diff --git a/go.mod b/go.mod index 3e37f476a2..d682c1e367 100644 --- a/go.mod +++ b/go.mod @@ -17,7 +17,7 @@ require ( github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20220228164355-396b2034c795 github.com/chrismellard/docker-credential-acr-env v0.0.0-20220119192733-fe33c00cee21 github.com/containerd/cgroups v1.0.3 // indirect - github.com/docker/docker v20.10.14+incompatible + github.com/docker/docker v20.10.27+incompatible github.com/go-git/go-billy/v5 v5.3.1 github.com/go-git/go-git/v5 v5.4.2 github.com/godbus/dbus/v5 v5.0.6 // indirect diff --git a/go.sum b/go.sum index 6722ebcfc1..b75ff1cc9a 100644 --- a/go.sum +++ b/go.sum @@ -582,8 +582,8 @@ github.com/docker/docker v1.4.2-0.20190924003213-a8608b5b67c7/go.mod h1:eEKB0N0r github.com/docker/docker v17.12.0-ce-rc1.0.20200730172259-9f28837c1d93+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker v20.10.0-beta1.0.20201110211921-af34b94a78a1+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker v20.10.12+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= -github.com/docker/docker v20.10.14+incompatible h1:+T9/PRYWNDo5SZl5qS1r9Mo/0Q8AwxKKPtu9S1yxM0w= -github.com/docker/docker v20.10.14+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/docker v20.10.27+incompatible h1:Id/ZooynV4ZlD6xX20RCd3SR0Ikn7r4QZDa2ECK2TgA= +github.com/docker/docker v20.10.27+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker-credential-helpers v0.6.3/go.mod h1:WRaJzqw3CTB9bk10avuGsjVBZsD05qeibJ1/TYlvc0Y= github.com/docker/docker-credential-helpers v0.6.4 h1:axCks+yV+2MR3/kZhAmy07yC56WZ2Pwu/fKWtKuZB0o= github.com/docker/docker-credential-helpers v0.6.4/go.mod h1:ofX3UI0Gz1TteYBjtgs07O36Pyasyp66D2uKT7H8W1c= @@ -930,7 +930,6 @@ github.com/gorilla/handlers v0.0.0-20150720190736-60c7bfde3e33/go.mod h1:Qkdc/uu github.com/gorilla/mux v1.6.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= github.com/gorilla/mux v1.7.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= github.com/gorilla/mux v1.7.3/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= -github.com/gorilla/mux v1.8.0 h1:i40aqfkR1h2SlN9hojwV5ZA91wcXFOvkdNIeFDP5koI= github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So= github.com/gorilla/websocket v0.0.0-20170926233335-4201258b820c/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= diff --git a/vendor/github.com/docker/distribution/registry/api/errcode/errors.go b/vendor/github.com/docker/distribution/registry/api/errcode/errors.go deleted file mode 100644 index 4c35b879af..0000000000 --- a/vendor/github.com/docker/distribution/registry/api/errcode/errors.go +++ /dev/null @@ -1,267 +0,0 @@ -package errcode - -import ( - "encoding/json" - "fmt" - "strings" -) - -// ErrorCoder is the base interface for ErrorCode and Error allowing -// users of each to just call ErrorCode to get the real ID of each -type ErrorCoder interface { - ErrorCode() ErrorCode -} - -// ErrorCode represents the error type. The errors are serialized via strings -// and the integer format may change and should *never* be exported. -type ErrorCode int - -var _ error = ErrorCode(0) - -// ErrorCode just returns itself -func (ec ErrorCode) ErrorCode() ErrorCode { - return ec -} - -// Error returns the ID/Value -func (ec ErrorCode) Error() string { - // NOTE(stevvooe): Cannot use message here since it may have unpopulated args. - return strings.ToLower(strings.Replace(ec.String(), "_", " ", -1)) -} - -// Descriptor returns the descriptor for the error code. -func (ec ErrorCode) Descriptor() ErrorDescriptor { - d, ok := errorCodeToDescriptors[ec] - - if !ok { - return ErrorCodeUnknown.Descriptor() - } - - return d -} - -// String returns the canonical identifier for this error code. -func (ec ErrorCode) String() string { - return ec.Descriptor().Value -} - -// Message returned the human-readable error message for this error code. -func (ec ErrorCode) Message() string { - return ec.Descriptor().Message -} - -// MarshalText encodes the receiver into UTF-8-encoded text and returns the -// result. -func (ec ErrorCode) MarshalText() (text []byte, err error) { - return []byte(ec.String()), nil -} - -// UnmarshalText decodes the form generated by MarshalText. -func (ec *ErrorCode) UnmarshalText(text []byte) error { - desc, ok := idToDescriptors[string(text)] - - if !ok { - desc = ErrorCodeUnknown.Descriptor() - } - - *ec = desc.Code - - return nil -} - -// WithMessage creates a new Error struct based on the passed-in info and -// overrides the Message property. -func (ec ErrorCode) WithMessage(message string) Error { - return Error{ - Code: ec, - Message: message, - } -} - -// WithDetail creates a new Error struct based on the passed-in info and -// set the Detail property appropriately -func (ec ErrorCode) WithDetail(detail interface{}) Error { - return Error{ - Code: ec, - Message: ec.Message(), - }.WithDetail(detail) -} - -// WithArgs creates a new Error struct and sets the Args slice -func (ec ErrorCode) WithArgs(args ...interface{}) Error { - return Error{ - Code: ec, - Message: ec.Message(), - }.WithArgs(args...) -} - -// Error provides a wrapper around ErrorCode with extra Details provided. -type Error struct { - Code ErrorCode `json:"code"` - Message string `json:"message"` - Detail interface{} `json:"detail,omitempty"` - - // TODO(duglin): See if we need an "args" property so we can do the - // variable substitution right before showing the message to the user -} - -var _ error = Error{} - -// ErrorCode returns the ID/Value of this Error -func (e Error) ErrorCode() ErrorCode { - return e.Code -} - -// Error returns a human readable representation of the error. -func (e Error) Error() string { - return fmt.Sprintf("%s: %s", e.Code.Error(), e.Message) -} - -// WithDetail will return a new Error, based on the current one, but with -// some Detail info added -func (e Error) WithDetail(detail interface{}) Error { - return Error{ - Code: e.Code, - Message: e.Message, - Detail: detail, - } -} - -// WithArgs uses the passed-in list of interface{} as the substitution -// variables in the Error's Message string, but returns a new Error -func (e Error) WithArgs(args ...interface{}) Error { - return Error{ - Code: e.Code, - Message: fmt.Sprintf(e.Code.Message(), args...), - Detail: e.Detail, - } -} - -// ErrorDescriptor provides relevant information about a given error code. -type ErrorDescriptor struct { - // Code is the error code that this descriptor describes. - Code ErrorCode - - // Value provides a unique, string key, often captilized with - // underscores, to identify the error code. This value is used as the - // keyed value when serializing api errors. - Value string - - // Message is a short, human readable decription of the error condition - // included in API responses. - Message string - - // Description provides a complete account of the errors purpose, suitable - // for use in documentation. - Description string - - // HTTPStatusCode provides the http status code that is associated with - // this error condition. - HTTPStatusCode int -} - -// ParseErrorCode returns the value by the string error code. -// `ErrorCodeUnknown` will be returned if the error is not known. -func ParseErrorCode(value string) ErrorCode { - ed, ok := idToDescriptors[value] - if ok { - return ed.Code - } - - return ErrorCodeUnknown -} - -// Errors provides the envelope for multiple errors and a few sugar methods -// for use within the application. -type Errors []error - -var _ error = Errors{} - -func (errs Errors) Error() string { - switch len(errs) { - case 0: - return "" - case 1: - return errs[0].Error() - default: - msg := "errors:\n" - for _, err := range errs { - msg += err.Error() + "\n" - } - return msg - } -} - -// Len returns the current number of errors. -func (errs Errors) Len() int { - return len(errs) -} - -// MarshalJSON converts slice of error, ErrorCode or Error into a -// slice of Error - then serializes -func (errs Errors) MarshalJSON() ([]byte, error) { - var tmpErrs struct { - Errors []Error `json:"errors,omitempty"` - } - - for _, daErr := range errs { - var err Error - - switch daErr := daErr.(type) { - case ErrorCode: - err = daErr.WithDetail(nil) - case Error: - err = daErr - default: - err = ErrorCodeUnknown.WithDetail(daErr) - - } - - // If the Error struct was setup and they forgot to set the - // Message field (meaning its "") then grab it from the ErrCode - msg := err.Message - if msg == "" { - msg = err.Code.Message() - } - - tmpErrs.Errors = append(tmpErrs.Errors, Error{ - Code: err.Code, - Message: msg, - Detail: err.Detail, - }) - } - - return json.Marshal(tmpErrs) -} - -// UnmarshalJSON deserializes []Error and then converts it into slice of -// Error or ErrorCode -func (errs *Errors) UnmarshalJSON(data []byte) error { - var tmpErrs struct { - Errors []Error - } - - if err := json.Unmarshal(data, &tmpErrs); err != nil { - return err - } - - var newErrs Errors - for _, daErr := range tmpErrs.Errors { - // If Message is empty or exactly matches the Code's message string - // then just use the Code, no need for a full Error struct - if daErr.Detail == nil && (daErr.Message == "" || daErr.Message == daErr.Code.Message()) { - // Error's w/o details get converted to ErrorCode - newErrs = append(newErrs, daErr.Code) - } else { - // Error's w/ details are untouched - newErrs = append(newErrs, Error{ - Code: daErr.Code, - Message: daErr.Message, - Detail: daErr.Detail, - }) - } - } - - *errs = newErrs - return nil -} diff --git a/vendor/github.com/docker/distribution/registry/api/errcode/handler.go b/vendor/github.com/docker/distribution/registry/api/errcode/handler.go deleted file mode 100644 index d77e70473e..0000000000 --- a/vendor/github.com/docker/distribution/registry/api/errcode/handler.go +++ /dev/null @@ -1,40 +0,0 @@ -package errcode - -import ( - "encoding/json" - "net/http" -) - -// ServeJSON attempts to serve the errcode in a JSON envelope. It marshals err -// and sets the content-type header to 'application/json'. It will handle -// ErrorCoder and Errors, and if necessary will create an envelope. -func ServeJSON(w http.ResponseWriter, err error) error { - w.Header().Set("Content-Type", "application/json; charset=utf-8") - var sc int - - switch errs := err.(type) { - case Errors: - if len(errs) < 1 { - break - } - - if err, ok := errs[0].(ErrorCoder); ok { - sc = err.ErrorCode().Descriptor().HTTPStatusCode - } - case ErrorCoder: - sc = errs.ErrorCode().Descriptor().HTTPStatusCode - err = Errors{err} // create an envelope. - default: - // We just have an unhandled error type, so just place in an envelope - // and move along. - err = Errors{err} - } - - if sc == 0 { - sc = http.StatusInternalServerError - } - - w.WriteHeader(sc) - - return json.NewEncoder(w).Encode(err) -} diff --git a/vendor/github.com/docker/distribution/registry/api/errcode/register.go b/vendor/github.com/docker/distribution/registry/api/errcode/register.go deleted file mode 100644 index d1e8826c6d..0000000000 --- a/vendor/github.com/docker/distribution/registry/api/errcode/register.go +++ /dev/null @@ -1,138 +0,0 @@ -package errcode - -import ( - "fmt" - "net/http" - "sort" - "sync" -) - -var ( - errorCodeToDescriptors = map[ErrorCode]ErrorDescriptor{} - idToDescriptors = map[string]ErrorDescriptor{} - groupToDescriptors = map[string][]ErrorDescriptor{} -) - -var ( - // ErrorCodeUnknown is a generic error that can be used as a last - // resort if there is no situation-specific error message that can be used - ErrorCodeUnknown = Register("errcode", ErrorDescriptor{ - Value: "UNKNOWN", - Message: "unknown error", - Description: `Generic error returned when the error does not have an - API classification.`, - HTTPStatusCode: http.StatusInternalServerError, - }) - - // ErrorCodeUnsupported is returned when an operation is not supported. - ErrorCodeUnsupported = Register("errcode", ErrorDescriptor{ - Value: "UNSUPPORTED", - Message: "The operation is unsupported.", - Description: `The operation was unsupported due to a missing - implementation or invalid set of parameters.`, - HTTPStatusCode: http.StatusMethodNotAllowed, - }) - - // ErrorCodeUnauthorized is returned if a request requires - // authentication. - ErrorCodeUnauthorized = Register("errcode", ErrorDescriptor{ - Value: "UNAUTHORIZED", - Message: "authentication required", - Description: `The access controller was unable to authenticate - the client. Often this will be accompanied by a - Www-Authenticate HTTP response header indicating how to - authenticate.`, - HTTPStatusCode: http.StatusUnauthorized, - }) - - // ErrorCodeDenied is returned if a client does not have sufficient - // permission to perform an action. - ErrorCodeDenied = Register("errcode", ErrorDescriptor{ - Value: "DENIED", - Message: "requested access to the resource is denied", - Description: `The access controller denied access for the - operation on a resource.`, - HTTPStatusCode: http.StatusForbidden, - }) - - // ErrorCodeUnavailable provides a common error to report unavailability - // of a service or endpoint. - ErrorCodeUnavailable = Register("errcode", ErrorDescriptor{ - Value: "UNAVAILABLE", - Message: "service unavailable", - Description: "Returned when a service is not available", - HTTPStatusCode: http.StatusServiceUnavailable, - }) - - // ErrorCodeTooManyRequests is returned if a client attempts too many - // times to contact a service endpoint. - ErrorCodeTooManyRequests = Register("errcode", ErrorDescriptor{ - Value: "TOOMANYREQUESTS", - Message: "too many requests", - Description: `Returned when a client attempts to contact a - service too many times`, - HTTPStatusCode: http.StatusTooManyRequests, - }) -) - -var nextCode = 1000 -var registerLock sync.Mutex - -// Register will make the passed-in error known to the environment and -// return a new ErrorCode -func Register(group string, descriptor ErrorDescriptor) ErrorCode { - registerLock.Lock() - defer registerLock.Unlock() - - descriptor.Code = ErrorCode(nextCode) - - if _, ok := idToDescriptors[descriptor.Value]; ok { - panic(fmt.Sprintf("ErrorValue %q is already registered", descriptor.Value)) - } - if _, ok := errorCodeToDescriptors[descriptor.Code]; ok { - panic(fmt.Sprintf("ErrorCode %v is already registered", descriptor.Code)) - } - - groupToDescriptors[group] = append(groupToDescriptors[group], descriptor) - errorCodeToDescriptors[descriptor.Code] = descriptor - idToDescriptors[descriptor.Value] = descriptor - - nextCode++ - return descriptor.Code -} - -type byValue []ErrorDescriptor - -func (a byValue) Len() int { return len(a) } -func (a byValue) Swap(i, j int) { a[i], a[j] = a[j], a[i] } -func (a byValue) Less(i, j int) bool { return a[i].Value < a[j].Value } - -// GetGroupNames returns the list of Error group names that are registered -func GetGroupNames() []string { - keys := []string{} - - for k := range groupToDescriptors { - keys = append(keys, k) - } - sort.Strings(keys) - return keys -} - -// GetErrorCodeGroup returns the named group of error descriptors -func GetErrorCodeGroup(name string) []ErrorDescriptor { - desc := groupToDescriptors[name] - sort.Sort(byValue(desc)) - return desc -} - -// GetErrorAllDescriptors returns a slice of all ErrorDescriptors that are -// registered, irrespective of what group they're in -func GetErrorAllDescriptors() []ErrorDescriptor { - result := []ErrorDescriptor{} - - for _, group := range GetGroupNames() { - result = append(result, GetErrorCodeGroup(group)...) - } - sort.Sort(byValue(result)) - return result -} diff --git a/vendor/github.com/docker/docker/api/common_unix.go b/vendor/github.com/docker/docker/api/common_unix.go index 504b0c90d7..19fc63d658 100644 --- a/vendor/github.com/docker/docker/api/common_unix.go +++ b/vendor/github.com/docker/docker/api/common_unix.go @@ -1,3 +1,4 @@ +//go:build !windows // +build !windows package api // import "github.com/docker/docker/api" diff --git a/vendor/github.com/docker/docker/api/swagger.yaml b/vendor/github.com/docker/docker/api/swagger.yaml index b6bca4cef1..c24f57bc9a 100644 --- a/vendor/github.com/docker/docker/api/swagger.yaml +++ b/vendor/github.com/docker/docker/api/swagger.yaml @@ -24,7 +24,7 @@ info: title: "Docker Engine API" version: "1.41" x-logo: - url: "https://docs.docker.com/images/logo-docker-main.png" + url: "https://docs.docker.com/assets/images/logo-docker-main.png" description: | The Engine API is an HTTP API served by Docker Engine. It is the API the Docker client uses to communicate with the Engine, so everything the Docker @@ -1891,23 +1891,52 @@ definitions: BuildCache: type: "object" + description: | + BuildCache contains information about a build cache record. properties: ID: type: "string" + description: | + Unique ID of the build cache record. + example: "ndlpt0hhvkqcdfkputsk4cq9c" Parent: + description: | + ID of the parent build cache record. type: "string" + example: "hw53o5aio51xtltp5xjp8v7fx" Type: type: "string" + description: | + Cache record type. + example: "regular" + # see https://github.com/moby/buildkit/blob/fce4a32258dc9d9664f71a4831d5de10f0670677/client/diskusage.go#L75-L84 + enum: + - "internal" + - "frontend" + - "source.local" + - "source.git.checkout" + - "exec.cachemount" + - "regular" Description: type: "string" + description: | + Description of the build-step that produced the build cache. + example: "mount / from exec /bin/sh -c echo 'Binary::apt::APT::Keep-Downloaded-Packages \"true\";' > /etc/apt/apt.conf.d/keep-cache" InUse: type: "boolean" + description: | + Indicates if the build cache is in use. + example: false Shared: type: "boolean" + description: | + Indicates if the build cache is shared. + example: true Size: description: | Amount of disk space used by the build cache (in bytes). type: "integer" + example: 51 CreatedAt: description: | Date and time at which the build cache was created in @@ -1925,6 +1954,7 @@ definitions: example: "2017-08-09T07:09:37.632105588Z" UsageCount: type: "integer" + example: 26 ImageID: type: "object" @@ -3347,7 +3377,7 @@ definitions: Limits: description: "Define resources limits." $ref: "#/definitions/Limit" - Reservation: + Reservations: description: "Define resources reservation." $ref: "#/definitions/ResourceObject" RestartPolicy: @@ -5415,6 +5445,28 @@ paths: `/?[a-zA-Z0-9][a-zA-Z0-9_.-]+`. type: "string" pattern: "^/?[a-zA-Z0-9][a-zA-Z0-9_.