diff --git a/go.mod b/go.mod
index e1903192b3c5..f02c00410b0e 100644
--- a/go.mod
+++ b/go.mod
@@ -2,6 +2,9 @@ module github.com/moby/buildkit
go 1.22.0
+// FIXME(thaJeztah): testing moby master
+replace github.com/docker/docker => github.com/docker/docker v27.0.2-0.20250108180700-53287e4ebf86+incompatible
+
require (
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.6.0
github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v0.4.1
diff --git a/go.sum b/go.sum
index 9419b59250bb..27c586c80192 100644
--- a/go.sum
+++ b/go.sum
@@ -134,8 +134,8 @@ github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5Qvfr
github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E=
github.com/docker/cli v27.5.0-rc.2+incompatible h1:VeafR6zeKklf/JnmfjDsonQM5ado1+2p7V6LLmpJdQo=
github.com/docker/cli v27.5.0-rc.2+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
-github.com/docker/docker v27.5.0-rc.2+incompatible h1:x7JrdntaO+3XWxTjrZb0WZ00Mnto9+ti6+jyt79+GdA=
-github.com/docker/docker v27.5.0-rc.2+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
+github.com/docker/docker v27.0.2-0.20250108180700-53287e4ebf86+incompatible h1:J0MPW9sxHqs5+Z0fISfocJ/9GNMwLdX6AoKpHerpXrs=
+github.com/docker/docker v27.0.2-0.20250108180700-53287e4ebf86+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
github.com/docker/docker-credential-helpers v0.8.2 h1:bX3YxiGzFP5sOXWc3bTPEXdEaZSeVMrFgOr3T+zrFAo=
github.com/docker/docker-credential-helpers v0.8.2/go.mod h1:P3ci7E3lwkZg6XiHdRKft1KckHiO9a2rNtyFbZ/ry9M=
github.com/docker/go-connections v0.5.0 h1:USnMq7hx7gwdVZq1L49hLXaFtUdTADjXGp+uj1Br63c=
diff --git a/vendor/github.com/docker/docker/api/common.go b/vendor/github.com/docker/docker/api/common.go
index 93d64cd8d5ff..2c62cd4032e4 100644
--- a/vendor/github.com/docker/docker/api/common.go
+++ b/vendor/github.com/docker/docker/api/common.go
@@ -3,7 +3,7 @@ package api // import "github.com/docker/docker/api"
// Common constants for daemon and client.
const (
// DefaultVersion of the current REST API.
- DefaultVersion = "1.47"
+ DefaultVersion = "1.48"
// MinSupportedAPIVersion is the minimum API version that can be supported
// by the API server, specified as "major.minor". Note that the daemon
diff --git a/vendor/github.com/docker/docker/api/swagger.yaml b/vendor/github.com/docker/docker/api/swagger.yaml
index 142bb038a1cd..ee559ff0353a 100644
--- a/vendor/github.com/docker/docker/api/swagger.yaml
+++ b/vendor/github.com/docker/docker/api/swagger.yaml
@@ -19,10 +19,10 @@ produces:
consumes:
- "application/json"
- "text/plain"
-basePath: "/v1.47"
+basePath: "/v1.48"
info:
title: "Docker Engine API"
- version: "1.47"
+ version: "1.48"
x-logo:
url: "https://docs.docker.com/assets/images/logo-docker-main.png"
description: |
@@ -55,8 +55,8 @@ info:
the URL is not supported by the daemon, a HTTP `400 Bad Request` error message
is returned.
- If you omit the version-prefix, the current version of the API (v1.47) is used.
- For example, calling `/info` is the same as calling `/v1.47/info`. Using the
+ If you omit the version-prefix, the current version of the API (v1.48) is used.
+ For example, calling `/info` is the same as calling `/v1.48/info`. Using the
API without a version-prefix is deprecated and will be removed in a future release.
Engine releases in the near future should support this version of the API,
@@ -1918,7 +1918,7 @@ definitions:
type: "string"
example: "4443"
- GraphDriverData:
+ DriverData:
description: |
Information about the storage driver used to store the container's and
image's filesystem.
@@ -1992,6 +1992,18 @@ definitions:
type: "string"
x-nullable: false
example: "sha256:ec3f0931a6e6b6855d76b2d7b0be30e81860baccd891b2e243280bf1cd8ad710"
+ Descriptor:
+ description: |
+ Descriptor is an OCI descriptor of the image target.
+ In case of a multi-platform image, this descriptor points to the OCI index
+ or a manifest list.
+
+ This field is only present if the daemon provides a multi-platform image store.
+
+ WARNING: This is experimental and may change at any time without any backward
+ compatibility.
+ x-nullable: true
+ $ref: "#/definitions/OCIDescriptor"
RepoTags:
description: |
List of image names/tags in the local image cache that reference this
@@ -2108,7 +2120,7 @@ definitions:
format: "int64"
example: 1239828
GraphDriver:
- $ref: "#/definitions/GraphDriverData"
+ $ref: "#/definitions/DriverData"
RootFS:
description: |
Information about the image's RootFS, including the layer IDs.
@@ -2279,6 +2291,18 @@ definitions:
x-omitempty: true
items:
$ref: "#/definitions/ImageManifestSummary"
+ Descriptor:
+ description: |
+ Descriptor is an OCI descriptor of the image target.
+ In case of a multi-platform image, this descriptor points to the OCI index
+ or a manifest list.
+
+ This field is only present if the daemon provides a multi-platform image store.
+
+ WARNING: This is experimental and may change at any time without any backward
+ compatibility.
+ x-nullable: true
+ $ref: "#/definitions/OCIDescriptor"
AuthConfig:
type: "object"
@@ -2498,6 +2522,11 @@ definitions:
`overlay`).
type: "string"
example: "overlay"
+ EnableIPv4:
+ description: |
+ Whether the network was created with IPv4 enabled.
+ type: "boolean"
+ example: true
EnableIPv6:
description: |
Whether the network was created with IPv6 enabled.
@@ -2899,6 +2928,16 @@ definitions:
example:
com.example.some-label: "some-value"
com.example.some-other-label: "some-other-value"
+ GwPriority:
+ description: |
+ This property determines which endpoint will provide the default
+ gateway for a container. The endpoint with the highest priority will
+ be used. If multiple endpoints have the same priority, endpoints are
+ lexicographically sorted based on their network name, and the one
+ that sorts first is picked.
+ type: "number"
+ example:
+ - 10
# Operational data
NetworkID:
@@ -5509,13 +5548,28 @@ definitions:
type: "boolean"
example: true
BridgeNfIptables:
- description: "Indicates if `bridge-nf-call-iptables` is available on the host."
+ description: |
+ Indicates if `bridge-nf-call-iptables` is available on the host when
+ the daemon was started.
+
+
+
+ > **Deprecated**: netfilter module is now loaded on-demand and no longer
+ > during daemon startup, making this field obsolete. This field is always
+ > `false` and will be removed in a API v1.49.
type: "boolean"
- example: true
+ example: false
BridgeNfIp6tables:
- description: "Indicates if `bridge-nf-call-ip6tables` is available on the host."
+ description: |
+ Indicates if `bridge-nf-call-ip6tables` is available on the host.
+
+
+
+ > **Deprecated**: netfilter module is now loaded on-demand, and no longer
+ > during daemon startup, making this field obsolete. This field is always
+ > `false` and will be removed in a API v1.49.
type: "boolean"
- example: true
+ example: false
Debug:
description: |
Indicates if the daemon is running in debug-mode / with debug-level
@@ -5945,55 +5999,27 @@ definitions:
List of IP ranges to which nondistributable artifacts can be pushed,
using the CIDR syntax [RFC 4632](https://tools.ietf.org/html/4632).
- Some images (for example, Windows base images) contain artifacts
- whose distribution is restricted by license. When these images are
- pushed to a registry, restricted artifacts are not included.
-
- This configuration override this behavior, and enables the daemon to
- push nondistributable artifacts to all registries whose resolved IP
- address is within the subnet described by the CIDR syntax.
-
- This option is useful when pushing images containing
- nondistributable artifacts to a registry on an air-gapped network so
- hosts on that network can pull the images without connecting to
- another server.
-
- > **Warning**: Nondistributable artifacts typically have restrictions
- > on how and where they can be distributed and shared. Only use this
- > feature to push artifacts to private registries and ensure that you
- > are in compliance with any terms that cover redistributing
- > nondistributable artifacts.
+
+ > **Deprecated**: Pushing nondistributable artifacts is now always enabled
+ > and this field is always `null`. This field will be removed in a API v1.49.
type: "array"
items:
type: "string"
- example: ["::1/128", "127.0.0.0/8"]
+ example: []
AllowNondistributableArtifactsHostnames:
description: |
List of registry hostnames to which nondistributable artifacts can be
pushed, using the format `[:]` or `[:]`.
- Some images (for example, Windows base images) contain artifacts
- whose distribution is restricted by license. When these images are
- pushed to a registry, restricted artifacts are not included.
-
- This configuration override this behavior for the specified
- registries.
-
- This option is useful when pushing images containing
- nondistributable artifacts to a registry on an air-gapped network so
- hosts on that network can pull the images without connecting to
- another server.
+
- > **Warning**: Nondistributable artifacts typically have restrictions
- > on how and where they can be distributed and shared. Only use this
- > feature to push artifacts to private registries and ensure that you
- > are in compliance with any terms that cover redistributing
- > nondistributable artifacts.
+ > **Deprecated**: Pushing nondistributable artifacts is now always enabled
+ > and this field is always `null`. This field will be removed in a API v1.49.
type: "array"
items:
type: "string"
- example: ["registry.internal.corp.example.com:3000", "[2001:db8:a0b:12f0::1]:443"]
+ example: []
InsecureRegistryCIDRs:
description: |
List of IP ranges of insecure registries, using the CIDR syntax
@@ -6001,7 +6027,7 @@ definitions:
accept un-encrypted (HTTP) and/or untrusted (HTTPS with certificates
from unknown CAs) communication.
- By default, local registries (`127.0.0.0/8`) are configured as
+ By default, local registries (`::1/128` and `127.0.0.0/8`) are configured as
insecure. All other registries are secure. Communicating with an
insecure registry is not possible if the daemon assumes that registry
is secure.
@@ -6166,6 +6192,8 @@ definitions:
Expected:
description: |
Commit ID of external tool expected by dockerd as set at build time.
+
+ **Deprecated**: This field is deprecated and will be omitted in a API v1.49.
type: "string"
example: "2d41c047c83e09a6d61d464906feb2a2f3c52aa4"
@@ -7236,6 +7264,14 @@ paths:
type: "string"
Platform:
type: "string"
+ ImageManifestDescriptor:
+ $ref: "#/definitions/OCIDescriptor"
+ description: |
+ OCI descriptor of the platform-specific manifest of the image
+ the container was created from.
+
+ Note: Only available if the daemon provides a multi-platform
+ image store.
MountLabel:
type: "string"
ProcessLabel:
@@ -7251,7 +7287,7 @@ paths:
HostConfig:
$ref: "#/definitions/HostConfig"
GraphDriver:
- $ref: "#/definitions/GraphDriverData"
+ $ref: "#/definitions/DriverData"
SizeRw:
description: |
The size of files that have been created or changed by this
@@ -9200,6 +9236,20 @@ paths:
description: "Image name or ID"
type: "string"
required: true
+ - name: "platform"
+ type: "string"
+ in: "query"
+ description: |
+ JSON-encoded OCI platform to select the platform-variant.
+ If omitted, it defaults to any locally available platform,
+ prioritizing the daemon's host platform.
+
+ If the daemon provides a multi-platform image store, this selects
+ the platform-variant to show the history for. If the image is
+ a single-platform image, or if the multi-platform image does not
+ provide a variant matching the given platform, an error is returned.
+
+ Example: `{"os": "linux", "architecture": "arm", "variant": "v5"}`
tags: ["Image"]
/images/{name}/push:
post:
@@ -9953,7 +10003,16 @@ paths:
description: "Image name or ID"
type: "string"
required: true
- tags: ["Image"]
+ - name: "platform"
+ type: "string"
+ in: "query"
+ description: |
+ JSON encoded OCI platform describing a platform which will be used
+ to select a platform-specific image to be saved if the image is
+ multi-platform.
+ If not provided, the full multi-platform image will be saved.
+
+ Example: `{"os": "linux", "architecture": "arm", "variant": "v5"}`
/images/get:
get:
summary: "Export several images"
@@ -10020,6 +10079,16 @@ paths:
description: "Suppress progress details during load."
type: "boolean"
default: false
+ - name: "platform"
+ type: "string"
+ in: "query"
+ description: |
+ JSON encoded OCI platform describing a platform which will be used
+ to select a platform-specific image to be load if the image is
+ multi-platform.
+ If not provided, the full multi-platform image will be loaded.
+
+ Example: `{"os": "linux", "architecture": "arm", "variant": "v5"}`
tags: ["Image"]
/containers/{id}/exec:
post:
@@ -10533,6 +10602,7 @@ paths:
Created: "2016-10-19T06:21:00.416543526Z"
Scope: "local"
Driver: "bridge"
+ EnableIPv4: true
EnableIPv6: false
Internal: false
Attachable: false
@@ -10554,6 +10624,7 @@ paths:
Created: "0001-01-01T00:00:00Z"
Scope: "local"
Driver: "null"
+ EnableIPv4: false
EnableIPv6: false
Internal: false
Attachable: false
@@ -10568,6 +10639,7 @@ paths:
Created: "0001-01-01T00:00:00Z"
Scope: "local"
Driver: "host"
+ EnableIPv4: false
EnableIPv6: false
Internal: false
Attachable: false
@@ -10753,6 +10825,12 @@ paths:
IPAM:
description: "Optional custom IP scheme for the network."
$ref: "#/definitions/IPAM"
+ EnableIPv4:
+ description: |
+ Enable IPv4 on the network.
+ To disable IPv4, the daemon must be started with experimental features enabled.
+ type: "boolean"
+ example: true
EnableIPv6:
description: "Enable IPv6 on the network."
type: "boolean"
@@ -10830,6 +10908,7 @@ paths:
IPv4Address: "172.24.56.89"
IPv6Address: "2001:db8::5689"
MacAddress: "02:42:ac:12:05:02"
+ Priority: 100
tags: ["Network"]
/networks/{id}/disconnect:
diff --git a/vendor/github.com/docker/docker/api/types/client.go b/vendor/github.com/docker/docker/api/types/client.go
index df791f02a0c3..dce8260f328d 100644
--- a/vendor/github.com/docker/docker/api/types/client.go
+++ b/vendor/github.com/docker/docker/api/types/client.go
@@ -11,7 +11,7 @@ import (
"github.com/docker/docker/api/types/registry"
)
-// NewHijackedResponse intializes a HijackedResponse type
+// NewHijackedResponse initializes a [HijackedResponse] type.
func NewHijackedResponse(conn net.Conn, mediaType string) HijackedResponse {
return HijackedResponse{Conn: conn, Reader: bufio.NewReader(conn), mediaType: mediaType}
}
@@ -129,14 +129,6 @@ type ImageBuildResponse struct {
OSType string
}
-// RequestPrivilegeFunc is a function interface that
-// clients can supply to retry operations after
-// getting an authorization error.
-// This function returns the registry authentication
-// header value in base 64 format, or an error
-// if the privilege request fails.
-type RequestPrivilegeFunc func(context.Context) (string, error)
-
// NodeListOptions holds parameters to list nodes with.
type NodeListOptions struct {
Filters filters.Args
@@ -235,11 +227,18 @@ type PluginDisableOptions struct {
// PluginInstallOptions holds parameters to install a plugin.
type PluginInstallOptions struct {
- Disabled bool
- AcceptAllPermissions bool
- RegistryAuth string // RegistryAuth is the base64 encoded credentials for the registry
- RemoteRef string // RemoteRef is the plugin name on the registry
- PrivilegeFunc RequestPrivilegeFunc
+ Disabled bool
+ AcceptAllPermissions bool
+ RegistryAuth string // RegistryAuth is the base64 encoded credentials for the registry
+ RemoteRef string // RemoteRef is the plugin name on the registry
+
+ // PrivilegeFunc is a function that clients can supply to retry operations
+ // after getting an authorization error. This function returns the registry
+ // authentication header value in base64 encoded format, or an error if the
+ // privilege request fails.
+ //
+ // For details, refer to [github.com/docker/docker/api/types/registry.RequestAuthConfig].
+ PrivilegeFunc func(context.Context) (string, error)
AcceptPermissionsFunc func(context.Context, PluginPrivileges) (bool, error)
Args []string
}
diff --git a/vendor/github.com/docker/docker/api/types/container/container.go b/vendor/github.com/docker/docker/api/types/container/container.go
index 711af12c9920..0244a3549a19 100644
--- a/vendor/github.com/docker/docker/api/types/container/container.go
+++ b/vendor/github.com/docker/docker/api/types/container/container.go
@@ -4,6 +4,10 @@ import (
"io"
"os"
"time"
+
+ "github.com/docker/docker/api/types/mount"
+ "github.com/docker/docker/api/types/storage"
+ ocispec "github.com/opencontainers/image-spec/specs-go/v1"
)
// PruneReport contains the response for Engine API:
@@ -42,3 +46,132 @@ type StatsResponseReader struct {
Body io.ReadCloser `json:"body"`
OSType string `json:"ostype"`
}
+
+// MountPoint represents a mount point configuration inside the container.
+// This is used for reporting the mountpoints in use by a container.
+type MountPoint struct {
+ // Type is the type of mount, see `Type` definitions in
+ // github.com/docker/docker/api/types/mount.Type
+ Type mount.Type `json:",omitempty"`
+
+ // Name is the name reference to the underlying data defined by `Source`
+ // e.g., the volume name.
+ Name string `json:",omitempty"`
+
+ // Source is the source location of the mount.
+ //
+ // For volumes, this contains the storage location of the volume (within
+ // `/var/lib/docker/volumes/`). For bind-mounts, and `npipe`, this contains
+ // the source (host) part of the bind-mount. For `tmpfs` mount points, this
+ // field is empty.
+ Source string
+
+ // Destination is the path relative to the container root (`/`) where the
+ // Source is mounted inside the container.
+ Destination string
+
+ // Driver is the volume driver used to create the volume (if it is a volume).
+ Driver string `json:",omitempty"`
+
+ // Mode is a comma separated list of options supplied by the user when
+ // creating the bind/volume mount.
+ //
+ // The default is platform-specific (`"z"` on Linux, empty on Windows).
+ Mode string
+
+ // RW indicates whether the mount is mounted writable (read-write).
+ RW bool
+
+ // Propagation describes how mounts are propagated from the host into the
+ // mount point, and vice-versa. Refer to the Linux kernel documentation
+ // for details:
+ // https://www.kernel.org/doc/Documentation/filesystems/sharedsubtree.txt
+ //
+ // This field is not used on Windows.
+ Propagation mount.Propagation
+}
+
+// State stores container's running state
+// it's part of ContainerJSONBase and returned by "inspect" command
+type State struct {
+ Status string // String representation of the container state. Can be one of "created", "running", "paused", "restarting", "removing", "exited", or "dead"
+ Running bool
+ Paused bool
+ Restarting bool
+ OOMKilled bool
+ Dead bool
+ Pid int
+ ExitCode int
+ Error string
+ StartedAt string
+ FinishedAt string
+ Health *Health `json:",omitempty"`
+}
+
+// Summary contains response of Engine API:
+// GET "/containers/json"
+type Summary struct {
+ ID string `json:"Id"`
+ Names []string
+ Image string
+ ImageID string
+ Command string
+ Created int64
+ Ports []Port
+ SizeRw int64 `json:",omitempty"`
+ SizeRootFs int64 `json:",omitempty"`
+ Labels map[string]string
+ State string
+ Status string
+ HostConfig struct {
+ NetworkMode string `json:",omitempty"`
+ Annotations map[string]string `json:",omitempty"`
+ }
+ NetworkSettings *NetworkSettingsSummary
+ Mounts []MountPoint
+}
+
+// ContainerJSONBase contains response of Engine API GET "/containers/{name:.*}/json"
+// for API version 1.18 and older.
+//
+// TODO(thaJeztah): combine ContainerJSONBase and InspectResponse into a single struct.
+// The split between ContainerJSONBase (ContainerJSONBase) and InspectResponse (InspectResponse)
+// was done in commit 6deaa58ba5f051039643cedceee97c8695e2af74 (https://github.com/moby/moby/pull/13675).
+// ContainerJSONBase contained all fields for API < 1.19, and InspectResponse
+// held fields that were added in API 1.19 and up. Given that the minimum
+// supported API version is now 1.24, we no longer use the separate type.
+type ContainerJSONBase struct {
+ ID string `json:"Id"`
+ Created string
+ Path string
+ Args []string
+ State *State
+ Image string
+ ResolvConfPath string
+ HostnamePath string
+ HostsPath string
+ LogPath string
+ Name string
+ RestartCount int
+ Driver string
+ Platform string
+ MountLabel string
+ ProcessLabel string
+ AppArmorProfile string
+ ExecIDs []string
+ HostConfig *HostConfig
+ GraphDriver storage.DriverData
+ SizeRw *int64 `json:",omitempty"`
+ SizeRootFs *int64 `json:",omitempty"`
+}
+
+// InspectResponse is the response for the GET "/containers/{name:.*}/json"
+// endpoint.
+type InspectResponse struct {
+ *ContainerJSONBase
+ Mounts []MountPoint
+ Config *Config
+ NetworkSettings *NetworkSettings
+ // ImageManifestDescriptor is the descriptor of a platform-specific manifest of the image used to create the container.
+ ImageManifestDescriptor *ocispec.Descriptor `json:",omitempty"`
+}
diff --git a/vendor/github.com/docker/docker/api/types/container/health.go b/vendor/github.com/docker/docker/api/types/container/health.go
new file mode 100644
index 000000000000..93663746f61d
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/types/container/health.go
@@ -0,0 +1,26 @@
+package container
+
+import "time"
+
+// Health states
+const (
+ NoHealthcheck = "none" // Indicates there is no healthcheck
+ Starting = "starting" // Starting indicates that the container is not yet ready
+ Healthy = "healthy" // Healthy indicates that the container is running correctly
+ Unhealthy = "unhealthy" // Unhealthy indicates that the container has a problem
+)
+
+// Health stores information about the container's healthcheck results
+type Health struct {
+ Status string // Status is one of [Starting], [Healthy] or [Unhealthy].
+ FailingStreak int // FailingStreak is the number of consecutive failures
+ Log []*HealthcheckResult // Log contains the last few results (oldest first)
+}
+
+// HealthcheckResult stores information about a single run of a healthcheck probe
+type HealthcheckResult struct {
+ Start time.Time // Start is the time this check started
+ End time.Time // End is the time this check ended
+ ExitCode int // ExitCode meanings: 0=healthy, 1=unhealthy, 2=reserved (considered unhealthy), else=error running probe
+ Output string // Output from last check
+}
diff --git a/vendor/github.com/docker/docker/api/types/container/network_settings.go b/vendor/github.com/docker/docker/api/types/container/network_settings.go
new file mode 100644
index 000000000000..afec0e54323e
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/types/container/network_settings.go
@@ -0,0 +1,56 @@
+package container
+
+import (
+ "github.com/docker/docker/api/types/network"
+ "github.com/docker/go-connections/nat"
+)
+
+// NetworkSettings exposes the network settings in the api
+type NetworkSettings struct {
+ NetworkSettingsBase
+ DefaultNetworkSettings
+ Networks map[string]*network.EndpointSettings
+}
+
+// NetworkSettingsBase holds networking state for a container when inspecting it.
+type NetworkSettingsBase struct {
+ Bridge string // Bridge contains the name of the default bridge interface iff it was set through the daemon --bridge flag.
+ SandboxID string // SandboxID uniquely represents a container's network stack
+ SandboxKey string // SandboxKey identifies the sandbox
+ Ports nat.PortMap // Ports is a collection of PortBinding indexed by Port
+
+ // HairpinMode specifies if hairpin NAT should be enabled on the virtual interface
+ //
+ // Deprecated: This field is never set and will be removed in a future release.
+ HairpinMode bool
+ // LinkLocalIPv6Address is an IPv6 unicast address using the link-local prefix
+ //
+ // Deprecated: This field is never set and will be removed in a future release.
+ LinkLocalIPv6Address string
+ // LinkLocalIPv6PrefixLen is the prefix length of an IPv6 unicast address
+ //
+ // Deprecated: This field is never set and will be removed in a future release.
+ LinkLocalIPv6PrefixLen int
+ SecondaryIPAddresses []network.Address // Deprecated: This field is never set and will be removed in a future release.
+ SecondaryIPv6Addresses []network.Address // Deprecated: This field is never set and will be removed in a future release.
+}
+
+// DefaultNetworkSettings holds network information
+// during the 2 release deprecation period.
+// It will be removed in Docker 1.11.
+type DefaultNetworkSettings struct {
+ EndpointID string // EndpointID uniquely represents a service endpoint in a Sandbox
+ Gateway string // Gateway holds the gateway address for the network
+ GlobalIPv6Address string // GlobalIPv6Address holds network's global IPv6 address
+ GlobalIPv6PrefixLen int // GlobalIPv6PrefixLen represents mask length of network's global IPv6 address
+ IPAddress string // IPAddress holds the IPv4 address for the network
+ IPPrefixLen int // IPPrefixLen represents mask length of network's IPv4 address
+ IPv6Gateway string // IPv6Gateway holds gateway address specific for IPv6
+ MacAddress string // MacAddress holds the MAC address for the network
+}
+
+// NetworkSettingsSummary provides a summary of container's networks
+// in /containers/json
+type NetworkSettingsSummary struct {
+ Networks map[string]*network.EndpointSettings
+}
diff --git a/vendor/github.com/docker/docker/api/types/port.go b/vendor/github.com/docker/docker/api/types/container/port.go
similarity index 96%
rename from vendor/github.com/docker/docker/api/types/port.go
rename to vendor/github.com/docker/docker/api/types/container/port.go
index d91234744c6b..895043cfe94f 100644
--- a/vendor/github.com/docker/docker/api/types/port.go
+++ b/vendor/github.com/docker/docker/api/types/container/port.go
@@ -1,4 +1,4 @@
-package types
+package container
// This file was generated by the swagger tool.
// Editing this file might prove futile when you re-run the swagger generate command
diff --git a/vendor/github.com/docker/docker/api/types/filters/errors.go b/vendor/github.com/docker/docker/api/types/filters/errors.go
index f52f69440891..b8a690d67ab5 100644
--- a/vendor/github.com/docker/docker/api/types/filters/errors.go
+++ b/vendor/github.com/docker/docker/api/types/filters/errors.go
@@ -22,16 +22,3 @@ func (e invalidFilter) Error() string {
// InvalidParameter marks this error as ErrInvalidParameter
func (e invalidFilter) InvalidParameter() {}
-
-// unreachableCode is an error indicating that the code path was not expected to be reached.
-type unreachableCode struct {
- Filter string
- Value []string
-}
-
-// System marks this error as ErrSystem
-func (e unreachableCode) System() {}
-
-func (e unreachableCode) Error() string {
- return fmt.Sprintf("unreachable code reached for filter: %q with values: %s", e.Filter, e.Value)
-}
diff --git a/vendor/github.com/docker/docker/api/types/filters/parse.go b/vendor/github.com/docker/docker/api/types/filters/parse.go
index 0914b2a4410c..2085ff38f2f8 100644
--- a/vendor/github.com/docker/docker/api/types/filters/parse.go
+++ b/vendor/github.com/docker/docker/api/types/filters/parse.go
@@ -200,7 +200,6 @@ func (args Args) Match(field, source string) bool {
// Error is not nil only if the filter values are not valid boolean or are conflicting.
func (args Args) GetBoolOrDefault(key string, defaultValue bool) (bool, error) {
fieldValues, ok := args.fields[key]
-
if !ok {
return defaultValue, nil
}
@@ -211,20 +210,11 @@ func (args Args) GetBoolOrDefault(key string, defaultValue bool) (bool, error) {
isFalse := fieldValues["0"] || fieldValues["false"]
isTrue := fieldValues["1"] || fieldValues["true"]
-
- conflicting := isFalse && isTrue
- invalid := !isFalse && !isTrue
-
- if conflicting || invalid {
+ if isFalse == isTrue {
+ // Either no or conflicting truthy/falsy value were provided
return defaultValue, &invalidFilter{key, args.Get(key)}
- } else if isFalse {
- return false, nil
- } else if isTrue {
- return true, nil
}
-
- // This code shouldn't be reached.
- return defaultValue, &unreachableCode{Filter: key, Value: args.Get(key)}
+ return isTrue, nil
}
// ExactMatch returns true if the source matches exactly one of the values.
diff --git a/vendor/github.com/docker/docker/api/types/image/image_inspect.go b/vendor/github.com/docker/docker/api/types/image/image_inspect.go
new file mode 100644
index 000000000000..5d24dd62a22b
--- /dev/null
+++ b/vendor/github.com/docker/docker/api/types/image/image_inspect.go
@@ -0,0 +1,130 @@
+package image
+
+import (
+ "github.com/docker/docker/api/types/container"
+ "github.com/docker/docker/api/types/storage"
+ ocispec "github.com/opencontainers/image-spec/specs-go/v1"
+)
+
+// RootFS returns Image's RootFS description including the layer IDs.
+type RootFS struct {
+ Type string `json:",omitempty"`
+ Layers []string `json:",omitempty"`
+}
+
+// InspectResponse contains response of Engine API:
+// GET "/images/{name:.*}/json"
+type InspectResponse struct {
+ // ID is the content-addressable ID of an image.
+ //
+ // This identifier is a content-addressable digest calculated from the
+ // image's configuration (which includes the digests of layers used by
+ // the image).
+ //
+ // Note that this digest differs from the `RepoDigests` below, which
+ // holds digests of image manifests that reference the image.
+ ID string `json:"Id"`
+
+ // RepoTags is a list of image names/tags in the local image cache that
+ // reference this image.
+ //
+ // Multiple image tags can refer to the same image, and this list may be
+ // empty if no tags reference the image, in which case the image is
+ // "untagged", in which case it can still be referenced by its ID.
+ RepoTags []string
+
+ // RepoDigests is a list of content-addressable digests of locally available
+ // image manifests that the image is referenced from. Multiple manifests can
+ // refer to the same image.
+ //
+ // These digests are usually only available if the image was either pulled
+ // from a registry, or if the image was pushed to a registry, which is when
+ // the manifest is generated and its digest calculated.
+ RepoDigests []string
+
+ // Parent is the ID of the parent image.
+ //
+ // Depending on how the image was created, this field may be empty and
+ // is only set for images that were built/created locally. This field
+ // is empty if the image was pulled from an image registry.
+ Parent string
+
+ // Comment is an optional message that can be set when committing or
+ // importing the image.
+ Comment string
+
+ // Created is the date and time at which the image was created, formatted in
+ // RFC 3339 nano-seconds (time.RFC3339Nano).
+ //
+ // This information is only available if present in the image,
+ // and omitted otherwise.
+ Created string `json:",omitempty"`
+
+ // Container is the ID of the container that was used to create the image.
+ //
+ // Depending on how the image was created, this field may be empty.
+ //
+ // Deprecated: this field is omitted in API v1.45, but kept for backward compatibility.
+ Container string `json:",omitempty"`
+
+ // ContainerConfig is an optional field containing the configuration of the
+ // container that was last committed when creating the image.
