From 53ed25d9b6a0141f19fc2e95be7cece5512846c1 Mon Sep 17 00:00:00 2001 From: Albin Kerouanton Date: Fri, 3 Feb 2023 11:39:40 +0100 Subject: [PATCH 001/197] Fix bad ThrottleDevice path Fixes moby/moby#44904. Signed-off-by: Albin Kerouanton (cherry picked from commit 56051b84b00fa6a2bda9775231d2209c76d39e03) Signed-off-by: Sebastiaan van Stijn --- opts/throttledevice.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/opts/throttledevice.go b/opts/throttledevice.go index 9fb788433b52..789acf60fc56 100644 --- a/opts/throttledevice.go +++ b/opts/throttledevice.go @@ -31,7 +31,7 @@ func ValidateThrottleBpsDevice(val string) (*blkiodev.ThrottleDevice, error) { } return &blkiodev.ThrottleDevice{ - Path: v, + Path: k, Rate: uint64(rate), }, nil } From 168f1b55e2026e3c9819484b52b62ab915705966 Mon Sep 17 00:00:00 2001 From: Cory Snider Date: Fri, 3 Feb 2023 17:49:12 -0500 Subject: [PATCH 002/197] cli/command/container: exit 126 on EISDIR error The error returned from "os/exec".Command when attempting to execute a directory has been changed from syscall.EACCESS to syscall.EISDIR on Go 1.20. https://github.com/golang/go/commit/2b8f21409480931b45c983853a78dc7984ed634e Consequently, any runc runtime built against Go 1.20 will return an error containing 'is a directory' and not 'permission denied'. Update the string matching so the CLI exits with status code 126 on 'is a directory' errors (EISDIR) in addition to 'permission denied' (EACCESS). Signed-off-by: Cory Snider (cherry picked from commit 9b5ceb52b0a1271c6d0668adeedc55869709317b) Signed-off-by: Sebastiaan van Stijn --- cli/command/container/run.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/cli/command/container/run.go b/cli/command/container/run.go index dcf9dca9f284..f538c04a1dd6 100644 --- a/cli/command/container/run.go +++ b/cli/command/container/run.go @@ -308,7 +308,8 @@ func runStartContainerErr(err error) error { strings.Contains(trimmedErr, "no such file or directory") || strings.Contains(trimmedErr, "system cannot find the file specified") { statusError = cli.StatusError{StatusCode: 127} - } else if strings.Contains(trimmedErr, syscall.EACCES.Error()) { + } else if strings.Contains(trimmedErr, syscall.EACCES.Error()) || + strings.Contains(trimmedErr, syscall.EISDIR.Error()) { statusError = cli.StatusError{StatusCode: 126} } From 0cd15abfde20b97965168c1d054a313f8e9382a9 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Sat, 4 Feb 2023 13:28:11 +0100 Subject: [PATCH 003/197] vendor: github.com/containerd/containerd v1.6.16 no changes in vendored code full diff: https://github.com/containerd/containerd/compare/v1.6.15...v1.6.16 Signed-off-by: Sebastiaan van Stijn (cherry picked from commit 5195db1ff5dc4a98bb5c92328884e1fb1e82c162) Signed-off-by: Sebastiaan van Stijn --- vendor.mod | 2 +- vendor.sum | 4 ++-- vendor/modules.txt | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/vendor.mod b/vendor.mod index ba737bee6d66..684000fd6677 100644 --- a/vendor.mod +++ b/vendor.mod @@ -7,7 +7,7 @@ module github.com/docker/cli go 1.18 require ( - github.com/containerd/containerd v1.6.15 + github.com/containerd/containerd v1.6.16 github.com/creack/pty v1.1.11 github.com/docker/distribution v2.8.1+incompatible github.com/docker/docker v23.0.0-rc.3+incompatible diff --git a/vendor.sum b/vendor.sum index f7278deef088..6c132be14657 100644 --- a/vendor.sum +++ b/vendor.sum @@ -84,8 +84,8 @@ github.com/cockroachdb/datadriven v0.0.0-20200714090401-bf6692d28da5/go.mod h1:h github.com/cockroachdb/errors v1.2.4/go.mod h1:rQD95gz6FARkaKkQXUksEje/d9a6wBJoCr5oaCLELYA= github.com/cockroachdb/logtags v0.0.0-20190617123548-eb05cc24525f/go.mod h1:i/u985jwjWRlyHXQbwatDASoW0RMlZ/3i9yJHE2xLkI= github.com/containerd/console v1.0.3/go.mod h1:7LqA/THxQ86k76b8c/EMSiaJ3h1eZkMkXar0TQ1gf3U= -github.com/containerd/containerd v1.6.15 h1:4wWexxzLNHNE46aIETc6ge4TofO550v+BlLoANrbses= -github.com/containerd/containerd v1.6.15/go.mod h1:U2NnBPIhzJDm59xF7xB2MMHnKtggpZ+phKg8o2TKj2c= +github.com/containerd/containerd v1.6.16 h1:0H5xH6ABsN7XTrxIAKxFpBkFCBtrZ/OSORhCpUnHjrc= +github.com/containerd/containerd v1.6.16/go.mod h1:1RdCUu95+gc2v9t3IL+zIlpClSmew7/0YS8O5eQZrOw= github.com/containerd/continuity v0.3.0 h1:nisirsYROK15TAMVukJOUyGJjz4BNQJBVsNvAXZJ/eg= github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= diff --git a/vendor/modules.txt b/vendor/modules.txt index 162dd8224025..a0172dc05f5e 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -12,7 +12,7 @@ github.com/beorn7/perks/quantile # github.com/cespare/xxhash/v2 v2.1.2 ## explicit; go 1.11 github.com/cespare/xxhash/v2 -# github.com/containerd/containerd v1.6.15 +# github.com/containerd/containerd v1.6.16 ## explicit; go 1.17 github.com/containerd/containerd/errdefs github.com/containerd/containerd/log From 14aac2c232f23d8d1553c60ef4450be921a2d349 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Sat, 4 Feb 2023 13:30:07 +0100 Subject: [PATCH 004/197] vendor: github.com/docker/docker v23.0.0 - client: improve error messaging on crash full diff: https://github.com/docker/docker/compare/v23.0.0-rc.3...v23.0.0 Signed-off-by: Sebastiaan van Stijn (cherry picked from commit bbebebaedf079c5a145ef984ffe2f36abd7be8f1) Signed-off-by: Sebastiaan van Stijn --- vendor.mod | 2 +- vendor.sum | 4 ++-- .../docker/docker/client/container_wait.go | 23 +++++++++++++++++-- vendor/modules.txt | 2 +- 4 files changed, 25 insertions(+), 6 deletions(-) diff --git a/vendor.mod b/vendor.mod index 684000fd6677..1b99ae790bd3 100644 --- a/vendor.mod +++ b/vendor.mod @@ -10,7 +10,7 @@ require ( github.com/containerd/containerd v1.6.16 github.com/creack/pty v1.1.11 github.com/docker/distribution v2.8.1+incompatible - github.com/docker/docker v23.0.0-rc.3+incompatible + github.com/docker/docker v23.0.0+incompatible github.com/docker/docker-credential-helpers v0.7.0 github.com/docker/go-connections v0.4.0 github.com/docker/go-units v0.5.0 diff --git a/vendor.sum b/vendor.sum index 6c132be14657..40d93ff77bdd 100644 --- a/vendor.sum +++ b/vendor.sum @@ -101,8 +101,8 @@ github.com/denisenkom/go-mssqldb v0.0.0-20191128021309-1d7a30a10f73/go.mod h1:xb github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= github.com/docker/distribution v2.8.1+incompatible h1:Q50tZOPR6T/hjNsyc9g8/syEs6bk8XXApsHjKukMl68= github.com/docker/distribution v2.8.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= -github.com/docker/docker v23.0.0-rc.3+incompatible h1:97RCXK7nxN1YPlqb3z0+AoTE3rql4ck1CG5p9tlRD2o= -github.com/docker/docker v23.0.0-rc.3+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/docker v23.0.0+incompatible h1:L6c28tNyqZ4/ub9AZC9d5QUuunoHHfEH4/Ue+h/E5nE= +github.com/docker/docker v23.0.0+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker-credential-helpers v0.7.0 h1:xtCHsjxogADNZcdv1pKUHXryefjlVRqWqIhk/uXJp0A= github.com/docker/docker-credential-helpers v0.7.0/go.mod h1:rETQfLdHNT3foU5kuNkFR1R1V12OJRRO5lzt2D1b5X0= github.com/docker/go v1.5.1-1.0.20160303222718-d30aec9fd63c h1:lzqkGL9b3znc+ZUgi7FlLnqjQhcXxkNM/quxIjBVMD0= diff --git a/vendor/github.com/docker/docker/client/container_wait.go b/vendor/github.com/docker/docker/client/container_wait.go index 9aff7161325c..2375eb1e80f8 100644 --- a/vendor/github.com/docker/docker/client/container_wait.go +++ b/vendor/github.com/docker/docker/client/container_wait.go @@ -1,14 +1,19 @@ package client // import "github.com/docker/docker/client" import ( + "bytes" "context" "encoding/json" + "errors" + "io" "net/url" "github.com/docker/docker/api/types/container" "github.com/docker/docker/api/types/versions" ) +const containerWaitErrorMsgLimit = 2 * 1024 /* Max: 2KiB */ + // ContainerWait waits until the specified container is in a certain state // indicated by the given condition, either "not-running" (default), // "next-exit", or "removed". @@ -46,9 +51,23 @@ func (cli *Client) ContainerWait(ctx context.Context, containerID string, condit go func() { defer ensureReaderClosed(resp) + + body := resp.body + responseText := bytes.NewBuffer(nil) + stream := io.TeeReader(body, responseText) + var res container.WaitResponse - if err := json.NewDecoder(resp.body).Decode(&res); err != nil { - errC <- err + if err := json.NewDecoder(stream).Decode(&res); err != nil { + // NOTE(nicks): The /wait API does not work well with HTTP proxies. + // At any time, the proxy could cut off the response stream. + // + // But because the HTTP status has already been written, the proxy's + // only option is to write a plaintext error message. + // + // If there's a JSON parsing error, read the real error message + // off the body and send it to the client. + _, _ = io.ReadAll(io.LimitReader(stream, containerWaitErrorMsgLimit)) + errC <- errors.New(responseText.String()) return } diff --git a/vendor/modules.txt b/vendor/modules.txt index a0172dc05f5e..e944751e463e 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -40,7 +40,7 @@ github.com/docker/distribution/registry/client/transport github.com/docker/distribution/registry/storage/cache github.com/docker/distribution/registry/storage/cache/memory github.com/docker/distribution/uuid -# github.com/docker/docker v23.0.0-rc.3+incompatible +# github.com/docker/docker v23.0.0+incompatible ## explicit github.com/docker/docker/api github.com/docker/docker/api/types From 27b19a6acf2aad9131c3d1233c480731bca58a6a Mon Sep 17 00:00:00 2001 From: CrazyMax Date: Thu, 9 Feb 2023 18:03:11 +0100 Subject: [PATCH 005/197] ci: fix branch filter pattern Signed-off-by: CrazyMax (cherry picked from commit 0f395986875e564e7b9fb966133943079460cf5a) Signed-off-by: Sebastiaan van Stijn --- .github/workflows/build.yml | 2 +- .github/workflows/e2e.yml | 2 +- .github/workflows/test.yml | 2 +- .github/workflows/validate.yml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index b1f7e65a966c..8d78258cc6a8 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -9,7 +9,7 @@ on: push: branches: - 'master' - - '[0-9]+.[0-9]{2}' + - '[0-9]+.[0-9]+' tags: - 'v*' pull_request: diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml index 2c36dac447b0..9e9f04729d81 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e.yml @@ -9,7 +9,7 @@ on: push: branches: - 'master' - - '[0-9]+.[0-9]{2}' + - '[0-9]+.[0-9]+' tags: - 'v*' pull_request: diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 31da57a15b00..1b126462c801 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -9,7 +9,7 @@ on: push: branches: - 'master' - - '[0-9]+.[0-9]{2}' + - '[0-9]+.[0-9]+' tags: - 'v*' pull_request: diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 1f8fbd739d5a..30dd18680648 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -9,7 +9,7 @@ on: push: branches: - 'master' - - '[0-9]+.[0-9]{2}' + - '[0-9]+.[0-9]+' tags: - 'v*' pull_request: From 7f4e3ead75a1df4fee32a6d7141ba835deab5dc6 Mon Sep 17 00:00:00 2001 From: Aslam Ahemad Date: Tue, 14 Feb 2023 15:36:30 +0530 Subject: [PATCH 006/197] changed the container name in docker stats page Signed-off-by: Aslam Ahemad (cherry picked from commit d2f726d5addaa0b2fddbd439d4bd7463e588fbd2) Signed-off-by: Sebastiaan van Stijn --- docs/reference/commandline/stats.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/reference/commandline/stats.md b/docs/reference/commandline/stats.md index 4046e4122f03..87f4f28ada66 100644 --- a/docs/reference/commandline/stats.md +++ b/docs/reference/commandline/stats.md @@ -95,16 +95,16 @@ $ docker stats nginx --no-stream --format "{{ json . }}" Running `docker stats` with customized format on all (Running and Stopped) containers. ```console -$ docker stats --all --format "table {{.Container}}\t{{.CPUPerc}}\t{{.MemUsage}}" fervent_panini 5acfcb1b4fd1 drunk_visvesvaraya big_heisenberg +$ docker stats --all --format "table {{.Container}}\t{{.CPUPerc}}\t{{.MemUsage}}" fervent_panini 5acfcb1b4fd1 humble_visvesvaraya big_heisenberg CONTAINER CPU % MEM USAGE / LIMIT fervent_panini 0.00% 56KiB / 15.57GiB 5acfcb1b4fd1 0.07% 32.86MiB / 15.57GiB -drunk_visvesvaraya 0.00% 0B / 0B +humble_visvesvaraya 0.00% 0B / 0B big_heisenberg 0.00% 0B / 0B ``` -`drunk_visvesvaraya` and `big_heisenberg` are stopped containers in the above example. +`humble_visvesvaraya` and `big_heisenberg` are stopped containers in the above example. Running `docker stats` on all running containers against a Windows daemon. From 5051d82a17b57f8b6b076744733b452ffbb00b14 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Fri, 17 Feb 2023 01:05:16 +0100 Subject: [PATCH 007/197] update to go1.19.6 go1.19.6 (released 2023-02-14) includes security fixes to the crypto/tls, mime/multipart, net/http, and path/filepath packages, as well as bug fixes to the go command, the linker, the runtime, and the crypto/x509, net/http, and time packages. See the Go 1.19.6 milestone on our issue tracker for details: https://github.com/golang/go/issues?q=milestone%3AGo1.19.6+label%3ACherryPickApproved From the announcement on the security mailing: We have just released Go versions 1.20.1 and 1.19.6, minor point releases. These minor releases include 4 security fixes following the security policy: - path/filepath: path traversal in filepath.Clean on Windows On Windows, the filepath.Clean function could transform an invalid path such as a/../c:/b into the valid path c:\b. This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. The filepath.Clean function will now transform this path into the relative (but still invalid) path .\c:\b. This is CVE-2022-41722 and Go issue https://go.dev/issue/57274. - net/http, mime/multipart: denial of service from excessive resource consumption Multipart form parsing with mime/multipart.Reader.ReadForm can consume largely unlimited amounts of memory and disk files. This also affects form parsing in the net/http package with the Request methods FormFile, FormValue, ParseMultipartForm, and PostFormValue. ReadForm takes a maxMemory parameter, and is documented as storing "up to maxMemory bytes +10MB (reserved for non-file parts) in memory". File parts which cannot be stored in memory are stored on disk in temporary files. The unconfigurable 10MB reserved for non-file parts is excessively large and can potentially open a denial of service vector on its own. However, ReadForm did not properly account for all memory consumed by a parsed form, such as map ntry overhead, part names, and MIME headers, permitting a maliciously crafted form to consume well over 10MB. In addition, ReadForm contained no limit on the number of disk files created, permitting a relatively small request body to create a large number of disk temporary files. ReadForm now properly accounts for various forms of memory overhead, and should now stay within its documented limit of 10MB + maxMemory bytes of memory consumption. Users should still be aware that this limit is high and may still be hazardous. ReadForm now creates at most one on-disk temporary file, combining multiple form parts into a single temporary file. The mime/multipart.File interface type's documentation states, "If stored on disk, the File's underlying concrete type will be an *os.File.". This is no longer the case when a form contains more than one file part, due to this coalescing of parts into a single file. The previous behavior of using distinct files for each form part may be reenabled with the environment variable GODEBUG=multipartfiles=distinct. Users should be aware that multipart.ReadForm and the http.Request methods that call it do not limit the amount of disk consumed by temporary files. Callers can limit the size of form data with http.MaxBytesReader. This is CVE-2022-41725 and Go issue https://go.dev/issue/58006. - crypto/tls: large handshake records may cause panics Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session resumption (by setting Config.ClientSessionCache to a non-nil value), and TLS 1.3 servers which request client certificates (by setting Config.ClientAuth > = RequestClientCert). This is CVE-2022-41724 and Go issue https://go.dev/issue/58001. - net/http: avoid quadratic complexity in HPACK decoding A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. This issue is also fixed in golang.org/x/net/http2 v0.7.0, for users manually configuring HTTP/2. This is CVE-2022-41723 and Go issue https://go.dev/issue/57855. Signed-off-by: Sebastiaan van Stijn (cherry picked from commit e921e103a4c5a844cfc90d10de824c97cd78f00e) Signed-off-by: Sebastiaan van Stijn --- Dockerfile | 2 +- docker-bake.hcl | 2 +- dockerfiles/Dockerfile.dev | 2 +- dockerfiles/Dockerfile.lint | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index 8b0a1698ec1e..f576e7af48d6 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,7 @@ # syntax=docker/dockerfile:1 ARG BASE_VARIANT=alpine -ARG GO_VERSION=1.19.5 +ARG GO_VERSION=1.19.6 ARG ALPINE_VERSION=3.16 ARG XX_VERSION=1.1.1 ARG GOVERSIONINFO_VERSION=v1.3.0 diff --git a/docker-bake.hcl b/docker-bake.hcl index f754cd7ee1ac..40bf2215e8a1 100644 --- a/docker-bake.hcl +++ b/docker-bake.hcl @@ -1,5 +1,5 @@ variable "GO_VERSION" { - default = "1.19.5" + default = "1.19.6" } variable "VERSION" { default = "" diff --git a/dockerfiles/Dockerfile.dev b/dockerfiles/Dockerfile.dev index 65014de26f7d..4f9c55c0a4ef 100644 --- a/dockerfiles/Dockerfile.dev +++ b/dockerfiles/Dockerfile.dev @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:1 -ARG GO_VERSION=1.19.5 +ARG GO_VERSION=1.19.6 ARG ALPINE_VERSION=3.16 ARG BUILDX_VERSION=0.9.1 diff --git a/dockerfiles/Dockerfile.lint b/dockerfiles/Dockerfile.lint index b2986dfb16f7..a4e355c03dbc 100644 --- a/dockerfiles/Dockerfile.lint +++ b/dockerfiles/Dockerfile.lint @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:1 -ARG GO_VERSION=1.19.5 +ARG GO_VERSION=1.19.6 ARG ALPINE_VERSION=3.16 ARG GOLANGCI_LINT_VERSION=v1.49.0 From 1810e922ac39ef487a262eea1b56b768ecb11690 Mon Sep 17 00:00:00 2001 From: Bjorn Neergaard Date: Thu, 9 Feb 2023 23:26:02 -0700 Subject: [PATCH 008/197] docs: drop dated comments about graphdrivers Signed-off-by: Bjorn Neergaard (cherry picked from commit e636747a14b1a0d1cb2e60149d28574ed5c87de2) Signed-off-by: Bjorn Neergaard --- docs/reference/commandline/dockerd.md | 54 ++------------------------- 1 file changed, 4 insertions(+), 50 deletions(-) diff --git a/docs/reference/commandline/dockerd.md b/docs/reference/commandline/dockerd.md index bd6b610eda4b..ba7d9be8ab99 100644 --- a/docs/reference/commandline/dockerd.md +++ b/docs/reference/commandline/dockerd.md @@ -295,57 +295,11 @@ $ docker -H tcp://127.0.0.1:2375 pull ubuntu On Linux, the Docker daemon has support for several different image layer storage drivers: `aufs`, `devicemapper`, `btrfs`, `zfs`, `overlay`, `overlay2`, and `fuse-overlayfs`. -The `aufs` driver is the oldest, but is based on a Linux kernel patch-set that -is unlikely to be merged into the main kernel. These are also known to cause -some serious kernel crashes. However `aufs` allows containers to share -executable and shared library memory, so is a useful choice when running -thousands of containers with the same program or libraries. - -The `devicemapper` driver uses thin provisioning and Copy on Write (CoW) -snapshots. For each devicemapper graph location – typically -`/var/lib/docker/devicemapper` – a thin pool is created based on two block -devices, one for data and one for metadata. By default, these block devices -are created automatically by using loopback mounts of automatically created -sparse files. Refer to [Devicemapper options](#devicemapper-options) below -for a way how to customize this setup. -[~jpetazzo/Resizing Docker containers with the Device Mapper plugin](https://jpetazzo.github.io/2014/01/29/docker-device-mapper-resize/) -article explains how to tune your existing setup without the use of options. - -The `btrfs` driver is very fast for `docker build` - but like `devicemapper` -does not share executable memory between devices. Use -`dockerd --storage-driver btrfs --data-root /mnt/btrfs_partition`. - -The `zfs` driver is probably not as fast as `btrfs` but has a longer track record -on stability. Thanks to `Single Copy ARC` shared blocks between clones will be -cached only once. Use `dockerd -s zfs`. To select a different zfs filesystem -set `zfs.fsname` option as described in [ZFS options](#zfs-options). - -The `overlay` is a very fast union filesystem. It is now merged in the main -Linux kernel as of [3.18.0](https://lkml.org/lkml/2014/10/26/137). `overlay` -also supports page cache sharing, this means multiple containers accessing -the same file can share a single page cache entry (or entries), it makes -`overlay` as efficient with memory as `aufs` driver. Call `dockerd -s overlay` -to use it. - -The `overlay2` uses the same fast union filesystem but takes advantage of -[additional features](https://lkml.org/lkml/2015/2/11/106) added in Linux -kernel 4.0 to avoid excessive inode consumption. Call `dockerd -s overlay2` -to use it. +`overlay2` is the preferred storage driver for all currently supported Linux distributions, +and is selected by default. Unless users have a strong reason to prefer another storage driver, +`overlay2` should be used. -> **Note** -> -> The `overlay` storage driver can cause excessive inode consumption (especially -> as the number of images grows). We recommend using the `overlay2` storage -> driver instead. - - -> **Note** -> -> Both `overlay` and `overlay2` are currently unsupported on `btrfs` -> or any Copy on Write filesystem and should only be used over `ext4` partitions. - -The `fuse-overlayfs` driver is similar to `overlay2` but works in userspace. -The `fuse-overlayfs` driver is expected to be used for [Rootless mode](https://docs.docker.com/engine/security/rootless/). +You can find out more about storage drivers and how to select one in [Select a storage driver](https://docs.docker.com/storage/storagedriver/select-storage-driver/). On Windows, the Docker daemon only supports the `windowsfilter` storage driver. From 14ac8db9683e3c3f9c74f7cd6dff10b7af98d43f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pawe=C5=82=20Gronowski?= Date: Fri, 24 Feb 2023 10:13:54 +0100 Subject: [PATCH 009/197] test/cli: Use empty array as empty output of images/json MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Tests mocking the output of GET images/json with fakeClient used an array with one empty element as an empty response. Change it to just an empty array. Signed-off-by: Paweł Gronowski (cherry picked from commit a1953e19b266126bdbf906dfd06b735d73d8d27c) --- cli/command/image/client_test.go | 2 +- cli/command/image/list_test.go | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/cli/command/image/client_test.go b/cli/command/image/client_test.go index afae0b735dae..96e612f252e9 100644 --- a/cli/command/image/client_test.go +++ b/cli/command/image/client_test.go @@ -91,7 +91,7 @@ func (cli *fakeClient) ImageList(ctx context.Context, options types.ImageListOpt if cli.imageListFunc != nil { return cli.imageListFunc(options) } - return []types.ImageSummary{{}}, nil + return []types.ImageSummary{}, nil } func (cli *fakeClient) ImageInspectWithRaw(_ context.Context, image string) (types.ImageInspect, []byte, error) { diff --git a/cli/command/image/list_test.go b/cli/command/image/list_test.go index 67d87a2d3571..fb2227b807ad 100644 --- a/cli/command/image/list_test.go +++ b/cli/command/image/list_test.go @@ -30,7 +30,7 @@ func TestNewImagesCommandErrors(t *testing.T) { name: "failed-list", expectedError: "something went wrong", imageListFunc: func(options types.ImageListOptions) ([]types.ImageSummary, error) { - return []types.ImageSummary{{}}, errors.Errorf("something went wrong") + return []types.ImageSummary{}, errors.Errorf("something went wrong") }, }, } @@ -66,7 +66,7 @@ func TestNewImagesCommandSuccess(t *testing.T) { args: []string{"image"}, imageListFunc: func(options types.ImageListOptions) ([]types.ImageSummary, error) { assert.Check(t, is.Equal("image", options.Filters.Get("reference")[0])) - return []types.ImageSummary{{}}, nil + return []types.ImageSummary{}, nil }, }, { @@ -74,7 +74,7 @@ func TestNewImagesCommandSuccess(t *testing.T) { args: []string{"--filter", "name=value"}, imageListFunc: func(options types.ImageListOptions) ([]types.ImageSummary, error) { assert.Check(t, is.Equal("value", options.Filters.Get("name")[0])) - return []types.ImageSummary{{}}, nil + return []types.ImageSummary{}, nil }, }, } From 57a502772ba46925aa8fee5d36af16de8e6f0d84 Mon Sep 17 00:00:00 2001 From: Nick Santos Date: Mon, 20 Feb 2023 19:51:57 -0500 Subject: [PATCH 010/197] context: avoid corrupt file writes Write to a tempfile then move, so that if the process dies mid-write it doesn't corrupt the store. Also improve error messaging so that if a file does get corrupted, the user has some hope of figuring out which file is broken. For background, see: https://github.com/docker/for-win/issues/13180 https://github.com/docker/for-win/issues/12561 For a repro case, see: https://github.com/nicks/contextstore-sandbox Signed-off-by: Nick Santos (cherry picked from commit c2487c2997de50c11892382c08c592d44773d5d4) Signed-off-by: Sebastiaan van Stijn --- cli/context/store/metadatastore.go | 13 ++++++++----- cli/context/store/store_test.go | 27 +++++++++++++++++++++++++++ cli/context/store/tlsstore.go | 3 ++- 3 files changed, 37 insertions(+), 6 deletions(-) diff --git a/cli/context/store/metadatastore.go b/cli/context/store/metadatastore.go index ba3ea6c05a04..62c3f82a6a45 100644 --- a/cli/context/store/metadatastore.go +++ b/cli/context/store/metadatastore.go @@ -2,12 +2,14 @@ package store import ( "encoding/json" + "fmt" "os" "path/filepath" "reflect" "sort" "github.com/docker/docker/errdefs" + "github.com/docker/docker/pkg/ioutils" "github.com/fvbommel/sortorder" "github.com/pkg/errors" ) @@ -35,7 +37,7 @@ func (s *metadataStore) createOrUpdate(meta Metadata) error { if err != nil { return err } - return os.WriteFile(filepath.Join(contextDir, metaFile), bytes, 0o644) + return ioutils.AtomicWriteFile(filepath.Join(contextDir, metaFile), bytes, 0o644) } func parseTypedOrMap(payload []byte, getter TypeGetter) (interface{}, error) { @@ -65,7 +67,8 @@ func (s *metadataStore) get(name string) (Metadata, error) { } func (s *metadataStore) getByID(id contextdir) (Metadata, error) { - bytes, err := os.ReadFile(filepath.Join(s.contextDir(id), metaFile)) + fileName := filepath.Join(s.contextDir(id), metaFile) + bytes, err := os.ReadFile(fileName) if err != nil { if errors.Is(err, os.ErrNotExist) { return Metadata{}, errdefs.NotFound(errors.Wrap(err, "context not found")) @@ -77,15 +80,15 @@ func (s *metadataStore) getByID(id contextdir) (Metadata, error) { Endpoints: make(map[string]interface{}), } if err := json.Unmarshal(bytes, &untyped); err != nil { - return Metadata{}, err + return Metadata{}, fmt.Errorf("parsing %s: %v", fileName, err) } r.Name = untyped.Name if r.Metadata, err = parseTypedOrMap(untyped.Metadata, s.config.contextType); err != nil { - return Metadata{}, err + return Metadata{}, fmt.Errorf("parsing %s: %v", fileName, err) } for k, v := range untyped.Endpoints { if r.Endpoints[k], err = parseTypedOrMap(v, s.config.endpointTypes[k]); err != nil { - return Metadata{}, err + return Metadata{}, fmt.Errorf("parsing %s: %v", fileName, err) } } return r, err diff --git a/cli/context/store/store_test.go b/cli/context/store/store_test.go index c918be496232..235870a95421 100644 --- a/cli/context/store/store_test.go +++ b/cli/context/store/store_test.go @@ -7,9 +7,11 @@ import ( "bytes" "crypto/rand" "encoding/json" + "fmt" "io" "os" "path" + "path/filepath" "testing" "github.com/docker/docker/errdefs" @@ -230,3 +232,28 @@ func TestImportZipInvalid(t *testing.T) { err = Import("zipInvalid", s, r) assert.ErrorContains(t, err, "unexpected context file") } + +func TestCorruptMetadata(t *testing.T) { + tempDir := t.TempDir() + s := New(tempDir, testCfg) + err := s.CreateOrUpdate( + Metadata{ + Endpoints: map[string]interface{}{ + "ep1": endpoint{Foo: "bar"}, + }, + Metadata: context{Bar: "baz"}, + Name: "source", + }) + assert.NilError(t, err) + + // Simulate the meta.json file getting corrupted + // by some external process. + contextDir := s.meta.contextDir(contextdirOf("source")) + contextFile := filepath.Join(contextDir, metaFile) + err = os.WriteFile(contextFile, nil, 0o600) + assert.NilError(t, err) + + // Assert that the error message gives the user some clue where to look. + _, err = s.GetMetadata("source") + assert.ErrorContains(t, err, fmt.Sprintf("parsing %s: unexpected end of JSON input", contextFile)) +} diff --git a/cli/context/store/tlsstore.go b/cli/context/store/tlsstore.go index c61a7f549cf4..ffbbde7c0dbc 100644 --- a/cli/context/store/tlsstore.go +++ b/cli/context/store/tlsstore.go @@ -5,6 +5,7 @@ import ( "path/filepath" "github.com/docker/docker/errdefs" + "github.com/docker/docker/pkg/ioutils" "github.com/pkg/errors" ) @@ -31,7 +32,7 @@ func (s *tlsStore) createOrUpdate(name, endpointName, filename string, data []by if err := os.MkdirAll(endpointDir, 0o700); err != nil { return err } - return os.WriteFile(filepath.Join(endpointDir, filename), data, 0o600) + return ioutils.AtomicWriteFile(filepath.Join(endpointDir, filename), data, 0o600) } func (s *tlsStore) getData(name, endpointName, filename string) ([]byte, error) { From 5af8077eeb25734cd5f6fbc50868c140c7580f51 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pawe=C5=82=20Gronowski?= Date: Thu, 23 Feb 2023 16:02:25 +0100 Subject: [PATCH 011/197] formatter: Consider empty RepoTags and RepoDigests as dangling MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Paweł Gronowski (cherry picked from commit 89687d5b3f11af6848d325b4d096aa639445cb8d) --- cli/command/formatter/image.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/cli/command/formatter/image.go b/cli/command/formatter/image.go index 89553d104855..a84bd08e4125 100644 --- a/cli/command/formatter/image.go +++ b/cli/command/formatter/image.go @@ -27,6 +27,9 @@ type ImageContext struct { } func isDangling(image types.ImageSummary) bool { + if len(image.RepoTags) == 0 && len(image.RepoDigests) == 0 { + return true + } return len(image.RepoTags) == 1 && image.RepoTags[0] == ":" && len(image.RepoDigests) == 1 && image.RepoDigests[0] == "@" } From 0dbf70fad2dab10c4332197add58ba118aaa6f86 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pawe=C5=82=20Gronowski?= Date: Thu, 2 Mar 2023 17:27:05 +0100 Subject: [PATCH 012/197] docs: Deprecate buildkit's build information MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Paweł Gronowski (cherry picked from commit 8bc1aaceae07af15b74db7d2637fd7954c706826) Signed-off-by: Sebastiaan van Stijn --- docs/deprecated.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/docs/deprecated.md b/docs/deprecated.md index 5b81f0a99445..affa938dd455 100644 --- a/docs/deprecated.md +++ b/docs/deprecated.md @@ -50,6 +50,7 @@ The table below provides an overview of the current status of deprecated feature | Status | Feature | Deprecated | Remove | |------------|------------------------------------------------------------------------------------------------------------------------------------|------------|---------| +| Deprecated | [Buildkit build information](#buildkit-build-information) | v23.0.0 | v23.1.0 | | Deprecated | [Legacy builder for Linux images](#legacy-builder-for-linux-images) | v23.0.0 | - | | Deprecated | [Legacy builder fallback](#legacy-builder-fallback) | v23.0.0 | - | | Removed | [Btrfs storage driver on CentOS 7 and RHEL 7](#btrfs-storage-driver-on-centos-7-and-rhel-7) | v20.10 | v23.0.0 | @@ -104,6 +105,17 @@ The table below provides an overview of the current status of deprecated feature | Removed | [`--run` flag on `docker commit`](#--run-flag-on-docker-commit) | v0.10 | v1.13 | | Removed | [Three arguments form in `docker import`](#three-arguments-form-in-docker-import) | v0.6.7 | v1.12 | +### Buildkit build information + +**Deprecated in Release: v23.0.0** + +[Build information](https://github.com/moby/buildkit/blob/v0.11/docs/buildinfo.md) +structures have been introduced in [BuildKit v0.10.0](https://github.com/moby/buildkit/releases/tag/v0.10.0) +and are generated with build metadata that allows you to see all the sources +(images, git repositories) that were used by the build with their exact +versions and also the configuration that was passed to the build. This +information is also embedded into the image configuration if one is generated. + ### Legacy builder for Linux images **Deprecated in Release: v23.0.0** From 95066ff3a2121016e78b8aaacdd09aa13b7cb3ab Mon Sep 17 00:00:00 2001 From: Jacopo Rigoli Date: Thu, 23 Feb 2023 00:52:26 +0100 Subject: [PATCH 013/197] Dockerfile: update buildx to v0.10.3 release notes: https://github.com/docker/buildx/releases/tag/v0.10.3 Signed-off-by: Jacopo Rigoli (cherry picked from commit dac79b19a72ea4a6e5257ef229bc4dee3b949e03) Signed-off-by: Sebastiaan van Stijn --- Dockerfile | 2 +- dockerfiles/Dockerfile.dev | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index f576e7af48d6..08504a74bf85 100644 --- a/Dockerfile +++ b/Dockerfile @@ -6,7 +6,7 @@ ARG ALPINE_VERSION=3.16 ARG XX_VERSION=1.1.1 ARG GOVERSIONINFO_VERSION=v1.3.0 ARG GOTESTSUM_VERSION=v1.8.2 -ARG BUILDX_VERSION=0.9.1 +ARG BUILDX_VERSION=0.10.3 FROM --platform=$BUILDPLATFORM tonistiigi/xx:${XX_VERSION} AS xx diff --git a/dockerfiles/Dockerfile.dev b/dockerfiles/Dockerfile.dev index 4f9c55c0a4ef..981db58d118e 100644 --- a/dockerfiles/Dockerfile.dev +++ b/dockerfiles/Dockerfile.dev @@ -3,7 +3,7 @@ ARG GO_VERSION=1.19.6 ARG ALPINE_VERSION=3.16 -ARG BUILDX_VERSION=0.9.1 +ARG BUILDX_VERSION=0.10.3 FROM docker/buildx-bin:${BUILDX_VERSION} AS buildx FROM golang:${GO_VERSION}-alpine${ALPINE_VERSION} AS golang From 84fe451ec750a946330285154bb41c98d4139a6c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pawe=C5=82=20Gronowski?