-]+$" + - name: "platform" + in: "query" + description: | + Platform in the format `os[/arch[/variant]]` used for image lookup. + + When specified, the daemon checks if the requested image is present + in the local image cache with the given OS and Architecture, and + otherwise returns a `404` status. + + If the option is not set, the host's native OS and Architecture are + used to look up the image in the image cache. However, if no platform + is passed and the given image does exist in the local image cache, + but its OS or architecture does not match, the container is created + with the available image, and a warning is added to the `Warnings` + field in the response, for example; + + WARNING: The requested image's platform (linux/arm64/v8) does not + match the detected host platform (linux/amd64) and no + specific platform was requested + + type: "string" + default: "" - name: "body" in: "body" description: "Container to create" diff --git a/vendor/github.com/docker/docker/api/types/container/hostconfig_unix.go b/vendor/github.com/docker/docker/api/types/container/hostconfig_unix.go index cf6fdf4402..24c4fa8d90 100644 --- a/vendor/github.com/docker/docker/api/types/container/hostconfig_unix.go +++ b/vendor/github.com/docker/docker/api/types/container/hostconfig_unix.go @@ -1,3 +1,4 @@ +//go:build !windows // +build !windows package container // import "github.com/docker/docker/api/types/container" diff --git a/vendor/github.com/docker/docker/api/types/filters/parse.go b/vendor/github.com/docker/docker/api/types/filters/parse.go index 4bc91cffd6..b4976a3471 100644 --- a/vendor/github.com/docker/docker/api/types/filters/parse.go +++ b/vendor/github.com/docker/docker/api/types/filters/parse.go @@ -1,4 +1,5 @@ -/*Package filters provides tools for encoding a mapping of keys to a set of +/* +Package filters provides tools for encoding a mapping of keys to a set of multiple values. */ package filters // import "github.com/docker/docker/api/types/filters" @@ -48,7 +49,7 @@ func (args Args) Keys() []string { // MarshalJSON returns a JSON byte representation of the Args func (args Args) MarshalJSON() ([]byte, error) { if len(args.fields) == 0 { - return []byte{}, nil + return []byte("{}"), nil } return json.Marshal(args.fields) } @@ -106,9 +107,6 @@ func FromJSON(p string) (Args, error) { // UnmarshalJSON populates the Args from JSON encode bytes func (args Args) UnmarshalJSON(raw []byte) error { - if len(raw) == 0 { - return nil - } return json.Unmarshal(raw, &args.fields) } diff --git a/vendor/github.com/docker/docker/api/types/registry/registry.go b/vendor/github.com/docker/docker/api/types/registry/registry.go index 53e47084c8..62a88f5be8 100644 --- a/vendor/github.com/docker/docker/api/types/registry/registry.go +++ b/vendor/github.com/docker/docker/api/types/registry/registry.go @@ -45,31 +45,32 @@ func (ipnet *NetIPNet) UnmarshalJSON(b []byte) (err error) { // IndexInfo contains information about a registry // // RepositoryInfo Examples: -// { -// "Index" : { -// "Name" : "docker.io", -// "Mirrors" : ["https://registry-2.docker.io/v1/", "https://registry-3.docker.io/v1/"], -// "Secure" : true, -// "Official" : true, -// }, -// "RemoteName" : "library/debian", -// "LocalName" : "debian", -// "CanonicalName" : "docker.io/debian" -// "Official" : true, -// } // -// { -// "Index" : { -// "Name" : "127.0.0.1:5000", -// "Mirrors" : [], -// "Secure" : false, -// "Official" : false, -// }, -// "RemoteName" : "user/repo", -// "LocalName" : "127.0.0.1:5000/user/repo", -// "CanonicalName" : "127.0.0.1:5000/user/repo", -// "Official" : false, -// } +// { +// "Index" : { +// "Name" : "docker.io", +// "Mirrors" : ["https://registry-2.docker.io/v1/", "https://registry-3.docker.io/v1/"], +// "Secure" : true, +// "Official" : true, +// }, +// "RemoteName" : "library/debian", +// "LocalName" : "debian", +// "CanonicalName" : "docker.io/debian" +// "Official" : true, +// } +// +// { +// "Index" : { +// "Name" : "127.0.0.1:5000", +// "Mirrors" : [], +// "Secure" : false, +// "Official" : false, +// }, +// "RemoteName" : "user/repo", +// "LocalName" : "127.0.0.1:5000/user/repo", +// "CanonicalName" : "127.0.0.1:5000/user/repo", +// "Official" : false, +// } type IndexInfo struct { // Name is the name of the registry, such as "docker.io" Name string diff --git a/vendor/github.com/docker/docker/api/types/time/timestamp.go b/vendor/github.com/docker/docker/api/types/time/timestamp.go index ea3495efeb..2a74b7a597 100644 --- a/vendor/github.com/docker/docker/api/types/time/timestamp.go +++ b/vendor/github.com/docker/docker/api/types/time/timestamp.go @@ -100,8 +100,10 @@ func GetTimestamp(value string, reference time.Time) (string, error) { // if the incoming nanosecond portion is longer or shorter than 9 digits it is // converted to nanoseconds. The expectation is that the seconds and // seconds will be used to create a time variable. For example: -// seconds, nanoseconds, err := ParseTimestamp("1136073600.000000001",0) -// if err == nil since := time.Unix(seconds, nanoseconds) +// +// seconds, nanoseconds, err := ParseTimestamp("1136073600.000000001",0) +// if err == nil since := time.Unix(seconds, nanoseconds) +// // returns seconds as def(aultSeconds) if value == "" func ParseTimestamps(value string, def int64) (int64, int64, error) { if value == "" { diff --git a/vendor/github.com/docker/docker/builder/dockerfile/builder.go b/vendor/github.com/docker/docker/builder/dockerfile/builder.go index a0bfb289c2..10f81b79e1 100644 --- a/vendor/github.com/docker/docker/builder/dockerfile/builder.go +++ b/vendor/github.com/docker/docker/builder/dockerfile/builder.go @@ -5,7 +5,6 @@ import ( "context" "fmt" "io" - "io/ioutil" "sort" "strings" @@ -257,10 +256,10 @@ func (b *Builder) dispatchDockerfileWithCancellation(parseResult []instructions. totalCommands += len(stage.Commands) } shlex := shell.NewLex(escapeToken) - for _, meta := range metaArgs { - currentCommandIndex = printCommand(b.Stdout, currentCommandIndex, totalCommands, &meta) + for i := range metaArgs { + currentCommandIndex = printCommand(b.Stdout, currentCommandIndex, totalCommands, &metaArgs[i]) - err := processMetaArg(meta, shlex, buildArgs) + err := processMetaArg(metaArgs[i], shlex, buildArgs) if err != nil { return nil, err } @@ -268,7 +267,8 @@ func (b *Builder) dispatchDockerfileWithCancellation(parseResult []instructions. stagesResults := newStagesBuildResults() - for _, stage := range parseResult { + for _, s := range parseResult { + stage := s if err := stagesResults.checkStageNameAvailable(stage.Name); err != nil { return nil, err } @@ -348,8 +348,8 @@ func BuildFromConfig(config *container.Config, changes []string, os string) (*co } } - b.Stdout = ioutil.Discard - b.Stderr = ioutil.Discard + b.Stdout = io.Discard + b.Stderr = io.Discard b.disableCommit = true var commands []instructions.Command diff --git a/vendor/github.com/docker/docker/builder/dockerfile/builder_unix.go b/vendor/github.com/docker/docker/builder/dockerfile/builder_unix.go index c4453459b3..7d10028575 100644 --- a/vendor/github.com/docker/docker/builder/dockerfile/builder_unix.go +++ b/vendor/github.com/docker/docker/builder/dockerfile/builder_unix.go @@ -1,3 +1,4 @@ +//go:build !windows // +build !windows package dockerfile // import "github.com/docker/docker/builder/dockerfile" diff --git a/vendor/github.com/docker/docker/builder/dockerfile/copy_unix.go b/vendor/github.com/docker/docker/builder/dockerfile/copy_unix.go index d2a16e0220..8bc384a8dc 100644 --- a/vendor/github.com/docker/docker/builder/dockerfile/copy_unix.go +++ b/vendor/github.com/docker/docker/builder/dockerfile/copy_unix.go @@ -1,3 +1,4 @@ +//go:build !windows // +build !windows package dockerfile // import "github.com/docker/docker/builder/dockerfile" diff --git a/vendor/github.com/docker/docker/builder/dockerfile/dispatchers.go b/vendor/github.com/docker/docker/builder/dockerfile/dispatchers.go index f755f12650..f919bcb8e8 100644 --- a/vendor/github.com/docker/docker/builder/dockerfile/dispatchers.go +++ b/vendor/github.com/docker/docker/builder/dockerfile/dispatchers.go @@ -35,7 +35,6 @@ import ( // // Sets the environment variable foo to bar, also makes interpolation // in the dockerfile available from the next statement on via ${foo}. -// func dispatchEnv(d dispatchRequest, c *instructions.EnvCommand) error { runConfig := d.state.runConfig commitMessage := bytes.NewBufferString("ENV") @@ -73,7 +72,6 @@ func dispatchMaintainer(d dispatchRequest, c *instructions.MaintainerCommand) er // LABEL some json data describing the image // // Sets the Label variable foo to bar, -// func dispatchLabel(d dispatchRequest, c *instructions.LabelCommand) error { if d.state.runConfig.Labels == nil { d.state.runConfig.Labels = make(map[string]string) @@ -90,7 +88,6 @@ func dispatchLabel(d dispatchRequest, c *instructions.LabelCommand) error { // // Add the file 'foo' to '/path'. Tarball and Remote URL (http, https) handling // exist here. If you do not wish to have this automatic handling, use COPY. -// func dispatchAdd(d dispatchRequest, c *instructions.AddCommand) error { if c.Chmod != "" { return errors.New("the --chmod option requires BuildKit. Refer to https://docs.docker.com/go/buildkit/ to learn how to build images with BuildKit enabled") @@ -112,7 +109,6 @@ func dispatchAdd(d dispatchRequest, c *instructions.AddCommand) error { // COPY foo /path // // Same as 'ADD' but without the tar and remote url handling. -// func dispatchCopy(d dispatchRequest, c *instructions.CopyCommand) error { if c.Chmod != "" { return errors.New("the --chmod option requires BuildKit. Refer to https://docs.docker.com/go/buildkit/ to learn how to build images with BuildKit enabled") @@ -157,7 +153,6 @@ func (d *dispatchRequest) getImageMount(imageRefOrID string) (*imageMount, error } // FROM [--platform=platform] imagename[:tag | @digest] [AS build-stage-name] -// func initializeStage(d dispatchRequest, cmd *instructions.Stage) error { d.builder.imageProber.Reset() @@ -304,7 +299,6 @@ func dispatchOnbuild(d dispatchRequest, c *instructions.OnbuildCommand) error { // WORKDIR /tmp // // Set the working directory for future RUN/CMD/etc statements. -// func dispatchWorkdir(d dispatchRequest, c *instructions.WorkdirCommand) error { runConfig := d.state.runConfig var err error @@ -347,7 +341,6 @@ func dispatchWorkdir(d dispatchRequest, c *instructions.WorkdirCommand) error { // RUN echo hi # sh -c echo hi (Linux and LCOW) // RUN echo hi # cmd /S /C echo hi (Windows) // RUN [ "echo", "hi" ] # echo hi -// func dispatchRun(d dispatchRequest, c *instructions.RunCommand) error { if !system.IsOSSupported(d.state.operatingSystem) { return system.ErrNotSupportedOperatingSystem @@ -442,7 +435,6 @@ func prependEnvOnCmd(buildArgs *BuildArgs, buildArgVars []string, cmd strslice.S // // Set the default command to run in the container (which may be empty). // Argument handling is the same as RUN. -// func dispatchCmd(d dispatchRequest, c *instructions.CmdCommand) error { runConfig := d.state.runConfig cmd, argsEscaped := resolveCmdLine(c.ShellDependantCmdLine, runConfig, d.state.operatingSystem, c.Name(), c.String()) @@ -473,7 +465,6 @@ func dispatchCmd(d dispatchRequest, c *instructions.CmdCommand) error { // // Set the default healthcheck command to run in the container (which may be empty). // Argument handling is the same as RUN. -// func dispatchHealthcheck(d dispatchRequest, c *instructions.HealthCheckCommand) error { runConfig := d.state.runConfig if runConfig.Healthcheck != nil { @@ -493,7 +484,6 @@ func dispatchHealthcheck(d dispatchRequest, c *instructions.HealthCheckCommand) // // Handles command processing similar to CMD and RUN, only req.runConfig.Entrypoint // is initialized at newBuilder time instead of through argument parsing. -// func dispatchEntrypoint(d dispatchRequest, c *instructions.EntrypointCommand) error { runConfig := d.state.runConfig cmd, argsEscaped := resolveCmdLine(c.ShellDependantCmdLine, runConfig, d.state.operatingSystem, c.Name(), c.String()) @@ -523,7 +513,6 @@ func dispatchEntrypoint(d dispatchRequest, c *instructions.EntrypointCommand) er // // Expose ports for links and port mappings. This all ends up in // req.runConfig.ExposedPorts for runconfig. -// func dispatchExpose(d dispatchRequest, c *instructions.ExposeCommand, envs []string) error { // custom multi word expansion // expose $FOO with FOO="80 443" is expanded as EXPOSE [80,443]. This is the only command supporting word to words expansion @@ -557,7 +546,6 @@ func dispatchExpose(d dispatchRequest, c *instructions.ExposeCommand, envs []str // // Set the user to 'foo' for future commands and when running the // ENTRYPOINT/CMD at container run time. -// func dispatchUser(d dispatchRequest, c *instructions.UserCommand) error { d.state.runConfig.User = c.User return d.builder.commit(d.state, fmt.Sprintf("USER %v", c.User)) @@ -566,7 +554,6 @@ func dispatchUser(d dispatchRequest, c *instructions.UserCommand) error { // VOLUME /foo // // Expose the volume /foo for use. Will also accept the JSON array form. -// func dispatchVolume(d dispatchRequest, c *instructions.VolumeCommand) error { if d.state.runConfig.Volumes == nil { d.state.runConfig.Volumes = map[string]struct{}{} diff --git a/vendor/github.com/docker/docker/builder/dockerfile/dispatchers_unix.go b/vendor/github.com/docker/docker/builder/dockerfile/dispatchers_unix.go index 866bc6264d..87dbe72192 100644 --- a/vendor/github.com/docker/docker/builder/dockerfile/dispatchers_unix.go +++ b/vendor/github.com/docker/docker/builder/dockerfile/dispatchers_unix.go @@ -1,3 +1,4 @@ +//go:build !windows // +build !windows package dockerfile // import "github.com/docker/docker/builder/dockerfile" diff --git a/vendor/github.com/docker/docker/builder/remotecontext/git.go b/vendor/github.com/docker/docker/builder/remotecontext/git.go index 1583ca28d0..85efba24f3 100644 --- a/vendor/github.com/docker/docker/builder/remotecontext/git.go +++ b/vendor/github.com/docker/docker/builder/remotecontext/git.go @@ -11,7 +11,7 @@ import ( // MakeGitContext returns a Context from gitURL that is cloned in a temporary directory. func MakeGitContext(gitURL string) (builder.Source, error) { - root, err := git.Clone(gitURL) + root, err := git.Clone(gitURL, git.WithIsolatedConfig(true)) if err != nil { return nil, err } diff --git a/vendor/github.com/docker/docker/builder/remotecontext/git/gitutils.go b/vendor/github.com/docker/docker/builder/remotecontext/git/gitutils.go index c0f68f8f89..c20f8da75b 100644 --- a/vendor/github.com/docker/docker/builder/remotecontext/git/gitutils.go +++ b/vendor/github.com/docker/docker/builder/remotecontext/git/gitutils.go @@ -1,7 +1,6 @@ package git // import "github.com/docker/docker/builder/remotecontext/git" import ( - "io/ioutil" "net/http" "net/url" "os" @@ -17,24 +16,41 @@ type gitRepo struct { remote string ref string subdir string + + isolateConfig bool +} + +// CloneOption changes the behaviour of Clone(). +type CloneOption func(*gitRepo) + +// WithIsolatedConfig disables reading the user or system gitconfig files when +// performing Git operations. +func WithIsolatedConfig(v bool) CloneOption { + return func(gr *gitRepo) { + gr.isolateConfig = v + } } // Clone clones a repository into a newly created directory which // will be under "docker-build-git" -func Clone(remoteURL string) (string, error) { +func Clone(remoteURL string, opts ...CloneOption) (string, error) { repo, err := parseRemoteURL(remoteURL) if err != nil { return "", err } - return cloneGitRepo(repo) + for _, opt := range opts { + opt(&repo) + } + + return repo.clone() } -func cloneGitRepo(repo gitRepo) (checkoutDir string, err error) { +func (repo gitRepo) clone() (checkoutDir string, err error) { fetch := fetchArgs(repo.remote, repo.ref) - root, err := ioutil.TempDir("", "docker-build-git") + root, err := os.MkdirTemp("", "docker-build-git") if err != nil { return "", err } @@ -45,21 +61,21 @@ func cloneGitRepo(repo gitRepo) (checkoutDir string, err error) { } }() - if out, err := gitWithinDir(root, "init"); err != nil { + if out, err := repo.gitWithinDir(root, "init"); err != nil { return "", errors.Wrapf(err, "failed to init repo at %s: %s", root, out) } // Add origin remote for compatibility with previous implementation that // used "git clone" and also to make sure local refs are created for branches - if out, err := gitWithinDir(root, "remote", "add", "origin", repo.remote); err != nil { + if out, err := repo.gitWithinDir(root, "remote", "add", "origin", repo.remote); err != nil { return "", errors.Wrapf(err, "failed add origin repo at %s: %s", repo.remote, out) } - if output, err := gitWithinDir(root, fetch...); err != nil { + if output, err := repo.gitWithinDir(root, fetch...); err != nil { return "", errors.Wrapf(err, "error fetching: %s", output) } - checkoutDir, err = checkoutGit(root, repo.ref, repo.subdir) + checkoutDir, err = repo.checkout(root) if err != nil { return "", err } @@ -163,20 +179,20 @@ func supportsShallowClone(remoteURL string) bool { return true } -func checkoutGit(root, ref, subdir string) (string, error) { +func (repo gitRepo) checkout(root string) (string, error) { // Try checking out by ref name first. This will work on branches and sets // .git/HEAD to the current branch name - if output, err := gitWithinDir(root, "checkout", ref); err != nil { + if output, err := repo.gitWithinDir(root, "checkout", repo.ref); err != nil { // If checking out by branch name fails check out the last fetched ref - if _, err2 := gitWithinDir(root, "checkout", "FETCH_HEAD"); err2 != nil { - return "", errors.Wrapf(err, "error checking out %s: %s", ref, output) + if _, err2 := repo.gitWithinDir(root, "checkout", "FETCH_HEAD"); err2 != nil { + return "", errors.Wrapf(err, "error checking out %s: %s", repo.ref, output) } } - if subdir != "" { - newCtx, err := symlink.FollowSymlinkInScope(filepath.Join(root, subdir), root) + if repo.subdir != "" { + newCtx, err := symlink.FollowSymlinkInScope(filepath.Join(root, repo.subdir), root) if err != nil { - return "", errors.Wrapf(err, "error setting git context, %q not within git root", subdir) + return "", errors.Wrapf(err, "error setting git context, %q not within git root", repo.subdir) } fi, err := os.Stat(newCtx) @@ -192,13 +208,21 @@ func checkoutGit(root, ref, subdir string) (string, error) { return root, nil } -func gitWithinDir(dir string, args ...string) ([]byte, error) { - a := []string{"--work-tree", dir, "--git-dir", filepath.Join(dir, ".git")} - return git(append(a, args...)