Merge pull request #429 from thaJeztah/19.03_backport_windows_1903_fixes
[19.03 backport] bump hcsshim to fix docker build failing on Windows 1903
diff --git a/Dockerfile b/Dockerfile
index 766db8a..ef2311f 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -25,7 +25,7 @@
#
ARG CROSS="false"
-ARG GO_VERSION=1.12.12
+ARG GO_VERSION=1.12.15
ARG DEBIAN_FRONTEND=noninteractive
FROM golang:${GO_VERSION}-stretch AS base
diff --git a/Dockerfile.e2e b/Dockerfile.e2e
index b18b3ab..9066c15 100644
--- a/Dockerfile.e2e
+++ b/Dockerfile.e2e
@@ -1,4 +1,4 @@
-ARG GO_VERSION=1.12.12
+ARG GO_VERSION=1.12.15
FROM golang:${GO_VERSION}-alpine AS base
diff --git a/Dockerfile.simple b/Dockerfile.simple
index 839675e..26bd269 100644
--- a/Dockerfile.simple
+++ b/Dockerfile.simple
@@ -5,7 +5,7 @@
# This represents the bare minimum required to build and test Docker.
-ARG GO_VERSION=1.12.12
+ARG GO_VERSION=1.12.15
FROM golang:${GO_VERSION}-stretch
diff --git a/Dockerfile.windows b/Dockerfile.windows
index 4f39676..f1f7303 100644
--- a/Dockerfile.windows
+++ b/Dockerfile.windows
@@ -45,8 +45,8 @@
#
# 1. Clone the sources from github.com:
#
-# >> git clone https://github.com/docker/docker.git C:\go\src\github.com\docker\docker
-# >> Cloning into 'C:\go\src\github.com\docker\docker'...
+# >> git clone https://github.com/docker/docker.git C:\gopath\src\github.com\docker\docker
+# >> Cloning into 'C:\gopath\src\github.com\docker\docker'...
# >> remote: Counting objects: 186216, done.
# >> remote: Compressing objects: 100% (21/21), done.
# >> remote: Total 186216 (delta 5), reused 0 (delta 0), pack-reused 186195
@@ -59,7 +59,7 @@
#
# 2. Change directory to the cloned docker sources:
#
-# >> cd C:\go\src\github.com\docker\docker
+# >> cd C:\gopath\src\github.com\docker\docker
#
#
# 3. Build a docker image with the components required to build the docker binaries from source
@@ -79,8 +79,8 @@
# 5. Copy the binaries out of the container, replacing HostPath with an appropriate destination
# folder on the host system where you want the binaries to be located.
#
-# >> docker cp binaries:C:\go\src\github.com\docker\docker\bundles\docker.exe C:\HostPath\docker.exe
-# >> docker cp binaries:C:\go\src\github.com\docker\docker\bundles\dockerd.exe C:\HostPath\dockerd.exe
+# >> docker cp binaries:C:\gopath\src\github.com\docker\docker\bundles\docker.exe C:\HostPath\docker.exe
+# >> docker cp binaries:C:\gopath\src\github.com\docker\docker\bundles\dockerd.exe C:\HostPath\dockerd.exe
#
#
# 6. (Optional) Remove the interim container holding the built executable binaries:
@@ -165,14 +165,14 @@
# Use PowerShell as the default shell
SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"]
-ARG GO_VERSION=1.12.12
+ARG GO_VERSION=1.12.15
# Environment variable notes:
# - GO_VERSION must be consistent with 'Dockerfile' used by Linux.
# - FROM_DOCKERFILE is used for detection of building within a container.
ENV GO_VERSION=${GO_VERSION} `
GIT_VERSION=2.11.1 `
- GOPATH=C:\go `
+ GOPATH=C:\gopath `
FROM_DOCKERFILE=1
RUN `
@@ -249,7 +249,7 @@
Remove-Item C:\gitsetup.zip; `
`
Write-Host INFO: Creating source directory...; `
- New-Item -ItemType Directory -Path C:\go\src\github.com\docker\docker | Out-Null; `
+ New-Item -ItemType Directory -Path ${GOPATH}\src\github.com\docker\docker | Out-Null; `
`
Write-Host INFO: Configuring git core.autocrlf...; `
C:\git\cmd\git config --global core.autocrlf true; `
@@ -260,7 +260,7 @@
ENTRYPOINT ["powershell.exe"]
# Set the working directory to the location of the sources
-WORKDIR C:\go\src\github.com\docker\docker
+WORKDIR ${GOPATH}\src\github.com\docker\docker
# Copy the sources into the container
COPY . .
diff --git a/api/swagger.yaml b/api/swagger.yaml
index d2dc488..42c98d6 100644
--- a/api/swagger.yaml
+++ b/api/swagger.yaml
@@ -618,6 +618,71 @@
description: "Start period for the container to initialize before starting health-retries countdown in nanoseconds. It should be 0 or at least 1000000 (1 ms). 0 means inherit."
type: "integer"
+ Health:
+ description: |
+ Health stores information about the container's healthcheck results.
+ type: "object"
+ properties:
+ Status:
+ description: |
+ Status is one of `none`, `starting`, `healthy` or `unhealthy`
+
+ - "none" Indicates there is no healthcheck
+ - "starting" Starting indicates that the container is not yet ready
+ - "healthy" Healthy indicates that the container is running correctly
+ - "unhealthy" Unhealthy indicates that the container has a problem
+ type: "string"
+ enum:
+ - "none"
+ - "starting"
+ - "healthy"
+ - "unhealthy"
+ example: "healthy"
+ FailingStreak:
+ description: "FailingStreak is the number of consecutive failures"
+ type: "integer"
+ example: 0
+ Log:
+ type: "array"
+ description: |
+ Log contains the last few results (oldest first)
+ items:
+ x-nullable: true
+ $ref: "#/definitions/HealthcheckResult"
+
+ HealthcheckResult:
+ description: |
+ HealthcheckResult stores information about a single run of a healthcheck probe
+ type: "object"
+ properties:
+ Start:
+ description: |
+ Date and time at which this check started in
+ [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
+ type: "string"
+ format: "date-time"
+ example: "2020-01-04T10:44:24.496525531Z"
+ End:
+ description: |
+ Date and time at which this check ended in
+ [RFC 3339](https://www.ietf.org/rfc/rfc3339.txt) format with nano-seconds.
+ type: "string"
+ format: "dateTime"
+ example: "2020-01-04T10:45:21.364524523Z"
+ ExitCode:
+ description: |
+ ExitCode meanings:
+
+ - `0` healthy
+ - `1` unhealthy
+ - `2` reserved (considered unhealthy)
+ - other values: error running probe
+ type: "integer"
+ example: 0
+ Output:
+ description: "Output from last check"
+ type: "string"
+
HostConfig:
description: "Container configuration that depends on the host we are running on"
allOf:
@@ -628,12 +693,44 @@
Binds:
type: "array"
description: |
- A list of volume bindings for this container. Each volume binding is a string in one of these forms:
+ A list of volume bindings for this container. Each volume binding
+ is a string in one of these forms:
- - `host-src:container-dest` to bind-mount a host path into the container. Both `host-src`, and `container-dest` must be an _absolute_ path.
- - `host-src:container-dest:ro` to make the bind mount read-only inside the container. Both `host-src`, and `container-dest` must be an _absolute_ path.
- - `volume-name:container-dest` to bind-mount a volume managed by a volume driver into the container. `container-dest` must be an _absolute_ path.
- - `volume-name:container-dest:ro` to mount the volume read-only inside the container. `container-dest` must be an _absolute_ path.
+ - `host-src:container-dest[:options]` to bind-mount a host path
+ into the container. Both `host-src`, and `container-dest` must
+ be an _absolute_ path.
+ - `volume-name:container-dest[:options]` to bind-mount a volume
+ managed by a volume driver into the container. `container-dest`
+ must be an _absolute_ path.
+
+ `options` is an optional, comma-delimited list of:
+
+ - `nocopy` disables automatic copying of data from the container
+ path to the volume. The `nocopy` flag only applies to named volumes.
