diff --git a/kubernetes/containerd/debian/README.txt b/kubernetes/containerd/debian/README.txt new file mode 100644 index 000000000..33b366ebf --- /dev/null +++ b/kubernetes/containerd/debian/README.txt @@ -0,0 +1,26 @@ +The containerd.service file and config.toml were pulled in +from the upstream Debian package +containerd_1.6.20~ds1-1+b1_amd64.deb downloaded from +http://ftp.ca.debian.org/debian/pool/main/c/containerd/ + +The config.toml file is identical to what we were using previously +with the older version of containerd, and is unchanged in the +newer version of the package. It will get overwritten by +ansible/puppet anyways during system bringup. + +The containerd.service file is identical to the version from +the containerd github source tag "v1.6.21" except that the +containerd binary is in /usr/bin/ instead of /usr/local/bin. +The only difference from what we had before is that LimitNOFILE +is now set to "infinity" to align with both Debian and containerd +upstream. + +The binaries that get pulled in at build time are from the +containerd upstream binary release +containerd-1.6.21-linux-amd64.tar.gz downloaded from +https://github.com/containerd/containerd/releases/tag/v1.6.21 + +The rationale for using the upstream binaries rather than the +Debian "bookworm" package is that the Debian package requires +a lot of other dependencies including newer glibc and python3, +which would be too intrusive for our purposes. diff --git a/kubernetes/containerd/debian/deb_folder/changelog b/kubernetes/containerd/debian/deb_folder/changelog new file mode 100644 index 000000000..79c135e59 --- /dev/null +++ b/kubernetes/containerd/debian/deb_folder/changelog @@ -0,0 +1,3 @@ +containerd (1.6.21) stable; urgency=medium + * Initial release using binaries from upstream containerd package + -- Chris Friesen Mon, 15 May 2023 14:13:58 -0600 diff --git a/kubernetes/containerd/debian/deb_folder/containerd.install b/kubernetes/containerd/debian/deb_folder/containerd.install old mode 100755 new mode 100644 index b0f0ed4a8..570cfef6a --- a/kubernetes/containerd/debian/deb_folder/containerd.install +++ b/kubernetes/containerd/debian/deb_folder/containerd.install @@ -1,6 +1,6 @@ -usr/bin -debian/config.toml /etc/containerd/ -debian/bash-completion/ctr /usr/share/bash-completion/completions/ -debian/zsh-completion/_ctr /usr/share/zsh/vendor-completions/ -usr/local/sbin -k8s-container-cleanup.sh usr/local/sbin/ +containerd usr/bin +containerd-* usr/bin +ctr usr/bin +config.toml etc/containerd/ +k8s-container-cleanup.sh usr/sbin +containerd.service lib/systemd/system/ diff --git a/kubernetes/containerd/debian/deb_folder/containerd.links b/kubernetes/containerd/debian/deb_folder/containerd.links deleted file mode 100644 index 0b85069a0..000000000 --- a/kubernetes/containerd/debian/deb_folder/containerd.links +++ /dev/null @@ -1,4 +0,0 @@ -/usr/bin/containerd /usr/local/bin/containerd - -# file renaming can be done with dh-exec, this is a simpler workaround -/usr/local/sbin/k8s-container-cleanup.sh /usr/local/sbin/k8s-container-cleanup diff --git a/kubernetes/containerd/debian/deb_folder/containerd.lintian-overrides b/kubernetes/containerd/debian/deb_folder/containerd.lintian-overrides deleted file mode 100644 index 184f14509..000000000 --- a/kubernetes/containerd/debian/deb_folder/containerd.lintian-overrides +++ /dev/null @@ -1,2 +0,0 @@ -file-in-usr-local -dir-in-usr-local diff --git a/kubernetes/containerd/debian/deb_folder/control b/kubernetes/containerd/debian/deb_folder/control new file mode 100644 index 000000000..d629482af --- /dev/null +++ b/kubernetes/containerd/debian/deb_folder/control @@ -0,0 +1,26 @@ +Source: containerd +Section: admin +Priority: optional +Maintainer: StarlingX Developers +Build-Depends: debhelper-compat (= 13), + build-info-dev +Standards-Version: 4.4.1 +Homepage: https://containerd.io/ + +Package: containerd +Architecture: linux-any +Depends: runc (>= 0.1.0~), + ${misc:Depends}, + ${shlibs:Depends}, +Description: open and reliable container runtime + Containerd is an industry-standard container runtime with an emphasis on + simplicity, robustness and portability. It is available as a daemon for + Linux and Windows, which can manage the complete container life cycle of + its host system: image transfer and storage, container execution and + supervision, low-level storage and network attachments, etc. + . + Containerd is designed to be embedded into a larger system, rather than + being used directly by developers or end-users. + . + This package contains the binaries. + diff --git a/kubernetes/containerd/debian/deb_folder/copyright b/kubernetes/containerd/debian/deb_folder/copyright new file mode 100644 index 000000000..c5e88da38 --- /dev/null +++ b/kubernetes/containerd/debian/deb_folder/copyright @@ -0,0 +1,33 @@ +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: containerd +Source: https://github.com/containerd/containerd + +Files: * +License: Apache-2.0 + +Files: files/* +Copyright: 2016 Tianon Gravi + 2019 Shengjing Zhu +License: Apache-2.0 + +Files: files/k8s-container-cleanup.sh +Copyright: 2022, Wind River Systems, Inc. +License: Apache-2.0 + +License: Apache-2.0 + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + . + http://www.apache.org/licenses/LICENSE-2.0 + . + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + . + On Debian systems, the complete text of the Apache version 2.0 license + can be found in "/usr/share/common-licenses/Apache-2.0". + + diff --git a/kubernetes/containerd/debian/deb_folder/rules b/kubernetes/containerd/debian/deb_folder/rules index 7b083e44f..85184020b 100755 --- a/kubernetes/containerd/debian/deb_folder/rules +++ b/kubernetes/containerd/debian/deb_folder/rules @@ -1,62 +1,8 @@ #!