profile
viewpoint
Sebastiaan van Stijn thaJeztah thaJeztah Netherlands @docker and @moby maintainer, member of the Moby TSC. Open Source contributions manager @ Docker, Inc. Feeds @GordonTheTurtle with issues and PR's

delete branch thaJeztah/cli

delete branch : carry_1221_push_quiet

delete time in 4 hours

pull request commentmoby/moby

Bump hcsshim to 6c7177eae8be632af2e15e44b62d69ab18389ddb

I can add you both to the maintainers channel, which would give a more "quiet" channel to discuss if needed

vikramhh

comment created time in 7 hours

pull request commentcontainerd/containerd

[release/1.3] Prepare v1.3.1 release

I think @dmcgowan also mentioned another change desired for 1.3.x

Happy to keep this open, and update, while those are being worked on

thaJeztah

comment created time in 7 hours

Pull request review commentdocker/cli

e2e: add new test package "global" with TestTLSVerify

+package global++import (+	"testing"++	"github.com/docker/cli/internal/test/environment"+	"gotest.tools/icmd"+	"gotest.tools/skip"+)++func TestTLSVerify(t *testing.T) {+	// Remote daemons use TLS and this test is not applicable when TLS is required.+	skip.If(t, environment.RemoteDaemon())

Perhaps put the "skip" description as third argument to skip.If, then it shows up in the logs as reason why it's skipped

tiborvass

comment created time in 10 hours

issue closeddocker/for-linux

unregister_netdevice waiting for IO

  • [x] This is a bug report
  • [ ] This is a feature request
  • [ ] I searched existing issues before opening this one

Expected behavior

docker running and free unused ports for unregister_netdevice

Actual behavior

Container failure, stop/start, re-install not working , a lot of "unregister_netdevice: waiting for lo to become free. Usage count = 188"

Steps to reproduce the behavior

Every time we create a docker it works fine for a week or two then they fail

<!-- Describe the exact steps to reproduce. If possible, provide a minimum reproduction example; take into account that others do not have access to your private images, source code, and environment.

REMOVE SENSITIVE DATA BEFORE POSTING (replace those parts with "REDACTED") -->

Output of docker version:

Client: Docker Engine - Community Version: 19.03.4 API version: 1.40 Go version: go1.12.10 Git commit: 9013bf583a Built: Fri Oct 18 15:54:09 2019 OS/Arch: linux/amd64 Experimental: false

Server: Docker Engine - Community Engine: Version: 19.03.4 API version: 1.40 (minimum version 1.12) Go version: go1.12.10 Git commit: 9013bf583a Built: Fri Oct 18 15:52:40 2019 OS/Arch: linux/amd64 Experimental: false containerd: Version: 1.2.10 GitCommit: b34a5c8af56e510852c35414db4c1f4fa6172339 runc: Version: 1.0.0-rc8+dev GitCommit: 3e425f80a8c931f88e6d94a8c831b9d5aa481657 docker-init: Version: 0.18.0 GitCommit: fec3683

Output of docker info: Client: Debug Mode: false

Server: Containers: 1 Running: 0 Paused: 0 Stopped: 1 Images: 1 Server Version: 19.03.4 Storage Driver: overlay2 Backing Filesystem: extfs Supports d_type: true Native Overlay Diff: true Logging Driver: json-file Cgroup Driver: cgroupfs Plugins: Volume: local Network: bridge host ipvlan macvlan null overlay Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog Swarm: inactive Runtimes: runc Default Runtime: runc Init Binary: docker-init containerd version: b34a5c8af56e510852c35414db4c1f4fa6172339 runc version: 3e425f80a8c931f88e6d94a8c831b9d5aa481657 init version: fec3683 Security Options: apparmor seccomp Profile: default Kernel Version: 4.15.0-62-generic Operating System: Ubuntu 18.04.3 LTS OSType: linux Architecture: x86_64 CPUs: 4 Total Memory: 15.54GiB Name: sc0001-culper-ring ID: TOHZ:4PR3:FG72:7A5N:ZP76:6NIJ:7K74:2NFD:TYHB:UJ5Y:STYB:YWXM Docker Root Dir: /var/lib/docker Debug Mode: false Registry: https://index.docker.io/v1/ Labels: Experimental: false Insecure Registries: 127.0.0.0/8 Live Restore Enabled: false

WARNING: No swap limit support

Additional environment details (AWS, VirtualBox, physical, etc.)

uname -r

4.15.0-62-generic

4.15.0-62-generic #69-Ubuntu SMP Wed Sep 4 20:55:53 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux

#841 dmesg unregister_netdevice: waiting for lo to become free. Usage count

closed time in 11 hours

zakikhani

issue commentdocker/for-linux

unregister_netdevice waiting for IO

Looks like this issue is related to a kernel issue, not an issue in the docker daemon; I'll close this issue, but feel free to continue the conversation if you think I closed this in error

zakikhani

comment created time in 11 hours

pull request commentdocker/cli

Add support for docker push --quiet

ping @silvin-lubecki @kolyshkin PTAL

thaJeztah

comment created time in 12 hours

pull request commentdocker/cli

Added support for docker push --quiet

carrying in https://github.com/docker/cli/pull/2197

justyntemme

comment created time in 12 hours

PR opened docker/cli

Reviewers
Add support for docker push --quiet impact/changelog status/2-code-review
  • carries https://github.com/docker/cli/pull/1221 Added support for docker push --quiet
    • continues https://github.com/docker/cli/pull/1220 Added support for docker push --quiet
  • closes https://github.com/docker/cli/pull/1221 Added support for docker push --quiet
  • fixes https://github.com/docker/cli/issues/958 docker push should support --quiet flag
  • fixes https://github.com/docker/cli/issues/1930 docker push no progress/quiet
  • fixes https://github.com/moby/moby/issues/37417 docker push quiet option
  • fixes https://github.com/moby/moby/issues/36655 docker push should support --quiet flag
  • addresses the workaround in https://github.com/moby/moby/issues/13588#issuecomment-242694121

- Description for the changelog <!-- Write a short (one line) summary that describes the changes in this pull request for inclusion in the changelog: -->

+ Add support for docker push --quiet

- A picture of a cute animal (not mandatory but encouraged)

image

+34 -14

0 comment

4 changed files

pr created time in 12 hours

push eventthaJeztah/cli

Justyn Temme

commit sha 756ab2fb92998047d072a81ef432851411819030

Add support for docker push --quiet Signed-off-by: Justyn Temme <justyntemme@gmail.com> Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

view details

push time in 12 hours

push eventthaJeztah/cli

Justyn Temme

commit sha 82fac0b6ac5ea5353f5c53f4f0e577ee14e3de25

Added support for docker push --quiet Signed-off-by: Justyn Temme <justyntemme@gmail.com> Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

view details

push time in 12 hours

push eventmoby/moby

Olli Janatuinen

commit sha 447a840254410df3b9345c652b601f08447b8467

Windows: Use system specific parallelism value on containers restart Signed-off-by: Olli Janatuinen <olli.janatuinen@gmail.com>

view details

Sebastiaan van Stijn

commit sha c83188248e9c310b766942eac50fc84c533b7abe

Merge pull request #39733 from olljanat/win-restore-no-parallelism Windows: do not use parallelism on container restart

view details

push time in 12 hours

PR merged moby/moby

Windows: do not use parallelism on container restart platform/windows process/cherry-pick status/2-code-review

- What I did #38301 did set container restart/restore task parallelism limit to 128*NumCPU which is good limit for Linux containers. Especially when they are made correctly by following one process per container rule.

However Windows containers are much heavier and example Windows Server 2019 base image mcr.microsoft.com/windows/servercore:ltsc2019 it selves includes ~20 system processes which causes restoring to generate so high load to server and it cannot response anything else until restore is completed.

- How I did it Disabled restore parallelism from Windows platform.

- How to verify it I created 100 containers with restart policy:

for($i=1;$i -le 100;$i++) {
	docker run -d --restart always --network nat mcr.microsoft.com/windows/servercore:ltsc2019 ping -t 127.0.0.1
	start-sleep -seconds 10
}

On my 4 CPU test machine it they take about 8 minutes to restart with and without this changes. However there is big difference how server is able to response to other commands.

Without this change CPU load is constantly 100% and even typing text to notepad takes long time: without_patch_restore

After this change server still uses all CPU it have now it still responses to user input. docker_restart_parallel_1

- A picture of a cute animal (not mandatory but encouraged) image

+5 -2

29 comments

1 changed file

olljanat

pr closed time in 12 hours

pull request commentmoby/moby

Windows: do not use parallelism on container restart

let's merge 👍

olljanat

comment created time in 12 hours

push eventmoby/moby

Brian Goff

commit sha ce931f28ea8768baa7ca2725d9030fbf8a40d3ba

Windows: Only set VERSION_QUAD if unset When trying to build with some pretty typical version strings this was causing failures trying to generate the windows resource file. The resource file is already gated by an `ifdef` for this var, so instead of blindly setting based on "VERSION", which can contain some characters which are incompatible (e.g. 1.2.3.rc.0 will fail due to the ".rc"). Signed-off-by: Brian Goff <cpuguy83@gmail.com>

view details

Sebastiaan van Stijn

commit sha 9bcbc6603260203fc9fa9d7c90f9fdcfe4dc3df2

Merge pull request #40169 from cpuguy83/windows_version_quad_err Windows: Only set VERSION_QUAD if unset

view details

push time in a day

PR merged moby/moby

Reviewers
Windows: Only set VERSION_QUAD if unset

When trying to build with some pretty typical version strings this was causing failures trying to generate the windows resource file.

The resource file is already gated by an ifdef for this var, so instead of blindly setting based on "VERSION", which can contain some characters which are incompatible (e.g. 1.2.3.rc.0 will fail due to the ".rc").

