Merge pull request #5207 from thaJeztah/bump_engine_27.0.3

vendor: github.com/docker/docker v27.0.3
This commit is contained in:
Paweł Gronowski 2024-07-01 13:41:34 +02:00 committed by GitHub
commit ab2373a18e
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
7 changed files with 26 additions and 33 deletions

View File

@ -12,7 +12,7 @@ require (
github.com/creack/pty v1.1.21 github.com/creack/pty v1.1.21
github.com/distribution/reference v0.6.0 github.com/distribution/reference v0.6.0
github.com/docker/distribution v2.8.3+incompatible github.com/docker/distribution v2.8.3+incompatible
github.com/docker/docker v27.0.2+incompatible github.com/docker/docker v27.0.3+incompatible
github.com/docker/docker-credential-helpers v0.8.2 github.com/docker/docker-credential-helpers v0.8.2
github.com/docker/go-connections v0.5.0 github.com/docker/go-connections v0.5.0
github.com/docker/go-units v0.5.0 github.com/docker/go-units v0.5.0

View File

@ -57,8 +57,8 @@ github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5
github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk= github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk=
github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
github.com/docker/docker v27.0.2+incompatible h1:mNhCtgXNV1fIRns102grG7rdzIsGGCq1OlOD0KunZos= github.com/docker/docker v27.0.3+incompatible h1:aBGI9TeQ4MPlhquTQKq9XbK79rKFVwXNUAYz9aXyEBE=
github.com/docker/docker v27.0.2+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker v27.0.3+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
github.com/docker/docker-credential-helpers v0.8.2 h1:bX3YxiGzFP5sOXWc3bTPEXdEaZSeVMrFgOr3T+zrFAo= github.com/docker/docker-credential-helpers v0.8.2 h1:bX3YxiGzFP5sOXWc3bTPEXdEaZSeVMrFgOr3T+zrFAo=
github.com/docker/docker-credential-helpers v0.8.2/go.mod h1:P3ci7E3lwkZg6XiHdRKft1KckHiO9a2rNtyFbZ/ry9M= github.com/docker/docker-credential-helpers v0.8.2/go.mod h1:P3ci7E3lwkZg6XiHdRKft1KckHiO9a2rNtyFbZ/ry9M=
github.com/docker/go v1.5.1-1.0.20160303222718-d30aec9fd63c h1:lzqkGL9b3znc+ZUgi7FlLnqjQhcXxkNM/quxIjBVMD0= github.com/docker/go v1.5.1-1.0.20160303222718-d30aec9fd63c h1:lzqkGL9b3znc+ZUgi7FlLnqjQhcXxkNM/quxIjBVMD0=

View File

@ -20,7 +20,6 @@ import (
"syscall" "syscall"
"time" "time"
"github.com/containerd/containerd/pkg/userns"
"github.com/containerd/log" "github.com/containerd/log"
"github.com/docker/docker/pkg/idtools" "github.com/docker/docker/pkg/idtools"
"github.com/docker/docker/pkg/ioutils" "github.com/docker/docker/pkg/ioutils"
@ -675,9 +674,11 @@ func createTarFile(path, extractDir string, hdr *tar.Header, reader io.Reader, o
inUserns, bestEffortXattrs bool inUserns, bestEffortXattrs bool
chownOpts *idtools.Identity chownOpts *idtools.Identity
) )
// TODO(thaJeztah): make opts a required argument.
if opts != nil { if opts != nil {
Lchown = !opts.NoLchown Lchown = !opts.NoLchown
inUserns = opts.InUserNS inUserns = opts.InUserNS // TODO(thaJeztah): consider deprecating opts.InUserNS and detect locally.
chownOpts = opts.ChownOpts chownOpts = opts.ChownOpts
bestEffortXattrs = opts.BestEffortXattrs bestEffortXattrs = opts.BestEffortXattrs
} }
@ -712,6 +713,7 @@ func createTarFile(path, extractDir string, hdr *tar.Header, reader io.Reader, o
case tar.TypeBlock, tar.TypeChar: case tar.TypeBlock, tar.TypeChar:
if inUserns { // cannot create devices in a userns if inUserns { // cannot create devices in a userns
log.G(context.TODO()).WithFields(log.Fields{"path": path, "type": hdr.Typeflag}).Debug("skipping device nodes in a userns")
return nil return nil
} }
// Handle this is an OS-specific way // Handle this is an OS-specific way
@ -722,6 +724,11 @@ func createTarFile(path, extractDir string, hdr *tar.Header, reader io.Reader, o
case tar.TypeFifo: case tar.TypeFifo:
// Handle this is an OS-specific way // Handle this is an OS-specific way
if err := handleTarTypeBlockCharFifo(hdr, path); err != nil { if err := handleTarTypeBlockCharFifo(hdr, path); err != nil {
if inUserns && errors.Is(err, syscall.EPERM) {
// In most cases, cannot create a fifo if running in user namespace
log.G(context.TODO()).WithFields(log.Fields{"error": err, "path": path, "type": hdr.Typeflag}).Debug("creating fifo node in a userns")
return nil
}
return err return err
} }
@ -765,7 +772,7 @@ func createTarFile(path, extractDir string, hdr *tar.Header, reader io.Reader, o
} }
if err := os.Lchown(path, chownOpts.UID, chownOpts.GID); err != nil { if err := os.Lchown(path, chownOpts.UID, chownOpts.GID); err != nil {
msg := "failed to Lchown %q for UID %d, GID %d" msg := "failed to Lchown %q for UID %d, GID %d"
if errors.Is(err, syscall.EINVAL) && userns.RunningInUserNS() { if inUserns && errors.Is(err, syscall.EINVAL) {
msg += " (try increasing the number of subordinate IDs in /etc/subuid and /etc/subgid)" msg += " (try increasing the number of subordinate IDs in /etc/subuid and /etc/subgid)"
} }
return errors.Wrapf(err, msg, path, hdr.Uid, hdr.Gid) return errors.Wrapf(err, msg, path, hdr.Uid, hdr.Gid)
@ -871,11 +878,6 @@ func NewTarballer(srcPath string, options *TarOptions) (*Tarballer, error) {
return nil, err return nil, err
} }
whiteoutConverter, err := getWhiteoutConverter(options.WhiteoutFormat, options.InUserNS)
if err != nil {
return nil, err
}
return &Tarballer{ return &Tarballer{
// Fix the source path to work with long path names. This is a no-op // Fix the source path to work with long path names. This is a no-op
// on platforms other than Windows. // on platforms other than Windows.
@ -885,7 +887,7 @@ func NewTarballer(srcPath string, options *TarOptions) (*Tarballer, error) {
pipeReader: pipeReader, pipeReader: pipeReader,
pipeWriter: pipeWriter, pipeWriter: pipeWriter,
compressWriter: compressWriter, compressWriter: compressWriter,
whiteoutConverter: whiteoutConverter, whiteoutConverter: getWhiteoutConverter(options.WhiteoutFormat),
}, nil }, nil
} }
@ -1080,10 +1082,7 @@ func Unpack(decompressedArchive io.Reader, dest string, options *TarOptions) err
defer pools.BufioReader32KPool.Put(trBuf) defer pools.BufioReader32KPool.Put(trBuf)
var dirs []*tar.Header var dirs []*tar.Header
whiteoutConverter, err := getWhiteoutConverter(options.WhiteoutFormat, options.InUserNS) whiteoutConverter := getWhiteoutConverter(options.WhiteoutFormat)
if err != nil {
return err
}
// Iterate through the files in the archive. // Iterate through the files in the archive.
loop: loop:

