├── .dockerignore
├── .github
├── ISSUE_TEMPLATE
│ ├── bug_report.yaml
│ ├── config.yml
│ └── feature_request.yaml
├── dependabot.yml
└── workflows
│ ├── ghcr-image-build-and-publish.yml
│ ├── job-build.yml
│ ├── job-lint-go.yml
│ ├── job-lint-other.yml
│ ├── job-lint-project.yml
│ ├── job-test-dependencies.yml
│ ├── job-test-in-container.yml
│ ├── job-test-in-host.yml
│ ├── job-test-in-lima.yml
│ ├── job-test-in-vagrant.yml
│ ├── job-test-unit.yml
│ ├── release.yml
│ ├── workflow-flaky.yml
│ ├── workflow-lint.yml
│ ├── workflow-test.yml
│ └── workflow-tigron.yml
├── .gitignore
├── .golangci.yml
├── .yamllint
├── Dockerfile
├── Dockerfile.d
├── SHA256SUMS.d
│ ├── buildg-v0.5.3
│ ├── buildkit-v0.21.1
│ ├── cni-plugins-v1.7.1
│ ├── containerd-fuse-overlayfs-v2.1.6
│ ├── fuse-overlayfs-v1.15
│ ├── rootlesskit-v1.1.1
│ ├── rootlesskit-v2.3.5
│ ├── slirp4netns-v1.3.2
│ ├── stargz-snapshotter-v0.16.3
│ └── tini-v0.19.0
├── etc_buildkit_buildkitd.toml
├── etc_containerd_config.toml
├── etc_systemd_system_user@.service.d_delegate.conf
├── home_rootless_.config_systemd_user_containerd.service.d_port-slirp4netns.conf
├── test-integration-buildkit-nerdctl-test.service
├── test-integration-etc_containerd-stargz-grpc_config.toml
├── test-integration-etc_containerd_config.toml
├── test-integration-ipfs-offline.service
├── test-integration-rootless.sh
└── test-integration-soci-snapshotter.service
├── EMERITUS.md
├── LICENSE
├── MAINTAINERS
├── MAINTAINERS_GUIDE.md
├── Makefile
├── NOTICE
├── README.md
├── SECURITY.md
├── Vagrantfile.freebsd
├── cmd
└── nerdctl
│ ├── apparmor
│ ├── apparmor_inspect_linux.go
│ ├── apparmor_linux.go
│ ├── apparmor_linux_test.go
│ ├── apparmor_list_linux.go
│ ├── apparmor_load_linux.go
│ └── apparmor_unload_linux.go
│ ├── builder
│ ├── builder.go
│ ├── builder_build.go
│ ├── builder_build_oci_layout_test.go
│ ├── builder_build_test.go
│ ├── builder_builder_test.go
│ └── builder_test.go
│ ├── completion
│ ├── completion.go
│ ├── completion_linux.go
│ ├── completion_test.go
│ ├── completion_unix.go
│ ├── completion_unix_nolinux.go
│ └── completion_windows.go
│ ├── compose
│ ├── compose.go
│ ├── compose_build.go
│ ├── compose_build_linux_test.go
│ ├── compose_config.go
│ ├── compose_config_test.go
│ ├── compose_cp.go
│ ├── compose_cp_linux_test.go
│ ├── compose_create.go
│ ├── compose_create_linux_test.go
│ ├── compose_down.go
│ ├── compose_down_linux_test.go
│ ├── compose_exec.go
│ ├── compose_exec_linux_test.go
│ ├── compose_images.go
│ ├── compose_images_linux_test.go
│ ├── compose_kill.go
│ ├── compose_kill_linux_test.go
│ ├── compose_logs.go
│ ├── compose_pause.go
│ ├── compose_pause_linux_test.go
│ ├── compose_port.go
│ ├── compose_port_linux_test.go
│ ├── compose_ps.go
│ ├── compose_ps_linux_test.go
│ ├── compose_pull.go
│ ├── compose_pull_linux_test.go
│ ├── compose_push.go
│ ├── compose_restart.go
│ ├── compose_restart_linux_test.go
│ ├── compose_rm.go
│ ├── compose_rm_linux_test.go
│ ├── compose_run.go
│ ├── compose_run_linux_test.go
│ ├── compose_start.go
│ ├── compose_start_linux_test.go
│ ├── compose_stop.go
│ ├── compose_stop_linux_test.go
│ ├── compose_test.go
│ ├── compose_top.go
│ ├── compose_top_linux_test.go
│ ├── compose_up.go
│ ├── compose_up_linux_test.go
│ ├── compose_up_test.go
│ ├── compose_version.go
│ └── compose_version_test.go
│ ├── container
│ ├── container.go
│ ├── container_attach.go
│ ├── container_attach_linux_test.go
│ ├── container_commit.go
│ ├── container_commit_linux_test.go
│ ├── container_commit_test.go
│ ├── container_cp_acid_linux_test.go
│ ├── container_cp_linux.go
│ ├── container_cp_linux_test.go
│ ├── container_cp_nolinux.go
│ ├── container_create.go
│ ├── container_create_linux_test.go
│ ├── container_create_test.go
│ ├── container_diff.go
│ ├── container_diff_test.go
│ ├── container_exec.go
│ ├── container_exec_linux_test.go
│ ├── container_exec_test.go
│ ├── container_inspect.go
│ ├── container_inspect_linux_test.go
│ ├── container_inspect_windows_test.go
│ ├── container_kill.go
│ ├── container_kill_linux_test.go
│ ├── container_list.go
│ ├── container_list_linux_test.go
│ ├── container_list_test.go
│ ├── container_list_windows_test.go
│ ├── container_logs.go
│ ├── container_logs_test.go
│ ├── container_pause.go
│ ├── container_port.go
│ ├── container_prune.go
│ ├── container_prune_linux_test.go
│ ├── container_remove.go
│ ├── container_remove_test.go
│ ├── container_remove_windows_test.go
│ ├── container_rename.go
│ ├── container_rename_linux_test.go
│ ├── container_rename_windows_test.go
│ ├── container_restart.go
│ ├── container_restart_linux_test.go
│ ├── container_run.go
│ ├── container_run_cgroup_linux_test.go
│ ├── container_run_gpus_test.go
│ ├── container_run_linux.go
│ ├── container_run_linux_test.go
│ ├── container_run_log_driver_syslog_test.go
│ ├── container_run_mount_linux_test.go
│ ├── container_run_mount_windows_test.go
│ ├── container_run_network.go
│ ├── container_run_network_base_test.go
│ ├── container_run_network_linux_test.go
│ ├── container_run_network_windows_test.go
│ ├── container_run_nolinux.go
│ ├── container_run_restart_linux_test.go
│ ├── container_run_runtime_linux_test.go
│ ├── container_run_security_linux_test.go
│ ├── container_run_soci_linux_test.go
│ ├── container_run_stargz_linux_test.go
│ ├── container_run_systemd_linux_test.go
│ ├── container_run_test.go
│ ├── container_run_user_linux_test.go
│ ├── container_run_user_windows_test.go
│ ├── container_run_verify_linux_test.go
│ ├── container_run_windows_test.go
│ ├── container_start.go
│ ├── container_start_linux_test.go
│ ├── container_start_test.go
│ ├── container_stats.go
│ ├── container_stats_test.go
│ ├── container_stop.go
│ ├── container_stop_linux_test.go
│ ├── container_test.go
│ ├── container_top.go
│ ├── container_top_test.go
│ ├── container_unpause.go
│ ├── container_update.go
│ ├── container_update_linux_test.go
│ ├── container_wait.go
│ ├── container_wait_test.go
│ └── multi_platform_linux_test.go
│ ├── helpers
│ ├── cobra.go
│ ├── consts.go
│ ├── flagutil.go
│ ├── prompt.go
│ ├── testing.go
│ └── testing_linux.go
│ ├── image
│ ├── image.go
│ ├── image_convert.go
│ ├── image_convert_linux_test.go
│ ├── image_cryptutil.go
│ ├── image_decrypt.go
│ ├── image_encrypt.go
│ ├── image_encrypt_linux_test.go
│ ├── image_history.go
│ ├── image_history_test.go
│ ├── image_inspect.go
│ ├── image_inspect_test.go
│ ├── image_list.go
│ ├── image_list_test.go
│ ├── image_load.go
│ ├── image_load_test.go
│ ├── image_prune.go
│ ├── image_prune_test.go
│ ├── image_pull.go
│ ├── image_pull_linux_test.go
│ ├── image_push.go
│ ├── image_push_linux_test.go
│ ├── image_remove.go
│ ├── image_remove_test.go
│ ├── image_save.go
│ ├── image_save_test.go
│ ├── image_tag.go
│ └── image_test.go
│ ├── inspect
│ ├── inspect.go
│ └── inspect_test.go
│ ├── internal
│ ├── internal.go
│ └── internal_oci_hook.go
│ ├── ipfs
│ ├── ipfs.go
│ ├── ipfs_compose_linux_test.go
│ ├── ipfs_kubo_linux_test.go
│ ├── ipfs_registry.go
│ ├── ipfs_registry_linux_test.go
│ ├── ipfs_registry_serve.go
│ ├── ipfs_simple_linux_test.go
│ └── ipfs_test.go
│ ├── issues
│ ├── issues_linux_test.go
│ └── main_linux_test.go
│ ├── login
│ ├── login.go
│ ├── login_linux_test.go
│ ├── login_test.go
│ └── logout.go
│ ├── main.go
│ ├── main_linux.go
│ ├── main_nolinux.go
│ ├── main_test.go
│ ├── main_test_test.go
│ ├── namespace
│ ├── namespace.go
│ ├── namespace_create.go
│ ├── namespace_inspect.go
│ ├── namespace_remove.go
│ ├── namespace_test.go
│ └── namespace_update.go
│ ├── network
│ ├── network.go
│ ├── network_create.go
│ ├── network_create_linux_test.go
│ ├── network_create_unix.go
│ ├── network_create_windows.go
│ ├── network_inspect.go
│ ├── network_inspect_test.go
│ ├── network_list.go
│ ├── network_list_linux_test.go
│ ├── network_prune.go
│ ├── network_prune_linux_test.go
│ ├── network_remove.go
│ ├── network_remove_linux_test.go
│ └── network_test.go
│ ├── system
│ ├── system.go
│ ├── system_events.go
│ ├── system_events_linux_test.go
│ ├── system_info.go
│ ├── system_info_test.go
│ ├── system_prune.go
│ ├── system_prune_linux_test.go
│ └── system_test.go
│ ├── version.go
│ └── volume
│ ├── volume.go
│ ├── volume_create.go
│ ├── volume_create_test.go
│ ├── volume_inspect.go
│ ├── volume_inspect_test.go
│ ├── volume_list.go
│ ├── volume_list_test.go
│ ├── volume_namespace_test.go
│ ├── volume_prune.go
│ ├── volume_prune_linux_test.go
│ ├── volume_remove.go
│ ├── volume_remove_linux_test.go
│ └── volume_test.go
├── docs
├── build.md
├── builder-debug.md
├── cni.md
├── command-reference.md
├── compose.md
├── config.md
├── cosign.md
├── cvmfs.md
├── dev
│ ├── auditing_dockerfile.md
│ └── store.md
├── dir.md
├── experimental.md
├── faq.md
├── freebsd.md
├── gpu.md
├── images
│ ├── nerdctl-white.svg
│ ├── nerdctl.svg
│ └── rootlessKit-network-design.png
├── ipfs.md
├── multi-platform.md
├── notation.md
├── nydus.md
├── ocicrypt.md
├── overlaybd.md
├── registry.md
├── rootless.md
├── soci.md
├── stargz.md
└── testing
│ ├── README.md
│ └── tools.md
├── examples
├── compose-multi-platform
│ ├── Dockerfile
│ ├── README.md
│ ├── docker-compose.yaml
│ └── index.php
├── compose-wordpress
│ ├── README.md
│ ├── docker-compose.stargz.yaml
│ └── docker-compose.yaml
└── nerdctl-ipfs-registry-kubernetes
│ ├── README.md
│ ├── ipfs-cluster
│ ├── README.md
│ ├── bootstrap.yaml.sh
│ └── nerdctl-ipfs-registry.yaml
│ ├── ipfs-stargz-snapshotter
│ ├── README.md
│ ├── bootstrap.yaml.sh
│ └── nerdctl-ipfs-registry.yaml
│ └── ipfs
│ ├── README.md
│ ├── bootstrap.yaml.sh
│ └── nerdctl-ipfs-registry.yaml
├── extras
└── rootless
│ ├── containerd-rootless-setuptool.sh
│ └── containerd-rootless.sh
├── go.mod
├── go.sum
├── hack
├── build-integration-canary.sh
├── generate-release-note.sh
├── git-checkout-tag-with-hash.sh
├── github
│ ├── action-helpers.sh
│ └── gotestsum-reporter.sh
├── provisioning
│ ├── README.md
│ ├── gpg
│ │ ├── docker
│ │ └── hashicorp
│ ├── kube
│ │ ├── kind.sh
│ │ └── kind.yaml
│ ├── linux
│ │ ├── cni.sh
│ │ └── containerd.sh
│ ├── version
│ │ └── fetch.sh
│ └── windows
│ │ ├── cni.sh
│ │ └── containerd.ps1
├── scripts
│ └── lib.sh
└── test-integration.sh
├── mod
└── tigron
│ ├── .golangci.yml
│ ├── .yamllint
│ ├── LICENSE
│ ├── Makefile
│ ├── README.md
│ ├── expect
│ ├── comparators.go
│ ├── comparators_test.go
│ ├── doc.go
│ ├── doc.md
│ └── exit.go
│ ├── go.mod
│ ├── go.sum
│ ├── hack
│ ├── dev-setup-linux.sh
│ ├── dev-setup-macos.sh
│ └── headers
│ │ ├── bash.txt
│ │ ├── dockerfile.txt
│ │ ├── go.txt
│ │ └── makefile.txt
│ ├── internal
│ ├── assertive
│ │ ├── assertive.go
│ │ ├── assertive_test.go
│ │ └── doc.go
│ ├── com
│ │ ├── command.go
│ │ ├── command_other.go
│ │ ├── command_test.go
│ │ ├── command_windows.go
│ │ ├── doc.go
│ │ ├── package_benchmark_test.go
│ │ ├── package_example_test.go
│ │ ├── package_test.go
│ │ └── pipes.go
│ ├── doc.go
│ ├── exit.go
│ ├── formatter
│ │ ├── doc.go
│ │ ├── formatter.go
│ │ └── osc8.go
│ ├── highk
│ │ ├── doc.go
│ │ ├── fileleak.go
│ │ └── goroutines.go
│ ├── logger
│ │ ├── doc.go
│ │ └── logger.go
│ ├── mimicry
│ │ ├── doc.go
│ │ ├── doc.md
│ │ ├── mimicry.go
│ │ ├── print.go
│ │ └── stack.go
│ ├── mocks
│ │ ├── doc.go
│ │ └── t.go
│ └── pty
│ │ └── pty.go
│ ├── require
│ ├── doc.go
│ ├── doc.md
│ ├── requirement.go
│ └── requirement_test.go
│ ├── test
│ ├── case.go
│ ├── command.go
│ ├── config.go
│ ├── config_test.go
│ ├── consts.go
│ ├── data.go
│ ├── data_test.go
│ ├── doc.go
│ ├── expected.go
│ ├── funct.go
│ ├── helpers.go
│ ├── interfaces.go
│ ├── package_test.go
│ ├── test.go
│ └── types.go
│ ├── tig
│ ├── doc.go
│ └── t.go
│ └── utils
│ ├── doc.go
│ ├── testca
│ └── ca.go
│ └── utilities.go
└── pkg
├── annotations
└── annotations.go
├── api
└── types
│ ├── apparmor_types.go
│ ├── builder_types.go
│ ├── container_network_types.go
│ ├── container_types.go
│ ├── cri
│ └── metadata_types.go
│ ├── global.go
│ ├── image_types.go
│ ├── ipfs_types.go
│ ├── load_types.go
│ ├── login_types.go
│ ├── namespace_types.go
│ ├── network_types.go
│ ├── system_types.go
│ └── volume_types.go
├── apparmorutil
├── apparmorutil.go
└── apparmorutil_linux.go
├── buildkitutil
├── buildkitutil.go
├── buildkitutil_linux.go
├── buildkitutil_test.go
├── buildkitutil_unix.go
├── buildkitutil_unix_nolinux.go
├── buildkitutil_windows.go
└── types.go
├── bypass4netnsutil
├── bypass.go
└── bypass4netnsutil.go
├── cioutil
├── container_io.go
├── container_io_unix.go
└── container_io_windows.go
├── clientutil
└── client.go
├── cmd
├── apparmor
│ ├── inspect_linux.go
│ ├── list_linux.go
│ ├── load_linux.go
│ └── unload_linux.go
├── builder
│ ├── build.go
│ ├── build_test.go
│ └── prune.go
├── compose
│ └── compose.go
├── container
│ ├── attach.go
│ ├── commit.go
│ ├── cp_linux.go
│ ├── create.go
│ ├── create_userns_opts_darwin.go
│ ├── create_userns_opts_freebsd.go
│ ├── create_userns_opts_linux.go
│ ├── create_userns_opts_linux_test.go
│ ├── create_userns_opts_windows.go
│ ├── exec.go
│ ├── exec_linux.go
│ ├── exec_nolinux.go
│ ├── idmap.go
│ ├── inspect.go
│ ├── kill.go
│ ├── list.go
│ ├── list_util.go
│ ├── logs.go
│ ├── pause.go
│ ├── prune.go
│ ├── remove.go
│ ├── rename.go
│ ├── restart.go
│ ├── run_blkio_linux.go
│ ├── run_cdi.go
│ ├── run_cgroup_linux.go
│ ├── run_gpus.go
│ ├── run_linux.go
│ ├── run_mount.go
│ ├── run_restart.go
│ ├── run_runtime.go
│ ├── run_security_linux.go
│ ├── run_ulimit_linux.go
│ ├── run_unix_nolinux.go
│ ├── run_user.go
│ ├── run_windows.go
│ ├── start.go
│ ├── stats.go
│ ├── stats_linux.go
│ ├── stats_nolinux.go
│ ├── stop.go
│ ├── top.go
│ ├── top_unix.go
│ ├── top_windows.go
│ ├── unpause.go
│ └── wait.go
├── image
│ ├── convert.go
│ ├── crypt.go
│ ├── ensure.go
│ ├── inspect.go
│ ├── list.go
│ ├── prune.go
│ ├── pull.go
│ ├── push.go
│ ├── remove.go
│ ├── save.go
│ └── tag.go
├── ipfs
│ └── registry_serve.go
├── login
│ ├── login.go
│ ├── prompt.go
│ ├── prompt_unix.go
│ └── prompt_windows.go
├── logout
│ └── logout.go
├── namespace
│ ├── common.go
│ ├── create.go
│ ├── inspect.go
│ ├── namespace_linux.go
│ ├── namespace_nolinux.go
│ ├── remove.go
│ └── update.go
├── network
│ ├── create.go
│ ├── inspect.go
│ ├── list.go
│ ├── prune.go
│ └── remove.go
├── system
│ ├── events.go
│ ├── info.go
│ └── prune.go
└── volume
│ ├── create.go
│ ├── inspect.go
│ ├── list.go
│ ├── prune.go
│ ├── rm.go
│ └── volume.go
├── composer
├── build.go
├── composer.go
├── config.go
├── container.go
├── copy.go
├── create.go
├── down.go
├── exec.go
├── kill.go
├── lock.go
├── logs.go
├── orphans.go
├── pause.go
├── pipetagger
│ └── pipetagger.go
├── port.go
├── pull.go
├── push.go
├── restart.go
├── rm.go
├── run.go
├── serviceparser
│ ├── build.go
│ ├── build_test.go
│ ├── serviceparser.go
│ └── serviceparser_test.go
├── stop.go
├── up.go
├── up_network.go
├── up_service.go
└── up_volume.go
├── config
└── config.go
├── consoleutil
├── consoleutil.go
├── consoleutil_unix.go
├── consoleutil_windows.go
└── detach.go
├── containerdutil
├── content.go
├── helpers.go
├── image_store.go
└── snapshotter.go
├── containerinspector
├── containerinspector.go
├── containerinspector_linux.go
├── containerinspector_unix_nolinux.go
└── containerinspector_windows.go
├── containerutil
├── config.go
├── container_network_manager.go
├── container_network_manager_linux.go
├── container_network_manager_other.go
├── container_network_manager_test.go
├── container_network_manager_windows.go
├── containerutil.go
├── containerutil_test.go
├── cp_linux.go
├── cp_resolve_linux.go
└── lock.go
├── defaults
├── cgroup_linux.go
├── defaults_darwin.go
├── defaults_freebsd.go
├── defaults_linux.go
└── defaults_windows.go
├── dnsutil
├── dnsutil.go
└── hostsstore
│ ├── hosts.go
│ ├── hosts_test.go
│ ├── hostsstore.go
│ ├── updater.go
│ └── updater_test.go
├── doc.go
├── errutil
├── errors_check.go
└── exit_coder.go
├── eventutil
└── eventutil.go
├── flagutil
├── flagutil.go
└── flagutil_test.go
├── formatter
├── common.go
├── formatter.go
└── formatter_test.go
├── identifiers
└── validate.go
├── idgen
└── idgen.go
├── idutil
├── containerwalker
│ └── containerwalker.go
└── imagewalker
│ └── imagewalker.go
├── imageinspector
└── imageinspector.go
├── imgutil
├── commit
│ ├── commit.go
│ ├── commit_other.go
│ └── commit_unix.go
├── converter
│ ├── convert.go
│ ├── info.go
│ └── zstd.go
├── dockerconfigresolver
│ ├── credentialsstore.go
│ ├── credentialsstore_test.go
│ ├── defaults.go
│ ├── dockerconfigresolver.go
│ ├── hostsstore.go
│ ├── registryurl.go
│ └── registryurl_test.go
├── fetch
│ └── fetch.go
├── filtering.go
├── filtering_test.go
├── imgutil.go
├── imgutil_test.go
├── jobs
│ └── jobs.go
├── load
│ └── load.go
├── pull
│ └── pull.go
├── push
│ └── push.go
├── snapshotter.go
└── snapshotter_test.go
├── infoutil
├── infoutil.go
├── infoutil_darwin.go
├── infoutil_freebsd.go
├── infoutil_linux.go
├── infoutil_test.go
├── infoutil_unix.go
├── infoutil_unix_test.go
├── infoutil_windows.go
├── infoutil_windows_test.go
└── infoutilmock
│ └── infoutil_mock.go
├── inspecttypes
├── dockercompat
│ ├── dockercompat.go
│ ├── dockercompat_test.go
│ └── info.go
└── native
│ ├── container.go
│ ├── image.go
│ ├── info.go
│ ├── namespace.go
│ ├── network.go
│ └── volume.go
├── internal
└── filesystem
│ ├── atomic.go
│ ├── consts.go
│ ├── errors.go
│ ├── lock.go
│ ├── lock_test.go
│ ├── lock_unix.go
│ ├── lock_windows.go
│ ├── path.go
│ ├── path_test.go
│ ├── path_unix.go
│ └── path_windows.go
├── ipcutil
├── ipcutil.go
├── ipcutil_linux.go
├── ipcutil_other.go
└── ipcutil_windows.go
├── ipfs
├── image.go
└── registry.go
├── labels
├── k8slabels
│ └── k8slabels.go
└── labels.go
├── logging
├── cri_logger.go
├── cri_logger_test.go
├── detail_writer.go
├── fluentd_logger.go
├── fluentd_logger_test.go
├── journald_logger.go
├── json_logger.go
├── json_logger_test.go
├── jsonfile
│ └── jsonfile.go
├── log_viewer.go
├── logging.go
├── logging_test.go
├── logs_other.go
├── logs_windows.go
├── none_logger.go
├── none_logger_test.go
├── syslog_logger.go
└── tail
│ ├── tail.go
│ └── tail_test.go
├── maputil
├── maputil.go
└── maputil_test.go
├── mountutil
├── mountutil.go
├── mountutil_darwin.go
├── mountutil_freebsd.go
├── mountutil_linux.go
├── mountutil_linux_test.go
├── mountutil_test.go
├── mountutil_unix.go
├── mountutil_windows.go
├── mountutil_windows_test.go
└── volumestore
│ └── volumestore.go
├── namestore
└── namestore.go
├── netutil
├── cni_plugin.go
├── cni_plugin_unix.go
├── cni_plugin_windows.go
├── nettype
│ ├── nettype.go
│ └── nettype_test.go
├── netutil.go
├── netutil_linux_test.go
├── netutil_test.go
├── netutil_unix.go
├── netutil_unix_test.go
├── netutil_windows.go
├── netutil_windows_test.go
├── store.go
└── subnet
│ ├── subnet.go
│ └── subnet_test.go
├── ocihook
├── ocihook.go
├── ocihook_linux.go
├── ocihook_nolinux.go
├── rootless_linux.go
├── rootless_other.go
└── state
│ └── state.go
├── platformutil
├── binfmt.go
├── layers.go
└── platformutil.go
├── portutil
├── iptable
│ ├── iptables.go
│ ├── iptables_linux.go
│ └── iptables_test.go
├── port_allocate_linux.go
├── port_allocate_other.go
├── portutil.go
├── portutil_test.go
└── procnet
│ ├── procnet.go
│ ├── procnet_linux.go
│ └── procnetd_test.go
├── referenceutil
├── referenceutil.go
└── referenceutil_test.go
├── reflectutil
├── reflectutil.go
└── reflectutil_test.go
├── resolvconf
├── resolvconf.go
└── resolvconf_linux_test.go
├── rootlessutil
├── child_linux.go
├── parent_linux.go
├── port_linux.go
├── rootlessutil_linux.go
├── rootlessutil_other.go
└── xdg_linux.go
├── signalutil
├── signals.go
├── signals_linux.go
└── signals_other.go
├── signutil
├── cosignutil.go
├── notationutil.go
└── signutil.go
├── snapshotterutil
├── socisource.go
└── sociutil.go
├── statsutil
├── stats.go
└── stats_linux.go
├── store
├── filestore.go
├── filestore_test.go
└── store.go
├── strutil
├── strutil.go
└── strutil_test.go
├── systemutil
├── socket_unix.go
└── socket_windows.go
├── tabutil
├── tabutil.go
└── tabutil_test.go
├── tarutil
└── tarutil.go
├── taskutil
└── taskutil.go
├── testutil
├── compose.go
├── iptables
│ └── iptables_linux.go
├── nerdtest
│ ├── ambient.go
│ ├── command.go
│ ├── hoststoml
│ │ └── hoststoml.go
│ ├── platform
│ │ ├── platform_darwin.go
│ │ ├── platform_freebsd.go
│ │ ├── platform_linux.go
│ │ └── platform_windows.go
│ ├── registry
│ │ ├── cesanta.go
│ │ ├── common.go
│ │ ├── docker.go
│ │ └── kubo.go
│ ├── requirements.go
│ ├── requirements_other.go
│ ├── requirements_windows.go
│ ├── test.go
│ ├── third-party.go
│ ├── utilities.go
│ └── utilities_linux.go
├── nettestutil
│ └── nettestutil.go
├── portlock
│ └── portlock.go
├── testca
│ └── testca.go
├── testregistry
│ ├── certsd_linux.go
│ └── testregistry_linux.go
├── testsyslog
│ └── testsyslog.go
├── testutil.go
├── testutil_darwin.go
├── testutil_freebsd.go
├── testutil_linux.go
└── testutil_windows.go
└── version
└── version.go
/.dockerignore:
--------------------------------------------------------------------------------
1 | # artifacts
2 | /nerdctl
3 | _output
4 | *.gomodjail
5 |
6 | # golangci-lint
7 | /build
8 |
9 | # vagrant
10 | /.vagrant
11 |
--------------------------------------------------------------------------------
/.github/ISSUE_TEMPLATE/config.yml:
--------------------------------------------------------------------------------
1 | blank_issues_enabled: true
2 | contact_links:
3 | - name: Ask a question (GitHub Discussions)
4 | url: https://github.com/containerd/nerdctl/discussions
5 | about: |
6 | Please do not submit "a bug report" for asking a question.
