containerd: update to 2.0-beta

We refresh our GO_FLAGS patch for new context, and drop the install of v1 or unversioned shims as the runtime-v1 has been dropped Bumping containerd to version v2.0.0-beta.0-88-g87bf39a7f, which comprises the following commits: 96aaf5a3b Add core and internal root packages c0363754f sandbox: get runtime info from sandbox or container 95d2a3b7c upgrade: add cri upgrade test case 0bc963341 runtime/v2: net.Dial gRPC shim sockets before trying grpc e1b495866 sandbox: keep rootDir and stateDir compatible b0fef6738 sandbox: migrate sandbox_mode to sandboxer c8012b6d7 sandbox: make a clear dependency of cri plugins 2ead89509 Support gzip and zstd HTTP transport compression to fetch remote resources 8e567aa58 mv pkg/process cmd/containerd-shim-runc-v2/process a813097dc Bump up github.com/fsnotify/fsnotify to v1.7.0 c384e3717 containerd-stress: use config address for CRI test d4c828c2c integration: add new binary upgrade case 8e91edb71 fix(pkg/dialer): minor fix on dialer function for windows ad3f8c563 tomlext.Duration add MarshalText method 6da015284 go.mod: github.com/containerd/continuity v0.4.3 cd348e6ef .golangci.yml: remove directories that don't exist 4b556a6e0 Bump up golangci-lint to v1.55.2 c51d4f9b6 push: always inherit distribution sources from parent e15c24655 Move CRI image service into a separate plugin 80dd779de remotes/docker: close connection if no more data 7f410ae05 integration: reproduce #9347 2e9686c05 fix: deflake TestCRIImagePullTimeout/HoldingContentOpenWriter 4aa932337 CI: update Fedora to 39 f6c4de6b5 fix: podsandbox depends on Lease plugin 1b65fe264 fix ticker leak 1af0cba1a Update documentation for containerd v2.0 packages 4f42da416 adopters.md: remove Eliot project 01c442147 Enhance container image unpack client logs e7390d4ed vendor: upgrade OpenTelemetry to v1.19.0 / v0.45.0 1a1bd6d0a runtime/v2/shim: use structured log for plugin ID 71fd85f5e runtime/v2/shim: run(): remove unused "name" argument 0a59c33be runtime/v2/shim: rename var that shadowed package var be22e12d5 services/server: use structured log for plugin ID 09de4f1fc services/server: rename var that collided with import 14e621cf9 services/server: gofumpt 32bf805e5 sandbox: add a sandboxService interface to criService 25a4c3d23 sandbox: remove SandboxersServicePlugin 0cf48bab2 sandbox: podsandbox init its own client 7d65a4563 Move runc shim implementation to cmd e682da76c fix labels in pod sandbox 64c41162c update tests to use labels from cri/labels 7e79225ce refactor labels used in cri server 274a16282 update runc binary to v1.1.10 2e014fa2a cri: fix update of pinned label for images cb555fa16 golangci-lint: enable depguard to prevent re-introducing libcontainer dac056fe7 integration: deflake TestIssue9103 7b9fcfd7c add default enable unprivileged icmp/ports a7cd49c68 expected and actual field position adjustment e099717f9 validate kernel version for unprivileged icmp/port 76049170b document runtime and shim configuration and selection 2fab240f2 integration: init release upgrade test 2af6db672 switch back from golang.org/x/sys/execabs to os/exec (go1.19) a596d09ec cri: add deprecation warning for configs 35924bccc cri: add deprecation warning for auths d7cb25d77 cri: add deprecation warning for mirrors 58cc275eb cri: add ability to emit deprecation warnings 68cac3f62 client: remove obsolete ErrCheckpointRWUnsupported df19888f8 add warning use inheritable Capabilities 411e2bce4 Remove plugins package 9db21401c Switch to github.com/containerd/plugin a48ddf4a2 Don't allow io_uring related syscalls in the RuntimeDefault seccomp profile. 2dfae4c4b Prepare release notes for v2.0.0-beta.0 6ca4b5260 Update mailmap a67efe88d Add tests cases f1d659dc5 Update package name in Makefile 0ffc3e987 Handle ArgsEscaped for new Sb Server b85df264e Rename opt to avoid stutter 261e01c2a Move client to subpackage b6adf43d4 test: use 'Autoclear: ture' in TestRwLoop and add Autoclear test 124d3a20a Sync ops.md, update CLI --help output to be consistent in descriptions 5fdf55e49 Update go module to github.com/containerd/containerd/v2 abfc8be53 Fix lint in integration/client ddd73ad30 Move protofiles generated into v2 directory 638b474c8 Temporarily remove imgcrypt in CRI to fix circular dependency 192168038 Temporarily remove integration/client submodule 4e3fbd36e vendor: github.com/klauspost/compress v1.17.2 856d1053f vendor: google.golang.org/grpc v1.58.3 466ee870d Check scheme and host of request on push redirect 3fff8b4f6 ctr: new deprecations command 079383dbe dynamic: record deprecation for dynamic plugins 260e71abc server: add ability to record config deprecations bc861b66f pull: record deprecation warning for schema 1 9aab44673 introspection: add support for deprecations 57c897f10 api/introspection: deprecation warnings in server 240733ce2 warning: new service for deprecations aff5b809c deprecation: new package for deprecations d48ceb606 Avoid TLS fallback when protocol is not ambiguous ed759bae3 Update go fuzz to directly instantiate server 09e40511a fix bug that using invalid token to retry fetching layer 2fea521d0 Disable windows-2019 integration test temporarily 9fc407d8c ci: bump up golangci-lint to v1.55.0 8b4f9656d