mirror of https://github.com/docker/cli.git
vendor: github.com/docker/docker 25917217cab38eab40c3db0010b915258f4a8491
b0f5bc36fe..25917217ca
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This commit is contained in:
parent
29fed6bff1
commit
a04c8210a6
|
@ -90,13 +90,10 @@ func getHTTPTransport(authConfig authtypes.AuthConfig, endpoint registry.APIEndp
|
||||||
|
|
||||||
modifiers := registry.Headers(userAgent, http.Header{})
|
modifiers := registry.Headers(userAgent, http.Header{})
|
||||||
authTransport := transport.NewTransport(base, modifiers...)
|
authTransport := transport.NewTransport(base, modifiers...)
|
||||||
challengeManager, confirmedV2, err := registry.PingV2Registry(endpoint.URL, authTransport)
|
challengeManager, err := registry.PingV2Registry(endpoint.URL, authTransport)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, errors.Wrap(err, "error pinging v2 registry")
|
return nil, errors.Wrap(err, "error pinging v2 registry")
|
||||||
}
|
}
|
||||||
if !confirmedV2 {
|
|
||||||
return nil, fmt.Errorf("unsupported registry version")
|
|
||||||
}
|
|
||||||
if authConfig.RegistryToken != "" {
|
if authConfig.RegistryToken != "" {
|
||||||
passThruTokenHandler := &existingTokenHandler{token: authConfig.RegistryToken}
|
passThruTokenHandler := &existingTokenHandler{token: authConfig.RegistryToken}
|
||||||
modifiers = append(modifiers, auth.NewAuthorizer(challengeManager, passThruTokenHandler))
|
modifiers = append(modifiers, auth.NewAuthorizer(challengeManager, passThruTokenHandler))
|
||||||
|
|
|
@ -13,7 +13,7 @@ github.com/creack/pty 2a38352e8b4d7ab6c336eef107e4
|
||||||
github.com/davecgh/go-spew 8991bc29aa16c548c550c7ff78260e27b9ab7c73 # v1.1.1
|
github.com/davecgh/go-spew 8991bc29aa16c548c550c7ff78260e27b9ab7c73 # v1.1.1
|
||||||
github.com/docker/compose-on-kubernetes 78e6a00beda64ac8ccb9fec787e601fe2ce0d5bb # v0.5.0-alpha1
|
github.com/docker/compose-on-kubernetes 78e6a00beda64ac8ccb9fec787e601fe2ce0d5bb # v0.5.0-alpha1
|
||||||
github.com/docker/distribution 0d3efadf0154c2b8a4e7b6621fff9809655cc580
|
github.com/docker/distribution 0d3efadf0154c2b8a4e7b6621fff9809655cc580
|
||||||
github.com/docker/docker b0f5bc36fea9dfb9672e1e9b1278ebab797b9ee0 # v20.10.7
|
github.com/docker/docker 25917217cab38eab40c3db0010b915258f4a8491 # master (v21.xx-dev)
|
||||||
github.com/docker/docker-credential-helpers fc9290adbcf1594e78910e2f0334090eaee0e1ee # v0.6.4
|
github.com/docker/docker-credential-helpers fc9290adbcf1594e78910e2f0334090eaee0e1ee # v0.6.4
|
||||||
github.com/docker/go d30aec9fd63c35133f8f79c3412ad91a3b08be06 # Contains a customized version of canonical/json and is used by Notary. The package is periodically rebased on current Go versions.
|
github.com/docker/go d30aec9fd63c35133f8f79c3412ad91a3b08be06 # Contains a customized version of canonical/json and is used by Notary. The package is periodically rebased on current Go versions.
|
||||||
github.com/docker/go-connections 7395e3f8aa162843a74ed6d48e79627d9792ac55 # v0.4.0
|
github.com/docker/go-connections 7395e3f8aa162843a74ed6d48e79627d9792ac55 # v0.4.0
|
||||||
|
|
|
@ -59,7 +59,6 @@ type ContainerExecInspect struct {
|
||||||
|
|
||||||
// ContainerListOptions holds parameters to list containers with.
|
// ContainerListOptions holds parameters to list containers with.
|
||||||
type ContainerListOptions struct {
|
type ContainerListOptions struct {
|
||||||
Quiet bool
|
|
||||||
Size bool
|
Size bool
|
||||||
All bool
|
All bool
|
||||||
Latest bool
|
Latest bool
|
||||||
|
|
|
@ -5,7 +5,7 @@ import (
|
||||||
"net/url"
|
"net/url"
|
||||||
)
|
)
|
||||||
|
|
||||||
// BuildCancel requests the daemon to cancel ongoing build request
|
// BuildCancel requests the daemon to cancel the ongoing build request.
|
||||||
func (cli *Client) BuildCancel(ctx context.Context, id string) error {
|
func (cli *Client) BuildCancel(ctx context.Context, id string) error {
|
||||||
query := url.Values{}
|
query := url.Values{}
|
||||||
query.Set("id", id)
|
query.Set("id", id)
|
||||||
|
|
|
@ -8,7 +8,7 @@ import (
|
||||||
"github.com/docker/docker/api/types/swarm"
|
"github.com/docker/docker/api/types/swarm"
|
||||||
)
|
)
|
||||||
|
|
||||||
// ConfigCreate creates a new Config.
|
// ConfigCreate creates a new config.
|
||||||
func (cli *Client) ConfigCreate(ctx context.Context, config swarm.ConfigSpec) (types.ConfigCreateResponse, error) {
|
func (cli *Client) ConfigCreate(ctx context.Context, config swarm.ConfigSpec) (types.ConfigCreateResponse, error) {
|
||||||
var response types.ConfigCreateResponse
|
var response types.ConfigCreateResponse
|
||||||
if err := cli.NewVersionError("1.30", "config create"); err != nil {
|
if err := cli.NewVersionError("1.30", "config create"); err != nil {
|
||||||
|
|
|
@ -2,7 +2,7 @@ package client // import "github.com/docker/docker/client"
|
||||||
|
|
||||||
import "context"
|
import "context"
|
||||||
|
|
||||||
// ConfigRemove removes a Config.
|
// ConfigRemove removes a config.
|
||||||
func (cli *Client) ConfigRemove(ctx context.Context, id string) error {
|
func (cli *Client) ConfigRemove(ctx context.Context, id string) error {
|
||||||
if err := cli.NewVersionError("1.30", "config remove"); err != nil {
|
if err := cli.NewVersionError("1.30", "config remove"); err != nil {
|
||||||
return err
|
return err
|
||||||
|
|
|
@ -8,7 +8,7 @@ import (
|
||||||
"github.com/docker/docker/api/types/swarm"
|
"github.com/docker/docker/api/types/swarm"
|
||||||
)
|
)
|
||||||
|
|
||||||
// ConfigUpdate attempts to update a Config
|
// ConfigUpdate attempts to update a config
|
||||||
func (cli *Client) ConfigUpdate(ctx context.Context, id string, version swarm.Version, config swarm.ConfigSpec) error {
|
func (cli *Client) ConfigUpdate(ctx context.Context, id string, version swarm.Version, config swarm.ConfigSpec) error {
|
||||||
if err := cli.NewVersionError("1.30", "config update"); err != nil {
|
if err := cli.NewVersionError("1.30", "config update"); err != nil {
|
||||||
return err
|
return err
|
||||||
|
|
|
@ -10,7 +10,7 @@ import (
|
||||||
"github.com/docker/docker/api/types"
|
"github.com/docker/docker/api/types"
|
||||||
)
|
)
|
||||||
|
|
||||||
// ContainerCommit applies changes into a container and creates a new tagged image.
|
// ContainerCommit applies changes to a container and creates a new tagged image.
|
||||||
func (cli *Client) ContainerCommit(ctx context.Context, container string, options types.ContainerCommitOptions) (types.IDResponse, error) {
|
func (cli *Client) ContainerCommit(ctx context.Context, container string, options types.ContainerCommitOptions) (types.IDResponse, error) {
|
||||||
var repository, tag string
|
var repository, tag string
|
||||||
if options.Reference != "" {
|
if options.Reference != "" {
|
||||||
|
|
|
@ -14,7 +14,7 @@ import (
|
||||||
"github.com/docker/docker/api/types"
|
"github.com/docker/docker/api/types"
|
||||||
)
|
)
|
||||||
|
|
||||||
// ContainerStatPath returns Stat information about a path inside the container filesystem.
|
// ContainerStatPath returns stat information about a path inside the container filesystem.
|
||||||
func (cli *Client) ContainerStatPath(ctx context.Context, containerID, path string) (types.ContainerPathStat, error) {
|
func (cli *Client) ContainerStatPath(ctx context.Context, containerID, path string) (types.ContainerPathStat, error) {
|
||||||
query := url.Values{}
|
query := url.Values{}
|
||||||
query.Set("path", filepath.ToSlash(path)) // Normalize the paths used in the API.
|
query.Set("path", filepath.ToSlash(path)) // Normalize the paths used in the API.
|
||||||
|
|
|
@ -19,7 +19,7 @@ type configWrapper struct {
|
||||||
Platform *specs.Platform
|
Platform *specs.Platform
|
||||||
}
|
}
|
||||||
|
|
||||||
// ContainerCreate creates a new container based in the given configuration.
|
// ContainerCreate creates a new container based on the given configuration.
|
||||||
// It can be associated with a name, but it's not mandatory.
|
// It can be associated with a name, but it's not mandatory.
|
||||||
func (cli *Client) ContainerCreate(ctx context.Context, config *container.Config, hostConfig *container.HostConfig, networkingConfig *network.NetworkingConfig, platform *specs.Platform, containerName string) (container.ContainerCreateCreatedBody, error) {
|
func (cli *Client) ContainerCreate(ctx context.Context, config *container.Config, hostConfig *container.HostConfig, networkingConfig *network.NetworkingConfig, platform *specs.Platform, containerName string) (container.ContainerCreateCreatedBody, error) {
|
||||||
var response container.ContainerCreateCreatedBody
|
var response container.ContainerCreateCreatedBody
|
||||||
|
|
|
@ -9,7 +9,7 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
// ContainerRestart stops and starts a container again.
|
// ContainerRestart stops and starts a container again.
|
||||||
// It makes the daemon to wait for the container to be up again for
|
// It makes the daemon wait for the container to be up again for
|
||||||
// a specific amount of time, given the timeout.
|
// a specific amount of time, given the timeout.
|
||||||
func (cli *Client) ContainerRestart(ctx context.Context, containerID string, timeout *time.Duration) error {
|
func (cli *Client) ContainerRestart(ctx context.Context, containerID string, timeout *time.Duration) error {
|
||||||
query := url.Values{}
|
query := url.Values{}
|
||||||
|
|
|
@ -7,7 +7,7 @@ import (
|
||||||
"github.com/docker/docker/api/types/container"
|
"github.com/docker/docker/api/types/container"
|
||||||
)
|
)
|
||||||
|
|
||||||
// ContainerUpdate updates resources of a container
|
// ContainerUpdate updates the resources of a container.