7 | In most cases, GitHub Discussions is the best place to ask a question.
8 | If you are not sure whether you are going to report a bug or ask a question,
9 | please consider asking in GitHub Discussions first.
10 | - name: Chat with containerd/nerdctl users and developers
11 | url: https://slack.cncf.io/
12 | about: CNCF slack has `#containerd` and `#containerd-dev` channels
13 |
--------------------------------------------------------------------------------
/.github/ISSUE_TEMPLATE/feature_request.yaml:
--------------------------------------------------------------------------------
1 | name: Feature request
2 | description: Suggest an idea for nerdctl
3 | labels: kind/feature
4 | body:
5 | - type: textarea
6 | attributes:
7 | label: What is the problem you're trying to solve
8 | description: |
9 | A clear and concise description of what the problem is.
10 | validations:
11 | required: true
12 |
13 | - type: textarea
14 | attributes:
15 | label: Describe the solution you'd like
16 | description: |
17 | A clear and concise description of what you'd like to happen.
18 | validations:
19 | required: true
20 |
21 | - type: textarea
22 | attributes:
23 | label: Additional context
24 | description: |
25 | Add any other context about the feature request here.
26 |
--------------------------------------------------------------------------------
/.github/workflows/job-lint-other.yml:
--------------------------------------------------------------------------------
1 | # This job runs any subsidiary linter not part of golangci (shell, yaml, etc)
2 | name: job-lint-other
3 |
4 | on:
5 | workflow_call:
6 | inputs:
7 | timeout:
8 | required: true
9 | type: number
10 | runner:
11 | required: true
12 | type: string
13 |
14 | env:
15 | GOTOOLCHAIN: local
16 |
17 | jobs:
18 | lint-other:
19 | name: "yaml | shell"
20 | timeout-minutes: ${{ inputs.timeout }}
21 | runs-on: ${{ inputs.runner }}
22 | defaults:
23 | run:
24 | shell: bash
25 |
26 | steps:
27 | - name: "Init: checkout"
28 | uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
29 | with:
30 | fetch-depth: 1
31 |
32 | - name: "Run: yaml"
33 | run: |
34 | make lint-yaml
35 |
36 | - name: "Run: shell"
37 | run: |
38 | make lint-shell
39 |
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | # artifacts
2 | /nerdctl
3 | _output
4 | *.gomodjail
5 |
6 | # golangci-lint
7 | /build
8 |
9 | # vagrant
10 | /.vagrant
11 | Vagrantfile
12 |
--------------------------------------------------------------------------------
/.yamllint:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | extends: default
4 |
5 | rules:
6 | indentation:
7 | spaces: 2
8 | indent-sequences: consistent
9 | truthy:
10 | allowed-values: ['true', 'false', 'on', 'off']
11 | comments-indentation: disable
12 | document-start: disable
13 | line-length: disable
14 |
--------------------------------------------------------------------------------
/Dockerfile.d/SHA256SUMS.d/buildg-v0.5.3:
--------------------------------------------------------------------------------
1 | cf4c40c58ca795eeb6e75e2c6a0e5bb3a6a9c0623d51bc3b85163e5d483eeade buildg-full-v0.5.3-linux-amd64.tar.gz
2 | 47c479f2e5150c9c76294fa93a03ad20e5928f4315bf52ca8432bfb6707d4276 buildg-full-v0.5.3-linux-arm64.tar.gz
3 | c289a454ae8673ff99acf56dec9ba97274c20d2015e80f7ac3b8eb8e4f77888f buildg-v0.5.3-linux-amd64.tar.gz
4 | b2e244250ce7ea5c090388f2025a9c546557861d25bba7b0666aa512f01fa6cd buildg-v0.5.3-linux-arm64.tar.gz
5 |
--------------------------------------------------------------------------------
/Dockerfile.d/SHA256SUMS.d/buildkit-v0.21.1:
--------------------------------------------------------------------------------
1 | e0d83a631a48f13232fcee71cbd913e6b11dbde0a45985fa1b99af27ab97086e buildkit-v0.21.1.linux-amd64.tar.gz
2 | 7652a05f2961c386ea6e65c4701daa0e5a899a20c77596cd5f0eca02851dc1f6 buildkit-v0.21.1.linux-arm64.tar.gz
3 |
--------------------------------------------------------------------------------
/Dockerfile.d/SHA256SUMS.d/cni-plugins-v1.7.1:
--------------------------------------------------------------------------------
1 | 1a28a0506bfe5bcdc981caf1a49eeab7e72da8321f1119b7be85f22621013098 cni-plugins-linux-amd64-v1.7.1.tgz
2 | 119fcb508d1ac2149e49a550752f9cd64d023a1d70e189b59c476e4d2bf7c497 cni-plugins-linux-arm64-v1.7.1.tgz
3 |
--------------------------------------------------------------------------------
/Dockerfile.d/SHA256SUMS.d/containerd-fuse-overlayfs-v2.1.6:
--------------------------------------------------------------------------------
1 | 8a768e4c953251d32b5e5d748d17593f7150834caaba403b483cf83f5856fea3 containerd-fuse-overlayfs-2.1.6-linux-amd64.tar.gz
2 | a3af866a12e913cd1d4dda8e41c08345eca928a15ac1d466fdb2b00b013e14ee containerd-fuse-overlayfs-2.1.6-linux-arm-v7.tar.gz
3 | 417ca0c838e43e446f498b384d73f7caaeb00dc4c1c0fe4b0ecfdd36fd355daa containerd-fuse-overlayfs-2.1.6-linux-arm64.tar.gz
4 | 5fdebd9fb7b50473318f0410bc3ab46f3388ac8aa586b45c91a314af9ce6569c containerd-fuse-overlayfs-2.1.6-linux-ppc64le.tar.gz
5 | 7e1a9d2ba68ff31a8dfb53bf6e71b2879063b13c759922c8cff3013893829bca containerd-fuse-overlayfs-2.1.6-linux-riscv64.tar.gz
6 | 3c022651cdaff666e88996d5d9c7e776bf59419a03d7d718a28aa708036419f9 containerd-fuse-overlayfs-2.1.6-linux-s390x.tar.gz
7 |
--------------------------------------------------------------------------------
/Dockerfile.d/SHA256SUMS.d/fuse-overlayfs-v1.15:
--------------------------------------------------------------------------------
1 | a62829baa7a7d39d0a9a784d51ebd528efe226192c0a86ba6667d0fcae9129c3 fuse-overlayfs-aarch64
2 | 7ad67a810100bebf63c41fbb621df3d552531db94d600a94f5f701b1e9f8aa5a fuse-overlayfs-armv7l
3 | 9778e1f0da1429469bcc65ea90a7504e63f0a258089b9bb1ae65105330e61808 fuse-overlayfs-ppc64le
4 | f7a2852983b3d0a8f15c31084c215b4965d5b62b9ce1014708283dd2dd909b28 fuse-overlayfs-riscv64
5 | 89a410a67822002c20ff21d8a9e5353ebda00d3a2f79fd99f26fb47533e253a5 fuse-overlayfs-s390x
6 | 1cd97f5ca7ac52fa192c94c1e605713cfb27d3dc417c0bef4dcfb9fb20e01e81 fuse-overlayfs-x86_64
7 |
--------------------------------------------------------------------------------
/Dockerfile.d/SHA256SUMS.d/rootlesskit-v1.1.1:
--------------------------------------------------------------------------------
1 | b74c577abd6ad721e0b7e10a74f4c5ac26cb3afe005ad3d28d4d7912c356079f rootlesskit-aarch64.tar.gz
2 | 95c27e6808c942c67ab93d94e37bada3a62cfc47de848101889f8e3ba5c9f7dd rootlesskit-armv7l.tar.gz
3 | df35c74cd030e1b3978f28d1cb7c909da2ab962fb0c9369463d43a89b9f16cc2 rootlesskit-ppc64le.tar.gz
4 | 79af3e96e9d6deddc5faa4680de7e28120ae333386c48a30e79fe156f17bad9b rootlesskit-riscv64.tar.gz
5 | 32da9a11b67340ff498de8a3268673277a1e1d9e9d8d5f619bbf09305beaaa6c rootlesskit-s390x.tar.gz
6 | 3c83affbb405cafe2d32e2e24462af9b4dcfa19e3809030012ad0d4e3fd49e8f rootlesskit-x86_64.tar.gz
7 |
--------------------------------------------------------------------------------
/Dockerfile.d/SHA256SUMS.d/rootlesskit-v2.3.5:
--------------------------------------------------------------------------------
1 | 478c14c3195bf989cd9a8e6bd129d227d5d88f1c11418967ffdc84a0072cc7a2 rootlesskit-aarch64.tar.gz
2 | 0622e52952a848219b86b902c9bdb96e1ebe575a3015c05e7da02569e83b3a61 rootlesskit-armv7l.tar.gz
3 | b1ec12321c54860230c5d0bbbc6d651a746ac49bce7eeb36fd1ad1e0f0048d58 rootlesskit-ppc64le.tar.gz
4 | 8ee59e518cdb5770afab49307b400f585598ed2c06b4ffc81f7c36fbeea422d6 rootlesskit-riscv64.tar.gz
5 | 2a3198947cf322357106557c58a8d5f29a664961edf290ea305c94b03521f6c8 rootlesskit-s390x.tar.gz
6 | 118208e25becd144ee7317c172fc9decce7b16174d5c1bbf80f1d1d0eacc6b5f rootlesskit-x86_64.tar.gz
7 |
--------------------------------------------------------------------------------
/Dockerfile.d/SHA256SUMS.d/slirp4netns-v1.3.2:
--------------------------------------------------------------------------------
1 | b4162d27bbbd3683ca8ee57b51a1b270c0054b3a15fcc1830a5d7c10b77ad045 SOURCE_DATE_EPOCH
2 | c55117faa5e18345a3ee1515267f056822ff0c1897999ae5422b0114ee48df85 slirp4netns-aarch64
3 | f55a6c9e3ec8280e9c3cec083f07dc124e2846ce8139a9281c35013e968d7e95 slirp4netns-armv7l
4 | 7b388a9cacbd89821f7f7a6457470fcae8f51aa846162521589feb4634ec7586 slirp4netns-ppc64le
5 | 041f9fe507510de1fbb802933a6add093ff19f941185965295c81f2ba4fc9cec slirp4netns-riscv64
6 | aa39cf14414ae53dbff6b79dfdfa55b5ff8ac5250e2261804863cd365b33a818 slirp4netns-s390x
7 | 4d55a3658ae259e3e74bb75cf058eb05d6e39ad6bbe170ca8e94c2462bea0eb1 slirp4netns-x86_64
8 |
--------------------------------------------------------------------------------
/Dockerfile.d/SHA256SUMS.d/stargz-snapshotter-v0.16.3:
--------------------------------------------------------------------------------
1 | 516984d13e10396f7f6090c51e4e42cc1af9a0d4b16aa81837bcdb1d5a5608d6 stargz-snapshotter-v0.16.3-linux-amd64.tar.gz
2 | d3ac8215603cfd002901c88c568ff5c0685d6953c012fa6ff709deb50f90b023 stargz-snapshotter-v0.16.3-linux-arm64.tar.gz
3 | f1cf855870af16a653d8acb9daa3edf84687c2c05323cb958f078fb148af3eec stargz-snapshotter.service
4 |
--------------------------------------------------------------------------------
/Dockerfile.d/SHA256SUMS.d/tini-v0.19.0:
--------------------------------------------------------------------------------
1 | c5b0666b4cb676901f90dfcb37106783c5fe2077b04590973b885950611b30ee tini-static-amd64
2 | eae1d3aa50c48fb23b8cbdf4e369d0910dfc538566bfd09df89a774aa84a48b9 tini-static-arm64
3 |
--------------------------------------------------------------------------------
/Dockerfile.d/etc_buildkit_buildkitd.toml:
--------------------------------------------------------------------------------
1 | [worker.oci]
2 | enabled = false
3 |
4 | [worker.containerd]
5 | enabled = true
6 | namespace = "default"
7 |
--------------------------------------------------------------------------------
/Dockerfile.d/etc_containerd_config.toml:
--------------------------------------------------------------------------------
1 | version = 2
2 |
3 | # Enable stargz snapshotter
4 | [proxy_plugins]
5 | [proxy_plugins.stargz]
6 | type = "snapshot"
7 | address = "/run/containerd-stargz-grpc/containerd-stargz-grpc.sock"
8 |
--------------------------------------------------------------------------------
/Dockerfile.d/etc_systemd_system_user@.service.d_delegate.conf:
--------------------------------------------------------------------------------
1 | [Service]
2 | Delegate=yes
3 |
--------------------------------------------------------------------------------
/Dockerfile.d/home_rootless_.config_systemd_user_containerd.service.d_port-slirp4netns.conf:
--------------------------------------------------------------------------------
1 | [Service]
2 | # Change the port driver from "builtin" to "slirp4netns". Only used in CI.
3 | Environment="CONTAINERD_ROOTLESS_ROOTLESSKIT_PORT_DRIVER=slirp4netns"
4 |
--------------------------------------------------------------------------------
/Dockerfile.d/test-integration-etc_containerd-stargz-grpc_config.toml:
--------------------------------------------------------------------------------
1 | version = 2
2 |
3 | # Enable IPFS
4 | ipfs = true
--------------------------------------------------------------------------------
/Dockerfile.d/test-integration-etc_containerd_config.toml:
--------------------------------------------------------------------------------
1 | version = 2
2 |
3 | # Enable stargz snapshotter
4 | [proxy_plugins]
5 | [proxy_plugins.stargz]
6 | type = "snapshot"
7 | address = "/run/containerd-stargz-grpc/containerd-stargz-grpc.sock"
8 |
9 | # Enable soci snapshotter
10 | [proxy_plugins.soci]
11 | type = "snapshot"
12 | address = "/run/soci-snapshotter-grpc/soci-snapshotter-grpc.sock"
13 |
--------------------------------------------------------------------------------
/Dockerfile.d/test-integration-ipfs-offline.service:
--------------------------------------------------------------------------------
1 | [Unit]
2 | Description=ipfs daemon for integration test (offline)
3 |
4 | [Service]
5 | ExecStart=ipfs daemon --init --offline
6 | Environment=IPFS_PATH="%h/.ipfs"
7 |
8 | [Install]
9 | WantedBy=docker-entrypoint.target
10 |
--------------------------------------------------------------------------------
/Dockerfile.d/test-integration-soci-snapshotter.service:
--------------------------------------------------------------------------------
1 | [Unit]
2 | Description=soci snapshotter containerd plugin for integration test
3 | Documentation=https://github.com/awslabs/soci-snapshotter
4 | After=network.target
5 | Before=containerd.service
6 |
7 | [Service]
8 | Type=notify
9 | ExecStartPre=/bin/bash -c 'mkdir -p /var/lib/soci-snapshotter-grpc && mount -t tmpfs none /var/lib/soci-snapshotter-grpc'
10 | ExecStart=/usr/local/bin/soci-snapshotter-grpc
11 | Restart=always
12 | RestartSec=5
13 |
14 | [Install]
15 | WantedBy=docker-entrypoint.target
16 |
--------------------------------------------------------------------------------
/EMERITUS.md:
--------------------------------------------------------------------------------
1 | See [`MAINTAINERS`](./MAINTAINERS) for the current active maintainers.
