diff --git a/index/generator/go.mod b/index/generator/go.mod index d9e9cacd6..dd44ce027 100644 --- a/index/generator/go.mod +++ b/index/generator/go.mod @@ -19,11 +19,13 @@ require ( dario.cat/mergo v1.0.0 // indirect github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect github.com/Microsoft/go-winio v0.6.1 // indirect + github.com/Microsoft/hcsshim v0.9.10 // indirect github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/cespare/xxhash/v2 v2.2.0 // indirect github.com/cloudflare/circl v1.3.3 // indirect - github.com/containerd/containerd v1.5.9 // indirect + github.com/containerd/containerd v1.6.26 // indirect + github.com/containerd/log v0.1.0 // indirect github.com/cyphar/filepath-securejoin v0.2.4 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect github.com/devfile/registry-support/registry-library v0.0.0-20221018213054-47b3ffaeadba // indirect @@ -35,7 +37,7 @@ require ( github.com/docker/go-connections v0.4.0 // indirect github.com/docker/go-metrics v0.0.1 // indirect github.com/docker/go-units v0.4.0 // indirect - github.com/emicklei/go-restful/v3 v3.9.0 // indirect + github.com/emicklei/go-restful/v3 v3.10.1 // indirect github.com/emirpasic/gods v1.18.1 // indirect github.com/evanphx/json-patch/v5 v5.6.0 // indirect github.com/fatih/color v1.14.1 // indirect @@ -57,7 +59,7 @@ require ( github.com/google/gofuzz v1.2.0 // indirect github.com/gorilla/mux v1.8.0 // indirect github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7 // indirect - github.com/hashicorp/errwrap v1.0.0 // indirect + github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-multierror v1.1.1 // indirect github.com/hashicorp/go-version v1.4.0 // indirect github.com/hashicorp/hcl v1.0.0 // indirect @@ -72,7 +74,7 @@ require ( github.com/mailru/easyjson v0.7.6 // indirect github.com/mattn/go-colorable v0.1.13 // indirect github.com/mattn/go-isatty v0.0.17 // indirect - github.com/matttproud/golang_protobuf_extensions v1.0.2 // indirect + github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect github.com/mitchellh/mapstructure v1.5.0 // indirect github.com/mitchellh/reflectwalk v1.0.1 // indirect github.com/moby/locker v1.0.1 // indirect @@ -82,7 +84,7 @@ require ( github.com/morikuni/aec v1.0.0 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/opencontainers/go-digest v1.0.0 // indirect - github.com/opencontainers/image-spec v1.0.2 // indirect + github.com/opencontainers/image-spec v1.1.0-rc2.0.20221005185240-3a7f492d3f1b // indirect github.com/openshift/api v0.0.0-20200930075302-db52bc4ef99f // indirect github.com/pelletier/go-toml/v2 v2.1.0 // indirect github.com/peterbourgon/diskv v2.0.1+incompatible // indirect @@ -96,7 +98,7 @@ require ( github.com/sagikazarmark/locafero v0.4.0 // indirect github.com/sagikazarmark/slog-shim v0.1.0 // indirect github.com/sergi/go-diff v1.1.0 // indirect - github.com/sirupsen/logrus v1.9.0 // indirect + github.com/sirupsen/logrus v1.9.3 // indirect github.com/skeema/knownhosts v1.2.1 // indirect github.com/sourcegraph/conc v0.3.0 // indirect github.com/spf13/afero v1.11.0 // indirect diff --git a/index/generator/go.sum b/index/generator/go.sum index 27006df41..db39b1642 100644 --- a/index/generator/go.sum +++ b/index/generator/go.sum @@ -84,8 +84,9 @@ github.com/Microsoft/hcsshim v0.8.15/go.mod h1:x38A4YbHbdxJtc0sF6oIz+RG0npwSCAvn github.com/Microsoft/hcsshim v0.8.16/go.mod h1:o5/SZqmR7x9JNKsW3pu+nqHm0MF8vbA+VxGOoXdC600= github.com/Microsoft/hcsshim v0.8.21/go.mod h1:+w2gRZ5ReXQhFOrvSQeNfhrYB/dg3oDwTOcER2fw4I4= github.com/Microsoft/hcsshim v0.8.23/go.mod h1:4zegtUJth7lAvFyc6cH2gGQ5B3OFQim01nnU2M8jKDg= -github.com/Microsoft/hcsshim v0.9.1 h1:VfDCj+QnY19ktX5TsH22JHcjaZ05RWQiwDbOyEg5ziM= github.com/Microsoft/hcsshim v0.9.1/go.mod h1:Y/0uV2jUab5kBI7SQgl62at0AVX7uaruzADAVmxm3eM= +github.com/Microsoft/hcsshim v0.9.10 h1:TxXGNmcbQxBKVWvjvTocNb6jrPyeHlk5EiDhhgHgggs= +github.com/Microsoft/hcsshim v0.9.10/go.mod h1:7pLA8lDk46WKDWlVsENo92gC0XFa8rbKfyFRBqxEbCc= github.com/Microsoft/hcsshim/test v0.0.0-20201218223536-d3e5debf77da/go.mod h1:5hlzMzRKMLyo42nCZ9oml8AdTlq/0cvIaBv6tK1RehU= github.com/Microsoft/hcsshim/test v0.0.0-20210227013316-43a75bb4edd3/go.mod h1:mw7qgWloBUl75W/gVH3cQszUg1+gUITj7D6NY7ywVnY= github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ= @@ -187,8 +188,8 @@ github.com/containerd/cgroups v0.0.0-20200710171044-318312a37340/go.mod h1:s5q4S github.com/containerd/cgroups v0.0.0-20200824123100-0b889c03f102/go.mod h1:s5q4SojHctfxANBDvMeIaIovkq29IP48TKAxnhYRxvo= github.com/containerd/cgroups v0.0.0-20210114181951-8a68de567b68/go.mod h1:ZJeTFisyysqgcCdecO57Dj79RfL0LNeGiFUqLYQRYLE= github.com/containerd/cgroups v1.0.1/go.mod h1:0SJrPIenamHDcZhEcJMNBB85rHcUsw4f25ZfBiPYRkU= -github.com/containerd/cgroups v1.0.2 h1:mZBclaSgNDfPWtfhj2xJY28LZ9nYIgzB0pwSURPl6JM= github.com/containerd/cgroups v1.0.2/go.mod h1:qpbpJ1jmlqsR9f2IyaLPsdkCdnt0rbDVqIDlhuu5tRY= +github.com/containerd/cgroups v1.0.4 h1:jN/mbWBEaz+T1pi5OFtnkQ+8qnmEbAr1Oo1FRm5B0dA= github.com/containerd/console v0.0.0-20180822173158-c12b1e7919c1/go.mod h1:Tj/on1eG8kiEhd0+fhSDzsPAFESxzBBvdyEgyryXffw= github.com/containerd/console v0.0.0-20181022165439-0650fd9eeb50/go.mod h1:Tj/on1eG8kiEhd0+fhSDzsPAFESxzBBvdyEgyryXffw= github.com/containerd/console v0.0.0-20191206165004-02ecf6a7291e/go.mod h1:8Pf4gM6VEbTNRIT26AyyU7hxdQU3MvAvxVI0sc00XBE= @@ -209,8 +210,9 @@ github.com/containerd/containerd v1.5.0-beta.4/go.mod h1:GmdgZd2zA2GYIBZ0w09Zvgq github.com/containerd/containerd v1.5.0-rc.0/go.mod h1:V/IXoMqNGgBlabz3tHD2TWDoTJseu1FGOKuoA4nNb2s= github.com/containerd/containerd v1.5.1/go.mod h1:0DOxVqwDy2iZvrZp2JUx/E+hS0UNTVn7dJnIOwtYR4g= github.com/containerd/containerd v1.5.7/go.mod h1:gyvv6+ugqY25TiXxcZC3L5yOeYgEw0QMhscqVp1AR9c= -github.com/containerd/containerd v1.5.9 h1:rs6Xg1gtIxaeyG+Smsb/0xaSDu1VgFhOCKBXxMxbsF4= github.com/containerd/containerd v1.5.9/go.mod h1:fvQqCfadDGga5HZyn3j4+dx56qj2I9YwBrlSdalvJYQ= +github.com/containerd/containerd v1.6.26 h1:VVfrE6ZpyisvB1fzoY8Vkiq4sy+i5oF4uk7zu03RaHs= +github.com/containerd/containerd v1.6.26/go.mod h1:I4TRdsdoo5MlKob5khDJS2EPT1l1oMNaE2MBm6FrwxM= github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y= github.com/containerd/continuity v0.0.0-20190815185530-f2a389ac0a02/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y= github.com/containerd/continuity v0.0.0-20191127005431-f65d91d395eb/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y= @@ -235,6 +237,8 @@ github.com/containerd/imgcrypt v1.0.1/go.mod h1:mdd8cEPW7TPgNG4FpuP3sGBiQ7Yi/zak github.com/containerd/imgcrypt v1.0.4-0.20210301171431-0ae5c75f59ba/go.mod h1:6TNsg0ctmizkrOgXRNQjAPFWpMYRWuiB6dSF4Pfa5SA= github.com/containerd/imgcrypt v1.1.1-0.20210312161619-7ed62a527887/go.mod h1:5AZJNI6sLHJljKuI9IHnw1pWqo/F0nGDOuR9zgTs7ow= github.com/containerd/imgcrypt v1.1.1/go.mod h1:xpLnwiQmEUJPvQoAapeb2SNCxz7Xr6PJrXQb0Dpc4ms= +github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I= +github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo= github.com/containerd/nri v0.0.0-20201007170849-eb1350a75164/go.mod h1:+2wGSDGFYfE5+So4M5syatU0N0f0LbWpuqyMi4/BE8c= github.com/containerd/nri v0.0.0-20210316161719-dbaa18c31c14/go.mod h1:lmxnXF6oMkbqs39FiCt1s0R2HSMhcLel9vNL3m4AaeY= github.com/containerd/nri v0.1.0/go.mod h1:lmxnXF6oMkbqs39FiCt1s0R2HSMhcLel9vNL3m4AaeY= @@ -353,8 +357,8 @@ github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkg github.com/elazarl/goproxy v0.0.0-20230808193330-2592e75ae04a h1:mATvB/9r/3gvcejNsXKSkQ6lcIaNec2nyfOdlTBR2lU= github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= -github.com/emicklei/go-restful/v3 v3.9.0 h1:XwGDlfxEnQZzuopoqxwSEllNcCOM9DhhFyhFIIGKwxE= -github.com/emicklei/go-restful/v3 v3.9.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= +github.com/emicklei/go-restful/v3 v3.10.1 h1:rc42Y5YTp7Am7CS630D7JmhRjq4UlEUuEKfrDac4bSQ= +github.com/emicklei/go-restful/v3 v3.10.1/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= github.com/emirpasic/gods v1.12.0/go.mod h1:YfzfFFoVP/catgzJb4IKIqXjX78Ha8FMSDh3ymbK86o= github.com/emirpasic/gods v1.18.1 h1:FXtiHYKDGKCW2KzwZKx0iC0PQmdlorYgdFG9jPXJ1Bc= github.com/emirpasic/gods v1.18.1/go.mod h1:8tpGGwCnJ5H4r6BWwaV6OrWmMoPhUl5jm/FMNAnJvWQ= @@ -571,8 +575,9 @@ github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFb github.com/hashicorp/consul/api v1.1.0/go.mod h1:VmuI/Lkw1nC05EYQWNKwWGbkg+FbDBtguAZLlVdkD9Q= github.com/hashicorp/consul/sdk v0.1.1/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8= github.com/hashicorp/errwrap v0.0.0-20141028054710-7554cd9344ce/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= -github.com/hashicorp/errwrap v1.0.0 h1:hLrqtEDnRye3+sgx6z4qVLNuviH3MR5aQ0ykNJa/UYA= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= +github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I= +github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM= @@ -694,8 +699,8 @@ github.com/mattn/go-shellwords v1.0.3/go.mod h1:3xCvwCdWdlDJUrvuMn7Wuy9eWs4pE8vq github.com/mattn/go-shellwords v1.0.6/go.mod h1:3xCvwCdWdlDJUrvuMn7Wuy9eWs4pE8vqg+NOMyg4B2o= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= -github.com/matttproud/golang_protobuf_extensions v1.0.2 h1:hAHbPm5IJGijwng3PWk09JkG9WeqChjprR5s9bBZ+OM= -github.com/matttproud/golang_protobuf_extensions v1.0.2/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= +github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo= +github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= github.com/maxbrunsfeld/counterfeiter/v6 v6.2.2/go.mod h1:eD9eIE7cdwcMi9rYluz88Jz2VyhSmden33/aXg4oVIY= github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= github.com/miekg/pkcs11 v1.0.3/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= @@ -720,8 +725,8 @@ github.com/moby/locker v1.0.1/go.mod h1:S7SDdo5zpBK84bzzVlKr2V0hz+7x9hWbYC/kq7oQ github.com/moby/spdystream v0.2.0/go.mod h1:f7i0iNDQJ059oMTcWxx8MA/zKFIuD/lY+0GqbN2Wy8c= github.com/moby/sys/mountinfo v0.4.0/go.mod h1:rEr8tzG/lsIZHBtN/JjGG+LMYx9eXgW2JI+6q0qou+A= github.com/moby/sys/mountinfo v0.4.1/go.mod h1:rEr8tzG/lsIZHBtN/JjGG+LMYx9eXgW2JI+6q0qou+A= -github.com/moby/sys/mountinfo v0.5.0 h1:2Ks8/r6lopsxWi9m58nlwjaeSzUX9iiL1vj5qB/9ObI= github.com/moby/sys/mountinfo v0.5.0/go.mod h1:3bMD3Rg+zkqx8MRYPi7Pyb0Ie97QEBmdxbhnCLlSvSU= +github.com/moby/sys/mountinfo v0.6.2 h1:BzJjoreD5BMFNmD9Rus6gdd1pLuecOFPt8wC+Vygl78= github.com/moby/sys/symlink v0.1.0/go.mod h1:GGDODQmbFOjFsXvfLVn3+ZRxkch54RkSiGqsZeMYowQ= github.com/moby/term v0.0.0-20200312100748-672ec06f55cd/go.mod h1:DdlQx2hp0Ss5/fLikoLlEeIYiATotOjgB//nb973jeo= github.com/moby/term v0.0.0-20201216013528-df9cb8a40635/go.mod h1:FBS0z0QWA44HXygs7VXDUOGoN/1TV3RuWkLO04am3wc= @@ -782,8 +787,9 @@ github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= github.com/opencontainers/image-spec v1.0.0/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0= github.com/opencontainers/image-spec v1.0.1/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0= -github.com/opencontainers/image-spec v1.0.2 h1:9yCKha/T5XdGtO0q9Q9a6T5NUCsTn/DrBg0D7ufOcFM= github.com/opencontainers/image-spec v1.0.2/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0= +github.com/opencontainers/image-spec v1.1.0-rc2.0.20221005185240-3a7f492d3f1b h1:YWuSjZCQAPM8UUBLkYUk1e+rZcvWHJmFb6i6rM44Xs8= +github.com/opencontainers/image-spec v1.1.0-rc2.0.20221005185240-3a7f492d3f1b/go.mod h1:3OVijpioIKYWTqjiG0zfF6wvoJ4fAXGbjdZuI2NgsRQ= github.com/opencontainers/runc v0.0.0-20190115041553-12f6a991201f/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U= github.com/opencontainers/runc v0.1.1/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U= github.com/opencontainers/runc v1.0.0-rc8.0.20190926000215-3e425f80a8c9/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U= @@ -896,8 +902,8 @@ github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6Mwd github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88= github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= -github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0= -github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= +github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= +github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= github.com/skeema/knownhosts v1.2.1 h1:SHWdIUa82uGZz+F+47k8SY4QhhI291cXCpopT1lK2AQ= github.com/skeema/knownhosts v1.2.1/go.mod h1:xYbVRSPxqBZFrdmDyMmsOs+uX1UZC3nTN3ThzgDxUwo= github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= @@ -1576,8 +1582,8 @@ gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo= gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw= gotest.tools/v3 v3.0.2/go.mod h1:3SzNCllyD9/Y+b5r9JIKQ474KzkZyqLqEfYqMsX94Bk= -gotest.tools/v3 v3.0.3 h1:4AuOwCGf4lLR9u3YOe2awrHygurzhO/HeQ6laiA6Sx0= gotest.tools/v3 v3.0.3/go.mod h1:Z7Lb0S5l+klDB31fvDQX8ss/FlKDxtlFlw3Oa8Ymbl8= +gotest.tools/v3 v3.5.0 h1:Ljk6PdHdOhAb5aDMWXjDLMMhph+BpztA4v1QdqEW2eY= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= diff --git a/index/generator/vendor/github.com/Microsoft/hcsshim/LICENSE b/index/generator/vendor/github.com/Microsoft/hcsshim/LICENSE new file mode 100644 index 000000000..49d21669a --- /dev/null +++ b/index/generator/vendor/github.com/Microsoft/hcsshim/LICENSE @@ -0,0 +1,21 @@ +The MIT License (MIT) + +Copyright (c) 2015 Microsoft + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. \ No newline at end of file diff --git a/index/generator/vendor/github.com/Microsoft/hcsshim/osversion/osversion_windows.go b/index/generator/vendor/github.com/Microsoft/hcsshim/osversion/osversion_windows.go new file mode 100644 index 000000000..3ab3bcd89 --- /dev/null +++ b/index/generator/vendor/github.com/Microsoft/hcsshim/osversion/osversion_windows.go @@ -0,0 +1,50 @@ +package osversion + +import ( + "fmt" + "sync" + + "golang.org/x/sys/windows" +) + +// OSVersion is a wrapper for Windows version information +// https://msdn.microsoft.com/en-us/library/windows/desktop/ms724439(v=vs.85).aspx +type OSVersion struct { + Version uint32 + MajorVersion uint8 + MinorVersion uint8 + Build uint16 +} + +var ( + osv OSVersion + once sync.Once +) + +// Get gets the operating system version on Windows. +// The calling application must be manifested to get the correct version information. +func Get() OSVersion { + once.Do(func() { + var err error + osv = OSVersion{} + osv.Version, err = windows.GetVersion() + if err != nil { + // GetVersion never fails. + panic(err) + } + osv.MajorVersion = uint8(osv.Version & 0xFF) + osv.MinorVersion = uint8(osv.Version >> 8 & 0xFF) + osv.Build = uint16(osv.Version >> 16) + }) + return osv +} + +// Build gets the build-number on Windows +// The calling application must be manifested to get the correct version information. +func Build() uint16 { + return Get().Build +} + +func (osv OSVersion) ToString() string { + return fmt.Sprintf("%d.%d.%d", osv.MajorVersion, osv.MinorVersion, osv.Build) +} diff --git a/index/generator/vendor/github.com/Microsoft/hcsshim/osversion/platform_compat_windows.go b/index/generator/vendor/github.com/Microsoft/hcsshim/osversion/platform_compat_windows.go new file mode 100644 index 000000000..f8d411ad7 --- /dev/null +++ b/index/generator/vendor/github.com/Microsoft/hcsshim/osversion/platform_compat_windows.go @@ -0,0 +1,35 @@ +package osversion + +// List of stable ABI compliant ltsc releases +// Note: List must be sorted in ascending order +var compatLTSCReleases = []uint16{ + V21H2Server, +} + +// CheckHostAndContainerCompat checks if given host and container +// OS versions are compatible. +// It includes support for stable ABI compliant versions as well. +// Every release after WS 2022 will support the previous ltsc +// container image. Stable ABI is in preview mode for windows 11 client. +// Refer: https://learn.microsoft.com/en-us/virtualization/windowscontainers/deploy-containers/version-compatibility?tabs=windows-server-2022%2Cwindows-10#windows-server-host-os-compatibility +func CheckHostAndContainerCompat(host, ctr OSVersion) bool { + // check major minor versions of host and guest + if host.MajorVersion != ctr.MajorVersion || + host.MinorVersion != ctr.MinorVersion { + return false + } + + // If host is < WS 2022, exact version match is required + if host.Build < V21H2Server { + return host.Build == ctr.Build + } + + var supportedLtscRelease uint16 + for i := len(compatLTSCReleases) - 1; i >= 0; i-- { + if host.Build >= compatLTSCReleases[i] { + supportedLtscRelease = compatLTSCReleases[i] + break + } + } + return ctr.Build >= supportedLtscRelease && ctr.Build <= host.Build +} diff --git a/index/generator/vendor/github.com/Microsoft/hcsshim/osversion/windowsbuilds.go b/index/generator/vendor/github.com/Microsoft/hcsshim/osversion/windowsbuilds.go new file mode 100644 index 000000000..b609fa7eb --- /dev/null +++ b/index/generator/vendor/github.com/Microsoft/hcsshim/osversion/windowsbuilds.go @@ -0,0 +1,58 @@ +package osversion + +const ( + // RS1 (version 1607, codename "Redstone 1") corresponds to Windows Server + // 2016 (ltsc2016) and Windows 10 (Anniversary Update). + RS1 = 14393 + + // RS2 (version 1703, codename "Redstone 2") was a client-only update, and + // corresponds to Windows 10 (Creators Update). + RS2 = 15063 + + // RS3 (version 1709, codename "Redstone 3") corresponds to Windows Server + // 1709 (Semi-Annual Channel (SAC)), and Windows 10 (Fall Creators Update). + RS3 = 16299 + + // RS4 (version 1803, codename "Redstone 4") corresponds to Windows Server + // 1803 (Semi-Annual Channel (SAC)), and Windows 10 (April 2018 Update). + RS4 = 17134 + + // RS5 (version 1809, codename "Redstone 5") corresponds to Windows Server + // 2019 (ltsc2019), and Windows 10 (October 2018 Update). + RS5 = 17763 + + // V19H1 (version 1903) corresponds to Windows Server 1903 (semi-annual + // channel). + V19H1 = 18362 + + // V19H2 (version 1909) corresponds to Windows Server 1909 (semi-annual + // channel). + V19H2 = 18363 + + // V20H1 (version 2004) corresponds to Windows Server 2004 (semi-annual + // channel). + V20H1 = 19041 + + // V20H2 corresponds to Windows Server 20H2 (semi-annual channel). + V20H2 = 19042 + + // V21H1 corresponds to Windows Server 21H1 (semi-annual channel). + V21H1 = 19043 + + // V21H2Win10 corresponds to Windows 10 (November 2021 Update). + V21H2Win10 = 19044 + + // V21H2Server corresponds to Windows Server 2022 (ltsc2022). + V21H2Server = 20348 + // LTSC2022 (Windows Server 2022) is an alias for [V21H2Server] + LTSC2022 = V21H2Server + + // V21H2Win11 corresponds to Windows 11 (original release). + V21H2Win11 = 22000 + + // V22H2Win10 corresponds to Windows 10 (2022 Update). + V22H2Win10 = 19045 + + // V22H2Win11 corresponds to Windows 11 (2022 Update). + V22H2Win11 = 22621 +) diff --git a/index/generator/vendor/github.com/containerd/containerd/archive/compression/compression.go b/index/generator/vendor/github.com/containerd/containerd/archive/compression/compression.go index a883e4d58..ceceb21f5 100644 --- a/index/generator/vendor/github.com/containerd/containerd/archive/compression/compression.go +++ b/index/generator/vendor/github.com/containerd/containerd/archive/compression/compression.go @@ -21,15 +21,16 @@ import ( "bytes" "compress/gzip" "context" + "encoding/binary" "fmt" "io" "os" - "os/exec" "strconv" "sync" "github.com/containerd/containerd/log" "github.com/klauspost/compress/zstd" + exec "golang.org/x/sys/execabs" ) type ( @@ -125,17 +126,52 @@ func (r *bufferedReader) Peek(n int) ([]byte, error) { return r.buf.Peek(n) } +const ( + zstdMagicSkippableStart = 0x184D2A50 + zstdMagicSkippableMask = 0xFFFFFFF0 +) + +var ( + gzipMagic = []byte{0x1F, 0x8B, 0x08} + zstdMagic = []byte{0x28, 0xb5, 0x2f, 0xfd} +) + +type matcher = func([]byte) bool + +func magicNumberMatcher(m []byte) matcher { + return func(source []byte) bool { + return bytes.HasPrefix(source, m) + } +} + +// zstdMatcher detects zstd compression algorithm. +// There are two frame formats defined by Zstandard: Zstandard frames and Skippable frames. +// See https://tools.ietf.org/id/draft-kucherawy-dispatch-zstd-00.html#rfc.section.2 for more details. +func zstdMatcher() matcher { + return func(source []byte) bool { + if bytes.HasPrefix(source, zstdMagic) { + // Zstandard frame + return true + } + // skippable frame + if len(source) < 8 { + return false + } + // magic number from 0x184D2A50 to 0x184D2A5F. + if binary.LittleEndian.Uint32(source[:4])&zstdMagicSkippableMask == zstdMagicSkippableStart { + return true + } + return false + } +} + // DetectCompression detects the compression algorithm of the source. func DetectCompression(source []byte) Compression { - for compression, m := range map[Compression][]byte{ - Gzip: {0x1F, 0x8B, 0x08}, - Zstd: {0x28, 0xb5, 0x2f, 0xfd}, + for compression, fn := range map[Compression]matcher{ + Gzip: magicNumberMatcher(gzipMagic), + Zstd: zstdMatcher(), } { - if len(source) < len(m) { - // Len too short - continue - } - if bytes.Equal(m, source[:len(m)]) { + if fn(source) { return compression } } diff --git a/index/generator/vendor/github.com/containerd/containerd/content/content.go b/index/generator/vendor/github.com/containerd/containerd/content/content.go index ff17a8417..1d1e3d288 100644 --- a/index/generator/vendor/github.com/containerd/containerd/content/content.go +++ b/index/generator/vendor/github.com/containerd/containerd/content/content.go @@ -47,9 +47,6 @@ type Ingester interface { } // Info holds content specific information -// -// TODO(stevvooe): Consider a very different name for this struct. Info is way -// to general. It also reads very weird in certain context, like pluralization. type Info struct { Digest digest.Digest Size int64 @@ -71,12 +68,17 @@ type Status struct { // WalkFunc defines the callback for a blob walk. type WalkFunc func(Info) error -// Manager provides methods for inspecting, listing and removing content. -type Manager interface { +// InfoProvider provides info for content inspection. +type InfoProvider interface { // Info will return metadata about content available in the content store. // // If the content is not present, ErrNotFound will be returned. Info(ctx context.Context, dgst digest.Digest) (Info, error) +} + +// Manager provides methods for inspecting, listing and removing content. +type Manager interface { + InfoProvider // Update updates mutable information related to content. // If one or more fieldpaths are provided, only those diff --git a/index/generator/vendor/github.com/containerd/containerd/content/helpers.go b/index/generator/vendor/github.com/containerd/containerd/content/helpers.go index 00fae1fc8..23ddc452f 100644 --- a/index/generator/vendor/github.com/containerd/containerd/content/helpers.go +++ b/index/generator/vendor/github.com/containerd/containerd/content/helpers.go @@ -18,18 +18,24 @@ package content import ( "context" + "errors" + "fmt" "io" - "io/ioutil" - "math/rand" "sync" "time" "github.com/containerd/containerd/errdefs" + "github.com/containerd/containerd/log" + "github.com/containerd/containerd/pkg/randutil" "github.com/opencontainers/go-digest" ocispec "github.com/opencontainers/image-spec/specs-go/v1" - "github.com/pkg/errors" ) +// maxResets is the no.of times the Copy() method can tolerate a reset of the body +const maxResets = 5 + +var ErrReset = errors.New("writer has been reset") + var bufPool = sync.Pool{ New: func() interface{} { buffer := make([]byte, 1<<20) @@ -77,10 +83,10 @@ func WriteBlob(ctx context.Context, cs Ingester, ref string, r io.Reader, desc o cw, err := OpenWriter(ctx, cs, WithRef(ref), WithDescriptor(desc)) if err != nil { if !errdefs.IsAlreadyExists(err) { - return errors.Wrap(err, "failed to open writer") + return