From ef0702237b6a057b9e72c259755f52cc1e20e028 Mon Sep 17 00:00:00 2001 From: luoyaoming Date: Wed, 24 Apr 2024 09:25:18 +0800 Subject: [PATCH] changed debian/source/format to native --- ...isable-windows-support-in-ctr-metric.patch | 99 ---------- ...-disable-runhcs-option-in-cri-config.patch | 30 --- ...-on-google.golang.org-protobuf-proto.patch | 159 ---------------- .../0004-Disable-otelgrpc-telemetry.patch | 56 ------ ...ure.NewCredentials-instead-of-grpc.W.patch | 155 ---------------- .../patches/0006-Fix-build-with-gccgo.patch | 174 ------------------ ...integration-test-on-cgroupsv2-system.patch | 39 ---- ...cific-CNI-bin-dir-to-ctr-run-command.patch | 22 --- ...009-seccomp-apparmor-add-go-noinline.patch | 54 ------ ...-user-can-adjust-oom-scroe-when-init.patch | 23 --- debian/patches/series | 10 - debian/source/format | 2 +- 12 files changed, 1 insertion(+), 822 deletions(-) delete mode 100644 debian/patches/0001-disable-windows-support-in-ctr-metric.patch delete mode 100644 debian/patches/0002-disable-runhcs-option-in-cri-config.patch delete mode 100644 debian/patches/0003-Remove-depends-on-google.golang.org-protobuf-proto.patch delete mode 100644 debian/patches/0004-Disable-otelgrpc-telemetry.patch delete mode 100644 debian/patches/0005-Revert-Use-insecure.NewCredentials-instead-of-grpc.W.patch delete mode 100644 debian/patches/0006-Fix-build-with-gccgo.patch delete mode 100644 debian/patches/0007-cri-fix-integration-test-on-cgroupsv2-system.patch delete mode 100644 debian/patches/0008-Add-Debian-specific-CNI-bin-dir-to-ctr-run-command.patch delete mode 100644 debian/patches/0009-seccomp-apparmor-add-go-noinline.patch delete mode 100644 debian/patches/0010-sys-unprivileged-user-can-adjust-oom-scroe-when-init.patch delete mode 100644 debian/patches/series diff --git a/debian/patches/0001-disable-windows-support-in-ctr-metric.patch b/debian/patches/0001-disable-windows-support-in-ctr-metric.patch deleted file mode 100644 index 036ef04..0000000 --- a/debian/patches/0001-disable-windows-support-in-ctr-metric.patch +++ /dev/null @@ -1,99 +0,0 @@ -From: Shengjing Zhu -Date: Wed, 16 Sep 2020 15:15:44 +0800 -Subject: disable windows support in ctr metric - -Forwarded: not-needed ---- - cmd/ctr/commands/tasks/metrics.go | 55 --------------------------------------- - 1 file changed, 55 deletions(-) - -diff --git a/cmd/ctr/commands/tasks/metrics.go b/cmd/ctr/commands/tasks/metrics.go -index b2c18f2..c0214f4 100644 ---- a/cmd/ctr/commands/tasks/metrics.go -+++ b/cmd/ctr/commands/tasks/metrics.go -@@ -23,7 +23,6 @@ import ( - "os" - "text/tabwriter" - -- wstats "github.com/Microsoft/hcsshim/cmd/containerd-shim-runhcs-v1/stats" - v1 "github.com/containerd/cgroups/stats/v1" - v2 "github.com/containerd/cgroups/v2/stats" - "github.com/containerd/containerd/cmd/ctr/commands" -@@ -80,15 +79,12 @@ var metricsCommand = cli.Command{ - var ( - data *v1.Metrics - data2 *v2.Metrics -- windowsStats *wstats.Statistics - ) - switch v := anydata.(type) { - case *v1.Metrics: - data = v - case *v2.Metrics: - data2 = v -- case *wstats.Statistics: -- windowsStats = v - default: - return errors.New("cannot convert metric data to cgroups.Metrics or windows.Statistics") - } -@@ -102,16 +98,6 @@ var metricsCommand = cli.Command{ - printCgroupMetricsTable(w, data) - } else if data2 != nil { - printCgroup2MetricsTable(w, data2) -- } else { -- if windowsStats.GetLinux() != nil { -- printCgroupMetricsTable(w, windowsStats.GetLinux()) -- } else if windowsStats.GetWindows() != nil { -- printWindowsContainerStatistics(w, windowsStats.GetWindows()) -- } -- // Print VM stats if its isolated -- if windowsStats.VM != nil { -- printWindowsVMStatistics(w, windowsStats.VM) -- } - } - return w.Flush() - case formatJSON: -@@ -165,44 +151,3 @@ func printCgroup2MetricsTable(w *tabwriter.Writer, data *v2.Metrics) { - fmt.Fprintf(w, "memory.swap_limit\t%v\t\n", data.Memory.SwapLimit) - } - } -- --func printWindowsContainerStatistics(w *tabwriter.Writer, stats *wstats.WindowsContainerStatistics) { -- fmt.Fprintf(w, "METRIC\tVALUE\t\n") -- fmt.Fprintf(w, "timestamp\t%s\t\n", stats.Timestamp) -- fmt.Fprintf(w, "start_time\t%s\t\n", stats.ContainerStartTime) -- fmt.Fprintf(w, "uptime_ns\t%d\t\n", stats.UptimeNS) -- if stats.Processor != nil { -- fmt.Fprintf(w, "cpu.total_runtime_ns\t%d\t\n", stats.Processor.TotalRuntimeNS) -- fmt.Fprintf(w, "cpu.runtime_user_ns\t%d\t\n", stats.Processor.RuntimeUserNS) -- fmt.Fprintf(w, "cpu.runtime_kernel_ns\t%d\t\n", stats.Processor.RuntimeKernelNS) -- } -- if