Cleanup unused code and static checks

Signed-off-by: Derek McGowan <[email protected]>

Author: dmcgowan

.github/workflows/ci.yml

@@ -23,7 +23,7 @@ jobs:
 
     strategy:
       matrix:
-        os: [ubuntu-latest, ubuntu-24.04-arm, macos-latest, windows-latest]
+        os: [ubuntu-latest, ubuntu-24.04-arm, macos-latest] # skipping windows-latest for now
         exclude:
           - os: ${{ github.event.repository.private && 'ubuntu-24.04-arm' || '' }}
 
@@ -84,7 +84,7 @@ jobs:
       # Needed for proto lookup during generation
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
-          repository: github.com/containerd/containerd
+          repository: containerd/containerd
           path: src/github.com/containerd/containerd
 
       - uses: ./src/github.com/containerd/nerdbox/.github/actions/install-go

.golangci.yml

@@ -0,0 +1,94 @@
+version: "2"
+linters:
+  enable:
+    - copyloopvar # Checks for loop variable copies in Go 1.22+
+    - depguard # Checks for dependencies that should not be (re)introduced. See "settings" for further details.
+    - dupword # Checks for duplicate words in the source code
+    - gosec
+    - misspell
+    - nolintlint
+    - revive
+    - unconvert
+    - usetesting
+  disable:
+    - errcheck
+  settings:
+    depguard:
+      rules:
+        main:
+          deny:
+            - pkg: github.com/opencontainers/runc
+              desc: We don't want to depend on runc (libcontainer), unless there is no other option; see https://github.com/opencontainers/runc/issues/3028.
+    gosec:
+      # The following issues surfaced when `gosec` linter
+      # was enabled. They are temporarily excluded to unblock
+      # the existing workflow, but still to be addressed by
+      # future works.
+      excludes:
+        - G204
+        - G305
+        - G306
+        - G402
+        - G404
+        - G115
+        - G103
+        - G104
+        - G301
+        - G302
+        - G304
+    staticcheck:
+      checks:
+        - all
+        - -QF1008 # Excludes QF1008 from staticcheck
+        - -ST1000
+        - -ST1003
+        - -ST1020
+        - -ST1021
+    revive:
+      rules:
+        - name: package-comments
+          severity: warning
+          disabled: true
+          exclude: [ "" ]
+    nolintlint:
+      allow-unused: true
+  exclusions:
+    generated: lax
+    rules:
+      - linters:
+          - revive
+        text: if-return
+      - linters:
+          - revive
+        text: empty-block
+      - linters:
+          - revive
+        text: superfluous-else
+      - linters:
+          - revive
+        text: unused-parameter
+      - linters:
+          - revive
+        text: unreachable-code
+      - linters:
+          - revive
+        text: redefines-builtin-id
+    paths:
+      - api
+      - docs
+      - releases
+      - test
+issues:
+  max-issues-per-linter: 0
+  max-same-issues: 0
+formatters:
+  enable:
+    - gofmt
+    - goimports
+  exclusions:
+    generated: strict
+    paths:
+      - api
+      - docs
+      - releases
+      - test

README.md

@@ -32,7 +32,7 @@ $ make
 The results will be in the `_output` directory.
 
 > #### macOS Tip
-> 
+>
 > On macOS, use these commands:
 > ```
 > $ make KERNEL_ARCH=arm64 KERNEL_NPROC=12 KERNEL_VERSION=6.12.44
@@ -117,7 +117,7 @@ Install libkrun, erofs-utils, e2fsprogs on your host
 > #### macOS Tip
 >
 > Use brew to install libkrun, erofs-utils, and e2fsprogs
-> 
+>
 > ```
 > brew tap slp/krunkit
 > brew install libkrun-efi erofs-utils e2fsprogs

cmd/vminitd/main.go

@@ -359,9 +359,3 @@ func New(ctx context.Context, config ServiceConfig) (Runnable, error) {
 func (s *service) Run(ctx context.Context) error {
 	return s.server.Serve(ctx, s.l)
 }
-
-func newTTRPCServer() (*ttrpc.Server, error) {
-	return ttrpc.NewServer(
-		ttrpc.WithUnaryServerInterceptor(otelttrpc.UnaryServerInterceptor()),
-	)
-}

docs/ctr-networking.md

@@ -8,7 +8,7 @@ Containers can be connected to networks the VM that have been defined via the
 Each `io.containerd.nerdbox.ctr.network` annotation describes a single network
 connection.
 
