shim-protos: replace ttrpc-codegen to the released crate version

The new version v0.6.0 has been released.

Signed-off-by: Tim Zhang <tim@hyper.sh>

.github/labeler.yml

@@ -2,18 +2,38 @@
 # `C-` project crate(s) affected.
 # `T-` change type (CI, docs, etc).
 
-C-client: crates/client/**
-C-logging: crates/logging/**
-C-runc: crates/runc/**
-C-runc-shim: crates/runc-shim/**
-C-shim: crates/shim/**
-C-shim-protos: crates/shim-protos/**
-C-snapshots: crates/snapshots/**
+C-client:
+  - changed-files:
+      - any-glob-to-any-file: crates/client/**
+
+C-logging:
+  - changed-files:
+      - any-glob-to-any-file: crates/logging/**
+
+C-runc:
+  - changed-files:
+      - any-glob-to-any-file: crates/runc/**
+
+C-runc-shim:
+  - changed-files:
+      - any-glob-to-any-file: crates/runc-shim/**
+
+C-shim:
+  - changed-files:
+      - any-glob-to-any-file: crates/shim/**
+
+C-shim-protos:
+  - changed-files:
+      - any-glob-to-any-file: crates/shim-protos/**
+
+C-snapshots:
+  - changed-files:
+      - any-glob-to-any-file: crates/snapshots/**
 
 T-CI:
-- '.github/**'
-- '*.toml'
+  - changed-files:
+      - any-glob-to-any-file: [".github/**", "*.toml"]
 
 T-docs:
-- '**/*.md'
-
+  - changed-files:
+      - any-glob-to-any-file: "**/*.md"

.github/workflows/ci-windows.yml

@@ -1,101 +0,0 @@
-name: CI-windows
-on:
-  pull_request:
-  push:
-  schedule:
-    - cron: '0 0 * * *' # Every day at midnight
-
-jobs:
-  checks:
-    name: Checks
-    runs-on: ${{ matrix.os }}
-    timeout-minutes: 20
-
-    strategy:
-      matrix:
-        os: [windows-latest]
-
-    steps:
-      - uses: actions/checkout@v3
-      - uses: arduino/setup-protoc@v2
-        with:
-          repo-token: ${{ secrets.GITHUB_TOKEN }}
-      - run: cargo check --examples --tests -p containerd-shim -p containerd-shim-protos
-      
-      - run: rustup toolchain install nightly --component rustfmt
-      - run: cargo +nightly fmt -p containerd-shim -p containerd-shim-protos -- --check --files-with-diff
-      
-      - run: cargo clippy -p containerd-shim -p containerd-shim-protos -- -D warnings
-      - run: cargo doc --no-deps -p containerd-shim -p containerd-shim-protos
-        env:
-          RUSTDOCFLAGS: -Dwarnings
-
-  tests:
-    name: Tests
-    runs-on: ${{ matrix.os }}
-    timeout-minutes: 15
-
-    strategy:
-      matrix:
-        os: [windows-latest]
-
-    steps:
-      - uses: actions/checkout@v3
-      - uses: arduino/setup-protoc@v2
-        with:
-          repo-token: ${{ secrets.GITHUB_TOKEN }}
-      - name: Tests
-        run: |
-          cargo test -p containerd-shim -p containerd-shim-protos
-
-  integration:
-    name: Integration
-    runs-on: ${{ matrix.os }}
-    timeout-minutes: 40
-
-    strategy:
-      matrix:
-        os: [windows-latest]
-        containerd: [1.7.0]
-
-    steps:
-      - name: Checkout extensions
-        uses: actions/checkout@v3
-
-      - name: Install containerd
-        run: |
-          $ErrorActionPreference = "Stop"
-
-          # Install containerd https://github.com/containerd/containerd/blob/v1.7.0/docs/getting-started.md#installing-containerd-on-windows
-          # Download and extract desired containerd Windows binaries
-          curl.exe -L https://github.com/containerd/containerd/releases/download/v${{ matrix.containerd }}/containerd-${{ matrix.containerd }}-windows-amd64.tar.gz -o containerd-windows-amd64.tar.gz
-          tar.exe xvf .\containerd-windows-amd64.tar.gz
-
-          # Copy and configure
-          mkdir "$Env:ProgramFiles\containerd"
-          Copy-Item -Path ".\bin\*" -Destination "$Env:ProgramFiles\containerd" -Recurse -Force
-          cd $Env:ProgramFiles\containerd\
-          .\containerd.exe config default | Out-File config.toml -Encoding ascii
-
-          # Review the configuration. Depending on setup you may want to adjust:
-          # - the sandbox_image (Kubernetes pause image)
-          # - cni bin_dir and conf_dir locations
-          Get-Content config.toml
-
-          # Register and start service
-          .\containerd.exe --register-service
-          Start-Service containerd
-        working-directory: ${{ runner.temp }}
-      - name: Run integration test
-        run: |
-          $ErrorActionPreference = "Stop"
-
-          get-service containerd
-          $env:TTRPC_ADDRESS="\\.\pipe\containerd-containerd.ttrpc"  
-
-          # run the example 
-          cargo run -p containerd-shim --example skeleton -- -namespace default -id 1234 -address "\\.\pipe\containerd-containerd"  -publish-binary ./bin/containerd start 
-          ps skeleton 
-          cargo run -p containerd-shim-protos --example shim-proto-connect \\.\pipe\containerd-shim-17630016127144989388-pipe
-          $skeleton = get-process skeleton -ErrorAction SilentlyContinue
-          if ($skeleton) { exit 1 }

.github/workflows/ci.yml

@@ -17,20 +17,52 @@ jobs:
         os: [ubuntu-latest, macos-latest]
 
     steps:
-      - uses: actions/checkout@v3
-      - uses: arduino/setup-protoc@v2
-        with:
-          repo-token: ${{ secrets.GITHUB_TOKEN }}
-      - run: cargo check --examples --tests --all-targets
-      - run: cargo check --examples --tests --all-targets --all-features
+      - uses: actions/checkout@v4
+
+      - run: ./scripts/install-protobuf.sh
+        shell: bash
 
       - run: rustup toolchain install nightly --component rustfmt
-      - run: cargo +nightly fmt --all -- --check --files-with-diff
+      - run: cargo +nightly fmt --all -- --check
 
+      # the "runc" and "containerd-shim" crates have `sync` code that is not covered by the workspace
+      - run: cargo check -p runc --all-targets
+      - run: cargo clippy -p runc --all-targets -- -D warnings
+      - run: cargo check -p containerd-shim --all-targets
+      - run: cargo clippy -p containerd-shim --all-targets  -- -D warnings
+
+      # check the workspace
+      - run: cargo check --examples --tests --all-targets
+      - run: cargo check --examples --tests --all-targets --all-features
       - run: cargo clippy --all-targets -- -D warnings
       - run: cargo clippy --all-targets --all-features -- -D warnings
 
-      - run: cargo doc --no-deps
+      - run: cargo doc --no-deps --features docs
+        env:
+          RUSTDOCFLAGS: -Dwarnings
+
+      - name: check unused dependencies
+        uses: bnjbvr/cargo-machete@v0.8.0
+        env:
+          RUSTUP_TOOLCHAIN: "stable"
+
+  # TODO: Merge this with the checks job above
+  windows-checks:
+    name: Windows Checks
+    runs-on: windows-latest
+    timeout-minutes: 20
+
+    steps:
+      - uses: actions/checkout@v4
+      - run: ./scripts/install-protobuf.sh
+        shell: bash
+      - run: cargo check --examples --tests -p containerd-shim -p containerd-shim-protos -p containerd-client
+
+      - run: rustup toolchain install nightly --component rustfmt
+      - run: cargo +nightly fmt -p containerd-shim -p containerd-shim-protos -p containerd-client -- --check
+
+      - run: cargo clippy -p containerd-shim -p containerd-shim-protos -- -D warnings
+      - run: cargo doc --no-deps -p containerd-shim -p containerd-shim-protos -p containerd-client
         env:
           RUSTDOCFLAGS: -Dwarnings
 
@@ -41,23 +73,27 @@ jobs:
 
     strategy:
       matrix:
-        os: [ubuntu-latest, macos-latest]
+        os: [ubuntu-latest, macos-latest, windows-latest]
 
     steps:
-      - uses: actions/checkout@v3
-      - uses: arduino/setup-protoc@v2
-        with:
-          repo-token: ${{ secrets.GITHUB_TOKEN }}
-      - env:
-          # runc::tests::test_exec needs $XDG_RUNTIME_DIR to be set
-          XDG_RUNTIME_DIR: /tmp/dummy-xdr
-        run: |
+      - uses: actions/checkout@v4
+      - run: ./scripts/install-protobuf.sh
+        shell: bash
+      - run: |
           # runc-shim::cgroup::test_add_cgroup needs root permission to set cgroup
           mkdir -p /tmp/dummy-xdr
-          export PROTOC=$(which protoc)
           sudo -E $(command -v cargo) test
           sudo -E $(command -v cargo) test --all-features
 
+          # the shim has sync code that is not covered when running with --all-features
+          sudo -E $(command -v cargo) test -p containerd-shim
+        if: ${{ !contains(matrix.os, 'windows') }}
+        env:
+          # runc::tests::test_exec needs $XDG_RUNTIME_DIR to be set
+          XDG_RUNTIME_DIR: /tmp/dummy-xdr
+      - run: cargo test -p containerd-shim -p containerd-shim-protos -p containerd-client
+        if: ${{ contains(matrix.os, 'windows') }}
+
   # Collect build timings
   # See https://blog.rust-lang.org/2022/04/07/Rust-1.60.0.html#cargo---timings
   timings:
@@ -66,14 +102,13 @@ jobs:
     timeout-minutes: 15
 
     steps:
-      - uses: actions/checkout@v3
-      - uses: arduino/setup-protoc@v2
-        with:
-          repo-token: ${{ secrets.GITHUB_TOKEN }}
+      - uses: actions/checkout@v4
+      - run: ./scripts/install-protobuf.sh
+        shell: bash
       - run: cargo build --all-features --timings
-      - uses: actions/upload-artifact@v3
+      - uses: actions/upload-artifact@v4
         with:
-          name: cargo-timing
+          name: timings
           path: target/cargo-timings/cargo-timing.html
           if-no-files-found: error
 
@@ -83,60 +118,141 @@ jobs:
     timeout-minutes: 10
 
     steps:
-      - uses: actions/checkout@v3
-      - uses: EmbarkStudios/cargo-deny-action@v1
+      - uses: actions/checkout@v4
+      - uses: EmbarkStudios/cargo-deny-action@v2
 
-  integration:
-    name: Integration
+  linux-integration:
+    name: Linux Integration
     runs-on: ${{ matrix.os }}
     timeout-minutes: 40
 
     strategy:
       matrix:
-        os: [ubuntu-20.04, ubuntu-22.04]
-        containerd: [v1.6.21, v1.7.1]
+        os: [ubuntu-latest]
+        containerd: [v1.6.38, v1.7.27, v2.1.1]
 
     steps:
       - name: Checkout extensions
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
-      - uses: actions/setup-go@v4
-        with:
-          go-version: '1.20.4'
+      - name: Download containerd archive
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          gh release download ${{ matrix.containerd }} \
+            --repo containerd/containerd \
+            --pattern 'containerd-1.*-linux-amd64.tar.gz' \
+            --pattern 'containerd-2.*-linux-amd64.tar.gz' \
+            --output containerd.tar.gz
+
+      - name: Extract containerd binaries to $HOME/.local/bin
+        run: |
+          mkdir -p $HOME/.local/bin
+          echo "$HOME/.local/bin" >> $GITHUB_PATH
+          tar -xf containerd.tar.gz -C $HOME/.local
 
       - name: Checkout containerd
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           repository: containerd/containerd
           path: src/github.com/containerd/containerd
           ref: ${{ matrix.containerd }}
 
-      - name: Install containerd
-        env:
-          GOFLAGS: -modcacherw
-          CGO_ENABLED: 1
-        run: |
-          # Install containerd dependencies first
-          sudo apt-get install -y gperf
-          sudo -E PATH=$PATH script/setup/install-seccomp
-          sudo -E PATH=$PATH script/setup/install-runc
-          sudo -E PATH=$PATH script/setup/install-cni $(grep containernetworking/plugins go.mod | awk '{print $2}')
-          # Install containerd
-          make bin/containerd GO_BUILD_FLAGS="-mod=vendor" BUILDTAGS="no_btrfs no_devmapper"
-          sudo -E PATH=$PATH install bin/containerd /usr/local/bin/
-        working-directory: src/github.com/containerd/containerd
-
       - name: Install shim
         run: |
           cargo build --release --bin containerd-shim-runc-v2-rs
           sudo install -D ./target/release/containerd-shim-runc-v2-rs /usr/local/bin/
 
+      ## get latest go version for integrations tests so we can skip runnings tests
+      - uses: actions/setup-go@v5
+        with:
+          go-version: '1.23'
+
       - name: Integration
         env:
-          GOPROXY: direct
           TEST_RUNTIME: "io.containerd.runc.v2-rs"
           TESTFLAGS_PARALLEL: 1
-          EXTRA_TESTFLAGS: "-no-criu -test.skip='(TestContainerPTY|TestContainerExecLargeOutputWithTTY|TestTaskUpdate|TestTaskResize)'"
+          EXTRA_TESTFLAGS: "-no-criu -test.skip='(TestContainerPTY|TestContainerExecLargeOutputWithTTY|TestTaskUpdate|TestTaskResize|TestContainerAttach|TestContainerAttachProcess|TestRuntimeInfo)'"
           TESTFLAGS_RACE: "-race"
-        run: sudo -E PATH=$PATH make integration
+          # Pretend crun for now, remove after https://github.com/containerd/containerd/pull/9829
+          RUNC_FLAVOR: "crun"
+        run: |
+          sudo -E PATH=$PATH make integration
         working-directory: src/github.com/containerd/containerd
+
+  windows-integration:
+    name: Windows Integration
+    runs-on: ${{ matrix.os }}
+    timeout-minutes: 40
+
+    strategy:
+      matrix:
+        os: [windows-latest]
+        containerd: [1.7.0]
+
+    steps:
+      - name: Checkout extensions
+        uses: actions/checkout@v4
+      - run: ./scripts/install-protobuf.sh
+        shell: bash
+
+      - name: Install containerd
+        run: |
+          $ErrorActionPreference = "Stop"
+
+          # Install containerd https://github.com/containerd/containerd/blob/v1.7.0/docs/getting-started.md#installing-containerd-on-windows
+          # Download and extract desired containerd Windows binaries
+          curl.exe -L https://github.com/containerd/containerd/releases/download/v${{ matrix.containerd }}/containerd-${{ matrix.containerd }}-windows-amd64.tar.gz -o containerd-windows-amd64.tar.gz
+          tar.exe xvf .\containerd-windows-amd64.tar.gz
+
+          # Copy and configure
+          mkdir "$Env:ProgramFiles\containerd"
+          Copy-Item -Path ".\bin\*" -Destination "$Env:ProgramFiles\containerd" -Recurse -Force
+          cd $Env:ProgramFiles\containerd\
+          .\containerd.exe config default | Out-File config.toml -Encoding ascii
+
+          # Review the configuration. Depending on setup you may want to adjust:
+          # - the sandbox_image (Kubernetes pause image)
+          # - cni bin_dir and conf_dir locations
+          Get-Content config.toml
+
+          # Register and start service
+          .\containerd.exe --register-service
+          Start-Service containerd
+        working-directory: ${{ runner.temp }}
+      - name: Run integration test
+        run: |
+          $ErrorActionPreference = "Stop"
+
+          get-service containerd
+          $env:TTRPC_ADDRESS="\\.\pipe\containerd-containerd.ttrpc"
+
+          # run the example
+          cargo run -p containerd-shim --example skeleton -- -namespace default -id 1234 -address "\\.\pipe\containerd-containerd"  -publish-binary ./bin/containerd start
+          ps skeleton
+          cargo run -p containerd-shim-protos --example shim-proto-connect \\.\pipe\containerd-shim-bc764c65e177434fcefe8257dc440be8b8acf7c96156320d965938f7e9ae1a35-pipe
+          $skeleton = get-process skeleton -ErrorAction SilentlyContinue
+          if ($skeleton) { exit 1 }
+      - name: Run client
+        run: |
+          $ErrorActionPreference = "Stop"
+
+          get-service containerd
+          cargo run -p containerd-client --example version
+
+  # Currently Github actions UI supports no masks to mark matrix jobs as required to pass status checks.
+  # This means that every time version of Go, containerd, or OS is changed, a corresponding job should
+  # be added to the list of required checks. Which is not very convenient.
+  # To workaround this, a special job is added to report statuses of all other jobs, with fixed title.
+  # So it needs to be added to the list of required checks only once.
+  #
+  # See https://github.com/orgs/community/discussions/26822
+  results:
+    name: Report required job statuses
+    runs-on: ubuntu-latest
+    # List job dependencies which are required to pass status checks in order to be merged via merge queue.
+    needs: [checks, windows-checks, tests, deny, linux-integration, windows-integration]
+    if: ${{ always() }}
+    steps:
+      - run: exit 1
+        if: ${{ contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') }}

.github/workflows/cover.yml

@@ -0,0 +1,60 @@
+name: Coverage
+on:
+  push:
+    branches: "main"
+  pull_request:
+    branches: "main"
+
+jobs:
+  coverage:
+    name: Collect
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+
+    permissions:
+      statuses: write
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - run: |
+          sudo apt-get install protobuf-compiler
+
+      - name: Install grcov
+        run: |
+          cargo install --locked grcov@0.8.24
+          grcov --version
+
+      - name: Tests
+        env:
+          RUSTFLAGS: "-Cinstrument-coverage"
+          LLVM_PROFILE_FILE: "target/coverage/%p-%m.profraw"
+        run: |
+          sudo -E $(command -v cargo) test --all-features
+
+          # Fix permissions after sudo.
+          sudo chown -R $(whoami) target/coverage/
+
+      - name: Collect coverage data
+        run: |
+          grcov . \
+            --source-dir . \
+            --binary-path ./target/debug/ \
+            --branch \
+            --ignore-not-existing \
+            --output-types markdown,lcov \
+            --keep-only 'crates/*' \
+            --output-path ./target/coverage/
+
+      - name: Upload coverage data
+        uses: codecov/codecov-action@v5
+        with:
+          token: ${{ secrets.CODECOV_TOKEN }}
+          flags: unittests
+          files: ./target/coverage/lcov
+          verbose: true
+
+      - name: Publish job summary
+        run: |
+          echo "# Coverage" >> $GITHUB_STEP_SUMMARY
+          cat target/coverage/markdown.md >> $GITHUB_STEP_SUMMARY

.github/workflows/labeler.yml

@@ -16,10 +16,10 @@ jobs:
     # Required by gh
     env:
       GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      PR_NUMBER: ${{ github.event.number }}
+      PR_URL: ${{ github.event.pull_request.html_url }}
 
     steps:
-    - uses: actions/labeler@v4
+    - uses: actions/labeler@v5
       with:
         # Auto-include paths starting with dot (e.g. .github)
         dot: true
@@ -27,5 +27,5 @@ jobs:
         sync-labels: true
 
     # Apply OS-windows label if PR title contains 'Windows'
-    - run: gh pr edit $PR_NUMBER --add-label OS-windows
+    - run: gh pr edit $PR_URL --add-label OS-windows
       if: contains(github.event.pull_request.title, 'Windows')

.github/workflows/publish.yml

@@ -0,0 +1,70 @@
+# Automates crate publishing
+# - Submit a PR to bump crate version.
+# - Specify crate to publish from the menu.
+# - Launch the job:
+#   + The job will extract version from Cargo.toml
+#   + Will publish to crates.io
+#   + Will add and push a git tag "<crate>-v<version>"
+
+name: Release
+on:
+  workflow_dispatch:
+    inputs:
+      crate:
+        description: 'Crate to publish'
+        required: true
+        type: choice
+        options:
+          - client
+          - logging
+          - runc
+          - runc-shim
+          - shim
+          - shim-protos
+          - snapshots
+
+      dryrun:
+        description: 'Dry run'
+        required: false
+        type: boolean
+        default: false
+
+jobs:
+  publish:
+    name: 'Publish ${{ inputs.crate }}'
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+
+    permissions:
+      contents: write
+
+    env:
+      CARGO_FILE: "crates/${{ inputs.crate }}/Cargo.toml"
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Extract package version
+        id: extract_version
+        run: |
+          cargo generate-lockfile
+          echo "version=$(cargo pkgid --manifest-path $CARGO_FILE | sed 's/.*@//')" >> $GITHUB_OUTPUT
+
+      - name: Install protobuf
+        run: |
+          sudo apt update
+          sudo apt install protobuf-compiler
+
+      - name: Publish on crates.io
+        run: cargo publish $DRYRUN --manifest-path $CARGO_FILE
+        env:
+          DRYRUN: ${{ inputs.dryrun && '--dry-run' || '' }}
+          CARGO_REGISTRY_TOKEN: ${{ secrets.CARGO_REGISTRY_TOKEN }}
+
+      - name: Push version tag
+        if: ${{ !inputs.dryrun }}
+        env:
+          TAG: "${{ inputs.crate }}-v${{ steps.extract_version.outputs.version }}"
+        run: |
+          git tag $TAG
+          git push origin $TAG

.github/workflows/stale.yml

@@ -0,0 +1,36 @@
+name: 'Close stale issues and PRs'
+on:
+  schedule:
+    - cron: "0 0 * * *" # Every day at midnight
+  pull_request:
+    paths:
+      - '.github/workflows/stale.yml'
+
+permissions: read-all
+
+jobs:
+  stale:
+    runs-on: ubuntu-latest
+
+    permissions:
+      issues: write
+      pull-requests: write
+
+    steps:
+      - uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 # v9.1.0
+        # All stale bot options: https://github.com/actions/stale#all-options
+        with:
+          # Idle number of days before marking issues/PRs stale
+          days-before-stale: 90
+          # Idle number of days before closing stale issues/PRs
+          days-before-close: 7
+          # Comment on the staled issues
+          stale-issue-message: 'This issue is stale because it has been open 90 days with no activity. This issue will be closed in 7 days unless new comments are made or the stale label is removed.'
+          # Comment on the staled PRs
+          stale-pr-message: 'This PR is stale because it has been open 90 days with no activity. This PR will be closed in 7 days unless new comments are made or the stale label is removed.'
+          # Comment on the staled issues while closed
+          close-issue-message: 'This issue was closed because it has been stalled for 7 days with no activity.'
+          # Comment on the staled PRs while closed
+          close-pr-message: 'This PR was closed because it has been stalled for 7 days with no activity.'
+          # Enable dry-run when changing this file from a PR.
+          debug-only: github.event_name == 'pull_request'

Cargo.toml

@@ -1,13 +1,14 @@
 [workspace]
 members = [
-    "crates/client",
-    "crates/logging",
-    "crates/shim-protos",
-    "crates/shim",
-    "crates/snapshots",
-    "crates/runc",
-    "crates/runc-shim",
+  "crates/client",
+  "crates/logging",
+  "crates/runc",
+  "crates/runc-shim",
+  "crates/shim",
+  "crates/shim-protos",
+  "crates/snapshots",
 ]
+resolver = "2"
 
 [profile.release]
 # Keep binary as small as possible
@@ -24,14 +25,27 @@ edition = "2021"
 
 # Common dependencies for all crates
 [workspace.dependencies]
-tokio = "1.26"
-tower = "0.4"
-
-tonic = "0.9.2"
-tonic-build = "0.9.2"
-
-prost = "0.11"
-prost-types = "0.11"
-
 async-trait = "0.1.52"
+cgroups-rs = "0.3.4"
+crossbeam = "0.8.1"
 futures = "0.3.19"
+libc = "0.2.112"
+log = {version = "0.4.2", features=["kv_unstable"]}
+nix = "0.29"
+oci-spec = "0.7"
+os_pipe = "1.1"
+prctl = "1.0.0"
+prost = "0.13"
+prost-build = "0.13"
+prost-types = "0.13"
+serde = { version = "1.0", features = ["derive"] }
+serde_json = "1.0"
+simple_logger = { version = "5.0", default-features = false }
+tempfile = "3.6"
+thiserror = "2.0"
+time = { version = "0.3.29", features = ["serde", "std", "formatting"] }
+tokio = "1.26"
+tonic = "0.13"
+tonic-build = "0.13"
+tower = "0.5"
+uuid = { version = "1.0", features = ["v4"] }

MAINTAINERS

@@ -7,3 +7,6 @@
 # REVIEWERS
 # GitHub ID, Name, Email address
 "Burning1020","Zhang Tianyang","burning9699@gmail.com"
+"jsturtevant","James Sturtevant","jstur@microsoft.com"
+"mossaka","Jiaxiao Zhou","jiazho@microsoft.com"
+

README.md

@@ -1,6 +1,7 @@
 # Rust extensions for containerd
 
 [![CI](https://github.com/mxpv/shim-rs/actions/workflows/ci.yml/badge.svg?branch=main)](https://github.com/mxpv/shim-rs/actions/workflows/ci.yml)
+[![codecov](https://codecov.io/gh/containerd/rust-extensions/graph/badge.svg?token=VPUPN3MOFX)](https://codecov.io/gh/containerd/rust-extensions)
 [![Crates.io](https://img.shields.io/crates/l/containerd-client)](https://github.com/containerd/rust-extensions/blob/main/LICENSE)
 [![dependency status](https://deps.rs/repo/github/containerd/rust-extensions/status.svg)](https://deps.rs/repo/github/containerd/rust-extensions)
 

codecov.yml

@@ -0,0 +1 @@
+comment: false

crates/client/Cargo.toml

@@ -1,9 +1,9 @@
 [package]
 name = "containerd-client"
-version = "0.4.0"
+version = "0.8.0"
 authors = [
-    "Maksym Pavlenko <pavlenko.maksym@gmail.com>",
-    "The containerd Authors",
+  "Maksym Pavlenko <pavlenko.maksym@gmail.com>",
+  "The containerd Authors",
 ]
 description = "GRPC bindings to containerd APIs"
 keywords = ["containerd", "client", "grpc", "containers"]
@@ -14,21 +14,41 @@ license.workspace = true
 repository.workspace = true
 homepage.workspace = true
 
+[[example]]
+name = "container"
+path = "examples/container.rs"
+
+[[example]]
+name = "version"
+path = "examples/version.rs"
+
 [dependencies]
-tonic.workspace = true
+hyper-util = "0.1.6" # https://github.com/hyperium/hyper/issues/3110
 prost.workspace = true
 prost-types.workspace = true
 tokio = { workspace = true, optional = true }
+tonic.workspace = true
 tower = { workspace = true, optional = true }
 
 [build-dependencies]
 tonic-build.workspace = true
+prost-build.workspace = true
+
+[dev-dependencies]
+tokio = { workspace = true, features = ["rt", "macros"]}
 
 [features]
 connect = ["tokio", "tower"]
+docs = []
 
 # Technically Tonic doesn't require Tokio and Tower dependencies here.
 # However we need them to implement `connect` helper and it's highly unlikely
 # that Tonic will be used with any other async runtime (see https://github.com/hyperium/tonic/issues/152)
 # So we enable `connect` feature by default (use `--no-default-features` otherwise).
 default = ["connect"]
+
+[package.metadata.docs.rs]
+features = ["docs"]
+
+[package.metadata.cargo-machete]
+ignored = ["prost"]

crates/client/README.md

@@ -9,12 +9,18 @@ This crate implements a GRPC client to query containerd APIs.
 
