From b4cd2629f09bd0b42c34f7c5af9385c6d7fbb37a Mon Sep 17 00:00:00 2001 From: Yureka Date: Sun, 9 Jun 2024 18:38:37 +0200 Subject: [PATCH] update modules to nixos 24.05 and k3s 1.30 --- flake.lock | 8 +- flake.nix | 2 +- modules/flake/k3s/1_27/chart-versions.nix | 10 - modules/flake/k3s/1_27/versions.nix | 16 - modules/flake/k3s/builder.nix | 378 ------------------ modules/flake/k3s/default.nix | 18 - modules/flake/overlays.nix | 31 +- .../containerd-import-compressed.patch | 36 -- .../flake/patches/k3s-nix-snapshotter.patch | 239 +++-------- .../k3s-rootless-containerd-sock.patch | 54 --- .../patches/k3s-rootless-state-dir.patch | 24 -- 11 files changed, 65 insertions(+), 751 deletions(-) delete mode 100644 modules/flake/k3s/1_27/chart-versions.nix delete mode 100644 modules/flake/k3s/1_27/versions.nix delete mode 100644 modules/flake/k3s/builder.nix delete mode 100644 modules/flake/k3s/default.nix delete mode 100644 modules/flake/patches/containerd-import-compressed.patch delete mode 100644 modules/flake/patches/k3s-rootless-containerd-sock.patch delete mode 100644 modules/flake/patches/k3s-rootless-state-dir.patch diff --git a/flake.lock b/flake.lock index 69f5ef2..c717b0a 100644 --- a/flake.lock +++ b/flake.lock @@ -38,16 +38,16 @@ }, "nixpkgs": { "locked": { - "lastModified": 1704420045, - "narHash": "sha256-C36QmoJd5tdQ5R9MC1jM7fBkZW9zBUqbUCsgwS6j4QU=", + "lastModified": 1717696253, + "narHash": "sha256-1+ua0ggXlYYPLTmMl3YeYYsBXDSCqT+Gw3u6l4gvMhA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c1be43e8e837b8dbee2b3665a007e761680f0c3d", + "rev": "9b5328b7f761a7bbdc0e332ac4cf076a3eedb89b", "type": "github" }, "original": { "id": "nixpkgs", - "ref": "nixos-23.11", + "ref": "nixos-24.05", "type": "indirect" } }, diff --git a/flake.nix b/flake.nix index 4f59e8d..8b542b1 100644 --- a/flake.nix +++ b/flake.nix @@ -2,7 +2,7 @@ description = "Containerd snapshotter that understands nix store paths natively."; inputs = { - nixpkgs.url = "nixpkgs/nixos-23.11"; + nixpkgs.url = "nixpkgs/nixos-24.05"; flake-parts = { url = "github:hercules-ci/flake-parts"; inputs.nixpkgs-lib.follows = "nixpkgs"; diff --git a/modules/flake/k3s/1_27/chart-versions.nix b/modules/flake/k3s/1_27/chart-versions.nix deleted file mode 100644 index 1acca4d..0000000 --- a/modules/flake/k3s/1_27/chart-versions.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ - traefik-crd = { - url = "https://k3s.io/k3s-charts/assets/traefik-crd/traefik-crd-25.0.2+up25.0.0.tgz"; - sha256 = "0jygzsn5pxzf7423x5iqfffgx5xvm7c7hfck46y7vpv1fdkiipcq"; - }; - traefik = { - url = "https://k3s.io/k3s-charts/assets/traefik/traefik-25.0.2+up25.0.0.tgz"; - sha256 = "1g9n19lnqdkmbbr3rnbwc854awha0kqqfwyxanyx1lg5ww8ldp89"; - }; -} diff --git a/modules/flake/k3s/1_27/versions.nix b/modules/flake/k3s/1_27/versions.nix deleted file mode 100644 index c6e1ab5..0000000 --- a/modules/flake/k3s/1_27/versions.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ - k3sVersion = "1.27.9+k3s1"; - k3sCommit = "2c249a39358bd36438ab53aedef5487d950fd558"; - k3sRepoSha256 = "16zcp1ih34zpz6115ivbcs49n5yikgj8mpiv177jvvb2vakmkgv6"; - # k3sVendorHash = "sha256-zvoBN1mErSXovv/xVzjntHyZjVyCfPzsOdlcTSIwKus="; - # Modified hash for ../../patches/k3s-nix-snapshotter patch - k3sVendorHash = "sha256-YwyAFNzTUtW43AdFfpSGbmx/drjKeMkCFFgx1KDZrQs="; - chartVersions = import ./chart-versions.nix; - k3sRootVersion = "0.12.2"; - k3sRootSha256 = "1gjynvr350qni5mskgm7pcc7alss4gms4jmkiv453vs8mmma9c9k"; - k3sCNIVersion = "1.3.0-k3s1"; - k3sCNISha256 = "0zma9g4wvdnhs9igs03xlx15bk2nq56j73zns9xgqmfiixd9c9av"; - containerdVersion = "1.7.11-k3s2.27"; - containerdSha256 = "0xjxc5dgh3drk2glvcabd885damjffp9r4cs0cm1zgnrrbhlipra"; - criCtlVersion = "1.26.0-rc.0-k3s1"; -} diff --git a/modules/flake/k3s/builder.nix b/modules/flake/k3s/builder.nix deleted file mode 100644 index 2d531eb..0000000 --- a/modules/flake/k3s/builder.nix +++ /dev/null @@ -1,378 +0,0 @@ -lib: -{ - # git tag - k3sVersion, - # commit hash - k3sCommit, - k3sRepoSha256 ? lib.fakeHash, - k3sVendorHash ? lib.fakeHash, - # taken from ./scripts/version.sh VERSION_ROOT https://github.com/k3s-io/k3s/blob/v1.23.3%2Bk3s1/scripts/version.sh#L47 - k3sRootVersion, - k3sRootSha256 ? lib.fakeHash, - # Based on the traefik charts here: https://github.com/k3s-io/k3s/blob/d71ab6317e22dd34673faa307a412a37a16767f6/scripts/download#L29-L32 - # see also https://github.com/k3s-io/k3s/blob/d71ab6317e22dd34673faa307a412a37a16767f6/manifests/traefik.yaml#L8 - chartVersions, - # taken from ./scripts/version.sh VERSION_CNIPLUGINS https://github.com/k3s-io/k3s/blob/v1.23.3%2Bk3s1/scripts/version.sh#L45 - k3sCNIVersion, - k3sCNISha256 ? lib.fakeHash, - # taken from ./scripts/version.sh VERSION_CONTAINERD - containerdVersion, - containerdSha256 ? lib.fakeHash, - # run `grep github.com/kubernetes-sigs/cri-tools go.mod | head -n1 | awk '{print $4}'` in the k3s repo at the tag - criCtlVersion, - updateScript ? null, -}: - -# builder.nix contains a "builder" expression that, given k3s version and hash -# variables, creates a package for that version. -# Due to variance in k3s's build process, this builder only works for k3s 1.26+ -# currently. -# It is likely we will have to split out additional builders for additional -# versions in the future, or customize this one further. -{ lib -, makeWrapper -, socat -, iptables -, iproute2 -, ipset -, bridge-utils -, btrfs-progs -, conntrack-tools -, buildGoModule -, runc -, rsync -, kmod -, libseccomp -, pkg-config -, ethtool -, util-linux -, fetchFromGitHub -, fetchurl -, fetchzip -, fetchgit -, fetchpatch -, zstd -, yq-go -, sqlite -, nixosTests -, pkgsBuildBuild -}: - -# k3s is a kinda weird derivation. One of the main points of k3s is the -# simplicity of it being one binary that can perform several tasks. -# However, when you have a good package manager (like nix), that doesn't -# actually make much of a difference; you don't really care if it's one binary -# or 10 since with a good package manager, installing and running it is -# identical. -# Since upstream k3s packages itself as one large binary with several -# "personalities" (in the form of subcommands like 'k3s agent' and 'k3s -# kubectl'), it ends up being easiest to mostly mimic upstream packaging, with -# some exceptions. -# K3s also carries patches to some packages (such as containerd and cni -# plugins), so we intentionally use the k3s versions of those binaries for k3s, -# even if the upstream version of those binaries exist in nixpkgs already. In -# the end, that means we have a thick k3s binary that behaves like the upstream -# one for the most part. -# However, k3s also bundles several pieces of unpatched software, from the -# strongswan vpn software, to iptables, to socat, conntrack, busybox, etc. -# Those pieces of software we entirely ignore upstream's handling of, and just -# make sure they're in the path if desired. -let - - baseMeta = with lib; { - description = "A lightweight Kubernetes distribution"; - license = licenses.asl20; - homepage = "https://k3s.io"; - maintainers = with maintainers; [ euank mic92 yajo ]; - platforms = platforms.linux; - - # resolves collisions with other installations of kubectl, crictl, ctr - # prefer non-k3s versions - priority = 5; - }; - - # https://github.com/k3s-io/k3s/blob/5fb370e53e0014dc96183b8ecb2c25a61e891e76/scripts/build#L19-L40 - versionldflags = [ - "-X github.com/rancher/k3s/pkg/version.Version=v${k3sVersion}" - "-X github.com/rancher/k3s/pkg/version.GitCommit=${lib.substring 0 8 k3sCommit}" - "-X k8s.io/client-go/pkg/version.gitVersion=v${k3sVersion}" - "-X k8s.io/client-go/pkg/version.gitCommit=${k3sCommit}" - "-X k8s.io/client-go/pkg/version.gitTreeState=clean" - "-X k8s.io/client-go/pkg/version.buildDate=1970-01-01T01:01:01Z" - "-X k8s.io/component-base/version.gitVersion=v${k3sVersion}" - "-X k8s.io/component-base/version.gitCommit=${k3sCommit}" - "-X k8s.io/component-base/version.gitTreeState=clean" - "-X k8s.io/component-base/version.buildDate=1970-01-01T01:01:01Z" - "-X github.com/kubernetes-sigs/cri-tools/pkg/version.Version=v${criCtlVersion}" - "-X github.com/containerd/containerd/version.Version=v${containerdVersion}" - "-X github.com/containerd/containerd/version.Package=github.com/k3s-io/containerd" - ]; - - # bundled into the k3s binary - traefikChart = fetchurl chartVersions.traefik; - traefik-crdChart = fetchurl chartVersions.traefik-crd; - - # so, k3s is a complicated thing to package - # This derivation attempts to avoid including any random binaries from the - # internet. k3s-root is _mostly_ binaries built to be bundled in k3s (which - # we don't care about doing, we can add those as build or runtime - # dependencies using a real package manager). - # In addition to those binaries, it's also configuration though (right now - # mostly strongswan configuration), and k3s does use those files. - # As such, we download it in order to grab 'etc' and bundle it into the final - # k3s binary. - k3sRoot = fetchzip { - # Note: marked as apache 2.0 license - url = "https://github.com/k3s-io/k3s-root/releases/download/v${k3sRootVersion}/k3s-root-amd64.tar"; - sha256 = k3sRootSha256; - stripRoot = false; - }; - k3sCNIPlugins = buildGoModule rec { - pname = "k3s-cni-plugins"; - version = k3sCNIVersion; - vendorHash = null; - - subPackages = [ "." ]; - - src = fetchFromGitHub { - owner = "rancher"; - repo = "plugins"; - rev = "v${version}"; - sha256 = k3sCNISha256; - }; - - postInstall = '' - mv $out/bin/plugins $out/bin/cni - ''; - - meta = baseMeta // { - description = "CNI plugins, as patched by rancher for k3s"; - }; - }; - # Grab this separately from a build because it's used by both stages of the - # k3s build. - k3sRepo = fetchgit { - url = "https://github.com/k3s-io/k3s"; - rev = "v${k3sVersion}"; - sha256 = k3sRepoSha256; - }; - # Stage 1 of the k3s build: - # Let's talk about how k3s is structured. - # One of the ideas of k3s is that there's the single "k3s" binary which can - # do everything you need, from running a k3s server, to being a worker node, - # to running kubectl. - # The way that actually works is that k3s is a single go binary that contains - # a bunch of bindata that it unpacks at runtime into directories (either the - # user's home directory or /var/lib/rancher if run as root). - # This bindata includes both binaries and configuration. - # In order to let nixpkgs do all its autostripping/patching/etc, we split this into two derivations. - # First, we build all the binaries that get packed into the thick k3s binary - # (and output them from one derivation so they'll all be suitably patched up). - # Then, we bundle those binaries into our thick k3s binary and use that as - # the final single output. - # This approach was chosen because it ensures the bundled binaries all are - # correctly built to run with nix (we can lean on the existing buildGoModule - # stuff), and we can again lean on that tooling for the final k3s binary too. - # Other alternatives would be to manually run the - # strip/patchelf/remove-references step ourselves in the installPhase of the - # derivation