changed debian/source/format to native
This commit is contained in:
parent
30af5366b8
commit
ef0702237b
|
@ -1,99 +0,0 @@
|
|||
From: Shengjing Zhu <zhsj@debian.org>
|
||||
Date: Wed, 16 Sep 2020 15:15:44 +0800
|
||||
Subject: disable windows support in ctr metric
|
||||
|
||||
Forwarded: not-needed
|
||||
---
|
||||
cmd/ctr/commands/tasks/metrics.go | 55 ---------------------------------------
|
||||
1 file changed, 55 deletions(-)
|
||||
|
||||
diff --git a/cmd/ctr/commands/tasks/metrics.go b/cmd/ctr/commands/tasks/metrics.go
|
||||
index b2c18f2..c0214f4 100644
|
||||
--- a/cmd/ctr/commands/tasks/metrics.go
|
||||
+++ b/cmd/ctr/commands/tasks/metrics.go
|
||||
@@ -23,7 +23,6 @@ import (
|
||||
"os"
|
||||
"text/tabwriter"
|
||||
|
||||
- wstats "github.com/Microsoft/hcsshim/cmd/containerd-shim-runhcs-v1/stats"
|
||||
v1 "github.com/containerd/cgroups/stats/v1"
|
||||
v2 "github.com/containerd/cgroups/v2/stats"
|
||||
"github.com/containerd/containerd/cmd/ctr/commands"
|
||||
@@ -80,15 +79,12 @@ var metricsCommand = cli.Command{
|
||||
var (
|
||||
data *v1.Metrics
|
||||
data2 *v2.Metrics
|
||||
- windowsStats *wstats.Statistics
|
||||
)
|
||||
switch v := anydata.(type) {
|
||||
case *v1.Metrics:
|
||||
data = v
|
||||
case *v2.Metrics:
|
||||
data2 = v
|
||||
- case *wstats.Statistics:
|
||||
- windowsStats = v
|
||||
default:
|
||||
return errors.New("cannot convert metric data to cgroups.Metrics or windows.Statistics")
|
||||
}
|
||||
@@ -102,16 +98,6 @@ var metricsCommand = cli.Command{
|
||||
printCgroupMetricsTable(w, data)
|
||||
} else if data2 != nil {
|
||||
printCgroup2MetricsTable(w, data2)
|
||||
- } else {
|
||||
- if windowsStats.GetLinux() != nil {
|
||||
- printCgroupMetricsTable(w, windowsStats.GetLinux())
|
||||
- } else if windowsStats.GetWindows() != nil {
|
||||
- printWindowsContainerStatistics(w, windowsStats.GetWindows())
|
||||
- }
|
||||
- // Print VM stats if its isolated
|
||||
- if windowsStats.VM != nil {
|
||||
- printWindowsVMStatistics(w, windowsStats.VM)
|
||||
- }
|
||||
}
|
||||
return w.Flush()
|
||||
case formatJSON:
|
||||
@@ -165,44 +151,3 @@ func printCgroup2MetricsTable(w *tabwriter.Writer, data *v2.Metrics) {
|
||||
fmt.Fprintf(w, "memory.swap_limit\t%v\t\n", data.Memory.SwapLimit)
|
||||
}
|
||||
}
|
||||
-
|
||||
-func printWindowsContainerStatistics(w *tabwriter.Writer, stats *wstats.WindowsContainerStatistics) {
|
||||
- fmt.Fprintf(w, "METRIC\tVALUE\t\n")
|
||||
- fmt.Fprintf(w, "timestamp\t%s\t\n", stats.Timestamp)
|
||||
- fmt.Fprintf(w, "start_time\t%s\t\n", stats.ContainerStartTime)
|
||||
- fmt.Fprintf(w, "uptime_ns\t%d\t\n", stats.UptimeNS)
|
||||
- if stats.Processor != nil {
|
||||
- fmt.Fprintf(w, "cpu.total_runtime_ns\t%d\t\n", stats.Processor.TotalRuntimeNS)
|
||||
- fmt.Fprintf(w, "cpu.runtime_user_ns\t%d\t\n", stats.Processor.RuntimeUserNS)
|
||||
- fmt.Fprintf(w, "cpu.runtime_kernel_ns\t%d\t\n", stats.Processor.RuntimeKernelNS)
|
||||
- }
|
||||
- if stats.Memory != nil {
|
||||
- fmt.Fprintf(w, "memory.commit_bytes\t%d\t\n", stats.Memory.MemoryUsageCommitBytes)
|
||||
- fmt.Fprintf(w, "memory.commit_peak_bytes\t%d\t\n", stats.Memory.MemoryUsageCommitPeakBytes)
|
||||
- fmt.Fprintf(w, "memory.private_working_set_bytes\t%d\t\n", stats.Memory.MemoryUsagePrivateWorkingSetBytes)
|
||||
- }
|
||||
- if stats.Storage != nil {
|
||||
- fmt.Fprintf(w, "storage.read_count_normalized\t%d\t\n", stats.Storage.ReadCountNormalized)
|
||||
- fmt.Fprintf(w, "storage.read_size_bytes\t%d\t\n", stats.Storage.ReadSizeBytes)
|
||||
- fmt.Fprintf(w, "storage.write_count_normalized\t%d\t\n", stats.Storage.WriteCountNormalized)
|
||||
- fmt.Fprintf(w, "storage.write_size_bytes\t%d\t\n", stats.Storage.WriteSizeBytes)
|
||||
- }
|
||||
-}
|
||||
-
|
||||
-func printWindowsVMStatistics(w *tabwriter.Writer, stats *wstats.VirtualMachineStatistics) {
|
||||
- fmt.Fprintf(w, "METRIC\tVALUE\t\n")
|
||||
- if stats.Processor != nil {
|
||||
- fmt.Fprintf(w, "vm.cpu.total_runtime_ns\t%d\t\n", stats.Processor.TotalRuntimeNS)
|
||||
- }
|
||||
- if stats.Memory != nil {
|
||||
