys/oom_unsupported.go
- sys/reaper/reaper_unix.go
- sys/reaper/reaper_utils_linux.go
- sys/socket_unix.go
- sys/socket_windows.go
- sys/stat_bsd.go
- sys/stat_openbsd.go
- sys/stat_unix.go
- sys/subprocess_unsafe_linux.go
- sys/subprocess_unsafe_linux.s
- sys/userns_deprecated.go
- task.go
- task_opts.go
- task_opts_unix.go
- test/build-utils.sh
- test/push.sh
- test/utils.sh
- unpacker.go
- vendor/github.com/containerd/aufs/aufs.go
- vendor/github.com/containerd/aufs/plugin/plugin.go
- vendor/github.com/containerd/btrfs/Makefile
- vendor/github.com/containerd/btrfs/btrfs.c
- vendor/github.com/containerd/btrfs/btrfs.go
- vendor/github.com/containerd/btrfs/btrfs.h
- vendor/github.com/containerd/btrfs/helpers.go
- vendor/github.com/containerd/btrfs/info.go
- vendor/github.com/containerd/btrfs/ioctl.go
- vendor/github.com/containerd/cgroups/Makefile
- vendor/github.com/containerd/cgroups/blkio.go
- vendor/github.com/containerd/cgroups/cgroup.go
- vendor/github.com/containerd/cgroups/control.go
- vendor/github.com/containerd/cgroups/cpu.go
- vendor/github.com/containerd/cgroups/cpuacct.go
- vendor/github.com/containerd/cgroups/cpuset.go
- vendor/github.com/containerd/cgroups/devices.go
- vendor/github.com/containerd/cgroups/errors.go
- vendor/github.com/containerd/cgroups/freezer.go
- vendor/github.com/containerd/cgroups/hierarchy.go
- vendor/github.com/containerd/cgroups/hugetlb.go
- vendor/github.com/containerd/cgroups/memory.go
- vendor/github.com/containerd/cgroups/named.go
- vendor/github.com/containerd/cgroups/net_cls.go
- vendor/github.com/containerd/cgroups/net_prio.go
- vendor/github.com/containerd/cgroups/opts.go
- vendor/github.com/containerd/cgroups/paths.go
- vendor/github.com/containerd/cgroups/perf_event.go
- vendor/github.com/containerd/cgroups/pids.go
- vendor/github.com/containerd/cgroups/rdma.go
- vendor/github.com/containerd/cgroups/state.go
- vendor/github.com/containerd/cgroups/stats/v1/doc.go
- vendor/github.com/containerd/cgroups/subsystem.go
- vendor/github.com/containerd/cgroups/systemd.go
- vendor/github.com/containerd/cgroups/ticks.go
- vendor/github.com/containerd/cgroups/utils.go
- vendor/github.com/containerd/cgroups/v1.go
- vendor/github.com/containerd/cgroups/v2/cpu.go
- vendor/github.com/containerd/cgroups/v2/ebpf.go
- vendor/github.com/containerd/cgroups/v2/errors.go
- vendor/github.com/containerd/cgroups/v2/hugetlb.go
- vendor/github.com/containerd/cgroups/v2/io.go
- vendor/github.com/containerd/cgroups/v2/manager.go
- vendor/github.com/containerd/cgroups/v2/memory.go
- vendor/github.com/containerd/cgroups/v2/paths.go
- vendor/github.com/containerd/cgroups/v2/pids.go
- vendor/github.com/containerd/cgroups/v2/rdma.go
- vendor/github.com/containerd/cgroups/v2/state.go
- vendor/github.com/containerd/cgroups/v2/stats/doc.go
- vendor/github.com/containerd/cgroups/v2/utils.go
- vendor/github.com/containerd/console/console.go
- vendor/github.com/containerd/console/console_linux.go
- vendor/github.com/containerd/console/console_unix.go
- vendor/github.com/containerd/console/console_windows.go
- vendor/github.com/containerd/console/pty_freebsd_cgo.go
- vendor/github.com/containerd/console/pty_freebsd_nocgo.go
- vendor/github.com/containerd/console/pty_unix.go
- vendor/github.com/containerd/console/tc_darwin.go
- vendor/github.com/containerd/console/tc_freebsd_cgo.go
- vendor/github.com/containerd/console/tc_freebsd_nocgo.go
- vendor/github.com/containerd/console/tc_linux.go
- vendor/github.com/containerd/console/tc_netbsd.go
- vendor/github.com/containerd/console/tc_openbsd_cgo.go
- vendor/github.com/containerd/console/tc_solaris_cgo.go
- vendor/github.com/containerd/console/tc_unix.go
- vendor/github.com/containerd/continuity/context.go
- vendor/github.com/containerd/continuity/devices/devices.go
- vendor/github.com/containerd/continuity/devices/devices_unix.go
- vendor/github.com/containerd/continuity/devices/devices_windows.go
- vendor/github.com/containerd/continuity/devices/mknod_freebsd.go
- vendor/github.com/containerd/continuity/devices/mknod_unix.go
- vendor/github.com/containerd/continuity/digests.go
- vendor/github.com/containerd/continuity/driver/driver.go
- vendor/github.com/containerd/continuity/driver/driver_unix.go
- vendor/github.com/containerd/continuity/driver/lchmod_linux.go
- vendor/github.com/containerd/continuity/driver/lchmod_unix.go
- vendor/github.com/containerd/continuity/driver/utils.go
- vendor/github.com/containerd/continuity/fs/copy.go
- vendor/github.com/containerd/continuity/fs/copy_darwinopenbsdsolaris.go
- vendor/github.com/containerd/continuity/fs/copy_freebsd.go
- vendor/github.com/containerd/continuity/fs/copy_linux.go
- vendor/github.com/containerd/continuity/fs/copy_unix.go
- vendor/github.com/containerd/continuity/fs/copy_windows.go
- vendor/github.com/containerd/continuity/fs/diff.go
- vendor/github.com/containerd/continuity/fs/diff_unix.go
- vendor/github.com/containerd/continuity/fs/diff_windows.go
- vendor/github.com/containerd/continuity/fs/dtype_linux.go
- vendor/github.com/containerd/continuity/fs/du.go
- vendor/github.com/containerd/continuity/fs/du_unix.go
- vendor/github.com/containerd/continuity/fs/du_windows.go
- vendor/github.com/containerd/continuity/fs/fstest/compare.go
- vendor/github.com/containerd/continuity/fs/fstest/compare_unix.go
- vendor/github.com/containerd/continuity/fs/fstest/compare_windows.go
- vendor/github.com/containerd/continuity/fs/fstest/continuity_util.go
- vendor/github.com/containerd/continuity/fs/fstest/file.go
- vendor/github.com/containerd/continuity/fs/fstest/file_unix.go
- vendor/github.com/containerd/continuity/fs/fstest/file_windows.go
- vendor/github.com/containerd/continuity/fs/fstest/testsuite.go
- vendor/github.com/containerd/continuity/fs/hardlink.go
- vendor/github.com/containerd/continuity/fs/hardlink_unix.go
- vendor/github.com/containerd/continuity/fs/hardlink_windows.go
- vendor/github.com/containerd/continuity/fs/path.go
- vendor/github.com/containerd/continuity/fs/stat_darwinfreebsd.go
- vendor/github.com/containerd/continuity/fs/stat_linuxopenbsd.go
- vendor/github.com/containerd/continuity/fs/time.go
- vendor/github.com/containerd/continuity/hardlinks.go
- vendor/github.com/containerd/continuity/hardlinks_unix.go
- vendor/github.com/containerd/continuity/hardlinks_windows.go
- vendor/github.com/containerd/continuity/ioutils.go
- vendor/github.com/containerd/continuity/manifest.go
- vendor/github.com/containerd/continuity/pathdriver/path_driver.go
- vendor/github.com/containerd/continuity/proto/gen.go
- vendor/github.com/containerd/continuity/resource.go
- vendor/github.com/containerd/continuity/resource_unix.go
- vendor/github.com/containerd/continuity/resource_windows.go
- vendor/github.com/containerd/continuity/sysx/generate.sh
- vendor/github.com/containerd/continuity/sysx/nodata_linux.go
- vendor/github.com/containerd/continuity/sysx/nodata_solaris.go
- vendor/github.com/containerd/continuity/sysx/nodata_unix.go
- vendor/github.com/containerd/continuity/sysx/xattr.go
- vendor/github.com/containerd/continuity/sysx/xattr_unsupported.go
- vendor/github.com/containerd/continuity/testutil/helpers.go
- vendor/github.com/containerd/continuity/testutil/helpers_unix.go
- vendor/github.com/containerd/continuity/testutil/helpers_windows.go
- vendor/github.com/containerd/continuity/testutil/loopback/loopback_linux.go
- vendor/github.com/containerd/continuity/testutil/mount_linux.go
- vendor/github.com/containerd/continuity/testutil/mount_other.go
- vendor/github.com/containerd/fifo/Makefile
- vendor/github.com/containerd/fifo/errors.go
- vendor/github.com/containerd/fifo/fifo.go
- vendor/github.com/containerd/fifo/handle_linux.go
- vendor/github.com/containerd/fifo/handle_nolinux.go
- vendor/github.com/containerd/fifo/raw.go
- vendor/github.com/containerd/fifo/utils.go
- vendor/github.com/containerd/go-cni/cni.go
- vendor/github.com/containerd/go-cni/deprecated.go
- vendor/github.com/containerd/go-cni/errors.go
- vendor/github.com/containerd/go-cni/helper.go
- vendor/github.com/containerd/go-cni/namespace.go
- vendor/github.com/containerd/go-cni/namespace_opts.go
- vendor/github.com/containerd/go-cni/opts.go
- vendor/github.com/containerd/go-cni/result.go
- vendor/github.com/containerd/go-cni/testutils.go
- vendor/github.com/containerd/go-cni/types.go
- vendor/github.com/containerd/go-runc/command_linux.go
- vendor/github.com/containerd/go-runc/command_other.go
- vendor/github.com/containerd/go-runc/console.go
- vendor/github.com/containerd/go-runc/container.go
- vendor/github.com/containerd/go-runc/events.go
- vendor/github.com/containerd/go-runc/io.go
- vendor/github.com/containerd/go-runc/io_unix.go
- vendor/github.com/containerd/go-runc/io_windows.go
- vendor/github.com/containerd/go-runc/monitor.go
- vendor/github.com/containerd/go-runc/runc.go
- vendor/github.com/containerd/go-runc/runc_unix.go
- vendor/github.com/containerd/go-runc/runc_windows.go
- vendor/github.com/containerd/go-runc/utils.go
- vendor/github.com/containerd/imgcrypt/images/encryption/client.go
- vendor/github.com/containerd/imgcrypt/images/encryption/encryption.go
- vendor/github.com/containerd/imgcrypt/payload.go
- vendor/github.com/containerd/nri/Makefile
- vendor/github.com/containerd/nri/client.go
- vendor/github.com/containerd/nri/types/v1/types.go
- vendor/github.com/containerd/ttrpc/channel.go
- vendor/github.com/containerd/ttrpc/client.go
- vendor/github.com/containerd/ttrpc/codec.go
- vendor/github.com/containerd/ttrpc/config.go
- vendor/github.com/containerd/ttrpc/handshake.go
- vendor/github.com/containerd/ttrpc/interceptor.go
- vendor/github.com/containerd/ttrpc/metadata.go
- vendor/github.com/containerd/ttrpc/plugin/generator.go
- vendor/github.com/containerd/ttrpc/server.go
- vendor/github.com/containerd/ttrpc/services.go
- vendor/github.com/containerd/ttrpc/types.go
- vendor/github.com/containerd/ttrpc/unixcreds_linux.go
- vendor/github.com/containerd/typeurl/doc.go
- vendor/github.com/containerd/typeurl/types.go
- vendor/github.com/containerd/zfs/plugin/plugin.go
- vendor/github.com/containerd/zfs/zfs.go
- vendor/github.com/containernetworking/cni/libcni/api.go
- vendor/github.com/containernetworking/cni/libcni/conf.go
- vendor/github.com/containernetworking/cni/pkg/invoke/args.go
- vendor/github.com/containernetworking/cni/pkg/invoke/delegate.go
- vendor/github.com/containernetworking/cni/pkg/invoke/exec.go
- vendor/github.com/containernetworking/cni/pkg/invoke/find.go
- vendor/github.com/containernetworking/cni/pkg/invoke/os_windows.go
- vendor/github.com/containernetworking/cni/pkg/invoke/raw_exec.go
- vendor/github.com/containernetworking/cni/pkg/types/020/types.go
- vendor/github.com/containernetworking/cni/pkg/types/args.go
- vendor/github.com/containernetworking/cni/pkg/types/current/types.go
- vendor/github.com/containernetworking/cni/pkg/types/types.go
- vendor/github.com/containernetworking/cni/pkg/utils/utils.go
- vendor/github.com/containernetworking/cni/pkg/version/conf.go
- vendor/github.com/containernetworking/cni/pkg/version/plugin.go
- vendor/github.com/containernetworking/cni/pkg/version/reconcile.go
- vendor/github.com/containernetworking/cni/pkg/version/version.go
- vendor/github.com/containernetworking/plugins/pkg/ns/ns_linux.go
- vendor/github.com/containers/ocicrypt/Makefile
- vendor/github.com/containers/ocicrypt/blockcipher/blockcipher.go
- vendor/github.com/containers/ocicrypt/blockcipher/blockcipher_aes_ctr.go
- vendor/github.com/containers/ocicrypt/config/config.go
- vendor/github.com/containers/ocicrypt/config/constructors.go
- vendor/github.com/containers/ocicrypt/config/keyprovider-config/config.go
- vendor/github.com/containers/ocicrypt/crypto/pkcs11/common.go
- vendor/github.com/containers/ocicrypt/crypto/pkcs11/pkcs11helpers.go
- vendor/github.com/containers/ocicrypt/crypto/pkcs11/pkcs11helpers_nocgo.go
- vendor/github.com/containers/ocicrypt/crypto/pkcs11/utils.go
- vendor/github.com/containers/ocicrypt/encryption.go
- vendor/github.com/containers/ocicrypt/gpg.go
- vendor/github.com/containers/ocicrypt/gpgvault.go
- vendor/github.com/containers/ocicrypt/keywrap/jwe/keywrapper_jwe.go
- vendor/github.com/containers/ocicrypt/keywrap/keyprovider/keyprovider.go
- vendor/github.com/containers/ocicrypt/keywrap/keywrap.go
- vendor/github.com/containers/ocicrypt/keywrap/pgp/keywrapper_gpg.go
- vendor/github.com/containers/ocicrypt/keywrap/pkcs11/keywrapper_pkcs11.go
- vendor/github.com/containers/ocicrypt/keywrap/pkcs7/keywrapper_pkcs7.go
- vendor/github.com/containers/ocicrypt/reader.go
- vendor/github.com/containers/ocicrypt/utils/delayedreader.go
- vendor/github.com/containers/ocicrypt/utils/ioutils.go
- vendor/github.com/containers/ocicrypt/utils/testing.go
- vendor/github.com/containers/ocicrypt/utils/utils.go
- vendor/github.com/coreos/go-systemd/v22/daemon/sdnotify.go
- vendor/github.com/coreos/go-systemd/v22/daemon/watchdog.go
- vendor/github.com/coreos/go-systemd/v22/dbus/methods.go
- vendor/github.com/coreos/go-systemd/v22/dbus/properties.go
- vendor/github.com/coreos/go-systemd/v22/dbus/set.go
- vendor/github.com/coreos/go-systemd/v22/dbus/subscription.go
- vendor/github.com/coreos/go-systemd/v22/dbus/subscription_set.go
- vendor/github.com/gogo/googleapis/google/rpc/code.proto
- vendor/github.com/gogo/googleapis/google/rpc/error_details.proto
- vendor/github.com/gogo/googleapis/google/rpc/status.proto
- vendor/github.com/google/gofuzz/fuzz.go
- vendor/github.com/matttproud/golang_protobuf_extensions/pbutil/decode.go
- vendor/github.com/matttproud/golang_protobuf_extensions/pbutil/encode.go
- vendor/github.com/opencontainers/image-spec/identity/helpers.go
- vendor/github.com/opencontainers/image-spec/specs-go/v1/annotations.go
- vendor/github.com/opencontainers/image-spec/specs-go/v1/config.go
- vendor/github.com/opencontainers/image-spec/specs-go/v1/descriptor.go
- vendor/github.com/opencontainers/image-spec/specs-go/v1/index.go
- vendor/github.com/opencontainers/image-spec/specs-go/v1/layout.go
- vendor/github.com/opencontainers/image-spec/specs-go/v1/manifest.go
- vendor/github.com/opencontainers/image-spec/specs-go/v1/mediatype.go
- vendor/github.com/opencontainers/image-spec/specs-go/version.go
- vendor/github.com/opencontainers/image-spec/specs-go/versioned.go
- vendor/github.com/prometheus/client_golang/prometheus/collector.go
- vendor/github.com/prometheus/client_golang/prometheus/counter.go
- vendor/github.com/prometheus/client_golang/prometheus/desc.go
- vendor/github.com/prometheus/client_golang/prometheus/expvar_collector.go
- vendor/github.com/prometheus/client_golang/prometheus/fnv.go
- vendor/github.com/prometheus/client_golang/prometheus/gauge.go
- vendor/github.com/prometheus/client_golang/prometheus/go_collector.go
- vendor/github.com/prometheus/client_golang/prometheus/histogram.go
- vendor/github.com/prometheus/client_golang/prometheus/internal/metric.go
- vendor/github.com/prometheus/client_golang/prometheus/labels.go
- vendor/github.com/prometheus/client_golang/prometheus/metric.go
- vendor/github.com/prometheus/client_golang/prometheus/observer.go
- vendor/github.com/prometheus/client_golang/prometheus/process_collector.go
- vendor/github.com/prometheus/client_golang/prometheus/process_collector_windows.go
- vendor/github.com/prometheus/client_golang/prometheus/promhttp/delegator.go
- vendor/github.com/prometheus/client_golang/prometheus/promhttp/instrument_client.go
- vendor/github.com/prometheus/client_golang/prometheus/promhttp/instrument_server.go
- vendor/github.com/prometheus/client_golang/prometheus/registry.go
- vendor/github.com/prometheus/client_golang/prometheus/summary.go
- vendor/github.com/prometheus/client_golang/prometheus/timer.go
- vendor/github.com/prometheus/client_golang/prometheus/untyped.go
- vendor/github.com/prometheus/client_golang/prometheus/value.go
- vendor/github.com/prometheus/client_golang/prometheus/vec.go
- vendor/github.com/prometheus/client_golang/prometheus/wrap.go
- vendor/github.com/prometheus/common/expfmt/decode.go
- vendor/github.com/prometheus/common/expfmt/encode.go
- vendor/github.com/prometheus/common/expfmt/openmetrics_create.go
- vendor/github.com/prometheus/common/expfmt/text_create.go
- vendor/github.com/prometheus/common/expfmt/text_parse.go
- vendor/github.com/prometheus/common/model/alert.go
- vendor/github.com/prometheus/common/model/fingerprinting.go
- vendor/github.com/prometheus/common/model/fnv.go
- vendor/github.com/prometheus/common/model/labels.go
- vendor/github.com/prometheus/common/model/labelset.go
- vendor/github.com/prometheus/common/model/metric.go
- vendor/github.com/prometheus/common/model/signature.go
- vendor/github.com/prometheus/common/model/silence.go
- vendor/github.com/prometheus/common/model/time.go
- vendor/github.com/prometheus/common/model/value.go
- vendor/github.com/prometheus/procfs/Makefile
- vendor/github.com/prometheus/procfs/arp.go
- vendor/github.com/prometheus/procfs/buddyinfo.go
- vendor/github.com/prometheus/procfs/crypto.go
- vendor/github.com/prometheus/procfs/fs.go
- vendor/github.com/prometheus/procfs/fscache.go
- vendor/github.com/prometheus/procfs/internal/fs/fs.go
- vendor/github.com/prometheus/procfs/internal/util/parse.go
- vendor/github.com/prometheus/procfs/internal/util/readfile.go
- vendor/github.com/prometheus/procfs/internal/util/valueparser.go
- vendor/github.com/prometheus/procfs/ipvs.go
- vendor/github.com/prometheus/procfs/loadavg.go
- vendor/github.com/prometheus/procfs/mdstat.go
- vendor/github.com/prometheus/procfs/meminfo.go
- vendor/github.com/prometheus/procfs/mountinfo.go
- vendor/github.com/prometheus/procfs/mountstats.go
- vendor/github.com/prometheus/procfs/net_conntrackstat.go
- vendor/github.com/prometheus/procfs/net_dev.go
- vendor/github.com/prometheus/procfs/net_ip_socket.go
- vendor/github.com/prometheus/procfs/net_protocols.go
- vendor/github.com/prometheus/procfs/net_sockstat.go
- vendor/github.com/prometheus/procfs/net_softnet.go
- vendor/github.com/prometheus/procfs/net_tcp.go
- vendor/github.com/prometheus/procfs/net_udp.go
- vendor/github.com/prometheus/procfs/net_unix.go
- vendor/github.com/prometheus/procfs/proc.go
- vendor/github.com/prometheus/procfs/proc_cgroup.go
- vendor/github.com/prometheus/procfs/proc_environ.go
- vendor/github.com/prometheus/procfs/proc_fdinfo.go
- vendor/github.com/prometheus/procfs/proc_io.go
- vendor/github.com/prometheus/procfs/proc_limits.go
- vendor/github.com/prometheus/procfs/proc_ns.go
- vendor/github.com/prometheus/procfs/proc_psi.go
- vendor/github.com/prometheus/procfs/proc_stat.go
- vendor/github.com/prometheus/procfs/proc_status.go
- vendor/github.com/prometheus/procfs/schedstat.go
- vendor/github.com/prometheus/procfs/slab.go
- vendor/github.com/prometheus/procfs/stat.go
- vendor/github.com/prometheus/procfs/swaps.go
- vendor/github.com/prometheus/procfs/ttar
- vendor/github.com/prometheus/procfs/xfrm.go
- vendor/github.com/stefanberger/go-pkcs11uri/Makefile
- vendor/github.com/stefanberger/go-pkcs11uri/pkcs11uri.go
- vendor/go.opencensus.io/internal/internal.go
- vendor/go.opencensus.io/internal/sanitize.go
- vendor/go.opencensus.io/internal/traceinternals.go
- vendor/go.opencensus.io/trace/basetypes.go
- vendor/go.opencensus.io/trace/config.go
- vendor/go.opencensus.io/trace/evictedqueue.go
- vendor/go.opencensus.io/trace/export.go
- vendor/go.opencensus.io/trace/lrumap.go
- vendor/go.opencensus.io/trace/sampling.go
- vendor/go.opencensus.io/trace/spanbucket.go
- vendor/go.opencensus.io/trace/spanstore.go
- vendor/go.opencensus.io/trace/status_codes.go
- vendor/go.opencensus.io/trace/trace.go
- vendor/google.golang.org/grpc/balancer.go
- vendor/google.golang.org/grpc/balancer/base/balancer.go
- vendor/google.golang.org/grpc/balancer_conn_wrappers.go
- vendor/google.golang.org/grpc/balancer_v1_wrapper.go
- vendor/google.golang.org/grpc/call.go
- vendor/google.golang.org/grpc/clientconn.go
- vendor/google.golang.org/grpc/codec.go
- vendor/google.golang.org/grpc/codes/code_string.go
- vendor/google.golang.org/grpc/credentials/go12.go
- vendor/google.golang.org/grpc/credentials/internal/syscallconn_appengine.go
- vendor/google.golang.org/grpc/credentials/tls.go
- vendor/google.golang.org/grpc/dialoptions.go
- vendor/google.golang.org/grpc/grpclog/logger.go
- vendor/google.golang.org/grpc/grpclog/loggerv2.go
- vendor/google.golang.org/grpc/health/client.go
- vendor/google.golang.org/grpc/health/regenerate.sh
- vendor/google.golang.org/grpc/interceptor.go
- vendor/google.golang.org/grpc/internal/binarylog/env_config.go
- vendor/google.golang.org/grpc/internal/binarylog/method_logger.go
- vendor/google.golang.org/grpc/internal/binarylog/regenerate.sh
- vendor/google.golang.org/grpc/internal/binarylog/sink.go
- vendor/google.golang.org/grpc/internal/binarylog/util.go
- vendor/google.golang.org/grpc/internal/channelz/types.go
- vendor/google.golang.org/grpc/internal/channelz/types_linux.go
- vendor/google.golang.org/grpc/internal/channelz/types_nonlinux.go
- vendor/google.golang.org/grpc/internal/channelz/util_linux.go
- vendor/google.golang.org/grpc/internal/channelz/util_nonlinux.go
- vendor/google.golang.org/grpc/internal/resolver/dns/go113.go
- vendor/google.golang.org/grpc/internal/syscall/syscall_nonlinux.go
- vendor/google.golang.org/grpc/internal/transport/bdp_estimator.go
- vendor/google.golang.org/grpc/internal/transport/controlbuf.go
- vendor/google.golang.org/grpc/internal/transport/defaults.go
