chore: release (#279)

Co-authored-by: edera-cultivation[bot] <165992271+edera-cultivation[bot]@users.noreply.github.com>

.github/workflows/nightly.yml

@@ -37,7 +37,7 @@ jobs:
     - name: build systemd bundle
       run: ./hack/dist/bundle.sh
     - name: upload systemd bundle
-      uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
+      uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5
       with:
         name: krata-bundle-systemd-${{ matrix.arch }}
         path: "target/dist/bundle-systemd-${{ matrix.arch }}.tgz"
@@ -45,7 +45,7 @@ jobs:
     - name: build deb package
       run: ./hack/dist/deb.sh
     - name: upload deb package
-      uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
+      uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5
       with:
         name: krata-debian-${{ matrix.arch }}
         path: "target/dist/*.deb"
@@ -53,7 +53,7 @@ jobs:
     - name: build apk package
       run: ./hack/dist/apk.sh
     - name: upload apk package
-      uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
+      uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5
       with:
         name: krata-alpine-${{ matrix.arch }}
         path: "target/dist/*_${{ matrix.arch }}.apk"
@@ -104,13 +104,13 @@ jobs:
     - name: cargo build kratactl
       run: ./hack/build/cargo.sh build --release --bin kratactl
     - name: upload kratactl
-      uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
+      uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5
       with:
         name: kratactl-${{ matrix.platform.os }}-${{ matrix.platform.arch }}
         path: "target/*/release/kratactl"
       if: ${{ matrix.platform.os != 'windows' }}
     - name: upload kratactl
-      uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
+      uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5
       with:
         name: kratactl-${{ matrix.platform.os }}-${{ matrix.platform.arch }}
         path: "target/*/release/kratactl.exe"
@@ -142,15 +142,15 @@ jobs:
     - name: install cosign
       uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0
     - name: setup docker buildx
-      uses: docker/setup-buildx-action@4fd812986e6c8c2a69e18311145f9371337f27d4 # v3.4.0
+      uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1
     - name: login to container registry
-      uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
+      uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
       with:
         registry: ghcr.io
         username: "${{ github.actor }}"
         password: "${{ secrets.GITHUB_TOKEN }}"
     - name: docker build and push ${{ matrix.component }}
-      uses: docker/build-push-action@1ca370b3a9802c92e886402e0dd88098a2533b12 # v6.4.1
+      uses: docker/build-push-action@5176d81f87c23d6fc96624dfdbcd9f3830bbe445 # v6.5.0
       id: push
       with:
         file: ./images/Dockerfile.${{ matrix.component }}

.github/workflows/release-assets.yml

@@ -139,9 +139,9 @@ jobs:
     - name: install cosign
       uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0
     - name: setup docker buildx
-      uses: docker/setup-buildx-action@4fd812986e6c8c2a69e18311145f9371337f27d4 # v3.4.0
+      uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1
     - name: login to container registry
-      uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
+      uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
       with:
         registry: ghcr.io
         username: "${{ github.actor }}"
@@ -151,16 +151,22 @@ jobs:
       run: |
         echo "KRATA_VERSION=$(./hack/dist/version.sh)" >> "${GITHUB_OUTPUT}"
     - name: docker build and push ${{ matrix.component }}
-      uses: docker/build-push-action@1ca370b3a9802c92e886402e0dd88098a2533b12 # v6.4.1
+      uses: docker/build-push-action@5176d81f87c23d6fc96624dfdbcd9f3830bbe445 # v6.5.0
       id: push
       with:
         file: ./images/Dockerfile.${{ matrix.component }}
         platforms: linux/amd64,linux/aarch64
-        tags: "ghcr.io/edera-dev/${{ matrix.component }}:${{ steps.version.outputs.KRATA_VERSION }}"
+        tags: "ghcr.io/edera-dev/${{ matrix.component }}:${{ steps.version.outputs.KRATA_VERSION }},ghcr.io/edera-dev/${{ matrix.component }}:latest"
         push: true
-    - name: cosign sign ${{ matrix.component }}
+    - name: cosign sign ${{ matrix.component }}:${{ steps.version.outputs.KRATA_VERSION }}
       run: cosign sign --yes "${TAGS}@${DIGEST}"
       env:
         DIGEST: "${{ steps.push.outputs.digest }}"
         TAGS: "ghcr.io/edera-dev/${{ matrix.component }}:${{ steps.version.outputs.KRATA_VERSION }}"
         COSIGN_EXPERIMENTAL: "true"
+    - name: cosign sign ${{ matrix.component }}:latest
+      run: cosign sign --yes "${TAGS}@${DIGEST}"
+      env:
+        DIGEST: "${{ steps.push.outputs.digest }}"
+        TAGS: "ghcr.io/edera-dev/${{ matrix.component }}:latest"
+        COSIGN_EXPERIMENTAL: "true"

.github/workflows/release-plz.yml

@@ -37,7 +37,7 @@ jobs:
     - name: install linux dependencies
       run: ./hack/ci/install-linux-deps.sh
     - name: release-plz
-      uses: MarcoIeni/release-plz-action@86afd21a7b114234aab55ba0005eed52f77d89e4 # v0.5.62
+      uses: MarcoIeni/release-plz-action@92ae919a6b3e27c0472659e3a7414ff4a00e833f # v0.5.64
       env:
         GITHUB_TOKEN: "${{ steps.generate-token.outputs.token }}"
         CARGO_REGISTRY_TOKEN: "${{ secrets.KRATA_RELEASE_CARGO_TOKEN }}"

CHANGELOG.md

@@ -6,6 +6,18 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [0.0.14](https://github.com/edera-dev/krata/compare/v0.0.13...v0.0.14) - 2024-08-06
+
+### Added
+- *(oci)* use local index as resolution cache when appropriate, fixes [#289](https://github.com/edera-dev/krata/pull/289) ([#294](https://github.com/edera-dev/krata/pull/294))
+
+### Fixed
+- *(idm)* process all idm messages in the same frame and use childwait exit notification for exec (fixes [#290](https://github.com/edera-dev/krata/pull/290)) ([#302](https://github.com/edera-dev/krata/pull/302))
+
+### Other
+- init: mount /proc with hidepid=1 ([#277](https://github.com/edera-dev/krata/pull/277))
+- update Cargo.toml dependencies
+
 ## [0.0.13](https://github.com/edera-dev/krata/compare/v0.0.12...v0.0.13) - 2024-07-19
 