/usr/bin/make -f - -# -# Copyright (c) 2022 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# - -# This file based from upstream containerd_1.4.12/debian/rules, -# modified to install k8s-container-cleanup.sh to /usr/local/sbin. - -DEBIAN_BUILDDIR := $(CURDIR)/debian/tmp - -include /usr/share/dpkg/default.mk - -PKG := github.com/containerd/containerd -TAGS := seccomp apparmor -GO_LDFLAGS += -X $(PKG)/version.Version=$(DEB_VERSION_UPSTREAM) -GO_LDFLAGS += -X $(PKG)/version.Revision=$(DEB_VERSION) -EXCLUDES += cmd/protoc-gen-gogoctrd cmd/containerd-stress -EXCLUDES += runtime/v2/example/cmd -CRI_FILE += cmd/containerd/builtins_cri.go vendor/github.com/containerd/cri -CRI_FILE += vendor/k8s.io vendor/github.com/docker/docker -CRI_FILE += vendor/github.com/containerd/imgcrypt - -export DH_GOLANG_EXCLUDES := $(EXCLUDES) -export PATH := /usr/lib/go-1.17/bin:$(PATH) +# See debhelper(7) (uncomment to enable) +# output every command that modifies files on the build system. +export DH_VERBOSE = 1 %: - dh $@ --buildsystem=golang --with=golang --builddirectory=_build + dh $@ -# want dh_userlocal to do nothing since proper debian packages have -# only empty directories under /usr/local. -override_dh_usrlocal: - # Do Nothing - -override_dh_auto_build: - dh_auto_build -- -tags '$(TAGS)' -ldflags '$(GO_LDFLAGS)' - -execute_after_dh_auto_build: - mkdir -p man - make man/containerd-config.8 - make man/containerd-config.toml.5 - _build/bin/gen-manpages containerd.8 man - _build/bin/gen-manpages ctr.8 man - rm -vf _build/bin/gen-manpages - - sed 's|/usr/local/bin|/usr/bin|' containerd.service > debian/containerd.service - mkdir -vp debian/bash-completion - install -m644 -T /usr/share/gocode/src/github.com/urfave/cli/autocomplete/bash_autocomplete \ - debian/bash-completion/ctr - mkdir -vp debian/zsh-completion - sed 's|$$PROG|ctr|g' /usr/share/gocode/src/github.com/urfave/cli/autocomplete/zsh_autocomplete > \ - debian/zsh-completion/_ctr - -override_dh_auto_test: - dh_auto_test -- -tags '$(TAGS)' - -override_dh_auto_install: - DH_GOLANG_EXCLUDES="$(EXCLUDES) $(CRI_FILE)" dh_auto_install - install -d $(DEBIAN_BUILDDIR)/usr/local/sbin/ - install -m 755 -p -D k8s-container-cleanup.sh $(DEBIAN_BUILDDIR)/usr/local/sbin/ diff --git a/kubernetes/containerd/debian/deb_folder/source/format b/kubernetes/containerd/debian/deb_folder/source/format new file mode 100644 index 000000000..d3827e75a --- /dev/null +++ b/kubernetes/containerd/debian/deb_folder/source/format @@ -0,0 +1 @@ +1.0 diff --git a/kubernetes/containerd/debian/deb_patches/0001-Update-to-Go-1.17-due-to-containernetworking-plugins.patch b/kubernetes/containerd/debian/deb_patches/0001-Update-to-Go-1.17-due-to-containernetworking-plugins.patch deleted file mode 100644 index e56b3f815..000000000 --- a/kubernetes/containerd/debian/deb_patches/0001-Update-to-Go-1.17-due-to-containernetworking-plugins.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 5a09ae888e41a92bcb76c6d0ec5fe452fe0695bf Mon Sep 17 00:00:00 2001 -From: Yue Tao -Date: Tue, 18 Apr 2023 08:41:40 +0000 -Subject: [PATCH] Update to Go 1.17 due to containernetworking-plugins upgraded - to v1.2.0 - -Signed-off-by: Yue Tao ---- - debian/control | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/debian/control b/debian/control -index 57a3a9c..db17fb8 100644 ---- a/debian/control -+++ b/debian/control -@@ -8,7 +8,7 @@ Uploaders: Tianon Gravi , - Build-Depends: debhelper-compat (= 13), - dh-golang, - go-md2man, -- golang-any, -+ golang-1.17, - golang-github-burntsushi-toml-dev, - golang-github-containerd-btrfs-dev (>= 0.0~git20200117.1539353~), - golang-github-containerd-cgroups-dev (>= 0.0~git20200817.7a3c009~), --- -2.30.2 - diff --git a/kubernetes/containerd/debian/deb_patches/series b/kubernetes/containerd/debian/deb_patches/series deleted file mode 100644 index 3233de58d..000000000 --- a/kubernetes/containerd/debian/deb_patches/series +++ /dev/null @@ -1 +0,0 @@ -0001-Update-to-Go-1.17-due-to-containernetworking-plugins.patch diff --git a/kubernetes/containerd/debian/files/config.toml b/kubernetes/containerd/debian/files/config.toml new file mode 100644 index 000000000..1196bbd16 --- /dev/null +++ b/kubernetes/containerd/debian/files/config.toml @@ -0,0 +1,9 @@ +version = 2 + +[plugins] + [plugins."io.containerd.grpc.v1.cri"] + [plugins."io.containerd.grpc.v1.cri".cni] + bin_dir = "/usr/lib/cni" + conf_dir = "/etc/cni/net.d" + [plugins."io.containerd.internal.v1.opt"] + path = "/var/lib/containerd/opt" diff --git a/kubernetes/containerd/debian/files/containerd.service b/kubernetes/containerd/debian/files/containerd.service new file mode 100644 index 000000000..e1c80c118 --- /dev/null +++ b/kubernetes/containerd/debian/files/containerd.service @@ -0,0 +1,40 @@ +# Copyright The containerd Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +[Unit] +Description=containerd container runtime +Documentation=https://containerd.io +After=network.target local-fs.target + +[Service] +ExecStartPre=-/sbin/modprobe overlay +ExecStart=/usr/bin/containerd + +Type=notify +Delegate=yes +KillMode=process +Restart=always +RestartSec=5 +# Having non-zero Limit*s causes performance problems due to accounting overhead +# in the kernel. We recommend using cgroups to do container-local accounting. +LimitNPROC=infinity +LimitCORE=infinity +LimitNOFILE=infinity +# Comment TasksMax if your systemd version does not supports it. +# Only systemd 226 and above support this version. +TasksMax=infinity +OOMScoreAdjust=-999 + +[Install] +WantedBy=multi-user.target diff --git a/kubernetes/containerd/debian/meta_data.yaml b/kubernetes/containerd/debian/meta_data.yaml index e8ea8fd3b..eb6f85a6f 100644 --- a/kubernetes/containerd/debian/meta_data.yaml +++ b/kubernetes/containerd/debian/meta_data.yaml @@ -1,13 +1,16 @@ --- debname: containerd -debver: 1.4.12~ds1-1 +debver: 1.6.21 dl_path: - name: containerd-debian-1.4.12_ds1-1.tar.gz - url: https://salsa.debian.org/go-team/packages/containerd/-/archive/debian/1.4.12_ds1-1_deb11u1/containerd-debian-1.4.12_ds1-1_deb11u1.tar.gz - md5sum: 12565b0d12ce878b6315f049e48113cd - sha256sum: 00199134fed422a3a8041d7a9f8dd782811e7792ee2e7c298351f026c04b99db + name: containerd-1.6.21-linux-amd64.tar.gz + url: https://github.com/containerd/containerd/releases/download/v1.6.21/containerd-1.6.21-linux-amd64.tar.gz + sha256sum: 04dcc1b99368492caee758583e531392683268197e58156888a3cea2941117b6 +src_files: + - debian/files/config.toml + - debian/files/containerd.service + - debian/files/k8s-container-cleanup.sh revision: dist: $STX_DIST GITREVCOUNT: - BASE_SRCREV: 5993c6715c645f39eb0258b62ec38a9e6eeb57bb + BASE_SRCREV: 5e9b56a96d58ab5069cb1e6afb856d50450b8875 SRC_DIR: ${MY_REPO}/stx/integ/kubernetes/containerd diff --git a/kubernetes/containerd/debian/patches/0001-revert-to-v1.4.11.patch b/kubernetes/containerd/debian/patches/0001-revert-to-v1.4.11.patch deleted file mode 100644 index 3a0c05baf..000000000 --- a/kubernetes/containerd/debian/patches/0001-revert-to-v1.4.11.patch +++ /dev/null @@ -1,590 +0,0 @@ -From 2c7e958673c945279f8e30d1ad162c460b9c0926 Mon Sep 17 00:00:00 2001 -From: Kaustubh Dhokte -Date: Thu, 24 Mar 2022 14:52:27 -0400 -Subject: [PATCH] revert to v1.4.11 - -Signed-off-by: Kaustubh Dhokte ---- - .github/workflows/ci.yml | 12 +- - .github/workflows/nightly.yml | 4 +- - .github/workflows/release.yml | 2 +- - .travis.yml | 2 +- - .zuul/playbooks/containerd-build/run.yaml | 2 +- - Vagrantfile | 2 +- - contrib/Dockerfile.test | 2 +- - images/image.go | 55 -------- - images/image_test.go | 150 ---------------------- - releases/v1.4.12.toml | 23 ---- - remotes/docker/fetcher.go | 4 - - remotes/docker/resolver.go | 35 ++--- - remotes/docker/schema1/converter.go | 9 +- - version/version.go | 2 +- - 14 files changed, 28 insertions(+), 276 deletions(-) - delete mode 100644 images/image_test.go - delete mode 100644 releases/v1.4.12.toml - -diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml -index 8f7a3a7a6..4ee47e5d1 100644 ---- a/.github/workflows/ci.yml -+++ b/.github/workflows/ci.yml -@@ -26,7 +26,7 @@ jobs: - - name: Install Go - uses: actions/setup-go@v2 - with: -- go-version: '1.16.10' -+ go-version: '1.16.8' - - - name: Set env - shell: bash -@@ -82,7 +82,7 @@ jobs: - steps: - - uses: actions/setup-go@v2 - with: -- go-version: '1.16.10' -+ go-version: '1.16.8' - - - name: Set env - shell: bash -@@ -128,7 +128,7 @@ jobs: - steps: - - uses: actions/setup-go@v2 - with: -- go-version: '1.16.10' -+ go-version: '1.16.8' - - - name: Set env - shell: bash -@@ -166,7 +166,7 @@ jobs: - steps: - - uses: actions/setup-go@v2 - with: -- go-version: '1.16.10' -+ go-version: '1.16.8' - - - name: Set env - shell: bash -@@ -199,7 +199,7 @@ jobs: - steps: - - uses: actions/setup-go@v2 - with: -- go-version: '1.16.10' -+ go-version: '1.16.8' - - - name: Set env - shell: bash -@@ -285,7 +285,7 @@ jobs: - steps: - - uses: actions/setup-go@v2 - with: -- go-version: '1.16.10' -+ go-version: '1.16.8' - - - name: Set env - shell: bash -diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml -index b050bbf18..1cb92a34b 100644 ---- a/.github/workflows/nightly.yml -+++ b/.github/workflows/nightly.yml -@@ -14,7 +14,7 @@ jobs: - steps: - - uses: actions/setup-go@v2 - with: -- go-version: '1.16.10' -+ go-version: '1.16.8' - - - name: Checkout - uses: actions/checkout@v1 -@@ -138,7 +138,7 @@ jobs: - steps: - - uses: actions/setup-go@v2 - with: -- go-version: '1.16.10' -+ go-version: '1.16.8' - - - name: Checkout - uses: actions/checkout@v1 -diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml -index d9e5a3eab..ec9971a4a 100644 ---- a/.github/workflows/release.yml -+++ b/.github/workflows/release.yml -@@ -62,7 +62,7 @@ jobs: - - name: Install Go - uses: actions/setup-go@v2 - with: -- go-version: '1.16.10' -+ go-version: '1.16.8' - - - name: Set env - shell: bash -diff --git a/.travis.yml b/.travis.yml -index 8314c796b..1726cf6d5 100644 ---- a/.travis.yml -+++ b/.travis.yml -@@ -15,7 +15,7 @@ os: - - linux - - go: -- - "1.16.10" -+ - "1.16.8" - - env: - - TRAVIS_GOOS=linux TEST_RUNTIME=io.containerd.runc.v1 TRAVIS_CGO_ENABLED=1 TRAVIS_DISTRO=bionic GOPROXY=direct -diff --git a/.zuul/playbooks/containerd-build/run.yaml b/.zuul/playbooks/containerd-build/run.yaml -index c3ebc7eae..815b4ec62 100644 ---- a/.zuul/playbooks/containerd-build/run.yaml -+++ b/.zuul/playbooks/containerd-build/run.yaml -@@ -2,7 +2,7 @@ - become: yes - roles: - - role: config-golang -- go_version: '1.16.10' -+ go_version: '1.16.8' - arch: arm64 - tasks: - - name: Build containerd -diff --git a/Vagrantfile b/Vagrantfile -index b31dfaa34..d1f30c559 100644 ---- a/Vagrantfile -+++ b/Vagrantfile -@@ -77,7 +77,7 @@ Vagrant.configure("2") do |config| - config.vm.provision "install-golang", type: "shell", run: "once" do |sh| - sh.upload_path = "/tmp/vagrant-install-golang" - sh.env = { -- 'GO_VERSION': ENV['GO_VERSION'] || "1.16.10", -+ 'GO_VERSION': ENV['GO_VERSION'] || "1.16.8", - } - sh.inline = <<~SHELL - #!/usr/bin/env bash -diff --git a/contrib/Dockerfile.test b/contrib/Dockerfile.test -index 020008ceb..875c457f0 100644 ---- a/contrib/Dockerfile.test -+++ b/contrib/Dockerfile.test -@@ -10,7 +10,7 @@ - # - # docker build -t containerd-test --build-arg RUNC_VERSION=v1.0.0-rc93 -f Dockerfile.test ../ - --ARG GOLANG_VERSION=1.16.10 -+ARG GOLANG_VERSION=1.16.8 - - FROM golang:${GOLANG_VERSION} AS golang-base - RUN mkdir -p /go/src/github.com/containerd/containerd -diff --git a/images/image.go b/images/image.go -index 2e42ca09a..1868ee88d 100644 ---- a/images/image.go -+++ b/images/image.go -@@ -19,7 +19,6 @@ package images - import ( - "context" - "encoding/json" -- "fmt" - "sort" - "time" - -@@ -155,10 +154,6 @@ func Manifest(ctx context.Context, provider content.Provider, image ocispec.Desc - return nil, err - } - -- if err := validateMediaType(p, desc.MediaType); err != nil { -- return nil, errors.Wrapf(err, "manifest: invalid desc %s", desc.Digest) -- } -- - var manifest ocispec.Manifest - if err := json.Unmarshal(p, &manifest); err != nil { - return nil, err -@@ -199,10 +194,6 @@ func Manifest(ctx context.Context, provider content.Provider, image ocispec.Desc - return nil, err - } - -- if err := validateMediaType(p, desc.MediaType); err != nil { -- return nil, errors.Wrapf(err, "manifest: invalid desc %s", desc.Digest) -- } -- - var idx ocispec.Index - if err := json.Unmarshal(p, &idx); err != nil { - return nil, err -@@ -345,10 +336,6 @@ func Children(ctx context.Context, provider content.Provider, desc ocispec.Descr - return nil, err - } - -- if err := validateMediaType(p, desc.MediaType); err != nil { -- return nil, errors.Wrapf(err, "children: invalid desc %s", desc.Digest) -- } -- - // TODO(stevvooe): We just assume oci manifest, for now. There may be - // subtle differences from the docker version. - var manifest ocispec.Manifest -@@ -364,10 +351,6 @@ func Children(ctx context.Context, provider content.Provider, desc ocispec.Descr - return nil, err - } - -- if err := validateMediaType(p, desc.MediaType); err != nil { -- return nil, errors.Wrapf(err, "children: invalid desc %s", desc.Digest) -- } -- - var index ocispec.Index - if err := json.Unmarshal(p, &index); err != nil { - return nil, err -@@ -385,44 +368,6 @@ func Children(ctx context.Context, provider content.Provider, desc ocispec.Descr - return descs, nil - } - --// unknownDocument represents a manifest, manifest list, or index that has not --// yet been validated. --type unknownDocument struct { -- MediaType string `json:"mediaType,omitempty"` -- Config json.RawMessage `json:"config,omitempty"` -- Layers json.RawMessage `json:"layers,omitempty"` -- Manifests json.RawMessage `json:"manifests,omitempty"` -- FSLayers json.RawMessage `json:"fsLayers,omitempty"` // schema 1 --} -- --// validateMediaType returns an error if the byte slice is invalid JSON or if --// the media type identifies the blob as one format but it contains elements of --// another format. --func validateMediaType(b []byte, mt string) error { -- var doc unknownDocument -- if err := json.Unmarshal(b, &doc); err != nil { -- return err -- } -- if len(doc.FSLayers) != 0 { -- return fmt.Errorf("media-type: schema 1 not supported") -- } -- switch mt { -- case MediaTypeDockerSchema2Manifest, ocispec.MediaTypeImageManifest: -- if len(doc.Manifests) != 0 || -- doc.MediaType == MediaTypeDockerSchema2ManifestList || -- doc.MediaType == ocispec.MediaTypeImageIndex { -- return fmt.Errorf("media-type: expected manifest but found index (%s)", mt) -- } -- case MediaTypeDockerSchema2ManifestList, ocispec.MediaTypeImageIndex: -- if len(doc.Config) != 0 || len(doc.Layers) != 0 || -- doc.MediaType == MediaTypeDockerSchema2Manifest || -- doc.MediaType == ocispec.MediaTypeImageManifest { -- return fmt.Errorf("media-type: expected index but found manifest (%s)", mt) -- } -- } -- return nil --} -- - // RootFS returns the unpacked diffids that make up and images rootfs. - // - // These are used to verify that a set of layers unpacked to the expected -diff --git a/images/image_test.go b/images/image_test.go -deleted file mode 100644 -index 3e88e5076..000000000 ---- a/images/image_test.go -+++ /dev/null -@@ -1,150 +0,0 @@ --/* -- Copyright The containerd Authors. -- -- Licensed under the Apache License, Version 2.0 (the "License"); -- you may not use this file except in compliance with the License. -- You may obtain a copy of the License at -- -- http://www.apache.org/licenses/LICENSE-2.0 -- -- Unless required by applicable law or agreed to in writing, software -- distributed under the License is distributed on an "AS IS" BASIS, -- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -- See the License for the specific language governing permissions and -- limitations under the License. --*/ -- --package images -- --import ( -- "encoding/json" -- "testing" -- -- ocispec "github.com/opencontainers/image-spec/specs-go/v1" --) -- --func TestValidateMediaType(t *testing.T) { -- docTests := []struct { -- mt string -- index bool -- }{ -- {MediaTypeDockerSchema2Manifest, false}, -- {ocispec.MediaTypeImageManifest, false}, -- {MediaTypeDockerSchema2ManifestList, true}, -- {ocispec.MediaTypeImageIndex, true}, -- } -- for _, tc := range docTests { -- t.Run("manifest-"+tc.mt, func(t *testing.T) { -- manifest := ocispec.Manifest{ -- Config: ocispec.Descriptor{Size: 1}, -- Layers: []ocispec.Descriptor{{Size: 2}}, -- } -- b, err := json.Marshal(manifest) -- if err != nil { -- t.Fatal("failed to marshal manifest", err) -- } -- -- err = validateMediaType(b, tc.mt) -- if tc.index { -- if err == nil { -- t.Error("manifest should not be a valid index") -- } -- } else { -- if err != nil { -- t.Error("manifest should be valid") -- } -- } -- }) -- t.Run("index-"+tc.mt, func(t *testing.T) { -- index := ocispec.Index{ -- Manifests: []ocispec.Descriptor{{Size: 1}}, -- } -- b, err := json.Marshal(index) -- if err != nil { -- t.Fatal("failed to marshal index", err) -- } -- -- err = validateMediaType(b, tc.mt) -- if tc.index { -- if err != nil { -- t.Error("index should be valid") -- } -- } else { -- if err == nil { -- t.Error("index should not be a valid manifest") -- } -- } -- }) -- } -- -- mtTests := []struct { -- mt string -- valid []string -- invalid []string -- }{{ -- MediaTypeDockerSchema2Manifest, -- []string{MediaTypeDockerSchema2Manifest, ocispec.MediaTypeImageManifest}, -- []string{MediaTypeDockerSchema2ManifestList, ocispec.MediaTypeImageIndex}, -- }, { -- ocispec.MediaTypeImageManifest, -- []string{MediaTypeDockerSchema2Manifest, ocispec.MediaTypeImageManifest}, -- []string{MediaTypeDockerSchema2ManifestList, ocispec.MediaTypeImageIndex}, -- }, { -- MediaTypeDockerSchema2ManifestList, -- []string{MediaTypeDockerSchema2ManifestList, ocispec.MediaTypeImageIndex}, -- []string{MediaTypeDockerSchema2Manifest, ocispec.MediaTypeImageManifest}, -- }, { -- ocispec.MediaTypeImageIndex, -- []string{MediaTypeDockerSchema2ManifestList, ocispec.MediaTypeImageIndex}, -- []string{MediaTypeDockerSchema2Manifest, ocispec.MediaTypeImageManifest}, -- }} -- for _, tc := range mtTests { -- for _, v := range tc.valid { -- t.Run("valid-"+tc.mt+"-"+v, func(t *testing.T) { -- doc := struct { -- MediaType string `json:"mediaType"` -- }{MediaType: v} -- b, err := json.Marshal(doc) -- if err != nil { -- t.Fatal("failed to marshal document", err) -- } -- -- err = validateMediaType(b, tc.mt) -- if err != nil { -- t.Error("document should be valid", err) -- } -- }) -- } -- for _, iv := range tc.invalid { -- t.Run("invalid-"+tc.mt+"-"+iv, func(t *testing.T) { -- doc := struct { -- MediaType string `json:"mediaType"` -- }{MediaType: iv} -- b, err := json.Marshal(doc) -- if err != nil { -- t.Fatal("failed to marshal document", err) -- } -- -- err = validateMediaType(b, tc.mt) -- if err == nil { -- t.Error("document should not be valid") -- } -- }) -- } -- } -- t.Run("schema1", func(t *testing.T) { -- doc := struct { -- FSLayers []string `json:"fsLayers"` -- }{FSLayers: []string{"1"}} -- b, err := json.Marshal(doc) -- if err != nil { -- t.Fatal("failed to marshal document", err) -- } -- -- err = validateMediaType(b, "") -- if err == nil { -- t.Error("document should not be valid") -- } -- -- }) --} -diff --git a/releases/v1.4.12.toml b/releases/v1.4.12.toml -deleted file mode 100644 -index 072d6959a..000000000 ---- a/releases/v1.4.12.toml -+++ /dev/null -@@ -1,23 +0,0 @@ --# commit to be tagged for new release --commit = "HEAD" -- --project_name = "containerd" --github_repo = "containerd/containerd" --match_deps = "^github.com/(containerd/[a-zA-Z0-9-]+)$" -- --# previous release --previous = "v1.4.11" -- --pre_release = false -- --preface = """\ --The twelfth patch