2 | - - -
3 | # nerdctl Emeritus Maintainers
4 |
5 | ## Committers
6 | ### Ye Sijun ([@junnplus](https://github.com/junnplus))
7 | Ye Sijun (GitHub ID [@junnplus](https://github.com/junnplus)) served as
8 | a Committer of nerdctl from November 2022 to June 2024.
9 | Prior to his role as a Committer, Sijun served as a Reviewer since February 2022.
10 |
11 | Sijun has made [significant improvements](https://github.com/containerd/nerdctl/pulls?q=author%3Ajunnplus+)
12 | especially to `nerdctl compose`, IPAM, and cosign integration.
13 |
14 | ## Reviewers
15 | ### Hanchin Hsieh ([@yuchanns](https://github.com/yuchanns))
16 | Hanchin Hsieh (GitHub ID [@yuchanns](https://github.com/yuchanns)) served as
17 | a Reviewer of nerdctl from November 2022 to June 2024.
18 |
19 | Hanchin has made significant contributions such as the addition of
20 | [syslog driver](https://github.com/containerd/nerdctl/pull/1377) and
21 | [IPv6 networking](https://github.com/containerd/nerdctl/pull/1558).
22 |
--------------------------------------------------------------------------------
/MAINTAINERS:
--------------------------------------------------------------------------------
1 | # nerdctl maintainers
2 | #
3 | # As a containerd sub-project, containerd maintainers are also included from https://github.com/containerd/project/blob/main/MAINTAINERS.
4 | # See https://github.com/containerd/project/blob/main/GOVERNANCE.md for description of maintainer role
5 | #
6 | # See also MAINTAINERS_GUIDE.md
7 |
8 | # CORE COMMITTERS who regularly contribute to nerdctl
9 | # (Extracted from https://github.com/containerd/project/blob/main/MAINTAINERS for ease of reference)
10 | # GitHub ID, Name, Email address, GPG fingerprint
11 | "AkihiroSuda","Akihiro Suda","akihiro.suda.cz@hco.ntt.co.jp","C020 EA87 6CE4 E06C 7AB9 5AEF 4952 4C6F 9F63 8F1A"
12 |
13 | # COMMITTERS
14 | # GitHub ID, Name, Email address, GPG fingerprint
15 | "ktock","Kohei Tokunaga","ktokunaga.mail@gmail.com",""
16 | "fahedouch","Fahed Dorgaa","fahed.dorgaa@gmail.com","EE7A 5503 CE0D 38AC 5B95 A500 F35F F497 60A8 65FA"
17 | "Zheaoli", "Zheao Li", "me@manjusaka.me","6E0D D9FA BAD5 AF61 D884 01EE 878F 445D 9C6C E65E"
18 | "djdongjin", "Jin Dong", "djdongjin95@gmail.com",""
19 | "yankay", "Kay Yan", "kay.yan@daocloud.io", ""
20 |
21 | # REVIEWERS
22 | # GitHub ID, Name, Email address, GPG fingerprint
23 | "jsturtevant","James Sturtevant","jstur@microsoft.com",""
24 | "manugupt1", "Manu Gupta", "manugupt1@gmail.com","FCA9 504A 4118 EA5C F466 CC30 A5C3 A8F4 E7FE 9E10"
25 | "Shubhranshu153","Shubharanshu Mahapatra","shubhum@amazon.com",""
26 |
27 | # EMERITUS
28 | # See EMERITUS.md
29 |
--------------------------------------------------------------------------------
/NOTICE:
--------------------------------------------------------------------------------
1 | nerdctl
2 | Copyright The containerd Authors.
3 |
4 | This project contains portions of other projects that are licensed under the terms of Apache License 2.0.
5 | The NOTICE files of those projects are replicated here.
6 |
7 | === https://github.com/moby/moby , https://github.com/docker/cli ===
8 | https://github.com/moby/moby/blob/v20.10.14/LICENSE , https://github.com/docker/cli/blob/v20.10.14/LICENSE
9 | https://github.com/moby/moby/blob/v20.10.14/NOTICE , https://github.com/docker/cli/blob/v20.10.14/NOTICE
10 |
11 | > Docker
12 | > Copyright 2012-2017 Docker, Inc.
13 | >
14 | > This product includes software developed at Docker, Inc. (https://www.docker.com).
15 | >
16 | > This product contains software (https://github.com/creack/pty) developed
17 | > by Keith Rarick, licensed under the MIT License.
18 | >
19 | > The following is courtesy of our legal counsel:
20 | >
21 | >
22 | > Use and transfer of Docker may be subject to certain restrictions by the
23 | > United States and other governments.
24 | > It is your responsibility to ensure that your use and/or transfer does not
25 | > violate applicable laws.
26 | >
27 | > For more information, please see https://www.bis.doc.gov
28 | >
29 | > See also https://www.apache.org/dev/crypto.html and/or seek legal counsel.
30 |
31 | === https://github.com/docker/compose ===
32 | https://github.com/docker/compose/blob/v2.4.1/LICENSE
33 | https://github.com/docker/compose/blob/v2.4.1/NOTICE
34 |
35 | > Docker Compose V2
36 | > Copyright 2020 Docker Compose authors
37 | >
38 | > This product includes software developed at Docker, Inc. (https://www.docker.com).
39 |
--------------------------------------------------------------------------------
/SECURITY.md:
--------------------------------------------------------------------------------
1 | See https://github.com/containerd/project/blob/main/SECURITY.md for reporting a vulnerability.
2 |
--------------------------------------------------------------------------------
/cmd/nerdctl/apparmor/apparmor_inspect_linux.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package apparmor
18 |
19 | import (
20 | "fmt"
21 |
22 | "github.com/spf13/cobra"
23 |
24 | "github.com/containerd/nerdctl/v2/pkg/api/types"
25 | "github.com/containerd/nerdctl/v2/pkg/cmd/apparmor"
26 | "github.com/containerd/nerdctl/v2/pkg/defaults"
27 | )
28 |
29 | func inspectCommand() *cobra.Command {
30 | cmd := &cobra.Command{
31 | Use: "inspect",
32 | Short: fmt.Sprintf("Display the default AppArmor profile %q. Other profiles cannot be displayed with this command.", defaults.AppArmorProfileName),
33 | Args: cobra.NoArgs,
34 | RunE: inspectAction,
35 | SilenceUsage: true,
36 | SilenceErrors: true,
37 | }
38 | return cmd
39 | }
40 |
41 | func inspectAction(cmd *cobra.Command, args []string) error {
42 | return apparmor.Inspect(types.ApparmorInspectOptions{
43 | Stdout: cmd.OutOrStdout(),
44 | })
45 | }
46 |
--------------------------------------------------------------------------------
/cmd/nerdctl/apparmor/apparmor_linux.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package apparmor
18 |
19 | import (
20 | "github.com/spf13/cobra"
21 |
22 | "github.com/containerd/nerdctl/v2/cmd/nerdctl/helpers"
23 | )
24 |
25 | func Command() *cobra.Command {
26 | cmd := &cobra.Command{
27 | Annotations: map[string]string{helpers.Category: helpers.Management},
28 | Use: "apparmor",
29 | Short: "Manage AppArmor profiles",
30 | RunE: helpers.UnknownSubcommandAction,
31 | SilenceUsage: true,
32 | SilenceErrors: true,
33 | }
34 | cmd.AddCommand(
35 | listCommand(),
36 | inspectCommand(),
37 | loadCommand(),
38 | unloadCommand(),
39 | )
40 | return cmd
41 | }
42 |
--------------------------------------------------------------------------------
/cmd/nerdctl/apparmor/apparmor_linux_test.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package apparmor
18 |
19 | import (
20 | "testing"
21 |
22 | "github.com/containerd/nerdctl/v2/pkg/testutil"
23 | )
24 |
25 | func TestMain(m *testing.M) {
26 | testutil.M(m)
27 | }
28 |
--------------------------------------------------------------------------------
/cmd/nerdctl/apparmor/apparmor_load_linux.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package apparmor
18 |
19 | import (
20 | "fmt"
21 |
22 | "github.com/spf13/cobra"
23 |
24 | "github.com/containerd/nerdctl/v2/pkg/cmd/apparmor"
25 | "github.com/containerd/nerdctl/v2/pkg/defaults"
26 | )
27 |
28 | func loadCommand() *cobra.Command {
29 | cmd := &cobra.Command{
30 | Use: "load",
31 | Short: fmt.Sprintf("Load the default AppArmor profile %q. Requires root.", defaults.AppArmorProfileName),
32 | Args: cobra.NoArgs,
33 | RunE: loadAction,
34 | SilenceUsage: true,
35 | SilenceErrors: true,
36 | }
37 | return cmd
38 | }
39 |
40 | func loadAction(cmd *cobra.Command, args []string) error {
41 | return apparmor.Load()
42 | }
43 |
--------------------------------------------------------------------------------
/cmd/nerdctl/builder/builder_test.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package builder
18 |
19 | import (
20 | "testing"
21 |
22 | "github.com/containerd/nerdctl/v2/pkg/testutil"
23 | )
24 |
25 | func TestMain(m *testing.M) {
26 | testutil.M(m)
27 | }
28 |
--------------------------------------------------------------------------------
/cmd/nerdctl/completion/completion_unix_nolinux.go:
--------------------------------------------------------------------------------
1 | //go:build unix && !linux
2 |
3 | /*
4 | Copyright The containerd Authors.
5 |
6 | Licensed under the Apache License, Version 2.0 (the "License");
7 | you may not use this file except in compliance with the License.
8 | You may obtain a copy of the License at
9 |
10 | http://www.apache.org/licenses/LICENSE-2.0
11 |
12 | Unless required by applicable law or agreed to in writing, software
13 | distributed under the License is distributed on an "AS IS" BASIS,
14 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 | See the License for the specific language governing permissions and
16 | limitations under the License.
17 | */
18 |
19 | package completion
20 |
21 | import "github.com/spf13/cobra"
22 |
23 | func CgroupManagerNames(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
24 | return nil, cobra.ShellCompDirectiveNoFileComp
25 | }
26 |
--------------------------------------------------------------------------------
/cmd/nerdctl/compose/compose_test.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package compose
18 |
19 | import (
20 | "testing"
21 |
22 | "github.com/containerd/nerdctl/v2/pkg/testutil"
23 | )
24 |
25 | func TestMain(m *testing.M) {
26 | testutil.M(m)
27 | }
28 |
--------------------------------------------------------------------------------
/cmd/nerdctl/container/container_cp_nolinux.go:
--------------------------------------------------------------------------------
1 | //go:build !linux
2 |
3 | /*
4 | Copyright The containerd Authors.
5 |
6 | Licensed under the Apache License, Version 2.0 (the "License");
7 | you may not use this file except in compliance with the License.
8 | You may obtain a copy of the License at
9 |
10 | http://www.apache.org/licenses/LICENSE-2.0
11 |
12 | Unless required by applicable law or agreed to in writing, software
13 | distributed under the License is distributed on an "AS IS" BASIS,
14 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 | See the License for the specific language governing permissions and
16 | limitations under the License.
17 | */
18 |
19 | package container
20 |
21 | import "github.com/spf13/cobra"
22 |
23 | func AddCpCommand(rootCmd *cobra.Command) {
24 | // NOP
25 | }
26 |
--------------------------------------------------------------------------------
/cmd/nerdctl/container/container_run_linux.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package container
18 |
19 | import (
20 | "strings"
21 |
22 | "github.com/spf13/cobra"
23 |
24 | "github.com/containerd/containerd/v2/pkg/cap"
25 | )
26 |
27 | func capShellComplete(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
28 | candidates := []string{}
29 | for _, c := range cap.Known() {
30 | // "CAP_SYS_ADMIN" -> "sys_admin"
31 | s := strings.ToLower(strings.TrimPrefix(c, "CAP_"))
32 | candidates = append(candidates, s)
33 | }
34 | return candidates, cobra.ShellCompDirectiveNoFileComp
35 | }
36 |
--------------------------------------------------------------------------------
/cmd/nerdctl/container/container_run_nolinux.go:
--------------------------------------------------------------------------------
1 | //go:build !linux
2 |
3 | /*
4 | Copyright The containerd Authors.
5 |
6 | Licensed under the Apache License, Version 2.0 (the "License");
7 | you may not use this file except in compliance with the License.
8 | You may obtain a copy of the License at
9 |
10 | http://www.apache.org/licenses/LICENSE-2.0
11 |
12 | Unless required by applicable law or agreed to in writing, software
13 | distributed under the License is distributed on an "AS IS" BASIS,
14 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 | See the License for the specific language governing permissions and
16 | limitations under the License.
17 | */
18 |
19 | package container
20 |
21 | import (
22 | "github.com/spf13/cobra"
23 | )
24 |
25 | func capShellComplete(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) {
26 | candidates := []string{}
27 | return candidates, cobra.ShellCompDirectiveNoFileComp
28 | }
29 |
--------------------------------------------------------------------------------
/cmd/nerdctl/container/container_run_runtime_linux_test.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package container
18 |
19 | import (
20 | "testing"
21 |
22 | "github.com/containerd/nerdctl/v2/pkg/testutil"
23 | )
24 |
25 | func TestRunSysctl(t *testing.T) {
26 | t.Parallel()
27 | base := testutil.NewBase(t)
28 | base.Cmd("run", "--rm", "--sysctl", "net.ipv4.ip_forward=1", testutil.AlpineImage, "cat", "/proc/sys/net/ipv4/ip_forward").AssertOutExactly("1\n")
29 | }
30 |
--------------------------------------------------------------------------------
/cmd/nerdctl/container/container_run_stargz_linux_test.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package container
18 |
19 | import (
20 | "testing"
21 |
22 | "github.com/containerd/nerdctl/mod/tigron/require"
23 | "github.com/containerd/nerdctl/mod/tigron/test"
24 |
25 | "github.com/containerd/nerdctl/v2/pkg/testutil"
26 | "github.com/containerd/nerdctl/v2/pkg/testutil/nerdtest"
27 | )
28 |
29 | func TestRunStargz(t *testing.T) {
30 | testCase := nerdtest.Setup()
31 |
32 | testCase.Require = require.All(
33 | nerdtest.Stargz,
34 | require.Amd64,
35 | require.Not(nerdtest.Docker),
36 | )
37 |
38 | testCase.Command = test.Command("--snapshotter=stargz", "run", "--quiet", "--rm", testutil.FedoraESGZImage, "ls", "/.stargz-snapshotter")
39 |
40 | testCase.Expected = test.Expects(0, nil, nil)
41 |
42 | testCase.Run(t)
43 | }
44 |
--------------------------------------------------------------------------------
/cmd/nerdctl/container/container_run_user_windows_test.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package container
18 |
19 | import (
20 | "testing"
21 |
22 | "github.com/containerd/nerdctl/v2/pkg/testutil"
23 | )
24 |
25 | func TestRunUserName(t *testing.T) {
26 | base := testutil.NewBase(t)
27 | testCases := map[string]string{
28 | "": "ContainerAdministrator",
29 | "ContainerAdministrator": "ContainerAdministrator",
30 | "ContainerUser": "ContainerUser",
31 | }
32 | for userStr, expected := range testCases {
33 | userStr := userStr
34 | expected := expected
35 | t.Run(userStr, func(t *testing.T) {
36 | t.Parallel()
37 | cmd := []string{"run", "--rm"}
38 | if userStr != "" {
39 | cmd = append(cmd, "--user", userStr)
40 | }
41 | cmd = append(cmd, testutil.WindowsNano, "whoami")
42 | base.Cmd(cmd...).AssertOutContains(expected)
43 | })
44 | }
45 | }
46 |
--------------------------------------------------------------------------------
/cmd/nerdctl/container/container_test.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package container
18 |
19 | import (
20 | "testing"
21 |
22 | "github.com/containerd/nerdctl/v2/pkg/testutil"
23 | )
24 |
25 | func TestMain(m *testing.M) {
26 | testutil.M(m)
27 | }
28 |
--------------------------------------------------------------------------------
/cmd/nerdctl/container/container_update_linux_test.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package container
18 |
19 | import (
20 | "testing"
21 |
22 | "github.com/containerd/nerdctl/v2/pkg/testutil"
23 | )
24 |
25 | func TestUpdateContainer(t *testing.T) {
26 | testutil.DockerIncompatible(t)
27 | testContainerName := testutil.Identifier(t)
28 | base := testutil.NewBase(t)
29 | base.Cmd("run", "-d", "--name", testContainerName, testutil.CommonImage, "sleep", "infinity").AssertOK()
30 | defer base.Cmd("rm", "-f", testContainerName).Run()
31 | base.Cmd("update", "--memory", "999999999", "--restart", "123", testContainerName).AssertFail()
32 | base.Cmd("inspect", "--mode=native", testContainerName).AssertOutNotContains(`"limit": 999999999,`)
33 | }
34 |
--------------------------------------------------------------------------------
/cmd/nerdctl/helpers/consts.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package helpers
18 |
19 | const (
20 | Category = "category"
21 | Management = "management"
22 | )
23 |
--------------------------------------------------------------------------------
/cmd/nerdctl/helpers/prompt.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package helpers
18 |
19 | import (
20 | "fmt"
21 | "strings"
22 |
23 | "github.com/spf13/cobra"
24 | )
25 |
26 | func Confirm(cmd *cobra.Command, message string) (bool, error) {
27 | message += "\nAre you sure you want to continue? [y/N] "
28 | _, err := fmt.Fprint(cmd.OutOrStdout(), message)
29 | if err != nil {
30 | return false, err
31 | }
32 |
33 | var confirm string
34 | _, err = fmt.Fscanf(cmd.InOrStdin(), "%s", &confirm)
35 | if err != nil {
36 | return false, err
37 | }
38 | return strings.ToLower(confirm) == "y", err
39 | }
40 |
--------------------------------------------------------------------------------
/cmd/nerdctl/image/image_test.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package image
18 |
19 | import (
20 | "testing"
21 |
22 | "github.com/containerd/nerdctl/v2/pkg/testutil"
23 | )
24 |
25 | func TestMain(m *testing.M) {
26 | testutil.M(m)
27 | }
28 |
--------------------------------------------------------------------------------
/cmd/nerdctl/internal/internal.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package internal
18 |
19 | import (
20 | "github.com/spf13/cobra"
21 | )
22 |
23 | func Command() *cobra.Command {
24 | var cmd = &cobra.Command{
25 | Use: "internal",
26 | Short: "DO NOT EXECUTE MANUALLY",
27 | Hidden: true,
28 | SilenceUsage: true,
29 | SilenceErrors: true,
30 | }
31 |
32 | cmd.AddCommand(
33 | newInternalOCIHookCommandCommand(),
34 | )
35 |
36 | return cmd
37 | }
38 |
--------------------------------------------------------------------------------
/cmd/nerdctl/ipfs/ipfs.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package ipfs
18 |
19 | import (
20 | "github.com/spf13/cobra"
21 |
22 | "github.com/containerd/nerdctl/v2/cmd/nerdctl/helpers"
23 | )
24 |
25 | func NewIPFSCommand() *cobra.Command {
26 | cmd := &cobra.Command{
27 | Annotations: map[string]string{helpers.Category: helpers.Management},
28 | Use: "ipfs",
29 | Short: "Distributing images on IPFS",
30 | RunE: helpers.UnknownSubcommandAction,
31 | SilenceUsage: true,
32 | SilenceErrors: true,
33 | }
34 | cmd.AddCommand(
35 | newIPFSRegistryCommand(),
36 | )
37 | return cmd
38 | }
39 |
--------------------------------------------------------------------------------
/cmd/nerdctl/ipfs/ipfs_registry.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package ipfs
18 |
19 | import (
20 | "github.com/spf13/cobra"
21 |
22 | "github.com/containerd/nerdctl/v2/cmd/nerdctl/helpers"
23 | )
24 |
25 | func newIPFSRegistryCommand() *cobra.Command {
26 | cmd := &cobra.Command{
27 | Annotations: map[string]string{helpers.Category: helpers.Management},
28 | Use: "registry",
29 | Short: "Manage read-only registry backed by IPFS",
30 | PreRunE: helpers.CheckExperimental("ipfs"),
31 | RunE: helpers.UnknownSubcommandAction,
32 | SilenceUsage: true,
33 | SilenceErrors: true,
34 | }
35 | cmd.AddCommand(
36 | newIPFSRegistryServeCommand(),
37 | )
38 | return cmd
39 | }
40 |
--------------------------------------------------------------------------------
/cmd/nerdctl/ipfs/ipfs_test.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package ipfs
18 |
19 | import (
20 | "testing"
21 |
22 | "github.com/containerd/nerdctl/v2/pkg/testutil"
23 | )
24 |
25 | func TestMain(m *testing.M) {
26 | testutil.M(m)
27 | }
28 |
--------------------------------------------------------------------------------
/cmd/nerdctl/login/login_test.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package login
18 |
19 | import (
20 | "testing"
21 |
22 | "github.com/containerd/nerdctl/v2/pkg/testutil"
23 | )
24 |
25 | func TestMain(m *testing.M) {
26 | testutil.M(m)
27 | }
28 |
--------------------------------------------------------------------------------
/cmd/nerdctl/main_nolinux.go:
--------------------------------------------------------------------------------
1 | //go:build !linux
2 |
3 | /*
4 | Copyright The containerd Authors.
5 |
6 | Licensed under the Apache License, Version 2.0 (the "License");
7 | you may not use this file except in compliance with the License.
8 | You may obtain a copy of the License at
9 |
10 | http://www.apache.org/licenses/LICENSE-2.0
11 |
12 | Unless required by applicable law or agreed to in writing, software
13 | distributed under the License is distributed on an "AS IS" BASIS,
14 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 | See the License for the specific language governing permissions and
16 | limitations under the License.
