Merge pull request #5160 from vvoland/docker-27.0-rc

vendor: github.com/docker/docker caf502a0bc44 (v27.0.0-dev)

vendor.mod

@@ -12,7 +12,7 @@ require (
 	github.com/creack/pty v1.1.21
 	github.com/distribution/reference v0.6.0
 	github.com/docker/distribution v2.8.3+incompatible
-	github.com/docker/docker v27.0.0-rc.1.0.20240616165053-ec4bac431c88+incompatible
+	github.com/docker/docker v27.0.0-rc.1.0.20240617150224-caf502a0bc44+incompatible
 	github.com/docker/docker-credential-helpers v0.8.2
 	github.com/docker/go-connections v0.5.0
 	github.com/docker/go-units v0.5.0

vendor.sum

@@ -8,8 +8,6 @@ github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY=
 github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU=
-github.com/Microsoft/hcsshim v0.11.5 h1:haEcLNpj9Ka1gd3B3tAEs9CpE0c+1IhoL59w/exYU38=
-github.com/Microsoft/hcsshim v0.11.5/go.mod h1:MV8xMfmECjl5HdO7U/3/hFVnkmSBjAjmA09d4bExKcU=
 github.com/Shopify/logrus-bugsnag v0.0.0-20170309145241-6dbc35f2c30d h1:hi6J4K6DKrR4/ljxn6SF6nURyu785wKMuQcjt7H3VCQ=
 github.com/Shopify/logrus-bugsnag v0.0.0-20170309145241-6dbc35f2c30d/go.mod h1:HI8ITrYtUY+O+ZhtlqUnD8+KwNPOyugEhfP9fdUIaEQ=
 github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
@@ -59,8 +57,8 @@ github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5
 github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
 github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk=
 github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
-github.com/docker/docker v27.0.0-rc.1.0.20240616165053-ec4bac431c88+incompatible h1:8oA6C1+SM3iyWmXHgRzPWyImgpNkspJbmePZb+yHk20=
+github.com/docker/docker v27.0.0-rc.1.0.20240617150224-caf502a0bc44+incompatible h1:pXaCW++6yCgWS/0/NYQRc+24pKdBjshTqI/6A2HbxIM=
-github.com/docker/docker v27.0.0-rc.1.0.20240616165053-ec4bac431c88+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
+github.com/docker/docker v27.0.0-rc.1.0.20240617150224-caf502a0bc44+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/docker-credential-helpers v0.8.2 h1:bX3YxiGzFP5sOXWc3bTPEXdEaZSeVMrFgOr3T+zrFAo=
 github.com/docker/docker-credential-helpers v0.8.2/go.mod h1:P3ci7E3lwkZg6XiHdRKft1KckHiO9a2rNtyFbZ/ry9M=
 github.com/docker/go v1.5.1-1.0.20160303222718-d30aec9fd63c h1:lzqkGL9b3znc+ZUgi7FlLnqjQhcXxkNM/quxIjBVMD0=

vendor/github.com/docker/docker/api/swagger.yaml

@@ -5824,6 +5824,58 @@ definitions:
         example:
           - "/etc/cdi"
           - "/var/run/cdi"
+      Containerd:
+        $ref: "#/definitions/ContainerdInfo"
+        x-nullable: true
+
+  ContainerdInfo:
+    description: |
+      Information for connecting to the containerd instance that is used by the daemon.
+      This is included for debugging purposes only.
+    type: "object"
+    properties:
+      Address:
+        description: "The address of the containerd socket."
+        type: "string"
+        example: "/run/containerd/containerd.sock"
+      Namespaces:
+        description: |
+          The namespaces that the daemon uses for running containers and
+          plugins in containerd. These namespaces can be configured in the
+          daemon configuration, and are considered to be used exclusively
+          by the daemon, Tampering with the containerd instance may cause
+          unexpected behavior.
+
+          As these namespaces are considered to be exclusively accessed
+          by the daemon, it is not recommended to change these values,
+          or to change them to a value that is used by other systems,
+          such as cri-containerd.
+        type: "object"
+        properties:
+          Containers:
+            description: |
+              The default containerd namespace used for containers managed
+              by the daemon.
+
+              The default namespace for containers is "moby", but will be
+              suffixed with the `<uid>.<gid>` of the remapped `root` if
+              user-namespaces are enabled and the containerd image-store
+              is used.
+            type: "string"
+            default: "moby"
+            example: "moby"
+          Plugins:
+            description: |
+              The default containerd namespace used for plugins managed by
+              the daemon.
+
+              The default namespace for plugins is "plugins.moby", but will be
+              suffixed with the `<uid>.<gid>` of the remapped `root` if
+              user-namespaces are enabled and the containerd image-store
+              is used.
+            type: "string"
+            default: "plugins.moby"
+            example: "plugins.moby"
 