= Date: Thu, 9 Mar 2023 15:40:25 +0100 Subject: [PATCH 014/197] stack/loader: Ignore cmd.exe special env variables MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit On Windows, ignore all variables that start with "=" when building an environment variables map for stack. For MS-DOS compatibility cmd.exe can set some special environment variables that start with a "=" characters, which breaks the general assumption that the first encountered "=" separates a variable name from variable value and causes trouble when parsing. These variables don't seem to be documented anywhere, but they are described by some third-party sources and confirmed empirically on my Windows installation. Useful sources: https://devblogs.microsoft.com/oldnewthing/20100506-00/?p=14133 https://ss64.com/nt/syntax-variables.html Known variables: - `=ExitCode` stores the exit code returned by external command (in hex format) - `=ExitCodeAscii` - same as above, except the value is the ASCII representation of the code (so exit code 65 (0x41) becomes 'A'). - `=::=::\` and friends - store drive specific working directory. There is one env variable for each separate drive letter that was accessed in the shell session and stores the working directory for that specific drive. The general format for these is: `=:=` (key=`=:`, value=``) where is a working directory for the drive that is assigned to the letter A couple of examples: `=C:=C:\some\dir` (key: `=C:`, value: `C:\some\dir`) `=D:=D:\some\other\dir` (key: `=C:`, value: `C:\some\dir`) `=Z:=Z:\` (key: `=Z:`, value: `Z:\`) `=::=::\` is the one that seems to be always set and I'm not exactly sure what this one is for (what's drive `::`?). Others are set as soon as you CD to a path on some drive. Considering that you start a cmd.exe also has some working directory, there are 2 of these on start. All these variables can be safely ignored because they can't be deliberately set by the user, their meaning is only relevant to the cmd.exe session and they're all are related to the MS-DOS/Batch feature that are irrelevant for us. Signed-off-by: Paweł Gronowski (cherry picked from commit a47058bbd511cd98ea81db512abddb09c9eb1365) Signed-off-by: Sebastiaan van Stijn --- cli/command/stack/loader/loader.go | 14 +++++++++++ cli/command/stack/loader/loader_test.go | 32 +++++++++++++++++++++++++ 2 files changed, 46 insertions(+) diff --git a/cli/command/stack/loader/loader.go b/cli/command/stack/loader/loader.go index 105e84e64491..8b5359dd95b2 100644 --- a/cli/command/stack/loader/loader.go +++ b/cli/command/stack/loader/loader.go @@ -5,6 +5,7 @@ import ( "io" "os" "path/filepath" + "runtime" "sort" "strings" @@ -104,6 +105,19 @@ func GetConfigDetails(composefiles []string, stdin io.Reader) (composetypes.Conf func buildEnvironment(env []string) (map[string]string, error) { result := make(map[string]string, len(env)) for _, s := range env { + if runtime.GOOS == "windows" && len(s) > 0 { + // cmd.exe can have special environment variables which names start with "=". + // They are only there for MS-DOS compatibility and we should ignore them. + // See TestBuildEnvironment for examples. + // + // https://ss64.com/nt/syntax-variables.html + // https://devblogs.microsoft.com/oldnewthing/20100506-00/?p=14133 + // https://github.com/docker/cli/issues/4078 + if s[0] == '=' { + continue + } + } + k, v, ok := strings.Cut(s, "=") if !ok || k == "" { return result, errors.Errorf("unexpected environment %q", s) diff --git a/cli/command/stack/loader/loader_test.go b/cli/command/stack/loader/loader_test.go index 6ddca65bb855..6c0da17aa339 100644 --- a/cli/command/stack/loader/loader_test.go +++ b/cli/command/stack/loader/loader_test.go @@ -3,6 +3,7 @@ package loader import ( "os" "path/filepath" + "runtime" "strings" "testing" @@ -45,3 +46,34 @@ services: assert.Check(t, is.Equal("3.0", details.ConfigFiles[0].Config["version"])) assert.Check(t, is.Len(details.Environment, len(os.Environ()))) } + +func TestBuildEnvironment(t *testing.T) { + inputEnv := []string{ + "LEGIT_VAR=LEGIT_VALUE", + "EMPTY_VARIABLE=", + } + + if runtime.GOOS == "windows" { + inputEnv = []string{ + "LEGIT_VAR=LEGIT_VALUE", + + // cmd.exe has some special environment variables which start with "=". + // These should be ignored as they're only there for MS-DOS compatibility. + "=ExitCode=00000041", + "=ExitCodeAscii=A", + `=C:=C:\some\dir`, + `=D:=D:\some\different\dir`, + `=X:=X:\`, + `=::=::\`, + + "EMPTY_VARIABLE=", + } + } + + env, err := buildEnvironment(inputEnv) + assert.NilError(t, err) + + assert.Check(t, is.Len(env, 2)) + assert.Check(t, is.Equal("LEGIT_VALUE", env["LEGIT_VAR"])) + assert.Check(t, is.Equal("", env["EMPTY_VARIABLE"])) +} From b61b5a9878d7948b96e9c8f8a1665e1e1eb615d4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pawe=C5=82=20Gronowski?= Date: Thu, 9 Mar 2023 16:56:34 +0100 Subject: [PATCH 015/197] stack: Change unexpected environment variable error MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Make the error more specific by stating that it's caused by a specific environment variable and not an environment as a whole. Also don't escape the variable to make it more readable. Signed-off-by: Paweł Gronowski (cherry picked from commit 012b77952e6b2acad5f4df5d9f015830e572f6f5) Signed-off-by: Sebastiaan van Stijn --- cli/command/stack/loader/loader.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cli/command/stack/loader/loader.go b/cli/command/stack/loader/loader.go index 8b5359dd95b2..39810d883285 100644 --- a/cli/command/stack/loader/loader.go +++ b/cli/command/stack/loader/loader.go @@ -120,7 +120,7 @@ func buildEnvironment(env []string) (map[string]string, error) { k, v, ok := strings.Cut(s, "=") if !ok || k == "" { - return result, errors.Errorf("unexpected environment %q", s) + return result, errors.Errorf("unexpected environment variable '%s'", s) } // value may be set, but empty if "s" is like "K=", not "K". result[k] = v From 4c63110a9248f32dd4c11b28a2dce3b211dbcd05 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Fri, 10 Mar 2023 10:22:54 +0100 Subject: [PATCH 016/197] update to go1.19.7 Includes a security fix for crypto/elliptic (CVE-2023-24532). > go1.19.7 (released 2023-03-07) includes a security fix to the crypto/elliptic > package, as well as bug fixes to the linker, the runtime, and the crypto/x509 > and syscall packages. See the Go 1.19.7 milestone on our issue tracker for > details. https://go.dev/doc/devel/release#go1.19.minor From the announcement: > We have just released Go versions 1.20.2 and 1.19.7, minor point releases. > > These minor releases include 1 security fixes following the security policy: > > - crypto/elliptic: incorrect P-256 ScalarMult and ScalarBaseMult results > > The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an > incorrect result if called with some specific unreduced scalars (a scalar larger > than the order of the curve). > > This does not impact usages of crypto/ecdsa or crypto/ecdh. > > This is CVE-2023-24532 and Go issue https://go.dev/issue/58647. Signed-off-by: Sebastiaan van Stijn (cherry picked from commit 23da1cec6c9cf541095012122084da019fff9b92) Signed-off-by: Sebastiaan van Stijn --- Dockerfile | 2 +- docker-bake.hcl | 2 +- dockerfiles/Dockerfile.dev | 2 +- dockerfiles/Dockerfile.lint | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index 08504a74bf85..9d3f56380e6b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,7 @@ # syntax=docker/dockerfile:1 ARG BASE_VARIANT=alpine -ARG GO_VERSION=1.19.6 +ARG GO_VERSION=1.19.7 ARG ALPINE_VERSION=3.16 ARG XX_VERSION=1.1.1 ARG GOVERSIONINFO_VERSION=v1.3.0 diff --git a/docker-bake.hcl b/docker-bake.hcl index 40bf2215e8a1..a1bce32550b3 100644 --- a/docker-bake.hcl +++ b/docker-bake.hcl @@ -1,5 +1,5 @@ variable "GO_VERSION" { - default = "1.19.6" + default = "1.19.7" } variable "VERSION" { default = "" diff --git a/dockerfiles/Dockerfile.dev b/dockerfiles/Dockerfile.dev index 981db58d118e..f85ed3f80da7 100644 --- a/dockerfiles/Dockerfile.dev +++ b/dockerfiles/Dockerfile.dev @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:1 -ARG GO_VERSION=1.19.6 +ARG GO_VERSION=1.19.7 ARG ALPINE_VERSION=3.16 ARG BUILDX_VERSION=0.10.3 diff --git a/dockerfiles/Dockerfile.lint b/dockerfiles/Dockerfile.lint index a4e355c03dbc..3cd740c9f7e9 100644 --- a/dockerfiles/Dockerfile.lint +++ b/dockerfiles/Dockerfile.lint @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:1 -ARG GO_VERSION=1.19.6 +ARG GO_VERSION=1.19.7 ARG ALPINE_VERSION=3.16 ARG GOLANGCI_LINT_VERSION=v1.49.0 From 90a72a5894f59be28f3ef7cc73912c38c9b995ba Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Fri, 10 Mar 2023 12:31:44 +0100 Subject: [PATCH 017/197] Dockerfile: update buildx to v0.10.4 release notes: https://github.com/docker/buildx/releases/tag/v0.10.4 full diff: https://github.com/docker/buildx/compare/v0.10.3...v0.10.4 Signed-off-by: Sebastiaan van Stijn (cherry picked from commit 74c4ed4171a1af3722dd397d531019fa32f4c645) Signed-off-by: Sebastiaan van Stijn --- Dockerfile | 2 +- dockerfiles/Dockerfile.dev | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 08504a74bf85..316e83652e46 100644 --- a/Dockerfile +++ b/Dockerfile @@ -6,7 +6,7 @@ ARG ALPINE_VERSION=3.16 ARG XX_VERSION=1.1.1 ARG GOVERSIONINFO_VERSION=v1.3.0 ARG GOTESTSUM_VERSION=v1.8.2 -ARG BUILDX_VERSION=0.10.3 +ARG BUILDX_VERSION=0.10.4 FROM --platform=$BUILDPLATFORM tonistiigi/xx:${XX_VERSION} AS xx diff --git a/dockerfiles/Dockerfile.dev b/dockerfiles/Dockerfile.dev index 981db58d118e..fc416ddc4184 100644 --- a/dockerfiles/Dockerfile.dev +++ b/dockerfiles/Dockerfile.dev @@ -3,7 +3,7 @@ ARG GO_VERSION=1.19.6 ARG ALPINE_VERSION=3.16 -ARG BUILDX_VERSION=0.10.3 +ARG BUILDX_VERSION=0.10.4 FROM docker/buildx-bin:${BUILDX_VERSION} AS buildx FROM golang:${GO_VERSION}-alpine${ALPINE_VERSION} AS golang From d07453890c60565559f0e6d20b23dec4fb6a5c94 Mon Sep 17 00:00:00 2001 From: CrazyMax Date: Mon, 13 Mar 2023 19:46:58 +0100 Subject: [PATCH 018/197] Add bash completion for available plugins Signed-off-by: CrazyMax (cherry picked from commit aa0aa4a6dcf9d86f6f46979e9684ef0b48e5f6fe) --- contrib/completion/bash/docker | 53 ++++++++++++++++++++-------------- 1 file changed, 32 insertions(+), 21 deletions(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index 845cf984040e..c1c46bbba8b6 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1142,6 +1142,29 @@ __docker_complete_user_group() { fi } +DOCKER_PLUGINS_PATH=$(docker info --format '{{range .ClientInfo.Plugins}}{{.Path}}:{{end}}') + +__docker_complete_plugin() { + local path=$1 + local completionCommand="__completeNoDesc" + local resultArray=($path $completionCommand) + for value in "${words[@]:2}"; do + if [ -z "$value" ]; then + resultArray+=( "''" ) + else + resultArray+=( "$value" ) + fi + done + local result=$(eval "${resultArray[*]}" 2> /dev/null | grep -v '^:[0-9]*$') + + # if result empty, just use filename completion as fallback + if [ -z "$result" ]; then + _filedir + else + COMPREPLY=( $(compgen -W "${result}" -- "${current-}") ) + fi +} + _docker_docker() { # global options that may appear after the docker command local boolean_options=" @@ -5395,23 +5418,6 @@ _docker_wait() { _docker_container_wait } -COMPOSE_PLUGIN_PATH=$(docker info --format '{{range .ClientInfo.Plugins}}{{if eq .Name "compose"}}{{.Path}}{{end}}{{end}}') - -_docker_compose() { - local completionCommand="__completeNoDesc" - local resultArray=($COMPOSE_PLUGIN_PATH $completionCommand compose) - for value in "${words[@]:2}"; do - if [ -z "$value" ]; then - resultArray+=( "''" ) - else - resultArray+=( "$value" ) - fi - done - local result=$(eval "${resultArray[*]}" 2> /dev/null | grep -v '^:[0-9]*$') - - COMPREPLY=( $(compgen -W "${result}" -- "$current") ) -} - _docker() { local previous_extglob_setting=$(shopt -p extglob) shopt -s extglob @@ -5481,11 +5487,16 @@ _docker() { wait ) + # Create completion functions for all registered plugins local known_plugin_commands=() - - if [ -f "$COMPOSE_PLUGIN_PATH" ] ; then - known_plugin_commands+=("compose") - fi + local plugin_name="" + for plugin_path in ${DOCKER_PLUGINS_PATH//:/ }; do + plugin_name=$(basename "$plugin_path" | sed 's/ *$//') + plugin_name=${plugin_name#docker-} + plugin_name=${plugin_name%%.*} + eval "_docker_${plugin_name}() { __docker_complete_plugin \"${plugin_path}\"; }" + known_plugin_commands+=(${plugin_name}) + done local experimental_server_commands=( checkpoint From e2c402118cba0e84f1e360d2173017ce44646ae0 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Tue, 21 Mar 2023 16:53:03 +0100 Subject: [PATCH 019/197] cli/command: ElectAuthServer: fix deprecation comment The comment was not formatted correctly, and because of that not picked up as being deprecated. updates b4ca1c7368daeead400fcc1b8f2d61951a0d9d1e Signed-off-by: Sebastiaan van Stijn (cherry picked from commit e3fa7280ad8bcb478aa5ce708b356bbe8dcf5e9c) Signed-off-by: Sebastiaan van Stijn --- cli/command/registry.go | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/cli/command/registry.go b/cli/command/registry.go index 94b0c4171a5b..9958b7c0f8fb 100644 --- a/cli/command/registry.go +++ b/cli/command/registry.go @@ -21,8 +21,9 @@ import ( "github.com/pkg/errors" ) -// ElectAuthServer returns the default registry to use -// Deprecated: use registry.IndexServer instead +// ElectAuthServer returns the default registry to use. +// +// Deprecated: use [registry.IndexServer] instead. func ElectAuthServer(_ context.Context, _ Cli) string { return registry.IndexServer } From 114e17ac4bb56a14c64fa6a0697d790b70c0cbdc Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Tue, 21 Mar 2023 16:55:34 +0100 Subject: [PATCH 020/197] cli/command: fix imports formatting Signed-off-by: Sebastiaan van Stijn (cherry picked from commit 742881fc58e334b6cc9e27ce6034eb4414edd1aa) Signed-off-by: Sebastiaan van Stijn --- cli/command/registry_test.go | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/cli/command/registry_test.go b/cli/command/registry_test.go index b7d3e821166a..be518e3175b9 100644 --- a/cli/command/registry_test.go +++ b/cli/command/registry_test.go @@ -6,16 +6,13 @@ import ( "fmt" "testing" - "gotest.tools/v3/assert" - is "gotest.tools/v3/assert/cmp" - - // Prevents a circular import with "github.com/docker/cli/internal/test" - - . "github.com/docker/cli/cli/command" + . "github.com/docker/cli/cli/command" // Prevents a circular import with "github.com/docker/cli/internal/test" configtypes "github.com/docker/cli/cli/config/types" "github.com/docker/cli/internal/test" "github.com/docker/docker/api/types" "github.com/docker/docker/client" + "gotest.tools/v3/assert" + is "gotest.tools/v3/assert/cmp" ) type fakeClient struct { From a43c9f344053a6376ca3f3c1df10314665a81767 Mon Sep 17 00:00:00 2001 From: Laura Brehm Date: Thu, 2 Mar 2023 17:05:28 +0100 Subject: [PATCH 021/197] Don't automatically request size if `--size` was explicitly set to `false` Signed-off-by: Laura Brehm (cherry picked from commit 973333448774480682baeba3ec9dc4da0fd1873c) Signed-off-by: Sebastiaan van Stijn --- cli/command/container/list.go | 42 +++++++++++++--------- cli/command/container/list_test.go | 57 +++++++++++++++++++++++++----- 2 files changed, 74 insertions(+), 25 deletions(-) diff --git a/cli/command/container/list.go b/cli/command/container/list.go index 03a4c5cc77a0..3571954b5cdb 100644 --- a/cli/command/container/list.go +++ b/cli/command/container/list.go @@ -17,14 +17,15 @@ import ( ) type psOptions struct { - quiet bool - size bool - all bool - noTrunc bool - nLatest bool - last int - format string - filter opts.FilterOpt + quiet bool + size bool + sizeChanged bool + all bool + noTrunc bool + nLatest bool + last int + format string + filter opts.FilterOpt } // NewPsCommand creates a new cobra.Command for `docker ps` @@ -36,6 +37,7 @@ func NewPsCommand(dockerCli command.Cli) *cobra.Command { Short: "List containers", Args: cli.NoArgs, RunE: func(cmd *cobra.Command, args []string) error { + options.sizeChanged = cmd.Flags().Changed("size") return runPs(dockerCli, &options) }, Annotations: map[string]string{ @@ -78,13 +80,8 @@ func buildContainerListOptions(opts *psOptions) (*types.ContainerListOptions, er options.Limit = 1 } - if !opts.quiet && !options.Size && len(opts.format) > 0 { - // The --size option isn't set, but .Size may be used in the template. - // Parse and execute the given template to detect if the .Size field is - // used. If it is, then automatically enable the --size option. See #24696 - // - // Only requesting container size information when needed is an optimization, - // because calculating the size is a costly operation. + // always validate template when `--format` is used, for consistency + if len(opts.format) > 0 { tmpl, err := templates.NewParse("", opts.format) if err != nil { return nil, errors.Wrap(err, "failed to parse template") @@ -98,8 +95,19 @@ func buildContainerListOptions(opts *psOptions) (*types.ContainerListOptions, er return nil, errors.Wrap(err, "failed to execute template") } - if _, ok := optionsProcessor.FieldsUsed["Size"]; ok { - options.Size = true + // if `size` was not explicitly set to false (with `--size=false`) + // and `--quiet` is not set, request size if the template requires it + if !opts.quiet && !options.Size && !opts.sizeChanged { + // The --size option isn't set, but .Size may be used in the template. + // Parse and execute the given template to detect if the .Size field is + // used. If it is, then automatically enable the --size option. See #24696 + // + // Only requesting container size information when needed is an optimization, + // because calculating the size is a costly operation. + + if _, ok := optionsProcessor.FieldsUsed["Size"]; ok { + options.Size = true + } } } diff --git a/cli/command/container/list_test.go b/cli/command/container/list_test.go index d436e39a99ee..f88aeeb56c83 100644 --- a/cli/command/container/list_test.go +++ b/cli/command/container/list_test.go @@ -231,15 +231,56 @@ func TestContainerListFormatTemplateWithArg(t *testing.T) { } func TestContainerListFormatSizeSetsOption(t *testing.T) { - cli := test.NewFakeCli(&fakeClient{ - containerListFunc: func(options types.ContainerListOptions) ([]types.Container, error) { - assert.Check(t, options.Size) - return []types.Container{}, nil + tests := []struct { + doc, format, sizeFlag string + sizeExpected bool + }{ + { + doc: "detect with all fields", + format: `{{json .}}`, + sizeExpected: true, }, - }) - cmd := newListCommand(cli) - cmd.Flags().Set("format", `{{.Size}}`) - assert.NilError(t, cmd.Execute()) + { + doc: "detect with explicit field", + format: `{{.Size}}`, + sizeExpected: true, + }, + { + doc: "detect no size", + format: `{{.Names}}`, + sizeExpected: false, + }, + { + doc: "override enable", + format: `{{.Names}}`, + sizeFlag: "true", + sizeExpected: true, + }, + { + doc: "override disable", + format: `{{.Size}}`, + sizeFlag: "false", + sizeExpected: false, + }, + } + + for _, tc := range tests { + tc := tc + t.Run(tc.doc, func(t *testing.T) { + cli := test.NewFakeCli(&fakeClient{ + containerListFunc: func(options types.ContainerListOptions) ([]types.Container, error) { + assert.Check(t, is.Equal(options.Size, tc.sizeExpected)) + return []types.Container{}, nil + }, + }) + cmd := newListCommand(cli) + cmd.Flags().Set("format", tc.format) + if tc.sizeFlag != "" { + cmd.Flags().Set("size", tc.sizeFlag) + } + assert.NilError(t, cmd.Execute()) + }) + } } func TestContainerListWithConfigFormat(t *testing.T) { From 80f27987f4896582f5eb54587961e3205e7662ce Mon Sep 17 00:00:00 2001 From: CrazyMax Date: Mon, 27 Mar 2023 12:53:56 +0200 Subject: [PATCH 022/197] bake target to generate certs for e2e tets Signed-off-by: CrazyMax (cherry picked from commit d234a81de74f2b5737dbd282b281f4173814f162) Signed-off-by: Sebastiaan van Stijn --- docker-bake.hcl | 6 ++++++ e2e/testdata/Dockerfile.gencerts | 19 +++++++++++++++++++ e2e/testdata/gen-certs.sh | 12 ------------ 3 files changed, 25 insertions(+), 12 deletions(-) create mode 100644 e2e/testdata/Dockerfile.gencerts delete mode 100755 e2e/testdata/gen-certs.sh diff --git a/docker-bake.hcl b/docker-bake.hcl index a1bce32550b3..4ffa08bb3a81 100644 --- a/docker-bake.hcl +++ b/docker-bake.hcl @@ -159,3 +159,9 @@ target "e2e-image" { VERSION = VERSION } } + +target "e2e-gencerts" { + inherits = ["_common"] + dockerfile = "./e2e/testdata/Dockerfile.gencerts" + output = ["./e2e/testdata"] +} diff --git a/e2e/testdata/Dockerfile.gencerts b/e2e/testdata/Dockerfile.gencerts new file mode 100644 index 000000000000..e19b4358c37a --- /dev/null +++ b/e2e/testdata/Dockerfile.gencerts @@ -0,0 +1,19 @@ +# syntax=docker/dockerfile:1 + +ARG GO_VERSION=1.19.7 + +FROM golang:${GO_VERSION}-alpine AS generated +RUN go install github.com/dmcgowan/quicktls@master +WORKDIR /tmp/gencerts/notary +RUN --mount=type=bind,source=e2e/testdata/notary,target=/tmp/gencerts/notary,rw <> notary-server.cert + mv ca.pem root-ca.cert + cp notary-server.cert notary-server.key root-ca.cert ../notary-evil + cp -r /tmp/gencerts/notary* /out/ +EOT + +FROM scratch +COPY --from=generated /out / diff --git a/e2e/testdata/gen-certs.sh b/e2e/testdata/gen-certs.sh deleted file mode 100755 index 51e74e991886..000000000000 --- a/e2e/testdata/gen-certs.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/usr/bin/env sh -set -eu - -# This script is used to generate the test-certificates in the notary-server and -# evil-notary-server directories. Run this script to update the certificates if -# they expire. -GO111MODULE=off go get -u github.com/dmcgowan/quicktls -cd notary -quicktls -org=Docker -with-san notary-server notaryserver evil-notary-server evilnotaryserver localhost 127.0.0.1 -cat ca.pem >> notary-server.cert -mv ca.pem root-ca.cert -cp notary-server.cert notary-server.key root-ca.cert ../notary-evil/ From 59bb07f2e4abc7aa9816b46f307607084af49150 Mon Sep 17 00:00:00 2001 From: CrazyMax Date: Mon, 27 Mar 2023 13:27:39 +0200 Subject: [PATCH 023/197] e2e: increase tests certificates duration (10 years) Signed-off-by: CrazyMax (cherry picked from commit c6c33380daea84416753645ac97158b463009837) Signed-off-by: Sebastiaan van Stijn --- e2e/testdata/Dockerfile.gencerts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/e2e/testdata/Dockerfile.gencerts b/e2e/testdata/Dockerfile.gencerts index e19b4358c37a..19db44ecf175 100644 --- a/e2e/testdata/Dockerfile.gencerts +++ b/e2e/testdata/Dockerfile.gencerts @@ -8,7 +8,7 @@ WORKDIR /tmp/gencerts/notary RUN --mount=type=bind,source=e2e/testdata/notary,target=/tmp/gencerts/notary,rw <> notary-server.cert mv ca.pem root-ca.cert cp notary-server.cert notary-server.key root-ca.cert ../notary-evil From d3a36fc38cbb58148065bb6b3534af86c974f948 Mon Sep 17 00:00:00 2001 From: CrazyMax Date: Mon, 27 Mar 2023 13:27:52 +0200 Subject: [PATCH 024/197] e2e: update notary certificates Signed-off-by: CrazyMax (cherry picked from commit b201ce5efdf3448bb0fd69621f88433ff06cf113) Signed-off-by: Sebastiaan van Stijn --- e2e/testdata/notary-evil/notary-server.cert | 70 +++++++++++---------- e2e/testdata/notary-evil/notary-server.key | 50 +++++++-------- e2e/testdata/notary-evil/root-ca.cert | 33 +++++----- e2e/testdata/notary/notary-server.cert | 70 +++++++++++---------- e2e/testdata/notary/notary-server.key | 50 +++++++-------- e2e/testdata/notary/root-ca.cert | 33 +++++----- 6 files changed, 156 insertions(+), 150 deletions(-) diff --git a/e2e/testdata/notary-evil/notary-server.cert b/e2e/testdata/notary-evil/notary-server.cert index 701590aad826..eee2b3463d0d 100644 --- a/e2e/testdata/notary-evil/notary-server.cert +++ b/e2e/testdata/notary-evil/notary-server.cert @@ -1,38 +1,40 @@ -----BEGIN CERTIFICATE----- -MIIDVDCCAjygAwIBAgIQQReeTsMMrsG9juzWS8eAjjANBgkqhkiG9w0BAQsFADAi -MQ8wDQYDVQQKEwZEb2NrZXIxDzANBgNVBAMTBkRvY2tlcjAeFw0yMDA0MDkxNDQ3 -NTdaFw0yMzAzMjUxNDQ3NTdaMCkxDzANBgNVBAoTBkRvY2tlcjEWMBQGA1UEAxMN -bm90YXJ5LXNlcnZlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKKA -wO8S9Ux/e4TMOsTkPtCPfpFU+6l6z72uzrFhCNWb0lrTG7hcxwhP6sIesevTOM24 -GCyvzh+9SMTtdBmSQty4JNElqg9sB6r1tLTeTHo7lMiSiINftctoI1kYg9ni+IO9 -DVBSb9gQf9dDoizat9VhpbLNm3QXkQSeE9cumen6Pz+fcEtB7lFtIYxEEv/L7+VY -QOvhtg0RXiRzfmtSGwFL+FZ9PBz4LOvPnPOLCMQewhR+6cAkO7Jch0ZMjCe8zXXw -h8meeIedoevHt0opsr4HHikvr6llwlhWHL+E7zwTPO10xLGd/RIQGGhs8dXhzp1V -lw/oe2VJoIFSOaGjRFcCAwEAAaN/MH0wDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB -/wQCMAAwXQYDVR0RBFYwVIINbm90YXJ5LXNlcnZlcoIMbm90YXJ5c2VydmVyghJl -dmlsLW5vdGFyeS1zZXJ2ZXKCEGV2aWxub3RhcnlzZXJ2ZXKCCWxvY2FsaG9zdIcE -fwAAATANBgkqhkiG9w0BAQsFAAOCAQEAgwkZpp4s6reZWs9QatF/x9qWWXIXJzYh -6BgzHL3s7UgeZSs0XhgfHYy6SO94ENpbzPADZwue/NjwNXmp7TLjbyUPjSo1DDt7 -OLG8bQ/hbcPKgMzirTZT36CEsetIBYmfyn39h+ZEIJ30J996/Tgq+X9sG7An2wq3 -/btn+C/BiMUgGnNxZ8p4n+uJCUKA95uVugdLjeioA+19HgQzrLSkeZUR/wsesq5F -iP9k8va2oU3l3MsF079NpfIDl2gtIgXFYWPhyaJCaa+b8irjdoPnhDBuC5p77AWl -UTPw/6ENKMMd1Pze6HLpBJAkPP8hTlULKgvuF0pWuGOejipkAKlOBQ== +MIIDdzCCAl+gAwIBAgIQTujwx+1xxXeI5AbzAQ379TANBgkqhkiG9w0BAQsFADAi +MQ8wDQYDVQQKEwZEb2NrZXIxDzANBgNVBAMTBkRvY2tlcjAeFw0yMzAzMjcxMTA5 +NTBaFw0zMzAzMjQxMTA5NTBaMCkxDzANBgNVBAoTBkRvY2tlcjEWMBQGA1UEAxMN +bm90YXJ5LXNlcnZlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPhZ +pU7DRK/2nwbTu+kVYhU/XARDleVSiLrQ5RMR1Cz2xC4LWkOEVSj4aCBo85O66JAx +p+WRVwoVEU2rdkK3k4983Xr34+7q5Hv4hmwlg6I7QLRRJapEgK5G5RB/9aQntolx +h5E0KaoF4PJP25y4FHCUr4td4QyitaICsCpuOAN6XgmE9sM9TBf+AEjTSxwwvgEz +DqHvyovl7pA+pQP2oTKBrf6KN8hHDOXmm9gd8ST9yKLrsYWhqExLLPnAD4lQEcKZ +29g+iTd4eNoJUXctpuY+3IpqBcQSLq35mNKBP/FQco6g3q26/cB4zWGxTr3jGJqs +ms8qdFLGZ2KiBCt+oDMCAwEAAaOBoTCBnjAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0T +AQH/BAIwADAfBgNVHSMEGDAWgBTxYMNqgy2wkgmPZL/+bTCTQo6ulTBdBgNVHREE +VjBUgg1ub3Rhcnktc2VydmVyggxub3RhcnlzZXJ2ZXKCEmV2aWwtbm90YXJ5LXNl +cnZlcoIQZXZpbG5vdGFyeXNlcnZlcoIJbG9jYWxob3N0hwR/AAABMA0GCSqGSIb3 +DQEBCwUAA4IBAQCDMjuZnNINFfqstFwhEEvAgWbjYW26ZQxhQffaqDlbMIQkWoXj +8inld9bma9Mf5i/GAkUwFqCnEHD4LQ6vDgfAgL+pSOv9VI5SBEuk/gLqvIBUeIRu +uHo1jWtll2Fr7eDLVdD4mPRPFC7V6mv6sFa9EN4tBN8eheQxHJvzwnnU7X28prfI +/hWnwPWScVvttqBSsq1h2CUpVu2zGVToeCJ9xl4r/NyDtM5TyMgz7RLrer0p8NSu +4Qp4ZXtxHDLduWcyMUHLGTprW05yjj9UVq89xfaCOqFSpx5i4oxotYm1PoOacHmN +RMp9vaYMAmopoxIEYX6fDg5T3sQ5cidZJEvU -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIC8TCCAdmgAwIBAgIQBHJBPhWngTmnMShFTm17rTANBgkqhkiG9w0BAQsFADAi -MQ8wDQYDVQQKEwZEb2NrZXIxDzANBgNVBAMTBkRvY2tlcjAeFw0yMDA0MDkxNDQ3 -NTdaFw0yMzAzMjUxNDQ3NTdaMCIxDzANBgNVBAoTBkRvY2tlcjEPMA0GA1UEAxMG -RG9ja2VyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5E3t9TSkfFXu -VJooMBa2sNfX98MPMJoEzG+LEEe42XEegrfrq2VQ5Nb7VdM9hEi65GJgELsXRgc5 -s88C6hmgnnfD7CLb8UsbCTHgVE7SFrUuuwHaDq0gcx3PiVThm2eGbGh70tpFYEfP -onWqyoUS90gvc5ZeKwRKXLoEQ1fhWSNSurrr6tY4AtVOdbYuAHepJcQW/rYk+i4a -7E46UBaM0IucYTiX34a6aZtNulRdgNTDmyIBDrFnmBW+BIKQmY/7lIDSBE0QDKZJ -+yx5TWzJeCiqqPn7rK8jaUlTNeBUCVAyD6PylOf9S8njAlAynFEz5mm+fpRB077Y -8vTHsvhqMQIDAQABoyMwITAOBgNVHQ8BAf8EBAMCAqQwDwYDVR0TAQH/BAUwAwEB -/zANBgkqhkiG9w0BAQsFAAOCAQEAgibOJ8rfqzjb97ToIJq9VPDQyEqCYV3RHR04 -UqdcAK5DMjcVRPtf6e2vGNP4bbY41GM/HW9aMqTL+9Iiuj/pLwe4Az0Ro/IzoXMt -yyNqzUpNLfDFAwfMOPLrcBG7gvc/iK6lF1crelPYoaoOptwux+4/PT4nKRKlq3A6 -C1k5CjKnHUOEccBEjBL/2pvaqhuQTupA/iy8InerD2TN1ew9qk0URStMF/cif/2R -lN68Zl+zAkuypzXbxK4LlheFP3CaNuXf1DDaDsmxAgVyWrrSI7a2Nl+AiLTogxCt -YnxxdSL6x4tS8aOkrFHAoyb7Oog+285fHoTKiF3e4zjUE/+uXQ== +MIIDEDCCAfigAwIBAgIQdxGVILXsVcogexr+Ia2MZDANBgkqhkiG9w0BAQsFADAi +MQ8wDQYDVQQKEwZEb2NrZXIxDzANBgNVBAMTBkRvY2tlcjAeFw0yMzAzMjcxMTA5 +NTBaFw0zMzAzMjQxMTA5NTBaMCIxDzANBgNVBAoTBkRvY2tlcjEPMA0GA1UEAxMG +RG9ja2VyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq3sA/g7Srrkz +uEf1Qa2jAw93EfEJvxU1ZmZ30aB7KLgHN2TznxAGYtNekAu88CV4H3PKS44BZOar +wOo3KL4wQffLt7lmsRJG1KOfyiAmjmvidP5JSeRdTiBtj4CCVoi3EE6BZXPpZjst +9OSOlld2bWWXHb2ZdoY3ZAhZ9rn3tVwyfoLKpuESp1WZSFHPIdcuoMmZPtqD0bSi +5hc4gVFNLlZOAILvUkXxcHKUgLHZg0YEDQWsYjqh8EYp5LUK2tt4Mpz0HwAt9siE +VxHGIsiEqG1ajmxZiS28nlRWc4JRlOdmy5x1TPzJTDy+49gxB4njp1nRUtUgzmaG +QHhml35xHQIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAqQwDwYDVR0TAQH/BAUwAwEB +/zAdBgNVHQ4EFgQU8WDDaoMtsJIJj2S//m0wk0KOrpUwDQYJKoZIhvcNAQELBQAD +ggEBAKZJfQjjfqn0K/UlzmrGcRkhrLbJNUfCD6TvxD75MoGtEe+VUEjljm1JHSbj +DrevDyTnak1W4o5/dcy0h6kI6lhHgObbcoAV5CxQ4+HHmeowA/fzedbnIdnHwtNg +SUJEslqoJSiYiiFQLV/yWWfBCWpbIgpDrADU7x9Ccxt6INuxrxOQwf1LZnmVbYs0 +1Mb/O1UFnvW7MeVSR4Nb/4lw6lol+mrR1iF8tTQ+rk4sBdCxw2aU48x3Pjqm+XpV +PIm9uRUr4tRDyQfmBZuxWTNJ9NSx5zVpLEPhDmyOW5wlSw+aKGscu9+RjBx/gXPk +sK8jZi441ojEJ7OaggGPheO3mCU= -----END CERTIFICATE----- diff --git a/e2e/testdata/notary-evil/notary-server.key b/e2e/testdata/notary-evil/notary-server.key index 02e8aa4461bb..7f7562a9defd 100644 --- a/e2e/testdata/notary-evil/notary-server.key +++ b/e2e/testdata/notary-evil/notary-server.key @@ -1,27 +1,27 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAooDA7xL1TH97hMw6xOQ+0I9+kVT7qXrPva7OsWEI1ZvSWtMb -uFzHCE/qwh6x69M4zbgYLK/OH71IxO10GZJC3Lgk0SWqD2wHqvW0tN5MejuUyJKI -g1+1y2gjWRiD2eL4g70NUFJv2BB/10OiLNq31WGlss2bdBeRBJ4T1y6Z6fo/P59w -S0HuUW0hjEQS/8vv5VhA6+G2DRFeJHN+a1IbAUv4Vn08HPgs68+c84sIxB7CFH7p -wCQ7slyHRkyMJ7zNdfCHyZ54h52h68e3SimyvgceKS+vqWXCWFYcv4TvPBM87XTE -sZ39EhAYaGzx1eHOnVWXD+h7ZUmggVI5oaNEVwIDAQABAoIBAB+xmO+H9Qu8eWzH -IFcyZQXsVrUlrAe8CjRmma2CzWRMBdTtA6ULg04duB2wOudRxOxqkVx11W/fTQgL -f+9U1XGTAKtB+08StNQlI99609OrNzN/UNy+mAhaATrpSx395JZdEvGtgl7TqPtl -F4ZECkK1zsl2zHDx/7i01A3N6vr1IiK1UU0sdQqqrYdWXm+ozJpRuYj8AMU3JN79 -aVDFy7cM68UZRVHp0os2SXrmTLE6Li0L0Gp55371iAbv7NQAzyhH/U2HRwSMYTSY -aRqr3VQqI7Frf0QHtHtcUP0idGa/KXMRKzSIbGFCUNV2XxXs+c7+xFylRZuJ1DBp -oawlYNECgYEAwc8+2034McwM0zMTTdIA+WhrDVSEFDpv4S9LjFzOl09J+LVHe6Mj -am1bKu99PWzmNnvBrnDPOfEI3VxkIJW59omjPecXsie6/XNfG2U0Yvd4B4Aq5mSW -+YSqH1FlQ3qqcjj/zTj+A3nfBNyn80I16AsbZVO4jijMrDsleLk+NjMCgYEA1qXI -hyj+i96/WxYEofgDMlmM3nUWN3Ll3M9MEfpX1+B13XYWqOYpG/WGk7gxDVKtUkqh -KbgnLtdglQjz10iD1nXpmMPzrVfEFZwlhUfrBGOXJIdOt2nCoxzMd/k13xVqjOS2 -X4sja+vvgJVwYm5q+YS3gNutx1Om5gyeEjoCLU0CgYEAoGhJW/WCcKS0ELF7TrN7 -fvG/eL70ulFLfBNK8hd2HaHQVXqkeV4i19k+1aB2Bbr2Jy3ytdBEk249qgjoDlge -HED6zSdRY3CiwVcV5nSzER5FR9/6ocmrc0UsENOrflgubm9iuJZtFq9tuHZww1OP -jkhzGkBaxb5a+EnTz8FyDiUCgYBgVXVDG+XqFmVhVudrXejpXwF3EauP5TQ+vpaQ -dv+XtniPlSEkWm/WyYHFqGPza8i35yCfnbOQNT92g9cUJspspOzbEA68HGi3niXE -xHs4tA2waj2s2X1uQU2PBrzjyzPP2hHznXmfRPtvhSI0OwQtyh+laHJ8xBFirAUB -fyFc/QKBgFWXXq2W/m3m1zsshn0QtxsC/sIxDdLseGq5sUi5Xy7R0fXqhKAW6xfj -pnHcAe4yKT6ymnfBQ8xdKURuZJWMql8R0b1lSJb7A9P9ZxTD7FjW7ilyzbdFMr7F -CTRZcz33sHTWD2TOqpDsia9gbQythGmySv4WVJ5W8H7gFY/2/h2W +MIIEpAIBAAKCAQEA+FmlTsNEr/afBtO76RViFT9cBEOV5VKIutDlExHULPbELgta +Q4RVKPhoIGjzk7rokDGn5ZFXChURTat2QreTj3zdevfj7urke/iGbCWDojtAtFEl +qkSArkblEH/1pCe2iXGHkTQpqgXg8k/bnLgUcJSvi13hDKK1ogKwKm44A3peCYT2 +wz1MF/4ASNNLHDC+ATMOoe/Ki+XukD6lA/ahMoGt/oo3yEcM5eab2B3xJP3Iouux +haGoTEss+cAPiVARwpnb2D6JN3h42glRdy2m5j7cimoFxBIurfmY0oE/8VByjqDe +rbr9wHjNYbFOveMYmqyazyp0UsZnYqIEK36gMwIDAQABAoIBAQDy7W2f763+mbTQ +zshepQX+Vq3BlgLIAMWyR6fr0WLEYNVhXMV8ibNrkiD4ovCwLwJSGeBr1JFZUWZN +nUze0gdLMg7LvDN/ftDk2yNSIhfy1xbhywaW2M8uqjZiv2genKIXK7A6PtYKdBmn +rKnbUMzdmvNj1f7Ph1E4Gn0L5ChybJDJrq6wQjuTdZ6RmkGkbid0L+47Uv+6xBm9 +hgBPVXd8auQAYGmyXZwvfga5ZjfRMI4wvWkvjOAQcJtxxgOnLT1KDjYV+L70PWul +bYoKX0sNkFEP9tOq2pD9XVBuTVQxcYeztv0Vz+kG66Ju1KKCAnUYFhRt055zZLfm +WDYlWm0BAoGBAPvGW9LvzwCDE9QUcR46nG1ZihheJyGKwWVK+ZjYkUU9nLbrIpOD +/jmihoHHhKBC6YOfHHY73LtZ22fgXEu6ivDzZtTxBErXbdRpEKktJebRK7gPkfsB +PNQ8CRd/DxRC/JuVFR76OPsbZWhXCaeC7PRdyAtvU9toT1jIQf+a4OhBAoGBAPyE +kxEoNO1KhWtgByUlsPzvq9PaTjwW/LpmEoo0FBUhYRPxYzVuYrE0BBflDR6JcMRR +oE9CXYGjtVPB44gT7pHVP09f3Ugrxk7X+t8wy3PWUTaTprmmEGqF0TzfdH4oQz0Y +v1khwuIu6rRlddGEiCKldXxn+gJy9E70yO4bm4tzAoGAL/XFIBVWVT6i1E9gjOWV +Tq8zwxiMU7Ney7DQgvEeGxZ1d9Kqr3cBQnFXNfmPpgeY+92fSlZ04atoRA1VB4ft +V6DGAeI3cxo+bavl5JQZGDLYJSOyJyJBOByHjtZBRRbNj8WCVHhNymeZlZqe2C30 +fUgwBx2Z172y/7KF/+680QECgYEA1GhUKQ9wDdYsiliZSgb9bJXSLH8qZeNULRrl +J3mNFwUf2p2mvPAgdjxx4QOb2H716z1aIrGJZB4nzc9/LBzQBb2h5ouV4DpqMjH8 +5bbuvH6fi9ABY5Irpt7vVUwFeoU1ofPqKPh8LLQYWywpQddAiBwzyjTQGTVHCg9f +4OI6Ib8CgYAptl24MGOc6BminKgsux+vNS9X1WwIADiHDyWBPHeQgLX8bYegswq9 +/6uGXJQgdFBhfLuoTBBN0ia/0QQhDezzrqnERddciuL2zxFxEETdpIuxm4lhieX7 +9LqnFcjxM4sLCg4SDSRX+nburiCnLDQiaBzhARooMJO48luTZUiWYQ== -----END RSA PRIVATE KEY----- diff --git a/e2e/testdata/notary-evil/root-ca.cert b/e2e/testdata/notary-evil/root-ca.cert index fdbb0b0e0ffa..e7411c14bef8 100644 --- a/e2e/testdata/notary-evil/root-ca.cert +++ b/e2e/testdata/notary-evil/root-ca.cert @@ -1,18 +1,19 @@ -----BEGIN CERTIFICATE----- -MIIC8TCCAdmgAwIBAgIQBHJBPhWngTmnMShFTm17rTANBgkqhkiG9w0BAQsFADAi -MQ8wDQYDVQQKEwZEb2NrZXIxDzANBgNVBAMTBkRvY2tlcjAeFw0yMDA0MDkxNDQ3 -NTdaFw0yMzAzMjUxNDQ3NTdaMCIxDzANBgNVBAoTBkRvY2tlcjEPMA0GA1UEAxMG -RG9ja2VyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5E3t9TSkfFXu -VJooMBa2sNfX98MPMJoEzG+LEEe42XEegrfrq2VQ5Nb7VdM9hEi65GJgELsXRgc5 -s88C6hmgnnfD7CLb8UsbCTHgVE7SFrUuuwHaDq0gcx3PiVThm2eGbGh70tpFYEfP -onWqyoUS90gvc5ZeKwRKXLoEQ1fhWSNSurrr6tY4AtVOdbYuAHepJcQW/rYk+i4a -7E46UBaM0IucYTiX34a6aZtNulRdgNTDmyIBDrFnmBW+BIKQmY/7lIDSBE0QDKZJ -+yx5TWzJeCiqqPn7rK8jaUlTNeBUCVAyD6PylOf9S8njAlAynFEz5mm+fpRB077Y -8vTHsvhqMQIDAQABoyMwITAOBgNVHQ8BAf8EBAMCAqQwDwYDVR0TAQH/BAUwAwEB -/zANBgkqhkiG9w0BAQsFAAOCAQEAgibOJ8rfqzjb97ToIJq9VPDQyEqCYV3RHR04 -UqdcAK5DMjcVRPtf6e2vGNP4bbY41GM/HW9aMqTL+9Iiuj/pLwe4Az0Ro/IzoXMt -yyNqzUpNLfDFAwfMOPLrcBG7gvc/iK6lF1crelPYoaoOptwux+4/PT4nKRKlq3A6 -C1k5CjKnHUOEccBEjBL/2pvaqhuQTupA/iy8InerD2TN1ew9qk0URStMF/cif/2R -lN68Zl+zAkuypzXbxK4LlheFP3CaNuXf1DDaDsmxAgVyWrrSI7a2Nl+AiLTogxCt -YnxxdSL6x4tS8aOkrFHAoyb7Oog+285fHoTKiF3e4zjUE/+uXQ== +MIIDEDCCAfigAwIBAgIQdxGVILXsVcogexr+Ia2MZDANBgkqhkiG9w0BAQsFADAi +MQ8wDQYDVQQKEwZEb2NrZXIxDzANBgNVBAMTBkRvY2tlcjAeFw0yMzAzMjcxMTA5 +NTBaFw0zMzAzMjQxMTA5NTBaMCIxDzANBgNVBAoTBkRvY2tlcjEPMA0GA1UEAxMG +RG9ja2VyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq3sA/g7Srrkz +uEf1Qa2jAw93EfEJvxU1ZmZ30aB7KLgHN2TznxAGYtNekAu88CV4H3PKS44BZOar +wOo3KL4wQffLt7lmsRJG1KOfyiAmjmvidP5JSeRdTiBtj4CCVoi3EE6BZXPpZjst +9OSOlld2bWWXHb2ZdoY3ZAhZ9rn3tVwyfoLKpuESp1WZSFHPIdcuoMmZPtqD0bSi +5hc4gVFNLlZOAILvUkXxcHKUgLHZg0YEDQWsYjqh8EYp5LUK2tt4Mpz0HwAt9siE +VxHGIsiEqG1ajmxZiS28nlRWc4JRlOdmy5x1TPzJTDy+49gxB4njp1nRUtUgzmaG +QHhml35xHQIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAqQwDwYDVR0TAQH/BAUwAwEB +/zAdBgNVHQ4EFgQU8WDDaoMtsJIJj2S//m0wk0KOrpUwDQYJKoZIhvcNAQELBQAD +ggEBAKZJfQjjfqn0K/UlzmrGcRkhrLbJNUfCD6TvxD75MoGtEe+VUEjljm1JHSbj +DrevDyTnak1W4o5/dcy0h6kI6lhHgObbcoAV5CxQ4+HHmeowA/fzedbnIdnHwtNg +SUJEslqoJSiYiiFQLV/yWWfBCWpbIgpDrADU7x9Ccxt6INuxrxOQwf1LZnmVbYs0 +1Mb/O1UFnvW7MeVSR4Nb/4lw6lol+mrR1iF8tTQ+rk4sBdCxw2aU48x3Pjqm+XpV +PIm9uRUr4tRDyQfmBZuxWTNJ9NSx5zVpLEPhDmyOW5wlSw+aKGscu9+RjBx/gXPk +sK8jZi441ojEJ7OaggGPheO3mCU= -----END CERTIFICATE----- diff --git a/e2e/testdata/notary/notary-server.cert b/e2e/testdata/notary/notary-server.cert index 701590aad826..eee2b3463d0d 100644 --- a/e2e/testdata/notary/notary-server.cert +++ b/e2e/testdata/notary/notary-server.cert @@ -1,38 +1,40 @@ -----BEGIN CERTIFICATE----- -MIIDVDCCAjygAwIBAgIQQReeTsMMrsG9juzWS8eAjjANBgkqhkiG9w0BAQsFADAi -MQ8wDQYDVQQKEwZEb2NrZXIxDzANBgNVBAMTBkRvY2tlcjAeFw0yMDA0MDkxNDQ3 -NTdaFw0yMzAzMjUxNDQ3NTdaMCkxDzANBgNVBAoTBkRvY2tlcjEWMBQGA1UEAxMN -bm90YXJ5LXNlcnZlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKKA -wO8S9Ux/e4TMOsTkPtCPfpFU+6l6z72uzrFhCNWb0lrTG7hcxwhP6sIesevTOM24 -GCyvzh+9SMTtdBmSQty4JNElqg9sB6r1tLTeTHo7lMiSiINftctoI1kYg9ni+IO9 -DVBSb9gQf9dDoizat9VhpbLNm3QXkQSeE9cumen6Pz+fcEtB7lFtIYxEEv/L7+VY -QOvhtg0RXiRzfmtSGwFL+FZ9PBz4LOvPnPOLCMQewhR+6cAkO7Jch0ZMjCe8zXXw -h8meeIedoevHt0opsr4HHikvr6llwlhWHL+E7zwTPO10xLGd/RIQGGhs8dXhzp1V -lw/oe2VJoIFSOaGjRFcCAwEAAaN/MH0wDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB -/wQCMAAwXQYDVR0RBFYwVIINbm90YXJ5LXNlcnZlcoIMbm90YXJ5c2VydmVyghJl -dmlsLW5vdGFyeS1zZXJ2ZXKCEGV2aWxub3RhcnlzZXJ2ZXKCCWxvY2FsaG9zdIcE -fwAAATANBgkqhkiG9w0BAQsFAAOCAQEAgwkZpp4s6reZWs9QatF/x9qWWXIXJzYh -6BgzHL3s7UgeZSs0XhgfHYy6SO94ENpbzPADZwue/NjwNXmp7TLjbyUPjSo1DDt7 -OLG8bQ/hbcPKgMzirTZT36CEsetIBYmfyn39h+ZEIJ30J996/Tgq+X9sG7An2wq3 -/btn+C/BiMUgGnNxZ8p4n+uJCUKA95uVugdLjeioA+19HgQzrLSkeZUR/wsesq5F -iP9k8va2oU3l3MsF079NpfIDl2gtIgXFYWPhyaJCaa+b8irjdoPnhDBuC5p77AWl -UTPw/6ENKMMd1Pze6HLpBJAkPP8hTlULKgvuF0pWuGOejipkAKlOBQ== +MIIDdzCCAl+gAwIBAgIQTujwx+1xxXeI5AbzAQ379TANBgkqhkiG9w0BAQsFADAi +MQ8wDQYDVQQKEwZEb2NrZXIxDzANBgNVBAMTBkRvY2tlcjAeFw0yMzAzMjcxMTA5 +NTBaFw0zMzAzMjQxMTA5NTBaMCkxDzANBgNVBAoTBkRvY2tlcjEWMBQGA1UEAxMN +bm90YXJ5LXNlcnZlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPhZ +pU7DRK/2nwbTu+kVYhU/XARDleVSiLrQ5RMR1Cz2xC4LWkOEVSj4aCBo85O66JAx +p+WRVwoVEU2rdkK3k4983Xr34+7q5Hv4hmwlg6I7QLRRJapEgK5G5RB/9aQntolx +h5E0KaoF4PJP25y4FHCUr4td4QyitaICsCpuOAN6XgmE9sM9TBf+AEjTSxwwvgEz +DqHvyovl7pA+pQP2oTKBrf6KN8hHDOXmm9gd8ST9yKLrsYWhqExLLPnAD4lQEcKZ +29g+iTd4eNoJUXctpuY+3IpqBcQSLq35mNKBP/FQco6g3q26/cB4zWGxTr3jGJqs +ms8qdFLGZ2KiBCt+oDMCAwEAAaOBoTCBnjAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0T +AQH/BAIwADAfBgNVHSMEGDAWgBTxYMNqgy2wkgmPZL/+bTCTQo6ulTBdBgNVHREE +VjBUgg1ub3Rhcnktc2VydmVyggxub3RhcnlzZXJ2ZXKCEmV2aWwtbm90YXJ5LXNl +cnZlcoIQZXZpbG5vdGFyeXNlcnZlcoIJbG9jYWxob3N0hwR/AAABMA0GCSqGSIb3 +DQEBCwUAA4IBAQCDMjuZnNINFfqstFwhEEvAgWbjYW26ZQxhQffaqDlbMIQkWoXj +8inld9bma9Mf5i/GAkUwFqCnEHD4LQ6vDgfAgL+pSOv9VI5SBEuk/gLqvIBUeIRu +uHo1jWtll2Fr7eDLVdD4mPRPFC7V6mv6sFa9EN4tBN8eheQxHJvzwnnU7X28prfI +/hWnwPWScVvttqBSsq1h2CUpVu2zGVToeCJ9xl4r/NyDtM5TyMgz7RLrer0p8NSu +4Qp4ZXtxHDLduWcyMUHLGTprW05yjj9UVq89xfaCOqFSpx5i4oxotYm1PoOacHmN +RMp9vaYMAmopoxIEYX6fDg5T3sQ5cidZJEvU -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIC8TCCAdmgAwIBAgIQBHJBPhWngTmnMShFTm17rTANBgkqhkiG9w0BAQsFADAi -MQ8wDQYDVQQKEwZEb2NrZXIxDzANBgNVBAMTBkRvY2tlcjAeFw0yMDA0MDkxNDQ3 -NTdaFw0yMzAzMjUxNDQ3NTdaMCIxDzANBgNVBAoTBkRvY2tlcjEPMA0GA1UEAxMG -RG9ja2VyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5E3t9TSkfFXu -VJooMBa2sNfX98MPMJoEzG+LEEe42XEegrfrq2VQ5Nb7VdM9hEi65GJgELsXRgc5 -s88C6hmgnnfD7CLb8UsbCTHgVE7SFrUuuwHaDq0gcx3PiVThm2eGbGh70tpFYEfP -onWqyoUS90gvc5ZeKwRKXLoEQ1fhWSNSurrr6tY4AtVOdbYuAHepJcQW/rYk+i4a -7E46UBaM0IucYTiX34a6aZtNulRdgNTDmyIBDrFnmBW+BIKQmY/7lIDSBE0QDKZJ -+yx5TWzJeCiqqPn7rK8jaUlTNeBUCVAyD6PylOf9S8njAlAynFEz5mm+fpRB077Y -8vTHsvhqMQIDAQABoyMwITAOBgNVHQ8BAf8EBAMCAqQwDwYDVR0TAQH/BAUwAwEB -/zANBgkqhkiG9w0BAQsFAAOCAQEAgibOJ8rfqzjb97ToIJq9VPDQyEqCYV3RHR04 -UqdcAK5DMjcVRPtf6e2vGNP4bbY41GM/HW9aMqTL+9Iiuj/pLwe4Az0Ro/IzoXMt -yyNqzUpNLfDFAwfMOPLrcBG7gvc/iK6lF1crelPYoaoOptwux+4/PT4nKRKlq3A6 -C1k5CjKnHUOEccBEjBL/2pvaqhuQTupA/iy8InerD2TN1ew9qk0URStMF/cif/2R -lN68Zl+zAkuypzXbxK4LlheFP3CaNuXf1DDaDsmxAgVyWrrSI7a2Nl+AiLTogxCt -YnxxdSL6x4tS8aOkrFHAoyb7Oog+285fHoTKiF3e4zjUE/+uXQ== +MIIDEDCCAfigAwIBAgIQdxGVILXsVcogexr+Ia2MZDANBgkqhkiG9w0BAQsFADAi +MQ8wDQYDVQQKEwZEb2NrZXIxDzANBgNVBAMTBkRvY2tlcjAeFw0yMzAzMjcxMTA5 +NTBaFw0zMzAzMjQxMTA5NTBaMCIxDzANBgNVBAoTBkRvY2tlcjEPMA0GA1UEAxMG +RG9ja2VyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq3sA/g7Srrkz +uEf1Qa2jAw93EfEJvxU1ZmZ30aB7KLgHN2TznxAGYtNekAu88CV4H3PKS44BZOar +wOo3KL4wQffLt7lmsRJG1KOfyiAmjmvidP5JSeRdTiBtj4CCVoi3EE6BZXPpZjst +9OSOlld2bWWXHb2ZdoY3ZAhZ9rn3tVwyfoLKpuESp1WZSFHPIdcuoMmZPtqD0bSi +5hc4gVFNLlZOAILvUkXxcHKUgLHZg0YEDQWsYjqh8EYp5LUK2tt4Mpz0HwAt9siE +VxHGIsiEqG1ajmxZiS28nlRWc4JRlOdmy5x1TPzJTDy+49gxB4njp1nRUtUgzmaG +QHhml35xHQIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAqQwDwYDVR0TAQH/BAUwAwEB +/zAdBgNVHQ4EFgQU8WDDaoMtsJIJj2S//m0wk0KOrpUwDQYJKoZIhvcNAQELBQAD +ggEBAKZJfQjjfqn0K/UlzmrGcRkhrLbJNUfCD6TvxD75MoGtEe+VUEjljm1JHSbj +DrevDyTnak1W4o5/dcy0h6kI6lhHgObbcoAV5CxQ4+HHmeowA/fzedbnIdnHwtNg +SUJEslqoJSiYiiFQLV/yWWfBCWpbIgpDrADU7x9Ccxt6INuxrxOQwf1LZnmVbYs0 +1Mb/O1UFnvW7MeVSR4Nb/4lw6lol+mrR1iF8tTQ+rk4sBdCxw2aU48x3Pjqm+XpV +PIm9uRUr4tRDyQfmBZuxWTNJ9NSx5zVpLEPhDmyOW5wlSw+aKGscu9+RjBx/gXPk +sK8jZi441ojEJ7OaggGPheO3mCU= -----END CERTIFICATE----- diff --git a/e2e/testdata/notary/notary-server.key b/e2e/testdata/notary/notary-server.key index 02e8aa4461bb..7f7562a9defd 100644 --- a/e2e/testdata/notary/notary-server.key +++ b/e2e/testdata/notary/notary-server.key @@ -1,27 +1,27 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAooDA7xL1TH97hMw6xOQ+0I9+kVT7qXrPva7OsWEI1ZvSWtMb -uFzHCE/qwh6x69M4zbgYLK/OH71IxO10GZJC3Lgk0SWqD2wHqvW0tN5MejuUyJKI -g1+1y2gjWRiD2eL4g70NUFJv2BB/10OiLNq31WGlss2bdBeRBJ4T1y6Z6fo/P59w -S0HuUW0hjEQS/8vv5VhA6+G2DRFeJHN+a1IbAUv4Vn08HPgs68+c84sIxB7CFH7p -wCQ7slyHRkyMJ7zNdfCHyZ54h52h68e3SimyvgceKS+vqWXCWFYcv4TvPBM87XTE -sZ39EhAYaGzx1eHOnVWXD+h7ZUmggVI5oaNEVwIDAQABAoIBAB+xmO+H9Qu8eWzH -IFcyZQXsVrUlrAe8CjRmma2CzWRMBdTtA6ULg04duB2wOudRxOxqkVx11W/fTQgL -f+9U1XGTAKtB+08StNQlI99609OrNzN/UNy+mAhaATrpSx395JZdEvGtgl7TqPtl -F4ZECkK1zsl2zHDx/7i01A3N6vr1IiK1UU0sdQqqrYdWXm+ozJpRuYj8AMU3JN79 -aVDFy7cM68UZRVHp0os2SXrmTLE6Li0L0Gp55371iAbv7NQAzyhH/U2HRwSMYTSY -aRqr3VQqI7Frf0QHtHtcUP0idGa/KXMRKzSIbGFCUNV2XxXs+c7+xFylRZuJ1DBp -oawlYNECgYEAwc8+2034McwM0zMTTdIA+WhrDVSEFDpv4S9LjFzOl09J+LVHe6Mj -am1bKu99PWzmNnvBrnDPOfEI3VxkIJW59omjPecXsie6/XNfG2U0Yvd4B4Aq5mSW -+YSqH1FlQ3qqcjj/zTj+A3nfBNyn80I16AsbZVO4jijMrDsleLk+NjMCgYEA1qXI -hyj+i96/WxYEofgDMlmM3nUWN3Ll3M9MEfpX1+B13XYWqOYpG/WGk7gxDVKtUkqh -KbgnLtdglQjz10iD1nXpmMPzrVfEFZwlhUfrBGOXJIdOt2nCoxzMd/k13xVqjOS2 -X4sja+vvgJVwYm5q+YS3gNutx1Om5gyeEjoCLU0CgYEAoGhJW/WCcKS0ELF7TrN7 -fvG/eL70ulFLfBNK8hd2HaHQVXqkeV4i19k+1aB2Bbr2Jy3ytdBEk249qgjoDlge -HED6zSdRY3CiwVcV5nSzER5FR9/6ocmrc0UsENOrflgubm9iuJZtFq9tuHZww1OP -jkhzGkBaxb5a+EnTz8FyDiUCgYBgVXVDG+XqFmVhVudrXejpXwF3EauP5TQ+vpaQ -dv+XtniPlSEkWm/WyYHFqGPza8i35yCfnbOQNT92g9cUJspspOzbEA68HGi3niXE -xHs4tA2waj2s2X1uQU2PBrzjyzPP2hHznXmfRPtvhSI0OwQtyh+laHJ8xBFirAUB -fyFc/QKBgFWXXq2W/m3m1zsshn0QtxsC/sIxDdLseGq5sUi5Xy7R0fXqhKAW6xfj -pnHcAe4yKT6ymnfBQ8xdKURuZJWMql8R0b1lSJb7A9P9ZxTD7FjW7ilyzbdFMr7F -CTRZcz33sHTWD2TOqpDsia9gbQythGmySv4WVJ5W8H7gFY/2/h2W +MIIEpAIBAAKCAQEA+FmlTsNEr/afBtO76RViFT9cBEOV5VKIutDlExHULPbELgta +Q4RVKPhoIGjzk7rokDGn5ZFXChURTat2QreTj3zdevfj7urke/iGbCWDojtAtFEl +qkSArkblEH/1pCe2iXGHkTQpqgXg8k/bnLgUcJSvi13hDKK1ogKwKm44A3peCYT2 +wz1MF/4ASNNLHDC+ATMOoe/Ki+XukD6lA/ahMoGt/oo3yEcM5eab2B3xJP3Iouux +haGoTEss+cAPiVARwpnb2D6JN3h42glRdy2m5j7cimoFxBIurfmY0oE/8VByjqDe +rbr9wHjNYbFOveMYmqyazyp0UsZnYqIEK36gMwIDAQABAoIBAQDy7W2f763+mbTQ +zshepQX+Vq3BlgLIAMWyR6fr0WLEYNVhXMV8ibNrkiD4ovCwLwJSGeBr1JFZUWZN +nUze0gdLMg7LvDN/ftDk2yNSIhfy1xbhywaW2M8uqjZiv2genKIXK7A6PtYKdBmn +rKnbUMzdmvNj1f7Ph1E4Gn0L5ChybJDJrq6wQjuTdZ6RmkGkbid0L+47Uv+6xBm9 +hgBPVXd8auQAYGmyXZwvfga5ZjfRMI4wvWkvjOAQcJtxxgOnLT1KDjYV+L70PWul +bYoKX0sNkFEP9tOq2pD9XVBuTVQxcYeztv0Vz+kG66Ju1KKCAnUYFhRt055zZLfm +WDYlWm0BAoGBAPvGW9LvzwCDE9QUcR46nG1ZihheJyGKwWVK+ZjYkUU9nLbrIpOD +/jmihoHHhKBC6YOfHHY73LtZ22fgXEu6ivDzZtTxBErXbdRpEKktJebRK7gPkfsB +PNQ8CRd/DxRC/JuVFR76OPsbZWhXCaeC7PRdyAtvU9toT1jIQf+a4OhBAoGBAPyE +kxEoNO1KhWtgByUlsPzvq9PaTjwW/LpmEoo0FBUhYRPxYzVuYrE0BBflDR6JcMRR +oE9CXYGjtVPB44gT7pHVP09f3Ugrxk7X+t8wy3PWUTaTprmmEGqF0TzfdH4oQz0Y +v1khwuIu6rRlddGEiCKldXxn+gJy9E70yO4bm4tzAoGAL/XFIBVWVT6i1E9gjOWV +Tq8zwxiMU7Ney7DQgvEeGxZ1d9Kqr3cBQnFXNfmPpgeY+92fSlZ04atoRA1VB4ft +V6DGAeI3cxo+bavl5JQZGDLYJSOyJyJBOByHjtZBRRbNj8WCVHhNymeZlZqe2C30 +fUgwBx2Z172y/7KF/+680QECgYEA1GhUKQ9wDdYsiliZSgb9bJXSLH8qZeNULRrl +J3mNFwUf2p2mvPAgdjxx4QOb2H716z1aIrGJZB4nzc9/LBzQBb2h5ouV4DpqMjH8 +5bbuvH6fi9ABY5Irpt7vVUwFeoU1ofPqKPh8LLQYWywpQddAiBwzyjTQGTVHCg9f +4OI6Ib8CgYAptl24MGOc6BminKgsux+vNS9X1WwIADiHDyWBPHeQgLX8bYegswq9 +/6uGXJQgdFBhfLuoTBBN0ia/0QQhDezzrqnERddciuL2zxFxEETdpIuxm4lhieX7 +9LqnFcjxM4sLCg4SDSRX+nburiCnLDQiaBzhARooMJO48luTZUiWYQ== -----END RSA PRIVATE KEY----- diff --git a/e2e/testdata/notary/root-ca.cert b/e2e/testdata/notary/root-ca.cert index fdbb0b0e0ffa..e7411c14bef8 100644 --- a/e2e/testdata/notary/root-ca.cert +++ b/e2e/testdata/notary/root-ca.cert @@ -1,18 +1,19 @@ -----BEGIN CERTIFICATE----- -MIIC8TCCAdmgAwIBAgIQBHJBPhWngTmnMShFTm17rTANBgkqhkiG9w0BAQsFADAi -MQ8wDQYDVQQKEwZEb2NrZXIxDzANBgNVBAMTBkRvY2tlcjAeFw0yMDA0MDkxNDQ3 -NTdaFw0yMzAzMjUxNDQ3NTdaMCIxDzANBgNVBAoTBkRvY2tlcjEPMA0GA1UEAxMG -RG9ja2VyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5E3t9TSkfFXu -VJooMBa2sNfX98MPMJoEzG+LEEe42XEegrfrq2VQ5Nb7VdM9hEi65GJgELsXRgc5 -s88C6hmgnnfD7CLb8UsbCTHgVE7SFrUuuwHaDq0gcx3PiVThm2eGbGh70tpFYEfP -onWqyoUS90gvc5ZeKwRKXLoEQ1fhWSNSurrr6tY4AtVOdbYuAHepJcQW/rYk+i4a -7E46UBaM0IucYTiX34a6aZtNulRdgNTDmyIBDrFnmBW+BIKQmY/7lIDSBE0QDKZJ -+yx5TWzJeCiqqPn7rK8jaUlTNeBUCVAyD6PylOf9S8njAlAynFEz5mm+fpRB077Y -8vTHsvhqMQIDAQABoyMwITAOBgNVHQ8BAf8EBAMCAqQwDwYDVR0TAQH/BAUwAwEB -/zANBgkqhkiG9w0BAQsFAAOCAQEAgibOJ8rfqzjb97ToIJq9VPDQyEqCYV3RHR04 -UqdcAK5DMjcVRPtf6e2vGNP4bbY41GM/HW9aMqTL+9Iiuj/pLwe4Az0Ro/IzoXMt -yyNqzUpNLfDFAwfMOPLrcBG7gvc/iK6lF1crelPYoaoOptwux+4/PT4nKRKlq3A6 -C1k5CjKnHUOEccBEjBL/2pvaqhuQTupA/iy8InerD2TN1ew9qk0URStMF/cif/2R -lN68Zl+zAkuypzXbxK4LlheFP3CaNuXf1DDaDsmxAgVyWrrSI7a2Nl+AiLTogxCt -YnxxdSL6x4tS8aOkrFHAoyb7Oog+285fHoTKiF3e4zjUE/+uXQ== +MIIDEDCCAfigAwIBAgIQdxGVILXsVcogexr+Ia2MZDANBgkqhkiG9w0BAQsFADAi +MQ8wDQYDVQQKEwZEb2NrZXIxDzANBgNVBAMTBkRvY2tlcjAeFw0yMzAzMjcxMTA5 +NTBaFw0zMzAzMjQxMTA5NTBaMCIxDzANBgNVBAoTBkRvY2tlcjEPMA0GA1UEAxMG +RG9ja2VyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq3sA/g7Srrkz +uEf1Qa2jAw93EfEJvxU1ZmZ30aB7KLgHN2TznxAGYtNekAu88CV4H3PKS44BZOar +wOo3KL4wQffLt7lmsRJG1KOfyiAmjmvidP5JSeRdTiBtj4CCVoi3EE6BZXPpZjst +9OSOlld2bWWXHb2ZdoY3ZAhZ9rn3tVwyfoLKpuESp1WZSFHPIdcuoMmZPtqD0bSi +5hc4gVFNLlZOAILvUkXxcHKUgLHZg0YEDQWsYjqh8EYp5LUK2tt4Mpz0HwAt9siE +VxHGIsiEqG1ajmxZiS28nlRWc4JRlOdmy5x1TPzJTDy+49gxB4njp1nRUtUgzmaG +QHhml35xHQIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAqQwDwYDVR0TAQH/BAUwAwEB +/zAdBgNVHQ4EFgQU8WDDaoMtsJIJj2S//m0wk0KOrpUwDQYJKoZIhvcNAQELBQAD +ggEBAKZJfQjjfqn0K/UlzmrGcRkhrLbJNUfCD6TvxD75MoGtEe+VUEjljm1JHSbj +DrevDyTnak1W4o5/dcy0h6kI6lhHgObbcoAV5CxQ4+HHmeowA/fzedbnIdnHwtNg +SUJEslqoJSiYiiFQLV/yWWfBCWpbIgpDrADU7x9Ccxt6INuxrxOQwf1LZnmVbYs0 +1Mb/O1UFnvW7MeVSR4Nb/4lw6lol+mrR1iF8tTQ+rk4sBdCxw2aU48x3Pjqm+XpV +PIm9uRUr4tRDyQfmBZuxWTNJ9NSx5zVpLEPhDmyOW5wlSw+aKGscu9+RjBx/gXPk +sK8jZi441ojEJ7OaggGPheO3mCU= -----END CERTIFICATE----- From f381e08425dcc232e9e548d3ff2df243e3324565 Mon Sep 17 00:00:00 2001 From: CrazyMax Date: Fri, 24 Mar 2023 21:06:20 +0100 Subject: [PATCH 025/197] Dockerfile: align go version Signed-off-by: CrazyMax (cherry picked from commit b854eff3004eb12c83333a1b1479cb89ed028387) Signed-off-by: Sebastiaan van Stijn --- docker-bake.hcl | 14 +++++++------- dockerfiles/Dockerfile.vendor | 2 +- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/docker-bake.hcl b/docker-bake.hcl index 4ffa08bb3a81..1efac9464c45 100644 --- a/docker-bake.hcl +++ b/docker-bake.hcl @@ -1,14 +1,14 @@ variable "GO_VERSION" { - default = "1.19.7" + default = null } variable "VERSION" { - default = "" + default = null } variable "USE_GLIBC" { - default = "" + default = null } variable "STRIP_TARGET" { - default = "" + default = null } variable "IMAGE_NAME" { default = "docker-cli" @@ -52,7 +52,7 @@ target "binary" { platforms = ["local"] output = ["build"] args = { - BASE_VARIANT = USE_GLIBC != "" ? "bullseye" : "alpine" + BASE_VARIANT = USE_GLIBC == "1" ? "bullseye" : "alpine" VERSION = VERSION PACKAGER_NAME = PACKAGER_NAME GO_STRIP = STRIP_TARGET @@ -72,7 +72,7 @@ target "plugins" { platforms = ["local"] output = ["build"] args = { - BASE_VARIANT = USE_GLIBC != "" ? "bullseye" : "alpine" + BASE_VARIANT = USE_GLIBC == "1" ? "bullseye" : "alpine" VERSION = VERSION GO_STRIP = STRIP_TARGET } @@ -155,7 +155,7 @@ target "e2e-image" { output = ["type=docker"] tags = ["${IMAGE_NAME}"] args = { - BASE_VARIANT = USE_GLIBC != "" ? "bullseye" : "alpine" + BASE_VARIANT = USE_GLIBC == "1" ? "bullseye" : "alpine" VERSION = VERSION } } diff --git a/dockerfiles/Dockerfile.vendor b/dockerfiles/Dockerfile.vendor index 618ae1479d49..300c896dda42 100644 --- a/dockerfiles/Dockerfile.vendor +++ b/dockerfiles/Dockerfile.vendor @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:1 -ARG GO_VERSION=1.19.4 +ARG GO_VERSION=1.19.7 ARG ALPINE_VERSION=3.16 ARG MODOUTDATED_VERSION=v0.8.0 From f6643207a24c264049aebe5fa5bdf9b987e04cb1 Mon Sep 17 00:00:00 2001 From: CrazyMax Date: Mon, 27 Mar 2023 12:07:47 +0200 Subject: [PATCH 026/197] don't use null values in the bake definition Signed-off-by: CrazyMax (cherry picked from commit bec5d37e91a6ba991d2e036b859785f404de2416) Signed-off-by: Sebastiaan van Stijn --- docker-bake.hcl | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docker-bake.hcl b/docker-bake.hcl index 1efac9464c45..758aa38cdb34 100644 --- a/docker-bake.hcl +++ b/docker-bake.hcl @@ -1,14 +1,14 @@ variable "GO_VERSION" { - default = null + default = "1.19.7" } variable "VERSION" { - default = null + default = "" } variable "USE_GLIBC" { - default = null + default = "" } variable "STRIP_TARGET" { - default = null + default = "" } variable "IMAGE_NAME" { default = "docker-cli" From 8e38271f238954ad9e61588f71356047e7df3181 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Thu, 30 Mar 2023 16:50:29 +0200 Subject: [PATCH 027/197] gha: align stray go 1.19.4 version looks like this one was forgotten to be updated :) Signed-off-by: Sebastiaan van Stijn (cherry picked from commit e4436853e86d43dfa732f16fc8d524480b6c87c0) Signed-off-by: Sebastiaan van Stijn --- .github/workflows/test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 1b126462c801..1a51822a000d 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -63,7 +63,7 @@ jobs: name: Set up Go uses: actions/setup-go@v3 with: - go-version: 1.19.4 + go-version: 1.19.7 - name: Test run: | From d93d78588dc20ea8e218018877dfa58f098efb05 Mon Sep 17 00:00:00 2001 From: Kevin Alvarez Date: Tue, 28 Mar 2023 04:08:07 +0200 Subject: [PATCH 028/197] load plugin command stubs when required We are currently loading plugin command stubs for every invocation which still has a significant performance hit. With this change we are doing this operation only if cobra completion arg request is found. - 20.10.23: `docker --version` takes ~15ms - 23.0.1: `docker --version` takes ~93ms With this change `docker --version` takes ~9ms Signed-off-by: CrazyMax (cherry picked from commit c39c711a18cbd9970ac2e040262b830fd6b4e3f9) --- cli-plugins/manager/cobra.go | 116 ++++++++++++++++++----------------- cli/cobra.go | 10 +++ cmd/docker/docker.go | 24 ++++++-- e2e/cli-plugins/run_test.go | 6 +- 4 files changed, 92 insertions(+), 64 deletions(-) diff --git a/cli-plugins/manager/cobra.go b/cli-plugins/manager/cobra.go index 71b6fe716d07..be3a05820189 100644 --- a/cli-plugins/manager/cobra.go +++ b/cli-plugins/manager/cobra.go @@ -3,6 +3,7 @@ package manager import ( "fmt" "os" + "sync" "github.com/docker/cli/cli/command" "github.com/spf13/cobra" @@ -31,64 +32,69 @@ const ( CommandAnnotationPluginInvalid = "com.docker.cli.plugin-invalid" ) +var pluginCommandStubsOnce sync.Once + // AddPluginCommandStubs adds a stub cobra.Commands for each valid and invalid // plugin. The command stubs will have several annotations added, see // `CommandAnnotationPlugin*`. -func AddPluginCommandStubs(dockerCli command.Cli, rootCmd *cobra.Command) error { - plugins, err := ListPlugins(dockerCli, rootCmd) - if err != nil { - return err - } - for _, p := range plugins { - p := p - vendor := p.Vendor - if vendor == "" { - vendor = "unknown" - } - annotations := map[string]string{ - CommandAnnotationPlugin: "true", - CommandAnnotationPluginVendor: vendor, - CommandAnnotationPluginVersion: p.Version, +func AddPluginCommandStubs(dockerCli command.Cli, rootCmd *cobra.Command) (err error) { + pluginCommandStubsOnce.Do(func() { + var plugins []Plugin + plugins, err = ListPlugins(dockerCli, rootCmd) + if err != nil { + return } - if p.Err != nil { - annotations[CommandAnnotationPluginInvalid] = p.Err.Error() - } - rootCmd.AddCommand(&cobra.Command{ - Use: p.Name, - Short: p.ShortDescription, - Run: func(_ *cobra.Command, _ []string) {}, - Annotations: annotations, - DisableFlagParsing: true, - RunE: func(cmd *cobra.Command, args []string) error { - flags := rootCmd.PersistentFlags() - flags.SetOutput(nil) - err := flags.Parse(args) - if err != nil { - return err - } - if flags.Changed("help") { - cmd.HelpFunc()(rootCmd, args) - return nil - } - return fmt.Errorf("docker: '%s' is not a docker command.\nSee 'docker --help'", cmd.Name()) - }, - ValidArgsFunction: func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) { - // Delegate completion to plugin - cargs := []string{p.Path, cobra.ShellCompRequestCmd, p.Name} - cargs = append(cargs, args...) - cargs = append(cargs, toComplete) - os.Args = cargs - runCommand, err := PluginRunCommand(dockerCli, p.Name, cmd) - if err != nil { + for _, p := range plugins { + p := p + vendor := p.Vendor + if vendor == "" { + vendor = "unknown" + } + annotations := map[string]string{ + CommandAnnotationPlugin: "true", + CommandAnnotationPluginVendor: vendor, + CommandAnnotationPluginVersion: p.Version, + } + if p.Err != nil { + annotations[CommandAnnotationPluginInvalid] = p.Err.Error() + } + rootCmd.AddCommand(&cobra.Command{ + Use: p.Name, + Short: p.ShortDescription, + Run: func(_ *cobra.Command, _ []string) {}, + Annotations: annotations, + DisableFlagParsing: true, + RunE: func(cmd *cobra.Command, args []string) error { + flags := rootCmd.PersistentFlags() + flags.SetOutput(nil) + perr := flags.Parse(args) + if perr != nil { + return err + } + if flags.Changed("help") { + cmd.HelpFunc()(rootCmd, args) + return nil + } + return fmt.Errorf("docker: '%s' is not a docker command.\nSee 'docker --help'", cmd.Name()) + }, + ValidArgsFunction: func(cmd *cobra.Command, args []string, toComplete string) ([]string, cobra.ShellCompDirective) { + // Delegate completion to plugin + cargs := []string{p.Path, cobra.ShellCompRequestCmd, p.Name} + cargs = append(cargs, args...) + cargs = append(cargs, toComplete) + os.Args = cargs + runCommand, runErr := PluginRunCommand(dockerCli, p.Name, cmd) + if runErr != nil { + return nil, cobra.ShellCompDirectiveError + } + runErr = runCommand.Run() + if runErr == nil { + os.Exit(0) // plugin already rendered complete data + } return nil, cobra.ShellCompDirectiveError - } - err = runCommand.Run() - if err == nil { - os.Exit(0) // plugin already rendered complete data - } - return nil, cobra.ShellCompDirectiveError - }, - }) - } - return nil + }, + }) + } + }) + return err } diff --git a/cli/cobra.go b/cli/cobra.go index 1b07fc56482d..6501197ddd43 100644 --- a/cli/cobra.go +++ b/cli/cobra.go @@ -204,6 +204,16 @@ func DisableFlagsInUseLine(cmd *cobra.Command) { }) } +// HasCompletionArg returns true if a cobra completion arg request is found. +func HasCompletionArg(args []string) bool { + for _, arg := range args { + if arg == cobra.ShellCompRequestCmd || arg == cobra.ShellCompNoDescRequestCmd { + return true + } + } + return false +} + var helpCommand = &cobra.Command{ Use: "help [command]", Short: "Help about the command", diff --git a/cmd/docker/docker.go b/cmd/docker/docker.go index 9becec2c0776..d18125a634e8 100644 --- a/cmd/docker/docker.go +++ b/cmd/docker/docker.go @@ -133,13 +133,20 @@ func tryRunPluginHelp(dockerCli command.Cli, ccmd *cobra.Command, cargs []string func setHelpFunc(dockerCli command.Cli, cmd *cobra.Command) { defaultHelpFunc := cmd.HelpFunc() cmd.SetHelpFunc(func(ccmd *cobra.Command, args []string) { - if pluginmanager.IsPluginCommand(ccmd) { + if err := pluginmanager.AddPluginCommandStubs(dockerCli, ccmd.Root()); err != nil { + ccmd.Println(err) + return + } + + if len(args) >= 1 { err := tryRunPluginHelp(dockerCli, ccmd, args) + if err == nil { + return + } if !pluginmanager.IsNotFound(err) { ccmd.Println(err) + return } - cmd.PrintErrf("unknown help topic: %v\n", ccmd.Name()) - return } if err := isSupported(ccmd, dockerCli); err != nil { @@ -227,9 +234,14 @@ func runDocker(dockerCli *command.DockerCli) error { return err } - err = pluginmanager.AddPluginCommandStubs(dockerCli, cmd) - if err != nil { - return err + if cli.HasCompletionArg(args) { + // We add plugin command stubs early only for completion. We don't + // want to add them for normal command execution as it would cause + // a significant performance hit. + err = pluginmanager.AddPluginCommandStubs(dockerCli, cmd) + if err != nil { + return err + } } if len(args) > 0 { diff --git a/e2e/cli-plugins/run_test.go b/e2e/cli-plugins/run_test.go index 2a2f318f46c6..d3daa35563e3 100644 --- a/e2e/cli-plugins/run_test.go +++ b/e2e/cli-plugins/run_test.go @@ -83,7 +83,7 @@ func TestHelpBad(t *testing.T) { res := icmd.RunCmd(run("help", "badmeta")) res.Assert(t, icmd.Expected{ - ExitCode: 0, + ExitCode: 1, Out: icmd.None, }) golden.Assert(t, res.Stderr(), "docker-help-badmeta-err.golden") @@ -110,8 +110,8 @@ func TestBadHelp(t *testing.T) { res.Assert(t, icmd.Expected{ ExitCode: 0, // This should be identical to the --help case above - Out: usage, - Err: shortHFlagDeprecated, + Out: shortHFlagDeprecated + usage, + Err: icmd.None, }) } From c7cdab58d261c96b1a7ffd3fe4cdabbb7da1e50d Mon Sep 17 00:00:00 2001 From: Kevin Alvarez Date: Sat, 1 Apr 2023 15:40:32 +0200 Subject: [PATCH 029/197] improve plugins listing performance We can slightly improve plugins listing by spawning a goroutine for each iteration. Signed-off-by: CrazyMax (cherry picked from commit 89583b92b74ec3c2dfe770b0c01437b1e373c1aa) # Conflicts: # vendor.mod # vendor/modules.txt --- cli-plugins/manager/candidate_test.go | 2 +- cli-plugins/manager/manager.go | 44 ++++-- cli-plugins/manager/plugin.go | 32 ++--- vendor.mod | 1 + vendor.sum | 2 + vendor/golang.org/x/sync/LICENSE | 27 ++++ vendor/golang.org/x/sync/PATENTS | 22 +++ vendor/golang.org/x/sync/errgroup/errgroup.go | 132 ++++++++++++++++++ vendor/modules.txt | 3 + 9 files changed, 233 insertions(+), 32 deletions(-) create mode 100644 vendor/golang.org/x/sync/LICENSE create mode 100644 vendor/golang.org/x/sync/PATENTS create mode 100644 vendor/golang.org/x/sync/errgroup/errgroup.go diff --git a/cli-plugins/manager/candidate_test.go b/cli-plugins/manager/candidate_test.go index cbb85dc31585..0ec7beda647c 100644 --- a/cli-plugins/manager/candidate_test.go +++ b/cli-plugins/manager/candidate_test.go @@ -74,7 +74,7 @@ func TestValidateCandidate(t *testing.T) { {name: "experimental + allowing experimental", c: &fakeCandidate{path: goodPluginPath, exec: true, meta: metaExperimental}}, } { t.Run(tc.name, func(t *testing.T) { - p, err := newPlugin(tc.c, fakeroot) + p, err := newPlugin(tc.c, fakeroot.Commands()) if tc.err != "" { assert.ErrorContains(t, err, tc.err) } else if tc.invalid != "" { diff --git a/cli-plugins/manager/manager.go b/cli-plugins/manager/manager.go index ff1585987897..3ce96876d176 100644 --- a/cli-plugins/manager/manager.go +++ b/cli-plugins/manager/manager.go @@ -1,15 +1,18 @@ package manager import ( + "context" "os" "path/filepath" "sort" "strings" + "sync" "github.com/docker/cli/cli/command" "github.com/docker/cli/cli/config" "github.com/fvbommel/sortorder" "github.com/spf13/cobra" + "golang.org/x/sync/errgroup" exec "golang.org/x/sys/execabs" ) @@ -120,7 +123,7 @@ func GetPlugin(name string, dockerCli command.Cli, rootcmd *cobra.Command) (*Plu return nil, errPluginNotFound(name) } c := &candidate{paths[0]} - p, err := newPlugin(c, rootcmd) + p, err := newPlugin(c, rootcmd.Commands()) if err != nil { return nil, err } @@ -146,19 +149,32 @@ func ListPlugins(dockerCli command.Cli, rootcmd *cobra.Command) ([]Plugin, error } var plugins []Plugin + var mu sync.Mutex + eg, _ := errgroup.WithContext(context.TODO()) + cmds := rootcmd.Commands() for _, paths := range candidates { - if len(paths) == 0 { - continue - } - c := &candidate{paths[0]} - p, err := newPlugin(c, rootcmd) - if err != nil { - return nil, err - } - if !IsNotFound(p.Err) { - p.ShadowedPaths = paths[1:] - plugins = append(plugins, p) - } + func(paths []string) { + eg.Go(func() error { + if len(paths) == 0 { + return nil + } + c := &candidate{paths[0]} + p, err := newPlugin(c, cmds) + if err != nil { + return err + } + if !IsNotFound(p.Err) { + p.ShadowedPaths = paths[1:] + mu.Lock() + defer mu.Unlock() + plugins = append(plugins, p) + } + return nil + }) + }(paths) + } + if err := eg.Wait(); err != nil { + return nil, err } sort.Slice(plugins, func(i, j int) bool { @@ -199,7 +215,7 @@ func PluginRunCommand(dockerCli command.Cli, name string, rootcmd *cobra.Command } c := &candidate{path: path} - plugin, err := newPlugin(c, rootcmd) + plugin, err := newPlugin(c, rootcmd.Commands()) if err != nil { return nil, err } diff --git a/cli-plugins/manager/plugin.go b/cli-plugins/manager/plugin.go index 341e92d7f06c..58ed6db72c1e 100644 --- a/cli-plugins/manager/plugin.go +++ b/cli-plugins/manager/plugin.go @@ -31,7 +31,7 @@ type Plugin struct { // is set, and is always a `pluginError`, but the `Plugin` is still // returned with no error. An error is only returned due to a // non-recoverable error. -func newPlugin(c Candidate, rootcmd *cobra.Command) (Plugin, error) { +func newPlugin(c Candidate, cmds []*cobra.Command) (Plugin, error) { path := c.Path() if path == "" { return Plugin{}, errors.New("plugin candidate path cannot be empty") @@ -62,22 +62,20 @@ func newPlugin(c Candidate, rootcmd *cobra.Command) (Plugin, error) { return p, nil } - if rootcmd != nil { - for _, cmd := range rootcmd.Commands() { - // Ignore conflicts with commands which are - // just plugin stubs (i.e. from a previous - // call to AddPluginCommandStubs). - if IsPluginCommand(cmd) { - continue - } - if cmd.Name() == p.Name { - p.Err = NewPluginError("plugin %q duplicates builtin command", p.Name) - return p, nil - } - if cmd.HasAlias(p.Name) { - p.Err = NewPluginError("plugin %q duplicates an alias of builtin command %q", p.Name, cmd.Name()) - return p, nil - } + for _, cmd := range cmds { + // Ignore conflicts with commands which are + // just plugin stubs (i.e. from a previous + // call to AddPluginCommandStubs). + if IsPluginCommand(cmd) { + continue + } + if cmd.Name() == p.Name { + p.Err = NewPluginError("plugin %q duplicates builtin command", p.Name) + return p, nil + } + if cmd.HasAlias(p.Name) { + p.Err = NewPluginError("plugin %q duplicates an alias of builtin command %q", p.Name, cmd.Name()) + return p, nil } } diff --git a/vendor.mod b/vendor.mod index 1b99ae790bd3..82a25dcdeee8 100644 --- a/vendor.mod +++ b/vendor.mod @@ -37,6 +37,7 @@ require ( github.com/theupdateframework/notary v0.7.1-0.20210315103452-bf96a202a09a github.com/tonistiigi/go-rosetta v0.0.0-20200727161949-f79598599c5d github.com/xeipuuv/gojsonschema v1.2.0 + golang.org/x/sync v0.1.0 golang.org/x/sys v0.4.0 golang.org/x/term v0.4.0 golang.org/x/text v0.6.0 diff --git a/vendor.sum b/vendor.sum index 40d93ff77bdd..af3b4cdc6021 100644 --- a/vendor.sum +++ b/vendor.sum @@ -524,6 +524,8 @@ golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o= +golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= diff --git a/vendor/golang.org/x/sync/LICENSE b/vendor/golang.org/x/sync/LICENSE new file mode 100644 index 000000000000..6a66aea5eafe --- /dev/null +++ b/vendor/golang.org/x/sync/LICENSE @@ -0,0 +1,27 @@ +Copyright (c) 2009 The Go Authors. All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are +met: + + * Redistributions of source code must retain the above copyright +notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above +copyright notice, this list of conditions and the following disclaimer +in the documentation and/or other materials provided with the +distribution. + * Neither the name of Google Inc. nor the names of its +contributors may be used to endorse or promote products derived from +this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/vendor/golang.org/x/sync/PATENTS b/vendor/golang.org/x/sync/PATENTS new file mode 100644 index 000000000000..733099041f84 --- /dev/null +++ b/vendor/golang.org/x/sync/PATENTS @@ -0,0 +1,22 @@ +Additional IP Rights Grant (Patents) + +"This implementation" means the copyrightable works distributed by +Google as part of the Go project. + +Google hereby grants to You a perpetual, worldwide, non-exclusive, +no-charge, royalty-free, irrevocable (except as stated in this section) +patent license to make, have made, use, offer to sell, sell, import, +transfer and otherwise run, modify and propagate the contents of this +implementation of Go, where such license applies only to those patent +claims, both currently owned or controlled by Google and acquired in +the future, licensable by Google that are necessarily infringed by this +implementation of Go. This grant does not include claims that would be +infringed only as a consequence of further modification of this +implementation. If you or your agent or exclusive licensee institute or +order or agree to the institution of patent litigation against any +entity (including a cross-claim or counterclaim in a lawsuit) alleging +that this implementation of Go or any code incorporated within this +implementation of Go constitutes direct or contributory patent +infringement, or inducement of patent infringement, then any patent +rights granted to you under this License for this implementation of Go +shall terminate as of the date such litigation is filed. diff --git a/vendor/golang.org/x/sync/errgroup/errgroup.go b/vendor/golang.org/x/sync/errgroup/errgroup.go new file mode 100644 index 000000000000..cbee7a4e230d --- /dev/null +++ b/vendor/golang.org/x/sync/errgroup/errgroup.go @@ -0,0 +1,132 @@ +// Copyright 2016 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// Package errgroup provides synchronization, error propagation, and Context +// cancelation for groups of goroutines working on subtasks of a common task. +package errgroup + +import ( + "context" + "fmt" + "sync" +) + +type token struct{} + +// A Group is a collection of goroutines working on subtasks that are part of +// the same overall task. +// +// A zero Group is valid, has no limit on the number of active goroutines, +// and does not cancel on error. +type Group struct { + cancel func() + + wg sync.WaitGroup + + sem chan token + + errOnce sync.Once + err error +} + +func (g *Group) done() { + if g.sem != nil { + <-g.sem + } + g.wg.Done() +} + +// WithContext returns a new Group and an associated Context derived from ctx. +// +// The derived Context is canceled the first time a function passed to Go +// returns a non-nil error or the first time Wait returns, whichever occurs +// first. +func WithContext(ctx context.Context) (*Group, context.Context) { + ctx, cancel := context.WithCancel(ctx) + return &Group{cancel: cancel}, ctx +} + +// Wait blocks until all function calls from the Go method have returned, then +// returns the first non-nil error (if any) from them. +func (g *Group) Wait() error { + g.wg.Wait() + if g.cancel != nil { + g.cancel() + } + return g.err +} + +// Go calls the given function in a new goroutine. +// It blocks until the new goroutine can be added without the number of +// active goroutines in the group exceeding the configured limit. +// +// The first call to return a non-nil error cancels the group's context, if the +// group was created by calling WithContext. The error will be returned by Wait. +func (g *Group) Go(f func() error) { + if g.sem != nil { + g.sem <- token{} + } + + g.wg.Add(1) + go func() { + defer g.done() + + if err := f(); err != nil { + g.errOnce.Do(func() { + g.err = err + if g.cancel != nil { + g.cancel() + } + }) + } + }() +} + +// TryGo calls the given function in a new goroutine only if the number of +// active goroutines in the group is currently below the configured limit. +// +// The return value reports whether the goroutine was started. +func (g *Group) TryGo(f func() error) bool { + if g.sem != nil { + select { + case g.sem <- token{}: + // Note: this allows barging iff channels in general allow barging. + default: + return false + } + } + + g.wg.Add(1) + go func() { + defer g.done() + + if err := f(); err != nil { + g.errOnce.Do(func() { + g.err = err + if g.cancel != nil { + g.cancel() + } + }) + } + }() + return true +} + +// SetLimit limits the number of active goroutines in this group to at most n. +// A negative value indicates no limit. +// +// Any subsequent call to the Go method will block until it can add an active +// goroutine without exceeding