|
||||||
func (cli *Client) ContainerUpdate(ctx context.Context, containerID string, updateConfig container.UpdateConfig) (container.ContainerUpdateOKBody, error) {
|
func (cli *Client) ContainerUpdate(ctx context.Context, containerID string, updateConfig container.UpdateConfig) (container.ContainerUpdateOKBody, error) {
|
||||||
var response container.ContainerUpdateOKBody
|
var response container.ContainerUpdateOKBody
|
||||||
serverResp, err := cli.post(ctx, "/containers/"+containerID+"/update", nil, updateConfig, nil)
|
serverResp, err := cli.post(ctx, "/containers/"+containerID+"/update", nil, updateConfig, nil)
|
||||||
|
|
|
@ -8,7 +8,7 @@ import (
|
||||||
registrytypes "github.com/docker/docker/api/types/registry"
|
registrytypes "github.com/docker/docker/api/types/registry"
|
||||||
)
|
)
|
||||||
|
|
||||||
// DistributionInspect returns the image digest with full Manifest
|
// DistributionInspect returns the image digest with the full manifest.
|
||||||
func (cli *Client) DistributionInspect(ctx context.Context, image, encodedRegistryAuth string) (registrytypes.DistributionInspect, error) {
|
func (cli *Client) DistributionInspect(ctx context.Context, image, encodedRegistryAuth string) (registrytypes.DistributionInspect, error) {
|
||||||
// Contact the registry to retrieve digest and platform information
|
// Contact the registry to retrieve digest and platform information
|
||||||
var distributionInspect registrytypes.DistributionInspect
|
var distributionInspect registrytypes.DistributionInspect
|
||||||
|
|
|
@ -14,8 +14,8 @@ import (
|
||||||
"github.com/docker/docker/api/types/container"
|
"github.com/docker/docker/api/types/container"
|
||||||
)
|
)
|
||||||
|
|
||||||
// ImageBuild sends request to the daemon to build images.
|
// ImageBuild sends a request to the daemon to build images.
|
||||||
// The Body in the response implement an io.ReadCloser and it's up to the caller to
|
// The Body in the response implements an io.ReadCloser and it's up to the caller to
|
||||||
// close it.
|
// close it.
|
||||||
func (cli *Client) ImageBuild(ctx context.Context, buildContext io.Reader, options types.ImageBuildOptions) (types.ImageBuildResponse, error) {
|
func (cli *Client) ImageBuild(ctx context.Context, buildContext io.Reader, options types.ImageBuildOptions) (types.ImageBuildResponse, error) {
|
||||||
query, err := cli.imageBuildOptionsToQuery(options)
|
query, err := cli.imageBuildOptionsToQuery(options)
|
||||||
|
|
|
@ -10,7 +10,7 @@ import (
|
||||||
"github.com/docker/docker/api/types"
|
"github.com/docker/docker/api/types"
|
||||||
)
|
)
|
||||||
|
|
||||||
// ImageCreate creates a new image based in the parent options.
|
// ImageCreate creates a new image based on the parent options.
|
||||||
// It returns the JSON content in the response body.
|
// It returns the JSON content in the response body.
|
||||||
func (cli *Client) ImageCreate(ctx context.Context, parentReference string, options types.ImageCreateOptions) (io.ReadCloser, error) {
|
func (cli *Client) ImageCreate(ctx context.Context, parentReference string, options types.ImageCreateOptions) (io.ReadCloser, error) {
|
||||||
ref, err := reference.ParseNormalizedNamed(parentReference)
|
ref, err := reference.ParseNormalizedNamed(parentReference)
|
||||||
|
|
|
@ -10,7 +10,7 @@ import (
|
||||||
"github.com/docker/docker/api/types"
|
"github.com/docker/docker/api/types"
|
||||||
)
|
)
|
||||||
|
|
||||||
// ImageImport creates a new image based in the source options.
|
// ImageImport creates a new image based on the source options.
|
||||||
// It returns the JSON content in the response body.
|
// It returns the JSON content in the response body.
|
||||||
func (cli *Client) ImageImport(ctx context.Context, source types.ImageImportSource, ref string, options types.ImageImportOptions) (io.ReadCloser, error) {
|
func (cli *Client) ImageImport(ctx context.Context, source types.ImageImportSource, ref string, options types.ImageImportOptions) (io.ReadCloser, error) {
|
||||||
if ref != "" {
|
if ref != "" {
|
||||||
|
|
|
@ -12,7 +12,7 @@ import (
|
||||||
"github.com/docker/docker/errdefs"
|
"github.com/docker/docker/errdefs"
|
||||||
)
|
)
|
||||||
|
|
||||||
// ImageSearch makes the docker host to search by a term in a remote registry.
|
// ImageSearch makes the docker host search by a term in a remote registry.
|
||||||
// The list of results is not sorted in any fashion.
|
// The list of results is not sorted in any fashion.
|
||||||
func (cli *Client) ImageSearch(ctx context.Context, term string, options types.ImageSearchOptions) ([]registry.SearchResult, error) {
|
func (cli *Client) ImageSearch(ctx context.Context, term string, options types.ImageSearchOptions) ([]registry.SearchResult, error) {
|
||||||
var results []registry.SearchResult
|
var results []registry.SearchResult
|
||||||
|
|
|
@ -110,11 +110,16 @@ func (cli *Client) sendRequest(ctx context.Context, method, path string, query u
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return serverResponse{}, err
|
return serverResponse{}, err
|
||||||
}
|
}
|
||||||
|
|
||||||
resp, err := cli.doRequest(ctx, req)
|
resp, err := cli.doRequest(ctx, req)
|
||||||
if err != nil {
|
switch {
|
||||||
return resp, errdefs.FromStatusCode(err, resp.statusCode)
|
case errors.Is(err, context.Canceled):
|
||||||
}
|
return serverResponse{}, errdefs.Cancelled(err)
|
||||||
|
case errors.Is(err, context.DeadlineExceeded):
|
||||||
|
return serverResponse{}, errdefs.Deadline(err)
|
||||||
|
case err == nil:
|
||||||
err = cli.checkResponseErr(resp)
|
err = cli.checkResponseErr(resp)
|
||||||
|
}
|
||||||
return resp, errdefs.FromStatusCode(err, resp.statusCode)
|
return resp, errdefs.FromStatusCode(err, resp.statusCode)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -242,11 +247,9 @@ func (cli *Client) addHeaders(req *http.Request, headers headers) *http.Request
|
||||||
req.Header.Set(k, v)
|
req.Header.Set(k, v)
|
||||||
}
|
}
|
||||||
|
|
||||||
if headers != nil {
|
|
||||||
for k, v := range headers {
|
for k, v := range headers {
|
||||||
req.Header[k] = v
|
req.Header[k] = v
|
||||||
}
|
}
|
||||||
}
|
|
||||||
return req
|
return req
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -8,7 +8,7 @@ import (
|
||||||
"github.com/docker/docker/api/types/swarm"
|
"github.com/docker/docker/api/types/swarm"
|
||||||
)
|
)
|
||||||
|
|
||||||
// SecretCreate creates a new Secret.
|
// SecretCreate creates a new secret.
|
||||||
func (cli *Client) SecretCreate(ctx context.Context, secret swarm.SecretSpec) (types.SecretCreateResponse, error) {
|
func (cli *Client) SecretCreate(ctx context.Context, secret swarm.SecretSpec) (types.SecretCreateResponse, error) {
|
||||||
var response types.SecretCreateResponse
|
var response types.SecretCreateResponse
|
||||||
if err := cli.NewVersionError("1.25", "secret create"); err != nil {
|
if err := cli.NewVersionError("1.25", "secret create"); err != nil {
|
||||||
|
|
|
@ -2,7 +2,7 @@ package client // import "github.com/docker/docker/client"
|
||||||
|
|
||||||
import "context"
|
import "context"
|
||||||
|
|
||||||
// SecretRemove removes a Secret.
|
// SecretRemove removes a secret.
|
||||||
func (cli *Client) SecretRemove(ctx context.Context, id string) error {
|
func (cli *Client) SecretRemove(ctx context.Context, id string) error {
|
||||||
if err := cli.NewVersionError("1.25", "secret remove"); err != nil {
|
if err := cli.NewVersionError("1.25", "secret remove"); err != nil {
|
||||||
return err
|
return err
|
||||||
|
|
|
@ -8,7 +8,7 @@ import (
|
||||||
"github.com/docker/docker/api/types/swarm"
|
"github.com/docker/docker/api/types/swarm"
|
||||||
)
|
)
|
||||||
|
|
||||||
// SecretUpdate attempts to update a Secret
|
// SecretUpdate attempts to update a secret.
|
||||||
func (cli *Client) SecretUpdate(ctx context.Context, id string, version swarm.Version, secret swarm.SecretSpec) error {
|
func (cli *Client) SecretUpdate(ctx context.Context, id string, version swarm.Version, secret swarm.SecretSpec) error {
|
||||||
if err := cli.NewVersionError("1.25", "secret update"); err != nil {
|
if err := cli.NewVersionError("1.25", "secret update"); err != nil {
|
||||||
return err
|
return err
|
||||||
|
|
|
@ -13,7 +13,7 @@ import (
|
||||||
"github.com/pkg/errors"
|
"github.com/pkg/errors"
|
||||||
)
|
)
|
||||||
|
|
||||||
// ServiceCreate creates a new Service.
|
// ServiceCreate creates a new service.
|
||||||
func (cli *Client) ServiceCreate(ctx context.Context, service swarm.ServiceSpec, options types.ServiceCreateOptions) (types.ServiceCreateResponse, error) {
|
func (cli *Client) ServiceCreate(ctx context.Context, service swarm.ServiceSpec, options types.ServiceCreateOptions) (types.ServiceCreateResponse, error) {
|
||||||
var response types.ServiceCreateResponse
|
var response types.ServiceCreateResponse
|
||||||
headers := map[string][]string{
|
headers := map[string][]string{
|
||||||
|
|
|
@ -9,7 +9,7 @@ import (
|
||||||
"github.com/docker/docker/api/types/swarm"
|
"github.com/docker/docker/api/types/swarm"
|
||||||
)
|
)
|
||||||
|
|
||||||
// TaskInspectWithRaw returns the task information and its raw representation..
|
// TaskInspectWithRaw returns the task information and its raw representation.
