Skip to content
This repository was archived by the owner on Oct 13, 2023. It is now read-only.

[18.09 backport] Update containerd to v1.2.9 #367

Merged
merged 3 commits into from
Sep 27, 2019
Merged

[18.09 backport] Update containerd to v1.2.9 #367

merged 3 commits into from
Sep 27, 2019

Conversation

thaJeztah
Copy link
Member

built on top of #283. First two commits are from that PR

backport of

Update containerd to v1.2.9. https://github.com/containerd/containerd/releases/tag/v1.2.9

The ninth patch release for containerd 1.2 provides a handful of bug fixes and an
update to the gRPC vendored codebase to include 3 CVE fixes provided in the upstream
v1.23.0 release of gRPC. Note that updating gRPC to the current release required small
changes to our core containerd codebase to match the upstream changes since gRPC v1.12.0.
These changes have been backported from containerd's master branch, as well as a
similar small change in ttrpc, requiring that package's vendoring to be updated.

In addition to the gRPC update to include CVE fixes, fixes were made to correct a
container's default Unix environment (introduced in 1.2.8), a small list of CRI plugin
fixes, as well as fixes for registry interactions where Docker-Content-Digest is not
returned (e.g. GitHub Package Registry), and a tar archive modification time bug found
by the buildkit maintainers. A fix to the zfs snapshotter was also included via a
re-vendoring of containerd's zfs import. More notes on these fixes are found below.

@thaJeztah thaJeztah added this to the 18.09.10 milestone Sep 16, 2019
@thaJeztah thaJeztah force-pushed the 18.09_backport_bump_containerd_v1.2.9 branch from 2b9fdc8 to 348beb0 Compare September 24, 2019 18:52
@kolyshkin
Copy link

kolyshkin commented Sep 26, 2019
edited
Loading

Very weird error during build

[2019-09-24T18:57:47.073Z] #35 1.657 container_linux.go:345: starting container process caused "process_linux.go:430: container init caused "rootfs_linux.go:58: mounting \"/var/lib/docker/buildkit/executor/resolv.conf\" to rootfs \"/var/lib/docker/buildkit/executor/763dsgbagocy498tbw2ayc4wf/rootfs\" at \"/var/lib/docker/buildkit/executor/763dsgbagocy498tbw2ayc4wf/rootfs/etc/resolv.conf\" caused \"no such file or directory\"""

[2019-09-24T18:57:47.073Z] #35 ERROR: executor failed running [/bin/sh -c apt-get update && apt-get install -y --no-install-recommends cmake vim-common && rm -rf /var/lib/apt/lists/*]: exit code: 1

thaJeztah and others added 3 commits September 27, 2019 16:31
@thaJeztah
Update containerd to v1.2.7
8c7928a 
From the release notes: https://github.com/containerd/containerd/releases/tag/v1.2.7

> Welcome to the v1.2.7 release of containerd!
>
> The seventh patch release for containerd 1.2 introduces OCI image
> descriptor annotation support and contains fixes for containerd shim logs,
> container stop/deletion, cri plugin and selinux.
>
> It also contains several important bug fixes for goroutine and file
> descriptor leakage in containerd and containerd shims.
>
> Notable Updates
>
> - Support annotations in the OCI image descriptor, and filtering image by annotations. containerd/containerd#3254
> - Support context timeout in ttrpc which can help avoid containerd hangs when a shim is unresponsive. containerd/ttrpc#31
> - Fix a bug that containerd shim leaks goroutine and file descriptor after containerd restarts. containerd/ttrpc#37
> - Fix a bug that a container can't be deleted if first deletion attempt is canceled or timeout. containerd/containerd#3264
> - Fix a bug that containerd leaks file descriptor when using v2 containerd shims, e.g. containerd-shim-runc-v1. containerd/containerd#3273
> - Fix a bug that a container with lingering processes can't terminate when it shares pid namespace with another container. moby#38978
> - Fix a bug that containerd can't read shim logs after restart. containerd/containerd#3282
> - Fix a bug that shim_debug option is not honored for existing containerd shims after containerd restarts. containerd/containerd#3283
> - cri: Fix a bug that a container can't be stopped when the exit event is not successfully published by the containerd shim. containerd/containerd#3125, containerd/containerd#3177
> - cri: Fix a bug that exec process is not cleaned up if grpc context is canceled or timeout. contaienrd/cri#1159
> - Fix a selinux keyring labeling issue by updating runc to v1.0.0-rc.8 and selinux library to v1.2.2. opencontainers/selinux#50
> - Update ttrpc to f82148331ad2181edea8f3f649a1f7add6c3f9c2. containerd/containerd#3316
> - Update cri to 49ca74043390bc2eeea7a45a46005fbec58a3f88. containerd/containerd#3330

Signed-off-by: Sebastiaan van Stijn <[email protected]>
(cherry picked from commit d5669ec)
Signed-off-by: Sebastiaan van Stijn <[email protected]>
@tao12345666333 @thaJeztah
Update containerd to v1.2.8
e579d2b 
Signed-off-by: Jintao Zhang <[email protected]>
(cherry picked from commit 1264a85)
Signed-off-by: Sebastiaan van Stijn <[email protected]>
@tao12345666333 @thaJeztah
Update containerd to v1.2.9
0910118 
Signed-off-by: Jintao Zhang <[email protected]>
(cherry picked from commit 9ef9a33)
Signed-off-by: Sebastiaan van Stijn <[email protected]>
@thaJeztah thaJeztah force-pushed the 18.09_backport_bump_containerd_v1.2.9 branch from 348beb0 to 0910118 Compare September 27, 2019 14:33
This was referenced Sep 27, 2019
Merged
Merged
@andrewhsu andrewhsu merged commit 0910118 into docker-archive:18.09 Sep 27, 2019
@thaJeztah thaJeztah deleted the 18.09_backport_bump_containerd_v1.2.9 branch September 27, 2019 23:20
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
impact/changelog
Projects
None yet
Milestone
18.09.10
Development

Successfully merging this pull request may close these issues.
4 participants
@thaJeztah @kolyshkin @andrewhsu @tao12345666333