the configured limit. +// +// The limit must not be modified while any goroutines in the group are active. +func (g *Group) SetLimit(n int) { + if n < 0 { + g.sem = nil + return + } + if len(g.sem) != 0 { + panic(fmt.Errorf("errgroup: modify limit while %v goroutines in the group are still active", len(g.sem))) + } + g.sem = make(chan token, n) +} diff --git a/vendor/modules.txt b/vendor/modules.txt index e944751e463e..b88a03070ea5 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -276,6 +276,9 @@ golang.org/x/net/internal/socks golang.org/x/net/internal/timeseries golang.org/x/net/proxy golang.org/x/net/trace +# golang.org/x/sync v0.1.0 +## explicit +golang.org/x/sync/errgroup # golang.org/x/sys v0.4.0 ## explicit; go 1.17 golang.org/x/sys/execabs From 6efc4eaccb858f162bf7f334896d17cc8cd9e4d6 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Sat, 1 Apr 2023 18:16:52 +0200 Subject: [PATCH 030/197] cli/command: fix deprecation comments for Stream types These were deprecated in 6c400a9c2009bba9376ad61ab59c04c1ad675871 (docker 19.03), but the "Deprecated:" comments were missing a newline before them. While most IDEs will detect such comments as "deprecated", pkg.go.dev and linters will ignore them, which may result in users not being aware of them being deprecated. This patch; - Fixes the "Deprecated:" comments. - Changes the var aliases to functions, which is slightly more boilerplating, but makes sure the functions are documented as "function", instead of shown in the "variables" section on pkg.go.dev. - Adds some punctuation and adds "doc links", which allows readers to navigate to related content on pkg.go.dev. Signed-off-by: Sebastiaan van Stijn (cherry picked from commit 817897f891a8bc2ddaca42bc58788407abf52a2a) Signed-off-by: Sebastiaan van Stijn --- cli/command/streams.go | 29 +++++++++++++++++++---------- 1 file changed, 19 insertions(+), 10 deletions(-) diff --git a/cli/command/streams.go b/cli/command/streams.go index fa435e1643f2..43dc6cd00ee8 100644 --- a/cli/command/streams.go +++ b/cli/command/streams.go @@ -1,23 +1,32 @@ package command import ( + "io" + "github.com/docker/cli/cli/streams" ) // InStream is an input stream used by the DockerCli to read user input -// Deprecated: Use github.com/docker/cli/cli/streams.In instead +// +// Deprecated: Use [streams.In] instead. type InStream = streams.In // OutStream is an output stream used by the DockerCli to write normal program // output. -// Deprecated: Use github.com/docker/cli/cli/streams.Out instead +// +// Deprecated: Use [streams.Out] instead. type OutStream = streams.Out -var ( - // NewInStream returns a new InStream object from a ReadCloser - // Deprecated: Use github.com/docker/cli/cli/streams.NewIn instead - NewInStream = streams.NewIn - // NewOutStream returns a new OutStream object from a Writer - // Deprecated: Use github.com/docker/cli/cli/streams.NewOut instead - NewOutStream = streams.NewOut -) +// NewInStream returns a new [streams.In] from an [io.ReadCloser]. +// +// Deprecated: Use [streams.NewIn] instead. +func NewInStream(in io.ReadCloser) *streams.In { + return streams.NewIn(in) +} + +// NewOutStream returns a new [streams.Out] from an [io.Writer]. +// +// Deprecated: Use [streams.NewOut] instead. +func NewOutStream(out io.Writer) *streams.Out { + return streams.NewOut(out) +} From 97d91f13aa8de816b10ab11ba732b0e6b763661e Mon Sep 17 00:00:00 2001 From: Brian Goff Date: Wed, 29 Mar 2023 23:05:54 +0000 Subject: [PATCH 031/197] cp: do not emit progress if stderr is not a term This fixes a case where a non-tty will have control characters + the log line for every single read operation. Signed-off-by: Brian Goff (cherry picked from commit f27927d934bdc1e9e9d82bfd50338a4f5ced4048) Signed-off-by: Brian Goff --- cli/command/container/cp.go | 52 +++++++++++++++++++++++++------------ 1 file changed, 35 insertions(+), 17 deletions(-) diff --git a/cli/command/container/cp.go b/cli/command/container/cp.go index 67e5e598ea21..0ac209ea1422 100644 --- a/cli/command/container/cp.go +++ b/cli/command/container/cp.go @@ -10,6 +10,7 @@ import ( "github.com/docker/cli/cli" "github.com/docker/cli/cli/command" + "github.com/docker/cli/cli/streams" "github.com/docker/docker/api/types" "github.com/docker/docker/pkg/archive" "github.com/docker/docker/pkg/system" @@ -51,19 +52,22 @@ type copyProgressPrinter struct { toContainer bool total *float64 writer io.Writer + isTerm bool } func (pt *copyProgressPrinter) Read(p []byte) (int, error) { n, err := pt.ReadCloser.Read(p) - *pt.total += float64(n) - - if err == nil { - fmt.Fprint(pt.writer, aec.Restore) - fmt.Fprint(pt.writer, aec.EraseLine(aec.EraseModes.All)) - if pt.toContainer { - fmt.Fprintln(pt.writer, "Copying to container - "+units.HumanSize(*pt.total)) - } else { - fmt.Fprintln(pt.writer, "Copying from container - "+units.HumanSize(*pt.total)) + if n > 0 { + *pt.total += float64(n) + + if pt.isTerm { + fmt.Fprint(pt.writer, aec.Restore) + fmt.Fprint(pt.writer, aec.EraseLine(aec.EraseModes.All)) + if pt.toContainer { + fmt.Fprintln(pt.writer, "Copying to container - "+units.HumanSize(*pt.total)) + } else { + fmt.Fprintln(pt.writer, "Copying from container - "+units.HumanSize(*pt.total)) + } } } @@ -211,6 +215,8 @@ func copyFromContainer(ctx context.Context, dockerCli command.Cli, copyConfig cp RebaseName: rebaseName, } + stderrIsTerm := streams.NewOut(dockerCli.Err()).IsTerminal() + var copiedSize float64 if !copyConfig.quiet { content = ©ProgressPrinter{ @@ -218,6 +224,7 @@ func copyFromContainer(ctx context.Context, dockerCli command.Cli, copyConfig cp toContainer: false, writer: dockerCli.Err(), total: &copiedSize, + isTerm: stderrIsTerm, } } @@ -231,11 +238,15 @@ func copyFromContainer(ctx context.Context, dockerCli command.Cli, copyConfig cp return archive.CopyTo(preArchive, srcInfo, dstPath) } - fmt.Fprint(dockerCli.Err(), aec.Save) - fmt.Fprintln(dockerCli.Err(), "Preparing to copy...") + if stderrIsTerm { + fmt.Fprint(dockerCli.Err(), aec.Save) + fmt.Fprintln(dockerCli.Err(), "Preparing to copy...") + } res := archive.CopyTo(preArchive, srcInfo, dstPath) - fmt.Fprint(dockerCli.Err(), aec.Restore) - fmt.Fprint(dockerCli.Err(), aec.EraseLine(aec.EraseModes.All)) + if stderrIsTerm { + fmt.Fprint(dockerCli.Err(), aec.Restore) + fmt.Fprint(dockerCli.Err(), aec.EraseLine(aec.EraseModes.All)) + } fmt.Fprintln(dockerCli.Err(), "Successfully copied", units.HumanSize(copiedSize), "to", dstPath) return res @@ -296,6 +307,8 @@ func copyToContainer(ctx context.Context, dockerCli command.Cli, copyConfig cpCo copiedSize float64 ) + stderrIsTerm := streams.NewOut(dockerCli.Err()).IsTerminal() + if srcPath == "-" { content = os.Stdin resolvedDstPath = dstInfo.Path @@ -341,6 +354,7 @@ func copyToContainer(ctx context.Context, dockerCli command.Cli, copyConfig cpCo toContainer: true, writer: dockerCli.Err(), total: &copiedSize, + isTerm: stderrIsTerm, } } } @@ -354,11 +368,15 @@ func copyToContainer(ctx context.Context, dockerCli command.Cli, copyConfig cpCo return client.CopyToContainer(ctx, copyConfig.container, resolvedDstPath, content, options) } - fmt.Fprint(dockerCli.Err(), aec.Save) - fmt.Fprintln(dockerCli.Err(), "Preparing to copy...") + if stderrIsTerm { + fmt.Fprint(dockerCli.Err(), aec.Save) + fmt.Fprintln(dockerCli.Err(), "Preparing to copy...") + } res := client.CopyToContainer(ctx, copyConfig.container, resolvedDstPath, content, options) - fmt.Fprint(dockerCli.Err(), aec.Restore) - fmt.Fprint(dockerCli.Err(), aec.EraseLine(aec.EraseModes.All)) + if stderrIsTerm { + fmt.Fprint(dockerCli.Err(), aec.Restore) + fmt.Fprint(dockerCli.Err(), aec.EraseLine(aec.EraseModes.All)) + } fmt.Fprintln(dockerCli.Err(), "Successfully copied", units.HumanSize(copiedSize), "to", copyConfig.container+":"+dstInfo.Path) return res From f813c9639f89a029364b62a287b24965d56e4615 Mon Sep 17 00:00:00 2001 From: Brian Goff Date: Wed, 29 Mar 2023 23:47:50 +0000 Subject: [PATCH 032/197] cp: Improve tty flashing on progress updates - Instead of rewriting the entire line every time only clear and write the parts that changed. - Hide the cursor while writing progress Both these things make the progress updates significantly easier to read. Signed-off-by: Brian Goff (cherry picked from commit ccae6e9299e9c2d7c9e53bd4a485d43581a795ee) Signed-off-by: Brian Goff --- cli/command/container/cp.go | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/cli/command/container/cp.go b/cli/command/container/cp.go index 0ac209ea1422..42205918c352 100644 --- a/cli/command/container/cp.go +++ b/cli/command/container/cp.go @@ -58,16 +58,24 @@ type copyProgressPrinter struct { func (pt *copyProgressPrinter) Read(p []byte) (int, error) { n, err := pt.ReadCloser.Read(p) if n > 0 { + isFirst := *pt.total == 0 *pt.total += float64(n) if pt.isTerm { - fmt.Fprint(pt.writer, aec.Restore) - fmt.Fprint(pt.writer, aec.EraseLine(aec.EraseModes.All)) + var header string if pt.toContainer { - fmt.Fprintln(pt.writer, "Copying to container - "+units.HumanSize(*pt.total)) + header = "Copying to container - " } else { - fmt.Fprintln(pt.writer, "Copying from container - "+units.HumanSize(*pt.total)) + header = "Copying from container - " } + if isFirst { + fmt.Fprint(pt.writer, aec.Restore) + fmt.Fprint(pt.writer, aec.EraseLine(aec.EraseModes.All)) + fmt.Fprint(pt.writer, header) + } + fmt.Fprint(pt.writer, aec.Column(uint(len(header)+1))) + fmt.Fprint(pt.writer, aec.EraseLine(aec.EraseModes.Tail)) + fmt.Fprint(pt.writer, units.HumanSize(*pt.total)) } } @@ -239,6 +247,7 @@ func copyFromContainer(ctx context.Context, dockerCli command.Cli, copyConfig cp } if stderrIsTerm { + fmt.Fprint(dockerCli.Err(), aec.Hide) fmt.Fprint(dockerCli.Err(), aec.Save) fmt.Fprintln(dockerCli.Err(), "Preparing to copy...") } @@ -246,6 +255,7 @@ func copyFromContainer(ctx context.Context, dockerCli command.Cli, copyConfig cp if stderrIsTerm { fmt.Fprint(dockerCli.Err(), aec.Restore) fmt.Fprint(dockerCli.Err(), aec.EraseLine(aec.EraseModes.All)) + fmt.Fprint(dockerCli.Err(), aec.Show) } fmt.Fprintln(dockerCli.Err(), "Successfully copied", units.HumanSize(copiedSize), "to", dstPath) @@ -369,6 +379,7 @@ func copyToContainer(ctx context.Context, dockerCli command.Cli, copyConfig cpCo } if stderrIsTerm { + fmt.Fprint(dockerCli.Err(), aec.Hide) fmt.Fprint(dockerCli.Err(), aec.Save) fmt.Fprintln(dockerCli.Err(), "Preparing to copy...") } @@ -376,6 +387,7 @@ func copyToContainer(ctx context.Context, dockerCli command.Cli, copyConfig cpCo if stderrIsTerm { fmt.Fprint(dockerCli.Err(), aec.Restore) fmt.Fprint(dockerCli.Err(), aec.EraseLine(aec.EraseModes.All)) + fmt.Fprint(dockerCli.Err(), aec.Show) } fmt.Fprintln(dockerCli.Err(), "Successfully copied", units.HumanSize(copiedSize), "to", copyConfig.container+":"+dstInfo.Path) From 948dfa91c962dff59b874169b94e86c54653b503 Mon Sep 17 00:00:00 2001 From: Brian Goff Date: Thu, 30 Mar 2023 00:00:03 +0000 Subject: [PATCH 033/197] cp: reduce branching in progress printer This just makes it easier to reason about what is happening. Signed-off-by: Brian Goff (cherry picked from commit efd011b793ad3b9440acabd7ea95a109baf3e7fb) Signed-off-by: Brian Goff --- cli/command/container/cp.go | 66 ++++++++++++++++++++----------------- 1 file changed, 35 insertions(+), 31 deletions(-) diff --git a/cli/command/container/cp.go b/cli/command/container/cp.go index 42205918c352..7d887832760c 100644 --- a/cli/command/container/cp.go +++ b/cli/command/container/cp.go @@ -49,35 +49,39 @@ type cpConfig struct { // copying files to/from a container. type copyProgressPrinter struct { io.ReadCloser - toContainer bool - total *float64 - writer io.Writer - isTerm bool + total *float64 + writer io.Writer + isTerm bool + header string } +const ( + copyToContainerHeader = "Copying to container - " + copyFromContainerHeader = "Copying from container - " +) + func (pt *copyProgressPrinter) Read(p []byte) (int, error) { n, err := pt.ReadCloser.Read(p) + isFirst := *pt.total == 0 if n > 0 { - isFirst := *pt.total == 0 *pt.total += float64(n) + } + if err != nil && err != io.EOF { + return n, err + } - if pt.isTerm { - var header string - if pt.toContainer { - header = "Copying to container - " - } else { - header = "Copying from container - " - } - if isFirst { - fmt.Fprint(pt.writer, aec.Restore) - fmt.Fprint(pt.writer, aec.EraseLine(aec.EraseModes.All)) - fmt.Fprint(pt.writer, header) - } - fmt.Fprint(pt.writer, aec.Column(uint(len(header)+1))) - fmt.Fprint(pt.writer, aec.EraseLine(aec.EraseModes.Tail)) - fmt.Fprint(pt.writer, units.HumanSize(*pt.total)) - } + if !pt.isTerm { + return n, err + } + + if isFirst { + fmt.Fprint(pt.writer, aec.Restore) + fmt.Fprint(pt.writer, aec.EraseLine(aec.EraseModes.All)) + fmt.Fprint(pt.writer, pt.header) } + fmt.Fprint(pt.writer, aec.Column(uint(len(pt.header)+1))) + fmt.Fprint(pt.writer, aec.EraseLine(aec.EraseModes.Tail)) + fmt.Fprint(pt.writer, units.HumanSize(*pt.total)) return n, err } @@ -228,11 +232,11 @@ func copyFromContainer(ctx context.Context, dockerCli command.Cli, copyConfig cp var copiedSize float64 if !copyConfig.quiet { content = ©ProgressPrinter{ - ReadCloser: content, - toContainer: false, - writer: dockerCli.Err(), - total: &copiedSize, - isTerm: stderrIsTerm, + ReadCloser: content, + writer: dockerCli.Err(), + total: &copiedSize, + isTerm: stderrIsTerm, + header: copyFromContainerHeader, } } @@ -360,11 +364,11 @@ func copyToContainer(ctx context.Context, dockerCli command.Cli, copyConfig cpCo content = preparedArchive if !copyConfig.quiet { content = ©ProgressPrinter{ - ReadCloser: content, - toContainer: true, - writer: dockerCli.Err(), - total: &copiedSize, - isTerm: stderrIsTerm, + ReadCloser: content, + writer: dockerCli.Err(), + total: &copiedSize, + isTerm: stderrIsTerm, + header: copyToContainerHeader, } } } From c28cb35c42643f3a892b251c63ac2747524f5ac9 Mon Sep 17 00:00:00 2001 From: Brian Goff Date: Thu, 30 Mar 2023 00:32:43 +0000 Subject: [PATCH 034/197] cp: Reduce number of progress updates Only show progress updates after a time threshold has elapsed in order to reduce the number of writes to the terminal. This improves readability of the progress. Also moves cursor show/hide into the progress printer to reduce chances if messing up the user's terminal in case of cancellation. Signed-off-by: Brian Goff (cherry picked from commit 90b7bc36d4ef13c6c79ed518337503d4696398ec) Signed-off-by: Brian Goff --- cli/command/container/cp.go | 38 +++++++++++++++++++++---------------- 1 file changed, 22 insertions(+), 16 deletions(-) diff --git a/cli/command/container/cp.go b/cli/command/container/cp.go index 7d887832760c..ad053522c521 100644 --- a/cli/command/container/cp.go +++ b/cli/command/container/cp.go @@ -7,6 +7,7 @@ import ( "os" "path/filepath" "strings" + "time" "github.com/docker/cli/cli" "github.com/docker/cli/cli/command" @@ -49,15 +50,17 @@ type cpConfig struct { // copying files to/from a container. type copyProgressPrinter struct { io.ReadCloser - total *float64 - writer io.Writer - isTerm bool - header string + total *float64 + writer io.Writer + isTerm bool + header string + lastUpdate time.Time } const ( - copyToContainerHeader = "Copying to container - " - copyFromContainerHeader = "Copying from container - " + copyToContainerHeader = "Copying to container - " + copyFromContainerHeader = "Copying from container - " + copyProgressUpdateThreshold = 75 * time.Millisecond ) func (pt *copyProgressPrinter) Read(p []byte) (int, error) { @@ -66,23 +69,30 @@ func (pt *copyProgressPrinter) Read(p []byte) (int, error) { if n > 0 { *pt.total += float64(n) } - if err != nil && err != io.EOF { + if !pt.isTerm { return n, err } - if !pt.isTerm { - return n, err + doUpdate := func() { + fmt.Fprint(pt.writer, aec.Hide) + fmt.Fprint(pt.writer, aec.Column(uint(len(pt.header)+1))) + fmt.Fprint(pt.writer, aec.EraseLine(aec.EraseModes.Tail)) + fmt.Fprint(pt.writer, units.HumanSize(*pt.total)) + fmt.Fprint(pt.writer, aec.Show) + pt.lastUpdate = time.Now() } if isFirst { fmt.Fprint(pt.writer, aec.Restore) fmt.Fprint(pt.writer, aec.EraseLine(aec.EraseModes.All)) fmt.Fprint(pt.writer, pt.header) + doUpdate() + return n, err } - fmt.Fprint(pt.writer, aec.Column(uint(len(pt.header)+1))) - fmt.Fprint(pt.writer, aec.EraseLine(aec.EraseModes.Tail)) - fmt.Fprint(pt.writer, units.HumanSize(*pt.total)) + if err != nil || time.Since(pt.lastUpdate) > copyProgressUpdateThreshold { + doUpdate() + } return n, err } @@ -251,7 +261,6 @@ func copyFromContainer(ctx context.Context, dockerCli command.Cli, copyConfig cp } if stderrIsTerm { - fmt.Fprint(dockerCli.Err(), aec.Hide) fmt.Fprint(dockerCli.Err(), aec.Save) fmt.Fprintln(dockerCli.Err(), "Preparing to copy...") } @@ -259,7 +268,6 @@ func copyFromContainer(ctx context.Context, dockerCli command.Cli, copyConfig cp if stderrIsTerm { fmt.Fprint(dockerCli.Err(), aec.Restore) fmt.Fprint(dockerCli.Err(), aec.EraseLine(aec.EraseModes.All)) - fmt.Fprint(dockerCli.Err(), aec.Show) } fmt.Fprintln(dockerCli.Err(), "Successfully copied", units.HumanSize(copiedSize), "to", dstPath) @@ -383,7 +391,6 @@ func copyToContainer(ctx context.Context, dockerCli command.Cli, copyConfig cpCo } if stderrIsTerm { - fmt.Fprint(dockerCli.Err(), aec.Hide) fmt.Fprint(dockerCli.Err(), aec.Save) fmt.Fprintln(dockerCli.Err(), "Preparing to copy...") } @@ -391,7 +398,6 @@ func copyToContainer(ctx context.Context, dockerCli command.Cli, copyConfig cpCo if stderrIsTerm { fmt.Fprint(dockerCli.Err(), aec.Restore) fmt.Fprint(dockerCli.Err(), aec.EraseLine(aec.EraseModes.All)) - fmt.Fprint(dockerCli.Err(), aec.Show) } fmt.Fprintln(dockerCli.Err(), "Successfully copied", units.HumanSize(copiedSize), "to", copyConfig.container+":"+dstInfo.Path) From ce68ce7ae8805c9ae593c146ff9173e4cbe16297 Mon Sep 17 00:00:00 2001 From: Brian Goff Date: Thu, 30 Mar 2023 01:04:37 +0000 Subject: [PATCH 035/197] cp: Make gocyclo happy Signed-off-by: Brian Goff (cherry picked from commit b9a1b0928af630ee20d91b89784b862655a04bd1) Signed-off-by: Brian Goff --- cli/command/container/cp.go | 41 +++++++++++++++++-------------------- 1 file changed, 19 insertions(+), 22 deletions(-) diff --git a/cli/command/container/cp.go b/cli/command/container/cp.go index ad053522c521..aad1460c00f5 100644 --- a/cli/command/container/cp.go +++ b/cli/command/container/cp.go @@ -237,15 +237,13 @@ func copyFromContainer(ctx context.Context, dockerCli command.Cli, copyConfig cp RebaseName: rebaseName, } - stderrIsTerm := streams.NewOut(dockerCli.Err()).IsTerminal() - var copiedSize float64 if !copyConfig.quiet { content = ©ProgressPrinter{ ReadCloser: content, writer: dockerCli.Err(), total: &copiedSize, - isTerm: stderrIsTerm, + isTerm: streams.NewOut(dockerCli.Err()).IsTerminal(), header: copyFromContainerHeader, } } @@ -260,15 +258,9 @@ func copyFromContainer(ctx context.Context, dockerCli command.Cli, copyConfig cp return archive.CopyTo(preArchive, srcInfo, dstPath) } - if stderrIsTerm { - fmt.Fprint(dockerCli.Err(), aec.Save) - fmt.Fprintln(dockerCli.Err(), "Preparing to copy...") - } + restore := prepareTTYCopyProgress(dockerCli) res := archive.CopyTo(preArchive, srcInfo, dstPath) - if stderrIsTerm { - fmt.Fprint(dockerCli.Err(), aec.Restore) - fmt.Fprint(dockerCli.Err(), aec.EraseLine(aec.EraseModes.All)) - } + restore() fmt.Fprintln(dockerCli.Err(), "Successfully copied", units.HumanSize(copiedSize), "to", dstPath) return res @@ -329,8 +321,6 @@ func copyToContainer(ctx context.Context, dockerCli command.Cli, copyConfig cpCo copiedSize float64 ) - stderrIsTerm := streams.NewOut(dockerCli.Err()).IsTerminal() - if srcPath == "-" { content = os.Stdin resolvedDstPath = dstInfo.Path @@ -375,7 +365,7 @@ func copyToContainer(ctx context.Context, dockerCli command.Cli, copyConfig cpCo ReadCloser: content, writer: dockerCli.Err(), total: &copiedSize, - isTerm: stderrIsTerm, + isTerm: streams.NewOut(dockerCli.Err()).IsTerminal(), header: copyToContainerHeader, } } @@ -390,20 +380,27 @@ func copyToContainer(ctx context.Context, dockerCli command.Cli, copyConfig cpCo return client.CopyToContainer(ctx, copyConfig.container, resolvedDstPath, content, options) } - if stderrIsTerm { - fmt.Fprint(dockerCli.Err(), aec.Save) - fmt.Fprintln(dockerCli.Err(), "Preparing to copy...") - } + restore := prepareTTYCopyProgress(dockerCli) res := client.CopyToContainer(ctx, copyConfig.container, resolvedDstPath, content, options) - if stderrIsTerm { - fmt.Fprint(dockerCli.Err(), aec.Restore) - fmt.Fprint(dockerCli.Err(), aec.EraseLine(aec.EraseModes.All)) - } + restore() fmt.Fprintln(dockerCli.Err(), "Successfully copied", units.HumanSize(copiedSize), "to", copyConfig.container+":"+dstInfo.Path) return res } +func prepareTTYCopyProgress(cli command.Cli) func() { + if !streams.NewOut(cli.Err()).IsTerminal() { + return func() {} + } + + fmt.Fprint(cli.Err(), aec.Save) + fmt.Fprintln(cli.Err(), "Preparing to copy...") + return func() { + fmt.Fprint(cli.Err(), aec.Restore) + fmt.Fprint(cli.Err(), aec.EraseLine(aec.EraseModes.All)) + } +} + // We use `:` as a delimiter between CONTAINER and PATH, but `:` could also be // in a valid LOCALPATH, like `file:name.txt`. We can resolve this ambiguity by // requiring a LOCALPATH with a `:` to be made explicit with a relative or From 209e9c0c13110828242d17b1f922d1c1555376b8 Mon Sep 17 00:00:00 2001 From: Brian Goff Date: Thu, 30 Mar 2023 17:22:17 +0000 Subject: [PATCH 036/197] cp: Do not block transfer on writing to terminal This moves all the terminal writing to a goroutine that updates the terminal periodically. In our MITM copier we just use an atomic to add to the total number of bytes read/written, the goroutine reads the total and updates the terminal as needed. Signed-off-by: Brian Goff (cherry picked from commit eb392ff4ce56960b75cfa752fa9cdc821974bc42) Signed-off-by: Brian Goff --- cli/command/container/cp.go | 127 +++++++++++++++++++++--------------- 1 file changed, 73 insertions(+), 54 deletions(-) diff --git a/cli/command/container/cp.go b/cli/command/container/cp.go index aad1460c00f5..116d63624379 100644 --- a/cli/command/container/cp.go +++ b/cli/command/container/cp.go @@ -1,12 +1,15 @@ package container import ( + "bytes" "context" "fmt" "io" "os" + "os/signal" "path/filepath" "strings" + "sync/atomic" "time" "github.com/docker/cli/cli" @@ -50,11 +53,7 @@ type cpConfig struct { // copying files to/from a container. type copyProgressPrinter struct { io.ReadCloser - total *float64 - writer io.Writer - isTerm bool - header string - lastUpdate time.Time + total *int64 } const ( @@ -65,35 +64,62 @@ const ( func (pt *copyProgressPrinter) Read(p []byte) (int, error) { n, err := pt.ReadCloser.Read(p) - isFirst := *pt.total == 0 - if n > 0 { - *pt.total += float64(n) - } - if !pt.isTerm { - return n, err - } + atomic.AddInt64(pt.total, int64(n)) + return n, err +} - doUpdate := func() { - fmt.Fprint(pt.writer, aec.Hide) - fmt.Fprint(pt.writer, aec.Column(uint(len(pt.header)+1))) - fmt.Fprint(pt.writer, aec.EraseLine(aec.EraseModes.Tail)) - fmt.Fprint(pt.writer, units.HumanSize(*pt.total)) - fmt.Fprint(pt.writer, aec.Show) - pt.lastUpdate = time.Now() +func copyProgress(ctx context.Context, dst io.Writer, header string, total *int64) (func(), <-chan struct{}) { + done := make(chan struct{}) + if !streams.NewOut(dst).IsTerminal() { + close(done) + return func() {}, done } - if isFirst { - fmt.Fprint(pt.writer, aec.Restore) - fmt.Fprint(pt.writer, aec.EraseLine(aec.EraseModes.All)) - fmt.Fprint(pt.writer, pt.header) - doUpdate() - return n, err - } + fmt.Fprint(dst, aec.Save) + fmt.Fprint(dst, "Preparing to copy...") - if err != nil || time.Since(pt.lastUpdate) > copyProgressUpdateThreshold { - doUpdate() + restore := func() { + fmt.Fprint(dst, aec.Restore) + fmt.Fprint(dst, aec.EraseLine(aec.EraseModes.All)) } - return n, err + + go func() { + defer close(done) + fmt.Fprint(dst, aec.Hide) + defer fmt.Fprint(dst, aec.Show) + + fmt.Fprint(dst, aec.Restore) + fmt.Fprint(dst, aec.EraseLine(aec.EraseModes.All)) + fmt.Fprint(dst, header) + + var last int64 + fmt.Fprint(dst, progressHumanSize(last)) + + buf := bytes.NewBuffer(nil) + ticker := time.NewTicker(copyProgressUpdateThreshold) + for { + select { + case <-ctx.Done(): + return + case <-ticker.C: + n := atomic.LoadInt64(total) + if n == last { + // Don't write to the terminal, if we don't need to. + continue + } + + // Write to the buffer first to avoid flickering and context switching + fmt.Fprint(buf, aec.Column(uint(len(header)+1))) + fmt.Fprint(buf, aec.EraseLine(aec.EraseModes.Tail)) + fmt.Fprint(buf, progressHumanSize(n)) + + buf.WriteTo(dst) + buf.Reset() + last += n + } + } + }() + return restore, done } // NewCopyCommand creates a new `docker cp` command @@ -139,6 +165,10 @@ func NewCopyCommand(dockerCli command.Cli) *cobra.Command { return cmd } +func progressHumanSize(n int64) string { + return units.HumanSizeWithPrecision(float64(n), 3) +} + func runCopy(dockerCli command.Cli, opts copyOptions) error { srcContainer, srcPath := splitCpArg(opts.source) destContainer, destPath := splitCpArg(opts.destination) @@ -219,6 +249,9 @@ func copyFromContainer(ctx context.Context, dockerCli command.Cli, copyConfig cp } + ctx, cancel := signal.NotifyContext(ctx, os.Interrupt) + defer cancel() + content, stat, err := client.CopyFromContainer(ctx, copyConfig.container, srcPath) if err != nil { return err @@ -237,14 +270,11 @@ func copyFromContainer(ctx context.Context, dockerCli command.Cli, copyConfig cp RebaseName: rebaseName, } - var copiedSize float64 + var copiedSize int64 if !copyConfig.quiet { content = ©ProgressPrinter{ ReadCloser: content, - writer: dockerCli.Err(), total: &copiedSize, - isTerm: streams.NewOut(dockerCli.Err()).IsTerminal(), - header: copyFromContainerHeader, } } @@ -258,10 +288,12 @@ func copyFromContainer(ctx context.Context, dockerCli command.Cli, copyConfig cp return archive.CopyTo(preArchive, srcInfo, dstPath) } - restore := prepareTTYCopyProgress(dockerCli) + restore, done := copyProgress(ctx, dockerCli.Err(), copyFromContainerHeader, &copiedSize) res := archive.CopyTo(preArchive, srcInfo, dstPath) + cancel() + <-done restore() - fmt.Fprintln(dockerCli.Err(), "Successfully copied", units.HumanSize(copiedSize), "to", dstPath) + fmt.Fprintln(dockerCli.Err(), "Successfully copied", progressHumanSize(copiedSize), "to", dstPath) return res } @@ -318,7 +350,7 @@ func copyToContainer(ctx context.Context, dockerCli command.Cli, copyConfig cpCo var ( content io.ReadCloser resolvedDstPath string - copiedSize float64 + copiedSize int64 ) if srcPath == "-" { @@ -363,10 +395,7 @@ func copyToContainer(ctx context.Context, dockerCli command.Cli, copyConfig cpCo if !copyConfig.quiet { content = ©ProgressPrinter{ ReadCloser: content, - writer: dockerCli.Err(), total: &copiedSize, - isTerm: streams.NewOut(dockerCli.Err()).IsTerminal(), - header: copyToContainerHeader, } } } @@ -380,27 +409,17 @@ func copyToContainer(ctx context.Context, dockerCli command.Cli, copyConfig cpCo return client.CopyToContainer(ctx, copyConfig.container, resolvedDstPath, content, options) } - restore := prepareTTYCopyProgress(dockerCli) + ctx, cancel := signal.NotifyContext(ctx, os.Interrupt) + restore, done := copyProgress(ctx, dockerCli.Err(), copyToContainerHeader, &copiedSize) res := client.CopyToContainer(ctx, copyConfig.container, resolvedDstPath, content, options) + cancel() + <-done restore() - fmt.Fprintln(dockerCli.Err(), "Successfully copied", units.HumanSize(copiedSize), "to", copyConfig.container+":"+dstInfo.Path) + fmt.Fprintln(dockerCli.Err(), "Successfully copied", progressHumanSize(copiedSize), "to", copyConfig.container+":"+dstInfo.Path) return res } -func prepareTTYCopyProgress(cli command.Cli) func() { - if !streams.NewOut(cli.Err()).IsTerminal() { - return func() {} - } - - fmt.Fprint(cli.Err(), aec.Save) - fmt.Fprintln(cli.Err(), "Preparing to copy...") - return func() { - fmt.Fprint(cli.Err(), aec.Restore) - fmt.Fprint(cli.Err(), aec.EraseLine(aec.EraseModes.All)) - } -} - // We use `:` as a delimiter between CONTAINER and PATH, but `:` could also be // in a valid LOCALPATH, like `file:name.txt`. We can resolve this ambiguity by // requiring a LOCALPATH with a `:` to be made explicit with a relative or From 5cd7710a0478599db49b8d473a81027d4b5a8c1e Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Wed, 5 Apr 2023 15:49:47 +0200 Subject: [PATCH 037/197] update go to go1.19.8 go1.19.8 (released 2023-04-04) includes security fixes to the go/parser, html/template, mime/multipart, net/http, and net/textproto packages, as well as bug fixes to the linker, the runtime, and the time package. See the Go 1.19.8 milestone on our issue tracker for details: https://github.com/golang/go/issues?q=milestone%3AGo1.19.8+label%3ACherryPickApproved full diff: https://github.com/golang/go/compare/go1.19.7...go1.19.8 Further details from the announcement on the mailing list: We have just released Go versions 1.20.3 and 1.19.8, minor point releases. These minor releases include 4 security fixes following the security policy: - go/parser: infinite loop in parsing Calling any of the Parse functions on Go source code which contains `//line` directives with very large line numbers can cause an infinite loop due to integer overflow. Thanks to Philippe Antoine (Catena cyber) for reporting this issue. This is CVE-2023-24537 and Go issue https://go.dev/issue/59180. - html/template: backticks not treated as string delimiters Templates did not properly consider backticks (`) as Javascript string delimiters, and as such did not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contained a Go template action within a Javascript template literal, the contents of the action could be used to terminate the literal, injecting arbitrary Javascript code into the Go template. As ES6 template literals are rather complex, and themselves can do string interpolation, we've decided to simply disallow Go template actions from being used inside of them (e.g. "var a = {{.}}"), since there is no obviously safe way to allow this behavior. This takes the same approach as github.com/google/safehtml. Template.Parse will now return an Error when it encounters templates like this, with a currently unexported ErrorCode with a value of 12. This ErrorCode will be exported in the next major release. Users who rely on this behavior can re-enable it using the GODEBUG flag jstmpllitinterp=1, with the caveat that backticks will now be escaped. This should be used with caution. Thanks to Sohom Datta, Manipal Institute of Technology, for reporting this issue. This is CVE-2023-24538 and Go issue https://go.dev/issue/59234. - net/http, net/textproto: denial of service from excessive memory allocation HTTP and MIME header parsing could allocate large amounts of memory, even when parsing small inputs. Certain unusual patterns of input data could cause the common function used to parse HTTP and MIME headers to allocate substantially more memory than required to hold the parsed headers. An attacker can exploit this behavior to cause an HTTP server to allocate large amounts of memory from a small request, potentially leading to memory exhaustion and a denial of service. Header parsing now correctly allocates only the memory required to hold parsed headers. Thanks to Jakob Ackermann (@das7pad) for discovering this issue. This is CVE-2023-24534 and Go issue https://go.dev/issue/58975. - net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption Multipart form parsing can consume large amounts of CPU and memory when processing form inputs containing very large numbers of parts. This stems from several causes: mime/multipart.Reader.ReadForm limits the total memory a parsed multipart form can consume. ReadForm could undercount the amount of memory consumed, leading it to accept larger inputs than intended. Limiting total memory does not account for increased pressure on the garbage collector from large numbers of small allocations in forms with many parts. ReadForm could allocate a large number of short-lived buffers, further increasing pressure on the garbage collector. The combination of these factors can permit an attacker to cause an program that parses multipart forms to consume large amounts of CPU and memory, potentially resulting in a denial of service. This affects programs that use mime/multipart.Reader.ReadForm, as well as form parsing in the net/http package with the Request methods FormFile, FormValue, ParseMultipartForm, and PostFormValue. ReadForm now does a better job of estimating the memory consumption of parsed forms, and performs many fewer short-lived allocations. In addition, mime/multipart.Reader now imposes the following limits on the size of parsed forms: Forms parsed with ReadForm may contain no more than 1000 parts. This limit may be adjusted with the environment variable GODEBUG=multipartmaxparts=. Form parts parsed with NextPart and NextRawPart may contain no more than 10,000 header fields. In addition, forms parsed with ReadForm may contain no more than 10,000 header fields across all parts. This limit may be adjusted with the environment variable GODEBUG=multipartmaxheaders=. Thanks to Jakob Ackermann for discovering this issue. This is CVE-2023-24536 and Go issue https://go.dev/issue/59153. Signed-off-by: Sebastiaan van Stijn --- .github/workflows/test.yml | 2 +- Dockerfile | 2 +- docker-bake.hcl | 2 +- dockerfiles/Dockerfile.dev | 2 +- dockerfiles/Dockerfile.lint | 2 +- dockerfiles/Dockerfile.vendor | 2 +- e2e/testdata/Dockerfile.gencerts | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 1a51822a000d..8dd7729de475 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -63,7 +63,7 @@ jobs: name: Set up Go uses: actions/setup-go@v3 with: - go-version: 1.19.7 + go-version: 1.19.8 - name: Test run: | diff --git a/Dockerfile b/Dockerfile index c06d7a0bab25..1939dccf9a19 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,7 @@ # syntax=docker/dockerfile:1 ARG BASE_VARIANT=alpine -ARG GO_VERSION=1.19.7 +ARG GO_VERSION=1.19.8 ARG ALPINE_VERSION=3.16 ARG XX_VERSION=1.1.1 ARG GOVERSIONINFO_VERSION=v1.3.0 diff --git a/docker-bake.hcl b/docker-bake.hcl index 758aa38cdb34..51f79f6d378d 100644 --- a/docker-bake.hcl +++ b/docker-bake.hcl @@ -1,5 +1,5 @@ variable "GO_VERSION" { - default = "1.19.7" + default = "1.19.8" } variable "VERSION" { default = "" diff --git a/dockerfiles/Dockerfile.dev b/dockerfiles/Dockerfile.dev index 27b85e296959..958746ac61ef 100644 --- a/dockerfiles/Dockerfile.dev +++ b/dockerfiles/Dockerfile.dev @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:1 -ARG GO_VERSION=1.19.7 +ARG GO_VERSION=1.19.8 ARG ALPINE_VERSION=3.16 ARG BUILDX_VERSION=0.10.4 diff --git a/dockerfiles/Dockerfile.lint b/dockerfiles/Dockerfile.lint index 3cd740c9f7e9..24a1ae000b19 100644 --- a/dockerfiles/Dockerfile.lint +++ b/dockerfiles/Dockerfile.lint @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:1 -ARG GO_VERSION=1.19.7 +ARG GO_VERSION=1.19.8 ARG ALPINE_VERSION=3.16 ARG GOLANGCI_LINT_VERSION=v1.49.0 diff --git a/dockerfiles/Dockerfile.vendor b/dockerfiles/Dockerfile.vendor index 300c896dda42..49a16e901fb3 100644 --- a/dockerfiles/Dockerfile.vendor +++ b/dockerfiles/Dockerfile.vendor @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:1 -ARG GO_VERSION=1.19.7 +ARG GO_VERSION=1.19.8 ARG ALPINE_VERSION=3.16 ARG MODOUTDATED_VERSION=v0.8.0 diff --git a/e2e/testdata/Dockerfile.gencerts b/e2e/testdata/Dockerfile.gencerts index 19db44ecf175..a0662ee13954 100644 --- a/e2e/testdata/Dockerfile.gencerts +++ b/e2e/testdata/Dockerfile.gencerts @@ -1,6 +1,6 @@ # syntax=docker/dockerfile:1 -ARG GO_VERSION=1.19.7 +ARG GO_VERSION=1.19.8 FROM golang:${GO_VERSION}-alpine AS generated RUN go install github.com/dmcgowan/quicktls@master From 5fd2c08502ef73de8849b4e26df2a2ef5c1b625c Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Sun, 9 Apr 2023 13:35:55 +0200 Subject: [PATCH 038/197] scripts/docs/generate-md.sh: fix location of generate code Commit 1e3622c50cc80bb578c59dc242630ee815e678fd moved the generator code to a subdirectory, but forgot to update the markdown version of this script. Signed-off-by: Sebastiaan van Stijn (cherry picked from commit 37f234fbe796473dd8edcca5902c8099cbc161a1) Signed-off-by: Sebastiaan van Stijn --- scripts/docs/generate-md.