diff --git a/go.mod b/go.mod index 8158985a58..2c2f0dfb94 100644 --- a/go.mod +++ b/go.mod @@ -7,7 +7,7 @@ require ( github.com/agnivade/levenshtein v1.1.1 github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883 github.com/bytecodealliance/wasmtime-go/v3 v3.0.2 - github.com/containerd/containerd v1.7.11 + github.com/containerd/containerd v1.6.19 github.com/dgraph-io/badger/v3 v3.2103.5 github.com/fortytw2/leaktest v1.3.0 github.com/foxcpp/go-mockdns v1.0.0 @@ -21,7 +21,7 @@ require ( github.com/gorilla/mux v1.8.1 github.com/olekukonko/tablewriter v0.0.5 github.com/opencontainers/go-digest v1.0.0 - github.com/opencontainers/image-spec v1.1.0-rc5 + github.com/opencontainers/image-spec v1.1.0-rc.6 github.com/peterh/liner v1.2.2 github.com/prometheus/client_golang v1.18.0 github.com/rcrowley/go-metrics v0.0.0-20200313005456-10cdbea86bc0 @@ -44,18 +44,15 @@ require ( google.golang.org/grpc v1.60.1 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c gopkg.in/yaml.v2 v2.4.0 - oras.land/oras-go/v2 v2.3.1 + oras.land/oras-go/v2 v2.2.0 sigs.k8s.io/yaml v1.4.0 ) require ( - github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 // indirect - github.com/Microsoft/hcsshim v0.11.4 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/cenkalti/backoff/v4 v4.2.1 // indirect github.com/cespare/xxhash v1.1.0 // indirect github.com/cespare/xxhash/v2 v2.2.0 // indirect - github.com/containerd/log v0.1.0 // indirect github.com/cpuguy83/go-md2man/v2 v2.0.3 // indirect github.com/davecgh/go-spew v1.1.1 // indirect github.com/dgraph-io/ristretto v0.1.1 // indirect diff --git a/go.sum b/go.sum index b1c3183bbe..c50cdccdf6 100644 --- a/go.sum +++ b/go.sum @@ -1,10 +1,5 @@ cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 h1:bvDV9vkmnHYOMsOr4WLk+Vo07yKIzd94sVoIqshQ4bU= -github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24/go.mod h1:8o94RPi1/7XTJvwPpRSzSUedZrtlirdB3r9Z20bi2f8= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= -github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow= -github.com/Microsoft/hcsshim v0.11.4 h1:68vKo2VN8DE9AdN4tnkWnmdhqdbpUFM8OF3Airm7fz8= -github.com/Microsoft/hcsshim v0.11.4/go.mod h1:smjE4dvqPX9Zldna+t5FG3rnoHhaB7QYxPRqGcpAD9w= github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= github.com/OneOfOne/xxhash v1.2.8 h1:31czK/TI9sNkxIKfaUfGlU47BAxQ0ztGgd9vPyqimf8= github.com/OneOfOne/xxhash v1.2.8/go.mod h1:eZbhyaAYD41SGSSsnmcpxVoRiQ/MPUTjUdIIOT9Um7Q= @@ -29,12 +24,8 @@ github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= -github.com/containerd/cgroups v1.1.0 h1:v8rEWFl6EoqHB+swVNjVoCJE8o3jX7e8nqBGPLaDFBM= -github.com/containerd/containerd v1.7.11 h1:lfGKw3eU35sjV0aG2eYZTiwFEY1pCzxdzicHP3SZILw= -github.com/containerd/containerd v1.7.11/go.mod h1:5UluHxHTX2rdvYuZ5OJTC5m/KJNs0Zs9wVoJm9zf5ZE= -github.com/containerd/continuity v0.4.2 h1:v3y/4Yz5jwnvqPKJJ+7Wf93fyWoCB3F5EclWG023MDM= -github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I= -github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo= +github.com/containerd/containerd v1.6.19 h1:F0qgQPrG0P2JPgwpxWxYavrVeXAG0ezUIB9Z/4FTUAU= +github.com/containerd/containerd v1.6.19/go.mod h1:HZCDMn4v/Xl2579/MvtOC2M206i+JJ6VxFWU/NetrGY= github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk= github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= @@ -151,13 +142,12 @@ github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrk github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= github.com/moby/locker v1.0.1 h1:fOXqR41zeveg4fFODix+1Ch4mj/gT0NE1XJbp/epuBg= github.com/moby/locker v1.0.1/go.mod h1:S7SDdo5zpBK84bzzVlKr2V0hz+7x9hWbYC/kq7oQppc= -github.com/moby/sys/mountinfo v0.6.2 h1:BzJjoreD5BMFNmD9Rus6gdd1pLuecOFPt8wC+Vygl78= github.com/olekukonko/tablewriter v0.0.5 h1:P2Ga83D34wi1o9J6Wh1mRuqd4mF/x/lgBS7N7AbDhec= github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= -github.com/opencontainers/image-spec v1.1.0-rc5 h1:Ygwkfw9bpDvs+c9E34SdgGOj41dX/cbdlwvlWt0pnFI= -github.com/opencontainers/image-spec v1.1.0-rc5/go.mod h1:X4pATf0uXsnn3g5aiGIsVnJBR4mxhKzfwmvK/B2NTm8= +github.com/opencontainers/image-spec v1.1.0-rc.6 h1:Kv1Dp8IuQevyC6QTol7CYJWdQMfpRUhmJ1yntMKiJR0= +github.com/opencontainers/image-spec v1.1.0-rc.6/go.mod h1:W4s4sFTMaBeK1BQLXbG4AdM2szdn85PY75RI83NrTrM= github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= github.com/peterh/liner v1.2.2 h1:aJ4AOodmL+JxOZZEL2u9iJf8omNRpqHc/EbrK+3mAXw= github.com/peterh/liner v1.2.2/go.mod h1:xFwJyiKIXJZUKItq5dGHZSTBRAuG/CpeNpWLyiNRNwI= @@ -256,7 +246,6 @@ golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvx golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.11.0 h1:bUO06HqtnRcc/7l71XBe4WcqTZ+3AH1J59zWDDwLKgU= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -312,7 +301,6 @@ golang.org/x/tools v0.0.0-20190907020128-2ca718005c18/go.mod h1:b+2E5dAYhXwXZwtn golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.10.0 h1:tvDr/iQoUqNdohiYm0LmmKcBk+q86lb9EprIUFhHHGg= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -359,9 +347,10 @@ gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gotest.tools/v3 v3.0.3 h1:4AuOwCGf4lLR9u3YOe2awrHygurzhO/HeQ6laiA6Sx0= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -oras.land/oras-go/v2 v2.3.1 h1:lUC6q8RkeRReANEERLfH86iwGn55lbSWP20egdFHVec= -oras.land/oras-go/v2 v2.3.1/go.mod h1:5AQXVEu1X/FKp1F9DMOb5ZItZBOa0y5dha0yCm4NR9c= +oras.land/oras-go/v2 v2.2.0 h1:E1fqITD56Eg5neZbxBtAdZVgDHD6wBabJo6xESTcQyo= +oras.land/oras-go/v2 v2.2.0/go.mod h1:pXjn0+KfarspMHHNR3A56j3tgvr+mxArHuI8qVn59v8= sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E= sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY= diff --git a/vendor/github.com/AdaLogics/go-fuzz-headers/LICENSE b/vendor/github.com/AdaLogics/go-fuzz-headers/LICENSE deleted file mode 100644 index 261eeb9e9f..0000000000 --- a/vendor/github.com/AdaLogics/go-fuzz-headers/LICENSE +++ /dev/null @@ -1,201 +0,0 @@ - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/vendor/github.com/AdaLogics/go-fuzz-headers/README.md b/vendor/github.com/AdaLogics/go-fuzz-headers/README.md deleted file mode 100644 index 0a0d60c746..0000000000 --- a/vendor/github.com/AdaLogics/go-fuzz-headers/README.md +++ /dev/null @@ -1,93 +0,0 @@ -# go-fuzz-headers -This repository contains various helper functions for go fuzzing. It is mostly used in combination with [go-fuzz](https://github.com/dvyukov/go-fuzz), but compatibility with fuzzing in the standard library will also be supported. Any coverage guided fuzzing engine that provides an array or slice of bytes can be used with go-fuzz-headers. - - -## Usage -Using go-fuzz-headers is easy. First create a new consumer with the bytes provided by the fuzzing engine: - -```go -import ( - fuzz "github.com/AdaLogics/go-fuzz-headers" -) -data := []byte{'R', 'a', 'n', 'd', 'o', 'm'} -f := fuzz.NewConsumer(data) - -``` - -This creates a `Consumer` that consumes the bytes of the input as it uses them to fuzz different types. - -After that, `f` can be used to easily create fuzzed instances of different types. Below are some examples: - -### Structs -One of the most useful features of go-fuzz-headers is its ability to fill structs with the data provided by the fuzzing engine. This is done with a single line: -```go -type Person struct { - Name string - Age int -} -p := Person{} -// Fill p with values based on the data provided by the fuzzing engine: -err := f.GenerateStruct(&p) -``` - -This includes nested structs too. In this example, the fuzz Consumer will also insert values in `p.BestFriend`: -```go -type PersonI struct { - Name string - Age int - BestFriend PersonII -} -type PersonII struct { - Name string - Age int -} -p := PersonI{} -err := f.GenerateStruct(&p) -``` - -If the consumer should insert values for unexported fields as well as exported, this can be enabled with: - -```go -f.AllowUnexportedFields() -``` - -...and disabled with: - -```go -f.DisallowUnexportedFields() -``` - -### Other types: - -Other useful APIs: - -```go -createdString, err := f.GetString() // Gets a string -createdInt, err := f.GetInt() // Gets an integer -createdByte, err := f.GetByte() // Gets a byte -createdBytes, err := f.GetBytes() // Gets a byte slice -createdBool, err := f.GetBool() // Gets a boolean -err := f.FuzzMap(target_map) // Fills a map -createdTarBytes, err := f.TarBytes() // Gets bytes of a valid tar archive -err := f.CreateFiles(inThisDir) // Fills inThisDir with files -createdString, err := f.GetStringFrom("anyCharInThisString", ofThisLength) // Gets a string that consists of chars from "anyCharInThisString" and has the exact length "ofThisLength" -``` - -Most APIs are added as they are needed. - -## Projects that use go-fuzz-headers -- [runC](https://github.com/opencontainers/runc) -- [Istio](https://github.com/istio/istio) -- [Vitess](https://github.com/vitessio/vitess) -- [Containerd](https://github.com/containerd/containerd) - -Feel free to add your own project to the list, if you use go-fuzz-headers to fuzz it. - - - - -## Status -The project is under development and will be updated regularly. - -## References -go-fuzz-headers' approach to fuzzing structs is strongly inspired by [gofuzz](https://github.com/google/gofuzz). \ No newline at end of file diff --git a/vendor/github.com/AdaLogics/go-fuzz-headers/consumer.go b/vendor/github.com/AdaLogics/go-fuzz-headers/consumer.go deleted file mode 100644 index adfeedf5e8..0000000000 --- a/vendor/github.com/AdaLogics/go-fuzz-headers/consumer.go +++ /dev/null @@ -1,914 +0,0 @@ -// Copyright 2023 The go-fuzz-headers Authors. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package gofuzzheaders - -import ( - "archive/tar" - "bytes" - "encoding/binary" - "errors" - "fmt" - "io" - "math" - "os" - "path/filepath" - "reflect" - "strconv" - "strings" - "time" - "unsafe" -) - -var ( - MaxTotalLen uint32 = 2000000 - maxDepth = 100 -) - -func SetMaxTotalLen(newLen uint32) { - MaxTotalLen = newLen -} - -type ConsumeFuzzer struct { - data []byte - dataTotal uint32 - CommandPart []byte - RestOfArray []byte - NumberOfCalls int - position uint32 - fuzzUnexportedFields bool - curDepth int - Funcs map[reflect.Type]reflect.Value -} - -func IsDivisibleBy(n int, divisibleby int) bool { - return (n % divisibleby) == 0 -} - -func NewConsumer(fuzzData []byte) *ConsumeFuzzer { - return &ConsumeFuzzer{ - data: fuzzData, - dataTotal: uint32(len(fuzzData)), - Funcs: make(map[reflect.Type]reflect.Value), - curDepth: 0, - } -} - -func (f *ConsumeFuzzer) Split(minCalls, maxCalls int) error { - if f.dataTotal == 0 { - return errors.New("could not split") - } - numberOfCalls := int(f.data[0]) - if numberOfCalls < minCalls || numberOfCalls > maxCalls { - return errors.New("bad number of calls") - } - if int(f.dataTotal) < numberOfCalls+numberOfCalls+1 { - return errors.New("length of data does not match required parameters") - } - - // Define part 2 and 3 of the data array - commandPart := f.data[1 : numberOfCalls+1] - restOfArray := f.data[numberOfCalls+1:] - - // Just a small check. It is necessary - if len(commandPart) != numberOfCalls { - return errors.New("length of commandPart does not match number of calls") - } - - // Check if restOfArray is divisible by numberOfCalls - if !IsDivisibleBy(len(restOfArray), numberOfCalls) { - return errors.New("length of commandPart does not match number of calls") - } - f.CommandPart = commandPart - f.RestOfArray = restOfArray - f.NumberOfCalls = numberOfCalls - return nil -} - -func (f *ConsumeFuzzer) AllowUnexportedFields() { - f.fuzzUnexportedFields = true -} - -func (f *ConsumeFuzzer) DisallowUnexportedFields() { - f.fuzzUnexportedFields = false -} - -func (f *ConsumeFuzzer) GenerateStruct(targetStruct interface{}) error { - e := reflect.ValueOf(targetStruct).Elem() - return f.fuzzStruct(e, false) -} - -func (f *ConsumeFuzzer) setCustom(v reflect.Value) error { - // First: see if we have a fuzz function for it. - doCustom, ok := f.Funcs[v.Type()] - if !ok { - return fmt.Errorf("could not find a custom function") - } - - switch v.Kind() { - case reflect.Ptr: - if v.IsNil() { - if !v.CanSet() { - return fmt.Errorf("could not use a custom function") - } - v.Set(reflect.New(v.Type().Elem())) - } - case reflect.Map: - if v.IsNil() { - if !v.CanSet() { - return fmt.Errorf("could not use a custom function") - } - v.Set(reflect.MakeMap(v.Type())) - } - default: - return fmt.Errorf("could not use a custom function") - } - - verr := doCustom.Call([]reflect.Value{v, reflect.ValueOf(Continue{ - F: f, - })}) - - // check if we return an error - if verr[0].IsNil() { - return nil - } - return fmt.Errorf("could not use a custom function") -} - -func (f *ConsumeFuzzer) fuzzStruct(e reflect.Value, customFunctions bool) error { - if f.curDepth >= maxDepth { - // return err or nil here? - return nil - } - f.curDepth++ - defer func() { f.curDepth-- }() - - // We check if we should check for custom functions - if customFunctions && e.IsValid() && e.CanAddr() { - err := f.setCustom(e.Addr()) - if err != nil { - return err - } - } - - switch e.Kind() { - case reflect.Struct: - for i := 0; i < e.NumField(); i++ { - var v reflect.Value - if !e.Field(i).CanSet() { - if f.fuzzUnexportedFields { - v = reflect.NewAt(e.Field(i).Type(), unsafe.Pointer(e.Field(i).UnsafeAddr())).Elem() - } - if err := f.fuzzStruct(v, customFunctions); err != nil { - return err - } - } else { - v = e.Field(i) - if err := f.fuzzStruct(v, customFunctions); err != nil { - return err - } - } - } - case reflect.String: - str, err := f.GetString() - if err != nil { - return err - } - if e.CanSet() { - e.SetString(str) - } - case reflect.Slice: - var maxElements uint32 - // Byte slices should not be restricted - if e.Type().String() == "[]uint8" { - maxElements = 10000000 - } else { - maxElements = 50 - } - - randQty, err := f.GetUint32() - if err != nil { - return err - } - numOfElements := randQty % maxElements - if (f.dataTotal - f.position) < numOfElements { - numOfElements = f.dataTotal - f.position - } - - uu := reflect.MakeSlice(e.Type(), int(numOfElements), int(numOfElements)) - - for i := 0; i < int(numOfElements); i++ { - // If we have more than 10, then we can proceed with that. - if err := f.fuzzStruct(uu.Index(i), customFunctions); err != nil { - if i >= 10 { - if e.CanSet() { - e.Set(uu) - } - return nil - } else { - return err - } - } - } - if e.CanSet() { - e.Set(uu) - } - case reflect.Uint16: - newInt, err := f.GetUint16() - if err != nil { - return err - } - if e.CanSet() { - e.SetUint(uint64(newInt)) - } - case reflect.Uint32: - newInt, err := f.GetUint32() - if err != nil { - return err - } - if e.CanSet() { - e.SetUint(uint64(newInt)) - } - case reflect.Uint64: - newInt, err := f.GetInt() - if err != nil { - return err - } - if e.CanSet() { - e.SetUint(uint64(newInt)) - } - case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64: - newInt, err := f.GetInt() - if err != nil { - return err - } - if e.CanSet() { - e.SetInt(int64(newInt)) - } - case reflect.Float32: - newFloat, err := f.GetFloat32() - if err != nil { - return err - } - if e.CanSet() { - e.SetFloat(float64(newFloat)) - } - case reflect.Float64: - newFloat, err := f.GetFloat64() - if err != nil { - return err - } - if e.CanSet() { - e.SetFloat(float64(newFloat)) - } - case reflect.Map: - if e.CanSet() { - e.Set(reflect.MakeMap(e.Type())) - const maxElements = 50 - randQty, err := f.GetInt() - if err != nil { - return err - } - numOfElements := randQty % maxElements - for i := 0; i < numOfElements; i++ { - key := reflect.New(e.Type().Key()).Elem() - if err := f.fuzzStruct(key, customFunctions); err != nil { - return err - } - val := reflect.New(e.Type().Elem()).Elem() - if err = f.fuzzStruct(val, customFunctions); err != nil { - return err - } - e.SetMapIndex(key, val) - } - } - case reflect.Ptr: - if e.CanSet() { - e.Set(reflect.New(e.Type().Elem())) - if err := f.fuzzStruct(e.Elem(), customFunctions); err != nil { - return err - } - return nil - } - case reflect.Uint8: - b, err := f.GetByte() - if err != nil { - return err - } - if e.CanSet() { - e.SetUint(uint64(b)) - } - } - return nil -} - -func (f *ConsumeFuzzer) GetStringArray() (reflect.Value, error) { - // The max size of the array: - const max uint32 = 20 - - arraySize := f.position - if arraySize > max { - arraySize = max - } - stringArray := reflect.MakeSlice(reflect.SliceOf(reflect.TypeOf("string")), int(arraySize), int(arraySize)) - if f.position+arraySize >= f.dataTotal { - return stringArray, errors.New("could not make string array") - } - - for i := 0; i < int(arraySize); i++ { - stringSize := uint32(f.data[f.position]) - if f.position+stringSize >= f.dataTotal { - return stringArray, nil - } - stringToAppend := string(f.data[f.position : f.position+stringSize]) - strVal := reflect.ValueOf(stringToAppend) - stringArray = reflect.Append(stringArray, strVal) - f.position += stringSize - } - return stringArray, nil -} - -func (f *ConsumeFuzzer) GetInt() (int, error) { - if f.position >= f.dataTotal { - return 0, errors.New("not enough bytes to create int") - } - returnInt := int(f.data[f.position]) - f.position++ - return returnInt, nil -} - -func (f *ConsumeFuzzer) GetByte() (byte, error) { - if f.position >= f.dataTotal { - return 0x00, errors.New("not enough bytes to get byte") - } - returnByte := f.data[f.position] - f.position++ - return returnByte, nil -} - -func (f *ConsumeFuzzer) GetNBytes(numberOfBytes int) ([]byte, error) { - if f.position >= f.dataTotal { - return nil, errors.New("not enough bytes to get byte") - } - returnBytes := make([]byte, 0, numberOfBytes) - for i := 0; i < numberOfBytes; i++ { - newByte, err := f.GetByte() - if err != nil { - return nil, err - } - returnBytes = append(returnBytes, newByte) - } - return returnBytes, nil -} - -func (f *ConsumeFuzzer) GetUint16() (uint16, error) { - u16, err := f.GetNBytes(2) - if err != nil { - return 0, err - } - littleEndian, err := f.GetBool() - if err != nil { - return 0, err - } - if littleEndian { - return binary.LittleEndian.Uint16(u16), nil - } - return binary.BigEndian.Uint16(u16), nil -} - -func (f *ConsumeFuzzer) GetUint32() (uint32, error) { - u32, err := f.GetNBytes(4) - if err != nil { - return 0, err - } - return binary.BigEndian.Uint32(u32), nil -} - -func (f *ConsumeFuzzer) GetUint64() (uint64, error) { - u64, err := f.GetNBytes(8) - if err != nil { - return 0, err - } - littleEndian, err := f.GetBool() - if err != nil { - return 0, err - } - if littleEndian { - return binary.LittleEndian.Uint64(u64), nil - } - return binary.BigEndian.Uint64(u64), nil -} - -func (f *ConsumeFuzzer) GetBytes() ([]byte, error) { - var length uint32 - var err error - length, err = f.GetUint32() - if err != nil { - return nil, errors.New("not enough bytes to create byte array") - } - - if length == 0 { - length = 30 - } - bytesLeft := f.dataTotal - f.position - if bytesLeft <= 0 { - return nil, errors.New("not enough bytes to create byte array") - } - - // If the length is the same as bytes left, we will not overflow - // the remaining bytes. - if length != bytesLeft { - length = length % bytesLeft - } - byteBegin := f.position - if byteBegin+length < byteBegin { - return nil, errors.New("numbers overflow") - } - f.position = byteBegin + length - return f.data[byteBegin:f.position], nil -} - -func (f *ConsumeFuzzer) GetString() (string, error) { - if f.position >= f.dataTotal { - return "nil", errors.New("not enough bytes to create string") - } - length, err := f.GetUint32() - if err != nil { - return "nil", errors.New("not enough bytes to create string") - } - if f.position > MaxTotalLen { - return "nil", errors.New("created too large a string") - } - byteBegin := f.position - if byteBegin >= f.dataTotal { - return "nil", errors.New("not enough bytes to create string") - } - if byteBegin+length > f.dataTotal { - return "nil", errors.New("not enough bytes to create string") - } - if byteBegin > byteBegin+length { - return "nil", errors.New("numbers overflow") - } - f.position = byteBegin + length - return string(f.data[byteBegin:f.position]), nil -} - -func (f *ConsumeFuzzer) GetBool() (bool, error) { - if f.position >= f.dataTotal { - return false, errors.New("not enough bytes to create bool") - } - if IsDivisibleBy(int(f.data[f.position]), 2) { - f.position++ - return true, nil - } else { - f.position++ - return false, nil - } -} - -func (f *ConsumeFuzzer) FuzzMap(m interface{}) error { - return f.GenerateStruct(m) -} - -func returnTarBytes(buf []byte) ([]byte, error) { - return buf, nil - // Count files - var fileCounter int - tr := tar.NewReader(bytes.NewReader(buf)) - for { - _, err := tr.Next() - if err == io.EOF { - break - } - if err != nil { - return nil, err - } - fileCounter++ - } - if fileCounter >= 1 { - return buf, nil - } - return nil, fmt.Errorf("not enough files were created\n") -} - -func setTarHeaderFormat(hdr *tar.Header, f *ConsumeFuzzer) error { - ind, err := f.GetInt() - if err != nil { - hdr.Format = tar.FormatGNU - //return nil - } - switch ind % 4 { - case 0: - hdr.Format = tar.FormatUnknown - case 1: - hdr.Format = tar.FormatUSTAR - case 2: - hdr.Format = tar.FormatPAX - case 3: - hdr.Format = tar.FormatGNU - } - return nil -} - -func setTarHeaderTypeflag(hdr *tar.Header, f *ConsumeFuzzer) error { - ind, err := f.GetInt() - if err != nil { - return err - } - switch ind % 13 { - case 0: - hdr.Typeflag = tar.TypeReg - case 1: - hdr.Typeflag = tar.TypeLink - linkname, err := f.GetString() - if err != nil { - return err - } - hdr.Linkname = linkname - case 2: - hdr.Typeflag = tar.TypeSymlink - linkname, err := f.GetString() - if err != nil { - return err - } - hdr.Linkname = linkname - case 3: - hdr.Typeflag = tar.TypeChar - case 4: - hdr.Typeflag = tar.TypeBlock - case 5: - hdr.Typeflag = tar.TypeDir - case 6: - hdr.Typeflag = tar.TypeFifo - case 7: - hdr.Typeflag = tar.TypeCont - case 8: - hdr.Typeflag = tar.TypeXHeader - case 9: - hdr.Typeflag = tar.TypeXGlobalHeader - case 10: - hdr.Typeflag = tar.TypeGNUSparse - case 11: - hdr.Typeflag = tar.TypeGNULongName - case 12: - hdr.Typeflag = tar.TypeGNULongLink - } - return nil -} - -func (f *ConsumeFuzzer) createTarFileBody() ([]byte, error) { - return f.GetBytes() - /*length, err := f.GetUint32() - if err != nil { - return nil, errors.New("not enough bytes to create byte array") - } - - // A bit of optimization to attempt to create a file body - // when we don't have as many bytes left as "length" - remainingBytes := f.dataTotal - f.position - if remainingBytes <= 0 { - return nil, errors.New("created too large a string") - } - if f.position+length > MaxTotalLen { - return nil, errors.New("created too large a string") - } - byteBegin := f.position - if byteBegin >= f.dataTotal { - return nil, errors.New("not enough bytes to create byte array") - } - if length == 0 { - return nil, errors.New("zero-length is not supported") - } - if byteBegin+length >= f.dataTotal { - return nil, errors.New("not enough bytes to create byte array") - } - if byteBegin+length < byteBegin { - return nil, errors.New("numbers overflow") - } - f.position = byteBegin + length - return f.data[byteBegin:f.position], nil*/ -} - -// getTarFileName is similar to GetString(), but creates string based -// on the length of f.data to reduce the likelihood of overflowing -// f.data. -func (f *ConsumeFuzzer) getTarFilename() (string, error) { - return f.GetString() - /*length, err := f.GetUint32() - if err != nil { - return "nil", errors.New("not enough bytes to create string") - } - - // A bit of optimization to attempt to create a file name - // when we don't have as many bytes left as "length" - remainingBytes := f.dataTotal - f.position - if remainingBytes <= 0 { - return "nil", errors.New("created too large a string") - } - if f.position > MaxTotalLen { - return "nil", errors.New("created too large a string") - } - byteBegin := f.position - if byteBegin >= f.dataTotal { - return "nil", errors.New("not enough bytes to create string") - } - if byteBegin+length > f.dataTotal { - return "nil", errors.New("not enough bytes to create string") - } - if byteBegin > byteBegin+length { - return "nil", errors.New("numbers overflow") - } - f.position = byteBegin + length - return string(f.data[byteBegin:f.position]), nil*/ -} - -type TarFile struct { - Hdr *tar.Header - Body []byte -} - -// TarBytes returns valid bytes for a tar archive -func (f *ConsumeFuzzer) TarBytes() ([]byte, error) { - numberOfFiles, err := f.GetInt() - if err != nil { - return nil, err - } - var tarFiles []*TarFile - tarFiles = make([]*TarFile, 0) - - const maxNoOfFiles = 100 - for i := 0; i < numberOfFiles%maxNoOfFiles; i++ { - var filename string - var filebody []byte - var sec, nsec int - var err error - - filename, err = f.getTarFilename() - if err != nil { - var sb strings.Builder - sb.WriteString("file-") - sb.WriteString(strconv.Itoa(i)) - filename = sb.String() - } - filebody, err = f.createTarFileBody() - if err != nil { - var sb strings.Builder - sb.WriteString("filebody-") - sb.WriteString(strconv.Itoa(i)) - filebody = []byte(sb.String()) - } - - sec, err = f.GetInt() - if err != nil { - sec = 1672531200 // beginning of 2023 - } - nsec, err = f.GetInt() - if err != nil { - nsec = 1703980800 // end of 2023 - } - - hdr := &tar.Header{ - Name: filename, - Size: int64(len(filebody)), - Mode: 0o600, - ModTime: time.Unix(int64(sec), int64(nsec)), - } - if err := setTarHeaderTypeflag(hdr, f); err != nil { - return []byte(""), err - } - if err := setTarHeaderFormat(hdr, f); err != nil { - return []byte(""), err - } - tf := &TarFile{ - Hdr: hdr, - Body: filebody, - } - tarFiles = append(tarFiles, tf) - } - - var buf bytes.Buffer - tw := tar.NewWriter(&buf) - defer tw.Close() - - for _, tf := range tarFiles { - tw.WriteHeader(tf.Hdr) - tw.Write(tf.Body) - } - return buf.Bytes(), nil -} - -// This is similar to TarBytes, but it returns a series of -// files instead of raw tar bytes. The advantage of this -// api is that it is cheaper in terms of cpu power to -// modify or check the files in the fuzzer with TarFiles() -// because it avoids creating a tar reader. -func (f *ConsumeFuzzer) TarFiles() ([]*TarFile, error) { - numberOfFiles, err := f.GetInt() - if err != nil { - return nil, err - } - var tarFiles []*TarFile - tarFiles = make([]*TarFile, 0) - - const maxNoOfFiles = 100 - for i := 0; i < numberOfFiles%maxNoOfFiles; i++ { - filename, err := f.getTarFilename() - if err != nil { - return tarFiles, err - } - filebody, err := f.createTarFileBody() - if err != nil { - return tarFiles, err - } - - sec, err := f.GetInt() - if err != nil { - return tarFiles, err - } - nsec, err := f.GetInt() - if err != nil { - return tarFiles, err - } - - hdr := &tar.Header{ - Name: filename, - Size: int64(len(filebody)), - Mode: 0o600, - ModTime: time.Unix(int64(sec), int64(nsec)), - } - if err := setTarHeaderTypeflag(hdr, f); err != nil { - hdr.Typeflag = tar.TypeReg - } - if err := setTarHeaderFormat(hdr, f); err != nil { - return tarFiles, err // should not happend - } - tf := &TarFile{ - Hdr: hdr, - Body: filebody, - } - tarFiles = append(tarFiles, tf) - } - return tarFiles, nil -} - -// CreateFiles creates pseudo-random files in rootDir. -// It creates subdirs and places the files there. -// It is the callers responsibility to ensure that -// rootDir exists. -func (f *ConsumeFuzzer) CreateFiles(rootDir string) error { - numberOfFiles, err := f.GetInt() - if err != nil { - return err - } - maxNumberOfFiles := numberOfFiles % 4000 // This is completely arbitrary - if maxNumberOfFiles == 0 { - return errors.New("maxNumberOfFiles is nil") - } - - var noOfCreatedFiles int - for i := 0; i < maxNumberOfFiles; i++ { - // The file to create: - fileName, err := f.GetString() - if err != nil { - if noOfCreatedFiles > 0 { - // If files have been created, we don't return an error. - break - } else { - return errors.New("could not get fileName") - } - } - if strings.Contains(fileName, "..") || (len(fileName) > 0 && fileName[0] == 47) || strings.Contains(fileName, "\\") { - continue - } - fullFilePath := filepath.Join(rootDir, fileName) - - // Find the subdirectory of the file - if subDir := filepath.Dir(fileName); subDir != "" && subDir != "." { - // create the dir first; avoid going outside the root dir - if strings.Contains(subDir, "../") || (len(subDir) > 0 && subDir[0] == 47) || strings.Contains(subDir, "\\") { - continue - } - dirPath := filepath.Join(rootDir, subDir) - if _, err := os.Stat(dirPath); os.IsNotExist(err) { - err2 := os.MkdirAll(dirPath, 0o777) - if err2 != nil { - continue - } - } - fullFilePath = filepath.Join(dirPath, fileName) - } else { - // Create symlink - createSymlink, err := f.GetBool() - if err != nil { - if noOfCreatedFiles > 0 { - break - } else { - return errors.New("could not create the symlink") - } - } - if createSymlink { - symlinkTarget, err := f.GetString() - if err != nil { - return err - } - err = os.Symlink(symlinkTarget, fullFilePath) - if err != nil { - return err - } - // stop loop here, since a symlink needs no further action - noOfCreatedFiles++ - continue - } - // We create a normal file - fileContents, err := f.GetBytes() - if err != nil { - if noOfCreatedFiles > 0 { - break - } else { - return errors.New("could not create the file") - } - } - err = os.WriteFile(fullFilePath, fileContents, 0o666) - if err != nil { - continue - } - noOfCreatedFiles++ - } - } - return nil -} - -// GetStringFrom returns a string that can only consist of characters -// included in possibleChars. It returns an error if the created string -// does not have the specified length. -func (f *ConsumeFuzzer) GetStringFrom(possibleChars string, length int) (string, error) { - if (f.dataTotal - f.position) < uint32(length) { - return "", errors.New("not enough bytes to create a string") - } - output := make([]byte, 0, length) - for i := 0; i < length; i++ { - charIndex, err := f.GetInt() - if err != nil { - return string(output), err - } - output = append(output, possibleChars[charIndex%len(possibleChars)]) - } - return string(output), nil -} - -func (f *ConsumeFuzzer) GetRune() ([]rune, error) { - stringToConvert, err := f.GetString() - if err != nil { - return []rune("nil"), err - } - return []rune(stringToConvert), nil -} - -func (f *ConsumeFuzzer) GetFloat32() (float32, error) { - u32, err := f.GetNBytes(4) - if err != nil { - return 0, err - } - littleEndian, err := f.GetBool() - if err != nil { - return 0, err - } - if littleEndian { - u32LE := binary.LittleEndian.Uint32(u32) - return math.Float32frombits(u32LE), nil - } - u32BE := binary.BigEndian.Uint32(u32) - return math.Float32frombits(u32BE), nil -} - -func (f *ConsumeFuzzer) GetFloat64() (float64, error) { - u64, err := f.GetNBytes(8) - if err != nil { - return 0, err - } - littleEndian, err := f.GetBool() - if err != nil { - return 0, err - } - if littleEndian { - u64LE := binary.LittleEndian.Uint64(u64) - return math.Float64frombits(u64LE), nil - } - u64BE := binary.BigEndian.Uint64(u64) - return math.Float64frombits(u64BE), nil -} - -func (f *ConsumeFuzzer) CreateSlice(targetSlice interface{}) error { - return f.GenerateStruct(targetSlice) -} diff --git a/vendor/github.com/AdaLogics/go-fuzz-headers/funcs.go b/vendor/github.com/AdaLogics/go-fuzz-headers/funcs.go deleted file mode 100644 index 8ca3a61b87..0000000000 --- a/vendor/github.com/AdaLogics/go-fuzz-headers/funcs.go +++ /dev/null @@ -1,62 +0,0 @@ -// Copyright 2023 The go-fuzz-headers Authors. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package gofuzzheaders - -import ( - "fmt" - "reflect" -) - -type Continue struct { - F *ConsumeFuzzer -} - -func (f *ConsumeFuzzer) AddFuncs(fuzzFuncs []interface{}) { - for i := range fuzzFuncs { - v := reflect.ValueOf(fuzzFuncs[i]) - if v.Kind() != reflect.Func { - panic("Need only funcs!") - } - t := v.Type() - if t.NumIn() != 2 || t.NumOut() != 1 { - fmt.Println(t.NumIn(), t.NumOut()) - - panic("Need 2 in and 1 out params. In must be the type. Out must be an error") - } - argT := t.In(0) - switch argT.Kind() { - case reflect.Ptr, reflect.Map: - default: - panic("fuzzFunc must take pointer or map type") - } - if t.In(1) != reflect.TypeOf(Continue{}) { - panic("fuzzFunc's second parameter must be type Continue") - } - f.Funcs[argT] = v - } -} - -func (f *ConsumeFuzzer) GenerateWithCustom(targetStruct interface{}) error { - e := reflect.ValueOf(targetStruct).Elem() - return f.fuzzStruct(e, true) -} - -func (c Continue) GenerateStruct(targetStruct interface{}) error { - return c.F.GenerateStruct(targetStruct) -} - -func (c Continue) GenerateStructWithCustom(targetStruct interface{}) error { - return c.F.GenerateWithCustom(targetStruct) -} diff --git a/vendor/github.com/AdaLogics/go-fuzz-headers/sql.go b/vendor/github.com/AdaLogics/go-fuzz-headers/sql.go deleted file mode 100644 index 2afd49f848..0000000000 --- a/vendor/github.com/AdaLogics/go-fuzz-headers/sql.go +++ /dev/null @@ -1,556 +0,0 @@ -// Copyright 2023 The go-fuzz-headers Authors. