containerd · stefanberger · Aug 15, 2023 · Aug 15, 2023 · Aug 15, 2023
diff --git a/cmd/ctr/commands/commands.go b/cmd/ctr/commands/commands.go
@@ -37,6 +37,12 @@ var (
 		},
 	}
 
+	// SnapshotterLabels are cli flags specifying labels which will be add to the new snapshot for container.
+	SnapshotterLabels = cli.StringSliceFlag{
+		Name:  "snapshotter-label",
+		Usage: "labels added to the new snapshot for this container.",
+	}
+
 	// LabelFlag is a cli flag specifying labels
 	LabelFlag = cli.StringSliceFlag{
 		Name:  "label",
@@ -78,6 +84,14 @@ var (
 			Name:  "tlskey",
 			Usage: "path to TLS client key",
 		},
+		cli.BoolFlag{
+			Name:  "http-dump",
+			Usage: "dump all HTTP request/responses when interacting with container registry",
+		},
+		cli.BoolFlag{
+			Name:  "http-trace",
+			Usage: "enable HTTP tracing for registry interactions",
+		},
 	}
 
 	// ContainerFlags are cli flags specifying container options
@@ -92,19 +106,23 @@ var (
 		},
 		cli.StringSliceFlag{
 			Name:  "env",
-			Usage: "specify additional container environment variables (i.e. FOO=bar)",
+			Usage: "specify additional container environment variables (e.g. FOO=bar)",
 		},
 		cli.StringFlag{
 			Name:  "env-file",
-			Usage: "specify additional container environment variables in a file(i.e. FOO=bar, one per line)",
+			Usage: "specify additional container environment variables in a file(e.g. FOO=bar, one per line)",
 		},
 		cli.StringSliceFlag{
 			Name:  "label",
-			Usage: "specify additional labels (i.e. foo=bar)",
+			Usage: "specify additional labels (e.g. foo=bar)",
+		},
+		cli.StringSliceFlag{
+			Name:  "annotation",
+			Usage: "specify additional OCI annotations (e.g. foo=bar)",
 		},
 		cli.StringSliceFlag{
 			Name:  "mount",
-			Usage: "specify additional container mount (ex: type=bind,src=/tmp,dst=/host,options=rbind:ro)",
+			Usage: "specify additional container mount (e.g. type=bind,src=/tmp,dst=/host,options=rbind:ro)",
 		},
 		cli.BoolFlag{
 			Name:  "net-host",
@@ -139,7 +157,7 @@ var (
 			Name:  "pid-file",
 			Usage: "file path to write the task's pid",
 		},
-		cli.IntFlag{
+		cli.IntSliceFlag{
 			Name:  "gpus",
 			Usage: "add gpus to the container",
 		},
@@ -153,7 +171,15 @@ var (
 		},
 		cli.StringSliceFlag{
 			Name:  "device",
-			Usage: "add a device to a container",
+			Usage: "file path to a device to add to the container; or a path to a directory tree of devices to add to the container",
+		},
+		cli.StringSliceFlag{
+			Name:  "cap-add",
+			Usage: "add Linux capabilities (Set capabilities with 'CAP_' prefix)",
+		},
+		cli.StringSliceFlag{
+			Name:  "cap-drop",
+			Usage: "drop Linux capabilities (Set capabilities with 'CAP_' prefix)",
 		},
 		cli.BoolFlag{
 			Name:  "seccomp",
@@ -171,6 +197,10 @@ var (
 			Name:  "apparmor-profile",
 			Usage: "enable AppArmor with an existing custom profile",
 		},
+		cli.StringFlag{
+			Name:  "rdt-class",
+			Usage: "name of the RDT class to associate the container with. Specifies a Class of Service (CLOS) for cache and memory bandwidth management.",
+		},
 	}
 	// ImageDecryptionFlags are cli flags needed when decrypting an image
 	ImageDecryptionFlags = []cli.Flag{
@@ -217,6 +247,19 @@ func LabelArgs(labelStrings []string) map[string]string {
 	return labels
 }
 