- fmt.Fprintf(w, "vm.memory.working_set_bytes\t%d\t\n", stats.Memory.WorkingSetBytes)
|
||||
- fmt.Fprintf(w, "vm.memory.virtual_node_count\t%d\t\n", stats.Memory.VirtualNodeCount)
|
||||
- fmt.Fprintf(w, "vm.memory.available\t%d\t\n", stats.Memory.VmMemory.AvailableMemory)
|
||||
- fmt.Fprintf(w, "vm.memory.available_buffer\t%d\t\n", stats.Memory.VmMemory.AvailableMemoryBuffer)
|
||||
- fmt.Fprintf(w, "vm.memory.reserved\t%d\t\n", stats.Memory.VmMemory.ReservedMemory)
|
||||
- fmt.Fprintf(w, "vm.memory.assigned\t%d\t\n", stats.Memory.VmMemory.AssignedMemory)
|
||||
- fmt.Fprintf(w, "vm.memory.slp_active\t%t\t\n", stats.Memory.VmMemory.SlpActive)
|
||||
- fmt.Fprintf(w, "vm.memory.balancing_enabled\t%t\t\n", stats.Memory.VmMemory.BalancingEnabled)
|
||||
- fmt.Fprintf(w, "vm.memory.dm_operation_in_progress\t%t\t\n", stats.Memory.VmMemory.DmOperationInProgress)
|
||||
- }
|
||||
-}
|
|
@ -1,30 +0,0 @@
|
|||
From: Shengjing Zhu <zhsj@debian.org>
|
||||
Date: Sat, 23 Jan 2021 00:42:41 +0800
|
||||
Subject: disable runhcs option in cri config
|
||||
|
||||
Forwarded: not-needed
|
||||
---
|
||||
pkg/cri/server/helpers.go | 3 ---
|
||||
1 file changed, 3 deletions(-)
|
||||
|
||||
diff --git a/pkg/cri/server/helpers.go b/pkg/cri/server/helpers.go
|
||||
index 9ee88a6..a94315a 100644
|
||||
--- a/pkg/cri/server/helpers.go
|
||||
+++ b/pkg/cri/server/helpers.go
|
||||
@@ -40,7 +40,6 @@ import (
|
||||
runtimespec "github.com/opencontainers/runtime-spec/specs-go"
|
||||
"github.com/sirupsen/logrus"
|
||||
|
||||
- runhcsoptions "github.com/Microsoft/hcsshim/cmd/containerd-shim-runhcs-v1/options"
|
||||
imagedigest "github.com/opencontainers/go-digest"
|
||||
"github.com/pelletier/go-toml"
|
||||
"golang.org/x/net/context"
|
||||
@@ -366,8 +365,6 @@ func getRuntimeOptionsType(t string) interface{} {
|
||||
return &runcoptions.Options{}
|
||||
case plugin.RuntimeLinuxV1:
|
||||
return &runctypes.RuncOptions{}
|
||||
- case runtimeRunhcsV1:
|
||||
- return &runhcsoptions.Options{}
|
||||
default:
|
||||
return &runtimeoptions.Options{}
|
||||
}
|
|
@ -1,159 +0,0 @@
|
|||
From: Shengjing Zhu <zhsj@debian.org>
|
||||
Date: Fri, 16 Dec 2022 02:34:18 +0800
|
||||
Subject: Remove depends on google.golang.org/protobuf/proto
|
||||
|
||||
Forwarded: not-needed
|
||||
---
|
||||
.../container_update_resources_linux_test.go | 61 +++++++++++-----------
|
||||
1 file changed, 31 insertions(+), 30 deletions(-)
|
||||
|
||||
diff --git a/pkg/cri/server/container_update_resources_linux_test.go b/pkg/cri/server/container_update_resources_linux_test.go
|
||||
index 33a6acf..8466b00 100644
|
||||
--- a/pkg/cri/server/container_update_resources_linux_test.go
|
||||
+++ b/pkg/cri/server/container_update_resources_linux_test.go
|
||||
@@ -22,7 +22,6 @@ import (
|
||||
|
||||
runtimespec "github.com/opencontainers/runtime-spec/specs-go"
|
||||
"github.com/stretchr/testify/assert"
|
||||
- "google.golang.org/protobuf/proto"
|
||||
runtime "k8s.io/cri-api/pkg/apis/runtime/v1"
|
||||
|
||||
criconfig "github.com/containerd/containerd/pkg/cri/config"
|
||||
@@ -30,6 +29,8 @@ import (
|
||||
)
|
||||
|
||||
func TestUpdateOCILinuxResource(t *testing.T) {
|
||||
+ newI64 := func(i int64) *int64 { return &i }
|
||||
+ newU64 := func(i uint64) *uint64 { return &i }
|
||||
oomscoreadj := new(int)
|
||||
*oomscoreadj = -500
|
||||
expectedSwap := func(swap int64) *int64 {
|
||||
@@ -49,11 +50,11 @@ func TestUpdateOCILinuxResource(t *testing.T) {
|
||||
Process: &runtimespec.Process{OOMScoreAdj: oomscoreadj},
|
||||
Linux: &runtimespec.Linux{
|
||||
Resources: &runtimespec.LinuxResources{
|
||||
- Memory: &runtimespec.LinuxMemory{Limit: proto.Int64(12345)},
|
||||
+ Memory: &runtimespec.LinuxMemory{Limit: newI64(12345)},
|
||||
CPU: &runtimespec.LinuxCPU{
|
||||
- Shares: proto.Uint64(1111),
|
||||
- Quota: proto.Int64(2222),
|
||||
- Period: proto.Uint64(3333),
|
||||
+ Shares: newU64(1111),
|
||||
+ Quota: newI64(2222),
|
||||
+ Period: newU64(3333),
|
||||
Cpus: "0-1",
|
||||
Mems: "2-3",
|
||||
},
|
||||
@@ -78,13 +79,13 @@ func TestUpdateOCILinuxResource(t *testing.T) {
|
||||
Linux: &runtimespec.Linux{
|
||||