 ## Example
 
+Run with `cargo run --example version`
+
 ```rust
-// Launch containerd at /run/containerd/containerd.sock
-let channel = connect("/run/containerd/containerd.sock").await?;
+use containerd_client::{connect, services::v1::version_client::VersionClient};
 
-let mut client = VersionClient::new(channel);
-let resp = client.version(()).await?;
+async fn query_version() {
+    // Launch containerd at /run/containerd/containerd.sock
+    let channel = connect("/run/containerd/containerd.sock").await.unwrap();
 
-println!("Response: {:?}", resp.get_ref());
+    let mut client = VersionClient::new(channel);
+    let resp = client.version(()).await.unwrap();
+
+    println!("Response: {:?}", resp.get_ref());
+}
 ```

crates/client/build.rs

@@ -24,6 +24,11 @@ const PROTO_FILES: &[&str] = &[
     "vendor/github.com/containerd/containerd/api/types/platform.proto",
     "vendor/github.com/containerd/containerd/api/types/sandbox.proto",
     "vendor/github.com/containerd/containerd/api/types/task/task.proto",
+    "vendor/github.com/containerd/containerd/api/types/transfer/imagestore.proto",
+    "vendor/github.com/containerd/containerd/api/types/transfer/importexport.proto",
+    "vendor/github.com/containerd/containerd/api/types/transfer/progress.proto",
+    "vendor/github.com/containerd/containerd/api/types/transfer/registry.proto",
+    "vendor/github.com/containerd/containerd/api/types/transfer/streaming.proto",
     // Services
     "vendor/github.com/containerd/containerd/api/services/containers/v1/containers.proto",
     "vendor/github.com/containerd/containerd/api/services/content/v1/content.proto",
@@ -35,8 +40,10 @@ const PROTO_FILES: &[&str] = &[
     "vendor/github.com/containerd/containerd/api/services/namespaces/v1/namespace.proto",
     "vendor/github.com/containerd/containerd/api/services/sandbox/v1/sandbox.proto",
     "vendor/github.com/containerd/containerd/api/services/snapshots/v1/snapshots.proto",
-    "vendor/github.com/containerd/containerd/api/services/version/v1/version.proto",
+    "vendor/github.com/containerd/containerd/api/services/streaming/v1/streaming.proto",
     "vendor/github.com/containerd/containerd/api/services/tasks/v1/tasks.proto",
+    "vendor/github.com/containerd/containerd/api/services/transfer/v1/transfer.proto",
+    "vendor/github.com/containerd/containerd/api/services/version/v1/version.proto",
     // Events
     "vendor/github.com/containerd/containerd/api/events/container.proto",
     "vendor/github.com/containerd/containerd/api/events/content.proto",
@@ -53,12 +60,19 @@ const FIXUP_MODULES: &[&str] = &[
     "containerd.services.sandbox.v1",
     "containerd.services.snapshots.v1",
     "containerd.services.tasks.v1",
+    "containerd.services.containers.v1",
+    "containerd.services.content.v1",
+    "containerd.services.events.v1",
 ];
 
 fn main() {
+    let mut config = prost_build::Config::new();
+    config.protoc_arg("--experimental_allow_proto3_optional");
+    config.enable_type_names();
+
     tonic_build::configure()
         .build_server(false)
-        .compile(PROTO_FILES, &["vendor/"])
+        .compile_protos_with_config(config, PROTO_FILES, &["vendor/"])
         .expect("Failed to generate GRPC bindings");
 
     for module in FIXUP_MODULES {
@@ -83,8 +97,16 @@ fn fixup_imports(path: &str) -> Result<(), io::Error> {
 
     let contents = fs::read_to_string(&path)?
         .replace("super::super::super::v1::types", "crate::types::v1") // for tasks service
+        .replace("super::super::super::super::types", "crate::types")
         .replace("super::super::super::types", "crate::types")
-        .replace("super::super::super::super::google", "crate::google");
+        .replace("super::super::super::super::google", "crate::google")
+        .replace(
+            "/// 	filters\\[0\\] or filters\\[1\\] or ... or filters\\[n-1\\] or filters\\[n\\]",
+            r#"
+            /// ```notrust
+            /// 	filters[0] or filters[1] or ... or filters[n-1] or filters[n]
+            /// ```"#,
+        );
     fs::write(path, contents)?;
     Ok(())
 }

crates/client/examples/container_events.rs

@@ -0,0 +1,92 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+use client::{
+    events::{ContainerCreate, ContainerDelete},
+    services::v1::{events_client::EventsClient, SubscribeRequest},
+};
+use containerd_client as client;
+
+/// Make sure you run containerd before running this example.
+#[tokio::main(flavor = "current_thread")]
+async fn main() {
+    let channel = client::connect("/run/containerd/containerd.sock")
+        .await
+        .expect("Connect Failed");
+
+    let mut client = EventsClient::new(channel.clone());
+
+    let request = SubscribeRequest::default();
+    let mut response = client
+        .subscribe(request)
+        .await
+        .expect("failed to subscribe to events")
+        .into_inner();
+
+    loop {
+        match response.message().await {
+            Ok(event) => {
+                if let Some(event) = event {
+                    match event.topic.as_str() {
+                        "/containers/create" => {
+                            if let Some(mut payload) = event.event {
+                                // Containerd doesn't send event payloads with a leading slash on the type URL, which is
+                                // required by the `Any` type specification. We add it manually here so that `prost` can
+                                // properly decode the payload.
+                                if !payload.type_url.starts_with('/') {
+                                    payload.type_url.insert(0, '/');
+                                }
+
+                                let payload: ContainerCreate = payload
+                                    .to_msg()
+                                    .expect("failed to parse ContainerCreate payload");
+
+                                println!(
+                                    "container created: id={} payload={:?}",
+                                    payload.id, payload
+                                );
+                            }
+                        }
+                        "/containers/delete" => {
+                            if let Some(mut payload) = event.event {
+                                // Containerd doesn't send event payloads with a leading slash on the type URL, which is
+                                // required by the `Any` type specification. We add it manually here so that `prost` can
+                                // properly decode the payload.
+                                if !payload.type_url.starts_with('/') {
+                                    payload.type_url.insert(0, '/');
+                                }
+
+                                let payload: ContainerDelete = payload
+                                    .to_msg()
+                                    .expect("failed to parse ContainerDelete payload");
+
+                                println!(
+                                    "container deleted: id={} payload={:?}",
+                                    payload.id, payload
+                                );
+                            }
+                        }
+                        _ => {}
+                    }
+                }
+            }
+            Err(e) => {
+                eprintln!("error while streaming events: {:?}", e);
+                break;
+            }
+        }
+    }
+}

crates/client/examples/container_pull.rs

@@ -0,0 +1,91 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+use std::env::consts;
+
+use client::{
+    services::v1::{transfer_client::TransferClient, TransferOptions, TransferRequest},
+    to_any,
+    types::{
+        transfer::{ImageStore, OciRegistry, UnpackConfiguration},
+        Platform,
+    },
+    with_namespace,
+};
+use containerd_client as client;
+use tonic::Request;
+
+const IMAGE: &str = "docker.io/library/alpine:latest";
+const NAMESPACE: &str = "default";
+
+/// Make sure you run containerd before running this example.
+/// NOTE: to run this example, you must prepare a rootfs.
+#[tokio::main(flavor = "current_thread")]
+async fn main() {
+    let arch = match consts::ARCH {
+        "x86_64" => "amd64",
+        "aarch64" => "arm64",
+        _ => consts::ARCH,
+    };
+
+    let channel = client::connect("/run/containerd/containerd.sock")
+        .await
+        .expect("Connect Failed");
+    let mut client = TransferClient::new(channel.clone());
+
+    // Create the source (OCIRegistry)
+    let source = OciRegistry {
+        reference: IMAGE.to_string(),
+        resolver: Default::default(),
+    };
+
+    let platform = Platform {
+        os: "linux".to_string(),
+        architecture: arch.to_string(),
+        variant: "".to_string(),
+        os_version: "".to_string(),
+    };
+
+    // Create the destination (ImageStore)
+    let destination = ImageStore {
+        name: IMAGE.to_string(),
+        platforms: vec![platform.clone()],
+        unpacks: vec![UnpackConfiguration {
+            platform: Some(platform),
+            ..Default::default()
+        }],
+        ..Default::default()
+    };
+
+    let anys = to_any(&source);
+    let anyd = to_any(&destination);
+
+    println!("Pulling image for linux/{} from source: {:?}", arch, source);
+
+    // Create the transfer request
+    let request = TransferRequest {
+        source: Some(anys),
+        destination: Some(anyd),
+        options: Some(TransferOptions {
+            ..Default::default()
+        }),
+    };
+    // Execute the transfer (pull)
+    client
+        .transfer(with_namespace!(request, NAMESPACE))
+        .await
+        .expect("unable to transfer image");
+}

crates/client/examples/container_spec.json

@@ -155,4 +155,4 @@
             "/proc/sysrq-trigger"
         ]
     }
-}
+}

crates/client/examples/version.rs

@@ -19,9 +19,13 @@ use containerd_client::Client;
 /// Make sure you run containerd before running this example.
 #[tokio::main(flavor = "current_thread")]
 async fn main() {
-    let client = Client::from_path("/var/run/containerd/containerd.sock")
-        .await
-        .expect("Connect failed");
+    #[cfg(unix)]
+    let path = "/var/run/containerd/containerd.sock";
+
+    #[cfg(windows)]
+    let path = r"\\.\pipe\containerd-containerd";
+
+    let client = Client::from_path(path).await.expect("Connect failed");
 
     let resp = client
         .version()

crates/client/rsync.txt

@@ -0,0 +1,5 @@
+api/events/*.proto
+api/services/**/*.proto
+api/types/*.proto
+api/types/**/*.proto
+protobuf/plugin/fieldpath.proto

crates/client/src/lib.rs

@@ -14,12 +14,11 @@
    limitations under the License.
 */
 
+#![cfg_attr(feature = "docs", doc = include_str!("../README.md"))]
 // No way to derive Eq with tonic :(
 // See https://github.com/hyperium/tonic/issues/1056
 #![allow(clippy::derive_partial_eq_without_eq)]
 
-//! A GRPC client to query containerd's API.
-
 pub use tonic;
 
 /// Generated `containerd.types` types.
@@ -29,6 +28,9 @@ pub mod types {
     pub mod v1 {
         tonic::include_proto!("containerd.v1.types");
     }
+    pub mod transfer {
+        tonic::include_proto!("containerd.types.transfer");
+    }
 }
 
 /// Generated `google.rpc` types, containerd services typically use some of these types.
@@ -40,6 +42,9 @@ pub mod google {
 
 /// Generated `containerd.services.*` services.
 pub mod services {
+    #[allow(clippy::tabs_in_doc_comments)]
+    #[allow(rustdoc::invalid_rust_codeblocks)]
+    #[allow(rustdoc::invalid_html_tags)]
     pub mod v1 {
         tonic::include_proto!("containerd.services.containers.v1");
         tonic::include_proto!("containerd.services.content.v1");
@@ -49,7 +54,9 @@ pub mod services {
         tonic::include_proto!("containerd.services.introspection.v1");
         tonic::include_proto!("containerd.services.leases.v1");
         tonic::include_proto!("containerd.services.namespaces.v1");
+        tonic::include_proto!("containerd.services.streaming.v1");
         tonic::include_proto!("containerd.services.tasks.v1");
+        tonic::include_proto!("containerd.services.transfer.v1");
 
         // Sandbox services (Controller and Store) don't make it clear that they are for sandboxes.
         // Wrap these into a sub module to make the names more clear.
@@ -73,36 +80,67 @@ pub mod events {
 
 /// Connect creates a unix channel to containerd GRPC socket.
 ///
-/// This helper inteded to be used in conjuction with [Tokio](https://tokio.rs) runtime.
+/// This helper intended to be used in conjunction with [Tokio](https://tokio.rs) runtime.
 #[cfg(feature = "connect")]
 pub async fn connect(
     path: impl AsRef<std::path::Path>,
 ) -> Result<tonic::transport::Channel, tonic::transport::Error> {
-    use tokio::net::UnixStream;
     use tonic::transport::Endpoint;
 
     let path = path.as_ref().to_path_buf();
 
-    // Taken from https://github.com/hyperium/tonic/commit/b90c3408001f762a32409f7e2cf688ebae39d89e#diff-f27114adeedf7b42e8656c8a86205685a54bae7a7929b895ab62516bdf9ff252R15
-    let channel = Endpoint::try_from("https://[::]")
-        .unwrap()
+    // Taken from https://github.com/hyperium/tonic/blob/71fca362d7ffbb230547f23b3f2fb75c414063a8/examples/src/uds/client.rs#L21-L28
+    // There will ignore this uri because uds do not use it
+    // and make connection with UnixStream::connect.
+    let channel = Endpoint::try_from("http://[::]")?
         .connect_with_connector(tower::service_fn(move |_| {
-            UnixStream::connect(path.clone())
+            let path = path.clone();
+
+            async move {
+                #[cfg(unix)]
+                {
+                    Ok::<_, std::io::Error>(hyper_util::rt::TokioIo::new(
+                        tokio::net::UnixStream::connect(path).await?,
+                    ))
+                }
+
+                #[cfg(windows)]
+                {
+                    let client = tokio::net::windows::named_pipe::ClientOptions::new()
+                        .open(&path)
+                        .map_err(|e| std::io::Error::from(e))?;
+
+                    Ok::<_, std::io::Error>(hyper_util::rt::TokioIo::new(client))
+                }
+            }
         }))
         .await?;
 
     Ok(channel)
 }
 
+use prost::{Message, Name};
+use prost_types::Any;
+
+// to_any provides a helper to match the current use of the protobuf "fullname" trait
+// in the Go code on the gRPC server side in containerd when handling matching of Any
+// types to registered types on the server. Further discussion on future direction
+// of typeurl in this issue: https://github.com/containerd/rust-extensions/issues/362
+pub fn to_any<T: Message + Name>(m: &T) -> Any {
+    let mut anyt = Any::from_msg(m).unwrap();
+    anyt.type_url = T::full_name();
+    anyt
+}
+
 /// Help to inject namespace into request.
 ///
 /// To use this macro, the `tonic::Request` is needed.
 #[macro_export]
 macro_rules! with_namespace {
-    ($req : ident, $ns: expr) => {{
+    ($req:expr, $ns:expr) => {{
         let mut req = Request::new($req);
         let md = req.metadata_mut();
-        // https://github.com/containerd/containerd/blob/main/namespaces/grpc.go#L27
+        // https://github.com/containerd/containerd/blob/main/pkg/namespaces/grpc.go#L27
         md.insert("containerd-namespace", $ns.parse().unwrap());
         req
     }};
@@ -119,7 +157,9 @@ use services::v1::{
     namespaces_client::NamespacesClient,
     sandbox::{controller_client::ControllerClient, store_client::StoreClient},
     snapshots::snapshots_client::SnapshotsClient,
+    streaming_client::StreamingClient,
     tasks_client::TasksClient,
+    transfer_client::TransferClient,
     version_client::VersionClient,
 };
 use tonic::transport::{Channel, Error};
@@ -161,12 +201,24 @@ impl Client {
         TasksClient::new(self.channel())
     }
 
+    /// Transfer service client.
+    #[inline]
+    pub fn transfer(&self) -> TransferClient<Channel> {
+        TransferClient::new(self.channel())
+    }
+
     /// Sandbox store client.
     #[inline]
     pub fn sandbox_store(&self) -> StoreClient<Channel> {
         StoreClient::new(self.channel())
     }
 
+    /// Streaming services client.
+    #[inline]
+    pub fn streaming(&self) -> StreamingClient<Channel> {
+        StreamingClient::new(self.channel())
+    }
+
     /// Sandbox controller client.
     #[inline]
     pub fn sandbox_controller(&self) -> ControllerClient<Channel> {
@@ -227,3 +279,24 @@ impl Client {
         ContainersClient::new(self.channel())
     }
 }
+
+#[cfg(test)]
+mod tests {
+    use prost_types::Any;
+
+    use crate::events::ContainerCreate;
+
+    #[test]
+    fn any_roundtrip() {
+        let original = ContainerCreate {
+            id: "test".to_string(),
+            image: "test".to_string(),
+            runtime: None,
+        };
+
+        let any = Any::from_msg(&original).expect("should not fail to encode");
+        let decoded: ContainerCreate = any.to_msg().expect("should not fail to decode");
+
+        assert_eq!(original, decoded)
+    }
+}

crates/client/vendor/github.com/containerd/containerd/api/events/container.proto

@@ -19,11 +19,10 @@ syntax = "proto3";
 package containerd.events;
 
 import "google/protobuf/any.proto";
-import weak "gogoproto/gogo.proto";
-import weak "github.com/containerd/containerd/protobuf/plugin/fieldpath.proto";
+import "github.com/containerd/containerd/api/types/fieldpath.proto";
 
 option go_package = "github.com/containerd/containerd/api/events;events";
-option (containerd.plugin.fieldpath_all) = true;
+option (containerd.types.fieldpath_all) = true;
 
 message ContainerCreate {
 	string id = 1;

crates/client/vendor/github.com/containerd/containerd/api/events/content.proto

@@ -18,12 +18,16 @@ syntax = "proto3";
 
 package containerd.events;
 
-import weak "gogoproto/gogo.proto";
-import weak "github.com/containerd/containerd/protobuf/plugin/fieldpath.proto";
+import "github.com/containerd/containerd/api/types/fieldpath.proto";
 
 option go_package = "github.com/containerd/containerd/api/events;events";
-option (containerd.plugin.fieldpath_all) = true;
+option (containerd.types.fieldpath_all) = true;
+
+message ContentCreate {
+	string digest = 1;
+	int64 size = 2;
+}
 
 message ContentDelete {
-	string digest = 1 [(gogoproto.customtype) = "github.com/opencontainers/go-digest.Digest", (gogoproto.nullable) = false];
+	string digest = 1;
 }

crates/client/vendor/github.com/containerd/containerd/api/events/image.proto

@@ -18,10 +18,10 @@ syntax = "proto3";
 
 package containerd.services.images.v1;
 
-import weak "github.com/containerd/containerd/protobuf/plugin/fieldpath.proto";
+import "github.com/containerd/containerd/api/types/fieldpath.proto";
 
 option go_package = "github.com/containerd/containerd/api/events;events";
-option (containerd.plugin.fieldpath_all) = true;
+option (containerd.types.fieldpath_all) = true;
 
 message ImageCreate {
 	string name = 1;

crates/client/vendor/github.com/containerd/containerd/api/events/namespace.proto

@@ -18,11 +18,10 @@ syntax = "proto3";
 
 package containerd.events;
 
-import weak "gogoproto/gogo.proto";
-import weak "github.com/containerd/containerd/protobuf/plugin/fieldpath.proto";
+import "github.com/containerd/containerd/api/types/fieldpath.proto";
 
 option go_package = "github.com/containerd/containerd/api/events;events";
-option (containerd.plugin.fieldpath_all) = true;
+option (containerd.types.fieldpath_all) = true;
 
 message NamespaceCreate {
 	string name = 1;

crates/client/vendor/github.com/containerd/containerd/api/events/sandbox.proto

@@ -0,0 +1,37 @@
+/*
+	Copyright The containerd Authors.
+
+	Licensed under the Apache License, Version 2.0 (the "License");
+	you may not use this file except in compliance with the License.
+	You may obtain a copy of the License at
+
+		http://www.apache.org/licenses/LICENSE-2.0
+
+	Unless required by applicable law or agreed to in writing, software
+	distributed under the License is distributed on an "AS IS" BASIS,
+	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+	See the License for the specific language governing permissions and
+	limitations under the License.
+*/
+
+syntax = "proto3";
+
+package containerd.events;
+
+import "google/protobuf/timestamp.proto";
+
+option go_package = "github.com/containerd/containerd/api/events;events";
+
+message SandboxCreate {
+	string sandbox_id = 1;
+}
+
+message SandboxStart {
+	string sandbox_id = 1;
+}
+
+message SandboxExit {
+	string sandbox_id = 1;
+	uint32 exit_status = 2;
+	google.protobuf.Timestamp exited_at = 3;
+}

crates/client/vendor/github.com/containerd/containerd/api/events/snapshot.proto

@@ -18,21 +18,24 @@ syntax = "proto3";
 
 package containerd.events;
 
-import weak "github.com/containerd/containerd/protobuf/plugin/fieldpath.proto";
+import "github.com/containerd/containerd/api/types/fieldpath.proto";
 
 option go_package = "github.com/containerd/containerd/api/events;events";
-option (containerd.plugin.fieldpath_all) = true;
+option (containerd.types.fieldpath_all) = true;
 
 message SnapshotPrepare {
 	string key = 1;
 	string parent = 2;
+	string snapshotter = 5;
 }
 
 message SnapshotCommit {
 	string key = 1;
 	string name = 2;
+	string snapshotter = 5;
 }
 
 message SnapshotRemove {
 	string key = 1;
+	string snapshotter = 5;
 }

crates/client/vendor/github.com/containerd/containerd/api/events/task.proto

@@ -18,19 +18,18 @@ syntax = "proto3";
 
 package containerd.events;
 
-import weak "gogoproto/gogo.proto";
 import "google/protobuf/timestamp.proto";
 import "github.com/containerd/containerd/api/types/mount.proto";
-import weak "github.com/containerd/containerd/protobuf/plugin/fieldpath.proto";
+import "github.com/containerd/containerd/api/types/fieldpath.proto";
 
 option go_package = "github.com/containerd/containerd/api/events;events";
-option (containerd.plugin.fieldpath_all) = true;
+option (containerd.types.fieldpath_all) = true;
 
 message TaskCreate {
 	string container_id = 1;
 	string bundle = 2;
 	repeated containerd.types.Mount rootfs = 3;
-	TaskIO io = 4 [(gogoproto.customname) = "IO"];
+	TaskIO io = 4;
 	string checkpoint = 5;
 	uint32 pid = 6;
 }
@@ -44,7 +43,7 @@ message TaskDelete {
 	string container_id = 1;
 	uint32 pid = 2;
 	uint32 exit_status = 3;
-	google.protobuf.Timestamp exited_at = 4 [(gogoproto.stdtime) = true, (gogoproto.nullable) = false];
+	google.protobuf.Timestamp exited_at = 4;
 	// id is the specific exec. By default if omitted will be `""` thus matches
 	// the init exec of the task matching `container_id`.
 	string id = 5;
@@ -62,7 +61,7 @@ message TaskExit {
 	string id = 2;
 	uint32 pid = 3;
 	uint32 exit_status = 4;
-	google.protobuf.Timestamp exited_at = 5 [(gogoproto.stdtime) = true, (gogoproto.nullable) = false];
+	google.protobuf.Timestamp exited_at = 5;
 }
 
 message TaskOOM {

crates/client/vendor/github.com/containerd/containerd/api/services/containers/v1/containers.proto

@@ -18,7 +18,6 @@ syntax = "proto3";
 
 package containerd.services.containers.v1;
 
-import weak "gogoproto/gogo.proto";
 import "google/protobuf/any.proto";
 import "google/protobuf/empty.proto";
 import "google/protobuf/field_mask.proto";
@@ -99,10 +98,10 @@ message Container {
 	string snapshot_key = 7;
 
 	// CreatedAt is the time the container was first created.
-	google.protobuf.Timestamp created_at = 8 [(gogoproto.stdtime) = true, (gogoproto.nullable) = false];
+	google.protobuf.Timestamp created_at = 8;
 
 	// UpdatedAt is the last time the container was mutated.
-	google.protobuf.Timestamp updated_at = 9 [(gogoproto.stdtime) = true, (gogoproto.nullable) = false];
+	google.protobuf.Timestamp updated_at = 9;
 