+3 -1

1 comment

1 changed file

cpuguy83

pr closed time in a day

delete branch thaJeztah/containerd

delete branch : 1.3_backport_limit_travis_release

delete time in a day

delete branch thaJeztah/containerd

delete branch : update_mailmap

delete time in a day

pull request commentmoby/moby

Integration: skip TestInfoDebug on Windows

@vikramhh my mistake; I started this PR on a different branch, and forgot to add those later on; feel free to open a PR for that (pr remind me to open one)

thaJeztah

comment created time in 2 days

delete branch thaJeztah/containerd

delete branch : 1.2_backport_bump_golang_1.12.13

delete time in 2 days

delete branch thaJeztah/containerd

delete branch : update_go_1.13

delete time in 2 days

delete branch thaJeztah/containerd

delete branch : 1.3_backport_bump_golang_1.12.13

delete time in 3 days

pull request commentcontainerd/containerd

support cgroup2

@dmcgowan @crosbymichael @kolyshkin ptal

AkihiroSuda

comment created time in 4 days

create barnchthaJeztah/cli

branch : carry_1221_push_quiet

created branch time in 4 days

push eventthaJeztah/cli

Silvin Lubecki

commit sha 7eb6a29c0ba4aafece34b13fb851164f605a455f

Bump compose-on-kubernetes from v0.4.25-alpha1 to v0.5.0-alpha1 Signed-off-by: Silvin Lubecki <silvin.lubecki@docker.com>

view details

Sebastiaan van Stijn

commit sha 8aeaf60b3a6eb49ad3ee7bea63ae61f2817c7a7f

Merge pull request #2187 from silvin-lubecki/bump-compose-on-kube Bump compose-on-kubernetes from v0.4.25-alpha1 to v0.5.0-alpha1

view details

Anca Iordache

commit sha 22a5dad847f53dd5d1bde9a61027d13c0cbce94d

app-214 Load Client info in getter function Signed-off-by: Anca Iordache <anca.iordache@docker.com> Possible approach for client info - split ClientInfo() into ClientInfo() and loadClientInfo() - split ConfigFile() into ConfigFile() and loadConfigFile() - ConfigFile() and ClientInfo() call their corresponding loadXX function if it has not yet been loaded; this allows them to be used before Initialize() was called. - Initialize() *always* (re-)loads the configuration; this makes sure that the correct configuration is used when actually calling commands. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

view details

Silvin Lubecki

commit sha 37f9a88c696ae81be14c1697bd083d6421b4933c

Merge pull request #2095 from aiordache/app-214_client_info_load_func APP-214 Load Client info in getter function

view details

push time in 4 days

Pull request review commenttheupdateframework/notary

CircleCI: run jobs in parallel

 jobs:           command: |             docker version             docker info+            docker-compose version       - run:           name: "Build image"           command: docker build --progress=plain -t notary_client .-      - run: ./buildscripts/circle_parallelism.sh-      - run: docker-compose -f docker-compose.yml down -v && docker-compose -f docker-compose.rethink.yml down -v+      - run:+          name: "ci"+          command: docker run --rm -e NOTARY_BUILDTAGS --env-file buildscripts/env.list --user notary notary_client bash -c "make ci && codecov"+      - run:+          name: "Teardown"+          command: docker-compose -f docker-compose.yml down -v && docker-compose -f docker-compose.rethink.yml down -v++  job_02:+    machine:+      image: ubuntu-1604:201903-01+    working_directory: ~/go/src/github.com/theupdateframework/notary+    environment:+      NOTARY_BUILDTAGS: none+      DOCKER_BUILDKIT: 1+    steps:+      - add_ssh_keys+      - checkout+      - run:+          name: "Docker Info"+          command: |+            docker version+            docker info+            docker-compose version+      - run:+          name: "Build image"+          command: docker build --progress=plain -t notary_client .+      - run:+          name: "ci"+          command: docker run --rm -e NOTARY_BUILDTAGS --env-file buildscripts/env.list --user notary notary_client bash -c "make ci && codecov"

Ah, yes, I initially did that as I expected it to show up in the CI UI (but I think I mixed up CircleCI with TravisCI - Travis shows those in the UI 😂)

Still thought it was nice to have all the env-vars defined in a single place

thaJeztah

comment created time in 4 days

PR opened docker/engine

[19.03 backport] update containerd binary v1.3.0

cherry-picking the containerd v1.3.0 (binary) bump to 19.03, taken from https://github.com/moby/moby/pull/39713

this is to see if integration tests work fine if we would update the existing 19.03 version to the latest containerd

full diff: https://github.com/containerd/containerd/compare/v1.2.8..v1.3.0

Signed-off-by: Sebastiaan van Stijn github@gone.nl Signed-off-by: Derek McGowan derek@mcgstyle.net (cherry picked from commit 6c94a50f4198fffa44f93d627044f1ca43545081) Signed-off-by: Sebastiaan van Stijn github@gone.nl

- Description for the changelog <!-- Write a short (one line) summary that describes the changes in this pull request for inclusion in the changelog: -->

- A picture of a cute animal (not mandatory but encouraged)

+1 -1

0 comment

1 changed file

pr created time in 4 days

create barnchthaJeztah/docker

branch : 19.03_backport_update_containerd_1.3

created branch time in 4 days

push eventthaJeztah/docker

Yong Tang

commit sha f09dc2f4fc68c0e622797404763b757739b79aaa

Fix docker crash when creating namespaces with UID in /etc/subuid and /etc/subgid This fix tries to address the issue raised in 39353 where docker crash when creating namespaces with UID in /etc/subuid and /etc/subgid. The issue was that, mapping to `/etc/sub[u,g]id` in docker does not allow numeric ID. This fix fixes the issue by probing other combinations (uid:groupname, username:gid, uid:gid) when normal username:groupname fails. This fix fixes 39353. Signed-off-by: Yong Tang <yong.tang.github@outlook.com>

view details

Sebastiaan van Stijn

commit sha 9cf349d0f80d2399cdfad0321e0f181c2e7efa17

bump libnetwork 90afbb01e1d8acacb505a092744ea42b9f167377 full diff: https://github.com/docker/libnetwork/compare/0025177e3dabbe0de151be0957dcaff149d43536...90afbb01e1d8acacb505a092744ea42b9f167377 includes: - docker/libnetwork#/2459 Fix Error Check in NewNetwork - docker/libnetwork#/2466 Revert "Merge pull request #2339 from phyber/iptables-check" - reverts docker/libnetwork#/2339 controller: Check if IPTables is enabled for arrangeUserFilterRule - re-opens docker/libnetwork#2158 dockerd when run with --iptables=false modifies iptables by adding DOCKER-USER - re-opens moby/moby#35777 With iptables=false dockerd still creates DOCKER-USER chain and rules - re-opens docker/for-linux#136 dockerd --iptables=false adds DOCKER-USER chain and modify FORWARD chain anyway Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

view details

Sebastiaan van Stijn

commit sha 1a88e0255496ca8a5ffa70e845da43381c7fc8ea

Merge pull request #39764 from yongtang/39353-subgid-subuid Fix docker crash when creating namespaces with UID in /etc/subuid and /etc/subgid

view details

Tibor Vass

commit sha 36ffe9edc2b37a5154633f3fbc260217114039d4

Merge pull request #40192 from thaJeztah/bump_libnetwork bump libnetwork 90afbb01e1d8acacb505a092744ea42b9f167377

view details

push time in 4 days

pull request commentmoby/moby

Windows: Build and use gotestsum for running all tests

@vikramhh could you rebase this PR, because I think the failing test is fixed / skipped on master, so after rebasing, it should be green

thaJeztah

comment created time in 4 days

pull request commentmoby/moby

Bump hcsshim to 6c7177eae8be632af2e15e44b62d69ab18389ddb

@kevpar are you on the community Slack (or on our internal Slack?) if not; perhaps you could inform if you could be added there; we do have a shared channel with Microsoft, which is sometimes handy for quick discussions

vikramhh

comment created time in 4 days

pull request commentmoby/moby

Bump hcsshim to 6c7177eae8be632af2e15e44b62d69ab18389ddb

@kevpar there probably is; you should be able to take the environment variables and commands that are in the Jenkinsfile (but admittedly, I'm not on Windows, and have never tried to do so.

Be aware that on Windows, the tests cannot run docker-in-docker, so may modify things on the host, so might be good to run them in a test-machine https://github.com/moby/moby/blob/master/Jenkinsfile#L949-L1006

@vikramhh may be able to help more with that

vikramhh

comment created time in 4 days

pull request commentcontainerd/containerd

[release/1.3] Prepare v1.3.1 release

note that the Go 1.12.13 bump wasn't merged yet, but I anticipated it to be merged before a release is done 🤗

thaJeztah

comment created time in 4 days

pull request commentcontainerd/containerd

[release/1.2] Prepare v1.2.11 release

note that the Go 1.12.13 bump wasn't merged yet, but I anticipated it to be merged before a release is done 🤗

thaJeztah

comment created time in 4 days

pull request commentcontainerd/containerd

[release/1.3] Prepare v1.3.1 release

Generated release notes:

containerd 1.3.1

Welcome to the v1.3.1 release of containerd!

The first patch release for containerd 1.3 includes updated vendors/build runtimes that fix reported CVEs in runc and the Golang 1.12 runtime respectively.

Notable Updates

Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues.