when we've built all the binaries, but haven't bundled them in - # with generated bindata yet. - - k3sServer = buildGoModule { - pname = "k3s-server"; - version = k3sVersion; - - src = k3sRepo; - vendorHash = k3sVendorHash; - - patches = [ - # See: https://github.com/k3s-io/k3s/pull/9309 - ../patches/k3s-rootless-containerd-sock.patch - # See: https://github.com/k3s-io/k3s/pull/9308 - ../patches/k3s-rootless-state-dir.patch - # See: https://github.com/k3s-io/k3s/pull/9319 - ../patches/k3s-nix-snapshotter.patch - # See: https://github.com/k3s-io/k3s/pull/9064 - (fetchpatch { - url = "https://patch-diff.githubusercontent.com/raw/k3s-io/k3s/pull/9064.patch"; - sha256 = "sha256-xp9nGIalSvDLfccQ+HNQqWT8z2LKH1HfCuaYxieMT94="; - }) - ]; - - nativeBuildInputs = [ pkg-config ]; - buildInputs = [ libseccomp sqlite.dev ]; - - subPackages = [ "cmd/server" ]; - ldflags = versionldflags; - - tags = [ "ctrd" "libsqlite3" "linux" ]; - - # create the multicall symlinks for k3s - postInstall = '' - mv $out/bin/server $out/bin/k3s - pushd $out - # taken verbatim from https://github.com/k3s-io/k3s/blob/v1.23.3%2Bk3s1/scripts/build#L105-L113 - ln -s k3s ./bin/containerd - ln -s k3s ./bin/crictl - ln -s k3s ./bin/ctr - ln -s k3s ./bin/k3s-agent - ln -s k3s ./bin/k3s-certificate - ln -s k3s ./bin/k3s-completion - ln -s k3s ./bin/k3s-etcd-snapshot - ln -s k3s ./bin/k3s-secrets-encrypt - ln -s k3s ./bin/k3s-server - ln -s k3s ./bin/k3s-token - ln -s k3s ./bin/kubectl - popd - ''; - - meta = baseMeta // { - description = "The various binaries that get packaged into the final k3s binary"; - }; - }; - # Only used for the shim since - # https://github.com/k3s-io/k3s/blob/v1.27.2%2Bk3s1/scripts/build#L153 - k3sContainerd = buildGoModule { - pname = "k3s-containerd"; - version = containerdVersion; - src = fetchFromGitHub { - owner = "k3s-io"; - repo = "containerd"; - rev = "v${containerdVersion}"; - sha256 = containerdSha256; - }; - vendorHash = null; - buildInputs = [ btrfs-progs ]; - subPackages = [ "cmd/containerd-shim-runc-v2" ]; - ldflags = versionldflags; - }; -in -buildGoModule rec { - pname = "k3s"; - version = k3sVersion; - - tags = [ "libsqlite3" "linux" "ctrd" ]; - src = k3sRepo; - vendorHash = k3sVendorHash; - - patches = [ - # See: https://github.com/k3s-io/k3s/pull/9309 - ../patches/k3s-rootless-containerd-sock.patch - # See: https://github.com/k3s-io/k3s/pull/9308 - ../patches/k3s-rootless-state-dir.patch - # See: https://github.com/k3s-io/k3s/pull/9319 - ../patches/k3s-nix-snapshotter.patch - ]; - - postPatch = '' - # Nix prefers dynamically linked binaries over static binary. - - substituteInPlace scripts/package-cli \ - --replace '"$LDFLAGS $STATIC" -o' \ - '"$LDFLAGS" -o' \ - --replace "STATIC=\"-extldflags \'-static\'\"" \ - "" - - # Upstream codegen fails with trimpath set. Removes "trimpath" for 'go generate': - - substituteInPlace scripts/package-cli \ - --replace '"''${GO}" generate' \ - 'GOFLAGS="" \ - GOOS="${pkgsBuildBuild.go.GOOS}" \ - GOARCH="${pkgsBuildBuild.go.GOARCH}" \ - CC="${pkgsBuildBuild.stdenv.cc}/bin/cc" \ - "''${GO}" generate' - ''; - - # Important utilities used by the kubelet, see - # https://github.com/kubernetes/kubernetes/issues/26093#issuecomment-237202494 - # Note the list in that issue is stale and some aren't relevant for k3s. - k3sRuntimeDeps = [ - kmod - socat - iptables - iproute2 - ipset - bridge-utils - ethtool - util-linux # kubelet wants 'nsenter' from util-linux: https://github.com/kubernetes/kubernetes/issues/26093#issuecomment-705994388 - conntrack-tools - runc - ]; - - buildInputs = k3sRuntimeDeps; - - nativeBuildInputs = [ - makeWrapper - rsync - yq-go - zstd - ]; - - # embedded in the final k3s cli - propagatedBuildInputs = [ - k3sCNIPlugins - k3sContainerd - k3sServer - ]; - - # We override most of buildPhase due to peculiarities in k3s's build. - # Specifically, it has a 'go generate' which runs part of the package. See - # this comment: - # https://github.com/NixOS/nixpkgs/pull/158089#discussion_r799965694 - # So, why do we use buildGoModule at all? For the `vendorHash` / `go mod download` stuff primarily. - buildPhase = '' - patchShebangs ./scripts/package-cli ./scripts/download ./scripts/build-upload - - # copy needed 'go generate' inputs into place - mkdir -p ./bin/aux - rsync -a --no-perms ${k3sServer}/bin/ ./bin/ - ln -vsf ${k3sCNIPlugins}/bin/cni ./bin/cni - ln -vsf ${k3sContainerd}/bin/containerd-shim-runc-v2 ./bin - rsync -a --no-perms --chmod u=rwX ${k3sRoot}/etc/ ./etc/ - mkdir -p ./build/static/charts - - cp ${traefikChart} ./build/static/charts - cp ${traefik-crdChart} ./build/static/charts - - export ARCH=$GOARCH - export DRONE_TAG="v${k3sVersion}" - export DRONE_COMMIT="${k3sCommit}" - # use ./scripts/package-cli to run 'go generate' + 'go build' - - ./scripts/package-cli - mkdir -p $out/bin - ''; - - # Otherwise it depends on 'getGoDirs', which is normally set in buildPhase - doCheck = false; - - installPhase = '' - # wildcard to match the arm64 build too - install -m 0755 dist/artifacts/k3s* -D $out/bin/k3s - wrapProgram $out/bin/k3s \ - --prefix PATH : ${lib.makeBinPath k3sRuntimeDeps} \ - --prefix PATH : "$out/bin" - ln -s $out/bin/k3s $out/bin/kubectl - ln -s $out/bin/k3s $out/bin/crictl - ln -s $out/bin/k3s $out/bin/ctr - ''; - - doInstallCheck = true; - installCheckPhase = '' - $out/bin/k3s --version | grep -F "v${k3sVersion}" >/dev/null - ''; - - passthru.updateScript = updateScript; - - passthru.mkTests = version: - let k3s_version = "k3s_" + lib.replaceStrings ["."] ["_"] (lib.versions.majorMinor version); - in { - single-node = nixosTests.k3s.single-node.