vendor: github.com/docker/docker 25917217cab38eab40c3db0010b915258f4a8491

b0f5bc36fe..25917217ca

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This commit is contained in:
Sebastiaan van Stijn 2021-06-21 18:02:23 +02:00
parent 29fed6bff1
commit a04c8210a6
No known key found for this signature in database
GPG Key ID: 76698F39D527CE8C
41 changed files with 232 additions and 316 deletions

View File

@ -90,13 +90,10 @@ func getHTTPTransport(authConfig authtypes.AuthConfig, endpoint registry.APIEndp
modifiers := registry.Headers(userAgent, http.Header{}) modifiers := registry.Headers(userAgent, http.Header{})
authTransport := transport.NewTransport(base, modifiers...) authTransport := transport.NewTransport(base, modifiers...)
challengeManager, confirmedV2, err := registry.PingV2Registry(endpoint.URL, authTransport) challengeManager, err := registry.PingV2Registry(endpoint.URL, authTransport)
if err != nil { if err != nil {
return nil, errors.Wrap(err, "error pinging v2 registry") return nil, errors.Wrap(err, "error pinging v2 registry")
} }
if !confirmedV2 {
return nil, fmt.Errorf("unsupported registry version")
}
if authConfig.RegistryToken != "" { if authConfig.RegistryToken != "" {
passThruTokenHandler := &existingTokenHandler{token: authConfig.RegistryToken} passThruTokenHandler := &existingTokenHandler{token: authConfig.RegistryToken}
modifiers = append(modifiers, auth.NewAuthorizer(challengeManager, passThruTokenHandler)) modifiers = append(modifiers, auth.NewAuthorizer(challengeManager, passThruTokenHandler))

View File

@ -13,7 +13,7 @@ github.com/creack/pty 2a38352e8b4d7ab6c336eef107e4
github.com/davecgh/go-spew 8991bc29aa16c548c550c7ff78260e27b9ab7c73 # v1.1.1 github.com/davecgh/go-spew 8991bc29aa16c548c550c7ff78260e27b9ab7c73 # v1.1.1
github.com/docker/compose-on-kubernetes 78e6a00beda64ac8ccb9fec787e601fe2ce0d5bb # v0.5.0-alpha1 github.com/docker/compose-on-kubernetes 78e6a00beda64ac8ccb9fec787e601fe2ce0d5bb # v0.5.0-alpha1
github.com/docker/distribution 0d3efadf0154c2b8a4e7b6621fff9809655cc580 github.com/docker/distribution 0d3efadf0154c2b8a4e7b6621fff9809655cc580
github.com/docker/docker b0f5bc36fea9dfb9672e1e9b1278ebab797b9ee0 # v20.10.7 github.com/docker/docker 25917217cab38eab40c3db0010b915258f4a8491 # master (v21.xx-dev)
github.com/docker/docker-credential-helpers fc9290adbcf1594e78910e2f0334090eaee0e1ee # v0.6.4 github.com/docker/docker-credential-helpers fc9290adbcf1594e78910e2f0334090eaee0e1ee # v0.6.4
github.com/docker/go d30aec9fd63c35133f8f79c3412ad91a3b08be06 # Contains a customized version of canonical/json and is used by Notary. The package is periodically rebased on current Go versions. github.com/docker/go d30aec9fd63c35133f8f79c3412ad91a3b08be06 # Contains a customized version of canonical/json and is used by Notary. The package is periodically rebased on current Go versions.
github.com/docker/go-connections 7395e3f8aa162843a74ed6d48e79627d9792ac55 # v0.4.0 github.com/docker/go-connections 7395e3f8aa162843a74ed6d48e79627d9792ac55 # v0.4.0

View File

@ -59,7 +59,6 @@ type ContainerExecInspect struct {
// ContainerListOptions holds parameters to list containers with. // ContainerListOptions holds parameters to list containers with.
type ContainerListOptions struct { type ContainerListOptions struct {
Quiet bool
Size bool Size bool
All bool All bool
Latest bool Latest bool

View File

@ -5,7 +5,7 @@ import (
"net/url" "net/url"
) )
// BuildCancel requests the daemon to cancel ongoing build request // BuildCancel requests the daemon to cancel the ongoing build request.
func (cli *Client) BuildCancel(ctx context.Context, id string) error { func (cli *Client) BuildCancel(ctx context.Context, id string) error {
query := url.Values{} query := url.Values{}
query.Set("id", id) query.Set("id", id)

View File

@ -8,7 +8,7 @@ import (
"github.com/docker/docker/api/types/swarm" "github.com/docker/docker/api/types/swarm"
) )
// ConfigCreate creates a new Config. // ConfigCreate creates a new config.
func (cli *Client) ConfigCreate(ctx context.Context, config swarm.ConfigSpec) (types.ConfigCreateResponse, error) { func (cli *Client) ConfigCreate(ctx context.Context, config swarm.ConfigSpec) (types.ConfigCreateResponse, error) {
var response types.ConfigCreateResponse var response types.ConfigCreateResponse
if err := cli.NewVersionError("1.30", "config create"); err != nil { if err := cli.NewVersionError("1.30", "config create"); err != nil {

View File

@ -2,7 +2,7 @@ package client // import "github.com/docker/docker/client"
import "context" import "context"
// ConfigRemove removes a Config. // ConfigRemove removes a config.
func (cli *Client) ConfigRemove(ctx context.Context, id string) error { func (cli *Client) ConfigRemove(ctx context.Context, id string) error {
if err := cli.NewVersionError("1.30", "config remove"); err != nil { if err := cli.NewVersionError("1.30", "config remove"); err != nil {
return err return err

View File

@ -8,7 +8,7 @@ import (
"github.com/docker/docker/api/types/swarm" "github.com/docker/docker/api/types/swarm"
) )
// ConfigUpdate attempts to update a Config // ConfigUpdate attempts to update a config
func (cli *Client) ConfigUpdate(ctx context.Context, id string, version swarm.Version, config swarm.ConfigSpec) error { func (cli *Client) ConfigUpdate(ctx context.Context, id string, version swarm.Version, config swarm.ConfigSpec) error {
if err := cli.NewVersionError("1.30", "config update"); err != nil { if err := cli.NewVersionError("1.30", "config update"); err != nil {
return err return err

View File

@ -10,7 +10,7 @@ import (
"github.com/docker/docker/api/types" "github.com/docker/docker/api/types"
) )
// ContainerCommit applies changes into a container and creates a new tagged image. // ContainerCommit applies changes to a container and creates a new tagged image.
func (cli *Client) ContainerCommit(ctx context.Context, container string, options types.ContainerCommitOptions) (types.IDResponse, error) { func (cli *Client) ContainerCommit(ctx context.Context, container string, options types.ContainerCommitOptions) (types.IDResponse, error) {
var repository, tag string var repository, tag string
if options.Reference != "" { if options.Reference != "" {

View File

@ -14,7 +14,7 @@ import (
"github.com/docker/docker/api/types" "github.com/docker/docker/api/types"
) )
// ContainerStatPath returns Stat information about a path inside the container filesystem. // ContainerStatPath returns stat information about a path inside the container filesystem.
func (cli *Client) ContainerStatPath(ctx context.Context, containerID, path string) (types.ContainerPathStat, error) { func (cli *Client) ContainerStatPath(ctx context.Context, containerID, path string) (types.ContainerPathStat, error) {
query := url.Values{} query := url.Values{}
query.Set("path", filepath.ToSlash(path)) // Normalize the paths used in the API. query.Set("path", filepath.ToSlash(path)) // Normalize the paths used in the API.

View File

@ -19,7 +19,7 @@ type configWrapper struct {
Platform *specs.Platform Platform *specs.Platform
} }
// ContainerCreate creates a new container based in the given configuration. // ContainerCreate creates a new container based on the given configuration.
// It can be associated with a name, but it's not mandatory. // It can be associated with a name, but it's not mandatory.
func (cli *Client) ContainerCreate(ctx context.Context, config *container.Config, hostConfig *container.HostConfig, networkingConfig *network.NetworkingConfig, platform *specs.Platform, containerName string) (container.ContainerCreateCreatedBody, error) { func (cli *Client) ContainerCreate(ctx context.Context, config *container.Config, hostConfig *container.HostConfig, networkingConfig *network.NetworkingConfig, platform *specs.Platform, containerName string) (container.ContainerCreateCreatedBody, error) {
var response container.ContainerCreateCreatedBody var response container.ContainerCreateCreatedBody

View File

@ -9,7 +9,7 @@ import (
) )
// ContainerRestart stops and starts a container again. // ContainerRestart stops and starts a container again.
// It makes the daemon to wait for the container to be up again for // It makes the daemon wait for the container to be up again for
// a specific amount of time, given the timeout. // a specific amount of time, given the timeout.
func (cli *Client) ContainerRestart(ctx context.Context, containerID string, timeout *time.Duration) error { func (cli *Client) ContainerRestart(ctx context.Context, containerID string, timeout *time.Duration) error {
query := url.Values{} query := url.Values{}

