| Age | Commit message (Collapse) | Author |
|---|
|
PiperOrigin-RevId: 322265513
|
|
- Fixes some html validation issues.
- Fixes links on security basics blog post.
- Adds rel=noopener to links with target=_blank and adds a check to
htmlproofer.
- Add favicon check to htmlproofer.
Fixes #3286
Fixes #3284
PiperOrigin-RevId: 321892602
|
|
`set -e` does not catch errors in bash command substituions like
`echo $(bad cmd)` so bazel thinks it succeeded and cached the result.
PiperOrigin-RevId: 321412327
|
|
Will re-submit when ICMP dest unreachable is handled correctly and it can be
turned back on.
PiperOrigin-RevId: 321227330
|
|
PiperOrigin-RevId: 321062975
|
|
PiperOrigin-RevId: 321053634
|
|
This rule isn't restored when the Kokoro VM is restarted, so it's not doing
anything. And the problem it was meant to solved is instead addressed by
https://github.com/google/gvisor/pull/3207.
PiperOrigin-RevId: 321026846
|
|
PiperOrigin-RevId: 320999851
|
|
This will allow the use of default credentials.
PiperOrigin-RevId: 320972241
|
|
The go.mod dependency tree for the shim was somehow contradictory. After
resolving these issues (e.g. explicitly imported k8s 1.14, pulling a
specific dbus version), and adding all dependencies, the shim can now be
build as part of the regular bazel tree.
As part of this process, minor cleanup was done in all the source files:
headers were standardized (and include "The gVisor Authors" in addition
to the "The containerd Authors" if originally derived from containerd
sources), and comments were cleaned up to meet coding standards.
This change makes the containerd installation dynamic, so that multiple
versions can be tested, and drops the static installer for the VM image
itself.
This change also updates test/root/crictl_test.go and related utilities,
so that the containerd tests can be run on any version (and in cases
where it applies, they can be run on both v1 and v2 as parameterized
tests).
|
|
|
|
We need docker IPv6 for ip6tables tests. Docker has spotty IPv6 support, so just
enabling IPv6 in daemon.json breaks the Ruby image test (AFAICT it breaks
anything that tries to use IPv6 to reach the internet). An ip6tables NAT rule is
added to handle this.
We could make these changes as part of scripts/, but these would overwrite
global values and possibly break users' systems.
PiperOrigin-RevId: 318508209
|
|
Previously, it was not possible to encode/decode an object graph which
contained a pointer to a field within another type. This was because the
encoder was previously unable to disambiguate a pointer to an object and a
pointer within the object.
This CL remedies this by constructing an address map tracking the full memory
range object occupy. The encoded Refvalue message has been extended to allow
references to children objects within another object. Because the encoding
process may learn about object structure over time, we cannot encode any
objects under the entire graph has been generated.
This CL also updates the state package to use standard interfaces intead of
reflection-based dispatch in order to improve performance overall. This
includes a custom wire protocol to significantly reduce the number of
allocations and take advantage of structure packing.
As part of these changes, there are a small number of minor changes in other
places of the code base:
* The lists used during encoding are changed to use intrusive lists with the
objectEncodeState directly, which required that the ilist Len() method is
updated to work properly with the ElementMapper mechanism.
* A bug is fixed in the list code wherein Remove() called on an element that is
already removed can corrupt the list (removing the element if there's only a
single element). Now the behavior is correct.
* Standard error wrapping is introduced.
* Compressio was updated to implement the new wire.Reader and wire.Writer
inteface methods directly. The lack of a ReadByte and WriteByte caused issues
not due to interface dispatch, but because underlying slices for a Read or
Write call through an interface would always escape to the heap!
* Statify has been updated to support the new APIs.
See README.md for a description of how the new mechanism works.
PiperOrigin-RevId: 318010298
|
|
Updates #2972
PiperOrigin-RevId: 317113059
|
|
Updates #2972
PiperOrigin-RevId: 316942245
|
|
PiperOrigin-RevId: 316011323
|
|
PiperOrigin-RevId: 315911025
|
|
PiperOrigin-RevId: 315341669
|
|
And don't parse binary paths for the build target.
Signed-off-by: Andrei Vagin <avagin@gmail.com>
|
|
This will make tag & release workflows idempotent.
PiperOrigin-RevId: 314154888
|
|
This change fixes the apt repository structure to avoid emiting warnings on
Ubuntu 18.04 (and potentially other versions). This requires a slight refactor
of the repository generation scripts, since we can no longer copy the same
release files for different "suites".
This should avoid the warning by setting the suite to the distribution:
https://github.com/Debian/apt/blob/master/apt-pkg/metaindex.cc#L75
This change also moves over to the standardized Makefile entrypoint, which
makes settings clearer and enables local testing.