stats.Memory != nil { -- fmt.Fprintf(w, "memory.commit_bytes\t%d\t\n", stats.Memory.MemoryUsageCommitBytes) -- fmt.Fprintf(w, "memory.commit_peak_bytes\t%d\t\n", stats.Memory.MemoryUsageCommitPeakBytes) -- fmt.Fprintf(w, "memory.private_working_set_bytes\t%d\t\n", stats.Memory.MemoryUsagePrivateWorkingSetBytes) -- } -- if stats.Storage != nil { -- fmt.Fprintf(w, "storage.read_count_normalized\t%d\t\n", stats.Storage.ReadCountNormalized) -- fmt.Fprintf(w, "storage.read_size_bytes\t%d\t\n", stats.Storage.ReadSizeBytes) -- fmt.Fprintf(w, "storage.write_count_normalized\t%d\t\n", stats.Storage.WriteCountNormalized) -- fmt.Fprintf(w, "storage.write_size_bytes\t%d\t\n", stats.Storage.WriteSizeBytes) -- } --} -- --func printWindowsVMStatistics(w *tabwriter.Writer, stats *wstats.VirtualMachineStatistics) { -- fmt.Fprintf(w, "METRIC\tVALUE\t\n") -- if stats.Processor != nil { -- fmt.Fprintf(w, "vm.cpu.total_runtime_ns\t%d\t\n", stats.Processor.TotalRuntimeNS) -- } -- if stats.Memory != nil { -- fmt.Fprintf(w, "vm.memory.working_set_bytes\t%d\t\n", stats.Memory.WorkingSetBytes) -- fmt.Fprintf(w, "vm.memory.virtual_node_count\t%d\t\n", stats.Memory.VirtualNodeCount) -- fmt.Fprintf(w, "vm.memory.available\t%d\t\n", stats.Memory.VmMemory.AvailableMemory) -- fmt.Fprintf(w, "vm.memory.available_buffer\t%d\t\n", stats.Memory.VmMemory.AvailableMemoryBuffer) -- fmt.Fprintf(w, "vm.memory.reserved\t%d\t\n", stats.Memory.VmMemory.ReservedMemory) -- fmt.Fprintf(w, "vm.memory.assigned\t%d\t\n", stats.Memory.VmMemory.AssignedMemory) -- fmt.Fprintf(w, "vm.memory.slp_active\t%t\t\n", stats.Memory.VmMemory.SlpActive) -- fmt.Fprintf(w, "vm.memory.balancing_enabled\t%t\t\n", stats.Memory.VmMemory.BalancingEnabled) -- fmt.Fprintf(w, "vm.memory.dm_operation_in_progress\t%t\t\n", stats.Memory.VmMemory.DmOperationInProgress) -- } --} diff --git a/debian/patches/0002-disable-runhcs-option-in-cri-config.patch b/debian/patches/0002-disable-runhcs-option-in-cri-config.patch deleted file mode 100644 index 305204c..0000000 --- a/debian/patches/0002-disable-runhcs-option-in-cri-config.patch +++ /dev/null @@ -1,30 +0,0 @@ -From: Shengjing Zhu -Date: Sat, 23 Jan 2021 00:42:41 +0800 -Subject: disable runhcs option in cri config - -Forwarded: not-needed ---- - pkg/cri/server/helpers.go | 3 --- - 1 file changed, 3 deletions(-) - -diff --git a/pkg/cri/server/helpers.go b/pkg/cri/server/helpers.go -index 9ee88a6..a94315a 100644 ---- a/pkg/cri/server/helpers.go -+++ b/pkg/cri/server/helpers.go -@@ -40,7 +40,6 @@ import ( - runtimespec "github.com/opencontainers/runtime-spec/specs-go" - "github.com/sirupsen/logrus" - -- runhcsoptions "github.com/Microsoft/hcsshim/cmd/containerd-shim-runhcs-v1/options" - imagedigest "github.com/opencontainers/go-digest" - "github.com/pelletier/go-toml" - "golang.org/x/net/context" -@@ -366,8 +365,6 @@ func getRuntimeOptionsType(t string) interface{} { - return &runcoptions.Options{} - case plugin.RuntimeLinuxV1: - return &runctypes.RuncOptions{} -- case runtimeRunhcsV1: -- return &runhcsoptions.Options{} - default: - return &runtimeoptions.Options{} - } diff --git a/debian/patches/0003-Remove-depends-on-google.golang.org-protobuf-proto.patch b/debian/patches/0003-Remove-depends-on-google.golang.org-protobuf-proto.patch deleted file mode 100644 index d81c590..0000000 --- a/debian/patches/0003-Remove-depends-on-google.golang.org-protobuf-proto.patch +++ /dev/null @@ -1,159 +0,0 @@ -From: Shengjing Zhu -Date: Fri, 16 Dec 2022 02:34:18 +0800 -Subject: Remove depends on google.golang.org/protobuf/proto - -Forwarded: not-needed ---- - .../container_update_resources_linux_test.go | 61 +++++++++++----------- - 1 file changed, 31 insertions(+), 30 deletions(-) - -diff --git a/pkg/cri/server/container_update_resources_linux_test.go b/pkg/cri/server/container_update_resources_linux_test.go -index 33a6acf..8466b00 100644 ---- a/pkg/cri/server/container_update_resources_linux_test.go -+++ b/pkg/cri/server/container_update_resources_linux_test.go -@@ -22,7 +22,6 @@ import ( - - runtimespec "github.com/opencontainers/runtime-spec/specs-go" - "github.com/stretchr/testify/assert" -- "google.golang.org/protobuf/proto" - runtime "k8s.io/cri-api/pkg/apis/runtime/v1" - - criconfig "github.com/containerd/containerd/pkg/cri/config" -@@ -30,6 +29,8 @@ import ( - ) - - func TestUpdateOCILinuxResource(t *testing.T) { -+ newI64 := func(i int64) *int64 { return &i } -+ newU64 := func(i uint64) *uint64 { return &i } - oomscoreadj := new(int) - *oomscoreadj = -500 - expectedSwap := func(swap int64) *int64 { -@@ -49,11 +50,11 @@ func TestUpdateOCILinuxResource(t *testing.T) { - Process: &runtimespec.Process{OOMScoreAdj: oomscoreadj}, - Linux: &runtimespec.Linux{ - Resources: &runtimespec.LinuxResources{ -- Memory: &runtimespec.LinuxMemory{Limit: proto.Int64(12345)}, -+ Memory: &runtimespec.LinuxMemory{Limit: newI64(12345)}, - CPU: &runtimespec.LinuxCPU{ -- Shares: proto.Uint64(1111), -- Quota: proto.Int64(2222), -- Period: proto.Uint64(3333), -+ Shares: newU64(1111), -+ Quota: newI64(2222), -+ Period: newU64(3333), - Cpus: "0-1", - Mems: "2-3", - }, -@@ -78,13 +79,13 @@ func TestUpdateOCILinuxResource(t *testing.T) { - Linux: &runtimespec.Linux{ - Resources: &runtimespec.LinuxResources{ - Memory: &runtimespec.LinuxMemory{ -- Limit: proto.Int64(54321), -+ Limit: newI64(54321), - Swap: expectedSwap(54321), - }, - CPU: &runtimespec.LinuxCPU{ -- Shares: proto.Uint64(4444), -- Quota: proto.Int64(5555), -- Period: proto.Uint64(6666), -+ Shares: newU64(4444), -+ Quota: newI64(5555), -+ Period: newU64(6666), - Cpus: "4-5", - Mems: "6-7", - }, -@@ -98,11 +99,11 @@ func TestUpdateOCILinuxResource(t *testing.T) { - Process: &runtimespec.Process{OOMScoreAdj: oomscoreadj}, - Linux: &runtimespec.Linux{ - Resources: &runtimespec.LinuxResources{ -- Memory: &runtimespec.LinuxMemory{Limit: proto.Int64(12345)}, -+ Memory: &runtimespec.LinuxMemory{Limit: newI64(12345)}, - CPU: &runtimespec.LinuxCPU{ -- Shares: proto.Uint64(1111), -- Quota: proto.Int64(2222), -- Period: proto.Uint64(3333), -+ Shares: newU64(1111), -+ Quota: newI64(2222), -+ Period: newU64(3333), - Cpus: "0-1", - Mems: "2-3", - }, -@@ -124,13 +125,13 @@ func TestUpdateOCILinuxResource(t *testing.T) { - Linux: &runtimespec.Linux{ - Resources: &runtimespec.LinuxResources{ - Memory: &runtimespec.LinuxMemory{ -- Limit: proto.Int64(54321), -+ Limit: newI64(54321), - Swap: expectedSwap(54321), - }, - CPU: &runtimespec.LinuxCPU{ -- Shares: proto.Uint64(4444), -- Quota: proto.Int64(5555), -- Period: proto.Uint64(3333), -+ Shares: newU64(4444), -+ Quota: newI64(5555), -+ Period: newU64(3333), - Cpus: "0-1", - Mems: "6-7", - }, -@@ -144,7 +145,7 @@ func TestUpdateOCILinuxResource(t *testing.T) { - Process: &runtimespec.Process{OOMScoreAdj: oomscoreadj}, - Linux: &runtimespec.Linux{ - Resources: &runtimespec.LinuxResources{ -- Memory: &runtimespec.LinuxMemory{Limit: proto.Int64(12345)}, -+ Memory: &runtimespec.LinuxMemory{Limit: newI64(12345)}, - }, - }, - }, -@@ -165,13 +166,13 @@ func TestUpdateOCILinuxResource(t *testing.T) { - Linux: &runtimespec.Linux{ - Resources: &runtimespec.LinuxResources{ - Memory: &runtimespec.LinuxMemory{ -- Limit: proto.Int64(54321), -+ Limit: newI64(54321), - Swap: expectedSwap(54321), - }, - CPU: &runtimespec.LinuxCPU{ -- Shares: proto.Uint64(4444), -- Quota: proto.Int64(5555), -- Period: proto.Uint64(6666), -+ Shares: newU64(4444), -+ Quota: newI64(5555), -+ Period: newU64(6666), - Cpus: "4-5", - Mems: "6-7", - }, -@@ -185,11 +186,11 @@ func TestUpdateOCILinuxResource(t *testing.T) { - Process: &runtimespec.Process{OOMScoreAdj: oomscoreadj}, - Linux: &runtimespec.Linux{ - Resources: &runtimespec.LinuxResources{ -- Memory: &runtimespec.LinuxMemory{Limit: proto.Int64(12345)}, -+ Memory: &runtimespec.LinuxMemory{Limit: newI64(12345)}, - CPU: &runtimespec.LinuxCPU{ -- Shares: proto.Uint64(1111), -- Quota: proto.Int64(2222), -- Period: proto.Uint64(3333), -+ Shares: newU64(1111), -+ Quota: newI64(2222), -+ Period: newU64(3333), - Cpus: "0-1", - Mems: "2-3", - }, -@@ -214,13 +215,13 @@ func TestUpdateOCILinuxResource(t *testing.T) { - Linux: &runtimespec.Linux{ - Resources: &runtimespec.LinuxResources{ - Memory: &runtimespec.LinuxMemory{ -- Limit: proto.Int64(54321), -+ Limit: newI64(54321), - Swap: expectedSwap(54321), - }, - CPU: &runtimespec.LinuxCPU{ -- Shares: proto.Uint64(4444), -- Quota: proto.Int64(5555), -- Period: proto.Uint64(6666), -+ Shares: newU64(4444), -+ Quota: newI64(5555), -+ Period: newU64(6666), - Cpus: "4-5", - Mems: "6-7", - }, diff --git a/debian/patches/0004-Disable-otelgrpc-telemetry.patch b/debian/patches/0004-Disable-otelgrpc-telemetry.patch deleted file mode 100644 index