-- `vmmac` (required): MAC address of the VM's interface, identifies the network. 
+- `vmmac` (required): MAC address of the VM's interface, identifies the network.
 - `mac` (optional): A MAC address to assign to the container's network interface.
 - `addr` (optional, can be repeated): IP address with subnet mask (CIDR notation)
   for the container's interface.

internal/shim/task/io.go

@@ -34,14 +34,6 @@ import (
 	"github.com/containerd/log"
 )
 
-type processIO struct {
-	//io runc.IO
-
-	uri   *url.URL
-	copy  bool
-	stdio stdio.Stdio
-}
-
 type streamCreator interface {
 	StartStream(ctx context.Context) (uint32, net.Conn, error)
 }

internal/shim/task/mount.go

@@ -72,8 +72,8 @@ func transformMounts(ctx context.Context, vmi vm.Instance, id string, ms []*type
 			disks++
 		case "overlay", "format/overlay", "format/mkdir/overlay":
 			var (
-				wdi int = -1
-				udi int = -1
+				wdi = -1
+				udi = -1
 			)
 			for i, opt := range m.Options {
 				if strings.Contains(opt, "{{") {

internal/shim/task/service.go

@@ -29,7 +29,6 @@ import (
 
 	taskAPI "github.com/containerd/containerd/api/runtime/task/v3"
 	"github.com/containerd/containerd/api/types"
-	"github.com/containerd/containerd/v2/cmd/containerd-shim-runc-v2/process"
 	"github.com/containerd/containerd/v2/core/runtime"
 	"github.com/containerd/containerd/v2/pkg/namespaces"
 	ptypes "github.com/containerd/containerd/v2/pkg/protobuf/types"
@@ -59,7 +58,7 @@ func NewTaskService(ctx context.Context, vmm vm.Manager, publisher shim.Publishe
 	s := &service{
 		context:          ctx,
 		vmm:              vmm,
-		events:           make(chan interface{}, 128),
+		events:           make(chan any, 128),
 		containers:       make(map[string]*container),
 		initiateShutdown: sd.Shutdown,
 	}
@@ -94,9 +93,8 @@ type service struct {
 	// vm is the VM instance used to run the container
 	vm vm.Instance
 
-	context  context.Context
-	events   chan interface{}
-	platform stdio.Platform
+	context context.Context
+	events  chan any
 
 	containers map[string]*container
 
@@ -138,11 +136,6 @@ func (s *service) shutdown(ctx context.Context) error {
 	return errors.Join(errs...)
 }
 
-type containerProcess struct {
-	//Container *runc.Container
-	Process process.Process
-}
-
 // transformBindMounts transforms bind mounts
 func transformBindMounts(ctx context.Context, b *bundle.Bundle) error {
 	for i, m := range b.Spec.Mounts {
@@ -292,8 +285,8 @@ func (s *service) Create(ctx context.Context, r *taskAPI.CreateTaskRequest) (_ *
 		return nil, errgrpc.ToGRPC(err)
 	}
 
-	// setupTime is the total time to setup the VM and everything neeeded
-	// to proxy the create task request. This measures the the overall
+	// setupTime is the total time to setup the VM and everything needed
+	// to proxy the create task request. This measures the overall
 	// overhead of creating the container inside the VM.
 	setupTime := time.Since(presetup)
 
@@ -640,47 +633,6 @@ func (s *service) Stats(ctx context.Context, r *taskAPI.StatsRequest) (*taskAPI.
 	return tc.Stats(ctx, r)
 }
 