   # PluginsInfo is a temp struct holding Plugins name
   # registered with docker daemon. It is used by Info struct
@@ -9507,7 +9559,7 @@ paths:
 
         Containers report these events: `attach`, `commit`, `copy`, `create`, `destroy`, `detach`, `die`, `exec_create`, `exec_detach`, `exec_start`, `exec_die`, `export`, `health_status`, `kill`, `oom`, `pause`, `rename`, `resize`, `restart`, `start`, `stop`, `top`, `unpause`, `update`, and `prune`
 
-        Images report these events: `delete`, `import`, `load`, `pull`, `push`, `save`, `tag`, `untag`, and `prune`
+        Images report these events: `create, `delete`, `import`, `load`, `pull`, `push`, `save`, `tag`, `untag`, and `prune`
 
         Volumes report these events: `create`, `mount`, `unmount`, `destroy`, and `prune`
 

vendor/github.com/docker/docker/api/types/container/create_request.go

@@ -0,0 +1,13 @@
+package container
+
+import "github.com/docker/docker/api/types/network"
+
+// CreateRequest is the request message sent to the server for container
+// create calls. It is a config wrapper that holds the container [Config]
+// (portable) and the corresponding [HostConfig] (non-portable) and
+// [network.NetworkingConfig].
+type CreateRequest struct {
+	*Config
+	HostConfig       *HostConfig               `json:"HostConfig,omitempty"`
+	NetworkingConfig *network.NetworkingConfig `json:"NetworkingConfig,omitempty"`
+}

vendor/github.com/docker/docker/api/types/container/hostconfig_unix.go

@@ -9,24 +9,6 @@ func (i Isolation) IsValid() bool {
 	return i.IsDefault()
 }
 
-// NetworkName returns the name of the network stack.
-func (n NetworkMode) NetworkName() string {
-	if n.IsBridge() {
-		return network.NetworkBridge
-	} else if n.IsHost() {
-		return network.NetworkHost
-	} else if n.IsContainer() {
-		return "container"
-	} else if n.IsNone() {
-		return network.NetworkNone
-	} else if n.IsDefault() {
-		return network.NetworkDefault
-	} else if n.IsUserDefined() {
-		return n.UserDefined()
-	}
-	return ""
-}
-
 // IsBridge indicates whether container uses the bridge network stack
 func (n NetworkMode) IsBridge() bool {
 	return n == network.NetworkBridge
@@ -41,3 +23,23 @@ func (n NetworkMode) IsHost() bool {
 func (n NetworkMode) IsUserDefined() bool {
 	return !n.IsDefault() && !n.IsBridge() && !n.IsHost() && !n.IsNone() && !n.IsContainer()
 }
+
+// NetworkName returns the name of the network stack.
+func (n NetworkMode) NetworkName() string {
+	switch {
+	case n.IsDefault():
+		return network.NetworkDefault
+	case n.IsBridge():
+		return network.NetworkBridge
+	case n.IsHost():
+		return network.NetworkHost
+	case n.IsNone():
+		return network.NetworkNone
+	case n.IsContainer():
+		return "container"
+	case n.IsUserDefined():
+		return n.UserDefined()
+	default:
+		return ""
+	}
+}

vendor/github.com/docker/docker/api/types/container/hostconfig_windows.go

@@ -2,6 +2,11 @@ package container // import "github.com/docker/docker/api/types/container"
 
 import "github.com/docker/docker/api/types/network"
 