+ //
+ // Previous versions of Docker builder used this field to store build cache,
+ // and it is not in active use anymore.
+ //
+ // Deprecated: this field is omitted in API v1.45, but kept for backward compatibility.
+ ContainerConfig *container.Config `json:",omitempty"`
+
+ // DockerVersion is the version of Docker that was used to build the image.
+ //
+ // Depending on how the image was created, this field may be empty.
+ DockerVersion string
+
+ // Author is the name of the author that was specified when committing the
+ // image, or as specified through MAINTAINER (deprecated) in the Dockerfile.
+ Author string
+ Config *container.Config
+
+ // Architecture is the hardware CPU architecture that the image runs on.
+ Architecture string
+
+ // Variant is the CPU architecture variant (presently ARM-only).
+ Variant string `json:",omitempty"`
+
+ // OS is the Operating System the image is built to run on.
+ Os string
+
+ // OsVersion is the version of the Operating System the image is built to
+ // run on (especially for Windows).
+ OsVersion string `json:",omitempty"`
+
+ // Size is the total size of the image including all layers it is composed of.
+ Size int64
+
+ // VirtualSize is the total size of the image including all layers it is
+ // composed of.
+ //
+ // Deprecated: this field is omitted in API v1.44, but kept for backward compatibility. Use Size instead.
+ VirtualSize int64 `json:"VirtualSize,omitempty"`
+
+ // GraphDriver holds information about the storage driver used to store the
+ // container's and image's filesystem.
+ GraphDriver storage.DriverData
+
+ // RootFS contains information about the image's RootFS, including the
+ // layer IDs.
+ RootFS RootFS
+
+ // Metadata of the image in the local cache.
+ //
+ // This information is local to the daemon, and not part of the image itself.
+ Metadata Metadata
+
+ // Descriptor is the OCI descriptor of the image target.
+ // It's only set if the daemon provides a multi-platform image store.
+ //
+ // WARNING: This is experimental and may change at any time without any backward
+ // compatibility.
+ Descriptor *ocispec.Descriptor `json:"Descriptor,omitempty"`
+}
diff --git a/vendor/github.com/docker/docker/api/types/image/opts.go b/vendor/github.com/docker/docker/api/types/image/opts.go
index 923ebe5a06a0..06365830210b 100644
--- a/vendor/github.com/docker/docker/api/types/image/opts.go
+++ b/vendor/github.com/docker/docker/api/types/image/opts.go
@@ -38,7 +38,7 @@ type PullOptions struct {
// authentication header value in base64 encoded format, or an error if the
// privilege request fails.
//
- // Also see [github.com/docker/docker/api/types.RequestPrivilegeFunc].
+ // For details, refer to [github.com/docker/docker/api/types/registry.RequestAuthConfig].
PrivilegeFunc func(context.Context) (string, error)
Platform string
}
@@ -53,7 +53,7 @@ type PushOptions struct {
// authentication header value in base64 encoded format, or an error if the
// privilege request fails.
//
- // Also see [github.com/docker/docker/api/types.RequestPrivilegeFunc].
+ // For details, refer to [github.com/docker/docker/api/types/registry.RequestAuthConfig].
PrivilegeFunc func(context.Context) (string, error)
// Platform is an optional field that selects a specific platform to push
@@ -86,3 +86,26 @@ type RemoveOptions struct {
Force bool
PruneChildren bool
}
+
+// HistoryOptions holds parameters to get image history.
+type HistoryOptions struct {
+ // Platform from the manifest list to use for history.
+ Platform *ocispec.Platform
+}
+
+// LoadOptions holds parameters to load images.
+type LoadOptions struct {
+ // Quiet suppresses progress output
+ Quiet bool
+
+ // Platforms selects the platforms to load if the image is a
+ // multi-platform image and has multiple variants.
+ Platforms []ocispec.Platform
+}
+
+// SaveOptions holds parameters to save images.
+type SaveOptions struct {
+ // Platforms selects the platforms to save if the image is a
+ // multi-platform image and has multiple variants.
+ Platforms []ocispec.Platform
+}
diff --git a/vendor/github.com/docker/docker/api/types/image/summary.go b/vendor/github.com/docker/docker/api/types/image/summary.go
index e87e216a28b3..c5ae6ab9ca11 100644
--- a/vendor/github.com/docker/docker/api/types/image/summary.go
+++ b/vendor/github.com/docker/docker/api/types/image/summary.go
@@ -1,5 +1,7 @@
package image
+import ocispec "github.com/opencontainers/image-spec/specs-go/v1"
+
type Summary struct {
// Number of containers using this image. Includes both stopped and running
@@ -42,6 +44,13 @@ type Summary struct {
// Required: true
ParentID string `json:"ParentId"`
+ // Descriptor is the OCI descriptor of the image target.
+ // It's only set if the daemon provides a multi-platform image store.
+ //
+ // WARNING: This is experimental and may change at any time without any backward
+ // compatibility.
+ Descriptor *ocispec.Descriptor `json:"Descriptor,omitempty"`
+
// Manifests is a list of image manifests available in this image. It
// provides a more detailed view of the platform-specific image manifests or
// other image-attached data like build attestations.
diff --git a/vendor/github.com/docker/docker/api/types/network/endpoint.go b/vendor/github.com/docker/docker/api/types/network/endpoint.go
index 0fbb40b351c3..167ac70ab56a 100644
--- a/vendor/github.com/docker/docker/api/types/network/endpoint.go
+++ b/vendor/github.com/docker/docker/api/types/network/endpoint.go
@@ -19,6 +19,12 @@ type EndpointSettings struct {
// generated address).
MacAddress string
DriverOpts map[string]string
+
+ // GwPriority determines which endpoint will provide the default gateway
+ // for the container. The endpoint with the highest priority will be used.
+ // If multiple endpoints have the same priority, they are lexicographically
+ // sorted based on their network name, and the one that sorts first is picked.
+ GwPriority int
// Operational data
NetworkID string
EndpointID string
diff --git a/vendor/github.com/docker/docker/api/types/network/network.go b/vendor/github.com/docker/docker/api/types/network/network.go
index c8db97a7e674..d34b8ab72498 100644
--- a/vendor/github.com/docker/docker/api/types/network/network.go
+++ b/vendor/github.com/docker/docker/api/types/network/network.go
@@ -33,6 +33,7 @@ type CreateRequest struct {
type CreateOptions struct {
Driver string // Driver is the driver-name used to create the network (e.g. `bridge`, `overlay`)
Scope string // Scope describes the level at which the network exists (e.g. `swarm` for cluster-wide or `local` for machine level).
+ EnableIPv4 *bool `json:",omitempty"` // EnableIPv4 represents whether to enable IPv4.
EnableIPv6 *bool `json:",omitempty"` // EnableIPv6 represents whether to enable IPv6.
IPAM *IPAM // IPAM is the network's IP Address Management.
Internal bool // Internal represents if the network is used internal only.
@@ -76,7 +77,8 @@ type Inspect struct {
Created time.Time // Created is the time the network created
Scope string // Scope describes the level at which the network exists (e.g. `swarm` for cluster-wide or `local` for machine level)
Driver string // Driver is the Driver name used to create the network (e.g. `bridge`, `overlay`)
- EnableIPv6 bool // EnableIPv6 represents whether to enable IPv6
+ EnableIPv4 bool // EnableIPv4 represents whether IPv4 is enabled
+ EnableIPv6 bool // EnableIPv6 represents whether IPv6 is enabled
IPAM IPAM // IPAM is the network's IP Address Management
Internal bool // Internal represents if the network is used internal only
Attachable bool // Attachable represents if the global scope is manually attachable by regular containers from workers in swarm mode.
diff --git a/vendor/github.com/docker/docker/api/types/registry/authconfig.go b/vendor/github.com/docker/docker/api/types/registry/authconfig.go
index 8e383f6e60cb..2f49428890ec 100644
--- a/vendor/github.com/docker/docker/api/types/registry/authconfig.go
+++ b/vendor/github.com/docker/docker/api/types/registry/authconfig.go
@@ -1,5 +1,6 @@
package registry // import "github.com/docker/docker/api/types/registry"
import (
+ "context"
"encoding/base64"
"encoding/json"
"io"
@@ -12,6 +13,18 @@ import (
// authorization credentials for registry operations (push/pull).
const AuthHeader = "X-Registry-Auth"
+// RequestAuthConfig is a function interface that clients can supply
+// to retry operations after getting an authorization error.
+//
+// The function must return the [AuthHeader] value ([AuthConfig]), encoded
+// in base64url format ([RFC4648, section 5]), which can be decoded by
+// [DecodeAuthConfig].
+//
+// It must return an error if the privilege request fails.
+//
+// [RFC4648, section 5]: https://tools.ietf.org/html/rfc4648#section-5
+type RequestAuthConfig func(context.Context) (string, error)
+
// AuthConfig contains authorization information for connecting to a Registry.
type AuthConfig struct {
Username string `json:"username,omitempty"`
diff --git a/vendor/github.com/docker/docker/api/types/registry/registry.go b/vendor/github.com/docker/docker/api/types/registry/registry.go
index 75ee07b15f97..b0a4d604f5f8 100644
--- a/vendor/github.com/docker/docker/api/types/registry/registry.go
+++ b/vendor/github.com/docker/docker/api/types/registry/registry.go
@@ -9,11 +9,29 @@ import (
// ServiceConfig stores daemon registry services configuration.
type ServiceConfig struct {
- AllowNondistributableArtifactsCIDRs []*NetIPNet
- AllowNondistributableArtifactsHostnames []string
- InsecureRegistryCIDRs []*NetIPNet `json:"InsecureRegistryCIDRs"`
- IndexConfigs map[string]*IndexInfo `json:"IndexConfigs"`
- Mirrors []string
+ AllowNondistributableArtifactsCIDRs []*NetIPNet `json:"AllowNondistributableArtifactsCIDRs,omitempty"` // Deprecated: non-distributable artifacts are deprecated and enabled by default. This field will be removed in the next release.
+ AllowNondistributableArtifactsHostnames []string `json:"AllowNondistributableArtifactsHostnames,omitempty"` // Deprecated: non-distributable artifacts are deprecated and enabled by default. This field will be removed in the next release.
+
+ InsecureRegistryCIDRs []*NetIPNet `json:"InsecureRegistryCIDRs"`
+ IndexConfigs map[string]*IndexInfo `json:"IndexConfigs"`
+ Mirrors []string
+}
+
+// MarshalJSON implements a custom marshaler to include legacy fields
+// in API responses.
+func (sc ServiceConfig) MarshalJSON() ([]byte, error) {
+ tmp := map[string]interface{}{
+ "InsecureRegistryCIDRs": sc.InsecureRegistryCIDRs,
+ "IndexConfigs": sc.IndexConfigs,
+ "Mirrors": sc.Mirrors,
+ }
+ if sc.AllowNondistributableArtifactsCIDRs != nil {
+ tmp["AllowNondistributableArtifactsCIDRs"] = nil
+ }
+ if sc.AllowNondistributableArtifactsHostnames != nil {
+ tmp["AllowNondistributableArtifactsHostnames"] = nil
+ }
+ return json.Marshal(tmp)
}
// NetIPNet is the net.IPNet type, which can be marshalled and
diff --git a/vendor/github.com/docker/docker/api/types/registry/search.go b/vendor/github.com/docker/docker/api/types/registry/search.go
index a0a1eec5441b..994ca4c6f96f 100644
--- a/vendor/github.com/docker/docker/api/types/registry/search.go
+++ b/vendor/github.com/docker/docker/api/types/registry/search.go
@@ -10,11 +10,12 @@ import (
type SearchOptions struct {
RegistryAuth string
- // PrivilegeFunc is a [types.RequestPrivilegeFunc] the client can
- // supply to retry operations after getting an authorization error.
+ // PrivilegeFunc is a function that clients can supply to retry operations
+ // after getting an authorization error. This function returns the registry
+ // authentication header value in base64 encoded format, or an error if the
+ // privilege request fails.
//
- // It must return the registry authentication header value in base64
- // format, or an error if the privilege request fails.
+ // For details, refer to [github.com/docker/docker/api/types/registry.RequestAuthConfig].
PrivilegeFunc func(context.Context) (string, error)
Filters filters.Args
Limit int
diff --git a/vendor/github.com/docker/docker/api/types/graph_driver_data.go b/vendor/github.com/docker/docker/api/types/storage/driver_data.go
similarity index 75%
rename from vendor/github.com/docker/docker/api/types/graph_driver_data.go
rename to vendor/github.com/docker/docker/api/types/storage/driver_data.go
index ce3deb331c51..009e21309507 100644
--- a/vendor/github.com/docker/docker/api/types/graph_driver_data.go
+++ b/vendor/github.com/docker/docker/api/types/storage/driver_data.go
@@ -1,13 +1,13 @@
-package types
+package storage
// This file was generated by the swagger tool.
// Editing this file might prove futile when you re-run the swagger generate command
-// GraphDriverData Information about the storage driver used to store the container's and
+// DriverData Information about the storage driver used to store the container's and
// image's filesystem.
//
-// swagger:model GraphDriverData
-type GraphDriverData struct {
+// swagger:model DriverData
+type DriverData struct {
// Low-level storage metadata, provided as key/value pairs.
//
diff --git a/vendor/github.com/docker/docker/api/types/system/info.go b/vendor/github.com/docker/docker/api/types/system/info.go
index c66a2afb8bbe..8a2444da28a8 100644
--- a/vendor/github.com/docker/docker/api/types/system/info.go
+++ b/vendor/github.com/docker/docker/api/types/system/info.go
@@ -29,8 +29,8 @@ type Info struct {
CPUSet bool
PidsLimit bool
IPv4Forwarding bool
- BridgeNfIptables bool
- BridgeNfIP6tables bool `json:"BridgeNfIp6tables"`
+ BridgeNfIptables bool `json:"BridgeNfIptables"` // Deprecated: netfilter module is now loaded on-demand and no longer during daemon startup, making this field obsolete. This field is always false and will be removed in the next release.
+ BridgeNfIP6tables bool `json:"BridgeNfIp6tables"` // Deprecated: netfilter module is now loaded on-demand and no longer during daemon startup, making this field obsolete. This field is always false and will be removed in the next release.
Debug bool
NFd int
OomKillDisable bool
@@ -137,8 +137,13 @@ type PluginsInfo struct {
// Commit holds the Git-commit (SHA1) that a binary was built from, as reported
// in the version-string of external tools, such as containerd, or runC.
type Commit struct {
- ID string // ID is the actual commit ID of external tool.
- Expected string // Expected is the commit ID of external tool expected by dockerd as set at build time.
+ // ID is the actual commit ID or version of external tool.
+ ID string
+
+ // Expected is the commit ID of external tool expected by dockerd as set at build time.
+ //
+ // Deprecated: this field is no longer used in API v1.49, but kept for backward-compatibility with older API versions.
+ Expected string
}
// NetworkAddressPool is a temp struct used by [Info] struct.
diff --git a/vendor/github.com/docker/docker/api/types/types.go b/vendor/github.com/docker/docker/api/types/types.go
index ea55813e6389..eb6831c5f39a 100644
--- a/vendor/github.com/docker/docker/api/types/types.go
+++ b/vendor/github.com/docker/docker/api/types/types.go
@@ -6,11 +6,8 @@ import (
"github.com/docker/docker/api/types/container"
"github.com/docker/docker/api/types/filters"
"github.com/docker/docker/api/types/image"
- "github.com/docker/docker/api/types/mount"
- "github.com/docker/docker/api/types/network"
"github.com/docker/docker/api/types/swarm"
"github.com/docker/docker/api/types/volume"
- "github.com/docker/go-connections/nat"
)
const (
@@ -21,145 +18,6 @@ const (
MediaTypeMultiplexedStream = "application/vnd.docker.multiplexed-stream"
)
-// RootFS returns Image's RootFS description including the layer IDs.
-type RootFS struct {
- Type string `json:",omitempty"`
- Layers []string `json:",omitempty"`
-}
-
-// ImageInspect contains response of Engine API:
-// GET "/images/{name:.*}/json"
-type ImageInspect struct {
- // ID is the content-addressable ID of an image.
- //
- // This identifier is a content-addressable digest calculated from the
- // image's configuration (which includes the digests of layers used by
- // the image).
- //
- // Note that this digest differs from the `RepoDigests` below, which
- // holds digests of image manifests that reference the image.
- ID string `json:"Id"`
-
- // RepoTags is a list of image names/tags in the local image cache that
- // reference this image.
- //
- // Multiple image tags can refer to the same image, and this list may be
- // empty if no tags reference the image, in which case the image is
- // "untagged", in which case it can still be referenced by its ID.
- RepoTags []string
-
- // RepoDigests is a list of content-addressable digests of locally available
- // image manifests that the image is referenced from. Multiple manifests can
- // refer to the same image.
- //
- // These digests are usually only available if the image was either pulled
- // from a registry, or if the image was pushed to a registry, which is when
- // the manifest is generated and its digest calculated.
- RepoDigests []string
-
- // Parent is the ID of the parent image.
- //
- // Depending on how the image was created, this field may be empty and
- // is only set for images that were built/created locally. This field
- // is empty if the image was pulled from an image registry.
- Parent string
-
- // Comment is an optional message that can be set when committing or
- // importing the image.
- Comment string
-
- // Created is the date and time at which the image was created, formatted in
- // RFC 3339 nano-seconds (time.RFC3339Nano).
- //
- // This information is only available if present in the image,
- // and omitted otherwise.
- Created string `json:",omitempty"`
-
- // Container is the ID of the container that was used to create the image.
- //
- // Depending on how the image was created, this field may be empty.
- //
- // Deprecated: this field is omitted in API v1.45, but kept for backward compatibility.
- Container string `json:",omitempty"`
-
- // ContainerConfig is an optional field containing the configuration of the
- // container that was last committed when creating the image.
- //
- // Previous versions of Docker builder used this field to store build cache,
- // and it is not in active use anymore.
- //
- // Deprecated: this field is omitted in API v1.45, but kept for backward compatibility.
- ContainerConfig *container.Config `json:",omitempty"`
-
- // DockerVersion is the version of Docker that was used to build the image.
- //
- // Depending on how the image was created, this field may be empty.
- DockerVersion string
-
- // Author is the name of the author that was specified when committing the
- // image, or as specified through MAINTAINER (deprecated) in the Dockerfile.
- Author string
- Config *container.Config
-
- // Architecture is the hardware CPU architecture that the image runs on.
- Architecture string
-
- // Variant is the CPU architecture variant (presently ARM-only).
- Variant string `json:",omitempty"`
-
- // OS is the Operating System the image is built to run on.
- Os string
-
- // OsVersion is the version of the Operating System the image is built to
- // run on (especially for Windows).
- OsVersion string `json:",omitempty"`
-
- // Size is the total size of the image including all layers it is composed of.
- Size int64
-
- // VirtualSize is the total size of the image including all layers it is
- // composed of.
- //
- // Deprecated: this field is omitted in API v1.44, but kept for backward compatibility. Use Size instead.
- VirtualSize int64 `json:"VirtualSize,omitempty"`
-
- // GraphDriver holds information about the storage driver used to store the
- // container's and image's filesystem.
- GraphDriver GraphDriverData
-
- // RootFS contains information about the image's RootFS, including the
- // layer IDs.
- RootFS RootFS
-
- // Metadata of the image in the local cache.
- //
- // This information is local to the daemon, and not part of the image itself.
- Metadata image.Metadata
-}
-
-// Container contains response of Engine API:
-// GET "/containers/json"
-type Container struct {
- ID string `json:"Id"`
- Names []string
- Image string
- ImageID string
- Command string
- Created int64
- Ports []Port
- SizeRw int64 `json:",omitempty"`
- SizeRootFs int64 `json:",omitempty"`
- Labels map[string]string
- State string
- Status string
- HostConfig struct {
- NetworkMode string `json:",omitempty"`
- Annotations map[string]string `json:",omitempty"`
- }
- NetworkSettings *SummaryNetworkSettings
- Mounts []MountPoint
-}
-
// Ping contains response of Engine API:
// GET "/_ping"
type Ping struct {
@@ -205,176 +63,6 @@ type Version struct {
BuildTime string `json:",omitempty"`
}
-// HealthcheckResult stores information about a single run of a healthcheck probe
-type HealthcheckResult struct {
- Start time.Time // Start is the time this check started
- End time.Time // End is the time this check ended
- ExitCode int // ExitCode meanings: 0=healthy, 1=unhealthy, 2=reserved (considered unhealthy), else=error running probe
- Output string // Output from last check
-}
-
-// Health states
-const (
- NoHealthcheck = "none" // Indicates there is no healthcheck
- Starting = "starting" // Starting indicates that the container is not yet ready
- Healthy = "healthy" // Healthy indicates that the container is running correctly
- Unhealthy = "unhealthy" // Unhealthy indicates that the container has a problem
-)
-
-// Health stores information about the container's healthcheck results
-type Health struct {
- Status string // Status is one of Starting, Healthy or Unhealthy
- FailingStreak int // FailingStreak is the number of consecutive failures
- Log []*HealthcheckResult // Log contains the last few results (oldest first)
-}
-
-// ContainerState stores container's running state
-// it's part of ContainerJSONBase and will return by "inspect" command
-type ContainerState struct {
- Status string // String representation of the container state. Can be one of "created", "running", "paused", "restarting", "removing", "exited", or "dead"
- Running bool
- Paused bool
- Restarting bool
- OOMKilled bool
- Dead bool
- Pid int
- ExitCode int
- Error string
- StartedAt string
- FinishedAt string
- Health *Health `json:",omitempty"`
-}
-
-// ContainerJSONBase contains response of Engine API:
-// GET "/containers/{name:.*}/json"
-type ContainerJSONBase struct {
- ID string `json:"Id"`
- Created string
- Path string
- Args []string
- State *ContainerState
- Image string
- ResolvConfPath string
- HostnamePath string
- HostsPath string
- LogPath string
- Node *ContainerNode `json:",omitempty"` // Deprecated: Node was only propagated by Docker Swarm standalone API. It sill be removed in the next release.
- Name string
- RestartCount int
- Driver string
- Platform string
- MountLabel string
- ProcessLabel string
- AppArmorProfile string
- ExecIDs []string
- HostConfig *container.HostConfig
- GraphDriver GraphDriverData
- SizeRw *int64 `json:",omitempty"`
- SizeRootFs *int64 `json:",omitempty"`
-}
-
-// ContainerJSON is newly used struct along with MountPoint
-type ContainerJSON struct {
- *ContainerJSONBase
- Mounts []MountPoint
- Config *container.Config
- NetworkSettings *NetworkSettings
-}
-
-// NetworkSettings exposes the network settings in the api
-type NetworkSettings struct {
- NetworkSettingsBase
- DefaultNetworkSettings
- Networks map[string]*network.EndpointSettings
-}
-
-// SummaryNetworkSettings provides a summary of container's networks
-// in /containers/json
-type SummaryNetworkSettings struct {
- Networks map[string]*network.EndpointSettings
-}
-
-// NetworkSettingsBase holds networking state for a container when inspecting it.
-type NetworkSettingsBase struct {
- Bridge string // Bridge contains the name of the default bridge interface iff it was set through the daemon --bridge flag.
- SandboxID string // SandboxID uniquely represents a container's network stack
- SandboxKey string // SandboxKey identifies the sandbox
- Ports nat.PortMap // Ports is a collection of PortBinding indexed by Port
-
- // HairpinMode specifies if hairpin NAT should be enabled on the virtual interface
- //
- // Deprecated: This field is never set and will be removed in a future release.
- HairpinMode bool
- // LinkLocalIPv6Address is an IPv6 unicast address using the link-local prefix
- //
- // Deprecated: This field is never set and will be removed in a future release.
- LinkLocalIPv6Address string
- // LinkLocalIPv6PrefixLen is the prefix length of an IPv6 unicast address
- //
- // Deprecated: This field is never set and will be removed in a future release.
- LinkLocalIPv6PrefixLen int
- SecondaryIPAddresses []network.Address // Deprecated: This field is never set and will be removed in a future release.
- SecondaryIPv6Addresses []network.Address // Deprecated: This field is never set and will be removed in a future release.
-}
-
-// DefaultNetworkSettings holds network information
-// during the 2 release deprecation period.
-// It will be removed in Docker 1.11.
-type DefaultNetworkSettings struct {
- EndpointID string // EndpointID uniquely represents a service endpoint in a Sandbox
- Gateway string // Gateway holds the gateway address for the network
- GlobalIPv6Address string // GlobalIPv6Address holds network's global IPv6 address
- GlobalIPv6PrefixLen int // GlobalIPv6PrefixLen represents mask length of network's global IPv6 address
- IPAddress string // IPAddress holds the IPv4 address for the network
- IPPrefixLen int // IPPrefixLen represents mask length of network's IPv4 address
- IPv6Gateway string // IPv6Gateway holds gateway address specific for IPv6
- MacAddress string // MacAddress holds the MAC address for the network
-}
-
-// MountPoint represents a mount point configuration inside the container.
-// This is used for reporting the mountpoints in use by a container.
-type MountPoint struct {
- // Type is the type of mount, see `Type` definitions in
- // github.com/docker/docker/api/types/mount.Type
- Type mount.Type `json:",omitempty"`
-
- // Name is the name reference to the underlying data defined by `Source`
- // e.g., the volume name.
- Name string `json:",omitempty"`
-
- // Source is the source location of the mount.
- //
- // For volumes, this contains the storage location of the volume (within
- // `/var/lib/docker/volumes/`). For bind-mounts, and `npipe`, this contains
- // the source (host) part of the bind-mount. For `tmpfs` mount points, this
- // field is empty.
- Source string
-
- // Destination is the path relative to the container root (`/`) where the
- // Source is mounted inside the container.
- Destination string
-
- // Driver is the volume driver used to create the volume (if it is a volume).
- Driver string `json:",omitempty"`
-
- // Mode is a comma separated list of options supplied by the user when
- // creating the bind/volume mount.
- //
- // The default is platform-specific (`"z"` on Linux, empty on Windows).
- Mode string
-
- // RW indicates whether the mount is mounted writable (read-write).
- RW bool
-
- // Propagation describes how mounts are propagated from the host into the
- // mount point, and vice-versa. Refer to the Linux kernel documentation
- // for details:
- // https://www.kernel.org/doc/Documentation/filesystems/sharedsubtree.txt
- //
- // This field is not used on Windows.
- Propagation mount.Propagation
-}
-
// DiskUsageObject represents an object type used for disk usage query filtering.
type DiskUsageObject string
@@ -401,7 +89,7 @@ type DiskUsageOptions struct {
type DiskUsage struct {
LayersSize int64
Images []*image.Summary
- Containers []*Container
+ Containers []*container.Summary
Volumes []*volume.Volume
BuildCache []*BuildCache
BuilderSize int64 `json:",omitempty"` // Deprecated: deprecated in API 1.38, and no longer used since API 1.40.
diff --git a/vendor/github.com/docker/docker/api/types/types_deprecated.go b/vendor/github.com/docker/docker/api/types/types_deprecated.go
index 43ffe104aa1d..170a65b8b9fa 100644
--- a/vendor/github.com/docker/docker/api/types/types_deprecated.go
+++ b/vendor/github.com/docker/docker/api/types/types_deprecated.go
@@ -1,210 +1,109 @@
package types
import (
+ "context"
+
"github.com/docker/docker/api/types/container"
- "github.com/docker/docker/api/types/events"
"github.com/docker/docker/api/types/image"
- "github.com/docker/docker/api/types/network"
- "github.com/docker/docker/api/types/registry"
- "github.com/docker/docker/api/types/volume"
+ "github.com/docker/docker/api/types/storage"
)
-// ImagesPruneReport contains the response for Engine API:
-// POST "/images/prune"
-//
-// Deprecated: use [image.PruneReport].
-type ImagesPruneReport = image.PruneReport
-
-// VolumesPruneReport contains the response for Engine API:
-// POST "/volumes/prune".
-//
-// Deprecated: use [volume.PruneReport].
-type VolumesPruneReport = volume.PruneReport
-
-// NetworkCreateRequest is the request message sent to the server for network create call.
-//
-// Deprecated: use [network.CreateRequest].
-type NetworkCreateRequest = network.CreateRequest
-
-// NetworkCreate is the expected body of the "create network" http request message
-//
-// Deprecated: use [network.CreateOptions].
-type NetworkCreate = network.CreateOptions
-
-// NetworkListOptions holds parameters to filter the list of networks with.
-//
-// Deprecated: use [network.ListOptions].
-type NetworkListOptions = network.ListOptions
-
-// NetworkCreateResponse is the response message sent by the server for network create call.
-//
-// Deprecated: use [network.CreateResponse].
-type NetworkCreateResponse = network.CreateResponse
-
-// NetworkInspectOptions holds parameters to inspect network.
-//
-// Deprecated: use [network.InspectOptions].
-type NetworkInspectOptions = network.InspectOptions
-
-// NetworkConnect represents the data to be used to connect a container to the network
+// ContainerJSONBase contains response of Engine API GET "/containers/{name:.*}/json"
+// for API version 1.18 and older.
//
-// Deprecated: use [network.ConnectOptions].
-type NetworkConnect = network.ConnectOptions
+// Deprecated: use [container.InspectResponse] or [container.ContainerJSONBase]. It will be removed in the next release.
+type ContainerJSONBase = container.ContainerJSONBase
-// NetworkDisconnect represents the data to be used to disconnect a container from the network
+// ContainerJSON is the response for the GET "/containers/{name:.*}/json"
+// endpoint.
//
-// Deprecated: use [network.DisconnectOptions].
-type NetworkDisconnect = network.DisconnectOptions
+// Deprecated: use [container.InspectResponse]. It will be removed in the next release.
+type ContainerJSON = container.InspectResponse
-// EndpointResource contains network resources allocated and used for a container in a network.
+// Container contains response of Engine API:
+// GET "/containers/json"
//
-// Deprecated: use [network.EndpointResource].
-type EndpointResource = network.EndpointResource
+// Deprecated: use [container.Summary].
+type Container = container.Summary
-// NetworkResource is the body of the "get network" http response message/
+// ContainerState stores container's running state
//
-// Deprecated: use [network.Inspect] or [network.Summary] (for list operations).
-type NetworkResource = network.Inspect
+// Deprecated: use [container.State].
+type ContainerState = container.State
-// NetworksPruneReport contains the response for Engine API:
-// POST "/networks/prune"
+// NetworkSettings exposes the network settings in the api.
//
-// Deprecated: use [network.PruneReport].
-type NetworksPruneReport = network.PruneReport
+// Deprecated: use [container.NetworkSettings].
+type NetworkSettings = container.NetworkSettings
-// ExecConfig is a small subset of the Config struct that holds the configuration
-// for the exec feature of docker.
+// NetworkSettingsBase holds networking state for a container when inspecting it.
//
-// Deprecated: use [container.ExecOptions].
-type ExecConfig = container.ExecOptions
+// Deprecated: use [container.NetworkSettingsBase].
+type NetworkSettingsBase = container.NetworkSettingsBase
-// ExecStartCheck is a temp struct used by execStart
-// Config fields is part of ExecConfig in runconfig package
+// DefaultNetworkSettings holds network information
+// during the 2 release deprecation period.
+// It will be removed in Docker 1.11.
//
-// Deprecated: use [container.ExecStartOptions] or [container.ExecAttachOptions].
-type ExecStartCheck = container.ExecStartOptions
+// Deprecated: use [container.DefaultNetworkSettings].
