diff --git a/src/moby/build.go b/src/moby/build.go index e19fd8de9..ef8e60ea7 100644 --- a/src/moby/build.go +++ b/src/moby/build.go @@ -121,7 +121,7 @@ func enforceContentTrust(fullImageName string, config *TrustConfig) bool { return false } -func outputImage(image Image, section string, prefix string, m Moby, idMap map[string]uint32, dupMap map[string]string, pull bool, iw *tar.Writer) error { +func outputImage(image *Image, section string, prefix string, m Moby, idMap map[string]uint32, dupMap map[string]string, pull bool, iw *tar.Writer) error { log.Infof(" Create OCI config for %s", image.Image) useTrust := enforceContentTrust(image.Image, &m.Trust) oci, runtime, err := ConfigToOCI(image, useTrust, idMap) @@ -134,7 +134,7 @@ func outputImage(image Image, section string, prefix string, m Moby, idMap map[s } path := path.Join("containers", section, prefix+image.Name) readonly := oci.Root.Readonly - err = ImageBundle(path, image.Image, config, runtime, iw, useTrust, pull, readonly, dupMap) + err = ImageBundle(path, image.ref, config, runtime, iw, useTrust, pull, readonly, dupMap) if err != nil { return fmt.Errorf("Failed to extract root filesystem for %s: %v", image.Image, err) } @@ -171,11 +171,11 @@ func Build(m Moby, w io.Writer, pull bool, tp string) error { // deduplicate containers with the same image dupMap := map[string]string{} - if m.Kernel.Image != "" { + if m.Kernel.ref != nil { // get kernel and initrd tarball from container - log.Infof("Extract kernel image: %s", m.Kernel.Image) + log.Infof("Extract kernel image: %s", m.Kernel.ref) kf := newKernelFilter(iw, m.Kernel.Cmdline, m.Kernel.Binary, m.Kernel.Tar) - err := ImageTar(m.Kernel.Image, "", kf, enforceContentTrust(m.Kernel.Image, &m.Trust), pull, "") + err := ImageTar(m.Kernel.ref, "", kf, enforceContentTrust(m.Kernel.ref.String(), &m.Trust), pull, "") if err != nil { return fmt.Errorf("Failed to extract kernel image and tarball: %v", err) } @@ -189,9 +189,8 @@ func Build(m Moby, w io.Writer, pull bool, tp string) error { if len(m.Init) != 0 { log.Infof("Add init containers:") } - for _, ii := range m.Init { - log.Infof("Process init image: %s", ii) - err := ImageTar(ii, "", iw, enforceContentTrust(ii, &m.Trust), pull, resolvconfSymlink) + for _, ii := range m.initRefs { + err := ImageTar(ii, "", iw, enforceContentTrust(ii.String(), &m.Trust), pull, resolvconfSymlink) if err != nil { return fmt.Errorf("Failed to build init tarball from %s: %v", ii, err) } @@ -389,6 +388,8 @@ func tarAppend(iw *tar.Writer, tr *tar.Reader) error { // this allows inserting metadata into a file in the image func metadata(m Moby, md string) ([]byte, error) { + // Make sure the Image strings are update to date with the refs + updateImages(&m) switch md { case "json": return json.MarshalIndent(m, "", " ") diff --git a/src/moby/config.go b/src/moby/config.go index 33ab46fa3..49172574e 100644 --- a/src/moby/config.go +++ b/src/moby/config.go @@ -9,6 +9,7 @@ import ( "strings" log "github.com/Sirupsen/logrus" + "github.com/containerd/containerd/reference" "github.com/docker/docker/api/types" "github.com/docker/docker/api/types/container" "github.com/opencontainers/runtime-spec/specs-go" @@ -20,11 +21,13 @@ import ( type Moby struct { Kernel KernelConfig `kernel:"cmdline" json:"kernel,omitempty"` Init []string `init:"cmdline" json:"init"` - Onboot []Image `yaml:"onboot" json:"onboot"` - Onshutdown []Image `yaml:"onshutdown" json:"onshutdown"` - Services []Image `yaml:"services" json:"services"` + Onboot []*Image `yaml:"onboot" json:"onboot"` + Onshutdown []*Image `yaml:"onshutdown" json:"onshutdown"` + Services []*Image `yaml:"services" json:"services"` Trust TrustConfig `yaml:"trust" json:"trust,omitempty"` Files []File `yaml:"files" json:"files"` + + initRefs []*reference.Spec } // KernelConfig is the type of the config for a kernel @@ -33,6 +36,8 @@ type KernelConfig struct { Cmdline string `yaml:"cmdline" json:"cmdline,omitempty"` Binary string `yaml:"binary" json:"binary,omitempty"` Tar *string `yaml:"tar" json:"tar,omitempty"` + + ref *reference.Spec } // TrustConfig is the type of a content trust config @@ -89,6 +94,8 @@ type Image struct { UIDMappings *[]specs.LinuxIDMapping `yaml:"uidMappings" json:"uidMappings,omitempty"` GIDMappings *[]specs.LinuxIDMapping `yaml:"gidMappings" json:"gidMappings,omitempty"` Runtime *Runtime `yaml:"runtime" json:"runtime,omitempty"` + + ref *reference.Spec } // Runtime is the type of config processed at runtime, not used to build the OCI spec @@ -151,6 +158,70 @@ func uniqueServices(m Moby) error { return nil } +func extractReferences(m *Moby) error { + if m.Kernel.Image != "" { + r, err := reference.Parse(m.Kernel.Image) + if err != nil { + return fmt.Errorf("extract kernel image reference: %v", err) + } + m.Kernel.ref = &r + } + for _, ii := range m.Init { + r, err := reference.Parse(ii) + if err != nil { + return fmt.Errorf("extract on boot image reference: %v", err) + } + m.initRefs = append(m.initRefs, &r) + } + for _, image := range m.Onboot { + r, err := reference.Parse(image.Image) + if err != nil { + return fmt.Errorf("extract on boot image reference: %v", err) + } + image.ref = &r + } + for _, image := range m.Onshutdown { + r, err := reference.Parse(image.Image) + if err != nil { + return fmt.Errorf("extract on shutdown image reference: %v", err) + } + image.ref = &r + } + for _, image := range m.Services { + r, err := reference.Parse(image.Image) + if err != nil { + return fmt.Errorf("extract service image reference: %v", err) + } + image.ref = &r + } + return nil +} + +func updateImages(m *Moby) error { + if m.Kernel.ref != nil { + m.Kernel.Image = m.Kernel.ref.String() + } + for i, ii := range m.initRefs { + m.Init[i] = ii.String() + } + for _, image := range m.Onboot { + if image.ref != nil { + image.Image = image.ref.String() + } + } + for _, image := range m.Onshutdown { + if image.ref != nil { + image.Image = image.ref.String() + } + } + for _, image := range m.Services { + if image.ref != nil { + image.Image = image.ref.String() + } + } + return nil +} + // NewConfig parses a config file func NewConfig(config []byte) (Moby, error) { m := Moby{} @@ -190,6 +261,10 @@ func NewConfig(config []byte) (Moby, error) { return m, err } + if err := extractReferences(&m); err != nil { + return m, err + } + return m, nil } @@ -208,6 +283,9 @@ func AppendConfig(m0, m1 Moby) (Moby, error) { if m1.Kernel.Tar != nil { moby.Kernel.Tar = m1.Kernel.Tar } + if m1.Kernel.ref != nil { + moby.Kernel.ref = m1.Kernel.ref + } moby.Init = append(moby.Init, m1.Init...) moby.Onboot = append(moby.Onboot, m1.Onboot...) moby.Onshutdown = append(moby.Onshutdown, m1.Onshutdown...) @@ -215,6 +293,7 @@ func AppendConfig(m0, m1 Moby) (Moby, error) { moby.Files = append(moby.Files, m1.Files...) moby.Trust.Image = append(moby.Trust.Image, m1.Trust.Image...) moby.Trust.Org = append(moby.Trust.Org, m1.Trust.Org...) + moby.initRefs = append(moby.initRefs, m1.initRefs...) if err := uniqueServices(moby); err != nil { return moby, err @@ -290,15 +369,14 @@ func NewImage(config []byte) (Image, error) { } // ConfigToOCI converts a config specification to an OCI config file and a runtime config -func ConfigToOCI(image Image, trust bool, idMap map[string]uint32) (specs.Spec, Runtime, error) { +func ConfigToOCI(image *Image, trust bool, idMap map[string]uint32) (specs.Spec, Runtime, error) { // TODO pass through same docker client to all functions cli, err := dockerClient() if err != nil { return specs.Spec{}, Runtime{}, err } - - inspect, err := dockerInspectImage(cli, image.Image, trust) + inspect, err := dockerInspectImage(cli, image.ref, trust) if err != nil { return specs.Spec{}, Runtime{}, err } @@ -649,7 +727,7 @@ func idNumeric(v interface{}, idMap map[string]uint32) (uint32, error) { } // ConfigInspectToOCI