From ce7ba6691fee81d6ff18a8549f6218af2d383ce6 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Tue, 15 Sep 2020 15:14:04 +0200 Subject: [PATCH 01/46] vendor: github.com/willf/bitset v1.1.11 The changes needed by opencontainers/selinux are now in a tagged release. This will make our dependency slightly ahead of what's used by opencontainers/selinux until a v1.6.1 is tagged. full diff: https://github.com/willf/bitset/compare/d5bec3311243...v1.1.11 Signed-off-by: Sebastiaan van Stijn (cherry picked from commit a6fc9ca490044ed5c6f10b954e929633a151067c) Signed-off-by: Sebastiaan van Stijn --- vendor.conf | 2 +- vendor/github.com/willf/bitset/README.md | 20 +++---- vendor/github.com/willf/bitset/bitset.go | 72 ++++++++++++++++++++---- vendor/github.com/willf/bitset/go.mod | 3 + 4 files changed, 75 insertions(+), 22 deletions(-) create mode 100644 vendor/github.com/willf/bitset/go.mod diff --git a/vendor.conf b/vendor.conf index 59ec791489a5..ad7ea90c8d7e 100644 --- a/vendor.conf +++ b/vendor.conf @@ -69,7 +69,7 @@ github.com/modern-go/concurrent 1.0.3 github.com/modern-go/reflect2 v1.0.1 github.com/opencontainers/selinux v1.6.0 github.com/tchap/go-patricia v2.2.6 -github.com/willf/bitset d5bec3311243426a3c6d1b7a795f24b17c686dbb # 1.1.10+ used by selinux pkg +github.com/willf/bitset v1.1.11 golang.org/x/crypto 75b288015ac94e66e3d6715fb68a9b41bf046ec2 golang.org/x/oauth2 858c2ad4c8b6c5d10852cb89079f6ca1c7309787 golang.org/x/time 555d28b269f0569763d25dbe1a237ae74c6bcc82 diff --git a/vendor/github.com/willf/bitset/README.md b/vendor/github.com/willf/bitset/README.md index 6c62b20c6c80..50338e71dfdb 100644 --- a/vendor/github.com/willf/bitset/README.md +++ b/vendor/github.com/willf/bitset/README.md @@ -2,10 +2,10 @@ *Go language library to map between non-negative integers and boolean values* -[![Master Build Status](https://secure.travis-ci.org/willf/bitset.png?branch=master)](https://travis-ci.org/willf/bitset?branch=master) +[![Test](https://github.com/willf/bitset/workflows/Test/badge.svg)](https://github.com/willf/bitset/actions?query=workflow%3ATest) [![Master Coverage Status](https://coveralls.io/repos/willf/bitset/badge.svg?branch=master&service=github)](https://coveralls.io/github/willf/bitset?branch=master) [![Go Report Card](https://goreportcard.com/badge/github.com/willf/bitset)](https://goreportcard.com/report/github.com/willf/bitset) -[![GoDoc](https://godoc.org/github.com/willf/bitset?status.svg)](http://godoc.org/github.com/willf/bitset) +[![PkgGoDev](https://pkg.go.dev/badge/github.com/willf/bitset?tab=doc)](https://pkg.go.dev/github.com/willf/bitset?tab=doc) ## Description @@ -63,8 +63,11 @@ func main() { As an alternative to BitSets, one should check out the 'big' package, which provides a (less set-theoretical) view of bitsets. -Godoc documentation is at: https://godoc.org/github.com/willf/bitset +Package documentation is at: https://pkg.go.dev/github.com/willf/bitset?tab=doc +## Memory Usage + +The memory usage of a bitset using N bits is at least N/8 bytes. The number of bits in a bitset is at least as large as one plus the greatest bit index you have accessed. Thus it is possible to run out of memory while using a bitset. If you have lots of bits, you might prefer compressed bitsets, like the [Roaring bitmaps](http://roaringbitmap.org) and its [Go implementation](https://github.com/RoaringBitmap/roaring). ## Implementation Note @@ -82,15 +85,10 @@ go get github.com/willf/bitset If you wish to contribute to this project, please branch and issue a pull request against master ("[GitHub Flow](https://guides.github.com/introduction/flow/)") -This project include a Makefile that allows you to test and build the project with simple commands. -To see all available options: -```bash -make help -``` - ## Running all tests -Before committing the code, please check if it passes all tests using (note: this will install some dependencies): +Before committing the code, please check if it passes tests, has adequate coverage, etc. ```bash -make qa +go test +go test -cover ``` diff --git a/vendor/github.com/willf/bitset/bitset.go b/vendor/github.com/willf/bitset/bitset.go index 22e5d42e5d6d..21e889da2e06 100644 --- a/vendor/github.com/willf/bitset/bitset.go +++ b/vendor/github.com/willf/bitset/bitset.go @@ -138,6 +138,9 @@ func (b *BitSet) Len() uint { // extendSetMaybe adds additional words to incorporate new bits if needed func (b *BitSet) extendSetMaybe(i uint) { if i >= b.length { // if we need more bits, make 'em + if i >= Cap() { + panic("You are exceeding the capacity") + } nsize := wordsNeeded(i + 1) if b.set == nil { b.set = make([]uint64, nsize) @@ -160,7 +163,12 @@ func (b *BitSet) Test(i uint) bool { return b.set[i>>log2WordSize]&(1<<(i&(wordSize-1))) != 0 } -// Set bit i to 1 +// Set bit i to 1, the capacity of the bitset is automatically +// increased accordingly. +// If i>= Cap(), this function will panic. +// Warning: using a very large value for 'i' +// may lead to a memory shortage and a panic: the caller is responsible +// for providing sensible parameters in line with their memory capacity. func (b *BitSet) Set(i uint) *BitSet { b.extendSetMaybe(i) b.set[i>>log2WordSize] |= 1 << (i & (wordSize - 1)) @@ -176,7 +184,11 @@ func (b *BitSet) Clear(i uint) *BitSet { return b } -// SetTo sets bit i to value +// SetTo sets bit i to value. +// If i>= Cap(), this function will panic. +// Warning: using a very large value for 'i' +// may lead to a memory shortage and a panic: the caller is responsible +// for providing sensible parameters in line with their memory capacity. func (b *BitSet) SetTo(i uint, value bool) *BitSet { if value { return b.Set(i) @@ -184,7 +196,11 @@ func (b *BitSet) SetTo(i uint, value bool) *BitSet { return b.Clear(i) } -// Flip bit at i +// Flip bit at i. +// If i>= Cap(), this function will panic. +// Warning: using a very large value for 'i' +// may lead to a memory shortage and a panic: the caller is responsible +// for providing sensible parameters in line with their memory capacity. func (b *BitSet) Flip(i uint) *BitSet { if i >= b.length { return b.Set(i) @@ -193,26 +209,51 @@ func (b *BitSet) Flip(i uint) *BitSet { return b } -// Shrink shrinks BitSet to desired length in bits. It clears all bits > length -// and reduces the size and length of the set. +// Shrink shrinks BitSet so that the provided value is the last possible +// set value. It clears all bits > the provided index and reduces the size +// and length of the set. +// +// Note that the parameter value is not the new length in bits: it is the +// maximal value that can be stored in the bitset after the function call. +// The new length in bits is the parameter value + 1. Thus it is not possible +// to use this function to set the length to 0, the minimal value of the length +// after this function call is 1. // // A new slice is allocated to store the new bits, so you may see an increase in // memory usage until the GC runs. Normally this should not be a problem, but if you // have an extremely large BitSet its important to understand that the old BitSet will // remain in memory until the GC frees it. -func (b *BitSet) Shrink(length uint) *BitSet { - idx := wordsNeeded(length + 1) +func (b *BitSet) Shrink(lastbitindex uint) *BitSet { + length := lastbitindex + 1 + idx := wordsNeeded(length) if idx > len(b.set) { return b } shrunk := make([]uint64, idx) copy(shrunk, b.set[:idx]) b.set = shrunk - b.length = length + 1 - b.set[idx-1] &= (allBits >> (uint64(64) - uint64(length&(wordSize-1)) - 1)) + b.length = length + b.set[idx-1] &= (allBits >> (uint64(64) - uint64(length&(wordSize-1)))) return b } +// Compact shrinks BitSet to so that we preserve all set bits, while minimizing +// memory usage. Compact calls Shrink. +func (b *BitSet) Compact() *BitSet { + idx := len(b.set) - 1 + for ; idx >= 0 && b.set[idx] == 0; idx-- { + } + newlength := uint((idx + 1) << log2WordSize) + if newlength >= b.length { + return b // nothing to do + } + if newlength > 0 { + return b.Shrink(newlength - 1) + } + // We preserve one word + return b.Shrink(63) +} + // InsertAt takes an index which indicates where a bit should be // inserted. Then it shifts all the bits in the set to the left by 1, starting // from the given index position, and sets the index position to 0. @@ -323,6 +364,9 @@ func (b *BitSet) DeleteAt(i uint) *BitSet { // including possibly the current index // along with an error code (true = valid, false = no set bit found) // for i,e := v.NextSet(0); e; i,e = v.NextSet(i + 1) {...} +// +// Users concerned with performance may want to use NextSetMany to +// retrieve several values at once. func (b *BitSet) NextSet(i uint) (uint, bool) { x := int(i >> log2WordSize) if x >= len(b.set) { @@ -358,6 +402,14 @@ func (b *BitSet) NextSet(i uint) (uint, bool) { // j += 1 // } // +// +// It is possible to retrieve all set bits as follow: +// +// indices := make([]uint, bitmap.Count()) +// bitmap.NextSetMany(0, indices) +// +// However if bitmap.Count() is large, it might be preferable to +// use several calls to NextSetMany, for performance reasons. func (b *BitSet) NextSetMany(i uint, buffer []uint) (uint, []uint) { myanswer := buffer capacity := cap(buffer) @@ -809,7 +861,7 @@ func (b *BitSet) ReadFrom(stream io.Reader) (int64, error) { newset := New(uint(length)) if uint64(newset.length) != length { - return 0, errors.New("Unmarshalling error: type mismatch") + return 0, errors.New("unmarshalling error: type mismatch") } // Read remaining bytes as set diff --git a/vendor/github.com/willf/bitset/go.mod b/vendor/github.com/willf/bitset/go.mod new file mode 100644 index 000000000000..583ecab78f74 --- /dev/null +++ b/vendor/github.com/willf/bitset/go.mod @@ -0,0 +1,3 @@ +module github.com/willf/bitset + +go 1.14 From 9a44af11df0e1221bfd7f53561829ed52c7a205e Mon Sep 17 00:00:00 2001 From: Phil Estes Date: Fri, 2 Oct 2020 16:31:28 -0400 Subject: [PATCH 02/46] Windows CNI install script using lowercase "destdir" Fixes packaging via GH Actions script, which sets DESTDIR and is used across many scripts. Signed-off-by: Phil Estes (cherry picked from commit 615af428a30e0d22c80dcb3db64e92147779c7e0) --- script/setup/install-cni-windows | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/script/setup/install-cni-windows b/script/setup/install-cni-windows index 455c75644f5d..146f8ebe83f0 100755 --- a/script/setup/install-cni-windows +++ b/script/setup/install-cni-windows @@ -16,8 +16,8 @@ set -eu -o pipefail -destdir="${destdir:-"C:\\Program Files\\containerd"}" -WINCNI_BIN_DIR="${destdir}/cni" +DESTDIR="${DESTDIR:-"C:\\Program Files\\containerd"}" +WINCNI_BIN_DIR="${DESTDIR}/cni" WINCNI_PKG=github.com/Microsoft/windows-container-networking WINCNI_VERSION=aa10a0b31e9f72937063436454def1760b858ee2 @@ -29,7 +29,7 @@ install -D -m 755 "out/nat.exe" "${WINCNI_BIN_DIR}/nat.exe" install -D -m 755 "out/sdnbridge.exe" "${WINCNI_BIN_DIR}/sdnbridge.exe" install -D -m 755 "out/sdnoverlay.exe" "${WINCNI_BIN_DIR}/sdnoverlay.exe" -CNI_CONFIG_DIR="${destdir}/cni/conf" +CNI_CONFIG_DIR="${DESTDIR}/cni/conf" mkdir -p "${CNI_CONFIG_DIR}" # split_ip splits ip into a 4-element array. From cc6f72a002fc0d1ae6fbab731a65775188644844 Mon Sep 17 00:00:00 2001 From: Giuseppe Capizzi Date: Thu, 22 Oct 2020 16:50:14 +0300 Subject: [PATCH 03/46] Check if a process exists before returning it Fixes #4632. Signed-off-by: Giuseppe Capizzi Co-authored-by: Danail Branekov (cherry picked from commit 8eda32e10780dc1adabc2c40f7295d4638d8915d) --- container_linux_test.go | 67 +++++++++++++++++++++++++++++++++++++++++ runtime/v2/shim.go | 8 +++-- 2 files changed, 73 insertions(+), 2 deletions(-) diff --git a/container_linux_test.go b/container_linux_test.go index 25e3199c2185..2db040b5186c 100644 --- a/container_linux_test.go +++ b/container_linux_test.go @@ -1008,6 +1008,73 @@ func TestContainerAttachProcess(t *testing.T) { <-status } +func TestContainerLoadUnexistingProcess(t *testing.T) { + t.Parallel() + + if runtime.GOOS == "windows" { + // On windows, closing the write side of the pipe closes the read + // side, sending an EOF to it and preventing reopening it. + // Hence this test will always fails on windows + t.Skip("invalid logic on windows") + } + + client, err := newClient(t, address) + if err != nil { + t.Fatal(err) + } + defer client.Close() + + var ( + image Image + ctx, cancel = testContext(t) + id = t.Name() + ) + defer cancel() + + image, err = client.GetImage(ctx, testImage) + if err != nil { + t.Fatal(err) + } + + container, err := client.NewContainer(ctx, id, WithNewSnapshot(id, image), WithNewSpec(oci.WithImageConfig(image), withProcessArgs("sleep", "100"))) + if err != nil { + t.Fatal(err) + } + defer container.Delete(ctx, WithSnapshotCleanup) + + // creating IO early for easy resource cleanup + direct, err := newDirectIO(ctx, false) + if err != nil { + t.Fatal(err) + } + defer direct.Delete() + + task, err := container.NewTask(ctx, empty()) + if err != nil { + t.Fatal(err) + } + defer task.Delete(ctx) + + status, err := task.Wait(ctx) + if err != nil { + t.Error(err) + } + + if err := task.Start(ctx); err != nil { + t.Fatal(err) + } + + if _, err = task.LoadProcess(ctx, "this-process-does-not-exist", direct.IOAttach); err == nil { + t.Fatal("an error should have occurred when loading a process that does not exist") + } + + if err := task.Kill(ctx, syscall.SIGKILL); err != nil { + t.Error(err) + } + + <-status +} + func TestContainerUserID(t *testing.T) { t.Parallel() diff --git a/runtime/v2/shim.go b/runtime/v2/shim.go index 152a1e85bb00..e5093b250146 100644 --- a/runtime/v2/shim.go +++ b/runtime/v2/shim.go @@ -433,10 +433,14 @@ func (s *shim) Stats(ctx context.Context) (*ptypes.Any, error) { } func (s *shim) Process(ctx context.Context, id string) (runtime.Process, error) { - return &process{ + p := &process{ id: id, shim: s, - }, nil + } + if _, err := p.State(ctx); err != nil { + return nil, err + } + return p, nil } func (s *shim) State(ctx context.Context) (runtime.State, error) { From 856a12fcabf6ab21b8c21d609a8a875643fe3d17 Mon Sep 17 00:00:00 2001 From: Kevin Parsons Date: Wed, 23 Sep 2020 17:20:21 -0700 Subject: [PATCH 04/46] Update github.com/Microsoft/hcsshim to v0.8.10 Brings in a variety of changes, mostly to the containerd shim. There is also a change to the Windows layer unpack code which fixes #4301. Release link: https://github.com/microsoft/hcsshim/releases/tag/v0.8.10 Signed-off-by: Kevin Parsons (cherry picked from commit a043c0dc3de79bc8a441e1e8912564526426eaac) Signed-off-by: Kevin Parsons --- vendor.conf | 2 +- .../options/runhcs.pb.go | 100 +++---- vendor/github.com/Microsoft/hcsshim/go.mod | 12 +- .../github.com/Microsoft/hcsshim/hcn/hcn.go | 36 +++ .../Microsoft/hcsshim/hcn/hcnglobals.go | 20 +- .../Microsoft/hcsshim/hcn/hcnpolicy.go | 47 ++- .../Microsoft/hcsshim/hcn/hcnsupport.go | 8 + .../Microsoft/hcsshim/internal/hcs/service.go | 49 ++++ .../Microsoft/hcsshim/internal/hcs/system.go | 3 +- .../hcsshim/internal/hns/hnsendpoint.go | 3 + .../hcsshim/internal/safefile/safeopen.go | 158 ++++------ .../internal/safefile/zsyscall_windows.go | 79 ----- ...r_credential_guard_add_instance_request.go | 16 ++ ...edential_guard_hv_socket_service_config.go | 15 + .../container_credential_guard_instance.go | 16 ++ ...ainer_credential_guard_modify_operation.go | 17 ++ ...iner_credential_guard_operation_request.go | 15 + ...redential_guard_remove_instance_request.go | 14 + .../container_credential_guard_system_info.go | 14 + .../hcsshim/internal/schema2/device.go | 15 +- .../internal/schema2/hv_socket_address.go | 17 ++ .../internal/schema2/logical_processor.go | 18 ++ .../hcsshim/internal/schema2/memory.go | 2 +- .../hcsshim/internal/schema2/memory_2.go | 2 +- .../internal/schema2/modification_request.go | 15 + .../internal/schema2/processor_topology.go | 15 + .../hcsshim/internal/schema2/property_type.go | 2 + .../internal/schema2/service_properties.go | 18 ++ .../hcsshim/internal/vmcompute/vmcompute.go | 22 ++ .../internal/vmcompute/zsyscall_windows.go | 24 ++ .../hcsshim/internal/wclayer/baselayer.go | 12 +- .../internal/wclayer/createscratchlayer.go | 4 +- .../hcsshim/internal/wclayer/importlayer.go | 13 + .../hcsshim/internal/wclayer/legacy.go | 34 +-- .../hcsshim/internal/wclayer/wclayer.go | 3 + .../hcsshim/internal/winapi/devices.go | 13 + .../hcsshim/internal/winapi/errors.go | 15 + .../hcsshim/internal/winapi/filesystem.go | 61 ++++ .../hcsshim/internal/winapi/jobobject.go | 120 ++++++++ .../hcsshim/internal/winapi/logon.go | 30 ++ .../hcsshim/internal/winapi/memory.go | 11 + .../Microsoft/hcsshim/internal/winapi/path.go | 11 + .../hcsshim/internal/winapi/process.go | 3 + .../hcsshim/internal/winapi/processor.go | 7 + .../hcsshim/internal/winapi/utils.go | 60 ++++ .../hcsshim/internal/winapi/winapi.go | 5 + .../internal/winapi/zsyscall_windows.go | 271 ++++++++++++++++++ .../hcsshim/osversion/windowsbuilds.go | 8 + .../github.com/Microsoft/hcsshim/test/go.mod | 6 +- 49 files changed, 1175 insertions(+), 286 deletions(-) create mode 100644 vendor/github.com/Microsoft/hcsshim/internal/hcs/service.go delete mode 100644 vendor/github.com/Microsoft/hcsshim/internal/safefile/zsyscall_windows.go create mode 100644 vendor/github.com/Microsoft/hcsshim/internal/schema2/container_credential_guard_add_instance_request.go create mode 100644 vendor/github.com/Microsoft/hcsshim/internal/schema2/container_credential_guard_hv_socket_service_config.go create mode 100644 vendor/github.com/Microsoft/hcsshim/internal/schema2/container_credential_guard_instance.go create mode 100644 vendor/github.com/Microsoft/hcsshim/internal/schema2/container_credential_guard_modify_operation.go create mode 100644 vendor/github.com/Microsoft/hcsshim/internal/schema2/container_credential_guard_operation_request.go create mode 100644 vendor/github.com/Microsoft/hcsshim/internal/schema2/container_credential_guard_remove_instance_request.go create mode 100644 vendor/github.com/Microsoft/hcsshim/internal/schema2/container_credential_guard_system_info.go create mode 100644 vendor/github.com/Microsoft/hcsshim/internal/schema2/hv_socket_address.go create mode 100644 vendor/github.com/Microsoft/hcsshim/internal/schema2/logical_processor.go create mode 100644 vendor/github.com/Microsoft/hcsshim/internal/schema2/modification_request.go create mode 100644 vendor/github.com/Microsoft/hcsshim/internal/schema2/processor_topology.go create mode 100644 vendor/github.com/Microsoft/hcsshim/internal/schema2/service_properties.go create mode 100644 vendor/github.com/Microsoft/hcsshim/internal/winapi/devices.go create mode 100644 vendor/github.com/Microsoft/hcsshim/internal/winapi/errors.go create mode 100644 vendor/github.com/Microsoft/hcsshim/internal/winapi/filesystem.go create mode 100644 vendor/github.com/Microsoft/hcsshim/internal/winapi/jobobject.go create mode 100644 vendor/github.com/Microsoft/hcsshim/internal/winapi/logon.go create mode 100644 vendor/github.com/Microsoft/hcsshim/internal/winapi/memory.go create mode 100644 vendor/github.com/Microsoft/hcsshim/internal/winapi/path.go create mode 100644 vendor/github.com/Microsoft/hcsshim/internal/winapi/process.go create mode 100644 vendor/github.com/Microsoft/hcsshim/internal/winapi/processor.go create mode 100644 vendor/github.com/Microsoft/hcsshim/internal/winapi/utils.go create mode 100644 vendor/github.com/Microsoft/hcsshim/internal/winapi/winapi.go create mode 100644 vendor/github.com/Microsoft/hcsshim/internal/winapi/zsyscall_windows.go diff --git a/vendor.conf b/vendor.conf index ad7ea90c8d7e..58ffbcdc0bc4 100644 --- a/vendor.conf +++ b/vendor.conf @@ -28,7 +28,7 @@ github.com/imdario/mergo v0.3.7 github.com/konsorten/go-windows-terminal-sequences v1.0.3 github.com/matttproud/golang_protobuf_extensions v1.0.1 github.com/Microsoft/go-winio v0.4.14 -github.com/Microsoft/hcsshim v0.8.9 +github.com/Microsoft/hcsshim v0.8.10 github.com/opencontainers/go-digest v1.0.0 github.com/opencontainers/image-spec v1.0.1 github.com/opencontainers/runc v1.0.0-rc92 diff --git a/vendor/github.com/Microsoft/hcsshim/cmd/containerd-shim-runhcs-v1/options/runhcs.pb.go b/vendor/github.com/Microsoft/hcsshim/cmd/containerd-shim-runhcs-v1/options/runhcs.pb.go index 2190e56a7927..a9d10fd42968 100644 --- a/vendor/github.com/Microsoft/hcsshim/cmd/containerd-shim-runhcs-v1/options/runhcs.pb.go +++ b/vendor/github.com/Microsoft/hcsshim/cmd/containerd-shim-runhcs-v1/options/runhcs.pb.go @@ -115,7 +115,7 @@ type Options struct { VmMemorySizeInMb int32 `protobuf:"varint,9,opt,name=vm_memory_size_in_mb,json=vmMemorySizeInMb,proto3" json:"vm_memory_size_in_mb,omitempty"` // GPUVHDPath is the path to the gpu vhd to add to the uvm // when a container requests a gpu - GPUVHDPath string `protobuf:"bytes,10,opt,name=GPUVHDPath,json=gPUVHDPath,proto3" json:"GPUVHDPath,omitempty"` + GPUVHDPath string `protobuf:"bytes,10,opt,name=GPUVHDPath,proto3" json:"GPUVHDPath,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` @@ -214,56 +214,56 @@ func init() { } var fileDescriptor_b643df6839c75082 = []byte{ - // 777 bytes of a gzipped FileDescriptorProto + // 775 bytes of a gzipped FileDescriptorProto 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xa4, 0x54, 0xcd, 0x6f, 0xdb, 0x36, - 0x1c, 0xb5, 0x9a, 0xf8, 0x43, 0xbf, 0x2e, 0xa9, 0xc2, 0xf9, 0x20, 0x64, 0x9b, 0x6d, 0xa4, 0x87, - 0xa6, 0x58, 0x23, 0x25, 0xdd, 0x71, 0xa7, 0x39, 0x76, 0x56, 0x0d, 0x4b, 0x22, 0xc8, 0x59, 0xbb, - 0x8f, 0x03, 0xa1, 0x0f, 0x46, 0x26, 0x6a, 0x8a, 0x02, 0x49, 0x7b, 0x71, 0x4f, 0xfb, 0x13, 0xf6, - 0x47, 0xed, 0x90, 0xe3, 0x8e, 0x03, 0x06, 0x64, 0xab, 0xff, 0x92, 0x81, 0x94, 0x94, 0x62, 0x45, - 0xb1, 0xcb, 0x4e, 0xa6, 0xde, 0x7b, 0x7c, 0xbf, 0x0f, 0x3e, 0x18, 0x2e, 0x73, 0xaa, 0xe6, 0xcb, - 0xc4, 0x4b, 0x39, 0xf3, 0xcf, 0x69, 0x2a, 0xb8, 0xe4, 0xd7, 0xca, 0x9f, 0xa7, 0x52, 0xce, 0x29, - 0xf3, 0x53, 0x96, 0xf9, 0x29, 0x2f, 0x54, 0x4c, 0x0b, 0x22, 0xb2, 0x23, 0x8d, 0x1d, 0x89, 0x65, - 0x31, 0x4f, 0xe5, 0xd1, 0xea, 0xc4, 0xe7, 0xa5, 0xa2, 0xbc, 0x90, 0x7e, 0x85, 0x78, 0xa5, 0xe0, - 0x8a, 0xa3, 0xfe, 0x3b, 0xbd, 0x57, 0x13, 0xab, 0x93, 0xfd, 0x7e, 0xce, 0x73, 0x6e, 0x04, 0xbe, - 0x3e, 0x55, 0xda, 0xfd, 0x61, 0xce, 0x79, 0xbe, 0x20, 0xbe, 0xf9, 0x4a, 0x96, 0xd7, 0xbe, 0xa2, - 0x8c, 0x48, 0x15, 0xb3, 0xb2, 0x12, 0x1c, 0xfc, 0xb6, 0x0d, 0xdd, 0xcb, 0xaa, 0x0a, 0xea, 0x43, - 0x3b, 0x23, 0xc9, 0x32, 0x77, 0xad, 0x91, 0x75, 0xd8, 0x8b, 0xaa, 0x0f, 0x74, 0x06, 0x60, 0x0e, - 0x58, 0xad, 0x4b, 0xe2, 0x3e, 0x18, 0x59, 0x87, 0xbb, 0xcf, 0x9f, 0x78, 0x1f, 0xea, 0xc1, 0xab, - 0x8d, 0xbc, 0x89, 0xd6, 0x5f, 0xad, 0x4b, 0x12, 0xd9, 0x59, 0x73, 0x44, 0x8f, 0x61, 0x47, 0x90, - 0x9c, 0x4a, 0x25, 0xd6, 0x58, 0x70, 0xae, 0xdc, 0xad, 0x91, 0x75, 0x68, 0x47, 0x1f, 0x35, 0x60, - 0xc4, 0xb9, 0xd2, 0x22, 0x19, 0x17, 0x59, 0xc2, 0x6f, 0x30, 0x65, 0x71, 0x4e, 0xdc, 0xed, 0x4a, - 0x54, 0x83, 0x81, 0xc6, 0xd0, 0x53, 0x70, 0x1a, 0x51, 0xb9, 0x88, 0xd5, 0x35, 0x17, 0xcc, 0x6d, - 0x1b, 0xdd, 0xa3, 0x1a, 0x0f, 0x6b, 0x18, 0xfd, 0x04, 0x7b, 0xf7, 0x7e, 0x92, 0x2f, 0x62, 0xdd, - 0x9f, 0xdb, 0x31, 0x33, 0x78, 0xff, 0x3d, 0xc3, 0xac, 0xae, 0xd8, 0xdc, 0x8a, 0x9a, 0x9a, 0xf7, - 0x08, 0xf2, 0xa1, 0x9f, 0x70, 0xae, 0xf0, 0x35, 0x5d, 0x10, 0x69, 0x66, 0xc2, 0x65, 0xac, 0xe6, - 0x6e, 0xd7, 0xf4, 0xb2, 0xa7, 0xb9, 0x33, 0x4d, 0xe9, 0xc9, 0xc2, 0x58, 0xcd, 0xd1, 0x33, 0x40, - 0x2b, 0x86, 0x4b, 0xc1, 0x53, 0x22, 0x25, 0x17, 0x38, 0xe5, 0xcb, 0x42, 0xb9, 0xbd, 0x91, 0x75, - 0xd8, 0x8e, 0x9c, 0x15, 0x0b, 0x1b, 0xe2, 0x54, 0xe3, 0xc8, 0x83, 0xfe, 0x8a, 0x61, 0x46, 0x18, - 0x17, 0x6b, 0x2c, 0xe9, 0x1b, 0x82, 0x69, 0x81, 0x59, 0xe2, 0xda, 0x8d, 0xfe, 0xdc, 0x50, 0x33, - 0xfa, 0x86, 0x04, 0xc5, 0x79, 0x82, 0x06, 0x00, 0x5f, 0x87, 0xdf, 0xbd, 0x7c, 0x31, 0xd1, 0xb5, - 0x5c, 0x30, 0x4d, 0x40, 0x7e, 0x8f, 0x1c, 0x3c, 0x05, 0xfb, 0xfe, 0x61, 0x90, 0x0d, 0xed, 0x8b, - 0x30, 0x08, 0xa7, 0x4e, 0x0b, 0xf5, 0x60, 0xfb, 0x2c, 0xf8, 0x76, 0xea, 0x58, 0xa8, 0x0b, 0x5b, - 0xd3, 0xab, 0x57, 0xce, 0x83, 0x03, 0x1f, 0x9c, 0xf7, 0xe7, 0x47, 0x0f, 0xa1, 0x1b, 0x46, 0x97, - 0xa7, 0xd3, 0xd9, 0xcc, 0x69, 0xa1, 0x5d, 0x80, 0x17, 0x3f, 0x84, 0xd3, 0xe8, 0x65, 0x30, 0xbb, - 0x8c, 0x1c, 0xeb, 0xe0, 0xcf, 0x2d, 0xd8, 0xad, 0xdb, 0x9f, 0x10, 0x15, 0xd3, 0x85, 0x44, 0x9f, - 0x01, 0x98, 0x27, 0xc4, 0x45, 0xcc, 0x88, 0x89, 0x94, 0x1d, 0xd9, 0x06, 0xb9, 0x88, 0x19, 0x41, - 0xa7, 0x00, 0xa9, 0x20, 0xb1, 0x22, 0x19, 0x8e, 0x95, 0x89, 0xd5, 0xc3, 0xe7, 0xfb, 0x5e, 0x15, - 0x57, 0xaf, 0x89, 0xab, 0x77, 0xd5, 0xc4, 0x75, 0xdc, 0xbb, 0xbd, 0x1b, 0xb6, 0x7e, 0xfd, 0x6b, - 0x68, 0x45, 0x76, 0x7d, 0xef, 0x2b, 0x85, 0x3e, 0x07, 0xf4, 0x9a, 0x88, 0x82, 0x2c, 0xb0, 0xce, - 0x35, 0x3e, 0x39, 0x3e, 0xc6, 0x85, 0x34, 0xc1, 0xda, 0x8e, 0x1e, 0x55, 0x8c, 0x76, 0x38, 0x39, - 0x3e, 0xbe, 0x90, 0xc8, 0x83, 0x8f, 0xeb, 0x65, 0xa6, 0x9c, 0x31, 0xaa, 0x70, 0xb2, 0x56, 0x44, - 0x9a, 0x84, 0x6d, 0x47, 0x7b, 0x15, 0x75, 0x6a, 0x98, 0xb1, 0x26, 0xd0, 0x19, 0x8c, 0x6a, 0xfd, - 0xcf, 0x5c, 0xbc, 0xa6, 0x45, 0x8e, 0x25, 0x51, 0xb8, 0x14, 0x74, 0x15, 0x2b, 0x52, 0x5f, 0x6e, - 0x9b, 0xcb, 0x9f, 0x56, 0xba, 0x57, 0x95, 0x6c, 0x46, 0x54, 0x58, 0x89, 0x2a, 0x9f, 0x09, 0x0c, - 0x3f, 0xe0, 0x23, 0xe7, 0xb1, 0x20, 0x59, 0x6d, 0xd3, 0x31, 0x36, 0x9f, 0xbc, 0x6f, 0x33, 0x33, - 0x9a, 0xca, 0xe5, 0x19, 0x40, 0x1d, 0x1c, 0x4c, 0x33, 0x13, 0xb1, 0x9d, 0xf1, 0xce, 0xe6, 0x6e, - 0x68, 0xd7, 0x6b, 0x0f, 0x26, 0x91, 0x5d, 0x0b, 0x82, 0x0c, 0x3d, 0x01, 0x67, 0x29, 0x89, 0xf8, - 0xd7, 0x5a, 0x7a, 0xa6, 0xc8, 0x8e, 0xc6, 0xdf, 0x2d, 0xe5, 0x31, 0x74, 0xc9, 0x0d, 0x49, 0xb5, - 0xa7, 0xce, 0x95, 0x3d, 0x86, 0xcd, 0xdd, 0xb0, 0x33, 0xbd, 0x21, 0x69, 0x30, 0x89, 0x3a, 0x9a, - 0x0a, 0xb2, 0x71, 0x76, 0xfb, 0x76, 0xd0, 0xfa, 0xe3, 0xed, 0xa0, 0xf5, 0xcb, 0x66, 0x60, 0xdd, - 0x6e, 0x06, 0xd6, 0xef, 0x9b, 0x81, 0xf5, 0xf7, 0x66, 0x60, 0xfd, 0xf8, 0xcd, 0xff, 0xff, 0x73, - 0xfb, 0xb2, 0xfe, 0xfd, 0xbe, 0x95, 0x74, 0xcc, 0xbb, 0x7f, 0xf1, 0x4f, 0x00, 0x00, 0x00, 0xff, - 0xff, 0xc9, 0xeb, 0xae, 0x6f, 0x33, 0x05, 0x00, 0x00, + 0x1c, 0xb5, 0x1a, 0x7f, 0xe9, 0xd7, 0x25, 0x75, 0x38, 0x1f, 0x84, 0x6c, 0xb3, 0x8d, 0xf4, 0xd0, + 0x14, 0x6b, 0xa4, 0xa4, 0x3b, 0xee, 0x34, 0xc7, 0xce, 0xaa, 0x61, 0x49, 0x04, 0x39, 0x6b, 0xf7, + 0x71, 0x20, 0xf4, 0xc1, 0xc8, 0x44, 0x4d, 0x51, 0x20, 0x69, 0x2f, 0xee, 0x69, 0x7f, 0xc2, 0xfe, + 0xa8, 0x1d, 0x72, 0xdc, 0x71, 0xc0, 0x80, 0x6c, 0xf5, 0x5f, 0x32, 0x90, 0x92, 0xd2, 0xad, 0x08, + 0x76, 0xe9, 0xc9, 0xd4, 0x7b, 0x8f, 0xef, 0xf7, 0xc1, 0x07, 0xc3, 0x45, 0x46, 0xd5, 0x7c, 0x19, + 0xbb, 0x09, 0x67, 0xde, 0x19, 0x4d, 0x04, 0x97, 0xfc, 0x4a, 0x79, 0xf3, 0x44, 0xca, 0x39, 0x65, + 0x5e, 0xc2, 0x52, 0x2f, 0xe1, 0xb9, 0x8a, 0x68, 0x4e, 0x44, 0x7a, 0xa8, 0xb1, 0x43, 0xb1, 0xcc, + 0xe7, 0x89, 0x3c, 0x5c, 0x1d, 0x7b, 0xbc, 0x50, 0x94, 0xe7, 0xd2, 0x2b, 0x11, 0xb7, 0x10, 0x5c, + 0x71, 0xd4, 0x7f, 0xa7, 0x77, 0x2b, 0x62, 0x75, 0xbc, 0xd7, 0xcf, 0x78, 0xc6, 0x8d, 0xc0, 0xd3, + 0xa7, 0x52, 0xbb, 0x37, 0xcc, 0x38, 0xcf, 0x16, 0xc4, 0x33, 0x5f, 0xf1, 0xf2, 0xca, 0x53, 0x94, + 0x11, 0xa9, 0x22, 0x56, 0x94, 0x82, 0xfd, 0xdf, 0x9a, 0xd0, 0xb9, 0x28, 0xab, 0xa0, 0x3e, 0xb4, + 0x52, 0x12, 0x2f, 0x33, 0xc7, 0x1a, 0x59, 0x07, 0xdd, 0xb0, 0xfc, 0x40, 0xa7, 0x00, 0xe6, 0x80, + 0xd5, 0xba, 0x20, 0xce, 0x83, 0x91, 0x75, 0xb0, 0xf3, 0xfc, 0x89, 0x7b, 0x5f, 0x0f, 0x6e, 0x65, + 0xe4, 0x4e, 0xb4, 0xfe, 0x72, 0x5d, 0x90, 0xd0, 0x4e, 0xeb, 0x23, 0x7a, 0x0c, 0xdb, 0x82, 0x64, + 0x54, 0x2a, 0xb1, 0xc6, 0x82, 0x73, 0xe5, 0x6c, 0x8d, 0xac, 0x03, 0x3b, 0xfc, 0xa8, 0x06, 0x43, + 0xce, 0x95, 0x16, 0xc9, 0x28, 0x4f, 0x63, 0x7e, 0x8d, 0x29, 0x8b, 0x32, 0xe2, 0x34, 0x4b, 0x51, + 0x05, 0xfa, 0x1a, 0x43, 0x4f, 0xa1, 0x57, 0x8b, 0x8a, 0x45, 0xa4, 0xae, 0xb8, 0x60, 0x4e, 0xcb, + 0xe8, 0x1e, 0x55, 0x78, 0x50, 0xc1, 0xe8, 0x27, 0xd8, 0xbd, 0xf3, 0x93, 0x7c, 0x11, 0xe9, 0xfe, + 0x9c, 0xb6, 0x99, 0xc1, 0xfd, 0xff, 0x19, 0x66, 0x55, 0xc5, 0xfa, 0x56, 0x58, 0xd7, 0xbc, 0x43, + 0x90, 0x07, 0xfd, 0x98, 0x73, 0x85, 0xaf, 0xe8, 0x82, 0x48, 0x33, 0x13, 0x2e, 0x22, 0x35, 0x77, + 0x3a, 0xa6, 0x97, 0x5d, 0xcd, 0x9d, 0x6a, 0x4a, 0x4f, 0x16, 0x44, 0x6a, 0x8e, 0x9e, 0x01, 0x5a, + 0x31, 0x5c, 0x08, 0x9e, 0x10, 0x29, 0xb9, 0xc0, 0x09, 0x5f, 0xe6, 0xca, 0xe9, 0x8e, 0xac, 0x83, + 0x56, 0xd8, 0x5b, 0xb1, 0xa0, 0x26, 0x4e, 0x34, 0x8e, 0x5c, 0xe8, 0xaf, 0x18, 0x66, 0x84, 0x71, + 0xb1, 0xc6, 0x92, 0xbe, 0x21, 0x98, 0xe6, 0x98, 0xc5, 0x8e, 0x5d, 0xeb, 0xcf, 0x0c, 0x35, 0xa3, + 0x6f, 0x88, 0x9f, 0x9f, 0xc5, 0x68, 0x00, 0xf0, 0x75, 0xf0, 0xdd, 0xcb, 0x17, 0x13, 0x5d, 0xcb, + 0x01, 0xd3, 0xc4, 0xbf, 0x90, 0xfd, 0xa7, 0x60, 0xdf, 0x3d, 0x0c, 0xb2, 0xa1, 0x75, 0x1e, 0xf8, + 0xc1, 0xb4, 0xd7, 0x40, 0x5d, 0x68, 0x9e, 0xfa, 0xdf, 0x4e, 0x7b, 0x16, 0xea, 0xc0, 0xd6, 0xf4, + 0xf2, 0x55, 0xef, 0xc1, 0xbe, 0x07, 0xbd, 0xf7, 0xe7, 0x47, 0x0f, 0xa1, 0x13, 0x84, 0x17, 0x27, + 0xd3, 0xd9, 0xac, 0xd7, 0x40, 0x3b, 0x00, 0x2f, 0x7e, 0x08, 0xa6, 0xe1, 0x4b, 0x7f, 0x76, 0x11, + 0xf6, 0xac, 0xfd, 0x3f, 0xb7, 0x60, 0xa7, 0x6a, 0x7f, 0x42, 0x54, 0x44, 0x17, 0x12, 0x7d, 0x06, + 0x60, 0x9e, 0x10, 0xe7, 0x11, 0x23, 0x26, 0x52, 0x76, 0x68, 0x1b, 0xe4, 0x3c, 0x62, 0x04, 0x9d, + 0x00, 0x24, 0x82, 0x44, 0x8a, 0xa4, 0x38, 0x52, 0x26, 0x56, 0x0f, 0x9f, 0xef, 0xb9, 0x65, 0x5c, + 0xdd, 0x3a, 0xae, 0xee, 0x65, 0x1d, 0xd7, 0x71, 0xf7, 0xe6, 0x76, 0xd8, 0xf8, 0xf5, 0xaf, 0xa1, + 0x15, 0xda, 0xd5, 0xbd, 0xaf, 0x14, 0xfa, 0x1c, 0xd0, 0x6b, 0x22, 0x72, 0xb2, 0xc0, 0x3a, 0xd7, + 0xf8, 0xf8, 0xe8, 0x08, 0xe7, 0xd2, 0x04, 0xab, 0x19, 0x3e, 0x2a, 0x19, 0xed, 0x70, 0x7c, 0x74, + 0x74, 0x2e, 0x91, 0x0b, 0x1f, 0x57, 0xcb, 0x4c, 0x38, 0x63, 0x54, 0xe1, 0x78, 0xad, 0x88, 0x34, + 0x09, 0x6b, 0x86, 0xbb, 0x25, 0x75, 0x62, 0x98, 0xb1, 0x26, 0xd0, 0x29, 0x8c, 0x2a, 0xfd, 0xcf, + 0x5c, 0xbc, 0xa6, 0x79, 0x86, 0x25, 0x51, 0xb8, 0x10, 0x74, 0x15, 0x29, 0x52, 0x5d, 0x6e, 0x99, + 0xcb, 0x9f, 0x96, 0xba, 0x57, 0xa5, 0x6c, 0x46, 0x54, 0x50, 0x8a, 0x4a, 0x9f, 0x09, 0x0c, 0xef, + 0xf1, 0x91, 0xf3, 0x48, 0x90, 0xb4, 0xb2, 0x69, 0x1b, 0x9b, 0x4f, 0xde, 0xb7, 0x99, 0x19, 0x4d, + 0xe9, 0xf2, 0x0c, 0xa0, 0x0a, 0x0e, 0xa6, 0xa9, 0x89, 0xd8, 0xf6, 0x78, 0x7b, 0x73, 0x3b, 0xb4, + 0xab, 0xb5, 0xfb, 0x93, 0xd0, 0xae, 0x04, 0x7e, 0x8a, 0x9e, 0x40, 0x6f, 0x29, 0x89, 0xf8, 0xcf, + 0x5a, 0xba, 0xa6, 0xc8, 0xb6, 0xc6, 0xdf, 0x2d, 0xe5, 0x31, 0x74, 0xc8, 0x35, 0x49, 0xb4, 0xa7, + 0xce, 0x95, 0x3d, 0x86, 0xcd, 0xed, 0xb0, 0x3d, 0xbd, 0x26, 0x89, 0x3f, 0x09, 0xdb, 0x9a, 0xf2, + 0xd3, 0x71, 0x7a, 0xf3, 0x76, 0xd0, 0xf8, 0xe3, 0xed, 0xa0, 0xf1, 0xcb, 0x66, 0x60, 0xdd, 0x6c, + 0x06, 0xd6, 0xef, 0x9b, 0x81, 0xf5, 0xf7, 0x66, 0x60, 0xfd, 0xf8, 0xcd, 0x87, 0xff, 0xb9, 0x7d, + 0x59, 0xfd, 0x7e, 0xdf, 0x88, 0xdb, 0xe6, 0xdd, 0xbf, 0xf8, 0x27, 0x00, 0x00, 0xff, 0xff, 0x75, + 0x1f, 0x14, 0xf4, 0x33, 0x05, 0x00, 0x00, } func (m *Options) Marshal() (dAtA []byte, err error) { diff --git a/vendor/github.com/Microsoft/hcsshim/go.mod b/vendor/github.com/Microsoft/hcsshim/go.mod index 5255b93f14e7..492607a226d0 100644 --- a/vendor/github.com/Microsoft/hcsshim/go.mod +++ b/vendor/github.com/Microsoft/hcsshim/go.mod @@ -3,8 +3,8 @@ module github.com/Microsoft/hcsshim go 1.13 require ( - github.com/Microsoft/go-winio v0.4.15-0.20190919025122-fc70bd9a86b5 - github.com/containerd/cgroups v0.0.0-20190919134610-bf292b21730f + github.com/Microsoft/go-winio v0.4.15-0.20200908182639-5b44b70ab3ab + github.com/containerd/cgroups v0.0.0-20200531161412-0dbf7f05ba59 github.com/containerd/console v0.0.0-20180822173158-c12b1e7919c1 github.com/containerd/containerd v1.3.2 github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc // indirect @@ -17,16 +17,16 @@ require ( github.com/kr/pretty v0.1.0 // indirect github.com/opencontainers/go-digest v0.0.0-20180430190053-c9281466c8b2 // indirect github.com/opencontainers/runc v0.0.0-20190115041553-12f6a991201f // indirect - github.com/opencontainers/runtime-spec v0.1.2-0.20190507144316-5b71a03e2700 - github.com/pkg/errors v0.8.1 + github.com/opencontainers/runtime-spec v1.0.2 + github.com/pkg/errors v0.9.1 github.com/prometheus/procfs v0.0.0-20180125133057-cb4147076ac7 // indirect github.com/sirupsen/logrus v1.4.2 github.com/stretchr/testify v1.4.0 // indirect - github.com/urfave/cli v0.0.0-20171014202726-7bc6a0acffa5 + github.com/urfave/cli v1.22.2 go.opencensus.io v0.22.0 golang.org/x/net v0.0.0-20191004110552-13f9640d40b9 // indirect golang.org/x/sync v0.0.0-20190423024810-112230192c58 - golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3 + golang.org/x/sys v0.0.0-20200120151820-655fe14d7479 google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873 // indirect google.golang.org/grpc v1.23.1 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 // indirect diff --git a/vendor/github.com/Microsoft/hcsshim/hcn/hcn.go b/vendor/github.com/Microsoft/hcsshim/hcn/hcn.go index 810dd85ed1bd..54c258ed74b3 100644 --- a/vendor/github.com/Microsoft/hcsshim/hcn/hcn.go +++ b/vendor/github.com/Microsoft/hcsshim/hcn/hcn.go @@ -207,6 +207,42 @@ func IPv6DualStackSupported() error { return platformDoesNotSupportError("IPv6 DualStack") } +//L4proxySupported returns an error if the HCN verison does not support L4Proxy +func L4proxyPolicySupported() error { + supported := GetSupportedFeatures() + if supported.L4Proxy { + return nil + } + return platformDoesNotSupportError("L4ProxyPolicy") +} + +// L4WfpProxySupported returns an error if the HCN verison does not support L4WfpProxy +func L4WfpProxyPolicySupported() error { + supported := GetSupportedFeatures() + if supported.L4WfpProxy { + return nil + } + return platformDoesNotSupportError("L4WfpProxyPolicy") +} + +// SetPolicySupported returns an error if the HCN version does not support SetPolicy. +func SetPolicySupported() error { + supported := GetSupportedFeatures() + if supported.SetPolicy { + return nil + } + return platformDoesNotSupportError("SetPolicy") +} + +// VxlanPortSupported returns an error if the HCN version does not support configuring the VXLAN TCP port. +func VxlanPortSupported() error { + supported := GetSupportedFeatures() + if supported.VxlanPort { + return nil + } + return platformDoesNotSupportError("VXLAN port configuration") +} + // RequestType are the different operations performed to settings. // Used to update the settings of Endpoint/Namespace objects. type RequestType string diff --git a/vendor/github.com/Microsoft/hcsshim/hcn/hcnglobals.go b/vendor/github.com/Microsoft/hcsshim/hcn/hcnglobals.go index 1438497d8eb5..aaf94dcaeb74 100644 --- a/vendor/github.com/Microsoft/hcsshim/hcn/hcnglobals.go +++ b/vendor/github.com/Microsoft/hcsshim/hcn/hcnglobals.go @@ -37,8 +37,11 @@ var ( RemoteSubnetVersion = VersionRanges{VersionRange{MinVersion: Version{Major: 9, Minor: 2}, MaxVersion: Version{Major: math.MaxInt32, Minor: math.MaxInt32}}} // A Host Route policy allows for local container to local host communication Overlay networks HostRouteVersion = VersionRanges{VersionRange{MinVersion: Version{Major: 9, Minor: 2}, MaxVersion: Version{Major: math.MaxInt32, Minor: math.MaxInt32}}} - // HNS 10.2 allows for Direct Server Return for loadbalancing - DSRVersion = VersionRanges{VersionRange{MinVersion: Version{Major: 10, Minor: 2}, MaxVersion: Version{Major: math.MaxInt32, Minor: math.MaxInt32}}} + // HNS 9.3 through 10.0 (not included), and 10.2+ allows for Direct Server Return for loadbalancing + DSRVersion = VersionRanges{ + VersionRange{MinVersion: Version{Major: 9, Minor: 3}, MaxVersion: Version{Major: 9, Minor: math.MaxInt32}}, + VersionRange{MinVersion: Version{Major: 10, Minor: 2}, MaxVersion: Version{Major: math.MaxInt32, Minor: math.MaxInt32}}, + } // HNS 9.3 through 10.0 (not included) and, 10.4+ provide support for configuring endpoints with /32 prefixes Slash32EndpointPrefixesVersion = VersionRanges{ VersionRange{MinVersion: Version{Major: 9, Minor: 3}, MaxVersion: Version{Major: 9, Minor: math.MaxInt32}}, @@ -46,8 +49,7 @@ var ( } // HNS 9.3 through 10.0 (not included) and, 10.4+ allow for HNS ACL Policies to support protocol 252 for VXLAN AclSupportForProtocol252Version = VersionRanges{ - VersionRange{MinVersion: Version{Major: 9, Minor: 3}, MaxVersion: Version{Major: 9, Minor: math.MaxInt32}}, - VersionRange{MinVersion: Version{Major: 10, Minor: 4}, MaxVersion: Version{Major: math.MaxInt32, Minor: math.MaxInt32}}, + VersionRange{MinVersion: Version{Major: 11, Minor: 0}, MaxVersion: Version{Major: math.MaxInt32, Minor: math.MaxInt32}}, } // HNS 12.0 allows for session affinity for loadbalancing SessionAffinityVersion = VersionRanges{VersionRange{MinVersion: Version{Major: 12, Minor: 0}, MaxVersion: Version{Major: math.MaxInt32, Minor: math.MaxInt32}}} @@ -56,6 +58,16 @@ var ( VersionRange{MinVersion: Version{Major: 10, Minor: 5}, MaxVersion: Version{Major: 10, Minor: math.MaxInt32}}, VersionRange{MinVersion: Version{Major: 12, Minor: 0}, MaxVersion: Version{Major: math.MaxInt32, Minor: math.MaxInt32}}, } + // HNS 13.0 allows for Set Policy support + SetPolicyVersion = VersionRanges{VersionRange{MinVersion: Version{Major: 13, Minor: 0}, MaxVersion: Version{Major: math.MaxInt32, Minor: math.MaxInt32}}} + // HNS 10.3 allows for VXLAN ports + VxlanPortVersion = VersionRanges{VersionRange{MinVersion: Version{Major: 10, Minor: 3}, MaxVersion: Version{Major: math.MaxInt32, Minor: math.MaxInt32}}} + + //HNS 13.1 allows for L4Proxy Policy support + L4ProxyPolicyVersion = VersionRanges{VersionRange{MinVersion: Version{Major: 13, Minor: 1}, MaxVersion: Version{Major: math.MaxInt32, Minor: math.MaxInt32}}} + + //HNS 13.2 allows for L4WfpProxy Policy support + L4WfpProxyPolicyVersion = VersionRanges{VersionRange{MinVersion: Version{Major: 13, Minor: 2}, MaxVersion: Version{Major: math.MaxInt32, Minor: math.MaxInt32}}} ) // GetGlobals returns the global properties of the HCN Service. diff --git a/vendor/github.com/Microsoft/hcsshim/hcn/hcnpolicy.go b/vendor/github.com/Microsoft/hcsshim/hcn/hcnpolicy.go index d0fb6e49e1dd..634cbb248a7f 100644 --- a/vendor/github.com/Microsoft/hcsshim/hcn/hcnpolicy.go +++ b/vendor/github.com/Microsoft/hcsshim/hcn/hcnpolicy.go @@ -43,7 +43,10 @@ const ( InterfaceConstraint NetworkPolicyType = "InterfaceConstraint" ProviderAddress NetworkPolicyType = "ProviderAddress" RemoteSubnetRoute NetworkPolicyType = "RemoteSubnetRoute" + VxlanPort NetworkPolicyType = "VxlanPort" HostRoute NetworkPolicyType = "HostRoute" + SetPolicy NetworkPolicyType = "SetPolicy" + NetworkL4Proxy NetworkPolicyType = "L4Proxy" ) // NetworkPolicy is a collection of Policy settings for a Network. @@ -139,7 +142,7 @@ type SDNRoutePolicySetting struct { NeedEncap bool `json:",omitempty"` } -// FiveTuple is nested in L4ProxyPolicySetting for WFP support. +// FiveTuple is nested in L4ProxyPolicySetting for WFP support. type FiveTuple struct { Protocols string `json:",omitempty"` LocalAddresses string `json:",omitempty"` @@ -230,3 +233,45 @@ type RemoteSubnetRoutePolicySetting struct { ProviderAddress string DistributedRouterMacAddress string } + +// SetPolicyTypes associated with SetPolicy. Value is IPSET. +type SetPolicyType string + +const ( + SetPolicyTypeIpSet SetPolicyType = "IPSET" +) + +// SetPolicySetting creates IPSets on network +type SetPolicySetting struct { + Id string + Name string + Type SetPolicyType + Values string +} + +// VxlanPortPolicySetting allows configuring the VXLAN TCP port +type VxlanPortPolicySetting struct { + Port uint16 +} + +// ProtocolType associated with L4ProxyPolicy +type ProtocolType uint32 + +const ( + ProtocolTypeUnknown ProtocolType = 0 + ProtocolTypeICMPv4 ProtocolType = 1 + ProtocolTypeIGMP ProtocolType = 2 + ProtocolTypeTCP ProtocolType = 6 + ProtocolTypeUDP ProtocolType = 17 + ProtocolTypeICMPv6 ProtocolType = 58 +) + +//L4ProxyPolicySetting applies proxy policy on network/endpoint +type L4ProxyPolicySetting struct { + IP string `json:",omitempty"` + Port string `json:",omitempty"` + Protocol ProtocolType `json:",omitempty"` + Exceptions []string `json:",omitempty"` + Destination string + OutboundNAT bool `json:",omitempty"` +} diff --git a/vendor/github.com/Microsoft/hcsshim/hcn/hcnsupport.go b/vendor/github.com/Microsoft/hcsshim/hcn/hcnsupport.go index 401bda40dd99..1096aebde5a4 100644 --- a/vendor/github.com/Microsoft/hcsshim/hcn/hcnsupport.go +++ b/vendor/github.com/Microsoft/hcsshim/hcn/hcnsupport.go @@ -15,6 +15,10 @@ type SupportedFeatures struct { AclSupportForProtocol252 bool `json:"AclSupportForProtocol252"` SessionAffinity bool `json:"SessionAffinity"` IPv6DualStack bool `json:"IPv6DualStack"` + SetPolicy bool `json:"SetPolicy"` + VxlanPort bool `json:"VxlanPort"` + L4Proxy bool `json:"L4Proxy"` // network policy that applies VFP rules to all endpoints on the network to redirect traffic + L4WfpProxy bool `json:"L4WfpProxy"` // endpoint policy that applies WFP filters to redirect traffic to/from that endpoint } // AclFeatures are the supported ACL possibilities. @@ -61,6 +65,10 @@ func GetSupportedFeatures() SupportedFeatures { features.AclSupportForProtocol252 = isFeatureSupported(globals.Version, AclSupportForProtocol252Version) features.SessionAffinity = isFeatureSupported(globals.Version, SessionAffinityVersion) features.IPv6DualStack = isFeatureSupported(globals.Version, IPv6DualStackVersion) + features.SetPolicy = isFeatureSupported(globals.Version, SetPolicyVersion) + features.VxlanPort = isFeatureSupported(globals.Version, VxlanPortVersion) + features.L4Proxy = isFeatureSupported(globals.Version, L4ProxyPolicyVersion) + features.L4WfpProxy = isFeatureSupported(globals.Version, L4WfpProxyPolicyVersion) return features } diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/service.