Merge pull request #37358 from kolyshkin/go111

Bump golang to 1.11.0

Dockerfile

@@ -24,10 +24,7 @@
 # the case. Therefore, you don't have to disable it anymore.
 #
 
-FROM golang:1.10.4 AS base
-# FIXME(vdemeester) this is kept for other script depending on it to not fail right away
-# Remove this once the other scripts uses something else to detect the version
-ENV GO_VERSION 1.10.4
+FROM golang:1.11.0 AS base
 # allow replacing httpredir or deb mirror
 ARG APT_MIRROR=deb.debian.org
 RUN sed -ri "s/(httpredir|deb).debian.org/$APT_MIRROR/g" /etc/apt/sources.list

Dockerfile.e2e

@@ -1,5 +1,5 @@
 ## Step 1: Build tests
-FROM golang:1.10.4-alpine3.7 as builder
+FROM golang:1.11.0-alpine3.7 as builder
 
 RUN apk add --update \
     bash \

Dockerfile.simple

@@ -5,7 +5,7 @@
 
 # This represents the bare minimum required to build and test Docker.
 
-FROM debian:stretch
+FROM golang:1.11.0-stretch
 
 # allow replacing httpredir or deb mirror
 ARG APT_MIRROR=deb.debian.org
@@ -37,18 +37,6 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
 		vim-common \
 	&& rm -rf /var/lib/apt/lists/*
 
-# Install Go
-# IMPORTANT: If the version of Go is updated, the Windows to Linux CI machines
-#            will need updating, to avoid errors. Ping #docker-maintainers on IRC
-#            with a heads-up.
-# IMPORTANT: When updating this please note that stdlib archive/tar pkg is vendored
-ENV GO_VERSION 1.10.4
-RUN curl -fsSL "https://golang.org/dl/go${GO_VERSION}.linux-amd64.tar.gz" \
-	| tar -xzC /usr/local
-ENV PATH /go/bin:/usr/local/go/bin:$PATH
-ENV GOPATH /go
-ENV CGO_LDFLAGS -L/lib
-
 # Install runc, containerd, tini and docker-proxy
 # Please edit hack/dockerfile/install/<name>.installer to update them.
 COPY hack/dockerfile/install hack/dockerfile/install

Dockerfile.windows

@@ -161,7 +161,7 @@ SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPref
 # Environment variable notes:
 #  - GO_VERSION must be consistent with 'Dockerfile' used by Linux.
 #  - FROM_DOCKERFILE is used for detection of building within a container.
-ENV GO_VERSION=1.10.4 `
+ENV GO_VERSION=1.11 `
     GIT_VERSION=2.11.1 `
     GOPATH=C:\go `
     FROM_DOCKERFILE=1

api/types/strslice/strslice_test.go

@@ -29,8 +29,8 @@ func TestStrSliceMarshalJSON(t *testing.T) {
 
 func TestStrSliceUnmarshalJSON(t *testing.T) {
 	parts := map[string][]string{
-		"":   {"default", "values"},
-		"[]": {},
+		"":                        {"default", "values"},
+		"[]":                      {},
 		`["/bin/sh","-c","echo"]`: {"/bin/sh", "-c", "echo"},
 	}
 	for json, expectedParts := range parts {

daemon/daemon.go

@@ -788,7 +788,7 @@ func NewDaemon(ctx context.Context, config *config.Config, pluginStore *plugin.S
 
 	for operatingSystem, gd := range d.graphDrivers {
 		layerStores[operatingSystem], err = layer.NewStoreFromOptions(layer.StoreOptions{
-			Root: config.Root,
+			Root:                      config.Root,
 			MetadataStorePathTemplate: filepath.Join(config.Root, "image", "%s", "layerdb"),
 			GraphDriver:               gd,
 			GraphDriverOptions:        config.GraphOptions,

daemon/logger/gelf/gelf_test.go

@@ -156,7 +156,7 @@ func TestNewGELFTCPWriter(t *testing.T) {
 			"gelf-address":             url,
 			"gelf-tcp-max-reconnect":   "0",
 			"gelf-tcp-reconnect-delay": "0",
-			"tag": "{{.ID}}",
+			"tag":                      "{{.ID}}",
 		},
 		ContainerID: "12345678901234567890",
 	}

daemon/logger/splunk/splunk_test.go

@@ -30,10 +30,10 @@ func TestValidateLogOpt(t *testing.T) {
 		splunkVerifyConnectionKey:     "true",
 		splunkGzipCompressionKey:      "true",
 		splunkGzipCompressionLevelKey: "1",
-		envKey:      "a",
-		envRegexKey: "^foo",
-		labelsKey:   "b",
-		tagKey:      "c",
+		envKey:                        "a",
+		envRegexKey:                   "^foo",
+		labelsKey:                     "b",
+		tagKey:                        "c",
 	})
 	if err != nil {
 		t.Fatal(err)
@@ -251,9 +251,9 @@ func TestInlineFormatWithNonDefaultOptions(t *testing.T) {
 			splunkIndexKey:           "myindex",
 			splunkFormatKey:          splunkFormatInline,
 			splunkGzipCompressionKey: "true",
-			tagKey:      "{{.ImageName}}/{{.Name}}",
-			labelsKey:   "a",
-			envRegexKey: "^foo",
+			tagKey:                   "{{.ImageName}}/{{.Name}}",
+			labelsKey:                "a",
+			envRegexKey:              "^foo",
 		},
 		ContainerID:        "containeriid",
 		ContainerName:      "/container_name",

hack/dockerfile/install/vndr.installer

@@ -1,6 +1,6 @@
 #!/bin/sh
 
-VNDR_COMMIT=a6e196d8b4b0cbbdc29aebdb20c59ac6926bb384
+VNDR_COMMIT=81cb8916aad3c8d06193f008dba3e16f82851f52
 
 install_vndr() {
 	echo "Install vndr version $VNDR_COMMIT"

hack/make.ps1

@@ -130,7 +130,7 @@ Function Check-InContainer() {
 # outside of a container where it may be out of date with master.
 Function Verify-GoVersion() {
     Try {
-        $goVersionDockerfile=(Select-String -Path ".\Dockerfile" -Pattern "^FROM golang:").ToString().Split(" ")[1].SubString(7)
+        $goVersionDockerfile=(Select-String -Path ".\Dockerfile" -Pattern "^FROM golang:").ToString().Split(" ")[1].SubString(7) -replace '\.0$',''
         $goVersionInstalled=(go version).ToString().Split(" ")[2].SubString(2)
     }
     Catch [Exception] {

hack/validate/vendor

@@ -9,11 +9,7 @@ validate_vendor_diff(){
 	unset IFS
 
 	if [ ${#files[@]} -gt 0 ]; then
-		# Remove vendor/ first so  that anything not included in vendor.conf will
-		# cause the validation to fail. archive/tar is a special case, see vendor.conf
-		# for details.
-		ls -d vendor/* | grep -v vendor/archive | xargs rm -rf
-		# run vndr to recreate vendor/
+		# recreate vendor/
 		vndr
 		# check if any files have changed
 		diffs="$(git status --porcelain -- vendor 2>/dev/null)"

integration-cli/docker_cli_build_test.go

@@ -656,7 +656,7 @@ func (s *DockerSuite) TestBuildCopyWildcard(c *check.C) {
 			"file2.txt":                     "test2",
 			"dir/nested_file":               "nested file",
 			"dir/nested_dir/nest_nest_file": "2 times nested",
-			"dirt": "dirty",
+			"dirt":                          "dirty",
 		}))
 	defer ctx.Close()
 

integration/build/build_test.go

@@ -37,8 +37,8 @@ func TestBuildWithRemoveAndForceRemove(t *testing.T) {
 			RUN exit 0
 			RUN exit 0`,
 			numberOfIntermediateContainers: 2,
-			rm:      false,
-			forceRm: false,
+			rm:                             false,
+			forceRm:                        false,
 		},
 		{
 			name: "successful build with remove",
@@ -46,8 +46,8 @@ func TestBuildWithRemoveAndForceRemove(t *testing.T) {
 			RUN exit 0
 			RUN exit 0`,
 			numberOfIntermediateContainers: 0,
-			rm:      true,
-			forceRm: false,
+			rm:                             true,
+			forceRm:                        false,
 		},
 		{
 			name: "successful build with remove and force remove",
@@ -55,8 +55,8 @@ func TestBuildWithRemoveAndForceRemove(t *testing.T) {
 			RUN exit 0
 			RUN exit 0`,
 			numberOfIntermediateContainers: 0,
-			rm:      true,
-			forceRm: true,
+			rm:                             true,
+			forceRm:                        true,
 		},
 		{
 			name: "failed build with no removal",
@@ -64,8 +64,8 @@ func TestBuildWithRemoveAndForceRemove(t *testing.T) {
 			RUN exit 0
 			RUN exit 1`,
 			numberOfIntermediateContainers: 2,
-			rm:      false,
-			forceRm: false,
+			rm:                             false,
+			forceRm:                        false,
 		},
 		{
 			name: "failed build with remove",
@@ -73,8 +73,8 @@ func TestBuildWithRemoveAndForceRemove(t *testing.T) {
 			RUN exit 0
 			RUN exit 1`,
 			numberOfIntermediateContainers: 1,
-			rm:      true,
-			forceRm: false,
+			rm:                             true,
+			forceRm:                        false,
 		},
 		{
 			name: "failed build with remove and force remove",
@@ -82,8 +82,8 @@ func TestBuildWithRemoveAndForceRemove(t *testing.T) {
 			RUN exit 0
 			RUN exit 1`,
 			numberOfIntermediateContainers: 0,
-			rm:      true,
-			forceRm: true,
+			rm:                             true,
+			forceRm:                        true,
 		},
 	}
 

libcontainerd/client_local_windows.go

@@ -168,9 +168,9 @@ func (c *client) Create(_ context.Context, id string, spec *specs.Spec, runtimeO
 func (c *client) createWindows(id string, spec *specs.Spec, runtimeOptions interface{}) error {
 	logger := c.logger.WithField("container", id)
 	configuration := &hcsshim.ContainerConfig{
-		SystemType: "Container",
-		Name:       id,
-		Owner:      defaultOwner,
+		SystemType:              "Container",
+		Name:                    id,
+		Owner:                   defaultOwner,
 		IgnoreFlushesDuringBoot: spec.Windows.IgnoreFlushesDuringBoot,
 		HostName:                spec.Hostname,
 		HvPartition:             false,
@@ -377,11 +377,11 @@ func (c *client) createLinux(id string, spec *specs.Spec, runtimeOptions interfa
 	}
 
 	configuration := &hcsshim.ContainerConfig{
-		HvPartition:   true,
-		Name:          id,
-		SystemType:    "container",
-		ContainerType: "linux",
-		Owner:         defaultOwner,
+		HvPartition:                 true,
+		Name:                        id,
+		SystemType:                  "container",
+		ContainerType:               "linux",
+		Owner:                       defaultOwner,
 		TerminateOnLastHandleClosed: true,
 	}
 

migrate/v1/migratev1_test.go

@@ -40,9 +40,9 @@ func TestMigrateRefs(t *testing.T) {
 	}
 
 	expected := map[string]string{
-		"docker.io/library/busybox:latest":                                                                  "sha256:fcde2b2edba56bf408601fb721fe9b5c338d10ee429ea04fae5511b68fbf8fb9",
+		"docker.io/library/busybox:latest": "sha256:fcde2b2edba56bf408601fb721fe9b5c338d10ee429ea04fae5511b68fbf8fb9",
 		"docker.io/library/busybox@sha256:16a2a52884c2a9481ed267c2d46483eac7693b813a63132368ab098a71303f8a": "sha256:fcde2b2edba56bf408601fb721fe9b5c338d10ee429ea04fae5511b68fbf8fb9",
-		"docker.io/library/registry:2":                                                                      "sha256:2c26b46b68ffc68ff99b453c1d30413413422d706483bfa0f98a5e886266e7ae",
+		"docker.io/library/registry:2": "sha256:2c26b46b68ffc68ff99b453c1d30413413422d706483bfa0f98a5e886266e7ae",
 	}
 