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/docs/generate-md.sh b/scripts/docs/generate-md.sh index 1d155a1cef77..a947bb969673 100755 --- a/scripts/docs/generate-md.sh +++ b/scripts/docs/generate-md.sh @@ -25,11 +25,11 @@ trap clean EXIT # install cli-docs-tool and copy docs/tools.go in root folder # to be able to fetch the required depedencies go mod edit -modfile=vendor.mod -require=github.com/docker/cli-docs-tool@${CLI_DOCS_TOOL_VERSION} - cp docs/tools.go . + cp docs/generate/tools.go . # update vendor ./scripts/vendor update # build docsgen - go build -mod=vendor -modfile=vendor.mod -tags docsgen -o /tmp/docsgen ./docs/generate.go + go build -mod=vendor -modfile=vendor.mod -tags docsgen -o /tmp/docsgen ./docs/generate/generate.go ) # yaml generation on docs repo needs the cli.md file: https://github.com/docker/cli/pull/3924#discussion_r1059986605 From 2609bd23ff3bd3f7e6e3a168b9ab110951d0ea42 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Sun, 9 Apr 2023 13:36:36 +0200 Subject: [PATCH 039/197] docs: regenerate markdown docs This adds the new aliases that were added in 9b54d860cd8b131890b92e8591c6ddd650f4d340 Signed-off-by: Sebastiaan van Stijn (cherry picked from commit 08a794dc0c032224615c87c57196149d6c54b105) Signed-off-by: Sebastiaan van Stijn --- docs/reference/commandline/container_rm.md | 2 +- docs/reference/commandline/rm.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/reference/commandline/container_rm.md b/docs/reference/commandline/container_rm.md index b3fd688877fb..58b0f0deda70 100644 --- a/docs/reference/commandline/container_rm.md +++ b/docs/reference/commandline/container_rm.md @@ -5,7 +5,7 @@ Remove one or more containers ### Aliases -`docker container rm`, `docker rm` +`docker container rm`, `docker container remove`, `docker rm` ### Options diff --git a/docs/reference/commandline/rm.md b/docs/reference/commandline/rm.md index 0e82ba358ccb..6d88054c730b 100644 --- a/docs/reference/commandline/rm.md +++ b/docs/reference/commandline/rm.md @@ -5,7 +5,7 @@ Remove one or more containers ### Aliases -`docker container rm`, `docker rm` +`docker container rm`, `docker container remove`, `docker rm` ### Options From 3d0d576af7d0b11f6e59d9cc924b0bc2d6521482 Mon Sep 17 00:00:00 2001 From: CrazyMax Date: Tue, 28 Mar 2023 04:22:16 +0200 Subject: [PATCH 040/197] ci: enhanced build workflow Signed-off-by: CrazyMax (cherry picked from commit bebdb6fa2a18c63a59caafbab6add8fb6115bb79) Signed-off-by: Sebastiaan van Stijn --- .github/workflows/build.yml | 71 ++++++++++++++++++++++++++++++------- 1 file changed, 59 insertions(+), 12 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 8d78258cc6a8..2af6f0fe59da 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -15,14 +15,35 @@ on: pull_request: jobs: + prepare: + runs-on: ubuntu-20.04 + outputs: + matrix: ${{ steps.platforms.outputs.matrix }} + steps: + - + name: Checkout + uses: actions/checkout@v3 + - + name: Create matrix + id: platforms + run: | + echo "matrix=$(docker buildx bake cross --print | jq -cr '.target."cross".platforms')" >>${GITHUB_OUTPUT} + - + name: Show matrix + run: | + echo ${{ steps.platforms.outputs.matrix }} + build: runs-on: ubuntu-20.04 + needs: + - prepare strategy: fail-fast: false matrix: target: - - cross - - dynbinary-cross + - binary + - dynbinary + platform: ${{ fromJson(needs.prepare.outputs.matrix) }} use_glibc: - "" - glibc @@ -36,22 +57,22 @@ jobs: name: Set up Docker Buildx uses: docker/setup-buildx-action@v2 - - name: Run ${{ matrix.target }} + name: Build uses: docker/bake-action@v2 with: targets: ${{ matrix.target }} + set: | + *.platform=${{ matrix.platform }} env: USE_GLIBC: ${{ matrix.use_glibc }} - - name: Flatten artifacts + name: Create tarball working-directory: ./build run: | - for dir in */; do - base=$(basename "$dir") - echo "Creating ${base}.tar.gz ..." - tar -cvzf "${base}.tar.gz" "$dir" - rm -rf "$dir" - done + mkdir /tmp/out + platform=${{ matrix.platform }} + platformPair=${platform//\//-} + tar -cvzf "/tmp/out/docker-${platformPair}.tar.gz" . if [ -z "${{ matrix.use_glibc }}" ]; then echo "ARTIFACT_NAME=${{ matrix.target }}" >> $GITHUB_ENV else @@ -62,11 +83,35 @@ jobs: uses: actions/upload-artifact@v3 with: name: ${{ env.ARTIFACT_NAME }} - path: ./build/* + path: /tmp/out/* if-no-files-found: error + prepare-plugins: + runs-on: ubuntu-20.04 + outputs: + matrix: ${{ steps.platforms.outputs.matrix }} + steps: + - + name: Checkout + uses: actions/checkout@v3 + - + name: Create matrix + id: platforms + run: | + echo "matrix=$(docker buildx bake plugins-cross --print | jq -cr '.target."plugins-cross".platforms')" >>${GITHUB_OUTPUT} + - + name: Show matrix + run: | + echo ${{ steps.platforms.outputs.matrix }} + plugins: runs-on: ubuntu-20.04 + needs: + - prepare-plugins + strategy: + fail-fast: false + matrix: + platform: ${{ fromJson(needs.prepare-plugins.outputs.matrix) }} steps: - name: Checkout @@ -75,7 +120,9 @@ jobs: name: Set up Docker Buildx uses: docker/setup-buildx-action@v2 - - name: Build plugins + name: Build uses: docker/bake-action@v2 with: targets: plugins-cross + set: | + *.platform=${{ matrix.platform }} From 3c7de645411e33bec26627171044dc6e1c96362a Mon Sep 17 00:00:00 2001 From: Jake Stokes Date: Sat, 25 Mar 2023 18:14:50 +0000 Subject: [PATCH 041/197] Fix grammar in docs by adding omitted word Edited second paragraph under ### Daemon configuration file to change "regardless their value" to "regardless of their value" Signed-off-by: Jake Stokes (cherry picked from commit 9335690a660de237df79ff0dd4aac43bc9cf84a2) Signed-off-by: Sebastiaan van Stijn --- docs/reference/commandline/dockerd.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/commandline/dockerd.md b/docs/reference/commandline/dockerd.md index ba7d9be8ab99..a8a3cf2dee64 100644 --- a/docs/reference/commandline/dockerd.md +++ b/docs/reference/commandline/dockerd.md @@ -1143,7 +1143,7 @@ of the flag name, e.g., `labels` for the `label` flag. The options set in the configuration file must not conflict with options set via flags. The docker daemon fails to start if an option is duplicated between -the file and the flags, regardless their value. We do this to avoid +the file and the flags, regardless of their value. We do this to avoid silently ignore changes introduced in configuration reloads. For example, the daemon fails to start if you set daemon labels in the configuration file and also set daemon labels via the `--label` flag. From a763e51147e60825bd9240ab531724f0bfb60cdb Mon Sep 17 00:00:00 2001 From: Laura Brehm Date: Wed, 29 Mar 2023 18:06:08 +0100 Subject: [PATCH 042/197] Fix plugin completion parsing for plugins using `ShellCompDirectiveFilterFileExt` Signed-off-by: Laura Brehm (cherry picked from commit 683e4bf0c4887b9f6fb37bddf03725dd5831ac01) Signed-off-by: Sebastiaan van Stijn --- contrib/completion/bash/docker | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/contrib/completion/bash/docker b/contrib/completion/bash/docker index c1c46bbba8b6..4dde6b1e4a33 100644 --- a/contrib/completion/bash/docker +++ b/contrib/completion/bash/docker @@ -1155,7 +1155,20 @@ __docker_complete_plugin() { resultArray+=( "$value" ) fi done - local result=$(eval "${resultArray[*]}" 2> /dev/null | grep -v '^:[0-9]*$') + local rawResult=$(eval "${resultArray[*]}" 2> /dev/null) + local result=$(grep -v '^:[0-9]*$' <<< "$rawResult") + + # Compose V2 completions sometimes returns returns `:8` (ShellCompDirectiveFilterFileExt) + # with the expected file extensions (such as `yml`, `yaml`) to indicate that the shell should + # provide autocompletions for files with matching extensions + local completionFlag=$(tail -1 <<< "$rawResult") + if [ "$completionFlag" == ":8" ]; then + # format a valid glob pattern for the provided file extensions + local filePattern=$(tr '\n' '|' <<< "$result") + + _filedir "$filePattern" + return + fi # if result empty, just use filename completion as fallback if [ -z "$result" ]; then From ffafb38e304b3472db599c3aae081d8aaf25db40 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Wed, 15 Mar 2023 01:02:58 +0100 Subject: [PATCH 043/197] vendor: github.com/docker/docker v23.0.1 full diff: https://github.com/docker/docker/compare/v23.0.0...v23.0.1 Signed-off-by: Sebastiaan van Stijn (cherry picked from commit 71e495aa542f11cd0b081ca0ce461f1d5ad76054) Signed-off-by: Sebastiaan van Stijn --- vendor.mod | 2 +- vendor.sum | 4 ++-- vendor/modules.txt | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/vendor.mod b/vendor.mod index 82a25dcdeee8..4fb65bfe389c 100644 --- a/vendor.mod +++ b/vendor.mod @@ -10,7 +10,7 @@ require ( github.com/containerd/containerd v1.6.16 github.com/creack/pty v1.1.11 github.com/docker/distribution v2.8.1+incompatible - github.com/docker/docker v23.0.0+incompatible + github.com/docker/docker v23.0.1+incompatible github.com/docker/docker-credential-helpers v0.7.0 github.com/docker/go-connections v0.4.0 github.com/docker/go-units v0.5.0 diff --git a/vendor.sum b/vendor.sum index af3b4cdc6021..2005af5a03dd 100644 --- a/vendor.sum +++ b/vendor.sum @@ -101,8 +101,8 @@ github.com/denisenkom/go-mssqldb v0.0.0-20191128021309-1d7a30a10f73/go.mod h1:xb github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= github.com/docker/distribution v2.8.1+incompatible h1:Q50tZOPR6T/hjNsyc9g8/syEs6bk8XXApsHjKukMl68= github.com/docker/distribution v2.8.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= -github.com/docker/docker v23.0.0+incompatible h1:L6c28tNyqZ4/ub9AZC9d5QUuunoHHfEH4/Ue+h/E5nE= -github.com/docker/docker v23.0.0+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/docker v23.0.1+incompatible h1:vjgvJZxprTTE1A37nm+CLNAdwu6xZekyoiVlUZEINcY= +github.com/docker/docker v23.0.1+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker-credential-helpers v0.7.0 h1:xtCHsjxogADNZcdv1pKUHXryefjlVRqWqIhk/uXJp0A= github.com/docker/docker-credential-helpers v0.7.0/go.mod h1:rETQfLdHNT3foU5kuNkFR1R1V12OJRRO5lzt2D1b5X0= github.com/docker/go v1.5.1-1.0.20160303222718-d30aec9fd63c h1:lzqkGL9b3znc+ZUgi7FlLnqjQhcXxkNM/quxIjBVMD0= diff --git a/vendor/modules.txt b/vendor/modules.txt index b88a03070ea5..75957b3d24c8 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -40,7 +40,7 @@ github.com/docker/distribution/registry/client/transport github.com/docker/distribution/registry/storage/cache github.com/docker/distribution/registry/storage/cache/memory github.com/docker/distribution/uuid -# github.com/docker/docker v23.0.0+incompatible +# github.com/docker/docker v23.0.1+incompatible ## explicit github.com/docker/docker/api github.com/docker/docker/api/types From cb338ec972565c5b558394314605dfa58bb78406 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Wed, 15 Mar 2023 00:31:48 +0100 Subject: [PATCH 044/197] vendor: github.com/containerd/containerd v1.6.19 full diff: https://github.com/containerd/containerd/compare/v1.6.16...v1.6.19 Signed-off-by: Sebastiaan van Stijn (cherry picked from commit 33806760a4561d2032f05197686d20a93608dc25) Signed-off-by: Sebastiaan van Stijn --- vendor.mod | 2 +- vendor.sum | 6 +++--- .../containerd/platforms/defaults_windows.go | 12 ++++++++---- vendor/modules.txt | 2 +- 4 files changed, 13 insertions(+), 9 deletions(-) diff --git a/vendor.mod b/vendor.mod index 4fb65bfe389c..85d1329857a5 100644 --- a/vendor.mod +++ b/vendor.mod @@ -7,7 +7,7 @@ module github.com/docker/cli go 1.18 require ( - github.com/containerd/containerd v1.6.16 + github.com/containerd/containerd v1.6.19 github.com/creack/pty v1.1.11 github.com/docker/distribution v2.8.1+incompatible github.com/docker/docker v23.0.1+incompatible diff --git a/vendor.sum b/vendor.sum index 2005af5a03dd..8df495d0c3c7 100644 --- a/vendor.sum +++ b/vendor.sum @@ -38,7 +38,7 @@ github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/Microsoft/go-winio v0.5.2 h1:a9IhgEQBCUEk6QCdml9CiJGhAws+YwffDHEMp1VMrpA= github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY= -github.com/Microsoft/hcsshim v0.9.6 h1:VwnDOgLeoi2du6dAznfmspNqTiwczvjv4K7NxuY9jsY= +github.com/Microsoft/hcsshim v0.9.7 h1:mKNHW/Xvv1aFH87Jb6ERDzXTJTLPlmzfZ28VBFD/bfg= github.com/Shopify/logrus-bugsnag v0.0.0-20170309145241-6dbc35f2c30d h1:hi6J4K6DKrR4/ljxn6SF6nURyu785wKMuQcjt7H3VCQ= github.com/Shopify/logrus-bugsnag v0.0.0-20170309145241-6dbc35f2c30d/go.mod h1:HI8ITrYtUY+O+ZhtlqUnD8+KwNPOyugEhfP9fdUIaEQ= github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= @@ -84,8 +84,8 @@ github.com/cockroachdb/datadriven v0.0.0-20200714090401-bf6692d28da5/go.mod h1:h github.com/cockroachdb/errors v1.2.4/go.mod h1:rQD95gz6FARkaKkQXUksEje/d9a6wBJoCr5oaCLELYA= github.com/cockroachdb/logtags v0.0.0-20190617123548-eb05cc24525f/go.mod h1:i/u985jwjWRlyHXQbwatDASoW0RMlZ/3i9yJHE2xLkI= github.com/containerd/console v1.0.3/go.mod h1:7LqA/THxQ86k76b8c/EMSiaJ3h1eZkMkXar0TQ1gf3U= -github.com/containerd/containerd v1.6.16 h1:0H5xH6ABsN7XTrxIAKxFpBkFCBtrZ/OSORhCpUnHjrc= -github.com/containerd/containerd v1.6.16/go.mod h1:1RdCUu95+gc2v9t3IL+zIlpClSmew7/0YS8O5eQZrOw= +github.com/containerd/containerd v1.6.19 h1:F0qgQPrG0P2JPgwpxWxYavrVeXAG0ezUIB9Z/4FTUAU= +github.com/containerd/containerd v1.6.19/go.mod h1:HZCDMn4v/Xl2579/MvtOC2M206i+JJ6VxFWU/NetrGY= github.com/containerd/continuity v0.3.0 h1:nisirsYROK15TAMVukJOUyGJjz4BNQJBVsNvAXZJ/eg= github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= diff --git a/vendor/github.com/containerd/containerd/platforms/defaults_windows.go b/vendor/github.com/containerd/containerd/platforms/defaults_windows.go index c1aaf72ca8ee..ff9771a60032 100644 --- a/vendor/github.com/containerd/containerd/platforms/defaults_windows.go +++ b/vendor/github.com/containerd/containerd/platforms/defaults_windows.go @@ -46,10 +46,14 @@ type matchComparer struct { // Match matches platform with the same windows major, minor // and build version. -func (m matchComparer) Match(p imagespec.Platform) bool { - if m.defaults.Match(p) { - // TODO(windows): Figure out whether OSVersion is deprecated. - return strings.HasPrefix(p.OSVersion, m.osVersionPrefix) +func (m matchComparer) Match(p specs.Platform) bool { + match := m.defaults.Match(p) + + if match && p.OS == "windows" { + if strings.HasPrefix(p.OSVersion, m.osVersionPrefix) { + return true + } + return p.OSVersion == "" } return false } diff --git a/vendor/modules.txt b/vendor/modules.txt index 75957b3d24c8..4b09042644f5 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -12,7 +12,7 @@ github.com/beorn7/perks/quantile # github.com/cespare/xxhash/v2 v2.1.2 ## explicit; go 1.11 github.com/cespare/xxhash/v2 -# github.com/containerd/containerd v1.6.16 +# github.com/containerd/containerd v1.6.19 ## explicit; go 1.17 github.com/containerd/containerd/errdefs github.com/containerd/containerd/log From dd6f77bbaa1d69f8980f5ca6ecaaf3a167ef8637 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Wed, 15 Mar 2023 01:00:40 +0100 Subject: [PATCH 045/197] vendor: github.com/moby/swarmkit/v2 v2.0.0-20230309194213-a745a8755ce3 full diff: https://github.com/moby/swarmkit/v2/compare/904c221ac281...a745a8755ce3 Signed-off-by: Sebastiaan van Stijn (cherry picked from commit ca8783ef43f0db7ba06d59d19ff3feabac3c4efd) Signed-off-by: Sebastiaan van Stijn --- vendor.mod | 2 +- vendor.sum | 4 ++-- vendor/modules.txt | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/vendor.mod b/vendor.mod index 85d1329857a5..36b81120d3c9 100644 --- a/vendor.mod +++ b/vendor.mod @@ -23,7 +23,7 @@ require ( github.com/mitchellh/mapstructure v1.3.2 github.com/moby/buildkit v0.10.6 github.com/moby/patternmatcher v0.5.0 - github.com/moby/swarmkit/v2 v2.0.0-20230119195359-904c221ac281 + github.com/moby/swarmkit/v2 v2.0.0-20230309194213-a745a8755ce3 github.com/moby/sys/sequential v0.5.0 github.com/moby/sys/signal v0.7.0 github.com/moby/term v0.0.0-20221128092401-c43b287e0e0f diff --git a/vendor.sum b/vendor.sum index 8df495d0c3c7..b3ec27d689dd 100644 --- a/vendor.sum +++ b/vendor.sum @@ -283,8 +283,8 @@ github.com/moby/buildkit v0.10.6 h1:DJlEuLIgnu34HQKF4n9Eg6q2YqQVC0eOpMb4p2eRS2w= github.com/moby/buildkit v0.10.6/go.mod h1:tQuuyTWtOb9D+RE425cwOCUkX0/oZ+5iBZ+uWpWQ9bU= github.com/moby/patternmatcher v0.5.0 h1:YCZgJOeULcxLw1Q+sVR636pmS7sPEn1Qo2iAN6M7DBo= github.com/moby/patternmatcher v0.5.0/go.mod h1:hDPoyOpDY7OrrMDLaYoY3hf52gNCR/YOUYxkhApJIxc= -github.com/moby/swarmkit/v2 v2.0.0-20230119195359-904c221ac281 h1:E0LdO1cZEXmXrLoojCqEvVCk4cNLWSVotoDbWUmNa8g= -github.com/moby/swarmkit/v2 v2.0.0-20230119195359-904c221ac281/go.mod h1:jIgi55SqNJvlQ74bK35NXKWz6JCTexx5h69d0btP2AM= +github.com/moby/swarmkit/v2 v2.0.0-20230309194213-a745a8755ce3 h1:05e6sB9az9OINsgqSy1PiSC9i0ffkpfQd0oJGAigo6k= +github.com/moby/swarmkit/v2 v2.0.0-20230309194213-a745a8755ce3/go.mod h1:GvjR7mC8YuUd9Mq44lrrIZPaXyKPAGEUMBpAQzaj3dI= github.com/moby/sys/mountinfo v0.5.0/go.mod h1:3bMD3Rg+zkqx8MRYPi7Pyb0Ie97QEBmdxbhnCLlSvSU= github.com/moby/sys/sequential v0.5.0 h1:OPvI35Lzn9K04PBbCLW0g4LcFAJgHsvXsRyewg5lXtc= github.com/moby/sys/sequential v0.5.0/go.mod h1:tH2cOOs5V9MlPiXcQzRC+eEyab644PWKGRYaaV5ZZlo= diff --git a/vendor/modules.txt b/vendor/modules.txt index 4b09042644f5..f8409106d0e3 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -164,7 +164,7 @@ github.com/moby/buildkit/util/appcontext # github.com/moby/patternmatcher v0.5.0 ## explicit; go 1.19 github.com/moby/patternmatcher -# github.com/moby/swarmkit/v2 v2.0.0-20230119195359-904c221ac281 +# github.com/moby/swarmkit/v2 v2.0.0-20230309194213-a745a8755ce3 ## explicit; go 1.18 github.com/moby/swarmkit/v2/api github.com/moby/swarmkit/v2/api/deepcopy From bbc791ed7d60f48351fbe622bc90355edfb691ef Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Wed, 15 Mar 2023 01:32:29 +0100 Subject: [PATCH 046/197] vendor: golang.org/x/sys v0.5.0 full diff: https://github.com/golang/sys/compare/v0.4.0...v0.5.0 Signed-off-by: Sebastiaan van Stijn (cherry picked from commit 3e9c6e84ce893683fba0bdf4660885169e3ac9d7) Signed-off-by: Sebastiaan van Stijn --- vendor.mod | 2 +- vendor.sum | 4 +- vendor/golang.org/x/sys/unix/gccgo_c.c | 4 +- .../golang.org/x/sys/unix/syscall_darwin.go | 1 + .../x/sys/unix/syscall_freebsd_386.go | 9 +- .../x/sys/unix/syscall_freebsd_amd64.go | 9 +- .../x/sys/unix/syscall_freebsd_arm.go | 9 +- .../x/sys/unix/syscall_freebsd_arm64.go | 9 +- .../x/sys/unix/syscall_freebsd_riscv64.go | 9 +- vendor/golang.org/x/sys/unix/syscall_linux.go | 3 +- vendor/golang.org/x/sys/unix/syscall_unix.go | 2 +- vendor/golang.org/x/sys/unix/timestruct.go | 2 +- vendor/golang.org/x/sys/unix/xattr_bsd.go | 9 +- vendor/golang.org/x/sys/unix/zerrors_linux.go | 30 ++- .../x/sys/unix/zerrors_linux_386.go | 1 + .../x/sys/unix/zerrors_linux_amd64.go | 1 + .../x/sys/unix/zerrors_linux_arm.go | 1 + .../x/sys/unix/zerrors_linux_arm64.go | 1 + .../x/sys/unix/zerrors_linux_loong64.go | 1 + .../x/sys/unix/zerrors_linux_mips.go | 1 + .../x/sys/unix/zerrors_linux_mips64.go | 1 + .../x/sys/unix/zerrors_linux_mips64le.go | 1 + .../x/sys/unix/zerrors_linux_mipsle.go | 1 + .../x/sys/unix/zerrors_linux_ppc.go | 1 + .../x/sys/unix/zerrors_linux_ppc64.go | 1 + .../x/sys/unix/zerrors_linux_ppc64le.go | 1 + .../x/sys/unix/zerrors_linux_riscv64.go | 1 + .../x/sys/unix/zerrors_linux_s390x.go | 1 + .../x/sys/unix/zerrors_linux_sparc64.go | 1 + .../golang.org/x/sys/unix/zsyscall_linux.go | 11 + vendor/golang.org/x/sys/unix/ztypes_linux.go | 217 +++++++++++++++--- .../x/sys/windows/syscall_windows.go | 14 +- vendor/modules.txt | 2 +- 33 files changed, 285 insertions(+), 76 deletions(-) diff --git a/vendor.mod b/vendor.mod index 36b81120d3c9..70c9c6a92155 100644 --- a/vendor.mod +++ b/vendor.mod @@ -38,7 +38,7 @@ require ( github.com/tonistiigi/go-rosetta v0.0.0-20200727161949-f79598599c5d github.com/xeipuuv/gojsonschema v1.2.0 golang.org/x/sync v0.1.0 - golang.org/x/sys v0.4.0 + golang.org/x/sys v0.5.0 golang.org/x/term v0.4.0 golang.org/x/text v0.6.0 gopkg.in/yaml.v2 v2.4.0 diff --git a/vendor.sum b/vendor.sum index b3ec27d689dd..7b193f5de36c 100644 --- a/vendor.sum +++ b/vendor.sum @@ -580,8 +580,8 @@ golang.org/x/sys v0.0.0-20211116061358-0a5406a5449c/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.4.0 h1:Zr2JFtRQNX3BCZ8YtxRE9hNJYC8J6I1MVbMg6owUp18= -golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.5.0 h1:MUK/U/4lj1t1oPg0HfuXDN/Z1wv31ZJ/YcPiGccS4DU= +golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= diff --git a/vendor/golang.org/x/sys/unix/gccgo_c.c b/vendor/golang.org/x/sys/unix/gccgo_c.c index c4fce0e70036..f98a1c542f05 100644 --- a/vendor/golang.org/x/sys/unix/gccgo_c.c +++ b/vendor/golang.org/x/sys/unix/gccgo_c.c @@ -2,8 +2,8 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -// +build gccgo,!hurd -// +build !aix,!hurd +//go:build gccgo && !aix && !hurd +// +build gccgo,!aix,!hurd #include #include diff --git a/vendor/golang.org/x/sys/unix/syscall_darwin.go b/vendor/golang.org/x/sys/unix/syscall_darwin.go index 1f63382182f3..192b071b3d0e 100644 --- a/vendor/golang.org/x/sys/unix/syscall_darwin.go +++ b/vendor/golang.org/x/sys/unix/syscall_darwin.go @@ -230,6 +230,7 @@ func direntNamlen(buf []byte) (uint64, bool) { func PtraceAttach(pid int) (err error) { return ptrace(PT_ATTACH, pid, 0, 0) } func PtraceDetach(pid int) (err error) { return ptrace(PT_DETACH, pid, 0, 0) } +func PtraceDenyAttach() (err error) { return ptrace(PT_DENY_ATTACH, 0, 0, 0) } //sysnb pipe(p *[2]int32) (err error) diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go b/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go index b11ede89a960..6a91d471d09c 100644 --- a/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go +++ b/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go @@ -60,8 +60,13 @@ func PtraceGetFsBase(pid int, fsbase *int64) (err error) { return ptrace(PT_GETFSBASE, pid, uintptr(unsafe.Pointer(fsbase)), 0) } -func PtraceIO(req int, pid int, addr uintptr, out []byte, countin int) (count int, err error) { - ioDesc := PtraceIoDesc{Op: int32(req), Offs: uintptr(unsafe.Pointer(addr)), Addr: uintptr(unsafe.Pointer(&out[0])), Len: uint32(countin)} +func PtraceIO(req int, pid int, offs uintptr, out []byte, countin int) (count int, err error) { + ioDesc := PtraceIoDesc{ + Op: int32(req), + Offs: offs, + Addr: uintptr(unsafe.Pointer(&out[0])), // TODO(#58351): this is not safe. + Len: uint32(countin), + } err = ptrace(PT_IO, pid, uintptr(unsafe.Pointer(&ioDesc)), 0) return int(ioDesc.Len), err } diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go b/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go index 9ed8eec6c287..48110a0abb92 100644 --- a/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go +++ b/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go @@ -60,8 +60,13 @@ func PtraceGetFsBase(pid int, fsbase *int64) (err error) { return ptrace(PT_GETFSBASE, pid, uintptr(unsafe.Pointer(fsbase)), 0) } -func PtraceIO(req int, pid int, addr uintptr, out []byte, countin int) (count int, err error) { - ioDesc := PtraceIoDesc{Op: int32(req), Offs: uintptr(unsafe.Pointer(addr)), Addr: uintptr(unsafe.Pointer(&out[0])), Len: uint64(countin)} +func PtraceIO(req int, pid int, offs uintptr, out []byte, countin int) (count int, err error) { + ioDesc := PtraceIoDesc{ + Op: int32(req), + Offs: offs, + Addr: uintptr(unsafe.Pointer(&out[0])), // TODO(#58351): this is not safe. + Len: uint64(countin), + } err = ptrace(PT_IO, pid, uintptr(unsafe.Pointer(&ioDesc)), 0) return int(ioDesc.Len), err } diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go b/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go index f8ac98247905..52f1d4b75a35 100644 --- a/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go +++ b/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go @@ -56,8 +56,13 @@ func sendfile(outfd int, infd int, offset *int64, count int) (written int, err e func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err syscall.Errno) -func PtraceIO(req int, pid int, addr uintptr, out []byte, countin int) (count int, err error) { - ioDesc := PtraceIoDesc{Op: int32(req), Offs: uintptr(unsafe.Pointer(addr)), Addr: uintptr(unsafe.Pointer(&out[0])), Len: uint32(countin)} +func PtraceIO(req int, pid int, offs uintptr, out []byte, countin int) (count int, err error) { + ioDesc := PtraceIoDesc{ + Op: int32(req), + Offs: offs, + Addr: uintptr(unsafe.Pointer(&out[0])), // TODO(#58351): this is not safe. + Len: uint32(countin), + } err = ptrace(PT_IO, pid, uintptr(unsafe.Pointer(&ioDesc)), 0) return int(ioDesc.Len), err } diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go b/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go index 8e932036ec37..5537ee4f2ede 100644 --- a/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go +++ b/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go @@ -56,8 +56,13 @@ func sendfile(outfd int, infd int, offset *int64, count int) (written int, err e func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err syscall.Errno) -func PtraceIO(req int, pid int, addr uintptr, out []byte, countin int) (count int, err error) { - ioDesc := PtraceIoDesc{Op: int32(req), Offs: uintptr(unsafe.Pointer(addr)), Addr: uintptr(unsafe.Pointer(&out[0])), Len: uint64(countin)} +func PtraceIO(req int, pid int, offs uintptr, out []byte, countin int) (count int, err error) { + ioDesc := PtraceIoDesc{ + Op: int32(req), + Offs: offs, + Addr: uintptr(unsafe.Pointer(&out[0])), // TODO(#58351): this is not safe. + Len: uint64(countin), + } err = ptrace(PT_IO, pid, uintptr(unsafe.Pointer(&ioDesc)), 0) return int(ioDesc.Len), err } diff --git a/vendor/golang.org/x/sys/unix/syscall_freebsd_riscv64.go b/vendor/golang.org/x/sys/unix/syscall_freebsd_riscv64.go index cbe12227896b..164abd5d2152 100644 --- a/vendor/golang.org/x/sys/unix/syscall_freebsd_riscv64.go +++ b/vendor/golang.org/x/sys/unix/syscall_freebsd_riscv64.go @@ -56,8 +56,13 @@ func sendfile(outfd int, infd int, offset *int64, count int) (written int, err e func Syscall9(num, a1, a2, a3, a4, a5, a6, a7, a8, a9 uintptr) (r1, r2 uintptr, err syscall.Errno) -func PtraceIO(req int, pid int, addr uintptr, out []byte, countin int) (count int, err error) { - ioDesc := PtraceIoDesc{Op: int32(req), Offs: uintptr(unsafe.Pointer(addr)), Addr: uintptr(unsafe.Pointer(&out[0])), Len: uint64(countin)} +func PtraceIO(req int, pid int, offs uintptr, out []byte, countin int) (count int, err error) { + ioDesc := PtraceIoDesc{ + Op: int32(req), + Offs: offs, + Addr: uintptr(unsafe.Pointer(&out[0])), // TODO(#58351): this is not safe. + Len: uint64(countin), + } err = ptrace(PT_IO, pid, uintptr(unsafe.Pointer(&ioDesc)), 0) return int(ioDesc.Len), err } diff --git a/vendor/golang.org/x/sys/unix/syscall_linux.go b/vendor/golang.org/x/sys/unix/syscall_linux.go index d839962e6633..5443dddd48d6 100644 --- a/vendor/golang.org/x/sys/unix/syscall_linux.go +++ b/vendor/golang.org/x/sys/unix/syscall_linux.go @@ -1800,6 +1800,7 @@ func Sendfile(outfd int, infd int, offset *int64, count int) (written int, err e //sysnb Capset(hdr *CapUserHeader, data *CapUserData) (err error) //sys Chdir(path string) (err error) //sys Chroot(path string) (err error) +//sys ClockAdjtime(clockid int32, buf *Timex) (state int, err error) //sys ClockGetres(clockid int32, res *Timespec) (err error) //sys ClockGettime(clockid int32, time *Timespec) (err error) //sys ClockNanosleep(clockid int32, flags int, request *Timespec, remain *Timespec) (err error) @@ -1999,7 +2000,7 @@ func appendBytes(vecs []Iovec, bs [][]byte) []Iovec { // offs2lohi splits offs into its low and high order bits. func offs2lohi(offs int64) (lo, hi uintptr) { const longBits = SizeofLong * 8 - return uintptr(offs), uintptr(uint64(offs) >> longBits) + return uintptr(offs), uintptr(uint64(offs) >> (longBits - 1) >> 1) // two shifts to avoid false positive in vet } func Readv(fd int, iovs [][]byte) (n int, err error) { diff --git a/vendor/golang.org/x/sys/unix/syscall_unix.go b/vendor/golang.org/x/sys/unix/syscall_unix.go index a386f8897df3..00f0aa375889 100644 --- a/vendor/golang.org/x/sys/unix/syscall_unix.go +++ b/vendor/golang.org/x/sys/unix/syscall_unix.go @@ -578,7 +578,7 @@ func Lutimes(path string, tv []Timeval) error { return UtimesNanoAt(AT_FDCWD, path, ts, AT_SYMLINK_NOFOLLOW) } -// emptyIovec reports whether there are no bytes in the slice of Iovec. +// emptyIovecs reports whether there are no bytes in the slice of Iovec. func emptyIovecs(iov []Iovec) bool { for i := range iov { if iov[i].Len > 0 { diff --git a/vendor/golang.org/x/sys/unix/timestruct.go b/vendor/golang.org/x/sys/unix/timestruct.go index 3d893040553b..616b1b284858 100644 --- a/vendor/golang.org/x/sys/unix/timestruct.go +++ b/vendor/golang.org/x/sys/unix/timestruct.go @@ -9,7 +9,7 @@ package unix import "time" -// TimespecToNSec returns the time stored in ts as nanoseconds. +// TimespecToNsec returns the time stored in ts as nanoseconds. func TimespecToNsec(ts Timespec) int64 { return ts.Nano() } // NsecToTimespec converts a number of nanoseconds into a Timespec. diff --git a/vendor/golang.org/x/sys/unix/xattr_bsd.go b/vendor/golang.org/x/sys/unix/xattr_bsd.go index 663b3779de2d..f5f8e9f3665e 100644 --- a/vendor/golang.org/x/sys/unix/xattr_bsd.go +++ b/vendor/golang.org/x/sys/unix/xattr_bsd.go @@ -36,9 +36,14 @@ func xattrnamespace(fullattr string) (ns int, attr string, err error) { func initxattrdest(dest []byte, idx int) (d unsafe.Pointer) { if len(dest) > idx { return unsafe.Pointer(&dest[idx]) - } else { - return unsafe.Pointer(_zero) } + if dest != nil { + // extattr_get_file and extattr_list_file treat NULL differently from + // a non-NULL pointer of length zero. Preserve the property of nilness, + // even if we can't use dest directly. + return unsafe.Pointer(&_zero) + } + return nil } // FreeBSD and NetBSD implement their own syscalls to handle extended attributes diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux.go b/vendor/golang.org/x/sys/unix/zerrors_linux.go index 785d693eb328..e174685adbd8 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux.go @@ -457,7 +457,6 @@ const ( B600 = 0x8 B75 = 0x2 B9600 = 0xd - BALLOON_KVM_MAGIC = 0x13661366 BDEVFS_MAGIC = 0x62646576 BINDERFS_SUPER_MAGIC = 0x6c6f6f70 BINFMTFS_MAGIC = 0x42494e4d @@ -563,6 +562,7 @@ const ( BUS_USB = 0x3 BUS_VIRTUAL = 0x6 CAN_BCM = 0x2 + CAN_BUS_OFF_THRESHOLD = 0x100 CAN_CTRLMODE_3_SAMPLES = 0x4 CAN_CTRLMODE_BERR_REPORTING = 0x10 CAN_CTRLMODE_CC_LEN8_DLC = 0x100 @@ -577,9 +577,12 @@ const ( CAN_EFF_FLAG = 0x80000000 CAN_EFF_ID_BITS = 0x1d CAN_EFF_MASK = 0x1fffffff + CAN_ERROR_PASSIVE_THRESHOLD = 0x80 + CAN_ERROR_WARNING_THRESHOLD = 0x60 CAN_ERR_ACK = 0x20 CAN_ERR_BUSERROR = 0x80 CAN_ERR_BUSOFF = 0x40 + CAN_ERR_CNT = 0x200 CAN_ERR_CRTL = 0x4 CAN_ERR_CRTL_ACTIVE = 0x40 CAN_ERR_CRTL_RX_OVERFLOW = 0x1 @@ -820,9 +823,9 @@ const ( DM_UUID_FLAG = 0x4000 DM_UUID_LEN = 0x81 DM_VERSION = 0xc138fd00 - DM_VERSION_EXTRA = "-ioctl (2022-02-22)" + DM_VERSION_EXTRA = "-ioctl (2022-07-28)" DM_VERSION_MAJOR = 0x4 - DM_VERSION_MINOR = 0x2e + DM_VERSION_MINOR = 0x2f DM_VERSION_PATCHLEVEL = 0x0 DT_BLK = 0x6 DT_CHR = 0x2 @@ -1049,6 +1052,7 @@ const ( ETH_P_CAIF = 0xf7 ETH_P_CAN = 0xc ETH_P_CANFD = 0xd + ETH_P_CANXL = 0xe ETH_P_CFM = 0x8902 ETH_P_CONTROL = 0x16 ETH_P_CUST = 0x6006 @@ -1060,6 +1064,7 @@ const ( ETH_P_DNA_RT = 0x6003 ETH_P_DSA = 0x1b ETH_P_DSA_8021Q = 0xdadb + ETH_P_DSA_A5PSW = 0xe001 ETH_P_ECONET = 0x18 ETH_P_EDSA = 0xdada ETH_P_ERSPAN = 0x88be @@ -1194,8 +1199,10 @@ const ( FAN_MARK_EVICTABLE = 0x200 FAN_MARK_FILESYSTEM = 0x100 FAN_MARK_FLUSH = 0x80 + FAN_MARK_IGNORE = 0x400 FAN_MARK_IGNORED_MASK = 0x20 FAN_MARK_IGNORED_SURV_MODIFY = 0x40 + FAN_MARK_IGNORE_SURV = 0x440 FAN_MARK_INODE = 0x0 FAN_MARK_MOUNT = 0x10 FAN_MARK_ONLYDIR = 0x8 @@ -1253,6 +1260,7 @@ const ( FSCRYPT_MODE_AES_128_CBC = 0x5 FSCRYPT_MODE_AES_128_CTS = 0x6 FSCRYPT_MODE_AES_256_CTS = 0x4 + FSCRYPT_MODE_AES_256_HCTR2 = 0xa FSCRYPT_MODE_AES_256_XTS = 0x1 FSCRYPT_POLICY_FLAGS_PAD_16 = 0x2 FSCRYPT_POLICY_FLAGS_PAD_32 = 0x3 @@ -1430,6 +1438,7 @@ const ( IFF_NOARP = 0x80 IFF_NOFILTER = 0x1000 IFF_NOTRAILERS = 0x20 + IFF_NO_CARRIER = 0x40 IFF_NO_PI = 0x1000 IFF_ONE_QUEUE = 0x2000 IFF_PERSIST = 0x800 @@ -1805,6 +1814,7 @@ const ( MADV_DONTDUMP = 0x10 MADV_DONTFORK = 0xa MADV_DONTNEED = 0x4 + MADV_DONTNEED_LOCKED = 0x18 MADV_FREE = 0x8 MADV_HUGEPAGE = 0xe MADV_HWPOISON = 0x64 @@ -1846,7 +1856,7 @@ const ( MFD_ALLOW_SEALING = 0x2 MFD_CLOEXEC = 0x1 MFD_HUGETLB = 0x4 - MFD_HUGE_16GB = -0x78000000 + MFD_HUGE_16GB = 0x88000000 MFD_HUGE_16MB = 0x60000000 MFD_HUGE_1GB = 0x78000000 MFD_HUGE_1MB = 0x50000000 @@ -2212,6 +2222,11 @@ const ( PERF_AUX_FLAG_PARTIAL = 0x4 PERF_AUX_FLAG_PMU_FORMAT_TYPE_MASK = 0xff00 PERF_AUX_FLAG_TRUNCATED = 0x1 + PERF_BR_ARM64_DEBUG_DATA = 0x7 + PERF_BR_ARM64_DEBUG_EXIT = 0x5 + PERF_BR_ARM64_DEBUG_HALT = 0x4 + PERF_BR_ARM64_DEBUG_INST = 0x6 + PERF_BR_ARM64_FIQ = 0x3 PERF_FLAG_FD_CLOEXEC = 0x8 PERF_FLAG_FD_NO_GROUP = 0x1 PERF_FLAG_FD_OUTPUT = 0x2 @@ -2232,6 +2247,8 @@ const ( PERF_MEM_LOCK_NA = 0x1 PERF_MEM_LOCK_SHIFT = 0x18 PERF_MEM_LVLNUM_ANY_CACHE = 0xb + PERF_MEM_LVLNUM_CXL = 0x9 + PERF_MEM_LVLNUM_IO = 0xa PERF_MEM_LVLNUM_L1 = 0x1 PERF_MEM_LVLNUM_L2 = 0x2 PERF_MEM_LVLNUM_L3 = 0x3 @@ -2265,6 +2282,7 @@ const ( PERF_MEM_REMOTE_REMOTE = 0x1 PERF_MEM_REMOTE_SHIFT = 0x25 PERF_MEM_SNOOPX_FWD = 0x1 + PERF_MEM_SNOOPX_PEER = 0x2 PERF_MEM_SNOOPX_SHIFT = 0x26 PERF_MEM_SNOOP_HIT = 0x4 PERF_MEM_SNOOP_HITM = 0x10 @@ -2301,7 +2319,6 @@ const ( PERF_SAMPLE_BRANCH_PLM_ALL = 0x7 PERF_SAMPLE_WEIGHT_TYPE = 0x1004000 PIPEFS_MAGIC = 0x50495045 - PPC_CMM_MAGIC = 0xc7571590 PPPIOCGNPMODE = 0xc008744c PPPIOCNEWUNIT = 0xc004743e PRIO_PGRP = 0x1 @@ -2999,6 +3016,7 @@ const ( STATX_BLOCKS = 0x400 STATX_BTIME = 0x800 STATX_CTIME = 0x80 + STATX_DIOALIGN = 0x2000 STATX_GID = 0x10 STATX_INO = 0x100 STATX_MNT_ID = 0x1000 @@ -3392,9 +3410,7 @@ const ( XDP_ZEROCOPY = 0x4 XENFS_SUPER_MAGIC = 0xabba1974 XFS_SUPER_MAGIC = 0x58465342 - Z3FOLD_MAGIC = 0x33 ZONEFS_MAGIC = 0x5a4f4653 - ZSMALLOC_MAGIC = 0x58295829 _HIDIOCGRAWNAME_LEN = 0x80 _HIDIOCGRAWPHYS_LEN = 0x40 _HIDIOCGRAWUNIQ_LEN = 0x40 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_386.go b/vendor/golang.org/x/sys/unix/zerrors_linux_386.go index 36c0dfc7c4cf..a46df0f1e57a 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_386.