sandbox: remove ValidateMode as it is not used 337cc2171 pkg/cri: should ignore no sandbox bucket f515cd5c5 Reorder fields when writing bootstrap params 3d53fbe85 Fix CRI integration tests f76eaf5a6 Fix 'not a directory' error when restoring bootstrap.json cf75cfa32 Add more logs around shim restore 8061cb023 Save bootstrap.json instead of address file e03bf32b8 Switch runc to v3 7a2d801d6 Expose shim instance version f66c46806 Bridge task service v2 daaf67662 Switch runc shim to task v3 bb64e6a8e Initialize sandbox controller list on CRI server creation 03d81f595 Use cri streaming pkg from k8s staging b006f1c15 integration/client: replace hardcoded strings for OCI-spec consts d3f5e0c90 images/archive: replace hardcoded strings for OCI-spec consts 8e7c10c6d CRI: enhance ImageFsInfo() to support multiple snapshotters e4639ad18 Add exports to proxy plugin config 3986f80c3 go.mod: bump up github.com/opencontainers/image-spec to v1.1.0-rc5 f7c9e9942 vendor: golang.org/x/net v0.17.0 c3652540c vendor: golang.org/x/text v0.13.0 ff602c213 vendor: golang.org/x/sys v0.13.0 39b168cdb vendor: google.golang.org/grpc v1.57.1 930ee552e Fix typos 3ef300ca7 sandbox: remove global variable of podsandbox controller 7bca70c0c sandbox: do not call Connect when loadShim d2d434b7d sandbox: add all sandbox information to Create method 0707f6869 sandbox: ignore not found error when remove sandbox 2951fb6dc sandbox: support more sandbox controllers 8b3597685 sandbox: add Sandboxer field to sandbox metadata 69e501e7c sandbox: change SandboxMode to Sandboxer f372b3501 sandbox: add sandboxer field of sandbox requests a782fd6da Use LOOP_CONFIGURE when creating loop devices 771237563 Add a new image label if it is docker schema 1 5ad6f3432 CRI: use (snapshotter_id, snapshot_key) to uniquely identify snapshots 41b2b2a7b go.mod: bump up github.com/klauspost/compress from v1.17.0 to v1.17.1 4febb0852 deprecated: go-plugin library as runtime plugin 51c9ffe46 remotes: add handling for missing basic auth credentials 4f339b5b5 RELEASES.md: mark legacy CRI as removed status 0a4f79211 Remove use of v1 runtime plugin type for Unix 71f8b4357 Move dynamic plugins to a subpackage 7b2a91821 Generalize the plugin package a80606bc2 Move plugin type definitions to containerd plugins package cb969085f Temporarily remove zfs as built in plugin 2486c1298 Exit shim when shutdown manager is done 1b3199324 Rename sbserver to server 4edc6c2d9 Add note about configuration versions in releases c5c94dc86 Fix CRI tests panic on CI a3c2c1e4d Clean shell scripts fa1d3a9cc Fix dependencies after remove 3742f7f0d idmapped: use pidfd to avoid pid reuse issue 2332b9ba1 Remove legacy CRI from CI 536abf1b3 Remove legacy CRI 33b1a833c Move CRI testing package out 016114ff6 Move bandwidth package out of CRI server 3c1e7ffb8 Integration: Alter TestContainerPids for Windows 8f013bb71 Add migration for older configuration versions 313f514fd update to go1.21.3. gp1.20.10 6b752b536 update to go1.21.2, go1.20.9 8f3d1c9d9 add cpu-burst param to ctr command 3ddcd6120 add Duration type to compatible toml v1 version 535916d1d Skip exec.LookPath if a specific gzip implementation is disabled 4b59d67dd add a new flag "skip-reference-check" to skip reference name check 34378ec9b Use Intel ISA-L's igzip if available 7d6369087 Fix windows default path overwrite issue 13dcf558e Fix windows default path overwrite issue 39478eeec go.mod: Bump up github.com/klauspost/compress v1.16.7 to v1.17.0 859c2651e remotes/docker: Fix MountedFrom prefixed with target repository c85b1d1e4 Bump up golangci-lint to v1.54.2 6169433b6 Fix linter issues for golangci-lint 1.54.2 e3cb7471a CRI: Snapshotter per runtime handler adjustments 42dc8faba Bump x/net to 0.13 79772a0dd remotes: always try to establish tls connection when tls configured 11a7751af *: add runc-fp as runc wrapper to inject failpoint 68dd47ef7 containerd-shim-runc-v2: avoid potential deadlock in create handler 6604ff6c5 containerd-shim-runc-v2: remove unnecessary `s.getContainer()` 0d76fe5c1 Fix some assertions for integ tests 1dced31c3 ci-fix: pin the mingw version 12.2.0.3042023 aae71aa8e update gitignore to indicate that where contributors can use global gitignore 8ffb03d68 cri: stop recommending disable_cgroup 5365f4b29 cri: call RegisterReadiness after NewCRIService 46645b393 Call migrations per version 5518a5026 remotes: simplify mediatype logic 8b105984b pkg/transfer/local: simplify mediatype logic 79acce462 integration: use mediatype helpers 0ba5b4b62 oci: use mediatype helpers cdba61603 remotes: use mediatype helpers 69034f755 pkg/display: use mediatype helpers 5ab04ac5a pkg/unpack: use mediatype helpers da1196979 pkg/snapshotters: use mediatype helpers f1cbc5f90 containerd: use mediatype helpers 4b1bb1293 remove github.com/opencontainers/runc dependency 62f621a34 images: simplify mediatype logic 377c5ca9c images/archive: use mediatype helpers bb8a472f2 images: use mediatype helpers e7254406c Require plugins to succeed after registering readiness 62f273d50 Add migrate subcommand to config command 0320ad184 Add config migration to plugin package f58158e2d Add config migration and bump config version bf4fbe4e8 docs: Update `transfer` service docs to reflect