+ - `[ro|rw]` mounts a volume read-only or read-write, respectively.
+ If omitted or set to `rw`, volumes are mounted read-write.
+ - `[z|Z]` applies SELinux labels to allow or deny multiple containers
+ to read and write to the same volume.
+ - `z`: a _shared_ content label is applied to the content. This
+ label indicates that multiple containers can share the volume
+ content, for both reading and writing.
+ - `Z`: a _private unshared_ label is applied to the content.
+ This label indicates that only the current container can use
+ a private volume. Labeling systems such as SELinux require
+ proper labels to be placed on volume content that is mounted
+ into a container. Without a label, the security system can
+ prevent a container's processes from using the content. By
+ default, the labels set by the host operating system are not
+ modified.
+ - `[[r]shared|[r]slave|[r]private]` specifies mount
+ [propagation behavior](https://www.kernel.org/doc/Documentation/filesystems/sharedsubtree.txt).
+ This only applies to bind-mounted volumes, not internal volumes
+ or named volumes. Mount propagation requires the source mount
+ point (the location where the source directory is mounted in the
+ host operating system) to have the correct propagation properties.
+ For shared volumes, the source mount point must be set to `shared`.
+ For slave volumes, the mount must be set to either `shared` or
+ `slave`.
items:
type: "string"
ContainerIDFile:
@@ -2970,16 +3067,10 @@
description: "Runtime is the type of runtime specified for the task executor."
type: "string"
Networks:
+ description: "Specifies which networks the service should attach to."
type: "array"
items:
- type: "object"
- properties:
- Target:
- type: "string"
- Aliases:
- type: "array"
- items:
- type: "string"
+ $ref: "#/definitions/NetworkAttachmentConfig"
LogDriver:
description: "Specifies the log driver to use for tasks created from this spec. If not present, the default one for the swarm will be used, finally falling back to the engine default if not specified."
type: "object"
@@ -3225,17 +3316,11 @@
- "stop-first"
- "start-first"
Networks:
- description: "Array of network names or IDs to attach the service to."
+ description: "Specifies which networks the service should attach to."
type: "array"
items:
- type: "object"
- properties:
- Target:
- type: "string"
- Aliases:
- type: "array"
- items:
- type: "string"
+ $ref: "#/definitions/NetworkAttachmentConfig"
+
EndpointSpec:
$ref: "#/definitions/EndpointSpec"
@@ -3280,8 +3365,8 @@
type: "object"
properties:
Mode:
- description: "The mode of resolution to use for internal load balancing
- between tasks."
+ description: |
+ The mode of resolution to use for internal load balancing between tasks.
type: "string"
enum:
- "vip"
@@ -3609,6 +3694,70 @@
Spec:
$ref: "#/definitions/ConfigSpec"
+ ContainerState:
+ description: |
+ ContainerState stores container's running state. It's part of ContainerJSONBase
+ and will be returned by the "inspect" command.
+ type: "object"
+ properties:
+ Status:
+ description: |
+ String representation of the container state. Can be one of "created",
+ "running", "paused", "restarting", "removing", "exited", or "dead".
+ type: "string"
+ enum: ["created", "running", "paused", "restarting", "removing", "exited", "dead"]
+ example: "running"
+ Running:
+ description: |
+ Whether this container is running.
+
+ Note that a running container can be _paused_. The `Running` and `Paused`
+ booleans are not mutually exclusive:
+
+ When pausing a container (on Linux), the freezer cgroup is used to suspend
+ all processes in the container. Freezing the process requires the process to
+ be running. As a result, paused containers are both `Running` _and_ `Paused`.
+
+ Use the `Status` field instead to determine if a container's state is "running".
+ type: "boolean"
+ example: true
+ Paused:
+ description: "Whether this container is paused."
+ type: "boolean"
+ example: false
+ Restarting:
+ description: "Whether this container is restarting."
+ type: "boolean"
+ example: false
+ OOMKilled:
+ description: "Whether this container has been killed because it ran out of memory."
+ type: "boolean"
+ example: false
+ Dead:
+ type: "boolean"
+ example: false
+ Pid:
+ description: "The process ID of this container"
+ type: "integer"
+ example: 1234
+ ExitCode:
+ description: "The last exit code of this container"
+ type: "integer"
+ example: 0
+ Error:
+ type: "string"
+ StartedAt:
+ description: "The time when this container was last started."
+ type: "string"
+ example: "2020-01-06T09:06:59.461876391Z"
+ FinishedAt:
+ description: "The time when this container last exited."
+ type: "string"
+ example: "2020-01-06T09:07:59.461876391Z"
+ Health:
+ x-nullable: true
+ $ref: "#/definitions/Health"
+
SystemInfo:
type: "object"
properties:
@@ -4407,6 +4556,24 @@
IP address and ports at which this node can be reached.
type: "string"
+ NetworkAttachmentConfig:
+ description: "Specifies how a service should be attached to a particular network."
+ type: "object"
+ properties:
+ Target:
+ description: "The target network for attachment. Must be a network name or ID."
+ type: "string"
+ Aliases:
+ description: "Discoverable alternate names for the service on this network."
+ type: "array"
+ items:
+ type: "string"
+ DriverOpts:
+ description: "Driver attachment options for the network target"
+ type: "object"
+ additionalProperties:
+ type: "string"
+
paths:
/containers/json:
get:
@@ -4822,52 +4989,8 @@
items:
type: "string"
State:
- description: "The state of the container."
- type: "object"
- properties:
- Status:
- description: |
- The status of the container. For example, `"running"` or `"exited"`.
- type: "string"
- enum: ["created", "running", "paused", "restarting", "removing", "exited", "dead"]
- Running:
- description: |
- Whether this container is running.
-
- Note that a running container can be _paused_. The `Running` and `Paused`
- booleans are not mutually exclusive:
-
- When pausing a container (on Linux), the cgroups freezer is used to suspend
- all processes in the container. Freezing the process requires the process to
- be running. As a result, paused containers are both `Running` _and_ `Paused`.
-
- Use the `Status` field instead to determine if a container's state is "running".
- type: "boolean"
- Paused:
- description: "Whether this container is paused."
- type: "boolean"
- Restarting:
- description: "Whether this container is restarting."
- type: "boolean"
- OOMKilled:
- description: "Whether this container has been killed because it ran out of memory."
- type: "boolean"
- Dead:
- type: "boolean"
- Pid:
- description: "The process ID of this container"
- type: "integer"
- ExitCode:
- description: "The last exit code of this container"
- type: "integer"
- Error:
- type: "string"
- StartedAt:
- description: "The time when this container was last started."
- type: "string"
- FinishedAt:
- description: "The time when this container last exited."
- type: "string"
+ x-nullable: true
+ $ref: "#/definitions/ContainerState"
Image:
description: "The container's image"
type: "string"
@@ -4888,6 +5011,8 @@
type: "integer"
Driver:
type: "string"
+ Platform:
+ type: "string"
MountLabel:
type: "string"
ProcessLabel:
@@ -4937,6 +5062,8 @@
Domainname: ""
Env:
- "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+ Healthcheck:
+ Test: ["CMD-SHELL", "exit 0"]
Hostname: "ba033ac44011"
Image: "ubuntu"
Labels:
@@ -5048,6 +5175,14 @@
Error: ""
ExitCode: 9
FinishedAt: "2015-01-06T15:47:32.080254511Z"
+ Health:
+ Status: "healthy"
+ FailingStreak: 0
+ Log:
+ - Start: "2019-12-22T10:59:05.6385933Z"
+ End: "2019-12-22T10:59:05.8078452Z"
+ ExitCode: 0
+ Output: ""
OOMKilled: false
Dead: false
Paused: false
@@ -5507,8 +5642,6 @@
description: "no error"
304:
description: "container already started"
- schema:
- $ref: "#/definitions/ErrorResponse"
404:
description: "no such container"
schema:
@@ -5540,8 +5673,6 @@
description: "no error"
304:
description: "container already stopped"
- schema:
- $ref: "#/definitions/ErrorResponse"
404:
description: "no such container"
schema:
@@ -5732,9 +5863,9 @@
post:
summary: "Pause a container"
description: |
- Use the cgroups freezer to suspend all processes in a container.