+// AnnotationArgs returns a map of annotation key,value pairs.
+func AnnotationArgs(annoStrings []string) (map[string]string, error) {
+	annotations := make(map[string]string, len(annoStrings))
+	for _, anno := range annoStrings {
+		parts := strings.SplitN(anno, "=", 2)
+		if len(parts) != 2 {
+			return nil, fmt.Errorf("invalid key=value format annotation: %v", anno)
+		}
+		annotations[parts[0]] = parts[1]
+	}
+	return annotations, nil
+}
+
 // PrintAsJSON prints input in JSON format
 func PrintAsJSON(x interface{}) {
 	b, err := json.MarshalIndent(x, "", "    ")

diff --git a/cmd/ctr/commands/containers/checkpoint.go b/cmd/ctr/commands/containers/checkpoint.go
@@ -23,7 +23,6 @@ import (
 	"github.com/containerd/containerd"
 	"github.com/containerd/containerd/cmd/ctr/commands"
 	"github.com/containerd/containerd/errdefs"
-
 	"github.com/urfave/cli"
 )
 

diff --git a/cmd/ctr/commands/containers/containers.go b/cmd/ctr/commands/containers/containers.go
@@ -32,7 +32,6 @@ import (
 	"github.com/containerd/imgcrypt/cmd/ctr/commands/flags"
 	"github.com/containerd/imgcrypt/cmd/ctr/commands/run"
 	"github.com/containerd/typeurl"
-
 	"github.com/urfave/cli"
 )
 
@@ -150,7 +149,7 @@ var deleteCommand = cli.Command{
 	Name:      "delete",
 	Usage:     "delete one or more existing containers",
 	ArgsUsage: "[flags] CONTAINER [CONTAINER, ...]",
-	Aliases:   []string{"del", "rm"},
+	Aliases:   []string{"del", "remove", "rm"},
 	Flags: []cli.Flag{
 		cli.BoolFlag{
 			Name:  "keep-snapshot",
@@ -282,7 +281,7 @@ var infoCommand = cli.Command{
 			return nil
 		}
 
-		if info.Spec != nil && info.Spec.GetValue() != nil {
+		if info.Spec != nil && info.Spec.Value != nil {
 			v, err := typeurl.UnmarshalAny(info.Spec)
 			if err != nil {
 				return err

diff --git a/cmd/ctr/commands/containers/restore.go b/cmd/ctr/commands/containers/restore.go
@@ -23,7 +23,6 @@ import (
 	"github.com/containerd/containerd/cio"
 	"github.com/containerd/containerd/cmd/ctr/commands"
 	"github.com/containerd/containerd/errdefs"
-
 	"github.com/urfave/cli"
 )
 

diff --git a/cmd/ctr/commands/images/decrypt.go b/cmd/ctr/commands/images/decrypt.go
@@ -22,6 +22,7 @@ import (
 
 	"github.com/containerd/containerd/cmd/ctr/commands"
 	"github.com/containerd/imgcrypt/cmd/ctr/commands/flags"
+	"github.com/containerd/imgcrypt/cmd/ctr/commands/img"
 	imgenc "github.com/containerd/imgcrypt/images/encryption"
 	"github.com/containerd/imgcrypt/images/encryption/parsehelpers"
 
@@ -72,7 +73,7 @@ var decryptCommand = cli.Command{
 		}
 		defer cancel()
 
-		layers32 := commands.IntToInt32Array(context.IntSlice("layer"))
+		layers32 := img.IntToInt32Array(context.IntSlice("layer"))
 
 		_, descs, err := getImageLayerInfos(client, ctx, local, layers32, context.StringSlice("platform"))
 		if err != nil {

diff --git a/cmd/ctr/commands/images/encrypt.go b/cmd/ctr/commands/images/encrypt.go
@@ -22,6 +22,7 @@ import (
 
 	"github.com/containerd/containerd/cmd/ctr/commands"
 	"github.com/containerd/imgcrypt/cmd/ctr/commands/flags"
+	"github.com/containerd/imgcrypt/cmd/ctr/commands/img"
 	"github.com/containerd/imgcrypt/images/encryption/parsehelpers"
 
 	"github.com/urfave/cli"
@@ -85,7 +86,7 @@ var encryptCommand = cli.Command{
 			return errors.New("no recipients given -- nothing to do")
 		}
 