${k3s_version}; - multi-node = nixosTests.k3s.multi-node.${k3s_version}; - }; - passthru.tests = passthru.mkTests k3sVersion; - - - meta = baseMeta; -} diff --git a/modules/flake/k3s/default.nix b/modules/flake/k3s/default.nix deleted file mode 100644 index c372376..0000000 --- a/modules/flake/k3s/default.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ lib, callPackage, ... }@args: - -let - k3s_builder = import ./builder.nix lib; - common = opts: callPackage (k3s_builder opts); - # extraArgs is the extra arguments passed in by the caller to propogate downward. - # This is to allow all-packages.nix to do: - # - # let k3s_1_23 = (callPackage ./path/to/k3s { - # commonK3sArg = .... - # }).k3s_1_23; - extraArgs = builtins.removeAttrs args [ "callPackage" ]; -in -{ - k3s_1_27 = common ((import ./1_27/versions.nix) // { - updateScript = [ ./update-script.sh "27" ]; - }) extraArgs; -} diff --git a/modules/flake/overlays.nix b/modules/flake/overlays.nix index ae1bbdf..dfeab0c 100644 --- a/modules/flake/overlays.nix +++ b/modules/flake/overlays.nix @@ -3,29 +3,20 @@ # Provide overlay to add `nix-snapshotter`. flake.overlays.default = self: super: let - nix-snapshotter = self.callPackage ../../package.nix {}; - - containerd = super.containerd.overrideAttrs(o: rec { - version = "1.7.14"; - src = self.fetchFromGitHub { - owner = "containerd"; - repo = "containerd"; - rev = "v${version}"; - hash = "sha256-okTz2UCF5LxOdtLDBy1pN2to6WHi+I0jtR67sn7Qrbk="; - }; - patches = (o.patches or []) ++ [ - # See: https://github.com/containerd/containerd/pull/9864 - ./patches/containerd-import-compressed.patch - ]; - }); in { - inherit - containerd - nix-snapshotter - ; + nix-snapshotter = self.callPackage ../../package.nix {}; - k3s = (self.callPackage ./k3s {}).k3s_1_27; + k3s = super.k3s_1_30.override { + buildGoModule = args: super.buildGoModule (args // super.lib.optionalAttrs (args.pname != "k3s-cni-plugins" && args.pname != "k3s-containerd") { + vendorHash = { + "sha256-XtTahFaWnuHzKDI/U4d/j4C4gRxH163MCGEEM4hu/WM=" = "sha256-XuMP+ffwTdXKL9q9+ZJUQc5ghGEcdY9UdefjCD19OUE="; + }.${args.vendorHash}; + patches = (args.patches or []) ++ [ + ./patches/k3s-nix-snapshotter.patch + ]; + }); + }; }; perSystem = { system, ... }: { diff --git a/modules/flake/patches/containerd-import-compressed.patch b/modules/flake/patches/containerd-import-compressed.patch deleted file mode 100644 index 0a42829..0000000 --- a/modules/flake/patches/containerd-import-compressed.patch +++ /dev/null @@ -1,36 +0,0 @@ -commit 786b10f46aa4c10adf6f2c34f1f83d93d84af57f -Author: Edgar Lee -Date: Fri Feb 23 23:11:48 2024 +0800 - - Automatically decompress archives for transfer service import - - Signed-off-by: Edgar Lee - -diff --git a/pkg/transfer/archive/importer.go b/pkg/transfer/archive/importer.go -index a9c4cea93..b20055a0b 100644 ---- a/pkg/transfer/archive/importer.go -+++ b/pkg/transfer/archive/importer.go -@@ -24,6 +24,7 @@ import ( - ocispec "github.com/opencontainers/image-spec/specs-go/v1" - - transferapi "github.com/containerd/containerd/api/types/transfer" -+ "github.com/containerd/containerd/archive/compression" - "github.com/containerd/containerd/content" - "github.com/containerd/containerd/images/archive" - "github.com/containerd/containerd/log" -@@ -64,7 +65,14 @@ func (iis *ImageImportStream) Import(ctx context.Context, store content.Store) ( - if iis.forceCompress { - opts = append(opts, archive.WithImportCompression()) - } -- return archive.ImportIndex(ctx, store, iis.stream, opts...) -+ -+ r, err := compression.DecompressStream(iis.stream) -+ if err != nil { -+ return ocispec.Descriptor{}, err -+ } -+ defer r.Close() -+ -+ return archive.ImportIndex(ctx, store, r, opts...) - } - - func (iis *ImageImportStream) MarshalAny(ctx context.Context, sm streaming.StreamCreator) (typeurl.Any, error) { diff --git a/modules/flake/patches/k3s-nix-snapshotter.patch b/modules/flake/patches/k3s-nix-snapshotter.patch index cfa4df6..2c26537 100644 --- a/modules/flake/patches/k3s-nix-snapshotter.patch +++ b/modules/flake/patches/k3s-nix-snapshotter.patch @@ -1,224 +1,80 @@ -commit 0484bf68aaa9cdccb9444affbafaf3f8f6fc0e2a -Author: Edgar Lee -Date: Wed Feb 14 05:27:28 2024 -0500 +From 0651f14b89819509a6a848017ee682e2a8785154 Mon Sep 17 00:00:00 2001 +From: Yureka +Date: Sun, 9 Jun 2024 18:19:50 +0200 +Subject: [PATCH] Add nix-snapshotter support to the embedded containerd - Add support for nix-snapshotter +Signed-off-by: Edgar Lee +--- + go.mod | 2 ++ + go.sum | 8 +++++++- + pkg/agent/config/config.go | 6 ++++++ + pkg/agent/containerd/config_linux.go | 5 +++++ + pkg/agent/containerd/config_windows.go | 4 ++++ + pkg/agent/templates/templates_linux.go | 10 +++++++++- + pkg/containerd/builtins_linux.go | 1 + + pkg/containerd/utility_linux.go | 5 +++++ + pkg/containerd/utility_windows.go | 4 ++++ + 9 files changed, 43 insertions(+), 2 deletions(-) diff --git a/go.mod b/go.mod -index 1b55d6cd07..18bae154b3 100644 +index 1fd5bdd1c1..0ea8fe3548 100644 --- a/go.mod +++ b/go.mod -@@ -6,7 +6,7 @@ replace ( - github.com/Microsoft/hcsshim => github.com/Microsoft/hcsshim v0.11.0 - github.com/Mirantis/cri-dockerd => github.com/k3s-io/cri-dockerd v0.3.4-k3s1 // k3s/release-1.27 - github.com/cloudnativelabs/kube-router/v2 => github.com/k3s-io/kube-router/v2 v2.0.0-20230925161250-364f994b140b -- github.com/containerd/containerd => github.com/k3s-io/containerd v1.7.11-k3s2.27 -+ github.com/containerd/containerd => github.com/pdtpartners/containerd