 	if !reflect.DeepEqual(expected, ta.refs) {

opts/hosts_test.go

@@ -69,18 +69,18 @@ func TestParseDockerDaemonHost(t *testing.T) {
 		"[::1]:5555/path":             "tcp://[::1]:5555/path",
 		"[0:0:0:0:0:0:0:1]:":          "tcp://[0:0:0:0:0:0:0:1]:2375",
 		"[0:0:0:0:0:0:0:1]:5555/path": "tcp://[0:0:0:0:0:0:0:1]:5555/path",
-		":6666":                   fmt.Sprintf("tcp://%s:6666", DefaultHTTPHost),
-		":6666/path":              fmt.Sprintf("tcp://%s:6666/path", DefaultHTTPHost),
-		"tcp://":                  DefaultTCPHost,
-		"tcp://:7777":             fmt.Sprintf("tcp://%s:7777", DefaultHTTPHost),
-		"tcp://:7777/path":        fmt.Sprintf("tcp://%s:7777/path", DefaultHTTPHost),
-		"unix:///run/docker.sock": "unix:///run/docker.sock",
-		"unix://":                 "unix://" + DefaultUnixSocket,
-		"fd://":                   "fd://",
-		"fd://something":          "fd://something",
-		"localhost:":              "tcp://localhost:2375",
-		"localhost:5555":          "tcp://localhost:5555",
-		"localhost:5555/path":     "tcp://localhost:5555/path",
+		":6666":                       fmt.Sprintf("tcp://%s:6666", DefaultHTTPHost),
+		":6666/path":                  fmt.Sprintf("tcp://%s:6666/path", DefaultHTTPHost),
+		"tcp://":                      DefaultTCPHost,
+		"tcp://:7777":                 fmt.Sprintf("tcp://%s:7777", DefaultHTTPHost),
+		"tcp://:7777/path":            fmt.Sprintf("tcp://%s:7777/path", DefaultHTTPHost),
+		"unix:///run/docker.sock":     "unix:///run/docker.sock",
+		"unix://":                     "unix://" + DefaultUnixSocket,
+		"fd://":                       "fd://",
+		"fd://something":              "fd://something",
+		"localhost:":                  "tcp://localhost:2375",
+		"localhost:5555":              "tcp://localhost:5555",
+		"localhost:5555/path":         "tcp://localhost:5555/path",
 	}
 	for invalidAddr, expectedError := range invalids {
 		if addr, err := parseDaemonHost(invalidAddr); err == nil || err.Error() != expectedError {

pkg/authorization/api_test.go

@@ -17,7 +17,7 @@ import (
 
 func TestPeerCertificateMarshalJSON(t *testing.T) {
 	template := &x509.Certificate{
-		IsCA: true,
+		IsCA:                  true,
 		BasicConstraintsValid: true,
 		SubjectKeyId:          []byte{1, 2, 3},
 		SerialNumber:          big.NewInt(1234),

pkg/authorization/authz_unix_test.go

@@ -144,7 +144,7 @@ func TestDrainBody(t *testing.T) {
 		length             int // length is the message length send to drainBody
 		expectedBodyLength int // expectedBodyLength is the expected body length after drainBody is called
 	}{
-		{10, 10}, // Small message size
+		{10, 10},                           // Small message size
 		{maxBodySize - 1, maxBodySize - 1}, // Max message size
 		{maxBodySize * 2, 0},               // Large message size (skip copying body)
 

reference/store_test.go

@@ -16,11 +16,11 @@ import (
 
 var (
 	saveLoadTestCases = map[string]digest.Digest{
-		"registry:5000/foobar:HEAD":                                                        "sha256:470022b8af682154f57a2163d030eb369549549cba00edc69e1b99b46bb924d6",
-		"registry:5000/foobar:alternate":                                                   "sha256:ae300ebc4a4f00693702cfb0a5e0b7bc527b353828dc86ad09fb95c8a681b793",
-		"registry:5000/foobar:latest":                                                      "sha256:6153498b9ac00968d71b66cca4eac37e990b5f9eb50c26877eb8799c8847451b",
-		"registry:5000/foobar:master":                                                      "sha256:6c9917af4c4e05001b346421959d7ea81b6dc9d25718466a37a6add865dfd7fc",
-		"jess/hollywood:latest":                                                            "sha256:ae7a5519a0a55a2d4ef20ddcbd5d0ca0888a1f7ab806acc8e2a27baf46f529fe",
+		"registry:5000/foobar:HEAD":      "sha256:470022b8af682154f57a2163d030eb369549549cba00edc69e1b99b46bb924d6",
+		"registry:5000/foobar:alternate": "sha256:ae300ebc4a4f00693702cfb0a5e0b7bc527b353828dc86ad09fb95c8a681b793",
+		"registry:5000/foobar:latest":    "sha256:6153498b9ac00968d71b66cca4eac37e990b5f9eb50c26877eb8799c8847451b",
+		"registry:5000/foobar:master":    "sha256:6c9917af4c4e05001b346421959d7ea81b6dc9d25718466a37a6add865dfd7fc",
+		"jess/hollywood:latest":          "sha256:ae7a5519a0a55a2d4ef20ddcbd5d0ca0888a1f7ab806acc8e2a27baf46f529fe",
 		"registry@sha256:367eb40fd0330a7e464777121e39d2f5b3e8e23a1e159342e53ab05c9e4d94e6": "sha256:24126a56805beb9711be5f4590cc2eb55ab8d4a85ebd618eed72bb19fc50631c",
 		"busybox:latest": "sha256:91e54dfb11794fad694460162bf0cb0a4fa710cfa3f60979c177d920813e267c",
 	}

registry/service_v2.go

@@ -57,7 +57,7 @@ func (s *DefaultService) lookupV2Endpoints(hostname string) (endpoints []APIEndp
 				Scheme: "https",
 				Host:   hostname,
 			},
-			Version: APIVersion2,
+			Version:                        APIVersion2,
 			AllowNondistributableArtifacts: ana,
 			TrimHostname:                   true,
 			TLSConfig:                      tlsConfig,
@@ -70,7 +70,7 @@ func (s *DefaultService) lookupV2Endpoints(hostname string) (endpoints []APIEndp
 				Scheme: "http",
 				Host:   hostname,
 			},
-			Version: APIVersion2,
+			Version:                        APIVersion2,
 			AllowNondistributableArtifacts: ana,
 			TrimHostname:                   true,
 			// used to check if supposed to be secure via InsecureSkipVerify

runconfig/hostconfig_test.go

@@ -22,20 +22,20 @@ func TestNetworkModeTest(t *testing.T) {
 		"something:weird":          {true, false, false, false, false, false},
 		"bridge":                   {true, true, false, false, false, false},
 		DefaultDaemonNetworkMode(): {true, true, false, false, false, false},
-		"host":           {false, false, true, false, false, false},
-		"container:name": {false, false, false, true, false, false},
-		"none":           {true, false, false, false, true, false},
-		"default":        {true, false, false, false, false, true},
+		"host":                     {false, false, true, false, false, false},
+		"container:name":           {false, false, false, true, false, false},
+		"none":                     {true, false, false, false, true, false},
+		"default":                  {true, false, false, false, false, true},
 	}
 	networkModeNames := map[container.NetworkMode]string{
 		"":                         "",
 		"something:weird":          "something:weird",
 		"bridge":                   "bridge",
 		DefaultDaemonNetworkMode(): "bridge",
-		"host":           "host",
-		"container:name": "container",
-		"none":           "none",
-		"default":        "default",
+		"host":                     "host",
+		"container:name":           "container",
+		"none":                     "none",
+		"default":                  "default",
 	}
 	for networkMode, state := range networkModes {
 		if networkMode.IsPrivate() != state[0] {

vendor.conf

@@ -57,7 +57,8 @@ github.com/samuel/go-zookeeper d0e0d8e11f318e000a8cc434616d69e329edc374
 github.com/deckarep/golang-set ef32fa3046d9f249d399f98ebaf9be944430fd1d
 github.com/coreos/etcd v3.2.1
 github.com/coreos/go-semver v0.2.0
-github.com/ugorji/go f1f1a805ed361a0e078bb537e4ea78cd37dcf065
+# fix for go vet (https://github.com/kolyshkin/ugorji-go/commit/1cf431c13dec46596)
+github.com/ugorji/go go111 https://github.com/kolyshkin/ugorji-go
 github.com/hashicorp/consul v0.5.2
 github.com/boltdb/bolt fff57c100f4dea1905678da7e90d92429dff2904
 github.com/miekg/dns v1.0.7
@@ -116,7 +117,7 @@ google.golang.org/genproto 694d95ba50e67b2e363f3483057db5d4910c18f9
 # containerd
 github.com/containerd/containerd v1.2.0-beta.2
 github.com/containerd/fifo 3d5202aec260678c48179c56f40e6f38a095738c
-github.com/containerd/continuity d3c23511c1bf5851696cba83143d9cbcd666869b
+github.com/containerd/continuity c7c5070e6f6e090ab93b0a61eb921f2196fc3383
 github.com/containerd/cgroups 5e610833b72089b37d0e615de9a92dfc043757c2
 github.com/containerd/console c12b1e7919c14469339a5d38f2f8ed9b64a9de23
 github.com/containerd/go-runc edcf3de1f4971445c42d61f20d506b30612aa031
@@ -156,9 +157,3 @@ github.com/Nvveen/Gotty a8b993ba6abdb0e0c12b0125c603323a71c7790c https://github.
 github.com/docker/go-metrics d466d4f6fd960e01820085bd7e1a24426ee7ef18
 
 github.com/opencontainers/selinux b29023b86e4a69d1b46b7e7b4e2b6fda03f0b9cd
-
-
-# archive/tar (for Go 1.10, see https://github.com/golang/go/issues/24787)
-# mkdir -p ./vendor/archive
-# git clone -b go-1.10 --depth=1 git@github.com:kolyshkin/go-tar.git ./vendor/archive/tar
-# vndr # to clean up test files

vendor/archive/tar/LICENSE

@@ -1,27 +0,0 @@
-Copyright (c) 2009 The Go Authors. All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are
-met:
-
-   * Redistributions of source code must retain the above copyright
-notice, this list of conditions and the following disclaimer.
-   * Redistributions in binary form must reproduce the above
-copyright notice, this list of conditions and the following disclaimer
-in the documentation and/or other materials provided with the
-distribution.
-   * Neither the name of Google Inc. nor the names of its
-contributors may be used to endorse or promote products derived from
-this software without specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

vendor/archive/tar/README.md

@@ -1,27 +0,0 @@
-This is a fork of Go 1.10 `archive/tar` package from the official
-[repo](https://github.com/golang/go/tree/release-branch.go1.10/src/archive/tar),
-with a partial [revert](https://github.com/kolyshkin/go-tar/commit/d651d6e45972363e9bb62b8e9d876df440b31628)
-of upstream [commit 0564e304a6ea](https://github.com/golang/go/commit/0564e304a6ea394a42929060c588469dbd6f32af).
-It is suggested as a replacement to the original package included with Go 1.10
-in case you want to build a static Linux/glibc binary that works, and
-can't afford to use `CGO_ENABLED=0`.
-
-## Details
-
-Using Go 1.10 [archive/tar](https://golang.org/pkg/archive/tar/) from a static binary
-compiled with glibc on Linux can result in a panic upon calling
-[`tar.FileInfoHeader()`](https://golang.org/pkg/archive/tar/#FileInfoHeader).
-This is a major regression in Go 1.10, filed as
-[Go issue #24787](https://github.com/golang/go/issues/24787).
-
-The above issue is caused by an unfortunate combination of:
-1. glibc way of dynamic loading of nss libraries even for a static build;
-2. Go `os/user` package hard-coded reliance on libc to resolve user/group IDs to names (unless CGO is disabled).
-
-While glibc can probably not be fixed and is not considered a bug per se,
-the `os/user` issue is documented (see [Go issue #23265](https://github.com/golang/go/issues/23265))
-and already fixed by [Go commit 62f0127d81](https://github.com/golang/go/commit/62f0127d8104d8266d9a3fb5a87e2f09ec8b6f5b).
-The fix is expected to make its way to Go 1.11, and requires `osusergo` build tag
-to be used for a static build.
-
-This repository serves as a temporary workaround until the above fix is available.

