Add containerd & gVisor support
This adds containerd, CNI, gVisor and all the necessary shims
and supporting infrastructure. It also enables all relevant features in
the Linux kernel. containerd is designed as a simple supervisor.Runnable.
It is not being started yet, this will happen in D497.
Split out from feature/kubelet.
Test Plan:
Has been tested in conjunction with the rest of D497, will be
covered by a K8s E2E test there.
X-Origin-Diff: phab/D509
GitOrigin-RevId: 92523516b7e361a30da330eb187787e6045bfd17
diff --git a/third_party/go/gazelle-deps.sh b/third_party/go/gazelle-deps.sh
index 4ae30ed..f5e9816 100755
--- a/third_party/go/gazelle-deps.sh
+++ b/third_party/go/gazelle-deps.sh
@@ -108,7 +108,35 @@
],
patch_args = ["-p1"],
)
+ go_repository(
+ name = "com_github_google_gvisor_containerd_shim",
+ importpath = "github.com/google/gvisor-containerd-shim",
+ sum = "h1:RdBNQHpoQ3ekzfXYIV4+nQJ3a2xLnIHuZJkM40OEtyA=",
+ version = "v0.0.4",
+ patches = [
+ "//third_party/go/patches:gvisor-containerd-shim.patch",
+ "//third_party/go/patches:gvisor-containerd-shim-build.patch",
+ # Patches below are being upstreamed
+ "//third_party/go/patches:gvisor-containerd-shim-nogo.patch",
+ "//third_party/go/patches:gvisor-shim-root.patch",
+ ],
+ patch_args = ["-p1"],
+ )
+ # containerd, Not an actual release, pinned to commit 8e685f78cf66e2901b2fbed2fdddd64449a74ab9 that has support for the required build tags.
+ # Also patched for pure mode and some other issues
+ go_repository(
+ name = "com_github_containerd_containerd",
+ build_file_proto_mode = "disable",
+ build_tags = ["no_zfs", "no_aufs", "no_devicemapper", "no_btrfs"],
+ importpath = "github.com/containerd/containerd",
+ sum = "h1:IeFaEbvx6mQe9K1cXG2K7zynPwge3YUrQlLTyiNiveU=",
+ version = "v1.3.1-0.20200218165203-8e685f78cf66",
+ patches = [
+ "//third_party/go/patches:containerd-build.patch",
+ ],
+ patch_args = ["-p1"],
+ )
EOF
diff --git a/third_party/go/patches/containerd-build.patch b/third_party/go/patches/containerd-build.patch
new file mode 100644
index 0000000..6a0fcc2
--- /dev/null
+++ b/third_party/go/patches/containerd-build.patch
@@ -0,0 +1,37 @@
+Copyright 2020 The Monogon Project Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+
+diff --git a/cmd/containerd-shim-runc-v2/BUILD.bazel b/cmd/containerd-shim-runc-v2/BUILD.bazel
+index 516b165..728b4dd 100644
+--- a/cmd/containerd-shim-runc-v2/BUILD.bazel
++++ b/cmd/containerd-shim-runc-v2/BUILD.bazel
+@@ -21,5 +21,6 @@ go_library(
+ go_binary(
+ name = "containerd-shim-runc-v2",
+ embed = [":go_default_library"],
++ pure = "on",
+ visibility = ["//visibility:public"],
+ )
+diff --git a/cmd/containerd/BUILD.bazel b/cmd/containerd/BUILD.bazel
+index 8eed766..9d95be6 100644
+--- a/cmd/containerd/BUILD.bazel
++++ b/cmd/containerd/BUILD.bazel
+@@ -81,5 +81,6 @@ go_library(
+ go_binary(
+ name = "containerd",
+ embed = [":go_default_library"],
++ pure = "on",
+ visibility = ["//visibility:public"],
+ )
diff --git a/third_party/go/patches/gvisor-containerd-shim-build.patch b/third_party/go/patches/gvisor-containerd-shim-build.patch
new file mode 100644
index 0000000..e221fe8
--- /dev/null
+++ b/third_party/go/patches/gvisor-containerd-shim-build.patch
@@ -0,0 +1,145 @@
+Copyright 2020 The Monogon Project Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+
+From d92dc4195d4de5149e7e55890fa856837a35217e Mon Sep 17 00:00:00 2001
+From: Lorenz Brun <lorenz@brun.one>
+Date: Mon, 4 May 2020 15:33:40 +0200
+Subject: [PATCH] Reflect code patches in Bazel and build pure
+
+---
+ cmd/containerd-shim-runsc-v1/BUILD.bazel | 1 +
+ cmd/gvisor-containerd-shim/BUILD.bazel | 4 ++--
+ pkg/v1/proc/BUILD.bazel | 3 ++-
+ pkg/v1/shim/BUILD.bazel | 5 +++--
+ pkg/v2/BUILD.bazel | 14 ++++++++------
+ 5 files changed, 16 insertions(+), 11 deletions(-)
+
+diff --git a/cmd/containerd-shim-runsc-v1/BUILD.bazel b/cmd/containerd-shim-runsc-v1/BUILD.bazel
+index 8fb6a86..d58f069 100644
+--- a/cmd/containerd-shim-runsc-v1/BUILD.bazel
++++ b/cmd/containerd-shim-runsc-v1/BUILD.bazel
+@@ -14,5 +14,6 @@ go_library(
+ go_binary(
+ name = "containerd-shim-runsc-v1",
+ embed = [":go_default_library"],
++ pure = "on",
+ visibility = ["//visibility:public"],
+ )
+diff --git a/cmd/gvisor-containerd-shim/BUILD.bazel b/cmd/gvisor-containerd-shim/BUILD.bazel
+index 8478746..f6a6fa2 100644
+--- a/cmd/gvisor-containerd-shim/BUILD.bazel
++++ b/cmd/gvisor-containerd-shim/BUILD.bazel
+@@ -14,9 +14,9 @@ go_library(
+ "@com_github_burntsushi_toml//:go_default_library",
+ "@com_github_containerd_containerd//events:go_default_library",
+ "@com_github_containerd_containerd//namespaces:go_default_library",
+- "@com_github_containerd_containerd//runtime/v1/linux/proc:go_default_library",
+- "@com_github_containerd_containerd//runtime/v1/shim:go_default_library",
++ "@com_github_containerd_containerd//pkg/process:go_default_library",
+ "@com_github_containerd_containerd//runtime/v1/shim/v1:go_default_library",
++ "@com_github_containerd_containerd//sys/reaper:go_default_library",
+ "@com_github_containerd_ttrpc//:go_default_library",
+ "@com_github_containerd_typeurl//:go_default_library",
+ "@com_github_gogo_protobuf//types:go_default_library",
+diff --git a/pkg/v1/proc/BUILD.bazel b/pkg/v1/proc/BUILD.bazel
+index 8ef457c..1bf9228 100644
+--- a/pkg/v1/proc/BUILD.bazel
++++ b/pkg/v1/proc/BUILD.bazel
+@@ -21,7 +21,8 @@ go_library(
+ "@com_github_containerd_containerd//errdefs:go_default_library",
+ "@com_github_containerd_containerd//log:go_default_library",
+ "@com_github_containerd_containerd//mount:go_default_library",
+- "@com_github_containerd_containerd//runtime/proc:go_default_library",
++ "@com_github_containerd_containerd//pkg/process:go_default_library",
++ "@com_github_containerd_containerd//pkg/stdio:go_default_library",
+ "@com_github_containerd_fifo//:go_default_library",
+ "@com_github_containerd_go_runc//:go_default_library",
+ "@com_github_gogo_protobuf//types:go_default_library",
+diff --git a/pkg/v1/shim/BUILD.bazel b/pkg/v1/shim/BUILD.bazel
+index a5d83c4..2129cd8 100644
+--- a/pkg/v1/shim/BUILD.bazel
++++ b/pkg/v1/shim/BUILD.bazel
+@@ -20,11 +20,12 @@ go_library(
+ "@com_github_containerd_containerd//log:go_default_library",
+ "@com_github_containerd_containerd//mount:go_default_library",
+ "@com_github_containerd_containerd//namespaces:go_default_library",
++ "@com_github_containerd_containerd//pkg/process:go_default_library",
++ "@com_github_containerd_containerd//pkg/stdio:go_default_library",
+ "@com_github_containerd_containerd//runtime:go_default_library",
+ "@com_github_containerd_containerd//runtime/linux/runctypes:go_default_library",
+- "@com_github_containerd_containerd//runtime/proc:go_default_library",
+- "@com_github_containerd_containerd//runtime/v1/shim:go_default_library",
+ "@com_github_containerd_containerd//runtime/v1/shim/v1:go_default_library",
++ "@com_github_containerd_containerd//sys/reaper:go_default_library",
+ "@com_github_containerd_fifo//:go_default_library",
+ "@com_github_containerd_typeurl//:go_default_library",
+ "@com_github_gogo_protobuf//types:go_default_library",
+diff --git a/pkg/v2/BUILD.bazel b/pkg/v2/BUILD.bazel
+index a7a6abb..d61b785 100644
+--- a/pkg/v2/BUILD.bazel
++++ b/pkg/v2/BUILD.bazel
+@@ -16,20 +16,21 @@ go_library(
+ "//pkg/v1/utils:go_default_library",