Resources: &runtimespec.LinuxResources{
|
||||
Memory: &runtimespec.LinuxMemory{
|
||||
- Limit: proto.Int64(54321),
|
||||
+ Limit: newI64(54321),
|
||||
Swap: expectedSwap(54321),
|
||||
},
|
||||
CPU: &runtimespec.LinuxCPU{
|
||||
- Shares: proto.Uint64(4444),
|
||||
- Quota: proto.Int64(5555),
|
||||
- Period: proto.Uint64(6666),
|
||||
+ Shares: newU64(4444),
|
||||
+ Quota: newI64(5555),
|
||||
+ Period: newU64(6666),
|
||||
Cpus: "4-5",
|
||||
Mems: "6-7",
|
||||
},
|
||||
@@ -98,11 +99,11 @@ func TestUpdateOCILinuxResource(t *testing.T) {
|
||||
Process: &runtimespec.Process{OOMScoreAdj: oomscoreadj},
|
||||
Linux: &runtimespec.Linux{
|
||||
Resources: &runtimespec.LinuxResources{
|
||||
- Memory: &runtimespec.LinuxMemory{Limit: proto.Int64(12345)},
|
||||
+ Memory: &runtimespec.LinuxMemory{Limit: newI64(12345)},
|
||||
CPU: &runtimespec.LinuxCPU{
|
||||
- Shares: proto.Uint64(1111),
|
||||
- Quota: proto.Int64(2222),
|
||||
- Period: proto.Uint64(3333),
|
||||
+ Shares: newU64(1111),
|
||||
+ Quota: newI64(2222),
|
||||
+ Period: newU64(3333),
|
||||
Cpus: "0-1",
|
||||
Mems: "2-3",
|
||||
},
|
||||
@@ -124,13 +125,13 @@ func TestUpdateOCILinuxResource(t *testing.T) {
|
||||
Linux: &runtimespec.Linux{
|
||||
Resources: &runtimespec.LinuxResources{
|
||||
Memory: &runtimespec.LinuxMemory{
|
||||
- Limit: proto.Int64(54321),
|
||||
+ Limit: newI64(54321),
|
||||
Swap: expectedSwap(54321),
|
||||
},
|
||||
CPU: &runtimespec.LinuxCPU{
|
||||
- Shares: proto.Uint64(4444),
|
||||
- Quota: proto.Int64(5555),
|
||||
- Period: proto.Uint64(3333),
|
||||
+ Shares: newU64(4444),
|
||||
+ Quota: newI64(5555),
|
||||
+ Period: newU64(3333),
|
||||
Cpus: "0-1",
|
||||
Mems: "6-7",
|
||||
},
|
||||
@@ -144,7 +145,7 @@ func TestUpdateOCILinuxResource(t *testing.T) {
|
||||
Process: &runtimespec.Process{OOMScoreAdj: oomscoreadj},
|
||||
Linux: &runtimespec.Linux{
|
||||
Resources: &runtimespec.LinuxResources{
|
||||
- Memory: &runtimespec.LinuxMemory{Limit: proto.Int64(12345)},
|
||||
+ Memory: &runtimespec.LinuxMemory{Limit: newI64(12345)},
|
||||
},
|
||||
},
|
||||
},
|
||||
@@ -165,13 +166,13 @@ func TestUpdateOCILinuxResource(t *testing.T) {
|
||||
Linux: &runtimespec.Linux{
|
||||
Resources: &runtimespec.LinuxResources{
|
||||
Memory: &runtimespec.LinuxMemory{
|
||||
- Limit: proto.Int64(54321),
|
||||
+ Limit: newI64(54321),
|
||||
Swap: expectedSwap(54321),
|
||||
},
|
||||
CPU: &runtimespec.LinuxCPU{
|
||||
- Shares: proto.Uint64(4444),
|
||||
- Quota: proto.Int64(5555),
|
||||
- Period: proto.Uint64(6666),
|
||||
+ Shares: newU64(4444),
|
||||
+ Quota: newI64(5555),
|
||||
+ Period: newU64(6666),
|
||||
Cpus: "4-5",
|
||||
Mems: "6-7",
|
||||
},
|
||||
@@ -185,11 +186,11 @@ func TestUpdateOCILinuxResource(t *testing.T) {
|
||||
Process: &runtimespec.Process{OOMScoreAdj: oomscoreadj},
|
||||
Linux: &runtimespec.Linux{
|
||||
Resources: &runtimespec.LinuxResources{
|
||||
- Memory: &runtimespec.LinuxMemory{Limit: proto.Int64(12345)},
|
||||
+ Memory: &runtimespec.LinuxMemory{Limit: newI64(12345)},
|
||||
CPU: &runtimespec.LinuxCPU{
|
||||
- Shares: proto.Uint64(1111),
|
||||
- Quota: proto.Int64(2222),
|
||||
- Period: proto.Uint64(3333),
|
||||
+ Shares: newU64(1111),
|
||||
+ Quota: newI64(2222),
|
||||
+ Period: newU64(3333),
|
||||
Cpus: "0-1",
|
||||
Mems: "2-3",
|
||||
},
|
||||
@@ -214,13 +215,13 @@ func TestUpdateOCILinuxResource(t *testing.T) {
|
||||
Linux: &runtimespec.Linux{
|
||||
Resources: &runtimespec.LinuxResources{
|
||||
Memory: &runtimespec.LinuxMemory{
|
||||
- Limit: proto.Int64(54321),
|
||||
+ Limit: newI64(54321),
|
||||
Swap: expectedSwap(54321),
|
||||
},
|
||||
CPU: &runtimespec.LinuxCPU{
|
||||
- Shares: proto.Uint64(4444),
|
||||
- Quota: proto.Int64(5555),
|
||||
- Period: proto.Uint64(6666),
|
||||
+ Shares: newU64(4444),
|
||||
+ Quota: newI64(5555),
|
||||
+ Period: newU64(6666),
|
||||
Cpus: "4-5",
|
||||
Mems: "6-7",
|
||||
},
|
|
@ -1,56 +0,0 @@
|
|||
From: Shengjing Zhu <zhsj@debian.org>
|
||||
Date: Mon, 21 Feb 2022 00:53:36 +0800
|
||||
Subject: Disable opentelemetry
|
||||
|
||||
go.opentelemetry.io/contrib is not packaged.