...) -} +func (repo gitRepo) gitWithinDir(dir string, args ...string) ([]byte, error) { + args = append([]string{"-c", "protocol.file.allow=never"}, args...) // Block sneaky repositories from using repos from the filesystem as submodules. + cmd := exec.Command("git", args...) + cmd.Dir = dir + // Disable unsafe remote protocols. + cmd.Env = append(os.Environ(), "GIT_PROTOCOL_FROM_USER=0") + + if repo.isolateConfig { + cmd.Env = append(cmd.Env, + "GIT_CONFIG_NOSYSTEM=1", // Disable reading from system gitconfig. + "HOME=/dev/null", // Disable reading from user gitconfig. + ) + } -func git(args ...string) ([]byte, error) { - return exec.Command("git", args...).CombinedOutput() + return cmd.CombinedOutput() } // isGitTransport returns true if the provided str is a git transport by inspecting diff --git a/vendor/github.com/docker/docker/builder/remotecontext/remote.go b/vendor/github.com/docker/docker/builder/remotecontext/remote.go index 8047494c9d..8f09ed0997 100644 --- a/vendor/github.com/docker/docker/builder/remotecontext/remote.go +++ b/vendor/github.com/docker/docker/builder/remotecontext/remote.go @@ -4,7 +4,6 @@ import ( "bytes" "fmt" "io" - "io/ioutil" "net" "net/http" "net/url" @@ -58,7 +57,7 @@ func GetWithStatusError(address string) (resp *http.Response, err error) { return resp, nil } msg := fmt.Sprintf("failed to GET %s with status %s", address, resp.Status) - body, err := ioutil.ReadAll(resp.Body) + body, err := io.ReadAll(resp.Body) resp.Body.Close() if err != nil { return nil, errdefs.System(errors.New(msg + ": error reading body")) @@ -81,10 +80,10 @@ func GetWithStatusError(address string) (resp *http.Response, err error) { // inspectResponse looks into the http response data at r to determine whether its // content-type is on the list of acceptable content types for remote build contexts. // This function returns: -// - a string representation of the detected content-type -// - an io.Reader for the response body -// - an error value which will be non-nil either when something goes wrong while -// reading bytes from r or when the detected content-type is not acceptable. +// - a string representation of the detected content-type +// - an io.Reader for the response body +// - an error value which will be non-nil either when something goes wrong while +// reading bytes from r or when the detected content-type is not acceptable. func inspectResponse(ct string, r io.Reader, clen int64) (string, io.Reader, error) { plen := clen if plen <= 0 || plen > maxPreambleLength { diff --git a/vendor/github.com/docker/docker/client/client.go b/vendor/github.com/docker/docker/client/client.go index 21edf1fa1f..d0ce09ae16 100644 --- a/vendor/github.com/docker/docker/client/client.go +++ b/vendor/github.com/docker/docker/client/client.go @@ -4,7 +4,7 @@ Package client is a Go client for the Docker Engine API. For more information about the Engine API, see the documentation: https://docs.docker.com/engine/api/ -Usage +# Usage You use the library by creating a client object and calling methods on it. The client can be created either from environment variables with NewClientWithOpts(client.FromEnv), @@ -37,7 +37,6 @@ For example, to list running containers (the equivalent of "docker ps"): fmt.Printf("%s %s\n", container.ID[:10], container.Image) } } - */ package client // import "github.com/docker/docker/client" @@ -57,6 +56,36 @@ import ( "github.com/pkg/errors" ) +// DummyHost is a hostname used for local communication. +// +// It acts as a valid formatted hostname for local connections (such as "unix://" +// or "npipe://") which do not require a hostname. It should never be resolved, +// but uses the special-purpose ".localhost" TLD (as defined in [RFC 2606, Section 2] +// and [RFC 6761, Section 6.3]). +// +// [RFC 7230, Section 5.4] defines that an empty header must be used for such +// cases: +// +// If the authority component is missing or undefined for the target URI, +// then a client MUST send a Host header field with an empty field-value. +// +// However, [Go stdlib] enforces the semantics of HTTP(S) over TCP, does not +// allow an empty header to be used, and requires req.URL.Scheme to be either +// "http" or "https". +// +// For further details, refer to: +// +// - https://github.com/docker/engine-api/issues/189 +// - https://github.com/golang/go/issues/13624 +// - https://github.com/golang/go/issues/61076 +// - https://github.com/moby/moby/issues/45935 +// +// [RFC 2606, Section 2]: https://www.rfc-editor.org/rfc/rfc2606.html#section-2 +// [RFC 6761, Section 6.3]: https://www.rfc-editor.org/rfc/rfc6761#section-6.3 +// [RFC 7230, Section 5.4]: https://datatracker.ietf.org/doc/html/rfc7230#section-5.4 +// [Go stdlib]: https://github.com/golang/go/blob/6244b1946bc2101b01955468f1be502dbadd6807/src/net/http/transport.go#L558-L569 +const DummyHost = "api.moby.localhost" + // ErrRedirect is the error returned by checkRedirect when the request is non-GET. var ErrRedirect = errors.New("unexpected redirect in response") @@ -135,9 +164,6 @@ func NewClientWithOpts(ops ...Opt) (*Client, error) { } } - if _, ok := c.client.Transport.(http.RoundTripper); !ok { - return nil, fmt.Errorf("unable to verify TLS configuration, invalid transport %v", c.client.Transport) - } if c.scheme == "" { c.scheme = "http" diff --git a/vendor/github.com/docker/docker/client/client_unix.go b/vendor/github.com/docker/docker/client/client_unix.go index 9d0f0dcbf0..5846f888fe 100644 --- a/vendor/github.com/docker/docker/client/client_unix.go +++ b/vendor/github.com/docker/docker/client/client_unix.go @@ -1,3 +1,4 @@ +//go:build linux || freebsd || openbsd || netbsd || darwin || solaris || illumos || dragonfly // +build linux freebsd openbsd netbsd darwin solaris illumos dragonfly package client // import "github.com/docker/docker/client" diff --git a/vendor/github.com/docker/docker/client/config_inspect.go b/vendor/github.com/docker/docker/client/config_inspect.go index 7d0ce3e11c..f1b0d7f753 100644 --- a/vendor/github.com/docker/docker/client/config_inspect.go +++ b/vendor/github.com/docker/docker/client/config_inspect.go @@ -4,7 +4,7 @@ import ( "bytes" "context" "encoding/json" - "io/ioutil" + "io" "github.com/docker/docker/api/types/swarm" ) @@ -23,7 +23,7 @@ func (cli *Client) ConfigInspectWithRaw(ctx context.Context, id string) (swarm.C return swarm.Config{}, nil, wrapResponseError(err, resp, "config", id) } - body, err := ioutil.ReadAll(resp.body) + body, err := io.ReadAll(resp.body) if err != nil { return swarm.Config{}, nil, err } diff --git a/vendor/github.com/docker/docker/client/container_attach.go b/vendor/github.com/docker/docker/client/container_attach.go index 88ba1ef639..3becefba08 100644 --- a/vendor/github.com/docker/docker/client/container_attach.go +++ b/vendor/github.com/docker/docker/client/container_attach.go @@ -22,7 +22,7 @@ import ( // multiplexed. // The format of the multiplexed stream is as follows: // -// [8]byte{STREAM_TYPE, 0, 0, 0, SIZE1, SIZE2, SIZE3, SIZE4}[]byte{OUTPUT} +// [8]byte{STREAM_TYPE, 0, 0, 0, SIZE1, SIZE2, SIZE3, SIZE4}[]byte{OUTPUT} // // STREAM_TYPE can be 1 for stdout and 2 for stderr // diff --git a/vendor/github.com/docker/docker/client/container_create.go b/vendor/github.com/docker/docker/client/container_create.go index b1d5fea5bd..c5079ee539 100644 --- a/vendor/github.com/docker/docker/client/container_create.go +++ b/vendor/github.com/docker/docker/client/container_create.go @@ -4,8 +4,8 @@ import ( "context" "encoding/json" "net/url" + "path" - "github.com/containerd/containerd/platforms" "github.com/docker/docker/api/types/container" "github.com/docker/docker/api/types/network" "github.com/docker/docker/api/types/versions" @@ -16,7 +16,6 @@ type configWrapper struct { *container.Config HostConfig *container.HostConfig NetworkingConfig *network.NetworkingConfig - Platform *specs.Platform } // ContainerCreate creates a new container based in the given configuration. @@ -38,8 +37,8 @@ func (cli *Client) ContainerCreate(ctx context.Context, config *container.Config } query := url.Values{} - if platform != nil { - query.Set("platform", platforms.Format(*platform)) + if p := formatPlatform(platform); p != "" { + query.Set("platform", p) } if containerName != "" { @@ -61,3 +60,15 @@ func (cli *Client) ContainerCreate(ctx context.Context, config *container.Config err = json.NewDecoder(serverResp.body).Decode(&response) return response, err } + +// formatPlatform returns a formatted string representing platform (e.g. linux/arm/v7). +// +// Similar to containerd's platforms.Format(), but does allow components to be +// omitted (e.g. pass "architecture" only, without "os": +// https://github.com/containerd/containerd/blob/v1.5.2/platforms/platforms.go#L243-L263 +func formatPlatform(platform *specs.Platform) string { + if platform == nil { + return "" + } + return path.Join(platform.OS, platform.Architecture, platform.Variant) +} diff --git a/vendor/github.com/docker/docker/client/container_inspect.go b/vendor/github.com/docker/docker/client/container_inspect.go index c496bcffea..43db32bd97 100644 --- a/vendor/github.com/docker/docker/client/container_inspect.go +++ b/vendor/github.com/docker/docker/client/container_inspect.go @@ -4,7 +4,7 @@ import ( "bytes" "context" "encoding/json" - "io/ioutil" + "io" "net/url" "github.com/docker/docker/api/types" @@ -41,7 +41,7 @@ func (cli *Client) ContainerInspectWithRaw(ctx context.Context, containerID stri return types.ContainerJSON{}, nil, wrapResponseError(err, serverResp, "container", containerID) } - body, err := ioutil.ReadAll(serverResp.body) + body, err := io.ReadAll(serverResp.body) if err != nil { return types.ContainerJSON{}, nil, err } diff --git a/vendor/github.com/docker/docker/client/container_logs.go b/vendor/github.com/docker/docker/client/container_logs.go index 5b6541f035..add852a833 100644 --- a/vendor/github.com/docker/docker/client/container_logs.go +++ b/vendor/github.com/docker/docker/client/container_logs.go @@ -24,7 +24,7 @@ import ( // multiplexed. // The format of the multiplexed stream is as follows: // -// [8]byte{STREAM_TYPE, 0, 0, 0, SIZE1, SIZE2, SIZE3, SIZE4}[]byte{OUTPUT} +// [8]byte{STREAM_TYPE, 0, 0, 0, SIZE1, SIZE2, SIZE3, SIZE4}[]byte{OUTPUT} // // STREAM_TYPE can be 1 for stdout and 2 for stderr // diff --git a/vendor/github.com/docker/docker/client/hijack.go b/vendor/github.com/docker/docker/client/hijack.go index e1dc49ef0f..b8fac0be7e 100644 --- a/vendor/github.com/docker/docker/client/hijack.go +++ b/vendor/github.com/docker/docker/client/hijack.go @@ -62,7 +62,11 @@ func fallbackDial(proto, addr string, tlsConfig *tls.Config) (net.Conn, error) { } func (cli *Client) setupHijackConn(ctx context.Context, req *http.Request, proto string) (net.Conn, error) { - req.Host = cli.addr + req.URL.Host = cli.addr + if cli.proto == "unix" || cli.proto == "npipe" { + // Override host header for non-tcp connections. + req.Host = DummyHost + } req.Header.Set("Connection", "Upgrade") req.Header.Set("Upgrade", proto) diff --git a/vendor/github.com/docker/docker/client/image_inspect.go b/vendor/github.com/docker/docker/client/image_inspect.go index 1eb8dce025..03aa12d8b4 100644 --- a/vendor/github.com/docker/docker/client/image_inspect.go +++ b/vendor/github.com/docker/docker/client/image_inspect.go @@ -4,7 +4,7 @@ import ( "bytes" "context" "encoding/json" - "io/ioutil" + "io" "github.com/docker/docker/api/types" ) @@ -20,7 +20,7 @@ func (cli *Client) ImageInspectWithRaw(ctx context.Context, imageID string) (typ return types.ImageInspect{}, nil, wrapResponseError(err, serverResp, "image", imageID) } - body, err := ioutil.ReadAll(serverResp.body) + body, err := io.ReadAll(serverResp.body) if err != nil { return types.ImageInspect{}, nil, err } diff --git a/vendor/github.com/docker/docker/client/network_inspect.go b/vendor/github.com/docker/docker/client/network_inspect.go index 89a05b3021..ecf20ceb6e 100644 --- a/vendor/github.com/docker/docker/client/network_inspect.go +++ b/vendor/github.com/docker/docker/client/network_inspect.go @@ -4,7 +4,7 @@ import ( "bytes" "context" "encoding/json" - "io/ioutil" + "io" "net/url" "github.com/docker/docker/api/types" @@ -39,7 +39,7 @@ func (cli *Client) NetworkInspectWithRaw(ctx context.Context, networkID string, return networkResource, nil, wrapResponseError(err, resp, "network", networkID) } - body, err := ioutil.ReadAll(resp.body) + body, err := io.ReadAll(resp.body) if err != nil { return networkResource, nil, err } diff --git a/vendor/github.com/docker/docker/client/node_inspect.go b/vendor/github.com/docker/docker/client/node_inspect.go index d296c9fdde..b58db52856 100644 --- a/vendor/github.com/docker/docker/client/node_inspect.go +++ b/vendor/github.com/docker/docker/client/node_inspect.go @@ -4,7 +4,7 @@ import ( "bytes" "context" "encoding/json" - "io/ioutil" + "io" "github.com/docker/docker/api/types/swarm" ) @@ -20,7 +20,7 @@ func (cli *Client) NodeInspectWithRaw(ctx context.Context, nodeID string) (swarm return swarm.Node{}, nil, wrapResponseError(err, serverResp, "node", nodeID) } - body, err := ioutil.ReadAll(serverResp.body) + body, err := io.ReadAll(serverResp.body) if err != nil { return swarm.Node{}, nil, err } diff --git a/vendor/github.com/docker/docker/client/plugin_inspect.go b/vendor/github.com/docker/docker/client/plugin_inspect.go index 81b89732b0..4a90bec51a 100644 --- a/vendor/github.com/docker/docker/client/plugin_inspect.go +++ b/vendor/github.com/docker/docker/client/plugin_inspect.go @@ -4,7 +4,7 @@ import ( "bytes" "context" "encoding/json" - "io/ioutil" + "io" "github.com/docker/docker/api/types" ) @@ -20,7 +20,7 @@ func (cli *Client) PluginInspectWithRaw(ctx context.Context, name string) (*type return nil, nil, wrapResponseError(err, resp, "plugin", name) } - body, err := ioutil.ReadAll(resp.body) + body, err := io.ReadAll(resp.body) if err != nil { return nil, nil, err } diff --git a/vendor/github.com/docker/docker/client/request.go b/vendor/github.com/docker/docker/client/request.go index 813eac2c9e..66530d4b04 100644 --- a/vendor/github.com/docker/docker/client/request.go +++ b/vendor/github.com/docker/docker/client/request.go @@ -6,7 +6,6 @@ import ( "encoding/json" "fmt" "io" - "io/ioutil" "net" "net/http" "net/url" @@ -89,16 +88,14 @@ func (cli *Client) buildRequest(method, path string, body io.Reader, headers hea return nil, err } req = cli.addHeaders(req, headers) + req.URL.Scheme = cli.scheme + req.URL.Host = cli.addr if cli.proto == "unix" || cli.proto == "npipe" { - // For local communications, it doesn't matter what the host is. We just - // need a valid and meaningful host name. (See #189) - req.Host = "docker" + // Override host header for non-tcp connections. + req.Host = DummyHost } - req.URL.Host = cli.addr - req.URL.Scheme = cli.scheme - if expectedPayload && req.Header.Get("Content-Type") == "" { req.Header.Set("Content-Type", "text/plain") } @@ -129,7 +126,7 @@ func (cli *Client) doRequest(ctx context.Context, req *http.Request) (serverResp } if cli.scheme == "https" && strings.Contains(err.Error(), "bad certificate") { - return serverResp, errors.Wrap(err, "The server probably has client authentication (--tlsverify) enabled. Please check your TLS client certification settings") + return serverResp, errors.Wrap(err, "the server probably has client authentication (--tlsverify) enabled; check your TLS client certification settings") } // Don't decorate context sentinel errors; users may be comparing to @@ -141,7 +138,7 @@ func (cli *Client) doRequest(ctx context.Context, req *http.Request) (serverResp if nErr, ok := err.(*url.Error); ok { if nErr, ok := nErr.Err.(*net.OpError); ok { if os.IsPermission(nErr.Err) { - return serverResp, errors.Wrapf(err, "Got permission denied while trying to connect to the Docker daemon socket at %v", cli.host) + return serverResp, errors.Wrapf(err, "permission denied while trying to connect to the Docker daemon socket at %v", cli.host) } } } @@ -150,10 +147,8 @@ func (cli *Client) doRequest(ctx context.Context, req *http.Request) (serverResp if err.Timeout() { return serverResp, ErrorConnectionFailed(cli.host) } - if !err.Temporary() { - if strings.Contains(err.Error(), "connection refused") || strings.Contains(err.Error(), "dial unix") { - return serverResp, ErrorConnectionFailed(cli.host) - } + if strings.Contains(err.Error(), "connection refused") || strings.Contains(err.Error(), "dial unix") { + return serverResp, ErrorConnectionFailed(cli.host) } } @@ -170,10 +165,10 @@ func (cli *Client) doRequest(ctx context.Context, req *http.Request) (serverResp if strings.Contains(err.Error(), `open //./pipe/docker_engine`) { // Checks if client is running with elevated privileges if f, elevatedErr := os.Open("\\\\.