+ Use the freezer cgroup to suspend all processes in a container.
- Traditionally, when suspending a process the `SIGSTOP` signal is used, which is observable by the process being suspended. With the cgroups freezer the process is unaware, and unable to capture, that it is being suspended, and subsequently resumed.
+ Traditionally, when suspending a process the `SIGSTOP` signal is used, which is observable by the process being suspended. With the freezer cgroup the process is unaware, and unable to capture, that it is being suspended, and subsequently resumed.
operationId: "ContainerPause"
responses:
204:
@@ -6457,10 +6588,11 @@
type: "string"
- name: "networkmode"
in: "query"
- description: "Sets the networking mode for the run commands during
- build. Supported standard values are: `bridge`, `host`, `none`, and
- `container:<name|id>`. Any other value is taken as a custom network's
- name to which this container should connect to."
+ description: |
+ Sets the networking mode for the run commands during build. Supported
+ standard values are: `bridge`, `host`, `none`, and `container:<name|id>`.
+ Any other value is taken as a custom network's name or ID to which this
+ container should connect to.
type: "string"
- name: "Content-type"
in: "header"
@@ -6605,6 +6737,10 @@
in: "query"
description: "Tag or digest. If empty when pulling an image, this causes all tags for the given image to be pulled."
type: "string"
+ - name: "message"
+ in: "query"
+ description: "Set commit message for imported image."
+ type: "string"
- name: "inputImage"
in: "body"
description: "Image content if the value `-` has been specified in fromSrc query parameter"
@@ -9549,17 +9685,19 @@
type: "integer"
- name: "registryAuthFrom"
in: "query"
+ description: |
+ If the `X-Registry-Auth` header is not specified, this parameter
+ indicates where to find registry authorization credentials.
type: "string"
- description: "If the X-Registry-Auth header is not specified, this
- parameter indicates where to find registry authorization credentials. The
- valid values are `spec` and `previous-spec`."
+ enum: ["spec", "previous-spec"]
default: "spec"
- name: "rollback"
in: "query"
+ description: |
+ Set to this parameter to `previous` to cause a server-side rollback
+ to the previous service spec. The supplied spec will be ignored in
+ this case.
type: "string"
- description: "Set to this parameter to `previous` to cause a
- server-side rollback to the previous service spec. The supplied spec will be
- ignored in this case."
- name: "X-Registry-Auth"
in: "header"
description: "A base64-encoded auth configuration for pulling from private registries. [See the authentication section for details.](#section/Authentication)"
diff --git a/builder/builder-next/executor_unix.go b/builder/builder-next/executor_unix.go
index 4aee34c..d684b9f 100644
--- a/builder/builder-next/executor_unix.go
+++ b/builder/builder-next/executor_unix.go
@@ -10,6 +10,7 @@
"github.com/docker/docker/daemon/config"
"github.com/docker/docker/pkg/idtools"
+ "github.com/docker/docker/pkg/stringid"
"github.com/docker/libnetwork"
"github.com/moby/buildkit/executor"
"github.com/moby/buildkit/executor/oci"
@@ -100,11 +101,12 @@
logrus.WithError(iface.err).Error("failed to set networking spec")
return
}
+ shortNetCtlrID := stringid.TruncateID(iface.provider.NetworkController.ID())
// attach netns to bridge within the container namespace, using reexec in a prestart hook
s.Hooks = &specs.Hooks{
Prestart: []specs.Hook{{
Path: filepath.Join("/proc", strconv.Itoa(os.Getpid()), "exe"),
- Args: []string{"libnetwork-setkey", "-exec-root=" + iface.provider.Config().Daemon.ExecRoot, iface.sbx.ContainerID(), iface.provider.NetworkController.ID()},
+ Args: []string{"libnetwork-setkey", "-exec-root=" + iface.provider.Config().Daemon.ExecRoot, iface.sbx.ContainerID(), shortNetCtlrID},
}},
}
}
diff --git a/builder/builder-next/reqbodyhandler.go b/builder/builder-next/reqbodyhandler.go
index 4843390..b07503d 100644
--- a/builder/builder-next/reqbodyhandler.go
+++ b/builder/builder-next/reqbodyhandler.go
@@ -35,6 +35,7 @@
h.mu.Lock()
delete(h.requests, id)
h.mu.Unlock()
+ rc.Close()
}
}
diff --git a/cmd/dockerd/daemon.go b/cmd/dockerd/daemon.go
index 863628b..6076043 100644
--- a/cmd/dockerd/daemon.go
+++ b/cmd/dockerd/daemon.go
@@ -608,11 +608,17 @@
func loadListeners(cli *DaemonCli, serverConfig *apiserver.Config) ([]string, error) {
var hosts []string
+ seen := make(map[string]struct{}, len(cli.Config.Hosts))
+
for i := 0; i < len(cli.Config.Hosts); i++ {
var err error
if cli.Config.Hosts[i], err = dopts.ParseHost(cli.Config.TLS, honorXDG, cli.Config.Hosts[i]); err != nil {
return nil, errors.Wrapf(err, "error parsing -H %s", cli.Config.Hosts[i])
}
+ if _, ok := seen[cli.Config.Hosts[i]]; ok {
+ continue
+ }
+ seen[cli.Config.Hosts[i]] = struct{}{}
protoAddr := cli.Config.Hosts[i]
protoAddrParts := strings.SplitN(protoAddr, "://", 2)
diff --git a/container/container_unix.go b/container/container_unix.go
index b5c9b66..3fc6c91 100644
--- a/container/container_unix.go
+++ b/container/container_unix.go
@@ -190,7 +190,7 @@
if shmPath == "" {
return nil
}
- if err = mount.Unmount(shmPath); err != nil && !os.IsNotExist(err) {
+ if err = mount.Unmount(shmPath); err != nil && !os.IsNotExist(errors.Cause(err)) {
return err
}
return nil
diff --git a/container/health.go b/container/health.go
index 167ee9b..3e93142 100644
--- a/container/health.go
+++ b/container/health.go
@@ -22,7 +22,7 @@
case types.Starting:
return "health: starting"
default: // Healthy and Unhealthy are clear on their own
- return s.Health.Status
+ return status
}
}
diff --git a/container/state.go b/container/state.go
index 7c2a1ec..be403ae 100644
--- a/container/state.go
+++ b/container/state.go
@@ -17,7 +17,7 @@
type State struct {
sync.Mutex
// Note that `Running` and `Paused` are not mutually exclusive:
- // When pausing a container (on Linux), the cgroups freezer is used to suspend
+ // When pausing a container (on Linux), the freezer cgroup is used to suspend
// all processes in the container. Freezing the process requires the process to
// be running. As a result, paused containers are both `Running` _and_ `Paused`.
Running bool
diff --git a/daemon/daemon_unix.go b/daemon/daemon_unix.go
index 3cdceea..bc0ba22 100644
--- a/daemon/daemon_unix.go
+++ b/daemon/daemon_unix.go
@@ -193,8 +193,9 @@
}
weight := weightDevice.Weight
d := specs.LinuxWeightDevice{Weight: &weight}
- d.Major = int64(unix.Major(stat.Rdev))
- d.Minor = int64(unix.Minor(stat.Rdev))
+ // The type is 32bit on mips.
+ d.Major = int64(unix.Major(uint64(stat.Rdev))) // nolint: unconvert
+ d.Minor = int64(unix.Minor(uint64(stat.Rdev))) // nolint: unconvert
blkioWeightDevices = append(blkioWeightDevices, d)
}
@@ -264,8 +265,9 @@
return nil, err
}
d := specs.LinuxThrottleDevice{Rate: d.Rate}
- d.Major = int64(unix.Major(stat.Rdev))
- d.Minor = int64(unix.Minor(stat.Rdev))
+ // the type is 32bit on mips
+ d.Major = int64(unix.Major(uint64(stat.Rdev))) // nolint: unconvert
+ d.Minor = int64(unix.Minor(uint64(stat.Rdev))) // nolint: unconvert
throttleDevices = append(throttleDevices, d)
}
diff --git a/daemon/daemon_windows.go b/daemon/daemon_windows.go
index f6d0f8c..495f778 100644
--- a/daemon/daemon_windows.go
+++ b/daemon/daemon_windows.go
@@ -3,7 +3,9 @@
import (
"context"
"fmt"
+ "math"
"path/filepath"
+ "runtime"
"strings"
"github.com/Microsoft/hcsshim"
@@ -40,9 +42,10 @@
windowsMaxCPUPercent = 100
)
-// Windows doesn't really have rlimits.