View File

@ -7,7 +7,7 @@ import (
"github.com/docker/docker/api/types/container" "github.com/docker/docker/api/types/container"
) )
// ContainerUpdate updates resources of a container // ContainerUpdate updates the resources of a container.
func (cli *Client) ContainerUpdate(ctx context.Context, containerID string, updateConfig container.UpdateConfig) (container.ContainerUpdateOKBody, error) { func (cli *Client) ContainerUpdate(ctx context.Context, containerID string, updateConfig container.UpdateConfig) (container.ContainerUpdateOKBody, error) {
var response container.ContainerUpdateOKBody var response container.ContainerUpdateOKBody
serverResp, err := cli.post(ctx, "/containers/"+containerID+"/update", nil, updateConfig, nil) serverResp, err := cli.post(ctx, "/containers/"+containerID+"/update", nil, updateConfig, nil)

View File

@ -8,7 +8,7 @@ import (
registrytypes "github.com/docker/docker/api/types/registry" registrytypes "github.com/docker/docker/api/types/registry"
) )
// DistributionInspect returns the image digest with full Manifest // DistributionInspect returns the image digest with the full manifest.
func (cli *Client) DistributionInspect(ctx context.Context, image, encodedRegistryAuth string) (registrytypes.DistributionInspect, error) { func (cli *Client) DistributionInspect(ctx context.Context, image, encodedRegistryAuth string) (registrytypes.DistributionInspect, error) {
// Contact the registry to retrieve digest and platform information // Contact the registry to retrieve digest and platform information
var distributionInspect registrytypes.DistributionInspect var distributionInspect registrytypes.DistributionInspect

View File

@ -14,8 +14,8 @@ import (
"github.com/docker/docker/api/types/container" "github.com/docker/docker/api/types/container"
) )
// ImageBuild sends request to the daemon to build images. // ImageBuild sends a request to the daemon to build images.
// The Body in the response implement an io.ReadCloser and it's up to the caller to // The Body in the response implements an io.ReadCloser and it's up to the caller to
// close it. // close it.
func (cli *Client) ImageBuild(ctx context.Context, buildContext io.Reader, options types.ImageBuildOptions) (types.ImageBuildResponse, error) { func (cli *Client) ImageBuild(ctx context.Context, buildContext io.Reader, options types.ImageBuildOptions) (types.ImageBuildResponse, error) {
query, err := cli.imageBuildOptionsToQuery(options) query, err := cli.imageBuildOptionsToQuery(options)

View File

@ -10,7 +10,7 @@ import (
"github.com/docker/docker/api/types" "github.com/docker/docker/api/types"
) )
// ImageCreate creates a new image based in the parent options. // ImageCreate creates a new image based on the parent options.
// It returns the JSON content in the response body. // It returns the JSON content in the response body.
func (cli *Client) ImageCreate(ctx context.Context, parentReference string, options types.ImageCreateOptions) (io.ReadCloser, error) { func (cli *Client) ImageCreate(ctx context.Context, parentReference string, options types.ImageCreateOptions) (io.ReadCloser, error) {
ref, err := reference.ParseNormalizedNamed(parentReference) ref, err := reference.ParseNormalizedNamed(parentReference)

View File

@ -10,7 +10,7 @@ import (
"github.com/docker/docker/api/types" "github.com/docker/docker/api/types"
) )
// ImageImport creates a new image based in the source options. // ImageImport creates a new image based on the source options.
// It returns the JSON content in the response body. // It returns the JSON content in the response body.
func (cli *Client) ImageImport(ctx context.Context, source types.ImageImportSource, ref string, options types.ImageImportOptions) (io.ReadCloser, error) { func (cli *Client) ImageImport(ctx context.Context, source types.ImageImportSource, ref string, options types.ImageImportOptions) (io.ReadCloser, error) {
if ref != "" { if ref != "" {

View File

@ -12,7 +12,7 @@ import (
"github.com/docker/docker/errdefs" "github.com/docker/docker/errdefs"
) )
// ImageSearch makes the docker host to search by a term in a remote registry. // ImageSearch makes the docker host search by a term in a remote registry.
// The list of results is not sorted in any fashion. // The list of results is not sorted in any fashion.
func (cli *Client) ImageSearch(ctx context.Context, term string, options types.ImageSearchOptions) ([]registry.SearchResult, error) { func (cli *Client) ImageSearch(ctx context.Context, term string, options types.ImageSearchOptions) ([]registry.SearchResult, error) {
var results []registry.SearchResult var results []registry.SearchResult

View File

@ -110,11 +110,16 @@ func (cli *Client) sendRequest(ctx context.Context, method, path string, query u
if err != nil { if err != nil {
return serverResponse{}, err return serverResponse{}, err
} }
resp, err := cli.doRequest(ctx, req) resp, err := cli.doRequest(ctx, req)
if err != nil { switch {
return resp, errdefs.FromStatusCode(err, resp.statusCode) case errors.Is(err, context.Canceled):
return serverResponse{}, errdefs.Cancelled(err)
case errors.Is(err, context.DeadlineExceeded):
return serverResponse{}, errdefs.Deadline(err)
case err == nil:
err = cli.checkResponseErr(resp)
} }
err = cli.checkResponseErr(resp)
return resp, errdefs.FromStatusCode(err, resp.statusCode) return resp, errdefs.FromStatusCode(err, resp.statusCode)
} }
@ -242,10 +247,8 @@ func (cli *Client) addHeaders(req *http.Request, headers headers) *http.Request
req.Header.Set(k, v) req.Header.Set(k, v)
} }
if headers != nil { for k, v := range headers {
for k, v := range headers { req.Header[k] = v
req.Header[k] = v
}
} }
return req return req
} }

View File

@ -8,7 +8,7 @@ import (
"github.com/docker/docker/api/types/swarm" "github.com/docker/docker/api/types/swarm"
) )
// SecretCreate creates a new Secret. // SecretCreate creates a new secret.
func (cli *Client) SecretCreate(ctx context.Context, secret swarm.SecretSpec) (types.SecretCreateResponse, error) { func (cli *Client) SecretCreate(ctx context.Context, secret swarm.SecretSpec) (types.SecretCreateResponse, error) {
var response types.SecretCreateResponse var response types.SecretCreateResponse
if err := cli.NewVersionError("1.25", "secret create"); err != nil { if err := cli.NewVersionError("1.25", "secret create"); err != nil {

View File

@ -2,7 +2,7 @@ package client // import "github.com/docker/docker/client"
import "context" import "context"
// SecretRemove removes a Secret. // SecretRemove removes a secret.
func (cli *Client) SecretRemove(ctx context.Context, id string) error { func (cli *Client) SecretRemove(ctx context.Context, id string) error {
if err := cli.NewVersionError("1.25", "secret remove"); err != nil { if err := cli.NewVersionError("1.25", "secret remove"); err != nil {
return err return err

View File

@ -8,7 +8,7 @@ import (
"github.com/docker/docker/api/types/swarm" "github.com/docker/docker/api/types/swarm"
) )
// SecretUpdate attempts to update a Secret // SecretUpdate attempts to update a secret.
func (cli *Client) SecretUpdate(ctx context.Context, id string, version swarm.Version, secret swarm.SecretSpec) error { func (cli *Client) SecretUpdate(ctx context.Context, id string, version swarm.Version, secret swarm.SecretSpec) error {
if err := cli.NewVersionError("1.25", "secret update"); err != nil { if err := cli.NewVersionError("1.25", "secret update"); err != nil {
return err return err

View File

@ -13,7 +13,7 @@ import (
"github.com/pkg/errors" "github.com/pkg/errors"
) )
// ServiceCreate creates a new Service. // ServiceCreate creates a new service.
func (cli *Client) ServiceCreate(ctx context.Context, service swarm.ServiceSpec, options types.ServiceCreateOptions) (types.ServiceCreateResponse, error) { func (cli *Client) ServiceCreate(ctx context.Context, service swarm.ServiceSpec, options types.ServiceCreateOptions) (types.ServiceCreateResponse, error) {
var response types.ServiceCreateResponse var response types.ServiceCreateResponse
headers := map[string][]string{ headers := map[string][]string{

View File

@ -9,7 +9,7 @@ import (
"github.com/docker/docker/api/types/swarm" "github.com/docker/docker/api/types/swarm"
) )
// TaskInspectWithRaw returns the task information and its raw representation.. // TaskInspectWithRaw returns the task information and its raw representation.
func (cli *Client) TaskInspectWithRaw(ctx context.Context, taskID string) (swarm.Task, []byte, error) { func (cli *Client) TaskInspectWithRaw(ctx context.Context, taskID string) (swarm.Task, []byte, error) {
if taskID == "" { if taskID == "" {
return swarm.Task{}, nil, objectNotFoundError{object: "task", id: taskID} return swarm.Task{}, nil, objectNotFoundError{object: "task", id: taskID}