Contributors

  • Michael Crosby
  • Sebastiaan van Stijn
  • Phil Estes
  • Akihiro Suda
  • Derek McGowan
  • Lantao Liu
  • Wei Fu
  • Ameya Gawde
  • Eli Uriegas

Changes

  • 94bcf3f2 Prepare v1.3.1 release
  • 0aeaac03 Merge pull request #3792 from ameyag/windows-shim-backport
  • 067be946 windows process shim installer
  • d6f0c29b Merge pull request #3779 from AkihiroSuda/disable-mknod00-in-userns-1.3
  • f3c48daf apply: use naive applier when running in UserNS
  • 7af311b4 Merge pull request #3769 from thaJeztah/1.3_backport_bump_golang_1.12.x
  • c3450507 Merge pull request #3772 from estesp/update-vndr-1.3
  • 03361219 Catch up vndr with state of vendor/ dir
  • 7f6f2c7d [release/1.3] pin travis to go 1.12.12
  • 23b0ca70 Update Golang 1.12.12 (CVE-2019-17596)
  • aa98dc6e Merge pull request #3754 from estesp/cp-1.3-3743
  • 0f6aab18 Handle large output in v2 shim with TTY
  • 7aaa8fc6 Merge pull request #3751 from AkihiroSuda/native-copydir-allow-xattr-errors-1.3
  • 1c3929e5 Merge pull request #3748 from seemethere/fix_man_1_3
  • f6a32a79 snapshots/native: ignore xattr errors during CopyDir
  • 3866900d Merge pull request #3745 from crosbymichael/localfs3
  • ffb05aeb build: Fix manpage generation
  • d168e8eb Add local-fs.target to service file
  • 0b43a311 Merge pull request #3740 from estesp/cp-1.3-3736
  • b3e9ded8 Fix delete error code on the containerd daemon side.
  • ea86733a Merge pull request #3733 from Random-Liu/cherrypick-#3730-release-1.3
  • 6746ae3e Fix shim delete error code.
  • efd38f48 Merge pull request #3724 from thaJeztah/1.3_backport_bump_runc_1.0.0-rc9
  • 6cbad878 bump runc v1.0.0-rc9
  • dfc256fc Bump runc to 1b8a1eeec3f337ab5d94f28980

Dependency Changes

Previous release can be found at v1.3.0

  • github.com/opencontainers/runc 3e425f80a8c9 -> d736ef14f028
thaJeztah

comment created time in 4 days

PR opened containerd/containerd

[release/1.3] Prepare v1.3.1 release

Signed-off-by: Sebastiaan van Stijn github@gone.nl

+35 -1

0 comment

2 changed files

pr created time in 4 days

create barnchthaJeztah/containerd

branch : release_1.3.1

created branch time in 4 days

pull request commentcontainerd/containerd

[release/1.3 backport] windows process shim installer

backport of https://github.com/containerd/containerd/pull/3790

ameyag

comment created time in 4 days

push eventthaJeztah/containerd

Sebastiaan van Stijn

commit sha 7b9f27e37c1d72ac2d4cbb6fd0e0676e9ee0e51a

Prepare v1.2.11 release * Update the runc vendor to v1.0.0-rc9 which includes an additional mitigation for [CVE-2019-16884](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16884). - More details on the runc CVE in [opencontainers/runc#2128](https://github.com/opencontainers/runc/issues/2128), and the additional mitigations in [opencontainers/runc#2130](https://github.com/opencontainers/runc/pull/2130). * Add local-fs.target to service file to fix corrupt image after unexpected host reboot. Reported in [containerd/containerd#3671](https://github.com/containerd/containerd/issues/3671), and fixed by [containerd/containerd#3746](https://github.com/containerd/containerd/pull/3746). * Update Golang runtime to 1.12.13, which includes security fixes to the `crypto/dsa` package made in Go 1.12.11 ([CVE-2019-17596](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17596)), and fixes to the go command, `runtime`, `syscall` and `net` packages (Go 1.12.12). * CRI fixes: - Fix shim delete error code to avoid unnecessary retries in the CRI plugin. Discovered in [containerd/cri#1309](https://github.com/containerd/cri/issues/1309), and fixed by [containerd/containerd#3732](https://github.com/containerd/containerd/pull/3732) and [containerd/containerd#3739](https://github.com/containerd/containerd/pull/3739). Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

view details

push time in 4 days

pull request commentcontainerd/containerd

[release/1.2] Prepare v1.2.11 release

hm, looks like GitHub Flavored markdown makes the line-wrapping a bit awkward; let me remove some newlines in the description

thaJeztah

comment created time in 4 days

pull request commentcontainerd/containerd

[release/1.2] Prepare v1.2.11 release

Generated notes;

containerd 1.2.11

Welcome to the v1.2.11 release of containerd!

The eleventh patch release for containerd 1.2 includes updated vendors/build runtimes that fix reported CVEs in runc and the Golang 1.12 runtime respectively.

Notable Updates

Please try out the release binaries and report any issues at https://github.com/containerd/containerd/issues.

Contributors

  • Sebastiaan van Stijn
  • Lantao Liu
  • Michael Crosby
  • Derek McGowan
  • Wei Fu
  • Mike Brown
  • Phil Estes

Changes

  • 8c92951c Prepare v1.2.11 release
  • c2383a5f Merge pull request #3768 from thaJeztah/1.2_backport_bump_golang_1.12.x
  • d1960b41 Merge pull request #3771 from estesp/update-vndr
  • 0b9135f1 Catch up vndr with state of vendor/ dir
  • 435e05fd [release/1.2] pin travis to go 1.12.12
  • e319caed Update Golang 1.12.12 (CVE-2019-17596)
  • b0d7ef61 Merge pull request #3746 from crosbymichael/localfs2
  • c471c95b Add local-fs.target to service file
  • c3532a35 Merge pull request #3739 from estesp/cp-1.2-3736
  • 847f74c2 Fix delete error code on the containerd daemon side.
  • 44563810 Merge pull request #3732 from Random-Liu/cherrypick-#3730-release-1.2
  • 611766af Fix shim delete error code.
  • 816dfe39 Merge pull request #3723 from thaJeztah/1.2_backport_bump_runc_1.0.0-rc9
  • 639be358 bump runc v1.0.0-rc9
  • b3019090 Bump runc to 1b8a1eeec3f337ab5d94f28980
  • 8fb208fb Revert "Revert "bump libseccomp-golang v0.9.1""
  • deca8e0e Merge pull request #3700 from Random-Liu/automate-cri-tarball-release
  • 889f5f80 Automate CRI tarball release.

Changes from containerd/cri

  • bab7348f Merge pull request #1304 from Random-Liu/cherrypick-#1266-release-1.2
  • ec7287ac Support local containerd release.

Dependency Changes

Previous release can be found at v1.2.10

  • github.com/containerd/cri 40affe7c7402 -> bab7348fcfcc
  • github.com/opencontainers/runc 3e425f80a8c9 -> d736ef14f028
  • github.com/seccomp/libseccomp-golang 32f571b70023 -> v0.9.1
thaJeztah

comment created time in 4 days

PR opened containerd/containerd

[release/1.2] Prepare v1.2.11 release

Signed-off-by: Sebastiaan van Stijn github@gone.nl

+41 -1

0 comment

2 changed files

pr created time in 4 days

create barnchthaJeztah/containerd

branch : release_1.2.11

created branch time in 4 days

fork thaJeztah/release-tool

A release tool for generating detailed release notes

fork in 4 days

push eventthaJeztah/containerd

Sebastiaan van Stijn

commit sha 608791bfc34ead497cdae9851a572fc78552a864

Update to Golang 1.13.4 go1.13.4 (released 2019/10/31) includes fixes to the net/http and syscall packages. It also fixes an issue on macOS 10.15 Catalina where the non- notarized installer and binaries were being rejected by Gatekeeper. See the Go 1.13.4 milestone on the issue tracker for details: https://github.com/golang/go/issues?q=milestone%3AGo1.13.4 Update to Golang 1.13.3: go1.13.3 (released 2019/10/17) includes fixes to the go command, the toolchain, the runtime, syscall, net, net/http, and crypto/ecdsa packages. See the Go 1.13.3 milestone on the issue tracker for details: https://github.com/golang/go/issues?q=milestone%3AGo1.13.3 Update to Golang 1.13.2: go1.13.2 (released 2019/10/17) includes security fixes to the crypto/dsa package and the compiler. See the Go 1.13.2 milestone on the issue tracker for details: https://github.com/golang/go/issues?q=milestone%3AGo1.13.2 Update to Golang 1.13.1: go1.13.1 (released 2019/09/25) includes security fixes to the net/http and net/textproto packages. See the Go 1.13.1 milestone on the issue tracker for details: https://github.com/golang/go/issues?q=milestone%3AGo1.13.1 Update to Golang 1.13.0: Full diff: https://github.com/golang/go/compare/go1.12.9...go1.13 Milestone: https://github.com/golang/go/milestone/83?closed=1 Today the Go team is very happy to announce the release of Go 1.13. You can get it from the download page. Some of the highlights include: - The go command now downloads and authenticates modules using the Go module mirror and Go checksum database by default (https://golang.org/doc/go1.13#introduction) - Improvements to number literals (https://golang.org/doc/go1.13#language) - Error wrapping (https://golang.org/doc/go1.13#error_wrapping) - TLS 1.3 on by default (https://golang.org/doc/go1.13#tls_1_3) - Improved modules support (https://golang.org/doc/go1.13#modules) For the complete list of changes and more information about the improvements above, see the Go 1.13 release notes: https://golang.org/doc/go1.13 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

view details

push time in 4 days

pull request commentcontainerd/containerd

Update to Golang 1.13.4

Probably need to either disable go mod, or work outside of go path

thaJeztah

comment created time in 4 days

pull request commentcontainerd/containerd

Update to Golang 1.13.4

Arf. Looks like it's failing on some go mod issue;

go: github.com/golangci/tools@v0.0.0-20190910062050-3540c026601b: invalid version: unknown revision 3540c026601b
thaJeztah

comment created time in 4 days

push eventthaJeztah/containerd

Sebastiaan van Stijn

commit sha 15669a1d34e904b4e45c85f763df2098e706ffb0

Update to Golang 1.12.13 go1.12.13 (released 2019/10/31) fixes an issue on macOS 10.15 Catalina where the non-notarized installer and binaries were being rejected by Gatekeeper. Only macOS users who hit this issue need to update. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