fmt.Errorf("failed to open writer: %w", err) } - return nil // all ready present + return nil // already present } defer cw.Close() @@ -107,7 +113,7 @@ func OpenWriter(ctx context.Context, cs Ingester, opts ...WriterOpt) (Writer, er // error or abort. Requires asserting for an ingest manager select { - case <-time.After(time.Millisecond * time.Duration(rand.Intn(retry))): + case <-time.After(time.Millisecond * time.Duration(randutil.Intn(retry))): if retry < 2048 { retry = retry << 1 } @@ -131,35 +137,63 @@ func OpenWriter(ctx context.Context, cs Ingester, opts ...WriterOpt) (Writer, er // the size or digest is unknown, these values may be empty. // // Copy is buffered, so no need to wrap reader in buffered io. -func Copy(ctx context.Context, cw Writer, r io.Reader, size int64, expected digest.Digest, opts ...Opt) error { +func Copy(ctx context.Context, cw Writer, or io.Reader, size int64, expected digest.Digest, opts ...Opt) error { ws, err := cw.Status() if err != nil { - return errors.Wrap(err, "failed to get status") + return fmt.Errorf("failed to get status: %w", err) } - + r := or if ws.Offset > 0 { - r, err = seekReader(r, ws.Offset, size) + r, err = seekReader(or, ws.Offset, size) if err != nil { - return errors.Wrapf(err, "unable to resume write to %v", ws.Ref) + return fmt.Errorf("unable to resume write to %v: %w", ws.Ref, err) } } - copied, err := copyWithBuffer(cw, r) - if err != nil { - return errors.Wrap(err, "failed to copy") - } - if size != 0 && copied < size-ws.Offset { - // Short writes would return its own error, this indicates a read failure - return errors.Wrapf(io.ErrUnexpectedEOF, "failed to read expected number of bytes") - } - - if err := cw.Commit(ctx, size, expected, opts...); err != nil { - if !errdefs.IsAlreadyExists(err) { - return errors.Wrapf(err, "failed commit on ref %q", ws.Ref) + for i := 0; i < maxResets; i++ { + if i >= 1 { + log.G(ctx).WithField("digest", expected).Debugf("retrying copy due to reset") + } + copied, err := copyWithBuffer(cw, r) + if errors.Is(err, ErrReset) { + ws, err := cw.Status() + if err != nil { + return fmt.Errorf("failed to get status: %w", err) + } + r, err = seekReader(or, ws.Offset, size) + if err != nil { + return fmt.Errorf("unable to resume write to %v: %w", ws.Ref, err) + } + continue } + if err != nil { + return fmt.Errorf("failed to copy: %w", err) + } + if size != 0 && copied < size-ws.Offset { + // Short writes would return its own error, this indicates a read failure + return fmt.Errorf("failed to read expected number of bytes: %w", io.ErrUnexpectedEOF) + } + if err := cw.Commit(ctx, size, expected, opts...); err != nil { + if errors.Is(err, ErrReset) { + ws, err := cw.Status() + if err != nil { + return fmt.Errorf("failed to get status: %w", err) + } + r, err = seekReader(or, ws.Offset, size) + if err != nil { + return fmt.Errorf("unable to resume write to %v: %w", ws.Ref, err) + } + continue + } + if !errdefs.IsAlreadyExists(err) { + return fmt.Errorf("failed commit on ref %q: %w", ws.Ref, err) + } + } + return nil } - return nil + log.G(ctx).WithField("digest", expected).Errorf("failed to copy after %d retries", maxResets) + return fmt.Errorf("failed to copy after %d retries", maxResets) } // CopyReaderAt copies to a writer from a given reader at for the given @@ -172,11 +206,11 @@ func CopyReaderAt(cw Writer, ra ReaderAt, n int64) error { copied, err := copyWithBuffer(cw, io.NewSectionReader(ra, ws.Offset, n)) if err != nil { - return errors.Wrap(err, "failed to copy") + return fmt.Errorf("failed to copy: %w", err) } if copied < n { // Short writes would return its own error, this indicates a read failure - return errors.Wrap(io.ErrUnexpectedEOF, "failed to read expected number of bytes") + return fmt.Errorf("failed to read expected number of bytes: %w", io.ErrUnexpectedEOF) } return nil } @@ -190,13 +224,13 @@ func CopyReaderAt(cw Writer, ra ReaderAt, n int64) error { func CopyReader(cw Writer, r io.Reader) (int64, error) { ws, err := cw.Status() if err != nil { - return 0, errors.Wrap(err, "failed to get status") + return 0, fmt.Errorf("failed to get status: %w", err) } if ws.Offset > 0 { r, err = seekReader(r, ws.Offset, 0) if err != nil { - return 0, errors.Wrapf(err, "unable to resume write to %v", ws.Ref) + return 0, fmt.Errorf("unable to resume write to %v: %w", ws.Ref, err) } } @@ -212,7 +246,10 @@ func seekReader(r io.Reader, offset, size int64) (io.Reader, error) { if ok { nn, err := seeker.Seek(offset, io.SeekStart) if nn != offset { - return nil, errors.Wrapf(err, "failed to seek to offset %v", offset) + if err == nil { + err = fmt.Errorf("unexpected seek location without seek error") + } + return nil, fmt.Errorf("failed to seek to offset %v: %w", offset, err) } if err != nil { @@ -230,12 +267,12 @@ func seekReader(r io.Reader, offset, size int64) (io.Reader, error) { } // well then, let's just discard up to the offset - n, err := copyWithBuffer(ioutil.Discard, io.LimitReader(r, offset)) + n, err := copyWithBuffer(io.Discard, io.LimitReader(r, offset)) if err != nil { - return nil, errors.Wrap(err, "failed to discard to offset") + return nil, fmt.Errorf("failed to discard to offset: %w", err) } if n != offset { - return nil, errors.Errorf("unable to discard to offset") + return nil, errors.New("unable to discard to offset") } return r, nil diff --git a/index/generator/vendor/github.com/containerd/containerd/content/local/locks.go b/index/generator/vendor/github.com/containerd/containerd/content/local/locks.go index d1d2d564d..1e59f39b3 100644 --- a/index/generator/vendor/github.com/containerd/containerd/content/local/locks.go +++ b/index/generator/vendor/github.com/containerd/containerd/content/local/locks.go @@ -17,11 +17,11 @@ package local import ( + "fmt" "sync" "time" "github.com/containerd/containerd/errdefs" - "github.com/pkg/errors" ) // Handles locking references @@ -41,7 +41,13 @@ func tryLock(ref string) error { defer locksMu.Unlock() if v, ok := locks[ref]; ok { - return errors.Wrapf(errdefs.ErrUnavailable, "ref %s locked since %s", ref, v.since) + // Returning the duration may help developers distinguish dead locks (long duration) from + // lock contentions (short duration). + now := time.Now() + return fmt.Errorf( + "ref %s locked for %s (since %s): %w", ref, now.Sub(v.since), v.since, + errdefs.ErrUnavailable, + ) } locks[ref] = &lock{time.Now()} diff --git a/index/generator/vendor/github.com/containerd/containerd/content/local/readerat.go b/index/generator/vendor/github.com/containerd/containerd/content/local/readerat.go index 5d3ae0390..a83c171bb 100644 --- a/index/generator/vendor/github.com/containerd/containerd/content/local/readerat.go +++ b/index/generator/vendor/github.com/containerd/containerd/content/local/readerat.go @@ -17,10 +17,9 @@ package local import ( + "fmt" "os" - "github.com/pkg/errors" - "github.com/containerd/containerd/content" "github.com/containerd/containerd/errdefs" ) @@ -40,7 +39,7 @@ func OpenReader(p string) (content.ReaderAt, error) { return nil, err } - return nil, errors.Wrap(errdefs.ErrNotFound, "blob not found") + return nil, fmt.Errorf("blob not found: %w", errdefs.ErrNotFound) } fp, err := os.Open(p) @@ -49,7 +48,7 @@ func OpenReader(p string) (content.ReaderAt, error) { return nil, err } - return nil, errors.Wrap(errdefs.ErrNotFound, "blob not found") + return nil, fmt.Errorf("blob not found: %w", errdefs.ErrNotFound) } return sizeReaderAt{size: fi.Size(), fp: fp}, nil diff --git a/index/generator/vendor/github.com/containerd/containerd/content/local/store.go b/index/generator/vendor/github.com/containerd/containerd/content/local/store.go index 314d91367..1b01790a5 100644 --- a/index/generator/vendor/github.com/containerd/containerd/content/local/store.go +++ b/index/generator/vendor/github.com/containerd/containerd/content/local/store.go @@ -20,8 +20,6 @@ import ( "context" "fmt" "io" - "io/ioutil" - "math/rand" "os" "path/filepath" "strconv" @@ -33,11 +31,11 @@ import ( "github.com/containerd/containerd/errdefs" "github.com/containerd/containerd/filters" "github.com/containerd/containerd/log" + "github.com/containerd/containerd/pkg/randutil" "github.com/sirupsen/logrus" - digest "github.com/opencontainers/go-digest" + "github.com/opencontainers/go-digest" ocispec "github.com/opencontainers/image-spec/specs-go/v1" - "github.com/pkg/errors" ) var bufPool = sync.Pool{ @@ -94,13 +92,13 @@ func NewLabeledStore(root string, ls LabelStore) (content.Store, error) { func (s *store) Info(ctx context.Context, dgst digest.Digest) (content.Info, error) { p, err := s.blobPath(dgst) if err != nil { - return content.Info{}, errors.Wrapf(err, "calculating blob info path") + return content.Info{}, fmt.Errorf("calculating blob info path: %w", err) } fi, err := os.Stat(p) if err != nil { if os.IsNotExist(err) { - err = errors.Wrapf(errdefs.ErrNotFound, "content %v", dgst) + err = fmt.Errorf("content %v: %w", dgst, errdefs.ErrNotFound) } return content.Info{}, err @@ -129,12 +127,12 @@ func (s *store) info(dgst digest.Digest, fi os.FileInfo, labels map[string]strin func (s *store) ReaderAt(ctx context.Context, desc ocispec.Descriptor) (content.ReaderAt, error) { p, err := s.blobPath(desc.Digest) if err != nil { - return nil, errors.Wrapf(err, "calculating blob path for ReaderAt") + return nil, fmt.Errorf("calculating blob path for ReaderAt: %w", err) } reader, err := OpenReader(p) if err != nil { - return nil, errors.Wrapf(err, "blob %s expected at %s", desc.Digest, p) + return nil, fmt.Errorf("blob %s expected at %s: %w", desc.Digest, p, err) } return reader, nil @@ -147,7 +145,7 @@ func (s *store) ReaderAt(ctx context.Context, desc ocispec.Descriptor) (content. func (s *store) Delete(ctx context.Context, dgst digest.Digest) error { bp, err := s.blobPath(dgst) if err != nil { - return errors.Wrapf(err, "calculating blob path for delete") + return fmt.Errorf("calculating blob path for delete: %w", err) } if err := os.RemoveAll(bp); err != nil { @@ -155,7 +153,7 @@ func (s *store) Delete(ctx context.Context, dgst digest.Digest) error { return err } - return errors.Wrapf(errdefs.ErrNotFound, "content %v", dgst) + return fmt.Errorf("content %v: %w", dgst, errdefs.ErrNotFound) } return nil @@ -163,18 +161,18 @@ func (s *store) Delete(ctx context.Context, dgst digest.Digest) error { func (s *store) Update(ctx context.Context, info content.Info, fieldpaths ...string) (content.Info, error) { if s.ls == nil { - return content.Info{}, errors.Wrapf(errdefs.ErrFailedPrecondition, "update not supported on immutable content store") + return content.Info{}, fmt.Errorf("update not supported on immutable content store: %w", errdefs.ErrFailedPrecondition) } p, err := s.blobPath(info.Digest) if err != nil { - return content.Info{}, errors.Wrapf(err, "calculating blob path for update") + return content.Info{}, fmt.Errorf("calculating blob path for update: %w", err) } fi, err := os.Stat(p) if err != nil { if os.IsNotExist(err) { - err = errors.Wrapf(errdefs.ErrNotFound, "content %v", info.Digest) + err = fmt.Errorf("content %v: %w", info.Digest, errdefs.ErrNotFound) } return content.Info{}, err @@ -201,7 +199,7 @@ func (s *store) Update(ctx context.Context, info content.Info, fieldpaths ...str all = true labels = info.Labels default: - return content.Info{}, errors.Wrapf(errdefs.ErrInvalidArgument, "cannot update %q field on content info %q", path, info.Digest) + return content.Info{}, fmt.Errorf("cannot update %q field on content info %q: %w", path, info.Digest, errdefs.ErrInvalidArgument) } } } else { @@ -378,7 +376,7 @@ func (s *store) status(ingestPath string) (content.Status, error) { fi, err := os.Stat(dp) if err != nil { if os.IsNotExist(err) { - err = errors.Wrap(errdefs.ErrNotFound, err.Error()) + err = fmt.Errorf("%s: %w", err.Error(), errdefs.ErrNotFound) } return content.Status{}, err } @@ -386,19 +384,19 @@ func (s *store) status(ingestPath string) (content.Status, error) { ref, err := readFileString(filepath.Join(ingestPath, "ref")) if err != nil { if os.IsNotExist(err) { - err = errors.Wrap(errdefs.ErrNotFound, err.Error()) + err = fmt.Errorf("%s: %w", err.Error(), errdefs.ErrNotFound) } return content.Status{}, err } startedAt, err := readFileTimestamp(filepath.Join(ingestPath, "startedat")) if err != nil { - return content.Status{}, errors.Wrapf(err, "could not read startedat") + return content.Status{}, fmt.Errorf("could not read startedat: %w", err) } updatedAt, err := readFileTimestamp(filepath.Join(ingestPath, "updatedat")) if err != nil { - return content.Status{}, errors.Wrapf(err, "could not read updatedat") + return content.Status{}, fmt.Errorf("could not read updatedat: %w", err) } // because we don't write updatedat on every write, the mod time may @@ -461,7 +459,7 @@ func (s *store) Writer(ctx context.Context, opts ...content.WriterOpt) (content. // TODO(AkihiroSuda): we could create a random string or one calculated based on the context // https://github.com/containerd/containerd/issues/2129#issuecomment-380255019 if wOpts.Ref == "" { - return nil, errors.Wrap(errdefs.ErrInvalidArgument, "ref must not be empty") + return nil, fmt.Errorf("ref must not be empty: %w", errdefs.ErrInvalidArgument) } var lockErr error for count := uint64(0); count < 10; count++ { @@ -475,7 +473,7 @@ func (s *store) Writer(ctx context.Context, opts ...content.WriterOpt) (content. lockErr = nil break } - time.Sleep(time.Millisecond * time.Duration(rand.Intn(1< 0 && status.Total > 0 && total != status.Total { - return status, errors.Errorf("provided total differs from status: %v != %v", total, status.Total) + return status, fmt.Errorf("provided total differs from status: %v != %v", total, status.Total) } + //nolint:dupword // TODO(stevvooe): slow slow slow!!, send to goroutine or use resumable hashes fp, err := os.Open(data) if err != nil { @@ -528,10 +527,10 @@ func (s *store) writer(ctx context.Context, ref string, total int64, expected di if expected != "" { p, err := s.blobPath(expected) if err != nil { - return nil, errors.Wrap(err, "calculating expected blob path for writer") + return nil, fmt.Errorf("calculating expected blob path for writer: %w", err) } if _, err := os.Stat(p); err == nil { - return nil, errors.Wrapf(errdefs.ErrAlreadyExists, "content %v", expected) + return nil, fmt.Errorf("content %v: %w", expected, errdefs.ErrAlreadyExists) } } @@ -568,7 +567,7 @@ func (s *store) writer(ctx context.Context, ref string, total int64, expected di // the ingest is new, we need to setup the target location. // write the ref to a file for later use - if err := ioutil.WriteFile(refp, []byte(ref), 0666); err != nil { + if err := os.WriteFile(refp, []byte(ref), 0666); err != nil { return nil, err } @@ -581,7 +580,7 @@ func (s *store) writer(ctx context.Context, ref string, total int64, expected di } if total > 0 { - if err := ioutil.WriteFile(filepath.Join(path, "total"), []byte(fmt.Sprint(total)), 0666); err != nil { + if err := os.WriteFile(filepath.Join(path, "total"), []byte(fmt.Sprint(total)), 0666); err != nil { return nil, err } } @@ -589,11 +588,12 @@ func (s *store) writer(ctx context.Context, ref string, total int64, expected di fp, err := os.OpenFile(data, os.O_WRONLY|os.O_CREATE, 0666) if err != nil { - return nil, errors.Wrap(err, "failed to open data file") + return nil, fmt.Errorf("failed to open data file: %w", err) } if _, err := fp.Seek(offset, io.SeekStart); err != nil { - return nil, errors.Wrap(err, "could not seek to current write offset") + fp.Close() + return nil, fmt.Errorf("could not seek to current write offset: %w", err) } return &writer{ @@ -615,7 +615,7 @@ func (s *store) Abort(ctx context.Context, ref string) error { root := s.ingestRoot(ref) if err := os.RemoveAll(root); err != nil { if os.IsNotExist(err) { - return errors.Wrapf(errdefs.ErrNotFound, "ingest ref %q", ref) + return fmt.Errorf("ingest ref %q: %w", ref, errdefs.ErrNotFound) } return err @@ -626,7 +626,7 @@ func (s *store) Abort(ctx context.Context, ref string) error { func (s *store) blobPath(dgst digest.Digest) (string, error) { if err := dgst.Validate(); err != nil { - return "", errors.Wrapf(errdefs.ErrInvalidArgument, "cannot calculate blob path from invalid digest: %v", err) + return "", fmt.Errorf("cannot calculate blob path from invalid digest: %v: %w", err, errdefs.ErrInvalidArgument) } return filepath.Join(s.root, "blobs", dgst.Algorithm().String(), dgst.Hex()), nil @@ -644,7 +644,6 @@ func (s *store) ingestRoot(ref string) string { // - root: entire ingest directory // - ref: name of the starting ref, must be unique // - data: file where data is written -// func (s *store) ingestPaths(ref string) (string, string, string) { var ( fp = s.ingestRoot(ref) @@ -656,23 +655,23 @@ func (s *store) ingestPaths(ref string) (string, string, string) { } func readFileString(path string) (string, error) { - p, err := ioutil.ReadFile(path) + p, err := os.ReadFile(path) return string(p), err } // readFileTimestamp reads a file with just a timestamp present. func readFileTimestamp(p string) (time.Time, error) { - b, err := ioutil.ReadFile(p) + b, err := os.ReadFile(p) if err != nil { if os.IsNotExist(err) { - err = errors.Wrap(errdefs.ErrNotFound, err.Error()) + err = fmt.Errorf("%s: %w", err.Error(), errdefs.ErrNotFound) } return time.Time{}, err } var t time.Time if err := t.UnmarshalText(b); err != nil { - return time.Time{}, errors.Wrapf(err, "could not parse timestamp file %v", p) + return time.Time{}, fmt.Errorf("could not parse timestamp file %v: %w", p, err) } return t, nil @@ -683,19 +682,23 @@ func writeTimestampFile(p string, t time.Time) error { if err != nil { return err } - return atomicWrite(p, b, 0666) + return writeToCompletion(p, b, 0666) } -func atomicWrite(path string, data []byte, mode os.FileMode) error { +func writeToCompletion(path string, data []byte, mode os.FileMode) error { tmp := fmt.Sprintf("%s.tmp", path) f, err := os.OpenFile(tmp, os.O_RDWR|os.O_CREATE|os.O_TRUNC|os.O_SYNC, mode) if err != nil { - return errors.Wrap(err, "create tmp file") + return fmt.Errorf("create tmp file: %w", err) } _, err = f.Write(data) f.Close() if err != nil { - return errors.Wrap(err, "write atomic data") + return fmt.Errorf("write tmp file: %w", err) + } + err = os.Rename(tmp, path) + if err != nil { + return fmt.Errorf("rename tmp file: %w", err) } - return os.Rename(tmp, path) + return nil } diff --git a/index/generator/vendor/github.com/containerd/containerd/content/local/store_bsd.go b/index/generator/vendor/github.com/containerd/containerd/content/local/store_bsd.go index da149a2fd..42fddd341 100644 --- a/index/generator/vendor/github.com/containerd/containerd/content/local/store_bsd.go +++ b/index/generator/vendor/github.com/containerd/containerd/content/local/store_bsd.go @@ -1,3 +1,4 @@ +//go:build darwin || freebsd || netbsd // +build darwin freebsd netbsd /* @@ -26,7 +27,7 @@ import ( func getATime(fi os.FileInfo) time.Time { if st, ok := fi.Sys().(*syscall.Stat_t); ok { - return time.Unix(int64(st.Atimespec.Sec), int64(st.Atimespec.Nsec)) //nolint: unconvert // int64 conversions ensure the line compiles for 32-bit systems as well. + return time.Unix(st.Atimespec.Unix()) } return fi.ModTime() diff --git a/index/generator/vendor/github.com/containerd/containerd/content/local/store_openbsd.go b/index/generator/vendor/github.com/containerd/containerd/content/local/store_openbsd.go index f34f0dad2..2b58b617b 100644 --- a/index/generator/vendor/github.com/containerd/containerd/content/local/store_openbsd.go +++ b/index/generator/vendor/github.com/containerd/containerd/content/local/store_openbsd.go @@ -1,3 +1,4 @@ +//go:build openbsd // +build openbsd /* @@ -26,7 +27,7 @@ import ( func getATime(fi os.FileInfo) time.Time { if st, ok := fi.Sys().(*syscall.Stat_t); ok { - return time.Unix(int64(st.Atim.Sec), int64(st.Atim.Nsec)) //nolint: unconvert // int64 conversions ensure the line compiles for 32-bit systems as well. + return time.Unix(st.Atim.Unix()) } return fi.ModTime() diff --git a/index/generator/vendor/github.com/containerd/containerd/content/local/store_unix.go b/index/generator/vendor/github.com/containerd/containerd/content/local/store_unix.go index 69a74bab0..efa2eb943 100644 --- a/index/generator/vendor/github.com/containerd/containerd/content/local/store_unix.go +++ b/index/generator/vendor/github.com/containerd/containerd/content/local/store_unix.go @@ -1,3 +1,4 @@ +//go:build linux || solaris // +build linux solaris /* @@ -26,7 +27,7 @@ import ( func getATime(fi os.FileInfo) time.Time { if st, ok := fi.Sys().