 	// Extensions allow clients to provide zero or more blobs that are directly
 	// associated with the container. One may provide protobuf, json, or other
@@ -113,7 +112,10 @@ message Container {
 	// that should be unique against other extensions. When updating extension
 	// data, one should only update the specified extension using field paths
 	// to select a specific map key.
-	map<string, google.protobuf.Any> extensions = 10 [(gogoproto.nullable) = false];
+	map<string, google.protobuf.Any> extensions = 10;
+
+	// Sandbox ID this container belongs to.
+	string sandbox = 11;
 }
 
 message GetContainerRequest {
@@ -121,7 +123,7 @@ message GetContainerRequest {
 }
 
 message GetContainerResponse {
-	Container container = 1 [(gogoproto.nullable) = false];
+	Container container = 1;
 }
 
 message ListContainersRequest {
@@ -132,22 +134,22 @@ message ListContainersRequest {
 	// filters. Expanded, containers that match the following will be
 	// returned:
 	//
-	//   filters[0] or filters[1] or ... or filters[n-1] or filters[n]
+	//	filters[0] or filters[1] or ... or filters[n-1] or filters[n]
 	//
 	// If filters is zero-length or nil, all items will be returned.
 	repeated string filters = 1;
 }
 
 message ListContainersResponse {
-	repeated Container containers = 1 [(gogoproto.nullable) = false];
+	repeated Container containers = 1;
 }
 
 message CreateContainerRequest {
-	Container container = 1 [(gogoproto.nullable) = false];
+	Container container = 1;
 }
 
 message CreateContainerResponse {
-	Container container = 1 [(gogoproto.nullable) = false];
+	Container container = 1;
 }
 
 // UpdateContainerRequest updates the metadata on one or more container.
@@ -159,7 +161,7 @@ message UpdateContainerRequest {
 	// Container provides the target values, as declared by the mask, for the update.
 	//
 	// The ID field must be set.
-	Container container = 1 [(gogoproto.nullable) = false];
+	Container container = 1;
 
 	// UpdateMask specifies which fields to perform the update on. If empty,
 	// the operation applies to all fields.
@@ -167,7 +169,7 @@ message UpdateContainerRequest {
 }
 
 message UpdateContainerResponse {
-	Container container = 1 [(gogoproto.nullable) = false];
+	Container container = 1;
 }
 
 message DeleteContainerRequest {

crates/client/vendor/github.com/containerd/containerd/api/services/content/v1/content.proto

@@ -18,7 +18,6 @@ syntax = "proto3";
 
 package containerd.services.content.v1;
 
-import weak "gogoproto/gogo.proto";
 import "google/protobuf/field_mask.proto";
 import "google/protobuf/timestamp.proto";
 import "google/protobuf/empty.proto";
@@ -92,16 +91,16 @@ service Content {
 
 message Info {
 	// Digest is the hash identity of the blob.
-	string digest = 1 [(gogoproto.customtype) = "github.com/opencontainers/go-digest.Digest", (gogoproto.nullable) = false];
+	string digest = 1;
 
 	// Size is the total number of bytes in the blob.
 	int64 size = 2;
 
 	// CreatedAt provides the time at which the blob was committed.
-	google.protobuf.Timestamp created_at = 3 [(gogoproto.stdtime) = true, (gogoproto.nullable) = false];
+	google.protobuf.Timestamp created_at = 3;
 
 	// UpdatedAt provides the time the info was last updated.
-	google.protobuf.Timestamp updated_at = 4 [(gogoproto.stdtime) = true, (gogoproto.nullable) = false];
+	google.protobuf.Timestamp updated_at = 4;
 
 	// Labels are arbitrary data on snapshots.
 	//
@@ -110,15 +109,15 @@ message Info {
 }
 
 message InfoRequest {
-	string digest = 1 [(gogoproto.customtype) = "github.com/opencontainers/go-digest.Digest", (gogoproto.nullable) = false];
+	string digest = 1;
 }
 
 message InfoResponse {
-	Info info = 1 [(gogoproto.nullable) = false];
+	Info info = 1;
 }
 
 message UpdateRequest {
-	Info info = 1 [(gogoproto.nullable) = false];
+	Info info = 1;
 
 	// UpdateMask specifies which fields to perform the update on. If empty,
 	// the operation applies to all fields.
@@ -130,7 +129,7 @@ message UpdateRequest {
 }
 
 message UpdateResponse {
-	Info info = 1 [(gogoproto.nullable) = false];
+	Info info = 1;
 }
 
 message ListContentRequest {
@@ -141,26 +140,26 @@ message ListContentRequest {
 	// filters. Expanded, containers that match the following will be
 	// returned:
 	//
-	//   filters[0] or filters[1] or ... or filters[n-1] or filters[n]
+	//	filters[0] or filters[1] or ... or filters[n-1] or filters[n]
 	//
 	// If filters is zero-length or nil, all items will be returned.
 	repeated string filters = 1;
 }
 
 message ListContentResponse {
-	repeated Info info = 1 [(gogoproto.nullable) = false];
+	repeated Info info = 1;
 }
 
 message DeleteContentRequest {
 	// Digest specifies which content to delete.
-	string digest = 1 [(gogoproto.customtype) = "github.com/opencontainers/go-digest.Digest", (gogoproto.nullable) = false];
+	string digest = 1;
 }
 
 // ReadContentRequest defines the fields that make up a request to read a portion of
 // data from a stored object.
 message ReadContentRequest {
 	// Digest is the hash identity to read.
-	string digest = 1 [(gogoproto.customtype) = "github.com/opencontainers/go-digest.Digest", (gogoproto.nullable) = false];
+	string digest = 1;
 
 	// Offset specifies the number of bytes from the start at which to begin
 	// the read. If zero or less, the read will be from the start. This uses
@@ -179,12 +178,12 @@ message ReadContentResponse {
 }
 
 message Status {
-	google.protobuf.Timestamp started_at = 1 [(gogoproto.stdtime) = true, (gogoproto.nullable) = false];
-	google.protobuf.Timestamp updated_at = 2 [(gogoproto.stdtime) = true, (gogoproto.nullable) = false];
+	google.protobuf.Timestamp started_at = 1;
+	google.protobuf.Timestamp updated_at = 2;
 	string ref = 3;
 	int64 offset = 4;
 	int64 total = 5;
-	string expected = 6 [(gogoproto.customtype) = "github.com/opencontainers/go-digest.Digest", (gogoproto.nullable) = false];
+	string expected = 6;
 }
 
 
@@ -201,17 +200,14 @@ message ListStatusesRequest {
 }
 
 message ListStatusesResponse {
-	repeated Status statuses = 1 [(gogoproto.nullable) = false];
+	repeated Status statuses = 1;
 }
 
 // WriteAction defines the behavior of a WriteRequest.
 enum WriteAction {
-	option (gogoproto.goproto_enum_prefix) = false;
-	option (gogoproto.enum_customname) = "WriteAction";
-
 	// WriteActionStat instructs the writer to return the current status while
 	// holding the lock on the write.
-	STAT = 0 [(gogoproto.enumvalue_customname) = "WriteActionStat"];
+	STAT = 0;
 
 	// WriteActionWrite sets the action for the write request to write data.
 	//
@@ -219,7 +215,7 @@ enum WriteAction {
 	// transaction will be left open for further writes.
 	//
 	// This is the default.
-	WRITE = 1 [(gogoproto.enumvalue_customname) = "WriteActionWrite"];
+	WRITE = 1;
 
 	// WriteActionCommit will write any outstanding data in the message and
 	// commit the write, storing it under the digest.
@@ -228,7 +224,7 @@ enum WriteAction {
 	// commit it.
 	//
 	// This action will always terminate the write.
-	COMMIT = 2 [(gogoproto.enumvalue_customname) = "WriteActionCommit"];
+	COMMIT = 2;
 }
 
 // WriteContentRequest writes data to the request ref at offset.
@@ -269,7 +265,7 @@ message WriteContentRequest {
 	// Only the latest version will be used to check the content against the
 	// digest. It is only required to include it on a single message, before or
 	// with the commit action message.
-	string expected = 4 [(gogoproto.customtype) = "github.com/opencontainers/go-digest.Digest", (gogoproto.nullable) = false];
+	string expected = 4;
 
 	// Offset specifies the number of bytes from the start at which to begin
 	// the write. For most implementations, this means from the start of the
@@ -304,13 +300,13 @@ message WriteContentResponse {
 	//
 	// This must be set for stat and commit write actions. All other write
 	// actions may omit this.
-	google.protobuf.Timestamp started_at = 2 [(gogoproto.stdtime) = true, (gogoproto.nullable) = false];
+	google.protobuf.Timestamp started_at = 2;
 
 	// UpdatedAt provides the last time of a successful write.
 	//
 	// This must be set for stat and commit write actions. All other write
 	// actions may omit this.
-	google.protobuf.Timestamp updated_at = 3 [(gogoproto.stdtime) = true, (gogoproto.nullable) = false];
+	google.protobuf.Timestamp updated_at = 3;
 
 	// Offset is the current committed size for the write.
 	int64 offset = 4;
@@ -326,7 +322,7 @@ message WriteContentResponse {
 	// Digest, if present, includes the digest up to the currently committed
 	// bytes. If action is commit, this field will be set. It is implementation
 	// defined if this is set for other actions.
-	string digest = 6 [(gogoproto.customtype) = "github.com/opencontainers/go-digest.Digest", (gogoproto.nullable) = false];
+	string digest = 6;
 }
 
 message AbortRequest {

crates/client/vendor/github.com/containerd/containerd/api/services/diff/v1/diff.proto

@@ -18,8 +18,8 @@ syntax = "proto3";
 
 package containerd.services.diff.v1;
 
-import weak "gogoproto/gogo.proto";
 import "google/protobuf/any.proto";
+import "google/protobuf/timestamp.proto";
 import "github.com/containerd/containerd/api/types/mount.proto";
 import "github.com/containerd/containerd/api/types/descriptor.proto";
 
@@ -44,6 +44,8 @@ message ApplyRequest {
 	repeated containerd.types.Mount mounts = 2;
 
 	map<string, google.protobuf.Any> payloads = 3;
+	// SyncFs is to synchronize the underlying filesystem containing files.
+	bool sync_fs = 4;
 }
 
 message ApplyResponse {
@@ -73,6 +75,13 @@ message DiffRequest {
 	// Labels are the labels to apply to the generated content
 	// on content store commit.
 	map<string, string> labels = 5;
+
+	// SourceDateEpoch specifies the timestamp used to provide control for reproducibility.
+	// See also https://reproducible-builds.org/docs/source-date-epoch/ .
+	//
+	// Since containerd v2.0, the whiteout timestamps are set to zero (1970-01-01),
+	// not to the source date epoch.
+	google.protobuf.Timestamp source_date_epoch = 6;
 }
 
 message DiffResponse {

crates/client/vendor/github.com/containerd/containerd/api/services/events/v1/events.proto

@@ -18,11 +18,9 @@ syntax = "proto3";
 
 package containerd.services.events.v1;
 
-import weak "github.com/containerd/containerd/protobuf/plugin/fieldpath.proto";
-import weak "gogoproto/gogo.proto";
+import "github.com/containerd/containerd/api/types/event.proto";
 import "google/protobuf/any.proto";
 import "google/protobuf/empty.proto";
-import "google/protobuf/timestamp.proto";
 
 option go_package = "github.com/containerd/containerd/api/services/events/v1;events";
 
@@ -45,9 +43,9 @@ service Events {
 	//
 	// Unlike many other methods in containerd, subscribers will get messages
 	// from all namespaces unless otherwise specified. If this is not desired,
-	// a filter can be provided in the format 'namespace=={namespace}' to
+	// a filter can be provided in the format 'namespace==<namespace>' to
 	// restrict the received events.
-	rpc Subscribe(SubscribeRequest) returns (stream Envelope);
+	rpc Subscribe(SubscribeRequest) returns (stream containerd.types.Envelope);
 }
 
 message PublishRequest {
@@ -56,17 +54,9 @@ message PublishRequest {
 }
 
 message ForwardRequest {
-	Envelope envelope = 1;
+	containerd.types.Envelope envelope = 1;
 }
 
 message SubscribeRequest {
 	repeated string filters = 1;
 }
-
-message Envelope {
-	option (containerd.plugin.fieldpath) = true;
-	google.protobuf.Timestamp timestamp = 1 [(gogoproto.stdtime) = true, (gogoproto.nullable) = false];
-	string namespace = 2;
-	string topic = 3;
-	google.protobuf.Any event = 4;
-}

crates/client/vendor/github.com/containerd/containerd/api/services/images/v1/images.proto

@@ -18,7 +18,6 @@ syntax = "proto3";
 
 package containerd.services.images.v1;
 
-import weak "gogoproto/gogo.proto";
 import "google/protobuf/empty.proto";
 import "google/protobuf/field_mask.proto";
 import "google/protobuf/timestamp.proto";
@@ -71,13 +70,13 @@ message Image {
 	map<string, string> labels = 2;
 
 	// Target describes the content entry point of the image.
-	containerd.types.Descriptor target = 3 [(gogoproto.nullable) = false];
+	containerd.types.Descriptor target = 3;
 
 	// CreatedAt is the time the image was first created.
-	google.protobuf.Timestamp created_at = 7 [(gogoproto.stdtime) = true, (gogoproto.nullable) = false];
+	google.protobuf.Timestamp created_at = 7;
 
 	// UpdatedAt is the last time the image was mutated.
-	google.protobuf.Timestamp updated_at = 8 [(gogoproto.stdtime) = true, (gogoproto.nullable) = false];
+	google.protobuf.Timestamp updated_at = 8;
 }
 
 message GetImageRequest {
@@ -89,26 +88,30 @@ message GetImageResponse {
 }
 
 message CreateImageRequest {
-	Image image = 1 [(gogoproto.nullable) = false];
+	Image image = 1;
+
+	google.protobuf.Timestamp source_date_epoch = 2;
 }
 
 message CreateImageResponse {
-	Image image = 1 [(gogoproto.nullable) = false];
+	Image image = 1;
 }
 
 message UpdateImageRequest {
 	// Image provides a full or partial image for update.
 	//
 	// The name field must be set or an error will be returned.
-	Image image = 1 [(gogoproto.nullable) = false];
+	Image image = 1;
 
 	// UpdateMask specifies which fields to perform the update on. If empty,
 	// the operation applies to all fields.
 	google.protobuf.FieldMask update_mask = 2;
+
+	google.protobuf.Timestamp source_date_epoch = 3;
 }
 
 message UpdateImageResponse {
-	Image image = 1 [(gogoproto.nullable) = false];
+	Image image = 1;
 }
 
 message ListImagesRequest {
@@ -119,14 +122,14 @@ message ListImagesRequest {
 	// filters. Expanded, images that match the following will be
 	// returned:
 	//
-	//   filters[0] or filters[1] or ... or filters[n-1] or filters[n]
+	//	filters[0] or filters[1] or ... or filters[n-1] or filters[n]
 	//
 	// If filters is zero-length or nil, all items will be returned.
 	repeated string filters = 1;
 }
 
 message ListImagesResponse {
-	repeated Image images = 1 [(gogoproto.nullable) = false];
+	repeated Image images = 1;
 }
 
 message DeleteImageRequest {
@@ -137,4 +140,10 @@ message DeleteImageRequest {
 	//
 	// Default is false
 	bool sync = 2;
+
+	// Target value for image to be deleted
+	//
+	// If image descriptor does not match the same digest,
+	// the delete operation will return "not found" error.
+	optional containerd.types.Descriptor target = 3;
 }

crates/client/vendor/github.com/containerd/containerd/api/services/introspection/v1/introspection.proto

@@ -18,10 +18,12 @@ syntax = "proto3";
 
 package containerd.services.introspection.v1;
 
+import "google/protobuf/any.proto";
+import "github.com/containerd/containerd/api/types/introspection.proto";
 import "github.com/containerd/containerd/api/types/platform.proto";
 import "google/rpc/status.proto";
 import "google/protobuf/empty.proto";
-import weak "gogoproto/gogo.proto";
+import "google/protobuf/timestamp.proto";
 
 option go_package = "github.com/containerd/containerd/api/services/introspection/v1;introspection";
 
@@ -33,6 +35,8 @@ service Introspection {
 	rpc Plugins(PluginsRequest) returns (PluginsResponse);
 	// Server returns information about the containerd server
 	rpc Server(google.protobuf.Empty) returns (ServerResponse);
+	// PluginInfo returns information directly from a plugin if the plugin supports it
+	rpc PluginInfo(PluginInfoRequest) returns (PluginInfoResponse);
 }
 
 message Plugin {
@@ -57,7 +61,7 @@ message Plugin {
 	//
 	// If the plugin prefers certain platforms over others, they should be
 	// listed from most to least preferred.
-	repeated types.Platform platforms = 4 [(gogoproto.nullable) = false];
+	repeated types.Platform platforms = 4;
 
 	// Exports allows plugins to provide values about state or configuration to
 	// interested parties.
@@ -89,16 +93,41 @@ message PluginsRequest {
 	// filters. Expanded, plugins that match the following will be
 	// returned:
 	//
-	//   filters[0] or filters[1] or ... or filters[n-1] or filters[n]
+	//	filters[0] or filters[1] or ... or filters[n-1] or filters[n]
 	//
 	// If filters is zero-length or nil, all items will be returned.
 	repeated string filters = 1;
 }
 
 message PluginsResponse {
-	repeated Plugin plugins = 1 [(gogoproto.nullable) = false];
+	repeated Plugin plugins = 1;
 }
 
 message ServerResponse {
-	string uuid = 1 [(gogoproto.customname) = "UUID"];
+	string uuid = 1;
+	uint64 pid = 2;
+	uint64 pidns = 3; // PID namespace, such as 4026531836
+	repeated DeprecationWarning deprecations = 4;
+}
+
+message DeprecationWarning {
+	string id = 1;
+	string message = 2;
+	google.protobuf.Timestamp last_occurrence = 3;
+}
+
+message PluginInfoRequest {
+	string type = 1;
+	string id = 2;
+
+	// Options may be used to request extra dynamic information from
+	// a plugin.
+	// This object is determined by the plugin and the plugin may return
+	// NotImplemented or InvalidArgument if it is not supported
+	google.protobuf.Any options = 3;
+}
+
+message PluginInfoResponse {
+	Plugin plugin = 1;
+	google.protobuf.Any extra = 2;
 }

crates/client/vendor/github.com/containerd/containerd/api/services/leases/v1/leases.proto

@@ -17,7 +17,6 @@ syntax = "proto3";
 
 package containerd.services.leases.v1;
 
-import weak "gogoproto/gogo.proto";
 import "google/protobuf/empty.proto";
 import "google/protobuf/timestamp.proto";
 
@@ -52,7 +51,7 @@ service Leases {
 message Lease {
 	string id = 1;
 
-	google.protobuf.Timestamp created_at = 2 [(gogoproto.stdtime) = true, (gogoproto.nullable) = false];
+	google.protobuf.Timestamp created_at = 2;
 
 	map<string, string> labels = 3;
 }
@@ -99,13 +98,13 @@ message Resource {
 message AddResourceRequest {
 	string id = 1;
 
-	Resource resource = 2 [(gogoproto.nullable) = false];
+	Resource resource = 2;
 }
 
 message DeleteResourceRequest {
 	string id = 1;
 
-	Resource resource = 2 [(gogoproto.nullable) = false];
+	Resource resource = 2;
 }
 
 message ListResourcesRequest {
@@ -113,5 +112,5 @@ message ListResourcesRequest {
 }
 
 message ListResourcesResponse {
-	repeated Resource resources = 1	[(gogoproto.nullable) = false];
+	repeated Resource resources = 1	;
 }

crates/client/vendor/github.com/containerd/containerd/api/services/namespaces/v1/namespace.proto

@@ -18,7 +18,6 @@ syntax = "proto3";
 
 package containerd.services.namespaces.v1;
 
-import weak "gogoproto/gogo.proto";
 import "google/protobuf/empty.proto";
 import "google/protobuf/field_mask.proto";
 
@@ -60,7 +59,7 @@ message GetNamespaceRequest {
 }
 
 message GetNamespaceResponse {
-	Namespace namespace = 1 [(gogoproto.nullable) = false];
+	Namespace namespace = 1;
 }
 
 message ListNamespacesRequest {
@@ -68,15 +67,15 @@ message ListNamespacesRequest {
 }
 
 message ListNamespacesResponse {
-	repeated Namespace namespaces = 1 [(gogoproto.nullable) = false];
+	repeated Namespace namespaces = 1;
 }
 
 message CreateNamespaceRequest {
-	Namespace namespace = 1 [(gogoproto.nullable) = false];
+	Namespace namespace = 1;
 }
 
 message CreateNamespaceResponse {
-	Namespace namespace = 1 [(gogoproto.nullable) = false];
+	Namespace namespace = 1;
 }
 
 // UpdateNamespaceRequest updates the metadata for a namespace.
@@ -88,7 +87,7 @@ message UpdateNamespaceRequest {
 	// Namespace provides the target value, as declared by the mask, for the update.
 	//
 	// The namespace field must be set.
-	Namespace namespace = 1 [(gogoproto.nullable) = false];
+	Namespace namespace = 1;
 
 	// UpdateMask specifies which fields to perform the update on. If empty,
 	// the operation applies to all fields.
@@ -100,7 +99,7 @@ message UpdateNamespaceRequest {
 }
 
 message UpdateNamespaceResponse {
-	Namespace namespace = 1 [(gogoproto.nullable) = false];
+	Namespace namespace = 1;
 }
 
 message DeleteNamespaceRequest {

crates/client/vendor/github.com/containerd/containerd/api/services/sandbox/v1/sandbox.proto

@@ -31,6 +31,7 @@ import "google/protobuf/timestamp.proto";
 import "github.com/containerd/containerd/api/types/sandbox.proto";
 import "github.com/containerd/containerd/api/types/mount.proto";
 import "github.com/containerd/containerd/api/types/platform.proto";
+import "github.com/containerd/containerd/api/types/metrics.proto";
 
 option go_package = "github.com/containerd/containerd/api/services/sandbox/v1;sandbox";
 
@@ -93,6 +94,8 @@ service Controller {
 	rpc Wait(ControllerWaitRequest) returns (ControllerWaitResponse);
 	rpc Status(ControllerStatusRequest) returns (ControllerStatusResponse);
 	rpc Shutdown(ControllerShutdownRequest) returns (ControllerShutdownResponse);
+	rpc Metrics(ControllerMetricsRequest) returns (ControllerMetricsResponse);
+	rpc Update(ControllerUpdateRequest) returns (ControllerUpdateResponse);
 }
 
 message ControllerCreateRequest {
@@ -100,6 +103,9 @@ message ControllerCreateRequest {
 	repeated containerd.types.Mount rootfs = 2;
 	google.protobuf.Any options = 3;
 	string netns_path = 4;
+	map<string, string> annotations = 5;
+	containerd.types.Sandbox sandbox = 6;
+	string sandboxer = 10;
 }
 
 message ControllerCreateResponse {
@@ -108,6 +114,7 @@ message ControllerCreateResponse {
 
 message ControllerStartRequest {
 	string sandbox_id = 1;
+	string sandboxer = 10;
 }
 
 message ControllerStartResponse {
@@ -115,10 +122,16 @@ message ControllerStartResponse {
 	uint32 pid = 2;
 	google.protobuf.Timestamp created_at = 3;
 	map<string, string> labels = 4;
+	// Address of the sandbox for containerd to connect,
+	// for calling Task or other APIs serving in the sandbox.
+	// it is in the form of ttrpc+unix://path/to/uds or grpc+vsock://<vsock cid>:<port>.
+	string address = 5;
+	uint32 version = 6;
 }
 
 message ControllerPlatformRequest {
 	string sandbox_id = 1;
+	string sandboxer = 10;
 }
 
 message ControllerPlatformResponse {
@@ -128,12 +141,14 @@ message ControllerPlatformResponse {
 message ControllerStopRequest {
 	string sandbox_id = 1;
 	uint32 timeout_secs = 2;
+	string sandboxer = 10;
 }
 
 message ControllerStopResponse {}
 
 message ControllerWaitRequest {
 	string sandbox_id = 1;
+	string sandboxer = 10;
 }
 
 message ControllerWaitResponse {
@@ -144,6 +159,7 @@ message ControllerWaitResponse {
 message ControllerStatusRequest {
 	string sandbox_id = 1;
 	bool verbose = 2;
+	string sandboxer = 10;
 }
 
 message ControllerStatusResponse {
@@ -154,10 +170,35 @@ message ControllerStatusResponse {
 	google.protobuf.Timestamp created_at = 5;
 	google.protobuf.Timestamp exited_at = 6;
 	google.protobuf.Any extra = 7;
+	// Address of the sandbox for containerd to connect,
+	// for calling Task or other APIs serving in the sandbox.
+	// it is in the form of ttrpc+unix://path/to/uds or grpc+vsock://<vsock cid>:<port>.
+	string address = 8;
+	uint32 version = 9;
 }
 
 message ControllerShutdownRequest {
 	string sandbox_id = 1;
+	string sandboxer = 10;
 }
 
-message ControllerShutdownResponse {}
+message ControllerShutdownResponse {}
+
+message ControllerMetricsRequest {
+	string sandbox_id = 1;
+	string sandboxer = 10;
+}
+
+message ControllerMetricsResponse {
+	types.Metric metrics = 1;
+}
+
+message ControllerUpdateRequest {
+	string sandbox_id = 1;
+	string sandboxer = 2;
+	containerd.types.Sandbox sandbox = 3;
+	repeated string fields = 4;
+}
+
+message ControllerUpdateResponse {
+}

crates/client/vendor/github.com/containerd/containerd/api/services/snapshots/v1/snapshots.proto

@@ -18,7 +18,6 @@ syntax = "proto3";
 
 package containerd.services.snapshots.v1;
 
-import weak "gogoproto/gogo.proto";
 import "google/protobuf/empty.proto";
 import "google/protobuf/field_mask.proto";
 import "google/protobuf/timestamp.proto";
@@ -101,13 +100,10 @@ message StatSnapshotRequest {
 }
 
 enum Kind {
-	option (gogoproto.goproto_enum_prefix) = false;
-	option (gogoproto.enum_customname) = "Kind";
-
-	UNKNOWN = 0 [(gogoproto.enumvalue_customname) = "KindUnknown"];
-	VIEW = 1 [(gogoproto.enumvalue_customname) = "KindView"];
-	ACTIVE = 2 [(gogoproto.enumvalue_customname) = "KindActive"];
-	COMMITTED = 3 [(gogoproto.enumvalue_customname) = "KindCommitted"];
+	UNKNOWN = 0;
+	VIEW = 1;
+	ACTIVE = 2;
+	COMMITTED = 3;
 }
 
 message Info {
@@ -116,10 +112,10 @@ message Info {
 	Kind kind = 3;
 
