diff --git a/Dockerfile.dapper b/Dockerfile.dapper index 2120d14ecc..3c404d8c66 100644 --- a/Dockerfile.dapper +++ b/Dockerfile.dapper @@ -1,4 +1,4 @@ -ARG GOLANG=golang:1.16.8-alpine3.13 +ARG GOLANG=golang:1.16.10-alpine3.13 FROM ${GOLANG} ARG http_proxy=$http_proxy diff --git a/Dockerfile.manifest b/Dockerfile.manifest index 7e6f67379a..343ed87101 100644 --- a/Dockerfile.manifest +++ b/Dockerfile.manifest @@ -1,4 +1,4 @@ -ARG GOLANG=golang:1.16.8-alpine3.13 +ARG GOLANG=golang:1.16.10-alpine3.13 FROM ${GOLANG} COPY --from=plugins/manifest:1.2.3 /bin/* /bin/ diff --git a/Dockerfile.test.dapper b/Dockerfile.test.dapper index cb0a539773..b6442dc983 100644 --- a/Dockerfile.test.dapper +++ b/Dockerfile.test.dapper @@ -1,9 +1,9 @@ -ARG GOLANG=golang:1.16.8-alpine3.13 +ARG GOLANG=golang:1.16.10-alpine3.13 FROM ${GOLANG} RUN apk -U --no-cache add bash git gcc musl-dev docker curl jq coreutils python3 openssl py3-pip -ENV SONOBUOY_VERSION 0.50.0 +ENV SONOBUOY_VERSION 0.55.0 RUN OS=linux; \ ARCH=$(go env GOARCH); \ diff --git a/Dockerfile.test.mod.dapper b/Dockerfile.test.mod.dapper index fdb6c237c7..0584e958d8 100644 --- a/Dockerfile.test.mod.dapper +++ b/Dockerfile.test.mod.dapper @@ -1,4 +1,4 @@ -ARG GOLANG=golang:1.16.8-alpine3.13 +ARG GOLANG=golang:1.16.10-alpine3.13 FROM ${GOLANG} RUN apk -U --no-cache add bash jq diff --git a/go.mod b/go.mod index aebd660816..1060071e6c 100644 --- a/go.mod +++ b/go.mod @@ -9,7 +9,7 @@ replace ( github.com/containerd/btrfs => github.com/containerd/btrfs v1.0.0 github.com/containerd/cgroups => github.com/containerd/cgroups v1.0.1 github.com/containerd/console => github.com/containerd/console v1.0.2 - github.com/containerd/containerd => github.com/k3s-io/containerd v1.5.7-k3s2 // k3s-release/1.5 + github.com/containerd/containerd => github.com/k3s-io/containerd v1.5.8-k3s1 // k3s-release/1.5 github.com/containerd/continuity => github.com/k3s-io/continuity v0.0.0-20210309170710-f93269e0d5c1 github.com/containerd/fifo => github.com/containerd/fifo v1.0.0 github.com/containerd/go-runc => github.com/containerd/go-runc v1.0.0 @@ -73,9 +73,9 @@ replace ( ) require ( - github.com/Microsoft/hcsshim v0.8.21 + github.com/Microsoft/hcsshim v0.8.23 github.com/containerd/cgroups v1.0.1 - github.com/containerd/containerd v1.5.7 + github.com/containerd/containerd v1.5.8 github.com/containerd/fuse-overlayfs-snapshotter v1.0.3 github.com/containerd/stargz-snapshotter v0.8.0 github.com/coreos/go-iptables v0.5.0 diff --git a/go.sum b/go.sum index 0073170596..d35244717f 100644 --- a/go.sum +++ b/go.sum @@ -556,8 +556,8 @@ github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfV github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM= github.com/jung-kurt/gofpdf v1.0.3-0.20190309125859-24315acbbda5/go.mod h1:7Id9E/uU8ce6rXgefFLlgrJj/GYY22cpxn+r32jIOes= -github.com/k3s-io/containerd v1.5.7-k3s2 h1:Nbx8V5pW+laFwWailSJSlL/hkeITu4eyP4aINHk/Llg= -github.com/k3s-io/containerd v1.5.7-k3s2/go.mod h1:hObOmrfY040ivCbFVvVnwQhAfGVTE/6DqD2WHFFmgX8= +github.com/k3s-io/containerd v1.5.8-k3s1 h1:1w0neoAPwO9Dounkdgi2GMCJc48iKcXgxu1vN0YUigQ= +github.com/k3s-io/containerd v1.5.8-k3s1/go.mod h1:DltFRoJAo5exp9diH/w/hyg8ZGej9AJ61qVi4ZQqShc= github.com/k3s-io/continuity v0.0.0-20210309170710-f93269e0d5c1 