+ "//pkg/v2/options:go_default_library",
+ "@com_github_burntsushi_toml//:go_default_library",
+- "@com_github_containerd_cgroups//:go_default_library",
++ "@com_github_containerd_cgroups//stats/v1:go_default_library",
+ "@com_github_containerd_console//:go_default_library",
+ "@com_github_containerd_containerd//api/events:go_default_library",
+ "@com_github_containerd_containerd//api/types/task:go_default_library",
+ "@com_github_containerd_containerd//errdefs:go_default_library",
+- "@com_github_containerd_containerd//events:go_default_library",
+ "@com_github_containerd_containerd//log:go_default_library",
+ "@com_github_containerd_containerd//mount:go_default_library",
+ "@com_github_containerd_containerd//namespaces:go_default_library",
++ "@com_github_containerd_containerd//pkg/process:go_default_library",
++ "@com_github_containerd_containerd//pkg/stdio:go_default_library",
+ "@com_github_containerd_containerd//runtime:go_default_library",
+ "@com_github_containerd_containerd//runtime/linux/runctypes:go_default_library",
+- "@com_github_containerd_containerd//runtime/proc:go_default_library",
+ "@com_github_containerd_containerd//runtime/v2/shim:go_default_library",
+ "@com_github_containerd_containerd//runtime/v2/task:go_default_library",
++ "@com_github_containerd_containerd//sys/reaper:go_default_library",
+ "@com_github_containerd_cri//pkg/api/runtimeoptions/v1:go_default_library",
+ "@com_github_containerd_fifo//:go_default_library",
+ "@com_github_containerd_typeurl//:go_default_library",
+@@ -44,20 +45,21 @@ go_library(
+ "//pkg/v1/utils:go_default_library",
+ "//pkg/v2/options:go_default_library",
+ "@com_github_burntsushi_toml//:go_default_library",
+- "@com_github_containerd_cgroups//:go_default_library",
++ "@com_github_containerd_cgroups//stats/v1:go_default_library",
+ "@com_github_containerd_console//:go_default_library",
+ "@com_github_containerd_containerd//api/events:go_default_library",
+ "@com_github_containerd_containerd//api/types/task:go_default_library",
+ "@com_github_containerd_containerd//errdefs:go_default_library",
+- "@com_github_containerd_containerd//events:go_default_library",
+ "@com_github_containerd_containerd//log:go_default_library",
+ "@com_github_containerd_containerd//mount:go_default_library",
+ "@com_github_containerd_containerd//namespaces:go_default_library",
++ "@com_github_containerd_containerd//pkg/process:go_default_library",
++ "@com_github_containerd_containerd//pkg/stdio:go_default_library",
+ "@com_github_containerd_containerd//runtime:go_default_library",
+ "@com_github_containerd_containerd//runtime/linux/runctypes:go_default_library",
+- "@com_github_containerd_containerd//runtime/proc:go_default_library",
+ "@com_github_containerd_containerd//runtime/v2/shim:go_default_library",
+ "@com_github_containerd_containerd//runtime/v2/task:go_default_library",
++ "@com_github_containerd_containerd//sys/reaper:go_default_library",
+ "@com_github_containerd_cri//pkg/api/runtimeoptions/v1:go_default_library",
+ "@com_github_containerd_fifo//:go_default_library",
+ "@com_github_containerd_typeurl//:go_default_library",
+--
+2.25.1
+
diff --git a/third_party/go/patches/gvisor-containerd-shim-nogo.patch b/third_party/go/patches/gvisor-containerd-shim-nogo.patch
new file mode 100644
index 0000000..73da277
--- /dev/null
+++ b/third_party/go/patches/gvisor-containerd-shim-nogo.patch
@@ -0,0 +1,46 @@
+Copyright 2020 The Monogon Project Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+
+From d926d6f44be46c7dbc932247c0cd3daf6a34586f Mon Sep 17 00:00:00 2001
+From: Lorenz Brun <lorenz@brun.one>
+Date: Mon, 4 May 2020 15:16:58 +0200
+Subject: [PATCH] Remove unreachable code
+
+Going upstream as https://github.com/google/gvisor-containerd-shim/pull/59
+
+---
+ pkg/v1/proc/deleted_state.go | 2 --
+ 1 file changed, 2 deletions(-)
+
+diff --git a/pkg/v1/proc/deleted_state.go b/pkg/v1/proc/deleted_state.go
+index 95b4406..b023384 100644
+--- a/pkg/v1/proc/deleted_state.go
++++ b/pkg/v1/proc/deleted_state.go
+@@ -38,12 +38,10 @@ func (s *deletedState) Start(ctx context.Context) error {
+ }
+
+ func (s *deletedState) Delete(ctx context.Context) error {
+- return errors.Errorf("cannot delete a deleted process")
+ return errors.Wrap(errdefs.ErrNotFound, "cannot delete a deleted process")
+ }
+
+ func (s *deletedState) Kill(ctx context.Context, sig uint32, all bool) error {
+- return errors.Errorf("cannot kill a deleted process")
+ return errors.Wrap(errdefs.ErrNotFound, "cannot kill a deleted process")
+ }
+
+--
+2.25.1
+
diff --git a/third_party/go/patches/gvisor-containerd-shim.patch b/third_party/go/patches/gvisor-containerd-shim.patch
new file mode 100644
index 0000000..124e1d3
--- /dev/null
+++ b/third_party/go/patches/gvisor-containerd-shim.patch
@@ -0,0 +1,895 @@
+Copyright 2020 The Monogon Project Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+
+From 0d5bed5d74a0f852a7c61db6f5f2c0a61c9fa84c Mon Sep 17 00:00:00 2001
+From: Ian Lewis <ianlewis@google.com>
+Date: Thu, 16 Apr 2020 02:38:33 -0400
+Subject: [PATCH] Update to containerd 1.3.4
+
+---
+ cmd/gvisor-containerd-shim/main.go | 15 +--
+ go.mod | 52 ++++----
+ go.sum | 208 +++++++++++++++++++++++++++++
+ pkg/v1/proc/deleted_state.go | 4 +-
+ pkg/v1/proc/exec.go | 8 +-
+ pkg/v1/proc/init.go | 21 +--
+ pkg/v1/proc/init_state.go | 10 +-
+ pkg/v1/shim/platform.go | 4 +-
+ pkg/v1/shim/service.go | 13 +-
+ pkg/v2/service.go | 47 ++++---
+ pkg/v2/service_linux.go | 4 +-
+ 11 files changed, 302 insertions(+), 84 deletions(-)
+
+diff --git a/cmd/gvisor-containerd-shim/main.go b/cmd/gvisor-containerd-shim/main.go
+index ea26aa1..a9c6a9f 100644
+--- a/cmd/gvisor-containerd-shim/main.go
++++ b/cmd/gvisor-containerd-shim/main.go
+@@ -36,9 +36,9 @@ import (
+
+ "github.com/containerd/containerd/events"
+ "github.com/containerd/containerd/namespaces"
+- "github.com/containerd/containerd/runtime/v1/linux/proc"
+- containerdshim "github.com/containerd/containerd/runtime/v1/shim"
++ "github.com/containerd/containerd/pkg/process"
+ shimapi "github.com/containerd/containerd/runtime/v1/shim/v1"
++ "github.com/containerd/containerd/sys/reaper"
+ "github.com/containerd/ttrpc"
+ "github.com/containerd/typeurl"
+ ptypes "github.com/gogo/protobuf/types"
+@@ -73,7 +73,7 @@ func init() {
+ flag.StringVar(&workdirFlag, "workdir", "", "path used to storge large temporary data")
+ // Containerd default to runc, unless another runtime is explicitly specified.
+ // We keep the same default to make the default behavior consistent.
+- flag.StringVar(&runtimeRootFlag, "runtime-root", proc.RuncRoot, "root directory for the runtime")
++ flag.StringVar(&runtimeRootFlag, "runtime-root", process.RuncRoot, "root directory for the runtime")
+ // currently, the `containerd publish` utility is embedded in the daemon binary.
+ // The daemon invokes `containerd-shim -containerd-binary ...` with its own os.Executable() path.
+ flag.StringVar(&containerdBinaryFlag, "containerd-binary", "containerd", "path to containerd binary (used for `containerd publish`)")
+@@ -229,8 +229,7 @@ func setupSignals() (chan os.Signal, error) {
+ signal.Notify(signals, unix.SIGTERM, unix.SIGINT, unix.SIGCHLD, unix.SIGPIPE)
+ // make sure runc is setup to use the monitor
+ // for waiting on processes
+- // TODO(random-liu): Move shim/reaper.go to a separate package.