View File

@ -10,7 +10,7 @@ import (
"strings" "strings"
"syscall" "syscall"
"github.com/containerd/containerd/sys" "github.com/containerd/containerd/pkg/userns"
"github.com/docker/docker/pkg/idtools" "github.com/docker/docker/pkg/idtools"
"github.com/docker/docker/pkg/system" "github.com/docker/docker/pkg/system"
"golang.org/x/sys/unix" "golang.org/x/sys/unix"
@ -51,8 +51,8 @@ func setHeaderForSpecialDevice(hdr *tar.Header, name string, stat interface{}) (
// Currently go does not fill in the major/minors // Currently go does not fill in the major/minors
if s.Mode&unix.S_IFBLK != 0 || if s.Mode&unix.S_IFBLK != 0 ||
s.Mode&unix.S_IFCHR != 0 { s.Mode&unix.S_IFCHR != 0 {
hdr.Devmajor = int64(unix.Major(uint64(s.Rdev))) // nolint: unconvert hdr.Devmajor = int64(unix.Major(uint64(s.Rdev))) //nolint: unconvert
hdr.Devminor = int64(unix.Minor(uint64(s.Rdev))) // nolint: unconvert hdr.Devminor = int64(unix.Minor(uint64(s.Rdev))) //nolint: unconvert
} }
} }
@ -92,7 +92,7 @@ func handleTarTypeBlockCharFifo(hdr *tar.Header, path string) error {
} }
err := system.Mknod(path, mode, int(system.Mkdev(hdr.Devmajor, hdr.Devminor))) err := system.Mknod(path, mode, int(system.Mkdev(hdr.Devmajor, hdr.Devminor)))
if errors.Is(err, syscall.EPERM) && sys.RunningInUserNS() { if errors.Is(err, syscall.EPERM) && userns.RunningInUserNS() {
// In most cases, cannot create a device if running in user namespace // In most cases, cannot create a device if running in user namespace
err = nil err = nil
} }

View File

@ -354,6 +354,16 @@ func RebaseArchiveEntries(srcContent io.Reader, oldBase, newBase string) io.Read
return return
} }
// Ignoring GoSec G110. See https://github.com/securego/gosec/pull/433
// and https://cure53.de/pentest-report_opa.pdf, which recommends to
// replace io.Copy with io.CopyN7. The latter allows to specify the
// maximum number of bytes that should be read. By properly defining
// the limit, it can be assured that a GZip compression bomb cannot
// easily cause a Denial-of-Service.
// After reviewing with @tonistiigi and @cpuguy83, this should not
// affect us, because here we do not read into memory, hence should
// not be vulnerable to this code consuming memory.
//nolint:gosec // G110: Potential DoS vulnerability via decompression bomb (gosec)
if _, err = io.Copy(rebasedTar, srcTar); err != nil { if _, err = io.Copy(rebasedTar, srcTar); err != nil {
w.CloseWithError(err) w.CloseWithError(err)
return return

View File

@ -9,8 +9,6 @@ import (
"regexp" "regexp"
"strings" "strings"
"text/scanner" "text/scanner"
"github.com/sirupsen/logrus"
) )
// PatternMatcher allows checking paths against a list of patterns // PatternMatcher allows checking paths against a list of patterns
@ -89,10 +87,6 @@ func (pm *PatternMatcher) Matches(file string) (bool, error) {
} }
} }
if matched {
logrus.Debugf("Skipping excluded path: %s", file)
}
return matched, nil return matched, nil
} }

View File

@ -6,6 +6,15 @@ import (
"github.com/docker/docker/pkg/system" "github.com/docker/docker/pkg/system"
) )
const (
SeTakeOwnershipPrivilege = "SeTakeOwnershipPrivilege"
)
const (
ContainerAdministratorSidString = "S-1-5-93-2-1"
ContainerUserSidString = "S-1-5-93-2-2"
)
// This is currently a wrapper around MkdirAll, however, since currently // This is currently a wrapper around MkdirAll, however, since currently
// permissions aren't set through this path, the identity isn't utilized. // permissions aren't set through this path, the identity isn't utilized.
// Ownership is handled elsewhere, but in the future could be support here // Ownership is handled elsewhere, but in the future could be support here

View File

@ -1,48 +0,0 @@
// +build windows,!no_lcow
package system // import "github.com/docker/docker/pkg/system"
import (
"strings"
"github.com/Microsoft/hcsshim/osversion"
specs "github.com/opencontainers/image-spec/specs-go/v1"
"github.com/pkg/errors"
)
var (
// lcowSupported determines if Linux Containers on Windows are supported.
lcowSupported = false
)
// InitLCOW sets whether LCOW is supported or not. Requires RS5+
func InitLCOW(experimental bool) {
if experimental && osversion.Build() >= osversion.RS5 {
lcowSupported = true
}
}
func LCOWSupported() bool {
return lcowSupported
}
// ValidatePlatform determines if a platform structure is valid.
// TODO This is a temporary windows-only function, should be replaced by
// comparison of worker capabilities
func ValidatePlatform(platform specs.Platform) error {
if !IsOSSupported(platform.OS) {
return errors.Errorf("unsupported os %s", platform.OS)
}
return nil
}
// IsOSSupported determines if an operating system is supported by the host
func IsOSSupported(os string) bool {
if strings.EqualFold("windows", os) {
return true
}
if LCOWSupported() && strings.EqualFold(os, "linux") {
return true
}
return false
}

View File

@ -1,27 +1,14 @@
// +build !windows windows,no_lcow
package system // import "github.com/docker/docker/pkg/system" package system // import "github.com/docker/docker/pkg/system"
import ( import (
"runtime" "runtime"
"strings" "strings"
specs "github.com/opencontainers/image-spec/specs-go/v1"
) )
// InitLCOW does nothing since LCOW is a windows only feature
func InitLCOW(_ bool) {}
// LCOWSupported returns true if Linux containers on Windows are supported. // LCOWSupported returns true if Linux containers on Windows are supported.
func LCOWSupported() bool { func LCOWSupported() bool {
return false return false
} }
// ValidatePlatform determines if a platform structure is valid. This function
// is used for LCOW, and is a no-op on non-windows platforms.
func ValidatePlatform(_ specs.Platform) error {
return nil
}
// IsOSSupported determines if an operating system is supported by the host. // IsOSSupported determines if an operating system is supported by the host.
func IsOSSupported(os string) bool { func IsOSSupported(os string) bool {
return strings.EqualFold(runtime.GOOS, os) return strings.EqualFold(runtime.GOOS, os)

View File

@ -1,24 +1,15 @@
package system // import "github.com/docker/docker/pkg/system" package system // import "github.com/docker/docker/pkg/system"
import (
"fmt"
"path/filepath"
"runtime"
"strings"
)
const defaultUnixPathEnv = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" const defaultUnixPathEnv = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
// DefaultPathEnv is unix style list of directories to search for // DefaultPathEnv is unix style list of directories to search for
// executables. Each directory is separated from the next by a colon // executables. Each directory is separated from the next by a colon
// ':' character . // ':' character .
// For Windows containers, an empty string is returned as the default
// path will be set by the container, and Docker has no context of what the
// default path should be.
func DefaultPathEnv(os string) string { func DefaultPathEnv(os string) string {
if runtime.GOOS == "windows" { if os == "windows" {
if os != runtime.GOOS {
return defaultUnixPathEnv
}
// Deliberately empty on Windows containers on Windows as the default path will be set by
// the container. Docker has no context of what the default path should be.
return "" return ""
} }
return defaultUnixPathEnv return defaultUnixPathEnv
@ -47,18 +38,5 @@ type PathVerifier interface {
// /a --> \a // /a --> \a
// d:\ --> Fail // d:\ --> Fail
func CheckSystemDriveAndRemoveDriveLetter(path string, driver PathVerifier) (string, error) { func CheckSystemDriveAndRemoveDriveLetter(path string, driver PathVerifier) (string, error) {
if runtime.GOOS != "windows" || LCOWSupported() { return checkSystemDriveAndRemoveDriveLetter(path, driver)
return path, nil
}
if len(path) == 2 && string(path[1]) == ":" {
return "", fmt.Errorf("No relative path specified in %q", path)
}
if !driver.IsAbs(path) || len(path) < 2 {
return filepath.FromSlash(path), nil
}
if string(path[1]) == ":" && !strings.EqualFold(string(path[0]), "c") {
return "", fmt.Errorf("The specified path is not on the system drive (C:)")
}
return filepath.FromSlash(path[2:]), nil
} }

View File

@ -8,3 +8,9 @@ package system // import "github.com/docker/docker/pkg/system"
func GetLongPathName(path string) (string, error) { func GetLongPathName(path string) (string, error) {
return path, nil return path, nil
} }
// checkSystemDriveAndRemoveDriveLetter is the non-Windows implementation
// of CheckSystemDriveAndRemoveDriveLetter
func checkSystemDriveAndRemoveDriveLetter(path string, driver PathVerifier) (string, error) {
return path, nil
}