 ### Added

Cargo.lock

@@ -109,9 +109,9 @@ dependencies = [
 
 [[package]]
 name = "async-compression"
-version = "0.4.11"
+version = "0.4.12"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "cd066d0b4ef8ecb03a55319dc13aa6910616d0f44008a045bb1835af830abff5"
+checksum = "fec134f64e2bc57411226dfc4e52dec859ddfc7e711fc5e07b612584f000e4aa"
 dependencies = [
  "flate2",
  "futures-core",
@@ -304,9 +304,9 @@ checksum = "1fd0f2584146f6f2ef48085050886acf353beff7305ebd1ae69500e27c67f64b"
 
 [[package]]
 name = "bytes"
-version = "1.6.1"
+version = "1.7.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a12916984aab3fa6e39d655a33e09c0071eb36d6ab3aea5c2d78551f1df6d952"
+checksum = "8318a53db07bb3f8dca91a600466bdb3f2eaadeedfdbcf02e1accbad9271ba50"
 
 [[package]]
 name = "c2rust-bitfields"
@@ -392,9 +392,9 @@ checksum = "da987586004ae7c43b7df5e3f7693775068522e1086f8d9b2d74c778a0f43313"
 
 [[package]]
 name = "clap"
-version = "4.5.9"
+version = "4.5.13"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "64acc1846d54c1fe936a78dc189c34e28d3f5afc348403f28ecf53660b9b8462"
+checksum = "0fbb260a053428790f3de475e304ff84cdbc4face759ea7a3e64c1edd938a7fc"
 dependencies = [
  "clap_builder",
  "clap_derive",
@@ -402,9 +402,9 @@ dependencies = [
 
 [[package]]
 name = "clap_builder"
-version = "4.5.9"
+version = "4.5.13"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6fb8393d67ba2e7bfaf28a23458e4e2b543cc73a99595511eb207fdb8aede942"
+checksum = "64b17d7ea74e9f833c7dbf2cbe4fb12ff26783eda4782a8975b72f895c9b4d99"
 dependencies = [
  "anstream",
  "anstyle",
@@ -414,9 +414,9 @@ dependencies = [
 
 [[package]]
 name = "clap_derive"
-version = "4.5.8"
+version = "4.5.13"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2bac35c6dafb060fd4d275d9a4ffae97917c13a6327903a8be2153cd964f7085"
+checksum = "501d359d5f3dcaf6ecdeee48833ae73ec6e42723a1e52419c79abf9507eec0a0"
 dependencies = [
  "heck",
  "proc-macro2",
@@ -533,7 +533,7 @@ dependencies = [
  "crossterm_winapi",
  "futures-core",
  "libc",
- "mio",
+ "mio 0.8.11",
  "parking_lot",
  "signal-hook",
  "signal-hook-mio",
@@ -732,9 +732,9 @@ dependencies = [
 
 [[package]]
 name = "env_logger"
-version = "0.11.3"
+version = "0.11.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "38b35839ba51819680ba087cd351788c9a3c476841207e0b8cee0b04722343b9"
+checksum = "e13fa619b91fb2381732789fc5de83b45675e882f66623b7d8cb4f643017018d"
 dependencies = [
  "anstream",
  "anstyle",
@@ -805,9 +805,9 @@ checksum = "0ce7134b9999ecaf8bcd65542e436736ef32ddca1b3e06094cb6ec5755203b80"
 
 [[package]]
 name = "flate2"
-version = "1.0.30"
+version = "1.0.31"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5f54427cfd1c7829e2a139fcefea601bf088ebca651d2bf53ebc600eac295dae"
+checksum = "7f211bbe8e69bbd0cfdea405084f128ae8b4aaa6b0b522fc8f2b009084797920"
 dependencies = [
  "crc32fast",
  "miniz_oxide",
@@ -974,7 +974,7 @@ dependencies = [
  "futures-core",
  "futures-sink",
  "http",
- "indexmap 2.2.6",
+ "indexmap 2.3.0",
  "slab",
  "tokio",
  "tokio-util",
@@ -1192,9 +1192,9 @@ dependencies = [
 
 [[package]]
 name = "indexmap"
-version = "2.2.6"
+version = "2.3.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "168fb715dda47215e360912c096649d23d58bf392ac62f73919e831745e40f26"
+checksum = "de3fc2e30ba82dd1b3911c8de1ffc143c74a914a14e99514d7637e3099df5ea0"
 dependencies = [
  "equivalent",
  "hashbrown 0.14.3",
@@ -1281,7 +1281,7 @@ dependencies = [
 
 [[package]]
 name = "krata"
-version = "0.0.13"
+version = "0.0.14"
 dependencies = [
  "anyhow",
  "async-trait",
@@ -1321,7 +1321,7 @@ dependencies = [
 
 [[package]]
 name = "krata-buildtools"
-version = "0.0.13"
+version = "0.0.14"
 dependencies = [
  "anyhow",
  "env_logger",
@@ -1336,7 +1336,7 @@ dependencies = [
 
 [[package]]
 name = "krata-ctl"
-version = "0.0.13"
+version = "0.0.14"
 dependencies = [
  "anyhow",
  "async-stream",
@@ -1366,7 +1366,7 @@ dependencies = [
 
 [[package]]
 name = "krata-daemon"
-version = "0.0.13"
+version = "0.0.14"
 dependencies = [
  "anyhow",
  "async-stream",
@@ -1395,14 +1395,14 @@ dependencies = [
 
 [[package]]
 name = "krata-loopdev"
-version = "0.0.13"
+version = "0.0.14"
 dependencies = [
  "libc",
 ]
 
 [[package]]
 name = "krata-network"
-version = "0.0.13"
+version = "0.0.14"
 dependencies = [
  "anyhow",
  "async-trait",
@@ -1426,7 +1426,7 @@ dependencies = [
 
 [[package]]
 name = "krata-oci"
-version = "0.0.13"
+version = "0.0.14"
 dependencies = [
  "anyhow",
  "async-compression",
@@ -1434,7 +1434,7 @@ dependencies = [
  "backhand",
  "bytes",
  "env_logger",
- "indexmap 2.2.6",
+ "indexmap 2.3.0",
  "krata-tokio-tar",
  "log",
  "oci-spec",
@@ -1453,12 +1453,12 @@ dependencies = [
 
 [[package]]
 name = "krata-runtime"
-version = "0.0.13"
+version = "0.0.14"
 dependencies = [
  "anyhow",
  "backhand",
  "env_logger",
- "indexmap 2.2.6",
+ "indexmap 2.3.0",
  "ipnetwork",
  "krata",
  "krata-advmac",
@@ -1494,7 +1494,7 @@ dependencies = [
 