+- runsc.Monitor = containerdshim.Default
++ runsc.Monitor = reaper.Default
+ // set the shim as the subreaper for all orphaned processes created by the container
+ if err := system.SetSubreaper(1); err != nil {
+ return nil, err
+@@ -251,7 +250,7 @@ func handleSignals(logger *logrus.Entry, signals chan os.Signal, server *ttrpc.S
+ case s := <-signals:
+ switch s {
+ case unix.SIGCHLD:
+- if err := containerdshim.Reap(); err != nil {
++ if err := reaper.Reap(); err != nil {
+ logger.WithError(err).Error("reap exit status")
+ }
+ case unix.SIGTERM, unix.SIGINT:
+@@ -305,11 +304,11 @@ func (l *remoteEventsPublisher) Publish(ctx context.Context, topic string, event
+ }
+ cmd := exec.CommandContext(ctx, containerdBinaryFlag, "--address", l.address, "publish", "--topic", topic, "--namespace", ns)
+ cmd.Stdin = bytes.NewReader(data)
+- c, err := containerdshim.Default.Start(cmd)
++ c, err := reaper.Default.Start(cmd)
+ if err != nil {
+ return err
+ }
+- status, err := containerdshim.Default.Wait(cmd, c)
++ status, err := reaper.Default.Wait(cmd, c)
+ if err != nil {
+ return err
+ }
+diff --git a/go.mod b/go.mod
+index f15f829..5ae0d2e 100644
+--- a/go.mod
++++ b/go.mod
+@@ -1,35 +1,37 @@
+ module github.com/google/gvisor-containerd-shim
+
+-go 1.12
++go 1.14
+
+ require (
+- github.com/BurntSushi/toml v0.3.0
+- github.com/Microsoft/go-winio v0.4.14 // indirect
+- github.com/Microsoft/hcsshim v0.8.6 // indirect
+- github.com/containerd/cgroups v0.0.0-20190328223300-4994991857f9
++ github.com/BurntSushi/toml v0.3.1
++ github.com/Microsoft/hcsshim v0.8.7 // indirect
++ github.com/containerd/cgroups v0.0.0-20200407151229-7fc7a507c04c
+ github.com/containerd/console v0.0.0-20180822173158-c12b1e7919c1
+- github.com/containerd/containerd v0.0.0-20190510190154-d0319ec44af6
+- github.com/containerd/continuity v0.0.0-20190815185530-f2a389ac0a02 // indirect
++ github.com/containerd/containerd v1.3.4
++ github.com/containerd/continuity v0.0.0-20200413184840-d3ef23f19fbb // indirect
+ github.com/containerd/cri v0.0.0-20190308093238-8a0bd84b9a4c
+- github.com/containerd/fifo v0.0.0-20180307165137-3d5202aec260
++ github.com/containerd/fifo v0.0.0-20200410184934-f15a3290365b
+ github.com/containerd/go-runc v0.0.0-20180907222934-5a6d9f37cfa3
+- github.com/containerd/ttrpc v0.0.0-20190411181408-699c4e40d1e7
+- github.com/containerd/typeurl v0.0.0-20180627222232-a93fcdb778cd
+- github.com/coreos/go-systemd v0.0.0-20161114122254-48702e0da86b // indirect
+- github.com/docker/go-units v0.3.1 // indirect
+- github.com/godbus/dbus v0.0.0-20151105175453-c7fdd8b5cd55 // indirect
+- github.com/gogo/protobuf v1.0.0
+- github.com/golang/protobuf v1.1.0 // indirect
+- github.com/google/go-cmp v0.3.1 // indirect
+- github.com/opencontainers/go-digest v0.0.0-20180430190053-c9281466c8b2 // indirect
++ github.com/containerd/ttrpc v1.0.0
++ github.com/containerd/typeurl v1.0.0
++ github.com/docker/distribution v2.7.1+incompatible // indirect
++ github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c // indirect
++ github.com/gogo/googleapis v1.3.2 // indirect
++ github.com/gogo/protobuf v1.3.1
++ github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e // indirect
++ github.com/golang/protobuf v1.4.0 // indirect
++ github.com/hashicorp/golang-lru v0.5.4 // indirect
++ github.com/opencontainers/image-spec v1.0.1 // indirect
+ github.com/opencontainers/runc v1.0.0-rc8
+- github.com/opencontainers/runtime-spec v0.0.0-20180909173843-eba862dc2470
+- github.com/pkg/errors v0.8.1
+- github.com/sirupsen/logrus v1.4.1
+- golang.org/x/net v0.0.0-20170716174642-b3756b4b77d7 // indirect
+- golang.org/x/sync v0.0.0-20190423024810-112230192c58 // indirect
+- golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b
+- google.golang.org/genproto v0.0.0-20170523043604-d80a6e20e776 // indirect
+- google.golang.org/grpc v1.12.0
++ github.com/opencontainers/runtime-spec v1.0.2
++ github.com/pkg/errors v0.9.1
++ github.com/sirupsen/logrus v1.5.0
++ github.com/syndtr/gocapability v0.0.0-20180916011248-d98352740cb2 // indirect
++ go.opencensus.io v0.22.3 // indirect
++ golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e // indirect
++ golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a // indirect
++ golang.org/x/sys v0.0.0-20200413165638-669c56c373c4
++ google.golang.org/genproto v0.0.0-20200413115906-b5235f65be36 // indirect
++ google.golang.org/grpc v1.28.1
+ gotest.tools v2.2.0+incompatible // indirect
+ )
+diff --git a/go.sum b/go.sum
+index 93f2f1d..2fa699d 100644
+--- a/go.sum
++++ b/go.sum
+@@ -1,67 +1,275 @@
++bazil.org/fuse v0.0.0-20160811212531-371fbbdaa898/go.mod h1:Xbm+BRKSBEpa4q4hTSxohYNQpsxXPbPry4JJWOB3LB8=
++cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
+ github.com/BurntSushi/toml v0.3.0 h1:e1/Ivsx3Z0FVTV0NSOv/aVgbUWyQuzj7DDnFblkRvsY=
+ github.com/BurntSushi/toml v0.3.0/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
++github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ=
++github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
+ github.com/Microsoft/go-winio v0.4.14 h1:+hMXMk01us9KgxGb7ftKQt2Xpf5hH/yky+TDA+qxleU=
+ github.com/Microsoft/go-winio v0.4.14/go.mod h1:qXqCSQ3Xa7+6tgxaGTIe4Kpcdsi+P8jBhyzoq1bpyYA=
++github.com/Microsoft/go-winio v0.4.15-0.20190919025122-fc70bd9a86b5 h1:ygIc8M6trr62pF5DucadTWGdEB4mEyvzi0e2nbcmcyA=
++github.com/Microsoft/go-winio v0.4.15-0.20190919025122-fc70bd9a86b5/go.mod h1:tTuCMEN+UleMWgg9dVx4Hu52b1bJo+59jBh3ajtinzw=
+ github.com/Microsoft/hcsshim v0.8.6 h1:ZfF0+zZeYdzMIVMZHKtDKJvLHj76XCuVae/jNkjj0IA=
+ github.com/Microsoft/hcsshim v0.8.6/go.mod h1:Op3hHsoHPAvb6lceZHDtd9OkTew38wNoXnJs8iY7rUg=
++github.com/Microsoft/hcsshim v0.8.7 h1:ptnOoufxGSzauVTsdE+wMYnCWA301PdoN4xg5oRdZpg=
++github.com/Microsoft/hcsshim v0.8.7/go.mod h1:OHd7sQqRFrYd3RmSgbgji+ctCwkbq2wbEYNSzOYtcBQ=
++github.com/blang/semver v3.1.0+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk=
++github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
++github.com/cilium/ebpf v0.0.0-20200110133405-4032b1d8aae3/go.mod h1:MA5e5Lr8slmEg9bt0VpxxWqJlO4iwu3FBdHUzV7wQVg=
++github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
++github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
+ github.com/containerd/cgroups v0.0.0-20190328223300-4994991857f9 h1:LmZz7ns2YaWWJ6m17esVvIMNOfKcw+f/sCneqxKawB4=
+ github.com/containerd/cgroups v0.0.0-20190328223300-4994991857f9/go.mod h1:X9rLEHIqSf/wfK8NsPqxJmeZgW4pcfzdXITDrUSJ6uI=
++github.com/containerd/cgroups v0.0.0-20190919134610-bf292b21730f h1:tSNMc+rJDfmYntojat8lljbt1mgKNpTxUZJsSzJ9Y1s=
++github.com/containerd/cgroups v0.0.0-20190919134610-bf292b21730f/go.mod h1:OApqhQ4XNSNC13gXIwDjhOQxjWa/NxkwZXJ1EvqT0ko=
++github.com/containerd/cgroups v0.0.0-20200407151229-7fc7a507c04c h1:BRbZO594sFDSfkqApcikeNRjePj+rJNoh4waZgefcEE=
++github.com/containerd/cgroups v0.0.0-20200407151229-7fc7a507c04c/go.mod h1:pA0z1pT8KYB3TCXK/ocprsh7MAkoW8bZVzPdih9snmM=
+ github.com/containerd/console v0.0.0-20180822173158-c12b1e7919c1 h1:uict5mhHFTzKLUCufdSLym7z/J0CbBJT59lYbP9wtbg=
+ github.com/containerd/console v0.0.0-20180822173158-c12b1e7919c1/go.mod h1:Tj/on1eG8kiEhd0+fhSDzsPAFESxzBBvdyEgyryXffw=
+ github.com/containerd/containerd v0.0.0-20190510190154-d0319ec44af6 h1:BmZa1bGjKctYrIbyjbhZJlGvHceJASpdW5pIDSQcw1E=
+ github.com/containerd/containerd v0.0.0-20190510190154-d0319ec44af6/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
++github.com/containerd/containerd v1.3.0-beta.2.0.20190828155532-0293cbd26c69/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
++github.com/containerd/containerd v1.3.4 h1:3o0smo5SKY7H6AJCmJhsnCjR2/V2T8VmiHt7seN2/kI=
++github.com/containerd/containerd v1.3.4/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
++github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
+ github.com/containerd/continuity v0.0.0-20190815185530-f2a389ac0a02 h1:tN9D97v5A5QuKdcKHKt+UMKrkQ5YXUnD8iM7IAAjEfI=
+ github.com/containerd/continuity v0.0.0-20190815185530-f2a389ac0a02/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
++github.com/containerd/continuity v0.0.0-20200413184840-d3ef23f19fbb h1:nXPkFq8X1a9ycY3GYQpFNxHh3j2JgY7zDZfq2EXMIzk=
++github.com/containerd/continuity v0.0.0-20200413184840-d3ef23f19fbb/go.mod h1:Dq467ZllaHgAtVp4p1xUQWBrFXR9s/wyoTpG8zOJGkY=
+ github.com/containerd/cri v0.0.0-20190308093238-8a0bd84b9a4c h1:+bW7GQb2q32/Liy0ZiR6pkpRXdDHShUXRoWg8OGVWZs=
+ github.com/containerd/cri v0.0.0-20190308093238-8a0bd84b9a4c/go.mod h1:DavH5Qa8+6jOmeOMO3dhWoqksucZDe06LfuhBz/xPZs=
+ github.com/containerd/fifo v0.0.0-20180307165137-3d5202aec260 h1:XGyg7oTtD0DoRFhbpV6x1WfV0flKC4UxXU7ab1zC08U=
+ github.com/containerd/fifo v0.0.0-20180307165137-3d5202aec260/go.mod h1:ODA38xgv3Kuk8dQz2ZQXpnv/UZZUHUCL7pnLehbXgQI=
++github.com/containerd/fifo v0.0.0-20190226154929-a9fb20d87448/go.mod h1:ODA38xgv3Kuk8dQz2ZQXpnv/UZZUHUCL7pnLehbXgQI=
++github.com/containerd/fifo v0.0.0-20200410184934-f15a3290365b h1:qUtCegLdOUVfVJOw+KDg6eJyE1TGvLlkGEd1091kSSQ=
++github.com/containerd/fifo v0.0.0-20200410184934-f15a3290365b/go.mod h1:jPQ2IAeZRCYxpS/Cm1495vGFww6ecHmMk1YJH2Q5ln0=
+ github.com/containerd/go-runc v0.0.0-20180907222934-5a6d9f37cfa3 h1:esQOJREg8nw8aXj6uCN5dfW5cKUBiEJ/+nni1Q/D/sw=
