[25.0] vendor: github.com/containerd/containerd v1.7.27 #49909
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Requires a rebase on #49804 to get tests to run. See pendo324#1 for tests running on a different branch which includes the changes in #49804 |
Signed-off-by: Justin Alvarez <alvajus@amazon.com>
…ed errs
Before:
=== FAIL: amd64.integration.image TestImagePullPlatformInvalid (0.01s)
pull_test.go:37: assertion failed: expression is false: errdefs.IsInvalidParameter(err)
After:
=== RUN TestImagePullPlatformInvalid
pull_test.go:37: assertion failed: error is Error response from daemon: "foobar": unknown operating system or architecture: invalid argument (errdefs.errSystem), not errdefs.IsInvalidParameter
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit a88cd68)
Signed-off-by: Justin Alvarez <alvajus@amazon.com>
…d errs
- add some asserts for unhandled errors
- use consts for fixed values, and slightly re-format Dockerfile contentt
- inline one-line Dockerfiles
- fix some vars to be properly camel-cased
- improve assert for error-types;
Before:
=== RUN TestBuildPlatformInvalid
build_test.go:685: assertion failed: expression is false: errdefs.IsInvalidParameter(err)
--- FAIL: TestBuildPlatformInvalid (0.01s)
FAIL
After:
=== RUN TestBuildPlatformInvalid
build_test.go:689: assertion failed: error is Error response from daemon: "foobar": unknown operating system or architecture: invalid argument (errdefs.errSystem), not errdefs.IsInvalidParameter
--- FAIL: TestBuildPlatformInvalid (0.01s)
FAIL
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 64a6cc3)
Signed-off-by: Justin Alvarez <alvajus@amazon.com>
The userns package in libcontainer was integrated into the moby/sys/user module at commit [3778ae603c706494fd1e2c2faf83b406e38d687d][1]. The userns package is used in many places, and currently either depends on runc/libcontainer, or on containerd, both of which have a complex dependency tree. This patch is part of a series of patches to unify the implementations, and to migrate toward that implementation to simplify the dependency tree. [1]: opencontainers/runc@3778ae6 Signed-off-by: Sebastiaan van Stijn <github@gone.nl> (cherry picked from commit 2ce811e) Signed-off-by: Justin Alvarez <alvajus@amazon.com>
Commit 2ce811e migrated the use of the userns package to the github.com/moby/sys/user module. After further discussion with maintainers, it was decided to move the userns package to a separate module, as it has no direct relation with "user" operations (other than having "user" in its name). This patch migrates our code to use the new module. Signed-off-by: Sebastiaan van Stijn <github@gone.nl> (cherry picked from commit 7b0ef10) Signed-off-by: Justin Alvarez <alvajus@amazon.com>
…s to github.com/containerd/platforms Signed-off-by: Justin Alvarez <alvajus@amazon.com>
…to github.com/containerd/errdefs Signed-off-by: Justin Alvarez <alvajus@amazon.com>
…v2/runc/options to github.com/containerd/containerd/api/types/runc/options Signed-off-by: Justin Alvarez <alvajus@amazon.com>
775047e to
7e2fc23
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
- What I did
Upgraded the containerd dependency to v1.7.27 to mitigate GHSA-265r-hfxg-fhmg / CVE-2024-40635.
This isn't showing up in my
govulncheck -mode binary dockerdscans, but it does show up in verbose mode:govulncheck -show verbose -mode binary dockerdI believe this part
part of govulncheck's output is incorrect based on code analysis:
This reference to
containerd.oci's WithUser function is called by execSetPlatformOpt which is called by ContainerExecStart- How I did it
./hack/vendor.shAUTO_GOPATH=1 hack/make.sh dynbinary dynbinary-proxy, which failedgithub.com/distribution/referencefrom the version containerd 1.7.27 requires (v0.6.0) to v0.5.0, to add back the removed deprecated function (open to alternatives, this was just the first "fix" that came to mind)- How to verify it
- Human readable description for the release notes
- A picture of a cute animal (not mandatory but encouraged)