 	// CreatedAt provides the time at which the snapshot was created.
-	google.protobuf.Timestamp created_at = 4 [(gogoproto.stdtime) = true, (gogoproto.nullable) = false];
+	google.protobuf.Timestamp created_at = 4;
 
 	// UpdatedAt provides the time the info was last updated.
-	google.protobuf.Timestamp updated_at = 5 [(gogoproto.stdtime) = true, (gogoproto.nullable) = false];
+	google.protobuf.Timestamp updated_at = 5;
 
 	// Labels are arbitrary data on snapshots.
 	//
@@ -128,12 +124,12 @@ message Info {
 }
 
 message StatSnapshotResponse {
-	Info info = 1 [(gogoproto.nullable) = false];
+	Info info = 1;
 }
 
 message UpdateSnapshotRequest {
 	string snapshotter = 1;
-	Info info = 2 [(gogoproto.nullable) = false];
+	Info info = 2;
 
 	// UpdateMask specifies which fields to perform the update on. If empty,
 	// the operation applies to all fields.
@@ -145,7 +141,7 @@ message UpdateSnapshotRequest {
 }
 
 message UpdateSnapshotResponse {
-	Info info = 1 [(gogoproto.nullable) = false];
+	Info info = 1;
 }
 
 message ListSnapshotsRequest{
@@ -158,14 +154,14 @@ message ListSnapshotsRequest{
 	// filters. Expanded, images that match the following will be
 	// returned:
 	//
-	//   filters[0] or filters[1] or ... or filters[n-1] or filters[n]
+	//	filters[0] or filters[1] or ... or filters[n-1] or filters[n]
 	//
 	// If filters is zero-length or nil, all items will be returned.
 	repeated string filters = 2;
 }
 
 message ListSnapshotsResponse {
-	repeated Info info = 1 [(gogoproto.nullable) = false];
+	repeated Info info = 1;
 }
 
 message UsageRequest {

crates/client/vendor/github.com/containerd/containerd/api/services/streaming/v1/streaming.proto

@@ -0,0 +1,31 @@
+/*
+	Copyright The containerd Authors.
+
+	Licensed under the Apache License, Version 2.0 (the "License");
+	you may not use this file except in compliance with the License.
+	You may obtain a copy of the License at
+
+		http://www.apache.org/licenses/LICENSE-2.0
+
+	Unless required by applicable law or agreed to in writing, software
+	distributed under the License is distributed on an "AS IS" BASIS,
+	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+	See the License for the specific language governing permissions and
+	limitations under the License.
+*/
+
+syntax = "proto3";
+
+package containerd.services.streaming.v1;
+
+import "google/protobuf/any.proto";
+
+option go_package = "github.com/containerd/containerd/api/services/streaming/v1;streaming";
+
+service Streaming {
+	rpc Stream(stream google.protobuf.Any) returns (stream google.protobuf.Any);
+}
+
+message StreamInit {
+	string id = 1;
+}

crates/client/vendor/github.com/containerd/containerd/api/services/tasks/v1/tasks.proto

@@ -20,7 +20,6 @@ package containerd.services.tasks.v1;
 
 import "google/protobuf/empty.proto";
 import "google/protobuf/any.proto";
-import weak "gogoproto/gogo.proto";
 import "github.com/containerd/containerd/api/types/mount.proto";
 import "github.com/containerd/containerd/api/types/metrics.proto";
 import "github.com/containerd/containerd/api/types/descriptor.proto";
@@ -114,7 +113,7 @@ message DeleteResponse {
 	string id = 1;
 	uint32 pid = 2;
 	uint32 exit_status = 3;
-	google.protobuf.Timestamp exited_at = 4 [(gogoproto.stdtime) = true, (gogoproto.nullable) = false];
+	google.protobuf.Timestamp exited_at = 4;
 }
 
 message DeleteProcessRequest {
@@ -195,7 +194,7 @@ message ListPidsResponse {
 
 message CheckpointTaskRequest {
 	string container_id = 1;
-	string parent_checkpoint = 2 [(gogoproto.customtype) = "github.com/opencontainers/go-digest.Digest", (gogoproto.nullable) = false];
+	string parent_checkpoint = 2;
 	google.protobuf.Any options = 3;
 }
 
@@ -224,5 +223,5 @@ message WaitRequest {
 
 message WaitResponse {
 	uint32 exit_status = 1;
-	google.protobuf.Timestamp exited_at = 2 [(gogoproto.stdtime) = true, (gogoproto.nullable) = false];
+	google.protobuf.Timestamp exited_at = 2;
 }

crates/client/vendor/github.com/containerd/containerd/api/services/transfer/v1/transfer.proto

@@ -0,0 +1,39 @@
+/*
+	Copyright The containerd Authors.
+
+	Licensed under the Apache License, Version 2.0 (the "License");
+	you may not use this file except in compliance with the License.
+	You may obtain a copy of the License at
+
+		http://www.apache.org/licenses/LICENSE-2.0
+
+	Unless required by applicable law or agreed to in writing, software
+	distributed under the License is distributed on an "AS IS" BASIS,
+	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+	See the License for the specific language governing permissions and
+	limitations under the License.
+*/
+
+syntax = "proto3";
+
+package containerd.services.transfer.v1;
+
+import "google/protobuf/any.proto";
+import "google/protobuf/empty.proto";
+
+option go_package = "github.com/containerd/containerd/api/services/transfer/v1;transfer";
+
+service Transfer {
+	rpc Transfer(TransferRequest) returns (google.protobuf.Empty);
+}
+
+message TransferRequest {
+	google.protobuf.Any source = 1;
+	google.protobuf.Any destination = 2;
+	TransferOptions options = 3;
+}
+
+message TransferOptions {
+	string progress_stream = 1;
+	// Progress min interval
+}

crates/client/vendor/github.com/containerd/containerd/api/services/ttrpc/events/v1/events.proto

@@ -18,11 +18,8 @@ syntax = "proto3";
 
 package containerd.services.events.ttrpc.v1;
 
-import weak "github.com/containerd/containerd/protobuf/plugin/fieldpath.proto";
-import weak "gogoproto/gogo.proto";
-import "google/protobuf/any.proto";
+import "github.com/containerd/containerd/api/types/event.proto";
 import "google/protobuf/empty.proto";
-import "google/protobuf/timestamp.proto";
 
 option go_package = "github.com/containerd/containerd/api/services/ttrpc/events/v1;events";
 
@@ -36,13 +33,5 @@ service Events {
 }
 
 message ForwardRequest {
-	Envelope envelope = 1;
-}
-
-message Envelope {
-	option (containerd.plugin.fieldpath) = true;
-	google.protobuf.Timestamp timestamp = 1 [(gogoproto.stdtime) = true, (gogoproto.nullable) = false];
-	string namespace = 2;
-	string topic = 3;
-	google.protobuf.Any event = 4;
+	containerd.types.Envelope envelope = 1;
 }

crates/client/vendor/github.com/containerd/containerd/api/services/version/v1/version.proto

@@ -19,7 +19,6 @@ syntax = "proto3";
 package containerd.services.version.v1;
 
 import "google/protobuf/empty.proto";
-import weak "gogoproto/gogo.proto";
 
 // TODO(stevvooe): Should version service actually be versioned?
 option go_package = "github.com/containerd/containerd/api/services/version/v1;version";

crates/client/vendor/github.com/containerd/containerd/api/types/descriptor.proto

@@ -18,8 +18,6 @@ syntax = "proto3";
 
 package containerd.types;
 
-import weak "gogoproto/gogo.proto";
-
 option go_package = "github.com/containerd/containerd/api/types;types";
 
 // Descriptor describes a blob in a content store.
@@ -29,7 +27,7 @@ option go_package = "github.com/containerd/containerd/api/types;types";
 // See https://godoc.org/github.com/opencontainers/image-spec/specs-go/v1#Descriptor
 message Descriptor {
 	string media_type = 1;
-	string digest = 2 [(gogoproto.customtype) = "github.com/opencontainers/go-digest.Digest", (gogoproto.nullable) = false];
+	string digest = 2;
 	int64 size = 3;
 	map<string, string> annotations = 5;
 }

crates/client/vendor/github.com/containerd/containerd/api/types/event.proto

@@ -0,0 +1,33 @@
+/*
+	Copyright The containerd Authors.
+
+	Licensed under the Apache License, Version 2.0 (the "License");
+	you may not use this file except in compliance with the License.
+	You may obtain a copy of the License at
+
+		http://www.apache.org/licenses/LICENSE-2.0
+
+	Unless required by applicable law or agreed to in writing, software
+	distributed under the License is distributed on an "AS IS" BASIS,
+	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+	See the License for the specific language governing permissions and
+	limitations under the License.
+*/
+
+syntax = "proto3";
+
+package containerd.types;
+
+import "github.com/containerd/containerd/api/types/fieldpath.proto";
+import "google/protobuf/any.proto";
+import "google/protobuf/timestamp.proto";
+
+option go_package = "github.com/containerd/containerd/api/types;types";
+
+message Envelope {
+	option (containerd.types.fieldpath) = true;
+	google.protobuf.Timestamp timestamp = 1;
+	string namespace = 2;
+	string topic = 3;
+	google.protobuf.Any event = 4;
+}

crates/client/vendor/github.com/containerd/containerd/api/types/fieldpath.proto

@@ -26,11 +26,13 @@
 // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
-syntax = "proto2";
-package containerd.plugin;
+syntax = "proto3";
+package containerd.types;
 
 import "google/protobuf/descriptor.proto";
 
+option go_package = "github.com/containerd/containerd/api/types;types";
+
 extend google.protobuf.FileOptions {
 	optional bool fieldpath_all = 63300;
 }

crates/client/vendor/github.com/containerd/containerd/api/types/introspection.proto

@@ -0,0 +1,46 @@
+/*
+	Copyright The containerd Authors.
+
+	Licensed under the Apache License, Version 2.0 (the "License");
+	you may not use this file except in compliance with the License.
+	You may obtain a copy of the License at
+
+		http://www.apache.org/licenses/LICENSE-2.0
+
+	Unless required by applicable law or agreed to in writing, software
+	distributed under the License is distributed on an "AS IS" BASIS,
+	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+	See the License for the specific language governing permissions and
+	limitations under the License.
+*/
+
+syntax = "proto3";
+
+package containerd.types;
+
+import "google/protobuf/any.proto";
+
+option go_package = "github.com/containerd/containerd/api/types;types";
+
+message RuntimeRequest {
+	string runtime_path = 1;
+	// Options correspond to CreateTaskRequest.options.
+	// This is needed to pass the runc binary path, etc.
+	google.protobuf.Any options = 2;
+}
+
+message RuntimeVersion {
+	string version = 1;
+	string revision = 2;
+}
+
+message RuntimeInfo {
+	string name = 1;
+	RuntimeVersion version = 2;
+	// Options correspond to RuntimeInfoRequest.Options (contains runc binary path, etc.)
+	google.protobuf.Any options = 3;
+	// OCI-compatible runtimes should use https://github.com/opencontainers/runtime-spec/blob/main/features.md
+	google.protobuf.Any features = 4;
+	// Annotations of the shim. Irrelevant to features.Annotations.
+	map<string, string> annotations = 5;
+}

crates/client/vendor/github.com/containerd/containerd/api/types/metrics.proto

@@ -18,14 +18,13 @@ syntax = "proto3";
 
 package containerd.types;
 
-import weak "gogoproto/gogo.proto";
 import "google/protobuf/any.proto";
 import "google/protobuf/timestamp.proto";
 
 option go_package = "github.com/containerd/containerd/api/types;types";
 
 message Metric {
-	google.protobuf.Timestamp timestamp = 1 [(gogoproto.stdtime) = true, (gogoproto.nullable) = false];
+	google.protobuf.Timestamp timestamp = 1;
 	string id = 2;
 	google.protobuf.Any data = 3;
 }

crates/client/vendor/github.com/containerd/containerd/api/types/mount.proto

@@ -18,8 +18,6 @@ syntax = "proto3";
 
 package containerd.types;
 
-import weak "gogoproto/gogo.proto";
-
 option go_package = "github.com/containerd/containerd/api/types;types";
 
 // Mount describes mounts for a container.

crates/client/vendor/github.com/containerd/containerd/api/types/platform.proto

@@ -18,14 +18,13 @@ syntax = "proto3";
 
 package containerd.types;
 
-import weak "gogoproto/gogo.proto";
-
 option go_package = "github.com/containerd/containerd/api/types;types";
 
 // Platform follows the structure of the OCI platform specification, from
 // descriptors.
 message Platform {
-	string os = 1 [(gogoproto.customname) = "OS"];
+	string os = 1;
 	string architecture = 2;
 	string variant = 3;
+	string os_version = 4;
 }

crates/client/vendor/github.com/containerd/containerd/api/types/runc/options/oci.proto

@@ -0,0 +1,63 @@
+syntax = "proto3";
+
+package containerd.runc.v1;
+
+option go_package = "github.com/containerd/containerd/api/types/runc/options;options";
+
+message Options {
+	// disable pivot root when creating a container
+	bool no_pivot_root = 1;
+	// create a new keyring for the container
+	bool no_new_keyring = 2;
+	// place the shim in a cgroup
+	string shim_cgroup = 3;
+	// set the I/O's pipes uid
+	uint32 io_uid = 4;
+	// set the I/O's pipes gid
+	uint32 io_gid = 5;
+	// binary name of the runc binary
+	string binary_name = 6;
+	// runc root directory
+	string root = 7;
+	// criu binary path.
+	//
+	// Removed in containerd v2.0: string criu_path = 8;
+	reserved 8;
+	// enable systemd cgroups
+	bool systemd_cgroup = 9;
+	// criu image path
+	string criu_image_path = 10;
+	// criu work path
+	string criu_work_path = 11;
+	// task api address, can be a unix domain socket, or vsock address.
+	// it is in the form of ttrpc+unix://path/to/uds or grpc+vsock://<vsock cid>:<port>.
+	string task_api_address = 12;
+	// task api version, currently supported value is 2 and 3.
+	uint32 task_api_version = 13;
+}
+
+message CheckpointOptions {
+	// exit the container after a checkpoint
+	bool exit = 1;
+	// checkpoint open tcp connections
+	bool open_tcp = 2;
+	// checkpoint external unix sockets
+	bool external_unix_sockets = 3;
+	// checkpoint terminals (ptys)
+	bool terminal = 4;
+	// allow checkpointing of file locks
+	bool file_locks = 5;
+	// restore provided namespaces as empty namespaces
+	repeated string empty_namespaces = 6;
+	// set the cgroups mode, soft, full, strict
+	string cgroups_mode = 7;
+	// checkpoint image path
+	string image_path = 8;
+	// checkpoint work path
+	string work_path = 9;
+}
+
+message ProcessDetails {
+	// exec process id if the process is managed by a shim
+	string exec_id = 1;
+}

crates/client/vendor/github.com/containerd/containerd/api/types/runtimeoptions/v1/api.proto

@@ -0,0 +1,17 @@
+// To regenerate api.pb.go run `make protos`
+syntax = "proto3";
+
+package runtimeoptions.v1;
+
+option go_package = "github.com/containerd/containerd/api/types/runtimeoptions/v1;runtimeoptions";
+
+message Options {
+	// TypeUrl specifies the type of the content inside the config file.
+	string type_url = 1;
+	// ConfigPath specifies the filesystem location of the config file
+	// used by the runtime.
+	string config_path = 2;
+	// Blob specifies an in-memory TOML blob passed from containerd's configuration section
+	// for this runtime. This will be used if config_path is not specified.
+	bytes config_body = 3;
+}

crates/client/vendor/github.com/containerd/containerd/api/types/sandbox.proto

@@ -26,26 +26,29 @@ option go_package = "github.com/containerd/containerd/api/types;types";
 // Sandbox represents a sandbox metadata object that keeps all info required by controller to
 // work with a particular instance.
 message Sandbox {
-    // SandboxID is a unique instance identifier within namespace
-    string sandbox_id = 1;
-    message Runtime {
-        // Name is the name of the runtime.
-        string name = 1;
-        // Options specify additional runtime initialization options for the shim (this data will be available in StartShim).
-        // Typically this data expected to be runtime shim implementation specific.
-        google.protobuf.Any options = 2;
-    }
-    // Runtime specifies which runtime to use for executing this container.
-    Runtime runtime = 2;
-    // Spec is sandbox configuration (kin of OCI runtime spec), spec's data will be written to a config.json file in the
-    // bundle directory (similary to OCI spec).
-    google.protobuf.Any spec = 3;
-    // Labels provides an area to include arbitrary data on containers.
-    map<string, string> labels  = 4;
-    // CreatedAt is the time the container was first created.
-    google.protobuf.Timestamp created_at = 5;
-    // UpdatedAt is the last time the container was mutated.
-    google.protobuf.Timestamp updated_at = 6;
-    // Extensions allow clients to provide optional blobs that can be handled by runtime.
-    map<string, google.protobuf.Any> extensions = 7;
-}
+	// SandboxID is a unique instance identifier within namespace
+	string sandbox_id = 1;
+	message Runtime {
+		// Name is the name of the runtime.
+		string name = 1;
+		// Options specify additional runtime initialization options for the shim (this data will be available in StartShim).
+		// Typically this data expected to be runtime shim implementation specific.
+		google.protobuf.Any options = 2;
+	}
+	// Runtime specifies which runtime to use for executing this container.
+	Runtime runtime = 2;
+	// Spec is sandbox configuration (kin of OCI runtime spec), spec's data will be written to a config.json file in the
+	// bundle directory (similary to OCI spec).
+	google.protobuf.Any spec = 3;
+	// Labels provides an area to include arbitrary data on containers.
+	map<string, string> labels = 4;
+	// CreatedAt is the time the container was first created.
+	google.protobuf.Timestamp created_at = 5;
+	// UpdatedAt is the last time the container was mutated.
+	google.protobuf.Timestamp updated_at = 6;
+	// Extensions allow clients to provide optional blobs that can be handled by runtime.
+	map<string, google.protobuf.Any> extensions = 7;
+	// Sandboxer is the name of the sandbox controller who manages the sandbox.
+	string sandboxer = 10;
+
+}

crates/client/vendor/github.com/containerd/containerd/api/types/task/task.proto

@@ -18,20 +18,18 @@ syntax = "proto3";
 
 package containerd.v1.types;
 
-import weak "gogoproto/gogo.proto";
 import "google/protobuf/timestamp.proto";
 import "google/protobuf/any.proto";
 
-enum Status {
-	option (gogoproto.goproto_enum_prefix) = false;
-	option (gogoproto.enum_customname) = "Status";
+option go_package = "github.com/containerd/containerd/api/types/task";
 
-	UNKNOWN = 0 [(gogoproto.enumvalue_customname) = "StatusUnknown"];
-	CREATED = 1 [(gogoproto.enumvalue_customname) = "StatusCreated"];
-	RUNNING = 2 [(gogoproto.enumvalue_customname) = "StatusRunning"];
-	STOPPED = 3 [(gogoproto.enumvalue_customname) = "StatusStopped"];
-	PAUSED = 4 [(gogoproto.enumvalue_customname) = "StatusPaused"];
-	PAUSING = 5 [(gogoproto.enumvalue_customname) = "StatusPausing"];
+enum Status {
+	UNKNOWN = 0;
+	CREATED = 1;
+	RUNNING = 2;
+	STOPPED = 3;
+	PAUSED = 4;
+	PAUSING = 5;
 }
 
 message Process {
@@ -44,7 +42,7 @@ message Process {
 	string stderr = 7;
 	bool terminal = 8;
 	uint32 exit_status = 9;
-	google.protobuf.Timestamp exited_at = 10 [(gogoproto.stdtime) = true, (gogoproto.nullable) = false];
+	google.protobuf.Timestamp exited_at = 10;
 }
 
 message ProcessInfo {

crates/client/vendor/github.com/containerd/containerd/api/types/transfer/imagestore.proto

@@ -0,0 +1,82 @@
+/*
+	Copyright The containerd Authors.
+
+	Licensed under the Apache License, Version 2.0 (the "License");
+	you may not use this file except in compliance with the License.
+	You may obtain a copy of the License at
+
+		http://www.apache.org/licenses/LICENSE-2.0
+
+	Unless required by applicable law or agreed to in writing, software
+	distributed under the License is distributed on an "AS IS" BASIS,
+	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+	See the License for the specific language governing permissions and
+	limitations under the License.
+*/
+
+syntax = "proto3";
+
+package containerd.types.transfer;
+
+import "github.com/containerd/containerd/api/types/platform.proto";
+
+option go_package = "github.com/containerd/containerd/api/types/transfer";
+
+message ImageStore {
+	string name = 1;
+	map<string, string> labels = 2;
+
+	// Content filters
+
+	repeated types.Platform platforms = 3;
+	bool all_metadata = 4;
+	uint32 manifest_limit = 5;
+
+	// Import naming
+
+	// extra_references are used to set image names on imports of sub-images from the index
+	repeated ImageReference extra_references = 6;
+
+	// Unpack Configuration, multiple allowed
+
+	repeated UnpackConfiguration unpacks = 10;
+}
+
+message UnpackConfiguration {
+	// platform is the platform to unpack for, used for resolving manifest and snapshotter
+	// if not provided
+	types.Platform platform = 1;
+
+	// snapshotter to unpack to, if not provided default for platform shoudl be used
+	string snapshotter = 2;
+}
+
+// ImageReference is used to create or find a reference for an image
+message ImageReference {
+	string name = 1;
+
+	// is_prefix determines whether the Name should be considered
+	// a prefix (without tag or digest).
+	// For lookup, this may allow matching multiple tags.
+	// For store, this must have a tag or digest added.
+	bool is_prefix = 2;
+
+	// allow_overwrite allows overwriting or ignoring the name if
+	// another reference is provided (such as through an annotation).
+	// Only used if IsPrefix is true.
+	bool allow_overwrite = 3;
+
+	// add_digest adds the manifest digest to the reference.
+	// For lookup, this allows matching tags with any digest.
+	// For store, this allows adding the digest to the name.
+	// Only used if IsPrefix is true.
+	bool add_digest = 4;
+
+	// skip_named_digest only considers digest references which do not
+	// have a non-digested named reference.
+	// For lookup, this will deduplicate digest references when there is a named match.
+	// For store, this only adds this digest reference when there is no matching full
+	// name reference from the prefix.
+	// Only used if IsPrefix is true.
+	bool skip_named_digest = 5;
+}

crates/client/vendor/github.com/containerd/containerd/api/types/transfer/importexport.proto

@@ -0,0 +1,52 @@
+/*
+	Copyright The containerd Authors.
+
+	Licensed under the Apache License, Version 2.0 (the "License");
+	you may not use this file except in compliance with the License.
+	You may obtain a copy of the License at
+
+		http://www.apache.org/licenses/LICENSE-2.0
+
+	Unless required by applicable law or agreed to in writing, software
+	distributed under the License is distributed on an "AS IS" BASIS,
+	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+	See the License for the specific language governing permissions and
+	limitations under the License.
+*/
+
+syntax = "proto3";
+
+package containerd.types.transfer;
+
+option go_package = "github.com/containerd/containerd/api/types/transfer";
+
+import "github.com/containerd/containerd/api/types/platform.proto";
+
+message ImageImportStream {
+	// Stream is used to identify the binary input stream for the import operation.
+	// The stream uses the transfer binary stream protocol with the client as the sender.
+	// The binary data is expected to be a raw tar stream.
+	string stream = 1;
+
+	string media_type = 2;
+
+	bool force_compress = 3;
+}
+
+message ImageExportStream {
+	// Stream is used to identify the binary output stream for the export operation.
+	// The stream uses the transfer binary stream protocol with the server as the sender.
+	// The binary data is expected to be a raw tar stream.
+	string stream = 1;
+
+	string media_type = 2;
+
+	// The specified platforms
+	repeated types.Platform platforms = 3;
+	// Whether to include all platforms
+	bool all_platforms = 4;
+	// Skips the creation of the Docker compatible manifest.json file
+	bool skip_compatibility_manifest = 5;
+	// Excludes non-distributable blobs such as Windows base layers.
+	bool skip_non_distributable = 6;
+}

crates/client/vendor/github.com/containerd/containerd/api/types/transfer/progress.proto

@@ -0,0 +1,32 @@
+/*
+	Copyright The containerd Authors.
+
+	Licensed under the Apache License, Version 2.0 (the "License");
+	you may not use this file except in compliance with the License.
+	You may obtain a copy of the License at
+
+		http://www.apache.org/licenses/LICENSE-2.0
+
+	Unless required by applicable law or agreed to in writing, software
+	distributed under the License is distributed on an "AS IS" BASIS,
+	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+	See the License for the specific language governing permissions and
+	limitations under the License.
+*/
+
+syntax = "proto3";
+
+package containerd.types.transfer;
+
+import "github.com/containerd/containerd/api/types/descriptor.proto";
+
+option go_package = "github.com/containerd/containerd/api/types/transfer";
+
+message Progress {
+	string event = 1;
+	string name = 2;
+	repeated string parents = 3;
+	int64 progress = 4;
+	int64 total = 5;
+	containerd.types.Descriptor desc = 6;
+}

crates/client/vendor/github.com/containerd/containerd/api/types/transfer/registry.proto