+ github.com/containerd/go-runc v0.0.0-20180907222934-5a6d9f37cfa3/go.mod h1:IV7qH3hrUgRmyYrtgEeGWJfWbgcHL9CSRruz2Vqcph0=
+ github.com/containerd/ttrpc v0.0.0-20190411181408-699c4e40d1e7 h1:SKDlsIhYxNE1LO0xwuOR+3QWj3zRibVQu5jWIMQmOfU=
+ github.com/containerd/ttrpc v0.0.0-20190411181408-699c4e40d1e7/go.mod h1:PvCDdDGpgqzQIzDW1TphrGLssLDZp2GuS+X5DkEJB8o=
++github.com/containerd/ttrpc v0.0.0-20190828154514-0e0f228740de/go.mod h1:PvCDdDGpgqzQIzDW1TphrGLssLDZp2GuS+X5DkEJB8o=
++github.com/containerd/ttrpc v1.0.0 h1:NY8Zk2i7TpkLxrkOASo+KTFq9iNCEmMH2/ZG9OuOw6k=
++github.com/containerd/ttrpc v1.0.0/go.mod h1:PvCDdDGpgqzQIzDW1TphrGLssLDZp2GuS+X5DkEJB8o=
+ github.com/containerd/typeurl v0.0.0-20180627222232-a93fcdb778cd h1:JNn81o/xG+8NEo3bC/vx9pbi/g2WI8mtP2/nXzu297Y=
+ github.com/containerd/typeurl v0.0.0-20180627222232-a93fcdb778cd/go.mod h1:Cm3kwCdlkCfMSHURc+r6fwoGH6/F1hH3S4sg0rLFWPc=
++github.com/containerd/typeurl v1.0.0 h1:7LMH7LfEmpWeCkGcIputvd4P0Rnd0LrIv1Jk2s5oobs=
++github.com/containerd/typeurl v1.0.0/go.mod h1:Cm3kwCdlkCfMSHURc+r6fwoGH6/F1hH3S4sg0rLFWPc=
+ github.com/coreos/go-systemd v0.0.0-20161114122254-48702e0da86b h1:+mtZ0WjVZwTX0RVrXMXDwuYVaNeHGvWBW1UwJeMR+2M=
+ github.com/coreos/go-systemd v0.0.0-20161114122254-48702e0da86b/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
++github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e h1:Wf6HqHfScWJN9/ZjdUKyjop4mf3Qdd+1TvvltAvM3m8=
++github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
++github.com/coreos/go-systemd/v22 v22.0.0 h1:XJIw/+VlJ+87J+doOxznsAWIdmWuViOVhkQamW5YV28=
++github.com/coreos/go-systemd/v22 v22.0.0/go.mod h1:xO0FLkIi5MaZafQlIrOotqXZ90ih+1atmu1JpKERPPk=
++github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
++github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
++github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+ github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
++github.com/docker/distribution v2.7.1+incompatible h1:a5mlkVzth6W5A4fOsS3D2EO5BUmsJpcB+cRlLU7cSug=
++github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
++github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c h1:+pKlWGMw7gf6bQ+oDZB4KHQFypsfjYlq/C4rfL7D3g8=
++github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c/go.mod h1:Uw6UezgYA44ePAFQYUehOuCzmy5zmg/+nl2ZfMWGkpA=
+ github.com/docker/go-units v0.3.1 h1:QAFdsA6jLCnglbqE6mUsHuPcJlntY94DkxHf4deHKIU=
+ github.com/docker/go-units v0.3.1/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
++github.com/docker/go-units v0.4.0 h1:3uh0PgVws3nIA0Q+MwDC8yjEPf9zjRfZZWXZYDct3Tw=
++github.com/docker/go-units v0.4.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
++github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
++github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
++github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
++github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
++github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
++github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
+ github.com/godbus/dbus v0.0.0-20151105175453-c7fdd8b5cd55 h1:oIgNYSrSUbNH5DJh6DMhU1PiOKOYIHNxrV3djLsLpEI=
+ github.com/godbus/dbus v0.0.0-20151105175453-c7fdd8b5cd55/go.mod h1:/YcGZj5zSblfDWMMoOzV4fas9FZnQYTkDnsGvmh2Grw=
++github.com/godbus/dbus v0.0.0-20190422162347-ade71ed3457e h1:BWhy2j3IXJhjCbC68FptL43tDKIq8FladmaTs3Xs7Z8=
++github.com/godbus/dbus v0.0.0-20190422162347-ade71ed3457e/go.mod h1:bBOAhwG1umN6/6ZUMtDFBMQR8jRg9O75tm9K00oMsK4=
++github.com/godbus/dbus/v5 v5.0.3 h1:ZqHaoEF7TBzh4jzPmqVhE/5A1z9of6orkAe5uHoAeME=
++github.com/godbus/dbus/v5 v5.0.3/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
++github.com/gogo/googleapis v1.3.2 h1:kX1es4djPJrsDhY7aZKJy7aZasdcB5oSOEphMjSB53c=
++github.com/gogo/googleapis v1.3.2/go.mod h1:5YRNX2z1oM5gXdAkurHa942MDgEJyk02w4OecKY87+c=
+ github.com/gogo/protobuf v1.0.0 h1:2jyBKDKU/8v3v2xVR2PtiWQviFUyiaGk2rpfyFT8rTM=
+ github.com/gogo/protobuf v1.0.0/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
++github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4=
++github.com/gogo/protobuf v1.3.1 h1:DqDEcV5aeaTmdFBePNpYsp3FlcVH/2ISVVM9Qf8PSls=
++github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o=
++github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
++github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6 h1:ZgQEtGgCBiWRM39fZuwSd1LwSqqSW0hOdXCYYDX0R3I=
++github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
++github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e h1:1r7pUrabqp18hOBcwBwiTsbnFeTZHV9eER/QT5JVZxY=
++github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
++github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
+ github.com/golang/protobuf v1.1.0 h1:0iH4Ffd/meGoXqF2lSAhZHt8X+cPgkfn/cb6Cce5Vpc=
+ github.com/golang/protobuf v1.1.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
++github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
++github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
++github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
++github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
++github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
++github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
++github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs=
++github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
++github.com/golang/protobuf v1.4.0 h1:oOuy+ugB+P/kBdUnG5QaMXSIyJ1q38wWSojYCb3z5VQ=
++github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
++github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
++github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
+ github.com/google/go-cmp v0.3.1 h1:Xye71clBPdm5HgqGwUkwhbynsUJZhDbS20FvLhQ2izg=
+ github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
++github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
++github.com/hashicorp/errwrap v0.0.0-20141028054710-7554cd9344ce h1:prjrVgOk2Yg6w+PflHoszQNLTUh4kaByUcEWM/9uin4=
++github.com/hashicorp/errwrap v0.0.0-20141028054710-7554cd9344ce/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
++github.com/hashicorp/go-multierror v0.0.0-20161216184304-ed905158d874 h1:cAv7ZbSmyb1wjn6T4TIiyFCkpcfgpbcNNC3bM2srLaI=
++github.com/hashicorp/go-multierror v0.0.0-20161216184304-ed905158d874/go.mod h1:JMRHfdO9jKNzS/+BTlxCjKNQHg/jZAft8U7LloJvN7I=
++github.com/hashicorp/golang-lru v0.5.1 h1:0hERBMJE1eitiLkihrMvRVBYAkpHzc/J3QdDN+dAcgU=
++github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
++github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4=
++github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
++github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
++github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q=
++github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00=
++github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
+ github.com/konsorten/go-windows-terminal-sequences v1.0.1 h1:mweAR1A6xJ3oS2pRaGiHgQ4OO8tzTaLawm8vnODuwDk=
+ github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
++github.com/konsorten/go-windows-terminal-sequences v1.0.2 h1:DB17ag19krx9CFsz4o3enTrPXyIXCl+2iCXH/aMAp9s=
++github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
++github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
++github.com/onsi/ginkgo v1.10.1/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
++github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
+ github.com/opencontainers/go-digest v0.0.0-20180430190053-c9281466c8b2 h1:QhPf3A2AZW3tTGvHPg0TA+CR3oHbVLlXUhlghqISp1I=
+ github.com/opencontainers/go-digest v0.0.0-20180430190053-c9281466c8b2/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
++github.com/opencontainers/go-digest v1.0.0-rc1 h1:WzifXhOVOEOuFYOJAW6aQqW0TooG2iki3E3Ii+WN7gQ=
++github.com/opencontainers/go-digest v1.0.0-rc1/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
++github.com/opencontainers/image-spec v1.0.1 h1:JMemWkRwHx4Zj+fVxWoMCFm/8sYGGrUVojFA6h/TRcI=
++github.com/opencontainers/image-spec v1.0.1/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0=
++github.com/opencontainers/runc v0.0.0-20190115041553-12f6a991201f/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
+ github.com/opencontainers/runc v1.0.0-rc8 h1:dDCFes8Hj1r/i5qnypONo5jdOme/8HWZC/aNDyhECt0=
+ github.com/opencontainers/runc v1.0.0-rc8/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
+ github.com/opencontainers/runtime-spec v0.0.0-20180909173843-eba862dc2470 h1:dQgS6CgSB2mBQur4Cz7kaEtXNSw56ZlRb7ZsBT70hTA=
+ github.com/opencontainers/runtime-spec v0.0.0-20180909173843-eba862dc2470/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
++github.com/opencontainers/runtime-spec v0.1.2-0.20190507144316-5b71a03e2700/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
++github.com/opencontainers/runtime-spec v1.0.2 h1:UfAcuLBJB9Coz72x1hgl8O5RVzTdNiaglX6v2DM6FI0=
++github.com/opencontainers/runtime-spec v1.0.2/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
++github.com/opencontainers/runtime-tools v0.0.0-20181011054405-1d69bd0f9c39/go.mod h1:r3f7wjNzSs2extwzU3Y+6pKfobzPh+kKFJ3ofN+3nfs=
++github.com/pkg/errors v0.8.1-0.20171018195549-f15c970de5b7/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+ github.com/pkg/errors v0.8.1 h1:iURUrRGxPUNPdy5/HRSm+Yj6okJ6UtLINN0Q9M4+h3I=
+ github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