completed implementations for 1.7 b40e95e0e images: Config: explicitly return nil-error 36c2222d3 Add usage calculation test 3b60e9366 Create new imagetest package 4c344f2fa Add warning for plugin configs with unknown fields a9ba33f8f Allow for images with artifacts to pull 650148313 Add warning log for unknown config fields b5615caf1 Update go-toml to v2 8b413daff Remove log package except for exported const used by hcsshim 2f1b92710 Update zfs library to use new log repository 508aa3a1e Move to use github.com/containerd/log f1070c4e1 docs/userns: Clarify requirements for k8s 1.25/1.26 42eee8bf0 fix: Add `containerd` to the message type reference 9e819fb4a Update CRI image store to not use containerd client dcb2e7447 Improve doc of func NewNetNS 2ce971d89 Add delete target to image remove f8fb2dad3 api: update image service to support target in delete request 8e3722c7d CI: Set slow_chown for overlayfs snapshotter 46d3094aa docs/userns: Fix small typo d008d64a8 docs/userns: Clarify containerd 1.7 limitations e37908200 docs/userns: Document the need to opt-in for a slow chown 8bf8e2b97 snapshotter: Use capa prefix consistently for capabilities ec9e0dca9 overlay: Require opt-in if idmap mounts are not supported. 03b9ce56b deprecate logs package, but disable linter (for transitioning) d69ae811d alias log package to github.com/containerd/log v0.1.0 729c97cf3 Handle unexpected shim kill events ed5f7e7c8 Update image in client to use new usage package 96a23ccc1 Create new usage package 79f781d00 Refactor: Removing inherently flaky and unused SourceDateEpochOrNow function. 8cbb4ea5d vendor: github.com/containerd/nri v0.5.0 3ca39ef01 fix: Remove `LimitNOFILE` from `containerd.service` 83240a4f7 Bump crun to 1.9 967313049 doc: Add documentation about CRI user namespaces 2e13d3954 pkg/process: Only use idmap mounts if runc supports it fce1b9507 go.mod: Update runtime spec to include features.MountExtensions a81f80884 Revert "cri: Throw an error if idmap mounts is requested" e832605a8 integration: Simplify WithVolumeMount() 24aa808fe integration: Add userns test with volumes ab5b43fe8 cri/sbserver: Pass down UID/GID mappings to OCI runtime e916d77c8 platforms: move ToProto, FromProto to api/types 381442945 platforms: remove errdefs dependency e0b2b17de cri/server: Add tests for the linux-specific parts of VolumeMounts() 10cb112e4 cri/server: Add tests for ContainerMounts() 97dfa7f55 cri/server: Pass down uidMappings to OCI runtime b42bdd125 release: remove `cri-containerd-*.tar.gz` release bundles 9656b8c0d nri: update mock plugin handlers 6f9de91ef vendor: update github.com/containerd/nri@v0.4.0 f7089ba22 leases: add WithLabel 1480e3bd4 leases: cleanup TestWithLabels d94a789d1 Fix usages of `mountinfo.PrefixFilter` 45e303eea task: expose criu work path opt f77185f9e Fix "even if IPv4 comes first" test to have IPv4 first 88a849626 Don't use `To16() != nil` to detect IPv6 addresses eaf607101 update to go1.21.1, go1.20.8 1a7490c5a Add link to CONTRIBUTING from README 0413f1272 Add contributors guide 05093d7c0 vendor: github.com/cncf-tags/container-device-interface v0.6.1 ac1d556b9 Add image verifier transfer service plugin system based on a binary directory 55b2df560 go.mod: github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.2 a00888db8 fix reference to canonical fieldmask type 0041996ca CI: bump up crun to 1.8.7 4bc0b2660 Revert the removal of the parameter Container 6ec0d4a3a prevent ctr from creating tags with forbidden characters a4bdbf784 content: reduce the contention between ref lock and boltdb lock abfabb6d8 contrib/fuzz: fix redeclared issue 295bcec07 snapshotter: implement unit tests for idmapped mounts for overlay 9d01ed1c3 integration: add test for idmapped mounts e49e6d6fd snapshotter: implement slow path for idmapped mounts check for overlay 1555a31bf mount: support idmapped mount points 723c88ce3 snapshotter: add "--remap-labels" support to overlayfs e8ddf669f snapshotter: support "remap-ids" capability for overlayfs ef6b91947 fix(docs): fix on the windows installation script 5d31e9378 pkg/systemd: use sync.Once for systemd detection 7d0ab4fc2 remove uses of github.com/runc/libcontainer/cgroups 9bc6441c2 vendor: github.com/google/uuid v1.3.1 13ff185ba Blockfile: Enlighten blockfile copy on Darwin a3e8503ed .github: enable fuzz build cd705af89 metadata: add image delete events during garbage collection 3f9756c18 gc: add support for image expiration b32638e21 ctr: pull or fetch image metadata by default 20f79300c push: inherit distribution sources from parent 24aca53fa Update use of content.Infoprovider f8c789f31 content: add InfoProvider interface 02d519ad6 Update hcsshim tag in runhcs-version script a2817ca16 CRI: Include sandbox ID in failed to load error 492347090 replace reference/docker for github.com/distribution/reference v0.5.0 26dcae2f6 fix ossfuzz building error 19d6c37a3 Revert "log: define G() as a function instead of a variable" fd5d92a7f Update hcsshim tag versioning to v0.12.0-rc.0 779875a05 Add missing unpacker.Wait for image import 4f5db2bc0 metadata: format unit test output 15b13fb3e Windows: Supply windows shim version via file 7a0ad09a0 make repositories of install dependencies configurable 