 [[package]]
 name = "krata-xencall"
-version = "0.0.13"
+version = "0.0.14"
 dependencies = [
  "env_logger",
  "libc",
@@ -1507,11 +1507,11 @@ dependencies = [
 
 [[package]]
 name = "krata-xenclient"
-version = "0.0.13"
+version = "0.0.14"
 dependencies = [
  "async-trait",
  "env_logger",
- "indexmap 2.2.6",
+ "indexmap 2.3.0",
  "krata-xencall",
  "krata-xenplatform",
  "krata-xenstore",
@@ -1525,7 +1525,7 @@ dependencies = [
 
 [[package]]
 name = "krata-xenevtchn"
-version = "0.0.13"
+version = "0.0.14"
 dependencies = [
  "libc",
  "log",
@@ -1536,7 +1536,7 @@ dependencies = [
 
 [[package]]
 name = "krata-xengnt"
-version = "0.0.13"
+version = "0.0.14"
 dependencies = [
  "libc",
  "nix 0.29.0",
@@ -1545,14 +1545,14 @@ dependencies = [
 
 [[package]]
 name = "krata-xenplatform"
-version = "0.0.13"
+version = "0.0.14"
 dependencies = [
  "async-trait",
  "c2rust-bitfields",
  "elf",
  "env_logger",
  "flate2",
- "indexmap 2.2.6",
+ "indexmap 2.3.0",
  "krata-xencall",
  "libc",
  "log",
@@ -1568,7 +1568,7 @@ dependencies = [
 
 [[package]]
 name = "krata-xenstore"
-version = "0.0.13"
+version = "0.0.14"
 dependencies = [
  "byteorder",
  "env_logger",
@@ -1580,7 +1580,7 @@ dependencies = [
 
 [[package]]
 name = "krata-zone"
-version = "0.0.13"
+version = "0.0.14"
 dependencies = [
  "anyhow",
  "cgroups-rs",
@@ -1702,6 +1702,18 @@ dependencies = [
  "windows-sys 0.48.0",
 ]
 
+[[package]]
+name = "mio"
+version = "1.0.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4569e456d394deccd22ce1c1913e6ea0e54519f577285001215d33557431afe4"
+dependencies = [
+ "hermit-abi",
+ "libc",
+ "wasi",
+ "windows-sys 0.52.0",
+]
+
 [[package]]
 name = "multimap"
 version = "0.8.3"
@@ -1847,16 +1859,6 @@ dependencies = [
  "autocfg",
 ]
 
-[[package]]
-name = "num_cpus"
-version = "1.16.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4161fcb6d602d4d2081af7c3a45852d875a03dd337a6bfdd6e06407b61342a43"
-dependencies = [
- "hermit-abi",
- "libc",
-]
-
 [[package]]
 name = "number_prefix"
 version = "0.4.0"
@@ -1874,12 +1876,14 @@ dependencies = [
 
 [[package]]
 name = "oci-spec"
-version = "0.6.7"
+version = "0.6.8"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bdf88ddc01cc6bccbe1044adb6a29057333f523deadcb4953c011a73158cfa5e"
+checksum = "3f5a3fe998d50101ae009351fec56d88a69f4ed182e11000e711068c2f5abf72"
 dependencies = [
  "derive_builder",
  "getset",
+ "once_cell",
+ "regex",
  "serde",
  "serde_json",
  "strum",
@@ -1968,7 +1972,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "e1d3afd2628e69da2be385eb6f2fd57c8ac7977ceeff6dc166ff1657b0e386a9"
 dependencies = [
  "fixedbitset",
- "indexmap 2.2.6",
+ "indexmap 2.3.0",
 ]
 
 [[package]]
@@ -2334,9 +2338,9 @@ dependencies = [
 
 [[package]]
 name = "regex"
-version = "1.10.5"
+version = "1.10.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b91213439dad192326a0d7c6ee3955910425f441d7038e0d6933b0aec5c4517f"
+checksum = "4219d74c6b67a3654a9fbebc4b419e22126d13d2f3c4a07ee0cb61ff79a79619"
 dependencies = [
  "aho-corasick",
  "memchr",
@@ -2562,20 +2566,21 @@ dependencies = [
 
 [[package]]
 name = "serde_json"
-version = "1.0.120"
+version = "1.0.122"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4e0d21c9a8cae1235ad58a00c11cb40d4b1e5c784f1ef2c537876ed6ffd8b7c5"
+checksum = "784b6203951c57ff748476b126ccb5e8e2959a5c19e5c617ab1956be3dbc68da"
 dependencies = [
  "itoa",
+ "memchr",
  "ryu",
  "serde",
 ]
 
 [[package]]
 name = "serde_spanned"
-version = "0.6.6"
+version = "0.6.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "79e674e01f999af37c49f70a6ede167a8a60b2503e56c5599532a65baa5969a0"
+checksum = "eb5b1b31579f3811bf615c144393417496f152e12ac8b7663bf664f4a815306d"
 dependencies = [
  "serde",
 ]
@@ -2598,7 +2603,7 @@ version = "0.9.34+deprecated"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "6a8b1a1a2ebf674015cc02edccce75287f1a0130d394307b36743c2f5d504b47"
 dependencies = [
- "indexmap 2.2.6",
+ "indexmap 2.3.0",
  "itoa",
  "ryu",
  "serde",
@@ -2646,7 +2651,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "29ad2e15f37ec9a6cc544097b78a1ec90001e9f71b81338ca39f430adaca99af"
 dependencies = [
  "libc",
- "mio",
+ "mio 0.8.11",
  "signal-hook",
 ]
 
@@ -2867,9 +2872,9 @@ dependencies = [
 
 [[package]]
 name = "termtree"
-version = "0.5.0"
+version = "0.5.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "804a949d00f0fe6d3935127238b04ef4f56131c7cab670584194f17f01fca6b6"
+checksum = "8f50febec83f5ee1df3015341d8bd429f2d1cc62bcba7ea2076759d315084683"
 
 [[package]]
 name = "thiserror"
@@ -2908,28 +2913,27 @@ checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20"
 