- vendor/google.golang.org/grpc/internal/transport/flowcontrol.go
- vendor/google.golang.org/grpc/internal/transport/http2_client.go
- vendor/google.golang.org/grpc/internal/transport/http2_server.go
- vendor/google.golang.org/grpc/internal/transport/http_util.go
- vendor/google.golang.org/grpc/naming/dns_resolver.go
- vendor/google.golang.org/grpc/picker_wrapper.go
- vendor/google.golang.org/grpc/pickfirst.go
- vendor/google.golang.org/grpc/preloader.go
- vendor/google.golang.org/grpc/proxy.go
- vendor/google.golang.org/grpc/resolver_conn_wrapper.go
- vendor/google.golang.org/grpc/rpc_util.go
- vendor/google.golang.org/grpc/server.go
- vendor/google.golang.org/grpc/service_config.go
- vendor/google.golang.org/grpc/stats/handlers.go
- vendor/google.golang.org/grpc/stats/stats.go
- vendor/google.golang.org/grpc/stream.go
- vendor/google.golang.org/grpc/trace.go
- vendor/google.golang.org/grpc/version.go
- vendor/gopkg.in/square/go-jose.v2/asymmetric.go
- vendor/gopkg.in/square/go-jose.v2/cipher/cbc_hmac.go
- vendor/gopkg.in/square/go-jose.v2/cipher/concat_kdf.go
- vendor/gopkg.in/square/go-jose.v2/cipher/ecdh_es.go
- vendor/gopkg.in/square/go-jose.v2/cipher/key_wrap.go
- vendor/gopkg.in/square/go-jose.v2/crypter.go
- vendor/gopkg.in/square/go-jose.v2/encoding.go
- vendor/gopkg.in/square/go-jose.v2/jwe.go
- vendor/gopkg.in/square/go-jose.v2/jwk.go
- vendor/gopkg.in/square/go-jose.v2/jws.go
- vendor/gopkg.in/square/go-jose.v2/opaque.go
- vendor/gopkg.in/square/go-jose.v2/shared.go
- vendor/gopkg.in/square/go-jose.v2/signing.go
- vendor/gopkg.in/square/go-jose.v2/symmetric.go
- vendor/gopkg.in/yaml.v2/NOTICE
- vendor/gopkg.in/yaml.v3/NOTICE
- vendor/gopkg.in/yaml.v3/decode.go
- vendor/gopkg.in/yaml.v3/encode.go
- vendor/gopkg.in/yaml.v3/resolve.go
- vendor/gopkg.in/yaml.v3/sorter.go
- vendor/k8s.io/api/core/v1/annotation_key_constants.go
- vendor/k8s.io/api/core/v1/doc.go
- vendor/k8s.io/api/core/v1/lifecycle.go
- vendor/k8s.io/api/core/v1/objectreference.go
- vendor/k8s.io/api/core/v1/register.go
- vendor/k8s.io/api/core/v1/resource.go
- vendor/k8s.io/api/core/v1/taint.go
- vendor/k8s.io/api/core/v1/toleration.go
- vendor/k8s.io/api/core/v1/types.go
- vendor/k8s.io/api/core/v1/types_swagger_doc_generated.go
- vendor/k8s.io/api/core/v1/well_known_labels.go
- vendor/k8s.io/api/core/v1/well_known_taints.go
- vendor/k8s.io/apimachinery/pkg/api/errors/errors.go
- vendor/k8s.io/apimachinery/pkg/api/resource/amount.go
- vendor/k8s.io/apimachinery/pkg/api/resource/math.go
- vendor/k8s.io/apimachinery/pkg/api/resource/quantity.go
- vendor/k8s.io/apimachinery/pkg/api/resource/quantity_proto.go
- vendor/k8s.io/apimachinery/pkg/api/resource/scale_int.go
- vendor/k8s.io/apimachinery/pkg/api/resource/suffix.go
- vendor/k8s.io/apimachinery/pkg/apis/meta/v1/controller_ref.go
- vendor/k8s.io/apimachinery/pkg/apis/meta/v1/conversion.go
- vendor/k8s.io/apimachinery/pkg/apis/meta/v1/deepcopy.go
- vendor/k8s.io/apimachinery/pkg/apis/meta/v1/doc.go
- vendor/k8s.io/apimachinery/pkg/apis/meta/v1/duration.go
- vendor/k8s.io/apimachinery/pkg/apis/meta/v1/group_version.go
- vendor/k8s.io/apimachinery/pkg/apis/meta/v1/helpers.go
- vendor/k8s.io/apimachinery/pkg/apis/meta/v1/labels.go
- vendor/k8s.io/apimachinery/pkg/apis/meta/v1/meta.go
- vendor/k8s.io/apimachinery/pkg/apis/meta/v1/micro_time.go
- vendor/k8s.io/apimachinery/pkg/apis/meta/v1/micro_time_fuzz.go
- vendor/k8s.io/apimachinery/pkg/apis/meta/v1/micro_time_proto.go
- vendor/k8s.io/apimachinery/pkg/apis/meta/v1/register.go
- vendor/k8s.io/apimachinery/pkg/apis/meta/v1/time.go
- vendor/k8s.io/apimachinery/pkg/apis/meta/v1/time_fuzz.go
- vendor/k8s.io/apimachinery/pkg/apis/meta/v1/time_proto.go
- vendor/k8s.io/apimachinery/pkg/apis/meta/v1/types_swagger_doc_generated.go
- vendor/k8s.io/apimachinery/pkg/apis/meta/v1/unstructured/helpers.go
- vendor/k8s.io/apimachinery/pkg/apis/meta/v1/unstructured/unstructured.go
- vendor/k8s.io/apimachinery/pkg/apis/meta/v1/unstructured/unstructured_list.go
- vendor/k8s.io/apimachinery/pkg/apis/meta/v1/watch.go
- vendor/k8s.io/apimachinery/pkg/conversion/converter.go
- vendor/k8s.io/apimachinery/pkg/conversion/deep_equal.go
- vendor/k8s.io/apimachinery/pkg/conversion/helper.go
- vendor/k8s.io/apimachinery/pkg/conversion/queryparams/convert.go
- vendor/k8s.io/apimachinery/pkg/fields/fields.go
- vendor/k8s.io/apimachinery/pkg/fields/requirements.go
- vendor/k8s.io/apimachinery/pkg/fields/selector.go
- vendor/k8s.io/apimachinery/pkg/labels/labels.go
- vendor/k8s.io/apimachinery/pkg/labels/selector.go
- vendor/k8s.io/apimachinery/pkg/runtime/codec.go
- vendor/k8s.io/apimachinery/pkg/runtime/codec_check.go
- vendor/k8s.io/apimachinery/pkg/runtime/converter.go
- vendor/k8s.io/apimachinery/pkg/runtime/embedded.go
- vendor/k8s.io/apimachinery/pkg/runtime/error.go
- vendor/k8s.io/apimachinery/pkg/runtime/extension.go
- vendor/k8s.io/apimachinery/pkg/runtime/helper.go
- vendor/k8s.io/apimachinery/pkg/runtime/interfaces.go
- vendor/k8s.io/apimachinery/pkg/runtime/mapper.go
- vendor/k8s.io/apimachinery/pkg/runtime/negotiate.go
- vendor/k8s.io/apimachinery/pkg/runtime/register.go
- vendor/k8s.io/apimachinery/pkg/runtime/schema/group_version.go
- vendor/k8s.io/apimachinery/pkg/runtime/schema/interfaces.go
- vendor/k8s.io/apimachinery/pkg/runtime/scheme.go
- vendor/k8s.io/apimachinery/pkg/runtime/scheme_builder.go
- vendor/k8s.io/apimachinery/pkg/runtime/serializer/codec_factory.go
- vendor/k8s.io/apimachinery/pkg/runtime/serializer/json/json.go
- vendor/k8s.io/apimachinery/pkg/runtime/serializer/json/meta.go
- vendor/k8s.io/apimachinery/pkg/runtime/serializer/negotiated_codec.go
- vendor/k8s.io/apimachinery/pkg/runtime/serializer/protobuf/protobuf.go
- vendor/k8s.io/apimachinery/pkg/runtime/serializer/recognizer/recognizer.go
- vendor/k8s.io/apimachinery/pkg/runtime/serializer/versioning/versioning.go
- vendor/k8s.io/apimachinery/pkg/runtime/swagger_doc_generator.go
- vendor/k8s.io/apimachinery/pkg/runtime/types.go
- vendor/k8s.io/apimachinery/pkg/runtime/types_proto.go
- vendor/k8s.io/apimachinery/pkg/selection/operator.go
- vendor/k8s.io/apimachinery/pkg/types/namespacedname.go
- vendor/k8s.io/apimachinery/pkg/types/nodename.go
- vendor/k8s.io/apimachinery/pkg/types/patch.go
- vendor/k8s.io/apimachinery/pkg/types/uid.go
- vendor/k8s.io/apimachinery/pkg/util/clock/clock.go
- vendor/k8s.io/apimachinery/pkg/util/errors/errors.go
- vendor/k8s.io/apimachinery/pkg/util/httpstream/httpstream.go
- vendor/k8s.io/apimachinery/pkg/util/httpstream/spdy/connection.go
- vendor/k8s.io/apimachinery/pkg/util/httpstream/spdy/roundtripper.go
- vendor/k8s.io/apimachinery/pkg/util/httpstream/spdy/upgrade.go
- vendor/k8s.io/apimachinery/pkg/util/intstr/instr_fuzz.go
- vendor/k8s.io/apimachinery/pkg/util/intstr/intstr.go
- vendor/k8s.io/apimachinery/pkg/util/json/json.go
- vendor/k8s.io/apimachinery/pkg/util/naming/from_stack.go
- vendor/k8s.io/apimachinery/pkg/util/net/http.go
- vendor/k8s.io/apimachinery/pkg/util/net/interface.go
- vendor/k8s.io/apimachinery/pkg/util/net/port_range.go
- vendor/k8s.io/apimachinery/pkg/util/net/port_split.go
- vendor/k8s.io/apimachinery/pkg/util/net/util.go
- vendor/k8s.io/apimachinery/pkg/util/remotecommand/constants.go
- vendor/k8s.io/apimachinery/pkg/util/runtime/runtime.go
- vendor/k8s.io/apimachinery/pkg/util/validation/field/errors.go
- vendor/k8s.io/apimachinery/pkg/util/validation/field/path.go
- vendor/k8s.io/apimachinery/pkg/util/validation/validation.go
- vendor/k8s.io/apimachinery/pkg/util/wait/wait.go
- vendor/k8s.io/apimachinery/pkg/util/yaml/decoder.go
- vendor/k8s.io/apimachinery/pkg/version/doc.go
- vendor/k8s.io/apimachinery/pkg/version/helpers.go
- vendor/k8s.io/apimachinery/pkg/version/types.go
- vendor/k8s.io/apimachinery/pkg/watch/filter.go
- vendor/k8s.io/apimachinery/pkg/watch/mux.go
- vendor/k8s.io/apimachinery/pkg/watch/streamwatcher.go
- vendor/k8s.io/apimachinery/pkg/watch/watch.go
- vendor/k8s.io/apiserver/pkg/server/httplog/httplog.go
- vendor/k8s.io/apiserver/pkg/util/wsstream/conn.go
- vendor/k8s.io/apiserver/pkg/util/wsstream/stream.go
- vendor/k8s.io/client-go/pkg/apis/clientauthentication/doc.go
- vendor/k8s.io/client-go/pkg/apis/clientauthentication/register.go
- vendor/k8s.io/client-go/pkg/apis/clientauthentication/types.go
- vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1/conversion.go
- vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1/doc.go
- vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1/register.go
- vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1/types.go
- vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1beta1/conversion.go
- vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1beta1/doc.go
- vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1beta1/register.go
- vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1beta1/types.go
- vendor/k8s.io/client-go/pkg/version/base.go
- vendor/k8s.io/client-go/pkg/version/doc.go
- vendor/k8s.io/client-go/pkg/version/version.go
- vendor/k8s.io/client-go/plugin/pkg/client/auth/exec/exec.go
- vendor/k8s.io/client-go/plugin/pkg/client/auth/exec/metrics.go
- vendor/k8s.io/client-go/rest/client.go
- vendor/k8s.io/client-go/rest/config.go
- vendor/k8s.io/client-go/rest/exec.go
- vendor/k8s.io/client-go/rest/plugin.go
- vendor/k8s.io/client-go/rest/request.go
- vendor/k8s.io/client-go/rest/transport.go
- vendor/k8s.io/client-go/rest/url_utils.go
- vendor/k8s.io/client-go/rest/urlbackoff.go
- vendor/k8s.io/client-go/rest/warnings.go
- vendor/k8s.io/client-go/rest/watch/decoder.go
- vendor/k8s.io/client-go/rest/watch/encoder.go
- vendor/k8s.io/client-go/tools/clientcmd/api/doc.go
- vendor/k8s.io/client-go/tools/clientcmd/api/helpers.go
- vendor/k8s.io/client-go/tools/clientcmd/api/register.go
- vendor/k8s.io/client-go/tools/clientcmd/api/types.go
- vendor/k8s.io/client-go/tools/remotecommand/errorstream.go
- vendor/k8s.io/client-go/tools/remotecommand/reader.go
- vendor/k8s.io/client-go/tools/remotecommand/remotecommand.go
- vendor/k8s.io/client-go/tools/remotecommand/resize.go
- vendor/k8s.io/client-go/tools/remotecommand/v1.go
- vendor/k8s.io/client-go/tools/remotecommand/v2.go
- vendor/k8s.io/client-go/tools/remotecommand/v3.go
- vendor/k8s.io/client-go/tools/remotecommand/v4.go
- vendor/k8s.io/client-go/transport/cache.go
- vendor/k8s.io/client-go/transport/cert_rotation.go
- vendor/k8s.io/client-go/transport/config.go
- vendor/k8s.io/client-go/transport/round_trippers.go
- vendor/k8s.io/client-go/transport/spdy/spdy.go
- vendor/k8s.io/client-go/transport/token_source.go
- vendor/k8s.io/client-go/transport/transport.go
- vendor/k8s.io/client-go/util/cert/cert.go
- vendor/k8s.io/client-go/util/cert/csr.go
- vendor/k8s.io/client-go/util/cert/io.go
- vendor/k8s.io/client-go/util/cert/pem.go
- vendor/k8s.io/client-go/util/cert/server_inspection.go
- vendor/k8s.io/client-go/util/exec/exec.go
- vendor/k8s.io/client-go/util/flowcontrol/backoff.go
- vendor/k8s.io/client-go/util/flowcontrol/throttle.go
- vendor/k8s.io/client-go/util/workqueue/default_rate_limiters.go
- vendor/k8s.io/client-go/util/workqueue/delaying_queue.go
- vendor/k8s.io/client-go/util/workqueue/metrics.go
- vendor/k8s.io/client-go/util/workqueue/parallelizer.go
- vendor/k8s.io/client-go/util/workqueue/queue.go
- vendor/k8s.io/client-go/util/workqueue/rate_limiting_queue.go
- vendor/k8s.io/component-base/logs/logreduction/logreduction.go
- vendor/k8s.io/cri-api/pkg/apis/runtime/v1alpha2/constants.go
- vendor/k8s.io/cri-api/pkg/apis/services.go
- vendor/k8s.io/utils/exec/exec.go
- vendor/k8s.io/utils/integer/integer.go
- vendor/sigs.k8s.io/structured-merge-diff/v4/value/allocator.go
- vendor/sigs.k8s.io/structured-merge-diff/v4/value/fields.go
- vendor/sigs.k8s.io/structured-merge-diff/v4/value/jsontagutil.go
- vendor/sigs.k8s.io/structured-merge-diff/v4/value/list.go
- vendor/sigs.k8s.io/structured-merge-diff/v4/value/listreflect.go
- vendor/sigs.k8s.io/structured-merge-diff/v4/value/listunstructured.go
- vendor/sigs.k8s.io/structured-merge-diff/v4/value/map.go
- vendor/sigs.k8s.io/structured-merge-diff/v4/value/mapreflect.go
- vendor/sigs.k8s.io/structured-merge-diff/v4/value/mapunstructured.go
- vendor/sigs.k8s.io/structured-merge-diff/v4/value/reflectcache.go
- vendor/sigs.k8s.io/structured-merge-diff/v4/value/scalar.go
- vendor/sigs.k8s.io/structured-merge-diff/v4/value/structreflect.go
- vendor/sigs.k8s.io/structured-merge-diff/v4/value/value.go
- vendor/sigs.k8s.io/structured-merge-diff/v4/value/valuereflect.go
- vendor/sigs.k8s.io/structured-merge-diff/v4/value/valueunstructured.go
- version/version.go
-Copyright: 2011-2016 Canonical Ltd.
- 2011-2019 Canonical Ltd
- 2013 Matt T. Proud
- 2013-2020 The Prometheus Authors
- 2014 Docker, Inc.
- 2014-2017 Google Inc.
- 2014-2018 Square Inc.
- 2014-2019 gRPC authors.
- 2014-2020 The Kubernetes Authors.
- 2015-2018 CoreOS, Inc.
- 2015-2019 CNI authors
- 2016 The Linux Foundation
- 2017 Prometheus Team
- 2017 Roger Luethi
- 2017-2019 OpenCensus Authors
- 2020 IBM Corporation,
- The Mo Authors.
- The containerd Authors
- The containerd Authors.
- The docker Authors.
- The ocicrypt Authors.
-License: Apache-2.0
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
- .
- http://www.apache.org/licenses/LICENSE-2.0
- .
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- .
- On Debian systems, the complete text of the Apache License Version 2.0
- can be found in `/usr/share/common-licenses/Apache-2.0'.
-
-Files: .empty-mod/go.mod
- .gitattributes
- .github/ISSUE_TEMPLATE/bug_report.md
- .github/ISSUE_TEMPLATE/config.yml
- .github/ISSUE_TEMPLATE/feature_request.md
- .github/workflows/ci.yml
- .github/workflows/codeql.yml
- .github/workflows/nightly.yml
- .github/workflows/release.yml
- .gitignore
- .golangci.yml
- .mailmap
- .zuul.yaml
- .zuul/playbooks/containerd-build/integration-test.yaml
- .zuul/playbooks/containerd-build/run.yaml
- .zuul/playbooks/containerd-build/unit-test.yaml
- ADOPTERS.md
- BUILDING.md
- Protobuild.toml
- README.md
- RELEASES.md
- ROADMAP.md
- SCOPE.md
- api/1.0.pb.txt
- api/1.1.pb.txt
- api/1.2.pb.txt
- api/README.md
- api/events/container.pb.go
- api/events/content.pb.go
- api/events/image.pb.go
- api/events/namespace.pb.go
- api/events/snapshot.pb.go
- api/events/task.pb.go
- api/next.pb.txt
- api/services/containers/v1/containers.pb.go
- api/services/content/v1/content.pb.go
- api/services/diff/v1/diff.pb.go
- api/services/events/v1/events.pb.go
- api/services/images/v1/images.pb.go
- api/services/introspection/v1/introspection.pb.go
- api/services/leases/v1/leases.pb.go
- api/services/namespaces/v1/namespace.pb.go
- api/services/snapshots/v1/snapshots.pb.go
- api/services/tasks/v1/tasks.pb.go
- api/services/ttrpc/events/v1/events.pb.go
- api/services/version/v1/version.pb.go
- api/types/descriptor.pb.go
- api/types/metrics.pb.go
- api/types/mount.pb.go
- api/types/platform.pb.go
- api/types/task/task.pb.go
- code-of-conduct.md
- codecov.yml
- contrib/Dockerfile.test
- contrib/README.md
- contrib/ansible/README.md
- contrib/ansible/cri-containerd.yaml
- contrib/ansible/tasks/binaries.yaml
- contrib/ansible/tasks/bootstrap_centos.yaml
- contrib/ansible/tasks/bootstrap_ubuntu.yaml
- contrib/ansible/tasks/k8s.yaml
- contrib/ansible/vars/vars.yaml
- contrib/apparmor/template_test.go
- contrib/autocomplete/ctr
- contrib/autocomplete/zsh_autocomplete
- contrib/aws/snapshotter_bench_cf.yml
- contrib/aws/snapshotter_bench_readme.md
- contrib/gce/cloud-init/master.yaml
- contrib/gce/cloud-init/node.yaml
- contrib/gce/cni.template
- contrib/gce/env
- contrib/linuxkit/README.md
- design/architecture.md
- design/architecture.png
- design/data-flow.md
- design/data-flow.png
- design/lifecycle.md
- design/mounts.md
- design/snapshot_model.png
- design/snapshots.md
- docs/.editorconfig
- docs/PLUGINS.md
- docs/RUNC.md
- docs/SECURITY_AUDIT.pdf
- docs/client-opts.md
- docs/content-flow.md
- docs/cri/architecture.md
- docs/cri/architecture.png
- docs/cri/config.md
- docs/cri/containerd.png
- docs/cri/cri.png
- docs/cri/crictl.md
- docs/cri/decryption.md
- docs/cri/installation.md
- docs/cri/performance.png
- docs/cri/registry.md
- docs/cri/testing.md
- docs/garbage-collection.md
- docs/getting-started.md
- docs/hosts.md
- docs/man/containerd-config.8.md
- docs/man/containerd-config.toml.5.md
- docs/managed-opt.md
- docs/namespaces.md
- docs/ops.md
- docs/remote-snapshotter.md
- docs/rootless.md
- docs/stream_processors.md
- go.mod
- go.sum
- integration/client/go.mod
- integration/client/go.sum
- integration/image_list.sample.toml
- pkg/runtimeoptions/v1/api.pb.go
- pkg/runtimeoptions/v1/api.proto
- protobuf/plugin/fieldpath.pb.go
- releases/README.md
- releases/v1.0.0.toml
- releases/v1.1.0.toml
- releases/v1.2.0.toml
- releases/v1.3.0.toml
- releases/v1.4.0.toml
- releases/v1.5.0.toml
- releases/v1.5.1.toml
- releases/v1.5.2.toml
- releases/v1.5.3.toml
- releases/v1.5.4.toml
- releases/v1.5.5.toml
- releases/v1.5.6.toml
- releases/v1.5.7.toml
- releases/v1.5.8.toml
- releases/v1.5.9.toml
- reports/2017-01-13.md
- reports/2017-01-20.md
- reports/2017-01-27.md
- reports/2017-02-10.md
- reports/2017-02-24.md
- reports/2017-03-10.md
- reports/2017-03-17.md
- reports/2017-03-24.md
- reports/2017-04-28.md
- reports/2017-05-05.md
- reports/2017-05-19.md
- reports/2017-05-26.md
- reports/2017-06-09.md
- reports/2017-06-23.md
- runtime/linux/runctypes/1.0.pb.txt
- runtime/linux/runctypes/next.pb.txt
- runtime/linux/runctypes/runc.pb.go
- runtime/linux/runctypes/runc.proto
- runtime/v1/shim/v1/shim.pb.go
- runtime/v2/README.md
- runtime/v2/example/README.md
- runtime/v2/runc/options/next.pb.txt
- runtime/v2/runc/options/oci.pb.go
- runtime/v2/runc/options/oci.proto
- runtime/v2/task/shim.pb.go
- script/setup/critools-version
- script/setup/imgcrypt-version
- script/setup/runc-version
- snapshots/devmapper/README.md
- test/e2e_node/init.yaml
- vendor/github.com/Microsoft/go-winio/.gitignore
- vendor/github.com/Microsoft/go-winio/CODEOWNERS
- vendor/github.com/Microsoft/go-winio/README.md
- vendor/github.com/Microsoft/go-winio/backup.go
- vendor/github.com/Microsoft/go-winio/backuptar/noop.go
- vendor/github.com/Microsoft/go-winio/backuptar/strconv.go
- vendor/github.com/Microsoft/go-winio/backuptar/tar.go
- vendor/github.com/Microsoft/go-winio/ea.go
- vendor/github.com/Microsoft/go-winio/file.go
- vendor/github.com/Microsoft/go-winio/fileinfo.go
- vendor/github.com/Microsoft/go-winio/go.mod
- vendor/github.com/Microsoft/go-winio/go.sum
- vendor/github.com/Microsoft/go-winio/hvsock.go
- vendor/github.com/Microsoft/go-winio/pipe.go
- vendor/github.com/Microsoft/go-winio/pkg/etw/etw.go
- vendor/github.com/Microsoft/go-winio/pkg/etw/eventdata.go
- vendor/github.com/Microsoft/go-winio/pkg/etw/eventdatadescriptor.go
- vendor/github.com/Microsoft/go-winio/pkg/etw/eventdescriptor.go
- vendor/github.com/Microsoft/go-winio/pkg/etw/eventmetadata.go
- vendor/github.com/Microsoft/go-winio/pkg/etw/eventopt.go
- vendor/github.com/Microsoft/go-winio/pkg/etw/fieldopt.go
- vendor/github.com/Microsoft/go-winio/pkg/etw/newprovider.go
- vendor/github.com/Microsoft/go-winio/pkg/etw/newprovider_unsupported.go
- vendor/github.com/Microsoft/go-winio/pkg/etw/provider.go
- vendor/github.com/Microsoft/go-winio/pkg/etw/providerglobal.go
- vendor/github.com/Microsoft/go-winio/pkg/etw/ptr64_32.go
- vendor/github.com/Microsoft/go-winio/pkg/etw/ptr64_64.go
- vendor/github.com/Microsoft/go-winio/pkg/etw/wrapper_32.go
- vendor/github.com/Microsoft/go-winio/pkg/etw/wrapper_64.go
- vendor/github.com/Microsoft/go-winio/pkg/etw/zsyscall_windows.go
- vendor/github.com/Microsoft/go-winio/pkg/etwlogrus/hook.go
- vendor/github.com/Microsoft/go-winio/pkg/fs/fs_windows.go
- vendor/github.com/Microsoft/go-winio/pkg/guid/guid.go
- vendor/github.com/Microsoft/go-winio/pkg/security/grantvmgroupaccess.go
- vendor/github.com/Microsoft/go-winio/pkg/security/syscall_windows.go
- vendor/github.com/Microsoft/go-winio/pkg/security/zsyscall_windows.go
- vendor/github.com/Microsoft/go-winio/privilege.go
- vendor/github.com/Microsoft/go-winio/reparse.go
- vendor/github.com/Microsoft/go-winio/sd.go
- vendor/github.com/Microsoft/go-winio/syscall.go
- vendor/github.com/Microsoft/go-winio/vhd/vhd.go
- vendor/github.com/Microsoft/go-winio/vhd/zvhd_windows.go
- vendor/github.com/Microsoft/go-winio/zsyscall_windows.go
- vendor/github.com/Microsoft/hcsshim/.gitattributes
- vendor/github.com/Microsoft/hcsshim/.gitignore
- vendor/github.com/Microsoft/hcsshim/CODEOWNERS
- vendor/github.com/Microsoft/hcsshim/Protobuild.toml
- vendor/github.com/Microsoft/hcsshim/cmd/containerd-shim-runhcs-v1/options/doc.go
- vendor/github.com/Microsoft/hcsshim/cmd/containerd-shim-runhcs-v1/options/next.pb.txt
- vendor/github.com/Microsoft/hcsshim/cmd/containerd-shim-runhcs-v1/options/runhcs.pb.go
- vendor/github.com/Microsoft/hcsshim/cmd/containerd-shim-runhcs-v1/options/runhcs.proto
- vendor/github.com/Microsoft/hcsshim/cmd/containerd-shim-runhcs-v1/stats/doc.go
- vendor/github.com/Microsoft/hcsshim/cmd/containerd-shim-runhcs-v1/stats/next.pb.txt
- vendor/github.com/Microsoft/hcsshim/cmd/containerd-shim-runhcs-v1/stats/stats.pb.go
- vendor/github.com/Microsoft/hcsshim/cmd/containerd-shim-runhcs-v1/stats/stats.proto
- vendor/github.com/Microsoft/hcsshim/computestorage/attach.go
- vendor/github.com/Microsoft/hcsshim/computestorage/destroy.go
- vendor/github.com/Microsoft/hcsshim/computestorage/detach.go
- vendor/github.com/Microsoft/hcsshim/computestorage/export.go