|
||||||
func (cli *Client) TaskInspectWithRaw(ctx context.Context, taskID string) (swarm.Task, []byte, error) {
|
func (cli *Client) TaskInspectWithRaw(ctx context.Context, taskID string) (swarm.Task, []byte, error) {
|
||||||
if taskID == "" {
|
if taskID == "" {
|
||||||
return swarm.Task{}, nil, objectNotFoundError{object: "task", id: taskID}
|
return swarm.Task{}, nil, objectNotFoundError{object: "task", id: taskID}
|
||||||
|
|
|
@ -10,7 +10,7 @@ import (
|
||||||
"strings"
|
"strings"
|
||||||
"syscall"
|
"syscall"
|
||||||
|
|
||||||
"github.com/containerd/containerd/sys"
|
"github.com/containerd/containerd/pkg/userns"
|
||||||
"github.com/docker/docker/pkg/idtools"
|
"github.com/docker/docker/pkg/idtools"
|
||||||
"github.com/docker/docker/pkg/system"
|
"github.com/docker/docker/pkg/system"
|
||||||
"golang.org/x/sys/unix"
|
"golang.org/x/sys/unix"
|
||||||
|
@ -51,8 +51,8 @@ func setHeaderForSpecialDevice(hdr *tar.Header, name string, stat interface{}) (
|
||||||
// Currently go does not fill in the major/minors
|
// Currently go does not fill in the major/minors
|
||||||
if s.Mode&unix.S_IFBLK != 0 ||
|
if s.Mode&unix.S_IFBLK != 0 ||
|
||||||
s.Mode&unix.S_IFCHR != 0 {
|
s.Mode&unix.S_IFCHR != 0 {
|
||||||
hdr.Devmajor = int64(unix.Major(uint64(s.Rdev))) // nolint: unconvert
|
hdr.Devmajor = int64(unix.Major(uint64(s.Rdev))) //nolint: unconvert
|
||||||
hdr.Devminor = int64(unix.Minor(uint64(s.Rdev))) // nolint: unconvert
|
hdr.Devminor = int64(unix.Minor(uint64(s.Rdev))) //nolint: unconvert
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -92,7 +92,7 @@ func handleTarTypeBlockCharFifo(hdr *tar.Header, path string) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
err := system.Mknod(path, mode, int(system.Mkdev(hdr.Devmajor, hdr.Devminor)))
|
err := system.Mknod(path, mode, int(system.Mkdev(hdr.Devmajor, hdr.Devminor)))
|
||||||
if errors.Is(err, syscall.EPERM) && sys.RunningInUserNS() {
|
if errors.Is(err, syscall.EPERM) && userns.RunningInUserNS() {
|
||||||
// In most cases, cannot create a device if running in user namespace
|
// In most cases, cannot create a device if running in user namespace
|
||||||
err = nil
|
err = nil
|
||||||
}
|
}
|
||||||
|
|
|
@ -354,6 +354,16 @@ func RebaseArchiveEntries(srcContent io.Reader, oldBase, newBase string) io.Read
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Ignoring GoSec G110. See https://github.com/securego/gosec/pull/433
|
||||||
|
// and https://cure53.de/pentest-report_opa.pdf, which recommends to
|
||||||
|
// replace io.Copy with io.CopyN7. The latter allows to specify the
|
||||||
|
// maximum number of bytes that should be read. By properly defining
|
||||||
|
// the limit, it can be assured that a GZip compression bomb cannot
|
||||||
|
// easily cause a Denial-of-Service.
|
||||||
|
// After reviewing with @tonistiigi and @cpuguy83, this should not
|
||||||
|
// affect us, because here we do not read into memory, hence should
|
||||||
|
// not be vulnerable to this code consuming memory.
|
||||||
|
//nolint:gosec // G110: Potential DoS vulnerability via decompression bomb (gosec)
|
||||||
if _, err = io.Copy(rebasedTar, srcTar); err != nil {
|
if _, err = io.Copy(rebasedTar, srcTar); err != nil {
|
||||||
w.CloseWithError(err)
|
w.CloseWithError(err)
|
||||||
return
|
return
|
||||||
|
|
|
@ -9,8 +9,6 @@ import (
|
||||||
"regexp"
|
"regexp"
|
||||||
"strings"
|
"strings"
|
||||||
"text/scanner"
|
"text/scanner"
|
||||||
|
|
||||||
"github.com/sirupsen/logrus"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
// PatternMatcher allows checking paths against a list of patterns
|
// PatternMatcher allows checking paths against a list of patterns
|
||||||
|
@ -89,10 +87,6 @@ func (pm *PatternMatcher) Matches(file string) (bool, error) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if matched {
|
|
||||||
logrus.Debugf("Skipping excluded path: %s", file)
|
|
||||||
}
|
|
||||||
|
|
||||||
return matched, nil
|
return matched, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -6,6 +6,15 @@ import (
|
||||||
"github.com/docker/docker/pkg/system"
|
"github.com/docker/docker/pkg/system"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
const (
|
||||||
|
SeTakeOwnershipPrivilege = "SeTakeOwnershipPrivilege"
|
||||||
|
)
|
||||||
|
|
||||||
|
const (
|
||||||
|
ContainerAdministratorSidString = "S-1-5-93-2-1"
|
||||||
|
ContainerUserSidString = "S-1-5-93-2-2"
|
||||||
|
)
|
||||||
|
|
||||||
// This is currently a wrapper around MkdirAll, however, since currently
|
// This is currently a wrapper around MkdirAll, however, since currently
|
||||||
// permissions aren't set through this path, the identity isn't utilized.
|
// permissions aren't set through this path, the identity isn't utilized.
|
||||||
// Ownership is handled elsewhere, but in the future could be support here
|
// Ownership is handled elsewhere, but in the future could be support here
|
||||||
|
|
|
@ -1,48 +0,0 @@
|
||||||
// +build windows,!no_lcow
|
|
||||||
|
|
||||||
package system // import "github.com/docker/docker/pkg/system"
|
|
||||||
|
|
||||||
import (
|
|
||||||
"strings"
|
|
||||||
|
|
||||||
"github.com/Microsoft/hcsshim/osversion"
|
|
||||||
specs "github.com/opencontainers/image-spec/specs-go/v1"
|
|
||||||
"github.com/pkg/errors"
|
|
||||||
)
|
|
||||||
|
|
||||||
var (
|
|
||||||
// lcowSupported determines if Linux Containers on Windows are supported.
|
|
||||||
lcowSupported = false
|
|
||||||
)
|
|
||||||
|
|
||||||
// InitLCOW sets whether LCOW is supported or not. Requires RS5+
|
|
||||||
func InitLCOW(experimental bool) {
|
|
||||||
if experimental && osversion.Build() >= osversion.RS5 {
|
|
||||||
lcowSupported = true
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
func LCOWSupported() bool {
|
|
||||||
return lcowSupported
|
|
||||||
}
|
|
||||||
|
|
||||||
// ValidatePlatform determines if a platform structure is valid.
|
|
||||||
// TODO This is a temporary windows-only function, should be replaced by
|
|
||||||
// comparison of worker capabilities
|
|
||||||
func ValidatePlatform(platform specs.Platform) error {
|
|
||||||
if !IsOSSupported(platform.OS) {
|
|
||||||
return errors.Errorf("unsupported os %s", platform.OS)
|
|
||||||
}
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// IsOSSupported determines if an operating system is supported by the host
|
|
||||||
func IsOSSupported(os string) bool {
|
|
||||||
if strings.EqualFold("windows", os) {
|
|
||||||
return true
|
|
||||||
}
|
|
||||||
if LCOWSupported() && strings.EqualFold(os, "linux") {
|
|
||||||
return true
|
|
||||||
}
|
|
||||||
return false
|
|
||||||
}
|
|
|
@ -1,27 +1,14 @@
|
||||||
// +build !windows windows,no_lcow
|
|
||||||
|
|
||||||
package system // import "github.com/docker/docker/pkg/system"
|
package system // import "github.com/docker/docker/pkg/system"
|
||||||
import (
|
import (
|
||||||
"runtime"
|
"runtime"
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
specs "github.com/opencontainers/image-spec/specs-go/v1"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
// InitLCOW does nothing since LCOW is a windows only feature
|
|
||||||
func InitLCOW(_ bool) {}
|
|
||||||
|
|
||||||
// LCOWSupported returns true if Linux containers on Windows are supported.
|
// LCOWSupported returns true if Linux containers on Windows are supported.
|
||||||
func LCOWSupported() bool {
|
func LCOWSupported() bool {
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
|
|
||||||
// ValidatePlatform determines if a platform structure is valid. This function
|
|
||||||
// is used for LCOW, and is a no-op on non-windows platforms.
|
|
||||||
func ValidatePlatform(_ specs.Platform) error {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// IsOSSupported determines if an operating system is supported by the host.
|
// IsOSSupported determines if an operating system is supported by the host.
|
||||||
func IsOSSupported(os string) bool {
|
func IsOSSupported(os string) bool {
|
||||||
return strings.EqualFold(runtime.GOOS, os)
|
return strings.EqualFold(runtime.GOOS, os)
|
||||||
|
|
|
@ -1,24 +1,15 @@
|
||||||
package system // import "github.com/docker/docker/pkg/system"
|
package system // import "github.com/docker/docker/pkg/system"
|
||||||
|
|
||||||
import (
|
|
||||||
"fmt"
|
|
||||||
"path/filepath"
|
|
||||||
"runtime"
|
|
||||||
"strings"
|
|
||||||
)
|
|
||||||
|
|
||||||
const defaultUnixPathEnv = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
|
const defaultUnixPathEnv = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
|
||||||
|
|
||||||
// DefaultPathEnv is unix style list of directories to search for
|
// DefaultPathEnv is unix style list of directories to search for
|
||||||
// executables. Each directory is separated from the next by a colon
|
// executables. Each directory is separated from the next by a colon
|
||||||
// ':' character .
|
// ':' character .
|
||||||
|
// For Windows containers, an empty string is returned as the default
|
||||||
|
// path will be set by the container, and Docker has no context of what the
|
||||||
|
// default path should be.
|
||||||
func DefaultPathEnv(os string) string {
|
func DefaultPathEnv(os string) string {
|
||||||
if runtime.GOOS == "windows" {
|
if os == "windows" {
|
||||||
if os != runtime.GOOS {
|
|
||||||
return defaultUnixPathEnv
|
|
||||||
}
|
|
||||||
// Deliberately empty on Windows containers on Windows as the default path will be set by
|
|
||||||
// the container. Docker has no context of what the default path should be.
|
|
||||||
return ""
|
return ""
|
||||||
}
|
}
|
||||||
return defaultUnixPathEnv
|
return defaultUnixPathEnv
|
||||||
|
@ -47,18 +38,5 @@ type PathVerifier interface {
|
||||||
// /a --> \a
|
// /a --> \a
|
||||||
// d:\ --> Fail
|
// d:\ --> Fail
|
||||||
func CheckSystemDriveAndRemoveDriveLetter(path string, driver PathVerifier) (string, error) {
|
func CheckSystemDriveAndRemoveDriveLetter(path string, driver PathVerifier) (string, error) {
|
||||||
if runtime.GOOS != "windows" || LCOWSupported() {
|
return checkSystemDriveAndRemoveDriveLetter(path, driver)
|
||||||
return path, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
if len(path) == 2 && string(path[1]) == ":" {
|
|
||||||
return "", fmt.Errorf("No relative path specified in %q", path)
|
|
||||||
}
|
|
||||||
if !driver.IsAbs(path) || len(path) < 2 {
|
|
||||||
return filepath.FromSlash(path), nil
|
|
||||||
}
|
|
||||||
if string(path[1]) == ":" && !strings.EqualFold(string(path[0]), "c") {
|
|
||||||
return "", fmt.Errorf("The specified path is not on the system drive (C:)")
|
|
||||||
}
|
|
||||||
return filepath.FromSlash(path[2:]), nil
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -8,3 +8,9 @@ package system // import "github.com/docker/docker/pkg/system"
|
||||||
func GetLongPathName(path string) (string, error) {
|
func GetLongPathName(path string) (string, error) {
|
||||||
return path, nil
|
return path, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// checkSystemDriveAndRemoveDriveLetter is the non-Windows implementation
|
||||||
|
// of CheckSystemDriveAndRemoveDriveLetter
|
||||||
|
func checkSystemDriveAndRemoveDriveLetter(path string, driver PathVerifier) (string, error) {
|
||||||
|
return path, nil
|
||||||
|
}
|
||||||
|
|
|
@ -1,6 +1,12 @@
|
||||||
package system // import "github.com/docker/docker/pkg/system"
|
package system // import "github.com/docker/docker/pkg/system"
|
||||||
|
|
||||||
import "golang.org/x/sys/windows"
|
import (
|
||||||
|
"fmt"
|
||||||
|
"path/filepath"
|
||||||
|
"strings"
|
||||||
|
|
||||||
|
"golang.org/x/sys/windows"
|
||||||
|
)
|
||||||
|
|
||||||
// GetLongPathName converts Windows short pathnames to full pathnames.