 [[package]]
 name = "tokio"
-version = "1.38.1"
+version = "1.39.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "eb2caba9f80616f438e09748d5acda951967e1ea58508ef53d9c6402485a46df"
+checksum = "daa4fb1bc778bd6f04cbfc4bb2d06a7396a8f299dc33ea1900cedaa316f467b1"
 dependencies = [
  "backtrace",
  "bytes",
  "libc",
- "mio",
+ "mio 1.0.1",
- "num_cpus",
  "parking_lot",
  "pin-project-lite",
  "signal-hook-registry",
  "socket2",
  "tokio-macros",
- "windows-sys 0.48.0",
+ "windows-sys 0.52.0",
 ]
 
 [[package]]
 name = "tokio-macros"
-version = "2.3.0"
+version = "2.4.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5f5ae998a069d4b5aba8ee9dad856af7d520c3699e6159b185c2acd48155d39a"
+checksum = "693d596312e88961bc67d7f1f97af8a70227d9f90c31bba5806eec004978d752"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -2986,21 +2990,21 @@ dependencies = [
 
 [[package]]
 name = "toml"
-version = "0.8.15"
+version = "0.8.19"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ac2caab0bf757388c6c0ae23b3293fdb463fee59434529014f85e3263b995c28"
+checksum = "a1ed1f98e3fdc28d6d910e6737ae6ab1a93bf1985935a1193e68f93eeb68d24e"
 dependencies = [
  "serde",
  "serde_spanned",
  "toml_datetime",
- "toml_edit 0.22.16",
+ "toml_edit 0.22.20",
 ]
 
 [[package]]
 name = "toml_datetime"
-version = "0.6.6"
+version = "0.6.8"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4badfd56924ae69bcc9039335b2e017639ce3f9b001c393c1b2d1ef846ce2cbf"
+checksum = "0dd7358ecb8fc2f8d014bf86f6f638ce72ba252a2c3a2572f2a795f1d23efb41"
 dependencies = [
  "serde",
 ]
@@ -3011,22 +3015,22 @@ version = "0.21.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "6a8534fd7f78b5405e860340ad6575217ce99f38d4d5c8f2442cb5ecb50090e1"
 dependencies = [
- "indexmap 2.2.6",
+ "indexmap 2.3.0",
  "toml_datetime",
  "winnow 0.5.40",
 ]
 
 [[package]]
 name = "toml_edit"
-version = "0.22.16"
+version = "0.22.20"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "278f3d518e152219c994ce877758516bca5e118eaed6996192a774fb9fbf0788"
+checksum = "583c44c02ad26b0c3f3066fe629275e50627026c51ac2e595cca4c230ce1ce1d"
 dependencies = [
- "indexmap 2.2.6",
+ "indexmap 2.3.0",
  "serde",
  "serde_spanned",
  "toml_datetime",
- "winnow 0.6.6",
+ "winnow 0.6.18",
 ]
 
 [[package]]
@@ -3551,9 +3555,9 @@ dependencies = [
 
 [[package]]
 name = "winnow"
-version = "0.6.6"
+version = "0.6.18"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f0c976aaaa0e1f90dbb21e9587cdaf1d9679a1cde8875c0d6bd83ab96a208352"
+checksum = "68a9bda4691f099d435ad181000724da8e5899daa10713c2d432552b9ccd3a6f"
 dependencies = [
  "memchr",
 ]

Cargo.toml

@@ -18,7 +18,7 @@ members = [
 resolver = "2"
 
 [workspace.package]
-version = "0.0.13"
+version = "0.0.14"
 homepage = "https://krata.dev"
 license = "Apache-2.0"
 repository = "https://github.com/edera-dev/krata"
@@ -26,13 +26,13 @@ repository = "https://github.com/edera-dev/krata"
 [workspace.dependencies]
 anyhow = "1.0"
 arrayvec = "0.7.4"
-async-compression = "0.4.11"
+async-compression = "0.4.12"
 async-stream = "0.3.5"
 async-trait = "0.1.81"
 backhand = "0.18.0"
 base64 = "0.22.1"
 byteorder = "1"
-bytes = "1.6.1"
+bytes = "1.7.1"
 c2rust-bitfields = "0.18.0"
 cgroups-rs = "0.3.4"
 circular-buffer = "0.1.7"
@@ -40,7 +40,7 @@ comfy-table = "7.1.1"
 crossterm = "0.27.0"
 ctrlc = "3.4.4"
 elf = "0.7.4"
-env_logger = "0.11.0"
+env_logger = "0.11.5"
 etherparse = "0.15.0"
 fancy-duration = "0.9.2"
 flate2 = "1.0"
@@ -48,7 +48,7 @@ futures = "0.3.30"
 hyper = "1.4.1"
 hyper-util = "0.1.6"
 human_bytes = "0.4"
-indexmap = "2.2.6"
+indexmap = "2.3.0"
 indicatif = "0.17.8"
 ipnetwork = "0.20.0"
 libc = "0.2"
@@ -58,7 +58,7 @@ krata-advmac = "1.1.0"
 krata-tokio-tar = "0.4.0"
 memchr = "2"
 nix = "0.29.0"
-oci-spec = "0.6.7"
+oci-spec = "0.6.8"
 once_cell = "1.19.0"
 path-absolutize = "3.1.1"
 path-clean = "1.0.1"
@@ -71,20 +71,20 @@ prost-types = "0.13.1"
 rand = "0.8.5"
 ratatui = "0.27.0"
 redb = "2.1.1"
-regex = "1.10.5"
+regex = "1.10.6"
 rtnetlink = "0.14.1"
 scopeguard = "1.2.0"
-serde_json = "1.0.120"
+serde_json = "1.0.122"
 serde_yaml = "0.9"
 sha256 = "1.5.0"
 signal-hook = "0.3.17"
 slice-copy = "0.3.0"
 smoltcp = "0.11.0"
 sysinfo = "0.30.13"
-termtree = "0.5.0"
+termtree = "0.5.1"
 thiserror = "1.0"
 tokio-tun = "0.11.5"
-toml = "0.8.15"
+toml = "0.8.19"
 tonic-build = "0.12.1"
 tower = "0.4.13"
 udp-stream = "0.0.12"
@@ -93,7 +93,7 @@ walkdir = "2"
 xz2 = "0.1"
 
 [workspace.dependencies.clap]
-version = "4.5.9"
+version = "4.5.13"
 features = ["derive"]
 
 [workspace.dependencies.prost-reflect]
@@ -114,7 +114,7 @@ version = "3.0.0"
 default-features = false
 
 [workspace.dependencies.tokio]
-version = "1.38.1"
+version = "1.39.2"
 features = ["full"]
 