++github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
++github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+ github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+ github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
++github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
++github.com/prometheus/procfs v0.0.5/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ=
++github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
++github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
++github.com/sirupsen/logrus v1.0.4-0.20170822132746-89742aefa4b2/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc=
+ github.com/sirupsen/logrus v1.4.1 h1:GL2rEmy6nsikmW0r8opw9JIRScdMF5hA8cOYLH7In1k=
+ github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q=
++github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
++github.com/sirupsen/logrus v1.5.0 h1:1N5EYkVAPEywqZRJd7cwnRtCb6xJx7NH3T3WUTF980Q=
++github.com/sirupsen/logrus v1.5.0/go.mod h1:+F7Ogzej0PZc/94MaYx/nvG9jOFMD2osvC3s+Squfpo=
++github.com/spf13/cobra v0.0.2-0.20171109065643-2da4a54c5cee/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ=
++github.com/spf13/pflag v1.0.1-0.20171106142849-4c012f6dcd95/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
++github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+ github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+ github.com/stretchr/testify v1.2.2 h1:bSDNvY7ZPG5RlJ8otE/7V6gMiyenm9RtJ7IUVIAoJ1w=
+ github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
++github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
++github.com/syndtr/gocapability v0.0.0-20170704070218-db04d3cc01c8/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww=
++github.com/syndtr/gocapability v0.0.0-20180916011248-d98352740cb2 h1:b6uOv7YOFK0TYG7HtkIgExQo+2RdLuwRft63jn2HWj8=
++github.com/syndtr/gocapability v0.0.0-20180916011248-d98352740cb2/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww=
++github.com/urfave/cli v0.0.0-20171014202726-7bc6a0acffa5/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA=
++github.com/urfave/cli v1.22.2/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
++github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
++github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ=
++github.com/xeipuuv/gojsonschema v0.0.0-20180618132009-1d523034197f/go.mod h1:5yf86TLmAcydyeJq5YvxkGPE2fm/u4myDekKRoLuqhs=
++go.opencensus.io v0.22.0 h1:C9hSCOW830chIVkdja34wa6Ky+IzWllkUinR+BtRZd4=
++go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
++go.opencensus.io v0.22.3 h1:8sGtKOrtQqkN1bp2AtX+misvLIlOmsEsNd+9NIcPEm8=
++go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
++golang.org/x/crypto v0.0.0-20171113213409-9f005a07e0d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
++golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
++golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
++golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
++golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
++golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+ golang.org/x/net v0.0.0-20170716174642-b3756b4b77d7 h1:FCqk7JXVeupwwnGVopQCC0a0xRK0Rj7SL5AyjjWo4pk=
+ golang.org/x/net v0.0.0-20170716174642-b3756b4b77d7/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
++golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
++golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
++golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
++golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
++golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
++golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
++golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
++golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e h1:3G+cUijn7XD+S4eJFddp53Pv7+slrESplyjG25HgL+k=
++golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
++golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
++golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
++golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
++golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
++golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
++golang.org/x/sync v0.0.0-20190423024810-112230192c58 h1:8gQV6CLnAEikrhgkHFbMAEhagSSnXWGV915qUMm9mrU=
+ golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
++golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a h1:WXEvlFVvvGxCJLG6REjsT03iWnKLEWinaScsxF2Vm2o=
++golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
++golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+ golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
++golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
++golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
++golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
++golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+ golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b h1:ag/x1USPSsqHud38I9BAC88qdNLDHHtQ4mlgQIZPPNA=
+ golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
++golang.org/x/sys v0.0.0-20190514135907-3a4b5fb9f71f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
++golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
++golang.org/x/sys v0.0.0-20191022100944-742c48ecaeb7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
++golang.org/x/sys v0.0.0-20191210023423-ac6580df4449/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
++golang.org/x/sys v0.0.0-20200120151820-655fe14d7479/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
++golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
++golang.org/x/sys v0.0.0-20200413165638-669c56c373c4 h1:opSr2sbRXk5X5/givKrrKj9HXxFpW2sdCiP8MJSKLQY=
++golang.org/x/sys v0.0.0-20200413165638-669c56c373c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
++golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
++golang.org/x/text v0.3.2 h1:tW2bmiBqwgJj/UpqtC8EpXEZVYOwU0yG4iWbprSVAcs=
++golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
++golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
++golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
++golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
++golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
++golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
++golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
++golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
++golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
++google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
++google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
+ google.golang.org/genproto v0.0.0-20170523043604-d80a6e20e776 h1:wVJP1pATLVPNxCz4R2mTO6HUJgfGE0PmIu2E10RuhCw=
+ google.golang.org/genproto v0.0.0-20170523043604-d80a6e20e776/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
++google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
++google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
++google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
++google.golang.org/genproto v0.0.0-20200413115906-b5235f65be36 h1:j7CmVRD4Kec0+f8VuBAc2Ak2MFfXm5Q2/RxuJLL+76E=
++google.golang.org/genproto v0.0.0-20200413115906-b5235f65be36/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+ google.golang.org/grpc v1.12.0 h1:Mm8atZtkT+P6R43n/dqNDWkPPu5BwRVu/1rJnJCeZH8=
+ google.golang.org/grpc v1.12.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw=
++google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
++google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
++google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
++google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
++google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
++google.golang.org/grpc v1.28.1 h1:C1QC6KzgSiLyBabDi87BbjaGreoRgGUF5nOyvfrAZ1k=
++google.golang.org/grpc v1.28.1/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKal+60=
++google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
++google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
++google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
++google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE=
++google.golang.org/protobuf v1.21.0 h1:qdOKuR/EIArgaWNjetjgTzgVTAZ+S/WXVrq9HW9zimw=
++google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo=
++gopkg.in/airbrake/gobrake.v2 v2.0.9/go.mod h1:/h5ZAUhDkGaJfjzjKLSjv6zCL6O0LLBxU4K+aSYdM/U=
++gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
++gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
++gopkg.in/gemnasium/logrus-airbrake-hook.v2 v2.1.2/go.mod h1:Xk6kEKp8OKb+X14hQBKWaSkCsqBpgog8nAV2xsGOxlo=
++gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
++gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
++gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+ gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo=
+ gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
++honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
++honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
++k8s.io/kubernetes v1.13.0/go.mod h1:ocZa8+6APFNC2tX1DZASIbocyYT5jHzqFVsY5aoB7Jk=
+diff --git a/pkg/v1/proc/deleted_state.go b/pkg/v1/proc/deleted_state.go
+index 95b4406..941598b 100644
+--- a/pkg/v1/proc/deleted_state.go
++++ b/pkg/v1/proc/deleted_state.go