vendor/archive/tar/common.go

@@ -1,720 +0,0 @@
-// Copyright 2009 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// Package tar implements access to tar archives.
-//
-// Tape archives (tar) are a file format for storing a sequence of files that
-// can be read and written in a streaming manner.
-// This package aims to cover most variations of the format,
-// including those produced by GNU and BSD tar tools.
-package tar
-
-import (
-	"errors"
-	"fmt"
-	"math"
-	"os"
-	"path"
-	"reflect"
-	"strconv"
-	"strings"
-	"time"
-)
-
-// BUG: Use of the Uid and Gid fields in Header could overflow on 32-bit
-// architectures. If a large value is encountered when decoding, the result
-// stored in Header will be the truncated version.
-
-var (
-	ErrHeader          = errors.New("archive/tar: invalid tar header")
-	ErrWriteTooLong    = errors.New("archive/tar: write too long")
-	ErrFieldTooLong    = errors.New("archive/tar: header field too long")
-	ErrWriteAfterClose = errors.New("archive/tar: write after close")
-	errMissData        = errors.New("archive/tar: sparse file references non-existent data")
-	errUnrefData       = errors.New("archive/tar: sparse file contains unreferenced data")
-	errWriteHole       = errors.New("archive/tar: write non-NUL byte in sparse hole")
-)
-
-type headerError []string
-
-func (he headerError) Error() string {
-	const prefix = "archive/tar: cannot encode header"
-	var ss []string
-	for _, s := range he {
-		if s != "" {
-			ss = append(ss, s)
-		}
-	}
-	if len(ss) == 0 {
-		return prefix
-	}
-	return fmt.Sprintf("%s: %v", prefix, strings.Join(ss, "; and "))
-}
-
-// Type flags for Header.Typeflag.
-const (
-	// Type '0' indicates a regular file.
-	TypeReg  = '0'
-	TypeRegA = '\x00' // For legacy support; use TypeReg instead
-
-	// Type '1' to '6' are header-only flags and may not have a data body.
-	TypeLink    = '1' // Hard link
-	TypeSymlink = '2' // Symbolic link
-	TypeChar    = '3' // Character device node
-	TypeBlock   = '4' // Block device node
-	TypeDir     = '5' // Directory
-	TypeFifo    = '6' // FIFO node
-
-	// Type '7' is reserved.
-	TypeCont = '7'
-
-	// Type 'x' is used by the PAX format to store key-value records that
-	// are only relevant to the next file.
-	// This package transparently handles these types.
-	TypeXHeader = 'x'
-
-	// Type 'g' is used by the PAX format to store key-value records that
-	// are relevant to all subsequent files.
-	// This package only supports parsing and composing such headers,
-	// but does not currently support persisting the global state across files.
-	TypeXGlobalHeader = 'g'
-
-	// Type 'S' indicates a sparse file in the GNU format.
-	TypeGNUSparse = 'S'
-
-	// Types 'L' and 'K' are used by the GNU format for a meta file
-	// used to store the path or link name for the next file.
-	// This package transparently handles these types.
-	TypeGNULongName = 'L'
-	TypeGNULongLink = 'K'
-)
-
-// Keywords for PAX extended header records.
-const (
-	paxNone     = "" // Indicates that no PAX key is suitable
-	paxPath     = "path"
-	paxLinkpath = "linkpath"
-	paxSize     = "size"
-	paxUid      = "uid"
-	paxGid      = "gid"
-	paxUname    = "uname"
-	paxGname    = "gname"
-	paxMtime    = "mtime"
-	paxAtime    = "atime"
-	paxCtime    = "ctime"   // Removed from later revision of PAX spec, but was valid
-	paxCharset  = "charset" // Currently unused
-	paxComment  = "comment" // Currently unused
-
-	paxSchilyXattr = "SCHILY.xattr."
-
-	// Keywords for GNU sparse files in a PAX extended header.
-	paxGNUSparse          = "GNU.sparse."
-	paxGNUSparseNumBlocks = "GNU.sparse.numblocks"
-	paxGNUSparseOffset    = "GNU.sparse.offset"
-	paxGNUSparseNumBytes  = "GNU.sparse.numbytes"
-	paxGNUSparseMap       = "GNU.sparse.map"
-	paxGNUSparseName      = "GNU.sparse.name"
-	paxGNUSparseMajor     = "GNU.sparse.major"
-	paxGNUSparseMinor     = "GNU.sparse.minor"
-	paxGNUSparseSize      = "GNU.sparse.size"
-	paxGNUSparseRealSize  = "GNU.sparse.realsize"
-)
-
-// basicKeys is a set of the PAX keys for which we have built-in support.
-// This does not contain "charset" or "comment", which are both PAX-specific,
-// so adding them as first-class features of Header is unlikely.
-// Users can use the PAXRecords field to set it themselves.
-var basicKeys = map[string]bool{
-	paxPath: true, paxLinkpath: true, paxSize: true, paxUid: true, paxGid: true,
-	paxUname: true, paxGname: true, paxMtime: true, paxAtime: true, paxCtime: true,
-}
-
-// A Header represents a single header in a tar archive.
-// Some fields may not be populated.
-//
-// For forward compatibility, users that retrieve a Header from Reader.Next,
-// mutate it in some ways, and then pass it back to Writer.WriteHeader
-// should do so by creating a new Header and copying the fields
-// that they are interested in preserving.
-type Header struct {
-	Typeflag byte // Type of header entry (should be TypeReg for most files)
-
-	Name     string // Name of file entry
-	Linkname string // Target name of link (valid for TypeLink or TypeSymlink)
-
-	Size  int64  // Logical file size in bytes
-	Mode  int64  // Permission and mode bits
-	Uid   int    // User ID of owner
-	Gid   int    // Group ID of owner
-	Uname string // User name of owner
-	Gname string // Group name of owner
-
-	// If the Format is unspecified, then Writer.WriteHeader rounds ModTime
-	// to the nearest second and ignores the AccessTime and ChangeTime fields.
-	//
-	// To use AccessTime or ChangeTime, specify the Format as PAX or GNU.
-	// To use sub-second resolution, specify the Format as PAX.
-	ModTime    time.Time // Modification time
-	AccessTime time.Time // Access time (requires either PAX or GNU support)
-	ChangeTime time.Time // Change time (requires either PAX or GNU support)
-
-	Devmajor int64 // Major device number (valid for TypeChar or TypeBlock)
-	Devminor int64 // Minor device number (valid for TypeChar or TypeBlock)
-
-	// Xattrs stores extended attributes as PAX records under the
-	// "SCHILY.xattr." namespace.
-	//
-	// The following are semantically equivalent:
-	//  h.Xattrs[key] = value
-	//  h.PAXRecords["SCHILY.xattr."+key] = value
-	//
-	// When Writer.WriteHeader is called, the contents of Xattrs will take
-	// precedence over those in PAXRecords.
-	//
-	// Deprecated: Use PAXRecords instead.
-	Xattrs map[string]string
-
-	// PAXRecords is a map of PAX extended header records.
-	//
-	// User-defined records should have keys of the following form:
-	//	VENDOR.keyword
-	// Where VENDOR is some namespace in all uppercase, and keyword may
-	// not contain the '=' character (e.g., "GOLANG.pkg.version").
-	// The key and value should be non-empty UTF-8 strings.
-	//
-	// When Writer.WriteHeader is called, PAX records derived from the
-	// the other fields in Header take precedence over PAXRecords.
-	PAXRecords map[string]string
-
-	// Format specifies the format of the tar header.
-	//
-	// This is set by Reader.Next as a best-effort guess at the format.
-	// Since the Reader liberally reads some non-compliant files,
-	// it is possible for this to be FormatUnknown.
-	//
-	// If the format is unspecified when Writer.WriteHeader is called,
-	// then it uses the first format (in the order of USTAR, PAX, GNU)
-	// capable of encoding this Header (see Format).
-	Format Format
-}
-
-// sparseEntry represents a Length-sized fragment at Offset in the file.
-type sparseEntry struct{ Offset, Length int64 }
-
-func (s sparseEntry) endOffset() int64 { return s.Offset + s.Length }
-
-// A sparse file can be represented as either a sparseDatas or a sparseHoles.
-// As long as the total size is known, they are equivalent and one can be
-// converted to the other form and back. The various tar formats with sparse
-// file support represent sparse files in the sparseDatas form. That is, they
-// specify the fragments in the file that has data, and treat everything else as
-// having zero bytes. As such, the encoding and decoding logic in this package
-// deals with sparseDatas.
-//
-// However, the external API uses sparseHoles instead of sparseDatas because the
-// zero value of sparseHoles logically represents a normal file (i.e., there are
-// no holes in it). On the other hand, the zero value of sparseDatas implies
-// that the file has no data in it, which is rather odd.
-//
-// As an example, if the underlying raw file contains the 10-byte data:
-//	var compactFile = "abcdefgh"
-//
-// And the sparse map has the following entries:
-//	var spd sparseDatas = []sparseEntry{
-//		{Offset: 2,  Length: 5},  // Data fragment for 2..6
-//		{Offset: 18, Length: 3},  // Data fragment for 18..20
-//	}
-//	var sph sparseHoles = []sparseEntry{
-//		{Offset: 0,  Length: 2},  // Hole fragment for 0..1
-//		{Offset: 7,  Length: 11}, // Hole fragment for 7..17
-//		{Offset: 21, Length: 4},  // Hole fragment for 21..24
-//	}
-//
-// Then the content of the resulting sparse file with a Header.Size of 25 is:
-//	var sparseFile = "\x00"*2 + "abcde" + "\x00"*11 + "fgh" + "\x00"*4
-type (
-	sparseDatas []sparseEntry
-	sparseHoles []sparseEntry
-)
-
-// validateSparseEntries reports whether sp is a valid sparse map.
-// It does not matter whether sp represents data fragments or hole fragments.
-func validateSparseEntries(sp []sparseEntry, size int64) bool {
-	// Validate all sparse entries. These are the same checks as performed by
-	// the BSD tar utility.
-	if size < 0 {
-		return false
-	}
-	var pre sparseEntry
-	for _, cur := range sp {
-		switch {
-		case cur.Offset < 0 || cur.Length < 0:
-			return false // Negative values are never okay
-		case cur.Offset > math.MaxInt64-cur.Length:
-			return false // Integer overflow with large length
-		case cur.endOffset() > size:
-			return false // Region extends beyond the actual size
-		case pre.endOffset() > cur.Offset:
-			return false // Regions cannot overlap and must be in order
-		}
-		pre = cur
-	}
-	return true
-}
-
-// alignSparseEntries mutates src and returns dst where each fragment's
-// starting offset is aligned up to the nearest block edge, and each
-// ending offset is aligned down to the nearest block edge.
-//
-// Even though the Go tar Reader and the BSD tar utility can handle entries
-// with arbitrary offsets and lengths, the GNU tar utility can only handle
-// offsets and lengths that are multiples of blockSize.
-func alignSparseEntries(src []sparseEntry, size int64) []sparseEntry {
-	dst := src[:0]
-	for _, s := range src {
-		pos, end := s.Offset, s.endOffset()
-		pos += blockPadding(+pos) // Round-up to nearest blockSize
-		if end != size {
-			end -= blockPadding(-end) // Round-down to nearest blockSize
-		}
-		if pos < end {
-			dst = append(dst, sparseEntry{Offset: pos, Length: end - pos})
-		}
-	}
-	return dst
-}
-
-// invertSparseEntries converts a sparse map from one form to the other.
-// If the input is sparseHoles, then it will output sparseDatas and vice-versa.
-// The input must have been already validated.
-//
-// This function mutates src and returns a normalized map where:
-//	* adjacent fragments are coalesced together
-//	* only the last fragment may be empty
-//	* the endOffset of the last fragment is the total size
-func invertSparseEntries(src []sparseEntry, size int64) []sparseEntry {
-	dst := src[:0]
-	var pre sparseEntry
-	for _, cur := range src {
-		if cur.Length == 0 {
-			continue // Skip empty fragments
-		}
-		pre.Length = cur.Offset - pre.Offset
-		if pre.Length > 0 {
-			dst = append(dst, pre) // Only add non-empty fragments
-		}
-		pre.Offset = cur.endOffset()
-	}
-	pre.Length = size - pre.Offset // Possibly the only empty fragment
-	return append(dst, pre)
-}
-
-// fileState tracks the number of logical (includes sparse holes) and physical
-// (actual in tar archive) bytes remaining for the current file.
-//
-// Invariant: LogicalRemaining >= PhysicalRemaining
-type fileState interface {
-	LogicalRemaining() int64
-	PhysicalRemaining() int64
-}
-
-// allowedFormats determines which formats can be used.
-// The value returned is the logical OR of multiple possible formats.
-// If the value is FormatUnknown, then the input Header cannot be encoded
-// and an error is returned explaining why.
-//
-// As a by-product of checking the fields, this function returns paxHdrs, which
-// contain all fields that could not be directly encoded.
-// A value receiver ensures that this method does not mutate the source Header.