@@ -0,0 +1,97 @@
+/*
+	Copyright The containerd Authors.
+
+	Licensed under the Apache License, Version 2.0 (the "License");
+	you may not use this file except in compliance with the License.
+	You may obtain a copy of the License at
+
+		http://www.apache.org/licenses/LICENSE-2.0
+
+	Unless required by applicable law or agreed to in writing, software
+	distributed under the License is distributed on an "AS IS" BASIS,
+	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+	See the License for the specific language governing permissions and
+	limitations under the License.
+*/
+
+syntax = "proto3";
+
+package containerd.types.transfer;
+
+import "google/protobuf/timestamp.proto";
+
+option go_package = "github.com/containerd/containerd/api/types/transfer";
+
+message OCIRegistry {
+	string reference = 1;
+	RegistryResolver resolver = 2;
+}
+
+enum HTTPDebug {
+	DISABLED = 0;
+	// Enable HTTP debugging
+	DEBUG = 1;
+	// Enable HTTP requests tracing
+	TRACE = 2;
+	// Enable both HTTP debugging and requests tracing
+	BOTH = 3;
+}
+
+message RegistryResolver {
+	// auth_stream is used to refer to a stream which auth callbacks may be
+	// made on.
+	string auth_stream = 1;
+
+	// Headers
+	map<string, string> headers = 2;
+
+	string host_dir = 3;
+
+	string default_scheme = 4;
+	// Force skip verify
+	// CA callback? Client TLS callback?
+
+	// Whether to debug/trace HTTP requests to OCI registry.
+	HTTPDebug http_debug = 5;
+
+	// Stream ID to use for HTTP logs (when logs are streamed to client).
+	// When empty, logs are written to containerd logs.
+	string logs_stream = 6;
+}
+
+// AuthRequest is sent as a callback on a stream
+message AuthRequest {
+	// host is the registry host
+	string host = 1;
+
+	// reference is the namespace and repository name requested from the registry
+	string reference = 2;
+
+	// wwwauthenticate is the HTTP WWW-Authenticate header values returned from the registry
+	repeated string wwwauthenticate = 3;
+}
+
+enum AuthType {
+	NONE = 0;
+
+	// CREDENTIALS is used to exchange username/password for access token
+	// using an oauth or "Docker Registry Token" server
+	CREDENTIALS = 1;
+
+	// REFRESH is used to exchange secret for access token using an oauth
+	// or "Docker Registry Token" server
+	REFRESH = 2;
+
+	// HEADER is used to set the HTTP Authorization header to secret
+	// directly for the registry.
+	// Value should be `<auth-scheme> <authorization-parameters>`
+	HEADER = 3;
+}
+
+message AuthResponse {
+	AuthType authType = 1;
+	string secret = 2;
+	string username = 3;
+	google.protobuf.Timestamp expire_at = 4;
+	// TODO: Stream error
+}

crates/client/vendor/github.com/containerd/containerd/api/types/transfer/streaming.proto

@@ -0,0 +1,29 @@
+/*
+	Copyright The containerd Authors.
+
+	Licensed under the Apache License, Version 2.0 (the "License");
+	you may not use this file except in compliance with the License.
+	You may obtain a copy of the License at
+
+		http://www.apache.org/licenses/LICENSE-2.0
+
+	Unless required by applicable law or agreed to in writing, software
+	distributed under the License is distributed on an "AS IS" BASIS,
+	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+	See the License for the specific language governing permissions and
+	limitations under the License.
+*/
+
+syntax = "proto3";
+
+package containerd.types.transfer;
+
+option go_package = "github.com/containerd/containerd/api/types/transfer";
+
+message Data {
+	bytes data = 1;
+}
+
+message WindowUpdate {
+	int32 update = 1;
+}

crates/client/vendor/github.com/containerd/containerd/vendor/github.com/containerd/containerd/api/events/container.proto

@@ -0,0 +1,46 @@
+/*
+	Copyright The containerd Authors.
+
+	Licensed under the Apache License, Version 2.0 (the "License");
+	you may not use this file except in compliance with the License.
+	You may obtain a copy of the License at
+
+		http://www.apache.org/licenses/LICENSE-2.0
+
+	Unless required by applicable law or agreed to in writing, software
+	distributed under the License is distributed on an "AS IS" BASIS,
+	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+	See the License for the specific language governing permissions and
+	limitations under the License.
+*/
+
+syntax = "proto3";
+
+package containerd.events;
+
+import "google/protobuf/any.proto";
+import "github.com/containerd/containerd/api/types/fieldpath.proto";
+
+option go_package = "github.com/containerd/containerd/api/events;events";
+option (containerd.types.fieldpath_all) = true;
+
+message ContainerCreate {
+	string id = 1;
+	string image = 2;
+	message Runtime {
+		string name = 1;
+		google.protobuf.Any options = 2;
+	}
+	Runtime runtime = 3;
+}
+
+message ContainerUpdate {
+	string id = 1;
+	string image = 2;
+	map<string, string> labels  = 3;
+	string snapshot_key = 4;
+}
+
+message ContainerDelete {
+	string id = 1;
+}

crates/client/vendor/github.com/containerd/containerd/vendor/github.com/containerd/containerd/api/events/content.proto

@@ -0,0 +1,33 @@
+/*
+	Copyright The containerd Authors.
+
+	Licensed under the Apache License, Version 2.0 (the "License");
+	you may not use this file except in compliance with the License.
+	You may obtain a copy of the License at
+
+		http://www.apache.org/licenses/LICENSE-2.0
+
+	Unless required by applicable law or agreed to in writing, software
+	distributed under the License is distributed on an "AS IS" BASIS,
+	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+	See the License for the specific language governing permissions and
+	limitations under the License.
+*/
+
+syntax = "proto3";
+
+package containerd.events;
+
+import "github.com/containerd/containerd/api/types/fieldpath.proto";
+
+option go_package = "github.com/containerd/containerd/api/events;events";
+option (containerd.types.fieldpath_all) = true;
+
+message ContentCreate {
+	string digest = 1;
+	int64 size = 2;
+}
+
+message ContentDelete {
+	string digest = 1;
+}

crates/client/vendor/github.com/containerd/containerd/vendor/github.com/containerd/containerd/api/events/image.proto

@@ -0,0 +1,38 @@
+/*
+	Copyright The containerd Authors.
+
+	Licensed under the Apache License, Version 2.0 (the "License");
+	you may not use this file except in compliance with the License.
+	You may obtain a copy of the License at
+
+		http://www.apache.org/licenses/LICENSE-2.0
+
+	Unless required by applicable law or agreed to in writing, software
+	distributed under the License is distributed on an "AS IS" BASIS,
+	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+	See the License for the specific language governing permissions and
+	limitations under the License.
+*/
+
+syntax = "proto3";
+
+package containerd.services.images.v1;
+
+import "github.com/containerd/containerd/api/types/fieldpath.proto";
+
+option go_package = "github.com/containerd/containerd/api/events;events";
+option (containerd.types.fieldpath_all) = true;
+
+message ImageCreate {
+	string name = 1;
+	map<string, string> labels = 2;
+}
+
+message ImageUpdate {
+	string name = 1;
+	map<string, string> labels = 2;
+}
+
+message ImageDelete {
+	string name = 1;
+}

crates/client/vendor/github.com/containerd/containerd/vendor/github.com/containerd/containerd/api/events/namespace.proto

@@ -0,0 +1,38 @@
+/*
+	Copyright The containerd Authors.
+
+	Licensed under the Apache License, Version 2.0 (the "License");
+	you may not use this file except in compliance with the License.
+	You may obtain a copy of the License at
+
+		http://www.apache.org/licenses/LICENSE-2.0
+
+	Unless required by applicable law or agreed to in writing, software
+	distributed under the License is distributed on an "AS IS" BASIS,
+	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+	See the License for the specific language governing permissions and
+	limitations under the License.
+*/
+
+syntax = "proto3";
+
+package containerd.events;
+
+import "github.com/containerd/containerd/api/types/fieldpath.proto";
+
+option go_package = "github.com/containerd/containerd/api/events;events";
+option (containerd.types.fieldpath_all) = true;
+
+message NamespaceCreate {
+	string name = 1;
+	map<string, string> labels  = 2;
+}
+
+message NamespaceUpdate {
+	string name = 1;
+	map<string, string> labels  = 2;
+}
+
+message NamespaceDelete {
+	string name = 1;
+}

crates/client/vendor/github.com/containerd/containerd/vendor/github.com/containerd/containerd/api/events/sandbox.proto

@@ -0,0 +1,37 @@
+/*
+	Copyright The containerd Authors.
+
+	Licensed under the Apache License, Version 2.0 (the "License");
+	you may not use this file except in compliance with the License.
+	You may obtain a copy of the License at
+
+		http://www.apache.org/licenses/LICENSE-2.0
+
+	Unless required by applicable law or agreed to in writing, software
+	distributed under the License is distributed on an "AS IS" BASIS,
+	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+	See the License for the specific language governing permissions and
+	limitations under the License.
+*/
+
+syntax = "proto3";
+
+package containerd.events;
+
+import "google/protobuf/timestamp.proto";
+
+option go_package = "github.com/containerd/containerd/api/events;events";
+
+message SandboxCreate {
+	string sandbox_id = 1;
+}
+
+message SandboxStart {
+	string sandbox_id = 1;
+}
+
+message SandboxExit {
+	string sandbox_id = 1;
+	uint32 exit_status = 2;
+	google.protobuf.Timestamp exited_at = 3;
+}

crates/client/vendor/github.com/containerd/containerd/vendor/github.com/containerd/containerd/api/events/snapshot.proto

@@ -0,0 +1,41 @@
+/*
+	Copyright The containerd Authors.
+
+	Licensed under the Apache License, Version 2.0 (the "License");
+	you may not use this file except in compliance with the License.
+	You may obtain a copy of the License at
+
+		http://www.apache.org/licenses/LICENSE-2.0
+
+	Unless required by applicable law or agreed to in writing, software
+	distributed under the License is distributed on an "AS IS" BASIS,
+	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+	See the License for the specific language governing permissions and
+	limitations under the License.
+*/
+
+syntax = "proto3";
+
+package containerd.events;
+
+import "github.com/containerd/containerd/api/types/fieldpath.proto";
+
+option go_package = "github.com/containerd/containerd/api/events;events";
+option (containerd.types.fieldpath_all) = true;
+
+message SnapshotPrepare {
+	string key = 1;
+	string parent = 2;
+	string snapshotter = 5;
+}
+
+message SnapshotCommit {
+	string key = 1;
+	string name = 2;
+	string snapshotter = 5;
+}
+
+message SnapshotRemove {
+	string key = 1;
+	string snapshotter = 5;
+}

crates/client/vendor/github.com/containerd/containerd/vendor/github.com/containerd/containerd/api/events/task.proto

@@ -0,0 +1,93 @@
+/*
+	Copyright The containerd Authors.
+
+	Licensed under the Apache License, Version 2.0 (the "License");
+	you may not use this file except in compliance with the License.
+	You may obtain a copy of the License at
+
+		http://www.apache.org/licenses/LICENSE-2.0
+
+	Unless required by applicable law or agreed to in writing, software
+	distributed under the License is distributed on an "AS IS" BASIS,
+	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+	See the License for the specific language governing permissions and
+	limitations under the License.
+*/
+
+syntax = "proto3";
+
+package containerd.events;
+
+import "google/protobuf/timestamp.proto";
+import "github.com/containerd/containerd/api/types/mount.proto";
+import "github.com/containerd/containerd/api/types/fieldpath.proto";
+
+option go_package = "github.com/containerd/containerd/api/events;events";
+option (containerd.types.fieldpath_all) = true;
+
+message TaskCreate {
+	string container_id = 1;
+	string bundle = 2;
+	repeated containerd.types.Mount rootfs = 3;
+	TaskIO io = 4;
+	string checkpoint = 5;
+	uint32 pid = 6;
+}
+
+message TaskStart {
+	string container_id = 1;
+	uint32 pid = 2;
+}
+
+message TaskDelete {
+	string container_id = 1;
+	uint32 pid = 2;
+	uint32 exit_status = 3;
+	google.protobuf.Timestamp exited_at = 4;
+	// id is the specific exec. By default if omitted will be `""` thus matches
+	// the init exec of the task matching `container_id`.
+	string id = 5;
+}
+
+message TaskIO {
+	string stdin = 1;
+	string stdout = 2;
+	string stderr = 3;
+	bool terminal = 4;
+}
+
+message TaskExit {
+	string container_id = 1;
+	string id = 2;
+	uint32 pid = 3;
+	uint32 exit_status = 4;
+	google.protobuf.Timestamp exited_at = 5;
+}
+
+message TaskOOM {
+	string container_id = 1;
+}
+
+message TaskExecAdded {
+	string container_id = 1;
+	string exec_id = 2;
+}
+
+message TaskExecStarted {
+	string container_id = 1;
+	string exec_id = 2;
+	uint32 pid = 3;
+}
+
+message TaskPaused {
+	string container_id = 1;
+}
+
+message TaskResumed {
+	string container_id = 1;
+}
+
+message TaskCheckpointed {
+	string container_id = 1;
+	string checkpoint = 2;
+}

crates/client/vendor/github.com/containerd/containerd/vendor/github.com/containerd/containerd/api/services/containers/v1/containers.proto

@@ -0,0 +1,181 @@
+/*
+	Copyright The containerd Authors.
+
+	Licensed under the Apache License, Version 2.0 (the "License");
+	you may not use this file except in compliance with the License.
+	You may obtain a copy of the License at
+
+		http://www.apache.org/licenses/LICENSE-2.0
+
+	Unless required by applicable law or agreed to in writing, software
+	distributed under the License is distributed on an "AS IS" BASIS,
+	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+	See the License for the specific language governing permissions and
+	limitations under the License.
+*/
+
+syntax = "proto3";
+
+package containerd.services.containers.v1;
+
+import "google/protobuf/any.proto";
+import "google/protobuf/empty.proto";
+import "google/protobuf/field_mask.proto";
+import "google/protobuf/timestamp.proto";
+
+option go_package = "github.com/containerd/containerd/api/services/containers/v1;containers";
+
+// Containers provides metadata storage for containers used in the execution
+// service.
+//
+// The objects here provide an state-independent view of containers for use in
+// management and resource pinning. From that perspective, containers do not
+// have a "state" but rather this is the set of resources that will be
+// considered in use by the container.
+//
+// From the perspective of the execution service, these objects represent the
+// base parameters for creating a container process.
+//
+// In general, when looking to add fields for this type, first ask yourself
+// whether or not the function of the field has to do with runtime execution or
+// is invariant of the runtime state of the container. If it has to do with
+// runtime, or changes as the "container" is started and stops, it probably
+// doesn't belong on this object.
+service Containers {
+	rpc Get(GetContainerRequest) returns (GetContainerResponse);
+	rpc List(ListContainersRequest) returns (ListContainersResponse);
+	rpc ListStream(ListContainersRequest) returns (stream ListContainerMessage);
+	rpc Create(CreateContainerRequest) returns (CreateContainerResponse);
+	rpc Update(UpdateContainerRequest) returns (UpdateContainerResponse);
+	rpc Delete(DeleteContainerRequest) returns (google.protobuf.Empty);
+}
+
+message Container {
+	// ID is the user-specified identifier.
+	//
+	// This field may not be updated.
+	string id = 1;
+
+	// Labels provides an area to include arbitrary data on containers.
+	//
+	// The combined size of a key/value pair cannot exceed 4096 bytes.
+	//
+	// Note that to add a new value to this field, read the existing set and
+	// include the entire result in the update call.
+	map<string, string> labels  = 2;
+
+	// Image contains the reference of the image used to build the
+	// specification and snapshots for running this container.
+	//
+	// If this field is updated, the spec and rootfs needed to updated, as well.
+	string image = 3;
+
+	message Runtime {
+		// Name is the name of the runtime.
+		string name = 1;
+		// Options specify additional runtime initialization options.
+		google.protobuf.Any options = 2;
+	}
+	// Runtime specifies which runtime to use for executing this container.
+	Runtime runtime = 4;
+
+	// Spec to be used when creating the container. This is runtime specific.
+	google.protobuf.Any spec = 5;
+
+	// Snapshotter specifies the snapshotter name used for rootfs
+	string snapshotter = 6;
+
+	// SnapshotKey specifies the snapshot key to use for the container's root
+	// filesystem. When starting a task from this container, a caller should
+	// look up the mounts from the snapshot service and include those on the
+	// task create request.
+	//
+	// Snapshots referenced in this field will not be garbage collected.
+	//
+	// This field is set to empty when the rootfs is not a snapshot.
+	//
+	// This field may be updated.
+	string snapshot_key = 7;
+
+	// CreatedAt is the time the container was first created.
+	google.protobuf.Timestamp created_at = 8;
+
+	// UpdatedAt is the last time the container was mutated.
+	google.protobuf.Timestamp updated_at = 9;
+
+	// Extensions allow clients to provide zero or more blobs that are directly
+	// associated with the container. One may provide protobuf, json, or other
+	// encoding formats. The primary use of this is to further decorate the
+	// container object with fields that may be specific to a client integration.
+	//
+	// The key portion of this map should identify a "name" for the extension
+	// that should be unique against other extensions. When updating extension
+	// data, one should only update the specified extension using field paths
+	// to select a specific map key.
+	map<string, google.protobuf.Any> extensions = 10;
+
+	// Sandbox ID this container belongs to.
+	string sandbox = 11;
+}
+
+message GetContainerRequest {
+	string id = 1;
+}
+
+message GetContainerResponse {
+	Container container = 1;
+}
+
+message ListContainersRequest {
+	// Filters contains one or more filters using the syntax defined in the
+	// containerd filter package.
+	//
+	// The returned result will be those that match any of the provided
+	// filters. Expanded, containers that match the following will be
+	// returned:
+	//
+	//	filters[0] or filters[1] or ... or filters[n-1] or filters[n]
+	//
+	// If filters is zero-length or nil, all items will be returned.
+	repeated string filters = 1;
+}
+
+message ListContainersResponse {
+	repeated Container containers = 1;
+}
+
+message CreateContainerRequest {
+	Container container = 1;
+}
+
+message CreateContainerResponse {
+	Container container = 1;
+}
+
+// UpdateContainerRequest updates the metadata on one or more container.
+//
+// The operation should follow semantics described in
+// https://developers.google.com/protocol-buffers/docs/reference/csharp/class/google/protobuf/well-known-types/field-mask,
+// unless otherwise qualified.
+message UpdateContainerRequest {
+	// Container provides the target values, as declared by the mask, for the update.
+	//
+	// The ID field must be set.
+	Container container = 1;
+
+	// UpdateMask specifies which fields to perform the update on. If empty,
+	// the operation applies to all fields.
+	google.protobuf.FieldMask update_mask = 2;
+}
+
+message UpdateContainerResponse {
+	Container container = 1;
+}
+
+message DeleteContainerRequest {
+	string id = 1;
+}
+
+message ListContainerMessage {
+	Container container = 1;
+}

crates/client/vendor/github.com/containerd/containerd/vendor/github.com/containerd/containerd/api/services/content/v1/content.proto

@@ -0,0 +1,330 @@
+/*
+	Copyright The containerd Authors.
+
+	Licensed under the Apache License, Version 2.0 (the "License");
+	you may not use this file except in compliance with the License.
+	You may obtain a copy of the License at
+
+		http://www.apache.org/licenses/LICENSE-2.0
+
+	Unless required by applicable law or agreed to in writing, software
+	distributed under the License is distributed on an "AS IS" BASIS,
+	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+	See the License for the specific language governing permissions and
+	limitations under the License.
+*/
+
+syntax = "proto3";
+
+package containerd.services.content.v1;
+
+import "google/protobuf/field_mask.proto";
+import "google/protobuf/timestamp.proto";
+import "google/protobuf/empty.proto";
+
+option go_package = "github.com/containerd/containerd/api/services/content/v1;content";
+
+// Content provides access to a content addressable storage system.
+service Content {
+	// Info returns information about a committed object.
+	//
+	// This call can be used for getting the size of content and checking for
+	// existence.
+	rpc Info(InfoRequest) returns (InfoResponse);
+
+	// Update updates content metadata.
+	//
+	// This call can be used to manage the mutable content labels. The
+	// immutable metadata such as digest, size, and committed at cannot
+	// be updated.
+	rpc Update(UpdateRequest) returns (UpdateResponse);
+
+	// List streams the entire set of content as Info objects and closes the
+	// stream.
+	//
+	// Typically, this will yield a large response, chunked into messages.
+	// Clients should make provisions to ensure they can handle the entire data
+	// set.
+	rpc List(ListContentRequest) returns (stream ListContentResponse);
+
+	// Delete will delete the referenced object.
+	rpc Delete(DeleteContentRequest) returns (google.protobuf.Empty);
+
+	// Read allows one to read an object based on the offset into the content.
+	//
+	// The requested data may be returned in one or more messages.
+	rpc Read(ReadContentRequest) returns (stream ReadContentResponse);
+
+	// Status returns the status for a single reference.
+	rpc Status(StatusRequest) returns (StatusResponse);
+
+	// ListStatuses returns the status of ongoing object ingestions, started via
+	// Write.
+	//
+	// Only those matching the regular expression will be provided in the
+	// response. If the provided regular expression is empty, all ingestions
+	// will be provided.
+	rpc ListStatuses(ListStatusesRequest) returns (ListStatusesResponse);
+
+	// Write begins or resumes writes to a resource identified by a unique ref.
+	// Only one active stream may exist at a time for each ref.
+	//
+	// Once a write stream has started, it may only write to a single ref, thus
+	// once a stream is started, the ref may be omitted on subsequent writes.
+	//
+	// For any write transaction represented by a ref, only a single write may
+	// be made to a given offset. If overlapping writes occur, it is an error.
+	// Writes should be sequential and implementations may throw an error if
+	// this is required.
+	//
+	// If expected_digest is set and already part of the content store, the
+	// write will fail.
+	//
+	// When completed, the commit flag should be set to true. If expected size
+	// or digest is set, the content will be validated against those values.
+	rpc Write(stream WriteContentRequest) returns (stream WriteContentResponse);
+
+	// Abort cancels the ongoing write named in the request. Any resources
+	// associated with the write will be collected.
+	rpc Abort(AbortRequest) returns (google.protobuf.Empty);
+}
+
+message Info {
+	// Digest is the hash identity of the blob.
+	string digest = 1;
+
+	// Size is the total number of bytes in the blob.
+	int64 size = 2;
+
+	// CreatedAt provides the time at which the blob was committed.
+	google.protobuf.Timestamp created_at = 3;
+
+	// UpdatedAt provides the time the info was last updated.
+	google.protobuf.Timestamp updated_at = 4;
+
+	// Labels are arbitrary data on snapshots.
+	//
+	// The combined size of a key/value pair cannot exceed 4096 bytes.
+	map<string, string> labels  = 5;
+}
+
+message InfoRequest {
+	string digest = 1;
+}
+
+message InfoResponse {
+	Info info = 1;
+}
+
+message UpdateRequest {
+	Info info = 1;
+
+	// UpdateMask specifies which fields to perform the update on. If empty,
+	// the operation applies to all fields.
+	//
+	// In info, Digest, Size, and CreatedAt are immutable,
+	// other field may be updated using this mask.
+	// If no mask is provided, all mutable field are updated.
+	google.protobuf.FieldMask update_mask = 2;
+}
+
+message UpdateResponse {
+	Info info = 1;
+}
+
+message ListContentRequest {
+	// Filters contains one or more filters using the syntax defined in the
+	// containerd filter package.
+	//
+	// The returned result will be those that match any of the provided
+	// filters. Expanded, containers that match the following will be
+	// returned:
+	//
+	//	filters[0] or filters[1] or ... or filters[n-1] or filters[n]
+	//
+	// If filters is zero-length or nil, all items will be returned.
+	repeated string filters = 1;
+}
+
+message ListContentResponse {
+	repeated Info info = 1;
+}
+
+message DeleteContentRequest {
+	// Digest specifies which content to delete.
+	string digest = 1;
+}
+
+// ReadContentRequest defines the fields that make up a request to read a portion of
+// data from a stored object.
+message ReadContentRequest {
+	// Digest is the hash identity to read.
+	string digest = 1;
+
+	// Offset specifies the number of bytes from the start at which to begin
+	// the read. If zero or less, the read will be from the start. This uses
+	// standard zero-indexed semantics.
+	int64 offset = 2;
+
+	// size is the total size of the read. If zero, the entire blob will be
+	// returned by the service.
+	int64 size = 3;
+}
+
+// ReadContentResponse carries byte data for a read request.
+message ReadContentResponse {
+	int64 offset = 1; // offset of the returned data
+	bytes data = 2; // actual data
+}
+
+message Status {
+	google.protobuf.Timestamp started_at = 1;
+	google.protobuf.Timestamp updated_at = 2;
+	string ref = 3;
+	int64 offset = 4;
+	int64 total = 5;
+	string expected = 6;
+}
+
+
+message StatusRequest {
+	string ref = 1;
+}
+
+message StatusResponse {
+	Status status = 1;
+}
+
+message ListStatusesRequest {
+	repeated string filters = 1;
+}
+
+message ListStatusesResponse {
+	repeated Status statuses = 1;
+}
+
+// WriteAction defines the behavior of a WriteRequest.
+enum WriteAction {
+	// WriteActionStat instructs the writer to return the current status while
+	// holding the lock on the write.
+	STAT = 0;
+
+	// WriteActionWrite sets the action for the write request to write data.
+	//
+	// Any data included will be written at the provided offset. The
+	// transaction will be left open for further writes.
+	//
+	// This is the default.
+	WRITE = 1;
+
+	// WriteActionCommit will write any outstanding data in the message and
+	// commit the write, storing it under the digest.
+	//
+	// This can be used in a single message to send the data, verify it and
+	// commit it.
+	//
+	// This action will always terminate the write.
+	COMMIT = 2;
+}
+
+// WriteContentRequest writes data to the request ref at offset.
+message WriteContentRequest {
+	// Action sets the behavior of the write.
+	//
+	// When this is a write and the ref is not yet allocated, the ref will be
+	// allocated and the data will be written at offset.
+	//
+	// If the action is write and the ref is allocated, it will accept data to
+	// an offset that has not yet been written.
+	//
+	// If the action is write and there is no data, the current write status
+	// will be returned. This works differently from status because the stream
+	// holds a lock.
+	WriteAction action = 1;
+
+	// Ref identifies the pre-commit object to write to.
+	string ref = 2;
+
+	// Total can be set to have the service validate the total size of the
+	// committed content.
+	//
+	// The latest value before or with the commit action message will be use to
+	// validate the content. If the offset overflows total, the service may
+	// report an error. It is only required on one message for the write.
+	//
+	// If the value is zero or less, no validation of the final content will be
+	// performed.
+	int64 total = 3;
+
+	// Expected can be set to have the service validate the final content against
+	// the provided digest.
+	//
+	// If the digest is already present in the object store, an AlreadyExists
+	// error will be returned.
+	//
+	// Only the latest version will be used to check the content against the
+	// digest. It is only required to include it on a single message, before or
+	// with the commit action message.
+	string expected = 4;
+
+	// Offset specifies the number of bytes from the start at which to begin
+	// the write. For most implementations, this means from the start of the
+	// file. This uses standard, zero-indexed semantics.
+	//
+	// If the action is write, the remote may remove all previously written
+	// data after the offset. Implementations may support arbitrary offsets but
+	// MUST support reseting this value to zero with a write. If an
+	// implementation does not support a write at a particular offset, an
+	// OutOfRange error must be returned.
+	int64 offset = 5;
+
+	// Data is the actual bytes to be written.
+	//
+	// If this is empty and the message is not a commit, a response will be
+	// returned with the current write state.
+	bytes data = 6;
+
+	// Labels are arbitrary data on snapshots.
+	//
+	// The combined size of a key/value pair cannot exceed 4096 bytes.
+	map<string, string> labels  = 7;
+}
+
+// WriteContentResponse is returned on the culmination of a write call.
+message WriteContentResponse {
+	// Action contains the action for the final message of the stream. A writer
+	// should confirm that they match the intended result.
+	WriteAction action = 1;
+
+	// StartedAt provides the time at which the write began.
+	//
+	// This must be set for stat and commit write actions. All other write
+	// actions may omit this.
+	google.protobuf.Timestamp started_at = 2;
+
+	// UpdatedAt provides the last time of a successful write.
+	//
+	// This must be set for stat and commit write actions. All other write
+	// actions may omit this.
+	google.protobuf.Timestamp updated_at = 3;
+
+	// Offset is the current committed size for the write.
+	int64 offset = 4;
+
+	// Total provides the current, expected total size of the write.
+	//
+	// We include this to provide consistency with the Status structure on the
+	// client writer.
+	//
+	// This is only valid on the Stat and Commit response.
+	int64 total = 5;
+
+	// Digest, if present, includes the digest up to the currently committed
+	// bytes. If action is commit, this field will be set. It is implementation
+	// defined if this is set for other actions.
+	string digest = 6;
+}
+
+message AbortRequest {
+	string ref = 1;
+}

crates/client/vendor/github.com/containerd/containerd/vendor/github.com/containerd/containerd/api/services/diff/v1/diff.proto