h1:KEz2rd9IDbrQT8w6RibEYlwfTXiu0P6hQDE+6O4IJdI= github.com/k3s-io/continuity v0.0.0-20210309170710-f93269e0d5c1/go.mod h1:EXlVlkqNba9rJe3j7w3Xa924itAMLgZH4UD/Q4PExuQ= github.com/k3s-io/cri-tools v1.21.0-k3s1 h1:MWQtAsx4HCNXenqU/B4V9eU6HMyafkd1PnW6d4HCfos= diff --git a/scripts/test-helpers b/scripts/test-helpers index 61010178f0..bd34a6d86b 100755 --- a/scripts/test-helpers +++ b/scripts/test-helpers @@ -240,7 +240,7 @@ sonobuoy-test() { local sonobuoyPID=$! local code=0 - time timeout --foreground 30m bash -c test-wait $sonobuoyPID || code=$? + time timeout --foreground 60m bash -c test-wait $sonobuoyPID || code=$? echo "Sonobuoy finished with code $code" retrieve-sonobuoy-logs return $code diff --git a/vendor/github.com/containerd/containerd/.mailmap b/vendor/github.com/containerd/containerd/.mailmap index 2464a60aa5..b6ce97230b 100644 --- a/vendor/github.com/containerd/containerd/.mailmap +++ b/vendor/github.com/containerd/containerd/.mailmap @@ -60,6 +60,7 @@ Justin Terry Justin Terry Kenfe-Mickaƫl Laventure Kevin Kern +Kevin Parsons Kevin Xu Kohei Tokunaga Krasi Georgiev diff --git a/vendor/github.com/containerd/containerd/Vagrantfile b/vendor/github.com/containerd/containerd/Vagrantfile index 6e12072f1c..7c5c072779 100644 --- a/vendor/github.com/containerd/containerd/Vagrantfile +++ b/vendor/github.com/containerd/containerd/Vagrantfile @@ -77,7 +77,7 @@ Vagrant.configure("2") do |config| config.vm.provision "install-golang", type: "shell", run: "once" do |sh| sh.upload_path = "/tmp/vagrant-install-golang" sh.env = { - 'GO_VERSION': ENV['GO_VERSION'] || "1.16.8", + 'GO_VERSION': ENV['GO_VERSION'] || "1.16.10", } sh.inline = <<~SHELL #!/usr/bin/env bash diff --git a/vendor/github.com/containerd/containerd/cmd/ctr/commands/run/run.go b/vendor/github.com/containerd/containerd/cmd/ctr/commands/run/run.go index 7e4c56f950..697e57910a 100644 --- a/vendor/github.com/containerd/containerd/cmd/ctr/commands/run/run.go +++ b/vendor/github.com/containerd/containerd/cmd/ctr/commands/run/run.go @@ -29,6 +29,7 @@ import ( "github.com/containerd/containerd/cmd/ctr/commands" "github.com/containerd/containerd/cmd/ctr/commands/tasks" "github.com/containerd/containerd/containers" + clabels "github.com/containerd/containerd/labels" "github.com/containerd/containerd/namespaces" "github.com/containerd/containerd/oci" gocni "github.com/containerd/go-cni" @@ -252,7 +253,13 @@ func fullID(ctx context.Context, c containerd.Container) string { func buildLabels(cmdLabels, imageLabels map[string]string) map[string]string { labels := make(map[string]string) for k, v := range imageLabels { - labels[k] = v + if err := clabels.Validate(k, v); err == nil { + labels[k] = v + } else { + // In case the image label is invalid, we output a warning and skip adding it to the + // container. + logrus.WithError(err).Warnf("unable to add image label with key %s to the container", k) + } } // labels from the command line will override image and the initial image config labels for k, v := range cmdLabels { diff --git a/vendor/github.com/containerd/containerd/go.mod b/vendor/github.com/containerd/containerd/go.mod index 7242be561f..727d59e95e 100644 --- a/vendor/github.com/containerd/containerd/go.mod +++ b/vendor/github.com/containerd/containerd/go.mod @@ -4,7 +4,7 @@ go 1.16 require ( github.com/Microsoft/go-winio