+// Windows containers are much larger than Linux containers and each of them
+// have > 20 system processes which why we use much smaller parallelism value.
func adjustParallelLimit(n int, limit int) int {
- return limit
+ return int(math.Max(1, math.Floor(float64(runtime.NumCPU())*.8)))
}
// Windows has no concept of an execution state directory. So use config.Root here.
diff --git a/daemon/graphdriver/btrfs/version.go b/daemon/graphdriver/btrfs/version.go
index 2fb5c73..f6db8e6 100644
--- a/daemon/graphdriver/btrfs/version.go
+++ b/daemon/graphdriver/btrfs/version.go
@@ -1,4 +1,4 @@
-// +build linux,!btrfs_noversion
+// +build linux
package btrfs // import "github.com/docker/docker/daemon/graphdriver/btrfs"
diff --git a/daemon/graphdriver/btrfs/version_none.go b/daemon/graphdriver/btrfs/version_none.go
deleted file mode 100644
index 5c755f8..0000000
--- a/daemon/graphdriver/btrfs/version_none.go
+++ /dev/null
@@ -1,14 +0,0 @@
-// +build linux,btrfs_noversion
-
-package btrfs // import "github.com/docker/docker/daemon/graphdriver/btrfs"
-
-// TODO(vbatts) remove this work-around once supported linux distros are on
-// btrfs utilities of >= 3.16.1
-
-func btrfsBuildVersion() string {
- return "-"
-}
-
-func btrfsLibVersion() int {
- return -1
-}
diff --git a/daemon/graphdriver/btrfs/version_test.go b/daemon/graphdriver/btrfs/version_test.go
index 465daad..7c373ec 100644
--- a/daemon/graphdriver/btrfs/version_test.go
+++ b/daemon/graphdriver/btrfs/version_test.go
@@ -1,4 +1,4 @@
-// +build linux,!btrfs_noversion
+// +build linux
package btrfs // import "github.com/docker/docker/daemon/graphdriver/btrfs"
diff --git a/daemon/graphdriver/copy/copy.go b/daemon/graphdriver/copy/copy.go
index f812540..62d4243 100644
--- a/daemon/graphdriver/copy/copy.go
+++ b/daemon/graphdriver/copy/copy.go
@@ -146,7 +146,8 @@
switch mode := f.Mode(); {
case mode.IsRegular():
- id := fileID{dev: stat.Dev, ino: stat.Ino}
+ //the type is 32bit on mips
+ id := fileID{dev: uint64(stat.Dev), ino: stat.Ino} // nolint: unconvert
if copyMode == Hardlink {
isHardlink = true
if err2 := os.Link(srcPath, dstPath); err2 != nil {
diff --git a/daemon/graphdriver/devmapper/deviceset.go b/daemon/graphdriver/devmapper/deviceset.go
index c41b50c..30bbfd8 100644
--- a/daemon/graphdriver/devmapper/deviceset.go
+++ b/daemon/graphdriver/devmapper/deviceset.go
@@ -1527,7 +1527,8 @@
return 0, 0, err
}
- dev := stat.Rdev
+ // the type is 32bit on mips
+ dev := uint64(stat.Rdev) // nolint: unconvert
majorNum := major(dev)
minorNum := minor(dev)
@@ -1738,7 +1739,8 @@
// - Managed by docker
// - The target of this device is at major <maj> and minor <min>
// - If <inode> is defined, use that file inside the device as a loopback image. Otherwise use the device itself.
- devices.devicePrefix = fmt.Sprintf("docker-%d:%d-%d", major(st.Dev), minor(st.Dev), st.Ino)
+ // The type Dev in Stat_t is 32bit on mips.
+ devices.devicePrefix = fmt.Sprintf("docker-%d:%d-%d", major(uint64(st.Dev)), minor(uint64(st.Dev)), st.Ino) // nolint: unconvert
logger.Debugf("Generated prefix: %s", devices.devicePrefix)
// Check for the existence of the thin-pool device
diff --git a/daemon/images/image_builder.go b/daemon/images/image_builder.go
index cdf951c..320ffcf 100644
--- a/daemon/images/image_builder.go
+++ b/daemon/images/image_builder.go
@@ -170,6 +170,9 @@
func (i *ImageService) GetImageAndReleasableLayer(ctx context.Context, refOrID string, opts backend.GetImageAndLayerOptions) (builder.Image, builder.ROLayer, error) {
if refOrID == "" { // ie FROM scratch
os := runtime.GOOS
+ if runtime.GOOS == "windows" {
+ os = "linux"
+ }
if opts.Platform != nil {
os = opts.Platform.OS
}
diff --git a/daemon/logger/gelf/gelf.go b/daemon/logger/gelf/gelf.go
index e9c8604..57a82da 100644
--- a/daemon/logger/gelf/gelf.go
+++ b/daemon/logger/gelf/gelf.go
@@ -166,6 +166,10 @@
}
func (s *gelfLogger) Log(msg *logger.Message) error {
+ if len(msg.Line) == 0 {
+ return nil
+ }
+
level := gelf.LOG_INFO
if msg.Source == "stderr" {
level = gelf.LOG_ERR
diff --git a/daemon/oci_linux.go b/daemon/oci_linux.go
index ddb4192..2577dca 100644
--- a/daemon/oci_linux.go
+++ b/daemon/oci_linux.go
@@ -20,6 +20,7 @@
"github.com/docker/docker/oci/caps"
"github.com/docker/docker/pkg/idtools"
"github.com/docker/docker/pkg/mount"
+ "github.com/docker/docker/pkg/stringid"
"github.com/docker/docker/rootless/specconv"
volumemounts "github.com/docker/docker/volume/mounts"
"github.com/opencontainers/runc/libcontainer/apparmor"
@@ -66,13 +67,14 @@
for _, ns := range s.Linux.Namespaces {
if ns.Type == "network" && ns.Path == "" && !c.Config.NetworkDisabled {
target := filepath.Join("/proc", strconv.Itoa(os.Getpid()), "exe")
+ shortNetCtlrID := stringid.TruncateID(daemon.netController.ID())
s.Hooks.Prestart = append(s.Hooks.Prestart, specs.Hook{
Path: target,
Args: []string{
"libnetwork-setkey",
"-exec-root=" + daemon.configStore.GetExecRoot(),
c.ID,
- daemon.netController.ID(),
+ shortNetCtlrID,
},
})
}
diff --git a/daemon/start.go b/daemon/start.go
index 57a7267..adc253d 100644
--- a/daemon/start.go
+++ b/daemon/start.go
@@ -161,7 +161,7 @@
container.HasBeenManuallyStopped = false
}
- if daemon.saveApparmorConfig(container); err != nil {
+ if err := daemon.saveApparmorConfig(container); err != nil {
return err
}
diff --git a/docs/api/version-history.md b/docs/api/version-history.md
index 2e5523e..2e684cc 100644
--- a/docs/api/version-history.md
+++ b/docs/api/version-history.md
@@ -247,7 +247,7 @@
* `GET /containers/create` now takes a `DeviceCgroupRules` field in `HostConfig` allowing to set custom device cgroup rules for the created container.
* Optional query parameter `verbose` for `GET /networks/(id or name)` will now list all services with all the tasks, including the non-local tasks on the given network.
* `GET /containers/(id or name)/attach/ws` now returns WebSocket in binary frame format for API version >= v1.28, and returns WebSocket in text frame format for API version< v1.28, for the purpose of backward-compatibility.
-* `GET /networks` is optimised only to return list of all networks and network specific information. List of all containers attached to a specific network is removed from this API and is only available using the network specific `GET /networks/{network-id}.