converts a config and the output of image inspect to an OCI config -func ConfigInspectToOCI(yaml Image, inspect types.ImageInspect, idMap map[string]uint32) (specs.Spec, Runtime, error) { +func ConfigInspectToOCI(yaml *Image, inspect types.ImageInspect, idMap map[string]uint32) (specs.Spec, Runtime, error) { oci := specs.Spec{} runtime := Runtime{} diff --git a/src/moby/config_test.go b/src/moby/config_test.go index 4aa27878f..ebecb1fab 100644 --- a/src/moby/config_test.go +++ b/src/moby/config_test.go @@ -44,7 +44,7 @@ func TestOverrides(t *testing.T) { inspect := setupInspect(t, label) - oci, _, err := ConfigInspectToOCI(yaml, inspect, idMap) + oci, _, err := ConfigInspectToOCI(&yaml, inspect, idMap) if err != nil { t.Error(err) } @@ -72,7 +72,7 @@ func TestInvalidCap(t *testing.T) { inspect := setupInspect(t, label) - _, _, err := ConfigInspectToOCI(yaml, inspect, idMap) + _, _, err := ConfigInspectToOCI(&yaml, inspect, idMap) if err == nil { t.Error("expected error, got valid OCI config") } @@ -95,7 +95,7 @@ func TestIdMap(t *testing.T) { inspect := setupInspect(t, label) - oci, _, err := ConfigInspectToOCI(yaml, inspect, idMap) + oci, _, err := ConfigInspectToOCI(&yaml, inspect, idMap) if err != nil { t.Error(err) } diff --git a/src/moby/docker.go b/src/moby/docker.go index 81e24fc9c..e00be6f62 100644 --- a/src/moby/docker.go +++ b/src/moby/docker.go @@ -14,6 +14,7 @@ import ( "strings" log "github.com/Sirupsen/logrus" + "github.com/containerd/containerd/reference" "github.com/docker/docker/api/types" "github.com/docker/docker/api/types/container" "github.com/docker/docker/api/types/filters" @@ -97,18 +98,18 @@ func dockerRm(container string) error { return nil } -func dockerPull(image string, forcePull, trustedPull bool) error { - log.Debugf("docker pull: %s", image) +func dockerPull(ref *reference.Spec, forcePull, trustedPull bool) error { + log.Debugf("docker pull: %s", ref) cli, err := dockerClient() if err != nil { return errors.New("could not initialize Docker API client") } if trustedPull { - log.Debugf("pulling %s with content trust", image) - trustedImg, err := TrustedReference(image) + log.Debugf("pulling %s with content trust", ref) + trustedImg, err := TrustedReference(ref.String()) if err != nil { - return fmt.Errorf("Trusted pull for %s failed: %v", image, err) + return fmt.Errorf("Trusted pull for %s failed: %v", ref, err) } // tag the image on a best-effort basis after pulling with content trust, @@ -117,10 +118,15 @@ func dockerPull(image string, forcePull, trustedPull bool) error { if err := cli.ImageTag(context.Background(), src, dst); err != nil { log.Debugf("could not tag trusted image %s to %s", src, dst) } - }(trustedImg.String(), image) + }(trustedImg.String(), ref.String()) log.Debugf("successfully verified trusted reference %s from notary", trustedImg.String()) - image = trustedImg.String() + trustedSpec, err := reference.Parse(trustedImg.String()) + if err != nil { + return fmt.Errorf("failed to convert trusted img %s to Spec: %v", trustedImg, err) + } + ref.Locator = trustedSpec.Locator + ref.Object = trustedSpec.Object imageSearchArg := filters.NewArgs() imageSearchArg.Add("reference", trustedImg.String()) @@ -130,8 +136,8 @@ func dockerPull(image string, forcePull, trustedPull bool) error { } } - log.Infof("Pull image: %s", image) - r, err := cli.ImagePull(context.Background(), image, types.ImagePullOptions{}) + log.Infof("Pull image: %s", ref) + r, err := cli.ImagePull(context.Background(), ref.String(), types.ImagePullOptions{}) if err != nil { return err } @@ -140,7 +146,7 @@ func dockerPull(image string, forcePull, trustedPull bool) error { if err != nil { return err } - log.Debugf("docker pull: %s...Done", image) + log.Debugf("docker pull: %s...Done", ref) return nil } @@ -153,17 +159,17 @@ func dockerClient() (*client.Client, error) { return client.NewEnvClient() } -func dockerInspectImage(cli *client.Client, image string, trustedPull bool) (types.ImageInspect, error) { - log.Debugf("docker inspect image: %s", image) +func dockerInspectImage(cli *client.Client, ref *reference.Spec, trustedPull bool) (types.ImageInspect, error) { + log.Debugf("docker inspect image: %s", ref) - inspect, _, err := cli.ImageInspectWithRaw(context.Background(), image) + inspect, _, err := cli.ImageInspectWithRaw(context.Background(), ref.String()) if err != nil { if client.IsErrImageNotFound(err) { - pullErr := dockerPull(image, true, trustedPull) + pullErr := dockerPull(ref, true, trustedPull) if pullErr != nil { return types.ImageInspect{}, pullErr } - inspect, _, err = cli.ImageInspectWithRaw(context.Background(), image) + inspect, _, err = cli.ImageInspectWithRaw(context.Background(), ref.String()) if err != nil { return types.ImageInspect{}, err } @@ -172,7 +178,7 @@ func dockerInspectImage(cli *client.Client, image string, trustedPull bool) (typ } } - log.Debugf("docker inspect image: %s...Done", image) + log.Debugf("docker inspect image: %s...Done", ref) return inspect, nil } diff --git a/src/moby/image.go b/src/moby/image.go index 1b7451625..350c3730f 100644 --- a/src/moby/image.go +++ b/src/moby/image.go @@ -11,6 +11,7 @@ import ( "strings" log "github.com/Sirupsen/logrus" + "github.com/containerd/containerd/reference" "github.com/opencontainers/runtime-spec/specs-go" ) @@ -81,8 +82,8 @@ func tarPrefix(path string, tw tarWriter) error { } // ImageTar takes a Docker image and outputs it to a tar stream -func ImageTar(image, prefix string, tw tarWriter, trust bool, pull bool, resolv string) error { - log.Debugf("image tar: %s %s", image, prefix) +func ImageTar(ref *reference.Spec, prefix string, tw tarWriter, trust bool, pull bool, resolv string) error { + log.Debugf("image tar: %s %s", ref, prefix) if prefix != "" && prefix[len(prefix)-1] != byte('/') { return fmt.Errorf("prefix does not end with /: %s", prefix) } @@ -93,25 +94,25 @@ func ImageTar(image, prefix string, tw tarWriter, trust bool, pull bool, resolv } if pull || trust { - err := dockerPull(image, pull, trust) + err := dockerPull(ref, pull, trust) if err != nil { - return fmt.Errorf("Could not pull image %s: %v", image, err) + return fmt.Errorf("Could not pull image %s: %v", ref, err) } } - container, err := dockerCreate(image) + container, err := dockerCreate(ref.String()) if err != nil { // if the image wasn't found, pull it down. Bail on other errors. if strings.Contains(err.Error(), "No such image") { - err := dockerPull(image, true, trust) + err := dockerPull(ref, true, trust) if err != nil { - return fmt.Errorf("Could not pull image %s: %v", image, err) + return fmt.Errorf("Could not pull image %s: %v", ref, err) } - container, err = dockerCreate(image) + container, err = dockerCreate(ref.String()) if err != nil { - return fmt.Errorf("Failed to docker create image %s: %v", image, err) + return fmt.Errorf("Failed to docker create image %s: %v", ref, err) } } else { - return fmt.Errorf("Failed to create docker image %s: %v", image, err) + return fmt.Errorf("Failed to create docker image %s: %v", ref, err) } } contents, err := dockerExport(container) @@ -137,7 +138,7 @@ func ImageTar(image, prefix string, tw tarWriter, trust bool, pull bool, resolv return err } if exclude[hdr.Name] { - log.Debugf("image tar: %s %s exclude %s", image, prefix, hdr.Name) + log.Debugf("image tar: %s %s exclude %s", ref, prefix, hdr.Name) _, err = io.Copy(ioutil.Discard, tr) if err != nil { return err @@ -147,7 +148,7 @@ func ImageTar(image, prefix string, tw tarWriter, trust bool, pull bool, resolv contents := replace[hdr.Name] hdr.Size = int64(len(contents)) hdr.Name = prefix + hdr.Name - log.Debugf("image tar: %s %s add %s", image, prefix, hdr.Name) + log.Debugf("image tar: %s %s add %s", ref, prefix, hdr.Name) if err := tw.WriteHeader(hdr); err != nil { return err } @@ -162,7 +163,7 @@ func