|
||||
|
||||
Forwarded: not-needed
|
||||
---
|
||||
cmd/containerd/builtins.go | 1 -
|
||||
services/server/server.go | 14 ++------------
|
||||
2 files changed, 2 insertions(+), 13 deletions(-)
|
||||
|
||||
diff --git a/cmd/containerd/builtins.go b/cmd/containerd/builtins.go
|
||||
index 8c6f1fe..dd8b1d3 100644
|
||||
--- a/cmd/containerd/builtins.go
|
||||
+++ b/cmd/containerd/builtins.go
|
||||
@@ -36,5 +36,4 @@ import (
|
||||
_ "github.com/containerd/containerd/services/snapshots"
|
||||
_ "github.com/containerd/containerd/services/tasks"
|
||||
_ "github.com/containerd/containerd/services/version"
|
||||
- _ "github.com/containerd/containerd/tracing/plugin"
|
||||
)
|
||||
diff --git a/services/server/server.go b/services/server/server.go
|
||||
index 857cc9c..b6ea8cf 100644
|
||||
--- a/services/server/server.go
|
||||
+++ b/services/server/server.go
|
||||
@@ -53,10 +53,8 @@ import (
|
||||
"github.com/containerd/containerd/sys"
|
||||
"github.com/containerd/ttrpc"
|
||||
metrics "github.com/docker/go-metrics"
|
||||
- grpc_middleware "github.com/grpc-ecosystem/go-grpc-middleware"
|
||||
grpc_prometheus "github.com/grpc-ecosystem/go-grpc-prometheus"
|
||||
bolt "go.etcd.io/bbolt"
|
||||
- "go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc"
|
||||
"google.golang.org/grpc"
|
||||
"google.golang.org/grpc/backoff"
|
||||
"google.golang.org/grpc/credentials"
|
||||
@@ -131,16 +129,8 @@ func New(ctx context.Context, config *srvconfig.Config) (*Server, error) {
|
||||
}
|
||||
|
||||
serverOpts := []grpc.ServerOption{
|
||||
- grpc.StreamInterceptor(grpc_middleware.ChainStreamServer(
|
||||
- otelgrpc.StreamServerInterceptor(),
|
||||
- grpc.StreamServerInterceptor(grpc_prometheus.StreamServerInterceptor),
|
||||
- streamNamespaceInterceptor,
|
||||
- )),
|
||||
- grpc.UnaryInterceptor(grpc_middleware.ChainUnaryServer(
|
||||
- otelgrpc.UnaryServerInterceptor(),
|
||||
- grpc.UnaryServerInterceptor(grpc_prometheus.UnaryServerInterceptor),
|
||||
- unaryNamespaceInterceptor,
|
||||
- )),
|
||||
+ grpc.UnaryInterceptor(grpc_prometheus.UnaryServerInterceptor),
|
||||
+ grpc.StreamInterceptor(grpc_prometheus.StreamServerInterceptor),
|
||||
}
|
||||
if config.GRPC.MaxRecvMsgSize > 0 {
|
||||
serverOpts = append(serverOpts, grpc.MaxRecvMsgSize(config.GRPC.MaxRecvMsgSize))
|
|
@ -1,155 +0,0 @@
|
|||
From: Shengjing Zhu <zhushengjing@cambricon.com>
|
||||
Date: Mon, 21 Feb 2022 00:50:59 +0800
|
||||
Subject: Revert "Use insecure.NewCredentials instead of grpc.WithInsecure"
|
||||
|
||||
This reverts commit 2ee3ce510cf26d5eb400fac118aeeec5c20ed83f.
|
||||
|
||||
Need golang-google-grpc-dev v1.34.0
|
||||
|
||||
Forwarded: not-needed
|
||||
---
|
||||
client.go | 3 +--
|
||||
cmd/containerd/command/publish.go | 3 +--
|
||||
integration/main_test.go | 6 +-----
|
||||
integration/remote/remote_image.go | 7 +------
|
||||
integration/remote/remote_runtime.go | 7 +------
|
||||
services/server/server.go | 3 +--
|
||||
6 files changed, 6 insertions(+), 23 deletions(-)
|
||||
|
||||
diff --git a/client.go b/client.go
|
||||
index 1c2202e..86fa787 100644
|
||||
--- a/client.go
|
||||
+++ b/client.go
|
||||
@@ -64,7 +64,6 @@ import (
|
||||
"golang.org/x/sync/semaphore"
|
||||
"google.golang.org/grpc"
|
||||
"google.golang.org/grpc/backoff"
|
||||
- "google.golang.org/grpc/credentials/insecure"
|
||||
"google.golang.org/grpc/health/grpc_health_v1"
|
||||
)
|
||||
|
||||
@@ -118,7 +117,7 @@ func New(address string, opts ...ClientOpt) (*Client, error) {
|
||||
}
|
||||
gopts := []grpc.DialOption{
|
||||
grpc.WithBlock(),
|
||||
- grpc.WithTransportCredentials(insecure.NewCredentials()),
|
||||
+ grpc.WithInsecure(),
|
||||
grpc.FailOnNonTempDialError(true),
|
||||
grpc.WithConnectParams(connParams),
|
||||
grpc.WithContextDialer(dialer.ContextDialer),
|
||||
diff --git a/cmd/containerd/command/publish.go b/cmd/containerd/command/publish.go
|
||||
index b18f19f..e138ed4 100644
|
||||
--- a/cmd/containerd/command/publish.go
|
||||
+++ b/cmd/containerd/command/publish.go
|
||||
@@ -32,7 +32,6 @@ import (
|
||||
"github.com/urfave/cli"
|
||||
"google.golang.org/grpc"
|
||||
"google.golang.org/grpc/backoff"
|
||||
- "google.golang.org/grpc/credentials/insecure"
|
||||
)
|
||||
|
||||
var publishCommand = cli.Command{
|
||||
@@ -100,7 +99,7 @@ func connect(address string, d func(gocontext.Context, string) (net.Conn, error)
|
||||
}
|
||||
gopts := []grpc.DialOption{
|
||||
grpc.WithBlock(),
|
||||
- grpc.WithTransportCredentials(insecure.NewCredentials()),
|
||||
+ grpc.WithInsecure(),
|
||||
grpc.WithContextDialer(d),
|
||||
