From 6f83a71d2cc0627cbe911887cf25befaf542ab4b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 28 Mar 2024 22:27:06 +0000 Subject: [PATCH 01/18] build(deps): bump github.com/Microsoft/hcsshim from 0.12.1 to 0.12.2 Bumps [github.com/Microsoft/hcsshim](https://github.com/Microsoft/hcsshim) from 0.12.1 to 0.12.2. - [Release notes](https://github.com/Microsoft/hcsshim/releases) - [Commits](https://github.com/Microsoft/hcsshim/compare/v0.12.1...v0.12.2) --- updated-dependencies: - dependency-name: github.com/Microsoft/hcsshim dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index ccc4ba1334..cac80dc7a8 100644 --- a/go.mod +++ b/go.mod @@ -5,7 +5,7 @@ go 1.21 require ( github.com/Masterminds/semver/v3 v3.2.1 github.com/Microsoft/go-winio v0.6.1 - github.com/Microsoft/hcsshim v0.12.1 + github.com/Microsoft/hcsshim v0.12.2 github.com/awslabs/soci-snapshotter v0.4.1 github.com/compose-spec/compose-go v1.20.2 github.com/containerd/accelerated-container-image v1.0.4 diff --git a/go.sum b/go.sum index 864d8ad48b..7a4a644131 100644 --- a/go.sum +++ b/go.sum @@ -12,8 +12,8 @@ github.com/Masterminds/semver/v3 v3.2.1 h1:RN9w6+7QoMeJVGyfmbcgs28Br8cvmnucEXnY0 github.com/Masterminds/semver/v3 v3.2.1/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ= github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow= github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM= -github.com/Microsoft/hcsshim v0.12.1 h1:ahSMCguNOQMvTV7wWLknLhpieyqA2hUyEb3j6R+6B/c= -github.com/Microsoft/hcsshim v0.12.1/go.mod h1:RZV12pcHCXQ42XnlQ3pz6FZfmrC1C+R4gaOHhRNML1g= +github.com/Microsoft/hcsshim v0.12.2 h1:AcXy+yfRvrx20g9v7qYaJv5Rh+8GaHOS6b8G6Wx/nKs= +github.com/Microsoft/hcsshim v0.12.2/go.mod h1:RZV12pcHCXQ42XnlQ3pz6FZfmrC1C+R4gaOHhRNML1g= github.com/awslabs/soci-snapshotter v0.4.1 h1:f1TdTG5QZ1B6umgSPQfM1pSXDlMZu+raCKWP4QkRYL8= github.com/awslabs/soci-snapshotter v0.4.1/go.mod h1:faOXa3a6SsMRln4misZi82nAa4ez8Nu9i5N39kQyukY= github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869 h1:DDGfHa7BWjL4YnC6+E63dPcxHo2sUxDIu8g3QgEJdRY= From 9ba9ddca915241bcf5cd1bd357212308f0552289 Mon Sep 17 00:00:00 2001 From: Akihiro Suda Date: Sun, 31 Mar 2024 20:01:01 +0900 Subject: [PATCH 02/18] update BuildKit (0.13.1) Signed-off-by: Akihiro Suda --- Dockerfile | 2 +- Dockerfile.d/SHA256SUMS.d/buildkit-v0.13.0 | 2 -- Dockerfile.d/SHA256SUMS.d/buildkit-v0.13.1 | 2 ++ 3 files changed, 3 insertions(+), 3 deletions(-) delete mode 100644 Dockerfile.d/SHA256SUMS.d/buildkit-v0.13.0 create mode 100644 Dockerfile.d/SHA256SUMS.d/buildkit-v0.13.1 diff --git a/Dockerfile b/Dockerfile index eb5bf9686f..b42709b02b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -23,7 +23,7 @@ ARG RUNC_VERSION=v1.1.12 ARG CNI_PLUGINS_VERSION=v1.4.1 # Extra deps: Build -ARG BUILDKIT_VERSION=v0.13.0 +ARG BUILDKIT_VERSION=v0.13.1 # Extra deps: Lazy-pulling ARG STARGZ_SNAPSHOTTER_VERSION=v0.15.1 # Extra deps: Encryption diff --git a/Dockerfile.d/SHA256SUMS.d/buildkit-v0.13.0 b/Dockerfile.d/SHA256SUMS.d/buildkit-v0.13.0 deleted file mode 100644 index 8f1b1c5fc1..0000000000 --- a/Dockerfile.d/SHA256SUMS.d/buildkit-v0.13.0 +++ /dev/null @@ -1,2 +0,0 @@ -0893f55180c3da895ad998af25305f32413676a72a36b4372607ff7396f607e8 buildkit-v0.13.0.linux-amd64.tar.gz -265f9756102de5fe3b8f299b7e96a9ef4ff69763805642676129c2713477071d buildkit-v0.13.0.linux-arm64.tar.gz diff --git a/Dockerfile.d/SHA256SUMS.d/buildkit-v0.13.1 b/Dockerfile.d/SHA256SUMS.d/buildkit-v0.13.1 new file mode 100644 index 0000000000..df2b9d75ce --- /dev/null +++ b/Dockerfile.d/SHA256SUMS.d/buildkit-v0.13.1 @@ -0,0 +1,2 @@ +5d4a6ef438851d7a0b22d17c7e806651c24c0982ddd6af8c02117fca84f167ec buildkit-v0.13.1.linux-amd64.tar.gz +9e1478af43ba7ac6635cae30a8dda3ebce4dca70a8def939ac64ee395d03d647 buildkit-v0.13.1.linux-arm64.tar.gz From f42ab2ff7fa0daf356b9fab7dd0ea0657cc65576 Mon Sep 17 00:00:00 2001 From: Akihiro Suda Date: Sun, 31 Mar 2024 18:23:27 +0900 Subject: [PATCH 03/18] Implement `nerdctl run --annotation` (introduced in Docker v24) An OCI runtime (as well as `nerdctl internal oci-hook`) may consume an annotation and behave differently. e.g., https://github.com/opencontainers/runc/blob/v1.1.12/docs/systemd.md#auxiliary-properties nerdctl v1: - `nerdctl run --annotation` was not implemented. - `nerdctl run --label` is set as a containerd label and an OCI annotation. nerdctl v2: - `nerdctl run --annotation` is only set as an OCI annotation. - `nerdctl run --label` is only set as a containerd label. A label with the `nerdctl/` prefix can no longer be set manually, with an exception for `nerdctl/bypass4netns`. The `nerdctl/bypass4netns` label is still allowed and is propagated to an OCI annotation, for sake of compatibility. Docker v23: - `docker run --annotation` was not implemented. - `docker run --label` is only set as a Docker label. Docker v24 (implemented in docker/cli PR 4156, moby/moby PR 45025): - `docker run --annotation` is only set as an OCI annotation. - `docker run --label` is only set as a Docker label. (In a nutshell, `--annotation` may change the behavior, while `--label` should not.) Signed-off-by: Akihiro Suda --- README.md | 2 +- cmd/nerdctl/compose_up_linux_test.go | 4 +-- cmd/nerdctl/container_create.go | 4 +++ cmd/nerdctl/container_run.go | 7 ++-- docs/command-reference.md | 3 +- docs/rootless.md | 8 +++-- .../rootless/containerd-rootless-setuptool.sh | 2 +- pkg/annotations/annotations.go | 34 +++++++++++++++++++ pkg/api/types/container_types.go | 3 ++ pkg/bypass4netnsutil/bypass4netnsutil.go | 10 +++--- pkg/cmd/container/create.go | 22 ++++++++++-- pkg/cmd/container/run_linux.go | 7 ++-- pkg/composer/serviceparser/serviceparser.go | 9 +++++ pkg/labels/labels.go | 13 +------ 14 files changed, 94 insertions(+), 34 deletions(-) create mode 100644 pkg/annotations/annotations.go diff --git a/README.md b/README.md index 4b5a02aba7..36d9bbe189 100644 --- a/README.md +++ b/README.md @@ -189,7 +189,7 @@ Major: - [P2P image distribution using IPFS](./docs/ipfs.md): `nerdctl run ipfs://CID` . P2P image distribution (IPFS) is completely optional. Your host is NOT connected to any P2P network, unless you opt in to [install and run IPFS daemon](https://docs.ipfs.io/install/). - [Cosign integration](./docs/cosign.md): `nerdctl pull --verify=cosign` and `nerdctl push --sign=cosign`, and [in Compose](./docs/cosign.md#cosign-in-compose) -- [Accelerated rootless containers using bypass4netns](./docs/rootless.md): `nerdctl run --label nerdctl/bypass4netns=true` +- [Accelerated rootless containers using bypass4netns](./docs/rootless.md): `nerdctl run --annotation nerdctl/bypass4netns=true` Minor: diff --git a/cmd/nerdctl/compose_up_linux_test.go b/cmd/nerdctl/compose_up_linux_test.go index ddbea597ef..95dc761c54 100644 --- a/cmd/nerdctl/compose_up_linux_test.go +++ b/cmd/nerdctl/compose_up_linux_test.go @@ -523,7 +523,7 @@ services: WORDPRESS_DB_NAME: exampledb volumes: - wordpress:/var/www/html - labels: + annotations: - nerdctl/bypass4netns=1 db: @@ -536,7 +536,7 @@ services: MYSQL_RANDOM_ROOT_PASSWORD: '1' volumes: - db:/var/lib/mysql - labels: + annotations: - nerdctl/bypass4netns=1 volumes: diff --git a/cmd/nerdctl/container_create.go b/cmd/nerdctl/container_create.go index de99a78267..9d94f068d9 100644 --- a/cmd/nerdctl/container_create.go +++ b/cmd/nerdctl/container_create.go @@ -337,6 +337,10 @@ func processContainerCreateOptions(cmd *cobra.Command) (opt types.ContainerCreat if err != nil { return } + opt.Annotations, err = cmd.Flags().GetStringArray("annotation") + if err != nil { + return + } opt.CidFile, err = cmd.Flags().GetString("cidfile") if err != nil { return diff --git a/cmd/nerdctl/container_run.go b/cmd/nerdctl/container_run.go index 077332d447..036b1f57da 100644 --- a/cmd/nerdctl/container_run.go +++ b/cmd/nerdctl/container_run.go @@ -23,6 +23,7 @@ import ( "github.com/containerd/console" "github.com/containerd/log" + "github.com/containerd/nerdctl/v2/pkg/annotations" "github.com/containerd/nerdctl/v2/pkg/api/types" "github.com/containerd/nerdctl/v2/pkg/clientutil" "github.com/containerd/nerdctl/v2/pkg/cmd/container" @@ -230,8 +231,10 @@ func setCreateFlags(cmd *cobra.Command) { cmd.Flags().String("name", "", "Assign a name to the container") // label needs to be StringArray, not StringSlice, to prevent "foo=foo1,foo2" from being split to {"foo=foo1", "foo2"} cmd.Flags().StringArrayP("label", "l", nil, "Set metadata on container") - cmd.RegisterFlagCompletionFunc("label", func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) { - return labels.ShellCompletions, cobra.ShellCompDirectiveNoFileComp + // annotation needs to be StringArray, not StringSlice, to prevent "foo=foo1,foo2" from being split to {"foo=foo1", "foo2"} + cmd.Flags().StringArray("annotation", nil, "Add an annotation to the container (passed through to the OCI runtime)") + cmd.RegisterFlagCompletionFunc("annotation", func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) { + return annotations.ShellCompletions, cobra.ShellCompDirectiveNoFileComp }) // label-file is defined as StringSlice, not StringArray, to allow specifying "--env-file=FILE1,FILE2" (compatible with Podman) diff --git a/docs/command-reference.md b/docs/command-reference.md index dcdde45ec8..3c3371c787 100644 --- a/docs/command-reference.md +++ b/docs/command-reference.md @@ -298,8 +298,9 @@ Env flags: Metadata flags: - :whale: :blue_square: `--name`: Assign a name to the container -- :whale: :blue_square: `-l, --label`: Set meta data on a container +- :whale: :blue_square: `-l, --label`: Set meta data on a container (Not passed through the OCI runtime since nerdctl v2.0, with an exception for `nerdctl/bypass4netns`) - :whale: :blue_square: `--label-file`: Read in a line delimited file of labels +- :whale: :blue_square: `--annotation`: Add an annotation to the container (passed through to the OCI runtime) - :whale: :blue_square: `--cidfile`: Write the container ID to the file - :nerd_face: `--pidfile`: file path to write the task's pid. The CLI syntax conforms to Podman convention. diff --git a/docs/rootless.md b/docs/rootless.md index c8c738df06..5b9333ebab 100644 --- a/docs/rootless.md +++ b/docs/rootless.md @@ -121,11 +121,15 @@ The performance benchmark with iperf3 on Ubuntu 21.10 on Hyper-V VM is shown bel This benchmark can be reproduced with [https://github.com/rootless-containers/bypass4netns/blob/f009d96139e9e38ce69a2ea8a9a746349bad273c/Vagrantfile](https://github.com/rootless-containers/bypass4netns/blob/f009d96139e9e38ce69a2ea8a9a746349bad273c/Vagrantfile) -Acceleration with bypass4netns is available with `--label nerdctl/bypass4netns=true`. You also need to have `bypass4netnsd` (bypass4netns daemon) to be running. +Acceleration with bypass4netns is available with: +- `--annotation nerdctl/bypass4netns=true` (for nerdctl v2.0 and later) +- `--label nerdctl/bypass4netns=true` (deprecated form, used in nerdctl prior to v2.0). + +You also need to have `bypass4netnsd` (bypass4netns daemon) to be running. Example ```console $ containerd-rootless-setuptool.sh install-bypass4netnsd -$ nerdctl run -it --rm -p 8080:80 --label nerdctl/bypass4netns=true alpine +$ nerdctl run -it --rm -p 8080:80 --annotation nerdctl/bypass4netns=true alpine ``` More detail is available at [https://github.com/rootless-containers/bypass4netns/blob/master/README.md](https://github.com/rootless-containers/bypass4netns/blob/master/README.md) diff --git a/extras/rootless/containerd-rootless-setuptool.sh b/extras/rootless/containerd-rootless-setuptool.sh index 9b31d5efe2..9b005c7cce 100755 --- a/extras/rootless/containerd-rootless-setuptool.sh +++ b/extras/rootless/containerd-rootless-setuptool.sh @@ -365,7 +365,7 @@ cmd_entrypoint_install_bypass4netnsd() { [Install] WantedBy=default.target EOT - INFO "To use bypass4netnsd, set the \"nerdctl/bypass4netns=true\" label on containers, e.g., \`nerdctl run --label nerdctl/bypass4netns=true\`" + INFO "To use bypass4netnsd, set the \"nerdctl/bypass4netns=true\" annotation on containers, e.g., \`nerdctl run --annotation nerdctl/bypass4netns=true\`" } # CLI subcommand: "install-fuse-overlayfs" diff --git a/pkg/annotations/annotations.go b/pkg/annotations/annotations.go new file mode 100644 index 0000000000..751d231541 --- /dev/null +++ b/pkg/annotations/annotations.go @@ -0,0 +1,34 @@ +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +// Package annotations defines OCI annotations +package annotations + +const ( + // Prefix is the common prefix of nerdctl annotations + Prefix = "nerdctl/" + + // Bypass4netns is the flag for acceleration with bypass4netns + // Boolean value which can be parsed with strconv.ParseBool() is required. + // (like "nerdctl/bypass4netns=true" or "nerdctl/bypass4netns=false") + Bypass4netns = Prefix + "bypass4netns" +) + +var ShellCompletions = []string{ + Bypass4netns + "=true", + Bypass4netns + "=false", + // Other annotations should not be set via CLI +} diff --git a/pkg/api/types/container_types.go b/pkg/api/types/container_types.go index f4c4f6f1b1..60e5da4c37 100644 --- a/pkg/api/types/container_types.go +++ b/pkg/api/types/container_types.go @@ -217,9 +217,12 @@ type ContainerCreateOptions struct { // Name assign a name to the container Name string // Label set meta data on a container + // (not passed through to the OCI runtime since nerdctl v2.0, with an exception for "nerdctl/bypass4netns") Label []string // LabelFile read in a line delimited file of labels LabelFile []string + // Annotations set meta data on a container (passed through to the OCI runtime) + Annotations []string // CidFile write the container ID to the file CidFile string // PidFile specifies the file path to write the task's pid. The CLI syntax conforms to Podman convention. diff --git a/pkg/bypass4netnsutil/bypass4netnsutil.go b/pkg/bypass4netnsutil/bypass4netnsutil.go index 133102ae98..2dd0093a35 100644 --- a/pkg/bypass4netnsutil/bypass4netnsutil.go +++ b/pkg/bypass4netnsutil/bypass4netnsutil.go @@ -25,7 +25,7 @@ import ( "github.com/containerd/containerd/containers" "github.com/containerd/containerd/oci" - "github.com/containerd/nerdctl/v2/pkg/labels" + "github.com/containerd/nerdctl/v2/pkg/annotations" "github.com/opencontainers/runtime-spec/specs-go" b4nnoci "github.com/rootless-containers/bypass4netns/pkg/oci" ) @@ -46,8 +46,8 @@ func generateSecurityOpt(listenerPath string) (oci.SpecOpts, error) { return opt, nil } -func GenerateBypass4netnsOpts(securityOptsMaps map[string]string, labelMaps map[string]string, id string) ([]oci.SpecOpts, error) { - b4nn, ok := labelMaps[labels.Bypass4netns] +func GenerateBypass4netnsOpts(securityOptsMaps map[string]string, annotationsMap map[string]string, id string) ([]oci.SpecOpts, error) { + b4nn, ok := annotationsMap[annotations.Bypass4netns] if !ok { return nil, nil } @@ -133,8 +133,8 @@ func GetPidFilePathByID(id string) (string, error) { return socketPath, nil } -func IsBypass4netnsEnabled(annotations map[string]string) (bool, error) { - if b4nn, ok := annotations[labels.Bypass4netns]; ok { +func IsBypass4netnsEnabled(annotationsMap map[string]string) (bool, error) { + if b4nn, ok := annotationsMap[annotations.Bypass4netns]; ok { b4nnEnable, err := strconv.ParseBool(b4nn) if err != nil { return false, err diff --git a/pkg/cmd/container/create.go b/pkg/cmd/container/create.go index 2045b820c4..eb680fd0a6 100644 --- a/pkg/cmd/container/create.go +++ b/pkg/cmd/container/create.go @@ -35,6 +35,7 @@ import ( "github.com/containerd/containerd/oci" gocni "github.com/containerd/go-cni" "github.com/containerd/log" + "github.com/containerd/nerdctl/v2/pkg/annotations" "github.com/containerd/nerdctl/v2/pkg/api/types" "github.com/containerd/nerdctl/v2/pkg/clientutil" "github.com/containerd/nerdctl/v2/pkg/cmd/image" @@ -276,13 +277,15 @@ func Create(ctx context.Context, client *containerd.Client, args []string, netMa } } + // TODO: abolish internal labels and only use annotations ilOpt, err := withInternalLabels(internalLabels) if err != nil { return nil, nil, err } cOpts = append(cOpts, ilOpt) - opts = append(opts, propagateContainerdLabelsToOCIAnnotations()) + opts = append(opts, propagateInternalContainerdLabelsToOCIAnnotations(), + oci.WithAnnotations(strutil.ConvertKVStringsToMap(options.Annotations))) var s specs.Spec spec := containerd.WithSpec(&s, opts...) @@ -506,6 +509,13 @@ func withContainerLabels(label, labelFile []string) ([]containerd.NewContainerOp if err != nil { return nil, err } + for k := range labelMap { + if strings.HasPrefix(k, annotations.Bypass4netns) { + log.L.Warnf("Label %q is deprecated, use an annotation instead", k) + } else if strings.HasPrefix(k, labels.Prefix) { + return nil, fmt.Errorf("internal label %q must not be specified manually", k) + } + } o := containerd.WithAdditionalContainerLabels(labelMap) return []containerd.NewContainerOpts{o}, nil } @@ -704,9 +714,15 @@ func processeds(mountPoints []dockercompat.MountPoint) []*mountutil.Processed { return result } -func propagateContainerdLabelsToOCIAnnotations() oci.SpecOpts { +func propagateInternalContainerdLabelsToOCIAnnotations() oci.SpecOpts { return func(ctx context.Context, oc oci.Client, c *containers.Container, s *oci.Spec) error { - return oci.WithAnnotations(c.Labels)(ctx, oc, c, s) + allowed := make(map[string]string) + for k, v := range c.Labels { + if strings.Contains(k, labels.Prefix) { + allowed[k] = v + } + } + return oci.WithAnnotations(allowed)(ctx, oc, c, s) } } diff --git a/pkg/cmd/container/run_linux.go b/pkg/cmd/container/run_linux.go index 8377347778..89fdb73cd8 100644 --- a/pkg/cmd/container/run_linux.go +++ b/pkg/cmd/container/run_linux.go @@ -59,10 +59,7 @@ func setPlatformOptions(ctx context.Context, client *containerd.Client, id, uts } opts = append(opts, cgOpts...) - labelsMap, err := readKVStringsMapfFromLabel(options.Label, options.LabelFile) - if err != nil { - return nil, err - } + annotations := strutil.ConvertKVStringsToMap(options.Annotations) capOpts, err := generateCapOpts( strutil.DedupeStrSlice(options.CapAdd), @@ -78,7 +75,7 @@ func setPlatformOptions(ctx context.Context, client *containerd.Client, id, uts } opts = append(opts, secOpts...) - b4nnOpts, err := bypass4netnsutil.GenerateBypass4netnsOpts(securityOptsMaps, labelsMap, id) + b4nnOpts, err := bypass4netnsutil.GenerateBypass4netnsOpts(securityOptsMaps, annotations, id) if err != nil { return nil, err } diff --git a/pkg/composer/serviceparser/serviceparser.go b/pkg/composer/serviceparser/serviceparser.go index 60dd5ee8d8..05c829d421 100644 --- a/pkg/composer/serviceparser/serviceparser.go +++ b/pkg/composer/serviceparser/serviceparser.go @@ -54,6 +54,7 @@ const Separator = "-" func warnUnknownFields(svc types.ServiceConfig) { if unknown := reflectutil.UnknownNonEmptyFields(&svc, "Name", + "Annotations", "Build", "BlkioConfig", "CapAdd", @@ -477,6 +478,14 @@ func newContainer(project *types.Project, parsed *Service, i int) (*Container, e "--pull=never", // because image will be ensured before running replicas with `nerdctl run`. } + for k, v := range svc.Annotations { + if v == "" { + c.RunArgs = append(c.RunArgs, fmt.Sprintf("--annotation=%s", k)) + } else { + c.RunArgs = append(c.RunArgs, fmt.Sprintf("--annotation=%s=%s", k, v)) + } + } + if svc.BlkioConfig != nil && svc.BlkioConfig.Weight != 0 { c.RunArgs = append(c.RunArgs, fmt.Sprintf("--blkio-weight=%d", svc.BlkioConfig.Weight)) } diff --git a/pkg/labels/labels.go b/pkg/labels/labels.go index 40e82971fd..d88aee02a7 100644 --- a/pkg/labels/labels.go +++ b/pkg/labels/labels.go @@ -15,7 +15,7 @@ */ // Package labels defines labels that are set to containerd containers as labels. -// The labels are also passed to OCI containers as annotations. +// The labels defined in this package are also passed to OCI containers as annotations. package labels const ( @@ -79,11 +79,6 @@ const ( // Mounts is the mount points for the container. Mounts = Prefix + "mounts" - // Bypass4netns is the flag for acceleration with bypass4netns - // Boolean value which can be parsed with strconv.ParseBool() is required. - // (like "nerdctl/bypass4netns=true" or "nerdctl/bypass4netns=false") - Bypass4netns = Prefix + "bypass4netns" - // StopTimeout is seconds to wait for stop a container. StopTimeout = Prefix + "stop-timeout" @@ -106,9 +101,3 @@ const ( // (like "nerdctl/default-network=true" or "nerdctl/default-network=false") NerdctlDefaultNetwork = Prefix + "default-network" ) - -var ShellCompletions = []string{ - Bypass4netns + "=true", - Bypass4netns + "=false", - // Other labels should not be set via CLI -} From fc4c8e788dd4b05f9ea3111ebe0e5d8515c2decb Mon Sep 17 00:00:00 2001 From: Akihiro Suda Date: Sun, 31 Mar 2024 21:26:13 +0900 Subject: [PATCH 04/18] annotations: add `nerdctl/bypass4netns-ignore-subnets` (`[]string`) For experiments of additional `bypass4netns --ignore` Signed-off-by: Akihiro Suda --- pkg/annotations/annotations.go | 6 +++++- pkg/bypass4netnsutil/bypass.go | 20 +++++++++++++++----- pkg/ocihook/ocihook.go | 4 ++-- 3 files changed, 22 insertions(+), 8 deletions(-) diff --git a/pkg/annotations/annotations.go b/pkg/annotations/annotations.go index 751d231541..e89648d7ab 100644 --- a/pkg/annotations/annotations.go +++ b/pkg/annotations/annotations.go @@ -25,10 +25,14 @@ const ( // Boolean value which can be parsed with strconv.ParseBool() is required. // (like "nerdctl/bypass4netns=true" or "nerdctl/bypass4netns=false") Bypass4netns = Prefix + "bypass4netns" + + // Bypass4netnsIgnoreSubnets is a JSON of []string that is appended to + // the `bypass4netns --ignore` list. + Bypass4netnsIgnoreSubnets = Bypass4netns + "-ignore-subnets" ) var ShellCompletions = []string{ Bypass4netns + "=true", Bypass4netns + "=false", - // Other annotations should not be set via CLI + Bypass4netnsIgnoreSubnets + "=", } diff --git a/pkg/bypass4netnsutil/bypass.go b/pkg/bypass4netnsutil/bypass.go index 6dfb4db3c8..0885350055 100644 --- a/pkg/bypass4netnsutil/bypass.go +++ b/pkg/bypass4netnsutil/bypass.go @@ -18,31 +18,41 @@ package bypass4netnsutil import ( "context" + "encoding/json" "fmt" "net" "path/filepath" "github.com/containerd/containerd/errdefs" gocni "github.com/containerd/go-cni" + "github.com/containerd/nerdctl/v2/pkg/annotations" b4nnapi "github.com/rootless-containers/bypass4netns/pkg/api" "github.com/rootless-containers/bypass4netns/pkg/api/daemon/client" rlkclient "github.com/rootless-containers/rootlesskit/v2/pkg/api/client" ) -func NewBypass4netnsCNIBypassManager(client client.Client, rlkClient rlkclient.Client) (*Bypass4netnsCNIBypassManager, error) { +func NewBypass4netnsCNIBypassManager(client client.Client, rlkClient rlkclient.Client, annotationsMap map[string]string) (*Bypass4netnsCNIBypassManager, error) { if client == nil || rlkClient == nil { return nil, errdefs.ErrInvalidArgument } + var ignoreSubnets []string + if v := annotationsMap[annotations.Bypass4netnsIgnoreSubnets]; v != "" { + if err := json.Unmarshal([]byte(v), &ignoreSubnets); err != nil { + return nil, fmt.Errorf("failed to unmarshal annotation %q: %q: %w", annotations.Bypass4netnsIgnoreSubnets, v, err) + } + } pm := &Bypass4netnsCNIBypassManager{ - Client: client, - rlkClient: rlkClient, + Client: client, + rlkClient: rlkClient, + ignoreSubnets: ignoreSubnets, } return pm, nil } type Bypass4netnsCNIBypassManager struct { client.Client - rlkClient rlkclient.Client + rlkClient rlkclient.Client + ignoreSubnets []string } func (b4nnm *Bypass4netnsCNIBypassManager) StartBypass(ctx context.Context, ports []gocni.PortMapping, id, stateDir string) error { @@ -73,7 +83,7 @@ func (b4nnm *Bypass4netnsCNIBypassManager) StartBypass(ctx context.Context, port PidFilePath: pidFilePath, LogFilePath: logFilePath, // "auto" can detect CNI CIDRs automatically - IgnoreSubnets: []string{"127.0.0.0/8", rlkCIDR, "auto"}, + IgnoreSubnets: append([]string{"127.0.0.0/8", rlkCIDR, "auto"}, b4nnm.ignoreSubnets...), } portMap := []b4nnapi.PortSpec{} for _, p := range ports { diff --git a/pkg/ocihook/ocihook.go b/pkg/ocihook/ocihook.go index 243d9a9af9..7ce7238691 100644 --- a/pkg/ocihook/ocihook.go +++ b/pkg/ocihook/ocihook.go @@ -449,7 +449,7 @@ func applyNetworkSettings(opts *handlerOpts) error { if rootlessutil.IsRootlessChild() { if b4nnEnabled { - bm, err := bypass4netnsutil.NewBypass4netnsCNIBypassManager(opts.bypassClient, opts.rootlessKitClient) + bm, err := bypass4netnsutil.NewBypass4netnsCNIBypassManager(opts.bypassClient, opts.rootlessKitClient, opts.state.Annotations) if err != nil { return err } @@ -493,7 +493,7 @@ func onPostStop(opts *handlerOpts) error { } if rootlessutil.IsRootlessChild() { if b4nnEnabled { - bm, err := bypass4netnsutil.NewBypass4netnsCNIBypassManager(opts.bypassClient, opts.rootlessKitClient) + bm, err := bypass4netnsutil.NewBypass4netnsCNIBypassManager(opts.bypassClient, opts.rootlessKitClient, opts.state.Annotations) if err != nil { return err } From cc495f2a718e93295e26243d1da02da091baad4e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 3 Apr 2024 22:18:15 +0000 Subject: [PATCH 05/18] build(deps): bump golang.org/x/net from 0.22.0 to 0.23.0 Bumps [golang.org/x/net](https://github.com/golang/net) from 0.22.0 to 0.23.0. - [Commits](https://github.com/golang/net/compare/v0.22.0...v0.23.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index cac80dc7a8..16f1b60402 100644 --- a/go.mod +++ b/go.mod @@ -56,7 +56,7 @@ require ( github.com/yuchanns/srslog v1.1.0 go.uber.org/mock v0.4.0 golang.org/x/crypto v0.21.0 - golang.org/x/net v0.22.0 + golang.org/x/net v0.23.0 golang.org/x/sync v0.6.0 golang.org/x/sys v0.18.0 golang.org/x/term v0.18.0 diff --git a/go.sum b/go.sum index 7a4a644131..a7e0e9a9b0 100644 --- a/go.sum +++ b/go.sum @@ -388,8 +388,8 @@ golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= -golang.org/x/net v0.22.0 h1:9sGLhx7iRIHEiX0oAJ3MRZMUCElJgy7Br1nO+AMN3Tc= -golang.org/x/net v0.22.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= +golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs= +golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= From af4c470dd9fed6586f630499dab9ef2fe349380e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 4 Apr 2024 23:00:10 +0000 Subject: [PATCH 06/18] build(deps): bump golang.org/x/crypto from 0.21.0 to 0.22.0 Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.21.0 to 0.22.0. - [Commits](https://github.com/golang/crypto/compare/v0.21.0...v0.22.