17 | */
18 |
19 | package main
20 |
21 | import (
22 | "github.com/spf13/cobra"
23 | )
24 |
25 | func appNeedsRootlessParentMain(cmd *cobra.Command, args []string) bool {
26 | return false
27 | }
28 |
29 | func addApparmorCommand(rootCmd *cobra.Command) {
30 | // NOP
31 | }
32 |
33 | func resetSavedSETUID() error {
34 | // NOP
35 | return nil
36 | }
37 |
--------------------------------------------------------------------------------
/cmd/nerdctl/namespace/namespace_test.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package namespace
18 |
19 | import (
20 | "testing"
21 |
22 | "github.com/containerd/nerdctl/v2/pkg/testutil"
23 | )
24 |
25 | func TestMain(m *testing.M) {
26 | testutil.M(m)
27 | }
28 |
--------------------------------------------------------------------------------
/cmd/nerdctl/network/network.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package network
18 |
19 | import (
20 | "github.com/spf13/cobra"
21 |
22 | "github.com/containerd/nerdctl/v2/cmd/nerdctl/helpers"
23 | )
24 |
25 | func Command() *cobra.Command {
26 | cmd := &cobra.Command{
27 | Annotations: map[string]string{helpers.Category: helpers.Management},
28 | Use: "network",
29 | Short: "Manage networks",
30 | RunE: helpers.UnknownSubcommandAction,
31 | SilenceUsage: true,
32 | SilenceErrors: true,
33 | }
34 | cmd.AddCommand(
35 | listCommand(),
36 | inspectCommand(),
37 | createCommand(),
38 | removeCommand(),
39 | pruneCommand(),
40 | )
41 | return cmd
42 | }
43 |
--------------------------------------------------------------------------------
/cmd/nerdctl/network/network_create_unix.go:
--------------------------------------------------------------------------------
1 | //go:build unix
2 |
3 | /*
4 | Copyright The containerd Authors.
5 |
6 | Licensed under the Apache License, Version 2.0 (the "License");
7 | you may not use this file except in compliance with the License.
8 | You may obtain a copy of the License at
9 |
10 | http://www.apache.org/licenses/LICENSE-2.0
11 |
12 | Unless required by applicable law or agreed to in writing, software
13 | distributed under the License is distributed on an "AS IS" BASIS,
14 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 | See the License for the specific language governing permissions and
16 | limitations under the License.
17 | */
18 |
19 | package network
20 |
21 | const DefaultNetworkDriver = "bridge"
22 |
--------------------------------------------------------------------------------
/cmd/nerdctl/network/network_create_windows.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package network
18 |
19 | const DefaultNetworkDriver = "nat"
20 |
--------------------------------------------------------------------------------
/cmd/nerdctl/network/network_test.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package network
18 |
19 | import (
20 | "testing"
21 |
22 | "github.com/containerd/nerdctl/v2/pkg/testutil"
23 | )
24 |
25 | func TestMain(m *testing.M) {
26 | testutil.M(m)
27 | }
28 |
--------------------------------------------------------------------------------
/cmd/nerdctl/system/system.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package system
18 |
19 | import (
20 | "github.com/spf13/cobra"
21 |
22 | "github.com/containerd/nerdctl/v2/cmd/nerdctl/helpers"
23 | )
24 |
25 | func Command() *cobra.Command {
26 | var cmd = &cobra.Command{
27 | Annotations: map[string]string{helpers.Category: helpers.Management},
28 | Use: "system",
29 | Short: "Manage containerd",
30 | RunE: helpers.UnknownSubcommandAction,
31 | SilenceUsage: true,
32 | SilenceErrors: true,
33 | }
34 | // versionCommand is not here
35 | cmd.AddCommand(
36 | EventsCommand(),
37 | InfoCommand(),
38 | pruneCommand(),
39 | )
40 | return cmd
41 | }
42 |
--------------------------------------------------------------------------------
/cmd/nerdctl/system/system_test.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package system
18 |
19 | import (
20 | "testing"
21 |
22 | "github.com/containerd/nerdctl/v2/pkg/testutil"
23 | )
24 |
25 | func TestMain(m *testing.M) {
26 | testutil.M(m)
27 | }
28 |
--------------------------------------------------------------------------------
/cmd/nerdctl/volume/volume.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package volume
18 |
19 | import (
20 | "github.com/spf13/cobra"
21 |
22 | "github.com/containerd/nerdctl/v2/cmd/nerdctl/helpers"
23 | )
24 |
25 | func Command() *cobra.Command {
26 | cmd := &cobra.Command{
27 | Annotations: map[string]string{helpers.Category: helpers.Management},
28 | Use: "volume",
29 | Short: "Manage volumes",
30 | RunE: helpers.UnknownSubcommandAction,
31 | SilenceUsage: true,
32 | SilenceErrors: true,
33 | }
34 | cmd.AddCommand(
35 | listCommand(),
36 | inspectCommand(),
37 | createCommand(),
38 | removeCommand(),
39 | pruneCommand(),
40 | )
41 | return cmd
42 | }
43 |
--------------------------------------------------------------------------------
/cmd/nerdctl/volume/volume_test.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package volume
18 |
19 | import (
20 | "testing"
21 |
22 | "github.com/containerd/nerdctl/v2/pkg/testutil"
23 | )
24 |
25 | func TestMain(m *testing.M) {
26 | testutil.M(m)
27 | }
28 |
--------------------------------------------------------------------------------
/docs/experimental.md:
--------------------------------------------------------------------------------
1 | # Experimental features of nerdctl
2 |
3 | The following features are experimental and subject to change.
4 | See [`./config.md`](config.md) about how to enable these features.
5 |
6 | - [Windows containers](https://github.com/containerd/nerdctl/issues/28)
7 | - [FreeBSD containers](./freebsd.md)
8 | - Flags of `nerdctl image convert`: `--estargz-record-in=FILE` and `--zstdchunked-record-in=FILE` (Importing an external eStargz record JSON file), `--estargz-external-toc` (Separating TOC JSON to another image).
9 | eStargz and zstd themselves are out of experimental.
10 | - [Image Distribution on IPFS](./ipfs.md)
11 | - [Image Sign and Verify (cosign)](./cosign.md)
12 | - [Image Sign and Verify (notation)](./notation.md)
13 | - [Rootless container networking acceleration with bypass4netns](./rootless.md#bypass4netns)
14 | - [Interactive debugging of Dockerfile](./builder-debug.md)
15 | - Kubernetes (`cri`) log viewer: `nerdctl --namespace=k8s.io logs`
16 |
--------------------------------------------------------------------------------
/docs/freebsd.md:
--------------------------------------------------------------------------------
1 | # FreeBSD
2 |
3 |
4 | | :zap: FreeBSD runtimes are at the very early stage of development |
5 | |--------------------------------------------------------------------------|
6 |
7 | nerdctl provides experimental support for running FreeBSD jails on FreeBSD hosts.
8 |
9 | ## Installation
10 |
11 | You will need the most up-to-date containerd build along with a containerd shim,
12 | such as [runj](https://github.com/samuelkarp/runj). Follow the build
13 | instructions in the respective repositories.
14 |
15 | ## Usage
16 |
17 | You can use the `dougrabson/freebsd13.2-small` image to run a FreeBSD 13 jail:
18 |
19 | ```sh
20 | nerdctl run --net none -it dougrabson/freebsd13.2-small
21 | ```
22 |
23 | Alternatively use `--platform` parameter to run linux containers
24 |
25 | ```sh
26 | nerdctl run --platform linux --net none -it amazonlinux:2
27 | ```
28 |
29 |
30 | ## Limitations & Bugs
31 |
32 | - :warning: CNI & CNI plugins are not yet ported to FreeBSD. The only supported
33 | network type is `none`
34 |
--------------------------------------------------------------------------------
/docs/images/nerdctl.svg:
--------------------------------------------------------------------------------
1 |
2 |
26 |
--------------------------------------------------------------------------------
/docs/images/rootlessKit-network-design.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/containerd/nerdctl/b8c4b3d852b8e49b59a3061f72a9064a6f78e3c5/docs/images/rootlessKit-network-design.png
--------------------------------------------------------------------------------
/examples/compose-multi-platform/Dockerfile:
--------------------------------------------------------------------------------
1 | # Copyright The containerd Authors.
2 |
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 |
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 |
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | FROM php:apache
16 | COPY index.php /var/www/html/
17 |
--------------------------------------------------------------------------------
/examples/compose-multi-platform/README.md:
--------------------------------------------------------------------------------
1 | # Multi-platform compose demo
2 |
3 | - Make sure QEMU is configured, see [`../../docs/multi-platform.md`](../../docs/multi-platform.md)
4 | - Run `nerdctl compose up -d`
5 | - Open http://localhost:8080 , and confirm that "System" is ppc64le
6 | - Open http://localhost:8081 , and confirm that "System" is s390x
7 |
--------------------------------------------------------------------------------
/examples/compose-multi-platform/docker-compose.yaml:
--------------------------------------------------------------------------------
1 | services:
2 | svc0:
3 | build: .
4 | platform: s390x
5 | ports:
6 | - 8080:80
7 | svc1:
8 | build: .
9 | platform: ppc64le
10 | ports:
11 | - 8081:80
12 |
--------------------------------------------------------------------------------
/examples/compose-multi-platform/index.php:
--------------------------------------------------------------------------------
1 |
2 |
--------------------------------------------------------------------------------
/examples/compose-wordpress/README.md:
--------------------------------------------------------------------------------
1 | # Demo: wordpress + mariadb
2 |
3 | Usage:
4 | - Substitute "examplepass" in [`docker-compose.yaml`](./docker-compose.yaml) to your own password.
5 | - Run `nerdctl compose up`.
6 | - Open http://localhost:8080, and make sure Wordpress is working. If you see "Error establishing a database connection", wait for a minute.
7 |
8 | ## eStargz version
9 |
10 | eStargz version enables lazy-pulling. See [`../../docs/stargz.md`](../../docs/stargz.md).
11 |
12 | Usage: `nerdctl --snapshotter=stargz compose -f docker-compose.stargz.yaml up`
13 |
--------------------------------------------------------------------------------
/examples/compose-wordpress/docker-compose.stargz.yaml:
--------------------------------------------------------------------------------
1 | # # Docker Compose stack for Wordpress (eStargz version)
2 |
3 | # Usage: nerdctl --snapshotter=stargz compose -f docker-compose.stargz.yaml up
4 | services:
5 | wordpress:
6 | image: ghcr.io/stargz-containers/wordpress:5.7-esgz
7 | volumes:
8 | # workaround for https://github.com/containerd/stargz-snapshotter/issues/444
9 | - "/run"
10 | extends:
11 | file: docker-compose.yaml
12 | service: wordpress
13 |
14 | db:
15 | image: ghcr.io/stargz-containers/mariadb:10.5-esgz
16 | volumes:
17 | # workaround for https://github.com/containerd/stargz-snapshotter/issues/444
18 | - "/run"
19 | extends:
20 | file: docker-compose.yaml
21 | service: db
22 |
23 | volumes:
24 | wordpress:
25 | db:
26 |
--------------------------------------------------------------------------------
/examples/compose-wordpress/docker-compose.yaml:
--------------------------------------------------------------------------------
1 | # Docker Compose stack for Wordpress, from https://hub.docker.com/_/wordpress
2 |
3 | # !!! Make sure to substitute "examplepass" with your own password !!!
4 |
5 | version: '3.1'
6 |
7 | services:
8 |
9 | wordpress:
10 | image: wordpress:5.7
11 | restart: always
12 | ports:
13 | - 8080:80
14 | environment:
15 | WORDPRESS_DB_HOST: db
16 | WORDPRESS_DB_USER: exampleuser
17 | WORDPRESS_DB_PASSWORD: examplepass
18 | WORDPRESS_DB_NAME: exampledb
19 | volumes:
20 | - wordpress:/var/www/html
21 |
22 | db:
23 | image: mariadb:10.5
24 | restart: always
25 | environment:
26 | MYSQL_DATABASE: exampledb
27 | MYSQL_USER: exampleuser
28 | MYSQL_PASSWORD: examplepass
29 | MYSQL_RANDOM_ROOT_PASSWORD: '1'
30 | volumes:
31 | - db:/var/lib/mysql
32 |
33 | volumes:
34 | wordpress:
35 | db:
36 |
--------------------------------------------------------------------------------
/examples/nerdctl-ipfs-registry-kubernetes/ipfs-stargz-snapshotter/bootstrap.yaml.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | # Copyright The containerd Authors.
4 |
5 | # Licensed under the Apache License, Version 2.0 (the "License");
6 | # you may not use this file except in compliance with the License.
7 | # You may obtain a copy of the License at
8 |
9 | # http://www.apache.org/licenses/LICENSE-2.0
10 |
11 | # Unless required by applicable law or agreed to in writing, software
12 | # distributed under the License is distributed on an "AS IS" BASIS,
13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 | # See the License for the specific language governing permissions and
15 | # limitations under the License.
16 |
17 | # Example script to prepare swarm key secret for IPFS bootstrap,
18 | # Example: ./bootstrap.yaml.sh > ./bootstrap.yaml
19 |
20 | set -eu -o pipefail
21 |
22 | if ! command -v ipfs-swarm-key-gen >/dev/null 2>&1 ; then
23 | echo "ipfs-swarm-key-gen not found"
24 | exit 1
25 | fi
26 |
27 | SWARM_KEY=$(ipfs-swarm-key-gen | base64 | tr -d '\n')
28 |
29 | cat < ./bootstrap.yaml
19 |
20 | set -eu -o pipefail
21 |
22 | if ! command -v ipfs-swarm-key-gen >/dev/null 2>&1 ; then
23 | echo "ipfs-swarm-key-gen not found"
24 | exit 1
25 | fi
26 |
27 | SWARM_KEY=$(ipfs-swarm-key-gen | base64 | tr -d '\n')
28 |
29 | cat <&2 "WARNING: ${TAG}: commit hash was not specified (got ${HEAD})"
41 | else
42 | if [ "$HEAD" != "$HASH" ]; then
43 | echo >&2 "ERROR: ${TAG}: expected ${HASH}, got ${HEAD}"
44 | exit 1
45 | fi
46 | fi
47 |
--------------------------------------------------------------------------------
/hack/provisioning/README.md:
--------------------------------------------------------------------------------
1 | # Dependencies provisioning for integration testing
2 |
3 | This folder provides a set of scripts useful (for the CI) to configure hosts for
4 | the purpose of testing.
5 |
6 | While this is agnostic and would (probably) work outside the context of GitHub Actions,
7 | this is not the right way for people to install a functioning stack.
8 | Use provided installation scripts instead (see user documentation).
9 |
10 | ## Contents
11 |
12 | - `/version` allows retrieving latest (or experimental) versions of certain products (golang, containerd, etc)
13 | - `/linux` allows updating in-place containerd, cni (future: buildkit)
14 | - `/windows` allows install WinCNI, containerd
15 | - `/kube` allows spinning-up a Kind cluster
--------------------------------------------------------------------------------
/hack/provisioning/kube/kind.yaml:
--------------------------------------------------------------------------------
1 | # https://pkg.go.dev/sigs.k8s.io/kind/pkg/apis/config/v1alpha4#Cluster
2 | kind: Cluster
3 | apiVersion: kind.x-k8s.io/v1alpha4
4 | nodes:
5 | - role: control-plane
6 | extraMounts:
7 | - hostPath: _output/nerdctl
8 | containerPath: /usr/local/bin/nerdctl
9 | - hostPath: /tmp/go
10 | containerPath: /usr/local/go
11 | - hostPath: .
12 | containerPath: /nerdctl-source
13 | - hostPath: /opt/cni
14 | containerPath: /opt/cni
15 |
--------------------------------------------------------------------------------
/hack/provisioning/windows/containerd.ps1:
--------------------------------------------------------------------------------
1 | $ErrorActionPreference = "Stop"
2 |
3 | #install containerd
4 | $version=$env:ctrdVersion
5 | echo "Installing containerd $version"
6 | curl.exe -L https://github.com/containerd/containerd/releases/download/v$version/containerd-$version-windows-amd64.tar.gz -o containerd-windows-amd64.tar.gz
7 | tar.exe xvf containerd-windows-amd64.tar.gz
8 | mkdir -force "$Env:ProgramFiles\containerd"
9 | cp ./bin/* "$Env:ProgramFiles\containerd"
10 |
11 | & $Env:ProgramFiles\containerd\containerd.exe config default | Out-File "$Env:ProgramFiles\containerd\config.toml" -Encoding ascii
12 | & $Env:ProgramFiles\containerd\containerd.exe --register-service
13 | Start-Service containerd
14 |
15 | echo "configuration complete! Printing configuration..."
16 | echo "Service:"
17 | get-service containerd
18 | echo "cni configuration"
19 | cat "$Env:ProgramFiles\containerd\cni\conf\0-containerd-nat.conflist"
20 | ls "$Env:ProgramFiles\containerd\cni\bin"
21 | echo "containerd install"
22 | ls "$Env:ProgramFiles\containerd\"
23 | & "$Env:ProgramFiles\containerd\containerd.exe" --version
24 |
--------------------------------------------------------------------------------
/mod/tigron/.yamllint:
--------------------------------------------------------------------------------
1 | ---
2 |
3 | extends: default
4 |
5 | rules:
6 | indentation:
7 | spaces: 2
8 | indent-sequences: consistent
9 | truthy:
10 | allowed-values: ['true', 'false', 'on', 'off']
11 | comments-indentation: disable
12 | document-start: disable
13 | line-length: disable
14 |
--------------------------------------------------------------------------------
/mod/tigron/expect/doc.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | // Package expect provides a set of simple concrete test.Comparator implementations to use by tests
18 | // on stdout, along with exit code expectations.
19 | package expect
20 |
--------------------------------------------------------------------------------
/mod/tigron/expect/exit.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package expect
18 |
19 | const (
20 | // ExitCodeSuccess will ensure that the command effectively ran returned with exit code zero.
21 | ExitCodeSuccess = 0
22 | // ExitCodeGenericFail will verify that the command ran and exited with a non-zero error code.
23 | // This does NOT include timeouts, cancellation, or signals.
24 | ExitCodeGenericFail = -10
25 | // ExitCodeNoCheck does not enforce any check at all on the function.
26 | ExitCodeNoCheck = -11
27 | // ExitCodeTimeout verifies that the command was cancelled on timeout.
28 | ExitCodeTimeout = -12
29 | // ExitCodeSignaled verifies that the command has been terminated by a signal.
30 | ExitCodeSignaled = -13
31 | // ExitCodeCancelled = -14.
32 | )
33 |
--------------------------------------------------------------------------------
/mod/tigron/go.mod:
--------------------------------------------------------------------------------
1 | module github.com/containerd/nerdctl/mod/tigron
2 |
3 | go 1.23.0
4 |
5 | require (
6 | github.com/creack/pty v1.1.24
7 | go.uber.org/goleak v1.3.0
8 | golang.org/x/sync v0.13.0
9 | golang.org/x/term v0.30.0
10 | golang.org/x/text v0.24.0
11 | )
12 |
13 | require golang.org/x/sys v0.31.0 // indirect
14 |
--------------------------------------------------------------------------------
/mod/tigron/hack/dev-setup-linux.sh:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env bash
2 |
3 | # Copyright The containerd Authors.
4 |
5 | # Licensed under the Apache License, Version 2.0 (the "License");
6 | # you may not use this file except in compliance with the License.
7 | # You may obtain a copy of the License at
8 |
9 | # http://www.apache.org/licenses/LICENSE-2.0
10 |
11 | # Unless required by applicable law or agreed to in writing, software
12 | # distributed under the License is distributed on an "AS IS" BASIS,
13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 | # See the License for the specific language governing permissions and
15 | # limitations under the License.
16 |
17 | set -o errexit -o errtrace -o functrace -o nounset -o pipefail
18 |
19 | sudo apt-get install -qq --no-install-recommends golang make yamllint shellcheck
20 |
--------------------------------------------------------------------------------
/mod/tigron/hack/dev-setup-macos.sh:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env bash
2 |
3 | # Copyright The containerd Authors.
4 |
5 | # Licensed under the Apache License, Version 2.0 (the "License");
6 | # you may not use this file except in compliance with the License.
7 | # You may obtain a copy of the License at
8 |
9 | # http://www.apache.org/licenses/LICENSE-2.0
10 |
11 | # Unless required by applicable law or agreed to in writing, software
12 | # distributed under the License is distributed on an "AS IS" BASIS,
13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 | # See the License for the specific language governing permissions and
15 | # limitations under the License.
16 |
17 | set -o errexit -o errtrace -o functrace -o nounset -o pipefail
18 |
19 | brew install golang make yamllint shellcheck
20 |
--------------------------------------------------------------------------------
/mod/tigron/hack/headers/bash.txt:
--------------------------------------------------------------------------------
1 | # Copyright The containerd Authors.
2 |
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 |
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 |
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
--------------------------------------------------------------------------------
/mod/tigron/hack/headers/dockerfile.txt:
--------------------------------------------------------------------------------
1 | # Copyright The containerd Authors.
2 |
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 |
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 |
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
--------------------------------------------------------------------------------
/mod/tigron/hack/headers/go.txt:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
--------------------------------------------------------------------------------
/mod/tigron/hack/headers/makefile.txt:
--------------------------------------------------------------------------------
1 | # Copyright The containerd Authors.
2 |
3 | # Licensed under the Apache License, Version 2.0 (the "License");
4 | # you may not use this file except in compliance with the License.
5 | # You may obtain a copy of the License at
6 |
7 | # http://www.apache.org/licenses/LICENSE-2.0
8 |
9 | # Unless required by applicable law or agreed to in writing, software
10 | # distributed under the License is distributed on an "AS IS" BASIS,
11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 | # See the License for the specific language governing permissions and
13 | # limitations under the License.
14 |
15 | # project-checks is broken.
16 | # See https://github.com/containerd/nerdctl/pull/3889
--------------------------------------------------------------------------------
/mod/tigron/internal/assertive/doc.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | // Package assertive is an experimental, zero-dependencies assert library.