@@ -0,0 +1,90 @@
+/*
+	Copyright The containerd Authors.
+
+	Licensed under the Apache License, Version 2.0 (the "License");
+	you may not use this file except in compliance with the License.
+	You may obtain a copy of the License at
+
+		http://www.apache.org/licenses/LICENSE-2.0
+
+	Unless required by applicable law or agreed to in writing, software
+	distributed under the License is distributed on an "AS IS" BASIS,
+	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+	See the License for the specific language governing permissions and
+	limitations under the License.
+*/
+
+syntax = "proto3";
+
+package containerd.services.diff.v1;
+
+import "google/protobuf/any.proto";
+import "google/protobuf/timestamp.proto";
+import "github.com/containerd/containerd/api/types/mount.proto";
+import "github.com/containerd/containerd/api/types/descriptor.proto";
+
+option go_package = "github.com/containerd/containerd/api/services/diff/v1;diff";
+
+// Diff service creates and applies diffs
+service Diff {
+	// Apply applies the content associated with the provided digests onto
+	// the provided mounts. Archive content will be extracted and
+	// decompressed if necessary.
+	rpc Apply(ApplyRequest) returns (ApplyResponse);
+
+	// Diff creates a diff between the given mounts and uploads the result
+	// to the content store.
+	rpc Diff(DiffRequest) returns (DiffResponse);
+}
+
+message ApplyRequest {
+	// Diff is the descriptor of the diff to be extracted
+	containerd.types.Descriptor diff = 1;
+
+	repeated containerd.types.Mount mounts = 2;
+
+	map<string, google.protobuf.Any> payloads = 3;
+	// SyncFs is to synchronize the underlying filesystem containing files.
+	bool sync_fs = 4;
+}
+
+message ApplyResponse {
+	// Applied is the descriptor for the object which was applied.
+	// If the input was a compressed blob then the result will be
+	// the descriptor for the uncompressed blob.
+	containerd.types.Descriptor applied = 1;
+}
+
+message DiffRequest {
+	// Left are the mounts which represent the older copy
+	// in which is the base of the computed changes.
+	repeated containerd.types.Mount left = 1;
+
+	// Right are the mounts which represents the newer copy
+	// in which changes from the left were made into.
+	repeated containerd.types.Mount right = 2;
+
+	// MediaType is the media type descriptor for the created diff
+	// object
+	string media_type = 3;
+
+	// Ref identifies the pre-commit content store object. This
+	// reference can be used to get the status from the content store.
+	string ref = 4;
+
+	// Labels are the labels to apply to the generated content
+	// on content store commit.
+	map<string, string> labels = 5;
+
+	// SourceDateEpoch specifies the timestamp used to provide control for reproducibility.
+	// See also https://reproducible-builds.org/docs/source-date-epoch/ .
+	//
+	// Since containerd v2.0, the whiteout timestamps are set to zero (1970-01-01),
+	// not to the source date epoch.
+	google.protobuf.Timestamp source_date_epoch = 6;
+}
+
+message DiffResponse {
+	// Diff is the descriptor of the diff which can be applied
+	containerd.types.Descriptor diff = 3;
+}

crates/client/vendor/github.com/containerd/containerd/vendor/github.com/containerd/containerd/api/services/events/v1/events.proto

@@ -0,0 +1,62 @@
+/*
+	Copyright The containerd Authors.
+
+	Licensed under the Apache License, Version 2.0 (the "License");
+	you may not use this file except in compliance with the License.
+	You may obtain a copy of the License at
+
+		http://www.apache.org/licenses/LICENSE-2.0
+
+	Unless required by applicable law or agreed to in writing, software
+	distributed under the License is distributed on an "AS IS" BASIS,
+	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+	See the License for the specific language governing permissions and
+	limitations under the License.
+*/
+
+syntax = "proto3";
+
+package containerd.services.events.v1;
+
+import "github.com/containerd/containerd/api/types/event.proto";
+import "google/protobuf/any.proto";
+import "google/protobuf/empty.proto";
+
+option go_package = "github.com/containerd/containerd/api/services/events/v1;events";
+
+service Events {
+	// Publish an event to a topic.
+	//
+	// The event will be packed into a timestamp envelope with the namespace
+	// introspected from the context. The envelope will then be dispatched.
+	rpc Publish(PublishRequest) returns (google.protobuf.Empty);
+
+	// Forward sends an event that has already been packaged into an envelope
+	// with a timestamp and namespace.
+	//
+	// This is useful if earlier timestamping is required or when forwarding on
+	// behalf of another component, namespace or publisher.
+	rpc Forward(ForwardRequest) returns (google.protobuf.Empty);
+
+	// Subscribe to a stream of events, possibly returning only that match any
+	// of the provided filters.
+	//
+	// Unlike many other methods in containerd, subscribers will get messages
+	// from all namespaces unless otherwise specified. If this is not desired,
+	// a filter can be provided in the format 'namespace==<namespace>' to
+	// restrict the received events.
+	rpc Subscribe(SubscribeRequest) returns (stream containerd.types.Envelope);
+}
+
+message PublishRequest {
+	string topic = 1;
+	google.protobuf.Any event = 2;
+}
+
+message ForwardRequest {
+	containerd.types.Envelope envelope = 1;
+}
+
+message SubscribeRequest {
+	repeated string filters = 1;
+}

crates/client/vendor/github.com/containerd/containerd/vendor/github.com/containerd/containerd/api/services/images/v1/images.proto

@@ -0,0 +1,149 @@
+/*
+	Copyright The containerd Authors.
+
+	Licensed under the Apache License, Version 2.0 (the "License");
+	you may not use this file except in compliance with the License.
+	You may obtain a copy of the License at
+
+		http://www.apache.org/licenses/LICENSE-2.0
+
+	Unless required by applicable law or agreed to in writing, software
+	distributed under the License is distributed on an "AS IS" BASIS,
+	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+	See the License for the specific language governing permissions and
+	limitations under the License.
+*/
+
+syntax = "proto3";
+
+package containerd.services.images.v1;
+
+import "google/protobuf/empty.proto";
+import "google/protobuf/field_mask.proto";
+import "google/protobuf/timestamp.proto";
+import "github.com/containerd/containerd/api/types/descriptor.proto";
+
+option go_package = "github.com/containerd/containerd/api/services/images/v1;images";
+
+// Images is a service that allows one to register images with containerd.
+//
+// In containerd, an image is merely the mapping of a name to a content root,
+// described by a descriptor. The behavior and state of image is purely
+// dictated by the type of the descriptor.
+//
+// From the perspective of this service, these references are mostly shallow,
+// in that the existence of the required content won't be validated until
+// required by consuming services.
+//
+// As such, this can really be considered a "metadata service".
+service Images {
+	// Get returns an image by name.
+	rpc Get(GetImageRequest) returns (GetImageResponse);
+
+	// List returns a list of all images known to containerd.
+	rpc List(ListImagesRequest) returns (ListImagesResponse);
+
+	// Create an image record in the metadata store.
+	//
+	// The name of the image must be unique.
+	rpc Create(CreateImageRequest) returns (CreateImageResponse);
+
+	// Update assigns the name to a given target image based on the provided
+	// image.
+	rpc Update(UpdateImageRequest) returns (UpdateImageResponse);
+
+	// Delete deletes the image by name.
+	rpc Delete(DeleteImageRequest) returns (google.protobuf.Empty);
+}
+
+message Image {
+	// Name provides a unique name for the image.
+	//
+	// Containerd treats this as the primary identifier.
+	string name = 1;
+
+	// Labels provides free form labels for the image. These are runtime only
+	// and do not get inherited into the package image in any way.
+	//
+	// Labels may be updated using the field mask.
+	// The combined size of a key/value pair cannot exceed 4096 bytes.
+	map<string, string> labels = 2;
+
+	// Target describes the content entry point of the image.
+	containerd.types.Descriptor target = 3;
+
+	// CreatedAt is the time the image was first created.
+	google.protobuf.Timestamp created_at = 7;
+
+	// UpdatedAt is the last time the image was mutated.
+	google.protobuf.Timestamp updated_at = 8;
+}
+
+message GetImageRequest {
+	string name = 1;
+}
+
+message GetImageResponse {
+	Image image = 1;
+}
+
+message CreateImageRequest {
+	Image image = 1;
+
+	google.protobuf.Timestamp source_date_epoch = 2;
+}
+
+message CreateImageResponse {
+	Image image = 1;
+}
+
+message UpdateImageRequest {
+	// Image provides a full or partial image for update.
+	//
+	// The name field must be set or an error will be returned.
+	Image image = 1;
+
+	// UpdateMask specifies which fields to perform the update on. If empty,
+	// the operation applies to all fields.
+	google.protobuf.FieldMask update_mask = 2;
+
+	google.protobuf.Timestamp source_date_epoch = 3;
+}
+
+message UpdateImageResponse {
+	Image image = 1;
+}
+
+message ListImagesRequest {
+	// Filters contains one or more filters using the syntax defined in the
+	// containerd filter package.
+	//
+	// The returned result will be those that match any of the provided
+	// filters. Expanded, images that match the following will be
+	// returned:
+	//
+	//	filters[0] or filters[1] or ... or filters[n-1] or filters[n]
+	//
+	// If filters is zero-length or nil, all items will be returned.
+	repeated string filters = 1;
+}
+
+message ListImagesResponse {
+	repeated Image images = 1;
+}
+
+message DeleteImageRequest {
+	string name = 1;
+
+	// Sync indicates that the delete and cleanup should be done
+	// synchronously before returning to the caller
+	//
+	// Default is false
+	bool sync = 2;
+
+	// Target value for image to be deleted
+	//
+	// If image descriptor does not match the same digest,
+	// the delete operation will return "not found" error.
+	optional containerd.types.Descriptor target = 3;
+}

crates/client/vendor/github.com/containerd/containerd/vendor/github.com/containerd/containerd/api/services/introspection/v1/introspection.proto

@@ -0,0 +1,133 @@
+/*
+	Copyright The containerd Authors.
+
+	Licensed under the Apache License, Version 2.0 (the "License");
+	you may not use this file except in compliance with the License.
+	You may obtain a copy of the License at
+
+		http://www.apache.org/licenses/LICENSE-2.0
+
+	Unless required by applicable law or agreed to in writing, software
+	distributed under the License is distributed on an "AS IS" BASIS,
+	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+	See the License for the specific language governing permissions and
+	limitations under the License.
+*/
+
+syntax = "proto3";
+
+package containerd.services.introspection.v1;
+
+import "google/protobuf/any.proto";
+import "github.com/containerd/containerd/api/types/introspection.proto";
+import "github.com/containerd/containerd/api/types/platform.proto";
+import "google/rpc/status.proto";
+import "google/protobuf/empty.proto";
+import "google/protobuf/timestamp.proto";
+
+option go_package = "github.com/containerd/containerd/api/services/introspection/v1;introspection";
+
+service Introspection {
+	// Plugins returns a list of plugins in containerd.
+	//
+	// Clients can use this to detect features and capabilities when using
+	// containerd.
+	rpc Plugins(PluginsRequest) returns (PluginsResponse);
+	// Server returns information about the containerd server
+	rpc Server(google.protobuf.Empty) returns (ServerResponse);
+	// PluginInfo returns information directly from a plugin if the plugin supports it
+	rpc PluginInfo(PluginInfoRequest) returns (PluginInfoResponse);
+}
+
+message Plugin {
+	// Type defines the type of plugin.
+	//
+	// See package plugin for a list of possible values. Non core plugins may
+	// define their own values during registration.
+	string type = 1;
+
+	// ID identifies the plugin uniquely in the system.
+	string id = 2;
+
+	// Requires lists the plugin types required by this plugin.
+	repeated string requires = 3;
+
+	// Platforms enumerates the platforms this plugin will support.
+	//
+	// If values are provided here, the plugin will only be operable under the
+	// provided platforms.
+	//
+	// If this is empty, the plugin will work across all platforms.
+	//
+	// If the plugin prefers certain platforms over others, they should be
+	// listed from most to least preferred.
+	repeated types.Platform platforms = 4;
+
+	// Exports allows plugins to provide values about state or configuration to
+	// interested parties.
+	//
+	// One example is exposing the configured path of a snapshotter plugin.
+	map<string, string> exports = 5;
+
+	// Capabilities allows plugins to communicate feature switches to allow
+	// clients to detect features that may not be on be default or may be
+	// different from version to version.
+	//
+	// Use this sparingly.
+	repeated string capabilities = 6;
+
+	// InitErr will be set if the plugin fails initialization.
+	//
+	// This means the plugin may have been registered but a non-terminal error
+	// was encountered during initialization.
+	//
+	// Plugins that have this value set cannot be used.
+	google.rpc.Status init_err = 7;
+}
+
+message PluginsRequest {
+	// Filters contains one or more filters using the syntax defined in the
+	// containerd filter package.
+	//
+	// The returned result will be those that match any of the provided
+	// filters. Expanded, plugins that match the following will be
+	// returned:
+	//
+	//	filters[0] or filters[1] or ... or filters[n-1] or filters[n]
+	//
+	// If filters is zero-length or nil, all items will be returned.
+	repeated string filters = 1;
+}
+
+message PluginsResponse {
+	repeated Plugin plugins = 1;
+}
+
+message ServerResponse {
+	string uuid = 1;
+	uint64 pid = 2;
+	uint64 pidns = 3; // PID namespace, such as 4026531836
+	repeated DeprecationWarning deprecations = 4;
+}
+
+message DeprecationWarning {
+	string id = 1;
+	string message = 2;
+	google.protobuf.Timestamp last_occurrence = 3;
+}
+
+message PluginInfoRequest {
+	string type = 1;
+	string id = 2;
+
+	// Options may be used to request extra dynamic information from
+	// a plugin.
+	// This object is determined by the plugin and the plugin may return
+	// NotImplemented or InvalidArgument if it is not supported
+	google.protobuf.Any options = 3;
+}
+
+message PluginInfoResponse {
+	Plugin plugin = 1;
+	google.protobuf.Any extra = 2;
+}

crates/client/vendor/github.com/containerd/containerd/vendor/github.com/containerd/containerd/api/services/leases/v1/leases.proto

@@ -0,0 +1,116 @@
+/*
+	Copyright The containerd Authors.
+
+	Licensed under the Apache License, Version 2.0 (the "License");
+	you may not use this file except in compliance with the License.
+	You may obtain a copy of the License at
+
+		http://www.apache.org/licenses/LICENSE-2.0
+
+	Unless required by applicable law or agreed to in writing, software
+	distributed under the License is distributed on an "AS IS" BASIS,
+	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+	See the License for the specific language governing permissions and
+	limitations under the License.
+*/
+syntax = "proto3";
+
+package containerd.services.leases.v1;
+
+import "google/protobuf/empty.proto";
+import "google/protobuf/timestamp.proto";
+
+option go_package = "github.com/containerd/containerd/api/services/leases/v1;leases";
+
+// Leases service manages resources leases within the metadata store.
+service Leases {
+	// Create creates a new lease for managing changes to metadata. A lease
+	// can be used to protect objects from being removed.
+	rpc Create(CreateRequest) returns (CreateResponse);
+
+	// Delete deletes the lease and makes any unreferenced objects created
+	// during the lease eligible for garbage collection if not referenced
+	// or retained by other resources during the lease.
+	rpc Delete(DeleteRequest) returns (google.protobuf.Empty);
+
+	// List lists all active leases, returning the full list of
+	// leases and optionally including the referenced resources.
+	rpc List(ListRequest) returns (ListResponse);
+
+	// AddResource references the resource by the provided lease.
+	rpc AddResource(AddResourceRequest) returns (google.protobuf.Empty);
+
+	// DeleteResource dereferences the resource by the provided lease.
+	rpc DeleteResource(DeleteResourceRequest) returns (google.protobuf.Empty);
+
+	// ListResources lists all the resources referenced by the lease.
+	rpc ListResources(ListResourcesRequest) returns (ListResourcesResponse);
+}
+
+// Lease is an object which retains resources while it exists.
+message Lease {
+	string id = 1;
+
+	google.protobuf.Timestamp created_at = 2;
+
+	map<string, string> labels = 3;
+}
+
+message CreateRequest {
+	// ID is used to identity the lease, when the id is not set the service
+	// generates a random identifier for the lease.
+	string id = 1;
+
+	map<string, string> labels = 3;
+}
+
+message CreateResponse {
+	Lease lease = 1;
+}
+
+message DeleteRequest {
+	string id = 1;
+
+	// Sync indicates that the delete and cleanup should be done
+	// synchronously before returning to the caller
+	//
+	// Default is false
+	bool sync = 2;
+}
+
+message ListRequest {
+	repeated string filters = 1;
+}
+
+message ListResponse {
+	repeated Lease leases = 1;
+}
+
+message Resource {
+	string id = 1;
+
+	// For snapshotter resource, there are many snapshotter types here, like
+	// overlayfs, devmapper etc. The type will be formatted with type,
+	// like "snapshotter/overlayfs".
+	string type = 2;
+}
+
+message AddResourceRequest {
+	string id = 1;
+
+	Resource resource = 2;
+}
+
+message DeleteResourceRequest {
+	string id = 1;
+
+	Resource resource = 2;
+}
+
+message ListResourcesRequest {
+	string id = 1;
+}
+
+message ListResourcesResponse {
+	repeated Resource resources = 1	;
+}

crates/client/vendor/github.com/containerd/containerd/vendor/github.com/containerd/containerd/api/services/namespaces/v1/namespace.proto

@@ -0,0 +1,107 @@
+/*
+	Copyright The containerd Authors.
+
+	Licensed under the Apache License, Version 2.0 (the "License");
+	you may not use this file except in compliance with the License.
+	You may obtain a copy of the License at
+
+		http://www.apache.org/licenses/LICENSE-2.0
+
+	Unless required by applicable law or agreed to in writing, software
+	distributed under the License is distributed on an "AS IS" BASIS,
+	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+	See the License for the specific language governing permissions and
+	limitations under the License.
+*/
+
+syntax = "proto3";
+
+package containerd.services.namespaces.v1;
+
+import "google/protobuf/empty.proto";
+import "google/protobuf/field_mask.proto";
+
+option go_package = "github.com/containerd/containerd/api/services/namespaces/v1;namespaces";
+
+// Namespaces provides the ability to manipulate containerd namespaces.
+//
+// All objects in the system are required to be a member of a namespace. If a
+// namespace is deleted, all objects, including containers, images and
+// snapshots, will be deleted, as well.
+//
+// Unless otherwise noted, operations in containerd apply only to the namespace
+// supplied per request.
+//
+// I hope this goes without saying, but namespaces are themselves NOT
+// namespaced.
+service Namespaces {
+	rpc Get(GetNamespaceRequest) returns (GetNamespaceResponse);
+	rpc List(ListNamespacesRequest) returns (ListNamespacesResponse);
+	rpc Create(CreateNamespaceRequest) returns (CreateNamespaceResponse);
+	rpc Update(UpdateNamespaceRequest) returns (UpdateNamespaceResponse);
+	rpc Delete(DeleteNamespaceRequest) returns (google.protobuf.Empty);
+}
+
+message Namespace {
+	string name = 1;
+
+	// Labels provides an area to include arbitrary data on namespaces.
+	//
+	// The combined size of a key/value pair cannot exceed 4096 bytes.
+	//
+	// Note that to add a new value to this field, read the existing set and
+	// include the entire result in the update call.
+	map<string, string> labels  = 2;
+}
+
+message GetNamespaceRequest {
+	string name = 1;
+}
+
+message GetNamespaceResponse {
+	Namespace namespace = 1;
+}
+
+message ListNamespacesRequest {
+	string filter = 1;
+}
+
+message ListNamespacesResponse {
+	repeated Namespace namespaces = 1;
+}
+
+message CreateNamespaceRequest {
+	Namespace namespace = 1;
+}
+
+message CreateNamespaceResponse {
+	Namespace namespace = 1;
+}
+
+// UpdateNamespaceRequest updates the metadata for a namespace.
+//
+// The operation should follow semantics described in
+// https://developers.google.com/protocol-buffers/docs/reference/csharp/class/google/protobuf/well-known-types/field-mask,
+// unless otherwise qualified.
+message UpdateNamespaceRequest {
+	// Namespace provides the target value, as declared by the mask, for the update.
+	//
+	// The namespace field must be set.
+	Namespace namespace = 1;
+
+	// UpdateMask specifies which fields to perform the update on. If empty,
+	// the operation applies to all fields.
+	//
+	// For the most part, this applies only to selectively updating labels on
+	// the namespace. While field masks are typically limited to ascii alphas
+	// and digits, we just take everything after the "labels." as the map key.
+	google.protobuf.FieldMask update_mask = 2;
+}
+
+message UpdateNamespaceResponse {
+	Namespace namespace = 1;
+}
+
+message DeleteNamespaceRequest {
+	string name = 1;
+}

crates/client/vendor/github.com/containerd/containerd/vendor/github.com/containerd/containerd/api/services/sandbox/v1/sandbox.proto

