[pull] main from containerd:main #56
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…olangci/golangci-lint-action-9.0.0 build(deps): bump golangci/golangci-lint-action from 8.0.0 to 9.0.0
…b.com/containerd/imgcrypt/v2-2.0.2 build(deps): bump github.com/containerd/imgcrypt/v2 from 2.0.1 to 2.0.2
Bumps [actions/checkout](https://github.com/actions/checkout) from 5.0.0 to 5.0.1. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@08c6903...93cb6ef) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 5.0.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.31.2 to 4.31.3. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@0499de3...014f16e) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.31.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.76.0 to 1.77.0. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](grpc/grpc-go@v1.76.0...v1.77.0) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-version: 1.77.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Samuel Karp <samuelkarp@google.com>
This reverts commit 4bf1705. This caused issues for downstream clients who were wrapping the type contingent on it implementing io.ReaderAt. Consequently this is causing headaches due to increased round trips with the remote. Meanwhile I only added this as a convenience for implementing content.Provider in the remote which can done even without the original change, just... less conveniently. In hindsight, this was just a bad change as it has a rather wide impact and the actual implementation isn't an optimized ReaderAt. Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Use the Linux default rather than the block size from the local macOS system. The local macOS block size is not relevant as the erofs file will not be mounted directly on macOS. Signed-off-by: Derek McGowan <derek@mcg.dev>
Signed-off-by: Samuel Karp <samuelkarp@google.com>
Non-Linux hosts are not expected to be able to directly mount erofs snapshotters on the host system. Non-Linux hosts should use block mode by default with a reasonably set default block size. Signed-off-by: Derek McGowan <derek@mcg.dev>
Use the erofs differ by default on darwin. This could be default for all Unix platforms but limit the default changes to fix broken cases for backports. Signed-off-by: Derek McGowan <derek@mcg.dev>
Fix the default unpack configuration on darwin to a usable configuration. Signed-off-by: Derek McGowan <derek@mcg.dev>
Match the defaults set by the transfer service which will configure linux by default on darwin hosts. Signed-off-by: Derek McGowan <derek@mcg.dev>
Fix image defaults on Darwin to usable configuration
ctr: allow rlimit-nofile override
ctr run: dump OCI config to a file
Revert "Implement io.ReaderAt on docker fetch reader"
…ithub/codeql-action-4.31.3 build(deps): bump github/codeql-action from 4.31.2 to 4.31.3
…e.golang.org/grpc-1.77.0 build(deps): bump google.golang.org/grpc from 1.76.0 to 1.77.0
Bumps the k8s group with 3 updates: [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery), [k8s.io/client-go](https://github.com/kubernetes/client-go) and [k8s.io/cri-api](https://github.com/kubernetes/cri-api). Updates `k8s.io/apimachinery` from 0.34.1 to 0.34.2 - [Commits](kubernetes/apimachinery@v0.34.1...v0.34.2) Updates `k8s.io/client-go` from 0.34.1 to 0.34.2 - [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md) - [Commits](kubernetes/client-go@v0.34.1...v0.34.2) Updates `k8s.io/cri-api` from 0.34.1 to 0.34.2 - [Commits](kubernetes/cri-api@v0.34.1...v0.34.2) --- updated-dependencies: - dependency-name: k8s.io/apimachinery dependency-version: 0.34.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: k8s - dependency-name: k8s.io/client-go dependency-version: 0.34.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: k8s - dependency-name: k8s.io/cri-api dependency-version: 0.34.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: k8s ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps the golang-x group with 3 updates in the / directory: [golang.org/x/mod](https://github.com/golang/mod), [golang.org/x/sync](https://github.com/golang/sync) and [golang.org/x/sys](https://github.com/golang/sys). Updates `golang.org/x/mod` from 0.29.0 to 0.30.0 - [Commits](golang/mod@v0.29.0...v0.30.0) Updates `golang.org/x/sync` from 0.17.0 to 0.18.0 - [Commits](golang/sync@v0.17.0...v0.18.0) Updates `golang.org/x/sys` from 0.37.0 to 0.38.0 - [Commits](golang/sys@v0.37.0...v0.38.0) --- updated-dependencies: - dependency-name: golang.org/x/mod dependency-version: 0.30.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: golang-x - dependency-name: golang.org/x/sync dependency-version: 0.18.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: golang-x - dependency-name: golang.org/x/sys dependency-version: 0.38.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: golang-x ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [softprops/action-gh-release](https://github.com/softprops/action-gh-release) from 2.4.1 to 2.4.2. - [Release notes](https://github.com/softprops/action-gh-release/releases) - [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md) - [Commits](softprops/action-gh-release@6da8fa9...5be0e66) --- updated-dependencies: - dependency-name: softprops/action-gh-release dependency-version: 2.4.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
…ctions/checkout-5.0.1 build(deps): bump actions/checkout from 5.0.0 to 5.0.1
mkfs.ext4 supports creating filesystems from regular files. Signed-off-by: Gao Xiang <hsiangkao@linux.alibaba.com>
Bumps [github.com/containerd/cgroups/v3](https://github.com/containerd/cgroups) from 3.1.0 to 3.1.1. - [Release notes](https://github.com/containerd/cgroups/releases) - [Commits](containerd/cgroups@v3.1.0...v3.1.1) --- updated-dependencies: - dependency-name: github.com/containerd/cgroups/v3 dependency-version: 3.1.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
Signed-off-by: Andrey Noskov <andreyn@microsoft.com>
…b.com/containerd/cgroups/v3-3.1.1 build(deps): bump github.com/containerd/cgroups/v3 from 3.1.0 to 3.1.1
fix: redact all query parameters in CRI error logs
…79ccb9dde build(deps): bump the k8s group with 3 updates
…oftprops/action-gh-release-2.4.2 build(deps): bump softprops/action-gh-release from 2.4.1 to 2.4.2
…g-x-c601d64063 build(deps): bump the golang-x group with 2 updates
Signed-off-by: Krisztian Litkey <krisztian.litkey@intel.com>
Detect breaking API changes in proto files
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
cri: fix create container panic if originalAnnotations is nil
…user cri,nri: pass container user (uid, gids) to plugins.
