diff --git a/go.mod b/go.mod index 3c2c15cd..f57290a3 100644 --- a/go.mod +++ b/go.mod @@ -13,7 +13,7 @@ require ( github.com/codahale/hdrhistogram v0.0.0-20160425231609-f8ad88b59a58 // indirect github.com/containerd/cgroups v0.0.0-20200710171044-318312a37340 // indirect github.com/containerd/console v1.0.0 - github.com/containerd/containerd v1.4.1-0.20200827124858-efa0e809135e + github.com/containerd/containerd v1.4.1-0.20200903181227-d4e78200d6da github.com/containerd/continuity v0.0.0-20200710164510-efbc4488d8fe github.com/containerd/fifo v0.0.0-20200410184934-f15a3290365b // indirect github.com/containerd/go-cni v1.0.1 diff --git a/go.sum b/go.sum index e904ebe1..ac692062 100644 --- a/go.sum +++ b/go.sum @@ -46,8 +46,8 @@ github.com/containerd/containerd v1.3.0-beta.2.0.20190828155532-0293cbd26c69/go. github.com/containerd/containerd v1.3.2/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= github.com/containerd/containerd v1.4.0 h1:aWJB3lbDEaOxg1mkTBAINY2a+NsoKbAeRYefJPPRY+o= github.com/containerd/containerd v1.4.0/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= -github.com/containerd/containerd v1.4.1-0.20200827124858-efa0e809135e h1:q8QVonMeBcHmfTIRpsyo1sD3v3ggdcp55ZwbLsScJeE= -github.com/containerd/containerd v1.4.1-0.20200827124858-efa0e809135e/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= +github.com/containerd/containerd v1.4.1-0.20200903181227-d4e78200d6da h1:HB+j4bGFoFYkoQIdFPadQiuYWEa5TOGXYghdgSw4VHM= +github.com/containerd/containerd v1.4.1-0.20200903181227-d4e78200d6da/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y= github.com/containerd/continuity v0.0.0-20200710164510-efbc4488d8fe h1:PEmIrUvwG9Yyv+0WKZqjXfSFDeZjs/q15g0m08BYS9k= github.com/containerd/continuity v0.0.0-20200710164510-efbc4488d8fe/go.mod h1:cECdGN1O8G9bgKTlLhuPJimka6Xb/Gg7vYzCTNVxhvo= diff --git a/util/resolver/authorizer.go b/util/resolver/authorizer.go index 5bae0e77..9fb5bc31 100644 --- a/util/resolver/authorizer.go +++ b/util/resolver/authorizer.go @@ -13,6 +13,7 @@ import ( "github.com/containerd/containerd/log" "github.com/containerd/containerd/remotes/docker" "github.com/containerd/containerd/remotes/docker/auth" + remoteserrors "github.com/containerd/containerd/remotes/errors" "github.com/moby/buildkit/session" sessionauth "github.com/moby/buildkit/session/auth" "github.com/moby/buildkit/util/flightcontrol" @@ -308,7 +309,7 @@ func (ah *authHandler) doBearerAuth(ctx context.Context) (token string, err erro // switch once support has landed resp, err := auth.FetchToken(ctx, ah.client, nil, to) if err != nil { - var errStatus auth.ErrUnexpectedStatus + var errStatus remoteserrors.ErrUnexpectedStatus if errors.As(err, &errStatus) { // retry with POST request // As of September 2017, GCR is known to return 404. diff --git a/vendor/github.com/containerd/containerd/README.md b/vendor/github.com/containerd/containerd/README.md index a973d515..320c1121 100644 --- a/vendor/github.com/containerd/containerd/README.md +++ b/vendor/github.com/containerd/containerd/README.md @@ -10,10 +10,24 @@ containerd is an industry-standard container runtime with an emphasis on simplicity, robustness and portability. It is available as a daemon for Linux and Windows, which can manage the complete container lifecycle of its host system: image transfer and storage, container execution and supervision, low-level storage and network attachments, etc. +containerd is a member of CNCF with ['graduated'](https://landscape.cncf.io/selected=containerd) status. + containerd is designed to be embedded into a larger system, rather than being used directly by developers or end-users. ![architecture](design/architecture.png) +## Now Recruiting + +We are a large inclusive OSS project that is welcoming help of any kind shape or form: +* Documentation help