a1cd53d..0000000 --- a/debian/patches/0004-Disable-otelgrpc-telemetry.patch +++ /dev/null @@ -1,56 +0,0 @@ -From: Shengjing Zhu -Date: Mon, 21 Feb 2022 00:53:36 +0800 -Subject: Disable opentelemetry - -go.opentelemetry.io/contrib is not packaged. - -Forwarded: not-needed ---- - cmd/containerd/builtins.go | 1 - - services/server/server.go | 14 ++------------ - 2 files changed, 2 insertions(+), 13 deletions(-) - -diff --git a/cmd/containerd/builtins.go b/cmd/containerd/builtins.go -index 8c6f1fe..dd8b1d3 100644 ---- a/cmd/containerd/builtins.go -+++ b/cmd/containerd/builtins.go -@@ -36,5 +36,4 @@ import ( - _ "github.com/containerd/containerd/services/snapshots" - _ "github.com/containerd/containerd/services/tasks" - _ "github.com/containerd/containerd/services/version" -- _ "github.com/containerd/containerd/tracing/plugin" - ) -diff --git a/services/server/server.go b/services/server/server.go -index 857cc9c..b6ea8cf 100644 ---- a/services/server/server.go -+++ b/services/server/server.go -@@ -53,10 +53,8 @@ import ( - "github.com/containerd/containerd/sys" - "github.com/containerd/ttrpc" - metrics "github.com/docker/go-metrics" -- grpc_middleware "github.com/grpc-ecosystem/go-grpc-middleware" - grpc_prometheus "github.com/grpc-ecosystem/go-grpc-prometheus" - bolt "go.etcd.io/bbolt" -- "go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc" - "google.golang.org/grpc" - "google.golang.org/grpc/backoff" - "google.golang.org/grpc/credentials" -@@ -131,16 +129,8 @@ func New(ctx context.Context, config *srvconfig.Config) (*Server, error) { - } - - serverOpts := []grpc.ServerOption{ -- grpc.StreamInterceptor(grpc_middleware.ChainStreamServer( -- otelgrpc.StreamServerInterceptor(), -- grpc.StreamServerInterceptor(grpc_prometheus.StreamServerInterceptor), -- streamNamespaceInterceptor, -- )), -- grpc.UnaryInterceptor(grpc_middleware.ChainUnaryServer( -- otelgrpc.UnaryServerInterceptor(), -- grpc.UnaryServerInterceptor(grpc_prometheus.UnaryServerInterceptor), -- unaryNamespaceInterceptor, -- )), -+ grpc.UnaryInterceptor(grpc_prometheus.UnaryServerInterceptor), -+ grpc.StreamInterceptor(grpc_prometheus.StreamServerInterceptor), - } - if config.GRPC.MaxRecvMsgSize > 0 { - serverOpts = append(serverOpts, grpc.MaxRecvMsgSize(config.GRPC.MaxRecvMsgSize)) diff --git a/debian/patches/0005-Revert-Use-insecure.NewCredentials-instead-of-grpc.W.patch b/debian/patches/0005-Revert-Use-insecure.NewCredentials-instead-of-grpc.W.patch deleted file mode 100644 index c725d98..0000000 --- a/debian/patches/0005-Revert-Use-insecure.NewCredentials-instead-of-grpc.W.patch +++ /dev/null @@ -1,155 +0,0 @@ -From: Shengjing Zhu -Date: Mon, 21 Feb 2022 00:50:59 +0800 -Subject: Revert "Use insecure.NewCredentials instead of grpc.WithInsecure" - -This reverts commit 2ee3ce510cf26d5eb400fac118aeeec5c20ed83f. - -Need golang-google-grpc-dev v1.34.0 - -Forwarded: not-needed ---- - client.go | 3 +-- - cmd/containerd/command/publish.go | 3 +-- - integration/main_test.go | 6 +----- - integration/remote/remote_image.go | 7 +------ - integration/remote/remote_runtime.go | 7 +------ - services/server/server.go | 3 +-- - 6 files changed, 6 insertions(+), 23 deletions(-) - -diff --git a/client.go b/client.go -index 1c2202e..86fa787 100644 ---- a/client.go -+++ b/client.go -@@ -64,7 +64,6 @@ import ( - "golang.org/x/sync/semaphore" - "google.golang.org/grpc" - "google.golang.org/grpc/backoff" -- "google.golang.org/grpc/credentials/insecure" - "google.golang.org/grpc/health/grpc_health_v1" - ) - -@@ -118,7 +117,7 @@ func New(address string, opts ...ClientOpt) (*Client, error) { - } - gopts := []grpc.DialOption{ - grpc.WithBlock(), -- grpc.WithTransportCredentials(insecure.NewCredentials()), -+ grpc.WithInsecure(), - grpc.FailOnNonTempDialError(true), - grpc.WithConnectParams(connParams), - grpc.WithContextDialer(dialer.ContextDialer), -diff --git a/cmd/containerd/command/publish.go b/cmd/containerd/command/publish.go -index b18f19f..e138ed4 100644 ---- a/cmd/containerd/command/publish.go -+++ b/cmd/containerd/command/publish.go -@@ -32,7 +32,6 @@ import ( - "github.com/urfave/cli" - "google.golang.org/grpc" - "google.golang.org/grpc/backoff" -- "google.golang.org/grpc/credentials/insecure" - ) - - var publishCommand = cli.Command{ -@@ -100,7 +99,7 @@ func connect(address string, d func(gocontext.Context, string) (net.Conn, error) - } - gopts := []grpc.DialOption{ - grpc.WithBlock(), -- grpc.WithTransportCredentials(insecure.NewCredentials()), -+ grpc.WithInsecure(), - grpc.WithContextDialer(d), - grpc.FailOnNonTempDialError(true), - grpc.WithConnectParams(connParams), -diff --git a/integration/main_test.go b/integration/main_test.go -index a62687c..fb8556e 100644 ---- a/integration/main_test.go -+++ b/integration/main_test.go -@@ -47,7 +47,6 @@ import ( - "github.com/stretchr/testify/require" - exec "golang.org/x/sys/execabs" - "google.golang.org/grpc" -- "google.golang.org/grpc/credentials/insecure" - runtime "k8s.io/cri-api/pkg/apis/runtime/v1" - ) - -@@ -507,10 +506,7 @@ func RawRuntimeClient() (runtime.RuntimeServiceClient, error) { - } - ctx, cancel := context.WithTimeout(context.Background(), timeout) - defer cancel() -- conn, err := grpc.DialContext(ctx, addr, -- grpc.WithTransportCredentials(insecure.NewCredentials()), -- grpc.WithContextDialer(dialer), -- ) -+ conn, err := grpc.DialContext(ctx, addr, grpc.WithInsecure(), grpc.WithContextDialer(dialer)) - if err != nil { - return nil, fmt.Errorf("failed to connect cri endpoint: %w", err) - } -diff --git a/integration/remote/remote_image.go b/integration/remote/remote_image.go -index 16088a9..a722d41 100644 ---- a/integration/remote/remote_image.go -+++ b/integration/remote/remote_image.go -@@ -39,7 +39,6 @@ import ( - "time" - - "google.golang.org/grpc" -- "google.golang.org/grpc/credentials/insecure" - "k8s.io/klog/v2" - - internalapi "github.com/containerd/containerd/integration/cri-api/pkg/apis" -@@ -65,11 +64,7 @@ func NewImageService(endpoint string, connectionTimeout time.Duration) (internal - ctx, cancel := context.WithTimeout(context.Background(), connectionTimeout) - defer cancel() - -- conn, err := grpc.DialContext(ctx, addr, -- grpc.WithTransportCredentials(insecure.NewCredentials()), -- grpc.WithContextDialer(dialer), -- grpc.WithDefaultCallOptions(grpc.MaxCallRecvMsgSize(maxMsgSize)), -- ) -+ conn, err := grpc.DialContext(ctx, addr, grpc.WithInsecure(), grpc.WithContextDialer(dialer), grpc.WithDefaultCallOptions(grpc.MaxCallRecvMsgSize(maxMsgSize))) - if err != nil { - klog.Errorf("Connect remote image service %s failed: %v", addr, err) - return nil, err -diff --git a/integration/remote/remote_runtime.go b/integration/remote/remote_runtime.go -index b172b94..d9bd813 100644 ---- a/integration/remote/remote_runtime.go -+++ b/integration/remote/remote_runtime.go -@@ -40,7 +40,6 @@ import ( - "time" - - "google.golang.org/grpc" -- "google.golang.org/grpc/credentials/insecure" - "k8s.io/klog/v2" - - internalapi "github.com/containerd/containerd/integration/cri-api/pkg/apis" -@@ -74,11 +73,7 @@ func NewRuntimeService(endpoint string, connectionTimeout time.Duration) (intern - ctx, cancel := context.WithTimeout(context.Background(), connectionTimeout) - defer cancel() - -- conn, err := grpc.DialContext(ctx, addr, -- grpc.WithTransportCredentials(insecure.NewCredentials()), -- grpc.WithContextDialer(dialer), -- grpc.WithDefaultCallOptions(grpc.MaxCallRecvMsgSize(maxMsgSize)), -- ) -+ conn, err := grpc.DialContext(ctx, addr, grpc.WithInsecure(), grpc.WithContextDialer(dialer), grpc.WithDefaultCallOptions(grpc.MaxCallRecvMsgSize(maxMsgSize))) - if err != nil { - klog.Errorf("Connect remote runtime %s failed: %v", addr, err) - return nil, err -diff --git a/services/server/server.go b/services/server/server.go -index b6ea8cf..614591f 100644 ---- a/services/server/server.go -+++ b/services/server/server.go -@@ -58,7 +58,6 @@ import ( - "google.golang.org/grpc" - "google.golang.org/grpc/backoff" - "google.golang.org/grpc/credentials" -- "google.golang.org/grpc/credentials/insecure" - ) - - const ( -@@ -540,7 +539,7 @@ func (pc *proxyClients) getClient(address string) (*grpc.ClientConn, error) { - Backoff: backoffConfig, - } - gopts := []grpc.DialOption{ -- grpc.WithTransportCredentials(insecure.NewCredentials()), -+ grpc.WithInsecure(), - grpc.WithConnectParams(connParams), - grpc.WithContextDialer(dialer.ContextDialer), - diff --git a/debian/patches/0006-Fix-build-with-gccgo.patch b/debian/patches/0006-Fix-build-with-gccgo.patch deleted file mode 100644 index 9493107..0000000 --- a/debian/patches/0006-Fix-build-with-gccgo.patch +++ /dev/null @@ -1,174 +0,0 @@ -From: Shengjing Zhu -Date: Tue, 22 Feb 2022 01:57:23 +0800 -Subject: Fix build with gccgo - -Origin: backport, https://github.com/containerd/containerd/commit/d28981d4 ---- - mount/subprocess_unsafe.s | 15 +++++++++++++++ - mount/subprocess_unsafe_gc.go | 33 +++++++++++++++++++++++++++++++++ - mount/subprocess_unsafe_gccgo.go | 33 +++++++++++++++++++++++++++++++++ - mount/subprocess_unsafe_linux.go | 30 ------------------------------ - mount/subprocess_unsafe_linux.s | 15 --------------- - 5 files changed, 81 insertions(+), 45 deletions(-) - create mode 100644 mount/subprocess_unsafe.s - create mode 100644 mount/subprocess_unsafe_gc.go - create mode 100644 mount/subprocess_unsafe_gccgo.go - delete mode 100644 mount/subprocess_unsafe_linux.go - delete mode 100644 mount/subprocess_unsafe_linux.s - -diff --git a/mount/subprocess_unsafe.s b/mount/subprocess_unsafe.s -new file mode 100644 -index 0000000..c073fa4 ---- /dev/null -+++ b/mount/subprocess_unsafe.s -@@ -0,0 +1,15 @@ -+/* -+ Copyright The containerd Authors. -+ -+ Licensed under the Apache License, Version 2.0 (the "License"); -+ you may not use this file except in compliance with the License. -+ You may obtain a copy of the License at -+ -+ http://www.apache.org/licenses/LICENSE-2.0 -+ -+ Unless required by applicable law or agreed to in writing, software -+ distributed under the License is distributed on an "AS IS" BASIS, -+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+ See the License for the specific language governing permissions and -+ limitations under the License. -+*/ -diff --git a/mount/subprocess_unsafe_gc.go b/mount/subprocess_unsafe_gc.go -new file mode 100644 -index 0000000..695280a ---- /dev/null -+++ b/mount/subprocess_unsafe_gc.go -@@ -0,0 +1,33 @@ -+//go:build linux && gc -+// +build linux,gc -+ -+/* -+ Copyright The containerd Authors. -+ -+ Licensed under the Apache License, Version 2.0 (the "License"); -+ you may not use this file except in compliance with the License. -+ You may obtain a copy of the License at -+ -+ http://www.apache.org/licenses/LICENSE-2.0 -+ -+ Unless required by applicable law or agreed to in writing, software -+ distributed under the License is distributed on an "AS IS" BASIS, -+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+ See the License for the specific language governing permissions and -+ limitations under the License. -+*/ -+ -+package mount -+ -+import ( -+ _ "unsafe" // required for go:linkname. -+) -+ -+//go:linkname beforeFork syscall.runtime_BeforeFork -+func beforeFork() -+ -+//go:linkname afterFork syscall.runtime_AfterFork -+func afterFork() -+ -+//go:linkname afterForkInChild syscall.runtime_AfterForkInChild -+func afterForkInChild() -diff --git a/mount/subprocess_unsafe_gccgo.go b/mount/subprocess_unsafe_gccgo.go -new file mode 100644 -index 0000000..72c38e7 ---- /dev/null -+++ b/mount/subprocess_unsafe_gccgo.go -@@ -0,0 +1,33 @@ -+//go:build linux && gccgo -+// +build linux,gccgo -+ -+/* -+ Copyright The containerd Authors. -+ -+ Licensed under the Apache License, Version 2.0 (the "License"); -+ you may not use this file except in compliance with the License. -+ You may obtain a copy of the License at -+ -+ http://www.apache.org/licenses/LICENSE-2.0 -+ -+ Unless required by applicable law or agreed to in writing, software -+ distributed under the License is distributed on an "AS IS" BASIS, -+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -+ See the License for the specific language governing permissions and -+ limitations under the License. -+*/ -+ -+package mount -+ -+import ( -+ _ "unsafe" // required for go:linkname. -+) -+ -+//go:linkname beforeFork syscall.runtime__BeforeFork -+func beforeFork() -+ -+//go:linkname afterFork syscall.runtime__AfterFork -+func afterFork() -+ -+//go:linkname afterForkInChild syscall.runtime__AfterForkInChild -+func afterForkInChild() -diff --git a/mount/subprocess_unsafe_linux.go b/mount/subprocess_unsafe_linux.go -deleted file mode 100644 -index c7cb0c0..0000000 ---- a/mount/subprocess_unsafe_linux.go -+++ /dev/null -@@ -1,30 +0,0 @@ --/* -- Copyright The containerd Authors. -- -- Licensed under the Apache License, Version 2.0 (the "License"); -- you may not use this file except in compliance with the License. -- You may obtain a copy of the License at -- -- http://www.apache.org/licenses/LICENSE-2.0 -- -- Unless required by applicable law or agreed to in writing, software -- distributed under the License is distributed on an "AS IS" BASIS, -- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -- See the License for the specific