v1.0.1-stargz.0.20240214083438-8c533e066c1c - github.com/coreos/go-systemd => github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e - github.com/docker/distribution => github.com/docker/distribution v2.8.2+incompatible - github.com/docker/docker => github.com/docker/docker v24.0.0-rc.2.0.20230801142700-69c9adb7d386+incompatible -@@ -120,9 +120,10 @@ require ( - github.com/natefinch/lumberjack v2.0.0+incompatible - github.com/onsi/ginkgo/v2 v2.11.0 - github.com/onsi/gomega v1.27.10 -- github.com/opencontainers/runc v1.1.6 -+ github.com/opencontainers/runc v1.1.9 +@@ -118,6 +118,7 @@ require ( + github.com/opencontainers/runc v1.1.12 github.com/opencontainers/selinux v1.11.0 github.com/otiai10/copy v1.7.0 + github.com/pdtpartners/nix-snapshotter v0.1.2 github.com/pkg/errors v0.9.1 - github.com/rancher/dynamiclistener v0.3.6 - github.com/rancher/lasso v0.0.0-20230830164424-d684fdeb6f29 -@@ -130,7 +131,7 @@ require ( - github.com/rancher/wharfie v0.5.3 - github.com/rancher/wrangler v1.1.1 - github.com/robfig/cron/v3 v3.0.1 -- github.com/rootless-containers/rootlesskit v1.0.1 -+ github.com/rootless-containers/rootlesskit v1.1.1 - github.com/sirupsen/logrus v1.9.3 - github.com/spf13/pflag v1.0.5 - github.com/stretchr/testify v1.8.4 -@@ -169,6 +170,7 @@ require ( - require ( - cloud.google.com/go/compute v1.21.0 // indirect - cloud.google.com/go/compute/metadata v0.2.3 // indirect -+ dario.cat/mergo v1.0.0 // indirect - github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 // indirect - github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20230306123547-8075edf89bb0 // indirect - github.com/Azure/azure-sdk-for-go v56.3.0+incompatible // indirect -@@ -202,7 +204,7 @@ require ( - github.com/chai2010/gettext-go v1.0.2 // indirect + github.com/prometheus/client_golang v1.19.0 + github.com/prometheus/common v0.49.0 +@@ -195,6 +196,7 @@ require ( github.com/checkpoint-restore/go-criu/v5 v5.3.0 // indirect + github.com/chenzhuoyu/base64x v0.0.0-20221115062448-fe3a3abad311 // indirect github.com/cilium/ebpf v0.9.1 // indirect -- github.com/container-orchestrated-devices/container-device-interface v0.5.4 // indirect + github.com/container-orchestrated-devices/container-device-interface v0.6.0 // indirect - github.com/container-storage-interface/spec v1.7.0 // indirect + github.com/container-storage-interface/spec v1.8.0 // indirect github.com/containerd/btrfs/v2 v2.0.0 // indirect github.com/containerd/cgroups v1.1.0 // indirect -@@ -212,7 +214,6 @@ require ( - github.com/containerd/go-cni v1.1.9 // indirect - github.com/containerd/go-runc v1.0.0 // indirect - github.com/containerd/imgcrypt v1.1.7 // indirect -- github.com/containerd/log v0.1.0 // indirect - github.com/containerd/nri v0.4.0 // indirect - github.com/containerd/stargz-snapshotter/estargz v0.14.3 // indirect - github.com/containerd/ttrpc v1.2.2 // indirect -@@ -332,10 +333,11 @@ require ( - github.com/nats-io/nkeys v0.4.6 // indirect - github.com/nats-io/nuid v1.0.1 // indirect - github.com/opencontainers/go-digest v1.0.0 // indirect -- github.com/opencontainers/image-spec v1.1.0-rc3 // indirect -+ github.com/opencontainers/image-spec v1.1.0-rc4 // indirect - github.com/opencontainers/runtime-spec v1.1.0 // indirect - github.com/opencontainers/runtime-tools v0.9.1-0.20221107090550-2e043c6bd626 // indirect - github.com/pelletier/go-toml v1.9.5 // indirect -+ github.com/pelletier/go-toml/v2 v2.1.0 // indirect - github.com/peterbourgon/diskv v2.0.1+incompatible // indirect - github.com/pierrec/lz4 v2.6.0+incompatible // indirect - github.com/pmezard/go-difflib v1.0.0 // indirect -@@ -357,7 +359,7 @@ require ( - github.com/tchap/go-patricia/v2 v2.3.1 // indirect - github.com/tidwall/btree v1.6.0 // indirect - github.com/tmc/grpc-websocket-proxy v0.0.0-20220101234140-673ab2c3ae75 // indirect -- github.com/urfave/cli/v2 v2.23.5 // indirect -+ github.com/urfave/cli/v2 v2.25.7 // indirect - github.com/vbatts/tar-split v0.11.5 // indirect - github.com/vishvananda/netns v0.0.4 // indirect - github.com/vmware/govmomi v0.30.6 // indirect -@@ -394,7 +396,7 @@ require ( - golang.zx2c4.com/wireguard/wgctrl v0.0.0-20230429144221-925a1e7659e6 // indirect - google.golang.org/api v0.126.0 // indirect - google.golang.org/appengine v1.6.7 // indirect -- google.golang.org/genproto v0.0.0-20230711160842-782d3b101e98 // indirect -+ google.golang.org/genproto v0.0.0-20230720185612-659f7aaaa771 // indirect - google.golang.org/protobuf v1.31.0 // indirect - gopkg.in/gcfg.v1 v1.2.3 // indirect - gopkg.in/inf.v0 v0.9.1 // indirect diff --git a/go.sum b/go.sum -index 8038f23cb8..9b4af4e651 100644 +index 6b1f7cf42d..e43192815c 100644 --- a/go.sum +++ b/go.sum -@@ -71,6 +71,8 @@ cloud.google.com/go/storage v1.23.0/go.mod h1:vOEEDNFnciUMhBeT6hsJIn3ieU5cFRmzeL - cloud.google.com/go/storage v1.27.0/go.mod h1:x9DOL8TK/ygDUMieqwfhdpQryTeEkhGKMi80i/iqR2s= - cloud.google.com/go/storage v1.28.1/go.mod h1:Qnisd4CqDdo6BGs2AD5LLnEsmSQ80wQ5ogcBBKhU86Y= - cloud.google.com/go/storage v1.29.0/go.mod h1:4puEjyTKnku6gfKoTfNOU/W+a9JyuVNxjpS5GBrB8h4= -+dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk= -+dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= - dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= - github.com/AdaLogics/go-fuzz-headers v0.0.0-20221206110420-d395f97c4830/go.mod h1:VzwV+t+dZ9j/H867F1M2ziD+yLHtB46oM35FxxMJ4d0= - github.com/AdaLogics/go-fuzz-headers v0.0.0-20230106234847-43070de90fa1/go.mod h1:VzwV+t+dZ9j/H867F1M2ziD+yLHtB46oM35FxxMJ4d0= -@@ -216,8 +218,9 @@ github.com/cncf/xds/go