+@@ -22,7 +22,7 @@ import (
+
+ "github.com/containerd/console"
+ "github.com/containerd/containerd/errdefs"
+- "github.com/containerd/containerd/runtime/proc"
++ "github.com/containerd/containerd/pkg/process"
+ "github.com/pkg/errors"
+ )
+
+@@ -51,6 +51,6 @@ func (s *deletedState) SetExited(status int) {
+ // no op
+ }
+
+-func (s *deletedState) Exec(ctx context.Context, path string, r *ExecConfig) (proc.Process, error) {
++func (s *deletedState) Exec(ctx context.Context, path string, r *ExecConfig) (process.Process, error) {
+ return nil, errors.Errorf("cannot exec in a deleted state")
+ }
+diff --git a/pkg/v1/proc/exec.go b/pkg/v1/proc/exec.go
+index f02b73b..cbc0819 100644
+--- a/pkg/v1/proc/exec.go
++++ b/pkg/v1/proc/exec.go
+@@ -29,7 +29,7 @@ import (
+
+ "github.com/containerd/console"
+ "github.com/containerd/containerd/errdefs"
+- "github.com/containerd/containerd/runtime/proc"
++ "github.com/containerd/containerd/pkg/stdio"
+ "github.com/containerd/fifo"
+ runc "github.com/containerd/go-runc"
+ specs "github.com/opencontainers/runtime-spec/specs-go"
+@@ -54,7 +54,7 @@ type execProcess struct {
+ internalPid int
+ closers []io.Closer
+ stdin io.Closer
+- stdio proc.Stdio
++ stdio stdio.Stdio
+ path string
+ spec specs.Process
+
+@@ -165,7 +165,7 @@ func (e *execProcess) Stdin() io.Closer {
+ return e.stdin
+ }
+
+-func (e *execProcess) Stdio() proc.Stdio {
++func (e *execProcess) Stdio() stdio.Stdio {
+ return e.stdio
+ }
+
+@@ -232,7 +232,7 @@ func (e *execProcess) start(ctx context.Context) (err error) {
+ if err != nil {
+ return errors.Wrap(err, "failed to retrieve console master")
+ }
+- if e.console, err = e.parent.Platform.CopyConsole(ctx, console, e.stdio.Stdin, e.stdio.Stdout, e.stdio.Stderr, &e.wg, ©WaitGroup); err != nil {
++ if e.console, err = e.parent.Platform.CopyConsole(ctx, console, e.stdio.Stdin, e.stdio.Stdout, e.stdio.Stderr, &e.wg); err != nil {
+ return errors.Wrap(err, "failed to start console copy")
+ }
+ } else if !e.stdio.IsNull() {
+diff --git a/pkg/v1/proc/init.go b/pkg/v1/proc/init.go
+index 5dbb1da..138880b 100644
+--- a/pkg/v1/proc/init.go
++++ b/pkg/v1/proc/init.go
+@@ -31,7 +31,8 @@ import (
+ "github.com/containerd/containerd/errdefs"
+ "github.com/containerd/containerd/log"
+ "github.com/containerd/containerd/mount"
+- "github.com/containerd/containerd/runtime/proc"
++ "github.com/containerd/containerd/pkg/process"
++ "github.com/containerd/containerd/pkg/stdio"
+ "github.com/containerd/fifo"
+ runc "github.com/containerd/go-runc"
+ specs "github.com/opencontainers/runtime-spec/specs-go"
+@@ -61,7 +62,7 @@ type Init struct {
+ id string
+ Bundle string
+ console console.Console
+- Platform proc.Platform
++ Platform stdio.Platform
+ io runc.IO
+ runtime *runsc.Runsc
+ status int
+@@ -69,7 +70,7 @@ type Init struct {
+ pid int
+ closers []io.Closer
+ stdin io.Closer
+- stdio proc.Stdio
++ stdio stdio.Stdio
+ Rootfs string
+ IoUID int
+ IoGID int
+@@ -94,7 +95,7 @@ func NewRunsc(root, path, namespace, runtime string, config map[string]string) *
+ }
+
+ // New returns a new init process
+-func New(id string, runtime *runsc.Runsc, stdio proc.Stdio) *Init {
++func New(id string, runtime *runsc.Runsc, stdio stdio.Stdio) *Init {
+ p := &Init{
+ id: id,
+ runtime: runtime,
+@@ -154,7 +155,7 @@ func (p *Init) Create(ctx context.Context, r *CreateConfig) (err error) {
+ if err != nil {
+ return errors.Wrap(err, "failed to retrieve console master")
+ }
+- console, err = p.Platform.CopyConsole(ctx, console, r.Stdin, r.Stdout, r.Stderr, &p.wg, ©WaitGroup)
++ console, err = p.Platform.CopyConsole(ctx, console, r.Stdin, r.Stdout, r.Stderr, &p.wg)
+ if err != nil {
+ return errors.Wrap(err, "failed to start console copy")
+ }
+@@ -393,7 +394,7 @@ func (p *Init) Runtime() *runsc.Runsc {
+ }
+
+ // Exec returns a new child process
+-func (p *Init) Exec(ctx context.Context, path string, r *ExecConfig) (proc.Process, error) {
++func (p *Init) Exec(ctx context.Context, path string, r *ExecConfig) (process.Process, error) {
+ p.mu.Lock()
+ defer p.mu.Unlock()
+
+@@ -401,7 +402,7 @@ func (p *Init) Exec(ctx context.Context, path string, r *ExecConfig) (proc.Proce
+ }
+
+ // exec returns a new exec'd process
+-func (p *Init) exec(ctx context.Context, path string, r *ExecConfig) (proc.Process, error) {
++func (p *Init) exec(ctx context.Context, path string, r *ExecConfig) (process.Process, error) {
+ // process exec request
+ var spec specs.Process
+ if err := json.Unmarshal(r.Spec.Value, &spec); err != nil {
+@@ -414,7 +415,7 @@ func (p *Init) exec(ctx context.Context, path string, r *ExecConfig) (proc.Proce
+ path: path,
+ parent: p,
+ spec: spec,
+- stdio: proc.Stdio{
++ stdio: stdio.Stdio{
+ Stdin: r.Stdin,
+ Stdout: r.Stdout,
+ Stderr: r.Stderr,
+@@ -427,7 +428,7 @@ func (p *Init) exec(ctx context.Context, path string, r *ExecConfig) (proc.Proce
+ }
+
+ // Stdio of the process
+-func (p *Init) Stdio() proc.Stdio {
++func (p *Init) Stdio() stdio.Stdio {
+ return p.stdio
+ }
+
+@@ -455,7 +456,7 @@ func (p *Init) convertStatus(status string) string {
+ return status
+ }
+
+-func withConditionalIO(c proc.Stdio) runc.IOOpt {
++func withConditionalIO(c stdio.Stdio) runc.IOOpt {
+ return func(o *runc.IOOption) {
+ o.OpenStdin = c.Stdin != ""
+ o.OpenStdout = c.Stdout != ""
+diff --git a/pkg/v1/proc/init_state.go b/pkg/v1/proc/init_state.go
+index f56f6fe..22cca4a 100644
+--- a/pkg/v1/proc/init_state.go
++++ b/pkg/v1/proc/init_state.go
+@@ -22,7 +22,7 @@ import (
+
+ "github.com/containerd/console"
+ "github.com/containerd/containerd/errdefs"
+- "github.com/containerd/containerd/runtime/proc"
++ "github.com/containerd/containerd/pkg/process"
+ "github.com/pkg/errors"
+ )
+
+@@ -30,7 +30,7 @@ type initState interface {
+ Resize(console.WinSize) error
+ Start(context.Context) error
+ Delete(context.Context) error
+- Exec(context.Context, string, *ExecConfig) (proc.Process, error)
++ Exec(context.Context, string, *ExecConfig) (process.Process, error)
+ Kill(context.Context, uint32, bool) error
+ SetExited(int)
+ }
+@@ -96,7 +96,7 @@ func (s *createdState) SetExited(status int) {
+ }
+ }
+
+-func (s *createdState) Exec(ctx context.Context, path string, r *ExecConfig) (proc.Process, error) {
++func (s *createdState) Exec(ctx context.Context, path string, r *ExecConfig) (process.Process, error) {
+ return s.p.exec(ctx, path, r)
+ }
+
+@@ -138,7 +138,7 @@ func (s *runningState) SetExited(status int) {
+ }
+ }
+
+-func (s *runningState) Exec(ctx context.Context, path string, r *ExecConfig) (proc.Process, error) {
++func (s *runningState) Exec(ctx context.Context, path string, r *ExecConfig) (process.Process, error) {
+ return s.p.exec(ctx, path, r)
+ }
+
+@@ -179,6 +179,6 @@ func (s *stoppedState) SetExited(status int) {
+ // no op
+ }
+
+-func (s *stoppedState) Exec(ctx context.Context, path string, r *ExecConfig) (proc.Process, error) {
++func (s *stoppedState) Exec(ctx context.Context, path string, r *ExecConfig) (process.Process, error) {
+ return nil, errors.Errorf("cannot exec in a stopped state")
+ }
+diff --git a/pkg/v1/shim/platform.go b/pkg/v1/shim/platform.go
+index 10c5495..fa3dd97 100644
+--- a/pkg/v1/shim/platform.go
++++ b/pkg/v1/shim/platform.go
+@@ -32,7 +32,8 @@ type linuxPlatform struct {
+ epoller *console.Epoller
+ }
+
+-func (p *linuxPlatform) CopyConsole(ctx context.Context, console console.Console, stdin, stdout, stderr string, wg, cwg *sync.WaitGroup) (console.Console, error) {
++func (p *linuxPlatform) CopyConsole(ctx context.Context, console console.Console, stdin, stdout, stderr string, wg *sync.WaitGroup) (console.Console, error) {
++ var cwg sync.WaitGroup
+ if p.epoller == nil {
+ return nil, errors.New("uninitialized epoller")
+ }
+@@ -76,6 +77,7 @@ func (p *linuxPlatform) CopyConsole(ctx context.Context, console console.Console
+ outw.Close()
+ wg.Done()
+ }()
++ cwg.Wait()
+ return epollConsole, nil
+ }
+
+diff --git a/pkg/v1/shim/service.go b/pkg/v1/shim/service.go
+index e06a556..270d190 100644
+--- a/pkg/v1/shim/service.go
++++ b/pkg/v1/shim/service.go
+@@ -32,11 +32,12 @@ import (
+ "github.com/containerd/containerd/log"
+ "github.com/containerd/containerd/mount"
+ "github.com/containerd/containerd/namespaces"
++ rproc "github.com/containerd/containerd/pkg/process"
++ "github.com/containerd/containerd/pkg/stdio"
+ "github.com/containerd/containerd/runtime"
+ "github.com/containerd/containerd/runtime/linux/runctypes"
+- rproc "github.com/containerd/containerd/runtime/proc"
+- "github.com/containerd/containerd/runtime/v1/shim"
+ shimapi "github.com/containerd/containerd/runtime/v1/shim/v1"
++ "github.com/containerd/containerd/sys/reaper"
+ "github.com/containerd/typeurl"
+ ptypes "github.com/gogo/protobuf/types"
+ "github.com/pkg/errors"
+@@ -102,7 +103,7 @@ type Service struct {
+ context context.Context
+ processes map[string]rproc.Process
+ events chan interface{}
+- platform rproc.Platform
++ platform stdio.Platform
+ ec chan proc.Exit
+
+ // Filled by Create()
+@@ -541,7 +542,7 @@ func getTopic(ctx context.Context, e interface{}) string {
+ return runtime.TaskUnknownTopic
+ }
+
+-func newInit(ctx context.Context, path, workDir, runtimeRoot, namespace string, config map[string]string, platform rproc.Platform, r *proc.CreateConfig) (*proc.Init, error) {