-		layers32 := commands.IntToInt32Array(context.IntSlice("layer"))
+		layers32 := img.IntToInt32Array(context.IntSlice("layer"))
 
 		_, descs, err := getImageLayerInfos(client, ctx, local, layers32, context.StringSlice("platform"))
 		if err != nil {

diff --git a/cmd/ctr/commands/images/export.go b/cmd/ctr/commands/images/export.go
@@ -25,7 +25,6 @@ import (
 	"github.com/containerd/containerd/cmd/ctr/commands"
 	"github.com/containerd/containerd/images/archive"
 	"github.com/containerd/containerd/platforms"
-
 	ocispec "github.com/opencontainers/image-spec/specs-go/v1"
 	"github.com/urfave/cli"
 )
@@ -81,7 +80,7 @@ When '--all-platforms' is given all images in a manifest list must be available.
 			}
 			exportOpts = append(exportOpts, archive.WithPlatform(platforms.Ordered(all...)))
 		} else {
-			exportOpts = append(exportOpts, archive.WithPlatform(platforms.Default()))
+			exportOpts = append(exportOpts, archive.WithPlatform(platforms.DefaultStrict()))
 		}
 
 		if context.Bool("all-platforms") {

diff --git a/cmd/ctr/commands/images/images.go b/cmd/ctr/commands/images/images.go
@@ -30,7 +30,6 @@ import (
 	"github.com/containerd/containerd/log"
 	"github.com/containerd/containerd/pkg/progress"
 	"github.com/containerd/containerd/platforms"
-
 	"github.com/urfave/cli"
 )
 
@@ -202,37 +201,50 @@ var setLabelsCommand = cli.Command{
 
 var checkCommand = cli.Command{
 	Name:        "check",
-	Usage:       "check that an image has all content available locally",
+	Usage:       "check existing images to ensure all content is available locally",
 	ArgsUsage:   "[flags] [<filter>, ...]",
-	Description: "check that an image has all content available locally",
-	Flags:       commands.SnapshotterFlags,
+	Description: "check existing images to ensure all content is available locally",
+	Flags: append([]cli.Flag{
+		cli.BoolFlag{
+			Name:  "quiet, q",
+			Usage: "print only the ready image refs (fully downloaded and unpacked)",
+		},
+	}, commands.SnapshotterFlags...),
 	Action: func(context *cli.Context) error {
 		var (
 			exitErr error
+			quiet   = context.Bool("quiet")
 		)
 		client, ctx, cancel, err := commands.NewClient(context)
 		if err != nil {
 			return err
 		}
 		defer cancel()
-		var (
-			contentStore = client.ContentStore()
-			tw           = tabwriter.NewWriter(os.Stdout, 1, 8, 1, ' ', 0)
-		)
-		fmt.Fprintln(tw, "REF\tTYPE\tDIGEST\tSTATUS\tSIZE\tUNPACKED\t")
+
+		var contentStore = client.ContentStore()
 
 		args := []string(context.Args())
 		imageList, err := client.ListImages(ctx, args...)
 		if err != nil {
 			return fmt.Errorf("failed listing images: %w", err)
 		}
+		if len(imageList) == 0 {
+			log.G(ctx).Debugf("no images found")
+			return exitErr
+		}
+
+		var tw = tabwriter.NewWriter(os.Stdout, 1, 8, 1, ' ', 0)
+		if !quiet {
+			fmt.Fprintln(tw, "REF\tTYPE\tDIGEST\tSTATUS\tSIZE\tUNPACKED\t")
+		}
 
 		for _, image := range imageList {
 			var (
 				status       string = "complete"
 				size         string
 				requiredSize int64
 				presentSize  int64
+				complete     bool = true
 			)
 
 			available, required, present, missing, err := images.Check(ctx, contentStore, image.Target(), platforms.Default())
@@ -242,6 +254,7 @@ var checkCommand = cli.Command{
 				}
 				log.G(ctx).WithError(err).Errorf("unable to check %v", image.Name())
 				status = "error"
+				complete = false
 			}
 
 			if status != "error" {
@@ -255,6 +268,7 @@ var checkCommand = cli.Command{
 
 				if len(missing) > 0 {
 					status = "incomplete"
+					complete = false
 				}
 
 				if available {
@@ -263,6 +277,7 @@ var checkCommand = cli.Command{
 				} else {
 					status = fmt.Sprintf("unavailable (%v/?)", len(present))
 					size = fmt.Sprintf("%v/?", progress.Bytes(presentSize))
+					complete = false
 				}
 			} else {
 				size = "-"
@@ -276,23 +291,30 @@ var checkCommand = cli.Command{
 				log.G(ctx).WithError(err).Errorf("unable to check unpack for %v", image.Name())
 			}
 
