starlingx/integ
Code Issues Proposed changes
52c051e134
integ/kubernetes/containerd/debian/patches/0001-revert-to-v1.4.11.patch
Kaustubh Dhokte 7c9aac5b8f Debian: containerd upversion to 1.4.11 
To align with k8s 1.21.8 to 1.23.1,
Upgrade containerd from 1.4.6 to 1.4.11

Note:
The change pulls containerd v1.4.12 debian source package
from debian salsa. The patch 0001-revert-to-v1.4.11.patch
reverts commits between version v1.4.11 and v1.4.12.
Note that the patch has no conflicts with any of the
other patches in debian source package. So it is safe
to apply it after they get applied.
Also, it is not a strict requirement to use 1.4.11
over 1.4.12. This is just to keep in-sync with the CentOS version
of StarlingX.

Test Plan:
containerd package builds successfully
All packages build successfully
Image builds successfully

Story: 2009845
Task: 44456

Signed-off-by: Kaustubh Dhokte <kaustubh.dhokte@windriver.com>
Change-Id: I25a15a8cac1b324411b74b9f772978270d48a664
2022-04-02 00:36:17 +00:00

591 lines
19 KiB
Diff
Raw Blame History

From 2c7e958673c945279f8e30d1ad162c460b9c0926 Mon Sep 17 00:00:00 2001
From: Kaustubh Dhokte <kaustubh.dhokte@windriver.com>
Date: Thu, 24 Mar 2022 14:52:27 -0400
Subject: [PATCH] revert to v1.4.11
Signed-off-by: Kaustubh Dhokte <kaustubh.dhokte@windriver.com>
---
.github/workflows/ci.yml | 12 +-
.github/workflows/nightly.yml | 4 +-
.github/workflows/release.yml | 2 +-
.travis.yml | 2 +-
.zuul/playbooks/containerd-build/run.yaml | 2 +-
Vagrantfile | 2 +-
contrib/Dockerfile.test | 2 +-
images/image.go | 55 --------
images/image_test.go | 150 ----------------------
releases/v1.4.12.toml | 23 ----
remotes/docker/fetcher.go | 4 -
remotes/docker/resolver.go | 35 ++---
remotes/docker/schema1/converter.go | 9 +-
version/version.go | 2 +-
14 files changed, 28 insertions(+), 276 deletions(-)
delete mode 100644 images/image_test.go
delete mode 100644 releases/v1.4.12.toml
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 8f7a3a7a6..4ee47e5d1 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -26,7 +26,7 @@ jobs:
- name: Install Go
uses: actions/setup-go@v2
with:
- go-version: '1.16.10'
+ go-version: '1.16.8'
- name: Set env
shell: bash
@@ -82,7 +82,7 @@ jobs:
steps:
- uses: actions/setup-go@v2
with:
- go-version: '1.16.10'
+ go-version: '1.16.8'
- name: Set env
shell: bash
@@ -128,7 +128,7 @@ jobs:
steps:
- uses: actions/setup-go@v2
with:
- go-version: '1.16.10'
+ go-version: '1.16.8'
- name: Set env
shell: bash
@@ -166,7 +166,7 @@ jobs:
steps:
- uses: actions/setup-go@v2
with:
- go-version: '1.16.10'
+ go-version: '1.16.8'
- name: Set env
shell: bash
@@ -199,7 +199,7 @@ jobs:
steps:
- uses: actions/setup-go@v2
with:
- go-version: '1.16.10'
+ go-version: '1.16.8'
- name: Set env
shell: bash
@@ -285,7 +285,7 @@ jobs:
steps:
- uses: actions/setup-go@v2
with:
- go-version: '1.16.10'
+ go-version: '1.16.8'
- name: Set env
shell: bash
diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml
index b050bbf18..1cb92a34b 100644
--- a/.github/workflows/nightly.yml
+++ b/.github/workflows/nightly.yml
@@ -14,7 +14,7 @@ jobs:
steps:
- uses: actions/setup-go@v2
with:
- go-version: '1.16.10'
+ go-version: '1.16.8'
- name: Checkout
uses: actions/checkout@v1
@@ -138,7 +138,7 @@ jobs:
steps:
- uses: actions/setup-go@v2
with:
- go-version: '1.16.10'
+ go-version: '1.16.8'
- name: Checkout
uses: actions/checkout@v1
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index d9e5a3eab..ec9971a4a 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -62,7 +62,7 @@ jobs:
- name: Install Go
