Fricounet/enrich unpack tracing#8
Closed
Fricounet wants to merge 2245 commits into
Closed
Conversation
…-default-ports Allow fallback across default ports
- Remove hcsshim import from repo
- un-exports GetOsVersion
- Update windows matcher to not compare empty os version
full diff: containerd/platforms@v0.2.0...v0.2.1
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Shingo Omura <everpeace@gmail.com>
Debian has started building packages with usernamespaces to disable network access and similar isolation features. The containerd package executes a unit test that fails in that scenario, see https://bugs.debian.org/1070411 The code contains a conditional on whether it is running in usernamepsace. This commit expands the unit test to cover this behavior; it was previously untested. The easiest way to reproduce this issue is to prefix the test invocaiton with 'unshare -nr go test [...]' Signed-off-by: Reinhard Tartler <siretart@gmail.com>
vendor: github.com/containerd/platforms v0.2.1
…ules/golang-x-ba92570477 build(deps): bump the golang-x group with 2 updates
Since Go 1.20, math/rand does not need explicit seeding: https://go.dev/doc/go1.20#minor_library_changes Go <= 1.19 is no longer supported due to EOL. Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
Remove pkg/seed
Allow running test in usernamespace
Signed-off-by: Derek McGowan <derek@mcg.dev>
full diff: opencontainers/runc@v1.1.12...v1.1.13 Release notes: * If building with Go 1.22.x, make sure to use 1.22.4 or a later version. * Support go 1.22.4+. * runc list: fix race with runc delete. * Fix set nofile rlimit error. * libct/cg/fs: fix setting rt_period vs rt_runtime. * Fix a debug msg for user ns in nsexec. * script/*: fix gpg usage wrt keyboxd. * CI fixes and misc backports. * Fix codespell warnings. * Silence security false positives from golang/net. * libcontainer: allow containers to make apps think fips is enabled/disabled for testing. * allow overriding VERSION value in Makefile. * Vagrantfile.fedora: bump Fedora to 39. * ci/cirrus: rm centos stream 8. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Now that we're on runc v1.1.13, we no longer need to pin the go version fo runc to go1.21 This reverts commit fef78c1. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
…alGroupsPolicy KEP-3619: Fine-grained SupplementalGroups control
Signed-off-by: Kern Walster <walster@amazon.com>
Signed-off-by: harshitasao <harshitasao@gmail.com>
update runc binary to v1.1.13
Bumps the k8s group with 4 updates in the / directory: [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery), [k8s.io/client-go](https://github.com/kubernetes/client-go), [k8s.io/component-base](https://github.com/kubernetes/component-base) and [k8s.io/kubelet](https://github.com/kubernetes/kubelet). Updates `k8s.io/apimachinery` from 0.30.0 to 0.30.2 - [Commits](kubernetes/apimachinery@v0.30.0...v0.30.2) Updates `k8s.io/client-go` from 0.30.0 to 0.30.2 - [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md) - [Commits](kubernetes/client-go@v0.30.0...v0.30.2) Updates `k8s.io/component-base` from 0.30.0 to 0.30.2 - [Commits](kubernetes/component-base@v0.30.0...v0.30.2) Updates `k8s.io/kubelet` from 0.30.0 to 0.30.2 - [Commits](kubernetes/kubelet@v0.30.0...v0.30.2) --- updated-dependencies: - dependency-name: k8s.io/apimachinery dependency-type: direct:production update-type: version-update:semver-patch dependency-group: k8s - dependency-name: k8s.io/client-go dependency-type: direct:production update-type: version-update:semver-patch dependency-group: k8s - dependency-name: k8s.io/component-base dependency-type: direct:production update-type: version-update:semver-patch dependency-group: k8s - dependency-name: k8s.io/kubelet dependency-type: direct:production update-type: version-update:semver-patch dependency-group: k8s ... Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Abel Feng <fshb1988@gmail.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
While the hook is intended to be used with logrus, we don't need to have the direct import; use the aliases provided by the containerd/log module instead. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Check span.IsRecording first, as it's a more lightweight check than span.SpanContext().IsValid() Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Prepare v2.0.0-rc.3 release
Race detector complains about concurrent access such as with Dispatch on push. Signed-off-by: Derek McGowan <derek@mcg.dev>
pkg/tracing: remove direct use of logrus, and fix some linting issues
The ParentIDs array in the Snapshot type is populated in the reverse order i.e the immediate parent is at the 0th index and the oldest parent is at the last index. It can be seen here: https://github.com/containerd/containerd/blob/main/core/snapshots/storage/bolt.go#L492 When applying these layers, the parent layer at the last index should be applied first and the parent layer at the 0th index should be applied last. However, the comment above the Snapshot type says the exact opposite thing. This commit fixes that comment. Signed-off-by: Amit Barve <ambarve@microsoft.com>
Allow proxy plugins to have capabilities
auth: add span to FetchToken helpers