ImageTar(image, prefix string, tw tarWriter, trust bool, pull bool, resolv hdr.Size = 0 hdr.Typeflag = tar.TypeSymlink hdr.Linkname = resolv - log.Debugf("image tar: %s %s add resolv symlink /etc/resolv.conf -> %s", image, prefix, resolv) + log.Debugf("image tar: %s %s add resolv symlink /etc/resolv.conf -> %s", ref, prefix, resolv) if err := tw.WriteHeader(hdr); err != nil { return err } @@ -172,7 +173,7 @@ func ImageTar(image, prefix string, tw tarWriter, trust bool, pull bool, resolv return err } } else { - log.Debugf("image tar: %s %s add %s", image, prefix, hdr.Name) + log.Debugf("image tar: %s %s add %s", ref, prefix, hdr.Name) hdr.Name = prefix + hdr.Name if hdr.Typeflag == tar.TypeLink { // hard links are referenced by full path so need to be adjusted @@ -191,7 +192,7 @@ func ImageTar(image, prefix string, tw tarWriter, trust bool, pull bool, resolv } // ImageBundle produces an OCI bundle at the given path in a tarball, given an image and a config.json -func ImageBundle(prefix string, image string, config []byte, runtime Runtime, tw tarWriter, trust bool, pull bool, readonly bool, dupMap map[string]string) error { +func ImageBundle(prefix string, ref *reference.Spec, config []byte, runtime Runtime, tw tarWriter, trust bool, pull bool, readonly bool, dupMap map[string]string) error { // if read only, just unpack in rootfs/ but otherwise set up for overlay rootExtract := "rootfs" if !readonly { @@ -200,17 +201,17 @@ func ImageBundle(prefix string, image string, config []byte, runtime Runtime, tw // See if we have extracted this image previously root := path.Join(prefix, rootExtract) - var foundElsewhere = dupMap[image] != "" + var foundElsewhere = dupMap[ref.String()] != "" if !foundElsewhere { - if err := ImageTar(image, root+"/", tw, trust, pull, ""); err != nil { + if err := ImageTar(ref, root+"/", tw, trust, pull, ""); err != nil { return err } - dupMap[image] = root + dupMap[ref.String()] = root } else { if err := tarPrefix(prefix+"/", tw); err != nil { return err } - root = dupMap[image] + root = dupMap[ref.String()] } hdr := &tar.Header{ @@ -274,7 +275,7 @@ func ImageBundle(prefix string, image string, config []byte, runtime Runtime, tw // write the runtime config runtimeConfig, err := json.MarshalIndent(runtime, "", " ") if err != nil { - return fmt.Errorf("Failed to create runtime config for %s: %v", image, err) + return fmt.Errorf("Failed to create runtime config for %s: %v", ref, err) } hdr = &tar.Header{ @@ -290,7 +291,7 @@ func ImageBundle(prefix string, image string, config []byte, runtime Runtime, tw return err } - log.Debugf("image bundle: %s %s cfg: %s runtime: %s", prefix, image, string(config), string(runtimeConfig)) + log.Debugf("image bundle: %s %s cfg: %s runtime: %s", prefix, ref, string(config), string(runtimeConfig)) return nil } diff --git a/vendor.conf b/vendor.conf index b60080b24..fd29aeb51 100644 --- a/vendor.conf +++ b/vendor.conf @@ -1,5 +1,6 @@ github.com/Sirupsen/logrus 10f801ebc38b33738c9d17d50860f484a0988ff5 github.com/agl/ed25519 5312a61534124124185d41f09206b9fef1d88403 +github.com/containerd/containerd v1.0.0-beta.1 github.com/docker/distribution b38e5838b7b2f2ad48e06ec4b500011976080621 github.com/docker/docker 6978a6e25a2e6063f280ec842bd0f3eae99426e1 github.com/docker/docker-credential-helpers 71779cf7f595bf47f5a56d0629ce044e59b1cffa diff --git a/vendor/github.com/containerd/containerd/LICENSE.code b/vendor/github.com/containerd/containerd/LICENSE.code new file mode 100644 index 000000000..8f3fee627 --- /dev/null +++ b/vendor/github.com/containerd/containerd/LICENSE.code @@ -0,0 +1,191 @@ + + Apache License + Version 2.0, January 2004 + https://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + Copyright 2013-2016 Docker, Inc. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + https://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/vendor/github.com/containerd/containerd/LICENSE.docs b/vendor/github.com/containerd/containerd/LICENSE.docs new file mode 100644 index 000000000..e26cd4fc8 --- /dev/null +++ b/vendor/github.com/containerd/containerd/LICENSE.docs @@ -0,0 +1,425 @@ +Attribution-ShareAlike 4.0 International + +======================================================================= + +Creative Commons Corporation ("Creative Commons") is not a law firm and +does not provide legal services or legal advice. Distribution of +Creative Commons public licenses does not create a lawyer-client or +other relationship. Creative Commons makes its licenses and related +information available on an "as-is" basis. Creative Commons gives no +warranties regarding its licenses, any material licensed under their +terms and conditions, or any related information. Creative Commons +disclaims all liability for damages resulting from their use to the +fullest extent possible. + +Using Creative Commons Public Licenses + +Creative Commons public licenses provide a standard set of terms and +conditions that creators and other rights holders may use to share +original works of authorship and other material subject to copyright +and certain other rights specified in the public license below. The +following considerations are for informational purposes only, are not +exhaustive, and do not form part of our licenses. + + Considerations for licensors: Our public licenses are + intended for use by those authorized to give the public + permission to use material in ways otherwise restricted by + copyright and certain other rights. Our licenses are + irrevocable. Licensors should read and understand the terms + and conditions of the license they choose before applying it. + Licensors should also secure all rights necessary before + applying our licenses so that the public can reuse the + material as expected. Licensors should clearly mark any + material not subject to the license. This includes other CC- + licensed material, or material used under an exception or + limitation to copyright. More considerations for licensors: + wiki.creativecommons.org/Considerations_for_licensors + + Considerations for the public: By using one of our public + licenses, a licensor grants the public permission to use the + licensed material under specified terms and conditions. If + the licensor's permission is not necessary for any reason--for + example, because of any applicable exception or limitation to + copyright--then that use is not regulated by the license. Our + licenses grant only permissions under copyright and certain + other rights that a licensor has authority to grant. Use of + the licensed material may still be restricted for other + reasons, including because others have copyright or other + rights in the material. A licensor may make special requests, + such as asking that all changes be marked or described. + Although not required by our licenses, you are encouraged to + respect those requests where reasonable. More_considerations + for the public: + wiki.creativecommons.org/Considerations_for_licensees + +======================================================================= + +Creative Commons Attribution-ShareAlike 4.0 International Public +License + +By exercising the Licensed Rights (defined below), You accept and agree +to be bound by the terms and conditions of this Creative Commons +Attribution-ShareAlike 4.0 International Public License ("Public +License"). To the extent this Public License may be interpreted as a +contract, You are granted the Licensed Rights in consideration of Your +acceptance of these terms and conditions, and the Licensor grants You +such rights in consideration of benefits the Licensor receives from +making the Licensed Material available under these terms and +conditions. + + +Section 1 -- Definitions. + + a. Adapted Material means material subject to Copyright and Similar + Rights that is derived from