uses: actions/setup-go@v2
with:
- go-version: '1.16.10'
+ go-version: '1.16.8'
- name: Set env
shell: bash
diff --git a/.travis.yml b/.travis.yml
index 8314c796b..1726cf6d5 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -15,7 +15,7 @@ os:
- linux
go:
- - "1.16.10"
+ - "1.16.8"
env:
- TRAVIS_GOOS=linux TEST_RUNTIME=io.containerd.runc.v1 TRAVIS_CGO_ENABLED=1 TRAVIS_DISTRO=bionic GOPROXY=direct
diff --git a/.zuul/playbooks/containerd-build/run.yaml b/.zuul/playbooks/containerd-build/run.yaml
index c3ebc7eae..815b4ec62 100644
--- a/.zuul/playbooks/containerd-build/run.yaml
+++ b/.zuul/playbooks/containerd-build/run.yaml
@@ -2,7 +2,7 @@
become: yes
roles:
- role: config-golang
- go_version: '1.16.10'
+ go_version: '1.16.8'
arch: arm64
tasks:
- name: Build containerd
diff --git a/Vagrantfile b/Vagrantfile
index b31dfaa34..d1f30c559 100644
--- a/Vagrantfile
+++ b/Vagrantfile
@@ -77,7 +77,7 @@ Vagrant.configure("2") do |config|
config.vm.provision "install-golang", type: "shell", run: "once" do |sh|
sh.upload_path = "/tmp/vagrant-install-golang"
sh.env = {
- 'GO_VERSION': ENV['GO_VERSION'] || "1.16.10",
+ 'GO_VERSION': ENV['GO_VERSION'] || "1.16.8",
}
sh.inline = <<~SHELL
#!/usr/bin/env bash
diff --git a/contrib/Dockerfile.test b/contrib/Dockerfile.test
index 020008ceb..875c457f0 100644
--- a/contrib/Dockerfile.test
+++ b/contrib/Dockerfile.test
@@ -10,7 +10,7 @@
#
# docker build -t containerd-test --build-arg RUNC_VERSION=v1.0.0-rc93 -f Dockerfile.test ../
-ARG GOLANG_VERSION=1.16.10
+ARG GOLANG_VERSION=1.16.8
FROM golang:${GOLANG_VERSION} AS golang-base
RUN mkdir -p /go/src/github.com/containerd/containerd
diff --git a/images/image.go b/images/image.go
index 2e42ca09a..1868ee88d 100644
--- a/images/image.go
+++ b/images/image.go
@@ -19,7 +19,6 @@ package images
import (
"context"
"encoding/json"
- "fmt"
"sort"
"time"
@@ -155,10 +154,6 @@ func Manifest(ctx context.Context, provider content.Provider, image ocispec.Desc
return nil, err
}
- if err := validateMediaType(p, desc.MediaType); err != nil {
- return nil, errors.Wrapf(err, "manifest: invalid desc %s", desc.Digest)
- }
-
var manifest ocispec.Manifest
if err := json.Unmarshal(p, &manifest); err != nil {
return nil, err
@@ -199,10 +194,6 @@ func Manifest(ctx context.Context, provider content.Provider, image ocispec.Desc
return nil, err
}
- if err := validateMediaType(p, desc.MediaType); err != nil {
- return nil, errors.Wrapf(err, "manifest: invalid desc %s", desc.Digest)
- }
-
var idx ocispec.Index
if err := json.Unmarshal(p, &idx); err != nil {
return nil, err
@@ -345,10 +336,6 @@ func Children(ctx context.Context, provider content.Provider, desc ocispec.Descr
return nil, err
}
- if err := validateMediaType(p, desc.MediaType); err != nil {
- return nil, errors.Wrapf(err, "children: invalid desc %s", desc.Digest)
- }
-
// TODO(stevvooe): We just assume oci manifest, for now. There may be
// subtle differences from the docker version.
var manifest ocispec.Manifest
@@ -364,10 +351,6 @@ func Children(ctx context.Context, provider content.Provider, desc ocispec.Descr
return nil, err
}
- if err := validateMediaType(p, desc.MediaType); err != nil {
- return nil, errors.Wrapf(err, "children: invalid desc %s", desc.Digest)
- }
-
var index ocispec.Index
if err := json.Unmarshal(p, &index); err != nil {
return nil, err
@@ -385,44 +368,6 @@ func Children(ctx context.Context, provider content.Provider, desc ocispec.Descr
return descs, nil
}
-// unknownDocument represents a manifest, manifest list, or index that has not
-// yet been validated.