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Bumps [google-github-actions/upload-cloud-storage](https://github.com/google-github-actions/upload-cloud-storage) from 2.1.2 to 2.1.3. - [Release notes](https://github.com/google-github-actions/upload-cloud-storage/releases) - [Changelog](https://github.com/google-github-actions/upload-cloud-storage/blob/main/CHANGELOG.md) - [Commits](google-github-actions/upload-cloud-storage@v2.1.2...v2.1.3) --- updated-dependencies: - dependency-name: google-github-actions/upload-cloud-storage dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [dario.cat/mergo](https://github.com/imdario/mergo) from 1.0.0 to 1.0.1. - [Release notes](https://github.com/imdario/mergo/releases) - [Commits](darccio/mergo@v1.0.0...v1.0.1) --- updated-dependencies: - dependency-name: dario.cat/mergo dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
Update hcsshim to v0.12.6
Bumps the k8s group with 5 updates: | Package | From | To | | --- | --- | --- | | [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery) | `0.30.3` | `0.31.0` | | [k8s.io/client-go](https://github.com/kubernetes/client-go) | `0.30.3` | `0.31.0` | | [k8s.io/component-base](https://github.com/kubernetes/component-base) | `0.30.3` | `0.31.0` | | [k8s.io/kubelet](https://github.com/kubernetes/kubelet) | `0.30.3` | `0.31.0` | | [k8s.io/utils](https://github.com/kubernetes/utils) | `0.0.0-20230726121419-3b25d923346b` | `0.0.0-20240711033017-18e509b52bc8` | Updates `k8s.io/apimachinery` from 0.30.3 to 0.31.0 - [Commits](kubernetes/apimachinery@v0.30.3...v0.31.0) Updates `k8s.io/client-go` from 0.30.3 to 0.31.0 - [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md) - [Commits](kubernetes/client-go@v0.30.3...v0.31.0) Updates `k8s.io/component-base` from 0.30.3 to 0.31.0 - [Commits](kubernetes/component-base@v0.30.3...v0.31.0) Updates `k8s.io/kubelet` from 0.30.3 to 0.31.0 - [Commits](kubernetes/kubelet@v0.30.3...v0.31.0) Updates `k8s.io/utils` from 0.0.0-20230726121419-3b25d923346b to 0.0.0-20240711033017-18e509b52bc8 - [Commits](https://github.com/kubernetes/utils/commits) --- updated-dependencies: - dependency-name: k8s.io/apimachinery dependency-type: direct:production update-type: version-update:semver-minor dependency-group: k8s - dependency-name: k8s.io/client-go dependency-type: direct:production update-type: version-update:semver-minor dependency-group: k8s - dependency-name: k8s.io/component-base dependency-type: direct:production update-type: version-update:semver-minor dependency-group: k8s - dependency-name: k8s.io/kubelet dependency-type: direct:production update-type: version-update:semver-minor dependency-group: k8s - dependency-name: k8s.io/utils dependency-type: direct:production update-type: version-update:semver-patch dependency-group: k8s ... Signed-off-by: dependabot[bot] <support@github.com>
Update the local content plugin to register itself in a consistent way as other plugins. This also allows the separate package to define its own configuration more cleanly. Signed-off-by: Derek McGowan <derek@mcg.dev>
…ules/k8s-f6dd80a502 build(deps): bump the k8s group with 5 updates
Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) from 1.19.1 to 1.20.1. - [Release notes](https://github.com/prometheus/client_golang/releases) - [Changelog](https://github.com/prometheus/client_golang/blob/v1.20.1/CHANGELOG.md) - [Commits](prometheus/client_golang@v1.19.1...v1.20.1) --- updated-dependencies: - dependency-name: github.com/prometheus/client_golang dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jin Dong <djdongjin95@gmail.com>
…_actions/google-github-actions/upload-cloud-storage-2.1.3 build(deps): bump google-github-actions/upload-cloud-storage from 2.1.2 to 2.1.3
Remove sha256-simd dependency
…ules/github.com/prometheus/client_golang-1.20.1 build(deps): bump github.com/prometheus/client_golang from 1.19.1 to 1.20.1
Register local content plugin from separate package
…ules/dario.cat/mergo-1.0.1 build(deps): bump dario.cat/mergo from 1.0.0 to 1.0.1
…ate-attestation-for-artifacts Generate attestation for artifacts during release CI job
Bumps [go.etcd.io/bbolt](https://github.com/etcd-io/bbolt) from 1.3.10 to 1.3.11. - [Release notes](https://github.com/etcd-io/bbolt/releases) - [Commits](etcd-io/bbolt@v1.3.10...v1.3.11) --- updated-dependencies: - dependency-name: go.etcd.io/bbolt dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [github.com/pelletier/go-toml/v2](https://github.com/pelletier/go-toml) from 2.2.2 to 2.2.3. - [Release notes](https://github.com/pelletier/go-toml/releases) - [Changelog](https://github.com/pelletier/go-toml/blob/v2/.goreleaser.yaml) - [Commits](pelletier/go-toml@v2.2.2...v2.2.3) --- updated-dependencies: - dependency-name: github.com/pelletier/go-toml/v2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Derek McGowan <derek@mcg.dev>
Signed-off-by: Derek McGowan <derek@mcg.dev>
Signed-off-by: Derek McGowan <derek@mcg.dev>
…ules/github.com/pelletier/go-toml/v2-2.2.3 build(deps): bump github.com/pelletier/go-toml/v2 from 2.2.2 to 2.2.3
…ules/go.etcd.io/bbolt-1.3.11 build(deps): bump go.etcd.io/bbolt from 1.3.10 to 1.3.11
Prepare release notes for v2.0.0-rc.4
* [tracing] Create NameSampler Simple sampler that samples every span having a certain name. It's best used in conjunction with the ParentBased sampler so that the child spans are also sampled. * [tracing] Configure otlp plugin to use NameSampler Allow the plugin to use the custom NameSampler if specified in the usual env vars used to specify the sampler `OTEL_TRACES_SAMPLER` and `OTEL_TRACES_SAMPLER_ARG`. This sampler will allow to avoid emitting a lot of the noisy traces to only keep a subset of meaningful traces.