or based upon the Licensed Material + and in which the Licensed Material is translated, altered, + arranged, transformed, or otherwise modified in a manner requiring + permission under the Copyright and Similar Rights held by the + Licensor. For purposes of this Public License, where the Licensed + Material is a musical work, performance, or sound recording, + Adapted Material is always produced where the Licensed Material is + synched in timed relation with a moving image. + + b. Adapter's License means the license You apply to Your Copyright + and Similar Rights in Your contributions to Adapted Material in + accordance with the terms and conditions of this Public License. + + c. BY-SA Compatible License means a license listed at + creativecommons.org/compatiblelicenses, approved by Creative + Commons as essentially the equivalent of this Public License. + + d. Copyright and Similar Rights means copyright and/or similar rights + closely related to copyright including, without limitation, + performance, broadcast, sound recording, and Sui Generis Database + Rights, without regard to how the rights are labeled or + categorized. For purposes of this Public License, the rights + specified in Section 2(b)(1)-(2) are not Copyright and Similar + Rights. + + e. Effective Technological Measures means those measures that, in the + absence of proper authority, may not be circumvented under laws + fulfilling obligations under Article 11 of the WIPO Copyright + Treaty adopted on December 20, 1996, and/or similar international + agreements. + + f. Exceptions and Limitations means fair use, fair dealing, and/or + any other exception or limitation to Copyright and Similar Rights + that applies to Your use of the Licensed Material. + + g. License Elements means the license attributes listed in the name + of a Creative Commons Public License. The License Elements of this + Public License are Attribution and ShareAlike. + + h. Licensed Material means the artistic or literary work, database, + or other material to which the Licensor applied this Public + License. + + i. Licensed Rights means the rights granted to You subject to the + terms and conditions of this Public License, which are limited to + all Copyright and Similar Rights that apply to Your use of the + Licensed Material and that the Licensor has authority to license. + + j. Licensor means the individual(s) or entity(ies) granting rights + under this Public License. + + k. Share means to provide material to the public by any means or + process that requires permission under the Licensed Rights, such + as reproduction, public display, public performance, distribution, + dissemination, communication, or importation, and to make material + available to the public including in ways that members of the + public may access the material from a place and at a time + individually chosen by them. + + l. Sui Generis Database Rights means rights other than copyright + resulting from Directive 96/9/EC of the European Parliament and of + the Council of 11 March 1996 on the legal protection of databases, + as amended and/or succeeded, as well as other essentially + equivalent rights anywhere in the world. + + m. You means the individual or entity exercising the Licensed Rights + under this Public License. Your has a corresponding meaning. + + +Section 2 -- Scope. + + a. License grant. + + 1. Subject to the terms and conditions of this Public License, + the Licensor hereby grants You a worldwide, royalty-free, + non-sublicensable, non-exclusive, irrevocable license to + exercise the Licensed Rights in the Licensed Material to: + + a. reproduce and Share the Licensed Material, in whole or + in part; and + + b. produce, reproduce, and Share Adapted Material. + + 2. Exceptions and Limitations. For the avoidance of doubt, where + Exceptions and Limitations apply to Your use, this Public + License does not apply, and You do not need to comply with + its terms and conditions. + + 3. Term. The term of this Public License is specified in Section + 6(a). + + 4. Media and formats; technical modifications allowed. The + Licensor authorizes You to exercise the Licensed Rights in + all media and formats whether now known or hereafter created, + and to make technical modifications necessary to do so. The + Licensor waives and/or agrees not to assert any right or + authority to forbid You from making technical modifications + necessary to exercise the Licensed Rights, including + technical modifications necessary to circumvent Effective + Technological Measures. For purposes of this Public License, + simply making modifications authorized by this Section 2(a) + (4) never produces Adapted Material. + + 5. Downstream recipients. + + a. Offer from the Licensor -- Licensed Material. Every + recipient of the Licensed Material automatically + receives an offer from the Licensor to exercise the + Licensed Rights under the terms and conditions of this + Public License. + + b. Additional offer from the Licensor -- Adapted Material. + Every recipient of Adapted Material from You + automatically receives an offer from the Licensor to + exercise the Licensed Rights in the Adapted Material + under the conditions of the Adapter's License You apply. + + c. No downstream restrictions. You may not offer or impose + any additional or different terms or conditions on, or + apply any Effective Technological Measures to, the + Licensed Material if doing so restricts exercise of the + Licensed Rights by any recipient of the Licensed + Material. + + 6. No endorsement. Nothing in this Public License constitutes or + may be construed as permission to assert or imply that You + are, or that Your use of the Licensed Material is, connected + with, or sponsored, endorsed, or granted official status by, + the Licensor or others designated to receive attribution as + provided in Section 3(a)(1)(A)(i). + + b. Other rights. + + 1. Moral rights, such as the right of integrity, are not + licensed under this Public License, nor are publicity, + privacy, and/or other similar personality rights; however, to + the extent possible, the Licensor waives and/or agrees not to + assert any such rights held by the Licensor to the limited + extent necessary to allow You to exercise the Licensed + Rights, but not otherwise. + + 2. Patent and trademark rights are not licensed under this + Public License. + + 3. To the extent possible, the Licensor waives any right to + collect royalties from You for the exercise of the Licensed + Rights, whether directly or through a collecting society + under any voluntary or waivable statutory or compulsory + licensing scheme. In all other cases the Licensor expressly + reserves any right to collect such royalties. + + +Section 3 -- License Conditions. + +Your exercise of the Licensed Rights is expressly made subject to the +following conditions. + + a. Attribution. + + 1. If You Share the Licensed Material (including in modified + form), You must: + + a. retain the following if it is supplied by the Licensor + with the Licensed Material: + + i. identification of the creator(s) of the Licensed + Material and any others designated to receive + attribution, in any reasonable manner requested by + the Licensor (including by pseudonym if + designated); + + ii. a copyright notice; + + iii. a notice that refers to this Public License; + + iv. a notice that refers to the disclaimer of + warranties; + + v. a URI or hyperlink to the Licensed Material to the + extent reasonably practicable; + + b. indicate if You modified the Licensed Material and + retain an indication of any previous modifications; and + + c. indicate the Licensed Material is licensed under this + Public License, and include the text of, or the URI or + hyperlink to, this Public License. + + 2. You may satisfy