view details

Michael Crosby

commit sha 40ac9239a8b4e5f10d5f5a42293ec650f8ebc70c

Merge pull request #3806 from thaJeztah/bump_golang_1.12.13 Update to Golang 1.12.13

view details

Sebastiaan van Stijn

commit sha 0b622357c883d13d70dfe3fec4d9990a31f17181

Update to Golang 1.13.4 go1.13.4 (released 2019/10/31) includes fixes to the net/http and syscall packages. It also fixes an issue on macOS 10.15 Catalina where the non- notarized installer and binaries were being rejected by Gatekeeper. See the Go 1.13.4 milestone on the issue tracker for details: https://github.com/golang/go/issues?q=milestone%3AGo1.13.4 Update to Golang 1.13.3: go1.13.3 (released 2019/10/17) includes fixes to the go command, the toolchain, the runtime, syscall, net, net/http, and crypto/ecdsa packages. See the Go 1.13.3 milestone on the issue tracker for details: https://github.com/golang/go/issues?q=milestone%3AGo1.13.3 Update to Golang 1.13.2: go1.13.2 (released 2019/10/17) includes security fixes to the crypto/dsa package and the compiler. See the Go 1.13.2 milestone on the issue tracker for details: https://github.com/golang/go/issues?q=milestone%3AGo1.13.2 Update to Golang 1.13.1: go1.13.1 (released 2019/09/25) includes security fixes to the net/http and net/textproto packages. See the Go 1.13.1 milestone on the issue tracker for details: https://github.com/golang/go/issues?q=milestone%3AGo1.13.1 Update to Golang 1.13.0: Full diff: https://github.com/golang/go/compare/go1.12.9...go1.13 Milestone: https://github.com/golang/go/milestone/83?closed=1 Today the Go team is very happy to announce the release of Go 1.13. You can get it from the download page. Some of the highlights include: - The go command now downloads and authenticates modules using the Go module mirror and Go checksum database by default (https://golang.org/doc/go1.13#introduction) - Improvements to number literals (https://golang.org/doc/go1.13#language) - Error wrapping (https://golang.org/doc/go1.13#error_wrapping) - TLS 1.3 on by default (https://golang.org/doc/go1.13#tls_1_3) - Improved modules support (https://golang.org/doc/go1.13#modules) For the complete list of changes and more information about the improvements above, see the Go 1.13 release notes: https://golang.org/doc/go1.13 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

view details

push time in 4 days

pull request commentcontainerd/containerd

[release/1.2 backport] Update to Golang 1.12.13

master was merged; moving out of draft

thaJeztah

comment created time in 4 days

delete branch thaJeztah/containerd

delete branch : bump_golang_1.12.13

delete time in 4 days

pull request commentcontainerd/containerd

[release/1.3 backport] Update to Golang 1.12.13

master was merged; moving out of draft

thaJeztah

comment created time in 4 days

delete branch thaJeztah/docker

delete branch : bump_libnetwork

delete time in 4 days

PR opened containerd/containerd

Update .mailmap to reduce duplicates

Looked ad duplicates in the AUTHORS file that was generated, and fixed some of them

+20 -2

0 comment

1 changed file

pr created time in 4 days

create barnchthaJeztah/containerd

branch : update_mailmap

created branch time in 4 days

pull request commentcontainerd/containerd

[release/1.2 backport] Update to Golang 1.12.13

opened as draft, because the change wasn't merged yet on master

thaJeztah

comment created time in 4 days

PR opened containerd/containerd

[release/1.2 backport] Update to Golang 1.12.13

backport of https://github.com/containerd/containerd/pull/3806 for the 1.2 release branch some small conflicts due to travis having diverged a bit on master, but trivial to resolve

go1.12.13 (released 2019/10/31) fixes an issue on macOS 10.15 Catalina where the non-notarized installer and binaries were being rejected by Gatekeeper. Only macOS users who hit this issue need to update.

+3 -3

0 comment

3 changed files

pr created time in 4 days

create barnchthaJeztah/containerd

branch : 1.2_backport_bump_golang_1.12.13

created branch time in 4 days

pull request commentcontainerd/containerd

[release/1.3 backport] Update to Golang 1.12.13

opened as draft, because the change wasn't merged yet on master

thaJeztah

comment created time in 4 days

PR opened containerd/containerd

[release/1.3 backport] Update to Golang 1.12.13

backport of https://github.com/containerd/containerd/pull/3806 for the 1.3 release branch

go1.12.13 (released 2019/10/31) fixes an issue on macOS 10.15 Catalina where the non-notarized installer and binaries were being rejected by Gatekeeper. Only macOS users who hit this issue need to update.

+3 -3

0 comment

3 changed files

pr created time in 4 days

create barnchthaJeztah/containerd

branch : 1.3_backport_bump_golang_1.12.13

created branch time in 4 days

pull request commentcontainerd/containerd

[release/1.3 backport] Limit travis release script to a single build

ping @dmcgowan @Random-Liu @estesp PTAL

thaJeztah

comment created time in 4 days

PR opened containerd/containerd

[release/1.3 backport] Limit travis release script to a single build

back port of https://github.com/containerd/containerd/pull/3705 fixes https://github.com/containerd/containerd/issues/3704 "Release script race on upload sha256sum"

Prevent Travis from building and pushing up multiple times

+2 -3

0 comment

1 changed file

pr created time in 4 days

create barnchthaJeztah/containerd

branch : 1.3_backport_limit_travis_release

created branch time in 4 days

pull request commentcontainerd/containerd

Update to Golang 1.13.4

Also opened https://github.com/containerd/containerd/pull/3806 to bump master to Go 1.12.13; we may want to merge that one first if we want that to be cherry-picked into existing release branches

thaJeztah

comment created time in 4 days

Pull request review commentcontainerd/containerd

Update to Golang 1.12.13

 os: - linux  go:-  - "1.12.x"+  - "1.12.13"

same as https://github.com/containerd/containerd/pull/3620#discussion_r344307012

Changed this to be an explicit version as well; thought that if we'd have to update the AppVeyor config anyway, so might as well pin both travis and appveyor to use an explicit version

thaJeztah

comment created time in 4 days

PR opened containerd/containerd

Update to Golang 1.12.13

go1.12.13 (released 2019/10/31) fixes an issue on macOS 10.15 Catalina where the non-notarized installer and binaries were being rejected by Gatekeeper. Only macOS users who hit this issue need to update.

+3 -3

0 comment

3 changed files

pr created time in 4 days

create barnchthaJeztah/containerd

branch : bump_golang_1.12.13

created branch time in 4 days

Pull request review commentcontainerd/containerd

Update to Golang 1.13.4

 os: - linux  go:-  - "1.12.x"+  - "1.13.4"

Changed this to be an explicit version as well; thought that if we'd have to update the AppVeyor config anyway, so might as well pin both travis and appveyor to use an explicit version

thaJeztah

comment created time in 4 days

pull request commentcontainerd/containerd

Update to Golang 1.13.4

rebased, and updated to go 1.13.4

thaJeztah

comment created time in 4 days

push eventthaJeztah/containerd

Michael Crosby

commit sha f8cca26f3c0aea485841e96e3b524acc7ef6f4c1

Handle large output in v2 shim with TTY Reized the I/O buffers to align with the size of the kernel buffers with fifos and move the close aspect of the console to key off of the stdin closing. Fixes #3738 Signed-off-by: Michael Crosby <crosbymichael@gmail.com>

view details

Phil Estes

commit sha 57cfc902606e2d601d4fd910291ccbd391234446

Merge pull request #3743 from crosbymichael/v2blocking Handle large output in v2 shim with TTY

view details

Akihiro Suda

commit sha d52cbc19be7a8bb4937e52a57cf32ff2ea3bcb31

snapshots/native: ignore xattr errors during CopyDir `secuity.*` xattrs cannot be copied in most cases For moby/buildkit#1189 Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>

view details

Wei Fu

commit sha acdcf13d5eaf0dfe0eaeabe7194a82535549bc2b

Merge pull request #3749 from AkihiroSuda/native-copydir-allow-xattr-errors snapshots/native: ignore xattr errors during CopyDir

view details

Evan Cordell

commit sha 7177af84acdddfb3e36b7982cbac982bc7a8d5d5

Allow 202 response code for commit Quay returns this status code when pushing Signed-off-by: Evan Cordell <cordell.evan@gmail.com>

view details

Michael Crosby

commit sha 9c86b8f5ed49c63b887fe94c369c3a797e79c91f

Merge pull request #3750 from ecordell/202-accepted-response Allow 202 response code for commit

view details

Wei Fu

commit sha 074b453ac66797ab93d9570e826ef9c35b079b13

vendor: call vndr to remove useless pkgs and update vendor Signed-off-by: Wei Fu <fuweid89@gmail.com>

