Skip to content

Commit 638b474

Browse files
dmcgowandmcgowan
committed
Temporarily remove imgcrypt in CRI to fix circular dependency
Signed-off-by: Derek McGowan <[email protected]>
1 parent 1921680 commit 638b474

171 files changed

Lines changed: 39 additions & 47811 deletions

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

go.mod

Lines changed: 0 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,6 @@ require (
1717
github.com/containerd/fifo v1.1.0
1818
github.com/containerd/go-cni v1.1.9
1919
github.com/containerd/go-runc v1.1.0
20-
github.com/containerd/imgcrypt v1.1.7
2120
github.com/containerd/log v0.1.0
2221
github.com/containerd/nri v0.5.0
2322
github.com/containerd/ttrpc v1.2.2
@@ -83,8 +82,6 @@ require (
8382
github.com/cenkalti/backoff/v4 v4.2.1 // indirect
8483
github.com/cespare/xxhash/v2 v2.2.0 // indirect
8584
github.com/cilium/ebpf v0.9.1 // indirect
86-
github.com/containerd/typeurl v1.0.2 // indirect
87-
github.com/containers/ocicrypt v1.1.6 // indirect
8885
github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect
8986
github.com/emicklei/go-restful/v3 v3.10.2 // indirect
9087
github.com/go-logr/logr v1.2.4 // indirect
@@ -100,7 +97,6 @@ require (
10097
github.com/json-iterator/go v1.1.12 // indirect
10198
github.com/klauspost/cpuid/v2 v2.2.5 // indirect
10299
github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
103-
github.com/miekg/pkcs11 v1.1.1 // indirect
104100
github.com/moby/spdystream v0.2.0 // indirect
105101
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
106102
github.com/modern-go/reflect2 v1.0.2 // indirect
@@ -110,15 +106,12 @@ require (
110106
github.com/prometheus/common v0.44.0 // indirect
111107
github.com/prometheus/procfs v0.10.1 // indirect
112108
github.com/russross/blackfriday/v2 v2.1.0 // indirect
113-
github.com/stefanberger/go-pkcs11uri v0.0.0-20201008174630-78d3cae3a980 // indirect
114109
github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 // indirect
115110
github.com/vishvananda/netns v0.0.4 // indirect
116-
go.mozilla.org/pkcs7 v0.0.0-20200128120323-432b2356ecb1 // indirect
117111
go.opencensus.io v0.24.0 // indirect
118112
go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.14.0 // indirect
119113
go.opentelemetry.io/otel/metric v0.37.0 // indirect
120114
go.opentelemetry.io/proto/otlp v0.19.0 // indirect
121-
golang.org/x/crypto v0.14.0 // indirect
122115
golang.org/x/mod v0.12.0 // indirect
123116
golang.org/x/net v0.17.0 // indirect
124117
golang.org/x/oauth2 v0.10.0 // indirect
@@ -130,7 +123,6 @@ require (
130123
google.golang.org/genproto v0.0.0-20230720185612-659f7aaaa771 // indirect
131124
google.golang.org/genproto/googleapis/api v0.0.0-20230726155614-23370e0ffb3e // indirect
132125
gopkg.in/inf.v0 v0.9.1 // indirect
133-
gopkg.in/square/go-jose.v2 v2.6.0 // indirect
134126
gopkg.in/yaml.v2 v2.4.0 // indirect
135127
gopkg.in/yaml.v3 v3.0.1 // indirect
136128
k8s.io/api v0.28.2 // indirect

go.sum

Lines changed: 0 additions & 474 deletions
Large diffs are not rendered by default.

pkg/cri/server/images/image_pull.go

Lines changed: 12 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -33,8 +33,6 @@ import (
3333
"sync/atomic"
3434
"time"
3535

36-
"github.com/containerd/imgcrypt"
37-
"github.com/containerd/imgcrypt/images/encryption"
3836
imagedigest "github.com/opencontainers/go-digest"
3937
imagespec "github.com/opencontainers/image-spec/specs-go/v1"
4038
runtime "k8s.io/cri-api/pkg/apis/runtime/v1"
@@ -171,7 +169,8 @@ func (c *CRIImageService) PullImage(ctx context.Context, r *runtime.PullImageReq
171169
}),
172170
}
173171