@@ -0,0 +1,204 @@
+/*
+	Copyright The containerd Authors.
+
+	Licensed under the Apache License, Version 2.0 (the "License");
+	you may not use this file except in compliance with the License.
+	You may obtain a copy of the License at
+
+		http://www.apache.org/licenses/LICENSE-2.0
+
+	Unless required by applicable law or agreed to in writing, software
+	distributed under the License is distributed on an "AS IS" BASIS,
+	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+	See the License for the specific language governing permissions and
+	limitations under the License.
+*/
+
+syntax = "proto3";
+
+// Sandbox is a v2 runtime extension that allows more complex execution environments for containers.
+// This adds a notion of groups of containers that share same lifecycle and/or resources.
+// A few good fits for sandbox can be:
+// - A "pause" container in k8s, that acts as a parent process for child containers to hold network namespace.
+// - (micro)VMs that launch a VM process and executes containers inside guest OS.
+// containerd in this case remains implementation agnostic and delegates sandbox handling to runtimes.
+// See proposal and discussion here: https://github.com/containerd/containerd/issues/4131
+package containerd.services.sandbox.v1;
+
+import "google/protobuf/any.proto";
+import "google/protobuf/timestamp.proto";
+
+import "github.com/containerd/containerd/api/types/sandbox.proto";
+import "github.com/containerd/containerd/api/types/mount.proto";
+import "github.com/containerd/containerd/api/types/platform.proto";
+import "github.com/containerd/containerd/api/types/metrics.proto";
+
+option go_package = "github.com/containerd/containerd/api/services/sandbox/v1;sandbox";
+
+// Store provides a metadata storage interface for sandboxes. Similarly to `Containers`,
+// sandbox object includes info required to start a new instance, but no runtime state.
+// When running a new sandbox instance, store objects are used as base type to create from.
+service Store {
+	rpc Create(StoreCreateRequest) returns (StoreCreateResponse);
+	rpc Update(StoreUpdateRequest) returns (StoreUpdateResponse);
+	rpc Delete(StoreDeleteRequest) returns (StoreDeleteResponse);
+	rpc List(StoreListRequest) returns (StoreListResponse);
+	rpc Get(StoreGetRequest) returns (StoreGetResponse);
+}
+
+message StoreCreateRequest {
+	containerd.types.Sandbox sandbox = 1;
+}
+
+message StoreCreateResponse {
+	containerd.types.Sandbox sandbox = 1;
+}
+
+message StoreUpdateRequest {
+	containerd.types.Sandbox sandbox = 1;
+	repeated string fields = 2;
+}
+
+message StoreUpdateResponse {
+	containerd.types.Sandbox sandbox = 1;
+}
+
+message StoreDeleteRequest {
+	string sandbox_id = 1;
+}
+
+message StoreDeleteResponse {}
+
+message StoreListRequest {
+	repeated string filters = 1;
+}
+
+message StoreListResponse {
+	repeated containerd.types.Sandbox list = 1;
+}
+
+message StoreGetRequest {
+	string sandbox_id = 1;
+}
+
+message StoreGetResponse {
+	containerd.types.Sandbox sandbox = 1;
+}
+
+// Controller is an interface to manage runtime sandbox instances.
+service Controller {
+	rpc Create(ControllerCreateRequest) returns (ControllerCreateResponse);
+	rpc Start(ControllerStartRequest) returns (ControllerStartResponse);
+	rpc Platform(ControllerPlatformRequest) returns (ControllerPlatformResponse);
+	rpc Stop(ControllerStopRequest) returns (ControllerStopResponse);
+	rpc Wait(ControllerWaitRequest) returns (ControllerWaitResponse);
+	rpc Status(ControllerStatusRequest) returns (ControllerStatusResponse);
+	rpc Shutdown(ControllerShutdownRequest) returns (ControllerShutdownResponse);
+	rpc Metrics(ControllerMetricsRequest) returns (ControllerMetricsResponse);
+	rpc Update(ControllerUpdateRequest) returns (ControllerUpdateResponse);
+}
+
+message ControllerCreateRequest {
+	string sandbox_id = 1;
+	repeated containerd.types.Mount rootfs = 2;
+	google.protobuf.Any options = 3;
+	string netns_path = 4;
+	map<string, string> annotations = 5;
+	containerd.types.Sandbox sandbox = 6;
+	string sandboxer = 10;
+}
+
+message ControllerCreateResponse {
+	string sandbox_id = 1;
+}
+
+message ControllerStartRequest {
+	string sandbox_id = 1;
+	string sandboxer = 10;
+}
+
+message ControllerStartResponse {
+	string sandbox_id = 1;
+	uint32 pid = 2;
+	google.protobuf.Timestamp created_at = 3;
+	map<string, string> labels = 4;
+	// Address of the sandbox for containerd to connect,
+	// for calling Task or other APIs serving in the sandbox.
+	// it is in the form of ttrpc+unix://path/to/uds or grpc+vsock://<vsock cid>:<port>.
+	string address = 5;
+	uint32 version = 6;
+}
+
+message ControllerPlatformRequest {
+	string sandbox_id = 1;
+	string sandboxer = 10;
+}
+
+message ControllerPlatformResponse {
+	containerd.types.Platform platform = 1;
+}
+
+message ControllerStopRequest {
+	string sandbox_id = 1;
+	uint32 timeout_secs = 2;
+	string sandboxer = 10;
+}
+
+message ControllerStopResponse {}
+
+message ControllerWaitRequest {
+	string sandbox_id = 1;
+	string sandboxer = 10;
+}
+
+message ControllerWaitResponse {
+	uint32 exit_status = 1;
+	google.protobuf.Timestamp exited_at = 2;
+}
+
+message ControllerStatusRequest {
+	string sandbox_id = 1;
+	bool verbose = 2;
+	string sandboxer = 10;
+}
+
+message ControllerStatusResponse {
+	string sandbox_id = 1;
+	uint32 pid = 2;
+	string state = 3;
+	map<string, string> info = 4;
+	google.protobuf.Timestamp created_at = 5;
+	google.protobuf.Timestamp exited_at = 6;
+	google.protobuf.Any extra = 7;
+	// Address of the sandbox for containerd to connect,
+	// for calling Task or other APIs serving in the sandbox.
+	// it is in the form of ttrpc+unix://path/to/uds or grpc+vsock://<vsock cid>:<port>.
+	string address = 8;
+	uint32 version = 9;
+}
+
+message ControllerShutdownRequest {
+	string sandbox_id = 1;
+	string sandboxer = 10;
+}
+
+message ControllerShutdownResponse {}
+
+message ControllerMetricsRequest {
+	string sandbox_id = 1;
+	string sandboxer = 10;
+}
+
+message ControllerMetricsResponse {
+	types.Metric metrics = 1;
+}
+
+message ControllerUpdateRequest {
+	string sandbox_id = 1;
+	string sandboxer = 2;
+	containerd.types.Sandbox sandbox = 3;
+	repeated string fields = 4;
+}
+
+message ControllerUpdateResponse {
+}

crates/client/vendor/github.com/containerd/containerd/vendor/github.com/containerd/containerd/api/services/snapshots/v1/snapshots.proto

@@ -0,0 +1,179 @@
+/*
+	Copyright The containerd Authors.
+
+	Licensed under the Apache License, Version 2.0 (the "License");
+	you may not use this file except in compliance with the License.
+	You may obtain a copy of the License at
+
+		http://www.apache.org/licenses/LICENSE-2.0
+
+	Unless required by applicable law or agreed to in writing, software
+	distributed under the License is distributed on an "AS IS" BASIS,
+	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+	See the License for the specific language governing permissions and
+	limitations under the License.
+*/
+
+syntax = "proto3";
+
+package containerd.services.snapshots.v1;
+
+import "google/protobuf/empty.proto";
+import "google/protobuf/field_mask.proto";
+import "google/protobuf/timestamp.proto";
+import "github.com/containerd/containerd/api/types/mount.proto";
+
+option go_package = "github.com/containerd/containerd/api/services/snapshots/v1;snapshots";
+
+// Snapshot service manages snapshots
+service Snapshots {
+	rpc Prepare(PrepareSnapshotRequest) returns (PrepareSnapshotResponse);
+	rpc View(ViewSnapshotRequest) returns (ViewSnapshotResponse);
+	rpc Mounts(MountsRequest) returns (MountsResponse);
+	rpc Commit(CommitSnapshotRequest) returns (google.protobuf.Empty);
+	rpc Remove(RemoveSnapshotRequest) returns (google.protobuf.Empty);
+	rpc Stat(StatSnapshotRequest) returns (StatSnapshotResponse);
+	rpc Update(UpdateSnapshotRequest) returns (UpdateSnapshotResponse);
+	rpc List(ListSnapshotsRequest) returns (stream ListSnapshotsResponse);
+	rpc Usage(UsageRequest) returns (UsageResponse);
+	rpc Cleanup(CleanupRequest) returns (google.protobuf.Empty);
+}
+
+message PrepareSnapshotRequest {
+	string snapshotter = 1;
+	string key = 2;
+	string parent = 3;
+
+	// Labels are arbitrary data on snapshots.
+	//
+	// The combined size of a key/value pair cannot exceed 4096 bytes.
+	map<string, string> labels  = 4;
+}
+
+message PrepareSnapshotResponse {
+	repeated containerd.types.Mount mounts = 1;
+}
+
+message ViewSnapshotRequest {
+	string snapshotter = 1;
+	string key = 2;
+	string parent = 3;
+
+	// Labels are arbitrary data on snapshots.
+	//
+	// The combined size of a key/value pair cannot exceed 4096 bytes.
+	map<string, string> labels  = 4;
+}
+
+message ViewSnapshotResponse {
+	repeated containerd.types.Mount mounts = 1;
+}
+
+message MountsRequest {
+	string snapshotter = 1;
+	string key = 2;
+}
+
+message MountsResponse {
+	repeated containerd.types.Mount mounts = 1;
+}
+
+message RemoveSnapshotRequest {
+	string snapshotter = 1;
+	string key = 2;
+}
+
+message CommitSnapshotRequest {
+	string snapshotter = 1;
+	string name = 2;
+	string key = 3;
+
+	// Labels are arbitrary data on snapshots.
+	//
+	// The combined size of a key/value pair cannot exceed 4096 bytes.
+	map<string, string> labels  = 4;
+}
+
+message StatSnapshotRequest {
+	string snapshotter = 1;
+	string key = 2;
+}
+
+enum Kind {
+	UNKNOWN = 0;
+	VIEW = 1;
+	ACTIVE = 2;
+	COMMITTED = 3;
+}
+
+message Info {
+	string name = 1;
+	string parent = 2;
+	Kind kind = 3;
+
+	// CreatedAt provides the time at which the snapshot was created.
+	google.protobuf.Timestamp created_at = 4;
+
+	// UpdatedAt provides the time the info was last updated.
+	google.protobuf.Timestamp updated_at = 5;
+
+	// Labels are arbitrary data on snapshots.
+	//
+	// The combined size of a key/value pair cannot exceed 4096 bytes.
+	map<string, string> labels  = 6;
+}
+
+message StatSnapshotResponse {
+	Info info = 1;
+}
+
+message UpdateSnapshotRequest {
+	string snapshotter = 1;
+	Info info = 2;
+
+	// UpdateMask specifies which fields to perform the update on. If empty,
+	// the operation applies to all fields.
+	//
+	// In info, Name, Parent, Kind, Created are immutable,
+	// other field may be updated using this mask.
+	// If no mask is provided, all mutable field are updated.
+	google.protobuf.FieldMask update_mask = 3;
+}
+
+message UpdateSnapshotResponse {
+	Info info = 1;
+}
+
+message ListSnapshotsRequest{
+	string snapshotter = 1;
+
+	// Filters contains one or more filters using the syntax defined in the
+	// containerd filter package.
+	//
+	// The returned result will be those that match any of the provided
+	// filters. Expanded, images that match the following will be
+	// returned:
+	//
+	//	filters[0] or filters[1] or ... or filters[n-1] or filters[n]
+	//
+	// If filters is zero-length or nil, all items will be returned.
+	repeated string filters = 2;
+}
+
+message ListSnapshotsResponse {
+	repeated Info info = 1;
+}
+
+message UsageRequest {
+	string snapshotter = 1;
+	string key = 2;
+}
+
+message UsageResponse {
+	int64 size = 1;
+	int64 inodes = 2;
+}
+
+message CleanupRequest {
+	string snapshotter = 1;
+}

crates/client/vendor/github.com/containerd/containerd/vendor/github.com/containerd/containerd/api/services/streaming/v1/streaming.proto

@@ -0,0 +1,31 @@
+/*
+	Copyright The containerd Authors.
+
+	Licensed under the Apache License, Version 2.0 (the "License");
+	you may not use this file except in compliance with the License.
+	You may obtain a copy of the License at
+
+		http://www.apache.org/licenses/LICENSE-2.0
+
+	Unless required by applicable law or agreed to in writing, software
+	distributed under the License is distributed on an "AS IS" BASIS,
+	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+	See the License for the specific language governing permissions and
+	limitations under the License.
+*/
+
+syntax = "proto3";
+
+package containerd.services.streaming.v1;
+
+import "google/protobuf/any.proto";
+
+option go_package = "github.com/containerd/containerd/api/services/streaming/v1;streaming";
+
+service Streaming {
+	rpc Stream(stream google.protobuf.Any) returns (stream google.protobuf.Any);
+}
+
+message StreamInit {
+	string id = 1;
+}

crates/client/vendor/github.com/containerd/containerd/vendor/github.com/containerd/containerd/api/services/tasks/v1/tasks.proto

@@ -0,0 +1,227 @@
+/*
+	Copyright The containerd Authors.
+
+	Licensed under the Apache License, Version 2.0 (the "License");
+	you may not use this file except in compliance with the License.
+	You may obtain a copy of the License at
+
+		http://www.apache.org/licenses/LICENSE-2.0
+
+	Unless required by applicable law or agreed to in writing, software
+	distributed under the License is distributed on an "AS IS" BASIS,
+	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+	See the License for the specific language governing permissions and
+	limitations under the License.
+*/
+
+syntax = "proto3";
+
+package containerd.services.tasks.v1;
+
+import "google/protobuf/empty.proto";
+import "google/protobuf/any.proto";
+import "github.com/containerd/containerd/api/types/mount.proto";
+import "github.com/containerd/containerd/api/types/metrics.proto";
+import "github.com/containerd/containerd/api/types/descriptor.proto";
+import "github.com/containerd/containerd/api/types/task/task.proto";
+import "google/protobuf/timestamp.proto";
+
+option go_package = "github.com/containerd/containerd/api/services/tasks/v1;tasks";
+
+service Tasks {
+	// Create a task.
+	rpc Create(CreateTaskRequest) returns (CreateTaskResponse);
+
+	// Start a process.
+	rpc Start(StartRequest) returns (StartResponse);
+
+	// Delete a task and on disk state.
+	rpc Delete(DeleteTaskRequest) returns (DeleteResponse);
+
+	rpc DeleteProcess(DeleteProcessRequest) returns (DeleteResponse);
+
+	rpc Get(GetRequest) returns (GetResponse);
+
+	rpc List(ListTasksRequest) returns (ListTasksResponse);
+
+	// Kill a task or process.
+	rpc Kill(KillRequest) returns (google.protobuf.Empty);
+
+	rpc Exec(ExecProcessRequest) returns (google.protobuf.Empty);
+
+	rpc ResizePty(ResizePtyRequest) returns (google.protobuf.Empty);
+
+	rpc CloseIO(CloseIORequest) returns (google.protobuf.Empty);
+
+	rpc Pause(PauseTaskRequest) returns (google.protobuf.Empty);
+
+	rpc Resume(ResumeTaskRequest) returns (google.protobuf.Empty);
+
+	rpc ListPids(ListPidsRequest) returns (ListPidsResponse);
+
+	rpc Checkpoint(CheckpointTaskRequest) returns (CheckpointTaskResponse);
+
+	rpc Update(UpdateTaskRequest) returns (google.protobuf.Empty);
+
+	rpc Metrics(MetricsRequest) returns (MetricsResponse);
+
+	rpc Wait(WaitRequest) returns (WaitResponse);
+}
+
+message CreateTaskRequest {
+	string container_id = 1;
+
+	// RootFS provides the pre-chroot mounts to perform in the shim before
+	// executing the container task.
+	//
+	// These are for mounts that cannot be performed in the user namespace.
+	// Typically, these mounts should be resolved from snapshots specified on
+	// the container object.
+	repeated containerd.types.Mount rootfs = 3;
+
+	string stdin = 4;
+	string stdout = 5;
+	string stderr = 6;
+	bool terminal = 7;
+
+	containerd.types.Descriptor checkpoint = 8;
+
+	google.protobuf.Any options = 9;
+
+	string runtime_path = 10;
+}
+
+message CreateTaskResponse {
+	string container_id = 1;
+	uint32 pid = 2;
+}
+
+message StartRequest {
+	string container_id = 1;
+	string exec_id = 2;
+}
+
+message StartResponse {
+	uint32 pid = 1;
+}
+
+message DeleteTaskRequest {
+	string container_id = 1;
+}
+
+message DeleteResponse {
+	string id = 1;
+	uint32 pid = 2;
+	uint32 exit_status = 3;
+	google.protobuf.Timestamp exited_at = 4;
+}
+
+message DeleteProcessRequest {
+	string container_id = 1;
+	string exec_id = 2;
+}
+
+message GetRequest {
+	string container_id = 1;
+	string exec_id = 2;
+}
+
+message GetResponse {
+	containerd.v1.types.Process process = 1;
+}
+
+message ListTasksRequest {
+	string filter = 1;
+}
+
+message ListTasksResponse {
+	repeated containerd.v1.types.Process tasks = 1;
+}
+
+message KillRequest {
+	string container_id = 1;
+	string exec_id = 2;
+	uint32 signal = 3;
+	bool all = 4;
+}
+
+message ExecProcessRequest {
+	string container_id = 1;
+	string stdin = 2;
+	string stdout = 3;
+	string stderr = 4;
+	bool terminal = 5;
+	// Spec for starting a process in the target container.
+	//
+	// For runc, this is a process spec, for example.
+	google.protobuf.Any spec = 6;
+	// id of the exec process
+	string exec_id = 7;
+}
+
+message ExecProcessResponse {
+}
+
+message ResizePtyRequest {
+	string container_id = 1;
+	string exec_id = 2;
+	uint32 width = 3;
+	uint32 height = 4;
+}
+
+message CloseIORequest {
+	string container_id = 1;
+	string exec_id = 2;
+	bool stdin = 3;
+}
+
+message PauseTaskRequest {
+	string container_id = 1;
+}
+
+message ResumeTaskRequest {
+	string container_id = 1;
+}
+
+message ListPidsRequest {
+	string container_id = 1;
+}
+
+message ListPidsResponse {
+	// Processes includes the process ID and additional process information
+	repeated containerd.v1.types.ProcessInfo processes = 1;
+}
+
+message CheckpointTaskRequest {
+	string container_id = 1;
+	string parent_checkpoint = 2;
+	google.protobuf.Any options = 3;
+}
+
+message CheckpointTaskResponse {
+	repeated containerd.types.Descriptor descriptors = 1;
+}
+
+message UpdateTaskRequest {
+	string container_id = 1;
+	google.protobuf.Any resources = 2;
+	map<string, string> annotations = 3;
+}
+
+message MetricsRequest {
+	repeated string filters = 1;
+}
+
+message MetricsResponse {
+	repeated types.Metric metrics = 1;
+}
+
+message WaitRequest {
+	string container_id = 1;
+	string exec_id = 2;
+}
+
+message WaitResponse {
+	uint32 exit_status = 1;
+	google.protobuf.Timestamp exited_at = 2;
+}

crates/client/vendor/github.com/containerd/containerd/vendor/github.com/containerd/containerd/api/services/transfer/v1/transfer.proto

@@ -0,0 +1,39 @@
+/*
+	Copyright The containerd Authors.
+
+	Licensed under the Apache License, Version 2.0 (the "License");
+	you may not use this file except in compliance with the License.
+	You may obtain a copy of the License at
+
+		http://www.apache.org/licenses/LICENSE-2.0
+
+	Unless required by applicable law or agreed to in writing, software
+	distributed under the License is distributed on an "AS IS" BASIS,
+	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+	See the License for the specific language governing permissions and
+	limitations under the License.
+*/
+
+syntax = "proto3";
+
+package containerd.services.transfer.v1;
+
+import "google/protobuf/any.proto";
+import "google/protobuf/empty.proto";
+
+option go_package = "github.com/containerd/containerd/api/services/transfer/v1;transfer";
+
+service Transfer {
+	rpc Transfer(TransferRequest) returns (google.protobuf.Empty);
+}
+
+message TransferRequest {
+	google.protobuf.Any source = 1;
+	google.protobuf.Any destination = 2;
+	TransferOptions options = 3;
+}
+
+message TransferOptions {
+	string progress_stream = 1;
+	// Progress min interval
+}

crates/client/vendor/github.com/containerd/containerd/vendor/github.com/containerd/containerd/api/services/ttrpc/events/v1/events.proto

@@ -0,0 +1,37 @@
+/*
+	Copyright The containerd Authors.
+
+	Licensed under the Apache License, Version 2.0 (the "License");
+	you may not use this file except in compliance with the License.
+	You may obtain a copy of the License at
+
+		http://www.apache.org/licenses/LICENSE-2.0
+
+	Unless required by applicable law or agreed to in writing, software
+	distributed under the License is distributed on an "AS IS" BASIS,
+	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+	See the License for the specific language governing permissions and
+	limitations under the License.
+*/
+
+syntax = "proto3";
+
+package containerd.services.events.ttrpc.v1;
+
+import "github.com/containerd/containerd/api/types/event.proto";
+import "google/protobuf/empty.proto";
+
+option go_package = "github.com/containerd/containerd/api/services/ttrpc/events/v1;events";
+
+service Events {
+	// Forward sends an event that has already been packaged into an envelope
+	// with a timestamp and namespace.
+	//
+	// This is useful if earlier timestamping is required or when forwarding on
+	// behalf of another component, namespace or publisher.
+	rpc Forward(ForwardRequest) returns (google.protobuf.Empty);
+}
+
+message ForwardRequest {
+	containerd.types.Envelope envelope = 1;
+}

crates/client/vendor/github.com/containerd/containerd/vendor/github.com/containerd/containerd/api/services/version/v1/version.proto

@@ -0,0 +1,33 @@
+/*
+	Copyright The containerd Authors.
+
+	Licensed under the Apache License, Version 2.0 (the "License");
+	you may not use this file except in compliance with the License.
+	You may obtain a copy of the License at
+
+		http://www.apache.org/licenses/LICENSE-2.0
+
+	Unless required by applicable law or agreed to in writing, software
+	distributed under the License is distributed on an "AS IS" BASIS,
+	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+	See the License for the specific language governing permissions and
+	limitations under the License.
+*/
+
+syntax = "proto3";
+
+package containerd.services.version.v1;
+
+import "google/protobuf/empty.proto";
+
+// TODO(stevvooe): Should version service actually be versioned?
+option go_package = "github.com/containerd/containerd/api/services/version/v1;version";
+
+service Version {
+	rpc Version(google.protobuf.Empty) returns (VersionResponse);
+}
+
+message VersionResponse {
+	string version = 1;
+	string revision = 2;
+}

crates/client/vendor/github.com/containerd/containerd/vendor/github.com/containerd/containerd/api/types/descriptor.proto

@@ -0,0 +1,33 @@
+/*
+	Copyright The containerd Authors.
+
+	Licensed under the Apache License, Version 2.0 (the "License");
+	you may not use this file except in compliance with the License.
+	You may obtain a copy of the License at
+
+		http://www.apache.org/licenses/LICENSE-2.0
+
+	Unless required by applicable law or agreed to in writing, software
+	distributed under the License is distributed on an "AS IS" BASIS,
+	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+	See the License for the specific language governing permissions and
+	limitations under the License.
+*/
+
+syntax = "proto3";
+
+package containerd.types;
+
+option go_package = "github.com/containerd/containerd/api/types;types";
+
+// Descriptor describes a blob in a content store.
+//
+// This descriptor can be used to reference content from an
+// oci descriptor found in a manifest.
+// See https://godoc.org/github.com/opencontainers/image-spec/specs-go/v1#Descriptor
+message Descriptor {
+	string media_type = 1;
+	string digest = 2;
+	int64 size = 3;
+	map<string, string> annotations = 5;
+}

crates/client/vendor/github.com/containerd/containerd/vendor/github.com/containerd/containerd/api/types/event.proto

@@ -0,0 +1,33 @@
+/*
+	Copyright The containerd Authors.
+
+	Licensed under the Apache License, Version 2.0 (the "License");
+	you may not use this file except in compliance with the License.
+	You may obtain a copy of the License at
+
+		http://www.apache.org/licenses/LICENSE-2.0
+
+	Unless required by applicable law or agreed to in writing, software
+	distributed under the License is distributed on an "AS IS" BASIS,
+	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+	See the License for the specific language governing permissions and
+	limitations under the License.
+*/
+
+syntax = "proto3";
+
+package containerd.types;
+
+import "github.com/containerd/containerd/api/types/fieldpath.proto";
+import "google/protobuf/any.proto";
+import "google/protobuf/timestamp.proto";
+
+option go_package = "github.com/containerd/containerd/api/types;types";
+
+message Envelope {
+	option (containerd.types.fieldpath) = true;
+	google.protobuf.Timestamp timestamp = 1;
+	string namespace = 2;
+	string topic = 3;
+	google.protobuf.Any event = 4;
+}

crates/client/vendor/github.com/containerd/containerd/vendor/github.com/containerd/containerd/api/types/fieldpath.proto

@@ -0,0 +1,42 @@
+// Protocol Buffers for Go with Gadgets
+//
+// Copyright (c) 2013, The GoGo Authors. All rights reserved.
+// http://github.com/gogo/protobuf
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are
+// met:
+//
+//     * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+//     * Redistributions in binary form must reproduce the above
+// copyright notice, this list of conditions and the following disclaimer
+// in the documentation and/or other materials provided with the
+// distribution.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+syntax = "proto3";
+package containerd.types;
+
+import "google/protobuf/descriptor.proto";
+
+option go_package = "github.com/containerd/containerd/api/types;types";
+
+extend google.protobuf.FileOptions {
+	optional bool fieldpath_all = 63300;
+}
+
+extend google.protobuf.MessageOptions {
+	optional bool fieldpath = 64400;
+}

crates/client/vendor/github.com/containerd/containerd/vendor/github.com/containerd/containerd/api/types/introspection.proto

@@ -0,0 +1,46 @@
+/*
+	Copyright The containerd Authors.
+
+	Licensed under the Apache License, Version 2.0 (the "License");
+	you may not use this file except in compliance with the License.
+	You may obtain a copy of the License at
+
+		http://www.apache.org/licenses/LICENSE-2.0
+
+	Unless required by applicable law or agreed to in writing, software
+	distributed under the License is distributed on an "AS IS" BASIS,
+	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+	See the License for the specific language governing permissions and
+	limitations under the License.
+*/
+
+syntax = "proto3";
+
+package containerd.types;
+
+import "google/protobuf/any.proto";
+
+option go_package = "github.com/containerd/containerd/api/types;types";
+
+message RuntimeRequest {
+	string runtime_path = 1;
+	// Options correspond to CreateTaskRequest.options.
+	// This is needed to pass the runc binary path, etc.
+	google.protobuf.Any options = 2;
+}
+
+message RuntimeVersion {
+	string version = 1;
+	string revision = 2;
+}
+
+message RuntimeInfo {
+	string name = 1;
+	RuntimeVersion version = 2;
+	// Options correspond to RuntimeInfoRequest.Options (contains runc binary path, etc.)
+	google.protobuf.Any options = 3;
+	// OCI-compatible runtimes should use https://github.com/opencontainers/runtime-spec/blob/main/features.md
+	google.protobuf.Any features = 4;
+	// Annotations of the shim. Irrelevant to features.Annotations.
+	map<string, string> annotations = 5;
+}

crates/client/vendor/github.com/containerd/containerd/vendor/github.com/containerd/containerd/api/types/metrics.proto