-type unknownDocument struct {
- MediaType string `json:"mediaType,omitempty"`
- Config json.RawMessage `json:"config,omitempty"`
- Layers json.RawMessage `json:"layers,omitempty"`
- Manifests json.RawMessage `json:"manifests,omitempty"`
- FSLayers json.RawMessage `json:"fsLayers,omitempty"` // schema 1
-}
-
-// validateMediaType returns an error if the byte slice is invalid JSON or if
-// the media type identifies the blob as one format but it contains elements of
-// another format.
-func validateMediaType(b []byte, mt string) error {
- var doc unknownDocument
- if err := json.Unmarshal(b, &doc); err != nil {
- return err
- }
- if len(doc.FSLayers) != 0 {
- return fmt.Errorf("media-type: schema 1 not supported")
- }
- switch mt {
- case MediaTypeDockerSchema2Manifest, ocispec.MediaTypeImageManifest:
- if len(doc.Manifests) != 0 ||
- doc.MediaType == MediaTypeDockerSchema2ManifestList ||
- doc.MediaType == ocispec.MediaTypeImageIndex {
- return fmt.Errorf("media-type: expected manifest but found index (%s)", mt)
- }
- case MediaTypeDockerSchema2ManifestList, ocispec.MediaTypeImageIndex:
- if len(doc.Config) != 0 || len(doc.Layers) != 0 ||
- doc.MediaType == MediaTypeDockerSchema2Manifest ||
- doc.MediaType == ocispec.MediaTypeImageManifest {
- return fmt.Errorf("media-type: expected index but found manifest (%s)", mt)
- }
- }
- return nil
-}
-
// RootFS returns the unpacked diffids that make up and images rootfs.
//
// These are used to verify that a set of layers unpacked to the expected
diff --git a/images/image_test.go b/images/image_test.go
deleted file mode 100644
index 3e88e5076..000000000
--- a/images/image_test.go
+++ /dev/null
@@ -1,150 +0,0 @@
-/*
- Copyright The containerd Authors.
-
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
-*/
-
-package images
-
-import (
- "encoding/json"
- "testing"
-
- ocispec "github.com/opencontainers/image-spec/specs-go/v1"
-)
-
-func TestValidateMediaType(t *testing.T) {
- docTests := []struct {
- mt string
- index bool
- }{
- {MediaTypeDockerSchema2Manifest, false},
- {ocispec.MediaTypeImageManifest, false},
- {MediaTypeDockerSchema2ManifestList, true},
- {ocispec.MediaTypeImageIndex, true},
- }
- for _, tc := range docTests {
- t.Run("manifest-"+tc.mt, func(t *testing.T) {
- manifest := ocispec.Manifest{
- Config: ocispec.Descriptor{Size: 1},
- Layers: []ocispec.Descriptor{{Size: 2}},
- }
- b, err := json.Marshal(manifest)
- if err != nil {
- t.Fatal("failed to marshal manifest", err)
- }
-
- err = validateMediaType(b, tc.mt)
- if tc.index {
- if err == nil {
- t.Error("manifest should not be a valid index")
- }
- } else {
- if err != nil {
- t.Error("manifest should be valid")
- }
- }
- })
- t.Run("index-"+tc.mt, func(t *testing.T) {
- index := ocispec.Index{
- Manifests: []ocispec.Descriptor{{Size: 1}},
- }
- b, err := json.Marshal(index)
- if err != nil {
- t.Fatal("failed to marshal index", err)
- }
-
- err = validateMediaType(b, tc.mt)
- if tc.index {
- if err != nil {
- t.Error("index should be valid")
- }
- } else {
- if err == nil {
- t.Error("index should not be a valid manifest")
- }
- }
- })
- }
-
- mtTests := []struct {
- mt string
- valid []string
- invalid []string
- }{{
- MediaTypeDockerSchema2Manifest,
- []string{MediaTypeDockerSchema2Manifest, ocispec.MediaTypeImageManifest},
- []string{MediaTypeDockerSchema2ManifestList, ocispec.MediaTypeImageIndex},
- }, {
- ocispec.MediaTypeImageManifest,
- []string{MediaTypeDockerSchema2Manifest, ocispec.MediaTypeImageManifest},
- []string{MediaTypeDockerSchema2ManifestList, ocispec.MediaTypeImageIndex},
- }, {
- MediaTypeDockerSchema2ManifestList,
- []string{MediaTypeDockerSchema2ManifestList, ocispec.MediaTypeImageIndex},
- []string{MediaTypeDockerSchema2Manifest, ocispec.MediaTypeImageManifest},
- }, {
- ocispec.MediaTypeImageIndex,
- []string{MediaTypeDockerSchema2ManifestList, ocispec.MediaTypeImageIndex},