+type DefaultNetworkSettings = container.DefaultNetworkSettings
-// ContainerExecInspect holds information returned by exec inspect.
+// SummaryNetworkSettings provides a summary of container's networks
+// in /containers/json.
//
-// Deprecated: use [container.ExecInspect].
-type ContainerExecInspect = container.ExecInspect
+// Deprecated: use [container.NetworkSettingsSummary].
+type SummaryNetworkSettings = container.NetworkSettingsSummary
-// ContainersPruneReport contains the response for Engine API:
-// POST "/containers/prune"
-//
-// Deprecated: use [container.PruneReport].
-type ContainersPruneReport = container.PruneReport
-
-// ContainerPathStat is used to encode the header from
-// GET "/containers/{name:.*}/archive"
-// "Name" is the file or directory name.
-//
-// Deprecated: use [container.PathStat].
-type ContainerPathStat = container.PathStat
-
-// CopyToContainerOptions holds information
-// about files to copy into a container.
-//
-// Deprecated: use [container.CopyToContainerOptions],
-type CopyToContainerOptions = container.CopyToContainerOptions
-
-// ContainerStats contains response of Engine API:
-// GET "/stats"
-//
-// Deprecated: use [container.StatsResponseReader].
-type ContainerStats = container.StatsResponseReader
-
-// ThrottlingData stores CPU throttling stats of one running container.
-// Not used on Windows.
-//
-// Deprecated: use [container.ThrottlingData].
-type ThrottlingData = container.ThrottlingData
-
-// CPUUsage stores All CPU stats aggregated since container inception.
-//
-// Deprecated: use [container.CPUUsage].
-type CPUUsage = container.CPUUsage
-
-// CPUStats aggregates and wraps all CPU related info of container
-//
-// Deprecated: use [container.CPUStats].
-type CPUStats = container.CPUStats
-
-// MemoryStats aggregates all memory stats since container inception on Linux.
-// Windows returns stats for commit and private working set only.
-//
-// Deprecated: use [container.MemoryStats].
-type MemoryStats = container.MemoryStats
-
-// BlkioStatEntry is one small entity to store a piece of Blkio stats
-// Not used on Windows.
-//
-// Deprecated: use [container.BlkioStatEntry].
-type BlkioStatEntry = container.BlkioStatEntry
-
-// BlkioStats stores All IO service stats for data read and write.
-// This is a Linux specific structure as the differences between expressing
-// block I/O on Windows and Linux are sufficiently significant to make
-// little sense attempting to morph into a combined structure.
-//
-// Deprecated: use [container.BlkioStats].
-type BlkioStats = container.BlkioStats
-
-// StorageStats is the disk I/O stats for read/write on Windows.
-//
-// Deprecated: use [container.StorageStats].
-type StorageStats = container.StorageStats
-
-// NetworkStats aggregates the network stats of one container
-//
-// Deprecated: use [container.NetworkStats].
-type NetworkStats = container.NetworkStats
+// Health states
+const (
+ NoHealthcheck = container.NoHealthcheck // Deprecated: use [container.NoHealthcheck].
+ Starting = container.Starting // Deprecated: use [container.Starting].
+ Healthy = container.Healthy // Deprecated: use [container.Healthy].
+ Unhealthy = container.Unhealthy // Deprecated: use [container.Unhealthy].
+)
-// PidsStats contains the stats of a container's pids
+// Health stores information about the container's healthcheck results.
//
-// Deprecated: use [container.PidsStats].
-type PidsStats = container.PidsStats
+// Deprecated: use [container.Health].
+type Health = container.Health
-// Stats is Ultimate struct aggregating all types of stats of one container
+// HealthcheckResult stores information about a single run of a healthcheck probe.
//
-// Deprecated: use [container.Stats].
-type Stats = container.Stats
+// Deprecated: use [container.HealthcheckResult].
+type HealthcheckResult = container.HealthcheckResult
-// StatsJSON is newly used Networks
+// MountPoint represents a mount point configuration inside the container.
+// This is used for reporting the mountpoints in use by a container.
//
-// Deprecated: use [container.StatsResponse].
-type StatsJSON = container.StatsResponse
+// Deprecated: use [container.MountPoint].
+type MountPoint = container.MountPoint
-// EventsOptions holds parameters to filter events with.
+// Port An open port on a container
//
-// Deprecated: use [events.ListOptions].
-type EventsOptions = events.ListOptions
+// Deprecated: use [container.Port].
+type Port = container.Port
-// ImageSearchOptions holds parameters to search images with.
+// GraphDriverData Information about the storage driver used to store the container's and
+// image's filesystem.
//
-// Deprecated: use [registry.SearchOptions].
-type ImageSearchOptions = registry.SearchOptions
+// Deprecated: use [storage.DriverData].
+type GraphDriverData = storage.DriverData
-// ImageImportSource holds source information for ImageImport
+// RootFS returns Image's RootFS description including the layer IDs.
//
-// Deprecated: use [image.ImportSource].
-type ImageImportSource image.ImportSource
+// Deprecated: use [image.RootFS].
+type RootFS = image.RootFS
-// ImageLoadResponse returns information to the client about a load process.
+// ImageInspect contains response of Engine API:
+// GET "/images/{name:.*}/json"
//
-// Deprecated: use [image.LoadResponse].
-type ImageLoadResponse = image.LoadResponse
+// Deprecated: use [image.InspectResponse].
+type ImageInspect = image.InspectResponse
-// ContainerNode stores information about the node that a container
-// is running on. It's only used by the Docker Swarm standalone API.
+// RequestPrivilegeFunc is a function interface that clients can supply to
+// retry operations after getting an authorization error.
+// This function returns the registry authentication header value in base64
+// format, or an error if the privilege request fails.
//
-// Deprecated: ContainerNode was used for the classic Docker Swarm standalone API. It will be removed in the next release.
-type ContainerNode struct {
- ID string
- IPAddress string `json:"IP"`
- Addr string
- Name string
- Cpus int
- Memory int64
- Labels map[string]string
-}
+// Deprecated: moved to [github.com/docker/docker/api/types/registry.RequestAuthConfig].
+type RequestPrivilegeFunc func(context.Context) (string, error)
diff --git a/vendor/github.com/docker/docker/client/build_prune.go b/vendor/github.com/docker/docker/client/build_prune.go
index 1a830f4135f9..f732852964c9 100644
--- a/vendor/github.com/docker/docker/client/build_prune.go
+++ b/vendor/github.com/docker/docker/client/build_prune.go
@@ -17,8 +17,6 @@ func (cli *Client) BuildCachePrune(ctx context.Context, opts types.BuildCachePru
return nil, err
}
- report := types.BuildCachePruneReport{}
-
query := url.Values{}
if opts.All {
query.Set("all", "1")
@@ -37,6 +35,7 @@ func (cli *Client) BuildCachePrune(ctx context.Context, opts types.BuildCachePru
return nil, err
}
+ report := types.BuildCachePruneReport{}
if err := json.NewDecoder(serverResp.body).Decode(&report); err != nil {
return nil, errors.Wrap(err, "error retrieving disk usage")
}
diff --git a/vendor/github.com/docker/docker/client/container_create.go b/vendor/github.com/docker/docker/client/container_create.go
index 5442d4267d09..94925d7b7f73 100644
--- a/vendor/github.com/docker/docker/client/container_create.go
+++ b/vendor/github.com/docker/docker/client/container_create.go
@@ -5,6 +5,8 @@ import (
"encoding/json"
"net/url"
"path"
+ "sort"
+ "strings"
"github.com/docker/docker/api/types/container"
"github.com/docker/docker/api/types/network"
@@ -12,12 +14,6 @@ import (
ocispec "github.com/opencontainers/image-spec/specs-go/v1"
)
-type configWrapper struct {
- *container.Config
- HostConfig *container.HostConfig
- NetworkingConfig *network.NetworkingConfig
-}
-
// ContainerCreate creates a new container based on the given configuration.
// It can be associated with a name, but it's not mandatory.
func (cli *Client) ContainerCreate(ctx context.Context, config *container.Config, hostConfig *container.HostConfig, networkingConfig *network.NetworkingConfig, platform *ocispec.Platform, containerName string) (container.CreateResponse, error) {
@@ -58,6 +54,9 @@ func (cli *Client) ContainerCreate(ctx context.Context, config *container.Config
// When using API under 1.42, the Linux daemon doesn't respect the ConsoleSize
hostConfig.ConsoleSize = [2]uint{0, 0}
}
+
+ hostConfig.CapAdd = normalizeCapabilities(hostConfig.CapAdd)
+ hostConfig.CapDrop = normalizeCapabilities(hostConfig.CapDrop)
}
// Since API 1.44, the container-wide MacAddress is deprecated and will trigger a WARNING if it's specified.
@@ -74,7 +73,7 @@ func (cli *Client) ContainerCreate(ctx context.Context, config *container.Config
query.Set("name", containerName)
}
- body := configWrapper{
+ body := container.CreateRequest{
Config: config,
HostConfig: hostConfig,
NetworkingConfig: networkingConfig,
@@ -114,3 +113,42 @@ func hasEndpointSpecificMacAddress(networkingConfig *network.NetworkingConfig) b
}
return false
}
+
+// allCapabilities is a magic value for "all capabilities"
+const allCapabilities = "ALL"
+
+// normalizeCapabilities normalizes capabilities to their canonical form,
+// removes duplicates, and sorts the results.
+//
+// It is similar to [github.com/docker/docker/oci/caps.NormalizeLegacyCapabilities],
+// but performs no validation based on supported capabilities.
+func normalizeCapabilities(caps []string) []string {
+ var normalized []string
+
+ unique := make(map[string]struct{})
+ for _, c := range caps {
+ c = normalizeCap(c)
+ if _, ok := unique[c]; ok {
+ continue
+ }
+ unique[c] = struct{}{}
+ normalized = append(normalized, c)
+ }
+
+ sort.Strings(normalized)
+ return normalized
+}
+
+// normalizeCap normalizes a capability to its canonical format by upper-casing
+// and adding a "CAP_" prefix (if not yet present). It also accepts the "ALL"
+// magic-value.
+func normalizeCap(cap string) string {
+ cap = strings.ToUpper(cap)
+ if cap == allCapabilities {
+ return cap
+ }
+ if !strings.HasPrefix(cap, "CAP_") {
+ cap = "CAP_" + cap
+ }
+ return cap
+}
diff --git a/vendor/github.com/docker/docker/client/container_inspect.go b/vendor/github.com/docker/docker/client/container_inspect.go
index d48f0d3a6856..fa342e16b581 100644
--- a/vendor/github.com/docker/docker/client/container_inspect.go
+++ b/vendor/github.com/docker/docker/client/container_inspect.go
@@ -7,29 +7,29 @@ import (
"io"
"net/url"
- "github.com/docker/docker/api/types"
+ "github.com/docker/docker/api/types/container"
)
// ContainerInspect returns the container information.
-func (cli *Client) ContainerInspect(ctx context.Context, containerID string) (types.ContainerJSON, error) {
+func (cli *Client) ContainerInspect(ctx context.Context, containerID string) (container.InspectResponse, error) {
if containerID == "" {
- return types.ContainerJSON{}, objectNotFoundError{object: "container", id: containerID}
+ return container.InspectResponse{}, objectNotFoundError{object: "container", id: containerID}
}
serverResp, err := cli.get(ctx, "/containers/"+containerID+"/json", nil, nil)
defer ensureReaderClosed(serverResp)
if err != nil {
- return types.ContainerJSON{}, err
+ return container.InspectResponse{}, err
}
- var response types.ContainerJSON
+ var response container.InspectResponse
err = json.NewDecoder(serverResp.body).Decode(&response)
return response, err
}
// ContainerInspectWithRaw returns the container information and its raw representation.
-func (cli *Client) ContainerInspectWithRaw(ctx context.Context, containerID string, getSize bool) (types.ContainerJSON, []byte, error) {
+func (cli *Client) ContainerInspectWithRaw(ctx context.Context, containerID string, getSize bool) (container.InspectResponse, []byte, error) {
if containerID == "" {
- return types.ContainerJSON{}, nil, objectNotFoundError{object: "container", id: containerID}
+ return container.InspectResponse{}, nil, objectNotFoundError{object: "container", id: containerID}
}
query := url.Values{}
if getSize {
@@ -38,15 +38,15 @@ func (cli *Client) ContainerInspectWithRaw(ctx context.Context, containerID stri
serverResp, err := cli.get(ctx, "/containers/"+containerID+"/json", query, nil)
defer ensureReaderClosed(serverResp)
if err != nil {
- return types.ContainerJSON{}, nil, err
+ return container.InspectResponse{}, nil, err
}
body, err := io.ReadAll(serverResp.body)
if err != nil {
- return types.ContainerJSON{}, nil, err
+ return container.InspectResponse{}, nil, err
}
- var response types.ContainerJSON
+ var response container.InspectResponse
rdr := bytes.NewReader(body)
err = json.NewDecoder(rdr).Decode(&response)
return response, body, err
diff --git a/vendor/github.com/docker/docker/client/container_list.go b/vendor/github.com/docker/docker/client/container_list.go
index 782e1b3c62e3..46c6950cd3a7 100644
--- a/vendor/github.com/docker/docker/client/container_list.go
+++ b/vendor/github.com/docker/docker/client/container_list.go
@@ -6,13 +6,12 @@ import (
"net/url"
"strconv"
- "github.com/docker/docker/api/types"
"github.com/docker/docker/api/types/container"
"github.com/docker/docker/api/types/filters"
)
// ContainerList returns the list of containers in the docker host.
-func (cli *Client) ContainerList(ctx context.Context, options container.ListOptions) ([]types.Container, error) {
+func (cli *Client) ContainerList(ctx context.Context, options container.ListOptions) ([]container.Summary, error) {
query := url.Values{}
if options.All {
@@ -51,7 +50,7 @@ func (cli *Client) ContainerList(ctx context.Context, options container.ListOpti
return nil, err
}
- var containers []types.Container
+ var containers []container.Summary
err = json.NewDecoder(resp.body).Decode(&containers)
return containers, err
}
diff --git a/vendor/github.com/docker/docker/client/container_prune.go b/vendor/github.com/docker/docker/client/container_prune.go
index 29c922da77e5..ce38ad9bf5b0 100644
--- a/vendor/github.com/docker/docker/client/container_prune.go
+++ b/vendor/github.com/docker/docker/client/container_prune.go
@@ -11,25 +11,24 @@ import (
// ContainersPrune requests the daemon to delete unused data
func (cli *Client) ContainersPrune(ctx context.Context, pruneFilters filters.Args) (container.PruneReport, error) {
- var report container.PruneReport
-
if err := cli.NewVersionError(ctx, "1.25", "container prune"); err != nil {
- return report, err
+ return container.PruneReport{}, err
}
query, err := getFiltersQuery(pruneFilters)
if err != nil {
- return report, err
+ return container.PruneReport{}, err
}
serverResp, err := cli.post(ctx, "/containers/prune", query, nil, nil)
defer ensureReaderClosed(serverResp)
if err != nil {
- return report, err
+ return container.PruneReport{}, err
}
+ var report container.PruneReport
if err := json.NewDecoder(serverResp.body).Decode(&report); err != nil {
- return report, fmt.Errorf("Error retrieving disk usage: %v", err)
+ return container.PruneReport{}, fmt.Errorf("Error retrieving disk usage: %v", err)
}
return report, nil
diff --git a/vendor/github.com/docker/docker/client/container_resize.go b/vendor/github.com/docker/docker/client/container_resize.go
index 5cfd01d4798e..6f1a8f5605cb 100644
--- a/vendor/github.com/docker/docker/client/container_resize.go
+++ b/vendor/github.com/docker/docker/client/container_resize.go
@@ -19,9 +19,10 @@ func (cli *Client) ContainerExecResize(ctx context.Context, execID string, optio
}
func (cli *Client) resize(ctx context.Context, basePath string, height, width uint) error {
+ // FIXME(thaJeztah): the API / backend accepts uint32, but container.ResizeOptions uses uint.
query := url.Values{}
- query.Set("h", strconv.Itoa(int(height)))
- query.Set("w", strconv.Itoa(int(width)))
+ query.Set("h", strconv.FormatUint(uint64(height), 10))
+ query.Set("w", strconv.FormatUint(uint64(width), 10))
resp, err := cli.post(ctx, basePath+"/resize", query, nil, nil)
ensureReaderClosed(resp)
diff --git a/vendor/github.com/docker/docker/client/image_build.go b/vendor/github.com/docker/docker/client/image_build.go
index d294ddc8b2cf..62037c7f9460 100644
--- a/vendor/github.com/docker/docker/client/image_build.go
+++ b/vendor/github.com/docker/docker/client/image_build.go
@@ -12,6 +12,7 @@ import (
"github.com/docker/docker/api/types"
"github.com/docker/docker/api/types/container"
+ "github.com/docker/docker/api/types/network"
)
// ImageBuild sends a request to the daemon to build images.
@@ -44,10 +45,15 @@ func (cli *Client) ImageBuild(ctx context.Context, buildContext io.Reader, optio
}
func (cli *Client) imageBuildOptionsToQuery(ctx context.Context, options types.ImageBuildOptions) (url.Values, error) {
- query := url.Values{
- "t": options.Tags,
- "securityopt": options.SecurityOpt,
- "extrahosts": options.ExtraHosts,
+ query := url.Values{}
+ if len(options.Tags) > 0 {
+ query["t"] = options.Tags
+ }
+ if len(options.SecurityOpt) > 0 {
+ query["securityopt"] = options.SecurityOpt
+ }
+ if len(options.ExtraHosts) > 0 {
+ query["extrahosts"] = options.ExtraHosts
}
if options.SuppressOutput {
query.Set("q", "1")
@@ -58,9 +64,11 @@ func (cli *Client) imageBuildOptionsToQuery(ctx context.Context, options types.I
if options.NoCache {
query.Set("nocache", "1")
}
- if options.Remove {
- query.Set("rm", "1")
- } else {
+ if !options.Remove {
+ // only send value when opting out because the daemon's default is
+ // to remove intermediate containers after a successful build,
+ //
+ // TODO(thaJeztah): deprecate "Remove" option, and provide a "NoRemove" or "Keep" option instead.
query.Set("rm", "0")
}
@@ -83,42 +91,70 @@ func (cli *Client) imageBuildOptionsToQuery(ctx context.Context, options types.I
query.Set("isolation", string(options.Isolation))
}
- query.Set("cpusetcpus", options.CPUSetCPUs)
- query.Set("networkmode", options.NetworkMode)
- query.Set("cpusetmems", options.CPUSetMems)
- query.Set("cpushares", strconv.FormatInt(options.CPUShares, 10))
- query.Set("cpuquota", strconv.FormatInt(options.CPUQuota, 10))
- query.Set("cpuperiod", strconv.FormatInt(options.CPUPeriod, 10))
- query.Set("memory", strconv.FormatInt(options.Memory, 10))
- query.Set("memswap", strconv.FormatInt(options.MemorySwap, 10))
- query.Set("cgroupparent", options.CgroupParent)
- query.Set("shmsize", strconv.FormatInt(options.ShmSize, 10))
- query.Set("dockerfile", options.Dockerfile)
- query.Set("target", options.Target)
-
- ulimitsJSON, err := json.Marshal(options.Ulimits)
- if err != nil {
- return query, err
+ if options.CPUSetCPUs != "" {
+ query.Set("cpusetcpus", options.CPUSetCPUs)
}
- query.Set("ulimits", string(ulimitsJSON))
-
- buildArgsJSON, err := json.Marshal(options.BuildArgs)
- if err != nil {
- return query, err
+ if options.NetworkMode != "" && options.NetworkMode != network.NetworkDefault {
+ query.Set("networkmode", options.NetworkMode)
}
- query.Set("buildargs", string(buildArgsJSON))
-
- labelsJSON, err := json.Marshal(options.Labels)
- if err != nil {
- return query, err
+ if options.CPUSetMems != "" {
+ query.Set("cpusetmems", options.CPUSetMems)
}
- query.Set("labels", string(labelsJSON))
-
- cacheFromJSON, err := json.Marshal(options.CacheFrom)
- if err != nil {
- return query, err
+ if options.CPUShares != 0 {
+ query.Set("cpushares", strconv.FormatInt(options.CPUShares, 10))
+ }
+ if options.CPUQuota != 0 {
+ query.Set("cpuquota", strconv.FormatInt(options.CPUQuota, 10))
+ }
+ if options.CPUPeriod != 0 {
+ query.Set("cpuperiod", strconv.FormatInt(options.CPUPeriod, 10))
+ }
+ if options.Memory != 0 {
+ query.Set("memory", strconv.FormatInt(options.Memory, 10))
+ }
+ if options.MemorySwap != 0 {
+ query.Set("memswap", strconv.FormatInt(options.MemorySwap, 10))
+ }
+ if options.CgroupParent != "" {
+ query.Set("cgroupparent", options.CgroupParent)
+ }
+ if options.ShmSize != 0 {
+ query.Set("shmsize", strconv.FormatInt(options.ShmSize, 10))
+ }
+ if options.Dockerfile != "" {
+ query.Set("dockerfile", options.Dockerfile)
+ }
+ if options.Target != "" {
+ query.Set("target", options.Target)
+ }
+ if len(options.Ulimits) != 0 {
+ ulimitsJSON, err := json.Marshal(options.Ulimits)
+ if err != nil {
+ return query, err
+ }
+ query.Set("ulimits", string(ulimitsJSON))
+ }
+ if len(options.BuildArgs) != 0 {
+ buildArgsJSON, err := json.Marshal(options.BuildArgs)
+ if err != nil {
+ return query, err
+ }
+ query.Set("buildargs", string(buildArgsJSON))
+ }
+ if len(options.Labels) != 0 {
+ labelsJSON, err := json.Marshal(options.Labels)
+ if err != nil {
+ return query, err
+ }
+ query.Set("labels", string(labelsJSON))
+ }
+ if len(options.CacheFrom) != 0 {
+ cacheFromJSON, err := json.Marshal(options.CacheFrom)
+ if err != nil {
+ return query, err
+ }
+ query.Set("cachefrom", string(cacheFromJSON))
}
- query.Set("cachefrom", string(cacheFromJSON))
if options.SessionID != "" {
query.Set("session", options.SessionID)
}
@@ -131,7 +167,9 @@ func (cli *Client) imageBuildOptionsToQuery(ctx context.Context, options types.I
if options.BuildID != "" {
query.Set("buildid", options.BuildID)
}
- query.Set("version", string(options.Version))
+ if options.Version != "" {
+ query.Set("version", string(options.Version))
+ }
if options.Outputs != nil {
outputsJSON, err := json.Marshal(options.Outputs)
diff --git a/vendor/github.com/docker/docker/client/image_history.go b/vendor/github.com/docker/docker/client/image_history.go
index b5bea10d8f63..747a569bab6f 100644
--- a/vendor/github.com/docker/docker/client/image_history.go
+++ b/vendor/github.com/docker/docker/client/image_history.go
@@ -9,14 +9,27 @@ import (
)
// ImageHistory returns the changes in an image in history format.
-func (cli *Client) ImageHistory(ctx context.Context, imageID string) ([]image.HistoryResponseItem, error) {
- var history []image.HistoryResponseItem
- serverResp, err := cli.get(ctx, "/images/"+imageID+"/history", url.Values{}, nil)
+func (cli *Client) ImageHistory(ctx context.Context, imageID string, opts image.HistoryOptions) ([]image.HistoryResponseItem, error) {
+ query := url.Values{}
+ if opts.Platform != nil {
+ if err := cli.NewVersionError(ctx, "1.48", "platform"); err != nil {
+ return nil, err
+ }
+
+ p, err := encodePlatform(opts.Platform)
+ if err != nil {
+ return nil, err
+ }
+ query.Set("platform", p)
+ }
+
+ serverResp, err := cli.get(ctx, "/images/"+imageID+"/history", query, nil)
defer ensureReaderClosed(serverResp)
if err != nil {
- return history, err
+ return nil, err
}
+ var history []image.HistoryResponseItem
err = json.NewDecoder(serverResp.body).Decode(&history)
return history, err
}
diff --git a/vendor/github.com/docker/docker/client/image_import.go b/vendor/github.com/docker/docker/client/image_import.go
index 43d55eda8eca..dea3626872bd 100644
--- a/vendor/github.com/docker/docker/client/image_import.go
+++ b/vendor/github.com/docker/docker/client/image_import.go
@@ -21,10 +21,18 @@ func (cli *Client) ImageImport(ctx context.Context, source image.ImportSource, r
}
query := url.Values{}
- query.Set("fromSrc", source.SourceName)
- query.Set("repo", ref)
- query.Set("tag", options.Tag)
- query.Set("message", options.Message)
+ if source.SourceName != "" {
+ query.Set("fromSrc", source.SourceName)
+ }
+ if ref != "" {
+ query.Set("repo", ref)
+ }
+ if options.Tag != "" {
+ query.Set("tag", options.Tag)
+ }
+ if options.Message != "" {
+ query.Set("message", options.Message)
+ }
if options.Platform != "" {
query.Set("platform", strings.ToLower(options.Platform))
}
diff --git a/vendor/github.com/docker/docker/client/image_inspect.go b/vendor/github.com/docker/docker/client/image_inspect.go
index 1de10e5a0802..69949f3e8b76 100644
--- a/vendor/github.com/docker/docker/client/image_inspect.go
+++ b/vendor/github.com/docker/docker/client/image_inspect.go
@@ -6,26 +6,26 @@ import (
"encoding/json"
"io"
- "github.com/docker/docker/api/types"
+ "github.com/docker/docker/api/types/image"
)
// ImageInspectWithRaw returns the image information and its raw representation.
-func (cli *Client) ImageInspectWithRaw(ctx context.Context, imageID string) (types.ImageInspect, []byte, error) {
+func (cli *Client) ImageInspectWithRaw(ctx context.Context, imageID string) (image.InspectResponse, []byte, error) {
if imageID == "" {
- return types.ImageInspect{}, nil, objectNotFoundError{object: "image", id: imageID}
+ return image.InspectResponse{}, nil, objectNotFoundError{object: "image", id: imageID}
}
serverResp, err := cli.get(ctx, "/images/"+imageID+"/json", nil, nil)
defer ensureReaderClosed(serverResp)
if err != nil {
- return types.ImageInspect{}, nil, err
+ return image.InspectResponse{}, nil, err
}
body, err := io.ReadAll(serverResp.body)
if err != nil {
- return types.ImageInspect{}, nil, err
+ return image.InspectResponse{}, nil, err
}
- var response types.ImageInspect
+ var response image.InspectResponse
rdr := bytes.NewReader(body)
err = json.NewDecoder(rdr).Decode(&response)
return response, body, err
diff --git a/vendor/github.com/docker/docker/client/image_load.go b/vendor/github.com/docker/docker/client/image_load.go
index c68f0013e632..50cce4fd01ba 100644
--- a/vendor/github.com/docker/docker/client/image_load.go
+++ b/vendor/github.com/docker/docker/client/image_load.go
@@ -12,13 +12,29 @@ import (
// ImageLoad loads an image in the docker host from the client host.
// It's up to the caller to close the io.ReadCloser in the
// ImageLoadResponse returned by this function.
-func (cli *Client) ImageLoad(ctx context.Context, input io.Reader, quiet bool) (image.LoadResponse, error) {
- v := url.Values{}
- v.Set("quiet", "0")
- if quiet {
- v.Set("quiet", "1")
+//
+// Platform is an optional parameter that specifies the platform to load from
+// the provided multi-platform image. This is only has effect if the input image
+// is a multi-platform image.
+func (cli *Client) ImageLoad(ctx context.Context, input io.Reader, opts image.LoadOptions) (image.LoadResponse, error) {
+ query := url.Values{}
+ query.Set("quiet", "0")
+ if opts.Quiet {
+ query.Set("quiet", "1")
}
- resp, err := cli.postRaw(ctx, "/images/load", v, input, http.Header{
+ if len(opts.Platforms) > 0 {
+ if err := cli.NewVersionError(ctx, "1.48", "platform"); err != nil {
+ return image.LoadResponse{}, err
+ }
+
+ p, err := encodePlatforms(opts.Platforms...)
+ if err != nil {
+ return image.LoadResponse{}, err
+ }
+ query["platform"] = p
+ }
+
+ resp, err := cli.postRaw(ctx, "/images/load", query, input, http.Header{
"Content-Type": {"application/x-tar"},
})
if err != nil {
diff --git a/vendor/github.com/docker/docker/client/image_prune.go b/vendor/github.com/docker/docker/client/image_prune.go
index 5ee987e248ae..c731f19396df 100644
--- a/vendor/github.com/docker/docker/client/image_prune.go
+++ b/vendor/github.com/docker/docker/client/image_prune.go
@@ -11,25 +11,24 @@ import (
// ImagesPrune requests the daemon to delete unused data
func (cli *Client) ImagesPrune(ctx context.Context, pruneFilters filters.Args) (image.PruneReport, error) {
- var report image.PruneReport
-
if err := cli.NewVersionError(ctx, "1.25", "image prune"); err != nil {
- return report, err
+ return image.PruneReport{}, err
}
query, err := getFiltersQuery(pruneFilters)
if err != nil {
- return report, err
+ return image.PruneReport{}, err
}
serverResp, err := cli.post(ctx, "/images/prune", query, nil, nil)
defer ensureReaderClosed(serverResp)
if err != nil {
- return report, err
+ return image.PruneReport{}, err
}
+ var report image.PruneReport
if err := json.NewDecoder(serverResp.body).Decode(&report); err != nil {
- return report, fmt.Errorf("Error retrieving disk usage: %v", err)
+ return image.PruneReport{}, fmt.Errorf("Error retrieving disk usage: %v", err)
}
return report, nil
diff --git a/vendor/github.com/docker/docker/client/image_save.go b/vendor/github.com/docker/docker/client/image_save.go
index d1314e4b22fe..1b378c32b7d3 100644
--- a/vendor/github.com/docker/docker/client/image_save.go
+++ b/vendor/github.com/docker/docker/client/image_save.go
@@ -4,15 +4,28 @@ import (
"context"
"io"
"net/url"
+
+ "github.com/docker/docker/api/types/image"
)
// ImageSave retrieves one or more images from the docker host as an io.ReadCloser.
// It's up to the caller to store the images and close the stream.
-func (cli *Client) ImageSave(ctx context.Context, imageIDs []string) (io.ReadCloser, error) {
+func (cli *Client) ImageSave(ctx context.Context, imageIDs []string, opts image.SaveOptions) (io.ReadCloser, error) {
query := url.Values{
"names": imageIDs,
}
+ if len(opts.Platforms) > 0 {
+ if err := cli.NewVersionError(ctx, "1.48", "platform"); err != nil {
+ return nil, err
+ }
+ p, err := encodePlatforms(opts.Platforms...)