174-
pullOpts = append(pullOpts, c.encryptedImagesPullOpts()...)
172+
// Temporarily removed for v2 upgrade
173+
//pullOpts = append(pullOpts, c.encryptedImagesPullOpts()...)
175174
if !c.config.ContainerdConfig.DisableSnapshotAnnotations {
176175
pullOpts = append(pullOpts,
177176
containerd.WithImageHandlerWrapper(snpkg.AppendInfoHandlerWrapper(ref)))
@@ -545,15 +544,16 @@ func newTransport() *http.Transport {
545544

546545
// encryptedImagesPullOpts returns the necessary list of pull options required
547546
// for decryption of encrypted images based on the cri decryption configuration.
548-
func (c *CRIImageService) encryptedImagesPullOpts() []containerd.RemoteOpt {
549-
if c.config.ImageDecryption.KeyModel == criconfig.KeyModelNode {
550-
ltdd := imgcrypt.Payload{}
551-
decUnpackOpt := encryption.WithUnpackConfigApplyOpts(encryption.WithDecryptedUnpack(&ltdd))
552-
opt := containerd.WithUnpackOpts([]containerd.UnpackOpt{decUnpackOpt})
553-
return []containerd.RemoteOpt{opt}
554-
}
555-
return nil
556-
}
547+
// Temporarily removed for v2 upgrade
548+
//func (c *CRIImageService) encryptedImagesPullOpts() []containerd.RemoteOpt {
549+
// if c.config.ImageDecryption.KeyModel == criconfig.KeyModelNode {
550+
// ltdd := imgcrypt.Payload{}
551+
// decUnpackOpt := encryption.WithUnpackConfigApplyOpts(encryption.WithDecryptedUnpack(&ltdd))
552+
// opt := containerd.WithUnpackOpts([]containerd.UnpackOpt{decUnpackOpt})
553+
// return []containerd.RemoteOpt{opt}
554+
// }
555+
// return nil
556+
//}
557557

558558
const (
559559
// minPullProgressReportInternal is used to prevent the reporter from

pkg/cri/server/images/image_pull_test.go

Lines changed: 27 additions & 26 deletions
Original file line numberDiff line numberDiff line change
@@ -348,32 +348,33 @@ func TestDefaultScheme(t *testing.T) {
348348
}
349349
}
350350

351-
func TestEncryptedImagePullOpts(t *testing.T) {
352-
for _, test := range []struct {
353-
desc string
354-
keyModel string
355-
expectedOpts int
356-
}{
357-
{
358-
desc: "node key model should return one unpack opt",
359-
keyModel: criconfig.KeyModelNode,
360-
expectedOpts: 1,
361-
},
362-
{
363-
desc: "no key model selected should default to node key model",
364-
keyModel: "",
365-
expectedOpts: 0,
366-
},
367-
} {
368-
test := test
369-
t.Run(test.desc, func(t *testing.T) {
370-
c := newTestCRIService()
371-
c.config.ImageDecryption.KeyModel = test.keyModel
372-
got := len(c.encryptedImagesPullOpts())
373-
assert.Equal(t, test.expectedOpts, got)
374-
})
375-
}
376-
}
351+
// Temporarily remove for v2 upgrade
352+
//func TestEncryptedImagePullOpts(t *testing.T) {
353+
// for _, test := range []struct {
354+
// desc string
355+
// keyModel string
356+
// expectedOpts int
357+
// }{
358+
// {
359+
// desc: "node key model should return one unpack opt",
360+
// keyModel: criconfig.KeyModelNode,
361+
// expectedOpts: 1,
362+
// },
363+
// {
364+
// desc: "no key model selected should default to node key model",
365+
// keyModel: "",
366+
// expectedOpts: 0,
367+
// },
368+
// } {
369+
// test := test
370+
// t.Run(test.desc, func(t *testing.T) {
371+
// c := newTestCRIService()
372+
// c.config.ImageDecryption.KeyModel = test.keyModel
373+
// got := len(c.encryptedImagesPullOpts())
374+
// assert.Equal(t, test.expectedOpts, got)
375+
// })
376+
// }
377+
//}
377378

378379
func TestSnapshotterFromPodSandboxConfig(t *testing.T) {
379380
defaultSnashotter := "native"

vendor/github.com/containerd/imgcrypt/.gitignore

Lines changed: 0 additions & 2 deletions
This file was deleted.

vendor/github.com/containerd/imgcrypt/.golangci.yml

Lines changed: 0 additions & 20 deletions
This file was deleted.

vendor/github.com/containerd/imgcrypt/CHANGES

Lines changed: 0 additions & 48 deletions
This file was deleted.

0 commit comments

Comments
 (0)