- []string{MediaTypeDockerSchema2Manifest, ocispec.MediaTypeImageManifest},
- }}
- for _, tc := range mtTests {
- for _, v := range tc.valid {
- t.Run("valid-"+tc.mt+"-"+v, func(t *testing.T) {
- doc := struct {
- MediaType string `json:"mediaType"`
- }{MediaType: v}
- b, err := json.Marshal(doc)
- if err != nil {
- t.Fatal("failed to marshal document", err)
- }
-
- err = validateMediaType(b, tc.mt)
- if err != nil {
- t.Error("document should be valid", err)
- }
- })
- }
- for _, iv := range tc.invalid {
- t.Run("invalid-"+tc.mt+"-"+iv, func(t *testing.T) {
- doc := struct {
- MediaType string `json:"mediaType"`
- }{MediaType: iv}
- b, err := json.Marshal(doc)
- if err != nil {
- t.Fatal("failed to marshal document", err)
- }
-
- err = validateMediaType(b, tc.mt)
- if err == nil {
- t.Error("document should not be valid")
- }
- })
- }
- }
- t.Run("schema1", func(t *testing.T) {
- doc := struct {
- FSLayers []string `json:"fsLayers"`
- }{FSLayers: []string{"1"}}
- b, err := json.Marshal(doc)
- if err != nil {
- t.Fatal("failed to marshal document", err)
- }
-
- err = validateMediaType(b, "")
- if err == nil {
- t.Error("document should not be valid")
- }
-
- })
-}
diff --git a/releases/v1.4.12.toml b/releases/v1.4.12.toml
deleted file mode 100644
index 072d6959a..000000000
--- a/releases/v1.4.12.toml
+++ /dev/null
@@ -1,23 +0,0 @@
-# commit to be tagged for new release
-commit = "HEAD"
-
-project_name = "containerd"
-github_repo = "containerd/containerd"
-match_deps = "^github.com/(containerd/[a-zA-Z0-9-]+)$"
-
-# previous release
-previous = "v1.4.11"
-
-pre_release = false
-
-preface = """\
-The twelfth patch release for containerd 1.4 contains a few minor bug fixes
-and an update to mitigate [CVE-2021-41190](https://github.com/opencontainers/distribution-spec/security/advisories/GHSA-mc8v-mgrf-8f4m).
-
-### Notable Updates
-
-* **Handle ambiguous OCI manifest parsing** ([GHSA-5j5w-g665-5m35](https://github.com/containerd/containerd/security/advisories/GHSA-5j5w-g665-5m35))
-* **Update pull to try next mirror for non-404 errors** ([#5275](https://github.com/containerd/containerd/pull/5275))
-* **Update pull to handle of non-https urls in descriptors** ([#6221](https://github.com/containerd/containerd/pull/6221))
-
-See the changelog for complete list of changes"""
diff --git a/remotes/docker/fetcher.go b/remotes/docker/fetcher.go
index 4b2c10e9a..5796fbf4a 100644
--- a/remotes/docker/fetcher.go
+++ b/remotes/docker/fetcher.go
@@ -60,10 +60,6 @@ func (r dockerFetcher) Fetch(ctx context.Context, desc ocispec.Descriptor) (io.R
log.G(ctx).WithError(err).Debug("failed to parse")
continue
}
- if u.Scheme != "http" && u.Scheme != "https" {
- log.G(ctx).Debug("non-http(s) alternative url is unsupported")
- continue
- }
log.G(ctx).Debug("trying alternative url")
// Try this first, parse it
diff --git a/remotes/docker/resolver.go b/remotes/docker/resolver.go
index d6ccd7072..06b08dee8 100644
--- a/remotes/docker/resolver.go
+++ b/remotes/docker/resolver.go
@@ -229,10 +229,10 @@ func (r *dockerResolver) Resolve(ctx context.Context, ref string) (string, ocisp
}
var (
- firstErr error
- paths [][]string
- dgst = refspec.Digest()
- caps = HostCapabilityPull
+ lastErr error
+ paths [][]string
+ dgst = refspec.Digest()
+ caps = HostCapabilityPull
)
if dgst != "" {
@@ -283,8 +283,8 @@ func (r *dockerResolver) Resolve(ctx context.Context, ref string) (string, ocisp
err = errors.Wrapf(err, "pull access denied, repository does not exist or may require authorization")
}
// Store the error for referencing later
- if firstErr == nil {
- firstErr = err
+ if lastErr == nil {
+ lastErr = err
}
continue // try another host
}
@@ -294,14 +294,7 @@ func (r *dockerResolver) Resolve(ctx context.Context, ref string) (string, ocisp
if resp.StatusCode == http.StatusNotFound {
continue
}
- if resp.StatusCode > 399 {
- // Set firstErr when encountering the first non-404 status code.