v0.0.0-20230607035331-e9ce68804cb4 h1:/inchEIKaYC1Akx+H+g +@@ -351,6 +351,9 @@ github.com/cncf/xds/go v0.0.0-20230607035331-e9ce68804cb4 h1:/inchEIKaYC1Akx+H+g github.com/cncf/xds/go v0.0.0-20230607035331-e9ce68804cb4/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cockroachdb/datadriven v1.0.2 h1:H9MtNqVoVhvd9nCBwOyDjUEdZCREqbIdCJD93PBm/jA= github.com/cockroachdb/datadriven v1.0.2/go.mod h1:a9RdTaap04u637JoCzcUoIcDmvwSUtcUFtT/C3kJlTU= --github.com/container-orchestrated-devices/container-device-interface v0.5.4 h1:PqQGqJqQttMP5oJ/qNGEg8JttlHqGY3xDbbcKb5T9E8= - github.com/container-orchestrated-devices/container-device-interface v0.5.4/go.mod h1:DjE95rfPiiSmG7uVXtg0z6MnPm/Lx4wxKCIts0ZE0vg= ++github.com/container-orchestrated-devices/container-device-interface v0.5.4/go.mod h1:DjE95rfPiiSmG7uVXtg0z6MnPm/Lx4wxKCIts0ZE0vg= +github.com/container-orchestrated-devices/container-device-interface v0.6.0 h1:aWwcz/Ep0Fd7ZuBjQGjU/jdPloM7ydhMW13h85jZNvk= +github.com/container-orchestrated-devices/container-device-interface v0.6.0/go.mod h1:OQlgtJtDrOxSQ1BWODC8OZK1tzi9W69wek+Jy17ndzo= - github.com/container-storage-interface/spec v1.7.0 h1:gW8eyFQUZWWrMWa8p1seJ28gwDoN5CVJ4uAbQ+Hdycw= - github.com/container-storage-interface/spec v1.7.0/go.mod h1:JYuzLqr9VVNoDJl44xp/8fmCOvWPDKzuGTwCoklhuqk= + github.com/container-storage-interface/spec v1.8.0 h1:D0vhF3PLIZwlwZEf2eNbpujGCNwspwTYf2idJRJx4xI= + github.com/container-storage-interface/spec v1.8.0/go.mod h1:ROLik+GhPslwwWRNFF1KasPzroNARibH2rfz1rkg4H0= github.com/containerd/aufs v1.0.0 h1:2oeJiwX5HstO7shSrPZjrohJZLzK36wvpdmzDRkL/LY= -@@ -250,8 +253,7 @@ github.com/containerd/go-runc v1.0.0 h1:oU+lLv1ULm5taqgV/CJivypVODI4SUz1znWjv3nN - github.com/containerd/go-runc v1.0.0/go.mod h1:cNU0ZbCgCQVZK4lgG3P+9tn9/PaJNmoDXPpoJhDR+Ok= - github.com/containerd/imgcrypt v1.1.7 h1:WSf9o9EQ0KGHiUx2ESFZ+PKf4nxK9BcvV/nJDX8RkB4= - github.com/containerd/imgcrypt v1.1.7/go.mod h1:FD8gqIcX5aTotCtOmjeCsi3A1dHmTZpnMISGKSczt4k= --github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I= --github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo= -+github.com/containerd/nri v0.3.0/go.mod h1:Zw9q2lP16sdg0zYybemZ9yTDy8g7fPCIB3KXOGlggXI= - github.com/containerd/nri v0.4.0 h1:PjgIBm0RtUiFyEO6JqPBQZRQicbsIz41Fz/5VSC0zgw= - github.com/containerd/nri v0.4.0/go.mod h1:Zw9q2lP16sdg0zYybemZ9yTDy8g7fPCIB3KXOGlggXI= - github.com/containerd/stargz-snapshotter v0.14.4-0.20230913082252-7275d45b185c h1:Qr2w9ZeMciAfruOt2be10s4W13vQiTD3gAEqz3zxUrg= -@@ -661,8 +663,6 @@ github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/X - github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= - github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= - github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM= --github.com/k3s-io/containerd v1.7.11-k3s2.27 h1:p7mKeooDKqLkqiOcNUz1qFjolKOPdwGwZgdzU0GZBmw= --github.com/k3s-io/containerd v1.7.11-k3s2.27/go.mod h1:bqKO8PJAbtNpsqOM6fl5AICYSahNGKPH2K/YQQpk6Ts= - github.com/k3s-io/cri-dockerd v0.3.4-k3s1 h1:eCeVCeXzf10fyanv1gniSwidBjdO83/akv+M72uEnZc= - github.com/k3s-io/cri-dockerd v0.3.4-k3s1/go.mod h1:0KDOU8lLjp+ETJFFCcVBRQbJ8puRoDxaHBDj8C87Fk4= - github.com/k3s-io/cri-tools v1.26.0-rc.0-k3s1 h1:yWVy9pS0T1BWBMZBPRy2Q29gaLmaGknQHSnx+HStrVM= -@@ -969,8 +969,8 @@ github.com/opencontainers/image-spec v1.0.2/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zM - github.com/opencontainers/image-spec v1.0.3-0.20211202183452-c5a74bcca799/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0= - github.com/opencontainers/image-spec v1.1.0-rc2/go.mod h1:3OVijpioIKYWTqjiG0zfF6wvoJ4fAXGbjdZuI2NgsRQ= - github.com/opencontainers/image-spec v1.1.0-rc2.0.20221005185240-3a7f492d3f1b/go.mod h1:3OVijpioIKYWTqjiG0zfF6wvoJ4fAXGbjdZuI2NgsRQ= --github.com/opencontainers/image-spec v1.1.0-rc3 h1:fzg1mXZFj8YdPeNkRXMg+zb88BFV0Ys52cJydRwBkb8= --github.com/opencontainers/image-spec v1.1.0-rc3/go.mod h1:X4pATf0uXsnn3g5aiGIsVnJBR4mxhKzfwmvK/B2NTm8= -+github.com/opencontainers/image-spec v1.1.0-rc4 h1:oOxKUJWnFC4YGHCCMNql1x4YaDfYBTS5Y4x/Cgeo1E0= -+github.com/opencontainers/image-spec v1.1.0-rc4/go.mod h1:X4pATf0uXsnn3g5aiGIsVnJBR4mxhKzfwmvK/B2NTm8= - github.com/opencontainers/runc v1.1.10 h1:EaL5WeO9lv9wmS6SASjszOeQdSctvpbu0DdBQBizE40= - github.com/opencontainers/runc v1.1.10/go.mod h1:+/R6+KmDlh+hOO8NkjmgkG9Qzvypzk0yXxAPYYR65+M= - github.com/opencontainers/runtime-spec v1.0.3-0.20220909204839-494a5a6aca78 h1:R5M2qXZiK/mWPMT4VldCOiSL9HIAMuxQZWdG0CSM5+4= -@@ -989,10 +989,16 @@ github.com/otiai10/mint v1.3.0/go.mod h1:F5AjcsTsWUqX+Na9fpHb52P8pcRX2CI6A3ctIT9 - github.com/otiai10/mint v1.3.3 h1:7JgpsBaN0uMkyju4tbYHu0mnM55hNKVYLsXmwr15NQI= - github.com/otiai10/mint v1.3.3/go.mod h1:/yxELlJQ0ufhjUwhshSj+wFjZ78CnZ48/1wtmBH1OTc= +@@ -1352,6 +1355,8 @@ github.com/otiai10/mint v1.3.3/go.mod h1:/yxELlJQ0ufhjUwhshSj+wFjZ78CnZ48/1wtmBH github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= -+github.com/pdtpartners/containerd v1.0.1-stargz.0.20240214083438-8c533e066c1c h1:OWE2iwUICpISBOLVu9OpelITX4sIZwOabjbF4Vcjm8I= -+github.com/pdtpartners/containerd v1.0.1-stargz.0.20240214083438-8c533e066c1c/go.mod h1:dWUW/BzVXrFhxzfRZ1Jmr/yLlRvjryZlb1ns2SCHsgs= + github.com/pbnjay/memory v0.0.0-20210728143218-7b4eea64cf58 h1:onHthvaw9LFnH4t2DcNVpwGmV9E1BkGknEliJkfwQj0= + github.com/pbnjay/memory v0.0.0-20210728143218-7b4eea64cf58/go.mod h1:DXv8WO4yhMYhSNPKjeNKa5WY9YCIEBRbNzFFPJbWO6Y= +github.com/pdtpartners/nix-snapshotter v0.1.2 h1:rbvHZ5s/L34x8UAuJxN/H6rPgo7Jmg8fk+1hAQMFEr8= +github.com/pdtpartners/nix-snapshotter v0.1.2/go.mod