18 | // Right now, it is not public and meant to be used only inside tigron.
19 | // Consumers of tigron are free to use whatever assert library they want.
20 | // In the future, this may become public for peeps who want `assert` to be
21 | // bundled in.
22 | package assertive
23 |
--------------------------------------------------------------------------------
/mod/tigron/internal/com/command_other.go:
--------------------------------------------------------------------------------
1 | //go:build !windows
2 |
3 | /*
4 | Copyright The containerd Authors.
5 |
6 | Licensed under the Apache License, Version 2.0 (the "License");
7 | you may not use this file except in compliance with the License.
8 | You may obtain a copy of the License at
9 |
10 | http://www.apache.org/licenses/LICENSE-2.0
11 |
12 | Unless required by applicable law or agreed to in writing, software
13 | distributed under the License is distributed on an "AS IS" BASIS,
14 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 | See the License for the specific language governing permissions and
16 | limitations under the License.
17 | */
18 |
19 | package com
20 |
21 | import (
22 | "os/exec"
23 | "syscall"
24 | )
25 |
26 | func addAttr(cmd *exec.Cmd) func() error {
27 | // Default shutdown will leave child processes behind in certain circumstances.
28 | cmd.SysProcAttr = &syscall.SysProcAttr{
29 | Setsid: true,
30 | // FIXME: understand why we would want that.
31 | // Setctty: true,
32 | }
33 |
34 | return func() error {
35 | _ = syscall.Kill(-cmd.Process.Pid, syscall.SIGKILL)
36 |
37 | return nil
38 | }
39 | }
40 |
--------------------------------------------------------------------------------
/mod/tigron/internal/com/command_windows.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package com
18 |
19 | import (
20 | "os/exec"
21 | )
22 |
23 | func addAttr(_ *exec.Cmd) func() error {
24 | return nil
25 | }
26 |
--------------------------------------------------------------------------------
/mod/tigron/internal/com/doc.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | // Package com is a lightweight wrapper around golang command execution.
18 | // It provides a simplified API to create commands with baked-in:
19 | // - timeout
20 | // - pty
21 | // - environment filtering
22 | // - stdin manipulation
23 | // - proper termination of the process group
24 | // - wrapping commands and prepended args
25 | package com
26 |
--------------------------------------------------------------------------------
/mod/tigron/internal/com/package_benchmark_test.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package com_test
18 |
19 | import (
20 | "context"
21 | "testing"
22 |
23 | "github.com/containerd/nerdctl/mod/tigron/internal/com"
24 | )
25 |
26 | // FIXME: this requires go 1.24 - uncomment when go 1.23 is out of support
27 | // func BenchmarkCommand(b *testing.B) {
28 | // for b.Loop() {
29 | // cmd := com.Command{
30 | // Binary: "true",
31 | // }
32 | //
33 | // _ = cmd.Run()
34 | // _, _ = cmd.Wait()
35 | // }
36 | // }
37 |
38 | func BenchmarkCommandParallel(b *testing.B) {
39 | b.RunParallel(func(pb *testing.PB) {
40 | for pb.Next() {
41 | cmd := &com.Command{
42 | Binary: "true",
43 | }
44 | _ = cmd.Run(context.Background())
45 | _, _ = cmd.Wait()
46 | }
47 | })
48 | }
49 |
--------------------------------------------------------------------------------
/mod/tigron/internal/doc.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | // Package internal provides an assert library, pty, a command wrapper, and a leak detection library
18 | // for internal use in Tigron. The objective for these is not to become generic use-cases libraries,
19 | // but instead to deliver what Tigron
20 | // needs in the simplest possible form.
21 | package internal
22 |
--------------------------------------------------------------------------------
/mod/tigron/internal/exit.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package internal
18 |
19 | // This is duplicated from `expect` to avoid circular imports.
20 | const (
21 | ExitCodeSuccess = 0
22 | ExitCodeGenericFail = -10
23 | ExitCodeNoCheck = -11
24 | ExitCodeTimeout = -12
25 | ExitCodeSignaled = -13
26 | // ExitCodeCancelled = -14.
27 | )
28 |
--------------------------------------------------------------------------------
/mod/tigron/internal/formatter/doc.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | // Package formatter provides simple formatting helpers for internal consumption.
18 | package formatter
19 |
--------------------------------------------------------------------------------
/mod/tigron/internal/formatter/osc8.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package formatter
18 |
19 | import "fmt"
20 |
21 | // OSC8 hyperlinks implementation.
22 | type OSC8 struct {
23 | Location string `json:"location"`
24 | Line int `json:"line"`
25 | Text string `json:"text"`
26 | }
27 |
28 | func (o *OSC8) String() string {
29 | // FIXME: not sure if any desktop software does support line numbers anchors?
30 | // FIXME: test that the terminal is able to display these and fallback to printing the information if not.
31 | return fmt.Sprintf("\x1b]8;;%s#%d:1\x07%s\x1b]8;;\x07"+"\u001b[0m", o.Location, o.Line, o.Text)
32 | }
33 |
--------------------------------------------------------------------------------
/mod/tigron/internal/highk/doc.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | // Package highk (for "high-κ dielectric") is a highly experimental leak detection library (for file descriptors and go
18 | // routines).
19 | // It is purely internal for now and used only as part of the tests for tigron.
20 | // TODO:
21 | // - get rid of lsof and implement in go
22 | // - investigate feasibility of adding automatic leak detection for any test using tigron
23 | // - investigate feasibility of adding leak detection for tested binaries
24 | // - review usefulness of uber goroutines leak library
25 | package highk
26 |
--------------------------------------------------------------------------------
/mod/tigron/internal/highk/goroutines.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package highk
18 |
19 | import (
20 | "go.uber.org/goleak"
21 | )
22 |
23 | // FindGoRoutines retrieves leaked go routines, which are returned as an error.
24 | //
25 | //nolint:wrapcheck // FIXME: work in progress
26 | func FindGoRoutines() error {
27 | return goleak.Find()
28 | }
29 |
--------------------------------------------------------------------------------
/mod/tigron/internal/logger/doc.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | // Package logger is a very simple stub allowing developers to hook whatever logger they want to debug internal behavior
18 | // of the com package.
19 | // The passed logger just has to implement the Log(args...any) method.
20 | // Typically, that would be a *testing.T.
21 | package logger
22 |
--------------------------------------------------------------------------------
/mod/tigron/internal/mimicry/doc.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | // Package mimicry provides a very rough and rudimentary mimicry library to help with internal tigron testing.
18 | // It does not require generation, does not abuse reflect (too much), and keeps the amount of boilerplate baloney to a
19 | // minimum.
20 | // This is NOT a generic mock library. Use something else if you need one.
21 | package mimicry
22 |
--------------------------------------------------------------------------------
/mod/tigron/internal/mocks/doc.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | // Package mocks provides a collection of tigron internal mocks to ease testing.
18 | package mocks
19 |
--------------------------------------------------------------------------------
/mod/tigron/require/doc.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | // Package require provides a set of concrete test.Requirements to express the need for a specific
18 | // architecture, OS, or binary, along with Not() and All() which allow Requirements composition.
19 | package require
20 |
--------------------------------------------------------------------------------
/mod/tigron/test/consts.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package test
18 |
19 | const (
20 | // FilePermissionsDefault specifies the default creation mode for temporary files.
21 | // Note that umask will affect these.
22 | FilePermissionsDefault = 0o644
23 | // DirPermissionsDefault specifies the default creation mode for temporary directories.
24 | // Note that umask will affect these.
25 | DirPermissionsDefault = 0o755
26 | )
27 |
--------------------------------------------------------------------------------
/mod/tigron/test/doc.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | // Package test is the main entrypoint for Tigron.
18 | package test
19 |
--------------------------------------------------------------------------------
/mod/tigron/test/expected.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package test
18 |
19 | // Command is the simplest way to express a test.TestableCommand for very basic cases
20 | // where access to test data is not necessary.
21 | func Command(args ...string) Executor {
22 | return func(_ Data, helpers Helpers) TestableCommand {
23 | return helpers.Command(args...)
24 | }
25 | }
26 |
27 | // Expects is provided as a simple helper covering "expectations" for simple use-cases
28 | // where access to the test data is not necessary.
29 | func Expects(exitCode int, errors []error, output Comparator) Manager {
30 | return func(_ Data, _ Helpers) *Expected {
31 | return &Expected{
32 | ExitCode: exitCode,
33 | Errors: errors,
34 | Output: output,
35 | }
36 | }
37 | }
38 |
--------------------------------------------------------------------------------
/mod/tigron/test/test.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package test
18 |
19 | import (
20 | "testing"
21 | )
22 |
23 | // Testable TODO.
24 | type Testable interface {
25 | CustomCommand(testCase *Case, t *testing.T) CustomizableCommand
26 | AmbientRequirements(testCase *Case, t *testing.T)
27 | }
28 |
29 | // FIXME
30 | //
31 | //nolint:gochecknoglobals
32 | var registeredTestable Testable
33 |
34 | // Customize TODO.
35 | func Customize(testable Testable) {
36 | registeredTestable = testable
37 | }
38 |
--------------------------------------------------------------------------------
/mod/tigron/tig/doc.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | // Package tig defines interfaces for third-party packages that tigron needs to interact with.
18 | // The main upside of expressing our expectations instead of depending directly on concrete implementations is
19 | // evidently the ability to mock easily, which in turn makes testing much easier.
20 | package tig
21 |
--------------------------------------------------------------------------------
/mod/tigron/utils/doc.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | // Package utils provides generic helpers that are regularly useful for a range of test authors.
18 | // TODO: question the usefulness of this and whether this should even be part of tigron.
19 | package utils
20 |
--------------------------------------------------------------------------------
/mod/tigron/utils/utilities.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package utils
18 |
19 | import (
20 | "crypto/rand"
21 | "encoding/base64"
22 | )
23 |
24 | // RandomStringBase64 generates a base64 encoded random string.
25 | func RandomStringBase64(desiredLength int) string {
26 | randomBytes := make([]byte, desiredLength)
27 |
28 | randomLength, err := rand.Read(randomBytes)
29 | if err != nil {
30 | panic(err)
31 | }
32 |
33 | if randomLength != desiredLength {
34 | panic("rand failing")
35 | }
36 |
37 | return base64.URLEncoding.EncodeToString(randomBytes)
38 | }
39 |
--------------------------------------------------------------------------------
/pkg/api/types/apparmor_types.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package types
18 |
19 | import "io"
20 |
21 | // ApparmorListOptions specifies options for `nerdctl apparmor ls`.
22 | type ApparmorListOptions struct {
23 | Stdout io.Writer
24 | // Only display profile names
25 | Quiet bool
26 | // Format the output using the given go template
27 | Format string
28 | }
29 |
30 | // ApparmorInspectOptions specifies options for `nerdctl apparmor inspect`
31 | type ApparmorInspectOptions struct {
32 | Stdout io.Writer
33 | }
34 |
--------------------------------------------------------------------------------
/pkg/api/types/global.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package types
18 |
19 | import "github.com/containerd/nerdctl/v2/pkg/config"
20 |
21 | type GlobalCommandOptions config.Config
22 |
--------------------------------------------------------------------------------
/pkg/api/types/ipfs_types.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package types
18 |
19 | import (
20 | "time"
21 | )
22 |
23 | // IPFSRegistryServeOptions specifies options for `nerdctl ipfs registry serve`.
24 | type IPFSRegistryServeOptions struct {
25 | // ListenRegistry address to listen
26 | ListenRegistry string
27 | // IPFSAddress multiaddr of IPFS API (default is pulled from $IPFS_PATH/api file. If $IPFS_PATH env var is not present, it defaults to ~/.ipfs)
28 | IPFSAddress string
29 | // ReadRetryNum times to retry query on IPFS. Zero or lower means no retry.
30 | ReadRetryNum int
31 | // ReadTimeout timeout duration of a read request to IPFS. Zero means no timeout.
32 | ReadTimeout time.Duration
33 | }
34 |
--------------------------------------------------------------------------------
/pkg/api/types/load_types.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package types
18 |
19 | import "io"
20 |
21 | // ImageLoadOptions specifies options for `nerdctl (image) load`.
22 | type ImageLoadOptions struct {
23 | Stdout io.Writer
24 | Stdin io.Reader
25 | GOptions GlobalCommandOptions
26 | // Input read from tar archive file, instead of STDIN
27 | Input string
28 | // Platform import content for a specific platform
29 | Platform []string
30 | // AllPlatforms import content for all platforms
31 | AllPlatforms bool
32 | // Quiet suppresses the load output.
33 | Quiet bool
34 | }
35 |
--------------------------------------------------------------------------------
/pkg/api/types/login_types.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package types
18 |
19 | type LoginCommandOptions struct {
20 | // GOptions is the global options.
21 | GOptions GlobalCommandOptions
22 | // ServerAddress is the server address to log in to.
23 | ServerAddress string
24 | // Username is the username to log in as.
25 | //
26 | // If it's empty, it will be inferred from the default auth config.
27 | // If nothing is in the auth config, the user will be prompted to provide it.
28 | Username string
29 | // Password is the password of the user.
30 | //
31 | // If it's empty, the user will be prompted to provide it.
32 | Password string
33 | }
34 |
--------------------------------------------------------------------------------
/pkg/api/types/namespace_types.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package types
18 |
19 | import "io"
20 |
21 | // NamespaceCreateOptions specifies options for `nerdctl namespace create`.
22 | type NamespaceCreateOptions struct {
23 | GOptions GlobalCommandOptions
24 | // Labels are the namespace labels
25 | Labels []string
26 | }
27 |
28 | // NamespaceUpdateOptions specifies options for `nerdctl namespace update`.
29 | type NamespaceUpdateOptions NamespaceCreateOptions
30 |
31 | // NamespaceRemoveOptions specifies options for `nerdctl namespace rm`.
32 | type NamespaceRemoveOptions struct {
33 | Stdout io.Writer
34 | GOptions GlobalCommandOptions
35 | // CGroup delete the namespace's cgroup
36 | CGroup bool
37 | }
38 |
39 | // NamespaceInspectOptions specifies options for `nerdctl namespace inspect`.
40 | type NamespaceInspectOptions struct {
41 | Stdout io.Writer
42 | GOptions GlobalCommandOptions
43 | // Format the output using the given Go template, e.g, '{{json .}}'
44 | Format string
45 | }
46 |
--------------------------------------------------------------------------------
/pkg/apparmorutil/apparmorutil.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | // Package apparmorutil provides utilities for AppArmor
18 | package apparmorutil
19 |
20 | // This apparmor.go is split from apparmorutil_linux.go, to avoid
21 | // "build constraints exclude all Go files" error on non-Linux
22 |
--------------------------------------------------------------------------------
/pkg/buildkitutil/buildkitutil_linux.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package buildkitutil
18 |
19 | import (
20 | "fmt"
21 | "os"
22 |
23 | "github.com/containerd/nerdctl/v2/pkg/rootlessutil"
24 | )
25 |
26 | func getRuntimeVariableDataDir() (string, error) {
27 | // Per Linux Foundation "Filesystem Hierarchy Standard" version 3.0 section 3.15.
28 | // Under version 2.3, this was "/var/run".
29 | run := "/run"
30 | if rootlessutil.IsRootless() {
31 | var err error
32 | run, err = rootlessutil.XDGRuntimeDir()
33 | if err != nil {
34 | if rootlessutil.IsRootlessChild() {
35 | return "", err
36 | }
37 | run = fmt.Sprintf("/run/user/%d", os.Geteuid())
38 | }
39 | }
40 | return run, nil
41 | }
42 |
--------------------------------------------------------------------------------
/pkg/buildkitutil/buildkitutil_unix.go:
--------------------------------------------------------------------------------
1 | //go:build unix
2 |
3 | /*
4 | Copyright The containerd Authors.
5 |
6 | Licensed under the Apache License, Version 2.0 (the "License");
7 | you may not use this file except in compliance with the License.
8 | You may obtain a copy of the License at
9 |
10 | http://www.apache.org/licenses/LICENSE-2.0
11 |
12 | Unless required by applicable law or agreed to in writing, software
13 | distributed under the License is distributed on an "AS IS" BASIS,
14 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 | See the License for the specific language governing permissions and
16 | limitations under the License.
17 | */
18 |
19 | package buildkitutil
20 |
21 | import (
22 | "fmt"
23 | "path/filepath"
24 | )
25 |
26 | func getBuildkitHostCandidates(namespace string) ([]string, error) {
27 | if namespace == "" {
28 | return []string{}, fmt.Errorf("namespace must be specified")
29 | }
30 | // Try candidate locations of the current containerd namespace.
31 | run, err := getRuntimeVariableDataDir()
32 | if err != nil {
33 | return []string{}, err
34 | }
35 | var candidates []string
36 | if namespace != "default" {
37 | candidates = append(candidates, "unix://"+filepath.Join(run, fmt.Sprintf("buildkit-%s/buildkitd.sock", namespace)))
38 | }
39 | candidates = append(candidates, "unix://"+filepath.Join(run, "buildkit-default/buildkitd.sock"), "unix://"+filepath.Join(run, "buildkit/buildkitd.sock"))
40 |
41 | return candidates, nil
42 | }
43 |
--------------------------------------------------------------------------------
/pkg/buildkitutil/buildkitutil_unix_nolinux.go:
--------------------------------------------------------------------------------
1 | //go:build unix && !linux
2 |
3 | /*
4 | Copyright The containerd Authors.
5 |
6 | Licensed under the Apache License, Version 2.0 (the "License");
7 | you may not use this file except in compliance with the License.
8 | You may obtain a copy of the License at
9 |
10 | http://www.apache.org/licenses/LICENSE-2.0
11 |
12 | Unless required by applicable law or agreed to in writing, software
13 | distributed under the License is distributed on an "AS IS" BASIS,
14 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 | See the License for the specific language governing permissions and
16 | limitations under the License.
17 | */
18 |
19 | package buildkitutil
20 |
21 | func getRuntimeVariableDataDir() (string, error) {
22 | // Per hier(7) dated July 6, 2023.
23 | return "/var/run", nil
24 | }
25 |
--------------------------------------------------------------------------------
/pkg/buildkitutil/buildkitutil_windows.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package buildkitutil
18 |
19 | func getBuildkitHostCandidates(namespace string) ([]string, error) {
20 | return []string{"npipe:////./pipe/buildkitd"}, nil
21 | }
22 |
--------------------------------------------------------------------------------
/pkg/cmd/apparmor/inspect_linux.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package apparmor
18 |
19 | import (
20 | "fmt"
21 |
22 | "github.com/containerd/containerd/v2/contrib/apparmor"
23 |
24 | "github.com/containerd/nerdctl/v2/pkg/api/types"
25 | "github.com/containerd/nerdctl/v2/pkg/defaults"
26 | )
27 |
28 | func Inspect(options types.ApparmorInspectOptions) error {
29 | b, err := apparmor.DumpDefaultProfile(defaults.AppArmorProfileName)
30 | if err != nil {
31 | return err
32 | }
33 | _, err = fmt.Fprint(options.Stdout, b)
34 | return err
35 | }
36 |
--------------------------------------------------------------------------------
/pkg/cmd/apparmor/load_linux.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package apparmor
18 |
19 | import (
20 | "github.com/containerd/containerd/v2/contrib/apparmor"
21 | "github.com/containerd/log"
22 |
23 | "github.com/containerd/nerdctl/v2/pkg/defaults"
24 | )
25 |
26 | func Load() error {
27 | log.L.Infof("Loading profile %q", defaults.AppArmorProfileName)
28 | return apparmor.LoadDefaultProfile(defaults.AppArmorProfileName)
29 | }
30 |
--------------------------------------------------------------------------------
/pkg/cmd/apparmor/unload_linux.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package apparmor
18 |
19 | import (
20 | "github.com/containerd/log"
21 |
22 | "github.com/containerd/nerdctl/v2/pkg/apparmorutil"
23 | )
24 |
25 | func Unload(target string) error {
26 | log.L.Infof("Unloading profile %q", target)
27 | return apparmorutil.Unload(target)
28 | }
29 |
--------------------------------------------------------------------------------
/pkg/cmd/container/create_userns_opts_darwin.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package container
18 |
19 | import (
20 | "context"
21 |
22 | containerd "github.com/containerd/containerd/v2/client"
23 | "github.com/containerd/containerd/v2/pkg/oci"
24 |
25 | "github.com/containerd/nerdctl/v2/pkg/api/types"
26 | "github.com/containerd/nerdctl/v2/pkg/containerutil"
27 | "github.com/containerd/nerdctl/v2/pkg/imgutil"
28 | )
29 |
30 | func getUserNamespaceOpts(
31 | ctx context.Context,
32 | client *containerd.Client,
33 | options *types.ContainerCreateOptions,
34 | ensuredImage imgutil.EnsuredImage,
35 | id string,
36 | ) ([]oci.SpecOpts, []containerd.NewContainerOpts, error) {
37 | return []oci.SpecOpts{}, []containerd.NewContainerOpts{}, nil
38 | }
39 |
40 | func getContainerUserNamespaceNetOpts(
41 | ctx context.Context,
42 | client *containerd.Client,
43 | netManager containerutil.NetworkOptionsManager,
44 | ) ([]oci.SpecOpts, error) {
45 | return []oci.SpecOpts{}, nil
46 | }
47 |
--------------------------------------------------------------------------------
/pkg/cmd/container/create_userns_opts_freebsd.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package container
18 |
19 | import (
20 | "context"
21 |
22 | containerd "github.com/containerd/containerd/v2/client"
23 | "github.com/containerd/containerd/v2/pkg/oci"
24 |
25 | "github.com/containerd/nerdctl/v2/pkg/api/types"
26 | "github.com/containerd/nerdctl/v2/pkg/containerutil"
27 | "github.com/containerd/nerdctl/v2/pkg/imgutil"
28 | )
29 |
30 | func getUserNamespaceOpts(
31 | ctx context.Context,
32 | client *containerd.Client,
33 | options *types.ContainerCreateOptions,
34 | ensuredImage imgutil.EnsuredImage,
35 | id string,
36 | ) ([]oci.SpecOpts, []containerd.NewContainerOpts, error) {
37 | return []oci.SpecOpts{}, []containerd.NewContainerOpts{}, nil
38 | }
39 |
40 | func getContainerUserNamespaceNetOpts(
41 | ctx context.Context,
42 | client *containerd.Client,
43 | netManager containerutil.NetworkOptionsManager,
44 | ) ([]oci.SpecOpts, error) {
45 | return []oci.SpecOpts{}, nil
46 | }
47 |
--------------------------------------------------------------------------------
/pkg/cmd/container/create_userns_opts_windows.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package container
18 |
19 | import (
20 | "context"
21 |
22 | containerd "github.com/containerd/containerd/v2/client"
23 | "github.com/containerd/containerd/v2/pkg/oci"
24 |
25 | "github.com/containerd/nerdctl/v2/pkg/api/types"
26 | "github.com/containerd/nerdctl/v2/pkg/containerutil"
27 | "github.com/containerd/nerdctl/v2/pkg/imgutil"
28 | )
29 |
30 | func getUserNamespaceOpts(
31 | ctx context.Context,
32 | client *containerd.Client,
33 | options *types.ContainerCreateOptions,
34 | ensuredImage imgutil.EnsuredImage,
35 | id string,
36 | ) ([]oci.SpecOpts, []containerd.NewContainerOpts, error) {
37 | return []oci.SpecOpts{}, []containerd.NewContainerOpts{}, nil
38 | }
39 |
40 | func getContainerUserNamespaceNetOpts(
41 | ctx context.Context,
42 | client *containerd.Client,
43 | netManager containerutil.NetworkOptionsManager,
44 | ) ([]oci.SpecOpts, error) {
45 | return []oci.SpecOpts{}, nil
46 | }
47 |
--------------------------------------------------------------------------------
/pkg/cmd/container/exec_linux.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package container
18 |
19 | import (
20 | "github.com/opencontainers/runtime-spec/specs-go"
21 |
22 | "github.com/containerd/containerd/v2/pkg/cap"
23 | )
24 |
25 | func setExecCapabilities(pspec *specs.Process) error {
26 | if pspec.Capabilities == nil {
27 | pspec.Capabilities = &specs.LinuxCapabilities{}
28 | }
29 | allCaps, err := cap.Current()
30 | if err != nil {
31 | return err
32 | }
33 | pspec.Capabilities.Bounding = allCaps
34 | pspec.Capabilities.Permitted = pspec.Capabilities.Bounding
35 | pspec.Capabilities.Inheritable = pspec.Capabilities.Bounding
36 | pspec.Capabilities.Effective = pspec.Capabilities.Bounding
37 |
38 | // https://github.com/moby/moby/pull/36466/files
39 | // > `docker exec --privileged` does not currently disable AppArmor
40 | // > profiles. Privileged configuration of the container is inherited
41 | return nil
42 | }
43 |
--------------------------------------------------------------------------------
/pkg/cmd/container/exec_nolinux.go:
--------------------------------------------------------------------------------
1 | //go:build !linux
2 |
3 | /*
4 | Copyright The containerd Authors.