snapshotservice: add WithParent handling for Commit + tests
content: ensure root directory exists before checking fs-verity support
Signed-off-by: Paulo Oliveira <paulo.hco47@gmail.com>
command: show help and exit on unknown positional arguments
…olution fix(oci): handle absolute symlinks in rootfs user lookup
…version mode Use the same approach for appending UUID arguments in GenerateTarIndexAndAppendTar as done in ConvertTarErofs for consistency between the two modes. Signed-off-by: Aadhar Agarwal <aadagarwal@microsoft.com>
cri/podsandbox: reduce dependencies to internal CRI APIs
The traditional mount() syscall has a PAGE_SIZE (typically 4KB) limit for mount options. Use the new mount API (fsopen/fsconfig/fsmount/ move_mount) introduced in Linux 5.2 to bypass this limitation. Fixed: #12662 Signed-off-by: ChengyuZhu6 <hudson@cyzhu.com>
Signed-off-by: Yohei Yamamoto <yhymmt123@gmail.com>
fix: typo in comment
Bumps [github.com/klauspost/compress](https://github.com/klauspost/compress) from 1.18.2 to 1.18.3. - [Release notes](https://github.com/klauspost/compress/releases) - [Commits](klauspost/compress@v1.18.2...v1.18.3) --- updated-dependencies: - dependency-name: github.com/klauspost/compress dependency-version: 1.18.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [actions/cache](https://github.com/actions/cache) from 5.0.1 to 5.0.2. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@9255dc7...8b402f5) --- updated-dependencies: - dependency-name: actions/cache dependency-version: 5.0.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus) from 1.9.3 to 1.9.4. - [Release notes](https://github.com/sirupsen/logrus/releases) - [Changelog](https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md) - [Commits](sirupsen/logrus@v1.9.3...v1.9.4) --- updated-dependencies: - dependency-name: github.com/sirupsen/logrus dependency-version: 1.9.4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
plugins/mount/erofs: use fsmount API to avoid PAGE_SIZE limit
…b.com/sirupsen/logrus-1.9.4 build(deps): bump github.com/sirupsen/logrus from 1.9.3 to 1.9.4
…ctions/cache-5.0.2 build(deps): bump actions/cache from 5.0.1 to 5.0.2
…b.com/klauspost/compress-1.18.3 build(deps): bump github.com/klauspost/compress from 1.18.2 to 1.18.3
…pod events PR #12491 fixed credential leaks in containerd logs but the gRPC error returned to kubelet still contained sensitive information. This was visible in Kubernetes pod events via `kubectl describe pod`. The issue was that SanitizeError was called inside the defer block, but errgrpc.ToGRPC(err) was evaluated before the defer ran, so the gRPC message contained the original unsanitized error. Move SanitizeError before the return statement so both the logged error and the gRPC error are sanitized. Ref: #5453 Signed-off-by: Aadhar Agarwal <aadagarwal@microsoft.com>
…c-error-5453 fix: sanitize error before gRPC return to prevent credential leak in pod events
The layer blob immutable flag clearing logic was moved before storage.Remove() call to ensure that immutable files can be properly removed even if subsequent operations fail after storage.Remove(). The previous order had storage.Remove() called first, which meant if any subsequent operations failed, there would be no opportunity to remove the immutable flag on the layer blob files. Signed-off-by: jinda.ljd <jinda.ljd@alibaba-inc.com>
erofs: Move immutable file handling before storage.Remove
erofs-differ: use same UUID append style in tar index mode as tar conversion mode
Signed-off-by: Adrien Delorme <azr@users.noreply.github.com>
stability: multipart fetch pool
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot]
Can you help keep this open source service alive? 💖 Please sponsor : )