+ if err != nil {
+ return nil, err
+ }
+ query["platform"] = p
+ }
+
resp, err := cli.get(ctx, "/images/get", query, nil)
if err != nil {
return nil, err
diff --git a/vendor/github.com/docker/docker/client/interface.go b/vendor/github.com/docker/docker/client/interface.go
index cc60a5d13b48..470923a243d3 100644
--- a/vendor/github.com/docker/docker/client/interface.go
+++ b/vendor/github.com/docker/docker/client/interface.go
@@ -56,10 +56,10 @@ type ContainerAPIClient interface {
ContainerExecResize(ctx context.Context, execID string, options container.ResizeOptions) error
ContainerExecStart(ctx context.Context, execID string, options container.ExecStartOptions) error
ContainerExport(ctx context.Context, container string) (io.ReadCloser, error)
- ContainerInspect(ctx context.Context, container string) (types.ContainerJSON, error)
- ContainerInspectWithRaw(ctx context.Context, container string, getSize bool) (types.ContainerJSON, []byte, error)
+ ContainerInspect(ctx context.Context, container string) (container.InspectResponse, error)
+ ContainerInspectWithRaw(ctx context.Context, container string, getSize bool) (container.InspectResponse, []byte, error)
ContainerKill(ctx context.Context, container, signal string) error
- ContainerList(ctx context.Context, options container.ListOptions) ([]types.Container, error)
+ ContainerList(ctx context.Context, options container.ListOptions) ([]container.Summary, error)
ContainerLogs(ctx context.Context, container string, options container.LogsOptions) (io.ReadCloser, error)
ContainerPause(ctx context.Context, container string) error
ContainerRemove(ctx context.Context, container string, options container.RemoveOptions) error
@@ -91,16 +91,16 @@ type ImageAPIClient interface {
BuildCachePrune(ctx context.Context, opts types.BuildCachePruneOptions) (*types.BuildCachePruneReport, error)
BuildCancel(ctx context.Context, id string) error
ImageCreate(ctx context.Context, parentReference string, options image.CreateOptions) (io.ReadCloser, error)
- ImageHistory(ctx context.Context, image string) ([]image.HistoryResponseItem, error)
+ ImageHistory(ctx context.Context, image string, opts image.HistoryOptions) ([]image.HistoryResponseItem, error)
ImageImport(ctx context.Context, source image.ImportSource, ref string, options image.ImportOptions) (io.ReadCloser, error)
- ImageInspectWithRaw(ctx context.Context, image string) (types.ImageInspect, []byte, error)
+ ImageInspectWithRaw(ctx context.Context, image string) (image.InspectResponse, []byte, error)
ImageList(ctx context.Context, options image.ListOptions) ([]image.Summary, error)
- ImageLoad(ctx context.Context, input io.Reader, quiet bool) (image.LoadResponse, error)
+ ImageLoad(ctx context.Context, input io.Reader, opts image.LoadOptions) (image.LoadResponse, error)
ImagePull(ctx context.Context, ref string, options image.PullOptions) (io.ReadCloser, error)
ImagePush(ctx context.Context, ref string, options image.PushOptions) (io.ReadCloser, error)
ImageRemove(ctx context.Context, image string, options image.RemoveOptions) ([]image.DeleteResponse, error)
+ ImageSave(ctx context.Context, images []string, opts image.SaveOptions) (io.ReadCloser, error)
ImageSearch(ctx context.Context, term string, options registry.SearchOptions) ([]registry.SearchResult, error)
- ImageSave(ctx context.Context, images []string) (io.ReadCloser, error)
ImageTag(ctx context.Context, image, ref string) error
ImagesPrune(ctx context.Context, pruneFilter filters.Args) (image.PruneReport, error)
}
diff --git a/vendor/github.com/docker/docker/client/network_prune.go b/vendor/github.com/docker/docker/client/network_prune.go
index 708cc61a4b27..4f089438ce63 100644
--- a/vendor/github.com/docker/docker/client/network_prune.go
+++ b/vendor/github.com/docker/docker/client/network_prune.go
@@ -11,25 +11,24 @@ import (
// NetworksPrune requests the daemon to delete unused networks
func (cli *Client) NetworksPrune(ctx context.Context, pruneFilters filters.Args) (network.PruneReport, error) {
- var report network.PruneReport
-
if err := cli.NewVersionError(ctx, "1.25", "network prune"); err != nil {
- return report, err
+ return network.PruneReport{}, err
}
query, err := getFiltersQuery(pruneFilters)
if err != nil {
- return report, err
+ return network.PruneReport{}, err
}
serverResp, err := cli.post(ctx, "/networks/prune", query, nil, nil)
defer ensureReaderClosed(serverResp)
if err != nil {
- return report, err
+ return network.PruneReport{}, err
}
+ var report network.PruneReport
if err := json.NewDecoder(serverResp.body).Decode(&report); err != nil {
- return report, fmt.Errorf("Error retrieving network prune report: %v", err)
+ return network.PruneReport{}, fmt.Errorf("Error retrieving network prune report: %v", err)
}
return report, nil
diff --git a/vendor/github.com/docker/docker/client/utils.go b/vendor/github.com/docker/docker/client/utils.go
index 7f3ff44eb80b..8cbd671792db 100644
--- a/vendor/github.com/docker/docker/client/utils.go
+++ b/vendor/github.com/docker/docker/client/utils.go
@@ -1,13 +1,17 @@
package client // import "github.com/docker/docker/client"
import (
+ "encoding/json"
+ "fmt"
"net/url"
- "regexp"
"github.com/docker/docker/api/types/filters"
+ "github.com/docker/docker/errdefs"
+ "github.com/docker/docker/internal/lazyregexp"
+ ocispec "github.com/opencontainers/image-spec/specs-go/v1"
)
-var headerRegexp = regexp.MustCompile(`\ADocker/.+\s\((.+)\)\z`)
+var headerRegexp = lazyregexp.New(`\ADocker/.+\s\((.+)\)\z`)
// getDockerOS returns the operating system based on the server header from the daemon.
func getDockerOS(serverHeader string) string {
@@ -32,3 +36,43 @@ func getFiltersQuery(f filters.Args) (url.Values, error) {
}
return query, nil
}
+
+// encodePlatforms marshals the given platform(s) to JSON format, to
+// be used for query-parameters for filtering / selecting platforms.
+func encodePlatforms(platform ...ocispec.Platform) ([]string, error) {
+ if len(platform) == 0 {
+ return []string{}, nil
+ }
+ if len(platform) == 1 {
+ p, err := encodePlatform(&platform[0])
+ if err != nil {
+ return nil, err
+ }
+ return []string{p}, nil
+ }
+
+ seen := make(map[string]struct{}, len(platform))
+ out := make([]string, 0, len(platform))
+ for i := range platform {
+ p, err := encodePlatform(&platform[i])
+ if err != nil {
+ return nil, err
+ }
+ if _, ok := seen[p]; !ok {
+ out = append(out, p)
+ seen[p] = struct{}{}
+ }
+ }
+ return out, nil
+}
+
+// encodePlatform marshals the given platform to JSON format, to
+// be used for query-parameters for filtering / selecting platforms. It
+// is used as a helper for encodePlatforms,
+func encodePlatform(platform *ocispec.Platform) (string, error) {
+ p, err := json.Marshal(platform)
+ if err != nil {
+ return "", errdefs.InvalidParameter(fmt.Errorf("invalid platform: %v", err))
+ }
+ return string(p), nil
+}
diff --git a/vendor/github.com/docker/docker/client/volume_prune.go b/vendor/github.com/docker/docker/client/volume_prune.go
index 9b09c30fa6f6..df70389eb277 100644
--- a/vendor/github.com/docker/docker/client/volume_prune.go
+++ b/vendor/github.com/docker/docker/client/volume_prune.go
@@ -11,25 +11,24 @@ import (
// VolumesPrune requests the daemon to delete unused data
func (cli *Client) VolumesPrune(ctx context.Context, pruneFilters filters.Args) (volume.PruneReport, error) {
- var report volume.PruneReport
-
if err := cli.NewVersionError(ctx, "1.25", "volume prune"); err != nil {
- return report, err
+ return volume.PruneReport{}, err
}
query, err := getFiltersQuery(pruneFilters)
if err != nil {
- return report, err
+ return volume.PruneReport{}, err
}
serverResp, err := cli.post(ctx, "/volumes/prune", query, nil, nil)
defer ensureReaderClosed(serverResp)
if err != nil {
- return report, err
+ return volume.PruneReport{}, err
}
+ var report volume.PruneReport
if err := json.NewDecoder(serverResp.body).Decode(&report); err != nil {
- return report, fmt.Errorf("Error retrieving volume prune report: %v", err)
+ return volume.PruneReport{}, fmt.Errorf("Error retrieving volume prune report: %v", err)
}
return report, nil
diff --git a/vendor/github.com/docker/docker/errdefs/http_helpers.go b/vendor/github.com/docker/docker/errdefs/http_helpers.go
index ebcd78930271..0a8fadd48f1f 100644
--- a/vendor/github.com/docker/docker/errdefs/http_helpers.go
+++ b/vendor/github.com/docker/docker/errdefs/http_helpers.go
@@ -11,36 +11,37 @@ func FromStatusCode(err error, statusCode int) error {
}
switch statusCode {
case http.StatusNotFound:
- err = NotFound(err)
+ return NotFound(err)
case http.StatusBadRequest:
- err = InvalidParameter(err)
+ return InvalidParameter(err)
case http.StatusConflict:
- err = Conflict(err)
+ return Conflict(err)
case http.StatusUnauthorized:
- err = Unauthorized(err)
+ return Unauthorized(err)
case http.StatusServiceUnavailable:
- err = Unavailable(err)
+ return Unavailable(err)
case http.StatusForbidden:
- err = Forbidden(err)
+ return Forbidden(err)
case http.StatusNotModified:
- err = NotModified(err)
+ return NotModified(err)
case http.StatusNotImplemented:
- err = NotImplemented(err)
+ return NotImplemented(err)
case http.StatusInternalServerError:
- if !IsSystem(err) && !IsUnknown(err) && !IsDataLoss(err) && !IsDeadline(err) && !IsCancelled(err) {
- err = System(err)
+ if IsCancelled(err) || IsSystem(err) || IsUnknown(err) || IsDataLoss(err) || IsDeadline(err) {
+ return err
}
+ return System(err)
default:
switch {
case statusCode >= 200 && statusCode < 400:
// it's a client error
+ return err
case statusCode >= 400 && statusCode < 500:
- err = InvalidParameter(err)
+ return InvalidParameter(err)
case statusCode >= 500 && statusCode < 600:
- err = System(err)
+ return System(err)
default:
- err = Unknown(err)
+ return Unknown(err)
}
}
- return err
}
diff --git a/vendor/github.com/docker/docker/internal/lazyregexp/lazyregexp.go b/vendor/github.com/docker/docker/internal/lazyregexp/lazyregexp.go
new file mode 100644
index 000000000000..6334edb60dca
--- /dev/null
+++ b/vendor/github.com/docker/docker/internal/lazyregexp/lazyregexp.go
@@ -0,0 +1,90 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Code below was largely copied from golang.org/x/mod@v0.22;
+// https://github.com/golang/mod/blob/v0.22.0/internal/lazyregexp/lazyre.go
+// with some additional methods added.
+
+// Package lazyregexp is a thin wrapper over regexp, allowing the use of global
+// regexp variables without forcing them to be compiled at init.
+package lazyregexp
+
+import (
+ "os"
+ "regexp"
+ "strings"
+ "sync"
+)
+
+// Regexp is a wrapper around [regexp.Regexp], where the underlying regexp will be
+// compiled the first time it is needed.
+type Regexp struct {
+ str string
+ once sync.Once
+ rx *regexp.Regexp
+}
+
+func (r *Regexp) re() *regexp.Regexp {
+ r.once.Do(r.build)
+ return r.rx
+}
+
+func (r *Regexp) build() {
+ r.rx = regexp.MustCompile(r.str)
+ r.str = ""
+}
+
+func (r *Regexp) FindSubmatch(s []byte) [][]byte {
+ return r.re().FindSubmatch(s)
+}
+
+func (r *Regexp) FindAllStringSubmatch(s string, n int) [][]string {
+ return r.re().FindAllStringSubmatch(s, n)
+}
+
+func (r *Regexp) FindStringSubmatch(s string) []string {
+ return r.re().FindStringSubmatch(s)
+}
+
+func (r *Regexp) FindStringSubmatchIndex(s string) []int {
+ return r.re().FindStringSubmatchIndex(s)
+}
+
+func (r *Regexp) ReplaceAllString(src, repl string) string {
+ return r.re().ReplaceAllString(src, repl)
+}
+
+func (r *Regexp) FindString(s string) string {
+ return r.re().FindString(s)
+}
+
+func (r *Regexp) FindAllString(s string, n int) []string {
+ return r.re().FindAllString(s, n)
+}
+
+func (r *Regexp) MatchString(s string) bool {
+ return r.re().MatchString(s)
+}
+
+func (r *Regexp) ReplaceAllStringFunc(src string, repl func(string) string) string {
+ return r.re().ReplaceAllStringFunc(src, repl)
+}
+
+func (r *Regexp) SubexpNames() []string {
+ return r.re().SubexpNames()
+}
+
+var inTest = len(os.Args) > 0 && strings.HasSuffix(strings.TrimSuffix(os.Args[0], ".exe"), ".test")
+
+// New creates a new lazy regexp, delaying the compiling work until it is first
+// needed. If the code is being run as part of tests, the regexp compiling will
+// happen immediately.
+func New(str string) *Regexp {
+ lr := &Regexp{str: str}
+ if inTest {
+ // In tests, always compile the regexps early.
+ lr.re()
+ }
+ return lr
+}
diff --git a/vendor/github.com/docker/docker/libnetwork/internal/resolvconf/resolvconf.go b/vendor/github.com/docker/docker/libnetwork/internal/resolvconf/resolvconf.go
index 45023996307a..176d716e3841 100644
--- a/vendor/github.com/docker/docker/libnetwork/internal/resolvconf/resolvconf.go
+++ b/vendor/github.com/docker/docker/libnetwork/internal/resolvconf/resolvconf.go
@@ -31,8 +31,7 @@ import (
"text/template"
"github.com/containerd/log"
- "github.com/docker/docker/errdefs"
- "github.com/docker/docker/pkg/ioutils"
+ "github.com/docker/docker/pkg/atomicwriter"
"github.com/opencontainers/go-digest"
"github.com/pkg/errors"
)
@@ -120,7 +119,7 @@ func Parse(reader io.Reader, path string) (ResolvConf, error) {
rc.processLine(scanner.Text())
}
if err := scanner.Err(); err != nil {
- return ResolvConf{}, errdefs.System(err)
+ return ResolvConf{}, errSystem{err}
}
if _, ok := rc.Option("ndots"); ok {
rc.md.NDotsFrom = "host"
@@ -239,46 +238,30 @@ func (rc *ResolvConf) TransformForLegacyNw(ipv6 bool) {
// - Add internalNS as a nameserver.
// - Remove other nameservers, stashing them as ExtNameServers for the
// internal resolver to use.
-// - Mark ExtNameServers that must be used in the host namespace.
+// - Mark ExtNameServers that must be accessed from the host namespace.
// - If no ExtNameServer addresses are found, use the defaults.
-// - Return an error if an "ndots" option inherited from the host's config, or
-// supplied in an override is not valid.
// - Ensure there's an 'options' value for each entry in reqdOptions. If the
// option includes a ':', and an option with a matching prefix exists, it
// is not modified.
func (rc *ResolvConf) TransformForIntNS(
- ipv6 bool,
internalNS netip.Addr,
reqdOptions []string,
) ([]ExtDNSEntry, error) {
- // The transformed config must list the internal nameserver.
- newNSs := []netip.Addr{internalNS}
- // Filter out other nameservers, keeping them for use as upstream nameservers by the
- // internal nameserver.
+ // Add each of the nameservers read from the host's /etc/hosts or supplied as an
+ // override to ExtNameServers, for the internal resolver to talk to. Addresses
+ // read from host config should be accessed from the host's network namespace
+ // (HostLoopback=true). Addresses supplied as overrides are accessed from the
+ // container's namespace.
rc.md.ExtNameServers = nil
for _, addr := range rc.nameServers {
- // Extract this NS. Mark addresses that did not come from an override, but will
- // definitely not work in the container's namespace as 'HostLoopback'. Upstream
- // requests for these servers will be made in the host's network namespace. (So,
- // '--dns 127.0.0.53' means use a nameserver listening on the container's
- // loopback interface. But, if the host's resolv.conf contains 'nameserver
- // 127.0.0.53', the host's resolver will be used.)
rc.md.ExtNameServers = append(rc.md.ExtNameServers, ExtDNSEntry{
Addr: addr,
- HostLoopback: !rc.md.NSOverride && (addr.IsLoopback() || (addr.Is6() && !ipv6) || addr.Zone() != ""),
+ HostLoopback: !rc.md.NSOverride,
})
}
- rc.nameServers = newNSs
- // If there are no external nameservers, and the only nameserver left is the
- // internal resolver, use the defaults as ext nameservers.
- if len(rc.md.ExtNameServers) == 0 && len(rc.nameServers) == 1 {
- log.G(context.TODO()).Info("No non-localhost DNS nameservers are left in resolv.conf. Using default external servers")
- for _, addr := range defaultNSAddrs(ipv6) {
- rc.md.ExtNameServers = append(rc.md.ExtNameServers, ExtDNSEntry{Addr: addr})
- }
- rc.md.UsedDefaultNS = true
- }
+ // The transformed config only lists the internal nameserver.
+ rc.nameServers = []netip.Addr{internalNS}
// For each option required by the nameserver, add it if not already present. If
// the option is already present, don't override it. Apart from ndots - if the
@@ -362,10 +345,10 @@ options {{join . " "}}
var buf bytes.Buffer
templ, err := template.New("summary").Funcs(funcs).Parse(templateText)
if err != nil {
- return nil, errdefs.System(err)
+ return nil, errSystem{err}
}
if err := templ.Execute(&buf, s); err != nil {
- return nil, errdefs.System(err)
+ return nil, errSystem{err}
}
return buf.Bytes(), nil
}
@@ -382,19 +365,18 @@ func (rc *ResolvConf) WriteFile(path, hashPath string, perm os.FileMode) error {
// Write the resolv.conf file - it's bind-mounted into the container, so can't
// move a temp file into place, just have to truncate and write it.
if err := os.WriteFile(path, content, perm); err != nil {
- return errdefs.System(err)
+ return errSystem{err}
}
// Write the hash file.
if hashPath != "" {
- hashFile, err := ioutils.NewAtomicFileWriter(hashPath, perm)
+ hashFile, err := atomicwriter.New(hashPath, perm)
if err != nil {
- return errdefs.System(err)
+ return errSystem{err}
}
defer hashFile.Close()
- digest := digest.FromBytes(content)
- if _, err = hashFile.Write([]byte(digest)); err != nil {
+ if _, err = hashFile.Write([]byte(digest.FromBytes(content))); err != nil {
return err
}
}
@@ -498,3 +480,16 @@ func removeInvalidNDots(options []string) []string {
clear(options[n:]) // Zero out the obsolete elements, for GC.
return options[:n]
}
+
+// errSystem implements [github.com/docker/docker/errdefs.ErrSystem].
+//
+// We don't use the errdefs helpers here, because the resolvconf package
+// is imported in BuildKit, and this is the only location that used the
+// errdefs package outside of the client.
+type errSystem struct{ error }
+
+func (errSystem) System() {}
+
+func (e errSystem) Unwrap() error {
+ return e.error
+}
diff --git a/vendor/github.com/docker/docker/pkg/archive/archive.go b/vendor/github.com/docker/docker/pkg/archive/archive.go
index cde64f08ebc1..b7eae21328b4 100644
--- a/vendor/github.com/docker/docker/pkg/archive/archive.go
+++ b/vendor/github.com/docker/docker/pkg/archive/archive.go
@@ -1,5 +1,5 @@
// Package archive provides helper functions for dealing with archive files.
-package archive // import "github.com/docker/docker/pkg/archive"
+package archive
import (
"archive/tar"
@@ -9,26 +9,26 @@ import (
"compress/gzip"
"context"
"encoding/binary"
+ "errors"
"fmt"
"io"
"os"
"os/exec"
"path/filepath"
"runtime"
+ "runtime/debug"
"strconv"
"strings"
+ "sync"
+ "sync/atomic"
"syscall"
"time"
"github.com/containerd/log"
"github.com/docker/docker/pkg/idtools"
- "github.com/docker/docker/pkg/ioutils"
- "github.com/docker/docker/pkg/pools"
- "github.com/docker/docker/pkg/system"
"github.com/klauspost/compress/zstd"
"github.com/moby/patternmatcher"
"github.com/moby/sys/sequential"
- "github.com/pkg/errors"
)
// ImpliedDirectoryMode represents the mode (Unix permissions) applied to directories that are implied by files in a
@@ -215,17 +215,66 @@ func gzDecompress(ctx context.Context, buf io.Reader) (io.ReadCloser, error) {
return cmdStream(exec.CommandContext(ctx, unpigzPath, "-d", "-c"), buf)
}
-func wrapReadCloser(readBuf io.ReadCloser, cancel context.CancelFunc) io.ReadCloser {
- return ioutils.NewReadCloserWrapper(readBuf, func() error {
- cancel()
- return readBuf.Close()
- })
+type readCloserWrapper struct {
+ io.Reader
+ closer func() error
+ closed atomic.Bool
+}
+
+func (r *readCloserWrapper) Close() error {
+ if !r.closed.CompareAndSwap(false, true) {
+ log.G(context.TODO()).Error("subsequent attempt to close readCloserWrapper")
+ if log.GetLevel() >= log.DebugLevel {
+ log.G(context.TODO()).Errorf("stack trace: %s", string(debug.Stack()))
+ }
+
+ return nil
+ }
+ if r.closer != nil {
+ return r.closer()
+ }
+ return nil
+}
+
+var (
+ bufioReader32KPool = &sync.Pool{
+ New: func() interface{} { return bufio.NewReaderSize(nil, 32*1024) },
+ }
+)
+
+type bufferedReader struct {
+ buf *bufio.Reader
+}
+
+func newBufferedReader(r io.Reader) *bufferedReader {
+ buf := bufioReader32KPool.Get().(*bufio.Reader)
+ buf.Reset(r)
+ return &bufferedReader{buf}
+}
+
+func (r *bufferedReader) Read(p []byte) (n int, err error) {
+ if r.buf == nil {
+ return 0, io.EOF
+ }
+ n, err = r.buf.Read(p)
+ if err == io.EOF {
+ r.buf.Reset(nil)
+ bufioReader32KPool.Put(r.buf)
+ r.buf = nil
+ }
+ return
+}
+
+func (r *bufferedReader) Peek(n int) ([]byte, error) {
+ if r.buf == nil {
+ return nil, io.EOF
+ }
+ return r.buf.Peek(n)
}
// DecompressStream decompresses the archive and returns a ReaderCloser with the decompressed archive.
func DecompressStream(archive io.Reader) (io.ReadCloser, error) {
- p := pools.BufioReader32KPool
- buf := p.Get(archive)
+ buf := newBufferedReader(archive)
bs, err := buf.Peek(10)
if err != nil && err != io.EOF {
// Note: we'll ignore any io.EOF error because there are some odd
@@ -240,8 +289,9 @@ func DecompressStream(archive io.Reader) (io.ReadCloser, error) {
compression := DetectCompression(bs)
switch compression {
case Uncompressed:
- readBufWrapper := p.NewReadCloserWrapper(buf, buf)
- return readBufWrapper, nil
+ return &readCloserWrapper{
+ Reader: buf,
+ }, nil
case Gzip:
ctx, cancel := context.WithCancel(context.Background())
@@ -250,12 +300,18 @@ func DecompressStream(archive io.Reader) (io.ReadCloser, error) {
cancel()
return nil, err
}
- readBufWrapper := p.NewReadCloserWrapper(buf, gzReader)
- return wrapReadCloser(readBufWrapper, cancel), nil
+ return &readCloserWrapper{
+ Reader: gzReader,
+ closer: func() error {
+ cancel()
+ return gzReader.Close()
+ },
+ }, nil
case Bzip2:
bz2Reader := bzip2.NewReader(buf)
- readBufWrapper := p.NewReadCloserWrapper(buf, bz2Reader)
- return readBufWrapper, nil
+ return &readCloserWrapper{
+ Reader: bz2Reader,
+ }, nil
case Xz:
ctx, cancel := context.WithCancel(context.Background())
@@ -264,32 +320,44 @@ func DecompressStream(archive io.Reader) (io.ReadCloser, error) {
cancel()
return nil, err
}
- readBufWrapper := p.NewReadCloserWrapper(buf, xzReader)
- return wrapReadCloser(readBufWrapper, cancel), nil
+
+ return &readCloserWrapper{
+ Reader: xzReader,
+ closer: func() error {
+ cancel()
+ return xzReader.Close()
+ },
+ }, nil
case Zstd:
zstdReader, err := zstd.NewReader(buf)
if err != nil {
return nil, err
}
- readBufWrapper := p.NewReadCloserWrapper(buf, zstdReader)
- return readBufWrapper, nil
+ return &readCloserWrapper{
+ Reader: zstdReader,
+ closer: func() error {
+ zstdReader.Close()
+ return nil
+ },
+ }, nil
default:
return nil, fmt.Errorf("Unsupported compression format %s", (&compression).Extension())
}
}
+type nopWriteCloser struct {
+ io.Writer
+}
+
+func (nopWriteCloser) Close() error { return nil }
+
// CompressStream compresses the dest with specified compression algorithm.
func CompressStream(dest io.Writer, compression Compression) (io.WriteCloser, error) {
- p := pools.BufioWriter32KPool
- buf := p.Get(dest)
switch compression {
case Uncompressed:
- writeBufWrapper := p.NewWriteCloserWrapper(buf, buf)
- return writeBufWrapper, nil
+ return nopWriteCloser{dest}, nil
case Gzip:
- gzWriter := gzip.NewWriter(dest)
- writeBufWrapper := p.NewWriteCloserWrapper(buf, gzWriter)
- return writeBufWrapper, nil
+ return gzip.NewWriter(dest), nil
case Bzip2, Xz:
// archive/bzip2 does not support writing, and there is no xz support at all
// However, this is not a problem as docker only currently generates gzipped tars
@@ -360,7 +428,7 @@ func ReplaceFileTarWrapper(inputTarStream io.ReadCloser, mods map[string]TarModi
pipeWriter.CloseWithError(err)
return
}
- if _, err := pools.Copy(tarWriter, tarReader); err != nil {
+ if _, err := copyWithBuffer(tarWriter, tarReader); err != nil {
pipeWriter.CloseWithError(err)
return
}
@@ -484,7 +552,7 @@ func ReadSecurityXattrToTarHeader(path string, hdr *tar.Header) error {
vfsCapRevision2 = 2
vfsCapRevision3 = 3
)
- capability, _ := system.Lgetxattr(path, "security.capability")
+ capability, _ := lgetxattr(path, "security.capability")
if capability != nil {
if capability[versionOffset] == vfsCapRevision3 {
// Convert VFS_CAP_REVISION_3 to VFS_CAP_REVISION_2 as root UID makes no
@@ -507,7 +575,6 @@ type tarWhiteoutConverter interface {
type tarAppender struct {
TarWriter *tar.Writer
- Buffer *bufio.Writer
// for hardlink mapping
SeenFiles map[uint64]string
@@ -525,21 +592,11 @@ func newTarAppender(idMapping idtools.IdentityMapping, writer io.Writer, chownOp
return &tarAppender{
SeenFiles: make(map[uint64]string),
TarWriter: tar.NewWriter(writer),
- Buffer: pools.BufioWriter32KPool.Get(nil),
IdentityMapping: idMapping,
ChownOpts: chownOpts,
}
}
-// CanonicalTarNameForPath canonicalizes relativePath to a POSIX-style path using
-// forward slashes. It is an alias for [filepath.ToSlash], which is a no-op on
-// Linux and Unix.
-//
-// Deprecated: use [filepath.ToSlash]. This function will be removed in the next release.
-func CanonicalTarNameForPath(relativePath string) string {
- return filepath.ToSlash(relativePath)
-}
-
// canonicalTarName provides a platform-independent and consistent POSIX-style
// path for files and directories to be archived regardless of the platform.
func canonicalTarName(name string, isDir bool) string {
@@ -652,17 +709,11 @@ func (ta *tarAppender) addTarFile(path, name string) error {
return err
}
- ta.Buffer.Reset(ta.TarWriter)
- defer ta.Buffer.Reset(nil)
- _, err = io.Copy(ta.Buffer, file)
+ _, err = copyWithBuffer(ta.TarWriter, file)
file.Close()
if err != nil {
return err
}
- err = ta.Buffer.Flush()
- if err != nil {
- return err
- }
}
return nil
@@ -705,7 +756,7 @@ func createTarFile(path, extractDir string, hdr *tar.Header, reader io.Reader, o
if err != nil {
return err
}
- if _, err := io.Copy(file, reader); err != nil {
+ if _, err := copyWithBuffer(file, reader); err != nil {
file.Close()
return err
}
@@ -771,11 +822,11 @@ func createTarFile(path, extractDir string, hdr *tar.Header, reader io.Reader, o
chownOpts = &idtools.Identity{UID: hdr.Uid, GID: hdr.Gid}
}
if err := os.Lchown(path, chownOpts.UID, chownOpts.GID); err != nil {
- msg := "failed to Lchown %q for UID %d, GID %d"
+ var msg string
if inUserns && errors.Is(err, syscall.EINVAL) {
- msg += " (try increasing the number of subordinate IDs in /etc/subuid and /etc/subgid)"
+ msg = " (try increasing the number of subordinate IDs in /etc/subuid and /etc/subgid)"
}
- return errors.Wrapf(err, msg, path, hdr.Uid, hdr.Gid)
+ return fmt.Errorf("failed to Lchown %q for UID %d, GID %d%s: %w", path, hdr.Uid, hdr.Gid, msg, err)
}
}
@@ -785,7 +836,7 @@ func createTarFile(path, extractDir string, hdr *tar.Header, reader io.Reader, o
if !ok {
continue
}
- if err := system.Lsetxattr(path, xattr, []byte(value), 0); err != nil {
+ if err := lsetxattr(path, xattr, []byte(value), 0); err != nil {
if bestEffortXattrs && errors.Is(err, syscall.ENOTSUP) || errors.Is(err, syscall.EPERM) {
// EPERM occurs if modifying xattrs is not allowed. This can
// happen when running in userns with restrictions (ChromeOS).
@@ -808,26 +859,22 @@ func createTarFile(path, extractDir string, hdr *tar.Header, reader io.Reader, o
return err
}
- aTime := hdr.AccessTime
- if aTime.Before(hdr.ModTime) {
- // Last access time should never be before last modified time.