view details

Sebastiaan van Stijn

commit sha 6356e55be002df80b98ba59ec98dfd0ece7ec80c

Update Golang 1.12.12 (CVE-2019-17596) Golang 1.12.12 ------------------------------- go1.12.12 (released 2019/10/17) includes fixes to the go command, runtime, syscall and net packages. See the Go 1.12.12 milestone on our issue tracker for details. https://github.com/golang/go/issues?q=milestone%3AGo1.12.12 Golang 1.12.11 (CVE-2019-17596) ------------------------------- go1.12.11 (released 2019/10/17) includes security fixes to the crypto/dsa package. See the Go 1.12.11 milestone on our issue tracker for details. https://github.com/golang/go/issues?q=milestone%3AGo1.12.11 [security] Go 1.13.2 and Go 1.12.11 are released Hi gophers, We have just released Go 1.13.2 and Go 1.12.11 to address a recently reported security issue. We recommend that all affected users update to one of these releases (if you're not sure which, choose Go 1.13.2). Invalid DSA public keys can cause a panic in dsa.Verify. In particular, using crypto/x509.Verify on a crafted X.509 certificate chain can lead to a panic, even if the certificates don't chain to a trusted root. The chain can be delivered via a crypto/tls connection to a client, or to a server that accepts and verifies client certificates. net/http clients can be made to crash by an HTTPS server, while net/http servers that accept client certificates will recover the panic and are unaffected. Moreover, an application might crash invoking crypto/x509.(*CertificateRequest).CheckSignature on an X.509 certificate request, parsing a golang.org/x/crypto/openpgp Entity, or during a golang.org/x/crypto/otr conversation. Finally, a golang.org/x/crypto/ssh client can panic due to a malformed host key, while a server could panic if either PublicKeyCallback accepts a malformed public key, or if IsUserAuthority accepts a certificate with a malformed public key. The issue is CVE-2019-17596 and Go issue golang.org/issue/34960. Thanks to Daniel Mandragona for discovering and reporting this issue. We'd also like to thank regilero for a previous disclosure of CVE-2019-16276. The Go 1.13.2 release also includes a fix to the compiler that prevents improper access to negative slice indexes in rare cases. Affected code, in which the compiler can prove that the index is zero or negative, would have resulted in a panic in Go 1.12, but could have led to arbitrary memory read and writes in Go 1.13 and Go 1.13.1. This is Go issue golang.org/issue/34802. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

view details

Maksym Pavlenko

commit sha 36c4260e6fa15cb20012cfe95f322ef85cf771ca

Merge pull request #3760 from thaJeztah/bump_golang_1.12.x Update Golang 1.12.12 (CVE-2019-17596)

view details

Phil Estes

commit sha 3e3c5fe129e4d25e5ec215439bc7a0986e49f995

Merge pull request #3759 from fuweid/me-update-vendor vendor: call vndr to remove useless pkgs and update vendor

view details

Sebastiaan van Stijn

commit sha 885232b72f0b7ead6ffec76fe0adfda384572b6f

bump google.golang.org/grpc v1.23.1 full diff: https://github.com/grpc/grpc-go/compare/v1.23.0...v1.23.1 - grpc/grpc-go#3018 server: set and advertise max frame size of 16KB - grpc/grpc-go#3017 grpclb: fix deadlock in grpclb connection cache - Before the fix, if the timer to remove a SubConn fires at the same time NewSubConn cancels the timer, it caused a mutex leak and deadlock. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

view details

Phil Estes

commit sha 3bf461ae8ebec194e333a54ec0dfc562b741112c

Move autocomplete files to contrib/ Since recent versions of `vndr` are going to remove the autocomplete scripts from the urfave vendored content, we will just move them into `contrib/` and reference them in the documentation from that location. Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>

view details

Akihiro Suda

commit sha 0d8fc0a487f82b922122ca0280fe1ba3d19b3803

Merge pull request #3767 from thaJeztah/bump_grpc bump google.golang.org/grpc v1.23.1

view details

Phil Estes

commit sha 4523ab734aff7fd4abc0b676b767b1026b826278

Merge pull request #3766 from estesp/move-autocomplete Move autocomplete files to contrib/

view details

Justin Terry (VM)

commit sha 178469e2ae5b7edd9e55601415fe9f494ab22b9a

Update Microsoft/hcsshim vendor Updates Microsoft/hcsshim vendor commit hash to a recent version that now: 1. Supports container stats via the Stats RuntimeV2 gRPC call. 2. Fixes a regression when issuing a resize of the pty after the container has exited which previously in Docker was expected to be a non-error case. 3. Puts in a workaround when using a non-default sandbox size for Windows containers due to a platform bug. This expansion now happens in the go library itself. Signed-off-by: Justin Terry (VM) <juterry@microsoft.com>

view details

Justin Terry (VM)

commit sha 37b56cafc63445721c4475eea4e0994de3ed5118

Add ctr metrics support for Windows/LCOW containers Signed-off-by: Justin Terry (VM) <juterry@microsoft.com>

view details

Akihiro Suda

commit sha 966b1b8e30c9ccf7e0f3127da08d4db30133e3bc

Merge pull request #3775 from jterry75/vendor_hcsshim Update Microsoft/hcsshim vendor

view details

Akihiro Suda

commit sha c224edc5c6350026a7d35a09dce638b0f09e6d44

apply: use naive applier when running in UserNS `OverlayConvertWhiteout` calls `mknod c 0 0` which is not allowed when running in a user namespace, even in Ubuntu kernel. Although there is an alternative hacky way to create whiteouts without calling mknod as Moby `overlay2` actually does(see #3762), let's use naive applier when running in UserNS and call it a day. Close #3762 Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>

view details

Lantao Liu

commit sha aaccfcbe2b8792e5fa3711811f3025562485e8bb

Fix `containerd config dump`. Signed-off-by: Lantao Liu <lantaol@google.com>

view details

Akihiro Suda

commit sha f593efdf0c160037c9f831983f62537285739b03

RELEASES.md: 1.1 EOL v1.1 reached EOL on October 23, 2019 Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>

view details

push time in 4 days

push eventthaJeztah/containerd

Sebastiaan van Stijn

commit sha 885232b72f0b7ead6ffec76fe0adfda384572b6f

bump google.golang.org/grpc v1.23.1 full diff: https://github.com/grpc/grpc-go/compare/v1.23.0...v1.23.1 - grpc/grpc-go#3018 server: set and advertise max frame size of 16KB - grpc/grpc-go#3017 grpclb: fix deadlock in grpclb connection cache - Before the fix, if the timer to remove a SubConn fires at the same time NewSubConn cancels the timer, it caused a mutex leak and deadlock. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

view details

Phil Estes

commit sha 3bf461ae8ebec194e333a54ec0dfc562b741112c

Move autocomplete files to contrib/ Since recent versions of `vndr` are going to remove the autocomplete scripts from the urfave vendored content, we will just move them into `contrib/` and reference them in the documentation from that location. Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>

view details

Akihiro Suda

commit sha 0d8fc0a487f82b922122ca0280fe1ba3d19b3803

Merge pull request #3767 from thaJeztah/bump_grpc bump google.golang.org/grpc v1.23.1

view details

Phil Estes

commit sha 4523ab734aff7fd4abc0b676b767b1026b826278

Merge pull request #3766 from estesp/move-autocomplete Move autocomplete files to contrib/

view details

Justin Terry (VM)

commit sha 178469e2ae5b7edd9e55601415fe9f494ab22b9a

Update Microsoft/hcsshim vendor Updates Microsoft/hcsshim vendor commit hash to a recent version that now: 1. Supports container stats via the Stats RuntimeV2 gRPC call. 2. Fixes a regression when issuing a resize of the pty after the container has exited which previously in Docker was expected to be a non-error case. 3. Puts in a workaround when using a non-default sandbox size for Windows containers due to a platform bug. This expansion now happens in the go library itself. Signed-off-by: Justin Terry (VM) <juterry@microsoft.com>

view details

Justin Terry (VM)

commit sha 37b56cafc63445721c4475eea4e0994de3ed5118

Add ctr metrics support for Windows/LCOW containers Signed-off-by: Justin Terry (VM) <juterry@microsoft.com>

view details

Akihiro Suda

commit sha 966b1b8e30c9ccf7e0f3127da08d4db30133e3bc

Merge pull request #3775 from jterry75/vendor_hcsshim Update Microsoft/hcsshim vendor

view details

Akihiro Suda

commit sha c224edc5c6350026a7d35a09dce638b0f09e6d44

apply: use naive applier when running in UserNS `OverlayConvertWhiteout` calls `mknod c 0 0` which is not allowed when running in a user namespace, even in Ubuntu kernel. Although there is an alternative hacky way to create whiteouts without calling mknod as Moby `overlay2` actually does(see #3762), let's use naive applier when running in UserNS and call it a day. Close #3762 Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>

view details

Lantao Liu

commit sha aaccfcbe2b8792e5fa3711811f3025562485e8bb

Fix `containerd config dump`. Signed-off-by: Lantao Liu <lantaol@google.com>

view details

Akihiro Suda

commit sha f593efdf0c160037c9f831983f62537285739b03

RELEASES.md: 1.1 EOL v1.1 reached EOL on October 23, 2019 Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>

view details

Phil Estes

commit sha f05e19c5c6fa330753b84fe200f887cb3d62df41

Merge pull request #3777 from Random-Liu/fix-containerd-config Fix `containerd config dump`.

view details

Phil Estes

commit sha c59561a08ec1936d4632a6b4868110681216d160

Merge pull request #3763 from AkihiroSuda/disable-mknod00-in-userns apply: use naive applier when running in UserNS

view details

bpopovschi

commit sha e8c14c07c6d9c33df7484bdde4df166627b6b44a

Added filters to snapshots API Signed-off-by: bpopovschi <zyqsempai@mail.ru>

view details

Derek McGowan

commit sha 66aa1d3ef6f69be075f6acf10123f7e8db9112c2

Add snapshot walk implementations Temporarily remove zfs and aufs until interface update Signed-off-by: Derek McGowan <derek@mcgstyle.net>

view details

Akihiro Suda

commit sha 0c01992f9c8cc2794b3d2b4f2ed0b55a4b91ed9e

Merge pull request #3709 from Zyqsempai/3708-added-filters-to-shapsotters-api Added filters to snapshots API

view details

Lantao Liu

commit sha 20e844a227950952e110cf751a8efeb7dfcbf167

Use logrus trace support. Signed-off-by: Lantao Liu <lantaol@google.com>

view details

Phil Estes

commit sha aeec80fca165ab6217cd4c03fa59b1bee9cb0427

Merge pull request #3773 from Random-Liu/use-logrus-trace Use logrus trace support.

view details

Michael Crosby

commit sha edb6f2344a3629ada21b0f267e4db87161e859db

Merge pull request #3780 from AkihiroSuda/1.1-eol RELEASES.md: 1.1 EOL

view details

Manuel Rüger

commit sha 5e5584196b3ca6b9ccfd2fa8603a9b7d25746997

Makefile: Drop vndr whitelist Since autocompletions moved to contrib/ in https://github.com/containerd/containerd/pull/3766 Signed-off-by: Manuel Rüger <manuel@rueg.eu>

view details

Michael Crosby

commit sha cedd3cb16c37d266de18dfda1b8aed71b1d998e0

Merge pull request #3782 from mrueg/vndr-autocompl Makefile: Drop vndr whitelist

view details

push time in 4 days

Pull request review commentdocker/libnetwork

DOCKER-USER chain not created when IPTableEnable=false.

 package libnetwork import ( 	"github.com/docker/libnetwork/iptables" 	"github.com/sirupsen/logrus"+	"sync" )  const userChain = "DOCKER-USER" -func (c *controller) arrangeUserFilterRule() {-	c.Lock()-	arrangeUserFilterRule()-	c.Unlock()-	iptables.OnReloaded(func() {+var (+	ctrl          *controller = nil+	userChainOnce sync.Once

I realise having multiple controllers is not a realistic scenario; it's not what the code reflects though; there's a New(), which "creates a new instance of network controller", so it's not a singleton.