- if firstErr == nil {
- firstErr = errors.Errorf("pulling from host %s failed with status code %v: %v", host.Host, u, resp.Status)
- }
- continue // try another host
- }
- return "", ocispec.Descriptor{}, errors.Errorf("pulling from host %s failed with unexpected status code %v: %v", host.Host, u, resp.Status)
+ return "", ocispec.Descriptor{}, errors.Errorf("unexpected status code %v: %v", u, resp.Status)
}
size := resp.ContentLength
contentType := getManifestMediaType(resp)
@@ -364,8 +357,8 @@ func (r *dockerResolver) Resolve(ctx context.Context, ref string) (string, ocisp
}
// Prevent resolving to excessively large manifests
if size > MaxManifestSize {
- if firstErr == nil {
- firstErr = errors.Wrapf(errdefs.ErrNotFound, "rejecting %d byte manifest for %s", size, ref)
+ if lastErr == nil {
+ lastErr = errors.Wrapf(errdefs.ErrNotFound, "rejecting %d byte manifest for %s", size, ref)
}
continue
}
@@ -381,15 +374,11 @@ func (r *dockerResolver) Resolve(ctx context.Context, ref string) (string, ocisp
}
}
- // If above loop terminates without return, then there was an error.
- // "firstErr" contains the first non-404 error. That is, "firstErr == nil"
- // means that either no registries were given or each registry returned 404.
-
- if firstErr == nil {
- firstErr = errors.Wrap(errdefs.ErrNotFound, ref)
+ if lastErr == nil {
+ lastErr = errors.Wrap(errdefs.ErrNotFound, ref)
}
- return "", ocispec.Descriptor{}, firstErr
+ return "", ocispec.Descriptor{}, lastErr
}
func (r *dockerResolver) Fetcher(ctx context.Context, ref string) (remotes.Fetcher, error) {
diff --git a/remotes/docker/schema1/converter.go b/remotes/docker/schema1/converter.go
index f15a9acf3..8314c01d5 100644
--- a/remotes/docker/schema1/converter.go
+++ b/remotes/docker/schema1/converter.go
@@ -256,9 +256,6 @@ func (c *Converter) fetchManifest(ctx context.Context, desc ocispec.Descriptor)
if err := json.Unmarshal(b, &m); err != nil {
return err
}
- if len(m.Manifests) != 0 || len(m.Layers) != 0 {
- return errors.New("converter: expected schema1 document but found extra keys")
- }
c.pulledManifest = &m
return nil
@@ -475,10 +472,8 @@ type history struct {
}
type manifest struct {
- FSLayers []fsLayer `json:"fsLayers"`
- History []history `json:"history"`
- Layers json.RawMessage `json:"layers,omitempty"` // OCI manifest
- Manifests json.RawMessage `json:"manifests,omitempty"` // OCI index
+ FSLayers []fsLayer `json:"fsLayers"`
+ History []history `json:"history"`
}
type v1History struct {
diff --git a/version/version.go b/version/version.go
index dab4a1656..77f581f7c 100644
--- a/version/version.go
+++ b/version/version.go
@@ -23,7 +23,7 @@ var (
Package = "github.com/containerd/containerd"
// Version holds the complete version number. Filled in at linking time.
- Version = "1.4.12+unknown"
+ Version = "1.4.11+unknown"
// Revision is filled with the VCS (e.g. git) revision being used to build
// the program at linking time.
--
2.25.1
View Git Blame Copy Permalink