 [workspace.dependencies.tokio-stream]

crates/build/Cargo.toml

@@ -16,7 +16,7 @@ oci-spec = { workspace = true }
 scopeguard = { workspace = true }
 tokio = { workspace = true }
 tokio-stream = { workspace = true }
-krata-oci = { path = "../oci", version = "^0.0.13" }
+krata-oci = { path = "../oci", version = "^0.0.14" }
 krata-tokio-tar = { workspace = true }
 uuid = { workspace = true }
 

crates/build/bin/fetch_kernel.rs

@@ -50,7 +50,7 @@ async fn main() -> Result<()> {
     let (context, _) = OciProgressContext::create();
     let service = OciPackerService::new(None, &cache_dir, platform).await?;
     let packed = service
-        .request(image.clone(), OciPackedFormat::Tar, false, context)
+        .request(image.clone(), OciPackedFormat::Tar, false, true, context)
         .await?;
     let annotations = packed
         .manifest

crates/ctl/Cargo.toml

@@ -20,7 +20,7 @@ env_logger = { workspace = true }
 fancy-duration = { workspace = true }
 human_bytes = { workspace = true }
 indicatif = { workspace = true }
-krata = { path = "../krata", version = "^0.0.13" }
+krata = { path = "../krata", version = "^0.0.14" }
 log = { workspace = true }
 prost-reflect = { workspace = true, features = ["serde"] }
 prost-types = { workspace = true }

crates/ctl/src/cli/image/pull.rs

@@ -38,6 +38,7 @@ impl ImagePullCommand {
                     ImagePullImageFormat::Tar => OciImageFormat::Tar.into(),
                 },
                 overwrite_cache: self.overwrite_cache,
+                update: true,
             })
             .await?;
         let reply = pull_interactive_progress(response.into_inner()).await?;

crates/ctl/src/cli/zone/launch.rs

@@ -34,6 +34,8 @@ pub struct ZoneLaunchCommand {
     image_format: LaunchImageFormat,
     #[arg(long, help = "Overwrite image cache on pull")]
     pull_overwrite_cache: bool,
+    #[arg(long, help = "Update image on pull")]
+    pull_update: bool,
     #[arg(short, long, help = "Name of the zone")]
     name: Option<String>,
     #[arg(short, long, default_value_t = 1, help = "vCPUs available to the zone")]
@@ -181,6 +183,7 @@ impl ZoneLaunchCommand {
                 image: image.to_string(),
                 format: format.into(),
                 overwrite_cache: self.pull_overwrite_cache,
+                update: self.pull_update,
             })
             .await?;
         let reply = pull_interactive_progress(response.into_inner()).await?;

crates/daemon/Cargo.toml

@@ -17,9 +17,9 @@ circular-buffer = { workspace = true }
 clap = { workspace = true }
 env_logger = { workspace = true }
 futures = { workspace = true }
-krata = { path = "../krata", version = "^0.0.13" }
+krata = { path = "../krata", version = "^0.0.14" }
-krata-oci = { path = "../oci", version = "^0.0.13" }
+krata-oci = { path = "../oci", version = "^0.0.14" }
-krata-runtime = { path = "../runtime", version = "^0.0.13" }
+krata-runtime = { path = "../runtime", version = "^0.0.14" }
 log = { workspace = true }
 prost = { workspace = true }
 redb = { workspace = true }

crates/daemon/src/control.rs

@@ -448,7 +448,7 @@ impl ControlService for DaemonControlService {
 
         let output = try_stream! {
             let mut task = tokio::task::spawn(async move {
-                our_packer.request(name, format, request.overwrite_cache, context).await
+                our_packer.request(name, format, request.overwrite_cache, request.update, context).await
             });
             let abort_handle = task.abort_handle();
             let _task_cancel_guard = scopeguard::guard(abort_handle, |handle| {

crates/daemon/src/idm.rs

@@ -136,34 +136,36 @@ impl DaemonIdm {
                         if let Some(data) = data {
                             let buffer = buffers.entry(domid).or_insert_with_key(|_| BytesMut::new());
                             buffer.extend_from_slice(&data);
-                            if buffer.len() < 6 {
+                            loop {
-                                continue;
+                                if buffer.len() < 6 {
-                            }
+                                    break;
-
-                            if buffer[0] != 0xff || buffer[1] != 0xff {
-                                buffer.clear();
-                                continue;
-                            }
-
-                            let size = (buffer[2] as u32 | (buffer[3] as u32) << 8 | (buffer[4] as u32) << 16 | (buffer[5] as u32) << 24) as usize;
-                            let needed = size + 6;
-                            if buffer.len() < needed {
-                                continue;
-                            }
-                            let mut packet = buffer.split_to(needed);
-                            packet.advance(6);
-                            match IdmTransportPacket::decode(packet) {
-                                Ok(packet) => {
-                                    let _ = client_or_create(domid, &self.tx_sender, &self.clients, &self.feeds).await?;
-                                    let guard = self.feeds.lock().await;
-                                    if let Some(feed) = guard.get(&domid) {
-                                        let _ = feed.try_send(packet.clone());
-                                    }
-                                    let _ = self.snoop_sender.send(DaemonIdmSnoopPacket { from: domid, to: 0, packet });
                                 }
 
-                                Err(packet) => {
+                                if buffer[0] != 0xff || buffer[1] != 0xff {
-                                    warn!("received invalid packet from domain {}: {}", domid, packet);
+                                    buffer.clear();
+                                    break;
+                                }
+
+                                let size = (buffer[2] as u32 | (buffer[3] as u32) << 8 | (buffer[4] as u32) << 16 | (buffer[5] as u32) << 24) as usize;
+                                let needed = size + 6;
+                                if buffer.len() < needed {
+                                    break;
+                                }
+                                let mut packet = buffer.split_to(needed);
+                                packet.advance(6);
+                                match IdmTransportPacket::decode(packet) {
+                                    Ok(packet) => {
+                                        let _ = client_or_create(domid, &self.tx_sender, &self.clients, &self.feeds).await?;
+                                        let guard = self.feeds.lock().await;
+                                        if let Some(feed) = guard.get(&domid) {
+                                            let _ = feed.try_send(packet.clone());
+                                        }
+                                        let _ = self.snoop_sender.send(DaemonIdmSnoopPacket { from: domid, to: 0, packet });
+                                    }
+
+                                    Err(packet) => {
+                                        warn!("received invalid packet from domain {}: {}", domid, packet);
+                                    }
                                 }
                             }
                         } else {