34def8b33 Remove redundant nil check fc45365fa Remove most logrus f9c35feb3 Makefile: allow overriding GO_BUILD_FLAGS via environment 490905be6 go.mod: github.com/containerd/continuity v0.4.2 03abceac5 Update LTS description 34f32043b Blockfile: Expose RecreateScratch option b4f487ce9 Apply suggestions from code review 1e3540e11 Add stale bot 4e236962f Update critools to 1.28.0 c92f4a160 Update RELEASES c3f3cad28 Use sandboxed CRI by default b76cd4d9f replace some fmt.Sprintfs with strconv bbdbf7ab6 Add inspect image commands 78308b4a4 Add manifest printer library 11a5dd826 snapshots: replace some fmt.Sprintfs with strconv 06765c9ef oci: replace some fmt.Sprintfs with strconv 710d22366 removes/docker: replace some fmt.Sprintfs with strconv d7bc8694b pkg/cri: replace some fmt.Sprintfs with strconv 73e9cfd1c append k8s 1.28 to releases 6d8329d7f Remove unnecessary joinError unwrap 8399a4ee7 Remove temporary replace 7ad0a6ccf Update to latest releases in RELEASES.md cd8c8ae4b Remove hashicorp/go-multierror 1571a5aa0 ctr: metrics: drop unused retval from printWindowsStats() 7063ae1f6 Makefile: add rule for installing documentation de4c338ab Docs: Document proxy plugin diff support d09f7cbe0 cri: Fix sandbox_mode "shim" 60b2cb143 cmd: containerd: allow building w/o systemd notify 23c95359a Add WithMetaStore to overlay snapshotter to allow bringing your own 0c1ad52ea cri: spec_linux: drop unused retvals eacd74c2b Go 1.21.0 5756cb00e CI: increase timeout for Binaries c883410c9 CI: Explicitly upgrade MinGW on Windows 2019 GitHub runners. 0f043ae43 seccomp, apparmor: add go:noinline 5d9bf7d13 CI: temporarily disable ci_fuzz due to incompatibility with recent Go e2ce4f58f Populate commit memory for windows memory usage stats 823e0420e Fix transfer service dependencies: cfb30a31a Invoke Stable ABI compatibility function in windows platform matcher 0cea317a5 FreeBSD: set default runtime def5ff3c4 Sandbox: Add annotations to controller CreateOptions 939ccbed4 Sandbox: Add annotations to CreateSandbox surface 1fd3a4652 archive/tarheader: fix FreeBSD hdr for regular files f8edd5555 update runc binary to v1.1.9 f35d1f08e go.mod: github.com/opencontainers/runc v1.1.9 00ef8ba99 Vagrantfile: add strace tool 601699a18 integration: add ShouldRetryShutdown case based on #7496 8dcb2a6e6 pkg/cri/sbserver: fix leaked shim issue for podsandbox mode 72bc63d83 pkg/cri/server: fix leaked shim issue 5bdd9ca93 integration: add case to reproduce #7496 b451fa96a bump client-go v0.26.4 a645ff2e6 Update dependencies after protobuf update in hcsshim e7e5619fe Update hcsshim tag to v0.10.0 54baf766e add metrics for discarding events 189a1599c archive/compression: update out of date RFC draft link cac8b6f4b Makefile: allow overriding the binary executable target dir 90443f038 CI: update Rocky Linux to 8.8 0a57dc2a0 CI: update Fedora to 38 30dd0a17f CI: install Vagrant from Hashicorp 965641dbc Makefile: allow REVISION be overwritten by environment fc32197d4 Makefile: fix overriding go command 2d3360ec7 CI: move Vagrant tests to GitHub Actions (larger runners) 4f3c8c468 replace mcr.microsoft.com registry to ghcr.io/containerd registry d41c62a55 .github/workflows: add dmesg step for integration-linux fd8778fba delete checkout branch in doc c62abcb14 docs: document CRI cgroup driver auto detection c80a3ecaf cri/sbserver: Use platform instead of GOOS for userns detection 157dff281 update to go1.20.7, go1.19.12 687a5f51a fix: allow attaching to any combination of stdin/stdout/stderr aa8b094ab platforms: clarify docs for amd64/arm64 variant normalization 710d987d2 Fix default platform matcher when ctr import 2d64ab8d7 cri: Don't use rel path for image volumes 85a2c9a01 log: swap logrus functions with their equivalent on default logger 6baff1694 log: add package documentation and summary of package's purpose 238da2c52 log: make Fields type a generic map[string]any 634a4a1bb log: add log.Entry type dd67240f1 log: define OutputFormat type 778ac302b log: define G() as a function instead of a variable 81ac648d9 log: add all log-levels that are accepted 0b6333a41 log: group "enum" consts and touch-up docs 4a36022e2 log: WithLogger: remove redundant intermediate var 40ee5fb11 log: SetFormat: include returns in switch 6fe7e03b8 log: remove testify dependency e2ad5a985 removes/docker: remove unnecessary conversion (unconvert) ed47d6ba7 cri: implement RuntimeConfig rpc a1cdf60cb docker: add test to ensure not found error is returned by resolve b4814a29d docker: return most relevant error from docker resolution 7f7ba31b6 cri: fix using the pinned label to pin image 480757135 pkg/epoch: fix Y2038 on 32-bit hosts 98974117b migrate to community owned bucket a3404ac42 docker: add missing info log for 4XX/5XX responses 850b2e1bf go.mod: update cri-api to v1.28.0-beta.0 480bc8a2b .github/workflows/ci.yml: upgrade Ubuntu from 20.04 to 22.04 bc96b9039 go.mod: github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20230306123547-8075edf89bb0 da2740885 go.mod: google.golang.org/genproto v0.0.0-20230720185612-659f7aaaa771 73dc13ad6 go.mod: github.com/urfave/cli/compare v1.22.14 1c4fc568b go.mod: github.com/prometheus/client_golang/compare v1.16.0 68abb525a go.mod: github.com/minio/sha256-simd