-func (h Header) allowedFormats() (format Format, paxHdrs map[string]string, err error) {
-	format = FormatUSTAR | FormatPAX | FormatGNU
-	paxHdrs = make(map[string]string)
-
-	var whyNoUSTAR, whyNoPAX, whyNoGNU string
-	var preferPAX bool // Prefer PAX over USTAR
-	verifyString := func(s string, size int, name, paxKey string) {
-		// NUL-terminator is optional for path and linkpath.
-		// Technically, it is required for uname and gname,
-		// but neither GNU nor BSD tar checks for it.
-		tooLong := len(s) > size
-		allowLongGNU := paxKey == paxPath || paxKey == paxLinkpath
-		if hasNUL(s) || (tooLong && !allowLongGNU) {
-			whyNoGNU = fmt.Sprintf("GNU cannot encode %s=%q", name, s)
-			format.mustNotBe(FormatGNU)
-		}
-		if !isASCII(s) || tooLong {
-			canSplitUSTAR := paxKey == paxPath
-			if _, _, ok := splitUSTARPath(s); !canSplitUSTAR || !ok {
-				whyNoUSTAR = fmt.Sprintf("USTAR cannot encode %s=%q", name, s)
-				format.mustNotBe(FormatUSTAR)
-			}
-			if paxKey == paxNone {
-				whyNoPAX = fmt.Sprintf("PAX cannot encode %s=%q", name, s)
-				format.mustNotBe(FormatPAX)
-			} else {
-				paxHdrs[paxKey] = s
-			}
-		}
-		if v, ok := h.PAXRecords[paxKey]; ok && v == s {
-			paxHdrs[paxKey] = v
-		}
-	}
-	verifyNumeric := func(n int64, size int, name, paxKey string) {
-		if !fitsInBase256(size, n) {
-			whyNoGNU = fmt.Sprintf("GNU cannot encode %s=%d", name, n)
-			format.mustNotBe(FormatGNU)
-		}
-		if !fitsInOctal(size, n) {
-			whyNoUSTAR = fmt.Sprintf("USTAR cannot encode %s=%d", name, n)
-			format.mustNotBe(FormatUSTAR)
-			if paxKey == paxNone {
-				whyNoPAX = fmt.Sprintf("PAX cannot encode %s=%d", name, n)
-				format.mustNotBe(FormatPAX)
-			} else {
-				paxHdrs[paxKey] = strconv.FormatInt(n, 10)
-			}
-		}
-		if v, ok := h.PAXRecords[paxKey]; ok && v == strconv.FormatInt(n, 10) {
-			paxHdrs[paxKey] = v
-		}
-	}
-	verifyTime := func(ts time.Time, size int, name, paxKey string) {
-		if ts.IsZero() {
-			return // Always okay
-		}
-		if !fitsInBase256(size, ts.Unix()) {
-			whyNoGNU = fmt.Sprintf("GNU cannot encode %s=%v", name, ts)
-			format.mustNotBe(FormatGNU)
-		}
-		isMtime := paxKey == paxMtime
-		fitsOctal := fitsInOctal(size, ts.Unix())
-		if (isMtime && !fitsOctal) || !isMtime {
-			whyNoUSTAR = fmt.Sprintf("USTAR cannot encode %s=%v", name, ts)
-			format.mustNotBe(FormatUSTAR)
-		}
-		needsNano := ts.Nanosecond() != 0
-		if !isMtime || !fitsOctal || needsNano {
-			preferPAX = true // USTAR may truncate sub-second measurements
-			if paxKey == paxNone {
-				whyNoPAX = fmt.Sprintf("PAX cannot encode %s=%v", name, ts)
-				format.mustNotBe(FormatPAX)
-			} else {
-				paxHdrs[paxKey] = formatPAXTime(ts)
-			}
-		}
-		if v, ok := h.PAXRecords[paxKey]; ok && v == formatPAXTime(ts) {
-			paxHdrs[paxKey] = v
-		}
-	}
-
-	// Check basic fields.
-	var blk block
-	v7 := blk.V7()
-	ustar := blk.USTAR()
-	gnu := blk.GNU()
-	verifyString(h.Name, len(v7.Name()), "Name", paxPath)
-	verifyString(h.Linkname, len(v7.LinkName()), "Linkname", paxLinkpath)
-	verifyString(h.Uname, len(ustar.UserName()), "Uname", paxUname)
-	verifyString(h.Gname, len(ustar.GroupName()), "Gname", paxGname)
-	verifyNumeric(h.Mode, len(v7.Mode()), "Mode", paxNone)
-	verifyNumeric(int64(h.Uid), len(v7.UID()), "Uid", paxUid)
-	verifyNumeric(int64(h.Gid), len(v7.GID()), "Gid", paxGid)
-	verifyNumeric(h.Size, len(v7.Size()), "Size", paxSize)
-	verifyNumeric(h.Devmajor, len(ustar.DevMajor()), "Devmajor", paxNone)
-	verifyNumeric(h.Devminor, len(ustar.DevMinor()), "Devminor", paxNone)
-	verifyTime(h.ModTime, len(v7.ModTime()), "ModTime", paxMtime)
-	verifyTime(h.AccessTime, len(gnu.AccessTime()), "AccessTime", paxAtime)
-	verifyTime(h.ChangeTime, len(gnu.ChangeTime()), "ChangeTime", paxCtime)
-
-	// Check for header-only types.
-	var whyOnlyPAX, whyOnlyGNU string
-	switch h.Typeflag {
-	case TypeReg, TypeChar, TypeBlock, TypeFifo, TypeGNUSparse:
-		// Exclude TypeLink and TypeSymlink, since they may reference directories.
-		if strings.HasSuffix(h.Name, "/") {
-			return FormatUnknown, nil, headerError{"filename may not have trailing slash"}
-		}
-	case TypeXHeader, TypeGNULongName, TypeGNULongLink:
-		return FormatUnknown, nil, headerError{"cannot manually encode TypeXHeader, TypeGNULongName, or TypeGNULongLink headers"}
-	case TypeXGlobalHeader:
-		h2 := Header{Name: h.Name, Typeflag: h.Typeflag, Xattrs: h.Xattrs, PAXRecords: h.PAXRecords, Format: h.Format}
-		if !reflect.DeepEqual(h, h2) {
-			return FormatUnknown, nil, headerError{"only PAXRecords should be set for TypeXGlobalHeader"}
-		}
-		whyOnlyPAX = "only PAX supports TypeXGlobalHeader"
-		format.mayOnlyBe(FormatPAX)
-	}
-	if !isHeaderOnlyType(h.Typeflag) && h.Size < 0 {
-		return FormatUnknown, nil, headerError{"negative size on header-only type"}
-	}
-
-	// Check PAX records.
-	if len(h.Xattrs) > 0 {
-		for k, v := range h.Xattrs {
-			paxHdrs[paxSchilyXattr+k] = v
-		}
-		whyOnlyPAX = "only PAX supports Xattrs"
-		format.mayOnlyBe(FormatPAX)
-	}
-	if len(h.PAXRecords) > 0 {
-		for k, v := range h.PAXRecords {
-			switch _, exists := paxHdrs[k]; {
-			case exists:
-				continue // Do not overwrite existing records
-			case h.Typeflag == TypeXGlobalHeader:
-				paxHdrs[k] = v // Copy all records
-			case !basicKeys[k] && !strings.HasPrefix(k, paxGNUSparse):
-				paxHdrs[k] = v // Ignore local records that may conflict
-			}
-		}
-		whyOnlyPAX = "only PAX supports PAXRecords"
-		format.mayOnlyBe(FormatPAX)
-	}
-	for k, v := range paxHdrs {
-		if !validPAXRecord(k, v) {
-			return FormatUnknown, nil, headerError{fmt.Sprintf("invalid PAX record: %q", k+" = "+v)}
-		}
-	}
-
-	// TODO(dsnet): Re-enable this when adding sparse support.
-	// See https://golang.org/issue/22735
-	/*
-		// Check sparse files.
-		if len(h.SparseHoles) > 0 || h.Typeflag == TypeGNUSparse {
-			if isHeaderOnlyType(h.Typeflag) {
-				return FormatUnknown, nil, headerError{"header-only type cannot be sparse"}
-			}
-			if !validateSparseEntries(h.SparseHoles, h.Size) {
-				return FormatUnknown, nil, headerError{"invalid sparse holes"}
-			}
-			if h.Typeflag == TypeGNUSparse {
-				whyOnlyGNU = "only GNU supports TypeGNUSparse"
-				format.mayOnlyBe(FormatGNU)
-			} else {
-				whyNoGNU = "GNU supports sparse files only with TypeGNUSparse"
-				format.mustNotBe(FormatGNU)
-			}
-			whyNoUSTAR = "USTAR does not support sparse files"
-			format.mustNotBe(FormatUSTAR)
-		}
-	*/
-
-	// Check desired format.
-	if wantFormat := h.Format; wantFormat != FormatUnknown {
-		if wantFormat.has(FormatPAX) && !preferPAX {
-			wantFormat.mayBe(FormatUSTAR) // PAX implies USTAR allowed too
-		}
-		format.mayOnlyBe(wantFormat) // Set union of formats allowed and format wanted
-	}
-	if format == FormatUnknown {
-		switch h.Format {
-		case FormatUSTAR:
-			err = headerError{"Format specifies USTAR", whyNoUSTAR, whyOnlyPAX, whyOnlyGNU}
-		case FormatPAX:
-			err = headerError{"Format specifies PAX", whyNoPAX, whyOnlyGNU}
-		case FormatGNU:
-			err = headerError{"Format specifies GNU", whyNoGNU, whyOnlyPAX}
-		default:
-			err = headerError{whyNoUSTAR, whyNoPAX, whyNoGNU, whyOnlyPAX, whyOnlyGNU}
-		}
-	}
-	return format, paxHdrs, err
-}
-
-// FileInfo returns an os.FileInfo for the Header.
-func (h *Header) FileInfo() os.FileInfo {
-	return headerFileInfo{h}
-}
-
-// headerFileInfo implements os.FileInfo.
-type headerFileInfo struct {
-	h *Header
-}
-
-func (fi headerFileInfo) Size() int64        { return fi.h.Size }
-func (fi headerFileInfo) IsDir() bool        { return fi.Mode().IsDir() }
-func (fi headerFileInfo) ModTime() time.Time { return fi.h.ModTime }
-func (fi headerFileInfo) Sys() interface{}   { return fi.h }
-
-// Name returns the base name of the file.
-func (fi headerFileInfo) Name() string {
-	if fi.IsDir() {
-		return path.Base(path.Clean(fi.h.Name))
-	}
-	return path.Base(fi.h.Name)
-}
-
-// Mode returns the permission and mode bits for the headerFileInfo.
-func (fi headerFileInfo) Mode() (mode os.FileMode) {
-	// Set file permission bits.
-	mode = os.FileMode(fi.h.Mode).Perm()
-
-	// Set setuid, setgid and sticky bits.
-	if fi.h.Mode&c_ISUID != 0 {
-		mode |= os.ModeSetuid
-	}
-	if fi.h.Mode&c_ISGID != 0 {
-		mode |= os.ModeSetgid
-	}
-	if fi.h.Mode&c_ISVTX != 0 {
-		mode |= os.ModeSticky
-	}
-
-	// Set file mode bits; clear perm, setuid, setgid, and sticky bits.
-	switch m := os.FileMode(fi.h.Mode) &^ 07777; m {
-	case c_ISDIR:
-		mode |= os.ModeDir
-	case c_ISFIFO:
-		mode |= os.ModeNamedPipe
-	case c_ISLNK:
-		mode |= os.ModeSymlink
-	case c_ISBLK:
-		mode |= os.ModeDevice
-	case c_ISCHR:
-		mode |= os.ModeDevice
-		mode |= os.ModeCharDevice
-	case c_ISSOCK:
-		mode |= os.ModeSocket
-	}
-
-	switch fi.h.Typeflag {
-	case TypeSymlink:
-		mode |= os.ModeSymlink
-	case TypeChar:
-		mode |= os.ModeDevice
-		mode |= os.ModeCharDevice
-	case TypeBlock:
-		mode |= os.ModeDevice
-	case TypeDir:
-		mode |= os.ModeDir
-	case TypeFifo:
-		mode |= os.ModeNamedPipe
-	}
-
-	return mode
-}
-
-// sysStat, if non-nil, populates h from system-dependent fields of fi.
-var sysStat func(fi os.FileInfo, h *Header) error
-
-const (
-	// Mode constants from the USTAR spec:
-	// See http://pubs.opengroup.org/onlinepubs/9699919799/utilities/pax.html#tag_20_92_13_06
-	c_ISUID = 04000 // Set uid
-	c_ISGID = 02000 // Set gid
-	c_ISVTX = 01000 // Save text (sticky bit)
-
-	// Common Unix mode constants; these are not defined in any common tar standard.
-	// Header.FileInfo understands these, but FileInfoHeader will never produce these.
-	c_ISDIR  = 040000  // Directory
-	c_ISFIFO = 010000  // FIFO
-	c_ISREG  = 0100000 // Regular file
-	c_ISLNK  = 0120000 // Symbolic link
-	c_ISBLK  = 060000  // Block special file
-	c_ISCHR  = 020000  // Character special file
-	c_ISSOCK = 0140000 // Socket
-)
-
-// FileInfoHeader creates a partially-populated Header from fi.
-// If fi describes a symlink, FileInfoHeader records link as the link target.
-// If fi describes a directory, a slash is appended to the name.
-//
-// Since os.FileInfo's Name method only returns the base name of
-// the file it describes, it may be necessary to modify Header.Name
-// to provide the full path name of the file.
-func FileInfoHeader(fi os.FileInfo, link string) (*Header, error) {
-	if fi == nil {
-		return nil, errors.New("archive/tar: FileInfo is nil")
-	}
-	fm := fi.Mode()
-	h := &Header{
-		Name:    fi.Name(),
-		ModTime: fi.ModTime(),
-		Mode:    int64(fm.Perm()), // or'd with c_IS* constants later
-	}
-	switch {
-	case fm.IsRegular():
-		h.Typeflag = TypeReg
-		h.Size = fi.Size()
-	case fi.IsDir():
-		h.Typeflag = TypeDir
-		h.Name += "/"
-	case fm&os.ModeSymlink != 0:
-		h.Typeflag = TypeSymlink
-		h.Linkname = link
-	case fm&os.ModeDevice != 0:
-		if fm&os.ModeCharDevice != 0 {
-			h.Typeflag = TypeChar
-		} else {
-			h.Typeflag = TypeBlock
-		}
-	case fm&os.ModeNamedPipe != 0:
-		h.Typeflag = TypeFifo
-	case fm&os.ModeSocket != 0:
-		return nil, fmt.Errorf("archive/tar: sockets not supported")
-	default:
-		return nil, fmt.Errorf("archive/tar: unknown file mode %v", fm)
-	}
-	if fm&os.ModeSetuid != 0 {
-		h.Mode |= c_ISUID
-	}
-	if fm&os.ModeSetgid != 0 {
-		h.Mode |= c_ISGID
-	}
-	if fm&os.ModeSticky != 0 {
-		h.Mode |= c_ISVTX
-	}
-	// If possible, populate additional fields from OS-specific
-	// FileInfo fields.
-	if sys, ok := fi.Sys().(*Header); ok {
-		// This FileInfo came from a Header (not the OS). Use the
-		// original Header to populate all remaining fields.
-		h.Uid = sys.Uid
-		h.Gid = sys.Gid
-		h.Uname = sys.Uname
-		h.Gname = sys.Gname
-		h.AccessTime = sys.AccessTime
-		h.ChangeTime = sys.ChangeTime
-		if sys.Xattrs != nil {
-			h.Xattrs = make(map[string]string)
-			for k, v := range sys.Xattrs {
-				h.Xattrs[k] = v
-			}
-		}
-		if sys.Typeflag == TypeLink {
-			// hard link
-			h.Typeflag = TypeLink
-			h.Size = 0
-			h.Linkname = sys.Linkname
-		}
-		if sys.PAXRecords != nil {
-			h.PAXRecords = make(map[string]string)
-			for k, v := range sys.PAXRecords {
-				h.PAXRecords[k] = v
-			}
-		}
-	}
-	if sysStat != nil {
-		return h, sysStat(fi, h)
-	}
-	return h, nil
-}
-
-// isHeaderOnlyType checks if the given type flag is of the type that has no
-// data section even if a size is specified.
-func isHeaderOnlyType(flag byte) bool {
-	switch flag {
-	case TypeLink, TypeSymlink, TypeChar, TypeBlock, TypeDir, TypeFifo:
-		return true
-	default:
-		return false
-	}
-}
-
-func min(a, b int64) int64 {
-	if a < b {
-		return a
-	}
-	return b
-}