the conditions in Section 3(a)(1) in any + reasonable manner based on the medium, means, and context in + which You Share the Licensed Material. For example, it may be + reasonable to satisfy the conditions by providing a URI or + hyperlink to a resource that includes the required + information. + + 3. If requested by the Licensor, You must remove any of the + information required by Section 3(a)(1)(A) to the extent + reasonably practicable. + + b. ShareAlike. + + In addition to the conditions in Section 3(a), if You Share + Adapted Material You produce, the following conditions also apply. + + 1. The Adapter's License You apply must be a Creative Commons + license with the same License Elements, this version or + later, or a BY-SA Compatible License. + + 2. You must include the text of, or the URI or hyperlink to, the + Adapter's License You apply. You may satisfy this condition + in any reasonable manner based on the medium, means, and + context in which You Share Adapted Material. + + 3. You may not offer or impose any additional or different terms + or conditions on, or apply any Effective Technological + Measures to, Adapted Material that restrict exercise of the + rights granted under the Adapter's License You apply. + + +Section 4 -- Sui Generis Database Rights. + +Where the Licensed Rights include Sui Generis Database Rights that +apply to Your use of the Licensed Material: + + a. for the avoidance of doubt, Section 2(a)(1) grants You the right + to extract, reuse, reproduce, and Share all or a substantial + portion of the contents of the database; + + b. if You include all or a substantial portion of the database + contents in a database in which You have Sui Generis Database + Rights, then the database in which You have Sui Generis Database + Rights (but not its individual contents) is Adapted Material, + + including for purposes of Section 3(b); and + c. You must comply with the conditions in Section 3(a) if You Share + all or a substantial portion of the contents of the database. + +For the avoidance of doubt, this Section 4 supplements and does not +replace Your obligations under this Public License where the Licensed +Rights include other Copyright and Similar Rights. + + +Section 5 -- Disclaimer of Warranties and Limitation of Liability. + + a. UNLESS OTHERWISE SEPARATELY UNDERTAKEN BY THE LICENSOR, TO THE + EXTENT POSSIBLE, THE LICENSOR OFFERS THE LICENSED MATERIAL AS-IS + AND AS-AVAILABLE, AND MAKES NO REPRESENTATIONS OR WARRANTIES OF + ANY KIND CONCERNING THE LICENSED MATERIAL, WHETHER EXPRESS, + IMPLIED, STATUTORY, OR OTHER. THIS INCLUDES, WITHOUT LIMITATION, + WARRANTIES OF TITLE, MERCHANTABILITY, FITNESS FOR A PARTICULAR + PURPOSE, NON-INFRINGEMENT, ABSENCE OF LATENT OR OTHER DEFECTS, + ACCURACY, OR THE PRESENCE OR ABSENCE OF ERRORS, WHETHER OR NOT + KNOWN OR DISCOVERABLE. WHERE DISCLAIMERS OF WARRANTIES ARE NOT + ALLOWED IN FULL OR IN PART, THIS DISCLAIMER MAY NOT APPLY TO YOU. + + b. TO THE EXTENT POSSIBLE, IN NO EVENT WILL THE LICENSOR BE LIABLE + TO YOU ON ANY LEGAL THEORY (INCLUDING, WITHOUT LIMITATION, + NEGLIGENCE) OR OTHERWISE FOR ANY DIRECT, SPECIAL, INDIRECT, + INCIDENTAL, CONSEQUENTIAL, PUNITIVE, EXEMPLARY, OR OTHER LOSSES, + COSTS, EXPENSES, OR DAMAGES ARISING OUT OF THIS PUBLIC LICENSE OR + USE OF THE LICENSED MATERIAL, EVEN IF THE LICENSOR HAS BEEN + ADVISED OF THE POSSIBILITY OF SUCH LOSSES, COSTS, EXPENSES, OR + DAMAGES. WHERE A LIMITATION OF LIABILITY IS NOT ALLOWED IN FULL OR + IN PART, THIS LIMITATION MAY NOT APPLY TO YOU. + + c. The disclaimer of warranties and limitation of liability provided + above shall be interpreted in a manner that, to the extent + possible, most closely approximates an absolute disclaimer and + waiver of all liability. + + +Section 6 -- Term and Termination. + + a. This Public License applies for the term of the Copyright and + Similar Rights licensed here. However, if You fail to comply with + this Public License, then Your rights under this Public License + terminate automatically. + + b. Where Your right to use the Licensed Material has terminated under + Section 6(a), it reinstates: + + 1. automatically as of the date the violation is cured, provided + it is cured within 30 days of Your discovery of the + violation; or + + 2. upon express reinstatement by the Licensor. + + For the avoidance of doubt, this Section 6(b) does not affect any + right the Licensor may have to seek remedies for Your violations + of this Public License. + + c. For the avoidance of doubt, the Licensor may also offer the + Licensed Material under separate terms or conditions or stop + distributing the Licensed Material at any time; however, doing so + will not terminate this Public License. + + d. Sections 1, 5, 6, 7, and 8 survive termination of this Public + License. + + +Section 7 -- Other Terms and Conditions. + + a. The Licensor shall not be bound by any additional or different + terms or conditions communicated by You unless expressly agreed. + + b. Any arrangements, understandings, or agreements regarding the + Licensed Material not stated herein are separate from and + independent of the terms and conditions of this Public License. + + +Section 8 -- Interpretation. + + a. For the avoidance of doubt, this Public License does not, and + shall not be interpreted to, reduce, limit, restrict, or impose + conditions on any use of the Licensed Material that could lawfully + be made without permission under this Public License. + + b. To the extent possible, if any provision of this Public License is + deemed unenforceable, it shall be automatically reformed to the + minimum extent necessary to make it enforceable. If the provision + cannot be reformed, it shall be severed from this Public License + without affecting the enforceability of the remaining terms and + conditions. + + c. No term or condition of this Public License will be waived and no + failure to comply consented to unless expressly agreed to by the + Licensor. + + d. Nothing in this Public License constitutes or may be interpreted + as a limitation upon, or waiver of, any privileges and immunities + that apply to the Licensor or You, including from the legal + processes of any jurisdiction or authority. + + +======================================================================= + +Creative Commons is not a party to its public licenses. +Notwithstanding, Creative Commons may elect to apply one of its public +licenses to material it publishes and in those instances will be +considered the "Licensor." Except for the limited purpose of indicating +that material is shared under a Creative Commons public license or as +otherwise permitted by the Creative Commons policies published at +creativecommons.org/policies, Creative Commons does not authorize the +use of the trademark "Creative Commons" or any other trademark or logo +of Creative Commons without its prior written consent including, +without limitation, in connection with any unauthorized modifications +to any of its public licenses or any other arrangements, +understandings, or agreements concerning use of licensed material. For +the avoidance of doubt, this paragraph does not form part of the public +licenses. + +Creative Commons may be contacted at creativecommons.org. diff --git a/vendor/github.com/containerd/containerd/NOTICE b/vendor/github.com/containerd/containerd/NOTICE new file mode 100644 index 000000000..8915f0277 --- /dev/null +++ b/vendor/github.com/containerd/containerd/NOTICE @@ -0,0 +1,16 @@ +Docker +Copyright 2012-2015 Docker, Inc. + +This product includes software developed at Docker, Inc. (https://www.docker.com). + +The following is courtesy of our legal counsel: + + +Use and transfer of Docker may be subject to certain restrictions by the +United States and other governments. +It is