|
// GetLongPathName converts Windows short pathnames to full pathnames.
|
||||||
// For example C:\Users\ADMIN~1 --> C:\Users\Administrator.
|
// For example C:\Users\ADMIN~1 --> C:\Users\Administrator.
|
||||||
|
@ -25,3 +31,18 @@ func GetLongPathName(path string) (string, error) {
|
||||||
}
|
}
|
||||||
return windows.UTF16ToString(b), nil
|
return windows.UTF16ToString(b), nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// checkSystemDriveAndRemoveDriveLetter is the Windows implementation
|
||||||
|
// of CheckSystemDriveAndRemoveDriveLetter
|
||||||
|
func checkSystemDriveAndRemoveDriveLetter(path string, driver PathVerifier) (string, error) {
|
||||||
|
if len(path) == 2 && string(path[1]) == ":" {
|
||||||
|
return "", fmt.Errorf("No relative path specified in %q", path)
|
||||||
|
}
|
||||||
|
if !driver.IsAbs(path) || len(path) < 2 {
|
||||||
|
return filepath.FromSlash(path), nil
|
||||||
|
}
|
||||||
|
if string(path[1]) == ":" && !strings.EqualFold(string(path[0]), "c") {
|
||||||
|
return "", fmt.Errorf("The specified path is not on the system drive (C:)")
|
||||||
|
}
|
||||||
|
return filepath.FromSlash(path[2:]), nil
|
||||||
|
}
|
||||||
|
|
|
@ -9,7 +9,7 @@ func fromStatT(s *syscall.Stat_t) (*StatT, error) {
|
||||||
uid: s.Uid,
|
uid: s.Uid,
|
||||||
gid: s.Gid,
|
gid: s.Gid,
|
||||||
// the type is 32bit on mips
|
// the type is 32bit on mips
|
||||||
rdev: uint64(s.Rdev), // nolint: unconvert
|
rdev: uint64(s.Rdev), //nolint: unconvert
|
||||||
mtim: s.Mtim}, nil
|
mtim: s.Mtim}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,11 +0,0 @@
|
||||||
// +build linux freebsd
|
|
||||||
|
|
||||||
package system // import "github.com/docker/docker/pkg/system"
|
|
||||||
|
|
||||||
import "golang.org/x/sys/unix"
|
|
||||||
|
|
||||||
// Unmount is a platform-specific helper function to call
|
|
||||||
// the unmount syscall.
|
|
||||||
func Unmount(dest string) error {
|
|
||||||
return unix.Unmount(dest, 0)
|
|
||||||
}
|
|
|
@ -1,69 +1,30 @@
|
||||||
package system // import "github.com/docker/docker/pkg/system"
|
package system // import "github.com/docker/docker/pkg/system"
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"syscall"
|
|
||||||
"unsafe"
|
"unsafe"
|
||||||
|
|
||||||
"github.com/Microsoft/hcsshim/osversion"
|
|
||||||
"github.com/sirupsen/logrus"
|
"github.com/sirupsen/logrus"
|
||||||
"golang.org/x/sys/windows"
|
"golang.org/x/sys/windows"
|
||||||
)
|
)
|
||||||
|
|
||||||
const (
|
const (
|
||||||
OWNER_SECURITY_INFORMATION = windows.OWNER_SECURITY_INFORMATION // Deprecated: use golang.org/x/sys/windows.OWNER_SECURITY_INFORMATION
|
// Deprecated: use github.com/docker/pkg/idtools.SeTakeOwnershipPrivilege
|
||||||
GROUP_SECURITY_INFORMATION = windows.GROUP_SECURITY_INFORMATION // Deprecated: use golang.org/x/sys/windows.GROUP_SECURITY_INFORMATION
|
|
||||||
DACL_SECURITY_INFORMATION = windows.DACL_SECURITY_INFORMATION // Deprecated: use golang.org/x/sys/windows.DACL_SECURITY_INFORMATION
|
|
||||||
SACL_SECURITY_INFORMATION = windows.SACL_SECURITY_INFORMATION // Deprecated: use golang.org/x/sys/windows.SACL_SECURITY_INFORMATION
|
|
||||||
LABEL_SECURITY_INFORMATION = windows.LABEL_SECURITY_INFORMATION // Deprecated: use golang.org/x/sys/windows.LABEL_SECURITY_INFORMATION
|
|
||||||
ATTRIBUTE_SECURITY_INFORMATION = windows.ATTRIBUTE_SECURITY_INFORMATION // Deprecated: use golang.org/x/sys/windows.ATTRIBUTE_SECURITY_INFORMATION
|
|
||||||
SCOPE_SECURITY_INFORMATION = windows.SCOPE_SECURITY_INFORMATION // Deprecated: use golang.org/x/sys/windows.SCOPE_SECURITY_INFORMATION
|
|
||||||
PROCESS_TRUST_LABEL_SECURITY_INFORMATION = 0x00000080
|
|
||||||
ACCESS_FILTER_SECURITY_INFORMATION = 0x00000100
|
|
||||||
BACKUP_SECURITY_INFORMATION = windows.BACKUP_SECURITY_INFORMATION // Deprecated: use golang.org/x/sys/windows.BACKUP_SECURITY_INFORMATION
|
|
||||||
PROTECTED_DACL_SECURITY_INFORMATION = windows.PROTECTED_DACL_SECURITY_INFORMATION // Deprecated: use golang.org/x/sys/windows.PROTECTED_DACL_SECURITY_INFORMATION
|
|
||||||
PROTECTED_SACL_SECURITY_INFORMATION = windows.PROTECTED_SACL_SECURITY_INFORMATION // Deprecated: use golang.org/x/sys/windows.PROTECTED_SACL_SECURITY_INFORMATION
|
|
||||||
UNPROTECTED_DACL_SECURITY_INFORMATION = windows.UNPROTECTED_DACL_SECURITY_INFORMATION // Deprecated: use golang.org/x/sys/windows.UNPROTECTED_DACL_SECURITY_INFORMATION
|
|
||||||
UNPROTECTED_SACL_SECURITY_INFORMATION = windows.UNPROTECTED_SACL_SECURITY_INFORMATION // Deprecated: use golang.org/x/sys/windows.UNPROTECTED_SACL_SECURITY_INFORMATION
|
|
||||||
)
|
|
||||||
|
|
||||||
const (
|
|
||||||
SE_UNKNOWN_OBJECT_TYPE = windows.SE_UNKNOWN_OBJECT_TYPE // Deprecated: use golang.org/x/sys/windows.SE_UNKNOWN_OBJECT_TYPE
|
|
||||||
SE_FILE_OBJECT = windows.SE_FILE_OBJECT // Deprecated: use golang.org/x/sys/windows.SE_FILE_OBJECT
|
|
||||||
SE_SERVICE = windows.SE_SERVICE // Deprecated: use golang.org/x/sys/windows.SE_SERVICE
|
|
||||||
SE_PRINTER = windows.SE_PRINTER // Deprecated: use golang.org/x/sys/windows.SE_PRINTER
|
|
||||||
SE_REGISTRY_KEY = windows.SE_REGISTRY_KEY // Deprecated: use golang.org/x/sys/windows.SE_REGISTRY_KEY
|
|
||||||
SE_LMSHARE = windows.SE_LMSHARE // Deprecated: use golang.org/x/sys/windows.SE_LMSHARE
|
|
||||||
SE_KERNEL_OBJECT = windows.SE_KERNEL_OBJECT // Deprecated: use golang.org/x/sys/windows.SE_KERNEL_OBJECT
|
|
||||||
SE_WINDOW_OBJECT = windows.SE_WINDOW_OBJECT // Deprecated: use golang.org/x/sys/windows.SE_WINDOW_OBJECT
|
|
||||||
SE_DS_OBJECT = windows.SE_DS_OBJECT // Deprecated: use golang.org/x/sys/windows.SE_DS_OBJECT
|
|
||||||
SE_DS_OBJECT_ALL = windows.SE_DS_OBJECT_ALL // Deprecated: use golang.org/x/sys/windows.SE_DS_OBJECT_ALL
|
|
||||||
SE_PROVIDER_DEFINED_OBJECT = windows.SE_PROVIDER_DEFINED_OBJECT // Deprecated: use golang.org/x/sys/windows.SE_PROVIDER_DEFINED_OBJECT
|
|
||||||
SE_WMIGUID_OBJECT = windows.SE_WMIGUID_OBJECT // Deprecated: use golang.org/x/sys/windows.SE_WMIGUID_OBJECT
|
|
||||||
SE_REGISTRY_WOW64_32KEY = windows.SE_REGISTRY_WOW64_32KEY // Deprecated: use golang.org/x/sys/windows.SE_REGISTRY_WOW64_32KEY
|
|
||||||
)
|
|
||||||
|
|
||||||
const (
|
|
||||||
SeTakeOwnershipPrivilege = "SeTakeOwnershipPrivilege"
|
SeTakeOwnershipPrivilege = "SeTakeOwnershipPrivilege"
|
||||||
)
|
)
|
||||||
|
|
||||||
const (
|
const (
|
||||||
|
// Deprecated: use github.com/docker/pkg/idtools.ContainerAdministratorSidString
|
||||||
ContainerAdministratorSidString = "S-1-5-93-2-1"
|
ContainerAdministratorSidString = "S-1-5-93-2-1"
|
||||||
|
// Deprecated: use github.com/docker/pkg/idtools.ContainerUserSidString
|
||||||
ContainerUserSidString = "S-1-5-93-2-2"
|
ContainerUserSidString = "S-1-5-93-2-2"
|
||||||
)
|
)
|
||||||
|
|
||||||
var (
|
var (
|
||||||
ntuserApiset = windows.NewLazyDLL("ext-ms-win-ntuser-window-l1-1-0")
|
ntuserApiset = windows.NewLazyDLL("ext-ms-win-ntuser-window-l1-1-0")
|
||||||
modadvapi32 = windows.NewLazySystemDLL("advapi32.dll")
|
|
||||||
procGetVersionExW = modkernel32.NewProc("GetVersionExW")
|
procGetVersionExW = modkernel32.NewProc("GetVersionExW")
|
||||||
procSetNamedSecurityInfo = modadvapi32.NewProc("SetNamedSecurityInfoW")
|
|
||||||
procGetSecurityDescriptorDacl = modadvapi32.NewProc("GetSecurityDescriptorDacl")
|
|
||||||
)
|
)
|
||||||
|
|
||||||
// OSVersion is a wrapper for Windows version information
|
// https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-osversioninfoexa
|
||||||
// https://msdn.microsoft.com/en-us/library/windows/desktop/ms724439(v=vs.85).aspx
|
|
||||||
type OSVersion = osversion.OSVersion
|
|
||||||
|
|
||||||
// https://msdn.microsoft.com/en-us/library/windows/desktop/ms724833(v=vs.85).aspx
|
|
||||||
// TODO: use golang.org/x/sys/windows.OsVersionInfoEx (needs OSVersionInfoSize to be exported)
|
// TODO: use golang.org/x/sys/windows.OsVersionInfoEx (needs OSVersionInfoSize to be exported)
|
||||||
type osVersionInfoEx struct {
|
type osVersionInfoEx struct {
|
||||||
OSVersionInfoSize uint32
|
OSVersionInfoSize uint32
|
||||||
|
@ -79,31 +40,21 @@ type osVersionInfoEx struct {
|
||||||
Reserve byte
|
Reserve byte
|
||||||
}
|
}
|
||||||
|
|
||||||
// GetOSVersion gets the operating system version on Windows. Note that
|
// IsWindowsClient returns true if the SKU is client. It returns false on
|
||||||
// dockerd.exe must be manifested to get the correct version information.