- vendor/github.com/Microsoft/hcsshim/computestorage/format.go
- vendor/github.com/Microsoft/hcsshim/computestorage/helpers.go
- vendor/github.com/Microsoft/hcsshim/computestorage/import.go
- vendor/github.com/Microsoft/hcsshim/computestorage/initialize.go
- vendor/github.com/Microsoft/hcsshim/computestorage/mount.go
- vendor/github.com/Microsoft/hcsshim/computestorage/setup.go
- vendor/github.com/Microsoft/hcsshim/computestorage/storage.go
- vendor/github.com/Microsoft/hcsshim/computestorage/zsyscall_windows.go
- vendor/github.com/Microsoft/hcsshim/container.go
- vendor/github.com/Microsoft/hcsshim/errors.go
- vendor/github.com/Microsoft/hcsshim/ext4/internal/compactext4/compact.go
- vendor/github.com/Microsoft/hcsshim/ext4/internal/format/format.go
- vendor/github.com/Microsoft/hcsshim/ext4/tar2ext4/tar2ext4.go
- vendor/github.com/Microsoft/hcsshim/ext4/tar2ext4/vhdfooter.go
- vendor/github.com/Microsoft/hcsshim/functional_tests.ps1
- vendor/github.com/Microsoft/hcsshim/go.mod
- vendor/github.com/Microsoft/hcsshim/go.sum
- vendor/github.com/Microsoft/hcsshim/hcn/hcn.go
- vendor/github.com/Microsoft/hcsshim/hcn/hcnendpoint.go
- vendor/github.com/Microsoft/hcsshim/hcn/hcnerrors.go
- vendor/github.com/Microsoft/hcsshim/hcn/hcnglobals.go
- vendor/github.com/Microsoft/hcsshim/hcn/hcnloadbalancer.go
- vendor/github.com/Microsoft/hcsshim/hcn/hcnnamespace.go
- vendor/github.com/Microsoft/hcsshim/hcn/hcnnetwork.go
- vendor/github.com/Microsoft/hcsshim/hcn/hcnpolicy.go
- vendor/github.com/Microsoft/hcsshim/hcn/hcnroute.go
- vendor/github.com/Microsoft/hcsshim/hcn/hcnsupport.go
- vendor/github.com/Microsoft/hcsshim/hcn/zsyscall_windows.go
- vendor/github.com/Microsoft/hcsshim/hcsshim.go
- vendor/github.com/Microsoft/hcsshim/hnsendpoint.go
- vendor/github.com/Microsoft/hcsshim/hnsglobals.go
- vendor/github.com/Microsoft/hcsshim/hnsnetwork.go
- vendor/github.com/Microsoft/hcsshim/hnspolicy.go
- vendor/github.com/Microsoft/hcsshim/hnspolicylist.go
- vendor/github.com/Microsoft/hcsshim/hnssupport.go
- vendor/github.com/Microsoft/hcsshim/interface.go
- vendor/github.com/Microsoft/hcsshim/internal/cni/registry.go
- vendor/github.com/Microsoft/hcsshim/internal/cow/cow.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/callback.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/errors.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/process.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema1/schema1.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/attachment.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/battery.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/cache_query_stats_response.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/chipset.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/close_handle.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/com_port.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/compute_system.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/configuration.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/console_size.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/container.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/container_credential_guard_add_instance_request.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/container_credential_guard_hv_socket_service_config.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/container_credential_guard_instance.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/container_credential_guard_modify_operation.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/container_credential_guard_operation_request.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/container_credential_guard_remove_instance_request.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/container_credential_guard_state.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/container_credential_guard_system_info.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/container_memory_information.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/cpu_group.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/cpu_group_affinity.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/cpu_group_config.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/cpu_group_configurations.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/cpu_group_operations.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/cpu_group_property.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/create_group_operation.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/delete_group_operation.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/device.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/devices.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/enhanced_mode_video.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/flexible_io_device.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/guest_connection.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/guest_connection_info.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/guest_crash_reporting.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/guest_os.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/guest_state.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/host_processor_modify_request.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/hosted_system.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/hv_socket.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/hv_socket_2.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/hv_socket_address.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/hv_socket_service_config.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/hv_socket_system_config.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/interrupt_moderation_mode.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/iov_settings.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/keyboard.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/layer.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/linux_kernel_direct.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/logical_processor.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/mapped_directory.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/mapped_pipe.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/memory.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/memory_2.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/memory_information_for_vm.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/memory_stats.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/modification_request.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/modify_setting_request.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/mouse.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/network_adapter.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/networking.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/pause_notification.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/pause_options.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/plan9.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/plan9_share.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/process_details.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/process_modify_request.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/process_parameters.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/process_status.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/processor.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/processor_2.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/processor_stats.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/processor_topology.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/properties.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/property_query.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/property_type.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/rdp_connection_options.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/registry_changes.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/registry_key.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/registry_value.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/restore_state.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/save_options.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/scsi.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/service_properties.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/shared_memory_configuration.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/shared_memory_region.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/shared_memory_region_info.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/silo_properties.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/statistics.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/storage.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/storage_qo_s.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/storage_stats.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/topology.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/uefi.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/uefi_boot_entry.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/version.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/video_monitor.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/virtual_machine.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/virtual_node_info.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/virtual_p_mem_controller.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/virtual_p_mem_device.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/virtual_pci_device.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/virtual_pci_function.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/virtual_smb.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/virtual_smb_share.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/virtual_smb_share_options.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/vm_memory.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/vm_processor_limits.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/schema2/windows_crash_reporting.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/service.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/system.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/utils.go
- vendor/github.com/Microsoft/hcsshim/internal/hcs/waithelper.go
- vendor/github.com/Microsoft/hcsshim/internal/hcserror/hcserror.go
- vendor/github.com/Microsoft/hcsshim/internal/hns/hns.go
- vendor/github.com/Microsoft/hcsshim/internal/hns/hnsendpoint.go
- vendor/github.com/Microsoft/hcsshim/internal/hns/hnsfuncs.go
- vendor/github.com/Microsoft/hcsshim/internal/hns/hnsglobals.go
- vendor/github.com/Microsoft/hcsshim/internal/hns/hnsnetwork.go
- vendor/github.com/Microsoft/hcsshim/internal/hns/hnspolicy.go
- vendor/github.com/Microsoft/hcsshim/internal/hns/hnspolicylist.go
- vendor/github.com/Microsoft/hcsshim/internal/hns/hnssupport.go
- vendor/github.com/Microsoft/hcsshim/internal/hns/namespace.go
- vendor/github.com/Microsoft/hcsshim/internal/hns/zsyscall_windows.go
- vendor/github.com/Microsoft/hcsshim/internal/interop/interop.go
- vendor/github.com/Microsoft/hcsshim/internal/interop/zsyscall_windows.go
- vendor/github.com/Microsoft/hcsshim/internal/log/g.go
- vendor/github.com/Microsoft/hcsshim/internal/logfields/fields.go
- vendor/github.com/Microsoft/hcsshim/internal/longpath/longpath.go
- vendor/github.com/Microsoft/hcsshim/internal/mergemaps/merge.go
- vendor/github.com/Microsoft/hcsshim/internal/oc/exporter.go
- vendor/github.com/Microsoft/hcsshim/internal/oc/span.go
- vendor/github.com/Microsoft/hcsshim/internal/regstate/regstate.go
- vendor/github.com/Microsoft/hcsshim/internal/regstate/zsyscall_windows.go
- vendor/github.com/Microsoft/hcsshim/internal/runhcs/container.go
- vendor/github.com/Microsoft/hcsshim/internal/runhcs/util.go
- vendor/github.com/Microsoft/hcsshim/internal/runhcs/vm.go
- vendor/github.com/Microsoft/hcsshim/internal/safefile/safeopen.go
- vendor/github.com/Microsoft/hcsshim/internal/timeout/timeout.go
- vendor/github.com/Microsoft/hcsshim/internal/vmcompute/vmcompute.go
- vendor/github.com/Microsoft/hcsshim/internal/vmcompute/zsyscall_windows.go
- vendor/github.com/Microsoft/hcsshim/internal/wclayer/activatelayer.go
- vendor/github.com/Microsoft/hcsshim/internal/wclayer/baselayer.go
- vendor/github.com/Microsoft/hcsshim/internal/wclayer/createlayer.go
- vendor/github.com/Microsoft/hcsshim/internal/wclayer/createscratchlayer.go
- vendor/github.com/Microsoft/hcsshim/internal/wclayer/deactivatelayer.go
- vendor/github.com/Microsoft/hcsshim/internal/wclayer/destroylayer.go
- vendor/github.com/Microsoft/hcsshim/internal/wclayer/expandscratchsize.go
- vendor/github.com/Microsoft/hcsshim/internal/wclayer/exportlayer.go
- vendor/github.com/Microsoft/hcsshim/internal/wclayer/getlayermountpath.go
- vendor/github.com/Microsoft/hcsshim/internal/wclayer/getsharedbaseimages.go
- vendor/github.com/Microsoft/hcsshim/internal/wclayer/grantvmaccess.go
- vendor/github.com/Microsoft/hcsshim/internal/wclayer/importlayer.go
- vendor/github.com/Microsoft/hcsshim/internal/wclayer/layerexists.go
- vendor/github.com/Microsoft/hcsshim/internal/wclayer/layerid.go
- vendor/github.com/Microsoft/hcsshim/internal/wclayer/layerutils.go
- vendor/github.com/Microsoft/hcsshim/internal/wclayer/legacy.go
- vendor/github.com/Microsoft/hcsshim/internal/wclayer/nametoguid.go
- vendor/github.com/Microsoft/hcsshim/internal/wclayer/preparelayer.go
- vendor/github.com/Microsoft/hcsshim/internal/wclayer/processimage.go
- vendor/github.com/Microsoft/hcsshim/internal/wclayer/unpreparelayer.go
- vendor/github.com/Microsoft/hcsshim/internal/wclayer/wclayer.go
- vendor/github.com/Microsoft/hcsshim/internal/wclayer/zsyscall_windows.go
- vendor/github.com/Microsoft/hcsshim/internal/winapi/devices.go
- vendor/github.com/Microsoft/hcsshim/internal/winapi/errors.go
- vendor/github.com/Microsoft/hcsshim/internal/winapi/filesystem.go
- vendor/github.com/Microsoft/hcsshim/internal/winapi/iocp.go
- vendor/github.com/Microsoft/hcsshim/internal/winapi/jobobject.go
- vendor/github.com/Microsoft/hcsshim/internal/winapi/logon.go
- vendor/github.com/Microsoft/hcsshim/internal/winapi/memory.go
- vendor/github.com/Microsoft/hcsshim/internal/winapi/net.go
- vendor/github.com/Microsoft/hcsshim/internal/winapi/path.go
- vendor/github.com/Microsoft/hcsshim/internal/winapi/process.go
- vendor/github.com/Microsoft/hcsshim/internal/winapi/processor.go
- vendor/github.com/Microsoft/hcsshim/internal/winapi/system.go
- vendor/github.com/Microsoft/hcsshim/internal/winapi/thread.go
- vendor/github.com/Microsoft/hcsshim/internal/winapi/utils.go
- vendor/github.com/Microsoft/hcsshim/internal/winapi/winapi.go
- vendor/github.com/Microsoft/hcsshim/internal/winapi/zsyscall_windows.go
- vendor/github.com/Microsoft/hcsshim/layer.go
- vendor/github.com/Microsoft/hcsshim/osversion/osversion_windows.go
- vendor/github.com/Microsoft/hcsshim/osversion/windowsbuilds.go
- vendor/github.com/Microsoft/hcsshim/pkg/go-runhcs/runhcs.go
- vendor/github.com/Microsoft/hcsshim/pkg/go-runhcs/runhcs_create-scratch.go
- vendor/github.com/Microsoft/hcsshim/pkg/go-runhcs/runhcs_create.go
- vendor/github.com/Microsoft/hcsshim/pkg/go-runhcs/runhcs_delete.go
- vendor/github.com/Microsoft/hcsshim/pkg/go-runhcs/runhcs_exec.go
- vendor/github.com/Microsoft/hcsshim/pkg/go-runhcs/runhcs_kill.go
- vendor/github.com/Microsoft/hcsshim/pkg/go-runhcs/runhcs_list.go
- vendor/github.com/Microsoft/hcsshim/pkg/go-runhcs/runhcs_pause.go
- vendor/github.com/Microsoft/hcsshim/pkg/go-runhcs/runhcs_ps.go
- vendor/github.com/Microsoft/hcsshim/pkg/go-runhcs/runhcs_resize-tty.go
- vendor/github.com/Microsoft/hcsshim/pkg/go-runhcs/runhcs_resume.go
- vendor/github.com/Microsoft/hcsshim/pkg/go-runhcs/runhcs_start.go
- vendor/github.com/Microsoft/hcsshim/pkg/go-runhcs/runhcs_state.go
- vendor/github.com/Microsoft/hcsshim/pkg/ociwclayer/export.go
- vendor/github.com/Microsoft/hcsshim/pkg/ociwclayer/import.go
- vendor/github.com/Microsoft/hcsshim/process.go
- vendor/github.com/Microsoft/hcsshim/zsyscall_windows.go
- vendor/github.com/beorn7/perks/quantile/exampledata.txt
- vendor/github.com/beorn7/perks/quantile/stream.go
- vendor/github.com/bits-and-blooms/bitset/.gitignore
- vendor/github.com/bits-and-blooms/bitset/.travis.yml
- vendor/github.com/bits-and-blooms/bitset/README.md
- vendor/github.com/bits-and-blooms/bitset/azure-pipelines.yml
- vendor/github.com/bits-and-blooms/bitset/bitset.go
- vendor/github.com/bits-and-blooms/bitset/go.mod
- vendor/github.com/bits-and-blooms/bitset/go.sum
- vendor/github.com/bits-and-blooms/bitset/popcnt.go
- vendor/github.com/bits-and-blooms/bitset/popcnt_19.go
- vendor/github.com/bits-and-blooms/bitset/popcnt_amd64.go
- vendor/github.com/bits-and-blooms/bitset/popcnt_amd64.s
- vendor/github.com/bits-and-blooms/bitset/popcnt_generic.go
- vendor/github.com/bits-and-blooms/bitset/trailing_zeros_18.go
- vendor/github.com/bits-and-blooms/bitset/trailing_zeros_19.go
- vendor/github.com/cespare/xxhash/v2/.travis.yml
- vendor/github.com/cespare/xxhash/v2/README.md
- vendor/github.com/cespare/xxhash/v2/go.mod
- vendor/github.com/cespare/xxhash/v2/go.sum
- vendor/github.com/cespare/xxhash/v2/xxhash.go
- vendor/github.com/cespare/xxhash/v2/xxhash_amd64.go
- vendor/github.com/cespare/xxhash/v2/xxhash_amd64.s
- vendor/github.com/cespare/xxhash/v2/xxhash_other.go
- vendor/github.com/cespare/xxhash/v2/xxhash_safe.go
- vendor/github.com/cespare/xxhash/v2/xxhash_unsafe.go
- vendor/github.com/cilium/ebpf/.clang-format
- vendor/github.com/cilium/ebpf/.gitignore
- vendor/github.com/cilium/ebpf/.golangci.yaml
- vendor/github.com/cilium/ebpf/ARCHITECTURE.md
- vendor/github.com/cilium/ebpf/CODE_OF_CONDUCT.md
- vendor/github.com/cilium/ebpf/CONTRIBUTING.md
- vendor/github.com/cilium/ebpf/Makefile
- vendor/github.com/cilium/ebpf/README.md
- vendor/github.com/cilium/ebpf/asm/alu.go
- vendor/github.com/cilium/ebpf/asm/alu_string.go
- vendor/github.com/cilium/ebpf/asm/doc.go
- vendor/github.com/cilium/ebpf/asm/func.go
- vendor/github.com/cilium/ebpf/asm/func_string.go
- vendor/github.com/cilium/ebpf/asm/instruction.go
- vendor/github.com/cilium/ebpf/asm/jump.go
- vendor/github.com/cilium/ebpf/asm/jump_string.go
- vendor/github.com/cilium/ebpf/asm/load_store.go
- vendor/github.com/cilium/ebpf/asm/load_store_string.go
- vendor/github.com/cilium/ebpf/asm/opcode.go
- vendor/github.com/cilium/ebpf/asm/opcode_string.go
- vendor/github.com/cilium/ebpf/asm/register.go
- vendor/github.com/cilium/ebpf/collection.go
- vendor/github.com/cilium/ebpf/doc.go
- vendor/github.com/cilium/ebpf/elf_reader.go
- vendor/github.com/cilium/ebpf/elf_reader_fuzz.go
- vendor/github.com/cilium/ebpf/go.mod
- vendor/github.com/cilium/ebpf/go.sum
- vendor/github.com/cilium/ebpf/info.go
- vendor/github.com/cilium/ebpf/internal/btf/btf.go
- vendor/github.com/cilium/ebpf/internal/btf/btf_types.go
- vendor/github.com/cilium/ebpf/internal/btf/btf_types_string.go
- vendor/github.com/cilium/ebpf/internal/btf/core.go
- vendor/github.com/cilium/ebpf/internal/btf/doc.go
- vendor/github.com/cilium/ebpf/internal/btf/ext_info.go
- vendor/github.com/cilium/ebpf/internal/btf/fuzz.go
- vendor/github.com/cilium/ebpf/internal/btf/strings.go
- vendor/github.com/cilium/ebpf/internal/btf/types.go
- vendor/github.com/cilium/ebpf/internal/cpu.go
- vendor/github.com/cilium/ebpf/internal/elf.go
- vendor/github.com/cilium/ebpf/internal/endian.go
- vendor/github.com/cilium/ebpf/internal/errors.go
- vendor/github.com/cilium/ebpf/internal/fd.go
- vendor/github.com/cilium/ebpf/internal/feature.go
- vendor/github.com/cilium/ebpf/internal/io.go
- vendor/github.com/cilium/ebpf/internal/pinning.go
- vendor/github.com/cilium/ebpf/internal/ptr.go
- vendor/github.com/cilium/ebpf/internal/ptr_32_be.go
- vendor/github.com/cilium/ebpf/internal/ptr_32_le.go
- vendor/github.com/cilium/ebpf/internal/ptr_64.go
- vendor/github.com/cilium/ebpf/internal/syscall.go
- vendor/github.com/cilium/ebpf/internal/syscall_string.go
- vendor/github.com/cilium/ebpf/internal/unix/types_linux.go
- vendor/github.com/cilium/ebpf/internal/unix/types_other.go
- vendor/github.com/cilium/ebpf/internal/version.go
- vendor/github.com/cilium/ebpf/link/cgroup.go
- vendor/github.com/cilium/ebpf/link/doc.go
- vendor/github.com/cilium/ebpf/link/iter.go
- vendor/github.com/cilium/ebpf/link/kprobe.go
- vendor/github.com/cilium/ebpf/link/link.go
- vendor/github.com/cilium/ebpf/link/netns.go
- vendor/github.com/cilium/ebpf/link/perf_event.go
- vendor/github.com/cilium/ebpf/link/platform.go
- vendor/github.com/cilium/ebpf/link/program.go
- vendor/github.com/cilium/ebpf/link/raw_tracepoint.go
- vendor/github.com/cilium/ebpf/link/syscalls.go
- vendor/github.com/cilium/ebpf/link/tracepoint.go
- vendor/github.com/cilium/ebpf/link/uprobe.go
- vendor/github.com/cilium/ebpf/linker.go
- vendor/github.com/cilium/ebpf/map.go
- vendor/github.com/cilium/ebpf/marshalers.go
- vendor/github.com/cilium/ebpf/prog.go
- vendor/github.com/cilium/ebpf/run-tests.sh
- vendor/github.com/cilium/ebpf/syscalls.go
- vendor/github.com/cilium/ebpf/types.go
- vendor/github.com/cilium/ebpf/types_string.go
- vendor/github.com/containerd/aufs/.golangci.yml
- vendor/github.com/containerd/aufs/README.md
- vendor/github.com/containerd/aufs/go.mod
- vendor/github.com/containerd/aufs/go.sum