release for containerd 1.4 contains a few minor bug fixes --and an update to mitigate [CVE-2021-41190](https://github.com/opencontainers/distribution-spec/security/advisories/GHSA-mc8v-mgrf-8f4m). -- --### Notable Updates -- --* **Handle ambiguous OCI manifest parsing** ([GHSA-5j5w-g665-5m35](https://github.com/containerd/containerd/security/advisories/GHSA-5j5w-g665-5m35)) --* **Update pull to try next mirror for non-404 errors** ([#5275](https://github.com/containerd/containerd/pull/5275)) --* **Update pull to handle of non-https urls in descriptors** ([#6221](https://github.com/containerd/containerd/pull/6221)) -- --See the changelog for complete list of changes""" -diff --git a/remotes/docker/fetcher.go b/remotes/docker/fetcher.go -index 4b2c10e9a..5796fbf4a 100644 ---- a/remotes/docker/fetcher.go -+++ b/remotes/docker/fetcher.go -@@ -60,10 +60,6 @@ func (r dockerFetcher) Fetch(ctx context.Context, desc ocispec.Descriptor) (io.R - log.G(ctx).WithError(err).Debug("failed to parse") - continue - } -- if u.Scheme != "http" && u.Scheme != "https" { -- log.G(ctx).Debug("non-http(s) alternative url is unsupported") -- continue -- } - log.G(ctx).Debug("trying alternative url") - - // Try this first, parse it -diff --git a/remotes/docker/resolver.go b/remotes/docker/resolver.go -index d6ccd7072..06b08dee8 100644 ---- a/remotes/docker/resolver.go -+++ b/remotes/docker/resolver.go -@@ -229,10 +229,10 @@ func (r *dockerResolver) Resolve(ctx context.Context, ref string) (string, ocisp - } - - var ( -- firstErr error -- paths [][]string -- dgst = refspec.Digest() -- caps = HostCapabilityPull -+ lastErr error -+ paths [][]string -+ dgst = refspec.Digest() -+ caps = HostCapabilityPull - ) - - if dgst != "" { -@@ -283,8 +283,8 @@ func (r *dockerResolver) Resolve(ctx context.Context, ref string) (string, ocisp - err = errors.Wrapf(err, "pull access denied, repository does not exist or may require authorization") - } - // Store the error for referencing later -- if firstErr == nil { -- firstErr = err -+ if lastErr == nil { -+ lastErr = err - } - continue // try another host - } -@@ -294,14 +294,7 @@ func (r *dockerResolver) Resolve(ctx context.Context, ref string) (string, ocisp - if resp.StatusCode == http.StatusNotFound { - continue - } -- if resp.StatusCode > 399 { -- // Set firstErr when encountering the first non-404 status code. -- if firstErr == nil { -- firstErr = errors.Errorf("pulling from host %s failed with status code %v: %v", host.Host, u, resp.Status) -- } -- continue // try another host -- } -- return "", ocispec.Descriptor{}, errors.Errorf("pulling from host %s failed with unexpected status code %v: %v", host.Host, u, resp.Status) -+ return "", ocispec.Descriptor{}, errors.Errorf("unexpected status code %v: %v", u, resp.Status) - } - size := resp.ContentLength - contentType := getManifestMediaType(resp) -@@ -364,8 +357,8 @@ func (r *dockerResolver) Resolve(ctx context.Context, ref string) (string, ocisp - } - // Prevent resolving to excessively large manifests - if size > MaxManifestSize { -- if firstErr == nil { -- firstErr = errors.Wrapf(errdefs.ErrNotFound, "rejecting %d byte manifest for %s", size, ref) -+ if lastErr == nil { -+ lastErr = errors.Wrapf(errdefs.ErrNotFound, "rejecting %d byte manifest for %s", size, ref) - } - continue - } -@@ -381,15 +374,11 @@ func (r *dockerResolver) Resolve(ctx context.Context, ref string) (string, ocisp - } - } - -- // If above loop terminates without return, then there was an error. -- // "firstErr" contains the first non-404 error. That is, "firstErr == nil" -- // means that either no registries were given or each registry returned 404. -- -- if firstErr == nil { -- firstErr = errors.Wrap(errdefs.ErrNotFound, ref) -+ if lastErr == nil { -+ lastErr = errors.Wrap(errdefs.ErrNotFound, ref) - } - -- return "", ocispec.Descriptor{}, firstErr -+ return "", ocispec.Descriptor{}, lastErr - } - - func (r *dockerResolver) Fetcher(ctx context.Context, ref string) (remotes.Fetcher, error) { -diff --git a/remotes/docker/schema1/converter.go b/remotes/docker/schema1/converter.go -index f15a9acf3..8314c01d5 100644 ---- a/remotes/docker/schema1/converter.go -+++ b/remotes/docker/schema1/converter.go -@@ -256,9 +256,6 @@ func (c *Converter) fetchManifest(ctx context.Context, desc ocispec.Descriptor) - if err := json.Unmarshal(b, &m); err != nil { - return err - } -- if len(m.Manifests) != 0 || len(m.Layers) != 0 { -- return errors.New("converter: expected schema1 document but found extra keys") -- } - c.pulledManifest = &m - - return nil -@@ -475,10 +472,8 @@ type history struct { - } - - type manifest struct { -- FSLayers []fsLayer `json:"fsLayers"` -- History []history `json:"history"` -- Layers json.RawMessage `json:"layers,omitempty"` // OCI manifest -- Manifests json.RawMessage `json:"manifests,omitempty"` // OCI index -+ FSLayers []fsLayer `json:"fsLayers"` -+ History []history `json:"history"` - } - - type v1History struct { -diff --git a/version/version.go b/version/version.go -index dab4a1656..77f581f7c 100644 ---- a/version/version.go -+++ b/version/version.go -@@ -23,7 +23,7 @@ var ( - Package = "github.com/containerd/containerd" - - // Version holds the complete version number. Filled in at linking time. -- Version = "1.4.12+unknown" -+ Version = "1.4.11+unknown" - - // Revision is filled with the VCS (e.g. git) revision being used to build - // the program at linking time. --- -2.25.1 - diff --git a/kubernetes/containerd/debian/patches/0002-customize-containerd-for-StarlingX.patch b/kubernetes/containerd/debian/patches/0002-customize-containerd-for-StarlingX.patch deleted file mode 100644 index 01ebf51c7..000000000 --- a/kubernetes/containerd/debian/patches/0002-customize-containerd-for-StarlingX.patch +++ /dev/null @@ -1,55 +0,0 @@ -From eeb59bb893f5f5ce6d7b9ec170ec67203f71478d Mon Sep 17 00:00:00 2001 -From: Kaustubh Dhokte -Date: Tue, 1 Mar 2022 20:43:42 -0500 -Subject: [PATCH] customize containerd for StarlingX - -1. disable btrfs to avoid needing to pull in the devel package -2. docker registry in StarlingX 3.0 branch doesn't support POST method -for token and will return 400. Switch to GET method to get token if -StatusCode is 400. -3. hardcode version info due to miss git info in tarball. - -Signed-off-by: Kaustubh Dhokte ---- - Makefile | 3 ++- - remotes/docker/authorizer.go | 3 ++- - 2 files changed, 4 insertions(+), 2 deletions(-) - -diff --git a/Makefile b/Makefile -index c0fecb9a6..d8cef89d5 100644 ---- a/Makefile -+++ b/Makefile -@@ -20,7 +20,7 @@ ROOTDIR=$(dir $(abspath $(lastword $(MAKEFILE_LIST)))) - DESTDIR ?= /usr/local - - # Used to populate variables in version package. --VERSION=$(shell git describe --match 'v[0-9]*' --dirty='.m' --always) -+VERSION=v1.4.11 - REVISION=$(shell git rev-parse HEAD)$(shell if ! git diff --no-ext-diff --quiet --exit-code; then echo .m; fi) - PACKAGE=github.com/containerd/containerd - SHIM_CGO_ENABLED ?= 0 -@@ -78,6 +78,7 @@ endif - # Build tags apparmor and selinux are needed by CRI plugin. - GO_BUILDTAGS ?= apparmor selinux - GO_BUILDTAGS += ${DEBUG_TAGS} -+GO_BUILDTAGS += no_btrfs - GO_TAGS=$(if $(GO_BUILDTAGS),-tags "$(GO_BUILDTAGS)",) - GO_LDFLAGS=-ldflags '-X $(PKG)/version.Version=$(VERSION) -X $(PKG)/version.Revision=$(REVISION) -X $(PKG)/version.Package=$(PACKAGE) $(EXTRA_LDFLAGS)' - SHIM_GO_LDFLAGS=-ldflags '-X $(PKG)/version.Version=$(VERSION) -X $(PKG)/version.Revision=$(REVISION) -X $(PKG)/version.Package=$(PACKAGE) -extldflags "-static" $(EXTRA_LDFLAGS)' -diff --git a/remotes/docker/authorizer.go b/remotes/docker/authorizer.go -index 67e4aea8d..bacaa502d 100644 ---- a/remotes/docker/authorizer.go -+++ b/remotes/docker/authorizer.go -@@ -284,7 +284,8 @@ func (ah *authHandler) doBearerAuth(ctx context.Context) (token string, err erro - // Registries without support for POST may return 404 for POST /v2/token. - // As of September 2017, GCR is known to return 404. - // As of February 2018, JFrog Artifactory is known to return 401. -- if (errStatus.StatusCode == 405 && to.Username != "") || errStatus.StatusCode == 404 || errStatus.StatusCode == 401 { -+ // Registry in StarlingX 6.0 returns 400 for POST /v2/token. Should check if still applicable. -+ if (errStatus.StatusCode == 405 && to.Username != "") || errStatus.StatusCode == 404 || errStatus.StatusCode == 401 || errStatus.StatusCode == 400 { - resp, err := auth.FetchToken(ctx, ah.client, ah.header, to) - if err != nil { - return "", err --- -2.25.1 - diff --git a/kubernetes/containerd/debian/patches/0003-CRI-Reduce-clutter-of-log-entries-during-process-exe.patch b/kubernetes/containerd/debian/patches/0003-CRI-Reduce-clutter-of-log-entries-during-process-exe.patch deleted file mode 100644 index c7affb457..000000000 --- a/kubernetes/containerd/debian/patches/0003-CRI-Reduce-clutter-of-log-entries-during-process-exe.patch +++ /dev/null @@ -1,122 +0,0 @@ -From 80f56a43f5ff7f7d10689a21a004279345221f70 Mon Sep 17 00:00:00 2001 -From: Davanum Srinivas -Date: Wed, 6 Jan 2021 08:57:31 -0500 -Subject: [PATCH] [CRI] Reduce clutter of log entries during process execution - -Signed-off-by: Davanum Srinivas ---- - .../vendor/github.com/containerd/cri/pkg/server/container_execsync.go | 4 ++-- - .../vendor/github.com/cri/pkg/server/instrumented_service.go | 12 ++++++------ - .../vendor/github.com/containerd/cri/pkg/server/io/container_io.go | 4 ++-- - .../vendor/github.com/containerd/cri/pkg/server/io/exec_io.go | 2 +- - 4 files changed, 11 insertions(+), 11 deletions(-) - -diff --git a/vendor/github.com/containerd/cri/pkg/server/container_execsync.go b/vendor/github.com/containerd/cri/pkg/server/container_execsync.go -index 1c019f651..17c2bd39d 100644 ---- a/vendor/github.com/containerd/cri/pkg/server/container_execsync.go -+++ b/vendor/github.com/containerd/cri/pkg/server/container_execsync.go -@@ -164,14 +164,14 @@ func (c *criService) execInternal(ctx context.Context, container containerd.Cont - } - // Wait for the process to be killed. - exitRes := <-exitCh -- log.G(ctx).Infof("Timeout received while waiting for exec process kill %q code %d and error %v", -+ log.G(ctx).Debugf("Timeout received while waiting for exec process