\\PHYSICALDRIVE0"); elevatedErr == nil { - err = errors.Wrap(err, "In the default daemon configuration on Windows, the docker client must be run with elevated privileges to connect.") + err = errors.Wrap(err, "in the default daemon configuration on Windows, the docker client must be run with elevated privileges to connect") } else { f.Close() - err = errors.Wrap(err, "This error may indicate that the docker daemon is not running.") + err = errors.Wrap(err, "this error may indicate that the docker daemon is not running") } } @@ -201,7 +196,7 @@ func (cli *Client) checkResponseErr(serverResp serverResponse) error { R: serverResp.body, N: int64(bodyMax), } - body, err = ioutil.ReadAll(bodyR) + body, err = io.ReadAll(bodyR) if err != nil { return err } @@ -242,10 +237,8 @@ func (cli *Client) addHeaders(req *http.Request, headers headers) *http.Request req.Header.Set(k, v) } - if headers != nil { - for k, v := range headers { - req.Header[k] = v - } + for k, v := range headers { + req.Header[k] = v } return req } @@ -263,7 +256,7 @@ func encodeData(data interface{}) (*bytes.Buffer, error) { func ensureReaderClosed(response serverResponse) { if response.body != nil { // Drain up to 512 bytes and close the body to let the Transport reuse the connection - io.CopyN(ioutil.Discard, response.body, 512) + io.CopyN(io.Discard, response.body, 512) response.body.Close() } } diff --git a/vendor/github.com/docker/docker/client/secret_inspect.go b/vendor/github.com/docker/docker/client/secret_inspect.go index d093916c9a..c07c9550d4 100644 --- a/vendor/github.com/docker/docker/client/secret_inspect.go +++ b/vendor/github.com/docker/docker/client/secret_inspect.go @@ -4,7 +4,7 @@ import ( "bytes" "context" "encoding/json" - "io/ioutil" + "io" "github.com/docker/docker/api/types/swarm" ) @@ -23,7 +23,7 @@ func (cli *Client) SecretInspectWithRaw(ctx context.Context, id string) (swarm.S return swarm.Secret{}, nil, wrapResponseError(err, resp, "secret", id) } - body, err := ioutil.ReadAll(resp.body) + body, err := io.ReadAll(resp.body) if err != nil { return swarm.Secret{}, nil, err } diff --git a/vendor/github.com/docker/docker/client/service_inspect.go b/vendor/github.com/docker/docker/client/service_inspect.go index 2801483b80..c5368bab1e 100644 --- a/vendor/github.com/docker/docker/client/service_inspect.go +++ b/vendor/github.com/docker/docker/client/service_inspect.go @@ -5,7 +5,7 @@ import ( "context" "encoding/json" "fmt" - "io/ioutil" + "io" "net/url" "github.com/docker/docker/api/types" @@ -25,7 +25,7 @@ func (cli *Client) ServiceInspectWithRaw(ctx context.Context, serviceID string, return swarm.Service{}, nil, wrapResponseError(err, serverResp, "service", serviceID) } - body, err := ioutil.ReadAll(serverResp.body) + body, err := io.ReadAll(serverResp.body) if err != nil { return swarm.Service{}, nil, err } diff --git a/vendor/github.com/docker/docker/client/task_inspect.go b/vendor/github.com/docker/docker/client/task_inspect.go index 44d40ba5ae..fb0949da5b 100644 --- a/vendor/github.com/docker/docker/client/task_inspect.go +++ b/vendor/github.com/docker/docker/client/task_inspect.go @@ -4,7 +4,7 @@ import ( "bytes" "context" "encoding/json" - "io/ioutil" + "io" "github.com/docker/docker/api/types/swarm" ) @@ -20,7 +20,7 @@ func (cli *Client) TaskInspectWithRaw(ctx context.Context, taskID string) (swarm return swarm.Task{}, nil, wrapResponseError(err, serverResp, "task", taskID) } - body, err := ioutil.ReadAll(serverResp.body) + body, err := io.ReadAll(serverResp.body) if err != nil { return swarm.Task{}, nil, err } diff --git a/vendor/github.com/docker/docker/client/volume_inspect.go b/vendor/github.com/docker/docker/client/volume_inspect.go index e20b2c67c7..5c5b3f905c 100644 --- a/vendor/github.com/docker/docker/client/volume_inspect.go +++ b/vendor/github.com/docker/docker/client/volume_inspect.go @@ -4,7 +4,7 @@ import ( "bytes" "context" "encoding/json" - "io/ioutil" + "io" "github.com/docker/docker/api/types" ) @@ -28,7 +28,7 @@ func (cli *Client) VolumeInspectWithRaw(ctx context.Context, volumeID string) (t return volume, nil, wrapResponseError(err, resp, "volume", volumeID) } - body, err := ioutil.ReadAll(resp.body) + body, err := io.ReadAll(resp.body) if err != nil { return volume, nil, err } diff --git a/vendor/github.com/docker/docker/container/container.go b/vendor/github.com/docker/docker/container/container.go index e96f087c55..b082a2677c 100644 --- a/vendor/github.com/docker/docker/container/container.go +++ b/vendor/github.com/docker/docker/container/container.go @@ -300,10 +300,11 @@ func (container *Container) SetupWorkingDirectory(rootIdentity idtools.Identity) // particular path inside the container as though you were a process in that // container. // -// NOTE: The returned path is *only* safely scoped inside the container's BaseFS -// if no component of the returned path changes (such as a component -// symlinking to a different path) between using this method and using the -// path. See symlink.FollowSymlinkInScope for more details. +// # NOTE +// The returned path is *only* safely scoped inside the container's BaseFS +// if no component of the returned path changes (such as a component +// symlinking to a different path) between using this method and using the +// path. See symlink.FollowSymlinkInScope for more details. func (container *Container) GetResourcePath(path string) (string, error) { if container.BaseFS == nil { return "", errors.New("GetResourcePath: BaseFS of container " + container.ID + " is unexpectedly nil") @@ -329,10 +330,11 @@ func (container *Container) GetResourcePath(path string) (string, error) { // Only use this method to safely access the container's `container.json` or // other metadata files. If in doubt, use container.GetResourcePath. // -// NOTE: The returned path is *only* safely scoped inside the container's root -// if no component of the returned path changes (such as a component -// symlinking to a different path) between using this method and using the -// path. See symlink.FollowSymlinkInScope for more details. +// # NOTE +// The returned path is *only* safely scoped inside the container's root +// if no component of the returned path changes (such as a component +// symlinking to a different path) between using this method and using the +// path. See symlink.FollowSymlinkInScope for more details. func (container *Container) GetRootResourcePath(path string) (string, error) { // IMPORTANT - These are paths on the OS where the daemon is running, hence // any filepath operations must be done in an OS agnostic way. diff --git a/vendor/github.com/docker/docker/container/container_unix.go b/vendor/github.com/docker/docker/container/container_unix.go index 7a49ff55aa..486557f482 100644 --- a/vendor/github.com/docker/docker/container/container_unix.go +++ b/vendor/github.com/docker/docker/container/container_unix.go @@ -1,9 +1,9 @@ +//go:build !windows // +build !windows package container // import "github.com/docker/docker/container" import ( - "io/ioutil" "os" "path/filepath" "syscall" @@ -57,7 +57,7 @@ func (container *Container) BuildHostnameFile() error { return err } container.HostnamePath = hostnamePath - return ioutil.WriteFile(container.HostnamePath, []byte(container.Config.Hostname+"\n"), 0644) + return os.WriteFile(container.HostnamePath, []byte(container.Config.Hostname+"\n"), 0644) } // NetworkMounts returns the list of network mounts. @@ -406,7 +406,7 @@ func ignoreUnsupportedXAttrs() fs.CopyDirOpt { // copyExistingContents copies from the source to the destination and // ensures the ownership is appropriately set. func copyExistingContents(source, destination string) error { - dstList, err := ioutil.ReadDir(destination) + dstList, err := os.ReadDir(destination) if err != nil { return err } diff --git a/vendor/github.com/docker/docker/container/mounts_unix.go b/vendor/github.com/docker/docker/container/mounts_unix.go index 2c1160464b..168286889a 100644 --- a/vendor/github.com/docker/docker/container/mounts_unix.go +++ b/vendor/github.com/docker/docker/container/mounts_unix.go @@ -1,3 +1,4 @@ +//go:build !windows // +build !windows package container // import "github.com/docker/docker/container" diff --git a/vendor/github.com/docker/docker/container/stream/streams.go b/vendor/github.com/docker/docker/container/stream/streams.go index 585f9e8e3a..83e6ded611 100644 --- a/vendor/github.com/docker/docker/container/stream/streams.go +++ b/vendor/github.com/docker/docker/container/stream/streams.go @@ -4,7 +4,6 @@ import ( "context" "fmt" "io" - "io/ioutil" "strings" "sync" @@ -87,7 +86,7 @@ func (c *Config) NewInputPipes() { // NewNopInputPipe creates a new input pipe that will silently drop all messages in the input. func (c *Config) NewNopInputPipe() { - c.stdinPipe = ioutils.NopWriteCloser(ioutil.Discard) + c.stdinPipe = ioutils.NopWriteCloser(io.Discard) } // CloseStreams ensures that the configured streams are properly closed. diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/driver_unsupported.go b/vendor/github.com/docker/docker/daemon/graphdriver/driver_unsupported.go index 1f2e8f071b..60aea63b9c 100644 --- a/vendor/github.com/docker/docker/daemon/graphdriver/driver_unsupported.go +++ b/vendor/github.com/docker/docker/daemon/graphdriver/driver_unsupported.go @@ -1,3 +1,4 @@ +//go:build !linux && !windows && !freebsd // +build !linux,!windows,!freebsd package graphdriver // import "github.com/docker/docker/daemon/graphdriver" diff --git a/vendor/github.com/docker/docker/daemon/graphdriver/fsdiff.go b/vendor/github.com/docker/docker/daemon/graphdriver/fsdiff.go index f06caedb92..3f78c0d1b1 100644 --- a/vendor/github.com/docker/docker/daemon/graphdriver/fsdiff.go +++ b/vendor/github.com/docker/docker/daemon/graphdriver/fsdiff.go @@ -31,10 +31,11 @@ type NaiveDiffDriver struct { // NewNaiveDiffDriver returns a fully functional driver that wraps the // given ProtoDriver and adds the capability of the following methods which // it may or may not support on its own: -// Diff(id, parent string) (archive.Archive, error) -// Changes(id, parent string) ([]archive.Change, error) -// ApplyDiff(id, parent string, diff archive.Reader) (size int64, err error) -// DiffSize(id, parent string) (size int64, err error) +// +// Diff(id, parent string) (archive.Archive, error) +// Changes(id, parent string) ([]archive.Change, error) +// ApplyDiff(id, parent string, diff archive.Reader) (size int64, err error) +// DiffSize(id, parent string) (size int64, err error) func NewNaiveDiffDriver(driver ProtoDriver, uidMaps, gidMaps []idtools.IDMap) Driver { return &NaiveDiffDriver{ProtoDriver: driver, uidMaps: uidMaps, diff --git a/vendor/github.com/docker/docker/daemon/logger/loggerutils/file_unix.go b/vendor/github.com/docker/docker/daemon/logger/loggerutils/file_unix.go index e7b6095296..1d2553c280 100644 --- a/vendor/github.com/docker/docker/daemon/logger/loggerutils/file_unix.go +++ b/vendor/github.com/docker/docker/daemon/logger/loggerutils/file_unix.go @@ -1,3 +1,4 @@ +//go:build !windows // +build !windows package loggerutils diff --git a/vendor/github.com/docker/docker/daemon/logger/plugin_unix.go b/vendor/github.com/docker/docker/daemon/logger/plugin_unix.go index e9a16af9b1..a59fda860a 100644 --- a/vendor/github.com/docker/docker/daemon/logger/plugin_unix.go +++ b/vendor/github.com/docker/docker/daemon/logger/plugin_unix.go @@ -1,3 +1,4 @@ +//go:build linux || freebsd // +build linux freebsd package logger // import "github.com/docker/docker/daemon/logger" diff --git a/vendor/github.com/docker/docker/daemon/logger/plugin_unsupported.go b/vendor/github.com/docker/docker/daemon/logger/plugin_unsupported.go index 2ad47cc077..fbbeba0c21 100644 --- a/vendor/github.com/docker/docker/daemon/logger/plugin_unsupported.go +++ b/vendor/github.com/docker/docker/daemon/logger/plugin_unsupported.go @@ -1,3 +1,4 @@ +//go:build !linux && !freebsd // +build !linux,!freebsd package logger // import "github.com/docker/docker/daemon/logger" diff --git a/vendor/github.com/docker/docker/daemon/logger/templates/templates.go b/vendor/github.com/docker/docker/daemon/logger/templates/templates.go index ab76d0f1c2..d8b4ce5d85 100644 --- a/vendor/github.com/docker/docker/daemon/logger/templates/templates.go +++ b/vendor/github.com/docker/docker/daemon/logger/templates/templates.go @@ -20,7 +20,7 @@ var basicFunctions = template.FuncMap{ }, "split": strings.Split, "join": strings.Join, - "title": strings.Title, + "title": strings.Title, //nolint:staticcheck // SA1019: strings.Title is deprecated: The rule Title uses for word boundaries does not handle Unicode punctuation properly. Use golang.org/x/text/cases instead. "lower": strings.ToLower, "upper": strings.ToUpper, "pad": padWithSpace, diff --git a/vendor/github.com/docker/docker/dockerversion/useragent.go b/vendor/github.com/docker/docker/dockerversion/useragent.go index afbdcd8584..d08b391268 100644 --- a/vendor/github.com/docker/docker/dockerversion/useragent.go +++ b/vendor/github.com/docker/docker/dockerversion/useragent.go @@ -14,7 +14,8 @@ type UAStringKey struct{} // DockerUserAgent is the User-Agent the Docker client uses to identify itself. // In accordance with RFC 7231 (5.5.3) is of the form: -// [docker client's UA] UpstreamClient([upstream client's UA]) +// +// [docker client's UA] UpstreamClient([upstream client's UA]) func DockerUserAgent(ctx context.Context) string { httpVersion := make([]useragent.VersionInfo, 0, 6) httpVersion = append(httpVersion, useragent.VersionInfo{Name: "docker", Version: Version}) @@ -68,7 +69,8 @@ func escapeStr(s string, charsToEscape string) string { // insertUpstreamUserAgent adds the upstream client useragent to create a user-agent // string of the form: -// $dockerUA UpstreamClient($upstreamUA) +// +// $dockerUA UpstreamClient($upstreamUA) func insertUpstreamUserAgent(upstreamUA string, dockerUA string) string { charsToEscape := `();\` upstreamUAEscaped := escapeStr(upstreamUA, charsToEscape) diff --git a/vendor/github.com/docker/docker/dockerversion/version_lib.go b/vendor/github.com/docker/docker/dockerversion/version_lib.go index a42eafcef8..96954560cd 100644 --- a/vendor/github.com/docker/docker/dockerversion/version_lib.go +++ b/vendor/github.com/docker/docker/dockerversion/version_lib.go @@ -1,3 +1,4 @@ +//go:build !autogen // +build !autogen // Package dockerversion is auto-generated at build-time diff --git a/vendor/github.com/docker/docker/errdefs/http_helpers.go b/vendor/github.com/docker/docker/errdefs/http_helpers.go index 07552f1cc1..5afe486779 100644 --- a/vendor/github.com/docker/docker/errdefs/http_helpers.go +++ b/vendor/github.com/docker/docker/errdefs/http_helpers.go @@ -1,78 +1,11 @@ package errdefs // import "github.com/docker/docker/errdefs" import ( - "fmt" "net/http" - containerderrors "github.com/containerd/containerd/errdefs" - "github.com/docker/distribution/registry/api/errcode" "github.com/sirupsen/logrus" - "google.golang.org/grpc/codes" - "google.golang.org/grpc/status" ) -// GetHTTPErrorStatusCode retrieves status code from error message. -func GetHTTPErrorStatusCode(err error) int { - if err == nil { - logrus.WithFields(logrus.Fields{"error": err}).Error("unexpected HTTP error handling") - return http.StatusInternalServerError - } - - var statusCode int - - // Stop right there - // Are you sure you should be adding a new error class here? Do one of the existing ones work? - - // Note that the below functions are already checking the error causal chain for matches. - switch { - case IsNotFound(err): - statusCode = http.StatusNotFound - case IsInvalidParameter(err): - statusCode = http.StatusBadRequest - case IsConflict(err): - statusCode = http.StatusConflict - case IsUnauthorized(err): - statusCode = http.StatusUnauthorized - case IsUnavailable(err): - statusCode = http.StatusServiceUnavailable - case IsForbidden(err): - statusCode = http.StatusForbidden - case IsNotModified(err): - statusCode = http.StatusNotModified - case IsNotImplemented(err): - statusCode = http.StatusNotImplemented - case IsSystem(err) || IsUnknown(err) || IsDataLoss(err) || IsDeadline(err) || IsCancelled(err): - statusCode = http.StatusInternalServerError - default: - statusCode = statusCodeFromGRPCError(err) - if statusCode != http.StatusInternalServerError { - return statusCode - } - statusCode = statusCodeFromContainerdError(err) - if statusCode != http.StatusInternalServerError { - return statusCode - } - statusCode = statusCodeFromDistributionError(err) - if statusCode != http.StatusInternalServerError { - return statusCode - } - if e, ok := err.(causer); ok { - return GetHTTPErrorStatusCode(e.Cause()) - } - - logrus.WithFields(logrus.Fields{ - "module": "api", - "error_type": fmt.Sprintf("%T", err), - }).Debugf("FIXME: Got an API for which error does not match any expected type!!!: %+v", err) - } - - if statusCode == 0 { - statusCode = http.StatusInternalServerError - } - - return statusCode -} - // FromStatusCode creates an errdef error, based on the provided HTTP status-code func FromStatusCode(err error, statusCode int) error { if err == nil { @@ -100,10 +33,10 @@ func FromStatusCode(err error, statusCode int) error { err = System(err) } default: - logrus.WithFields(logrus.Fields{ + logrus.WithError(err).WithFields(logrus.Fields{ "module": "api", - "status_code": fmt.Sprintf("%d", statusCode), - }).Debugf("FIXME: Got an status-code for which error does not match any expected type!!!: %d", statusCode) + "status_code": statusCode, + }).Debug("FIXME: Got an status-code for which error does not match any expected type!!!") switch { case statusCode >= 200 && statusCode < 400: @@ -118,74 +51,3 @@ func FromStatusCode(err error, statusCode int) error { } return err } - -// statusCodeFromGRPCError returns status code according to gRPC error -func statusCodeFromGRPCError(err error) int { - switch status.Code(err) { - case codes.InvalidArgument: // code 3 - return http.StatusBadRequest - case codes.NotFound: // code 5 - return http.StatusNotFound - case codes.AlreadyExists: // code 6 - return http.StatusConflict - case codes.PermissionDenied: // code 7 - return http.StatusForbidden - case codes.FailedPrecondition: // code 9 - return http.StatusBadRequest - case codes.Unauthenticated: // code 16 - return http.StatusUnauthorized - case codes.OutOfRange: // code 11 - return http.StatusBadRequest - case codes.Unimplemented: // code 12 - return http.StatusNotImplemented - case codes.Unavailable: // code 14 - return http.StatusServiceUnavailable - default: - // codes.Canceled(1) - // codes.Unknown(2) - // codes.DeadlineExceeded(4) - // codes.ResourceExhausted(8) - // codes.Aborted(10) - // codes.Internal(13) - // codes.DataLoss(15) - return http.StatusInternalServerError - } -} - -// statusCodeFromDistributionError returns status code according to registry errcode -// code is loosely based on errcode.ServeJSON() in docker/distribution -func statusCodeFromDistributionError(err error) int { - switch errs := err.(type) { - case errcode.Errors: - if len(errs) < 1 { - return http.StatusInternalServerError - } - if _, ok := errs[0].