(*syscall.Stat_t); ok { - return time.Unix(int64(st.Atim.Sec), int64(st.Atim.Nsec)) //nolint: unconvert // int64 conversions ensure the line compiles for 32-bit systems as well. + return time.Unix(st.Atim.Unix()) } return fi.ModTime() diff --git a/index/generator/vendor/github.com/containerd/containerd/content/local/writer.go b/index/generator/vendor/github.com/containerd/containerd/content/local/writer.go index 0a11f4d91..b187e524c 100644 --- a/index/generator/vendor/github.com/containerd/containerd/content/local/writer.go +++ b/index/generator/vendor/github.com/containerd/containerd/content/local/writer.go @@ -18,6 +18,8 @@ package local import ( "context" + "errors" + "fmt" "io" "os" "path/filepath" @@ -28,7 +30,6 @@ import ( "github.com/containerd/containerd/errdefs" "github.com/containerd/containerd/log" "github.com/opencontainers/go-digest" - "github.com/pkg/errors" ) // writer represents a write transaction against the blob store. @@ -88,30 +89,30 @@ func (w *writer) Commit(ctx context.Context, size int64, expected digest.Digest, w.fp = nil if fp == nil { - return errors.Wrap(errdefs.ErrFailedPrecondition, "cannot commit on closed writer") + return fmt.Errorf("cannot commit on closed writer: %w", errdefs.ErrFailedPrecondition) } if err := fp.Sync(); err != nil { fp.Close() - return errors.Wrap(err, "sync failed") + return fmt.Errorf("sync failed: %w", err) } fi, err := fp.Stat() closeErr := fp.Close() if err != nil { - return errors.Wrap(err, "stat on ingest file failed") + return fmt.Errorf("stat on ingest file failed: %w", err) } if closeErr != nil { - return errors.Wrap(err, "failed to close ingest file") + return fmt.Errorf("failed to close ingest file: %w", closeErr) } if size > 0 && size != fi.Size() { - return errors.Wrapf(errdefs.ErrFailedPrecondition, "unexpected commit size %d, expected %d", fi.Size(), size) + return fmt.Errorf("unexpected commit size %d, expected %d: %w", fi.Size(), size, errdefs.ErrFailedPrecondition) } dgst := w.digester.Digest() if expected != "" && expected != dgst { - return errors.Wrapf(errdefs.ErrFailedPrecondition, "unexpected commit digest %s, expected %s", dgst, expected) + return fmt.Errorf("unexpected commit digest %s, expected %s: %w", dgst, expected, errdefs.ErrFailedPrecondition) } var ( @@ -127,9 +128,9 @@ func (w *writer) Commit(ctx context.Context, size int64, expected digest.Digest, if _, err := os.Stat(target); err == nil { // collision with the target file! if err := os.RemoveAll(w.path); err != nil { - log.G(ctx).WithField("ref", w.ref).WithField("path", w.path).Errorf("failed to remove ingest directory") + log.G(ctx).WithField("ref", w.ref).WithField("path", w.path).Error("failed to remove ingest directory") } - return errors.Wrapf(errdefs.ErrAlreadyExists, "content %v", dgst) + return fmt.Errorf("content %v: %w", dgst, errdefs.ErrAlreadyExists) } if err := os.Rename(ingest, target); err != nil { @@ -142,17 +143,17 @@ func (w *writer) Commit(ctx context.Context, size int64, expected digest.Digest, commitTime := time.Now() if err := os.Chtimes(target, commitTime, commitTime); err != nil { - log.G(ctx).WithField("digest", dgst).Errorf("failed to change file time to commit time") + log.G(ctx).WithField("digest", dgst).Error("failed to change file time to commit time") } // clean up!! if err := os.RemoveAll(w.path); err != nil { - log.G(ctx).WithField("ref", w.ref).WithField("path", w.path).Errorf("failed to remove ingest directory") + log.G(ctx).WithField("ref", w.ref).WithField("path", w.path).Error("failed to remove ingest directory") } if w.s.ls != nil && base.Labels != nil { if err := w.s.ls.Set(dgst, base.Labels); err != nil { - log.G(ctx).WithField("digest", dgst).Errorf("failed to set labels") + log.G(ctx).WithField("digest", dgst).Error("failed to set labels") } } @@ -165,7 +166,7 @@ func (w *writer) Commit(ctx context.Context, size int64, expected digest.Digest, // NOTE: Windows does not support this operation if runtime.GOOS != "windows" { if err := os.Chmod(target, (fi.Mode()&os.ModePerm)&^0333); err != nil { - log.G(ctx).WithField("ref", w.ref).Errorf("failed to make readonly") + log.G(ctx).WithField("ref", w.ref).Error("failed to make readonly") } } diff --git a/index/generator/vendor/github.com/containerd/containerd/errdefs/errors.go b/index/generator/vendor/github.com/containerd/containerd/errdefs/errors.go index 05a35228c..876225597 100644 --- a/index/generator/vendor/github.com/containerd/containerd/errdefs/errors.go +++ b/index/generator/vendor/github.com/containerd/containerd/errdefs/errors.go @@ -17,7 +17,7 @@ // Package errdefs defines the common errors used throughout containerd // packages. // -// Use with errors.Wrap and error.Wrapf to add context to an error. +// Use with fmt.Errorf to add context to an error. // // To detect an error class, use the IsXXX functions to tell whether an error // is of a certain type. @@ -28,8 +28,7 @@ package errdefs import ( "context" - - "github.com/pkg/errors" + "errors" ) // Definitions of common error types used throughout containerd. All containerd diff --git a/index/generator/vendor/github.com/containerd/containerd/errdefs/grpc.go b/index/generator/vendor/github.com/containerd/containerd/errdefs/grpc.go index 209f63bd0..7a9b33e05 100644 --- a/index/generator/vendor/github.com/containerd/containerd/errdefs/grpc.go +++ b/index/generator/vendor/github.com/containerd/containerd/errdefs/grpc.go @@ -18,9 +18,9 @@ package errdefs import ( "context" + "fmt" "strings" - "github.com/pkg/errors" "google.golang.org/grpc/codes" "google.golang.org/grpc/status" ) @@ -68,9 +68,9 @@ func ToGRPC(err error) error { // ToGRPCf maps the error to grpc error codes, assembling the formatting string // and combining it with the target error string. // -// This is equivalent to errors.ToGRPC(errors.Wrapf(err, format, args...)) +// This is equivalent to errdefs.ToGRPC(fmt.Errorf("%s: %w", fmt.Sprintf(format, args...), err)) func ToGRPCf(err error, format string, args ...interface{}) error { - return ToGRPC(errors.Wrapf(err, format, args...)) + return ToGRPC(fmt.Errorf("%s: %w", fmt.Sprintf(format, args...), err)) } // FromGRPC returns the underlying error from a grpc service based on the grpc error code @@ -104,9 +104,9 @@ func FromGRPC(err error) error { msg := rebaseMessage(cls, err) if msg != "" { - err = errors.Wrap(cls, msg) + err = fmt.Errorf("%s: %w", msg, cls) } else { - err = errors.WithStack(cls) + err = cls } return err diff --git a/index/generator/vendor/github.com/containerd/containerd/filters/filter.go b/index/generator/vendor/github.com/containerd/containerd/filters/filter.go index cf09d8d9e..e13f2625c 100644 --- a/index/generator/vendor/github.com/containerd/containerd/filters/filter.go +++ b/index/generator/vendor/github.com/containerd/containerd/filters/filter.go @@ -65,7 +65,6 @@ // ``` // name==foo,labels.bar // ``` -// package filters import ( diff --git a/index/generator/vendor/github.com/containerd/containerd/filters/parser.go b/index/generator/vendor/github.com/containerd/containerd/filters/parser.go index 0825d668c..32767909b 100644 --- a/index/generator/vendor/github.com/containerd/containerd/filters/parser.go +++ b/index/generator/vendor/github.com/containerd/containerd/filters/parser.go @@ -21,7 +21,6 @@ import ( "io" "github.com/containerd/containerd/errdefs" - "github.com/pkg/errors" ) /* @@ -46,7 +45,6 @@ field := quoted | [A-Za-z] [A-Za-z0-9_]+ operator := "==" | "!=" | "~=" value := quoted | [^\s,]+ quoted := - */ func Parse(s string) (Filter, error) { // special case empty to match all @@ -71,7 +69,7 @@ func ParseAll(ss ...string) (Filter, error) { for _, s := range ss { f, err := Parse(s) if err != nil { - return nil, errors.Wrap(errdefs.ErrInvalidArgument, err.Error()) + return nil, fmt.Errorf("%s: %w", err.Error(), errdefs.ErrInvalidArgument) } fs = append(fs, f) @@ -90,7 +88,7 @@ func (p *parser) parse() (Filter, error) { ss, err := p.selectors() if err != nil { - return nil, errors.Wrap(err, "filters") + return nil, fmt.Errorf("filters: %w", err) } return ss, nil @@ -284,9 +282,9 @@ func (pe parseError) Error() string { } func (p *parser) mkerr(pos int, format string, args ...interface{}) error { - return errors.Wrap(parseError{ + return fmt.Errorf("parse error: %w", parseError{ input: p.input, pos: pos, msg: fmt.Sprintf(format, args...), - }, "parse error") + }) } diff --git a/index/generator/vendor/github.com/containerd/containerd/filters/quote.go b/index/generator/vendor/github.com/containerd/containerd/filters/quote.go index 2d64e23a3..5c800ef84 100644 --- a/index/generator/vendor/github.com/containerd/containerd/filters/quote.go +++ b/index/generator/vendor/github.com/containerd/containerd/filters/quote.go @@ -17,9 +17,8 @@ package filters import ( + "errors" "unicode/utf8" - - "github.com/pkg/errors" ) // NOTE(stevvooe): Most of this code in this file is copied from the stdlib @@ -32,10 +31,10 @@ var errQuoteSyntax = errors.New("quote syntax error") // or character literal represented by the string s. // It returns four values: // -// 1) value, the decoded Unicode code point or byte value; -// 2) multibyte, a boolean indicating whether the decoded character requires a multibyte UTF-8 representation; -// 3) tail, the remainder of the string after the character; and -// 4) an error that will be nil if the character is syntactically valid. +// 1. value, the decoded Unicode code point or byte value; +// 2. multibyte, a boolean indicating whether the decoded character requires a multibyte UTF-8 representation; +// 3. tail, the remainder of the string after the character; and +// 4. an error that will be nil if the character is syntactically valid. // // The second argument, quote, specifies the type of literal being parsed // and therefore which escaped quote character is permitted. diff --git a/index/generator/vendor/github.com/containerd/containerd/images/handlers.go b/index/generator/vendor/github.com/containerd/containerd/images/handlers.go index 05a9017bc..077d88e78 100644 --- a/index/generator/vendor/github.com/containerd/containerd/images/handlers.go +++ b/index/generator/vendor/github.com/containerd/containerd/images/handlers.go @@ -18,6 +18,7 @@ package images import ( "context" + "errors" "fmt" "sort" @@ -25,7 +26,6 @@ import ( "github.com/containerd/containerd/errdefs" "github.com/containerd/containerd/platforms" ocispec "github.com/opencontainers/image-spec/specs-go/v1" - "github.com/pkg/errors" "golang.org/x/sync/errgroup" "golang.org/x/sync/semaphore" ) @@ -33,13 +33,17 @@ import ( var ( // ErrSkipDesc is used to skip processing of a descriptor and // its descendants. - ErrSkipDesc = fmt.Errorf("skip descriptor") + ErrSkipDesc = errors.New("skip descriptor") // ErrStopHandler is used to signify that the descriptor // has been handled and should not be handled further. // This applies only to a single descriptor in a handler // chain and does not apply to descendant descriptors. - ErrStopHandler = fmt.Errorf("stop handler") + ErrStopHandler = errors.New("stop handler") + + // ErrEmptyWalk is used when the WalkNotEmpty handlers return no + // children (e.g.: they were filtered out). + ErrEmptyWalk = errors.New("image might be filtered out") ) // Handler handles image manifests @@ -99,6 +103,36 @@ func Walk(ctx context.Context, handler Handler, descs ...ocispec.Descriptor) err } } } + return nil +} + +// WalkNotEmpty works the same way Walk does, with the exception that it ensures that +// some children are still found by Walking the descriptors (for example, not all of +// them have been filtered out by one of the handlers). If there are no children, +// then an ErrEmptyWalk error is returned. +func WalkNotEmpty(ctx context.Context, handler Handler, descs ...ocispec.Descriptor) error { + isEmpty := true + var notEmptyHandler HandlerFunc = func(ctx context.Context, desc ocispec.Descriptor) ([]ocispec.Descriptor, error) { + children, err := handler.Handle(ctx, desc) + if err != nil { + return children, err + } + + if len(children) > 0 { + isEmpty = false + } + + return children, nil + } + + err := Walk(ctx, notEmptyHandler, descs...) + if err != nil { + return err + } + + if isEmpty { + return ErrEmptyWalk + } return nil } @@ -274,7 +308,7 @@ func LimitManifests(f HandlerFunc, m platforms.MatchComparer, n int) HandlerFunc if n > 0 { if len(children) == 0 { - return children, errors.Wrap(errdefs.ErrNotFound, "no match for platform in manifest") + return children, fmt.Errorf("no match for platform in manifest: %w", errdefs.ErrNotFound) } if len(children) > n { children = children[:n] diff --git a/index/generator/vendor/github.com/containerd/containerd/images/image.go b/index/generator/vendor/github.com/containerd/containerd/images/image.go index 2e5cd61c9..d45afe482 100644 --- a/index/generator/vendor/github.com/containerd/containerd/images/image.go +++ b/index/generator/vendor/github.com/containerd/containerd/images/image.go @@ -29,7 +29,6 @@ import ( "github.com/containerd/containerd/platforms" digest "github.com/opencontainers/go-digest" ocispec "github.com/opencontainers/image-spec/specs-go/v1" - "github.com/pkg/errors" ) // Image provides the model for how containerd views container images. @@ -115,7 +114,7 @@ func (image *Image) Size(ctx context.Context, provider content.Provider, platfor var size int64 return size, Walk(ctx, Handlers(HandlerFunc(func(ctx context.Context, desc ocispec.Descriptor) ([]ocispec.Descriptor, error) { if desc.Size < 0 { - return nil, errors.Errorf("invalid size %v in %v (%v)", desc.Size, desc.Digest, desc.MediaType) + return nil, fmt.Errorf("invalid size %v in %v (%v)", desc.Size, desc.Digest, desc.MediaType) } size += desc.Size return nil, nil @@ -156,7 +155,7 @@ func Manifest(ctx context.Context, provider content.Provider, image ocispec.Desc } if err := validateMediaType(p, desc.MediaType); err != nil { - return nil, errors.Wrapf(err, "manifest: invalid desc %s", desc.Digest) + return nil, fmt.Errorf("manifest: invalid desc %s: %w", desc.Digest, err) } var manifest ocispec.Manifest @@ -200,7 +199,7 @@ func Manifest(ctx context.Context, provider content.Provider, image ocispec.Desc } if err := validateMediaType(p, desc.MediaType); err != nil { - return nil, errors.Wrapf(err, "manifest: invalid desc %s", desc.Digest) + return nil, fmt.Errorf("manifest: invalid desc %s: %w", desc.Digest, err) } var idx ocispec.Index @@ -236,15 +235,15 @@ func Manifest(ctx context.Context, provider content.Provider, image ocispec.Desc } return descs, nil } - return nil, errors.Wrapf(errdefs.ErrNotFound, "unexpected media type %v for %v", desc.MediaType, desc.Digest) + return nil, fmt.Errorf("unexpected media type %v for %v: %w", desc.MediaType, desc.Digest, errdefs.ErrNotFound) }), image); err != nil { return ocispec.Manifest{}, err } if len(m) == 0 { - err := errors.Wrapf(errdefs.ErrNotFound, "manifest %v", image.Digest) + err := fmt.Errorf("manifest %v: %w", image.Digest, errdefs.ErrNotFound) if wasIndex { - err = errors.Wrapf(errdefs.ErrNotFound, "no match for platform in manifest %v", image.Digest) + err = fmt.Errorf("no match for platform in manifest %v: %w", image.Digest, errdefs.ErrNotFound) } return ocispec.Manifest{}, err } @@ -309,7 +308,7 @@ func Check(ctx context.Context, provider content.Provider, image ocispec.Descrip return false, []ocispec.Descriptor{image}, nil, []ocispec.Descriptor{image}, nil } - return false, nil, nil, nil, errors.Wrapf(err, "failed to check image %v", image.Digest) + return false, nil, nil, nil, fmt.Errorf("failed to check image %v: %w", image.Digest, err) } // TODO(stevvooe): It is possible that referenced conponents could have @@ -324,7 +323,7 @@ func Check(ctx context.Context, provider content.Provider, image ocispec.Descrip missing = append(missing, desc) continue } else { - return false, nil, nil, nil, errors.Wrapf(err, "failed to check image %v", desc.Digest) + return false, nil, nil, nil, fmt.Errorf("failed to check image %v: %w", desc.Digest, err) } } ra.Close() @@ -346,7 +345,7 @@ func Children(ctx context.Context, provider content.Provider, desc ocispec.Descr } if err := validateMediaType(p, desc.MediaType); err != nil { - return nil, errors.Wrapf(err, "children: invalid desc %s", desc.Digest) + return nil, fmt.Errorf("children: invalid desc %s: %w", desc.Digest, err) } // TODO(stevvooe): We just assume oci manifest, for now. There may be @@ -365,7 +364,7 @@ func Children(ctx context.Context, provider content.Provider, desc ocispec.Descr } if err := validateMediaType(p, desc.MediaType); err != nil { - return nil, errors.Wrapf(err, "children: invalid desc %s", desc.Digest) + return nil, fmt.Errorf("children: invalid desc %s: %w", desc.Digest, err) } var index ocispec.Index diff --git a/index/generator/vendor/github.com/containerd/containerd/images/labels.go b/index/generator/vendor/github.com/containerd/containerd/images/labels.go new file mode 100644 index 000000000..06dfed572 --- /dev/null +++ b/index/generator/vendor/github.com/containerd/containerd/images/labels.go @@ -0,0 +1,21 @@ +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package images + +const ( + ConvertedDockerSchema1LabelKey = "io.containerd.image/converted-docker-schema1" +) diff --git a/index/generator/vendor/github.com/containerd/containerd/images/mediatypes.go b/index/generator/vendor/github.com/containerd/containerd/images/mediatypes.go index 785d71291..671e160e1 100644 --- a/index/generator/vendor/github.com/containerd/containerd/images/mediatypes.go +++ b/index/generator/vendor/github.com/containerd/containerd/images/mediatypes.go @@ -18,12 +18,12 @@ package images import ( "context" + "fmt" "sort" "strings" "github.com/containerd/containerd/errdefs" ocispec "github.com/opencontainers/image-spec/specs-go/v1" - "github.com/pkg/errors" ) // mediatype definitions for image components handled in containerd. @@ -87,7 +87,7 @@ func DiffCompression(ctx context.Context, mediaType string) (string, error) { } return "", nil default: - return "", errors.Wrapf(errdefs.ErrNotImplemented, "unrecognised mediatype %s", mediaType) + return "", fmt.Errorf("unrecognised mediatype %s: %w", mediaType, errdefs.ErrNotImplemented) } } diff --git a/index/generator/vendor/github.com/containerd/containerd/labels/validate.go b/index/generator/vendor/github.com/containerd/containerd/labels/validate.go index 0de461663..1fd527adb 100644 --- a/index/generator/vendor/github.com/containerd/containerd/labels/validate.go +++ b/index/generator/vendor/github.com/containerd/containerd/labels/validate.go @@ -17,8 +17,9 @@ package labels import ( + "fmt" + "github.com/containerd/containerd/errdefs" - "github.com/pkg/errors" ) const ( @@ -31,7 +32,7 @@ func Validate(k, v string) error { if len(k) > 10 { k = k[:10] } - return errors.Wrapf(errdefs.ErrInvalidArgument, "label key and value greater than maximum size (%d bytes), key: %s", maxSize, k) + return fmt.Errorf("label key and value greater than maximum size (%d bytes), key: %s: %w", maxSize, k, errdefs.ErrInvalidArgument) } return nil } diff --git a/index/generator/vendor/github.com/containerd/containerd/log/context.go b/index/generator/vendor/github.com/containerd/containerd/log/context.go deleted file mode 100644 index 37b6a7d1c..000000000 --- a/index/generator/vendor/github.com/containerd/containerd/log/context.go +++ /dev/null @@ -1,68 +0,0 @@ -/* - Copyright The containerd Authors. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -package log - -import ( - "context" - - "github.com/sirupsen/logrus" -) - -var ( - // G is an alias for GetLogger. - // - // We may want to define this locally to a package to get package tagged log - // messages. - G = GetLogger - - // L is an alias for the standard logger. - L = logrus.NewEntry(logrus.StandardLogger()) -) - -type ( - loggerKey struct{} -) - -const ( - // RFC3339NanoFixed is time.RFC3339Nano with nanoseconds padded using zeros to - // ensure the formatted time is always the same number of characters. - RFC3339NanoFixed = "2006-01-02T15:04:05.000000000Z07:00" - - // TextFormat represents the text logging format - TextFormat = "text" - - // JSONFormat represents the JSON logging format - JSONFormat = "json" -) - -// WithLogger returns a new context with the provided logger. Use in -// combination with logger.WithField(s) for great effect. -func WithLogger(ctx context.Context, logger *logrus.Entry) context.Context { - return context.WithValue(ctx, loggerKey{}, logger) -} - -// GetLogger retrieves the current logger from the context. If no logger is -// available, the default logger is returned. -func GetLogger(ctx context.Context) *logrus.Entry { - logger := ctx.Value(loggerKey{}) - - if logger == nil { - return L - } - - return logger.(*logrus.Entry) -} diff --git a/index/generator/vendor/github.com/containerd/containerd/log/context_deprecated.go b/index/generator/vendor/github.com/containerd/containerd/log/context_deprecated.go new file mode 100644 index 000000000..08bf2b748 --- /dev/null +++ b/index/generator/vendor/github.com/containerd/containerd/log/context_deprecated.go @@ -0,0 +1,107 @@ +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package log + +import ( + "context" + + "github.com/containerd/log" +) + +// G is a shorthand for [GetLogger]. +var G = log.G + +// L is an alias for the standard logger. +var L = log.L + +// Fields type to pass to "WithFields". +type Fields = log.Fields + +// Entry is a logging entry. +type Entry = log.Entry + +// RFC3339NanoFixed is [time.RFC3339Nano] with nanoseconds padded using +// zeros to ensure the formatted time is always the same number of +// characters. +const RFC3339NanoFixed = log.RFC3339NanoFixed + +// Level is a logging level. +type Level = log.Level + +// Supported log levels. +const ( + // TraceLevel level. + TraceLevel Level = log.TraceLevel + + // DebugLevel level. + DebugLevel Level = log.DebugLevel + + // InfoLevel level. + InfoLevel Level = log.InfoLevel + + // WarnLevel level. + WarnLevel Level = log.WarnLevel + + // ErrorLevel level + ErrorLevel Level = log.ErrorLevel + + // FatalLevel level. + FatalLevel Level = log.FatalLevel + + // PanicLevel level. + PanicLevel Level = log.PanicLevel +) + +// SetLevel sets log level globally. It returns an error if the given +// level is not supported. +func SetLevel(level string) error { + return log.SetLevel(level) +} + +// GetLevel returns the current log level. +func GetLevel() log.Level { + return log.GetLevel() +} + +// OutputFormat specifies a log output format. +type OutputFormat = log.OutputFormat + +// Supported log output formats. +const ( + // TextFormat represents the text logging format. + TextFormat log.OutputFormat = "text" + + // JSONFormat represents the JSON logging format. + JSONFormat log.OutputFormat = "json" +) + +// SetFormat sets the log output format. +func SetFormat(format OutputFormat) error { + return log.SetFormat(format) +} + +// WithLogger returns a new context with the provided logger. Use in +// combination with logger.WithField(s) for great effect. +func WithLogger(ctx context.Context, logger *log.Entry) context.Context { + return log.WithLogger(ctx, logger) +} + +// GetLogger retrieves the current logger from the context. If no logger is +// available, the default logger is returned. +func GetLogger(ctx context.Context) *log.Entry { + return log.GetLogger(ctx) +} diff --git a/index/generator/vendor/github.com/containerd/containerd/pkg/randutil/randutil.go b/index/generator/vendor/github.com/containerd/containerd/pkg/randutil/randutil.go new file mode 100644 index 000000000..f4b657d7d --- /dev/null +++ b/index/generator/vendor/github.com/containerd/containerd/pkg/randutil/randutil.go @@ -0,0 +1,48 @@ +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +// Package randutil provides utilities for [cyrpto/rand]. +package randutil + +import ( + "crypto/rand" + "math" + "math/big" +) + +// Int63n is similar to [math/rand.Int63n] but uses [crypto/rand.Reader] under the hood. +func Int63n(n int64) int64 { + b, err := rand.Int(rand.Reader, big.NewInt(n)) + if err != nil { + panic(err) + } + return b.Int64() +} + +// Int63 is similar to [math/rand.Int63] but uses [crypto/rand.Reader] under the hood. +func Int63() int64 { + return Int63n(math.MaxInt64) +} + +// Intn is similar to [math/rand.Intn] but uses [crypto/rand.Reader] under the hood. +func Intn(n int) int { + return int(Int63n(int64(n))) +} + +// Int is similar to [math/rand.Int] but uses [crypto/rand.Reader] under the hood. +func Int() int { + return int(Int63()) +} diff --git a/index/generator/vendor/github.com/containerd/containerd/platforms/compare.go b/index/generator/vendor/github.com/containerd/containerd/platforms/compare.go index c7657e186..3913ef663 100644 --- a/index/generator/vendor/github.com/containerd/containerd/platforms/compare.go +++ b/index/generator/vendor/github.com/containerd/containerd/platforms/compare.go @@ -38,12 +38,22 @@ func platformVector(platform specs.Platform) []specs.Platform { switch platform.Architecture { case "amd64": + if amd64Version, err := strconv.Atoi(strings.TrimPrefix(platform.Variant, "v")); err == nil && amd64Version > 1 { + for amd64Version--; amd64Version >= 1; amd64Version-- { + vector = append(vector, specs.Platform{ + Architecture: platform.Architecture, + OS: platform.OS, + OSVersion: platform.OSVersion, + OSFeatures: platform.OSFeatures, + Variant: "v" + strconv.Itoa(amd64Version), + }) + } + } vector = append(vector, specs.Platform{ Architecture: "386", OS: platform.OS, OSVersion: platform.OSVersion, OSFeatures: platform.OSFeatures, - Variant: platform.Variant, }) case "arm": if armVersion, err := strconv.Atoi(strings.TrimPrefix(platform.Variant, "v")); err == nil && armVersion > 5 { diff --git a/index/generator/vendor/github.com/containerd/containerd/platforms/cpuinfo.go b/index/generator/vendor/github.com/containerd/containerd/platforms/cpuinfo.go index 4a7177e31..8c600fc96 100644 --- a/index/generator/vendor/github.com/containerd/containerd/platforms/cpuinfo.go +++ b/index/generator/vendor/github.com/containerd/containerd/platforms/cpuinfo.go @@ -17,15 +17,10 @@ package platforms import ( - "bufio" - "os" "runtime" - "strings" "sync" - "github.com/containerd/containerd/errdefs" "github.com/containerd/containerd/log" - "github.com/pkg/errors" ) // Present the ARM instruction set architecture, eg: v7, v8 @@ -37,95 +32,12 @@ var cpuVariantOnce sync.Once func cpuVariant() string { cpuVariantOnce.Do(func() { if isArmArch(runtime.GOARCH) { - cpuVariantValue = getCPUVariant() + var err error + cpuVariantValue, err = getCPUVariant() + if err != nil { + log.L.Errorf("Error getCPUVariant for OS %s: %v", runtime.GOOS, err) + } } }) return cpuVariantValue } - -// For Linux, the kernel has already detected the ABI, ISA and Features. -// So we don't need to access the ARM registers to detect platform information -// by ourselves. We can just parse these information from /proc/cpuinfo -func getCPUInfo(pattern string) (info string, err error) { - if !isLinuxOS(runtime.GOOS) { - return "", errors.Wrapf(errdefs.ErrNotImplemented, "getCPUInfo for OS %s", runtime.GOOS) - } - - cpuinfo, err := os.Open("/proc/cpuinfo") - if err != nil { - return "", err - } - defer cpuinfo.Close() - - // Start to Parse the Cpuinfo line by line. For SMP SoC, we parse - // the first core is enough. - scanner := bufio.NewScanner(cpuinfo) - for scanner.Scan() { - newline := scanner.Text() - list := strings.Split(newline, ":") - - if len(list) > 1 && strings.EqualFold(strings.TrimSpace(list[0]), pattern) { - return strings.TrimSpace(list[1]), nil - } - } - - // Check whether the scanner encountered errors - err = scanner.Err() - if err != nil { - return "", err - } - - return "", errors.Wrapf(errdefs.ErrNotFound, "getCPUInfo for pattern: %s", pattern) -} - -func getCPUVariant() string { - if runtime.GOOS == "windows" || runtime.GOOS == "darwin" { - // Windows/Darwin only supports v7 for ARM32 and v8 for ARM64 and so we can use - // runtime.GOARCH to determine the variants - var variant string - switch runtime.GOARCH { - case "arm64": - variant = "v8" - case "arm": - variant = "v7" - default: - variant = "unknown" - } - - return variant - } - - variant, err := getCPUInfo("Cpu architecture") - if err != nil { - log.L.WithError(err).Error("failure getting variant") - return "" - } - - // handle edge case for Raspberry Pi ARMv6 devices (which due to a kernel quirk, report "CPU architecture: 7") - // https://www.raspberrypi.org/forums/viewtopic.php?t=12614 - if runtime.GOARCH == "arm" && variant == "7" { - model, err := getCPUInfo("model name") - if err == nil && strings.HasPrefix(strings.ToLower(model), "armv6-compatible") { - variant = "6" - } - } - - switch strings.ToLower(variant) { - case "8", "aarch64": - variant = "v8" - case "7", "7m", "?