Signed-off-by: Tony Fang <nhfang@amazon.com>
Signed-off-by: Swagat Bora <sbora@amazon.com>
Attempt to identify the different layer unpack steps defined in https://github.com/containerd/containerd/blob/main/docs/content-flow.md#snapshots. The goal is to try to have richer spans for image pull to understand limiting factors better.
jaredledvina
pushed a commit
that referenced
this pull request
Sep 12, 2025
Update the dependency and the indirect golang.org/x/net version to align with containerd 1.7 itself, and to prevent a vulnerability being detected. This should not generally be an issue, as the API module is used by containerd 1.7 and up, which already depend on a more current version of these dependencies. full diff: containerd/ttrpc@v1.2.3...v1.2.5 Before this: govulncheck ./... Scanning your code and 251 packages across 13 dependent modules for known vulnerabilities... === Symbol Results === Vulnerability #1: GO-2024-2687 HTTP/2 CONTINUATION flood in net/http More info: https://pkg.go.dev/vuln/GO-2024-2687 Module: golang.org/x/net Found in: golang.org/x/net@v0.21.0 Fixed in: golang.org/x/net@v0.23.0 Example traces found: #1: events/task_fieldpath.pb.go:85:20: events.TaskIO.Field calls fmt.Sprint, which eventually calls http2.ConnectionError.Error #2: events/task_fieldpath.pb.go:85:20: events.TaskIO.Field calls fmt.Sprint, which eventually calls http2.ErrCode.String #3: events/task_fieldpath.pb.go:85:20: events.TaskIO.Field calls fmt.Sprint, which eventually calls http2.FrameHeader.String #4: events/task_fieldpath.pb.go:85:20: events.TaskIO.Field calls fmt.Sprint, which eventually calls http2.FrameType.String #5: events/task_fieldpath.pb.go:85:20: events.TaskIO.Field calls fmt.Sprint, which eventually calls http2.Setting.String #6: events/task_fieldpath.pb.go:85:20: events.TaskIO.Field calls fmt.Sprint, which eventually calls http2.SettingID.String #7: events/task_fieldpath.pb.go:85:20: events.TaskIO.Field calls fmt.Sprint, which eventually calls http2.StreamError.Error #8: services/version/v1/version_grpc.pb.go:13:2: version.init calls status.init, which eventually calls http2.chunkWriter.Write #9: events/task_fieldpath.pb.go:85:20: events.TaskIO.Field calls fmt.Sprint, which eventually calls http2.connError.Error #10: events/task_fieldpath.pb.go:85:20: events.TaskIO.Field calls fmt.Sprint, which eventually calls http2.duplicatePseudoHeaderError.Error #11: events/task_fieldpath.pb.go:85:20: events.TaskIO.Field calls fmt.Sprint, which eventually calls http2.headerFieldNameError.Error #12: events/task_fieldpath.pb.go:85:20: events.TaskIO.Field calls fmt.Sprint, which eventually calls http2.headerFieldValueError.Error #13: events/task_fieldpath.pb.go:85:20: events.TaskIO.Field calls fmt.Sprint, which eventually calls http2.pseudoHeaderError.Error #14: events/task_fieldpath.pb.go:85:20: events.TaskIO.Field calls fmt.Sprint, which eventually calls http2.writeData.String Your code is affected by 1 vulnerability from 1 module. This scan also found 0 vulnerabilities in packages you import and 3 vulnerabilities in modules you require, but your code doesn't appear to call these vulnerabilities. Use '-show verbose' for more details. After this: govulncheck ./... Scanning your code and 251 packages across 13 dependent modules for known vulnerabilities... === Symbol Results === No vulnerabilities found. Your code is affected by 0 vulnerabilities. This scan also found 0 vulnerabilities in packages you import and 3 vulnerabilities in modules you require, but your code doesn't appear to call these vulnerabilities. Use '-show verbose' for more details. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.