mirror of
https://github.com/aquasecurity/trivy.git
synced 2025-12-15 17:11:40 -08:00
chore: bump containerd to v2.0.0 (#7875)
Signed-off-by: knqyf263 <knqyf263@gmail.com>
This commit is contained in:
Teppei Fukuda
@@ -10,12 +10,12 @@ import (
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/containerd/containerd"
|
||||
"github.com/containerd/containerd/content"
|
||||
"github.com/containerd/containerd/images/archive"
|
||||
"github.com/containerd/containerd/namespaces"
|
||||
"github.com/containerd/containerd/platforms"
|
||||
refdocker "github.com/containerd/containerd/reference/docker"
|
||||
"github.com/containerd/containerd/v2/client"
|
||||
"github.com/containerd/containerd/v2/core/content"
|
||||
"github.com/containerd/containerd/v2/core/images/archive"
|
||||
"github.com/containerd/containerd/v2/pkg/namespaces"
|
||||
"github.com/containerd/platforms"
|
||||
"github.com/distribution/reference"
|
||||
api "github.com/docker/docker/api/types"
|
||||
"github.com/docker/docker/api/types/container"
|
||||
"github.com/docker/go-connections/nat"
|
||||
@@ -52,12 +52,12 @@ func (n familiarNamed) String() string {
|
||||
return string(n)
|
||||
}
|
||||
|
||||
func imageWriter(client *containerd.Client, img containerd.Image, platform types.Platform) imageSave {
|
||||
func imageWriter(c *client.Client, img client.Image, platform types.Platform) imageSave {
|
||||
return func(ctx context.Context, ref []string) (io.ReadCloser, error) {
|
||||
if len(ref) < 1 {
|
||||
return nil, xerrors.New("no image reference")
|
||||
}
|
||||
imgOpts := archive.WithImage(client.ImageService(), ref[0])
|
||||
imgOpts := archive.WithImage(c.ImageService(), ref[0])
|
||||
manifestOpts := archive.WithManifest(img.Target())
|
||||
|
||||
var platformMatchComparer platforms.MatchComparer
|
||||
@@ -69,7 +69,7 @@ func imageWriter(client *containerd.Client, img containerd.Image, platform types
|
||||
platOpts := archive.WithPlatform(platformMatchComparer)
|
||||
pr, pw := io.Pipe()
|
||||
go func() {
|
||||
pw.CloseWithError(archive.Export(ctx, client.ContentStore(), pw, imgOpts, manifestOpts, platOpts))
|
||||
pw.CloseWithError(archive.Export(ctx, c.ContentStore(), pw, imgOpts, manifestOpts, platOpts))
|
||||
}()
|
||||
return pr, nil
|
||||
}
|
||||
@@ -94,17 +94,17 @@ func ContainerdImage(ctx context.Context, imageName string, opts types.ImageOpti
|
||||
return nil, cleanup, err
|
||||
}
|
||||
|
||||
var options []containerd.ClientOpt
|
||||
var options []client.Opt
|
||||
if opts.RegistryOptions.Platform.Platform != nil {
|
||||
ociPlatform, err := platforms.Parse(opts.RegistryOptions.Platform.String())
|
||||
if err != nil {
|
||||
return nil, cleanup, err
|
||||
}
|
||||
|
||||
options = append(options, containerd.WithDefaultPlatform(platforms.OnlyStrict(ociPlatform)))
|
||||
options = append(options, client.WithDefaultPlatform(platforms.OnlyStrict(ociPlatform)))
|
||||
}
|
||||
|
||||
client, err := containerd.New(addr, options...)
|
||||
c, err := client.New(addr, options...)
|
||||
if err != nil {
|
||||
return nil, cleanup, xerrors.Errorf("failed to initialize a containerd client: %w", err)
|
||||
}
|
||||
@@ -116,7 +116,7 @@ func ContainerdImage(ctx context.Context, imageName string, opts types.ImageOpti
|
||||
|
||||
ctx = namespaces.WithNamespace(ctx, namespace)
|
||||
|
||||
imgs, err := client.ListImages(ctx, searchFilters...)
|
||||
imgs, err := c.ListImages(ctx, searchFilters...)