(12)", "?(13)", "?(14)", "?(15)", "?(16)", "?(17)": - variant = "v7" - case "6", "6tej": - variant = "v6" - case "5", "5t", "5te", "5tej": - variant = "v5" - case "4", "4t": - variant = "v4" - case "3": - variant = "v3" - default: - variant = "unknown" - } - - return variant -} diff --git a/index/generator/vendor/github.com/containerd/containerd/platforms/cpuinfo_linux.go b/index/generator/vendor/github.com/containerd/containerd/platforms/cpuinfo_linux.go new file mode 100644 index 000000000..722d86c35 --- /dev/null +++ b/index/generator/vendor/github.com/containerd/containerd/platforms/cpuinfo_linux.go @@ -0,0 +1,161 @@ +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package platforms + +import ( + "bufio" + "bytes" + "fmt" + "os" + "runtime" + "strings" + + "github.com/containerd/containerd/errdefs" + "golang.org/x/sys/unix" +) + +// getMachineArch retrieves the machine architecture through system call +func getMachineArch() (string, error) { + var uname unix.Utsname + err := unix.Uname(&uname) + if err != nil { + return "", err + } + + arch := string(uname.Machine[:bytes.IndexByte(uname.Machine[:], 0)]) + + return arch, nil +} + +// For Linux, the kernel has already detected the ABI, ISA and Features. +// So we don't need to access the ARM registers to detect platform information +// by ourselves. We can just parse these information from /proc/cpuinfo +func getCPUInfo(pattern string) (info string, err error) { + + cpuinfo, err := os.Open("/proc/cpuinfo") + if err != nil { + return "", err + } + defer cpuinfo.Close() + + // Start to Parse the Cpuinfo line by line. For SMP SoC, we parse + // the first core is enough. + scanner := bufio.NewScanner(cpuinfo) + for scanner.Scan() { + newline := scanner.Text() + list := strings.Split(newline, ":") + + if len(list) > 1 && strings.EqualFold(strings.TrimSpace(list[0]), pattern) { + return strings.TrimSpace(list[1]), nil + } + } + + // Check whether the scanner encountered errors + err = scanner.Err() + if err != nil { + return "", err + } + + return "", fmt.Errorf("getCPUInfo for pattern %s: %w", pattern, errdefs.ErrNotFound) +} + +// getCPUVariantFromArch get CPU variant from arch through a system call +func getCPUVariantFromArch(arch string) (string, error) { + + var variant string + + arch = strings.ToLower(arch) + + if arch == "aarch64" { + variant = "8" + } else if arch[0:4] == "armv" && len(arch) >= 5 { + //Valid arch format is in form of armvXx + switch arch[3:5] { + case "v8": + variant = "8" + case "v7": + variant = "7" + case "v6": + variant = "6" + case "v5": + variant = "5" + case "v4": + variant = "4" + case "v3": + variant = "3" + default: + variant = "unknown" + } + } else { + return "", fmt.Errorf("getCPUVariantFromArch invalid arch: %s, %w", arch, errdefs.ErrInvalidArgument) + } + return variant, nil +} + +// getCPUVariant returns cpu variant for ARM +// We first try reading "Cpu architecture" field from /proc/cpuinfo +// If we can't find it, then fall back using a system call +// This is to cover running ARM in emulated environment on x86 host as this field in /proc/cpuinfo +// was not present. +func getCPUVariant() (string, error) { + + variant, err := getCPUInfo("Cpu architecture") + if err != nil { + if errdefs.IsNotFound(err) { + //Let's try getting CPU variant from machine architecture + arch, err := getMachineArch() + if err != nil { + return "", fmt.Errorf("failure getting machine architecture: %v", err) + } + + variant, err = getCPUVariantFromArch(arch) + if err != nil { + return "", fmt.Errorf("failure getting CPU variant from machine architecture: %v", err) + } + } else { + return "", fmt.Errorf("failure getting CPU variant: %v", err) + } + } + + // handle edge case for Raspberry Pi ARMv6 devices (which due to a kernel quirk, report "CPU architecture: 7") + // https://www.raspberrypi.org/forums/viewtopic.php?t=12614 + if runtime.GOARCH == "arm" && variant == "7" { + model, err := getCPUInfo("model name") + if err == nil && strings.HasPrefix(strings.ToLower(model), "armv6-compatible") { + variant = "6" + } + } + + switch strings.ToLower(variant) { + case "8", "aarch64": + variant = "v8" + case "7", "7m", "?(12)", "?(13)", "?(14)", "?(15)", "?(16)", "?(17)": + variant = "v7" + case "6", "6tej": + variant = "v6" + case "5", "5t", "5te", "5tej": + variant = "v5" + case "4", "4t": + variant = "v4" + case "3": + variant = "v3" + default: + variant = "unknown" + } + + return variant, nil +} diff --git a/index/generator/vendor/github.com/containerd/containerd/platforms/cpuinfo_other.go b/index/generator/vendor/github.com/containerd/containerd/platforms/cpuinfo_other.go new file mode 100644 index 000000000..51fb62ea7 --- /dev/null +++ b/index/generator/vendor/github.com/containerd/containerd/platforms/cpuinfo_other.go @@ -0,0 +1,60 @@ +//go:build !linux +// +build !linux + +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package platforms + +import ( + "fmt" + "runtime" + + "github.com/containerd/containerd/errdefs" +) + +func getCPUVariant() (string, error) { + + var variant string + + if runtime.GOOS == "windows" || runtime.GOOS == "darwin" { + // Windows/Darwin only supports v7 for ARM32 and v8 for ARM64 and so we can use + // runtime.GOARCH to determine the variants + switch runtime.GOARCH { + case "arm64": + variant = "v8" + case "arm": + variant = "v7" + default: + variant = "unknown" + } + } else if runtime.GOOS == "freebsd" { + // FreeBSD supports ARMv6 and ARMv7 as well as ARMv4 and ARMv5 (though deprecated) + // detecting those variants is currently unimplemented + switch runtime.GOARCH { + case "arm64": + variant = "v8" + default: + variant = "unknown" + } + + } else { + return "", fmt.Errorf("getCPUVariant for OS %s: %v", runtime.GOOS, errdefs.ErrNotImplemented) + + } + + return variant, nil +} diff --git a/index/generator/vendor/github.com/containerd/containerd/platforms/database.go b/index/generator/vendor/github.com/containerd/containerd/platforms/database.go index 6ede94061..2e26fd3b4 100644 --- a/index/generator/vendor/github.com/containerd/containerd/platforms/database.go +++ b/index/generator/vendor/github.com/containerd/containerd/platforms/database.go @@ -21,13 +21,6 @@ import ( "strings" ) -// isLinuxOS returns true if the operating system is Linux. -// -// The OS value should be normalized before calling this function. -func isLinuxOS(os string) bool { - return os == "linux" -} - // These function are generated from https://golang.org/src/go/build/syslist.go. // // We use switch statements because they are slightly faster than map lookups @@ -38,7 +31,7 @@ func isLinuxOS(os string) bool { // The OS value should be normalized before calling this function. func isKnownOS(os string) bool { switch os { - case "aix", "android", "darwin", "dragonfly", "freebsd", "hurd", "illumos", "js", "linux", "nacl", "netbsd", "openbsd", "plan9", "solaris", "windows", "zos": + case "aix", "android", "darwin", "dragonfly", "freebsd", "hurd", "illumos", "ios", "js", "linux", "nacl", "netbsd", "openbsd", "plan9", "solaris", "windows", "zos": return true } return false @@ -60,7 +53,7 @@ func isArmArch(arch string) bool { // The arch value should be normalized before being passed to this function. func isKnownArch(arch string) bool { switch arch { - case "386", "amd64", "amd64p32", "arm", "armbe", "arm64", "arm64be", "ppc64", "ppc64le", "mips", "mipsle", "mips64", "mips64le", "mips64p32", "mips64p32le", "ppc", "riscv", "riscv64", "s390", "s390x", "sparc", "sparc64", "wasm": + case "386", "amd64", "amd64p32", "arm", "armbe", "arm64", "arm64be", "ppc64", "ppc64le", "loong64", "mips", "mipsle", "mips64", "mips64le", "mips64p32", "mips64p32le", "ppc", "riscv", "riscv64", "s390", "s390x", "sparc", "sparc64", "wasm": return true } return false @@ -86,9 +79,11 @@ func normalizeArch(arch, variant string) (string, string) { case "i386": arch = "386" variant = "" - case "x86_64", "x86-64": + case "x86_64", "x86-64", "amd64": arch = "amd64" - variant = "" + if variant == "v1" { + variant = "" + } case "aarch64", "arm64": arch = "arm64" switch variant { diff --git a/index/generator/vendor/github.com/containerd/containerd/platforms/defaults.go b/index/generator/vendor/github.com/containerd/containerd/platforms/defaults.go index cb77fbc9f..cfa3ff34a 100644 --- a/index/generator/vendor/github.com/containerd/containerd/platforms/defaults.go +++ b/index/generator/vendor/github.com/containerd/containerd/platforms/defaults.go @@ -16,27 +16,11 @@ package platforms -import ( - "runtime" - - specs "github.com/opencontainers/image-spec/specs-go/v1" -) - // DefaultString returns the default string specifier for the platform. func DefaultString() string { return Format(DefaultSpec()) } -// DefaultSpec returns the current platform's default platform specification. -func DefaultSpec() specs.Platform { - return specs.Platform{ - OS: runtime.GOOS, - Architecture: runtime.GOARCH, - // The Variant field will be empty if arch != ARM. - Variant: cpuVariant(), - } -} - // DefaultStrict returns strict form of Default. func DefaultStrict() MatchComparer { return OnlyStrict(DefaultSpec()) diff --git a/index/generator/vendor/github.com/containerd/containerd/platforms/defaults_darwin.go b/index/generator/vendor/github.com/containerd/containerd/platforms/defaults_darwin.go new file mode 100644 index 000000000..e249fe48d --- /dev/null +++ b/index/generator/vendor/github.com/containerd/containerd/platforms/defaults_darwin.go @@ -0,0 +1,45 @@ +//go:build darwin +// +build darwin + +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package platforms + +import ( + "runtime" + + specs "github.com/opencontainers/image-spec/specs-go/v1" +) + +// DefaultSpec returns the current platform's default platform specification. +func DefaultSpec() specs.Platform { + return specs.Platform{ + OS: runtime.GOOS, + Architecture: runtime.GOARCH, + // The Variant field will be empty if arch != ARM. + Variant: cpuVariant(), + } +} + +// Default returns the default matcher for the platform. +func Default() MatchComparer { + return Ordered(DefaultSpec(), specs.Platform{ + // darwin runtime also supports Linux binary via runu/LKL + OS: "linux", + Architecture: runtime.GOARCH, + }) +} diff --git a/index/generator/vendor/github.com/containerd/containerd/platforms/defaults_unix.go b/index/generator/vendor/github.com/containerd/containerd/platforms/defaults_unix.go index e8a7d5ffa..49690f1b3 100644 --- a/index/generator/vendor/github.com/containerd/containerd/platforms/defaults_unix.go +++ b/index/generator/vendor/github.com/containerd/containerd/platforms/defaults_unix.go @@ -1,4 +1,5 @@ -// +build !windows +//go:build !windows && !darwin +// +build !windows,!darwin /* Copyright The containerd Authors. @@ -18,6 +19,22 @@ package platforms +import ( + "runtime" + + specs "github.com/opencontainers/image-spec/specs-go/v1" +) + +// DefaultSpec returns the current platform's default platform specification. +func DefaultSpec() specs.Platform { + return specs.Platform{ + OS: runtime.GOOS, + Architecture: runtime.GOARCH, + // The Variant field will be empty if arch != ARM. + Variant: cpuVariant(), + } +} + // Default returns the default matcher for the platform. func Default() MatchComparer { return Only(DefaultSpec()) diff --git a/index/generator/vendor/github.com/containerd/containerd/platforms/defaults_windows.go b/index/generator/vendor/github.com/containerd/containerd/platforms/defaults_windows.go index 0c380e3b7..fa31aaff2 100644 --- a/index/generator/vendor/github.com/containerd/containerd/platforms/defaults_windows.go +++ b/index/generator/vendor/github.com/containerd/containerd/platforms/defaults_windows.go @@ -1,5 +1,3 @@ -// +build windows - /* Copyright The containerd Authors. @@ -24,11 +22,24 @@ import ( "strconv" "strings" + "github.com/Microsoft/hcsshim/osversion" imagespec "github.com/opencontainers/image-spec/specs-go/v1" specs "github.com/opencontainers/image-spec/specs-go/v1" "golang.org/x/sys/windows" ) +// DefaultSpec returns the current platform's default platform specification. +func DefaultSpec() specs.Platform { + major, minor, build := windows.RtlGetNtVersionNumbers() + return specs.Platform{ + OS: runtime.GOOS, + Architecture: runtime.GOARCH, + OSVersion: fmt.Sprintf("%d.%d.%d", major, minor, build), + // The Variant field will be empty if arch != ARM. + Variant: cpuVariant(), + } +} + type matchComparer struct { defaults Matcher osVersionPrefix string @@ -36,14 +47,39 @@ type matchComparer struct { // Match matches platform with the same windows major, minor // and build version. -func (m matchComparer) Match(p imagespec.Platform) bool { - if m.defaults.Match(p) { - // TODO(windows): Figure out whether OSVersion is deprecated. - return strings.HasPrefix(p.OSVersion, m.osVersionPrefix) +func (m matchComparer) Match(p specs.Platform) bool { + match := m.defaults.Match(p) + + if match && p.OS == "windows" { + // HPC containers do not have OS version filled + if p.OSVersion == "" { + return true + } + + hostOsVersion := getOSVersion(m.osVersionPrefix) + ctrOsVersion := getOSVersion(p.OSVersion) + return osversion.CheckHostAndContainerCompat(hostOsVersion, ctrOsVersion) } return false } +func getOSVersion(osVersionPrefix string) osversion.OSVersion { + parts := strings.Split(osVersionPrefix, ".") + if len(parts) < 3 { + return osversion.OSVersion{} + } + + majorVersion, _ := strconv.Atoi(parts[0]) + minorVersion, _ := strconv.Atoi(parts[1]) + buildNumber, _ := strconv.Atoi(parts[2]) + + return osversion.OSVersion{ + MajorVersion: uint8(majorVersion), + MinorVersion: uint8(minorVersion), + Build: uint16(buildNumber), + } +} + // Less sorts matched platforms in front of other platforms. // For matched platforms, it puts platforms with larger revision // number in front. diff --git a/index/generator/vendor/github.com/containerd/containerd/platforms/platforms.go b/index/generator/vendor/github.com/containerd/containerd/platforms/platforms.go index 088bdea05..234309941 100644 --- a/index/generator/vendor/github.com/containerd/containerd/platforms/platforms.go +++ b/index/generator/vendor/github.com/containerd/containerd/platforms/platforms.go @@ -27,40 +27,40 @@ // The vast majority of use cases should simply use the match function with // user input. The first step is to parse a specifier into a matcher: // -// m, err := Parse("linux") -// if err != nil { ... } +// m, err := Parse("linux") +// if err != nil { ... } // // Once you have a matcher, use it to match against the platform declared by a // component, typically from an image or runtime. Since extracting an images // platform is a little more involved, we'll use an example against the // platform default: // -// if ok := m.Match(Default()); !ok { /* doesn't match */ } +// if ok := m.Match(Default()); !ok { /* doesn't match */ } // // This can be composed in loops for resolving runtimes or used as a filter for // fetch and select images. // // More details of the specifier syntax and platform spec follow. // -// Declaring Platform Support +// # Declaring Platform Support // // Components that have strict platform requirements should use the OCI // platform specification to declare their support. Typically, this will be // images and runtimes that should make these declaring which platform they // support specifically. This looks roughly as follows: // -// type Platform struct { -// Architecture string -// OS string -// Variant string -// } +// type Platform struct { +// Architecture string +// OS string +// Variant string +// } // // Most images and runtimes should at least set Architecture and OS, according // to their GOARCH and GOOS values, respectively (follow the OCI image // specification when in doubt). ARM should set variant under certain // discussions, which are outlined below. // -// Platform Specifiers +// # Platform Specifiers // // While the OCI platform specifications provide a tool for components to // specify structured information, user input typically doesn't need the full @@ -77,7 +77,7 @@ // where the architecture may be known but a runtime may support images from // different operating systems. // -// Normalization +// # Normalization // // Because not all users are familiar with the way the Go runtime represents // platforms, several normalizations have been provided to make this package @@ -85,17 +85,17 @@ // // The following are performed for architectures: // -// Value Normalized -// aarch64 arm64 -// armhf arm -// armel arm/v6 -// i386 386 -// x86_64 amd64 -// x86-64 amd64 +// Value Normalized +// aarch64 arm64 +// armhf arm +// armel arm/v6 +// i386 386 +// x86_64 amd64 +// x86-64 amd64 // // We also normalize the operating system `macos` to `darwin`. // -// ARM Support +// # ARM Support // // To qualify ARM architecture, the Variant field is used to qualify the arm // version. The most common arm version, v7, is represented without the variant @@ -107,6 +107,8 @@ package platforms import ( + "fmt" + "path" "regexp" "runtime" "strconv" @@ -114,7 +116,6 @@ import ( "github.com/containerd/containerd/errdefs" specs "github.com/opencontainers/image-spec/specs-go/v1" - "github.com/pkg/errors" ) var ( @@ -166,14 +167,14 @@ func (m *matcher) String() string { func Parse(specifier string) (specs.Platform, error) { if strings.Contains(specifier, "*") { // TODO(stevvooe): need to work out exact wildcard handling - return specs.Platform{}, errors.Wrapf(errdefs.ErrInvalidArgument, "%q: wildcards not yet supported", specifier) + return specs.Platform{}, fmt.Errorf("%q: wildcards not yet supported: %w", specifier, errdefs.ErrInvalidArgument) } parts := strings.Split(specifier, "/") for _, part := range parts { if !specifierRe.MatchString(part) { - return specs.Platform{}, errors.Wrapf(errdefs.ErrInvalidArgument, "%q is an invalid component of %q: platform specifier component must match %q", part, specifier, specifierRe.String()) + return specs.Platform{}, fmt.Errorf("%q is an invalid component of %q: platform specifier component must match %q: %w", part, specifier, specifierRe.String(), errdefs.ErrInvalidArgument) } } @@ -205,7 +206,7 @@ func Parse(specifier string) (specs.Platform, error) { return p, nil } - return specs.Platform{}, errors.Wrapf(errdefs.ErrInvalidArgument, "%q: unknown operating system or architecture", specifier) + return specs.Platform{}, fmt.Errorf("%q: unknown operating system or architecture: %w", specifier, errdefs.ErrInvalidArgument) case 2: // In this case, we treat as a regular os/arch pair. We don't care // about whether or not we know of the platform. @@ -227,7 +228,7 @@ func Parse(specifier string) (specs.Platform, error) { return p, nil } - return specs.Platform{}, errors.Wrapf(errdefs.ErrInvalidArgument, "%q: cannot parse platform specifier", specifier) + return specs.Platform{}, fmt.Errorf("%q: cannot parse platform specifier: %w", specifier, errdefs.ErrInvalidArgument) } // MustParse is like Parses but panics if the specifier cannot be parsed. @@ -246,20 +247,7 @@ func Format(platform specs.Platform) string { return "unknown" } - return joinNotEmpty(platform.OS, platform.Architecture, platform.Variant) -} - -func joinNotEmpty(s ...string) string { - var ss []string - for _, s := range s { - if s == "" { - continue - } - - ss = append(ss, s) - } - - return strings.Join(ss, "/") + return path.Join(platform.OS, platform.Architecture, platform.Variant) } // Normalize validates and translate the platform to the canonical value. @@ -269,10 +257,5 @@ func joinNotEmpty(s ...string) string { func Normalize(platform specs.Platform) specs.Platform { platform.OS = normalizeOS(platform.OS) platform.Architecture, platform.Variant = normalizeArch(platform.Architecture, platform.Variant) - - // these fields are deprecated, remove them - platform.OSFeatures = nil - platform.OSVersion = "" - return platform } diff --git a/index/generator/vendor/github.com/containerd/containerd/remotes/docker/auth/fetch.go b/index/generator/vendor/github.com/containerd/containerd/remotes/docker/auth/fetch.go index 8b0a87e75..c259873d2 100644 --- a/index/generator/vendor/github.com/containerd/containerd/remotes/docker/auth/fetch.go +++ b/index/generator/vendor/github.com/containerd/containerd/remotes/docker/auth/fetch.go @@ -19,6 +19,8 @@ package auth import ( "context" "encoding/json" + "errors" + "fmt" "net/http" "net/url" "strings" @@ -27,7 +29,6 @@ import ( "github.com/containerd/containerd/log" remoteserrors "github.com/containerd/containerd/remotes/errors" "github.com/containerd/containerd/version" - "github.com/pkg/errors" "golang.org/x/net/context/ctxhttp" ) @@ -46,7 +47,7 @@ func GenerateTokenOptions(ctx context.Context, host, username, secret string, c realmURL, err := url.Parse(realm) if err != nil { - return TokenOptions{}, errors.Wrap(err, "invalid token auth challenge realm") + return TokenOptions{}, fmt.Errorf("invalid token auth challenge realm: %w", err) } to := TokenOptions{ @@ -58,7 +59,7 @@ func GenerateTokenOptions(ctx context.Context, host, username, secret string, c scope, ok := c.Parameters["scope"] if ok { - to.Scopes = append(to.Scopes, scope) + to.Scopes = append(to.Scopes, strings.Split(scope, " ")...) } else { log.G(ctx).WithField("host", host).Debug("no scope specified for token auth challenge") } @@ -73,6 +74,15 @@ type TokenOptions struct { Scopes []string Username string Secret string + + // FetchRefreshToken enables fetching a refresh token (aka "identity token", "offline token") along with the bearer token. + // + // For HTTP GET mode (FetchToken), FetchRefreshToken sets `offline_token=true` in the request. + // https://docs.docker.com/registry/spec/auth/token/#requesting-a-token + // + // For HTTP POST mode (FetchTokenWithOAuth), FetchRefreshToken sets `access_type=offline` in the request. + // https://docs.docker.com/registry/spec/auth/oauth/#getting-a-token + FetchRefreshToken bool } // OAuthTokenResponse is response from fetching token with a OAuth POST request @@ -101,6 +111,9 @@ func FetchTokenWithOAuth(ctx context.Context, client *http.Client, headers http. form.Set("username", to.Username) form.Set("password", to.Secret) } + if to.FetchRefreshToken { + form.Set("access_type", "offline") + } req, err := http.NewRequest("POST", to.Realm, strings.NewReader(form.Encode())) if err != nil { @@ -121,18 +134,18 @@ func FetchTokenWithOAuth(ctx context.Context, client *http.Client, headers http. defer resp.Body.Close() if resp.StatusCode < 200 || resp.StatusCode >= 400 { - return nil, errors.WithStack(remoteserrors.NewUnexpectedStatusErr(resp)) + return nil, remoteserrors.NewUnexpectedStatusErr(resp) } decoder := json.NewDecoder(resp.Body) var tr OAuthTokenResponse if err = decoder.Decode(&tr); err != nil { - return nil, errors.Wrap(err, "unable to decode token response") + return nil, fmt.Errorf("unable to decode token response: %w", err) } if tr.AccessToken == "" { - return nil, errors.WithStack(ErrNoToken) + return nil, ErrNoToken } return &tr, nil @@ -175,6 +188,10 @@ func FetchToken(ctx context.Context, client *http.Client, headers http.Header, t req.SetBasicAuth(to.Username, to.Secret) } + if to.FetchRefreshToken { + reqParams.Add("offline_token", "true") + } + req.URL.RawQuery = reqParams.Encode() resp, err := ctxhttp.Do(ctx, client, req) @@ -184,14 +201,14 @@ func FetchToken(ctx context.Context, client *http.Client, headers http.Header, t defer resp.Body.Close() if resp.StatusCode < 200 || resp.StatusCode >= 400 { - return nil, errors.WithStack(remoteserrors.NewUnexpectedStatusErr(resp)) + return nil, remoteserrors.NewUnexpectedStatusErr(resp) } decoder := json.NewDecoder(resp.Body) var tr FetchTokenResponse if err = decoder.Decode(&tr); err != nil { - return nil, errors.Wrap(err, "unable to decode token response") + return nil, fmt.Errorf("unable to decode token response: %w", err) } // `access_token` is equivalent to `token` and if both are specified @@ -202,7 +219,7 @@ func FetchToken(ctx context.Context, client *http.Client, headers http.Header, t } if tr.Token == "" { - return nil, errors.WithStack(ErrNoToken) + return nil, ErrNoToken } return &tr, nil diff --git a/index/generator/vendor/github.com/containerd/containerd/remotes/docker/auth/parse.go b/index/generator/vendor/github.com/containerd/containerd/remotes/docker/auth/parse.go index 223fa2d05..e4529a776 100644 --- a/index/generator/vendor/github.com/containerd/containerd/remotes/docker/auth/parse.go +++ b/index/generator/vendor/github.com/containerd/containerd/remotes/docker/auth/parse.go @@ -134,9 +134,6 @@ func parseValueAndParams(header string) (value string, params map[string]string) } var pvalue string pvalue, s = expectTokenOrQuoted(s[1:]) - if pvalue == "" { - return - } pkey = strings.ToLower(pkey) params[pkey] = pvalue s = skipSpace(s) diff --git a/index/generator/vendor/github.com/containerd/containerd/remotes/docker/authorizer.go b/index/generator/vendor/github.com/containerd/containerd/remotes/docker/authorizer.go index 67e4aea8d..517a643fa 100644 --- a/index/generator/vendor/github.com/containerd/containerd/remotes/docker/authorizer.go +++ b/index/generator/vendor/github.com/containerd/containerd/remotes/docker/authorizer.go @@ -19,6 +19,7 @@ package docker import ( "context" "encoding/base64" + "errors" "fmt" "net/http" "strings" @@ -28,7 +29,6 @@ import ( "github.com/containerd/containerd/log" "github.com/containerd/containerd/remotes/docker/auth" remoteerrors "github.com/containerd/containerd/remotes/errors" - "github.com/pkg/errors" "github.com/sirupsen/logrus" ) @@ -37,10 +37,12 @@ type dockerAuthorizer struct { client *http.Client header http.Header - mu sync.Mutex + mu sync.RWMutex // indexed by host name handlers map[string]*authHandler + + onFetchRefreshToken OnFetchRefreshToken } // NewAuthorizer creates a Docker authorizer using the provided function to @@ -51,9 +53,10 @@ func NewAuthorizer(client *http.Client, f func(string) (string, string, error)) } type authorizerConfig struct { - credentials func(string) (string, string, error) - client *http.Client - header http.Header + credentials func(string) (string, string, error) + client *http.Client + header http.Header + onFetchRefreshToken OnFetchRefreshToken } // AuthorizerOpt configures an authorizer @@ -80,6 +83,16 @@ func WithAuthHeader(hdr http.Header) AuthorizerOpt { } } +// OnFetchRefreshToken is called on fetching request token. +type OnFetchRefreshToken func(ctx context.Context, refreshToken string, req *http.Request) + +// WithFetchRefreshToken enables fetching "refresh token" (aka "identity token", "offline token"). +func WithFetchRefreshToken(f OnFetchRefreshToken) AuthorizerOpt { + return func(opt *authorizerConfig) { + opt.onFetchRefreshToken = f + } +} + // NewDockerAuthorizer creates an authorizer using Docker's registry // authentication spec. // See https://docs.docker.com/registry/spec/auth/ @@ -94,10 +107,11 @@ func NewDockerAuthorizer(opts ...AuthorizerOpt) Authorizer { } return &dockerAuthorizer{ - credentials: ao.credentials, - client: ao.client, - header: ao.header, - handlers: make(map[string]*authHandler), + credentials: ao.credentials, + client: ao.client, + header: ao.header, + handlers: make(map[string]*authHandler), + onFetchRefreshToken: ao.onFetchRefreshToken, } } @@ -109,12 +123,21 @@ func (a *dockerAuthorizer) Authorize(ctx context.Context, req *http.Request) err return nil } - auth, err := ah.authorize(ctx) + auth, refreshToken, err := ah.authorize(ctx) if err != nil { return err } req.Header.Set("Authorization", auth) + + if refreshToken != "" { + a.mu.RLock() + onFetchRefreshToken := a.onFetchRefreshToken + a.mu.RUnlock() + if onFetchRefreshToken != nil { + onFetchRefreshToken(ctx, refreshToken, req) + } + } return nil } @@ -161,6 +184,7 @@ func (a *dockerAuthorizer) AddResponses(ctx context.Context, responses []*http.R if err != nil { return err } + common.FetchRefreshToken = a.onFetchRefreshToken != nil a.handlers[host] = newAuthHandler(a.client, a.header, c.Scheme, common) return nil @@ -170,25 +194,26 @@ func (a *dockerAuthorizer) AddResponses(ctx context.Context, responses []*http.R return err } - if username != "" && secret != "" { - common := auth.TokenOptions{ - Username: username, - Secret: secret, - } - - a.handlers[host] = newAuthHandler(a.client, a.header, c.Scheme, common) - return nil + if username == "" || secret == "" { + return fmt.Errorf("%w: no basic auth credentials", ErrInvalidAuthorization) } + + a.handlers[host] = newAuthHandler(a.client, a.header, c.Scheme, auth.TokenOptions{ + Username: username, + Secret: secret, + }) + return nil } } - return errors.Wrap(errdefs.ErrNotImplemented, "failed to find supported auth scheme") + return fmt.Errorf("failed to find supported auth scheme: %w", errdefs.ErrNotImplemented) } // authResult is used to control limit rate. type authResult struct { sync.WaitGroup - token string - err error + token string + refreshToken string + err error } // authHandler is used to handle auth request per registry server. @@ -220,29 +245,29 @@ func newAuthHandler(client *http.Client, hdr http.Header, scheme auth.Authentica } } -func (ah *authHandler) authorize(ctx context.Context) (string, error) { +func (ah *authHandler) authorize(ctx context.Context) (string, string, error) { switch ah.scheme { case auth.BasicAuth: return ah.doBasicAuth(ctx) case auth.BearerAuth: return ah.doBearerAuth(ctx) default: - return "", errors.Wrapf(errdefs.ErrNotImplemented, "failed to find supported auth scheme: %s", string(ah.scheme)) + return "", "", fmt.Errorf("failed to find supported auth scheme: %s: %w", string(ah.scheme), errdefs.ErrNotImplemented) } } -func (ah *authHandler) doBasicAuth(ctx context.Context) (string, error) { +func (ah *authHandler) doBasicAuth(ctx context.Context) (string, string, error) { username, secret := ah.common.Username, ah.common.Secret if username == "" || secret == "" { - return "", fmt.Errorf("failed to handle basic auth because missing username or secret") + return "", "", fmt.Errorf("failed to handle basic auth because missing username or secret") } auth := base64.StdEncoding.EncodeToString([]byte(username + ":" + secret)) - return fmt.Sprintf("Basic %s", auth), nil + return fmt.Sprintf("Basic %s", auth), "", nil } -func (ah *authHandler) doBearerAuth(ctx context.Context) (token string, err error) { +func (ah *authHandler) doBearerAuth(ctx context.Context) (token, refreshToken string, err error) { // copy common tokenOptions to := ah.common @@ -255,7 +280,7 @@ func (ah *authHandler) doBearerAuth(ctx context.Context) (token string, err erro if r, exist := ah.scopedTokens[scoped]; exist { ah.Unlock() r.Wait() - return r.token, r.err + return r.token, r.refreshToken, r.err } // only one fetch token job @@ -266,14 +291,16 @@ func (ah *authHandler) doBearerAuth(ctx context.Context) (token string, err erro defer func() { token = fmt.Sprintf("Bearer %s", token) - r.token, r.err = token, err + r.token, r.refreshToken, r.err = token, refreshToken, err r.Done() }() // fetch token for the resource scope if to.Secret != "" { defer func() { - err = errors.Wrap(err, "failed to fetch oauth token") + if err != nil { + err = fmt.Errorf("failed to fetch oauth token: %w", err) + } }() // credential information is provided, use oauth POST endpoint // TODO: Allow setting client_id @@ -284,28 +311,29 @@ func (ah *authHandler) doBearerAuth(ctx context.Context) (token string, err erro // Registries without support for POST may return 404 for POST /v2/token. // As of September 2017, GCR is known to return 404. // As of February 2018, JFrog Artifactory is known to return 401. - if (errStatus.StatusCode == 405 && to.Username != "") || errStatus.StatusCode == 404 || errStatus.StatusCode == 401 { + // As of January 2022, ACR is known to return 400. + if (errStatus.StatusCode == 405 && to.Username != "") || errStatus.StatusCode == 404 || errStatus.StatusCode == 401 || errStatus.StatusCode == 400 { resp, err := auth.FetchToken(ctx, ah.client, ah.header, to) if err != nil { - return "", err + return "", "", err } - return resp.Token, nil + return resp.Token, resp.RefreshToken, nil } log.G(ctx).WithFields(logrus.Fields{ "status": errStatus.Status, "body": string(errStatus.Body), }).Debugf("token request failed") } - return "", err + return "", "", err } - return resp.AccessToken, nil + return resp.AccessToken, resp.RefreshToken, nil } // do request anonymously resp, err := auth.FetchToken(ctx, ah.client, ah.header, to) if err != nil { - return "", errors.Wrap(err, "failed to fetch anonymous token") + return "", "", fmt.Errorf("failed to fetch anonymous token: %w", err) } - return resp.Token, nil + return resp.Token, resp.RefreshToken, nil } func invalidAuthorization(c auth.Challenge, responses []*http.Response) error { @@ -319,7 +347,7 @@ func invalidAuthorization(c auth.Challenge, responses []*http.Response) error { return nil } - return errors.Wrapf(ErrInvalidAuthorization, "server message: %s", errStr) + return fmt.Errorf("server message: %s: %w", errStr, ErrInvalidAuthorization) } func sameRequest(r1, r2 *http.Request) bool { diff --git a/index/generator/vendor/github.com/containerd/containerd/remotes/docker/converter.go b/index/generator/vendor/github.com/containerd/containerd/remotes/docker/converter.go index 43e6b372c..d7dca0d36 100644 --- a/index/generator/vendor/github.com/containerd/containerd/remotes/docker/converter.go +++ b/index/generator/vendor/github.com/containerd/containerd/remotes/docker/converter.go @@ -28,7 +28,6 @@ import ( "github.com/containerd/containerd/remotes" digest "github.com/opencontainers/go-digest" ocispec "github.com/opencontainers/image-spec/specs-go/v1" - "github.com/pkg/errors" ) // LegacyConfigMediaType should be replaced by OCI image spec. @@ -52,12 +51,12 @@ func ConvertManifest(ctx context.Context, store content.Store, desc ocispec.Desc // read manifest data mb, err := content.ReadBlob(ctx, store, desc) if err != nil { - return ocispec.Descriptor{}, errors.Wrap(err, "failed to read index data") + return ocispec.Descriptor{}, fmt.Errorf("failed to read index data: %w", err) } var manifest ocispec.Manifest if err := json.Unmarshal(mb, &manifest); err != nil { - return ocispec.Descriptor{}, errors.Wrap(err, "failed to unmarshal data into manifest") + return ocispec.Descriptor{}, fmt.Errorf("failed to unmarshal data into manifest: %w", err) } // check config media type @@ -68,7 +67,7 @@ func ConvertManifest(ctx context.Context, store content.Store, desc ocispec.Desc manifest.Config.MediaType = images.MediaTypeDockerSchema2Config data, err := json.MarshalIndent(manifest, "", " ") if err != nil { - return ocispec.Descriptor{}, errors.Wrap(err, "failed to marshal manifest") + return ocispec.Descriptor{}, fmt.Errorf("failed to marshal manifest: %w", err) } // update manifest with gc labels @@ -82,7 +81,7 @@ func ConvertManifest(ctx context.Context, store content.Store, desc ocispec.Desc ref := remotes.MakeRefKey(ctx, desc) if err := content.WriteBlob(ctx, store, ref, bytes.NewReader(data), desc, content.WithLabels(labels)); err != nil { - return ocispec.Descriptor{}, errors.Wrap(err, "failed to update content") + return ocispec.Descriptor{}, fmt.Errorf("failed to update content: %w", err) } return desc, nil } diff --git a/index/generator/vendor/github.com/containerd/containerd/remotes/docker/fetcher.go b/index/generator/vendor/github.com/containerd/containerd/remotes/docker/fetcher.go index 4b2c10e9a..11a75356e 100644 --- a/index/generator/vendor/github.com/containerd/containerd/remotes/docker/fetcher.go +++ b/index/generator/vendor/github.com/containerd/containerd/remotes/docker/fetcher.go @@ -19,9 +19,9 @@ package docker import ( "context" "encoding/json" + "errors" "fmt" "io" - "io/ioutil" "net/http" "net/url" "strings" @@ -30,7 +30,6 @@ import ( "github.com/containerd/containerd/images" "github.com/containerd/containerd/log" ocispec "github.com/opencontainers/image-spec/specs-go/v1" - "github.com/pkg/errors" ) type dockerFetcher struct { @@ -42,7 +41,7 @@ func (r dockerFetcher) Fetch(ctx context.Context, desc ocispec.Descriptor) (io.R hosts := r.filterHosts(HostCapabilityPull) if len(hosts) == 0 { - return nil, errors.Wrap(errdefs.ErrNotFound, "no pull hosts") + return nil, fmt.Errorf("no pull hosts: %w", errdefs.ErrNotFound) } ctx, err := ContextWithRepositoryScope(ctx, r.refspec, false) @@ -142,9 +141,9 @@ func (r dockerFetcher) Fetch(ctx context.Context, desc ocispec.Descriptor) (io.R } if errdefs.IsNotFound(firstErr) { - firstErr = errors.Wrapf(errdefs.ErrNotFound, - "could not fetch content descriptor %v (%v) from remote", - desc.Digest, desc.MediaType) + firstErr = fmt.Errorf("could not fetch content descriptor %v (%v) from remote: %w", + desc.Digest, desc.MediaType, errdefs.ErrNotFound, + ) } return nil, firstErr @@ -179,19 +178,19 @@ func (r dockerFetcher) open(ctx context.Context, req *request, mediatype string, // implementation. if resp.StatusCode == http.StatusNotFound { - return nil, errors.Wrapf(errdefs.ErrNotFound, "content at %v not found", req.String()) + return nil, fmt.Errorf("content at %v not found: %w", req.String(), errdefs.ErrNotFound) } var registryErr Errors if err := json.NewDecoder(resp.Body).Decode(®istryErr); err != nil || registryErr.Len() < 1 { - return nil, errors.Errorf("unexpected status code %v: %v", req.String(), resp.Status) + return nil, fmt.Errorf("unexpected status code %v: %v", req.String(), resp.Status) } - return nil, errors.Errorf("unexpected status code %v: %s - Server message: %s", req.String(), resp.Status, registryErr.Error()) + return nil, fmt.Errorf("unexpected status code %v: %s - Server message: %s", req.String(), resp.Status, registryErr.Error()) } if offset > 0 { cr := resp.Header.Get("content-range") if cr != "" { if !strings.HasPrefix(cr, fmt.Sprintf("bytes %d-", offset)) { - return nil, errors.Errorf("unhandled content range in response: %v", cr) + return nil, fmt.Errorf("unhandled content range in response: %v", cr) } } else { @@ -201,12 +200,12 @@ func (r dockerFetcher) open(ctx context.Context, req *request, mediatype string, // Discard up to offset // Could use buffer pool here but this case should be rare - n, err := io.Copy(ioutil.Discard, io.LimitReader(resp.Body, offset)) + n, err := io.Copy(io.Discard, io.LimitReader(resp.Body, offset)) if err != nil { - return nil, errors.Wrap(err, "failed to discard to offset") + return nil, fmt.Errorf("failed to discard to offset: %w", err) } if n != offset { - return nil, errors.Errorf("unable to discard to offset") + return nil, errors.New("unable to discard to offset") } } diff --git a/index/generator/vendor/github.com/containerd/containerd/remotes/docker/httpreadseeker.go b/index/generator/vendor/github.com/containerd/containerd/remotes/docker/httpreadseeker.go index 58c866bcd..9a827ef04 100644 --- a/index/generator/vendor/github.com/containerd/containerd/remotes/docker/httpreadseeker.go +++ b/index/generator/vendor/github.com/containerd/containerd/remotes/docker/httpreadseeker.go @@ -18,12 +18,11 @@ package docker import ( "bytes" + "fmt" "io" - "io/ioutil" "github.com/containerd/containerd/errdefs" "github.com/containerd/containerd/log" - "github.com/pkg/errors" ) const maxRetry = 3 @@ -70,7 +69,7 @@ func (hrs *httpReadSeeker) Read(p []byte) (n int, err error) { } if hrs.rc != nil { if clsErr := hrs.rc.Close(); clsErr != nil { - log.L.WithError(clsErr).Errorf("httpReadSeeker: failed to close ReadCloser") + log.L.WithError(clsErr).Error("httpReadSeeker: failed to close ReadCloser") } hrs.rc = nil } @@ -95,7 +94,7 @@ func (hrs *httpReadSeeker) Close() error { func (hrs *httpReadSeeker) Seek(offset int64, whence int) (int64, error) { if hrs.closed { - return 0, errors.Wrap(errdefs.ErrUnavailable, "Fetcher.Seek: closed") + return 0, fmt.Errorf("Fetcher.Seek: closed: %w", errdefs.ErrUnavailable) } abs := hrs.offset @@ -106,21 +105,21 @@ func (hrs *httpReadSeeker) Seek(offset int64, whence int) (int64, error) { abs += offset case io.SeekEnd: if hrs.size == -1 { - return 0, errors.Wrap(errdefs.ErrUnavailable, "Fetcher.Seek: unknown size, cannot seek from end") + return 0, fmt.Errorf("Fetcher.Seek: unknown size, cannot seek from end: %w", errdefs.ErrUnavailable) } abs = hrs.size + offset default: - return 0, errors.Wrap(errdefs.ErrInvalidArgument, "Fetcher.Seek: invalid whence") + return 0, fmt.Errorf("Fetcher.Seek: invalid whence: %w", errdefs.ErrInvalidArgument) } if abs < 0 { - return 0, errors.Wrapf(errdefs.ErrInvalidArgument, "Fetcher.Seek: negative offset") + return 0, fmt.Errorf("Fetcher.Seek: negative offset: %w", errdefs.ErrInvalidArgument) } if abs != hrs.offset { if hrs.rc != nil { if err := hrs.rc.Close(); err != nil { - log.L.WithError(err).Errorf("Fetcher.Seek: failed to close ReadCloser") + log.L.WithError(err).Error("Fetcher.Seek: failed to close ReadCloser") } hrs.rc = nil @@ -141,17 +140,17 @@ func (hrs *httpReadSeeker) reader() (io.Reader, error) { // only try to reopen the body request if we are seeking to a value // less than the actual size. if hrs.open == nil { - return nil, errors.Wrapf(errdefs.ErrNotImplemented, "cannot open") + return nil, fmt.Errorf("cannot open: %w", errdefs.ErrNotImplemented) } rc, err := hrs.open(hrs.offset) if err != nil { - return nil, errors.Wrapf(err, "httpReadSeeker: failed open") + return nil, fmt.Errorf("httpReadSeeker: failed open: %w", err) } if hrs.rc != nil { if err := hrs.rc.Close(); err != nil { - log.L.WithError(err).Errorf("httpReadSeeker: failed to close ReadCloser") + log.L.WithError(err).Error("httpReadSeeker: failed to close ReadCloser") } } hrs.rc = rc @@ -162,7 +161,7 @@ func (hrs *httpReadSeeker) reader() (io.Reader, error) { // as the length is already satisfied but we just return the empty // reader instead. - hrs.rc = ioutil.NopCloser(bytes.NewReader([]byte{})) + hrs.rc = io.NopCloser(bytes.NewReader([]byte{})) } return hrs.rc, nil diff --git a/index/generator/vendor/github.com/containerd/containerd/remotes/docker/pusher.go b/index/generator/vendor/github.com/containerd/containerd/remotes/docker/pusher.go index 97ed66a6a..b5e65d73d 100644 --- a/index/generator/vendor/github.com/containerd/containerd/remotes/docker/pusher.go +++ b/index/generator/vendor/github.com/containerd/containerd/remotes/docker/pusher.go @@ -18,11 +18,14 @@ package docker import ( "context" + "errors" + "fmt" "io" - "io/ioutil" "net/http" "net/url" + "path" "strings" + "sync" "time" "github.com/containerd/containerd/content" @@ -33,7 +36,6 @@ import ( remoteserrors "github.com/containerd/containerd/remotes/errors" digest "github.com/opencontainers/go-digest" ocispec "github.com/opencontainers/image-spec/specs-go/v1" - "github.com/pkg/errors" ) type dockerPusher struct { @@ -56,7 +58,7 @@ func (p dockerPusher) Writer(ctx context.Context, opts ...content.WriterOpt) (co } } if wOpts.Ref == "" { - return nil, errors.Wrap(errdefs.ErrInvalidArgument, "ref must not be empty") + return nil, fmt.Errorf("ref must not be empty: %w", errdefs.ErrInvalidArgument) } return p.push(ctx, wOpts.Desc, wOpts.Ref, true) } @@ -77,22 +79,22 @@ func (p dockerPusher) push(ctx context.Context, desc ocispec.Descriptor, ref str status, err := p.tracker.GetStatus(ref) if err == nil { if status.Committed && status.Offset == status.Total { - return nil, errors.Wrapf(errdefs.ErrAlreadyExists, "ref %v", ref) + return nil, fmt.Errorf("ref %v: %w", ref, errdefs.ErrAlreadyExists) } - if unavailableOnFail { + if unavailableOnFail && status.ErrClosed == nil { // Another push of this ref is happening elsewhere. The rest of function // will continue only when `errdefs.IsNotFound(err) == true` (i.e. there // is no actively-tracked ref already). - return nil, errors.Wrap(errdefs.ErrUnavailable, "push is on-going") + return nil, fmt.Errorf("push is on-going: %w", errdefs.ErrUnavailable) } // TODO: Handle incomplete status } else if !errdefs.IsNotFound(err) { - return nil, errors.Wrap(err, "failed to get status") + return nil, fmt.Errorf("failed to get status: %w", err) } hosts := p.filterHosts(HostCapabilityPush) if len(hosts) == 0 { - return nil, errors.Wrap(errdefs.ErrNotFound, "no push hosts") + return nil, fmt.Errorf("no push hosts: %w", errdefs.ErrNotFound) } var ( @@ -136,6 +138,9 @@ func (p dockerPusher) push(ctx context.Context, desc ocispec.Descriptor, ref str if exists { p.tracker.SetStatus(ref, Status{ Committed: true, + PushStatus: PushStatus{ + Exists: true, + }, Status: content.Status{ Ref: ref, Total: desc.Size, @@ -144,7 +149,7 @@ func (p dockerPusher) push(ctx context.Context, desc ocispec.Descriptor, ref str }, }) resp.Body.Close() - return nil, errors.Wrapf(errdefs.ErrAlreadyExists, "content %v on remote", desc.Digest) + return nil, fmt.Errorf("content %v on remote: %w", desc.Digest, errdefs.ErrAlreadyExists) } } else if resp.StatusCode != http.StatusNotFound { err := remoteserrors.NewUnexpectedStatusErr(resp) @@ -163,6 +168,7 @@ func (p dockerPusher) push(ctx context.Context, desc ocispec.Descriptor, ref str // Start upload request req = p.request(host, http.MethodPost, "blobs", "uploads/") + mountedFrom := "" var resp *http.Response if fromRepo := selectRepositoryMountCandidate(p.refspec, desc.Annotations); fromRepo != "" { preq := requestWithMountFrom(req, desc.Digest.String(), fromRepo) @@ -179,11 +185,14 @@ func (p dockerPusher) push(ctx context.Context, desc ocispec.Descriptor, ref str return nil, err } - if resp.StatusCode == http.StatusUnauthorized { + switch resp.StatusCode { + case http.StatusUnauthorized: log.G(ctx).Debugf("failed to mount from repository %s", fromRepo) resp.Body.Close() resp = nil + case http.StatusCreated: + mountedFrom = path.Join(p.refspec.Hostname(), fromRepo) } } @@ -200,13 +209,16 @@ func (p dockerPusher) push(ctx context.Context, desc ocispec.Descriptor, ref str case http.StatusCreated: p.tracker.SetStatus(ref, Status{ Committed: true, + PushStatus: PushStatus{ + MountedFrom: mountedFrom, + }, Status: content.Status{ Ref: ref, Total: desc.Size, Offset: desc.Size, }, }) - return nil, errors.Wrapf(errdefs.ErrAlreadyExists, "content %v on remote", desc.Digest) + return nil, fmt.Errorf("content %v on remote: %w", desc.Digest, errdefs.ErrAlreadyExists) default: err := remoteserrors.NewUnexpectedStatusErr(resp) log.G(ctx).WithField("resp", resp).WithField("body", string(err.