kill %q code %d and error %v", - execID, exitRes.ExitCode(), exitRes.Error()) - <-attachDone - log.G(ctx).Debugf("Stream pipe for exec process %q done", execID) - return nil, errors.Wrapf(execCtx.Err(), "timeout %v exceeded", opts.timeout) - case exitRes := <-exitCh: - code, _, err := exitRes.Result() -- log.G(ctx).Infof("Exec process %q exits with exit code %d and error %v", execID, code, err) -+ log.G(ctx).Debugf("Exec process %q exits with exit code %d and error %v", execID, code, err) - if err != nil { - return nil, errors.Wrapf(err, "failed while waiting for exec %q", execID) - } -diff --git a/vendor/github.com/containerd/cri/pkg/server/instrumented_service.go b/vendor/github.com/containerd/cri/pkg/server/instrumented_service.go -index 2c2528ab6..74bebe858 100644 ---- a/vendor/github.com/containerd/cri/pkg/server/instrumented_service.go -+++ b/vendor/github.com/containerd/cri/pkg/server/instrumented_service.go -@@ -247,12 +247,12 @@ func (in *instrumentedService) ExecSync(ctx context.Context, r *runtime.ExecSync - if err := in.checkInitialized(); err != nil { - return nil, err - } -- log.G(ctx).Infof("ExecSync for %q with command %+v and timeout %d (s)", r.GetContainerId(), r.GetCmd(), r.GetTimeout()) -+ log.G(ctx).Debugf("ExecSync for %q with command %+v and timeout %d (s)", r.GetContainerId(), r.GetCmd(), r.GetTimeout()) - defer func() { - if err != nil { - log.G(ctx).WithError(err).Errorf("ExecSync for %q failed", r.GetContainerId()) - } else { -- log.G(ctx).Infof("ExecSync for %q returns with exit code %d", r.GetContainerId(), res.GetExitCode()) -+ log.G(ctx).Debugf("ExecSync for %q returns with exit code %d", r.GetContainerId(), res.GetExitCode()) - log.G(ctx).Debugf("ExecSync for %q outputs - stdout: %q, stderr: %q", r.GetContainerId(), - res.GetStdout(), res.GetStderr()) - } -@@ -265,13 +265,13 @@ func (in *instrumentedService) Exec(ctx context.Context, r *runtime.ExecRequest) - if err := in.checkInitialized(); err != nil { - return nil, err - } -- log.G(ctx).Infof("Exec for %q with command %+v, tty %v and stdin %v", -+ log.G(ctx).Debugf("Exec for %q with command %+v, tty %v and stdin %v", - r.GetContainerId(), r.GetCmd(), r.GetTty(), r.GetStdin()) - defer func() { - if err != nil { - log.G(ctx).WithError(err).Errorf("Exec for %q failed", r.GetContainerId()) - } else { -- log.G(ctx).Infof("Exec for %q returns URL %q", r.GetContainerId(), res.GetUrl()) -+ log.G(ctx).Debugf("Exec for %q returns URL %q", r.GetContainerId(), res.GetUrl()) - } - }() - res, err = in.c.Exec(ctrdutil.WithNamespace(ctx), r) -@@ -282,12 +282,12 @@ func (in *instrumentedService) Attach(ctx context.Context, r *runtime.AttachRequ - if err := in.checkInitialized(); err != nil { - return nil, err - } -- log.G(ctx).Infof("Attach for %q with tty %v and stdin %v", r.GetContainerId(), r.GetTty(), r.GetStdin()) -+ log.G(ctx).Debugf("Attach for %q with tty %v and stdin %v", r.GetContainerId(), r.GetTty(), r.GetStdin()) - defer func() { - if err != nil { - log.G(ctx).WithError(err).Errorf("Attach for %q failed", r.GetContainerId()) - } else { -- log.G(ctx).Infof("Attach for %q returns URL %q", r.GetContainerId(), res.Url) -+ log.G(ctx).Debugf("Attach for %q returns URL %q", r.GetContainerId(), res.Url) - } - }() - res, err = in.c.Attach(ctrdutil.WithNamespace(ctx), r) -diff --git a/vendor/github.com/containerd/cri/pkg/server/io/container_io.go b/vendor/github.com/containerd/cri/pkg/server/io/container_io.go -index c66549ca5..c69cadd6c 100644 ---- a/vendor/github.com/containerd/cri/pkg/server/io/container_io.go -+++ b/vendor/github.com/containerd/cri/pkg/server/io/container_io.go -@@ -114,7 +114,7 @@ func (c *ContainerIO) Pipe() { - c.stdout.Close() - c.stdoutGroup.Close() - wg.Done() -- logrus.Infof("Finish piping stdout of container %q", c.id) -+ logrus.Debugf("Finish piping stdout of container %q", c.id) - }() - } - -@@ -127,7 +127,7 @@ func (c *ContainerIO) Pipe() { - c.stderr.Close() - c.stderrGroup.Close() - wg.Done() -- logrus.Infof("Finish piping stderr of container %q", c.id) -+ logrus.Debugf("Finish piping stderr of container %q", c.id) - }() - } - } -diff --git a/vendor/github.com/containerd/cri/pkg/server/io/exec_io.go b/vendor/github.com/containerd/cri/pkg/server/io/exec_io.go -index 4a695030d..f1b9ef370 100644 ---- a/vendor/github.com/containerd/cri/pkg/server/io/exec_io.go -+++ b/vendor/github.com/containerd/cri/pkg/server/io/exec_io.go -@@ -99,7 +99,7 @@ func (e *ExecIO) Attach(opts AttachOptions) <-chan struct{} { - } - e.closer.wg.Done() - wg.Done() -- logrus.Infof("Finish piping %q of container exec %q", t, e.id) -+ logrus.Debugf("Finish piping %q of container exec %q", t, e.id) - } - - if opts.Stdout != nil { --- -2.25.1 - diff --git a/kubernetes/containerd/debian/patches/series b/kubernetes/containerd/debian/patches/series deleted file mode 100644 index 623ad4e3a..000000000 --- a/kubernetes/containerd/debian/patches/series +++ /dev/null @@ -1,3 +0,0 @@ -0001-revert-to-v1.4.11.patch -0002-customize-containerd-for-StarlingX.patch -0003-CRI-Reduce-clutter-of-log-entries-during-process-exe.patch