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/service.go new file mode 100644 index 000000000000..3a5f012501a4 --- /dev/null +++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/service.go @@ -0,0 +1,49 @@ +package hcs + +import ( + "context" + "encoding/json" + + hcsschema "github.com/Microsoft/hcsshim/internal/schema2" + "github.com/Microsoft/hcsshim/internal/vmcompute" +) + +// GetServiceProperties returns properties of the host compute service. +func GetServiceProperties(ctx context.Context, q hcsschema.PropertyQuery) (*hcsschema.ServiceProperties, error) { + operation := "hcsshim::GetServiceProperties" + + queryb, err := json.Marshal(q) + if err != nil { + return nil, err + } + propertiesJSON, resultJSON, err := vmcompute.HcsGetServiceProperties(ctx, string(queryb)) + events := processHcsResult(ctx, resultJSON) + if err != nil { + return nil, &HcsError{Op: operation, Err: err, Events: events} + } + + if propertiesJSON == "" { + return nil, ErrUnexpectedValue + } + properties := &hcsschema.ServiceProperties{} + if err := json.Unmarshal([]byte(propertiesJSON), properties); err != nil { + return nil, err + } + return properties, nil +} + +// ModifyServiceSettings modifies settings of the host compute service. +func ModifyServiceSettings(ctx context.Context, settings hcsschema.ModificationRequest) error { + operation := "hcsshim::ModifyServiceSettings" + + settingsJSON, err := json.Marshal(settings) + if err != nil { + return err + } + resultJSON, err := vmcompute.HcsModifyServiceSettings(ctx, string(settingsJSON)) + events := processHcsResult(ctx, resultJSON) + if err != nil { + return &HcsError{Op: operation, Err: err, Events: events} + } + return nil +} diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/system.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/system.go index 67a5f7176f3b..6120399c477a 100644 --- a/vendor/github.com/Microsoft/hcsshim/internal/hcs/system.go +++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/system.go @@ -28,8 +28,7 @@ type System struct { waitBlock chan struct{} waitError error exitError error - - os, typ string + os, typ string } func newSystem(id string) *System { diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hns/hnsendpoint.go b/vendor/github.com/Microsoft/hcsshim/internal/hns/hnsendpoint.go index e0e1a4710044..b36315a397e2 100644 --- a/vendor/github.com/Microsoft/hcsshim/internal/hns/hnsendpoint.go +++ b/vendor/github.com/Microsoft/hcsshim/internal/hns/hnsendpoint.go @@ -17,12 +17,15 @@ type HNSEndpoint struct { Policies []json.RawMessage `json:",omitempty"` MacAddress string `json:",omitempty"` IPAddress net.IP `json:",omitempty"` + IPv6Address net.IP `json:",omitempty"` DNSSuffix string `json:",omitempty"` DNSServerList string `json:",omitempty"` GatewayAddress string `json:",omitempty"` + GatewayAddressV6 string `json:",omitempty"` EnableInternalDNS bool `json:",omitempty"` DisableICC bool `json:",omitempty"` PrefixLength uint8 `json:",omitempty"` + IPv6PrefixLength uint8 `json:",omitempty"` IsRemoteEndpoint bool `json:",omitempty"` EnableLowMetric bool `json:",omitempty"` Namespace *Namespace `json:",omitempty"` diff --git a/vendor/github.com/Microsoft/hcsshim/internal/safefile/safeopen.go b/vendor/github.com/Microsoft/hcsshim/internal/safefile/safeopen.go index f31edfaf8674..d484c212cdb4 100644 --- a/vendor/github.com/Microsoft/hcsshim/internal/safefile/safeopen.go +++ b/vendor/github.com/Microsoft/hcsshim/internal/safefile/safeopen.go @@ -11,72 +11,11 @@ import ( "unsafe" "github.com/Microsoft/hcsshim/internal/longpath" + "github.com/Microsoft/hcsshim/internal/winapi" winio "github.com/Microsoft/go-winio" ) -//go:generate go run $GOROOT\src\syscall\mksyscall_windows.go -output zsyscall_windows.go safeopen.go - -//sys ntCreateFile(handle *uintptr, accessMask uint32, oa *objectAttributes, iosb *ioStatusBlock, allocationSize *uint64, fileAttributes uint32, shareAccess uint32, createDisposition uint32, createOptions uint32, eaBuffer *byte, eaLength uint32) (status uint32) = ntdll.NtCreateFile -//sys ntSetInformationFile(handle uintptr, iosb *ioStatusBlock, information uintptr, length uint32, class uint32) (status uint32) = ntdll.NtSetInformationFile -//sys rtlNtStatusToDosError(status uint32) (winerr error) = ntdll.RtlNtStatusToDosErrorNoTeb -//sys localAlloc(flags uint32, size int) (ptr uintptr) = kernel32.LocalAlloc -//sys localFree(ptr uintptr) = kernel32.LocalFree - -type ioStatusBlock struct { - Status, Information uintptr -} - -type objectAttributes struct { - Length uintptr - RootDirectory uintptr - ObjectName uintptr - Attributes uintptr - SecurityDescriptor uintptr - SecurityQoS uintptr -} - -type unicodeString struct { - Length uint16 - MaximumLength uint16 - Buffer uintptr -} - -type fileLinkInformation struct { - ReplaceIfExists bool - RootDirectory uintptr - FileNameLength uint32 - FileName [1]uint16 -} - -type fileDispositionInformationEx struct { - Flags uintptr -} - -const ( - _FileLinkInformation = 11 - _FileDispositionInformationEx = 64 - - FILE_READ_ATTRIBUTES = 0x0080 - FILE_WRITE_ATTRIBUTES = 0x0100 - DELETE = 0x10000 - - FILE_OPEN = 1 - FILE_CREATE = 2 - - FILE_DIRECTORY_FILE = 0x00000001 - FILE_SYNCHRONOUS_IO_NONALERT = 0x00000020 - FILE_DELETE_ON_CLOSE = 0x00001000 - FILE_OPEN_FOR_BACKUP_INTENT = 0x00004000 - FILE_OPEN_REPARSE_POINT = 0x00200000 - - FILE_DISPOSITION_DELETE = 0x00000001 - - _OBJ_DONT_REPARSE = 0x1000 - - _STATUS_REPARSE_POINT_ENCOUNTERED = 0xC000050B -) - func OpenRoot(path string) (*os.File, error) { longpath, err := longpath.LongAbs(path) if err != nil { @@ -85,16 +24,24 @@ func OpenRoot(path string) (*os.File, error) { return winio.OpenForBackup(longpath, syscall.GENERIC_READ, syscall.FILE_SHARE_READ|syscall.FILE_SHARE_WRITE|syscall.FILE_SHARE_DELETE, syscall.OPEN_EXISTING) } -func ntRelativePath(path string) ([]uint16, error) { +func cleanGoStringRelativePath(path string) (string, error) { path = filepath.Clean(path) if strings.Contains(path, ":") { // Since alternate data streams must follow the file they // are attached to, finding one here (out of order) is invalid. - return nil, errors.New("path contains invalid character `:`") + return "", errors.New("path contains invalid character `:`") } fspath := filepath.FromSlash(path) if len(fspath) > 0 && fspath[0] == '\\' { - return nil, errors.New("expected relative path") + return "", errors.New("expected relative path") + } + return fspath, nil +} + +func ntRelativePath(path string) ([]uint16, error) { + fspath, err := cleanGoStringRelativePath(path) + if err != nil { + return nil, err } path16 := utf16.Encode(([]rune)(fspath)) @@ -110,11 +57,11 @@ func ntRelativePath(path string) ([]uint16, error) { func openRelativeInternal(path string, root *os.File, accessMask uint32, shareFlags uint32, createDisposition uint32, flags uint32) (*os.File, error) { var ( h uintptr - iosb ioStatusBlock - oa objectAttributes + iosb winapi.IOStatusBlock + oa winapi.ObjectAttributes ) - path16, err := ntRelativePath(path) + cleanRelativePath, err := cleanGoStringRelativePath(path) if err != nil { return nil, err } @@ -123,20 +70,16 @@ func openRelativeInternal(path string, root *os.File, accessMask uint32, shareFl return nil, errors.New("missing root directory") } - upathBuffer := localAlloc(0, int(unsafe.Sizeof(unicodeString{}))+len(path16)*2) - defer localFree(upathBuffer) - - upath := (*unicodeString)(unsafe.Pointer(upathBuffer)) - upath.Length = uint16(len(path16) * 2) - upath.MaximumLength = upath.Length - upath.Buffer = upathBuffer + unsafe.Sizeof(*upath) - copy((*[32768]uint16)(unsafe.Pointer(upath.Buffer))[:], path16) + pathUnicode, err := winapi.NewUnicodeString(cleanRelativePath) + if err != nil { + return nil, err + } oa.Length = unsafe.Sizeof(oa) - oa.ObjectName = upathBuffer + oa.ObjectName = uintptr(unsafe.Pointer(pathUnicode)) oa.RootDirectory = uintptr(root.Fd()) - oa.Attributes = _OBJ_DONT_REPARSE - status := ntCreateFile( + oa.Attributes = winapi.OBJ_DONT_REPARSE + status := winapi.NtCreateFile( &h, accessMask|syscall.SYNCHRONIZE, &oa, @@ -145,12 +88,12 @@ func openRelativeInternal(path string, root *os.File, accessMask uint32, shareFl 0, shareFlags, createDisposition, - FILE_OPEN_FOR_BACKUP_INTENT|FILE_SYNCHRONOUS_IO_NONALERT|flags, + winapi.FILE_OPEN_FOR_BACKUP_INTENT|winapi.FILE_SYNCHRONOUS_IO_NONALERT|flags, nil, 0, ) if status != 0 { - return nil, rtlNtStatusToDosError(status) + return nil, winapi.RtlNtStatusToDosError(status) } fullPath, err := longpath.LongAbs(filepath.Join(root.Name(), path)) @@ -182,7 +125,7 @@ func LinkRelative(oldname string, oldroot *os.File, newname string, newroot *os. oldroot, syscall.FILE_WRITE_ATTRIBUTES, syscall.FILE_SHARE_READ|syscall.FILE_SHARE_WRITE|syscall.FILE_SHARE_DELETE, - FILE_OPEN, + winapi.FILE_OPEN, 0, ) if err != nil { @@ -199,8 +142,8 @@ func LinkRelative(oldname string, oldroot *os.File, newname string, newroot *os. newroot, syscall.GENERIC_READ, syscall.FILE_SHARE_READ|syscall.FILE_SHARE_WRITE|syscall.FILE_SHARE_DELETE, - FILE_OPEN, - FILE_DIRECTORY_FILE) + winapi.FILE_OPEN, + winapi.FILE_DIRECTORY_FILE) if err != nil { return &os.LinkError{Op: "link", Old: oldf.Name(), New: filepath.Join(newroot.Name(), newname), Err: err} } @@ -211,7 +154,7 @@ func LinkRelative(oldname string, oldroot *os.File, newname string, newroot *os. return err } if (fi.FileAttributes & syscall.FILE_ATTRIBUTE_REPARSE_POINT) != 0 { - return &os.LinkError{Op: "link", Old: oldf.Name(), New: filepath.Join(newroot.Name(), newname), Err: rtlNtStatusToDosError(_STATUS_REPARSE_POINT_ENCOUNTERED)} + return &os.LinkError{Op: "link", Old: oldf.Name(), New: filepath.Join(newroot.Name(), newname), Err: winapi.RtlNtStatusToDosError(winapi.STATUS_REPARSE_POINT_ENCOUNTERED)} } } else { @@ -227,24 +170,25 @@ func LinkRelative(oldname string, oldroot *os.File, newname string, newroot *os. return err } - size := int(unsafe.Offsetof(fileLinkInformation{}.FileName)) + len(newbase16)*2 - linkinfoBuffer := localAlloc(0, size) - defer localFree(linkinfoBuffer) - linkinfo := (*fileLinkInformation)(unsafe.Pointer(linkinfoBuffer)) + size := int(unsafe.Offsetof(winapi.FileLinkInformation{}.FileName)) + len(newbase16)*2 + linkinfoBuffer := winapi.LocalAlloc(0, size) + defer winapi.LocalFree(linkinfoBuffer) + + linkinfo := (*winapi.FileLinkInformation)(unsafe.Pointer(linkinfoBuffer)) linkinfo.RootDirectory = parent.Fd() linkinfo.FileNameLength = uint32(len(newbase16) * 2) copy((*[32768]uint16)(unsafe.Pointer(&linkinfo.FileName[0]))[:], newbase16) - var iosb ioStatusBlock - status := ntSetInformationFile( + var iosb winapi.IOStatusBlock + status := winapi.NtSetInformationFile( oldf.Fd(), &iosb, linkinfoBuffer, uint32(size), - _FileLinkInformation, + winapi.FileLinkInformationClass, ) if status != 0 { - return &os.LinkError{Op: "link", Old: oldf.Name(), New: filepath.Join(parent.Name(), newbase), Err: rtlNtStatusToDosError(status)} + return &os.LinkError{Op: "link", Old: oldf.Name(), New: filepath.Join(parent.Name(), newbase), Err: winapi.RtlNtStatusToDosError(status)} } return nil @@ -252,17 +196,17 @@ func LinkRelative(oldname string, oldroot *os.File, newname string, newroot *os. // deleteOnClose marks a file to be deleted when the handle is closed. func deleteOnClose(f *os.File) error { - disposition := fileDispositionInformationEx{Flags: FILE_DISPOSITION_DELETE} - var iosb ioStatusBlock - status := ntSetInformationFile( + disposition := winapi.FileDispositionInformationEx{Flags: winapi.FILE_DISPOSITION_DELETE} + var iosb winapi.IOStatusBlock + status := winapi.NtSetInformationFile( f.Fd(), &iosb, uintptr(unsafe.Pointer(&disposition)), uint32(unsafe.Sizeof(disposition)), - _FileDispositionInformationEx, + winapi.FileDispositionInformationExClass, ) if status != 0 { - return rtlNtStatusToDosError(status) + return winapi.RtlNtStatusToDosError(status) } return nil } @@ -291,10 +235,10 @@ func RemoveRelative(path string, root *os.File) error { f, err := openRelativeInternal( path, root, - FILE_READ_ATTRIBUTES|FILE_WRITE_ATTRIBUTES|DELETE, + winapi.FILE_READ_ATTRIBUTES|winapi.FILE_WRITE_ATTRIBUTES|winapi.DELETE, syscall.FILE_SHARE_READ|syscall.FILE_SHARE_WRITE|syscall.FILE_SHARE_DELETE, - FILE_OPEN, - FILE_OPEN_REPARSE_POINT) + winapi.FILE_OPEN, + winapi.FILE_OPEN_REPARSE_POINT) if err == nil { defer f.Close() err = deleteOnClose(f) @@ -385,8 +329,8 @@ func MkdirRelative(path string, root *os.File) error { root, 0, syscall.FILE_SHARE_READ|syscall.FILE_SHARE_WRITE|syscall.FILE_SHARE_DELETE, - FILE_CREATE, - FILE_DIRECTORY_FILE) + winapi.FILE_CREATE, + winapi.FILE_DIRECTORY_FILE) if err == nil { f.Close() } else { @@ -401,10 +345,10 @@ func LstatRelative(path string, root *os.File) (os.FileInfo, error) { f, err := openRelativeInternal( path, root, - FILE_READ_ATTRIBUTES, + winapi.FILE_READ_ATTRIBUTES, syscall.FILE_SHARE_READ|syscall.FILE_SHARE_WRITE|syscall.FILE_SHARE_DELETE, - FILE_OPEN, - FILE_OPEN_REPARSE_POINT) + winapi.FILE_OPEN, + winapi.FILE_OPEN_REPARSE_POINT) if err != nil { return nil, &os.PathError{Op: "stat", Path: filepath.Join(root.Name(), path), Err: err} } @@ -421,7 +365,7 @@ func EnsureNotReparsePointRelative(path string, root *os.File) error { root, 0, syscall.FILE_SHARE_READ|syscall.FILE_SHARE_WRITE|syscall.FILE_SHARE_DELETE, - FILE_OPEN, + winapi.FILE_OPEN, 0) if err != nil { return err diff --git a/vendor/github.com/Microsoft/hcsshim/internal/safefile/zsyscall_windows.go b/vendor/github.com/Microsoft/hcsshim/internal/safefile/zsyscall_windows.go deleted file mode 100644 index 709b9d3475d1..000000000000 --- a/vendor/github.com/Microsoft/hcsshim/internal/safefile/zsyscall_windows.go +++ /dev/null @@ -1,79 +0,0 @@ -// Code generated by 'go generate'; DO NOT EDIT. - -package safefile - -import ( - "syscall" - "unsafe" - - "golang.org/x/sys/windows" -) - -var _ unsafe.Pointer - -// Do the interface allocations only once for common -// Errno values. -const ( - errnoERROR_IO_PENDING = 997 -) - -var ( - errERROR_IO_PENDING error = syscall.Errno(errnoERROR_IO_PENDING) -) - -// errnoErr returns common boxed Errno values, to prevent -// allocations at runtime. -func errnoErr(e syscall.Errno) error { - switch e { - case 0: - return nil - case errnoERROR_IO_PENDING: - return errERROR_IO_PENDING - } - // TODO: add more here, after collecting data on the common - // error values see on Windows. (perhaps when running - // all.bat?) - return e -} - -var ( - modntdll = windows.NewLazySystemDLL("ntdll.dll") - modkernel32 = windows.NewLazySystemDLL("kernel32.dll") - - procNtCreateFile = modntdll.NewProc("NtCreateFile") - procNtSetInformationFile = modntdll.NewProc("NtSetInformationFile") - procRtlNtStatusToDosErrorNoTeb = modntdll.NewProc("RtlNtStatusToDosErrorNoTeb") - procLocalAlloc = modkernel32.NewProc("LocalAlloc") - procLocalFree = modkernel32.NewProc("LocalFree") -) - -func ntCreateFile(handle *uintptr, accessMask uint32, oa *objectAttributes, iosb *ioStatusBlock, allocationSize *uint64, fileAttributes uint32, shareAccess uint32, createDisposition uint32, createOptions uint32, eaBuffer *byte, eaLength uint32) (status uint32) { - r0, _, _ := syscall.Syscall12(procNtCreateFile.Addr(), 11, uintptr(unsafe.Pointer(handle)), uintptr(accessMask), uintptr(unsafe.Pointer(oa)), uintptr(unsafe.Pointer(iosb)), uintptr(unsafe.Pointer(allocationSize)), uintptr(fileAttributes), uintptr(shareAccess), uintptr(createDisposition), uintptr(createOptions), uintptr(unsafe.Pointer(eaBuffer)), uintptr(eaLength), 0) - status = uint32(r0) - return -} - -func ntSetInformationFile(handle uintptr, iosb *ioStatusBlock, information uintptr, length uint32, class uint32) (status uint32) { - r0, _, _ := syscall.Syscall6(procNtSetInformationFile.Addr(), 5, uintptr(handle), uintptr(unsafe.Pointer(iosb)), uintptr(information), uintptr(length), uintptr(class), 0) - status = uint32(r0) - return -} - -func rtlNtStatusToDosError(status uint32) (winerr error) { - r0, _, _ := syscall.Syscall(procRtlNtStatusToDosErrorNoTeb.Addr(), 1, uintptr(status), 0, 0) - if r0 != 0 { - winerr = syscall.Errno(r0) - } - return -} - -func localAlloc(flags uint32, size int) (ptr uintptr) { - r0, _, _ := syscall.Syscall(procLocalAlloc.Addr(), 2, uintptr(flags), uintptr(size), 0) - ptr = uintptr(r0) - return -} - -func localFree(ptr uintptr) { - syscall.Syscall(procLocalFree.Addr(), 1, uintptr(ptr), 0, 0) - return -} diff --git a/vendor/github.com/Microsoft/hcsshim/internal/schema2/container_credential_guard_add_instance_request.go b/vendor/github.com/Microsoft/hcsshim/internal/schema2/container_credential_guard_add_instance_request.go new file mode 100644 index 000000000000..495c6ebc8f4c --- /dev/null +++ b/vendor/github.com/Microsoft/hcsshim/internal/schema2/container_credential_guard_add_instance_request.go @@ -0,0 +1,16 @@ +/* + * HCS API + * + * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen) + * + * API version: 2.4 + * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git) + */ + +package hcsschema + +type ContainerCredentialGuardAddInstanceRequest struct { + Id string `json:"Id,omitempty"` + CredentialSpec string `json:"CredentialSpec,omitempty"` + Transport string `json:"Transport,omitempty"` +} diff --git a/vendor/github.com/Microsoft/hcsshim/internal/schema2/container_credential_guard_hv_socket_service_config.go b/vendor/github.com/Microsoft/hcsshim/internal/schema2/container_credential_guard_hv_socket_service_config.go new file mode 100644 index 000000000000..1ed4c008f253 --- /dev/null +++ b/vendor/github.com/Microsoft/hcsshim/internal/schema2/container_credential_guard_hv_socket_service_config.go @@ -0,0 +1,15 @@ +/* + * HCS API + * + * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen) + * + * API version: 2.4 + * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git) + */ + +package hcsschema + +type ContainerCredentialGuardHvSocketServiceConfig struct { + ServiceId string `json:"ServiceId,omitempty"` + ServiceConfig *HvSocketServiceConfig `json:"ServiceConfig,omitempty"` +} diff --git a/vendor/github.com/Microsoft/hcsshim/internal/schema2/container_credential_guard_instance.go b/vendor/github.com/Microsoft/hcsshim/internal/schema2/container_credential_guard_instance.go new file mode 100644 index 000000000000..d7ebd0fcca14 --- /dev/null +++ b/vendor/github.com/Microsoft/hcsshim/internal/schema2/container_credential_guard_instance.go @@ -0,0 +1,16 @@ +/* + * HCS API + * + * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen) + * + * API version: 2.4 + * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git) + */ + +package hcsschema + +type ContainerCredentialGuardInstance struct { + Id string `json:"Id,omitempty"` + CredentialGuard *ContainerCredentialGuardState `json:"CredentialGuard,omitempty"` + HvSocketConfig *ContainerCredentialGuardHvSocketServiceConfig `json:"HvSocketConfig,omitempty"` +} diff --git a/vendor/github.com/Microsoft/hcsshim/internal/schema2/container_credential_guard_modify_operation.go b/vendor/github.com/Microsoft/hcsshim/internal/schema2/container_credential_guard_modify_operation.go new file mode 100644 index 000000000000..71005b090be0 --- /dev/null +++ b/vendor/github.com/Microsoft/hcsshim/internal/schema2/container_credential_guard_modify_operation.go @@ -0,0 +1,17 @@ +/* + * HCS API + * + * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen) + * + * API version: 2.4 + * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git) + */ + +package hcsschema + +type ContainerCredentialGuardModifyOperation string + +const ( + AddInstance ContainerCredentialGuardModifyOperation = "AddInstance" + RemoveInstance ContainerCredentialGuardModifyOperation = "RemoveInstance" +) diff --git a/vendor/github.com/Microsoft/hcsshim/internal/schema2/container_credential_guard_operation_request.go b/vendor/github.com/Microsoft/hcsshim/internal/schema2/container_credential_guard_operation_request.go new file mode 100644 index 000000000000..952cda4965ce --- /dev/null +++ b/vendor/github.com/Microsoft/hcsshim/internal/schema2/container_credential_guard_operation_request.go @@ -0,0 +1,15 @@ +/* + * HCS API + * + * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen) + * + * API version: 2.4 + * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git) + */ + +package hcsschema + +type ContainerCredentialGuardOperationRequest struct { + Operation ContainerCredentialGuardModifyOperation `json:"Operation,omitempty"` + OperationDetails interface{} `json:"OperationDetails,omitempty"` +} diff --git a/vendor/github.com/Microsoft/hcsshim/internal/schema2/container_credential_guard_remove_instance_request.go b/vendor/github.com/Microsoft/hcsshim/internal/schema2/container_credential_guard_remove_instance_request.go new file mode 100644 index 000000000000..32e5a3beed15 --- /dev/null +++ b/vendor/github.com/Microsoft/hcsshim/internal/schema2/container_credential_guard_remove_instance_request.go @@ -0,0 +1,14 @@ +/* + * HCS API + * + * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen) + * + * API version: 2.4 + * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git) + */ + +package hcsschema + +type ContainerCredentialGuardRemoveInstanceRequest struct { + Id string `json:"Id,omitempty"` +} diff --git a/vendor/github.com/Microsoft/hcsshim/internal/schema2/container_credential_guard_system_info.go b/vendor/github.com/Microsoft/hcsshim/internal/schema2/container_credential_guard_system_info.go new file mode 100644 index 000000000000..ea306fa21aca --- /dev/null +++ b/vendor/github.com/Microsoft/hcsshim/internal/schema2/container_credential_guard_system_info.go @@ -0,0 +1,14 @@ +/* + * HCS API + * + * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen) + * + * API version: 2.4 + * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git) + */ + +package hcsschema + +type ContainerCredentialGuardSystemInfo struct { + Instances []ContainerCredentialGuardInstance `json:"Instances,omitempty"` +} diff --git a/vendor/github.com/Microsoft/hcsshim/internal/schema2/device.go b/vendor/github.com/Microsoft/hcsshim/internal/schema2/device.go index ca319bbbcea2..0b9c0fbf7d83 100644 --- a/vendor/github.com/Microsoft/hcsshim/internal/schema2/device.go +++ b/vendor/github.com/Microsoft/hcsshim/internal/schema2/device.go @@ -9,8 +9,19 @@ package hcsschema -type Device struct { +type DeviceType string + +const ( + ClassGUID DeviceType = "ClassGuid" + DeviceInstance = "DeviceInstance" + GPUMirror = "GpuMirror" +) - // The interface class guid of the device to assign to container. +type Device struct { + // The type of device to assign to the container. + Type DeviceType `json:"Type,omitempty"` + // The interface class guid of the device interfaces to assign to the container. Only used when Type is ClassGuid. InterfaceClassGuid string `json:"InterfaceClassGuid,omitempty"` + // The location path of the device to assign to the container. Only used when Type is DeviceInstance. + LocationPath string `json:"LocationPath,omitempty"` } diff --git a/vendor/github.com/Microsoft/hcsshim/internal/schema2/hv_socket_address.go b/vendor/github.com/Microsoft/hcsshim/internal/schema2/hv_socket_address.go new file mode 100644 index 000000000000..84c11b93ee58 --- /dev/null +++ b/vendor/github.com/Microsoft/hcsshim/internal/schema2/hv_socket_address.go @@ -0,0 +1,17 @@ +/* + * HCS API + * + * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen) + * + * API version: 2.4 + * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git) + */ + +package hcsschema + +// This class defines address settings applied to a VM +// by the GCS every time a VM starts or restores. +type HvSocketAddress struct { + LocalAddress string `json:"LocalAddress,omitempty"` + ParentAddress string `json:"ParentAddress,omitempty"` +} diff --git a/vendor/github.com/Microsoft/hcsshim/internal/schema2/logical_processor.go b/vendor/github.com/Microsoft/hcsshim/internal/schema2/logical_processor.go new file mode 100644 index 000000000000..676ad300dcce --- /dev/null +++ b/vendor/github.com/Microsoft/hcsshim/internal/schema2/logical_processor.go @@ -0,0 +1,18 @@ +/* + * HCS API + * + * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen) + * + * API version: 2.4 + * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git) + */ + +package hcsschema + +type LogicalProcessor struct { + LpIndex uint32 `json:"LpIndex,omitempty"` + NodeNumber uint8 `json:"NodeNumber, omitempty"` + PackageId uint32 `json:"PackageId, omitempty"` + CoreId uint32 `json:"CoreId, omitempty"` + RootVpIndex int32 `json:"RootVpIndex, omitempty"` +} diff --git a/vendor/github.com/Microsoft/hcsshim/internal/schema2/memory.go b/vendor/github.com/Microsoft/hcsshim/internal/schema2/memory.go index ec93d004e104..30749c672496 100644 --- a/vendor/github.com/Microsoft/hcsshim/internal/schema2/memory.go +++ b/vendor/github.com/Microsoft/hcsshim/internal/schema2/memory.go @@ -10,5 +10,5 @@ package hcsschema type Memory struct { - SizeInMB int32 `json:"SizeInMB,omitempty"` + SizeInMB uint64 `json:"SizeInMB,omitempty"` } diff --git a/vendor/github.com/Microsoft/hcsshim/internal/schema2/memory_2.go b/vendor/github.com/Microsoft/hcsshim/internal/schema2/memory_2.go index 95328ec301b5..71224c75b9de 100644 --- a/vendor/github.com/Microsoft/hcsshim/internal/schema2/memory_2.go +++ b/vendor/github.com/Microsoft/hcsshim/internal/schema2/memory_2.go @@ -10,7 +10,7 @@ package hcsschema type Memory2 struct { - SizeInMB int32 `json:"SizeInMB,omitempty"` + SizeInMB uint64 `json:"SizeInMB,omitempty"` AllowOvercommit bool `json:"AllowOvercommit,omitempty"` diff --git a/vendor/github.com/Microsoft/hcsshim/internal/schema2/modification_request.go b/vendor/github.com/Microsoft/hcsshim/internal/schema2/modification_request.go new file mode 100644 index 000000000000..1384ed888218 --- /dev/null +++ b/vendor/github.com/Microsoft/hcsshim/internal/schema2/modification_request.go @@ -0,0 +1,15 @@ +/* + * HCS API + * + * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen) + * + * API version: 2.4 + * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git) + */ + +package hcsschema + +type ModificationRequest struct { + PropertyType PropertyType `json:"PropertyType,omitempty"` + Settings interface{} `json:"Settings,omitempty"` +} diff --git a/vendor/github.com/Microsoft/hcsshim/internal/schema2/processor_topology.go b/vendor/github.com/Microsoft/hcsshim/internal/schema2/processor_topology.go new file mode 100644 index 000000000000..885156e77fae --- /dev/null +++ b/vendor/github.com/Microsoft/hcsshim/internal/schema2/processor_topology.go @@ -0,0 +1,15 @@ +/* + * HCS API + * + * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen) + * + * API version: 2.4 + * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git) + */ + +package hcsschema + +type ProcessorTopology struct { + LogicalProcessorCount uint32 `json:"LogicalProcessorCount,omitempty"` + LogicalProcessors []LogicalProcessor `json:"LogicalProcessors,omitempty"` +} diff --git a/vendor/github.com/Microsoft/hcsshim/internal/schema2/property_type.go b/vendor/github.com/Microsoft/hcsshim/internal/schema2/property_type.go index f092b737f48b..0f1ee621a65c 100644 --- a/vendor/github.com/Microsoft/hcsshim/internal/schema2/property_type.go +++ b/vendor/github.com/Microsoft/hcsshim/internal/schema2/property_type.go @@ -18,6 +18,8 @@ const ( PTProcessList PropertyType = "ProcessList" PTTerminateOnLastHandleClosed PropertyType = "TerminateOnLastHandleClosed" PTSharedMemoryRegion PropertyType = "SharedMemoryRegion" + PTContainerCredentialGuard PropertyType = "ContainerCredentialGuard" // This field is not generated by swagger. This was added manually. PTGuestConnection PropertyType = "GuestConnection" PTICHeartbeatStatus PropertyType = "ICHeartbeatStatus" + PTProcessorTopology PropertyType = "ProcessorTopology" ) diff --git a/vendor/github.com/Microsoft/hcsshim/internal/schema2/service_properties.go b/vendor/github.com/Microsoft/hcsshim/internal/schema2/service_properties.go new file mode 100644 index 000000000000..b8142ca6a610 --- /dev/null +++ b/vendor/github.com/Microsoft/hcsshim/internal/schema2/service_properties.go @@ -0,0 +1,18 @@ +/* + * HCS API + * + * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen) + * + * API version: 2.4 + * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git) + */ + +package hcsschema + +import "encoding/json" + +type ServiceProperties struct { + // Changed Properties field to []json.RawMessage from []interface{} to avoid having to + // remarshal sp.Properties[n] and unmarshal into the type(s) we want. + Properties []json.RawMessage `json:"Properties,omitempty"` +} diff --git a/vendor/github.com/Microsoft/hcsshim/internal/vmcompute/vmcompute.go b/vendor/github.com/Microsoft/hcsshim/internal/vmcompute/vmcompute.go index 7c2a0dc280d0..e42bf8cfa72b 100644 --- a/vendor/github.com/Microsoft/hcsshim/internal/vmcompute/vmcompute.go +++ b/vendor/github.com/Microsoft/hcsshim/internal/vmcompute/vmcompute.go @@ -26,6 +26,7 @@ import ( //sys hcsResumeComputeSystem(computeSystem HcsSystem, options string, result **uint16) (hr error) = vmcompute.HcsResumeComputeSystem? //sys hcsGetComputeSystemProperties(computeSystem HcsSystem, propertyQuery string, properties **uint16, result **uint16) (hr error) = vmcompute.HcsGetComputeSystemProperties? //sys hcsModifyComputeSystem(computeSystem HcsSystem, configuration string, result **uint16) (hr error) = vmcompute.HcsModifyComputeSystem? +//sys hcsModifyServiceSettings(settings string, result **uint16) (hr error) = vmcompute.HcsModifyServiceSettings? //sys hcsRegisterComputeSystemCallback(computeSystem HcsSystem, callback uintptr, context uintptr, callbackHandle *HcsCallback) (hr error) = vmcompute.HcsRegisterComputeSystemCallback? //sys hcsUnregisterComputeSystemCallback(callbackHandle HcsCallback) (hr error) = vmcompute.HcsUnregisterComputeSystemCallback? @@ -337,6 +338,27 @@ func HcsModifyComputeSystem(ctx gcontext.Context, computeSystem HcsSystem, confi }) } +func HcsModifyServiceSettings(ctx gcontext.Context, settings string) (result string, hr error) { + ctx, span := trace.StartSpan(ctx, "HcsModifyServiceSettings") + defer span.End() + defer func() { + if result != "" { + span.AddAttributes(trace.StringAttribute("result", result)) + } + oc.SetSpanStatus(span, hr) + }() + span.AddAttributes(trace.StringAttribute("settings", settings)) + + return result, execute(ctx, timeout.SyscallWatcher, func() error { + var resultp *uint16 + err := hcsModifyServiceSettings(settings, &resultp) + if resultp != nil { + result = interop.ConvertAndFreeCoTaskMemString(resultp) + } + return err + }) +} + func HcsRegisterComputeSystemCallback(ctx gcontext.Context, computeSystem HcsSystem, callback uintptr, context uintptr) (callbackHandle HcsCallback, hr error) { ctx, span := trace.StartSpan(ctx, "HcsRegisterComputeSystemCallback") defer span.End() diff --git a/vendor/github.com/Microsoft/hcsshim/internal/vmcompute/zsyscall_windows.go b/vendor/github.com/Microsoft/hcsshim/internal/vmcompute/zsyscall_windows.go index 0f2a69f6ad74..8cfded4963d5 100644 --- a/vendor/github.com/Microsoft/hcsshim/internal/vmcompute/zsyscall_windows.go +++ b/vendor/github.com/Microsoft/hcsshim/internal/vmcompute/zsyscall_windows.go @@ -50,6 +50,7 @@ var ( procHcsResumeComputeSystem = modvmcompute.NewProc("HcsResumeComputeSystem") procHcsGetComputeSystemProperties = modvmcompute.NewProc("HcsGetComputeSystemProperties") procHcsModifyComputeSystem = modvmcompute.NewProc("HcsModifyComputeSystem") + procHcsModifyServiceSettings = modvmcompute.NewProc("HcsModifyServiceSettings") procHcsRegisterComputeSystemCallback = modvmcompute.NewProc("HcsRegisterComputeSystemCallback") procHcsUnregisterComputeSystemCallback = modvmcompute.NewProc("HcsUnregisterComputeSystemCallback") procHcsCreateProcess = modvmcompute.NewProc("HcsCreateProcess") @@ -314,6 +315,29 @@ func _hcsModifyComputeSystem(computeSystem HcsSystem, configuration *uint16, res return } +func hcsModifyServiceSettings(settings string, result **uint16) (hr error) { + var _p0 *uint16 + _p0, hr = syscall.UTF16PtrFromString(settings) + if hr != nil { + return + } + return _hcsModifyServiceSettings(_p0, result) +} + +func _hcsModifyServiceSettings(settings *uint16, result **uint16) (hr error) { + if hr = procHcsModifyServiceSettings.Find(); hr != nil { + return + } + r0, _, _ := syscall.Syscall(procHcsModifyServiceSettings.Addr(), 2, uintptr(unsafe.Pointer(settings)), uintptr(unsafe.Pointer(result)), 0) + if int32(r0) < 0 { + if r0&0x1fff0000 == 0x00070000 { + r0 &= 0xffff + } + hr = syscall.Errno(r0) + } + return +} + func hcsRegisterComputeSystemCallback(computeSystem HcsSystem, callback uintptr, context uintptr, callbackHandle *HcsCallback) (hr error) { if hr = procHcsRegisterComputeSystemCallback.Find(); hr != nil { return diff --git a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/baselayer.go b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/baselayer.go index f907a7044d60..3ec708d1ed35 100644 --- a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/baselayer.go +++ b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/baselayer.go @@ -11,6 +11,7 @@ import ( "github.com/Microsoft/hcsshim/internal/hcserror" "github.com/Microsoft/hcsshim/internal/oc" "github.com/Microsoft/hcsshim/internal/safefile" + "github.com/Microsoft/hcsshim/internal/winapi" "go.opencensus.io/trace" ) @@ -37,7 +38,7 @@ type dirInfo struct { func reapplyDirectoryTimes(root *os.File, dis []dirInfo) error { for i := range dis { di := &dis[len(dis)-i-1] // reverse order: process child directories first - f, err := safefile.OpenRelative(di.path, root, syscall.GENERIC_READ|syscall.GENERIC_WRITE, syscall.FILE_SHARE_READ, safefile.FILE_OPEN, safefile.FILE_DIRECTORY_FILE) + f, err := safefile.OpenRelative(di.path, root, syscall.GENERIC_READ|syscall.GENERIC_WRITE, syscall.FILE_SHARE_READ, winapi.FILE_OPEN, winapi.FILE_DIRECTORY_FILE|syscall.FILE_FLAG_OPEN_REPARSE_POINT) if err != nil { return err } @@ -47,6 +48,7 @@ func reapplyDirectoryTimes(root *os.File, dis []dirInfo) error { if err != nil { return err } + } return nil } @@ -92,14 +94,12 @@ func (w *baseLayerWriter) Add(name string, fileInfo *winio.FileBasicInfo) (err e extraFlags := uint32(0) if fileInfo.FileAttributes&syscall.FILE_ATTRIBUTE_DIRECTORY != 0 { - extraFlags |= safefile.FILE_DIRECTORY_FILE - if fileInfo.FileAttributes&syscall.FILE_ATTRIBUTE_REPARSE_POINT == 0 { - w.dirInfo = append(w.dirInfo, dirInfo{name, *fileInfo}) - } + extraFlags |= winapi.FILE_DIRECTORY_FILE + w.dirInfo = append(w.dirInfo, dirInfo{name, *fileInfo}) } mode := uint32(syscall.GENERIC_READ | syscall.GENERIC_WRITE | winio.WRITE_DAC | winio.WRITE_OWNER | winio.ACCESS_SYSTEM_SECURITY) - f, err = safefile.OpenRelative(name, w.root, mode, syscall.FILE_SHARE_READ, safefile.FILE_CREATE, extraFlags) + f, err = safefile.OpenRelative(name, w.root, mode, syscall.FILE_SHARE_READ, winapi.FILE_CREATE, extraFlags) if err != nil { return hcserror.New(err, "Failed to safefile.OpenRelative", name) } diff --git a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/createscratchlayer.go b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/createscratchlayer.go index e3ff952a7b57..5a3809ae2292 100644 --- a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/createscratchlayer.go +++ b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/createscratchlayer.go @@ -10,9 +10,7 @@ import ( ) // CreateScratchLayer creates and populates new read-write layer for use by a container. -// This requires both the id of the direct parent layer, as well as the full list -// of paths to all parent layers up to the base (and including the direct parent -// whose id was provided). +// This requires the full list of paths to all parent layers up to the base func CreateScratchLayer(ctx context.Context, path string, parentLayerPaths []string) (err error) { title := "hcsshim::CreateScratchLayer" ctx, span := trace.StartSpan(ctx, title) diff --git a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/importlayer.go b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/importlayer.go index 16800b394389..b3c150d66fe7 100644 --- a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/importlayer.go +++ b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/importlayer.go @@ -93,6 +93,19 @@ func (r *legacyLayerWriterWrapper) Close() (err error) { return err } } + + // The reapplyDirectoryTimes must be called AFTER we are done with Tombstone + // deletion and hard link creation. This is because Tombstone deletion and hard link + // creation updates the directory last write timestamps so that will change the + // timestamps added by the `Add` call. Some container applications depend on the + // correctness of these timestamps and so we should change the timestamps back to + // the original value (i.e the value provided in the Add call) after this + // processing is done. + err = reapplyDirectoryTimes(r.destRoot, r.changedDi) + if err != nil { + return err + } + // Prepare the utility VM for use if one is present in the layer. if r.HasUtilityVM { err := safefile.EnsureNotReparsePointRelative("UtilityVM", r.destRoot) diff --git a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/legacy.go b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/legacy.go index b8ea5d2632ea..dc3caf7510d5 100644 --- a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/legacy.go +++ b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/legacy.go @@ -15,6 +15,7 @@ import ( "github.com/Microsoft/go-winio" "github.com/Microsoft/hcsshim/internal/longpath" "github.com/Microsoft/hcsshim/internal/safefile" + "github.com/Microsoft/hcsshim/internal/winapi" ) var errorIterationCanceled = errors.New("") @@ -341,7 +342,7 @@ type legacyLayerWriter struct { backupWriter *winio.BackupFileWriter Tombstones []string HasUtilityVM bool - uvmDi []dirInfo + changedDi []dirInfo addedFiles map[string]bool PendingLinks []pendingLink pendingDirs []pendingDir @@ -472,8 +473,8 @@ func copyFileWithMetadata(srcRoot, destRoot *os.File, subPath string, isDir bool