572a2b5718
entitlements: mount loop devices relative to next free device
...
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2020-01-30 13:47:44 -08:00
fc186a8b89
oci: mount whitelist of devices on insecure security mode
...
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2020-01-30 13:07:29 -08:00
3cd32c0c25
Merge pull request #1347 from TBBle/run_hack_util_with_bash
...
Remove bashism from shared shell script
2020-01-29 10:02:02 -08:00
6f4420b3c1
Merge pull request #1314 from TBBle/low_hanging_windows_fruit
...
Low-hanging Windows fruit
2020-01-29 10:01:23 -08:00
b9cf317850
Distinguish containerd failure from process exit code
...
Signed-off-by: Paul "TBBle" Hampson <Paul.Hampson@Pobox.com>
2020-01-30 00:39:11 +11:00
e11b881c12
Set sensible defaults for Windows installations
...
Non-packaged execution will need this to be overridden anyway, and it
avoids a surprise "Drop state data into the current working directory"
event.
Signed-off-by: Paul "TBBle" Hampson <Paul.Hampson@Pobox.com>
2020-01-30 00:34:44 +11:00
2bee17a65a
Don't always fail euid check on Windows
...
The check for running as a non-admin euid() doesn't work on Windows,
always returning -1.
For now, treat -1 as "Probably root", and let the failures happen later.
Signed-off-by: Paul "TBBle" Hampson <Paul.Hampson@Pobox.com>
2020-01-30 00:34:44 +11:00
e801cc8238
Recognise Runtime V2 containerd plugins
...
This makes this code successfully discover the Windows Runtime V2
(hcsshim-based) plugin now that the Windows Runtime V1 (runhcs-based)
plugin has been removed upstream.
Signed-off-by: Paul "TBBle" Hampson <Paul.Hampson@Pobox.com>
2020-01-30 00:34:44 +11:00
c67499de09
Create a new Error when there is no Error to wrap
...
Wrapping a `nil` error produces `nil`, which causes the calling code to
see success, and continue on with a default-created WorkerOpt, which
causes segfaults later.
Signed-off-by: Paul "TBBle" Hampson <Paul.Hampson@Pobox.com>
2020-01-30 00:34:44 +11:00
1036fafffa
Support npipe the same way we support Unix sockets
...
The same function used to support Unix sockets automatically supports
Named Pipes on Windows.
This makes the default configuration option for the daemon address work
correctly on Windows.
Signed-off-by: Paul "TBBle" Hampson <Paul.Hampson@Pobox.com>
2020-01-30 00:34:43 +11:00
539b08cd5d
Remove bashism from shared shell script
...
This file is consumed by both validate-vendor (inside an Alpine-based
Docker container where bash is not installed), and the other scripts.
Apart from validate-vendor, all the other scripts in hack/ use bash.
Fixes CI logging a complaint:
> ./hack/validate-vendor: 31: [: pull_request: unexpected operator
Signed-off-by: Paul "TBBle" Hampson <Paul.Hampson@Pobox.com>
2020-01-30 00:20:51 +11:00
3790395364
Merge pull request #1343 from AkihiroSuda/dockerfile-runc-rc10
...
Dockerfile: update dependencies (including runc rc10)
2020-01-28 14:40:29 -08:00
291a480723
Merge pull request #1341 from jingxiaolu/make_images
...
Makefile: specify DOCKER_BUILDKIT when make images
2020-01-27 21:58:52 -08:00
53db5b474c
Merge pull request #1344 from AkihiroSuda/kube-runasnonroot
...
Dockerfile: support Kubernetes runAsNonRoot
2020-01-27 21:56:50 -08:00
e6d003d27e
Makefile: specify DOCKER_BUILDKIT when make images
...
When `make images` with buildmode docker-buildkit,
DOCKER_BUILDKIT=1 should be added to environments.