View File

@ -12,14 +12,11 @@ import (
"golang.org/x/sys/unix" "golang.org/x/sys/unix"
) )
func getWhiteoutConverter(format WhiteoutFormat, inUserNS bool) (tarWhiteoutConverter, error) { func getWhiteoutConverter(format WhiteoutFormat) tarWhiteoutConverter {
if format == OverlayWhiteoutFormat { if format == OverlayWhiteoutFormat {
if inUserNS { return overlayWhiteoutConverter{}
return nil, errors.New("specifying OverlayWhiteoutFormat is not allowed in userns")
}
return overlayWhiteoutConverter{}, nil
} }
return nil, nil return nil
} }
type overlayWhiteoutConverter struct{} type overlayWhiteoutConverter struct{}

View File

@ -2,6 +2,6 @@
package archive // import "github.com/docker/docker/pkg/archive" package archive // import "github.com/docker/docker/pkg/archive"
func getWhiteoutConverter(format WhiteoutFormat, inUserNS bool) (tarWhiteoutConverter, error) { func getWhiteoutConverter(format WhiteoutFormat) tarWhiteoutConverter {
return nil, nil return nil
} }

View File

@ -11,7 +11,6 @@ import (
"strings" "strings"
"syscall" "syscall"
"github.com/containerd/containerd/pkg/userns"
"github.com/docker/docker/pkg/idtools" "github.com/docker/docker/pkg/idtools"
"github.com/docker/docker/pkg/system" "github.com/docker/docker/pkg/system"
"golang.org/x/sys/unix" "golang.org/x/sys/unix"
@ -95,7 +94,10 @@ func getFileUIDGID(stat interface{}) (idtools.Identity, error) {
} }
// handleTarTypeBlockCharFifo is an OS-specific helper function used by // handleTarTypeBlockCharFifo is an OS-specific helper function used by
// createTarFile to handle the following types of header: Block; Char; Fifo // createTarFile to handle the following types of header: Block; Char; Fifo.
//
// Creating device nodes is not supported when running in a user namespace,
// produces a [syscall.EPERM] in most cases.
func handleTarTypeBlockCharFifo(hdr *tar.Header, path string) error { func handleTarTypeBlockCharFifo(hdr *tar.Header, path string) error {
mode := uint32(hdr.Mode & 0o7777) mode := uint32(hdr.Mode & 0o7777)
switch hdr.Typeflag { switch hdr.Typeflag {
@ -107,12 +109,7 @@ func handleTarTypeBlockCharFifo(hdr *tar.Header, path string) error {
mode |= unix.S_IFIFO mode |= unix.S_IFIFO
} }
err := system.Mknod(path, mode, int(system.Mkdev(hdr.Devmajor, hdr.Devminor))) return system.Mknod(path, mode, int(system.Mkdev(hdr.Devmajor, hdr.Devminor)))
if errors.Is(err, syscall.EPERM) && userns.RunningInUserNS() {
// In most cases, cannot create a device if running in user namespace
err = nil
}
return err
} }
func handleLChmod(hdr *tar.Header, path string, hdrInfo os.FileInfo) error { func handleLChmod(hdr *tar.Header, path string, hdrInfo os.FileInfo) error {

2
vendor/modules.txt vendored
View File

@ -53,7 +53,7 @@ github.com/docker/distribution/registry/client/transport
github.com/docker/distribution/registry/storage/cache github.com/docker/distribution/registry/storage/cache
github.com/docker/distribution/registry/storage/cache/memory github.com/docker/distribution/registry/storage/cache/memory
github.com/docker/distribution/uuid github.com/docker/distribution/uuid
# github.com/docker/docker v27.0.2+incompatible # github.com/docker/docker v27.0.3+incompatible
## explicit ## explicit
github.com/docker/docker/api github.com/docker/docker/api
github.com/docker/docker/api/types github.com/docker/docker/api/types