+// IsValid indicates if an isolation technology is valid
+func (i Isolation) IsValid() bool {
+	return i.IsDefault() || i.IsHyperV() || i.IsProcess()
+}
+
 // IsBridge indicates whether container uses the bridge network stack
 // in windows it is given the name NAT
 func (n NetworkMode) IsBridge() bool {
@@ -19,24 +24,24 @@ func (n NetworkMode) IsUserDefined() bool {
 	return !n.IsDefault() && !n.IsNone() && !n.IsBridge() && !n.IsContainer()
 }
 
-// IsValid indicates if an isolation technology is valid
-func (i Isolation) IsValid() bool {
-	return i.IsDefault() || i.IsHyperV() || i.IsProcess()
-}
-
 // NetworkName returns the name of the network stack.
 func (n NetworkMode) NetworkName() string {
-	if n.IsDefault() {
+	switch {
+	case n.IsDefault():
 		return network.NetworkDefault
-	} else if n.IsBridge() {
+	case n.IsBridge():
 		return network.NetworkNat
-	} else if n.IsNone() {
+	case n.IsHost():
+		// Windows currently doesn't support host network-mode, so
+		// this would currently never happen..
+		return network.NetworkHost
+	case n.IsNone():
 		return network.NetworkNone
-	} else if n.IsContainer() {
+	case n.IsContainer():
 		return "container"
-	} else if n.IsUserDefined() {
+	case n.IsUserDefined():
 		return n.UserDefined()
-	}
+	default:
-
 		return ""
 	}
+}

vendor/github.com/docker/docker/api/types/system/info.go

@@ -75,6 +75,8 @@ type Info struct {
 	DefaultAddressPools []NetworkAddressPool `json:",omitempty"`
 	CDISpecDirs         []string
 
+	Containerd *ContainerdInfo `json:",omitempty"`
+
 	// Legacy API fields for older API versions.
 	legacyFields
 
@@ -85,6 +87,43 @@ type Info struct {
 	Warnings []string
 }
 
+// ContainerdInfo holds information about the containerd instance used by the daemon.
+type ContainerdInfo struct {
+	// Address is the path to the containerd socket.
+	Address string `json:",omitempty"`
+	// Namespaces is the containerd namespaces used by the daemon.
+	Namespaces ContainerdNamespaces
+}
+
+// ContainerdNamespaces reflects the containerd namespaces used by the daemon.
+//
+// These namespaces can be configured in the daemon configuration, and are
+// considered to be used exclusively by the daemon,
+//
+// As these namespaces are considered to be exclusively accessed
+// by the daemon, it is not recommended to change these values,
+// or to change them to a value that is used by other systems,
+// such as cri-containerd.
+type ContainerdNamespaces struct {
+	// Containers holds the default containerd namespace used for
+	// containers managed by the daemon.
+	//
+	// The default namespace for containers is "moby", but will be
+	// suffixed with the `<uid>.<gid>` of the remapped `root` if
+	// user-namespaces are enabled and the containerd image-store
+	// is used.
+	Containers string
+
+	// Plugins holds the default containerd namespace used for
+	// plugins managed by the daemon.
+	//
+	// The default namespace for plugins is "moby", but will be
+	// suffixed with the `<uid>.<gid>` of the remapped `root` if
+	// user-namespaces are enabled and the containerd image-store
+	// is used.
+	Plugins string
+}
+
 type legacyFields struct {
 	ExecutionDriver string `json:",omitempty"` // Deprecated: deprecated since API v1.25, but returned for older versions.
 }

vendor/github.com/docker/docker/pkg/archive/archive.go

@@ -98,24 +98,16 @@ func NewDefaultArchiver() *Archiver {
 type breakoutError error
 