++func newInit(ctx context.Context, path, workDir, runtimeRoot, namespace string, config map[string]string, platform stdio.Platform, r *proc.CreateConfig) (*proc.Init, error) {
+ var options runctypes.CreateOptions
+ if r.Options != nil {
+ v, err := typeurl.UnmarshalAny(r.Options)
+@@ -562,7 +563,7 @@ func newInit(ctx context.Context, path, workDir, runtimeRoot, namespace string,
+ runsc.FormatLogPath(r.ID, config)
+ rootfs := filepath.Join(path, "rootfs")
+ runtime := proc.NewRunsc(runtimeRoot, path, namespace, r.Runtime, config)
+- p := proc.New(r.ID, runtime, rproc.Stdio{
++ p := proc.New(r.ID, runtime, stdio.Stdio{
+ Stdin: r.Stdin,
+ Stdout: r.Stdout,
+ Stderr: r.Stderr,
+@@ -576,6 +577,6 @@ func newInit(ctx context.Context, path, workDir, runtimeRoot, namespace string,
+ p.IoGID = int(options.IoGid)
+ p.Sandbox = utils.IsSandbox(spec)
+ p.UserLog = utils.UserLogPath(spec)
+- p.Monitor = shim.Default
++ p.Monitor = reaper.Default
+ return p, nil
+ }
+diff --git a/pkg/v2/service.go b/pkg/v2/service.go
+index 3f0a236..c1df4b8 100644
+--- a/pkg/v2/service.go
++++ b/pkg/v2/service.go
+@@ -30,20 +30,21 @@ import (
+ "time"
+
+ "github.com/BurntSushi/toml"
+- "github.com/containerd/cgroups"
++ cgroups "github.com/containerd/cgroups/stats/v1"
+ "github.com/containerd/console"
+ eventstypes "github.com/containerd/containerd/api/events"
+ "github.com/containerd/containerd/api/types/task"
+ "github.com/containerd/containerd/errdefs"
+- "github.com/containerd/containerd/events"
+ "github.com/containerd/containerd/log"
+ "github.com/containerd/containerd/mount"
+ "github.com/containerd/containerd/namespaces"
++ "github.com/containerd/containerd/pkg/process"
++ "github.com/containerd/containerd/pkg/stdio"
+ "github.com/containerd/containerd/runtime"
+ "github.com/containerd/containerd/runtime/linux/runctypes"
+- rproc "github.com/containerd/containerd/runtime/proc"
+ "github.com/containerd/containerd/runtime/v2/shim"
+ taskAPI "github.com/containerd/containerd/runtime/v2/task"
++ "github.com/containerd/containerd/sys/reaper"
+ runtimeoptions "github.com/containerd/cri/pkg/api/runtimeoptions/v1"
+ "github.com/containerd/typeurl"
+ ptypes "github.com/gogo/protobuf/types"
+@@ -74,23 +75,22 @@ var _ = (taskAPI.TaskService)(&service{})
+ const configFile = "config.toml"
+
+ // New returns a new shim service that can be used via GRPC
+-func New(ctx context.Context, id string, publisher events.Publisher) (shim.Shim, error) {
+- ctx, cancel := context.WithCancel(ctx)
++func New(ctx context.Context, id string, publisher shim.Publisher, shutdown func()) (shim.Shim, error) {
+ s := &service{
+ id: id,
+ context: ctx,
+- processes: make(map[string]rproc.Process),
++ processes: make(map[string]process.Process),
+ events: make(chan interface{}, 128),
+ ec: proc.ExitCh,
+- cancel: cancel,
++ cancel: shutdown,
+ }
+ go s.processExits()
+- runsc.Monitor = shim.Default
++ runsc.Monitor = reaper.Default
+ if err := s.initPlatform(); err != nil {
+- cancel()
++ shutdown()
+ return nil, errors.Wrap(err, "failed to initialized platform behavior")
+ }
+- go s.forward(publisher)
++ go s.forward(ctx, publisher)
+ return s, nil
+ }
+
+@@ -99,10 +99,10 @@ type service struct {
+ mu sync.Mutex
+
+ context context.Context
+- task rproc.Process
+- processes map[string]rproc.Process
++ task process.Process
++ processes map[string]process.Process
+ events chan interface{}
+- platform rproc.Platform
++ platform stdio.Platform
+ ec chan proc.Exit
+
+ id string
+@@ -137,7 +137,7 @@ func newCommand(ctx context.Context, containerdBinary, containerdAddress string)
+ return cmd, nil
+ }
+
+-func (s *service) StartShim(ctx context.Context, id, containerdBinary, containerdAddress string) (string, error) {
++func (s *service) StartShim(ctx context.Context, id, containerdBinary, containerdAddress, containerdTTRPCAddress string) (string, error) {
+ cmd, err := newCommand(ctx, containerdBinary, containerdAddress)
+ if err != nil {
+ return "", err
+@@ -560,7 +560,7 @@ func (s *service) Connect(ctx context.Context, r *taskAPI.ConnectRequest) (*task
+
+ func (s *service) Shutdown(ctx context.Context, r *taskAPI.ShutdownRequest) (*ptypes.Empty, error) {
+ s.cancel()
+- os.Exit(0)
++ close(s.events)
+ return empty, nil
+ }
+
+@@ -697,7 +697,7 @@ func (s *service) checkProcesses(e proc.Exit) {
+ }
+ }
+
+-func (s *service) allProcesses() (o []rproc.Process) {
++func (s *service) allProcesses() (o []process.Process) {
+ s.mu.Lock()
+ defer s.mu.Unlock()
+ for _, p := range s.processes {
+@@ -727,18 +727,21 @@ func (s *service) getContainerPids(ctx context.Context, id string) ([]uint32, er
+ return pids, nil
+ }
+
+-func (s *service) forward(publisher events.Publisher) {
++func (s *service) forward(ctx context.Context, publisher shim.Publisher) {
++ ns, _ := namespaces.Namespace(ctx)
++ ctx = namespaces.WithNamespace(context.Background(), ns)
+ for e := range s.events {
+- ctx, cancel := context.WithTimeout(s.context, 5*time.Second)
++ ctx, cancel := context.WithTimeout(ctx, 5*time.Second)
+ err := publisher.Publish(ctx, getTopic(e), e)
+ cancel()
+ if err != nil {
+ logrus.WithError(err).Error("post event")
+ }
+ }
++ publisher.Close()
+ }
+
+-func (s *service) getProcess(execID string) (rproc.Process, error) {
++func (s *service) getProcess(execID string) (process.Process, error) {
+ s.mu.Lock()
+ defer s.mu.Unlock()
+ if execID == "" {
+@@ -773,7 +776,7 @@ func getTopic(e interface{}) string {
+ return runtime.TaskUnknownTopic
+ }
+
+-func newInit(ctx context.Context, path, workDir, namespace string, platform rproc.Platform, r *proc.CreateConfig, options *options.Options, rootfs string) (*proc.Init, error) {
++func newInit(ctx context.Context, path, workDir, namespace string, platform stdio.Platform, r *proc.CreateConfig, options *options.Options, rootfs string) (*proc.Init, error) {
+ spec, err := utils.ReadSpec(r.Bundle)
+ if err != nil {
+ return nil, errors.Wrap(err, "read oci spec")
+@@ -783,7 +786,7 @@ func newInit(ctx context.Context, path, workDir, namespace string, platform rpro
+ }
+ runsc.FormatLogPath(r.ID, options.RunscConfig)
+ runtime := proc.NewRunsc(options.Root, path, namespace, options.BinaryName, options.RunscConfig)
+- p := proc.New(r.ID, runtime, rproc.Stdio{
++ p := proc.New(r.ID, runtime, stdio.Stdio{
+ Stdin: r.Stdin,
+ Stdout: r.Stdout,
+ Stderr: r.Stderr,
+@@ -797,6 +800,6 @@ func newInit(ctx context.Context, path, workDir, namespace string, platform rpro
+ p.IoGID = int(options.IoGid)
+ p.Sandbox = utils.IsSandbox(spec)
+ p.UserLog = utils.UserLogPath(spec)
+- p.Monitor = shim.Default
++ p.Monitor = reaper.Default
+ return p, nil
+ }
+diff --git a/pkg/v2/service_linux.go b/pkg/v2/service_linux.go
+index cbd4315..09d9786 100644
+--- a/pkg/v2/service_linux.go
++++ b/pkg/v2/service_linux.go
+@@ -31,7 +31,8 @@ type linuxPlatform struct {
+ epoller *console.Epoller
+ }
+
+-func (p *linuxPlatform) CopyConsole(ctx context.Context, console console.Console, stdin, stdout, stderr string, wg, cwg *sync.WaitGroup) (console.Console, error) {
++func (p *linuxPlatform) CopyConsole(ctx context.Context, console console.Console, stdin, stdout, stderr string, wg *sync.WaitGroup) (console.Console, error) {
++ var cwg sync.WaitGroup
+ if p.epoller == nil {
+ return nil, errors.New("uninitialized epoller")
+ }
+@@ -75,6 +76,7 @@ func (p *linuxPlatform) CopyConsole(ctx context.Context, console console.Console
+ outw.Close()
+ wg.Done()
+ }()
++ cwg.Wait()
+ return epollConsole, nil
+ }
+
+--
+2.25.1
+
diff --git a/third_party/go/patches/gvisor-shim-root.patch b/third_party/go/patches/gvisor-shim-root.patch
new file mode 100644
index 0000000..6b10797
--- /dev/null
+++ b/third_party/go/patches/gvisor-shim-root.patch
@@ -0,0 +1,67 @@
+Copyright 2020 The Monogon Project Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+
+From 6cbcb8e61b60046e51ff79674b78031707739401 Mon Sep 17 00:00:00 2001
+From: Lorenz Brun <lorenz@brun.one>
+Date: Wed, 6 May 2020 18:52:14 +0200
+Subject: [PATCH] Fix externally-configured non-standard root paths
+
+Going upstream as https://github.com/google/gvisor-containerd-shim/pull/60
+
+---
+ pkg/v2/service.go | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/pkg/v2/service.go b/pkg/v2/service.go
+index c1df4b8..f7f5847 100644
+--- a/pkg/v2/service.go
++++ b/pkg/v2/service.go
+@@ -103,6 +103,7 @@ type service struct {
+ processes map[string]process.Process
+ events chan interface{}
+ platform stdio.Platform
++ opts options.Options
+ ec chan proc.Exit
+
+ id string
+@@ -194,7 +195,7 @@ func (s *service) Cleanup(ctx context.Context) (*taskAPI.DeleteResponse, error)
+ if err != nil {
+ return nil, err
+ }
+- r := proc.NewRunsc(proc.RunscRoot, path, ns, runtime, nil)
++ r := proc.NewRunsc(s.opts.Root, path, ns, runtime, nil)
+ if err := r.Delete(ctx, s.id, &runsc.DeleteOpts{
+ Force: true,
+ }); err != nil {
+@@ -344,6 +345,7 @@ func (s *service) Create(ctx context.Context, r *taskAPI.CreateTaskRequest) (_ *
+ s.id = r.ID
+ s.bundle = r.Bundle
+ s.task = process
++ s.opts = opts
+ return &taskAPI.CreateTaskResponse{
+ Pid: uint32(process.Pid()),
+ }, nil
+@@ -577,7 +579,7 @@ func (s *service) Stats(ctx context.Context, r *taskAPI.StatsRequest) (*taskAPI.