- vendor/github.com/containerd/btrfs/.gitignore
- vendor/github.com/containerd/btrfs/README.md
- vendor/github.com/containerd/btrfs/go.mod
- vendor/github.com/containerd/btrfs/go.sum
- vendor/github.com/containerd/cgroups/.gitignore
- vendor/github.com/containerd/cgroups/Protobuild.toml
- vendor/github.com/containerd/cgroups/README.md
- vendor/github.com/containerd/cgroups/Vagrantfile
- vendor/github.com/containerd/cgroups/go.mod
- vendor/github.com/containerd/cgroups/go.sum
- vendor/github.com/containerd/cgroups/stats/v1/metrics.pb.go
- vendor/github.com/containerd/cgroups/stats/v1/metrics.pb.txt
- vendor/github.com/containerd/cgroups/stats/v1/metrics.proto
- vendor/github.com/containerd/cgroups/v2/stats/metrics.pb.go
- vendor/github.com/containerd/cgroups/v2/stats/metrics.pb.txt
- vendor/github.com/containerd/cgroups/v2/stats/metrics.proto
- vendor/github.com/containerd/console/.golangci.yml
- vendor/github.com/containerd/console/README.md
- vendor/github.com/containerd/console/go.mod
- vendor/github.com/containerd/console/go.sum
- vendor/github.com/containerd/continuity/.gitignore
- vendor/github.com/containerd/continuity/.golangci.yml
- vendor/github.com/containerd/continuity/.mailmap
- vendor/github.com/containerd/continuity/AUTHORS
- vendor/github.com/containerd/continuity/README.md
- vendor/github.com/containerd/continuity/go.mod
- vendor/github.com/containerd/continuity/go.sum
- vendor/github.com/containerd/continuity/proto/manifest.pb.go
- vendor/github.com/containerd/continuity/proto/manifest.proto
- vendor/github.com/containerd/continuity/sysx/README.md
- vendor/github.com/containerd/fifo/.gitattributes
- vendor/github.com/containerd/fifo/.gitignore
- vendor/github.com/containerd/fifo/.golangci.yml
- vendor/github.com/containerd/fifo/go.mod
- vendor/github.com/containerd/fifo/go.sum
- vendor/github.com/containerd/fifo/readme.md
- vendor/github.com/containerd/go-cni/.golangci.yml
- vendor/github.com/containerd/go-cni/README.md
- vendor/github.com/containerd/go-cni/go.mod
- vendor/github.com/containerd/go-cni/go.sum
- vendor/github.com/containerd/go-runc/.travis.yml
- vendor/github.com/containerd/go-runc/README.md
- vendor/github.com/containerd/go-runc/go.mod
- vendor/github.com/containerd/go-runc/go.sum
- vendor/github.com/containerd/imgcrypt/.gitignore
- vendor/github.com/containerd/imgcrypt/.golangci.yml
- vendor/github.com/containerd/imgcrypt/CHANGES
- vendor/github.com/containerd/imgcrypt/MAINTAINERS
- vendor/github.com/containerd/imgcrypt/README.md
- vendor/github.com/containerd/imgcrypt/go.mod
- vendor/github.com/containerd/imgcrypt/go.sum
- vendor/github.com/containerd/nri/.golangci.yml
- vendor/github.com/containerd/nri/README.md
- vendor/github.com/containerd/nri/go.mod
- vendor/github.com/containerd/nri/go.sum
- vendor/github.com/containerd/ttrpc/.gitignore
- vendor/github.com/containerd/ttrpc/README.md
- vendor/github.com/containerd/ttrpc/go.mod
- vendor/github.com/containerd/ttrpc/go.sum
- vendor/github.com/containerd/typeurl/.gitignore
- vendor/github.com/containerd/typeurl/README.md
- vendor/github.com/containerd/typeurl/go.mod
- vendor/github.com/containerd/typeurl/go.sum
- vendor/github.com/containerd/zfs/.gitignore
- vendor/github.com/containerd/zfs/README.md
- vendor/github.com/containerd/zfs/codecov.yml
- vendor/github.com/containerd/zfs/go.mod
- vendor/github.com/containerd/zfs/go.sum
- vendor/github.com/containernetworking/plugins/pkg/ns/README.md
- vendor/github.com/containers/ocicrypt/.travis.yml
- vendor/github.com/containers/ocicrypt/CODE-OF-CONDUCT.md
- vendor/github.com/containers/ocicrypt/MAINTAINERS
- vendor/github.com/containers/ocicrypt/README.md
- vendor/github.com/containers/ocicrypt/SECURITY.md
- vendor/github.com/containers/ocicrypt/go.mod
- vendor/github.com/containers/ocicrypt/go.sum
- vendor/github.com/containers/ocicrypt/spec/spec.go
- vendor/github.com/containers/ocicrypt/utils/keyprovider/keyprovider.pb.go
- vendor/github.com/containers/ocicrypt/utils/keyprovider/keyprovider.proto
- vendor/github.com/cpuguy83/go-md2man/v2/md2man/md2man.go
- vendor/github.com/cpuguy83/go-md2man/v2/md2man/roff.go
- vendor/github.com/docker/go-events/.gitignore
- vendor/github.com/docker/go-events/MAINTAINERS
- vendor/github.com/docker/go-events/broadcast.go
- vendor/github.com/docker/go-events/channel.go
- vendor/github.com/docker/go-events/errors.go
- vendor/github.com/docker/go-events/event.go
- vendor/github.com/docker/go-events/filter.go
- vendor/github.com/docker/go-events/queue.go
- vendor/github.com/docker/go-events/retry.go
- vendor/github.com/docker/go-metrics/README.md
- vendor/github.com/docker/go-metrics/counter.go
- vendor/github.com/docker/go-metrics/docs.go
- vendor/github.com/docker/go-metrics/gauge.go
- vendor/github.com/docker/go-metrics/go.mod
- vendor/github.com/docker/go-metrics/go.sum
- vendor/github.com/docker/go-metrics/handler.go
- vendor/github.com/docker/go-metrics/helpers.go
- vendor/github.com/docker/go-metrics/namespace.go
- vendor/github.com/docker/go-metrics/register.go
- vendor/github.com/docker/go-metrics/timer.go
- vendor/github.com/docker/go-metrics/unit.go
- vendor/github.com/docker/go-units/MAINTAINERS
- vendor/github.com/docker/go-units/circle.yml
- vendor/github.com/docker/go-units/duration.go
- vendor/github.com/docker/go-units/size.go
- vendor/github.com/docker/go-units/ulimit.go
- vendor/github.com/docker/spdystream/CONTRIBUTING.md
- vendor/github.com/docker/spdystream/MAINTAINERS
- vendor/github.com/docker/spdystream/README.md
- vendor/github.com/docker/spdystream/connection.go
- vendor/github.com/docker/spdystream/handlers.go
- vendor/github.com/docker/spdystream/priority.go
- vendor/github.com/docker/spdystream/stream.go
- vendor/github.com/docker/spdystream/utils.go
- vendor/github.com/emicklei/go-restful/.gitignore
- vendor/github.com/emicklei/go-restful/.travis.yml
- vendor/github.com/emicklei/go-restful/CHANGES.md
- vendor/github.com/emicklei/go-restful/Makefile
- vendor/github.com/emicklei/go-restful/Srcfile
- vendor/github.com/emicklei/go-restful/bench_test.sh
- vendor/github.com/emicklei/go-restful/coverage.sh
- vendor/github.com/emicklei/go-restful/json.go
- vendor/github.com/emicklei/go-restful/jsoniter.go
- vendor/github.com/emicklei/go-restful/log/log.go
- vendor/github.com/emicklei/go-restful/mime.go
- vendor/github.com/fsnotify/fsnotify/.editorconfig
- vendor/github.com/fsnotify/fsnotify/.gitattributes
- vendor/github.com/fsnotify/fsnotify/.gitignore
- vendor/github.com/fsnotify/fsnotify/.travis.yml
- vendor/github.com/fsnotify/fsnotify/AUTHORS
- vendor/github.com/fsnotify/fsnotify/CHANGELOG.md
- vendor/github.com/fsnotify/fsnotify/CONTRIBUTING.md
- vendor/github.com/fsnotify/fsnotify/README.md
- vendor/github.com/fsnotify/fsnotify/go.mod
- vendor/github.com/fsnotify/fsnotify/go.sum
- vendor/github.com/go-logr/logr/README.md
- vendor/github.com/go-logr/logr/go.mod
- vendor/github.com/godbus/dbus/v5/CONTRIBUTING.md
- vendor/github.com/godbus/dbus/v5/MAINTAINERS
- vendor/github.com/godbus/dbus/v5/README.markdown
- vendor/github.com/godbus/dbus/v5/auth.go
- vendor/github.com/godbus/dbus/v5/auth_anonymous.go
- vendor/github.com/godbus/dbus/v5/auth_external.go
- vendor/github.com/godbus/dbus/v5/auth_sha1.go
- vendor/github.com/godbus/dbus/v5/call.go
- vendor/github.com/godbus/dbus/v5/conn.go
- vendor/github.com/godbus/dbus/v5/conn_darwin.go
- vendor/github.com/godbus/dbus/v5/conn_other.go
- vendor/github.com/godbus/dbus/v5/conn_unix.go
- vendor/github.com/godbus/dbus/v5/conn_windows.go
- vendor/github.com/godbus/dbus/v5/dbus.go
- vendor/github.com/godbus/dbus/v5/decoder.go
- vendor/github.com/godbus/dbus/v5/default_handler.go
- vendor/github.com/godbus/dbus/v5/doc.go
- vendor/github.com/godbus/dbus/v5/encoder.go
- vendor/github.com/godbus/dbus/v5/export.go
- vendor/github.com/godbus/dbus/v5/go.mod
- vendor/github.com/godbus/dbus/v5/go.sum
- vendor/github.com/godbus/dbus/v5/homedir.go
- vendor/github.com/godbus/dbus/v5/homedir_dynamic.go
- vendor/github.com/godbus/dbus/v5/homedir_static.go
- vendor/github.com/godbus/dbus/v5/match.go
- vendor/github.com/godbus/dbus/v5/message.go
- vendor/github.com/godbus/dbus/v5/object.go
- vendor/github.com/godbus/dbus/v5/sequence.go
- vendor/github.com/godbus/dbus/v5/sequential_handler.go
- vendor/github.com/godbus/dbus/v5/server_interfaces.go
- vendor/github.com/godbus/dbus/v5/sig.go
- vendor/github.com/godbus/dbus/v5/transport_darwin.go
- vendor/github.com/godbus/dbus/v5/transport_generic.go
- vendor/github.com/godbus/dbus/v5/transport_nonce_tcp.go
- vendor/github.com/godbus/dbus/v5/transport_tcp.go
- vendor/github.com/godbus/dbus/v5/transport_unix.go
- vendor/github.com/godbus/dbus/v5/transport_unixcred_dragonfly.go
- vendor/github.com/godbus/dbus/v5/transport_unixcred_freebsd.go
- vendor/github.com/godbus/dbus/v5/transport_unixcred_linux.go
- vendor/github.com/godbus/dbus/v5/transport_unixcred_openbsd.go
- vendor/github.com/godbus/dbus/v5/variant.go
- vendor/github.com/godbus/dbus/v5/variant_lexer.go
- vendor/github.com/godbus/dbus/v5/variant_parser.go
- vendor/github.com/gogo/googleapis/google/rpc/error_details.pb.go
- vendor/github.com/gogo/googleapis/google/rpc/status.pb.go
- vendor/github.com/gogo/protobuf/AUTHORS
- vendor/github.com/gogo/protobuf/CONTRIBUTORS
- vendor/github.com/gogo/protobuf/gogoproto/gogo.pb.go
- vendor/github.com/gogo/protobuf/gogoproto/gogo.pb.golden
- vendor/github.com/gogo/protobuf/protoc-gen-gogo/descriptor/descriptor.pb.go
- vendor/github.com/gogo/protobuf/protoc-gen-gogo/descriptor/descriptor_gostring.gen.go
- vendor/github.com/gogo/protobuf/protoc-gen-gogo/plugin/plugin.pb.go
- vendor/github.com/gogo/protobuf/types/any.pb.go
- vendor/github.com/gogo/protobuf/types/api.pb.go
- vendor/github.com/gogo/protobuf/types/duration.pb.go
- vendor/github.com/gogo/protobuf/types/empty.pb.go
- vendor/github.com/gogo/protobuf/types/field_mask.pb.go
- vendor/github.com/gogo/protobuf/types/protosize.go
- vendor/github.com/gogo/protobuf/types/source_context.pb.go
- vendor/github.com/gogo/protobuf/types/struct.pb.go
- vendor/github.com/gogo/protobuf/types/timestamp.pb.go
- vendor/github.com/gogo/protobuf/types/type.pb.go
- vendor/github.com/gogo/protobuf/types/wrappers.pb.go
- vendor/github.com/golang/protobuf/AUTHORS
- vendor/github.com/golang/protobuf/CONTRIBUTORS
- vendor/github.com/golang/protobuf/ptypes/any/any.pb.go
- vendor/github.com/golang/protobuf/ptypes/duration/duration.pb.go
- vendor/github.com/golang/protobuf/ptypes/timestamp/timestamp.pb.go
- vendor/github.com/google/gofuzz/.travis.yml
- vendor/github.com/google/gofuzz/CONTRIBUTING.md
- vendor/github.com/google/gofuzz/README.md
- vendor/github.com/google/gofuzz/go.mod
- vendor/github.com/google/uuid/.travis.yml
- vendor/github.com/google/uuid/CONTRIBUTING.md
- vendor/github.com/google/uuid/CONTRIBUTORS
- vendor/github.com/google/uuid/README.md
- vendor/github.com/google/uuid/go.mod
- vendor/github.com/grpc-ecosystem/go-grpc-prometheus/.gitignore
- vendor/github.com/grpc-ecosystem/go-grpc-prometheus/.travis.yml
- vendor/github.com/grpc-ecosystem/go-grpc-prometheus/CHANGELOG.md
- vendor/github.com/grpc-ecosystem/go-grpc-prometheus/README.md
- vendor/github.com/grpc-ecosystem/go-grpc-prometheus/client_metrics.go
- vendor/github.com/grpc-ecosystem/go-grpc-prometheus/makefile
- vendor/github.com/grpc-ecosystem/go-grpc-prometheus/metric_options.go
- vendor/github.com/grpc-ecosystem/go-grpc-prometheus/server_metrics.go
- vendor/github.com/hashicorp/errwrap/README.md
- vendor/github.com/hashicorp/errwrap/errwrap.go
- vendor/github.com/hashicorp/errwrap/go.mod
- vendor/github.com/hashicorp/go-multierror/.travis.yml
- vendor/github.com/hashicorp/go-multierror/Makefile
- vendor/github.com/hashicorp/go-multierror/README.md
- vendor/github.com/hashicorp/go-multierror/append.go
- vendor/github.com/hashicorp/go-multierror/flatten.go
- vendor/github.com/hashicorp/go-multierror/format.go
- vendor/github.com/hashicorp/go-multierror/go.mod
- vendor/github.com/hashicorp/go-multierror/go.sum
- vendor/github.com/hashicorp/go-multierror/multierror.go
- vendor/github.com/hashicorp/go-multierror/prefix.go
- vendor/github.com/hashicorp/go-multierror/sort.go
- vendor/github.com/imdario/mergo/.deepsource.toml
- vendor/github.com/imdario/mergo/.gitignore
- vendor/github.com/imdario/mergo/.travis.yml
- vendor/github.com/imdario/mergo/CODE_OF_CONDUCT.md
- vendor/github.com/imdario/mergo/README.md
- vendor/github.com/imdario/mergo/go.mod
- vendor/github.com/imdario/mergo/go.sum
- vendor/github.com/json-iterator/go/.codecov.yml
- vendor/github.com/json-iterator/go/.gitignore
- vendor/github.com/json-iterator/go/.travis.yml
- vendor/github.com/json-iterator/go/Gopkg.lock
- vendor/github.com/json-iterator/go/Gopkg.toml
- vendor/github.com/json-iterator/go/README.md
- vendor/github.com/json-iterator/go/adapter.go
- vendor/github.com/json-iterator/go/any.go
- vendor/github.com/json-iterator/go/any_array.go
- vendor/github.com/json-iterator/go/any_bool.go
- vendor/github.com/json-iterator/go/any_float.go
- vendor/github.com/json-iterator/go/any_int32.go
- vendor/github.com/json-iterator/go/any_int64.go
- vendor/github.com/json-iterator/go/any_invalid.go
- vendor/github.com/json-iterator/go/any_nil.go
- vendor/github.com/json-iterator/go/any_number.go
- vendor/github.com/json-iterator/go/any_object.go
- vendor/github.com/json-iterator/go/any_str.go
- vendor/github.com/json-iterator/go/any_uint32.go
- vendor/github.com/json-iterator/go/any_uint64.go
- vendor/github.com/json-iterator/go/build.sh
- vendor/github.com/json-iterator/go/config.go
- vendor/github.com/json-iterator/go/fuzzy_mode_convert_table.md
- vendor/github.com/json-iterator/go/go.mod
- vendor/github.com/json-iterator/go/go.sum
- vendor/github.com/json-iterator/go/iter.go
- vendor/github.com/json-iterator/go/iter_array.go
- vendor/github.com/json-iterator/go/iter_float.go
- vendor/github.com/json-iterator/go/iter_int.go
- vendor/github.com/json-iterator/go/iter_object.go
- vendor/github.com/json-iterator/go/iter_skip.go
- vendor/github.com/json-iterator/go/iter_skip_sloppy.go
- vendor/github.com/json-iterator/go/iter_skip_strict.go
- vendor/github.com/json-iterator/go/iter_str.go
- vendor/github.com/json-iterator/go/jsoniter.go
- vendor/github.com/json-iterator/go/pool.go
- vendor/github.com/json-iterator/go/reflect.go
- vendor/github.com/json-iterator/go/reflect_array.go
- vendor/github.com/json-iterator/go/reflect_dynamic.go
- vendor/github.com/json-iterator/go/reflect_extension.go
- vendor/github.com/json-iterator/go/reflect_json_number.go
- vendor/github.com/json-iterator/go/reflect_json_raw_message.go
- vendor/github.com/json-iterator/go/reflect_map.go
- vendor/github.com/json-iterator/go/reflect_marshaler.go
- vendor/github.com/json-iterator/go/reflect_native.go
- vendor/github.com/json-iterator/go/reflect_optional.go
- vendor/github.com/json-iterator/go/reflect_slice.go
- vendor/github.com/json-iterator/go/reflect_struct_decoder.go
- vendor/github.com/json-iterator/go/reflect_struct_encoder.go
- vendor/github.com/json-iterator/go/stream.go
- vendor/github.com/json-iterator/go/stream_float.go
- vendor/github.com/json-iterator/go/stream_int.go
- vendor/github.com/json-iterator/go/stream_str.go
- vendor/github.com/json-iterator/go/test.sh
- vendor/github.com/klauspost/compress/fse/README.md
- vendor/github.com/klauspost/compress/fse/decompress.go
- vendor/github.com/klauspost/compress/huff0/.gitignore
- vendor/github.com/klauspost/compress/huff0/README.md
- vendor/github.com/klauspost/compress/huff0/compress.go
- vendor/github.com/klauspost/compress/huff0/decompress.go
- vendor/github.com/klauspost/compress/huff0/huff0.go
- vendor/github.com/klauspost/compress/snappy/.gitignore
- vendor/github.com/klauspost/compress/snappy/AUTHORS
- vendor/github.com/klauspost/compress/snappy/CONTRIBUTORS
- vendor/github.com/klauspost/compress/snappy/README
- vendor/github.com/klauspost/compress/snappy/runbench.cmd
- vendor/github.com/klauspost/compress/zstd/README.md
- vendor/github.com/klauspost/compress/zstd/blocktype_string.go
- vendor/github.com/klauspost/compress/zstd/dict.go
- vendor/github.com/klauspost/compress/zstd/enc_base.go
- vendor/github.com/klauspost/compress/zstd/encoder_options.go
- vendor/github.com/klauspost/compress/zstd/internal/xxhash/README.md
- vendor/github.com/klauspost/compress/zstd/internal/xxhash/xxhash.go
- vendor/github.com/klauspost/compress/zstd/internal/xxhash/xxhash_amd64.go
- vendor/github.com/klauspost/compress/zstd/internal/xxhash/xxhash_amd64.s
- vendor/github.com/klauspost/compress/zstd/internal/xxhash/xxhash_other.go
- vendor/github.com/klauspost/compress/zstd/internal/xxhash/xxhash_safe.go
- vendor/github.com/klauspost/compress/zstd/zstd.go
- vendor/github.com/matttproud/golang_protobuf_extensions/pbutil/.gitignore
- vendor/github.com/matttproud/golang_protobuf_extensions/pbutil/Makefile
- vendor/github.com/miekg/pkcs11/.gitignore
- vendor/github.com/miekg/pkcs11/.travis.yml
- vendor/github.com/miekg/pkcs11/Makefile.release
- vendor/github.com/miekg/pkcs11/README.md
- vendor/github.com/miekg/pkcs11/go.mod
- vendor/github.com/miekg/pkcs11/hsm.db
- vendor/github.com/miekg/pkcs11/pkcs11go.h
- vendor/github.com/miekg/pkcs11/release.go
- vendor/github.com/miekg/pkcs11/softhsm.conf
- vendor/github.com/miekg/pkcs11/softhsm2.conf
- vendor/github.com/miekg/pkcs11/vendor.go
- vendor/github.com/mistifyio/go-zfs/.gitignore
- vendor/github.com/mistifyio/go-zfs/.travis.yml
- vendor/github.com/mistifyio/go-zfs/CONTRIBUTING.md
- vendor/github.com/mistifyio/go-zfs/README.md
- vendor/github.com/mistifyio/go-zfs/Vagrantfile
- vendor/github.com/mistifyio/go-zfs/error.go
- vendor/github.com/mistifyio/go-zfs/utils.go
- vendor/github.com/mistifyio/go-zfs/utils_notsolaris.go
- vendor/github.com/mistifyio/go-zfs/utils_solaris.go
- vendor/github.com/mistifyio/go-zfs/zfs.go
- vendor/github.com/mistifyio/go-zfs/zpool.go
- vendor/github.com/moby/locker/README.md
- vendor/github.com/moby/locker/go.mod
- vendor/github.com/moby/locker/locker.go
- vendor/github.com/moby/sys/mountinfo/doc.go
- vendor/github.com/moby/sys/mountinfo/go.mod
- vendor/github.com/moby/sys/mountinfo/go.sum
- vendor/github.com/moby/sys/mountinfo/mounted_linux.go
- vendor/github.com/moby/sys/mountinfo/mounted_unix.go
- vendor/github.com/moby/sys/mountinfo/mountinfo.go
- vendor/github.com/moby/sys/mountinfo/mountinfo_bsd.go
- vendor/github.com/moby/sys/mountinfo/mountinfo_filters.go
- vendor/github.com/moby/sys/mountinfo/mountinfo_linux.go
- vendor/github.com/moby/sys/mountinfo/mountinfo_unsupported.go
- vendor/github.com/moby/sys/mountinfo/mountinfo_windows.go
- vendor/github.com/moby/sys/symlink/README.md
- vendor/github.com/moby/sys/symlink/doc.go
- vendor/github.com/moby/sys/symlink/fs_unix.go
- vendor/github.com/moby/sys/symlink/fs_windows.go
- vendor/github.com/moby/sys/symlink/go.mod
- vendor/github.com/moby/sys/symlink/go.sum
- vendor/github.com/modern-go/concurrent/.gitignore
- vendor/github.com/modern-go/concurrent/.travis.yml
- vendor/github.com/modern-go/concurrent/README.md
- vendor/github.com/modern-go/concurrent/executor.go
- vendor/github.com/modern-go/concurrent/go_above_19.go
- vendor/github.com/modern-go/concurrent/go_below_19.go
- vendor/github.com/modern-go/concurrent/log.go
- vendor/github.com/modern-go/concurrent/test.sh
- vendor/github.com/modern-go/concurrent/unbounded_executor.go
- vendor/github.com/modern-go/reflect2/.gitignore
- vendor/github.com/modern-go/reflect2/.travis.yml
- vendor/github.com/modern-go/reflect2/Gopkg.lock
- vendor/github.com/modern-go/reflect2/Gopkg.toml
- vendor/github.com/modern-go/reflect2/README.md
- vendor/github.com/modern-go/reflect2/go_above_17.go
- vendor/github.com/modern-go/reflect2/go_above_19.go
- vendor/github.com/modern-go/reflect2/go_below_17.go
- vendor/github.com/modern-go/reflect2/go_below_19.go
- vendor/github.com/modern-go/reflect2/reflect2.go
- vendor/github.com/modern-go/reflect2/reflect2_amd64.s
- vendor/github.com/modern-go/reflect2/reflect2_kind.go
- vendor/github.com/modern-go/reflect2/relfect2_386.s
- vendor/github.com/modern-go/reflect2/relfect2_amd64p32.s
- vendor/github.com/modern-go/reflect2/relfect2_arm.s
- vendor/github.com/modern-go/reflect2/relfect2_arm64.s
- vendor/github.com/modern-go/reflect2/relfect2_mips64x.s
- vendor/github.com/modern-go/reflect2/relfect2_mipsx.s
- vendor/github.com/modern-go/reflect2/relfect2_ppc64x.s
- vendor/github.com/modern-go/reflect2/relfect2_s390x.s
- vendor/github.com/modern-go/reflect2/safe_field.go
- vendor/github.com/modern-go/reflect2/safe_map.go
- vendor/github.com/modern-go/reflect2/safe_slice.go
- vendor/github.com/modern-go/reflect2/safe_struct.go
- vendor/github.com/modern-go/reflect2/safe_type.go
- vendor/github.com/modern-go/reflect2/test.sh
- vendor/github.com/modern-go/reflect2/type_map.go
- vendor/github.com/modern-go/reflect2/unsafe_array.go
- vendor/github.com/modern-go/reflect2/unsafe_eface.go
- vendor/github.com/modern-go/reflect2/unsafe_field.go
- vendor/github.com/modern-go/reflect2/unsafe_iface.go
- vendor/github.com/modern-go/reflect2/unsafe_link.go
- vendor/github.com/modern-go/reflect2/unsafe_map.go
- vendor/github.com/modern-go/reflect2/unsafe_ptr.go
- vendor/github.com/modern-go/reflect2/unsafe_slice.go
- vendor/github.com/modern-go/reflect2/unsafe_struct.go
- vendor/github.com/modern-go/reflect2/unsafe_type.go
- vendor/github.com/opencontainers/go-digest/.mailmap
- vendor/github.com/opencontainers/go-digest/.pullapprove.yml