If:

  • iptables enable/disabled is not something that can be changed during the lifetime of a controller (wether that be a single one, or multiple)
  • arrangeUserFilterRule is idempotent (even if multiple controllers were instantiated, they would not trip over each other, because they'd only mutate iptables if the DOCKER-USER chain doesn't exist)

Then, why not setup the DOCKER-USER chain when instantiating the controller? (I don't think a sync.once would even be needed in that case)

suwang48404

comment created time in 5 days

delete branch thaJeztah/app

delete branch : use_the_out

delete time in 5 days

pull request commentmoby/moby

Use newer x/sys/windows SecurityAttributes struct (carry 40017)

@ArmandGrillet @tklauser thanks for the heads-up; I removed "do not merge" from the title, and triggered CI

thaJeztah

comment created time in 5 days

Pull request review commentdocker/libnetwork

DOCKER-USER chain not created when IPTableEnable=false.

 package libnetwork import ( 	"github.com/docker/libnetwork/iptables" 	"github.com/sirupsen/logrus"+	"sync" )  const userChain = "DOCKER-USER" -func (c *controller) arrangeUserFilterRule() {-	c.Lock()-	arrangeUserFilterRule()-	c.Unlock()-	iptables.OnReloaded(func() {+var (+	ctrl          *controller = nil+	userChainOnce sync.Once

Right, but effectively we're making controller a singleton(-like) construct, which makes the testing difficult (see above), but also makes the first controller that's created "magic" as that's the controller that now owns iptables.

So, wondering if there should be a sync.Once per controller, and only call if it iptables is enabled. I see arrangeUserFilterRule is already (largely) idempotent (as in: it stops adding the return/jump rules if the chain already existed).

Is iptables enabled/disabled a global option, or one per controller (wondering) 🤔

suwang48404

comment created time in 5 days

Pull request review commentdocker/libnetwork

DOCKER-USER chain not created when IPTableEnable=false.

+package libnetwork++import (+	"fmt"+	"github.com/docker/libnetwork/iptables"+	"github.com/docker/libnetwork/netlabel"+	"github.com/docker/libnetwork/options"+	"strings"+	"testing"+)++const (+	fwdChainName = "FORWARD"+	usrChainName = "DOCKER-USER"+)++func verifyUserChain(enabled, insert bool) error {+	output, err := iptables.Raw("-S", fwdChainName)+	if err != nil {+		return err+	}+	rules := strings.Split(string(output), "\n")+	if !enabled {+		if len(rules)-1 != 1 {+			return fmt.Errorf("chain %v: unexpected rules len=%v, %v, ",+				fwdChainName, len(rules), rules)+		}+		if _, err = iptables.Raw("-S", usrChainName); err == nil {+			return fmt.Errorf("chain %v: created unexpectedly", usrChainName)+		}+		return nil+	}+	nRules := 2+	if insert {+		nRules+++	}+	if nRules != len(rules)-1 || !strings.Contains(rules[1], usrChainName) {+		return fmt.Errorf("chain %v: unexpected rules len=%v, %v",+			fwdChainName, len(rules), rules)+	}++	output, err = iptables.Raw("-S", usrChainName)+	if err != nil {+		return err+	}+	rules = strings.Split(string(output), "\n")+	if len(rules)-1 != 2 {+		return fmt.Errorf("chain %v: unexpected rules len=%v, %v",+			usrChainName, len(rules), rules)+	}+	return nil+}++func testUserChain(t *testing.T, ctrl *controller, enabled, insert bool) {+	defer func() {+		_, err := iptables.Raw("-F", fwdChainName)+		if err != nil {+			t.Fatal(err)+		}+		_ = iptables.RemoveExistingChain(usrChainName, "")+	}()+	// init. condition, FORWARD chain empty+	// DOCKER-USER not exist+	err := verifyUserChain(false, insert)+	if err != nil {+		t.Fatal(err)+	}+	if insert {+		_, err = iptables.Raw("-A", fwdChainName, "-j", "DROP")

Right, so the thing that worries me a bit in the test, is that we're creating a new code-path just for the test. The production code does not have check wether or not this should be called. (The production code would (currently) call setupArrangeUserFilterRule and arrangeUserFilterRule when calling controller.NewNetwork(), which is not the code-path we're testing.

And because of userChainOnce and ctrl being global, we can't test different permutations of iptables being enabled/disabled etc.

suwang48404

comment created time in 5 days

delete branch thaJeztah/docker

delete branch : 19.03_backport_TestSearchCmdOptions

delete time in 5 days

pull request commentdocker/cli

Adding example of != in command list

That PR implemented label!=..., not until!=...

david-yu

comment created time in 5 days

pull request commentmoby/moby

Bump hcsshim to 6c7177eae8be632af2e15e44b62d69ab18389ddb

@ebalders there's a regression in this hcsshim version, which is currently blocking this from being merged

vikramhh

comment created time in 5 days

Pull request review commentcontainerd/containerd

ctr: add --runc-binary --runc-systemd-cgroup

 import ( 	"github.com/containerd/containerd/contrib/seccomp" 	"github.com/containerd/containerd/oci" 	"github.com/containerd/containerd/platforms"+	"github.com/containerd/containerd/runtime/v2/runc/options" 	"github.com/opencontainers/runtime-spec/specs-go" 	"github.com/pkg/errors" 	"github.com/urfave/cli" ) -var platformRunFlags []cli.Flag+var platformRunFlags = []cli.Flag{+	cli.StringFlag{+		Name:  "runc-binary",+		Usage: "specify runc-compatible binary",

should this be OCI compatible?

AkihiroSuda

comment created time in 5 days

delete branch thaJeztah/notary

delete branch : disable_debug

delete time in 5 days

push eventdocker/cli

Silvin Lubecki

commit sha 7eb6a29c0ba4aafece34b13fb851164f605a455f

Bump compose-on-kubernetes from v0.4.25-alpha1 to v0.5.0-alpha1 Signed-off-by: Silvin Lubecki <silvin.lubecki@docker.com>

view details

Sebastiaan van Stijn

commit sha 8aeaf60b3a6eb49ad3ee7bea63ae61f2817c7a7f

Merge pull request #2187 from silvin-lubecki/bump-compose-on-kube Bump compose-on-kubernetes from v0.4.25-alpha1 to v0.5.0-alpha1

view details

push time in 5 days

PR merged docker/cli

Bump compose-on-kubernetes from v0.4.25-alpha1 to v0.5.0-alpha1 status/2-code-review

- Description for the changelog

  • Bump compose-on-kubernetes from v0.4.25-alpha1 to v0.5.0-alpha1

- A picture of a cute animal (not mandatory but encouraged)

image

+1 -1

1 comment

1 changed file

silvin-lubecki

pr closed time in 5 days

pull request commentmoby/moby

builder/remotecontext: small refactor

Failure is a known flaky;

FAIL: amd64.integration-cli TestDockerSwarmSuite/TestSwarmLockUnlockCluster (85.08s)

restarting CI

thaJeztah

comment created time in 5 days

push eventmoby/moby

Yong Tang

commit sha f09dc2f4fc68c0e622797404763b757739b79aaa

Fix docker crash when creating namespaces with UID in /etc/subuid and /etc/subgid This fix tries to address the issue raised in 39353 where docker crash when creating namespaces with UID in /etc/subuid and /etc/subgid. The issue was that, mapping to `/etc/sub[u,g]id` in docker does not allow numeric ID. This fix fixes the issue by probing other combinations (uid:groupname, username:gid, uid:gid) when normal username:groupname fails. This fix fixes 39353. Signed-off-by: Yong Tang <yong.tang.github@outlook.com>

view details

Sebastiaan van Stijn

commit sha 1a88e0255496ca8a5ffa70e845da43381c7fc8ea

Merge pull request #39764 from yongtang/39353-subgid-subuid Fix docker crash when creating namespaces with UID in /etc/subuid and /etc/subgid

view details

push time in 5 days

PR merged moby/moby

Reviewers
Fix docker crash when creating namespaces with UID in /etc/subuid and /etc/subgid kind/bugfix rebuild/windowsRS1 status/4-merge

This fix tries to address the issue raised in #39353 where docker crash when creating namespaces with UID in /etc/subuid and /etc/subgid.

The issue was that, mapping to /etc/sub[u,g]id in docker does not allow numeric ID.

This fix fixes the issue by probing other combinations (uid:groupname, username:gid, uid:gid) when normal username:groupname fails.

This fix fixes #39353.