srcRoot, syscall.GENERIC_READ|winio.ACCESS_SYSTEM_SECURITY, syscall.FILE_SHARE_READ, - safefile.FILE_OPEN, - safefile.FILE_OPEN_REPARSE_POINT) + winapi.FILE_OPEN, + winapi.FILE_OPEN_REPARSE_POINT) if err != nil { return nil, err } @@ -488,14 +489,14 @@ func copyFileWithMetadata(srcRoot, destRoot *os.File, subPath string, isDir bool extraFlags := uint32(0) if isDir { - extraFlags |= safefile.FILE_DIRECTORY_FILE + extraFlags |= winapi.FILE_DIRECTORY_FILE } dest, err := safefile.OpenRelative( subPath, destRoot, syscall.GENERIC_READ|syscall.GENERIC_WRITE|winio.WRITE_DAC|winio.WRITE_OWNER|winio.ACCESS_SYSTEM_SECURITY, syscall.FILE_SHARE_READ, - safefile.FILE_CREATE, + winapi.FILE_CREATE, extraFlags) if err != nil { return nil, err @@ -555,7 +556,7 @@ func cloneTree(srcRoot *os.File, destRoot *os.File, subPath string, mutatedFiles if err != nil { return err } - if isDir && !isReparsePoint { + if isDir { di = append(di, dirInfo{path: relPath, fileInfo: *fi}) } } else { @@ -583,6 +584,10 @@ func (w *legacyLayerWriter) Add(name string, fileInfo *winio.FileBasicInfo) erro return w.initUtilityVM() } + if (fileInfo.FileAttributes & syscall.FILE_ATTRIBUTE_DIRECTORY) != 0 { + w.changedDi = append(w.changedDi, dirInfo{path: name, fileInfo: *fileInfo}) + } + name = filepath.Clean(name) if hasPathPrefix(name, utilityVMPath) { if !w.HasUtilityVM { @@ -591,7 +596,7 @@ func (w *legacyLayerWriter) Add(name string, fileInfo *winio.FileBasicInfo) erro if !hasPathPrefix(name, utilityVMFilesPath) && name != utilityVMFilesPath { return errors.New("invalid UtilityVM layer") } - createDisposition := uint32(safefile.FILE_OPEN) + createDisposition := uint32(winapi.FILE_OPEN) if (fileInfo.FileAttributes & syscall.FILE_ATTRIBUTE_DIRECTORY) != 0 { st, err := safefile.LstatRelative(name, w.destRoot) if err != nil && !os.IsNotExist(err) { @@ -612,16 +617,13 @@ func (w *legacyLayerWriter) Add(name string, fileInfo *winio.FileBasicInfo) erro return err } } - if fileInfo.FileAttributes&syscall.FILE_ATTRIBUTE_REPARSE_POINT == 0 { - w.uvmDi = append(w.uvmDi, dirInfo{path: name, fileInfo: *fileInfo}) - } } else { // Overwrite any existing hard link. err := safefile.RemoveRelative(name, w.destRoot) if err != nil && !os.IsNotExist(err) { return err } - createDisposition = safefile.FILE_CREATE + createDisposition = winapi.FILE_CREATE } f, err := safefile.OpenRelative( @@ -630,7 +632,7 @@ func (w *legacyLayerWriter) Add(name string, fileInfo *winio.FileBasicInfo) erro syscall.GENERIC_READ|syscall.GENERIC_WRITE|winio.WRITE_DAC|winio.WRITE_OWNER|winio.ACCESS_SYSTEM_SECURITY, syscall.FILE_SHARE_READ, createDisposition, - safefile.FILE_OPEN_REPARSE_POINT, + winapi.FILE_OPEN_REPARSE_POINT, ) if err != nil { return err @@ -667,7 +669,7 @@ func (w *legacyLayerWriter) Add(name string, fileInfo *winio.FileBasicInfo) erro w.currentIsDir = true } - f, err := safefile.OpenRelative(fname, w.root, syscall.GENERIC_READ|syscall.GENERIC_WRITE, syscall.FILE_SHARE_READ, safefile.FILE_CREATE, 0) + f, err := safefile.OpenRelative(fname, w.root, syscall.GENERIC_READ|syscall.GENERIC_WRITE, syscall.FILE_SHARE_READ, winapi.FILE_CREATE, 0) if err != nil { return err } @@ -805,11 +807,5 @@ func (w *legacyLayerWriter) Close() error { return err } } - if w.HasUtilityVM { - err := reapplyDirectoryTimes(w.destRoot, w.uvmDi) - if err != nil { - return err - } - } return nil } diff --git a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/wclayer.go b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/wclayer.go index dc40bf51943c..9b1e06d50c5d 100644 --- a/vendor/github.com/Microsoft/hcsshim/internal/wclayer/wclayer.go +++ b/vendor/github.com/Microsoft/hcsshim/internal/wclayer/wclayer.go @@ -1,3 +1,6 @@ +// Package wclayer provides bindings to HCS's legacy layer management API and +// provides a higher level interface around these calls for container layer +// management. package wclayer import "github.com/Microsoft/go-winio/pkg/guid" diff --git a/vendor/github.com/Microsoft/hcsshim/internal/winapi/devices.go b/vendor/github.com/Microsoft/hcsshim/internal/winapi/devices.go new file mode 100644 index 000000000000..df28ea24216d --- /dev/null +++ b/vendor/github.com/Microsoft/hcsshim/internal/winapi/devices.go @@ -0,0 +1,13 @@ +package winapi + +import "github.com/Microsoft/go-winio/pkg/guid" + +//sys CMGetDeviceIDListSize(pulLen *uint32, pszFilter *byte, uFlags uint32) (hr error) = cfgmgr32.CM_Get_Device_ID_List_SizeA +//sys CMGetDeviceIDList(pszFilter *byte, buffer *byte, bufferLen uint32, uFlags uint32) (hr error)= cfgmgr32.CM_Get_Device_ID_ListA +//sys CMLocateDevNode(pdnDevInst *uint32, pDeviceID string, uFlags uint32) (hr error) = cfgmgr32.CM_Locate_DevNodeW +//sys CMGetDevNodeProperty(dnDevInst uint32, propertyKey *DevPropKey, propertyType *uint32, propertyBuffer *uint16, propertyBufferSize *uint32, uFlags uint32) (hr error) = cfgmgr32.CM_Get_DevNode_PropertyW + +type DevPropKey struct { + Fmtid guid.GUID + Pid uint32 +} diff --git a/vendor/github.com/Microsoft/hcsshim/internal/winapi/errors.go b/vendor/github.com/Microsoft/hcsshim/internal/winapi/errors.go new file mode 100644 index 000000000000..4e80ef68c92c --- /dev/null +++ b/vendor/github.com/Microsoft/hcsshim/internal/winapi/errors.go @@ -0,0 +1,15 @@ +package winapi + +import "syscall" + +//sys RtlNtStatusToDosError(status uint32) (winerr error) = ntdll.RtlNtStatusToDosError + +const ( + STATUS_REPARSE_POINT_ENCOUNTERED = 0xC000050B + ERROR_NO_MORE_ITEMS = 0x103 + ERROR_MORE_DATA syscall.Errno = 234 +) + +func NTSuccess(status uint32) bool { + return status == 0 +} diff --git a/vendor/github.com/Microsoft/hcsshim/internal/winapi/filesystem.go b/vendor/github.com/Microsoft/hcsshim/internal/winapi/filesystem.go new file mode 100644 index 000000000000..ab5daea78220 --- /dev/null +++ b/vendor/github.com/Microsoft/hcsshim/internal/winapi/filesystem.go @@ -0,0 +1,61 @@ +package winapi + +//sys NtCreateFile(handle *uintptr, accessMask uint32, oa *ObjectAttributes, iosb *IOStatusBlock, allocationSize *uint64, fileAttributes uint32, shareAccess uint32, createDisposition uint32, createOptions uint32, eaBuffer *byte, eaLength uint32) (status uint32) = ntdll.NtCreateFile +//sys NtSetInformationFile(handle uintptr, iosb *IOStatusBlock, information uintptr, length uint32, class uint32) (status uint32) = ntdll.NtSetInformationFile + +//sys NtOpenDirectoryObject(handle *uintptr, accessMask uint32, oa *ObjectAttributes) (status uint32) = ntdll.NtOpenDirectoryObject +//sys NtQueryDirectoryObject(handle uintptr, buffer *byte, length uint32, singleEntry bool, restartScan bool, context *uint32, returnLength *uint32)(status uint32) = ntdll.NtQueryDirectoryObject + +const ( + FileLinkInformationClass = 11 + FileDispositionInformationExClass = 64 + + FILE_READ_ATTRIBUTES = 0x0080 + FILE_WRITE_ATTRIBUTES = 0x0100 + DELETE = 0x10000 + + FILE_OPEN = 1 + FILE_CREATE = 2 + + FILE_LIST_DIRECTORY = 0x00000001 + FILE_DIRECTORY_FILE = 0x00000001 + FILE_SYNCHRONOUS_IO_NONALERT = 0x00000020 + FILE_OPEN_FOR_BACKUP_INTENT = 0x00004000 + FILE_OPEN_REPARSE_POINT = 0x00200000 + + FILE_DISPOSITION_DELETE = 0x00000001 + + OBJ_DONT_REPARSE = 0x1000 + + STATUS_MORE_ENTRIES = 0x105 + STATUS_NO_MORE_ENTRIES = 0x8000001a +) + +type FileDispositionInformationEx struct { + Flags uintptr +} + +type IOStatusBlock struct { + Status, Information uintptr +} + +type ObjectAttributes struct { + Length uintptr + RootDirectory uintptr + ObjectName uintptr + Attributes uintptr + SecurityDescriptor uintptr + SecurityQoS uintptr +} + +type ObjectDirectoryInformation struct { + Name UnicodeString + TypeName UnicodeString +} + +type FileLinkInformation struct { + ReplaceIfExists bool + RootDirectory uintptr + FileNameLength uint32 + FileName [1]uint16 +} diff --git a/vendor/github.com/Microsoft/hcsshim/internal/winapi/jobobject.go b/vendor/github.com/Microsoft/hcsshim/internal/winapi/jobobject.go new file mode 100644 index 000000000000..1ea5b18a3d6d --- /dev/null +++ b/vendor/github.com/Microsoft/hcsshim/internal/winapi/jobobject.go @@ -0,0 +1,120 @@ +package winapi + +import ( + "golang.org/x/sys/windows" +) + +// Messages that can be received from an assigned io completion port. +// https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-jobobject_associate_completion_port +const ( + JOB_OBJECT_MSG_END_OF_JOB_TIME = 1 + JOB_OBJECT_MSG_END_OF_PROCESS_TIME = 2 + JOB_OBJECT_MSG_ACTIVE_PROCESS_LIMIT = 3 + JOB_OBJECT_MSG_ACTIVE_PROCESS_ZERO = 4 + JOB_OBJECT_MSG_NEW_PROCESS = 6 + JOB_OBJECT_MSG_EXIT_PROCESS = 7 + JOB_OBJECT_MSG_ABNORMAL_EXIT_PROCESS = 8 + JOB_OBJECT_MSG_PROCESS_MEMORY_LIMIT = 9 + JOB_OBJECT_MSG_JOB_MEMORY_LIMIT = 10 + JOB_OBJECT_MSG_NOTIFICATION_LIMIT = 11 +) + +// IO limit flags +// +// https://docs.microsoft.com/en-us/windows/win32/api/jobapi2/ns-jobapi2-jobobject_io_rate_control_information +const JOB_OBJECT_IO_RATE_CONTROL_ENABLE = 0x1 + +// https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-jobobject_cpu_rate_control_information +const ( + JOB_OBJECT_CPU_RATE_CONTROL_ENABLE = 1 << iota + JOB_OBJECT_CPU_RATE_CONTROL_WEIGHT_BASED + JOB_OBJECT_CPU_RATE_CONTROL_HARD_CAP + JOB_OBJECT_CPU_RATE_CONTROL_NOTIFY + JOB_OBJECT_CPU_RATE_CONTROL_MIN_MAX_RATE +) + +// JobObjectInformationClass values. Used for a call to QueryInformationJobObject +// +// https://docs.microsoft.com/en-us/windows/win32/api/jobapi2/nf-jobapi2-queryinformationjobobject +const ( + JobObjectBasicAccountingInformation uint32 = 1 + JobObjectBasicProcessIdList uint32 = 3 + JobObjectBasicAndIoAccountingInformation uint32 = 8 + JobObjectLimitViolationInformation uint32 = 13 + JobObjectNotificationLimitInformation2 uint32 = 33 +) + +// https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-jobobject_basic_limit_information +type JOBOBJECT_BASIC_LIMIT_INFORMATION struct { + PerProcessUserTimeLimit int64 + PerJobUserTimeLimit int64 + LimitFlags uint32 + MinimumWorkingSetSize uintptr + MaximumWorkingSetSize uintptr + ActiveProcessLimit uint32 + Affinity uintptr + PriorityClass uint32 + SchedulingClass uint32 +} + +// https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-jobobject_cpu_rate_control_information +type JOBOBJECT_CPU_RATE_CONTROL_INFORMATION struct { + ControlFlags uint32 + Rate uint32 +} + +// https://docs.microsoft.com/en-us/windows/win32/api/jobapi2/ns-jobapi2-jobobject_io_rate_control_information +type JOBOBJECT_IO_RATE_CONTROL_INFORMATION struct { + MaxIops int64 + MaxBandwidth int64 + ReservationIops int64 + BaseIOSize uint32 + VolumeName string + ControlFlags uint32 +} + +// https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-jobobject_basic_process_id_list +type JOBOBJECT_BASIC_PROCESS_ID_LIST struct { + NumberOfAssignedProcesses uint32 + NumberOfProcessIdsInList uint32 + ProcessIdList [1]uintptr +} + +// https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-jobobject_associate_completion_port +type JOBOBJECT_ASSOCIATE_COMPLETION_PORT struct { + CompletionKey uintptr + CompletionPort windows.Handle +} + +// BOOL IsProcessInJob( +// HANDLE ProcessHandle, +// HANDLE JobHandle, +// PBOOL Result +// ); +// +//sys IsProcessInJob(procHandle windows.Handle, jobHandle windows.Handle, result *bool) (err error) = kernel32.IsProcessInJob + +// BOOL QueryInformationJobObject( +// HANDLE hJob, +// JOBOBJECTINFOCLASS JobObjectInformationClass, +// LPVOID lpJobObjectInformation, +// DWORD cbJobObjectInformationLength, +// LPDWORD lpReturnLength +// ); +// +//sys QueryInformationJobObject(jobHandle windows.Handle, infoClass uint32, jobObjectInfo uintptr, jobObjectInformationLength uint32, lpReturnLength *uint32) (err error) = kernel32.QueryInformationJobObject + +// HANDLE OpenJobObjectW( +// DWORD dwDesiredAccess, +// BOOL bInheritHandle, +// LPCWSTR lpName +// ); +// +//sys OpenJobObject(desiredAccess uint32, inheritHandle bool, lpName *uint16) (handle windows.Handle, err error) = kernel32.OpenJobObjectW + +// DWORD SetIoRateControlInformationJobObject( +// HANDLE hJob, +// JOBOBJECT_IO_RATE_CONTROL_INFORMATION *IoRateControlInfo +// ); +// +//sys SetIoRateControlInformationJobObject(jobHandle windows.Handle, ioRateControlInfo *JOBOBJECT_IO_RATE_CONTROL_INFORMATION) (ret uint32, err error) = kernel32.SetIoRateControlInformationJobObject diff --git a/vendor/github.com/Microsoft/hcsshim/internal/winapi/logon.go b/vendor/github.com/Microsoft/hcsshim/internal/winapi/logon.go new file mode 100644 index 000000000000..b6e7cfd4601d --- /dev/null +++ b/vendor/github.com/Microsoft/hcsshim/internal/winapi/logon.go @@ -0,0 +1,30 @@ +package winapi + +// BOOL LogonUserA( +// LPCWSTR lpszUsername, +// LPCWSTR lpszDomain, +// LPCWSTR lpszPassword, +// DWORD dwLogonType, +// DWORD dwLogonProvider, +// PHANDLE phToken +// ); +// +//sys LogonUser(username *uint16, domain *uint16, password *uint16, logonType uint32, logonProvider uint32, token *windows.Token) (err error) = advapi32.LogonUserW + +// Logon types +const ( + LOGON32_LOGON_INTERACTIVE uint32 = 2 + LOGON32_LOGON_NETWORK uint32 = 3 + LOGON32_LOGON_BATCH uint32 = 4 + LOGON32_LOGON_SERVICE uint32 = 5 + LOGON32_LOGON_UNLOCK uint32 = 7 + LOGON32_LOGON_NETWORK_CLEARTEXT uint32 = 8 + LOGON32_LOGON_NEW_CREDENTIALS uint32 = 9 +) + +// Logon providers +const ( + LOGON32_PROVIDER_DEFAULT uint32 = 0 + LOGON32_PROVIDER_WINNT40 uint32 = 2 + LOGON32_PROVIDER_WINNT50 uint32 = 3 +) diff --git a/vendor/github.com/Microsoft/hcsshim/internal/winapi/memory.go b/vendor/github.com/Microsoft/hcsshim/internal/winapi/memory.go new file mode 100644 index 000000000000..ccaf5a624f4f --- /dev/null +++ b/vendor/github.com/Microsoft/hcsshim/internal/winapi/memory.go @@ -0,0 +1,11 @@ +package winapi + +// VOID RtlMoveMemory( +// _Out_ VOID UNALIGNED *Destination, +// _In_ const VOID UNALIGNED *Source, +// _In_ SIZE_T Length +// ); +//sys RtlMoveMemory(destination *byte, source *byte, length uintptr) (err error) = kernel32.RtlMoveMemory + +//sys LocalAlloc(flags uint32, size int) (ptr uintptr) = kernel32.LocalAlloc +//sys LocalFree(ptr uintptr) = kernel32.LocalFree diff --git a/vendor/github.com/Microsoft/hcsshim/internal/winapi/path.go b/vendor/github.com/Microsoft/hcsshim/internal/winapi/path.go new file mode 100644 index 000000000000..0ae8f33ea63b --- /dev/null +++ b/vendor/github.com/Microsoft/hcsshim/internal/winapi/path.go @@ -0,0 +1,11 @@ +package winapi + +// DWORD SearchPathW( +// LPCWSTR lpPath, +// LPCWSTR lpFileName, +// LPCWSTR lpExtension, +// DWORD nBufferLength, +// LPWSTR lpBuffer, +// LPWSTR *lpFilePart +// ); +//sys SearchPath(lpPath *uint16, lpFileName *uint16, lpExtension *uint16, nBufferLength uint32, lpBuffer *uint16, lpFilePath **uint16) (size uint32, err error) = kernel32.SearchPathW diff --git a/vendor/github.com/Microsoft/hcsshim/internal/winapi/process.go b/vendor/github.com/Microsoft/hcsshim/internal/winapi/process.go new file mode 100644 index 000000000000..adf0168eae91 --- /dev/null +++ b/vendor/github.com/Microsoft/hcsshim/internal/winapi/process.go @@ -0,0 +1,3 @@ +package winapi + +const PROCESS_ALL_ACCESS uint32 = 2097151 diff --git a/vendor/github.com/Microsoft/hcsshim/internal/winapi/processor.go b/vendor/github.com/Microsoft/hcsshim/internal/winapi/processor.go new file mode 100644 index 000000000000..ce79ac2cdb8a --- /dev/null +++ b/vendor/github.com/Microsoft/hcsshim/internal/winapi/processor.go @@ -0,0 +1,7 @@ +package winapi + +// Get count from all processor groups. +// https://docs.microsoft.com/en-us/windows/win32/procthread/processor-groups +const ALL_PROCESSOR_GROUPS = 0xFFFF + +//sys GetActiveProcessorCount(groupNumber uint16) (amount uint32) = kernel32.GetActiveProcessorCount diff --git a/vendor/github.com/Microsoft/hcsshim/internal/winapi/utils.go b/vendor/github.com/Microsoft/hcsshim/internal/winapi/utils.go new file mode 100644 index 000000000000..f3055d41754c --- /dev/null +++ b/vendor/github.com/Microsoft/hcsshim/internal/winapi/utils.go @@ -0,0 +1,60 @@ +package winapi + +import ( + "errors" + "syscall" + "unicode/utf16" + "unsafe" +) + +type UnicodeString struct { + Length uint16 + MaximumLength uint16 + Buffer *uint16 +} + +//String converts a UnicodeString to a golang string +func (uni UnicodeString) String() string { + p := (*[0xffff]uint16)(unsafe.Pointer(uni.Buffer)) + + // UnicodeString is not guaranteed to be null terminated, therefore + // use the UnicodeString's Length field + lengthInChars := uni.Length / 2 + return syscall.UTF16ToString(p[:lengthInChars]) +} + +// NewUnicodeString allocates a new UnicodeString and copies `s` into +// the buffer of the new UnicodeString. +func NewUnicodeString(s string) (*UnicodeString, error) { + ws := utf16.Encode(([]rune)(s)) + if len(ws) > 32767 { + return nil, syscall.ENAMETOOLONG + } + + uni := &UnicodeString{ + Length: uint16(len(ws) * 2), + MaximumLength: uint16(len(ws) * 2), + Buffer: &make([]uint16, len(ws))[0], + } + copy((*[32768]uint16)(unsafe.Pointer(uni.Buffer))[:], ws) + return uni, nil +} + +// ConvertStringSetToSlice is a helper function used to convert the contents of +// `buf` into a string slice. `buf` contains a set of null terminated strings +// with an additional null at the end to indicate the end of the set. +func ConvertStringSetToSlice(buf []byte) ([]string, error) { + var results []string + prev := 0 + for i := range buf { + if buf[i] == 0 { + if prev == i { + // found two null characters in a row, return result + return results, nil + } + results = append(results, string(buf[prev:i])) + prev = i + 1 + } + } + return nil, errors.New("string set malformed: missing null terminator at end of buffer") +} diff --git a/vendor/github.com/Microsoft/hcsshim/internal/winapi/winapi.go b/vendor/github.com/Microsoft/hcsshim/internal/winapi/winapi.go new file mode 100644 index 000000000000..50bdc01f2bb3 --- /dev/null +++ b/vendor/github.com/Microsoft/hcsshim/internal/winapi/winapi.go @@ -0,0 +1,5 @@ +// Package winapi contains various low-level bindings to Windows APIs. It can +// be thought of as an extension to golang.org/x/sys/windows. +package winapi + +//go:generate go run ..\..\mksyscall_windows.go -output zsyscall_windows.go jobobject.go path.go logon.go memory.go processor.go devices.go filesystem.go errors.go diff --git a/vendor/github.com/Microsoft/hcsshim/internal/winapi/zsyscall_windows.go b/vendor/github.com/Microsoft/hcsshim/internal/winapi/zsyscall_windows.go new file mode 100644 index 000000000000..af83f5b07eef --- /dev/null +++ b/vendor/github.com/Microsoft/hcsshim/internal/winapi/zsyscall_windows.go @@ -0,0 +1,271 @@ +// Code generated mksyscall_windows.exe DO NOT EDIT + +package winapi + +import ( + "syscall" + "unsafe" + + "golang.org/x/sys/windows" +) + +var _ unsafe.Pointer + +// Do the interface allocations only once for common +// Errno values. +const ( + errnoERROR_IO_PENDING = 997 +) + +var ( + errERROR_IO_PENDING error = syscall.Errno(errnoERROR_IO_PENDING) +) + +// errnoErr returns common boxed Errno values, to prevent +// allocations at runtime. +func errnoErr(e syscall.Errno) error { + switch e { + case 0: + return nil + case errnoERROR_IO_PENDING: + return errERROR_IO_PENDING + } + // TODO: add more here, after collecting data on the common + // error values see on Windows. (perhaps when running + // all.bat?) + return e +} + +var ( + modkernel32 = windows.NewLazySystemDLL("kernel32.dll") + modadvapi32 = windows.NewLazySystemDLL("advapi32.dll") + modcfgmgr32 = windows.NewLazySystemDLL("cfgmgr32.dll") + modntdll = windows.NewLazySystemDLL("ntdll.dll") + + procIsProcessInJob = modkernel32.NewProc("IsProcessInJob") + procQueryInformationJobObject = modkernel32.NewProc("QueryInformationJobObject") + procOpenJobObjectW = modkernel32.NewProc("OpenJobObjectW") + procSetIoRateControlInformationJobObject = modkernel32.NewProc("SetIoRateControlInformationJobObject") + procSearchPathW = modkernel32.NewProc("SearchPathW") + procLogonUserW = modadvapi32.NewProc("LogonUserW") + procRtlMoveMemory = modkernel32.NewProc("RtlMoveMemory") + procLocalAlloc = modkernel32.NewProc("LocalAlloc") + procLocalFree = modkernel32.NewProc("LocalFree") + procGetActiveProcessorCount = modkernel32.NewProc("GetActiveProcessorCount") + procCM_Get_Device_ID_List_SizeA = modcfgmgr32.NewProc("CM_Get_Device_ID_List_SizeA") + procCM_Get_Device_ID_ListA = modcfgmgr32.NewProc("CM_Get_Device_ID_ListA") + procCM_Locate_DevNodeW = modcfgmgr32.NewProc("CM_Locate_DevNodeW") + procCM_Get_DevNode_PropertyW = modcfgmgr32.NewProc("CM_Get_DevNode_PropertyW") + procNtCreateFile = modntdll.NewProc("NtCreateFile") + procNtSetInformationFile = modntdll.NewProc("NtSetInformationFile") + procNtOpenDirectoryObject = modntdll.NewProc("NtOpenDirectoryObject") + procNtQueryDirectoryObject = modntdll.NewProc("NtQueryDirectoryObject") + procRtlNtStatusToDosError = modntdll.NewProc("RtlNtStatusToDosError") +) + +func IsProcessInJob(procHandle windows.Handle, jobHandle windows.Handle, result *bool) (err error) { + r1, _, e1 := syscall.Syscall(procIsProcessInJob.Addr(), 3, uintptr(procHandle), uintptr(jobHandle), uintptr(unsafe.Pointer(result))) + if r1 == 0 { + if e1 != 0 { + err = errnoErr(e1) + } else { + err = syscall.EINVAL + } + } + return +} + +func QueryInformationJobObject(jobHandle windows.Handle, infoClass uint32, jobObjectInfo uintptr, jobObjectInformationLength uint32, lpReturnLength *uint32) (err error) { + r1, _, e1 := syscall.Syscall6(procQueryInformationJobObject.Addr(), 5, uintptr(jobHandle), uintptr(infoClass), uintptr(jobObjectInfo), uintptr(jobObjectInformationLength), uintptr(unsafe.Pointer(lpReturnLength)), 0) + if r1 == 0 { + if e1 != 0 { + err = errnoErr(e1) + } else { + err = syscall.EINVAL + } + } + return +} + +func OpenJobObject(desiredAccess uint32, inheritHandle bool, lpName *uint16) (handle windows.Handle, err error) { + var _p0 uint32 + if inheritHandle { + _p0 = 1 + } else { + _p0 = 0 + } + r0, _, e1 := syscall.Syscall(procOpenJobObjectW.Addr(), 3, uintptr(desiredAccess), uintptr(_p0), uintptr(unsafe.Pointer(lpName))) + handle = windows.Handle(r0) + if handle == 0 { + if e1 != 0 { + err = errnoErr(e1) + } else { + err = syscall.EINVAL + } + } + return +} + +func SetIoRateControlInformationJobObject(jobHandle windows.Handle, ioRateControlInfo *JOBOBJECT_IO_RATE_CONTROL_INFORMATION) (ret uint32, err error) { + r0, _, e1 := syscall.Syscall(procSetIoRateControlInformationJobObject.Addr(), 2, uintptr(jobHandle), uintptr(unsafe.Pointer(ioRateControlInfo)), 0) + ret = uint32(r0) + if ret == 0 { + if e1 != 0 { + err = errnoErr(e1) + } else { + err = syscall.EINVAL + } + } + return +} + +func SearchPath(lpPath *uint16, lpFileName *uint16, lpExtension *uint16, nBufferLength uint32, lpBuffer *uint16, lpFilePath **uint16) (size uint32, err error) { + r0, _, e1 := syscall.Syscall6(procSearchPathW.Addr(), 6, uintptr(unsafe.Pointer(lpPath)), uintptr(unsafe.Pointer(lpFileName)), uintptr(unsafe.Pointer(lpExtension)), uintptr(nBufferLength), uintptr(unsafe.Pointer(lpBuffer)), uintptr(unsafe.Pointer(lpFilePath))) + size = uint32(r0) + if size == 0 { + if e1 != 0 { + err = errnoErr(e1) + } else { + err = syscall.EINVAL + } + } + return +} + +func LogonUser(username *uint16, domain *uint16, password *uint16, logonType uint32, logonProvider uint32, token *windows.Token) (err error) { + r1, _, e1 := syscall.Syscall6(procLogonUserW.Addr(), 6, uintptr(unsafe.Pointer(username)), uintptr(unsafe.Pointer(domain)), uintptr(unsafe.Pointer(password)), uintptr(logonType), uintptr(logonProvider), uintptr(unsafe.Pointer(token))) + if r1 == 0 { + if e1 != 0 { + err = errnoErr(e1) + } else { + err = syscall.EINVAL + } + } + return +} + +func RtlMoveMemory(destination *byte, source *byte, length uintptr) (err error) { + r1, _, e1 := syscall.Syscall(procRtlMoveMemory.Addr(), 3, uintptr(unsafe.Pointer(destination)), uintptr(unsafe.Pointer(source)), uintptr(length)) + if r1 == 0 { + if e1 != 0 { + err = errnoErr(e1) + } else { + err = syscall.EINVAL + } + } + return +} + +func LocalAlloc(flags uint32, size int) (ptr uintptr) { + r0, _, _ := syscall.Syscall(procLocalAlloc.Addr(), 2, uintptr(flags), uintptr(size), 0) + ptr = uintptr(r0) + return +} + +func LocalFree(ptr uintptr) { + syscall.Syscall(procLocalFree.Addr(), 1, uintptr(ptr), 0, 0) + return +} + +func GetActiveProcessorCount(groupNumber uint16) (amount uint32) { + r0, _, _ := syscall.Syscall(procGetActiveProcessorCount.Addr(), 1, uintptr(groupNumber), 0, 0) + amount = uint32(r0) + return +} + +func CMGetDeviceIDListSize(pulLen *uint32, pszFilter *byte, uFlags uint32) (hr error) { + r0, _, _ := syscall.Syscall(procCM_Get_Device_ID_List_SizeA.Addr(), 3, uintptr(unsafe.Pointer(pulLen)), uintptr(unsafe.Pointer(pszFilter)), uintptr(uFlags)) + if int32(r0) < 0 { + if r0&0x1fff0000 == 0x00070000 { + r0 &= 0xffff + } + hr = syscall.Errno(r0) + } + return +} + +func CMGetDeviceIDList(pszFilter *byte, buffer *byte, bufferLen uint32, uFlags uint32) (hr error) { + r0, _, _ := syscall.Syscall6(procCM_Get_Device_ID_ListA.Addr(), 4, uintptr(unsafe.Pointer(pszFilter)), uintptr(unsafe.Pointer(buffer)), uintptr(bufferLen), uintptr(uFlags), 0, 0) + if int32(r0) < 0 { + if r0&0x1fff0000 == 0x00070000 { + r0 &= 0xffff + } + hr = syscall.Errno(r0) + } + return +} + +func CMLocateDevNode(pdnDevInst *uint32, pDeviceID string, uFlags uint32) (hr error) { + var _p0 *uint16 + _p0, hr = syscall.UTF16PtrFromString(pDeviceID) + if hr != nil { + return + } + return _CMLocateDevNode(pdnDevInst, _p0, uFlags) +} + +func _CMLocateDevNode(pdnDevInst *uint32, pDeviceID *uint16, uFlags uint32) (hr error) { + r0, _, _ := syscall.Syscall(procCM_Locate_DevNodeW.Addr(), 3, uintptr(unsafe.Pointer(pdnDevInst)), uintptr(unsafe.Pointer(pDeviceID)), uintptr(uFlags)) + if int32(r0) < 0 { + if r0&0x1fff0000 == 0x00070000 { + r0 &= 0xffff + } + hr = syscall.Errno(r0) + } + return +} + +func CMGetDevNodeProperty(dnDevInst uint32, propertyKey *DevPropKey, propertyType *uint32, propertyBuffer *uint16, propertyBufferSize *uint32, uFlags uint32) (hr error) { + r0, _, _ := syscall.Syscall6(procCM_Get_DevNode_PropertyW.Addr(), 6, uintptr(dnDevInst), uintptr(unsafe.Pointer(propertyKey)), uintptr(unsafe.Pointer(propertyType)), uintptr(unsafe.Pointer(propertyBuffer)), uintptr(unsafe.Pointer(propertyBufferSize)), uintptr(uFlags)) + if int32(r0) < 0 { + if r0&0x1fff0000 == 0x00070000 { + r0 &= 0xffff + } + hr = syscall.Errno(r0) + } + return +} + +func NtCreateFile(handle *uintptr, accessMask uint32, oa *ObjectAttributes, iosb *IOStatusBlock, allocationSize *uint64, fileAttributes uint32, shareAccess uint32, createDisposition uint32, createOptions uint32, eaBuffer *byte, eaLength uint32) (status uint32) { + r0, _, _ := syscall.Syscall12(procNtCreateFile.Addr(), 11, uintptr(unsafe.Pointer(handle)), uintptr(accessMask), uintptr(unsafe.Pointer(oa)), uintptr(unsafe.Pointer(iosb)), uintptr(unsafe.Pointer(allocationSize)), uintptr(fileAttributes), uintptr(shareAccess), uintptr(createDisposition), uintptr(createOptions), uintptr(unsafe.Pointer(eaBuffer)), uintptr(eaLength), 0) + status = uint32(r0) + return +} + +func NtSetInformationFile(handle uintptr, iosb *IOStatusBlock, information uintptr, length uint32, class uint32) (status uint32) { + r0, _, _ := syscall.Syscall6(procNtSetInformationFile.Addr(), 5, uintptr(handle), uintptr(unsafe.Pointer(iosb)), uintptr(information), uintptr(length), uintptr(class), 0) + status = uint32(r0) + return +} + +func NtOpenDirectoryObject(handle *uintptr, accessMask uint32, oa *ObjectAttributes) (status uint32) { + r0, _, _ := syscall.Syscall(procNtOpenDirectoryObject.Addr(), 3, uintptr(unsafe.Pointer(handle)), uintptr(accessMask), uintptr(unsafe.Pointer(oa))) + status = uint32(r0) + return +} + +func NtQueryDirectoryObject(handle uintptr, buffer *byte, length uint32, singleEntry bool, restartScan bool, context *uint32, returnLength *uint32) (status uint32) { + var _p0 uint32 + if singleEntry { + _p0 = 1 + } else { + _p0 = 0 + } + var _p1 uint32 + if restartScan { + _p1 = 1 + } else { + _p1 = 0 + } + r0, _, _ := syscall.Syscall9(procNtQueryDirectoryObject.Addr(), 7, uintptr(handle), uintptr(unsafe.Pointer(buffer)), uintptr(length), uintptr(_p0), uintptr(_p1), uintptr(unsafe.Pointer(context)), uintptr(unsafe.Pointer(returnLength)), 0, 0) + status = uint32(r0) + return +} + +func RtlNtStatusToDosError(status uint32) (winerr error) { + r0, _, _ := syscall.Syscall(procRtlNtStatusToDosError.Addr(), 1, uintptr(status), 0, 0) + if r0 != 0 { + winerr = syscall.Errno(r0) + } + return +} diff --git a/vendor/github.com/Microsoft/hcsshim/osversion/windowsbuilds.go b/vendor/github.com/Microsoft/hcsshim/osversion/windowsbuilds.go index 726d1c8c1220..63d5ff023668 100644 --- a/vendor/github.com/Microsoft/hcsshim/osversion/windowsbuilds.go +++ b/vendor/github.com/Microsoft/hcsshim/osversion/windowsbuilds.go @@ -24,4 +24,12 @@ const ( // V19H1 (version 1903) corresponds to Windows Server 1903 (semi-annual // channel). V19H1 = 18362 + + // V19H2 (version 1909) corresponds to Windows Server 1909 (semi-annual + // channel). + V19H2 = 18363 + + // V20H1 (version 2004) corresponds to Windows Server 2004 (semi-annual + // channel). + V20H1 = 19041 ) diff --git a/vendor/github.com/Microsoft/hcsshim/test/go.mod b/vendor/github.com/Microsoft/hcsshim/test/go.mod index 6c9451274338..5cd0c340bf14 100644 --- a/vendor/github.com/Microsoft/hcsshim/test/go.mod +++ b/vendor/github.com/Microsoft/hcsshim/test/go.mod @@ -10,18 +10,16 @@ require ( github.com/containerd/go-runc v0.0.0-20180907222934-5a6d9f37cfa3 github.com/containerd/ttrpc v0.0.0-20190828154514-0e0f228740de github.com/containerd/typeurl v0.0.0-20180627222232-a93fcdb778cd - github.com/coreos/go-systemd v0.0.0-20190719114852-fd7a80b32e1f // indirect github.com/docker/distribution v0.0.0-20190905152932-14b96e55d84c // indirect github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c // indirect - github.com/godbus/dbus v4.1.0+incompatible // indirect github.com/gogo/googleapis v1.2.0 // indirect github.com/gogo/protobuf v1.3.1 github.com/hashicorp/errwrap v0.0.0-20141028054710-7554cd9344ce // indirect github.com/hashicorp/go-multierror v0.0.0-20161216184304-ed905158d874 // indirect github.com/imdario/mergo v0.3.8 // indirect - github.com/opencontainers/runtime-spec v0.1.2-0.20190507144316-5b71a03e2700 + github.com/opencontainers/runtime-spec v1.0.2 github.com/opencontainers/runtime-tools v0.0.0-20181011054405-1d69bd0f9c39 - github.com/pkg/errors v0.8.1 + github.com/pkg/errors v0.9.1 github.com/sirupsen/logrus v1.4.2 github.com/syndtr/gocapability v0.0.0-20170704070218-db04d3cc01c8 // indirect github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f // indirect From 88e7f23bc6a20c409edc4b43a284959d5ef0db30 Mon Sep 17 00:00:00 2001 From: Amit Barve Date: Tue, 13 Oct 2020 22:25:17 -0700 Subject: [PATCH 05/46] Read trailing data from tar reader Not reading all the data from the tar reader causes the layer digest mismatch which causes failures during unpack of certain images for lcow. This changes fixes that. Signed-off-by: Amit Barve (cherry picked from commit d3b817b95c39d44b94346fa4da3476157f255b91) Signed-off-by: Kevin Parsons --- diff/lcow/lcow.go | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/diff/lcow/lcow.go b/diff/lcow/lcow.go index 4c5d74ca3f1b..344aa7eb092c 100644 --- a/diff/lcow/lcow.go +++ b/diff/lcow/lcow.go @@ -21,6 +21,7 @@ package lcow import ( "context" "io" + "io/ioutil" "os" "path" "time" @@ -163,6 +164,11 @@ func (s windowsLcowDiff) Apply(ctx context.Context, desc ocispec.Descriptor, mou } outFile.Close() + // Read any trailing data + if _, err := io.Copy(ioutil.Discard, rc); err != nil { + return emptyDesc, err + } + err = security.GrantVmGroupAccess(layerPath) if err != nil { return emptyDesc, errors.Wrapf(err, "failed GrantVmGroupAccess on layer vhd: %v", layerPath) From c745d237e008cc434379a3ed4f45af9cb4775e9d Mon Sep 17 00:00:00 2001 From: Phil Estes Date: Mon, 2 Nov 2020 22:59:12 -0500 Subject: [PATCH 06/46] Revendor CRI to get disabled annotation config default Signed-off-by: Phil Estes --- vendor.conf | 2 +- vendor/github.com/containerd/cri/README.md | 32 ++++++++++++------- .../containerd/cri/pkg/config/config_unix.go | 1 + .../cri/pkg/server/container_create_unix.go | 8 +++-- vendor/github.com/containerd/cri/vendor.conf | 30 ++++++++--------- 5 files changed, 44 insertions(+), 29 deletions(-) diff --git a/vendor.conf b/vendor.conf index 58ffbcdc0bc4..0b74526a5ff3 100644 --- a/vendor.conf +++ b/vendor.conf @@ -57,7 +57,7 @@ gotest.tools/v3 v3.0.2 github.com/cilium/ebpf 1c8d4c9ef7759622653a1d319284a44652333b28 # cri dependencies -github.com/containerd/cri 4e6644c8cf7fb825f62e0007421b7d83dfeab5a1 # master +github.com/containerd/cri 61363b3e2c97ba2d389dc774d977fc906591a6fd # release/1.4 github.com/davecgh/go-spew v1.1.1 github.com/docker/docker 4634ce647cf2ce2c6031129ccd109e557244986f github.com/docker/spdystream 449fdfce4d962303d702fec724ef0ad181c92528 diff --git a/vendor/github.com/containerd/cri/README.md b/vendor/github.com/containerd/cri/README.md index e421077b24fd..1b3663ac969f 100644 --- a/vendor/github.com/containerd/cri/README.md +++ b/vendor/github.com/containerd/cri/README.md @@ -1,17 +1,25 @@ +# Moved to [`github.com/containerd/containerd/pkg/cri`](https://github.com/containerd/containerd/tree/master/pkg/cri) + +On October 7, 2020, the contents of this repo were merged into [the `containerd/containerd` repo](https://github.com/containerd/cri). +For example, the source code previously stored under [`containerd/cri/pkg`](https://github.com/containerd/cri/tree/release/1.4/pkg) +was moved to [`containerd/containerd/pkg/cri` package](https://github.com/containerd/containerd/tree/master/pkg/cri). + +**Pull requests are no longer accepted in the master branch of this repo.** + +Bug-fix PRs for `release/1.3` and `release/1.4` branches are still accepted in this repo. +However, the master branch for `containerd/cri` integration work is now located in the `containerd/containerd` repository, +and as such new commits should be merged there. + +This repo will be archived after the EOL of containerd 1.4. + +- - - + # cri