 const (
-	// Uncompressed represents the uncompressed.
+	Uncompressed Compression = 0 // Uncompressed represents the uncompressed.
-	Uncompressed Compression = iota
+	Bzip2        Compression = 1 // Bzip2 is bzip2 compression algorithm.
-	// Bzip2 is bzip2 compression algorithm.
+	Gzip         Compression = 2 // Gzip is gzip compression algorithm.
-	Bzip2
+	Xz           Compression = 3 // Xz is xz compression algorithm.
-	// Gzip is gzip compression algorithm.
+	Zstd         Compression = 4 // Zstd is zstd compression algorithm.
-	Gzip
-	// Xz is xz compression algorithm.
-	Xz
-	// Zstd is zstd compression algorithm.
-	Zstd
 )
 
 const (
-	// AUFSWhiteoutFormat is the default format for whiteouts
+	AUFSWhiteoutFormat    WhiteoutFormat = 0 // AUFSWhiteoutFormat is the default format for whiteouts
-	AUFSWhiteoutFormat WhiteoutFormat = iota
+	OverlayWhiteoutFormat WhiteoutFormat = 1 // OverlayWhiteoutFormat formats whiteout according to the overlay standard.
-	// OverlayWhiteoutFormat formats whiteout according to the overlay
-	// standard.
-	OverlayWhiteoutFormat
 )
 
 // IsArchivePath checks if the (possibly compressed) file at the given path
@@ -887,7 +879,7 @@ func NewTarballer(srcPath string, options *TarOptions) (*Tarballer, error) {
 	return &Tarballer{
 		// Fix the source path to work with long path names. This is a no-op
 		// on platforms other than Windows.
-		srcPath:           fixVolumePathPrefix(srcPath),
+		srcPath:           addLongPathPrefix(srcPath),
 		options:           options,
 		pm:                pm,
 		pipeReader:        pipeReader,

vendor/github.com/docker/docker/pkg/archive/archive_unix.go

@@ -21,9 +21,9 @@ func init() {
 	sysStat = statUnix
 }
 
-// fixVolumePathPrefix does platform specific processing to ensure that if
+// addLongPathPrefix adds the Windows long path prefix to the path provided if
-// the path being passed in is not in a volume path format, convert it to one.
+// it does not already have it. It is a no-op on platforms other than Windows.
-func fixVolumePathPrefix(srcPath string) string {
+func addLongPathPrefix(srcPath string) string {
 	return srcPath
 }
 

vendor/github.com/docker/docker/pkg/archive/archive_windows.go

@@ -4,15 +4,27 @@ import (
 	"archive/tar"
 	"os"
 	"path/filepath"
+	"strings"
 
 	"github.com/docker/docker/pkg/idtools"
-	"github.com/docker/docker/pkg/longpath"
 )
 
-// fixVolumePathPrefix does platform specific processing to ensure that if
+// longPathPrefix is the longpath prefix for Windows file paths.
-// the path being passed in is not in a volume path format, convert it to one.
+const longPathPrefix = `\\?\`
-func fixVolumePathPrefix(srcPath string) string {
+
-	return longpath.AddPrefix(srcPath)
+// addLongPathPrefix adds the Windows long path prefix to the path provided if
+// it does not already have it. It is a no-op on platforms other than Windows.
+//
+// addLongPathPrefix is a copy of [github.com/docker/docker/pkg/longpath.AddPrefix].
+func addLongPathPrefix(srcPath string) string {
+	if strings.HasPrefix(srcPath, longPathPrefix) {
+		return srcPath
+	}
+	if strings.HasPrefix(srcPath, `\\`) {
+		// This is a UNC path, so we need to add 'UNC' to the path as well.
+		return longPathPrefix + `UNC` + srcPath[1:]
+	}
+	return longPathPrefix + srcPath
 }
 
 // getWalkRoot calculates the root path when performing a TarWithOptions.