5 |
6 | Licensed under the Apache License, Version 2.0 (the "License");
7 | you may not use this file except in compliance with the License.
8 | You may obtain a copy of the License at
9 |
10 | http://www.apache.org/licenses/LICENSE-2.0
11 |
12 | Unless required by applicable law or agreed to in writing, software
13 | distributed under the License is distributed on an "AS IS" BASIS,
14 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 | See the License for the specific language governing permissions and
16 | limitations under the License.
17 | */
18 |
19 | package container
20 |
21 | import (
22 | "github.com/opencontainers/runtime-spec/specs-go"
23 | )
24 |
25 | func setExecCapabilities(pspec *specs.Process) error {
26 | //no op freebsd
27 | return nil
28 | }
29 |
--------------------------------------------------------------------------------
/pkg/cmd/container/run_unix_nolinux.go:
--------------------------------------------------------------------------------
1 | //go:build unix && !linux
2 |
3 | /*
4 | Copyright The containerd Authors.
5 |
6 | Licensed under the Apache License, Version 2.0 (the "License");
7 | you may not use this file except in compliance with the License.
8 | You may obtain a copy of the License at
9 |
10 | http://www.apache.org/licenses/LICENSE-2.0
11 |
12 | Unless required by applicable law or agreed to in writing, software
13 | distributed under the License is distributed on an "AS IS" BASIS,
14 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 | See the License for the specific language governing permissions and
16 | limitations under the License.
17 | */
18 |
19 | package container
20 |
21 | import (
22 | "context"
23 |
24 | containerd "github.com/containerd/containerd/v2/client"
25 | "github.com/containerd/containerd/v2/core/containers"
26 | "github.com/containerd/containerd/v2/pkg/oci"
27 |
28 | "github.com/containerd/nerdctl/v2/pkg/api/types"
29 | )
30 |
31 | func WithoutRunMount() func(ctx context.Context, client oci.Client, c *containers.Container, s *oci.Spec) error {
32 | // not valid on freebsd
33 | return func(_ context.Context, _ oci.Client, _ *containers.Container, s *oci.Spec) error { return nil }
34 | }
35 |
36 | func setPlatformOptions(
37 | ctx context.Context,
38 | client *containerd.Client,
39 | id, uts string,
40 | internalLabels *internalLabels,
41 | options types.ContainerCreateOptions,
42 | ) ([]oci.SpecOpts, error) {
43 | return []oci.SpecOpts{}, nil
44 | }
45 |
--------------------------------------------------------------------------------
/pkg/cmd/container/stats_nolinux.go:
--------------------------------------------------------------------------------
1 | //go:build !linux
2 |
3 | /*
4 | Copyright The containerd Authors.
5 |
6 | Licensed under the Apache License, Version 2.0 (the "License");
7 | you may not use this file except in compliance with the License.
8 | You may obtain a copy of the License at
9 |
10 | http://www.apache.org/licenses/LICENSE-2.0
11 |
12 | Unless required by applicable law or agreed to in writing, software
13 | distributed under the License is distributed on an "AS IS" BASIS,
14 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 | See the License for the specific language governing permissions and
16 | limitations under the License.
17 | */
18 |
19 | package container
20 |
21 | import (
22 | "github.com/containerd/nerdctl/v2/pkg/inspecttypes/native"
23 | "github.com/containerd/nerdctl/v2/pkg/statsutil"
24 | )
25 |
26 | func setContainerStatsAndRenderStatsEntry(previousStats *statsutil.ContainerStats, firstSet bool, anydata interface{}, pid int, interfaces []native.NetInterface, systemInfo statsutil.SystemInfo) (statsutil.StatsEntry, error) {
27 | return statsutil.StatsEntry{}, nil
28 | }
29 |
30 | // getSystemCPUUsage reads the system's CPU usage from /proc/stat and returns
31 | // the total CPU usage in nanoseconds and the number of CPUs.
32 | func getSystemCPUUsage() (uint64, uint32, error) {
33 | return 0, 0, nil
34 | }
35 |
--------------------------------------------------------------------------------
/pkg/cmd/login/prompt_unix.go:
--------------------------------------------------------------------------------
1 | //go:build unix
2 |
3 | /*
4 | Copyright The containerd Authors.
5 |
6 | Licensed under the Apache License, Version 2.0 (the "License");
7 | you may not use this file except in compliance with the License.
8 | You may obtain a copy of the License at
9 |
10 | http://www.apache.org/licenses/LICENSE-2.0
11 |
12 | Unless required by applicable law or agreed to in writing, software
13 | distributed under the License is distributed on an "AS IS" BASIS,
14 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 | See the License for the specific language governing permissions and
16 | limitations under the License.
17 | */
18 |
19 | package login
20 |
21 | import (
22 | "errors"
23 | "os"
24 | "syscall"
25 |
26 | "golang.org/x/term"
27 |
28 | "github.com/containerd/log"
29 | )
30 |
31 | func readPassword() (string, error) {
32 | fd := syscall.Stdin
33 | if !term.IsTerminal(fd) {
34 | tty, err := os.Open("/dev/tty")
35 | if err != nil {
36 | return "", errors.Join(ErrCannotAllocateTerminal, err)
37 | }
38 | defer func() {
39 | err = tty.Close()
40 | if err != nil {
41 | log.L.WithError(err).Error("failed closing tty")
42 | }
43 | }()
44 | fd = int(tty.Fd())
45 | }
46 |
47 | bytePassword, err := term.ReadPassword(fd)
48 | if err != nil {
49 | return "", errors.Join(ErrReadingPassword, err)
50 | }
51 |
52 | return string(bytePassword), nil
53 | }
54 |
--------------------------------------------------------------------------------
/pkg/cmd/login/prompt_windows.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package login
18 |
19 | import (
20 | "errors"
21 | "syscall"
22 |
23 | "golang.org/x/term"
24 | )
25 |
26 | func readPassword() (string, error) {
27 | fd := int(syscall.Stdin)
28 | if !term.IsTerminal(fd) {
29 | return "", ErrNotATerminal
30 | }
31 |
32 | bytePassword, err := term.ReadPassword(fd)
33 | if err != nil {
34 | return "", errors.Join(ErrReadingPassword, err)
35 | }
36 |
37 | return string(bytePassword), nil
38 | }
39 |
--------------------------------------------------------------------------------
/pkg/cmd/logout/logout.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package logout
18 |
19 | import (
20 | "context"
21 |
22 | "github.com/containerd/nerdctl/v2/pkg/imgutil/dockerconfigresolver"
23 | )
24 |
25 | func Logout(ctx context.Context, logoutServer string) (map[string]error, error) {
26 | reg, err := dockerconfigresolver.Parse(logoutServer)
27 | if err != nil {
28 | return nil, err
29 | }
30 |
31 | credentialsStore, err := dockerconfigresolver.NewCredentialsStore("")
32 | if err != nil {
33 | return nil, err
34 | }
35 |
36 | return credentialsStore.Erase(reg)
37 | }
38 |
39 | func ShellCompletion() ([]string, error) {
40 | credentialsStore, err := dockerconfigresolver.NewCredentialsStore("")
41 | if err != nil {
42 | return nil, err
43 | }
44 |
45 | return credentialsStore.ShellCompletion(), nil
46 | }
47 |
--------------------------------------------------------------------------------
/pkg/cmd/namespace/common.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package namespace
18 |
19 | import "strings"
20 |
21 | func objectWithLabelArgs(args []string) map[string]string {
22 | if len(args) >= 1 {
23 | return labelArgs(args)
24 | }
25 | return nil
26 | }
27 |
28 | // labelArgs returns a map of label key,value pairs.
29 | // From https://github.com/containerd/containerd/blob/v1.7.0-rc.2/cmd/ctr/commands/commands.go#L229-L241
30 | func labelArgs(labelStrings []string) map[string]string {
31 | labels := make(map[string]string, len(labelStrings))
32 | for _, label := range labelStrings {
33 | key, value, ok := strings.Cut(label, "=")
34 | if !ok {
35 | value = "true"
36 | }
37 | labels[key] = value
38 | }
39 |
40 | return labels
41 | }
42 |
--------------------------------------------------------------------------------
/pkg/cmd/namespace/create.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package namespace
18 |
19 | import (
20 | "context"
21 |
22 | containerd "github.com/containerd/containerd/v2/client"
23 |
24 | "github.com/containerd/nerdctl/v2/pkg/api/types"
25 | )
26 |
27 | func Create(ctx context.Context, client *containerd.Client, namespace string, options types.NamespaceCreateOptions) error {
28 | labelsArg := objectWithLabelArgs(options.Labels)
29 | namespaces := client.NamespaceService()
30 | return namespaces.Create(ctx, namespace, labelsArg)
31 | }
32 |
--------------------------------------------------------------------------------
/pkg/cmd/namespace/namespace_linux.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package namespace
18 |
19 | import (
20 | "github.com/containerd/containerd/v2/core/runtime/opts"
21 | "github.com/containerd/containerd/v2/pkg/namespaces"
22 | )
23 |
24 | func namespaceDeleteOpts(cgroup bool) ([]namespaces.DeleteOpts, error) {
25 | var delOpts []namespaces.DeleteOpts
26 | if cgroup {
27 | delOpts = append(delOpts, opts.WithNamespaceCgroupDeletion)
28 | }
29 | return delOpts, nil
30 | }
31 |
--------------------------------------------------------------------------------
/pkg/cmd/namespace/namespace_nolinux.go:
--------------------------------------------------------------------------------
1 | //go:build !linux
2 |
3 | /*
4 | Copyright The containerd Authors.
5 |
6 | Licensed under the Apache License, Version 2.0 (the "License");
7 | you may not use this file except in compliance with the License.
8 | You may obtain a copy of the License at
9 |
10 | http://www.apache.org/licenses/LICENSE-2.0
11 |
12 | Unless required by applicable law or agreed to in writing, software
13 | distributed under the License is distributed on an "AS IS" BASIS,
14 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 | See the License for the specific language governing permissions and
16 | limitations under the License.
17 | */
18 |
19 | package namespace
20 |
21 | import (
22 | "github.com/containerd/containerd/v2/pkg/namespaces"
23 | )
24 |
25 | func namespaceDeleteOpts(cgroup bool) ([]namespaces.DeleteOpts, error) {
26 | var delOpts []namespaces.DeleteOpts
27 | return delOpts, nil
28 | }
29 |
--------------------------------------------------------------------------------
/pkg/cmd/namespace/update.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package namespace
18 |
19 | import (
20 | "context"
21 |
22 | containerd "github.com/containerd/containerd/v2/client"
23 |
24 | "github.com/containerd/nerdctl/v2/pkg/api/types"
25 | )
26 |
27 | func Update(ctx context.Context, client *containerd.Client, namespace string, options types.NamespaceUpdateOptions) error {
28 | labelsArg := objectWithLabelArgs(options.Labels)
29 | namespaces := client.NamespaceService()
30 | for k, v := range labelsArg {
31 | if err := namespaces.SetLabel(ctx, namespace, k, v); err != nil {
32 | return err
33 | }
34 | }
35 | return nil
36 | }
37 |
--------------------------------------------------------------------------------
/pkg/cmd/volume/create.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package volume
18 |
19 | import (
20 | "fmt"
21 |
22 | "github.com/docker/docker/pkg/stringid"
23 |
24 | "github.com/containerd/nerdctl/v2/pkg/api/types"
25 | "github.com/containerd/nerdctl/v2/pkg/inspecttypes/native"
26 | "github.com/containerd/nerdctl/v2/pkg/labels"
27 | "github.com/containerd/nerdctl/v2/pkg/strutil"
28 | )
29 |
30 | func Create(name string, options types.VolumeCreateOptions) (*native.Volume, error) {
31 | if name == "" {
32 | name = stringid.GenerateRandomID()
33 | options.Labels = append(options.Labels, labels.AnonymousVolumes+"=")
34 | }
35 | volStore, err := Store(options.GOptions.Namespace, options.GOptions.DataRoot, options.GOptions.Address)
36 | if err != nil {
37 | return nil, err
38 | }
39 | labels := strutil.DedupeStrSlice(options.Labels)
40 | vol, err := volStore.Create(name, labels)
41 | if err != nil {
42 | return nil, err
43 | }
44 | fmt.Fprintln(options.Stdout, name)
45 | return vol, nil
46 | }
47 |
--------------------------------------------------------------------------------
/pkg/cmd/volume/volume.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package volume
18 |
19 | import (
20 | "github.com/containerd/nerdctl/v2/pkg/clientutil"
21 | "github.com/containerd/nerdctl/v2/pkg/mountutil/volumestore"
22 | )
23 |
24 | // Store returns a volume store
25 | // that corresponds to a directory like `/var/lib/nerdctl/1935db59/volumes/default`
26 | func Store(ns string, dataRoot string, address string) (volumestore.VolumeStore, error) {
27 | dataStore, err := clientutil.DataStore(dataRoot, address)
28 | if err != nil {
29 | return nil, err
30 | }
31 | return volumestore.New(dataStore, ns)
32 | }
33 |
--------------------------------------------------------------------------------
/pkg/composer/kill.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package composer
18 |
19 | import (
20 | "context"
21 |
22 | "golang.org/x/sync/errgroup"
23 |
24 | "github.com/containerd/log"
25 | )
26 |
27 | type KillOptions struct {
28 | Signal string
29 | }
30 |
31 | func (c *Composer) Kill(ctx context.Context, opts KillOptions, services []string) error {
32 | serviceNames, err := c.ServiceNames(services...)
33 | if err != nil {
34 | return err
35 | }
36 | containers, err := c.Containers(ctx, serviceNames...)
37 | if err != nil {
38 | return err
39 | }
40 | eg, ctx := errgroup.WithContext(ctx)
41 | for _, container := range containers {
42 | container := container
43 | eg.Go(func() error {
44 | args := []string{"kill", "-s", opts.Signal, container.ID()}
45 | if err := c.runNerdctlCmd(ctx, args...); err != nil {
46 | log.G(ctx).Warn(err)
47 | return err
48 | }
49 | return nil
50 | })
51 | }
52 | return eg.Wait()
53 | }
54 |
--------------------------------------------------------------------------------
/pkg/consoleutil/consoleutil.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package consoleutil
18 |
19 | import (
20 | "context"
21 | "os"
22 |
23 | "github.com/containerd/console"
24 | )
25 |
26 | // Current is from https://github.com/containerd/console/blob/v1.0.4/console.go#L68-L81
27 | // adapted so that it does not panic
28 | func Current() (c console.Console, err error) {
29 | for _, s := range []*os.File{os.Stderr, os.Stdout, os.Stdin} {
30 | if c, err = console.ConsoleFromFile(s); err == nil {
31 | return c, nil
32 | }
33 | }
34 | return nil, console.ErrNotAConsole
35 | }
36 |
37 | // resizer is from https://github.com/containerd/containerd/blob/v1.7.0-rc.2/cmd/ctr/commands/tasks/tasks.go#L25-L27
38 | type resizer interface {
39 | Resize(ctx context.Context, w, h uint32) error
40 | }
41 |
--------------------------------------------------------------------------------
/pkg/containerdutil/helpers.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package containerdutil
18 |
19 | import (
20 | "context"
21 |
22 | ocispec "github.com/opencontainers/image-spec/specs-go/v1"
23 |
24 | "github.com/containerd/containerd/v2/core/content"
25 | )
26 |
27 | var ReadBlob = readBlobWithCache()
28 |
29 | type readBlob func(ctx context.Context, provider content.Provider, desc ocispec.Descriptor) ([]byte, error)
30 |
31 | func readBlobWithCache() readBlob {
32 | var cache = make(map[string]([]byte))
33 |
34 | return func(ctx context.Context, provider content.Provider, desc ocispec.Descriptor) ([]byte, error) {
35 | var err error
36 | v, ok := cache[desc.Digest.String()]
37 | if !ok {
38 | v, err = content.ReadBlob(ctx, provider, desc)
39 | if err == nil {
40 | cache[desc.Digest.String()] = v
41 | }
42 | }
43 |
44 | return v, err
45 | }
46 | }
47 |
--------------------------------------------------------------------------------
/pkg/containerdutil/image_store.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package containerdutil
18 |
19 | type ImageStore struct {
20 | }
21 |
--------------------------------------------------------------------------------
/pkg/containerinspector/containerinspector_unix_nolinux.go:
--------------------------------------------------------------------------------
1 | //go:build unix && !linux
2 |
3 | /*
4 | Copyright The containerd Authors.
5 |
6 | Licensed under the Apache License, Version 2.0 (the "License");
7 | you may not use this file except in compliance with the License.
8 | You may obtain a copy of the License at
9 |
10 | http://www.apache.org/licenses/LICENSE-2.0
11 |
12 | Unless required by applicable law or agreed to in writing, software
13 | distributed under the License is distributed on an "AS IS" BASIS,
14 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 | See the License for the specific language governing permissions and
16 | limitations under the License.
17 | */
18 |
19 | package containerinspector
20 |
21 | import (
22 | "context"
23 |
24 | "github.com/containerd/nerdctl/v2/pkg/inspecttypes/native"
25 | )
26 |
27 | func InspectNetNS(ctx context.Context, pid int) (*native.NetNS, error) {
28 | r := &native.NetNS{}
29 |
30 | return r, nil
31 | }
32 |
--------------------------------------------------------------------------------
/pkg/containerinspector/containerinspector_windows.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package containerinspector
18 |
19 | import (
20 | "context"
21 |
22 | "github.com/containerd/nerdctl/v2/pkg/inspecttypes/native"
23 | )
24 |
25 | func InspectNetNS(ctx context.Context, pid int) (*native.NetNS, error) {
26 | r := &native.NetNS{}
27 |
28 | return r, nil
29 | }
30 |
--------------------------------------------------------------------------------
/pkg/containerutil/lock.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package containerutil
18 |
19 | import (
20 | "path/filepath"
21 |
22 | "github.com/containerd/nerdctl/v2/pkg/store"
23 | )
24 |
25 | func Lock(stateDir string) (store.Store, error) {
26 | stor, err := store.New(filepath.Join(stateDir, "oplock"), 0, 0)
27 | if err != nil {
28 | return nil, err
29 | }
30 |
31 | err = stor.Lock()
32 | if err != nil {
33 | return nil, err
34 | }
35 |
36 | return stor, nil
37 | }
38 |
--------------------------------------------------------------------------------
/pkg/defaults/cgroup_linux.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package defaults
18 |
19 | import (
20 | "os"
21 |
22 | "github.com/containerd/cgroups/v3"
23 |
24 | "github.com/containerd/nerdctl/v2/pkg/rootlessutil"
25 | )
26 |
27 | func IsSystemdAvailable() bool {
28 | fi, err := os.Lstat("/run/systemd/system")
29 | if err != nil {
30 | return false
31 | }
32 | return fi.IsDir()
33 | }
34 |
35 | // CgroupManager defaults to:
36 | // - "systemd" on v2 (rootful & rootless)
37 | // - "cgroupfs" on v1 rootful
38 | // - "none" on v1 rootless
39 | func CgroupManager() string {
40 | if cgroups.Mode() == cgroups.Unified && IsSystemdAvailable() {
41 | return "systemd"
42 | }
43 | if rootlessutil.IsRootless() {
44 | return "none"
45 | }
46 | return "cgroupfs"
47 | }
48 |
49 | func CgroupnsMode() string {
50 | if cgroups.Mode() == cgroups.Unified {
51 | return "private"
52 | }
53 | return "host"
54 | }
55 |
--------------------------------------------------------------------------------
/pkg/dnsutil/dnsutil.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package dnsutil
18 |
19 | import (
20 | "context"
21 |
22 | "github.com/containerd/nerdctl/v2/pkg/rootlessutil"
23 | )
24 |
25 | func GetSlirp4netnsDNS() ([]string, error) {
26 | var dns []string
27 | rkClient, err := rootlessutil.NewRootlessKitClient()
28 | if err != nil {
29 | return dns, err
30 | }
31 | info, err := rkClient.Info(context.TODO())
32 | if err != nil {
33 | return dns, err
34 | }
35 | if info != nil && info.NetworkDriver != nil {
36 | for _, dnsIP := range info.NetworkDriver.DNS {
37 | dns = append(dns, dnsIP.String())
38 | }
39 | }
40 | return dns, nil
41 | }
42 |
--------------------------------------------------------------------------------
/pkg/doc.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | // Package pkg provides non-CLI packages.