Signed-off-by: Yong Tang yong.tang.github@outlook.com

+23 -2

4 comments

1 changed file

yongtang

pr closed time in 5 days

issue closedmoby/moby

Docker crashes when creating namespaces with UID in /etc/subuid and /etc/subgid

<!-- If you are reporting a new issue, make sure that we do not have any duplicates already open. You can ensure this by searching the issue list for this repository. If there is a duplicate, please close your issue and add a comment to the existing issue instead.

If you suspect your issue is a bug, please edit your issue description to include the BUG REPORT INFORMATION shown below. If you fail to provide this information within 7 days, we cannot debug your issue and will close it. We will, however, reopen it if you later provide the information.

For more information about reporting issues, see https://github.com/moby/moby/blob/master/CONTRIBUTING.md#reporting-other-issues


GENERAL SUPPORT INFORMATION

The GitHub issue tracker is for bug reports and feature requests. General support for docker can be found at the following locations:

  • Docker Support Forums - https://forums.docker.com
  • Slack - community.docker.com #general channel
  • Post a question on StackOverflow, using the Docker tag

General support for moby can be found at the following locations:

  • Moby Project Forums - https://forums.mobyproject.org
  • Slack - community.docker.com #moby-project channel
  • Post a question on StackOverflow, using the Moby tag

BUG REPORT INFORMATION

Use the commands below to provide key information from your environment: You do NOT have to include this information if this is a FEATURE REQUEST -->

Description

<!--

I am trying to create docker namespaces for my container users. The container user is going to be different per environment aka "dev" "qa" and "prod". The UID (610) of the user will be the same across environments.

When I add UID instead of username in /etc/subuid and /etc/subgid docker crashes.

-->

Steps to reproduce the issue:

  1. Create subuid and subgid:

Here is what /etc/subuid and /etc/subgid look like:

$ cat /etc/subuid
610:123000:65536
$ cat /etc/subgid
610:123000:65536
  1. Create daemon.json:
# cat /etc/docker/daemon.json
{
    "icc": false,
    "live-restore": true,
    "no-new-privileges": true,
    "userland-proxy": false,
    "userns-remap": "610"
}
  1. Restart docker

Describe the results you received:

Run systemctl restart docker and docker will crash.

Run journalctl -xe to see the error:

Jun 11 12:19:22 mtldserint04.certapay.com dockerd[25538]: time="2019-06-11T12:19:22.583112066-04:00" level=info msg="User namespaces: ID ranges will be mapped to subuid/subgid ranges of: dev:dev
Jun 11 12:19:22 mtldserint04.certapay.com dockerd[25538]: Can't create ID mappings: No subuid ranges found for user "dev"

Describe the results you expected:

Docker restart doesnt crash

Additional information you deem important (e.g. issue happens only occasionally):

Here are my users

[root@mtldserint04 ~]# cat /etc/passwd | grep dev
dev:x:610:610:dev user:/home/dev:/bin/bash

Output of docker version:

docker version
Client:
 Version:           18.09.4
 API version:       1.39
 Go version:        go1.10.8
 Git commit:        d14af54266
 Built:             Wed Mar 27 18:34:51 2019
 OS/Arch:           linux/amd64
 Experimental:      false

Server: Docker Engine - Community
 Engine:
  Version:          18.09.4
  API version:      1.39 (minimum version 1.12)
  Go version:       go1.10.8
  Git commit:       d14af54
  Built:            Wed Mar 27 18:04:46 2019
  OS/Arch:          linux/amd64
  Experimental:     false```

Output of docker info:

docker info
Containers: 24
 Running: 0
 Paused: 0
 Stopped: 24
Images: 15
Server Version: 18.09.4
Storage Driver: overlay2
 Backing Filesystem: xfs
 Supports d_type: true
 Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
 Volume: local
 Network: bridge host macvlan null overlay
 Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: bb71b10fd8f58240ca47fbb579b9d1028eea7c84
runc version: 2b18fe1d885ee5083ef9f0838fee39b62d653e30
init version: fec3683
Security Options:
 seccomp
  Profile: default
 userns
Kernel Version: 3.10.0-957.5.1.el7.x86_64
Operating System: Red Hat Enterprise Linux
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 7.638GiB
Name: m04.***
ID: ***
Docker Root Dir: /var/lib/docker/123000.123000
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
 127.0.0.0/8
Live Restore Enabled: true
Product License: Community Engine
WARNING: bridge-nf-call-ip6tables is disabled

Additional environment details (AWS, VirtualBox, physical, etc.):

On prem RHEL 7.6 virtual machine running on VMWare

closed time in 5 days

daniyalj

pull request commentmoby/moby

Windows: Build and use gotestsum for running all tests

The issue we noticed when discussing, is that the naming of the tests for Windows is different than the ones for Linux, therefore the tests show in a different place; for reference, this is how the naming is set for the Linux ones for the junit.xml; https://github.com/moby/moby/blob/e7805653b8632aae4f789dbca238e25b16df964d/hack/make/.integration-test-helpers#L69-L90

thaJeztah

comment created time in 5 days

PR opened moby/moby

Reviewers
bump libnetwork 90afbb01e1d8acacb505a092744ea42b9f167377 area/networking status/2-code-review

full diff: https://github.com/docker/libnetwork/compare/0025177e3dabbe0de151be0957dcaff149d43536...90afbb01e1d8acacb505a092744ea42b9f167377

includes:

  • docker/libnetwork#/2459 Fix Error Check in NewNetwork
  • docker/libnetwork#/2466 Revert "Merge pull request #2339 from phyber/iptables-check"
    • reverts docker/libnetwork#/2339 controller: Check if IPTables is enabled for arrangeUserFilterRule
    • re-opens docker/libnetwork#2158 dockerd when run with --iptables=false modifies iptables by adding DOCKER-USER
    • re-opens moby/moby#35777 With iptables=false dockerd still creates DOCKER-USER chain and rules
    • re-opens docker/for-linux#136 dockerd --iptables=false adds DOCKER-USER chain and modify FORWARD chain anyway

- Description for the changelog <!-- Write a short (one line) summary that describes the changes in this pull request for inclusion in the changelog: -->

- A picture of a cute animal (not mandatory but encouraged)

+6 -36

0 comment

5 changed files

pr created time in 5 days

create barnchthaJeztah/docker

branch : bump_libnetwork

created branch time in 5 days

push eventthaJeztah/docker

Hannes Ljungberg

commit sha 4d09fab232ed282d020afbe1e0935b53379df4ad

Update service networks documentation The previous description stated that an array of names / ids could be passed when the API in reality expects objects in the form of NetworkAttachmentConfig. This is fixed by updating the description and adding a definition for NetworkAttachmentConfig. Signed-off-by: Hannes Ljungberg <hannes@5monkeys.se>

view details

Justen Martin

commit sha 3b49bd1d840d64ec603333eae28655b9ff5edc0c

replaced call to deprecated grpc method WithDialer with WithContextDialer Signed-off-by: Justen Martin <jmart@the-coder.com>

view details

lzhfromustc

commit sha 49fbb9c9854ff18ad9304f435c7c6722b0b4cfdb

registry: add a critical section to protect authTransport.modReq Signed-off-by: Ziheng Liu <lzhfromustc@gmail.com>

view details

Ziheng Liu

commit sha 6233217a31395b69aa814c7d3db5cf844eb87437

integration/internal/container: fix a goroutine leak bug by adding 1 buffer Signed-off-by: Ziheng Liu <lzhfromustc@gmail.com>

view details

Kir Kolyshkin

commit sha 9d4e81e8bf0d52a063c46a3dc826f7e85068b07d

hack/validate/vendor: print diff for modified files In case some files were modified (rather than merely added or removed), we're curious to see the diff for those. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>

view details

Kir Kolyshkin

commit sha 4be12ad3d04aefe6d5822d426813b33d2d4f9a7e

hack/validate/vendor: shellcheck fixes The export statement is definitely not needed. The rest is obvious. > In hack/validate/vendor line 3: > export SCRIPTDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" > ^-- SC2155: Declare and assign separately to avoid masking return values. > > > In hack/validate/vendor line 43: > if ls -d vendor/$f > /dev/null 2>&1; then > ^-- SC2086: Double quote to prevent globbing and word splitting. > > > In hack/validate/vendor line 44: > found=$(find vendor/$f -iregex '.*LICENSE.*' -or -iregex '.*COPYRIGHT.*' -or -iregex '.*COPYING.*' | wc -l) > ^-- SC2086: Double quote to prevent globbing and word splitting. > > > In hack/validate/vendor line 45: > if [ $found -eq 0 ]; then > ^-- SC2086: Double quote to prevent globbing and word splitting. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>

view details

Kir Kolyshkin

commit sha 57910190288c71242d914c292930a496d05f30cb

hack/validate/vendor: simplify looking for license It was suggested that we use '.*\(COPYING\|LICENSE\|COPYRIGHT\).*' as an argument to `find -iregex`, and this is how it all started. Next thing, there is no COPYRIGHT in any of the vendored packages, so it can be removed for good. Next, we should not look too deep inside the package directory, as the license should be in its root directory, so add `-maxdepth 1` to `find`. This should also speed things up. Finally, since we're not using the recursion feature of `find`, it can be replaced with `echo | grep`. While at it, * avoid temporary $pkgs variable as it is only used once; * replace `ls -d "vendor/$f" > /dev/null 2>&1` with `test -d`. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>

view details

Sam Whited

commit sha d6a91ca71c655f71c171e375b787c9c8b361c19e

Rename DCO check param in Jenkinsfile Previously it was a negative parameter for skiping the DCO check, but this is different from other checks. It was requested that I change this in #40023 but I'm factoring it out as an unrelated change. Signed-off-by: Sam Whited <sam@samwhited.com>

view details

Sebastiaan van Stijn

commit sha 9a7e96b5b7e97e034ce7bb0f1e7788d1bd881c7f

Rename "v1" to "statsV1" follow-up to 27552ceb15bca544820229e574427d4c1d6ef585, where this was left as a review comment, but the PR was already merged. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