vendor/github.com/docker/docker/pkg/archive/changes.go

@@ -23,12 +23,9 @@ import (
 type ChangeType int
 
 const (
-	// ChangeModify represents the modify operation.
+	ChangeModify = 0 // ChangeModify represents the modify operation.
-	ChangeModify = iota
+	ChangeAdd    = 1 // ChangeAdd represents the add operation.
-	// ChangeAdd represents the add operation.
+	ChangeDelete = 2 // ChangeDelete represents the delete operation.
-	ChangeAdd
-	// ChangeDelete represents the delete operation.
-	ChangeDelete
 )
 
 func (c ChangeType) String() string {

vendor/github.com/docker/docker/pkg/archive/changes_other.go

@@ -72,19 +72,23 @@ func collectFileInfo(sourceDir string) (*FileInfo, error) {
 			return fmt.Errorf("collectFileInfo: Unexpectedly no parent for %s", relPath)
 		}
 
-		info := &FileInfo{
-			name:     filepath.Base(relPath),
-			children: make(map[string]*FileInfo),
-			parent:   parent,
-		}
-
 		s, err := system.Lstat(path)
 		if err != nil {
 			return err
 		}
-		info.stat = s
 
-		info.capability, _ = system.Lgetxattr(path, "security.capability")
+		info := &FileInfo{
+			name:     filepath.Base(relPath),
+			children: make(map[string]*FileInfo),
+			parent:   parent,
+			stat:     s,
+		}
+
+		// system.Lgetxattr is only implemented on Linux and produces an error
+		// on other platforms. This code is intentionally left commented-out
+		// as a reminder to include this code if this would ever be implemented
+		// on other platforms.
+		// info.capability, _ = system.Lgetxattr(path, "security.capability")
 
 		parent.children[info.name] = info
 

vendor/github.com/docker/docker/pkg/longpath/longpath.go

@@ -12,20 +12,24 @@ import (
 )
 
 // Prefix is the longpath prefix for Windows file paths.
-const Prefix = `\\?\`
+//
+// Deprecated: this const is only used internally, and will be removed in the next release
+const Prefix = longPathPrefix
+
+// longPathPrefix is the longpath prefix for Windows file paths.
+const longPathPrefix = `\\?\`
 
 // AddPrefix adds the Windows long path prefix to the path provided if
 // it does not already have it.
 func AddPrefix(path string) string {
-	if !strings.HasPrefix(path, Prefix) {
+	if strings.HasPrefix(path, longPathPrefix) {
+		return path
+	}
 	if strings.HasPrefix(path, `\\`) {
 		// This is a UNC path, so we need to add 'UNC' to the path as well.
-			path = Prefix + `UNC` + path[1:]
+		return longPathPrefix + `UNC` + path[1:]
-		} else {
-			path = Prefix + path
 	}
-	}
+	return longPathPrefix + path
-	return path
 }
 
 // MkdirTemp is the equivalent of [os.MkdirTemp], except that on Windows

vendor/github.com/docker/docker/pkg/stringid/stringid.go

@@ -22,6 +22,8 @@ var (
 
 // IsShortID determines if id has the correct format and length for a short ID.
 // It checks the IDs length and if it consists of valid characters for IDs (a-f0-9).
+//
+// Deprecated: this function is no longer used, and will be removed in the next release.
 func IsShortID(id string) bool {
 	if len(id) != shortLen {
 		return false
@@ -62,6 +64,8 @@ func GenerateRandomID() string {
 }
 
 // ValidateID checks whether an ID string is a valid, full-length image ID.
+//
+// Deprecated: use [github.com/docker/docker/image/v1.ValidateID] instead. Will be removed in the next release.
 func ValidateID(id string) error {
 	if len(id) != fullLen {
 		return errors.New("image ID '" + id + "' is invalid")

vendor/modules.txt

@@ -53,7 +53,7 @@ github.com/docker/distribution/registry/client/transport
 github.com/docker/distribution/registry/storage/cache
 github.com/docker/distribution/registry/storage/cache/memory
 github.com/docker/distribution/uuid
-# github.com/docker/docker v27.0.0-rc.1.0.20240616165053-ec4bac431c88+incompatible
+# github.com/docker/docker v27.0.0-rc.1.0.20240617150224-caf502a0bc44+incompatible
 ## explicit
 github.com/docker/docker/api
 github.com/docker/docker/api/types