(remoteserrors.ErrUnexpectedStatus).Body)).Debug("unexpected response") @@ -222,7 +234,7 @@ func (p dockerPusher) push(ctx context.Context, desc ocispec.Descriptor, ref str if strings.HasPrefix(location, "/") { lurl, err = url.Parse(lhost.Scheme + "://" + lhost.Host + location) if err != nil { - return nil, errors.Wrapf(err, "unable to parse location %v", location) + return nil, fmt.Errorf("unable to parse location %v: %w", location, err) } } else { if !strings.Contains(location, "://") { @@ -230,17 +242,20 @@ func (p dockerPusher) push(ctx context.Context, desc ocispec.Descriptor, ref str } lurl, err = url.Parse(location) if err != nil { - return nil, errors.Wrapf(err, "unable to parse location %v", location) + return nil, fmt.Errorf("unable to parse location %v: %w", location, err) } if lurl.Host != lhost.Host || lhost.Scheme != lurl.Scheme { - lhost.Scheme = lurl.Scheme lhost.Host = lurl.Host - log.G(ctx).WithField("host", lhost.Host).WithField("scheme", lhost.Scheme).Debug("upload changed destination") - // Strip authorizer if change to host or scheme - lhost.Authorizer = nil + // Check if different than what was requested, accounting for fallback in the transport layer + requested := resp.Request.URL + if requested.Host != lhost.Host || requested.Scheme != lhost.Scheme { + // Strip authorizer if change to host or scheme + lhost.Authorizer = nil + log.G(ctx).WithField("host", lhost.Host).WithField("scheme", lhost.Scheme).Debug("upload changed destination, authorizer removed") + } } } q := lurl.Query() @@ -261,27 +276,20 @@ func (p dockerPusher) push(ctx context.Context, desc ocispec.Descriptor, ref str // TODO: Support chunked upload - pr, pw := io.Pipe() - respC := make(chan response, 1) - body := ioutil.NopCloser(pr) + pushw := newPushWriter(p.dockerBase, ref, desc.Digest, p.tracker, isManifest) req.body = func() (io.ReadCloser, error) { - if body == nil { - return nil, errors.New("cannot reuse body, request must be retried") - } - // Only use the body once since pipe cannot be seeked - ob := body - body = nil - return ob, nil + pr, pw := io.Pipe() + pushw.setPipe(pw) + return io.NopCloser(pr), nil } req.size = desc.Size go func() { - defer close(respC) resp, err := req.doWithRetries(ctx, nil) if err != nil { - respC <- response{err: err} - pr.CloseWithError(err) + pushw.setError(err) + pushw.Close() return } @@ -290,20 +298,13 @@ func (p dockerPusher) push(ctx context.Context, desc ocispec.Descriptor, ref str default: err := remoteserrors.NewUnexpectedStatusErr(resp) log.G(ctx).WithField("resp", resp).WithField("body", string(err.(remoteserrors.ErrUnexpectedStatus).Body)).Debug("unexpected response") - pr.CloseWithError(err) + pushw.setError(err) + pushw.Close() } - respC <- response{Response: resp} + pushw.setResponse(resp) }() - return &pushWriter{ - base: p.dockerBase, - ref: ref, - pipe: pw, - responseC: respC, - isManifest: isManifest, - expected: desc.Digest, - tracker: p.tracker, - }, nil + return pushw, nil } func getManifestPath(object string, dgst digest.Digest) []string { @@ -325,29 +326,89 @@ func getManifestPath(object string, dgst digest.Digest) []string { return []string{"manifests", object} } -type response struct { - *http.Response - err error -} - type pushWriter struct { base *dockerBase ref string - pipe *io.PipeWriter - responseC <-chan response + pipe *io.PipeWriter + + pipeC chan *io.PipeWriter + respC chan *http.Response + closeOnce sync.Once + errC chan error + isManifest bool expected digest.Digest tracker StatusTracker } +func newPushWriter(db *dockerBase, ref string, expected digest.Digest, tracker StatusTracker, isManifest bool) *pushWriter { + // Initialize and create response + return &pushWriter{ + base: db, + ref: ref, + expected: expected, + tracker: tracker, + pipeC: make(chan *io.PipeWriter, 1), + respC: make(chan *http.Response, 1), + errC: make(chan error, 1), + isManifest: isManifest, + } +} + +func (pw *pushWriter) setPipe(p *io.PipeWriter) { + pw.pipeC <- p +} + +func (pw *pushWriter) setError(err error) { + pw.errC <- err +} +func (pw *pushWriter) setResponse(resp *http.Response) { + pw.respC <- resp +} + func (pw *pushWriter) Write(p []byte) (n int, err error) { status, err := pw.tracker.GetStatus(pw.ref) if err != nil { return n, err } + + if pw.pipe == nil { + p, ok := <-pw.pipeC + if !ok { + return 0, io.ErrClosedPipe + } + pw.pipe = p + } else { + select { + case p, ok := <-pw.pipeC: + if !ok { + return 0, io.ErrClosedPipe + } + pw.pipe.CloseWithError(content.ErrReset) + pw.pipe = p + + // If content has already been written, the bytes + // cannot be written and the caller must reset + status.Offset = 0 + status.UpdatedAt = time.Now() + pw.tracker.SetStatus(pw.ref, status) + return 0, content.ErrReset + default: + } + } + n, err = pw.pipe.Write(p) + if errors.Is(err, io.ErrClosedPipe) { + // if the pipe is closed, we might have the original error on the error + // channel - so we should try and get it + select { + case err2 := <-pw.errC: + err = err2 + default: + } + } status.Offset += int64(n) status.UpdatedAt = time.Now() pw.tracker.SetStatus(pw.ref, status) @@ -355,7 +416,21 @@ func (pw *pushWriter) Write(p []byte) (n int, err error) { } func (pw *pushWriter) Close() error { - return pw.pipe.Close() + // Ensure pipeC is closed but handle `Close()` being + // called multiple times without panicking + pw.closeOnce.Do(func() { + close(pw.pipeC) + }) + if pw.pipe != nil { + status, err := pw.tracker.GetStatus(pw.ref) + if err == nil && !status.Committed { + // Closing an incomplete writer. Record this as an error so that following write can retry it. + status.ErrClosed = errors.New("closed incomplete writer") + pw.tracker.SetStatus(pw.ref, status) + } + return pw.pipe.Close() + } + return nil } func (pw *pushWriter) Status() (content.Status, error) { @@ -374,35 +449,57 @@ func (pw *pushWriter) Digest() digest.Digest { func (pw *pushWriter) Commit(ctx context.Context, size int64, expected digest.Digest, opts ...content.Opt) error { // Check whether read has already thrown an error - if _, err := pw.pipe.Write([]byte{}); err != nil && err != io.ErrClosedPipe { - return errors.Wrap(err, "pipe error before commit") + if _, err := pw.pipe.Write([]byte{}); err != nil && !errors.Is(err, io.ErrClosedPipe) { + return fmt.Errorf("pipe error before commit: %w", err) } if err := pw.pipe.Close(); err != nil { return err } // TODO: timeout waiting for response - resp := <-pw.responseC - if resp.err != nil { - return resp.err + var resp *http.Response + select { + case err := <-pw.errC: + return err + case resp = <-pw.respC: + defer resp.Body.Close() + case p, ok := <-pw.pipeC: + // check whether the pipe has changed in the commit, because sometimes Write + // can complete successfully, but the pipe may have changed. In that case, the + // content needs to be reset. + if !ok { + return io.ErrClosedPipe + } + pw.pipe.CloseWithError(content.ErrReset) + pw.pipe = p + + // If content has already been written, the bytes + // cannot be written again and the caller must reset + status, err := pw.tracker.GetStatus(pw.ref) + if err != nil { + return err + } + status.Offset = 0 + status.UpdatedAt = time.Now() + pw.tracker.SetStatus(pw.ref, status) + return content.ErrReset } - defer resp.Response.Body.Close() // 201 is specified return status, some registries return // 200, 202 or 204. switch resp.StatusCode { case http.StatusOK, http.StatusCreated, http.StatusNoContent, http.StatusAccepted: default: - return remoteserrors.NewUnexpectedStatusErr(resp.Response) + return remoteserrors.NewUnexpectedStatusErr(resp) } status, err := pw.tracker.GetStatus(pw.ref) if err != nil { - return errors.Wrap(err, "failed to get status") + return fmt.Errorf("failed to get status: %w", err) } if size > 0 && size != status.Offset { - return errors.Errorf("unexpected size %d, expected %d", status.Offset, size) + return fmt.Errorf("unexpected size %d, expected %d", status.Offset, size) } if expected == "" { @@ -411,11 +508,11 @@ func (pw *pushWriter) Commit(ctx context.Context, size int64, expected digest.Di actual, err := digest.Parse(resp.Header.Get("Docker-Content-Digest")) if err != nil { - return errors.Wrap(err, "invalid content digest in response") + return fmt.Errorf("invalid content digest in response: %w", err) } if actual != expected { - return errors.Errorf("got digest %s, expected %s", actual, expected) + return fmt.Errorf("got digest %s, expected %s", actual, expected) } status.Committed = true diff --git a/index/generator/vendor/github.com/containerd/containerd/remotes/docker/registry.go b/index/generator/vendor/github.com/containerd/containerd/remotes/docker/registry.go index 1e77d4c86..98cafcd06 100644 --- a/index/generator/vendor/github.com/containerd/containerd/remotes/docker/registry.go +++ b/index/generator/vendor/github.com/containerd/containerd/remotes/docker/registry.go @@ -17,10 +17,9 @@ package docker import ( + "errors" "net" "net/http" - - "github.com/pkg/errors" ) // HostCapabilities represent the capabilities of the registry diff --git a/index/generator/vendor/github.com/containerd/containerd/remotes/docker/resolver.go b/index/generator/vendor/github.com/containerd/containerd/remotes/docker/resolver.go index 1be9e1d05..6bd70d410 100644 --- a/index/generator/vendor/github.com/containerd/containerd/remotes/docker/resolver.go +++ b/index/generator/vendor/github.com/containerd/containerd/remotes/docker/resolver.go @@ -18,9 +18,11 @@ package docker import ( "context" + "crypto/tls" + "errors" "fmt" "io" - "io/ioutil" + "net" "net/http" "net/url" "path" @@ -32,10 +34,10 @@ import ( "github.com/containerd/containerd/reference" "github.com/containerd/containerd/remotes" "github.com/containerd/containerd/remotes/docker/schema1" + remoteerrors "github.com/containerd/containerd/remotes/errors" "github.com/containerd/containerd/version" digest "github.com/opencontainers/go-digest" ocispec "github.com/opencontainers/image-spec/specs-go/v1" - "github.com/pkg/errors" "github.com/sirupsen/logrus" "golang.org/x/net/context/ctxhttp" ) @@ -95,25 +97,30 @@ type ResolverOptions struct { Tracker StatusTracker // Authorizer is used to authorize registry requests - // Deprecated: use Hosts + // + // Deprecated: use Hosts. Authorizer Authorizer // Credentials provides username and secret given a host. // If username is empty but a secret is given, that secret // is interpreted as a long lived token. - // Deprecated: use Hosts + // + // Deprecated: use Hosts. Credentials func(string) (string, string, error) // Host provides the hostname given a namespace. - // Deprecated: use Hosts + // + // Deprecated: use Hosts. Host func(string) (string, error) // PlainHTTP specifies to use plain http and not https - // Deprecated: use Hosts + // + // Deprecated: use Hosts. PlainHTTP bool // Client is the http client to used when making registry requests - // Deprecated: use Hosts + // + // Deprecated: use Hosts. Client *http.Client } @@ -140,6 +147,9 @@ func NewResolver(options ResolverOptions) remotes.Resolver { if options.Headers == nil { options.Headers = make(http.Header) + } else { + // make a copy of the headers to avoid race due to concurrent map write + options.Headers = options.Headers.Clone() } if _, ok := options.Headers["User-Agent"]; !ok { options.Headers.Set("User-Agent", "containerd/"+version.Version) @@ -255,7 +265,7 @@ func (r *dockerResolver) Resolve(ctx context.Context, ref string) (string, ocisp hosts := base.filterHosts(caps) if len(hosts) == 0 { - return "", ocispec.Descriptor{}, errors.Wrap(errdefs.ErrNotFound, "no resolve hosts") + return "", ocispec.Descriptor{}, fmt.Errorf("no resolve hosts: %w", errdefs.ErrNotFound) } ctx, err = ContextWithRepositoryScope(ctx, refspec, false) @@ -280,7 +290,7 @@ func (r *dockerResolver) Resolve(ctx context.Context, ref string) (string, ocisp resp, err := req.doWithRetries(ctx, nil) if err != nil { if errors.Is(err, ErrInvalidAuthorization) { - err = errors.Wrapf(err, "pull access denied, repository does not exist or may require authorization") + err = fmt.Errorf("pull access denied, repository does not exist or may require authorization: %w", err) } // Store the error for referencing later if firstErr == nil { @@ -299,11 +309,11 @@ func (r *dockerResolver) Resolve(ctx context.Context, ref string) (string, ocisp if resp.StatusCode > 399 { // Set firstErr when encountering the first non-404 status code. if firstErr == nil { - firstErr = errors.Errorf("pulling from host %s failed with status code %v: %v", host.Host, u, resp.Status) + firstErr = remoteerrors.NewUnexpectedStatusErr(resp) } continue // try another host } - return "", ocispec.Descriptor{}, errors.Errorf("pulling from host %s failed with unexpected status code %v: %v", host.Host, u, resp.Status) + return "", ocispec.Descriptor{}, remoteerrors.NewUnexpectedStatusErr(resp) } size := resp.ContentLength contentType := getManifestMediaType(resp) @@ -319,7 +329,7 @@ func (r *dockerResolver) Resolve(ctx context.Context, ref string) (string, ocisp if dgstHeader != "" && size != -1 { if err := dgstHeader.Validate(); err != nil { - return "", ocispec.Descriptor{}, errors.Wrapf(err, "%q in header not a valid digest", dgstHeader) + return "", ocispec.Descriptor{}, fmt.Errorf("%q in header not a valid digest: %w", dgstHeader, err) } dgst = dgstHeader } @@ -359,7 +369,7 @@ func (r *dockerResolver) Resolve(ctx context.Context, ref string) (string, ocisp return "", ocispec.Descriptor{}, err } } - } else if _, err := io.Copy(ioutil.Discard, &bodyReader); err != nil { + } else if _, err := io.Copy(io.Discard, &bodyReader); err != nil { return "", ocispec.Descriptor{}, err } size = bodyReader.bytesRead @@ -367,7 +377,7 @@ func (r *dockerResolver) Resolve(ctx context.Context, ref string) (string, ocisp // Prevent resolving to excessively large manifests if size > MaxManifestSize { if firstErr == nil { - firstErr = errors.Wrapf(errdefs.ErrNotFound, "rejecting %d byte manifest for %s", size, ref) + firstErr = fmt.Errorf("rejecting %d byte manifest for %s: %w", size, ref, errdefs.ErrNotFound) } continue } @@ -388,7 +398,7 @@ func (r *dockerResolver) Resolve(ctx context.Context, ref string) (string, ocisp // means that either no registries were given or each registry returned 404. if firstErr == nil { - firstErr = errors.Wrap(errdefs.ErrNotFound, ref) + firstErr = fmt.Errorf("%s: %w", ref, errdefs.ErrNotFound) } return "", ocispec.Descriptor{}, firstErr @@ -529,9 +539,10 @@ func (r *request) do(ctx context.Context) (*http.Response, error) { if err != nil { return nil, err } - req.Header = http.Header{} // headers need to be copied to avoid concurrent map access - for k, v := range r.header { - req.Header[k] = v + if r.header == nil { + req.Header = http.Header{} + } else { + req.Header = r.header.Clone() // headers need to be copied to avoid concurrent map access } if r.body != nil { body, err := r.body() @@ -548,7 +559,7 @@ func (r *request) do(ctx context.Context) (*http.Response, error) { ctx = log.WithLogger(ctx, log.G(ctx).WithField("url", u)) log.G(ctx).WithFields(requestFields(req)).Debug("do request") if err := r.authorize(ctx, req); err != nil { - return nil, errors.Wrap(err, "failed to authorize") + return nil, fmt.Errorf("failed to authorize: %w", err) } var client = &http.Client{} @@ -560,13 +571,16 @@ func (r *request) do(ctx context.Context) (*http.Response, error) { if len(via) >= 10 { return errors.New("stopped after 10 redirects") } - return errors.Wrap(r.authorize(ctx, req), "failed to authorize redirect") + if err := r.authorize(ctx, req); err != nil { + return fmt.Errorf("failed to authorize redirect: %w", err) + } + return nil } } resp, err := ctxhttp.Do(ctx, client, req) if err != nil { - return nil, errors.Wrap(err, "failed to do request") + return nil, fmt.Errorf("failed to do request: %w", err) } log.G(ctx).WithFields(responseFields(resp)).Debug("fetch response received") return resp, nil @@ -665,3 +679,41 @@ func responseFields(resp *http.Response) logrus.Fields { return logrus.Fields(fields) } + +// IsLocalhost checks if the registry host is local. +func IsLocalhost(host string) bool { + if h, _, err := net.SplitHostPort(host); err == nil { + host = h + } + + if host == "localhost" { + return true + } + + ip := net.ParseIP(host) + return ip.IsLoopback() +} + +// HTTPFallback is an http.RoundTripper which allows fallback from https to http +// for registry endpoints with configurations for both http and TLS, such as +// defaulted localhost endpoints. +type HTTPFallback struct { + http.RoundTripper +} + +func (f HTTPFallback) RoundTrip(r *http.Request) (*http.Response, error) { + resp, err := f.RoundTripper.RoundTrip(r) + var tlsErr tls.RecordHeaderError + if errors.As(err, &tlsErr) && string(tlsErr.RecordHeader[:]) == "HTTP/" { + // server gave HTTP response to HTTPS client + plainHTTPUrl := *r.URL + plainHTTPUrl.Scheme = "http" + + plainHTTPRequest := *r + plainHTTPRequest.URL = &plainHTTPUrl + + return f.RoundTripper.RoundTrip(&plainHTTPRequest) + } + + return resp, err +} diff --git a/index/generator/vendor/github.com/containerd/containerd/remotes/docker/schema1/converter.go b/index/generator/vendor/github.com/containerd/containerd/remotes/docker/schema1/converter.go index f15a9acf3..efa4e8d6e 100644 --- a/index/generator/vendor/github.com/containerd/containerd/remotes/docker/schema1/converter.go +++ b/index/generator/vendor/github.com/containerd/containerd/remotes/docker/schema1/converter.go @@ -21,16 +21,14 @@ import ( "context" "encoding/base64" "encoding/json" + "errors" "fmt" "io" - "io/ioutil" "strconv" "strings" "sync" "time" - "golang.org/x/sync/errgroup" - "github.com/containerd/containerd/archive/compression" "github.com/containerd/containerd/content" "github.com/containerd/containerd/errdefs" @@ -40,7 +38,7 @@ import ( digest "github.com/opencontainers/go-digest" specs "github.com/opencontainers/image-spec/specs-go" ocispec "github.com/opencontainers/image-spec/specs-go/v1" - "github.com/pkg/errors" + "golang.org/x/sync/errgroup" ) const ( @@ -159,12 +157,12 @@ func (c *Converter) Convert(ctx context.Context, opts ...ConvertOpt) (ocispec.De history, diffIDs, err := c.schema1ManifestHistory() if err != nil { - return ocispec.Descriptor{}, errors.Wrap(err, "schema 1 conversion failed") + return ocispec.Descriptor{}, fmt.Errorf("schema 1 conversion failed: %w", err) } var img ocispec.Image if err := json.Unmarshal([]byte(c.pulledManifest.History[0].V1Compatibility), &img); err != nil { - return ocispec.Descriptor{}, errors.Wrap(err, "failed to unmarshal image from schema 1 history") + return ocispec.Descriptor{}, fmt.Errorf("failed to unmarshal image from schema 1 history: %w", err) } img.History = history @@ -175,7 +173,7 @@ func (c *Converter) Convert(ctx context.Context, opts ...ConvertOpt) (ocispec.De b, err := json.MarshalIndent(img, "", " ") if err != nil { - return ocispec.Descriptor{}, errors.Wrap(err, "failed to marshal image") + return ocispec.Descriptor{}, fmt.Errorf("failed to marshal image: %w", err) } config := ocispec.Descriptor{ @@ -199,7 +197,7 @@ func (c *Converter) Convert(ctx context.Context, opts ...ConvertOpt) (ocispec.De mb, err := json.MarshalIndent(manifest, "", " ") if err != nil { - return ocispec.Descriptor{}, errors.Wrap(err, "failed to marshal image") + return ocispec.Descriptor{}, fmt.Errorf("failed to marshal image: %w", err) } desc := ocispec.Descriptor{ @@ -216,12 +214,12 @@ func (c *Converter) Convert(ctx context.Context, opts ...ConvertOpt) (ocispec.De ref := remotes.MakeRefKey(ctx, desc) if err := content.WriteBlob(ctx, c.contentStore, ref, bytes.NewReader(mb), desc, content.WithLabels(labels)); err != nil { - return ocispec.Descriptor{}, errors.Wrap(err, "failed to write image manifest") + return ocispec.Descriptor{}, fmt.Errorf("failed to write image manifest: %w", err) } ref = remotes.MakeRefKey(ctx, config) if err := content.WriteBlob(ctx, c.contentStore, ref, bytes.NewReader(b), config); err != nil { - return ocispec.Descriptor{}, errors.Wrap(err, "failed to write image config") + return ocispec.Descriptor{}, fmt.Errorf("failed to write image config: %w", err) } return desc, nil @@ -230,7 +228,7 @@ func (c *Converter) Convert(ctx context.Context, opts ...ConvertOpt) (ocispec.De // ReadStripSignature reads in a schema1 manifest and returns a byte array // with the "signatures" field stripped func ReadStripSignature(schema1Blob io.Reader) ([]byte, error) { - b, err := ioutil.ReadAll(io.LimitReader(schema1Blob, manifestSizeLimit)) // limit to 8MB + b, err := io.ReadAll(io.LimitReader(schema1Blob, manifestSizeLimit)) // limit to 8MB if err != nil { return nil, err } @@ -350,7 +348,7 @@ func (c *Converter) fetchBlob(ctx context.Context, desc ocispec.Descriptor) erro if desc.Size == -1 { info, err := c.contentStore.Info(ctx, desc.Digest) if err != nil { - return errors.Wrap(err, "failed to get blob info") + return fmt.Errorf("failed to get blob info: %w", err) } desc.Size = info.Size } @@ -371,7 +369,7 @@ func (c *Converter) fetchBlob(ctx context.Context, desc ocispec.Descriptor) erro } if _, err := c.contentStore.Update(ctx, cinfo, "labels.containerd.io/uncompressed", fmt.Sprintf("labels.%s", labelDockerSchema1EmptyLayer)); err != nil { - return errors.Wrap(err, "failed to update uncompressed label") + return fmt.Errorf("failed to update uncompressed label: %w", err) } c.mu.Lock() @@ -385,7 +383,7 @@ func (c *Converter) fetchBlob(ctx context.Context, desc ocispec.Descriptor) erro func (c *Converter) reuseLabelBlobState(ctx context.Context, desc ocispec.Descriptor) (bool, error) { cinfo, err := c.contentStore.Info(ctx, desc.Digest) if err != nil { - return false, errors.Wrap(err, "failed to get blob info") + return false, fmt.Errorf("failed to get blob info: %w", err) } desc.Size = cinfo.Size @@ -442,7 +440,7 @@ func (c *Converter) schema1ManifestHistory() ([]ocispec.History, []digest.Digest for i := range m.History { var h v1History if err := json.Unmarshal([]byte(m.History[i].V1Compatibility), &h); err != nil { - return nil, nil, errors.Wrap(err, "failed to unmarshal history") + return nil, nil, fmt.Errorf("failed to unmarshal history: %w", err) } blobSum := m.FSLayers[i].BlobSum @@ -554,7 +552,7 @@ func stripSignature(b []byte) ([]byte, error) { } pb, err := joseBase64UrlDecode(sig.Signatures[0].Protected) if err != nil { - return nil, errors.Wrapf(err, "could not decode %s", sig.Signatures[0].Protected) + return nil, fmt.Errorf("could not decode %s: %w", sig.Signatures[0].Protected, err) } var protected protectedBlock @@ -568,7 +566,7 @@ func stripSignature(b []byte) ([]byte, error) { tail, err := joseBase64UrlDecode(protected.Tail) if err != nil { - return nil, errors.Wrap(err, "invalid tail base 64 value") + return nil, fmt.Errorf("invalid tail base 64 value: %w", err) } return append(b[:protected.Length], tail...), nil diff --git a/index/generator/vendor/github.com/containerd/containerd/remotes/docker/scope.go b/index/generator/vendor/github.com/containerd/containerd/remotes/docker/scope.go index fe57f023d..95b4810ab 100644 --- a/index/generator/vendor/github.com/containerd/containerd/remotes/docker/scope.go +++ b/index/generator/vendor/github.com/containerd/containerd/remotes/docker/scope.go @@ -74,7 +74,7 @@ func ContextWithAppendPullRepositoryScope(ctx context.Context, repo string) cont // GetTokenScopes returns deduplicated and sorted scopes from ctx.Value(tokenScopesKey{}) and common scopes. func GetTokenScopes(ctx context.Context, common []string) []string { - var scopes []string + scopes := []string{} if x := ctx.Value(tokenScopesKey{}); x != nil { scopes = append(scopes, x.