-/*
-func (s *service) processExits() {
-	for e := range s.ec {
-		// While unlikely, it is not impossible for a container process to exit
-		// and have its PID be recycled for a new container process before we
-		// have a chance to process the first exit. As we have no way to tell
-		// for sure which of the processes the exit event corresponds to (until
-		// pidfd support is implemented) there is no way for us to handle the
-		// exit correctly in that case.
-
-		s.lifecycleMu.Lock()
-		// Inform any concurrent s.Start() calls so they can handle the exit
-		// if the PID belongs to them.
-		for subscriber := range s.exitSubscribers {
-			(*subscriber)[e.Pid] = append((*subscriber)[e.Pid], e)
-		}
-		// Handle the exit for a created/started process. If there's more than
-		// one, assume they've all exited. One of them will be the correct
-		// process.
-		var cps []containerProcess
-		for _, cp := range s.running[e.Pid] {
-			_, init := cp.Process.(*process.Init)
-			if init {
-				s.containerInitExit[cp.Container] = e
-			}
-			cps = append(cps, cp)
-		}
-		delete(s.running, e.Pid)
-		s.lifecycleMu.Unlock()
-
-		for _, cp := range cps {
-			if ip, ok := cp.Process.(*process.Init); ok {
-				s.handleInitExit(e, cp.Container, ip)
-			} else {
-				s.handleProcessExit(e, cp.Container, cp.Process)
-			}
-		}
-	}
-}
-*/
-
 func (s *service) send(evt interface{}) {
 	s.events <- evt
 }
@@ -710,119 +662,3 @@ func (s *service) forward(ctx context.Context, publisher shim.Publisher) {
 		log.G(ctx).WithField("event", e).Error("ignored event after shutdown")
 	}
 }
-
-/*
-// handleInitExit processes container init process exits.
-// This is handled separately from non-init exits, because there
-// are some extra invariants we want to ensure in this case, namely:
-// - for a given container, the init process exit MUST be the last exit published
-// This is achieved by:
-// - killing all running container processes (if the container has a shared pid
-// namespace, otherwise all other processes have been reaped already).
-// - waiting for the container's running exec counter to reach 0.
-// - finally, publishing the init exit.
-func (s *service) handleInitExit(e runcC.Exit, c *runc.Container, p *process.Init) {
-	// kill all running container processes
-	if runc.ShouldKillAllOnExit(s.context, c.Bundle) {
-		if err := p.KillAll(s.context); err != nil {
-			log.G(s.context).WithError(err).WithField("id", p.ID()).
-				Error("failed to kill init's children")
-		}
-	}
-
-	s.lifecycleMu.Lock()
-	numRunningExecs := s.runningExecs[c]
-	if numRunningExecs == 0 {
-		delete(s.runningExecs, c)
-		s.lifecycleMu.Unlock()
-		s.handleProcessExit(e, c, p)
-		return
-	}
-
-	events := make(chan int, numRunningExecs)
-	s.execCountSubscribers[c] = events
-
-	s.lifecycleMu.Unlock()
-
-	go func() {
-		defer func() {
-			s.lifecycleMu.Lock()
-			defer s.lifecycleMu.Unlock()
-			delete(s.execCountSubscribers, c)
-			delete(s.runningExecs, c)
-		}()
-
-		// wait for running processes to exit
-		for {
-			if runningExecs := <-events; runningExecs == 0 {
-				break
-			}
-		}
-
-		// all running processes have exited now, and no new
-		// ones can start, so we can publish the init exit
-		s.handleProcessExit(e, c, p)
-	}()
-}
-
-func (s *service) handleProcessExit(e runcC.Exit, c *runc.Container, p process.Process) {
-	p.SetExited(e.Status)
-	s.send(&eventstypes.TaskExit{
-		ContainerID: c.ID,
-		ID:          p.ID(),
-		Pid:         uint32(e.Pid),
-		ExitStatus:  uint32(e.Status),
-		ExitedAt:    protobuf.ToTimestamp(p.ExitedAt()),
-	})
-	if _, init := p.(*process.Init); !init {
-		s.lifecycleMu.Lock()
-		s.runningExecs[c]--
-		if ch, ok := s.execCountSubscribers[c]; ok {
-			ch <- s.runningExecs[c]
-		}
-		s.lifecycleMu.Unlock()
-	}
-}
-
-func (s *service) getContainerPids(ctx context.Context, container *runc.Container) ([]uint32, error) {
-	p, err := container.Process("")
-	if err != nil {
-		return nil, errgrpc.ToGRPC(err)
-	}
-	ps, err := p.(*process.Init).Runtime().Ps(ctx, container.ID)
-	if err != nil {
-		return nil, err
-	}
-	pids := make([]uint32, 0, len(ps))
-	for _, pid := range ps {
-		pids = append(pids, uint32(pid))
-	}
-	return pids, nil
-}
-
-
-func (s *service) getContainer(id string) (*runc.Container, error) {
-	s.mu.Lock()
-	container := s.containers[id]
-	s.mu.Unlock()
-	if container == nil {
-		return nil, errgrpc.ToGRPCf(errdefs.ErrNotFound, "container not created")
-	}
-	return container, nil
-}
-
-// initialize a single epoll fd to manage our consoles. `initPlatform` should
-// only be called once.
-func (s *service) initPlatform() error {
-	if s.platform != nil {
-		return nil
-	}
-	p, err := runc.NewPlatform()
-	if err != nil {
-		return err
-	}
-	s.platform = p
-	s.shutdown.RegisterCallback(func(context.Context) error { return s.platform.Close() })
-	return nil
-}
-*/