-*Note: The standalone `cri-containerd` binary is end-of-life. `cri-containerd` is -transitioning from a standalone binary that talks to containerd to a plugin within -containerd. This github branch is for the `cri` plugin. See -[standalone-cri-containerd branch](https://github.com/containerd/cri/tree/standalone-cri-containerd) -for information about the standalone version of `cri-containerd`.* - -*Note: You need to [drain your node](https://kubernetes.io/docs/tasks/administer-cluster/safely-drain-node/) before upgrading from standalone `cri-containerd` to containerd with `cri` plugin.* - [![Build Status](https://api.travis-ci.org/containerd/cri.svg?style=flat-square)](https://travis-ci.org/containerd/cri) [![Go Report Card](https://goreportcard.com/badge/github.com/containerd/cri)](https://goreportcard.com/report/github.com/containerd/cri) @@ -36,8 +44,9 @@ See [test dashboard](https://k8s-testgrid.appspot.com/sig-node-containerd) | v1.0.0-alpha.x | | 1.7, 1.8 | v1alpha1 | | v1.0.0-beta.x | | 1.9 | v1alpha1 | | End-Of-Life | v1.1 (End-Of-Life) | 1.10+ | v1alpha2 | -| | v1.2 | 1.10+ | v1alpha2 | +| | v1.2 (Extended) | 1.10+ | v1alpha2 | | | v1.3 | 1.12+ | v1alpha2 | +| | v1.4 | 1.19+ (rc) | v1alpha2 | **Note:** The support table above specifies the Kubernetes Version that was supported at time of release of the containerd - cri integration. @@ -45,8 +54,9 @@ The following is the current support table for containerd CRI integration taking | Containerd Version | Kubernetes Version | CRI Version | |:------------------:|:------------------:|:-----------:| -| v1.2 | 1.14+ | v1alpha2 | -| v1.3 | 1.14+ | v1alpha2 | +| v1.2 | 1.15+ | v1alpha2 | +| v1.3 | 1.15+ | v1alpha2 | +| v1.4 | 1.19+ (rc) | v1alpha2 | ## Production Quality Cluster on GCE For a production quality cluster on GCE brought up with `kube-up.sh` refer [here](docs/kube-up.md). diff --git a/vendor/github.com/containerd/cri/pkg/config/config_unix.go b/vendor/github.com/containerd/cri/pkg/config/config_unix.go index 9df456b53a86..62ea662072bb 100644 --- a/vendor/github.com/containerd/cri/pkg/config/config_unix.go +++ b/vendor/github.com/containerd/cri/pkg/config/config_unix.go @@ -43,6 +43,7 @@ func DefaultConfig() PluginConfig { Options: new(toml.Primitive), }, }, + DisableSnapshotAnnotations: true, }, DisableTCPService: true, StreamServerAddress: "127.0.0.1", diff --git a/vendor/github.com/containerd/cri/pkg/server/container_create_unix.go b/vendor/github.com/containerd/cri/pkg/server/container_create_unix.go index 28863cb0c003..fc51bcf15614 100644 --- a/vendor/github.com/containerd/cri/pkg/server/container_create_unix.go +++ b/vendor/github.com/containerd/cri/pkg/server/container_create_unix.go @@ -182,11 +182,15 @@ func (c *criService) containerSpec(id string, sandboxID string, sandboxPid uint3 if !c.config.DisableProcMount { // Apply masked paths if specified. // If the container is privileged, this will be cleared later on. - specOpts = append(specOpts, oci.WithMaskedPaths(securityContext.GetMaskedPaths())) + if maskedPaths := securityContext.GetMaskedPaths(); maskedPaths != nil { + specOpts = append(specOpts, oci.WithMaskedPaths(maskedPaths)) + } // Apply readonly paths if specified. // If the container is privileged, this will be cleared later on. - specOpts = append(specOpts, oci.WithReadonlyPaths(securityContext.GetReadonlyPaths())) + if readonlyPaths := securityContext.GetReadonlyPaths(); readonlyPaths != nil { + specOpts = append(specOpts, oci.WithReadonlyPaths(readonlyPaths)) + } } if securityContext.GetPrivileged() { diff --git a/vendor/github.com/containerd/cri/vendor.conf b/vendor/github.com/containerd/cri/vendor.conf index 6a9d866c0684..be7827dc94df 100644 --- a/vendor/github.com/containerd/cri/vendor.conf +++ b/vendor/github.com/containerd/cri/vendor.conf @@ -2,7 +2,7 @@ github.com/docker/docker 4634ce647cf2ce2c6031129ccd109e557244986f github.com/opencontainers/selinux v1.6.0 github.com/tchap/go-patricia v2.2.6 -github.com/willf/bitset d5bec3311243426a3c6d1b7a795f24b17c686dbb # 1.1.10+ used by selinux pkg +github.com/willf/bitset v1.1.11 # containerd dependencies github.com/beorn7/perks v1.0.1 @@ -10,7 +10,7 @@ github.com/BurntSushi/toml v0.3.1 github.com/cespare/xxhash/v2 v2.1.1 github.com/containerd/cgroups 318312a373405e5e91134d8063d04d59768a1bff github.com/containerd/console v1.0.0 -github.com/containerd/containerd v1.4.0-rc.0 +github.com/containerd/containerd v1.4.1 github.com/containerd/continuity efbc4488d8fe1bdc16bde3b2d2990d9b3a899165 github.com/containerd/fifo f15a3290365b9d2627d189e619ab4008e0069caf github.com/containerd/go-runc 7016d3ce2328dd2cb1192b2076ebd565c4e8df0c @@ -37,8 +37,8 @@ github.com/Microsoft/go-winio v0.4.14 github.com/Microsoft/hcsshim v0.8.9 github.com/opencontainers/go-digest v1.0.0 github.com/opencontainers/image-spec v1.0.1 -github.com/opencontainers/runc 67169a9d43456ff0d5ae12b967acb8e366e2f181 # v1.0.0-rc91-48-g67169a9d -github.com/opencontainers/runtime-spec 237cc4f519e2e8f9b235bacccfa8ef5a84df2875 # v1.0.2-14-g8e2f17c +github.com/opencontainers/runc v1.0.0-rc92 +github.com/opencontainers/runtime-spec 4d89ac9fbff6c455f46a5bb59c6b1bb7184a5e43 # v1.0.3-0.20200728170252-4d89ac9fbff6 github.com/pkg/errors v0.9.1 github.com/prometheus/client_golang v1.6.0 github.com/prometheus/client_model v0.2.0 @@ -77,21 +77,21 @@ golang.org/x/oauth2 858c2ad4c8b6c5d10852cb89079f golang.org/x/time 555d28b269f0569763d25dbe1a237ae74c6bcc82 gopkg.in/inf.v0 v0.9.1 gopkg.in/yaml.v2 v2.2.8 -k8s.io/api v0.19.0-rc.4 -k8s.io/apiserver v0.19.0-rc.4 -k8s.io/apimachinery v0.19.0-rc.4 -k8s.io/client-go v0.19.0-rc.4 -k8s.io/component-base v0.19.0-rc.4 -k8s.io/cri-api v0.19.0-rc.4 +k8s.io/api v0.19.2 +k8s.io/apiserver v0.19.2 +k8s.io/apimachinery v0.19.2 +k8s.io/client-go v0.19.2 +k8s.io/component-base v0.19.2 +k8s.io/cri-api v0.19.2 k8s.io/klog/v2 v2.2.0 -k8s.io/utils 2df71ebbae66f39338aed4cd0bb82d2212ee33cc -sigs.k8s.io/structured-merge-diff/v3 v3.0.0 +k8s.io/utils d5654de09c73da55eb19ae4ab4f734f7a61747a6 +sigs.k8s.io/structured-merge-diff/v4 v4.0.1 sigs.k8s.io/yaml v1.2.0 # cni dependencies -github.com/containerd/go-cni v1.0.0 -github.com/containernetworking/cni v0.7.1 -github.com/containernetworking/plugins v0.7.6 +github.com/containerd/go-cni v1.0.1 +github.com/containernetworking/cni v0.8.0 +github.com/containernetworking/plugins v0.8.6 github.com/fsnotify/fsnotify v1.4.9 # image decrypt depedencies From 77931f8014643bd1ab44deb9b35d34ec292ece3c Mon Sep 17 00:00:00 2001 From: Samuel Karp Date: Mon, 2 Nov 2020 16:42:59 -0800 Subject: [PATCH 07/46] ci: run critest target for all runtimes Signed-off-by: Samuel Karp --- .github/workflows/ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 50db099e85af..69e5fd16c38a 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -410,10 +410,10 @@ jobs: mkdir -p ${BDIR}/{root,state} cat > ${BDIR}/config.toml < ${BDIR}/containerd-cri.log & + sudo PATH=$PATH BDIR=$BDIR /usr/local/bin/containerd -a ${BDIR}/c.sock --config ${BDIR}/config.toml --root ${BDIR}/root --state ${BDIR}/state --log-level debug &> ${BDIR}/containerd-cri.log & sudo PATH=$PATH BDIR=$BDIR /usr/local/bin/ctr -a ${BDIR}/c.sock version sudo PATH=$PATH BDIR=$BDIR GOPATH=$GOPATH critest --runtime-endpoint=unix:///${BDIR}/c.sock --parallel=8 TEST_RC=$? From 6955162877bc7791d775bddc4c4f46f2afcd424c Mon Sep 17 00:00:00 2001 From: Tianon Gravi Date: Thu, 5 Nov 2020 14:00:10 -0800 Subject: [PATCH 08/46] Remove setuid gosu in favor of "sudo -E PATH=$PATH ..." Signed-off-by: Tianon Gravi (cherry picked from commit 17688a733ad0d472ffcf87dabf5d206626f0f338) --- .github/workflows/ci.yml | 18 ++++-------------- 1 file changed, 4 insertions(+), 14 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 69e5fd16c38a..0206120c6a50 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -327,16 +327,6 @@ jobs: with: go-version: '1.13.15' - - name: Setup gosu - shell: bash - run: | - GOSU=/usr/local/bin/gosu - arch="$(dpkg --print-architecture | awk -F- '{ print $NF }')" - sudo wget -O ${GOSU} "https://github.com/tianon/gosu/releases/download/1.12/gosu-$arch" - sudo chmod +x ${GOSU} - sudo chown root ${GOSU} - sudo chmod +s ${GOSU} - - name: Set env shell: bash run: | @@ -352,10 +342,10 @@ jobs: env: RUNC_FLAVOR: ${{ matrix.runc }} run: | - sudo PATH=$PATH script/setup/install-seccomp - gosu root script/setup/install-runc - script/setup/install-cni - script/setup/install-critools + sudo -E PATH=$PATH script/setup/install-seccomp + sudo -E PATH=$PATH script/setup/install-runc + sudo -E PATH=$PATH script/setup/install-cni + sudo -E PATH=$PATH script/setup/install-critools working-directory: src/github.com/containerd/containerd - name: Install criu From e45f41e3aed4e3dcb8f3f8e1db3ac09004214ec6 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Sat, 22 Feb 2020 18:28:52 +0100 Subject: [PATCH 09/46] update to golang 1.15.2 Signed-off-by: Sebastiaan van Stijn (cherry picked from commit d1c8d9865813f2bac772c9bd920317ccc5eb3677) Signed-off-by: Akihiro Suda --- .github/workflows/ci.yml | 14 +++++++------- .github/workflows/nightly.yml | 4 ++-- .github/workflows/release.yml | 2 +- .travis.yml | 2 +- .zuul/playbooks/containerd-build/run.yaml | 2 +- Vagrantfile | 2 +- contrib/Dockerfile.test | 2 +- 7 files changed, 14 insertions(+), 14 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 0206120c6a50..19a4b8f7346a 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -26,7 +26,7 @@ jobs: - name: Install Go uses: actions/setup-go@v1 with: - go-version: '1.13.15' + go-version: '1.15.2' - name: Set env shell: bash @@ -66,7 +66,7 @@ jobs: - name: Install Go uses: actions/setup-go@v1 with: - go-version: '1.13.15' + go-version: '1.15.2' - name: Set env shell: bash @@ -138,7 +138,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v1 with: - go-version: '1.13.15' + go-version: '1.15.2' - name: Set env shell: bash @@ -185,7 +185,7 @@ jobs: - name: Install Go uses: actions/setup-go@v1 with: - go-version: '1.13.15' + go-version: '1.15.2' - name: Set env shell: bash @@ -222,7 +222,7 @@ jobs: - name: Install Go uses: actions/setup-go@v1 with: - go-version: '1.13.15' + go-version: '1.15.2' - name: Set env shell: bash @@ -254,7 +254,7 @@ jobs: - name: Install Go uses: actions/setup-go@v1 with: - go-version: '1.13.15' + go-version: '1.15.2' - name: Set env shell: bash @@ -325,7 +325,7 @@ jobs: - name: Install Go uses: actions/setup-go@v1 with: - go-version: '1.13.15' + go-version: '1.15.2' - name: Set env shell: bash diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml index b84dfb03ac3b..7e1baaad665f 100644 --- a/.github/workflows/nightly.yml +++ b/.github/workflows/nightly.yml @@ -15,7 +15,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v1 with: - go-version: '1.13.15' + go-version: '1.15.2' - name: Checkout uses: actions/checkout@v1 @@ -126,7 +126,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v1 with: - go-version: '1.13.15' + go-version: '1.15.2' - name: Checkout uses: actions/checkout@v1 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 6c2f933dc7eb..243c7d5d9158 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -62,7 +62,7 @@ jobs: - name: Install Go uses: actions/setup-go@v1 with: - go-version: '1.13.15' + go-version: '1.15.2' - name: Set env shell: bash diff --git a/.travis.yml b/.travis.yml index 663cc803dfd0..2791ee716350 100644 --- a/.travis.yml +++ b/.travis.yml @@ -15,7 +15,7 @@ os: - linux go: - - "1.13.15" + - "1.15.2" env: - TRAVIS_GOOS=linux TEST_RUNTIME=io.containerd.runc.v1 TRAVIS_CGO_ENABLED=1 TRAVIS_DISTRO=bionic GOPROXY=direct diff --git a/.zuul/playbooks/containerd-build/run.yaml b/.zuul/playbooks/containerd-build/run.yaml index 258889934b77..d537d51ea2bc 100644 --- a/.zuul/playbooks/containerd-build/run.yaml +++ b/.zuul/playbooks/containerd-build/run.yaml @@ -2,7 +2,7 @@ become: yes roles: - role: config-golang - go_version: '1.13.15' + go_version: '1.15.2' arch: arm64 tasks: - name: Build containerd diff --git a/Vagrantfile b/Vagrantfile index fac9586fa283..3d7f61515b9f 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -77,7 +77,7 @@ Vagrant.configure("2") do |config| config.vm.provision "install-golang", type: "shell", run: "once" do |sh| sh.upload_path = "/tmp/vagrant-install-golang" sh.env = { - 'GO_VERSION': ENV['GO_VERSION'] || "1.13.15", + 'GO_VERSION': ENV['GO_VERSION'] || "1.15.2", } sh.inline = <<~SHELL #!/usr/bin/env bash diff --git a/contrib/Dockerfile.test b/contrib/Dockerfile.test index e46d66faf0da..f55628e1bb29 100644 --- a/contrib/Dockerfile.test +++ b/contrib/Dockerfile.test @@ -6,7 +6,7 @@ # 3.) $ make binaries install test # -ARG GOLANG_VERSION=1.13.15 +ARG GOLANG_VERSION=1.15.2 FROM golang:${GOLANG_VERSION} AS golang-base RUN mkdir -p /go/src/github.com/containerd/containerd From 229f5ea4efdb36d3c94310fce827901f4b694ed9 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Fri, 13 Nov 2020 13:33:23 +0100 Subject: [PATCH 10/46] seccomp: add pidfd_open and pidfd_send_signal Signed-off-by: Sebastiaan van Stijn (cherry picked from commit 2dbbd10fd644e9e3fbf20c71d7531756b1c1a9e4) Signed-off-by: Sebastiaan van Stijn --- contrib/seccomp/seccomp_default.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/contrib/seccomp/seccomp_default.go b/contrib/seccomp/seccomp_default.go index f1337e6db388..78fa1e401f83 100644 --- a/contrib/seccomp/seccomp_default.go +++ b/contrib/seccomp/seccomp_default.go @@ -232,6 +232,8 @@ func DefaultProfile(sp *specs.Spec) *specs.LinuxSeccomp { "openat", "openat2", "pause", + "pidfd_open", + "pidfd_send_signal", "pipe", "pipe2", "poll", From ebffce3adf2361171c05a5746a07bc68d3db1b23 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Fri, 13 Nov 2020 13:34:49 +0100 Subject: [PATCH 11/46] seccomp: add pidfd_getfd syscall (gated by CAP_SYS_PTRACE) Signed-off-by: Sebastiaan van Stijn (cherry picked from commit 0a1104bcf3aa543e44c9ead5941f08fff3bdcf27) Signed-off-by: Sebastiaan van Stijn --- contrib/seccomp/seccomp_default.go | 1 + 1 file changed, 1 insertion(+) diff --git a/contrib/seccomp/seccomp_default.go b/contrib/seccomp/seccomp_default.go index 78fa1e401f83..dcf6a75e960c 100644 --- a/contrib/seccomp/seccomp_default.go +++ b/contrib/seccomp/seccomp_default.go @@ -573,6 +573,7 @@ func DefaultProfile(sp *specs.Spec) *specs.LinuxSeccomp { s.Syscalls = append(s.Syscalls, specs.LinuxSyscall{ Names: []string{ "kcmp", + "pidfd_getfd", "process_vm_readv", "process_vm_writev", "ptrace", From cc3be9ae3f350f8b335012f2da3df0c7310f02b2 Mon Sep 17 00:00:00 2001 From: Akihiro Suda Date: Mon, 16 Nov 2020 14:36:35 +0900 Subject: [PATCH 12/46] Bump Golang 1.15.5 Changes: https://golang.org/doc/devel/release.html#go1.15 Signed-off-by: Akihiro Suda (cherry picked from commit af0a20a4d56a999cf4b86f770b809c8e93a782f7) Signed-off-by: Akihiro Suda --- .github/workflows/ci.yml | 14 +++++++------- .github/workflows/nightly.yml | 4 ++-- .github/workflows/release.yml | 2 +- .travis.yml | 2 +- .zuul/playbooks/containerd-build/run.yaml | 2 +- Vagrantfile | 2 +- contrib/Dockerfile.test | 2 +- 7 files changed, 14 insertions(+), 14 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 19a4b8f7346a..cc63d088175a 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -26,7 +26,7 @@ jobs: - name: Install Go uses: actions/setup-go@v1 with: - go-version: '1.15.2' + go-version: '1.15.5' - name: Set env shell: bash @@ -66,7 +66,7 @@ jobs: - name: Install Go uses: actions/setup-go@v1 with: - go-version: '1.15.2' + go-version: '1.15.5' - name: Set env shell: bash @@ -138,7 +138,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v1 with: - go-version: '1.15.2' + go-version: '1.15.5' - name: Set env shell: bash @@ -185,7 +185,7 @@ jobs: - name: Install Go uses: actions/setup-go@v1 with: - go-version: '1.15.2' + go-version: '1.15.5' - name: Set env shell: bash @@ -222,7 +222,7 @@ jobs: - name: Install Go uses: actions/setup-go@v1 with: - go-version: '1.15.2' + go-version: '1.15.5' - name: Set env shell: bash @@ -254,7 +254,7 @@ jobs: - name: Install Go uses: actions/setup-go@v1 with: - go-version: '1.15.2' + go-version: '1.15.5' - name: Set env shell: bash @@ -325,7 +325,7 @@ jobs: - name: Install Go uses: actions/setup-go@v1 with: - go-version: '1.15.2' + go-version: '1.15.5' - name: Set env shell: bash diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml index 7e1baaad665f..98f3dd8d7660 100644 --- a/.github/workflows/nightly.yml +++ b/.github/workflows/nightly.yml @@ -15,7 +15,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v1 with: - go-version: '1.15.2' + go-version: '1.15.5' - name: Checkout uses: actions/checkout@v1 @@ -126,7 +126,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v1 with: - go-version: '1.15.2' + go-version: '1.15.5' - name: Checkout uses: actions/checkout@v1 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 243c7d5d9158..ff6fea8b3f37 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -62,7 +62,7 @@ jobs: - name: Install Go uses: actions/setup-go@v1 with: - go-version: '1.15.2' + go-version: '1.15.5' - name: Set env shell: bash diff --git a/.travis.yml b/.travis.yml index 2791ee716350..362404e923bf 100644 --- a/.travis.yml +++ b/.travis.yml @@ -15,7 +15,7 @@ os: - linux go: - - "1.15.2" + - "1.15.5" env: - TRAVIS_GOOS=linux TEST_RUNTIME=io.containerd.runc.v1 TRAVIS_CGO_ENABLED=1 TRAVIS_DISTRO=bionic GOPROXY=direct diff --git a/.zuul/playbooks/containerd-build/run.yaml b/.zuul/playbooks/containerd-build/run.yaml index d537d51ea2bc..b1975468d8d6 100644 --- a/.zuul/playbooks/containerd-build/run.yaml +++ b/.zuul/playbooks/containerd-build/run.yaml @@ -2,7 +2,7 @@ become: yes roles: - role: config-golang - go_version: '1.15.2' + go_version: '1.15.5' arch: arm64 tasks: - name: Build containerd diff --git a/Vagrantfile b/Vagrantfile index 3d7f61515b9f..e44eb7c8e63a 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -77,7 +77,7 @@ Vagrant.configure("2") do |config| config.vm.provision "install-golang", type: "shell", run: "once" do |sh| sh.upload_path = "/tmp/vagrant-install-golang" sh.env = { - 'GO_VERSION': ENV['GO_VERSION'] || "1.15.2", + 'GO_VERSION': ENV['GO_VERSION'] || "1.15.5", } sh.inline = <<~SHELL #!/usr/bin/env bash diff --git a/contrib/Dockerfile.test b/contrib/Dockerfile.test index f55628e1bb29..bb5a01e961f2 100644 --- a/contrib/Dockerfile.test +++ b/contrib/Dockerfile.test @@ -6,7 +6,7 @@ # 3.) $ make binaries install test # -ARG GOLANG_VERSION=1.15.2 +ARG GOLANG_VERSION=1.15.5 FROM golang:${GOLANG_VERSION} AS golang-base RUN mkdir -p /go/src/github.com/containerd/containerd From 0a3488c712d699694f7b2c2458e7498f29d5e89a Mon Sep 17 00:00:00 2001 From: Phil Estes Date: Tue, 17 Nov 2020 10:40:05 -0500 Subject: [PATCH 13/46] Fix GH Actions CI deprecations Also switch to use pre-packaged containerd project checks Signed-off-by: Phil Estes --- .github/workflows/ci.yml | 87 +++++++--------------------------------- 1 file changed, 15 insertions(+), 72 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index cc63d088175a..15cb07c7cfcb 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -31,8 +31,8 @@ jobs: - name: Set env shell: bash run: | - echo "::set-env name=GOPATH::${{ github.workspace }}" - echo "::add-path::${{ github.workspace }}/bin" + echo "GOPATH=${{ github.workspace }}" >> $GITHUB_ENV + echo "${{ github.workspace }}/bin" >> $GITHUB_PATH - name: Checkout uses: actions/checkout@v2 @@ -60,71 +60,14 @@ jobs: timeout-minutes: 5 steps: - # - # Install Go - # - - name: Install Go - uses: actions/setup-go@v1 - with: - go-version: '1.15.5' - - - name: Set env - shell: bash - run: | - echo "::set-env name=GOPATH::${{ github.workspace }}" - echo "::add-path::${{ github.workspace }}/bin" - - # - # Checkout repos - # - - name: Checkout this repo - uses: actions/checkout@v2 + - uses: actions/checkout@v2 with: path: src/github.com/containerd/containerd fetch-depth: 100 - - name: Checkout project repo - uses: actions/checkout@v2 + - uses: containerd/project-checks@v1 with: - repository: containerd/project - path: src/github.com/containerd/project - - # - # Go get dependencies - # - - name: Install dependencies - env: - GO111MODULE: off - run: | - go get -u github.com/vbatts/git-validation - go get -u github.com/kunalkushwaha/ltag - go get -u github.com/LK4D4/vndr - - # - # DCO / File headers / Vendor directory validation - # - - name: DCO - env: - GITHUB_COMMIT_URL: ${{ github.event.pull_request.commits_url }} - DCO_VERBOSITY: "-q" - DCO_RANGE: "" - working-directory: src/github.com/containerd/containerd - run: | - set -x - if [ -z "${GITHUB_COMMIT_URL}" ]; then - DCO_RANGE=$(jq -r '.after + "..HEAD"' ${GITHUB_EVENT_PATH}) - else - DCO_RANGE=$(curl ${GITHUB_COMMIT_URL} | jq -r '.[0].parents[0].sha + "..HEAD"') - fi - ../project/script/validate/dco - - - name: Headers - run: ../project/script/validate/fileheader ../project/ - working-directory: src/github.com/containerd/containerd - - - name: Vendor - run: ../project/script/validate/vendor - working-directory: src/github.com/containerd/containerd + working-directory: src/github.com/containerd/containerd # # Protobuf checks @@ -143,8 +86,8 @@ jobs: - name: Set env shell: bash run: | - echo "::set-env name=GOPATH::${{ github.workspace }}" - echo "::add-path::${{ github.workspace }}/bin" + echo "GOPATH=${{ github.workspace }}" >> $GITHUB_ENV + echo "${{ github.workspace }}/bin" >> $GITHUB_PATH - name: Checkout uses: actions/checkout@v2 @@ -190,8 +133,8 @@ jobs: - name: Set env shell: bash run: | - echo "::set-env name=GOPATH::${{ github.workspace }}" - echo "::add-path::${{ github.workspace }}/bin" + echo "GOPATH=${{ github.workspace }}" >> $GITHUB_ENV + echo "${{ github.workspace }}/bin" >> $GITHUB_PATH - name: Checkout uses: actions/checkout@v2 @@ -227,8 +170,8 @@ jobs: - name: Set env shell: bash run: | - echo "::set-env name=GOPATH::${{ github.workspace }}" - echo "::add-path::${{ github.workspace }}/bin" + echo "GOPATH=${{ github.workspace }}" >> $GITHUB_ENV + echo "${{ github.workspace }}/bin" >> $GITHUB_PATH - name: Checkout uses: actions/checkout@v2 @@ -259,8 +202,8 @@ jobs: - name: Set env shell: bash run: | - echo "::set-env name=GOPATH::${{ github.workspace }}" - echo "::add-path::${{ github.workspace }}/src/github.com/containerd/containerd/bin" + echo "GOPATH=${{ github.workspace }}" >> $GITHUB_ENV + echo "${{ github.workspace }}/src/github.com/containerd/containerd/bin" >> $GITHUB_PATH - name: Checkout containerd uses: actions/checkout@v2 @@ -330,8 +273,8 @@ jobs: - name: Set env shell: bash run: | - echo "::set-env name=GOPATH::${{ github.workspace }}" - echo "::add-path::${{ github.workspace }}/bin" + echo "GOPATH=${{ github.workspace }}" >> $GITHUB_ENV + echo "${{ github.workspace }}/bin" >> $GITHUB_PATH - name: Checkout containerd uses: actions/checkout@v2 From 6ebd9a94a47bf8a885b2a8441ccea4494dcd0d21 Mon Sep 17 00:00:00 2001 From: Phil Estes Date: Tue, 17 Nov 2020 14:20:48 -0500 Subject: [PATCH 14/46] Update other actions for env/path CVE fix Signed-off-by: Phil Estes (cherry picked from commit 159fb2e7e248a1865e26d9db42f72e5dbe003cd9) --- .github/workflows/nightly.yml | 16 ++++++++++++++-- .github/workflows/release.yml | 8 ++++---- 2 files changed, 18 insertions(+), 6 deletions(-) diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml index 98f3dd8d7660..56e6322e1980 100644 --- a/.github/workflows/nightly.yml +++ b/.github/workflows/nightly.yml @@ -23,7 +23,13 @@ jobs: GOPATH: ${{ runner.workspace }} GO111MODULE: off with: - path: ./src/github.com/containerd/containerd + path: src/github.com/containerd/containerd + + - name: Set env + shell: bash + run: | + echo "GOPATH=${{ github.workspace }}" >> $GITHUB_ENV + echo "${{ github.workspace }}/bin" >> $GITHUB_PATH # # Build @@ -134,7 +140,13 @@ jobs: GOPATH: ${{ runner.workspace }} GO111MODULE: off with: - path: ./src/github.com/containerd/containerd + path: src/github.com/containerd/containerd + + - name: Set env + shell: bash + run: | + echo "GOPATH=${{ github.workspace }}" >> $GITHUB_ENV + echo "${{ github.workspace }}/bin" >> $GITHUB_PATH - name: Build amd64 env: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index ff6fea8b3f37..92b7bd0a73c9 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -75,10 +75,10 @@ jobs: [[ "${MOS}" =~ "windows" ]] && { os=windows } - echo "::set-env name=RELEASE_VER::${releasever}" - echo "::set-env name=GOPATH::${{ github.workspace }}" - echo "::set-env name=OS::${os}" - echo "::add-path::${{ github.workspace }}/bin" + echo "RELEASE_VER=${releasever}" >> $GITHUB_ENV + echo "GOPATH=${{ github.workspace }}" >> $GITHUB_ENV + echo "OS=${os}" >> $GITHUB_ENV + echo "${{ github.workspace }}/bin" >> $GITHUB_PATH - name: Checkout containerd uses: actions/checkout@v2 From 16e51fc3173a4eb066443571ee974f67ad24a4e5 Mon Sep 17 00:00:00 2001 From: Brian Goff Date: Mon, 28 Sep 2020 18:38:57 +0000 Subject: [PATCH 15/46] Fix integer overflow on windows Signed-off-by: Brian Goff (cherry picked from commit bd7c6ca6fa95295c20d531001fe4758bd4560d3a) Signed-off-by: Sebastiaan van Stijn --- cmd/containerd/command/service_windows.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/cmd/containerd/command/service_windows.go b/cmd/containerd/command/service_windows.go index 655295fc89ec..1292010aa0ca 100644 --- a/cmd/containerd/command/service_windows.go +++ b/cmd/containerd/command/service_windows.go @@ -347,8 +347,8 @@ func initPanicFile(path string) error { // Update STD_ERROR_HANDLE to point to the panic file so that Go writes to // it when it panics. Remember the old stderr to restore it before removing // the panic file. - sh := windows.STD_ERROR_HANDLE - h, err := windows.GetStdHandle(uint32(sh)) + sh := uint32(windows.STD_ERROR_HANDLE) + h, err := windows.GetStdHandle(sh) if err != nil { return err } @@ -372,7 +372,7 @@ func initPanicFile(path string) error { func removePanicFile() { if st, err := panicFile.Stat(); err == nil { if st.Size() == 0 { - sh := windows.STD_ERROR_HANDLE + sh := uint32(windows.STD_ERROR_HANDLE) setStdHandle.Call(uintptr(sh), uintptr(oldStderr)) panicFile.Close() os.Remove(panicFile.Name()) From 56291a2212c4723c73932a76a8cbc78ce0c14a61 Mon Sep 17 00:00:00 2001 From: YLonely Date: Tue, 3 Nov 2020 02:54:19 +0000 Subject: [PATCH 16/46] bug fix:#3448 Signed-off-by: Bowen Yan (cherry picked from commit 019148ef4c1bdc287191574dc607ff6e58d66a4f) Signed-off-by: Sebastiaan van Stijn --- container_restore_opts.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/container_restore_opts.go b/container_restore_opts.go index 03722dba1a54..fb60e8de9d69 100644 --- a/container_restore_opts.go +++ b/container_restore_opts.go @@ -87,21 +87,21 @@ func WithRestoreRuntime(ctx context.Context, id string, client *Client, checkpoi return err } } - var options *ptypes.Any + var options ptypes.Any if m != nil { store := client.ContentStore() data, err := content.ReadBlob(ctx, store, *m) if err != nil { return errors.Wrap(err, "unable to read checkpoint runtime") } - if err := proto.Unmarshal(data, options); err != nil { + if err := proto.Unmarshal(data, &options); err != nil { return err } } c.Runtime = containers.RuntimeInfo{ Name: name, - Options: options, + Options: &options, } return nil } From 9b2156aa854b9996d254835cb90e8c496404556c Mon Sep 17 00:00:00 2001 From: Amr Mahdi Date: Mon, 26 Oct 2020 04:46:48 +0000 Subject: [PATCH 17/46] Improve image pull performance from http 1.1 container registries Private registries that does not support http 2.0 such as Azure Container Registry streams back content in a max of 16KB chunks (max TLS record size). The small chunks introduce an overhead when copying the layers to the content store sine each chunk incurs the overhead of grpc message that has to be sent to the content store. This change reduces this overhead by buffering the chunks into 1MB chunks and only then writes a message to the content store. Below is a per comparsion between the 2 approaches using a couple of large images that are being pulled from the docker hub (http 2.0) and a private Azure CR (http 1.1) in seconds. image | Buffered copy | master ------- |---------------|---------- docker.io/pytorch/pytorch:latest | 55.63 | 58.33 docker.io/nvidia/cuda:latest | 72.05 | 75.98 containerdpulltest.azurecr.io/pytorch/pytorch:latest | 61.45 | 77.1 containerdpulltest.azurecr.io/nvidia/cuda:latest | 77.13 | 85.47 Signed-off-by: Amr Mahdi (cherry picked from commit 289130b8a7760b813c7bcfdd37f978a17f10c31a) Signed-off-by: Amr Mahdi --- content/helpers.go | 29 ++++++++++++++++++++++++++--- 1 file changed, 26 insertions(+), 3 deletions(-) diff --git a/content/helpers.go b/content/helpers.go index c1c2046186a8..46ca556e9205 100644 --- a/content/helpers.go +++ b/content/helpers.go @@ -230,8 +230,31 @@ func seekReader(r io.Reader, offset, size int64) (io.Reader, error) { } func copyWithBuffer(dst io.Writer, src io.Reader) (written int64, err error) { - buf := bufPool.Get().(*[]byte) - written, err = io.CopyBuffer(dst, src, *buf) - bufPool.Put(buf) + bufRef := bufPool.Get().(*[]byte) + defer bufPool.Put(bufRef) + buf := *bufRef + for { + nr, er := io.ReadAtLeast(src, buf, len(buf)) + if nr > 0 { + nw, ew := dst.Write(buf[0:nr]) + if nw > 0 { + written += int64(nw) + } + if ew != nil { + err = ew + break + } + if nr != nw { + err = io.ErrShortWrite + break + } + } + if er != nil { + if er != io.EOF && er != io.ErrUnexpectedEOF { + err = er + } + break + } + } return } From a2ebee35788e0eb10343e87cf658625f89432e91 Mon Sep 17 00:00:00 2001 From: Amr Mahdi Date: Tue, 27 Oct 2020 01:25:36 +0000 Subject: [PATCH 18/46] replicate io.Copy optimizations Signed-off-by: Amr Mahdi (cherry picked from commit f6834d4c0b9a0433d6723ea172ad333ddc44936b) Signed-off-by: Amr Mahdi --- content/helpers.go | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/content/helpers.go b/content/helpers.go index 46ca556e9205..d15c9822408e 100644 --- a/content/helpers.go +++ b/content/helpers.go @@ -230,6 +230,15 @@ func seekReader(r io.Reader, offset, size int64) (io.Reader, error) { } func copyWithBuffer(dst io.Writer, src io.Reader) (written int64, err error) { + // If the reader has a WriteTo method, use it to do the copy. + // Avoids an allocation and a copy. + if wt, ok := src.(io.WriterTo); ok { + return wt.WriteTo(dst) + } + // Similarly, if the writer has a ReadFrom method, use it to do the copy. + if rt, ok := dst.(io.ReaderFrom); ok { + return rt.ReadFrom(src) + } bufRef := bufPool.Get().(*[]byte) defer bufPool.Put(bufRef) buf := *bufRef From 5618423a0e3b5ea66d4a4edd49cff443b71dac8b Mon Sep 17 00:00:00 2001 From: Amr Mahdi Date: Tue, 3 Nov 2020 04:23:52 +0000 Subject: [PATCH 19/46] Add comments clarifying copyWithBuffer implementation Signed-off-by: Amr Mahdi (cherry picked from commit b81917ee72a8e705127006084619b5c0ef76aa8e) Signed-off-by: Amr Mahdi --- content/helpers.go | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/content/helpers.go b/content/helpers.go index d15c9822408e..4c4a35308e67 100644 --- a/content/helpers.go +++ b/content/helpers.go @@ -229,6 +229,10 @@ func seekReader(r io.Reader, offset, size int64) (io.Reader, error) { return r, nil } +// copyWithBuffer is very similar to io.CopyBuffer https://golang.org/pkg/io/#CopyBuffer +// but instead of using Read to read from the src, we use ReadAtLeast to make sure we have +// a full buffer before we do a write operation to dst to reduce overheads associated +// with the write operations of small buffers. func copyWithBuffer(dst io.Writer, src io.Reader) (written int64, err error) { // If the reader has a WriteTo method, use it to do the copy. // Avoids an allocation and a copy. @@ -259,6 +263,8 @@ func copyWithBuffer(dst io.Writer, src io.Reader) (written int64, err error) { } } if er != nil { + // If an EOF happens after reading fewer than the requested bytes, + // ReadAtLeast returns ErrUnexpectedEOF. if er != io.EOF && er != io.ErrUnexpectedEOF { err = er } From 036ede698d050155a2b972f34c09b3a55070b0de Mon Sep 17 00:00:00 2001 From: Phil Estes Date: Thu, 19 Nov 2020 08:40:22 -0500 Subject: [PATCH 20/46] Import crypto for all snapshotters during testsuite Fixes runtime panic for testing snapshotters Signed-off-by: Phil Estes (cherry picked from commit 027ee569a3bcebed1f55f0aabdb5c0db35fc79cf) --- snapshots/testsuite/testsuite.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/snapshots/testsuite/testsuite.go b/snapshots/testsuite/testsuite.go index b2434025f56e..367a00837b68 100644 --- a/snapshots/testsuite/testsuite.go +++ b/snapshots/testsuite/testsuite.go @@ -18,6 +18,8 @@ package testsuite import ( "context" + //nolint:golint + _ "crypto/sha256" "fmt" "io/ioutil" "math/rand" From 7eb8522146cfcd5f7d7e62eb1b3eff1d55ea65de Mon Sep 17 00:00:00 2001 From: Phil Estes Date: Tue, 10 Nov 2020 10:55:00 -0500 Subject: [PATCH 21/46] Allow oom adj test to run in environments with a score GitHub Actions process wrapper sets score adj to 500 for any process; the OOM score adj test expected default adj to be 0 during test. Signed-off-by: Phil Estes (cherry picked from commit af2fb4eb777880fda0ba9004422d70742f4df7c1) --- sys/oom_unix_test.go | 23 ++++++++++++++--------- 1 file changed, 14 insertions(+), 9 deletions(-) diff --git a/sys/oom_unix_test.go b/sys/oom_unix_test.go index 9bad2db53f2f..e6be852bcbf2 100644 --- a/sys/oom_unix_test.go +++ b/sys/oom_unix_test.go @@ -30,7 +30,7 @@ import ( ) func TestSetPositiveOomScoreAdjustment(t *testing.T) { - adjustment, err := adjustOom(123) + _, adjustment, err := adjustOom(123) if err != nil { t.Error(err) return @@ -44,7 +44,7 @@ func TestSetNegativeOomScoreAdjustmentWhenPrivileged(t *testing.T) { return } - adjustment, err := adjustOom(-123) + _, adjustment, err := adjustOom(-123) if err != nil { t.Error(err) return @@ -58,32 +58,37 @@ func TestSetNegativeOomScoreAdjustmentWhenUnprivilegedHasNoEffect(t *testing.T) return } - adjustment, err := adjustOom(-123) + initial, adjustment, err := adjustOom(-123) if err != nil { t.Error(err) return } - assert.Check(t, is.Equal(adjustment, 0)) + assert.Check(t, is.Equal(adjustment, initial)) } -func adjustOom(adjustment int) (int, error) { +func adjustOom(adjustment int) (int, int, error) { cmd := exec.Command("sleep", "100") if err := cmd.Start(); err != nil { - return 0, err + return 0, 0, err } defer cmd.Process.Kill() pid, err := waitForPid(cmd.Process) if err != nil { - return 0, err + return 0, 0, err + } + initial, err := GetOOMScoreAdj(pid) + if err != nil { + return 0, 0, err } if err := SetOOMScore(pid, adjustment); err != nil { - return 0, err + return 0, 0, err } - return GetOOMScoreAdj(pid) + adj, err := GetOOMScoreAdj(pid) + return initial, adj, err } func waitForPid(process *os.Process) (int, error) { From 19776b75b3ae4488b50c92f45caabf543e438b89 Mon Sep 17 00:00:00 2001 From: Phil Estes Date: Thu, 19 Nov 2020 10:59:40 -0500 Subject: [PATCH 22/46] Adjust overlay tests to expect "index=off" When running tests on any modern distro, this assumption will work. If we need to make it work with kernels where we don't append this option it will require some more involved changes. Signed-off-by: Phil Estes (cherry picked from commit 85d9fe3e8ce823894fc47122f46da0dfabd9c657) --- snapshots/overlay/overlay_test.go | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/snapshots/overlay/overlay_test.go b/snapshots/overlay/overlay_test.go index 7671b83dc3d6..77eed8530641 100644 --- a/snapshots/overlay/overlay_test.go +++ b/snapshots/overlay/overlay_test.go @@ -174,6 +174,7 @@ func testOverlayOverlayMount(t *testing.T, newSnapshotter testsuite.SnapshotterF lower = "lowerdir=" + getParents(ctx, o, root, "/tmp/layer2")[0] ) for i, v := range []string{ + "index=off", work, upper, lower, @@ -334,12 +335,12 @@ func testOverlayView(t *testing.T, newSnapshotter testsuite.SnapshotterFunc) { if m.Source != "overlay" { t.Errorf("mount source should be overlay but received %q", m.Source) } - if len(m.Options) != 1 { - t.Errorf("expected 1 mount option but got %d", len(m.Options)) + if len(m.Options) != 2 { + t.Errorf("expected 1 additional mount option but got %d", len(m.Options)) } lowers := getParents(ctx, o, root, "/tmp/view2") expected = fmt.Sprintf("lowerdir=%s:%s", lowers[0], lowers[1]) - if m.Options[0] != expected { + if m.Options[1] != expected { t.Errorf("expected option %q but received %q", expected, m.Options[0]) } } From cbbf257abf285ca80d12f73e24f1a7bd97a1a065 Mon Sep 17 00:00:00 2001 From: Phil Estes Date: Tue, 10 Nov 2020 09:32:56 -0500 Subject: [PATCH 23/46] Add Go test runs to GitHub Actions CI Disable devmapper for now until test issues are fixed. Signed-off-by: Phil Estes (cherry picked from commit c11472d31dc77bda2c8804023fc5d18a5f0d2ed1) --- .github/workflows/ci.yml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 15cb07c7cfcb..1570757dbe14 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -233,6 +233,15 @@ jobs: git fetch --tags origin "${SHIM_COMMIT}" git checkout "${SHIM_COMMIT}" GO111MODULE=on go build -mod=vendor -o "${bindir}/containerd-shim-runhcs-v1.exe" ./cmd/containerd-shim-runhcs-v1 + + - name: Tests + shell: bash + env: + CGO_ENABLED: 1 + run: | + cd src/github.com/containerd/containerd + mingw32-make.exe test root-test + - name: Integration 1 shell: bash run: | @@ -316,6 +325,15 @@ jobs: sudo make install working-directory: src/github.com/containerd/containerd + - name: Tests + env: + GOPROXY: direct + SKIPTESTS: github.com/containerd/containerd/snapshots/devmapper + run: | + make test + sudo -E PATH=$PATH GOPATH=$GOPATH GOPROXY=$GOPROXY make root-test + working-directory: src/github.com/containerd/containerd + - name: Integration 1 env: GOPROXY: direct From fbe18caa19f7b414dca8433455b5d4b4662c7d4c Mon Sep 17 00:00:00 2001 From: Phil Estes Date: Wed, 11 Nov 2020 14:13:26 -0500 Subject: [PATCH 24/46] Update btrfs vendor for chkptr fix for Go >= 1.14 Signed-off-by: Phil Estes (cherry picked from commit 6fb56aa58bb97d67ca823baa41a8aa03a2ae195f) --- vendor.conf | 2 +- vendor/github.com/containerd/btrfs/btrfs.go | 6 +++--- vendor/github.com/containerd/btrfs/go.mod | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/vendor.conf b/vendor.conf index 0b74526a5ff3..80abd01f7a5f 100644 --- a/vendor.conf +++ b/vendor.conf @@ -1,7 +1,7 @@ github.com/beorn7/perks v1.0.1 github.com/BurntSushi/toml v0.3.1 github.com/cespare/xxhash/v2 v2.1.1 -github.com/containerd/btrfs 153935315f4ab9be5bf03650a1341454b05efa5d +github.com/containerd/btrfs 404b9149801e455c8076f615b06dc0abee0a977a github.com/containerd/cgroups 318312a373405e5e91134d8063d04d59768a1bff github.com/containerd/console v1.0.0 github.com/containerd/continuity efbc4488d8fe1bdc16bde3b2d2990d9b3a899165 diff --git a/vendor/github.com/containerd/btrfs/btrfs.go b/vendor/github.com/containerd/btrfs/btrfs.go index a055890eb183..f9c30b3dd517 100644 --- a/vendor/github.com/containerd/btrfs/btrfs.go +++ b/vendor/github.com/containerd/btrfs/btrfs.go @@ -275,7 +275,7 @@ func SubvolCreate(path string) error { if len(name) > C.BTRFS_PATH_NAME_MAX { return errors.Errorf("%q too long for subvolume", name) } - nameptr := (*[maxByteSliceSize]byte)(unsafe.Pointer(&args.name[0])) + nameptr := (*[maxByteSliceSize]byte)(unsafe.Pointer(&args.name[0]))[:C.BTRFS_PATH_NAME_MAX:C.BTRFS_PATH_NAME_MAX] copy(nameptr[:C.BTRFS_PATH_NAME_MAX], []byte(name)) if err := ioctl(fp.Fd(), C.BTRFS_IOC_SUBVOL_CREATE, uintptr(unsafe.Pointer(&args))); err != nil { @@ -311,7 +311,7 @@ func SubvolSnapshot(dst, src string, readonly bool) error { return errors.Errorf("%q too long for subvolume", dstname) } - nameptr := (*[maxByteSliceSize]byte)(unsafe.Pointer(name)) + nameptr := (*[maxByteSliceSize]byte)(unsafe.Pointer(name))[:C.BTRFS_SUBVOL_NAME_MAX:C.BTRFS_SUBVOL_NAME_MAX] copy(nameptr[:C.BTRFS_SUBVOL_NAME_MAX], []byte(dstname)) if readonly { @@ -370,7 +370,7 @@ func SubvolDelete(path string) error { return errors.Errorf("%q too long for subvolume", name) } - nameptr := (*[maxByteSliceSize]byte)(unsafe.Pointer(&args.name[0])) + nameptr := (*[maxByteSliceSize]byte)(unsafe.Pointer(&args.name[0]))[:C.BTRFS_SUBVOL_NAME_MAX:C.BTRFS_SUBVOL_NAME_MAX] copy(nameptr[:C.BTRFS_SUBVOL_NAME_MAX], []byte(name)) if err := ioctl(fp.Fd(), C.BTRFS_IOC_SNAP_DESTROY, uintptr(unsafe.Pointer(&args))); err != nil { diff --git a/vendor/github.com/containerd/btrfs/go.mod b/vendor/github.com/containerd/btrfs/go.mod index d5488a51dc9b..81c0be727456 100644 --- a/vendor/github.com/containerd/btrfs/go.mod +++ b/vendor/github.com/containerd/btrfs/go.mod @@ -1,5 +1,5 @@ module github.com/containerd/btrfs -go 1.13 +go 1.15 require github.com/pkg/errors v0.8.1 From c0f1add3c95ce1c06c566488d85c20a77070ef12 Mon Sep 17 00:00:00 2001 From: Kevin Parsons Date: Tue, 24 Nov 2020 01:37:00 -0800 Subject: [PATCH 25/46] Fix Windows service panic file to not be read-only Go 1.14 introduced a change to os.OpenFile (and syscall.Open) on Windows that uses the permissions passed to determine if the file should be created read-only or not. If the user-write bit (0200) is not set, then FILE_ATTRIBUTE_READONLY is set on the underlying CreateFile call. This is a significant change for any Windows code which created new files and set the permissions to 0 (previously the permissions had no affect, so some code didn't set them at all). This change fixes the issue for the Windows service panic file. It will now properly be created as a non-read-only file on Go 1.14+. I have looked over the rest of the containerd code and didn't see other places where this seems like an issue. Signed-off-by: Kevin Parsons (cherry picked from commit b2420ebcd1c403d29cd700fdcc032cce07006260) Signed-off-by: Derek McGowan --- cmd/containerd/command/service_windows.