View File

@ -1,6 +1,12 @@
package system // import "github.com/docker/docker/pkg/system" package system // import "github.com/docker/docker/pkg/system"
import "golang.org/x/sys/windows" import (
"fmt"
"path/filepath"
"strings"
"golang.org/x/sys/windows"
)
// GetLongPathName converts Windows short pathnames to full pathnames. // GetLongPathName converts Windows short pathnames to full pathnames.
// For example C:\Users\ADMIN~1 --> C:\Users\Administrator. // For example C:\Users\ADMIN~1 --> C:\Users\Administrator.
@ -25,3 +31,18 @@ func GetLongPathName(path string) (string, error) {
} }
return windows.UTF16ToString(b), nil return windows.UTF16ToString(b), nil
} }
// checkSystemDriveAndRemoveDriveLetter is the Windows implementation
// of CheckSystemDriveAndRemoveDriveLetter
func checkSystemDriveAndRemoveDriveLetter(path string, driver PathVerifier) (string, error) {
if len(path) == 2 && string(path[1]) == ":" {
return "", fmt.Errorf("No relative path specified in %q", path)
}
if !driver.IsAbs(path) || len(path) < 2 {
return filepath.FromSlash(path), nil
}
if string(path[1]) == ":" && !strings.EqualFold(string(path[0]), "c") {
return "", fmt.Errorf("The specified path is not on the system drive (C:)")
}
return filepath.FromSlash(path[2:]), nil
}

View File

@ -9,7 +9,7 @@ func fromStatT(s *syscall.Stat_t) (*StatT, error) {
uid: s.Uid, uid: s.Uid,
gid: s.Gid, gid: s.Gid,
// the type is 32bit on mips // the type is 32bit on mips
rdev: uint64(s.Rdev), // nolint: unconvert rdev: uint64(s.Rdev), //nolint: unconvert
mtim: s.Mtim}, nil mtim: s.Mtim}, nil
} }

View File

@ -1,11 +0,0 @@
// +build linux freebsd
package system // import "github.com/docker/docker/pkg/system"
import "golang.org/x/sys/unix"
// Unmount is a platform-specific helper function to call
// the unmount syscall.
func Unmount(dest string) error {
return unix.Unmount(dest, 0)
}

View File

@ -1,69 +1,30 @@
package system // import "github.com/docker/docker/pkg/system" package system // import "github.com/docker/docker/pkg/system"
import ( import (
"syscall"
"unsafe" "unsafe"
"github.com/Microsoft/hcsshim/osversion"
"github.com/sirupsen/logrus" "github.com/sirupsen/logrus"
"golang.org/x/sys/windows" "golang.org/x/sys/windows"
) )
const ( const (
OWNER_SECURITY_INFORMATION = windows.OWNER_SECURITY_INFORMATION // Deprecated: use golang.org/x/sys/windows.OWNER_SECURITY_INFORMATION // Deprecated: use github.com/docker/pkg/idtools.SeTakeOwnershipPrivilege
GROUP_SECURITY_INFORMATION = windows.GROUP_SECURITY_INFORMATION // Deprecated: use golang.org/x/sys/windows.GROUP_SECURITY_INFORMATION
DACL_SECURITY_INFORMATION = windows.DACL_SECURITY_INFORMATION // Deprecated: use golang.org/x/sys/windows.DACL_SECURITY_INFORMATION
SACL_SECURITY_INFORMATION = windows.SACL_SECURITY_INFORMATION // Deprecated: use golang.org/x/sys/windows.SACL_SECURITY_INFORMATION
LABEL_SECURITY_INFORMATION = windows.LABEL_SECURITY_INFORMATION // Deprecated: use golang.org/x/sys/windows.LABEL_SECURITY_INFORMATION
ATTRIBUTE_SECURITY_INFORMATION = windows.ATTRIBUTE_SECURITY_INFORMATION // Deprecated: use golang.org/x/sys/windows.ATTRIBUTE_SECURITY_INFORMATION
SCOPE_SECURITY_INFORMATION = windows.SCOPE_SECURITY_INFORMATION // Deprecated: use golang.org/x/sys/windows.SCOPE_SECURITY_INFORMATION
PROCESS_TRUST_LABEL_SECURITY_INFORMATION = 0x00000080
ACCESS_FILTER_SECURITY_INFORMATION = 0x00000100
BACKUP_SECURITY_INFORMATION = windows.BACKUP_SECURITY_INFORMATION // Deprecated: use golang.org/x/sys/windows.BACKUP_SECURITY_INFORMATION
PROTECTED_DACL_SECURITY_INFORMATION = windows.PROTECTED_DACL_SECURITY_INFORMATION // Deprecated: use golang.org/x/sys/windows.PROTECTED_DACL_SECURITY_INFORMATION
PROTECTED_SACL_SECURITY_INFORMATION = windows.PROTECTED_SACL_SECURITY_INFORMATION // Deprecated: use golang.org/x/sys/windows.PROTECTED_SACL_SECURITY_INFORMATION
UNPROTECTED_DACL_SECURITY_INFORMATION = windows.UNPROTECTED_DACL_SECURITY_INFORMATION // Deprecated: use golang.org/x/sys/windows.UNPROTECTED_DACL_SECURITY_INFORMATION
UNPROTECTED_SACL_SECURITY_INFORMATION = windows.UNPROTECTED_SACL_SECURITY_INFORMATION // Deprecated: use golang.org/x/sys/windows.UNPROTECTED_SACL_SECURITY_INFORMATION
)
const (
SE_UNKNOWN_OBJECT_TYPE = windows.SE_UNKNOWN_OBJECT_TYPE // Deprecated: use golang.org/x/sys/windows.SE_UNKNOWN_OBJECT_TYPE
SE_FILE_OBJECT = windows.SE_FILE_OBJECT // Deprecated: use golang.org/x/sys/windows.SE_FILE_OBJECT
SE_SERVICE = windows.SE_SERVICE // Deprecated: use golang.org/x/sys/windows.SE_SERVICE
SE_PRINTER = windows.SE_PRINTER // Deprecated: use golang.org/x/sys/windows.SE_PRINTER
SE_REGISTRY_KEY = windows.SE_REGISTRY_KEY // Deprecated: use golang.org/x/sys/windows.SE_REGISTRY_KEY
SE_LMSHARE = windows.SE_LMSHARE // Deprecated: use golang.org/x/sys/windows.SE_LMSHARE
SE_KERNEL_OBJECT = windows.SE_KERNEL_OBJECT // Deprecated: use golang.org/x/sys/windows.SE_KERNEL_OBJECT
SE_WINDOW_OBJECT = windows.SE_WINDOW_OBJECT // Deprecated: use golang.org/x/sys/windows.SE_WINDOW_OBJECT
SE_DS_OBJECT = windows.SE_DS_OBJECT // Deprecated: use golang.org/x/sys/windows.SE_DS_OBJECT
SE_DS_OBJECT_ALL = windows.SE_DS_OBJECT_ALL // Deprecated: use golang.org/x/sys/windows.SE_DS_OBJECT_ALL
SE_PROVIDER_DEFINED_OBJECT = windows.SE_PROVIDER_DEFINED_OBJECT // Deprecated: use golang.org/x/sys/windows.SE_PROVIDER_DEFINED_OBJECT
SE_WMIGUID_OBJECT = windows.SE_WMIGUID_OBJECT // Deprecated: use golang.org/x/sys/windows.SE_WMIGUID_OBJECT
SE_REGISTRY_WOW64_32KEY = windows.SE_REGISTRY_WOW64_32KEY // Deprecated: use golang.org/x/sys/windows.SE_REGISTRY_WOW64_32KEY
)
const (
SeTakeOwnershipPrivilege = "SeTakeOwnershipPrivilege" SeTakeOwnershipPrivilege = "SeTakeOwnershipPrivilege"
) )
const ( const (
// Deprecated: use github.com/docker/pkg/idtools.ContainerAdministratorSidString
ContainerAdministratorSidString = "S-1-5-93-2-1" ContainerAdministratorSidString = "S-1-5-93-2-1"
ContainerUserSidString = "S-1-5-93-2-2" // Deprecated: use github.com/docker/pkg/idtools.ContainerUserSidString
ContainerUserSidString = "S-1-5-93-2-2"
) )
var ( var (
ntuserApiset = windows.NewLazyDLL("ext-ms-win-ntuser-window-l1-1-0") ntuserApiset = windows.NewLazyDLL("ext-ms-win-ntuser-window-l1-1-0")
modadvapi32 = windows.NewLazySystemDLL("advapi32.dll") procGetVersionExW = modkernel32.NewProc("GetVersionExW")
procGetVersionExW = modkernel32.NewProc("GetVersionExW")
procSetNamedSecurityInfo = modadvapi32.NewProc("SetNamedSecurityInfoW")
procGetSecurityDescriptorDacl = modadvapi32.NewProc("GetSecurityDescriptorDacl")
) )
// OSVersion is a wrapper for Windows version information // https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-osversioninfoexa
// https://msdn.microsoft.com/en-us/library/windows/desktop/ms724439(v=vs.85).aspx
type OSVersion = osversion.OSVersion
// https://msdn.microsoft.com/en-us/library/windows/desktop/ms724833(v=vs.85).aspx
// TODO: use golang.org/x/sys/windows.OsVersionInfoEx (needs OSVersionInfoSize to be exported) // TODO: use golang.org/x/sys/windows.OsVersionInfoEx (needs OSVersionInfoSize to be exported)
type osVersionInfoEx struct { type osVersionInfoEx struct {
OSVersionInfoSize uint32 OSVersionInfoSize uint32
@ -79,31 +40,21 @@ type osVersionInfoEx struct {
Reserve byte Reserve byte
} }
// GetOSVersion gets the operating system version on Windows. Note that // IsWindowsClient returns true if the SKU is client. It returns false on
// dockerd.exe must be manifested to get the correct version information. // Windows server, or if an error occurred when making the GetVersionExW
// Deprecated: use github.com/Microsoft/hcsshim/osversion.Get() instead // syscall.
func GetOSVersion() OSVersion {
return osversion.Get()
}
// IsWindowsClient returns true if the SKU is client
func IsWindowsClient() bool { func IsWindowsClient() bool {
osviex := &osVersionInfoEx{OSVersionInfoSize: 284} osviex := &osVersionInfoEx{OSVersionInfoSize: 284}
r1, _, err := procGetVersionExW.Call(uintptr(unsafe.Pointer(osviex))) r1, _, err := procGetVersionExW.Call(uintptr(unsafe.Pointer(osviex)))
if r1 == 0 { if r1 == 0 {
logrus.Warnf("GetVersionExW failed - assuming server SKU: %v", err) logrus.WithError(err).Warn("GetVersionExW failed - assuming server SKU")
return false return false
} }
const verNTWorkstation = 0x00000001 // VER_NT_WORKSTATION, see https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-osversioninfoexa
const verNTWorkstation = 0x00000001 // VER_NT_WORKSTATION
return osviex.ProductType == verNTWorkstation return osviex.ProductType == verNTWorkstation
} }
// Unmount is a platform-specific helper function to call
// the unmount syscall. Not supported on Windows
func Unmount(_ string) error {
return nil
}
// HasWin32KSupport determines whether containers that depend on win32k can // HasWin32KSupport determines whether containers that depend on win32k can
// run on this machine. Win32k is the driver used to implement windowing. // run on this machine. Win32k is the driver used to implement windowing.
func HasWin32KSupport() bool { func HasWin32KSupport() bool {
@ -112,25 +63,3 @@ func HasWin32KSupport() bool {
// APIs. // APIs.
return ntuserApiset.Load() == nil return ntuserApiset.Load() == nil
} }
// Deprecated: use golang.org/x/sys/windows.SetNamedSecurityInfo()
func SetNamedSecurityInfo(objectName *uint16, objectType uint32, securityInformation uint32, sidOwner *windows.SID, sidGroup *windows.SID, dacl *byte, sacl *byte) (result error) {
r0, _, _ := syscall.Syscall9(procSetNamedSecurityInfo.Addr(), 7, uintptr(unsafe.Pointer(objectName)), uintptr(objectType), uintptr(securityInformation), uintptr(unsafe.Pointer(sidOwner)), uintptr(unsafe.Pointer(sidGroup)), uintptr(unsafe.Pointer(dacl)), uintptr(unsafe.Pointer(sacl)), 0, 0)
if r0 != 0 {
result = syscall.Errno(r0)
}
return
}
// Deprecated: uses golang.org/x/sys/windows.SecurityDescriptorFromString() and golang.org/x/sys/windows.SECURITY_DESCRIPTOR.DACL()
func GetSecurityDescriptorDacl(securityDescriptor *byte, daclPresent *uint32, dacl **byte, daclDefaulted *uint32) (result error) {
r1, _, e1 := syscall.Syscall6(procGetSecurityDescriptorDacl.Addr(), 4, uintptr(unsafe.Pointer(securityDescriptor)), uintptr(unsafe.Pointer(daclPresent)), uintptr(unsafe.Pointer(dacl)), uintptr(unsafe.Pointer(daclDefaulted)), 0, 0)
if r1 == 0 {
if e1 != 0 {
result = e1
} else {
result = syscall.EINVAL
}
}
return
}