- aTime = hdr.ModTime
- }
+ aTime := boundTime(latestTime(hdr.AccessTime, hdr.ModTime))
+ mTime := boundTime(hdr.ModTime)
- // system.Chtimes doesn't support a NOFOLLOW flag atm
+ // chtimes doesn't support a NOFOLLOW flag atm
if hdr.Typeflag == tar.TypeLink {
if fi, err := os.Lstat(hdr.Linkname); err == nil && (fi.Mode()&os.ModeSymlink == 0) {
- if err := system.Chtimes(path, aTime, hdr.ModTime); err != nil {
+ if err := chtimes(path, aTime, mTime); err != nil {
return err
}
}
} else if hdr.Typeflag != tar.TypeSymlink {
- if err := system.Chtimes(path, aTime, hdr.ModTime); err != nil {
+ if err := chtimes(path, aTime, mTime); err != nil {
return err
}
} else {
- ts := []syscall.Timespec{timeToTimespec(aTime), timeToTimespec(hdr.ModTime)}
- if err := system.LUtimesNano(path, ts); err != nil && err != system.ErrNotSupportedPlatform {
+ if err := lchtimes(path, aTime, mTime); err != nil {
return err
}
}
@@ -920,9 +967,6 @@ func (t *Tarballer) Do() {
}
}()
- // this buffer is needed for the duration of this piped stream
- defer pools.BufioWriter32KPool.Put(ta.Buffer)
-
// In general we log errors here but ignore them because
// during e.g. a diff operation the container can continue
// mutating the filesystem and we can see transient errors
@@ -1078,8 +1122,6 @@ func (t *Tarballer) Do() {
// Unpack unpacks the decompressedArchive to dest with options.
func Unpack(decompressedArchive io.Reader, dest string, options *TarOptions) error {
tr := tar.NewReader(decompressedArchive)
- trBuf := pools.BufioReader32KPool.Get(nil)
- defer pools.BufioReader32KPool.Put(trBuf)
var dirs []*tar.Header
whiteoutConverter := getWhiteoutConverter(options.WhiteoutFormat)
@@ -1156,7 +1198,6 @@ loop:
}
}
}
- trBuf.Reset(tr)
if err := remapIDs(options.IDMap, hdr); err != nil {
return err
@@ -1172,7 +1213,7 @@ loop:
}
}
- if err := createTarFile(path, dest, hdr, trBuf, options); err != nil {
+ if err := createTarFile(path, dest, hdr, tr, options); err != nil {
return err
}
@@ -1187,7 +1228,7 @@ loop:
// #nosec G305 -- The header was checked for path traversal before it was appended to the dirs slice.
path := filepath.Join(dest, hdr.Name)
- if err := system.Chtimes(path, hdr.AccessTime, hdr.ModTime); err != nil {
+ if err := chtimes(path, boundTime(latestTime(hdr.AccessTime, hdr.ModTime)), boundTime(hdr.ModTime)); err != nil {
return err
}
}
@@ -1336,7 +1377,7 @@ func (archiver *Archiver) CopyFileWithTar(src, dst string) (err error) {
dst = filepath.Join(dst, filepath.Base(src))
}
// Create the holding directory if necessary
- if err := system.MkdirAll(filepath.Dir(dst), 0o700); err != nil {
+ if err := os.MkdirAll(filepath.Dir(dst), 0o700); err != nil {
return err
}
@@ -1375,7 +1416,7 @@ func (archiver *Archiver) CopyFileWithTar(src, dst string) (err error) {
if err := tw.WriteHeader(hdr); err != nil {
return err
}
- if _, err := io.Copy(tw, srcF); err != nil {
+ if _, err := copyWithBuffer(tw, srcF); err != nil {
return err
}
return nil
@@ -1433,68 +1474,14 @@ func cmdStream(cmd *exec.Cmd, input io.Reader) (io.ReadCloser, error) {
close(done)
}()
- return ioutils.NewReadCloserWrapper(pipeR, func() error {
- // Close pipeR, and then wait for the command to complete before returning. We have to close pipeR first, as
- // cmd.Wait waits for any non-file stdout/stderr/stdin to close.
- err := pipeR.Close()
- <-done
- return err
- }), nil
-}
-
-// NewTempArchive reads the content of src into a temporary file, and returns the contents
-// of that file as an archive. The archive can only be read once - as soon as reading completes,
-// the file will be deleted.
-//
-// Deprecated: NewTempArchive is only used in tests and will be removed in the next release.
-func NewTempArchive(src io.Reader, dir string) (*TempArchive, error) {
- f, err := os.CreateTemp(dir, "")
- if err != nil {
- return nil, err
- }
- if _, err := io.Copy(f, src); err != nil {
- return nil, err
- }
- if _, err := f.Seek(0, 0); err != nil {
- return nil, err
- }
- st, err := f.Stat()
- if err != nil {
- return nil, err
- }
- size := st.Size()
- return &TempArchive{File: f, Size: size}, nil
-}
-
-// TempArchive is a temporary archive. The archive can only be read once - as soon as reading completes,
-// the file will be deleted.
-//
-// Deprecated: TempArchive is only used in tests and will be removed in the next release.
-type TempArchive struct {
- *os.File
- Size int64 // Pre-computed from Stat().Size() as a convenience
- read int64
- closed bool
-}
-
-// Close closes the underlying file if it's still open, or does a no-op
-// to allow callers to try to close the TempArchive multiple times safely.
-func (archive *TempArchive) Close() error {
- if archive.closed {
- return nil
- }
-
- archive.closed = true
-
- return archive.File.Close()
-}
-
-func (archive *TempArchive) Read(data []byte) (int, error) {
- n, err := archive.File.Read(data)
- archive.read += int64(n)
- if err != nil || archive.read == archive.Size {
- archive.Close()
- os.Remove(archive.File.Name())
- }
- return n, err
+ return &readCloserWrapper{
+ Reader: pipeR,
+ closer: func() error {
+ // Close pipeR, and then wait for the command to complete before returning. We have to close pipeR first, as
+ // cmd.Wait waits for any non-file stdout/stderr/stdin to close.
+ err := pipeR.Close()
+ <-done
+ return err
+ },
+ }, nil
}
diff --git a/vendor/github.com/docker/docker/pkg/archive/archive_linux.go b/vendor/github.com/docker/docker/pkg/archive/archive_linux.go
index b9d2a538ab01..631d2e3c5b72 100644
--- a/vendor/github.com/docker/docker/pkg/archive/archive_linux.go
+++ b/vendor/github.com/docker/docker/pkg/archive/archive_linux.go
@@ -1,14 +1,13 @@
-package archive // import "github.com/docker/docker/pkg/archive"
+package archive
import (
"archive/tar"
+ "fmt"
"os"
"path/filepath"
"strings"
- "github.com/docker/docker/pkg/system"
"github.com/moby/sys/userns"
- "github.com/pkg/errors"
"golang.org/x/sys/unix"
)
@@ -39,7 +38,7 @@ func (overlayWhiteoutConverter) ConvertWrite(hdr *tar.Header, path string, fi os
}
// convert opaque dirs to AUFS format by writing an empty file with the prefix
- opaque, err := system.Lgetxattr(path, opaqueXattrName)
+ opaque, err := lgetxattr(path, opaqueXattrName)
if err != nil {
return nil, err
}
@@ -79,7 +78,7 @@ func (c overlayWhiteoutConverter) ConvertRead(hdr *tar.Header, path string) (boo
err := unix.Setxattr(dir, opaqueXattrName, []byte{'y'}, 0)
if err != nil {
- return false, errors.Wrapf(err, "setxattr(%q, %s=y)", dir, opaqueXattrName)
+ return false, fmt.Errorf("setxattr('%s', %s=y): %w", dir, opaqueXattrName, err)
}
// don't write the file itself
return false, err
@@ -91,7 +90,7 @@ func (c overlayWhiteoutConverter) ConvertRead(hdr *tar.Header, path string) (boo
originalPath := filepath.Join(dir, originalBase)
if err := unix.Mknod(originalPath, unix.S_IFCHR, 0); err != nil {
- return false, errors.Wrapf(err, "failed to mknod(%q, S_IFCHR, 0)", originalPath)
+ return false, fmt.Errorf("failed to mknod('%s', S_IFCHR, 0): %w", originalPath, err)
}
if err := os.Chown(originalPath, hdr.Uid, hdr.Gid); err != nil {
return false, err
diff --git a/vendor/github.com/docker/docker/pkg/archive/archive_other.go b/vendor/github.com/docker/docker/pkg/archive/archive_other.go
index 7dee1f7a4615..6495549f60e8 100644
--- a/vendor/github.com/docker/docker/pkg/archive/archive_other.go
+++ b/vendor/github.com/docker/docker/pkg/archive/archive_other.go
@@ -1,6 +1,6 @@
//go:build !linux
-package archive // import "github.com/docker/docker/pkg/archive"
+package archive
func getWhiteoutConverter(format WhiteoutFormat) tarWhiteoutConverter {
return nil
diff --git a/vendor/github.com/docker/docker/pkg/archive/archive_unix.go b/vendor/github.com/docker/docker/pkg/archive/archive_unix.go
index f559a30565f3..9c70d1789f12 100644
--- a/vendor/github.com/docker/docker/pkg/archive/archive_unix.go
+++ b/vendor/github.com/docker/docker/pkg/archive/archive_unix.go
@@ -1,6 +1,6 @@
//go:build !windows
-package archive // import "github.com/docker/docker/pkg/archive"
+package archive
import (
"archive/tar"
@@ -12,7 +12,6 @@ import (
"syscall"
"github.com/docker/docker/pkg/idtools"
- "github.com/docker/docker/pkg/system"
"golang.org/x/sys/unix"
)
@@ -109,7 +108,7 @@ func handleTarTypeBlockCharFifo(hdr *tar.Header, path string) error {
mode |= unix.S_IFIFO
}
- return system.Mknod(path, mode, int(system.Mkdev(hdr.Devmajor, hdr.Devminor)))
+ return mknod(path, mode, unix.Mkdev(uint32(hdr.Devmajor), uint32(hdr.Devminor)))
}
func handleLChmod(hdr *tar.Header, path string, hdrInfo os.FileInfo) error {
diff --git a/vendor/github.com/docker/docker/pkg/archive/archive_windows.go b/vendor/github.com/docker/docker/pkg/archive/archive_windows.go
index e25c64b415cf..031608162f9f 100644
--- a/vendor/github.com/docker/docker/pkg/archive/archive_windows.go
+++ b/vendor/github.com/docker/docker/pkg/archive/archive_windows.go
@@ -1,4 +1,4 @@
-package archive // import "github.com/docker/docker/pkg/archive"
+package archive
import (
"archive/tar"
diff --git a/vendor/github.com/docker/docker/pkg/archive/changes.go b/vendor/github.com/docker/docker/pkg/archive/changes.go
index 5f12ca4016a1..79c810a6819b 100644
--- a/vendor/github.com/docker/docker/pkg/archive/changes.go
+++ b/vendor/github.com/docker/docker/pkg/archive/changes.go
@@ -1,4 +1,4 @@
-package archive // import "github.com/docker/docker/pkg/archive"
+package archive
import (
"archive/tar"
@@ -6,17 +6,15 @@ import (
"context"
"fmt"
"io"
+ "io/fs"
"os"
"path/filepath"
"sort"
"strings"
- "syscall"
"time"
"github.com/containerd/log"
"github.com/docker/docker/pkg/idtools"
- "github.com/docker/docker/pkg/pools"
- "github.com/docker/docker/pkg/system"
)
// ChangeType represents the change type.
@@ -74,11 +72,6 @@ func sameFsTime(a, b time.Time) bool {
(a.Nanosecond() == 0 || b.Nanosecond() == 0))
}
-func sameFsTimeSpec(a, b syscall.Timespec) bool {
- return a.Sec == b.Sec &&
- (a.Nsec == b.Nsec || a.Nsec == 0 || b.Nsec == 0)
-}
-
// Changes walks the path rw and determines changes for the files in the path,
// with respect to the parent layers
func Changes(layers []string, rw string) ([]Change, error) {
@@ -210,7 +203,7 @@ func changes(layers []string, rw string, dc deleteChange, sc skipChange) ([]Chan
type FileInfo struct {
parent *FileInfo
name string
- stat *system.StatT
+ stat fs.FileInfo
children map[string]*FileInfo
capability []byte
added bool
@@ -395,9 +388,6 @@ func ExportChanges(dir string, changes []Change, idMap idtools.IdentityMapping)
go func() {
ta := newTarAppender(idMap, writer, nil)
- // this buffer is needed for the duration of this piped stream
- defer pools.BufioWriter32KPool.Put(ta.Buffer)
-
sort.Sort(changesByPath(changes))
// In general we log errors here but ignore them because
diff --git a/vendor/github.com/docker/docker/pkg/archive/changes_linux.go b/vendor/github.com/docker/docker/pkg/archive/changes_linux.go
index 81fcbc5bab59..6bb358486a63 100644
--- a/vendor/github.com/docker/docker/pkg/archive/changes_linux.go
+++ b/vendor/github.com/docker/docker/pkg/archive/changes_linux.go
@@ -1,4 +1,4 @@
-package archive // import "github.com/docker/docker/pkg/archive"
+package archive
import (
"bytes"
@@ -9,7 +9,6 @@ import (
"syscall"
"unsafe"
- "github.com/docker/docker/pkg/system"
"golang.org/x/sys/unix"
)
@@ -74,12 +73,8 @@ func walkchunk(path string, fi os.FileInfo, dir string, root *FileInfo) error {
parent: parent,
}
cpath := filepath.Join(dir, path)
- stat, err := system.FromStatT(fi.Sys().(*syscall.Stat_t))
- if err != nil {
- return err
- }
- info.stat = stat
- info.capability, _ = system.Lgetxattr(cpath, "security.capability") // lgetxattr(2): fs access
+ info.stat = fi
+ info.capability, _ = lgetxattr(cpath, "security.capability") // lgetxattr(2): fs access
parent.children[info.name] = info
return nil
}
@@ -261,13 +256,13 @@ func readdirnames(dirname string) (names []nameIno, err error) {
func parseDirent(buf []byte, names []nameIno) (consumed int, newnames []nameIno) {
origlen := len(buf)
for len(buf) > 0 {
- dirent := (*unix.Dirent)(unsafe.Pointer(&buf[0]))
+ dirent := (*unix.Dirent)(unsafe.Pointer(&buf[0])) // #nosec G103 -- Ignore "G103: Use of unsafe calls should be audited"
buf = buf[dirent.Reclen:]
if dirent.Ino == 0 { // File absent in directory.
continue
}
- bytes := (*[10000]byte)(unsafe.Pointer(&dirent.Name[0]))
- name := string(bytes[0:clen(bytes[:])])
+ b := (*[10000]byte)(unsafe.Pointer(&dirent.Name[0])) // #nosec G103 -- Ignore "G103: Use of unsafe calls should be audited"
+ name := string(b[0:clen(b[:])])
if name == "." || name == ".." { // Useless names
continue
}
diff --git a/vendor/github.com/docker/docker/pkg/archive/changes_other.go b/vendor/github.com/docker/docker/pkg/archive/changes_other.go
index 28f741a25ddb..a8a3a5a6faa8 100644
--- a/vendor/github.com/docker/docker/pkg/archive/changes_other.go
+++ b/vendor/github.com/docker/docker/pkg/archive/changes_other.go
@@ -1,6 +1,6 @@
//go:build !linux
-package archive // import "github.com/docker/docker/pkg/archive"
+package archive
import (
"fmt"
@@ -8,8 +8,6 @@ import (
"path/filepath"
"runtime"
"strings"
-
- "github.com/docker/docker/pkg/system"
)
func collectFileInfoForChanges(oldDir, newDir string) (*FileInfo, *FileInfo, error) {
@@ -72,7 +70,7 @@ func collectFileInfo(sourceDir string) (*FileInfo, error) {
return fmt.Errorf("collectFileInfo: Unexpectedly no parent for %s", relPath)
}
- s, err := system.Lstat(path)
+ s, err := os.Lstat(path)
if err != nil {
return err
}
@@ -84,11 +82,7 @@ func collectFileInfo(sourceDir string) (*FileInfo, error) {
stat: s,
}
- // system.Lgetxattr is only implemented on Linux and produces an error
- // on other platforms. This code is intentionally left commented-out
- // as a reminder to include this code if this would ever be implemented
- // on other platforms.
- // info.capability, _ = system.Lgetxattr(path, "security.capability")
+ info.capability, _ = lgetxattr(path, "security.capability")
parent.children[info.name] = info
diff --git a/vendor/github.com/docker/docker/pkg/archive/changes_unix.go b/vendor/github.com/docker/docker/pkg/archive/changes_unix.go
index 853c73ee8c03..4dd98bd2935f 100644
--- a/vendor/github.com/docker/docker/pkg/archive/changes_unix.go
+++ b/vendor/github.com/docker/docker/pkg/archive/changes_unix.go
@@ -1,21 +1,21 @@
//go:build !windows
-package archive // import "github.com/docker/docker/pkg/archive"
+package archive
import (
+ "io/fs"
"os"
"syscall"
-
- "github.com/docker/docker/pkg/system"
- "golang.org/x/sys/unix"
)
-func statDifferent(oldStat *system.StatT, newStat *system.StatT) bool {
+func statDifferent(oldStat fs.FileInfo, newStat fs.FileInfo) bool {
+ oldSys := oldStat.Sys().(*syscall.Stat_t)
+ newSys := newStat.Sys().(*syscall.Stat_t)
// Don't look at size for dirs, its not a good measure of change
if oldStat.Mode() != newStat.Mode() ||
- oldStat.UID() != newStat.UID() ||
- oldStat.GID() != newStat.GID() ||
- oldStat.Rdev() != newStat.Rdev() ||
+ oldSys.Uid != newSys.Uid ||
+ oldSys.Gid != newSys.Gid ||
+ oldSys.Rdev != newSys.Rdev ||
// Don't look at size or modification time for dirs, its not a good
// measure of change. See https://github.com/moby/moby/issues/9874
// for a description of the issue with modification time, and
@@ -23,15 +23,15 @@ func statDifferent(oldStat *system.StatT, newStat *system.StatT) bool {
// (Note that in the Windows implementation of this function,
// modification time IS taken as a change). See
// https://github.com/moby/moby/pull/37982 for more information.
- (oldStat.Mode()&unix.S_IFDIR != unix.S_IFDIR &&
- (!sameFsTimeSpec(oldStat.Mtim(), newStat.Mtim()) || (oldStat.Size() != newStat.Size()))) {
+ (!oldStat.Mode().IsDir() &&
+ (!sameFsTime(oldStat.ModTime(), newStat.ModTime()) || (oldStat.Size() != newStat.Size()))) {
return true
}
return false
}
func (info *FileInfo) isDir() bool {
- return info.parent == nil || info.stat.Mode()&unix.S_IFDIR != 0
+ return info.parent == nil || info.stat.Mode().IsDir()
}
func getIno(fi os.FileInfo) uint64 {
diff --git a/vendor/github.com/docker/docker/pkg/archive/changes_windows.go b/vendor/github.com/docker/docker/pkg/archive/changes_windows.go
index 9906685e4b0e..c89605c78fed 100644
--- a/vendor/github.com/docker/docker/pkg/archive/changes_windows.go
+++ b/vendor/github.com/docker/docker/pkg/archive/changes_windows.go
@@ -1,19 +1,18 @@
-package archive // import "github.com/docker/docker/pkg/archive"
+package archive
import (
+ "io/fs"
"os"
-
- "github.com/docker/docker/pkg/system"
)
-func statDifferent(oldStat *system.StatT, newStat *system.StatT) bool {
+func statDifferent(oldStat fs.FileInfo, newStat fs.FileInfo) bool {
// Note there is slight difference between the Linux and Windows
// implementations here. Due to https://github.com/moby/moby/issues/9874,
// and the fix at https://github.com/moby/moby/pull/11422, Linux does not
// consider a change to the directory time as a change. Windows on NTFS
// does. See https://github.com/moby/moby/pull/37982 for more information.
- if !sameFsTime(oldStat.Mtim(), newStat.Mtim()) ||
+ if !sameFsTime(oldStat.ModTime(), newStat.ModTime()) ||
oldStat.Mode() != newStat.Mode() ||
oldStat.Size() != newStat.Size() && !oldStat.Mode().IsDir() {
return true
diff --git a/vendor/github.com/docker/docker/pkg/archive/copy.go b/vendor/github.com/docker/docker/pkg/archive/copy.go
index 01eadc30d99a..cddf18ecdb8b 100644
--- a/vendor/github.com/docker/docker/pkg/archive/copy.go
+++ b/vendor/github.com/docker/docker/pkg/archive/copy.go
@@ -1,4 +1,4 @@
-package archive // import "github.com/docker/docker/pkg/archive"
+package archive
import (
"archive/tar"
@@ -8,9 +8,9 @@ import (
"os"
"path/filepath"
"strings"
+ "sync"
"github.com/containerd/log"
- "github.com/docker/docker/pkg/system"
)
// Errors used or returned by this file.
@@ -21,6 +21,17 @@ var (
ErrInvalidCopySource = errors.New("invalid copy source content")
)
+var copyPool = sync.Pool{
+ New: func() interface{} { s := make([]byte, 32*1024); return &s },
+}
+
+func copyWithBuffer(dst io.Writer, src io.Reader) (written int64, err error) {
+ buf := copyPool.Get().(*[]byte)
+ written, err = io.CopyBuffer(dst, src, *buf)
+ copyPool.Put(buf)
+ return
+}
+
// PreserveTrailingDotOrSeparator returns the given cleaned path (after
// processing using any utility functions from the path or filepath stdlib
// packages) and appends a trailing `/.` or `/` if its corresponding original
@@ -203,7 +214,7 @@ func CopyInfoDestinationPath(path string) (info CopyInfo, err error) {
return CopyInfo{}, err
}
- if !system.IsAbs(linkTarget) {
+ if !filepath.IsAbs(linkTarget) {
// Join with the parent directory.
dstParent, _ := SplitPathDirEntry(path)
linkTarget = filepath.Join(dstParent, linkTarget)
diff --git a/vendor/github.com/docker/docker/pkg/archive/copy_unix.go b/vendor/github.com/docker/docker/pkg/archive/copy_unix.go
index 065bd4addaea..f579282449af 100644
--- a/vendor/github.com/docker/docker/pkg/archive/copy_unix.go
+++ b/vendor/github.com/docker/docker/pkg/archive/copy_unix.go
@@ -1,6 +1,6 @@
//go:build !windows
-package archive // import "github.com/docker/docker/pkg/archive"
+package archive
import (
"path/filepath"
diff --git a/vendor/github.com/docker/docker/pkg/archive/copy_windows.go b/vendor/github.com/docker/docker/pkg/archive/copy_windows.go
index a878d1bac426..2b775b45c4f1 100644
--- a/vendor/github.com/docker/docker/pkg/archive/copy_windows.go
+++ b/vendor/github.com/docker/docker/pkg/archive/copy_windows.go
@@ -1,4 +1,4 @@
-package archive // import "github.com/docker/docker/pkg/archive"
+package archive
import (
"path/filepath"
diff --git a/vendor/github.com/docker/docker/pkg/archive/dev_freebsd.go b/vendor/github.com/docker/docker/pkg/archive/dev_freebsd.go
new file mode 100644
index 000000000000..aa8e29154a2d
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/archive/dev_freebsd.go
@@ -0,0 +1,7 @@
+//go:build freebsd
+
+package archive
+
+import "golang.org/x/sys/unix"
+
+var mknod = unix.Mknod
diff --git a/vendor/github.com/docker/docker/pkg/archive/dev_unix.go b/vendor/github.com/docker/docker/pkg/archive/dev_unix.go
new file mode 100644
index 000000000000..dffc596f93f7
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/archive/dev_unix.go
@@ -0,0 +1,9 @@
+//go:build !windows && !freebsd
+
+package archive
+
+import "golang.org/x/sys/unix"
+
+func mknod(path string, mode uint32, dev uint64) error {
+ return unix.Mknod(path, mode, int(dev))
+}
diff --git a/vendor/github.com/docker/docker/pkg/archive/diff.go b/vendor/github.com/docker/docker/pkg/archive/diff.go
index e080e310ac8b..d5a394cdc953 100644
--- a/vendor/github.com/docker/docker/pkg/archive/diff.go
+++ b/vendor/github.com/docker/docker/pkg/archive/diff.go
@@ -1,4 +1,4 @@
-package archive // import "github.com/docker/docker/pkg/archive"
+package archive
import (
"archive/tar"
@@ -11,8 +11,6 @@ import (
"strings"
"github.com/containerd/log"
- "github.com/docker/docker/pkg/pools"
- "github.com/docker/docker/pkg/system"
)
// UnpackLayer unpack `layer` to a `dest`. The stream `layer` can be
@@ -20,8 +18,6 @@ import (
// Returns the size in bytes of the contents of the layer.
func UnpackLayer(dest string, layer io.Reader, options *TarOptions) (size int64, err error) {
tr := tar.NewReader(layer)
- trBuf := pools.BufioReader32KPool.Get(tr)
- defer pools.BufioReader32KPool.Put(trBuf)
var dirs []*tar.Header
unpackedPaths := make(map[string]struct{})
@@ -160,8 +156,7 @@ func UnpackLayer(dest string, layer io.Reader, options *TarOptions) (size int64,
}
}
- trBuf.Reset(tr)
- srcData := io.Reader(trBuf)
+ srcData := io.Reader(tr)
srcHdr := hdr
// Hard links into /.wh..wh.plnk don't work, as we don't extract that directory, so
@@ -200,7 +195,7 @@ func UnpackLayer(dest string, layer io.Reader, options *TarOptions) (size int64,
for _, hdr := range dirs {
// #nosec G305 -- The header was checked for path traversal before it was appended to the dirs slice.
path := filepath.Join(dest, hdr.Name)
- if err := system.Chtimes(path, hdr.AccessTime, hdr.ModTime); err != nil {
+ if err := chtimes(path, hdr.AccessTime, hdr.ModTime); err != nil {
return 0, err
}
}
diff --git a/vendor/github.com/docker/docker/pkg/archive/time.go b/vendor/github.com/docker/docker/pkg/archive/time.go
new file mode 100644
index 000000000000..4e9ae9508432
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/archive/time.go
@@ -0,0 +1,38 @@
+package archive
+
+import (
+ "syscall"
+ "time"
+ "unsafe"
+)
+
+var (
+ minTime = time.Unix(0, 0)
+ maxTime time.Time
+)
+
+func init() {
+ if unsafe.Sizeof(syscall.Timespec{}.Nsec) == 8 {
+ // This is a 64 bit timespec
+ // os.Chtimes limits time to the following
+ maxTime = time.Unix(0, 1<<63-1)
+ } else {
+ // This is a 32 bit timespec
+ maxTime = time.Unix(1<<31-1, 0)
+ }
+}
+
+func boundTime(t time.Time) time.Time {
+ if t.Before(minTime) || t.After(maxTime) {
+ return minTime
+ }
+
+ return t
+}
+
+func latestTime(t1, t2 time.Time) time.Time {
+ if t1.Before(t2) {
+ return t2
+ }
+ return t1
+}
diff --git a/vendor/github.com/docker/docker/pkg/archive/time_linux.go b/vendor/github.com/docker/docker/pkg/archive/time_linux.go
deleted file mode 100644
index 797143ee84d8..000000000000
--- a/vendor/github.com/docker/docker/pkg/archive/time_linux.go
+++ /dev/null
@@ -1,16 +0,0 @@
-package archive // import "github.com/docker/docker/pkg/archive"
-
-import (
- "syscall"
- "time"
-)
-
-func timeToTimespec(time time.Time) (ts syscall.Timespec) {
- if time.IsZero() {
- // Return UTIME_OMIT special value
- ts.Sec = 0
- ts.Nsec = (1 << 30) - 2
- return
- }
- return syscall.NsecToTimespec(time.UnixNano())
-}
diff --git a/vendor/github.com/docker/docker/pkg/archive/time_nonwindows.go b/vendor/github.com/docker/docker/pkg/archive/time_nonwindows.go
new file mode 100644
index 000000000000..8ce83bd0b50e
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/archive/time_nonwindows.go
@@ -0,0 +1,40 @@
+//go:build !windows
+
+package archive
+
+import (
+ "os"
+ "time"
+
+ "golang.org/x/sys/unix"
+)
+
+// chtimes changes the access time and modified time of a file at the given path.
+// If the modified time is prior to the Unix Epoch (unixMinTime), or after the
+// end of Unix Time (unixEpochTime), os.Chtimes has undefined behavior. In this
+// case, Chtimes defaults to Unix Epoch, just in case.
+func chtimes(name string, atime time.Time, mtime time.Time) error {
+ return os.Chtimes(name, atime, mtime)
+}
+
+func timeToTimespec(time time.Time) (ts unix.Timespec) {
+ if time.IsZero() {
+ // Return UTIME_OMIT special value
+ ts.Sec = 0
+ ts.Nsec = (1 << 30) - 2
+ return
+ }
+ return unix.NsecToTimespec(time.UnixNano())
+}
+
+func lchtimes(name string, atime time.Time, mtime time.Time) error {
+ utimes := [2]unix.Timespec{
+ timeToTimespec(atime),
+ timeToTimespec(mtime),
+ }
+ err := unix.UtimesNanoAt(unix.AT_FDCWD, name, utimes[0:], unix.AT_SYMLINK_NOFOLLOW)
+ if err != nil && err != unix.ENOSYS {
+ return err
+ }
+ return err
+}
diff --git a/vendor/github.com/docker/docker/pkg/archive/time_unsupported.go b/vendor/github.com/docker/docker/pkg/archive/time_unsupported.go
deleted file mode 100644
index 14c4ceb1d8b4..000000000000
--- a/vendor/github.com/docker/docker/pkg/archive/time_unsupported.go
+++ /dev/null
@@ -1,16 +0,0 @@
-//go:build !linux
-
-package archive // import "github.com/docker/docker/pkg/archive"
-
-import (
- "syscall"
- "time"
-)
-
-func timeToTimespec(time time.Time) (ts syscall.Timespec) {
- nsec := int64(0)
- if !time.IsZero() {
- nsec = time.UnixNano()
- }
- return syscall.NsecToTimespec(nsec)
-}
diff --git a/vendor/github.com/docker/docker/pkg/system/chtimes_windows.go b/vendor/github.com/docker/docker/pkg/archive/time_windows.go
similarity index 50%
rename from vendor/github.com/docker/docker/pkg/system/chtimes_windows.go
rename to vendor/github.com/docker/docker/pkg/archive/time_windows.go
index ab478f5c38e2..af1f7c8f3a07 100644
--- a/vendor/github.com/docker/docker/pkg/system/chtimes_windows.go
+++ b/vendor/github.com/docker/docker/pkg/archive/time_windows.go
@@ -1,15 +1,18 @@
-package system // import "github.com/docker/docker/pkg/system"
+package archive
import (
+ "os"
"time"
"golang.org/x/sys/windows"
)
-// setCTime will set the create time on a file. On Windows, this requires
-// calling SetFileTime and explicitly including the create time.
-func setCTime(path string, ctime time.Time) error {
- pathp, err := windows.UTF16PtrFromString(path)
+func chtimes(name string, atime time.Time, mtime time.Time) error {
+ if err := os.Chtimes(name, atime, mtime); err != nil {
+ return err
+ }
+
+ pathp, err := windows.UTF16PtrFromString(name)
if err != nil {
return err
}
@@ -20,6 +23,10 @@ func setCTime(path string, ctime time.Time) error {
return err
}
defer windows.Close(h)
- c := windows.NsecToFiletime(ctime.UnixNano())
+ c := windows.NsecToFiletime(mtime.UnixNano())
return windows.SetFileTime(h, &c, nil, nil)
}
+
+func lchtimes(name string, atime time.Time, mtime time.Time) error {
+ return nil
+}
diff --git a/vendor/github.com/docker/docker/pkg/archive/whiteouts.go b/vendor/github.com/docker/docker/pkg/archive/whiteouts.go
index 4c072a87ee53..d20478a10dc1 100644
--- a/vendor/github.com/docker/docker/pkg/archive/whiteouts.go
+++ b/vendor/github.com/docker/docker/pkg/archive/whiteouts.go
@@ -1,4 +1,4 @@
-package archive // import "github.com/docker/docker/pkg/archive"
+package archive
// Whiteouts are files with a special meaning for the layered filesystem.