view details

Kirill Kolyshkin

commit sha 7cde98488c2cfd7c3bc5a4a9044047cdab596663

Merge pull request #40159 from SamWhited/jenkins_dco_var_name Rename DCO check param in Jenkinsfile

view details

Kirill Kolyshkin

commit sha 76dbd884d3f1a02dc193305d2ac5824bcd3e4f0f

Merge pull request #40167 from thaJeztah/stats_alias Rename "v1" to "statsV1"

view details

Brian Goff

commit sha 6f8c671d702197a189d162d86a3f4cccfa5a3db2

Merge pull request #39495 from hannseman/network-attachment-config-docs Update service networks documentation

view details

Sebastiaan van Stijn

commit sha 3df4f86f21fbcae3535e2231828dce16a1940dbb

swagger: fix "generated code" comment not in correct format As described in https://golang.org/s/generatedcode, Go has a formalized format that should be used to indicate that a file is generated. Matching that format helps linters to skip generated files; From https://golang.org/s/generatedcode (https://github.com/golang/go/issues/13560#issuecomment-288457920); > Generated files are marked by a line of text that matches the regular expression, in Go syntax: > > ^// Code generated .* DO NOT EDIT\.$ > > The `.*` means the tool can put whatever folderol it wants in there, but the comment > must be a single line and must start with `Code generated` and end with `DO NOT EDIT.`, > with a period. > > The text may appear anywhere in the file. This patch updates the template used for our generated types to match that format. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

view details

Sebastiaan van Stijn

commit sha c511db70ed39f344f41ea8773cc9264a1eeddfda

api/types: re-generate with new template Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

view details

Sebastiaan van Stijn

commit sha 6186e9fe8794660d669f19a2e2ba7127321b817f

hack/make/.go-autogen: fix "generated code" comment not in correct format As described in https://golang.org/s/generatedcode, Go has a formalized format that should be used to indicate that a file is generated. Matching that format helps linters to skip generated files; From https://golang.org/s/generatedcode (https://github.com/golang/go/issues/13560#issuecomment-288457920); > Generated files are marked by a line of text that matches the regular expression, in Go syntax: > > ^// Code generated .* DO NOT EDIT\.$ > > The `.*` means the tool can put whatever folderol it wants in there, but the comment > must be a single line and must start with `Code generated` and end with `DO NOT EDIT.`, > with a period. > > The text may appear anywhere in the file. This patch updates the autogenerated code to match that format. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

view details

Brian Goff

commit sha 47c5c67ed825589b0d88d98d05d81c5d22b3e9a9

Merge pull request #40032 from jmartin84/fix-grpc-withdialer-deprecation-warning Fix grpc withdialer deprecation warning

view details

Kirill Kolyshkin

commit sha c36460c437c8c515c543dd31afcbb5c2a9f5dd48

Merge pull request #40077 from thaJeztah/fix_autogen_detection Update "auto-generate" comments to improve detection by linters

view details

Sam Whited

commit sha b96a0c775400821d80972619fbfe6a2070f3e9ba

Add daemon options required by buildkit tests Signed-off-by: Sam Whited <sam@samwhited.com>

view details

Sebastiaan van Stijn

commit sha 31abc6c089eb5acc8161f480335b33b12564a565

Merge pull request #40177 from SamWhited/buildkit_test_options Add daemon options required by buildkit tests

view details

Sam Whited

commit sha 0c9b232bf5263ab896637b394308510c4cfbd45d

Remove unused GlobalFlags Signed-off-by: Sam Whited <sam@samwhited.com>

view details

push time in 5 days

push eventmoby/moby

Kir Kolyshkin

commit sha 9d4e81e8bf0d52a063c46a3dc826f7e85068b07d

hack/validate/vendor: print diff for modified files In case some files were modified (rather than merely added or removed), we're curious to see the diff for those. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>

view details

Kir Kolyshkin

commit sha 4be12ad3d04aefe6d5822d426813b33d2d4f9a7e

hack/validate/vendor: shellcheck fixes The export statement is definitely not needed. The rest is obvious. > In hack/validate/vendor line 3: > export SCRIPTDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" > ^-- SC2155: Declare and assign separately to avoid masking return values. > > > In hack/validate/vendor line 43: > if ls -d vendor/$f > /dev/null 2>&1; then > ^-- SC2086: Double quote to prevent globbing and word splitting. > > > In hack/validate/vendor line 44: > found=$(find vendor/$f -iregex '.*LICENSE.*' -or -iregex '.*COPYRIGHT.*' -or -iregex '.*COPYING.*' | wc -l) > ^-- SC2086: Double quote to prevent globbing and word splitting. > > > In hack/validate/vendor line 45: > if [ $found -eq 0 ]; then > ^-- SC2086: Double quote to prevent globbing and word splitting. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>

view details

Kir Kolyshkin

commit sha 57910190288c71242d914c292930a496d05f30cb

hack/validate/vendor: simplify looking for license It was suggested that we use '.*\(COPYING\|LICENSE\|COPYRIGHT\).*' as an argument to `find -iregex`, and this is how it all started. Next thing, there is no COPYRIGHT in any of the vendored packages, so it can be removed for good. Next, we should not look too deep inside the package directory, as the license should be in its root directory, so add `-maxdepth 1` to `find`. This should also speed things up. Finally, since we're not using the recursion feature of `find`, it can be replaced with `echo | grep`. While at it, * avoid temporary $pkgs variable as it is only used once; * replace `ls -d "vendor/$f" > /dev/null 2>&1` with `test -d`. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>

view details

Sebastiaan van Stijn

commit sha e9bd017b680cf3eb05d8db21500979ac22969658

Merge pull request #40148 from kolyshkin/vendor-diff hack/validate/vendor: print diff for modified files

view details

push time in 5 days

PR merged moby/moby

Reviewers
hack/validate/vendor: print diff for modified files area/testing kind/enhancement process/cherry-pick status/2-code-review

In case some files were modified (rather than merely added or removed), we're curious to see the diff for those.

Idea-by: @thaJeztah

While at it,

  • fix some shellcheck warnings;
  • optimize/simplify validate_vendor_used.
+9 -6

2 comments

1 changed file

kolyshkin

pr closed time in 5 days

Pull request review commentmoby/moby

hack/validate/vendor: print diff for modified files

 validate_vendor_diff(){ 		vndr 		# check if any files have changed 		diffs="$(git status --porcelain -- vendor 2>/dev/null)"

vendor.conf is only updated manually, so that shouldn't be an issue

kolyshkin

comment created time in 5 days

issue closeddocker/libnetwork

Flaky test: TestNetworkDBIslands

Seen failing on various ocassions; for example, in https://github.com/docker/libnetwork/pull/2393; https://circleci.com/gh/docker/libnetwork/8871 and various others; https://github.com/docker/libnetwork/pulls?utf8=✓&q=is%3Apr+is%3Aopen+TestNetworkDBIslands

--- FAIL: TestNetworkDBIslands (75.82s)
	Location:	networkdb_test.go:838
	Error:		"map[1722b448b57a:1722b448b57a 6958c4881c3b:6958c4881c3b]" should have 3 item(s), but has 2


	Location:	networkdb_test.go:839
	Error:		"map[3fd12de03ffa:3fd12de03ffa]" should have 0 item(s), but has 1


FAIL

closed time in 5 days

thaJeztah

issue commentdocker/libnetwork

Flaky test: TestNetworkDBIslands

should be fixed by https://github.com/docker/libnetwork/pull/2458

thaJeztah

comment created time in 5 days

issue closeddocker/libnetwork

Flaky test: TestNetworkDBCRUDMediumCluster

Seen failing on various occasions; for example, in https://github.com/docker/libnetwork/pull/2393; https://circleci.com/gh/docker/libnetwork/8871

failures look like:

2019/06/09 10:27:00 Closing DB instances...
--- FAIL: TestNetworkDBCRUDMediumCluster (8.22s)
	Location:	networkdb_test.go:113
	Error:		Network existence verification failed

or

=== RUN   TestNetworkDBCRUDMediumCluster
--- FAIL: TestNetworkDBCRUDMediumCluster (2.00s)
	networkdb_test.go:58: Number of nodes for node2 into the cluster does not match 5 != 4

closed time in 5 days

thaJeztah

issue commentdocker/libnetwork

Flaky test: TestNetworkDBCRUDMediumCluster

should be fixed by https://github.com/docker/libnetwork/pull/2458

thaJeztah

comment created time in 5 days

Pull request review commentdocker/libnetwork

DOCKER-USER chain not created when IPTableEnable=false.

+package libnetwork++import (+	"fmt"+	"github.com/docker/libnetwork/iptables"+	"github.com/docker/libnetwork/netlabel"+	"github.com/docker/libnetwork/options"+	"strings"+	"testing"+)++const (+	fwdChainName = "FORWARD"+	usrChainName = "DOCKER-USER"+)++func verifyUserChain(enabled, insert bool) error {+	output, err := iptables.Raw("-S", fwdChainName)+	if err != nil {+		return err+	}+	rules := strings.Split(string(output), "\n")+	if !enabled {+		if len(rules)-1 != 1 {

Having to use len(rules)-1 everywhere makes it a bit difficult to read; IIUC, the -1 is to compensate for the trailing newline; perhaps add a small helper function that reads all rules in a chain, and drops the last one?

Something like;

func getRules(t *testing.T, chain string) []string {
	t.Helper()
	output, err := iptables.Raw("-S", chain)
	assert.NilError(t, err, "chain %s: failed to get rules", chain)

	rules := strings.Split(string(output), "\n")
	if len(rules) > 0 {
		rules = rules[:len(rules)-1]
	}
	return rules
}

Also, perhaps instead of checking number of rules, we should add an expected []string to the tests, to check that the expected rules are created 🤔

suwang48404

comment created time in 6 days

more