(errcode.ErrorCoder); ok { - return statusCodeFromDistributionError(errs[0]) - } - case errcode.ErrorCoder: - return errs.ErrorCode().Descriptor().HTTPStatusCode - } - return http.StatusInternalServerError -} - -// statusCodeFromContainerdError returns status code for containerd errors when -// consumed directly (not through gRPC) -func statusCodeFromContainerdError(err error) int { - switch { - case containerderrors.IsInvalidArgument(err): - return http.StatusBadRequest - case containerderrors.IsNotFound(err): - return http.StatusNotFound - case containerderrors.IsAlreadyExists(err): - return http.StatusConflict - case containerderrors.IsFailedPrecondition(err): - return http.StatusPreconditionFailed - case containerderrors.IsUnavailable(err): - return http.StatusServiceUnavailable - case containerderrors.IsNotImplemented(err): - return http.StatusNotImplemented - default: - return http.StatusInternalServerError - } -} diff --git a/vendor/github.com/docker/docker/image/fs.go b/vendor/github.com/docker/docker/image/fs.go index 8300c41884..d996501cc6 100644 --- a/vendor/github.com/docker/docker/image/fs.go +++ b/vendor/github.com/docker/docker/image/fs.go @@ -2,7 +2,6 @@ package image // import "github.com/docker/docker/image" import ( "fmt" - "io/ioutil" "os" "path/filepath" "sync" @@ -68,7 +67,7 @@ func (s *fs) metadataDir(dgst digest.Digest) string { func (s *fs) Walk(f DigestWalkFunc) error { // Only Canonical digest (sha256) is currently supported s.RLock() - dir, err := ioutil.ReadDir(filepath.Join(s.root, contentDirName, string(digest.Canonical))) + dir, err := os.ReadDir(filepath.Join(s.root, contentDirName, string(digest.Canonical))) s.RUnlock() if err != nil { return err @@ -95,7 +94,7 @@ func (s *fs) Get(dgst digest.Digest) ([]byte, error) { } func (s *fs) get(dgst digest.Digest) ([]byte, error) { - content, err := ioutil.ReadFile(s.contentFile(dgst)) + content, err := os.ReadFile(s.contentFile(dgst)) if err != nil { return nil, errors.Wrapf(err, "failed to get digest %s", dgst) } @@ -159,7 +158,7 @@ func (s *fs) GetMetadata(dgst digest.Digest, key string) ([]byte, error) { if _, err := s.get(dgst); err != nil { return nil, err } - bytes, err := ioutil.ReadFile(filepath.Join(s.metadataDir(dgst), key)) + bytes, err := os.ReadFile(filepath.Join(s.metadataDir(dgst), key)) if err != nil { return nil, errors.Wrap(err, "failed to read metadata") } diff --git a/vendor/github.com/docker/docker/layer/empty.go b/vendor/github.com/docker/docker/layer/empty.go index c81c702140..46fc571255 100644 --- a/vendor/github.com/docker/docker/layer/empty.go +++ b/vendor/github.com/docker/docker/layer/empty.go @@ -5,7 +5,6 @@ import ( "bytes" "fmt" "io" - "io/ioutil" ) // DigestSHA256EmptyTar is the canonical sha256 digest of empty tar file - @@ -21,7 +20,7 @@ func (el *emptyLayer) TarStream() (io.ReadCloser, error) { buf := new(bytes.Buffer) tarWriter := tar.NewWriter(buf) tarWriter.Close() - return ioutil.NopCloser(buf), nil + return io.NopCloser(buf), nil } func (el *emptyLayer) TarStreamFrom(p ChainID) (io.ReadCloser, error) { diff --git a/vendor/github.com/docker/docker/layer/filestore.go b/vendor/github.com/docker/docker/layer/filestore.go index 0c15cc9b96..37bc41d514 100644 --- a/vendor/github.com/docker/docker/layer/filestore.go +++ b/vendor/github.com/docker/docker/layer/filestore.go @@ -5,7 +5,6 @@ import ( "encoding/json" "fmt" "io" - "io/ioutil" "os" "path/filepath" "regexp" @@ -143,7 +142,7 @@ func (fm *fileMetadataTransaction) String() string { } func (fms *fileMetadataStore) GetSize(layer ChainID) (int64, error) { - content, err := ioutil.ReadFile(fms.getLayerFilename(layer, "size")) + content, err := os.ReadFile(fms.getLayerFilename(layer, "size")) if err != nil { return 0, err } @@ -157,7 +156,7 @@ func (fms *fileMetadataStore) GetSize(layer ChainID) (int64, error) { } func (fms *fileMetadataStore) GetParent(layer ChainID) (ChainID, error) { - content, err := ioutil.ReadFile(fms.getLayerFilename(layer, "parent")) + content, err := os.ReadFile(fms.getLayerFilename(layer, "parent")) if err != nil { if os.IsNotExist(err) { return "", nil @@ -174,7 +173,7 @@ func (fms *fileMetadataStore) GetParent(layer ChainID) (ChainID, error) { } func (fms *fileMetadataStore) GetDiffID(layer ChainID) (DiffID, error) { - content, err := ioutil.ReadFile(fms.getLayerFilename(layer, "diff")) + content, err := os.ReadFile(fms.getLayerFilename(layer, "diff")) if err != nil { return "", err } @@ -188,7 +187,7 @@ func (fms *fileMetadataStore) GetDiffID(layer ChainID) (DiffID, error) { } func (fms *fileMetadataStore) GetCacheID(layer ChainID) (string, error) { - contentBytes, err := ioutil.ReadFile(fms.getLayerFilename(layer, "cache-id")) + contentBytes, err := os.ReadFile(fms.getLayerFilename(layer, "cache-id")) if err != nil { return "", err } @@ -202,7 +201,7 @@ func (fms *fileMetadataStore) GetCacheID(layer ChainID) (string, error) { } func (fms *fileMetadataStore) GetDescriptor(layer ChainID) (distribution.Descriptor, error) { - content, err := ioutil.ReadFile(fms.getLayerFilename(layer, "descriptor.json")) + content, err := os.ReadFile(fms.getLayerFilename(layer, "descriptor.json")) if err != nil { if os.IsNotExist(err) { // only return empty descriptor to represent what is stored @@ -240,25 +239,25 @@ func (fms *fileMetadataStore) SetMountID(mount string, mountID string) error { if err := os.MkdirAll(fms.getMountDirectory(mount), 0755); err != nil { return err } - return ioutil.WriteFile(fms.getMountFilename(mount, "mount-id"), []byte(mountID), 0644) + return os.WriteFile(fms.getMountFilename(mount, "mount-id"), []byte(mountID), 0644) } func (fms *fileMetadataStore) SetInitID(mount string, init string) error { if err := os.MkdirAll(fms.getMountDirectory(mount), 0755); err != nil { return err } - return ioutil.WriteFile(fms.getMountFilename(mount, "init-id"), []byte(init), 0644) + return os.WriteFile(fms.getMountFilename(mount, "init-id"), []byte(init), 0644) } func (fms *fileMetadataStore) SetMountParent(mount string, parent ChainID) error { if err := os.MkdirAll(fms.getMountDirectory(mount), 0755); err != nil { return err } - return ioutil.WriteFile(fms.getMountFilename(mount, "parent"), []byte(digest.Digest(parent).String()), 0644) + return os.WriteFile(fms.getMountFilename(mount, "parent"), []byte(digest.Digest(parent).String()), 0644) } func (fms *fileMetadataStore) GetMountID(mount string) (string, error) { - contentBytes, err := ioutil.ReadFile(fms.getMountFilename(mount, "mount-id")) + contentBytes, err := os.ReadFile(fms.getMountFilename(mount, "mount-id")) if err != nil { return "", err } @@ -272,7 +271,7 @@ func (fms *fileMetadataStore) GetMountID(mount string) (string, error) { } func (fms *fileMetadataStore) GetInitID(mount string) (string, error) { - contentBytes, err := ioutil.ReadFile(fms.getMountFilename(mount, "init-id")) + contentBytes, err := os.ReadFile(fms.getMountFilename(mount, "init-id")) if err != nil { if os.IsNotExist(err) { return "", nil @@ -289,7 +288,7 @@ func (fms *fileMetadataStore) GetInitID(mount string) (string, error) { } func (fms *fileMetadataStore) GetMountParent(mount string) (ChainID, error) { - content, err := ioutil.ReadFile(fms.getMountFilename(mount, "parent")) + content, err := os.ReadFile(fms.getMountFilename(mount, "parent")) if err != nil { if os.IsNotExist(err) { return "", nil @@ -308,7 +307,7 @@ func (fms *fileMetadataStore) GetMountParent(mount string) (ChainID, error) { func (fms *fileMetadataStore) getOrphan() ([]roLayer, error) { var orphanLayers []roLayer for _, algorithm := range supportedAlgorithms { - fileInfos, err := ioutil.ReadDir(filepath.Join(fms.root, string(algorithm))) + fileInfos, err := os.ReadDir(filepath.Join(fms.root, string(algorithm))) if err != nil { if os.IsNotExist(err) { continue @@ -330,7 +329,7 @@ func (fms *fileMetadataStore) getOrphan() ([]roLayer, error) { } chainFile := filepath.Join(fms.root, string(algorithm), fi.Name(), "cache-id") - contentBytes, err := ioutil.ReadFile(chainFile) + contentBytes, err := os.ReadFile(chainFile) if err != nil { if !os.IsNotExist(err) { logrus.WithError(err).WithField("digest", dgst).Error("failed to read cache ID") @@ -357,7 +356,7 @@ func (fms *fileMetadataStore) getOrphan() ([]roLayer, error) { func (fms *fileMetadataStore) List() ([]ChainID, []string, error) { var ids []ChainID for _, algorithm := range supportedAlgorithms { - fileInfos, err := ioutil.ReadDir(filepath.Join(fms.root, string(algorithm))) + fileInfos, err := os.ReadDir(filepath.Join(fms.root, string(algorithm))) if err != nil { if os.IsNotExist(err) { continue @@ -377,7 +376,7 @@ func (fms *fileMetadataStore) List() ([]ChainID, []string, error) { } } - fileInfos, err := ioutil.ReadDir(filepath.Join(fms.root, "mounts")) + fileInfos, err := os.ReadDir(filepath.Join(fms.root, "mounts")) if err != nil { if os.IsNotExist(err) { return ids, []string{}, nil @@ -398,7 +397,7 @@ func (fms *fileMetadataStore) List() ([]ChainID, []string, error) { // Remove layerdb folder if that is marked for removal func (fms *fileMetadataStore) Remove(layer ChainID, cache string) error { dgst := digest.Digest(layer) - files, err := ioutil.ReadDir(filepath.Join(fms.root, string(dgst.Algorithm()))) + files, err := os.ReadDir(filepath.Join(fms.root, string(dgst.Algorithm()))) if err != nil { return err } @@ -411,7 +410,7 @@ func (fms *fileMetadataStore) Remove(layer ChainID, cache string) error { // requested cacheID dir := filepath.Join(fms.root, string(dgst.Algorithm()), f.Name()) chainFile := filepath.Join(dir, "cache-id") - contentBytes, err := ioutil.ReadFile(chainFile) + contentBytes, err := os.ReadFile(chainFile) if err != nil { logrus.WithError(err).WithField("file", chainFile).Error("cannot get cache ID") continue diff --git a/vendor/github.com/docker/docker/layer/filestore_unix.go b/vendor/github.com/docker/docker/layer/filestore_unix.go index 68e7f90779..88a2a85595 100644 --- a/vendor/github.com/docker/docker/layer/filestore_unix.go +++ b/vendor/github.com/docker/docker/layer/filestore_unix.go @@ -1,3 +1,4 @@ +//go:build !windows // +build !windows package layer // import "github.com/docker/docker/layer" diff --git a/vendor/github.com/docker/docker/layer/filestore_windows.go b/vendor/github.com/docker/docker/layer/filestore_windows.go index cecad426c8..325d68b63c 100644 --- a/vendor/github.com/docker/docker/layer/filestore_windows.go +++ b/vendor/github.com/docker/docker/layer/filestore_windows.go @@ -2,7 +2,6 @@ package layer // import "github.com/docker/docker/layer" import ( "fmt" - "io/ioutil" "os" "strings" ) @@ -17,7 +16,7 @@ func (fm *fileMetadataTransaction) setOS(os string) error { // getOS reads the "os" file from the layer filestore func (fms *fileMetadataStore) getOS(layer ChainID) (string, error) { - contentBytes, err := ioutil.ReadFile(fms.getLayerFilename(layer, "os")) + contentBytes, err := os.ReadFile(fms.getLayerFilename(layer, "os")) if err != nil { // For backwards compatibility, the os file may not exist. Default to "windows" if missing. if os.IsNotExist(err) { diff --git a/vendor/github.com/docker/docker/layer/layer_store.go b/vendor/github.com/docker/docker/layer/layer_store.go index c58f501982..5520899b8d 100644 --- a/vendor/github.com/docker/docker/layer/layer_store.go +++ b/vendor/github.com/docker/docker/layer/layer_store.go @@ -4,7 +4,6 @@ import ( "errors" "fmt" "io" - "io/ioutil" "os" "path/filepath" "sync" @@ -266,7 +265,7 @@ func (ls *layerStore) applyTar(tx *fileMetadataTransaction, ts io.Reader, parent // discard trailing data but ensure metadata is picked up to reconstruct stream // unconditionally call io.Copy here before checking err to ensure the resources // allocated by NewInputTarStream above are always released - io.Copy(ioutil.Discard, rdr) // ignore error as reader may be closed + io.Copy(io.Discard, rdr) // ignore error as reader may be closed if err != nil { return err } diff --git a/vendor/github.com/docker/docker/layer/layer_unix.go b/vendor/github.com/docker/docker/layer/layer_unix.go index 002c7ff838..24cb880092 100644 --- a/vendor/github.com/docker/docker/layer/layer_unix.go +++ b/vendor/github.com/docker/docker/layer/layer_unix.go @@ -1,3 +1,4 @@ +//go:build linux || freebsd || darwin || openbsd // +build linux freebsd darwin openbsd package layer // import "github.com/docker/docker/layer" diff --git a/vendor/github.com/docker/docker/oci/defaults.go b/vendor/github.com/docker/docker/oci/defaults.go index d593a0e3e9..21e76b9f97 100644 --- a/vendor/github.com/docker/docker/oci/defaults.go +++ b/vendor/github.com/docker/docker/oci/defaults.go @@ -105,6 +105,7 @@ func DefaultLinuxSpec() specs.Spec { "/proc/sched_debug", "/proc/scsi", "/sys/firmware", + "/sys/devices/virtual/powercap", }, ReadonlyPaths: []string{ "/proc/bus", diff --git a/vendor/github.com/docker/docker/oci/devices_unsupported.go b/vendor/github.com/docker/docker/oci/devices_unsupported.go index af6dd3bda2..1f6468e944 100644 --- a/vendor/github.com/docker/docker/oci/devices_unsupported.go +++ b/vendor/github.com/docker/docker/oci/devices_unsupported.go @@ -1,3 +1,4 @@ +//go:build !linux // +build !linux package oci // import "github.com/docker/docker/oci" diff --git a/vendor/github.com/docker/docker/oci/oci.go b/vendor/github.com/docker/docker/oci/oci.go index 60227c2680..2021ec3538 100644 --- a/vendor/github.com/docker/docker/oci/oci.go +++ b/vendor/github.com/docker/docker/oci/oci.go @@ -8,13 +8,14 @@ import ( specs "github.com/opencontainers/runtime-spec/specs-go" ) -// TODO verify if this regex is correct for "a" (all); the docs (https://github.com/torvalds/linux/blob/v5.10/Documentation/admin-guide/cgroup-v1/devices.rst) describe: -// "'all' means it applies to all types and all major and minor numbers", and shows an example -// that *only* passes `a` as value: `echo a > /sys/fs/cgroup/1/devices.allow, which would be -// the "implicit" equivalent of "a *:* rwm". Source-code also looks to confirm this, and returns -// early for "a" (all); https://github.com/torvalds/linux/blob/v5.10/security/device_cgroup.c#L614-L642 -// nolint: gosimple -var deviceCgroupRuleRegex = regexp.MustCompile("^([acb]) ([0-9]+|\\*):([0-9]+|\\*) ([rwm]{1,3})$") +// TODO verify if this regex is correct for "a" (all); +// +// The docs (https://github.com/torvalds/linux/blob/v5.10/Documentation/admin-guide/cgroup-v1/devices.rst) describe: +// "'all' means it applies to all types and all major and minor numbers", and shows an example +// that *only* passes `a` as value: `echo a > /sys/fs/cgroup/1/devices.allow, which would be +// the "implicit" equivalent of "a *:* rwm". Source-code also looks to confirm this, and returns +// early for "a" (all); https://github.com/torvalds/linux/blob/v5.10/security/device_cgroup.c#L614-L642 +var deviceCgroupRuleRegex = regexp.MustCompile("^([acb]) ([0-9]+|\\*):([0-9]+|\\*) ([rwm]{1,3})$") //nolint: gosimple // SetCapabilities sets the provided capabilities on the spec // All capabilities are added if privileged is true. diff --git a/vendor/github.com/docker/docker/pkg/archive/archive.go b/vendor/github.com/docker/docker/pkg/archive/archive.go index 50b83c62c6..16d92e637c 100644 --- a/vendor/github.com/docker/docker/pkg/archive/archive.go +++ b/vendor/github.com/docker/docker/pkg/archive/archive.go @@ -9,7 +9,6 @@ import ( "context" "fmt" "io" - "io/ioutil" "os" "path/filepath" "runtime" @@ -353,12 +352,64 @@ func (compression *Compression) Extension() string { return "" } +// nosysFileInfo hides the system-dependent info of the wrapped FileInfo to +// prevent tar.FileInfoHeader from introspecting it and potentially calling into +// glibc. +type nosysFileInfo struct { + os.FileInfo +} + +func (fi nosysFileInfo) Sys() interface{} { + // A Sys value of type *tar.Header is safe as it is system-independent. + // The tar.FileInfoHeader function copies the fields into the returned + // header without performing any OS lookups. + if sys, ok := fi.FileInfo.Sys().(*tar.Header); ok { + return sys + } + return nil +} + +// sysStat, if non-nil, populates hdr from system-dependent fields of fi. +var sysStat func(fi os.FileInfo, hdr *tar.Header) error + +// FileInfoHeaderNoLookups creates a partially-populated tar.Header from fi. +// +// Compared to the archive/tar.FileInfoHeader function, this function is safe to +// call from a chrooted process as it does not populate fields which would +// require operating system lookups. It behaves identically to +// tar.FileInfoHeader when fi is a FileInfo value returned from +// tar.Header.FileInfo(). +// +// When fi is a FileInfo for a native file, such as returned from os.Stat() and +// os.Lstat(), the returned Header value differs from one returned from +// tar.FileInfoHeader in the following ways. The Uname and Gname fields are not +// set as OS lookups would be required to populate them. The AccessTime and +// ChangeTime fields are not currently set (not yet implemented) although that +// is subject to change. Callers which require the AccessTime or ChangeTime +// fields to be zeroed should explicitly zero them out in the returned Header +// value to avoid any compatibility issues in the future. +func FileInfoHeaderNoLookups(fi os.FileInfo, link string) (*tar.Header, error) { + hdr, err := tar.FileInfoHeader(nosysFileInfo{fi}, link) + if err != nil { + return nil, err + } + if sysStat != nil { + return hdr, sysStat(fi, hdr) + } + return hdr, nil +} + // FileInfoHeader creates a populated Header from fi. -// Compared to archive pkg this function fills in more information. -// Also, regardless of Go version, this function fills file type bits (e.g. hdr.Mode |= modeISDIR), -// which have been deleted since Go 1.9 archive/tar. +// +// Compared to the archive/tar package, this function fills in less information +// but is safe to call from a chrooted process. The AccessTime and ChangeTime +// fields are not set in the returned header, ModTime is truncated to one-second +// precision, and the Uname and Gname fields are only set when fi is a FileInfo +// value returned from tar.Header.FileInfo(). Also, regardless of Go version, +// this function fills file type bits (e.g. hdr.Mode |= modeISDIR), which have +// been deleted since Go 1.9 archive/tar. func FileInfoHeader(name string, fi os.FileInfo, link string) (*tar.Header, error) { - hdr, err := tar.FileInfoHeader(fi, link) + hdr, err := FileInfoHeaderNoLookups(fi, link) if err != nil { return nil, err } @@ -368,9 +419,6 @@ func FileInfoHeader(name string, fi os.FileInfo, link string) (*tar.Header, erro hdr.ChangeTime = time.Time{} hdr.Mode = fillGo18FileTypeBits(int64(chmodTarEntry(os.FileMode(hdr.Mode))), fi) hdr.Name = canonicalTarName(name, fi.IsDir()) - if err := setHeaderForSpecialDevice(hdr, name, fi.Sys()); err != nil { - return nil, err - } return hdr, nil } @@ -600,7 +648,7 @@ func createTarFile(path, extractDir string, hdr *tar.Header, reader io.Reader, L } } - case tar.TypeReg, tar.TypeRegA: + case tar.TypeReg: // Source is regular file. We use system.OpenFileSequential to use sequential // file access to avoid depleting the standby list on Windows. // On Linux, this equates to a regular os.OpenFile @@ -630,6 +678,7 @@ func createTarFile(path, extractDir string, hdr *tar.Header, reader io.Reader, L } case tar.TypeLink: + //#nosec G305 -- The target path is checked for path traversal. targetPath := filepath.Join(extractDir, hdr.Linkname) // check for hardlink breakout if !strings.HasPrefix(targetPath, extractDir) { @@ -642,7 +691,7 @@ func createTarFile(path, extractDir string, hdr *tar.Header, reader io.Reader, L case tar.TypeSymlink: // path -> hdr.Linkname = targetPath // e.g. /extractDir/path/to/symlink -> ../2/file = /extractDir/path/2/file - targetPath := filepath.Join(filepath.Dir(path), hdr.Linkname) + targetPath := filepath.Join(filepath.Dir(path), hdr.Linkname) //#nosec G305 -- The target path is checked for path traversal. // the reason we don't need to check symlinks in the path (with FollowSymlinkInScope) is because // that symlink would first have to be created, which would be caught earlier, at this very check: @@ -971,6 +1020,7 @@ loop: } } + //#nosec G305 -- The joined path is checked for path traversal. path := filepath.Join(dest, hdr.Name) rel, err := filepath.Rel(dest, path) if err != nil { @@ -1035,6 +1085,7 @@ loop: } for _, hdr := range dirs { + //#nosec G305 -- The header was checked for path traversal before it was appended to the dirs slice. path := filepath.Join(dest, hdr.Name) if err := system.Chtimes(path, hdr.AccessTime, hdr.ModTime); err != nil { @@ -1047,7 +1098,8 @@ loop: // Untar reads a stream of bytes from `archive`, parses it as a tar archive, // and unpacks it into the directory at `dest`. // The archive may be compressed with one of the following algorithms: -// identity (uncompressed), gzip, bzip2, xz. +// identity (uncompressed), gzip, bzip2, xz. +// // FIXME: specify behavior when target path exists vs. doesn't exist. func Untar(tarArchive io.Reader, dest string, options *TarOptions) error { return untarHandler(tarArchive, dest, options, true) @@ -1181,7 +1233,7 @@ func (archiver *Archiver) CopyFileWithTar(src, dst string) (err error) { } defer srcF.Close() - hdr, err := tar.FileInfoHeader(srcSt, "") + hdr, err := FileInfoHeaderNoLookups(srcSt, "") if err != nil { return err } @@ -1272,7 +1324,7 @@ func cmdStream(cmd *exec.Cmd, input io.Reader) (io.ReadCloser, error) { // of that file as an archive. The archive can only be read once - as soon as reading completes, // the file will be deleted. func NewTempArchive(src io.Reader, dir string) (*TempArchive, error) { - f, err := ioutil.TempFile(dir, "") + f, err := os.CreateTemp(dir, "") if err != nil { return nil, err } diff --git a/vendor/github.com/docker/docker/pkg/archive/archive_linux.go b/vendor/github.com/docker/docker/pkg/archive/archive_linux.go index 0a3cc1f92b..76321a35e3 100644 --- a/vendor/github.com/docker/docker/pkg/archive/archive_linux.go +++ b/vendor/github.com/docker/docker/pkg/archive/archive_linux.go @@ -59,7 +59,7 @@ func (overlayWhiteoutConverter) ConvertWrite(hdr *tar.Header, path string, fi os Gname: hdr.Gname, AccessTime: hdr.AccessTime, ChangeTime: hdr.ChangeTime, - } + } //#nosec G305 -- An archive is being created, not extracted. } } diff --git a/vendor/github.com/docker/docker/pkg/archive/archive_other.go b/vendor/github.com/docker/docker/pkg/archive/archive_other.go index 2a3dc95398..28ae2769c5 100644 --- a/vendor/github.com/docker/docker/pkg/archive/archive_other.go +++ b/vendor/github.com/docker/docker/pkg/archive/archive_other.go @@ -1,3 +1,4 @@ +//go:build !linux // +build !linux package archive // import "github.com/docker/docker/pkg/archive" diff --git a/vendor/github.com/docker/docker/pkg/archive/archive_unix.go b/vendor/github.com/docker/docker/pkg/archive/archive_unix.go index 0b92bb0f4a..67a88851cf 100644 --- a/vendor/github.com/docker/docker/pkg/archive/archive_unix.go +++ b/vendor/github.com/docker/docker/pkg/archive/archive_unix.go @@ -1,3 +1,4 @@ +//go:build !windows // +build !windows package archive // import "github.com/docker/docker/pkg/archive" @@ -16,6 +17,10 @@ import ( "golang.org/x/sys/unix" ) +func init() { + sysStat = statUnix +} + // fixVolumePathPrefix does platform specific processing to ensure that if // the path being passed in is not in a volume path format, convert it to one. func fixVolumePathPrefix(srcPath string) string { @@ -44,19 +49,24 @@ func chmodTarEntry(perm os.FileMode) os.FileMode { return perm // noop for unix as golang APIs provide perm bits correctly } -func setHeaderForSpecialDevice(hdr *tar.Header, name string, stat interface{}) (err error) { - s, ok := stat.