+* `GET /networks` is optimised only to return list of all networks and network specific information. List of all containers attached to a specific network is removed from this API and is only available using the network specific `GET /networks/{network-id}`.
* `GET /containers/json` now supports `publish` and `expose` filters to filter containers that expose or publish certain ports.
* `POST /services/create` and `POST /services/(id or name)/update` now accept the `ReadOnly` parameter, which mounts the container's root filesystem as read only.
* `POST /build` now accepts `extrahosts` parameter to specify a host to ip mapping to use during the build.
diff --git a/docs/contributing/software-req-win.md b/docs/contributing/software-req-win.md
index 2f4322b..55b3700 100644
--- a/docs/contributing/software-req-win.md
+++ b/docs/contributing/software-req-win.md
@@ -100,8 +100,8 @@
Copy out the resulting Windows Moby Engine binary to `dockerd.exe` in the
current directory:
- docker cp binaries:C:\go\src\github.com\docker\docker\bundles\docker.exe docker.exe
- docker cp binaries:C:\go\src\github.com\docker\docker\bundles\dockerd.exe dockerd.exe
+ docker cp binaries:C:\gopath\src\github.com\docker\docker\bundles\docker.exe docker.exe
+ docker cp binaries:C:\gopath\src\github.com\docker\docker\bundles\dockerd.exe dockerd.exe
To test it, stop the system Docker daemon and start the one you just built:
@@ -109,7 +109,7 @@
.\dockerd.exe -D
The other make targets work too, to run unit tests try:
-`docker run --rm docker-builder sh -c 'cd /c/go/src/github.com/docker/docker; hack/make.sh test-unit'`.
+`docker run --rm docker-builder sh -c 'cd /c/gopath/src/github.com/docker/docker; hack/make.sh test-unit'`.
### 6. Remove the interim binaries container
diff --git a/errdefs/http_helpers.go b/errdefs/http_helpers.go
index 1debd2a..07552f1 100644
--- a/errdefs/http_helpers.go
+++ b/errdefs/http_helpers.go
@@ -141,9 +141,6 @@
case codes.Unavailable: // code 14
return http.StatusServiceUnavailable
default:
- if e, ok := err.(causer); ok {
- return statusCodeFromGRPCError(e.Cause())
- }
// codes.Canceled(1)
// codes.Unknown(2)
// codes.DeadlineExceeded(4)
@@ -168,10 +165,6 @@
}
case errcode.ErrorCoder:
return errs.ErrorCode().Descriptor().HTTPStatusCode
- default:
- if e, ok := err.(causer); ok {
- return statusCodeFromDistributionError(e.Cause())
- }
}
return http.StatusInternalServerError
}
diff --git a/hack/ci/windows.ps1 b/hack/ci/windows.ps1
index e621e01..3bf951a 100644
--- a/hack/ci/windows.ps1
+++ b/hack/ci/windows.ps1
@@ -486,7 +486,7 @@
}
# Following at the moment must be docker\docker as it's dictated by dockerfile.Windows
- $contPath="$COMMITHASH`:c`:\go\src\github.com\docker\docker\bundles"
+ $contPath="$COMMITHASH`:c`:\gopath\src\github.com\docker\docker\bundles"
# After https://github.com/docker/docker/pull/30290, .git was added to .dockerignore. Therefore
# we have to calculate unsupported outside of the container, and pass the commit ID in through
@@ -850,7 +850,7 @@
$Duration= $(Measure-Command { & docker run `
--rm `
-e c=$c `
- --workdir "c`:\go\src\github.com\docker\docker\integration-cli" `
+ --workdir "c`:\gopath\src\github.com\docker\docker\integration-cli" `
-v "$env:TEMP\binary`:c:\target" `
docker `
"`$env`:PATH`='c`:\target;'+`$env:PATH`; `$env:DOCKER_HOST`='tcp`://'+(ipconfig | select -last 1).Substring(39)+'`:2357'; c:\target\runIntegrationCLI.ps1" | Out-Host } )
diff --git a/hack/dockerfile/install/containerd.installer b/hack/dockerfile/install/containerd.installer
index 1c301d2..9e81208 100755
--- a/hack/dockerfile/install/containerd.installer
+++ b/hack/dockerfile/install/containerd.installer
@@ -4,7 +4,7 @@
# containerd is also pinned in vendor.conf. When updating the binary
# version you may also need to update the vendor version to pick up bug
# fixes or new APIs.
-CONTAINERD_COMMIT=b34a5c8af56e510852c35414db4c1f4fa6172339 # v1.2.10
+CONTAINERD_COMMIT=f772c10a585ced6be8f86e8c58c2b998412dd963 # v1.2.11
install_containerd() {
echo "Install containerd version $CONTAINERD_COMMIT"
diff --git a/hack/dockerfile/install/proxy.installer b/hack/dockerfile/install/proxy.installer
index 26bf89a..8ee329c 100755
--- a/hack/dockerfile/install/proxy.installer
+++ b/hack/dockerfile/install/proxy.installer
@@ -3,7 +3,7 @@
# LIBNETWORK_COMMIT is used to build the docker-userland-proxy binary. When
# updating the binary version, consider updating github.com/docker/libnetwork
# in vendor.conf accordingly
-LIBNETWORK_COMMIT=3eb39382bfa6a3c42f83674ab080ae13b0e34e5d # bump_19.03 branch
+LIBNETWORK_COMMIT=9fd385be8302dbe1071a3ce124891893ff27f90f # bump_19.03 branch
install_proxy() {
case "$1" in
diff --git a/hack/dockerfile/install/rootlesskit.installer b/hack/dockerfile/install/rootlesskit.installer
index 45dae93..798601e 100755
--- a/hack/dockerfile/install/rootlesskit.installer
+++ b/hack/dockerfile/install/rootlesskit.installer
@@ -1,7 +1,7 @@
#!/bin/sh
-# v0.7.0
-ROOTLESSKIT_COMMIT=791ac8cb209a107505cd1ca5ddf23a49913e176c
+# v0.7.1
+: ${ROOTLESSKIT_COMMIT:=76c4e26750da3986fa0e741464fbf0fcd55bea71}
install_rootlesskit() {
case "$1" in
diff --git a/hack/dockerfile/install/runc.installer b/hack/dockerfile/install/runc.installer