grpc.FailOnNonTempDialError(true),
|
||||
grpc.WithConnectParams(connParams),
|
||||
diff --git a/integration/main_test.go b/integration/main_test.go
|
||||
index a62687c..fb8556e 100644
|
||||
--- a/integration/main_test.go
|
||||
+++ b/integration/main_test.go
|
||||
@@ -47,7 +47,6 @@ import (
|
||||
"github.com/stretchr/testify/require"
|
||||
exec "golang.org/x/sys/execabs"
|
||||
"google.golang.org/grpc"
|
||||
- "google.golang.org/grpc/credentials/insecure"
|
||||
runtime "k8s.io/cri-api/pkg/apis/runtime/v1"
|
||||
)
|
||||
|
||||
@@ -507,10 +506,7 @@ func RawRuntimeClient() (runtime.RuntimeServiceClient, error) {
|
||||
}
|
||||
ctx, cancel := context.WithTimeout(context.Background(), timeout)
|
||||
defer cancel()
|
||||
- conn, err := grpc.DialContext(ctx, addr,
|
||||
- grpc.WithTransportCredentials(insecure.NewCredentials()),
|
||||
- grpc.WithContextDialer(dialer),
|
||||
- )
|
||||
+ conn, err := grpc.DialContext(ctx, addr, grpc.WithInsecure(), grpc.WithContextDialer(dialer))
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to connect cri endpoint: %w", err)
|
||||
}
|
||||
diff --git a/integration/remote/remote_image.go b/integration/remote/remote_image.go
|
||||
index 16088a9..a722d41 100644
|
||||
--- a/integration/remote/remote_image.go
|
||||
+++ b/integration/remote/remote_image.go
|
||||
@@ -39,7 +39,6 @@ import (
|
||||
"time"
|
||||
|
||||
"google.golang.org/grpc"
|
||||
- "google.golang.org/grpc/credentials/insecure"
|
||||
"k8s.io/klog/v2"
|
||||
|
||||
internalapi "github.com/containerd/containerd/integration/cri-api/pkg/apis"
|
||||
@@ -65,11 +64,7 @@ func NewImageService(endpoint string, connectionTimeout time.Duration) (internal
|
||||
ctx, cancel := context.WithTimeout(context.Background(), connectionTimeout)
|
||||
defer cancel()
|
||||
|
||||
- conn, err := grpc.DialContext(ctx, addr,
|
||||
- grpc.WithTransportCredentials(insecure.NewCredentials()),
|
||||
- grpc.WithContextDialer(dialer),
|
||||
- grpc.WithDefaultCallOptions(grpc.MaxCallRecvMsgSize(maxMsgSize)),
|
||||
- )
|
||||
+ conn, err := grpc.DialContext(ctx, addr, grpc.WithInsecure(), grpc.WithContextDialer(dialer), grpc.WithDefaultCallOptions(grpc.MaxCallRecvMsgSize(maxMsgSize)))
|
||||
if err != nil {
|
||||
klog.Errorf("Connect remote image service %s failed: %v", addr, err)
|
||||
return nil, err
|
||||
diff --git a/integration/remote/remote_runtime.go b/integration/remote/remote_runtime.go
|
||||
index b172b94..d9bd813 100644
|
||||
--- a/integration/remote/remote_runtime.go
|
||||
+++ b/integration/remote/remote_runtime.go
|
||||
@@ -40,7 +40,6 @@ import (
|
||||
"time"
|
||||
|
||||
"google.golang.org/grpc"
|
||||
- "google.golang.org/grpc/credentials/insecure"
|
||||
"k8s.io/klog/v2"
|
||||
|
||||
internalapi "github.com/containerd/containerd/integration/cri-api/pkg/apis"
|
||||
@@ -74,11 +73,7 @@ func NewRuntimeService(endpoint string, connectionTimeout time.Duration) (intern
|
||||
ctx, cancel := context.WithTimeout(context.Background(), connectionTimeout)
|
||||
defer cancel()
|
||||
|
||||
- conn, err := grpc.DialContext(ctx, addr,
|
||||
- grpc.WithTransportCredentials(insecure.NewCredentials()),
|
||||
- grpc.WithContextDialer(dialer),
|
||||
- grpc.WithDefaultCallOptions(grpc.MaxCallRecvMsgSize(maxMsgSize)),
|
||||
- )
|
||||
+ conn, err := grpc.DialContext(ctx, addr, grpc.WithInsecure(), grpc.WithContextDialer(dialer), grpc.WithDefaultCallOptions(grpc.MaxCallRecvMsgSize(maxMsgSize)))
|
||||
if err != nil {
|
||||
klog.Errorf("Connect remote runtime %s failed: %v", addr, err)
|
||||
return nil, err
|
||||
diff --git a/services/server/server.go b/services/server/server.go
|
||||
index b6ea8cf..614591f 100644
|
||||
--- a/services/server/server.go
|
||||
+++ b/services/server/server.go
|
||||
@@ -58,7 +58,6 @@ import (
|
||||
"google.golang.org/grpc"
|
||||
"google.golang.org/grpc/backoff"
|
||||
"google.golang.org/grpc/credentials"
|
||||
- "google.golang.org/grpc/credentials/insecure"
|
||||
)
|
||||
|
||||
const (
|
||||
@@ -540,7 +539,7 @@ func (pc *proxyClients) getClient(address string) (*grpc.ClientConn, error) {
|
||||
Backoff: backoffConfig,
|
||||
}
|
||||
gopts := []grpc.DialOption{
|
||||
- grpc.WithTransportCredentials(insecure.NewCredentials()),
|
||||
+ grpc.WithInsecure(),
|
||||
grpc.WithConnectParams(connParams),
|
||||
grpc.WithContextDialer(dialer.ContextDialer),
|
||||
|
|
@ -1,174 +0,0 @@
|
|||
From: Shengjing Zhu <zhsj@debian.org>
|
||||
Date: Tue, 22 Feb 2022 01:57:23 +0800
|
||||
Subject: Fix build with gccgo
|
||||
|
||||
Origin: backport, https://github.com/containerd/containerd/commit/d28981d4
|