+ if err != nil {
+ return nil, err
+ }
+- rs := proc.NewRunsc(proc.RunscRoot, path, ns, runtime, nil)
++ rs := proc.NewRunsc(s.opts.Root, path, ns, runtime, nil)
+ stats, err := rs.Stats(ctx, s.id)
+ if err != nil {
+ return nil, err
+--
+2.25.1
+
diff --git a/third_party/go/repositories.bzl b/third_party/go/repositories.bzl
index 2967494..96b3232 100644
--- a/third_party/go/repositories.bzl
+++ b/third_party/go/repositories.bzl
@@ -86,6 +86,36 @@
patch_args = ["-p1"],
)
go_repository(
+ name = "com_github_google_gvisor_containerd_shim",
+ importpath = "github.com/google/gvisor-containerd-shim",
+ sum = "h1:RdBNQHpoQ3ekzfXYIV4+nQJ3a2xLnIHuZJkM40OEtyA=",
+ version = "v0.0.4",
+ patches = [
+ "//third_party/go/patches:gvisor-containerd-shim.patch",
+ "//third_party/go/patches:gvisor-containerd-shim-build.patch",
+ # Patches below are being upstreamed
+ "//third_party/go/patches:gvisor-containerd-shim-nogo.patch",
+ "//third_party/go/patches:gvisor-shim-root.patch",
+ ],
+ patch_args = ["-p1"],
+ )
+
+ # containerd, Not an actual release, pinned to commit 8e685f78cf66e2901b2fbed2fdddd64449a74ab9 that has support for the required build tags.
+ # Also patched for pure mode and some other issues
+ go_repository(
+ name = "com_github_containerd_containerd",
+ build_file_proto_mode = "disable",
+ build_tags = ["no_zfs", "no_aufs", "no_devicemapper", "no_btrfs"],
+ importpath = "github.com/containerd/containerd",
+ sum = "h1:IeFaEbvx6mQe9K1cXG2K7zynPwge3YUrQlLTyiNiveU=",
+ version = "v1.3.1-0.20200218165203-8e685f78cf66",
+ patches = [
+ "//third_party/go/patches:containerd-build.patch",
+ ],
+ patch_args = ["-p1"],
+ )
+
+ go_repository(
name = "io_k8s_repo_infra",
importpath = "k8s.io/repo-infra",
sum = "h1:PQyAIB6SRdV0a3Vj/VA39L1uANW36k/zg3tOk/Ffh3U=",
@@ -683,14 +713,6 @@
version = "v0.0.0-20160516000752-02826c3e7903",
)
go_repository(
- name = "com_github_containerd_containerd",
- build_file_proto_mode = "disable",
- build_tags = ["no_zfs", "no_aufs", "no_devicemapper", "no_btrfs"],
- importpath = "github.com/containerd/containerd",
- sum = "h1:IeFaEbvx6mQe9K1cXG2K7zynPwge3YUrQlLTyiNiveU=",
- version = "v1.3.1-0.20200218165203-8e685f78cf66",
- )
- go_repository(
name = "com_github_beorn7_perks",
importpath = "github.com/beorn7/perks",
sum = "h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=",
diff --git a/third_party/gvisor/BUILD b/third_party/gvisor/BUILD
deleted file mode 100644
index e69de29..0000000
--- a/third_party/gvisor/BUILD
+++ /dev/null
diff --git a/third_party/linux/linux-smalltown.config b/third_party/linux/linux-smalltown.config
index 21cc824..2d07037 100644
--- a/third_party/linux/linux-smalltown.config
+++ b/third_party/linux/linux-smalltown.config
@@ -4,10 +4,10 @@
#
#
-# Compiler: gcc (Ubuntu 9.2.1-9ubuntu2) 9.2.1 20191008
+# Compiler: gcc (Ubuntu 9.3.0-10ubuntu2) 9.3.0
#
CONFIG_CC_IS_GCC=y
-CONFIG_GCC_VERSION=90201
+CONFIG_GCC_VERSION=90300
CONFIG_CLANG_VERSION=0
CONFIG_CC_CAN_LINK=y
CONFIG_CC_HAS_ASM_GOTO=y
@@ -39,7 +39,8 @@
CONFIG_KERNEL_LZ4=y
CONFIG_DEFAULT_HOSTNAME="smalltown-uninitialized"
# CONFIG_SWAP is not set
-# CONFIG_SYSVIPC is not set
+CONFIG_SYSVIPC=y
+CONFIG_SYSVIPC_SYSCTL=y
# CONFIG_POSIX_MQUEUE is not set
CONFIG_CROSS_MEMORY_ATTACH=y
# CONFIG_USELIB is not set
@@ -96,7 +97,9 @@
# CONFIG_VIRT_CPU_ACCOUNTING_GEN is not set
# CONFIG_IRQ_TIME_ACCOUNTING is not set
# CONFIG_BSD_PROCESS_ACCT is not set
-# CONFIG_TASKSTATS is not set
+CONFIG_TASKSTATS=y
+# CONFIG_TASK_DELAY_ACCT is not set
+# CONFIG_TASK_XACCT is not set
CONFIG_PSI=y
# CONFIG_PSI_DEFAULT_DISABLED is not set
# end of CPU/Task time and stats accounting
@@ -132,11 +135,30 @@
CONFIG_CC_HAS_INT128=y
CONFIG_ARCH_SUPPORTS_INT128=y
# CONFIG_NUMA_BALANCING is not set
-# CONFIG_CGROUPS is not set
+CONFIG_CGROUPS=y
+CONFIG_PAGE_COUNTER=y
+CONFIG_MEMCG=y
+CONFIG_MEMCG_KMEM=y
+CONFIG_BLK_CGROUP=y
+CONFIG_CGROUP_WRITEBACK=y
+CONFIG_CGROUP_SCHED=y
+CONFIG_FAIR_GROUP_SCHED=y
+CONFIG_CFS_BANDWIDTH=y
+CONFIG_RT_GROUP_SCHED=y
+CONFIG_CGROUP_PIDS=y
+CONFIG_CGROUP_RDMA=y
+CONFIG_CGROUP_FREEZER=y
+CONFIG_CPUSETS=y
+CONFIG_PROC_PID_CPUSET=y
+CONFIG_CGROUP_DEVICE=y
+CONFIG_CGROUP_CPUACCT=y
+CONFIG_CGROUP_PERF=y
+# CONFIG_CGROUP_DEBUG is not set
CONFIG_NAMESPACES=y
CONFIG_UTS_NS=y
CONFIG_TIME_NS=y
-# CONFIG_USER_NS is not set
+CONFIG_IPC_NS=y
+CONFIG_USER_NS=y
CONFIG_PID_NS=y
CONFIG_NET_NS=y
# CONFIG_CHECKPOINT_RESTORE is not set
@@ -706,8 +728,11 @@
CONFIG_BLK_DEV_INTEGRITY=y
CONFIG_BLK_DEV_INTEGRITY_T10=y
# CONFIG_BLK_DEV_ZONED is not set
+# CONFIG_BLK_DEV_THROTTLING is not set
# CONFIG_BLK_CMDLINE_PARSER is not set
# CONFIG_BLK_WBT is not set
+# CONFIG_BLK_CGROUP_IOLATENCY is not set
+# CONFIG_BLK_CGROUP_IOCOST is not set
# CONFIG_BLK_SED_OPAL is not set
#
@@ -919,6 +944,8 @@
CONFIG_RPS=y
CONFIG_RFS_ACCEL=y
CONFIG_XPS=y
+# CONFIG_CGROUP_NET_PRIO is not set
+# CONFIG_CGROUP_NET_CLASSID is not set
CONFIG_NET_RX_BUSY_POLL=y
CONFIG_BQL=y
CONFIG_NET_FLOW_LIMIT=y
@@ -1335,9 +1362,9 @@
# CONFIG_GTP is not set
# CONFIG_MACSEC is not set
# CONFIG_NETCONSOLE is not set
-# CONFIG_TUN is not set
+CONFIG_TUN=y
# CONFIG_TUN_VNET_CROSS_LE is not set
-# CONFIG_VETH is not set
+CONFIG_VETH=y
CONFIG_VIRTIO_NET=y
# CONFIG_NLMON is not set
# CONFIG_ARCNET is not set
@@ -2695,7 +2722,12 @@
# CONFIG_AUTOFS4_FS is not set
# CONFIG_AUTOFS_FS is not set
# CONFIG_FUSE_FS is not set
-# CONFIG_OVERLAY_FS is not set
+CONFIG_OVERLAY_FS=y
+CONFIG_OVERLAY_FS_REDIRECT_DIR=y
+CONFIG_OVERLAY_FS_REDIRECT_ALWAYS_FOLLOW=y
+CONFIG_OVERLAY_FS_INDEX=y
+CONFIG_OVERLAY_FS_XINO_AUTO=y
+CONFIG_OVERLAY_FS_METACOPY=y
#
# Caches