Signed-off-by: Lu Jingxiao <lujingxiao@huawei.com>
2020-01-26 18:13:11 +08:00
dd13194761
Merge pull request #1345 from HowJMay/fix_typo
...
fix: Fix typo
2020-01-25 09:11:46 -08:00
b19698c4fc
fix: Fix typo
...
fix typo in code
Signed-off-by: HowJMay <vulxj0j8j8@gmail.com>
2020-01-25 15:53:07 +08:00
55009bee88
Dockerfile: support Kubernetes runAsNonRoot
...
Kubernetes runAsNonRoot requires `USER` in Dockerfile to be numeric:
https://github.com/kubernetes/kubernetes/blob/v1.18.0-alpha.2/pkg/kubelet/kuberuntime/security_context.go#L98
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2020-01-25 04:36:56 +09:00
b7e189d77d
Dockerfile: update dependencies (including runc rc10)
...
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2020-01-25 04:30:54 +09:00
490b277c91
Merge pull request #1286 from hinshun/llbstate-from-result
...
Allow previous solve results to be used in new solves
2020-01-23 16:41:55 -08:00
c83e8bf2a9
Add gateway apicap for CapReferenceOutput and move reference llb.Output to method ToOutput()
...
Signed-off-by: Edgar Lee <edgarl@netflix.com>
2020-01-23 11:36:30 -08:00
f937656b1a
Verify platform is stored in state directly in defop test
...
Signed-off-by: Edgar Lee <edgarl@netflix.com>
2020-01-23 11:02:40 -08:00
0a76749067
Add platform defop test, force renames in copy tests, and move forwarded solve test to dockerfile package
...
Signed-off-by: Edgar Lee <edgarl@netflix.com>
2020-01-23 11:02:40 -08:00
be7f1a36fa
Return def bytes instead of remarshalling definition from pb.Op
...
Signed-off-by: Edgar Lee <edgarl@netflix.com>
2020-01-23 11:02:40 -08:00
2edb431a0f
Allow previous solve results to be used in new solves
...
Signed-off-by: Edgar Lee <edgarl@netflix.com>
2020-01-23 11:02:40 -08:00
8a267827cd
Merge pull request #1316 from coryb/goroutine-leak
...
ensure context is cancelled to prevent goroutine leaks from grpc.newClientStream
2020-01-16 17:35:11 -08:00
aa4311b7fa
Merge pull request #1328 from tonistiigi/combinedcache-panic
...
solver: avoid panic on combined cache load
2020-01-15 12:30:45 +09:00
2949a7d442
Merge pull request #1324 from tonistiigi/onbuild-clear
...
dockerfile: clear onbuild rules after triggering
2020-01-15 12:30:14 +09:00
e7d97db9aa
Merge pull request #1329 from hinshun/fix/1327
...
Detect support for protobuf array ref on server on frontend return call
2020-01-15 12:24:56 +09:00
d81832cf6c
Detect support for protobuf array ref on server on frontend return call
...
Signed-off-by: Edgar Lee <edgarl@netflix.com>
2020-01-14 17:16:21 -08:00
7fc7f6dbf6
solver: avoid panic on combined cache load
...
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2020-01-14 11:19:18 -08:00
393f388ed3
dockerfile: clear onbuild rules after triggering
...
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2020-01-13 17:09:28 -08:00
34bda27311
Merge pull request #1323 from thaJeztah/bump_continuity
...
vendor: update containerd/continuity to 26c1120b8d4107d2471b93ad78ef7ce1fc84c4c4
2020-01-13 11:03:29 -08:00
d709f87c92
Merge pull request #1320 from lugeng/fix/legacy-medieType-octet-stream
...
fix baseimage with unknown application/octet-stream as config media type
2020-01-13 11:02:50 -08:00
e0ac63481a
vendor: update containerd/continuity to 26c1120b8d4107d2471b93ad78ef7ce1fc84c4c4
...
full diff: 75bee3e2cc...26c1120b8dcontainerd/continuity#109 Add OpenBSD support for fs subpackage
- containerd/continuity#144 Support Go Modules
- containerd/continuity#147 xattr lost when copying directory
- containerd/continuity#148 fs: don't convert syscall.Timespec to unix.Timespec directly (doesn't work with gccgo)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-01-13 13:46:10 +01:00
3a0bfbe1ca
fix legacy config media type application/octet-stream
...