index 3677dd5..4b5dd41 100755
--- a/hack/dockerfile/install/runc.installer
+++ b/hack/dockerfile/install/runc.installer
@@ -4,7 +4,7 @@
# The version of runc should match the version that is used by the containerd
# version that is used. If you need to update runc, open a pull request in
# the containerd project first, and update both after that is merged.
-RUNC_COMMIT=3e425f80a8c931f88e6d94a8c831b9d5aa481657 # v1.0.0-rc8-92-g84373aaa
+RUNC_COMMIT=d736ef14f0288d6993a1845745d6756cfc9ddd5a # v1.0.0-rc9
install_runc() {
# If using RHEL7 kernels (3.10.0 el7), disable kmem accounting/limiting
diff --git a/hack/make.sh b/hack/make.sh
index f019e91..1bd37b0 100755
--- a/hack/make.sh
+++ b/hack/make.sh
@@ -91,14 +91,6 @@
DOCKER_BUILDTAGS+=" journald journald_compat"
fi
-# test whether "btrfs/version.h" exists and apply btrfs_noversion appropriately
-if \
- command -v gcc &> /dev/null \
- && ! gcc -E - -o /dev/null &> /dev/null <<<'#include <btrfs/version.h>' \
-; then
- DOCKER_BUILDTAGS+=' btrfs_noversion'
-fi
-
# test whether "libdevmapper.h" is new enough to support deferred remove
# functionality. We favour libdm_dlsym_deferred_remove over
# libdm_no_deferred_remove in dynamic cases because the binary could be shipped
diff --git a/hack/make/.go-autogen b/hack/make/.go-autogen
index ef5c6a4..d107500 100644
--- a/hack/make/.go-autogen
+++ b/hack/make/.go-autogen
@@ -58,7 +58,9 @@
fi
# Generate a Windows file version of the form major,minor,patch,build (with any part optional)
- VERSION_QUAD=$(echo -n $VERSION | sed -re 's/^([0-9.]*).*$/\1/' | tr . ,)
+ if [ ! -v VERSION_QUAD ]; then
+ VERSION_QUAD=$(echo -n $VERSION | sed -re 's/^([0-9.]*).*$/\1/' | tr . ,)
+ fi
# Pass version and commit information into the resource compiler
defs=
diff --git a/hack/make/test-docker-py b/hack/make/test-docker-py
index fdd4566..f9e4e33 100644
--- a/hack/make/test-docker-py
+++ b/hack/make/test-docker-py
@@ -7,17 +7,14 @@
# TODO docker 17.06 cli client used in CI fails to build using a sha;
# unable to prepare context: unable to 'git clone' to temporary context directory: error fetching: error: no such remote ref ead0bb9e08c13dd3d1712759491eee06bf5a5602
#: exit status 128
-: "${DOCKER_PY_COMMIT:=master}"
+: "${DOCKER_PY_COMMIT:=4.1.0}"
# custom options to pass py.test
-# TODO remove these skip once we update to a docker-py version that has https://github.com/docker/docker-py/pull/2369, https://github.com/docker/docker-py/pull/2380, https://github.com/docker/docker-py/pull/2382
+# TODO remove these skip once we update to a docker-py version that has https://github.com/docker/docker-py/pull/2485
: "${PY_TEST_OPTIONS:=\
---deselect=tests/integration/api_swarm_test.py::SwarmTest::test_init_swarm_data_path_addr \
--deselect=tests/integration/api_container_test.py::AttachContainerTest::test_attach_no_stream \
---deselect=tests/integration/api_exec_test.py::ExecTest::test_detach_with_arg \
--deselect=tests/integration/api_exec_test.py::ExecDemuxTest::test_exec_command_tty_stream_no_demux \
---deselect=tests/integration/api_build_test.py::BuildTest::test_build_invalid_platform \
---deselect=tests/integration/api_image_test.py::PullImageTest::test_pull_invalid_platform \
+--deselect=tests/integration/models_images_test.py::ImageCollectionTest::test_pull_multiple \
--junitxml=${DEST}/junit-report.xml \
}"
(
diff --git a/pkg/loopback/loopback.go b/pkg/loopback/loopback.go
index 086655b..03e335d0 100644
--- a/pkg/loopback/loopback.go
+++ b/pkg/loopback/loopback.go
@@ -37,7 +37,8 @@
return nil
}
targetInode := stat.Ino
- targetDevice := stat.Dev
+ // the type is 32bit on mips
+ targetDevice := uint64(stat.Dev) // nolint: unconvert
for i := 0; true; i++ {
path := fmt.Sprintf("/dev/loop%d", i)
diff --git a/pkg/namesgenerator/names-generator.go b/pkg/namesgenerator/names-generator.go
index a6447a0..f3f4605 100644
--- a/pkg/namesgenerator/names-generator.go
+++ b/pkg/namesgenerator/names-generator.go
@@ -22,7 +22,6 @@
"busy",
"charming",
"clever",
- "cocky",
"cool",
"compassionate",
"competent",
diff --git a/pkg/parsers/kernel/kernel_windows.go b/pkg/parsers/kernel/kernel_windows.go
index b7b15a1..a0712ce 100644
--- a/pkg/parsers/kernel/kernel_windows.go
+++ b/pkg/parsers/kernel/kernel_windows.go
@@ -44,7 +44,7 @@
}
KVI.major = int(dwVersion & 0xFF)
- KVI.minor = int((dwVersion & 0XFF00) >> 8)
+ KVI.minor = int((dwVersion & 0xFF00) >> 8)
KVI.build = int((dwVersion & 0xFFFF0000) >> 16)
return KVI, nil
diff --git a/pkg/system/stat_linux.go b/pkg/system/stat_linux.go
index 98c9eb1..17d5d13 100644
--- a/pkg/system/stat_linux.go
+++ b/pkg/system/stat_linux.go
@@ -8,7 +8,8 @@
mode: s.Mode,
uid: s.Uid,
gid: s.Gid,
- rdev: s.Rdev,
+ // the type is 32bit on mips
+ rdev: uint64(s.Rdev), // nolint: unconvert
mtim: s.Mtim}, nil
}
diff --git a/vendor.conf b/vendor.conf
index 326e5d4..66327c5 100644
--- a/vendor.conf
+++ b/vendor.conf
@@ -26,8 +26,8 @@
golang.org/x/sync e225da77a7e68af35c70ccbf71af2b83e6acac3c
# buildkit
-github.com/moby/buildkit 928f3b480d7460aacb401f68610058ffdb549aca
-github.com/tonistiigi/fsutil 3d2716dd0a4d06ff854241c7e8b6f3f904e1719f
+github.com/moby/buildkit 926935b590c94c3659ebcc49cf44da47c1a65ff6
+github.com/tonistiigi/fsutil 0f039a052ca1da01626278199624b62aed9b3729
github.com/grpc-ecosystem/grpc-opentracing 8e809c8a86450a29b90dcc9efbf062d0fe6d9746
github.com/opentracing/opentracing-go 1361b9cd60be79c4c3a7fa9841b3c132e40066a7
github.com/google/shlex 6f45313302b9c56850fc17f99e40caebce98c716
@@ -38,7 +38,7 @@
# libnetwork
# When updating, also update LIBNETWORK_COMMIT in hack/dockerfile/install/proxy.installer accordingly
-github.com/docker/libnetwork 3eb39382bfa6a3c42f83674ab080ae13b0e34e5d # bump_19.03 branch
+github.com/docker/libnetwork 9fd385be8302dbe1071a3ce124891893ff27f90f # bump_19.03 branch
github.com/docker/go-events 9461782956ad83b30282bf90e31fa6a70c255ba9
github.com/armon/go-radix e39d623f12e8e41c7b5529e9a9dd67a1e2261f80
github.com/armon/go-metrics eb0af217e5e9747e41dd5303755356b62d28e3ec
diff --git a/vendor/github.com/docker/libnetwork/agent.go b/vendor/github.com/docker/libnetwork/agent.go
index f7d57e2..fa6ec52 100644
--- a/vendor/github.com/docker/libnetwork/agent.go
+++ b/vendor/github.com/docker/libnetwork/agent.go
@@ -184,6 +184,16 @@
err := driver.DiscoverNew(discoverapi.EncryptionKeysUpdate, drvEnc)
if err != nil {
logrus.Warnf("Failed to update datapath keys in driver %s: %v", name, err)
+ // Attempt to reconfigure keys in case of a update failure
+ // which can arise due to a mismatch of keys
+ // if worker nodes get temporarily disconnected
+ logrus.Warnf("Reconfiguring datapath keys for %s", name)
+ drvCfgEnc := discoverapi.DriverEncryptionConfig{}
+ drvCfgEnc.Keys, drvCfgEnc.Tags = c.getKeys(subsysIPSec)
+ err = driver.DiscoverNew(discoverapi.EncryptionKeysConfig, drvCfgEnc)
+ if err != nil {
+ logrus.Warnf("Failed to reset datapath keys in driver %s: %v", name, err)
+ }
}
return false
})
diff --git a/vendor/github.com/docker/libnetwork/drivers/bridge/setup_device.go b/vendor/github.com/docker/libnetwork/drivers/bridge/setup_device.go
index a9dfd06..548ad95 100644
--- a/vendor/github.com/docker/libnetwork/drivers/bridge/setup_device.go
+++ b/vendor/github.com/docker/libnetwork/drivers/bridge/setup_device.go
@@ -35,18 +35,17 @@
setMac = kv.Kernel > 3 || (kv.Kernel == 3 && kv.Major >= 3)
}
+ if setMac {
+ hwAddr := netutils.GenerateRandomMAC()
+ i.Link.Attrs().HardwareAddr = hwAddr
+ logrus.Debugf("Setting bridge mac address to %s", hwAddr)
+ }
+
if err = i.nlh.LinkAdd(i.Link); err != nil {
logrus.Debugf("Failed to create bridge %s via netlink. Trying ioctl", config.BridgeName)
return ioctlCreateBridge(config.BridgeName, setMac)
}
- if setMac {
- hwAddr := netutils.GenerateRandomMAC()
- if err = i.nlh.LinkSetHardwareAddr(i.Link, hwAddr); err != nil {
- return fmt.Errorf("failed to set bridge mac-address %s : %s", hwAddr, err.Error())
- }
- logrus.Debugf("Setting bridge mac address to %s", hwAddr)
- }
return err
}
diff --git a/vendor/github.com/docker/libnetwork/drivers/overlay/overlay.go b/vendor/github.com/docker/libnetwork/drivers/overlay/overlay.go
index 1ec1e00..6f83e6d 100644
--- a/vendor/github.com/docker/libnetwork/drivers/overlay/overlay.go
+++ b/vendor/github.com/docker/libnetwork/drivers/overlay/overlay.go
@@ -378,7 +378,7 @@
}
}
if err := d.updateKeys(newKey, priKey, delKey); err != nil {
- logrus.Warn(err)
+ return err
}
default:
}
diff --git a/vendor/github.com/docker/libnetwork/sandbox_externalkey_unix.go b/vendor/github.com/docker/libnetwork/sandbox_externalkey_unix.go
index 5006583..d0f60de 100644
--- a/vendor/github.com/docker/libnetwork/sandbox_externalkey_unix.go
+++ b/vendor/github.com/docker/libnetwork/sandbox_externalkey_unix.go
@@ -12,6 +12,7 @@
"os"
"path/filepath"
+ "github.com/docker/docker/pkg/stringid"
"github.com/docker/libnetwork/types"
"github.com/opencontainers/runtime-spec/specs-go"
"github.com/sirupsen/logrus"
@@ -24,7 +25,7 @@
)
// processSetKeyReexec is a private function that must be called only on an reexec path
-// It expects 3 args { [0] = "libnetwork-setkey", [1] = <container-id>, [2] = <controller-id> }
+// It expects 3 args { [0] = "libnetwork-setkey", [1] = <container-id>, [2] = <short-controller-id> }
// It also expects specs.State as a json string in <stdin>
// Refer to https://github.com/opencontainers/runc/pull/160/ for more information
// The docker exec-root can be specified as "-exec-root" flag. The default value is "/run/docker".