([]string)...) } @@ -82,6 +82,10 @@ func GetTokenScopes(ctx context.Context, common []string) []string { scopes = append(scopes, common...) sort.Strings(scopes) + if len(scopes) == 0 { + return scopes + } + l := 0 for idx := 1; idx < len(scopes); idx++ { // Note: this comparison is unaware of the scope grammar (https://docs.docker.com/registry/spec/auth/scope/) diff --git a/index/generator/vendor/github.com/containerd/containerd/remotes/docker/status.go b/index/generator/vendor/github.com/containerd/containerd/remotes/docker/status.go index 9751edac7..1a9227725 100644 --- a/index/generator/vendor/github.com/containerd/containerd/remotes/docker/status.go +++ b/index/generator/vendor/github.com/containerd/containerd/remotes/docker/status.go @@ -17,12 +17,12 @@ package docker import ( + "fmt" "sync" "github.com/containerd/containerd/content" "github.com/containerd/containerd/errdefs" "github.com/moby/locker" - "github.com/pkg/errors" ) // Status of a content operation @@ -31,8 +31,22 @@ type Status struct { Committed bool + // ErrClosed contains error encountered on close. + ErrClosed error + // UploadUUID is used by the Docker registry to reference blob uploads UploadUUID string + + // PushStatus contains status related to push. + PushStatus +} + +type PushStatus struct { + // MountedFrom is the source content was cross-repo mounted from (empty if no cross-repo mount was performed). + MountedFrom string + + // Exists indicates whether content already exists in the repository and wasn't uploaded. + Exists bool } // StatusTracker to track status of operations @@ -67,7 +81,7 @@ func (t *memoryStatusTracker) GetStatus(ref string) (Status, error) { defer t.m.Unlock() status, ok := t.statuses[ref] if !ok { - return Status{}, errors.Wrapf(errdefs.ErrNotFound, "status for ref %v", ref) + return Status{}, fmt.Errorf("status for ref %v: %w", ref, errdefs.ErrNotFound) } return status, nil } diff --git a/index/generator/vendor/github.com/containerd/containerd/remotes/errors/errors.go b/index/generator/vendor/github.com/containerd/containerd/remotes/errors/errors.go index 519dbac10..f60ff0fc2 100644 --- a/index/generator/vendor/github.com/containerd/containerd/remotes/errors/errors.go +++ b/index/generator/vendor/github.com/containerd/containerd/remotes/errors/errors.go @@ -19,7 +19,6 @@ package errors import ( "fmt" "io" - "io/ioutil" "net/http" ) @@ -34,14 +33,14 @@ type ErrUnexpectedStatus struct { } func (e ErrUnexpectedStatus) Error() string { - return fmt.Sprintf("unexpected status: %s", e.Status) + return fmt.Sprintf("unexpected status from %s request to %s: %s", e.RequestMethod, e.RequestURL, e.Status) } // NewUnexpectedStatusErr creates an ErrUnexpectedStatus from HTTP response func NewUnexpectedStatusErr(resp *http.Response) error { var b []byte if resp.Body != nil { - b, _ = ioutil.ReadAll(io.LimitReader(resp.Body, 64000)) // 64KB + b, _ = io.ReadAll(io.LimitReader(resp.Body, 64000)) // 64KB } err := ErrUnexpectedStatus{ Body: b, diff --git a/index/generator/vendor/github.com/containerd/containerd/remotes/handlers.go b/index/generator/vendor/github.com/containerd/containerd/remotes/handlers.go index 8f79c608e..7d41b1e25 100644 --- a/index/generator/vendor/github.com/containerd/containerd/remotes/handlers.go +++ b/index/generator/vendor/github.com/containerd/containerd/remotes/handlers.go @@ -18,6 +18,7 @@ package remotes import ( "context" + "errors" "fmt" "io" "strings" @@ -29,7 +30,6 @@ import ( "github.com/containerd/containerd/log" "github.com/containerd/containerd/platforms" ocispec "github.com/opencontainers/image-spec/specs-go/v1" - "github.com/pkg/errors" "github.com/sirupsen/logrus" "golang.org/x/sync/semaphore" ) @@ -127,13 +127,13 @@ func fetch(ctx context.Context, ingester content.Ingester, fetcher Fetcher, desc // most likely a poorly configured registry/web front end which responded with no // Content-Length header; unable (not to mention useless) to commit a 0-length entry // into the content store. Error out here otherwise the error sent back is confusing - return errors.Wrapf(errdefs.ErrInvalidArgument, "unable to fetch descriptor (%s) which reports content size of zero", desc.Digest) + return fmt.Errorf("unable to fetch descriptor (%s) which reports content size of zero: %w", desc.Digest, errdefs.ErrInvalidArgument) } if ws.Offset == desc.Size { // If writer is already complete, commit and return err := cw.Commit(ctx, desc.Size, desc.Digest) if err != nil && !errdefs.IsAlreadyExists(err) { - return errors.Wrapf(err, "failed commit on ref %q", ws.Ref) + return fmt.Errorf("failed commit on ref %q: %w", ws.Ref, err) } return nil } @@ -197,7 +197,11 @@ func push(ctx context.Context, provider content.Provider, pusher Pusher, desc oc // // Base handlers can be provided which will be called before any push specific // handlers. -func PushContent(ctx context.Context, pusher Pusher, desc ocispec.Descriptor, store content.Store, limiter *semaphore.Weighted, platform platforms.MatchComparer, wrapper func(h images.Handler) images.Handler) error { +// +// If the passed in content.Provider is also a content.InfoProvider (such as +// content.Manager) then this will also annotate the distribution sources using +// labels prefixed with "containerd.io/distribution.source". +func PushContent(ctx context.Context, pusher Pusher, desc ocispec.Descriptor, store content.Provider, limiter *semaphore.Weighted, platform platforms.MatchComparer, wrapper func(h images.Handler) images.Handler) error { var m sync.Mutex manifestStack := []ocispec.Descriptor{} @@ -219,13 +223,14 @@ func PushContent(ctx context.Context, pusher Pusher, desc ocispec.Descriptor, st platformFilterhandler := images.FilterPlatforms(images.ChildrenHandler(store), platform) - annotateHandler := annotateDistributionSourceHandler(platformFilterhandler, store) + var handler images.Handler + if m, ok := store.(content.InfoProvider); ok { + annotateHandler := annotateDistributionSourceHandler(platformFilterhandler, m) + handler = images.Handlers(annotateHandler, filterHandler, pushHandler) + } else { + handler = images.Handlers(platformFilterhandler, filterHandler, pushHandler) + } - var handler images.Handler = images.Handlers( - annotateHandler, - filterHandler, - pushHandler, - ) if wrapper != nil { handler = wrapper(handler) } @@ -243,8 +248,8 @@ func PushContent(ctx context.Context, pusher Pusher, desc ocispec.Descriptor, st // as a marker for this problem if (manifestStack[i].MediaType == ocispec.MediaTypeImageIndex || manifestStack[i].MediaType == images.MediaTypeDockerSchema2ManifestList) && - errors.Cause(err) != nil && strings.Contains(errors.Cause(err).Error(), "400 Bad Request") { - return errors.Wrap(err, "manifest list/index references to blobs and/or manifests are missing in your target registry") + errors.Unwrap(err) != nil && strings.Contains(errors.Unwrap(err).Error(), "400 Bad Request") { + return fmt.Errorf("manifest list/index references to blobs and/or manifests are missing in your target registry: %w", err) } return err } @@ -253,6 +258,43 @@ func PushContent(ctx context.Context, pusher Pusher, desc ocispec.Descriptor, st return nil } +// SkipNonDistributableBlobs returns a handler that skips blobs that have a media type that is "non-distributeable". +// An example of this kind of content would be a Windows base layer, which is not supposed to be redistributed. +// +// This is based on the media type of the content: +// - application/vnd.oci.image.layer.nondistributable +// - application/vnd.docker.image.rootfs.foreign +func SkipNonDistributableBlobs(f images.HandlerFunc) images.HandlerFunc { + return func(ctx context.Context, desc ocispec.Descriptor) ([]ocispec.Descriptor, error) { + if images.IsNonDistributable(desc.MediaType) { + log.G(ctx).WithField("digest", desc.Digest).WithField("mediatype", desc.MediaType).Debug("Skipping non-distributable blob") + return nil, images.ErrSkipDesc + } + + if images.IsLayerType(desc.MediaType) { + return nil, nil + } + + children, err := f(ctx, desc) + if err != nil { + return nil, err + } + if len(children) == 0 { + return nil, nil + } + + out := make([]ocispec.Descriptor, 0, len(children)) + for _, child := range children { + if !images.IsNonDistributable(child.MediaType) { + out = append(out, child) + } else { + log.G(ctx).WithField("digest", child.Digest).WithField("mediatype", child.MediaType).Debug("Skipping non-distributable blob") + } + } + return out, nil + } +} + // FilterManifestByPlatformHandler allows Handler to handle non-target // platform's manifest and configuration data. func FilterManifestByPlatformHandler(f images.HandlerFunc, m platforms.Matcher) images.HandlerFunc { @@ -290,14 +332,15 @@ func FilterManifestByPlatformHandler(f images.HandlerFunc, m platforms.Matcher) // annotateDistributionSourceHandler add distribution source label into // annotation of config or blob descriptor. -func annotateDistributionSourceHandler(f images.HandlerFunc, manager content.Manager) images.HandlerFunc { +func annotateDistributionSourceHandler(f images.HandlerFunc, provider content.InfoProvider) images.HandlerFunc { return func(ctx context.Context, desc ocispec.Descriptor) ([]ocispec.Descriptor, error) { children, err := f(ctx, desc) if err != nil { return nil, err } - // only add distribution source for the config or blob data descriptor + // Distribution source is only used for config or blob but may be inherited from + // a manifest or manifest list switch desc.MediaType { case images.MediaTypeDockerSchema2Manifest, ocispec.MediaTypeImageManifest, images.MediaTypeDockerSchema2ManifestList, ocispec.MediaTypeImageIndex: @@ -305,12 +348,28 @@ func annotateDistributionSourceHandler(f images.HandlerFunc, manager content.Man return children, nil } + // parentInfo can be used to inherit info for non-existent blobs + var parentInfo *content.Info + for i := range children { child := children[i] - info, err := manager.Info(ctx, child.Digest) + info, err := provider.Info(ctx, child.Digest) if err != nil { - return nil, err + if !errdefs.IsNotFound(err) { + return nil, err + } + if parentInfo == nil { + pi, err := provider.Info(ctx, desc.Digest) + if err != nil { + return nil, err + } + parentInfo = &pi + } + // Blob may not exist locally, annotate with parent labels for cross repo + // mount or fetch. Parent sources may apply to all children since most + // registries enforce that children exist before the manifests. + info = *parentInfo } for k, v := range info.Labels { diff --git a/index/generator/vendor/github.com/containerd/containerd/version/version.go b/index/generator/vendor/github.com/containerd/containerd/version/version.go index dda0ee93f..82c1559ba 100644 --- a/index/generator/vendor/github.com/containerd/containerd/version/version.go +++ b/index/generator/vendor/github.com/containerd/containerd/version/version.go @@ -23,7 +23,7 @@ var ( Package = "github.com/containerd/containerd" // Version holds the complete version number. Filled in at linking time. - Version = "1.5.9+unknown" + Version = "1.6.26+unknown" // Revision is filled with the VCS (e.g. git) revision being used to build // the program at linking time. diff --git a/index/generator/vendor/github.com/containerd/log/.golangci.yml b/index/generator/vendor/github.com/containerd/log/.golangci.yml new file mode 100644 index 000000000..a695775df --- /dev/null +++ b/index/generator/vendor/github.com/containerd/log/.golangci.yml @@ -0,0 +1,30 @@ +linters: + enable: + - exportloopref # Checks for pointers to enclosing loop variables + - gofmt + - goimports + - gosec + - ineffassign + - misspell + - nolintlint + - revive + - staticcheck + - tenv # Detects using os.Setenv instead of t.Setenv since Go 1.17 + - unconvert + - unused + - vet + - dupword # Checks for duplicate words in the source code + disable: + - errcheck + +run: + timeout: 5m + skip-dirs: + - api + - cluster + - design + - docs + - docs/man + - releases + - reports + - test # e2e scripts diff --git a/index/generator/vendor/github.com/containerd/log/LICENSE b/index/generator/vendor/github.com/containerd/log/LICENSE new file mode 100644 index 000000000..584149b6e --- /dev/null +++ b/index/generator/vendor/github.com/containerd/log/LICENSE @@ -0,0 +1,191 @@ + + Apache License + Version 2.0, January 2004 + https://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + Copyright The containerd Authors + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + https://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/index/generator/vendor/github.com/containerd/log/README.md b/index/generator/vendor/github.com/containerd/log/README.md new file mode 100644 index 000000000..00e084988 --- /dev/null +++ b/index/generator/vendor/github.com/containerd/log/README.md @@ -0,0 +1,17 @@ +# log + +A Go package providing a common logging interface across containerd repositories and a way for clients to use and configure logging in containerd packages. + +This package is not intended to be used as a standalone logging package outside of the containerd ecosystem and is intended as an interface wrapper around a logging implementation. +In the future this package may be replaced with a common go logging interface. + +## Project details + +**log** is a containerd sub-project, licensed under the [Apache 2.0 license](./LICENSE). +As a containerd sub-project, you will find the: + * [Project governance](https://github.com/containerd/project/blob/main/GOVERNANCE.md), + * [Maintainers](https://github.com/containerd/project/blob/main/MAINTAINERS), + * and [Contributing guidelines](https://github.com/containerd/project/blob/main/CONTRIBUTING.md) + +information in our [`containerd/project`](https://github.com/containerd/project) repository. + diff --git a/index/generator/vendor/github.com/containerd/log/context.go b/index/generator/vendor/github.com/containerd/log/context.go new file mode 100644 index 000000000..20153066f --- /dev/null +++ b/index/generator/vendor/github.com/containerd/log/context.go @@ -0,0 +1,182 @@ +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +// Package log provides types and functions related to logging, passing +// loggers through a context, and attaching context to the logger. +// +// # Transitional types +// +// This package contains various types that are aliases for types in [logrus]. +// These aliases are intended for transitioning away from hard-coding logrus +// as logging implementation. Consumers of this package are encouraged to use +// the type-aliases from this package instead of directly using their logrus +// equivalent. +// +// The intent is to replace these aliases with locally defined types and +// interfaces once all consumers are no longer directly importing logrus +// types. +// +// IMPORTANT: due to the transitional purpose of this package, it is not +// guaranteed for the full logrus API to be provided in the future. As +// outlined, these aliases are provided as a step to transition away from +// a specific implementation which, as a result, exposes the full logrus API. +// While no decisions have been made on the ultimate design and interface +// provided by this package, we do not expect carrying "less common" features. +package log + +import ( + "context" + "fmt" + + "github.com/sirupsen/logrus" +) + +// G is a shorthand for [GetLogger]. +// +// We may want to define this locally to a package to get package tagged log +// messages. +var G = GetLogger + +// L is an alias for the standard logger. +var L = &Entry{ + Logger: logrus.StandardLogger(), + // Default is three fields plus a little extra room. + Data: make(Fields, 6), +} + +type loggerKey struct{} + +// Fields type to pass to "WithFields". +type Fields = map[string]any + +// Entry is a logging entry. It contains all the fields passed with +// [Entry.WithFields]. It's finally logged when Trace, Debug, Info, Warn, +// Error, Fatal or Panic is called on it. These objects can be reused and +// passed around as much as you wish to avoid field duplication. +// +// Entry is a transitional type, and currently an alias for [logrus.Entry]. +type Entry = logrus.Entry + +// RFC3339NanoFixed is [time.RFC3339Nano] with nanoseconds padded using +// zeros to ensure the formatted time is always the same number of +// characters. +const RFC3339NanoFixed = "2006-01-02T15:04:05.000000000Z07:00" + +// Level is a logging level. +type Level = logrus.Level + +// Supported log levels. +const ( + // TraceLevel level. Designates finer-grained informational events + // than [DebugLevel]. + TraceLevel Level = logrus.TraceLevel + + // DebugLevel level. Usually only enabled when debugging. Very verbose + // logging. + DebugLevel Level = logrus.DebugLevel + + // InfoLevel level. General operational entries about what's going on + // inside the application. + InfoLevel Level = logrus.InfoLevel + + // WarnLevel level. Non-critical entries that deserve eyes. + WarnLevel Level = logrus.WarnLevel + + // ErrorLevel level. Logs errors that should definitely be noted. + // Commonly used for hooks to send errors to an error tracking service. + ErrorLevel Level = logrus.ErrorLevel + + // FatalLevel level. Logs and then calls "logger.Exit(1)". It exits + // even if the logging level is set to Panic. + FatalLevel Level = logrus.FatalLevel + + // PanicLevel level. This is the highest level of severity. Logs and + // then calls panic with the message passed to Debug, Info, ... + PanicLevel Level = logrus.PanicLevel +) + +// SetLevel sets log level globally. It returns an error if the given +// level is not supported. +// +// level can be one of: +// +// - "trace" ([TraceLevel]) +// - "debug" ([DebugLevel]) +// - "info" ([InfoLevel]) +// - "warn" ([WarnLevel]) +// - "error" ([ErrorLevel]) +// - "fatal" ([FatalLevel]) +// - "panic" ([PanicLevel]) +func SetLevel(level string) error { + lvl, err := logrus.ParseLevel(level) + if err != nil { + return err + } + + L.Logger.SetLevel(lvl) + return nil +} + +// GetLevel returns the current log level. +func GetLevel() Level { + return L.Logger.GetLevel() +} + +// OutputFormat specifies a log output format. +type OutputFormat string + +// Supported log output formats. +const ( + // TextFormat represents the text logging format. + TextFormat OutputFormat = "text" + + // JSONFormat represents the JSON logging format. + JSONFormat OutputFormat = "json" +) + +// SetFormat sets the log output format ([TextFormat] or [JSONFormat]). +func SetFormat(format OutputFormat) error { + switch format { + case TextFormat: + L.Logger.SetFormatter(&logrus.TextFormatter{ + TimestampFormat: RFC3339NanoFixed, + FullTimestamp: true, + }) + return nil + case JSONFormat: + L.Logger.SetFormatter(&logrus.JSONFormatter{ + TimestampFormat: RFC3339NanoFixed, + }) + return nil + default: + return fmt.Errorf("unknown log format: %s", format) + } +} + +// WithLogger returns a new context with the provided logger. Use in +// combination with logger.WithField(s) for great effect. +func WithLogger(ctx context.Context, logger *Entry) context.Context { + return context.WithValue(ctx, loggerKey{}, logger.WithContext(ctx)) +} + +// GetLogger retrieves the current logger from the context. If no logger is +// available, the default logger is returned. +func GetLogger(ctx context.Context) *Entry { + if logger := ctx.Value(loggerKey{}); logger != nil { + return logger.