vendor/archive/tar/format.go

@@ -1,303 +0,0 @@
-// Copyright 2016 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package tar
-
-import "strings"
-
-// Format represents the tar archive format.
-//
-// The original tar format was introduced in Unix V7.
-// Since then, there have been multiple competing formats attempting to
-// standardize or extend the V7 format to overcome its limitations.
-// The most common formats are the USTAR, PAX, and GNU formats,
-// each with their own advantages and limitations.
-//
-// The following table captures the capabilities of each format:
-//
-//	                  |  USTAR |       PAX |       GNU
-//	------------------+--------+-----------+----------
-//	Name              |   256B | unlimited | unlimited
-//	Linkname          |   100B | unlimited | unlimited
-//	Size              | uint33 | unlimited |    uint89
-//	Mode              | uint21 |    uint21 |    uint57
-//	Uid/Gid           | uint21 | unlimited |    uint57
-//	Uname/Gname       |    32B | unlimited |       32B
-//	ModTime           | uint33 | unlimited |     int89
-//	AccessTime        |    n/a | unlimited |     int89
-//	ChangeTime        |    n/a | unlimited |     int89
-//	Devmajor/Devminor | uint21 |    uint21 |    uint57
-//	------------------+--------+-----------+----------
-//	string encoding   |  ASCII |     UTF-8 |    binary
-//	sub-second times  |     no |       yes |        no
-//	sparse files      |     no |       yes |       yes
-//
-// The table's upper portion shows the Header fields, where each format reports
-// the maximum number of bytes allowed for each string field and
-// the integer type used to store each numeric field
-// (where timestamps are stored as the number of seconds since the Unix epoch).
-//
-// The table's lower portion shows specialized features of each format,
-// such as supported string encodings, support for sub-second timestamps,
-// or support for sparse files.
-//
-// The Writer currently provides no support for sparse files.
-type Format int
-
-// Constants to identify various tar formats.
-const (
-	// Deliberately hide the meaning of constants from public API.
-	_ Format = (1 << iota) / 4 // Sequence of 0, 0, 1, 2, 4, 8, etc...
-
-	// FormatUnknown indicates that the format is unknown.
-	FormatUnknown
-
-	// The format of the original Unix V7 tar tool prior to standardization.
-	formatV7
-
-	// FormatUSTAR represents the USTAR header format defined in POSIX.1-1988.
-	//
-	// While this format is compatible with most tar readers,
-	// the format has several limitations making it unsuitable for some usages.
-	// Most notably, it cannot support sparse files, files larger than 8GiB,
-	// filenames larger than 256 characters, and non-ASCII filenames.
-	//
-	// Reference:
-	//	http://pubs.opengroup.org/onlinepubs/9699919799/utilities/pax.html#tag_20_92_13_06
-	FormatUSTAR
-
-	// FormatPAX represents the PAX header format defined in POSIX.1-2001.
-	//
-	// PAX extends USTAR by writing a special file with Typeflag TypeXHeader
-	// preceding the original header. This file contains a set of key-value
-	// records, which are used to overcome USTAR's shortcomings, in addition to
-	// providing the ability to have sub-second resolution for timestamps.
-	//
-	// Some newer formats add their own extensions to PAX by defining their
-	// own keys and assigning certain semantic meaning to the associated values.
-	// For example, sparse file support in PAX is implemented using keys
-	// defined by the GNU manual (e.g., "GNU.sparse.map").
-	//
-	// Reference:
-	//	http://pubs.opengroup.org/onlinepubs/009695399/utilities/pax.html
-	FormatPAX
-
-	// FormatGNU represents the GNU header format.
-	//
-	// The GNU header format is older than the USTAR and PAX standards and
-	// is not compatible with them. The GNU format supports
-	// arbitrary file sizes, filenames of arbitrary encoding and length,
-	// sparse files, and other features.
-	//
-	// It is recommended that PAX be chosen over GNU unless the target
-	// application can only parse GNU formatted archives.
-	//
-	// Reference:
-	//	http://www.gnu.org/software/tar/manual/html_node/Standard.html
-	FormatGNU
-
-	// Schily's tar format, which is incompatible with USTAR.
-	// This does not cover STAR extensions to the PAX format; these fall under
-	// the PAX format.
-	formatSTAR
-
-	formatMax
-)
-
-func (f Format) has(f2 Format) bool   { return f&f2 != 0 }
-func (f *Format) mayBe(f2 Format)     { *f |= f2 }
-func (f *Format) mayOnlyBe(f2 Format) { *f &= f2 }
-func (f *Format) mustNotBe(f2 Format) { *f &^= f2 }
-
-var formatNames = map[Format]string{
-	formatV7: "V7", FormatUSTAR: "USTAR", FormatPAX: "PAX", FormatGNU: "GNU", formatSTAR: "STAR",
-}
-
-func (f Format) String() string {
-	var ss []string
-	for f2 := Format(1); f2 < formatMax; f2 <<= 1 {
-		if f.has(f2) {
-			ss = append(ss, formatNames[f2])
-		}
-	}
-	switch len(ss) {
-	case 0:
-		return "<unknown>"
-	case 1:
-		return ss[0]
-	default:
-		return "(" + strings.Join(ss, " | ") + ")"
-	}
-}
-
-// Magics used to identify various formats.
-const (
-	magicGNU, versionGNU     = "ustar ", " \x00"
-	magicUSTAR, versionUSTAR = "ustar\x00", "00"
-	trailerSTAR              = "tar\x00"
-)
-
-// Size constants from various tar specifications.
-const (
-	blockSize  = 512 // Size of each block in a tar stream
-	nameSize   = 100 // Max length of the name field in USTAR format
-	prefixSize = 155 // Max length of the prefix field in USTAR format
-)
-
-// blockPadding computes the number of bytes needed to pad offset up to the
-// nearest block edge where 0 <= n < blockSize.
-func blockPadding(offset int64) (n int64) {
-	return -offset & (blockSize - 1)
-}
-
-var zeroBlock block
-
-type block [blockSize]byte
-
-// Convert block to any number of formats.
-func (b *block) V7() *headerV7       { return (*headerV7)(b) }
-func (b *block) GNU() *headerGNU     { return (*headerGNU)(b) }
-func (b *block) STAR() *headerSTAR   { return (*headerSTAR)(b) }
-func (b *block) USTAR() *headerUSTAR { return (*headerUSTAR)(b) }
-func (b *block) Sparse() sparseArray { return (sparseArray)(b[:]) }
-
-// GetFormat checks that the block is a valid tar header based on the checksum.
-// It then attempts to guess the specific format based on magic values.
-// If the checksum fails, then FormatUnknown is returned.
-func (b *block) GetFormat() Format {
-	// Verify checksum.
-	var p parser
-	value := p.parseOctal(b.V7().Chksum())
-	chksum1, chksum2 := b.ComputeChecksum()
-	if p.err != nil || (value != chksum1 && value != chksum2) {
-		return FormatUnknown
-	}
-
-	// Guess the magic values.
-	magic := string(b.USTAR().Magic())
-	version := string(b.USTAR().Version())
-	trailer := string(b.STAR().Trailer())
-	switch {
-	case magic == magicUSTAR && trailer == trailerSTAR:
-		return formatSTAR
-	case magic == magicUSTAR:
-		return FormatUSTAR | FormatPAX
-	case magic == magicGNU && version == versionGNU:
-		return FormatGNU
-	default:
-		return formatV7
-	}
-}
-
-// SetFormat writes the magic values necessary for specified format
-// and then updates the checksum accordingly.
-func (b *block) SetFormat(format Format) {
-	// Set the magic values.
-	switch {
-	case format.has(formatV7):
-		// Do nothing.
-	case format.has(FormatGNU):
-		copy(b.GNU().Magic(), magicGNU)
-		copy(b.GNU().Version(), versionGNU)
-	case format.has(formatSTAR):
-		copy(b.STAR().Magic(), magicUSTAR)
-		copy(b.STAR().Version(), versionUSTAR)
-		copy(b.STAR().Trailer(), trailerSTAR)
-	case format.has(FormatUSTAR | FormatPAX):
-		copy(b.USTAR().Magic(), magicUSTAR)
-		copy(b.USTAR().Version(), versionUSTAR)
-	default:
-		panic("invalid format")
-	}
-
-	// Update checksum.
-	// This field is special in that it is terminated by a NULL then space.
-	var f formatter
-	field := b.V7().Chksum()
-	chksum, _ := b.ComputeChecksum() // Possible values are 256..128776
-	f.formatOctal(field[:7], chksum) // Never fails since 128776 < 262143
-	field[7] = ' '
-}
-
-// ComputeChecksum computes the checksum for the header block.
-// POSIX specifies a sum of the unsigned byte values, but the Sun tar used
-// signed byte values.
-// We compute and return both.
-func (b *block) ComputeChecksum() (unsigned, signed int64) {
-	for i, c := range b {
-		if 148 <= i && i < 156 {
-			c = ' ' // Treat the checksum field itself as all spaces.
-		}
-		unsigned += int64(c)
-		signed += int64(int8(c))
-	}
-	return unsigned, signed
-}
-
-// Reset clears the block with all zeros.
-func (b *block) Reset() {
-	*b = block{}
-}
-
-type headerV7 [blockSize]byte
-
-func (h *headerV7) Name() []byte     { return h[000:][:100] }
-func (h *headerV7) Mode() []byte     { return h[100:][:8] }
-func (h *headerV7) UID() []byte      { return h[108:][:8] }
-func (h *headerV7) GID() []byte      { return h[116:][:8] }
-func (h *headerV7) Size() []byte     { return h[124:][:12] }
-func (h *headerV7) ModTime() []byte  { return h[136:][:12] }
-func (h *headerV7) Chksum() []byte   { return h[148:][:8] }
-func (h *headerV7) TypeFlag() []byte { return h[156:][:1] }
-func (h *headerV7) LinkName() []byte { return h[157:][:100] }
-
-type headerGNU [blockSize]byte
-
-func (h *headerGNU) V7() *headerV7       { return (*headerV7)(h) }
-func (h *headerGNU) Magic() []byte       { return h[257:][:6] }
-func (h *headerGNU) Version() []byte     { return h[263:][:2] }
-func (h *headerGNU) UserName() []byte    { return h[265:][:32] }
-func (h *headerGNU) GroupName() []byte   { return h[297:][:32] }
-func (h *headerGNU) DevMajor() []byte    { return h[329:][:8] }
-func (h *headerGNU) DevMinor() []byte    { return h[337:][:8] }
-func (h *headerGNU) AccessTime() []byte  { return h[345:][:12] }
-func (h *headerGNU) ChangeTime() []byte  { return h[357:][:12] }
-func (h *headerGNU) Sparse() sparseArray { return (sparseArray)(h[386:][:24*4+1]) }
-func (h *headerGNU) RealSize() []byte    { return h[483:][:12] }
-
-type headerSTAR [blockSize]byte
-
-func (h *headerSTAR) V7() *headerV7      { return (*headerV7)(h) }
-func (h *headerSTAR) Magic() []byte      { return h[257:][:6] }
-func (h *headerSTAR) Version() []byte    { return h[263:][:2] }
-func (h *headerSTAR) UserName() []byte   { return h[265:][:32] }
-func (h *headerSTAR) GroupName() []byte  { return h[297:][:32] }
-func (h *headerSTAR) DevMajor() []byte   { return h[329:][:8] }
-func (h *headerSTAR) DevMinor() []byte   { return h[337:][:8] }
-func (h *headerSTAR) Prefix() []byte     { return h[345:][:131] }
-func (h *headerSTAR) AccessTime() []byte { return h[476:][:12] }
-func (h *headerSTAR) ChangeTime() []byte { return h[488:][:12] }
-func (h *headerSTAR) Trailer() []byte    { return h[508:][:4] }
-
-type headerUSTAR [blockSize]byte
-
-func (h *headerUSTAR) V7() *headerV7     { return (*headerV7)(h) }
-func (h *headerUSTAR) Magic() []byte     { return h[257:][:6] }
-func (h *headerUSTAR) Version() []byte   { return h[263:][:2] }
-func (h *headerUSTAR) UserName() []byte  { return h[265:][:32] }
-func (h *headerUSTAR) GroupName() []byte { return h[297:][:32] }
-func (h *headerUSTAR) DevMajor() []byte  { return h[329:][:8] }
-func (h *headerUSTAR) DevMinor() []byte  { return h[337:][:8] }
-func (h *headerUSTAR) Prefix() []byte    { return h[345:][:155] }
-
-type sparseArray []byte
-
-func (s sparseArray) Entry(i int) sparseElem { return (sparseElem)(s[i*24:]) }
-func (s sparseArray) IsExtended() []byte     { return s[24*s.MaxEntries():][:1] }
-func (s sparseArray) MaxEntries() int        { return len(s) / 24 }
-
-type sparseElem []byte
-
-func (s sparseElem) Offset() []byte { return s[00:][:12] }
-func (s sparseElem) Length() []byte { return s[12:][:12] }

