zlayer-agent 0.11.13

Container runtime agent using libcontainer/youki
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168

[package]
name = "zlayer-agent"
version.workspace = true
edition.workspace = true
license.workspace = true
repository.workspace = true
rust-version.workspace = true
description = "Container runtime agent using libcontainer/youki"
keywords = ["container", "runtime", "youki", "libcontainer", "orchestration"]
categories = ["os", "virtualization"]
readme = "README.md"

[features]
default = []
# Linux-native container runtime via libcontainer/youki. OFF by default so the
# crate publishes cleanly: the published `libcontainer 0.6.0` on crates.io has
# strict pins (`protobuf = =3.2.0`, `rust-criu = ^0.4.0`) that conflict with
# our git-rev pin's relaxed deps. `bin/zlayer` enables this feature; downstream
# consumers (e.g. zfunctions in Zatabase) that don't need the Linux runtime
# leave it off.
youki-runtime = ["dep:libcontainer"]
# Windows HCS (Host Compute Service) native container runtime. The `zlayer-hcs`
# dep and all Windows runtime modules are already gated on
# `cfg(target_os = "windows")`, so this feature is primarily a user-facing
# opt-in marker for CI / bin/zlayer configuration. Enabling it on non-Windows
# targets is a no-op.
hcs-runtime = []
# WSL2 delegate runtime. When enabled on Windows targets, pulls in the
# `zlayer-wsl` crate so `Wsl2DelegateRuntime` can shell out to `youki` inside
# the dedicated `zlayer` WSL2 distro. Off by default; enabled explicitly by
# `bin/zlayer` when the native Windows daemon wants Linux-container support
# alongside HCS.
wsl = ["dep:zlayer-wsl", "dep:anyhow"]
docker = ["dep:bollard"]
wasm = [
    "dep:wasmtime",
    "dep:wasmtime-wasi",
    "dep:wasmtime-wasi-http",
    "dep:http",
    "dep:http-body-util",
    "dep:hyper",
    "dep:anyhow",
    "dep:sha2",
]
s3 = ["zlayer-init-actions/s3", "zlayer-registry/s3", "dep:zlayer-storage"]

[dependencies]
async-trait.workspace = true
chrono.workspace = true
cron.workspace = true
parking_lot.workspace = true
zlayer-init-actions.workspace = true
libc.workspace = true
nix.workspace = true
oci-client.workspace = true
oci-spec.workspace = true
reqwest = { workspace = true, features = ["json"] }
serde.workspace = true
serde_json.workspace = true
serde_yaml.workspace = true
zlayer-secrets.workspace = true
zlayer-spec.workspace = true
zlayer-types.workspace = true
thiserror.workspace = true
tokio.workspace = true
tracing.workspace = true
uuid.workspace = true
zlayer-core.workspace = true
zlayer-observability.workspace = true
zlayer-proxy.workspace = true
zlayer-registry = { workspace = true, features = ["persistent", "local"] }
zlayer-overlay.workspace = true
ipnetwork = "0.21.1"
num_cpus.workspace = true
zlayer-scheduler.workspace = true
zlayer-storage = { workspace = true, optional = true }
ulid = "1.2.1"
jsonwebtoken.workspace = true

# Streaming utilities (needed for Docker streaming)
futures-util.workspace = true
# ReceiverStream wrapper for exec_stream (bollard output -> mpsc -> Stream).
tokio-stream.workspace = true

# Docker runtime support (optional)
# Features:
# - ssl: TLS support for secure connections
# - time: Timestamp support
# - pipe: Unix socket/Windows named pipe support (required for connect_with_local_defaults)
# - http: HTTP transport support
bollard = { version = "0.20", default-features = false, features = ["ssl", "time", "pipe", "http"], optional = true }

# WebAssembly runtime support (optional)
# Features:
# - async: Tokio integration for async execution
# - cranelift: JIT compilation backend
# - component-model: WASIp2 component model support
wasmtime = { version = "41", default-features = false, features = ["async", "cranelift", "component-model"], optional = true }
wasmtime-wasi = { version = "41", optional = true }
wasmtime-wasi-http = { version = "41", optional = true }

# Always-on `bytes` dep — used by the streaming runtime types
# (`LogChunk::bytes` in `runtime.rs`). The wasm feature gate previously made
# this optional; promoted to mandatory because the trait itself now references
# `bytes::Bytes`.
bytes = "1"
http = { version = "1", optional = true }
http-body-util = { version = "0.1", optional = true }
hyper = { version = "1", optional = true }
anyhow = { version = "1", optional = true }
sha2 = { workspace = true, optional = true }
zlayer-paths.workspace = true

# Linux-specific dependencies for native container runtime (youki/libcontainer)
# Consuming the patched fork via `zlayer-libcontainer` published from
# github.com/ZachHandley/youki@zlayer-patches. See docs/youki-fork.md for
# patch list, publish workflow, and retirement criteria.
[target.'cfg(target_os = "linux")'.dependencies]
libcontainer = { package = "zlayer-libcontainer", version = "0.6.1-zlayer.1", optional = true }
rtnetlink = "0.14"
# Must match the version used internally by rtnetlink 0.14 so
# RouteScope and other route-message types line up across crate boundaries.
netlink-packet-route = "0.19"
# Used by the youki backend's archive_get/archive_put implementations to
# stream and unpack TAR archives in/out of a container's bundle rootfs.
tar = { workspace = true }

# macOS-specific dependencies for sandbox and VM runtimes
[target.'cfg(target_os = "macos")'.dependencies]
dirs = "5"
libloading = "0.8"

# Windows-specific dependencies for HCS / WCIFS / backup-stream layer writing.
# The `windows` crate gates each Win32 API behind a feature flag; enable only
# what the `windows/` submodule actually calls.
[target.'cfg(target_os = "windows")'.dependencies]
windows = { version = "0.62", features = [
    "Win32_Foundation",
    "Win32_Storage_FileSystem",
    "Win32_Security",
    "Win32_Security_Authorization",
    "Win32_System_Threading",
    "Win32_System_IO",
    "Win32_System_HostComputeSystem",
] }
zlayer-hcs = { workspace = true }
zlayer-hns = { workspace = true }
# Gated behind the `wsl` feature — only pulled in when the Wsl2DelegateRuntime
# is actually compiled. Keeps the default Windows build lean.
zlayer-wsl = { workspace = true, optional = true }
# Windows OCI layer unpacker deps (crates/.../windows/unpacker.rs).
# `uuid` is already in the main [dependencies] section but listing it again
# here would be redundant; same for `sha2` (only pulled in via the `wasm`
# feature in the main section, so we take an always-on dep here so the unpacker
# compiles without `--features wasm` on Windows).
tar = { workspace = true }
flate2 = { workspace = true }
zstd = "0.13"
sha2 = { workspace = true }
hex = { workspace = true }

[dev-dependencies]
rand = { workspace = true }
tempfile = "3.24.0"
wat = "1.244.0"

[lints]
workspace = true