@@ -0,0 +1,30 @@
+/*
+	Copyright The containerd Authors.
+
+	Licensed under the Apache License, Version 2.0 (the "License");
+	you may not use this file except in compliance with the License.
+	You may obtain a copy of the License at
+
+		http://www.apache.org/licenses/LICENSE-2.0
+
+	Unless required by applicable law or agreed to in writing, software
+	distributed under the License is distributed on an "AS IS" BASIS,
+	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+	See the License for the specific language governing permissions and
+	limitations under the License.
+*/
+
+syntax = "proto3";
+
+package containerd.types;
+
+import "google/protobuf/any.proto";
+import "google/protobuf/timestamp.proto";
+
+option go_package = "github.com/containerd/containerd/api/types;types";
+
+message Metric {
+	google.protobuf.Timestamp timestamp = 1;
+	string id = 2;
+	google.protobuf.Any data = 3;
+}

crates/client/vendor/github.com/containerd/containerd/vendor/github.com/containerd/containerd/api/types/mount.proto

@@ -0,0 +1,43 @@
+/*
+	Copyright The containerd Authors.
+
+	Licensed under the Apache License, Version 2.0 (the "License");
+	you may not use this file except in compliance with the License.
+	You may obtain a copy of the License at
+
+		http://www.apache.org/licenses/LICENSE-2.0
+
+	Unless required by applicable law or agreed to in writing, software
+	distributed under the License is distributed on an "AS IS" BASIS,
+	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+	See the License for the specific language governing permissions and
+	limitations under the License.
+*/
+
+syntax = "proto3";
+
+package containerd.types;
+
+option go_package = "github.com/containerd/containerd/api/types;types";
+
+// Mount describes mounts for a container.
+//
+// This type is the lingua franca of ContainerD. All services provide mounts
+// to be used with the container at creation time.
+//
+// The Mount type follows the structure of the mount syscall, including a type,
+// source, target and options.
+message Mount {
+	// Type defines the nature of the mount.
+	string type = 1;
+
+	// Source specifies the name of the mount. Depending on mount type, this
+	// may be a volume name or a host path, or even ignored.
+	string source = 2;
+
+	// Target path in container
+	string target = 3;
+
+	// Options specifies zero or more fstab style mount options.
+	repeated string options = 4;
+}

crates/client/vendor/github.com/containerd/containerd/vendor/github.com/containerd/containerd/api/types/platform.proto

@@ -0,0 +1,30 @@
+/*
+	Copyright The containerd Authors.
+
+	Licensed under the Apache License, Version 2.0 (the "License");
+	you may not use this file except in compliance with the License.
+	You may obtain a copy of the License at
+
+		http://www.apache.org/licenses/LICENSE-2.0
+
+	Unless required by applicable law or agreed to in writing, software
+	distributed under the License is distributed on an "AS IS" BASIS,
+	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+	See the License for the specific language governing permissions and
+	limitations under the License.
+*/
+
+syntax = "proto3";
+
+package containerd.types;
+
+option go_package = "github.com/containerd/containerd/api/types;types";
+
+// Platform follows the structure of the OCI platform specification, from
+// descriptors.
+message Platform {
+	string os = 1;
+	string architecture = 2;
+	string variant = 3;
+	string os_version = 4;
+}

crates/client/vendor/github.com/containerd/containerd/vendor/github.com/containerd/containerd/api/types/runc/options/oci.proto

@@ -0,0 +1,63 @@
+syntax = "proto3";
+
+package containerd.runc.v1;
+
+option go_package = "github.com/containerd/containerd/api/types/runc/options;options";
+
+message Options {
+	// disable pivot root when creating a container
+	bool no_pivot_root = 1;
+	// create a new keyring for the container
+	bool no_new_keyring = 2;
+	// place the shim in a cgroup
+	string shim_cgroup = 3;
+	// set the I/O's pipes uid
+	uint32 io_uid = 4;
+	// set the I/O's pipes gid
+	uint32 io_gid = 5;
+	// binary name of the runc binary
+	string binary_name = 6;
+	// runc root directory
+	string root = 7;
+	// criu binary path.
+	//
+	// Removed in containerd v2.0: string criu_path = 8;
+	reserved 8;
+	// enable systemd cgroups
+	bool systemd_cgroup = 9;
+	// criu image path
+	string criu_image_path = 10;
+	// criu work path
+	string criu_work_path = 11;
+	// task api address, can be a unix domain socket, or vsock address.
+	// it is in the form of ttrpc+unix://path/to/uds or grpc+vsock://<vsock cid>:<port>.
+	string task_api_address = 12;
+	// task api version, currently supported value is 2 and 3.
+	uint32 task_api_version = 13;
+}
+
+message CheckpointOptions {
+	// exit the container after a checkpoint
+	bool exit = 1;
+	// checkpoint open tcp connections
+	bool open_tcp = 2;
+	// checkpoint external unix sockets
+	bool external_unix_sockets = 3;
+	// checkpoint terminals (ptys)
+	bool terminal = 4;
+	// allow checkpointing of file locks
+	bool file_locks = 5;
+	// restore provided namespaces as empty namespaces
+	repeated string empty_namespaces = 6;
+	// set the cgroups mode, soft, full, strict
+	string cgroups_mode = 7;
+	// checkpoint image path
+	string image_path = 8;
+	// checkpoint work path
+	string work_path = 9;
+}
+
+message ProcessDetails {
+	// exec process id if the process is managed by a shim
+	string exec_id = 1;
+}

crates/client/vendor/github.com/containerd/containerd/vendor/github.com/containerd/containerd/api/types/runtimeoptions/v1/api.proto

@@ -0,0 +1,17 @@
+// To regenerate api.pb.go run `make protos`
+syntax = "proto3";
+
+package runtimeoptions.v1;
+
+option go_package = "github.com/containerd/containerd/api/types/runtimeoptions/v1;runtimeoptions";
+
+message Options {
+	// TypeUrl specifies the type of the content inside the config file.
+	string type_url = 1;
+	// ConfigPath specifies the filesystem location of the config file
+	// used by the runtime.
+	string config_path = 2;
+	// Blob specifies an in-memory TOML blob passed from containerd's configuration section
+	// for this runtime. This will be used if config_path is not specified.
+	bytes config_body = 3;
+}

crates/client/vendor/github.com/containerd/containerd/vendor/github.com/containerd/containerd/api/types/sandbox.proto

@@ -0,0 +1,54 @@
+/*
+	Copyright The containerd Authors.
+
+	Licensed under the Apache License, Version 2.0 (the "License");
+	you may not use this file except in compliance with the License.
+	You may obtain a copy of the License at
+
+		http://www.apache.org/licenses/LICENSE-2.0
+
+	Unless required by applicable law or agreed to in writing, software
+	distributed under the License is distributed on an "AS IS" BASIS,
+	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+	See the License for the specific language governing permissions and
+	limitations under the License.
+*/
+
+syntax = "proto3";
+
+package containerd.types;
+
+import "google/protobuf/any.proto";
+import "google/protobuf/timestamp.proto";
+
+option go_package = "github.com/containerd/containerd/api/types;types";
+
+// Sandbox represents a sandbox metadata object that keeps all info required by controller to
+// work with a particular instance.
+message Sandbox {
+	// SandboxID is a unique instance identifier within namespace
+	string sandbox_id = 1;
+	message Runtime {
+		// Name is the name of the runtime.
+		string name = 1;
+		// Options specify additional runtime initialization options for the shim (this data will be available in StartShim).
+		// Typically this data expected to be runtime shim implementation specific.
+		google.protobuf.Any options = 2;
+	}
+	// Runtime specifies which runtime to use for executing this container.
+	Runtime runtime = 2;
+	// Spec is sandbox configuration (kin of OCI runtime spec), spec's data will be written to a config.json file in the
+	// bundle directory (similary to OCI spec).
+	google.protobuf.Any spec = 3;
+	// Labels provides an area to include arbitrary data on containers.
+	map<string, string> labels = 4;
+	// CreatedAt is the time the container was first created.
+	google.protobuf.Timestamp created_at = 5;
+	// UpdatedAt is the last time the container was mutated.
+	google.protobuf.Timestamp updated_at = 6;
+	// Extensions allow clients to provide optional blobs that can be handled by runtime.
+	map<string, google.protobuf.Any> extensions = 7;
+	// Sandboxer is the name of the sandbox controller who manages the sandbox.
+	string sandboxer = 10;
+
+}

crates/client/vendor/github.com/containerd/containerd/vendor/github.com/containerd/containerd/api/types/task/task.proto

@@ -0,0 +1,55 @@
+/*
+	Copyright The containerd Authors.
+
+	Licensed under the Apache License, Version 2.0 (the "License");
+	you may not use this file except in compliance with the License.
+	You may obtain a copy of the License at
+
+		http://www.apache.org/licenses/LICENSE-2.0
+
+	Unless required by applicable law or agreed to in writing, software
+	distributed under the License is distributed on an "AS IS" BASIS,
+	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+	See the License for the specific language governing permissions and
+	limitations under the License.
+*/
+
+syntax = "proto3";
+
+package containerd.v1.types;
+
+import "google/protobuf/timestamp.proto";
+import "google/protobuf/any.proto";
+
+option go_package = "github.com/containerd/containerd/api/types/task";
+
+enum Status {
+	UNKNOWN = 0;
+	CREATED = 1;
+	RUNNING = 2;
+	STOPPED = 3;
+	PAUSED = 4;
+	PAUSING = 5;
+}
+
+message Process {
+	string container_id = 1;
+	string id = 2;
+	uint32 pid = 3;
+	Status status = 4;
+	string stdin = 5;
+	string stdout = 6;
+	string stderr = 7;
+	bool terminal = 8;
+	uint32 exit_status = 9;
+	google.protobuf.Timestamp exited_at = 10;
+}
+
+message ProcessInfo {
+	// PID is the process ID.
+	uint32 pid = 1;
+	// Info contains additional process information.
+	//
+	// Info varies by platform.
+	google.protobuf.Any info = 2;
+}

crates/client/vendor/github.com/containerd/containerd/vendor/github.com/containerd/containerd/api/types/transfer/imagestore.proto

@@ -0,0 +1,82 @@
+/*
+	Copyright The containerd Authors.
+
+	Licensed under the Apache License, Version 2.0 (the "License");
+	you may not use this file except in compliance with the License.
+	You may obtain a copy of the License at
+
+		http://www.apache.org/licenses/LICENSE-2.0
+
+	Unless required by applicable law or agreed to in writing, software
+	distributed under the License is distributed on an "AS IS" BASIS,
+	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+	See the License for the specific language governing permissions and
+	limitations under the License.
+*/
+
+syntax = "proto3";
+
+package containerd.types.transfer;
+
+import "github.com/containerd/containerd/api/types/platform.proto";
+
+option go_package = "github.com/containerd/containerd/api/types/transfer";
+
+message ImageStore {
+	string name = 1;
+	map<string, string> labels = 2;
+
+	// Content filters
+
+	repeated types.Platform platforms = 3;
+	bool all_metadata = 4;
+	uint32 manifest_limit = 5;
+
+	// Import naming
+
+	// extra_references are used to set image names on imports of sub-images from the index
+	repeated ImageReference extra_references = 6;
+
+	// Unpack Configuration, multiple allowed
+
+	repeated UnpackConfiguration unpacks = 10;
+}
+
+message UnpackConfiguration {
+	// platform is the platform to unpack for, used for resolving manifest and snapshotter
+	// if not provided
+	types.Platform platform = 1;
+
+	// snapshotter to unpack to, if not provided default for platform shoudl be used
+	string snapshotter = 2;
+}
+
+// ImageReference is used to create or find a reference for an image
+message ImageReference {
+	string name = 1;
+
+	// is_prefix determines whether the Name should be considered
+	// a prefix (without tag or digest).
+	// For lookup, this may allow matching multiple tags.
+	// For store, this must have a tag or digest added.
+	bool is_prefix = 2;
+
+	// allow_overwrite allows overwriting or ignoring the name if
+	// another reference is provided (such as through an annotation).
+	// Only used if IsPrefix is true.
+	bool allow_overwrite = 3;
+
+	// add_digest adds the manifest digest to the reference.
+	// For lookup, this allows matching tags with any digest.
+	// For store, this allows adding the digest to the name.
+	// Only used if IsPrefix is true.
+	bool add_digest = 4;
+
+	// skip_named_digest only considers digest references which do not
+	// have a non-digested named reference.
+	// For lookup, this will deduplicate digest references when there is a named match.
+	// For store, this only adds this digest reference when there is no matching full
+	// name reference from the prefix.
+	// Only used if IsPrefix is true.
+	bool skip_named_digest = 5;
+}

crates/client/vendor/github.com/containerd/containerd/vendor/github.com/containerd/containerd/api/types/transfer/importexport.proto

@@ -0,0 +1,52 @@
+/*
+	Copyright The containerd Authors.
+
+	Licensed under the Apache License, Version 2.0 (the "License");
+	you may not use this file except in compliance with the License.
+	You may obtain a copy of the License at
+
+		http://www.apache.org/licenses/LICENSE-2.0
+
+	Unless required by applicable law or agreed to in writing, software
+	distributed under the License is distributed on an "AS IS" BASIS,
+	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+	See the License for the specific language governing permissions and
+	limitations under the License.
+*/
+
+syntax = "proto3";
+
+package containerd.types.transfer;
+
+option go_package = "github.com/containerd/containerd/api/types/transfer";
+
+import "github.com/containerd/containerd/api/types/platform.proto";
+
+message ImageImportStream {
+	// Stream is used to identify the binary input stream for the import operation.
+	// The stream uses the transfer binary stream protocol with the client as the sender.
+	// The binary data is expected to be a raw tar stream.
+	string stream = 1;
+
+	string media_type = 2;
+
+	bool force_compress = 3;
+}
+
+message ImageExportStream {
+	// Stream is used to identify the binary output stream for the export operation.
+	// The stream uses the transfer binary stream protocol with the server as the sender.
+	// The binary data is expected to be a raw tar stream.
+	string stream = 1;
+
+	string media_type = 2;
+
+	// The specified platforms
+	repeated types.Platform platforms = 3;
+	// Whether to include all platforms
+	bool all_platforms = 4;
+	// Skips the creation of the Docker compatible manifest.json file
+	bool skip_compatibility_manifest = 5;
+	// Excludes non-distributable blobs such as Windows base layers.
+	bool skip_non_distributable = 6;
+}

crates/client/vendor/github.com/containerd/containerd/vendor/github.com/containerd/containerd/api/types/transfer/progress.proto

@@ -0,0 +1,32 @@
+/*
+	Copyright The containerd Authors.
+
+	Licensed under the Apache License, Version 2.0 (the "License");
+	you may not use this file except in compliance with the License.
+	You may obtain a copy of the License at
+
+		http://www.apache.org/licenses/LICENSE-2.0
+
+	Unless required by applicable law or agreed to in writing, software
+	distributed under the License is distributed on an "AS IS" BASIS,
+	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+	See the License for the specific language governing permissions and
+	limitations under the License.
+*/
+
+syntax = "proto3";
+
+package containerd.types.transfer;
+
+import "github.com/containerd/containerd/api/types/descriptor.proto";
+
+option go_package = "github.com/containerd/containerd/api/types/transfer";
+
+message Progress {
+	string event = 1;
+	string name = 2;
+	repeated string parents = 3;
+	int64 progress = 4;
+	int64 total = 5;
+	containerd.types.Descriptor desc = 6;
+}

crates/client/vendor/github.com/containerd/containerd/vendor/github.com/containerd/containerd/api/types/transfer/registry.proto

@@ -0,0 +1,97 @@
+/*
+	Copyright The containerd Authors.
+
+	Licensed under the Apache License, Version 2.0 (the "License");
+	you may not use this file except in compliance with the License.
+	You may obtain a copy of the License at
+
+		http://www.apache.org/licenses/LICENSE-2.0
+
+	Unless required by applicable law or agreed to in writing, software
+	distributed under the License is distributed on an "AS IS" BASIS,
+	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+	See the License for the specific language governing permissions and
+	limitations under the License.
+*/
+
+syntax = "proto3";
+
+package containerd.types.transfer;
+
+import "google/protobuf/timestamp.proto";
+
+option go_package = "github.com/containerd/containerd/api/types/transfer";
+
+message OCIRegistry {
+	string reference = 1;
+	RegistryResolver resolver = 2;
+}
+
+enum HTTPDebug {
+	DISABLED = 0;
+	// Enable HTTP debugging
+	DEBUG = 1;
+	// Enable HTTP requests tracing
+	TRACE = 2;
+	// Enable both HTTP debugging and requests tracing
+	BOTH = 3;
+}
+
+message RegistryResolver {
+	// auth_stream is used to refer to a stream which auth callbacks may be
+	// made on.
+	string auth_stream = 1;
+
+	// Headers
+	map<string, string> headers = 2;
+
+	string host_dir = 3;
+
+	string default_scheme = 4;
+	// Force skip verify
+	// CA callback? Client TLS callback?
+
+	// Whether to debug/trace HTTP requests to OCI registry.
+	HTTPDebug http_debug = 5;
+
+	// Stream ID to use for HTTP logs (when logs are streamed to client).
+	// When empty, logs are written to containerd logs.
+	string logs_stream = 6;
+}
+
+// AuthRequest is sent as a callback on a stream
+message AuthRequest {
+	// host is the registry host
+	string host = 1;
+
+	// reference is the namespace and repository name requested from the registry
+	string reference = 2;
+
+	// wwwauthenticate is the HTTP WWW-Authenticate header values returned from the registry
+	repeated string wwwauthenticate = 3;
+}
+
+enum AuthType {
+	NONE = 0;
+
+	// CREDENTIALS is used to exchange username/password for access token
+	// using an oauth or "Docker Registry Token" server
+	CREDENTIALS = 1;
+
+	// REFRESH is used to exchange secret for access token using an oauth
+	// or "Docker Registry Token" server
+	REFRESH = 2;
+
+	// HEADER is used to set the HTTP Authorization header to secret
+	// directly for the registry.
+	// Value should be `<auth-scheme> <authorization-parameters>`
+	HEADER = 3;
+}
+
+message AuthResponse {
+	AuthType authType = 1;
+	string secret = 2;
+	string username = 3;
+	google.protobuf.Timestamp expire_at = 4;
+	// TODO: Stream error
+}

crates/client/vendor/github.com/containerd/containerd/vendor/github.com/containerd/containerd/api/types/transfer/streaming.proto

@@ -0,0 +1,29 @@
+/*
+	Copyright The containerd Authors.
+
+	Licensed under the Apache License, Version 2.0 (the "License");
+	you may not use this file except in compliance with the License.
+	You may obtain a copy of the License at
+
+		http://www.apache.org/licenses/LICENSE-2.0
+
+	Unless required by applicable law or agreed to in writing, software
+	distributed under the License is distributed on an "AS IS" BASIS,
+	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+	See the License for the specific language governing permissions and
+	limitations under the License.
+*/
+
+syntax = "proto3";
+
+package containerd.types.transfer;
+
+option go_package = "github.com/containerd/containerd/api/types/transfer";
+
+message Data {
+	bytes data = 1;
+}
+
+message WindowUpdate {
+	int32 update = 1;
+}

crates/client/vendor/gogoproto/gogo.proto

@@ -1,144 +0,0 @@
-// Protocol Buffers for Go with Gadgets
-//
-// Copyright (c) 2013, The GoGo Authors. All rights reserved.
-// http://github.com/gogo/protobuf
-//
-// Redistribution and use in source and binary forms, with or without
-// modification, are permitted provided that the following conditions are
-// met:
-//
-//     * Redistributions of source code must retain the above copyright
-// notice, this list of conditions and the following disclaimer.
-//     * Redistributions in binary form must reproduce the above
-// copyright notice, this list of conditions and the following disclaimer
-// in the documentation and/or other materials provided with the
-// distribution.
-//
-// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-syntax = "proto2";
-package gogoproto;
-
-import "google/protobuf/descriptor.proto";
-
-option java_package = "com.google.protobuf";
-option java_outer_classname = "GoGoProtos";
-option go_package = "github.com/gogo/protobuf/gogoproto";
-
-extend google.protobuf.EnumOptions {
-	optional bool goproto_enum_prefix = 62001;
-	optional bool goproto_enum_stringer = 62021;
-	optional bool enum_stringer = 62022;
-	optional string enum_customname = 62023;
-	optional bool enumdecl = 62024;
-}
-
-extend google.protobuf.EnumValueOptions {
-	optional string enumvalue_customname = 66001;
-}
-
-extend google.protobuf.FileOptions {
-	optional bool goproto_getters_all = 63001;
-	optional bool goproto_enum_prefix_all = 63002;
-	optional bool goproto_stringer_all = 63003;
-	optional bool verbose_equal_all = 63004;
-	optional bool face_all = 63005;
-	optional bool gostring_all = 63006;
-	optional bool populate_all = 63007;
-	optional bool stringer_all = 63008;
-	optional bool onlyone_all = 63009;
-
-	optional bool equal_all = 63013;
-	optional bool description_all = 63014;
-	optional bool testgen_all = 63015;
-	optional bool benchgen_all = 63016;
-	optional bool marshaler_all = 63017;
-	optional bool unmarshaler_all = 63018;
-	optional bool stable_marshaler_all = 63019;
-
-	optional bool sizer_all = 63020;
-
-	optional bool goproto_enum_stringer_all = 63021;
-	optional bool enum_stringer_all = 63022;
-
-	optional bool unsafe_marshaler_all = 63023;
-	optional bool unsafe_unmarshaler_all = 63024;
-
-	optional bool goproto_extensions_map_all = 63025;
-	optional bool goproto_unrecognized_all = 63026;
-	optional bool gogoproto_import = 63027;
-	optional bool protosizer_all = 63028;
-	optional bool compare_all = 63029;
-    optional bool typedecl_all = 63030;
-    optional bool enumdecl_all = 63031;
-
-	optional bool goproto_registration = 63032;
-	optional bool messagename_all = 63033;
-
-	optional bool goproto_sizecache_all = 63034;
-	optional bool goproto_unkeyed_all = 63035;
-}
-
-extend google.protobuf.MessageOptions {
-	optional bool goproto_getters = 64001;
-	optional bool goproto_stringer = 64003;
-	optional bool verbose_equal = 64004;
-	optional bool face = 64005;
-	optional bool gostring = 64006;
-	optional bool populate = 64007;
-	optional bool stringer = 67008;
-	optional bool onlyone = 64009;
-
-	optional bool equal = 64013;
-	optional bool description = 64014;
-	optional bool testgen = 64015;
-	optional bool benchgen = 64016;
-	optional bool marshaler = 64017;
-	optional bool unmarshaler = 64018;
-	optional bool stable_marshaler = 64019;
-
-	optional bool sizer = 64020;
-
-	optional bool unsafe_marshaler = 64023;
-	optional bool unsafe_unmarshaler = 64024;
-
-	optional bool goproto_extensions_map = 64025;
-	optional bool goproto_unrecognized = 64026;
-
-	optional bool protosizer = 64028;
-	optional bool compare = 64029;
-
-	optional bool typedecl = 64030;
-
-	optional bool messagename = 64033;
-
-	optional bool goproto_sizecache = 64034;
-	optional bool goproto_unkeyed = 64035;
-}
-
-extend google.protobuf.FieldOptions {
-	optional bool nullable = 65001;
-	optional bool embed = 65002;
-	optional string customtype = 65003;
-	optional string customname = 65004;
-	optional string jsontag = 65005;
-	optional string moretags = 65006;
-	optional string casttype = 65007;
-	optional string castkey = 65008;
-	optional string castvalue = 65009;
-
-	optional bool stdtime = 65010;
-	optional bool stdduration = 65011;
-	optional bool wktpointer = 65012;
-
-}

crates/logging/Cargo.toml

@@ -1,11 +1,21 @@
 [package]
 name = "containerd-shim-logging"
 version = "0.1.1"
-authors = ["Maksym Pavlenko <pavlenko.maksym@gmail.com>", "The containerd Authors"]
+authors = [
+  "Maksym Pavlenko <pavlenko.maksym@gmail.com>",
+  "The containerd Authors",
+]
 description = "Logger extension for containerd v2 runtime"
 keywords = ["containerd", "shim", "containers"]
+categories = ["api-bindings", "asynchronous"]
 
 edition.workspace = true
 license.workspace = true
 repository.workspace = true
 homepage.workspace = true
+
+[features]
+docs = []
+
+[package.metadata.docs.rs]
+features = ["docs"]

crates/logging/README.md

@@ -8,7 +8,7 @@
 Shim v2 runtime supports pluggable logging binaries via stdio URIs.
 This crate implement `logging::run` to easy custom logger implementations in Rust.
 
-[containerd Documentation](https://github.com/containerd/containerd/tree/master/runtime/v2#logging)
+[containerd Documentation](https://github.com/containerd/containerd/tree/master/core/runtime/v2#logging)
 
 ## Example
 

crates/logging/src/lib.rs

@@ -14,14 +14,7 @@
    limitations under the License.
 */
 
-//! Helper library to implement custom shim loggers for containerd.
-//!
-//! # Runtime
-//! containerd shims may support pluggable logging via stdio URIs. Binary logging has the ability to
-//! forward a container's STDIO to an external binary for consumption.
-//!
-//! This crates replicates APIs provided by Go [version](https://github.com/containerd/containerd/blob/main/runtime/v2/README.md#logging).
-//!
+#![cfg_attr(feature = "docs", doc = include_str!("../README.md"))]
 
 use std::{env, fmt, fs, os::unix::io::FromRawFd, process};