-			fmt.Fprintf(tw, "%v\t%v\t%v\t%v\t%v\t%t\n",
-				image.Name(),
-				image.Target().MediaType,
-				image.Target().Digest,
-				status,
-				size,
-				unpacked)
+			if !quiet {
+				fmt.Fprintf(tw, "%v\t%v\t%v\t%v\t%v\t%t\n",
+					image.Name(),
+					image.Target().MediaType,
+					image.Target().Digest,
+					status,
+					size,
+					unpacked)
+			} else {
+				if complete {
+					fmt.Println(image.Name())
+				}
+			}
+		}
+		if !quiet {
+			tw.Flush()
 		}
-		tw.Flush()
-
 		return exitErr
 	},
 }
 
 var removeCommand = cli.Command{
-	Name:        "remove",
-	Aliases:     []string{"rm"},
+	Name:        "delete",
+	Aliases:     []string{"del", "remove", "rm"},
 	Usage:       "remove one or more images by reference",
 	ArgsUsage:   "[flags] <ref> [<ref>, ...]",
 	Description: "remove one or more images by reference",

diff --git a/cmd/ctr/commands/images/import.go b/cmd/ctr/commands/images/import.go
@@ -97,9 +97,9 @@ decrypting the image later on.
 
 	Action: func(context *cli.Context) error {
 		var (
-			in             = context.Args().First()
-			opts           []containerd.ImportOpt
-			platformMacher platforms.MatchComparer
+			in              = context.Args().First()
+			opts            []containerd.ImportOpt
+			platformMatcher platforms.MatchComparer
 		)
 
 		prefix := context.String("base-name")
@@ -134,8 +134,8 @@ decrypting the image later on.
 			if err != nil {
 				return err
 			}
-			platformMacher = platforms.Only(platSpec)
-			opts = append(opts, containerd.WithImportPlatform(platformMacher))
+			platformMatcher = platforms.OnlyStrict(platSpec)
+			opts = append(opts, containerd.WithImportPlatform(platformMatcher))
 		}
 
 		opts = append(opts, containerd.WithAllPlatforms(context.Bool("all-platforms")))
@@ -177,10 +177,10 @@ decrypting the image later on.
 			log.G(ctx).Debugf("unpacking %d images", len(imgs))
 
 			for _, img := range imgs {
-				if platformMacher == nil { // if platform not specified use default.
-					platformMacher = platforms.Default()
+				if platformMatcher == nil { // if platform not specified use default.
+					platformMatcher = platforms.Default()
 				}
-				image := containerd.NewImageWithPlatform(client, img, platformMacher)
+				image := containerd.NewImageWithPlatform(client, img, platformMatcher)
 
 				// TODO: Show unpack status
 				fmt.Printf("unpacking %s (%s)...", img.Name, img.Target.Digest)

diff --git a/cmd/ctr/commands/images/layerinfo.go b/cmd/ctr/commands/images/layerinfo.go
@@ -26,6 +26,7 @@ import (
 
 	"github.com/containerd/containerd/cmd/ctr/commands"
 	"github.com/containerd/containerd/platforms"
+	"github.com/containerd/imgcrypt/cmd/ctr/commands/img"
 	"github.com/containerd/imgcrypt/images/encryption/parsehelpers"
 	"github.com/containers/ocicrypt"
 
@@ -72,7 +73,7 @@ var layerinfoCommand = cli.Command{
 		}
 		defer cancel()
 
-		layers32 := commands.IntToInt32Array(context.IntSlice("layer"))
+		layers32 := img.IntToInt32Array(context.IntSlice("layer"))
 
 		LayerInfos, _, err := getImageLayerInfos(client, ctx, local, layers32, context.StringSlice("platform"))
 		if err != nil {