v1.0.1 1f2216cc7 go.mod: github.com/klauspost/compress v1.16.7 3c6ab0420 go.mod: dario.cat/mergo v1.0.0 4bda0a69e go.mod: github.com/grpc-ecosystem/go-grpc-middleware v1.4.0 0f033b612 go.mod: github.com/emicklei/go-restful/v3 v3.10.2 90e050298 go.mod: github.com/containernetworking/plugin v1.3.0 0498acefb go.mod: github.com/.../container-device-interface v0.6.0 74b8cb850 go.mod: github.com/opencontainers/runc v1.1.8 895dd2e93 go.mod: github.com/opencontainers/image-spec v1.1.0-rc4 235a4452d go.mod: github.com/opencontainers/runtime-spec v1.1.0 06f18c69d cri: memory.memsw.limit_in_bytes: no such file or directory f3daf32c7 Fix ro mount option being passed b2967a8d6 update runc binary to v1.1.8 90ecb8104 fix: `ctr images check` outputs not unpacked images in quite mode 98f27e1d9 Revert "Add support for mounts on Darwin" e939d1319 Revert "Revert 416899fc8e81a80a4b09b59c801f98d36ddc0e74" 6c9c71112 Revert 416899fc8e81a80a4b09b59c801f98d36ddc0e74 2799b28e6 Add support for mounts on Darwin 56d80f81a Update hcsshim tag to v0.10.0-rc.9 9c673f967 pkg/cri/server: TestImageGetLabels: use registry.k8s.io f914edf4f [cri] Handle Windows pod transitions gracefully 52ef3468b Update Go to 1.20.6,1.19.11 48cdf1fe2 integration: Enable userns tests for sbserver 9160386ec cri/sbserver: Test net.ipv4.ping_group_range works with userns 1c6e26844 cri/sbserver: Fix net.ipv4.ping_group_range with userns 36a96d7f3 cri/sbserver: Remap snapshots for sbserver too 508e6f6e0 cri/sbserver: Add userns tests to TestLinuxSandboxContainerSpec() fb9ce5d48 cri/sbserver: Support pods with user namespaces c99cb95f0 cri/sbserver: Let OCI runtime create netns when userns is used 73c75e2c7 cri/sbserver: Copy userns helpers to podsandbox 0b6a0fe77 cri/sbserver: Move runtimeStart to match position with cri/server 90087ac44 WithRemapperLabels: Update doc to mention overlay supports it 9d9903565 cri: Fix comment typos 9e34b8b44 Uncopypaste parsing of OCI Bundle spec file 232538b76 bugfix(port-forward): Correctly handle known errors 5c480d9c8 Modify loopback size 7ef133ad4 Fix mount pkg typo 83ff030e4 Change http.Header copy to builtin Clone cdb153ec9 Resolve docker.NewResolver race condition 01a6e1c73 Dedup WithNewSnapshotView 6a913ac82 Cirrus CI: configure apt-get to wait for locks 38f9bc3e0 fix ci Linux Integration test fail c17d3bdb5 pkg/cri/server: Test net.ipv4.ping_group_range works with userns 9bf5aeca7 pkg/cri/server: Fix net.ipv4.ping_group_range with userns 05fef52b6 vendor: github.com/containerd/zfs v1.1.0 073de9308 Fix the auto restart fail when using LogURI and TTY together 00e5ae211 shim: change ttrpcService and ttrpcServerOptioner to exported interfaces e9f63f64f update go to go1.20.5, go1.19.10 22a7c63c0 Sandbox: Change to mount.Mount for CreateOptions 51a1e7f0b Fix example shim to actually use its task service a9cb6090e ci: remove libseccomp-dev installation for nightly 0607e7326 Move GetTopic function out of runc shim 5dedb6d0d archive: use 1970-01-01 as the whiteout timestamp d6dbc4040 go.mod: Update cgroups to 3.0.2 f3b7436b6 Platforms: Add From/ToProto helpers for types b3ab1f26c Snapshots: Add From/ToProto helpers for types 0a6b8f0ee OCI: Add From/ToProto helpers for Descriptor 4df27fd77 Update ginkgo to match cri-tools' version 9a202e342 seccomp: always allow name_to_handle_at 55a8102ec mount: Add From/ToProto helpers e85352183 integration/client: Rework withBytesBuffers 54a93c6c5 Make ptypes.Empty a var in contentserver cdc90c838 Remove duplicated code in content Copy 50376ec9f remotes: allow FetchByDigest client to pass mediatype as header 0a92661e6 Add a platform.ParseAll helper e89d7204e MergeStringSlices use sets 8760b8717 pkg/epoch: extract parsing SOURCE_DATE_EPOCH to a function 9924e56f4 pkg/epoch: fix tests on macOS dfd7ad8b3 Reword Windows file related TODO 44e2b26a8 pkg/epoch: replace some fmt.Sprintfs with strconv f82d9b799 Integration: Align empty IO func on Windows f3124d569 Makefile: Remove hcsshim related TODO 2aeac9a8f Remove duplicated writeIndex func 7601dd9a9 Dedup manifest config platform helper f3df7f739 log when a lease expires a01118bbe Minor changes to sandbox metadata f60a4a271 cri: drop unused arg from generateRuntimeOptions 1fb835f04 Remove unnecessary label bucket loop a207b430e snapshots/blockfile: fix lint issue 59b0b39af vendor: update github.com/containerd/continuity d358f1680 fix unbound variable f4ad68d5f fix-push-image-rate 7de95cbc4 snapshots/blockfile: deflaky the testsuite 6dfb16f99 snapshots|pkg: umount without DETACH and nosync after umount 72b7d1650 mount: support direct-io for loopback device 437f13410 Don't run CI on push e26c97cb8 Save marshalled empty response in streaming service 9e09bfb59 Use RWMutex in NSMap and reduce lock area 38b0f970f No more nondistributable layers in MS registry d278d37ca Sandbox: Add Metrics rpc for controller d115129d1 Add configurable mount options to overlay d56722ef2 Sandbox: Add SandboxMetrics rpc 4bb709c01 avoid "any" as variable name 577696f60 replace some basic uses of fmt.Sprintf() 5cd6210ad runtime/v2/runc: handle early exits w/o big locks df280942a integration/client: add timeout to `TestShimOOMScore` 6dd529e40 Pass in imagespec.Platform to WithVolumes() d18026592 