18 | // Must not import CLI libraries.
19 | package pkg
20 |
--------------------------------------------------------------------------------
/pkg/errutil/errors_check.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package errutil
18 |
19 | import "strings"
20 |
21 | // IsErrConnectionRefused return whether err is
22 | // "connect: connection refused"
23 | func IsErrConnectionRefused(err error) bool {
24 | const errMessage = "connect: connection refused"
25 | return strings.Contains(err.Error(), errMessage)
26 | }
27 |
--------------------------------------------------------------------------------
/pkg/errutil/exit_coder.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package errutil
18 |
19 | import (
20 | "os"
21 | )
22 |
23 | type ExitCoder interface {
24 | error
25 | ExitCode() int
26 | }
27 |
28 | // ExitCodeError is to allow the program to exit with status code without outputting an error message.
29 | type ExitCodeError struct {
30 | exitCode int
31 | }
32 |
33 | func NewExitCoderErr(exitCode int) ExitCodeError {
34 | return ExitCodeError{
35 | exitCode: exitCode,
36 | }
37 | }
38 |
39 | func (e ExitCodeError) ExitCode() int {
40 | return e.exitCode
41 | }
42 |
43 | func (e ExitCodeError) Error() string {
44 | return ""
45 | }
46 |
47 | func HandleExitCoder(err error) {
48 | if err == nil {
49 | return
50 | }
51 | if exitErr, ok := err.(ExitCoder); ok {
52 | os.Exit(exitErr.ExitCode())
53 | }
54 | }
55 |
--------------------------------------------------------------------------------
/pkg/idgen/idgen.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package idgen
18 |
19 | import (
20 | "crypto/rand"
21 | "encoding/hex"
22 | "fmt"
23 | )
24 |
25 | const (
26 | IDLength = 64
27 | ShortIDLength = 12
28 | )
29 |
30 | func GenerateID() string {
31 | bytesLength := IDLength / 2
32 | b := make([]byte, bytesLength)
33 | n, err := rand.Read(b)
34 | if err != nil {
35 | panic(err)
36 | }
37 | if n != bytesLength {
38 | panic(fmt.Errorf("expected %d bytes, got %d bytes", bytesLength, n))
39 | }
40 | return hex.EncodeToString(b)
41 | }
42 |
43 | func TruncateID(id string) string {
44 | if len(id) < ShortIDLength {
45 | return id
46 | }
47 | return id[:ShortIDLength]
48 | }
49 |
--------------------------------------------------------------------------------
/pkg/imgutil/commit/commit_other.go:
--------------------------------------------------------------------------------
1 | //go:build !unix
2 |
3 | /*
4 | Copyright The containerd Authors.
5 |
6 | Licensed under the Apache License, Version 2.0 (the "License");
7 | you may not use this file except in compliance with the License.
8 | You may obtain a copy of the License at
9 |
10 | http://www.apache.org/licenses/LICENSE-2.0
11 |
12 | Unless required by applicable law or agreed to in writing, software
13 | distributed under the License is distributed on an "AS IS" BASIS,
14 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 | See the License for the specific language governing permissions and
16 | limitations under the License.
17 | */
18 |
19 | package commit
20 |
21 | func Sync() {
22 |
23 | }
24 |
--------------------------------------------------------------------------------
/pkg/imgutil/commit/commit_unix.go:
--------------------------------------------------------------------------------
1 | //go:build unix
2 |
3 | /*
4 | Copyright The containerd Authors.
5 |
6 | Licensed under the Apache License, Version 2.0 (the "License");
7 | you may not use this file except in compliance with the License.
8 | You may obtain a copy of the License at
9 |
10 | http://www.apache.org/licenses/LICENSE-2.0
11 |
12 | Unless required by applicable law or agreed to in writing, software
13 | distributed under the License is distributed on an "AS IS" BASIS,
14 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 | See the License for the specific language governing permissions and
16 | limitations under the License.
17 | */
18 |
19 | package commit
20 |
21 | import "syscall"
22 |
23 | func Sync() {
24 | syscall.Sync()
25 | }
26 |
--------------------------------------------------------------------------------
/pkg/imgutil/converter/info.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package converter
18 |
19 | // ConvertedImageInfo is information of the images created by a conversion.
20 | type ConvertedImageInfo struct {
21 | // Image is the reference of the converted image.
22 | // The reference is the image's name and digest concatenated with "@" (i.e. `@`).
23 | Image string `json:"Image"`
24 |
25 | // ExtraImages is a set of converter-specific additional images (e.g. external TOC image of eStargz).
26 | // The reference format is the same as the "Image" field.
27 | ExtraImages []string `json:"ExtraImages"`
28 | }
29 |
--------------------------------------------------------------------------------
/pkg/infoutil/infoutil_darwin.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package infoutil
18 |
19 | import (
20 | "github.com/docker/docker/pkg/sysinfo"
21 |
22 | "github.com/containerd/nerdctl/v2/pkg/inspecttypes/dockercompat"
23 | )
24 |
25 | const UnameO = "Darwin"
26 |
27 | func CgroupsVersion() string {
28 | return ""
29 | }
30 |
31 | func fulfillPlatformInfo(info *dockercompat.Info) {
32 | // unimplemented
33 | }
34 |
35 | func mobySysInfo(info *dockercompat.Info) *sysinfo.SysInfo {
36 | var sysinfo sysinfo.SysInfo
37 | return &sysinfo
38 | }
39 |
--------------------------------------------------------------------------------
/pkg/infoutil/infoutil_freebsd.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package infoutil
18 |
19 | import (
20 | "github.com/docker/docker/pkg/sysinfo"
21 |
22 | "github.com/containerd/nerdctl/v2/pkg/inspecttypes/dockercompat"
23 | )
24 |
25 | const UnameO = "FreeBSD"
26 |
27 | func CgroupsVersion() string {
28 | return ""
29 | }
30 |
31 | func fulfillPlatformInfo(info *dockercompat.Info) {
32 | // unimplemented
33 | }
34 |
35 | func mobySysInfo(info *dockercompat.Info) *sysinfo.SysInfo {
36 | var sysinfo sysinfo.SysInfo
37 | return &sysinfo
38 | }
39 |
--------------------------------------------------------------------------------
/pkg/inspecttypes/native/image.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package native
18 |
19 | import (
20 | ocispec "github.com/opencontainers/image-spec/specs-go/v1"
21 |
22 | "github.com/containerd/containerd/v2/core/images"
23 | )
24 |
25 | // Image corresponds to a containerd-native image object.
26 | // Not compatible with `docker image inspect`.
27 | type Image struct {
28 | Image images.Image `json:"Image"`
29 | IndexDesc *ocispec.Descriptor `json:"IndexDesc,omitempty"`
30 | Index *ocispec.Index `json:"Index,omitempty"`
31 | ManifestDesc *ocispec.Descriptor `json:"ManifestDesc,omitempty"`
32 | Manifest *ocispec.Manifest `json:"Manifest,omitempty"`
33 | // e.g., "application/vnd.docker.container.image.v1+json"
34 | ImageConfigDesc ocispec.Descriptor `json:"ImageConfigDesc"`
35 | ImageConfig ocispec.Image `json:"ImageConfig"`
36 | Size int64 `json:"size"`
37 | }
38 |
--------------------------------------------------------------------------------
/pkg/inspecttypes/native/info.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package native
18 |
19 | import (
20 | introspection "github.com/containerd/containerd/api/services/introspection/v1"
21 | version "github.com/containerd/containerd/api/services/version/v1"
22 | )
23 |
24 | type Info struct {
25 | Namespace string `json:"Namespace,omitempty"`
26 | Snapshotter string `json:"Snapshotter,omitempty"`
27 | CgroupManager string `json:"CgroupManager,omitempty"`
28 | Rootless bool `json:"Rootless,omitempty"`
29 | Daemon *DaemonInfo `json:"Daemon,omitempty"`
30 | }
31 |
32 | type DaemonInfo struct {
33 | Plugins *introspection.PluginsResponse `json:"Plugins,omitempty"`
34 | Server *introspection.ServerResponse `json:"Server,omitempty"`
35 | Version *version.VersionResponse `json:"Version,omitempty"`
36 | }
37 |
--------------------------------------------------------------------------------
/pkg/inspecttypes/native/namespace.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package native
18 |
19 | type Namespace struct {
20 | Name string `json:"Name"`
21 | Labels *map[string]string `json:"Labels,omitempty"`
22 | }
23 |
--------------------------------------------------------------------------------
/pkg/inspecttypes/native/network.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package native
18 |
19 | import "encoding/json"
20 |
21 | // Network corresponds to pkg/netutil.NetworkConfig
22 | type Network struct {
23 | CNI json.RawMessage `json:"CNI,omitempty"`
24 | NerdctlID *string `json:"NerdctlID"`
25 | NerdctlLabels *map[string]string `json:"NerdctlLabels,omitempty"`
26 | File string `json:"File,omitempty"`
27 | Containers []*Container `json:"Containers"`
28 | }
29 |
--------------------------------------------------------------------------------
/pkg/inspecttypes/native/volume.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package native
18 |
19 | // Volume is also compatible with Docker
20 | type Volume struct {
21 | Name string `json:"Name"`
22 | Mountpoint string `json:"Mountpoint"`
23 | Labels *map[string]string `json:"Labels,omitempty"`
24 | Size int64 `json:"Size,omitempty"`
25 | }
26 |
--------------------------------------------------------------------------------
/pkg/internal/filesystem/atomic.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package filesystem
18 |
19 | import (
20 | "os"
21 | "path/filepath"
22 | )
23 |
24 | func AtomicWrite(parent string, fileName string, perm os.FileMode, data []byte) error {
25 | dest := filepath.Join(parent, fileName)
26 | temp := filepath.Join(parent, ".temp."+fileName)
27 |
28 | err := os.WriteFile(temp, data, perm)
29 | if err != nil {
30 | return err
31 | }
32 |
33 | err = os.Rename(temp, dest)
34 | if err != nil {
35 | return err
36 | }
37 |
38 | return nil
39 | }
40 |
--------------------------------------------------------------------------------
/pkg/internal/filesystem/consts.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package filesystem
18 |
19 | const (
20 | lockPermission = 0o600
21 | pathComponentMaxLength = 255
22 | )
23 |
--------------------------------------------------------------------------------
/pkg/internal/filesystem/errors.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package filesystem
18 |
19 | import "errors"
20 |
21 | var (
22 | ErrLockFail = errors.New("failed to acquire lock")
23 | ErrUnlockFail = errors.New("failed to release lock")
24 | ErrLockIsNil = errors.New("nil lock")
25 | ErrInvalidPath = errors.New("invalid path")
26 | )
27 |
--------------------------------------------------------------------------------
/pkg/internal/filesystem/path_unix.go:
--------------------------------------------------------------------------------
1 | //go:build unix
2 |
3 | /*
4 | Copyright The containerd Authors.
5 |
6 | Licensed under the Apache License, Version 2.0 (the "License");
7 | you may not use this file except in compliance with the License.
8 | You may obtain a copy of the License at
9 |
10 | http://www.apache.org/licenses/LICENSE-2.0
11 |
12 | Unless required by applicable law or agreed to in writing, software
13 | distributed under the License is distributed on an "AS IS" BASIS,
14 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 | See the License for the specific language governing permissions and
16 | limitations under the License.
17 | */
18 |
19 | package filesystem
20 |
21 | import (
22 | "fmt"
23 | "regexp"
24 | )
25 |
26 | // Note that Darwin has different restrictions on colons.
27 | // https://stackoverflow.com/questions/1976007/what-characters-are-forbidden-in-windows-and-linux-directory-names
28 | var (
29 | disallowedKeywords = regexp.MustCompile(`^([.]|[.][.])$`)
30 | reservedCharacters = regexp.MustCompile(`[\x{0}/]`)
31 | )
32 |
33 | func validatePlatformSpecific(pathComponent string) error {
34 | if reservedCharacters.MatchString(pathComponent) {
35 | return fmt.Errorf("%w: %q (%q)", errForbiddenChars, pathComponent, reservedCharacters)
36 | }
37 |
38 | if disallowedKeywords.MatchString(pathComponent) {
39 | return fmt.Errorf("%w: %q (%q)", errForbiddenKeywords, pathComponent, disallowedKeywords)
40 | }
41 |
42 | return nil
43 | }
44 |
--------------------------------------------------------------------------------
/pkg/ipcutil/ipcutil_other.go:
--------------------------------------------------------------------------------
1 | //go:build !(linux || windows)
2 |
3 | /*
4 | Copyright The containerd Authors.
5 |
6 | Licensed under the Apache License, Version 2.0 (the "License");
7 | you may not use this file except in compliance with the License.
8 | You may obtain a copy of the License at
9 |
10 | http://www.apache.org/licenses/LICENSE-2.0
11 |
12 | Unless required by applicable law or agreed to in writing, software
13 | distributed under the License is distributed on an "AS IS" BASIS,
14 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 | See the License for the specific language governing permissions and
16 | limitations under the License.
17 | */
18 |
19 | package ipcutil
20 |
21 | import "fmt"
22 |
23 | // makeShareableDevshm returns devshm directory path on host when there is no error.
24 | func makeShareableDevshm(shmPath, shmSize string) error {
25 | return fmt.Errorf("unix does not support shareable devshm")
26 | }
27 |
28 | // cleanUpPlatformSpecificIPC cleans up platform specific IPC.
29 | func cleanUpPlatformSpecificIPC(ipc IPC) error {
30 | if ipc.Mode == Shareable {
31 | return fmt.Errorf("unix does not support shareable devshm")
32 | }
33 | return nil
34 | }
35 |
--------------------------------------------------------------------------------
/pkg/ipcutil/ipcutil_windows.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package ipcutil
18 |
19 | import "fmt"
20 |
21 | // makeShareableDevshm returns devshm directory path on host when there is no error.
22 | func makeShareableDevshm(shmPath, shmSize string) error {
23 | return fmt.Errorf("windows does not support shareable devshm")
24 | }
25 |
26 | // cleanUpPlatformSpecificIPC cleans up platform specific IPC.
27 | func cleanUpPlatformSpecificIPC(ipc IPC) error {
28 | if ipc.Mode == Shareable {
29 | return fmt.Errorf("windows does not support shareable devshm")
30 | }
31 | return nil
32 | }
33 |
--------------------------------------------------------------------------------
/pkg/labels/k8slabels/k8slabels.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | // Package k8slabels defines Kubernetes container labels
18 | package k8slabels
19 |
20 | const (
21 | PodNamespace = "io.kubernetes.pod.namespace"
22 | PodName = "io.kubernetes.pod.name"
23 | ContainerName = "io.kubernetes.container.name"
24 |
25 | ContainerMetadataExtension = "io.cri-containerd.container.metadata"
26 | ContainerType = "io.cri-containerd.kind"
27 | )
28 |
--------------------------------------------------------------------------------
/pkg/logging/detail_writer.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package logging
18 |
19 | import "io"
20 |
21 | type DetailWriter struct {
22 | w io.Writer
23 | prefix string
24 | }
25 |
26 | func NewDetailWriter(w io.Writer, prefix string) io.Writer {
27 | return &DetailWriter{
28 | w: w,
29 | prefix: prefix,
30 | }
31 | }
32 |
33 | func (dw *DetailWriter) Write(p []byte) (n int, err error) {
34 | if len(p) > 0 {
35 | if _, err = dw.w.Write([]byte(dw.prefix)); err != nil {
36 | return 0, err
37 | }
38 |
39 | return dw.w.Write(p)
40 | }
41 | return 0, nil
42 | }
43 |
--------------------------------------------------------------------------------
/pkg/logging/logs_other.go:
--------------------------------------------------------------------------------
1 | //go:build !windows
2 |
3 | /*
4 | Copyright The containerd Authors.
5 |
6 | Licensed under the Apache License, Version 2.0 (the "License");
7 | you may not use this file except in compliance with the License.
8 | You may obtain a copy of the License at
9 |
10 | http://www.apache.org/licenses/LICENSE-2.0
11 |
12 | Unless required by applicable law or agreed to in writing, software
13 | distributed under the License is distributed on an "AS IS" BASIS,
14 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 | See the License for the specific language governing permissions and
16 | limitations under the License.
17 | */
18 |
19 | /*
20 | Forked from https://github.com/kubernetes/kubernetes/blob/cc60b26dee4768e3c5aa0515bbf4ba1824ad38dc/staging/src/k8s.io/cri-client/pkg/logs/logs_other.go
21 | Copyright The Kubernetes Authors.
22 | Licensed under the Apache License, Version 2.0
23 | */
24 | package logging
25 |
26 | import (
27 | "os"
28 | )
29 |
30 | func openFileShareDelete(path string) (*os.File, error) {
31 | // Noop. Only relevant for Windows.
32 | return os.Open(path)
33 | }
34 |
--------------------------------------------------------------------------------
/pkg/logging/none_logger.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package logging
18 |
19 | import (
20 | "context"
21 |
22 | "github.com/containerd/containerd/v2/core/runtime/v2/logging"
23 | )
24 |
25 | type NoneLogger struct {
26 | Opts map[string]string
27 | }
28 |
29 | func (n *NoneLogger) Init(dataStore, ns, id string) error {
30 | return nil
31 | }
32 |
33 | func (n *NoneLogger) PreProcess(ctx context.Context, dataStore string, config *logging.Config) error {
34 | return nil
35 | }
36 |
37 | func (n *NoneLogger) Process(stdout <-chan string, stderr <-chan string) error {
38 | return nil
39 | }
40 |
41 | func (n *NoneLogger) PostProcess() error {
42 | return nil
43 | }
44 |
45 | func NoneLogOptsValidate(_ map[string]string) error {
46 | return nil
47 | }
48 |
--------------------------------------------------------------------------------
/pkg/maputil/maputil.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package maputil
18 |
19 | import (
20 | "fmt"
21 | "strconv"
22 | )
23 |
24 | // MapBoolValueAsOpt will parse key as a command-line option.
25 | // If only key is specified will be treated as true,
26 | // otherwise, the value will be parsed and returned.
27 | // This is useful when command line flags have options.
28 | // Following examples illustrate this:
29 | // --security-opt xxx returns true
30 | // --security-opt xxx=true returns true
31 | // --security-opt xxx=false returns false
32 | // --security-opt xxx=invalid returns false and error
33 | func MapBoolValueAsOpt(m map[string]string, key string) (bool, error) {
34 | if str, ok := m[key]; ok {
35 | if str == "" {
36 | return true, nil
37 | }
38 | b, err := strconv.ParseBool(str)
39 | if err != nil {
40 | return false, fmt.Errorf("invalid \"%s\" value: %q: %w", key, str, err)
41 | }
42 | return b, nil
43 | }
44 |
45 | return false, nil
46 | }
47 |
--------------------------------------------------------------------------------
/pkg/mountutil/mountutil_test.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package mountutil
18 |
19 | import (
20 | "runtime"
21 |
22 | "github.com/containerd/nerdctl/v2/pkg/inspecttypes/native"
23 | "github.com/containerd/nerdctl/v2/pkg/mountutil/volumestore"
24 | )
25 |
26 | type MockVolumeStore struct {
27 | volumestore.VolumeStore
28 | }
29 |
30 | func (mv *MockVolumeStore) CreateWithoutLock(name string, labels []string) (*native.Volume, error) {
31 | if runtime.GOOS == "windows" {
32 | return &native.Volume{Name: "test_volume", Mountpoint: "C:\\test\\directory"}, nil
33 | }
34 | return &native.Volume{Name: "test_volume", Mountpoint: "/test/volume"}, nil
35 | }
36 |
37 | //nolint:unused
38 | var mockVolumeStore = &MockVolumeStore{}
39 |
--------------------------------------------------------------------------------
/pkg/netutil/cni_plugin.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package netutil
18 |
19 | type CNIPlugin interface {
20 | GetPluginType() string
21 | }
22 |
23 | type IPAMRange struct {
24 | Subnet string `json:"subnet"`
25 | RangeStart string `json:"rangeStart,omitempty"`
26 | RangeEnd string `json:"rangeEnd,omitempty"`
27 | Gateway string `json:"gateway,omitempty"`
28 | IPRange string `json:"ipRange,omitempty"`
29 | }
30 |
31 | type IPAMRoute struct {
32 | Dst string `json:"dst,omitempty"`
33 | GW string `json:"gw,omitempty"`
34 | Gateway string `json:"gateway,omitempty"`
35 | }
36 |
--------------------------------------------------------------------------------
/pkg/netutil/netutil_linux_test.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package netutil
18 |
19 | import (
20 | "testing"
21 |
22 | "github.com/containerd/nerdctl/v2/pkg/rootlessutil"
23 | )
24 |
25 | // Tests whether nerdctl properly creates the default network when required.