v0.4.17 - github.com/Microsoft/hcsshim v0.8.21 + github.com/Microsoft/hcsshim v0.8.23 github.com/containerd/aufs v1.0.0 github.com/containerd/btrfs v1.0.0 github.com/containerd/cgroups v1.0.1 @@ -15,7 +15,7 @@ require ( github.com/containerd/go-runc v1.0.0 github.com/containerd/imgcrypt v1.1.1 github.com/containerd/nri v0.1.0 - github.com/containerd/ttrpc v1.0.2 + github.com/containerd/ttrpc v1.1.0 github.com/containerd/typeurl v1.0.2 github.com/containerd/zfs v1.0.0 github.com/containernetworking/plugins v0.9.1 @@ -45,6 +45,7 @@ require ( github.com/pelletier/go-toml v1.8.1 github.com/pkg/errors v0.9.1 github.com/prometheus/client_golang v1.11.0 + github.com/prometheus/procfs v0.6.0 // indirect; temporarily force v0.6.0, which was previously defined in imgcrypt as explicit version github.com/satori/go.uuid v1.2.0 // indirect github.com/sirupsen/logrus v1.8.1 github.com/stretchr/testify v1.7.0 diff --git a/vendor/github.com/containerd/containerd/go.sum b/vendor/github.com/containerd/containerd/go.sum index 90f16551ca..11a78422f8 100644 --- a/vendor/github.com/containerd/containerd/go.sum +++ b/vendor/github.com/containerd/containerd/go.sum @@ -41,8 +41,8 @@ github.com/Microsoft/go-winio v0.4.17 h1:iT12IBVClFevaf8PuVyi3UmZOVh4OqnaLxDTW2O github.com/Microsoft/go-winio v0.4.17/go.mod h1:JPGBdM1cNvN/6ISo+n8V5iA4v8pBzdOpzfwIujj1a84= github.com/Microsoft/hcsshim v0.8.6/go.mod h1:Op3hHsoHPAvb6lceZHDtd9OkTew38wNoXnJs8iY7rUg= github.com/Microsoft/hcsshim v0.8.16/go.mod h1:o5/SZqmR7x9JNKsW3pu+nqHm0MF8vbA+VxGOoXdC600= -github.com/Microsoft/hcsshim v0.8.21 h1:btRfUDThBE5IKcvI8O8jOiIkujUsAMBSRsYDYmEi6oM= -github.com/Microsoft/hcsshim v0.8.21/go.mod h1:+w2gRZ5ReXQhFOrvSQeNfhrYB/dg3oDwTOcER2fw4I4= +github.com/Microsoft/hcsshim v0.8.23 h1:47MSwtKGXet80aIn+7h4YI6fwPmwIghAnsx2aOUrG2M= +github.com/Microsoft/hcsshim v0.8.23/go.mod h1:4zegtUJth7lAvFyc6cH2gGQ5B3OFQim01nnU2M8jKDg= github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ= github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMomdKFjzJNB0c= github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= @@ -117,8 +117,9 @@ github.com/containerd/imgcrypt v1.1.1 h1:LBwiTfoUsdiEGAR1TpvxE+Gzt7469oVu87iR3mv github.com/containerd/imgcrypt v1.1.1/go.mod h1:xpLnwiQmEUJPvQoAapeb2SNCxz7Xr6PJrXQb0Dpc4ms= github.com/containerd/nri v0.1.0 h1:6QioHRlThlKh2RkRTR4kIT3PKAcrLo3gIWnjkM4dQmQ= github.com/containerd/nri v0.1.0/go.mod h1:lmxnXF6oMkbqs39FiCt1s0R2HSMhcLel9vNL3m4AaeY= -github.com/containerd/ttrpc v1.0.2 h1:2/O3oTZN36q2xRolk0a2WWGgh7/Vf/liElg5hFYLX9U= github.com/containerd/ttrpc v1.0.2/go.mod h1:UAxOpgT9ziI0gJrmKvgcZivgxOp8iFPSk8httJEt98Y= +github.com/containerd/ttrpc v1.1.0 h1:GbtyLRxb0gOLR0TYQWt3O6B0NvT8tMdorEHqIQo/lWI= +github.com/containerd/ttrpc v1.1.0/go.mod h1:XX4ZTnoOId4HklF4edwc4DcqskFZuvXB1Evzy5KFQpQ= github.com/containerd/typeurl v1.0.1/go.mod h1:TB1hUtrpaiO88KEK56ijojHS1+NeF0izUACaJW2mdXg= github.com/containerd/typeurl v1.0.2 h1:Chlt8zIieDbzQFzXzAeBEF92KhExuE4p9p92/QmY7aY= github.com/containerd/typeurl v1.0.2/go.mod h1:9trJWW2sRlGub4wZJRTW83VtbOLS6hwcDZXTn6oPz9s= @@ -830,6 +831,7 @@ google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlba google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0 