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package gofuzzheaders - -import ( - "fmt" - "strings" -) - -// returns a keyword by index -func getKeyword(f *ConsumeFuzzer) (string, error) { - index, err := f.GetInt() - if err != nil { - return keywords[0], err - } - for i, k := range keywords { - if i == index { - return k, nil - } - } - return keywords[0], fmt.Errorf("could not get a kw") -} - -// Simple utility function to check if a string -// slice contains a string. -func containsString(s []string, e string) bool { - for _, a := range s { - if a == e { - return true - } - } - return false -} - -// These keywords are used specifically for fuzzing Vitess -var keywords = []string{ - "accessible", "action", "add", "after", "against", "algorithm", - "all", "alter", "always", "analyze", "and", "as", "asc", "asensitive", - "auto_increment", "avg_row_length", "before", "begin", "between", - "bigint", "binary", "_binary", "_utf8mb4", "_utf8", "_latin1", "bit", - "blob", "bool", "boolean", "both", "by", "call", "cancel", "cascade", - "cascaded", "case", "cast", "channel", "change", "char", "character", - "charset", "check", "checksum", "coalesce", "code", "collate", "collation", - "column", "columns", "comment", "committed", "commit", "compact", "complete", - "compressed", "compression", "condition", "connection", "constraint", "continue", - "convert", "copy", "cume_dist", "substr", "substring", "create", "cross", - "csv", "current_date", "current_time", "current_timestamp", "current_user", - "cursor", "data", "database", "databases", "day", "day_hour", "day_microsecond", - "day_minute", "day_second", "date", "datetime", "dec", "decimal", "declare", - "default", "definer", "delay_key_write", "delayed", "delete", "dense_rank", - "desc", "describe", "deterministic", "directory", "disable", "discard", - "disk", "distinct", "distinctrow", "div", "double", "do", "drop", "dumpfile", - "duplicate", "dynamic", "each", "else", "elseif", "empty", "enable", - "enclosed", "encryption", "end", "enforced", "engine", "engines", "enum", - "error", "escape", "escaped", "event", "exchange", "exclusive", "exists", - "exit", "explain", "expansion", "export", "extended", "extract", "false", - "fetch", "fields", "first", "first_value", "fixed", "float", "float4", - "float8", "flush", "for", "force", "foreign", "format", "from", "full", - "fulltext", "function", "general", "generated", "geometry", "geometrycollection", - "get", "global", "gtid_executed", "grant", "group", "grouping", "groups", - "group_concat", "having", "header", "high_priority", "hosts", "hour", "hour_microsecond", - "hour_minute", "hour_second", "if", "ignore", "import", "in", "index", "indexes", - "infile", "inout", "inner", "inplace", "insensitive", "insert", "insert_method", - "int", "int1", "int2", "int3", "int4", "int8", "integer", "interval", - "into", "io_after_gtids", "is", "isolation", "iterate", "invoker", "join", - "json", "json_table", "key", "keys", "keyspaces", "key_block_size", "kill", "lag", - "language", "last", "last_value", "last_insert_id", "lateral", "lead", "leading", - "leave", "left", "less", "level", "like", "limit", "linear", "lines", - "linestring", "load", "local", "localtime", "localtimestamp", "lock", "logs", - "long", "longblob", "longtext", "loop", "low_priority", "manifest", - "master_bind", "match", "max_rows", "maxvalue", "mediumblob", "mediumint", - "mediumtext", "memory", "merge", "microsecond", "middleint", "min_rows", "minute", - "minute_microsecond", "minute_second", "mod", "mode", "modify", "modifies", - "multilinestring", "multipoint", "multipolygon", "month", "name", - "names", "natural", "nchar", "next", "no", "none", "not", "no_write_to_binlog", - "nth_value", "ntile", "null", "numeric", "of", "off", "offset", "on", - "only", "open", "optimize", "optimizer_costs", "option", "optionally", - "or", "order", "out", "outer", "outfile", "over", "overwrite", "pack_keys", - "parser", "partition", "partitioning", "password", "percent_rank", "plugins", - "point", "polygon", "precision", "primary", "privileges", "processlist", - "procedure", "query", "quarter", "range", "rank", "read", "reads", "read_write", - "real", "rebuild", "recursive", "redundant", "references", "regexp", "relay", - "release", "remove", "rename", "reorganize", "repair", "repeat", "repeatable", - "replace", "require", "resignal", "restrict", "return", "retry", "revert", - "revoke", "right", "rlike", "rollback", "row", "row_format", "row_number", - "rows", "s3", "savepoint", "schema", "schemas", "second", "second_microsecond", - "security", "select", "sensitive", "separator", "sequence", "serializable", - "session", "set", "share", "shared", "show", "signal", "signed", "slow", - "smallint", "spatial", "specific", "sql", "sqlexception", "sqlstate", - "sqlwarning", "sql_big_result", "sql_cache", "sql_calc_found_rows", - "sql_no_cache", "sql_small_result", "ssl", "start", "starting", - "stats_auto_recalc", "stats_persistent", "stats_sample_pages", "status", - "storage", "stored", "straight_join", "stream", "system", "vstream", - "table", "tables", "tablespace", "temporary", "temptable", "terminated", - "text", "than", "then", "time", "timestamp", "timestampadd", "timestampdiff", - "tinyblob", "tinyint", "tinytext", "to", "trailing", "transaction", "tree", - "traditional", "trigger", "triggers", "true", "truncate", "uncommitted", - "undefined", "undo", "union", "unique", "unlock", "unsigned", "update", - "upgrade", "usage", "use", "user", "user_resources", "using", "utc_date", - "utc_time", "utc_timestamp", "validation", "values", "variables", "varbinary", - "varchar", "varcharacter", "varying", "vgtid_executed", "virtual", "vindex", - "vindexes", "view", "vitess", "vitess_keyspaces", "vitess_metadata", - "vitess_migration", "vitess_migrations", "vitess_replication_status", - "vitess_shards", "vitess_tablets", "vschema", "warnings", "when", - "where", "while", "window", "with", "without", "work", "write", "xor", - "year", "year_month", "zerofill", -} - -// Keywords that could get an additional keyword -var needCustomString = []string{ - "DISTINCTROW", "FROM", // Select keywords: - "GROUP BY", "HAVING", "WINDOW", - "FOR", - "ORDER BY", "LIMIT", - "INTO", "PARTITION", "AS", // Insert Keywords: - "ON DUPLICATE KEY UPDATE", - "WHERE", "LIMIT", // Delete keywords - "INFILE", "INTO TABLE", "CHARACTER SET", // Load keywords - "TERMINATED BY", "ENCLOSED BY", - "ESCAPED BY", "STARTING BY", - "TERMINATED BY", "STARTING BY", - "IGNORE", - "VALUE", "VALUES", // Replace tokens - "SET", // Update tokens - "ENGINE =", // Drop tokens - "DEFINER =", "ON SCHEDULE", "RENAME TO", // Alter tokens - "COMMENT", "DO", "INITIAL_SIZE = ", "OPTIONS", -} - -var alterTableTokens = [][]string{ - {"CUSTOM_FUZZ_STRING"}, - {"CUSTOM_ALTTER_TABLE_OPTIONS"}, - {"PARTITION_OPTIONS_FOR_ALTER_TABLE"}, -} - -var alterTokens = [][]string{ - { - "DATABASE", "SCHEMA", "DEFINER = ", "EVENT", "FUNCTION", "INSTANCE", - "LOGFILE GROUP", "PROCEDURE", "SERVER", - }, - {"CUSTOM_FUZZ_STRING"}, - { - "ON SCHEDULE", "ON COMPLETION PRESERVE", "ON COMPLETION NOT PRESERVE", - "ADD UNDOFILE", "OPTIONS", - }, - {"RENAME TO", "INITIAL_SIZE = "}, - {"ENABLE", "DISABLE", "DISABLE ON SLAVE", "ENGINE"}, - {"COMMENT"}, - {"DO"}, -} - -var setTokens = [][]string{ - {"CHARACTER SET", "CHARSET", "CUSTOM_FUZZ_STRING", "NAMES"}, - {"CUSTOM_FUZZ_STRING", "DEFAULT", "="}, - {"CUSTOM_FUZZ_STRING"}, -} - -var dropTokens = [][]string{ - {"TEMPORARY", "UNDO"}, - { - "DATABASE", "SCHEMA", "EVENT", "INDEX", "LOGFILE GROUP", - "PROCEDURE", "FUNCTION", "SERVER", "SPATIAL REFERENCE SYSTEM", - "TABLE", "TABLESPACE", "TRIGGER", "VIEW", - }, - {"IF EXISTS"}, - {"CUSTOM_FUZZ_STRING"}, - {"ON", "ENGINE = ", "RESTRICT", "CASCADE"}, -} - -var renameTokens = [][]string{ - {"TABLE"}, - {"CUSTOM_FUZZ_STRING"}, - {"TO"}, - {"CUSTOM_FUZZ_STRING"}, -} - -var truncateTokens = [][]string{ - {"TABLE"}, - {"CUSTOM_FUZZ_STRING"}, -} - -var createTokens = [][]string{ - {"OR REPLACE", "TEMPORARY", "UNDO"}, // For create spatial reference system - { - "UNIQUE", "FULLTEXT", "SPATIAL", "ALGORITHM = UNDEFINED", "ALGORITHM = MERGE", - "ALGORITHM = TEMPTABLE", - }, - { - "DATABASE", "SCHEMA", "EVENT", "FUNCTION", "INDEX", "LOGFILE GROUP", - "PROCEDURE", "SERVER", "SPATIAL REFERENCE SYSTEM", "TABLE", "TABLESPACE", - "TRIGGER", "VIEW", - }, - {"IF NOT EXISTS"}, - {"CUSTOM_FUZZ_STRING"}, -} - -/* -// For future use. -var updateTokens = [][]string{ - {"LOW_PRIORITY"}, - {"IGNORE"}, - {"SET"}, - {"WHERE"}, - {"ORDER BY"}, - {"LIMIT"}, -} -*/ - -var replaceTokens = [][]string{ - {"LOW_PRIORITY", "DELAYED"}, - {"INTO"}, - {"PARTITION"}, - {"CUSTOM_FUZZ_STRING"}, - {"VALUES", "VALUE"}, -} - -var loadTokens = [][]string{ - {"DATA"}, - {"LOW_PRIORITY", "CONCURRENT", "LOCAL"}, - {"INFILE"}, - {"REPLACE", "IGNORE"}, - {"INTO TABLE"}, - {"PARTITION"}, - {"CHARACTER SET"}, - {"FIELDS", "COLUMNS"}, - {"TERMINATED BY"}, - {"OPTIONALLY"}, - {"ENCLOSED BY"}, - {"ESCAPED BY"}, - {"LINES"}, - {"STARTING BY"}, - {"TERMINATED BY"}, - {"IGNORE"}, - {"LINES", "ROWS"}, - {"CUSTOM_FUZZ_STRING"}, -} - -// These Are everything that comes after "INSERT" -var insertTokens = [][]string{ - {"LOW_PRIORITY", "DELAYED", "HIGH_PRIORITY", "IGNORE"}, - {"INTO"}, - {"PARTITION"}, - {"CUSTOM_FUZZ_STRING"}, - {"AS"}, - {"ON DUPLICATE KEY UPDATE"}, -} - -// These are everything that comes after "SELECT" -var selectTokens = [][]string{ - {"*", "CUSTOM_FUZZ_STRING", "DISTINCTROW"}, - {"HIGH_PRIORITY"}, - {"STRAIGHT_JOIN"}, - {"SQL_SMALL_RESULT", "SQL_BIG_RESULT", "SQL_BUFFER_RESULT"}, - {"SQL_NO_CACHE", "SQL_CALC_FOUND_ROWS"}, - {"CUSTOM_FUZZ_STRING"}, - {"FROM"}, - {"WHERE"}, - {"GROUP BY"}, - {"HAVING"}, - {"WINDOW"}, - {"ORDER BY"}, - {"LIMIT"}, - {"CUSTOM_FUZZ_STRING"}, - {"FOR"}, -} - -// These are everything that comes after "DELETE" -var deleteTokens = [][]string{ - {"LOW_PRIORITY", "QUICK", "IGNORE", "FROM", "AS"}, - {"PARTITION"}, - {"WHERE"}, - {"ORDER BY"}, - {"LIMIT"}, -} - -var alter_table_options = []string{ - "ADD", "COLUMN", "FIRST", "AFTER", "INDEX", "KEY", "FULLTEXT", "SPATIAL", - "CONSTRAINT", "UNIQUE", "FOREIGN KEY", "CHECK", "ENFORCED", "DROP", "ALTER", - "NOT", "INPLACE", "COPY", "SET", "VISIBLE", "INVISIBLE", "DEFAULT", "CHANGE", - "CHARACTER SET", "COLLATE", "DISABLE", "ENABLE", "KEYS", "TABLESPACE", "LOCK", - "FORCE", "MODIFY", "SHARED", "EXCLUSIVE", "NONE", "ORDER BY", "RENAME COLUMN", - "AS", "=", "ASC", "DESC", "WITH", "WITHOUT", "VALIDATION", "ADD PARTITION", - "DROP PARTITION", "DISCARD PARTITION", "IMPORT PARTITION", "TRUNCATE PARTITION", - "COALESCE PARTITION", "REORGANIZE PARTITION", "EXCHANGE PARTITION", - "ANALYZE PARTITION", "CHECK PARTITION", "OPTIMIZE PARTITION", "REBUILD PARTITION", - "REPAIR PARTITION", "REMOVE PARTITIONING", "USING", "BTREE", "HASH", "COMMENT", - "KEY_BLOCK_SIZE", "WITH PARSER", "AUTOEXTEND_SIZE", "AUTO_INCREMENT", "AVG_ROW_LENGTH", - "CHECKSUM", "INSERT_METHOD", "ROW_FORMAT", "DYNAMIC", "FIXED", "COMPRESSED", "REDUNDANT", - "COMPACT", "SECONDARY_ENGINE_ATTRIBUTE", "STATS_AUTO_RECALC", "STATS_PERSISTENT", - "STATS_SAMPLE_PAGES", "ZLIB", "LZ4", "ENGINE_ATTRIBUTE", "KEY_BLOCK_SIZE", "MAX_ROWS", - "MIN_ROWS", "PACK_KEYS", "PASSWORD", "COMPRESSION", "CONNECTION", "DIRECTORY", - "DELAY_KEY_WRITE", "ENCRYPTION", "STORAGE", "DISK", "MEMORY", "UNION", -} - -// Creates an 'alter table' statement. 'alter table' is an exception -// in that it has its own function. The majority of statements -// are created by 'createStmt()'. -func createAlterTableStmt(f *ConsumeFuzzer) (string, error) { - maxArgs, err := f.GetInt() - if err != nil { - return "", err - } - maxArgs = maxArgs % 30 - if maxArgs == 0 { - return "", fmt.Errorf("could not create alter table stmt") - } - - var stmt strings.Builder - stmt.WriteString("ALTER TABLE ") - for i := 0; i < maxArgs; i++ { - // Calculate if we get existing token or custom string - tokenType, err := f.GetInt() - if err != nil { - return "", err - } - if tokenType%4 == 1 { - customString, err := f.GetString() - if err != nil { - return "", err - } - stmt.WriteString(" " + customString) - } else { - tokenIndex, err := f.GetInt() - if err != nil { - return "", err - } - stmt.WriteString(" " + alter_table_options[tokenIndex%len(alter_table_options)]) - } - } - return stmt.String(), nil -} - -func chooseToken(tokens []string, f *ConsumeFuzzer) (string, error) { - index, err := f.GetInt() - if err != nil { - return "", err - } - var token strings.Builder - token.WriteString(tokens[index%len(tokens)]) - if token.String() == "CUSTOM_FUZZ_STRING" { - customFuzzString, err := f.GetString() - if err != nil { - return "", err - } - return customFuzzString, nil - } - - // Check if token requires an argument - if containsString(needCustomString, token.String()) { - customFuzzString, err := f.GetString() - if err != nil { - return "", err - } - token.WriteString(" " + customFuzzString) - } - return token.String(), nil -} - -var stmtTypes = map[string][][]string{ - "DELETE": deleteTokens, - "INSERT": insertTokens, - "SELECT": selectTokens, - "LOAD": loadTokens, - "REPLACE": replaceTokens, - "CREATE": createTokens, - "DROP": dropTokens, - "RENAME": renameTokens, - "TRUNCATE": truncateTokens, - "SET": setTokens, - "ALTER": alterTokens, - "ALTER TABLE": alterTableTokens, // ALTER TABLE has its own set of tokens -} - -var stmtTypeEnum = map[int]string{ - 0: "DELETE", - 1: "INSERT", - 2: "SELECT", - 3: "LOAD", - 4: "REPLACE", - 5: "CREATE", - 6: "DROP", - 7: "RENAME", - 8: "TRUNCATE", - 9: "SET", - 10: "ALTER", - 11: "ALTER TABLE", -} - -func createStmt(f *ConsumeFuzzer) (string, error) { - stmtIndex, err := f.GetInt() - if err != nil { - return "", err - } - stmtIndex = stmtIndex % len(stmtTypes) - - queryType := stmtTypeEnum[stmtIndex] - tokens := stmtTypes[queryType] - - // We have custom creator for ALTER TABLE - if queryType == "ALTER TABLE" { - query, err := createAlterTableStmt(f) - if err != nil { - return "", err - } - return query, nil - } - - // Here we are creating a query that is not - // an 'alter table' query. For available - // queries, see "stmtTypes" - - // First specify the first query keyword: - var query strings.Builder - query.WriteString(queryType) - - // Next create the args for the - queryArgs, err := createStmtArgs(tokens, f) - if err != nil { - return "", err - } - query.WriteString(" " + queryArgs) - return query.String(), nil -} - -// Creates the arguments of a statements. In a select statement -// that would be everything after "select". -func createStmtArgs(tokenslice [][]string, f *ConsumeFuzzer) (string, error) { - var query, token strings.Builder - - // We go through the tokens in the tokenslice, - // create the respective token and add it to - // "query" - for _, tokens := range tokenslice { - // For extra randomization, the fuzzer can - // choose to not include this token. - includeThisToken, err := f.GetBool() - if err != nil { - return "", err - } - if !includeThisToken { - continue - } - - // There may be several tokens to choose from: - if len(tokens) > 1 { - chosenToken, err := chooseToken(tokens, f) - if err != nil { - return "", err - } - query.WriteString(" " + chosenToken) - } else { - token.WriteString(tokens[0]) - - // In case the token is "CUSTOM_FUZZ_STRING" - // we will then create a non-structured string - if token.String() == "CUSTOM_FUZZ_STRING" { - customFuzzString, err := f.GetString() - if err != nil { - return "", err - } - query.WriteString(" " + customFuzzString) - continue - } - - // Check if token requires an argument. - // Tokens that take an argument can be found - // in 'needCustomString'. If so, we add a - // non-structured string to the token. - if containsString(needCustomString, token.String()) { - customFuzzString, err := f.GetString() - if err != nil { - return "", err - } - token.WriteString(fmt.Sprintf(" %s", customFuzzString)) - } - query.WriteString(fmt.Sprintf(" %s", token.String())) - } - } - return query.String(), nil -} - -// Creates a semi-structured query. It creates a string -// that is a combination of the keywords and random strings. -func createQuery(f *ConsumeFuzzer) (string, error) { - queryLen, err := f.GetInt() - if err != nil { - return "", err - } - maxLen := queryLen % 60 - if maxLen == 0 { - return "", fmt.Errorf("could not create a query") - } - var query strings.Builder - for i := 0; i < maxLen; i++ { - // Get a new token: - useKeyword, err := f.GetBool() - if err != nil { - return "", err - } - if useKeyword { - keyword, err := getKeyword(f) - if err != nil { - return "", err - } - query.WriteString(" " + keyword) - } else { - customString, err := f.GetString() - if err != nil { - return "", err - } - query.WriteString(" " + customString) - } - } - if query.String() == "" { - return "", fmt.Errorf("could not create a query") - } - return query.String(), nil -} - -// GetSQLString is the API that users interact with. -// -// Usage: -// -// f := NewConsumer(data) -// sqlString, err := f.GetSQLString() -func (f *ConsumeFuzzer) GetSQLString() (string, error) { - var query string - veryStructured, err := f.GetBool() - if err != nil { - return "", err - } - if veryStructured { - query, err = createStmt(f) - if err != nil { - return "", err - } - } else { - query, err = createQuery(f) - if err != nil { - return "", err - } - } - return query, nil -} diff --git a/vendor/github.com/Microsoft/hcsshim/LICENSE b/vendor/github.com/Microsoft/hcsshim/LICENSE deleted file mode 100644 index 49d21669ae..0000000000 --- a/vendor/github.com/Microsoft/hcsshim/LICENSE +++ /dev/null @@ -1,21 +0,0 @@ -The MIT License (MIT) - -Copyright (c) 2015 Microsoft - -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE. \ No newline at end of file diff --git a/vendor/github.com/Microsoft/hcsshim/osversion/osversion_windows.go b/vendor/github.com/Microsoft/hcsshim/osversion/osversion_windows.go deleted file mode 100644 index 6c435d2b64..0000000000 --- a/vendor/github.com/Microsoft/hcsshim/osversion/osversion_windows.go +++ /dev/null @@ -1,59 +0,0 @@ -package osversion - -import ( - "fmt" - "sync" - - "golang.org/x/sys/windows" -) - -// OSVersion is a wrapper for Windows version information -// https://msdn.microsoft.com/en-us/library/windows/desktop/ms724439(v=vs.85).aspx -type OSVersion struct { - Version uint32 - MajorVersion uint8 - MinorVersion uint8 - Build uint16 -} - -var ( - osv OSVersion - once sync.Once -) - -// Get gets the operating system version on Windows. -// The calling application must be manifested to get the correct version information. -func Get() OSVersion { - once.Do(func() { - var err error - osv = OSVersion{} - osv.Version, err = windows.GetVersion() - if err != nil { - // GetVersion never fails. - panic(err) - } - osv.MajorVersion = uint8(osv.Version & 0xFF) - osv.MinorVersion = uint8(osv.Version >> 8 & 0xFF) - osv.Build = uint16(osv.Version >> 16) - }) - return osv -} - -// Build gets the build-number on Windows -// The calling application must be manifested to get the correct version information. -func Build() uint16 { - return Get().Build -} - -// String returns the OSVersion formatted as a string. It implements the -// [fmt.Stringer] interface. -func (osv OSVersion) String() string { - return fmt.Sprintf("%d.%d.%d", osv.MajorVersion, osv.MinorVersion, osv.Build) -} - -// ToString returns the OSVersion formatted as a string. -// -// Deprecated: use [OSVersion.String]. -func (osv OSVersion) ToString() string { - return osv.String() -} diff --git a/vendor/github.com/Microsoft/hcsshim/osversion/platform_compat_windows.go b/vendor/github.com/Microsoft/hcsshim/osversion/platform_compat_windows.go deleted file mode 100644 index f8d411ad7e..0000000000 --- a/vendor/github.com/Microsoft/hcsshim/osversion/platform_compat_windows.go +++ /dev/null @@ -1,35 +0,0 @@ -package osversion - -// List of stable ABI compliant ltsc releases -// Note: List must be sorted in ascending order -var compatLTSCReleases = []uint16{ - V21H2Server, -} - -// CheckHostAndContainerCompat checks if given host and container -// OS versions are compatible. -// It includes support for stable ABI compliant versions as well. -// Every release after WS 2022 will support the previous ltsc -// container image. Stable ABI is in preview mode for windows 11 client. -// Refer: https://learn.microsoft.com/en-us/virtualization/windowscontainers/deploy-containers/version-compatibility?tabs=windows-server-2022%2Cwindows-10#windows-server-host-os-compatibility -func CheckHostAndContainerCompat(host, ctr OSVersion) bool { - // check major minor versions of host and guest - if host.MajorVersion != ctr.MajorVersion || - host.MinorVersion != ctr.MinorVersion { - return false - } - - // If host is < WS 2022, exact version match is required - if host.Build < V21H2Server { - return host.Build == ctr.Build - } - - var supportedLtscRelease uint16 - for i := len(compatLTSCReleases) - 1; i >= 0; i-- { - if host.Build >= compatLTSCReleases[i] { - supportedLtscRelease = compatLTSCReleases[i] - break - } - } - return ctr.Build >= supportedLtscRelease && ctr.Build <= host.Build -} diff --git a/vendor/github.com/Microsoft/hcsshim/osversion/windowsbuilds.go b/vendor/github.com/Microsoft/hcsshim/osversion/windowsbuilds.go deleted file mode 100644 index 446369591a..0000000000 --- a/vendor/github.com/Microsoft/hcsshim/osversion/windowsbuilds.go +++ /dev/null @@ -1,84 +0,0 @@ -package osversion - -// Windows Client and Server build numbers. -// -// See: -// https://learn.microsoft.com/en-us/windows/release-health/release-information -// https://learn.microsoft.com/en-us/windows/release-health/windows-server-release-info -// https://learn.microsoft.com/en-us/windows/release-health/windows11-release-information -const ( - // RS1 (version 1607, codename "Redstone 1") corresponds to Windows Server - // 2016 (ltsc2016) and Windows 10 (Anniversary Update). - RS1 = 14393 - // V1607 (version 1607, codename "Redstone 1") is an alias for [RS1]. - V1607 = RS1 - // LTSC2016 (Windows Server 2016) is an alias for [RS1]. - LTSC2016 = RS1 - - // RS2 (version 1703, codename "Redstone 2") was a client-only update, and - // corresponds to Windows 10 (Creators Update). - RS2 = 15063 - // V1703 (version 1703, codename "Redstone 2") is an alias for [RS2]. - V1703 = RS2 - - // RS3 (version 1709, codename "Redstone 3") corresponds to Windows Server - // 1709 (Semi-Annual Channel (SAC)), and Windows 10 (Fall Creators Update). - RS3 = 16299 - // V1709 (version 1709, codename "Redstone 3") is an alias for [RS3]. - V1709 = RS3 - - // RS4 (version 1803, codename "Redstone 4") corresponds to Windows Server - // 1803 (Semi-Annual Channel (SAC)), and Windows 10 (April 2018 Update). - RS4 = 17134 - // V1803 (version 1803, codename "Redstone 4") is an alias for [RS4]. - V1803 = RS4 - - // RS5 (version 1809, codename "Redstone 5") corresponds to Windows Server - // 2019 (ltsc2019), and Windows 10 (October 2018 Update). - RS5 = 17763 - // V1809 (version 1809, codename "Redstone 5") is an alias for [RS5]. - V1809 = RS5 - // LTSC2019 (Windows Server 2019) is an alias for [RS5]. - LTSC2019 = RS5 - - // V19H1 (version 1903, codename 19H1) corresponds to Windows Server 1903 (semi-annual - // channel). - V19H1 = 18362 - // V1903 (version 1903) is an alias for [V19H1]. - V1903 = V19H1 - - // V19H2 (version 1909, codename 19H2) corresponds to Windows Server 1909 (semi-annual - // channel). - V19H2 = 18363 - // V1909 (version 1909) is an alias for [V19H2]. - V1909 = V19H2 - - // V20H1 (version 2004, codename 20H1) corresponds to Windows Server 2004 (semi-annual - // channel). - V20H1 = 19041 - // V2004 (version 2004) is an alias for [V20H1]. - V2004 = V20H1 - - // V20H2 corresponds to Windows Server 20H2 (semi-annual channel). - V20H2 = 19042 - - // V21H1 corresponds to Windows Server 21H1 (semi-annual channel). - V21H1 = 19043 - - // V21H2Win10 corresponds to Windows 10 (November 2021 Update). - V21H2Win10 = 19044 - - // V21H2Server corresponds to Windows Server 2022 (ltsc2022). - V21H2Server = 20348 - // LTSC2022 (Windows Server 2022) is an alias for [V21H2Server] - LTSC2022 = V21H2Server - - // V21H2Win11 corresponds to Windows 11 (original release). - V21H2Win11 = 22000 - - // V22H2Win10 corresponds to Windows 10 (2022 Update). - V22H2Win10 = 19045 - - // V22H2Win11 corresponds to Windows 11 (2022 Update). - V22H2Win11 = 22621 -) diff --git a/vendor/github.com/containerd/containerd/archive/compression/compression_fuzzer.go b/vendor/github.com/containerd/containerd/archive/compression/compression_fuzzer.go deleted file mode 100644 index 3516494ac0..0000000000 --- a/vendor/github.com/containerd/containerd/archive/compression/compression_fuzzer.go +++ /dev/null @@ -1,28 +0,0 @@ -//go:build gofuzz - -/* - Copyright The containerd Authors. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -package compression - -import ( - "bytes" -) - -func FuzzDecompressStream(data []byte) int { - _, _ = DecompressStream(bytes.NewReader(data)) - return 1 -} diff --git a/vendor/github.com/containerd/containerd/content/content.go b/vendor/github.com/containerd/containerd/content/content.go index 8eb1a16924..ff17a8417b 100644 --- a/vendor/github.com/containerd/containerd/content/content.go +++ b/vendor/github.com/containerd/containerd/content/content.go @@ -25,26 +25,6 @@ import ( ocispec "github.com/opencontainers/image-spec/specs-go/v1" ) -// Store combines the methods of content-oriented interfaces into a set that -// are commonly provided by complete implementations. -// -// Overall content lifecycle: -// - Ingester is used to initiate a write operation (aka ingestion) -// - IngestManager is used to manage (e.g. list, abort) active ingestions -// - Once an ingestion is complete (see Writer.Commit), Provider is used to -// query a single piece of content by its digest -// - Manager is used to manage (e.g. list, delete) previously committed content -// -// Note that until ingestion is complete, its content is not visible through -// Provider or Manager. Once ingestion is complete, it is no longer exposed -// through IngestManager. -type Store interface { - Manager - Provider - IngestManager - Ingester -} - // ReaderAt extends the standard io.ReaderAt interface with reporting of Size and io.Closer type ReaderAt interface { io.ReaderAt @@ -62,31 +42,14 @@ type Provider interface { // Ingester writes content type Ingester interface { - // Writer initiates a writing operation (aka ingestion). A single ingestion - // is uniquely identified by its ref, provided using a WithRef option. - // Writer can be called multiple times with the same ref to access the same - // ingestion. - // Once all the data is written, use Writer.Commit to complete the ingestion. + // Some implementations require WithRef to be included in opts. Writer(ctx context.Context, opts ...WriterOpt) (Writer, error) } -// IngestManager provides methods for managing ingestions. An ingestion is a -// not-yet-complete writing operation initiated using Ingester and identified -// by a ref string. -type IngestManager interface { - // Status returns the status of the provided ref. - Status(ctx context.Context, ref string) (Status, error) - - // ListStatuses returns the status of any active ingestions whose ref match - // the provided regular expression. If empty, all active ingestions will be - // returned. - ListStatuses(ctx context.Context, filters ...string) ([]Status, error) - - // Abort completely cancels the ingest operation targeted by ref. - Abort(ctx context.Context, ref string) error -} - // Info holds content specific information +// +// TODO(stevvooe): Consider a very different name for this struct. Info is way +// to general. It also reads very weird in certain context, like pluralization. type Info struct { Digest digest.Digest Size int64 @@ -95,7 +58,7 @@ type Info struct { Labels map[string]string } -// Status of a content operation (i.e. an ingestion) +// Status of a content operation type Status struct { Ref string Offset int64 @@ -108,17 +71,12 @@ type Status struct { // WalkFunc defines the callback for a blob walk. type WalkFunc func(Info) error -// InfoProvider provides info for content inspection. -type InfoProvider interface { +// Manager provides methods for inspecting, listing and removing content. +type Manager interface { // Info will return metadata about content available in the content store. // // If the content is not present, ErrNotFound will be returned. Info(ctx context.Context, dgst digest.Digest) (Info, error) -} - -// Manager provides methods for inspecting, listing and removing content. -type Manager interface { - InfoProvider // Update updates mutable information related to content. // If one or more fieldpaths are provided, only those @@ -136,7 +94,21 @@ type Manager interface { Delete(ctx context.Context, dgst digest.Digest) error } -// Writer handles writing of content into a content store +// IngestManager provides methods for managing ingests. +type IngestManager interface { + // Status returns the status of the provided ref. + Status(ctx context.Context, ref string) (Status, error) + + // ListStatuses returns the status of any active ingestions whose ref match the + // provided regular expression. If empty, all active ingestions will be + // returned. + ListStatuses(ctx context.Context, filters ...string) ([]Status, error) + + // Abort completely cancels the ingest operation targeted by ref. + Abort(ctx context.Context, ref string) error +} + +// Writer handles the write of content into a content store type Writer interface { // Close closes the writer, if the writer has not been // committed this allows resuming or aborting. @@ -159,6 +131,15 @@ type Writer interface { Truncate(size int64) error } +// Store combines the methods of content-oriented interfaces into a set that +// are commonly provided by complete implementations. +type Store interface { + Manager + Provider + IngestManager + Ingester +} + // Opt is used to alter the mutable properties of content type Opt func(*Info) error diff --git a/vendor/github.com/containerd/containerd/content/helpers.go b/vendor/github.com/containerd/containerd/content/helpers.go index 5404109a6d..723c313917 100644 --- a/vendor/github.com/containerd/containerd/content/helpers.go +++ b/vendor/github.com/containerd/containerd/content/helpers.go @@ -21,12 +21,12 @@ import ( "errors" "fmt" "io" + "math/rand" "sync" "time" "github.com/containerd/containerd/errdefs" "github.com/containerd/containerd/log" - "github.com/containerd/containerd/pkg/randutil" "github.com/opencontainers/go-digest" ocispec "github.com/opencontainers/image-spec/specs-go/v1" ) @@ -43,26 +43,16 @@ var bufPool = sync.Pool{ }, } -type reader interface { - Reader() io.Reader -} - // NewReader returns a io.Reader from a ReaderAt func NewReader(ra ReaderAt) io.Reader { - if rd, ok := ra.(reader); ok { - return rd.Reader() - } - return io.NewSectionReader(ra, 0, ra.Size()) + rd := io.NewSectionReader(ra, 0, ra.Size()) + return rd } // ReadBlob retrieves the entire contents of the blob from the provider. // // Avoid using this for large blobs, such as layers. func ReadBlob(ctx context.Context, provider Provider, desc ocispec.Descriptor) ([]byte, error) { - if int64(len(desc.Data)) == desc.Size && digest.FromBytes(desc.Data) == desc.Digest { - return desc.Data, nil - } - ra, err := provider.ReaderAt(ctx, desc) if err != nil { return nil, err @@ -123,7 +113,7 @@ func OpenWriter(ctx context.Context, cs Ingester, opts ...WriterOpt) (Writer, er // error or abort. Requires asserting for an ingest manager select { - case <-time.After(time.Millisecond * time.Duration(randutil.Intn(retry))): + case <-time.After(time.Millisecond * time.Duration(rand.Intn(retry))): if retry < 2048 { retry = retry << 1 } diff --git a/vendor/github.com/containerd/containerd/content/local/content_local_fuzzer.go b/vendor/github.com/containerd/containerd/content/local/content_local_fuzzer.go deleted file mode 100644 index a523f28d91..0000000000 --- a/vendor/github.com/containerd/containerd/content/local/content_local_fuzzer.go +++ /dev/null @@ -1,76 +0,0 @@ -//go:build gofuzz - -/* - Copyright The containerd Authors. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -package local - -import ( - "bufio" - "bytes" - "context" - _ "crypto/sha256" - "io" - "testing" - - "github.com/opencontainers/go-digest" - - "github.com/containerd/containerd/content" -) - -func FuzzContentStoreWriter(data []byte) int { - t := &testing.T{} - ctx := context.Background() - ctx, _, cs, cleanup := contentStoreEnv(t) - defer cleanup() - - cw, err := cs.Writer(ctx, content.WithRef("myref")) - if err != nil { - return 0 - } - if err := cw.Close(); err != nil { - return 0 - } - - // reopen, so we can test things - cw, err = cs.Writer(ctx, content.WithRef("myref")) - if err != nil { - return 0 - } - - err = checkCopyFuzz(int64(len(data)), cw, bufio.NewReader(io.NopCloser(bytes.NewReader(data)))) - if err != nil { - return 0 - } - expected := digest.FromBytes(data) - - if err = cw.Commit(ctx, int64(len(data)), expected); err != nil { - return 0 - } - return 1 -} - -func checkCopyFuzz(size int64, dst io.Writer, src io.Reader) error { - nn, err := io.Copy(dst, src) - if err != nil { - return err - } - - if nn != size { - return err - } - return nil -} diff --git a/vendor/github.com/containerd/containerd/content/local/locks.go b/vendor/github.com/containerd/containerd/content/local/locks.go deleted file mode 100644 index 1e59f39b30..0000000000 --- a/vendor/github.com/containerd/containerd/content/local/locks.go +++ /dev/null @@ -1,62 +0,0 @@ -/* - Copyright The containerd Authors. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -package local - -import ( - "fmt" - "sync" - "time" - - "github.com/containerd/containerd/errdefs" -) - -// Handles locking references - -type lock struct { - since time.Time -} - -var ( - // locks lets us lock in process - locks = make(map[string]*lock) - locksMu sync.Mutex -) - -func tryLock(ref string) error { - locksMu.Lock() - defer locksMu.Unlock() - - if v, ok := locks[ref]; ok { - // Returning the duration may help developers distinguish dead locks (long duration) from - // lock contentions (short duration). - now := time.Now() - return fmt.Errorf( - "ref %s locked for %s (since %s): %w", ref, now.Sub(v.since), v.since, - errdefs.ErrUnavailable, - ) - } - - locks[ref] = &lock{time.Now()} - return nil -} - -func unlock(ref string) { - locksMu.Lock() - defer locksMu.Unlock() - - delete(locks, ref) -} diff --git a/vendor/github.com/containerd/containerd/content/local/readerat.go b/vendor/github.com/containerd/containerd/content/local/readerat.go deleted file mode 100644 index 899e85c0ba..0000000000 --- a/vendor/github.com/containerd/containerd/content/local/readerat.go +++ /dev/null @@ -1,72 +0,0 @@ -/* - Copyright The containerd Authors. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -package local - -import ( - "fmt" - "io" - "os" - - "github.com/containerd/containerd/content" - "github.com/containerd/containerd/errdefs" -) - -// readerat implements io.ReaderAt in a completely stateless manner by opening -// the referenced file for each call to ReadAt. -type sizeReaderAt struct { - size int64 - fp *os.File -} - -// OpenReader creates ReaderAt from a file -func OpenReader(p string) (content.ReaderAt, error) { - fi, err := os.Stat(p) - if err != nil { - if !os.IsNotExist(err) { - return nil, err - } - - return nil, fmt.Errorf("blob not found: %w", errdefs.ErrNotFound) - } - - fp, err := os.Open(p) - if err != nil { - if !os.IsNotExist(err) { - return nil, err - } - - return nil, fmt.Errorf("blob not found: %w", errdefs.ErrNotFound) - } - - return sizeReaderAt{size: fi.Size(), fp: fp}, nil -} - -func (ra sizeReaderAt) ReadAt(p []byte, offset int64) (int, error) { - return ra.fp.ReadAt(p, offset) -} - -func (ra sizeReaderAt) Size() int64 { - return ra.size -} - -func (ra sizeReaderAt) Close() error { - return ra.fp.Close() -} - -func (ra sizeReaderAt) Reader() io.Reader { - return io.LimitReader(ra.fp, ra.size) -} diff --git a/vendor/github.com/containerd/containerd/content/local/store.go b/vendor/github.com/containerd/containerd/content/local/store.go deleted file mode 100644 index baae3565bb..0000000000 --- a/vendor/github.com/containerd/containerd/content/local/store.go +++ /dev/null @@ -1,704 +0,0 @@ -/* - Copyright The containerd Authors. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -package local - -import ( - "context" - "fmt" - "io" - "os" - "path/filepath" - "strconv" - "strings" - "sync" - "time" - - "github.com/containerd/containerd/content" - "github.com/containerd/containerd/errdefs" - "github.com/containerd/containerd/filters" - "github.com/containerd/containerd/log" - "github.com/containerd/containerd/pkg/randutil" - "github.com/sirupsen/logrus" - - "github.com/opencontainers/go-digest" - ocispec "github.com/opencontainers/image-spec/specs-go/v1" -) - -var bufPool = sync.Pool{ - New: func() interface{} { - buffer := make([]byte, 1<<20) - return &buffer - }, -} - -// LabelStore is used to store mutable labels for digests -type LabelStore interface { - // Get returns all the labels for the given digest - Get(digest.Digest) (map[string]string, error) - - // Set sets all the labels for a given digest - Set(digest.Digest, map[string]string) error - - // Update replaces the given labels for a digest, - // a key with an empty value removes a label. - Update(digest.Digest, map[string]string) (map[string]string, error) -} - -// Store is digest-keyed store for content. All data written into the store is -// stored under a verifiable digest. -// -// Store can generally support multi-reader, single-writer ingest of data, -// including resumable ingest. -type store struct { - root string - ls LabelStore -} - -// NewStore returns a local content store -func NewStore(root string) (content.Store, error) { - return NewLabeledStore(root, nil) -} - -// NewLabeledStore returns a new content store using the provided label store -// -// Note: content stores which are used underneath a metadata store may not -// require labels and should use `NewStore`. `NewLabeledStore` is primarily -// useful for tests or standalone implementations. -func NewLabeledStore(root string, ls LabelStore) (content.Store, error) { - if err := os.MkdirAll(filepath.Join(root, "ingest"), 0777); err != nil { - return nil, err - } - - return &store{ - root: root, - ls: ls, - }, nil -} - -func (s *store) Info(ctx context.Context, dgst digest.Digest) (content.Info, error) { - p, err := s.blobPath(dgst) - if err != nil { - return content.Info{}, fmt.Errorf("calculating blob info path: %w", err) - } - - fi, err := os.Stat(p) - if err != nil { - if os.IsNotExist(err) { - err = fmt.Errorf("content %v: %w", dgst, errdefs.ErrNotFound) - } - - return content.Info{}, err - } - var labels map[string]string - if s.ls != nil { - labels, err = s.ls.Get(dgst) - if err != nil { - return content.Info{}, err - } - } - return s.info(dgst, fi, labels), nil -} - -func (s *store) info(dgst digest.Digest, fi os.FileInfo, labels map[string]string) content.Info { - return content.Info{ - Digest: dgst, - Size: fi.Size(), - CreatedAt: fi.ModTime(), - UpdatedAt: getATime(fi), - Labels: labels, - } -} - -// ReaderAt returns an io.ReaderAt for the blob. -func (s *store) ReaderAt(ctx context.Context, desc ocispec.Descriptor) (content.ReaderAt, error) { - p, err := s.blobPath(desc.Digest) - if err != nil { - return nil, fmt.Errorf("calculating blob path for ReaderAt: %w", err) - } - - reader, err := OpenReader(p) - if err != nil { - return nil, fmt.Errorf("blob %s expected at %s: %w", desc.Digest, p, err) - } - - return reader, nil -} - -// Delete removes a blob by its digest. -// -// While this is safe to do concurrently, safe exist-removal logic must hold -// some global lock on the store. -func (s *store) Delete(ctx context.Context, dgst digest.Digest) error { - bp, err := s.blobPath(dgst) - if err != nil { - return fmt.Errorf("calculating blob path for delete: %w", err) - } - - if err := os.RemoveAll(bp); err != nil { - if !os.IsNotExist(err) { - return err - } - - return fmt.Errorf("content %v: %w", dgst, errdefs.ErrNotFound) - } - - return nil -} - -func (s *store) Update(ctx context.Context, info content.Info, fieldpaths ...string) (content.Info, error) { - if s.ls == nil { - return content.Info{}, fmt.Errorf("update not supported on immutable content store: %w", errdefs.ErrFailedPrecondition) - } - - p, err := s.blobPath(info.Digest) - if err != nil { - return content.Info{}, fmt.Errorf("calculating blob path for update: %w", err) - } - - fi, err := os.Stat(p) - if err != nil { - if os.IsNotExist(err) { - err = fmt.Errorf("content %v: %w", info.Digest, errdefs.ErrNotFound) - } - - return content.Info{}, err - } - - var ( - all bool - labels map[string]string - ) - if len(fieldpaths) > 0 { - for _, path := range fieldpaths { - if strings.HasPrefix(path, "labels.") { - if labels == nil { - labels = map[string]string{} - } - - key := strings.TrimPrefix(path, "labels.") - labels[key] = info.Labels[key] - continue - } - - switch path { - case "labels": - all = true - labels = info.Labels - default: - return content.Info{}, fmt.Errorf("cannot update %q field on content info %q: %w", path, info.Digest, errdefs.ErrInvalidArgument) - } - } - } else { - all = true - labels = info.Labels - } - - if all { - err = s.ls.Set(info.Digest, labels) - } else { - labels, err = s.ls.Update(info.Digest, labels) - } - if err != nil { - return content.Info{}, err - } - - info = s.info(info.Digest, fi, labels) - info.UpdatedAt = time.Now() - - if err := os.Chtimes(p, info.UpdatedAt, info.CreatedAt); err != nil { - log.G(ctx).WithError(err).Warnf("could not change access time for %s", info.Digest) - } - - return info, nil -} - -func (s *store) Walk(ctx context.Context, fn content.WalkFunc, fs ...string) error { - root := filepath.Join(s.root, "blobs") - - filter, err := filters.ParseAll(fs...) - if err != nil { - return err - } - - var alg digest.Algorithm - return filepath.Walk(root, func(path string, fi os.FileInfo, err error) error { - if err != nil { - return err - } - if !fi.IsDir() && !alg.Available() { - return nil - } - - // TODO(stevvooe): There are few more cases with subdirs that should be - // handled in case the layout gets corrupted. This isn't strict enough - // and may spew bad data. - - if path == root { - return nil - } - if filepath.Dir(path) == root { - alg = digest.Algorithm(filepath.Base(path)) - - if !alg.Available() { - alg = "" - return filepath.SkipDir - } - - // descending into a hash directory - return nil - } - - dgst := digest.NewDigestFromEncoded(alg, filepath.Base(path)) - if err := dgst.Validate(); err != nil { - // log error but don't report - log.L.WithError(err).WithField("path", path).Error("invalid digest for blob path") - // if we see this, it could mean some sort of corruption of the - // store or extra paths not expected previously. - } - - var labels map[string]string - if s.ls != nil { - labels, err = s.ls.Get(dgst) - if err != nil { - return err - } - } - - info := s.info(dgst, fi, labels) - if !filter.Match(content.AdaptInfo(info)) { - return nil - } - return fn(info) - }) -} - -func (s *store) Status(ctx context.Context, ref string) (content.Status, error) { - return s.status(s.ingestRoot(ref)) -} - -func (s *store) ListStatuses(ctx context.Context, fs ...string) ([]content.Status, error) { - fp, err := os.Open(filepath.Join(s.root, "ingest")) - if err != nil { - return nil, err - } - - defer fp.Close() - - fis, err := fp.Readdir(-1) - if err != nil { - return nil, err - } - - filter, err := filters.ParseAll(fs...) - if err != nil { - return nil, err - } - - var active []content.Status - for _, fi := range fis { - p := filepath.Join(s.root, "ingest", fi.Name()) - stat, err := s.status(p) - if err != nil { - if !os.IsNotExist(err) { - return nil, err - } - - // TODO(stevvooe): This is a common error if uploads are being - // completed while making this listing. Need to consider taking a - // lock on the whole store to coordinate this aspect. - // - // Another option is to cleanup downloads asynchronously and - // coordinate this method with the cleanup process. - // - // For now, we just skip them, as they really don't exist. - continue - } - - if filter.Match(adaptStatus(stat)) { - active = append(active, stat) - } - } - - return active, nil -} - -// WalkStatusRefs is used to walk all status references -// Failed status reads will be logged and ignored, if -// this function is called while references are being altered, -// these error messages may be produced. -func (s *store) WalkStatusRefs(ctx context.Context, fn func(string) error) error { - fp, err := os.Open(filepath.Join(s.root, "ingest")) - if err != nil { - return err - } - - defer fp.Close() - - fis, err := fp.Readdir(-1) - if err != nil { - return err - } - - for _, fi := range fis { - rf := filepath.Join(s.root, "ingest", fi.Name(), "ref") - - ref, err := readFileString(rf) - if err != nil { - log.G(ctx).WithError(err).WithField("path", rf).Error("failed to read ingest ref") - continue - } - - if err := fn(ref); err != nil { - return err - } - } - - return nil -} - -// status works like stat above except uses the path to the ingest. -func (s *store) status(ingestPath string) (content.Status, error) { - dp := filepath.Join(ingestPath, "data") - fi, err := os.Stat(dp) - if err != nil { - if os.IsNotExist(err) { - err = fmt.Errorf("%s: %w", err.Error(), errdefs.ErrNotFound) - } - return content.Status{}, err - } - - ref, err := readFileString(filepath.Join(ingestPath, "ref")) - if err != nil { - if os.IsNotExist(err) { - err = fmt.Errorf("%s: %w", err.Error(), errdefs.ErrNotFound) - } - return content.Status{}, err - } - - startedAt, err := readFileTimestamp(filepath.Join(ingestPath, "startedat")) - if err != nil { - return content.Status{}, fmt.Errorf("could not read startedat: %w", err) - } - - updatedAt, err := readFileTimestamp(filepath.Join(ingestPath, "updatedat")) - if err != nil { - return content.Status{}, fmt.Errorf("could not read updatedat: %w", err) - } - - // because we don't write updatedat on every write, the mod time may - // actually be more up to date. - if fi.ModTime().After(updatedAt) { - updatedAt = fi.ModTime() - } - - return content.Status{ - Ref: ref, - Offset: fi.Size(), - Total: s.total(ingestPath), - UpdatedAt: updatedAt, - StartedAt: startedAt, - }, nil -} - -func adaptStatus(status content.Status) filters.Adaptor { - return filters.AdapterFunc(func(fieldpath []string) (string, bool) { - if len(fieldpath) == 0 { - return "", false - } - switch fieldpath[0] { - case "ref": - return status.Ref, true - } - - return "", false - }) -} - -// total attempts to resolve the total expected size for the write. -func (s *store) total(ingestPath string) int64 { - totalS, err := readFileString(filepath.Join(ingestPath, "total")) - if err != nil { - return 0 - } - - total, err := strconv.ParseInt(totalS, 10, 64) - if err != nil { - // represents a corrupted file, should probably remove. - return 0 - } - - return total -} - -// Writer begins or resumes the active writer identified by ref. If the writer -// is already in use, an error is returned. Only one writer may be in use per -// ref at a time. -// -// The argument `ref` is used to uniquely identify a long-lived writer transaction. -func (s *store) Writer(ctx context.Context, opts ...content.WriterOpt) (content.Writer, error) { - var wOpts content.WriterOpts - for _, opt := range opts { - if err := opt(&wOpts); err != nil { - return nil, err - } - } - // TODO(AkihiroSuda): we could create a random string or one calculated based on the context - // https://github.com/containerd/containerd/issues/2129#issuecomment-380255019 - if wOpts.Ref == "" { - return nil, fmt.Errorf("ref must not be empty: %w", errdefs.ErrInvalidArgument) - } - var lockErr error - for count := uint64(0); count < 10; count++ { - if err := tryLock(wOpts.Ref); err != nil { - if !errdefs.IsUnavailable(err) { - return nil, err - } - - lockErr = err - } else { - lockErr = nil - break - } - time.Sleep(time.Millisecond * time.Duration(randutil.Intn(1< 0 && status.Total > 0 && total != status.Total { - return status, fmt.Errorf("provided total differs from status: %v != %v", total, status.Total) - } - - //nolint:dupword - // TODO(stevvooe): slow slow slow!!, send to goroutine or use resumable hashes - fp, err := os.Open(data) - if err != nil { - return status, err - } - - p := bufPool.Get().(*[]byte) - status.Offset, err = io.CopyBuffer(digester.Hash(), fp, *p) - bufPool.Put(p) - fp.Close() - return status, err -} - -// writer provides the main implementation of the Writer method. The caller -// must hold the lock correctly and release on error if there is a problem. -func (s *store) writer(ctx context.Context, ref string, total int64, expected digest.Digest) (content.Writer, error) { - // TODO(stevvooe): Need to actually store expected here. We have - // code in the service that shouldn't be dealing with this. - if expected != "" { - p, err := s.blobPath(expected) - if err != nil { - return nil, fmt.Errorf("calculating expected blob path for writer: %w", err) - } - if _, err := os.Stat(p); err == nil { - return nil, fmt.Errorf("content %v: %w", expected, errdefs.ErrAlreadyExists) - } - } - - path, refp, data := s.ingestPaths(ref) - - var ( - digester = digest.Canonical.Digester() - offset int64 - startedAt time.Time - updatedAt time.Time - ) - - foundValidIngest := false - // ensure that the ingest path has been created. - if err := os.Mkdir(path, 0755); err != nil { - if !os.IsExist(err) { - return nil, err - } - status, err := s.resumeStatus(ref, total, digester) - if err == nil { - foundValidIngest = true - updatedAt = status.UpdatedAt - startedAt = status.StartedAt - total = status.Total - offset = status.Offset - } else { - logrus.Infof("failed to resume the status from path %s: %s. will recreate them", path, err.Error()) - } - } - - if !foundValidIngest { - startedAt = time.Now() - updatedAt = startedAt - - // the ingest is new, we need to setup the target location. - // write the ref to a file for later use - if err := os.WriteFile(refp, []byte(ref), 0666); err != nil { - return nil, err - } - - if err := writeTimestampFile(filepath.Join(path, "startedat"), startedAt); err != nil { - return nil, err - } - - if err := writeTimestampFile(filepath.Join(path, "updatedat"), startedAt); err != nil { - return nil, err - } - - if total > 0 { - if err := os.WriteFile(filepath.Join(path, "total"), []byte(fmt.Sprint(total)), 0666); err != nil { - return nil, err - } - } - } - - fp, err := os.OpenFile(data, os.O_WRONLY|os.O_CREATE, 0666) - if err != nil { - return nil, fmt.Errorf("failed to open data file: %w", err) - } - - if _, err := fp.Seek(offset, io.SeekStart); err != nil { - fp.Close() - return nil, fmt.Errorf("could not seek to current write offset: %w", err) - } - - return &writer{ - s: s, - fp: fp, - ref: ref, - path: path, - offset: offset, - total: total, - digester: digester, - startedAt: startedAt, - updatedAt: updatedAt, - }, nil -} - -// Abort an active transaction keyed by ref. If the ingest is active, it will -// be cancelled. Any resources associated with the ingest will be cleaned. -func (s *store) Abort(ctx context.Context, ref string) error { - root := s.ingestRoot(ref) - if err := os.RemoveAll(root); err != nil { - if os.IsNotExist(err) { - return fmt.Errorf("ingest ref %q: %w", ref, errdefs.ErrNotFound) - } - - return err - } - - return nil -} - -func (s *store) blobPath(dgst digest.Digest) (string, error) { - if err := dgst.Validate(); err != nil { - return "", fmt.Errorf("cannot calculate blob path from invalid digest: %v: %w", err, errdefs.ErrInvalidArgument) - } - - return filepath.Join(s.root, "blobs", dgst.Algorithm().String(), dgst.Encoded()), nil -} - -func (s *store) ingestRoot(ref string) string { - // we take a digest of the ref to keep the ingest paths constant length. - // Note that this is not the current or potential digest of incoming content. - dgst := digest.FromString(ref) - return filepath.Join(s.root, "ingest", dgst.Encoded()) -} - -// ingestPaths are returned. The paths are the following: -// -// - root: entire ingest directory -// - ref: name of the starting ref, must be unique -// - data: file where data is written -func (s *store) ingestPaths(ref string) (string, string, string) { - var ( - fp = s.ingestRoot(ref) - rp = filepath.Join(fp, "ref") - dp = filepath.Join(fp, "data") - ) - - return fp, rp, dp -} - -func readFileString(path string) (string, error) { - p, err := os.ReadFile(path) - return string(p), err -} - -// readFileTimestamp reads a file with just a timestamp present. -func readFileTimestamp(p string) (time.Time, error) { - b, err := os.ReadFile(p) - if err != nil { - if os.IsNotExist(err) { - err = fmt.Errorf("%s: %w", err.Error(), errdefs.ErrNotFound) - } - return time.Time{}, err - } - - var t time.Time - if err := t.UnmarshalText(b); err != nil { - return time.Time{}, fmt.Errorf("could not parse timestamp file %v: %w", p, err) - } - - return t, nil -} - -func writeTimestampFile(p string, t time.Time) error { - b, err := t.MarshalText() - if err != nil { - return err - } - return writeToCompletion(p, b, 0666) -} - -func writeToCompletion(path string, data []byte, mode os.FileMode) error { - tmp := fmt.Sprintf("%s.tmp", path) - f, err := os.OpenFile(tmp, os.O_RDWR|os.O_CREATE|os.O_TRUNC|os.O_SYNC, mode) - if err != nil { - return fmt.Errorf("create tmp file: %w", err) - } - _, err = f.Write(data) - f.Close() - if err != nil { - return fmt.Errorf("write tmp file: %w", err) - } - err = os.Rename(tmp, path) - if err != nil { - return fmt.Errorf("rename tmp file: %w", err) - } - return nil -} diff --git a/vendor/github.com/containerd/containerd/content/local/store_bsd.go b/vendor/github.com/containerd/containerd/content/local/store_bsd.go deleted file mode 100644 index 7dcc192327..0000000000 --- a/vendor/github.com/containerd/containerd/content/local/store_bsd.go +++ /dev/null @@ -1,33 +0,0 @@ -//go:build darwin || freebsd || netbsd - -/* - Copyright The containerd Authors. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -package local - -import ( - "os" - "syscall" - "time" -) - -func getATime(fi os.FileInfo) time.Time { - if st, ok := fi.Sys().(*syscall.Stat_t); ok { - return time.Unix(st.Atimespec.Unix()) - } - - return fi.ModTime() -} diff --git a/vendor/github.com/containerd/containerd/content/local/store_openbsd.go b/vendor/github.com/containerd/containerd/content/local/store_openbsd.go deleted file mode 100644 index 45dfa9997e..0000000000 --- a/vendor/github.com/containerd/containerd/content/local/store_openbsd.go +++ /dev/null @@ -1,33 +0,0 @@ -//go:build openbsd - -/* - Copyright The containerd Authors. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -package local - -import ( - "os" - "syscall" - "time" -) - -func getATime(fi os.FileInfo) time.Time { - if st, ok := fi.Sys().(*syscall.Stat_t); ok { - return time.Unix(st.Atim.Unix()) - } - - return fi.ModTime() -} diff --git a/vendor/github.com/containerd/containerd/content/local/store_unix.go b/vendor/github.com/containerd/containerd/content/local/store_unix.go deleted file mode 100644 index cb01c91c7f..0000000000 --- a/vendor/github.com/containerd/containerd/content/local/store_unix.go +++ /dev/null @@ -1,33 +0,0 @@ -//go:build linux || solaris - -/* - Copyright The containerd Authors. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -package local - -import ( - "os" - "syscall" - "time" -) - -func getATime(fi os.FileInfo) time.Time { - if st, ok := fi.Sys().(*syscall.Stat_t); ok { - return time.Unix(st.Atim.Unix()) - } - - return fi.ModTime() -} diff --git a/vendor/github.com/containerd/containerd/content/local/store_windows.go b/vendor/github.com/containerd/containerd/content/local/store_windows.go deleted file mode 100644 index bce8499790..0000000000 --- a/vendor/github.com/containerd/containerd/content/local/store_windows.go +++ /dev/null @@ -1,26 +0,0 @@ -/* - Copyright The containerd Authors. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -package local - -import ( - "os" - "time" -) - -func getATime(fi os.FileInfo) time.Time { - return fi.ModTime() -} diff --git a/vendor/github.com/containerd/containerd/content/local/test_helper.go b/vendor/github.com/containerd/containerd/content/local/test_helper.go deleted file mode 100644 index 42de01cae8..0000000000 --- a/vendor/github.com/containerd/containerd/content/local/test_helper.go +++ /dev/null @@ -1,38 +0,0 @@ -/* - Copyright The containerd Authors. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -package local - -import ( - "context" - "testing" - - "github.com/containerd/containerd/content" -) - -func contentStoreEnv(t testing.TB) (context.Context, string, content.Store, func()) { - tmpdir := t.TempDir() - - cs, err := NewStore(tmpdir) - if err != nil { - t.Fatal(err) - } - - ctx, cancel := context.WithCancel(context.Background()) - return ctx, tmpdir, cs, func() { - cancel() - } -} diff --git a/vendor/github.com/containerd/containerd/content/local/writer.go b/vendor/github.com/containerd/containerd/content/local/writer.go deleted file mode 100644 index b187e524cb..0000000000 --- a/vendor/github.com/containerd/containerd/content/local/writer.go +++ /dev/null @@ -1,208 +0,0 @@ -/* - Copyright The containerd Authors. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -package local - -import ( - "context" - "errors" - "fmt" - "io" - "os" - "path/filepath" - "runtime" - "time" - - "github.com/containerd/containerd/content" - "github.com/containerd/containerd/errdefs" - "github.com/containerd/containerd/log" - "github.com/opencontainers/go-digest" -) - -// writer represents a write transaction against the blob store. -type writer struct { - s *store - fp *os.File // opened data file - path string // path to writer dir - ref string // ref key - offset int64 - total int64 - digester digest.Digester - startedAt time.Time - updatedAt time.Time -} - -func (w *writer) Status() (content.Status, error) { - return content.Status{ - Ref: w.ref, - Offset: w.offset, - Total: w.total, - StartedAt: w.startedAt, - UpdatedAt: w.updatedAt, - }, nil -} - -// Digest returns the current digest of the content, up to the current write. -// -// Cannot be called concurrently with `Write`. -func (w *writer) Digest() digest.Digest { - return w.digester.Digest() -} - -// Write p to the transaction. -// -// Note that writes are unbuffered to the backing file. When writing, it is -// recommended to wrap in a bufio.Writer or, preferably, use io.CopyBuffer. -func (w *writer) Write(p []byte) (n int, err error) { - n, err = w.fp.Write(p) - w.digester.Hash().Write(p[:n]) - w.offset += int64(len(p)) - w.updatedAt = time.Now() - return n, err -} - -func (w *writer) Commit(ctx context.Context, size int64, expected digest.Digest, opts ...content.Opt) error { - // Ensure even on error the writer is fully closed - defer unlock(w.ref) - - var base content.Info - for _, opt := range opts { - if err := opt(&base); err != nil { - return err - } - } - - fp := w.fp - w.fp = nil - - if fp == nil { - return fmt.Errorf("cannot commit on closed writer: %w", errdefs.ErrFailedPrecondition) - } - - if err := fp.Sync(); err != nil { - fp.Close() - return fmt.Errorf("sync failed: %w", err) - } - - fi, err := fp.Stat() - closeErr := fp.Close() - if err != nil { - return fmt.Errorf("stat on ingest file failed: %w", err) - } - if closeErr != nil { - return fmt.Errorf("failed to close ingest file: %w", closeErr) - } - - if size > 0 && size != fi.Size() { - return fmt.Errorf("unexpected commit size %d, expected %d: %w", fi.Size(), size, errdefs.ErrFailedPrecondition) - } - - dgst := w.digester.Digest() - if expected != "" && expected != dgst { - return fmt.Errorf("unexpected commit digest %s, expected %s: %w", dgst, expected, errdefs.ErrFailedPrecondition) - } - - var ( - ingest = filepath.Join(w.path, "data") - target, _ = w.s.blobPath(dgst) // ignore error because we calculated this dgst - ) - - // make sure parent directories of blob exist - if err := os.MkdirAll(filepath.Dir(target), 0755); err != nil { - return err - } - - if _, err := os.Stat(target); err == nil { - // collision with the target file! - if err := os.RemoveAll(w.path); err != nil { - log.G(ctx).WithField("ref", w.ref).WithField("path", w.path).Error("failed to remove ingest directory") - } - return fmt.Errorf("content %v: %w", dgst, errdefs.ErrAlreadyExists) - } - - if err := os.Rename(ingest, target); err != nil { - return err - } - - // Ingest has now been made available in the content store, attempt to complete - // setting metadata but errors should only be logged and not returned since - // the content store cannot be cleanly rolled back. - - commitTime := time.Now() - if err := os.Chtimes(target, commitTime, commitTime); err != nil { - log.G(ctx).WithField("digest", dgst).Error("failed to change file time to commit time") - } - - // clean up!! - if err := os.RemoveAll(w.path); err != nil { - log.G(ctx).WithField("ref", w.ref).WithField("path", w.path).Error("failed to remove ingest directory") - } - - if w.s.ls != nil && base.Labels != nil { - if err := w.s.ls.Set(dgst, base.Labels); err != nil { - log.G(ctx).WithField("digest", dgst).Error("failed to set labels") - } - } - - // change to readonly, more important for read, but provides _some_ - // protection from this point on. We use the existing perms with a mask - // only allowing reads honoring the umask on creation. - // - // This removes write and exec, only allowing read per the creation umask. - // - // NOTE: Windows does not support this operation - if runtime.GOOS != "windows" { - if err := os.Chmod(target, (fi.Mode()&os.ModePerm)&^0333); err != nil { - log.G(ctx).WithField("ref", w.ref).Error("failed to make readonly") - } - } - - return nil -} - -// Close the writer, flushing any unwritten data and leaving the progress in -// tact. -// -// If one needs to resume the transaction, a new writer can be obtained from -// `Ingester.Writer` using the same key. The write can then be continued -// from it was left off. -// -// To abandon a transaction completely, first call close then `IngestManager.Abort` to -// clean up the associated resources. -func (w *writer) Close() (err error) { - if w.fp != nil { - w.fp.Sync() - err = w.fp.Close() - writeTimestampFile(filepath.Join(w.path, "updatedat"), w.updatedAt) - w.fp = nil - unlock(w.ref) - return - } - - return nil -} - -func (w *writer) Truncate(size int64) error { - if size != 0 { - return errors.New("Truncate: unsupported size") - } - w.offset = 0 - w.digester.Hash().Reset() - if _, err := w.fp.Seek(0, io.SeekStart); err != nil { - return err - } - return w.fp.Truncate(0) -} diff --git a/vendor/github.com/containerd/containerd/images/image.go b/vendor/github.com/containerd/containerd/images/image.go index 2d2e36a9a3..d45afe482c 100644 --- a/vendor/github.com/containerd/containerd/images/image.go +++ b/vendor/github.com/containerd/containerd/images/image.go @@ -138,7 +138,7 @@ type platformManifest struct { // TODO(stevvooe): This violates the current platform agnostic approach to this // package by returning a specific manifest type. We'll need to refactor this // to return a manifest descriptor or decide that we want to bring the API in -// this direction because this abstraction is not needed. +// this direction because this abstraction is not needed.` func Manifest(ctx context.Context, provider content.Provider, image ocispec.Descriptor, platform platforms.MatchComparer) (ocispec.Manifest, error) { var ( limit = 1 @@ -311,7 +311,7 @@ func Check(ctx context.Context, provider content.Provider, image ocispec.Descrip return false, nil, nil, nil, fmt.Errorf("failed to check image %v: %w", image.Digest, err) } - // TODO(stevvooe): It is possible that referenced components could have + // TODO(stevvooe): It is possible that referenced conponents could have // children, but this is rare. For now, we ignore this and only verify // that manifest components are present. required = append([]ocispec.Descriptor{mfst.Config}, mfst.Layers...) diff --git a/vendor/github.com/containerd/containerd/images/labels.go b/vendor/github.com/containerd/containerd/images/labels.go deleted file mode 100644 index 06dfed572d..0000000000 --- a/vendor/github.com/containerd/containerd/images/labels.go +++ /dev/null @@ -1,21 +0,0 @@ -/* - Copyright The containerd Authors. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -package images - -const ( - ConvertedDockerSchema1LabelKey = "io.containerd.image/converted-docker-schema1" -) diff --git a/vendor/github.com/containerd/containerd/images/mediatypes.go b/vendor/github.com/containerd/containerd/images/mediatypes.go index 067963babb..671e160e15 100644 --- a/vendor/github.com/containerd/containerd/images/mediatypes.go +++ b/vendor/github.com/containerd/containerd/images/mediatypes.go @@ -38,9 +38,7 @@ const ( MediaTypeDockerSchema2Config = "application/vnd.docker.container.image.v1+json" MediaTypeDockerSchema2Manifest = "application/vnd.docker.distribution.manifest.v2+json" MediaTypeDockerSchema2ManifestList = "application/vnd.docker.distribution.manifest.list.v2+json" - // Checkpoint/Restore Media Types - MediaTypeContainerd1Checkpoint = "application/vnd.containerd.container.criu.checkpoint.criu.tar" MediaTypeContainerd1CheckpointPreDump = "application/vnd.containerd.container.criu.checkpoint.predump.tar" MediaTypeContainerd1Resource = "application/vnd.containerd.container.resource.tar" @@ -49,12 +47,9 @@ const ( MediaTypeContainerd1CheckpointOptions = "application/vnd.containerd.container.checkpoint.options.v1+proto" MediaTypeContainerd1CheckpointRuntimeName = "application/vnd.containerd.container.checkpoint.runtime.name" MediaTypeContainerd1CheckpointRuntimeOptions = "application/vnd.containerd.container.checkpoint.runtime.options+proto" - - // MediaTypeDockerSchema1Manifest is the legacy Docker schema1 manifest + // Legacy Docker schema1 manifest MediaTypeDockerSchema1Manifest = "application/vnd.docker.distribution.manifest.v1+prettyjws" - - // Encrypted media types - + // Encypted media types MediaTypeImageLayerEncrypted = ocispec.MediaTypeImageLayer + "+encrypted" MediaTypeImageLayerGzipEncrypted = ocispec.MediaTypeImageLayerGzip + "+encrypted" ) @@ -98,23 +93,16 @@ func DiffCompression(ctx context.Context, mediaType string) (string, error) { // parseMediaTypes splits the media type into the base type and // an array of sorted extensions -func parseMediaTypes(mt string) (mediaType string, suffixes []string) { +func parseMediaTypes(mt string) (string, []string) { if mt == "" { return "", []string{} } - mediaType, ext, ok := strings.Cut(mt, "+") - if !ok { - return mediaType, []string{} - } - // Splitting the extensions following the mediatype "(+)gzip+encrypted". - // We expect this to be a limited list, so add an arbitrary limit (50). - // - // Note that DiffCompression is only using the last element, so perhaps we - // should split on the last "+" only. - suffixes = strings.SplitN(ext, "+", 50) - sort.Strings(suffixes) - return mediaType, suffixes + s := strings.Split(mt, "+") + ext := s[1:] + sort.Strings(ext) + + return s[0], ext } // IsNonDistributable returns true if the media type is non-distributable. @@ -130,7 +118,8 @@ func IsLayerType(mt string) bool { } // Parse Docker media types, strip off any + suffixes first - switch base, _ := parseMediaTypes(mt); base { + base, _ := parseMediaTypes(mt) + switch base { case MediaTypeDockerSchema2Layer, MediaTypeDockerSchema2LayerGzip, MediaTypeDockerSchema2LayerForeign, MediaTypeDockerSchema2LayerForeignGzip: return true diff --git a/vendor/github.com/containerd/containerd/labels/labels.go b/vendor/github.com/containerd/containerd/labels/labels.go index 0f9bab5c5d..d76ff2cf9c 100644 --- a/vendor/github.com/containerd/containerd/labels/labels.go +++ b/vendor/github.com/containerd/containerd/labels/labels.go @@ -19,11 +19,3 @@ package labels // LabelUncompressed is added to compressed layer contents. // The value is digest of the uncompressed content. const LabelUncompressed = "containerd.io/uncompressed" - -// LabelSharedNamespace is added to a namespace to allow that namespaces -// contents to be shared. -const LabelSharedNamespace = "containerd.io/namespace.shareable" - -// LabelDistributionSource is added to content to indicate its origin. -// e.g., "containerd.io/distribution.source.docker.io=library/redis" -const LabelDistributionSource = "containerd.io/distribution.source" diff --git a/vendor/github.com/containerd/containerd/labels/validate.go b/vendor/github.com/containerd/containerd/labels/validate.go index f83b5dde29..1fd527adb3 100644 --- a/vendor/github.com/containerd/containerd/labels/validate.go +++ b/vendor/github.com/containerd/containerd/labels/validate.go @@ -24,18 +24,15 @@ import ( const ( maxSize = 4096 - // maximum length of key portion of error message if len of key + len of value > maxSize - keyMaxLen = 64 ) // Validate a label's key and value are under 4096 bytes func Validate(k, v string) error { - total := len(k) + len(v) - if total > maxSize { - if len(k) > keyMaxLen { - k = k[:keyMaxLen] + if (len(k) + len(v)) > maxSize { + if len(k) > 10 { + k = k[:10] } - return fmt.Errorf("label key and value length (%d bytes) greater than maximum size (%d bytes), key: %s: %w", total, maxSize, k, errdefs.ErrInvalidArgument) + return fmt.Errorf("label key and value greater than maximum size (%d bytes), key: %s: %w", maxSize, k, errdefs.ErrInvalidArgument) } return nil } diff --git a/vendor/github.com/containerd/containerd/log/context.go b/vendor/github.com/containerd/containerd/log/context.go new file mode 100644 index 0000000000..0db9562b82 --- /dev/null +++ b/vendor/github.com/containerd/containerd/log/context.go @@ -0,0 +1,69 @@ +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package log + +import ( + "context" + + "github.com/sirupsen/logrus" +) + +var ( + // G is an alias for GetLogger. + // + // We may want to define this locally to a package to get package tagged log + // messages. + G = GetLogger + + // L is an alias for the standard logger. + L = logrus.NewEntry(logrus.StandardLogger()) +) + +type ( + loggerKey struct{} +) + +const ( + // RFC3339NanoFixed is time.RFC3339Nano with nanoseconds padded using zeros to + // ensure the formatted time is always the same number of characters. + RFC3339NanoFixed = "2006-01-02T15:04:05.000000000Z07:00" + + // TextFormat represents the text logging format + TextFormat = "text" + + // JSONFormat represents the JSON logging format + JSONFormat = "json" +) + +// WithLogger returns a new context with the provided logger. Use in +// combination with logger.WithField(s) for great effect. +func WithLogger(ctx context.Context, logger *logrus.Entry) context.Context { + e := logger.WithContext(ctx) + return context.WithValue(ctx, loggerKey{}, e) +} + +// GetLogger retrieves the current logger from the context. If no logger is +// available, the default logger is returned. +func GetLogger(ctx context.Context) *logrus.Entry { + logger := ctx.Value(loggerKey{}) + + if logger == nil { + return L.WithContext(ctx) + } + + return logger.(*logrus.Entry) +} diff --git a/vendor/github.com/containerd/containerd/log/context_deprecated.go b/vendor/github.com/containerd/containerd/log/context_deprecated.go deleted file mode 100644 index 9e9e8b4913..0000000000 --- a/vendor/github.com/containerd/containerd/log/context_deprecated.go +++ /dev/null @@ -1,149 +0,0 @@ -/* - Copyright The containerd Authors. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -package log - -import ( - "context" - - "github.com/containerd/log" -) - -// G is a shorthand for [GetLogger]. -// -// Deprecated: use [log.G]. -var G = log.G - -// L is an alias for the standard logger. -// -// Deprecated: use [log.L]. -var L = log.L - -// Fields type to pass to "WithFields". -// -// Deprecated: use [log.Fields]. -type Fields = log.Fields - -// Entry is a logging entry. -// -// Deprecated: use [log.Entry]. -type Entry = log.Entry - -// RFC3339NanoFixed is [time.RFC3339Nano] with nanoseconds padded using -// zeros to ensure the formatted time is always the same number of -// characters. -// -// Deprecated: use [log.RFC3339NanoFixed]. -const RFC3339NanoFixed = log.RFC3339NanoFixed - -// Level is a logging level. -// -// Deprecated: use [log.Level]. -type Level = log.Level - -// Supported log levels. -const ( - // TraceLevel level. - // - // Deprecated: use [log.TraceLevel]. - TraceLevel Level = log.TraceLevel - - // DebugLevel level. - // - // Deprecated: use [log.DebugLevel]. - DebugLevel Level = log.DebugLevel - - // InfoLevel level. - // - // Deprecated: use [log.InfoLevel]. - InfoLevel Level = log.InfoLevel - - // WarnLevel level. - // - // Deprecated: use [log.WarnLevel]. - WarnLevel Level = log.WarnLevel - - // ErrorLevel level - // - // Deprecated: use [log.ErrorLevel]. - ErrorLevel Level = log.ErrorLevel - - // FatalLevel level. - // - // Deprecated: use [log.FatalLevel]. - FatalLevel Level = log.FatalLevel - - // PanicLevel level. - // - // Deprecated: use [log.PanicLevel]. - PanicLevel Level = log.PanicLevel -) - -// SetLevel sets log level globally. It returns an error if the given -// level is not supported. -// -// Deprecated: use [log.SetLevel]. -func SetLevel(level string) error { - return log.SetLevel(level) -} - -// GetLevel returns the current log level. -// -// Deprecated: use [log.GetLevel]. -func GetLevel() log.Level { - return log.GetLevel() -} - -// OutputFormat specifies a log output format. -// -// Deprecated: use [log.OutputFormat]. -type OutputFormat = log.OutputFormat - -// Supported log output formats. -const ( - // TextFormat represents the text logging format. - // - // Deprecated: use [log.TextFormat]. - TextFormat log.OutputFormat = "text" - - // JSONFormat represents the JSON logging format. - // - // Deprecated: use [log.JSONFormat]. - JSONFormat log.OutputFormat = "json" -) - -// SetFormat sets the log output format. -// -// Deprecated: use [log.SetFormat]. -func SetFormat(format OutputFormat) error { - return log.SetFormat(format) -} - -// WithLogger returns a new context with the provided logger. Use in -// combination with logger.WithField(s) for great effect. -// -// Deprecated: use [log.WithLogger]. -func WithLogger(ctx context.Context, logger *log.Entry) context.Context { - return log.WithLogger(ctx, logger) -} - -// GetLogger retrieves the current logger from the context. If no logger is -// available, the default logger is returned. -// -// Deprecated: use [log.GetLogger]. -func GetLogger(ctx context.Context) *log.Entry { - return log.GetLogger(ctx) -} diff --git a/vendor/github.com/containerd/containerd/pkg/randutil/randutil.go b/vendor/github.com/containerd/containerd/pkg/randutil/randutil.go deleted file mode 100644 index f4b657d7dd..0000000000 --- a/vendor/github.com/containerd/containerd/pkg/randutil/randutil.go +++ /dev/null @@ -1,48 +0,0 @@ -/* - Copyright The containerd Authors. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -// Package randutil provides utilities for [cyrpto/rand]. -package randutil - -import ( - "crypto/rand" - "math" - "math/big" -) - -// Int63n is similar to [math/rand.Int63n] but uses [crypto/rand.Reader] under the hood. -func Int63n(n int64) int64 { - b, err := rand.Int(rand.Reader, big.NewInt(n)) - if err != nil { - panic(err) - } - return b.Int64() -} - -// Int63 is similar to [math/rand.Int63] but uses [crypto/rand.Reader] under the hood. -func Int63() int64 { - return Int63n(math.MaxInt64) -} - -// Intn is similar to [math/rand.Intn] but uses [crypto/rand.Reader] under the hood. -func Intn(n int) int { - return int(Int63n(int64(n))) -} - -// Int is similar to [math/rand.Int] but uses [crypto/rand.Reader] under the hood. -func Int() int { - return int(Int63()) -} diff --git a/vendor/github.com/containerd/containerd/platforms/cpuinfo.go b/vendor/github.com/containerd/containerd/platforms/cpuinfo.go index 8c600fc96b..046e0356d1 100644 --- a/vendor/github.com/containerd/containerd/platforms/cpuinfo.go +++ b/vendor/github.com/containerd/containerd/platforms/cpuinfo.go @@ -17,9 +17,14 @@ package platforms import ( + "bufio" + "fmt" + "os" "runtime" + "strings" "sync" + "github.com/containerd/containerd/errdefs" "github.com/containerd/containerd/log" ) @@ -32,12 +37,95 @@ var cpuVariantOnce sync.Once func cpuVariant() string { cpuVariantOnce.Do(func() { if isArmArch(runtime.GOARCH) { - var err error - cpuVariantValue, err = getCPUVariant() - if err != nil { - log.L.Errorf("Error getCPUVariant for OS %s: %v", runtime.GOOS, err) - } + cpuVariantValue = getCPUVariant() } }) return cpuVariantValue } + +// For Linux, the kernel has already detected the ABI, ISA and Features. +// So we don't need to access the ARM registers to detect platform information +// by ourselves. We can just parse these information from /proc/cpuinfo +func getCPUInfo(pattern string) (info string, err error) { + if !isLinuxOS(runtime.GOOS) { + return "", fmt.Errorf("getCPUInfo for OS %s: %w", runtime.GOOS, errdefs.ErrNotImplemented) + } + + cpuinfo, err := os.Open("/proc/cpuinfo") + if err != nil { + return "", err + } + defer cpuinfo.Close() + + // Start to Parse the Cpuinfo line by line. For SMP SoC, we parse + // the first core is enough. + scanner := bufio.NewScanner(cpuinfo) + for scanner.Scan() { + newline := scanner.Text() + list := strings.Split(newline, ":") + + if len(list) > 1 && strings.EqualFold(strings.TrimSpace(list[0]), pattern) { + return strings.TrimSpace(list[1]), nil + } + } + + // Check whether the scanner encountered errors + err = scanner.Err() + if err != nil { + return "", err + } + + return "", fmt.Errorf("getCPUInfo for pattern: %s: %w", pattern, errdefs.ErrNotFound) +} + +func getCPUVariant() string { + if runtime.GOOS == "windows" || runtime.GOOS == "darwin" { + // Windows/Darwin only supports v7 for ARM32 and v8 for ARM64 and so we can use + // runtime.GOARCH to determine the variants + var variant string + switch runtime.GOARCH { + case "arm64": + variant = "v8" + case "arm": + variant = "v7" + default: + variant = "unknown" + } + + return variant + } + + variant, err := getCPUInfo("Cpu architecture") + if err != nil { + log.L.WithError(err).Error("failure getting variant") + return "" + } + + // handle edge case for Raspberry Pi ARMv6 devices (which due to a kernel quirk, report "CPU architecture: 7") + // https://www.raspberrypi.org/forums/viewtopic.php?t=12614 + if runtime.GOARCH == "arm" && variant == "7" { + model, err := getCPUInfo("model name") + if err == nil && strings.HasPrefix(strings.ToLower(model), "armv6-compatible") { + variant = "6" + } + } + + switch strings.ToLower(variant) { + case "8", "aarch64": + variant = "v8" + case "7", "7m", "?(12)", "?(13)", "?(14)", "?(15)", "?(16)", "?(17)": + variant = "v7" + case "6", "6tej": + variant = "v6" + case "5", "5t", "5te", "5tej": + variant = "v5" + case "4", "4t": + variant = "v4" + case "3": + variant = "v3" + default: + variant = "unknown" + } + + return variant +} diff --git a/vendor/github.com/containerd/containerd/platforms/cpuinfo_linux.go b/vendor/github.com/containerd/containerd/platforms/cpuinfo_linux.go deleted file mode 100644 index 722d86c357..0000000000 --- a/vendor/github.com/containerd/containerd/platforms/cpuinfo_linux.go +++ /dev/null @@ -1,161 +0,0 @@ -/* - Copyright The containerd Authors. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -package platforms - -import ( - "bufio" - "bytes" - "fmt" - "os" - "runtime" - "strings" - - "github.com/containerd/containerd/errdefs" - "golang.org/x/sys/unix" -) - -// getMachineArch retrieves the machine architecture through system call -func getMachineArch() (string, error) { - var uname unix.Utsname - err := unix.Uname(&uname) - if err != nil { - return "", err - } - - arch := string(uname.Machine[:bytes.IndexByte(uname.Machine[:], 0)]) - - return arch, nil -} - -// For Linux, the kernel has already detected the ABI, ISA and Features. -// So we don't need to access the ARM registers to detect platform information -// by ourselves. We can just parse these information from /proc/cpuinfo -func getCPUInfo(pattern string) (info string, err error) { - - cpuinfo, err := os.Open("/proc/cpuinfo") - if err != nil { - return "", err - } - defer cpuinfo.Close() - - // Start to Parse the Cpuinfo line by line. For SMP SoC, we parse - // the first core is enough. - scanner := bufio.NewScanner(cpuinfo) - for scanner.Scan() { - newline := scanner.Text() - list := strings.Split(newline, ":") - - if len(list) > 1 && strings.EqualFold(strings.TrimSpace(list[0]), pattern) { - return strings.TrimSpace(list[1]), nil - } - } - - // Check whether the scanner encountered errors - err = scanner.Err() - if err != nil { - return "", err - } - - return "", fmt.Errorf("getCPUInfo for pattern %s: %w", pattern, errdefs.ErrNotFound) -} - -// getCPUVariantFromArch get CPU variant from arch through a system call -func getCPUVariantFromArch(arch string) (string, error) { - - var variant string - - arch = strings.ToLower(arch) - - if arch == "aarch64" { - variant = "8" - } else if arch[0:4] == "armv" && len(arch) >= 5 { - //Valid arch format is in form of armvXx - switch arch[3:5] { - case "v8": - variant = "8" - case "v7": - variant = "7" - case "v6": - variant = "6" - case "v5": - variant = "5" - case "v4": - variant = "4" - case "v3": - variant = "3" - default: - variant = "unknown" - } - } else { - return "", fmt.Errorf("getCPUVariantFromArch invalid arch: %s, %w", arch, errdefs.ErrInvalidArgument) - } - return variant, nil -} - -// getCPUVariant returns cpu variant for ARM -// We first try reading "Cpu architecture" field from /proc/cpuinfo -// If we can't find it, then fall back using a system call -// This is to cover running ARM in emulated environment on x86 host as this field in /proc/cpuinfo -// was not present. -func getCPUVariant() (string, error) { - - variant, err := getCPUInfo("Cpu architecture") - if err != nil { - if errdefs.IsNotFound(err) { - //Let's try getting CPU variant from machine architecture - arch, err := getMachineArch() - if err != nil { - return "", fmt.Errorf("failure getting machine architecture: %v", err) - } - - variant, err = getCPUVariantFromArch(arch) - if err != nil { - return "", fmt.Errorf("failure getting CPU variant from machine architecture: %v", err) - } - } else { - return "", fmt.Errorf("failure getting CPU variant: %v", err) - } - } - - // handle edge case for Raspberry Pi ARMv6 devices (which due to a kernel quirk, report "CPU architecture: 7") - // https://www.raspberrypi.org/forums/viewtopic.php?t=12614 - if runtime.GOARCH == "arm" && variant == "7" { - model, err := getCPUInfo("model name") - if err == nil && strings.HasPrefix(strings.ToLower(model), "armv6-compatible") { - variant = "6" - } - } - - switch strings.ToLower(variant) { - case "8", "aarch64": - variant = "v8" - case "7", "7m", "?(12)", "?(13)", "?(14)", "?(15)", "?(16)", "?(17)": - variant = "v7" - case "6", "6tej": - variant = "v6" - case "5", "5t", "5te", "5tej": - variant = "v5" - case "4", "4t": - variant = "v4" - case "3": - variant = "v3" - default: - variant = "unknown" - } - - return variant, nil -} diff --git a/vendor/github.com/containerd/containerd/platforms/cpuinfo_other.go b/vendor/github.com/containerd/containerd/platforms/cpuinfo_other.go deleted file mode 100644 index fa5f19c427..0000000000 --- a/vendor/github.com/containerd/containerd/platforms/cpuinfo_other.go +++ /dev/null @@ -1,59 +0,0 @@ -//go:build !linux - -/* - Copyright The containerd Authors. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -package platforms - -import ( - "fmt" - "runtime" - - "github.com/containerd/containerd/errdefs" -) - -func getCPUVariant() (string, error) { - - var variant string - - if runtime.GOOS == "windows" || runtime.GOOS == "darwin" { - // Windows/Darwin only supports v7 for ARM32 and v8 for ARM64 and so we can use - // runtime.GOARCH to determine the variants - switch runtime.GOARCH { - case "arm64": - variant = "v8" - case "arm": - variant = "v7" - default: - variant = "unknown" - } - } else if runtime.GOOS == "freebsd" { - // FreeBSD supports ARMv6 and ARMv7 as well as ARMv4 and ARMv5 (though deprecated) - // detecting those variants is currently unimplemented - switch runtime.GOARCH { - case "arm64": - variant = "v8" - default: - variant = "unknown" - } - - } else { - return "", fmt.Errorf("getCPUVariant for OS %s: %v", runtime.GOOS, errdefs.ErrNotImplemented) - - } - - return variant, nil -} diff --git a/vendor/github.com/containerd/containerd/platforms/database.go b/vendor/github.com/containerd/containerd/platforms/database.go index 2e26fd3b4f..dbe9957ca9 100644 --- a/vendor/github.com/containerd/containerd/platforms/database.go +++ b/vendor/github.com/containerd/containerd/platforms/database.go @@ -21,6 +21,13 @@ import ( "strings" ) +// isLinuxOS returns true if the operating system is Linux. +// +// The OS value should be normalized before calling this function. +func isLinuxOS(os string) bool { + return os == "linux" +} + // These function are generated from https://golang.org/src/go/build/syslist.go. // // We use switch statements because they are slightly faster than map lookups diff --git a/vendor/github.com/containerd/containerd/platforms/defaults_darwin.go b/vendor/github.com/containerd/containerd/platforms/defaults_darwin.go index 72355ca85f..e249fe48d3 100644 --- a/vendor/github.com/containerd/containerd/platforms/defaults_darwin.go +++ b/vendor/github.com/containerd/containerd/platforms/defaults_darwin.go @@ -1,4 +1,5 @@ //go:build darwin +// +build darwin /* Copyright The containerd Authors. diff --git a/vendor/github.com/containerd/containerd/platforms/defaults_freebsd.go b/vendor/github.com/containerd/containerd/platforms/defaults_freebsd.go deleted file mode 100644 index d3fe89e076..0000000000 --- a/vendor/github.com/containerd/containerd/platforms/defaults_freebsd.go +++ /dev/null @@ -1,43 +0,0 @@ -/* - Copyright The containerd Authors. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -package platforms - -import ( - "runtime" - - specs "github.com/opencontainers/image-spec/specs-go/v1" -) - -// DefaultSpec returns the current platform's default platform specification. -func DefaultSpec() specs.Platform { - return specs.Platform{ - OS: runtime.GOOS, - Architecture: runtime.GOARCH, - // The Variant field will be empty if arch != ARM. - Variant: cpuVariant(), - } -} - -// Default returns the default matcher for the platform. -func Default() MatchComparer { - return Ordered(DefaultSpec(), specs.Platform{ - OS: "linux", - Architecture: runtime.GOARCH, - // The Variant field will be empty if arch != ARM. - Variant: cpuVariant(), - }) -} diff --git a/vendor/github.com/containerd/containerd/platforms/defaults_unix.go b/vendor/github.com/containerd/containerd/platforms/defaults_unix.go index 44acc47eb3..49690f1b3e 100644 --- a/vendor/github.com/containerd/containerd/platforms/defaults_unix.go +++ b/vendor/github.com/containerd/containerd/platforms/defaults_unix.go @@ -1,4 +1,5 @@ -//go:build !windows && !darwin && !freebsd +//go:build !windows && !darwin +// +build !windows,!darwin /* Copyright The containerd Authors. diff --git a/vendor/github.com/containerd/containerd/platforms/defaults_windows.go b/vendor/github.com/containerd/containerd/platforms/defaults_windows.go index d10fa9012b..ff9771a600 100644 --- a/vendor/github.com/containerd/containerd/platforms/defaults_windows.go +++ b/vendor/github.com/containerd/containerd/platforms/defaults_windows.go @@ -22,7 +22,7 @@ import ( "strconv" "strings" - "github.com/Microsoft/hcsshim/osversion" + imagespec "github.com/opencontainers/image-spec/specs-go/v1" specs "github.com/opencontainers/image-spec/specs-go/v1" "golang.org/x/sys/windows" ) @@ -39,52 +39,29 @@ func DefaultSpec() specs.Platform { } } -type windowsmatcher struct { - specs.Platform +type matchComparer struct { + defaults Matcher osVersionPrefix string - defaultMatcher Matcher } // Match matches platform with the same windows major, minor // and build version. -func (m windowsmatcher) Match(p specs.Platform) bool { - match := m.defaultMatcher.Match(p) +func (m matchComparer) Match(p specs.Platform) bool { + match := m.defaults.Match(p) - if match && m.OS == "windows" { - // HPC containers do not have OS version filled - if p.OSVersion == "" { + if match && p.OS == "windows" { + if strings.HasPrefix(p.OSVersion, m.osVersionPrefix) { return true } - - hostOsVersion := GetOsVersion(m.osVersionPrefix) - ctrOsVersion := GetOsVersion(p.OSVersion) - return osversion.CheckHostAndContainerCompat(hostOsVersion, ctrOsVersion) - } - - return match -} - -func GetOsVersion(osVersionPrefix string) osversion.OSVersion { - parts := strings.Split(osVersionPrefix, ".") - if len(parts) < 3 { - return osversion.OSVersion{} - } - - majorVersion, _ := strconv.Atoi(parts[0]) - minorVersion, _ := strconv.Atoi(parts[1]) - buildNumber, _ := strconv.Atoi(parts[2]) - - return osversion.OSVersion{ - MajorVersion: uint8(majorVersion), - MinorVersion: uint8(minorVersion), - Build: uint16(buildNumber), + return p.OSVersion == "" } + return false } // Less sorts matched platforms in front of other platforms. // For matched platforms, it puts platforms with larger revision // number in front. -func (m windowsmatcher) Less(p1, p2 specs.Platform) bool { +func (m matchComparer) Less(p1, p2 imagespec.Platform) bool { m1, m2 := m.Match(p1), m.Match(p2) if m1 && m2 { r1, r2 := revision(p1.OSVersion), revision(p2.OSVersion) @@ -105,15 +82,14 @@ func revision(v string) int { return r } -func prefix(v string) string { - parts := strings.Split(v, ".") - if len(parts) < 4 { - return v - } - return strings.Join(parts[0:3], ".") -} - // Default returns the current platform's default platform specification. func Default() MatchComparer { - return Only(DefaultSpec()) + major, minor, build := windows.RtlGetNtVersionNumbers() + return matchComparer{ + defaults: Ordered(DefaultSpec(), specs.Platform{ + OS: "linux", + Architecture: runtime.GOARCH, + }), + osVersionPrefix: fmt.Sprintf("%d.%d.%d", major, minor, build), + } } diff --git a/vendor/github.com/containerd/containerd/platforms/platforms.go b/vendor/github.com/containerd/containerd/platforms/platforms.go index 56613b0765..2343099418 100644 --- a/vendor/github.com/containerd/containerd/platforms/platforms.go +++ b/vendor/github.com/containerd/containerd/platforms/platforms.go @@ -114,18 +114,14 @@ import ( "strconv" "strings" - specs "github.com/opencontainers/image-spec/specs-go/v1" - "github.com/containerd/containerd/errdefs" + specs "github.com/opencontainers/image-spec/specs-go/v1" ) var ( specifierRe = regexp.MustCompile(`^[A-Za-z0-9_-]+$`) ) -// Platform is a type alias for convenience, so there is no need to import image-spec package everywhere. -type Platform = specs.Platform - // Matcher matches platforms specifications, provided by an image or runtime. type Matcher interface { Match(platform specs.Platform) bool @@ -140,7 +136,9 @@ type Matcher interface { // // Applications should opt to use `Match` over directly parsing specifiers. func NewMatcher(platform specs.Platform) Matcher { - return newDefaultMatcher(platform) + return &matcher{ + Platform: Normalize(platform), + } } type matcher struct { @@ -196,10 +194,6 @@ func Parse(specifier string) (specs.Platform, error) { p.Variant = cpuVariant() } - if p.OS == "windows" { - p.OSVersion = GetWindowsOsVersion() - } - return p, nil } @@ -222,10 +216,6 @@ func Parse(specifier string) (specs.Platform, error) { p.Variant = "" } - if p.OS == "windows" { - p.OSVersion = GetWindowsOsVersion() - } - return p, nil case 3: // we have a fully specified variant, this is rare @@ -235,10 +225,6 @@ func Parse(specifier string) (specs.Platform, error) { p.Variant = "v8" } - if p.OS == "windows" { - p.OSVersion = GetWindowsOsVersion() - } - return p, nil } @@ -271,6 +257,5 @@ func Format(platform specs.Platform) string { func Normalize(platform specs.Platform) specs.Platform { platform.OS = normalizeOS(platform.OS) platform.Architecture, platform.Variant = normalizeArch(platform.Architecture, platform.Variant) - return platform } diff --git a/vendor/github.com/containerd/containerd/platforms/platforms_other.go b/vendor/github.com/containerd/containerd/platforms/platforms_other.go deleted file mode 100644 index 59beeb3d1d..0000000000 --- a/vendor/github.com/containerd/containerd/platforms/platforms_other.go +++ /dev/null @@ -1,34 +0,0 @@ -//go:build !windows - -/* - Copyright The containerd Authors. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -package platforms - -import ( - specs "github.com/opencontainers/image-spec/specs-go/v1" -) - -// NewMatcher returns the default Matcher for containerd -func newDefaultMatcher(platform specs.Platform) Matcher { - return &matcher{ - Platform: Normalize(platform), - } -} - -func GetWindowsOsVersion() string { - return "" -} diff --git a/vendor/github.com/containerd/containerd/platforms/platforms_windows.go b/vendor/github.com/containerd/containerd/platforms/platforms_windows.go deleted file mode 100644 index 733d18ddea..0000000000 --- a/vendor/github.com/containerd/containerd/platforms/platforms_windows.go +++ /dev/null @@ -1,42 +0,0 @@ -/* - Copyright The containerd Authors. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -package platforms - -import ( - "fmt" - - specs "github.com/opencontainers/image-spec/specs-go/v1" - "golang.org/x/sys/windows" -) - -// NewMatcher returns a Windows matcher that will match on osVersionPrefix if -// the platform is Windows otherwise use the default matcher -func newDefaultMatcher(platform specs.Platform) Matcher { - prefix := prefix(platform.OSVersion) - return windowsmatcher{ - Platform: platform, - osVersionPrefix: prefix, - defaultMatcher: &matcher{ - Platform: Normalize(platform), - }, - } -} - -func GetWindowsOsVersion() string { - major, minor, build := windows.RtlGetNtVersionNumbers() - return fmt.Sprintf("%d.%d.%d", major, minor, build) -} diff --git a/vendor/github.com/containerd/containerd/reference/docker/helpers.go b/vendor/github.com/containerd/containerd/reference/docker/helpers.go deleted file mode 100644 index 386025104a..0000000000 --- a/vendor/github.com/containerd/containerd/reference/docker/helpers.go +++ /dev/null @@ -1,58 +0,0 @@ -/* - Copyright The containerd Authors. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -package docker - -import "path" - -// IsNameOnly returns true if reference only contains a repo name. -func IsNameOnly(ref Named) bool { - if _, ok := ref.(NamedTagged); ok { - return false - } - if _, ok := ref.(Canonical); ok { - return false - } - return true -} - -// FamiliarName returns the familiar name string -// for the given named, familiarizing if needed. -func FamiliarName(ref Named) string { - if nn, ok := ref.(normalizedNamed); ok { - return nn.Familiar().Name() - } - return ref.Name() -} - -// FamiliarString returns the familiar string representation -// for the given reference, familiarizing if needed. -func FamiliarString(ref Reference) string { - if nn, ok := ref.(normalizedNamed); ok { - return nn.Familiar().String() - } - return ref.String() -} - -// FamiliarMatch reports whether ref matches the specified pattern. -// See https://godoc.org/path#Match for supported patterns. -func FamiliarMatch(pattern string, ref Reference) (bool, error) { - matched, err := path.Match(pattern, FamiliarString(ref)) - if namedRef, isNamed := ref.(Named); isNamed && !matched { - matched, _ = path.Match(pattern, FamiliarName(namedRef)) - } - return matched, err -} diff --git a/vendor/github.com/containerd/containerd/reference/docker/normalize.go b/vendor/github.com/containerd/containerd/reference/docker/normalize.go deleted file mode 100644 index b299bf6c06..0000000000 --- a/vendor/github.com/containerd/containerd/reference/docker/normalize.go +++ /dev/null @@ -1,196 +0,0 @@ -/* - Copyright The containerd Authors. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -package docker - -import ( - "fmt" - "strings" - - "github.com/opencontainers/go-digest" -) - -var ( - legacyDefaultDomain = "index.docker.io" - defaultDomain = "docker.io" - officialRepoName = "library" - defaultTag = "latest" -) - -// normalizedNamed represents a name which has been -// normalized and has a familiar form. A familiar name -// is what is used in Docker UI. An example normalized -// name is "docker.io/library/ubuntu" and corresponding -// familiar name of "ubuntu". -type normalizedNamed interface { - Named - Familiar() Named -} - -// ParseNormalizedNamed parses a string into a named reference -// transforming a familiar name from Docker UI to a fully -// qualified reference. If the value may be an identifier -// use ParseAnyReference. -func ParseNormalizedNamed(s string) (Named, error) { - if ok := anchoredIdentifierRegexp.MatchString(s); ok { - return nil, fmt.Errorf("invalid repository name (%s), cannot specify 64-byte hexadecimal strings", s) - } - domain, remainder := splitDockerDomain(s) - var remoteName string - if tagSep := strings.IndexRune(remainder, ':'); tagSep > -1 { - remoteName = remainder[:tagSep] - } else { - remoteName = remainder - } - if strings.ToLower(remoteName) != remoteName { - return nil, fmt.Errorf("invalid reference format: repository name (%s) must be lowercase", remoteName) - } - - ref, err := Parse(domain + "/" + remainder) - if err != nil { - return nil, err - } - named, isNamed := ref.