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/containerd/command/service_windows.go b/cmd/containerd/command/service_windows.go index 1292010aa0ca..a78c331c27d1 100644 --- a/cmd/containerd/command/service_windows.go +++ b/cmd/containerd/command/service_windows.go @@ -323,7 +323,7 @@ Loop: func initPanicFile(path string) error { var err error - panicFile, err = os.OpenFile(path, os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0) + panicFile, err = os.OpenFile(path, os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0644) if err != nil { return err } From 0b97c6204195cd4b764bd302c7eed90388f96d81 Mon Sep 17 00:00:00 2001 From: Derek McGowan Date: Tue, 24 Nov 2020 17:41:35 -0800 Subject: [PATCH 26/46] Update cri plugin Signed-off-by: Derek McGowan --- vendor.conf | 16 +++--- vendor/github.com/containerd/cri/README.md | 4 +- .../cri/pkg/server/container_create_unix.go | 7 +-- .../containerd/cri/pkg/server/image_pull.go | 50 +++++++++++++------ vendor/github.com/containerd/cri/vendor.conf | 12 ++--- vendor/k8s.io/api/go.mod | 4 +- vendor/k8s.io/apimachinery/go.mod | 6 +-- .../apimachinery/pkg/runtime/converter.go | 2 +- .../k8s.io/apimachinery/pkg/util/net/http.go | 10 ++-- .../k8s.io/apimachinery/pkg/util/net/util.go | 31 +++--------- vendor/k8s.io/apiserver/go.mod | 24 ++++----- vendor/k8s.io/client-go/go.mod | 10 ++-- vendor/k8s.io/client-go/transport/cache.go | 47 +++++++++-------- .../structured-merge-diff/{v3 => v4}/LICENSE | 0 .../{v3 => v4}/README.md | 4 +- .../structured-merge-diff/{v3 => v4}/go.mod | 3 +- .../{v3 => v4}/value/allocator.go | 0 .../{v3 => v4}/value/doc.go | 0 .../{v3 => v4}/value/fields.go | 0 .../{v3 => v4}/value/jsontagutil.go | 0 .../{v3 => v4}/value/list.go | 0 .../{v3 => v4}/value/listreflect.go | 0 .../{v3 => v4}/value/listunstructured.go | 0 .../{v3 => v4}/value/map.go | 0 .../{v3 => v4}/value/mapreflect.go | 0 .../{v3 => v4}/value/mapunstructured.go | 0 .../{v3 => v4}/value/reflectcache.go | 0 .../{v3 => v4}/value/scalar.go | 0 .../{v3 => v4}/value/structreflect.go | 0 .../{v3 => v4}/value/value.go | 0 .../{v3 => v4}/value/valuereflect.go | 0 .../{v3 => v4}/value/valueunstructured.go | 0 32 files changed, 122 insertions(+), 108 deletions(-) rename vendor/sigs.k8s.io/structured-merge-diff/{v3 => v4}/LICENSE (100%) rename vendor/sigs.k8s.io/structured-merge-diff/{v3 => v4}/README.md (96%) rename vendor/sigs.k8s.io/structured-merge-diff/{v3 => v4}/go.mod (73%) rename vendor/sigs.k8s.io/structured-merge-diff/{v3 => v4}/value/allocator.go (100%) rename vendor/sigs.k8s.io/structured-merge-diff/{v3 => v4}/value/doc.go (100%) rename vendor/sigs.k8s.io/structured-merge-diff/{v3 => v4}/value/fields.go (100%) rename vendor/sigs.k8s.io/structured-merge-diff/{v3 => v4}/value/jsontagutil.go (100%) rename vendor/sigs.k8s.io/structured-merge-diff/{v3 => v4}/value/list.go (100%) rename vendor/sigs.k8s.io/structured-merge-diff/{v3 => v4}/value/listreflect.go (100%) rename vendor/sigs.k8s.io/structured-merge-diff/{v3 => v4}/value/listunstructured.go (100%) rename vendor/sigs.k8s.io/structured-merge-diff/{v3 => v4}/value/map.go (100%) rename vendor/sigs.k8s.io/structured-merge-diff/{v3 => v4}/value/mapreflect.go (100%) rename vendor/sigs.k8s.io/structured-merge-diff/{v3 => v4}/value/mapunstructured.go (100%) rename vendor/sigs.k8s.io/structured-merge-diff/{v3 => v4}/value/reflectcache.go (100%) rename vendor/sigs.k8s.io/structured-merge-diff/{v3 => v4}/value/scalar.go (100%) rename vendor/sigs.k8s.io/structured-merge-diff/{v3 => v4}/value/structreflect.go (100%) rename vendor/sigs.k8s.io/structured-merge-diff/{v3 => v4}/value/value.go (100%) rename vendor/sigs.k8s.io/structured-merge-diff/{v3 => v4}/value/valuereflect.go (100%) rename vendor/sigs.k8s.io/structured-merge-diff/{v3 => v4}/value/valueunstructured.go (100%) diff --git a/vendor.conf b/vendor.conf index 80abd01f7a5f..2dd74c59fef3 100644 --- a/vendor.conf +++ b/vendor.conf @@ -57,7 +57,7 @@ gotest.tools/v3 v3.0.2 github.com/cilium/ebpf 1c8d4c9ef7759622653a1d319284a44652333b28 # cri dependencies -github.com/containerd/cri 61363b3e2c97ba2d389dc774d977fc906591a6fd # release/1.4 +github.com/containerd/cri 9e81bf566b91195c4cdd64ebeda839efb952ec3d # release/1.4 github.com/davecgh/go-spew v1.1.1 github.com/docker/docker 4634ce647cf2ce2c6031129ccd109e557244986f github.com/docker/spdystream 449fdfce4d962303d702fec724ef0ad181c92528 @@ -75,14 +75,14 @@ golang.org/x/oauth2 858c2ad4c8b6c5d10852cb89079f golang.org/x/time 555d28b269f0569763d25dbe1a237ae74c6bcc82 gopkg.in/inf.v0 v0.9.1 gopkg.in/yaml.v2 v2.2.8 -k8s.io/api v0.19.0-rc.4 -k8s.io/apimachinery v0.19.0-rc.4 -k8s.io/apiserver v0.19.0-rc.4 -k8s.io/client-go v0.19.0-rc.4 -k8s.io/cri-api v0.19.0-rc.4 +k8s.io/api v0.19.4 +k8s.io/apimachinery v0.19.4 +k8s.io/apiserver v0.19.4 +k8s.io/client-go v0.19.4 +k8s.io/cri-api v0.19.4 k8s.io/klog/v2 v2.2.0 -k8s.io/utils 2df71ebbae66f39338aed4cd0bb82d2212ee33cc -sigs.k8s.io/structured-merge-diff/v3 v3.0.0 +k8s.io/utils d5654de09c73da55eb19ae4ab4f734f7a61747a6 +sigs.k8s.io/structured-merge-diff/v4 v4.0.1 sigs.k8s.io/yaml v1.2.0 # cni dependencies diff --git a/vendor/github.com/containerd/cri/README.md b/vendor/github.com/containerd/cri/README.md index 1b3663ac969f..7f0ecf1a8fdf 100644 --- a/vendor/github.com/containerd/cri/README.md +++ b/vendor/github.com/containerd/cri/README.md @@ -46,7 +46,7 @@ See [test dashboard](https://k8s-testgrid.appspot.com/sig-node-containerd) | End-Of-Life | v1.1 (End-Of-Life) | 1.10+ | v1alpha2 | | | v1.2 (Extended) | 1.10+ | v1alpha2 | | | v1.3 | 1.12+ | v1alpha2 | -| | v1.4 | 1.19+ (rc) | v1alpha2 | +| | v1.4 | 1.19+ | v1alpha2 | **Note:** The support table above specifies the Kubernetes Version that was supported at time of release of the containerd - cri integration. @@ -56,7 +56,7 @@ The following is the current support table for containerd CRI integration taking |:------------------:|:------------------:|:-----------:| | v1.2 | 1.15+ | v1alpha2 | | v1.3 | 1.15+ | v1alpha2 | -| v1.4 | 1.19+ (rc) | v1alpha2 | +| v1.4 | 1.19+ | v1alpha2 | ## Production Quality Cluster on GCE For a production quality cluster on GCE brought up with `kube-up.sh` refer [here](docs/kube-up.md). diff --git a/vendor/github.com/containerd/cri/pkg/server/container_create_unix.go b/vendor/github.com/containerd/cri/pkg/server/container_create_unix.go index fc51bcf15614..6ebebf9ad48d 100644 --- a/vendor/github.com/containerd/cri/pkg/server/container_create_unix.go +++ b/vendor/github.com/containerd/cri/pkg/server/container_create_unix.go @@ -101,9 +101,10 @@ func (c *criService) containerMounts(sandboxID string, config *runtime.Container sandboxDevShm = devShm } mounts = append(mounts, &runtime.Mount{ - ContainerPath: devShm, - HostPath: sandboxDevShm, - Readonly: false, + ContainerPath: devShm, + HostPath: sandboxDevShm, + Readonly: false, + SelinuxRelabel: sandboxDevShm != devShm, }) } return mounts diff --git a/vendor/github.com/containerd/cri/pkg/server/image_pull.go b/vendor/github.com/containerd/cri/pkg/server/image_pull.go index 7407edd29612..71aecfc3a4ac 100644 --- a/vendor/github.com/containerd/cri/pkg/server/image_pull.go +++ b/vendor/github.com/containerd/cri/pkg/server/image_pull.go @@ -31,6 +31,7 @@ import ( "github.com/containerd/containerd" "github.com/containerd/containerd/errdefs" containerdimages "github.com/containerd/containerd/images" + "github.com/containerd/containerd/labels" "github.com/containerd/containerd/log" distribution "github.com/containerd/containerd/reference/docker" "github.com/containerd/containerd/remotes/docker" @@ -455,18 +456,21 @@ const ( // targetRefLabel is a label which contains image reference and will be passed // to snapshotters. targetRefLabel = "containerd.io/snapshot/cri.image-ref" - // targetDigestLabel is a label which contains layer digest and will be passed + // targetManifestDigestLabel is a label which contains manifest digest and will be passed // to snapshotters. - targetDigestLabel = "containerd.io/snapshot/cri.layer-digest" + targetManifestDigestLabel = "containerd.io/snapshot/cri.manifest-digest" + // targetLayerDigestLabel is a label which contains layer digest and will be passed + // to snapshotters. + targetLayerDigestLabel = "containerd.io/snapshot/cri.layer-digest" // targetImageLayersLabel is a label which contains layer digests contained in // the target image and will be passed to snapshotters for preparing layers in - // parallel. + // parallel. Skipping some layers is allowed and only affects performance. targetImageLayersLabel = "containerd.io/snapshot/cri.image-layers" ) // appendInfoHandlerWrapper makes a handler which appends some basic information -// of images to each layer descriptor as annotations during unpack. These -// annotations will be passed to snapshotters as labels. These labels will be +// of images like digests for manifest and their child layers as annotations during unpack. +// These annotations will be passed to snapshotters as labels. These labels will be // used mainly by stargz-based snapshotters for querying image contents from the // registry. func appendInfoHandlerWrapper(ref string) func(f containerdimages.Handler) containerdimages.Handler { @@ -478,15 +482,6 @@ func appendInfoHandlerWrapper(ref string) func(f containerdimages.Handler) conta } switch desc.MediaType { case imagespec.MediaTypeImageManifest, containerdimages.MediaTypeDockerSchema2Manifest: - var layers string - for _, c := range children { - if containerdimages.IsLayerType(c.MediaType) { - layers += fmt.Sprintf("%s,", c.Digest.String()) - } - } - if len(layers) >= 1 { - layers = layers[:len(layers)-1] - } for i := range children { c := &children[i] if containerdimages.IsLayerType(c.MediaType) { @@ -494,8 +489,9 @@ func appendInfoHandlerWrapper(ref string) func(f containerdimages.Handler) conta c.Annotations = make(map[string]string) } c.Annotations[targetRefLabel] = ref - c.Annotations[targetDigestLabel] = c.Digest.String() - c.Annotations[targetImageLayersLabel] = layers + c.Annotations[targetLayerDigestLabel] = c.Digest.String() + c.Annotations[targetImageLayersLabel] = getLayers(ctx, targetImageLayersLabel, children[i:], labels.Validate) + c.Annotations[targetManifestDigestLabel] = desc.Digest.String() } } } @@ -503,3 +499,25 @@ func appendInfoHandlerWrapper(ref string) func(f containerdimages.Handler) conta }) } } + +// getLayers returns comma-separated digests based on the passed list of +// descriptors. The returned list contains as many digests as possible as well +// as meets the label validation. +func getLayers(ctx context.Context, key string, descs []imagespec.Descriptor, validate func(k, v string) error) (layers string) { + var item string + for _, l := range descs { + if containerdimages.IsLayerType(l.MediaType) { + item = l.Digest.String() + if layers != "" { + item = "," + item + } + // This avoids the label hits the size limitation. + if err := validate(key, layers+item); err != nil { + log.G(ctx).WithError(err).WithField("label", key).Debugf("%q is omitted in the layers list", l.Digest.String()) + break + } + layers += item + } + } + return +} diff --git a/vendor/github.com/containerd/cri/vendor.conf b/vendor/github.com/containerd/cri/vendor.conf index be7827dc94df..918327be0aee 100644 --- a/vendor/github.com/containerd/cri/vendor.conf +++ b/vendor/github.com/containerd/cri/vendor.conf @@ -77,12 +77,12 @@ golang.org/x/oauth2 858c2ad4c8b6c5d10852cb89079f golang.org/x/time 555d28b269f0569763d25dbe1a237ae74c6bcc82 gopkg.in/inf.v0 v0.9.1 gopkg.in/yaml.v2 v2.2.8 -k8s.io/api v0.19.2 -k8s.io/apiserver v0.19.2 -k8s.io/apimachinery v0.19.2 -k8s.io/client-go v0.19.2 -k8s.io/component-base v0.19.2 -k8s.io/cri-api v0.19.2 +k8s.io/api v0.19.4 +k8s.io/apiserver v0.19.4 +k8s.io/apimachinery v0.19.4 +k8s.io/client-go v0.19.4 +k8s.io/component-base v0.19.4 +k8s.io/cri-api v0.19.4 k8s.io/klog/v2 v2.2.0 k8s.io/utils d5654de09c73da55eb19ae4ab4f734f7a61747a6 sigs.k8s.io/structured-merge-diff/v4 v4.0.1 diff --git a/vendor/k8s.io/api/go.mod b/vendor/k8s.io/api/go.mod index d05dbf98ade3..fe853d23d6f1 100644 --- a/vendor/k8s.io/api/go.mod +++ b/vendor/k8s.io/api/go.mod @@ -7,7 +7,7 @@ go 1.15 require ( github.com/gogo/protobuf v1.3.1 github.com/stretchr/testify v1.4.0 - k8s.io/apimachinery v0.19.0-rc.4 + k8s.io/apimachinery v0.19.4 ) -replace k8s.io/apimachinery => k8s.io/apimachinery v0.19.0-rc.4 +replace k8s.io/apimachinery => k8s.io/apimachinery v0.19.4 diff --git a/vendor/k8s.io/apimachinery/go.mod b/vendor/k8s.io/apimachinery/go.mod index 407f5e094d88..1c00a34610cc 100644 --- a/vendor/k8s.io/apimachinery/go.mod +++ b/vendor/k8s.io/apimachinery/go.mod @@ -8,7 +8,7 @@ require ( github.com/davecgh/go-spew v1.1.1 github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96 github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153 - github.com/evanphx/json-patch v0.0.0-20190815234213-e83c0a1c26c8 + github.com/evanphx/json-patch v4.9.0+incompatible github.com/fsnotify/fsnotify v1.4.9 // indirect github.com/gogo/protobuf v1.3.1 github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7 @@ -33,7 +33,7 @@ require ( gopkg.in/inf.v0 v0.9.1 gopkg.in/yaml.v2 v2.2.8 k8s.io/klog/v2 v2.2.0 - k8s.io/kube-openapi v0.0.0-20200427153329-656914f816f9 - sigs.k8s.io/structured-merge-diff/v3 v3.0.1-0.20200706213357-43c19bbb7fba + k8s.io/kube-openapi v0.0.0-20200805222855-6aeccd4b50c6 + sigs.k8s.io/structured-merge-diff/v4 v4.0.1 sigs.k8s.io/yaml v1.2.0 ) diff --git a/vendor/k8s.io/apimachinery/pkg/runtime/converter.go b/vendor/k8s.io/apimachinery/pkg/runtime/converter.go index 31f6e00b0f71..871e4c8c46e8 100644 --- a/vendor/k8s.io/apimachinery/pkg/runtime/converter.go +++ b/vendor/k8s.io/apimachinery/pkg/runtime/converter.go @@ -31,7 +31,7 @@ import ( "k8s.io/apimachinery/pkg/conversion" "k8s.io/apimachinery/pkg/util/json" utilruntime "k8s.io/apimachinery/pkg/util/runtime" - "sigs.k8s.io/structured-merge-diff/v3/value" + "sigs.k8s.io/structured-merge-diff/v4/value" "k8s.io/klog/v2" ) diff --git a/vendor/k8s.io/apimachinery/pkg/util/net/http.go b/vendor/k8s.io/apimachinery/pkg/util/net/http.go index 406df25e0b5a..945886c43800 100644 --- a/vendor/k8s.io/apimachinery/pkg/util/net/http.go +++ b/vendor/k8s.io/apimachinery/pkg/util/net/http.go @@ -62,8 +62,11 @@ func JoinPreservingTrailingSlash(elem ...string) string { // IsTimeout returns true if the given error is a network timeout error func IsTimeout(err error) bool { - neterr, ok := err.(net.Error) - return ok && neterr != nil && neterr.Timeout() + var neterr net.Error + if errors.As(err, &neterr) { + return neterr != nil && neterr.Timeout() + } + return false } // IsProbableEOF returns true if the given error resembles a connection termination @@ -76,7 +79,8 @@ func IsProbableEOF(err error) bool { if err == nil { return false } - if uerr, ok := err.(*url.Error); ok { + var uerr *url.Error + if errors.As(err, &uerr) { err = uerr.Err } msg := err.Error() diff --git a/vendor/k8s.io/apimachinery/pkg/util/net/util.go b/vendor/k8s.io/apimachinery/pkg/util/net/util.go index 2e7cb9499465..5950087e022f 100644 --- a/vendor/k8s.io/apimachinery/pkg/util/net/util.go +++ b/vendor/k8s.io/apimachinery/pkg/util/net/util.go @@ -17,9 +17,8 @@ limitations under the License. package net import ( + "errors" "net" - "net/url" - "os" "reflect" "syscall" ) @@ -40,34 +39,18 @@ func IPNetEqual(ipnet1, ipnet2 *net.IPNet) bool { // Returns if the given err is "connection reset by peer" error. func IsConnectionReset(err error) bool { - if urlErr, ok := err.(*url.Error); ok { - err = urlErr.Err - } - if opErr, ok := err.(*net.OpError); ok { - err = opErr.Err - } - if osErr, ok := err.(*os.SyscallError); ok { - err = osErr.Err - } - if errno, ok := err.(syscall.Errno); ok && errno == syscall.ECONNRESET { - return true + var errno syscall.Errno + if errors.As(err, &errno) { + return errno == syscall.ECONNRESET } return false } // Returns if the given err is "connection refused" error func IsConnectionRefused(err error) bool { - if urlErr, ok := err.(*url.Error); ok { - err = urlErr.Err - } - if opErr, ok := err.(*net.OpError); ok { - err = opErr.Err - } - if osErr, ok := err.(*os.SyscallError); ok { - err = osErr.Err - } - if errno, ok := err.(syscall.Errno); ok && errno == syscall.ECONNREFUSED { - return true + var errno syscall.Errno + if errors.As(err, &errno) { + return errno == syscall.ECONNREFUSED } return false } diff --git a/vendor/k8s.io/apiserver/go.mod b/vendor/k8s.io/apiserver/go.mod index b00ffd0f7db1..002d99936618 100644 --- a/vendor/k8s.io/apiserver/go.mod +++ b/vendor/k8s.io/apiserver/go.mod @@ -12,7 +12,7 @@ require ( github.com/davecgh/go-spew v1.1.1 github.com/dustin/go-humanize v1.0.0 // indirect github.com/emicklei/go-restful v2.9.5+incompatible - github.com/evanphx/json-patch v0.0.0-20190815234213-e83c0a1c26c8 + github.com/evanphx/json-patch v4.9.0+incompatible github.com/go-openapi/jsonreference v0.19.3 // indirect github.com/go-openapi/spec v0.19.3 github.com/gogo/protobuf v1.3.1 @@ -31,7 +31,7 @@ require ( github.com/stretchr/testify v1.4.0 github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5 // indirect go.etcd.io/bbolt v1.3.5 // indirect - go.etcd.io/etcd v0.5.0-alpha.5.0.20200716221620-18dfb9cca345 + go.etcd.io/etcd v0.5.0-alpha.5.0.20200819165624-17cef6e3e9d5 go.uber.org/zap v1.10.0 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9 golang.org/x/net v0.0.0-20200707034311-ab3426394381 @@ -41,21 +41,21 @@ require ( gopkg.in/natefinch/lumberjack.v2 v2.0.0 gopkg.in/square/go-jose.v2 v2.2.2 gopkg.in/yaml.v2 v2.2.8 - k8s.io/api v0.19.0-rc.4 - k8s.io/apimachinery v0.19.0-rc.4 - k8s.io/client-go v0.19.0-rc.4 - k8s.io/component-base v0.19.0-rc.4 + k8s.io/api v0.19.4 + k8s.io/apimachinery v0.19.4 + k8s.io/client-go v0.19.4 + k8s.io/component-base v0.19.4 k8s.io/klog/v2 v2.2.0 - k8s.io/kube-openapi v0.0.0-20200427153329-656914f816f9 + k8s.io/kube-openapi v0.0.0-20200805222855-6aeccd4b50c6 k8s.io/utils v0.0.0-20200729134348-d5654de09c73 sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.9 - sigs.k8s.io/structured-merge-diff/v3 v3.0.1-0.20200706213357-43c19bbb7fba + sigs.k8s.io/structured-merge-diff/v4 v4.0.1 sigs.k8s.io/yaml v1.2.0 ) replace ( - k8s.io/api => k8s.io/api v0.19.0-rc.4 - k8s.io/apimachinery => k8s.io/apimachinery v0.19.0-rc.4 - k8s.io/client-go => k8s.io/client-go v0.19.0-rc.4 - k8s.io/component-base => k8s.io/component-base v0.19.0-rc.4 + k8s.io/api => k8s.io/api v0.19.4 + k8s.io/apimachinery => k8s.io/apimachinery v0.19.4 + k8s.io/client-go => k8s.io/client-go v0.19.4 + k8s.io/component-base => k8s.io/component-base v0.19.4 ) diff --git a/vendor/k8s.io/client-go/go.mod b/vendor/k8s.io/client-go/go.mod index 32cd2c138414..ec152c17582e 100644 --- a/vendor/k8s.io/client-go/go.mod +++ b/vendor/k8s.io/client-go/go.mod @@ -9,7 +9,7 @@ require ( github.com/Azure/go-autorest/autorest v0.9.6 github.com/Azure/go-autorest/autorest/adal v0.8.2 github.com/davecgh/go-spew v1.1.1 - github.com/evanphx/json-patch v0.0.0-20190815234213-e83c0a1c26c8 + github.com/evanphx/json-patch v4.9.0+incompatible github.com/gogo/protobuf v1.3.1 github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7 github.com/golang/protobuf v1.4.2 @@ -26,14 +26,14 @@ require ( golang.org/x/net v0.0.0-20200707034311-ab3426394381 golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6 golang.org/x/time v0.0.0-20191024005414-555d28b269f0 - k8s.io/api v0.19.0-rc.4 - k8s.io/apimachinery v0.19.0-rc.4 + k8s.io/api v0.19.4 + k8s.io/apimachinery v0.19.4 k8s.io/klog/v2 v2.2.0 k8s.io/utils v0.0.0-20200729134348-d5654de09c73 sigs.k8s.io/yaml v1.2.0 ) replace ( - k8s.io/api => k8s.io/api v0.19.0-rc.4 - k8s.io/apimachinery => k8s.io/apimachinery v0.19.0-rc.4 + k8s.io/api => k8s.io/api v0.19.4 + k8s.io/apimachinery => k8s.io/apimachinery v0.19.4 ) diff --git a/vendor/k8s.io/client-go/transport/cache.go b/vendor/k8s.io/client-go/transport/cache.go index 3ec4e19357de..fa2afb1f161e 100644 --- a/vendor/k8s.io/client-go/transport/cache.go +++ b/vendor/k8s.io/client-go/transport/cache.go @@ -47,12 +47,9 @@ type tlsCacheKey struct { keyData string certFile string keyFile string - getCert string serverName string nextProtos string - dial string disableCompression bool - proxy string } func (t tlsCacheKey) String() string { @@ -60,22 +57,24 @@ func (t tlsCacheKey) String() string { if len(t.keyData) > 0 { keyText = "" } - return fmt.Sprintf("insecure:%v, caData:%#v, certData:%#v, keyData:%s, getCert: %s, serverName:%s, dial:%s disableCompression:%t, proxy: %s", t.insecure, t.caData, t.certData, keyText, t.getCert, t.serverName, t.dial, t.disableCompression, t.proxy) + return fmt.Sprintf("insecure:%v, caData:%#v, certData:%#v, keyData:%s, serverName:%s, disableCompression:%t", t.insecure, t.caData, t.certData, keyText, t.serverName, t.disableCompression) } func (c *tlsTransportCache) get(config *Config) (http.RoundTripper, error) { - key, err := tlsConfigKey(config) + key, canCache, err := tlsConfigKey(config) if err != nil { return nil, err } - // Ensure we only create a single transport for the given TLS options - c.mu.Lock() - defer c.mu.Unlock() + if canCache { + // Ensure we only create a single transport for the given TLS options + c.mu.Lock() + defer c.mu.Unlock() - // See if we already have a custom transport for this config - if t, ok := c.transports[key]; ok { - return t, nil + // See if we already have a custom transport for this config + if t, ok := c.transports[key]; ok { + return t, nil + } } // Get the TLS options for this client config @@ -110,8 +109,7 @@ func (c *tlsTransportCache) get(config *Config) (http.RoundTripper, error) { proxy = config.Proxy } - // Cache a single transport for these options - c.transports[key] = utilnet.SetTransportDefaults(&http.Transport{ + transport := utilnet.SetTransportDefaults(&http.Transport{ Proxy: proxy, TLSHandshakeTimeout: 10 * time.Second, TLSClientConfig: tlsConfig, @@ -119,24 +117,33 @@ func (c *tlsTransportCache) get(config *Config) (http.RoundTripper, error) { DialContext: dial, DisableCompression: config.DisableCompression, }) - return c.transports[key], nil + + if canCache { + // Cache a single transport for these options + c.transports[key] = transport + } + + return transport, nil } // tlsConfigKey returns a unique key for tls.Config objects returned from TLSConfigFor -func tlsConfigKey(c *Config) (tlsCacheKey, error) { +func tlsConfigKey(c *Config) (tlsCacheKey, bool, error) { // Make sure ca/key/cert content is loaded if err := loadTLSFiles(c); err != nil { - return tlsCacheKey{}, err + return tlsCacheKey{}, false, err } + + if c.TLS.GetCert != nil || c.Dial != nil || c.Proxy != nil { + // cannot determine equality for functions + return tlsCacheKey{}, false, nil + } + k := tlsCacheKey{ insecure: c.TLS.Insecure, caData: string(c.TLS.CAData), - getCert: fmt.Sprintf("%p", c.TLS.GetCert), serverName: c.TLS.ServerName, nextProtos: strings.Join(c.TLS.NextProtos, ","), - dial: fmt.Sprintf("%p", c.Dial), disableCompression: c.DisableCompression, - proxy: fmt.Sprintf("%p", c.Proxy), } if c.TLS.ReloadTLSFiles { @@ -147,5 +154,5 @@ func tlsConfigKey(c *Config) (tlsCacheKey, error) { k.keyData = string(c.TLS.KeyData) } - return k, nil + return k, true, nil } diff --git a/vendor/sigs.k8s.io/structured-merge-diff/v3/LICENSE b/vendor/sigs.k8s.io/structured-merge-diff/v4/LICENSE similarity index 100% rename from vendor/sigs.k8s.io/structured-merge-diff/v3/LICENSE rename to vendor/sigs.k8s.io/structured-merge-diff/v4/LICENSE diff --git a/vendor/sigs.k8s.io/structured-merge-diff/v3/README.md b/vendor/sigs.k8s.io/structured-merge-diff/v4/README.md similarity index 96% rename from vendor/sigs.k8s.io/structured-merge-diff/v3/README.md rename to vendor/sigs.k8s.io/structured-merge-diff/v4/README.md index ad2d1315c5f1..3f3491e53b5a 100644 --- a/vendor/sigs.k8s.io/structured-merge-diff/v3/README.md +++ b/vendor/sigs.k8s.io/structured-merge-diff/v4/README.md @@ -57,8 +57,8 @@ Learn how to engage with the Kubernetes community on the [community page](http:/ You can reach the maintainers of this project at: -- [Slack](http://slack.k8s.io/) -- [Mailing List](https://groups.google.com/forum/#!forum/kubernetes-wg-apply) +- Slack: [#wg-api-expression](https://kubernetes.slack.com/messages/wg-api-expression) +- [Mailing List](https://groups.google.com/forum/#!forum/kubernetes-wg-api-expression) ### Code of conduct diff --git a/vendor/sigs.k8s.io/structured-merge-diff/v3/go.mod b/vendor/sigs.k8s.io/structured-merge-diff/v4/go.mod similarity index 73% rename from vendor/sigs.k8s.io/structured-merge-diff/v3/go.mod rename to vendor/sigs.k8s.io/structured-merge-diff/v4/go.mod index fae371bff8c8..404c5fed3ef8 100644 --- a/vendor/sigs.k8s.io/structured-merge-diff/v3/go.mod +++ b/vendor/sigs.k8s.io/structured-merge-diff/v4/go.mod @@ -1,4 +1,4 @@ -module sigs.k8s.io/structured-merge-diff/v3 +module sigs.k8s.io/structured-merge-diff/v4 require gopkg.in/yaml.v2 v2.2.1 @@ -7,6 +7,7 @@ require ( github.com/json-iterator/go v1.1.6 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.1 // indirect + github.com/stretchr/testify v1.3.0 // indirect ) go 1.13 diff --git a/vendor/sigs.k8s.io/structured-merge-diff/v3/value/allocator.go b/vendor/sigs.k8s.io/structured-merge-diff/v4/value/allocator.go similarity index 100% rename from vendor/sigs.k8s.io/structured-merge-diff/v3/value/allocator.go rename to vendor/sigs.k8s.io/structured-merge-diff/v4/value/allocator.go diff --git a/vendor/sigs.k8s.io/structured-merge-diff/v3/value/doc.go b/vendor/sigs.k8s.io/structured-merge-diff/v4/value/doc.go similarity index 100% rename from vendor/sigs.k8s.io/structured-merge-diff/v3/value/doc.go rename to vendor/sigs.k8s.io/structured-merge-diff/v4/value/doc.go diff --git a/vendor/sigs.k8s.io/structured-merge-diff/v3/value/fields.go b/vendor/sigs.k8s.io/structured-merge-diff/v4/value/fields.go similarity index 100% rename from vendor/sigs.k8s.io/structured-merge-diff/v3/value/fields.go rename to vendor/sigs.k8s.io/structured-merge-diff/v4/value/fields.go diff --git a/vendor/sigs.k8s.io/structured-merge-diff/v3/value/jsontagutil.go b/vendor/sigs.k8s.io/structured-merge-diff/v4/value/jsontagutil.go similarity index 100% rename from vendor/sigs.k8s.io/structured-merge-diff/v3/value/jsontagutil.go rename to vendor/sigs.k8s.io/structured-merge-diff/v4/value/jsontagutil.go diff --git a/vendor/sigs.k8s.io/structured-merge-diff/v3/value/list.go b/vendor/sigs.k8s.io/structured-merge-diff/v4/value/list.go similarity index 100% rename from vendor/sigs.k8s.io/structured-merge-diff/v3/value/list.go rename to vendor/sigs.k8s.io/structured-merge-diff/v4/value/list.go diff --git a/vendor/sigs.k8s.io/structured-merge-diff/v3/value/listreflect.go b/vendor/sigs.k8s.io/structured-merge-diff/v4/value/listreflect.go similarity index 100% rename from vendor/sigs.k8s.io/structured-merge-diff/v3/value/listreflect.go rename to vendor/sigs.k8s.io/structured-merge-diff/v4/value/listreflect.go diff --git a/vendor/sigs.k8s.io/structured-merge-diff/v3/value/listunstructured.go b/vendor/sigs.k8s.io/structured-merge-diff/v4/value/listunstructured.go similarity index 100% rename from vendor/sigs.k8s.io/structured-merge-diff/v3/value/listunstructured.go rename to vendor/sigs.k8s.io/structured-merge-diff/v4/value/listunstructured.go diff --git a/vendor/sigs.k8s.io/structured-merge-diff/v3/value/map.go b/vendor/sigs.k8s.io/structured-merge-diff/v4/value/map.go similarity index 100% rename from vendor/sigs.k8s.io/structured-merge-diff/v3/value/map.go rename to vendor/sigs.k8s.io/structured-merge-diff/v4/value/map.go diff --git a/vendor/sigs.k8s.io/structured-merge-diff/v3/value/mapreflect.go b/vendor/sigs.k8s.io/structured-merge-diff/v4/value/mapreflect.go similarity index 100% rename from vendor/sigs.k8s.io/structured-merge-diff/v3/value/mapreflect.go rename to vendor/sigs.k8s.io/structured-merge-diff/v4/value/mapreflect.go diff --git a/vendor/sigs.k8s.io/structured-merge-diff/v3/value/mapunstructured.go b/vendor/sigs.k8s.io/structured-merge-diff/v4/value/mapunstructured.go similarity index 100% rename from vendor/sigs.k8s.io/structured-merge-diff/v3/value/mapunstructured.go rename to vendor/sigs.k8s.io/structured-merge-diff/v4/value/mapunstructured.go diff --git a/vendor/sigs.k8s.io/structured-merge-diff/v3/value/reflectcache.go b/vendor/sigs.k8s.io/structured-merge-diff/v4/value/reflectcache.go similarity index 100% rename from vendor/sigs.k8s.io/structured-merge-diff/v3/value/reflectcache.go rename to vendor/sigs.k8s.io/structured-merge-diff/v4/value/reflectcache.go diff --git a/vendor/sigs.k8s.io/structured-merge-diff/v3/value/scalar.go b/vendor/sigs.k8s.io/structured-merge-diff/v4/value/scalar.go similarity index 100% rename from vendor/sigs.k8s.io/structured-merge-diff/v3/value/scalar.go rename to vendor/sigs.k8s.io/structured-merge-diff/v4/value/scalar.go diff --git a/vendor/sigs.k8s.io/structured-merge-diff/v3/value/structreflect.go b/vendor/sigs.k8s.io/structured-merge-diff/v4/value/structreflect.go similarity index 100% rename from vendor/sigs.k8s.io/structured-merge-diff/v3/value/structreflect.go rename to vendor/sigs.k8s.io/structured-merge-diff/v4/value/structreflect.go diff --git a/vendor/sigs.k8s.io/structured-merge-diff/v3/value/value.go b/vendor/sigs.k8s.io/structured-merge-diff/v4/value/value.go similarity index 100% rename from vendor/sigs.k8s.io/structured-merge-diff/v3/value/value.go rename to vendor/sigs.k8s.io/structured-merge-diff/v4/value/value.go diff --git a/vendor/sigs.k8s.io/structured-merge-diff/v3/value/valuereflect.go b/vendor/sigs.k8s.io/structured-merge-diff/v4/value/valuereflect.go similarity index 100% rename from vendor/sigs.k8s.io/structured-merge-diff/v3/value/valuereflect.go rename to vendor/sigs.k8s.io/structured-merge-diff/v4/value/valuereflect.go diff --git a/vendor/sigs.k8s.io/structured-merge-diff/v3/value/valueunstructured.go b/vendor/sigs.k8s.io/structured-merge-diff/v4/value/valueunstructured.go similarity index 100% rename from vendor/sigs.k8s.io/structured-merge-diff/v3/value/valueunstructured.go rename to vendor/sigs.k8s.io/structured-merge-diff/v4/value/valueunstructured.go From ca9950755257ad316709f4c819f239fa332fb6a6 Mon Sep 17 00:00:00 2001 From: Derek McGowan Date: Wed, 25 Nov 2020 17:24:56 -0800 Subject: [PATCH 27/46] Update cri version to pickup unknown state fix Signed-off-by: Derek McGowan --- vendor.conf | 2 +- vendor/github.com/containerd/cri/pkg/server/events.go | 11 ++++------- 2 files changed, 5 insertions(+), 8 deletions(-) diff --git a/vendor.conf b/vendor.conf index 2dd74c59fef3..70214ac1b744 100644 --- a/vendor.conf +++ b/vendor.conf @@ -57,7 +57,7 @@ gotest.tools/v3 v3.0.2 github.com/cilium/ebpf 1c8d4c9ef7759622653a1d319284a44652333b28 # cri dependencies -github.com/containerd/cri 9e81bf566b91195c4cdd64ebeda839efb952ec3d # release/1.4 +github.com/containerd/cri adc0b6a578ed6f646bb24c1c639d65b70e14cccc # release/1.4 github.com/davecgh/go-spew v1.1.1 github.com/docker/docker 4634ce647cf2ce2c6031129ccd109e557244986f github.com/docker/spdystream 449fdfce4d962303d702fec724ef0ad181c92528 diff --git a/vendor/github.com/containerd/cri/pkg/server/events.go b/vendor/github.com/containerd/cri/pkg/server/events.go index df465f22c135..fcc1d9a6f315 100644 --- a/vendor/github.com/containerd/cri/pkg/server/events.go +++ b/vendor/github.com/containerd/cri/pkg/server/events.go @@ -325,14 +325,11 @@ func handleContainerExit(ctx context.Context, e *eventtypes.TaskExit, cntr conta } } err = cntr.Status.UpdateSync(func(status containerstore.Status) (containerstore.Status, error) { - // If FinishedAt has been set (e.g. with start failure), keep as - // it is. - if status.FinishedAt != 0 { - return status, nil + if status.FinishedAt == 0 { + status.Pid = 0 + status.FinishedAt = e.ExitedAt.UnixNano() + status.ExitCode = int32(e.ExitStatus) } - status.Pid = 0 - status.FinishedAt = e.ExitedAt.UnixNano() - status.ExitCode = int32(e.ExitStatus) // Unknown state can only transit to EXITED state, so we need // to handle unknown state here. if status.Unknown { From 76f3d19551d7175a3cb11dd1b3f5f68be6ffaaa1 Mon Sep 17 00:00:00 2001 From: Derek McGowan Date: Wed, 25 Nov 2020 13:49:01 -0800 Subject: [PATCH 28/46] Update mailmap for 1.4.2 release Signed-off-by: Derek McGowan --- .mailmap | 1 + 1 file changed, 1 insertion(+) diff --git a/.mailmap b/.mailmap index 10e9a96e034e..4659530f634a 100644 --- a/.mailmap +++ b/.mailmap @@ -12,6 +12,7 @@ Arnaud Porterie Arnaud Porterie Bob Mader Boris Popovschi +Bowen Yan Brent Baude Cao Zhihao Cao Zhihao From f2e4291b6c398b321fb74d6ea829b15c92508ecb Mon Sep 17 00:00:00 2001 From: Derek McGowan Date: Tue, 24 Nov 2020 17:50:28 -0800 Subject: [PATCH 29/46] Prepare 1.4.2 release Signed-off-by: Derek McGowan --- releases/v1.4.2.toml | 35 +++++++++++++++++++++++++++++++++++ version/version.go | 2 +- 2 files changed, 36 insertions(+), 1 deletion(-) create mode 100644 releases/v1.4.2.toml diff --git a/releases/v1.4.2.toml b/releases/v1.4.2.toml new file mode 100644 index 000000000000..1f300f8b492c --- /dev/null +++ b/releases/v1.4.2.toml @@ -0,0 +1,35 @@ +# commit to be tagged for new release +commit = "HEAD" + +project_name = "containerd" +github_repo = "containerd/containerd" +match_deps = "^github.com/(containerd/[a-zA-Z0-9-]+)$" + +# previous release +previous = "v1.4.1" + +pre_release = false + +preface = """\ +The second patch release for `containerd` 1.4 includes multiple minor fixes +and updates. + +### Notable Updates + +* Fix bug limiting the number of layers by default [containerd/cri#1602](https://github.com/containerd/cri/pull/1602) +* Fix selinux shared memory issue by relabeling /dev/shm [containerd/cri#1605](https://github.com/containerd/cri/pull/1605) +* Fix unknown state preventing removal of containers [containerd/containerd#4656](https://github.com/containerd/containerd/pull/4656) +* Fix nil pointer error when restoring checkpoint [containerd/containerd#4754](https://github.com/containerd/containerd/pull/4754) +* Improve image pull performance when using HTTP 1.1 [containerd/containerd#4653](https://github.com/containerd/containerd/pull/4653) +* Update default seccomp profile for pidfd [containerd/containerd#4730](https://github.com/containerd/containerd/pull/4730) +* Update Go to 1.15 + +### Windows +* Fix integer overflow on Windows [containerd/containerd#4589](https://github.com/containerd/containerd/pull/4589) +* Fix lcow snapshotter to read trailing tar data [containerd/containerd#4628](https://github.com/containerd/containerd/pull/4628) +""" + +# notable prs to include in the release notes, 1234 is the pr number +[notes] + +[breaking] diff --git a/version/version.go b/version/version.go index 9a2354028867..465da18a19fd 100644 --- a/version/version.go +++ b/version/version.go @@ -23,7 +23,7 @@ var ( Package = "github.com/containerd/containerd" // Version holds the complete version number. Filled in at linking time. - Version = "1.4.1+unknown" + Version = "1.4.2+unknown" // Revision is filled with the VCS (e.g. git) revision being used to build // the program at linking time. From 428f10fd27eb1f9bd0b9aaa33a6579416c3a8b12 Mon Sep 17 00:00:00 2001 From: Michael Crosby Date: Wed, 24 Jun 2020 15:13:21 -0400 Subject: [PATCH 30/46] Use path based unix socket for shims This allows filesystem based ACLs for configuring access to the socket of a shim. Co-authored-by: Samuel Karp Signed-off-by: Samuel Karp Signed-off-by: Michael Crosby Signed-off-by: Michael Crosby --- cmd/ctr/commands/shim/shim.go | 8 ++- runtime/v2/runc/v1/service.go | 18 ++++-- runtime/v2/runc/v2/service.go | 43 +++++++++++---- runtime/v2/shim/shim.go | 9 ++- runtime/v2/shim/shim_unix.go | 8 +-- runtime/v2/shim/util.go | 2 +- runtime/v2/shim/util_unix.go | 98 +++++++++++++++++++++++++++++---- runtime/v2/shim/util_windows.go | 6 ++ 8 files changed, 155 insertions(+), 37 deletions(-) diff --git a/cmd/ctr/commands/shim/shim.go b/cmd/ctr/commands/shim/shim.go index a5caeae2d01d..c210dbc6c0b9 100644 --- a/cmd/ctr/commands/shim/shim.go +++ b/cmd/ctr/commands/shim/shim.go @@ -24,6 +24,7 @@ import ( "io/ioutil" "net" "path/filepath" + "strings" "github.com/containerd/console" "github.com/containerd/containerd/cmd/ctr/commands" @@ -240,10 +241,11 @@ func getTaskService(context *cli.Context) (task.TaskService, error) { s1 := filepath.Join(string(filepath.Separator), "containerd-shim", ns, id, "shim.sock") // this should not error, ctr always get a default ns ctx := namespaces.WithNamespace(gocontext.Background(), ns) - s2, _ := shim.SocketAddress(ctx, id) + s2, _ := shim.SocketAddress(ctx, context.GlobalString("address"), id) + s2 = strings.TrimPrefix(s2, "unix://") - for _, socket := range []string{s1, s2} { - conn, err := net.Dial("unix", "\x00"+socket) + for _, socket := range []string{s2, "\x00" + s1} { + conn, err := net.Dial("unix", socket) if err == nil { client := ttrpc.NewClient(conn) diff --git a/runtime/v2/runc/v1/service.go b/runtime/v2/runc/v1/service.go index e8ef09c8e197..6d0140a8d3ef 100644 --- a/runtime/v2/runc/v1/service.go +++ b/runtime/v2/runc/v1/service.go @@ -131,20 +131,26 @@ func (s *service) StartShim(ctx context.Context, id, containerdBinary, container if err != nil { return "", err } - address, err := shim.SocketAddress(ctx, id) + address, err := shim.SocketAddress(ctx, containerdAddress, id) if err != nil { return "", err } socket, err := shim.NewSocket(address) if err != nil { - return "", err + if !shim.SocketEaddrinuse(err) { + return "", err + } + if err := shim.RemoveSocket(address); err != nil { + return "", errors.Wrap(err, "remove already used socket") + } + if socket, err = shim.NewSocket(address); err != nil { + return "", err + } } - defer socket.Close() f, err := socket.File() if err != nil { return "", err } - defer f.Close() cmd.ExtraFiles = append(cmd.ExtraFiles, f) @@ -153,6 +159,7 @@ func (s *service) StartShim(ctx context.Context, id, containerdBinary, container } defer func() { if err != nil { + _ = shim.RemoveSocket(address) cmd.Process.Kill() } }() @@ -551,6 +558,9 @@ func (s *service) Connect(ctx context.Context, r *taskAPI.ConnectRequest) (*task func (s *service) Shutdown(ctx context.Context, r *taskAPI.ShutdownRequest) (*ptypes.Empty, error) { s.cancel() close(s.events) + if address, err := shim.ReadAddress("address"); err == nil { + _ = shim.RemoveSocket(address) + } return empty, nil } diff --git a/runtime/v2/runc/v2/service.go b/runtime/v2/runc/v2/service.go index d3ea1e8ffbee..7f15ee89bc42 100644 --- a/runtime/v2/runc/v2/service.go +++ b/runtime/v2/runc/v2/service.go @@ -25,7 +25,6 @@ import ( "os" "os/exec" "path/filepath" - "strings" "sync" "syscall" "time" @@ -105,6 +104,10 @@ func New(ctx context.Context, id string, publisher shim.Publisher, shutdown func return nil, errors.Wrap(err, "failed to initialized platform behavior") } go s.forward(ctx, publisher) + + if address, err := shim.ReadAddress("address"); err == nil { + s.shimAddress = address + } return s, nil } @@ -124,7 +127,8 @@ type service struct { containers map[string]*runc.Container - cancel func() + shimAddress string + cancel func() } func newCommand(ctx context.Context, id, containerdBinary, containerdAddress, containerdTTRPCAddress string) (*exec.Cmd, error) { @@ -183,30 +187,48 @@ func (s *service) StartShim(ctx context.Context, id, containerdBinary, container break } } - address, err := shim.SocketAddress(ctx, grouping) + address, err := shim.SocketAddress(ctx, containerdAddress, grouping) if err != nil { return "", err } + socket, err := shim.NewSocket(address) if err != nil { - if strings.Contains(err.Error(), "address already in use") { + // the only time where this would happen is if there is a bug and the socket + // was not cleaned up in the cleanup method of the shim or we are using the + // grouping functionality where the new process should be run with the same + // shim as an existing container + if !shim.SocketEaddrinuse(err) { + return "", errors.Wrap(err, "create new shim socket") + } + if shim.CanConnect(address) { if err := shim.WriteAddress("address", address); err != nil { - return "", err + return "", errors.Wrap(err, "write existing socket for shim") } return address, nil } - return "", err + if err := shim.RemoveSocket(address); err != nil { + return "", errors.Wrap(err, "remove pre-existing socket") + } + if socket, err = shim.NewSocket(address); err != nil { + return "", errors.Wrap(err, "try create new shim socket 2x") + } } - defer socket.Close() + defer func() { + if retErr != nil { + socket.Close() + _ = shim.RemoveSocket(address) + } + }() f, err := socket.File() if err != nil { return "", err } - defer f.Close() cmd.ExtraFiles = append(cmd.ExtraFiles, f) if err := cmd.Start(); err != nil { + f.Close() return "", err } defer func() { @@ -273,7 +295,6 @@ func (s *service) Cleanup(ctx context.Context) (*taskAPI.DeleteResponse, error) if err != nil { return nil, err } - runtime, err := runc.ReadRuntime(path) if err != nil { return nil, err @@ -652,7 +673,9 @@ func (s *service) Shutdown(ctx context.Context, r *taskAPI.ShutdownRequest) (*pt if s.platform != nil { s.platform.Close() } - + if s.shimAddress != "" { + _ = shim.RemoveSocket(s.shimAddress) + } return empty, nil } diff --git a/runtime/v2/shim/shim.go b/runtime/v2/shim/shim.go index 026ebb4e24cb..2f62b57c9eb2 100644 --- a/runtime/v2/shim/shim.go +++ b/runtime/v2/shim/shim.go @@ -104,7 +104,7 @@ func parseFlags() { flag.BoolVar(&versionFlag, "v", false, "show the shim version and exit") flag.StringVar(&namespaceFlag, "namespace", "", "namespace that owns the shim") flag.StringVar(&idFlag, "id", "", "id of the task") - flag.StringVar(&socketFlag, "socket", "", "abstract socket path to serve") + flag.StringVar(&socketFlag, "socket", "", "socket path to serve") flag.StringVar(&bundlePath, "bundle", "", "path to the bundle if not workdir") flag.StringVar(&addressFlag, "address", "", "grpc address back to main containerd") @@ -195,7 +195,6 @@ func run(id string, initFunc Init, config Config) error { ctx = context.WithValue(ctx, OptsKey{}, Opts{BundlePath: bundlePath, Debug: debugFlag}) ctx = log.WithLogger(ctx, log.G(ctx).WithField("runtime", id)) ctx, cancel := context.WithCancel(ctx) - service, err := initFunc(ctx, idFlag, publisher, cancel) if err != nil { return err @@ -300,11 +299,15 @@ func serve(ctx context.Context, server *ttrpc.Server, path string) error { return err } go func() { - defer l.Close() if err := server.Serve(ctx, l); err != nil && !strings.Contains(err.Error(), "use of closed network connection") { logrus.WithError(err).Fatal("containerd-shim: ttrpc server failure") } + l.Close() + if address, err := ReadAddress("address"); err == nil { + _ = RemoveSocket(address) + } + }() return nil } diff --git a/runtime/v2/shim/shim_unix.go b/runtime/v2/shim/shim_unix.go index e6dc3e02fc5c..a712dc7a55f5 100644 --- a/runtime/v2/shim/shim_unix.go +++ b/runtime/v2/shim/shim_unix.go @@ -58,15 +58,15 @@ func serveListener(path string) (net.Listener, error) { l, err = net.FileListener(os.NewFile(3, "socket")) path = "[inherited from parent]" } else { - if len(path) > 106 { - return nil, errors.Errorf("%q: unix socket path too long (> 106)", path) + if len(path) > socketPathLimit { + return nil, errors.Errorf("%q: unix socket path too long (> %d)", path, socketPathLimit) } - l, err = net.Listen("unix", "\x00"+path) + l, err = net.Listen("unix", path) } if err != nil { return nil, err } - logrus.WithField("socket", path).Debug("serving api on abstract socket") + logrus.WithField("socket", path).Debug("serving api on socket") return l, nil } diff --git a/runtime/v2/shim/util.go b/runtime/v2/shim/util.go index c8efd0dac8be..2bb786d90434 100644 --- a/runtime/v2/shim/util.go +++ b/runtime/v2/shim/util.go @@ -169,7 +169,7 @@ func WriteAddress(path, address string) error { // ErrNoAddress is returned when the address file has no content var ErrNoAddress = errors.New("no shim address") -// ReadAddress returns the shim's abstract socket address from the path +// ReadAddress returns the shim's socket address from the path func ReadAddress(path string) (string, error) { path, err := filepath.Abs(path) if err != nil { diff --git a/runtime/v2/shim/util_unix.go b/runtime/v2/shim/util_unix.go index 093a66239780..2b0d0ada3522 100644 --- a/runtime/v2/shim/util_unix.go +++ b/runtime/v2/shim/util_unix.go @@ -35,7 +35,10 @@ import ( "github.com/pkg/errors" ) -const shimBinaryFormat = "containerd-shim-%s-%s" +const ( + shimBinaryFormat = "containerd-shim-%s-%s" + socketPathLimit = 106 +) func getSysProcAttr() *syscall.SysProcAttr { return &syscall.SysProcAttr{ @@ -63,20 +66,21 @@ func AdjustOOMScore(pid int) error { return nil } -// SocketAddress returns an abstract socket address -func SocketAddress(ctx context.Context, id string) (string, error) { +const socketRoot = "/run/containerd" + +// SocketAddress returns a socket address +func SocketAddress(ctx context.Context, socketPath, id string) (string, error) { ns, err := namespaces.NamespaceRequired(ctx) if err != nil { return "", err } - d := sha256.Sum256([]byte(filepath.Join(ns, id))) - return filepath.Join(string(filepath.Separator), "containerd-shim", fmt.Sprintf("%x.sock", d)), nil + d := sha256.Sum256([]byte(filepath.Join(socketPath, ns, id))) + return fmt.Sprintf("unix://%s/%x", filepath.Join(socketRoot, "s"), d), nil } -// AnonDialer returns a dialer for an abstract socket +// AnonDialer returns a dialer for a socket func AnonDialer(address string, timeout time.Duration) (net.Conn, error) { - address = strings.TrimPrefix(address, "unix://") - return dialer.Dialer("\x00"+address, timeout) + return dialer.Dialer(socket(address).path(), timeout) } func AnonReconnectDialer(address string, timeout time.Duration) (net.Conn, error) { @@ -85,12 +89,82 @@ func AnonReconnectDialer(address string, timeout time.Duration) (net.Conn, error // NewSocket returns a new socket func NewSocket(address string) (*net.UnixListener, error) { - if len(address) > 106 { - return nil, errors.Errorf("%q: unix socket path too long (> 106)", address) + var ( + sock = socket(address) + path = sock.path() + ) + if !sock.isAbstract() { + if err := os.MkdirAll(filepath.Dir(path), 0600); err != nil { + return nil, errors.Wrapf(err, "%s", path) + } } - l, err := net.Listen("unix", "\x00"+address) + l, err := net.Listen("unix", path) if err != nil { - return nil, errors.Wrapf(err, "failed to listen to abstract unix socket %q", address) + return nil, err + } + if err := os.Chmod(path, 0600); err != nil { + os.Remove(sock.path()) + l.Close() + return nil, err } return l.