h1:bxAC2xTBsZGibn2RTntX0oH50xLsqy1OxA9tTL3p/lk= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= +google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= gopkg.in/airbrake/gobrake.v2 v2.0.9/go.mod h1:/h5ZAUhDkGaJfjzjKLSjv6zCL6O0LLBxU4K+aSYdM/U= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= diff --git a/vendor/github.com/containerd/containerd/images/image.go b/vendor/github.com/containerd/containerd/images/image.go index 27384c16dd..2e5cd61c9a 100644 --- a/vendor/github.com/containerd/containerd/images/image.go +++ b/vendor/github.com/containerd/containerd/images/image.go @@ -19,6 +19,7 @@ package images import ( "context" "encoding/json" + "fmt" "sort" "time" @@ -154,6 +155,10 @@ func Manifest(ctx context.Context, provider content.Provider, image ocispec.Desc return nil, err } + if err := validateMediaType(p, desc.MediaType); err != nil { + return nil, errors.Wrapf(err, "manifest: invalid desc %s", desc.Digest) + } + var manifest ocispec.Manifest if err := json.Unmarshal(p, &manifest); err != nil { return nil, err @@ -194,6 +199,10 @@ func Manifest(ctx context.Context, provider content.Provider, image ocispec.Desc return nil, err } + if err := validateMediaType(p, desc.MediaType); err != nil { + return nil, errors.Wrapf(err, "manifest: invalid desc %s", desc.Digest) + } + var idx ocispec.Index if err := json.Unmarshal(p, &idx); err != nil { return nil, err @@ -336,6 +345,10 @@ func Children(ctx context.Context, provider content.Provider, desc ocispec.Descr return nil, err } + if err := validateMediaType(p, desc.MediaType); err != nil { + return nil, errors.Wrapf(err, "children: invalid desc %s", desc.Digest) + } + // TODO(stevvooe): We just assume oci manifest, for now. There may be // subtle differences from the docker version. var manifest ocispec.Manifest @@ -351,6 +364,10 @@ func Children(ctx context.Context, provider content.Provider, desc ocispec.Descr return nil, err } + if err := validateMediaType(p, desc.MediaType); err != nil { + return nil, errors.Wrapf(err, "children: invalid desc %s", desc.Digest) + } + var index ocispec.Index if err := json.Unmarshal(p, &index); err != nil { return nil, err @@ -368,6 +385,44 @@ func Children(ctx context.Context, provider content.Provider, desc ocispec.Descr return descs, nil } +// unknownDocument represents a manifest, manifest list, or index that has not +// yet been validated. +type unknownDocument struct { + MediaType string `json:"mediaType,omitempty"` + Config json.RawMessage `json:"config,omitempty"` + Layers json.RawMessage `json:"layers,omitempty"` + Manifests json.RawMessage `json:"manifests,omitempty"` + FSLayers json.RawMessage `json:"fsLayers,omitempty"` // schema 1 +} + +// validateMediaType returns an error if the byte slice is invalid JSON or if +// the media type identifies the blob as one format but it contains elements of +// another format. +func validateMediaType(b []byte, mt string) error { + var doc unknownDocument + if err := json.Unmarshal(b, &doc); err != nil { + return err + } + if len(doc.FSLayers) != 0 { + return fmt.Errorf("media-type: schema 1 not supported") + } + switch mt { + case MediaTypeDockerSchema2Manifest, ocispec.MediaTypeImageManifest: + if len(doc.Manifests) != 0 || + doc.MediaType == MediaTypeDockerSchema2ManifestList || + doc.MediaType == ocispec.MediaTypeImageIndex { + return fmt.Errorf("media-type: expected manifest but found index (%s)", mt) + } + case MediaTypeDockerSchema2ManifestList, ocispec.MediaTypeImageIndex: + if len(doc.Config) != 0 || len(doc.Layers) != 0 || + doc.MediaType == MediaTypeDockerSchema2Manifest || + doc.MediaType == ocispec.MediaTypeImageManifest { + return fmt.Errorf("media-type: expected index but found manifest (%s)", mt) + } + } + return nil +} + // RootFS returns the unpacked diffids that make up and images rootfs. // // These are used to verify that a set of layers unpacked to the expected diff --git a/vendor/github.com/containerd/containerd/pkg/cri/io/helpers_windows.go b/vendor/github.com/containerd/containerd/pkg/cri/io/helpers_windows.go index f64807edf2..dcc9fe6eb9 100644 --- a/vendor/github.com/containerd/containerd/pkg/cri/io/helpers_windows.go +++ b/vendor/github.com/containerd/containerd/pkg/cri/io/helpers_windows.go @@ -52,6 +52,10 @@ func openPipe(ctx context.Context, fn string, flag int, perm os.FileMode) (io.Re } p.con = c }() + go func() { + <-ctx.Done() + p.Close() + }() return p, nil } diff --git a/vendor/github.com/containerd/containerd/pkg/cri/opts/container.go b/vendor/github.com/containerd/containerd/pkg/cri/opts/container.go index 517d0c27d8..472104b048 100644 --- a/vendor/github.com/containerd/containerd/pkg/cri/opts/container.go +++ b/vendor/github.com/containerd/containerd/pkg/cri/opts/container.go @@ -115,5 +115,5 @@ func copyExistingContents(source, destination string) error { if len(dstList) != 0 { return errors.Errorf("volume at %q is not initially empty", destination) } - return fs.CopyDir(destination, source) + return fs.CopyDir(destination, source, fs.WithXAttrExclude("security.selinux")) } diff --git a/vendor/github.com/containerd/containerd/pkg/cri/server/helpers.go b/vendor/github.com/containerd/containerd/pkg/cri/server/helpers.go index 87a18b860c..8b400cb8fc 100644 --- a/vendor/github.com/containerd/containerd/pkg/cri/server/helpers.go +++ b/vendor/github.com/containerd/containerd/pkg/cri/server/helpers.go @@ -26,6 +26,7 @@ import ( runhcsoptions "github.com/Microsoft/hcsshim/cmd/containerd-shim-runhcs-v1/options" "github.com/containerd/containerd" "github.com/containerd/containerd/containers" + clabels "github.com/containerd/containerd/labels" "github.com/containerd/containerd/plugin" "github.com/containerd/containerd/reference/docker" "github.com/containerd/containerd/runtime/linux/runctypes" @@ -34,6 +35,7 @@ import ( imagedigest "github.com/opencontainers/go-digest" "github.com/pelletier/go-toml" "github.com/pkg/errors" + "github.com/sirupsen/logrus" "golang.org/x/net/context" runtime "k8s.io/cri-api/pkg/apis/runtime/v1alpha2" @@ -285,8 +287,15 @@ func filterLabel(k, v string) string { // buildLabel builds the labels from config to be passed to containerd func buildLabels(configLabels, imageConfigLabels map[string]string, containerType string) map[string]string { labels := make(map[string]string) + for k, v := range imageConfigLabels { - labels[k] = v + if err := clabels.Validate(k, v); err == nil { + labels[k] = v + } else { + // In case the image label is invalid, we output a warning and skip adding it to the + // container. + logrus.WithError(err).Warnf("unable to add image label with key %s to the container", k) + } } // labels from the CRI request (config) will override labels in the image config for k, v := range configLabels { diff --git a/vendor/github.com/containerd/containerd/remotes/docker/fetcher.go b/vendor/github.com/containerd/containerd/remotes/docker/fetcher.go index 5796fbf4a1..4b2c10e9a3 100644 --- a/vendor/github.com/containerd/containerd/remotes/docker/fetcher.go +++ b/vendor/github.com/containerd/containerd/remotes/docker/fetcher.go @@ -60,6 +60,10 @@ func (r dockerFetcher) Fetch(ctx context.Context, desc ocispec.Descriptor) (io.R log.G(ctx).WithError(err).Debug("failed to parse") continue } + if u.Scheme != "http" && u.Scheme != "https" { + log.G(ctx).Debug("non-http(s) alternative url is unsupported") + continue + } log.G(ctx).Debug("trying alternative url") // Try this first, parse it diff --git a/vendor/github.com/containerd/containerd/remotes/docker/httpreadseeker.go b/vendor/github.com/containerd/containerd/remotes/docker/httpreadseeker.go index 704eba4278..58c866bcde 100644 --- a/vendor/github.com/containerd/containerd/remotes/docker/httpreadseeker.go +++ b/vendor/github.com/containerd/containerd/remotes/docker/httpreadseeker.go @@ -26,12 +26,16 @@ import ( "github.com/pkg/errors" ) +const maxRetry = 3 + type httpReadSeeker struct { size int64 offset int64 rc io.ReadCloser open func(offset int64) (io.ReadCloser, error) closed bool + + errsWithNoProgress int } func newHTTPReadSeeker(size int64, open func(offset int64) (io.ReadCloser, error)) (io.ReadCloser, error) { @@ -53,6 +57,27 @@ func (hrs *httpReadSeeker) Read(p []byte) (n int, err error) { n, err = rd.Read(p) hrs.offset += int64(n) + if n > 0 || err == nil { + hrs.errsWithNoProgress = 0 + } + if err == io.ErrUnexpectedEOF { + // connection closed unexpectedly. try reconnecting. + if n == 0 { + hrs.errsWithNoProgress++ + if hrs.errsWithNoProgress > maxRetry { + return // too many retries for this offset with no progress + } + } + if hrs.rc != nil { + if clsErr := hrs.rc.Close(); clsErr != nil { + log.L.WithError(clsErr).Errorf("httpReadSeeker: failed to close ReadCloser") + } + hrs.rc = nil + } + if _, err2 := hrs.reader(); err2 == nil { + return n, nil + } + } return } diff --git a/vendor/github.com/containerd/containerd/remotes/docker/schema1/converter.go b/vendor/github.com/containerd/containerd/remotes/docker/schema1/converter.go index 8314c01d5a..f15a9acf3e 100644 --- a/vendor/github.com/containerd/containerd/remotes/docker/schema1/converter.go +++ b/vendor/github.com/containerd/containerd/remotes/docker/schema1/converter.go @@ -256,6 +256,9 @@ func (c *Converter) fetchManifest(ctx context.Context, desc ocispec.Descriptor) if err := json.Unmarshal(b, &m); err != nil { return err } + if len(m.Manifests) != 0 || len(m.Layers) != 0 { + return errors.New("converter: expected schema1 document but found extra keys") + } c.pulledManifest = &m return nil @@ -472,8 +475,10 @@ type history struct { } type manifest struct { - FSLayers []fsLayer `json:"fsLayers"` - History []history `json:"history"` + FSLayers []fsLayer `json:"fsLayers"` + History []history `json:"history"` + Layers json.RawMessage `json:"layers,omitempty"` // OCI manifest + Manifests json.RawMessage `json:"manifests,omitempty"` // OCI index } type v1History struct { diff --git a/vendor/github.com/containerd/containerd/task.go