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_386.go @@ -133,6 +133,7 @@ const ( MEMGETREGIONCOUNT = 0x80044d07 MEMISLOCKED = 0x80084d17 MEMLOCK = 0x40084d05 + MEMREAD = 0xc03c4d1a MEMREADOOB = 0xc00c4d04 MEMSETBADBLOCK = 0x40084d0c MEMUNLOCK = 0x40084d06 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go index 4ff942703b7b..6cd4a3ea9d33 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go @@ -133,6 +133,7 @@ const ( MEMGETREGIONCOUNT = 0x80044d07 MEMISLOCKED = 0x80084d17 MEMLOCK = 0x40084d05 + MEMREAD = 0xc0404d1a MEMREADOOB = 0xc0104d04 MEMSETBADBLOCK = 0x40084d0c MEMUNLOCK = 0x40084d06 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go b/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go index 3eaa0fb78e30..c7ebee24df3f 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go @@ -131,6 +131,7 @@ const ( MEMGETREGIONCOUNT = 0x80044d07 MEMISLOCKED = 0x80084d17 MEMLOCK = 0x40084d05 + MEMREAD = 0xc0404d1a MEMREADOOB = 0xc00c4d04 MEMSETBADBLOCK = 0x40084d0c MEMUNLOCK = 0x40084d06 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go index d7995bdc3a21..9d5352c3e45e 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go @@ -134,6 +134,7 @@ const ( MEMGETREGIONCOUNT = 0x80044d07 MEMISLOCKED = 0x80084d17 MEMLOCK = 0x40084d05 + MEMREAD = 0xc0404d1a MEMREADOOB = 0xc0104d04 MEMSETBADBLOCK = 0x40084d0c MEMUNLOCK = 0x40084d06 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go index 928e24c20535..f26a164f4aab 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go @@ -132,6 +132,7 @@ const ( MEMGETREGIONCOUNT = 0x80044d07 MEMISLOCKED = 0x80084d17 MEMLOCK = 0x40084d05 + MEMREAD = 0xc0404d1a MEMREADOOB = 0xc0104d04 MEMSETBADBLOCK = 0x40084d0c MEMUNLOCK = 0x40084d06 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go index 179bffb474b4..890bc3c9b706 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go @@ -131,6 +131,7 @@ const ( MEMGETREGIONCOUNT = 0x40044d07 MEMISLOCKED = 0x40084d17 MEMLOCK = 0x80084d05 + MEMREAD = 0xc0404d1a MEMREADOOB = 0xc00c4d04 MEMSETBADBLOCK = 0x80084d0c MEMUNLOCK = 0x80084d06 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go index 1fba17bd75cb..549f26ac6466 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go @@ -131,6 +131,7 @@ const ( MEMGETREGIONCOUNT = 0x40044d07 MEMISLOCKED = 0x40084d17 MEMLOCK = 0x80084d05 + MEMREAD = 0xc0404d1a MEMREADOOB = 0xc0104d04 MEMSETBADBLOCK = 0x80084d0c MEMUNLOCK = 0x80084d06 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go index b77dde31537e..e0365e32c174 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go @@ -131,6 +131,7 @@ const ( MEMGETREGIONCOUNT = 0x40044d07 MEMISLOCKED = 0x40084d17 MEMLOCK = 0x80084d05 + MEMREAD = 0xc0404d1a MEMREADOOB = 0xc0104d04 MEMSETBADBLOCK = 0x80084d0c MEMUNLOCK = 0x80084d06 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go b/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go index 78c6c751bfa5..fdccce15ca20 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go @@ -131,6 +131,7 @@ const ( MEMGETREGIONCOUNT = 0x40044d07 MEMISLOCKED = 0x40084d17 MEMLOCK = 0x80084d05 + MEMREAD = 0xc0404d1a MEMREADOOB = 0xc00c4d04 MEMSETBADBLOCK = 0x80084d0c MEMUNLOCK = 0x80084d06 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go index 1c0d31f0b4c2..b2205c83faa1 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go @@ -131,6 +131,7 @@ const ( MEMGETREGIONCOUNT = 0x40044d07 MEMISLOCKED = 0x40084d17 MEMLOCK = 0x80084d05 + MEMREAD = 0xc0404d1a MEMREADOOB = 0xc00c4d04 MEMSETBADBLOCK = 0x80084d0c MEMUNLOCK = 0x80084d06 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go index 959dd9bb8fcc..81aa5ad0f695 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go @@ -131,6 +131,7 @@ const ( MEMGETREGIONCOUNT = 0x40044d07 MEMISLOCKED = 0x40084d17 MEMLOCK = 0x80084d05 + MEMREAD = 0xc0404d1a MEMREADOOB = 0xc0104d04 MEMSETBADBLOCK = 0x80084d0c MEMUNLOCK = 0x80084d06 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go index 5a873cdbc9d2..76807a1fd4f7 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go @@ -131,6 +131,7 @@ const ( MEMGETREGIONCOUNT = 0x40044d07 MEMISLOCKED = 0x40084d17 MEMLOCK = 0x80084d05 + MEMREAD = 0xc0404d1a MEMREADOOB = 0xc0104d04 MEMSETBADBLOCK = 0x80084d0c MEMUNLOCK = 0x80084d06 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go index e336d141e1f1..d4a5ab9e4e06 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go @@ -131,6 +131,7 @@ const ( MEMGETREGIONCOUNT = 0x80044d07 MEMISLOCKED = 0x80084d17 MEMLOCK = 0x40084d05 + MEMREAD = 0xc0404d1a MEMREADOOB = 0xc0104d04 MEMSETBADBLOCK = 0x40084d0c MEMUNLOCK = 0x40084d06 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go b/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go index 390c01d92a53..66e65db95192 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go @@ -131,6 +131,7 @@ const ( MEMGETREGIONCOUNT = 0x80044d07 MEMISLOCKED = 0x80084d17 MEMLOCK = 0x40084d05 + MEMREAD = 0xc0404d1a MEMREADOOB = 0xc0104d04 MEMSETBADBLOCK = 0x40084d0c MEMUNLOCK = 0x40084d06 diff --git a/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go b/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go index 98a6e5f11f50..f619252691e2 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go @@ -136,6 +136,7 @@ const ( MEMGETREGIONCOUNT = 0x40044d07 MEMISLOCKED = 0x40084d17 MEMLOCK = 0x80084d05 + MEMREAD = 0xc0404d1a MEMREADOOB = 0xc0104d04 MEMSETBADBLOCK = 0x80084d0c MEMUNLOCK = 0x80084d06 diff --git a/vendor/golang.org/x/sys/unix/zsyscall_linux.go b/vendor/golang.org/x/sys/unix/zsyscall_linux.go index 293cf36804e9..36ea3a55b72b 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_linux.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_linux.go @@ -537,6 +537,17 @@ func Chroot(path string) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func ClockAdjtime(clockid int32, buf *Timex) (state int, err error) { + r0, _, e1 := Syscall(SYS_CLOCK_ADJTIME, uintptr(clockid), uintptr(unsafe.Pointer(buf)), 0) + state = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func ClockGetres(clockid int32, res *Timespec) (err error) { _, _, e1 := Syscall(SYS_CLOCK_GETRES, uintptr(clockid), uintptr(unsafe.Pointer(res)), 0) if e1 != 0 { diff --git a/vendor/golang.org/x/sys/unix/ztypes_linux.go b/vendor/golang.org/x/sys/unix/ztypes_linux.go index ff6881167d97..7d9fc8f1c91a 100644 --- a/vendor/golang.org/x/sys/unix/ztypes_linux.go +++ b/vendor/golang.org/x/sys/unix/ztypes_linux.go @@ -29,6 +29,41 @@ type Itimerval struct { Value Timeval } +const ( + ADJ_OFFSET = 0x1 + ADJ_FREQUENCY = 0x2 + ADJ_MAXERROR = 0x4 + ADJ_ESTERROR = 0x8 + ADJ_STATUS = 0x10 + ADJ_TIMECONST = 0x20 + ADJ_TAI = 0x80 + ADJ_SETOFFSET = 0x100 + ADJ_MICRO = 0x1000 + ADJ_NANO = 0x2000 + ADJ_TICK = 0x4000 + ADJ_OFFSET_SINGLESHOT = 0x8001 + ADJ_OFFSET_SS_READ = 0xa001 +) + +const ( + STA_PLL = 0x1 + STA_PPSFREQ = 0x2 + STA_PPSTIME = 0x4 + STA_FLL = 0x8 + STA_INS = 0x10 + STA_DEL = 0x20 + STA_UNSYNC = 0x40 + STA_FREQHOLD = 0x80 + STA_PPSSIGNAL = 0x100 + STA_PPSJITTER = 0x200 + STA_PPSWANDER = 0x400 + STA_PPSERROR = 0x800 + STA_CLOCKERR = 0x1000 + STA_NANO = 0x2000 + STA_MODE = 0x4000 + STA_CLK = 0x8000 +) + const ( TIME_OK = 0x0 TIME_INS = 0x1 @@ -53,29 +88,30 @@ type StatxTimestamp struct { } type Statx_t struct { - Mask uint32 - Blksize uint32 - Attributes uint64 - Nlink uint32 - Uid uint32 - Gid uint32 - Mode uint16 - _ [1]uint16 - Ino uint64 - Size uint64 - Blocks uint64 - Attributes_mask uint64 - Atime StatxTimestamp - Btime StatxTimestamp - Ctime StatxTimestamp - Mtime StatxTimestamp - Rdev_major uint32 - Rdev_minor uint32 - Dev_major uint32 - Dev_minor uint32 - Mnt_id uint64 - _ uint64 - _ [12]uint64 + Mask uint32 + Blksize uint32 + Attributes uint64 + Nlink uint32 + Uid uint32 + Gid uint32 + Mode uint16 + _ [1]uint16 + Ino uint64 + Size uint64 + Blocks uint64 + Attributes_mask uint64 + Atime StatxTimestamp + Btime StatxTimestamp + Ctime StatxTimestamp + Mtime StatxTimestamp + Rdev_major uint32 + Rdev_minor uint32 + Dev_major uint32 + Dev_minor uint32 + Mnt_id uint64 + Dio_mem_align uint32 + Dio_offset_align uint32 + _ [12]uint64 } type Fsid struct { @@ -1099,7 +1135,8 @@ const ( PERF_SAMPLE_BRANCH_NO_CYCLES_SHIFT = 0xf PERF_SAMPLE_BRANCH_TYPE_SAVE_SHIFT = 0x10 PERF_SAMPLE_BRANCH_HW_INDEX_SHIFT = 0x11 - PERF_SAMPLE_BRANCH_MAX_SHIFT = 0x12 + PERF_SAMPLE_BRANCH_PRIV_SAVE_SHIFT = 0x12 + PERF_SAMPLE_BRANCH_MAX_SHIFT = 0x13 PERF_SAMPLE_BRANCH_USER = 0x1 PERF_SAMPLE_BRANCH_KERNEL = 0x2 PERF_SAMPLE_BRANCH_HV = 0x4 @@ -1118,7 +1155,8 @@ const ( PERF_SAMPLE_BRANCH_NO_CYCLES = 0x8000 PERF_SAMPLE_BRANCH_TYPE_SAVE = 0x10000 PERF_SAMPLE_BRANCH_HW_INDEX = 0x20000 - PERF_SAMPLE_BRANCH_MAX = 0x40000 + PERF_SAMPLE_BRANCH_PRIV_SAVE = 0x40000 + PERF_SAMPLE_BRANCH_MAX = 0x80000 PERF_BR_UNKNOWN = 0x0 PERF_BR_COND = 0x1 PERF_BR_UNCOND = 0x2 @@ -1132,7 +1170,10 @@ const ( PERF_BR_COND_RET = 0xa PERF_BR_ERET = 0xb PERF_BR_IRQ = 0xc - PERF_BR_MAX = 0xd + PERF_BR_SERROR = 0xd + PERF_BR_NO_TX = 0xe + PERF_BR_EXTEND_ABI = 0xf + PERF_BR_MAX = 0x10 PERF_SAMPLE_REGS_ABI_NONE = 0x0 PERF_SAMPLE_REGS_ABI_32 = 0x1 PERF_SAMPLE_REGS_ABI_64 = 0x2 @@ -1151,7 +1192,8 @@ const ( PERF_FORMAT_TOTAL_TIME_RUNNING = 0x2 PERF_FORMAT_ID = 0x4 PERF_FORMAT_GROUP = 0x8 - PERF_FORMAT_MAX = 0x10 + PERF_FORMAT_LOST = 0x10 + PERF_FORMAT_MAX = 0x20 PERF_IOC_FLAG_GROUP = 0x1 PERF_RECORD_MMAP = 0x1 PERF_RECORD_LOST = 0x2 @@ -2979,7 +3021,16 @@ const ( DEVLINK_CMD_TRAP_POLICER_NEW = 0x47 DEVLINK_CMD_TRAP_POLICER_DEL = 0x48 DEVLINK_CMD_HEALTH_REPORTER_TEST = 0x49 - DEVLINK_CMD_MAX = 0x51 + DEVLINK_CMD_RATE_GET = 0x4a + DEVLINK_CMD_RATE_SET = 0x4b + DEVLINK_CMD_RATE_NEW = 0x4c + DEVLINK_CMD_RATE_DEL = 0x4d + DEVLINK_CMD_LINECARD_GET = 0x4e + DEVLINK_CMD_LINECARD_SET = 0x4f + DEVLINK_CMD_LINECARD_NEW = 0x50 + DEVLINK_CMD_LINECARD_DEL = 0x51 + DEVLINK_CMD_SELFTESTS_GET = 0x52 + DEVLINK_CMD_MAX = 0x53 DEVLINK_PORT_TYPE_NOTSET = 0x0 DEVLINK_PORT_TYPE_AUTO = 0x1 DEVLINK_PORT_TYPE_ETH = 0x2 @@ -3208,7 +3259,13 @@ const ( DEVLINK_ATTR_RATE_NODE_NAME = 0xa8 DEVLINK_ATTR_RATE_PARENT_NODE_NAME = 0xa9 DEVLINK_ATTR_REGION_MAX_SNAPSHOTS = 0xaa - DEVLINK_ATTR_MAX = 0xae + DEVLINK_ATTR_LINECARD_INDEX = 0xab + DEVLINK_ATTR_LINECARD_STATE = 0xac + DEVLINK_ATTR_LINECARD_TYPE = 0xad + DEVLINK_ATTR_LINECARD_SUPPORTED_TYPES = 0xae + DEVLINK_ATTR_NESTED_DEVLINK = 0xaf + DEVLINK_ATTR_SELFTESTS = 0xb0 + DEVLINK_ATTR_MAX = 0xb0 DEVLINK_DPIPE_FIELD_MAPPING_TYPE_NONE = 0x0 DEVLINK_DPIPE_FIELD_MAPPING_TYPE_IFINDEX = 0x1 DEVLINK_DPIPE_MATCH_TYPE_FIELD_EXACT = 0x0 @@ -3317,7 +3374,8 @@ const ( LWTUNNEL_ENCAP_SEG6_LOCAL = 0x7 LWTUNNEL_ENCAP_RPL = 0x8 LWTUNNEL_ENCAP_IOAM6 = 0x9 - LWTUNNEL_ENCAP_MAX = 0x9 + LWTUNNEL_ENCAP_XFRM = 0xa + LWTUNNEL_ENCAP_MAX = 0xa MPLS_IPTUNNEL_UNSPEC = 0x0 MPLS_IPTUNNEL_DST = 0x1 @@ -3512,7 +3570,9 @@ const ( ETHTOOL_MSG_PHC_VCLOCKS_GET = 0x21 ETHTOOL_MSG_MODULE_GET = 0x22 ETHTOOL_MSG_MODULE_SET = 0x23 - ETHTOOL_MSG_USER_MAX = 0x23 + ETHTOOL_MSG_PSE_GET = 0x24 + ETHTOOL_MSG_PSE_SET = 0x25 + ETHTOOL_MSG_USER_MAX = 0x25 ETHTOOL_MSG_KERNEL_NONE = 0x0 ETHTOOL_MSG_STRSET_GET_REPLY = 0x1 ETHTOOL_MSG_LINKINFO_GET_REPLY = 0x2 @@ -3550,7 +3610,8 @@ const ( ETHTOOL_MSG_PHC_VCLOCKS_GET_REPLY = 0x22 ETHTOOL_MSG_MODULE_GET_REPLY = 0x23 ETHTOOL_MSG_MODULE_NTF = 0x24 - ETHTOOL_MSG_KERNEL_MAX = 0x24 + ETHTOOL_MSG_PSE_GET_REPLY = 0x25 + ETHTOOL_MSG_KERNEL_MAX = 0x25 ETHTOOL_A_HEADER_UNSPEC = 0x0 ETHTOOL_A_HEADER_DEV_INDEX = 0x1 ETHTOOL_A_HEADER_DEV_NAME = 0x2 @@ -3609,7 +3670,8 @@ const ( ETHTOOL_A_LINKMODES_MASTER_SLAVE_CFG = 0x7 ETHTOOL_A_LINKMODES_MASTER_SLAVE_STATE = 0x8 ETHTOOL_A_LINKMODES_LANES = 0x9 - ETHTOOL_A_LINKMODES_MAX = 0x9 + ETHTOOL_A_LINKMODES_RATE_MATCHING = 0xa + ETHTOOL_A_LINKMODES_MAX = 0xa ETHTOOL_A_LINKSTATE_UNSPEC = 0x0 ETHTOOL_A_LINKSTATE_HEADER = 0x1 ETHTOOL_A_LINKSTATE_LINK = 0x2 @@ -4201,6 +4263,9 @@ const ( NL80211_ACL_POLICY_DENY_UNLESS_LISTED = 0x1 NL80211_AC_VI = 0x1 NL80211_AC_VO = 0x0 + NL80211_AP_SETTINGS_EXTERNAL_AUTH_SUPPORT = 0x1 + NL80211_AP_SETTINGS_SA_QUERY_OFFLOAD_SUPPORT = 0x2 + NL80211_AP_SME_SA_QUERY_OFFLOAD = 0x1 NL80211_ATTR_4ADDR = 0x53 NL80211_ATTR_ACK = 0x5c NL80211_ATTR_ACK_SIGNAL = 0x107 @@ -4209,6 +4274,7 @@ const ( NL80211_ATTR_AIRTIME_WEIGHT = 0x112 NL80211_ATTR_AKM_SUITES = 0x4c NL80211_ATTR_AP_ISOLATE = 0x60 + NL80211_ATTR_AP_SETTINGS_FLAGS = 0x135 NL80211_ATTR_AUTH_DATA = 0x9c NL80211_ATTR_AUTH_TYPE = 0x35 NL80211_ATTR_BANDS = 0xef @@ -4240,6 +4306,9 @@ const ( NL80211_ATTR_COALESCE_RULE_DELAY = 0x1 NL80211_ATTR_COALESCE_RULE_MAX = 0x3 NL80211_ATTR_COALESCE_RULE_PKT_PATTERN = 0x3 + NL80211_ATTR_COLOR_CHANGE_COLOR = 0x130 + NL80211_ATTR_COLOR_CHANGE_COUNT = 0x12f + NL80211_ATTR_COLOR_CHANGE_ELEMS = 0x131 NL80211_ATTR_CONN_FAILED_REASON = 0x9b NL80211_ATTR_CONTROL_PORT = 0x44 NL80211_ATTR_CONTROL_PORT_ETHERTYPE = 0x66 @@ -4266,6 +4335,7 @@ const ( NL80211_ATTR_DEVICE_AP_SME = 0x8d NL80211_ATTR_DFS_CAC_TIME = 0x7 NL80211_ATTR_DFS_REGION = 0x92 + NL80211_ATTR_DISABLE_EHT = 0x137 NL80211_ATTR_DISABLE_HE = 0x12d NL80211_ATTR_DISABLE_HT = 0x93 NL80211_ATTR_DISABLE_VHT = 0xaf @@ -4273,6 +4343,8 @@ const ( NL80211_ATTR_DONT_WAIT_FOR_ACK = 0x8e NL80211_ATTR_DTIM_PERIOD = 0xd NL80211_ATTR_DURATION = 0x57 + NL80211_ATTR_EHT_CAPABILITY = 0x136 + NL80211_ATTR_EML_CAPABILITY = 0x13d NL80211_ATTR_EXT_CAPA = 0xa9 NL80211_ATTR_EXT_CAPA_MASK = 0xaa NL80211_ATTR_EXTERNAL_AUTH_ACTION = 0x104 @@ -4337,10 +4409,11 @@ const ( NL80211_ATTR_MAC_HINT = 0xc8 NL80211_ATTR_MAC_MASK = 0xd7 NL80211_ATTR_MAX_AP_ASSOC_STA = 0xca - NL80211_ATTR_MAX = 0x137 + NL80211_ATTR_MAX = 0x140 NL80211_ATTR_MAX_CRIT_PROT_DURATION = 0xb4 NL80211_ATTR_MAX_CSA_COUNTERS = 0xce NL80211_ATTR_MAX_MATCH_SETS = 0x85 + NL80211_ATTR_MAX_NUM_AKM_SUITES = 0x13c NL80211_ATTR_MAX_NUM_PMKIDS = 0x56 NL80211_ATTR_MAX_NUM_SCAN_SSIDS = 0x2b NL80211_ATTR_MAX_NUM_SCHED_SCAN_PLANS = 0xde @@ -4350,6 +4423,8 @@ const ( NL80211_ATTR_MAX_SCAN_PLAN_INTERVAL = 0xdf NL80211_ATTR_MAX_SCAN_PLAN_ITERATIONS = 0xe0 NL80211_ATTR_MAX_SCHED_SCAN_IE_LEN = 0x7c + NL80211_ATTR_MBSSID_CONFIG = 0x132 + NL80211_ATTR_MBSSID_ELEMS = 0x133 NL80211_ATTR_MCAST_RATE = 0x6b NL80211_ATTR_MDID = 0xb1 NL80211_ATTR_MEASUREMENT_DURATION = 0xeb @@ -4359,6 +4434,11 @@ const ( NL80211_ATTR_MESH_PEER_AID = 0xed NL80211_ATTR_MESH_SETUP = 0x70 NL80211_ATTR_MGMT_SUBTYPE = 0x29 + NL80211_ATTR_MLD_ADDR = 0x13a + NL80211_ATTR_MLD_CAPA_AND_OPS = 0x13e + NL80211_ATTR_MLO_LINK_ID = 0x139 + NL80211_ATTR_MLO_LINKS = 0x138 + NL80211_ATTR_MLO_SUPPORT = 0x13b NL80211_ATTR_MNTR_FLAGS = 0x17 NL80211_ATTR_MPATH_INFO = 0x1b NL80211_ATTR_MPATH_NEXT_HOP = 0x1a @@ -4371,6 +4451,7 @@ const ( NL80211_ATTR_NETNS_FD = 0xdb NL80211_ATTR_NOACK_MAP = 0x95 NL80211_ATTR_NSS = 0x106 + NL80211_ATTR_OBSS_COLOR_BITMAP = 0x12e NL80211_ATTR_OFFCHANNEL_TX_OK = 0x6c NL80211_ATTR_OPER_CLASS = 0xd6 NL80211_ATTR_OPMODE_NOTIF = 0xc2 @@ -4397,6 +4478,7 @@ const ( NL80211_ATTR_PROTOCOL_FEATURES = 0xad NL80211_ATTR_PS_STATE = 0x5d NL80211_ATTR_QOS_MAP = 0xc7 + NL80211_ATTR_RADAR_BACKGROUND = 0x134 NL80211_ATTR_RADAR_EVENT = 0xa8 NL80211_ATTR_REASON_CODE = 0x36 NL80211_ATTR_RECEIVE_MULTICAST = 0x121 @@ -4412,6 +4494,7 @@ const ( NL80211_ATTR_RESP_IE = 0x4e NL80211_ATTR_ROAM_SUPPORT = 0x83 NL80211_ATTR_RX_FRAME_TYPES = 0x64 + NL80211_ATTR_RX_HW_TIMESTAMP = 0x140 NL80211_ATTR_RXMGMT_FLAGS = 0xbc NL80211_ATTR_RX_SIGNAL_DBM = 0x97 NL80211_ATTR_S1G_CAPABILITY = 0x128 @@ -4484,6 +4567,7 @@ const ( NL80211_ATTR_TSID = 0xd2 NL80211_ATTR_TWT_RESPONDER = 0x116 NL80211_ATTR_TX_FRAME_TYPES = 0x63 + NL80211_ATTR_TX_HW_TIMESTAMP = 0x13f NL80211_ATTR_TX_NO_CCK_RATE = 0x87 NL80211_ATTR_TXQ_LIMIT = 0x10a NL80211_ATTR_TXQ_MEMORY_LIMIT = 0x10b @@ -4557,6 +4641,10 @@ const ( NL80211_BAND_ATTR_RATES = 0x2 NL80211_BAND_ATTR_VHT_CAPA = 0x8 NL80211_BAND_ATTR_VHT_MCS_SET = 0x7 + NL80211_BAND_IFTYPE_ATTR_EHT_CAP_MAC = 0x8 + NL80211_BAND_IFTYPE_ATTR_EHT_CAP_MCS_SET = 0xa + NL80211_BAND_IFTYPE_ATTR_EHT_CAP_PHY = 0x9 + NL80211_BAND_IFTYPE_ATTR_EHT_CAP_PPE = 0xb NL80211_BAND_IFTYPE_ATTR_HE_6GHZ_CAPA = 0x6 NL80211_BAND_IFTYPE_ATTR_HE_CAP_MAC = 0x2 NL80211_BAND_IFTYPE_ATTR_HE_CAP_MCS_SET = 0x4 @@ -4564,6 +4652,8 @@ const ( NL80211_BAND_IFTYPE_ATTR_HE_CAP_PPE = 0x5 NL80211_BAND_IFTYPE_ATTR_IFTYPES = 0x1 NL80211_BAND_IFTYPE_ATTR_MAX = 0xb + NL80211_BAND_IFTYPE_ATTR_VENDOR_ELEMS = 0x7 + NL80211_BAND_LC = 0x5 NL80211_BAND_S1GHZ = 0x4 NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE = 0x2 NL80211_BITRATE_ATTR_MAX = 0x2 @@ -4584,7 +4674,9 @@ const ( NL80211_BSS_FREQUENCY_OFFSET = 0x14 NL80211_BSS_INFORMATION_ELEMENTS = 0x6 NL80211_BSS_LAST_SEEN_BOOTTIME = 0xf - NL80211_BSS_MAX = 0x14 + NL80211_BSS_MAX = 0x16 + NL80211_BSS_MLD_ADDR = 0x16 + NL80211_BSS_MLO_LINK_ID = 0x15 NL80211_BSS_PAD = 0x10 NL80211_BSS_PARENT_BSSID = 0x12 NL80211_BSS_PARENT_TSF = 0x11 @@ -4612,6 +4704,7 @@ const ( NL80211_CHAN_WIDTH_20 = 0x1 NL80211_CHAN_WIDTH_20_NOHT = 0x0 NL80211_CHAN_WIDTH_2 = 0x9 + NL80211_CHAN_WIDTH_320 = 0xd NL80211_CHAN_WIDTH_40 = 0x2 NL80211_CHAN_WIDTH_4 = 0xa NL80211_CHAN_WIDTH_5 = 0x6 @@ -4621,8 +4714,11 @@ const ( NL80211_CMD_ABORT_SCAN = 0x72 NL80211_CMD_ACTION = 0x3b NL80211_CMD_ACTION_TX_STATUS = 0x3c + NL80211_CMD_ADD_LINK = 0x94 + NL80211_CMD_ADD_LINK_STA = 0x96 NL80211_CMD_ADD_NAN_FUNCTION = 0x75 NL80211_CMD_ADD_TX_TS = 0x69 + NL80211_CMD_ASSOC_COMEBACK = 0x93 NL80211_CMD_ASSOCIATE = 0x26 NL80211_CMD_AUTHENTICATE = 0x25 NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL = 0x38 @@ -4630,6 +4726,10 @@ const ( NL80211_CMD_CHANNEL_SWITCH = 0x66 NL80211_CMD_CH_SWITCH_NOTIFY = 0x58 NL80211_CMD_CH_SWITCH_STARTED_NOTIFY = 0x6e + NL80211_CMD_COLOR_CHANGE_ABORTED = 0x90 + NL80211_CMD_COLOR_CHANGE_COMPLETED = 0x91 + NL80211_CMD_COLOR_CHANGE_REQUEST = 0x8e + NL80211_CMD_COLOR_CHANGE_STARTED = 0x8f NL80211_CMD_CONNECT = 0x2e NL80211_CMD_CONN_FAILED = 0x5b NL80211_CMD_CONTROL_PORT_FRAME = 0x81 @@ -4678,8 +4778,9 @@ const ( NL80211_CMD_LEAVE_IBSS = 0x2c NL80211_CMD_LEAVE_MESH = 0x45 NL80211_CMD_LEAVE_OCB = 0x6d - NL80211_CMD_MAX = 0x93 + NL80211_CMD_MAX = 0x98 NL80211_CMD_MICHAEL_MIC_FAILURE = 0x29 + NL80211_CMD_MODIFY_LINK_STA = 0x97 NL80211_CMD_NAN_MATCH = 0x78 NL80211_CMD_NEW_BEACON = 0xf NL80211_CMD_NEW_INTERFACE = 0x7 @@ -4692,6 +4793,7 @@ const ( NL80211_CMD_NEW_WIPHY = 0x3 NL80211_CMD_NOTIFY_CQM = 0x40 NL80211_CMD_NOTIFY_RADAR = 0x86 + NL80211_CMD_OBSS_COLOR_COLLISION = 0x8d NL80211_CMD_PEER_MEASUREMENT_COMPLETE = 0x85 NL80211_CMD_PEER_MEASUREMENT_RESULT = 0x84 NL80211_CMD_PEER_MEASUREMENT_START = 0x83 @@ -4707,6 +4809,8 @@ const ( NL80211_CMD_REGISTER_FRAME = 0x3a NL80211_CMD_RELOAD_REGDB = 0x7e NL80211_CMD_REMAIN_ON_CHANNEL = 0x37 + NL80211_CMD_REMOVE_LINK = 0x95 + NL80211_CMD_REMOVE_LINK_STA = 0x98 NL80211_CMD_REQ_SET_REG = 0x1b NL80211_CMD_ROAM = 0x2f NL80211_CMD_SCAN_ABORTED = 0x23 @@ -4717,6 +4821,7 @@ const ( NL80211_CMD_SET_CHANNEL = 0x41 NL80211_CMD_SET_COALESCE = 0x65 NL80211_CMD_SET_CQM = 0x3f + NL80211_CMD_SET_FILS_AAD = 0x92 NL80211_CMD_SET_INTERFACE = 0x6 NL80211_CMD_SET_KEY = 0xa NL80211_CMD_SET_MAC_ACL = 0x5d @@ -4791,6 +4896,8 @@ const ( NL80211_EDMG_BW_CONFIG_MIN = 0x4 NL80211_EDMG_CHANNELS_MAX = 0x3c NL80211_EDMG_CHANNELS_MIN = 0x1 + NL80211_EHT_MAX_CAPABILITY_LEN = 0x33 + NL80211_EHT_MIN_CAPABILITY_LEN = 0xd NL80211_EXTERNAL_AUTH_ABORT = 0x1 NL80211_EXTERNAL_AUTH_START = 0x0 NL80211_EXT_FEATURE_4WAY_HANDSHAKE_AP_PSK = 0x32 @@ -4807,6 +4914,7 @@ const ( NL80211_EXT_FEATURE_BEACON_RATE_HT = 0x7 NL80211_EXT_FEATURE_BEACON_RATE_LEGACY = 0x6 NL80211_EXT_FEATURE_BEACON_RATE_VHT = 0x8 + NL80211_EXT_FEATURE_BSS_COLOR = 0x3a NL80211_EXT_FEATURE_BSS_PARENT_TSF = 0x4 NL80211_EXT_FEATURE_CAN_REPLACE_PTK0 = 0x1f NL80211_EXT_FEATURE_CONTROL_PORT_NO_PREAUTH = 0x2a @@ -4818,6 +4926,7 @@ const ( NL80211_EXT_FEATURE_DFS_OFFLOAD = 0x19 NL80211_EXT_FEATURE_ENABLE_FTM_RESPONDER = 0x20 NL80211_EXT_FEATURE_EXT_KEY_ID = 0x24 + NL80211_EXT_FEATURE_FILS_CRYPTO_OFFLOAD = 0x3b NL80211_EXT_FEATURE_FILS_DISCOVERY = 0x34 NL80211_EXT_FEATURE_FILS_MAX_CHANNEL_TIME = 0x11 NL80211_EXT_FEATURE_FILS_SK_OFFLOAD = 0xe @@ -4833,8 +4942,10 @@ const ( NL80211_EXT_FEATURE_OCE_PROBE_REQ_DEFERRAL_SUPPRESSION = 0x14 NL80211_EXT_FEATURE_OCE_PROBE_REQ_HIGH_TX_RATE = 0x13 NL80211_EXT_FEATURE_OPERATING_CHANNEL_VALIDATION = 0x31 + NL80211_EXT_FEATURE_POWERED_ADDR_CHANGE = 0x3d NL80211_EXT_FEATURE_PROTECTED_TWT = 0x2b NL80211_EXT_FEATURE_PROT_RANGE_NEGO_AND_MEASURE = 0x39 + NL80211_EXT_FEATURE_RADAR_BACKGROUND = 0x3c NL80211_EXT_FEATURE_RRM = 0x1 NL80211_EXT_FEATURE_SAE_OFFLOAD_AP = 0x33 NL80211_EXT_FEATURE_SAE_OFFLOAD = 0x26 @@ -4906,7 +5017,9 @@ const ( NL80211_FREQUENCY_ATTR_NO_10MHZ = 0x11 NL80211_FREQUENCY_ATTR_NO_160MHZ = 0xc NL80211_FREQUENCY_ATTR_NO_20MHZ = 0x10 + NL80211_FREQUENCY_ATTR_NO_320MHZ = 0x1a NL80211_FREQUENCY_ATTR_NO_80MHZ = 0xb + NL80211_FREQUENCY_ATTR_NO_EHT = 0x1b NL80211_FREQUENCY_ATTR_NO_HE = 0x13 NL80211_FREQUENCY_ATTR_NO_HT40_MINUS = 0x9 NL80211_FREQUENCY_ATTR_NO_HT40_PLUS = 0xa @@ -5006,6 +5119,12 @@ const ( NL80211_MAX_SUPP_HT_RATES = 0x4d NL80211_MAX_SUPP_RATES = 0x20 NL80211_MAX_SUPP_REG_RULES = 0x80 + NL80211_MBSSID_CONFIG_ATTR_EMA = 0x5 + NL80211_MBSSID_CONFIG_ATTR_INDEX = 0x3 + NL80211_MBSSID_CONFIG_ATTR_MAX = 0x5 + NL80211_MBSSID_CONFIG_ATTR_MAX_EMA_PROFILE_PERIODICITY = 0x2 + NL80211_MBSSID_CONFIG_ATTR_MAX_INTERFACES = 0x1 + NL80211_MBSSID_CONFIG_ATTR_TX_IFINDEX = 0x4 NL80211_MESHCONF_ATTR_MAX = 0x1f NL80211_MESHCONF_AUTO_OPEN_PLINKS = 0x7 NL80211_MESHCONF_AWAKE_WINDOW = 0x1b @@ -5168,6 +5287,7 @@ const ( NL80211_PMSR_FTM_FAILURE_UNSPECIFIED = 0x0 NL80211_PMSR_FTM_FAILURE_WRONG_CHANNEL = 0x3 NL80211_PMSR_FTM_REQ_ATTR_ASAP = 0x1 + NL80211_PMSR_FTM_REQ_ATTR_BSS_COLOR = 0xd NL80211_PMSR_FTM_REQ_ATTR_BURST_DURATION = 0x5 NL80211_PMSR_FTM_REQ_ATTR_BURST_PERIOD = 0x4 NL80211_PMSR_FTM_REQ_ATTR_FTMS_PER_BURST = 0x6 @@ -5244,12 +5364,36 @@ const ( NL80211_RADAR_PRE_CAC_EXPIRED = 0x4 NL80211_RATE_INFO_10_MHZ_WIDTH = 0xb NL80211_RATE_INFO_160_MHZ_WIDTH = 0xa + NL80211_RATE_INFO_320_MHZ_WIDTH = 0x12 NL80211_RATE_INFO_40_MHZ_WIDTH = 0x3 NL80211_RATE_INFO_5_MHZ_WIDTH = 0xc NL80211_RATE_INFO_80_MHZ_WIDTH = 0x8 NL80211_RATE_INFO_80P80_MHZ_WIDTH = 0x9 NL80211_RATE_INFO_BITRATE32 = 0x5 NL80211_RATE_INFO_BITRATE = 0x1 + NL80211_RATE_INFO_EHT_GI_0_8 = 0x0 + NL80211_RATE_INFO_EHT_GI_1_6 = 0x1 + NL80211_RATE_INFO_EHT_GI_3_2 = 0x2 + NL80211_RATE_INFO_EHT_GI = 0x15 + NL80211_RATE_INFO_EHT_MCS = 0x13 + NL80211_RATE_INFO_EHT_NSS = 0x14 + NL80211_RATE_INFO_EHT_RU_ALLOC_106 = 0x3 + NL80211_RATE_INFO_EHT_RU_ALLOC_106P26 = 0x4 + NL80211_RATE_INFO_EHT_RU_ALLOC_242 = 0x5 + NL80211_RATE_INFO_EHT_RU_ALLOC_26 = 0x0 + NL80211_RATE_INFO_EHT_RU_ALLOC_2x996 = 0xb + NL80211_RATE_INFO_EHT_RU_ALLOC_2x996P484 = 0xc + NL80211_RATE_INFO_EHT_RU_ALLOC_3x996 = 0xd + NL80211_RATE_INFO_EHT_RU_ALLOC_3x996P484 = 0xe + NL80211_RATE_INFO_EHT_RU_ALLOC_484 = 0x6 + NL80211_RATE_INFO_EHT_RU_ALLOC_484P242 = 0x7 + NL80211_RATE_INFO_EHT_RU_ALLOC_4x996 = 0xf + NL80211_RATE_INFO_EHT_RU_ALLOC_52 = 0x1 + NL80211_RATE_INFO_EHT_RU_ALLOC_52P26 = 0x2 + NL80211_RATE_INFO_EHT_RU_ALLOC_996 = 0x8 + NL80211_RATE_INFO_EHT_RU_ALLOC_996P484 = 0x9 + NL80211_RATE_INFO_EHT_RU_ALLOC_996P484P242 = 0xa + NL80211_RATE_INFO_EHT_RU_ALLOC = 0x16 NL80211_RATE_INFO_HE_1XLTF = 0x0 NL80211_RATE_INFO_HE_2XLTF = 0x1 NL80211_RATE_INFO_HE_4XLTF = 0x2 @@ -5292,6 +5436,7 @@ const ( NL80211_RRF_GO_CONCURRENT = 0x1000 NL80211_RRF_IR_CONCURRENT = 0x1000 NL80211_RRF_NO_160MHZ = 0x10000 + NL80211_RRF_NO_320MHZ = 0x40000 NL80211_RRF_NO_80MHZ = 0x8000 NL80211_RRF_NO_CCK = 0x2 NL80211_RRF_NO_HE = 0x20000 diff --git a/vendor/golang.org/x/sys/windows/syscall_windows.go b/vendor/golang.org/x/sys/windows/syscall_windows.go index a49853e9d3af..41cb3c01fd95 100644 --- a/vendor/golang.org/x/sys/windows/syscall_windows.go +++ b/vendor/golang.org/x/sys/windows/syscall_windows.go @@ -10,7 +10,6 @@ import ( errorspkg "errors" "fmt" "runtime" - "strings" "sync" "syscall" "time" @@ -87,22 +86,13 @@ func StringToUTF16(s string) []uint16 { // s, with a terminating NUL added. If s contains a NUL byte at any // location, it returns (nil, syscall.EINVAL). func UTF16FromString(s string) ([]uint16, error) { - if strings.IndexByte(s, 0) != -1 { - return nil, syscall.EINVAL - } - return utf16.Encode([]rune(s + "\x00")), nil + return syscall.UTF16FromString(s) } // UTF16ToString returns the UTF-8 encoding of the UTF-16 sequence s, // with a terminating NUL and any bytes after the NUL removed. func UTF16ToString(s []uint16) string { - for i, v := range s { - if v == 0 { - s = s[:i] - break - } - } - return string(utf16.Decode(s)) + return syscall.UTF16ToString(s) } // StringToUTF16Ptr is deprecated. Use UTF16PtrFromString instead. diff --git a/vendor/modules.txt b/vendor/modules.txt index f8409106d0e3..43e24a5b5c82 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -279,7 +279,7 @@ golang.org/x/net/trace # golang.org/x/sync v0.1.0 ## explicit golang.org/x/sync/errgroup -# golang.org/x/sys v0.4.0 +# golang.org/x/sys v0.5.0 ## explicit; go 1.17 golang.org/x/sys/execabs golang.org/x/sys/internal/unsafeheader From 6131fe9e45a1445b4b699e873d7a49010ebd0f0d Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Wed, 15 Mar 2023 01:34:10 +0100 Subject: [PATCH 047/197] vendor: golang.org/x/text v0.7.0 full diff: https://github.com/golang/text/compare/v0.6.0...v0.7.0 Signed-off-by: Sebastiaan van Stijn (cherry picked from commit a85537d346eb61c97acda1dd5ad28d0048507cbb) Signed-off-by: Sebastiaan van Stijn --- vendor.mod | 2 +- vendor.sum | 4 ++-- vendor/modules.txt | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/vendor.mod b/vendor.mod index 70c9c6a92155..53015643fc90 100644 --- a/vendor.mod +++ b/vendor.mod @@ -40,7 +40,7 @@ require ( golang.org/x/sync v0.1.0 golang.org/x/sys v0.5.0 golang.org/x/term v0.4.0 - golang.org/x/text v0.6.0 + golang.org/x/text v0.7.0 gopkg.in/yaml.v2 v2.4.0 gotest.tools/v3 v3.4.0 ) diff --git a/vendor.sum b/vendor.sum index 7b193f5de36c..338fcf0c2c7b 100644 --- a/vendor.sum +++ b/vendor.sum @@ -595,8 +595,8 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -golang.org/x/text v0.6.0 h1:3XmdazWV+ubf7QgHSTWeykHOci5oeekaGJBLkrkaw4k= -golang.org/x/text v0.6.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.7.0 h1:4BRB4x83lYWy72KwLD/qYDuTu7q9PjSagHvijDw7cLo= +golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= diff --git a/vendor/modules.txt b/vendor/modules.txt index 43e24a5b5c82..3f7e1f902b59 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -289,7 +289,7 @@ golang.org/x/sys/windows # golang.org/x/term v0.4.0 ## explicit; go 1.17 golang.org/x/term -# golang.org/x/text v0.6.0 +# golang.org/x/text v0.7.0 ## explicit; go 1.17 golang.org/x/text/secure/bidirule golang.org/x/text/transform From 476933b68b8f5f1ec20b320d3fce93fe095ccd79 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Wed, 15 Mar 2023 01:35:57 +0100 Subject: [PATCH 048/197] vendor: golang.org/x/time v0.3.0 full diff: https://github.com/golang/time/compare/v0.1.0...v0.3.0 Signed-off-by: Sebastiaan van Stijn (cherry picked from commit f40bbf4f7fe1582fcd2bd3dcd8e21e233ec7733e) Signed-off-by: Sebastiaan van Stijn --- vendor.mod | 2 +- vendor.sum | 4 +- vendor/golang.org/x/time/rate/rate.go | 20 +++---- vendor/golang.org/x/time/rate/sometimes.go | 67 ++++++++++++++++++++++ vendor/modules.txt | 2 +- 5 files changed, 79 insertions(+), 16 deletions(-) create mode 100644 vendor/golang.org/x/time/rate/sometimes.go diff --git a/vendor.mod b/vendor.mod index 53015643fc90..075df7739d24 100644 --- a/vendor.mod +++ b/vendor.mod @@ -72,7 +72,7 @@ require ( go.etcd.io/etcd/raft/v3 v3.5.6 // indirect golang.org/x/crypto v0.2.0 // indirect golang.org/x/net v0.5.0 // indirect - golang.org/x/time v0.1.0 // indirect + golang.org/x/time v0.3.0 // indirect google.golang.org/genproto v0.0.0-20220706185917-7780775163c4 // indirect google.golang.org/grpc v1.48.0 // indirect google.golang.org/protobuf v1.28.1 // indirect diff --git a/vendor.sum b/vendor.sum index 338fcf0c2c7b..e218f0dd49a0 100644 --- a/vendor.sum +++ b/vendor.sum @@ -600,8 +600,8 @@ golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.1.0 h1:xYY+Bajn2a7VBmTM5GikTmnK8ZuX8YgnQCqZpbBNtmA= -golang.org/x/time v0.1.