(*syscall.Stat_t) +// statUnix populates hdr from system-dependent fields of fi without performing +// any OS lookups. +func statUnix(fi os.FileInfo, hdr *tar.Header) error { + s, ok := fi.Sys().(*syscall.Stat_t) + if !ok { + return nil + } - if ok { - // Currently go does not fill in the major/minors - if s.Mode&unix.S_IFBLK != 0 || - s.Mode&unix.S_IFCHR != 0 { - hdr.Devmajor = int64(unix.Major(uint64(s.Rdev))) // nolint: unconvert - hdr.Devminor = int64(unix.Minor(uint64(s.Rdev))) // nolint: unconvert - } + hdr.Uid = int(s.Uid) + hdr.Gid = int(s.Gid) + + if s.Mode&unix.S_IFBLK != 0 || + s.Mode&unix.S_IFCHR != 0 { + hdr.Devmajor = int64(unix.Major(uint64(s.Rdev))) //nolint: unconvert + hdr.Devminor = int64(unix.Minor(uint64(s.Rdev))) //nolint: unconvert } - return + return nil } func getInodeFromStat(stat interface{}) (inode uint64, err error) { diff --git a/vendor/github.com/docker/docker/pkg/archive/changes.go b/vendor/github.com/docker/docker/pkg/archive/changes.go index aedb91b035..a0f25942c1 100644 --- a/vendor/github.com/docker/docker/pkg/archive/changes.go +++ b/vendor/github.com/docker/docker/pkg/archive/changes.go @@ -5,7 +5,6 @@ import ( "bytes" "fmt" "io" - "io/ioutil" "os" "path/filepath" "sort" @@ -348,7 +347,7 @@ func ChangesDirs(newDir, oldDir string) ([]Change, error) { oldRoot, newRoot *FileInfo ) if oldDir == "" { - emptyDir, err := ioutil.TempDir("", "empty") + emptyDir, err := os.MkdirTemp("", "empty") if err != nil { return nil, err } diff --git a/vendor/github.com/docker/docker/pkg/archive/changes_other.go b/vendor/github.com/docker/docker/pkg/archive/changes_other.go index ba744741cd..0e4399a43b 100644 --- a/vendor/github.com/docker/docker/pkg/archive/changes_other.go +++ b/vendor/github.com/docker/docker/pkg/archive/changes_other.go @@ -1,3 +1,4 @@ +//go:build !linux // +build !linux package archive // import "github.com/docker/docker/pkg/archive" diff --git a/vendor/github.com/docker/docker/pkg/archive/changes_unix.go b/vendor/github.com/docker/docker/pkg/archive/changes_unix.go index 06217b7161..54aace970e 100644 --- a/vendor/github.com/docker/docker/pkg/archive/changes_unix.go +++ b/vendor/github.com/docker/docker/pkg/archive/changes_unix.go @@ -1,3 +1,4 @@ +//go:build !windows // +build !windows package archive // import "github.com/docker/docker/pkg/archive" diff --git a/vendor/github.com/docker/docker/pkg/archive/copy.go b/vendor/github.com/docker/docker/pkg/archive/copy.go index 57fddac078..b9be0d5ec8 100644 --- a/vendor/github.com/docker/docker/pkg/archive/copy.go +++ b/vendor/github.com/docker/docker/pkg/archive/copy.go @@ -4,7 +4,6 @@ import ( "archive/tar" "errors" "io" - "io/ioutil" "os" "path/filepath" "strings" @@ -261,7 +260,7 @@ func PrepareArchiveCopy(srcContent io.Reader, srcInfo, dstInfo CopyInfo) (dstDir // The destination exists as a directory. No alteration // to srcContent is needed as its contents can be // simply extracted to the destination directory. - return dstInfo.Path, ioutil.NopCloser(srcContent), nil + return dstInfo.Path, io.NopCloser(srcContent), nil case dstInfo.Exists && srcInfo.IsDir: // The destination exists as some type of file and the source // content is a directory. This is an error condition since @@ -354,6 +353,16 @@ func RebaseArchiveEntries(srcContent io.Reader, oldBase, newBase string) io.Read return } + // Ignoring GoSec G110. See https://github.com/securego/gosec/pull/433 + // and https://cure53.de/pentest-report_opa.pdf, which recommends to + // replace io.Copy with io.CopyN7. The latter allows to specify the + // maximum number of bytes that should be read. By properly defining + // the limit, it can be assured that a GZip compression bomb cannot + // easily cause a Denial-of-Service. + // After reviewing with @tonistiigi and @cpuguy83, this should not + // affect us, because here we do not read into memory, hence should + // not be vulnerable to this code consuming memory. + //nolint:gosec // G110: Potential DoS vulnerability via decompression bomb (gosec) if _, err = io.Copy(rebasedTar, srcTar); err != nil { w.CloseWithError(err) return diff --git a/vendor/github.com/docker/docker/pkg/archive/copy_unix.go b/vendor/github.com/docker/docker/pkg/archive/copy_unix.go index 3958364f5b..2ac7729f4c 100644 --- a/vendor/github.com/docker/docker/pkg/archive/copy_unix.go +++ b/vendor/github.com/docker/docker/pkg/archive/copy_unix.go @@ -1,3 +1,4 @@ +//go:build !windows // +build !windows package archive // import "github.com/docker/docker/pkg/archive" diff --git a/vendor/github.com/docker/docker/pkg/archive/diff.go b/vendor/github.com/docker/docker/pkg/archive/diff.go index 27897e6ab7..6174bc2af4 100644 --- a/vendor/github.com/docker/docker/pkg/archive/diff.go +++ b/vendor/github.com/docker/docker/pkg/archive/diff.go @@ -4,7 +4,6 @@ import ( "archive/tar" "fmt" "io" - "io/ioutil" "os" "path/filepath" "runtime" @@ -100,7 +99,7 @@ func UnpackLayer(dest string, layer io.Reader, options *TarOptions) (size int64, basename := filepath.Base(hdr.Name) aufsHardlinks[basename] = hdr if aufsTempdir == "" { - if aufsTempdir, err = ioutil.TempDir("", "dockerplnk"); err != nil { + if aufsTempdir, err = os.MkdirTemp("", "dockerplnk"); err != nil { return 0, err } defer os.RemoveAll(aufsTempdir) @@ -114,6 +113,7 @@ func UnpackLayer(dest string, layer io.Reader, options *TarOptions) (size int64, continue } } + //#nosec G305 -- The joined path is guarded against path traversal. path := filepath.Join(dest, hdr.Name) rel, err := filepath.Rel(dest, path) if err != nil { @@ -210,6 +210,7 @@ func UnpackLayer(dest string, layer io.Reader, options *TarOptions) (size int64, } for _, hdr := range dirs { + //#nosec G305 -- The header was checked for path traversal before it was appended to the dirs slice. path := filepath.Join(dest, hdr.Name) if err := system.Chtimes(path, hdr.AccessTime, hdr.ModTime); err != nil { return 0, err diff --git a/vendor/github.com/docker/docker/pkg/archive/time_unsupported.go b/vendor/github.com/docker/docker/pkg/archive/time_unsupported.go index f58bf227fd..d087796861 100644 --- a/vendor/github.com/docker/docker/pkg/archive/time_unsupported.go +++ b/vendor/github.com/docker/docker/pkg/archive/time_unsupported.go @@ -1,3 +1,4 @@ +//go:build !linux // +build !linux package archive // import "github.com/docker/docker/pkg/archive" diff --git a/vendor/github.com/docker/docker/pkg/archive/wrap.go b/vendor/github.com/docker/docker/pkg/archive/wrap.go index 85435694cf..032db82cea 100644 --- a/vendor/github.com/docker/docker/pkg/archive/wrap.go +++ b/vendor/github.com/docker/docker/pkg/archive/wrap.go @@ -17,8 +17,8 @@ import ( // Generate("foo.txt", "hello world", "emptyfile") // // The above call will return an archive with 2 files: -// * ./foo.txt with content "hello world" -// * ./empty with empty content +// - ./foo.txt with content "hello world" +// - ./empty with empty content // // FIXME: stream content instead of buffering // FIXME: specify permissions and other archive metadata diff --git a/vendor/github.com/docker/docker/pkg/chrootarchive/archive.go b/vendor/github.com/docker/docker/pkg/chrootarchive/archive.go index d11cbdf277..ebf5db8e6c 100644 --- a/vendor/github.com/docker/docker/pkg/chrootarchive/archive.go +++ b/vendor/github.com/docker/docker/pkg/chrootarchive/archive.go @@ -3,7 +3,6 @@ package chrootarchive // import "github.com/docker/docker/pkg/chrootarchive" import ( "fmt" "io" - "io/ioutil" "net" "os" "os/user" @@ -34,7 +33,7 @@ func NewArchiver(idMapping *idtools.IdentityMapping) *archive.Archiver { // Untar reads a stream of bytes from `archive`, parses it as a tar archive, // and unpacks it into the directory at `dest`. // The archive may be compressed with one of the following algorithms: -// identity (uncompressed), gzip, bzip2, xz. +// identity (uncompressed), gzip, bzip2, xz. func Untar(tarArchive io.Reader, dest string, options *archive.TarOptions) error { return untarHandler(tarArchive, dest, options, true, dest) } @@ -88,7 +87,7 @@ func untarHandler(tarArchive io.Reader, dest string, options *archive.TarOptions } } - r := ioutil.NopCloser(tarArchive) + r := io.NopCloser(tarArchive) if decompress { decompressedArchive, err := archive.DecompressStream(tarArchive) if err != nil { diff --git a/vendor/github.com/docker/docker/pkg/chrootarchive/archive_unix.go b/vendor/github.com/docker/docker/pkg/chrootarchive/archive_unix.go index 864c3ac6dc..b3a8ae1135 100644 --- a/vendor/github.com/docker/docker/pkg/chrootarchive/archive_unix.go +++ b/vendor/github.com/docker/docker/pkg/chrootarchive/archive_unix.go @@ -1,3 +1,4 @@ +//go:build !windows // +build !windows package chrootarchive // import "github.com/docker/docker/pkg/chrootarchive" @@ -8,7 +9,6 @@ import ( "flag" "fmt" "io" - "io/ioutil" "os" "path/filepath" "runtime" @@ -111,7 +111,7 @@ func invokeUnpack(decompressedArchive io.Reader, dest string, options *archive.T // when `xz -d -c -q | docker-untar ...` failed on docker-untar side, // we need to exhaust `xz`'s output, otherwise the `xz` side will be // pending on write pipe forever - io.Copy(ioutil.Discard, decompressedArchive) + io.Copy(io.Discard, decompressedArchive) return fmt.Errorf("Error processing tar file(%v): %s", err, output) } diff --git a/vendor/github.com/docker/docker/pkg/chrootarchive/chroot_linux.go b/vendor/github.com/docker/docker/pkg/chrootarchive/chroot_linux.go index 1c560ce59f..a4e3920113 100644 --- a/vendor/github.com/docker/docker/pkg/chrootarchive/chroot_linux.go +++ b/vendor/github.com/docker/docker/pkg/chrootarchive/chroot_linux.go @@ -2,7 +2,6 @@ package chrootarchive // import "github.com/docker/docker/pkg/chrootarchive" import ( "fmt" - "io/ioutil" "os" "path/filepath" @@ -44,7 +43,7 @@ func chroot(path string) (err error) { } // setup oldRoot for pivot_root - pivotDir, err := ioutil.TempDir(path, ".pivot_root") + pivotDir, err := os.MkdirTemp(path, ".pivot_root") if err != nil { return fmt.Errorf("Error setting up pivot dir: %v", err) } diff --git a/vendor/github.com/docker/docker/pkg/chrootarchive/chroot_unix.go b/vendor/github.com/docker/docker/pkg/chrootarchive/chroot_unix.go index 8003136f50..c35aa91669 100644 --- a/vendor/github.com/docker/docker/pkg/chrootarchive/chroot_unix.go +++ b/vendor/github.com/docker/docker/pkg/chrootarchive/chroot_unix.go @@ -1,3 +1,4 @@ +//go:build !windows && !linux // +build !windows,!linux package chrootarchive // import "github.com/docker/docker/pkg/chrootarchive" diff --git a/vendor/github.com/docker/docker/pkg/chrootarchive/diff_unix.go b/vendor/github.com/docker/docker/pkg/chrootarchive/diff_unix.go index c64efefcdc..18d028af18 100644 --- a/vendor/github.com/docker/docker/pkg/chrootarchive/diff_unix.go +++ b/vendor/github.com/docker/docker/pkg/chrootarchive/diff_unix.go @@ -1,4 +1,5 @@ -//+build !windows +//go:build !windows +// +build !windows package chrootarchive // import "github.com/docker/docker/pkg/chrootarchive" @@ -8,7 +9,6 @@ import ( "flag" "fmt" "io" - "io/ioutil" "os" "path/filepath" "runtime" @@ -56,7 +56,7 @@ func applyLayer() { options.InUserNS = true } - if tmpDir, err = ioutil.TempDir("/", "temp-docker-extract"); err != nil { + if tmpDir, err = os.MkdirTemp("/", "temp-docker-extract"); err != nil { fatal(err) } diff --git a/vendor/github.com/docker/docker/pkg/chrootarchive/diff_windows.go b/vendor/github.com/docker/docker/pkg/chrootarchive/diff_windows.go index 8f3f3a4a8a..f423419d3c 100644 --- a/vendor/github.com/docker/docker/pkg/chrootarchive/diff_windows.go +++ b/vendor/github.com/docker/docker/pkg/chrootarchive/diff_windows.go @@ -3,7 +3,6 @@ package chrootarchive // import "github.com/docker/docker/pkg/chrootarchive" import ( "fmt" "io" - "io/ioutil" "os" "path/filepath" @@ -30,7 +29,7 @@ func applyLayerHandler(dest string, layer io.Reader, options *archive.TarOptions layer = decompressed } - tmpDir, err := ioutil.TempDir(os.Getenv("temp"), "temp-docker-extract") + tmpDir, err := os.MkdirTemp(os.Getenv("temp"), "temp-docker-extract") if err != nil { return 0, fmt.Errorf("ApplyLayer failed to create temp-docker-extract under %s. %s", dest, err) } diff --git a/vendor/github.com/docker/docker/pkg/chrootarchive/init_unix.go b/vendor/github.com/docker/docker/pkg/chrootarchive/init_unix.go index c24fea7d9c..0746c1cb97 100644 --- a/vendor/github.com/docker/docker/pkg/chrootarchive/init_unix.go +++ b/vendor/github.com/docker/docker/pkg/chrootarchive/init_unix.go @@ -1,3 +1,4 @@ +//go:build !windows // +build !windows package chrootarchive // import "github.com/docker/docker/pkg/chrootarchive" @@ -5,7 +6,6 @@ package chrootarchive // import "github.com/docker/docker/pkg/chrootarchive" import ( "fmt" "io" - "io/ioutil" "os" "github.com/docker/docker/pkg/reexec" @@ -25,5 +25,5 @@ func fatal(err error) { // flush consumes all the bytes from the reader discarding // any errors func flush(r io.Reader) (bytes int64, err error) { - return io.Copy(ioutil.Discard, r) + return io.Copy(io.Discard, r) } diff --git a/vendor/github.com/docker/docker/pkg/containerfs/archiver.go b/vendor/github.com/docker/docker/pkg/containerfs/archiver.go index 308e2b88d3..450c986785 100644 --- a/vendor/github.com/docker/docker/pkg/containerfs/archiver.go +++ b/vendor/github.com/docker/docker/pkg/containerfs/archiver.go @@ -137,7 +137,7 @@ func (archiver *Archiver) CopyFileWithTar(src, dst string) (retErr error) { } defer srcF.Close() - hdr, err := tar.FileInfoHeader(srcSt, "") + hdr, err := archive.FileInfoHeaderNoLookups(srcSt, "") if err != nil { return err } diff --git a/vendor/github.com/docker/docker/pkg/containerfs/containerfs_unix.go b/vendor/github.com/docker/docker/pkg/containerfs/containerfs_unix.go index 6a99459517..5a7ab97e58 100644 --- a/vendor/github.com/docker/docker/pkg/containerfs/containerfs_unix.go +++ b/vendor/github.com/docker/docker/pkg/containerfs/containerfs_unix.go @@ -1,3 +1,4 @@ +//go:build !windows // +build !windows package containerfs // import "github.com/docker/docker/pkg/containerfs" diff --git a/vendor/github.com/docker/docker/pkg/fileutils/fileutils_unix.go b/vendor/github.com/docker/docker/pkg/fileutils/fileutils_unix.go index 565396f1c7..f782b4266a 100644 --- a/vendor/github.com/docker/docker/pkg/fileutils/fileutils_unix.go +++ b/vendor/github.com/docker/docker/pkg/fileutils/fileutils_unix.go @@ -1,10 +1,10 @@ +//go:build linux || freebsd // +build linux freebsd package fileutils // import "github.com/docker/docker/pkg/fileutils" import ( "fmt" - "io/ioutil" "os" "github.com/sirupsen/logrus" @@ -13,7 +13,7 @@ import ( // GetTotalUsedFds Returns the number of used File Descriptors by // reading it via /proc filesystem. func GetTotalUsedFds() int { - if fds, err := ioutil.ReadDir(fmt.Sprintf("/proc/%d/fd", os.Getpid())); err != nil { + if fds, err := os.ReadDir(fmt.Sprintf("/proc/%d/fd", os.Getpid())); err != nil { logrus.Errorf("Error opening /proc/%d/fd: %s", os.Getpid(), err) } else { return len(fds) diff --git a/vendor/github.com/docker/docker/pkg/homedir/homedir_others.go b/vendor/github.com/docker/docker/pkg/homedir/homedir_others.go index 67ab9e9b31..fc48e674c1 100644 --- a/vendor/github.com/docker/docker/pkg/homedir/homedir_others.go +++ b/vendor/github.com/docker/docker/pkg/homedir/homedir_others.go @@ -1,3 +1,4 @@ +//go:build !linux // +build !linux package homedir // import "github.com/docker/docker/pkg/homedir" diff --git a/vendor/github.com/docker/docker/pkg/homedir/homedir_unix.go b/vendor/github.com/docker/docker/pkg/homedir/homedir_unix.go index 441bd727b6..d1732dee52 100644 --- a/vendor/github.com/docker/docker/pkg/homedir/homedir_unix.go +++ b/vendor/github.com/docker/docker/pkg/homedir/homedir_unix.go @@ -1,3 +1,4 @@ +//go:build !windows // +build !windows package homedir // import "github.com/docker/docker/pkg/homedir" diff --git a/vendor/github.com/docker/docker/pkg/idtools/idtools_unix.go b/vendor/github.com/docker/docker/pkg/idtools/idtools_unix.go index e7d25ee471..ceec0339b5 100644 --- a/vendor/github.com/docker/docker/pkg/idtools/idtools_unix.go +++ b/vendor/github.com/docker/docker/pkg/idtools/idtools_unix.go @@ -1,3 +1,4 @@ +//go:build !windows // +build !windows package idtools // import "github.com/docker/docker/pkg/idtools" diff --git