26 | // On Linux, the default driver used will be "bridge". (netutil.DefaultNetworkName)
27 | func TestDefaultNetworkCreation(t *testing.T) {
28 | if rootlessutil.IsRootless() {
29 | t.Skip("must be superuser to create default network for this test")
30 | }
31 |
32 | testDefaultNetworkCreation(t)
33 | testDefaultNetworkCreationWithBridgeIP(t)
34 | }
35 |
--------------------------------------------------------------------------------
/pkg/netutil/netutil_windows_test.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package netutil
18 |
19 | import "testing"
20 |
21 | // Tests whether nerdctl properly creates the default network when required.
22 | // On Windows, the default driver used will be "nat". (netutil.DefaultNetworkName)
23 | func TestDefaultNetworkCreation(t *testing.T) {
24 | testDefaultNetworkCreation(t)
25 | }
26 |
--------------------------------------------------------------------------------
/pkg/netutil/subnet/subnet_test.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package subnet
18 |
19 | import (
20 | "net"
21 | "testing"
22 |
23 | "gotest.tools/v3/assert"
24 | )
25 |
26 | func TestNextSubnet(t *testing.T) {
27 | testCases := []struct {
28 | subnet string
29 | expect string
30 | }{
31 | {
32 | subnet: "10.4.1.0/24",
33 | expect: "10.4.2.0/24",
34 | },
35 | {
36 | subnet: "10.4.255.0/24",
37 | expect: "10.5.0.0/24",
38 | },
39 | {
40 | subnet: "10.4.255.0/16",
41 | expect: "10.5.0.0/16",
42 | },
43 | }
44 | for _, tc := range testCases {
45 | _, net, _ := net.ParseCIDR(tc.subnet)
46 | nextSubnet, err := nextSubnet(net)
47 | assert.NilError(t, err)
48 | assert.Equal(t, nextSubnet.String(), tc.expect)
49 | }
50 | }
51 |
--------------------------------------------------------------------------------
/pkg/ocihook/ocihook_linux.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package ocihook
18 |
19 | import (
20 | "github.com/containerd/containerd/v2/contrib/apparmor"
21 | "github.com/containerd/log"
22 |
23 | "github.com/containerd/nerdctl/v2/pkg/apparmorutil"
24 | "github.com/containerd/nerdctl/v2/pkg/defaults"
25 | )
26 |
27 | func loadAppArmor() {
28 | if !apparmorutil.CanLoadNewProfile() {
29 | return
30 | }
31 | // ensure that the default profile is loaded to the host
32 | if err := apparmor.LoadDefaultProfile(defaults.AppArmorProfileName); err != nil {
33 | log.L.WithError(err).Errorf("failed to load AppArmor profile %q", defaults.AppArmorProfileName)
34 | // We do not abort here. This is by design, and not a security issue.
35 | //
36 | // If the container is configured to use the default AppArmor profile
37 | // but the profile was not actually loaded, runc will fail.
38 | }
39 | }
40 |
--------------------------------------------------------------------------------
/pkg/ocihook/ocihook_nolinux.go:
--------------------------------------------------------------------------------
1 | //go:build !linux
2 |
3 | /*
4 | Copyright The containerd Authors.
5 |
6 | Licensed under the Apache License, Version 2.0 (the "License");
7 | you may not use this file except in compliance with the License.
8 | You may obtain a copy of the License at
9 |
10 | http://www.apache.org/licenses/LICENSE-2.0
11 |
12 | Unless required by applicable law or agreed to in writing, software
13 | distributed under the License is distributed on an "AS IS" BASIS,
14 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 | See the License for the specific language governing permissions and
16 | limitations under the License.
17 | */
18 |
19 | package ocihook
20 |
21 | func loadAppArmor() {
22 | //noop
23 | }
24 |
--------------------------------------------------------------------------------
/pkg/ocihook/rootless_other.go:
--------------------------------------------------------------------------------
1 | //go:build !linux
2 |
3 | /*
4 | Copyright The containerd Authors.
5 |
6 | Licensed under the Apache License, Version 2.0 (the "License");
7 | you may not use this file except in compliance with the License.
8 | You may obtain a copy of the License at
9 |
10 | http://www.apache.org/licenses/LICENSE-2.0
11 |
12 | Unless required by applicable law or agreed to in writing, software
13 | distributed under the License is distributed on an "AS IS" BASIS,
14 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 | See the License for the specific language governing permissions and
16 | limitations under the License.
17 | */
18 |
19 | package ocihook
20 |
21 | import (
22 | "context"
23 | "fmt"
24 |
25 | rlkclient "github.com/rootless-containers/rootlesskit/v2/pkg/api/client"
26 |
27 | "github.com/containerd/go-cni"
28 | )
29 |
30 | func exposePortsRootless(ctx context.Context, rlkClient rlkclient.Client, ports []cni.PortMapping) error {
31 | return fmt.Errorf("cannot expose ports rootlessly on non-Linux hosts")
32 | }
33 |
34 | func unexposePortsRootless(ctx context.Context, rlkClient rlkclient.Client, ports []cni.PortMapping) error {
35 | return fmt.Errorf("cannot unexpose ports rootlessly on non-Linux hosts")
36 | }
37 |
--------------------------------------------------------------------------------
/pkg/platformutil/layers.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package platformutil
18 |
19 | import (
20 | "context"
21 |
22 | ocispec "github.com/opencontainers/image-spec/specs-go/v1"
23 |
24 | "github.com/containerd/containerd/v2/core/content"
25 | "github.com/containerd/containerd/v2/core/images"
26 | "github.com/containerd/platforms"
27 | )
28 |
29 | func LayerDescs(ctx context.Context, provider content.Provider, imageTarget ocispec.Descriptor, platform platforms.MatchComparer) ([]ocispec.Descriptor, error) {
30 | var descs []ocispec.Descriptor
31 | err := images.Walk(ctx, images.Handlers(images.HandlerFunc(func(ctx context.Context, desc ocispec.Descriptor) ([]ocispec.Descriptor, error) {
32 | if images.IsLayerType(desc.MediaType) {
33 | descs = append(descs, desc)
34 | }
35 | return nil, nil
36 | }), images.FilterPlatforms(images.ChildrenHandler(provider), platform)), imageTarget)
37 | return descs, err
38 | }
39 |
--------------------------------------------------------------------------------
/pkg/portutil/iptable/iptables.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package iptable
18 |
19 | import (
20 | "regexp"
21 | "strconv"
22 | "strings"
23 | )
24 |
25 | // ParseIPTableRules takes a slice of iptables rules as input and returns a slice of
26 | // uint64 containing the parsed destination port numbers from the rules.
27 | func ParseIPTableRules(rules []string) []uint64 {
28 | ports := []uint64{}
29 |
30 | // Regex to match the '--dports' option followed by the port number
31 | dportRegex := regexp.MustCompile(`--dports ((,?\d+)+)`)
32 |
33 | for _, rule := range rules {
34 | matches := dportRegex.FindStringSubmatch(rule)
35 | if len(matches) > 1 {
36 | for _, _match := range strings.Split(matches[1], ",") {
37 | port64, err := strconv.ParseUint(_match, 10, 16)
38 | if err != nil {
39 | continue
40 | }
41 | ports = append(ports, port64)
42 | }
43 | }
44 | }
45 |
46 | return ports
47 | }
48 |
--------------------------------------------------------------------------------
/pkg/portutil/iptable/iptables_linux.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package iptable
18 |
19 | import (
20 | "github.com/coreos/go-iptables/iptables"
21 | )
22 |
23 | // Chain used for port forwarding rules: https://www.cni.dev/plugins/current/meta/portmap/#dnat
24 | const cniDnatChain = "CNI-HOSTPORT-DNAT"
25 |
26 | func ReadIPTables(table string) ([]string, error) {
27 | ipt, err := iptables.New()
28 | if err != nil {
29 | return nil, err
30 | }
31 |
32 | var rules []string
33 | chainExists, _ := ipt.ChainExists(table, cniDnatChain)
34 | if chainExists {
35 | rules, err = ipt.List(table, cniDnatChain)
36 | if err != nil {
37 | return nil, err
38 | }
39 | }
40 |
41 | return rules, nil
42 | }
43 |
--------------------------------------------------------------------------------
/pkg/portutil/port_allocate_other.go:
--------------------------------------------------------------------------------
1 | //go:build !linux
2 |
3 | /*
4 | Copyright The containerd Authors.
5 |
6 | Licensed under the Apache License, Version 2.0 (the "License");
7 | you may not use this file except in compliance with the License.
8 | You may obtain a copy of the License at
9 |
10 | http://www.apache.org/licenses/LICENSE-2.0
11 |
12 | Unless required by applicable law or agreed to in writing, software
13 | distributed under the License is distributed on an "AS IS" BASIS,
14 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 | See the License for the specific language governing permissions and
16 | limitations under the License.
17 | */
18 |
19 | package portutil
20 |
21 | import "fmt"
22 |
23 | func portAllocate(protocol string, ip string, count uint64) (uint64, uint64, error) {
24 | return 0, 0, fmt.Errorf("auto port allocate are not support Non-Linux platform yet")
25 | }
26 |
--------------------------------------------------------------------------------
/pkg/rootlessutil/child_linux.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package rootlessutil
18 |
19 | import (
20 | "os"
21 |
22 | "github.com/moby/sys/userns"
23 | )
24 |
25 | func IsRootlessChild() bool {
26 | return !IsRootlessParent() && userns.RunningInUserNS() && os.Getenv("ROOTLESSKIT_STATE_DIR") != ""
27 | }
28 |
--------------------------------------------------------------------------------
/pkg/signalutil/signals_linux.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package signalutil
18 |
19 | import (
20 | "os"
21 |
22 | "golang.org/x/sys/unix"
23 | )
24 |
25 | // canIgnoreSignal is from https://github.com/containerd/containerd/blob/v1.7.0-rc.2/cmd/ctr/commands/signals_linux.go#L25-L27
26 | func canIgnoreSignal(s os.Signal) bool {
27 | return s == unix.SIGURG
28 | }
29 |
--------------------------------------------------------------------------------
/pkg/signalutil/signals_other.go:
--------------------------------------------------------------------------------
1 | //go:build !linux
2 |
3 | /*
4 | Copyright The containerd Authors.
5 |
6 | Licensed under the Apache License, Version 2.0 (the "License");
7 | you may not use this file except in compliance with the License.
8 | You may obtain a copy of the License at
9 |
10 | http://www.apache.org/licenses/LICENSE-2.0
11 |
12 | Unless required by applicable law or agreed to in writing, software
13 | distributed under the License is distributed on an "AS IS" BASIS,
14 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 | See the License for the specific language governing permissions and
16 | limitations under the License.
17 | */
18 |
19 | package signalutil
20 |
21 | import "os"
22 |
23 | // canIgnoreSignal is from https://github.com/containerd/containerd/blob/v1.7.0-rc.2/cmd/ctr/commands/signals_notlinux.go#L23-L25
24 | func canIgnoreSignal(_ os.Signal) bool {
25 | return false
26 | }
27 |
--------------------------------------------------------------------------------
/pkg/systemutil/socket_unix.go:
--------------------------------------------------------------------------------
1 | //go:build unix
2 |
3 | /*
4 | Copyright The containerd Authors.
5 |
6 | Licensed under the Apache License, Version 2.0 (the "License");
7 | you may not use this file except in compliance with the License.
8 | You may obtain a copy of the License at
9 |
10 | http://www.apache.org/licenses/LICENSE-2.0
11 |
12 | Unless required by applicable law or agreed to in writing, software
13 | distributed under the License is distributed on an "AS IS" BASIS,
14 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 | See the License for the specific language governing permissions and
16 | limitations under the License.
17 | */
18 |
19 | package systemutil
20 |
21 | import (
22 | "path/filepath"
23 |
24 | "golang.org/x/sys/unix"
25 | )
26 |
27 | func IsSocketAccessible(s string) error {
28 | abs, err := filepath.Abs(s)
29 | if err != nil {
30 | return err
31 | }
32 | // set AT_EACCESS to allow running nerdctl as a setuid binary
33 | return unix.Faccessat(-1, abs, unix.R_OK|unix.W_OK, unix.AT_EACCESS)
34 | }
35 |
--------------------------------------------------------------------------------
/pkg/systemutil/socket_windows.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package systemutil
18 |
19 | import (
20 | "time"
21 |
22 | "github.com/Microsoft/go-winio"
23 | )
24 |
25 | func IsSocketAccessible(s string) error {
26 | // test if we can access the pipe
27 | timeout := 2 * time.Second
28 | _, err := winio.DialPipe(s, &timeout)
29 | return err
30 | }
31 |
--------------------------------------------------------------------------------
/pkg/tabutil/tabutil_test.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package tabutil
18 |
19 | import (
20 | "strings"
21 | "testing"
22 |
23 | "gotest.tools/v3/assert"
24 | )
25 |
26 | func TestTabReader(t *testing.T) {
27 | tabRows := strings.Split(`a b c
28 | 1 2 3
29 | 123 456 789`, "\n")
30 | reader := NewReader("a\tb\tc\t")
31 |
32 | err := reader.ParseHeader(tabRows[0])
33 | assert.NilError(t, err)
34 |
35 | var (
36 | value string
37 | )
38 | value, _ = reader.ReadRow(tabRows[1], "a")
39 | assert.Equal(t, value, "1")
40 |
41 | value, _ = reader.ReadRow(tabRows[1], "c")
42 | assert.Equal(t, value, "3")
43 |
44 | value, _ = reader.ReadRow(tabRows[2], "b")
45 | assert.Equal(t, value, "456")
46 | }
47 |
--------------------------------------------------------------------------------
/pkg/testutil/nerdtest/ambient.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package nerdtest
18 |
19 | import "github.com/containerd/nerdctl/v2/pkg/testutil"
20 |
21 | func environmentHasIPv6() bool {
22 | return testutil.GetEnableIPv6()
23 | }
24 |
25 | func environmentHasKubernetes() bool {
26 | return testutil.GetEnableKubernetes()
27 | }
28 |
29 | func environmentIsForFlaky() bool {
30 | return testutil.GetFlakyEnvironment()
31 | }
32 |
--------------------------------------------------------------------------------
/pkg/testutil/nerdtest/platform/platform_darwin.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package platform
18 |
19 | func DataHome() (string, error) {
20 | panic("not supported")
21 | }
22 |
23 | var (
24 | // The following are here solely for darwin to compile / lint. They are not used, as the corresponding tests are running only on linux.
25 | RegistryImageStable = "registry:2"
26 | RegistryImageNext = "ghcr.io/distribution/distribution:"
27 | KuboImage = "ipfs/kubo:v0.16.0"
28 | DockerAuthImage = "cesanta/docker_auth:1.7"
29 | )
30 |
--------------------------------------------------------------------------------
/pkg/testutil/nerdtest/platform/platform_freebsd.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package platform
18 |
19 | func DataHome() (string, error) {
20 | panic("not supported")
21 | }
22 |
23 | var (
24 | // The following are here solely for freebsd to compile / lint. They are not used, as the corresponding tests are running only on linux.
25 | RegistryImageStable = "registry:2"
26 | RegistryImageNext = "ghcr.io/distribution/distribution:"
27 | KuboImage = "ipfs/kubo:v0.16.0"
28 | DockerAuthImage = "cesanta/docker_auth:1.7"
29 | )
30 |
--------------------------------------------------------------------------------
/pkg/testutil/nerdtest/platform/platform_linux.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package platform
18 |
19 | import (
20 | "github.com/containerd/nerdctl/v2/pkg/rootlessutil"
21 | "github.com/containerd/nerdctl/v2/pkg/testutil"
22 | )
23 |
24 | func DataHome() (string, error) {
25 | return rootlessutil.XDGDataHome()
26 | }
27 |
28 | var (
29 | RegistryImageStable = testutil.RegistryImageStable
30 | RegistryImageNext = testutil.RegistryImageNext
31 | KuboImage = testutil.KuboImage
32 | DockerAuthImage = testutil.DockerAuthImage
33 | )
34 |
--------------------------------------------------------------------------------
/pkg/testutil/nerdtest/platform/platform_windows.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package platform
18 |
19 | import (
20 | "fmt"
21 | )
22 |
23 | func DataHome() (string, error) {
24 | panic("not supported")
25 | }
26 |
27 | // The following are here solely for windows to compile. They are not used, as the corresponding tests are running only on linux.
28 | func mirrorOf(s string) string {
29 | return fmt.Sprintf("ghcr.io/stargz-containers/%s-org", s)
30 | }
31 |
32 | var (
33 | RegistryImageStable = mirrorOf("registry:2")
34 | RegistryImageNext = "ghcr.io/distribution/distribution:"
35 | KuboImage = mirrorOf("ipfs/kubo:v0.16.0")
36 | DockerAuthImage = mirrorOf("cesanta/docker_auth:1.7")
37 | )
38 |
--------------------------------------------------------------------------------
/pkg/testutil/nerdtest/requirements_other.go:
--------------------------------------------------------------------------------
1 | //go:build !windows
2 |
3 | /*
4 | Copyright The containerd Authors.
5 |
6 | Licensed under the Apache License, Version 2.0 (the "License");
7 | you may not use this file except in compliance with the License.
8 | You may obtain a copy of the License at
9 |
10 | http://www.apache.org/licenses/LICENSE-2.0
11 |
12 | Unless required by applicable law or agreed to in writing, software
13 | distributed under the License is distributed on an "AS IS" BASIS,
14 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 | See the License for the specific language governing permissions and
16 | limitations under the License.
17 | */
18 |
19 | package nerdtest
20 |
21 | import (
22 | "github.com/containerd/nerdctl/mod/tigron/test"
23 | )
24 |
25 | var HyperV = &test.Requirement{
26 | Check: func(data test.Data, helpers test.Helpers) (ret bool, mess string) {
27 | return false, "HyperV is a windows-only feature"
28 | },
29 | }
30 |
--------------------------------------------------------------------------------
/pkg/testutil/nerdtest/requirements_windows.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package nerdtest
18 |
19 | import (
20 | "github.com/containerd/nerdctl/mod/tigron/test"
21 |
22 | "github.com/containerd/nerdctl/v2/pkg/testutil"
23 | )
24 |
25 | var HyperV = &test.Requirement{
26 | Check: func(data test.Data, helpers test.Helpers) (ret bool, mess string) {
27 | return testutil.HyperVSupported(), "HyperV is not enabled, skipping test"
28 | },
29 | }
30 |
--------------------------------------------------------------------------------
/pkg/testutil/testregistry/certsd_linux.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package testregistry
18 |
19 | import (
20 | "github.com/containerd/nerdctl/v2/pkg/testutil/nerdtest/hoststoml"
21 | )
22 |
23 | func generateCertsd(dir string, certPath string, hostIP string, port int) error {
24 | return (&hoststoml.HostsToml{
25 | CA: certPath,
26 | }).Save(dir, hostIP, port)
27 | }
28 |
--------------------------------------------------------------------------------
/pkg/testutil/testutil_darwin.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package testutil
18 |
19 | const (
20 | CommonImage = ""
21 |
22 | // This error string is expected when attempting to connect to a TCP socket
23 | // for a service which actively refuses the connection.
24 | // (e.g. attempting to connect using http to an https endpoint).
25 | // It should be "connection refused" as per the TCP RFC.
26 | // https://www.rfc-editor.org/rfc/rfc793
27 | ExpectedConnectionRefusedError = "connection refused"
28 | )
29 |
30 | var (
31 | BusyboxImage = "ghcr.io/containerd/busybox:1.36"
32 | AlpineImage = mirrorOf("alpine:3.13")
33 | NginxAlpineImage = mirrorOf("nginx:1.19-alpine")
34 | GolangImage = mirrorOf("golang:1.18")
35 | )
36 |
--------------------------------------------------------------------------------
/pkg/testutil/testutil_freebsd.go:
--------------------------------------------------------------------------------
1 | /*
2 | Copyright The containerd Authors.
3 |
4 | Licensed under the Apache License, Version 2.0 (the "License");
5 | you may not use this file except in compliance with the License.
6 | You may obtain a copy of the License at
7 |
8 | http://www.apache.org/licenses/LICENSE-2.0
9 |
10 | Unless required by applicable law or agreed to in writing, software
11 | distributed under the License is distributed on an "AS IS" BASIS,
12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | See the License for the specific language governing permissions and
14 | limitations under the License.
15 | */
16 |
17 | package testutil
18 |
19 | const (
20 | CommonImage = "docker.io/knast/freebsd:13-STABLE"
21 |
22 | // This error string is expected when attempting to connect to a TCP socket
23 | // for a service which actively refuses the connection.
24 | // (e.g. attempting to connect using http to an https endpoint).
25 | // It should be "connection refused" as per the TCP RFC.
26 | // https://www.rfc-editor.org/rfc/rfc793
27 | ExpectedConnectionRefusedError = "connection refused"
28 | )
29 |
30 | var (
31 | BusyboxImage = "ghcr.io/containerd/busybox:1.36"
32 | AlpineImage = mirrorOf("alpine:3.13")
33 | NginxAlpineImage = mirrorOf("nginx:1.19-alpine")
34 | GolangImage = mirrorOf("golang:1.18")
35 | )
36 |
--------------------------------------------------------------------------------