(Named) - if !isNamed { - return nil, fmt.Errorf("reference %s has no name", ref.String()) - } - return named, nil -} - -// ParseDockerRef normalizes the image reference following the docker convention. This is added -// mainly for backward compatibility. -// The reference returned can only be either tagged or digested. For reference contains both tag -// and digest, the function returns digested reference, e.g. docker.io/library/busybox:latest@ -// sha256:7cc4b5aefd1d0cadf8d97d4350462ba51c694ebca145b08d7d41b41acc8db5aa will be returned as -// docker.io/library/busybox@sha256:7cc4b5aefd1d0cadf8d97d4350462ba51c694ebca145b08d7d41b41acc8db5aa. -func ParseDockerRef(ref string) (Named, error) { - named, err := ParseNormalizedNamed(ref) - if err != nil { - return nil, err - } - if _, ok := named.(NamedTagged); ok { - if canonical, ok := named.(Canonical); ok { - // The reference is both tagged and digested, only - // return digested. - newNamed, err := WithName(canonical.Name()) - if err != nil { - return nil, err - } - newCanonical, err := WithDigest(newNamed, canonical.Digest()) - if err != nil { - return nil, err - } - return newCanonical, nil - } - } - return TagNameOnly(named), nil -} - -// splitDockerDomain splits a repository name to domain and remotename string. -// If no valid domain is found, the default domain is used. Repository name -// needs to be already validated before. -func splitDockerDomain(name string) (domain, remainder string) { - i := strings.IndexRune(name, '/') - if i == -1 || (!strings.ContainsAny(name[:i], ".:") && name[:i] != "localhost" && strings.ToLower(name[:i]) == name[:i]) { - domain, remainder = defaultDomain, name - } else { - domain, remainder = name[:i], name[i+1:] - } - if domain == legacyDefaultDomain { - domain = defaultDomain - } - if domain == defaultDomain && !strings.ContainsRune(remainder, '/') { - remainder = officialRepoName + "/" + remainder - } - return -} - -// familiarizeName returns a shortened version of the name familiar -// to the Docker UI. Familiar names have the default domain -// "docker.io" and "library/" repository prefix removed. -// For example, "docker.io/library/redis" will have the familiar -// name "redis" and "docker.io/dmcgowan/myapp" will be "dmcgowan/myapp". -// Returns a familiarized named only reference. -func familiarizeName(named namedRepository) repository { - repo := repository{ - domain: named.Domain(), - path: named.Path(), - } - - if repo.domain == defaultDomain { - repo.domain = "" - // Handle official repositories which have the pattern "library/" - if split := strings.Split(repo.path, "/"); len(split) == 2 && split[0] == officialRepoName { - repo.path = split[1] - } - } - return repo -} - -func (r reference) Familiar() Named { - return reference{ - namedRepository: familiarizeName(r.namedRepository), - tag: r.tag, - digest: r.digest, - } -} - -func (r repository) Familiar() Named { - return familiarizeName(r) -} - -func (t taggedReference) Familiar() Named { - return taggedReference{ - namedRepository: familiarizeName(t.namedRepository), - tag: t.tag, - } -} - -func (c canonicalReference) Familiar() Named { - return canonicalReference{ - namedRepository: familiarizeName(c.namedRepository), - digest: c.digest, - } -} - -// TagNameOnly adds the default tag "latest" to a reference if it only has -// a repo name. -func TagNameOnly(ref Named) Named { - if IsNameOnly(ref) { - namedTagged, err := WithTag(ref, defaultTag) - if err != nil { - // Default tag must be valid, to create a NamedTagged - // type with non-validated input the WithTag function - // should be used instead - panic(err) - } - return namedTagged - } - return ref -} - -// ParseAnyReference parses a reference string as a possible identifier, -// full digest, or familiar name. -func ParseAnyReference(ref string) (Reference, error) { - if ok := anchoredIdentifierRegexp.MatchString(ref); ok { - return digestReference("sha256:" + ref), nil - } - if dgst, err := digest.Parse(ref); err == nil { - return digestReference(dgst), nil - } - - return ParseNormalizedNamed(ref) -} diff --git a/vendor/github.com/containerd/containerd/reference/docker/reference.go b/vendor/github.com/containerd/containerd/reference/docker/reference.go deleted file mode 100644 index 4dc00474ee..0000000000 --- a/vendor/github.com/containerd/containerd/reference/docker/reference.go +++ /dev/null @@ -1,453 +0,0 @@ -/* - Copyright The containerd Authors. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -// Package docker provides a general type to represent any way of referencing images within the registry. -// Its main purpose is to abstract tags and digests (content-addressable hash). -// -// Grammar -// -// reference := name [ ":" tag ] [ "@" digest ] -// name := [domain '/'] path-component ['/' path-component]* -// domain := host [':' port-number] -// host := domain-name | IPv4address | \[ IPv6address \] ; rfc3986 appendix-A -// domain-name := domain-component ['.' domain-component]* -// domain-component := /([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])/ -// port-number := /[0-9]+/ -// path-component := alpha-numeric [separator alpha-numeric]* -// alpha-numeric := /[a-z0-9]+/ -// separator := /[_.]|__|[-]*/ -// -// tag := /[\w][\w.-]{0,127}/ -// -// digest := digest-algorithm ":" digest-hex -// digest-algorithm := digest-algorithm-component [ digest-algorithm-separator digest-algorithm-component ]* -// digest-algorithm-separator := /[+.-_]/ -// digest-algorithm-component := /[A-Za-z][A-Za-z0-9]*/ -// digest-hex := /[0-9a-fA-F]{32,}/ ; At least 128 bit digest value -// -// identifier := /[a-f0-9]{64}/ -// short-identifier := /[a-f0-9]{6,64}/ -package docker - -import ( - "errors" - "fmt" - "strings" - - "github.com/opencontainers/go-digest" -) - -const ( - // NameTotalLengthMax is the maximum total number of characters in a repository name. - NameTotalLengthMax = 255 -) - -var ( - // ErrReferenceInvalidFormat represents an error while trying to parse a string as a reference. - ErrReferenceInvalidFormat = errors.New("invalid reference format") - - // ErrTagInvalidFormat represents an error while trying to parse a string as a tag. - ErrTagInvalidFormat = errors.New("invalid tag format") - - // ErrDigestInvalidFormat represents an error while trying to parse a string as a tag. - ErrDigestInvalidFormat = errors.New("invalid digest format") - - // ErrNameContainsUppercase is returned for invalid repository names that contain uppercase characters. - ErrNameContainsUppercase = errors.New("repository name must be lowercase") - - // ErrNameEmpty is returned for empty, invalid repository names. - ErrNameEmpty = errors.New("repository name must have at least one component") - - // ErrNameTooLong is returned when a repository name is longer than NameTotalLengthMax. - ErrNameTooLong = fmt.Errorf("repository name must not be more than %v characters", NameTotalLengthMax) - - // ErrNameNotCanonical is returned when a name is not canonical. - ErrNameNotCanonical = errors.New("repository name must be canonical") -) - -// Reference is an opaque object reference identifier that may include -// modifiers such as a hostname, name, tag, and digest. -type Reference interface { - // String returns the full reference - String() string -} - -// Field provides a wrapper type for resolving correct reference types when -// working with encoding. -type Field struct { - reference Reference -} - -// AsField wraps a reference in a Field for encoding. -func AsField(reference Reference) Field { - return Field{reference} -} - -// Reference unwraps the reference type from the field to -// return the Reference object. This object should be -// of the appropriate type to further check for different -// reference types. -func (f Field) Reference() Reference { - return f.reference -} - -// MarshalText serializes the field to byte text which -// is the string of the reference. -func (f Field) MarshalText() (p []byte, err error) { - return []byte(f.reference.String()), nil -} - -// UnmarshalText parses text bytes by invoking the -// reference parser to ensure the appropriately -// typed reference object is wrapped by field. -func (f *Field) UnmarshalText(p []byte) error { - r, err := Parse(string(p)) - if err != nil { - return err - } - - f.reference = r - return nil -} - -// Named is an object with a full name -type Named interface { - Reference - Name() string -} - -// Tagged is an object which has a tag -type Tagged interface { - Reference - Tag() string -} - -// NamedTagged is an object including a name and tag. -type NamedTagged interface { - Named - Tag() string -} - -// Digested is an object which has a digest -// in which it can be referenced by -type Digested interface { - Reference - Digest() digest.Digest -} - -// Canonical reference is an object with a fully unique -// name including a name with domain and digest -type Canonical interface { - Named - Digest() digest.Digest -} - -// namedRepository is a reference to a repository with a name. -// A namedRepository has both domain and path components. -type namedRepository interface { - Named - Domain() string - Path() string -} - -// Domain returns the domain part of the Named reference -func Domain(named Named) string { - if r, ok := named.(namedRepository); ok { - return r.Domain() - } - domain, _ := splitDomain(named.Name()) - return domain -} - -// Path returns the name without the domain part of the Named reference -func Path(named Named) (name string) { - if r, ok := named.(namedRepository); ok { - return r.Path() - } - _, path := splitDomain(named.Name()) - return path -} - -func splitDomain(name string) (string, string) { - match := anchoredNameRegexp.FindStringSubmatch(name) - if len(match) != 3 { - return "", name - } - return match[1], match[2] -} - -// SplitHostname splits a named reference into a -// hostname and name string. If no valid hostname is -// found, the hostname is empty and the full value -// is returned as name -// DEPRECATED: Use Domain or Path -func SplitHostname(named Named) (string, string) { - if r, ok := named.(namedRepository); ok { - return r.Domain(), r.Path() - } - return splitDomain(named.Name()) -} - -// Parse parses s and returns a syntactically valid Reference. -// If an error was encountered it is returned, along with a nil Reference. -// NOTE: Parse will not handle short digests. -func Parse(s string) (Reference, error) { - matches := ReferenceRegexp.FindStringSubmatch(s) - if matches == nil { - if s == "" { - return nil, ErrNameEmpty - } - if ReferenceRegexp.FindStringSubmatch(strings.ToLower(s)) != nil { - return nil, ErrNameContainsUppercase - } - return nil, ErrReferenceInvalidFormat - } - - if len(matches[1]) > NameTotalLengthMax { - return nil, ErrNameTooLong - } - - var repo repository - - nameMatch := anchoredNameRegexp.FindStringSubmatch(matches[1]) - if len(nameMatch) == 3 { - repo.domain = nameMatch[1] - repo.path = nameMatch[2] - } else { - repo.domain = "" - repo.path = matches[1] - } - - ref := reference{ - namedRepository: repo, - tag: matches[2], - } - if matches[3] != "" { - var err error - ref.digest, err = digest.Parse(matches[3]) - if err != nil { - return nil, err - } - } - - r := getBestReferenceType(ref) - if r == nil { - return nil, ErrNameEmpty - } - - return r, nil -} - -// ParseNamed parses s and returns a syntactically valid reference implementing -// the Named interface. The reference must have a name and be in the canonical -// form, otherwise an error is returned. -// If an error was encountered it is returned, along with a nil Reference. -// NOTE: ParseNamed will not handle short digests. -func ParseNamed(s string) (Named, error) { - named, err := ParseNormalizedNamed(s) - if err != nil { - return nil, err - } - if named.String() != s { - return nil, ErrNameNotCanonical - } - return named, nil -} - -// WithName returns a named object representing the given string. If the input -// is invalid ErrReferenceInvalidFormat will be returned. -func WithName(name string) (Named, error) { - if len(name) > NameTotalLengthMax { - return nil, ErrNameTooLong - } - - match := anchoredNameRegexp.FindStringSubmatch(name) - if match == nil || len(match) != 3 { - return nil, ErrReferenceInvalidFormat - } - return repository{ - domain: match[1], - path: match[2], - }, nil -} - -// WithTag combines the name from "name" and the tag from "tag" to form a -// reference incorporating both the name and the tag. -func WithTag(name Named, tag string) (NamedTagged, error) { - if !anchoredTagRegexp.MatchString(tag) { - return nil, ErrTagInvalidFormat - } - var repo repository - if r, ok := name.(namedRepository); ok { - repo.domain = r.Domain() - repo.path = r.Path() - } else { - repo.path = name.Name() - } - if canonical, ok := name.(Canonical); ok { - return reference{ - namedRepository: repo, - tag: tag, - digest: canonical.Digest(), - }, nil - } - return taggedReference{ - namedRepository: repo, - tag: tag, - }, nil -} - -// WithDigest combines the name from "name" and the digest from "digest" to form -// a reference incorporating both the name and the digest. -func WithDigest(name Named, digest digest.Digest) (Canonical, error) { - if !anchoredDigestRegexp.MatchString(digest.String()) { - return nil, ErrDigestInvalidFormat - } - var repo repository - if r, ok := name.(namedRepository); ok { - repo.domain = r.Domain() - repo.path = r.Path() - } else { - repo.path = name.Name() - } - if tagged, ok := name.(Tagged); ok { - return reference{ - namedRepository: repo, - tag: tagged.Tag(), - digest: digest, - }, nil - } - return canonicalReference{ - namedRepository: repo, - digest: digest, - }, nil -} - -// TrimNamed removes any tag or digest from the named reference. -func TrimNamed(ref Named) Named { - repo := repository{} - if r, ok := ref.(namedRepository); ok { - repo.domain, repo.path = r.Domain(), r.Path() - } else { - repo.domain, repo.path = splitDomain(ref.Name()) - } - return repo -} - -func getBestReferenceType(ref reference) Reference { - if ref.Name() == "" { - // Allow digest only references - if ref.digest != "" { - return digestReference(ref.digest) - } - return nil - } - if ref.tag == "" { - if ref.digest != "" { - return canonicalReference{ - namedRepository: ref.namedRepository, - digest: ref.digest, - } - } - return ref.namedRepository - } - if ref.digest == "" { - return taggedReference{ - namedRepository: ref.namedRepository, - tag: ref.tag, - } - } - - return ref -} - -type reference struct { - namedRepository - tag string - digest digest.Digest -} - -func (r reference) String() string { - return r.Name() + ":" + r.tag + "@" + r.digest.String() -} - -func (r reference) Tag() string { - return r.tag -} - -func (r reference) Digest() digest.Digest { - return r.digest -} - -type repository struct { - domain string - path string -} - -func (r repository) String() string { - return r.Name() -} - -func (r repository) Name() string { - if r.domain == "" { - return r.path - } - return r.domain + "/" + r.path -} - -func (r repository) Domain() string { - return r.domain -} - -func (r repository) Path() string { - return r.path -} - -type digestReference digest.Digest - -func (d digestReference) String() string { - return digest.Digest(d).String() -} - -func (d digestReference) Digest() digest.Digest { - return digest.Digest(d) -} - -type taggedReference struct { - namedRepository - tag string -} - -func (t taggedReference) String() string { - return t.Name() + ":" + t.tag -} - -func (t taggedReference) Tag() string { - return t.tag -} - -type canonicalReference struct { - namedRepository - digest digest.Digest -} - -func (c canonicalReference) String() string { - return c.Name() + "@" + c.digest.String() -} - -func (c canonicalReference) Digest() digest.Digest { - return c.digest -} diff --git a/vendor/github.com/containerd/containerd/reference/docker/regexp.go b/vendor/github.com/containerd/containerd/reference/docker/regexp.go deleted file mode 100644 index 4be3c575e0..0000000000 --- a/vendor/github.com/containerd/containerd/reference/docker/regexp.go +++ /dev/null @@ -1,191 +0,0 @@ -/* - Copyright The containerd Authors. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -package docker - -import "regexp" - -var ( - // alphaNumeric defines the alpha numeric atom, typically a - // component of names. This only allows lower case characters and digits. - alphaNumeric = `[a-z0-9]+` - - // separator defines the separators allowed to be embedded in name - // components. This allow one period, one or two underscore and multiple - // dashes. Repeated dashes and underscores are intentionally treated - // differently. In order to support valid hostnames as name components, - // supporting repeated dash was added. Additionally double underscore is - // now allowed as a separator to loosen the restriction for previously - // supported names. - separator = `(?:[._]|__|[-]*)` - - // nameComponent restricts registry path component names to start - // with at least one letter or number, with following parts able to be - // separated by one period, one or two underscore and multiple dashes. - nameComponent = expression( - alphaNumeric, - optional(repeated(separator, alphaNumeric))) - - // domainNameComponent restricts the registry domain component of a - // repository name to start with a component as defined by DomainRegexp. - domainNameComponent = `(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])` - - // ipv6address are enclosed between square brackets and may be represented - // in many ways, see rfc5952. Only IPv6 in compressed or uncompressed format - // are allowed, IPv6 zone identifiers (rfc6874) or Special addresses such as - // IPv4-Mapped are deliberately excluded. - ipv6address = expression( - literal(`[`), `(?:[a-fA-F0-9:]+)`, literal(`]`), - ) - - // domainName defines the structure of potential domain components - // that may be part of image names. This is purposely a subset of what is - // allowed by DNS to ensure backwards compatibility with Docker image - // names. This includes IPv4 addresses on decimal format. - domainName = expression( - domainNameComponent, - optional(repeated(literal(`.`), domainNameComponent)), - ) - - // host defines the structure of potential domains based on the URI - // Host subcomponent on rfc3986. It may be a subset of DNS domain name, - // or an IPv4 address in decimal format, or an IPv6 address between square - // brackets (excluding zone identifiers as defined by rfc6874 or special - // addresses such as IPv4-Mapped). - host = `(?:` + domainName + `|` + ipv6address + `)` - - // allowed by the URI Host subcomponent on rfc3986 to ensure backwards - // compatibility with Docker image names. - domain = expression( - host, - optional(literal(`:`), `[0-9]+`)) - - // DomainRegexp defines the structure of potential domain components - // that may be part of image names. This is purposely a subset of what is - // allowed by DNS to ensure backwards compatibility with Docker image - // names. - DomainRegexp = regexp.MustCompile(domain) - - tag = `[\w][\w.-]{0,127}` - // TagRegexp matches valid tag names. From docker/docker:graph/tags.go. - TagRegexp = regexp.MustCompile(tag) - - anchoredTag = anchored(tag) - // anchoredTagRegexp matches valid tag names, anchored at the start and - // end of the matched string. - anchoredTagRegexp = regexp.MustCompile(anchoredTag) - - digestPat = `[A-Za-z][A-Za-z0-9]*(?:[-_+.][A-Za-z][A-Za-z0-9]*)*[:][[:xdigit:]]{32,}` - // DigestRegexp matches valid digests. - DigestRegexp = regexp.MustCompile(digestPat) - - anchoredDigest = anchored(digestPat) - // anchoredDigestRegexp matches valid digests, anchored at the start and - // end of the matched string. - anchoredDigestRegexp = regexp.MustCompile(anchoredDigest) - - namePat = expression( - optional(domain, literal(`/`)), - nameComponent, - optional(repeated(literal(`/`), nameComponent))) - // NameRegexp is the format for the name component of references. The - // regexp has capturing groups for the domain and name part omitting - // the separating forward slash from either. - NameRegexp = regexp.MustCompile(namePat) - - anchoredName = anchored( - optional(capture(domain), literal(`/`)), - capture(nameComponent, - optional(repeated(literal(`/`), nameComponent)))) - // anchoredNameRegexp is used to parse a name value, capturing the - // domain and trailing components. - anchoredNameRegexp = regexp.MustCompile(anchoredName) - - referencePat = anchored(capture(namePat), - optional(literal(":"), capture(tag)), - optional(literal("@"), capture(digestPat))) - // ReferenceRegexp is the full supported format of a reference. The regexp - // is anchored and has capturing groups for name, tag, and digest - // components. - ReferenceRegexp = regexp.MustCompile(referencePat) - - identifier = `([a-f0-9]{64})` - // IdentifierRegexp is the format for string identifier used as a - // content addressable identifier using sha256. These identifiers - // are like digests without the algorithm, since sha256 is used. - IdentifierRegexp = regexp.MustCompile(identifier) - - shortIdentifier = `([a-f0-9]{6,64})` - // ShortIdentifierRegexp is the format used to represent a prefix - // of an identifier. A prefix may be used to match a sha256 identifier - // within a list of trusted identifiers. - ShortIdentifierRegexp = regexp.MustCompile(shortIdentifier) - - anchoredIdentifier = anchored(identifier) - // anchoredIdentifierRegexp is used to check or match an - // identifier value, anchored at start and end of string. - anchoredIdentifierRegexp = regexp.MustCompile(anchoredIdentifier) -) - -// literal compiles s into a literal regular expression, escaping any regexp -// reserved characters. -func literal(s string) string { - re := regexp.MustCompile(regexp.QuoteMeta(s)) - - if _, complete := re.LiteralPrefix(); !complete { - panic("must be a literal") - } - - return re.String() -} - -// expression defines a full expression, where each regular expression must -// follow the previous. -func expression(res ...string) string { - var s string - for _, re := range res { - s += re - } - - return s -} - -// optional wraps the expression in a non-capturing group and makes the -// production optional. -func optional(res ...string) string { - return group(expression(res...)) + `?` -} - -// repeated wraps the regexp in a non-capturing group to get one or more -// matches. -func repeated(res ...string) string { - return group(expression(res...)) + `+` -} - -// group wraps the regexp in a non-capturing group. -func group(res ...string) string { - return `(?:` + expression(res...) + `)` -} - -// capture wraps the expression in a capturing group. -func capture(res ...string) string { - return `(` + expression(res...) + `)` -} - -// anchored anchors the regular expression by adding start and end delimiters. -func anchored(res ...string) string { - return `^` + expression(res...) + `$` -} diff --git a/vendor/github.com/containerd/containerd/reference/docker/sort.go b/vendor/github.com/containerd/containerd/reference/docker/sort.go deleted file mode 100644 index 984e37528d..0000000000 --- a/vendor/github.com/containerd/containerd/reference/docker/sort.go +++ /dev/null @@ -1,73 +0,0 @@ -/* - Copyright The containerd Authors. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -package docker - -import ( - "sort" -) - -// Sort sorts string references preferring higher information references -// The precedence is as follows: -// 1. Name + Tag + Digest -// 2. Name + Tag -// 3. Name + Digest -// 4. Name -// 5. Digest -// 6. Parse error -func Sort(references []string) []string { - var prefs []Reference - var bad []string - - for _, ref := range references { - pref, err := ParseAnyReference(ref) - if err != nil { - bad = append(bad, ref) - } else { - prefs = append(prefs, pref) - } - } - sort.Slice(prefs, func(a, b int) bool { - ar := refRank(prefs[a]) - br := refRank(prefs[b]) - if ar == br { - return prefs[a].String() < prefs[b].String() - } - return ar < br - }) - sort.Strings(bad) - var refs []string - for _, pref := range prefs { - refs = append(refs, pref.String()) - } - return append(refs, bad...) -} - -func refRank(ref Reference) uint8 { - if _, ok := ref.(Named); ok { - if _, ok = ref.(Tagged); ok { - if _, ok = ref.(Digested); ok { - return 1 - } - return 2 - } - if _, ok = ref.(Digested); ok { - return 3 - } - return 4 - } - return 5 -} diff --git a/vendor/github.com/containerd/containerd/remotes/docker/auth/fetch.go b/vendor/github.com/containerd/containerd/remotes/docker/auth/fetch.go index 64c6a38f91..c259873d2a 100644 --- a/vendor/github.com/containerd/containerd/remotes/docker/auth/fetch.go +++ b/vendor/github.com/containerd/containerd/remotes/docker/auth/fetch.go @@ -29,6 +29,7 @@ import ( "github.com/containerd/containerd/log" remoteserrors "github.com/containerd/containerd/remotes/errors" "github.com/containerd/containerd/version" + "golang.org/x/net/context/ctxhttp" ) var ( @@ -114,7 +115,7 @@ func FetchTokenWithOAuth(ctx context.Context, client *http.Client, headers http. form.Set("access_type", "offline") } - req, err := http.NewRequestWithContext(ctx, http.MethodPost, to.Realm, strings.NewReader(form.Encode())) + req, err := http.NewRequest("POST", to.Realm, strings.NewReader(form.Encode())) if err != nil { return nil, err } @@ -126,7 +127,7 @@ func FetchTokenWithOAuth(ctx context.Context, client *http.Client, headers http. req.Header.Set("User-Agent", "containerd/"+version.Version) } - resp, err := client.Do(req) + resp, err := ctxhttp.Do(ctx, client, req) if err != nil { return nil, err } @@ -161,7 +162,7 @@ type FetchTokenResponse struct { // FetchToken fetches a token using a GET request func FetchToken(ctx context.Context, client *http.Client, headers http.Header, to TokenOptions) (*FetchTokenResponse, error) { - req, err := http.NewRequestWithContext(ctx, http.MethodGet, to.Realm, nil) + req, err := http.NewRequest("GET", to.Realm, nil) if err != nil { return nil, err } @@ -193,7 +194,7 @@ func FetchToken(ctx context.Context, client *http.Client, headers http.Header, t req.URL.RawQuery = reqParams.Encode() - resp, err := client.Do(req) + resp, err := ctxhttp.Do(ctx, client, req) if err != nil { return nil, err } diff --git a/vendor/github.com/containerd/containerd/remotes/docker/authorizer.go b/vendor/github.com/containerd/containerd/remotes/docker/authorizer.go index 9b3663cd14..eaa0e5dbdb 100644 --- a/vendor/github.com/containerd/containerd/remotes/docker/authorizer.go +++ b/vendor/github.com/containerd/containerd/remotes/docker/authorizer.go @@ -29,6 +29,7 @@ import ( "github.com/containerd/containerd/log" "github.com/containerd/containerd/remotes/docker/auth" remoteerrors "github.com/containerd/containerd/remotes/errors" + "github.com/sirupsen/logrus" ) type dockerAuthorizer struct { @@ -44,6 +45,13 @@ type dockerAuthorizer struct { onFetchRefreshToken OnFetchRefreshToken } +// NewAuthorizer creates a Docker authorizer using the provided function to +// get credentials for the token server or basic auth. +// Deprecated: Use NewDockerAuthorizer +func NewAuthorizer(client *http.Client, f func(string) (string, string, error)) Authorizer { + return NewDockerAuthorizer(WithAuthClient(client), WithAuthCreds(f)) +} + type authorizerConfig struct { credentials func(string) (string, string, error) client *http.Client @@ -186,15 +194,15 @@ func (a *dockerAuthorizer) AddResponses(ctx context.Context, responses []*http.R return err } - if username == "" || secret == "" { - return fmt.Errorf("%w: no basic auth credentials", ErrInvalidAuthorization) - } + if username != "" && secret != "" { + common := auth.TokenOptions{ + Username: username, + Secret: secret, + } - a.handlers[host] = newAuthHandler(a.client, a.header, c.Scheme, auth.TokenOptions{ - Username: username, - Secret: secret, - }) - return nil + a.handlers[host] = newAuthHandler(a.client, a.header, c.Scheme, common) + return nil + } } } return fmt.Errorf("failed to find supported auth scheme: %w", errdefs.ErrNotImplemented) @@ -311,7 +319,7 @@ func (ah *authHandler) doBearerAuth(ctx context.Context) (token, refreshToken st } return resp.Token, resp.RefreshToken, nil } - log.G(ctx).WithFields(log.Fields{ + log.G(ctx).WithFields(logrus.Fields{ "status": errStatus.Status, "body": string(errStatus.Body), }).Debugf("token request failed") diff --git a/vendor/github.com/containerd/containerd/remotes/docker/converter_fuzz.go b/vendor/github.com/containerd/containerd/remotes/docker/converter_fuzz.go deleted file mode 100644 index 9082053924..0000000000 --- a/vendor/github.com/containerd/containerd/remotes/docker/converter_fuzz.go +++ /dev/null @@ -1,55 +0,0 @@ -//go:build gofuzz - -/* - Copyright The containerd Authors. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -package docker - -import ( - "context" - "os" - - fuzz "github.com/AdaLogics/go-fuzz-headers" - "github.com/containerd/containerd/content/local" - "github.com/containerd/containerd/log" - ocispec "github.com/opencontainers/image-spec/specs-go/v1" - "github.com/sirupsen/logrus" -) - -func FuzzConvertManifest(data []byte) int { - ctx := context.Background() - - // Do not log the message below - // level=warning msg="do nothing for media type: ..." - log.G(ctx).Logger.SetLevel(logrus.PanicLevel) - - f := fuzz.NewConsumer(data) - desc := ocispec.Descriptor{} - err := f.GenerateStruct(&desc) - if err != nil { - return 0 - } - tmpdir, err := os.MkdirTemp("", "fuzzing-") - if err != nil { - return 0 - } - cs, err := local.NewStore(tmpdir) - if err != nil { - return 0 - } - _, _ = ConvertManifest(ctx, cs, desc) - return 1 -} diff --git a/vendor/github.com/containerd/containerd/remotes/docker/fetcher.go b/vendor/github.com/containerd/containerd/remotes/docker/fetcher.go index ecf245933f..11a75356e8 100644 --- a/vendor/github.com/containerd/containerd/remotes/docker/fetcher.go +++ b/vendor/github.com/containerd/containerd/remotes/docker/fetcher.go @@ -29,7 +29,6 @@ import ( "github.com/containerd/containerd/errdefs" "github.com/containerd/containerd/images" "github.com/containerd/containerd/log" - digest "github.com/opencontainers/go-digest" ocispec "github.com/opencontainers/image-spec/specs-go/v1" ) @@ -53,17 +52,18 @@ func (r dockerFetcher) Fetch(ctx context.Context, desc ocispec.Descriptor) (io.R return newHTTPReadSeeker(desc.Size, func(offset int64) (io.ReadCloser, error) { // firstly try fetch via external urls for _, us := range desc.URLs { + ctx = log.WithLogger(ctx, log.G(ctx).WithField("url", us)) + u, err := url.Parse(us) if err != nil { - log.G(ctx).WithError(err).Debugf("failed to parse %q", us) + log.G(ctx).WithError(err).Debug("failed to parse") continue } if u.Scheme != "http" && u.Scheme != "https" { log.G(ctx).Debug("non-http(s) alternative url is unsupported") continue } - ctx = log.WithLogger(ctx, log.G(ctx).WithField("url", u)) - log.G(ctx).Info("request") + log.G(ctx).Debug("trying alternative url") // Try this first, parse it host := RegistryHost{ @@ -151,106 +151,8 @@ func (r dockerFetcher) Fetch(ctx context.Context, desc ocispec.Descriptor) (io.R }) } -func (r dockerFetcher) createGetReq(ctx context.Context, host RegistryHost, ps ...string) (*request, int64, error) { - headReq := r.request(host, http.MethodHead, ps...) - if err := headReq.addNamespace(r.refspec.Hostname()); err != nil { - return nil, 0, err - } - - headResp, err := headReq.doWithRetries(ctx, nil) - if err != nil { - return nil, 0, err - } - if headResp.Body != nil { - headResp.Body.Close() - } - if headResp.StatusCode > 299 { - return nil, 0, fmt.Errorf("unexpected HEAD status code %v: %s", headReq.String(), headResp.Status) - } - - getReq := r.request(host, http.MethodGet, ps...) - if err := getReq.addNamespace(r.refspec.Hostname()); err != nil { - return nil, 0, err - } - return getReq, headResp.ContentLength, nil -} - -func (r dockerFetcher) FetchByDigest(ctx context.Context, dgst digest.Digest) (io.ReadCloser, ocispec.Descriptor, error) { - var desc ocispec.Descriptor - ctx = log.WithLogger(ctx, log.G(ctx).WithField("digest", dgst)) - - hosts := r.filterHosts(HostCapabilityPull) - if len(hosts) == 0 { - return nil, desc, fmt.Errorf("no pull hosts: %w", errdefs.ErrNotFound) - } - - ctx, err := ContextWithRepositoryScope(ctx, r.refspec, false) - if err != nil { - return nil, desc, err - } - - var ( - getReq *request - sz int64 - firstErr error - ) - - for _, host := range r.hosts { - getReq, sz, err = r.createGetReq(ctx, host, "blobs", dgst.String()) - if err == nil { - break - } - // Store the error for referencing later - if firstErr == nil { - firstErr = err - } - } - - if getReq == nil { - // Fall back to the "manifests" endpoint - for _, host := range r.hosts { - getReq, sz, err = r.createGetReq(ctx, host, "manifests", dgst.String()) - if err == nil { - break - } - // Store the error for referencing later - if firstErr == nil { - firstErr = err - } - } - } - - if getReq == nil { - if errdefs.IsNotFound(firstErr) { - firstErr = fmt.Errorf("could not fetch content %v from remote: %w", dgst, errdefs.ErrNotFound) - } - if firstErr == nil { - firstErr = fmt.Errorf("could not fetch content %v from remote: (unknown)", dgst) - } - return nil, desc, firstErr - } - - seeker, err := newHTTPReadSeeker(sz, func(offset int64) (io.ReadCloser, error) { - return r.open(ctx, getReq, "", offset) - }) - if err != nil { - return nil, desc, err - } - - desc = ocispec.Descriptor{ - MediaType: "application/octet-stream", - Digest: dgst, - Size: sz, - } - return seeker, desc, nil -} - func (r dockerFetcher) open(ctx context.Context, req *request, mediatype string, offset int64) (_ io.ReadCloser, retErr error) { - if mediatype == "" { - req.header.Set("Accept", "*/*") - } else { - req.header.Set("Accept", strings.Join([]string{mediatype, `*/*`}, ", ")) - } + req.header.Set("Accept", strings.Join([]string{mediatype, `*/*`}, ", ")) if offset > 0 { // Note: "Accept-Ranges: bytes" cannot be trusted as some endpoints diff --git a/vendor/github.com/containerd/containerd/remotes/docker/fetcher_fuzz.go b/vendor/github.com/containerd/containerd/remotes/docker/fetcher_fuzz.go deleted file mode 100644 index b98886c595..0000000000 --- a/vendor/github.com/containerd/containerd/remotes/docker/fetcher_fuzz.go +++ /dev/null @@ -1,81 +0,0 @@ -//go:build gofuzz - -/* - Copyright The containerd Authors. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -package docker - -import ( - "context" - "fmt" - "io" - "net/http" - "net/http/httptest" - "net/url" - - refDocker "github.com/containerd/containerd/reference/docker" -) - -func FuzzFetcher(data []byte) int { - dataLen := len(data) - if dataLen == 0 { - return -1 - } - - s := httptest.NewServer(http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) { - rw.Header().Set("content-range", fmt.Sprintf("bytes %d-%d/%d", 0, dataLen-1, dataLen)) - rw.Header().Set("content-length", fmt.Sprintf("%d", dataLen)) - rw.Write(data) - })) - defer s.Close() - - u, err := url.Parse(s.URL) - if err != nil { - return 0 - } - - f := dockerFetcher{&dockerBase{ - repository: "nonempty", - }} - host := RegistryHost{ - Client: s.Client(), - Host: u.Host, - Scheme: u.Scheme, - Path: u.Path, - } - - ctx := context.Background() - req := f.request(host, http.MethodGet) - rc, err := f.open(ctx, req, "", 0) - if err != nil { - return 0 - } - b, err := io.ReadAll(rc) - if err != nil { - return 0 - } - - expected := data - if len(b) != len(expected) { - panic("len of request is not equal to len of expected but should be") - } - return 1 -} - -func FuzzParseDockerRef(data []byte) int { - _, _ = refDocker.ParseDockerRef(string(data)) - return 1 -} diff --git a/vendor/github.com/containerd/containerd/remotes/docker/handler.go b/vendor/github.com/containerd/containerd/remotes/docker/handler.go index 27638ccc02..529cfbc274 100644 --- a/vendor/github.com/containerd/containerd/remotes/docker/handler.go +++ b/vendor/github.com/containerd/containerd/remotes/docker/handler.go @@ -30,6 +30,11 @@ import ( ocispec "github.com/opencontainers/image-spec/specs-go/v1" ) +var ( + // labelDistributionSource describes the source blob comes from. + labelDistributionSource = "containerd.io/distribution.source" +) + // AppendDistributionSourceLabel updates the label of blob with distribution source. func AppendDistributionSourceLabel(manager content.Manager, ref string) (images.HandlerFunc, error) { refspec, err := reference.Parse(ref) @@ -103,7 +108,7 @@ func appendDistributionSourceLabel(originLabel, repo string) string { } func distributionSourceLabelKey(source string) string { - return fmt.Sprintf("%s.%s", labels.LabelDistributionSource, source) + return fmt.Sprintf("%s.%s", labelDistributionSource, source) } // selectRepositoryMountCandidate will select the repo which has longest diff --git a/vendor/github.com/containerd/containerd/remotes/docker/httpreadseeker.go b/vendor/github.com/containerd/containerd/remotes/docker/httpreadseeker.go index 8243593390..9a827ef04c 100644 --- a/vendor/github.com/containerd/containerd/remotes/docker/httpreadseeker.go +++ b/vendor/github.com/containerd/containerd/remotes/docker/httpreadseeker.go @@ -76,16 +76,6 @@ func (hrs *httpReadSeeker) Read(p []byte) (n int, err error) { if _, err2 := hrs.reader(); err2 == nil { return n, nil } - } else if err == io.EOF { - // The CRI's imagePullProgressTimeout relies on responseBody.Close to - // update the process monitor's status. If the err is io.EOF, close - // the connection since there is no more available data. - if hrs.rc != nil { - if clsErr := hrs.rc.Close(); clsErr != nil { - log.L.WithError(clsErr).Error("httpReadSeeker: failed to close ReadCloser after io.EOF") - } - hrs.rc = nil - } } return } diff --git a/vendor/github.com/containerd/containerd/remotes/docker/pusher.go b/vendor/github.com/containerd/containerd/remotes/docker/pusher.go index 678e17e123..bef77fa61d 100644 --- a/vendor/github.com/containerd/containerd/remotes/docker/pusher.go +++ b/vendor/github.com/containerd/containerd/remotes/docker/pusher.go @@ -23,7 +23,6 @@ import ( "io" "net/http" "net/url" - "path" "strings" "sync" "time" @@ -138,9 +137,6 @@ func (p dockerPusher) push(ctx context.Context, desc ocispec.Descriptor, ref str if exists { p.tracker.SetStatus(ref, Status{ Committed: true, - PushStatus: PushStatus{ - Exists: true, - }, Status: content.Status{ Ref: ref, Total: desc.Size, @@ -168,7 +164,6 @@ func (p dockerPusher) push(ctx context.Context, desc ocispec.Descriptor, ref str // Start upload request req = p.request(host, http.MethodPost, "blobs", "uploads/") - mountedFrom := "" var resp *http.Response if fromRepo := selectRepositoryMountCandidate(p.refspec, desc.Annotations); fromRepo != "" { preq := requestWithMountFrom(req, desc.Digest.String(), fromRepo) @@ -185,23 +180,17 @@ func (p dockerPusher) push(ctx context.Context, desc ocispec.Descriptor, ref str return nil, err } - switch resp.StatusCode { - case http.StatusUnauthorized: + if resp.StatusCode == http.StatusUnauthorized { log.G(ctx).Debugf("failed to mount from repository %s", fromRepo) resp.Body.Close() resp = nil - case http.StatusCreated: - mountedFrom = path.Join(p.refspec.Hostname(), fromRepo) } } if resp == nil { resp, err = req.doWithRetries(ctx, nil) if err != nil { - if errors.Is(err, ErrInvalidAuthorization) { - return nil, fmt.Errorf("push access denied, repository does not exist or may require authorization: %w", err) - } return nil, err } } @@ -212,9 +201,6 @@ func (p dockerPusher) push(ctx context.Context, desc ocispec.Descriptor, ref str case http.StatusCreated: p.tracker.SetStatus(ref, Status{ Committed: true, - PushStatus: PushStatus{ - MountedFrom: mountedFrom, - }, Status: content.Status{ Ref: ref, Total: desc.Size, @@ -249,16 +235,13 @@ func (p dockerPusher) push(ctx context.Context, desc ocispec.Descriptor, ref str } if lurl.Host != lhost.Host || lhost.Scheme != lurl.Scheme { + lhost.Scheme = lurl.Scheme lhost.Host = lurl.Host + log.G(ctx).WithField("host", lhost.Host).WithField("scheme", lhost.Scheme).Debug("upload changed destination") - // Check if different than what was requested, accounting for fallback in the transport layer - requested := resp.Request.URL - if requested.Host != lhost.Host || requested.Scheme != lhost.Scheme { - // Strip authorizer if change to host or scheme - lhost.Authorizer = nil - log.G(ctx).WithField("host", lhost.Host).WithField("scheme", lhost.Scheme).Debug("upload changed destination, authorizer removed") - } + // Strip authorizer if change to host or scheme + lhost.Authorizer = nil } } q := lurl.Query() diff --git a/vendor/github.com/containerd/containerd/remotes/docker/resolver.go b/vendor/github.com/containerd/containerd/remotes/docker/resolver.go index cca4ca6a23..709fa028de 100644 --- a/vendor/github.com/containerd/containerd/remotes/docker/resolver.go +++ b/vendor/github.com/containerd/containerd/remotes/docker/resolver.go @@ -18,7 +18,6 @@ package docker import ( "context" - "crypto/tls" "errors" "fmt" "io" @@ -33,12 +32,12 @@ import ( "github.com/containerd/containerd/log" "github.com/containerd/containerd/reference" "github.com/containerd/containerd/remotes" - "github.com/containerd/containerd/remotes/docker/schema1" //nolint:staticcheck // Ignore SA1019. Need to keep deprecated package for compatibility. - remoteerrors "github.com/containerd/containerd/remotes/errors" - "github.com/containerd/containerd/tracing" + "github.com/containerd/containerd/remotes/docker/schema1" "github.com/containerd/containerd/version" - "github.com/opencontainers/go-digest" + digest "github.com/opencontainers/go-digest" ocispec "github.com/opencontainers/image-spec/specs-go/v1" + "github.com/sirupsen/logrus" + "golang.org/x/net/context/ctxhttp" ) var ( @@ -71,9 +70,6 @@ type Authorizer interface { // unmodified. It may also add an `Authorization` header as // "bearer " // "basic " - // - // It may return remotes/errors.ErrUnexpectedStatus, which for example, - // can be used by the caller to find out the status code returned by the registry. Authorize(context.Context, *http.Request) error // AddResponses adds a 401 response for the authorizer to consider when @@ -99,30 +95,25 @@ type ResolverOptions struct { Tracker StatusTracker // Authorizer is used to authorize registry requests - // - // Deprecated: use Hosts. + // Deprecated: use Hosts Authorizer Authorizer // Credentials provides username and secret given a host. // If username is empty but a secret is given, that secret // is interpreted as a long lived token. - // - // Deprecated: use Hosts. + // Deprecated: use Hosts Credentials func(string) (string, string, error) // Host provides the hostname given a namespace. - // - // Deprecated: use Hosts. + // Deprecated: use Hosts Host func(string) (string, error) // PlainHTTP specifies to use plain http and not https - // - // Deprecated: use Hosts. + // Deprecated: use Hosts PlainHTTP bool // Client is the http client to used when making registry requests - // - // Deprecated: use Hosts. + // Deprecated: use Hosts Client *http.Client } @@ -149,9 +140,6 @@ func NewResolver(options ResolverOptions) remotes.Resolver { if options.Headers == nil { options.Headers = make(http.Header) - } else { - // make a copy of the headers to avoid race due to concurrent map write - options.Headers = options.Headers.Clone() } if _, ok := options.Headers["User-Agent"]; !ok { options.Headers.Set("User-Agent", "containerd/"+version.Version) @@ -164,8 +152,7 @@ func NewResolver(options ResolverOptions) remotes.Resolver { images.MediaTypeDockerSchema2Manifest, images.MediaTypeDockerSchema2ManifestList, ocispec.MediaTypeImageManifest, - ocispec.MediaTypeImageIndex, "*/*", - }, ", ")) + ocispec.MediaTypeImageIndex, "*/*"}, ", ")) } else { resolveHeader["Accept"] = options.Headers["Accept"] delete(options.Headers, "Accept") @@ -312,11 +299,11 @@ func (r *dockerResolver) Resolve(ctx context.Context, ref string) (string, ocisp if resp.StatusCode > 399 { // Set firstErr when encountering the first non-404 status code. if firstErr == nil { - firstErr = remoteerrors.NewUnexpectedStatusErr(resp) + firstErr = fmt.Errorf("pulling from host %s failed with status code %v: %v", host.Host, u, resp.Status) } continue // try another host } - return "", ocispec.Descriptor{}, remoteerrors.NewUnexpectedStatusErr(resp) + return "", ocispec.Descriptor{}, fmt.Errorf("pulling from host %s failed with unexpected status code %v: %v", host.Host, u, resp.Status) } size := resp.ContentLength contentType := getManifestMediaType(resp) @@ -353,31 +340,26 @@ func (r *dockerResolver) Resolve(ctx context.Context, ref string) (string, ocisp if err != nil { return "", ocispec.Descriptor{}, err } + defer resp.Body.Close() bodyReader := countingReader{reader: resp.Body} contentType = getManifestMediaType(resp) - err = func() error { - defer resp.Body.Close() - if dgst != "" { - _, err = io.Copy(io.Discard, &bodyReader) - return err - } - + if dgst == "" { if contentType == images.MediaTypeDockerSchema1Manifest { b, err := schema1.ReadStripSignature(&bodyReader) if err != nil { - return err + return "", ocispec.Descriptor{}, err } dgst = digest.FromBytes(b) - return nil + } else { + dgst, err = digest.FromReader(&bodyReader) + if err != nil { + return "", ocispec.Descriptor{}, err + } } - - dgst, err = digest.FromReader(&bodyReader) - return err - }() - if err != nil { + } else if _, err := io.Copy(io.Discard, &bodyReader); err != nil { return "", ocispec.Descriptor{}, err } size = bodyReader.bytesRead @@ -543,14 +525,13 @@ type request struct { func (r *request) do(ctx context.Context) (*http.Response, error) { u := r.host.Scheme + "://" + r.host.Host + r.path - req, err := http.NewRequestWithContext(ctx, r.method, u, nil) + req, err := http.NewRequest(r.method, u, nil) if err != nil { return nil, err } - if r.header == nil { - req.Header = http.Header{} - } else { - req.Header = r.header.Clone() // headers need to be copied to avoid concurrent map access + req.Header = http.Header{} // headers need to be copied to avoid concurrent map access + for k, v := range r.header { + req.Header[k] = v } if r.body != nil { body, err := r.body() @@ -570,7 +551,7 @@ func (r *request) do(ctx context.Context) (*http.Response, error) { return nil, fmt.Errorf("failed to authorize: %w", err) } - client := &http.Client{} + var client = &http.Client{} if r.host.Client != nil { *client = *r.host.Client } @@ -586,9 +567,7 @@ func (r *request) do(ctx context.Context) (*http.Response, error) { } } - tracing.UpdateHTTPClient(client, tracing.Name("remotes.docker.resolver", "HTTPRequest")) - - resp, err := client.Do(req) + resp, err := ctxhttp.Do(ctx, client, req) if err != nil { return nil, fmt.Errorf("failed to do request: %w", err) } @@ -651,7 +630,7 @@ func (r *request) String() string { return r.host.Scheme + "://" + r.host.Host + r.path } -func requestFields(req *http.Request) log.Fields { +func requestFields(req *http.Request) logrus.Fields { fields := map[string]interface{}{ "request.method": req.Method, } @@ -669,10 +648,10 @@ func requestFields(req *http.Request) log.Fields { } } - return fields + return logrus.Fields(fields) } -func responseFields(resp *http.Response) log.Fields { +func responseFields(resp *http.Response) logrus.Fields { fields := map[string]interface{}{ "response.status": resp.Status, } @@ -687,7 +666,7 @@ func responseFields(resp *http.Response) log.Fields { } } - return fields + return logrus.Fields(fields) } // IsLocalhost checks if the registry host is local. @@ -703,27 +682,3 @@ func IsLocalhost(host string) bool { ip := net.ParseIP(host) return ip.IsLoopback() } - -// HTTPFallback is an http.RoundTripper which allows fallback from https to http -// for registry endpoints with configurations for both http and TLS, such as -// defaulted localhost endpoints. -type HTTPFallback struct { - http.RoundTripper -} - -func (f HTTPFallback) RoundTrip(r *http.Request) (*http.Response, error) { - resp, err := f.RoundTripper.RoundTrip(r) - var tlsErr tls.RecordHeaderError - if errors.As(err, &tlsErr) && string(tlsErr.RecordHeader[:]) == "HTTP/" { - // server gave HTTP response to HTTPS client - plainHTTPUrl := *r.URL - plainHTTPUrl.Scheme = "http" - - plainHTTPRequest := *r - plainHTTPRequest.URL = &plainHTTPUrl - - return f.RoundTripper.RoundTrip(&plainHTTPRequest) - } - - return resp, err -} diff --git a/vendor/github.com/containerd/containerd/remotes/docker/schema1/converter.go b/vendor/github.com/containerd/containerd/remotes/docker/schema1/converter.go index 8c9e520cd2..efa4e8d6ee 100644 --- a/vendor/github.com/containerd/containerd/remotes/docker/schema1/converter.go +++ b/vendor/github.com/containerd/containerd/remotes/docker/schema1/converter.go @@ -14,9 +14,6 @@ limitations under the License. */ -// Package schema1 provides a converter to fetch an image formatted in Docker Image Manifest v2, Schema 1. -// -// Deprecated: use images formatted in Docker Image Manifest v2, Schema 2, or OCI Image Spec v1. package schema1 import ( @@ -36,7 +33,6 @@ import ( "github.com/containerd/containerd/content" "github.com/containerd/containerd/errdefs" "github.com/containerd/containerd/images" - "github.com/containerd/containerd/labels" "github.com/containerd/containerd/log" "github.com/containerd/containerd/remotes" digest "github.com/opencontainers/go-digest" @@ -367,12 +363,12 @@ func (c *Converter) fetchBlob(ctx context.Context, desc ocispec.Descriptor) erro cinfo := content.Info{ Digest: desc.Digest, Labels: map[string]string{ - labels.LabelUncompressed: state.diffID.String(), + "containerd.io/uncompressed": state.diffID.String(), labelDockerSchema1EmptyLayer: strconv.FormatBool(state.empty), }, } - if _, err := c.contentStore.Update(ctx, cinfo, "labels."+labels.LabelUncompressed, fmt.Sprintf("labels.%s", labelDockerSchema1EmptyLayer)); err != nil { + if _, err := c.contentStore.Update(ctx, cinfo, "labels.containerd.io/uncompressed", fmt.Sprintf("labels.%s", labelDockerSchema1EmptyLayer)); err != nil { return fmt.Errorf("failed to update uncompressed label: %w", err) } @@ -391,7 +387,7 @@ func (c *Converter) reuseLabelBlobState(ctx context.Context, desc ocispec.Descri } desc.Size = cinfo.Size - diffID, ok := cinfo.Labels[labels.LabelUncompressed] + diffID, ok := cinfo.Labels["containerd.io/uncompressed"] if !ok { return false, nil } @@ -410,7 +406,7 @@ func (c *Converter) reuseLabelBlobState(ctx context.Context, desc ocispec.Descri bState := blobState{empty: isEmpty} if bState.diffID, err = digest.Parse(diffID); err != nil { - log.G(ctx).WithField("id", desc.Digest).Warnf("failed to parse digest from label %s: %v", labels.LabelUncompressed, diffID) + log.G(ctx).WithField("id", desc.Digest).Warnf("failed to parse digest from label containerd.io/uncompressed: %v", diffID) return false, nil } diff --git a/vendor/github.com/containerd/containerd/remotes/docker/status.go b/vendor/github.com/containerd/containerd/remotes/docker/status.go index 1a9227725b..1f7b278aef 100644 --- a/vendor/github.com/containerd/containerd/remotes/docker/status.go +++ b/vendor/github.com/containerd/containerd/remotes/docker/status.go @@ -36,17 +36,6 @@ type Status struct { // UploadUUID is used by the Docker registry to reference blob uploads UploadUUID string - - // PushStatus contains status related to push. - PushStatus -} - -type PushStatus struct { - // MountedFrom is the source content was cross-repo mounted from (empty if no cross-repo mount was performed). - MountedFrom string - - // Exists indicates whether content already exists in the repository and wasn't uploaded. - Exists bool } // StatusTracker to track status of operations diff --git a/vendor/github.com/containerd/containerd/remotes/errors/errors.go b/vendor/github.com/containerd/containerd/remotes/errors/errors.go index f60ff0fc28..67ccb23df6 100644 --- a/vendor/github.com/containerd/containerd/remotes/errors/errors.go +++ b/vendor/github.com/containerd/containerd/remotes/errors/errors.go @@ -33,7 +33,7 @@ type ErrUnexpectedStatus struct { } func (e ErrUnexpectedStatus) Error() string { - return fmt.Sprintf("unexpected status from %s request to %s: %s", e.RequestMethod, e.RequestURL, e.Status) + return fmt.Sprintf("unexpected status: %s", e.Status) } // NewUnexpectedStatusErr creates an ErrUnexpectedStatus from HTTP response diff --git a/vendor/github.com/containerd/containerd/remotes/handlers.go b/vendor/github.com/containerd/containerd/remotes/handlers.go index f24669dc4a..4d91ed2e54 100644 --- a/vendor/github.com/containerd/containerd/remotes/handlers.go +++ b/vendor/github.com/containerd/containerd/remotes/handlers.go @@ -17,7 +17,6 @@ package remotes import ( - "bytes" "context" "errors" "fmt" @@ -28,10 +27,10 @@ import ( "github.com/containerd/containerd/content" "github.com/containerd/containerd/errdefs" "github.com/containerd/containerd/images" - "github.com/containerd/containerd/labels" "github.com/containerd/containerd/log" "github.com/containerd/containerd/platforms" ocispec "github.com/opencontainers/image-spec/specs-go/v1" + "github.com/sirupsen/logrus" "golang.org/x/sync/semaphore" ) @@ -91,7 +90,7 @@ func MakeRefKey(ctx context.Context, desc ocispec.Descriptor) string { // recursive fetch. func FetchHandler(ingester content.Ingester, fetcher Fetcher) images.HandlerFunc { return func(ctx context.Context, desc ocispec.Descriptor) (subdescs []ocispec.Descriptor, err error) { - ctx = log.WithLogger(ctx, log.G(ctx).WithFields(log.Fields{ + ctx = log.WithLogger(ctx, log.G(ctx).WithFields(logrus.Fields{ "digest": desc.Digest, "mediatype": desc.MediaType, "size": desc.Size, @@ -101,21 +100,20 @@ func FetchHandler(ingester content.Ingester, fetcher Fetcher) images.HandlerFunc case images.MediaTypeDockerSchema1Manifest: return nil, fmt.Errorf("%v not supported", desc.MediaType) default: - err := Fetch(ctx, ingester, fetcher, desc) - if errdefs.IsAlreadyExists(err) { - return nil, nil - } + err := fetch(ctx, ingester, fetcher, desc) return nil, err } } } -// Fetch fetches the given digest into the provided ingester -func Fetch(ctx context.Context, ingester content.Ingester, fetcher Fetcher, desc ocispec.Descriptor) error { +func fetch(ctx context.Context, ingester content.Ingester, fetcher Fetcher, desc ocispec.Descriptor) error { log.G(ctx).Debug("fetch") cw, err := content.OpenWriter(ctx, ingester, content.WithRef(MakeRefKey(ctx, desc)), content.WithDescriptor(desc)) if err != nil { + if errdefs.IsAlreadyExists(err) { + return nil + } return err } defer cw.Close() @@ -137,11 +135,7 @@ func Fetch(ctx context.Context, ingester content.Ingester, fetcher Fetcher, desc if err != nil && !errdefs.IsAlreadyExists(err) { return fmt.Errorf("failed commit on ref %q: %w", ws.Ref, err) } - return err - } - - if desc.Size == int64(len(desc.Data)) { - return content.Copy(ctx, cw, bytes.NewReader(desc.Data), desc.Size, desc.Digest) + return nil } rc, err := fetcher.Fetch(ctx, desc) @@ -157,7 +151,7 @@ func Fetch(ctx context.Context, ingester content.Ingester, fetcher Fetcher, desc // using a writer from the pusher. func PushHandler(pusher Pusher, provider content.Provider) images.HandlerFunc { return func(ctx context.Context, desc ocispec.Descriptor) ([]ocispec.Descriptor, error) { - ctx = log.WithLogger(ctx, log.G(ctx).WithFields(log.Fields{ + ctx = log.WithLogger(ctx, log.G(ctx).WithFields(logrus.Fields{ "digest": desc.Digest, "mediatype": desc.MediaType, "size": desc.Size, @@ -203,26 +197,17 @@ func push(ctx context.Context, provider content.Provider, pusher Pusher, desc oc // // Base handlers can be provided which will be called before any push specific // handlers. -// -// If the passed in content.Provider is also a content.InfoProvider (such as -// content.Manager) then this will also annotate the distribution sources using -// labels prefixed with "containerd.io/distribution.source". -func PushContent(ctx context.Context, pusher Pusher, desc ocispec.Descriptor, store content.Provider, limiter *semaphore.Weighted, platform platforms.MatchComparer, wrapper func(h images.Handler) images.Handler) error { +func PushContent(ctx context.Context, pusher Pusher, desc ocispec.Descriptor, store content.Store, limiter *semaphore.Weighted, platform platforms.MatchComparer, wrapper func(h images.Handler) images.Handler) error { var m sync.Mutex - manifests := []ocispec.Descriptor{} - indexStack := []ocispec.Descriptor{} + manifestStack := []ocispec.Descriptor{} filterHandler := images.HandlerFunc(func(ctx context.Context, desc ocispec.Descriptor) ([]ocispec.Descriptor, error) { switch desc.MediaType { - case images.MediaTypeDockerSchema2Manifest, ocispec.MediaTypeImageManifest: - m.Lock() - manifests = append(manifests, desc) - m.Unlock() - return nil, images.ErrStopHandler - case images.MediaTypeDockerSchema2ManifestList, ocispec.MediaTypeImageIndex: + case images.MediaTypeDockerSchema2Manifest, ocispec.MediaTypeImageManifest, + images.MediaTypeDockerSchema2ManifestList, ocispec.MediaTypeImageIndex: m.Lock() - indexStack = append(indexStack, desc) + manifestStack = append(manifestStack, desc) m.Unlock() return nil, images.ErrStopHandler default: @@ -234,14 +219,13 @@ func PushContent(ctx context.Context, pusher Pusher, desc ocispec.Descriptor, st platformFilterhandler := images.FilterPlatforms(images.ChildrenHandler(store), platform) - var handler images.Handler - if m, ok := store.(content.InfoProvider); ok { - annotateHandler := annotateDistributionSourceHandler(platformFilterhandler, m) - handler = images.Handlers(annotateHandler, filterHandler, pushHandler) - } else { - handler = images.Handlers(platformFilterhandler, filterHandler, pushHandler) - } + annotateHandler := annotateDistributionSourceHandler(platformFilterhandler, store) + var handler images.Handler = images.Handlers( + annotateHandler, + filterHandler, + pushHandler, + ) if wrapper != nil { handler = wrapper(handler) } @@ -250,18 +234,16 @@ func PushContent(ctx context.Context, pusher Pusher, desc ocispec.Descriptor, st return err } - if err := images.Dispatch(ctx, pushHandler, limiter, manifests...); err != nil { - return err - } - // Iterate in reverse order as seen, parent always uploaded after child - for i := len(indexStack) - 1; i >= 0; i-- { - err := images.Dispatch(ctx, pushHandler, limiter, indexStack[i]) + for i := len(manifestStack) - 1; i >= 0; i-- { + _, err := pushHandler(ctx, manifestStack[i]) if err != nil { // TODO(estesp): until we have a more complete method for index push, we need to report // missing dependencies in an index/manifest list by sensing the "400 Bad Request" // as a marker for this problem - if errors.Unwrap(err) != nil && strings.Contains(errors.Unwrap(err).Error(), "400 Bad Request") { + if (manifestStack[i].MediaType == ocispec.MediaTypeImageIndex || + manifestStack[i].MediaType == images.MediaTypeDockerSchema2ManifestList) && + errors.Unwrap(err) != nil && strings.Contains(errors.Unwrap(err).Error(), "400 Bad Request") { return fmt.Errorf("manifest list/index references to blobs and/or manifests are missing in your target registry: %w", err) } return err @@ -345,15 +327,14 @@ func FilterManifestByPlatformHandler(f images.HandlerFunc, m platforms.Matcher) // annotateDistributionSourceHandler add distribution source label into // annotation of config or blob descriptor. -func annotateDistributionSourceHandler(f images.HandlerFunc, provider content.InfoProvider) images.HandlerFunc { +func annotateDistributionSourceHandler(f images.HandlerFunc, manager content.Manager) images.HandlerFunc { return func(ctx context.Context, desc ocispec.Descriptor) ([]ocispec.Descriptor, error) { children, err := f(ctx, desc) if err != nil { return nil, err } - // Distribution source is only used for config or blob but may be inherited from - // a manifest or manifest list + // only add distribution source for the config or blob data descriptor switch desc.MediaType { case images.MediaTypeDockerSchema2Manifest, ocispec.MediaTypeImageManifest, images.MediaTypeDockerSchema2ManifestList, ocispec.MediaTypeImageIndex: @@ -361,53 +342,27 @@ func annotateDistributionSourceHandler(f images.HandlerFunc, provider content.In return children, nil } - parentSourceAnnotations := desc.Annotations - var parentLabels map[string]string - if pi, err := provider.Info(ctx, desc.Digest); err != nil { - if !errdefs.IsNotFound(err) { - return nil, err - } - } else { - parentLabels = pi.Labels - } - for i := range children { child := children[i] - info, err := provider.Info(ctx, child.Digest) + info, err := manager.Info(ctx, child.Digest) if err != nil { - if !errdefs.IsNotFound(err) { - return nil, err - } + return nil, err } - copyDistributionSourceLabels(info.Labels, &child) - // Annotate with parent labels for cross repo mount or fetch. - // Parent sources may apply to all children since most registries - // enforce that children exist before the manifests. - copyDistributionSourceLabels(parentSourceAnnotations, &child) - copyDistributionSourceLabels(parentLabels, &child) + for k, v := range info.Labels { + if !strings.HasPrefix(k, "containerd.io/distribution.source.") { + continue + } + + if child.Annotations == nil { + child.Annotations = map[string]string{} + } + child.Annotations[k] = v + } children[i] = child } return children, nil } } - -func copyDistributionSourceLabels(from map[string]string, to *ocispec.Descriptor) { - for k, v := range from { - if !strings.HasPrefix(k, labels.LabelDistributionSource+".") { - continue - } - - if to.Annotations == nil { - to.Annotations = make(map[string]string) - } else { - // Only propagate the parent label if the child doesn't already have it. - if _, has := to.Annotations[k]; has { - continue - } - } - to.Annotations[k] = v - } -} diff --git a/vendor/github.com/containerd/containerd/remotes/resolver.go b/vendor/github.com/containerd/containerd/remotes/resolver.go index f200c84bc7..624b14f05d 100644 --- a/vendor/github.com/containerd/containerd/remotes/resolver.go +++ b/vendor/github.com/containerd/containerd/remotes/resolver.go @@ -21,7 +21,6 @@ import ( "io" "github.com/containerd/containerd/content" - "github.com/opencontainers/go-digest" ocispec "github.com/opencontainers/image-spec/specs-go/v1" ) @@ -34,7 +33,7 @@ type Resolver interface { // reference a specific host or be matched against a specific handler. // // The returned name should be used to identify the referenced entity. - // Depending on the remote namespace, this may be immutable or mutable. + // Dependending on the remote namespace, this may be immutable or mutable. // While the name may differ from ref, it should itself be a valid ref. // // If the resolution fails, an error will be returned. @@ -51,23 +50,12 @@ type Resolver interface { Pusher(ctx context.Context, ref string) (Pusher, error) } -// Fetcher fetches content. -// A fetcher implementation may implement the FetcherByDigest interface too. +// Fetcher fetches content type Fetcher interface { // Fetch the resource identified by the descriptor. Fetch(ctx context.Context, desc ocispec.Descriptor) (io.ReadCloser, error) } -// FetcherByDigest fetches content by the digest. -type FetcherByDigest interface { - // FetchByDigest fetches the resource identified by the digest. - // - // FetcherByDigest usually returns an incomplete descriptor. - // Typically, the media type is always set to "application/octet-stream", - // and the annotations are unset. - FetchByDigest(ctx context.Context, dgst digest.Digest) (io.ReadCloser, ocispec.Descriptor, error) -} - // Pusher pushes content type Pusher interface { // Push returns a content writer for the given resource identified diff --git a/vendor/github.com/containerd/containerd/tracing/helpers.go b/vendor/github.com/containerd/containerd/tracing/helpers.go deleted file mode 100644 index 981da6c795..0000000000 --- a/vendor/github.com/containerd/containerd/tracing/helpers.go +++ /dev/null @@ -1,94 +0,0 @@ -/* - Copyright The containerd Authors. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -package tracing - -import ( - "encoding/json" - "fmt" - "strings" - - "go.opentelemetry.io/otel/attribute" -) - -const ( - spanDelimiter = "." -) - -func makeSpanName(names ...string) string { - return strings.Join(names, spanDelimiter) -} - -func any(k string, v interface{}) attribute.KeyValue { - if v == nil { - return attribute.String(k, "") - } - - switch typed := v.