// Docker uses AUFS whiteout files inside exported archives. In other
diff --git a/vendor/github.com/docker/docker/pkg/archive/wrap.go b/vendor/github.com/docker/docker/pkg/archive/wrap.go
index 032db82cea82..903befd76301 100644
--- a/vendor/github.com/docker/docker/pkg/archive/wrap.go
+++ b/vendor/github.com/docker/docker/pkg/archive/wrap.go
@@ -1,4 +1,4 @@
-package archive // import "github.com/docker/docker/pkg/archive"
+package archive
import (
"archive/tar"
diff --git a/vendor/github.com/docker/docker/pkg/archive/xattr_supported.go b/vendor/github.com/docker/docker/pkg/archive/xattr_supported.go
new file mode 100644
index 000000000000..652a1f0f349d
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/archive/xattr_supported.go
@@ -0,0 +1,52 @@
+//go:build linux || darwin || freebsd || netbsd
+
+package archive
+
+import (
+ "errors"
+ "fmt"
+ "io/fs"
+
+ "golang.org/x/sys/unix"
+)
+
+// lgetxattr retrieves the value of the extended attribute identified by attr
+// and associated with the given path in the file system.
+// It returns a nil slice and nil error if the xattr is not set.
+func lgetxattr(path string, attr string) ([]byte, error) {
+ // Start with a 128 length byte array
+ dest := make([]byte, 128)
+ sz, err := unix.Lgetxattr(path, attr, dest)
+
+ for errors.Is(err, unix.ERANGE) {
+ // Buffer too small, use zero-sized buffer to get the actual size
+ sz, err = unix.Lgetxattr(path, attr, []byte{})
+ if err != nil {
+ return nil, wrapPathError("lgetxattr", path, attr, err)
+ }
+ dest = make([]byte, sz)
+ sz, err = unix.Lgetxattr(path, attr, dest)
+ }
+
+ if err != nil {
+ if errors.Is(err, noattr) {
+ return nil, nil
+ }
+ return nil, wrapPathError("lgetxattr", path, attr, err)
+ }
+
+ return dest[:sz], nil
+}
+
+// lsetxattr sets the value of the extended attribute identified by attr
+// and associated with the given path in the file system.
+func lsetxattr(path string, attr string, data []byte, flags int) error {
+ return wrapPathError("lsetxattr", path, attr, unix.Lsetxattr(path, attr, data, flags))
+}
+
+func wrapPathError(op, path, attr string, err error) error {
+ if err == nil {
+ return nil
+ }
+ return &fs.PathError{Op: op, Path: path, Err: fmt.Errorf("xattr %q: %w", attr, err)}
+}
diff --git a/vendor/github.com/docker/docker/pkg/archive/xattr_supported_linux.go b/vendor/github.com/docker/docker/pkg/archive/xattr_supported_linux.go
new file mode 100644
index 000000000000..f2e76465ae56
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/archive/xattr_supported_linux.go
@@ -0,0 +1,5 @@
+package archive
+
+import "golang.org/x/sys/unix"
+
+var noattr = unix.ENODATA
diff --git a/vendor/github.com/docker/docker/pkg/archive/xattr_supported_unix.go b/vendor/github.com/docker/docker/pkg/archive/xattr_supported_unix.go
new file mode 100644
index 000000000000..4d8824158ea9
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/archive/xattr_supported_unix.go
@@ -0,0 +1,7 @@
+//go:build !linux && !windows
+
+package archive
+
+import "golang.org/x/sys/unix"
+
+var noattr = unix.ENOATTR
diff --git a/vendor/github.com/docker/docker/pkg/archive/xattr_unsupported.go b/vendor/github.com/docker/docker/pkg/archive/xattr_unsupported.go
new file mode 100644
index 000000000000..b0d9165cd94f
--- /dev/null
+++ b/vendor/github.com/docker/docker/pkg/archive/xattr_unsupported.go
@@ -0,0 +1,11 @@
+//go:build !linux && !darwin && !freebsd && !netbsd
+
+package archive
+
+func lgetxattr(path string, attr string) ([]byte, error) {
+ return nil, nil
+}
+
+func lsetxattr(path string, attr string, data []byte, flags int) error {
+ return nil
+}
diff --git a/vendor/github.com/docker/docker/pkg/ioutils/fswriters.go b/vendor/github.com/docker/docker/pkg/atomicwriter/atomicwriter.go
similarity index 74%
rename from vendor/github.com/docker/docker/pkg/ioutils/fswriters.go
rename to vendor/github.com/docker/docker/pkg/atomicwriter/atomicwriter.go
index 05da97b0e416..cbbe835bb128 100644
--- a/vendor/github.com/docker/docker/pkg/ioutils/fswriters.go
+++ b/vendor/github.com/docker/docker/pkg/atomicwriter/atomicwriter.go
@@ -1,4 +1,4 @@
-package ioutils // import "github.com/docker/docker/pkg/ioutils"
+package atomicwriter
import (
"io"
@@ -6,11 +6,11 @@ import (
"path/filepath"
)
-// NewAtomicFileWriter returns WriteCloser so that writing to it writes to a
+// New returns a WriteCloser so that writing to it writes to a
// temporary file and closing it atomically changes the temporary file to
// destination path. Writing and closing concurrently is not allowed.
// NOTE: umask is not considered for the file's permissions.
-func NewAtomicFileWriter(filename string, perm os.FileMode) (io.WriteCloser, error) {
+func New(filename string, perm os.FileMode) (io.WriteCloser, error) {
f, err := os.CreateTemp(filepath.Dir(filename), ".tmp-"+filepath.Base(filename))
if err != nil {
return nil, err
@@ -27,10 +27,10 @@ func NewAtomicFileWriter(filename string, perm os.FileMode) (io.WriteCloser, err
}, nil
}
-// AtomicWriteFile atomically writes data to a file named by filename and with the specified permission bits.
+// WriteFile atomically writes data to a file named by filename and with the specified permission bits.
// NOTE: umask is not considered for the file's permissions.
-func AtomicWriteFile(filename string, data []byte, perm os.FileMode) error {
- f, err := NewAtomicFileWriter(filename, perm)
+func WriteFile(filename string, data []byte, perm os.FileMode) error {
+ f, err := New(filename, perm)
if err != nil {
return err
}
@@ -82,32 +82,32 @@ func (w *atomicFileWriter) Close() (retErr error) {
return nil
}
-// AtomicWriteSet is used to atomically write a set
+// WriteSet is used to atomically write a set
// of files and ensure they are visible at the same time.
// Must be committed to a new directory.
-type AtomicWriteSet struct {
+type WriteSet struct {
root string
}
-// NewAtomicWriteSet creates a new atomic write set to
+// NewWriteSet creates a new atomic write set to
// atomically create a set of files. The given directory
// is used as the base directory for storing files before
// commit. If no temporary directory is given the system
// default is used.
-func NewAtomicWriteSet(tmpDir string) (*AtomicWriteSet, error) {
+func NewWriteSet(tmpDir string) (*WriteSet, error) {
td, err := os.MkdirTemp(tmpDir, "write-set-")
if err != nil {
return nil, err
}
- return &AtomicWriteSet{
+ return &WriteSet{
root: td,
}, nil
}
// WriteFile writes a file to the set, guaranteeing the file
// has been synced.
-func (ws *AtomicWriteSet) WriteFile(filename string, data []byte, perm os.FileMode) error {
+func (ws *WriteSet) WriteFile(filename string, data []byte, perm os.FileMode) error {
f, err := ws.FileWriter(filename, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, perm)
if err != nil {
return err
@@ -136,7 +136,7 @@ func (w syncFileCloser) Close() error {
// FileWriter opens a file writer inside the set. The file
// should be synced and closed before calling commit.
-func (ws *AtomicWriteSet) FileWriter(name string, flag int, perm os.FileMode) (io.WriteCloser, error) {
+func (ws *WriteSet) FileWriter(name string, flag int, perm os.FileMode) (io.WriteCloser, error) {
f, err := os.OpenFile(filepath.Join(ws.root, name), flag, perm)
if err != nil {
return nil, err
@@ -146,18 +146,18 @@ func (ws *AtomicWriteSet) FileWriter(name string, flag int, perm os.FileMode) (i
// Cancel cancels the set and removes all temporary data
// created in the set.
-func (ws *AtomicWriteSet) Cancel() error {
+func (ws *WriteSet) Cancel() error {
return os.RemoveAll(ws.root)
}
// Commit moves all created files to the target directory. The
// target directory must not exist and the parent of the target
// directory must exist.
-func (ws *AtomicWriteSet) Commit(target string) error {
+func (ws *WriteSet) Commit(target string) error {
return os.Rename(ws.root, target)
}
// String returns the location the set is writing to.
-func (ws *AtomicWriteSet) String() string {
+func (ws *WriteSet) String() string {
return ws.root
}
diff --git a/vendor/github.com/docker/docker/pkg/chrootarchive/archive.go b/vendor/github.com/docker/docker/pkg/chrootarchive/archive.go
index 07739462e054..7f082586e2a5 100644
--- a/vendor/github.com/docker/docker/pkg/chrootarchive/archive.go
+++ b/vendor/github.com/docker/docker/pkg/chrootarchive/archive.go
@@ -1,4 +1,4 @@
-package chrootarchive // import "github.com/docker/docker/pkg/chrootarchive"
+package chrootarchive
import (
"fmt"
diff --git a/vendor/github.com/docker/docker/pkg/chrootarchive/archive_linux.go b/vendor/github.com/docker/docker/pkg/chrootarchive/archive_linux.go
index f4d61ddf9286..0c4f1c047353 100644
--- a/vendor/github.com/docker/docker/pkg/chrootarchive/archive_linux.go
+++ b/vendor/github.com/docker/docker/pkg/chrootarchive/archive_linux.go
@@ -1,10 +1,10 @@
-package chrootarchive // import "github.com/docker/docker/pkg/chrootarchive"
+package chrootarchive
import (
+ "fmt"
"io"
"github.com/docker/docker/pkg/archive"
- "github.com/pkg/errors"
"golang.org/x/sys/unix"
)
@@ -20,11 +20,11 @@ func doUnpack(decompressedArchive io.Reader, relDest, root string, options *arch
func doPack(relSrc, root string, options *archive.TarOptions) (io.ReadCloser, error) {
tb, err := archive.NewTarballer(relSrc, options)
if err != nil {
- return nil, errors.Wrap(err, "error processing tar file")
+ return nil, fmt.Errorf("error processing tar file: %w", err)
}
err = goInChroot(root, tb.Do)
if err != nil {
- return nil, errors.Wrap(err, "could not chroot")
+ return nil, fmt.Errorf("could not chroot: %w", err)
}
return tb.Reader(), nil
}
diff --git a/vendor/github.com/docker/docker/pkg/chrootarchive/archive_unix.go b/vendor/github.com/docker/docker/pkg/chrootarchive/archive_unix.go
index c09baf44755b..047237d77959 100644
--- a/vendor/github.com/docker/docker/pkg/chrootarchive/archive_unix.go
+++ b/vendor/github.com/docker/docker/pkg/chrootarchive/archive_unix.go
@@ -1,8 +1,9 @@
//go:build !windows
-package chrootarchive // import "github.com/docker/docker/pkg/chrootarchive"
+package chrootarchive
import (
+ "errors"
"io"
"net"
"os/user"
@@ -10,7 +11,6 @@ import (
"strings"
"github.com/docker/docker/pkg/archive"
- "github.com/pkg/errors"
)
func init() {
diff --git a/vendor/github.com/docker/docker/pkg/chrootarchive/archive_unix_nolinux.go b/vendor/github.com/docker/docker/pkg/chrootarchive/archive_unix_nolinux.go
index 8689573d9406..dbfa8e79acb8 100644
--- a/vendor/github.com/docker/docker/pkg/chrootarchive/archive_unix_nolinux.go
+++ b/vendor/github.com/docker/docker/pkg/chrootarchive/archive_unix_nolinux.go
@@ -1,6 +1,6 @@
//go:build unix && !linux
-package chrootarchive // import "github.com/docker/docker/pkg/chrootarchive"
+package chrootarchive
import (
"bytes"
@@ -12,7 +12,6 @@ import (
"github.com/docker/docker/pkg/archive"
"github.com/moby/sys/reexec"
- "github.com/pkg/errors"
"golang.org/x/sys/unix"
)
@@ -76,15 +75,15 @@ func doUnpack(decompressedArchive io.Reader, relDest, root string, options *arch
}
if err = cmd.Start(); err != nil {
- return errors.Wrap(err, "re-exec error")
+ return fmt.Errorf("re-exec error: %w", err)
}
if err = json.NewEncoder(optionsW).Encode(options); err != nil {
- return errors.Wrap(err, "tar options encoding failed")
+ return fmt.Errorf("tar options encoding failed: %w", err)
}
if err = cmd.Wait(); err != nil {
- return errors.Wrap(err, stderr.String())
+ return fmt.Errorf("%s: %w", stderr.String(), err)
}
return nil
@@ -112,21 +111,21 @@ func doPack(relSrc, root string, options *archive.TarOptions) (io.ReadCloser, er
r, w := io.Pipe()
if err = cmd.Start(); err != nil {
- return nil, errors.Wrap(err, "re-exec error")
+ return nil, fmt.Errorf("re-exec error: %w", err)
}
go func() {
_, _ = io.Copy(w, stdout)
// Cleanup once stdout pipe is closed.
if err = cmd.Wait(); err != nil {
- r.CloseWithError(errors.Wrap(err, stderr.String()))
+ r.CloseWithError(fmt.Errorf("%s: %w", stderr.String(), err))
} else {
r.Close()
}
}()
if err = json.NewEncoder(optionsW).Encode(options); err != nil {
- return nil, errors.Wrap(err, "tar options encoding failed")
+ return nil, fmt.Errorf("tar options encoding failed: %w", err)
}
return r, nil
@@ -151,19 +150,19 @@ func doUnpackLayer(root string, layer io.Reader, options *archive.TarOptions) (i
}
if err = cmd.Start(); err != nil {
- return 0, errors.Wrap(err, "re-exec error")
+ return 0, fmt.Errorf("re-exec error: %w", err)
}
if err = json.NewEncoder(optionsW).Encode(options); err != nil {
- return 0, errors.Wrap(err, "tar options encoding failed")
+ return 0, fmt.Errorf("tar options encoding failed: %w", err)
}
if err = cmd.Wait(); err != nil {
- return 0, errors.Wrap(err, buffer.String())
+ return 0, fmt.Errorf("%s: %w", buffer.String(), err)
}
if err = json.NewDecoder(buffer).Decode(&result); err != nil {
- return 0, errors.Wrap(err, "json decoding error")
+ return 0, fmt.Errorf("json decoding error: %w", err)
}
return result, nil
diff --git a/vendor/github.com/docker/docker/pkg/chrootarchive/archive_windows.go b/vendor/github.com/docker/docker/pkg/chrootarchive/archive_windows.go
index f5453eb6dff1..d7f70bd3a963 100644
--- a/vendor/github.com/docker/docker/pkg/chrootarchive/archive_windows.go
+++ b/vendor/github.com/docker/docker/pkg/chrootarchive/archive_windows.go
@@ -1,4 +1,4 @@
-package chrootarchive // import "github.com/docker/docker/pkg/chrootarchive"
+package chrootarchive
import (
"io"
diff --git a/vendor/github.com/docker/docker/pkg/chrootarchive/chroot_linux.go b/vendor/github.com/docker/docker/pkg/chrootarchive/chroot_linux.go
index 6356a6378e3e..622f70ef19a7 100644
--- a/vendor/github.com/docker/docker/pkg/chrootarchive/chroot_linux.go
+++ b/vendor/github.com/docker/docker/pkg/chrootarchive/chroot_linux.go
@@ -1,4 +1,4 @@
-package chrootarchive // import "github.com/docker/docker/pkg/chrootarchive"
+package chrootarchive
import (
"github.com/docker/docker/internal/mounttree"
diff --git a/vendor/github.com/docker/docker/pkg/chrootarchive/diff.go b/vendor/github.com/docker/docker/pkg/chrootarchive/diff.go
index 7712cc17c8cd..49acad79ff28 100644
--- a/vendor/github.com/docker/docker/pkg/chrootarchive/diff.go
+++ b/vendor/github.com/docker/docker/pkg/chrootarchive/diff.go
@@ -1,4 +1,4 @@
-package chrootarchive // import "github.com/docker/docker/pkg/chrootarchive"
+package chrootarchive
import (
"io"
diff --git a/vendor/github.com/docker/docker/pkg/chrootarchive/diff_unix.go b/vendor/github.com/docker/docker/pkg/chrootarchive/diff_unix.go
index e12ba86aca4f..e214e9a3d3f9 100644
--- a/vendor/github.com/docker/docker/pkg/chrootarchive/diff_unix.go
+++ b/vendor/github.com/docker/docker/pkg/chrootarchive/diff_unix.go
@@ -1,6 +1,6 @@
//go:build !windows
-package chrootarchive // import "github.com/docker/docker/pkg/chrootarchive"
+package chrootarchive
import (
"io"
diff --git a/vendor/github.com/docker/docker/pkg/chrootarchive/diff_windows.go b/vendor/github.com/docker/docker/pkg/chrootarchive/diff_windows.go
index 080957225f0d..2a0c8b674ed1 100644
--- a/vendor/github.com/docker/docker/pkg/chrootarchive/diff_windows.go
+++ b/vendor/github.com/docker/docker/pkg/chrootarchive/diff_windows.go
@@ -1,4 +1,4 @@
-package chrootarchive // import "github.com/docker/docker/pkg/chrootarchive"
+package chrootarchive
import (
"fmt"
diff --git a/vendor/github.com/docker/docker/pkg/idtools/idtools.go b/vendor/github.com/docker/docker/pkg/idtools/idtools.go
index 79d682c69456..d2fbd943a656 100644
--- a/vendor/github.com/docker/docker/pkg/idtools/idtools.go
+++ b/vendor/github.com/docker/docker/pkg/idtools/idtools.go
@@ -1,11 +1,8 @@
-package idtools // import "github.com/docker/docker/pkg/idtools"
+package idtools
import (
- "bufio"
"fmt"
"os"
- "strconv"
- "strings"
)
// IDMap contains a single entry for user namespace range remapping. An array
@@ -17,22 +14,6 @@ type IDMap struct {
Size int `json:"size"`
}
-type subIDRange struct {
- Start int
- Length int
-}
-
-type ranges []subIDRange
-
-func (e ranges) Len() int { return len(e) }
-func (e ranges) Swap(i, j int) { e[i], e[j] = e[j], e[i] }
-func (e ranges) Less(i, j int) bool { return e[i].Start < e[j].Start }
-
-const (
- subuidFileName = "/etc/subuid"
- subgidFileName = "/etc/subgid"
-)
-
// MkdirAllAndChown creates a directory (include any along the path) and then modifies
// ownership to the requested uid/gid. If the directory already exists, this
// function will still change ownership and permissions.
@@ -162,67 +143,6 @@ func (i IdentityMapping) Empty() bool {
return len(i.UIDMaps) == 0 && len(i.GIDMaps) == 0
}
-func createIDMap(subidRanges ranges) []IDMap {
- idMap := []IDMap{}
-
- containerID := 0
- for _, idrange := range subidRanges {
- idMap = append(idMap, IDMap{
- ContainerID: containerID,
- HostID: idrange.Start,
- Size: idrange.Length,
- })
- containerID = containerID + idrange.Length
- }
- return idMap
-}
-
-func parseSubuid(username string) (ranges, error) {
- return parseSubidFile(subuidFileName, username)
-}
-
-func parseSubgid(username string) (ranges, error) {
- return parseSubidFile(subgidFileName, username)
-}
-
-// parseSubidFile will read the appropriate file (/etc/subuid or /etc/subgid)
-// and return all found ranges for a specified username. If the special value
-// "ALL" is supplied for username, then all ranges in the file will be returned
-func parseSubidFile(path, username string) (ranges, error) {
- var rangeList ranges
-
- subidFile, err := os.Open(path)
- if err != nil {
- return rangeList, err
- }
- defer subidFile.Close()
-
- s := bufio.NewScanner(subidFile)
- for s.Scan() {
- text := strings.TrimSpace(s.Text())
- if text == "" || strings.HasPrefix(text, "#") {
- continue
- }
- parts := strings.Split(text, ":")
- if len(parts) != 3 {
- return rangeList, fmt.Errorf("Cannot parse subuid/gid information: Format not correct for %s file", path)
- }
- if parts[0] == username || username == "ALL" {
- startid, err := strconv.Atoi(parts[1])
- if err != nil {
- return rangeList, fmt.Errorf("String to int conversion failed during subuid/gid parsing of %s: %v", path, err)
- }
- length, err := strconv.Atoi(parts[2])
- if err != nil {
- return rangeList, fmt.Errorf("String to int conversion failed during subuid/gid parsing of %s: %v", path, err)
- }
- rangeList = append(rangeList, subIDRange{startid, length})
- }
- }
-
- return rangeList, s.Err()
-}
-
// CurrentIdentity returns the identity of the current process
func CurrentIdentity() Identity {
return Identity{UID: os.Getuid(), GID: os.Getegid()}
diff --git a/vendor/github.com/docker/docker/pkg/idtools/idtools_unix.go b/vendor/github.com/docker/docker/pkg/idtools/idtools_unix.go
index cd621bdcc2ae..1f11fe474014 100644
--- a/vendor/github.com/docker/docker/pkg/idtools/idtools_unix.go
+++ b/vendor/github.com/docker/docker/pkg/idtools/idtools_unix.go
@@ -1,13 +1,10 @@
//go:build !windows
-package idtools // import "github.com/docker/docker/pkg/idtools"
+package idtools
import (
- "bytes"
"fmt"
- "io"
"os"
- "os/exec"
"path/filepath"
"strconv"
"syscall"
@@ -72,127 +69,25 @@ func mkdirAs(path string, mode os.FileMode, owner Identity, mkAll, chownExisting
return nil
}
-// LookupUser uses traditional local system files lookup (from libcontainer/user) on a username,
-// followed by a call to `getent` for supporting host configured non-files passwd and group dbs
+// LookupUser uses traditional local system files lookup (from libcontainer/user) on a username
+//
+// Deprecated: use [user.LookupUser] instead
func LookupUser(name string) (user.User, error) {
- // first try a local system files lookup using existing capabilities
- usr, err := user.LookupUser(name)
- if err == nil {
- return usr, nil
- }
- // local files lookup failed; attempt to call `getent` to query configured passwd dbs
- usr, err = getentUser(name)
- if err != nil {
- return user.User{}, err
- }
- return usr, nil
+ return user.LookupUser(name)
}
-// LookupUID uses traditional local system files lookup (from libcontainer/user) on a uid,
-// followed by a call to `getent` for supporting host configured non-files passwd and group dbs
+// LookupUID uses traditional local system files lookup (from libcontainer/user) on a uid
+//
+// Deprecated: use [user.LookupUid] instead
func LookupUID(uid int) (user.User, error) {
- // first try a local system files lookup using existing capabilities
- usr, err := user.LookupUid(uid)
- if err == nil {
- return usr, nil
- }
- // local files lookup failed; attempt to call `getent` to query configured passwd dbs
- return getentUser(strconv.Itoa(uid))
-}
-
-func getentUser(name string) (user.User, error) {
- reader, err := callGetent("passwd", name)
- if err != nil {
- return user.User{}, err
- }
- users, err := user.ParsePasswd(reader)
- if err != nil {
- return user.User{}, err
- }
- if len(users) == 0 {
- return user.User{}, fmt.Errorf("getent failed to find passwd entry for %q", name)
- }
- return users[0], nil
+ return user.LookupUid(uid)
}
// LookupGroup uses traditional local system files lookup (from libcontainer/user) on a group name,
-// followed by a call to `getent` for supporting host configured non-files passwd and group dbs
+//
+// Deprecated: use [user.LookupGroup] instead
func LookupGroup(name string) (user.Group, error) {
- // first try a local system files lookup using existing capabilities
- group, err := user.LookupGroup(name)
- if err == nil {
- return group, nil
- }
- // local files lookup failed; attempt to call `getent` to query configured group dbs
- return getentGroup(name)
-}
-
-// LookupGID uses traditional local system files lookup (from libcontainer/user) on a group ID,
-// followed by a call to `getent` for supporting host configured non-files passwd and group dbs
-func LookupGID(gid int) (user.Group, error) {
- // first try a local system files lookup using existing capabilities
- group, err := user.LookupGid(gid)
- if err == nil {
- return group, nil
- }
- // local files lookup failed; attempt to call `getent` to query configured group dbs
- return getentGroup(strconv.Itoa(gid))
-}
-
-func getentGroup(name string) (user.Group, error) {
- reader, err := callGetent("group", name)
- if err != nil {
- return user.Group{}, err
- }
- groups, err := user.ParseGroup(reader)
- if err != nil {
- return user.Group{}, err
- }
- if len(groups) == 0 {
- return user.Group{}, fmt.Errorf("getent failed to find groups entry for %q", name)
- }
- return groups[0], nil
-}
-
-func callGetent(database, key string) (io.Reader, error) {
- getentCmd, err := resolveBinary("getent")
- // if no `getent` command within the execution environment, can't do anything else
- if err != nil {
- return nil, fmt.Errorf("unable to find getent command: %w", err)
- }
- command := exec.Command(getentCmd, database, key)
- // we run getent within container filesystem, but without /dev so /dev/null is not available for exec to mock stdin
- command.Stdin = io.NopCloser(bytes.NewReader(nil))
- out, err := command.CombinedOutput()
- if err != nil {
- exitCode, errC := getExitCode(err)
- if errC != nil {
- return nil, err
- }
- switch exitCode {
- case 1:
- return nil, fmt.Errorf("getent reported invalid parameters/database unknown")
- case 2:
- return nil, fmt.Errorf("getent unable to find entry %q in %s database", key, database)
- case 3:
- return nil, fmt.Errorf("getent database doesn't support enumeration")
- default:
- return nil, err
- }
- }
- return bytes.NewReader(out), nil
-}
-
-// getExitCode returns the ExitStatus of the specified error if its type is
-// exec.ExitError, returns 0 and an error otherwise.
-func getExitCode(err error) (int, error) {
- exitCode := 0
- if exiterr, ok := err.(*exec.ExitError); ok {
- if procExit, ok := exiterr.Sys().(syscall.WaitStatus); ok {
- return procExit.ExitStatus(), nil
- }
- }
- return exitCode, fmt.Errorf("failed to get exit code")
+ return user.LookupGroup(name)
}
// setPermissions performs a chown/chmod only if the uid/gid don't match what's requested
@@ -223,16 +118,17 @@ func setPermissions(p string, mode os.FileMode, owner Identity, stat os.FileInfo
// using the data from /etc/sub{uid,gid} ranges, creates the
// proper uid and gid remapping ranges for that user/group pair
func LoadIdentityMapping(name string) (IdentityMapping, error) {
- usr, err := LookupUser(name)
+ // TODO: Consider adding support for calling out to "getent"
+ usr, err := user.LookupUser(name)
if err != nil {
return IdentityMapping{}, fmt.Errorf("could not get user for username %s: %v", name, err)
}
- subuidRanges, err := lookupSubUIDRanges(usr)
+ subuidRanges, err := lookupSubRangesFile("/etc/subuid", usr)
if err != nil {
return IdentityMapping{}, err
}
- subgidRanges, err := lookupSubGIDRanges(usr)
+ subgidRanges, err := lookupSubRangesFile("/etc/subgid", usr)
if err != nil {
return IdentityMapping{}, err
}
@@ -243,36 +139,28 @@ func LoadIdentityMapping(name string) (IdentityMapping, error) {
}, nil
}
-func lookupSubUIDRanges(usr user.User) ([]IDMap, error) {
- rangeList, err := parseSubuid(strconv.Itoa(usr.Uid))
+func lookupSubRangesFile(path string, usr user.User) ([]IDMap, error) {
+ uidstr := strconv.Itoa(usr.Uid)
+ rangeList, err := user.ParseSubIDFileFilter(path, func(sid user.SubID) bool {
+ return sid.Name == usr.Name || sid.Name == uidstr
+ })
if err != nil {
return nil, err
}
- if len(rangeList) == 0 {
- rangeList, err = parseSubuid(usr.Name)
- if err != nil {
- return nil, err
- }
- }
if len(rangeList) == 0 {
return nil, fmt.Errorf("no subuid ranges found for user %q", usr.Name)
}
- return createIDMap(rangeList), nil
-}
-func lookupSubGIDRanges(usr user.User) ([]IDMap, error) {
- rangeList, err := parseSubgid(strconv.Itoa(usr.Uid))
- if err != nil {
- return nil, err
- }
- if len(rangeList) == 0 {
- rangeList, err = parseSubgid(usr.Name)
- if err != nil {
- return nil, err
- }
- }
- if len(rangeList) == 0 {
- return nil, fmt.Errorf("no subgid ranges found for user %q", usr.Name)
+ idMap := []IDMap{}
+
+ containerID := 0
+ for _, idrange := range rangeList {
+ idMap = append(idMap, IDMap{
+ ContainerID: containerID,
+ HostID: int(idrange.SubID),
+ Size: int(idrange.Count),
+ })
+ containerID = containerID + int(idrange.Count)
}
- return createIDMap(rangeList), nil
+ return idMap, nil
}
diff --git a/vendor/github.com/docker/docker/pkg/idtools/idtools_windows.go b/vendor/github.com/docker/docker/pkg/idtools/idtools_windows.go
index 32953f4563f2..43702f7f3a49 100644
--- a/vendor/github.com/docker/docker/pkg/idtools/idtools_windows.go
+++ b/vendor/github.com/docker/docker/pkg/idtools/idtools_windows.go
@@ -1,24 +1,26 @@
-package idtools // import "github.com/docker/docker/pkg/idtools"
+package idtools
import (
"os"
-
- "github.com/docker/docker/pkg/system"
)
const (
+ // Deprecated: copy value locally
SeTakeOwnershipPrivilege = "SeTakeOwnershipPrivilege"
)
const (
+ // Deprecated: copy value locally
ContainerAdministratorSidString = "S-1-5-93-2-1"
- ContainerUserSidString = "S-1-5-93-2-2"
+
+ // Deprecated: copy value locally
+ ContainerUserSidString = "S-1-5-93-2-2"
)
-// This is currently a wrapper around MkdirAll, however, since currently
+// This is currently a wrapper around [os.MkdirAll] since currently
// permissions aren't set through this path, the identity isn't utilized.
// Ownership is handled elsewhere, but in the future could be support here
// too.
func mkdirAs(path string, _ os.FileMode, _ Identity, _, _ bool) error {
- return system.MkdirAll(path, 0)
+ return os.MkdirAll(path, 0)
}
diff --git a/vendor/github.com/docker/docker/pkg/idtools/usergroupadd_linux.go b/vendor/github.com/docker/docker/pkg/idtools/usergroupadd_linux.go
deleted file mode 100644
index f0c075e20f93..000000000000
--- a/vendor/github.com/docker/docker/pkg/idtools/usergroupadd_linux.go
+++ /dev/null
@@ -1,166 +0,0 @@
-package idtools // import "github.com/docker/docker/pkg/idtools"
-
-import (
- "fmt"
- "os/exec"
- "regexp"
- "sort"
- "strconv"
- "strings"
- "sync"
-)
-
-// add a user and/or group to Linux /etc/passwd, /etc/group using standard
-// Linux distribution commands:
-// adduser --system --shell /bin/false --disabled-login --disabled-password --no-create-home --group
-// useradd -r -s /bin/false
-
-var (
- once sync.Once
- userCommand string
- idOutRegexp = regexp.MustCompile(`uid=([0-9]+).*gid=([0-9]+)`)
-)
-
-const (
- // default length for a UID/GID subordinate range
- defaultRangeLen = 65536
- defaultRangeStart = 100000
-)
-
-// AddNamespaceRangesUser takes a username and uses the standard system
-// utility to create a system user/group pair used to hold the
-// /etc/sub{uid,gid} ranges which will be used for user namespace
-// mapping ranges in containers.
