vendor: github.com/docker/docker v24.0.8

- Ensure that non-JSON-parsing errors are returned to the caller
- pkg/idtools: remove sync.Once, and include lookup error
- pkg/ioutils: Make subsequent Close attempts noop

full diff: https://github.com/docker/docker/compare/v24.0.7...v24.0.8

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This commit is contained in:
Sebastiaan van Stijn 2024-01-31 15:47:20 +01:00
parent 979eeaa248
commit 3e7d90796c
No known key found for this signature in database
GPG Key ID: 76698F39D527CE8C
9 changed files with 47 additions and 22 deletions

View File

@ -10,7 +10,7 @@ require (
github.com/containerd/containerd v1.6.21
github.com/creack/pty v1.1.18
github.com/docker/distribution v2.8.2+incompatible
github.com/docker/docker v24.0.7+incompatible
github.com/docker/docker v24.0.8+incompatible
github.com/docker/docker-credential-helpers v0.7.0
github.com/docker/go-connections v0.4.0
github.com/docker/go-units v0.5.0

View File

@ -96,8 +96,8 @@ github.com/denisenkom/go-mssqldb v0.0.0-20191128021309-1d7a30a10f73/go.mod h1:xb
github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
github.com/docker/distribution v2.8.2+incompatible h1:T3de5rq0dB1j30rp0sA2rER+m322EBzniBPB6ZIzuh8=
github.com/docker/distribution v2.8.2+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
github.com/docker/docker v24.0.7+incompatible h1:Wo6l37AuwP3JaMnZa226lzVXGA3F9Ig1seQen0cKYlM=
github.com/docker/docker v24.0.7+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
github.com/docker/docker v24.0.8+incompatible h1:lbGlhLzolo0tpp+paD0JzOYId072MQmQxZLPevQCFPU=
github.com/docker/docker v24.0.8+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
github.com/docker/docker-credential-helpers v0.7.0 h1:xtCHsjxogADNZcdv1pKUHXryefjlVRqWqIhk/uXJp0A=
github.com/docker/docker-credential-helpers v0.7.0/go.mod h1:rETQfLdHNT3foU5kuNkFR1R1V12OJRRO5lzt2D1b5X0=
github.com/docker/go v1.5.1-1.0.20160303222718-d30aec9fd63c h1:lzqkGL9b3znc+ZUgi7FlLnqjQhcXxkNM/quxIjBVMD0=

View File

@ -3011,8 +3011,6 @@ definitions:
Name: "journald"
- Type: "Log"
Name: "json-file"
- Type: "Log"
Name: "logentries"
- Type: "Log"
Name: "splunk"
- Type: "Log"
@ -5334,7 +5332,7 @@ definitions:
type: "array"
items:
type: "string"
example: ["awslogs", "fluentd", "gcplogs", "gelf", "journald", "json-file", "logentries", "splunk", "syslog"]
example: ["awslogs", "fluentd", "gcplogs", "gelf", "journald", "json-file", "splunk", "syslog"]
RegistryServiceConfig:

View File

@ -66,8 +66,12 @@ func (cli *Client) ContainerWait(ctx context.Context, containerID string, condit
//
// If there's a JSON parsing error, read the real error message
// off the body and send it to the client.
if errors.As(err, new(*json.SyntaxError)) {
_, _ = io.ReadAll(io.LimitReader(stream, containerWaitErrorMsgLimit))
errC <- errors.New(responseText.String())
} else {
errC <- err
}
return
}

View File

@ -11,17 +11,11 @@ import (
"os/exec"
"path/filepath"
"strconv"
"sync"
"syscall"
"github.com/opencontainers/runc/libcontainer/user"
)
var (
entOnce sync.Once
getentCmd string
)
func mkdirAs(path string, mode os.FileMode, owner Identity, mkAll, chownExisting bool) error {
path, err := filepath.Abs(path)
if err != nil {
@ -162,10 +156,10 @@ func getentGroup(name string) (user.Group, error) {
}
func callGetent(database, key string) (io.Reader, error) {
entOnce.Do(func() { getentCmd, _ = resolveBinary("getent") })
// if no `getent` command on host, can't do anything else
if getentCmd == "" {
return nil, fmt.Errorf("unable to find getent command")
getentCmd, err := resolveBinary("getent")
// if no `getent` command within the execution environment, can't do anything else
if err != nil {
return nil, fmt.Errorf("unable to find getent command: %w", err)
}
command := exec.Command(getentCmd, database, key)
// we run getent within container filesystem, but without /dev so /dev/null is not available for exec to mock stdin

