Merge pull request #3823 from thaJeztah/update_engine2

vendor: docker v20.10.3-0.20221021122114-f9cb47a052b (22.06 branch)
This commit is contained in:
Sebastiaan van Stijn 2022-10-21 16:09:20 +02:00 committed by GitHub
commit 3eb9976a68
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 55 additions and 27 deletions

View File

@ -10,7 +10,7 @@ require (
github.com/containerd/containerd v1.6.8 github.com/containerd/containerd v1.6.8
github.com/creack/pty v1.1.11 github.com/creack/pty v1.1.11
github.com/docker/distribution v2.8.1+incompatible github.com/docker/distribution v2.8.1+incompatible
github.com/docker/docker v20.10.18+incompatible // v22.06.x - see "replace" for the actual version github.com/docker/docker v20.10.20+incompatible // v22.06.x - see "replace" for the actual version
github.com/docker/docker-credential-helpers v0.7.0 github.com/docker/docker-credential-helpers v0.7.0
github.com/docker/go-connections v0.4.0 github.com/docker/go-connections v0.4.0
github.com/docker/go-units v0.5.0 github.com/docker/go-units v0.5.0
@ -78,7 +78,7 @@ require (
) )
replace ( replace (
github.com/docker/docker => github.com/docker/docker v20.10.3-0.20221006185438-87d9d96ab0b6+incompatible // 22.06 branch (v22.06-dev) github.com/docker/docker => github.com/docker/docker v20.10.3-0.20221021122114-f9cb47a052be+incompatible // 22.06 branch (v22.06-dev)
// Resolve dependency hell with github.com/cloudflare/cfssl (transitive via // Resolve dependency hell with github.com/cloudflare/cfssl (transitive via
// swarmkit) by pinning the certificate-transparency-go version. Remove once // swarmkit) by pinning the certificate-transparency-go version. Remove once

View File

@ -104,8 +104,8 @@ github.com/denisenkom/go-mssqldb v0.0.0-20191128021309-1d7a30a10f73/go.mod h1:xb
github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
github.com/docker/distribution v2.8.1+incompatible h1:Q50tZOPR6T/hjNsyc9g8/syEs6bk8XXApsHjKukMl68= github.com/docker/distribution v2.8.1+incompatible h1:Q50tZOPR6T/hjNsyc9g8/syEs6bk8XXApsHjKukMl68=
github.com/docker/distribution v2.8.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= github.com/docker/distribution v2.8.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
github.com/docker/docker v20.10.3-0.20221006185438-87d9d96ab0b6+incompatible h1:hb5QOrwlLlG1xpo1Oyi1Q74I7PURxyb+tFSW5KdvTYE= github.com/docker/docker v20.10.3-0.20221021122114-f9cb47a052be+incompatible h1:zB3HN4R9GYxPbd6UD9/+f3DvJCiqKBGKPxBSyjVx7Qo=
github.com/docker/docker v20.10.3-0.20221006185438-87d9d96ab0b6+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker v20.10.3-0.20221021122114-f9cb47a052be+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
github.com/docker/docker-credential-helpers v0.7.0 h1:xtCHsjxogADNZcdv1pKUHXryefjlVRqWqIhk/uXJp0A= github.com/docker/docker-credential-helpers v0.7.0 h1:xtCHsjxogADNZcdv1pKUHXryefjlVRqWqIhk/uXJp0A=
github.com/docker/docker-credential-helpers v0.7.0/go.mod h1:rETQfLdHNT3foU5kuNkFR1R1V12OJRRO5lzt2D1b5X0= github.com/docker/docker-credential-helpers v0.7.0/go.mod h1:rETQfLdHNT3foU5kuNkFR1R1V12OJRRO5lzt2D1b5X0=
github.com/docker/go v1.5.1-1.0.20160303222718-d30aec9fd63c h1:lzqkGL9b3znc+ZUgi7FlLnqjQhcXxkNM/quxIjBVMD0= github.com/docker/go v1.5.1-1.0.20160303222718-d30aec9fd63c h1:lzqkGL9b3znc+ZUgi7FlLnqjQhcXxkNM/quxIjBVMD0=

