Add cleanup for the init layer directory if any operation fails after
driver.CreateReadWrite() succeeds in initMount(). Previously, failures
in driver.Get(), initFunc(), or driver.Put() would leave an orphaned
overlay2 directory.
Related to moby/moby#45939
Signed-off-by: Jan Scheffler <jan.scheffler@qodev.ai>
Add cleanup for the RW layer directory if saveMount() fails after
driver.CreateReadWrite() succeeds. Previously, this failure path would
leave an orphaned overlay2 directory with no corresponding metadata.
Related to moby/moby#45939
Signed-off-by: Jan Scheffler <jan.scheffler@qodev.ai>
Start the metadata transaction before creating the overlay2 directory.
This ensures that if driver.Create() fails, we can properly cancel the
transaction. Previously, if StartTransaction() failed after driver.Create()
succeeded, the defer cleanup would not run (not registered yet), leaving
an orphaned overlay2 directory.
The fix reorders operations so that:
1. Transaction is started first (no filesystem changes yet)
2. Overlay2 directory is created second (transaction ready for cleanup)
3. Defer is registered after both succeed (tx is guaranteed non-nil)
If driver.Create() fails, the transaction is explicitly cancelled before
returning. The nil check for tx in the defer is no longer needed since
tx is guaranteed to exist when the defer runs.
Related to moby/moby#45939
Signed-off-by: Jan Scheffler <jan.scheffler@qodev.ai>
The image exporter wrapper was unconditionally setting `unpack=true` for
all build exports, preventing users from controlling this behavior
through buildkit's output image exporter option.
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
Currently requires replace rule for swarmkit etcd.
BuildKit itself doesn't use etcd but version gets bumped
via unused dependency.
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This workaround was added in df519e9e1a, pending
a fix in containerd;
> daemon: Fix giving up too early while connecting to containerd socket
>
> Explicitly set the gRPC connection params to take the timeout into
> account to workaround the containerd v2 client not passing down the
> stack.
>
> containerd v2 replaced usages of deprecated gRPC functions but didn't
> pass the timeout to the actual dial connection options.
A fix for this was merged in [containerd@ee574e7], which is part of containerd
v2.1.0-beta.0, and backported to containerd v2.0.4 through [containerd@6b5efba].
[containerd@ee574e7]: ee574e76e7
[containerd@6b5efba]: 6b5efba83b
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- Introduced DefaultIsolation method in the Daemon to return the daemon configured isolation mode for Windows.
Signed-off-by: Vigilans <vigilans@foxmail.com>
Use a singleflight for collecting the build-cache usage; collecting this
information is potentially heavy-weight, and we already do this for the
other disk-usage methods.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Move calculation of the data to the builder backend, to align with
the other type of objects. This also allows us to skip the verbose
data if it's not used.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Writing the OCI manifest file to the blobs/digest dir will update the
directory mtime, producing a tar file containing a member with a
contemporary mtime. Exported tars for the same image will therefore have
different checksums.
Although this was previously addressed by overriding the mtime manually
to 0, this was done before the OCI manifest file was written. This
change simply moves the call to system.Chtimes to set the mtime of the
blobs/digest directory to 0 after writing the OCI manifest file.
This commit also updates the TestSaveCheckTimes integration test to
check the mtime of all members in the exported tar to ensure that all
mtime are not newer than img.Created or 0 (depending on whether the
containerd-snapshotter is disabled or enabled, respectively).
Signed-off-by: Sam Nicholls <sam.nicholls@nanoporetech.com>
This type was used as Aux message for docker push, was not documented,
and only present for Docker Content Trust (which is deprecated).
This patch removes it from the API module, and moves the type internal.
We can stop sending this Aux message once DCT is fully phased out.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The schema of a JSON-stream message is very pertinent to the api module.
Provide a canonical definition in the api module and refactor the daemon
code to use it. Drop the long-deprecated ErrorMessage field from the API
definition, but have the daemon continue to emit it for compatibility
with docker-py v7.1.0.
Co-authored-by: Cory Snider <csnider@mirantis.com>
Signed-off-by: Austin Vazquez <austin.vazquez@docker.com>
Move the progress package up into the client as a temporary shared location for
common clients like CLI and compose.
The progress package is used by the daemon to write progress updates to
some sink, typically a streamformatter. This package is of little use to
API clients as this package does not provide any facilities to consume
the progress updates.
Co-authored-by: Cory Snider <csnider@mirantis.com>
Signed-off-by: Austin Vazquez <austin.vazquez@docker.com>
Move the streamformatter package up into the client for a temporary
shared location between common clients like CLI and compose.
The streamformatter package is used by the daemon to write streams of
status and progress messages to API clients. It is completely out of
scope of the api module and not used outside the daemon. Remove the
unused rawSteamFormatter, whose purpose is to render the progress as a
TUI.
Co-authored-by: Cory Snider <csnider@mirantis.com>
Signed-off-by: Austin Vazquez <austin.vazquez@docker.com>
This change moves the api/types/versions package out into client and daemon versions.
Co-authored-by: Claude <noreply@anthropic.com>
Signed-off-by: Austin Vazquez <austin.vazquez@docker.com>