is needed to make the product easier to consume and extend. +* We need OSS community outreach / organizing help to get the word out; manage +and create messaging and educational content; and to help with social media, community forums/groups, and google groups. +* We are actively inviting new [security advisors](https://github.com/containerd/project/blob/master/GOVERNANCE.md#security-advisors) to join the team. +* New sub-projects are being created, core and non-core that could use additional development help. +* Each of the [containerd projects](https://github.com/containerd) has a list of issues currently being worked on or that need help resolving. + - If the issue has not already been assigned to someone, or has not made recent progress and you are interested, please inquire. + - If you are interested in starting with a smaller / beginner level issue, look for issues with an `exp/beginner` tag, for example [containerd/containerd beginner issues.](https://github.com/containerd/containerd/issues?q=is%3Aissue+is%3Aopen+label%3Aexp%2Fbeginner) + ## Getting Started See our documentation on [containerd.io](https://containerd.io): @@ -250,10 +264,7 @@ loaded for the user's shell environment. For async communication and long running discussions please use issues and pull requests on the github repo. This will be the best place to discuss design and implementation. -For sync communication we have a community slack with a #containerd channel that everyone is welcome to join and chat about development. - -**Slack:** Catch us in the #containerd and #containerd-dev channels on dockercommunity.slack.com. -[Click here for an invite to docker community slack.](https://dockr.ly/slack) +For sync communication catch us in the `#containerd` and `#containerd-dev` slack channels on Cloud Native Computing Foundation's (CNCF) slack - `cloud-native.slack.com`. Everyone is welcome to join and chat. [Get Invite to CNCF slack.](https://slack.cncf.io) ### Security audit diff --git a/vendor/github.com/containerd/containerd/remotes/docker/auth/fetch.go b/vendor/github.com/containerd/containerd/remotes/docker/auth/fetch.go index 0a25b335..7a05e393 100644 --- a/vendor/github.com/containerd/containerd/remotes/docker/auth/fetch.go +++ b/vendor/github.com/containerd/containerd/remotes/docker/auth/fetch.go @@ -19,15 +19,13 @@ package auth import ( "context" "encoding/json" - "fmt" - "io" - "io/ioutil" "net/http" "net/url" "strings" "time" "github.com/containerd/containerd/log" + remoteserrors "github.com/containerd/containerd/remotes/errors" "github.com/pkg/errors" "golang.org/x/net/context/ctxhttp" ) @@ -38,25 +36,6 @@ var ( ErrNoToken = errors.New("authorization server did not include a token in the response") ) -// ErrUnexpectedStatus is returned if a token request returned with unexpected HTTP status -type ErrUnexpectedStatus struct { - Status string - StatusCode int - Body []byte -} - -func (e ErrUnexpectedStatus) Error() string { - return fmt.Sprintf("unexpected status: %s", e.Status) -} - -func newUnexpectedStatusErr(resp *http.Response) error { - var b []byte - if resp.Body != nil { - b, _ = ioutil.ReadAll(io.LimitReader(resp.Body, 64000)) // 64KB - } - return ErrUnexpectedStatus{Status: resp.Status, StatusCode: resp.StatusCode, Body: b} -} - // GenerateTokenOptions generates options for fetching a token based on a challenge func GenerateTokenOptions(ctx context.Context, host, username, secret string, c Challenge) (TokenOptions, error) { realm, ok := c.Parameters["realm"] @@ -140,7 +119,7 @@ func FetchTokenWithOAuth(ctx context.Context, client *http.Client, headers http. defer resp.Body.Close() if resp.StatusCode < 200 || resp.StatusCode >= 400 { - return nil, errors.WithStack(newUnexpectedStatusErr(resp)) + return