release ticker correctly 28a5199ff Add a check to skip stats for containers that are not running 34a93a0c2 task: don't `close()` io before `cancel()` 007c5b6e3 Setup otlp from env 104b9ef9e Update x/sys to 0.8.0 69b451af5 RELEASES.md: de-deprecation of CNI conf_template will be v1.7.3 ab5365222 ctr: update WritePidFile to use atomicfile c409c631c shim: WritePidFile & WriteAddress use atomicfile 3c4a1ab1c cri: write generated CNI config atomically on Unix f3ba7c8a3 atomicfile: new package for atomic file writes 28d8c79de Replace atomicBool with the standard library atomic.Bool fe4f8bd88 Pinned image support a85b12d4d docs: cherry-pick individual commits instead of merge commit 738c4c6fa Fix issue for HPC pod metrics 52997ea98 remotes/docker: ResolverOptions: fix deprecation comments a35ead5b9 bugfix: add nil pointer check for cgroup v1 mem usage 2a60fe5a6 Remove events from init context d3887b2e6 Support CDI devices in ctr --device flag 3ca5b4437 Remove cni conf_template deprecation 94f0af3ec Image.IsUnpacked(): make error-handling more iodiomatic 54658a115 Image: rename variable that shadowed import d2b7a1e29 cleanup DEPRECATED TLS config f857626d6 Move PLEG event back to CRI fc50334ca Generate sandbox exit events from CRI d2605de73 add handling of a '.' commondir and bounds checking to mount_linux cf5605459 Move pod sandbox recovery to podsandbox/ package 45dbb4e54 Publish sandbox events 65906335b Add sandbox events protos 21b3318eb Fix several conversions of "ocispec.Image" to "ocispec.Platform" f2bc73782 Add cpuset-mems flag to 'ctr run' command f642c0a5f ctr: add cpuset-cpus flag to 'ctr run' command 314d758fa update auths code comment 9702d4aee snapshots/blockfile: use passed in dst in scratchGenerator bb82f3683 snapshots/blockfile: use loop if options is empty 9287711b7 upgrade registry.k8s.io/pause version fbb38ab6b Fix the spelling of repository within the NRI plugin documentation. 752e13d9a fix(docs): minor fix on the windows installation steps c1b926800 Windows Integration: Switch Azure-based CI to vanilla 2019 image. b9dfd29b7 Update tests to use volume-copy-up:2.2 4bfcac85f notify readiness when registered plugins are ready 7819da843 Document Protocol Buffer Setup 579b5596c Update volume-ownership image with latest hashes 88a3e25b3 Add targetOS to WithVolumes() c7ec95caf Reword comment and make slight change to code ec2bec648 Fix non C volumes on Windows 3d7522b7f ctr: allow run to override mounts 7beaa5e85 Add mount options to blockfile snapshotter 261d45efe docs/remote-snapshotter.md: update links and description 7274e33e3 CRI: Make stats respect sandbox's platform 82deabf9d Optimize metadata Schema notes to correctly match metadata structures a6cd5e3f4 bugfix: resolve symlink when looking up mountpoint b9f2e48e3 feat: make overlay sync removal configurable becf04a59 Update to docker/login-action V2 79709a205 disable provenance 1be571b14 Add sync before unmount on snapshotter layer test b729962e3 Add blockfile snapshotter to snapshotters doc 798dba9fa Add blockfile as a builtin 0c386e2eb Add blockfile snapshotter d280cb83b chore: update comment for NetworkPluginSetupSerially f8907ab87 Update volume-copy-up 811456b31 go.mod: github.com/containerd/continuity v0.4.0 6f715ab10 go.mod: github.com/containerd/go-runc v1.1.0 85cf9a09e Bump seccomp version to be the same as one in runc repo cdaa4025e Fix some typos 3d9dd2022 ctr: fix the cleanup of task 66307d0b4 CRI: Support Linux usernames for !linux platforms 5dbae3819 snapshots/testsuite: Rename: fix fuse-overlayfs incompatibility df65e321e Simplify closing bundle dir fd 718250b6b Update ttrpc to v1.2.2 7e42dc34d improve container Task comment 4347fc8bc go.mod: github.com/opencontainers/image-spec v1.1.0-rc3 5e054ee63 go.mod: github.com/opencontainers/runtime-spec v1.1.0-rc.2 bb61a6d4b cache diffIDs 6e2c915a4 Bump up golangci-lint to v1.52.2 ecb693ec7 bump typeurl to v2.1.1 f5211ee3f Change to Readdirnames for some cases e60a17925 .github: disable cache for actions/setup-go@v4 52afa34f5 cri: update WithoutDefaultSecuritySettings comment 6f34da5f8 Cleanup logrus imports 717169bb8 plugin: remove go < 1.8 stub, enable on windows and arm64 28d749c9e move to CRI-TOOLS v1.27.0 27f56e607 Fix umarshal metrics for CRI server b947a6f52 update go to go1.20.4, go1.19.9 c54b706c0 Add faasd and actuated into the ADOPTERS file d56466cf3 [transfer] avoid setting limiters when max is 0 2e53c0ec8 Windows integration: fix critest binary path in Azure-based workflow. 