Skip to content

[release/1.6 backport] archive: disable looking up usernames and groupnames on the host #8230

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
kzys merged 1 commit into from
Mar 9, 2023
Merged

[release/1.6 backport] archive: disable looking up usernames and groupnames on the host #8230

kzys merged 1 commit into from
Mar 9, 2023

Conversation

@thaJeztah
Copy link
Member

@thaJeztah thaJeztah commented Mar 7, 2023

@k8s-ci-robot
Copy link

k8s-ci-robot commented Mar 7, 2023

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@AkihiroSuda @thaJeztah
archive: disable looking up usernames and groupnames on the host
063ad2f 
These strings were resolved using the user information on the host
filesystem and were decreasing reproducibility.

For moby/buildkit issue 3688

Signed-off-by: Akihiro Suda <[email protected]>
(cherry picked from commit d26587c)
Signed-off-by: Sebastiaan van Stijn <[email protected]>
@thaJeztah thaJeztah force-pushed the 1.6_backport_archive_discard_uname_gname branch from d8d0bcf to 063ad2f Compare March 8, 2023 19:22
@thaJeztah thaJeztah marked this pull request as ready for review March 8, 2023 19:23
@thaJeztah
Copy link
Member Author

thaJeztah commented Mar 8, 2023

Rebased, and moved out of draft; @AkihiroSuda @kzys @cpuguy83 ptal

kzys
kzys approved these changes Mar 9, 2023
View reviewed changes
Copy link
Member

@kzys kzys left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me. Restarting the failing Windows test.

@thaJeztah
Copy link
Member Author

thaJeztah commented Mar 9, 2023

Thanks! Looks green now 🎉

@kzys kzys merged commit 6294803 into containerd:release/1.6 Mar 9, 2023
@thaJeztah thaJeztah deleted the 1.6_backport_archive_discard_uname_gname branch March 9, 2023 18:38
@AkihiroSuda AkihiroSuda mentioned this pull request Mar 23, 2023
Merged
@dmcgowan dmcgowan mentioned this pull request Mar 25, 2023
Merged
Mengkzhaoyun pushed a commit to open-beagle/containerd that referenced this pull request Apr 10, 2023
Merge tag 'v1.6.20'
094c21e 
containerd 1.6.20

Welcome to the v1.6.20 release of containerd!

The twentieth patch release for containerd 1.6 contains various fixes and updates.

* **Disable looking up usernames and groupnames on host** ([#8230](containerd/containerd#8230))
* **Add support for Windows ArgsEscaped images** ([#8273](containerd/containerd#8273))
* **Update hcsshim to v0.9.8** ([#8274](containerd/containerd#8274))
* **Fix debug flag in shim** ([#8288](containerd/containerd#8288))
* **Add `WithReadonlyTempMount` to support readonly temporary mounts** ([#8299](containerd/containerd#8299))
* **Update ttrpc to fix file descriptor leak** ([#8308](containerd/containerd#8308))
* **Update runc binary to v1.1.5** ([#8324](containerd/containerd#8324))
* **Update image config to support ArgsEscaped** ([#8306](containerd/containerd#8306))

See the changelog for complete list of changes

Please try out the release binaries and report any issues at
https://github.com/containerd/containerd/issues.

* Sebastiaan van Stijn
* Derek McGowan
* Maksym Pavlenko
* Akihiro Suda
* Phil Estes
* Eng Zer Jun
* Justin Terry
* Kazuyoshi Kato
* Wei Fu
* Abirdcfly
* Gabriel Adrian Samfira
* Henry Wang
* Kang.Zhang
* Kirtana Ashok
* Laura Brehm
* Luca Comellini
* Paul "TBBle" Hampson
* liyuxuan.darfux
* ningmingxiao
* wanglei
<details><summary>48 commits</summary>
<p>