vendor/archive/tar/reader.go

@@ -1,855 +0,0 @@
-// Copyright 2009 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package tar
-
-import (
-	"bytes"
-	"io"
-	"io/ioutil"
-	"strconv"
-	"strings"
-	"time"
-)
-
-// Reader provides sequential access to the contents of a tar archive.
-// Reader.Next advances to the next file in the archive (including the first),
-// and then Reader can be treated as an io.Reader to access the file's data.
-type Reader struct {
-	r    io.Reader
-	pad  int64      // Amount of padding (ignored) after current file entry
-	curr fileReader // Reader for current file entry
-	blk  block      // Buffer to use as temporary local storage
-
-	// err is a persistent error.
-	// It is only the responsibility of every exported method of Reader to
-	// ensure that this error is sticky.
-	err error
-}
-
-type fileReader interface {
-	io.Reader
-	fileState
-
-	WriteTo(io.Writer) (int64, error)
-}
-
-// NewReader creates a new Reader reading from r.
-func NewReader(r io.Reader) *Reader {
-	return &Reader{r: r, curr: &regFileReader{r, 0}}
-}
-
-// Next advances to the next entry in the tar archive.
-// The Header.Size determines how many bytes can be read for the next file.
-// Any remaining data in the current file is automatically discarded.
-//
-// io.EOF is returned at the end of the input.
-func (tr *Reader) Next() (*Header, error) {
-	if tr.err != nil {
-		return nil, tr.err
-	}
-	hdr, err := tr.next()
-	tr.err = err
-	return hdr, err
-}
-
-func (tr *Reader) next() (*Header, error) {
-	var paxHdrs map[string]string
-	var gnuLongName, gnuLongLink string
-
-	// Externally, Next iterates through the tar archive as if it is a series of
-	// files. Internally, the tar format often uses fake "files" to add meta
-	// data that describes the next file. These meta data "files" should not
-	// normally be visible to the outside. As such, this loop iterates through
-	// one or more "header files" until it finds a "normal file".
-	format := FormatUSTAR | FormatPAX | FormatGNU
-loop:
-	for {
-		// Discard the remainder of the file and any padding.
-		if err := discard(tr.r, tr.curr.PhysicalRemaining()); err != nil {
-			return nil, err
-		}
-		if _, err := tryReadFull(tr.r, tr.blk[:tr.pad]); err != nil {
-			return nil, err
-		}
-		tr.pad = 0
-
-		hdr, rawHdr, err := tr.readHeader()
-		if err != nil {
-			return nil, err
-		}
-		if err := tr.handleRegularFile(hdr); err != nil {
-			return nil, err
-		}
-		format.mayOnlyBe(hdr.Format)
-
-		// Check for PAX/GNU special headers and files.
-		switch hdr.Typeflag {
-		case TypeXHeader, TypeXGlobalHeader:
-			format.mayOnlyBe(FormatPAX)
-			paxHdrs, err = parsePAX(tr)
-			if err != nil {
-				return nil, err
-			}
-			if hdr.Typeflag == TypeXGlobalHeader {
-				mergePAX(hdr, paxHdrs)
-				return &Header{
-					Name:       hdr.Name,
-					Typeflag:   hdr.Typeflag,
-					Xattrs:     hdr.Xattrs,
-					PAXRecords: hdr.PAXRecords,
-					Format:     format,
-				}, nil
-			}
-			continue loop // This is a meta header affecting the next header
-		case TypeGNULongName, TypeGNULongLink:
-			format.mayOnlyBe(FormatGNU)
-			realname, err := ioutil.ReadAll(tr)
-			if err != nil {
-				return nil, err
-			}
-
-			var p parser
-			switch hdr.Typeflag {
-			case TypeGNULongName:
-				gnuLongName = p.parseString(realname)
-			case TypeGNULongLink:
-				gnuLongLink = p.parseString(realname)
-			}
-			continue loop // This is a meta header affecting the next header
-		default:
-			// The old GNU sparse format is handled here since it is technically
-			// just a regular file with additional attributes.
-
-			if err := mergePAX(hdr, paxHdrs); err != nil {
-				return nil, err
-			}
-			if gnuLongName != "" {
-				hdr.Name = gnuLongName
-			}
-			if gnuLongLink != "" {
-				hdr.Linkname = gnuLongLink
-			}
-			if hdr.Typeflag == TypeRegA && strings.HasSuffix(hdr.Name, "/") {
-				hdr.Typeflag = TypeDir // Legacy archives use trailing slash for directories
-			}
-
-			// The extended headers may have updated the size.
-			// Thus, setup the regFileReader again after merging PAX headers.
-			if err := tr.handleRegularFile(hdr); err != nil {
-				return nil, err
-			}
-
-			// Sparse formats rely on being able to read from the logical data
-			// section; there must be a preceding call to handleRegularFile.
-			if err := tr.handleSparseFile(hdr, rawHdr); err != nil {
-				return nil, err
-			}
-
-			// Set the final guess at the format.
-			if format.has(FormatUSTAR) && format.has(FormatPAX) {
-				format.mayOnlyBe(FormatUSTAR)
-			}
-			hdr.Format = format
-			return hdr, nil // This is a file, so stop
-		}
-	}
-}
-
-// handleRegularFile sets up the current file reader and padding such that it
-// can only read the following logical data section. It will properly handle
-// special headers that contain no data section.
-func (tr *Reader) handleRegularFile(hdr *Header) error {
-	nb := hdr.Size
-	if isHeaderOnlyType(hdr.Typeflag) {
-		nb = 0
-	}
-	if nb < 0 {
-		return ErrHeader
-	}
-
-	tr.pad = blockPadding(nb)
-	tr.curr = &regFileReader{r: tr.r, nb: nb}
-	return nil
-}
-
-// handleSparseFile checks if the current file is a sparse format of any type
-// and sets the curr reader appropriately.
-func (tr *Reader) handleSparseFile(hdr *Header, rawHdr *block) error {
-	var spd sparseDatas
-	var err error
-	if hdr.Typeflag == TypeGNUSparse {
-		spd, err = tr.readOldGNUSparseMap(hdr, rawHdr)
-	} else {
-		spd, err = tr.readGNUSparsePAXHeaders(hdr)
-	}
-
-	// If sp is non-nil, then this is a sparse file.
-	// Note that it is possible for len(sp) == 0.
-	if err == nil && spd != nil {
-		if isHeaderOnlyType(hdr.Typeflag) || !validateSparseEntries(spd, hdr.Size) {
-			return ErrHeader
-		}
-		sph := invertSparseEntries(spd, hdr.Size)
-		tr.curr = &sparseFileReader{tr.curr, sph, 0}
-	}
-	return err
-}
-
-// readGNUSparsePAXHeaders checks the PAX headers for GNU sparse headers.
-// If they are found, then this function reads the sparse map and returns it.
-// This assumes that 0.0 headers have already been converted to 0.1 headers
-// by the the PAX header parsing logic.
-func (tr *Reader) readGNUSparsePAXHeaders(hdr *Header) (sparseDatas, error) {
-	// Identify the version of GNU headers.
-	var is1x0 bool
-	major, minor := hdr.PAXRecords[paxGNUSparseMajor], hdr.PAXRecords[paxGNUSparseMinor]
-	switch {
-	case major == "0" && (minor == "0" || minor == "1"):
-		is1x0 = false
-	case major == "1" && minor == "0":
-		is1x0 = true
-	case major != "" || minor != "":
-		return nil, nil // Unknown GNU sparse PAX version
-	case hdr.PAXRecords[paxGNUSparseMap] != "":
-		is1x0 = false // 0.0 and 0.1 did not have explicit version records, so guess
-	default:
-		return nil, nil // Not a PAX format GNU sparse file.
-	}
-	hdr.Format.mayOnlyBe(FormatPAX)
-
-	// Update hdr from GNU sparse PAX headers.
-	if name := hdr.PAXRecords[paxGNUSparseName]; name != "" {
-		hdr.Name = name
-	}
-	size := hdr.PAXRecords[paxGNUSparseSize]
-	if size == "" {
-		size = hdr.PAXRecords[paxGNUSparseRealSize]
-	}
-	if size != "" {
-		n, err := strconv.ParseInt(size, 10, 64)
-		if err != nil {
-			return nil, ErrHeader
-		}
-		hdr.Size = n
-	}
-
-	// Read the sparse map according to the appropriate format.
-	if is1x0 {
-		return readGNUSparseMap1x0(tr.curr)
-	}
-	return readGNUSparseMap0x1(hdr.PAXRecords)
-}
-
-// mergePAX merges paxHdrs into hdr for all relevant fields of Header.
-func mergePAX(hdr *Header, paxHdrs map[string]string) (err error) {
-	for k, v := range paxHdrs {
-		if v == "" {
-			continue // Keep the original USTAR value
-		}
-		var id64 int64
-		switch k {
-		case paxPath:
-			hdr.Name = v
-		case paxLinkpath:
-			hdr.Linkname = v
-		case paxUname:
-			hdr.Uname = v
-		case paxGname:
-			hdr.Gname = v
-		case paxUid:
-			id64, err = strconv.ParseInt(v, 10, 64)
-			hdr.Uid = int(id64) // Integer overflow possible
-		case paxGid:
-			id64, err = strconv.ParseInt(v, 10, 64)
-			hdr.Gid = int(id64) // Integer overflow possible
-		case paxAtime:
-			hdr.AccessTime, err = parsePAXTime(v)
-		case paxMtime:
-			hdr.ModTime, err = parsePAXTime(v)
-		case paxCtime:
-			hdr.ChangeTime, err = parsePAXTime(v)
-		case paxSize:
-			hdr.Size, err = strconv.ParseInt(v, 10, 64)
-		default:
-			if strings.HasPrefix(k, paxSchilyXattr) {
-				if hdr.Xattrs == nil {
-					hdr.Xattrs = make(map[string]string)
-				}
-				hdr.Xattrs[k[len(paxSchilyXattr):]] = v
-			}
-		}
-		if err != nil {
-			return ErrHeader
-		}
-	}
-	hdr.PAXRecords = paxHdrs
-	return nil
-}
-
-// parsePAX parses PAX headers.
-// If an extended header (type 'x') is invalid, ErrHeader is returned
-func parsePAX(r io.Reader) (map[string]string, error) {
-	buf, err := ioutil.ReadAll(r)
-	if err != nil {
-		return nil, err
-	}
-	sbuf := string(buf)
-
-	// For GNU PAX sparse format 0.0 support.
-	// This function transforms the sparse format 0.0 headers into format 0.1
-	// headers since 0.0 headers were not PAX compliant.
-	var sparseMap []string
-
-	paxHdrs := make(map[string]string)
-	for len(sbuf) > 0 {
-		key, value, residual, err := parsePAXRecord(sbuf)
-		if err != nil {
-			return nil, ErrHeader
-		}
-		sbuf = residual
-
-		switch key {
-		case paxGNUSparseOffset, paxGNUSparseNumBytes:
-			// Validate sparse header order and value.
-			if (len(sparseMap)%2 == 0 && key != paxGNUSparseOffset) ||
-				(len(sparseMap)%2 == 1 && key != paxGNUSparseNumBytes) ||
-				strings.Contains(value, ",") {
-				return nil, ErrHeader
-			}
-			sparseMap = append(sparseMap, value)
-		default:
-			paxHdrs[key] = value
-		}
-	}
-	if len(sparseMap) > 0 {
-		paxHdrs[paxGNUSparseMap] = strings.Join(sparseMap, ",")
-	}
-	return paxHdrs, nil
-}
-
-// readHeader reads the next block header and assumes that the underlying reader
-// is already aligned to a block boundary. It returns the raw block of the
-// header in case further processing is required.
-//
-// The err will be set to io.EOF only when one of the following occurs:
-//	* Exactly 0 bytes are read and EOF is hit.
-//	* Exactly 1 block of zeros is read and EOF is hit.
-//	* At least 2 blocks of zeros are read.
-func (tr *Reader) readHeader() (*Header, *block, error) {
-	// Two blocks of zero bytes marks the end of the archive.
-	if _, err := io.ReadFull(tr.r, tr.blk[:]); err != nil {
-		return nil, nil, err // EOF is okay here; exactly 0 bytes read
-	}
-	if bytes.Equal(tr.blk[:], zeroBlock[:]) {
-		if _, err := io.ReadFull(tr.r, tr.blk[:]); err != nil {
-			return nil, nil, err // EOF is okay here; exactly 1 block of zeros read
-		}
-		if bytes.Equal(tr.blk[:], zeroBlock[:]) {
-			return nil, nil, io.EOF // normal EOF; exactly 2 block of zeros read
-		}
-		return nil, nil, ErrHeader // Zero block and then non-zero block
-	}
-
-	// Verify the header matches a known format.
-	format := tr.blk.GetFormat()
-	if format == FormatUnknown {
-		return nil, nil, ErrHeader
-	}
-
-	var p parser
-	hdr := new(Header)
-
-	// Unpack the V7 header.
-	v7 := tr.blk.V7()
-	hdr.Typeflag = v7.TypeFlag()[0]
-	hdr.Name = p.parseString(v7.Name())
-	hdr.Linkname = p.parseString(v7.LinkName())
-	hdr.Size = p.parseNumeric(v7.Size())
-	hdr.Mode = p.parseNumeric(v7.Mode())
-	hdr.Uid = int(p.parseNumeric(v7.UID()))
-	hdr.Gid = int(p.parseNumeric(v7.GID()))
-	hdr.ModTime = time.Unix(p.parseNumeric(v7.ModTime()), 0)
-
-	// Unpack format specific fields.
-	if format > formatV7 {
-		ustar := tr.blk.USTAR()
-		hdr.Uname = p.parseString(ustar.UserName())
-		hdr.Gname = p.parseString(ustar.GroupName())
-		hdr.Devmajor = p.parseNumeric(ustar.DevMajor())
-		hdr.Devminor = p.parseNumeric(ustar.DevMinor())
-
-		var prefix string
-		switch {
-		case format.has(FormatUSTAR | FormatPAX):
-			hdr.Format = format
-			ustar := tr.blk.USTAR()
-			prefix = p.parseString(ustar.Prefix())
-
-			// For Format detection, check if block is properly formatted since
-			// the parser is more liberal than what USTAR actually permits.
-			notASCII := func(r rune) bool { return r >= 0x80 }
-			if bytes.IndexFunc(tr.blk[:], notASCII) >= 0 {
-				hdr.Format = FormatUnknown // Non-ASCII characters in block.
-			}
-			nul := func(b []byte) bool { return int(b[len(b)-1]) == 0 }
-			if !(nul(v7.Size()) && nul(v7.Mode()) && nul(v7.UID()) && nul(v7.GID()) &&
-				nul(v7.ModTime()) && nul(ustar.DevMajor()) && nul(ustar.DevMinor())) {
-				hdr.Format = FormatUnknown // Numeric fields must end in NUL
-			}
-		case format.has(formatSTAR):
-			star := tr.blk.STAR()
-			prefix = p.parseString(star.Prefix())
-			hdr.AccessTime = time.Unix(p.parseNumeric(star.AccessTime()), 0)
-			hdr.ChangeTime = time.Unix(p.parseNumeric(star.ChangeTime()), 0)
-		case format.has(FormatGNU):
-			hdr.Format = format
-			var p2 parser
-			gnu := tr.blk.GNU()
-			if b := gnu.AccessTime(); b[0] != 0 {
-				hdr.AccessTime = time.Unix(p2.parseNumeric(b), 0)
-			}
-			if b := gnu.ChangeTime(); b[0] != 0 {
-				hdr.ChangeTime = time.Unix(p2.parseNumeric(b), 0)
-			}
-
-			// Prior to Go1.8, the Writer had a bug where it would output
-			// an invalid tar file in certain rare situations because the logic
-			// incorrectly believed that the old GNU format had a prefix field.
-			// This is wrong and leads to an output file that mangles the
-			// atime and ctime fields, which are often left unused.
-			//
-			// In order to continue reading tar files created by former, buggy
-			// versions of Go, we skeptically parse the atime and ctime fields.
-			// If we are unable to parse them and the prefix field looks like
-			// an ASCII string, then we fallback on the pre-Go1.8 behavior
-			// of treating these fields as the USTAR prefix field.
-			//