h1:MKa+V5fH15XmLCDt+s8qRQeIAaadaJ3/4+/oD7f0K0k= github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= - github.com/pelletier/go-toml v1.9.3/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c= github.com/pelletier/go-toml v1.9.5 h1:4yBQzkHv+7BHq2PQUZF3Mx0IYxG7LsP222s7Agd3ve8= github.com/pelletier/go-toml v1.9.5/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c= -+github.com/pelletier/go-toml/v2 v2.1.0 h1:FnwAJ4oYMvbT/34k9zzHuZNrhlz48GB3/s6at6/MHO4= -+github.com/pelletier/go-toml/v2 v2.1.0/go.mod h1:tJU2Z3ZkXwnxa4DPO899bsyIoywizdUvyaeZurnPPDc= - github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI= - github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= - github.com/peterh/liner v0.0.0-20170211195444-bf27d3ba8e1d/go.mod h1:xIteQHvHuaLYG9IFj6mSxM0fCKrs34IrEQUhOYuGPHc= -@@ -1073,8 +1079,8 @@ github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTE - github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs= - github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= - github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= --github.com/rootless-containers/rootlesskit v1.0.1 h1:jepqW1txFSowKSMAEkVhWH3Oa1TCY9S400MVYe/6Iro= --github.com/rootless-containers/rootlesskit v1.0.1/go.mod h1:t2UAiYagxrJ+wmpFAUIZPcqsm4k2B7ve6g7lILKbloc= -+github.com/rootless-containers/rootlesskit v1.1.1 h1:F5psKWoWY9/VjZ3ifVcaosjvFZJOagX85U22M0/EQZE= -+github.com/rootless-containers/rootlesskit v1.1.1/go.mod h1:UD5GoA3dqKCJrnvnhVgQQnweMF2qZnf9KLw8EewcMZI= - github.com/rs/xid v1.5.0 h1:mKX4bl4iPYJtEIxp6CYiUuLQ/8DYMoz0PUdtGgMFRVc= - github.com/rs/xid v1.5.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg= - github.com/rubiojr/go-vhd v0.0.0-20200706105327-02e210299021 h1:if3/24+h9Sq6eDx8UUz1SO9cT9tizyIsATfB7b4D3tc= -@@ -1179,8 +1185,8 @@ github.com/urfave/cli v1.22.4/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtX - github.com/urfave/cli v1.22.12/go.mod h1:sSBEIC79qR6OvcmsD4U3KABeOTxDqQtdDnaFuUN30b8= - github.com/urfave/cli v1.22.14 h1:ebbhrRiGK2i4naQJr+1Xj92HXZCrK7MsyTS/ob3HnAk= - github.com/urfave/cli v1.22.14/go.mod h1:X0eDS6pD6Exaclxm99NJ3FiCDRED7vIHpx2mDOHLvkA= --github.com/urfave/cli/v2 v2.23.5 h1:xbrU7tAYviSpqeR3X4nEFWUdB/uDZ6DE+HxmRU7Xtyw= --github.com/urfave/cli/v2 v2.23.5/go.mod h1:GHupkWPMM0M/sj1a2b4wUrWBPzazNrIjouW6fmdJLxc= -+github.com/urfave/cli/v2 v2.25.7 h1:VAzn5oq403l5pHjc4OhD54+XGO9cdKVL/7lDjF+iKUs= -+github.com/urfave/cli/v2 v2.25.7/go.mod h1:8qnjx1vcq5s2/wpsqoZFndg2CE5tNFyrTvS6SinrnYQ= - github.com/vbatts/tar-split v0.11.2/go.mod h1:vV3ZuO2yWSVsz+pfFzDG/upWH1JhjOiEaWq6kXyQ3VI= - github.com/vbatts/tar-split v0.11.5 h1:3bHCTIheBm1qFTcgh9oPu+nNBtX+XJIupG/vacinCts= - github.com/vbatts/tar-split v0.11.5/go.mod h1:yZbwRsSeGjusneWgA781EKej9HF8vme8okylkAeNKLk= -@@ -1260,7 +1266,7 @@ go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.13.0 h1:Any/nVxaoMq1T2w0W85 - go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.13.0/go.mod h1:46vAP6RWfNn7EKov73l5KBFlNxz8kYlxR1woU+bJ4ZY= - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.13.0 h1:Wz7UQn7/eIqZVDJbuNEM6PmqeA71cWXrWcXekP5HZgU= - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.13.0/go.mod h1:OhH1xvgA5jZW2M/S4PcvtDlFE1VULRRBsibBrKuJQGI= --go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.19.0/go.mod h1:oVdCUtjq9MK9BlS7TtucsQwUcXcymNiEDjgDD2jMtZU= -+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.14.0/go.mod h1:+N7zNjIJv4K+DeX67XXET0P+eIciESgaFDBqh+ZJFS4= - go.opentelemetry.io/otel/metric v0.32.1 h1:ftff5LSBCIDwL0UkhBuDg8j9NNxx2IusvJ18q9h6RC4= - go.opentelemetry.io/otel/metric v0.32.1/go.mod h1:iLPP7FaKMAD5BIxJ2VX7f2KTuz//0QK2hEUyti5psqQ= - go.opentelemetry.io/otel/sdk v1.13.0 h1:BHib5g8MvdqS65yo2vV1s6Le42Hm6rrw08qU6yz5JaM= -@@ -1488,6 +1494,7 @@ google.golang.org/cloud v0.0.0-20151119220103-975617b05ea8/go.mod h1:0H1ncTHf11K - google.golang.org/genproto v0.0.0-20220502173005-c8bf987b8c21 h1:hrbNEivu7Zn1pxvHk6MBrq9iE22woVILTHqexqBxe6I= - google.golang.org/genproto v0.0.0-20220502173005-c8bf987b8c21/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4= - google.golang.org/genproto/googleapis/api v0.0.0-20230525234020-1aefcd67740a/go.mod h1:ts19tUU+Z0ZShN1y3aPyq2+O3d5FUNNgT6FtOzmrNn8= -+google.golang.org/genproto/googleapis/api v0.0.0-20230525234035-dd9d682886f9/go.mod h1:vHYtlOoi6TsQ3Uk2yxR7NI5z8uoV+3pZtR4jmHIkRig= - google.golang.org/genproto/googleapis/api v0.0.0-20230526203410-71b5a4ffd15e/go.mod h1:vHYtlOoi6TsQ3Uk2yxR7NI5z8uoV+3pZtR4jmHIkRig= - google.golang.org/genproto/googleapis/api v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:vHYtlOoi6TsQ3Uk2yxR7NI5z8uoV+3pZtR4jmHIkRig= - google.golang.org/genproto/googleapis/api v0.0.0-20230711160842-782d3b101e98/go.mod h1:rsr7RhLuwsDKL7RmgDDCUc6yaGr1iqceVb5Wv6f6YvQ= -@@ -1554,8 +1561,8 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= +@@ -2170,8 +2175,9 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gotest.tools/v3 v3.0.2/go.mod h1:3SzNCllyD9/Y+b5r9JIKQ474KzkZyqLqEfYqMsX94Bk= gotest.tools/v3 v3.0.3/go.mod h1:Z7Lb0S5l+klDB31fvDQX8ss/FlKDxtlFlw3Oa8Ymbl8= -gotest.tools/v3 v3.4.0 h1:ZazjZUfuVeZGLAmlKKuyv3IKP5orXcwtOwDQH6YVr6o= gotest.tools/v3 v3.4.0/go.mod h1:CtbdzLSsqVhDgMtKsx03ird5YTGB3ar27v0u/yKBW5g= +gotest.tools/v3 v3.5.1 h1:EENdUnS3pdur5nybKYIh2Vfgc8IUNBjxDPSjtiJcOzU= - honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= - honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= - honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= ++gotest.tools/v3 v3.5.1/go.mod h1:isy3WKz7GK6uNw/sbHzfKBLvlvXwUyV06n6brMxxopU= + grpc.go4.org v0.0.0-20170609214715-11d0a25b4919/go.mod