|
// Windows server, or if an error occurred when making the GetVersionExW
|
||||||
// Deprecated: use github.com/Microsoft/hcsshim/osversion.Get() instead
|
// syscall.
|
||||||
func GetOSVersion() OSVersion {
|
|
||||||
return osversion.Get()
|
|
||||||
}
|
|
||||||
|
|
||||||
// IsWindowsClient returns true if the SKU is client
|
|
||||||
func IsWindowsClient() bool {
|
func IsWindowsClient() bool {
|
||||||
osviex := &osVersionInfoEx{OSVersionInfoSize: 284}
|
osviex := &osVersionInfoEx{OSVersionInfoSize: 284}
|
||||||
r1, _, err := procGetVersionExW.Call(uintptr(unsafe.Pointer(osviex)))
|
r1, _, err := procGetVersionExW.Call(uintptr(unsafe.Pointer(osviex)))
|
||||||
if r1 == 0 {
|
if r1 == 0 {
|
||||||
logrus.Warnf("GetVersionExW failed - assuming server SKU: %v", err)
|
logrus.WithError(err).Warn("GetVersionExW failed - assuming server SKU")
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
const verNTWorkstation = 0x00000001
|
// VER_NT_WORKSTATION, see https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-osversioninfoexa
|
||||||
|
const verNTWorkstation = 0x00000001 // VER_NT_WORKSTATION
|
||||||
return osviex.ProductType == verNTWorkstation
|
return osviex.ProductType == verNTWorkstation
|
||||||
}
|
}
|
||||||
|
|
||||||
// Unmount is a platform-specific helper function to call
|
|
||||||
// the unmount syscall. Not supported on Windows
|
|
||||||
func Unmount(_ string) error {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
// HasWin32KSupport determines whether containers that depend on win32k can
|
// HasWin32KSupport determines whether containers that depend on win32k can
|
||||||
// run on this machine. Win32k is the driver used to implement windowing.
|
// run on this machine. Win32k is the driver used to implement windowing.
|
||||||
func HasWin32KSupport() bool {
|
func HasWin32KSupport() bool {
|
||||||
|
@ -112,25 +63,3 @@ func HasWin32KSupport() bool {
|
||||||
// APIs.
|
// APIs.
|
||||||
return ntuserApiset.Load() == nil
|
return ntuserApiset.Load() == nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// Deprecated: use golang.org/x/sys/windows.SetNamedSecurityInfo()
|
|
||||||
func SetNamedSecurityInfo(objectName *uint16, objectType uint32, securityInformation uint32, sidOwner *windows.SID, sidGroup *windows.SID, dacl *byte, sacl *byte) (result error) {
|
|
||||||
r0, _, _ := syscall.Syscall9(procSetNamedSecurityInfo.Addr(), 7, uintptr(unsafe.Pointer(objectName)), uintptr(objectType), uintptr(securityInformation), uintptr(unsafe.Pointer(sidOwner)), uintptr(unsafe.Pointer(sidGroup)), uintptr(unsafe.Pointer(dacl)), uintptr(unsafe.Pointer(sacl)), 0, 0)
|
|
||||||
if r0 != 0 {
|
|
||||||
result = syscall.Errno(r0)
|
|
||||||
}
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
||||||
// Deprecated: uses golang.org/x/sys/windows.SecurityDescriptorFromString() and golang.org/x/sys/windows.SECURITY_DESCRIPTOR.DACL()
|
|
||||||
func GetSecurityDescriptorDacl(securityDescriptor *byte, daclPresent *uint32, dacl **byte, daclDefaulted *uint32) (result error) {
|
|
||||||
r1, _, e1 := syscall.Syscall6(procGetSecurityDescriptorDacl.Addr(), 4, uintptr(unsafe.Pointer(securityDescriptor)), uintptr(unsafe.Pointer(daclPresent)), uintptr(unsafe.Pointer(dacl)), uintptr(unsafe.Pointer(daclDefaulted)), 0, 0)
|
|
||||||
if r1 == 0 {
|
|
||||||
if e1 != 0 {
|
|
||||||
result = e1
|
|
||||||
} else {
|
|
||||||
result = syscall.EINVAL
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return
|
|
||||||
}
|
|
||||||
|
|
|
@ -87,26 +87,19 @@ func loginV2(authConfig *types.AuthConfig, endpoint APIEndpoint, userAgent strin
|
||||||
|
|
||||||
logrus.Debugf("attempting v2 login to registry endpoint %s", endpointStr)
|
logrus.Debugf("attempting v2 login to registry endpoint %s", endpointStr)
|
||||||
|
|
||||||
loginClient, foundV2, err := v2AuthHTTPClient(endpoint.URL, authTransport, modifiers, creds, nil)
|
loginClient, err := v2AuthHTTPClient(endpoint.URL, authTransport, modifiers, creds, nil)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return "", "", err
|
return "", "", err
|
||||||
}
|
}
|
||||||
|
|
||||||
req, err := http.NewRequest(http.MethodGet, endpointStr, nil)
|
req, err := http.NewRequest(http.MethodGet, endpointStr, nil)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
if !foundV2 {
|
|
||||||
err = fallbackError{err: err}
|
|
||||||
}
|
|
||||||
return "", "", err
|
return "", "", err
|
||||||
}
|
}
|
||||||
|
|
||||||
resp, err := loginClient.Do(req)
|
resp, err := loginClient.Do(req)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
err = translateV2AuthError(err)
|
err = translateV2AuthError(err)
|
||||||
if !foundV2 {
|
|
||||||
err = fallbackError{err: err}
|
|
||||||
}
|
|
||||||
|
|
||||||
return "", "", err
|
return "", "", err
|
||||||
}
|
}
|
||||||
defer resp.Body.Close()
|
defer resp.Body.Close()
|
||||||
|
@ -117,19 +110,13 @@ func loginV2(authConfig *types.AuthConfig, endpoint APIEndpoint, userAgent strin
|
||||||
|
|
||||||
// TODO(dmcgowan): Attempt to further interpret result, status code and error code string
|
// TODO(dmcgowan): Attempt to further interpret result, status code and error code string
|
||||||
err = errors.Errorf("login attempt to %s failed with status: %d %s", endpointStr, resp.StatusCode, http.StatusText(resp.StatusCode))
|
err = errors.Errorf("login attempt to %s failed with status: %d %s", endpointStr, resp.StatusCode, http.StatusText(resp.StatusCode))
|
||||||
if !foundV2 {
|
|
||||||
err = fallbackError{err: err}
|
|
||||||
}
|
|
||||||
return "", "", err
|
return "", "", err
|
||||||
}
|
}
|
||||||
|
|
||||||
func v2AuthHTTPClient(endpoint *url.URL, authTransport http.RoundTripper, modifiers []transport.RequestModifier, creds auth.CredentialStore, scopes []auth.Scope) (*http.Client, bool, error) {
|
func v2AuthHTTPClient(endpoint *url.URL, authTransport http.RoundTripper, modifiers []transport.RequestModifier, creds auth.CredentialStore, scopes []auth.Scope) (*http.Client, error) {
|
||||||
challengeManager, foundV2, err := PingV2Registry(endpoint, authTransport)
|
challengeManager, err := PingV2Registry(endpoint, authTransport)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
if !foundV2 {
|
return nil, err
|
||||||
err = fallbackError{err: err}
|
|
||||||
}
|
|
||||||
return nil, foundV2, err
|
|
||||||
}
|
}
|
||||||
|
|
||||||
tokenHandlerOptions := auth.TokenHandlerOptions{
|
tokenHandlerOptions := auth.TokenHandlerOptions{
|
||||||
|
@ -147,8 +134,7 @@ func v2AuthHTTPClient(endpoint *url.URL, authTransport http.RoundTripper, modifi
|
||||||
return &http.Client{
|
return &http.Client{
|
||||||
Transport: tr,
|
Transport: tr,
|
||||||
Timeout: 15 * time.Second,
|
Timeout: 15 * time.Second,
|
||||||
}, foundV2, nil
|
}, nil
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// ConvertToHostname converts a registry url which has http|https prepended
|
// ConvertToHostname converts a registry url which has http|https prepended
|
||||||
|
@ -197,18 +183,9 @@ func (err PingResponseError) Error() string {
|
||||||
}
|
}
|
||||||
|
|
||||||
// PingV2Registry attempts to ping a v2 registry and on success return a
|
// PingV2Registry attempts to ping a v2 registry and on success return a
|
||||||
// challenge manager for the supported authentication types and
|
// challenge manager for the supported authentication types.
|
||||||
// whether v2 was confirmed by the response. If a response is received but
|
// If a response is received but cannot be interpreted, a PingResponseError will be returned.
|
||||||
// cannot be interpreted a PingResponseError will be returned.