@@ -41,14 +42,14 @@
execRoot := flag.String("exec-root", defaultExecRoot, "docker exec root")
flag.Parse()
- // expecting 3 os.Args {[0]="libnetwork-setkey", [1]=<container-id>, [2]=<controller-id> }
+ // expecting 3 os.Args {[0]="libnetwork-setkey", [1]=<container-id>, [2]=<short-controller-id> }
// (i.e. expecting 2 flag.Args())
args := flag.Args()
if len(args) < 2 {
err = fmt.Errorf("Re-exec expects 2 args (after parsing flags), received : %d", len(args))
return
}
- containerID, controllerID := args[0], args[1]
+ containerID, shortCtlrID := args[0], args[1]
// We expect specs.State as a json string in <stdin>
stateBuf, err := ioutil.ReadAll(os.Stdin)
@@ -60,16 +61,16 @@
return
}
- err = SetExternalKey(controllerID, containerID, fmt.Sprintf("/proc/%d/ns/net", state.Pid), *execRoot)
+ err = SetExternalKey(shortCtlrID, containerID, fmt.Sprintf("/proc/%d/ns/net", state.Pid), *execRoot)
}
// SetExternalKey provides a convenient way to set an External key to a sandbox
-func SetExternalKey(controllerID string, containerID string, key string, execRoot string) error {
+func SetExternalKey(shortCtlrID string, containerID string, key string, execRoot string) error {
keyData := setKeyData{
ContainerID: containerID,
Key: key}
- uds := filepath.Join(execRoot, execSubdir, controllerID+".sock")
+ uds := filepath.Join(execRoot, execSubdir, shortCtlrID+".sock")
c, err := net.Dial("unix", uds)
if err != nil {
return err
@@ -120,7 +121,8 @@
if err := os.MkdirAll(udsBase, 0600); err != nil {
return err
}
- uds := filepath.Join(udsBase, c.id+".sock")
+ shortCtlrID := stringid.TruncateID(c.id)
+ uds := filepath.Join(udsBase, shortCtlrID+".sock")
l, err := net.Listen("unix", uds)
if err != nil {
return err
diff --git a/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert.go b/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert.go
index bb21476..cb6b282 100644
--- a/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert.go
+++ b/vendor/github.com/moby/buildkit/frontend/dockerfile/dockerfile2llb/convert.go
@@ -345,9 +345,10 @@
opt.copyImage = DefaultCopyImage
}
- if err = dispatchOnBuild(d, d.image.Config.OnBuild, opt); err != nil {
+ if err = dispatchOnBuildTriggers(d, d.image.Config.OnBuild, opt); err != nil {
return nil, nil, err
}
+ d.image.Config.OnBuild = nil
for _, cmd := range d.commands {
if err := dispatch(d, cmd, opt); err != nil {
@@ -586,7 +587,7 @@
sources []*dispatchState
}
-func dispatchOnBuild(d *dispatchState, triggers []string, opt dispatchOpt) error {
+func dispatchOnBuildTriggers(d *dispatchState, triggers []string, opt dispatchOpt) error {
for _, trigger := range triggers {
ast, err := parser.Parse(strings.NewReader(trigger))
if err != nil {
diff --git a/vendor/github.com/moby/buildkit/go.mod b/vendor/github.com/moby/buildkit/go.mod
index 0d238c7..6258bee 100644
--- a/vendor/github.com/moby/buildkit/go.mod
+++ b/vendor/github.com/moby/buildkit/go.mod
@@ -53,7 +53,7 @@
github.com/sirupsen/logrus v1.3.0
github.com/stretchr/testify v1.3.0
github.com/syndtr/gocapability v0.0.0-20180916011248-d98352740cb2 // indirect
- github.com/tonistiigi/fsutil v0.0.0-20190819224149-3d2716dd0a4d
+ github.com/tonistiigi/fsutil v0.0.0-20191018213012-0f039a052ca1
github.com/tonistiigi/units v0.0.0-20180711220420-6950e57a87ea
github.com/uber/jaeger-client-go v0.0.0-20180103221425-e02c85f9069e
github.com/uber/jaeger-lib v1.2.1 // indirect
diff --git a/vendor/github.com/moby/buildkit/solver/combinedcache.go b/vendor/github.com/moby/buildkit/solver/combinedcache.go
index 07c494d..89361bc 100644
--- a/vendor/github.com/moby/buildkit/solver/combinedcache.go
+++ b/vendor/github.com/moby/buildkit/solver/combinedcache.go
@@ -87,6 +87,9 @@
}
}
}
+ if len(results) == 0 { // TODO: handle gracefully
+ return nil, errors.Errorf("failed to load deleted cache")
+ }
return results[0].Result, nil
}
diff --git a/vendor/github.com/moby/buildkit/util/flightcontrol/flightcontrol.go b/vendor/github.com/moby/buildkit/util/flightcontrol/flightcontrol.go
index 120be2f..f06d4e8 100644
--- a/vendor/github.com/moby/buildkit/util/flightcontrol/flightcontrol.go
+++ b/vendor/github.com/moby/buildkit/util/flightcontrol/flightcontrol.go
@@ -116,7 +116,9 @@
func (c *call) run() {
defer c.closeProgressWriter()
- v, err := c.fn(c.ctx)
+ ctx, cancel := context.WithCancel(c.ctx)
+ defer cancel()
+ v, err := c.fn(ctx)
c.mu.Lock()
c.result = v
c.err = err
diff --git a/vendor/github.com/tonistiigi/fsutil/diff.go b/vendor/github.com/tonistiigi/fsutil/diff.go
index acad9f4..1cbc32b 100644
--- a/vendor/github.com/tonistiigi/fsutil/diff.go
+++ b/vendor/github.com/tonistiigi/fsutil/diff.go
@@ -5,6 +5,7 @@
"hash"
"os"
+ "github.com/pkg/errors"
"github.com/tonistiigi/fsutil/types"
)
@@ -25,9 +26,14 @@
return err
}
+ stat, ok := f.Sys().(*types.Stat)
+ if !ok {
+ return errors.Errorf("%T invalid file without stat information", f.Sys())
+ }
+
p := ¤tPath{
path: path,
- f: f,
+ stat: stat,
}
select {
diff --git a/vendor/github.com/tonistiigi/fsutil/diff_containerd.go b/vendor/github.com/tonistiigi/fsutil/diff_containerd.go
index e63ee91..3702715 100644
--- a/vendor/github.com/tonistiigi/fsutil/diff_containerd.go
+++ b/vendor/github.com/tonistiigi/fsutil/diff_containerd.go
@@ -37,12 +37,12 @@
type currentPath struct {
path string
- f os.FileInfo
+ stat *types.Stat
// fullPath string