(*Entry) + } + return L.WithContext(ctx) +} diff --git a/index/generator/vendor/github.com/emicklei/go-restful/v3/CHANGES.md b/index/generator/vendor/github.com/emicklei/go-restful/v3/CHANGES.md index 74a378157..02a73ccfd 100644 --- a/index/generator/vendor/github.com/emicklei/go-restful/v3/CHANGES.md +++ b/index/generator/vendor/github.com/emicklei/go-restful/v3/CHANGES.md @@ -1,10 +1,21 @@ # Change history of go-restful -## [v3.9.0] - 20221-07-21 +## [v3.10.1] - 2022-11-19 + +- fix broken 3.10.0 by using path package for joining paths + +## [v3.10.0] - 2022-10-11 - BROKEN + +- changed tokenizer to match std route match behavior; do not trimright the path (#511) +- Add MIME_ZIP (#512) +- Add MIME_ZIP and HEADER_ContentDisposition (#513) +- Changed how to get query parameter issue #510 + +## [v3.9.0] - 2022-07-21 - add support for http.Handler implementations to work as FilterFunction, issue #504 (thanks to https://github.com/ggicci) -## [v3.8.0] - 20221-06-06 +## [v3.8.0] - 2022-06-06 - use exact matching of allowed domain entries, issue #489 (#493) - this changes fixes [security] Authorization Bypass Through User-Controlled Key diff --git a/index/generator/vendor/github.com/emicklei/go-restful/v3/constants.go b/index/generator/vendor/github.com/emicklei/go-restful/v3/constants.go index 203439c5e..2328bde6c 100644 --- a/index/generator/vendor/github.com/emicklei/go-restful/v3/constants.go +++ b/index/generator/vendor/github.com/emicklei/go-restful/v3/constants.go @@ -7,12 +7,14 @@ package restful const ( MIME_XML = "application/xml" // Accept or Content-Type used in Consumes() and/or Produces() MIME_JSON = "application/json" // Accept or Content-Type used in Consumes() and/or Produces() + MIME_ZIP = "application/zip" // Accept or Content-Type used in Consumes() and/or Produces() MIME_OCTET = "application/octet-stream" // If Content-Type is not present in request, use the default HEADER_Allow = "Allow" HEADER_Accept = "Accept" HEADER_Origin = "Origin" HEADER_ContentType = "Content-Type" + HEADER_ContentDisposition = "Content-Disposition" HEADER_LastModified = "Last-Modified" HEADER_AcceptEncoding = "Accept-Encoding" HEADER_ContentEncoding = "Content-Encoding" diff --git a/index/generator/vendor/github.com/emicklei/go-restful/v3/request.go b/index/generator/vendor/github.com/emicklei/go-restful/v3/request.go index 5725a0759..0020095e8 100644 --- a/index/generator/vendor/github.com/emicklei/go-restful/v3/request.go +++ b/index/generator/vendor/github.com/emicklei/go-restful/v3/request.go @@ -31,7 +31,8 @@ func NewRequest(httpRequest *http.Request) *Request { // a "Unable to unmarshal content of type:" response is returned. // Valid values are restful.MIME_JSON and restful.MIME_XML // Example: -// restful.DefaultRequestContentType(restful.MIME_JSON) +// +// restful.DefaultRequestContentType(restful.MIME_JSON) func DefaultRequestContentType(mime string) { defaultRequestContentType = mime } @@ -48,7 +49,7 @@ func (r *Request) PathParameters() map[string]string { // QueryParameter returns the (first) Query parameter value by its name func (r *Request) QueryParameter(name string) string { - return r.Request.FormValue(name) + return r.Request.URL.Query().Get(name) } // QueryParameters returns the all the query parameters values by name diff --git a/index/generator/vendor/github.com/emicklei/go-restful/v3/response.go b/index/generator/vendor/github.com/emicklei/go-restful/v3/response.go index 8f0b56aa2..a41a92cc2 100644 --- a/index/generator/vendor/github.com/emicklei/go-restful/v3/response.go +++ b/index/generator/vendor/github.com/emicklei/go-restful/v3/response.go @@ -109,6 +109,9 @@ func (r *Response) EntityWriter() (EntityReaderWriter, bool) { if DefaultResponseMimeType == MIME_XML { return entityAccessRegistry.accessorAt(MIME_XML) } + if DefaultResponseMimeType == MIME_ZIP { + return entityAccessRegistry.accessorAt(MIME_ZIP) + } // Fallback to whatever the route says it can produce. // https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html for _, each := range r.routeProduces { diff --git a/index/generator/vendor/github.com/emicklei/go-restful/v3/route.go b/index/generator/vendor/github.com/emicklei/go-restful/v3/route.go index 193f4a6b0..ea05b3da8 100644 --- a/index/generator/vendor/github.com/emicklei/go-restful/v3/route.go +++ b/index/generator/vendor/github.com/emicklei/go-restful/v3/route.go @@ -164,7 +164,7 @@ func tokenizePath(path string) []string { if "/" == path { return nil } - return strings.Split(strings.Trim(path, "/"), "/") + return strings.Split(strings.TrimLeft(path, "/"), "/") } // for debugging @@ -176,3 +176,5 @@ func (r *Route) String() string { func (r *Route) EnableContentEncoding(enabled bool) { r.contentEncodingEnabled = &enabled } + +var TrimRightSlashEnabled = false diff --git a/index/generator/vendor/github.com/emicklei/go-restful/v3/route_builder.go b/index/generator/vendor/github.com/emicklei/go-restful/v3/route_builder.go index 23641b6dd..830ebf148 100644 --- a/index/generator/vendor/github.com/emicklei/go-restful/v3/route_builder.go +++ b/index/generator/vendor/github.com/emicklei/go-restful/v3/route_builder.go @@ -7,6 +7,7 @@ package restful import ( "fmt" "os" + "path" "reflect" "runtime" "strings" @@ -46,11 +47,12 @@ type RouteBuilder struct { // Do evaluates each argument with the RouteBuilder itself. // This allows you to follow DRY principles without breaking the fluent programming style. // Example: -// ws.Route(ws.DELETE("/{name}").To(t.deletePerson).Do(Returns200, Returns500)) // -// func Returns500(b *RouteBuilder) { -// b.Returns(500, "Internal Server Error", restful.ServiceError{}) -// } +// ws.Route(ws.DELETE("/{name}").To(t.deletePerson).Do(Returns200, Returns500)) +// +// func Returns500(b *RouteBuilder) { +// b.Returns(500, "Internal Server Error", restful.ServiceError{}) +// } func (b *RouteBuilder) Do(oneArgBlocks ...func(*RouteBuilder)) *RouteBuilder { for _, each := range oneArgBlocks { each(b) @@ -352,7 +354,7 @@ func (b *RouteBuilder) Build() Route { } func concatPath(path1, path2 string) string { - return strings.TrimRight(path1, "/") + "/" + strings.TrimLeft(path2, "/") + return path.Join(path1, path2) } var anonymousFuncCount int32 diff --git a/index/generator/vendor/github.com/hashicorp/errwrap/errwrap.go b/index/generator/vendor/github.com/hashicorp/errwrap/errwrap.go index a733bef18..44e368e56 100644 --- a/index/generator/vendor/github.com/hashicorp/errwrap/errwrap.go +++ b/index/generator/vendor/github.com/hashicorp/errwrap/errwrap.go @@ -44,6 +44,8 @@ func Wrap(outer, inner error) error { // // format is the format of the error message. The string '{{err}}' will // be replaced with the original error message. +// +// Deprecated: Use fmt.Errorf() func Wrapf(format string, err error) error { outerMsg := "" if err != nil { @@ -148,6 +150,9 @@ func Walk(err error, cb WalkFunc) { for _, err := range e.WrappedErrors() { Walk(err, cb) } + case interface{ Unwrap() error }: + cb(err) + Walk(e.Unwrap(), cb) default: cb(err) } @@ -167,3 +172,7 @@ func (w *wrappedError) Error() string { func (w *wrappedError) WrappedErrors() []error { return []error{w.Outer, w.Inner} } + +func (w *wrappedError) Unwrap() error { + return w.Inner +} diff --git a/index/generator/vendor/github.com/opencontainers/image-spec/specs-go/v1/annotations.go b/index/generator/vendor/github.com/opencontainers/image-spec/specs-go/v1/annotations.go index 35d810895..6f9e6fd3a 100644 --- a/index/generator/vendor/github.com/opencontainers/image-spec/specs-go/v1/annotations.go +++ b/index/generator/vendor/github.com/opencontainers/image-spec/specs-go/v1/annotations.go @@ -53,4 +53,19 @@ const ( // AnnotationDescription is the annotation key for the human-readable description of the software packaged in the image. AnnotationDescription = "org.opencontainers.image.description" + + // AnnotationBaseImageDigest is the annotation key for the digest of the image's base image. + AnnotationBaseImageDigest = "org.opencontainers.image.base.digest" + + // AnnotationBaseImageName is the annotation key for the image reference of the image's base image. + AnnotationBaseImageName = "org.opencontainers.image.base.name" + + // AnnotationArtifactCreated is the annotation key for the date and time on which the artifact was built, conforming to RFC 3339. + AnnotationArtifactCreated = "org.opencontainers.artifact.created" + + // AnnotationArtifactDescription is the annotation key for the human readable description for the artifact. + AnnotationArtifactDescription = "org.opencontainers.artifact.description" + + // AnnotationReferrersFiltersApplied is the annotation key for the comma separated list of filters applied by the registry in the referrers listing. + AnnotationReferrersFiltersApplied = "org.opencontainers.referrers.filtersApplied" ) diff --git a/index/generator/vendor/github.com/opencontainers/image-spec/specs-go/v1/artifact.go b/index/generator/vendor/github.com/opencontainers/image-spec/specs-go/v1/artifact.go new file mode 100644 index 000000000..03d76ce43 --- /dev/null +++ b/index/generator/vendor/github.com/opencontainers/image-spec/specs-go/v1/artifact.go @@ -0,0 +1,34 @@ +// Copyright 2022 The Linux Foundation +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package v1 + +// Artifact describes an artifact manifest. +// This structure provides `application/vnd.oci.artifact.manifest.v1+json` mediatype when marshalled to JSON. +type Artifact struct { + // MediaType is the media type of the object this schema refers to. + MediaType string `json:"mediaType"` + + // ArtifactType is the IANA media type of the artifact this schema refers to. + ArtifactType string `json:"artifactType"` + + // Blobs is a collection of blobs referenced by this manifest. + Blobs []Descriptor `json:"blobs,omitempty"` + + // Subject (reference) is an optional link from the artifact to another manifest forming an association between the artifact and the other manifest. + Subject *Descriptor `json:"subject,omitempty"` + + // Annotations contains arbitrary metadata for the artifact manifest. + Annotations map[string]string `json:"annotations,omitempty"` +} diff --git a/index/generator/vendor/github.com/opencontainers/image-spec/specs-go/v1/config.go b/index/generator/vendor/github.com/opencontainers/image-spec/specs-go/v1/config.go index fe799bd69..e6aa113f0 100644 --- a/index/generator/vendor/github.com/opencontainers/image-spec/specs-go/v1/config.go +++ b/index/generator/vendor/github.com/opencontainers/image-spec/specs-go/v1/config.go @@ -48,6 +48,15 @@ type ImageConfig struct { // StopSignal contains the system call signal that will be sent to the container to exit. StopSignal string `json:"StopSignal,omitempty"` + + // ArgsEscaped `[Deprecated]` - This field is present only for legacy + // compatibility with Docker and should not be used by new image builders. + // It is used by Docker for Windows images to indicate that the `Entrypoint` + // or `Cmd` or both, contains only a single element array, that is a + // pre-escaped, and combined into a single string `CommandLine`. If `true` + // the value in `Entrypoint` or `Cmd` should be used as-is to avoid double + // escaping. + ArgsEscaped bool `json:"ArgsEscaped,omitempty"` } // RootFS describes a layer content addresses @@ -89,9 +98,20 @@ type Image struct { // Architecture is the CPU architecture which the binaries in this image are built to run on. Architecture string `json:"architecture"` + // Variant is the variant of the specified CPU architecture which image binaries are intended to run on. + Variant string `json:"variant,omitempty"` + // OS is the name of the operating system which the image is built to run on. OS string `json:"os"` + // OSVersion is an optional field specifying the operating system + // version, for example on Windows `10.0.14393.1066`. + OSVersion string `json:"os.version,omitempty"` + + // OSFeatures is an optional field specifying an array of strings, + // each listing a required OS feature (for example on Windows `win32k`). + OSFeatures []string `json:"os.features,omitempty"` + // Config defines the execution parameters which should be used as a base when running a container using the image. Config ImageConfig `json:"config,omitempty"` diff --git a/index/generator/vendor/github.com/opencontainers/image-spec/specs-go/v1/descriptor.go b/index/generator/vendor/github.com/opencontainers/image-spec/specs-go/v1/descriptor.go index 6e442a085..9654aa5af 100644 --- a/index/generator/vendor/github.com/opencontainers/image-spec/specs-go/v1/descriptor.go +++ b/index/generator/vendor/github.com/opencontainers/image-spec/specs-go/v1/descriptor.go @@ -1,4 +1,4 @@ -// Copyright 2016 The Linux Foundation +// Copyright 2016-2022 The Linux Foundation // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -35,10 +35,18 @@ type Descriptor struct { // Annotations contains arbitrary metadata relating to the targeted content. Annotations map[string]string `json:"annotations,omitempty"` + // Data is an embedding of the targeted content. This is encoded as a base64 + // string when marshalled to JSON (automatically, by encoding/json). If + // present, Data can be used directly to avoid fetching the targeted content. + Data []byte `json:"data,omitempty"` + // Platform describes the platform which the image in the manifest runs on. // // This should only be used when referring to a manifest. Platform *Platform `json:"platform,omitempty"` + + // ArtifactType is the IANA media type of this artifact. + ArtifactType string `json:"artifactType,omitempty"` } // Platform describes the platform which the image in the manifest runs on. diff --git a/index/generator/vendor/github.com/opencontainers/image-spec/specs-go/v1/index.go b/index/generator/vendor/github.com/opencontainers/image-spec/specs-go/v1/index.go index 82da6c6a8..ed4a56e59 100644 --- a/index/generator/vendor/github.com/opencontainers/image-spec/specs-go/v1/index.go +++ b/index/generator/vendor/github.com/opencontainers/image-spec/specs-go/v1/index.go @@ -21,7 +21,7 @@ import "github.com/opencontainers/image-spec/specs-go" type Index struct { specs.Versioned - // MediaType specificies the type of this document data structure e.g. `application/vnd.oci.image.index.v1+json` + // MediaType specifies the type of this document data structure e.g. `application/vnd.oci.image.index.v1+json` MediaType string `json:"mediaType,omitempty"` // Manifests references platform specific manifests. diff --git a/index/generator/vendor/github.com/opencontainers/image-spec/specs-go/v1/manifest.go b/index/generator/vendor/github.com/opencontainers/image-spec/specs-go/v1/manifest.go index d72d15ce4..730a09359 100644 --- a/index/generator/vendor/github.com/opencontainers/image-spec/specs-go/v1/manifest.go +++ b/index/generator/vendor/github.com/opencontainers/image-spec/specs-go/v1/manifest.go @@ -1,4 +1,4 @@ -// Copyright 2016 The Linux Foundation +// Copyright 2016-2022 The Linux Foundation // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -20,7 +20,7 @@ import "github.com/opencontainers/image-spec/specs-go" type Manifest struct { specs.Versioned - // MediaType specificies the type of this document data structure e.g. `application/vnd.oci.image.manifest.v1+json` + // MediaType specifies the type of this document data structure e.g. `application/vnd.oci.image.manifest.v1+json` MediaType string `json:"mediaType,omitempty"` // Config references a configuration object for a container, by digest. @@ -30,6 +30,9 @@ type Manifest struct { // Layers is an indexed list of layers referenced by the manifest. Layers []Descriptor `json:"layers"` + // Subject is an optional link from the image manifest to another manifest forming an association between the image manifest and the other manifest. + Subject *Descriptor `json:"subject,omitempty"` + // Annotations contains arbitrary metadata for the image manifest. Annotations map[string]string `json:"annotations,omitempty"` } diff --git a/index/generator/vendor/github.com/opencontainers/image-spec/specs-go/v1/mediatype.go b/index/generator/vendor/github.com/opencontainers/image-spec/specs-go/v1/mediatype.go index bad7bb97f..935b481e3 100644 --- a/index/generator/vendor/github.com/opencontainers/image-spec/specs-go/v1/mediatype.go +++ b/index/generator/vendor/github.com/opencontainers/image-spec/specs-go/v1/mediatype.go @@ -34,6 +34,10 @@ const ( // referenced by the manifest. MediaTypeImageLayerGzip = "application/vnd.oci.image.layer.v1.tar+gzip" + // MediaTypeImageLayerZstd is the media type used for zstd compressed + // layers referenced by the manifest. + MediaTypeImageLayerZstd = "application/vnd.oci.image.layer.v1.tar+zstd" + // MediaTypeImageLayerNonDistributable is the media type for layers referenced by // the manifest but with distribution restrictions. MediaTypeImageLayerNonDistributable = "application/vnd.oci.image.layer.nondistributable.v1.tar" @@ -43,6 +47,14 @@ const ( // restrictions. MediaTypeImageLayerNonDistributableGzip = "application/vnd.oci.image.layer.nondistributable.v1.tar+gzip" + // MediaTypeImageLayerNonDistributableZstd is the media type for zstd + // compressed layers referenced by the manifest but with distribution + // restrictions. + MediaTypeImageLayerNonDistributableZstd = "application/vnd.oci.image.layer.nondistributable.v1.tar+zstd" + // MediaTypeImageConfig specifies the media type for the image configuration. MediaTypeImageConfig = "application/vnd.oci.image.config.v1+json" + + // MediaTypeArtifactManifest specifies the media type for a content descriptor. + MediaTypeArtifactManifest = "application/vnd.oci.artifact.manifest.v1+json" ) diff --git a/index/generator/vendor/github.com/opencontainers/image-spec/specs-go/version.go b/index/generator/vendor/github.com/opencontainers/image-spec/specs-go/version.go index 0d9543f16..1afd590fe 100644 --- a/index/generator/vendor/github.com/opencontainers/image-spec/specs-go/version.go +++ b/index/generator/vendor/github.com/opencontainers/image-spec/specs-go/version.go @@ -20,12 +20,12 @@ const ( // VersionMajor is for an API incompatible changes VersionMajor = 1 // VersionMinor is for functionality in a backwards-compatible manner - VersionMinor = 0 + VersionMinor = 1 // VersionPatch is for backwards-compatible bug fixes - VersionPatch = 2 + VersionPatch = 0 // VersionDev indicates development branch. Releases will be empty string. - VersionDev = "" + VersionDev = "-dev" ) // Version is the specification version that the package types support. diff --git a/index/generator/vendor/github.com/sirupsen/logrus/README.md b/index/generator/vendor/github.com/sirupsen/logrus/README.md index b042c896f..d1d4a85fd 100644 --- a/index/generator/vendor/github.com/sirupsen/logrus/README.md +++ b/index/generator/vendor/github.com/sirupsen/logrus/README.md @@ -9,7 +9,7 @@ the last thing you want from your Logging library (again...). This does not mean Logrus is dead. Logrus will continue to be maintained for security, (backwards compatible) bug fixes, and performance (where we are -limited by the interface). +limited by the interface). I believe Logrus' biggest contribution is to have played a part in today's widespread use of structured logging in Golang. There doesn't seem to be a @@ -43,7 +43,7 @@ plain text): With `log.SetFormatter(&log.JSONFormatter{})`, for easy parsing by logstash or Splunk: -```json +```text {"animal":"walrus","level":"info","msg":"A group of walrus emerges from the ocean","size":10,"time":"2014-03-10 19:57:38.562264131 -0400 EDT"} @@ -99,7 +99,7 @@ time="2015-03-26T01:27:38-04:00" level=fatal method=github.com/sirupsen/arcticcr ``` Note that this does add measurable overhead - the cost will depend on the version of Go, but is between 20 and 40% in recent tests with 1.6 and 1.7. You can validate this in your -environment via benchmarks: +environment via benchmarks: ``` go test -bench=.*CallerTracing ``` @@ -317,6 +317,8 @@ log.SetLevel(log.InfoLevel) It may be useful to set `log.Level = logrus.DebugLevel` in a debug or verbose environment if your application has that. +Note: If you want different log levels for global (`log.SetLevel(...)`) and syslog logging, please check the [syslog hook README](hooks/syslog/README.md#different-log-levels-for-local-and-remote-logging). + #### Entries Besides the fields added with `WithField` or `WithFields` some fields are diff --git a/index/generator/vendor/github.com/sirupsen/logrus/writer.go b/index/generator/vendor/github.com/sirupsen/logrus/writer.go index 72e8e3a1b..074fd4b8b 100644 --- a/index/generator/vendor/github.com/sirupsen/logrus/writer.go +++ b/index/generator/vendor/github.com/sirupsen/logrus/writer.go @@ -4,6 +4,7 @@ import ( "bufio" "io" "runtime" + "strings" ) // Writer at INFO level. See WriterLevel for details. @@ -20,15 +21,18 @@ func (logger *Logger) WriterLevel(level Level) *io.PipeWriter { return NewEntry(logger).WriterLevel(level) } +// Writer returns an io.Writer that writes to the logger at the info log level func (entry *Entry) Writer() *io.PipeWriter { return entry.WriterLevel(InfoLevel) } +// WriterLevel returns an io.Writer that writes to the logger at the given log level func (entry *Entry) WriterLevel(level Level) *io.PipeWriter { reader, writer := io.Pipe() var printFunc func(args ...interface{}) + // Determine which log function to use based on the specified log level switch level { case TraceLevel: printFunc = entry.Trace @@ -48,23 +52,51 @@ func (entry *Entry) WriterLevel(level Level) *io.PipeWriter { printFunc = entry.Print } + // Start a new goroutine to scan the input and write it to the logger using the specified print function. + // It splits the input into chunks of up to 64KB to avoid buffer overflows. go entry.writerScanner(reader, printFunc) + + // Set a finalizer function to close the writer when it is garbage collected runtime.SetFinalizer(writer, writerFinalizer) return writer } +// writerScanner scans the input from the reader and writes it to the logger func (entry *Entry) writerScanner(reader *io.PipeReader, printFunc func(args ...interface{})) { scanner := bufio.NewScanner(reader) + + // Set the buffer size to the maximum token size to avoid buffer overflows + scanner.Buffer(make([]byte, bufio.MaxScanTokenSize), bufio.MaxScanTokenSize) + + // Define a split function to split the input into chunks of up to 64KB + chunkSize := bufio.MaxScanTokenSize // 64KB + splitFunc := func(data []byte, atEOF bool) (int, []byte, error) { + if len(data) >= chunkSize { + return chunkSize, data[:chunkSize], nil + } + + return bufio.ScanLines(data, atEOF) + } + + // Use the custom split function to split the input + scanner.Split(splitFunc) + + // Scan the input and write it to the logger using the specified print function for scanner.Scan() { - printFunc(scanner.Text()) + printFunc(strings.TrimRight(scanner.Text(), "\r\n")) } + + // If there was an error while scanning the input, log an error if err := scanner.Err(); err != nil { entry.Errorf("Error while reading from Writer: %s", err) } + + // Close the reader when we are done reader.Close() } +// WriterFinalizer is a finalizer function that closes then given writer when it is garbage collected func writerFinalizer(writer *io.PipeWriter) { writer.Close() } diff --git a/index/generator/vendor/modules.txt b/index/generator/vendor/modules.txt index ba8aa4bfe..63d1b6f65 100644 --- a/index/generator/vendor/modules.txt +++ b/index/generator/vendor/modules.txt @@ -12,6 +12,9 @@ github.com/Microsoft/go-winio/internal/fs github.com/Microsoft/go-winio/internal/socket github.com/Microsoft/go-winio/internal/stringbuffer github.com/Microsoft/go-winio/pkg/guid +# github.com/Microsoft/hcsshim v0.9.10 +## explicit; go 1.13 +github.com/Microsoft/hcsshim/osversion # github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371 ## explicit; go 1.13 github.com/ProtonMail/go-crypto/bitcurves @@ -52,8 +55,8 @@ github.com/cloudflare/circl/math/mlsbset github.com/cloudflare/circl/sign github.com/cloudflare/circl/sign/ed25519 github.com/cloudflare/circl/sign/ed448 -# github.com/containerd/containerd v1.5.9 -## explicit; go 1.16 +# github.com/containerd/containerd v1.6.26 +## explicit; go 1.19 github.com/containerd/containerd/archive/compression github.com/containerd/containerd/content github.com/containerd/containerd/content/local @@ -62,6 +65,7 @@ github.com/containerd/containerd/filters github.com/containerd/containerd/images github.com/containerd/containerd/labels github.com/containerd/containerd/log +github.com/containerd/containerd/pkg/randutil github.com/containerd/containerd/platforms github.com/containerd/containerd/reference github.com/containerd/containerd/remotes @@ -70,6 +74,9 @@ github.com/containerd/containerd/remotes/docker/auth github.com/containerd/containerd/remotes/docker/schema1 github.com/containerd/containerd/remotes/errors github.com/containerd/containerd/version +# github.com/containerd/log v0.1.0 +## explicit; go 1.20 +github.com/containerd/log # github.com/cyphar/filepath-securejoin v0.2.4 ## explicit; go 1.13 github.com/cyphar/filepath-securejoin @@ -161,7 +168,7 @@ github.com/docker/go-metrics # github.com/docker/go-units v0.4.0 ## explicit github.com/docker/go-units -# github.com/emicklei/go-restful/v3 v3.9.0 +# github.com/emicklei/go-restful/v3 v3.10.1 ## explicit; go 1.13 github.com/emicklei/go-restful/v3 github.com/emicklei/go-restful/v3/log @@ -312,7 +319,7 @@ github.com/gorilla/mux ## explicit github.com/gregjones/httpcache github.com/gregjones/httpcache/diskcache -# github.com/hashicorp/errwrap v1.0.0 +# github.com/hashicorp/errwrap v1.1.0 ## explicit github.com/hashicorp/errwrap # github.com/hashicorp/go-multierror v1.1.1 @@ -374,7 +381,7 @@ github.com/mattn/go-colorable # github.com/mattn/go-isatty v0.0.17 ## explicit; go 1.15 github.com/mattn/go-isatty -# github.com/matttproud/golang_protobuf_extensions v1.0.2 +# github.com/matttproud/golang_protobuf_extensions v1.0.4 ## explicit; go 1.9 github.com/matttproud/golang_protobuf_extensions/pbutil # github.com/mitchellh/go-homedir v1.1.0 @@ -411,8 +418,8 @@ github.com/nsf/jsondiff # github.com/opencontainers/go-digest v1.0.0 ## explicit; go 1.13 github.com/opencontainers/go-digest -# github.com/opencontainers/image-spec v1.0.2 -## explicit +# github.com/opencontainers/image-spec v1.1.0-rc2.0.20221005185240-3a7f492d3f1b +## explicit; go 1.17 github.com/opencontainers/image-spec/specs-go github.com/opencontainers/image-spec/specs-go/v1 # github.com/openshift/api v0.0.0-20200930075302-db52bc4ef99f @@ -466,7 +473,7 @@ github.com/sagikazarmark/slog-shim # github.com/sergi/go-diff v1.1.0 ## explicit; go 1.12 github.com/sergi/go-diff/diffmatchpatch -# github.com/sirupsen/logrus v1.9.0 +# github.com/sirupsen/logrus v1.9.3 ## explicit; go 1.13 github.com/sirupsen/logrus # github.com/skeema/knownhosts v1.2.1