-func AddNamespaceRangesUser(name string) (int, int, error) {
- if err := addUser(name); err != nil {
- return -1, -1, fmt.Errorf("error adding user %q: %v", name, err)
- }
-
- // Query the system for the created uid and gid pair
- out, err := exec.Command("id", name).CombinedOutput()
- if err != nil {
- return -1, -1, fmt.Errorf("error trying to find uid/gid for new user %q: %v", name, err)
- }
- matches := idOutRegexp.FindStringSubmatch(strings.TrimSpace(string(out)))
- if len(matches) != 3 {
- return -1, -1, fmt.Errorf("can't find uid, gid from `id` output: %q", string(out))
- }
- uid, err := strconv.Atoi(matches[1])
- if err != nil {
- return -1, -1, fmt.Errorf("can't convert found uid (%s) to int: %v", matches[1], err)
- }
- gid, err := strconv.Atoi(matches[2])
- if err != nil {
- return -1, -1, fmt.Errorf("Can't convert found gid (%s) to int: %v", matches[2], err)
- }
-
- // Now we need to create the subuid/subgid ranges for our new user/group (system users
- // do not get auto-created ranges in subuid/subgid)
-
- if err := createSubordinateRanges(name); err != nil {
- return -1, -1, fmt.Errorf("couldn't create subordinate ID ranges: %v", err)
- }
- return uid, gid, nil
-}
-
-func addUser(name string) error {
- once.Do(func() {
- // set up which commands are used for adding users/groups dependent on distro
- if _, err := resolveBinary("adduser"); err == nil {
- userCommand = "adduser"
- } else if _, err := resolveBinary("useradd"); err == nil {
- userCommand = "useradd"
- }
- })
- var args []string
- switch userCommand {
- case "adduser":
- args = []string{"--system", "--shell", "/bin/false", "--no-create-home", "--disabled-login", "--disabled-password", "--group", name}
- case "useradd":
- args = []string{"-r", "-s", "/bin/false", name}
- default:
- return fmt.Errorf("cannot add user; no useradd/adduser binary found")
- }
-
- if out, err := exec.Command(userCommand, args...).CombinedOutput(); err != nil {
- return fmt.Errorf("failed to add user with error: %v; output: %q", err, string(out))
- }
- return nil
-}
-
-func createSubordinateRanges(name string) error {
- // first, we should verify that ranges weren't automatically created
- // by the distro tooling
- ranges, err := parseSubuid(name)
- if err != nil {
- return fmt.Errorf("error while looking for subuid ranges for user %q: %v", name, err)
- }
- if len(ranges) == 0 {
- // no UID ranges; let's create one
- startID, err := findNextUIDRange()
- if err != nil {
- return fmt.Errorf("can't find available subuid range: %v", err)
- }
- idRange := fmt.Sprintf("%d-%d", startID, startID+defaultRangeLen-1)
- out, err := exec.Command("usermod", "-v", idRange, name).CombinedOutput()
- if err != nil {
- return fmt.Errorf("unable to add subuid range to user: %q; output: %s, err: %v", name, out, err)
- }
- }
-
- ranges, err = parseSubgid(name)
- if err != nil {
- return fmt.Errorf("error while looking for subgid ranges for user %q: %v", name, err)
- }
- if len(ranges) == 0 {
- // no GID ranges; let's create one
- startID, err := findNextGIDRange()
- if err != nil {
- return fmt.Errorf("can't find available subgid range: %v", err)
- }
- idRange := fmt.Sprintf("%d-%d", startID, startID+defaultRangeLen-1)
- out, err := exec.Command("usermod", "-w", idRange, name).CombinedOutput()
- if err != nil {
- return fmt.Errorf("unable to add subgid range to user: %q; output: %s, err: %v", name, out, err)
- }
- }
- return nil
-}
-
-func findNextUIDRange() (int, error) {
- ranges, err := parseSubuid("ALL")
- if err != nil {
- return -1, fmt.Errorf("couldn't parse all ranges in /etc/subuid file: %v", err)
- }
- sort.Sort(ranges)
- return findNextRangeStart(ranges)
-}
-
-func findNextGIDRange() (int, error) {
- ranges, err := parseSubgid("ALL")
- if err != nil {
- return -1, fmt.Errorf("couldn't parse all ranges in /etc/subgid file: %v", err)
- }
- sort.Sort(ranges)
- return findNextRangeStart(ranges)
-}
-
-func findNextRangeStart(rangeList ranges) (int, error) {
- startID := defaultRangeStart
- for _, arange := range rangeList {
- if wouldOverlap(arange, startID) {
- startID = arange.Start + arange.Length
- }
- }
- return startID, nil
-}
-
-func wouldOverlap(arange subIDRange, ID int) bool {
- low := ID
- high := ID + defaultRangeLen
- if (low >= arange.Start && low <= arange.Start+arange.Length) ||
- (high <= arange.Start+arange.Length && high >= arange.Start) {
- return true
- }
- return false
-}
diff --git a/vendor/github.com/docker/docker/pkg/idtools/usergroupadd_unsupported.go b/vendor/github.com/docker/docker/pkg/idtools/usergroupadd_unsupported.go
deleted file mode 100644
index 6a9311c4a750..000000000000
--- a/vendor/github.com/docker/docker/pkg/idtools/usergroupadd_unsupported.go
+++ /dev/null
@@ -1,12 +0,0 @@
-//go:build !linux
-
-package idtools // import "github.com/docker/docker/pkg/idtools"
-
-import "fmt"
-
-// AddNamespaceRangesUser takes a name and finds an unused uid, gid pair
-// and calls the appropriate helper function to add the group and then
-// the user to the group in /etc/group and /etc/passwd respectively.
-func AddNamespaceRangesUser(name string) (int, int, error) {
- return -1, -1, fmt.Errorf("No support for adding users or groups on this OS")
-}
diff --git a/vendor/github.com/docker/docker/pkg/idtools/utils_unix.go b/vendor/github.com/docker/docker/pkg/idtools/utils_unix.go
deleted file mode 100644
index 517a2f52ca2f..000000000000
--- a/vendor/github.com/docker/docker/pkg/idtools/utils_unix.go
+++ /dev/null
@@ -1,26 +0,0 @@
-//go:build !windows
-
-package idtools // import "github.com/docker/docker/pkg/idtools"
-
-import (
- "fmt"
- "os/exec"
- "path/filepath"
-)
-
-func resolveBinary(binname string) (string, error) {
- binaryPath, err := exec.LookPath(binname)
- if err != nil {
- return "", err
- }
- resolvedPath, err := filepath.EvalSymlinks(binaryPath)
- if err != nil {
- return "", err
- }
- // only return no error if the final resolved binary basename
- // matches what was searched for
- if filepath.Base(resolvedPath) == binname {
- return resolvedPath, nil
- }
- return "", fmt.Errorf("Binary %q does not resolve to a binary of that name in $PATH (%q)", binname, resolvedPath)
-}
diff --git a/vendor/github.com/docker/docker/pkg/ioutils/buffer.go b/vendor/github.com/docker/docker/pkg/ioutils/buffer.go
deleted file mode 100644
index 466f79294b8d..000000000000
--- a/vendor/github.com/docker/docker/pkg/ioutils/buffer.go
+++ /dev/null
@@ -1,51 +0,0 @@
-package ioutils // import "github.com/docker/docker/pkg/ioutils"
-
-import (
- "errors"
- "io"
-)
-
-var errBufferFull = errors.New("buffer is full")
-
-type fixedBuffer struct {
- buf []byte
- pos int
- lastRead int
-}
-
-func (b *fixedBuffer) Write(p []byte) (int, error) {
- n := copy(b.buf[b.pos:cap(b.buf)], p)
- b.pos += n
-
- if n < len(p) {
- if b.pos == cap(b.buf) {
- return n, errBufferFull
- }
- return n, io.ErrShortWrite
- }
- return n, nil
-}
-
-func (b *fixedBuffer) Read(p []byte) (int, error) {
- n := copy(p, b.buf[b.lastRead:b.pos])
- b.lastRead += n
- return n, nil
-}
-
-func (b *fixedBuffer) Len() int {
- return b.pos - b.lastRead
-}
-
-func (b *fixedBuffer) Cap() int {
- return cap(b.buf)
-}
-
-func (b *fixedBuffer) Reset() {
- b.pos = 0
- b.lastRead = 0
- b.buf = b.buf[:0]
-}
-
-func (b *fixedBuffer) String() string {
- return string(b.buf[b.lastRead:b.pos])
-}
diff --git a/vendor/github.com/docker/docker/pkg/ioutils/bytespipe.go b/vendor/github.com/docker/docker/pkg/ioutils/bytespipe.go
deleted file mode 100644
index c1cfa62fd27f..000000000000
--- a/vendor/github.com/docker/docker/pkg/ioutils/bytespipe.go
+++ /dev/null
@@ -1,187 +0,0 @@
-package ioutils // import "github.com/docker/docker/pkg/ioutils"
-
-import (
- "errors"
- "io"
- "sync"
-)
-
-// maxCap is the highest capacity to use in byte slices that buffer data.
-const maxCap = 1e6
-
-// minCap is the lowest capacity to use in byte slices that buffer data
-const minCap = 64
-
-// blockThreshold is the minimum number of bytes in the buffer which will cause
-// a write to BytesPipe to block when allocating a new slice.
-const blockThreshold = 1e6
-
-var (
- // ErrClosed is returned when Write is called on a closed BytesPipe.
- ErrClosed = errors.New("write to closed BytesPipe")
-
- bufPools = make(map[int]*sync.Pool)
- bufPoolsLock sync.Mutex
-)
-
-// BytesPipe is io.ReadWriteCloser which works similarly to pipe(queue).
-// All written data may be read at most once. Also, BytesPipe allocates
-// and releases new byte slices to adjust to current needs, so the buffer
-// won't be overgrown after peak loads.
-type BytesPipe struct {
- mu sync.Mutex
- wait *sync.Cond
- buf []*fixedBuffer
- bufLen int
- closeErr error // error to return from next Read. set to nil if not closed.
- readBlock bool // check read BytesPipe is Wait() or not
-}
-
-// NewBytesPipe creates new BytesPipe, initialized by specified slice.
-// If buf is nil, then it will be initialized with slice which cap is 64.
-// buf will be adjusted in a way that len(buf) == 0, cap(buf) == cap(buf).
-func NewBytesPipe() *BytesPipe {
- bp := &BytesPipe{}
- bp.buf = append(bp.buf, getBuffer(minCap))
- bp.wait = sync.NewCond(&bp.mu)
- return bp
-}
-
-// Write writes p to BytesPipe.
-// It can allocate new []byte slices in a process of writing.
-func (bp *BytesPipe) Write(p []byte) (int, error) {
- bp.mu.Lock()
- defer bp.mu.Unlock()
-
- written := 0
-loop0:
- for {
- if bp.closeErr != nil {
- return written, ErrClosed
- }
-
- if len(bp.buf) == 0 {
- bp.buf = append(bp.buf, getBuffer(64))
- }
- // get the last buffer
- b := bp.buf[len(bp.buf)-1]
-
- n, err := b.Write(p)
- written += n
- bp.bufLen += n
-
- // errBufferFull is an error we expect to get if the buffer is full
- if err != nil && err != errBufferFull {
- bp.wait.Broadcast()
- return written, err
- }
-
- // if there was enough room to write all then break
- if len(p) == n {
- break
- }
-
- // more data: write to the next slice
- p = p[n:]
-
- // make sure the buffer doesn't grow too big from this write
- for bp.bufLen >= blockThreshold {
- if bp.readBlock {
- bp.wait.Broadcast()
- }
- bp.wait.Wait()
- if bp.closeErr != nil {
- continue loop0
- }
- }
-
- // add new byte slice to the buffers slice and continue writing
- nextCap := b.Cap() * 2
- if nextCap > maxCap {
- nextCap = maxCap
- }
- bp.buf = append(bp.buf, getBuffer(nextCap))
- }
- bp.wait.Broadcast()
- return written, nil
-}
-
-// CloseWithError causes further reads from a BytesPipe to return immediately.
-func (bp *BytesPipe) CloseWithError(err error) error {
- bp.mu.Lock()
- if err != nil {
- bp.closeErr = err
- } else {
- bp.closeErr = io.EOF
- }
- bp.wait.Broadcast()
- bp.mu.Unlock()
- return nil
-}
-
-// Close causes further reads from a BytesPipe to return immediately.
-func (bp *BytesPipe) Close() error {
- return bp.CloseWithError(nil)
-}
-
-// Read reads bytes from BytesPipe.
-// Data could be read only once.
-func (bp *BytesPipe) Read(p []byte) (n int, err error) {
- bp.mu.Lock()
- defer bp.mu.Unlock()
- if bp.bufLen == 0 {
- if bp.closeErr != nil {
- return 0, bp.closeErr
- }
- bp.readBlock = true
- bp.wait.Wait()
- bp.readBlock = false
- if bp.bufLen == 0 && bp.closeErr != nil {
- return 0, bp.closeErr
- }
- }
-
- for bp.bufLen > 0 {
- b := bp.buf[0]
- read, _ := b.Read(p) // ignore error since fixedBuffer doesn't really return an error
- n += read
- bp.bufLen -= read
-
- if b.Len() == 0 {
- // it's empty so return it to the pool and move to the next one
- returnBuffer(b)
- bp.buf[0] = nil
- bp.buf = bp.buf[1:]
- }
-
- if len(p) == read {
- break
- }
-
- p = p[read:]
- }
-
- bp.wait.Broadcast()
- return
-}
-
-func returnBuffer(b *fixedBuffer) {
- b.Reset()
- bufPoolsLock.Lock()
- pool := bufPools[b.Cap()]
- bufPoolsLock.Unlock()
- if pool != nil {
- pool.Put(b)
- }
-}
-
-func getBuffer(size int) *fixedBuffer {
- bufPoolsLock.Lock()
- pool, ok := bufPools[size]
- if !ok {
- pool = &sync.Pool{New: func() interface{} { return &fixedBuffer{buf: make([]byte, 0, size)} }}
- bufPools[size] = pool
- }
- bufPoolsLock.Unlock()
- return pool.Get().(*fixedBuffer)
-}
diff --git a/vendor/github.com/docker/docker/pkg/ioutils/readers.go b/vendor/github.com/docker/docker/pkg/ioutils/readers.go
deleted file mode 100644
index e03d3fee7574..000000000000
--- a/vendor/github.com/docker/docker/pkg/ioutils/readers.go
+++ /dev/null
@@ -1,172 +0,0 @@
-package ioutils // import "github.com/docker/docker/pkg/ioutils"
-
-import (
- "context"
- "io"
- "runtime/debug"
- "sync/atomic"
-
- // make sure crypto.SHA256, crypto.sha512 and crypto.SHA384 are registered
- // TODO remove once https://github.com/opencontainers/go-digest/pull/64 is merged.
- _ "crypto/sha256"
- _ "crypto/sha512"
-
- "github.com/containerd/log"
-)
-
-// ReadCloserWrapper wraps an io.Reader, and implements an io.ReadCloser
-// It calls the given callback function when closed. It should be constructed
-// with NewReadCloserWrapper
-type ReadCloserWrapper struct {
- io.Reader
- closer func() error
- closed atomic.Bool
-}
-
-// Close calls back the passed closer function
-func (r *ReadCloserWrapper) Close() error {
- if !r.closed.CompareAndSwap(false, true) {
- subsequentCloseWarn("ReadCloserWrapper")
- return nil
- }
- return r.closer()
-}
-
-// NewReadCloserWrapper returns a new io.ReadCloser.
-func NewReadCloserWrapper(r io.Reader, closer func() error) io.ReadCloser {
- return &ReadCloserWrapper{
- Reader: r,
- closer: closer,
- }
-}
-
-type readerErrWrapper struct {
- reader io.Reader
- closer func()
-}
-
-func (r *readerErrWrapper) Read(p []byte) (int, error) {
- n, err := r.reader.Read(p)
- if err != nil {
- r.closer()
- }
- return n, err
-}
-
-// NewReaderErrWrapper returns a new io.Reader.
-func NewReaderErrWrapper(r io.Reader, closer func()) io.Reader {
- return &readerErrWrapper{
- reader: r,
- closer: closer,
- }
-}
-
-// OnEOFReader wraps an io.ReadCloser and a function
-// the function will run at the end of file or close the file.
-type OnEOFReader struct {
- Rc io.ReadCloser
- Fn func()
-}
-
-func (r *OnEOFReader) Read(p []byte) (n int, err error) {
- n, err = r.Rc.Read(p)
- if err == io.EOF {
- r.runFunc()
- }
- return
-}
-
-// Close closes the file and run the function.
-func (r *OnEOFReader) Close() error {
- err := r.Rc.Close()
- r.runFunc()
- return err
-}
-
-func (r *OnEOFReader) runFunc() {
- if fn := r.Fn; fn != nil {
- fn()
- r.Fn = nil
- }
-}
-
-// cancelReadCloser wraps an io.ReadCloser with a context for cancelling read
-// operations.
-type cancelReadCloser struct {
- cancel func()
- pR *io.PipeReader // Stream to read from
- pW *io.PipeWriter
- closed atomic.Bool
-}
-
-// NewCancelReadCloser creates a wrapper that closes the ReadCloser when the
-// context is cancelled. The returned io.ReadCloser must be closed when it is
-// no longer needed.
-func NewCancelReadCloser(ctx context.Context, in io.ReadCloser) io.ReadCloser {
- pR, pW := io.Pipe()
-
- // Create a context used to signal when the pipe is closed
- doneCtx, cancel := context.WithCancel(context.Background())
-
- p := &cancelReadCloser{
- cancel: cancel,
- pR: pR,
- pW: pW,
- }
-
- go func() {
- _, err := io.Copy(pW, in)
- select {
- case <-ctx.Done():
- // If the context was closed, p.closeWithError
- // was already called. Calling it again would
- // change the error that Read returns.
- default:
- p.closeWithError(err)
- }
- in.Close()
- }()
- go func() {
- for {
- select {
- case <-ctx.Done():
- p.closeWithError(ctx.Err())
- case <-doneCtx.Done():
- return
- }
- }
- }()
-
- return p
-}
-
-// Read wraps the Read method of the pipe that provides data from the wrapped
-// ReadCloser.
-func (p *cancelReadCloser) Read(buf []byte) (n int, err error) {
- return p.pR.Read(buf)
-}
-
-// closeWithError closes the wrapper and its underlying reader. It will
-// cause future calls to Read to return err.
-func (p *cancelReadCloser) closeWithError(err error) {
- p.pW.CloseWithError(err)
- p.cancel()
-}
-
-// Close closes the wrapper its underlying reader. It will cause
-// future calls to Read to return io.EOF.
-func (p *cancelReadCloser) Close() error {
- if !p.closed.CompareAndSwap(false, true) {
- subsequentCloseWarn("cancelReadCloser")
- return nil
- }
- p.closeWithError(io.EOF)
- return nil
-}
-
-func subsequentCloseWarn(name string) {
- log.G(context.TODO()).Error("subsequent attempt to close " + name)
- if log.GetLevel() >= log.DebugLevel {
- log.G(context.TODO()).Errorf("stack trace: %s", string(debug.Stack()))
- }
-}
diff --git a/vendor/github.com/docker/docker/pkg/ioutils/writeflusher.go b/vendor/github.com/docker/docker/pkg/ioutils/writeflusher.go
deleted file mode 100644
index 91b8d182662f..000000000000
--- a/vendor/github.com/docker/docker/pkg/ioutils/writeflusher.go
+++ /dev/null
@@ -1,92 +0,0 @@
-package ioutils // import "github.com/docker/docker/pkg/ioutils"
-
-import (
- "io"
- "sync"
-)
-
-// WriteFlusher wraps the Write and Flush operation ensuring that every write
-// is a flush. In addition, the Close method can be called to intercept
-// Read/Write calls if the targets lifecycle has already ended.
-type WriteFlusher struct {
- w io.Writer
- flusher flusher
- flushed chan struct{}
- flushedOnce sync.Once
- closed chan struct{}
- closeLock sync.Mutex
-}
-
-type flusher interface {
- Flush()
-}
-
-var errWriteFlusherClosed = io.EOF
-
-func (wf *WriteFlusher) Write(b []byte) (n int, err error) {
- select {
- case <-wf.closed:
- return 0, errWriteFlusherClosed
- default:
- }
-
- n, err = wf.w.Write(b)
- wf.Flush() // every write is a flush.
- return n, err
-}
-
-// Flush the stream immediately.
-func (wf *WriteFlusher) Flush() {
- select {
- case <-wf.closed:
- return
- default:
- }
-
- wf.flushedOnce.Do(func() {
- close(wf.flushed)
- })
- wf.flusher.Flush()
-}
-
-// Flushed returns the state of flushed.
-// If it's flushed, return true, or else it return false.
-func (wf *WriteFlusher) Flushed() bool {
- // BUG(stevvooe): Remove this method. Its use is inherently racy. Seems to
- // be used to detect whether or a response code has been issued or not.
- // Another hook should be used instead.
- var flushed bool
- select {
- case <-wf.flushed:
- flushed = true
- default:
- }
- return flushed
-}
-
-// Close closes the write flusher, disallowing any further writes to the
-// target. After the flusher is closed, all calls to write or flush will
-// result in an error.
-func (wf *WriteFlusher) Close() error {
- wf.closeLock.Lock()
- defer wf.closeLock.Unlock()
-
- select {
- case <-wf.closed:
- return errWriteFlusherClosed
- default:
- close(wf.closed)
- }
- return nil
-}
-
-// NewWriteFlusher returns a new WriteFlusher.
-func NewWriteFlusher(w io.Writer) *WriteFlusher {
- var fl flusher
- if f, ok := w.(flusher); ok {
- fl = f
- } else {
- fl = &NopFlusher{}
- }
- return &WriteFlusher{w: w, flusher: fl, closed: make(chan struct{}), flushed: make(chan struct{})}
-}
diff --git a/vendor/github.com/docker/docker/pkg/ioutils/writers.go b/vendor/github.com/docker/docker/pkg/ioutils/writers.go
deleted file mode 100644
index 1f50602f28c8..000000000000
--- a/vendor/github.com/docker/docker/pkg/ioutils/writers.go
+++ /dev/null
@@ -1,74 +0,0 @@
-package ioutils // import "github.com/docker/docker/pkg/ioutils"
-
-import (
- "io"
- "sync/atomic"
-)
-
-// NopWriter represents a type which write operation is nop.
-type NopWriter struct{}
-
-func (*NopWriter) Write(buf []byte) (int, error) {
- return len(buf), nil
-}
-
-type nopWriteCloser struct {
- io.Writer
-}
-
-func (w *nopWriteCloser) Close() error { return nil }
-
-// NopWriteCloser returns a nopWriteCloser.
-func NopWriteCloser(w io.Writer) io.WriteCloser {
- return &nopWriteCloser{w}
-}
-
-// NopFlusher represents a type which flush operation is nop.
-type NopFlusher struct{}
-
-// Flush is a nop operation.
-func (f *NopFlusher) Flush() {}
-
-type writeCloserWrapper struct {
- io.Writer
- closer func() error
- closed atomic.Bool
-}
-
-func (r *writeCloserWrapper) Close() error {
- if !r.closed.CompareAndSwap(false, true) {
- subsequentCloseWarn("WriteCloserWrapper")
- return nil
- }
- return r.closer()
-}
-
-// NewWriteCloserWrapper returns a new io.WriteCloser.
-func NewWriteCloserWrapper(r io.Writer, closer func() error) io.WriteCloser {
- return &writeCloserWrapper{
- Writer: r,
- closer: closer,
- }
-}
-
-// WriteCounter wraps a concrete io.Writer and hold a count of the number
-// of bytes written to the writer during a "session".
-// This can be convenient when write return is masked
-// (e.g., json.Encoder.Encode())
-type WriteCounter struct {
- Count int64
- Writer io.Writer
-}
-
-// NewWriteCounter returns a new WriteCounter.
-func NewWriteCounter(w io.Writer) *WriteCounter {
- return &WriteCounter{
- Writer: w,
- }
-}
-
-func (wc *WriteCounter) Write(p []byte) (count int, err error) {
- count, err = wc.Writer.Write(p)
- wc.Count += int64(count)
- return
-}
diff --git a/vendor/github.com/docker/docker/pkg/pools/pools.go b/vendor/github.com/docker/docker/pkg/pools/pools.go
deleted file mode 100644
index 3ea3012b188b..000000000000
--- a/vendor/github.com/docker/docker/pkg/pools/pools.go
+++ /dev/null
@@ -1,137 +0,0 @@
-// Package pools provides a collection of pools which provide various
-// data types with buffers. These can be used to lower the number of
-// memory allocations and reuse buffers.
-//
-// New pools should be added to this package to allow them to be
-// shared across packages.
-//
-// Utility functions which operate on pools should be added to this
-// package to allow them to be reused.
-package pools // import "github.com/docker/docker/pkg/pools"
-
-import (
- "bufio"
- "io"
- "sync"
-
- "github.com/docker/docker/pkg/ioutils"
-)
-
-const buffer32K = 32 * 1024
-
-var (
- // BufioReader32KPool is a pool which returns bufio.Reader with a 32K buffer.
- BufioReader32KPool = newBufioReaderPoolWithSize(buffer32K)
- // BufioWriter32KPool is a pool which returns bufio.Writer with a 32K buffer.
- BufioWriter32KPool = newBufioWriterPoolWithSize(buffer32K)
- buffer32KPool = newBufferPoolWithSize(buffer32K)
-)
-
-// BufioReaderPool is a bufio reader that uses sync.Pool.
-type BufioReaderPool struct {
- pool sync.Pool
-}
-
-// newBufioReaderPoolWithSize is unexported because new pools should be
-// added here to be shared where required.
-func newBufioReaderPoolWithSize(size int) *BufioReaderPool {
- return &BufioReaderPool{
- pool: sync.Pool{
- New: func() interface{} { return bufio.NewReaderSize(nil, size) },
- },
- }
-}
-
-// Get returns a bufio.Reader which reads from r. The buffer size is that of the pool.
-func (bufPool *BufioReaderPool) Get(r io.Reader) *bufio.Reader {
- buf := bufPool.pool.Get().(*bufio.Reader)
- buf.Reset(r)
- return buf
-}
-
-// Put puts the bufio.Reader back into the pool.
-func (bufPool *BufioReaderPool) Put(b *bufio.Reader) {
- b.Reset(nil)
- bufPool.pool.Put(b)
-}
-
-type bufferPool struct {
- pool sync.Pool
-}
-
-func newBufferPoolWithSize(size int) *bufferPool {
- return &bufferPool{
- pool: sync.Pool{
- New: func() interface{} { s := make([]byte, size); return &s },
- },
- }
-}
-
-func (bp *bufferPool) Get() *[]byte {
- return bp.pool.Get().(*[]byte)
-}
-
-func (bp *bufferPool) Put(b *[]byte) {
- bp.pool.Put(b)
-}
-
-// Copy is a convenience wrapper which uses a buffer to avoid allocation in io.Copy.
-func Copy(dst io.Writer, src io.Reader) (written int64, err error) {
- buf := buffer32KPool.Get()
- written, err = io.CopyBuffer(dst, src, *buf)
- buffer32KPool.Put(buf)
- return
-}
-
-// NewReadCloserWrapper returns a wrapper which puts the bufio.Reader back
-// into the pool and closes the reader if it's an io.ReadCloser.
-func (bufPool *BufioReaderPool) NewReadCloserWrapper(buf *bufio.Reader, r io.Reader) io.ReadCloser {
- return ioutils.NewReadCloserWrapper(r, func() error {
- if readCloser, ok := r.(io.ReadCloser); ok {
- readCloser.Close()
- }
- bufPool.Put(buf)
- return nil
- })
-}
-
-// BufioWriterPool is a bufio writer that uses sync.Pool.
-type BufioWriterPool struct {
- pool sync.Pool
-}
-
-// newBufioWriterPoolWithSize is unexported because new pools should be
-// added here to be shared where required.
-func newBufioWriterPoolWithSize(size int) *BufioWriterPool {
- return &BufioWriterPool{
- pool: sync.Pool{
- New: func() interface{} { return bufio.NewWriterSize(nil, size) },
- },
- }
-}
-
-// Get returns a bufio.Writer which writes to w. The buffer size is that of the pool.
-func (bufPool *BufioWriterPool) Get(w io.Writer) *bufio.Writer {
- buf := bufPool.pool.Get().(*bufio.Writer)
- buf.Reset(w)
- return buf
-}
-
-// Put puts the bufio.Writer back into the pool.
-func (bufPool *BufioWriterPool) Put(b *bufio.Writer) {
- b.Reset(nil)
- bufPool.pool.Put(b)
-}
-
-// NewWriteCloserWrapper returns a wrapper which puts the bufio.Writer back
-// into the pool and closes the writer if it's an io.WriteCloser.
-func (bufPool *BufioWriterPool) NewWriteCloserWrapper(buf *bufio.Writer, w io.Writer) io.WriteCloser {
- return ioutils.NewWriteCloserWrapper(w, func() error {
- buf.Flush()
- if writeCloser, ok := w.(io.WriteCloser); ok {
- writeCloser.Close()
- }
- bufPool.Put(buf)
- return nil
- })
-}
diff --git a/vendor/github.com/docker/docker/pkg/system/args_windows.go b/vendor/github.com/docker/docker/pkg/system/args_windows.go
deleted file mode 100644
index b7c9487a0674..000000000000
--- a/vendor/github.com/docker/docker/pkg/system/args_windows.go
+++ /dev/null
@@ -1,16 +0,0 @@
-package system // import "github.com/docker/docker/pkg/system"
-
-import (
- "strings"
-
- "golang.org/x/sys/windows"
-)
-
-// EscapeArgs makes a Windows-style escaped command line from a set of arguments
-func EscapeArgs(args []string) string {
- escapedArgs := make([]string, len(args))
- for i, a := range args {
- escapedArgs[i] = windows.EscapeArg(a)
- }
- return strings.Join(escapedArgs, " ")
-}
diff --git a/vendor/github.com/docker/docker/pkg/system/chtimes.go b/vendor/github.com/docker/docker/pkg/system/chtimes.go
deleted file mode 100644
index 6a6bca43eda1..000000000000
--- a/vendor/github.com/docker/docker/pkg/system/chtimes.go
+++ /dev/null
@@ -1,48 +0,0 @@
-package system // import "github.com/docker/docker/pkg/system"
-
-import (
- "os"
- "syscall"
- "time"
- "unsafe"
-)
-
-// Used by Chtimes
-var unixEpochTime, unixMaxTime time.Time
-
-func init() {
- unixEpochTime = time.Unix(0, 0)
- if unsafe.Sizeof(syscall.Timespec{}.Nsec) == 8 {
- // This is a 64 bit timespec
- // os.Chtimes limits time to the following
- //
- // Note that this intentionally sets nsec (not sec), which sets both sec
- // and nsec internally in time.Unix();
- // https://github.com/golang/go/blob/go1.19.2/src/time/time.go#L1364-L1380
- unixMaxTime = time.Unix(0, 1<<63-1)
- } else {
- // This is a 32 bit timespec
- unixMaxTime = time.Unix(1<<31-1, 0)
- }
-}
-
-// Chtimes changes the access time and modified time of a file at the given path.