|
func PingV2Registry(endpoint *url.URL, transport http.RoundTripper) (challenge.Manager, error) {
|
||||||
func PingV2Registry(endpoint *url.URL, transport http.RoundTripper) (challenge.Manager, bool, error) {
|
|
||||||
var (
|
|
||||||
foundV2 = false
|
|
||||||
v2Version = auth.APIVersion{
|
|
||||||
Type: "registry",
|
|
||||||
Version: "2.0",
|
|
||||||
}
|
|
||||||
)
|
|
||||||
|
|
||||||
pingClient := &http.Client{
|
pingClient := &http.Client{
|
||||||
Transport: transport,
|
Transport: transport,
|
||||||
Timeout: 15 * time.Second,
|
Timeout: 15 * time.Second,
|
||||||
|
@ -216,32 +193,20 @@ func PingV2Registry(endpoint *url.URL, transport http.RoundTripper) (challenge.M
|
||||||
endpointStr := strings.TrimRight(endpoint.String(), "/") + "/v2/"
|
endpointStr := strings.TrimRight(endpoint.String(), "/") + "/v2/"
|
||||||
req, err := http.NewRequest(http.MethodGet, endpointStr, nil)
|
req, err := http.NewRequest(http.MethodGet, endpointStr, nil)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, false, err
|
return nil, err
|
||||||
}
|
}
|
||||||
resp, err := pingClient.Do(req)
|
resp, err := pingClient.Do(req)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, false, err
|
return nil, err
|
||||||
}
|
}
|
||||||
defer resp.Body.Close()
|
defer resp.Body.Close()
|
||||||
|
|
||||||
versions := auth.APIVersions(resp, DefaultRegistryVersionHeader)
|
|
||||||
for _, pingVersion := range versions {
|
|
||||||
if pingVersion == v2Version {
|
|
||||||
// The version header indicates we're definitely
|
|
||||||
// talking to a v2 registry. So don't allow future
|
|
||||||
// fallbacks to the v1 protocol.
|
|
||||||
|
|
||||||
foundV2 = true
|
|
||||||
break
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
challengeManager := challenge.NewSimpleManager()
|
challengeManager := challenge.NewSimpleManager()
|
||||||
if err := challengeManager.AddResponse(resp); err != nil {
|
if err := challengeManager.AddResponse(resp); err != nil {
|
||||||
return nil, foundV2, PingResponseError{
|
return nil, PingResponseError{
|
||||||
Err: err,
|
Err: err,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return challengeManager, foundV2, nil
|
return challengeManager, nil
|
||||||
}
|
}
|
||||||
|
|
|
@ -22,6 +22,7 @@ type V1Endpoint struct {
|
||||||
}
|
}
|
||||||
|
|
||||||
// NewV1Endpoint parses the given address to return a registry endpoint.
|
// NewV1Endpoint parses the given address to return a registry endpoint.
|
||||||
|
// TODO: remove. This is only used by search.
|
||||||
func NewV1Endpoint(index *registrytypes.IndexInfo, userAgent string, metaHeaders http.Header) (*V1Endpoint, error) {
|
func NewV1Endpoint(index *registrytypes.IndexInfo, userAgent string, metaHeaders http.Header) (*V1Endpoint, error) {
|
||||||
tlsConfig, err := newTLSConfig(index.Name, index.Secure)
|
tlsConfig, err := newTLSConfig(index.Name, index.Secure)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
|
@ -135,12 +135,11 @@ func (s *DefaultService) Auth(ctx context.Context, authConfig *types.AuthConfig,
|
||||||
if err == nil {
|
if err == nil {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
if fErr, ok := err.(fallbackError); ok {
|
if errdefs.IsUnauthorized(err) {
|
||||||
logrus.WithError(fErr.err).Infof("Error logging in to endpoint, trying next endpoint")
|
// Failed to authenticate; don't continue with (non-TLS) endpoints.
|
||||||
continue
|
return status, token, err
|
||||||
}
|
}
|
||||||
|
logrus.WithError(err).Infof("Error logging in to endpoint, trying next endpoint")
|
||||||
return "", "", err
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return "", "", err
|
return "", "", err
|
||||||
|
@ -194,14 +193,14 @@ func (s *DefaultService) Search(ctx context.Context, term string, limit int, aut
|
||||||
}
|
}
|
||||||
|
|
||||||
modifiers := Headers(userAgent, nil)
|
modifiers := Headers(userAgent, nil)
|
||||||
v2Client, foundV2, err := v2AuthHTTPClient(endpoint.URL, endpoint.client.Transport, modifiers, creds, scopes)
|
v2Client, err := v2AuthHTTPClient(endpoint.URL, endpoint.client.Transport, modifiers, creds, scopes)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
if fErr, ok := err.(fallbackError); ok {
|
if fErr, ok := err.(fallbackError); ok {
|
||||||
logrus.Errorf("Cannot use identity token for search, v2 auth not supported: %v", fErr.err)
|
logrus.Errorf("Cannot use identity token for search, v2 auth not supported: %v", fErr.err)
|
||||||
} else {
|
} else {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
} else if foundV2 {
|
} else {
|
||||||
// Copy non transport http client features
|
// Copy non transport http client features
|
||||||
v2Client.Timeout = endpoint.client.Timeout
|
v2Client.Timeout = endpoint.client.Timeout
|
||||||
v2Client.CheckRedirect = endpoint.client.CheckRedirect
|
v2Client.CheckRedirect = endpoint.client.CheckRedirect
|
||||||
|
|
|
@ -1,11 +1,10 @@
|
||||||
github.com/Azure/go-ansiterm d6e3b3328b783f23731bc4d058875b0371ff8109
|
github.com/Azure/go-ansiterm d6e3b3328b783f23731bc4d058875b0371ff8109
|
||||||
github.com/Microsoft/hcsshim 89a9a3b524264d34985f1d48793ab2b2d2e430f6 # moby branch
|
github.com/Microsoft/hcsshim e811ee705ec77df2ae28857ade553043fb564d91 # v0.8.16
|
||||||
github.com/Microsoft/go-winio 5b44b70ab3ab4d291a7c1d28afe7b4afeced0ed4 # v0.4.15
|
github.com/Microsoft/go-winio 5c2e05d71961716a6c392a06ada435aaf5d5302c # v0.4.19
|
||||||
github.com/docker/libtrust 9cbd2a1374f46905c68a4eb3694a130610adc62a
|
github.com/docker/libtrust 9cbd2a1374f46905c68a4eb3694a130610adc62a
|
||||||
github.com/golang/gddo 72a348e765d293ed6d1ded7b699591f14d6cd921
|
github.com/golang/gddo 72a348e765d293ed6d1ded7b699591f14d6cd921
|
||||||
github.com/google/uuid 0cd6bf5da1e1c83f8b45653022c74f71af0538a4 # v1.1.1
|
github.com/google/uuid 0cd6bf5da1e1c83f8b45653022c74f71af0538a4 # v1.1.1
|
||||||
github.com/gorilla/mux 98cb6bf42e086f6af920b965c38cacc07402d51b # v1.8.0
|
github.com/gorilla/mux 98cb6bf42e086f6af920b965c38cacc07402d51b # v1.8.0
|
||||||
github.com/Microsoft/opengcs a10967154e143a36014584a6f664344e3bb0aa64
|
|
||||||
github.com/moby/locker 281af2d563954745bea9d1487c965f24d30742fe # v1.0.1
|
github.com/moby/locker 281af2d563954745bea9d1487c965f24d30742fe # v1.0.1
|
||||||
github.com/moby/term bea5bbe245bf407372d477f1361d2ff042d2f556
|
github.com/moby/term bea5bbe245bf407372d477f1361d2ff042d2f556
|
||||||
|
|
||||||
|
@ -14,13 +13,13 @@ github.com/moby/term bea5bbe245bf407372d477f1361d
|
||||||
# tool (vndr) currently does not support submodules / vendoring sub-paths, so we vendor
|
# tool (vndr) currently does not support submodules / vendoring sub-paths, so we vendor
|
||||||
# the top-level moby/sys repository (which contains both) and pick the most recent tag,
|
# the top-level moby/sys repository (which contains both) and pick the most recent tag,
|
||||||
# which could be either `mountinfo/vX.Y.Z`, `mount/vX.Y.Z`, or `symlink/vX.Y.Z`.
|
# which could be either `mountinfo/vX.Y.Z`, `mount/vX.Y.Z`, or `symlink/vX.Y.Z`.
|
||||||
github.com/moby/sys 1bc8673b57550ddf85262eb0fed0aac651a37dab # symlink/v0.1.0
|
github.com/moby/sys b0f1fd7235275d01bd35cc4421e884e522395f45 # mountinfo/v0.4.1
|
||||||
|
|
||||||
github.com/creack/pty 2a38352e8b4d7ab6c336eef107e42a55e72e7fbc # v1.1.11
|
github.com/creack/pty 2a38352e8b4d7ab6c336eef107e42a55e72e7fbc # v1.1.11
|
||||||
github.com/sirupsen/logrus 6699a89a232f3db797f2e280639854bbc4b89725 # v1.7.0
|
github.com/sirupsen/logrus 6699a89a232f3db797f2e280639854bbc4b89725 # v1.7.0
|
||||||
github.com/tchap/go-patricia a7f0089c6f496e8e70402f61733606daa326cac5 # v2.3.0
|
github.com/tchap/go-patricia a7f0089c6f496e8e70402f61733606daa326cac5 # v2.3.0
|
||||||
golang.org/x/net ab34263943818b32f575efc978a3d24e80b04bd7
|
golang.org/x/net e18ecbb051101a46fc263334b127c89bc7bff7ea
|
||||||
golang.org/x/sys b64e53b001e413bd5067f36d4e439eded3827374
|
golang.org/x/sys d19ff857e887eacb631721f188c7d365c2331456
|
||||||
github.com/docker/go-units 519db1ee28dcc9fd2474ae59fca29a810482bfb1 # v0.4.0
|
github.com/docker/go-units 519db1ee28dcc9fd2474ae59fca29a810482bfb1 # v0.4.0
|
||||||
github.com/docker/go-connections 7395e3f8aa162843a74ed6d48e79627d9792ac55 # v0.4.0
|
github.com/docker/go-connections 7395e3f8aa162843a74ed6d48e79627d9792ac55 # v0.4.0
|