crates/krata/proto/krata/v1/control.proto

@@ -184,6 +184,7 @@ message PullImageRequest {
     string image = 1;
     krata.v1.common.OciImageFormat format = 2;
     bool overwrite_cache = 3;
+    bool update = 4;
 }
 
 message PullImageReply {

crates/krata/src/idm/client.rs

@@ -9,6 +9,7 @@ use std::{
 };
 
 use anyhow::{anyhow, Result};
+use bytes::{BufMut, BytesMut};
 use log::{debug, error};
 use nix::sys::termios::{cfmakeraw, tcgetattr, tcsetattr, SetArg};
 use prost::Message;
@@ -96,10 +97,12 @@ impl IdmBackend for IdmFileBackend {
 
     async fn send(&mut self, packet: IdmTransportPacket) -> Result<()> {
         let mut file = self.write.lock().await;
-        let data = packet.encode_to_vec();
+        let length = packet.encoded_len();
-        file.write_all(&[0xff, 0xff]).await?;
+        let mut buffer = BytesMut::with_capacity(6 + length);
-        file.write_u32_le(data.len() as u32).await?;
+        buffer.put_slice(&[0xff, 0xff]);
-        file.write_all(&data).await?;
+        buffer.put_u32_le(length as u32);
+        packet.encode(&mut buffer)?;
+        file.write_all(&buffer).await?;
         Ok(())
     }
 }
@@ -488,7 +491,7 @@ impl<R: IdmRequest, E: IdmSerializable> IdmClient<R, E> {
                             error!("unable to send idm packet, packet size exceeded (tried to send {} bytes)", length);
                             continue;
                         }
-                        backend.send(packet).await?;
+                        backend.send(packet.clone()).await?;
                     },
 
                     None => {

crates/network/Cargo.toml

@@ -16,7 +16,7 @@ clap = { workspace = true }
 env_logger = { workspace = true }
 etherparse = { workspace = true }
 futures = { workspace = true }
-krata = { path = "../krata", version = "^0.0.13" }
+krata = { path = "../krata", version = "^0.0.14" }
 krata-advmac = { workspace = true }
 libc = { workspace = true }
 log = { workspace = true }

crates/oci/examples/squashify.rs

@@ -37,7 +37,13 @@ async fn main() -> Result<()> {
     });
     let service = OciPackerService::new(seed, &cache_dir, OciPlatform::current()).await?;
     let packed = service
-        .request(image.clone(), OciPackedFormat::Squashfs, false, context)
+        .request(
+            image.clone(),
+            OciPackedFormat::Squashfs,
+            false,
+            true,
+            context,
+        )
         .await?;
     println!(
         "generated squashfs of {} to {}",

crates/oci/src/packer/cache.rs

@@ -4,6 +4,7 @@ use crate::{
     schema::OciSchema,
 };
 
+use crate::fetch::OciResolvedImage;
 use anyhow::Result;
 use log::{debug, error};
 use oci_spec::image::{
@@ -50,6 +51,51 @@ impl OciPackerCache {
         Ok(index.manifests().clone())
     }
 
+    pub async fn resolve(
+        &self,
+        name: ImageName,
+        format: OciPackedFormat,
+    ) -> Result<Option<OciResolvedImage>> {
+        if name.reference.as_deref() == Some("latest") {
+            return Ok(None);
+        }
+        let name_str = name.to_string();
+        let index = self.index.read().await;
+        let mut descriptor: Option<Descriptor> = None;
+        for manifest in index.manifests() {
+            let Some(name) = manifest
+                .annotations()
+                .clone()
+                .unwrap_or_default()
+                .get(ANNOTATION_IMAGE_NAME)
+                .cloned()
+            else {
+                continue;
+            };
+
+            if name == name_str {
+                descriptor = Some(manifest.clone());
+            }
+        }
+
+        let Some(descriptor) = descriptor else {
+            return Ok(None);
+        };
+
+        debug!("resolve hit name={} digest={}", name, descriptor.digest());
+
+        self.recall(name, descriptor.digest().as_ref(), format)
+            .await
+            .map(|image| {
+                image.map(|i| OciResolvedImage {
+                    name: i.name,
+                    digest: i.digest,
+                    descriptor: i.descriptor,
+                    manifest: i.manifest,
+                })
+            })
+    }
+
     pub async fn recall(
         &self,
         name: ImageName,

crates/oci/src/packer/service.rs

@@ -75,13 +75,23 @@ impl OciPackerService {
         name: ImageName,
         format: OciPackedFormat,
         overwrite: bool,
+        pull: bool,
         progress_context: OciProgressContext,
     ) -> Result<OciPackedImage> {
         let progress = OciProgress::new();
         let progress = OciBoundProgress::new(progress_context.clone(), progress);
+        let mut resolved = None;
+        if !pull && !overwrite {
+            resolved = self.cache.resolve(name.clone(), format).await?;
+        }
         let fetcher =
             OciImageFetcher::new(self.seed.clone(), self.platform.clone(), progress.clone());
-        let resolved = fetcher.resolve(name.clone()).await?;
+        let resolved = if let Some(resolved) = resolved {
+            resolved
+        } else {
+            fetcher.resolve(name.clone()).await?
+        };
+
         let key = OciPackerTaskKey {
             digest: resolved.digest.clone(),
             format,

crates/oci/src/vfs.rs

@@ -138,7 +138,7 @@ impl VfsNode {
         header.set_mode(self.mode);
 
         if let Some(link_name) = self.link_name.as_ref() {
-            header.set_link_name(&PathBuf::from(link_name))?;
+            header.set_link_name(PathBuf::from(link_name))?;
         }
         header.set_size(self.size);
         Ok(header)