}
// doubleWalkDiff walks both directories to create a diff
-func doubleWalkDiff(ctx context.Context, changeFn ChangeFunc, a, b walkerFn) (err error) {
+func doubleWalkDiff(ctx context.Context, changeFn ChangeFunc, a, b walkerFn, filter FilterFunc) (err error) {
g, ctx := errgroup.WithContext(ctx)
var (
@@ -86,14 +86,22 @@
continue
}
- var f os.FileInfo
- k, p := pathChange(f1, f2)
+ var f *types.Stat
+ var f2copy *currentPath
+ if f2 != nil {
+ statCopy := *f2.stat
+ if filter != nil {
+ filter(f2.path, &statCopy)
+ }
+ f2copy = ¤tPath{path: f2.path, stat: &statCopy}
+ }
+ k, p := pathChange(f1, f2copy)
switch k {
case ChangeKindAdd:
if rmdir != "" {
rmdir = ""
}
- f = f2.f
+ f = f2.stat
f2 = nil
case ChangeKindDelete:
// Check if this file is already removed by being
@@ -101,30 +109,30 @@
if rmdir != "" && strings.HasPrefix(f1.path, rmdir) {
f1 = nil
continue
- } else if rmdir == "" && f1.f.IsDir() {
+ } else if rmdir == "" && f1.stat.IsDir() {
rmdir = f1.path + string(os.PathSeparator)
} else if rmdir != "" {
rmdir = ""
}
f1 = nil
case ChangeKindModify:
- same, err := sameFile(f1, f2)
+ same, err := sameFile(f1, f2copy)
if err != nil {
return err
}
- if f1.f.IsDir() && !f2.f.IsDir() {
+ if f1.stat.IsDir() && !f2copy.stat.IsDir() {
rmdir = f1.path + string(os.PathSeparator)
} else if rmdir != "" {
rmdir = ""
}
- f = f2.f
+ f = f2.stat
f1 = nil
f2 = nil
if same {
continue loop0
}
}
- if err := changeFn(k, p, f, nil); err != nil {
+ if err := changeFn(k, p, &StatInfo{f}, nil); err != nil {
return err
}
}
@@ -159,28 +167,17 @@
func sameFile(f1, f2 *currentPath) (same bool, retErr error) {
// If not a directory also check size, modtime, and content
- if !f1.f.IsDir() {
- if f1.f.Size() != f2.f.Size() {
+ if !f1.stat.IsDir() {
+ if f1.stat.Size_ != f2.stat.Size_ {
return false, nil
}
- t1 := f1.f.ModTime()
- t2 := f2.f.ModTime()
- if t1.UnixNano() != t2.UnixNano() {
+ if f1.stat.ModTime != f2.stat.ModTime {
return false, nil
}
}
- ls1, ok := f1.f.Sys().(*types.Stat)
- if !ok {
- return false, nil
- }
- ls2, ok := f2.f.Sys().(*types.Stat)
- if !ok {
- return false, nil
- }
-
- return compareStat(ls1, ls2)
+ return compareStat(f1.stat, f2.stat)
}
// compareStat returns whether the stats are equivalent,
diff --git a/vendor/github.com/tonistiigi/fsutil/diskwriter.go b/vendor/github.com/tonistiigi/fsutil/diskwriter.go
index 79a1673..70323c8 100644
--- a/vendor/github.com/tonistiigi/fsutil/diskwriter.go
+++ b/vendor/github.com/tonistiigi/fsutil/diskwriter.go
@@ -194,7 +194,7 @@
if isRegularFile {
if dw.opt.AsyncDataCb != nil {
- dw.requestAsyncFileData(p, destPath, fi)
+ dw.requestAsyncFileData(p, destPath, fi, &statCopy)
}
} else {
return dw.processChange(kind, p, fi, nil)
@@ -203,7 +203,7 @@
return nil
}
-func (dw *DiskWriter) requestAsyncFileData(p, dest string, fi os.FileInfo) {
+func (dw *DiskWriter) requestAsyncFileData(p, dest string, fi os.FileInfo, st *types.Stat) {
// todo: limit worker threads
dw.eg.Go(func() error {
if err := dw.processChange(ChangeKindAdd, p, fi, &lazyFileWriter{
@@ -211,7 +211,7 @@
}); err != nil {
return err
}
- return chtimes(dest, fi.ModTime().UnixNano()) // TODO: parent dirs
+ return chtimes(dest, st.ModTime) // TODO: parent dirs
})
}
diff --git a/vendor/github.com/tonistiigi/fsutil/go.mod b/vendor/github.com/tonistiigi/fsutil/go.mod
index 0e26f72..c6485f6 100644
--- a/vendor/github.com/tonistiigi/fsutil/go.mod
+++ b/vendor/github.com/tonistiigi/fsutil/go.mod
@@ -19,7 +19,7 @@
github.com/pkg/errors v0.8.1
github.com/sirupsen/logrus v1.0.3 // indirect
github.com/stretchr/testify v1.3.0
- golang.org/x/crypto v0.0.0-20190129210102-0709b304e793 // indirect
+ golang.org/x/crypto v0.0.0-20180904163835-0709b304e793 // indirect
golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f
golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e
gopkg.in/airbrake/gobrake.v2 v2.0.9 // indirect
diff --git a/vendor/github.com/tonistiigi/fsutil/receive.go b/vendor/github.com/tonistiigi/fsutil/receive.go
index 4de7ec5..0210dcd 100644
--- a/vendor/github.com/tonistiigi/fsutil/receive.go
+++ b/vendor/github.com/tonistiigi/fsutil/receive.go
@@ -133,7 +133,7 @@
if !r.merge {
destWalker = GetWalkerFn(r.dest)
}
- err := doubleWalkDiff(ctx, dw.HandleChange, destWalker, w.fill)
+ err := doubleWalkDiff(ctx, dw.HandleChange, destWalker, w.fill, r.filter)
if err != nil {
return err
}
@@ -180,11 +180,11 @@
r.mu.Unlock()
}
i++
- cp := ¤tPath{path: p.Stat.Path, f: &StatInfo{p.Stat}}
- if err := r.orderValidator.HandleChange(ChangeKindAdd, cp.path, cp.f, nil); err != nil {
+ cp := ¤tPath{path: p.Stat.Path, stat: p.Stat}
+ if err := r.orderValidator.HandleChange(ChangeKindAdd, cp.path, &StatInfo{cp.stat}, nil); err != nil {
return err
}
- if err := r.hlValidator.HandleChange(ChangeKindAdd, cp.path, cp.f, nil); err != nil {
+ if err := r.hlValidator.HandleChange(ChangeKindAdd, cp.path, &StatInfo{cp.stat}, nil); err != nil {
return err
}
if err := w.update(cp); err != nil {
diff --git a/vendor/github.com/tonistiigi/fsutil/types/stat.go b/vendor/github.com/tonistiigi/fsutil/types/stat.go
new file mode 100644
index 0000000..b79fd2b
--- /dev/null
+++ b/vendor/github.com/tonistiigi/fsutil/types/stat.go
@@ -0,0 +1,7 @@
+package types
+
+import "os"
+
+func (s Stat) IsDir() bool {
+ return os.FileMode(s.Mode).IsDir()
+}