|
||||
if err != nil {
|
||||
return nil, cleanup, xerrors.Errorf("failed to list images from containerd client: %w", err)
|
||||
}
|
||||
@@ -133,7 +133,7 @@ func ContainerdImage(ctx context.Context, imageName string, opts types.ImageOpti
|
||||
}
|
||||
|
||||
cleanup = func() {
|
||||
_ = client.Close()
|
||||
_ = c.Close()
|
||||
_ = f.Close()
|
||||
_ = os.Remove(f.Name())
|
||||
}
|
||||
@@ -144,21 +144,21 @@ func ContainerdImage(ctx context.Context, imageName string, opts types.ImageOpti
|
||||
}
|
||||
|
||||
return &image{
|
||||
opener: imageOpener(ctx, ref.String(), f, imageWriter(client, img, opts.RegistryOptions.Platform)),
|
||||
opener: imageOpener(ctx, ref.String(), f, imageWriter(c, img, opts.RegistryOptions.Platform)),
|
||||
inspect: insp,
|
||||
history: history,
|
||||
}, cleanup, nil
|
||||
}
|
||||
|
||||
func parseReference(imageName string) (refdocker.Reference, []string, error) {
|
||||
ref, err := refdocker.ParseAnyReference(imageName)
|
||||
func parseReference(imageName string) (reference.Reference, []string, error) {
|
||||
ref, err := reference.ParseAnyReference(imageName)
|
||||
if err != nil {
|
||||
return nil, nil, xerrors.Errorf("parse error: %w", err)
|
||||
}
|
||||
|
||||
d, isDigested := ref.(refdocker.Digested)
|
||||
n, isNamed := ref.(refdocker.Named)
|
||||
nt, isNamedAndTagged := ref.(refdocker.NamedTagged)
|
||||
d, isDigested := ref.(reference.Digested)
|
||||
n, isNamed := ref.(reference.Named)
|
||||
nt, isNamedAndTagged := ref.(reference.NamedTagged)
|
||||
|
||||
// a name plus a digest
|
||||
// example: name@sha256:41adb3ef...
|
||||
@@ -168,7 +168,7 @@ func parseReference(imageName string) (refdocker.Reference, []string, error) {
|
||||
// comma-separated filter is logically anded
|
||||
return ref, []string{
|
||||
fmt.Sprintf(`name~="^%s(:|@).*",target.digest==%q`, n.Name(), dgst),
|
||||
fmt.Sprintf(`name~="^%s(:|@).*",target.digest==%q`, refdocker.FamiliarName(n), dgst),
|
||||
fmt.Sprintf(`name~="^%s(:|@).*",target.digest==%q`, reference.FamiliarName(n), dgst),
|
||||
}, nil
|
||||
}
|
||||
|
||||
@@ -184,7 +184,7 @@ func parseReference(imageName string) (refdocker.Reference, []string, error) {
|
||||
tag := nt.Tag()
|
||||
return familiarNamed(imageName), []string{
|
||||
fmt.Sprintf(`name=="%s:%s"`, nt.Name(), tag),
|
||||
fmt.Sprintf(`name=="%s:%s"`, refdocker.FamiliarName(nt), tag),
|
||||
fmt.Sprintf(`name=="%s:%s"`, reference.FamiliarName(nt), tag),
|
||||
}, nil
|
||||
}
|
||||
|
||||
@@ -193,7 +193,7 @@ func parseReference(imageName string) (refdocker.Reference, []string, error) {
|
||||
|
||||
// readImageConfig reads the config spec (`application/vnd.oci.image.config.v1+json`) for img.platform from content store.