PiperOrigin-RevId: 313817017
|
|
PiperOrigin-RevId: 313652557
|
|
PiperOrigin-RevId: 313404235
|
|
The --groups command will fail if the group is not defined in
/etc/groups, even though it is specified by GID.
By coincidence, the group happens to be there for many installations of
Ubuntu 18.04 (which uses 999 for the Docker group), but it is strangely
absent in others (which use 130).
Fixes #2765
|
|
Fixes #2722
|
|
This change was derived from a change by:
Reapor-Yurnero <reapor.yurnero@gmail.com>
And has been modified by:
Adin Scannell <ascannell@google.com>
(The original change author is preserved for the commit.)
This change implements gap tracking in the segment set by adding additional
information in each node, and using that information to speed up gap finding
from a linear scan to a O(log(n)) walk of the tree.
This gap tracking is optional, and will default to off except for segment
instances that set gapTracking equal to 1 in their const lists.
PiperOrigin-RevId: 312621607
|
|
PiperOrigin-RevId: 312529859
|
|
This upgrades the Kokoro images, bazel toolchains used by RBE runners, and
rules_go, gazelle, and go toolchain versions.
PiperOrigin-RevId: 312522097
|
|
PiperOrigin-RevId: 312155686
|
|
PiperOrigin-RevId: 311751972
|
|
PiperOrigin-RevId: 311658774
|
|
PiperOrigin-RevId: 311600872
|
|
PiperOrigin-RevId: 311184385
|
|
Without this fix, make exits with zero code when bazel build failed:
$ make run TARGETS="--abra --kadabra"
ERROR: Unrecognized option: --abra
$ echo $?
0
Signed-off-by: Andrei Vagin <avagin@gmail.com>
|
|
This change two does things:
1) Name the container based on the canonical directory path.
2) Allow the container to exit after bazel itself has exited.
The first is necessary to support multiple working directories,
while the second one allows these instances to clean up properly.
PiperOrigin-RevId: 310460748
|
|
Updates #2569
Updates #2298
PiperOrigin-RevId: 310423629
|
|
This adapts the merged website repository to use the image and bazel
build framework. It explicitly avoids the container_image rules provided
by bazel, opting instead to build with direct docker commands when
necessary.
The relevant build commands are incorporated into the top-level
Makefile.
|
|
PiperOrigin-RevId: 309801320
|
|
PiperOrigin-RevId: 309265978
|
|
PiperOrigin-RevId: 309176385
|
|
PiperOrigin-RevId: 308901116
|
|
This change moves all Docker images to a standard location, and abstracts the
build process so that they can be maintained in an automated fashion. This also
allows the images to be architecture-independent.
All images will now be referred to by the test framework via the canonical
`gvisor.dev/images/<name>`, where `<name>` is a function of the path within the
source tree.
In a subsequent change, continuous integration will be added so that the images
will always be correct and available locally.
In the end, using `bazel` for Docker containers is simply not possible. Given
that we already have the need to use `make` with the base container (for
Docker), we extend this approach to get more flexibility.
This change also adds a self-documenting and powerful Makefile that is intended
to replace the collection of scripts in scripts. Canonical (self-documenting)
targets can be added here for targets that understand which images need to be
loaded and/or built.
PiperOrigin-RevId: 308322438
|
|
This change adds a layer of abstraction around the internal Docker APIs,
and eliminates all direct dependencies on Dockerfiles in the infrastructure.
A subsequent change will automated the generation of local images (with
efficient caching). Note that this change drops the use of bazel container
rules, as that experiment does not seem to be viable.
PiperOrigin-RevId: 308095430
|
|
Even though the default build option is to use 1.14, we want to be
want to keep the ability to target different Go versions for testing
and in case the new release has bugs.
PiperOrigin-RevId: 308078876
|
|
PiperOrigin-RevId: 307941984
|
|
See tools/nogo/README.md.
The checkescape tool is able to perform recursive escape analysis, using the
actual generated binary to confirm the results produced by the compiler itself.
As an initial use case, this replaces the manual escape analysis tests used for
go_marshal, and validates that the CopyIn and CopyOut paths will not require
any allocation or stack splits.
Updates #2243
PiperOrigin-RevId: 307532986
|
|
This change renames the tools/images directory to tools/vm for clarity, and
adds a functional vm_test. Sharding is also added to the same test, and some
documentation added around key flags & variables to describe how they work.
Subsequent changes will add vm_tests for other cases, such as the runtime tests.
PiperOrigin-RevId: 307492245
|
|
PiperOrigin-RevId: 306300032
|
|
PiperOrigin-RevId: 306289643
|
|
PiperOrigin-RevId: 305944892
|