Signed-off-by: genglu <genglu.gl@antfin.com>
2020-01-13 11:20:00 +08:00
3f0ce038e3
Merge pull request #1317 from thaJeztah/bump_fsutil
...
vendor: update fsutil 0f039a052ca1
2020-01-08 14:39:47 -08:00
6a06e8b2f3
vendor: update fsutil 0f039a052ca1
...
full diff: 3d2716dd0a...0f039a052ctonistiigi/fsutil#68 fix gocrypto commit
- tonistiigi/fsutil#69 receive: use filter on receive diff
- prevents incremental transfers with userns because the metadata
on disk is always different than the one being transferred.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2020-01-08 16:50:25 +01:00
463fc8d1b8
ensure context is cancelled to prevent goroutine leaks from grpc.newClientStream
...
Signed-off-by: Cory Bennett <cbennett@netflix.com>
2020-01-07 15:22:59 -08:00
f7cf4823f7
Merge pull request #1269 from hinshun/ref-array
...
Change result type to array of refs
2019-12-18 12:32:27 +09:00
359574093b
Add erroring on multi-result arrays
...
Signed-off-by: Edgar Lee <edgarl@netflix.com>
2019-12-16 14:12:30 -08:00
1dfd864d22
Merge pull request #1284 from jeffreyhuang23/issue-1200
...
Fixed issue #1200 (buildctl: add --tlsdir)
2019-12-13 14:15:29 +09:00
6e62650fac
Merge pull request #1285 from jeffreyhuang23/issue-1240
...
Fix issue #1240 (ignore non-existent local cache)
2019-12-13 14:11:55 +09:00
e7304e9a51
Merge pull request #1283 from jeffreyhuang23/issue-1230
...
Fix issue #1230 (add --oci-worker-binary)
2019-12-12 20:57:59 -08:00
88ec431ead
Merge pull request #1287 from fuweid/me-use-metadata_v2-for-debug
...
cmd/buildctl: dump metadata from metadata_v2.db
2019-12-12 20:56:57 -08:00
ca1a6c1e6a
cmd/buildctl: dump metadata from metadata_v2.db
...
Signed-off-by: Wei Fu <fuweid89@gmail.com>
2019-12-13 11:52:01 +08:00
783a723b22
Fixed issue #1200
...
Added a command-line flag (tlsdir) to buildctl that allowed for specifying a directory that contains a ca.pem, cert.pem, and key.pem. This command-line flag acts an alias of --tlscacert, --tlscert, and --tlskey. --tlsdir cannot be used at the same time as those flags, and will cause an error if done. The pkg/errors package has been added to cmd/buildctl/common/common.go to allow for the creation of this error message.
Signed-off-by: Jeffrey Huang <jeffreyhuang23@gmail.com>
2019-12-12 15:05:19 -06:00
7efcee49c5
Oci worker binary documentation and add missing constructor arg in runc_test
...
Signed-off-by: Nikhil Pandeti <nikhil.pandeti@utexas.edu>
2019-12-12 13:25:56 -06:00
f3dd3193b6
Only ignore errors if the src directory or index.json do not exist
...
Error out if wrong parameters were passed or no src set
Signed-off-by: Nikhil Pandeti <nikhil.pandeti@utexas.edu>
2019-12-12 13:06:14 -06:00
cb237bf24e
Gofmt and goimports config.go, add documentation
...
Signed-off-by: Nikhil Pandeti <nikhil.pandeti@utexas.edu>
2019-12-12 12:32:47 -06:00
Tonis Tiigi
Paul "TBBle" Hampson
l00397676
HowJMay
Akihiro Suda
Edgar Lee
Sebastiaan van Stijn
岁丰
Cory Bennett
Wei Fu
Jeffrey Huang
Nikhil Pandeti