||||
---
|
||||
mount/subprocess_unsafe.s | 15 +++++++++++++++
|
||||
mount/subprocess_unsafe_gc.go | 33 +++++++++++++++++++++++++++++++++
|
||||
mount/subprocess_unsafe_gccgo.go | 33 +++++++++++++++++++++++++++++++++
|
||||
mount/subprocess_unsafe_linux.go | 30 ------------------------------
|
||||
mount/subprocess_unsafe_linux.s | 15 ---------------
|
||||
5 files changed, 81 insertions(+), 45 deletions(-)
|
||||
create mode 100644 mount/subprocess_unsafe.s
|
||||
create mode 100644 mount/subprocess_unsafe_gc.go
|
||||
create mode 100644 mount/subprocess_unsafe_gccgo.go
|
||||
delete mode 100644 mount/subprocess_unsafe_linux.go
|
||||
delete mode 100644 mount/subprocess_unsafe_linux.s
|
||||
|
||||
diff --git a/mount/subprocess_unsafe.s b/mount/subprocess_unsafe.s
|
||||
new file mode 100644
|
||||
index 0000000..c073fa4
|
||||
--- /dev/null
|
||||
+++ b/mount/subprocess_unsafe.s
|
||||
@@ -0,0 +1,15 @@
|
||||
+/*
|
||||
+ Copyright The containerd Authors.
|
||||
+
|
||||
+ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
+ you may not use this file except in compliance with the License.
|
||||
+ You may obtain a copy of the License at
|
||||
+
|
||||
+ http://www.apache.org/licenses/LICENSE-2.0
|
||||
+
|
||||
+ Unless required by applicable law or agreed to in writing, software
|
||||
+ distributed under the License is distributed on an "AS IS" BASIS,
|
||||
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
+ See the License for the specific language governing permissions and
|
||||
+ limitations under the License.
|
||||
+*/
|
||||
diff --git a/mount/subprocess_unsafe_gc.go b/mount/subprocess_unsafe_gc.go
|
||||
new file mode 100644
|
||||
index 0000000..695280a
|
||||
--- /dev/null
|
||||
+++ b/mount/subprocess_unsafe_gc.go
|
||||
@@ -0,0 +1,33 @@
|
||||
+//go:build linux && gc
|
||||
+// +build linux,gc
|
||||
+
|
||||
+/*
|
||||
+ Copyright The containerd Authors.
|
||||
+
|
||||
+ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
+ you may not use this file except in compliance with the License.
|
||||
+ You may obtain a copy of the License at
|
||||
+
|
||||
+ http://www.apache.org/licenses/LICENSE-2.0
|
||||
+
|
||||
+ Unless required by applicable law or agreed to in writing, software
|
||||
+ distributed under the License is distributed on an "AS IS" BASIS,
|
||||
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
+ See the License for the specific language governing permissions and
|
||||
+ limitations under the License.
|
||||
+*/
|
||||
+
|
||||
+package mount
|
||||
+
|
||||
+import (
|
||||
+ _ "unsafe" // required for go:linkname.
|
||||
+)
|
||||
+
|
||||
+//go:linkname beforeFork syscall.runtime_BeforeFork
|
||||
+func beforeFork()
|
||||
+
|
||||
+//go:linkname afterFork syscall.runtime_AfterFork
|
||||
+func afterFork()
|
||||
+
|
||||
+//go:linkname afterForkInChild syscall.runtime_AfterForkInChild
|
||||
+func afterForkInChild()
|
||||
diff --git a/mount/subprocess_unsafe_gccgo.go b/mount/subprocess_unsafe_gccgo.go
|
||||
new file mode 100644
|
||||
index 0000000..72c38e7
|
||||
--- /dev/null
|
||||
+++ b/mount/subprocess_unsafe_gccgo.go
|
||||
@@ -0,0 +1,33 @@
|
||||
+//go:build linux && gccgo
|
||||
+// +build linux,gccgo
|
||||
+
|
||||
+/*
|
||||
+ Copyright The containerd Authors.
|
||||
+
|
||||
+ Licensed under the Apache License, Version 2.0 (the "License");
|
||||
+ you may not use this file except in compliance with the License.
|
||||
+ You may obtain a copy of the License at
|
||||
+
|
||||
+ http://www.apache.org/licenses/LICENSE-2.0
|
||||
+
|
||||
+ Unless required by applicable law or agreed to in writing, software
|
||||
+ distributed under the License is distributed on an "AS IS" BASIS,
|
||||
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
+ See the License for the specific language governing permissions and
|
||||
+ limitations under the License.
|
||||
+*/
|
||||
+
|
||||
+package mount
|
||||
+
|
||||
+import (
|
||||
+ _ "unsafe" // required for go:linkname.
|
||||
+)
|
||||
+
|
||||
+//go:linkname beforeFork syscall.runtime__BeforeFork
|
||||
+func beforeFork()
|
||||
+
|
||||
+//go:linkname afterFork syscall.runtime__AfterFork
|
||||
+func afterFork()
|
||||
+
|
||||
+//go:linkname afterForkInChild syscall.runtime__AfterForkInChild
|
||||
+func afterForkInChild()
|
||||
diff --git a/mount/subprocess_unsafe_linux.go b/mount/subprocess_unsafe_linux.go
|
||||
deleted file mode 100644
|
||||
index c7cb0c0..0000000
|
||||
--- a/mount/subprocess_unsafe_linux.go
|
||||
+++ /dev/null
|
||||
@@ -1,30 +0,0 @@
|
||||
-/*
|
||||
- Copyright The containerd Authors.