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 6 +++--- go.sum | 12 ++++++------ 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/go.mod b/go.mod index 16f1b60402..d198efe32f 100644 --- a/go.mod +++ b/go.mod @@ -55,11 +55,11 @@ require ( github.com/vishvananda/netns v0.0.4 github.com/yuchanns/srslog v1.1.0 go.uber.org/mock v0.4.0 - golang.org/x/crypto v0.21.0 + golang.org/x/crypto v0.22.0 golang.org/x/net v0.23.0 golang.org/x/sync v0.6.0 - golang.org/x/sys v0.18.0 - golang.org/x/term v0.18.0 + golang.org/x/sys v0.19.0 + golang.org/x/term v0.19.0 golang.org/x/text v0.14.0 gopkg.in/yaml.v3 v3.0.1 gotest.tools/v3 v3.5.1 diff --git a/go.sum b/go.sum index a7e0e9a9b0..45a5ab137f 100644 --- a/go.sum +++ b/go.sum @@ -358,8 +358,8 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= -golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA= -golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= +golang.org/x/crypto v0.22.0 h1:g1v0xeRhjcugydODzvb3mEM9SQ0HGp9s/nh3COQ/C30= +golang.org/x/crypto v0.22.0/go.mod h1:vr6Su+7cTlO45qkww3VDJlzDn0ctJvRgYbC2NvXHt+M= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20231006140011-7918f672742d h1:jtJma62tbqLibJ5sFQz8bKtEM8rJBtfilJ2qTU199MI= golang.org/x/exp v0.0.0-20231006140011-7918f672742d/go.mod h1:ldy0pHrwJyGW56pPQzzkH36rKxoZW1tw7ZJpeKx+hdo= @@ -430,15 +430,15 @@ golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4= -golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o= +golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= -golang.org/x/term v0.18.0 h1:FcHjZXDMxI8mM3nwhX9HlKop4C0YQvCVCdwYl2wOtE8= -golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= +golang.org/x/term v0.19.0 h1:+ThwsDv+tYfnJFhF4L8jITxu1tdTWRTZpdsWgEgjL6Q= +golang.org/x/term v0.19.0/go.mod h1:2CuTdWZ7KHSQwUzKva0cbMg6q2DMI3Mmxp+gKJbskEk= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= From 6b8a1c6374b553a5f5729985acf33bfebe18a419 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 4 Apr 2024 23:54:14 +0000 Subject: [PATCH 07/18] build(deps): bump golang.org/x/net from 0.23.0 to 0.24.0 Bumps [golang.org/x/net](https://github.com/golang/net) from 0.23.0 to 0.24.0. - [Commits](https://github.com/golang/net/compare/v0.23.0...v0.24.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index d198efe32f..cd8cd6a85c 100644 --- a/go.mod +++ b/go.mod @@ -56,7 +56,7 @@ require ( github.com/yuchanns/srslog v1.1.0 go.uber.org/mock v0.4.0 golang.org/x/crypto v0.22.0 - golang.org/x/net v0.23.0 + golang.org/x/net v0.24.0 golang.org/x/sync v0.6.0 golang.org/x/sys v0.19.0 golang.org/x/term v0.19.0 diff --git a/go.sum b/go.sum index 45a5ab137f..42d380cf1b 100644 --- a/go.sum +++ b/go.sum @@ -388,8 +388,8 @@ golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= -golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs= -golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= +golang.org/x/net v0.24.0 h1:1PcaxkF854Fu3+lvBIx5SYn9wRlBzzcnHZSiaFFAb0w= +golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= From 858fa60e36c26b9abab2865383a8b9177d43a5dd Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 5 Apr 2024 01:04:35 +0000 Subject: [PATCH 08/18] build(deps): bump golang.org/x/sync from 0.6.0 to 0.7.0 Bumps [golang.org/x/sync](https://github.com/golang/sync) from 0.6.0 to 0.7.0. - [Commits](https://github.com/golang/sync/compare/v0.6.0...v0.7.0) --- updated-dependencies: - dependency-name: golang.org/x/sync dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index cd8cd6a85c..55f09bd757 100644 --- a/go.mod +++ b/go.mod @@ -57,7 +57,7 @@ require ( go.uber.org/mock v0.4.0 golang.org/x/crypto v0.22.0 golang.org/x/net v0.24.0 - golang.org/x/sync v0.6.0 + golang.org/x/sync v0.7.0 golang.org/x/sys v0.19.0 golang.org/x/term v0.19.0 golang.org/x/text v0.14.0 diff --git a/go.sum b/go.sum index 42d380cf1b..93e1c6c4da 100644 --- a/go.sum +++ b/go.sum @@ -398,8 +398,8 @@ golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.6.0 h1:5BMeUDZ7vkXGfEr1x9B4bRcTH4lpkTkpdh0T/J+qjbQ= -golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M= +golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= From a1fd53b728b086ed3c7052d9d6be6cc3aa46eafc Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 5 Apr 2024 22:36:59 +0000 Subject: [PATCH 09/18] build(deps): bump github.com/containerd/containerd from 1.7.14 to 1.7.15 Bumps [github.com/containerd/containerd](https://github.com/containerd/containerd) from 1.7.14 to 1.7.15. - [Release notes](https://github.com/containerd/containerd/releases) - [Changelog](https://github.com/containerd/containerd/blob/main/RELEASES.md) - [Commits](https://github.com/containerd/containerd/compare/v1.7.14...v1.7.15) --- updated-dependencies: - dependency-name: github.com/containerd/containerd dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 4 ++-- go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index 55f09bd757..705c561034 100644 --- a/go.mod +++ b/go.mod @@ -11,7 +11,7 @@ require ( github.com/containerd/accelerated-container-image v1.0.4 github.com/containerd/cgroups/v3 v3.0.3 github.com/containerd/console v1.0.4 - github.com/containerd/containerd v1.7.14 + github.com/containerd/containerd v1.7.15 github.com/containerd/continuity v0.4.3 github.com/containerd/fifo v1.1.0 github.com/containerd/go-cni v1.1.9 @@ -87,7 +87,7 @@ require ( github.com/godbus/dbus/v5 v5.1.0 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect - github.com/golang/protobuf v1.5.3 // indirect + github.com/golang/protobuf v1.5.4 // indirect github.com/google/go-cmp v0.6.0 // indirect github.com/google/uuid v1.6.0 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect diff --git a/go.sum b/go.sum index 93e1c6c4da..062c28e566 100644 --- a/go.sum +++ b/go.sum @@ -35,8 +35,8 @@ github.com/containerd/cgroups/v3 v3.0.3/go.mod h1:8HBe7V3aWGLFPd/k03swSIsGjZhHI2 github.com/containerd/console v1.0.1/go.mod h1:XUsP6YE/mKtz6bxc+I8UiKKTP04qjQL4qcS3XoQ5xkw= github.com/containerd/console v1.0.4 h1:F2g4+oChYvBTsASRTz8NP6iIAi97J3TtSAsLbIFn4ro= github.com/containerd/console v1.0.4/go.mod h1:YynlIjWYF8myEu6sdkwKIvGQq+cOckRm6So2avqoYAk= -github.com/containerd/containerd v1.7.14 h1:H/XLzbnGuenZEGK+v0RkwTdv2u1QFAruMe5N0GNPJwA= -github.com/containerd/containerd v1.7.14/go.mod h1:YMC9Qt5yzNqXx/fO4j/5yYVIHXSRrlB3H7sxkUTvspg= +github.com/containerd/containerd v1.7.15 h1:afEHXdil9iAm03BmhjzKyXnnEBtjaLJefdU7DV0IFes= +github.com/containerd/containerd v1.7.15/go.mod h1:ISzRRTMF8EXNpJlTzyr2XMhN+j9K302C21/+cr3kUnY= github.com/containerd/continuity v0.4.3 h1:6HVkalIp+2u1ZLH1J/pYX2oBVXlJZvh1X1A7bEZ9Su8= github.com/containerd/continuity v0.4.3/go.mod h1:F6PTNCKepoxEaXLQp3wDAjygEnImnZ/7o4JzpodfroQ= github.com/containerd/errdefs v0.1.0 h1:m0wCRBiu1WJT/Fr+iOoQHMQS/eP5myQ8lCv4Dz5ZURM= @@ -149,8 +149,8 @@ github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= -github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg= -github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= +github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= +github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= From 2cfff27049d48ffb7a63d26cf0aadbfda564ba55 Mon Sep 17 00:00:00 2001 From: Akihiro Suda Date: Mon, 8 Apr 2024 16:58:23 +0900 Subject: [PATCH 10/18] update containerd (1.7.15) Signed-off-by: Akihiro Suda --- .github/workflows/test.yml | 24 ++++++++++++------------ Dockerfile | 2 +- 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 59955e8838..a17d60ed3d 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -77,11 +77,11 @@ jobs: # ubuntu-20.04: cgroup v1, ubuntu-22.04: cgroup v2 include: - ubuntu: 20.04 - containerd: v1.6.30 + containerd: v1.6.31 - ubuntu: 20.04 - containerd: v1.7.14 + containerd: v1.7.15 - ubuntu: 22.04 - containerd: v1.7.14 + containerd: v1.7.15 - ubuntu: 22.04 containerd: main env: @@ -113,7 +113,7 @@ jobs: # ubuntu-20.04: cgroup v1, ubuntu-22.04: cgroup v2 include: - ubuntu: 22.04 - containerd: v1.7.14 + containerd: v1.7.15 env: UBUNTU_VERSION: "${{ matrix.ubuntu }}" CONTAINERD_VERSION: "${{ matrix.containerd }}" @@ -157,15 +157,15 @@ jobs: # ubuntu-22.04: cgroup v1, ubuntu-22.04: cgroup v2 include: - ubuntu: 20.04 - containerd: v1.6.30 + containerd: v1.6.31 rootlesskit: v1.1.1 target: test-integration-rootless - ubuntu: 20.04 - containerd: v1.7.14 + containerd: v1.7.15 rootlesskit: v2.0.2 target: test-integration-rootless - ubuntu: 22.04 - containerd: v1.7.14 + containerd: v1.7.15 rootlesskit: v1.1.1 target: test-integration-rootless - ubuntu: 22.04 @@ -173,15 +173,15 @@ jobs: rootlesskit: v2.0.2 target: test-integration-rootless - ubuntu: 20.04 - containerd: v1.6.30 + containerd: v1.6.31 rootlesskit: v1.1.1 target: test-integration-rootless-port-slirp4netns - ubuntu: 20.04 - containerd: v1.7.14 + containerd: v1.7.15 rootlesskit: v2.0.2 target: test-integration-rootless-port-slirp4netns - ubuntu: 22.04 - containerd: v1.7.14 + containerd: v1.7.15 rootlesskit: v1.1.1 target: test-integration-rootless-port-slirp4netns - ubuntu: 22.04 @@ -275,7 +275,7 @@ jobs: - uses: actions/checkout@v4.1.2 with: repository: containerd/containerd - ref: v1.7.14 + ref: v1.7.15 path: containerd fetch-depth: 1 - name: "Set up CNI" @@ -283,7 +283,7 @@ jobs: run: GOPATH=$(go env GOPATH) script/setup/install-cni-windows - name: "Set up containerd" env: - ctrdVersion: 1.7.14 + ctrdVersion: 1.7.15 run: powershell hack/configure-windows-ci.ps1 # TODO: Run unit tests - name: "Run integration tests" diff --git a/Dockerfile b/Dockerfile index b42709b02b..4ff23963c3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -18,7 +18,7 @@ # TODO: verify commit hash # Basic deps -ARG CONTAINERD_VERSION=v1.7.14 +ARG CONTAINERD_VERSION=v1.7.15 ARG RUNC_VERSION=v1.1.12 ARG CNI_PLUGINS_VERSION=v1.4.1 From 2c446522cb4796129220d369f3021c0cbb3f3170 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 8 Apr 2024 07:59:29 +0000 Subject: [PATCH 11/18] build(deps): bump github.com/containerd/accelerated-container-image Bumps [github.com/containerd/accelerated-container-image](https://github.com/containerd/accelerated-container-image) from 1.0.4 to 1.1.2. - [Release notes](https://github.com/containerd/accelerated-container-image/releases) - [Commits](https://github.com/containerd/accelerated-container-image/compare/v1.0.4...v1.1.2) --- updated-dependencies: - dependency-name: github.com/containerd/accelerated-container-image dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 4 ++-- go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index 705c561034..a754b26ef6 100644 --- a/go.mod +++ b/go.mod @@ -8,7 +8,7 @@ require ( github.com/Microsoft/hcsshim v0.12.2 github.com/awslabs/soci-snapshotter v0.4.1 github.com/compose-spec/compose-go v1.20.2 - github.com/containerd/accelerated-container-image v1.0.4 + github.com/containerd/accelerated-container-image v1.1.2 github.com/containerd/cgroups/v3 v3.0.3 github.com/containerd/console v1.0.4 github.com/containerd/containerd v1.7.15 @@ -76,7 +76,7 @@ require ( github.com/containerd/ttrpc v1.2.3 // indirect github.com/containerd/typeurl v1.0.3-0.20220422153119-7f6e6d160d67 // indirect github.com/containers/ocicrypt v1.1.10 // indirect - github.com/distribution/reference v0.5.0 // indirect + github.com/distribution/reference v0.6.0 // indirect github.com/djherbis/times v1.5.0 // indirect github.com/docker/docker-credential-helpers v0.7.0 // indirect github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c // indirect diff --git a/go.sum b/go.sum index 062c28e566..ac36a1a85d 100644 --- a/go.sum +++ b/go.sum @@ -28,8 +28,8 @@ github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDk github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= github.com/compose-spec/compose-go v1.20.2 h1:u/yfZHn4EaHGdidrZycWpxXgFffjYULlTbRfJ51ykjQ= github.com/compose-spec/compose-go v1.20.2/go.mod h1:+MdqXV4RA7wdFsahh/Kb8U0pAJqkg7mr4PM9tFKU8RM= -github.com/containerd/accelerated-container-image v1.0.4 h1:2WDo44n7ohyDeqkynC1C8BboaZrrIIICGdmunz0jCXs= -github.com/containerd/accelerated-container-image v1.0.4/go.mod h1:iPvBVzJWG0WbfBEGk4Ap+HLWPaUWnx4toLpVkBafIDI= +github.com/containerd/accelerated-container-image v1.1.2 h1:Gk+1aqi6DpMVPCFAFWAUZgeKzSQ8fEu+GiBLnS42rc4= +github.com/containerd/accelerated-container-image v1.1.2/go.mod h1:NcMeDHjzY1cH5E96knLx0QaGYHeUxe0z3zA2/8qh1IE= github.com/containerd/cgroups/v3 v3.0.3 h1:S5ByHZ/h9PMe5IOQoN7E+nMc2UcLEM/V48DGDJ9kip0= github.com/containerd/cgroups/v3 v3.0.3/go.mod h1:8HBe7V3aWGLFPd/k03swSIsGjZhHI2WzJmticMgVuz0= github.com/containerd/console v1.0.1/go.mod h1:XUsP6YE/mKtz6bxc+I8UiKKTP04qjQL4qcS3XoQ5xkw= @@ -85,8 +85,8 @@ github.com/cyphar/filepath-securejoin v0.2.4/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxG github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/distribution/reference v0.5.0 h1:/FUIFXtfc/x2gpa5/VGfiGLuOIdYa1t65IKK2OFGvA0= -github.com/distribution/reference v0.5.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E= +github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk= +github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E= github.com/djherbis/times v1.5.0 h1:79myA211VwPhFTqUk8xehWrsEO+zcIZj0zT8mXPVARU= github.com/djherbis/times v1.5.0/go.mod h1:5q7FDLvbNg1L/KaBmPcWlVR9NmoKo3+ucqUA3ijQhA0= github.com/docker/cli v26.0.0+incompatible h1:90BKrx1a1HKYpSnnBFR6AgDq/FqkHxwlUyzJVPxD30I= From f802ba87b47a6275d9ab1b87c39817da7c4d9406 Mon Sep 17 00:00:00 2001 From: Akihiro Suda Date: Mon, 8 Apr 2024 17:00:23 +0900 Subject: [PATCH 12/18] update bypass4netns (0.4.1) Signed-off-by: Akihiro Suda --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 4ff23963c3..8de873343b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -32,7 +32,7 @@ ARG IMGCRYPT_VERSION=v1.1.10 ARG ROOTLESSKIT_VERSION=v2.0.2 ARG SLIRP4NETNS_VERSION=v1.2.3 # Extra deps: bypass4netns -ARG BYPASS4NETNS_VERSION=v0.4.0 +ARG BYPASS4NETNS_VERSION=v0.4.1 # Extra deps: FUSE-OverlayFS ARG FUSE_OVERLAYFS_VERSION=v1.13 ARG CONTAINERD_FUSE_OVERLAYFS_VERSION=v1.0.8 From 62e031c66e0442cff48e232eb73cb8f994632f95 Mon Sep 17 00:00:00 2001 From: Akihiro Suda Date: Sat, 6 Apr 2024 06:14:25 +0900 Subject: [PATCH 13/18] bypass4netns: allow ignoring bind The bypass for bind can be disabled with the new annotation `nerdctl/bypass4netns-ignore-bind=true`. Depends on rootless-containers/bypass4netns PR 68 Signed-off-by: Akihiro Suda --- pkg/annotations/annotations.go | 6 +++++ pkg/bypass4netnsutil/bypass.go | 30 +++++++++++++++++------- pkg/bypass4netnsutil/bypass4netnsutil.go | 20 ++++++++++------ pkg/ocihook/ocihook.go | 12 ++++++---- 4 files changed, 47 insertions(+), 21 deletions(-) diff --git a/pkg/annotations/annotations.go b/pkg/annotations/annotations.go index e89648d7ab..97c1edd56e 100644 --- a/pkg/annotations/annotations.go +++ b/pkg/annotations/annotations.go @@ -29,10 +29,16 @@ const ( // Bypass4netnsIgnoreSubnets is a JSON of []string that is appended to // the `bypass4netns --ignore` list. Bypass4netnsIgnoreSubnets = Bypass4netns + "-ignore-subnets" + + // Bypass4netnsIgnoreBind disables acceleration for bind. + // Boolean value which can be parsed with strconv.ParseBool() is required. + Bypass4netnsIgnoreBind = Bypass4netns + "-ignore-bind" ) var ShellCompletions = []string{ Bypass4netns + "=true", Bypass4netns + "=false", Bypass4netnsIgnoreSubnets + "=", + Bypass4netnsIgnoreBind + "=true", + Bypass4netnsIgnoreBind + "=false", } diff --git a/pkg/bypass4netnsutil/bypass.go b/pkg/bypass4netnsutil/bypass.go index 0885350055..9e69952b70 100644 --- a/pkg/bypass4netnsutil/bypass.go +++ b/pkg/bypass4netnsutil/bypass.go @@ -35,6 +35,13 @@ func NewBypass4netnsCNIBypassManager(client client.Client, rlkClient rlkclient.C if client == nil || rlkClient == nil { return nil, errdefs.ErrInvalidArgument } + enabled, bindEnabled, err := IsBypass4netnsEnabled(annotationsMap) + if err != nil { + return nil, err + } + if !enabled { + return nil, errdefs.ErrInvalidArgument + } var ignoreSubnets []string if v := annotationsMap[annotations.Bypass4netnsIgnoreSubnets]; v != "" { if err := json.Unmarshal([]byte(v), &ignoreSubnets); err != nil { @@ -45,6 +52,7 @@ func NewBypass4netnsCNIBypassManager(client client.Client, rlkClient rlkclient.C Client: client, rlkClient: rlkClient, ignoreSubnets: ignoreSubnets, + ignoreBind: !bindEnabled, } return pm, nil } @@ -53,6 +61,7 @@ type Bypass4netnsCNIBypassManager struct { client.Client rlkClient rlkclient.Client ignoreSubnets []string + ignoreBind bool } func (b4nnm *Bypass4netnsCNIBypassManager) StartBypass(ctx context.Context, ports []gocni.PortMapping, id, stateDir string) error { @@ -84,17 +93,20 @@ func (b4nnm *Bypass4netnsCNIBypassManager) StartBypass(ctx context.Context, port LogFilePath: logFilePath, // "auto" can detect CNI CIDRs automatically IgnoreSubnets: append([]string{"127.0.0.0/8", rlkCIDR, "auto"}, b4nnm.ignoreSubnets...), + IgnoreBind: b4nnm.ignoreBind, } - portMap := []b4nnapi.PortSpec{} - for _, p := range ports { - portMap = append(portMap, b4nnapi.PortSpec{ - ParentIP: p.HostIP, - ParentPort: int(p.HostPort), - ChildPort: int(p.ContainerPort), - Protos: []string{p.Protocol}, - }) + if !b4nnm.ignoreBind { + portMap := []b4nnapi.PortSpec{} + for _, p := range ports { + portMap = append(portMap, b4nnapi.PortSpec{ + ParentIP: p.HostIP, + ParentPort: int(p.HostPort), + ChildPort: int(p.ContainerPort), + Protos: []string{p.Protocol}, + }) + } + spec.PortMapping = portMap } - spec.PortMapping = portMap _, err = b4nnm.BypassManager().StartBypass(ctx, spec) if err != nil { return err diff --git a/pkg/bypass4netnsutil/bypass4netnsutil.go b/pkg/bypass4netnsutil/bypass4netnsutil.go index 2dd0093a35..6ba7c383a7 100644 --- a/pkg/bypass4netnsutil/bypass4netnsutil.go +++ b/pkg/bypass4netnsutil/bypass4netnsutil.go @@ -133,15 +133,21 @@ func GetPidFilePathByID(id string) (string, error) { return socketPath, nil } -func IsBypass4netnsEnabled(annotationsMap map[string]string) (bool, error) { +func IsBypass4netnsEnabled(annotationsMap map[string]string) (enabled, bindEnabled bool, err error) { if b4nn, ok := annotationsMap[annotations.Bypass4netns]; ok { - b4nnEnable, err := strconv.ParseBool(b4nn) + enabled, err = strconv.ParseBool(b4nn) if err != nil { - return false, err + return + } + bindEnabled = enabled + if s, ok := annotationsMap[annotations.Bypass4netnsIgnoreBind]; ok { + var bindDisabled bool + bindDisabled, err = strconv.ParseBool(s) + if err != nil { + return + } + bindEnabled = !bindDisabled } - - return b4nnEnable, nil } - - return false, nil + return } diff --git a/pkg/ocihook/ocihook.go b/pkg/ocihook/ocihook.go index 7ce7238691..bed57eefb8 100644 --- a/pkg/ocihook/ocihook.go +++ b/pkg/ocihook/ocihook.go @@ -202,7 +202,7 @@ func newHandlerOpts(state *specs.State, dataStore, cniPath, cniNetconfPath strin if err != nil { return nil, err } - b4nnEnabled, err := bypass4netnsutil.IsBypass4netnsEnabled(o.state.Annotations) + b4nnEnabled, _, err := bypass4netnsutil.IsBypass4netnsEnabled(o.state.Annotations) if err != nil { return nil, err } @@ -438,7 +438,7 @@ func applyNetworkSettings(opts *handlerOpts) error { hsMeta.Networks[cniName] = cniResRaw[i] } - b4nnEnabled, err := bypass4netnsutil.IsBypass4netnsEnabled(opts.state.Annotations) + b4nnEnabled, b4nnBindEnabled, err := bypass4netnsutil.IsBypass4netnsEnabled(opts.state.Annotations) if err != nil { return err } @@ -457,7 +457,8 @@ func applyNetworkSettings(opts *handlerOpts) error { if err != nil { return fmt.Errorf("bypass4netnsd not running? (Hint: run `containerd-rootless-setuptool.sh install-bypass4netnsd`): %w", err) } - } else if len(opts.ports) > 0 { + } + if !b4nnBindEnabled && len(opts.ports) > 0 { if err := exposePortsRootless(ctx, opts.rootlessKitClient, opts.ports); err != nil { return fmt.Errorf("failed to expose ports in rootless mode: %s", err) } @@ -487,7 +488,7 @@ func onPostStop(opts *handlerOpts) error { ns := opts.state.Annotations[labels.Namespace] if opts.cni != nil { var err error - b4nnEnabled, err := bypass4netnsutil.IsBypass4netnsEnabled(opts.state.Annotations) + b4nnEnabled, b4nnBindEnabled, err := bypass4netnsutil.IsBypass4netnsEnabled(opts.state.Annotations) if err != nil { return err } @@ -501,7 +502,8 @@ func onPostStop(opts *handlerOpts) error { if err != nil { return err } - } else if len(opts.ports) > 0 { + } + if !b4nnBindEnabled && len(opts.ports) > 0 { if err := unexposePortsRootless(ctx, opts.rootlessKitClient, opts.ports); err != nil { return fmt.Errorf("failed to unexpose ports in rootless mode: %s", err) } From 0d75e34f67ab7cad82800876a6312b20d6e2ad03 Mon Sep 17 00:00:00 2001 From: "Paul \"TBBle\" Hampson" Date: Sat, 21 Oct 2023 18:51:15 +0900 Subject: [PATCH 14/18] Remove unused defaults.BuildKitHost Although it was being shown in the help output, the value was ignored in favour of auto-detection by getBuildkitHost, which could give different results anyway. Signed-off-by: Paul "TBBle" Hampson --- cmd/nerdctl/builder.go | 3 +-- cmd/nerdctl/builder_build.go | 3 +-- pkg/defaults/defaults_freebsd.go | 4 ---- pkg/defaults/defaults_linux.go | 12 ------------ pkg/defaults/defaults_windows.go | 5 ----- 5 files changed, 2 insertions(+), 25 deletions(-) diff --git a/cmd/nerdctl/builder.go b/cmd/nerdctl/builder.go index 595c068cfc..71a8b5a42d 100644 --- a/cmd/nerdctl/builder.go +++ b/cmd/nerdctl/builder.go @@ -24,7 +24,6 @@ import ( "github.com/containerd/log" "github.com/containerd/nerdctl/v2/pkg/buildkitutil" - "github.com/containerd/nerdctl/v2/pkg/defaults" "github.com/spf13/cobra" ) @@ -56,7 +55,7 @@ func newBuilderPruneCommand() *cobra.Command { SilenceErrors: true, } - AddStringFlag(buildPruneCommand, "buildkit-host", nil, defaults.BuildKitHost(), "BUILDKIT_HOST", "BuildKit address") + AddStringFlag(buildPruneCommand, "buildkit-host", nil, "", "BUILDKIT_HOST", "BuildKit address") return buildPruneCommand } diff --git a/cmd/nerdctl/builder_build.go b/cmd/nerdctl/builder_build.go index 9b060cbbe0..47cc31f7ff 100644 --- a/cmd/nerdctl/builder_build.go +++ b/cmd/nerdctl/builder_build.go @@ -27,7 +27,6 @@ import ( "github.com/containerd/nerdctl/v2/pkg/buildkitutil" "github.com/containerd/nerdctl/v2/pkg/clientutil" "github.com/containerd/nerdctl/v2/pkg/cmd/builder" - "github.com/containerd/nerdctl/v2/pkg/defaults" "github.com/containerd/nerdctl/v2/pkg/strutil" "github.com/spf13/cobra" @@ -43,7 +42,7 @@ If Dockerfile is not present and -f is not specified, it will look for Container SilenceUsage: true, SilenceErrors: true, } - AddStringFlag(buildCommand, "buildkit-host", nil, defaults.BuildKitHost(), "BUILDKIT_HOST", "BuildKit address") + AddStringFlag(buildCommand, "buildkit-host", nil, "", "BUILDKIT_HOST", "BuildKit address") buildCommand.Flags().StringArrayP("tag", "t", nil, "Name and optionally a tag in the 'name:tag' format") buildCommand.Flags().StringP("file", "f", "", "Name of the Dockerfile") buildCommand.Flags().String("target", "", "Set the target build stage to build") diff --git a/pkg/defaults/defaults_freebsd.go b/pkg/defaults/defaults_freebsd.go index ec5f3e8421..8c165353b8 100644 --- a/pkg/defaults/defaults_freebsd.go +++ b/pkg/defaults/defaults_freebsd.go @@ -43,10 +43,6 @@ func CNIRuntimeDir() string { return "/run/cni" } -func BuildKitHost() string { - return "unix:///run/buildkit/buildkitd.sock" -} - func CgroupManager() string { return "" } diff --git a/pkg/defaults/defaults_linux.go b/pkg/defaults/defaults_linux.go index 13dbf9c9dd..6b30aca67a 100644 --- a/pkg/defaults/defaults_linux.go +++ b/pkg/defaults/defaults_linux.go @@ -99,18 +99,6 @@ func CNIRuntimeDir() string { return fmt.Sprintf("%s/cni", xdr) } -func BuildKitHost() string { - if !rootlessutil.IsRootless() { - return "unix:///run/buildkit/buildkitd.sock" - } - xdr, err := rootlessutil.XDGRuntimeDir() - if err != nil { - log.L.Warn(err) - xdr = fmt.Sprintf("/run/user/%d", rootlessutil.ParentEUID()) - } - return fmt.Sprintf("unix://%s/buildkit/buildkitd.sock", xdr) -} - func NerdctlTOML() string { if !rootlessutil.IsRootless() { return "/etc/nerdctl/nerdctl.toml" diff --git a/pkg/defaults/defaults_windows.go b/pkg/defaults/defaults_windows.go index 7adcce3fc9..65d74d2c8b 100644 --- a/pkg/defaults/defaults_windows.go +++ b/pkg/defaults/defaults_windows.go @@ -17,7 +17,6 @@ package defaults import ( - "fmt" "os" "path/filepath" ) @@ -44,10 +43,6 @@ func CNIRuntimeDir() string { return "" } -func BuildKitHost() string { - return fmt.Sprint("\\\\.\\pipe\\buildkit") -} - func IsSystemdAvailable() bool { return false } From 6e6aa4a9bb57cf79b03eceffbe446c2514b52458 Mon Sep 17 00:00:00 2001 From: "Paul \"TBBle\" Hampson" Date: Sun, 22 Oct 2023 12:12:32 +0900 Subject: [PATCH 15/18] Enable building on Windows hosts This of course requires functional BuildKit for Windows. Signed-off-by: Paul "TBBle" Hampson --- pkg/buildkitutil/buildkitutil.go | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/pkg/buildkitutil/buildkitutil.go b/pkg/buildkitutil/buildkitutil.go index 2f72f8c1ff..431416856b 100644 --- a/pkg/buildkitutil/buildkitutil.go +++ b/pkg/buildkitutil/buildkitutil.go @@ -34,6 +34,7 @@ import ( "os/exec" "path/filepath" "runtime" + "strings" "github.com/containerd/log" "github.com/containerd/nerdctl/v2/pkg/rootlessutil" @@ -143,9 +144,21 @@ func PingBKDaemon(buildkitHost string) error { return nil } +// contains open-codes slices.Contains (without generics) from Go 1.21. +// TODO: Replace once Go 1.21 is the minimum supported compiler. +func contains(haystack []string, needle string) bool { + for i := range haystack { + if needle == haystack[i] { + return true + } + } + return false +} + func pingBKDaemon(buildkitHost string) (output string, _ error) { - if runtime.GOOS != "linux" && runtime.GOOS != "freebsd" { - return "", errors.New("only linux and freebsd are supported") + supportedOses := []string{"linux", "freebsd", "windows"} + if !contains(supportedOses, runtime.GOOS) { + return "", fmt.Errorf("only %s are supported", strings.Join(supportedOses, ", ")) } buildctlBinary, err := BuildctlBinary() if err != nil { From 5fac99b3eb32b2812dc034bb0f30170b61765741 Mon Sep 17 00:00:00 2001 From: "Paul \"TBBle\" Hampson" Date: Sun, 22 Oct 2023 12:33:45 +0900 Subject: [PATCH 16/18] Implement autodetection of Windows buildkitd socket Buildkit on Windows doesn't support rootless mode, and doesn't put the namespace into the pipe name currently, so the Windows version is near-trivial. This also corrects the autodetection path on FreeBSD to start in /var/run instead of current Linux FHS's /run, and doesn't bother trying to support Rootless mode and related path guessing on FreeBSD. Signed-off-by: Paul "TBBle" Hampson --- pkg/buildkitutil/buildkitutil.go | 28 +++++------------ pkg/buildkitutil/buildkitutil_freebsd.go | 22 +++++++++++++ pkg/buildkitutil/buildkitutil_linux.go | 39 ++++++++++++++++++++++++ pkg/buildkitutil/buildkitutil_unix.go | 39 ++++++++++++++++++++++++ pkg/buildkitutil/buildkitutil_windows.go | 21 +++++++++++++ 5 files changed, 128 insertions(+), 21 deletions(-) create mode 100644 pkg/buildkitutil/buildkitutil_freebsd.go create mode 100644 pkg/buildkitutil/buildkitutil_linux.go create mode 100644 pkg/buildkitutil/buildkitutil_unix.go create mode 100644 pkg/buildkitutil/buildkitutil_windows.go diff --git a/pkg/buildkitutil/buildkitutil.go b/pkg/buildkitutil/buildkitutil.go index 431416856b..9004892ae8 100644 --- a/pkg/buildkitutil/buildkitutil.go +++ b/pkg/buildkitutil/buildkitutil.go @@ -57,28 +57,14 @@ func BuildctlBaseArgs(buildkitHost string) []string { } func GetBuildkitHost(namespace string) (string, error) { - if namespace == "" { - return "", fmt.Errorf("namespace must be specified") - } - // Try candidate locations of the current containerd namespace. - run := "/run/" - if rootlessutil.IsRootless() { - var err error - run, err = rootlessutil.XDGRuntimeDir() - if err != nil { - log.L.Warn(err) - run = fmt.Sprintf("/run/user/%d", rootlessutil.ParentEUID()) - } - } - var hostRel []string - if namespace != "default" { - hostRel = append(hostRel, fmt.Sprintf("buildkit-%s/buildkitd.sock", namespace)) + paths, err := getBuildkitHostCandidates(namespace) + if err != nil { + return "", err } - hostRel = append(hostRel, "buildkit-default/buildkitd.sock", "buildkit/buildkitd.sock") + var errs []error //nolint:prealloc - for _, p := range hostRel { - log.L.Debugf("Choosing the buildkit host %q, candidates=%v (in %q)", p, hostRel, run) - buildkitHost := "unix://" + filepath.Join(run, p) + for _, buildkitHost := range paths { + log.L.Debugf("Choosing the buildkit host %q, candidates=%v", buildkitHost, paths) _, err := pingBKDaemon(buildkitHost) if err == nil { log.L.Debugf("Chosen buildkit host %q", buildkitHost) @@ -88,7 +74,7 @@ func GetBuildkitHost(namespace string) (string, error) { } allErr := errors.Join(errs...) log.L.WithError(allErr).Error(getHint()) - return "", fmt.Errorf("no buildkit host is available, tried %d candidates: %w", len(hostRel), allErr) + return "", fmt.Errorf("no buildkit host is available, tried %d candidates: %w", len(paths), allErr) } func GetWorkerLabels(buildkitHost string) (labels map[string]string, _ error) { diff --git a/pkg/buildkitutil/buildkitutil_freebsd.go b/pkg/buildkitutil/buildkitutil_freebsd.go new file mode 100644 index 0000000000..adaec5e42e --- /dev/null +++ b/pkg/buildkitutil/buildkitutil_freebsd.go @@ -0,0 +1,22 @@ +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package buildkitutil + +func getRuntimeVariableDataDir() string { + // Per hier(7) dated July 6, 2023. + return "/var/run" +} diff --git a/pkg/buildkitutil/buildkitutil_linux.go b/pkg/buildkitutil/buildkitutil_linux.go new file mode 100644 index 0000000000..55740a29af --- /dev/null +++ b/pkg/buildkitutil/buildkitutil_linux.go @@ -0,0 +1,39 @@ +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package buildkitutil + +import ( + "fmt" + + "github.com/containerd/log" + "github.com/containerd/nerdctl/v2/pkg/rootlessutil" +) + +func getRuntimeVariableDataDir() string { + // Per Linux Foundation "Filesystem Hierarchy Standard" version 3.0 section 3.15. + // Under version 2.3, this was "/var/run". + run := "/run" + if rootlessutil.IsRootless() { + var err error + run, err = rootlessutil.XDGRuntimeDir() + if err != nil { + log.L.Warn(err) + run = fmt.Sprintf("/run/user/%d", rootlessutil.ParentEUID()) + } + } + return run +} diff --git a/pkg/buildkitutil/buildkitutil_unix.go b/pkg/buildkitutil/buildkitutil_unix.go new file mode 100644 index 0000000000..521504992d --- /dev/null +++ b/pkg/buildkitutil/buildkitutil_unix.go @@ -0,0 +1,39 @@ +//go:build freebsd || linux + +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package buildkitutil + +import ( + "fmt" + "path/filepath" +) + +func getBuildkitHostCandidates(namespace string) ([]string, error) { + if namespace == "" { + return []string{}, fmt.Errorf("namespace must be specified") + } + // Try candidate locations of the current containerd namespace. + run := getRuntimeVariableDataDir() + var candidates []string + if namespace != "default" { + candidates = append(candidates, "unix://"+filepath.Join(run, fmt.Sprintf("buildkit-%s/buildkitd.sock", namespace))) + } + candidates = append(candidates, "unix://"+filepath.Join(run, "buildkit-default/buildkitd.sock"), "unix://"+filepath.Join(run, "buildkit/buildkitd.sock")) + + return candidates, nil +} diff --git a/pkg/buildkitutil/buildkitutil_windows.go b/pkg/buildkitutil/buildkitutil_windows.go new file mode 100644 index 0000000000..dd38470c06 --- /dev/null +++ b/pkg/buildkitutil/buildkitutil_windows.go @@ -0,0 +1,21 @@ +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package buildkitutil + +func getBuildkitHostCandidates(namespace string) ([]string, error) { + return []string{"npipe:////./pipe/buildkitd"}, nil +} From b5117a2357829a7ae419753bbf4285c1ee221dc7 Mon Sep 17 00:00:00 2001 From: "Paul \"TBBle\" Hampson" Date: Tue, 27 Feb 2024 20:05:01 +0900 Subject: [PATCH 17/18] Rationalise build constraints for Go 1.19 onwards This mostly involves replacing anything that was trying to be "Not Windows" with the new-in-Go-1.19 "unix" build-constraint. Effectively, anything that contained both "linux" and "freebsd" but not "windows", or excluded only "windows", is now "unix". A couple of needless constraints were removed when the filenames already carried the appropriate constraint. A handful of files were renamed, so that now "unix"-suffixed files all use the "unix" constraint, and "other" is used when the constraint is more-complex, for "no specific implementation" cases. Signed-off-by: Paul "TBBle" Hampson --- cmd/nerdctl/container_top_unix_test.go | 2 +- cmd/nerdctl/main_unix.go | 2 +- cmd/nerdctl/network_create_unix.go | 2 +- pkg/buildkitutil/buildkitutil_unix.go | 2 +- pkg/cioutil/container_io_unix.go | 2 +- pkg/cioutil/container_io_windows.go | 2 -- pkg/cmd/container/top_unix.go | 2 +- pkg/cmd/login/login_unix.go | 2 +- pkg/consoleutil/consoleutil_unix.go | 2 +- pkg/containerutil/container_network_manager_other.go | 2 +- pkg/infoutil/infoutil_unix.go | 2 +- pkg/infoutil/infoutil_unix_test.go | 2 +- pkg/ipcutil/ipcutil_linux.go | 2 -- pkg/ipcutil/{ipcutil_unix.go => ipcutil_other.go} | 2 +- pkg/lockutil/lockutil_unix.go | 2 +- pkg/mountutil/{mountutil_other.go => mountutil_unix.go} | 2 +- pkg/mountutil/mountutil_windows.go | 2 -- pkg/netutil/cni_plugin_unix.go | 2 +- pkg/netutil/netutil_linux_test.go | 2 -- pkg/netutil/netutil_unix.go | 2 +- pkg/netutil/netutil_unix_test.go | 2 +- pkg/netutil/netutil_windows_test.go | 2 -- .../{port_allocate_others.go => port_allocate_other.go} | 0 pkg/signalutil/{signals_notlinux.go => signals_other.go} | 0 pkg/systemutil/socket_unix.go | 2 +- 25 files changed, 18 insertions(+), 28 deletions(-) rename pkg/ipcutil/{ipcutil_unix.go => ipcutil_other.go} (97%) rename pkg/mountutil/{mountutil_other.go => mountutil_unix.go} (98%) rename pkg/portutil/{port_allocate_others.go => port_allocate_other.go} (100%) rename pkg/signalutil/{signals_notlinux.go => signals_other.go} (100%) diff --git a/cmd/nerdctl/container_top_unix_test.go b/cmd/nerdctl/container_top_unix_test.go index 45b39f2a64..3e22f6f11d 100644 --- a/cmd/nerdctl/container_top_unix_test.go +++ b/cmd/nerdctl/container_top_unix_test.go @@ -1,4 +1,4 @@ -//go:build linux || darwin || freebsd || netbsd || openbsd +//go:build unix /* Copyright The containerd Authors. diff --git a/cmd/nerdctl/main_unix.go b/cmd/nerdctl/main_unix.go index eea216ee90..d804550fd1 100644 --- a/cmd/nerdctl/main_unix.go +++ b/cmd/nerdctl/main_unix.go @@ -1,4 +1,4 @@ -//go:build freebsd || linux +//go:build unix /* Copyright The containerd Authors. diff --git a/cmd/nerdctl/network_create_unix.go b/cmd/nerdctl/network_create_unix.go index 298030ba5b..5abc60accc 100644 --- a/cmd/nerdctl/network_create_unix.go +++ b/cmd/nerdctl/network_create_unix.go @@ -1,4 +1,4 @@ -//go:build freebsd || linux +//go:build unix /* Copyright The containerd Authors. diff --git a/pkg/buildkitutil/buildkitutil_unix.go b/pkg/buildkitutil/buildkitutil_unix.go index 521504992d..5c5498d3aa 100644 --- a/pkg/buildkitutil/buildkitutil_unix.go +++ b/pkg/buildkitutil/buildkitutil_unix.go @@ -1,4 +1,4 @@ -//go:build freebsd || linux +//go:build unix /* Copyright The containerd Authors. diff --git a/pkg/cioutil/container_io_unix.go b/pkg/cioutil/container_io_unix.go index fd0632c378..1749a018c9 100644 --- a/pkg/cioutil/container_io_unix.go +++ b/pkg/cioutil/container_io_unix.go @@ -1,4 +1,4 @@ -//go:build !windows +//go:build unix /* Copyright The containerd Authors. diff --git a/pkg/cioutil/container_io_windows.go b/pkg/cioutil/container_io_windows.go index ac1c09625b..6dde42f12a 100644 --- a/pkg/cioutil/container_io_windows.go +++ b/pkg/cioutil/container_io_windows.go @@ -1,5 +1,3 @@ -//go:build windows - /* Copyright The containerd Authors. diff --git a/pkg/cmd/container/top_unix.go b/pkg/cmd/container/top_unix.go index 6281c23e07..e5f04ef60d 100644 --- a/pkg/cmd/container/top_unix.go +++ b/pkg/cmd/container/top_unix.go @@ -1,4 +1,4 @@ -//go:build linux || darwin || freebsd || netbsd || openbsd +//go:build unix /* Copyright The containerd Authors. diff --git a/pkg/cmd/login/login_unix.go b/pkg/cmd/login/login_unix.go index ee536be172..c1eec8fdf0 100644 --- a/pkg/cmd/login/login_unix.go +++ b/pkg/cmd/login/login_unix.go @@ -1,4 +1,4 @@ -//go:build freebsd || linux +//go:build unix /* Copyright The containerd Authors. diff --git a/pkg/consoleutil/consoleutil_unix.go b/pkg/consoleutil/consoleutil_unix.go index 49cea373bb..6ffd0cc4dd 100644 --- a/pkg/consoleutil/consoleutil_unix.go +++ b/pkg/consoleutil/consoleutil_unix.go @@ -1,4 +1,4 @@ -//go:build !windows +//go:build unix /* Copyright The containerd Authors. diff --git a/pkg/containerutil/container_network_manager_other.go b/pkg/containerutil/container_network_manager_other.go index 914a3553c1..1dabe5e642 100644 --- a/pkg/containerutil/container_network_manager_other.go +++ b/pkg/containerutil/container_network_manager_other.go @@ -1,4 +1,4 @@ -//go:build darwin || freebsd || netbsd || openbsd +//go:build !(linux || windows) /* Copyright The containerd Authors. diff --git a/pkg/infoutil/infoutil_unix.go b/pkg/infoutil/infoutil_unix.go index e49f27e5e0..782a17537f 100644 --- a/pkg/infoutil/infoutil_unix.go +++ b/pkg/infoutil/infoutil_unix.go @@ -1,4 +1,4 @@ -//go:build freebsd || linux +//go:build unix /* Copyright The containerd Authors. diff --git a/pkg/infoutil/infoutil_unix_test.go b/pkg/infoutil/infoutil_unix_test.go index 47067a8d1f..208aedbafd 100644 --- a/pkg/infoutil/infoutil_unix_test.go +++ b/pkg/infoutil/infoutil_unix_test.go @@ -1,4 +1,4 @@ -//go:build freebsd || linux +//go:build unix /* Copyright The containerd Authors. diff --git a/pkg/ipcutil/ipcutil_linux.go b/pkg/ipcutil/ipcutil_linux.go index 1c676abb02..0d1b9f6cbc 100644 --- a/pkg/ipcutil/ipcutil_linux.go +++ b/pkg/ipcutil/ipcutil_linux.go @@ -1,5 +1,3 @@ -//go:build linux - /* Copyright The containerd Authors. diff --git a/pkg/ipcutil/ipcutil_unix.go b/pkg/ipcutil/ipcutil_other.go similarity index 97% rename from pkg/ipcutil/ipcutil_unix.go rename to pkg/ipcutil/ipcutil_other.go index c5664fc273..a4c25963cc 100644 --- a/pkg/ipcutil/ipcutil_unix.go +++ b/pkg/ipcutil/ipcutil_other.go @@ -1,4 +1,4 @@ -//go:build freebsd +//go:build !(linux || windows) /* Copyright The containerd Authors. diff --git a/pkg/lockutil/lockutil_unix.go b/pkg/lockutil/lockutil_unix.go index dbabcbc9b0..64e9867b04 100644 --- a/pkg/lockutil/lockutil_unix.go +++ b/pkg/lockutil/lockutil_unix.go @@ -1,4 +1,4 @@ -//go:build freebsd || linux +//go:build unix /* Copyright The containerd Authors. diff --git a/pkg/mountutil/mountutil_other.go b/pkg/mountutil/mountutil_unix.go similarity index 98% rename from pkg/mountutil/mountutil_other.go rename to pkg/mountutil/mountutil_unix.go index eed4431382..5bf7e4d242 100644 --- a/pkg/mountutil/mountutil_other.go +++ b/pkg/mountutil/mountutil_unix.go @@ -1,4 +1,4 @@ -//go:build !windows +//go:build unix /* Copyright The containerd Authors. diff --git a/pkg/mountutil/mountutil_windows.go b/pkg/mountutil/mountutil_windows.go index eee76ba40b..7d9ff96534 100644 --- a/pkg/mountutil/mountutil_windows.go +++ b/pkg/mountutil/mountutil_windows.go @@ -1,5 +1,3 @@ -//go:build windows - /* Copyright The containerd Authors. diff --git a/pkg/netutil/cni_plugin_unix.go b/pkg/netutil/cni_plugin_unix.go index 2a0233860f..cdbb0221b8 100644 --- a/pkg/netutil/cni_plugin_unix.go +++ b/pkg/netutil/cni_plugin_unix.go @@ -1,4 +1,4 @@ -//go:build freebsd || linux +//go:build unix /* Copyright The containerd Authors. diff --git a/pkg/netutil/netutil_linux_test.go b/pkg/netutil/netutil_linux_test.go index 1f64dbbd5a..4e370baba9 100644 --- a/pkg/netutil/netutil_linux_test.go +++ b/pkg/netutil/netutil_linux_test.go @@ -1,5 +1,3 @@ -//go:build linux - /* Copyright The containerd Authors. diff --git a/pkg/netutil/netutil_unix.go b/pkg/netutil/netutil_unix.go index 12c39df982..f5315028f0 100644 --- a/pkg/netutil/netutil_unix.go +++ b/pkg/netutil/netutil_unix.go @@ -1,4 +1,4 @@ -//go:build freebsd || linux +//go:build unix /* Copyright The containerd Authors. diff --git a/pkg/netutil/netutil_unix_test.go b/pkg/netutil/netutil_unix_test.go index 4d9acc7cb9..5a2d66d445 100644 --- a/pkg/netutil/netutil_unix_test.go +++ b/pkg/netutil/netutil_unix_test.go @@ -1,4 +1,4 @@ -//go:build freebsd || linux +//go:build unix /* Copyright The containerd Authors. diff --git a/pkg/netutil/netutil_windows_test.go b/pkg/netutil/netutil_windows_test.go index 7545230848..eb26eef944 100644 --- a/pkg/netutil/netutil_windows_test.go +++ b/pkg/netutil/netutil_windows_test.go @@ -1,5 +1,3 @@ -//go:build windows - /* Copyright The containerd Authors. diff --git a/pkg/portutil/port_allocate_others.go b/pkg/portutil/port_allocate_other.go similarity index 100% rename from pkg/portutil/port_allocate_others.go rename to pkg/portutil/port_allocate_other.go diff --git a/pkg/signalutil/signals_notlinux.go b/pkg/signalutil/signals_other.go similarity index 100% rename from pkg/signalutil/signals_notlinux.go rename to pkg/signalutil/signals_other.go diff --git a/pkg/systemutil/socket_unix.go b/pkg/systemutil/socket_unix.go index b8e2f1e690..6d41bab69b 100644 --- a/pkg/systemutil/socket_unix.go +++ b/pkg/systemutil/socket_unix.go @@ -1,4 +1,4 @@ -//go:build freebsd || linux +//go:build unix /* Copyright The containerd Authors. From 46acf060e17e052e67ce620a15efd3447f7181db Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 8 Apr 2024 12:11:55 +0000 Subject: [PATCH 18/18] build(deps): bump github.com/rootless-containers/bypass4netns Bumps [github.com/rootless-containers/bypass4netns](https://github.com/rootless-containers/bypass4netns) from 0.4.0 to 0.4.1. - [Commits](https://github.com/rootless-containers/bypass4netns/compare/v0.4.0...v0.4.1) --- updated-dependencies: - dependency-name: github.com/rootless-containers/bypass4netns dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index a754b26ef6..84e8ee8926 100644 --- a/go.mod +++ b/go.mod @@ -46,7 +46,7 @@ require ( github.com/opencontainers/image-spec v1.1.0 github.com/opencontainers/runtime-spec v1.2.0 github.com/pelletier/go-toml/v2 v2.2.0 - github.com/rootless-containers/bypass4netns v0.4.0 + github.com/rootless-containers/bypass4netns v0.4.1 github.com/rootless-containers/rootlesskit/v2 v2.0.2 github.com/spf13/cobra v1.8.0 github.com/spf13/pflag v1.0.5 diff --git a/go.sum b/go.sum index ac36a1a85d..73c392f254 100644 --- a/go.sum +++ b/go.sum @@ -279,8 +279,8 @@ github.com/prometheus/procfs v0.11.1 h1:xRC8Iq1yyca5ypa9n1EZnWZkt7dwcoRPQwX/5gwa github.com/prometheus/procfs v0.11.1/go.mod h1:eesXgaPo1q7lBpVMoMy0ZOFTth9hBn4W/y0/p/ScXhY= github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ= github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog= -github.com/rootless-containers/bypass4netns v0.4.0 h1:7pcI4XWnOMQkgCsPKMXxMzQKhZUjaQ8J1n+eIYiHS0Y= -github.com/rootless-containers/bypass4netns v0.4.0/go.mod h1:RPNWMSRT951DMtq9Xv72IZoJPWFeJL6Wg5pF79Lkano= +github.com/rootless-containers/bypass4netns v0.4.1 h1:zyYM1uSG7/prAphD2vlJvx/MEKK91EjD2XaefGx5PKA= +github.com/rootless-containers/bypass4netns v0.4.1/go.mod h1:slu3ygwy1x6ey78oBTNs7lpymyEimLBYoXOG76b+Q+Y= github.com/rootless-containers/rootlesskit/v2 v2.0.2 h1:wztWcDYFlk+EVAUuPJwlNMFXZIk1G14T45lv47WWGuA= github.com/rootless-containers/rootlesskit/v2 v2.0.2/go.mod h1:hE+ztevrQxNi+tdZyPKumzDk7VKDAf0E4seOzlOyBsY= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=