your responsibility to ensure that your use and/or transfer does not +violate applicable laws. + +For more information, please see https://www.bis.doc.gov + +See also https://www.apache.org/dev/crypto.html and/or seek legal counsel. diff --git a/vendor/github.com/containerd/containerd/README.md b/vendor/github.com/containerd/containerd/README.md new file mode 100644 index 000000000..9484ad092 --- /dev/null +++ b/vendor/github.com/containerd/containerd/README.md @@ -0,0 +1,208 @@ +![banner](/docs/images/containerd-dark.png?raw=true) + +[![GoDoc](https://godoc.org/github.com/containerd/containerd?status.svg)](https://godoc.org/github.com/containerd/containerd) +[![Build Status](https://travis-ci.org/containerd/containerd.svg?branch=master)](https://travis-ci.org/containerd/containerd) +[![FOSSA Status](https://app.fossa.io/api/projects/git%2Bhttps%3A%2F%2Fgithub.com%2Fcontainerd%2Fcontainerd.svg?type=shield)](https://app.fossa.io/projects/git%2Bhttps%3A%2F%2Fgithub.com%2Fcontainerd%2Fcontainerd?ref=badge_shield) +[![Go Report Card](https://goreportcard.com/badge/github.com/containerd/containerd)](https://goreportcard.com/report/github.com/containerd/containerd) + +containerd is an industry-standard container runtime with an emphasis on simplicity, robustness and portability. It is available as a daemon for Linux and Windows, which can manage the complete container lifecycle of its host system: image transfer and storage, container execution and supervision, low-level storage and network attachments, etc. + +containerd is designed to be embedded into a larger system, rather than being used directly by developers or end-users. + +![architecture](design/architecture.png) + +## Getting Started + +If you are interested in trying out containerd please see our [Getting Started Guide](docs/getting-started.md). + +## Features + +### Client + +containerd offers a full client package to help you integrate containerd into your platform. + +```go + +import "github.com/containerd/containerd" + +func main() { + client, err := containerd.New("/run/containerd/containerd.sock") + defer client.Close() +} + +``` + +### Namespaces + +Namespaces allow multiple consumers to use the same containerd without conflicting with each other. It has the benefit of sharing content but still having separation with containers and images. + +To set a namespace for requests to the API: + +```go +context = context.Background() +// create a context for docker +docker = namespaces.WithNamespace(context, "docker") + +containerd, err := client.NewContainer(docker, "id") +``` + +To set a default namespace on the client: + +```go +client, err := containerd.New(address, containerd.WithDefaultNamespace("docker")) +``` + +### Distribution + +```go +// pull an image +image, err := client.Pull(context, "docker.io/library/redis:latest") + +// push an image +err := client.Push(context, "docker.io/library/redis:latest", image.Target()) +``` + +### Containers + +In containerd, a container is a metadata object. Resources such as an OCI runtime specification, image, root filesystem, and other metadata can be attached to a container. + +```go +redis, err := client.NewContainer(context, "redis-master") +defer redis.Delete(context) +``` + +### OCI Runtime Specification + +containerd fully supports the OCI runtime specification for running containers. We have built in functions to help you generate runtime specifications based on images as well as custom parameters. + +You can specify options when creating a container about how to modify the specification. + +```go +redis, err := client.NewContainer(context, "redis-master", containerd.WithNewSpec(containerd.WithImageConfig(image))) +``` + +### Root Filesystems + +containerd allows you to use overlay or snapshot filesystems with your containers. It comes with builtin support for overlayfs and btrfs. + +```go +// pull an image and unpack it into the configured snapshotter +image, err := client.Pull(context, "docker.io/library/redis:latest", containerd.WithPullUnpack) + +// allocate a new RW root filesystem for a container based on the image +redis, err := client.NewContainer(context, "redis-master", + containerd.WithNewSnapshot("redis-rootfs", image), + containerd.WithNewSpec(containerd.WithImageConfig(image)), + +) + +// use a readonly filesystem with multiple containers +for i := 0; i < 10; i++ { + id := fmt.Sprintf("id-%s", i) + container, err := client.NewContainer(ctx, id, + containerd.WithNewSnapshotView(id, image), + containerd.WithNewSpec(containerd.WithImageConfig(image)), + ) +} +``` + +### Tasks + +Taking a container object and turning it into a runnable process on a system is done by creating a new `Task` from the container. A task represents the runnable object within containerd. + +```go +// create a new task +task, err := redis.NewTask(context, containerd.Stdio) +defer task.Delete(context) + +// the task is now running and has a pid that can be use to setup networking +// or other runtime settings outside of containerd +pid := task.Pid() + +// start the redis-server process inside the container +err := task.Start(context) + +// wait for the task to exit and get the exit status +status, err := task.Wait(context) +``` + +### Checkpoint and Restore + +If you have [criu](https://criu.org/Main_Page) installed on your machine you can checkpoint and restore containers and their tasks. This allow you to clone and/or live migrate containers to other machines. + +```go +// checkpoint the task then push it to a registry +checkpoint, err := task.Checkpoint(context, containerd.WithExit) + +err := client.Push(context, "myregistry/checkpoints/redis:master", checkpoint) + +// on a new machine pull the checkpoint and restore the redis container +image, err := client.Pull(context, "myregistry/checkpoints/redis:master") + +checkpoint := image.Target() + +redis, err = client.NewContainer(context, "redis-master", containerd.WithCheckpoint(checkpoint, "redis-rootfs")) +defer container.Delete(context) + +task, err = redis.NewTask(context, containerd.Stdio, containerd.WithTaskCheckpoint(checkpoint)) +defer task.Delete(context) + +err := task.Start(context) +``` + +## Developer Quick-Start + +To build the daemon and `ctr` simple test client, the following build system dependencies are required: + +* Go 1.8.x or above (requires 1.8 due to use of golang plugin(s)) +* Protoc 3.x compiler and headers (download at the [Google protobuf releases page](https://github.com/google/protobuf/releases)) +* Btrfs headers and libraries for your distribution. Note that building the btrfs driver can be disabled via build tag removing this dependency. + +For proper results, install the `protoc` release into `/usr/local` on your build system. For example, the following commands will download and install the 3.1.0 release for a 64-bit Linux host: + +``` +$ wget -c https://github.com/google/protobuf/releases/download/v3.1.0/protoc-3.1.0-linux-x86_64.zip +$ sudo unzip protoc-3.1.0-linux-x86_64.zip -d /usr/local +``` + +With the required dependencies installed, the `Makefile` target named **binaries** will compile the `ctr` and `containerd` binaries and place them in the `bin/` directory. Using `sudo make install` will place the binaries in `/usr/local/bin`. When making any changes to the gRPC API, `make generate` will use the installed `protoc` compiler to regenerate the API generated code packages. + +> *Note*: A build tag is currently available to disable building the btrfs snapshot driver. +> Adding `BUILDTAGS=no_btrfs` to your environment before calling the **binaries** +> Makefile target will disable the btrfs driver within the containerd Go build. + +Vendoring of external imports uses the [`vndr` tool](https://github.com/LK4D4/vndr) which uses a simple config file, `vendor.conf`, to provide the URL and