View File

@ -3,11 +3,15 @@ package ioutils // import "github.com/docker/docker/pkg/ioutils"
import (
"context"
"io"
"runtime/debug"
"sync/atomic"
// make sure crypto.SHA256, crypto.sha512 and crypto.SHA384 are registered
// TODO remove once https://github.com/opencontainers/go-digest/pull/64 is merged.
_ "crypto/sha256"
_ "crypto/sha512"
"github.com/sirupsen/logrus"
)
// ReadCloserWrapper wraps an io.Reader, and implements an io.ReadCloser
@ -16,10 +20,15 @@ import (
type ReadCloserWrapper struct {
io.Reader
closer func() error
closed atomic.Bool
}
// Close calls back the passed closer function
func (r *ReadCloserWrapper) Close() error {
if !r.closed.CompareAndSwap(false, true) {
subsequentCloseWarn("ReadCloserWrapper")
return nil
}
return r.closer()
}
@ -87,6 +96,7 @@ type cancelReadCloser struct {
cancel func()
pR *io.PipeReader // Stream to read from
pW *io.PipeWriter
closed atomic.Bool
}
// NewCancelReadCloser creates a wrapper that closes the ReadCloser when the
@ -146,6 +156,17 @@ func (p *cancelReadCloser) closeWithError(err error) {
// Close closes the wrapper its underlying reader. It will cause
// future calls to Read to return io.EOF.
func (p *cancelReadCloser) Close() error {
if !p.closed.CompareAndSwap(false, true) {
subsequentCloseWarn("cancelReadCloser")
return nil
}
p.closeWithError(io.EOF)
return nil
}
func subsequentCloseWarn(name string) {
logrus.Error("subsequent attempt to close " + name)
if logrus.GetLevel() >= logrus.DebugLevel {
logrus.Errorf("stack trace: %s", string(debug.Stack()))
}
}

View File

@ -1,6 +1,9 @@
package ioutils // import "github.com/docker/docker/pkg/ioutils"
import "io"
import (
"io"
"sync/atomic"
)
// NopWriter represents a type which write operation is nop.
type NopWriter struct{}
@ -29,9 +32,14 @@ func (f *NopFlusher) Flush() {}
type writeCloserWrapper struct {
io.Writer
closer func() error
closed atomic.Bool
}
func (r *writeCloserWrapper) Close() error {
if !r.closed.CompareAndSwap(false, true) {
subsequentCloseWarn("WriteCloserWrapper")
return nil
}
return r.closer()
}

View File

@ -328,8 +328,8 @@ func ValidateMirror(val string) (string, error) {
if uri.Scheme != "http" && uri.Scheme != "https" {
return "", invalidParamf("invalid mirror: unsupported scheme %q in %q", uri.Scheme, uri)
}
if (uri.Path != "" && uri.Path != "/") || uri.RawQuery != "" || uri.Fragment != "" {
return "", invalidParamf("invalid mirror: path, query, or fragment at end of the URI %q", uri)
if uri.RawQuery != "" || uri.Fragment != "" {
return "", invalidParamf("invalid mirror: query or fragment at end of the URI %q", uri)
}
if uri.User != nil {
// strip password from output

2
vendor/modules.txt vendored
View File

@ -40,7 +40,7 @@ github.com/docker/distribution/registry/client/transport
github.com/docker/distribution/registry/storage/cache
github.com/docker/distribution/registry/storage/cache/memory
github.com/docker/distribution/uuid
# github.com/docker/docker v24.0.7+incompatible
# github.com/docker/docker v24.0.8+incompatible
## explicit
github.com/docker/docker/api
github.com/docker/docker/api/types