h1:77eQGdRu53HpSqPFJFmuJdjuHRquDANNeA4x7B8WQ9o= + honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= + honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= diff --git a/pkg/agent/config/config.go b/pkg/agent/config/config.go -index c3cdf316b8..2c1e6ed25d 100644 +index 9257ba718f..961b2a1775 100644 --- a/pkg/agent/config/config.go +++ b/pkg/agent/config/config.go -@@ -553,6 +553,12 @@ func get(ctx context.Context, envInfo *cmds.Agent, proxy proxy.Proxy) (*config.N +@@ -564,6 +564,12 @@ func get(ctx context.Context, envInfo *cmds.Agent, proxy proxy.Proxy) (*config.N nodeConfig.Containerd.Root) } nodeConfig.AgentConfig.ImageServiceSocket = "/run/containerd-stargz-grpc/containerd-stargz-grpc.sock" @@ -232,18 +88,18 @@ index c3cdf316b8..2c1e6ed25d 100644 } else { nodeConfig.AgentConfig.ImageServiceSocket = nodeConfig.ContainerRuntimeEndpoint diff --git a/pkg/agent/containerd/config_linux.go b/pkg/agent/containerd/config_linux.go -index 4a5cd21dfe..ae43adc899 100644 +index 9808949dd3..9a0f9fe5d4 100644 --- a/pkg/agent/containerd/config_linux.go +++ b/pkg/agent/containerd/config_linux.go -@@ -18,6 +18,7 @@ import ( +@@ -16,6 +16,7 @@ import ( "github.com/k3s-io/k3s/pkg/daemons/config" "github.com/k3s-io/k3s/pkg/version" "github.com/opencontainers/runc/libcontainer/userns" + "github.com/pdtpartners/nix-snapshotter/pkg/nix" "github.com/pkg/errors" - "github.com/rancher/wharfie/pkg/registries" "github.com/sirupsen/logrus" -@@ -127,3 +128,7 @@ func FuseoverlayfsSupported(root string) error { + "golang.org/x/sys/unix" +@@ -117,3 +118,7 @@ func FuseoverlayfsSupported(root string) error { func StargzSupported(root string) error { return stargz.Supported(root) } @@ -252,10 +108,10 @@ index 4a5cd21dfe..ae43adc899 100644 + return nix.Supported(root) +} diff --git a/pkg/agent/containerd/config_windows.go b/pkg/agent/containerd/config_windows.go -index 6efbb7a148..8cd64a52bc 100644 +index 4172ad315e..dfbd3919ba 100644 --- a/pkg/agent/containerd/config_windows.go +++ b/pkg/agent/containerd/config_windows.go -@@ -85,3 +85,7 @@ func FuseoverlayfsSupported(root string) error { +@@ -64,3 +64,7 @@ func FuseoverlayfsSupported(root string) error { func StargzSupported(root string) error { return errors.Wrapf(util3.ErrUnsupportedPlatform, "stargz is not supported") } @@ -264,7 +120,7 @@ index 6efbb7a148..8cd64a52bc 100644 + return errors.Wrapf(util3.ErrUnsupportedPlatform, "nix is not supported") +} diff --git a/pkg/agent/templates/templates_linux.go b/pkg/agent/templates/templates_linux.go -index 66f8ee1080..263317055a 100644 +index 0df107abaa..16257eb3c5 100644 --- a/pkg/agent/templates/templates_linux.go +++ b/pkg/agent/templates/templates_linux.go @@ -35,7 +35,7 @@ version = 2 @@ -333,3 +189,6 @@ index 13a58e55bf..6f6833177f 100644 +func NixSupported(root string) error { + return errors.Wrapf(util2.ErrUnsupportedPlatform, "nix is not supported") +} +-- +2.44.1 + diff --git a/modules/flake/patches/k3s-rootless-containerd-sock.patch b/modules/flake/patches/k3s-rootless-containerd-sock.patch deleted file mode 100644 index 42dcee3..0000000 --- a/modules/flake/patches/k3s-rootless-containerd-sock.patch +++ /dev/null @@ -1,54 +0,0 @@ -commit 06cd3dd65431192ea1d7eba691bc2cc032448226 -Author: Edgar Lee -Date: Sat Jan 27 08:51:17 2024 -0500 - - Expose rootless containerd socket directories for external access - - Signed-off-by: Edgar Lee - -diff --git a/pkg/rootless/mounts.go b/pkg/rootless/mounts.go -index 2c19f2343c..f4db388a9e 100644 ---- a/pkg/rootless/mounts.go -+++ b/pkg/rootless/mounts.go -@@ -6,6 +6,7 @@ package rootless - import ( - "fmt" - "os" -+ "os/user" - "path/filepath" - "strings" - -@@ -25,11 +26,17 @@ func setupMounts(stateDir string) error { - _ = os.RemoveAll(f) - } - -+ runDir, err := resolveRunDir() -+ if err != nil { -+ return err -+ } -+ - mountMap := [][]string{ - {"/var/log", filepath.Join(stateDir, "logs")}, - {"/var/lib/cni", filepath.Join(stateDir, "cni")}, - {"/var/lib/kubelet", filepath.Join(stateDir, "kubelet")}, - {"/etc/rancher", filepath.Join(stateDir, "etc", "rancher")}, -+ {"/run/k3s/containerd", filepath.Join(runDir, "k3s", "containerd")}, - } - - for _, v := range mountMap { -@@ -91,3 +98,15 @@ func setupMount(target, dir string) error { - logrus.Debug("Mounting ", dir, target, " none bind") - return unix.Mount(dir, target, "none", unix.MS_BIND, "") - } -+ -+func resolveRunDir() (string, error) { -+ runDir := os.Getenv("XDG_RUNTIME_DIR") -+ if runDir == "" { -+ u, err := user.Lookup(os.Getenv("USER")) -+ if err != nil { -+ return "", err -+ } -+ runDir = filepath.Join("/run/user", u.Uid) -+ } -+ return runDir, nil -+} diff --git a/modules/flake/patches/k3s-rootless-state-dir.patch b/modules/flake/patches/k3s-rootless-state-dir.patch deleted file mode 100644 index 2e7befd..0000000 --- a/modules/flake/patches/k3s-rootless-state-dir.patch +++ /dev/null @@ -1,24 +0,0 @@ -commit 065e2afaf61e9e6996b8c1d909e13840ee5639fa -Author: Edgar Lee -Date: Fri Jan 26 22:49:37 2024 -0500 - - Expose rootless state dir under ~/.rancher/k3s/rootless - - Signed-off-by: Edgar Lee - -diff --git a/pkg/rootless/rootless.go b/pkg/rootless/rootless.go -index 97266d7eaf..f584e7b4a7 100644 ---- a/pkg/rootless/rootless.go -+++ b/pkg/rootless/rootless.go -@@ -132,11 +132,6 @@ func createParentOpt(driver portDriver, stateDir string, enableIPv6 bool) (*pare - return nil, errors.Wrapf(err, "failed to mkdir %s", stateDir) - } - -- stateDir, err := os.MkdirTemp("", "rootless") -- if err != nil { -- return nil, err -- } -- - driver.SetStateDir(stateDir) - - opt := &parent.Opt{