crates/runtime/Cargo.toml

@@ -12,20 +12,20 @@ resolver = "2"
 anyhow = { workspace = true }
 backhand = { workspace = true }
 ipnetwork = { workspace = true }
-krata = { path = "../krata", version = "^0.0.13" }
+krata = { path = "../krata", version = "^0.0.14" }
 krata-advmac = { workspace = true }
-krata-oci = { path = "../oci", version = "^0.0.13" }
+krata-oci = { path = "../oci", version = "^0.0.14" }
 log = { workspace = true }
 serde_json = { workspace = true }
 tokio = { workspace = true }
 uuid = { workspace = true }
-krata-loopdev = { path = "../loopdev", version = "^0.0.13" }
+krata-loopdev = { path = "../loopdev", version = "^0.0.14" }
-krata-xencall = { path = "../xen/xencall", version = "^0.0.13" }
+krata-xencall = { path = "../xen/xencall", version = "^0.0.14" }
-krata-xenclient = { path = "../xen/xenclient", version = "^0.0.13" }
+krata-xenclient = { path = "../xen/xenclient", version = "^0.0.14" }
-krata-xenevtchn = { path = "../xen/xenevtchn", version = "^0.0.13" }
+krata-xenevtchn = { path = "../xen/xenevtchn", version = "^0.0.14" }
-krata-xengnt = { path = "../xen/xengnt", version = "^0.0.13" }
+krata-xengnt = { path = "../xen/xengnt", version = "^0.0.14" }
-krata-xenplatform = { path = "../xen/xenplatform", version = "^0.0.13" }
+krata-xenplatform = { path = "../xen/xenplatform", version = "^0.0.14" }
-krata-xenstore = { path = "../xen/xenstore", version = "^0.0.13" }
+krata-xenstore = { path = "../xen/xenstore", version = "^0.0.14" }
 walkdir = { workspace = true }
 indexmap = { workspace = true }
 

crates/xen/xenclient/Cargo.toml

@@ -13,9 +13,9 @@ async-trait = { workspace = true }
 indexmap = { workspace = true }
 libc = { workspace = true }
 log = { workspace = true }
-krata-xencall = { path = "../xencall", version = "^0.0.13" }
+krata-xencall = { path = "../xencall", version = "^0.0.14" }
-krata-xenplatform = { path = "../xenplatform", version = "^0.0.13" }
+krata-xenplatform = { path = "../xenplatform", version = "^0.0.14" }
-krata-xenstore = { path = "../xenstore", version = "^0.0.13" }
+krata-xenstore = { path = "../xenstore", version = "^0.0.14" }
 regex = { workspace = true }
 thiserror = { workspace = true }
 tokio = { workspace = true }

crates/xen/xenplatform/Cargo.toml

@@ -16,7 +16,7 @@ flate2 = { workspace = true }
 indexmap = { workspace = true }
 libc = { workspace = true }
 log = { workspace = true }
-krata-xencall = { path = "../xencall", version = "^0.0.13" }
+krata-xencall = { path = "../xencall", version = "^0.0.14" }
 memchr = { workspace = true }
 nix = { workspace = true }
 regex = { workspace = true }

crates/xen/xenstore/src/sys.rs

@@ -143,19 +143,6 @@ pub const XSD_ERROR_EPERM: XsdError = XsdError {
 pub const XSD_WATCH_PATH: u32 = 0;
 pub const XSD_WATCH_TOKEN: u32 = 1;
 
-#[repr(C)]
-pub struct XenDomainInterface {
-    req: [i8; 1024],
-    rsp: [i8; 1024],
-    req_cons: u32,
-    req_prod: u32,
-    rsp_cons: u32,
-    rsp_prod: u32,
-    server_features: u32,
-    connection: u32,
-    error: u32,
-}
-
 pub const XS_PAYLOAD_MAX: u32 = 4096;
 pub const XS_ABS_PATH_MAX: u32 = 3072;
 pub const XS_REL_PATH_MAX: u32 = 2048;

crates/zone/Cargo.toml

@@ -14,8 +14,8 @@ cgroups-rs = { workspace = true }
 env_logger = { workspace = true }
 futures = { workspace = true }
 ipnetwork = { workspace = true }
-krata = { path = "../krata", version = "^0.0.13" }
+krata = { path = "../krata", version = "^0.0.14" }
-krata-xenstore = { path = "../xen/xenstore", version = "^0.0.13" }
+krata-xenstore = { path = "../xen/xenstore", version = "^0.0.14" }
 libc = { workspace = true }
 log = { workspace = true }
 nix = { workspace = true, features = ["ioctl", "process", "fs"] }

crates/zone/src/background.rs

@@ -39,6 +39,7 @@ impl ZoneBackground {
         let mut event_subscription = self.idm.subscribe().await?;
         let mut requests_subscription = self.idm.requests().await?;
         let mut request_streams_subscription = self.idm.request_streams().await?;
+        let mut wait_subscription = self.wait.subscribe().await?;
         loop {
             select! {
                 x = event_subscription.recv() => match x {
@@ -85,9 +86,9 @@ impl ZoneBackground {
                     }
                 },
 
-                event = self.wait.recv() => match event {
+                event = wait_subscription.recv() => match event {
-                    Some(event) => self.child_event(event).await?,
+                    Ok(event) => self.child_event(event).await?,
-                    None => {
+                    Err(_) => {
                         break;
                     }
                 }
@@ -128,9 +129,10 @@ impl ZoneBackground {
         &mut self,
         handle: IdmClientStreamResponseHandle<Request>,
     ) -> Result<()> {
+        let wait = self.wait.clone();
         if let Some(RequestType::ExecStream(_)) = &handle.initial.request {
             tokio::task::spawn(async move {
-                let exec = ZoneExecTask { handle };
+                let exec = ZoneExecTask { wait, handle };
                 if let Err(error) = exec.run().await {
                     let _ = exec
                         .handle

crates/zone/src/childwait.rs

@@ -11,7 +11,7 @@ use anyhow::Result;
 use libc::{c_int, waitpid, WEXITSTATUS, WIFEXITED};
 use log::warn;
 use nix::unistd::Pid;
-use tokio::sync::mpsc::{channel, Receiver, Sender};
+use tokio::sync::broadcast::{channel, Receiver, Sender};
 
 const CHILD_WAIT_QUEUE_LEN: usize = 10;
 
@@ -21,18 +21,19 @@ pub struct ChildEvent {
     pub status: c_int,
 }
 
+#[derive(Clone)]
 pub struct ChildWait {
-    receiver: Receiver<ChildEvent>,
+    sender: Sender<ChildEvent>,
     signal: Arc<AtomicBool>,
-    _task: JoinHandle<()>,
+    _task: Arc<JoinHandle<()>>,
 }
 
 impl ChildWait {
     pub fn new() -> Result<ChildWait> {
-        let (sender, receiver) = channel(CHILD_WAIT_QUEUE_LEN);
+        let (sender, _) = channel(CHILD_WAIT_QUEUE_LEN);
         let signal = Arc::new(AtomicBool::new(false));
         let mut processor = ChildWaitTask {
-            sender,
+            sender: sender.clone(),
             signal: signal.clone(),
         };
         let task = thread::spawn(move || {
@@ -41,14 +42,14 @@ impl ChildWait {
             }
         });
         Ok(ChildWait {
-            receiver,
+            sender,
             signal,
-            _task: task,
+            _task: Arc::new(task),
         })
     }
 