9e7f8fe30 Update CRI registry configuration docs 0d975230e Fix panic when remote differ returns empty result c58a229e5 Run CI when adding to the merge queue 0ba066474 vendor: github.com/opencontainers/runc v1.1.7 cbd10e41a vendor: github.com/opencontainers/runc v1.1.6 27c0fe3eb update runc binary to v1.1.7 4891bba83 Update tar tests to run on Darwin d9f3e387c Remove entry for container from container store on error 8ba285f6b fix unable to checkpoint the container more than once 370be0c18 Move logrus setup code to log package 92b93e376 cri: Vendor v0.27.1 8c80ccc7f Update external repo links that changed default branch to main 519457e3e ctr: Add sandbox flag to ctr run c786994ea Update transfer configuration 4e5693938 Add platform config to proxy plugins 4192ca8f8 pkg/cri/server: sub-test uses array and capture range var 8bcfdda39 pkg/cri/sbserver: sub-test uses array and capture range var 745ec84e5 Add diffservice to contrib 3784c1c91 Add proxy differ cb2c3ec8f oci: partially restore comment on read-only mounts for uid/gid uses f23816740 go.mod: add comment explaining go-fuzz-headers replace rule ec9e74ed9 go.mod: remove replace for github.com/opencontainers/runtime-tools 6c40cf305 go.mod: integration: use non-pre-release of containerd 92d1e9bee go.mod: integration: move indirect dependencies to the right group 18d7e84f9 runtime/shim: fix the nil checkpoint options cd16b31cd Get CDI devices from CRI Config.CDIDevices field da4de96e2 containerd support k8s 1.27 4b35c3829 update shim example 71ababe30 runtime/shim: remove runc/v2/services b71f4b751 runtime/shim: rename RunManager to Run 49111b115 update runc binary to v1.1.6 85df1cc6b doc: update CI signal info in README 7e6ab8488 cri: Throw an error if idmap mounts is requested 85afda6f5 cri: Vendor v0.27.0-beta.0 for mounts uid/gid mappings f7b8b1181 update the version of the runc shim in the readme and examples dc2fc987c capture desc variable in range variable just in case that it run in parallel mode 05bb52b27 Use t.TempDir instead of os.MkdirTemp 7a7519a78 CRI Sbserver: Make PodSandboxStatus friendlier to shim crashes 79cb4b000 [sbserver] handle missing cpu stats 464a4977a [sbserver] Refactor usageNanoCores be to used for all OSes e0b817ec1 Fix argsEscaped tests aee358765 Update to setup-go@v4 action 811be6085 Update Azure-based Windows workflow image SKUs. dfc7590d5 remotes/docker: Add MountedFrom and Exists push status db223271e Register imagePullThroughput and count with MiB 6f0714efc Use RunWithPrivileges b41ca1159 Fix access denied on mounted vhdx root a7fddb40b Use wait instead of a sleep to check for startup delay d0527e228 Support for dropping inheritable capabilities 0fb2d9132 update go to go1.20.3, go1.19.8 cab056226 oci: Use WithReadonlyTempMount when adding users/groups c9e5c33a1 UnmountAll is a no-op for missing mount points 8538e7a2a Improve error messages and remove check ba74cdf15 Make ReadOnly() available on all platforms 7bb2756bc Increase integration test tmieout to 20m 1279ad880 Remove bind code path in mount() 6a5b4c9c2 Remove "bind" code path from diff 76690706f CI: bump up crun to 1.8.3 d373ebc4d Properly mount base layers ca5605b4a Skip parent layer options on bind mounts 7f82dd91f Add ReadOnly() function 157fe6a13 docs: fix typo in comment of ExitStatus.Exit(Code|Time) 4012c1b85 Remove escalated privileges 54f8abe55 Use DefaultSnapshotter 47dd3dcff use t.Fatal if we cannot enable process privileges e31bef15f Update continuity 95687a932 Fix go.mod, simplify boolean logic, add logging 7a36efd75 Ignore ERROR_NOT_FOUND error when removing mount db3279859 Update continuity, go-winio and hcsshim 00efd3e6d Remove unused function dc980b14a Grant needed privileges for snapshotter tests feb637f92 Fix layer comparison and enable read-only checks 36dc2782c Use bind filer for mounts d591bb042 Enable TestSnapshotterClient on Windows 7b36becd2 Run Windows snapshotter through the test suite ac30eabbd Fix misspelling of 'Native' as 'Naive' 639c5799a Add paired 'mount' log for 'unmount' 8395e3a89 Don't use all-upper-case filenames in snapshot tests 909730dec Skip tests that do not apply to WCOW on Windows 469c13997 Ensure mounts are unmounted before leaving the test 84cc3e496 Unify testutil.Unmount on Windows and Unix 474a257b1 Implement Windows mounting for bind and windows-layer mounts 34b07d3e2 Implement WCOW parentless active snapshots and view snapshots 82ec62b86 fix: cio.Cancel() should close the pipes ac84bf7c8 Update sbserver to add noexec nodev and nosuid to /etc/resolv.conf mount bind. 126ab72fe Keep linux mounts for linux sandboxes on Windows/Darwin 990199a02 Test to ensure nosuid,nodev,noexec are set on /etc/reolv.conf mount. 96490734b update runc binary to v1.1.5 b55dad06a go.mod: github.com/opencontainers/runc v1.1.5 c89438e83 integration: add container start test using abs runtime path 3557ac884 Extract image service from CRI 97064b077 WithRuntimePath uses the TaskInfo.RuntimePath field c56f54aa1 devmapper plugin: skip plugin when not configured a11e47b48 Use built in atomic.Bool 87346df54 Defer uid lookups on Darwin ae4dbb60d Add noexec nodev and nosuid to sandbox /etc/resolv.conf mount bind. 1be08b10f ctr/tasks: fix unmarshal the task metrics for cgroups v1 8322bcb88 Adds a file header 50b576a94 Adds a dev container and Codespaces docs 0bbca7f1b Cleanup protobuild config daa3a7665 Add `WithReadonlyTempMount` to create readonly temporary mounts f48ae2227 fix: Update error message format based on feedback 3193650f1 fix: 'failed to resolve symlink' error messaging 14714b94d Fold the output of `crictl info` 5fdca538d adding cni metadata to the container in the `ctr run --config` 32d431a7c Update crictl doc 690ae58ca Update cri-tools version on windows 5956cdea8 Remove third-party package cri-api c011502bd Remove cri v1alpha1 services 23d288a80 Remove the CriuPath field from runc's options 62f98a1c1 CRI: Don't always close netConfMonitor channel a4d33a784 Remove