version or hash details for each vendored import. After modifying `vendor.conf` run the `vndr` tool to update the `vendor/` directory contents. Combining the `vendor.conf` update with the changeset in `vendor/` after running `vndr` should become a single commit for a PR which relies on vendored updates. + +Please refer to [RUNC.md](/RUNC.md) for the currently supported version of `runc` that is used by containerd. + +### Releases and API Stability + +Please see [RELEASES.md](RELEASES.md) for details on versioning and stability +of containerd components. + +### Development reports. + +Weekly summary on the progress and what is being worked on. +https://github.com/containerd/containerd/tree/master/reports + +### Communication + +For async communication and long running discussions please use issues and pull requests on the github repo. +This will be the best place to discuss design and implementation. + +For sync communication we have a community slack with a #containerd channel that everyone is welcome to join and chat about development. + +**Slack:** https://dockr.ly/community + +### Reporting security issues + +__If you are reporting a security issue, please reach out discreetly at containerd-security@googlegroups.com__. + +## Copyright and license + +Copyright ©2016-2017 Docker, Inc. All rights reserved, except as follows. Code +is released under the Apache 2.0 license. The README.md file, and files in the +"docs" folder are licensed under the Creative Commons Attribution 4.0 +International License under the terms and conditions set forth in the file +"LICENSE.docs". You may obtain a duplicate copy of the same license, titled +CC-BY-SA-4.0, at http://creativecommons.org/licenses/by/4.0/. diff --git a/vendor/github.com/containerd/containerd/reference/reference.go b/vendor/github.com/containerd/containerd/reference/reference.go new file mode 100644 index 000000000..d31dff523 --- /dev/null +++ b/vendor/github.com/containerd/containerd/reference/reference.go @@ -0,0 +1,144 @@ +package reference + +import ( + "errors" + "fmt" + "net/url" + "path" + "regexp" + "strings" + + digest "github.com/opencontainers/go-digest" +) + +var ( + ErrInvalid = errors.New("invalid reference") + ErrObjectRequired = errors.New("object required") + ErrHostnameRequired = errors.New("hostname required") +) + +// Spec defines the main components of a reference specification. +// +// A reference specification is a schema-less URI parsed into common +// components. The two main components, locator and object, are required to be +// supported by remotes. It represents a superset of the naming define in +// docker's reference schema. It aims to be compatible but not prescriptive. +// +// While the interpretation of the components, locator and object, are up to +// the remote, we define a few common parts, accessible via helper methods. +// +// The first is the hostname, which is part of the locator. This doesn't need +// to map to a physical resource, but it must parse as a hostname. We refer to +// this as the namespace. +// +// The other component made accessible by helper method is the digest. This is +// part of the object identifier, always prefixed with an '@'. If present, the +// remote may use the digest portion directly or resolve it against a prefix. +// If the object does not include the `@` symbol, the return value for `Digest` +// will be empty. +type Spec struct { + // Locator is the host and path portion of the specification. The host + // portion may refer to an actual host or just a namespace of related + // images. + // + // Typically, the locator may used to resolve the remote to fetch specific + // resources. + Locator string + + // Object contains the identifier for the remote resource. Classically, + // this is a tag but can refer to anything in a remote. By convention, any + // portion that may be a partial or whole digest will be preceded by an + // `@`. Anything preceding the `@` will be referred to as the "tag". + // + // In practice, we will see this broken down into the following formats: + // + // 1. + // 2. @ + // 3. @ + // + // We define the tag to be anything except '@' and ':'. may + // be a full valid digest or shortened version, possibly with elided + // algorithm. + Object string +} + +var splitRe = regexp.MustCompile(`[:@]`) + +// Parse parses the string into a structured ref. +func Parse(s string) (Spec, error) { + u, err := url.Parse("dummy://" + s) + if err != nil { + return Spec{}, err + } + + if u.Scheme != "dummy" { + return Spec{}, ErrInvalid + } + + if u.Host == "" { + return Spec{}, ErrHostnameRequired + } + + var object string + + if idx := splitRe.FindStringIndex(u.Path); idx != nil { + // This allows us to retain the @ to signify digests or shortened digests in + // the object. + object = u.Path[idx[0]:] + if object[:1] == ":" { + object = object[1:] + } + u.Path = u.Path[:idx[0]] + } + + return Spec{ + Locator: path.Join(u.Host, u.Path), + Object: object, + }, nil +} + +// Hostname returns the hostname portion of the locator. +// +// Remotes are not required to directly access the resources at this host. This +// method is provided for convenience. +func (r Spec) Hostname() string { + i := strings.Index(r.Locator, "/") + + if i < 0 { + i = len(r.Locator) + 1 + } + return r.Locator[:i] +} + +// Digest returns the digest portion of the reference spec. This may be a +// partial or invalid digest, which may be used to lookup a complete digest. +func (r Spec) Digest() digest.Digest { + _, dgst := SplitObject(r.Object) + return dgst +} + +// String returns the normalized string for the ref. +func (r Spec) String() string { + if r.Object == "" { + return r.Locator + } + if r.Object[:1] == "@" { + return fmt.Sprintf("%v%v", r.Locator, r.Object) + } + + return fmt.Sprintf("%v:%v", r.Locator, r.Object) +} + +// SplitObject provides two parts of the object spec, delimited by an `@` +// symbol. +// +// Either may be empty and it is the callers job to validate them +// appropriately. +func SplitObject(obj string) (tag string, dgst digest.Digest) { + parts := strings.SplitAfterN(obj, "@", 2) + if len(parts) < 2 { + return parts[0], "" + } else { + return parts[0], digest.Digest(parts[1]) + } +} diff --git a/vendor/github.com/containerd/containerd/vendor.conf b/vendor/github.com/containerd/containerd/vendor.conf new file mode 100644 index 000000000..abb7383d5 --- /dev/null +++ b/vendor/github.com/containerd/containerd/vendor.conf @@ -0,0 +1,44 @@ +github.com/coreos/go-systemd 48702e0da86bd25e76cfef347e2adeb434a0d0a6 +github.com/containerd/go-runc b3c048c028ddd789c6f9510c597f8b9c62f25359 +github.com/containerd/console b28c739c79ce69d017e3691ad3664568d68e95c6 +github.com/containerd/cgroups 5933ab4dc4f7caa3a73a1dc141bd11f42b5c9163 +github.com/containerd/typeurl f6943554a7e7e88b3c14aad190bf05932da84788 +github.com/docker/go-metrics 8fd5772bf1584597834c6f7961a530f06cbfbb87 +github.com/docker/go-events 9461782956ad83b30282bf90e31fa6a70c255ba9 +github.com/godbus/dbus c7fdd8b5cd55e87b4e1f4e372cdb1db61dd6c66f +github.com/prometheus/client_golang v0.8.0 +github.com/prometheus/client_model fa8ad6fec33561be4280a8f0514318c79d7f6cb6 +github.com/prometheus/common 195bde7883f7c39ea62b0d92ab7359b5327065cb +github.com/prometheus/procfs fcdb11ccb4389efb1b210b7ffb623ab71c5fdd60 +github.com/beorn7/perks 4c0e84591b9aa9e6dcfdf3e020114cd81f89d5f9 +github.com/matttproud/golang_protobuf_extensions v1.0.0 +github.com/docker/go-units v0.3.1 +github.com/gogo/protobuf d2e1ade2d719b78fe5b061b4c18a9f7111b5bdc8 +github.com/golang/protobuf 5a0f697c9ed9d68fef0116532c6e05cfeae00e55 +github.com/opencontainers/runtime-spec v1.0.0 +github.com/opencontainers/runc 593914b8bd5448a93f7c3e4902a03408b6d5c0ce +github.com/sirupsen/logrus v1.0.0 +github.com/containerd/btrfs cc52c4dea2ce11a44e6639e561bb5c2af9ada9e3 +github.com/stretchr/testify v1.1.4 +github.com/davecgh/go-spew v1.1.0 +github.com/pmezard/go-difflib v1.0.0 +github.com/containerd/fifo fbfb6a11ec671efbe94ad1c12c2e98773f19e1e6 +github.com/urfave/cli 8ba6f23b6e36d03666a14bd9421f5e3efcb59aca +golang.org/x/net 7dcfb8076726a3fdd9353b6b8a1f1b6be6811bd6 +google.golang.org/grpc v1.3.0 +github.com/pkg/errors v0.8.0 +github.com/opencontainers/go-digest 21dfd564fd89c944783d00d069f33e3e7123c448 +golang.org/x/sys 7ddbeae9ae08c6a06a59597f0c9edbc5ff2444ce https://github.com/golang/sys +github.com/opencontainers/image-spec v1.0.0 +github.com/containerd/continuity cf279e6ac893682272b4479d4c67fd3abf878b4e +golang.org/x/sync 450f422ab23cf9881c94e2db30cac0eb1b7cf80c +github.com/BurntSushi/toml v0.2.0-21-g9906417 +github.com/grpc-ecosystem/go-grpc-prometheus 6b7015e65d366bf3f19b2b2a000a831940f0f7e0 +github.com/Microsoft/go-winio v0.4.4 +github.com/Microsoft/hcsshim v0.6.3 +github.com/Microsoft/opengcs v0.3.2 +github.com/boltdb/bolt e9cf4fae01b5a8ff89d0ec6b32f0d9c9f79aefdd +github.com/Azure/go-ansiterm 19f72df4d05d31cbe1c56bfc8045c96babff6c7e +google.golang.org/genproto d80a6e20e776b0b17a324d0ba1ab50a39c8e8944 +golang.org/x/text 19e51611da83d6be54ddafce4a4af510cb3e9ea4 +github.com/dmcgowan/go-tar 2e2c51242e8993c50445dab7c03c8e7febddd0cf diff --git a/vendor/github.com/docker/docker/hack/README.md b/vendor/github.com/docker/docker/hack/README.md deleted file mode 100644 index 802395d53..000000000 --- a/vendor/github.com/docker/docker/hack/README.md +++ /dev/null @@ -1,60 +0,0 @@ -## About - -This directory contains a collection of scripts used to build and manage this -repository. If there are any issues regarding the intention of a particular -script (or even part of a certain script), please reach out to us. -It may help us either refine our current scripts, or add on new ones -that are appropriate for a given use case. - -## DinD (dind.sh) - -DinD is a wrapper script which allows Docker to be run inside a Docker -container. DinD requires the container to -be run with privileged mode enabled. - -## Generate Authors (generate-authors.sh) - -Generates AUTHORS; a file with all the names and corresponding emails of -individual contributors. AUTHORS can be found in the home directory of -this repository. - -## Make - -There are two make files, each with different extensions. Neither are supposed -to be called directly; only invoke `make`. Both scripts run inside a Docker -container. - -### make.ps1 - -- The Windows native build script that uses PowerShell semantics; it is limited -unlike `hack\make.sh` since it does not provide support for the full set of -operations provided by the Linux counterpart, `make.sh`. However, `make.ps1` -does provide support for local Windows development and Windows to Windows CI. -More information is found within `make.ps1` by the author, @jhowardmsft - -### make.sh - -- Referenced via `make test` when running tests on a local machine, -or directly referenced when running tests inside a Docker development container. -- When running on a local machine, `make test` to run all tests found in -`test`, `test-unit`, `test-integration-cli`, and `test-docker-py` on -your local machine. The default timeout is set in `make.sh` to 60 minutes -(`${TIMEOUT:=60m}`), since it currently takes up to an hour to run -all of the tests. -- When running inside a Docker development container, `hack/make.sh` does -not have a single target that runs all the tests. You need to provide a -single command line with multiple targets that performs the same thing. -An example referenced from [Run targets inside a development container](https://docs.docker.com/opensource/project/test-and-docs/#run-targets-inside-a-development-container): `root@5f8630b873fe:/go/src/github.com/moby/moby# hack/make.sh dynbinary binary cross test-unit test-integration-cli test-docker-py` -- For more information related to testing outside the scope of this README, -refer to -[Run tests and test documentation](https://docs.docker.com/opensource/project/test-and-docs/) - -## Release (release.sh) - -Releases any bundles built by `make` on a public AWS S3 bucket. -For information regarding configuration, please view `release.sh`. - -## Vendor (vendor.sh) - -A shell script that is a wrapper around Vndr. For information on how to use -this, please refer to [vndr's README](https://github.com/LK4D4/vndr/blob/master/README.md) diff --git a/vendor/github.com/docker/docker/hack/integration-cli-on-swarm/README.md b/vendor/github.com/docker/docker/hack/integration-cli-on-swarm/README.md deleted file mode 100644 index 1cea52526..000000000 --- a/vendor/github.com/docker/docker/hack/integration-cli-on-swarm/README.md +++ /dev/null @@ -1,69 +0,0 @@ -# Integration Testing on Swarm - -IT on Swarm allows you to execute integration test in parallel across a Docker Swarm cluster - -## Architecture - -### Master service - - - Works as a funker caller - - Calls a worker funker (`-worker-service`) with a chunk of `-check.f` filter strings (passed as a file via `-input` flag, typically `/mnt/input`) - -### Worker service - - - Works as a funker callee - - Executes an equivalent of `TESTFLAGS=-check.f TestFoo|TestBar|TestBaz ... make test-integration-cli` using the bind-mounted API socket (`docker.sock`) - -### Client - - - Controls master and workers via `docker stack` - - No need to have a local daemon - -Typically, the master and workers are supposed to be running on a cloud environment, -while the client is supposed to be running on a laptop, e.g. Docker for Mac/Windows. - -## Requirement - - - Docker daemon 1.13 or later - - Private registry for distributed execution with multiple nodes - -## Usage - -### Step 1: Prepare images - - $ make build-integration-cli-on-swarm - -Following environment variables are known to work in this step: - - - `BUILDFLAGS` - - `DOCKER_INCREMENTAL_BINARY` - -Note: during the transition into Moby Project, you might need to create a symbolic link `$GOPATH/src/github.com/docker/docker` to `$GOPATH/src/github.com/moby/moby`. - -### Step 2: Execute tests - - $ ./hack/integration-cli-on-swarm/integration-cli-on-swarm -replicas 40 -push-worker-image YOUR_REGISTRY.EXAMPLE.COM/integration-cli-worker:latest - -Following environment variables are known to work in this step: - - - `DOCKER_GRAPHDRIVER` - - `DOCKER_EXPERIMENTAL` - -#### Flags - -Basic flags: - - - `-replicas N`: the number of worker service replicas. i.e. degree of parallelism. - - `-chunks N`: the number of chunks. By default, `chunks` == `replicas`. - - `-push-worker-image REGISTRY/IMAGE:TAG`: push the worker image to the registry. Note that if you have only single node and hence you do not need a private registry, you do not need to specify `-push-worker-image`. - -Experimental flags for mitigating makespan nonuniformity: - - - `-shuffle`: Shuffle the test filter strings - -Flags for debugging IT on Swarm itself: - - - `-rand-seed N`: the random seed. This flag is useful for deterministic replaying. By default(0), the timestamp is used. - - `-filters-file FILE`: the file contains `-check.f` strings. By default, the file is automatically generated. - - `-dry-run`: skip the actual workload - - `keep-executor`: do not auto-remove executor containers, which is used for running privileged programs on Swarm diff --git a/vendor/github.com/docker/docker/hack/integration-cli-on-swarm/agent/vendor.conf b/vendor/github.com/docker/docker/hack/integration-cli-on-swarm/agent/vendor.conf deleted file mode 100644 index efd6d6d04..000000000 --- a/vendor/github.com/docker/docker/hack/integration-cli-on-swarm/agent/vendor.conf +++ /dev/null @@ -1,2 +0,0 @@ -# dependencies specific to worker (i.e. github.com/docker/docker/...) are not vendored here -github.com/bfirsh/funker-go eaa0a2e06f30e72c9a0b7f858951e581e26ef773