View File

@ -87,26 +87,19 @@ func loginV2(authConfig *types.AuthConfig, endpoint APIEndpoint, userAgent strin
logrus.Debugf("attempting v2 login to registry endpoint %s", endpointStr) logrus.Debugf("attempting v2 login to registry endpoint %s", endpointStr)
loginClient, foundV2, err := v2AuthHTTPClient(endpoint.URL, authTransport, modifiers, creds, nil) loginClient, err := v2AuthHTTPClient(endpoint.URL, authTransport, modifiers, creds, nil)
if err != nil { if err != nil {
return "", "", err return "", "", err
} }
req, err := http.NewRequest(http.MethodGet, endpointStr, nil) req, err := http.NewRequest(http.MethodGet, endpointStr, nil)
if err != nil { if err != nil {
if !foundV2 {
err = fallbackError{err: err}
}
return "", "", err return "", "", err
} }
resp, err := loginClient.Do(req) resp, err := loginClient.Do(req)
if err != nil { if err != nil {
err = translateV2AuthError(err) err = translateV2AuthError(err)
if !foundV2 {
err = fallbackError{err: err}
}
return "", "", err return "", "", err
} }
defer resp.Body.Close() defer resp.Body.Close()
@ -117,19 +110,13 @@ func loginV2(authConfig *types.AuthConfig, endpoint APIEndpoint, userAgent strin
// TODO(dmcgowan): Attempt to further interpret result, status code and error code string // TODO(dmcgowan): Attempt to further interpret result, status code and error code string
err = errors.Errorf("login attempt to %s failed with status: %d %s", endpointStr, resp.StatusCode, http.StatusText(resp.StatusCode)) err = errors.Errorf("login attempt to %s failed with status: %d %s", endpointStr, resp.StatusCode, http.StatusText(resp.StatusCode))
if !foundV2 {
err = fallbackError{err: err}
}
return "", "", err return "", "", err
} }
func v2AuthHTTPClient(endpoint *url.URL, authTransport http.RoundTripper, modifiers []transport.RequestModifier, creds auth.CredentialStore, scopes []auth.Scope) (*http.Client, bool, error) { func v2AuthHTTPClient(endpoint *url.URL, authTransport http.RoundTripper, modifiers []transport.RequestModifier, creds auth.CredentialStore, scopes []auth.Scope) (*http.Client, error) {
challengeManager, foundV2, err := PingV2Registry(endpoint, authTransport) challengeManager, err := PingV2Registry(endpoint, authTransport)
if err != nil { if err != nil {
if !foundV2 { return nil, err
err = fallbackError{err: err}
}
return nil, foundV2, err
} }
tokenHandlerOptions := auth.TokenHandlerOptions{ tokenHandlerOptions := auth.TokenHandlerOptions{
@ -147,8 +134,7 @@ func v2AuthHTTPClient(endpoint *url.URL, authTransport http.RoundTripper, modifi
return &http.Client{ return &http.Client{
Transport: tr, Transport: tr,
Timeout: 15 * time.Second, Timeout: 15 * time.Second,
}, foundV2, nil }, nil
} }
// ConvertToHostname converts a registry url which has http|https prepended // ConvertToHostname converts a registry url which has http|https prepended
@ -197,18 +183,9 @@ func (err PingResponseError) Error() string {
} }
// PingV2Registry attempts to ping a v2 registry and on success return a // PingV2Registry attempts to ping a v2 registry and on success return a
// challenge manager for the supported authentication types and // challenge manager for the supported authentication types.
// whether v2 was confirmed by the response. If a response is received but // If a response is received but cannot be interpreted, a PingResponseError will be returned.
// cannot be interpreted a PingResponseError will be returned. func PingV2Registry(endpoint *url.URL, transport http.RoundTripper) (challenge.Manager, error) {
func PingV2Registry(endpoint *url.URL, transport http.RoundTripper) (challenge.Manager, bool, error) {
var (
foundV2 = false
v2Version = auth.APIVersion{
Type: "registry",
Version: "2.0",
}
)
pingClient := &http.Client{ pingClient := &http.Client{
Transport: transport, Transport: transport,
Timeout: 15 * time.Second, Timeout: 15 * time.Second,
@ -216,32 +193,20 @@ func PingV2Registry(endpoint *url.URL, transport http.RoundTripper) (challenge.M
endpointStr := strings.TrimRight(endpoint.String(), "/") + "/v2/" endpointStr := strings.TrimRight(endpoint.String(), "/") + "/v2/"
req, err := http.NewRequest(http.MethodGet, endpointStr, nil) req, err := http.NewRequest(http.MethodGet, endpointStr, nil)
if err != nil { if err != nil {
return nil, false, err return nil, err
} }
resp, err := pingClient.Do(req) resp, err := pingClient.Do(req)
if err != nil { if err != nil {
return nil, false, err return nil, err
} }
defer resp.Body.Close() defer resp.Body.Close()
versions := auth.APIVersions(resp, DefaultRegistryVersionHeader)
for _, pingVersion := range versions {
if pingVersion == v2Version {
// The version header indicates we're definitely
// talking to a v2 registry. So don't allow future
// fallbacks to the v1 protocol.
foundV2 = true
break
}
}
challengeManager := challenge.NewSimpleManager() challengeManager := challenge.NewSimpleManager()
if err := challengeManager.AddResponse(resp); err != nil { if err := challengeManager.AddResponse(resp); err != nil {
return nil, foundV2, PingResponseError{ return nil, PingResponseError{
Err: err, Err: err,
} }
} }
return challengeManager, foundV2, nil return challengeManager, nil
} }