|
||||
-
|
||||
- Licensed under the Apache License, Version 2.0 (the "License");
|
||||
- you may not use this file except in compliance with the License.
|
||||
- You may obtain a copy of the License at
|
||||
-
|
||||
- http://www.apache.org/licenses/LICENSE-2.0
|
||||
-
|
||||
- Unless required by applicable law or agreed to in writing, software
|
||||
- distributed under the License is distributed on an "AS IS" BASIS,
|
||||
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
- See the License for the specific language governing permissions and
|
||||
- limitations under the License.
|
||||
-*/
|
||||
-
|
||||
-package mount
|
||||
-
|
||||
-import (
|
||||
- _ "unsafe" // required for go:linkname.
|
||||
-)
|
||||
-
|
||||
-//go:linkname beforeFork syscall.runtime_BeforeFork
|
||||
-func beforeFork()
|
||||
-
|
||||
-//go:linkname afterFork syscall.runtime_AfterFork
|
||||
-func afterFork()
|
||||
-
|
||||
-//go:linkname afterForkInChild syscall.runtime_AfterForkInChild
|
||||
-func afterForkInChild()
|
||||
diff --git a/mount/subprocess_unsafe_linux.s b/mount/subprocess_unsafe_linux.s
|
||||
deleted file mode 100644
|
||||
index c073fa4..0000000
|
||||
--- a/mount/subprocess_unsafe_linux.s
|
||||
+++ /dev/null
|
||||
@@ -1,15 +0,0 @@
|
||||
-/*
|
||||
- Copyright The containerd Authors.
|
||||
-
|
||||
- Licensed under the Apache License, Version 2.0 (the "License");
|
||||
- you may not use this file except in compliance with the License.
|
||||
- You may obtain a copy of the License at
|
||||
-
|
||||
- http://www.apache.org/licenses/LICENSE-2.0
|
||||
-
|
||||
- Unless required by applicable law or agreed to in writing, software
|
||||
- distributed under the License is distributed on an "AS IS" BASIS,
|
||||
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
- See the License for the specific language governing permissions and
|
||||
- limitations under the License.
|
||||
-*/
|
|
@ -1,39 +0,0 @@
|
|||
From: Shengjing Zhu <zhsj@debian.org>
|
||||
Date: Sun, 27 Feb 2022 23:16:03 +0800
|
||||
Subject: cri: fix integration test on cgroupsv2 system
|
||||
|
||||
Forwarded: https://github.com/containerd/containerd/pull/6595
|
||||
---
|
||||
integration/container_update_resources_test.go | 12 ++++--------
|
||||
1 file changed, 4 insertions(+), 8 deletions(-)
|
||||
|
||||
diff --git a/integration/container_update_resources_test.go b/integration/container_update_resources_test.go
|
||||
index 1d05800..69f6d81 100644
|
||||
--- a/integration/container_update_resources_test.go
|
||||
+++ b/integration/container_update_resources_test.go
|
||||
@@ -270,11 +270,8 @@ func TestUpdateContainerResources_MemoryLimit(t *testing.T) {
|
||||
require.NoError(t, err)
|
||||
|
||||
t.Log("Check memory limit in cgroup")
|
||||
- cgroup, err := cgroups.Load(cgroups.V1, cgroups.PidPath(int(task.Pid())))
|
||||
- require.NoError(t, err)
|
||||
- stat, err := cgroup.Stat(cgroups.IgnoreNotExist)
|
||||
- require.NoError(t, err)
|
||||
- assert.Equal(t, uint64(400*1024*1024), stat.Memory.Usage.Limit)
|
||||
+ memLimit := getCgroupMemoryLimitForTask(t, task)
|
||||
+ assert.Equal(t, uint64(400*1024*1024), memLimit)
|
||||
swapLimit := getCgroupSwapLimitForTask(t, task)
|
||||
assert.Equal(t, uint64(400*1024*1024), swapLimit)
|
||||
|
||||
@@ -291,9 +288,8 @@ func TestUpdateContainerResources_MemoryLimit(t *testing.T) {
|
||||
checkMemorySwapLimit(t, spec, expectedSwapLimit(800*1024*1024))
|
||||
|
||||
t.Log("Check memory limit in cgroup")
|
||||
- stat, err = cgroup.Stat(cgroups.IgnoreNotExist)
|
||||
- require.NoError(t, err)
|
||||
- assert.Equal(t, uint64(800*1024*1024), stat.Memory.Usage.Limit)
|
||||
+ memLimit = getCgroupMemoryLimitForTask(t, task)
|
||||
+ assert.Equal(t, uint64(800*1024*1024), memLimit)
|
||||
swapLimit = getCgroupSwapLimitForTask(t, task)
|
||||
assert.Equal(t, uint64(800*1024*1024), swapLimit)
|
||||
}
|
|
@ -1,22 +0,0 @@
|
|||
From: Shengjing Zhu <zhsj@debian.org>
|
||||
Date: Tue, 1 Mar 2022 21:38:59 +0800
|
||||
Subject: Add Debian specific CNI bin dir to ctr run command
|
||||
|
||||
Forwarded: not-needed
|
||||
---
|
||||
cmd/ctr/commands/run/run.go | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/cmd/ctr/commands/run/run.go b/cmd/ctr/commands/run/run.go
|
||||
index bf0ebfe..5c2b489 100644
|
||||
--- a/cmd/ctr/commands/run/run.go
|
||||
+++ b/cmd/ctr/commands/run/run.go
|
||||
@@ -180,7 +180,7 @@ var Command = cli.Command{
|
||||
}
|
||||
var network gocni.CNI
|
||||
if enableCNI {
|
||||
- if network, err = gocni.New(gocni.WithDefaultConf); err != nil {
|
||||
+ if network, err = gocni.New(gocni.WithPluginDir([]string{gocni.DefaultCNIDir, "/usr/lib/cni"}), gocni.WithDefaultConf); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
|
@ -1,54 +0,0 @@
|
|||
From: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
|
||||
Date: Tue, 15 Aug 2023 04:31:45 +0900
|
||||
Subject: seccomp, apparmor: add go:noinline
|
||||
|
||||
Origin: backport, https://github.com/containerd/containerd/commit/0f043ae4
|
||||
---
|
||||
contrib/apparmor/apparmor.go | 5 +++++
|
||||
contrib/seccomp/seccomp.go | 10 ++++++++++
|
||||
2 files changed, 15 insertions(+)
|
||||
|
||||
diff --git a/contrib/apparmor/apparmor.go b/contrib/apparmor/apparmor.go
|
||||
index be6a49a..52a1056 100644
|
||||
--- a/contrib/apparmor/apparmor.go
|
||||
+++ b/contrib/apparmor/apparmor.go
|
||||
@@ -40,6 +40,11 @@ func WithProfile(profile string) oci.SpecOpts {
|
||||
|
||||
// WithDefaultProfile will generate a default apparmor profile under the provided name
|
||||
// for the container. It is only generated if a profile under that name does not exist.