-			// Note that this will not use the fallback logic for all possible
-			// files generated by a pre-Go1.8 toolchain. If the generated file
-			// happened to have a prefix field that parses as valid
-			// atime and ctime fields (e.g., when they are valid octal strings),
-			// then it is impossible to distinguish between an valid GNU file
-			// and an invalid pre-Go1.8 file.
-			//
-			// See https://golang.org/issues/12594
-			// See https://golang.org/issues/21005
-			if p2.err != nil {
-				hdr.AccessTime, hdr.ChangeTime = time.Time{}, time.Time{}
-				ustar := tr.blk.USTAR()
-				if s := p.parseString(ustar.Prefix()); isASCII(s) {
-					prefix = s
-				}
-				hdr.Format = FormatUnknown // Buggy file is not GNU
-			}
-		}
-		if len(prefix) > 0 {
-			hdr.Name = prefix + "/" + hdr.Name
-		}
-	}
-	return hdr, &tr.blk, p.err
-}
-
-// readOldGNUSparseMap reads the sparse map from the old GNU sparse format.
-// The sparse map is stored in the tar header if it's small enough.
-// If it's larger than four entries, then one or more extension headers are used
-// to store the rest of the sparse map.
-//
-// The Header.Size does not reflect the size of any extended headers used.
-// Thus, this function will read from the raw io.Reader to fetch extra headers.
-// This method mutates blk in the process.
-func (tr *Reader) readOldGNUSparseMap(hdr *Header, blk *block) (sparseDatas, error) {
-	// Make sure that the input format is GNU.
-	// Unfortunately, the STAR format also has a sparse header format that uses
-	// the same type flag but has a completely different layout.
-	if blk.GetFormat() != FormatGNU {
-		return nil, ErrHeader
-	}
-	hdr.Format.mayOnlyBe(FormatGNU)
-
-	var p parser
-	hdr.Size = p.parseNumeric(blk.GNU().RealSize())
-	if p.err != nil {
-		return nil, p.err
-	}
-	s := blk.GNU().Sparse()
-	spd := make(sparseDatas, 0, s.MaxEntries())
-	for {
-		for i := 0; i < s.MaxEntries(); i++ {
-			// This termination condition is identical to GNU and BSD tar.
-			if s.Entry(i).Offset()[0] == 0x00 {
-				break // Don't return, need to process extended headers (even if empty)
-			}
-			offset := p.parseNumeric(s.Entry(i).Offset())
-			length := p.parseNumeric(s.Entry(i).Length())
-			if p.err != nil {
-				return nil, p.err
-			}
-			spd = append(spd, sparseEntry{Offset: offset, Length: length})
-		}
-
-		if s.IsExtended()[0] > 0 {
-			// There are more entries. Read an extension header and parse its entries.
-			if _, err := mustReadFull(tr.r, blk[:]); err != nil {
-				return nil, err
-			}
-			s = blk.Sparse()
-			continue
-		}
-		return spd, nil // Done
-	}
-}
-
-// readGNUSparseMap1x0 reads the sparse map as stored in GNU's PAX sparse format
-// version 1.0. The format of the sparse map consists of a series of
-// newline-terminated numeric fields. The first field is the number of entries
-// and is always present. Following this are the entries, consisting of two
-// fields (offset, length). This function must stop reading at the end
-// boundary of the block containing the last newline.
-//
-// Note that the GNU manual says that numeric values should be encoded in octal
-// format. However, the GNU tar utility itself outputs these values in decimal.
-// As such, this library treats values as being encoded in decimal.
-func readGNUSparseMap1x0(r io.Reader) (sparseDatas, error) {
-	var (
-		cntNewline int64
-		buf        bytes.Buffer
-		blk        block
-	)
-
-	// feedTokens copies data in blocks from r into buf until there are
-	// at least cnt newlines in buf. It will not read more blocks than needed.
-	feedTokens := func(n int64) error {
-		for cntNewline < n {
-			if _, err := mustReadFull(r, blk[:]); err != nil {
-				return err
-			}
-			buf.Write(blk[:])
-			for _, c := range blk {
-				if c == '\n' {
-					cntNewline++
-				}
-			}
-		}
-		return nil
-	}
-
-	// nextToken gets the next token delimited by a newline. This assumes that
-	// at least one newline exists in the buffer.
-	nextToken := func() string {
-		cntNewline--
-		tok, _ := buf.ReadString('\n')
-		return strings.TrimRight(tok, "\n")
-	}
-
-	// Parse for the number of entries.
-	// Use integer overflow resistant math to check this.
-	if err := feedTokens(1); err != nil {
-		return nil, err
-	}
-	numEntries, err := strconv.ParseInt(nextToken(), 10, 0) // Intentionally parse as native int
-	if err != nil || numEntries < 0 || int(2*numEntries) < int(numEntries) {
-		return nil, ErrHeader
-	}
-
-	// Parse for all member entries.
-	// numEntries is trusted after this since a potential attacker must have
-	// committed resources proportional to what this library used.
-	if err := feedTokens(2 * numEntries); err != nil {
-		return nil, err
-	}
-	spd := make(sparseDatas, 0, numEntries)
-	for i := int64(0); i < numEntries; i++ {
-		offset, err1 := strconv.ParseInt(nextToken(), 10, 64)
-		length, err2 := strconv.ParseInt(nextToken(), 10, 64)
-		if err1 != nil || err2 != nil {
-			return nil, ErrHeader
-		}
-		spd = append(spd, sparseEntry{Offset: offset, Length: length})
-	}
-	return spd, nil
-}
-
-// readGNUSparseMap0x1 reads the sparse map as stored in GNU's PAX sparse format
-// version 0.1. The sparse map is stored in the PAX headers.
-func readGNUSparseMap0x1(paxHdrs map[string]string) (sparseDatas, error) {
-	// Get number of entries.
-	// Use integer overflow resistant math to check this.
-	numEntriesStr := paxHdrs[paxGNUSparseNumBlocks]
-	numEntries, err := strconv.ParseInt(numEntriesStr, 10, 0) // Intentionally parse as native int
-	if err != nil || numEntries < 0 || int(2*numEntries) < int(numEntries) {
-		return nil, ErrHeader
-	}
-
-	// There should be two numbers in sparseMap for each entry.
-	sparseMap := strings.Split(paxHdrs[paxGNUSparseMap], ",")
-	if len(sparseMap) == 1 && sparseMap[0] == "" {
-		sparseMap = sparseMap[:0]
-	}
-	if int64(len(sparseMap)) != 2*numEntries {
-		return nil, ErrHeader
-	}
-
-	// Loop through the entries in the sparse map.
-	// numEntries is trusted now.
-	spd := make(sparseDatas, 0, numEntries)
-	for len(sparseMap) >= 2 {
-		offset, err1 := strconv.ParseInt(sparseMap[0], 10, 64)
-		length, err2 := strconv.ParseInt(sparseMap[1], 10, 64)
-		if err1 != nil || err2 != nil {
-			return nil, ErrHeader
-		}
-		spd = append(spd, sparseEntry{Offset: offset, Length: length})
-		sparseMap = sparseMap[2:]
-	}
-	return spd, nil
-}
-
-// Read reads from the current file in the tar archive.
-// It returns (0, io.EOF) when it reaches the end of that file,
-// until Next is called to advance to the next file.
-//
-// If the current file is sparse, then the regions marked as a hole
-// are read back as NUL-bytes.
-//
-// Calling Read on special types like TypeLink, TypeSymlink, TypeChar,
-// TypeBlock, TypeDir, and TypeFifo returns (0, io.EOF) regardless of what
-// the Header.Size claims.
-func (tr *Reader) Read(b []byte) (int, error) {
-	if tr.err != nil {
-		return 0, tr.err
-	}
-	n, err := tr.curr.Read(b)
-	if err != nil && err != io.EOF {
-		tr.err = err
-	}
-	return n, err
-}
-
-// writeTo writes the content of the current file to w.
-// The bytes written matches the number of remaining bytes in the current file.
-//
-// If the current file is sparse and w is an io.WriteSeeker,
-// then writeTo uses Seek to skip past holes defined in Header.SparseHoles,
-// assuming that skipped regions are filled with NULs.
-// This always writes the last byte to ensure w is the right size.
-//
-// TODO(dsnet): Re-export this when adding sparse file support.
-// See https://golang.org/issue/22735
-func (tr *Reader) writeTo(w io.Writer) (int64, error) {
-	if tr.err != nil {
-		return 0, tr.err
-	}
-	n, err := tr.curr.WriteTo(w)
-	if err != nil {
-		tr.err = err
-	}
-	return n, err
-}
-
-// regFileReader is a fileReader for reading data from a regular file entry.
-type regFileReader struct {
-	r  io.Reader // Underlying Reader
-	nb int64     // Number of remaining bytes to read
-}
-
-func (fr *regFileReader) Read(b []byte) (n int, err error) {
-	if int64(len(b)) > fr.nb {
-		b = b[:fr.nb]
-	}
-	if len(b) > 0 {
-		n, err = fr.r.Read(b)
-		fr.nb -= int64(n)
-	}
-	switch {
-	case err == io.EOF && fr.nb > 0:
-		return n, io.ErrUnexpectedEOF
-	case err == nil && fr.nb == 0:
-		return n, io.EOF
-	default:
-		return n, err
-	}
-}
-
-func (fr *regFileReader) WriteTo(w io.Writer) (int64, error) {
-	return io.Copy(w, struct{ io.Reader }{fr})
-}
-
-func (fr regFileReader) LogicalRemaining() int64 {
-	return fr.nb
-}
-
-func (fr regFileReader) PhysicalRemaining() int64 {
-	return fr.nb
-}
-
-// sparseFileReader is a fileReader for reading data from a sparse file entry.
-type sparseFileReader struct {
-	fr  fileReader  // Underlying fileReader
-	sp  sparseHoles // Normalized list of sparse holes
-	pos int64       // Current position in sparse file
-}
-
-func (sr *sparseFileReader) Read(b []byte) (n int, err error) {
-	finished := int64(len(b)) >= sr.LogicalRemaining()
-	if finished {
-		b = b[:sr.LogicalRemaining()]
-	}
-
-	b0 := b
-	endPos := sr.pos + int64(len(b))
-	for endPos > sr.pos && err == nil {
-		var nf int // Bytes read in fragment
-		holeStart, holeEnd := sr.sp[0].Offset, sr.sp[0].endOffset()
-		if sr.pos < holeStart { // In a data fragment
-			bf := b[:min(int64(len(b)), holeStart-sr.pos)]
-			nf, err = tryReadFull(sr.fr, bf)
-		} else { // In a hole fragment
-			bf := b[:min(int64(len(b)), holeEnd-sr.pos)]
-			nf, err = tryReadFull(zeroReader{}, bf)
-		}
-		b = b[nf:]
-		sr.pos += int64(nf)
-		if sr.pos >= holeEnd && len(sr.sp) > 1 {
-			sr.sp = sr.sp[1:] // Ensure last fragment always remains
-		}
-	}
-
-	n = len(b0) - len(b)
-	switch {
-	case err == io.EOF:
-		return n, errMissData // Less data in dense file than sparse file
-	case err != nil:
-		return n, err
-	case sr.LogicalRemaining() == 0 && sr.PhysicalRemaining() > 0:
-		return n, errUnrefData // More data in dense file than sparse file
-	case finished:
-		return n, io.EOF
-	default:
-		return n, nil
-	}
-}
-
-func (sr *sparseFileReader) WriteTo(w io.Writer) (n int64, err error) {
-	ws, ok := w.(io.WriteSeeker)
-	if ok {
-		if _, err := ws.Seek(0, io.SeekCurrent); err != nil {
-			ok = false // Not all io.Seeker can really seek
-		}
-	}
-	if !ok {
-		return io.Copy(w, struct{ io.Reader }{sr})
-	}
-
-	var writeLastByte bool
-	pos0 := sr.pos
-	for sr.LogicalRemaining() > 0 && !writeLastByte && err == nil {
-		var nf int64 // Size of fragment
-		holeStart, holeEnd := sr.sp[0].Offset, sr.sp[0].endOffset()
-		if sr.pos < holeStart { // In a data fragment
-			nf = holeStart - sr.pos
-			nf, err = io.CopyN(ws, sr.fr, nf)
-		} else { // In a hole fragment
-			nf = holeEnd - sr.pos
-			if sr.PhysicalRemaining() == 0 {
-				writeLastByte = true
-				nf--
-			}
-			_, err = ws.Seek(nf, io.SeekCurrent)
-		}
-		sr.pos += nf
-		if sr.pos >= holeEnd && len(sr.sp) > 1 {
-			sr.sp = sr.sp[1:] // Ensure last fragment always remains
-		}
-	}
-
-	// If the last fragment is a hole, then seek to 1-byte before EOF, and
-	// write a single byte to ensure the file is the right size.
-	if writeLastByte && err == nil {
-		_, err = ws.Write([]byte{0})
-		sr.pos++
-	}
-
-	n = sr.pos - pos0
-	switch {
-	case err == io.EOF:
-		return n, errMissData // Less data in dense file than sparse file
-	case err != nil:
-		return n, err
-	case sr.LogicalRemaining() == 0 && sr.PhysicalRemaining() > 0:
-		return n, errUnrefData // More data in dense file than sparse file
-	default:
-		return n, nil
-	}
-}
-
-func (sr sparseFileReader) LogicalRemaining() int64 {
-	return sr.sp[len(sr.sp)-1].endOffset() - sr.pos
-}
-func (sr sparseFileReader) PhysicalRemaining() int64 {
-	return sr.fr.PhysicalRemaining()
-}
-
-type zeroReader struct{}
-
-func (zeroReader) Read(b []byte) (int, error) {
-	for i := range b {
-		b[i] = 0
-	}
-	return len(b), nil
-}
-
-// mustReadFull is like io.ReadFull except it returns
-// io.ErrUnexpectedEOF when io.EOF is hit before len(b) bytes are read.
-func mustReadFull(r io.Reader, b []byte) (int, error) {
-	n, err := tryReadFull(r, b)
-	if err == io.EOF {
-		err = io.ErrUnexpectedEOF
-	}
-	return n, err
-}
-
-// tryReadFull is like io.ReadFull except it returns
-// io.EOF when it is hit before len(b) bytes are read.
-func tryReadFull(r io.Reader, b []byte) (n int, err error) {
-	for len(b) > n && err == nil {
-		var nn int
-		nn, err = r.Read(b[n:])
-		n += nn
-	}
-	if len(b) == n && err == io.EOF {
-		err = nil
-	}
-	return n, err
-}
-
-// discard skips n bytes in r, reporting an error if unable to do so.
-func discard(r io.Reader, n int64) error {
-	// If possible, Seek to the last byte before the end of the data section.
-	// Do this because Seek is often lazy about reporting errors; this will mask
-	// the fact that the stream may be truncated. We can rely on the
-	// io.CopyN done shortly afterwards to trigger any IO errors.
-	var seekSkipped int64 // Number of bytes skipped via Seek
-	if sr, ok := r.(io.Seeker); ok && n > 1 {
-		// Not all io.Seeker can actually Seek. For example, os.Stdin implements
-		// io.Seeker, but calling Seek always returns an error and performs
-		// no action. Thus, we try an innocent seek to the current position
-		// to see if Seek is really supported.
-		pos1, err := sr.Seek(0, io.SeekCurrent)
-		if pos1 >= 0 && err == nil {
-			// Seek seems supported, so perform the real Seek.
-			pos2, err := sr.Seek(n-1, io.SeekCurrent)
-			if pos2 < 0 || err != nil {
-				return err
-			}
-			seekSkipped = pos2 - pos1
-		}
-	}
-
-	copySkipped, err := io.CopyN(ioutil.Discard, r, n-seekSkipped)
-	if err == io.EOF && seekSkipped+copySkipped < n {
-		err = io.ErrUnexpectedEOF
-	}
-	return err
-}