View File

@ -22,6 +22,7 @@ type V1Endpoint struct {
} }
// NewV1Endpoint parses the given address to return a registry endpoint. // NewV1Endpoint parses the given address to return a registry endpoint.
// TODO: remove. This is only used by search.
func NewV1Endpoint(index *registrytypes.IndexInfo, userAgent string, metaHeaders http.Header) (*V1Endpoint, error) { func NewV1Endpoint(index *registrytypes.IndexInfo, userAgent string, metaHeaders http.Header) (*V1Endpoint, error) {
tlsConfig, err := newTLSConfig(index.Name, index.Secure) tlsConfig, err := newTLSConfig(index.Name, index.Secure)
if err != nil { if err != nil {

View File

@ -135,12 +135,11 @@ func (s *DefaultService) Auth(ctx context.Context, authConfig *types.AuthConfig,
if err == nil { if err == nil {
return return
} }
if fErr, ok := err.(fallbackError); ok { if errdefs.IsUnauthorized(err) {
logrus.WithError(fErr.err).Infof("Error logging in to endpoint, trying next endpoint") // Failed to authenticate; don't continue with (non-TLS) endpoints.
continue return status, token, err
} }
logrus.WithError(err).Infof("Error logging in to endpoint, trying next endpoint")
return "", "", err
} }
return "", "", err return "", "", err
@ -194,14 +193,14 @@ func (s *DefaultService) Search(ctx context.Context, term string, limit int, aut
} }
modifiers := Headers(userAgent, nil) modifiers := Headers(userAgent, nil)
v2Client, foundV2, err := v2AuthHTTPClient(endpoint.URL, endpoint.client.Transport, modifiers, creds, scopes) v2Client, err := v2AuthHTTPClient(endpoint.URL, endpoint.client.Transport, modifiers, creds, scopes)
if err != nil { if err != nil {
if fErr, ok := err.(fallbackError); ok { if fErr, ok := err.(fallbackError); ok {
logrus.Errorf("Cannot use identity token for search, v2 auth not supported: %v", fErr.err) logrus.Errorf("Cannot use identity token for search, v2 auth not supported: %v", fErr.err)
} else { } else {
return nil, err return nil, err
} }
} else if foundV2 { } else {
// Copy non transport http client features // Copy non transport http client features
v2Client.Timeout = endpoint.client.Timeout v2Client.Timeout = endpoint.client.Timeout
v2Client.CheckRedirect = endpoint.client.CheckRedirect v2Client.CheckRedirect = endpoint.client.CheckRedirect