-// If the modified time is prior to the Unix Epoch (unixMinTime), or after the
-// end of Unix Time (unixEpochTime), os.Chtimes has undefined behavior. In this
-// case, Chtimes defaults to Unix Epoch, just in case.
-func Chtimes(name string, atime time.Time, mtime time.Time) error {
- if atime.Before(unixEpochTime) || atime.After(unixMaxTime) {
- atime = unixEpochTime
- }
-
- if mtime.Before(unixEpochTime) || mtime.After(unixMaxTime) {
- mtime = unixEpochTime
- }
-
- if err := os.Chtimes(name, atime, mtime); err != nil {
- return err
- }
-
- // Take platform specific action for setting create time.
- return setCTime(name, mtime)
-}
diff --git a/vendor/github.com/docker/docker/pkg/system/chtimes_nowindows.go b/vendor/github.com/docker/docker/pkg/system/chtimes_nowindows.go
deleted file mode 100644
index 92ff02097de8..000000000000
--- a/vendor/github.com/docker/docker/pkg/system/chtimes_nowindows.go
+++ /dev/null
@@ -1,14 +0,0 @@
-//go:build !windows
-
-package system // import "github.com/docker/docker/pkg/system"
-
-import (
- "time"
-)
-
-// setCTime will set the create time on a file. On Unix, the create
-// time is updated as a side effect of setting the modified time, so
-// no action is required.
-func setCTime(path string, ctime time.Time) error {
- return nil
-}
diff --git a/vendor/github.com/docker/docker/pkg/system/errors.go b/vendor/github.com/docker/docker/pkg/system/errors.go
deleted file mode 100644
index f4bbcce74418..000000000000
--- a/vendor/github.com/docker/docker/pkg/system/errors.go
+++ /dev/null
@@ -1,6 +0,0 @@
-package system // import "github.com/docker/docker/pkg/system"
-
-import "errors"
-
-// ErrNotSupportedPlatform means the platform is not supported.
-var ErrNotSupportedPlatform = errors.New("platform and architecture is not supported")
diff --git a/vendor/github.com/docker/docker/pkg/system/filesys.go b/vendor/github.com/docker/docker/pkg/system/filesys.go
deleted file mode 100644
index ce5990c914f4..000000000000
--- a/vendor/github.com/docker/docker/pkg/system/filesys.go
+++ /dev/null
@@ -1,19 +0,0 @@
-package system
-
-import (
- "os"
- "path/filepath"
- "strings"
-)
-
-// IsAbs is a platform-agnostic wrapper for filepath.IsAbs.
-//
-// On Windows, golang filepath.IsAbs does not consider a path \windows\system32
-// as absolute as it doesn't start with a drive-letter/colon combination. However,
-// in docker we need to verify things such as WORKDIR /windows/system32 in
-// a Dockerfile (which gets translated to \windows\system32 when being processed
-// by the daemon). This SHOULD be treated as absolute from a docker processing
-// perspective.
-func IsAbs(path string) bool {
- return filepath.IsAbs(path) || strings.HasPrefix(path, string(os.PathSeparator))
-}
diff --git a/vendor/github.com/docker/docker/pkg/system/filesys_unix.go b/vendor/github.com/docker/docker/pkg/system/filesys_unix.go
deleted file mode 100644
index f01f9385e11c..000000000000
--- a/vendor/github.com/docker/docker/pkg/system/filesys_unix.go
+++ /dev/null
@@ -1,16 +0,0 @@
-//go:build !windows
-
-package system // import "github.com/docker/docker/pkg/system"
-
-import "os"
-
-// MkdirAllWithACL is a wrapper for os.MkdirAll on unix systems.
-func MkdirAllWithACL(path string, perm os.FileMode, sddl string) error {
- return os.MkdirAll(path, perm)
-}
-
-// MkdirAll creates a directory named path along with any necessary parents,
-// with permission specified by attribute perm for all dir created.
-func MkdirAll(path string, perm os.FileMode) error {
- return os.MkdirAll(path, perm)
-}
diff --git a/vendor/github.com/docker/docker/pkg/system/filesys_windows.go b/vendor/github.com/docker/docker/pkg/system/filesys_windows.go
deleted file mode 100644
index 92e972ea2e3f..000000000000
--- a/vendor/github.com/docker/docker/pkg/system/filesys_windows.go
+++ /dev/null
@@ -1,135 +0,0 @@
-package system // import "github.com/docker/docker/pkg/system"
-
-import (
- "os"
- "regexp"
- "syscall"
- "unsafe"
-
- "golang.org/x/sys/windows"
-)
-
-// SddlAdministratorsLocalSystem is local administrators plus NT AUTHORITY\System.
-const SddlAdministratorsLocalSystem = "D:P(A;OICI;GA;;;BA)(A;OICI;GA;;;SY)"
-
-// volumePath is a regular expression to check if a path is a Windows
-// volume path (e.g., "\\?\Volume{4c1b02c1-d990-11dc-99ae-806e6f6e6963}"
-// or "\\?\Volume{4c1b02c1-d990-11dc-99ae-806e6f6e6963}\").
-var volumePath = regexp.MustCompile(`^\\\\\?\\Volume{[a-z0-9-]+}\\?$`)
-
-// MkdirAllWithACL is a custom version of os.MkdirAll modified for use on Windows
-// so that it is both volume path aware, and can create a directory with
-// an appropriate SDDL defined ACL.
-func MkdirAllWithACL(path string, _ os.FileMode, sddl string) error {
- sa, err := makeSecurityAttributes(sddl)
- if err != nil {
- return &os.PathError{Op: "mkdirall", Path: path, Err: err}
- }
- return mkdirall(path, sa)
-}
-
-// MkdirAll is a custom version of os.MkdirAll that is volume path aware for
-// Windows. It can be used as a drop-in replacement for os.MkdirAll.
-func MkdirAll(path string, _ os.FileMode) error {
- return mkdirall(path, nil)
-}
-
-// mkdirall is a custom version of os.MkdirAll modified for use on Windows
-// so that it is both volume path aware, and can create a directory with
-// a DACL.
-func mkdirall(path string, perm *windows.SecurityAttributes) error {
- if volumePath.MatchString(path) {
- return nil
- }
-
- // The rest of this method is largely copied from os.MkdirAll and should be kept
- // as-is to ensure compatibility.
-
- // Fast path: if we can tell whether path is a directory or file, stop with success or error.
- dir, err := os.Stat(path)
- if err == nil {
- if dir.IsDir() {
- return nil
- }
- return &os.PathError{Op: "mkdir", Path: path, Err: syscall.ENOTDIR}
- }
-
- // Slow path: make sure parent exists and then call Mkdir for path.
- i := len(path)
- for i > 0 && os.IsPathSeparator(path[i-1]) { // Skip trailing path separator.
- i--
- }
-
- j := i
- for j > 0 && !os.IsPathSeparator(path[j-1]) { // Scan backward over element.
- j--
- }
-
- if j > 1 {
- // Create parent.
- err = mkdirall(fixRootDirectory(path[:j-1]), perm)
- if err != nil {
- return err
- }
- }
-
- // Parent now exists; invoke Mkdir and use its result.
- err = mkdirWithACL(path, perm)
- if err != nil {
- // Handle arguments like "foo/." by
- // double-checking that directory doesn't exist.
- dir, err1 := os.Lstat(path)
- if err1 == nil && dir.IsDir() {
- return nil
- }
- return err
- }
- return nil
-}
-
-// mkdirWithACL creates a new directory. If there is an error, it will be of
-// type *PathError. .
-//
-// This is a modified and combined version of os.Mkdir and windows.Mkdir
-// in golang to cater for creating a directory am ACL permitting full
-// access, with inheritance, to any subfolder/file for Built-in Administrators
-// and Local System.
-func mkdirWithACL(name string, sa *windows.SecurityAttributes) error {
- if sa == nil {
- return os.Mkdir(name, 0)
- }
-
- namep, err := windows.UTF16PtrFromString(name)
- if err != nil {
- return &os.PathError{Op: "mkdir", Path: name, Err: err}
- }
-
- err = windows.CreateDirectory(namep, sa)
- if err != nil {
- return &os.PathError{Op: "mkdir", Path: name, Err: err}
- }
- return nil
-}
-
-// fixRootDirectory fixes a reference to a drive's root directory to
-// have the required trailing slash.
-func fixRootDirectory(p string) string {
- if len(p) == len(`\\?\c:`) {
- if os.IsPathSeparator(p[0]) && os.IsPathSeparator(p[1]) && p[2] == '?' && os.IsPathSeparator(p[3]) && p[5] == ':' {
- return p + `\`
- }
- }
- return p
-}
-
-func makeSecurityAttributes(sddl string) (*windows.SecurityAttributes, error) {
- var sa windows.SecurityAttributes
- sa.Length = uint32(unsafe.Sizeof(sa))
- sa.InheritHandle = 1
- var err error
- sa.SecurityDescriptor, err = windows.SecurityDescriptorFromString(sddl)
- if err != nil {
- return nil, err
- }
- return &sa, nil
-}
diff --git a/vendor/github.com/docker/docker/pkg/system/init_windows.go b/vendor/github.com/docker/docker/pkg/system/init_windows.go
deleted file mode 100644
index 7603efbbd813..000000000000
--- a/vendor/github.com/docker/docker/pkg/system/init_windows.go
+++ /dev/null
@@ -1,16 +0,0 @@
-package system // import "github.com/docker/docker/pkg/system"
-
-// containerdRuntimeSupported determines if containerd should be the runtime.
-var containerdRuntimeSupported = false
-
-// InitContainerdRuntime sets whether to use containerd for runtime on Windows.
-func InitContainerdRuntime(cdPath string) {
- if len(cdPath) > 0 {
- containerdRuntimeSupported = true
- }
-}
-
-// ContainerdRuntimeSupported returns true if the use of containerd runtime is supported.
-func ContainerdRuntimeSupported() bool {
- return containerdRuntimeSupported
-}
diff --git a/vendor/github.com/docker/docker/pkg/system/lstat_unix.go b/vendor/github.com/docker/docker/pkg/system/lstat_unix.go
deleted file mode 100644
index 97f355d2e4d4..000000000000
--- a/vendor/github.com/docker/docker/pkg/system/lstat_unix.go
+++ /dev/null
@@ -1,22 +0,0 @@
-//go:build !windows
-
-package system // import "github.com/docker/docker/pkg/system"
-
-import (
- "os"
- "syscall"
-)
-
-// Lstat takes a path to a file and returns
-// a system.StatT type pertaining to that file.
-//
-// Throws an error if the file does not exist.
-//
-// Deprecated: this function is only used internally, and will be removed in the next release.
-func Lstat(path string) (*StatT, error) {
- s := &syscall.Stat_t{}
- if err := syscall.Lstat(path, s); err != nil {
- return nil, &os.PathError{Op: "Lstat", Path: path, Err: err}
- }
- return fromStatT(s)
-}
diff --git a/vendor/github.com/docker/docker/pkg/system/lstat_windows.go b/vendor/github.com/docker/docker/pkg/system/lstat_windows.go
deleted file mode 100644
index 4180f3ac207c..000000000000
--- a/vendor/github.com/docker/docker/pkg/system/lstat_windows.go
+++ /dev/null
@@ -1,16 +0,0 @@
-package system // import "github.com/docker/docker/pkg/system"
-
-import "os"
-
-// Lstat calls os.Lstat to get a fileinfo interface back.
-// This is then copied into our own locally defined structure.
-//
-// Deprecated: this function is only used internally, and will be removed in the next release.
-func Lstat(path string) (*StatT, error) {
- fi, err := os.Lstat(path)
- if err != nil {
- return nil, err
- }
-
- return fromStatT(&fi)
-}
diff --git a/vendor/github.com/docker/docker/pkg/system/mknod.go b/vendor/github.com/docker/docker/pkg/system/mknod.go
deleted file mode 100644
index e0cd22d7a78c..000000000000
--- a/vendor/github.com/docker/docker/pkg/system/mknod.go
+++ /dev/null
@@ -1,18 +0,0 @@
-//go:build !windows
-
-package system // import "github.com/docker/docker/pkg/system"
-
-import (
- "golang.org/x/sys/unix"
-)
-
-// Mkdev is used to build the value of linux devices (in /dev/) which specifies major
-// and minor number of the newly created device special file.
-// Linux device nodes are a bit weird due to backwards compat with 16 bit device nodes.
-// They are, from low to high: the lower 8 bits of the minor, then 12 bits of the major,
-// then the top 12 bits of the minor.
-//
-// Deprecated: this function is only used internally, and will be removed in the next release.
-func Mkdev(major int64, minor int64) uint32 {
- return uint32(unix.Mkdev(uint32(major), uint32(minor)))
-}
diff --git a/vendor/github.com/docker/docker/pkg/system/mknod_freebsd.go b/vendor/github.com/docker/docker/pkg/system/mknod_freebsd.go
deleted file mode 100644
index 4f66453d622b..000000000000
--- a/vendor/github.com/docker/docker/pkg/system/mknod_freebsd.go
+++ /dev/null
@@ -1,15 +0,0 @@
-//go:build freebsd
-
-package system // import "github.com/docker/docker/pkg/system"
-
-import (
- "golang.org/x/sys/unix"
-)
-
-// Mknod creates a filesystem node (file, device special file or named pipe) named path
-// with attributes specified by mode and dev.
-//
-// Deprecated: this function is only used internally, and will be removed in the next release.
-func Mknod(path string, mode uint32, dev int) error {
- return unix.Mknod(path, mode, uint64(dev))
-}
diff --git a/vendor/github.com/docker/docker/pkg/system/mknod_unix.go b/vendor/github.com/docker/docker/pkg/system/mknod_unix.go
deleted file mode 100644
index 34c5532631a0..000000000000
--- a/vendor/github.com/docker/docker/pkg/system/mknod_unix.go
+++ /dev/null
@@ -1,15 +0,0 @@
-//go:build !freebsd && !windows
-
-package system // import "github.com/docker/docker/pkg/system"
-
-import (
- "golang.org/x/sys/unix"
-)
-
-// Mknod creates a filesystem node (file, device special file or named pipe) named path
-// with attributes specified by mode and dev.
-//
-// Deprecated: this function is only used internally, and will be removed in the next release.
-func Mknod(path string, mode uint32, dev int) error {
- return unix.Mknod(path, mode, dev)
-}
diff --git a/vendor/github.com/docker/docker/pkg/system/stat_bsd.go b/vendor/github.com/docker/docker/pkg/system/stat_bsd.go
deleted file mode 100644
index 435b776ee36f..000000000000
--- a/vendor/github.com/docker/docker/pkg/system/stat_bsd.go
+++ /dev/null
@@ -1,17 +0,0 @@
-//go:build freebsd || netbsd
-
-package system // import "github.com/docker/docker/pkg/system"
-
-import "syscall"
-
-// fromStatT converts a syscall.Stat_t type to a system.Stat_t type
-func fromStatT(s *syscall.Stat_t) (*StatT, error) {
- return &StatT{
- size: s.Size,
- mode: uint32(s.Mode),
- uid: s.Uid,
- gid: s.Gid,
- rdev: uint64(s.Rdev),
- mtim: s.Mtimespec,
- }, nil
-}
diff --git a/vendor/github.com/docker/docker/pkg/system/stat_darwin.go b/vendor/github.com/docker/docker/pkg/system/stat_darwin.go
deleted file mode 100644
index e0b629df0e29..000000000000
--- a/vendor/github.com/docker/docker/pkg/system/stat_darwin.go
+++ /dev/null
@@ -1,15 +0,0 @@
-package system // import "github.com/docker/docker/pkg/system"
-
-import "syscall"
-
-// fromStatT converts a syscall.Stat_t type to a system.Stat_t type
-func fromStatT(s *syscall.Stat_t) (*StatT, error) {
- return &StatT{
- size: s.Size,
- mode: uint32(s.Mode),
- uid: s.Uid,
- gid: s.Gid,
- rdev: uint64(s.Rdev),
- mtim: s.Mtimespec,
- }, nil
-}
diff --git a/vendor/github.com/docker/docker/pkg/system/stat_illumos.go b/vendor/github.com/docker/docker/pkg/system/stat_illumos.go
deleted file mode 100644
index 851374e5d99e..000000000000
--- a/vendor/github.com/docker/docker/pkg/system/stat_illumos.go
+++ /dev/null
@@ -1,15 +0,0 @@
-package system // import "github.com/docker/docker/pkg/system"
-
-import "syscall"
-
-// fromStatT converts a syscall.Stat_t type to a system.Stat_t type
-func fromStatT(s *syscall.Stat_t) (*StatT, error) {
- return &StatT{
- size: s.Size,
- mode: uint32(s.Mode),
- uid: s.Uid,
- gid: s.Gid,
- rdev: uint64(s.Rdev),
- mtim: s.Mtim,
- }, nil
-}
diff --git a/vendor/github.com/docker/docker/pkg/system/stat_linux.go b/vendor/github.com/docker/docker/pkg/system/stat_linux.go
deleted file mode 100644
index 0557235f9878..000000000000
--- a/vendor/github.com/docker/docker/pkg/system/stat_linux.go
+++ /dev/null
@@ -1,24 +0,0 @@
-package system // import "github.com/docker/docker/pkg/system"
-
-import "syscall"
-
-// fromStatT converts a syscall.Stat_t type to a system.Stat_t type
-func fromStatT(s *syscall.Stat_t) (*StatT, error) {
- return &StatT{
- size: s.Size,
- mode: s.Mode,
- uid: s.Uid,
- gid: s.Gid,
- // the type is 32bit on mips
- rdev: uint64(s.Rdev), //nolint: unconvert
- mtim: s.Mtim,
- }, nil
-}
-
-// FromStatT converts a syscall.Stat_t type to a system.Stat_t type
-// This is exposed on Linux as pkg/archive/changes uses it.
-//
-// Deprecated: this function is only used internally, and will be removed in the next release.
-func FromStatT(s *syscall.Stat_t) (*StatT, error) {
- return fromStatT(s)
-}
diff --git a/vendor/github.com/docker/docker/pkg/system/stat_openbsd.go b/vendor/github.com/docker/docker/pkg/system/stat_openbsd.go
deleted file mode 100644
index 851374e5d99e..000000000000
--- a/vendor/github.com/docker/docker/pkg/system/stat_openbsd.go
+++ /dev/null
@@ -1,15 +0,0 @@
-package system // import "github.com/docker/docker/pkg/system"
-
-import "syscall"
-
-// fromStatT converts a syscall.Stat_t type to a system.Stat_t type
-func fromStatT(s *syscall.Stat_t) (*StatT, error) {
- return &StatT{
- size: s.Size,
- mode: uint32(s.Mode),
- uid: s.Uid,
- gid: s.Gid,
- rdev: uint64(s.Rdev),
- mtim: s.Mtim,
- }, nil
-}
diff --git a/vendor/github.com/docker/docker/pkg/system/stat_unix.go b/vendor/github.com/docker/docker/pkg/system/stat_unix.go
deleted file mode 100644
index 661b0bed2017..000000000000
--- a/vendor/github.com/docker/docker/pkg/system/stat_unix.go
+++ /dev/null
@@ -1,70 +0,0 @@
-//go:build !windows
-
-package system // import "github.com/docker/docker/pkg/system"
-
-import (
- "os"
- "syscall"
-)
-
-// StatT type contains status of a file. It contains metadata
-// like permission, owner, group, size, etc about a file.
-//
-// Deprecated: this type is only used internally, and will be removed in the next release.
-type StatT struct {
- mode uint32
- uid uint32
- gid uint32
- rdev uint64
- size int64
- mtim syscall.Timespec
-}
-
-// Mode returns file's permission mode.
-func (s StatT) Mode() uint32 {
- return s.mode
-}
-
-// UID returns file's user id of owner.
-func (s StatT) UID() uint32 {
- return s.uid
-}
-
-// GID returns file's group id of owner.
-func (s StatT) GID() uint32 {
- return s.gid
-}
-
-// Rdev returns file's device ID (if it's special file).
-func (s StatT) Rdev() uint64 {
- return s.rdev
-}
-
-// Size returns file's size.
-func (s StatT) Size() int64 {
- return s.size
-}
-
-// Mtim returns file's last modification time.
-func (s StatT) Mtim() syscall.Timespec {
- return s.mtim
-}
-
-// IsDir reports whether s describes a directory.
-func (s StatT) IsDir() bool {
- return s.mode&syscall.S_IFDIR != 0
-}
-
-// Stat takes a path to a file and returns
-// a system.StatT type pertaining to that file.
-//
-// Throws an error if the file does not exist.
-//
-// Deprecated: this function is only used internally, and will be removed in the next release.
-func Stat(path string) (*StatT, error) {
- s := &syscall.Stat_t{}
- if err := syscall.Stat(path, s); err != nil {
- return nil, &os.PathError{Op: "Stat", Path: path, Err: err}
- }
- return fromStatT(s)
-}
diff --git a/vendor/github.com/docker/docker/pkg/system/stat_windows.go b/vendor/github.com/docker/docker/pkg/system/stat_windows.go
deleted file mode 100644
index e74a0f4fd701..000000000000
--- a/vendor/github.com/docker/docker/pkg/system/stat_windows.go
+++ /dev/null
@@ -1,54 +0,0 @@
-package system // import "github.com/docker/docker/pkg/system"
-
-import (
- "os"
- "time"
-)
-
-// StatT type contains status of a file. It contains metadata
-// like permission, size, etc about a file.
-//
-// Deprecated: this type is only used internally, and will be removed in the next release.
-type StatT struct {
- mode os.FileMode
- size int64
- mtim time.Time
-}
-
-// Size returns file's size.
-func (s StatT) Size() int64 {
- return s.size
-}
-
-// Mode returns file's permission mode.
-func (s StatT) Mode() os.FileMode {
- return s.mode
-}
-
-// Mtim returns file's last modification time.
-func (s StatT) Mtim() time.Time {
- return s.mtim
-}
-
-// Stat takes a path to a file and returns
-// a system.StatT type pertaining to that file.
-//
-// Throws an error if the file does not exist.
-//
-// Deprecated: this function is only used internally, and will be removed in the next release.
-func Stat(path string) (*StatT, error) {
- fi, err := os.Stat(path)
- if err != nil {
- return nil, err
- }
- return fromStatT(&fi)
-}
-
-// fromStatT converts a os.FileInfo type to a system.StatT type
-func fromStatT(fi *os.FileInfo) (*StatT, error) {
- return &StatT{
- size: (*fi).Size(),
- mode: (*fi).Mode(),
- mtim: (*fi).ModTime(),
- }, nil
-}
diff --git a/vendor/github.com/docker/docker/pkg/system/utimes_unix.go b/vendor/github.com/docker/docker/pkg/system/utimes_unix.go
deleted file mode 100644
index f3a079f88722..000000000000
--- a/vendor/github.com/docker/docker/pkg/system/utimes_unix.go
+++ /dev/null
@@ -1,24 +0,0 @@
-//go:build linux || freebsd
-
-package system // import "github.com/docker/docker/pkg/system"
-
-import (
- "syscall"
-
- "golang.org/x/sys/unix"
-)
-
-// LUtimesNano is used to change access and modification time of the specified path.
-// It's used for symbol link file because unix.UtimesNano doesn't support a NOFOLLOW flag atm.
-func LUtimesNano(path string, ts []syscall.Timespec) error {
- uts := []unix.Timespec{
- unix.NsecToTimespec(syscall.TimespecToNsec(ts[0])),
- unix.NsecToTimespec(syscall.TimespecToNsec(ts[1])),
- }
- err := unix.UtimesNanoAt(unix.AT_FDCWD, path, uts, unix.AT_SYMLINK_NOFOLLOW)
- if err != nil && err != unix.ENOSYS {
- return err
- }
-
- return nil
-}
diff --git a/vendor/github.com/docker/docker/pkg/system/utimes_unsupported.go b/vendor/github.com/docker/docker/pkg/system/utimes_unsupported.go
deleted file mode 100644
index 7c19d59156f7..000000000000
--- a/vendor/github.com/docker/docker/pkg/system/utimes_unsupported.go
+++ /dev/null
@@ -1,10 +0,0 @@
-//go:build !linux && !freebsd
-
-package system // import "github.com/docker/docker/pkg/system"
-
-import "syscall"
-
-// LUtimesNano is only supported on linux and freebsd.
-func LUtimesNano(path string, ts []syscall.Timespec) error {
- return ErrNotSupportedPlatform
-}
diff --git a/vendor/github.com/docker/docker/pkg/system/xattrs.go b/vendor/github.com/docker/docker/pkg/system/xattrs.go
deleted file mode 100644
index b3f4e8a21f50..000000000000
--- a/vendor/github.com/docker/docker/pkg/system/xattrs.go
+++ /dev/null
@@ -1,18 +0,0 @@
-package system // import "github.com/docker/docker/pkg/system"
-
-type XattrError struct {
- Op string
- Attr string
- Path string
- Err error
-}
-
-func (e *XattrError) Error() string { return e.Op + " " + e.Attr + " " + e.Path + ": " + e.Err.Error() }
-
-func (e *XattrError) Unwrap() error { return e.Err }
-
-// Timeout reports whether this error represents a timeout.
-func (e *XattrError) Timeout() bool {
- t, ok := e.Err.(interface{ Timeout() bool })
- return ok && t.Timeout()
-}
diff --git a/vendor/github.com/docker/docker/pkg/system/xattrs_linux.go b/vendor/github.com/docker/docker/pkg/system/xattrs_linux.go
deleted file mode 100644
index b877ecc5a942..000000000000
--- a/vendor/github.com/docker/docker/pkg/system/xattrs_linux.go
+++ /dev/null
@@ -1,47 +0,0 @@
-package system // import "github.com/docker/docker/pkg/system"
-
-import (
- "golang.org/x/sys/unix"
-)
-
-// Lgetxattr retrieves the value of the extended attribute identified by attr
-// and associated with the given path in the file system.
-// It returns a nil slice and nil error if the xattr is not set.
-func Lgetxattr(path string, attr string) ([]byte, error) {
- sysErr := func(err error) ([]byte, error) {
- return nil, &XattrError{Op: "lgetxattr", Attr: attr, Path: path, Err: err}
- }
-
- // Start with a 128 length byte array
- dest := make([]byte, 128)
- sz, errno := unix.Lgetxattr(path, attr, dest)
-
- for errno == unix.ERANGE {
- // Buffer too small, use zero-sized buffer to get the actual size
- sz, errno = unix.Lgetxattr(path, attr, []byte{})
- if errno != nil {
- return sysErr(errno)
- }
- dest = make([]byte, sz)
- sz, errno = unix.Lgetxattr(path, attr, dest)
- }
-
- switch {
- case errno == unix.ENODATA:
- return nil, nil
- case errno != nil:
- return sysErr(errno)
- }
-
- return dest[:sz], nil
-}
-
-// Lsetxattr sets the value of the extended attribute identified by attr
-// and associated with the given path in the file system.
-func Lsetxattr(path string, attr string, data []byte, flags int) error {
- err := unix.Lsetxattr(path, attr, data, flags)
- if err != nil {
- return &XattrError{Op: "lsetxattr", Attr: attr, Path: path, Err: err}
- }
- return nil
-}
diff --git a/vendor/github.com/docker/docker/pkg/system/xattrs_unsupported.go b/vendor/github.com/docker/docker/pkg/system/xattrs_unsupported.go
deleted file mode 100644
index 2a3698f1293b..000000000000
--- a/vendor/github.com/docker/docker/pkg/system/xattrs_unsupported.go
+++ /dev/null
@@ -1,13 +0,0 @@
-//go:build !linux
-
-package system // import "github.com/docker/docker/pkg/system"
-
-// Lgetxattr is not supported on platforms other than linux.
-func Lgetxattr(path string, attr string) ([]byte, error) {
- return nil, ErrNotSupportedPlatform
-}
-
-// Lsetxattr is not supported on platforms other than linux.
-func Lsetxattr(path string, attr string, data []byte, flags int) error {
- return ErrNotSupportedPlatform
-}
diff --git a/vendor/github.com/docker/docker/profiles/seccomp/seccomp_linux.go b/vendor/github.com/docker/docker/profiles/seccomp/seccomp_linux.go
index 17ee350e274a..0d32f093586a 100644
--- a/vendor/github.com/docker/docker/profiles/seccomp/seccomp_linux.go
+++ b/vendor/github.com/docker/docker/profiles/seccomp/seccomp_linux.go
@@ -8,7 +8,7 @@ import (
"fmt"
"runtime"
- specs "github.com/opencontainers/runtime-spec/specs-go"
+ "github.com/opencontainers/runtime-spec/specs-go"
)
// GetDefaultProfile returns the default seccomp profile.
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 119158bdcc4f..a7b82f17ca01 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -466,7 +466,7 @@ github.com/docker/cli/cli/config/configfile
github.com/docker/cli/cli/config/credentials
github.com/docker/cli/cli/config/types
github.com/docker/cli/cli/connhelper/commandconn
-# github.com/docker/docker v27.5.0-rc.2+incompatible
+# github.com/docker/docker v27.5.0-rc.2+incompatible => github.com/docker/docker v27.0.2-0.20250108180700-53287e4ebf86+incompatible
## explicit
github.com/docker/docker/api
github.com/docker/docker/api/types
@@ -479,6 +479,7 @@ github.com/docker/docker/api/types/image
github.com/docker/docker/api/types/mount
github.com/docker/docker/api/types/network
github.com/docker/docker/api/types/registry
+github.com/docker/docker/api/types/storage
github.com/docker/docker/api/types/strslice
github.com/docker/docker/api/types/swarm
github.com/docker/docker/api/types/swarm/runtime
@@ -488,17 +489,16 @@ github.com/docker/docker/api/types/versions
github.com/docker/docker/api/types/volume
github.com/docker/docker/client
github.com/docker/docker/errdefs
+github.com/docker/docker/internal/lazyregexp
github.com/docker/docker/internal/mounttree
github.com/docker/docker/internal/multierror
github.com/docker/docker/internal/unshare
github.com/docker/docker/libnetwork/internal/resolvconf
github.com/docker/docker/libnetwork/resolvconf
github.com/docker/docker/pkg/archive
+github.com/docker/docker/pkg/atomicwriter
github.com/docker/docker/pkg/chrootarchive
github.com/docker/docker/pkg/idtools
-github.com/docker/docker/pkg/ioutils
-github.com/docker/docker/pkg/pools
-github.com/docker/docker/pkg/system
github.com/docker/docker/profiles/seccomp
# github.com/docker/docker-credential-helpers v0.8.2
## explicit; go 1.19
@@ -1104,3 +1104,4 @@ kernel.org/pub/linux/libs/security/libcap/cap
# kernel.org/pub/linux/libs/security/libcap/psx v1.2.70
## explicit; go 1.11
kernel.org/pub/linux/libs/security/libcap/psx
+# github.com/docker/docker => github.com/docker/docker v27.0.2-0.20250108180700-53287e4ebf86+incompatible