View File

@ -16,21 +16,38 @@ type gitRepo struct {
remote string remote string
ref string ref string
subdir string subdir string
isolateConfig bool
}
// CloneOption changes the behaviour of Clone().
type CloneOption func(*gitRepo)
// WithIsolatedConfig disables reading the user or system gitconfig files when
// performing Git operations.
func WithIsolatedConfig(v bool) CloneOption {
return func(gr *gitRepo) {
gr.isolateConfig = v
}
} }
// Clone clones a repository into a newly created directory which // Clone clones a repository into a newly created directory which
// will be under "docker-build-git" // will be under "docker-build-git"
func Clone(remoteURL string) (string, error) { func Clone(remoteURL string, opts ...CloneOption) (string, error) {
repo, err := parseRemoteURL(remoteURL) repo, err := parseRemoteURL(remoteURL)
if err != nil { if err != nil {
return "", err return "", err
} }
return cloneGitRepo(repo) for _, opt := range opts {
opt(&repo)
}
return repo.clone()
} }
func cloneGitRepo(repo gitRepo) (checkoutDir string, err error) { func (repo gitRepo) clone() (checkoutDir string, err error) {
fetch := fetchArgs(repo.remote, repo.ref) fetch := fetchArgs(repo.remote, repo.ref)
root, err := os.MkdirTemp("", "docker-build-git") root, err := os.MkdirTemp("", "docker-build-git")
@ -44,21 +61,21 @@ func cloneGitRepo(repo gitRepo) (checkoutDir string, err error) {
} }
}() }()
if out, err := gitWithinDir(root, "init"); err != nil { if out, err := repo.gitWithinDir(root, "init"); err != nil {
return "", errors.Wrapf(err, "failed to init repo at %s: %s", root, out) return "", errors.Wrapf(err, "failed to init repo at %s: %s", root, out)
} }
// Add origin remote for compatibility with previous implementation that // Add origin remote for compatibility with previous implementation that
// used "git clone" and also to make sure local refs are created for branches // used "git clone" and also to make sure local refs are created for branches
if out, err := gitWithinDir(root, "remote", "add", "origin", repo.remote); err != nil { if out, err := repo.gitWithinDir(root, "remote", "add", "origin", repo.remote); err != nil {
return "", errors.Wrapf(err, "failed add origin repo at %s: %s", repo.remote, out) return "", errors.Wrapf(err, "failed add origin repo at %s: %s", repo.remote, out)
} }
if output, err := gitWithinDir(root, fetch...); err != nil { if output, err := repo.gitWithinDir(root, fetch...); err != nil {
return "", errors.Wrapf(err, "error fetching: %s", output) return "", errors.Wrapf(err, "error fetching: %s", output)
} }
checkoutDir, err = checkoutGit(root, repo.ref, repo.subdir) checkoutDir, err = repo.checkout(root)
if err != nil { if err != nil {
return "", err return "", err
} }
@ -162,20 +179,20 @@ func supportsShallowClone(remoteURL string) bool {
return true return true
} }
func checkoutGit(root, ref, subdir string) (string, error) { func (repo gitRepo) checkout(root string) (string, error) {
// Try checking out by ref name first. This will work on branches and sets // Try checking out by ref name first. This will work on branches and sets
// .git/HEAD to the current branch name // .git/HEAD to the current branch name
if output, err := gitWithinDir(root, "checkout", ref); err != nil { if output, err := repo.gitWithinDir(root, "checkout", repo.ref); err != nil {
// If checking out by branch name fails check out the last fetched ref // If checking out by branch name fails check out the last fetched ref
if _, err2 := gitWithinDir(root, "checkout", "FETCH_HEAD"); err2 != nil { if _, err2 := repo.gitWithinDir(root, "checkout", "FETCH_HEAD"); err2 != nil {
return "", errors.Wrapf(err, "error checking out %s: %s", ref, output) return "", errors.Wrapf(err, "error checking out %s: %s", repo.ref, output)
} }
} }
if subdir != "" { if repo.subdir != "" {
newCtx, err := symlink.FollowSymlinkInScope(filepath.Join(root, subdir), root) newCtx, err := symlink.FollowSymlinkInScope(filepath.Join(root, repo.subdir), root)
if err != nil { if err != nil {
return "", errors.Wrapf(err, "error setting git context, %q not within git root", subdir) return "", errors.Wrapf(err, "error setting git context, %q not within git root", repo.subdir)
} }
fi, err := os.Stat(newCtx) fi, err := os.Stat(newCtx)
@ -191,13 +208,21 @@ func checkoutGit(root, ref, subdir string) (string, error) {
return root, nil return root, nil
} }
func gitWithinDir(dir string, args ...string) ([]byte, error) { func (repo gitRepo) gitWithinDir(dir string, args ...string) ([]byte, error) {
a := []string{"--work-tree", dir, "--git-dir", filepath.Join(dir, ".git")} args = append([]string{"-c", "protocol.file.allow=never"}, args...) // Block sneaky repositories from using repos from the filesystem as submodules.
return git(append(a, args...)...) cmd := exec.Command("git", args...)
} cmd.Dir = dir
// Disable unsafe remote protocols.
cmd.Env = append(cmd.Environ(), "GIT_PROTOCOL_FROM_USER=0")
func git(args ...string) ([]byte, error) { if repo.isolateConfig {
return exec.Command("git", args...).CombinedOutput() cmd.Env = append(cmd.Env,
"GIT_CONFIG_NOSYSTEM=1", // Disable reading from system gitconfig.
"HOME=/dev/null", // Disable reading from user gitconfig.
)
}
return cmd.CombinedOutput()
} }
// isGitTransport returns true if the provided str is a git transport by inspecting // isGitTransport returns true if the provided str is a git transport by inspecting