-    pub async fn recv(&mut self) -> Option<ChildEvent> {
+    pub async fn subscribe(&self) -> Result<Receiver<ChildEvent>> {
-        self.receiver.recv().await
+        Ok(self.sender.subscribe())
     }
 }
 
@@ -68,7 +69,7 @@ impl ChildWaitTask {
                     pid: Pid::from_raw(pid),
                     status: WEXITSTATUS(status),
                 };
-                let _ = self.sender.try_send(event);
+                let _ = self.sender.send(event);
 
                 if self.signal.load(Ordering::Acquire) {
                     return Ok(());
@@ -80,6 +81,8 @@ impl ChildWaitTask {
 
 impl Drop for ChildWait {
     fn drop(&mut self) {
-        self.signal.store(true, Ordering::Release);
+        if Arc::strong_count(&self.signal) <= 1 {
+            self.signal.store(true, Ordering::Release);
+        }
     }
 }

crates/zone/src/exec.rs

@@ -1,6 +1,12 @@
 use std::{collections::HashMap, process::Stdio};
 
 use anyhow::{anyhow, Result};
+use tokio::{
+    io::{AsyncReadExt, AsyncWriteExt},
+    join,
+    process::Command,
+};
+
 use krata::idm::{
     client::IdmClientStreamResponseHandle,
     internal::{
@@ -9,13 +15,11 @@ use krata::idm::{
     },
     internal::{response::Response as ResponseType, Request, Response},
 };
-use tokio::{
+
-    io::{AsyncReadExt, AsyncWriteExt},
+use crate::childwait::ChildWait;
-    join,
-    process::Command,
-};
 
 pub struct ZoneExecTask {
+    pub wait: ChildWait,
     pub handle: IdmClientStreamResponseHandle<Request>,
 }
 
@@ -58,6 +62,7 @@ impl ZoneExecTask {
             start.working_directory.clone()
         };
 
+        let mut wait_subscription = self.wait.subscribe().await?;
         let mut child = Command::new(exe)
             .args(cmd)
             .envs(env)
@@ -69,6 +74,7 @@ impl ZoneExecTask {
             .spawn()
             .map_err(|error| anyhow!("failed to spawn: {}", error))?;
 
+        let pid = child.id().ok_or_else(|| anyhow!("pid is not provided"))?;
         let mut stdin = child
             .stdin
             .take()
@@ -150,12 +156,19 @@ impl ZoneExecTask {
             }
         });
 
-        let exit = child.wait().await?;
+        let data_task = tokio::task::spawn(async move {
-        let code = exit.code().unwrap_or(-1);
+            let _ = join!(stdout_task, stderr_task);
-
+            stdin_task.abort();
-        let _ = join!(stdout_task, stderr_task);
+        });
-        stdin_task.abort();
 
+        let code = loop {
+            if let Ok(event) = wait_subscription.recv().await {
+                if event.pid.as_raw() as u32 == pid {
+                    break event.status;
+                }
+            }
+        };
+        data_task.await?;
         let response = Response {
             response: Some(ResponseType::ExecStream(ExecStreamResponseUpdate {
                 exited: true,

crates/zone/src/init.rs

@@ -147,7 +147,7 @@ impl ZoneInit {
         self.create_dir("/run", Some(0o0755)).await?;
         self.mount_kernel_fs("devtmpfs", "/dev", "mode=0755", None, None)
             .await?;
-        self.mount_kernel_fs("proc", "/proc", "", None, None)
+        self.mount_kernel_fs("proc", "/proc", "hidepid=1", None, None)
             .await?;
         self.mount_kernel_fs("sysfs", "/sys", "", None, None)
             .await?;

hack/ci/install-darwin-deps.sh

@@ -2,3 +2,4 @@
 set -e
 
 brew install protobuf
+brew upgrade rustup || true

images/Dockerfile.krata-zone

@@ -1,4 +1,4 @@
-FROM rust:1.79-alpine@sha256:a454f49f2e15e233f829a0fd9a7cbdac64b6f38ec08aeac227595d4fc6eb6d4d AS build
+FROM rust:1.80-alpine@sha256:596c7fa13f7458097b8c88ad83f33420da0341e2f5b544e34d9aa18a22fe11d0 AS build
 RUN apk update && apk add protoc protobuf-dev build-base && rm -rf /var/cache/apk/*
 ENV TARGET_LIBC=musl TARGET_VENDOR=unknown
 

images/Dockerfile.kratactl

@@ -1,4 +1,4 @@
-FROM rust:1.79-alpine@sha256:a454f49f2e15e233f829a0fd9a7cbdac64b6f38ec08aeac227595d4fc6eb6d4d AS build
+FROM rust:1.80-alpine@sha256:596c7fa13f7458097b8c88ad83f33420da0341e2f5b544e34d9aa18a22fe11d0 AS build
 RUN apk update && apk add protoc protobuf-dev build-base && rm -rf /var/cache/apk/*
 ENV TARGET_LIBC=musl TARGET_VENDOR=unknown
 

images/Dockerfile.kratad

@@ -1,4 +1,4 @@
-FROM rust:1.79-alpine@sha256:a454f49f2e15e233f829a0fd9a7cbdac64b6f38ec08aeac227595d4fc6eb6d4d AS build
+FROM rust:1.80-alpine@sha256:596c7fa13f7458097b8c88ad83f33420da0341e2f5b544e34d9aa18a22fe11d0 AS build
 RUN apk update && apk add protoc protobuf-dev build-base && rm -rf /var/cache/apk/*
 ENV TARGET_LIBC=musl TARGET_VENDOR=unknown
 

images/Dockerfile.kratanet

@@ -1,4 +1,4 @@
-FROM rust:1.79-alpine@sha256:a454f49f2e15e233f829a0fd9a7cbdac64b6f38ec08aeac227595d4fc6eb6d4d AS build
+FROM rust:1.80-alpine@sha256:596c7fa13f7458097b8c88ad83f33420da0341e2f5b544e34d9aa18a22fe11d0 AS build
 RUN apk update && apk add protoc protobuf-dev build-base && rm -rf /var/cache/apk/*
 ENV TARGET_LIBC=musl TARGET_VENDOR=unknown