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4= +golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= diff --git a/vendor/golang.org/x/time/rate/rate.go b/vendor/golang.org/x/time/rate/rate.go index 8f7c29f156aa..f0e0cf3cb1db 100644 --- a/vendor/golang.org/x/time/rate/rate.go +++ b/vendor/golang.org/x/time/rate/rate.go @@ -83,7 +83,7 @@ func (lim *Limiter) Burst() int { // TokensAt returns the number of tokens available at time t. func (lim *Limiter) TokensAt(t time.Time) float64 { lim.mu.Lock() - _, _, tokens := lim.advance(t) // does not mutute lim + _, tokens := lim.advance(t) // does not mutate lim lim.mu.Unlock() return tokens } @@ -183,7 +183,7 @@ func (r *Reservation) CancelAt(t time.Time) { return } // advance time to now - t, _, tokens := r.lim.advance(t) + t, tokens := r.lim.advance(t) // calculate new number of tokens tokens += restoreTokens if burst := float64(r.lim.burst); tokens > burst { @@ -304,7 +304,7 @@ func (lim *Limiter) SetLimitAt(t time.Time, newLimit Limit) { lim.mu.Lock() defer lim.mu.Unlock() - t, _, tokens := lim.advance(t) + t, tokens := lim.advance(t) lim.last = t lim.tokens = tokens @@ -321,7 +321,7 @@ func (lim *Limiter) SetBurstAt(t time.Time, newBurst int) { lim.mu.Lock() defer lim.mu.Unlock() - t, _, tokens := lim.advance(t) + t, tokens := lim.advance(t) lim.last = t lim.tokens = tokens @@ -356,7 +356,7 @@ func (lim *Limiter) reserveN(t time.Time, n int, maxFutureReserve time.Duration) } } - t, last, tokens := lim.advance(t) + t, tokens := lim.advance(t) // Calculate the remaining number of tokens resulting from the request. tokens -= float64(n) @@ -379,15 +379,11 @@ func (lim *Limiter) reserveN(t time.Time, n int, maxFutureReserve time.Duration) if ok { r.tokens = n r.timeToAct = t.Add(waitDuration) - } - // Update state - if ok { + // Update state lim.last = t lim.tokens = tokens lim.lastEvent = r.timeToAct - } else { - lim.last = last } return r @@ -396,7 +392,7 @@ func (lim *Limiter) reserveN(t time.Time, n int, maxFutureReserve time.Duration) // advance calculates and returns an updated state for lim resulting from the passage of time. // lim is not changed. // advance requires that lim.mu is held. -func (lim *Limiter) advance(t time.Time) (newT time.Time, newLast time.Time, newTokens float64) { +func (lim *Limiter) advance(t time.Time) (newT time.Time, newTokens float64) { last := lim.last if t.Before(last) { last = t @@ -409,7 +405,7 @@ func (lim *Limiter) advance(t time.Time) (newT time.Time, newLast time.Time, new if burst := float64(lim.burst); tokens > burst { tokens = burst } - return t, last, tokens + return t, tokens } // durationFromTokens is a unit conversion function from the number of tokens to the duration diff --git a/vendor/golang.org/x/time/rate/sometimes.go b/vendor/golang.org/x/time/rate/sometimes.go new file mode 100644 index 000000000000..6ba99ddb67b1 --- /dev/null +++ b/vendor/golang.org/x/time/rate/sometimes.go @@ -0,0 +1,67 @@ +// Copyright 2022 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package rate + +import ( + "sync" + "time" +) + +// Sometimes will perform an action occasionally. The First, Every, and +// Interval fields govern the behavior of Do, which performs the action. +// A zero Sometimes value will perform an action exactly once. +// +// # Example: logging with rate limiting +// +// var sometimes = rate.Sometimes{First: 3, Interval: 10*time.Second} +// func Spammy() { +// sometimes.Do(func() { log.Info("here I am!") }) +// } +type Sometimes struct { + First int // if non-zero, the first N calls to Do will run f. + Every int // if non-zero, every Nth call to Do will run f. + Interval time.Duration // if non-zero and Interval has elapsed since f's last run, Do will run f. + + mu sync.Mutex + count int // number of Do calls + last time.Time // last time f was run +} + +// Do runs the function f as allowed by First, Every, and Interval. +// +// The model is a union (not intersection) of filters. The first call to Do +// always runs f. Subsequent calls to Do run f if allowed by First or Every or +// Interval. +// +// A non-zero First:N causes the first N Do(f) calls to run f. +// +// A non-zero Every:M causes every Mth Do(f) call, starting with the first, to +// run f. +// +// A non-zero Interval causes Do(f) to run f if Interval has elapsed since +// Do last ran f. +// +// Specifying multiple filters produces the union of these execution streams. +// For example, specifying both First:N and Every:M causes the first N Do(f) +// calls and every Mth Do(f) call, starting with the first, to run f. See +// Examples for more. +// +// If Do is called multiple times simultaneously, the calls will block and run +// serially. Therefore, Do is intended for lightweight operations. +// +// Because a call to Do may block until f returns, if f causes Do to be called, +// it will deadlock. +func (s *Sometimes) Do(f func()) { + s.mu.Lock() + defer s.mu.Unlock() + if s.count == 0 || + (s.First > 0 && s.count < s.First) || + (s.Every > 0 && s.count%s.Every == 0) || + (s.Interval > 0 && time.Since(s.last) >= s.Interval) { + f() + s.last = time.Now() + } + s.count++ +} diff --git a/vendor/modules.txt b/vendor/modules.txt index 3f7e1f902b59..5f9b28fa9970 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -296,7 +296,7 @@ golang.org/x/text/transform golang.org/x/text/unicode/bidi golang.org/x/text/unicode/norm golang.org/x/text/width -# golang.org/x/time v0.1.0 +# golang.org/x/time v0.3.0 ## explicit golang.org/x/time/rate # google.golang.org/genproto v0.0.0-20220706185917-7780775163c4 From ff448ff4552952ce38ea5ea55170215a7bcecf14 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Wed, 15 Mar 2023 01:38:48 +0100 Subject: [PATCH 049/197] vendor: golang.org/x/term v0.5.0 full diff: https://github.com/golang/term/compare/v0.4.0...v0.5.0 Signed-off-by: Sebastiaan van Stijn (cherry picked from commit 3a0d492d1c5c0b5e8e8ade41e1c3283ad3c7a864) Signed-off-by: Sebastiaan van Stijn --- vendor.mod | 2 +- vendor.sum | 4 ++-- vendor/modules.txt | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/vendor.mod b/vendor.mod index 075df7739d24..828779828d44 100644 --- a/vendor.mod +++ b/vendor.mod @@ -39,7 +39,7 @@ require ( github.com/xeipuuv/gojsonschema v1.2.0 golang.org/x/sync v0.1.0 golang.org/x/sys v0.5.0 - golang.org/x/term v0.4.0 + golang.org/x/term v0.5.0 golang.org/x/text v0.7.0 gopkg.in/yaml.v2 v2.4.0 gotest.tools/v3 v3.4.0 diff --git a/vendor.sum b/vendor.sum index e218f0dd49a0..9d5d214ff855 100644 --- a/vendor.sum +++ b/vendor.sum @@ -585,8 +585,8 @@ golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.4.0 h1:O7UWfv5+A2qiuulQk30kVinPoMtoIPeVaKLEgLpVkvg= -golang.org/x/term v0.4.0/go.mod h1:9P2UbLfCdcvo3p/nzKvsmas4TnlujnuoV9hGgYzW1lQ= +golang.org/x/term v0.5.0 h1:n2a8QNdAb0sZNpU9R1ALUXBbY+w51fCQDN+7EdxNBsY= +golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= diff --git a/vendor/modules.txt b/vendor/modules.txt index 5f9b28fa9970..54dcb77dfcba 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -286,7 +286,7 @@ golang.org/x/sys/internal/unsafeheader golang.org/x/sys/plan9 golang.org/x/sys/unix golang.org/x/sys/windows -# golang.org/x/term v0.4.0 +# golang.org/x/term v0.5.0 ## explicit; go 1.17 golang.org/x/term # golang.org/x/text v0.7.0 From 079e80889d9a53cb9d1c5e876fb69ea6c48a0d27 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Wed, 15 Mar 2023 01:39:33 +0100 Subject: [PATCH 050/197] vendor: golang.org/x/net v0.7.0 full diff: https://github.com/golang/net/compare/v0.5.0...v0.7.0 Signed-off-by: Sebastiaan van Stijn (cherry picked from commit d213548bd00b6314d620e6b78fcca89467b60aa8) Signed-off-by: Sebastiaan van Stijn --- vendor.mod | 2 +- vendor.sum | 4 +- vendor/golang.org/x/net/http2/flow.go | 2 +- vendor/golang.org/x/net/http2/frame.go | 11 ++- vendor/golang.org/x/net/http2/hpack/hpack.go | 81 ++++++++++++-------- vendor/golang.org/x/net/http2/server.go | 20 ++++- vendor/golang.org/x/net/http2/transport.go | 2 +- vendor/golang.org/x/net/trace/histogram.go | 2 +- vendor/modules.txt | 2 +- 9 files changed, 83 insertions(+), 43 deletions(-) diff --git a/vendor.mod b/vendor.mod index 828779828d44..842e2d0f2826 100644 --- a/vendor.mod +++ b/vendor.mod @@ -71,7 +71,7 @@ require ( github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect go.etcd.io/etcd/raft/v3 v3.5.6 // indirect golang.org/x/crypto v0.2.0 // indirect - golang.org/x/net v0.5.0 // indirect + golang.org/x/net v0.7.0 // indirect golang.org/x/time v0.3.0 // indirect google.golang.org/genproto v0.0.0-20220706185917-7780775163c4 // indirect google.golang.org/grpc v1.48.0 // indirect diff --git a/vendor.sum b/vendor.sum index 9d5d214ff855..5157b5ecbfee 100644 --- a/vendor.sum +++ b/vendor.sum @@ -505,8 +505,8 @@ golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96b golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= -golang.org/x/net v0.5.0 h1:GyT4nK/YDHSqa1c4753ouYCDajOYKTja9Xb/OHtgvSw= -golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws= +golang.org/x/net v0.7.0 h1:rJrUqqhjsgNp7KqAIc25s9pZnjU7TUcSY7HcVZjdn1g= +golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= diff --git a/vendor/golang.org/x/net/http2/flow.go b/vendor/golang.org/x/net/http2/flow.go index 750ac52f2a52..b7dbd186957e 100644 --- a/vendor/golang.org/x/net/http2/flow.go +++ b/vendor/golang.org/x/net/http2/flow.go @@ -18,7 +18,7 @@ type inflow struct { unsent int32 } -// set sets the initial window. +// init sets the initial window. func (f *inflow) init(n int32) { f.avail = n } diff --git a/vendor/golang.org/x/net/http2/frame.go b/vendor/golang.org/x/net/http2/frame.go index 184ac45feb70..c1f6b90dc32f 100644 --- a/vendor/golang.org/x/net/http2/frame.go +++ b/vendor/golang.org/x/net/http2/frame.go @@ -662,6 +662,15 @@ func (f *Framer) WriteData(streamID uint32, endStream bool, data []byte) error { // It is the caller's responsibility not to violate the maximum frame size // and to not call other Write methods concurrently. func (f *Framer) WriteDataPadded(streamID uint32, endStream bool, data, pad []byte) error { + if err := f.startWriteDataPadded(streamID, endStream, data, pad); err != nil { + return err + } + return f.endWrite() +} + +// startWriteDataPadded is WriteDataPadded, but only writes the frame to the Framer's internal buffer. +// The caller should call endWrite to flush the frame to the underlying writer. +func (f *Framer) startWriteDataPadded(streamID uint32, endStream bool, data, pad []byte) error { if !validStreamID(streamID) && !f.AllowIllegalWrites { return errStreamID } @@ -691,7 +700,7 @@ func (f *Framer) WriteDataPadded(streamID uint32, endStream bool, data, pad []by } f.wbuf = append(f.wbuf, data...) f.wbuf = append(f.wbuf, pad...) - return f.endWrite() + return nil } // A SettingsFrame conveys configuration parameters that affect how diff --git a/vendor/golang.org/x/net/http2/hpack/hpack.go b/vendor/golang.org/x/net/http2/hpack/hpack.go index ebdfbee964ae..7a1d976696a7 100644 --- a/vendor/golang.org/x/net/http2/hpack/hpack.go +++ b/vendor/golang.org/x/net/http2/hpack/hpack.go @@ -211,7 +211,7 @@ func (d *Decoder) at(i uint64) (hf HeaderField, ok bool) { return dt.ents[dt.len()-(int(i)-staticTable.len())], true } -// Decode decodes an entire block. +// DecodeFull decodes an entire block. // // TODO: remove this method and make it incremental later? This is // easier for debugging now. @@ -359,6 +359,7 @@ func (d *Decoder) parseFieldLiteral(n uint8, it indexType) error { var hf HeaderField wantStr := d.emitEnabled || it.indexed() + var undecodedName undecodedString if nameIdx > 0 { ihf, ok := d.at(nameIdx) if !ok { @@ -366,15 +367,27 @@ func (d *Decoder) parseFieldLiteral(n uint8, it indexType) error { } hf.Name = ihf.Name } else { - hf.Name, buf, err = d.readString(buf, wantStr) + undecodedName, buf, err = d.readString(buf) if err != nil { return err } } - hf.Value, buf, err = d.readString(buf, wantStr) + undecodedValue, buf, err := d.readString(buf) if err != nil { return err } + if wantStr { + if nameIdx <= 0 { + hf.Name, err = d.decodeString(undecodedName) + if err != nil { + return err + } + } + hf.Value, err = d.decodeString(undecodedValue) + if err != nil { + return err + } + } d.buf = buf if it.indexed() { d.dynTab.add(hf) @@ -459,46 +472,52 @@ func readVarInt(n byte, p []byte) (i uint64, remain []byte, err error) { return 0, origP, errNeedMore } -// readString decodes an hpack string from p. +// readString reads an hpack string from p. // -// wantStr is whether s will be used. If false, decompression and -// []byte->string garbage are skipped if s will be ignored -// anyway. This does mean that huffman decoding errors for non-indexed -// strings past the MAX_HEADER_LIST_SIZE are ignored, but the server -// is returning an error anyway, and because they're not indexed, the error -// won't affect the decoding state. -func (d *Decoder) readString(p []byte, wantStr bool) (s string, remain []byte, err error) { +// It returns a reference to the encoded string data to permit deferring decode costs +// until after the caller verifies all data is present. +func (d *Decoder) readString(p []byte) (u undecodedString, remain []byte, err error) { if len(p) == 0 { - return "", p, errNeedMore + return u, p, errNeedMore } isHuff := p[0]&128 != 0 strLen, p, err := readVarInt(7, p) if err != nil { - return "", p, err + return u, p, err } if d.maxStrLen != 0 && strLen > uint64(d.maxStrLen) { - return "", nil, ErrStringLength + // Returning an error here means Huffman decoding errors + // for non-indexed strings past the maximum string length + // are ignored, but the server is returning an error anyway + // and because the string is not indexed the error will not + // affect the decoding state. + return u, nil, ErrStringLength } if uint64(len(p)) < strLen { - return "", p, errNeedMore - } - if !isHuff { - if wantStr { - s = string(p[:strLen]) - } - return s, p[strLen:], nil + return u, p, errNeedMore } + u.isHuff = isHuff + u.b = p[:strLen] + return u, p[strLen:], nil +} - if wantStr { - buf := bufPool.Get().(*bytes.Buffer) - buf.Reset() // don't trust others - defer bufPool.Put(buf) - if err := huffmanDecode(buf, d.maxStrLen, p[:strLen]); err != nil { - buf.Reset() - return "", nil, err - } +type undecodedString struct { + isHuff bool + b []byte +} + +func (d *Decoder) decodeString(u undecodedString) (string, error) { + if !u.isHuff { + return string(u.b), nil + } + buf := bufPool.Get().(*bytes.Buffer) + buf.Reset() // don't trust others + var s string + err := huffmanDecode(buf, d.maxStrLen, u.b) + if err == nil { s = buf.String() - buf.Reset() // be nice to GC } - return s, p[strLen:], nil + buf.Reset() // be nice to GC + bufPool.Put(buf) + return s, err } diff --git a/vendor/golang.org/x/net/http2/server.go b/vendor/golang.org/x/net/http2/server.go index b624dc0a705e..8cb14f3c97f5 100644 --- a/vendor/golang.org/x/net/http2/server.go +++ b/vendor/golang.org/x/net/http2/server.go @@ -843,8 +843,13 @@ type frameWriteResult struct { // and then reports when it's done. // At most one goroutine can be running writeFrameAsync at a time per // serverConn. -func (sc *serverConn) writeFrameAsync(wr FrameWriteRequest) { - err := wr.write.writeFrame(sc) +func (sc *serverConn) writeFrameAsync(wr FrameWriteRequest, wd *writeData) { + var err error + if wd == nil { + err = wr.write.writeFrame(sc) + } else { + err = sc.framer.endWrite() + } sc.wroteFrameCh <- frameWriteResult{wr: wr, err: err} } @@ -1251,9 +1256,16 @@ func (sc *serverConn) startFrameWrite(wr FrameWriteRequest) { sc.writingFrameAsync = false err := wr.write.writeFrame(sc) sc.wroteFrame(frameWriteResult{wr: wr, err: err}) + } else if wd, ok := wr.write.(*writeData); ok { + // Encode the frame in the serve goroutine, to ensure we don't have + // any lingering asynchronous references to data passed to Write. + // See https://go.dev/issue/58446. + sc.framer.startWriteDataPadded(wd.streamID, wd.endStream, wd.p, nil) + sc.writingFrameAsync = true + go sc.writeFrameAsync(wr, wd) } else { sc.writingFrameAsync = true - go sc.writeFrameAsync(wr) + go sc.writeFrameAsync(wr, nil) } } @@ -2192,7 +2204,7 @@ func (sc *serverConn) newWriterAndRequestNoBody(st *stream, rp requestParam) (*r tlsState = sc.tlsState } - needsContinue := rp.header.Get("Expect") == "100-continue" + needsContinue := httpguts.HeaderValuesContainsToken(rp.header["Expect"], "100-continue") if needsContinue { rp.header.Del("Expect") } diff --git a/vendor/golang.org/x/net/http2/transport.go b/vendor/golang.org/x/net/http2/transport.go index b43ec10cfed9..05ba23d3d988 100644 --- a/vendor/golang.org/x/net/http2/transport.go +++ b/vendor/golang.org/x/net/http2/transport.go @@ -1569,7 +1569,7 @@ func (cs *clientStream) cleanupWriteRequest(err error) { close(cs.donec) } -// awaitOpenSlotForStream waits until len(streams) < maxConcurrentStreams. +// awaitOpenSlotForStreamLocked waits until len(streams) < maxConcurrentStreams. // Must hold cc.mu. func (cc *ClientConn) awaitOpenSlotForStreamLocked(cs *clientStream) error { for { diff --git a/vendor/golang.org/x/net/trace/histogram.go b/vendor/golang.org/x/net/trace/histogram.go index 9bf4286c794b..d6c71101e4d1 100644 --- a/vendor/golang.org/x/net/trace/histogram.go +++ b/vendor/golang.org/x/net/trace/histogram.go @@ -32,7 +32,7 @@ type histogram struct { valueCount int64 // number of values recorded for single value } -// AddMeasurement records a value measurement observation to the histogram. +// addMeasurement records a value measurement observation to the histogram. func (h *histogram) addMeasurement(value int64) { // TODO: assert invariant h.sum += value diff --git a/vendor/modules.txt b/vendor/modules.txt index 54dcb77dfcba..8aef271efe06 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -266,7 +266,7 @@ go.etcd.io/etcd/raft/v3/raftpb ## explicit; go 1.17 golang.org/x/crypto/ed25519 golang.org/x/crypto/pbkdf2 -# golang.org/x/net v0.5.0 +# golang.org/x/net v0.7.0 ## explicit; go 1.17 golang.org/x/net/http/httpguts golang.org/x/net/http2 From 6c052fcda3a17a936e216586a6b34da4ed8c4f80 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Tue, 28 Mar 2023 17:05:24 +0200 Subject: [PATCH 051/197] vendor: github.com/docker/docker v23.0.2 - migrate away from things deprecated in Go 1.20 (removes use of archive/tar.TypeRegA) full diff: https://github.com/docker/docker/compare/v23.0.1...v23.0.2 Signed-off-by: Sebastiaan van Stijn (cherry picked from commit a39958846db078439dec8a8daa1572b4140e4d37) Signed-off-by: Sebastiaan van Stijn --- vendor.mod | 2 +- vendor.sum | 4 ++-- vendor/github.com/docker/docker/pkg/archive/archive.go | 2 +- vendor/modules.txt | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/vendor.mod b/vendor.mod index 842e2d0f2826..11077c287d8a 100644 --- a/vendor.mod +++ b/vendor.mod @@ -10,7 +10,7 @@ require ( github.com/containerd/containerd v1.6.19 github.com/creack/pty v1.1.11 github.com/docker/distribution v2.8.1+incompatible - github.com/docker/docker v23.0.1+incompatible + github.com/docker/docker v23.0.2+incompatible github.com/docker/docker-credential-helpers v0.7.0 github.com/docker/go-connections v0.4.0 github.com/docker/go-units v0.5.0 diff --git a/vendor.sum b/vendor.sum index 5157b5ecbfee..2b4a974349cb 100644 --- a/vendor.sum +++ b/vendor.sum @@ -101,8 +101,8 @@ github.com/denisenkom/go-mssqldb v0.0.0-20191128021309-1d7a30a10f73/go.mod h1:xb github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= github.com/docker/distribution v2.8.1+incompatible h1:Q50tZOPR6T/hjNsyc9g8/syEs6bk8XXApsHjKukMl68= github.com/docker/distribution v2.8.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= -github.com/docker/docker v23.0.1+incompatible h1:vjgvJZxprTTE1A37nm+CLNAdwu6xZekyoiVlUZEINcY= -github.com/docker/docker v23.0.1+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/docker v23.0.2+incompatible h1:q81C2qQ/EhPm8COZMUGOQYh4qLv4Xu6CXELJ3WK/mlU= +github.com/docker/docker v23.0.2+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker-credential-helpers v0.7.0 h1:xtCHsjxogADNZcdv1pKUHXryefjlVRqWqIhk/uXJp0A= github.com/docker/docker-credential-helpers v0.7.0/go.mod h1:rETQfLdHNT3foU5kuNkFR1R1V12OJRRO5lzt2D1b5X0= github.com/docker/go v1.5.1-1.0.20160303222718-d30aec9fd63c h1:lzqkGL9b3znc+ZUgi7FlLnqjQhcXxkNM/quxIjBVMD0= diff --git a/vendor/github.com/docker/docker/pkg/archive/archive.go b/vendor/github.com/docker/docker/pkg/archive/archive.go index e9ac1e322e69..3af7c3a652d9 100644 --- a/vendor/github.com/docker/docker/pkg/archive/archive.go +++ b/vendor/github.com/docker/docker/pkg/archive/archive.go @@ -711,7 +711,7 @@ func createTarFile(path, extractDir string, hdr *tar.Header, reader io.Reader, L } } - case tar.TypeReg, tar.TypeRegA: + case tar.TypeReg: // Source is regular file. We use sequential file access to avoid depleting // the standby list on Windows. On Linux, this equates to a regular os.OpenFile. file, err := sequential.OpenFile(path, os.O_CREATE|os.O_WRONLY, hdrInfo.Mode()) diff --git a/vendor/modules.txt b/vendor/modules.txt index 8aef271efe06..d594609356bf 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -40,7 +40,7 @@ github.com/docker/distribution/registry/client/transport github.com/docker/distribution/registry/storage/cache github.com/docker/distribution/registry/storage/cache/memory github.com/docker/distribution/uuid -# github.com/docker/docker v23.0.1+incompatible +# github.com/docker/docker v23.0.2+incompatible ## explicit github.com/docker/docker/api github.com/docker/docker/api/types From f88c159c7acfa6613087a72c6478f4981138847e Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Mon, 10 Apr 2023 00:15:57 +0200 Subject: [PATCH 052/197] [23.0] vendor: github.com/docker/docker v23.0.3 full diff: https://github.com/docker/docker/compare/v23.0.2...v23.0.3 Signed-off-by: Sebastiaan van Stijn --- vendor.mod | 2 +- vendor.sum | 4 ++-- vendor/modules.txt | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/vendor.mod b/vendor.mod index 11077c287d8a..e710b3474474 100644 --- a/vendor.mod +++ b/vendor.mod @@ -10,7 +10,7 @@ require ( github.com/containerd/containerd v1.6.19 github.com/creack/pty v1.1.11 github.com/docker/distribution v2.8.1+incompatible - github.com/docker/docker v23.0.2+incompatible + github.com/docker/docker v23.0.3+incompatible github.com/docker/docker-credential-helpers v0.7.0 github.com/docker/go-connections v0.4.0 github.com/docker/go-units v0.5.0 diff --git a/vendor.sum b/vendor.sum index 2b4a974349cb..c4db8107b267 100644 --- a/vendor.sum +++ b/vendor.sum @@ -101,8 +101,8 @@ github.com/denisenkom/go-mssqldb v0.0.0-20191128021309-1d7a30a10f73/go.mod h1:xb github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= github.com/docker/distribution v2.8.1+incompatible h1:Q50tZOPR6T/hjNsyc9g8/syEs6bk8XXApsHjKukMl68= github.com/docker/distribution v2.8.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= -github.com/docker/docker v23.0.2+incompatible h1:q81C2qQ/EhPm8COZMUGOQYh4qLv4Xu6CXELJ3WK/mlU= -github.com/docker/docker v23.0.2+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/docker v23.0.3+incompatible h1:9GhVsShNWz1hO//9BNg/dpMnZW25KydO4wtVxWAIbho= +github.com/docker/docker v23.0.3+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker-credential-helpers v0.7.0 h1:xtCHsjxogADNZcdv1pKUHXryefjlVRqWqIhk/uXJp0A= github.com/docker/docker-credential-helpers v0.7.0/go.mod h1:rETQfLdHNT3foU5kuNkFR1R1V12OJRRO5lzt2D1b5X0= github.com/docker/go v1.5.1-1.0.20160303222718-d30aec9fd63c h1:lzqkGL9b3znc+ZUgi7FlLnqjQhcXxkNM/quxIjBVMD0= diff --git a/vendor/modules.txt b/vendor/modules.txt index d594609356bf..66cea78f8854 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -40,7 +40,7 @@ github.com/docker/distribution/registry/client/transport github.com/docker/distribution/registry/storage/cache github.com/docker/distribution/registry/storage/cache/memory github.com/docker/distribution/uuid -# github.com/docker/docker v23.0.2+incompatible +# github.com/docker/docker v23.0.3+incompatible ## explicit github.com/docker/docker/api github.com/docker/docker/api/types From a8e3b4b85273c02f86c0496c3ad267be9a05b705 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Mon, 10 Apr 2023 14:14:29 +0200 Subject: [PATCH 053/197] docs: update engine versions in some examples Signed-off-by: Sebastiaan van Stijn (cherry picked from commit 5d33b7276991442f922950516ea50e2b3bbdc740) Signed-off-by: Sebastiaan van Stijn --- docs/reference/commandline/build.md | 24 +++++------ docs/reference/commandline/info.md | 30 +++++++------- docs/reference/commandline/node_ls.md | 14 +++---- docs/reference/commandline/version.md | 52 +++++++++++------------ man/src/system/info.md | 19 ++++----- man/src/version.md | 60 ++++++++++++++++++--------- 6 files changed, 108 insertions(+), 91 deletions(-) diff --git a/docs/reference/commandline/build.md b/docs/reference/commandline/build.md index d476ac1f29c0..0a770f603460 100644 --- a/docs/reference/commandline/build.md +++ b/docs/reference/commandline/build.md @@ -661,7 +661,7 @@ The `--squash` option has a number of known limitations: #### Prerequisites -The example on this page is using experimental mode in Docker 19.03. +The example on this page is using experimental mode in Docker 23.03. Experimental mode can be enabled by using the `--experimental` flag when starting the Docker daemon or setting `experimental: true` in the `daemon.json` configuration @@ -673,21 +673,21 @@ line in the `Engine` section: ```console Client: Docker Engine - Community - Version: 19.03.8 - API version: 1.40 - Go version: go1.12.17 - Git commit: afacb8b - Built: Wed Mar 11 01:21:11 2020 + Version: 23.0.3 + API version: 1.42 + Go version: go1.19.7 + Git commit: 3e7cbfd + Built: Tue Apr 4 22:05:41 2023 OS/Arch: darwin/amd64 - Experimental: false + Context: default Server: Docker Engine - Community Engine: - Version: 19.03.8 - API version: 1.40 (minimum version 1.12) - Go version: go1.12.17 - Git commit: afacb8b - Built: Wed Mar 11 01:29:16 2020 + Version: 23.0.3 + API version: 1.42 (minimum version 1.12) + Go version: go1.19.7 + Git commit: 59118bf + Built: Tue Apr 4 22:05:41 2023 OS/Arch: linux/amd64 Experimental: true [...] diff --git a/docs/reference/commandline/info.md b/docs/reference/commandline/info.md index 41235357eec5..9a29bb358b24 100644 --- a/docs/reference/commandline/info.md +++ b/docs/reference/commandline/info.md @@ -52,14 +52,11 @@ Client: Debug Mode: false Plugins: buildx: Docker Buildx (Docker Inc.) - Version: v0.8.2 + Version: v0.10.4 Path: /usr/libexec/docker/cli-plugins/docker-buildx compose: Docker Compose (Docker Inc.) - Version: v2.6.0 + Version: v2.17.2 Path: /usr/libexec/docker/cli-plugins/docker-compose - scan: Docker Scan (Docker Inc.) - Version: v0.17.0 - Path: /usr/libexec/docker/cli-plugins/docker-scan Server: Containers: 14 @@ -67,7 +64,7 @@ Server: Paused: 1 Stopped: 10 Images: 52 - Server Version: 22.06.0 + Server Version: 23.0.3 Storage Driver: overlay2 Backing Filesystem: extfs Supports d_type: true @@ -82,11 +79,11 @@ Server: Network: bridge host ipvlan macvlan null overlay Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog Swarm: inactive - Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc + Runtimes: io.containerd.runc.v2 runc Default Runtime: runc Init Binary: docker-init - containerd version: 212e8b6fa2f44b9c21b2798135fc6fb7c53efc16 - runc version: v1.1.1-0-g52de29d + containerd version: 2806fc1057397dbaeefbea0e4e17bddfbd388f38 + runc version: v1.1.5-0-gf19387a init version: de40ad0 Security Options: apparmor @@ -106,7 +103,7 @@ Server: Username: gordontheturtle Registry: https://index.docker.io/v1/ Experimental: false - Insecure registries: + Insecure Registries: myinsecurehost:5000 127.0.0.0/8 Live Restore Enabled: false @@ -119,7 +116,7 @@ You can also specify the output format: ```console $ docker info --format '{{json .}}' -{"ID":"I54V:OLXT:HVMM:TPKO:JPHQ:CQCD:JNLC:O3BZ:4ZVJ:43XJ:PFHZ:6N2S","Containers":14, ...} +{"ID":"4cee4408-10d2-4e17-891c-a41736ac4536","Containers":14, ...} ``` ### Run `docker info` on Windows @@ -133,9 +130,12 @@ Client: Context: default Debug Mode: false Plugins: - buildx: Docker Buildx (Docker Inc., v0.8.2-docker) - compose: Docker Compose (Docker Inc., v2.6.0) - scan: Docker Scan (Docker Inc., v0.17.0) + buildx: Docker Buildx (Docker Inc.) + Version: v0.10.4 + Path: C:\Program Files\Docker\cli-plugins\docker-buildx.exe + compose: Docker Compose (Docker Inc.) + Version: v2.17.2 + Path: C:\Program Files\Docker\cli-plugins\docker-compose.exe Server: Containers: 1 @@ -143,7 +143,7 @@ Server: Paused: 0 Stopped: 1 Images: 17 - Server Version: 20.10.16 + Server Version: 23.0.3 Storage Driver: windowsfilter Logging Driver: json-file Plugins: diff --git a/docs/reference/commandline/node_ls.md b/docs/reference/commandline/node_ls.md index 1f49595fd0a7..adb9a4ed5cb5 100644 --- a/docs/reference/commandline/node_ls.md +++ b/docs/reference/commandline/node_ls.md @@ -110,10 +110,10 @@ Show all nodes that have a `region` node label set: $ docker node ls --filter node.label=region ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS ENGINE VERSION -yg550ettvsjn6g6t840iaiwgb * swarm-test-01 Ready Active Leader 20.10.2 -2lm9w9kbepgvkzkkeyku40e65 swarm-test-02 Ready Active Reachable 20.10.2 -hc0pu7ntc7s4uvj4pv7z7pz15 swarm-test-03 Ready Active Reachable 20.10.2 -n41b2cijmhifxxvz56vwrs12q swarm-test-04 Ready Active 20.10.2 +yg550ettvsjn6g6t840iaiwgb * swarm-test-01 Ready Active Leader 23.0.3 +2lm9w9kbepgvkzkkeyku40e65 swarm-test-02 Ready Active Reachable 23.0.3 +hc0pu7ntc7s4uvj4pv7z7pz15 swarm-test-03 Ready Active Reachable 23.0.3 +n41b2cijmhifxxvz56vwrs12q swarm-test-04 Ready Active 23.0.3 ``` Show all nodes that have a `region` node label, with value `region-a`: @@ -122,8 +122,8 @@ Show all nodes that have a `region` node label, with value `region-a`: $ docker node ls --filter node.label=region=region-a ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS ENGINE VERSION -yg550ettvsjn6g6t840iaiwgb * swarm-test-01 Ready Active Leader 20.10.2 -2lm9w9kbepgvkzkkeyku40e65 swarm-test-02 Ready Active Reachable 20.10.2 +yg550ettvsjn6g6t840iaiwgb * swarm-test-01 Ready Active Leader 23.0.3 +2lm9w9kbepgvkzkkeyku40e65 swarm-test-02 Ready Active Reachable 23.0.3 ``` #### membership @@ -203,7 +203,7 @@ e216jshn25ckzbvmwlnh5jr3g: swarm-manager1 Ready To list all nodes in JSON format, use the `json` directive: ```console $ docker node ls --format json -{"Availability":"Active","EngineVersion":"20.10.5","Hostname":"docker-desktop","ID":"k8f4w7qtzpj5sqzclcqafw35g","ManagerStatus":"Leader","Self":true,"Status":"Ready","TLSStatus":"Ready"} +{"Availability":"Active","EngineVersion":"23.0.3","Hostname":"docker-desktop","ID":"k8f4w7qtzpj5sqzclcqafw35g","ManagerStatus":"Leader","Self":true,"Status":"Ready","TLSStatus":"Ready"} ``` ## Related commands diff --git a/docs/reference/commandline/version.md b/docs/reference/commandline/version.md index 4dfadfafdc7f..9128380c1e72 100644 --- a/docs/reference/commandline/version.md +++ b/docs/reference/commandline/version.md @@ -37,30 +37,30 @@ machine running Docker Desktop: ```console $ docker version -Client: - Version: 20.10.16 - API version: 1.41 - Go version: go1.17.10 - Git commit: aa7e414 - Built: Thu May 12 09:17:28 2022 +Client: Docker Engine - Community + Version: 23.0.3 + API version: 1.42 + Go version: go1.19.7 + Git commit: 3e7cbfd + Built: Tue Apr 4 22:05:41 2023 OS/Arch: darwin/amd64 Context: default -Server: Docker Desktop 4.8.2 (77141) +Server: Docker Desktop 4.19.0 (12345) Engine: - Version: 20.10.16 - API version: 1.41 (minimum version 1.12) - Go version: go1.17.10 - Git commit: f756502 - Built: Thu May 12 09:15:33 2022 + Version: 23.0.3 + API version: 1.42 (minimum version 1.12) + Go version: go1.19.7 + Git commit: 59118bf + Built: Tue Apr 4 22:05:41 2023 OS/Arch: linux/amd64 Experimental: false containerd: - Version: 1.6.4 - GitCommit: 212e8b6fa2f44b9c21b2798135fc6fb7c53efc16 + Version: 1.6.20 + GitCommit: 2806fc1057397dbaeefbea0e4e17bddfbd388f38 runc: - Version: 1.1.1 - GitCommit: v1.1.1-0-g52de29d + Version: 1.1.5 + GitCommit: v1.1.5-0-gf19387a docker-init: Version: 0.19.0 GitCommit: de40ad0 @@ -82,12 +82,12 @@ remote-test-server $ docker version -Client: - Version: 20.10.16 - API version: 1.40 (downgraded from 1.41) - Go version: go1.17.10 - Git commit: aa7e414 - Built: Thu May 12 09:17:28 2022 +Client: Docker Engine - Community + Version: 23.0.3 + API version: 1.40 (downgraded from 1.42) + Go version: go1.19.7 + Git commit: 3e7cbfd + Built: Tue Apr 4 22:05:41 2023 OS/Arch: darwin/amd64 Context: remote-test-server @@ -142,7 +142,7 @@ $ docker version --format '{{.Client.APIVersion}}' $ unset DOCKER_API_VERSION $ docker version --format '{{.Client.APIVersion}}' -1.41 +1.42 ``` ## Examples @@ -159,7 +159,7 @@ page for details of the format. ```console $ docker version --format '{{.Server.Version}}' -20.10.16 +23.0.3 ``` ### Get the client API version @@ -169,7 +169,7 @@ The following example prints the API version that is used by the client: ```console $ docker version --format '{{.Client.APIVersion}}' -1.41 +1.42 ``` The version shown is the API version that is negotiated between the client @@ -181,5 +181,5 @@ above for more information. ```console $ docker version --format '{{json .}}' -{"Client":{"Platform":{"Name":"Docker Engine - Community"},"Version":"19.03.8","ApiVersion":"1.40","DefaultAPIVersion":"1.40","GitCommit":"afacb8b","GoVersion":"go1.12.17","Os":"darwin","Arch":"amd64","BuildTime":"Wed Mar 11 01:21:11 2020","Experimental":true},"Server":{"Platform":{"Name":"Docker Engine - Community"},"Components":[{"Name":"Engine","Version":"19.03.8","Details":{"ApiVersion":"1.40","Arch":"amd64","BuildTime":"Wed Mar 11 01:29:16 2020","Experimental":"true","GitCommit":"afacb8b","GoVersion":"go1.12.17","KernelVersion":"4.19.76-linuxkit","MinAPIVersion":"1.12","Os":"linux"}},{"Name":"containerd","Version":"v1.2.13","Details":{"GitCommit":"7ad184331fa3e55e52b890ea95e65ba581ae3429"}},{"Name":"runc","Version":"1.0.0-rc10","Details":{"GitCommit":"dc9208a3303feef5b3839f4323d9beb36df0a9dd"}},{"Name":"docker-init","Version":"0.18.0","Details":{"GitCommit":"fec3683"}}],"Version":"19.03.8","ApiVersion":"1.40","MinAPIVersion":"1.12","GitCommit":"afacb8b","GoVersion":"go1.12.17","Os":"linux","Arch":"amd64","KernelVersion":"4.19.76-linuxkit","Experimental":true,"BuildTime":"2020-03-11T01:29:16.000000000+00:00"}} +{"Client":"Version":"23.0.3","ApiVersion":"1.42", ...} ``` diff --git a/man/src/system/info.md b/man/src/system/info.md index 5e9eb96ef914..a4d4bbb978c4 100644 --- a/man/src/system/info.md +++ b/man/src/system/info.md @@ -32,14 +32,11 @@ Client: Debug Mode: false Plugins: buildx: Docker Buildx (Docker Inc.) - Version: v0.8.2 + Version: v0.10.4 Path: /usr/libexec/docker/cli-plugins/docker-buildx compose: Docker Compose (Docker Inc.) - Version: v2.6.0 + Version: v2.17.2 Path: /usr/libexec/docker/cli-plugins/docker-compose - scan: Docker Scan (Docker Inc.) - Version: v0.17.0 - Path: /usr/libexec/docker/cli-plugins/docker-scan Server: Containers: 14 @@ -47,7 +44,7 @@ Server: Paused: 1 Stopped: 10 Images: 52 - Server Version: 22.06.0 + Server Version: 23.0.3 Storage Driver: overlay2 Backing Filesystem: extfs Supports d_type: true @@ -62,11 +59,11 @@ Server: Network: bridge host ipvlan macvlan null overlay Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog Swarm: inactive - Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc + Runtimes: io.containerd.runc.v2 runc Default Runtime: runc Init Binary: docker-init - containerd version: 212e8b6fa2f44b9c21b2798135fc6fb7c53efc16 - runc version: v1.1.1-0-g52de29d + containerd version: 2806fc1057397dbaeefbea0e4e17bddfbd388f38 + runc version: v1.1.5-0-gf19387a init version: de40ad0 Security Options: apparmor @@ -86,7 +83,7 @@ Server: Username: gordontheturtle Registry: https://index.docker.io/v1/ Experimental: false - Insecure registries: + Insecure Registries: myinsecurehost:5000 127.0.0.0/8 Live Restore Enabled: false @@ -95,4 +92,4 @@ Server: You can also specify the output format: $ docker info --format '{{json .}}' - {"ID":"I54V:OLXT:HVMM:TPKO:JPHQ:CQCD:JNLC:O3BZ:4ZVJ:43XJ:PFHZ:6N2S","Containers":14, ...} + {"ID":"4cee4408-10d2-4e17-891c-a41736ac4536","Containers":14, ...