nil, errors.WithStack(remoteserrors.NewUnexpectedStatusErr(resp)) } decoder := json.NewDecoder(resp.Body) @@ -202,7 +181,7 @@ func FetchToken(ctx context.Context, client *http.Client, headers http.Header, t defer resp.Body.Close() if resp.StatusCode < 200 || resp.StatusCode >= 400 { - return nil, errors.WithStack(newUnexpectedStatusErr(resp)) + return nil, errors.WithStack(remoteserrors.NewUnexpectedStatusErr(resp)) } decoder := json.NewDecoder(resp.Body) diff --git a/vendor/github.com/containerd/containerd/remotes/docker/authorizer.go b/vendor/github.com/containerd/containerd/remotes/docker/authorizer.go index 787310e0..67e4aea8 100644 --- a/vendor/github.com/containerd/containerd/remotes/docker/authorizer.go +++ b/vendor/github.com/containerd/containerd/remotes/docker/authorizer.go @@ -27,6 +27,7 @@ import ( "github.com/containerd/containerd/errdefs" "github.com/containerd/containerd/log" "github.com/containerd/containerd/remotes/docker/auth" + remoteerrors "github.com/containerd/containerd/remotes/errors" "github.com/pkg/errors" "github.com/sirupsen/logrus" ) @@ -278,7 +279,7 @@ func (ah *authHandler) doBearerAuth(ctx context.Context) (token string, err erro // TODO: Allow setting client_id resp, err := auth.FetchTokenWithOAuth(ctx, ah.client, ah.header, "containerd-client", to) if err != nil { - var errStatus auth.ErrUnexpectedStatus + var errStatus remoteerrors.ErrUnexpectedStatus if errors.As(err, &errStatus) { // Registries without support for POST may return 404 for POST /v2/token. // As of September 2017, GCR is known to return 404. diff --git a/vendor/github.com/containerd/containerd/remotes/docker/pusher.go b/vendor/github.com/containerd/containerd/remotes/docker/pusher.go index 98ea515d..13fc1368 100644 --- a/vendor/github.com/containerd/containerd/remotes/docker/pusher.go +++ b/vendor/github.com/containerd/containerd/remotes/docker/pusher.go @@ -30,6 +30,7 @@ import ( "github.com/containerd/containerd/images" "github.com/containerd/containerd/log" "github.com/containerd/containerd/remotes" + remoteserrors "github.com/containerd/containerd/remotes/errors" digest "github.com/opencontainers/go-digest" ocispec "github.com/opencontainers/image-spec/specs-go/v1" "github.com/pkg/errors" @@ -112,8 +113,9 @@ func (p dockerPusher) Push(ctx context.Context, desc ocispec.Descriptor) (conten return nil, errors.Wrapf(errdefs.ErrAlreadyExists, "content %v on remote", desc.Digest) } } else if resp.StatusCode != http.StatusNotFound { - // TODO: log error - return nil, errors.Errorf("unexpected response: %s", resp.Status) + err := remoteserrors.NewUnexpectedStatusErr(resp) + log.G(ctx).WithField("resp", resp).WithField("body", string(err.(remoteserrors.ErrUnexpectedStatus).Body)).Debug("unexpected response") + return nil, err } } @@ -166,8 +168,9 @@ func (p dockerPusher) Push(ctx context.Context, desc ocispec.Descriptor) (conten }) return nil, errors.Wrapf(errdefs.ErrAlreadyExists, "content %v on remote", desc.Digest) default: - // TODO: log error - return nil, errors.Errorf("unexpected response: %s", resp.Status) + err := remoteserrors.NewUnexpectedStatusErr(resp) + log.G(ctx).WithField("resp", resp).WithField("body", string(err.(remoteserrors.ErrUnexpectedStatus).Body)).Debug("unexpected response") + return nil, err } var ( @@ -244,8 +247,9 @@ func (p dockerPusher) Push(ctx context.Context, desc ocispec.Descriptor) (conten switch resp.StatusCode { case http.StatusOK, http.StatusCreated, http.StatusNoContent: default: - // TODO: log error - pr.CloseWithError(errors.Errorf("unexpected response: %s", resp.Status)) + err := remoteserrors.NewUnexpectedStatusErr(resp) + log.G(ctx).WithField("resp", resp).WithField("body", string(err.