language governing permissions and -- limitations under the License. --*/ -- --package mount -- --import ( -- _ "unsafe" // required for go:linkname. --) -- --//go:linkname beforeFork syscall.runtime_BeforeFork --func beforeFork() -- --//go:linkname afterFork syscall.runtime_AfterFork --func afterFork() -- --//go:linkname afterForkInChild syscall.runtime_AfterForkInChild --func afterForkInChild() -diff --git a/mount/subprocess_unsafe_linux.s b/mount/subprocess_unsafe_linux.s -deleted file mode 100644 -index c073fa4..0000000 ---- a/mount/subprocess_unsafe_linux.s -+++ /dev/null -@@ -1,15 +0,0 @@ --/* -- Copyright The containerd Authors. -- -- Licensed under the Apache License, Version 2.0 (the "License"); -- you may not use this file except in compliance with the License. -- You may obtain a copy of the License at -- -- http://www.apache.org/licenses/LICENSE-2.0 -- -- Unless required by applicable law or agreed to in writing, software -- distributed under the License is distributed on an "AS IS" BASIS, -- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -- See the License for the specific language governing permissions and -- limitations under the License. --*/ diff --git a/debian/patches/0007-cri-fix-integration-test-on-cgroupsv2-system.patch b/debian/patches/0007-cri-fix-integration-test-on-cgroupsv2-system.patch deleted file mode 100644 index 63f3a96..0000000 --- a/debian/patches/0007-cri-fix-integration-test-on-cgroupsv2-system.patch +++ /dev/null @@ -1,39 +0,0 @@ -From: Shengjing Zhu -Date: Sun, 27 Feb 2022 23:16:03 +0800 -Subject: cri: fix integration test on cgroupsv2 system - -Forwarded: https://github.com/containerd/containerd/pull/6595 ---- - integration/container_update_resources_test.go | 12 ++++-------- - 1 file changed, 4 insertions(+), 8 deletions(-) - -diff --git a/integration/container_update_resources_test.go b/integration/container_update_resources_test.go -index 1d05800..69f6d81 100644 ---- a/integration/container_update_resources_test.go -+++ b/integration/container_update_resources_test.go -@@ -270,11 +270,8 @@ func TestUpdateContainerResources_MemoryLimit(t *testing.T) { - require.NoError(t, err) - - t.Log("Check memory limit in cgroup") -- cgroup, err := cgroups.Load(cgroups.V1, cgroups.PidPath(int(task.Pid()))) -- require.NoError(t, err) -- stat, err := cgroup.Stat(cgroups.IgnoreNotExist) -- require.NoError(t, err) -- assert.Equal(t, uint64(400*1024*1024), stat.Memory.Usage.Limit) -+ memLimit := getCgroupMemoryLimitForTask(t, task) -+ assert.Equal(t, uint64(400*1024*1024), memLimit) - swapLimit := getCgroupSwapLimitForTask(t, task) - assert.Equal(t, uint64(400*1024*1024), swapLimit) - -@@ -291,9 +288,8 @@ func TestUpdateContainerResources_MemoryLimit(t *testing.T) { - checkMemorySwapLimit(t, spec, expectedSwapLimit(800*1024*1024)) - - t.Log("Check memory limit in cgroup") -- stat, err = cgroup.Stat(cgroups.IgnoreNotExist) -- require.NoError(t, err) -- assert.Equal(t, uint64(800*1024*1024), stat.Memory.Usage.Limit) -+ memLimit = getCgroupMemoryLimitForTask(t, task) -+ assert.Equal(t, uint64(800*1024*1024), memLimit) - swapLimit = getCgroupSwapLimitForTask(t, task) - assert.Equal(t, uint64(800*1024*1024), swapLimit) - } diff --git a/debian/patches/0008-Add-Debian-specific-CNI-bin-dir-to-ctr-run-command.patch b/debian/patches/0008-Add-Debian-specific-CNI-bin-dir-to-ctr-run-command.patch deleted file mode 100644 index 9df68cc..0000000 --- a/debian/patches/0008-Add-Debian-specific-CNI-bin-dir-to-ctr-run-command.patch +++ /dev/null @@ -1,22 +0,0 @@ -From: Shengjing Zhu -Date: Tue, 1 Mar 2022 21:38:59 +0800 -Subject: Add Debian specific CNI bin dir to ctr run command - -Forwarded: not-needed ---- - cmd/ctr/commands/run/run.go | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/cmd/ctr/commands/run/run.go b/cmd/ctr/commands/run/run.go -index bf0ebfe..5c2b489 100644 ---- a/cmd/ctr/commands/run/run.go -+++ b/cmd/ctr/commands/run/run.go -@@ -180,7 +180,7 @@ var Command = cli.Command{ - } - var network gocni.CNI - if enableCNI { -- if network, err = gocni.New(gocni.WithDefaultConf); err != nil { -+ if network, err = gocni.New(gocni.WithPluginDir([]string{gocni.DefaultCNIDir, "/usr/lib/cni"}), gocni.WithDefaultConf); err != nil { - return err - } - } diff --git a/debian/patches/0009-seccomp-apparmor-add-go-noinline.patch b/debian/patches/0009-seccomp-apparmor-add-go-noinline.patch deleted file mode 100644 