- vendor/github.com/opencontainers/go-digest/.travis.yml
- vendor/github.com/opencontainers/go-digest/MAINTAINERS
- vendor/github.com/opencontainers/go-digest/go.mod
- vendor/github.com/opencontainers/runc/libcontainer/user/lookup_unix.go
- vendor/github.com/opencontainers/runc/libcontainer/user/user.go
- vendor/github.com/opencontainers/runc/libcontainer/user/user_fuzzer.go
- vendor/github.com/opencontainers/runtime-spec/specs-go/config.go
- vendor/github.com/opencontainers/runtime-spec/specs-go/state.go
- vendor/github.com/opencontainers/runtime-spec/specs-go/version.go
- vendor/github.com/opencontainers/selinux/go-selinux/doc.go
- vendor/github.com/opencontainers/selinux/go-selinux/label/label.go
- vendor/github.com/opencontainers/selinux/go-selinux/label/label_linux.go
- vendor/github.com/opencontainers/selinux/go-selinux/label/label_stub.go
- vendor/github.com/opencontainers/selinux/go-selinux/selinux.go
- vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go
- vendor/github.com/opencontainers/selinux/go-selinux/selinux_stub.go
- vendor/github.com/opencontainers/selinux/go-selinux/xattrs_linux.go
- vendor/github.com/opencontainers/selinux/pkg/pwalk/README.md
- vendor/github.com/opencontainers/selinux/pkg/pwalk/pwalk.go
- vendor/github.com/pelletier/go-toml/.dockerignore
- vendor/github.com/pelletier/go-toml/.gitignore
- vendor/github.com/pelletier/go-toml/CONTRIBUTING.md
- vendor/github.com/pelletier/go-toml/Dockerfile
- vendor/github.com/pelletier/go-toml/Makefile
- vendor/github.com/pelletier/go-toml/PULL_REQUEST_TEMPLATE.md
- vendor/github.com/pelletier/go-toml/README.md
- vendor/github.com/pelletier/go-toml/azure-pipelines.yml
- vendor/github.com/pelletier/go-toml/benchmark.sh
- vendor/github.com/pelletier/go-toml/doc.go
- vendor/github.com/pelletier/go-toml/example-crlf.toml
- vendor/github.com/pelletier/go-toml/example.toml
- vendor/github.com/pelletier/go-toml/fuzz.go
- vendor/github.com/pelletier/go-toml/fuzz.sh
- vendor/github.com/pelletier/go-toml/fuzzit.sh
- vendor/github.com/pelletier/go-toml/go.mod
- vendor/github.com/pelletier/go-toml/go.sum
- vendor/github.com/pelletier/go-toml/keysparsing.go
- vendor/github.com/pelletier/go-toml/lexer.go
- vendor/github.com/pelletier/go-toml/marshal.go
- vendor/github.com/pelletier/go-toml/marshal_OrderPreserve_test.toml
- vendor/github.com/pelletier/go-toml/marshal_test.toml
- vendor/github.com/pelletier/go-toml/parser.go
- vendor/github.com/pelletier/go-toml/position.go
- vendor/github.com/pelletier/go-toml/token.go
- vendor/github.com/pelletier/go-toml/toml.go
- vendor/github.com/pelletier/go-toml/tomltree_create.go
- vendor/github.com/pelletier/go-toml/tomltree_write.go
- vendor/github.com/pkg/errors/.gitignore
- vendor/github.com/pkg/errors/.travis.yml
- vendor/github.com/pkg/errors/Makefile
- vendor/github.com/pkg/errors/README.md
- vendor/github.com/pkg/errors/appveyor.yml
- vendor/github.com/pkg/errors/errors.go
- vendor/github.com/pkg/errors/go113.go
- vendor/github.com/pkg/errors/stack.go
- vendor/github.com/pmezard/go-difflib/difflib/difflib.go
- vendor/github.com/prometheus/client_golang/prometheus/.gitignore
- vendor/github.com/prometheus/client_golang/prometheus/README.md
- vendor/github.com/prometheus/client_model/go/metrics.pb.go
- vendor/github.com/prometheus/procfs/.gitignore
- vendor/github.com/prometheus/procfs/.golangci.yml
- vendor/github.com/prometheus/procfs/CODE_OF_CONDUCT.md
- vendor/github.com/prometheus/procfs/CONTRIBUTING.md
- vendor/github.com/prometheus/procfs/MAINTAINERS.md
- vendor/github.com/prometheus/procfs/README.md
- vendor/github.com/prometheus/procfs/SECURITY.md
- vendor/github.com/prometheus/procfs/fixtures.ttar
- vendor/github.com/prometheus/procfs/go.mod
- vendor/github.com/prometheus/procfs/go.sum
- vendor/github.com/russross/blackfriday/v2/.gitignore
- vendor/github.com/russross/blackfriday/v2/.travis.yml
- vendor/github.com/russross/blackfriday/v2/LICENSE.txt
- vendor/github.com/russross/blackfriday/v2/README.md
- vendor/github.com/russross/blackfriday/v2/doc.go
- vendor/github.com/russross/blackfriday/v2/esc.go
- vendor/github.com/russross/blackfriday/v2/go.mod
- vendor/github.com/russross/blackfriday/v2/node.go
- vendor/github.com/shurcooL/sanitized_anchor_name/.travis.yml
- vendor/github.com/shurcooL/sanitized_anchor_name/README.md
- vendor/github.com/shurcooL/sanitized_anchor_name/go.mod
- vendor/github.com/shurcooL/sanitized_anchor_name/main.go
- vendor/github.com/sirupsen/logrus/.gitignore
- vendor/github.com/sirupsen/logrus/.golangci.yml
- vendor/github.com/sirupsen/logrus/.travis.yml
- vendor/github.com/sirupsen/logrus/CHANGELOG.md
- vendor/github.com/sirupsen/logrus/README.md
- vendor/github.com/sirupsen/logrus/appveyor.yml
- vendor/github.com/sirupsen/logrus/buffer_pool.go
- vendor/github.com/sirupsen/logrus/doc.go
- vendor/github.com/sirupsen/logrus/entry.go
- vendor/github.com/sirupsen/logrus/exported.go
- vendor/github.com/sirupsen/logrus/formatter.go
- vendor/github.com/sirupsen/logrus/go.mod
- vendor/github.com/sirupsen/logrus/go.sum
- vendor/github.com/sirupsen/logrus/hooks.go
- vendor/github.com/sirupsen/logrus/json_formatter.go
- vendor/github.com/sirupsen/logrus/logger.go
- vendor/github.com/sirupsen/logrus/logrus.go
- vendor/github.com/sirupsen/logrus/terminal_check_appengine.go
- vendor/github.com/sirupsen/logrus/terminal_check_bsd.go
- vendor/github.com/sirupsen/logrus/terminal_check_js.go
- vendor/github.com/sirupsen/logrus/terminal_check_no_terminal.go
- vendor/github.com/sirupsen/logrus/terminal_check_notappengine.go
- vendor/github.com/sirupsen/logrus/terminal_check_solaris.go
- vendor/github.com/sirupsen/logrus/terminal_check_unix.go
- vendor/github.com/sirupsen/logrus/terminal_check_windows.go
- vendor/github.com/sirupsen/logrus/text_formatter.go
- vendor/github.com/sirupsen/logrus/writer.go
- vendor/github.com/stefanberger/go-pkcs11uri/.gitignore
- vendor/github.com/stefanberger/go-pkcs11uri/.travis.yml
- vendor/github.com/stefanberger/go-pkcs11uri/README.md
- vendor/github.com/stretchr/testify/assert/assertion_compare.go
- vendor/github.com/stretchr/testify/assert/assertion_format.go
- vendor/github.com/stretchr/testify/assert/assertion_format.go.tmpl
- vendor/github.com/stretchr/testify/assert/assertion_forward.go
- vendor/github.com/stretchr/testify/assert/assertion_forward.go.tmpl
- vendor/github.com/stretchr/testify/assert/assertions.go
- vendor/github.com/stretchr/testify/assert/doc.go
- vendor/github.com/stretchr/testify/assert/errors.go
- vendor/github.com/stretchr/testify/assert/forward_assertions.go
- vendor/github.com/stretchr/testify/assert/http_assertions.go
- vendor/github.com/stretchr/testify/require/doc.go
- vendor/github.com/stretchr/testify/require/forward_requirements.go
- vendor/github.com/stretchr/testify/require/require.go
- vendor/github.com/stretchr/testify/require/require.go.tmpl
- vendor/github.com/stretchr/testify/require/require_forward.go
- vendor/github.com/stretchr/testify/require/require_forward.go.tmpl
- vendor/github.com/stretchr/testify/require/requirements.go
- vendor/github.com/tchap/go-patricia/AUTHORS
- vendor/github.com/urfave/cli/.flake8
- vendor/github.com/urfave/cli/.gitignore
- vendor/github.com/urfave/cli/.travis.yml
- vendor/github.com/urfave/cli/CHANGELOG.md
- vendor/github.com/urfave/cli/CODE_OF_CONDUCT.md
- vendor/github.com/urfave/cli/CONTRIBUTING.md
- vendor/github.com/urfave/cli/README.md
- vendor/github.com/urfave/cli/appveyor.yml
- vendor/github.com/urfave/cli/category.go
- vendor/github.com/urfave/cli/cli.go
- vendor/github.com/urfave/cli/command.go
- vendor/github.com/urfave/cli/context.go
- vendor/github.com/urfave/cli/docs.go
- vendor/github.com/urfave/cli/errors.go
- vendor/github.com/urfave/cli/fish.go
- vendor/github.com/urfave/cli/flag.go
- vendor/github.com/urfave/cli/flag_bool.go
- vendor/github.com/urfave/cli/flag_bool_t.go
- vendor/github.com/urfave/cli/flag_duration.go
- vendor/github.com/urfave/cli/flag_float64.go
- vendor/github.com/urfave/cli/flag_generic.go
- vendor/github.com/urfave/cli/flag_int.go
- vendor/github.com/urfave/cli/flag_int64.go
- vendor/github.com/urfave/cli/flag_int64_slice.go
- vendor/github.com/urfave/cli/flag_int_slice.go
- vendor/github.com/urfave/cli/flag_string.go
- vendor/github.com/urfave/cli/flag_string_slice.go
- vendor/github.com/urfave/cli/flag_uint.go
- vendor/github.com/urfave/cli/flag_uint64.go
- vendor/github.com/urfave/cli/funcs.go
- vendor/github.com/urfave/cli/go.mod
- vendor/github.com/urfave/cli/go.sum
- vendor/github.com/urfave/cli/help.go
- vendor/github.com/urfave/cli/parse.go
- vendor/github.com/urfave/cli/sort.go
- vendor/github.com/urfave/cli/template.go
- vendor/go.etcd.io/bbolt/.gitignore
- vendor/go.etcd.io/bbolt/.travis.yml
- vendor/go.etcd.io/bbolt/Makefile
- vendor/go.etcd.io/bbolt/README.md
- vendor/go.etcd.io/bbolt/bolt_386.go
- vendor/go.etcd.io/bbolt/bolt_amd64.go
- vendor/go.etcd.io/bbolt/bolt_arm.go
- vendor/go.etcd.io/bbolt/bolt_arm64.go
- vendor/go.etcd.io/bbolt/bolt_linux.go
- vendor/go.etcd.io/bbolt/bolt_mips64x.go
- vendor/go.etcd.io/bbolt/bolt_mipsx.go
- vendor/go.etcd.io/bbolt/bolt_openbsd.go
- vendor/go.etcd.io/bbolt/bolt_ppc.go
- vendor/go.etcd.io/bbolt/bolt_ppc64.go
- vendor/go.etcd.io/bbolt/bolt_ppc64le.go
- vendor/go.etcd.io/bbolt/bolt_riscv64.go
- vendor/go.etcd.io/bbolt/bolt_s390x.go
- vendor/go.etcd.io/bbolt/bolt_unix.go
- vendor/go.etcd.io/bbolt/bolt_unix_aix.go
- vendor/go.etcd.io/bbolt/bolt_unix_solaris.go
- vendor/go.etcd.io/bbolt/bolt_windows.go
- vendor/go.etcd.io/bbolt/boltsync_unix.go
- vendor/go.etcd.io/bbolt/bucket.go
- vendor/go.etcd.io/bbolt/cursor.go
- vendor/go.etcd.io/bbolt/db.go
- vendor/go.etcd.io/bbolt/doc.go
- vendor/go.etcd.io/bbolt/errors.go
- vendor/go.etcd.io/bbolt/freelist.go
- vendor/go.etcd.io/bbolt/freelist_hmap.go
- vendor/go.etcd.io/bbolt/go.mod
- vendor/go.etcd.io/bbolt/go.sum
- vendor/go.etcd.io/bbolt/node.go
- vendor/go.etcd.io/bbolt/page.go
- vendor/go.etcd.io/bbolt/tx.go
- vendor/go.etcd.io/bbolt/unsafe.go
- vendor/go.mozilla.org/pkcs7/.gitignore
- vendor/go.mozilla.org/pkcs7/.travis.yml
- vendor/go.mozilla.org/pkcs7/Makefile
- vendor/go.mozilla.org/pkcs7/README.md
- vendor/go.mozilla.org/pkcs7/ber.go
- vendor/go.mozilla.org/pkcs7/decrypt.go
- vendor/go.mozilla.org/pkcs7/encrypt.go
- vendor/go.mozilla.org/pkcs7/go.mod
- vendor/go.mozilla.org/pkcs7/pkcs7.go
- vendor/go.mozilla.org/pkcs7/sign.go
- vendor/go.mozilla.org/pkcs7/verify.go
- vendor/go.opencensus.io/.gitignore
- vendor/go.opencensus.io/.travis.yml
- vendor/go.opencensus.io/AUTHORS
- vendor/go.opencensus.io/CONTRIBUTING.md
- vendor/go.opencensus.io/Makefile
- vendor/go.opencensus.io/README.md
- vendor/go.opencensus.io/appveyor.yml
- vendor/go.opencensus.io/go.mod
- vendor/go.opencensus.io/go.sum
- vendor/golang.org/x/crypto/AUTHORS
- vendor/golang.org/x/crypto/CONTRIBUTORS
- vendor/golang.org/x/crypto/PATENTS
- vendor/golang.org/x/net/AUTHORS
- vendor/golang.org/x/net/CONTRIBUTORS
- vendor/golang.org/x/net/PATENTS
- vendor/golang.org/x/net/http2/.gitignore
- vendor/golang.org/x/net/http2/Dockerfile
- vendor/golang.org/x/net/http2/Makefile
- vendor/golang.org/x/net/http2/README
- vendor/golang.org/x/net/idna/tables10.0.0.go
- vendor/golang.org/x/net/idna/tables11.0.0.go
- vendor/golang.org/x/net/idna/tables12.0.0.go
- vendor/golang.org/x/net/idna/tables13.0.0.go
- vendor/golang.org/x/net/idna/tables9.0.0.go
- vendor/golang.org/x/net/idna/trieval.go
- vendor/golang.org/x/oauth2/.travis.yml
- vendor/golang.org/x/oauth2/AUTHORS
- vendor/golang.org/x/oauth2/CONTRIBUTING.md
- vendor/golang.org/x/oauth2/CONTRIBUTORS
- vendor/golang.org/x/oauth2/README.md
- vendor/golang.org/x/oauth2/go.mod
- vendor/golang.org/x/oauth2/go.sum
- vendor/golang.org/x/sync/AUTHORS
- vendor/golang.org/x/sync/CONTRIBUTORS
- vendor/golang.org/x/sync/PATENTS
- vendor/golang.org/x/sys/AUTHORS
- vendor/golang.org/x/sys/CONTRIBUTORS
- vendor/golang.org/x/sys/PATENTS
- vendor/golang.org/x/sys/plan9/const_plan9.go
- vendor/golang.org/x/sys/plan9/zsyscall_plan9_386.go
- vendor/golang.org/x/sys/plan9/zsyscall_plan9_amd64.go
- vendor/golang.org/x/sys/plan9/zsyscall_plan9_arm.go
- vendor/golang.org/x/sys/plan9/zsysnum_plan9.go
- vendor/golang.org/x/sys/unix/.gitignore
- vendor/golang.org/x/sys/unix/README.md
- vendor/golang.org/x/sys/unix/zerrors_aix_ppc.go
- vendor/golang.org/x/sys/unix/zerrors_aix_ppc64.go
- vendor/golang.org/x/sys/unix/zerrors_darwin_386.go
- vendor/golang.org/x/sys/unix/zerrors_darwin_amd64.go
- vendor/golang.org/x/sys/unix/zerrors_darwin_arm.go
- vendor/golang.org/x/sys/unix/zerrors_darwin_arm64.go
- vendor/golang.org/x/sys/unix/zerrors_dragonfly_amd64.go
- vendor/golang.org/x/sys/unix/zerrors_freebsd_386.go
- vendor/golang.org/x/sys/unix/zerrors_freebsd_amd64.go
- vendor/golang.org/x/sys/unix/zerrors_freebsd_arm.go
- vendor/golang.org/x/sys/unix/zerrors_freebsd_arm64.go
- vendor/golang.org/x/sys/unix/zerrors_linux.go
- vendor/golang.org/x/sys/unix/zerrors_linux_386.go
- vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go
- vendor/golang.org/x/sys/unix/zerrors_linux_arm.go
- vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go
- vendor/golang.org/x/sys/unix/zerrors_linux_mips.go
- vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go
- vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go
- vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go
- vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go
- vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go
- vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go
- vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go
- vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go
- vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go
- vendor/golang.org/x/sys/unix/zerrors_netbsd_386.go
- vendor/golang.org/x/sys/unix/zerrors_netbsd_amd64.go
- vendor/golang.org/x/sys/unix/zerrors_netbsd_arm.go
- vendor/golang.org/x/sys/unix/zerrors_netbsd_arm64.go
- vendor/golang.org/x/sys/unix/zerrors_openbsd_386.go
- vendor/golang.org/x/sys/unix/zerrors_openbsd_amd64.go
- vendor/golang.org/x/sys/unix/zerrors_openbsd_arm.go
- vendor/golang.org/x/sys/unix/zerrors_openbsd_arm64.go
- vendor/golang.org/x/sys/unix/zerrors_openbsd_mips64.go
- vendor/golang.org/x/sys/unix/zerrors_solaris_amd64.go
- vendor/golang.org/x/sys/unix/zptrace_armnn_linux.go
- vendor/golang.org/x/sys/unix/zptrace_linux_arm64.go
- vendor/golang.org/x/sys/unix/zptrace_mipsnn_linux.go
- vendor/golang.org/x/sys/unix/zptrace_mipsnnle_linux.go
- vendor/golang.org/x/sys/unix/zptrace_x86_linux.go
- vendor/golang.org/x/sys/unix/zsyscall_aix_ppc.go
- vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64.go
- vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gc.go
- vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gccgo.go
- vendor/golang.org/x/sys/unix/zsyscall_darwin_386.1_13.go
- vendor/golang.org/x/sys/unix/zsyscall_darwin_386.1_13.s
- vendor/golang.org/x/sys/unix/zsyscall_darwin_386.go
- vendor/golang.org/x/sys/unix/zsyscall_darwin_386.s
- vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.1_13.go
- vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.1_13.s
- vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go
- vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.s
- vendor/golang.org/x/sys/unix/zsyscall_darwin_arm.1_13.go
- vendor/golang.org/x/sys/unix/zsyscall_darwin_arm.1_13.s
- vendor/golang.org/x/sys/unix/zsyscall_darwin_arm.go
- vendor/golang.org/x/sys/unix/zsyscall_darwin_arm.s
- vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.1_13.go
- vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.1_13.s
- vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go
- vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.s
- vendor/golang.org/x/sys/unix/zsyscall_dragonfly_amd64.go
- vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go
- vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go
- vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go
- vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go
- vendor/golang.org/x/sys/unix/zsyscall_illumos_amd64.go
- vendor/golang.org/x/sys/unix/zsyscall_linux.go
- vendor/golang.org/x/sys/unix/zsyscall_linux_386.go
- vendor/golang.org/x/sys/unix/zsyscall_linux_amd64.go
- vendor/golang.org/x/sys/unix/zsyscall_linux_arm.go
- vendor/golang.org/x/sys/unix/zsyscall_linux_arm64.go
- vendor/golang.org/x/sys/unix/zsyscall_linux_mips.go
- vendor/golang.org/x/sys/unix/zsyscall_linux_mips64.go
- vendor/golang.org/x/sys/unix/zsyscall_linux_mips64le.go
- vendor/golang.org/x/sys/unix/zsyscall_linux_mipsle.go
- vendor/golang.org/x/sys/unix/zsyscall_linux_ppc.go
- vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64.go
- vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64le.go
- vendor/golang.org/x/sys/unix/zsyscall_linux_riscv64.go
- vendor/golang.org/x/sys/unix/zsyscall_linux_s390x.go
- vendor/golang.org/x/sys/unix/zsyscall_linux_sparc64.go
- vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go
- vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go
- vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go
- vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go
- vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go
- vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go
- vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go
- vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go
- vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go
- vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go
- vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go
- vendor/golang.org/x/sys/unix/zsysctl_openbsd_386.go
- vendor/golang.org/x/sys/unix/zsysctl_openbsd_amd64.go
- vendor/golang.org/x/sys/unix/zsysctl_openbsd_arm.go
- vendor/golang.org/x/sys/unix/zsysctl_openbsd_arm64.go
- vendor/golang.org/x/sys/unix/zsysctl_openbsd_mips64.go
- vendor/golang.org/x/sys/unix/zsysnum_darwin_386.go
- vendor/golang.org/x/sys/unix/zsysnum_darwin_amd64.go
- vendor/golang.org/x/sys/unix/zsysnum_darwin_arm.go
- vendor/golang.org/x/sys/unix/zsysnum_darwin_arm64.go
- vendor/golang.org/x/sys/unix/zsysnum_dragonfly_amd64.go
- vendor/golang.org/x/sys/unix/zsysnum_freebsd_386.go
- vendor/golang.org/x/sys/unix/zsysnum_freebsd_amd64.go
- vendor/golang.org/x/sys/unix/zsysnum_freebsd_arm.go
- vendor/golang.org/x/sys/unix/zsysnum_freebsd_arm64.go
- vendor/golang.org/x/sys/unix/zsysnum_linux_386.go
- vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go
- vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go
- vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go
- vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go
- vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go
- vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go
- vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go
- vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go
- vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go
- vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go
- vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go
- vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go
- vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go
- vendor/golang.org/x/sys/unix/zsysnum_netbsd_386.go
- vendor/golang.org/x/sys/unix/zsysnum_netbsd_amd64.go
- vendor/golang.org/x/sys/unix/zsysnum_netbsd_arm.go
- vendor/golang.org/x/sys/unix/zsysnum_netbsd_arm64.go
- vendor/golang.org/x/sys/unix/zsysnum_openbsd_386.go
- vendor/golang.org/x/sys/unix/zsysnum_openbsd_amd64.go
- vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm.go
- vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm64.go
- vendor/golang.org/x/sys/unix/zsysnum_openbsd_mips64.go
- vendor/golang.org/x/sys/unix/ztypes_aix_ppc.go
- vendor/golang.org/x/sys/unix/ztypes_aix_ppc64.go
- vendor/golang.org/x/sys/unix/ztypes_darwin_386.go
- vendor/golang.org/x/sys/unix/ztypes_darwin_amd64.go
- vendor/golang.org/x/sys/unix/ztypes_darwin_arm.go
- vendor/golang.org/x/sys/unix/ztypes_darwin_arm64.go
- vendor/golang.org/x/sys/unix/ztypes_dragonfly_amd64.go
- vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go
- vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go
- vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go
- vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go
- vendor/golang.org/x/sys/unix/ztypes_illumos_amd64.go
- vendor/golang.org/x/sys/unix/ztypes_linux.go
- vendor/golang.org/x/sys/unix/ztypes_linux_386.go
- vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go
- vendor/golang.org/x/sys/unix/ztypes_linux_arm.go
- vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go
- vendor/golang.org/x/sys/unix/ztypes_linux_mips.go
- vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go
- vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go
- vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go
- vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go
- vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go
- vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go
- vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go
- vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go
- vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go
- vendor/golang.org/x/sys/unix/ztypes_netbsd_386.go
- vendor/golang.org/x/sys/unix/ztypes_netbsd_amd64.go
- vendor/golang.org/x/sys/unix/ztypes_netbsd_arm.go
- vendor/golang.org/x/sys/unix/ztypes_netbsd_arm64.go
- vendor/golang.org/x/sys/unix/ztypes_openbsd_386.go
- vendor/golang.org/x/sys/unix/ztypes_openbsd_amd64.go