} diff --git a/man/src/version.md b/man/src/version.md index 5dea4a297c52..4d5ff070e322 100644 --- a/man/src/version.md +++ b/man/src/version.md @@ -1,37 +1,57 @@ -This command displays version information for both the Docker client and -daemon. +The version command prints the current version number for all independently +versioned Docker components. # EXAMPLES ## Display Docker version information -The default output: +The default output renders all version information divided into two sections; +the "Client" section contains information about the Docker CLI and client +components, and the "Server" section contains information about the Docker +Engine and components used by the Engine, such as the "Containerd" and "Runc" +OCI Runtimes. + +The information shown may differ depending on how you installed Docker and +what components are in use. The following example shows the output on a macOS +machine running Docker Desktop: $ docker version - Client: - Version: 1.8.0 - API version: 1.20 - Go version: go1.4.2 - Git commit: f5bae0a - Built: Tue Jun 23 17:56:00 UTC 2015 - OS/Arch: linux/amd64 - - Server: - Version: 1.8.0 - API version: 1.20 - Go version: go1.4.2 - Git commit: f5bae0a - Built: Tue Jun 23 17:56:00 UTC 2015 - OS/Arch: linux/amd64 + Client: Docker Engine - Community + Version: 23.0.3 + API version: 1.42 + Go version: go1.19.7 + Git commit: 3e7cbfd + Built: Tue Apr 4 22:05:41 2023 + OS/Arch: darwin/amd64 + Context: default + + Server: Docker Desktop 4.19.0 (12345) + Engine: + Version: 23.0.3 + API version: 1.42 (minimum version 1.12) + Go version: go1.19.7 + Git commit: 59118bf + Built: Tue Apr 4 22:05:41 2023 + OS/Arch: linux/amd64 + Experimental: false + containerd: + Version: 1.6.20 + GitCommit: 2806fc1057397dbaeefbea0e4e17bddfbd388f38 + runc: + Version: 1.1.5 + GitCommit: v1.1.5-0-gf19387a + docker-init: + Version: 0.19.0 + GitCommit: de40ad0 Get server version: $ docker version --format '{{.Server.Version}}' - 1.8.0 + 23.0.3 Dump raw data: To view all available fields, you can use the format `{{json .}}`. $ docker version --format '{{json .}}' - {"Client":{"Version":"1.8.0","ApiVersion":"1.20","GitCommit":"f5bae0a","GoVersion":"go1.4.2","Os":"linux","Arch":"amd64","BuildTime":"Tue Jun 23 17:56:00 UTC 2015"},"ServerOK":true,"Server":{"Version":"1.8.0","ApiVersion":"1.20","GitCommit":"f5bae0a","GoVersion":"go1.4.2","Os":"linux","Arch":"amd64","KernelVersion":"3.13.2-gentoo","BuildTime":"Tue Jun 23 17:56:00 UTC 2015"}} + {"Client":"Version":"23.0.3","ApiVersion":"1.42", ...} From e67e5559d57b3a93c241a0da82b562abe4f9a6f5 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Wed, 12 Apr 2023 12:11:05 +0200 Subject: [PATCH 054/197] docs: deprecated: fix version (23.1.0 -> 24.0.0) The next release will be "v24.0.0", not "v23.1.0" Signed-off-by: Sebastiaan van Stijn (cherry picked from commit 04df7002579509c597c97beb7688883234552840) Signed-off-by: Sebastiaan van Stijn --- docs/deprecated.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/deprecated.md b/docs/deprecated.md index affa938dd455..1efe015a695b 100644 --- a/docs/deprecated.md +++ b/docs/deprecated.md @@ -50,7 +50,7 @@ The table below provides an overview of the current status of deprecated feature | Status | Feature | Deprecated | Remove | |------------|------------------------------------------------------------------------------------------------------------------------------------|------------|---------| -| Deprecated | [Buildkit build information](#buildkit-build-information) | v23.0.0 | v23.1.0 | +| Deprecated | [Buildkit build information](#buildkit-build-information) | v23.0.0 | v24.0.0 | | Deprecated | [Legacy builder for Linux images](#legacy-builder-for-linux-images) | v23.0.0 | - | | Deprecated | [Legacy builder fallback](#legacy-builder-fallback) | v23.0.0 | - | | Removed | [Btrfs storage driver on CentOS 7 and RHEL 7](#btrfs-storage-driver-on-centos-7-and-rhel-7) | v20.10 | v23.0.0 | From 4b4d7e2b480a8cae321552ababc805148ec300ee Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Wed, 12 Apr 2023 10:23:47 +0200 Subject: [PATCH 055/197] cli/command: fix documentation for ResolveAuthConfig This function no longer uses the /info endpoint to resolve the registry to use. The documentation for this function was still referring to the (once used) special registry for Windows images, which is no longer in use, so update the docs to reflect reality :) Signed-off-by: Sebastiaan van Stijn (cherry picked from commit 5bd359132b20af4fa3a7f6627146eb5ad0c5caf6) Signed-off-by: Sebastiaan van Stijn --- cli/command/registry.go | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/cli/command/registry.go b/cli/command/registry.go index 9958b7c0f8fb..90cc08c53ae4 100644 --- a/cli/command/registry.go +++ b/cli/command/registry.go @@ -56,9 +56,12 @@ func RegistryAuthenticationPrivilegedFunc(cli Cli, index *registrytypes.IndexInf } } -// ResolveAuthConfig is like registry.ResolveAuthConfig, but if using the -// default index, it uses the default index name for the daemon's platform, -// not the client's platform. +// ResolveAuthConfig returns auth-config for the given registry from the +// credential-store. It returns an empty AuthConfig if no credentials were +// found. +// +// It is similar to [registry.ResolveAuthConfig], but uses the credentials- +// store, instead of looking up credentials from a map. func ResolveAuthConfig(_ context.Context, cli Cli, index *registrytypes.IndexInfo) types.AuthConfig { configKey := index.Name if index.Official { From e76242fff241a186c7d0a0831c47fb2dd3bb08eb Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Wed, 12 Apr 2023 18:12:08 +0200 Subject: [PATCH 056/197] docs/reference: remove mention of DOCKER_NOWARN_KERNEL_VERSION Support for this environment variable was removed in docker 23.0 in https://github.com/moby/moby/commit/1240f8b41d34abe9252b882bddd42e140b62b83b From that patch: > All regular, non-EOL Linux distros now come with more recent kernels > out of the box. There may still be users trying to run on kernel 3.10 > or older (some embedded systems, e.g.), but those should be a rare > exception, which we don't have to take into account. > > This patch removes the kernel version check on Linux, and the corresponding > DOCKER_NOWARN_KERNEL_VERSION environment that was there to skip this > check. Signed-off-by: Sebastiaan van Stijn (cherry picked from commit 4a863df57a357823ff6ecd7b883a87781034f499) Signed-off-by: Sebastiaan van Stijn --- docs/reference/commandline/dockerd.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/docs/reference/commandline/dockerd.md b/docs/reference/commandline/dockerd.md index a8a3cf2dee64..b8d86360a867 100644 --- a/docs/reference/commandline/dockerd.md +++ b/docs/reference/commandline/dockerd.md @@ -130,8 +130,6 @@ For easy reference, the following list of environment variables are supported by the `dockerd` command line: * `DOCKER_DRIVER` The graph driver to use. -* `DOCKER_NOWARN_KERNEL_VERSION` Prevent warnings that your Linux kernel is - unsuitable for Docker. * `DOCKER_RAMDISK` If set this will disable 'pivot_root'. * `DOCKER_TMPDIR` Location for temporary Docker files. * `MOBY_DISABLE_PIGZ` Do not use [`unpigz`](https://linux.die.net/man/1/pigz) to From 623da1997e475e96358f2eb94e0d918ca6491bb0 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Wed, 12 Apr 2023 18:15:13 +0200 Subject: [PATCH 057/197] docs/reference: reformat env-vars table, and simplify No need to mention that the env-var may be removed at that point to keep the description more to-the-point. Signed-off-by: Sebastiaan van Stijn (cherry picked from commit 879e0804a4d9f11079955cde963a3a89349b3519) Signed-off-by: Sebastiaan van Stijn --- docs/reference/commandline/cli.md | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/docs/reference/commandline/cli.md b/docs/reference/commandline/cli.md index 9180906af004..c8c5c6e0e12d 100644 --- a/docs/reference/commandline/cli.md +++ b/docs/reference/commandline/cli.md @@ -123,19 +123,19 @@ the [installation](https://docs.docker.com/install/) instructions for your opera The following list of environment variables are supported by the `docker` command line: -| Variable | Description | -|:------------------------------|:----------------------------------------------------------------------------------------------------------------------------------------| -| `DOCKER_API_VERSION` | Override the negotiated API version to use for debugging (e.g. `1.19`) | -| `DOCKER_CERT_PATH` | Location of your authentication keys. This variable is used both by the `docker` CLI and the [`dockerd` daemon](dockerd.md) | -| `DOCKER_CONFIG` | The location of your client configuration files. | -| `DOCKER_CONTENT_TRUST_SERVER` | The URL of the Notary server to use. Defaults to the same URL as the registry. | -| `DOCKER_CONTENT_TRUST` | When set Docker uses notary to sign and verify images. Equates to `--disable-content-trust=false` for build, create, pull, push, run. | -| `DOCKER_CONTEXT` | Name of the `docker context` to use (overrides `DOCKER_HOST` env var and default context set with `docker context use`) | -| `DOCKER_DEFAULT_PLATFORM` | Default platform for commands that take the `--platform` flag. | -| `DOCKER_HIDE_LEGACY_COMMANDS` | When set, Docker hides "legacy" top-level commands (such as `docker rm`, and `docker pull`) in `docker help` output, and only `Management commands` per object-type (e.g., `docker container`) are printed. This may become the default in a future release, at which point this environment-variable is removed. | -| `DOCKER_HOST` | Daemon socket to connect to. | -| `DOCKER_TLS_VERIFY` | When set Docker uses TLS and verifies the remote. This variable is used both by the `docker` CLI and the [`dockerd` daemon](dockerd.md) | -| `BUILDKIT_PROGRESS` | Set type of progress output (`auto`, `plain`, `tty`) when [building](build.md) with [BuildKit backend](https://docs.docker.com/build/buildkit/). Use plain to show container output (default `auto`). | +| Variable | Description | +|:------------------------------|:-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `DOCKER_API_VERSION` | Override the negotiated API version to use for debugging (e.g. `1.19`) | +| `DOCKER_CERT_PATH` | Location of your authentication keys. This variable is used both by the `docker` CLI and the [`dockerd` daemon](dockerd.md) | +| `DOCKER_CONFIG` | The location of your client configuration files. | +| `DOCKER_CONTENT_TRUST_SERVER` | The URL of the Notary server to use. Defaults to the same URL as the registry. | +| `DOCKER_CONTENT_TRUST` | When set Docker uses notary to sign and verify images. Equates to `--disable-content-trust=false` for build, create, pull, push, run. | +| `DOCKER_CONTEXT` | Name of the `docker context` to use (overrides `DOCKER_HOST` env var and default context set with `docker context use`) | +| `DOCKER_DEFAULT_PLATFORM` | Default platform for commands that take the `--platform` flag. | +| `DOCKER_HIDE_LEGACY_COMMANDS` | When set, Docker hides "legacy" top-level commands (such as `docker rm`, and `docker pull`) in `docker help` output, and only `Management commands` per object-type (e.g., `docker container`) are printed. This may become the default in a future release. | +| `DOCKER_HOST` | Daemon socket to connect to. | +| `DOCKER_TLS_VERIFY` | When set Docker uses TLS and verifies the remote. This variable is used both by the `docker` CLI and the [`dockerd` daemon](dockerd.md) | +| `BUILDKIT_PROGRESS` | Set type of progress output (`auto`, `plain`, `tty`) when [building](build.md) with [BuildKit backend](https://docs.docker.com/build/buildkit/). Use plain to show container output (default `auto`). | Because Docker is developed using Go, you can also use any environment variables used by the Go runtime. In particular, you may find these useful: From 2cb152c41dd5cad353454ef6063d1861963df655 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Wed, 12 Apr 2023 18:19:20 +0200 Subject: [PATCH 058/197] docs/reference: use table for proxy env-vars Adding a description based on the Go documentation. Signed-off-by: Sebastiaan van Stijn (cherry picked from commit 370174800080b170ff103cbad3ace310f7a26ef2) Signed-off-by: Sebastiaan van Stijn --- docs/reference/commandline/cli.md | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/docs/reference/commandline/cli.md b/docs/reference/commandline/cli.md index c8c5c6e0e12d..c5affb008cfb 100644 --- a/docs/reference/commandline/cli.md +++ b/docs/reference/commandline/cli.md @@ -140,13 +140,14 @@ line: Because Docker is developed using Go, you can also use any environment variables used by the Go runtime. In particular, you may find these useful: -* `HTTP_PROXY` -* `HTTPS_PROXY` -* `NO_PROXY` - -These Go environment variables are case-insensitive. See the -[Go specification](https://golang.org/pkg/net/http/) for details on these -variables. +| Variable | Description | +|:--------------|:-------------------------------------------------------------------------------| +| `HTTP_PROXY` | Proxy URL for HTTP requests unless overridden by NoProxy. | +| `HTTPS_PROXY` | Proxy URL for HTTPS requests unless overridden by NoProxy. | +| `NO_PROXY` | Comma-separated values specifying hosts that should be excluded from proxying. | + +See the [Go specification](https://pkg.go.dev/golang.org/x/net/http/httpproxy#Config) +for details on these variables. ## Configuration files From 8a35f92fff28b466d8f4f6648abf4cdabb0146ef Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Wed, 12 Apr 2023 18:27:40 +0200 Subject: [PATCH 059/197] docs/reference: dockerd: use table for env-vars Signed-off-by: Sebastiaan van Stijn (cherry picked from commit 32bc912008fdb248584e4005ceafd51f496e81ad) Signed-off-by: Sebastiaan van Stijn --- docs/reference/commandline/dockerd.md | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/docs/reference/commandline/dockerd.md b/docs/reference/commandline/dockerd.md index b8d86360a867..a5e4f0617c5e 100644 --- a/docs/reference/commandline/dockerd.md +++ b/docs/reference/commandline/dockerd.md @@ -129,11 +129,17 @@ to [the `daemon.json` file](#daemon-configuration-file). For easy reference, the following list of environment variables are supported by the `dockerd` command line: -* `DOCKER_DRIVER` The graph driver to use. -* `DOCKER_RAMDISK` If set this will disable 'pivot_root'. -* `DOCKER_TMPDIR` Location for temporary Docker files. -* `MOBY_DISABLE_PIGZ` Do not use [`unpigz`](https://linux.die.net/man/1/pigz) to - decompress layers in parallel when pulling images, even if it is installed. +| Variable | Description | +|:--------------------|:----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `DOCKER_CERT_PATH` | Location of your authentication keys. This variable is used both by the [`docker` CLI](cli.md) and the `dockerd` daemon. | +| `DOCKER_DRIVER` | The storage driver to use. | +| `DOCKER_RAMDISK` | If set this disables 'pivot_root'. | +| `DOCKER_TLS_VERIFY` | When set Docker uses TLS and verifies the remote. This variable is used both by the [`docker` CLI](cli.md) and the `dockerd` daemon. | +| `DOCKER_TMPDIR` | Location for temporary files created by the daemon. | +| `HTTP_PROXY` | Proxy URL for HTTP requests unless overridden by NoProxy. See the [Go specification](https://pkg.go.dev/golang.org/x/net/http/httpproxy#Config) for details. | +| `HTTPS_PROXY` | Proxy URL for HTTPS requests unless overridden by NoProxy. See the [Go specification](https://pkg.go.dev/golang.org/x/net/http/httpproxy#Config) for details. | +| `MOBY_DISABLE_PIGZ` | Disables the use of [`unpigz`](https://linux.die.net/man/1/pigz) to decompress layers in parallel when pulling images, even if it is installed. | | +| `NO_PROXY` | Comma-separated values specifying hosts that should be excluded from proxying. See the [Go specification](https://pkg.go.dev/golang.org/x/net/http/httpproxy#Config) for details. | ## Examples From 6bc4bf4f0592905ce62e9b7c5bbcff27d84d6f27 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Wed, 12 Apr 2023 18:41:27 +0200 Subject: [PATCH 060/197] docs/reference: dockerd: update seccomp flag description Update the description for the changes made in; https://github.com/moby/moby/commit/68e96f88ee1598563a66a1f53b8844291423fc88 Signed-off-by: Sebastiaan van Stijn (cherry picked from commit c2097436121fbd72680b6baf2e348a6b8da88533) Signed-off-by: Sebastiaan van Stijn --- docs/reference/commandline/dockerd.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/commandline/dockerd.md b/docs/reference/commandline/dockerd.md index a5e4f0617c5e..135846940521 100644 --- a/docs/reference/commandline/dockerd.md +++ b/docs/reference/commandline/dockerd.md @@ -90,7 +90,7 @@ Options: --raw-logs Full timestamps without ANSI coloring --registry-mirror list Preferred registry mirror --rootless Enable rootless mode; typically used with RootlessKit - --seccomp-profile string Path to seccomp profile + --seccomp-profile string Path to seccomp profile. Use "unconfined" to disable the default seccomp profile (default "builtin") --selinux-enabled Enable selinux support --shutdown-timeout int Set the default shutdown timeout (default 15) -s, --storage-driver string Storage driver to use From aa85421ff8274f9a562b42eb291f47b3bcaa23e1 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Wed, 12 Apr 2023 18:45:20 +0200 Subject: [PATCH 061/197] docs/reference: dockerd: remove default oom-score-adjust The daemon no longer adjusts its oom-score by default; see - https://github.com/moby/moby/commit/2b8e68ef06ca3daf2b0e17e51ba72999773b6270 - https://github.com/moby/moby/commit/cf7a5be0f2ee8bb4a3f7961682e13b89bc625299 Signed-off-by: Sebastiaan van Stijn (cherry picked from commit c730a8eb95c2d4711611b1dbeb4e93caed558e74) Signed-off-by: Sebastiaan van Stijn --- docs/reference/commandline/dockerd.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/reference/commandline/dockerd.md b/docs/reference/commandline/dockerd.md index 135846940521..79a78539d52e 100644 --- a/docs/reference/commandline/dockerd.md +++ b/docs/reference/commandline/dockerd.md @@ -85,7 +85,7 @@ Options: --network-control-plane-mtu int Network Control plane MTU (default 1500) --no-new-privileges Set no-new-privileges by default for new containers --node-generic-resource list Advertise user-defined resource - --oom-score-adjust int Set the oom_score_adj for the daemon (default -500) + --oom-score-adjust int Set the oom_score_adj for the daemon -p, --pidfile string Path to use for daemon PID file (default "/var/run/docker.pid") --raw-logs Full timestamps without ANSI coloring --registry-mirror list Preferred registry mirror @@ -1259,7 +1259,7 @@ This is a full example of the allowed configuration options on Linux: "NVIDIA-GPU=UUID1", "NVIDIA-GPU=UUID2" ], - "oom-score-adjust": -500, + "oom-score-adjust": 0, "pidfile": "", "raw-logs": false, "registry-mirrors": [], From b6cd3c85b5e9199a1369e92ba3b992ed6eb8982c Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Sat, 2 Apr 2022 14:07:51 +0200 Subject: [PATCH 062/197] docs: update dockerd usage output for new proxy-options Adds documentation for the options that were added in https://github.com/moby/moby/commit/427c7cc5f86364466c7173e8ca59b97c3876471d Signed-off-by: Sebastiaan van Stijn (cherry picked from commit c846428cb639f10053df376ab8f4ab0adddf02d1) Signed-off-by: Sebastiaan van Stijn --- docs/reference/commandline/dockerd.md | 40 +++++++++++++++++++++++---- docs/reference/commandline/pull.md | 6 ++-- man/dockerd.8.md | 12 ++++++++ 3 files changed, 48 insertions(+), 10 deletions(-) diff --git a/docs/reference/commandline/dockerd.md b/docs/reference/commandline/dockerd.md index 79a78539d52e..2413dd1bfcca 100644 --- a/docs/reference/commandline/dockerd.md +++ b/docs/reference/commandline/dockerd.md @@ -18,7 +18,7 @@ redirect_from: # daemon ```markdown -Usage: dockerd COMMAND +Usage: dockerd [OPTIONS] A self-sufficient runtime for containers. @@ -35,14 +35,14 @@ Options: --containerd-namespace string Containerd namespace to use (default "moby") --containerd-plugins-namespace string Containerd namespace to use for plugins (default "plugins.moby") --cpu-rt-period int Limit the CPU real-time period in microseconds for the - parent cgroup for all containers + parent cgroup for all containers (not supported with cgroups v2) --cpu-rt-runtime int Limit the CPU real-time runtime in microseconds for the - parent cgroup for all containers + parent cgroup for all containers (not supported with cgroups v2) --cri-containerd start containerd with cri --data-root string Root directory of persistent Docker state (default "/var/lib/docker") -D, --debug Enable debug mode --default-address-pool pool-options Default address pools for node specific local networks - --default-cgroupns-mode string Default mode for containers cgroup namespace ("host" | "private") (default "host") + --default-cgroupns-mode string Default mode for containers cgroup namespace ("host" | "private") (default "private") --default-gateway ip Container default gateway IPv4 address --default-gateway-v6 ip Container default gateway IPv6 address --default-ipc-mode string Default mode for containers ipc ("shareable" | "private") (default "private") @@ -62,6 +62,8 @@ Options: -H, --host list Daemon socket(s) to connect to --host-gateway-ip ip IP address that the special 'host-gateway' string in --add-host resolves to. Defaults to the IP address of the default bridge + --http-proxy string HTTP proxy URL to use for outgoing traffic + --https-proxy string HTTPS proxy URL to use for outgoing traffic --icc Enable inter-container communication (default true) --init Run an init in the container to forward signals and reap processes --init-path string Path to the docker-init binary @@ -69,8 +71,8 @@ Options: --ip ip Default IP when binding container ports (default 0.0.0.0) --ip-forward Enable net.ipv4.ip_forward (default true) --ip-masq Enable IP masquerading (default true) + --ip6tables Enable addition of ip6tables rules (experimental) --iptables Enable addition of iptables rules (default true) - --ip6tables Enable addition of ip6tables rules (default false) --ipv6 Enable IPv6 networking --label list Set key=value labels to the daemon --live-restore Enable live restore of docker when containers are still running @@ -81,9 +83,10 @@ Options: --max-concurrent-uploads int Set the max concurrent uploads (default 5) --max-download-attempts int Set the max download attempts for each pull (default 5) --metrics-addr string Set default address and port to serve the metrics api on - --mtu int Set the containers network MTU + --mtu int Set the containers network MTU (default 1500) --network-control-plane-mtu int Network Control plane MTU (default 1500) --no-new-privileges Set no-new-privileges by default for new containers + --no-proxy string Comma-separated list of hosts or IP addresses for which the proxy is skipped --node-generic-resource list Advertise user-defined resource --oom-score-adjust int Set the oom_score_adj for the daemon -p, --pidfile string Path to use for daemon PID file (default "/var/run/docker.pid") @@ -143,6 +146,28 @@ by the `dockerd` command line: ## Examples +### Proxy configuration + +> **Note** +> +> Refer to the [Docker Desktop manual](https://docs.docker.com/desktop/networking/#httphttps-proxy-support) +> if you are running [Docker Desktop](https://docs.docker.com/desktop/). + +If you are behind an HTTP proxy server, for example in corporate settings, +you may have to configure the Docker daemon to use the proxy server for +operations such as pulling and pushing images. The daemon can be configured +in three ways: + +1. Using environment variables (`HTTP_PROXY`, `HTTPS_PROXY`, and `NO_PROXY`). +2. Using the "http-proxy", "https-proxy", and "no-proxy" fields in the + [daemon configuration file](#daemon-configuration-file) (Docker Engine 23.0 or newer). +3. Using the `--http-proxy`, `--https-proxy`, and `--no-proxy` command-line + options. (Docker Engine 23.0 or newer). + +The command-line and configuration file options take precedence over environment +variables. Refer to [control and configure Docker with systemd](https://docs.docker.com/config/daemon/systemd/#httphttps-proxy) +to set these environment variables on a host using `systemd`. + ### Daemon socket option The Docker daemon can listen for [Docker Engine API](https://docs.docker.com/engine/api/) @@ -1226,6 +1251,9 @@ This is a full example of the allowed configuration options on Linux: "fixed-cidr-v6": "", "group": "", "hosts": [], + "http-proxy": "http://proxy.example.com:80", + "https-proxy": "https://proxy.example.com:443", + "no-proxy": "*.test.example.com,.example.org", "icc": false, "init": false, "init-path": "/usr/libexec/docker-init", diff --git a/docs/reference/commandline/pull.md b/docs/reference/commandline/pull.md index 443f12af044d..8c90dc4e5d97 100644 --- a/docs/reference/commandline/pull.md +++ b/docs/reference/commandline/pull.md @@ -34,10 +34,8 @@ use `docker pull`. If you are behind an HTTP proxy server, for example in corporate settings, before open a connect to registry, you may need to configure the Docker -daemon's proxy settings, using the `HTTP_PROXY`, `HTTPS_PROXY`, and `NO_PROXY` -environment variables. To set these environment variables on a host using -`systemd`, refer to the [control and configure Docker with systemd](https://docs.docker.com/config/daemon/systemd/#httphttps-proxy) -for variables configuration. +daemon's proxy settings, refer to the [dockerd command-line reference](dockerd.md#proxy-configuration) +for details. ### Concurrent downloads diff --git a/man/dockerd.8.md b/man/dockerd.8.md index 0043f704705a..2daac117f384 100644 --- a/man/dockerd.8.md +++ b/man/dockerd.8.md @@ -35,6 +35,8 @@ dockerd - Enable daemon mode [**-G**|**--group**[=*docker*]] [**-H**|**--host**[=*[]*]] [**--help**] +[**--http-proxy**[*""*]] +[**--https-proxy**[*""*]] [**--icc**[=*true*]] [**--init**[=*false*]] [**--init-path**[=*""*]] @@ -54,6 +56,7 @@ dockerd - Enable daemon mode [**--max-concurrent-downloads**[=*3*]] [**--max-concurrent-uploads**[=*5*]] [**--max-download-attempts**[=*5*]] +[**--no-proxy**[*""*]] [**--node-generic-resources**[=*[]*]] [**-p**|**--pidfile**[=*/var/run/docker.pid*]] [**--raw-logs**] @@ -233,6 +236,12 @@ unix://[/path/to/socket] to use. **--help** Print usage statement +**--http-proxy***""* + Proxy URL for HTTP requests unless overridden by NoProxy. + +**--https-proxy***""* + Proxy URL for HTTPS requests unless overridden by NoProxy. + **--icc**=*true*|*false* Allow unrestricted inter\-container and Docker daemon host communication. If disabled, containers can still be linked together using the **--link** option @@ -325,6 +334,9 @@ unix://[/path/to/socket] to use. **--max-download-attempts**=*5* Set the max download attempts for each pull. Default is `5`. +**--no-proxy**=*""*" + Comma-separated values specifying hosts that should be excluded from proxying. + **--node-generic-resources**=*[]* Advertise user-defined resource. Default is `[]`. Use this if your swarm cluster has some nodes with custom From c648e0b065e70709fff539770a1e5f3349ebcb6b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pawe=C5=82=20Gronowski?= Date: Wed, 19 Apr 2023 14:06:01 +0200 Subject: [PATCH 063/197] Handle empty DOCKER_BUILDKIT like unset MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This fixes the cli erroring out if the variable is set to an empty value. ``` $ export DOCKER_BUILDKIT= $ docker version DOCKER_BUILDKIT environment variable expects boolean value: strconv.ParseBool: parsing "": invalid syntax ``` Signed-off-by: Paweł Gronowski (cherry picked from commit ff7f76af7a092ca9aeb689850d4ad0a85746bc72) Signed-off-by: Paweł Gronowski --- cli/command/cli.go | 4 ++-- cmd/docker/builder.go | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/cli/command/cli.go b/cli/command/cli.go index b4fc151474c7..2a61d5e48c5b 100644 --- a/cli/command/cli.go +++ b/cli/command/cli.go @@ -164,8 +164,8 @@ func (cli *DockerCli) ContentTrustEnabled() bool { // BuildKitEnabled returns buildkit is enabled or not. func (cli *DockerCli) BuildKitEnabled() (bool, error) { - // use DOCKER_BUILDKIT env var value if set - if v, ok := os.LookupEnv("DOCKER_BUILDKIT"); ok { + // use DOCKER_BUILDKIT env var value if set and not empty + if v := os.Getenv("DOCKER_BUILDKIT"); v != "" { enabled, err := strconv.ParseBool(v) if err != nil { return false, errors.Wrap(err, "DOCKER_BUILDKIT environment variable expects boolean value") diff --git a/cmd/docker/builder.go b/cmd/docker/builder.go index 71fe979b382c..7807f80b1a5a 100644 --- a/cmd/docker/builder.go +++ b/cmd/docker/builder.go @@ -44,9 +44,9 @@ func processBuilder(dockerCli command.Cli, cmd *cobra.Command, args, osargs []st var buildKitDisabled, useBuilder, useAlias bool var envs []string - // check DOCKER_BUILDKIT env var is present and - // if not assume we want to use the builder component - if v, ok := os.LookupEnv("DOCKER_BUILDKIT"); ok { + // check DOCKER_BUILDKIT env var is not empty + // if it is assume we want to use the builder component + if v := os.Getenv("DOCKER_BUILDKIT"); v != "" { enabled, err := strconv.ParseBool(v) if err != nil { return args, osargs, nil, errors.Wrap(err, "DOCKER_BUILDKIT environment variable expects boolean value") From ada43812d033fb8f2901ccbe18a197aa71bd645f Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Wed, 8 Feb 2023 02:27:51 +0100 Subject: [PATCH 064/197] cli/command/volume: suppress err output in tests These tests were deliberately producing errors as part of the test, but printing those errors could be confusing / make it more difficult to find actual test-failures. Before this patch: === RUN TestVolumeCreateErrors Error: conflicting options: either specify --name or provide positional arg, not both Error: "create" requires at most 1 argument. See 'create --help'. Usage: create [OPTIONS] [VOLUME] [flags] Create a volume Error: error creating volume --- PASS: TestVolumeCreateErrors (0.00s) PASS With this patch applied: === RUN TestVolumeCreateErrors --- PASS: TestVolumeCreateErrors (0.00s) PASS Signed-off-by: Sebastiaan van Stijn (cherry picked from commit db827d583b42f5975a09135d8ba937f30401faf7) Signed-off-by: Sebastiaan van Stijn --- cli/command/volume/create_test.go | 1 + cli/command/volume/inspect_test.go | 1 + cli/command/volume/list_test.go | 1 + cli/command/volume/prune_test.go | 1 + cli/command/volume/remove_test.go | 1 + 5 files changed, 5 insertions(+) diff --git a/cli/command/volume/create_test.go b/cli/command/volume/create_test.go index f5c711bf8842..a37f9655b1d0 100644 --- a/cli/command/volume/create_test.go +++ b/cli/command/volume/create_test.go @@ -50,6 +50,7 @@ func TestVolumeCreateErrors(t *testing.T) { cmd.Flags().Set(key, value) } cmd.SetOut(io.Discard) + cmd.SetErr(io.Discard) assert.ErrorContains(t, cmd.Execute(), tc.expectedError) } } diff --git a/cli/command/volume/inspect_test.go b/cli/command/volume/inspect_test.go index bf1643752417..62c9c00aa83c 100644 --- a/cli/command/volume/inspect_test.go +++ b/cli/command/volume/inspect_test.go @@ -62,6 +62,7 @@ func TestVolumeInspectErrors(t *testing.T) { cmd.Flags().Set(key, value) } cmd.SetOut(io.Discard) + cmd.SetErr(io.Discard) assert.ErrorContains(t, cmd.Execute(), tc.expectedError) } } diff --git a/cli/command/volume/list_test.go b/cli/command/volume/list_test.go index dbed5a160629..45bbc955e471 100644 --- a/cli/command/volume/list_test.go +++ b/cli/command/volume/list_test.go @@ -43,6 +43,7 @@ func TestVolumeListErrors(t *testing.T) { cmd.Flags().Set(key, value) } cmd.SetOut(io.Discard) + cmd.SetErr(io.Discard) assert.ErrorContains(t, cmd.Execute(), tc.expectedError) } } diff --git a/cli/command/volume/prune_test.go b/cli/command/volume/prune_test.go index 7cfbad66b312..1bcafd57c840 100644 --- a/cli/command/volume/prune_test.go +++ b/cli/command/volume/prune_test.go @@ -49,6 +49,7 @@ func TestVolumePruneErrors(t *testing.T) { cmd.Flags().Set(key, value) } cmd.SetOut(io.Discard) + cmd.SetErr(io.Discard) assert.ErrorContains(t, cmd.Execute(), tc.expectedError) } } diff --git a/cli/command/volume/remove_test.go b/cli/command/volume/remove_test.go index 6f617f9ce027..61ac03578bca 100644 --- a/cli/command/volume/remove_test.go +++ b/cli/command/volume/remove_test.go @@ -33,6 +33,7 @@ func TestVolumeRemoveErrors(t *testing.T) { })) cmd.SetArgs(tc.args) cmd.SetOut(io.Discard) + cmd.SetErr(io.Discard) assert.ErrorContains(t, cmd.Execute(), tc.expectedError) } } From 86e79b55ed25facc7e76107f23d070a9957f6d41 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Thu, 20 Apr 2023 12:54:56 +0200 Subject: [PATCH 065/197] volumes: prune: add --all / -a option Signed-off-by: Sebastiaan van Stijn (cherry picked from commit 0dec5d20a239e22069dc82513404f6e3dd86a9ab) Signed-off-by: Sebastiaan van Stijn --- cli/command/volume/prune.go | 25 +++++- cli/command/volume/prune_test.go | 83 ++++++++++++++++--- .../volume/testdata/volume-prune-no.golden | 2 +- .../volume-prune-success.all-forced.golden | 1 + .../testdata/volume-prune-success.all.golden | 2 + .../volume-prune-success.label-filter.golden | 2 + .../volume/testdata/volume-prune-yes.golden | 2 +- contrib/completion/bash/docker | 2 +- contrib/completion/zsh/_docker | 2 + docs/reference/commandline/volume_prune.md | 18 ++-- 10 files changed, 117 insertions(+), 22 deletions(-) create mode 100644 cli/command/volume/testdata/volume-prune-success.all-forced.golden create mode 100644 cli/command/volume/testdata/volume-prune-success.all.golden create mode 100644 cli/command/volume/testdata/volume-prune-success.label-filter.golden diff --git a/cli/command/volume/prune.go b/cli/command/volume/prune.go index 16fd5508988e..e126f133b15a 100644 --- a/cli/command/volume/prune.go +++ b/cli/command/volume/prune.go @@ -8,11 +8,15 @@ import ( "github.com/docker/cli/cli/command" "github.com/docker/cli/cli/command/completion" "github.com/docker/cli/opts" + "github.com/docker/docker/api/types/versions" + "github.com/docker/docker/errdefs" units "github.com/docker/go-units" + "github.com/pkg/errors" "github.com/spf13/cobra" ) type pruneOptions struct { + all bool force bool filter opts.FilterOpt } @@ -41,18 +45,37 @@ func NewPruneCommand(dockerCli command.Cli) *cobra.Command { } flags := cmd.Flags() + flags.BoolVarP(&options.all, "all", "a", false, "Remove all unused volumes, not just anonymous ones") + flags.SetAnnotation("all", "version", []string{"1.42"}) flags.BoolVarP(&options.force, "force", "f", false, "Do not prompt for confirmation") flags.Var(&options.filter, "filter", `Provide filter values (e.g. "label=