View File

@ -1,11 +1,10 @@
github.com/Azure/go-ansiterm d6e3b3328b783f23731bc4d058875b0371ff8109 github.com/Azure/go-ansiterm d6e3b3328b783f23731bc4d058875b0371ff8109
github.com/Microsoft/hcsshim 89a9a3b524264d34985f1d48793ab2b2d2e430f6 # moby branch github.com/Microsoft/hcsshim e811ee705ec77df2ae28857ade553043fb564d91 # v0.8.16
github.com/Microsoft/go-winio 5b44b70ab3ab4d291a7c1d28afe7b4afeced0ed4 # v0.4.15 github.com/Microsoft/go-winio 5c2e05d71961716a6c392a06ada435aaf5d5302c # v0.4.19
github.com/docker/libtrust 9cbd2a1374f46905c68a4eb3694a130610adc62a github.com/docker/libtrust 9cbd2a1374f46905c68a4eb3694a130610adc62a
github.com/golang/gddo 72a348e765d293ed6d1ded7b699591f14d6cd921 github.com/golang/gddo 72a348e765d293ed6d1ded7b699591f14d6cd921
github.com/google/uuid 0cd6bf5da1e1c83f8b45653022c74f71af0538a4 # v1.1.1 github.com/google/uuid 0cd6bf5da1e1c83f8b45653022c74f71af0538a4 # v1.1.1
github.com/gorilla/mux 98cb6bf42e086f6af920b965c38cacc07402d51b # v1.8.0 github.com/gorilla/mux 98cb6bf42e086f6af920b965c38cacc07402d51b # v1.8.0
github.com/Microsoft/opengcs a10967154e143a36014584a6f664344e3bb0aa64
github.com/moby/locker 281af2d563954745bea9d1487c965f24d30742fe # v1.0.1 github.com/moby/locker 281af2d563954745bea9d1487c965f24d30742fe # v1.0.1
github.com/moby/term bea5bbe245bf407372d477f1361d2ff042d2f556 github.com/moby/term bea5bbe245bf407372d477f1361d2ff042d2f556
@ -14,13 +13,13 @@ github.com/moby/term bea5bbe245bf407372d477f1361d
# tool (vndr) currently does not support submodules / vendoring sub-paths, so we vendor # tool (vndr) currently does not support submodules / vendoring sub-paths, so we vendor
# the top-level moby/sys repository (which contains both) and pick the most recent tag, # the top-level moby/sys repository (which contains both) and pick the most recent tag,
# which could be either `mountinfo/vX.Y.Z`, `mount/vX.Y.Z`, or `symlink/vX.Y.Z`. # which could be either `mountinfo/vX.Y.Z`, `mount/vX.Y.Z`, or `symlink/vX.Y.Z`.
github.com/moby/sys 1bc8673b57550ddf85262eb0fed0aac651a37dab # symlink/v0.1.0 github.com/moby/sys b0f1fd7235275d01bd35cc4421e884e522395f45 # mountinfo/v0.4.1
github.com/creack/pty 2a38352e8b4d7ab6c336eef107e42a55e72e7fbc # v1.1.11 github.com/creack/pty 2a38352e8b4d7ab6c336eef107e42a55e72e7fbc # v1.1.11
github.com/sirupsen/logrus 6699a89a232f3db797f2e280639854bbc4b89725 # v1.7.0 github.com/sirupsen/logrus 6699a89a232f3db797f2e280639854bbc4b89725 # v1.7.0
github.com/tchap/go-patricia a7f0089c6f496e8e70402f61733606daa326cac5 # v2.3.0 github.com/tchap/go-patricia a7f0089c6f496e8e70402f61733606daa326cac5 # v2.3.0
golang.org/x/net ab34263943818b32f575efc978a3d24e80b04bd7 golang.org/x/net e18ecbb051101a46fc263334b127c89bc7bff7ea
golang.org/x/sys b64e53b001e413bd5067f36d4e439eded3827374 golang.org/x/sys d19ff857e887eacb631721f188c7d365c2331456
github.com/docker/go-units 519db1ee28dcc9fd2474ae59fca29a810482bfb1 # v0.4.0 github.com/docker/go-units 519db1ee28dcc9fd2474ae59fca29a810482bfb1 # v0.4.0
github.com/docker/go-connections 7395e3f8aa162843a74ed6d48e79627d9792ac55 # v0.4.0 github.com/docker/go-connections 7395e3f8aa162843a74ed6d48e79627d9792ac55 # v0.4.0
golang.org/x/text 23ae387dee1f90d29a23c0e87ee0b46038fbed0e # v0.3.3 golang.org/x/text 23ae387dee1f90d29a23c0e87ee0b46038fbed0e # v0.3.3
@ -30,11 +29,11 @@ github.com/syndtr/gocapability 42c35b4376354fd554efc7ad35e0
github.com/RackSec/srslog a4725f04ec91af1a91b380da679d6e0c2f061e59 github.com/RackSec/srslog a4725f04ec91af1a91b380da679d6e0c2f061e59
github.com/imdario/mergo 1afb36080aec31e0d1528973ebe6721b191b0369 # v0.3.8 github.com/imdario/mergo 1afb36080aec31e0d1528973ebe6721b191b0369 # v0.3.8
golang.org/x/sync cd5d95a43a6e21273425c7ae415d3df9ea832eeb golang.org/x/sync 036812b2e83c0ddf193dd5a34e034151da389d09
# buildkit # buildkit
github.com/moby/buildkit 244e8cde639f71a05a1a2e0670bd88e0206ce55c # v0.8.3-3-g244e8cde github.com/moby/buildkit 9f254e18360a24c2ae47b26f772c3c89533bcbb7 # master / v0.9.0-dev
github.com/tonistiigi/fsutil 0834f99b7b85462efb69b4f571a4fa3ca7da5ac9 github.com/tonistiigi/fsutil d72af97c0eaf93c1d20360e3cb9c63c223675b83
github.com/tonistiigi/units 6950e57a87eaf136bbe44ef2ec8e75b9e3569de2 github.com/tonistiigi/units 6950e57a87eaf136bbe44ef2ec8e75b9e3569de2
github.com/grpc-ecosystem/grpc-opentracing 8e809c8a86450a29b90dcc9efbf062d0fe6d9746 github.com/grpc-ecosystem/grpc-opentracing 8e809c8a86450a29b90dcc9efbf062d0fe6d9746
github.com/opentracing/opentracing-go d34af3eaa63c4d08ab54863a4bdd0daa45212e12 # v1.2.0 github.com/opentracing/opentracing-go d34af3eaa63c4d08ab54863a4bdd0daa45212e12 # v1.2.0
@ -62,18 +61,19 @@ github.com/docker/libkv 458977154600b9f23984d9f4b82e
github.com/vishvananda/netns db3c7e526aae966c4ccfa6c8189b693d6ac5d202 github.com/vishvananda/netns db3c7e526aae966c4ccfa6c8189b693d6ac5d202
github.com/vishvananda/netlink f049be6f391489d3f374498fe0c8df8449258372 # v1.1.0 github.com/vishvananda/netlink f049be6f391489d3f374498fe0c8df8449258372 # v1.1.0
github.com/moby/ipvs 4566ccea0e08d68e9614c3e7a64a23b850c4bb35 # v1.0.1 github.com/moby/ipvs 4566ccea0e08d68e9614c3e7a64a23b850c4bb35 # v1.0.1
github.com/urfave/cli a65b733b303f0055f8d324d805f393cd3e7a7904
# When updating, consider updating TOMLV_COMMIT in hack/dockerfile/install/tomlv.installer accordingly
github.com/BurntSushi/toml 3012a1dbe2e4bd1391d42b32f0577cb7bbc7f005 # v0.3.1
github.com/samuel/go-zookeeper d0e0d8e11f318e000a8cc434616d69e329edc374 github.com/samuel/go-zookeeper d0e0d8e11f318e000a8cc434616d69e329edc374
github.com/deckarep/golang-set ef32fa3046d9f249d399f98ebaf9be944430fd1d github.com/deckarep/golang-set ef32fa3046d9f249d399f98ebaf9be944430fd1d
github.com/coreos/etcd d57e8b8d97adfc4a6c224fe116714bf1a1f3beb9 # v3.3.12 github.com/coreos/etcd 2c834459e1aab78a5d5219c7dfe42335fc4b617a # v3.3.25
github.com/coreos/go-semver 8ab6407b697782a06568d4b7f1db25550ec2e4c6 # v0.2.0 github.com/coreos/go-semver 8ab6407b697782a06568d4b7f1db25550ec2e4c6 # v0.2.0
github.com/ugorji/go b4c50a2b199d93b13dc15e78929cfb23bfdf21ab # v1.1.1
github.com/hashicorp/consul 9a9cc9341bb487651a0399e3fc5e1e8a42e62dd9 # v0.5.2 github.com/hashicorp/consul 9a9cc9341bb487651a0399e3fc5e1e8a42e62dd9 # v0.5.2
github.com/miekg/dns 6c0c4e6581f8e173cc562c8b3363ab984e4ae071 # v1.1.27 github.com/miekg/dns 6c0c4e6581f8e173cc562c8b3363ab984e4ae071 # v1.1.27
github.com/ishidawataru/sctp f2269e66cdee387bd321445d5d300893449805be github.com/ishidawataru/sctp f2269e66cdee387bd321445d5d300893449805be
go.etcd.io/bbolt 232d8fc87f50244f9c808f4745759e08a304c029 # v1.3.5 go.etcd.io/bbolt 232d8fc87f50244f9c808f4745759e08a304c029 # v1.3.5
github.com/json-iterator/go a1ca0830781e007c66b225121d2cdb3a649421f6 # v1.1.10
github.com/modern-go/concurrent bacd9c7ef1dd9b15be4a9909b8ac7a4e313eec94 # 1.0.3
github.com/modern-go/reflect2 94122c33edd36123c84d5368cfb2b69df93a0ec8 # v1.0.1
# get graph and distribution packages # get graph and distribution packages
github.com/docker/distribution 0d3efadf0154c2b8a4e7b6621fff9809655cc580 github.com/docker/distribution 0d3efadf0154c2b8a4e7b6621fff9809655cc580
@ -90,8 +90,8 @@ google.golang.org/grpc f495f5b15ae7ccda3b38c53a1bfc
# the containerd project first, and update both after that is merged. # the containerd project first, and update both after that is merged.
# This commit does not need to match RUNC_COMMIT as it is used for helper # This commit does not need to match RUNC_COMMIT as it is used for helper
# packages but should be newer or equal. # packages but should be newer or equal.
github.com/opencontainers/runc ff819c7e9184c13b7c2607fe6c30ae19403a7aff # v1.0.0-rc92 github.com/opencontainers/runc b9ee9c6314599f1b4a7f497e1f1f856fe433d3b7 # v1.0.0-rc95
github.com/opencontainers/runtime-spec 4d89ac9fbff6c455f46a5bb59c6b1bb7184a5e43 # v1.0.3-0.20200728170252-4d89ac9fbff6 github.com/opencontainers/runtime-spec 1c3f411f041711bbeecf35ff7e93461ea6789220 # v1.0.3-0.20210326190908-1c3f411f0417
github.com/opencontainers/image-spec d60099175f88c47cd379c4738d158884749ed235 # v1.0.1 github.com/opencontainers/image-spec d60099175f88c47cd379c4738d158884749ed235 # v1.0.1
github.com/cyphar/filepath-securejoin a261ee33d7a517f054effbf451841abaafe3e0fd # v0.2.2 github.com/cyphar/filepath-securejoin a261ee33d7a517f054effbf451841abaafe3e0fd # v0.2.2
@ -99,14 +99,14 @@ github.com/cyphar/filepath-securejoin a261ee33d7a517f054effbf45184
github.com/coreos/go-systemd 39ca1b05acc7ad1220e09f133283b8859a8b71ab # v17 github.com/coreos/go-systemd 39ca1b05acc7ad1220e09f133283b8859a8b71ab # v17
# systemd integration (journald, daemon/listeners, containerd/cgroups) # systemd integration (journald, daemon/listeners, containerd/cgroups)
github.com/coreos/go-systemd/v22 2d78030078ef61b3cae27f42ad6d0e46db51b339 # v22.0.0 github.com/coreos/go-systemd/v22 256724e3db397c5ca4287b8f0c78e9e8492fdb01 # v22.3.1
github.com/godbus/dbus/v5 37bf87eef99d69c4f1d3528bd66e3a87dc201472 # v5.0.3 github.com/godbus/dbus/v5 c88335c0b1d28a30e7fc76d526a06154b85e5d97 # v5.0.4
# gelf logging driver deps # gelf logging driver deps
github.com/Graylog2/go-gelf 1550ee647df0510058c9d67a45c56f18911d80b8 # v2 branch github.com/Graylog2/go-gelf 1550ee647df0510058c9d67a45c56f18911d80b8 # v2 branch
# fluent-logger-golang deps # fluent-logger-golang deps
github.com/fluent/fluent-logger-golang 7a6c9dcd7f14c2ed5d8c55c11b894e5455ee311b # v1.4.0 github.com/fluent/fluent-logger-golang b9b7fb02ccfee8ba4e69aa87386820c2bf24fd11 # v1.6.1
github.com/philhofer/fwd bb6d471dc95d4fe11e432687f8b70ff496cf3136 # v1.0.0 github.com/philhofer/fwd bb6d471dc95d4fe11e432687f8b70ff496cf3136 # v1.0.0
github.com/tinylib/msgp af6442a0fcf6e2a1b824f70dd0c734f01e817751 # v1.1.0 github.com/tinylib/msgp af6442a0fcf6e2a1b824f70dd0c734f01e817751 # v1.1.0
@ -130,30 +130,32 @@ github.com/googleapis/gax-go bd5b16380fd03dc758d11cef74ba
google.golang.org/genproto 3f1135a288c9a07e340ae8ba4cc6c7065a3160e8 google.golang.org/genproto 3f1135a288c9a07e340ae8ba4cc6c7065a3160e8
# containerd # containerd
github.com/containerd/containerd 0edc412565dcc6e3d6125ff9e4b009ad4b89c638 # master (v1.5.0-dev) github.com/containerd/containerd 36cc874494a56a253cd181a1a685b44b58a2e34a # v1.5.2
github.com/containerd/fifo 0724c46b320cf96bb172a0550c19a4b1fca4dacb github.com/containerd/fifo 650e8a8a179d040123db61f016cb133143e7a581 # v1.0.0
github.com/containerd/continuity efbc4488d8fe1bdc16bde3b2d2990d9b3a899165 github.com/containerd/continuity bce1c3f9669b6f3e7f6656ee715b0b4d75fa64a6 # v0.1.0
github.com/containerd/cgroups 0b889c03f102012f1d93a97ddd3ef71cd6f4f510 github.com/containerd/cgroups b9de8a2212026c07cec67baf3323f1fc0121e048 # v1.0.1
github.com/containerd/console 5d7e1412f07b502a01029ea20e20e0d2be31fa7c # v1.0.1 github.com/containerd/console 2f1e3d2b6afd18e8b2077816c711205a0b4d8769 # v1.0.2
github.com/containerd/go-runc 16b287bc67d069a60fa48db15f330b790b74365b github.com/containerd/go-runc 16b287bc67d069a60fa48db15f330b790b74365b # v1.0.0
github.com/containerd/typeurl cd3ce7159eae562a4f60ceff37dada11a939d247 # v1.0.1 github.com/containerd/typeurl 5e43fb8b75ed2f2305fc04e6918c8d10636771bc # v1.0.2
github.com/containerd/ttrpc bfba540dc45464586c106b1f31c8547933c1eb41 # v1.0.2 github.com/containerd/ttrpc bfba540dc45464586c106b1f31c8547933c1eb41 # v1.0.2
github.com/gogo/googleapis 01e0f9cca9b92166042241267ee2a5cdf5cff46c # v1.3.2 github.com/gogo/googleapis 01e0f9cca9b92166042241267ee2a5cdf5cff46c # v1.3.2
github.com/cilium/ebpf 1c8d4c9ef7759622653a1d319284a44652333b28 github.com/cilium/ebpf ef54c303d1fff1e80a9bf20f00a378fde5419d61 # v0.5.0
github.com/klauspost/compress a3b7545c88eea469c2246bee0e6c130525d56190 # v1.11.13
github.com/pelletier/go-toml 65ca8064882c8c308e5c804c5d5443d409e0738c # v1.8.1
# cluster # cluster
github.com/docker/swarmkit 17d8d4e4d8bdec33d386e6362d3537fa9493ba00 github.com/docker/swarmkit 2dcf70aafdc9ea55af3aaaeca440638cde0ecda6 # master
github.com/gogo/protobuf 5628607bb4c51c3157aacc3a50f0ab707582b805 # v1.3.1 github.com/gogo/protobuf b03c65ea87cdc3521ede29f62fe3ce239267c1bc # v1.3.2
github.com/golang/protobuf 84668698ea25b64748563aa20726db66a6b8d299 # v1.3.5 github.com/golang/protobuf 84668698ea25b64748563aa20726db66a6b8d299 # v1.3.5
github.com/cloudflare/cfssl 5d63dbd981b5c408effbb58c442d54761ff94fbd # 1.3.2 github.com/cloudflare/cfssl 5d63dbd981b5c408effbb58c442d54761ff94fbd # 1.3.2
github.com/fernet/fernet-go 9eac43b88a5efb8651d24de9b68e87567e029736 github.com/fernet/fernet-go 9eac43b88a5efb8651d24de9b68e87567e029736
github.com/google/certificate-transparency-go 37a384cd035e722ea46e55029093e26687138edf # v1.0.20 github.com/google/certificate-transparency-go 37a384cd035e722ea46e55029093e26687138edf # v1.0.20
golang.org/x/crypto c1f2f97bffc9c53fc40a1a28a5b460094c0050d9 golang.org/x/crypto 0c34fe9e7dc2486962ef9867e3edb3503537209f
golang.org/x/time 555d28b269f0569763d25dbe1a237ae74c6bcc82 golang.org/x/time 3af7569d3a1e776fc2a3c1cec133b43105ea9c2e
github.com/hashicorp/go-memdb cb9a474f84cc5e41b273b20c6927680b2a8776ad github.com/hashicorp/go-memdb cb9a474f84cc5e41b273b20c6927680b2a8776ad
github.com/hashicorp/go-immutable-radix 826af9ccf0feeee615d546d69b11f8e98da8c8f1 git://github.com/tonistiigi/go-immutable-radix.git github.com/hashicorp/go-immutable-radix 826af9ccf0feeee615d546d69b11f8e98da8c8f1 git://github.com/tonistiigi/go-immutable-radix.git
github.com/hashicorp/golang-lru 7f827b33c0f158ec5dfbba01bb0b14a4541fd81d # v0.5.3 github.com/hashicorp/golang-lru 7f827b33c0f158ec5dfbba01bb0b14a4541fd81d # v0.5.3
github.com/coreos/pkg 3ac0863d7acf3bc44daf49afef8919af12f704ef # v3 github.com/coreos/pkg 97fdf19511ea361ae1c100dd393cc47f8dcfa1e1 # v4
code.cloudfoundry.org/clock 02e53af36e6c978af692887ed449b74026d76fec # v1.0.0 code.cloudfoundry.org/clock 02e53af36e6c978af692887ed449b74026d76fec # v1.0.0
# prometheus # prometheus
@ -168,7 +170,7 @@ github.com/grpc-ecosystem/go-grpc-prometheus c225b8c3b01faf2899099b768856
github.com/cespare/xxhash/v2 d7df74196a9e781ede915320c11c378c1b2f3a1f # v2.1.1 github.com/cespare/xxhash/v2 d7df74196a9e781ede915320c11c378c1b2f3a1f # v2.1.1
# cli # cli
github.com/spf13/cobra 86f8bfd7fef868a174e1b606783bd7f5c82ddf8f # v1.1.1 github.com/spf13/cobra 8380ddd3132bdf8fd77731725b550c181dda0aa8 # v1.1.3
github.com/spf13/pflag 2e9d26c8c37aae03e3f9d4e90b7116f5accb7cab # v1.0.5 github.com/spf13/pflag 2e9d26c8c37aae03e3f9d4e90b7116f5accb7cab # v1.0.5
github.com/inconshreveable/mousetrap 76626ae9c91c4f2a10f34cad8ce83ea42c93bb75 # v1.0.0 github.com/inconshreveable/mousetrap 76626ae9c91c4f2a10f34cad8ce83ea42c93bb75 # v1.0.0
github.com/morikuni/aec 39771216ff4c63d11f5e604076f9c45e8be1067b # v1.0.0 github.com/morikuni/aec 39771216ff4c63d11f5e604076f9c45e8be1067b # v1.0.0
@ -176,8 +178,8 @@ github.com/morikuni/aec 39771216ff4c63d11f5e604076f9
# metrics # metrics
github.com/docker/go-metrics b619b3592b65de4f087d9f16863a7e6ff905973c # v0.0.1 github.com/docker/go-metrics b619b3592b65de4f087d9f16863a7e6ff905973c # v0.0.1
github.com/opencontainers/selinux 2f45b3796d18f1ab4c9fc0c888a98d0a0fd6e429 # v1.8.0 github.com/opencontainers/selinux 76bc82e11d854d3e40c08889d13c98abcea72ea2 # v1.8.2
github.com/willf/bitset 559910e8471e48d76d9e5a1ba15842dee77ad45d # v1.1.11 github.com/bits-and-blooms/bitset 59de210119f50cedaa42d175dc88b6335fcf63f6 # v1.2.0
# archive/tar # archive/tar