- vendor/golang.org/x/sys/unix/ztypes_openbsd_arm.go
- vendor/golang.org/x/sys/unix/ztypes_openbsd_arm64.go
- vendor/golang.org/x/sys/unix/ztypes_openbsd_mips64.go
- vendor/golang.org/x/sys/unix/ztypes_solaris_amd64.go
- vendor/golang.org/x/sys/windows/registry/zsyscall_windows.go
- vendor/golang.org/x/sys/windows/zerrors_windows.go
- vendor/golang.org/x/sys/windows/zknownfolderids_windows.go
- vendor/golang.org/x/sys/windows/zsyscall_windows.go
- vendor/golang.org/x/term/AUTHORS
- vendor/golang.org/x/term/CONTRIBUTING.md
- vendor/golang.org/x/term/CONTRIBUTORS
- vendor/golang.org/x/term/PATENTS
- vendor/golang.org/x/term/README.md
- vendor/golang.org/x/term/go.mod
- vendor/golang.org/x/term/go.sum
- vendor/golang.org/x/text/AUTHORS
- vendor/golang.org/x/text/CONTRIBUTORS
- vendor/golang.org/x/text/PATENTS
- vendor/golang.org/x/text/unicode/bidi/tables10.0.0.go
- vendor/golang.org/x/text/unicode/bidi/tables11.0.0.go
- vendor/golang.org/x/text/unicode/bidi/tables12.0.0.go
- vendor/golang.org/x/text/unicode/bidi/tables13.0.0.go
- vendor/golang.org/x/text/unicode/bidi/tables9.0.0.go
- vendor/golang.org/x/text/unicode/bidi/trieval.go
- vendor/golang.org/x/text/unicode/norm/tables10.0.0.go
- vendor/golang.org/x/text/unicode/norm/tables11.0.0.go
- vendor/golang.org/x/text/unicode/norm/tables12.0.0.go
- vendor/golang.org/x/text/unicode/norm/tables13.0.0.go
- vendor/golang.org/x/text/unicode/norm/tables9.0.0.go
- vendor/golang.org/x/time/AUTHORS
- vendor/golang.org/x/time/CONTRIBUTORS
- vendor/golang.org/x/time/PATENTS
- vendor/golang.org/x/xerrors/PATENTS
- vendor/golang.org/x/xerrors/README
- vendor/golang.org/x/xerrors/codereview.cfg
- vendor/golang.org/x/xerrors/go.mod
- vendor/google.golang.org/appengine/internal/base/api_base.pb.go
- vendor/google.golang.org/appengine/internal/base/api_base.proto
- vendor/google.golang.org/appengine/internal/datastore/datastore_v3.pb.go
- vendor/google.golang.org/appengine/internal/datastore/datastore_v3.proto
- vendor/google.golang.org/appengine/internal/log/log_service.pb.go
- vendor/google.golang.org/appengine/internal/log/log_service.proto
- vendor/google.golang.org/appengine/internal/main_common.go
- vendor/google.golang.org/appengine/internal/regen.sh
- vendor/google.golang.org/appengine/internal/remote_api/remote_api.pb.go
- vendor/google.golang.org/appengine/internal/remote_api/remote_api.proto
- vendor/google.golang.org/appengine/internal/urlfetch/urlfetch_service.pb.go
- vendor/google.golang.org/appengine/internal/urlfetch/urlfetch_service.proto
- vendor/google.golang.org/genproto/googleapis/rpc/status/status.pb.go
- vendor/google.golang.org/grpc/.travis.yml
- vendor/google.golang.org/grpc/AUTHORS
- vendor/google.golang.org/grpc/CODE-OF-CONDUCT.md
- vendor/google.golang.org/grpc/CONTRIBUTING.md
- vendor/google.golang.org/grpc/GOVERNANCE.md
- vendor/google.golang.org/grpc/Makefile
- vendor/google.golang.org/grpc/README.md
- vendor/google.golang.org/grpc/binarylog/grpc_binarylog_v1/binarylog.pb.go
- vendor/google.golang.org/grpc/codegen.sh
- vendor/google.golang.org/grpc/go.mod
- vendor/google.golang.org/grpc/go.sum
- vendor/google.golang.org/grpc/health/grpc_health_v1/health.pb.go
- vendor/google.golang.org/grpc/install_gae.sh
- vendor/google.golang.org/grpc/vet.sh
- vendor/gopkg.in/inf.v0/dec.go
- vendor/gopkg.in/inf.v0/rounder.go
- vendor/gopkg.in/square/go-jose.v2/.gitcookies.sh.enc
- vendor/gopkg.in/square/go-jose.v2/.gitignore
- vendor/gopkg.in/square/go-jose.v2/.travis.yml
- vendor/gopkg.in/square/go-jose.v2/BUG-BOUNTY.md
- vendor/gopkg.in/square/go-jose.v2/CONTRIBUTING.md
- vendor/gopkg.in/square/go-jose.v2/README.md
- vendor/gopkg.in/square/go-jose.v2/json/README.md
- vendor/gopkg.in/yaml.v2/.travis.yml
- vendor/gopkg.in/yaml.v2/README.md
- vendor/gopkg.in/yaml.v2/apic.go
- vendor/gopkg.in/yaml.v2/decode.go
- vendor/gopkg.in/yaml.v2/emitterc.go
- vendor/gopkg.in/yaml.v2/encode.go
- vendor/gopkg.in/yaml.v2/go.mod
- vendor/gopkg.in/yaml.v2/parserc.go
- vendor/gopkg.in/yaml.v2/readerc.go
- vendor/gopkg.in/yaml.v2/resolve.go
- vendor/gopkg.in/yaml.v2/scannerc.go
- vendor/gopkg.in/yaml.v2/sorter.go
- vendor/gopkg.in/yaml.v2/writerc.go
- vendor/gopkg.in/yaml.v2/yaml.go
- vendor/gopkg.in/yaml.v2/yamlh.go
- vendor/gopkg.in/yaml.v2/yamlprivateh.go
- vendor/gopkg.in/yaml.v3/.travis.yml
- vendor/gopkg.in/yaml.v3/README.md
- vendor/gopkg.in/yaml.v3/go.mod
- vendor/gotest.tools/v3/assert/assert.go
- vendor/gotest.tools/v3/assert/cmp/compare.go
- vendor/gotest.tools/v3/assert/cmp/result.go
- vendor/gotest.tools/v3/internal/assert/assert.go
- vendor/gotest.tools/v3/internal/assert/result.go
- vendor/gotest.tools/v3/internal/difflib/difflib.go
- vendor/gotest.tools/v3/internal/format/diff.go
- vendor/gotest.tools/v3/internal/format/format.go
- vendor/gotest.tools/v3/internal/source/defers.go
- vendor/gotest.tools/v3/internal/source/source.go
- vendor/k8s.io/apimachinery/pkg/api/errors/OWNERS
- vendor/k8s.io/apimachinery/pkg/api/resource/OWNERS
- vendor/k8s.io/apimachinery/pkg/apis/meta/v1/OWNERS
- vendor/k8s.io/apimachinery/third_party/forked/golang/netutil/addr.go
- vendor/k8s.io/client-go/pkg/apis/clientauthentication/OWNERS
- vendor/k8s.io/client-go/pkg/version/.gitattributes
- vendor/k8s.io/client-go/rest/OWNERS
- vendor/k8s.io/client-go/tools/metrics/OWNERS
- vendor/k8s.io/client-go/transport/OWNERS
- vendor/k8s.io/client-go/util/cert/OWNERS
- vendor/k8s.io/client-go/util/keyutil/OWNERS
- vendor/k8s.io/klog/v2/.gitignore
- vendor/k8s.io/klog/v2/CONTRIBUTING.md
- vendor/k8s.io/klog/v2/OWNERS
- vendor/k8s.io/klog/v2/README.md
- vendor/k8s.io/klog/v2/RELEASE.md
- vendor/k8s.io/klog/v2/SECURITY.md
- vendor/k8s.io/klog/v2/SECURITY_CONTACTS
- vendor/k8s.io/klog/v2/code-of-conduct.md
- vendor/k8s.io/klog/v2/go.mod
- vendor/k8s.io/klog/v2/go.sum
- vendor/k8s.io/utils/exec/README.md
- vendor/modules.txt
- vendor/sigs.k8s.io/yaml/.gitignore
- vendor/sigs.k8s.io/yaml/.travis.yml
- vendor/sigs.k8s.io/yaml/CONTRIBUTING.md
- vendor/sigs.k8s.io/yaml/OWNERS
- vendor/sigs.k8s.io/yaml/README.md
- vendor/sigs.k8s.io/yaml/RELEASE.md
- vendor/sigs.k8s.io/yaml/SECURITY_CONTACTS
- vendor/sigs.k8s.io/yaml/code-of-conduct.md
- vendor/sigs.k8s.io/yaml/go.mod
- vendor/sigs.k8s.io/yaml/go.sum
- vendor/sigs.k8s.io/yaml/yaml.go
- vendor/sigs.k8s.io/yaml/yaml_go110.go
-Copyright: __NO_COPYRIGHT_NOR_LICENSE__
-License: __NO_COPYRIGHT_NOR_LICENSE__
-
-Files: vendor/github.com/docker/spdystream/spdy/dictionary.go
- vendor/github.com/docker/spdystream/spdy/read.go
- vendor/github.com/docker/spdystream/spdy/write.go
- vendor/github.com/google/go-cmp/cmp/cmpopts/ignore.go
- vendor/github.com/google/go-cmp/cmp/cmpopts/sort.go
- vendor/github.com/google/go-cmp/cmp/cmpopts/struct_filter.go
- vendor/github.com/google/go-cmp/cmp/cmpopts/xform.go
- vendor/github.com/google/go-cmp/cmp/internal/diff/debug_disable.go
- vendor/github.com/google/go-cmp/cmp/internal/diff/debug_enable.go
- vendor/github.com/google/go-cmp/cmp/internal/flags/flags.go
- vendor/github.com/google/go-cmp/cmp/internal/value/name.go
- vendor/github.com/google/go-cmp/cmp/internal/value/sort.go
- vendor/github.com/google/go-cmp/cmp/internal/value/zero.go
- vendor/github.com/google/go-cmp/cmp/options.go
- vendor/github.com/google/go-cmp/cmp/path.go
- vendor/github.com/google/go-cmp/cmp/report.go
- vendor/github.com/google/go-cmp/cmp/report_compare.go
- vendor/github.com/google/go-cmp/cmp/report_references.go
- vendor/github.com/google/go-cmp/cmp/report_reflect.go
- vendor/github.com/google/go-cmp/cmp/report_slices.go
- vendor/github.com/google/go-cmp/cmp/report_text.go
- vendor/github.com/google/go-cmp/cmp/report_value.go
- vendor/github.com/google/uuid/dce.go
- vendor/github.com/google/uuid/hash.go
- vendor/github.com/google/uuid/marshal.go
- vendor/github.com/google/uuid/node.go
- vendor/github.com/google/uuid/sql.go
- vendor/github.com/google/uuid/time.go
- vendor/github.com/google/uuid/util.go
- vendor/github.com/google/uuid/uuid.go
- vendor/github.com/google/uuid/version1.go
- vendor/github.com/google/uuid/version4.go
- vendor/github.com/klauspost/compress/snappy/decode.go
- vendor/github.com/klauspost/compress/snappy/encode.go
- vendor/github.com/miekg/pkcs11/const.go
- vendor/github.com/miekg/pkcs11/error.go
- vendor/github.com/miekg/pkcs11/params.go
- vendor/github.com/miekg/pkcs11/types.go
- vendor/golang.org/x/crypto/ed25519/internal/edwards25519/const.go
- vendor/golang.org/x/crypto/ed25519/internal/edwards25519/edwards25519.go
- vendor/golang.org/x/crypto/openpgp/armor/encode.go
- vendor/golang.org/x/crypto/openpgp/canonical_text.go
- vendor/golang.org/x/crypto/openpgp/keys.go
- vendor/golang.org/x/crypto/openpgp/packet/compressed.go
- vendor/golang.org/x/crypto/openpgp/packet/config.go
- vendor/golang.org/x/crypto/openpgp/packet/encrypted_key.go
- vendor/golang.org/x/crypto/openpgp/packet/literal.go
- vendor/golang.org/x/crypto/openpgp/packet/one_pass_signature.go
- vendor/golang.org/x/crypto/openpgp/packet/opaque.go
- vendor/golang.org/x/crypto/openpgp/packet/private_key.go
- vendor/golang.org/x/crypto/openpgp/packet/public_key.go
- vendor/golang.org/x/crypto/openpgp/packet/public_key_v3.go
- vendor/golang.org/x/crypto/openpgp/packet/reader.go
- vendor/golang.org/x/crypto/openpgp/packet/signature.go
- vendor/golang.org/x/crypto/openpgp/packet/signature_v3.go
- vendor/golang.org/x/crypto/openpgp/packet/symmetric_key_encrypted.go
- vendor/golang.org/x/crypto/openpgp/packet/symmetrically_encrypted.go
- vendor/golang.org/x/crypto/openpgp/packet/userattribute.go
- vendor/golang.org/x/crypto/openpgp/packet/userid.go
- vendor/golang.org/x/crypto/openpgp/write.go
- vendor/golang.org/x/net/http/httpguts/httplex.go
- vendor/golang.org/x/net/http2/ciphers.go
- vendor/golang.org/x/net/http2/databuffer.go
- vendor/golang.org/x/net/http2/errors.go
- vendor/golang.org/x/net/http2/frame.go
- vendor/golang.org/x/net/http2/headermap.go
- vendor/golang.org/x/net/http2/hpack/encode.go
- vendor/golang.org/x/net/http2/hpack/huffman.go
- vendor/golang.org/x/net/http2/hpack/tables.go
- vendor/golang.org/x/net/http2/pipe.go
- vendor/golang.org/x/net/http2/write.go
- vendor/golang.org/x/net/http2/writesched.go
- vendor/golang.org/x/net/http2/writesched_priority.go
- vendor/golang.org/x/net/http2/writesched_random.go
- vendor/golang.org/x/net/idna/punycode.go
- vendor/golang.org/x/net/idna/trie.go
- vendor/golang.org/x/net/trace/events.go
- vendor/golang.org/x/net/trace/histogram.go
- vendor/golang.org/x/net/websocket/client.go
- vendor/golang.org/x/net/websocket/dial.go
- vendor/golang.org/x/net/websocket/hybi.go
- vendor/golang.org/x/net/websocket/server.go
- vendor/golang.org/x/oauth2/internal/oauth2.go
- vendor/golang.org/x/oauth2/internal/token.go
- vendor/golang.org/x/oauth2/internal/transport.go
- vendor/golang.org/x/oauth2/token.go
- vendor/golang.org/x/oauth2/transport.go
- vendor/golang.org/x/sys/plan9/asm.s
- vendor/golang.org/x/sys/plan9/asm_plan9_386.s
- vendor/golang.org/x/sys/plan9/asm_plan9_amd64.s
- vendor/golang.org/x/sys/plan9/asm_plan9_arm.s
- vendor/golang.org/x/sys/plan9/errors_plan9.go
- vendor/golang.org/x/sys/plan9/mksysnum_plan9.sh
- vendor/golang.org/x/sys/unix/errors_freebsd_arm.go
- vendor/golang.org/x/sys/unix/fcntl_darwin.go
- vendor/golang.org/x/sys/unix/ioctl_linux.go
- vendor/golang.org/x/sys/unix/pledge_openbsd.go
- vendor/golang.org/x/sys/unix/sockcmsg_dragonfly.go
- vendor/golang.org/x/sys/unix/syscall_darwin_arm.go
- vendor/golang.org/x/sys/unix/syscall_openbsd_mips64.go
- vendor/golang.org/x/sys/unix/unveil_openbsd.go
- vendor/golang.org/x/sys/windows/dll_windows.go
- vendor/golang.org/x/sys/windows/memory_windows.go
- vendor/golang.org/x/sys/windows/mkerrors.bash
- vendor/golang.org/x/sys/windows/mkknownfolderids.bash
- vendor/golang.org/x/sys/windows/security_windows.go
- vendor/golang.org/x/sys/windows/setupapierrors_windows.go
- vendor/golang.org/x/sys/windows/svc/sys_windows_arm.s
- vendor/golang.org/x/sys/windows/svc/sys_windows_arm64.s
- vendor/golang.org/x/sys/windows/types_windows.go
- vendor/golang.org/x/sys/windows/types_windows_386.go
- vendor/golang.org/x/sys/windows/types_windows_amd64.go
- vendor/golang.org/x/sys/windows/types_windows_arm.go
- vendor/golang.org/x/sys/windows/types_windows_arm64.go
- vendor/golang.org/x/term/term_plan9.go
- vendor/golang.org/x/term/term_solaris.go
- vendor/golang.org/x/term/term_unix_aix.go
- vendor/golang.org/x/term/term_unix_linux.go
- vendor/golang.org/x/term/term_unix_zos.go
- vendor/golang.org/x/term/term_windows.go
- vendor/golang.org/x/term/terminal.go
- vendor/golang.org/x/text/unicode/bidi/bidi.go
- vendor/golang.org/x/text/unicode/bidi/bracket.go
- vendor/golang.org/x/text/unicode/bidi/core.go
- vendor/golang.org/x/text/unicode/bidi/prop.go
- vendor/golang.org/x/text/unicode/norm/composition.go
- vendor/golang.org/x/text/unicode/norm/forminfo.go
- vendor/golang.org/x/text/unicode/norm/input.go
- vendor/golang.org/x/text/unicode/norm/iter.go
- vendor/golang.org/x/text/unicode/norm/normalize.go
- vendor/golang.org/x/text/unicode/norm/readwriter.go
- vendor/golang.org/x/text/unicode/norm/transform.go
- vendor/golang.org/x/text/unicode/norm/trie.go
- vendor/golang.org/x/xerrors/adaptor.go
- vendor/golang.org/x/xerrors/errors.go
- vendor/golang.org/x/xerrors/fmt.go
- vendor/golang.org/x/xerrors/format.go
- vendor/golang.org/x/xerrors/frame.go
- vendor/golang.org/x/xerrors/internal/internal.go
- vendor/golang.org/x/xerrors/wrap.go
- vendor/gopkg.in/square/go-jose.v2/json/indent.go
- vendor/gopkg.in/square/go-jose.v2/json/scanner.go
- vendor/gopkg.in/square/go-jose.v2/json/stream.go
- vendor/gopkg.in/square/go-jose.v2/json/tags.go
- vendor/sigs.k8s.io/yaml/fields.go
-Copyright: 2009-2021 The Go Authors.
- 2011 The Snappy-Go Authors.
- 2013 Miek Gieben.
- 2016-2018 Google Inc.
-License: __UNKNOWN__
- Use of this source code is governed by a BSD-style
- license that can be found in the LICENSE file.
-
-Files: protobuf/plugin/fieldpath.proto
- vendor/github.com/gogo/protobuf/gogoproto/Makefile
- vendor/github.com/gogo/protobuf/gogoproto/gogo.proto
- vendor/github.com/gogo/protobuf/gogoproto/helper.go
- vendor/github.com/gogo/protobuf/plugin/compare/compare.go
- vendor/github.com/gogo/protobuf/plugin/compare/comparetest.go
- vendor/github.com/gogo/protobuf/plugin/description/descriptiontest.go
- vendor/github.com/gogo/protobuf/plugin/equal/equaltest.go
- vendor/github.com/gogo/protobuf/plugin/face/facetest.go
- vendor/github.com/gogo/protobuf/plugin/gostring/gostringtest.go
- vendor/github.com/gogo/protobuf/plugin/size/sizetest.go
- vendor/github.com/gogo/protobuf/plugin/stringer/stringertest.go
- vendor/github.com/gogo/protobuf/plugin/union/uniontest.go
- vendor/github.com/gogo/protobuf/proto/custom_gogo.go
- vendor/github.com/gogo/protobuf/proto/duration_gogo.go
- vendor/github.com/gogo/protobuf/proto/encode_gogo.go
- vendor/github.com/gogo/protobuf/proto/extensions_gogo.go
- vendor/github.com/gogo/protobuf/proto/lib_gogo.go
- vendor/github.com/gogo/protobuf/proto/properties_gogo.go
- vendor/github.com/gogo/protobuf/proto/skip_gogo.go
- vendor/github.com/gogo/protobuf/proto/table_marshal_gogo.go
- vendor/github.com/gogo/protobuf/proto/table_unmarshal_gogo.go
- vendor/github.com/gogo/protobuf/proto/text_gogo.go
- vendor/github.com/gogo/protobuf/proto/timestamp_gogo.go
- vendor/github.com/gogo/protobuf/proto/wrappers.go
- vendor/github.com/gogo/protobuf/proto/wrappers_gogo.go
- vendor/github.com/gogo/protobuf/protoc-gen-gogo/descriptor/helper.go
- vendor/github.com/gogo/protobuf/protoc-gen-gogo/generator/helper.go
- vendor/github.com/gogo/protobuf/sortkeys/sortkeys.go
- vendor/github.com/gogo/protobuf/types/duration_gogo.go
- vendor/github.com/gogo/protobuf/types/timestamp_gogo.go
- vendor/github.com/gogo/protobuf/types/wrappers_gogo.go
- vendor/github.com/gogo/protobuf/vanity/command/command.go
- vendor/github.com/gogo/protobuf/vanity/enum.go
- vendor/github.com/gogo/protobuf/vanity/field.go
- vendor/github.com/gogo/protobuf/vanity/file.go
- vendor/github.com/gogo/protobuf/vanity/foreach.go
- vendor/github.com/gogo/protobuf/vanity/msg.go
-Copyright: 2013-2018 The GoGo Authors. http://github.com/gogo/protobuf
- 2015 The GoGo Authors. rights reserved. http://github.com/gogo/protobuf
-License: BSD-2-Clause
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are
- met:
- .
- * Redistributions of source code must retain the above copyright
- notice, this list of conditions and the following disclaimer.
- * Redistributions in binary form must reproduce the above
- copyright notice, this list of conditions and the following disclaimer
- in the documentation and/or other materials provided with the
- distribution.
- .
- THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-Files: vendor/github.com/gogo/protobuf/proto/Makefile
- vendor/github.com/gogo/protobuf/proto/decode.go
- vendor/github.com/gogo/protobuf/proto/deprecated.go
- vendor/github.com/gogo/protobuf/proto/discard.go
- vendor/github.com/gogo/protobuf/proto/duration.go
- vendor/github.com/gogo/protobuf/proto/encode.go
- vendor/github.com/gogo/protobuf/proto/extensions.go
- vendor/github.com/gogo/protobuf/proto/message_set.go
- vendor/github.com/gogo/protobuf/proto/table_marshal.go
- vendor/github.com/gogo/protobuf/proto/table_merge.go
- vendor/github.com/gogo/protobuf/proto/table_unmarshal.go
- vendor/github.com/gogo/protobuf/proto/timestamp.go
- vendor/github.com/gogo/protobuf/protoc-gen-gogo/descriptor/Makefile
- vendor/github.com/gogo/protobuf/types/any.go
- vendor/github.com/gogo/protobuf/types/duration.go
- vendor/github.com/gogo/protobuf/types/timestamp.go
- vendor/github.com/golang/protobuf/proto/decode.go
- vendor/github.com/golang/protobuf/proto/deprecated.go
- vendor/github.com/golang/protobuf/proto/discard.go
- vendor/github.com/golang/protobuf/proto/encode.go
- vendor/github.com/golang/protobuf/proto/extensions.go
- vendor/github.com/golang/protobuf/proto/message_set.go
- vendor/github.com/golang/protobuf/proto/properties.go
- vendor/github.com/golang/protobuf/proto/table_marshal.go
- vendor/github.com/golang/protobuf/proto/table_merge.go
- vendor/github.com/golang/protobuf/proto/table_unmarshal.go
- vendor/github.com/golang/protobuf/proto/text.go
- vendor/github.com/golang/protobuf/proto/text_parser.go
- vendor/github.com/golang/protobuf/ptypes/any.go
- vendor/github.com/golang/protobuf/ptypes/any/any.proto
- vendor/github.com/golang/protobuf/ptypes/duration.go
- vendor/github.com/golang/protobuf/ptypes/duration/duration.proto
- vendor/github.com/golang/protobuf/ptypes/timestamp.go
- vendor/github.com/golang/protobuf/ptypes/timestamp/timestamp.proto
- vendor/github.com/moby/sys/symlink/LICENSE.BSD
-Copyright: 2008 Google Inc. https://developers.google.com/protocol-buffers/
- 2010-2018 The Go Authors. https://github.com/golang/protobuf
- 2014-2018 The Docker & Go Authors.
-License: BSD-3-Clause
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are
- met:
- .
- * Redistributions of source code must retain the above copyright
- notice, this list of conditions and the following disclaimer.
- * Redistributions in binary form must reproduce the above
- copyright notice, this list of conditions and the following disclaimer
- in the documentation and/or other materials provided with the
- distribution.
- * Neither the name of Google Inc. nor the names of its
- contributors may be used to endorse or promote products derived from
- this software without specific prior written permission.
- .
- THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- .
- On Debian systems, the complete text of the BSD 3-clause "New" or "Revised"
- License can be found in `/usr/share/common-licenses/BSD'.
-
-Files: integration/remote/remote_image.go
- integration/remote/remote_runtime.go
- integration/remote/util/util_unix.go
- integration/remote/util/util_unsupported.go
- integration/remote/util/util_windows.go
- integration/remote/utils.go
- integration/util/boottime_util_darwin.go
- integration/util/boottime_util_linux.go
- integration/util/util.go
- integration/util/util_unix.go
- integration/util/util_unsupported.go
- integration/util/util_windows.go
- pkg/cri/server/bandwidth/fake_shaper.go
- pkg/cri/server/bandwidth/interfaces.go
- pkg/cri/server/bandwidth/linux.go
- pkg/cri/server/bandwidth/unsupported.go
- pkg/cri/server/bandwidth/utils.go
- pkg/cri/streaming/errors.go
- pkg/cri/streaming/portforward/httpstream.go
- pkg/cri/streaming/portforward/portforward.go
- pkg/cri/streaming/portforward/websocket.go
- pkg/cri/streaming/remotecommand/attach.go
- pkg/cri/streaming/remotecommand/exec.go
- pkg/cri/streaming/remotecommand/httpstream.go
- pkg/cri/streaming/remotecommand/websocket.go
- pkg/cri/streaming/request_cache.go
- pkg/cri/streaming/server.go
- pkg/netns/netns_linux.go
- pkg/seccomp/seccomp_linux.go
- test/init-buildx.sh
-Copyright: 2015-2020 The Kubernetes Authors.
- 2018 CNI authors
- The containerd Authors.
- The runc Authors.
-License: Apache-2.0
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
- .
- http://www.apache.org/licenses/LICENSE-2.0
- .
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- .
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
- .
- http://www.apache.org/licenses/LICENSE-2.0
- .
- Unless required by applicable law or agreed to in writing, software
- .
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- .
- On Debian systems, the complete text of the Apache License Version 2.0
- can be found in `/usr/share/common-licenses/Apache-2.0'.