index b14f3fe..0000000 --- a/debian/patches/0009-seccomp-apparmor-add-go-noinline.patch +++ /dev/null @@ -1,54 +0,0 @@ -From: Akihiro Suda -Date: Tue, 15 Aug 2023 04:31:45 +0900 -Subject: seccomp, apparmor: add go:noinline - -Origin: backport, https://github.com/containerd/containerd/commit/0f043ae4 ---- - contrib/apparmor/apparmor.go | 5 +++++ - contrib/seccomp/seccomp.go | 10 ++++++++++ - 2 files changed, 15 insertions(+) - -diff --git a/contrib/apparmor/apparmor.go b/contrib/apparmor/apparmor.go -index be6a49a..52a1056 100644 ---- a/contrib/apparmor/apparmor.go -+++ b/contrib/apparmor/apparmor.go -@@ -40,6 +40,11 @@ func WithProfile(profile string) oci.SpecOpts { - - // WithDefaultProfile will generate a default apparmor profile under the provided name - // for the container. It is only generated if a profile under that name does not exist. -+// -+// FIXME: pkg/cri/[sb]server/container_create_linux_test.go depends on go:noinline -+// since Go 1.21. -+// -+//go:noinline - func WithDefaultProfile(name string) oci.SpecOpts { - return func(_ context.Context, _ oci.Client, _ *containers.Container, s *specs.Spec) error { - if err := LoadDefaultProfile(name); err != nil { -diff --git a/contrib/seccomp/seccomp.go b/contrib/seccomp/seccomp.go -index 5292cbc..becf089 100644 ---- a/contrib/seccomp/seccomp.go -+++ b/contrib/seccomp/seccomp.go -@@ -30,6 +30,11 @@ import ( - // WithProfile receives the name of a file stored on disk comprising a json - // formatted seccomp profile, as specified by the opencontainers/runtime-spec. - // The profile is read from the file, unmarshaled, and set to the spec. -+// -+// FIXME: pkg/cri/[sb]server/container_create_linux_test.go depends on go:noinline -+// since Go 1.21. -+// -+//go:noinline - func WithProfile(profile string) oci.SpecOpts { - return func(_ context.Context, _ oci.Client, _ *containers.Container, s *specs.Spec) error { - s.Linux.Seccomp = &specs.LinuxSeccomp{} -@@ -46,6 +51,11 @@ func WithProfile(profile string) oci.SpecOpts { - - // WithDefaultProfile sets the default seccomp profile to the spec. - // Note: must follow the setting of process capabilities -+// -+// FIXME: pkg/cri/[sb]server/container_create_linux_test.go depends on go:noinline -+// since Go 1.21. -+// -+//go:noinline - func WithDefaultProfile() oci.SpecOpts { - return func(_ context.Context, _ oci.Client, _ *containers.Container, s *specs.Spec) error { - s.Linux.Seccomp = DefaultProfile(s) diff --git a/debian/patches/0010-sys-unprivileged-user-can-adjust-oom-scroe-when-init.patch b/debian/patches/0010-sys-unprivileged-user-can-adjust-oom-scroe-when-init.patch deleted file mode 100644 index 18ed72c..0000000 --- a/debian/patches/0010-sys-unprivileged-user-can-adjust-oom-scroe-when-init.patch +++ /dev/null @@ -1,23 +0,0 @@ -From: Shengjing Zhu -Date: Wed, 23 Aug 2023 14:07:38 +0800 -Subject: sys: unprivileged user can adjust oom scroe when initial is negative - -Forwarded: https://github.com/containerd/containerd/pull/8999 ---- - sys/oom_linux_test.go | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/sys/oom_linux_test.go b/sys/oom_linux_test.go -index 0c8f90b..170aa98 100644 ---- a/sys/oom_linux_test.go -+++ b/sys/oom_linux_test.go -@@ -55,6 +55,9 @@ func TestSetNegativeOomScoreAdjustmentWhenUnprivilegedHasNoEffect(t *testing.T) - - initial, adjustment, err := adjustOom(-123) - assert.NilError(t, err) -+ if initial < 0 { -+ t.Skip("unprivileged user can adjust oom scroe when initial is negative") -+ } - assert.Check(t, is.Equal(adjustment, initial)) - } - diff --git a/debian/patches/series b/debian/patches/series deleted file mode 100644 index 93d05eb..0000000 --- a/debian/patches/series +++ /dev/null @@ -1,10 +0,0 @@ -0001-disable-windows-support-in-ctr-metric.patch -0002-disable-runhcs-option-in-cri-config.patch -0003-Remove-depends-on-google.golang.org-protobuf-proto.patch -0004-Disable-otelgrpc-telemetry.patch -0005-Revert-Use-insecure.NewCredentials-instead-of-grpc.W.patch -0006-Fix-build-with-gccgo.patch -0007-cri-fix-integration-test-on-cgroupsv2-system.patch -0008-Add-Debian-specific-CNI-bin-dir-to-ctr-run-command.patch -0009-seccomp-apparmor-add-go-noinline.patch -0010-sys-unprivileged-user-can-adjust-oom-scroe-when-init.patch diff --git a/debian/source/format b/debian/source/format index 163aaf8..89ae9db 100644 --- a/debian/source/format +++ b/debian/source/format @@ -1 +1 @@ -3.0 (quilt) +3.0 (native)