View File

@ -0,0 +1,15 @@
// +build !windows
package sshprovider
import (
"github.com/pkg/errors"
)
func getFallbackAgentPath() (string, error) {
return "", errors.Errorf("make sure SSH_AUTH_SOCK is set")
}
func getWindowsPipeDialer(path string) *socketDialer {
return nil
}

View File

@ -0,0 +1,60 @@
// +build windows
package sshprovider
import (
"net"
"regexp"
"strings"
"github.com/Microsoft/go-winio"
"github.com/pkg/errors"
"golang.org/x/sys/windows"
)
// Returns the Windows OpenSSH agent named pipe path, but
// only if the agent is running. Returns an error otherwise.
func getFallbackAgentPath() (string, error) {
// Windows OpenSSH agent uses a named pipe rather
// than a UNIX socket. These pipes do not play nice
// with os.Stat (which tries to open its target), so
// use a FindFirstFile syscall to check for existence.
var fd windows.Win32finddata
path := `\\.\pipe\openssh-ssh-agent`
pathPtr, _ := windows.UTF16PtrFromString(path)
handle, err := windows.FindFirstFile(pathPtr, &fd)
if err != nil {
msg := "Windows OpenSSH agent not available at %s." +
" Enable the SSH agent service or set SSH_AUTH_SOCK."
return "", errors.Errorf(msg, path)
}
_ = windows.CloseHandle(handle)
return path, nil
}
// Returns true if the path references a named pipe.
func isWindowsPipePath(path string) bool {
// If path matches \\*\pipe\* then it references a named pipe
// and requires winio.DialPipe() rather than DialTimeout("unix").
// Slashes and backslashes may be used interchangeably in the path.
// Path separators may consist of multiple consecutive (back)slashes.
pipePattern := strings.ReplaceAll("^[/]{2}[^/]+[/]+pipe[/]+", "/", `\\/`)
ok, _ := regexp.MatchString(pipePattern, path)
return ok
}
func getWindowsPipeDialer(path string) *socketDialer {
if isWindowsPipePath(path) {
return &socketDialer{path: path, dialer: windowsPipeDialer}
}
return nil
}
func windowsPipeDialer(path string) (net.Conn, error) {
return winio.DialPipe(path, nil)
}