(type) { - case bool: - return attribute.Bool(k, typed) - case []bool: - return attribute.BoolSlice(k, typed) - case int: - return attribute.Int(k, typed) - case []int: - return attribute.IntSlice(k, typed) - case int8: - return attribute.Int(k, int(typed)) - case []int8: - ls := make([]int, 0, len(typed)) - for _, i := range typed { - ls = append(ls, int(i)) - } - return attribute.IntSlice(k, ls) - case int16: - return attribute.Int(k, int(typed)) - case []int16: - ls := make([]int, 0, len(typed)) - for _, i := range typed { - ls = append(ls, int(i)) - } - return attribute.IntSlice(k, ls) - case int32: - return attribute.Int64(k, int64(typed)) - case []int32: - ls := make([]int64, 0, len(typed)) - for _, i := range typed { - ls = append(ls, int64(i)) - } - return attribute.Int64Slice(k, ls) - case int64: - return attribute.Int64(k, typed) - case []int64: - return attribute.Int64Slice(k, typed) - case float64: - return attribute.Float64(k, typed) - case []float64: - return attribute.Float64Slice(k, typed) - case string: - return attribute.String(k, typed) - case []string: - return attribute.StringSlice(k, typed) - } - - if stringer, ok := v.(fmt.Stringer); ok { - return attribute.String(k, stringer.String()) - } - if b, err := json.Marshal(v); b != nil && err == nil { - return attribute.String(k, string(b)) - } - return attribute.String(k, fmt.Sprintf("%v", v)) -} diff --git a/vendor/github.com/containerd/containerd/tracing/log.go b/vendor/github.com/containerd/containerd/tracing/log.go deleted file mode 100644 index 98fa16f931..0000000000 --- a/vendor/github.com/containerd/containerd/tracing/log.go +++ /dev/null @@ -1,66 +0,0 @@ -/* - Copyright The containerd Authors. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -package tracing - -import ( - "github.com/sirupsen/logrus" - "go.opentelemetry.io/otel/attribute" - "go.opentelemetry.io/otel/trace" -) - -// NewLogrusHook creates a new logrus hook -func NewLogrusHook() *LogrusHook { - return &LogrusHook{} -} - -// LogrusHook is a logrus hook which adds logrus events to active spans. -// If the span is not recording or the span context is invalid, the hook is a no-op. -type LogrusHook struct{} - -// Levels returns the logrus levels that this hook is interested in. -func (h *LogrusHook) Levels() []logrus.Level { - return logrus.AllLevels -} - -// Fire is called when a log event occurs. -func (h *LogrusHook) Fire(entry *logrus.Entry) error { - span := trace.SpanFromContext(entry.Context) - if span == nil { - return nil - } - - if !span.SpanContext().IsValid() || !span.IsRecording() { - return nil - } - - span.AddEvent( - entry.Message, - trace.WithAttributes(logrusDataToAttrs(entry.Data)...), - trace.WithAttributes(attribute.String("level", entry.Level.String())), - trace.WithTimestamp(entry.Time), - ) - - return nil -} - -func logrusDataToAttrs(data logrus.Fields) []attribute.KeyValue { - attrs := make([]attribute.KeyValue, 0, len(data)) - for k, v := range data { - attrs = append(attrs, any(k, v)) - } - return attrs -} diff --git a/vendor/github.com/containerd/containerd/tracing/tracing.go b/vendor/github.com/containerd/containerd/tracing/tracing.go deleted file mode 100644 index 80d2b95c0e..0000000000 --- a/vendor/github.com/containerd/containerd/tracing/tracing.go +++ /dev/null @@ -1,129 +0,0 @@ -/* - Copyright The containerd Authors. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -package tracing - -import ( - "context" - "net/http" - - "go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp" - "go.opentelemetry.io/otel" - "go.opentelemetry.io/otel/attribute" - "go.opentelemetry.io/otel/codes" - semconv "go.opentelemetry.io/otel/semconv/v1.21.0" - "go.opentelemetry.io/otel/trace" -) - -// StartConfig defines configuration for a new span object. -type StartConfig struct { - spanOpts []trace.SpanStartOption -} - -type SpanOpt func(config *StartConfig) - -// WithHTTPRequest marks span as a HTTP request operation from client to server. -// It'll append attributes from the HTTP request object and mark it with `SpanKindClient` type. -// -// Deprecated: use upstream functionality from otelhttp directly instead. This function is kept for API compatibility -// but no longer works as expected due to required functionality no longer exported in OpenTelemetry libraries. -func WithHTTPRequest(_ *http.Request) SpanOpt { - return func(config *StartConfig) { - config.spanOpts = append(config.spanOpts, - trace.WithSpanKind(trace.SpanKindClient), // A client making a request to a server - ) - } -} - -// UpdateHTTPClient updates the http client with the necessary otel transport -func UpdateHTTPClient(client *http.Client, name string) { - client.Transport = otelhttp.NewTransport( - client.Transport, - otelhttp.WithSpanNameFormatter(func(operation string, r *http.Request) string { - return name - }), - ) -} - -// StartSpan starts child span in a context. -func StartSpan(ctx context.Context, opName string, opts ...SpanOpt) (context.Context, *Span) { - config := StartConfig{} - for _, fn := range opts { - fn(&config) - } - tracer := otel.Tracer("") - if parent := trace.SpanFromContext(ctx); parent != nil && parent.SpanContext().IsValid() { - tracer = parent.TracerProvider().Tracer("") - } - ctx, span := tracer.Start(ctx, opName, config.spanOpts...) - return ctx, &Span{otelSpan: span} -} - -// SpanFromContext returns the current Span from the context. -func SpanFromContext(ctx context.Context) *Span { - return &Span{ - otelSpan: trace.SpanFromContext(ctx), - } -} - -// Span is wrapper around otel trace.Span. -// Span is the individual component of a trace. It represents a -// single named and timed operation of a workflow that is traced. -type Span struct { - otelSpan trace.Span -} - -// End completes the span. -func (s *Span) End() { - s.otelSpan.End() -} - -// AddEvent adds an event with provided name and options. -func (s *Span) AddEvent(name string, options ...trace.EventOption) { - s.otelSpan.AddEvent(name, options...) -} - -// SetStatus sets the status of the current span. -// If an error is encountered, it records the error and sets span status to Error. -func (s *Span) SetStatus(err error) { - if err != nil { - s.otelSpan.RecordError(err) - s.otelSpan.SetStatus(codes.Error, err.Error()) - } else { - s.otelSpan.SetStatus(codes.Ok, "") - } -} - -// SetAttributes sets kv as attributes of the span. -func (s *Span) SetAttributes(kv ...attribute.KeyValue) { - s.otelSpan.SetAttributes(kv...) -} - -// Name sets the span name by joining a list of strings in dot separated format. -func Name(names ...string) string { - return makeSpanName(names...) -} - -// Attribute takes a key value pair and returns attribute.KeyValue type. -func Attribute(k string, v interface{}) attribute.KeyValue { - return any(k, v) -} - -// HTTPStatusCodeAttributes generates attributes of the HTTP namespace as specified by the OpenTelemetry -// specification for a span. -func HTTPStatusCodeAttributes(code int) []attribute.KeyValue { - return []attribute.KeyValue{semconv.HTTPStatusCodeKey.Int(code)} -} diff --git a/vendor/github.com/containerd/containerd/version/version.go b/vendor/github.com/containerd/containerd/version/version.go index 45767163cd..6bc3ed178a 100644 --- a/vendor/github.com/containerd/containerd/version/version.go +++ b/vendor/github.com/containerd/containerd/version/version.go @@ -23,7 +23,7 @@ var ( Package = "github.com/containerd/containerd" // Version holds the complete version number. Filled in at linking time. - Version = "1.7.11+unknown" + Version = "1.6.19+unknown" // Revision is filled with the VCS (e.g. git) revision being used to build // the program at linking time. diff --git a/vendor/github.com/containerd/log/.golangci.yml b/vendor/github.com/containerd/log/.golangci.yml deleted file mode 100644 index a695775df4..0000000000 --- a/vendor/github.com/containerd/log/.golangci.yml +++ /dev/null @@ -1,30 +0,0 @@ -linters: - enable: - - exportloopref # Checks for pointers to enclosing loop variables - - gofmt - - goimports - - gosec - - ineffassign - - misspell - - nolintlint - - revive - - staticcheck - - tenv # Detects using os.Setenv instead of t.Setenv since Go 1.17 - - unconvert - - unused - - vet - - dupword # Checks for duplicate words in the source code - disable: - - errcheck - -run: - timeout: 5m - skip-dirs: - - api - - cluster - - design - - docs - - docs/man - - releases - - reports - - test # e2e scripts diff --git a/vendor/github.com/containerd/log/LICENSE b/vendor/github.com/containerd/log/LICENSE deleted file mode 100644 index 584149b6ee..0000000000 --- a/vendor/github.com/containerd/log/LICENSE +++ /dev/null @@ -1,191 +0,0 @@ - - Apache License - Version 2.0, January 2004 - https://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - Copyright The containerd Authors - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - https://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/vendor/github.com/containerd/log/README.md b/vendor/github.com/containerd/log/README.md deleted file mode 100644 index 00e0849880..0000000000 --- a/vendor/github.com/containerd/log/README.md +++ /dev/null @@ -1,17 +0,0 @@ -# log - -A Go package providing a common logging interface across containerd repositories and a way for clients to use and configure logging in containerd packages. - -This package is not intended to be used as a standalone logging package outside of the containerd ecosystem and is intended as an interface wrapper around a logging implementation. -In the future this package may be replaced with a common go logging interface. - -## Project details - -**log** is a containerd sub-project, licensed under the [Apache 2.0 license](./LICENSE). -As a containerd sub-project, you will find the: - * [Project governance](https://github.com/containerd/project/blob/main/GOVERNANCE.md), - * [Maintainers](https://github.com/containerd/project/blob/main/MAINTAINERS), - * and [Contributing guidelines](https://github.com/containerd/project/blob/main/CONTRIBUTING.md) - -information in our [`containerd/project`](https://github.com/containerd/project) repository. - diff --git a/vendor/github.com/containerd/log/context.go b/vendor/github.com/containerd/log/context.go deleted file mode 100644 index 20153066f3..0000000000 --- a/vendor/github.com/containerd/log/context.go +++ /dev/null @@ -1,182 +0,0 @@ -/* - Copyright The containerd Authors. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -// Package log provides types and functions related to logging, passing -// loggers through a context, and attaching context to the logger. -// -// # Transitional types -// -// This package contains various types that are aliases for types in [logrus]. -// These aliases are intended for transitioning away from hard-coding logrus -// as logging implementation. Consumers of this package are encouraged to use -// the type-aliases from this package instead of directly using their logrus -// equivalent. -// -// The intent is to replace these aliases with locally defined types and -// interfaces once all consumers are no longer directly importing logrus -// types. -// -// IMPORTANT: due to the transitional purpose of this package, it is not -// guaranteed for the full logrus API to be provided in the future. As -// outlined, these aliases are provided as a step to transition away from -// a specific implementation which, as a result, exposes the full logrus API. -// While no decisions have been made on the ultimate design and interface -// provided by this package, we do not expect carrying "less common" features. -package log - -import ( - "context" - "fmt" - - "github.com/sirupsen/logrus" -) - -// G is a shorthand for [GetLogger]. -// -// We may want to define this locally to a package to get package tagged log -// messages. -var G = GetLogger - -// L is an alias for the standard logger. -var L = &Entry{ - Logger: logrus.StandardLogger(), - // Default is three fields plus a little extra room. - Data: make(Fields, 6), -} - -type loggerKey struct{} - -// Fields type to pass to "WithFields". -type Fields = map[string]any - -// Entry is a logging entry. It contains all the fields passed with -// [Entry.WithFields]. It's finally logged when Trace, Debug, Info, Warn, -// Error, Fatal or Panic is called on it. These objects can be reused and -// passed around as much as you wish to avoid field duplication. -// -// Entry is a transitional type, and currently an alias for [logrus.Entry]. -type Entry = logrus.Entry - -// RFC3339NanoFixed is [time.RFC3339Nano] with nanoseconds padded using -// zeros to ensure the formatted time is always the same number of -// characters. -const RFC3339NanoFixed = "2006-01-02T15:04:05.000000000Z07:00" - -// Level is a logging level. -type Level = logrus.Level - -// Supported log levels. -const ( - // TraceLevel level. Designates finer-grained informational events - // than [DebugLevel]. - TraceLevel Level = logrus.TraceLevel - - // DebugLevel level. Usually only enabled when debugging. Very verbose - // logging. - DebugLevel Level = logrus.DebugLevel - - // InfoLevel level. General operational entries about what's going on - // inside the application. - InfoLevel Level = logrus.InfoLevel - - // WarnLevel level. Non-critical entries that deserve eyes. - WarnLevel Level = logrus.WarnLevel - - // ErrorLevel level. Logs errors that should definitely be noted. - // Commonly used for hooks to send errors to an error tracking service. - ErrorLevel Level = logrus.ErrorLevel - - // FatalLevel level. Logs and then calls "logger.Exit(1)". It exits - // even if the logging level is set to Panic. - FatalLevel Level = logrus.FatalLevel - - // PanicLevel level. This is the highest level of severity. Logs and - // then calls panic with the message passed to Debug, Info, ... - PanicLevel Level = logrus.PanicLevel -) - -// SetLevel sets log level globally. It returns an error if the given -// level is not supported. -// -// level can be one of: -// -// - "trace" ([TraceLevel]) -// - "debug" ([DebugLevel]) -// - "info" ([InfoLevel]) -// - "warn" ([WarnLevel]) -// - "error" ([ErrorLevel]) -// - "fatal" ([FatalLevel]) -// - "panic" ([PanicLevel]) -func SetLevel(level string) error { - lvl, err := logrus.ParseLevel(level) - if err != nil { - return err - } - - L.Logger.SetLevel(lvl) - return nil -} - -// GetLevel returns the current log level. -func GetLevel() Level { - return L.Logger.GetLevel() -} - -// OutputFormat specifies a log output format. -type OutputFormat string - -// Supported log output formats. -const ( - // TextFormat represents the text logging format. - TextFormat OutputFormat = "text" - - // JSONFormat represents the JSON logging format. - JSONFormat OutputFormat = "json" -) - -// SetFormat sets the log output format ([TextFormat] or [JSONFormat]). -func SetFormat(format OutputFormat) error { - switch format { - case TextFormat: - L.Logger.SetFormatter(&logrus.TextFormatter{ - TimestampFormat: RFC3339NanoFixed, - FullTimestamp: true, - }) - return nil - case JSONFormat: - L.Logger.SetFormatter(&logrus.JSONFormatter{ - TimestampFormat: RFC3339NanoFixed, - }) - return nil - default: - return fmt.Errorf("unknown log format: %s", format) - } -} - -// WithLogger returns a new context with the provided logger. Use in -// combination with logger.WithField(s) for great effect. -func WithLogger(ctx context.Context, logger *Entry) context.Context { - return context.WithValue(ctx, loggerKey{}, logger.WithContext(ctx)) -} - -// GetLogger retrieves the current logger from the context. If no logger is -// available, the default logger is returned. -func GetLogger(ctx context.Context) *Entry { - if logger := ctx.Value(loggerKey{}); logger != nil { - return logger.(*Entry) - } - return L.WithContext(ctx) -} diff --git a/vendor/github.com/opencontainers/image-spec/specs-go/v1/mediatype.go b/vendor/github.com/opencontainers/image-spec/specs-go/v1/mediatype.go index 892ba3de9d..ce8313e796 100644 --- a/vendor/github.com/opencontainers/image-spec/specs-go/v1/mediatype.go +++ b/vendor/github.com/opencontainers/image-spec/specs-go/v1/mediatype.go @@ -21,12 +21,20 @@ const ( // MediaTypeLayoutHeader specifies the media type for the oci-layout. MediaTypeLayoutHeader = "application/vnd.oci.layout.header.v1+json" + // MediaTypeImageIndex specifies the media type for an image index. + MediaTypeImageIndex = "application/vnd.oci.image.index.v1+json" + // MediaTypeImageManifest specifies the media type for an image manifest. MediaTypeImageManifest = "application/vnd.oci.image.manifest.v1+json" - // MediaTypeImageIndex specifies the media type for an image index. - MediaTypeImageIndex = "application/vnd.oci.image.index.v1+json" + // MediaTypeImageConfig specifies the media type for the image configuration. + MediaTypeImageConfig = "application/vnd.oci.image.config.v1+json" + + // MediaTypeEmptyJSON specifies the media type for an unused blob containing the value "{}". + MediaTypeEmptyJSON = "application/vnd.oci.empty.v1+json" +) +const ( // MediaTypeImageLayer is the media type used for layers referenced by the manifest. MediaTypeImageLayer = "application/vnd.oci.image.layer.v1.tar" @@ -37,7 +45,15 @@ const ( // MediaTypeImageLayerZstd is the media type used for zstd compressed // layers referenced by the manifest. MediaTypeImageLayerZstd = "application/vnd.oci.image.layer.v1.tar+zstd" +) +// Non-distributable layer media-types. +// +// Deprecated: Non-distributable layers are deprecated, and not recommended +// for future use. Implementations SHOULD NOT produce new non-distributable +// layers. +// https://github.com/opencontainers/image-spec/pull/965 +const ( // MediaTypeImageLayerNonDistributable is the media type for layers referenced by // the manifest but with distribution restrictions. // @@ -66,10 +82,4 @@ const ( // layers. // https://github.com/opencontainers/image-spec/pull/965 MediaTypeImageLayerNonDistributableZstd = "application/vnd.oci.image.layer.nondistributable.v1.tar+zstd" - - // MediaTypeImageConfig specifies the media type for the image configuration. - MediaTypeImageConfig = "application/vnd.oci.image.config.v1+json" - - // MediaTypeEmptyJSON specifies the media type for an unused blob containing the value `{}` - MediaTypeEmptyJSON = "application/vnd.oci.empty.v1+json" ) diff --git a/vendor/github.com/opencontainers/image-spec/specs-go/version.go b/vendor/github.com/opencontainers/image-spec/specs-go/version.go index 11e09b5846..6d01f6e717 100644 --- a/vendor/github.com/opencontainers/image-spec/specs-go/version.go +++ b/vendor/github.com/opencontainers/image-spec/specs-go/version.go @@ -25,7 +25,7 @@ const ( VersionPatch = 0 // VersionDev indicates development branch. Releases will be empty string. - VersionDev = "-rc.5" + VersionDev = "-rc.6" ) // Version is the specification version that the package types support. diff --git a/vendor/golang.org/x/net/context/ctxhttp/ctxhttp.go b/vendor/golang.org/x/net/context/ctxhttp/ctxhttp.go new file mode 100644 index 0000000000..37dc0cfdb5 --- /dev/null +++ b/vendor/golang.org/x/net/context/ctxhttp/ctxhttp.go @@ -0,0 +1,71 @@ +// Copyright 2016 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// Package ctxhttp provides helper functions for performing context-aware HTTP requests. +package ctxhttp // import "golang.org/x/net/context/ctxhttp" + +import ( + "context" + "io" + "net/http" + "net/url" + "strings" +) + +// Do sends an HTTP request with the provided http.Client and returns +// an HTTP response. +// +// If the client is nil, http.DefaultClient is used. +// +// The provided ctx must be non-nil. If it is canceled or times out, +// ctx.Err() will be returned. +func Do(ctx context.Context, client *http.Client, req *http.Request) (*http.Response, error) { + if client == nil { + client = http.DefaultClient + } + resp, err := client.Do(req.WithContext(ctx)) + // If we got an error, and the context has been canceled, + // the context's error is probably more useful. + if err != nil { + select { + case <-ctx.Done(): + err = ctx.Err() + default: + } + } + return resp, err +} + +// Get issues a GET request via the Do function. +func Get(ctx context.Context, client *http.Client, url string) (*http.Response, error) { + req, err := http.NewRequest("GET", url, nil) + if err != nil { + return nil, err + } + return Do(ctx, client, req) +} + +// Head issues a HEAD request via the Do function. +func Head(ctx context.Context, client *http.Client, url string) (*http.Response, error) { + req, err := http.NewRequest("HEAD", url, nil) + if err != nil { + return nil, err + } + return Do(ctx, client, req) +} + +// Post issues a POST request via the Do function. +func Post(ctx context.Context, client *http.Client, url string, bodyType string, body io.Reader) (*http.Response, error) { + req, err := http.NewRequest("POST", url, body) + if err != nil { + return nil, err + } + req.Header.Set("Content-Type", bodyType) + return Do(ctx, client, req) +} + +// PostForm issues a POST request via the Do function. +func PostForm(ctx context.Context, client *http.Client, url string, data url.Values) (*http.Response, error) { + return Post(ctx, client, url, "application/x-www-form-urlencoded", strings.NewReader(data.Encode())) +} diff --git a/vendor/modules.txt b/vendor/modules.txt index 547560ee5f..dea8aecb1f 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -1,9 +1,3 @@ -# github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 -## explicit; go 1.20 -github.com/AdaLogics/go-fuzz-headers -# github.com/Microsoft/hcsshim v0.11.4 -## explicit; go 1.18 -github.com/Microsoft/hcsshim/osversion # github.com/OneOfOne/xxhash v1.2.8 ## explicit; go 1.11 github.com/OneOfOne/xxhash @@ -35,30 +29,23 @@ github.com/cespare/xxhash # github.com/cespare/xxhash/v2 v2.2.0 ## explicit; go 1.11 github.com/cespare/xxhash/v2 -# github.com/containerd/containerd v1.7.11 -## explicit; go 1.19 +# github.com/containerd/containerd v1.6.19 +## explicit; go 1.17 github.com/containerd/containerd/archive/compression github.com/containerd/containerd/content -github.com/containerd/containerd/content/local github.com/containerd/containerd/errdefs github.com/containerd/containerd/filters github.com/containerd/containerd/images github.com/containerd/containerd/labels github.com/containerd/containerd/log -github.com/containerd/containerd/pkg/randutil github.com/containerd/containerd/platforms github.com/containerd/containerd/reference -github.com/containerd/containerd/reference/docker github.com/containerd/containerd/remotes github.com/containerd/containerd/remotes/docker github.com/containerd/containerd/remotes/docker/auth github.com/containerd/containerd/remotes/docker/schema1 github.com/containerd/containerd/remotes/errors -github.com/containerd/containerd/tracing github.com/containerd/containerd/version -# github.com/containerd/log v0.1.0 -## explicit; go 1.20 -github.com/containerd/log # github.com/cpuguy83/go-md2man/v2 v2.0.3 ## explicit; go 1.11 github.com/cpuguy83/go-md2man/v2/md2man @@ -195,7 +182,7 @@ github.com/olekukonko/tablewriter # github.com/opencontainers/go-digest v1.0.0 ## explicit; go 1.13 github.com/opencontainers/go-digest -# github.com/opencontainers/image-spec v1.1.0-rc5 +# github.com/opencontainers/image-spec v1.1.0-rc.6 ## explicit; go 1.18 github.com/opencontainers/image-spec/specs-go github.com/opencontainers/image-spec/specs-go/v1 @@ -330,6 +317,7 @@ go.uber.org/automaxprocs/maxprocs # golang.org/x/net v0.19.0 ## explicit; go 1.18 golang.org/x/net/bpf +golang.org/x/net/context/ctxhttp golang.org/x/net/http/httpguts golang.org/x/net/http2 golang.org/x/net/http2/h2c @@ -468,8 +456,8 @@ gopkg.in/yaml.v2 # gopkg.in/yaml.v3 v3.0.1 ## explicit gopkg.in/yaml.v3 -# oras.land/oras-go/v2 v2.3.1 -## explicit; go 1.20 +# oras.land/oras-go/v2 v2.2.0 +## explicit; go 1.19 oras.land/oras-go/v2 oras.land/oras-go/v2/content oras.land/oras-go/v2/content/oci @@ -483,7 +471,6 @@ oras.land/oras-go/v2/internal/fs/tarfs oras.land/oras-go/v2/internal/graph oras.land/oras-go/v2/internal/interfaces oras.land/oras-go/v2/internal/ioutil -oras.land/oras-go/v2/internal/manifestutil oras.land/oras-go/v2/internal/platform oras.land/oras-go/v2/internal/registryutil oras.land/oras-go/v2/internal/resolver diff --git a/vendor/oras.land/oras-go/v2/README.md b/vendor/oras.land/oras-go/v2/README.md index 70662555da..50bb30642f 100644 --- a/vendor/oras.land/oras-go/v2/README.md +++ b/vendor/oras.land/oras-go/v2/README.md @@ -19,9 +19,6 @@ The ORAS Go library follows [Semantic Versioning](https://semver.org/), where br The version `2` is actively developed in the [`main`](https://github.com/oras-project/oras-go/tree/main) branch with all new features. -> [!Note] -> The `main` branch follows [Go's Security Policy](https://github.com/golang/go/security/policy) and supports the two latest versions of Go (currently `1.20` and `1.21`). - Examples for common use cases can be found below: - [Copy examples](https://pkg.go.dev/oras.land/oras-go/v2#pkg-examples) diff --git a/vendor/oras.land/oras-go/v2/SECURITY.md b/vendor/oras.land/oras-go/v2/SECURITY.md deleted file mode 100644 index ffefe3417f..0000000000 --- a/vendor/oras.land/oras-go/v2/SECURITY.md +++ /dev/null @@ -1,3 +0,0 @@ -# Security Policy - -Please follow the [security policy](https://oras.land/docs/community/reporting_security_concerns) to report a security vulnerability or concern. diff --git a/vendor/oras.land/oras-go/v2/content/graph.go b/vendor/oras.land/oras-go/v2/content/graph.go index 9ae837285e..fa2f9efe78 100644 --- a/vendor/oras.land/oras-go/v2/content/graph.go +++ b/vendor/oras.land/oras-go/v2/content/graph.go @@ -75,33 +75,18 @@ func Successors(ctx context.Context, fetcher Fetcher, node ocispec.Descriptor) ( } nodes = append(nodes, manifest.Config) return append(nodes, manifest.Layers...), nil - case docker.MediaTypeManifestList: + case docker.MediaTypeManifestList, ocispec.MediaTypeImageIndex: content, err := FetchAll(ctx, fetcher, node) if err != nil { return nil, err } - // OCI manifest index schema can be used to marshal docker manifest list + // docker manifest list and oci index are equivalent for successors. var index ocispec.Index if err := json.Unmarshal(content, &index); err != nil { return nil, err } return index.Manifests, nil - case ocispec.MediaTypeImageIndex: - content, err := FetchAll(ctx, fetcher, node) - if err != nil { - return nil, err - } - - var index ocispec.Index - if err := json.Unmarshal(content, &index); err != nil { - return nil, err - } - var nodes []ocispec.Descriptor - if index.Subject != nil { - nodes = append(nodes, *index.Subject) - } - return append(nodes, index.Manifests...), nil case spec.MediaTypeArtifactManifest: content, err := FetchAll(ctx, fetcher, node) if err != nil { diff --git a/vendor/oras.land/oras-go/v2/content/oci/oci.go b/vendor/oras.land/oras-go/v2/content/oci/oci.go index 27afde16e1..a473e5c1e4 100644 --- a/vendor/oras.land/oras-go/v2/content/oci/oci.go +++ b/vendor/oras.land/oras-go/v2/content/oci/oci.go @@ -14,7 +14,7 @@ limitations under the License. */ // Package oci provides access to an OCI content store. -// Reference: https://github.com/opencontainers/image-spec/blob/v1.1.0-rc4/image-layout.md +// Reference: https://github.com/opencontainers/image-spec/blob/v1.1.0-rc2/image-layout.md package oci import ( @@ -38,9 +38,14 @@ import ( "oras.land/oras-go/v2/internal/resolver" ) +// ociImageIndexFile is the file name of the index +// from the OCI Image Layout Specification. +// Reference: https://github.com/opencontainers/image-spec/blob/v1.1.0-rc2/image-layout.md#indexjson-file +const ociImageIndexFile = "index.json" + // Store implements `oras.Target`, and represents a content store // based on file system with the OCI-Image layout. -// Reference: https://github.com/opencontainers/image-spec/blob/v1.1.0-rc4/image-layout.md +// Reference: https://github.com/opencontainers/image-spec/blob/v1.1.0-rc2/image-layout.md type Store struct { // AutoSaveIndex controls if the OCI store will automatically save the index // file on each Tag() call. @@ -79,20 +84,20 @@ func NewWithContext(ctx context.Context, root string) (*Store, error) { store := &Store{ AutoSaveIndex: true, root: rootAbs, - indexPath: filepath.Join(rootAbs, ocispec.ImageIndexFile), + indexPath: filepath.Join(rootAbs, ociImageIndexFile), storage: storage, tagResolver: resolver.NewMemory(), graph: graph.NewMemory(), } - if err := ensureDir(filepath.Join(rootAbs, ocispec.ImageBlobsDir)); err != nil { + if err := ensureDir(rootAbs); err != nil { return nil, err } if err := store.ensureOCILayoutFile(); err != nil { return nil, fmt.Errorf("invalid OCI Image Layout: %w", err) } if err := store.loadIndexFile(ctx); err != nil { - return nil, fmt.Errorf("invalid OCI Image Index: %w", err) + return nil, fmt.Errorf("invalid OCI Image Layout: %w", err) } return store, nil @@ -125,7 +130,7 @@ func (s *Store) Exists(ctx context.Context, target ocispec.Descriptor) (bool, er // Tag tags a descriptor with a reference string. // reference should be a valid tag (e.g. "latest"). -// Reference: https://github.com/opencontainers/image-spec/blob/v1.1.0-rc4/image-layout.md#indexjson-file +// Reference: https://github.com/opencontainers/image-spec/blob/v1.1.0-rc2/image-layout.md#indexjson-file func (s *Store) Tag(ctx context.Context, desc ocispec.Descriptor, reference string) error { if err := validateReference(reference); err != nil { return err diff --git a/vendor/oras.land/oras-go/v2/content/oci/readonlyoci.go b/vendor/oras.land/oras-go/v2/content/oci/readonlyoci.go index 66ca54c922..b70b767527 100644 --- a/vendor/oras.land/oras-go/v2/content/oci/readonlyoci.go +++ b/vendor/oras.land/oras-go/v2/content/oci/readonlyoci.go @@ -36,7 +36,7 @@ import ( // ReadOnlyStore implements `oras.ReadonlyTarget`, and represents a read-only // content store based on file system with the OCI-Image layout. -// Reference: https://github.com/opencontainers/image-spec/blob/v1.1.0-rc4/image-layout.md +// Reference: https://github.com/opencontainers/image-spec/blob/v1.1.0-rc2/image-layout.md type ReadOnlyStore struct { fsys fs.FS storage content.ReadOnlyStorage @@ -57,7 +57,7 @@ func NewFromFS(ctx context.Context, fsys fs.FS) (*ReadOnlyStore, error) { return nil, fmt.Errorf("invalid OCI Image Layout: %w", err) } if err := store.loadIndexFile(ctx); err != nil { - return nil, fmt.Errorf("invalid OCI Image Index: %w", err) + return nil, fmt.Errorf("invalid OCI Image Layout: %w", err) } return store, nil @@ -154,7 +154,7 @@ func validateOCILayout(layout *ocispec.ImageLayout) error { // loadIndexFile reads index.json from s.fsys. func (s *ReadOnlyStore) loadIndexFile(ctx context.Context) error { - indexFile, err := s.fsys.Open(ocispec.ImageIndexFile) + indexFile, err := s.fsys.Open(ociImageIndexFile) if err != nil { return fmt.Errorf("failed to open index file: %w", err) } diff --git a/vendor/oras.land/oras-go/v2/content/oci/readonlystorage.go b/vendor/oras.land/oras-go/v2/content/oci/readonlystorage.go index 6e319a649b..8a5b39c514 100644 --- a/vendor/oras.land/oras-go/v2/content/oci/readonlystorage.go +++ b/vendor/oras.land/oras-go/v2/content/oci/readonlystorage.go @@ -31,7 +31,7 @@ import ( // ReadOnlyStorage is a read-only CAS based on file system with the OCI-Image // layout. -// Reference: https://github.com/opencontainers/image-spec/blob/v1.1.0-rc4/image-layout.md +// Reference: https://github.com/opencontainers/image-spec/blob/v1.1.0-rc2/image-layout.md type ReadOnlyStorage struct { fsys fs.FS } @@ -95,5 +95,5 @@ func blobPath(dgst digest.Digest) (string, error) { return "", fmt.Errorf("cannot calculate blob path from invalid digest %s: %w: %v", dgst.String(), errdef.ErrInvalidDigest, err) } - return path.Join(ocispec.ImageBlobsDir, dgst.Algorithm().String(), dgst.Encoded()), nil + return path.Join("blobs", dgst.Algorithm().String(), dgst.Encoded()), nil } diff --git a/vendor/oras.land/oras-go/v2/content/oci/storage.go b/vendor/oras.land/oras-go/v2/content/oci/storage.go index 9d4d03b3c5..6b0e90a8c3 100644 --- a/vendor/oras.land/oras-go/v2/content/oci/storage.go +++ b/vendor/oras.land/oras-go/v2/content/oci/storage.go @@ -42,7 +42,7 @@ var bufPool = sync.Pool{ } // Storage is a CAS based on file system with the OCI-Image layout. -// Reference: https://github.com/opencontainers/image-spec/blob/v1.1.0-rc4/image-layout.md +// Reference: https://github.com/opencontainers/image-spec/blob/v1.1.0-rc2/image-layout.md type Storage struct { *ReadOnlyStorage // root is the root directory of the OCI layout. diff --git a/vendor/oras.land/oras-go/v2/content/reader.go b/vendor/oras.land/oras-go/v2/content/reader.go index e575378e31..11d27b236e 100644 --- a/vendor/oras.land/oras-go/v2/content/reader.go +++ b/vendor/oras.land/oras-go/v2/content/reader.go @@ -70,7 +70,7 @@ func (vr *VerifyReader) Read(p []byte) (n int, err error) { return } -// Verify checks for remaining unread content and verifies the read content against the digest +// Verify verifies the read content against the size and the digest. func (vr *VerifyReader) Verify() error { if vr.verified { return nil @@ -120,10 +120,7 @@ func ReadAll(r io.Reader, desc ocispec.Descriptor) ([]byte, error) { buf := make([]byte, desc.Size) vr := NewVerifyReader(r, desc) - if n, err := io.ReadFull(vr, buf); err != nil { - if errors.Is(err, io.ErrUnexpectedEOF) { - return nil, fmt.Errorf("read failed: expected content size of %d, got %d, for digest %s: %w", desc.Size, n, desc.Digest.String(), err) - } + if _, err := io.ReadFull(vr, buf); err != nil { return nil, fmt.Errorf("read failed: %w", err) } if err := vr.Verify(); err != nil { diff --git a/vendor/oras.land/oras-go/v2/content/storage.go b/vendor/oras.land/oras-go/v2/content/storage.go index 47c95d8769..971142cbf9 100644 --- a/vendor/oras.land/oras-go/v2/content/storage.go +++ b/vendor/oras.land/oras-go/v2/content/storage.go @@ -31,7 +31,7 @@ type Fetcher interface { // Pusher pushes content. type Pusher interface { // Push pushes the content, matching the expected descriptor. - // Reader is preferred to Writer so that the suitable buffer size can be + // Reader is perferred to Writer so that the suitable buffer size can be // chosen by the underlying implementation. Furthermore, the implementation // can also do reflection on the Reader for more advanced I/O optimization. Push(ctx context.Context, expected ocispec.Descriptor, content io.Reader) error diff --git a/vendor/oras.land/oras-go/v2/copy.go b/vendor/oras.land/oras-go/v2/copy.go index ca0f5d6f55..e55312dd48 100644 --- a/vendor/oras.land/oras-go/v2/copy.go +++ b/vendor/oras.land/oras-go/v2/copy.go @@ -393,26 +393,18 @@ func prepareCopy(ctx context.Context, dst Target, dstRef string, proxy *cas.Prox onCopySkipped := opts.OnCopySkipped opts.OnCopySkipped = func(ctx context.Context, desc ocispec.Descriptor) error { - if !content.Equal(desc, root) { - if onCopySkipped != nil { - return onCopySkipped(ctx, desc) + if onCopySkipped != nil { + if err := onCopySkipped(ctx, desc); err != nil { + return err } + } + if !content.Equal(desc, root) { return nil } - - // enforce tagging when the skipped node is root + // enforce tagging when root is skipped if refPusher, ok := dst.