||||||
golang.org/x/text 23ae387dee1f90d29a23c0e87ee0b46038fbed0e # v0.3.3
|
golang.org/x/text 23ae387dee1f90d29a23c0e87ee0b46038fbed0e # v0.3.3
|
||||||
|
@ -30,11 +29,11 @@ github.com/syndtr/gocapability 42c35b4376354fd554efc7ad35e0
|
||||||
|
|
||||||
github.com/RackSec/srslog a4725f04ec91af1a91b380da679d6e0c2f061e59
|
github.com/RackSec/srslog a4725f04ec91af1a91b380da679d6e0c2f061e59
|
||||||
github.com/imdario/mergo 1afb36080aec31e0d1528973ebe6721b191b0369 # v0.3.8
|
github.com/imdario/mergo 1afb36080aec31e0d1528973ebe6721b191b0369 # v0.3.8
|
||||||
golang.org/x/sync cd5d95a43a6e21273425c7ae415d3df9ea832eeb
|
golang.org/x/sync 036812b2e83c0ddf193dd5a34e034151da389d09
|
||||||
|
|
||||||
# buildkit
|
# buildkit
|
||||||
github.com/moby/buildkit 244e8cde639f71a05a1a2e0670bd88e0206ce55c # v0.8.3-3-g244e8cde
|
github.com/moby/buildkit 9f254e18360a24c2ae47b26f772c3c89533bcbb7 # master / v0.9.0-dev
|
||||||
github.com/tonistiigi/fsutil 0834f99b7b85462efb69b4f571a4fa3ca7da5ac9
|
github.com/tonistiigi/fsutil d72af97c0eaf93c1d20360e3cb9c63c223675b83
|
||||||
github.com/tonistiigi/units 6950e57a87eaf136bbe44ef2ec8e75b9e3569de2
|
github.com/tonistiigi/units 6950e57a87eaf136bbe44ef2ec8e75b9e3569de2
|
||||||
github.com/grpc-ecosystem/grpc-opentracing 8e809c8a86450a29b90dcc9efbf062d0fe6d9746
|
github.com/grpc-ecosystem/grpc-opentracing 8e809c8a86450a29b90dcc9efbf062d0fe6d9746
|
||||||
github.com/opentracing/opentracing-go d34af3eaa63c4d08ab54863a4bdd0daa45212e12 # v1.2.0
|
github.com/opentracing/opentracing-go d34af3eaa63c4d08ab54863a4bdd0daa45212e12 # v1.2.0
|
||||||
|
@ -62,18 +61,19 @@ github.com/docker/libkv 458977154600b9f23984d9f4b82e
|
||||||
github.com/vishvananda/netns db3c7e526aae966c4ccfa6c8189b693d6ac5d202
|
github.com/vishvananda/netns db3c7e526aae966c4ccfa6c8189b693d6ac5d202
|
||||||
github.com/vishvananda/netlink f049be6f391489d3f374498fe0c8df8449258372 # v1.1.0
|
github.com/vishvananda/netlink f049be6f391489d3f374498fe0c8df8449258372 # v1.1.0
|
||||||
github.com/moby/ipvs 4566ccea0e08d68e9614c3e7a64a23b850c4bb35 # v1.0.1
|
github.com/moby/ipvs 4566ccea0e08d68e9614c3e7a64a23b850c4bb35 # v1.0.1
|
||||||
|
github.com/urfave/cli a65b733b303f0055f8d324d805f393cd3e7a7904
|
||||||
|
|
||||||
# When updating, consider updating TOMLV_COMMIT in hack/dockerfile/install/tomlv.installer accordingly
|
|
||||||
github.com/BurntSushi/toml 3012a1dbe2e4bd1391d42b32f0577cb7bbc7f005 # v0.3.1
|
|
||||||
github.com/samuel/go-zookeeper d0e0d8e11f318e000a8cc434616d69e329edc374
|
github.com/samuel/go-zookeeper d0e0d8e11f318e000a8cc434616d69e329edc374
|
||||||
github.com/deckarep/golang-set ef32fa3046d9f249d399f98ebaf9be944430fd1d
|
github.com/deckarep/golang-set ef32fa3046d9f249d399f98ebaf9be944430fd1d
|
||||||
github.com/coreos/etcd d57e8b8d97adfc4a6c224fe116714bf1a1f3beb9 # v3.3.12
|
github.com/coreos/etcd 2c834459e1aab78a5d5219c7dfe42335fc4b617a # v3.3.25
|
||||||
github.com/coreos/go-semver 8ab6407b697782a06568d4b7f1db25550ec2e4c6 # v0.2.0
|
github.com/coreos/go-semver 8ab6407b697782a06568d4b7f1db25550ec2e4c6 # v0.2.0
|
||||||
github.com/ugorji/go b4c50a2b199d93b13dc15e78929cfb23bfdf21ab # v1.1.1
|
|
||||||
github.com/hashicorp/consul 9a9cc9341bb487651a0399e3fc5e1e8a42e62dd9 # v0.5.2
|
github.com/hashicorp/consul 9a9cc9341bb487651a0399e3fc5e1e8a42e62dd9 # v0.5.2
|
||||||
github.com/miekg/dns 6c0c4e6581f8e173cc562c8b3363ab984e4ae071 # v1.1.27
|
github.com/miekg/dns 6c0c4e6581f8e173cc562c8b3363ab984e4ae071 # v1.1.27
|
||||||
github.com/ishidawataru/sctp f2269e66cdee387bd321445d5d300893449805be
|
github.com/ishidawataru/sctp f2269e66cdee387bd321445d5d300893449805be
|
||||||
go.etcd.io/bbolt 232d8fc87f50244f9c808f4745759e08a304c029 # v1.3.5
|
go.etcd.io/bbolt 232d8fc87f50244f9c808f4745759e08a304c029 # v1.3.5
|
||||||
|
github.com/json-iterator/go a1ca0830781e007c66b225121d2cdb3a649421f6 # v1.1.10
|
||||||
|
github.com/modern-go/concurrent bacd9c7ef1dd9b15be4a9909b8ac7a4e313eec94 # 1.0.3
|
||||||
|
github.com/modern-go/reflect2 94122c33edd36123c84d5368cfb2b69df93a0ec8 # v1.0.1
|
||||||
|
|
||||||
# get graph and distribution packages
|
# get graph and distribution packages
|
||||||
github.com/docker/distribution 0d3efadf0154c2b8a4e7b6621fff9809655cc580
|
github.com/docker/distribution 0d3efadf0154c2b8a4e7b6621fff9809655cc580
|
||||||
|
@ -90,8 +90,8 @@ google.golang.org/grpc f495f5b15ae7ccda3b38c53a1bfc
|
||||||
# the containerd project first, and update both after that is merged.
|
# the containerd project first, and update both after that is merged.
|
||||||
# This commit does not need to match RUNC_COMMIT as it is used for helper
|
# This commit does not need to match RUNC_COMMIT as it is used for helper
|
||||||
# packages but should be newer or equal.
|
# packages but should be newer or equal.
|
||||||
github.com/opencontainers/runc ff819c7e9184c13b7c2607fe6c30ae19403a7aff # v1.0.0-rc92
|
github.com/opencontainers/runc b9ee9c6314599f1b4a7f497e1f1f856fe433d3b7 # v1.0.0-rc95
|
||||||
github.com/opencontainers/runtime-spec 4d89ac9fbff6c455f46a5bb59c6b1bb7184a5e43 # v1.0.3-0.20200728170252-4d89ac9fbff6
|
github.com/opencontainers/runtime-spec 1c3f411f041711bbeecf35ff7e93461ea6789220 # v1.0.3-0.20210326190908-1c3f411f0417
|
||||||
github.com/opencontainers/image-spec d60099175f88c47cd379c4738d158884749ed235 # v1.0.1
|
github.com/opencontainers/image-spec d60099175f88c47cd379c4738d158884749ed235 # v1.0.1
|
||||||
github.com/cyphar/filepath-securejoin a261ee33d7a517f054effbf451841abaafe3e0fd # v0.2.2
|
github.com/cyphar/filepath-securejoin a261ee33d7a517f054effbf451841abaafe3e0fd # v0.2.2
|
||||||
|
|
||||||
|
@ -99,14 +99,14 @@ github.com/cyphar/filepath-securejoin a261ee33d7a517f054effbf45184
|
||||||
github.com/coreos/go-systemd 39ca1b05acc7ad1220e09f133283b8859a8b71ab # v17
|
github.com/coreos/go-systemd 39ca1b05acc7ad1220e09f133283b8859a8b71ab # v17
|
||||||
|
|
||||||
# systemd integration (journald, daemon/listeners, containerd/cgroups)
|
# systemd integration (journald, daemon/listeners, containerd/cgroups)
|
||||||
github.com/coreos/go-systemd/v22 2d78030078ef61b3cae27f42ad6d0e46db51b339 # v22.0.0
|
github.com/coreos/go-systemd/v22 256724e3db397c5ca4287b8f0c78e9e8492fdb01 # v22.3.1
|
||||||
github.com/godbus/dbus/v5 37bf87eef99d69c4f1d3528bd66e3a87dc201472 # v5.0.3
|
github.com/godbus/dbus/v5 c88335c0b1d28a30e7fc76d526a06154b85e5d97 # v5.0.4
|
||||||
|
|
||||||
# gelf logging driver deps
|
# gelf logging driver deps
|
||||||
github.com/Graylog2/go-gelf 1550ee647df0510058c9d67a45c56f18911d80b8 # v2 branch
|
github.com/Graylog2/go-gelf 1550ee647df0510058c9d67a45c56f18911d80b8 # v2 branch
|
||||||
|
|
||||||
# fluent-logger-golang deps
|
# fluent-logger-golang deps
|
||||||
github.com/fluent/fluent-logger-golang 7a6c9dcd7f14c2ed5d8c55c11b894e5455ee311b # v1.4.0
|
github.com/fluent/fluent-logger-golang b9b7fb02ccfee8ba4e69aa87386820c2bf24fd11 # v1.6.1
|
||||||
github.com/philhofer/fwd bb6d471dc95d4fe11e432687f8b70ff496cf3136 # v1.0.0
|
github.com/philhofer/fwd bb6d471dc95d4fe11e432687f8b70ff496cf3136 # v1.0.0
|
||||||
github.com/tinylib/msgp af6442a0fcf6e2a1b824f70dd0c734f01e817751 # v1.1.0
|
github.com/tinylib/msgp af6442a0fcf6e2a1b824f70dd0c734f01e817751 # v1.1.0
|
||||||
|
|
||||||
|
@ -130,30 +130,32 @@ github.com/googleapis/gax-go bd5b16380fd03dc758d11cef74ba
|
||||||
google.golang.org/genproto 3f1135a288c9a07e340ae8ba4cc6c7065a3160e8
|
google.golang.org/genproto 3f1135a288c9a07e340ae8ba4cc6c7065a3160e8
|
||||||
|
|
||||||
# containerd
|
# containerd
|
||||||
github.com/containerd/containerd 0edc412565dcc6e3d6125ff9e4b009ad4b89c638 # master (v1.5.0-dev)
|
github.com/containerd/containerd 36cc874494a56a253cd181a1a685b44b58a2e34a # v1.5.2
|
||||||
github.com/containerd/fifo 0724c46b320cf96bb172a0550c19a4b1fca4dacb
|
github.com/containerd/fifo 650e8a8a179d040123db61f016cb133143e7a581 # v1.0.0
|
||||||
github.com/containerd/continuity efbc4488d8fe1bdc16bde3b2d2990d9b3a899165
|
github.com/containerd/continuity bce1c3f9669b6f3e7f6656ee715b0b4d75fa64a6 # v0.1.0
|
||||||
github.com/containerd/cgroups 0b889c03f102012f1d93a97ddd3ef71cd6f4f510
|
github.com/containerd/cgroups b9de8a2212026c07cec67baf3323f1fc0121e048 # v1.0.1
|
||||||
github.com/containerd/console 5d7e1412f07b502a01029ea20e20e0d2be31fa7c # v1.0.1
|