a/vendor/github.com/docker/docker/pkg/idtools/usergroupadd_unsupported.go b/vendor/github.com/docker/docker/pkg/idtools/usergroupadd_unsupported.go index e7c4d63118..5e24577e2c 100644 --- a/vendor/github.com/docker/docker/pkg/idtools/usergroupadd_unsupported.go +++ b/vendor/github.com/docker/docker/pkg/idtools/usergroupadd_unsupported.go @@ -1,3 +1,4 @@ +//go:build !linux // +build !linux package idtools // import "github.com/docker/docker/pkg/idtools" diff --git a/vendor/github.com/docker/docker/pkg/idtools/utils_unix.go b/vendor/github.com/docker/docker/pkg/idtools/utils_unix.go index 1e2d4a7a75..540672af5a 100644 --- a/vendor/github.com/docker/docker/pkg/idtools/utils_unix.go +++ b/vendor/github.com/docker/docker/pkg/idtools/utils_unix.go @@ -1,3 +1,4 @@ +//go:build !windows // +build !windows package idtools // import "github.com/docker/docker/pkg/idtools" diff --git a/vendor/github.com/docker/docker/pkg/ioutils/fswriters.go b/vendor/github.com/docker/docker/pkg/ioutils/fswriters.go index 534d66ac26..82671d8cd5 100644 --- a/vendor/github.com/docker/docker/pkg/ioutils/fswriters.go +++ b/vendor/github.com/docker/docker/pkg/ioutils/fswriters.go @@ -2,7 +2,6 @@ package ioutils // import "github.com/docker/docker/pkg/ioutils" import ( "io" - "io/ioutil" "os" "path/filepath" ) @@ -11,7 +10,7 @@ import ( // temporary file and closing it atomically changes the temporary file to // destination path. Writing and closing concurrently is not allowed. func NewAtomicFileWriter(filename string, perm os.FileMode) (io.WriteCloser, error) { - f, err := ioutil.TempFile(filepath.Dir(filename), ".tmp-"+filepath.Base(filename)) + f, err := os.CreateTemp(filepath.Dir(filename), ".tmp-"+filepath.Base(filename)) if err != nil { return nil, err } @@ -94,7 +93,7 @@ type AtomicWriteSet struct { // commit. If no temporary directory is given the system // default is used. func NewAtomicWriteSet(tmpDir string) (*AtomicWriteSet, error) { - td, err := ioutil.TempDir(tmpDir, "write-set-") + td, err := os.MkdirTemp(tmpDir, "write-set-") if err != nil { return nil, err } diff --git a/vendor/github.com/docker/docker/pkg/ioutils/temp_unix.go b/vendor/github.com/docker/docker/pkg/ioutils/temp_unix.go index dc894f9131..7489122309 100644 --- a/vendor/github.com/docker/docker/pkg/ioutils/temp_unix.go +++ b/vendor/github.com/docker/docker/pkg/ioutils/temp_unix.go @@ -1,10 +1,11 @@ +//go:build !windows // +build !windows package ioutils // import "github.com/docker/docker/pkg/ioutils" -import "io/ioutil" +import "os" -// TempDir on Unix systems is equivalent to ioutil.TempDir. +// TempDir on Unix systems is equivalent to os.MkdirTemp. func TempDir(dir, prefix string) (string, error) { - return ioutil.TempDir(dir, prefix) + return os.MkdirTemp(dir, prefix) } diff --git a/vendor/github.com/docker/docker/pkg/ioutils/temp_windows.go b/vendor/github.com/docker/docker/pkg/ioutils/temp_windows.go index ecaba2e36d..a57fd9af6a 100644 --- a/vendor/github.com/docker/docker/pkg/ioutils/temp_windows.go +++ b/vendor/github.com/docker/docker/pkg/ioutils/temp_windows.go @@ -1,14 +1,14 @@ package ioutils // import "github.com/docker/docker/pkg/ioutils" import ( - "io/ioutil" + "os" "github.com/docker/docker/pkg/longpath" ) -// TempDir is the equivalent of ioutil.TempDir, except that the result is in Windows longpath format. +// TempDir is the equivalent of os.MkdirTemp, except that the result is in Windows longpath format. func TempDir(dir, prefix string) (string, error) { - tempDir, err := ioutil.TempDir(dir, prefix) + tempDir, err := os.MkdirTemp(dir, prefix) if err != nil { return "", err } diff --git a/vendor/github.com/docker/docker/pkg/parsers/kernel/kernel.go b/vendor/github.com/docker/docker/pkg/parsers/kernel/kernel.go index 94780ef610..3245b74166 100644 --- a/vendor/github.com/docker/docker/pkg/parsers/kernel/kernel.go +++ b/vendor/github.com/docker/docker/pkg/parsers/kernel/kernel.go @@ -1,3 +1,4 @@ +//go:build !windows // +build !windows // Package kernel provides helper function to get, parse and compare kernel diff --git a/vendor/github.com/docker/docker/pkg/parsers/kernel/kernel_darwin.go b/vendor/github.com/docker/docker/pkg/parsers/kernel/kernel_darwin.go index 652a2ce31e..afb5b2e98e 100644 --- a/vendor/github.com/docker/docker/pkg/parsers/kernel/kernel_darwin.go +++ b/vendor/github.com/docker/docker/pkg/parsers/kernel/kernel_darwin.go @@ -1,3 +1,4 @@ +//go:build darwin // +build darwin // Package kernel provides helper function to get, parse and compare kernel diff --git a/vendor/github.com/docker/docker/pkg/parsers/kernel/kernel_unix.go b/vendor/github.com/docker/docker/pkg/parsers/kernel/kernel_unix.go index 8a9aa31225..b9508d376c 100644 --- a/vendor/github.com/docker/docker/pkg/parsers/kernel/kernel_unix.go +++ b/vendor/github.com/docker/docker/pkg/parsers/kernel/kernel_unix.go @@ -1,3 +1,4 @@ +//go:build linux || freebsd || openbsd // +build linux freebsd openbsd // Package kernel provides helper function to get, parse and compare kernel diff --git a/vendor/github.com/docker/docker/pkg/parsers/kernel/uname_unsupported.go b/vendor/github.com/docker/docker/pkg/parsers/kernel/uname_unsupported.go index 97906e4cd7..ed356310c4 100644 --- a/vendor/github.com/docker/docker/pkg/parsers/kernel/uname_unsupported.go +++ b/vendor/github.com/docker/docker/pkg/parsers/kernel/uname_unsupported.go @@ -1,3 +1,4 @@ +//go:build !linux // +build !linux package kernel // import "github.com/docker/docker/pkg/parsers/kernel" diff --git a/vendor/github.com/docker/docker/pkg/parsers/parsers.go b/vendor/github.com/docker/docker/pkg/parsers/parsers.go index 068e524807..e6d7b33ec0 100644 --- a/vendor/github.com/docker/docker/pkg/parsers/parsers.go +++ b/vendor/github.com/docker/docker/pkg/parsers/parsers.go @@ -25,13 +25,14 @@ func ParseKeyValueOpt(opt string) (string, string, error) { // set to `true`. Values larger than `maximum` cause an error if max is non zero, // in order to stop the map becoming excessively large. // Supported formats: -// 7 -// 1-6 -// 0,3-4,7,8-10 -// 0-0,0,1-7 -// 03,1-3 <- this is gonna get parsed as [1,2,3] -// 3,2,1 -// 0-2,3,1 +// +// 7 +// 1-6 +// 0,3-4,7,8-10 +// 0-0,0,1-7 +// 03,1-3 <- this is gonna get parsed as [1,2,3] +// 3,2,1 +// 0-2,3,1 func ParseUintListMaximum(val string, maximum int) (map[int]bool, error) { return parseUintList(val, maximum) } @@ -42,13 +43,14 @@ func ParseUintListMaximum(val string, maximum int) (map[int]bool, error) { // input string. It returns a `map[int]bool` with available elements from `val` // set to `true`. // Supported formats: -// 7 -// 1-6 -// 0,3-4,7,8-10 -// 0-0,0,1-7 -// 03,1-3 <- this is gonna get parsed as [1,2,3] -// 3,2,1 -// 0-2,3,1 +// +// 7 +// 1-6 +// 0,3-4,7,8-10 +// 0-0,0,1-7 +// 03,1-3 <- this is gonna get parsed as [1,2,3] +// 3,2,1 +// 0-2,3,1 func ParseUintList(val string) (map[int]bool, error) { return parseUintList(val, 0) } diff --git a/vendor/github.com/docker/docker/pkg/plugins/client.go b/vendor/github.com/docker/docker/pkg/plugins/client.go index 0353305358..e683eb777d 100644 --- a/vendor/github.com/docker/docker/pkg/plugins/client.go +++ b/vendor/github.com/docker/docker/pkg/plugins/client.go @@ -5,7 +5,6 @@ import ( "context" "encoding/json" "io" - "io/ioutil" "net/http" "net/url" "time" @@ -19,6 +18,12 @@ import ( const ( defaultTimeOut = 30 + + // dummyHost is a hostname used for local communication. + // + // For local communications (npipe://, unix://), the hostname is not used, + // but we need valid and meaningful hostname. + dummyHost = "plugin.moby.localhost" ) func newTransport(addr string, tlsConfig *tlsconfig.Options) (transport.Transport, error) { @@ -45,8 +50,12 @@ func newTransport(addr string, tlsConfig *tlsconfig.Options) (transport.Transpor return nil, err } scheme := httpScheme(u) - - return transport.NewHTTPTransport(tr, scheme, socket), nil + hostName := u.Host + if hostName == "" || u.Scheme == "unix" || u.Scheme == "npipe" { + // Override host header for non-tcp connections. + hostName = dummyHost + } + return transport.NewHTTPTransport(tr, scheme, hostName), nil } // NewClient creates a new plugin client (http). @@ -187,7 +196,7 @@ func (c *Client) callWithRetry(serviceMethod string, data io.Reader, retry bool, } if resp.StatusCode != http.StatusOK { - b, err := ioutil.ReadAll(resp.Body) + b, err := io.ReadAll(resp.Body) resp.Body.Close() cancelRequest() if err != nil { diff --git a/vendor/github.com/docker/docker/pkg/plugins/discovery.go b/vendor/github.com/docker/docker/pkg/plugins/discovery.go index 4b79bd29ad..9d972b3c21 100644 --- a/vendor/github.com/docker/docker/pkg/plugins/discovery.go +++ b/vendor/github.com/docker/docker/pkg/plugins/discovery.go @@ -3,7 +3,7 @@ package plugins // import "github.com/docker/docker/pkg/plugins" import ( "encoding/json" "fmt" - "io/ioutil" + "io/fs" "net/url" "os" "path/filepath" @@ -29,33 +29,35 @@ func newLocalRegistry() localRegistry { // Scan scans all the plugin paths and returns all the names it found func Scan() ([]string, error) { var names []string - dirEntries, err := ioutil.ReadDir(socketsPath) + dirEntries, err := os.ReadDir(socketsPath) if err != nil && !os.IsNotExist(err) { return nil, errors.Wrap(err, "error reading dir entries") } - for _, fi := range dirEntries { - if fi.IsDir() { - fi, err = os.Stat(filepath.Join(socketsPath, fi.Name(), fi.Name()+".sock")) + for _, entry := range dirEntries { + if entry.IsDir() { + fi, err := os.Stat(filepath.Join(socketsPath, entry.Name(), entry.Name()+".sock")) if err != nil { continue } + + entry = fs.FileInfoToDirEntry(fi) } - if fi.Mode()&os.ModeSocket != 0 { - names = append(names, strings.TrimSuffix(filepath.Base(fi.Name()), filepath.Ext(fi.Name()))) + if entry.Type()&os.ModeSocket != 0 { + names = append(names, strings.TrimSuffix(filepath.Base(entry.Name()), filepath.Ext(entry.Name()))) } } for _, p := range specsPaths { - dirEntries, err := ioutil.ReadDir(p) + dirEntries, err := os.ReadDir(p) if err != nil && !os.IsNotExist(err) { return nil, errors.Wrap(err, "error reading dir entries") } for _, fi := range dirEntries { if fi.IsDir() { - infos, err := ioutil.ReadDir(filepath.Join(p, fi.Name())) + infos, err := os.ReadDir(filepath.Join(p, fi.Name())) if err != nil { continue } @@ -108,7 +110,7 @@ func (l *localRegistry) Plugin(name string) (*Plugin, error) { } func readPluginInfo(name, path string) (*Plugin, error) { - content, err := ioutil.ReadFile(path) + content, err := os.ReadFile(path) if err != nil { return nil, err } diff --git a/vendor/github.com/docker/docker/pkg/plugins/discovery_unix.go b/vendor/github.com/docker/docker/pkg/plugins/discovery_unix.go index 58058f2828..d645da8ce4 100644 --- a/vendor/github.com/docker/docker/pkg/plugins/discovery_unix.go +++ b/vendor/github.com/docker/docker/pkg/plugins/discovery_unix.go @@ -1,3 +1,4 @@ +//go:build !windows // +build !windows package plugins // import "github.com/docker/docker/pkg/plugins" diff --git a/vendor/github.com/docker/docker/pkg/plugins/plugins.go b/vendor/github.com/docker/docker/pkg/plugins/plugins.go index 2371e92101..94ab71e922 100644 --- a/vendor/github.com/docker/docker/pkg/plugins/plugins.go +++ b/vendor/github.com/docker/docker/pkg/plugins/plugins.go @@ -13,7 +13,7 @@ // A handshake is send at /Plugin.Activate, and plugins are expected to return // a Manifest with a list of Docker subsystems which this plugin implements. // -// In order to use a plugins, you can use the ``Get`` with the name of the +// In order to use a plugins, you can use the `Get` with the name of the // plugin and the subsystem it implements. // // plugin, err := plugins.Get("example", "VolumeDriver") diff --git a/vendor/github.com/docker/docker/pkg/plugins/plugins_unix.go b/vendor/github.com/docker/docker/pkg/plugins/plugins_unix.go index cdfbe93458..23e9d5715a 100644 --- a/vendor/github.com/docker/docker/pkg/plugins/plugins_unix.go +++ b/vendor/github.com/docker/docker/pkg/plugins/plugins_unix.go @@ -1,3 +1,4 @@ +//go:build !windows // +build !windows package plugins // import "github.com/docker/docker/pkg/plugins" diff --git a/vendor/github.com/docker/docker/pkg/reexec/command_unix.go b/vendor/github.com/docker/docker/pkg/reexec/command_unix.go index ceaabbdeee..b90043052e 100644 --- a/vendor/github.com/docker/docker/pkg/reexec/command_unix.go +++ b/vendor/github.com/docker/docker/pkg/reexec/command_unix.go @@ -1,3 +1,4 @@ +//go:build freebsd || darwin // +build freebsd darwin package reexec // import "github.com/docker/docker/pkg/reexec" diff --git a/vendor/github.com/docker/docker/pkg/reexec/command_unsupported.go b/vendor/github.com/docker/docker/pkg/reexec/command_unsupported.go index e7eed24240..7175853a55 100644 --- a/vendor/github.com/docker/docker/pkg/reexec/command_unsupported.go +++ b/vendor/github.com/docker/docker/pkg/reexec/command_unsupported.go @@ -1,3 +1,4 @@ +//go:build !linux && !windows && !freebsd && !darwin // +build !linux,!windows,!freebsd,!darwin package reexec // import "github.com/docker/docker/pkg/reexec" diff --git a/vendor/github.com/docker/docker/pkg/signal/signal_linux.go b/vendor/github.com/docker/docker/pkg/signal/signal_linux.go index 4013bded13..5e166ee1fe 100644 --- a/vendor/github.com/docker/docker/pkg/signal/signal_linux.go +++ b/vendor/github.com/docker/docker/pkg/signal/signal_linux.go @@ -1,3 +1,4 @@ +//go:build !mips && !mipsle && !mips64 && !mips64le // +build !mips,!mipsle,!mips64,!mips64le package signal // import "github.com/docker/docker/pkg/signal" diff --git a/vendor/github.com/docker/docker/pkg/signal/signal_linux_mipsx.go b/vendor/github.com/docker/docker/pkg/signal/signal_linux_mipsx.go index c78c887af5..6eb49500ef 100644 --- a/vendor/github.com/docker/docker/pkg/signal/signal_linux_mipsx.go +++ b/vendor/github.com/docker/docker/pkg/signal/signal_linux_mipsx.go @@ -1,3 +1,4 @@ +//go:build linux && (mips || mipsle || mips64 || mips64le) // +build linux // +build mips mipsle mips64 mips64le diff --git a/vendor/github.com/docker/docker/pkg/signal/signal_unix.go b/vendor/github.com/docker/docker/pkg/signal/signal_unix.go index a2aa4248fa..09fe2a8aa6 100644 --- a/vendor/github.com/docker/docker/pkg/signal/signal_unix.go +++ b/vendor/github.com/docker/docker/pkg/signal/signal_unix.go @@ -1,3 +1,4 @@ +//go:build !windows // +build !windows package signal // import "github.com/docker/docker/pkg/signal" diff --git a/vendor/github.com/docker/docker/pkg/signal/signal_unsupported.go b/vendor/github.com/docker/docker/pkg/signal/signal_unsupported.go index 1fd25a83c6..fc692b0b93 100644 --- a/vendor/github.com/docker/docker/pkg/signal/signal_unsupported.go +++ b/vendor/github.com/docker/docker/pkg/signal/signal_unsupported.go @@ -1,3 +1,4 @@ +//go:build !linux && !darwin && !freebsd && !windows // +build !linux,!darwin,!freebsd,!windows package signal // import "github.com/docker/docker/pkg/signal" diff --git a/vendor/github.com/docker/docker/pkg/signal/trap.go b/vendor/github.com/docker/docker/pkg/signal/trap.go index a277b95629..9ebdadeb3e 100644 --- a/vendor/github.com/docker/docker/pkg/signal/trap.go +++ b/vendor/github.com/docker/docker/pkg/signal/trap.go @@ -18,14 +18,13 @@ import ( // behavior expected from a vanilla unix command-line tool in general // (and the Docker engine in particular). // -// * If SIGINT or SIGTERM are received, `cleanup` is called, then the process is terminated. -// * If SIGINT or SIGTERM are received 3 times before cleanup is complete, then cleanup is -// skipped and the process is terminated immediately (allows force quit of stuck daemon) -// * A SIGQUIT always causes an exit without cleanup, with a goroutine dump preceding exit. -// * Ignore SIGPIPE events. These are generated by systemd when journald is restarted while -// the docker daemon is not restarted and also running under systemd. -// Fixes https://github.com/docker/docker/issues/19728 -// +// - If SIGINT or SIGTERM are received, `cleanup` is called, then the process is terminated. +// - If SIGINT or SIGTERM are received 3 times before cleanup is complete, then cleanup is +// skipped and the process is terminated immediately (allows force quit of stuck daemon) +// - A SIGQUIT always causes an exit without cleanup, with a goroutine dump preceding exit. +// - Ignore SIGPIPE events. These are generated by systemd when journald is restarted while +// the docker daemon is not restarted and also running under systemd. +// Fixes https://github.com/docker/docker/issues/19728 func Trap(cleanup func(), logger interface { Info(args ...interface{}) }) { diff --git a/vendor/github.com/docker/docker/pkg/sysinfo/cgroup2_linux.go b/vendor/github.com/docker/docker/pkg/sysinfo/cgroup2_linux.go index 432356b498..72658f0545 100644 --- a/vendor/github.com/docker/docker/pkg/sysinfo/cgroup2_linux.go +++ b/vendor/github.com/docker/docker/pkg/sysinfo/cgroup2_linux.go @@ -1,7 +1,6 @@ package sysinfo // import "github.com/docker/docker/pkg/sysinfo" import ( - "io/ioutil" "os" "path" "strings" @@ -139,13 +138,13 @@ func applyCPUSetCgroupInfoV2(info *SysInfo, controllers map[string]struct{}, dir } info.Cpuset = true - cpus, err := ioutil.ReadFile(path.Join(dirPath, "cpuset.cpus.effective")) + cpus, err := os.ReadFile(path.Join(dirPath, "cpuset.cpus.effective")) if err != nil { return warnings } info.Cpus = strings.TrimSpace(string(cpus)) - mems, err := ioutil.ReadFile(path.Join(dirPath, "cpuset.mems.effective")) + mems, err := os.ReadFile(path.Join(dirPath, "cpuset.mems.effective")) if err != nil { return warnings } diff --git a/vendor/github.com/docker/docker/pkg/sysinfo/numcpu.go b/vendor/github.com/docker/docker/pkg/sysinfo/numcpu.go index eea2d25bf9..5b5921dff4 100644 --- a/vendor/github.com/docker/docker/pkg/sysinfo/numcpu.go +++ b/vendor/github.com/docker/docker/pkg/sysinfo/numcpu.go @@ -1,3 +1,4 @@ +//go:build !linux && !windows // +build !linux,!windows package sysinfo // import "github.com/docker/docker/pkg/sysinfo" diff --git a/vendor/github.com/docker/docker/pkg/sysinfo/sysinfo_linux.go b/vendor/github.com/docker/docker/pkg/sysinfo/sysinfo_linux.go index 42709a4d35..e6b7ac787a 100644 --- a/vendor/github.com/docker/docker/pkg/sysinfo/sysinfo_linux.go +++ b/vendor/github.com/docker/docker/pkg/sysinfo/sysinfo_linux.go @@ -2,7 +2,6 @@ package sysinfo // import "github.com/docker/docker/pkg/sysinfo" import ( "fmt" - "io/ioutil" "os" "path" "strings" @@ -215,13 +214,13 @@ func applyCPUSetCgroupInfo(info *SysInfo, cgMounts map[string]string) []string { var err error - cpus, err := ioutil.ReadFile(path.Join(mountPoint, "cpuset.cpus")) + cpus, err := os.ReadFile(path.Join(mountPoint, "cpuset.cpus")) if err != nil { return warnings } info.Cpus = strings.TrimSpace(string(cpus)) - mems, err := ioutil.ReadFile(path.Join(mountPoint, "cpuset.mems")) + mems, err := os.ReadFile(path.Join(mountPoint, "cpuset.mems")) if