|
||||
+//
|
||||
+// FIXME: pkg/cri/[sb]server/container_create_linux_test.go depends on go:noinline
|
||||
+// since Go 1.21.
|
||||
+//
|
||||
+//go:noinline
|
||||
func WithDefaultProfile(name string) oci.SpecOpts {
|
||||
return func(_ context.Context, _ oci.Client, _ *containers.Container, s *specs.Spec) error {
|
||||
if err := LoadDefaultProfile(name); err != nil {
|
||||
diff --git a/contrib/seccomp/seccomp.go b/contrib/seccomp/seccomp.go
|
||||
index 5292cbc..becf089 100644
|
||||
--- a/contrib/seccomp/seccomp.go
|
||||
+++ b/contrib/seccomp/seccomp.go
|
||||
@@ -30,6 +30,11 @@ import (
|
||||
// WithProfile receives the name of a file stored on disk comprising a json
|
||||
// formatted seccomp profile, as specified by the opencontainers/runtime-spec.
|
||||
// The profile is read from the file, unmarshaled, and set to the spec.
|
||||
+//
|
||||
+// FIXME: pkg/cri/[sb]server/container_create_linux_test.go depends on go:noinline
|
||||
+// since Go 1.21.
|
||||
+//
|
||||
+//go:noinline
|
||||
func WithProfile(profile string) oci.SpecOpts {
|
||||
return func(_ context.Context, _ oci.Client, _ *containers.Container, s *specs.Spec) error {
|
||||
s.Linux.Seccomp = &specs.LinuxSeccomp{}
|
||||
@@ -46,6 +51,11 @@ func WithProfile(profile string) oci.SpecOpts {
|
||||
|
||||
// WithDefaultProfile sets the default seccomp profile to the spec.
|
||||
// Note: must follow the setting of process capabilities
|
||||
+//
|
||||
+// FIXME: pkg/cri/[sb]server/container_create_linux_test.go depends on go:noinline
|
||||
+// since Go 1.21.
|
||||
+//
|
||||
+//go:noinline
|
||||
func WithDefaultProfile() oci.SpecOpts {
|
||||
return func(_ context.Context, _ oci.Client, _ *containers.Container, s *specs.Spec) error {
|
||||
s.Linux.Seccomp = DefaultProfile(s)
|
|
@ -1,23 +0,0 @@
|
|||
From: Shengjing Zhu <zhsj@debian.org>
|
||||
Date: Wed, 23 Aug 2023 14:07:38 +0800
|
||||
Subject: sys: unprivileged user can adjust oom scroe when initial is negative
|
||||
|
||||
Forwarded: https://github.com/containerd/containerd/pull/8999
|
||||
---
|
||||
sys/oom_linux_test.go | 3 +++
|
||||
1 file changed, 3 insertions(+)
|
||||
|
||||
diff --git a/sys/oom_linux_test.go b/sys/oom_linux_test.go
|
||||
index 0c8f90b..170aa98 100644
|
||||
--- a/sys/oom_linux_test.go
|
||||
+++ b/sys/oom_linux_test.go
|
||||
@@ -55,6 +55,9 @@ func TestSetNegativeOomScoreAdjustmentWhenUnprivilegedHasNoEffect(t *testing.T)
|
||||
|
||||
initial, adjustment, err := adjustOom(-123)
|
||||
assert.NilError(t, err)
|
||||
+ if initial < 0 {
|
||||
+ t.Skip("unprivileged user can adjust oom scroe when initial is negative")
|
||||
+ }
|
||||
assert.Check(t, is.Equal(adjustment, initial))
|
||||
}
|
||||
|
|
@ -1,10 +0,0 @@
|
|||
0001-disable-windows-support-in-ctr-metric.patch
|
||||
0002-disable-runhcs-option-in-cri-config.patch
|
||||
0003-Remove-depends-on-google.golang.org-protobuf-proto.patch
|
||||
0004-Disable-otelgrpc-telemetry.patch
|
||||
0005-Revert-Use-insecure.NewCredentials-instead-of-grpc.W.patch
|
||||
0006-Fix-build-with-gccgo.patch
|
||||
0007-cri-fix-integration-test-on-cgroupsv2-system.patch
|
||||
0008-Add-Debian-specific-CNI-bin-dir-to-ctr-run-command.patch
|
||||
0009-seccomp-apparmor-add-go-noinline.patch
|
||||
0010-sys-unprivileged-user-can-adjust-oom-scroe-when-init.patch
|
|
@ -1 +1 @@
|
|||
3.0 (quilt)
|
||||
3.0 (native)
|
||||
|
|
Loading…
Reference in New Issue