github.com/containerd/console 2f1e3d2b6afd18e8b2077816c711205a0b4d8769 # v1.0.2
|
||||||
github.com/containerd/go-runc 16b287bc67d069a60fa48db15f330b790b74365b
|
github.com/containerd/go-runc 16b287bc67d069a60fa48db15f330b790b74365b # v1.0.0
|
||||||
github.com/containerd/typeurl cd3ce7159eae562a4f60ceff37dada11a939d247 # v1.0.1
|
github.com/containerd/typeurl 5e43fb8b75ed2f2305fc04e6918c8d10636771bc # v1.0.2
|
||||||
github.com/containerd/ttrpc bfba540dc45464586c106b1f31c8547933c1eb41 # v1.0.2
|
github.com/containerd/ttrpc bfba540dc45464586c106b1f31c8547933c1eb41 # v1.0.2
|
||||||
github.com/gogo/googleapis 01e0f9cca9b92166042241267ee2a5cdf5cff46c # v1.3.2
|
github.com/gogo/googleapis 01e0f9cca9b92166042241267ee2a5cdf5cff46c # v1.3.2
|
||||||
github.com/cilium/ebpf 1c8d4c9ef7759622653a1d319284a44652333b28
|
github.com/cilium/ebpf ef54c303d1fff1e80a9bf20f00a378fde5419d61 # v0.5.0
|
||||||
|
github.com/klauspost/compress a3b7545c88eea469c2246bee0e6c130525d56190 # v1.11.13
|
||||||
|
github.com/pelletier/go-toml 65ca8064882c8c308e5c804c5d5443d409e0738c # v1.8.1
|
||||||
|
|
||||||
# cluster
|
# cluster
|
||||||
github.com/docker/swarmkit 17d8d4e4d8bdec33d386e6362d3537fa9493ba00
|
github.com/docker/swarmkit 2dcf70aafdc9ea55af3aaaeca440638cde0ecda6 # master
|
||||||
github.com/gogo/protobuf 5628607bb4c51c3157aacc3a50f0ab707582b805 # v1.3.1
|
github.com/gogo/protobuf b03c65ea87cdc3521ede29f62fe3ce239267c1bc # v1.3.2
|
||||||
github.com/golang/protobuf 84668698ea25b64748563aa20726db66a6b8d299 # v1.3.5
|
github.com/golang/protobuf 84668698ea25b64748563aa20726db66a6b8d299 # v1.3.5
|
||||||
github.com/cloudflare/cfssl 5d63dbd981b5c408effbb58c442d54761ff94fbd # 1.3.2
|
github.com/cloudflare/cfssl 5d63dbd981b5c408effbb58c442d54761ff94fbd # 1.3.2
|
||||||
github.com/fernet/fernet-go 9eac43b88a5efb8651d24de9b68e87567e029736
|
github.com/fernet/fernet-go 9eac43b88a5efb8651d24de9b68e87567e029736
|
||||||
github.com/google/certificate-transparency-go 37a384cd035e722ea46e55029093e26687138edf # v1.0.20
|
github.com/google/certificate-transparency-go 37a384cd035e722ea46e55029093e26687138edf # v1.0.20
|
||||||
golang.org/x/crypto c1f2f97bffc9c53fc40a1a28a5b460094c0050d9
|
golang.org/x/crypto 0c34fe9e7dc2486962ef9867e3edb3503537209f
|
||||||
golang.org/x/time 555d28b269f0569763d25dbe1a237ae74c6bcc82
|
golang.org/x/time 3af7569d3a1e776fc2a3c1cec133b43105ea9c2e
|
||||||
github.com/hashicorp/go-memdb cb9a474f84cc5e41b273b20c6927680b2a8776ad
|
github.com/hashicorp/go-memdb cb9a474f84cc5e41b273b20c6927680b2a8776ad
|
||||||
github.com/hashicorp/go-immutable-radix 826af9ccf0feeee615d546d69b11f8e98da8c8f1 git://github.com/tonistiigi/go-immutable-radix.git
|
github.com/hashicorp/go-immutable-radix 826af9ccf0feeee615d546d69b11f8e98da8c8f1 git://github.com/tonistiigi/go-immutable-radix.git
|
||||||
github.com/hashicorp/golang-lru 7f827b33c0f158ec5dfbba01bb0b14a4541fd81d # v0.5.3
|
github.com/hashicorp/golang-lru 7f827b33c0f158ec5dfbba01bb0b14a4541fd81d # v0.5.3
|
||||||
github.com/coreos/pkg 3ac0863d7acf3bc44daf49afef8919af12f704ef # v3
|
github.com/coreos/pkg 97fdf19511ea361ae1c100dd393cc47f8dcfa1e1 # v4
|
||||||
code.cloudfoundry.org/clock 02e53af36e6c978af692887ed449b74026d76fec # v1.0.0
|
code.cloudfoundry.org/clock 02e53af36e6c978af692887ed449b74026d76fec # v1.0.0
|
||||||
|
|
||||||
# prometheus
|
# prometheus
|
||||||
|
@ -168,7 +170,7 @@ github.com/grpc-ecosystem/go-grpc-prometheus c225b8c3b01faf2899099b768856
|
||||||
github.com/cespare/xxhash/v2 d7df74196a9e781ede915320c11c378c1b2f3a1f # v2.1.1
|
github.com/cespare/xxhash/v2 d7df74196a9e781ede915320c11c378c1b2f3a1f # v2.1.1
|
||||||
|
|
||||||
# cli
|
# cli
|
||||||
github.com/spf13/cobra 86f8bfd7fef868a174e1b606783bd7f5c82ddf8f # v1.1.1
|
github.com/spf13/cobra 8380ddd3132bdf8fd77731725b550c181dda0aa8 # v1.1.3
|
||||||
github.com/spf13/pflag 2e9d26c8c37aae03e3f9d4e90b7116f5accb7cab # v1.0.5
|
github.com/spf13/pflag 2e9d26c8c37aae03e3f9d4e90b7116f5accb7cab # v1.0.5
|
||||||
github.com/inconshreveable/mousetrap 76626ae9c91c4f2a10f34cad8ce83ea42c93bb75 # v1.0.0
|
github.com/inconshreveable/mousetrap 76626ae9c91c4f2a10f34cad8ce83ea42c93bb75 # v1.0.0
|
||||||
github.com/morikuni/aec 39771216ff4c63d11f5e604076f9c45e8be1067b # v1.0.0
|
github.com/morikuni/aec 39771216ff4c63d11f5e604076f9c45e8be1067b # v1.0.0
|
||||||
|
@ -176,8 +178,8 @@ github.com/morikuni/aec 39771216ff4c63d11f5e604076f9
|
||||||
# metrics
|
# metrics
|
||||||
github.com/docker/go-metrics b619b3592b65de4f087d9f16863a7e6ff905973c # v0.0.1
|
github.com/docker/go-metrics b619b3592b65de4f087d9f16863a7e6ff905973c # v0.0.1
|
||||||
|
|
||||||
github.com/opencontainers/selinux 2f45b3796d18f1ab4c9fc0c888a98d0a0fd6e429 # v1.8.0
|
github.com/opencontainers/selinux 76bc82e11d854d3e40c08889d13c98abcea72ea2 # v1.8.2
|
||||||
github.com/willf/bitset 559910e8471e48d76d9e5a1ba15842dee77ad45d # v1.1.11
|
github.com/bits-and-blooms/bitset 59de210119f50cedaa42d175dc88b6335fcf63f6 # v1.2.0
|
||||||
|
|
||||||
|
|
||||||
# archive/tar
|
# archive/tar
|
||||||
|
|
15
vendor/github.com/moby/buildkit/session/sshforward/sshprovider/agentprovider_unix.go
generated
vendored
Normal file
15
vendor/github.com/moby/buildkit/session/sshforward/sshprovider/agentprovider_unix.go
generated
vendored
Normal file
|
@ -0,0 +1,15 @@
|
||||||
|
// +build !windows
|
||||||
|
|
||||||
|
package sshprovider
|
||||||
|
|
||||||
|
import (
|
||||||
|
"github.com/pkg/errors"
|
||||||
|
)
|
||||||
|
|
||||||
|
func getFallbackAgentPath() (string, error) {
|
||||||
|
return "", errors.Errorf("make sure SSH_AUTH_SOCK is set")
|
||||||
|
}
|
||||||
|
|
||||||
|
func getWindowsPipeDialer(path string) *socketDialer {
|
||||||
|
return nil
|
||||||
|
}
|
60
vendor/github.com/moby/buildkit/session/sshforward/sshprovider/agentprovider_windows.go
generated
vendored
Normal file
60
vendor/github.com/moby/buildkit/session/sshforward/sshprovider/agentprovider_windows.go
generated
vendored
Normal file
|
@ -0,0 +1,60 @@
|
||||||
|
// +build windows
|
||||||
|
|
||||||
|
package sshprovider
|
||||||
|
|
||||||
|
import (
|
||||||
|
"net"
|
||||||
|
"regexp"
|
||||||
|
"strings"
|
||||||
|
|
||||||
|
"github.com/Microsoft/go-winio"
|
||||||
|
"github.com/pkg/errors"
|
||||||
|
"golang.org/x/sys/windows"
|
||||||
|
)
|
||||||
|
|
||||||
|
// Returns the Windows OpenSSH agent named pipe path, but
|
||||||
|
// only if the agent is running. Returns an error otherwise.
|
||||||
|
func getFallbackAgentPath() (string, error) {
|
||||||
|
// Windows OpenSSH agent uses a named pipe rather
|
||||||
|
// than a UNIX socket. These pipes do not play nice
|
||||||
|
// with os.Stat (which tries to open its target), so
|
||||||
|
// use a FindFirstFile syscall to check for existence.
|
||||||
|
var fd windows.Win32finddata
|
||||||
|
|
||||||
|
path := `\\.\pipe\openssh-ssh-agent`
|
||||||
|
pathPtr, _ := windows.UTF16PtrFromString(path)
|
||||||
|
handle, err := windows.FindFirstFile(pathPtr, &fd)
|
||||||
|
|
||||||
|
if err != nil {
|
||||||
|
msg := "Windows OpenSSH agent not available at %s." +
|
||||||
|
" Enable the SSH agent service or set SSH_AUTH_SOCK."
|
||||||
|
return "", errors.Errorf(msg, path)
|
||||||
|
}
|
||||||
|
|
||||||
|
_ = windows.CloseHandle(handle)
|
||||||
|
|
||||||
|
return path, nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// Returns true if the path references a named pipe.
|
||||||
|
func isWindowsPipePath(path string) bool {
|
||||||
|
// If path matches \\*\pipe\* then it references a named pipe
|
||||||
|
// and requires winio.DialPipe() rather than DialTimeout("unix").
|
||||||
|
// Slashes and backslashes may be used interchangeably in the path.
|
||||||
|
// Path separators may consist of multiple consecutive (back)slashes.
|
||||||
|
pipePattern := strings.ReplaceAll("^[/]{2}[^/]+[/]+pipe[/]+", "/", `\\/`)
|
||||||
|
ok, _ := regexp.MatchString(pipePattern, path)
|
||||||
|
return ok
|
||||||
|
}
|
||||||
|
|
||||||
|
func getWindowsPipeDialer(path string) *socketDialer {
|
||||||
|
if isWindowsPipePath(path) {
|
||||||
|
return &socketDialer{path: path, dialer: windowsPipeDialer}
|
||||||
|
}
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func windowsPipeDialer(path string) (net.Conn, error) {
|
||||||
|
return winio.DialPipe(path, nil)
|
||||||
|
}
|
Loading…
Reference in New Issue