(remoteserrors.ErrUnexpectedStatus).Body)).Debug("unexpected response") + pr.CloseWithError(err) } respC <- resp }() diff --git a/vendor/github.com/containerd/containerd/remotes/errors/errors.go b/vendor/github.com/containerd/containerd/remotes/errors/errors.go new file mode 100644 index 00000000..e58e4afe --- /dev/null +++ b/vendor/github.com/containerd/containerd/remotes/errors/errors.go @@ -0,0 +1,46 @@ +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package errors + +import ( + "fmt" + "io" + "io/ioutil" + "net/http" +) + +var _ error = ErrUnexpectedStatus{} + +// ErrUnexpectedStatus is returned if a registry API request returned with unexpected HTTP status +type ErrUnexpectedStatus struct { + Status string + StatusCode int + Body []byte +} + +func (e ErrUnexpectedStatus) Error() string { + return fmt.Sprintf("unexpected status: %s", e.Status) +} + +// NewUnexpectedStatusErr creates an ErrUnexpectedStatus from HTTP response +func NewUnexpectedStatusErr(resp *http.Response) error { + var b []byte + if resp.Body != nil { + b, _ = ioutil.ReadAll(io.LimitReader(resp.Body, 64000)) // 64KB + } + return ErrUnexpectedStatus{Status: resp.Status, StatusCode: resp.StatusCode, Body: b} +} diff --git a/vendor/github.com/containerd/containerd/snapshots/native/native.go b/vendor/github.com/containerd/containerd/snapshots/native/native.go index 50d87577..ba3a40e1 100644 --- a/vendor/github.com/containerd/containerd/snapshots/native/native.go +++ b/vendor/github.com/containerd/containerd/snapshots/native/native.go @@ -24,8 +24,6 @@ import ( "github.com/containerd/containerd/log" "github.com/containerd/containerd/mount" - "github.com/containerd/containerd/platforms" - "github.com/containerd/containerd/plugin" "github.com/containerd/containerd/snapshots" "github.com/containerd/containerd/snapshots/storage" @@ -33,17 +31,6 @@ import ( "github.com/pkg/errors" ) -func init() { - plugin.Register(&plugin.Registration{ - Type: plugin.SnapshotPlugin, - ID: "native", - InitFn: func(ic *plugin.InitContext) (interface{}, error) { - ic.Meta.Platforms = append(ic.Meta.Platforms, platforms.DefaultSpec()) - return NewSnapshotter(ic.Root) - }, - }) -} - type snapshotter struct { root string ms *storage.MetaStore diff --git a/vendor/github.com/containerd/containerd/vendor.conf b/vendor/github.com/containerd/containerd/vendor.conf index ff7b4a32..ad72fb6d 100644 --- a/vendor/github.com/containerd/containerd/vendor.conf +++ b/vendor/github.com/containerd/containerd/vendor.conf @@ -58,7 +58,7 @@ gotest.tools/v3 v3.0.2 github.com/cilium/ebpf 1c8d4c9ef7759622653a1d319284a44652333b28 # cri dependencies -github.com/containerd/cri 56a89cda34644fedf0c99f96c888de5851e0e406 # master +github.com/containerd/cri 35e623e6bf7512e8c82b8ac6052cb1d720189f28 # master github.com/davecgh/go-spew v1.1.1 github.com/docker/docker 4634ce647cf2ce2c6031129ccd109e557244986f github.com/docker/spdystream 449fdfce4d962303d702fec724ef0ad181c92528 diff --git a/vendor/modules.txt b/vendor/modules.txt index 5166f67f..31002640 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -40,7 +40,7 @@ github.com/codahale/hdrhistogram github.com/containerd/cgroups/stats/v1 # github.com/containerd/console v1.0.0 github.com/containerd/console -# github.com/containerd/containerd v1.4.1-0.20200827124858-efa0e809135e +# github.com/containerd/containerd v1.4.1-0.20200903181227-d4e78200d6da github.com/containerd/containerd github.com/containerd/containerd/api/services/containers/v1 github.com/containerd/containerd/api/services/content/v1 @@ -94,6 +94,7 @@ github.com/containerd/containerd/remotes github.com/containerd/containerd/remotes/docker github.com/containerd/containerd/remotes/docker/auth github.com/containerd/containerd/remotes/docker/schema1 +github.com/containerd/containerd/remotes/errors github.com/containerd/containerd/rootfs github.com/containerd/containerd/runtime/linux/runctypes github.com/containerd/containerd/runtime/v2/runc/options