-
-Files: vendor/github.com/klauspost/compress/zstd/bitreader.go
- vendor/github.com/klauspost/compress/zstd/blockdec.go
- vendor/github.com/klauspost/compress/zstd/blockenc.go
- vendor/github.com/klauspost/compress/zstd/bytebuf.go
- vendor/github.com/klauspost/compress/zstd/bytereader.go
- vendor/github.com/klauspost/compress/zstd/decoder.go
- vendor/github.com/klauspost/compress/zstd/decoder_options.go
- vendor/github.com/klauspost/compress/zstd/enc_best.go
- vendor/github.com/klauspost/compress/zstd/enc_better.go
- vendor/github.com/klauspost/compress/zstd/enc_dfast.go
- vendor/github.com/klauspost/compress/zstd/enc_fast.go
- vendor/github.com/klauspost/compress/zstd/encoder.go
- vendor/github.com/klauspost/compress/zstd/framedec.go
- vendor/github.com/klauspost/compress/zstd/frameenc.go
- vendor/github.com/klauspost/compress/zstd/fse_decoder.go
- vendor/github.com/klauspost/compress/zstd/fse_encoder.go
- vendor/github.com/klauspost/compress/zstd/fse_predefined.go
- vendor/github.com/klauspost/compress/zstd/hash.go
- vendor/github.com/klauspost/compress/zstd/history.go
- vendor/github.com/klauspost/compress/zstd/seqdec.go
- vendor/github.com/klauspost/compress/zstd/seqenc.go
- vendor/github.com/klauspost/compress/zstd/snappy.go
-Copyright: 2019 + Klaus Post.
-License: __UNKNOWN__
- License information can be found in the LICENSE file.
- Based on work by Yann Collet, released under BSD License.
-
-Files: vendor/github.com/emicklei/go-restful/compress.go
- vendor/github.com/emicklei/go-restful/compressor_cache.go
- vendor/github.com/emicklei/go-restful/compressor_pools.go
- vendor/github.com/emicklei/go-restful/compressors.go
- vendor/github.com/emicklei/go-restful/constants.go
- vendor/github.com/emicklei/go-restful/container.go
- vendor/github.com/emicklei/go-restful/cors_filter.go
- vendor/github.com/emicklei/go-restful/curly.go
- vendor/github.com/emicklei/go-restful/entity_accessors.go
- vendor/github.com/emicklei/go-restful/jsr311.go
- vendor/github.com/emicklei/go-restful/logger.go
- vendor/github.com/emicklei/go-restful/parameter.go
- vendor/github.com/emicklei/go-restful/path_expression.go
- vendor/github.com/emicklei/go-restful/request.go
- vendor/github.com/emicklei/go-restful/response.go
- vendor/github.com/emicklei/go-restful/route.go
- vendor/github.com/emicklei/go-restful/route_builder.go
- vendor/github.com/emicklei/go-restful/router.go
- vendor/github.com/emicklei/go-restful/service_error.go
- vendor/github.com/emicklei/go-restful/web_service_container.go
-Copyright: 2013-2015 Ernest Micklei.
-License: __UNKNOWN__
- Use of this source code is governed by a license
- that can be found in the LICENSE file.
-
-Files: vendor/k8s.io/api/core/v1/zz_generated.deepcopy.go
- vendor/k8s.io/apimachinery/pkg/api/resource/zz_generated.deepcopy.go
- vendor/k8s.io/apimachinery/pkg/apis/meta/v1/unstructured/zz_generated.deepcopy.go
- vendor/k8s.io/apimachinery/pkg/apis/meta/v1/zz_generated.deepcopy.go
- vendor/k8s.io/apimachinery/pkg/labels/zz_generated.deepcopy.go
- vendor/k8s.io/apimachinery/pkg/runtime/zz_generated.deepcopy.go
- vendor/k8s.io/apimachinery/pkg/watch/zz_generated.deepcopy.go
- vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1/zz_generated.deepcopy.go
- vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1beta1/zz_generated.deepcopy.go
- vendor/k8s.io/client-go/pkg/apis/clientauthentication/zz_generated.deepcopy.go
- vendor/k8s.io/client-go/rest/zz_generated.deepcopy.go
- vendor/k8s.io/client-go/tools/clientcmd/api/zz_generated.deepcopy.go
-Copyright: The Kubernetes Authors.
-License: Apache-2.0
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
- .
- http://www.apache.org/licenses/LICENSE-2.0
- .
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- .
- Code generated by deepcopy-gen. DO NOT EDIT.
- .
- On Debian systems, the complete text of the Apache License Version 2.0
- can be found in `/usr/share/common-licenses/Apache-2.0'.
-
-Files: vendor/github.com/fsnotify/fsnotify/windows.go
- vendor/golang.org/x/sys/windows/eventlog.go
- vendor/golang.org/x/sys/windows/registry/syscall.go
- vendor/golang.org/x/sys/windows/registry/value.go
- vendor/golang.org/x/sys/windows/service.go
- vendor/golang.org/x/sys/windows/str.go
- vendor/golang.org/x/sys/windows/svc/debug/log.go
- vendor/golang.org/x/sys/windows/svc/event.go
- vendor/golang.org/x/sys/windows/svc/mgr/config.go
- vendor/golang.org/x/sys/windows/svc/mgr/recovery.go
- vendor/golang.org/x/sys/windows/svc/mgr/service.go
- vendor/golang.org/x/sys/windows/svc/security.go
-Copyright: 2009-2018 The Go Authors.
-License: __UNKNOWN__
- Use of this source code is governed by a BSD-style
- license that can be found in the LICENSE file.
- .
- +build windows
-
-Files: vendor/github.com/cpuguy83/go-md2man/v2/LICENSE.md
- vendor/github.com/sirupsen/logrus/alt_exit.go
- vendor/gopkg.in/yaml.v2/LICENSE.libyaml
- vendor/gopkg.in/yaml.v3/apic.go
- vendor/gopkg.in/yaml.v3/emitterc.go
- vendor/gopkg.in/yaml.v3/parserc.go
- vendor/gopkg.in/yaml.v3/readerc.go
- vendor/gopkg.in/yaml.v3/scannerc.go
- vendor/gopkg.in/yaml.v3/writerc.go
- vendor/gopkg.in/yaml.v3/yamlh.go
- vendor/gopkg.in/yaml.v3/yamlprivateh.go
-Copyright: 2006-2010 Kirill Simonov
- 2011-2019 Canonical Ltd
- 2012 Miki Tebeka .
- 2014 Brian Goff
-License: Expat
- Permission is hereby granted, free of charge, to any person obtaining a copy
- of this software and associated documentation files (the "Software"), to deal
- in the Software without restriction, including without limitation the rights
- to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- copies of the Software, and to permit persons to whom the Software is
- furnished to do so, subject to the following conditions:
- .
- The above copyright notice and this permission notice shall be included in all
- copies or substantial portions of the Software.
- .
- THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
- SOFTWARE.
-
-Files: vendor/github.com/Microsoft/hcsshim/README.md
- vendor/github.com/docker/go-events/README.md
- vendor/github.com/emicklei/go-restful/README.md
- vendor/github.com/emicklei/go-restful/doc.go
- vendor/github.com/gogo/googleapis/google/rpc/code.pb.go
- vendor/github.com/grpc-ecosystem/go-grpc-prometheus/client_reporter.go
- vendor/github.com/grpc-ecosystem/go-grpc-prometheus/server_reporter.go
- vendor/github.com/grpc-ecosystem/go-grpc-prometheus/util.go
- vendor/github.com/matttproud/golang_protobuf_extensions/NOTICE
- vendor/github.com/russross/blackfriday/v2/markdown.go
-Copyright: 2011 Russ Ross . Distributed under the Simplified BSD License. See README.md for details.
- 2012 Matt T. Proud (matt.proud@gmail.com)
- 2012-2015 http://ernestmicklei.com. MIT License
- 2012-2018 http://ernestmicklei.com. MIT License. Contributions are welcome.
- 2016 Docker, Inc. go-events is licensed under the Apache License, Version 2.0. See [LICENSE](LICENSE) for the full license text.
- 2016 Michal Witkowski. See LICENSE for licensing terms.
- 2018 Microsoft Corp.
- Use `FAILED_PRECONDITION` if the client should not retry until the system state has been explicitly fixed. E.g., if an "rmdir"
-License: __NO_LICENSE__
-
-Files: vendor/github.com/klauspost/compress/fse/bitreader.go
- vendor/github.com/klauspost/compress/fse/bitwriter.go
- vendor/github.com/klauspost/compress/fse/bytereader.go
- vendor/github.com/klauspost/compress/fse/compress.go
- vendor/github.com/klauspost/compress/huff0/bitreader.go
- vendor/github.com/klauspost/compress/huff0/bitwriter.go
- vendor/github.com/klauspost/compress/huff0/bytereader.go
- vendor/github.com/klauspost/compress/zstd/bitwriter.go
-Copyright: 2018 Klaus Post.
-License: __UNKNOWN__
- Use of this source code is governed by a BSD-style
- license that can be found in the LICENSE file.
- Based on work Copyright (c) 2013, Yann Collet, released under BSD License.
-
-Files: vendor/golang.org/x/sys/unix/epoll_zos.go
- vendor/golang.org/x/sys/unix/fstatfs_zos.go
- vendor/golang.org/x/sys/unix/ioctl_zos.go
- vendor/golang.org/x/sys/unix/syscall_zos_s390x.go
- vendor/golang.org/x/sys/unix/zerrors_zos_s390x.go
- vendor/golang.org/x/sys/unix/zsysnum_zos_s390x.go
- vendor/golang.org/x/sys/unix/ztypes_zos_s390x.go
-Copyright: 2020 The Go Authors.
-License: __UNKNOWN__
- Use of this source code is governed by a BSD-style
- license that can be found in the LICENSE file.
- .
- go:build zos && s390x
- +build zos,s390x
-
-Files: vendor/k8s.io/apimachinery/pkg/util/sets/byte.go
- vendor/k8s.io/apimachinery/pkg/util/sets/empty.go
- vendor/k8s.io/apimachinery/pkg/util/sets/int.go
- vendor/k8s.io/apimachinery/pkg/util/sets/int32.go
- vendor/k8s.io/apimachinery/pkg/util/sets/int64.go
- vendor/k8s.io/apimachinery/pkg/util/sets/string.go
-Copyright: The Kubernetes Authors.
-License: Apache-2.0
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
- .
- http://www.apache.org/licenses/LICENSE-2.0
- .
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- .
- Code generated by set-gen. DO NOT EDIT.
- .
- On Debian systems, the complete text of the Apache License Version 2.0
- can be found in `/usr/share/common-licenses/Apache-2.0'.
-
-Files: vendor/k8s.io/api/core/v1/generated.proto
- vendor/k8s.io/apimachinery/pkg/api/resource/generated.proto
- vendor/k8s.io/apimachinery/pkg/apis/meta/v1/generated.proto
- vendor/k8s.io/apimachinery/pkg/runtime/generated.proto
- vendor/k8s.io/apimachinery/pkg/runtime/schema/generated.proto
- vendor/k8s.io/apimachinery/pkg/util/intstr/generated.proto
-Copyright: The Kubernetes Authors.
-License: Apache-2.0
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
- .
- http://www.apache.org/licenses/LICENSE-2.0
- .
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- .
- This file was autogenerated by go-to-protobuf. Do not edit it manually!
- .
- On Debian systems, the complete text of the Apache License Version 2.0
- can be found in `/usr/share/common-licenses/Apache-2.0'.
-
-Files: vendor/golang.org/x/sys/unix/asm_aix_ppc64.s
- vendor/golang.org/x/sys/unix/asm_linux_386.s
- vendor/golang.org/x/sys/unix/asm_linux_amd64.s
- vendor/golang.org/x/sys/unix/asm_linux_arm.s
- vendor/golang.org/x/sys/unix/asm_openbsd_mips64.s
- vendor/golang.org/x/sys/unix/asm_solaris_amd64.s
-Copyright: 2009-2019 The Go Authors.
-License: __UNKNOWN__
- Use of this source code is governed by a BSD-style
- license that can be found in the LICENSE file.
- .
- go:build gc
- +build gc
-
-Files: vendor/google.golang.org/appengine/internal/api_common.go
- vendor/google.golang.org/appengine/internal/app_id.go
- vendor/google.golang.org/appengine/internal/identity.go
- vendor/google.golang.org/appengine/internal/metadata.go
- vendor/google.golang.org/appengine/internal/net.go
- vendor/google.golang.org/appengine/internal/transaction.go
-Copyright: 2011-2015 Google Inc.
-License: __UNKNOWN__
- Use of this source code is governed by the Apache 2.0
- license that can be found in the LICENSE file.
-
-Files: vendor/github.com/davecgh/go-spew/spew/common.go
- vendor/github.com/davecgh/go-spew/spew/config.go
- vendor/github.com/davecgh/go-spew/spew/dump.go
- vendor/github.com/davecgh/go-spew/spew/format.go
- vendor/github.com/davecgh/go-spew/spew/spew.go
-Copyright: 2013-2016 Dave Collins
-License: ISC
- Permission to use, copy, modify, and distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
- .
- THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-
-Files: vendor/github.com/prometheus/client_golang/prometheus/process_collector_other.go
- vendor/github.com/prometheus/procfs/kernel_random.go
- vendor/github.com/prometheus/procfs/proc_smaps.go
- vendor/github.com/prometheus/procfs/vm.go
- vendor/github.com/prometheus/procfs/zoneinfo.go
-Copyright: 2019-2020 The Prometheus Authors
-License: Apache-2.0
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
- .
- http://www.apache.org/licenses/LICENSE-2.0
- .
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- .
- +build !windows
- .
- On Debian systems, the complete text of the Apache License Version 2.0
- can be found in `/usr/share/common-licenses/Apache-2.0'.
-
-Files: vendor/github.com/opencontainers/go-digest/algorithm.go
- vendor/github.com/opencontainers/go-digest/digest.go
- vendor/github.com/opencontainers/go-digest/digester.go
- vendor/github.com/opencontainers/go-digest/digestset/set.go
- vendor/github.com/opencontainers/go-digest/verifiers.go
-Copyright: 2017 Docker, Inc.
- 2019-2020 OCI Contributors
-License: Apache-2.0
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
- .
- https://www.apache.org/licenses/LICENSE-2.0
- .
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- .
- On Debian systems, the complete text of the Apache License Version 2.0
- can be found in `/usr/share/common-licenses/Apache-2.0'.
-
-Files: vendor/golang.org/x/sys/unix/dirent.go
- vendor/golang.org/x/sys/unix/fdset.go
- vendor/golang.org/x/sys/unix/ioctl.go
- vendor/golang.org/x/sys/unix/str.go
- vendor/golang.org/x/sys/unix/syscall_unix.go
-Copyright: 2009-2019 The Go Authors.
-License: __UNKNOWN__
- Use of this source code is governed by a BSD-style
- license that can be found in the LICENSE file.
- .
- go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris
- +build aix darwin dragonfly freebsd linux netbsd openbsd solaris
-
-Files: vendor/github.com/klauspost/compress/snappy/decode_amd64.go
- vendor/github.com/klauspost/compress/snappy/decode_amd64.s
- vendor/github.com/klauspost/compress/snappy/encode_amd64.go
- vendor/github.com/klauspost/compress/snappy/encode_amd64.s
-Copyright: 2016 The Go Authors.
- 2016 The Snappy-Go Authors.
-License: __UNKNOWN__
- Use of this source code is governed by a BSD-style
- license that can be found in the LICENSE file.
- .
- +build !appengine
- +build gc
- +build !noasm
-
-Files: vendor/github.com/docker/go-events/CONTRIBUTING.md
- vendor/github.com/docker/go-metrics/CONTRIBUTING.md
- vendor/github.com/docker/go-units/CONTRIBUTING.md
- vendor/github.com/opencontainers/go-digest/CONTRIBUTING.md
-Copyright: 660 York Street, Suite 102, San Francisco, CA 94110 USA
- 2004-2006 The Linux Foundation and its contributors.
- The contribution was provided directly to me some other person who certified (a), (b) or (c) and I have not modified it.
- 9999-94129 1 Letterman Drive Suite D4700 San Francisco, CA,
-License: __UNKNOWN__
- Everyone is permitted to copy and distribute verbatim copies of this
- license document, but changing it is not allowed.
- .
- Developer's Certificate of Origin 1.1
- .
- By making a contribution to this project, I certify that:
- .
- (a) The contribution was created in whole or in part by me and I
- have the right to submit it under the open source license
- indicated in the file; or
- .
- (b) The contribution is based upon previous work that, to the best
- of my knowledge, is covered under an appropriate open source
- license and I have the right under that license to submit that
- work with modifications, whether created in whole or in part
- by me, under the same open source license (unless I am
- permitted to submit under a different license), as indicated
- in the file; or
- .
- (d) I understand and agree that this project and the contribution
- are public and that a record of the contribution (including all
- personal information I submit with it, including my sign-off) is
- maintained indefinitely and may be redistributed consistent with
- this project or the open source license(s) involved.
- ```
- .
- Then you just add a line to every git commit message:
- .
- Signed-off-by: Joe Smith
- .
- Use your real name (sorry, no pseudonyms or anonymous contributions.)
- .
- If you set your `user.name` and `user.email` git configs, you can sign your
- commit automatically with `git commit -s`.
-
-Files: vendor/k8s.io/apimachinery/pkg/apis/meta/v1/zz_generated.conversion.go
- vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1/zz_generated.conversion.go
- vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1beta1/zz_generated.conversion.go
-Copyright: The Kubernetes Authors.
-License: Apache-2.0
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
- .
- http://www.apache.org/licenses/LICENSE-2.0
- .
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- .
- Code generated by conversion-gen. DO NOT EDIT.
- .
- On Debian systems, the complete text of the Apache License Version 2.0
- can be found in `/usr/share/common-licenses/Apache-2.0'.
-
-Files: vendor/k8s.io/apimachinery/pkg/apis/meta/v1/zz_generated.defaults.go
- vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1/zz_generated.defaults.go
- vendor/k8s.io/client-go/pkg/apis/clientauthentication/v1beta1/zz_generated.defaults.go
-Copyright: The Kubernetes Authors.
-License: Apache-2.0
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
- .
- http://www.apache.org/licenses/LICENSE-2.0
- .
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- .
- Code generated by defaulter-gen. DO NOT EDIT.
- .
- On Debian systems, the complete text of the Apache License Version 2.0
- can be found in `/usr/share/common-licenses/Apache-2.0'.
-
-Files: vendor/google.golang.org/appengine/internal/api.go
- vendor/google.golang.org/appengine/internal/identity_vm.go
- vendor/google.golang.org/appengine/internal/main_vm.go
-Copyright: 2011 Google Inc.
-License: __UNKNOWN__
- Use of this source code is governed by the Apache 2.0
- license that can be found in the LICENSE file.
- .
- +build !appengine
-
-Files: vendor/github.com/prometheus/client_model/NOTICE
- vendor/github.com/prometheus/common/NOTICE
- vendor/github.com/prometheus/procfs/NOTICE
-Copyright: 2012-2015 The Prometheus Authors
-License: __UNKNOWN__
- This product includes software developed at
- SoundCloud Ltd. (http://soundcloud.com/).
-
-Files: vendor/github.com/imdario/mergo/map.go
- vendor/github.com/imdario/mergo/merge.go
- vendor/github.com/imdario/mergo/mergo.go
-Copyright: 2009 The Go Authors.
- 2013-2014 Dario Castañé.
-License: __UNKNOWN__
- Use of this source code is governed by a BSD-style
- license that can be found in the LICENSE file.
- .
- Based on src/pkg/reflect/deepequal.go from official
- golang's stdlib.
-
-Files: vendor/golang.org/x/sys/unix/asm_bsd_386.s
- vendor/golang.org/x/sys/unix/asm_bsd_arm.s
- vendor/golang.org/x/sys/unix/asm_bsd_arm64.s
-Copyright: 2021 The Go Authors.
-License: __UNKNOWN__
- Use of this source code is governed by a BSD-style
- license that can be found in the LICENSE file.
- .
- go:build (darwin || freebsd || netbsd || openbsd) && gc
- +build darwin freebsd netbsd openbsd
- +build gc
-
-Files: vendor/google.golang.org/appengine/internal/api_classic.go
- vendor/google.golang.org/appengine/internal/identity_classic.go
- vendor/google.golang.org/appengine/internal/main.go
-Copyright: 2011-2015 Google Inc.
-License: __UNKNOWN__
- Use of this source code is governed by the Apache 2.0
- license that can be found in the LICENSE file.
- .
- +build appengine
-
-Files: vendor/golang.org/x/sys/unix/errors_freebsd_386.go
- vendor/golang.org/x/sys/unix/errors_freebsd_amd64.go
- vendor/golang.org/x/sys/unix/errors_freebsd_arm64.go
-Copyright: 2017-2020 The Go Authors.
-License: __UNKNOWN__
- Use of this source code is governed by a BSD-style
- license that can be found in the LICENSE file.
- .
- Constants that were deprecated or moved to enums in the FreeBSD headers. Keep
- them here for backwards compatibility.
-
-Files: vendor/github.com/gogo/protobuf/proto/properties.go
- vendor/github.com/gogo/protobuf/proto/text.go
- vendor/github.com/gogo/protobuf/proto/text_parser.go
-Copyright: 2010 The Go Authors. https://github.com/golang/protobuf
- 2013 The GoGo Authors. http://github.com/gogo/protobuf
-License: BSD-3-Clause
- Go support for Protocol Buffers - Google's data interchange format
- .
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are
- met:
- .
- * Redistributions of source code must retain the above copyright
- notice, this list of conditions and the following disclaimer.
- * Redistributions in binary form must reproduce the above
- copyright notice, this list of conditions and the following disclaimer
- in the documentation and/or other materials provided with the
- distribution.
- * Neither the name of Google Inc. nor the names of its
- contributors may be used to endorse or promote products derived from
- this software without specific prior written permission.
- .
- THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- .
- On Debian systems, the complete text of the BSD 3-clause "New" or "Revised"
- License can be found in `/usr/share/common-licenses/BSD'.
-
-Files: vendor/github.com/docker/go-metrics/LICENSE.docs
- vendor/github.com/docker/spdystream/LICENSE.docs
- vendor/github.com/opencontainers/go-digest/LICENSE.docs
-Copyright: __NO_COPYRIGHT__ in: vendor/github.com/docker/go-metrics/LICENSE.docs
- __NO_COPYRIGHT__ in: vendor/github.com/docker/spdystream/LICENSE.docs
- __NO_COPYRIGHT__ in: vendor/github.com/opencontainers/go-digest/LICENSE.docs
-License: __UNKNOWN__ with unknown exception
- licensed material, or material used under an exception or
- limitation to copyright. More considerations for licensors:
-
-Files: vendor/github.com/cespare/xxhash/v2/LICENSE.txt
- vendor/github.com/klauspost/compress/zstd/internal/xxhash/LICENSE.txt
-Copyright: 2016 Caleb Spare
-License: Expat
- MIT License
- .
- Permission is hereby granted, free of charge, to any person obtaining
- a copy of this software and associated documentation files (the
- "Software"), to deal in the Software without restriction, including
- without limitation the rights to use, copy, modify, merge, publish,
- distribute, sublicense, and/or sell copies of the Software, and to
- permit persons to whom the Software is furnished to do so, subject to
- the following conditions:
- .
- The above copyright notice and this permission notice shall be
- included in all copies or substantial portions of the Software.
- .
- THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
- EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
- MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
- NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
- LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
- OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
- WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
-Files: api/services/events/v1/doc.go
- api/services/ttrpc/events/v1/doc.go
-Copyright: The containerd Authors.
-License: Apache-2.0
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
- .
- http://www.apache.org/licenses/LICENSE-2.0
- .
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- .
- Package events defines the event pushing and subscription service.
- .
- On Debian systems, the complete text of the Apache License Version 2.0
- can be found in `/usr/share/common-licenses/Apache-2.0'.
-
-Files: vendor/github.com/containerd/console/tc_openbsd_nocgo.go
- vendor/github.com/containerd/console/tc_solaris_nocgo.go
-Copyright: The containerd Authors.
-License: Apache-2.0
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
- .
- http://www.apache.org/licenses/LICENSE-2.0
- .
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- .
- Implementing the functions below requires cgo support. Non-cgo stubs
- versions are defined below to enable cross-compilation of source code
- that depends on these functions, but the resultant cross-compiled
- binaries cannot actually be used. If the stub function(s) below are
- actually invoked they will display an error message and cause the
- calling process to exit.
- .
- On Debian systems, the complete text of the Apache License Version 2.0
- can be found in `/usr/share/common-licenses/Apache-2.0'.
-
-Files: vendor/github.com/prometheus/procfs/cpuinfo.go
- vendor/github.com/prometheus/procfs/cpuinfo_s390x.go
-Copyright: 2019-2020 The Prometheus Authors
-License: Apache-2.0
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
- .
- http://www.apache.org/licenses/LICENSE-2.0
- .
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- .
- +build linux
- .
- On Debian systems, the complete text of the Apache License Version 2.0
- can be found in `/usr/share/common-licenses/Apache-2.0'.
-
-Files: vendor/golang.org/x/sys/windows/mksyscall.go
- vendor/golang.org/x/sys/windows/registry/mksyscall.go
-Copyright: 2009-2015 The Go Authors.
-License: __UNKNOWN__
- Use of this source code is governed by a BSD-style
- license that can be found in the LICENSE file.
- .