(registry.ReferencePusher); ok { - // NOTE: refPusher tags the node by copying it with the reference, - // so onCopySkipped shouldn't be invoked in this case return copyCachedNodeWithReference(ctx, proxy, refPusher, desc, dstRef) } - - // invoke onCopySkipped before tagging - if onCopySkipped != nil { - if err := onCopySkipped(ctx, desc); err != nil { - return err - } - } return dst.Tag(ctx, root, dstRef) } diff --git a/vendor/oras.land/oras-go/v2/errdef/errors.go b/vendor/oras.land/oras-go/v2/errdef/errors.go index 7adb44b173..030360edb7 100644 --- a/vendor/oras.land/oras-go/v2/errdef/errors.go +++ b/vendor/oras.land/oras-go/v2/errdef/errors.go @@ -22,7 +22,6 @@ var ( ErrAlreadyExists = errors.New("already exists") ErrInvalidDigest = errors.New("invalid digest") ErrInvalidReference = errors.New("invalid reference") - ErrInvalidMediaType = errors.New("invalid media type") ErrMissingReference = errors.New("missing reference") ErrNotFound = errors.New("not found") ErrSizeExceedsLimit = errors.New("size exceeds limit") diff --git a/vendor/oras.land/oras-go/v2/internal/manifestutil/parser.go b/vendor/oras.land/oras-go/v2/internal/manifestutil/parser.go deleted file mode 100644 index c904dc690e..0000000000 --- a/vendor/oras.land/oras-go/v2/internal/manifestutil/parser.go +++ /dev/null @@ -1,63 +0,0 @@ -/* -Copyright The ORAS Authors. -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - -http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package manifestutil - -import ( - "context" - "encoding/json" - - ocispec "github.com/opencontainers/image-spec/specs-go/v1" - "oras.land/oras-go/v2/content" - "oras.land/oras-go/v2/internal/docker" -) - -// Config returns the config of desc, if present. -func Config(ctx context.Context, fetcher content.Fetcher, desc ocispec.Descriptor) (*ocispec.Descriptor, error) { - switch desc.MediaType { - case docker.MediaTypeManifest, ocispec.MediaTypeImageManifest: - content, err := content.FetchAll(ctx, fetcher, desc) - if err != nil { - return nil, err - } - // OCI manifest schema can be used to marshal docker manifest - var manifest ocispec.Manifest - if err := json.Unmarshal(content, &manifest); err != nil { - return nil, err - } - return &manifest.Config, nil - default: - return nil, nil - } -} - -// Manifest returns the manifests of desc, if present. -func Manifests(ctx context.Context, fetcher content.Fetcher, desc ocispec.Descriptor) ([]ocispec.Descriptor, error) { - switch desc.MediaType { - case docker.MediaTypeManifestList, ocispec.MediaTypeImageIndex: - content, err := content.FetchAll(ctx, fetcher, desc) - if err != nil { - return nil, err - } - // OCI manifest index schema can be used to marshal docker manifest list - var index ocispec.Index - if err := json.Unmarshal(content, &index); err != nil { - return nil, err - } - return index.Manifests, nil - default: - return nil, nil - } -} diff --git a/vendor/oras.land/oras-go/v2/internal/platform/platform.go b/vendor/oras.land/oras-go/v2/internal/platform/platform.go index e903fe3d5a..38d8d47fd9 100644 --- a/vendor/oras.land/oras-go/v2/internal/platform/platform.go +++ b/vendor/oras.land/oras-go/v2/internal/platform/platform.go @@ -25,7 +25,6 @@ import ( "oras.land/oras-go/v2/content" "oras.land/oras-go/v2/errdef" "oras.land/oras-go/v2/internal/docker" - "oras.land/oras-go/v2/internal/manifestutil" ) // Match checks whether the current platform matches the target platform. @@ -36,7 +35,7 @@ import ( // array of the current platform. // // Note: Variant, OSVersion and OSFeatures are optional fields, will skip -// the comparison if the target platform does not provide specific value. +// the comparison if the target platform does not provide specfic value. func Match(got *ocispec.Platform, want *ocispec.Platform) bool { if got.Architecture != want.Architecture || got.OS != want.OS { return false @@ -78,7 +77,7 @@ func isSubset(a, b []string) bool { func SelectManifest(ctx context.Context, src content.ReadOnlyStorage, root ocispec.Descriptor, p *ocispec.Platform) (ocispec.Descriptor, error) { switch root.MediaType { case docker.MediaTypeManifestList, ocispec.MediaTypeImageIndex: - manifests, err := manifestutil.Manifests(ctx, src, root) + manifests, err := content.Successors(ctx, src, root) if err != nil { return ocispec.Descriptor{}, err } @@ -91,8 +90,7 @@ func SelectManifest(ctx context.Context, src content.ReadOnlyStorage, root ocisp } return ocispec.Descriptor{}, fmt.Errorf("%s: %w: no matching manifest was found in the manifest list", root.Digest, errdef.ErrNotFound) case docker.MediaTypeManifest, ocispec.MediaTypeImageManifest: - // config will be non-nil for docker manifest and OCI image manifest - config, err := manifestutil.Config(ctx, src, root) + descs, err := content.Successors(ctx, src, root) if err != nil { return ocispec.Descriptor{}, err } @@ -101,7 +99,8 @@ func SelectManifest(ctx context.Context, src content.ReadOnlyStorage, root ocisp if root.MediaType == ocispec.MediaTypeImageManifest { configMediaType = ocispec.MediaTypeImageConfig } - cfgPlatform, err := getPlatformFromConfig(ctx, src, *config, configMediaType) + + cfgPlatform, err := getPlatformFromConfig(ctx, src, descs[0], configMediaType) if err != nil { return ocispec.Descriptor{}, err } diff --git a/vendor/oras.land/oras-go/v2/internal/spec/artifact.go b/vendor/oras.land/oras-go/v2/internal/spec/artifact.go index 7f801fd9ca..8aa8e79ecc 100644 --- a/vendor/oras.land/oras-go/v2/internal/spec/artifact.go +++ b/vendor/oras.land/oras-go/v2/internal/spec/artifact.go @@ -17,16 +17,8 @@ package spec import ocispec "github.com/opencontainers/image-spec/specs-go/v1" -const ( - // AnnotationArtifactCreated is the annotation key for the date and time on which the artifact was built, conforming to RFC 3339. - AnnotationArtifactCreated = "org.opencontainers.artifact.created" - - // AnnotationArtifactDescription is the annotation key for the human readable description for the artifact. - AnnotationArtifactDescription = "org.opencontainers.artifact.description" - - // AnnotationReferrersFiltersApplied is the annotation key for the comma separated list of filters applied by the registry in the referrers listing. - AnnotationReferrersFiltersApplied = "org.opencontainers.referrers.filtersApplied" -) +// AnnotationReferrersFiltersApplied is the annotation key for the comma separated list of filters applied by the registry in the referrers listing. +const AnnotationReferrersFiltersApplied = "org.opencontainers.referrers.filtersApplied" // MediaTypeArtifactManifest specifies the media type for a content descriptor. const MediaTypeArtifactManifest = "application/vnd.oci.artifact.manifest.v1+json" diff --git a/vendor/oras.land/oras-go/v2/pack.go b/vendor/oras.land/oras-go/v2/pack.go index 08e14e1954..81fc12ca65 100644 --- a/vendor/oras.land/oras-go/v2/pack.go +++ b/vendor/oras.land/oras-go/v2/pack.go @@ -21,7 +21,6 @@ import ( "encoding/json" "errors" "fmt" - "regexp" "time" specs "github.com/opencontainers/image-spec/specs-go" @@ -32,127 +31,38 @@ import ( ) const ( - // MediaTypeUnknownConfig is the default config mediaType used - // - for [Pack] when PackOptions.PackImageManifest is true and - // PackOptions.ConfigDescriptor is not specified. - // - for [PackManifest] when packManifestVersion is PackManifestVersion1_0 - // and PackManifestOptions.ConfigDescriptor is not specified. + // MediaTypeUnknownConfig is the default mediaType used when no + // config media type is specified. MediaTypeUnknownConfig = "application/vnd.unknown.config.v1+json" - - // MediaTypeUnknownArtifact is the default artifactType used for [Pack] - // when PackOptions.PackImageManifest is false and artifactType is - // not specified. + // MediaTypeUnknownArtifact is the default artifactType used when no + // artifact type is specified. MediaTypeUnknownArtifact = "application/vnd.unknown.artifact.v1" ) -var ( - // ErrInvalidDateTimeFormat is returned by [Pack] and [PackManifest] when - // AnnotationArtifactCreated or AnnotationCreated is provided, but its value - // is not in RFC 3339 format. - // Reference: https://www.rfc-editor.org/rfc/rfc3339#section-5.6 - ErrInvalidDateTimeFormat = errors.New("invalid date and time format") - - // ErrMissingArtifactType is returned by [PackManifest] when - // packManifestVersion is PackManifestVersion1_1_RC4 and artifactType is - // empty and the config media type is set to - // "application/vnd.oci.empty.v1+json". - ErrMissingArtifactType = errors.New("missing artifact type") -) - -// PackManifestVersion represents the manifest version used for [PackManifest]. -type PackManifestVersion int - -const ( - // PackManifestVersion1_0 represents the OCI Image Manifest defined in - // image-spec v1.0.2. - // Reference: https://github.com/opencontainers/image-spec/blob/v1.0.2/manifest.md - PackManifestVersion1_0 PackManifestVersion = 1 - - // PackManifestVersion1_1_RC4 represents the OCI Image Manifest defined - // in image-spec v1.1.0-rc4. - // Reference: https://github.com/opencontainers/image-spec/blob/v1.1.0-rc4/manifest.md - PackManifestVersion1_1_RC4 PackManifestVersion = 2 -) - -// PackManifestOptions contains optional parameters for [PackManifest]. -type PackManifestOptions struct { - // Subject is the subject of the manifest. - // This option is only valid when PackManifestVersion is - // NOT PackManifestVersion1_0. - Subject *ocispec.Descriptor - - // Layers is the layers of the manifest. - Layers []ocispec.Descriptor - - // ManifestAnnotations is the annotation map of the manifest. - ManifestAnnotations map[string]string - - // ConfigDescriptor is a pointer to the descriptor of the config blob. - // If not nil, ConfigAnnotations will be ignored. - ConfigDescriptor *ocispec.Descriptor - - // ConfigAnnotations is the annotation map of the config descriptor. - // This option is valid only when ConfigDescriptor is nil. - ConfigAnnotations map[string]string -} - -// mediaTypeRegexp checks the format of media types. -// References: -// - https://github.com/opencontainers/image-spec/blob/v1.1.0-rc4/schema/defs-descriptor.json#L7 -// - https://datatracker.ietf.org/doc/html/rfc6838#section-4.2 -var mediaTypeRegexp = regexp.MustCompile(`^[A-Za-z0-9][A-Za-z0-9!#$&-^_.+]{0,126}/[A-Za-z0-9][A-Za-z0-9!#$&-^_.+]{0,126}$`) +// ErrInvalidDateTimeFormat is returned by Pack() when +// AnnotationArtifactCreated or AnnotationCreated is provided, but its value +// is not in RFC 3339 format. +// Reference: https://www.rfc-editor.org/rfc/rfc3339#section-5.6 +var ErrInvalidDateTimeFormat = errors.New("invalid date and time format") -// PackManifest generates an OCI Image Manifest based on the given parameters -// and pushes the packed manifest to a content storage using pusher. The version -// of the manifest to be packed is determined by packManifestVersion -// (Recommended value: PackManifestVersion1_1_RC4). -// -// - If packManifestVersion is [PackManifestVersion1_1_RC4]: -// artifactType MUST NOT be empty unless opts.ConfigDescriptor is specified. -// - If packManifestVersion is [PackManifestVersion1_0]: -// if opts.ConfigDescriptor is nil, artifactType will be used as the -// config media type; if artifactType is empty, -// "application/vnd.unknown.config.v1+json" will be used. -// if opts.ConfigDescriptor is NOT nil, artifactType will be ignored. -// -// artifactType and opts.ConfigDescriptor.MediaType MUST comply with RFC 6838. -// -// If succeeded, returns a descriptor of the packed manifest. -func PackManifest(ctx context.Context, pusher content.Pusher, packManifestVersion PackManifestVersion, artifactType string, opts PackManifestOptions) (ocispec.Descriptor, error) { - switch packManifestVersion { - case PackManifestVersion1_0: - return packManifestV1_0(ctx, pusher, artifactType, opts) - case PackManifestVersion1_1_RC4: - return packManifestV1_1_RC4(ctx, pusher, artifactType, opts) - default: - return ocispec.Descriptor{}, fmt.Errorf("PackManifestVersion(%v): %w", packManifestVersion, errdef.ErrUnsupported) - } -} - -// PackOptions contains optional parameters for [Pack]. -// -// Deprecated: This type is deprecated and not recommended for future use. -// Use [PackManifestOptions] instead. +// PackOptions contains parameters for [oras.Pack]. type PackOptions struct { // Subject is the subject of the manifest. Subject *ocispec.Descriptor - // ManifestAnnotations is the annotation map of the manifest. ManifestAnnotations map[string]string - // PackImageManifest controls whether to pack an OCI Image Manifest or not. - // - If true, pack an OCI Image Manifest. - // - If false, pack an OCI Artifact Manifest (deprecated). - // - // Default value: false. + // PackImageManifest controls whether to pack an image manifest or not. + // - If true, pack an image manifest; artifactType will be used as the + // the config descriptor mediaType of the image manifest. + // - If false, pack an artifact manifest. + // Default: false. PackImageManifest bool - // ConfigDescriptor is a pointer to the descriptor of the config blob. // If not nil, artifactType will be implied by the mediaType of the // specified ConfigDescriptor, and ConfigAnnotations will be ignored. // This option is valid only when PackImageManifest is true. ConfigDescriptor *ocispec.Descriptor - // ConfigAnnotations is the annotation map of the config descriptor. // This option is valid only when PackImageManifest is true // and ConfigDescriptor is nil. @@ -164,26 +74,23 @@ type PackOptions struct { // // When opts.PackImageManifest is true, artifactType will be used as the // the config descriptor mediaType of the image manifest. -// // If succeeded, returns a descriptor of the manifest. -// -// Deprecated: This method is deprecated and not recommended for future use. -// Use [PackManifest] instead. func Pack(ctx context.Context, pusher content.Pusher, artifactType string, blobs []ocispec.Descriptor, opts PackOptions) (ocispec.Descriptor, error) { if opts.PackImageManifest { - return packManifestV1_1_RC2(ctx, pusher, artifactType, blobs, opts) + return packImage(ctx, pusher, artifactType, blobs, opts) } return packArtifact(ctx, pusher, artifactType, blobs, opts) } -// packArtifact packs an Artifact manifest as defined in image-spec v1.1.0-rc2. -// Reference: https://github.com/opencontainers/image-spec/blob/v1.1.0-rc2/artifact.md +// packArtifact packs the given blobs, generates an artifact manifest for the +// pack, and pushes it to a content storage. +// If succeeded, returns a descriptor of the manifest. func packArtifact(ctx context.Context, pusher content.Pusher, artifactType string, blobs []ocispec.Descriptor, opts PackOptions) (ocispec.Descriptor, error) { if artifactType == "" { artifactType = MediaTypeUnknownArtifact } - annotations, err := ensureAnnotationCreated(opts.ManifestAnnotations, spec.AnnotationArtifactCreated) + annotations, err := ensureAnnotationCreated(opts.ManifestAnnotations, ocispec.AnnotationArtifactCreated) if err != nil { return ocispec.Descriptor{}, err } @@ -194,72 +101,46 @@ func packArtifact(ctx context.Context, pusher content.Pusher, artifactType strin Subject: opts.Subject, Annotations: annotations, } - return pushManifest(ctx, pusher, manifest, manifest.MediaType, manifest.ArtifactType, manifest.Annotations) -} - -// packManifestV1_0 packs an image manifest defined in image-spec v1.0.2. -// Reference: https://github.com/opencontainers/image-spec/blob/v1.0.2/manifest.md -func packManifestV1_0(ctx context.Context, pusher content.Pusher, artifactType string, opts PackManifestOptions) (ocispec.Descriptor, error) { - if opts.Subject != nil { - return ocispec.Descriptor{}, fmt.Errorf("subject is not supported for manifest version %v: %w", PackManifestVersion1_0, errdef.ErrUnsupported) + manifestJSON, err := json.Marshal(manifest) + if err != nil { + return ocispec.Descriptor{}, fmt.Errorf("failed to marshal manifest: %w", err) } + manifestDesc := content.NewDescriptorFromBytes(spec.MediaTypeArtifactManifest, manifestJSON) + // populate ArtifactType and Annotations of the manifest into manifestDesc + manifestDesc.ArtifactType = manifest.ArtifactType + manifestDesc.Annotations = manifest.Annotations - // prepare config - var configDesc ocispec.Descriptor - if opts.ConfigDescriptor != nil { - if err := validateMediaType(opts.ConfigDescriptor.MediaType); err != nil { - return ocispec.Descriptor{}, fmt.Errorf("invalid config mediaType format: %w", err) - } - configDesc = *opts.ConfigDescriptor - } else { - if artifactType == "" { - artifactType = MediaTypeUnknownConfig - } else if err := validateMediaType(artifactType); err != nil { - return ocispec.Descriptor{}, fmt.Errorf("invalid artifactType format: %w", err) - } - var err error - configDesc, err = pushCustomEmptyConfig(ctx, pusher, artifactType, opts.ConfigAnnotations) - if err != nil { - return ocispec.Descriptor{}, err - } + // push manifest + if err := pusher.Push(ctx, manifestDesc, bytes.NewReader(manifestJSON)); err != nil && !errors.Is(err, errdef.ErrAlreadyExists) { + return ocispec.Descriptor{}, fmt.Errorf("failed to push manifest: %w", err) } - annotations, err := ensureAnnotationCreated(opts.ManifestAnnotations, ocispec.AnnotationCreated) - if err != nil { - return ocispec.Descriptor{}, err - } - if opts.Layers == nil { - opts.Layers = []ocispec.Descriptor{} // make it an empty array to prevent potential server-side bugs - } - manifest := ocispec.Manifest{ - Versioned: specs.Versioned{ - SchemaVersion: 2, // historical value. does not pertain to OCI or docker version - }, - Config: configDesc, - MediaType: ocispec.MediaTypeImageManifest, - Layers: opts.Layers, - Annotations: annotations, - } - return pushManifest(ctx, pusher, manifest, manifest.MediaType, manifest.Config.MediaType, manifest.Annotations) + return manifestDesc, nil } -// packManifestV1_1_RC2 packs an image manifest as defined in image-spec -// v1.1.0-rc2. -// Reference: https://github.com/opencontainers/image-spec/blob/v1.1.0-rc2/manifest.md -func packManifestV1_1_RC2(ctx context.Context, pusher content.Pusher, configMediaType string, layers []ocispec.Descriptor, opts PackOptions) (ocispec.Descriptor, error) { +// packImage packs the given blobs, generates an image manifest for the pack, +// and pushes it to a content storage. artifactType will be used as the config +// descriptor mediaType of the image manifest. +// If succeeded, returns a descriptor of the manifest. +func packImage(ctx context.Context, pusher content.Pusher, configMediaType string, layers []ocispec.Descriptor, opts PackOptions) (ocispec.Descriptor, error) { if configMediaType == "" { configMediaType = MediaTypeUnknownConfig } - // prepare config var configDesc ocispec.Descriptor if opts.ConfigDescriptor != nil { configDesc = *opts.ConfigDescriptor } else { - var err error - configDesc, err = pushCustomEmptyConfig(ctx, pusher, configMediaType, opts.ConfigAnnotations) - if err != nil { - return ocispec.Descriptor{}, err + // Use an empty JSON object here, because some registries may not accept + // empty config blob. + // As of September 2022, GAR is known to return 400 on empty blob upload. + // See https://github.com/oras-project/oras-go/issues/294 for details. + configBytes := []byte("{}") + configDesc = content.NewDescriptorFromBytes(configMediaType, configBytes) + configDesc.Annotations = opts.ConfigAnnotations + // push config + if err := pusher.Push(ctx, configDesc, bytes.NewReader(configBytes)); err != nil && !errors.Is(err, errdef.ErrAlreadyExists) { + return ocispec.Descriptor{}, fmt.Errorf("failed to push config: %w", err) } } @@ -280,122 +161,21 @@ func packManifestV1_1_RC2(ctx context.Context, pusher content.Pusher, configMedi Subject: opts.Subject, Annotations: annotations, } - return pushManifest(ctx, pusher, manifest, manifest.MediaType, manifest.Config.MediaType, manifest.Annotations) -} - -// packManifestV1_1_RC4 packs an image manifest defined in image-spec v1.1.0-rc4. -// Reference: https://github.com/opencontainers/image-spec/blob/v1.1.0-rc4/manifest.md#guidelines-for-artifact-usage -func packManifestV1_1_RC4(ctx context.Context, pusher content.Pusher, artifactType string, opts PackManifestOptions) (ocispec.Descriptor, error) { - if artifactType == "" && (opts.ConfigDescriptor == nil || opts.ConfigDescriptor.MediaType == ocispec.MediaTypeEmptyJSON) { - // artifactType MUST be set when config.mediaType is set to the empty value - return ocispec.Descriptor{}, ErrMissingArtifactType - } - if artifactType != "" { - if err := validateMediaType(artifactType); err != nil { - return ocispec.Descriptor{}, fmt.Errorf("invalid artifactType format: %w", err) - } - } - - // prepare config - var emptyBlobExists bool - var configDesc ocispec.Descriptor - if opts.ConfigDescriptor != nil { - if err := validateMediaType(opts.ConfigDescriptor.MediaType); err != nil { - return ocispec.Descriptor{}, fmt.Errorf("invalid config mediaType format: %w", err) - } - configDesc = *opts.ConfigDescriptor - } else { - // use the empty descriptor for config - configDesc = ocispec.DescriptorEmptyJSON - configDesc.Annotations = opts.ConfigAnnotations - configBytes := ocispec.DescriptorEmptyJSON.Data - // push config - if err := pushIfNotExist(ctx, pusher, configDesc, configBytes); err != nil { - return ocispec.Descriptor{}, fmt.Errorf("failed to push config: %w", err) - } - emptyBlobExists = true - } - - annotations, err := ensureAnnotationCreated(opts.ManifestAnnotations, ocispec.AnnotationCreated) - if err != nil { - return ocispec.Descriptor{}, err - } - if len(opts.Layers) == 0 { - // use the empty descriptor as the single layer - layerDesc := ocispec.DescriptorEmptyJSON - layerData := ocispec.DescriptorEmptyJSON.Data - if !emptyBlobExists { - if err := pushIfNotExist(ctx, pusher, layerDesc, layerData); err != nil { - return ocispec.Descriptor{}, fmt.Errorf("failed to push layer: %w", err) - } - } - opts.Layers = []ocispec.Descriptor{layerDesc} - } - - manifest := ocispec.Manifest{ - Versioned: specs.Versioned{ - SchemaVersion: 2, // historical value. does not pertain to OCI or docker version - }, - Config: configDesc, - MediaType: ocispec.MediaTypeImageManifest, - Layers: opts.Layers, - Subject: opts.Subject, - ArtifactType: artifactType, - Annotations: annotations, - } - return pushManifest(ctx, pusher, manifest, manifest.MediaType, manifest.ArtifactType, manifest.Annotations) -} - -// pushIfNotExist pushes data described by desc if it does not exist in the -// target. -func pushIfNotExist(ctx context.Context, pusher content.Pusher, desc ocispec.Descriptor, data []byte) error { - if ros, ok := pusher.(content.ReadOnlyStorage); ok { - exists, err := ros.Exists(ctx, desc) - if err != nil { - return fmt.Errorf("failed to check existence: %s: %s: %w", desc.Digest.String(), desc.MediaType, err) - } - if exists { - return nil - } - } - - if err := pusher.Push(ctx, desc, bytes.NewReader(data)); err != nil && !errors.Is(err, errdef.ErrAlreadyExists) { - return fmt.Errorf("failed to push: %s: %s: %w", desc.Digest.String(), desc.MediaType, err) - } - return nil -} - -// pushManifest marshals manifest into JSON bytes and pushes it. -func pushManifest(ctx context.Context, pusher content.Pusher, manifest any, mediaType string, artifactType string, annotations map[string]string) (ocispec.Descriptor, error) { manifestJSON, err := json.Marshal(manifest) if err != nil { return ocispec.Descriptor{}, fmt.Errorf("failed to marshal manifest: %w", err) } - manifestDesc := content.NewDescriptorFromBytes(mediaType, manifestJSON) + manifestDesc := content.NewDescriptorFromBytes(ocispec.MediaTypeImageManifest, manifestJSON) // populate ArtifactType and Annotations of the manifest into manifestDesc - manifestDesc.ArtifactType = artifactType - manifestDesc.Annotations = annotations + manifestDesc.ArtifactType = manifest.Config.MediaType + manifestDesc.Annotations = manifest.Annotations + // push manifest if err := pusher.Push(ctx, manifestDesc, bytes.NewReader(manifestJSON)); err != nil && !errors.Is(err, errdef.ErrAlreadyExists) { return ocispec.Descriptor{}, fmt.Errorf("failed to push manifest: %w", err) } - return manifestDesc, nil -} -// pushCustomEmptyConfig generates and pushes an empty config blob. -func pushCustomEmptyConfig(ctx context.Context, pusher content.Pusher, mediaType string, annotations map[string]string) (ocispec.Descriptor, error) { - // Use an empty JSON object here, because some registries may not accept - // empty config blob. - // As of September 2022, GAR is known to return 400 on empty blob upload. - // See https://github.com/oras-project/oras-go/issues/294 for details. - configBytes := []byte("{}") - configDesc := content.NewDescriptorFromBytes(mediaType, configBytes) - configDesc.Annotations = annotations - // push config - if err := pushIfNotExist(ctx, pusher, configDesc, configBytes); err != nil { - return ocispec.Descriptor{}, fmt.Errorf("failed to push config: %w", err) - } - return configDesc, nil + return manifestDesc, nil } // ensureAnnotationCreated ensures that annotationCreatedKey is in annotations, @@ -421,11 +201,3 @@ func ensureAnnotationCreated(annotations map[string]string, annotationCreatedKey copied[annotationCreatedKey] = now.Format(time.RFC3339) return copied, nil } - -// validateMediaType validates the format of mediaType. -func validateMediaType(mediaType string) error { - if !mediaTypeRegexp.MatchString(mediaType) { - return fmt.Errorf("%s: %w", mediaType, errdef.ErrInvalidMediaType) - } - return nil -} diff --git a/vendor/oras.land/oras-go/v2/registry/reference.go b/vendor/oras.land/oras-go/v2/registry/reference.go index 7661a162bd..cea579a141 100644 --- a/vendor/oras.land/oras-go/v2/registry/reference.go +++ b/vendor/oras.land/oras-go/v2/registry/reference.go @@ -31,16 +31,14 @@ var ( // repository name set under OCI distribution spec is a subset of the docker // spec. For maximum compatability, the docker spec is verified client-side. // Further checks are left to the server-side. - // // References: - // - https://github.com/distribution/distribution/blob/v2.7.1/reference/regexp.go#L53 - // - https://github.com/opencontainers/distribution-spec/blob/v1.1.0-rc3/spec.md#pulling-manifests + // - https://github.com/distribution/distribution/blob/v2.7.1/reference/regexp.go#L53 + // - https://github.com/opencontainers/distribution-spec/blob/v1.1.0-rc1/spec.md#pulling-manifests repositoryRegexp = regexp.MustCompile(`^[a-z0-9]+(?:(?:[._]|__|[-]*)[a-z0-9]+)*(?:/[a-z0-9]+(?:(?:[._]|__|[-]*)[a-z0-9]+)*)*$`) // tagRegexp checks the tag name. // The docker and OCI spec have the same regular expression. - // - // Reference: https://github.com/opencontainers/distribution-spec/blob/v1.1.0-rc3/spec.md#pulling-manifests + // Reference: https://github.com/opencontainers/distribution-spec/blob/v1.1.0-rc1/spec.md#pulling-manifests tagRegexp = regexp.MustCompile(`^[\w][\w.-]{0,127}$`) ) diff --git a/vendor/oras.land/oras-go/v2/registry/remote/errcode/errors.go b/vendor/oras.land/oras-go/v2/registry/remote/errcode/errors.go index fb192aa8a3..cf0018a018 100644 --- a/vendor/oras.land/oras-go/v2/registry/remote/errcode/errors.go +++ b/vendor/oras.land/oras-go/v2/registry/remote/errcode/errors.go @@ -24,7 +24,7 @@ import ( ) // References: -// - https://github.com/opencontainers/distribution-spec/blob/v1.1.0-rc3/spec.md#error-codes +// - https://github.com/opencontainers/distribution-spec/blob/v1.1.0-rc1/spec.md#error-codes // - https://docs.docker.com/registry/spec/api/#errors-2 const ( ErrorCodeBlobUnknown = "BLOB_UNKNOWN" @@ -45,7 +45,7 @@ const ( // Error represents a response inner error returned by the remote // registry. // References: -// - https://github.com/opencontainers/distribution-spec/blob/v1.1.0-rc3/spec.md#error-codes +// - https://github.com/opencontainers/distribution-spec/blob/v1.1.0-rc1/spec.md#error-codes // - https://docs.docker.com/registry/spec/api/#errors-2 type Error struct { Code string `json:"code"` @@ -73,7 +73,7 @@ func (e Error) Error() string { // Errors represents a list of response inner errors returned by the remote // server. // References: -// - https://github.com/opencontainers/distribution-spec/blob/v1.1.0-rc3/spec.md#error-codes +// - https://github.com/opencontainers/distribution-spec/blob/v1.1.0-rc1/spec.md#error-codes // - https://docs.docker.com/registry/spec/api/#errors-2 type Errors []Error diff --git a/vendor/oras.land/oras-go/v2/registry/repository.go b/vendor/oras.land/oras-go/v2/registry/repository.go index b75b7b8ea4..2dd7ff994b 100644 --- a/vendor/oras.land/oras-go/v2/registry/repository.go +++ b/vendor/oras.land/oras-go/v2/registry/repository.go @@ -82,7 +82,7 @@ type ReferenceFetcher interface { } // ReferrerLister provides the Referrers API. -// Reference: https://github.com/opencontainers/distribution-spec/blob/v1.1.0-rc3/spec.md#listing-referrers +// Reference: https://github.com/opencontainers/distribution-spec/blob/v1.1.0-rc1/spec.md#listing-referrers type ReferrerLister interface { Referrers(ctx context.Context, desc ocispec.Descriptor, artifactType string, fn func(referrers []ocispec.Descriptor) error) error } @@ -93,19 +93,16 @@ type TagLister interface { // Since the returned tag list may be paginated by the underlying // implementation, a function should be passed in to process the paginated // tag list. - // // `last` argument is the `last` parameter when invoking the tags API. // If `last` is NOT empty, the entries in the response start after the // tag specified by `last`. Otherwise, the response starts from the top // of the Tags list. - // // Note: When implemented by a remote registry, the tags API is called. // However, not all registries supports pagination or conforms the // specification. - // // References: - // - https://github.com/opencontainers/distribution-spec/blob/v1.1.0-rc3/spec.md#content-discovery - // - https://docs.docker.com/registry/spec/api/#tags + // - https://github.com/opencontainers/distribution-spec/blob/v1.1.0-rc1/spec.md#content-discovery + // - https://docs.docker.com/registry/spec/api/#tags // See also `Tags()` in this package. Tags(ctx context.Context, last string, fn func(tags []string) error) error }