(*net.UnixListener), nil } + +const abstractSocketPrefix = "\x00" + +type socket string + +func (s socket) isAbstract() bool { + return !strings.HasPrefix(string(s), "unix://") +} + +func (s socket) path() string { + path := strings.TrimPrefix(string(s), "unix://") + // if there was no trim performed, we assume an abstract socket + if len(path) == len(s) { + path = abstractSocketPrefix + path + } + return path +} + +// RemoveSocket removes the socket at the specified address if +// it exists on the filesystem +func RemoveSocket(address string) error { + sock := socket(address) + if !sock.isAbstract() { + return os.Remove(sock.path()) + } + return nil +} + +// SocketEaddrinuse returns true if the provided error is caused by the +// EADDRINUSE error number +func SocketEaddrinuse(err error) bool { + netErr, ok := err.(*net.OpError) + if !ok { + return false + } + if netErr.Op != "listen" { + return false + } + syscallErr, ok := netErr.Err.(*os.SyscallError) + if !ok { + return false + } + errno, ok := syscallErr.Err.(syscall.Errno) + if !ok { + return false + } + return errno == syscall.EADDRINUSE +} + +// CanConnect returns true if the socket provided at the address +// is accepting new connections +func CanConnect(address string) bool { + conn, err := AnonDialer(address, 100*time.Millisecond) + if err != nil { + return false + } + conn.Close() + return true +} diff --git a/runtime/v2/shim/util_windows.go b/runtime/v2/shim/util_windows.go index a94cdf250e6c..325c290043f1 100644 --- a/runtime/v2/shim/util_windows.go +++ b/runtime/v2/shim/util_windows.go @@ -79,3 +79,9 @@ func AnonDialer(address string, timeout time.Duration) (net.Conn, error) { return c, nil } } + +// RemoveSocket removes the socket at the specified address if +// it exists on the filesystem +func RemoveSocket(address string) error { + return nil +} From ae3a64aa10d6d9b1567adce057778800c9cc45ed Mon Sep 17 00:00:00 2001 From: Samuel Karp Date: Wed, 7 Oct 2020 22:28:19 -0700 Subject: [PATCH 31/46] containerd-shim: use path-based unix socket This allows filesystem-based ACLs for configuring access to the socket of a shim. Ported from Michael Crosby's similar patch for v2 shims. Signed-off-by: Samuel Karp --- cmd/containerd-shim/main_unix.go | 16 ++++-- runtime/v1/linux/bundle.go | 15 ++++-- runtime/v1/shim/client/client.go | 92 ++++++++++++++++++++++++++++---- 3 files changed, 105 insertions(+), 18 deletions(-) diff --git a/cmd/containerd-shim/main_unix.go b/cmd/containerd-shim/main_unix.go index 49f16e6ca6a6..43bf71d4d61f 100644 --- a/cmd/containerd-shim/main_unix.go +++ b/cmd/containerd-shim/main_unix.go @@ -71,7 +71,7 @@ var ( func init() { flag.BoolVar(&debugFlag, "debug", false, "enable debug output in logs") flag.StringVar(&namespaceFlag, "namespace", "", "namespace that owns the shim") - flag.StringVar(&socketFlag, "socket", "", "abstract socket path to serve") + flag.StringVar(&socketFlag, "socket", "", "socket path to serve") flag.StringVar(&addressFlag, "address", "", "grpc address back to main containerd") flag.StringVar(&workdirFlag, "workdir", "", "path used to storge large temporary data") flag.StringVar(&runtimeRootFlag, "runtime-root", process.RuncRoot, "root directory for the runtime") @@ -202,10 +202,18 @@ func serve(ctx context.Context, server *ttrpc.Server, path string) error { f.Close() path = "[inherited from parent]" } else { - if len(path) > 106 { - return errors.Errorf("%q: unix socket path too long (> 106)", path) + const ( + abstractSocketPrefix = "\x00" + socketPathLimit = 106 + ) + p := strings.TrimPrefix(path, "unix://") + if len(p) == len(path) { + p = abstractSocketPrefix + p } - l, err = net.Listen("unix", "\x00"+path) + if len(p) > socketPathLimit { + return errors.Errorf("%q: unix socket path too long (> %d)", p, socketPathLimit) + } + l, err = net.Listen("unix", p) } if err != nil { return err diff --git a/runtime/v1/linux/bundle.go b/runtime/v1/linux/bundle.go index e8b629b79c56..9d0a6c447892 100644 --- a/runtime/v1/linux/bundle.go +++ b/runtime/v1/linux/bundle.go @@ -91,7 +91,7 @@ func ShimRemote(c *Config, daemonAddress, cgroup string, exitHandler func()) Shi return func(b *bundle, ns string, ropts *runctypes.RuncOptions) (shim.Config, client.Opt) { config := b.shimConfig(ns, c, ropts) return config, - client.WithStart(c.Shim, b.shimAddress(ns), daemonAddress, cgroup, c.ShimDebug, exitHandler) + client.WithStart(c.Shim, b.shimAddress(ns, daemonAddress), daemonAddress, cgroup, c.ShimDebug, exitHandler) } } @@ -117,6 +117,11 @@ func (b *bundle) NewShimClient(ctx context.Context, namespace string, getClientO // Delete deletes the bundle from disk func (b *bundle) Delete() error { + address, _ := b.loadAddress() + if address != "" { + // we don't care about errors here + client.RemoveSocket(address) + } err := atomicDelete(b.path) if err == nil { return atomicDelete(b.workDir) @@ -133,9 +138,11 @@ func (b *bundle) legacyShimAddress(namespace string) string { return filepath.Join(string(filepath.Separator), "containerd-shim", namespace, b.id, "shim.sock") } -func (b *bundle) shimAddress(namespace string) string { - d := sha256.Sum256([]byte(filepath.Join(namespace, b.id))) - return filepath.Join(string(filepath.Separator), "containerd-shim", fmt.Sprintf("%x.sock", d)) +const socketRoot = "/run/containerd" + +func (b *bundle) shimAddress(namespace, socketPath string) string { + d := sha256.Sum256([]byte(filepath.Join(socketPath, namespace, b.id))) + return fmt.Sprintf("unix://%s/%x", filepath.Join(socketRoot, "s"), d) } func (b *bundle) loadAddress() (string, error) { diff --git a/runtime/v1/shim/client/client.go b/runtime/v1/shim/client/client.go index 9653454afcb6..e35dafec308e 100644 --- a/runtime/v1/shim/client/client.go +++ b/runtime/v1/shim/client/client.go @@ -59,9 +59,17 @@ func WithStart(binary, address, daemonAddress, cgroup string, debug bool, exitHa return func(ctx context.Context, config shim.Config) (_ shimapi.ShimService, _ io.Closer, err error) { socket, err := newSocket(address) if err != nil { - return nil, nil, err + if !eaddrinuse(err) { + return nil, nil, err + } + if err := RemoveSocket(address); err != nil { + return nil, nil, errors.Wrap(err, "remove already used socket") + } + if socket, err = newSocket(address); err != nil { + return nil, nil, err + } } - defer socket.Close() + f, err := socket.File() if err != nil { return nil, nil, errors.Wrapf(err, "failed to get fd for socket %s", address) @@ -108,6 +116,8 @@ func WithStart(binary, address, daemonAddress, cgroup string, debug bool, exitHa if stderrLog != nil { stderrLog.Close() } + socket.Close() + RemoveSocket(address) }() log.G(ctx).WithFields(logrus.Fields{ "pid": cmd.Process.Pid, @@ -142,6 +152,26 @@ func WithStart(binary, address, daemonAddress, cgroup string, debug bool, exitHa } } +func eaddrinuse(err error) bool { + cause := errors.Cause(err) + netErr, ok := cause.(*net.OpError) + if !ok { + return false + } + if netErr.Op != "listen" { + return false + } + syscallErr, ok := netErr.Err.(*os.SyscallError) + if !ok { + return false + } + errno, ok := syscallErr.Err.(syscall.Errno) + if !ok { + return false + } + return errno == syscall.EADDRINUSE +} + // setupOOMScore gets containerd's oom score and adds +1 to it // to ensure a shim has a lower* score than the daemons func setupOOMScore(shimPid int) error { @@ -214,31 +244,73 @@ func writeFile(path, address string) error { return os.Rename(tempPath, path) } +const ( + abstractSocketPrefix = "\x00" + socketPathLimit = 106 +) + +type socket string + +func (s socket) isAbstract() bool { + return !strings.HasPrefix(string(s), "unix://") +} + +func (s socket) path() string { + path := strings.TrimPrefix(string(s), "unix://") + // if there was no trim performed, we assume an abstract socket + if len(path) == len(s) { + path = abstractSocketPrefix + path + } + return path +} + func newSocket(address string) (*net.UnixListener, error) { - if len(address) > 106 { - return nil, errors.Errorf("%q: unix socket path too long (> 106)", address) + if len(address) > socketPathLimit { + return nil, errors.Errorf("%q: unix socket path too long (> %d)", address, socketPathLimit) + } + var ( + sock = socket(address) + path = sock.path() + ) + if !sock.isAbstract() { + if err := os.MkdirAll(filepath.Dir(path), 0600); err != nil { + return nil, errors.Wrapf(err, "%s", path) + } } - l, err := net.Listen("unix", "\x00"+address) + l, err := net.Listen("unix", path) if err != nil { - return nil, errors.Wrapf(err, "failed to listen to abstract unix socket %q", address) + return nil, errors.Wrapf(err, "failed to listen to unix socket %q (abstract: %t)", address, sock.isAbstract()) + } + if err := os.Chmod(path, 0600); err != nil { + l.Close() + return nil, err } return l.(*net.UnixListener), nil } +// RemoveSocket removes the socket at the specified address if +// it exists on the filesystem +func RemoveSocket(address string) error { + sock := socket(address) + if !sock.isAbstract() { + return os.Remove(sock.path()) + } + return nil +} + func connect(address string, d func(string, time.Duration) (net.Conn, error)) (net.Conn, error) { return d(address, 100*time.Second) } -func annonDialer(address string, timeout time.Duration) (net.Conn, error) { - address = strings.TrimPrefix(address, "unix://") - return dialer.Dialer("\x00"+address, timeout) +func anonDialer(address string, timeout time.Duration) (net.Conn, error) { + return dialer.Dialer(socket(address).path(), timeout) } // WithConnect connects to an existing shim func WithConnect(address string, onClose func()) Opt { return func(ctx context.Context, config shim.Config) (shimapi.ShimService, io.Closer, error) { - conn, err := connect(address, annonDialer) + conn, err := connect(address, anonDialer) if err != nil { return nil, nil, err } From 727e1728d82f4a01996fa9a4e5869fc20a204598 Mon Sep 17 00:00:00 2001 From: Derek McGowan Date: Mon, 30 Nov 2020 10:08:44 -0800 Subject: [PATCH 32/46] Prepare 1.4.3 release notes Signed-off-by: Derek McGowan --- releases/v1.4.3.toml | 21 +++++++++++++++++++++ version/version.go | 2 +- 2 files changed, 22 insertions(+), 1 deletion(-) create mode 100644 releases/v1.4.3.toml diff --git a/releases/v1.4.3.toml b/releases/v1.4.3.toml new file mode 100644 index 000000000000..cd25f770bff7 --- /dev/null +++ b/releases/v1.4.3.toml @@ -0,0 +1,21 @@ +# commit to be tagged for new release +commit = "HEAD" + +project_name = "containerd" +github_repo = "containerd/containerd" +match_deps = "^github.com/(containerd/[a-zA-Z0-9-]+)$" + +# previous release +previous = "v1.4.2" + +pre_release = false + +preface = """\ +The third patch release for `containerd` 1.4 is a security release to address CVE-2020-15257. +See [GHSA-36xw-fx78-c5r4](https://github.com/containerd/containerd/security/advisories/GHSA-36xw-fx78-c5r4) for more details. +""" + +# notable prs to include in the release notes, 1234 is the pr number +[notes] + +[breaking] diff --git a/version/version.go b/version/version.go index 465da18a19fd..184ef00d07fa 100644 --- a/version/version.go +++ b/version/version.go @@ -23,7 +23,7 @@ var ( Package = "github.com/containerd/containerd" // Version holds the complete version number. Filled in at linking time. - Version = "1.4.2+unknown" + Version = "1.4.3+unknown" // Revision is filled with the VCS (e.g. git) revision being used to build // the program at linking time. From a6f6eb00c21483bfae8196f0e6bb1c13ea9d2bc0 Mon Sep 17 00:00:00 2001 From: Simon Kaegi Date: Mon, 14 Dec 2020 12:01:04 -0500 Subject: [PATCH 33/46] Add bounds on max oom_score_adj value for AdjustOOMScore oom_score_adj must be in the range -1000 to 1000. In AdjustOOMScore if containerd's score is already at the maximum value we should set that value for the shim instead of trying to set 1001 which is invalid. Signed-off-by: Simon Kaegi (cherry picked from commit da2fd657ab109d71e68ae46799eec54d4f8e21a6) --- container_linux_test.go | 4 ++++ runtime/v1/shim/client/client.go | 4 ++++ runtime/v2/shim/util_unix.go | 4 ++++ sys/oom_unix.go | 8 ++++++-- sys/oom_windows.go | 5 +++++ 5 files changed, 23 insertions(+), 2 deletions(-) diff --git a/container_linux_test.go b/container_linux_test.go index 2db040b5186c..f1fd5b36a665 100644 --- a/container_linux_test.go +++ b/container_linux_test.go @@ -1933,6 +1933,10 @@ func TestShimOOMScore(t *testing.T) { } expectedScore := containerdScore + 1 + if expectedScore > sys.OOMScoreAdjMax { + expectedScore = sys.OOMScoreAdjMax + } + // find the shim's pid if cgroups.Mode() == cgroups.Unified { processes, err := cg2.Procs(false) diff --git a/runtime/v1/shim/client/client.go b/runtime/v1/shim/client/client.go index e35dafec308e..9211c0052422 100644 --- a/runtime/v1/shim/client/client.go +++ b/runtime/v1/shim/client/client.go @@ -174,6 +174,7 @@ func eaddrinuse(err error) bool { // setupOOMScore gets containerd's oom score and adds +1 to it // to ensure a shim has a lower* score than the daemons +// if not already at the maximum OOM Score func setupOOMScore(shimPid int) error { pid := os.Getpid() score, err := sys.GetOOMScoreAdj(pid) @@ -181,6 +182,9 @@ func setupOOMScore(shimPid int) error { return errors.Wrap(err, "get daemon OOM score") } shimScore := score + 1 + if shimScore > sys.OOMScoreAdjMax { + shimScore = sys.OOMScoreAdjMax + } if err := sys.SetOOMScore(shimPid, shimScore); err != nil { return errors.Wrap(err, "set shim OOM score") } diff --git a/runtime/v2/shim/util_unix.go b/runtime/v2/shim/util_unix.go index 2b0d0ada3522..9fb7cc5738d6 100644 --- a/runtime/v2/shim/util_unix.go +++ b/runtime/v2/shim/util_unix.go @@ -53,6 +53,7 @@ func SetScore(pid int) error { // AdjustOOMScore sets the OOM score for the process to the parents OOM score +1 // to ensure that they parent has a lower* score than the shim +// if not already at the maximum OOM Score func AdjustOOMScore(pid int) error { parent := os.Getppid() score, err := sys.GetOOMScoreAdj(parent) @@ -60,6 +61,9 @@ func AdjustOOMScore(pid int) error { return errors.Wrap(err, "get parent OOM score") } shimScore := score + 1 + if shimScore > sys.OOMScoreAdjMax { + shimScore = sys.OOMScoreAdjMax + } if err := sys.SetOOMScore(pid, shimScore); err != nil { return errors.Wrap(err, "set shim OOM score") } diff --git a/sys/oom_unix.go b/sys/oom_unix.go index d49d5bc8dd83..c381e1a7e28b 100644 --- a/sys/oom_unix.go +++ b/sys/oom_unix.go @@ -26,8 +26,12 @@ import ( "strings" ) -// OOMScoreMaxKillable is the maximum score keeping the process killable by the oom killer -const OOMScoreMaxKillable = -999 +const ( + // OOMScoreMaxKillable is the maximum score keeping the process killable by the oom killer + OOMScoreMaxKillable = -999 + // OOMScoreAdjMax is from OOM_SCORE_ADJ_MAX https://github.com/torvalds/linux/blob/master/include/uapi/linux/oom.h + OOMScoreAdjMax = 1000 +) // SetOOMScore sets the oom score for the provided pid func SetOOMScore(pid, score int) error { diff --git a/sys/oom_windows.go b/sys/oom_windows.go index a917ba635ba0..215c171f6efe 100644 --- a/sys/oom_windows.go +++ b/sys/oom_windows.go @@ -16,6 +16,11 @@ package sys +const ( + // OOMScoreAdjMax is not implemented on Windows + OOMScoreAdjMax = 0 +) + // SetOOMScore sets the oom score for the process // // Not implemented on Windows From 8cff6b3753ffe53e07c0af6b0de9bd66425c642c Mon Sep 17 00:00:00 2001 From: Danail Branekov Date: Tue, 22 Dec 2020 09:55:13 +0200 Subject: [PATCH 34/46] [release/1.4 backport] Return GRPC not found error instead of plain one When the shim returns a plain error when a process does not exist, the server is unable to recognise its GRPC status code and assumes UnknownError. This is awkward for containerd client users as they are unable to recognise the actual reason for the error. When the shim returns a NotFound GRPC error, it is properly translated by the server and clients receive a proper NotFound error instead of Unknown Co-authored-by: Danail Branekov Co-authored-by: Georgi Sabev Signed-off-by: Danail Branekov Signed-off-by: Georgi Sabev (cherry picked from commit 7451dd1ed1f7b141dcb742cd44ab7ccd6f2176b0) --- container_linux_test.go | 4 ++++ runtime/v2/runc/v2/service.go | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/container_linux_test.go b/container_linux_test.go index 2db040b5186c..212a4095cd5c 100644 --- a/container_linux_test.go +++ b/container_linux_test.go @@ -1068,6 +1068,10 @@ func TestContainerLoadUnexistingProcess(t *testing.T) { t.Fatal("an error should have occurred when loading a process that does not exist") } + if !errdefs.IsNotFound(err) { + t.Fatalf("an error of type NotFound should have been returned when loading a process that does not exist, got %#v instead ", err) + } + if err := task.Kill(ctx, syscall.SIGKILL); err != nil { t.Error(err) } diff --git a/runtime/v2/runc/v2/service.go b/runtime/v2/runc/v2/service.go index 7f15ee89bc42..cf478ca5e8ce 100644 --- a/runtime/v2/runc/v2/service.go +++ b/runtime/v2/runc/v2/service.go @@ -483,7 +483,7 @@ func (s *service) State(ctx context.Context, r *taskAPI.StateRequest) (*taskAPI. } p, err := container.Process(r.ExecID) if err != nil { - return nil, err + return nil, errdefs.ToGRPC(err) } st, err := p.Status(ctx) if err != nil { From b73052d34a3b6839dbea20d434d3978c9df00b5d Mon Sep 17 00:00:00 2001 From: Wei Fu Date: Mon, 11 Jan 2021 23:22:38 +0800 Subject: [PATCH 35/46] runtime/v2: should use defer ctx to cleanup Signed-off-by: Wei Fu (cherry picked from commit 846cb963cc4fe20237092bdbe62828dfe2ff1541) Signed-off-by: Wei Fu --- runtime/v2/manager.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/runtime/v2/manager.go b/runtime/v2/manager.go index 9ae6d31b2e7b..7574ebba7495 100644 --- a/runtime/v2/manager.go +++ b/runtime/v2/manager.go @@ -159,7 +159,7 @@ func (m *TaskManager) Create(ctx context.Context, id string, opts runtime.Create defer cancel() _, errShim := shim.Delete(dctx) if errShim != nil { - shim.Shutdown(ctx) + shim.Shutdown(dctx) shim.Close() } } From ec752e8ba13819efae82b9d246b2845ba3a02f41 Mon Sep 17 00:00:00 2001 From: Tonis Tiigi Date: Tue, 15 Dec 2020 17:35:44 -0800 Subject: [PATCH 36/46] docker: avoid concurrent map access panic Signed-off-by: Tonis Tiigi (cherry picked from commit bf323c5bdd5c9bdd2f957e03c4cdaa43e4c1c5a6) Signed-off-by: Shengjing Zhu --- remotes/docker/resolver.go | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/remotes/docker/resolver.go b/remotes/docker/resolver.go index 53e42ecc5a5c..f9582188b84f 100644 --- a/remotes/docker/resolver.go +++ b/remotes/docker/resolver.go @@ -525,7 +525,10 @@ func (r *request) do(ctx context.Context) (*http.Response, error) { if err != nil { return nil, err } - req.Header = r.header + req.Header = http.Header{} // headers need to be copied to avoid concurrent map access + for k, v := range r.header { + req.Header[k] = v + } if r.body != nil { body, err := r.body() if err != nil { From e7cd2030e105bd1a614821e246a4a1a73bd308e5 Mon Sep 17 00:00:00 2001 From: Tonis Tiigi Date: Tue, 15 Dec 2020 17:39:25 -0800 Subject: [PATCH 37/46] pusher: add missing authentication support for requests Signed-off-by: Tonis Tiigi (cherry picked from commit 4dfec7fa0175c2728301d5da1e431641a9e50f28) Signed-off-by: Shengjing Zhu --- remotes/docker/pusher.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/remotes/docker/pusher.go b/remotes/docker/pusher.go index 98ea515d591e..d95e0c8b0e93 100644 --- a/remotes/docker/pusher.go +++ b/remotes/docker/pusher.go @@ -136,7 +136,7 @@ func (p dockerPusher) Push(ctx context.Context, desc ocispec.Descriptor) (conten // // for the private repo, we should remove mount-from // query and send the request again. - resp, err = preq.do(pctx) + resp, err = preq.doWithRetries(pctx, nil) if err != nil { return nil, err } @@ -235,7 +235,7 @@ func (p dockerPusher) Push(ctx context.Context, desc ocispec.Descriptor) (conten go func() { defer close(respC) - resp, err := req.do(ctx) + resp, err := req.doWithRetries(ctx, nil) if err != nil { pr.CloseWithError(err) return From edffc830bb21dec0598b5234a45e286dfec3c6da Mon Sep 17 00:00:00 2001 From: payall4u Date: Sun, 31 Jan 2021 12:43:40 +0800 Subject: [PATCH 38/46] change flag from RDONLY to RDWR and close the fifo correct Signed-off-by: Zhiyu Li (cherry picked from commit 957fa3379da878817f695d057ae50b127f81e32a) --- runtime/v2/binary.go | 1 + runtime/v2/shim.go | 16 +++++++++++++--- runtime/v2/shim_unix.go | 2 +- 3 files changed, 15 insertions(+), 4 deletions(-) diff --git a/runtime/v2/binary.go b/runtime/v2/binary.go index 4b3f4ab93d99..49ecd80e9631 100644 --- a/runtime/v2/binary.go +++ b/runtime/v2/binary.go @@ -115,6 +115,7 @@ func (b *binary) Start(ctx context.Context, opts *types.Any, onClose func()) (_ onCloseWithShimLog := func() { onClose() cancelShimLog() + f.Close() } client := ttrpc.NewClient(conn, ttrpc.WithOnClose(onCloseWithShimLog)) return &shim{ diff --git a/runtime/v2/shim.go b/runtime/v2/shim.go index e5093b250146..90df543233c7 100644 --- a/runtime/v2/shim.go +++ b/runtime/v2/shim.go @@ -76,7 +76,13 @@ func loadShim(ctx context.Context, bundle *Bundle, events *exchange.Exchange, rt conn.Close() } }() - f, err := openShimLog(ctx, bundle, client.AnonReconnectDialer) + shimCtx, cancelShimLog := context.WithCancel(ctx) + defer func() { + if err != nil { + cancelShimLog() + } + }() + f, err := openShimLog(shimCtx, bundle, client.AnonReconnectDialer) if err != nil { return nil, errors.Wrap(err, "open shim log pipe") } @@ -99,8 +105,12 @@ func loadShim(ctx context.Context, bundle *Bundle, events *exchange.Exchange, rt } } }() - - client := ttrpc.NewClient(conn, ttrpc.WithOnClose(onClose)) + onCloseWithShimLog := func() { + onClose() + cancelShimLog() + f.Close() + } + client := ttrpc.NewClient(conn, ttrpc.WithOnClose(onCloseWithShimLog)) defer func() { if err != nil { client.Close() diff --git a/runtime/v2/shim_unix.go b/runtime/v2/shim_unix.go index 16e9c7be34a0..898839bd4098 100644 --- a/runtime/v2/shim_unix.go +++ b/runtime/v2/shim_unix.go @@ -30,7 +30,7 @@ import ( ) func openShimLog(ctx context.Context, bundle *Bundle, _ func(string, time.Duration) (net.Conn, error)) (io.ReadCloser, error) { - return fifo.OpenFifo(ctx, filepath.Join(bundle.Path, "log"), unix.O_RDONLY|unix.O_CREAT|unix.O_NONBLOCK, 0700) + return fifo.OpenFifo(ctx, filepath.Join(bundle.Path, "log"), unix.O_RDWR|unix.O_CREAT|unix.O_NONBLOCK, 0700) } func checkCopyShimLogError(ctx context.Context, err error) error { From f087d7849111a35fe3a6ec32bcca3bdaf1298568 Mon Sep 17 00:00:00 2001 From: IceberGu Date: Tue, 2 Feb 2021 15:36:49 +0800 Subject: [PATCH 39/46] runtime: fix shutdown runc v2 service Signed-off-by: IceberGu (cherry picked from commit b458583b76e84204dca17587625757247bb4053e) Signed-off-by: Iceber Gu --- runtime/v2/runc/v2/service.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/runtime/v2/runc/v2/service.go b/runtime/v2/runc/v2/service.go index cf478ca5e8ce..3dd5b7df9b29 100644 --- a/runtime/v2/runc/v2/service.go +++ b/runtime/v2/runc/v2/service.go @@ -662,9 +662,10 @@ func (s *service) Connect(ctx context.Context, r *taskAPI.ConnectRequest) (*task func (s *service) Shutdown(ctx context.Context, r *taskAPI.ShutdownRequest) (*ptypes.Empty, error) { s.mu.Lock() + defer s.mu.Unlock() + // return out if the shim is still servicing containers if len(s.containers) > 0 { - s.mu.Unlock() return empty, nil } s.cancel() From 232cee448f1027716c95a04e9c520d552907f333 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Fri, 5 Feb 2021 15:27:36 +0100 Subject: [PATCH 40/46] Update to go 1.15.8 go1.15.8 (released 2021/02/04) includes fixes to the compiler, linker, runtime, the go command, and the net/http package. See the Go 1.15.8 milestone on the issue tracker for details. https://github.com/golang/go/issues?q=milestone%3AGo1.15.8+label%3ACherryPickApproved The 1.4 branch was still on Go 1.15.5, so this patch also includes previous patch updates; full diff: https://github.com/golang/go/compare/go1.15.5...go1.15.8 Signed-off-by: Sebastiaan van Stijn --- .github/workflows/ci.yml | 12 ++++++------ .github/workflows/nightly.yml | 4 ++-- .github/workflows/release.yml | 2 +- .travis.yml | 2 +- .zuul/playbooks/containerd-build/run.yaml | 2 +- Vagrantfile | 2 +- contrib/Dockerfile.test | 2 +- 7 files changed, 13 insertions(+), 13 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 1570757dbe14..40513be5cc2a 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -26,7 +26,7 @@ jobs: - name: Install Go uses: actions/setup-go@v1 with: - go-version: '1.15.5' + go-version: '1.15.8' - name: Set env shell: bash @@ -81,7 +81,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v1 with: - go-version: '1.15.5' + go-version: '1.15.8' - name: Set env shell: bash @@ -128,7 +128,7 @@ jobs: - name: Install Go uses: actions/setup-go@v1 with: - go-version: '1.15.5' + go-version: '1.15.8' - name: Set env shell: bash @@ -165,7 +165,7 @@ jobs: - name: Install Go uses: actions/setup-go@v1 with: - go-version: '1.15.5' + go-version: '1.15.8' - name: Set env shell: bash @@ -197,7 +197,7 @@ jobs: - name: Install Go uses: actions/setup-go@v1 with: - go-version: '1.15.5' + go-version: '1.15.8' - name: Set env shell: bash @@ -277,7 +277,7 @@ jobs: - name: Install Go uses: actions/setup-go@v1 with: - go-version: '1.15.5' + go-version: '1.15.8' - name: Set env shell: bash diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml index 56e6322e1980..94c471ea39d2 100644 --- a/.github/workflows/nightly.yml +++ b/.github/workflows/nightly.yml @@ -15,7 +15,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v1 with: - go-version: '1.15.5' + go-version: '1.15.8' - name: Checkout uses: actions/checkout@v1 @@ -132,7 +132,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v1 with: - go-version: '1.15.5' + go-version: '1.15.8' - name: Checkout uses: actions/checkout@v1 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 92b7bd0a73c9..4b40fa61172e 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -62,7 +62,7 @@ jobs: - name: Install Go uses: actions/setup-go@v1 with: - go-version: '1.15.5' + go-version: '1.15.8' - name: Set env shell: bash diff --git a/.travis.yml b/.travis.yml index 362404e923bf..6e395da2647b 100644 --- a/.travis.yml +++ b/.travis.yml @@ -15,7 +15,7 @@ os: - linux go: - - "1.15.5" + - "1.15.8" env: - TRAVIS_GOOS=linux TEST_RUNTIME=io.containerd.runc.v1 TRAVIS_CGO_ENABLED=1 TRAVIS_DISTRO=bionic GOPROXY=direct diff --git a/.zuul/playbooks/containerd-build/run.yaml b/.zuul/playbooks/containerd-build/run.yaml index b1975468d8d6..b3f037896158 100644 --- a/.zuul/playbooks/containerd-build/run.yaml +++ b/.zuul/playbooks/containerd-build/run.yaml @@ -2,7 +2,7 @@ become: yes roles: - role: config-golang - go_version: '1.15.5' + go_version: '1.15.8' arch: arm64 tasks: - name: Build containerd diff --git a/Vagrantfile b/Vagrantfile index e44eb7c8e63a..95e8ae0c19b4 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -77,7 +77,7 @@ Vagrant.configure("2") do |config| config.vm.provision "install-golang", type: "shell", run: "once" do |sh| sh.upload_path = "/tmp/vagrant-install-golang" sh.env = { - 'GO_VERSION': ENV['GO_VERSION'] || "1.15.5", + 'GO_VERSION': ENV['GO_VERSION'] || "1.15.8", } sh.inline = <<~SHELL #!/usr/bin/env bash diff --git a/contrib/Dockerfile.test b/contrib/Dockerfile.test index bb5a01e961f2..8680aa227af1 100644 --- a/contrib/Dockerfile.test +++ b/contrib/Dockerfile.test @@ -6,7 +6,7 @@ # 3.) $ make binaries install test # -ARG GOLANG_VERSION=1.15.5 +ARG GOLANG_VERSION=1.15.8 FROM golang:${GOLANG_VERSION} AS golang-base RUN mkdir -p /go/src/github.com/containerd/containerd From 2ec4a495fa00a5603c060f84fe0e5eb59280d987 Mon Sep 17 00:00:00 2001 From: Shengjing Zhu Date: Mon, 8 Feb 2021 11:46:00 +0800 Subject: [PATCH 41/46] Update gogo/protobuf to v1.3.2 bump version 1.3.2 for gogo/protobuf due to CVE-2021-3121 discovered in gogo/protobuf version 1.3.1, CVE has been fixed in 1.3.2 Signed-off-by: Aditi Sharma (cherry picked from commit 1423e9199d701499d533210b87640d116ec0c76e) Signed-off-by: Shengjing Zhu --- api/events/container.pb.go | 22 +-- api/events/content.pb.go | 5 +- api/events/image.pb.go | 19 +-- api/events/namespace.pb.go | 19 +-- api/events/snapshot.pb.go | 15 +- api/events/task.pb.go | 55 ++----- api/services/containers/v1/containers.pb.go | 64 ++------- api/services/content/v1/content.pb.go | 94 +++--------- api/services/diff/v1/diff.pb.go | 24 +--- api/services/events/v1/events.pb.go | 20 +-- api/services/images/v1/images.pb.go | 52 ++----- .../introspection/v1/introspection.pb.go | 22 +-- api/services/leases/v1/leases.pb.go | 59 ++------ api/services/namespaces/v1/namespace.pb.go | 52 ++----- api/services/snapshots/v1/snapshots.pb.go | 98 +++---------- api/services/tasks/v1/tasks.pb.go | 135 ++++-------------- api/services/ttrpc/events/v1/events.pb.go | 10 +- api/services/version/v1/version.pb.go | 5 +- api/types/descriptor.pb.go | 7 +- api/types/metrics.pb.go | 5 +- api/types/mount.pb.go | 5 +- api/types/platform.pb.go | 5 +- api/types/task/task.pb.go | 10 +- runtime/linux/runctypes/runc.pb.go | 20 +-- runtime/v1/shim/v1/shim.pb.go | 100 +++---------- runtime/v2/runc/options/oci.pb.go | 15 +- runtime/v2/task/shim.pb.go | 130 ++++------------- vendor.conf | 2 +- vendor/github.com/gogo/protobuf/Readme.md | 8 +- vendor/github.com/gogo/protobuf/go.mod | 5 +- .../protobuf/plugin/unmarshal/unmarshal.go | 16 +-- .../gogo/protobuf/proto/text_parser.go | 2 +- .../github.com/gogo/protobuf/types/any.pb.go | 5 +- .../github.com/gogo/protobuf/types/api.pb.go | 15 +- .../gogo/protobuf/types/duration.pb.go | 5 +- .../gogo/protobuf/types/empty.pb.go | 5 +- .../gogo/protobuf/types/field_mask.pb.go | 5 +- .../gogo/protobuf/types/source_context.pb.go | 5 +- .../gogo/protobuf/types/struct.pb.go | 17 +-- .../gogo/protobuf/types/timestamp.pb.go | 5 +- .../github.com/gogo/protobuf/types/type.pb.go | 25 +--- .../gogo/protobuf/types/wrappers.pb.go | 45 ++---- 42 files changed, 267 insertions(+), 965 deletions(-) diff --git a/api/events/container.pb.go b/api/events/container.pb.go index 0c1e0a939641..fe002e0736c2 100644 --- a/api/events/container.pb.go +++ b/api/events/container.pb.go @@ -835,10 +835,7 @@ func (m *ContainerCreate) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthContainer - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthContainer } if (iNdEx + skippy) > l { @@ -957,10 +954,7 @@ func (m *ContainerCreate_Runtime) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthContainer - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthContainer } if (iNdEx + skippy) > l { @@ -1185,7 +1179,7 @@ func (m *ContainerUpdate) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthContainer } if (iNdEx + skippy) > postIndex { @@ -1234,10 +1228,7 @@ func (m *ContainerUpdate) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthContainer - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthContainer } if (iNdEx + skippy) > l { @@ -1320,10 +1311,7 @@ func (m *ContainerDelete) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthContainer - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthContainer } if (iNdEx + skippy) > l { diff --git a/api/events/content.pb.go b/api/events/content.pb.go index 959ea72d8e61..0a7ec9325d35 100644 --- a/api/events/content.pb.go +++ b/api/events/content.pb.go @@ -257,10 +257,7 @@ func (m *ContentDelete) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthContent - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthContent } if (iNdEx + skippy) > l { diff --git a/api/events/image.pb.go b/api/events/image.pb.go index 13f60b01797e..747026945449 100644 --- a/api/events/image.pb.go +++ b/api/events/image.pb.go @@ -697,7 +697,7 @@ func (m *ImageCreate) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthImage } if (iNdEx + skippy) > postIndex { @@ -714,10 +714,7 @@ func (m *ImageCreate) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthImage - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthImage } if (iNdEx + skippy) > l { @@ -910,7 +907,7 @@ func (m *ImageUpdate) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthImage } if (iNdEx + skippy) > postIndex { @@ -927,10 +924,7 @@ func (m *ImageUpdate) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthImage - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthImage } if (iNdEx + skippy) > l { @@ -1013,10 +1007,7 @@ func (m *ImageDelete) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthImage - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthImage } if (iNdEx + skippy) > l { diff --git a/api/events/namespace.pb.go b/api/events/namespace.pb.go index 37c3b78cf3ba..d406a987e98d 100644 --- a/api/events/namespace.pb.go +++ b/api/events/namespace.pb.go @@ -697,7 +697,7 @@ func (m *NamespaceCreate) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthNamespace } if (iNdEx + skippy) > postIndex { @@ -714,10 +714,7 @@ func (m *NamespaceCreate) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthNamespace - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthNamespace } if (iNdEx + skippy) > l { @@ -910,7 +907,7 @@ func (m *NamespaceUpdate) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthNamespace } if (iNdEx + skippy) > postIndex { @@ -927,10 +924,7 @@ func (m *NamespaceUpdate) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthNamespace - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthNamespace } if (iNdEx + skippy) > l { @@ -1013,10 +1007,7 @@ func (m *NamespaceDelete) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthNamespace - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthNamespace } if (iNdEx + skippy) > l { diff --git a/api/events/snapshot.pb.go b/api/events/snapshot.pb.go index 5392970040f8..bec25c3a7c99 100644 --- a/api/events/snapshot.pb.go +++ b/api/events/snapshot.pb.go @@ -548,10 +548,7 @@ func (m *SnapshotPrepare) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthSnapshot - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthSnapshot } if (iNdEx + skippy) > l { @@ -666,10 +663,7 @@ func (m *SnapshotCommit) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthSnapshot - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthSnapshot } if (iNdEx + skippy) > l { @@ -752,10 +746,7 @@ func (m *SnapshotRemove) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthSnapshot - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthSnapshot } if (iNdEx + skippy) > l { diff --git a/api/events/task.pb.go b/api/events/task.pb.go index 0f16695e39ca..f8f3a3f3d307 100644 --- a/api/events/task.pb.go +++ b/api/events/task.pb.go @@ -1905,10 +1905,7 @@ func (m *TaskCreate) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthTask - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthTask } if (iNdEx + skippy) > l { @@ -2010,10 +2007,7 @@ func (m *TaskStart) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthTask - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthTask } if (iNdEx + skippy) > l { @@ -2199,10 +2193,7 @@ func (m *TaskDelete) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthTask - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthTask } if (iNdEx + skippy) > l { @@ -2369,10 +2360,7 @@ func (m *TaskIO) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthTask - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthTask } if (iNdEx + skippy) > l { @@ -2558,10 +2546,7 @@ func (m *TaskExit) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthTask - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthTask } if (iNdEx + skippy) > l { @@ -2644,10 +2629,7 @@ func (m *TaskOOM) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthTask - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthTask } if (iNdEx + skippy) > l { @@ -2762,10 +2744,7 @@ func (m *TaskExecAdded) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthTask - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthTask } if (iNdEx + skippy) > l { @@ -2899,10 +2878,7 @@ func (m *TaskExecStarted) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthTask - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthTask } if (iNdEx + skippy) > l { @@ -2985,10 +2961,7 @@ func (m *TaskPaused) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthTask - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthTask } if (iNdEx + skippy) > l { @@ -3071,10 +3044,7 @@ func (m *TaskResumed) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthTask - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthTask } if (iNdEx + skippy) > l { @@ -3189,10 +3159,7 @@ func (m *TaskCheckpointed) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthTask - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthTask } if (iNdEx + skippy) > l { diff --git a/api/services/containers/v1/containers.pb.go b/api/services/containers/v1/containers.pb.go index d951b2683258..af56c7de2bad 100644 --- a/api/services/containers/v1/containers.pb.go +++ b/api/services/containers/v1/containers.pb.go @@ -2106,7 +2106,7 @@ func (m *Container) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthContainers } if (iNdEx + skippy) > postIndex { @@ -2469,7 +2469,7 @@ func (m *Container) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthContainers } if (iNdEx + skippy) > postIndex { @@ -2486,10 +2486,7 @@ func (m *Container) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthContainers - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthContainers } if (iNdEx + skippy) > l { @@ -2608,10 +2605,7 @@ func (m *Container_Runtime) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthContainers - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthContainers } if (iNdEx + skippy) > l { @@ -2694,10 +2688,7 @@ func (m *GetContainerRequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthContainers - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthContainers } if (iNdEx + skippy) > l { @@ -2781,10 +2772,7 @@ func (m *GetContainerResponse) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthContainers - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthContainers } if (iNdEx + skippy) > l { @@ -2867,10 +2855,7 @@ func (m *ListContainersRequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthContainers - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthContainers } if (iNdEx + skippy) > l { @@ -2955,10 +2940,7 @@ func (m *ListContainersResponse) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthContainers - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthContainers } if (iNdEx + skippy) > l { @@ -3042,10 +3024,7 @@ func (m *CreateContainerRequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthContainers - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthContainers } if (iNdEx + skippy) > l { @@ -3129,10 +3108,7 @@ func (m *CreateContainerResponse) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthContainers - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthContainers } if (iNdEx + skippy) > l { @@ -3252,10 +3228,7 @@ func (m *UpdateContainerRequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthContainers - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthContainers } if (iNdEx + skippy) > l { @@ -3339,10 +3312,7 @@ func (m *UpdateContainerResponse) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthContainers - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthContainers } if (iNdEx + skippy) > l { @@ -3425,10 +3395,7 @@ func (m *DeleteContainerRequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthContainers - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthContainers } if (iNdEx + skippy) > l { @@ -3515,10 +3482,7 @@ func (m *ListContainerMessage) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthContainers - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthContainers } if (iNdEx + skippy) > l { diff --git a/api/services/content/v1/content.pb.go b/api/services/content/v1/content.pb.go index 1cf0aaa91012..97c7d4a92b36 100644 --- a/api/services/content/v1/content.pb.go +++ b/api/services/content/v1/content.pb.go @@ -3280,7 +3280,7 @@ func (m *Info) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthContent } if (iNdEx + skippy) > postIndex { @@ -3297,10 +3297,7 @@ func (m *Info) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthContent - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthContent } if (iNdEx + skippy) > l { @@ -3383,10 +3380,7 @@ func (m *InfoRequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthContent - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthContent } if (iNdEx + skippy) > l { @@ -3470,10 +3464,7 @@ func (m *InfoResponse) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthContent - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthContent } if (iNdEx + skippy) > l { @@ -3593,10 +3584,7 @@ func (m *UpdateRequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthContent - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthContent } if (iNdEx + skippy) > l { @@ -3680,10 +3668,7 @@ func (m *UpdateResponse) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthContent - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthContent } if (iNdEx + skippy) > l { @@ -3766,10 +3751,7 @@ func (m *ListContentRequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthContent - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthContent } if (iNdEx + skippy) > l { @@ -3854,10 +3836,7 @@ func (m *ListContentResponse) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthContent - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthContent } if (iNdEx + skippy) > l { @@ -3940,10 +3919,7 @@ func (m *DeleteContentRequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthContent - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthContent } if (iNdEx + skippy) > l { @@ -4064,10 +4040,7 @@ func (m *ReadContentRequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthContent - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthContent } if (iNdEx + skippy) > l { @@ -4171,10 +4144,7 @@ func (m *ReadContentResponse) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthContent - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthContent } if (iNdEx + skippy) > l { @@ -4393,10 +4363,7 @@ func (m *Status) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthContent - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthContent } if (iNdEx + skippy) > l { @@ -4479,10 +4446,7 @@ func (m *StatusRequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthContent - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthContent } if (iNdEx + skippy) > l { @@ -4569,10 +4533,7 @@ func (m *StatusResponse) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthContent - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthContent } if (iNdEx + skippy) > l { @@ -4655,10 +4616,7 @@ func (m *ListStatusesRequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthContent - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthContent } if (iNdEx + skippy) > l { @@ -4743,10 +4701,7 @@ func (m *ListStatusesResponse) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthContent - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthContent } if (iNdEx + skippy) > l { @@ -5062,7 +5017,7 @@ func (m *WriteContentRequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthContent } if (iNdEx + skippy) > postIndex { @@ -5079,10 +5034,7 @@ func (m *WriteContentRequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthContent - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthContent } if (iNdEx + skippy) > l { @@ -5288,10 +5240,7 @@ func (m *WriteContentResponse) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthContent - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthContent } if (iNdEx + skippy) > l { @@ -5374,10 +5323,7 @@ func (m *AbortRequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthContent - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthContent } if (iNdEx + skippy) > l { diff --git a/api/services/diff/v1/diff.pb.go b/api/services/diff/v1/diff.pb.go index 48379234d020..b1450ceb82f6 100644 --- a/api/services/diff/v1/diff.pb.go +++ b/api/services/diff/v1/diff.pb.go @@ -1063,7 +1063,7 @@ func (m *ApplyRequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthDiff } if (iNdEx + skippy) > postIndex { @@ -1080,10 +1080,7 @@ func (m *ApplyRequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthDiff - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthDiff } if (iNdEx + skippy) > l { @@ -1170,10 +1167,7 @@ func (m *ApplyResponse) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthDiff - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthDiff } if (iNdEx + skippy) > l { @@ -1466,7 +1460,7 @@ func (m *DiffRequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthDiff } if (iNdEx + skippy) > postIndex { @@ -1483,10 +1477,7 @@ func (m *DiffRequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthDiff - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthDiff } if (iNdEx + skippy) > l { @@ -1573,10 +1564,7 @@ func (m *DiffResponse) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthDiff - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthDiff } if (iNdEx + skippy) > l { diff --git a/api/services/events/v1/events.pb.go b/api/services/events/v1/events.pb.go index a1674f8623d7..4373f3bf2fc6 100644 --- a/api/services/events/v1/events.pb.go +++ b/api/services/events/v1/events.pb.go @@ -916,10 +916,7 @@ func (m *PublishRequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthEvents - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthEvents } if (iNdEx + skippy) > l { @@ -1006,10 +1003,7 @@ func (m *ForwardRequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthEvents - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthEvents } if (iNdEx + skippy) > l { @@ -1092,10 +1086,7 @@ func (m *SubscribeRequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthEvents - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthEvents } if (iNdEx + skippy) > l { @@ -1279,10 +1270,7 @@ func (m *Envelope) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthEvents - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthEvents } if (iNdEx + skippy) > l { diff --git a/api/services/images/v1/images.pb.go b/api/services/images/v1/images.pb.go index db912b68bb12..de08cc08358a 100644 --- a/api/services/images/v1/images.pb.go +++ b/api/services/images/v1/images.pb.go @@ -1707,7 +1707,7 @@ func (m *Image) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthImages } if (iNdEx + skippy) > postIndex { @@ -1823,10 +1823,7 @@ func (m *Image) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthImages - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthImages } if (iNdEx + skippy) > l { @@ -1909,10 +1906,7 @@ func (m *GetImageRequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthImages - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthImages } if (iNdEx + skippy) > l { @@ -1999,10 +1993,7 @@ func (m *GetImageResponse) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthImages - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthImages } if (iNdEx + skippy) > l { @@ -2086,10 +2077,7 @@ func (m *CreateImageRequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthImages - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthImages } if (iNdEx + skippy) > l { @@ -2173,10 +2161,7 @@ func (m *CreateImageResponse) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthImages - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthImages } if (iNdEx + skippy) > l { @@ -2296,10 +2281,7 @@ func (m *UpdateImageRequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthImages - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthImages } if (iNdEx + skippy) > l { @@ -2383,10 +2365,7 @@ func (m *UpdateImageResponse) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthImages - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthImages } if (iNdEx + skippy) > l { @@ -2469,10 +2448,7 @@ func (m *ListImagesRequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthImages - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthImages } if (iNdEx + skippy) > l { @@ -2557,10 +2533,7 @@ func (m *ListImagesResponse) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthImages - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthImages } if (iNdEx + skippy) > l { @@ -2663,10 +2636,7 @@ func (m *DeleteImageRequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthImages - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthImages } if (iNdEx + skippy) > l { diff --git a/api/services/introspection/v1/introspection.pb.go b/api/services/introspection/v1/introspection.pb.go index b9f912b09d28..d23c8b61a8e2 100644 --- a/api/services/introspection/v1/introspection.pb.go +++ b/api/services/introspection/v1/introspection.pb.go @@ -1098,7 +1098,7 @@ func (m *Plugin) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthIntrospection } if (iNdEx + skippy) > postIndex { @@ -1183,10 +1183,7 @@ func (m *Plugin) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthIntrospection - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthIntrospection } if (iNdEx + skippy) > l { @@ -1269,10 +1266,7 @@ func (m *PluginsRequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthIntrospection - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthIntrospection } if (iNdEx + skippy) > l { @@ -1357,10 +1351,7 @@ func (m *PluginsResponse) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthIntrospection - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthIntrospection } if (iNdEx + skippy) > l { @@ -1443,10 +1434,7 @@ func (m *ServerResponse) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthIntrospection - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthIntrospection } if (iNdEx + skippy) > l { diff --git a/api/services/leases/v1/leases.pb.go b/api/services/leases/v1/leases.pb.go index 4dbac3e09db4..5e7cab71f131 100644 --- a/api/services/leases/v1/leases.pb.go +++ b/api/services/leases/v1/leases.pb.go @@ -1906,7 +1906,7 @@ func (m *Lease) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthLeases } if (iNdEx + skippy) > postIndex { @@ -1923,10 +1923,7 @@ func (m *Lease) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthLeases - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthLeases } if (iNdEx + skippy) > l { @@ -2119,7 +2116,7 @@ func (m *CreateRequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthLeases } if (iNdEx + skippy) > postIndex { @@ -2136,10 +2133,7 @@ func (m *CreateRequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthLeases - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthLeases } if (iNdEx + skippy) > l { @@ -2226,10 +2220,7 @@ func (m *CreateResponse) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthLeases - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthLeases } if (iNdEx + skippy) > l { @@ -2332,10 +2323,7 @@ func (m *DeleteRequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthLeases - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthLeases } if (iNdEx + skippy) > l { @@ -2418,10 +2406,7 @@ func (m *ListRequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthLeases - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthLeases } if (iNdEx + skippy) > l { @@ -2506,10 +2491,7 @@ func (m *ListResponse) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthLeases - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthLeases } if (iNdEx + skippy) > l { @@ -2624,10 +2606,7 @@ func (m *Resource) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthLeases - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthLeases } if (iNdEx + skippy) > l { @@ -2743,10 +2722,7 @@ func (m *AddResourceRequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthLeases - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthLeases } if (iNdEx + skippy) > l { @@ -2862,10 +2838,7 @@ func (m *DeleteResourceRequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthLeases - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthLeases } if (iNdEx + skippy) > l { @@ -2948,10 +2921,7 @@ func (m *ListResourcesRequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthLeases - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthLeases } if (iNdEx + skippy) > l { @@ -3036,10 +3006,7 @@ func (m *ListResourcesResponse) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthLeases - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthLeases } if (iNdEx + skippy) > l { diff --git a/api/services/namespaces/v1/namespace.pb.go b/api/services/namespaces/v1/namespace.pb.go index 0d1d650ba4a5..76f9e117266e 100644 --- a/api/services/namespaces/v1/namespace.pb.go +++ b/api/services/namespaces/v1/namespace.pb.go @@ -1609,7 +1609,7 @@ func (m *Namespace) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthNamespace } if (iNdEx + skippy) > postIndex { @@ -1626,10 +1626,7 @@ func (m *Namespace) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthNamespace - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthNamespace } if (iNdEx + skippy) > l { @@ -1712,10 +1709,7 @@ func (m *GetNamespaceRequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthNamespace - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthNamespace } if (iNdEx + skippy) > l { @@ -1799,10 +1793,7 @@ func (m *GetNamespaceResponse) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthNamespace - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthNamespace } if (iNdEx + skippy) > l { @@ -1885,10 +1876,7 @@ func (m *ListNamespacesRequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthNamespace - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthNamespace } if (iNdEx + skippy) > l { @@ -1973,10 +1961,7 @@ func (m *ListNamespacesResponse) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthNamespace - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthNamespace } if (iNdEx + skippy) > l { @@ -2060,10 +2045,7 @@ func (m *CreateNamespaceRequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthNamespace - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthNamespace } if (iNdEx + skippy) > l { @@ -2147,10 +2129,7 @@ func (m *CreateNamespaceResponse) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthNamespace - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthNamespace } if (iNdEx + skippy) > l { @@ -2270,10 +2249,7 @@ func (m *UpdateNamespaceRequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthNamespace - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthNamespace } if (iNdEx + skippy) > l { @@ -2357,10 +2333,7 @@ func (m *UpdateNamespaceResponse) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthNamespace - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthNamespace } if (iNdEx + skippy) > l { @@ -2443,10 +2416,7 @@ func (m *DeleteNamespaceRequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthNamespace - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthNamespace } if (iNdEx + skippy) > l { diff --git a/api/services/snapshots/v1/snapshots.pb.go b/api/services/snapshots/v1/snapshots.pb.go index 1877afdedc08..046c97b015fe 100644 --- a/api/services/snapshots/v1/snapshots.pb.go +++ b/api/services/snapshots/v1/snapshots.pb.go @@ -3140,7 +3140,7 @@ func (m *PrepareSnapshotRequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthSnapshots } if (iNdEx + skippy) > postIndex { @@ -3157,10 +3157,7 @@ func (m *PrepareSnapshotRequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthSnapshots - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthSnapshots } if (iNdEx + skippy) > l { @@ -3245,10 +3242,7 @@ func (m *PrepareSnapshotResponse) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthSnapshots - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthSnapshots } if (iNdEx + skippy) > l { @@ -3505,7 +3499,7 @@ func (m *ViewSnapshotRequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthSnapshots } if (iNdEx + skippy) > postIndex { @@ -3522,10 +3516,7 @@ func (m *ViewSnapshotRequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthSnapshots - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthSnapshots } if (iNdEx + skippy) > l { @@ -3610,10 +3601,7 @@ func (m *ViewSnapshotResponse) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthSnapshots - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthSnapshots } if (iNdEx + skippy) > l { @@ -3728,10 +3716,7 @@ func (m *MountsRequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthSnapshots - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthSnapshots } if (iNdEx + skippy) > l { @@ -3816,10 +3801,7 @@ func (m *MountsResponse) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthSnapshots - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthSnapshots } if (iNdEx + skippy) > l { @@ -3934,10 +3916,7 @@ func (m *RemoveSnapshotRequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthSnapshots - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthSnapshots } if (iNdEx + skippy) > l { @@ -4194,7 +4173,7 @@ func (m *CommitSnapshotRequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthSnapshots } if (iNdEx + skippy) > postIndex { @@ -4211,10 +4190,7 @@ func (m *CommitSnapshotRequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthSnapshots - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthSnapshots } if (iNdEx + skippy) > l { @@ -4329,10 +4305,7 @@ func (m *StatSnapshotRequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthSnapshots - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthSnapshots } if (iNdEx + skippy) > l { @@ -4642,7 +4615,7 @@ func (m *Info) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthSnapshots } if (iNdEx + skippy) > postIndex { @@ -4659,10 +4632,7 @@ func (m *Info) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthSnapshots - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthSnapshots } if (iNdEx + skippy) > l { @@ -4746,10 +4716,7 @@ func (m *StatSnapshotResponse) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthSnapshots - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthSnapshots } if (iNdEx + skippy) > l { @@ -4901,10 +4868,7 @@ func (m *UpdateSnapshotRequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthSnapshots - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthSnapshots } if (iNdEx + skippy) > l { @@ -4988,10 +4952,7 @@ func (m *UpdateSnapshotResponse) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthSnapshots - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthSnapshots } if (iNdEx + skippy) > l { @@ -5106,10 +5067,7 @@ func (m *ListSnapshotsRequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthSnapshots - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthSnapshots } if (iNdEx + skippy) > l { @@ -5194,10 +5152,7 @@ func (m *ListSnapshotsResponse) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthSnapshots - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthSnapshots } if (iNdEx + skippy) > l { @@ -5312,10 +5267,7 @@ func (m *UsageRequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthSnapshots - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthSnapshots } if (iNdEx + skippy) > l { @@ -5404,10 +5356,7 @@ func (m *UsageResponse) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthSnapshots - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthSnapshots } if (iNdEx + skippy) > l { @@ -5490,10 +5439,7 @@ func (m *CleanupRequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthSnapshots - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthSnapshots } if (iNdEx + skippy) > l { diff --git a/api/services/tasks/v1/tasks.pb.go b/api/services/tasks/v1/tasks.pb.go index 5ac5af11b92e..484b469c6e48 100644 --- a/api/services/tasks/v1/tasks.pb.go +++ b/api/services/tasks/v1/tasks.pb.go @@ -4347,10 +4347,7 @@ func (m *CreateTaskRequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthTasks - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthTasks } if (iNdEx + skippy) > l { @@ -4452,10 +4449,7 @@ func (m *CreateTaskResponse) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthTasks - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthTasks } if (iNdEx + skippy) > l { @@ -4570,10 +4564,7 @@ func (m *StartRequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthTasks - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthTasks } if (iNdEx + skippy) > l { @@ -4643,10 +4634,7 @@ func (m *StartResponse) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthTasks - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthTasks } if (iNdEx + skippy) > l { @@ -4729,10 +4717,7 @@ func (m *DeleteTaskRequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthTasks - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthTasks } if (iNdEx + skippy) > l { @@ -4886,10 +4871,7 @@ func (m *DeleteResponse) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthTasks - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthTasks } if (iNdEx + skippy) > l { @@ -5004,10 +4986,7 @@ func (m *DeleteProcessRequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthTasks - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthTasks } if (iNdEx + skippy) > l { @@ -5122,10 +5101,7 @@ func (m *GetRequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthTasks - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthTasks } if (iNdEx + skippy) > l { @@ -5212,10 +5188,7 @@ func (m *GetResponse) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthTasks - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthTasks } if (iNdEx + skippy) > l { @@ -5298,10 +5271,7 @@ func (m *ListTasksRequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthTasks - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthTasks } if (iNdEx + skippy) > l { @@ -5386,10 +5356,7 @@ func (m *ListTasksResponse) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthTasks - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthTasks } if (iNdEx + skippy) > l { @@ -5543,10 +5510,7 @@ func (m *KillRequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthTasks - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthTasks } if (iNdEx + skippy) > l { @@ -5813,10 +5777,7 @@ func (m *ExecProcessRequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthTasks - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthTasks } if (iNdEx + skippy) > l { @@ -5867,10 +5828,7 @@ func (m *ExecProcessResponse) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthTasks - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthTasks } if (iNdEx + skippy) > l { @@ -6023,10 +5981,7 @@ func (m *ResizePtyRequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthTasks - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthTasks } if (iNdEx + skippy) > l { @@ -6161,10 +6116,7 @@ func (m *CloseIORequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthTasks - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthTasks } if (iNdEx + skippy) > l { @@ -6247,10 +6199,7 @@ func (m *PauseTaskRequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthTasks - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthTasks } if (iNdEx + skippy) > l { @@ -6333,10 +6282,7 @@ func (m *ResumeTaskRequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthTasks - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthTasks } if (iNdEx + skippy) > l { @@ -6419,10 +6365,7 @@ func (m *ListPidsRequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthTasks - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthTasks } if (iNdEx + skippy) > l { @@ -6507,10 +6450,7 @@ func (m *ListPidsResponse) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthTasks - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthTasks } if (iNdEx + skippy) > l { @@ -6661,10 +6601,7 @@ func (m *CheckpointTaskRequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthTasks - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthTasks } if (iNdEx + skippy) > l { @@ -6749,10 +6686,7 @@ func (m *CheckpointTaskResponse) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthTasks - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthTasks } if (iNdEx + skippy) > l { @@ -6871,10 +6805,7 @@ func (m *UpdateTaskRequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthTasks - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthTasks } if (iNdEx + skippy) > l { @@ -6957,10 +6888,7 @@ func (m *MetricsRequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthTasks - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthTasks } if (iNdEx + skippy) > l { @@ -7045,10 +6973,7 @@ func (m *MetricsResponse) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthTasks - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthTasks } if (iNdEx + skippy) > l { @@ -7163,10 +7088,7 @@ func (m *WaitRequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthTasks - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthTasks } if (iNdEx + skippy) > l { @@ -7269,10 +7191,7 @@ func (m *WaitResponse) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthTasks - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthTasks } if (iNdEx + skippy) > l { diff --git a/api/services/ttrpc/events/v1/events.pb.go b/api/services/ttrpc/events/v1/events.pb.go index 0e61351d5fe8..b1f275bf0de8 100644 --- a/api/services/ttrpc/events/v1/events.pb.go +++ b/api/services/ttrpc/events/v1/events.pb.go @@ -474,10 +474,7 @@ func (m *ForwardRequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthEvents - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthEvents } if (iNdEx + skippy) > l { @@ -661,10 +658,7 @@ func (m *Envelope) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthEvents - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthEvents } if (iNdEx + skippy) > l { diff --git a/api/services/version/v1/version.pb.go b/api/services/version/v1/version.pb.go index 81b8c339539e..b742c6ae62f5 100644 --- a/api/services/version/v1/version.pb.go +++ b/api/services/version/v1/version.pb.go @@ -374,10 +374,7 @@ func (m *VersionResponse) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthVersion - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthVersion } if (iNdEx + skippy) > l { diff --git a/api/types/descriptor.pb.go b/api/types/descriptor.pb.go index 437d41f23ad8..fe71dbf43300 100644 --- a/api/types/descriptor.pb.go +++ b/api/types/descriptor.pb.go @@ -479,7 +479,7 @@ func (m *Descriptor) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthDescriptor } if (iNdEx + skippy) > postIndex { @@ -496,10 +496,7 @@ func (m *Descriptor) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthDescriptor - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthDescriptor } if (iNdEx + skippy) > l { diff --git a/api/types/metrics.pb.go b/api/types/metrics.pb.go index 89a8d9cd6ffd..75773e442ab7 100644 --- a/api/types/metrics.pb.go +++ b/api/types/metrics.pb.go @@ -348,10 +348,7 @@ func (m *Metric) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthMetrics - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthMetrics } if (iNdEx + skippy) > l { diff --git a/api/types/mount.pb.go b/api/types/mount.pb.go index 6872e4120e1a..d0a0bee761f0 100644 --- a/api/types/mount.pb.go +++ b/api/types/mount.pb.go @@ -392,10 +392,7 @@ func (m *Mount) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthMount - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthMount } if (iNdEx + skippy) > l { diff --git a/api/types/platform.pb.go b/api/types/platform.pb.go index c03d8b077bf9..a0f78c8a769d 100644 --- a/api/types/platform.pb.go +++ b/api/types/platform.pb.go @@ -333,10 +333,7 @@ func (m *Platform) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthPlatform - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthPlatform } if (iNdEx + skippy) > l { diff --git a/api/types/task/task.pb.go b/api/types/task/task.pb.go index ae824ff45c4b..f511bbd058c8 100644 --- a/api/types/task/task.pb.go +++ b/api/types/task/task.pb.go @@ -772,10 +772,7 @@ func (m *Process) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthTask - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthTask } if (iNdEx + skippy) > l { @@ -881,10 +878,7 @@ func (m *ProcessInfo) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthTask - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthTask } if (iNdEx + skippy) > l { diff --git a/runtime/linux/runctypes/runc.pb.go b/runtime/linux/runctypes/runc.pb.go index 26306e594850..46d31ff59a51 100644 --- a/runtime/linux/runctypes/runc.pb.go +++ b/runtime/linux/runctypes/runc.pb.go @@ -978,10 +978,7 @@ func (m *RuncOptions) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthRunc - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthRunc } if (iNdEx + skippy) > l { @@ -1350,10 +1347,7 @@ func (m *CreateOptions) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthRunc - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthRunc } if (iNdEx + skippy) > l { @@ -1632,10 +1626,7 @@ func (m *CheckpointOptions) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthRunc - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthRunc } if (iNdEx + skippy) > l { @@ -1718,10 +1709,7 @@ func (m *ProcessDetails) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthRunc - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthRunc } if (iNdEx + skippy) > l { diff --git a/runtime/v1/shim/v1/shim.pb.go b/runtime/v1/shim/v1/shim.pb.go index 27f3349669d3..dbc82599d6bd 100644 --- a/runtime/v1/shim/v1/shim.pb.go +++ b/runtime/v1/shim/v1/shim.pb.go @@ -3262,10 +3262,7 @@ func (m *CreateTaskRequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthShim - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthShim } if (iNdEx + skippy) > l { @@ -3335,10 +3332,7 @@ func (m *CreateTaskResponse) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthShim - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthShim } if (iNdEx + skippy) > l { @@ -3460,10 +3454,7 @@ func (m *DeleteResponse) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthShim - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthShim } if (iNdEx + skippy) > l { @@ -3546,10 +3537,7 @@ func (m *DeleteProcessRequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthShim - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthShim } if (iNdEx + skippy) > l { @@ -3784,10 +3772,7 @@ func (m *ExecProcessRequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthShim - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthShim } if (iNdEx + skippy) > l { @@ -3838,10 +3823,7 @@ func (m *ExecProcessResponse) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthShim - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthShim } if (iNdEx + skippy) > l { @@ -3962,10 +3944,7 @@ func (m *ResizePtyRequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthShim - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthShim } if (iNdEx + skippy) > l { @@ -4048,10 +4027,7 @@ func (m *StateRequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthShim - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthShim } if (iNdEx + skippy) > l { @@ -4372,10 +4348,7 @@ func (m *StateResponse) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthShim - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthShim } if (iNdEx + skippy) > l { @@ -4497,10 +4470,7 @@ func (m *KillRequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthShim - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthShim } if (iNdEx + skippy) > l { @@ -4603,10 +4573,7 @@ func (m *CloseIORequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthShim - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthShim } if (iNdEx + skippy) > l { @@ -4689,10 +4656,7 @@ func (m *ListPidsRequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthShim - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthShim } if (iNdEx + skippy) > l { @@ -4777,10 +4741,7 @@ func (m *ListPidsResponse) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthShim - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthShim } if (iNdEx + skippy) > l { @@ -4899,10 +4860,7 @@ func (m *CheckpointTaskRequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthShim - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthShim } if (iNdEx + skippy) > l { @@ -4972,10 +4930,7 @@ func (m *ShimInfoResponse) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthShim - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthShim } if (iNdEx + skippy) > l { @@ -5062,10 +5017,7 @@ func (m *UpdateTaskRequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthShim - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthShim } if (iNdEx + skippy) > l { @@ -5148,10 +5100,7 @@ func (m *StartRequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthShim - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthShim } if (iNdEx + skippy) > l { @@ -5253,10 +5202,7 @@ func (m *StartResponse) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthShim - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthShim } if (iNdEx + skippy) > l { @@ -5339,10 +5285,7 @@ func (m *WaitRequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthShim - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthShim } if (iNdEx + skippy) > l { @@ -5445,10 +5388,7 @@ func (m *WaitResponse) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthShim - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthShim } if (iNdEx + skippy) > l { diff --git a/runtime/v2/runc/options/oci.pb.go b/runtime/v2/runc/options/oci.pb.go index f298452b6884..c9c44742a258 100644 --- a/runtime/v2/runc/options/oci.pb.go +++ b/runtime/v2/runc/options/oci.pb.go @@ -994,10 +994,7 @@ func (m *Options) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthOci - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthOci } if (iNdEx + skippy) > l { @@ -1276,10 +1273,7 @@ func (m *CheckpointOptions) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthOci - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthOci } if (iNdEx + skippy) > l { @@ -1362,10 +1356,7 @@ func (m *ProcessDetails) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthOci - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthOci } if (iNdEx + skippy) > l { diff --git a/runtime/v2/task/shim.pb.go b/runtime/v2/task/shim.pb.go index 3cf11d8e3d86..01f66dcde747 100644 --- a/runtime/v2/task/shim.pb.go +++ b/runtime/v2/task/shim.pb.go @@ -4019,10 +4019,7 @@ func (m *CreateTaskRequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthShim - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthShim } if (iNdEx + skippy) > l { @@ -4092,10 +4089,7 @@ func (m *CreateTaskResponse) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthShim - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthShim } if (iNdEx + skippy) > l { @@ -4210,10 +4204,7 @@ func (m *DeleteRequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthShim - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthShim } if (iNdEx + skippy) > l { @@ -4335,10 +4326,7 @@ func (m *DeleteResponse) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthShim - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthShim } if (iNdEx + skippy) > l { @@ -4605,10 +4593,7 @@ func (m *ExecProcessRequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthShim - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthShim } if (iNdEx + skippy) > l { @@ -4659,10 +4644,7 @@ func (m *ExecProcessResponse) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthShim - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthShim } if (iNdEx + skippy) > l { @@ -4815,10 +4797,7 @@ func (m *ResizePtyRequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthShim - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthShim } if (iNdEx + skippy) > l { @@ -4933,10 +4912,7 @@ func (m *StateRequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthShim - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthShim } if (iNdEx + skippy) > l { @@ -5289,10 +5265,7 @@ func (m *StateResponse) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthShim - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthShim } if (iNdEx + skippy) > l { @@ -5446,10 +5419,7 @@ func (m *KillRequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthShim - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthShim } if (iNdEx + skippy) > l { @@ -5584,10 +5554,7 @@ func (m *CloseIORequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthShim - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthShim } if (iNdEx + skippy) > l { @@ -5670,10 +5637,7 @@ func (m *PidsRequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthShim - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthShim } if (iNdEx + skippy) > l { @@ -5758,10 +5722,7 @@ func (m *PidsResponse) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthShim - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthShim } if (iNdEx + skippy) > l { @@ -5912,10 +5873,7 @@ func (m *CheckpointTaskRequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthShim - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthShim } if (iNdEx + skippy) > l { @@ -6034,10 +5992,7 @@ func (m *UpdateTaskRequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthShim - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthShim } if (iNdEx + skippy) > l { @@ -6152,10 +6107,7 @@ func (m *StartRequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthShim - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthShim } if (iNdEx + skippy) > l { @@ -6225,10 +6177,7 @@ func (m *StartResponse) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthShim - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthShim } if (iNdEx + skippy) > l { @@ -6343,10 +6292,7 @@ func (m *WaitRequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthShim - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthShim } if (iNdEx + skippy) > l { @@ -6449,10 +6395,7 @@ func (m *WaitResponse) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthShim - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthShim } if (iNdEx + skippy) > l { @@ -6535,10 +6478,7 @@ func (m *StatsRequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthShim - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthShim } if (iNdEx + skippy) > l { @@ -6625,10 +6565,7 @@ func (m *StatsResponse) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthShim - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthShim } if (iNdEx + skippy) > l { @@ -6711,10 +6648,7 @@ func (m *ConnectRequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthShim - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthShim } if (iNdEx + skippy) > l { @@ -6835,10 +6769,7 @@ func (m *ConnectResponse) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthShim - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthShim } if (iNdEx + skippy) > l { @@ -6941,10 +6872,7 @@ func (m *ShutdownRequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthShim - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthShim } if (iNdEx + skippy) > l { @@ -7027,10 +6955,7 @@ func (m *PauseRequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthShim - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthShim } if (iNdEx + skippy) > l { @@ -7113,10 +7038,7 @@ func (m *ResumeRequest) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthShim - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthShim } if (iNdEx + skippy) > l { diff --git a/vendor.conf b/vendor.conf index 70214ac1b744..339fecc6180c 100644 --- a/vendor.conf +++ b/vendor.conf @@ -16,7 +16,7 @@ github.com/docker/go-metrics v0.0.1 github.com/docker/go-units v0.4.0 github.com/godbus/dbus/v5 v5.0.3 github.com/gogo/googleapis v1.3.2 -github.com/gogo/protobuf v1.3.1 +github.com/gogo/protobuf v1.3.2 github.com/golang/protobuf v1.3.5 github.com/google/go-cmp v0.2.0 github.com/google/uuid v1.1.1 diff --git a/vendor/github.com/gogo/protobuf/Readme.md b/vendor/github.com/gogo/protobuf/Readme.md index 7e2d538a9168..e11dad70cf09 100644 --- a/vendor/github.com/gogo/protobuf/Readme.md +++ b/vendor/github.com/gogo/protobuf/Readme.md @@ -1,6 +1,8 @@ +[GoGo Protobuf looking for new ownership](https://github.com/gogo/protobuf/issues/691) + # Protocol Buffers for Go with Gadgets -[![Build Status](https://travis-ci.org/gogo/protobuf.svg?branch=master)](https://travis-ci.org/gogo/protobuf) +[![Build Status](https://github.com/gogo/protobuf/workflows/Continuous%20Integration/badge.svg)](https://github.com/gogo/protobuf/actions) [![GoDoc](https://godoc.org/github.com/gogo/protobuf?status.svg)](http://godoc.org/github.com/gogo/protobuf) gogoprotobuf is a fork of golang/protobuf with extra code generation features. @@ -90,10 +92,10 @@ After that you can choose: ### Installation To install it, you must first have Go (at least version 1.6.3 or 1.9 if you are using gRPC) installed (see [http://golang.org/doc/install](http://golang.org/doc/install)). -Latest patch versions of 1.10 and 1.11 are continuously tested. +Latest patch versions of 1.12 and 1.15 are continuously tested. Next, install the standard protocol buffer implementation from [https://github.com/google/protobuf](https://github.com/google/protobuf). -Most versions from 2.3.1 should not give any problems, but 2.6.1, 3.0.2 and 3.6.1 are continuously tested. +Most versions from 2.3.1 should not give any problems, but 2.6.1, 3.0.2 and 3.14.0 are continuously tested. ### Speed diff --git a/vendor/github.com/gogo/protobuf/go.mod b/vendor/github.com/gogo/protobuf/go.mod index fa2c3a96707f..001b419c95da 100644 --- a/vendor/github.com/gogo/protobuf/go.mod +++ b/vendor/github.com/gogo/protobuf/go.mod @@ -1,6 +1,9 @@ module github.com/gogo/protobuf +go 1.15 + require ( - github.com/kisielk/errcheck v1.2.0 // indirect + github.com/kisielk/errcheck v1.5.0 // indirect github.com/kisielk/gotool v1.0.0 // indirect + golang.org/x/tools v0.0.0-20210106214847-113979e3529a // indirect ) diff --git a/vendor/github.com/gogo/protobuf/plugin/unmarshal/unmarshal.go b/vendor/github.com/gogo/protobuf/plugin/unmarshal/unmarshal.go index 9a2374b563f3..fae67de4fd9b 100644 --- a/vendor/github.com/gogo/protobuf/plugin/unmarshal/unmarshal.go +++ b/vendor/github.com/gogo/protobuf/plugin/unmarshal/unmarshal.go @@ -844,7 +844,7 @@ func (p *unmarshal) field(file *generator.FileDescriptor, msg *generator.Descrip p.P(`return err`) p.Out() p.P(`}`) - p.P(`if skippy < 0 {`) + p.P(`if (skippy < 0) || (iNdEx + skippy) < 0 {`) p.In() p.P(`return ErrInvalidLength`, p.localName) p.Out() @@ -1484,12 +1484,7 @@ func (p *unmarshal) Generate(file *generator.FileDescriptor) { p.P(`return err`) p.Out() p.P(`}`) - p.P(`if skippy < 0 {`) - p.In() - p.P(`return ErrInvalidLength`, p.localName) - p.Out() - p.P(`}`) - p.P(`if (iNdEx + skippy) < 0 {`) + p.P(`if (skippy < 0) || (iNdEx + skippy) < 0 {`) p.In() p.P(`return ErrInvalidLength`, p.localName) p.Out() @@ -1512,12 +1507,7 @@ func (p *unmarshal) Generate(file *generator.FileDescriptor) { p.P(`return err`) p.Out() p.P(`}`) - p.P(`if skippy < 0 {`) - p.In() - p.P(`return ErrInvalidLength`, p.localName) - p.Out() - p.P(`}`) - p.P(`if (iNdEx + skippy) < 0 {`) + p.P(`if (skippy < 0) || (iNdEx + skippy) < 0 {`) p.In() p.P(`return ErrInvalidLength`, p.localName) p.Out() diff --git a/vendor/github.com/gogo/protobuf/proto/text_parser.go b/vendor/github.com/gogo/protobuf/proto/text_parser.go index 1ce0be2fa9be..f85c0cc81a76 100644 --- a/vendor/github.com/gogo/protobuf/proto/text_parser.go +++ b/vendor/github.com/gogo/protobuf/proto/text_parser.go @@ -318,7 +318,7 @@ func unescape(s string) (ch string, tail string, err error) { if i > utf8.MaxRune { return "", "", fmt.Errorf(`\%c%s is not a valid Unicode code point`, r, ss) } - return string(i), s, nil + return string(rune(i)), s, nil } return "", "", fmt.Errorf(`unknown escape \%c`, r) } diff --git a/vendor/github.com/gogo/protobuf/types/any.pb.go b/vendor/github.com/gogo/protobuf/types/any.pb.go index 98e269d5439e..e3d4d9490f5e 100644 --- a/vendor/github.com/gogo/protobuf/types/any.pb.go +++ b/vendor/github.com/gogo/protobuf/types/any.pb.go @@ -592,10 +592,7 @@ func (m *Any) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthAny - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthAny } if (iNdEx + skippy) > l { diff --git a/vendor/github.com/gogo/protobuf/types/api.pb.go b/vendor/github.com/gogo/protobuf/types/api.pb.go index 58bf4b53b326..83e8869206fe 100644 --- a/vendor/github.com/gogo/protobuf/types/api.pb.go +++ b/vendor/github.com/gogo/protobuf/types/api.pb.go @@ -1677,10 +1677,7 @@ func (m *Api) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthApi - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthApi } if (iNdEx + skippy) > l { @@ -1920,10 +1917,7 @@ func (m *Method) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthApi - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthApi } if (iNdEx + skippy) > l { @@ -2038,10 +2032,7 @@ func (m *Mixin) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthApi - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthApi } if (iNdEx + skippy) > l { diff --git a/vendor/github.com/gogo/protobuf/types/duration.pb.go b/vendor/github.com/gogo/protobuf/types/duration.pb.go index 3959f0669098..4deafcb1ce95 100644 --- a/vendor/github.com/gogo/protobuf/types/duration.pb.go +++ b/vendor/github.com/gogo/protobuf/types/duration.pb.go @@ -415,10 +415,7 @@ func (m *Duration) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthDuration - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthDuration } if (iNdEx + skippy) > l { diff --git a/vendor/github.com/gogo/protobuf/types/empty.pb.go b/vendor/github.com/gogo/protobuf/types/empty.pb.go index 17e3aa558394..9e94748b3a33 100644 --- a/vendor/github.com/gogo/protobuf/types/empty.pb.go +++ b/vendor/github.com/gogo/protobuf/types/empty.pb.go @@ -360,10 +360,7 @@ func (m *Empty) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthEmpty - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthEmpty } if (iNdEx + skippy) > l { diff --git a/vendor/github.com/gogo/protobuf/types/field_mask.pb.go b/vendor/github.com/gogo/protobuf/types/field_mask.pb.go index 7226b57f7353..6ae346d92527 100644 --- a/vendor/github.com/gogo/protobuf/types/field_mask.pb.go +++ b/vendor/github.com/gogo/protobuf/types/field_mask.pb.go @@ -636,10 +636,7 @@ func (m *FieldMask) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthFieldMask - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthFieldMask } if (iNdEx + skippy) > l { diff --git a/vendor/github.com/gogo/protobuf/types/source_context.pb.go b/vendor/github.com/gogo/protobuf/types/source_context.pb.go index 61045ce10d5d..8e6ce71b275e 100644 --- a/vendor/github.com/gogo/protobuf/types/source_context.pb.go +++ b/vendor/github.com/gogo/protobuf/types/source_context.pb.go @@ -422,10 +422,7 @@ func (m *SourceContext) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthSourceContext - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthSourceContext } if (iNdEx + skippy) > l { diff --git a/vendor/github.com/gogo/protobuf/types/struct.pb.go b/vendor/github.com/gogo/protobuf/types/struct.pb.go index cea553eef601..c0457312e67f 100644 --- a/vendor/github.com/gogo/protobuf/types/struct.pb.go +++ b/vendor/github.com/gogo/protobuf/types/struct.pb.go @@ -1862,7 +1862,7 @@ func (m *Struct) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthStruct } if (iNdEx + skippy) > postIndex { @@ -1879,10 +1879,7 @@ func (m *Struct) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthStruct - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthStruct } if (iNdEx + skippy) > l { @@ -2087,10 +2084,7 @@ func (m *Value) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthStruct - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthStruct } if (iNdEx + skippy) > l { @@ -2175,10 +2169,7 @@ func (m *ListValue) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthStruct - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthStruct } if (iNdEx + skippy) > l { diff --git a/vendor/github.com/gogo/protobuf/types/timestamp.pb.go b/vendor/github.com/gogo/protobuf/types/timestamp.pb.go index b818752670c8..45db7b3bb1c8 100644 --- a/vendor/github.com/gogo/protobuf/types/timestamp.pb.go +++ b/vendor/github.com/gogo/protobuf/types/timestamp.pb.go @@ -437,10 +437,7 @@ func (m *Timestamp) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthTimestamp - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthTimestamp } if (iNdEx + skippy) > l { diff --git a/vendor/github.com/gogo/protobuf/types/type.pb.go b/vendor/github.com/gogo/protobuf/types/type.pb.go index 13b7ec02f79a..791427bb228a 100644 --- a/vendor/github.com/gogo/protobuf/types/type.pb.go +++ b/vendor/github.com/gogo/protobuf/types/type.pb.go @@ -2483,10 +2483,7 @@ func (m *Type) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthType - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthType } if (iNdEx + skippy) > l { @@ -2795,10 +2792,7 @@ func (m *Field) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthType - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthType } if (iNdEx + skippy) > l { @@ -3004,10 +2998,7 @@ func (m *Enum) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthType - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthType } if (iNdEx + skippy) > l { @@ -3143,10 +3134,7 @@ func (m *EnumValue) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthType - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthType } if (iNdEx + skippy) > l { @@ -3265,10 +3253,7 @@ func (m *Option) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthType - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthType } if (iNdEx + skippy) > l { diff --git a/vendor/github.com/gogo/protobuf/types/wrappers.pb.go b/vendor/github.com/gogo/protobuf/types/wrappers.pb.go index 8f1edb57d309..8d415420a74d 100644 --- a/vendor/github.com/gogo/protobuf/types/wrappers.pb.go +++ b/vendor/github.com/gogo/protobuf/types/wrappers.pb.go @@ -2020,10 +2020,7 @@ func (m *DoubleValue) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthWrappers - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthWrappers } if (iNdEx + skippy) > l { @@ -2085,10 +2082,7 @@ func (m *FloatValue) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthWrappers - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthWrappers } if (iNdEx + skippy) > l { @@ -2158,10 +2152,7 @@ func (m *Int64Value) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthWrappers - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthWrappers } if (iNdEx + skippy) > l { @@ -2231,10 +2222,7 @@ func (m *UInt64Value) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthWrappers - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthWrappers } if (iNdEx + skippy) > l { @@ -2304,10 +2292,7 @@ func (m *Int32Value) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthWrappers - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthWrappers } if (iNdEx + skippy) > l { @@ -2377,10 +2362,7 @@ func (m *UInt32Value) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthWrappers - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthWrappers } if (iNdEx + skippy) > l { @@ -2451,10 +2433,7 @@ func (m *BoolValue) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthWrappers - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthWrappers } if (iNdEx + skippy) > l { @@ -2537,10 +2516,7 @@ func (m *StringValue) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthWrappers - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthWrappers } if (iNdEx + skippy) > l { @@ -2625,10 +2601,7 @@ func (m *BytesValue) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { - return ErrInvalidLengthWrappers - } - if (iNdEx + skippy) < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthWrappers } if (iNdEx + skippy) > l { From f4a6e163e0b51b92089076081bda7d2ae6cdedc8 Mon Sep 17 00:00:00 2001 From: Shengjing Zhu Date: Mon, 8 Feb 2021 12:12:30 +0800 Subject: [PATCH 42/46] Update continuity Pickup usage calculation fix Signed-off-by: Derek McGowan (cherry picked from commit 41da96d67071fdf9a1ed4055c32aeba42257aadc) Signed-off-by: Shengjing Zhu --- vendor.conf | 2 +- .../containerd/continuity/fs/du_unix.go | 18 ++++++++++++++---- vendor/github.com/containerd/continuity/go.mod | 16 ++++++---------- 3 files changed, 21 insertions(+), 15 deletions(-) diff --git a/vendor.conf b/vendor.conf index 70214ac1b744..276ee04e4b20 100644 --- a/vendor.conf +++ b/vendor.conf @@ -4,7 +4,7 @@ github.com/cespare/xxhash/v2 v2.1.1 github.com/containerd/btrfs 404b9149801e455c8076f615b06dc0abee0a977a github.com/containerd/cgroups 318312a373405e5e91134d8063d04d59768a1bff github.com/containerd/console v1.0.0 -github.com/containerd/continuity efbc4488d8fe1bdc16bde3b2d2990d9b3a899165 +github.com/containerd/continuity 1d9893e5674b5260c3fc11316d0d5fc0d12ea9e2 github.com/containerd/fifo f15a3290365b9d2627d189e619ab4008e0069caf github.com/containerd/go-runc 7016d3ce2328dd2cb1192b2076ebd565c4e8df0c github.com/containerd/ttrpc v1.0.1 diff --git a/vendor/github.com/containerd/continuity/fs/du_unix.go b/vendor/github.com/containerd/continuity/fs/du_unix.go index e22ffbea378f..42352de876fb 100644 --- a/vendor/github.com/containerd/continuity/fs/du_unix.go +++ b/vendor/github.com/containerd/continuity/fs/du_unix.go @@ -25,6 +25,14 @@ import ( "syscall" ) +// blocksUnitSize is the unit used by `st_blocks` in `stat` in bytes. +// See https://man7.org/linux/man-pages/man2/stat.2.html +// st_blocks +// This field indicates the number of blocks allocated to the +// file, in 512-byte units. (This may be smaller than +// st_size/512 when the file has holes.) +const blocksUnitSize = 512 + type inode struct { // TODO(stevvooe): Can probably reduce memory usage by not tracking // device, but we can leave this right for now. @@ -59,10 +67,11 @@ func diskUsage(ctx context.Context, roots ...string) (Usage, error) { default: } - inoKey := newInode(fi.Sys().(*syscall.Stat_t)) + stat := fi.Sys().(*syscall.Stat_t) + inoKey := newInode(stat) if _, ok := inodes[inoKey]; !ok { inodes[inoKey] = struct{}{} - size += fi.Size() + size += stat.Blocks * blocksUnitSize } return nil @@ -89,10 +98,11 @@ func diffUsage(ctx context.Context, a, b string) (Usage, error) { } if kind == ChangeKindAdd || kind == ChangeKindModify { - inoKey := newInode(fi.Sys().(*syscall.Stat_t)) + stat := fi.Sys().(*syscall.Stat_t) + inoKey := newInode(stat) if _, ok := inodes[inoKey]; !ok { inodes[inoKey] = struct{}{} - size += fi.Size() + size += stat.Blocks * blocksUnitSize } return nil diff --git a/vendor/github.com/containerd/continuity/go.mod b/vendor/github.com/containerd/continuity/go.mod index 75a061aaac0a..74f83dcfef2b 100644 --- a/vendor/github.com/containerd/continuity/go.mod +++ b/vendor/github.com/containerd/continuity/go.mod @@ -4,20 +4,16 @@ go 1.13 require ( bazil.org/fuse v0.0.0-20160811212531-371fbbdaa898 - github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4 + github.com/dustin/go-humanize v1.0.0 github.com/golang/protobuf v1.2.0 github.com/inconshreveable/mousetrap v1.0.0 // indirect - github.com/onsi/ginkgo v1.10.1 // indirect - github.com/onsi/gomega v1.7.0 // indirect - github.com/opencontainers/go-digest v1.0.0-rc1 - github.com/pkg/errors v0.8.1-0.20171018195549-f15c970de5b7 - github.com/sirupsen/logrus v1.0.4-0.20170822132746-89742aefa4b2 + github.com/opencontainers/go-digest v1.0.0 + github.com/pkg/errors v0.9.1 + github.com/sirupsen/logrus v1.6.0 github.com/spf13/cobra v0.0.2-0.20171109065643-2da4a54c5cee github.com/spf13/pflag v1.0.1-0.20171106142849-4c012f6dcd95 // indirect github.com/stretchr/testify v1.4.0 // indirect - golang.org/x/crypto v0.0.0-20171113213409-9f005a07e0d3 // indirect + golang.org/x/net v0.0.0-20180906233101-161cd47e91fd // indirect golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f - golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e - gopkg.in/airbrake/gobrake.v2 v2.0.9 // indirect - gopkg.in/gemnasium/logrus-airbrake-hook.v2 v2.1.2 // indirect + golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3 ) From e7851d743c71e9c13e30137219ef8323f3033ff6 Mon Sep 17 00:00:00 2001 From: Akihiro Suda Date: Wed, 24 Feb 2021 19:11:10 +0900 Subject: [PATCH 43/46] CI: fix "ls: cannot access '/etc/cni/net.d': Permission denied" The CI host was probably updated recently and the permission bits of the directory was changed. Fix 5077 Signed-off-by: Akihiro Suda (cherry picked from commit b4ef1e9dc7fe4e6681a113d2870a2f1236ba60f2) Signed-off-by: Akihiro Suda --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 40513be5cc2a..904128124f93 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -363,7 +363,7 @@ jobs: [plugins.cri.containerd.default_runtime] runtime_type = "${TEST_RUNTIME}" EOF - ls /etc/cni/net.d + sudo ls /etc/cni/net.d sudo PATH=$PATH BDIR=$BDIR /usr/local/bin/containerd -a ${BDIR}/c.sock --config ${BDIR}/config.toml --root ${BDIR}/root --state ${BDIR}/state --log-level debug &> ${BDIR}/containerd-cri.log & sudo PATH=$PATH BDIR=$BDIR /usr/local/bin/ctr -a ${BDIR}/c.sock version sudo PATH=$PATH BDIR=$BDIR GOPATH=$GOPATH critest --runtime-endpoint=unix:///${BDIR}/c.sock --parallel=8 From 633bfb7124709a3d55fb329dfe2574ab91b769c2 Mon Sep 17 00:00:00 2001 From: Akihiro Suda Date: Mon, 1 Mar 2021 15:01:47 +0900 Subject: [PATCH 44/46] CI: cache ~/.vagrant.d/boxes For deflaking `vagrant up` Signed-off-by: Akihiro Suda (cherry picked from commit 4702af91785c9063fdc1226587ff94774e528ecd) Signed-off-by: Akihiro Suda --- .github/workflows/ci.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 904128124f93..cf7dac143c9d 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -388,6 +388,12 @@ jobs: - name: Checkout containerd uses: actions/checkout@v2 + - name: "Cache ~/.vagrant.d/boxes" + uses: actions/cache@v2 + with: + path: ~/.vagrant.d/boxes + key: vagrant-${{ hashFiles('Vagrantfile*') }} + - name: Start vagrant run: vagrant up From cbcb2f57fbe221986f96b552855eb802f63193de Mon Sep 17 00:00:00 2001 From: Shengjing Zhu Date: Wed, 3 Mar 2021 01:08:31 +0800 Subject: [PATCH 45/46] vendor: update cri Signed-off-by: Shengjing Zhu --- vendor.conf | 2 +- vendor/github.com/containerd/cri/README.md | 2 +- .../cri/pkg/api/runtimeoptions/v1/api.pb.go | 220 ++++++++++-------- .../containerd/cri/pkg/config/config.go | 10 + .../cri/pkg/server/container_create_unix.go | 2 +- .../pkg/server/container_create_windows.go | 2 +- .../containerd/cri/pkg/server/helpers_unix.go | 3 + vendor/github.com/containerd/cri/vendor.conf | 2 +- 8 files changed, 135 insertions(+), 108 deletions(-) diff --git a/vendor.conf b/vendor.conf index 7f46c7c8bfe7..b97be58f9478 100644 --- a/vendor.conf +++ b/vendor.conf @@ -57,7 +57,7 @@ gotest.tools/v3 v3.0.2 github.com/cilium/ebpf 1c8d4c9ef7759622653a1d319284a44652333b28 # cri dependencies -github.com/containerd/cri adc0b6a578ed6f646bb24c1c639d65b70e14cccc # release/1.4 +github.com/containerd/cri aa2d5a97cdc4ef93919fb7d243213ce33b089aa2 # release/1.4 github.com/davecgh/go-spew v1.1.1 github.com/docker/docker 4634ce647cf2ce2c6031129ccd109e557244986f github.com/docker/spdystream 449fdfce4d962303d702fec724ef0ad181c92528 diff --git a/vendor/github.com/containerd/cri/README.md b/vendor/github.com/containerd/cri/README.md index 7f0ecf1a8fdf..9b23c75029b3 100644 --- a/vendor/github.com/containerd/cri/README.md +++ b/vendor/github.com/containerd/cri/README.md @@ -88,7 +88,7 @@ specifications as appropriate. backport version of `libseccomp-dev` is required. See [travis.yml](.travis.yml) for an example on trusty. * **btrfs development library.** Required by containerd btrfs support. `btrfs-tools`(Ubuntu, Debian) / `btrfs-progs-devel`(Fedora, CentOS, RHEL) 2. Install **`pkg-config`** (required for linking with `libseccomp`). -3. Install and setup a Go 1.13.15 development environment. +3. Install and setup a Go 1.15.5 development environment. 4. Make a local clone of this repository. 5. Install binary dependencies by running the following command from your cloned `cri/` project directory: ```bash diff --git a/vendor/github.com/containerd/cri/pkg/api/runtimeoptions/v1/api.pb.go b/vendor/github.com/containerd/cri/pkg/api/runtimeoptions/v1/api.pb.go index bf0cf3d41be0..aebd5a821848 100644 --- a/vendor/github.com/containerd/cri/pkg/api/runtimeoptions/v1/api.pb.go +++ b/vendor/github.com/containerd/cri/pkg/api/runtimeoptions/v1/api.pb.go @@ -16,26 +16,18 @@ // Code generated by protoc-gen-gogo. DO NOT EDIT. // source: api.proto -/* - Package cri_runtimeoptions_v1 is a generated protocol buffer package. - - It is generated from these files: - api.proto - - It has these top-level messages: - Options -*/ package cri_runtimeoptions_v1 -import proto "github.com/gogo/protobuf/proto" -import fmt "fmt" -import math "math" -import _ "github.com/gogo/protobuf/gogoproto" - -import strings "strings" -import reflect "reflect" - -import io "io" +import ( + fmt "fmt" + _ "github.com/gogo/protobuf/gogoproto" + proto "github.com/gogo/protobuf/proto" + io "io" + math "math" + math_bits "math/bits" + reflect "reflect" + strings "strings" +) // Reference imports to suppress errors if they are not otherwise used. var _ = proto.Marshal @@ -46,19 +38,49 @@ var _ = math.Inf // is compatible with the proto package it is being compiled against. // A compilation error at this line likely means your copy of the // proto package needs to be updated. -const _ = proto.GoGoProtoPackageIsVersion2 // please upgrade the proto package +const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package type Options struct { // TypeUrl specifies the type of the content inside the config file. TypeUrl string `protobuf:"bytes,1,opt,name=type_url,json=typeUrl,proto3" json:"type_url,omitempty"` // ConfigPath specifies the filesystem location of the config file // used by the runtime. - ConfigPath string `protobuf:"bytes,2,opt,name=config_path,json=configPath,proto3" json:"config_path,omitempty"` + ConfigPath string `protobuf:"bytes,2,opt,name=config_path,json=configPath,proto3" json:"config_path,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *Options) Reset() { *m = Options{} } +func (*Options) ProtoMessage() {} +func (*Options) Descriptor() ([]byte, []int) { + return fileDescriptor_00212fb1f9d3bf1c, []int{0} +} +func (m *Options) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *Options) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_Options.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (m *Options) XXX_Merge(src proto.Message) { + xxx_messageInfo_Options.Merge(m, src) +} +func (m *Options) XXX_Size() int { + return m.Size() +} +func (m *Options) XXX_DiscardUnknown() { + xxx_messageInfo_Options.DiscardUnknown(m) } -func (m *Options) Reset() { *m = Options{} } -func (*Options) ProtoMessage() {} -func (*Options) Descriptor() ([]byte, []int) { return fileDescriptorApi, []int{0} } +var xxx_messageInfo_Options proto.InternalMessageInfo func (m *Options) GetTypeUrl() string { if m != nil { @@ -77,10 +99,29 @@ func (m *Options) GetConfigPath() string { func init() { proto.RegisterType((*Options)(nil), "cri.runtimeoptions.v1.Options") } + +func init() { proto.RegisterFile("api.proto", fileDescriptor_00212fb1f9d3bf1c) } + +var fileDescriptor_00212fb1f9d3bf1c = []byte{ + // 183 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0xe2, 0x4c, 0x2c, 0xc8, 0xd4, + 0x2b, 0x28, 0xca, 0x2f, 0xc9, 0x17, 0x12, 0x4d, 0x2e, 0xca, 0xd4, 0x2b, 0x2a, 0xcd, 0x2b, 0xc9, + 0xcc, 0x4d, 0xcd, 0x2f, 0x28, 0xc9, 0xcc, 0xcf, 0x2b, 0xd6, 0x2b, 0x33, 0x94, 0xd2, 0x4d, 0xcf, + 0x2c, 0xc9, 0x28, 0x4d, 0xd2, 0x4b, 0xce, 0xcf, 0xd5, 0x4f, 0xcf, 0x4f, 0xcf, 0xd7, 0x07, 0xab, + 0x4e, 0x2a, 0x4d, 0x03, 0xf3, 0xc0, 0x1c, 0x30, 0x0b, 0x62, 0x8a, 0x92, 0x2b, 0x17, 0xbb, 0x3f, + 0x44, 0xb3, 0x90, 0x24, 0x17, 0x47, 0x49, 0x65, 0x41, 0x6a, 0x7c, 0x69, 0x51, 0x8e, 0x04, 0xa3, + 0x02, 0xa3, 0x06, 0x67, 0x10, 0x3b, 0x88, 0x1f, 0x5a, 0x94, 0x23, 0x24, 0xcf, 0xc5, 0x9d, 0x9c, + 0x9f, 0x97, 0x96, 0x99, 0x1e, 0x5f, 0x90, 0x58, 0x92, 0x21, 0xc1, 0x04, 0x96, 0xe5, 0x82, 0x08, + 0x05, 0x24, 0x96, 0x64, 0x38, 0xc9, 0x9c, 0x78, 0x28, 0xc7, 0x78, 0xe3, 0xa1, 0x1c, 0x43, 0xc3, + 0x23, 0x39, 0xc6, 0x13, 0x8f, 0xe4, 0x18, 0x2f, 0x3c, 0x92, 0x63, 0x7c, 0xf0, 0x48, 0x8e, 0x71, + 0xc2, 0x63, 0x39, 0x86, 0x24, 0x36, 0xb0, 0x5d, 0xc6, 0x80, 0x00, 0x00, 0x00, 0xff, 0xff, 0x07, + 0x00, 0xf2, 0x18, 0xbe, 0x00, 0x00, 0x00, +} + func (m *Options) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) - n, err := m.MarshalTo(dAtA) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) if err != nil { return nil, err } @@ -88,35 +129,47 @@ func (m *Options) Marshal() (dAtA []byte, err error) { } func (m *Options) MarshalTo(dAtA []byte) (int, error) { - var i int + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *Options) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) _ = i var l int _ = l - if len(m.TypeUrl) > 0 { - dAtA[i] = 0xa - i++ - i = encodeVarintApi(dAtA, i, uint64(len(m.TypeUrl))) - i += copy(dAtA[i:], m.TypeUrl) - } if len(m.ConfigPath) > 0 { - dAtA[i] = 0x12 - i++ + i -= len(m.ConfigPath) + copy(dAtA[i:], m.ConfigPath) i = encodeVarintApi(dAtA, i, uint64(len(m.ConfigPath))) - i += copy(dAtA[i:], m.ConfigPath) + i-- + dAtA[i] = 0x12 + } + if len(m.TypeUrl) > 0 { + i -= len(m.TypeUrl) + copy(dAtA[i:], m.TypeUrl) + i = encodeVarintApi(dAtA, i, uint64(len(m.TypeUrl))) + i-- + dAtA[i] = 0xa } - return i, nil + return len(dAtA) - i, nil } func encodeVarintApi(dAtA []byte, offset int, v uint64) int { + offset -= sovApi(v) + base := offset for v >= 1<<7 { dAtA[offset] = uint8(v&0x7f | 0x80) v >>= 7 offset++ } dAtA[offset] = uint8(v) - return offset + 1 + return base } func (m *Options) Size() (n int) { + if m == nil { + return 0 + } var l int _ = l l = len(m.TypeUrl) @@ -131,14 +184,7 @@ func (m *Options) Size() (n int) { } func sovApi(x uint64) (n int) { - for { - n++ - x >>= 7 - if x == 0 { - break - } - } - return n + return (math_bits.Len64(x|1) + 6) / 7 } func sozApi(x uint64) (n int) { return sovApi(uint64((x << 1) ^ uint64((int64(x) >> 63)))) @@ -177,7 +223,7 @@ func (m *Options) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - wire |= (uint64(b) & 0x7F) << shift + wire |= uint64(b&0x7F) << shift if b < 0x80 { break } @@ -205,7 +251,7 @@ func (m *Options) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= (uint64(b) & 0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } @@ -215,6 +261,9 @@ func (m *Options) Unmarshal(dAtA []byte) error { return ErrInvalidLengthApi } postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthApi + } if postIndex > l { return io.ErrUnexpectedEOF } @@ -234,7 +283,7 @@ func (m *Options) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= (uint64(b) & 0x7F) << shift + stringLen |= uint64(b&0x7F) << shift if b < 0x80 { break } @@ -244,6 +293,9 @@ func (m *Options) Unmarshal(dAtA []byte) error { return ErrInvalidLengthApi } postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthApi + } if postIndex > l { return io.ErrUnexpectedEOF } @@ -255,7 +307,7 @@ func (m *Options) Unmarshal(dAtA []byte) error { if err != nil { return err } - if skippy < 0 { + if (skippy < 0) || (iNdEx+skippy) < 0 { return ErrInvalidLengthApi } if (iNdEx + skippy) > l { @@ -273,6 +325,7 @@ func (m *Options) Unmarshal(dAtA []byte) error { func skipApi(dAtA []byte) (n int, err error) { l := len(dAtA) iNdEx := 0 + depth := 0 for iNdEx < l { var wire uint64 for shift := uint(0); ; shift += 7 { @@ -304,10 +357,8 @@ func skipApi(dAtA []byte) (n int, err error) { break } } - return iNdEx, nil case 1: iNdEx += 8 - return iNdEx, nil case 2: var length int for shift := uint(0); ; shift += 7 { @@ -324,71 +375,34 @@ func skipApi(dAtA []byte) (n int, err error) { break } } - iNdEx += length if length < 0 { return 0, ErrInvalidLengthApi } - return iNdEx, nil + iNdEx += length case 3: - for { - var innerWire uint64 - var start int = iNdEx - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return 0, ErrIntOverflowApi - } - if iNdEx >= l { - return 0, io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - innerWire |= (uint64(b) & 0x7F) << shift - if b < 0x80 { - break - } - } - innerWireType := int(innerWire & 0x7) - if innerWireType == 4 { - break - } - next, err := skipApi(dAtA[start:]) - if err != nil { - return 0, err - } - iNdEx = start + next - } - return iNdEx, nil + depth++ case 4: - return iNdEx, nil + if depth == 0 { + return 0, ErrUnexpectedEndOfGroupApi + } + depth-- case 5: iNdEx += 4 - return iNdEx, nil default: return 0, fmt.Errorf("proto: illegal wireType %d", wireType) } + if iNdEx < 0 { + return 0, ErrInvalidLengthApi + } + if depth == 0 { + return iNdEx, nil + } } - panic("unreachable") + return 0, io.ErrUnexpectedEOF } var ( - ErrInvalidLengthApi = fmt.Errorf("proto: negative length found during unmarshaling") - ErrIntOverflowApi = fmt.Errorf("proto: integer overflow") + ErrInvalidLengthApi = fmt.Errorf("proto: negative length found during unmarshaling") + ErrIntOverflowApi = fmt.Errorf("proto: integer overflow") + ErrUnexpectedEndOfGroupApi = fmt.Errorf("proto: unexpected end of group") ) - -func init() { proto.RegisterFile("api.proto", fileDescriptorApi) } - -var fileDescriptorApi = []byte{ - // 183 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0xe2, 0x4c, 0x2c, 0xc8, 0xd4, - 0x2b, 0x28, 0xca, 0x2f, 0xc9, 0x17, 0x12, 0x4d, 0x2e, 0xca, 0xd4, 0x2b, 0x2a, 0xcd, 0x2b, 0xc9, - 0xcc, 0x4d, 0xcd, 0x2f, 0x28, 0xc9, 0xcc, 0xcf, 0x2b, 0xd6, 0x2b, 0x33, 0x94, 0xd2, 0x4d, 0xcf, - 0x2c, 0xc9, 0x28, 0x4d, 0xd2, 0x4b, 0xce, 0xcf, 0xd5, 0x4f, 0xcf, 0x4f, 0xcf, 0xd7, 0x07, 0xab, - 0x4e, 0x2a, 0x4d, 0x03, 0xf3, 0xc0, 0x1c, 0x30, 0x0b, 0x62, 0x8a, 0x92, 0x2b, 0x17, 0xbb, 0x3f, - 0x44, 0xb3, 0x90, 0x24, 0x17, 0x47, 0x49, 0x65, 0x41, 0x6a, 0x7c, 0x69, 0x51, 0x8e, 0x04, 0xa3, - 0x02, 0xa3, 0x06, 0x67, 0x10, 0x3b, 0x88, 0x1f, 0x5a, 0x94, 0x23, 0x24, 0xcf, 0xc5, 0x9d, 0x9c, - 0x9f, 0x97, 0x96, 0x99, 0x1e, 0x5f, 0x90, 0x58, 0x92, 0x21, 0xc1, 0x04, 0x96, 0xe5, 0x82, 0x08, - 0x05, 0x24, 0x96, 0x64, 0x38, 0xc9, 0x9c, 0x78, 0x28, 0xc7, 0x78, 0xe3, 0xa1, 0x1c, 0x43, 0xc3, - 0x23, 0x39, 0xc6, 0x13, 0x8f, 0xe4, 0x18, 0x2f, 0x3c, 0x92, 0x63, 0x7c, 0xf0, 0x48, 0x8e, 0x71, - 0xc2, 0x63, 0x39, 0x86, 0x24, 0x36, 0xb0, 0x5d, 0xc6, 0x80, 0x00, 0x00, 0x00, 0xff, 0xff, 0x07, - 0x00, 0xf2, 0x18, 0xbe, 0x00, 0x00, 0x00, -} diff --git a/vendor/github.com/containerd/cri/pkg/config/config.go b/vendor/github.com/containerd/cri/pkg/config/config.go index a0c86fa76c72..7c5a20ecf3f0 100644 --- a/vendor/github.com/containerd/cri/pkg/config/config.go +++ b/vendor/github.com/containerd/cri/pkg/config/config.go @@ -18,6 +18,7 @@ package config import ( "context" + "net/url" "time" "github.com/BurntSushi/toml" @@ -352,6 +353,15 @@ func ValidatePluginConfig(ctx context.Context, c *PluginConfig) error { c.Registry.Configs = make(map[string]RegistryConfig) } for endpoint, auth := range c.Registry.Auths { + auth := auth + u, err := url.Parse(endpoint) + if err != nil { + return errors.Wrapf(err, "failed to parse registry url %q from `registry.auths`", endpoint) + } + if u.Scheme != "" { + // Do not include the scheme in the new registry config. + endpoint = u.Host + } config := c.Registry.Configs[endpoint] config.Auth = &auth c.Registry.Configs[endpoint] = config diff --git a/vendor/github.com/containerd/cri/pkg/server/container_create_unix.go b/vendor/github.com/containerd/cri/pkg/server/container_create_unix.go index 6ebebf9ad48d..bbe55e2cf32a 100644 --- a/vendor/github.com/containerd/cri/pkg/server/container_create_unix.go +++ b/vendor/github.com/containerd/cri/pkg/server/container_create_unix.go @@ -147,7 +147,7 @@ func (c *criService) containerSpec(id string, sandboxID string, sandboxPid uint3 // Apply envs from image config first, so that envs from container config // can override them. - env := imageConfig.Env + env := append([]string{}, imageConfig.Env...) for _, e := range config.GetEnvs() { env = append(env, e.GetKey()+"="+e.GetValue()) } diff --git a/vendor/github.com/containerd/cri/pkg/server/container_create_windows.go b/vendor/github.com/containerd/cri/pkg/server/container_create_windows.go index 86a08d89ec34..b689f3246ffd 100644 --- a/vendor/github.com/containerd/cri/pkg/server/container_create_windows.go +++ b/vendor/github.com/containerd/cri/pkg/server/container_create_windows.go @@ -52,7 +52,7 @@ func (c *criService) containerSpec(id string, sandboxID string, sandboxPid uint3 // Apply envs from image config first, so that envs from container config // can override them. - env := imageConfig.Env + env := append([]string{}, imageConfig.Env...) for _, e := range config.GetEnvs() { env = append(env, e.GetKey()+"="+e.GetValue()) } diff --git a/vendor/github.com/containerd/cri/pkg/server/helpers_unix.go b/vendor/github.com/containerd/cri/pkg/server/helpers_unix.go index b96af1c5aa42..4a1db78abc48 100644 --- a/vendor/github.com/containerd/cri/pkg/server/helpers_unix.go +++ b/vendor/github.com/containerd/cri/pkg/server/helpers_unix.go @@ -151,6 +151,9 @@ func (c *criService) seccompEnabled() bool { // openLogFile opens/creates a container log file. func openLogFile(path string) (*os.File, error) { + if err := os.MkdirAll(filepath.Dir(path), 0755); err != nil { + return nil, err + } return os.OpenFile(path, os.O_CREATE|os.O_APPEND|os.O_WRONLY, 0640) } diff --git a/vendor/github.com/containerd/cri/vendor.conf b/vendor/github.com/containerd/cri/vendor.conf index 918327be0aee..e327082fe8a1 100644 --- a/vendor/github.com/containerd/cri/vendor.conf +++ b/vendor/github.com/containerd/cri/vendor.conf @@ -23,7 +23,7 @@ github.com/docker/go-metrics v0.0.1 github.com/docker/go-units v0.4.0 github.com/godbus/dbus/v5 v5.0.3 github.com/gogo/googleapis v1.3.2 -github.com/gogo/protobuf v1.3.1 +github.com/gogo/protobuf v1.3.2 github.com/golang/protobuf v1.3.5 github.com/google/uuid v1.1.1 github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 From 3ba4a31713ed336dd13c5bc8e843ff2b75a03905 Mon Sep 17 00:00:00 2001 From: Derek McGowan Date: Thu, 4 Mar 2021 16:26:21 -0800 Subject: [PATCH 46/46] Prepare release notes for 1.4.4 Signed-off-by: Derek McGowan --- .mailmap | 1 + releases/v1.4.4.toml | 33 +++++++++++++++++++++++++++++++++ version/version.go | 2 +- 3 files changed, 35 insertions(+), 1 deletion(-) create mode 100644 releases/v1.4.4.toml diff --git a/.mailmap b/.mailmap index 4659530f634a..b24a16e118f9 100644 --- a/.mailmap +++ b/.mailmap @@ -97,6 +97,7 @@ Yue Zhang Yuxing Liu Zhang Wei Zhenguang Zhu +Zhiyu Li Zhiyu Li <404977848@qq.com> Zhongming Chang Zhoulin Xie diff --git a/releases/v1.4.4.toml b/releases/v1.4.4.toml new file mode 100644 index 000000000000..58434f701d12 --- /dev/null +++ b/releases/v1.4.4.toml @@ -0,0 +1,33 @@ +# commit to be tagged for new release +commit = "HEAD" + +project_name = "containerd" +github_repo = "containerd/containerd" +match_deps = "^github.com/(containerd/[a-zA-Z0-9-]+)$" + +# previous release +previous = "v1.4.3" + +pre_release = false + +preface = """\ +The fourth patch release for `containerd` 1.4 contains a fix for CVE-2021-21334 +along with various other minor issues. +See [GHSA-36xw-fx78-c5r4](https://github.com/containerd/containerd/security/advisories/GHSA-36xw-fx78-c5r4) +for more details related to CVE-2021-21334. + +### Notable Updates +* **Fix container create in CRI to prevent possible environment variable leak between containers** [#1628](https://github.com/containerd/cri/pull/1628) +* **Update shim server to return grpc NotFound error** [#4872](https://github.com/containerd/containerd/pull/4872) +* **Add bounds on max `oom_score_adj` value for shim's AdjustOOMScore** [#4874](https://github.com/containerd/containerd/pull/4874) +* **Update task manager to use fresh context when calling shim shutdown** [#4929](https://github.com/containerd/containerd/pull/4929) +* **Update Docker resolver to avoid possible concurrent map access panic** [#4941](https://github.com/containerd/containerd/pull/4941) +* **Update shim's log file open flags to avoid containerd hang on syscall open** [#4971](https://github.com/containerd/containerd/pull/4971) +* **Fix incorrect usage calculation** [#5019](https://github.com/containerd/containerd/pull/5019) + +""" + +# notable prs to include in the release notes, 1234 is the pr number +[notes] + +[breaking] diff --git a/version/version.go b/version/version.go index 184ef00d07fa..5394680f0e16 100644 --- a/version/version.go +++ b/version/version.go @@ -23,7 +23,7 @@ var ( Package = "github.com/containerd/containerd" // Version holds the complete version number. Filled in at linking time. - Version = "1.4.3+unknown" + Version = "1.4.4+unknown" // Revision is filled with the VCS (e.g. git) revision being used to build // the program at linking time.