support for config.toml `version = 1` 3e87f05b6 Fix image pulling with Transfer service c5f1086ad Update docs fda5c84bc Update gce contrib to use v2 by default 8bd82e355 Remove no_pivot when creating container from CRI 07c2ae12e Remove v1 runctypes c50a3ef04 Update Makefile and CI ef516a150 Remove runtime v1 76778aee6 integration: add restart monitor test for paused task 35a103d32 Remove "containerd.io/restart.logpath" label (deprecated since v1.5) 08337f356 Pre-splice strings and determine whether it is a file and check criCleanup err. e0d9b9663 Fix restarting the paused containers 86fc1ccab Remove `aufs` snapshotter (deprecated since v1.5) 50740a1a0 use strings.Cut instead of strings.Split for parsing imageConfig.User b39ac5d09 docs: fix typo in comment of plugin.Plugin.Err() d835fd2a3 Sandbox: Correct/add some fields to Status() d3e856da7 export: add test for WithSkipDockerManifest 70da5c783 Sandbox: Cleanup shim on Start failure 406583165 archive: consistently respect value of WithSkipDockerManifest 727b25403 fix userstr for dditionalGids on Linux Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
author: Bruce Ashfield <bruce.ashfield@gmail.com> 2023-12-05 14:47:53 +0000
committer: Bruce Ashfield <bruce.ashfield@gmail.com> 2024-01-04 02:52:53 +0000
commit: a6ed7b60ff6dd0c34f9f1030cbd7a28266c288ad (patch)
tree: 10441d76abdeb318efecf178f91a41d9874908a2
parent: caa14c63f158fdd13382ccf1ff4e20a8ba6ad667 (diff)
download: meta-virtualization-a6ed7b60ff6dd0c34f9f1030cbd7a28266c288ad.tar.gz
2 files changed, 8 insertions, 11 deletions
diff --git a/recipes-containers/containerd/containerd-opencontainers/0001-Makefile-allow-GO_BUILD_FLAGS-to-be-externally-speci.patch b/recipes-containers/containerd/containerd-opencontainers/0001-Makefile-allow-GO_BUILD_FLAGS-to-be-externally-speci.patch
index 3a69d76d..63498a86 100644
--- a/recipes-containers/containerd/containerd-opencontainers/0001-Makefile-allow-GO_BUILD_FLAGS-to-be-externally-speci.patch
+++ b/recipes-containers/containerd/containerd-opencontainers/0001-Makefile-allow-GO_BUILD_FLAGS-to-be-externally-speci.patch
@@ -23,13 +23,13 @@ Index: containerd/Makefile
 ===================================================================
 --- containerd.orig/Makefile
 +++ containerd/Makefile
-@@ -127,7 +127,8 @@
+@@ -129,7 +129,8 @@
- GOPATHS=$(shell go env GOPATH | tr ":" "\n" | tr ";" "\n")
+ GOPATHS=$(shell $(GO) env GOPATH | tr ":" "\n" | tr ";" "\n")
 
 TESTFLAGS_RACE=
-GO_BUILD_FLAGS=
+-GO_BUILD_FLAGS ?=
 +# allow flags to be exported and picked up.
-+# GO_BUILD_FLAGS=
+# GO_BUILD_FLAGS ?=
 # See Golang issue re: '-trimpath': https://github.com/golang/go/issues/13809
 GO_GCFLAGS=$(shell                             \
        set -- ${GOPATHS};                      \
diff --git a/recipes-containers/containerd/containerd-opencontainers_git.bb b/recipes-containers/containerd/containerd-opencontainers_git.bb
index 78fe6941..5c1e1274 100644
--- a/recipes-containers/containerd/containerd-opencontainers_git.bb
+++ b/recipes-containers/containerd/containerd-opencontainers_git.bb
@@ -5,8 +5,8 @@ DESCRIPTION = "containerd is a daemon to control runC, built for performance and
               support as well as checkpoint and restore for cloning and live migration of containers."
-SRCREV = "5e21abb181c92adc95636edf983bdf639f0ceb60"
+SRCREV = "87bf39a7f5580a86df739a787ced9664d1dc11bd"
-SRC_URI = "git://github.com/containerd/containerd;branch=release/1.7;protocol=https;destsuffix=git/src/github.com/containerd/containerd \
+SRC_URI = "git://github.com/containerd/containerd;branch=main;protocol=https;destsuffix=git/src/github.com/containerd/containerd \
           file://0001-Makefile-allow-GO_BUILD_FLAGS-to-be-externally-speci.patch \
           file://0001-build-don-t-use-gcflags-to-define-trimpath.patch \
          "
@@ -15,8 +15,8 @@ SRC_URI = "git://github.com/containerd/containerd;branch=release/1.7;protocol=ht
 LICENSE = "Apache-2.0"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=1269f40c0d099c21a871163984590d89"
-CONTAINERD_VERSION = "v1.7.7"
+CONTAINERD_VERSION = "v2.0.0-beta.0"
-CVE_VERSION = "v1.7.7"
+CVE_VERSION = "v2.0.0-beta.0"
 # EXTRA_OEMAKE += "GODEBUG=1"
@@ -73,13 +73,10 @@ do_install() {
        mkdir -p ${D}/${bindir}
        cp ${S}/bin/containerd ${D}/${bindir}/containerd
-        cp ${S}/bin/containerd-shim ${D}/${bindir}/containerd-shim
-        cp ${S}/bin/containerd-shim-runc-v1 ${D}/${bindir}/containerd-shim-runc-v1
        cp ${S}/bin/containerd-shim-runc-v2 ${D}/${bindir}/containerd-shim-runc-v2
        cp ${S}/bin/ctr ${D}/${bindir}/containerd-ctr
        ln -sf containerd ${D}/${bindir}/docker-containerd
-        ln -sf containerd-shim ${D}/${bindir}/docker-containerd-shim
        ln -sf containerd-ctr ${D}/${bindir}/docker-containerd-ctr
        ln -sf containerd-ctr ${D}/${bindir}/ctr
author	Bruce Ashfield <bruce.ashfield@gmail.com>	2023-12-05 14:47:53 +0000
committer	Bruce Ashfield <bruce.ashfield@gmail.com>	2024-01-04 02:52:53 +0000
commit	a6ed7b60ff6dd0c34f9f1030cbd7a28266c288ad (patch)
tree	10441d76abdeb318efecf178f91a41d9874908a2
parent	caa14c63f158fdd13382ccf1ff4e20a8ba6ad667 (diff)
download	meta-virtualization-a6ed7b60ff6dd0c34f9f1030cbd7a28266c288ad.tar.gz