View File

@ -8,6 +8,8 @@ import (
) )
func (s *defaultService) lookupV2Endpoints(hostname string) (endpoints []APIEndpoint, err error) { func (s *defaultService) lookupV2Endpoints(hostname string) (endpoints []APIEndpoint, err error) {
ana := s.config.allowNondistributableArtifacts(hostname)
if hostname == DefaultNamespace || hostname == IndexHostname { if hostname == DefaultNamespace || hostname == IndexHostname {
for _, mirror := range s.config.Mirrors { for _, mirror := range s.config.Mirrors {
if !strings.HasPrefix(mirror, "http://") && !strings.HasPrefix(mirror, "https://") { if !strings.HasPrefix(mirror, "http://") && !strings.HasPrefix(mirror, "https://") {
@ -35,6 +37,8 @@ func (s *defaultService) lookupV2Endpoints(hostname string) (endpoints []APIEndp
Official: true, Official: true,
TrimHostname: true, TrimHostname: true,
TLSConfig: tlsconfig.ServerDefault(), TLSConfig: tlsconfig.ServerDefault(),
AllowNondistributableArtifacts: ana,
}) })
return endpoints, nil return endpoints, nil
@ -45,7 +49,6 @@ func (s *defaultService) lookupV2Endpoints(hostname string) (endpoints []APIEndp
return nil, err return nil, err
} }
ana := s.config.allowNondistributableArtifacts(hostname)
endpoints = []APIEndpoint{ endpoints = []APIEndpoint{
{ {
URL: &url.URL{ URL: &url.URL{

4
vendor/modules.txt vendored
View File

@ -39,7 +39,7 @@ github.com/docker/distribution/registry/client/transport
github.com/docker/distribution/registry/storage/cache github.com/docker/distribution/registry/storage/cache
github.com/docker/distribution/registry/storage/cache/memory github.com/docker/distribution/registry/storage/cache/memory
github.com/docker/distribution/uuid github.com/docker/distribution/uuid
# github.com/docker/docker v20.10.18+incompatible => github.com/docker/docker v20.10.3-0.20221006185438-87d9d96ab0b6+incompatible # github.com/docker/docker v20.10.20+incompatible => github.com/docker/docker v20.10.3-0.20221021122114-f9cb47a052be+incompatible
## explicit ## explicit
github.com/docker/docker/api github.com/docker/docker/api
github.com/docker/docker/api/types github.com/docker/docker/api/types
@ -396,5 +396,5 @@ gotest.tools/v3/internal/format
gotest.tools/v3/internal/source gotest.tools/v3/internal/source
gotest.tools/v3/poll gotest.tools/v3/poll
gotest.tools/v3/skip gotest.tools/v3/skip
# github.com/docker/docker => github.com/docker/docker v20.10.3-0.20221006185438-87d9d96ab0b6+incompatible # github.com/docker/docker => github.com/docker/docker v20.10.3-0.20221021122114-f9cb47a052be+incompatible
# github.com/google/certificate-transparency-go => github.com/google/certificate-transparency-go v1.0.20 # github.com/google/certificate-transparency-go => github.com/google/certificate-transparency-go v1.0.20