|
||||
// ported from https://github.com/containerd/nerdctl/blob/7dfbaa2122628921febeb097e7a8a86074dc931d/pkg/imgutil/imgutil.go#L377-L393
|
||||
func readImageConfig(ctx context.Context, img containerd.Image) (ocispec.Image, ocispec.Descriptor, error) {
|
||||
func readImageConfig(ctx context.Context, img client.Image) (ocispec.Image, ocispec.Descriptor, error) {
|
||||
var config ocispec.Image
|
||||
|
||||
configDesc, err := img.Config(ctx) // aware of img.platform
|
||||
@@ -211,19 +211,19 @@ func readImageConfig(ctx context.Context, img containerd.Image) (ocispec.Image,
|
||||
}
|
||||
|
||||
// ported from https://github.com/containerd/nerdctl/blob/d110fea18018f13c3f798fa6565e482f3ff03591/pkg/inspecttypes/dockercompat/dockercompat.go#L279-L321
|
||||
func inspect(ctx context.Context, img containerd.Image, ref refdocker.Reference) (api.ImageInspect, []v1.History, refdocker.Reference, error) {
|
||||
if _, ok := ref.(refdocker.Digested); ok {
|
||||
func inspect(ctx context.Context, img client.Image, ref reference.Reference) (api.ImageInspect, []v1.History, reference.Reference, error) {
|
||||
if _, ok := ref.(reference.Digested); ok {
|
||||
ref = familiarNamed(img.Name())
|
||||
}
|
||||
|
||||
var tag string
|
||||
if tagged, ok := ref.(refdocker.Tagged); ok {
|
||||
if tagged, ok := ref.(reference.Tagged); ok {
|
||||
tag = tagged.Tag()
|
||||
}
|
||||
|
||||
var repository string
|
||||
if n, isNamed := ref.(refdocker.Named); isNamed {
|
||||
repository = refdocker.FamiliarName(n)
|
||||
if n, isNamed := ref.(reference.Named); isNamed {
|
||||
repository = reference.FamiliarName(n)
|
||||
}
|
||||
|
||||
imgConfig, imgConfigDesc, err := readImageConfig(ctx, img)
|
||||
|
||||
@@ -15,13 +15,12 @@ import (
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
"github.com/samber/lo"
|
||||
|
||||
"github.com/containerd/containerd"
|
||||
"github.com/containerd/containerd/images"
|
||||
"github.com/containerd/containerd/namespaces"
|
||||
"github.com/containerd/containerd/v2/client"
|
||||
"github.com/containerd/containerd/v2/core/images"
|
||||
"github.com/containerd/containerd/v2/pkg/namespaces"
|
||||
dockercontainer "github.com/docker/docker/api/types/container"
|
||||
v1 "github.com/google/go-containerregistry/pkg/v1"
|
||||
"github.com/samber/lo"
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/require"
|
||||
"github.com/testcontainers/testcontainers-go"
|
||||
@@ -37,7 +36,7 @@ import (
|
||||
"github.com/aquasecurity/trivy/pkg/fanal/types"
|
||||
)
|
||||
|
||||
func setupContainerd(t *testing.T, ctx context.Context, namespace string) *containerd.Client {
|
||||
func setupContainerd(t *testing.T, ctx context.Context, namespace string) *client.Client {
|
||||
t.Helper()
|
||||
tmpDir := t.TempDir()
|
||||
|
||||
@@ -54,9 +53,9 @@ func setupContainerd(t *testing.T, ctx context.Context, namespace string) *conta
|
||||
startContainerd(t, ctx, tmpDir)
|
||||
|
||||
// Retry up to 3 times until containerd is ready
|
||||
var client *containerd.Client
|
||||
var c *client.Client
|
||||
iteration, _, err := lo.AttemptWhileWithDelay(3, 1*time.Second, func(int, time.Duration) (error, bool) {
|
||||
client, err = containerd.New(socketPath)
|
||||
c, err = client.New(socketPath)
|
||||
if err != nil {
|
||||
if !errors.Is(err, os.ErrPermission) {
|
||||
return err, false // unexpected error
|
||||
@@ -64,13 +63,13 @@ func setupContainerd(t *testing.T, ctx context.Context, namespace string) *conta
|
||||
return err, true
|
||||
}
|
||||
t.Cleanup(func() {
|
||||
require.NoError(t, client.Close())
|
||||
require.NoError(t, c.Close())
|
||||
})
|
||||
return nil, false
|
||||
})
|
||||
require.NoErrorf(t, err, "attempted %d times ", iteration)
|
||||
|
||||
return client
|
||||
return c
|
||||
}
|
||||
|
||||
func startContainerd(t *testing.T, ctx context.Context, hostPath string) {
|
||||
|
||||
Reference in New Issue
Block a user