err != nil { return warnings } @@ -263,7 +262,7 @@ func applyNetworkingInfo(info *SysInfo, _ map[string]string) []string { func applyAppArmorInfo(info *SysInfo, _ map[string]string) []string { var warnings []string if _, err := os.Stat("/sys/kernel/security/apparmor"); !os.IsNotExist(err) { - if _, err := ioutil.ReadFile("/sys/kernel/security/apparmor/profiles"); err == nil { + if _, err := os.ReadFile("/sys/kernel/security/apparmor/profiles"); err == nil { info.AppArmor = true } } @@ -306,7 +305,7 @@ func cgroupEnabled(mountPoint, name string) bool { } func readProcBool(path string) bool { - val, err := ioutil.ReadFile(path) + val, err := os.ReadFile(path) if err != nil { return false } diff --git a/vendor/github.com/docker/docker/pkg/sysinfo/sysinfo_unix.go b/vendor/github.com/docker/docker/pkg/sysinfo/sysinfo_unix.go index 47a131bc87..4c25884cc2 100644 --- a/vendor/github.com/docker/docker/pkg/sysinfo/sysinfo_unix.go +++ b/vendor/github.com/docker/docker/pkg/sysinfo/sysinfo_unix.go @@ -1,3 +1,4 @@ +//go:build !linux && !windows // +build !linux,!windows package sysinfo // import "github.com/docker/docker/pkg/sysinfo" diff --git a/vendor/github.com/docker/docker/pkg/system/chtimes_nowindows.go b/vendor/github.com/docker/docker/pkg/system/chtimes_nowindows.go index d5fab96f9d..84ae157051 100644 --- a/vendor/github.com/docker/docker/pkg/system/chtimes_nowindows.go +++ b/vendor/github.com/docker/docker/pkg/system/chtimes_nowindows.go @@ -1,3 +1,4 @@ +//go:build !windows // +build !windows package system // import "github.com/docker/docker/pkg/system" diff --git a/vendor/github.com/docker/docker/pkg/system/filesys_unix.go b/vendor/github.com/docker/docker/pkg/system/filesys_unix.go index dcee3e9f98..8b991201a9 100644 --- a/vendor/github.com/docker/docker/pkg/system/filesys_unix.go +++ b/vendor/github.com/docker/docker/pkg/system/filesys_unix.go @@ -1,9 +1,9 @@ +//go:build !windows // +build !windows package system // import "github.com/docker/docker/pkg/system" import ( - "io/ioutil" "os" "path/filepath" ) @@ -63,5 +63,5 @@ func OpenFileSequential(name string, flag int, perm os.FileMode) (*os.File, erro // to find the pathname of the file. It is the caller's responsibility // to remove the file when no longer needed. func TempFileSequential(dir, prefix string) (f *os.File, err error) { - return ioutil.TempFile(dir, prefix) + return os.CreateTemp(dir, prefix) } diff --git a/vendor/github.com/docker/docker/pkg/system/filesys_windows.go b/vendor/github.com/docker/docker/pkg/system/filesys_windows.go index b4646277ab..8f79dc8fe0 100644 --- a/vendor/github.com/docker/docker/pkg/system/filesys_windows.go +++ b/vendor/github.com/docker/docker/pkg/system/filesys_windows.go @@ -258,7 +258,7 @@ func nextSuffix() string { return strconv.Itoa(int(1e9 + r%1e9))[1:] } -// TempFileSequential is a copy of ioutil.TempFile, modified to use sequential +// TempFileSequential is a copy of os.CreateTemp, modified to use sequential // file access. Below is the original comment from golang: // TempFile creates a new temporary file in the directory dir // with a name beginning with prefix, opens the file for reading diff --git a/vendor/github.com/docker/docker/pkg/system/lcow.go b/vendor/github.com/docker/docker/pkg/system/lcow.go index 0f00028fbd..4599a3f23c 100644 --- a/vendor/github.com/docker/docker/pkg/system/lcow.go +++ b/vendor/github.com/docker/docker/pkg/system/lcow.go @@ -1,3 +1,4 @@ +//go:build windows && !no_lcow // +build windows,!no_lcow package system // import "github.com/docker/docker/pkg/system" diff --git a/vendor/github.com/docker/docker/pkg/system/lcow_unsupported.go b/vendor/github.com/docker/docker/pkg/system/lcow_unsupported.go index 3d3cf775a7..daadef31d5 100644 --- a/vendor/github.com/docker/docker/pkg/system/lcow_unsupported.go +++ b/vendor/github.com/docker/docker/pkg/system/lcow_unsupported.go @@ -1,3 +1,4 @@ +//go:build !windows || (windows && no_lcow) // +build !windows windows,no_lcow package system // import "github.com/docker/docker/pkg/system" diff --git a/vendor/github.com/docker/docker/pkg/system/lstat_unix.go b/vendor/github.com/docker/docker/pkg/system/lstat_unix.go index de5a1c0fb2..654b9f2c9e 100644 --- a/vendor/github.com/docker/docker/pkg/system/lstat_unix.go +++ b/vendor/github.com/docker/docker/pkg/system/lstat_unix.go @@ -1,3 +1,4 @@ +//go:build !windows // +build !windows package system // import "github.com/docker/docker/pkg/system" diff --git a/vendor/github.com/docker/docker/pkg/system/meminfo_unsupported.go b/vendor/github.com/docker/docker/pkg/system/meminfo_unsupported.go index 56f4494268..207ee58ee6 100644 --- a/vendor/github.com/docker/docker/pkg/system/meminfo_unsupported.go +++ b/vendor/github.com/docker/docker/pkg/system/meminfo_unsupported.go @@ -1,3 +1,4 @@ +//go:build !linux && !windows // +build !linux,!windows package system // import "github.com/docker/docker/pkg/system" diff --git a/vendor/github.com/docker/docker/pkg/system/meminfo_windows.go b/vendor/github.com/docker/docker/pkg/system/meminfo_windows.go index 6ed93f2fe2..124d2c502d 100644 --- a/vendor/github.com/docker/docker/pkg/system/meminfo_windows.go +++ b/vendor/github.com/docker/docker/pkg/system/meminfo_windows.go @@ -27,7 +27,7 @@ type memorystatusex struct { } // ReadMemInfo retrieves memory statistics of the host system and returns a -// MemInfo type. +// MemInfo type. func ReadMemInfo() (*MemInfo, error) { msi := &memorystatusex{ dwLength: 64, diff --git a/vendor/github.com/docker/docker/pkg/system/mknod.go b/vendor/github.com/docker/docker/pkg/system/mknod.go index b132482e03..d27152c0f5 100644 --- a/vendor/github.com/docker/docker/pkg/system/mknod.go +++ b/vendor/github.com/docker/docker/pkg/system/mknod.go @@ -1,3 +1,4 @@ +//go:build !windows // +build !windows package system // import "github.com/docker/docker/pkg/system" @@ -6,12 +7,6 @@ import ( "golang.org/x/sys/unix" ) -// Mknod creates a filesystem node (file, device special file or named pipe) named path -// with attributes specified by mode and dev. -func Mknod(path string, mode uint32, dev int) error { - return unix.Mknod(path, mode, dev) -} - // Mkdev is used to build the value of linux devices (in /dev/) which specifies major // and minor number of the newly created device special file. // Linux device nodes are a bit weird due to backwards compat with 16 bit device nodes. diff --git a/vendor/github.com/docker/docker/pkg/system/mknod_freebsd.go b/vendor/github.com/docker/docker/pkg/system/mknod_freebsd.go new file mode 100644 index 0000000000..c890be116f --- /dev/null +++ b/vendor/github.com/docker/docker/pkg/system/mknod_freebsd.go @@ -0,0 +1,14 @@ +//go:build freebsd +// +build freebsd + +package system // import "github.com/docker/docker/pkg/system" + +import ( + "golang.org/x/sys/unix" +) + +// Mknod creates a filesystem node (file, device special file or named pipe) named path +// with attributes specified by mode and dev. +func Mknod(path string, mode uint32, dev int) error { + return unix.Mknod(path, mode, uint64(dev)) +} diff --git a/vendor/github.com/docker/docker/pkg/system/mknod_unix.go b/vendor/github.com/docker/docker/pkg/system/mknod_unix.go new file mode 100644 index 0000000000..4586aad19e --- /dev/null +++ b/vendor/github.com/docker/docker/pkg/system/mknod_unix.go @@ -0,0 +1,14 @@ +//go:build !freebsd && !windows +// +build !freebsd,!windows + +package system // import "github.com/docker/docker/pkg/system" + +import ( + "golang.org/x/sys/unix" +) + +// Mknod creates a filesystem node (file, device special file or named pipe) named path +// with attributes specified by mode and dev. +func Mknod(path string, mode uint32, dev int) error { + return unix.Mknod(path, mode, dev) +} diff --git a/vendor/github.com/docker/docker/pkg/system/path_unix.go b/vendor/github.com/docker/docker/pkg/system/path_unix.go index b0b93196a1..2c85371b5e 100644 --- a/vendor/github.com/docker/docker/pkg/system/path_unix.go +++ b/vendor/github.com/docker/docker/pkg/system/path_unix.go @@ -1,3 +1,4 @@ +//go:build !windows // +build !windows package system // import "github.com/docker/docker/pkg/system" diff --git a/vendor/github.com/docker/docker/pkg/system/process_unix.go b/vendor/github.com/docker/docker/pkg/system/process_unix.go index 79aebb5272..d2ab9c3d7e 100644 --- a/vendor/github.com/docker/docker/pkg/system/process_unix.go +++ b/vendor/github.com/docker/docker/pkg/system/process_unix.go @@ -1,10 +1,11 @@ +//go:build linux || freebsd || darwin // +build linux freebsd darwin package system // import "github.com/docker/docker/pkg/system" import ( "fmt" - "io/ioutil" + "os" "strings" "syscall" @@ -30,7 +31,7 @@ func KillProcess(pid int) { // http://man7.org/linux/man-pages/man5/proc.5.html func IsProcessZombie(pid int) (bool, error) { statPath := fmt.Sprintf("/proc/%d/stat", pid) - dataBytes, err := ioutil.ReadFile(statPath) + dataBytes, err := os.ReadFile(statPath) if err != nil { return false, err } diff --git a/vendor/github.com/docker/docker/pkg/system/rm.go b/vendor/github.com/docker/docker/pkg/system/rm.go index c5d80ebda1..f2d81597c9 100644 --- a/vendor/github.com/docker/docker/pkg/system/rm.go +++ b/vendor/github.com/docker/docker/pkg/system/rm.go @@ -1,3 +1,4 @@ +//go:build !darwin && !windows // +build !darwin,!windows package system // import "github.com/docker/docker/pkg/system" diff --git a/vendor/github.com/docker/docker/pkg/system/stat_bsd.go b/vendor/github.com/docker/docker/pkg/system/stat_bsd.go index ea55c3dbb5..8e61d820f0 100644 --- a/vendor/github.com/docker/docker/pkg/system/stat_bsd.go +++ b/vendor/github.com/docker/docker/pkg/system/stat_bsd.go @@ -1,3 +1,4 @@ +//go:build freebsd || netbsd // +build freebsd netbsd package system // import "github.com/docker/docker/pkg/system" diff --git a/vendor/github.com/docker/docker/pkg/system/stat_linux.go b/vendor/github.com/docker/docker/pkg/system/stat_linux.go index 17d5d131a3..3ac02393f0 100644 --- a/vendor/github.com/docker/docker/pkg/system/stat_linux.go +++ b/vendor/github.com/docker/docker/pkg/system/stat_linux.go @@ -9,7 +9,7 @@ func fromStatT(s *syscall.Stat_t) (*StatT, error) { uid: s.Uid, gid: s.Gid, // the type is 32bit on mips - rdev: uint64(s.Rdev), // nolint: unconvert + rdev: uint64(s.Rdev), //nolint: unconvert mtim: s.Mtim}, nil } diff --git a/vendor/github.com/docker/docker/pkg/system/stat_unix.go b/vendor/github.com/docker/docker/pkg/system/stat_unix.go index 86bb6dd55e..a45ffddf75 100644 --- a/vendor/github.com/docker/docker/pkg/system/stat_unix.go +++ b/vendor/github.com/docker/docker/pkg/system/stat_unix.go @@ -1,3 +1,4 @@ +//go:build !windows // +build !windows package system // import "github.com/docker/docker/pkg/system" diff --git a/vendor/github.com/docker/docker/pkg/system/syscall_unix.go b/vendor/github.com/docker/docker/pkg/system/syscall_unix.go index 905d10f153..7c90bffaa5 100644 --- a/vendor/github.com/docker/docker/pkg/system/syscall_unix.go +++ b/vendor/github.com/docker/docker/pkg/system/syscall_unix.go @@ -1,3 +1,4 @@ +//go:build linux || freebsd // +build linux freebsd package system // import "github.com/docker/docker/pkg/system" diff --git a/vendor/github.com/docker/docker/pkg/system/umask.go b/vendor/github.com/docker/docker/pkg/system/umask.go index 9912a2babb..d4a15cbedc 100644 --- a/vendor/github.com/docker/docker/pkg/system/umask.go +++ b/vendor/github.com/docker/docker/pkg/system/umask.go @@ -1,3 +1,4 @@ +//go:build !windows // +build !windows package system // import "github.com/docker/docker/pkg/system" diff --git a/vendor/github.com/docker/docker/pkg/system/utimes_unix.go b/vendor/github.com/docker/docker/pkg/system/utimes_unix.go index 61ba8c474c..2768750a00 100644 --- a/vendor/github.com/docker/docker/pkg/system/utimes_unix.go +++ b/vendor/github.com/docker/docker/pkg/system/utimes_unix.go @@ -1,3 +1,4 @@ +//go:build linux || freebsd // +build linux freebsd package system // import "github.com/docker/docker/pkg/system" diff --git a/vendor/github.com/docker/docker/pkg/system/utimes_unsupported.go b/vendor/github.com/docker/docker/pkg/system/utimes_unsupported.go index 095e072e1d..bfed4af032 100644 --- a/vendor/github.com/docker/docker/pkg/system/utimes_unsupported.go +++ b/vendor/github.com/docker/docker/pkg/system/utimes_unsupported.go @@ -1,3 +1,4 @@ +//go:build !linux && !freebsd // +build !linux,!freebsd package system // import "github.com/docker/docker/pkg/system" diff --git a/vendor/github.com/docker/docker/pkg/system/xattrs_unsupported.go b/vendor/github.com/docker/docker/pkg/system/xattrs_unsupported.go index d780a90cd3..b165a5dbfe 100644 --- a/vendor/github.com/docker/docker/pkg/system/xattrs_unsupported.go +++ b/vendor/github.com/docker/docker/pkg/system/xattrs_unsupported.go @@ -1,3 +1,4 @@ +//go:build !linux // +build !linux package system // import "github.com/docker/docker/pkg/system" diff --git a/vendor/github.com/docker/docker/pkg/tarsum/tarsum.go b/vendor/github.com/docker/docker/pkg/tarsum/tarsum.go index 5542e1b2c0..5ea65f1ecd 100644 --- a/vendor/github.com/docker/docker/pkg/tarsum/tarsum.go +++ b/vendor/github.com/docker/docker/pkg/tarsum/tarsum.go @@ -246,6 +246,7 @@ func (ts *tarSum) Read(buf []byte) (int, error) { return 0, err } + //#nosec G305 -- The joined path is not passed to any filesystem APIs. ts.currentFile = path.Join(".", path.Join("/", currentHeader.Name)) if err := ts.encodeHeader(currentHeader); err != nil { return 0, err diff --git a/vendor/github.com/docker/docker/plugin/v2/plugin.go b/vendor/github.com/docker/docker/plugin/v2/plugin.go index 3e6e063f4a..d42e1bd0b9 100644 --- a/vendor/github.com/docker/docker/plugin/v2/plugin.go +++ b/vendor/github.com/docker/docker/plugin/v2/plugin.go @@ -126,7 +126,9 @@ func (p *Plugin) Set(args []string) error { // TODO(vieux): lots of code duplication here, needs to be refactored. next: - for _, s := range sets { + for _, set := range sets { + s := set + // range over all the envs in the config for _, env := range p.PluginObj.Config.Env { // found the env in the config diff --git a/vendor/github.com/docker/docker/plugin/v2/plugin_unsupported.go b/vendor/github.com/docker/docker/plugin/v2/plugin_unsupported.go index 734b2ac664..1b08aec171 100644 --- a/vendor/github.com/docker/docker/plugin/v2/plugin_unsupported.go +++ b/vendor/github.com/docker/docker/plugin/v2/plugin_unsupported.go @@ -1,3 +1,4 @@ +//go:build !linux // +build !linux package v2 // import "github.com/docker/docker/plugin/v2" diff --git a/vendor/github.com/docker/docker/runconfig/config_unix.go b/vendor/github.com/docker/docker/runconfig/config_unix.go index 65e8d6fcd4..78cef81554 100644 --- a/vendor/github.com/docker/docker/runconfig/config_unix.go +++ b/vendor/github.com/docker/docker/runconfig/config_unix.go @@ -1,3 +1,4 @@ +//go:build !windows // +build !windows package runconfig // import "github.com/docker/docker/runconfig" diff --git a/vendor/github.com/docker/docker/runconfig/hostconfig_unix.go b/vendor/github.com/docker/docker/runconfig/hostconfig_unix.go index 588cfa5644..f8e4fb0b54 100644 --- a/vendor/github.com/docker/docker/runconfig/hostconfig_unix.go +++ b/vendor/github.com/docker/docker/runconfig/hostconfig_unix.go @@ -1,3 +1,4 @@ +//go:build !windows // +build !windows package runconfig // import "github.com/docker/docker/runconfig" diff --git a/vendor/github.com/docker/docker/volume/mounts/mounts.go b/vendor/github.com/docker/docker/volume/mounts/mounts.go index c441e51ed9..d1897d7928 100644 --- a/vendor/github.com/docker/docker/volume/mounts/mounts.go +++ b/vendor/github.com/docker/docker/volume/mounts/mounts.go @@ -1,6 +1,7 @@ package mounts // import "github.com/docker/docker/volume/mounts" import ( + "context" "fmt" "os" "path/filepath" @@ -12,6 +13,7 @@ import ( "github.com/docker/docker/volume" "github.com/opencontainers/selinux/go-selinux/label" "github.com/pkg/errors" + "github.com/sirupsen/logrus" ) // MountPoint is the intersection point between a volume and a container. It @@ -179,3 +181,29 @@ func errInvalidMode(mode string) error { func errInvalidSpec(spec string) error { return errors.Errorf("invalid volume specification: '%s'", spec) } + +func (m *MountPoint) LiveRestore(ctx context.Context) error { + if m.Volume == nil { + logrus.Debug("No volume to restore") + return nil + } + + lrv, ok := m.Volume.(volume.LiveRestorer) + if !ok { + logrus.WithField("volume", m.Volume.Name()).Debugf("Volume does not support live restore: %T", m.Volume) + return nil + } + + id := m.ID + if id == "" { + id = stringid.GenerateRandomID() + } + + if err := lrv.LiveRestoreVolume(ctx, id); err != nil { + return errors.Wrapf(err, "error while restoring volume '%s'", m.Source) + } + + m.ID = id + m.active++ + return nil +} diff --git a/vendor/github.com/docker/docker/volume/mounts/volume_unix.go b/vendor/github.com/docker/docker/volume/mounts/volume_unix.go index c6d51e0710..e7e7bcc038 100644 --- a/vendor/github.com/docker/docker/volume/mounts/volume_unix.go +++ b/vendor/github.com/docker/docker/volume/mounts/volume_unix.go @@ -1,3 +1,4 @@ +//go:build linux || freebsd || darwin // +build linux freebsd darwin package mounts // import "github.com/docker/docker/volume/mounts" diff --git a/vendor/github.com/docker/docker/volume/volume.go b/vendor/github.com/docker/docker/volume/volume.go index 61c8243979..df641675ae 100644 --- a/vendor/github.com/docker/docker/volume/volume.go +++ b/vendor/github.com/docker/docker/volume/volume.go @@ -1,6 +1,7 @@ package volume // import "github.com/docker/docker/volume" import ( + "context" "time" ) @@ -67,3 +68,12 @@ type DetailedVolume interface { Scope() string Volume } + +// LiveRestorer is an optional interface that can be implemented by a volume driver +// It is used to restore any resources that are necessary for a volume to be used by a live-restored container +type LiveRestorer interface { + // LiveRestoreVolume allows a volume driver which implements this interface to restore any necessary resources (such as reference counting) + // This is called only after the daemon is restarted with live-restored containers + // It is called once per live-restored container. + LiveRestoreVolume(_ context.Context, ref string) error +} diff --git a/vendor/modules.txt b/vendor/modules.txt index 7f1a85f810..0d78c2fda8 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -324,9 +324,8 @@ github.com/docker/cli/cli/config/types github.com/docker/distribution github.com/docker/distribution/digestset github.com/docker/distribution/reference -github.com/docker/distribution/registry/api/errcode github.com/docker/distribution/registry/client/auth/challenge -# github.com/docker/docker v20.10.14+incompatible +# github.com/docker/docker v20.10.27+incompatible ## explicit github.com/docker/docker/api github.com/docker/docker/api/types