- +build generate
-
-Files: vendor/github.com/google/go-cmp/cmp/internal/flags/toolchain_legacy.go
- vendor/golang.org/x/text/secure/bidirule/bidirule9.0.0.go
-Copyright: 2016-2019 The Go Authors.
-License: __UNKNOWN__
- Use of this source code is governed by a BSD-style
- license that can be found in the LICENSE file.
- .
- +build !go1.10
-
-Files: vendor/golang.org/x/sys/unix/constants.go
- vendor/golang.org/x/sys/unix/timestruct.go
-Copyright: 2015-2017 The Go Authors.
-License: __UNKNOWN__
- Use of this source code is governed by a BSD-style
- license that can be found in the LICENSE file.
- .
- go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos
- +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos
-
-Files: vendor/github.com/Microsoft/hcsshim/pkg/go-runhcs/NOTICE
- vendor/github.com/opencontainers/runc/NOTICE
-Copyright: 2012-2015 Docker, Inc.
-License: __UNKNOWN__
- This product includes software developed at Docker, Inc. (http://www.docker.com).
- .
- The following is courtesy of our legal counsel:
- .
- Use and transfer of Docker may be subject to certain restrictions by the
- United States and other governments.
- It is your responsibility to ensure that your use and/or transfer does not
- violate applicable laws.
- .
- For more information, please see http://www.bis.doc.gov
- .
- See also http://www.apache.org/dev/crypto.html and/or seek legal counsel.
-
-Files: vendor/github.com/google/go-cmp/cmp/export_panic.go
- vendor/github.com/google/go-cmp/cmp/internal/value/pointer_purego.go
-Copyright: 2017-2018 The Go Authors.
-License: __UNKNOWN__
- Use of this source code is governed by a BSD-style
- license that can be found in the LICENSE file.
- .
- +build purego
-
-Files: vendor/golang.org/x/sys/plan9/mkerrors.sh
- vendor/golang.org/x/sys/unix/mkerrors.sh
-Copyright: 2009 The Go Authors.
-License: __UNKNOWN__
- Use of this source code is governed by a BSD-style
- license that can be found in the LICENSE file.
- .
- Generate Go code listing errors and other #defined constant
- values (ENAMETOOLONG etc.), by asking the preprocessor
- about the definitions.
-
-Files: vendor/github.com/klauspost/compress/snappy/decode_other.go
- vendor/github.com/klauspost/compress/snappy/encode_other.go
-Copyright: 2016 The Snappy-Go Authors.
-License: __UNKNOWN__
- Use of this source code is governed by a BSD-style
- license that can be found in the LICENSE file.
- .
- +build !amd64 appengine !gc noasm
-
-Files: vendor/github.com/google/go-cmp/cmp/internal/flags/toolchain_recent.go
- vendor/golang.org/x/text/secure/bidirule/bidirule10.0.0.go
-Copyright: 2016-2019 The Go Authors.
-License: __UNKNOWN__
- Use of this source code is governed by a BSD-style
- license that can be found in the LICENSE file.
- .
- +build go1.10
-
-Files: NOTICE
- vendor/github.com/docker/go-metrics/NOTICE
-Copyright: 2012-2015 Docker, Inc.
-License: __UNKNOWN__
- This product includes software developed at Docker, Inc. (https://www.docker.com).
- .
- The following is courtesy of our legal counsel:
- .
- Use and transfer of Docker may be subject to certain restrictions by the
- United States and other governments.
- It is your responsibility to ensure that your use and/or transfer does not
- violate applicable laws.
- .
- For more information, please see https://www.bis.doc.gov
- .
- See also https://www.apache.org/dev/crypto.html and/or seek legal counsel.
-
-Files: vendor/github.com/tchap/go-patricia/patricia/children.go
- vendor/github.com/tchap/go-patricia/patricia/patricia.go
-Copyright: 2014 The go-patricia AUTHORS
-License: __UNKNOWN__
- Use of this source code is governed by The MIT License
- that can be found in the LICENSE file.
-
-Files: vendor/github.com/fsnotify/fsnotify/inotify.go
- vendor/github.com/fsnotify/fsnotify/inotify_poller.go
-Copyright: 2010-2015 The Go Authors.
-License: __UNKNOWN__
- Use of this source code is governed by a BSD-style
- license that can be found in the LICENSE file.
- .
- +build linux
-
-Files: vendor/github.com/google/go-cmp/cmp/export_unsafe.go
- vendor/github.com/google/go-cmp/cmp/internal/value/pointer_unsafe.go
-Copyright: 2017-2018 The Go Authors.
-License: __UNKNOWN__
- Use of this source code is governed by a BSD-style
- license that can be found in the LICENSE file.
- .
- +build !purego
-
-Files: vendor/golang.org/x/sys/windows/svc/sys_windows_386.s
- vendor/golang.org/x/sys/windows/svc/sys_windows_amd64.s
-Copyright: 2012 The Go Authors.
-License: __UNKNOWN__
- Use of this source code is governed by a BSD-style
- license that can be found in the LICENSE file.
- .
- func servicemain(argc uint32, argv **uint16)
-
-Files: vendor/github.com/gogo/protobuf/proto/lib.go
- vendor/github.com/golang/protobuf/proto/lib.go
-Copyright: 2010 The Go Authors. https://github.com/golang/protobuf
-License: BSD-3-Clause
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are
- met:
- .
- * Redistributions of source code must retain the above copyright
- notice, this list of conditions and the following disclaimer.
- * Redistributions in binary form must reproduce the above
- copyright notice, this list of conditions and the following disclaimer
- in the documentation and/or other materials provided with the
- distribution.
- * Neither the name of Google Inc. nor the names of its
- contributors may be used to endorse or promote products derived from
- this software without specific prior written permission.
- .
- THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- .
- Package proto converts data structures to and from the wire format of
- protocol buffers. It works in concert with the Go source code generated
- for .proto files by the protocol compiler.
- .
- A summary of the properties of the protocol buffer interface
- for a protocol buffer variable v:
- .
- On Debian systems, the complete text of the BSD 3-clause "New" or "Revised"
- License can be found in `/usr/share/common-licenses/BSD'.
-
-Files: vendor/github.com/gogo/protobuf/proto/pointer_reflect.go
- vendor/github.com/golang/protobuf/proto/pointer_reflect.go
-Copyright: 2012 The Go Authors. https://github.com/golang/protobuf
-License: BSD-3-Clause
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are
- met:
- .
- * Redistributions of source code must retain the above copyright
- notice, this list of conditions and the following disclaimer.
- * Redistributions in binary form must reproduce the above
- copyright notice, this list of conditions and the following disclaimer
- in the documentation and/or other materials provided with the
- distribution.
- * Neither the name of Google Inc. nor the names of its
- contributors may be used to endorse or promote products derived from
- this software without specific prior written permission.
- .
- THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- .
- +build purego appengine js
- .
- This file contains an implementation of proto field accesses using package reflect.
- .
- On Debian systems, the complete text of the BSD 3-clause "New" or "Revised"
- License can be found in `/usr/share/common-licenses/BSD'.
-
-Files: vendor/github.com/gogo/protobuf/proto/equal.go
- vendor/github.com/golang/protobuf/proto/equal.go
-Copyright: 2011 The Go Authors. https://github.com/golang/protobuf
-License: BSD-3-Clause
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are
- met:
- .
- * Redistributions of source code must retain the above copyright
- notice, this list of conditions and the following disclaimer.
- * Redistributions in binary form must reproduce the above
- copyright notice, this list of conditions and the following disclaimer
- in the documentation and/or other materials provided with the
- distribution.
- * Neither the name of Google Inc. nor the names of its
- contributors may be used to endorse or promote products derived from
- this software without specific prior written permission.
- .
- THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- .
- Protocol buffer comparison.
- .
- On Debian systems, the complete text of the BSD 3-clause "New" or "Revised"
- License can be found in `/usr/share/common-licenses/BSD'.
-
-Files: vendor/github.com/gogo/protobuf/proto/pointer_unsafe.go
- vendor/github.com/golang/protobuf/proto/pointer_unsafe.go
-Copyright: 2012 The Go Authors. https://github.com/golang/protobuf
-License: BSD-3-Clause
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are
- met:
- .
- * Redistributions of source code must retain the above copyright
- notice, this list of conditions and the following disclaimer.
- * Redistributions in binary form must reproduce the above
- copyright notice, this list of conditions and the following disclaimer
- in the documentation and/or other materials provided with the
- distribution.
- * Neither the name of Google Inc. nor the names of its
- contributors may be used to endorse or promote products derived from
- this software without specific prior written permission.
- .
- THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- .
- +build !purego,!appengine,!js
- .
- This file contains the implementation of the proto field accesses using package unsafe.
- .
- On Debian systems, the complete text of the BSD 3-clause "New" or "Revised"
- License can be found in `/usr/share/common-licenses/BSD'.
-
-Files: vendor/github.com/gogo/protobuf/proto/clone.go
- vendor/github.com/golang/protobuf/proto/clone.go
-Copyright: 2011 The Go Authors. https://github.com/golang/protobuf
-License: BSD-3-Clause
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are
- met:
- .
- * Redistributions of source code must retain the above copyright
- notice, this list of conditions and the following disclaimer.
- * Redistributions in binary form must reproduce the above
- copyright notice, this list of conditions and the following disclaimer
- in the documentation and/or other materials provided with the
- distribution.
- * Neither the name of Google Inc. nor the names of its
- contributors may be used to endorse or promote products derived from
- this software without specific prior written permission.
- .
- THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- .
- Protocol buffer deep copy and merge.
- TODO: RawMessage.
- .
- On Debian systems, the complete text of the BSD 3-clause "New" or "Revised"
- License can be found in `/usr/share/common-licenses/BSD'.
-
-Files: vendor/github.com/davecgh/go-spew/spew/bypass.go
-Copyright: 2015-2016 Dave Collins
-License: ISC
- Permission to use, copy, modify, and distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
- .
- THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- .
- NOTE: Due to the following build constraints, this file will only be compiled
- when the code is not running on Google App Engine, compiled by GopherJS, and
- "-tags safe" is not added to the go build command line. The "disableunsafe"
- tag is deprecated and thus should not be used.
- Go versions prior to 1.4 are disabled because they use a different layout
- for interfaces which make the implementation of unsafeReflectValue more complex.
- +build !js,!appengine,!safe,!disableunsafe,go1.4
-
-Files: vendor/github.com/davecgh/go-spew/spew/bypasssafe.go
-Copyright: 2015-2016 Dave Collins
-License: ISC
- Permission to use, copy, modify, and distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
- .
- THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- .
- NOTE: Due to the following build constraints, this file will only be compiled
- when the code is running on Google App Engine, compiled by GopherJS, or
- "-tags safe" is added to the go build command line. The "disableunsafe"
- tag is deprecated and thus should not be used.
- +build js appengine safe disableunsafe !go1.4
-
-Files: vendor/github.com/davecgh/go-spew/spew/doc.go
-Copyright: 2013-2016 Dave Collins
-License: ISC
- Permission to use, copy, modify, and distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
- .
- THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- .
- Package spew implements a deep pretty printer for Go data structures to aid in
- debugging.
- .
- A quick overview of the additional features spew provides over the built-in
- printing facilities for Go data types are as follows:
- .
- * Pointers are dereferenced and followed
- * Circular data structures are detected and handled properly
- * Custom Stringer/error interfaces are optionally invoked, including
- on unexported types
- * Custom types which only implement the Stringer/error interfaces via
- a pointer receiver are optionally invoked when passing non-pointer
- variables
- * Byte arrays and slices are dumped like the hexdump -C command which
- includes offsets, byte values in hex, and ASCII output (only when using
- Dump style)
- .
- There are two different approaches spew allows for dumping Go data structures:
- .
- * Dump style which prints with newlines, customizable indentation,
- and additional debug information such as types and all pointer addresses
- used to indirect to the final value
- * A custom Formatter interface that integrates cleanly with the standard fmt
- package and replaces %v, %+v, %#v, and %#+v to provide inline printing
- similar to the default %v while providing the additional functionality
- outlined above and passing unsupported format verbs such as %x and %q
- along to fmt
- .
- Quick Start
- .
- This section demonstrates how to quickly get started with spew. See the
- sections below for further details on formatting and configuration options.
- .
- To dump a variable with full newlines, indentation, type, and pointer
- information use Dump, Fdump, or Sdump:
- spew.Dump(myVar1, myVar2, ...)
- spew.Fdump(someWriter, myVar1, myVar2, ...)
-
-Files: vendor/google.golang.org/grpc/internal/binarylog/binarylog.go
-Copyright: 2018 gRPC authors.
-License: Apache-2.0
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
- .
- http://www.apache.org/licenses/LICENSE-2.0
- .
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- .
- Package binarylog implementation binary logging as defined in
- https://github.com/grpc/proposal/blob/master/A16-binary-logging.md.
- .
- On Debian systems, the complete text of the Apache License Version 2.0
- can be found in `/usr/share/common-licenses/Apache-2.0'.
-
-Files: vendor/google.golang.org/grpc/balancer/balancer.go
-Copyright: 2017 gRPC authors.
-License: Apache-2.0
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
- .
- http://www.apache.org/licenses/LICENSE-2.0
- .
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- .
- Package balancer defines APIs for load balancing in gRPC.
- All APIs in this package are experimental.
- .
- On Debian systems, the complete text of the Apache License Version 2.0
- can be found in `/usr/share/common-licenses/Apache-2.0'.
-
-Files: pkg/cap/cap_linux.go
-Copyright: The containerd Authors.
-License: Apache-2.0
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
- .
- http://www.apache.org/licenses/LICENSE-2.0
- .
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- .
- Package cap provides Linux capability utility
- .
- On Debian systems, the complete text of the Apache License Version 2.0
- can be found in `/usr/share/common-licenses/Apache-2.0'.
-
-Files: vendor/k8s.io/cri-api/pkg/apis/runtime/v1alpha2/api.pb.go
-Copyright: The Kubernetes Authors.
-License: Apache-2.0
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
- .
- http://www.apache.org/licenses/LICENSE-2.0
- .
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- .
- Code generated by protoc-gen-gogo. DO NOT EDIT.
- source: api.proto
- .
- On Debian systems, the complete text of the Apache License Version 2.0
- can be found in `/usr/share/common-licenses/Apache-2.0'.
-
-Files: vendor/k8s.io/apimachinery/pkg/conversion/doc.go
-Copyright: 2014 The Kubernetes Authors.
-License: Apache-2.0
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
- .
- http://www.apache.org/licenses/LICENSE-2.0
- .
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- .
- Package conversion provides go object versioning.
- .
- Specifically, conversion provides a way for you to define multiple versions
- of the same object. You may write functions which implement conversion logic,
- but for the fields which did not change, copying is automated. This makes it
- easy to modify the structures you use in memory without affecting the format
- you store on disk or respond to in your external API calls.
- .
- On Debian systems, the complete text of the Apache License Version 2.0
- can be found in `/usr/share/common-licenses/Apache-2.0'.
-
-Files: vendor/google.golang.org/grpc/naming/naming.go
-Copyright: 2014 gRPC authors.
-License: Apache-2.0
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
- .
- http://www.apache.org/licenses/LICENSE-2.0
- .
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- .
- Package naming defines the naming API and related data structures for gRPC.
- .
- This package is deprecated: please use package resolver instead.
- .
- On Debian systems, the complete text of the Apache License Version 2.0
- can be found in `/usr/share/common-licenses/Apache-2.0'.
-
-Files: test/build-test-images.sh
-Copyright: The containerd Authors.
-License: Apache-2.0
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
- .
- http://www.apache.org/licenses/LICENSE-2.0
- .
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- .
- This script is used to build and upload images in integration/images
- directory to gcr.io/k8s-cri-containerd repository
- .
- On Debian systems, the complete text of the Apache License Version 2.0
- can be found in `/usr/share/common-licenses/Apache-2.0'.
-
-Files: vendor/k8s.io/apimachinery/pkg/runtime/generated.pb.go
-Copyright: The Kubernetes Authors.
-License: Apache-2.0
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
- .
- http://www.apache.org/licenses/LICENSE-2.0
- .
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- .
- Code generated by protoc-gen-gogo. DO NOT EDIT.
- source: k8s.io/kubernetes/vendor/k8s.io/apimachinery/pkg/runtime/generated.proto
- .
- On Debian systems, the complete text of the Apache License Version 2.0
- can be found in `/usr/share/common-licenses/Apache-2.0'.
-
-Files: vendor/k8s.io/klog/v2/klog.go
-Copyright: 2013 Google Inc.
-License: Apache-2.0
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
- .
- http://www.apache.org/licenses/LICENSE-2.0
- .
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- .
- Package klog implements logging analogous to the Google-internal C++ INFO/ERROR/V setup.
- It provides functions Info, Warning, Error, Fatal, plus formatting variants such as
- .
- On Debian systems, the complete text of the Apache License Version 2.0
- can be found in `/usr/share/common-licenses/Apache-2.0'.
-
-Files: vendor/github.com/prometheus/procfs/cpuinfo_others.go
-Copyright: 2020 The Prometheus Authors
-License: Apache-2.0
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
- .
- http://www.apache.org/licenses/LICENSE-2.0
- .
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- .
- +build linux
- +build !386,!amd64,!arm,!arm64,!mips,!mips64,!mips64le,!mipsle,!ppc64,!ppc64le,!riscv64,!s390x
- .
- On Debian systems, the complete text of the Apache License Version 2.0
- can be found in `/usr/share/common-licenses/Apache-2.0'.
-
-Files: vendor/github.com/coreos/go-systemd/v22/dbus/dbus.go
-Copyright: 2015 CoreOS, Inc.
-License: Apache-2.0
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
- .
- http://www.apache.org/licenses/LICENSE-2.0
- .
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- .
- Integration with the systemd D-Bus API. See http://www.freedesktop.org/wiki/Software/systemd/dbus/
- .
- On Debian systems, the complete text of the Apache License Version 2.0
- can be found in `/usr/share/common-licenses/Apache-2.0'.
-
-Files: test/build.sh
-Copyright: The containerd Authors.
-License: Apache-2.0
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
- .
- http://www.apache.org/licenses/LICENSE-2.0
- .
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- .
- This script is used to build and upload containerd with latest CRI plugin
- from containerd/cri in gcr.io/k8s-testimages/kubekins-e2e.
- .
- On Debian systems, the complete text of the Apache License Version 2.0
- can be found in `/usr/share/common-licenses/Apache-2.0'.
-
-Files: vendor/google.golang.org/grpc/internal/balancerload/load.go
-Copyright: 2019 gRPC authors.
-License: Apache-2.0
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
- .
- http://www.apache.org/licenses/LICENSE-2.0
- .
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- .
- Package balancerload defines APIs to parse server loads in trailers. The
- parsed loads are sent to balancers in DoneInfo.
- .
- On Debian systems, the complete text of the Apache License Version 2.0
- can be found in `/usr/share/common-licenses/Apache-2.0'.
-
-Files: Makefile.freebsd
-Copyright: The containerd Authors.
-License: Apache-2.0
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
- .
- http://www.apache.org/licenses/LICENSE-2.0
- .
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- .
- freebsd specific settings
- .
- On Debian systems, the complete text of the Apache License Version 2.0
- can be found in `/usr/share/common-licenses/Apache-2.0'.
-
-Files: vendor/github.com/golang/groupcache/lru/lru.go
-Copyright: 2013 Google Inc.
-License: Apache-2.0
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
- .
- http://www.apache.org/licenses/LICENSE-2.0
- .
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- .
- Package lru implements an LRU cache.
- .
- On Debian systems, the complete text of the Apache License Version 2.0
- can be found in `/usr/share/common-licenses/Apache-2.0'.
-
-Files: vendor/k8s.io/client-go/pkg/version/def.bzl
-Copyright: 2017 The Kubernetes Authors.
-License: Apache-2.0
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
- .
- http://www.apache.org/licenses/LICENSE-2.0
- .
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- .
- Implements hack/lib/version.sh's kube::version::ldflags() for Bazel.
- .
- On Debian systems, the complete text of the Apache License Version 2.0
- can be found in `/usr/share/common-licenses/Apache-2.0'.
-
-Files: vendor/github.com/go-logr/logr/logr.go
-Copyright: 2019 The logr Authors.
-License: Apache-2.0
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
- .
- http://www.apache.org/licenses/LICENSE-2.0
- .
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- .
- Package logr defines abstract interfaces for logging. Packages can depend on
- these interfaces and callers can implement logging in whatever way is
- appropriate.
- .
- This design derives from Dave Cheney's blog:
- http://dave.cheney.net/2015/11/05/lets-talk-about-logging
- .
- This is a BETA grade API. Until there is a significant 2nd implementation,
- I don't really know how it will change.
- .
- The logging specifically makes it non-trivial to use format strings, to encourage
- attaching structured information instead of unstructured format strings.
- .
- Usage
- .
- Logging is done using a Logger. Loggers can have name prefixes and named
- values attached, so that all log messages logged with that Logger have some
- base context associated.
- .
- The term "key" is used to refer to the name associated with a particular
- value, to disambiguate it from the general Logger name.
- .
- For instance, suppose we're trying to reconcile the state of an object, and
- we want to log that we've made some decision.
- .
- With the traditional log package, we might write:
- log.Printf(
- "decided to set field foo to value %q for object %s/%s",
- targetValue, object.Namespace, object.Name)
- .
- With logr's structured logging, we'd write:
- // elsewhere in the file, set up the logger to log with the prefix of "reconcilers",
- .
- On Debian systems, the complete text of the Apache License Version 2.0
- can be found in `/usr/share/common-licenses/Apache-2.0'.
-
-Files: vendor/k8s.io/apimachinery/pkg/api/errors/doc.go
-Copyright: 2014 The Kubernetes Authors.
-License: Apache-2.0
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
- .
- http://www.apache.org/licenses/LICENSE-2.0
- .
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- .
- Package errors provides detailed error types for api field validation.
- .
- On Debian systems, the complete text of the Apache License Version 2.0
- can be found in `/usr/share/common-licenses/Apache-2.0'.
-
-Files: vendor/github.com/prometheus/procfs/cpuinfo_x86.go
-Copyright: 2020 The Prometheus Authors
-License: Apache-2.0
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
- .
- http://www.apache.org/licenses/LICENSE-2.0
- .
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- .
- +build linux
- +build 386 amd64
- .
- On Debian systems, the complete text of the Apache License Version 2.0
- can be found in `/usr/share/common-licenses/Apache-2.0'.
-
-Files: vendor/k8s.io/apimachinery/pkg/watch/doc.go
-Copyright: 2014 The Kubernetes Authors.
-License: Apache-2.0
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
- .
- http://www.apache.org/licenses/LICENSE-2.0
- .
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- .
- Package watch contains a generic watchable interface, and a fake for
- testing code that uses the watch interface.
- .
- On Debian systems, the complete text of the Apache License Version 2.0
- can be found in `/usr/share/common-licenses/Apache-2.0'.
-
-Files: errdefs/errors.go
-Copyright: The containerd Authors.
-License: Apache-2.0
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
- .
- http://www.apache.org/licenses/LICENSE-2.0
- .
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- .
- Package errdefs defines the common errors used throughout containerd
- packages.
- .
- Use with errors.Wrap and error.Wrapf to add context to an error.
- .
- To detect an error class, use the IsXXX functions to tell whether an error
- is of a certain type.
- .
- The functions ToGRPC and FromGRPC can be used to map server-side and
- client-side errors to the correct types.
- .
- On Debian systems, the complete text of the Apache License Version 2.0
- can be found in `/usr/share/common-licenses/Apache-2.0'.
-
-Files: vendor/k8s.io/client-go/tools/remotecommand/doc.go
-Copyright: 2015 The Kubernetes Authors.
-License: Apache-2.0
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
- .
- http://www.apache.org/licenses/LICENSE-2.0
- .
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- .
- Package remotecommand adds support for executing commands in containers,
- with support for separate stdin, stdout, and stderr streams, as well as
- TTY.
- .
- On Debian systems, the complete text of the Apache License Version 2.0
- can be found in `/usr/share/common-licenses/Apache-2.0'.
-
-Files: vendor/google.golang.org/grpc/grpclog/grpclog.go
-Copyright: 2017 gRPC authors.
-License: Apache-2.0
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
- .
- http://www.apache.org/licenses/LICENSE-2.0
- .
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- .
- Package grpclog defines logging for grpc.
- .
- All logs in transport and grpclb packages only go to verbose level 2.
- All logs in other packages in grpc are logged in spite of the verbosity level.
- .
- In the default logger,
- .
- On Debian systems, the complete text of the Apache License Version 2.0
- can be found in `/usr/share/common-licenses/Apache-2.0'.
-
-Files: metadata/buckets.go
-Copyright: The containerd Authors.
-License: Apache-2.0
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
- .
- http://www.apache.org/licenses/LICENSE-2.0
- .
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
- .
- Package metadata stores all labels and object specific metadata by namespace.
- This package also contains the main garbage collection logic for cleaning up
- resources consistently and atomically. Resources used by backends will be
- tracked in the metadata store to be exposed to consumers of this package.
- .
- The layout where a "/" delineates a bucket is described in the following
- section. Please try to follow this as closely as possible when adding
- functionality. We can bolster this with helpers and more structure if that
- becomes an issue.
- .
- Generically, we try to do the following:
- .
- //]