b/vendor/github.com/containerd/containerd/task.go index ab7f9f0a8c..4e23fb8616 100644 --- a/vendor/github.com/containerd/containerd/task.go +++ b/vendor/github.com/containerd/containerd/task.go @@ -315,6 +315,7 @@ func (t *task) Delete(ctx context.Context, opts ...ProcessDeleteOpts) (*ExitStat return nil, errors.Wrapf(errdefs.ErrFailedPrecondition, "task must be stopped before deletion: %s", status.Status) } if t.io != nil { + t.io.Close() t.io.Cancel() t.io.Wait() } diff --git a/vendor/github.com/containerd/containerd/version/version.go b/vendor/github.com/containerd/containerd/version/version.go index b0d1fd48cf..b8200307f3 100644 --- a/vendor/github.com/containerd/containerd/version/version.go +++ b/vendor/github.com/containerd/containerd/version/version.go @@ -23,7 +23,7 @@ var ( Package = "github.com/containerd/containerd" // Version holds the complete version number. Filled in at linking time. - Version = "1.5.7+unknown" + Version = "1.5.8+unknown" // Revision is filled with the VCS (e.g. git) revision being used to build // the program at linking time. diff --git a/vendor/modules.txt b/vendor/modules.txt index 910effa1ff..bb19dbd113 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -48,7 +48,7 @@ github.com/Microsoft/go-winio/pkg/etwlogrus github.com/Microsoft/go-winio/pkg/guid github.com/Microsoft/go-winio/pkg/security github.com/Microsoft/go-winio/vhd -# github.com/Microsoft/hcsshim v0.8.21 => github.com/Microsoft/hcsshim v0.8.20 +# github.com/Microsoft/hcsshim v0.8.23 => github.com/Microsoft/hcsshim v0.8.20 ## explicit github.com/Microsoft/hcsshim github.com/Microsoft/hcsshim/cmd/containerd-shim-runhcs-v1/options @@ -184,7 +184,7 @@ github.com/containerd/cgroups/v2 github.com/containerd/cgroups/v2/stats # github.com/containerd/console v1.0.3 => github.com/containerd/console v1.0.2 github.com/containerd/console -# github.com/containerd/containerd v1.5.7 => github.com/k3s-io/containerd v1.5.7-k3s2 +# github.com/containerd/containerd v1.5.8 => github.com/k3s-io/containerd v1.5.8-k3s1 ## explicit github.com/containerd/containerd github.com/containerd/containerd/api/events @@ -409,7 +409,7 @@ github.com/containerd/stargz-snapshotter/util/namedmutex github.com/containerd/stargz-snapshotter/estargz github.com/containerd/stargz-snapshotter/estargz/errorutil github.com/containerd/stargz-snapshotter/estargz/zstdchunked -# github.com/containerd/ttrpc v1.0.2 => github.com/containerd/ttrpc v1.0.2 +# github.com/containerd/ttrpc v1.1.0 => github.com/containerd/ttrpc v1.0.2 github.com/containerd/ttrpc # github.com/containerd/typeurl v1.0.2 => github.com/containerd/typeurl v1.0.2 github.com/containerd/typeurl @@ -3393,7 +3393,7 @@ sigs.k8s.io/yaml # github.com/containerd/btrfs => github.com/containerd/btrfs v1.0.0 # github.com/containerd/cgroups => github.com/containerd/cgroups v1.0.1 # github.com/containerd/console => github.com/containerd/console v1.0.2 -# github.com/containerd/containerd => github.com/k3s-io/containerd v1.5.7-k3s2 +# github.com/containerd/containerd => github.com/k3s-io/containerd v1.5.8-k3s1 # github.com/containerd/continuity => github.com/k3s-io/continuity v0.0.0-20210309170710-f93269e0d5c1 # github.com/containerd/fifo => github.com/containerd/fifo v1.0.0 # github.com/containerd/go-runc => github.com/containerd/go-runc v1.0.0