* [release/1.6] Prepare release notes for v1.6.20 ([#8310](containerd/containerd#8310))
  * [`a039a2b9c`](containerd/containerd@a039a2b) Prepare release notes for v1.6.20
* [release/1.6]Updates oci image config to support upstream ArgsEscaped ([#8306](containerd/containerd#8306))
  * [`5dd94a7e6`](containerd/containerd@5dd94a7) Updates oci image config to support upstream ArgsEscaped
* [release/1.6] update runc binary to v1.1.5 ([#8324](containerd/containerd#8324))
  * [`59fa6b191`](containerd/containerd@59fa6b1) update runc binary to v1.1.5
  * [`0c0aad93e`](containerd/containerd@0c0aad9) go.mod: github.com/opencontainers/runc v1.1.5
* [release/1.6] Update ttrpc to v1.1.1 ([#8308](containerd/containerd#8308))
  * [`50a6be0b4`](containerd/containerd@50a6be0) Update ttrpc to v1.1.1
* [release/1.6 backport] Add `WithReadonlyTempMount` to create readonly temporary mounts ([#8299](containerd/containerd#8299))
  * [`8cead6594`](containerd/containerd@8cead65) Add `WithReadonlyTempMount` to create readonly temporary mounts
* [release/1.6] Adds support for Windows ArgsEscaped images ([#8273](containerd/containerd#8273))
  * [`f0dc0297d`](containerd/containerd@f0dc029) Adds support for Windows ArgsEscaped images
* [release/1.6]go.mod: Bump hcsshim tag to v0.9.8 ([#8274](containerd/containerd#8274))
  * [`5981a24e2`](containerd/containerd@5981a24) Update hcsshim tag to v0.9.8
* [1.6] shim: fix debug flag not working ([#8288](containerd/containerd#8288))
  * [`28f1e32e3`](containerd/containerd@28f1e32) shim: fix debug flag not working
* [release/1.6] cherry-pick: Update go-restful to v3 ([#8271](containerd/containerd#8271))
  * [`5a8ea75df`](containerd/containerd@5a8ea75) Update go-restful to v3
  * [`59bdc1d5a`](containerd/containerd@59bdc1d) go.mod: update to github.com/emicklei/go-restful/v3 v3.7.3
* [release/1.6] Go 1.19.7 ([#8238](containerd/containerd#8238))
  * [`86e0bd9e3`](containerd/containerd@86e0bd9) Go 1.19.7
* [release/1.6 backport] archive: disable looking up usernames and groupnames on the host ([#8230](containerd/containerd#8230))
  * [`063ad2f19`](containerd/containerd@063ad2f) archive: disable looking up usernames and groupnames on the host
* [release/1.6 backport] assorted linting, and golang update-related changes ([#8229](containerd/containerd#8229))
  * [`9cbea6fe7`](containerd/containerd@9cbea6f) Enable dupword linter
  * [`c73f1abff`](containerd/containerd@c73f1ab) Bump golangci-lint to v1.50.1
  * [`f198f7724`](containerd/containerd@f198f77) update golangci-lint to v1.49.0
  * [`e6179af1e`](containerd/containerd@e6179af) remove unneeded nolint-comments (nolintlint), disable deprecated linters
  * [`77160e6b5`](containerd/containerd@77160e6) [release/1.6] adjust some nolint comments
  * [`95655f4ce`](containerd/containerd@95655f4) clean-up "nolint" comments, remove unused ones
  * [`9f0617ecc`](containerd/containerd@9f0617e) pkg/cri/(server|sbserver): criService.getTLSConfig() add TODO to verify nolint
  * [`e66397d83`](containerd/containerd@e66397d) golangci-lint: sort linters in config file
  * [`682a567e9`](containerd/containerd@682a567) linting: address gosec G112/G114
  * [`627f563e6`](containerd/containerd@627f563) chore: remove duplicate word in comments
  * [`efb88a8bb`](containerd/containerd@efb88a8) pkg/cri/streaming: increase ReadHeaderTimeout
  * [`45f055df6`](containerd/containerd@45f055d) Update protobuf definitions
  * [`584707524`](containerd/containerd@5847075) Run gofmt 1.19
  * [`f33e38572`](containerd/containerd@f33e385) Switch to Go 1.19
  * [`fc10cd23a`](containerd/containerd@fc10cd2) remove duplicate
  * [`7cbb9e746`](containerd/containerd@7cbb9e7) Update linters to use t.Setenv
  * [`4347a3265`](containerd/containerd@4347a32) Use t.Setenv instead of os.Setenv
  * [`10357eab5`](containerd/containerd@10357ea) Address some timeout issues in the Windows CI
  * [`977ce8ef5`](containerd/containerd@977ce8e) Enable gosec linter for golangci-lint
  * [`c23945c5f`](containerd/containerd@c23945c) test: remove redundant `mountPoint`
  * [`588ed91d3`](containerd/containerd@588ed91) test: use `T.TempDir` to create temporary test directory
  * [`c2ed63c86`](containerd/containerd@c2ed63c) Remove hardcoded /tmp in tempfile paths
  * [`7e382c516`](containerd/containerd@7e382c5) fix Implicit memory aliasing in for loop
</p>
</details>
<details><summary>2 commits</summary>
<p>

* [release/1.1] server: Fix connection leak when receiving ECONNRESET ([#136](containerd/ttrpc#136))
  * [`8977f59`](containerd/ttrpc@8977f59) server: Fix connection leak when receiving ECONNRESET
</p>
</details>

* **github.com/Microsoft/hcsshim**          v0.9.7 -> v0.9.8
* **github.com/containerd/ttrpc**           v1.1.0 -> v1.1.1
* **github.com/emicklei/go-restful/v3**     v3.7.3 **_new_**
* **github.com/opencontainers/image-spec**  c5a74bcca799 -> 3a7f492d3f1b
* **github.com/opencontainers/runc**        v1.1.2 -> v1.1.5

Previous release can be found at [v1.6.19](https://github.com/containerd/containerd/releases/tag/v1.6.19)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kzys kzys kzys approved these changes

@cpuguy83 cpuguy83 cpuguy83 approved these changes

@AkihiroSuda AkihiroSuda AkihiroSuda approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@thaJeztah @k8s-ci-robot @kzys @cpuguy83 @AkihiroSuda