vendor/archive/tar/stat_actime1.go

@@ -1,20 +0,0 @@
-// Copyright 2012 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build linux dragonfly openbsd solaris
-
-package tar
-
-import (
-	"syscall"
-	"time"
-)
-
-func statAtime(st *syscall.Stat_t) time.Time {
-	return time.Unix(st.Atim.Unix())
-}
-
-func statCtime(st *syscall.Stat_t) time.Time {
-	return time.Unix(st.Ctim.Unix())
-}

vendor/archive/tar/stat_actime2.go

@@ -1,20 +0,0 @@
-// Copyright 2012 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build darwin freebsd netbsd
-
-package tar
-
-import (
-	"syscall"
-	"time"
-)
-
-func statAtime(st *syscall.Stat_t) time.Time {
-	return time.Unix(st.Atimespec.Unix())
-}
-
-func statCtime(st *syscall.Stat_t) time.Time {
-	return time.Unix(st.Ctimespec.Unix())
-}

vendor/archive/tar/stat_unix.go

@@ -1,76 +0,0 @@
-// Copyright 2012 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build linux darwin dragonfly freebsd openbsd netbsd solaris
-
-package tar
-
-import (
-	"os"
-	"runtime"
-	"syscall"
-)
-
-func init() {
-	sysStat = statUnix
-}
-
-func statUnix(fi os.FileInfo, h *Header) error {
-	sys, ok := fi.Sys().(*syscall.Stat_t)
-	if !ok {
-		return nil
-	}
-	h.Uid = int(sys.Uid)
-	h.Gid = int(sys.Gid)
-
-	// TODO(bradfitz): populate username & group.  os/user
-	// doesn't cache LookupId lookups, and lacks group
-	// lookup functions.
-	h.AccessTime = statAtime(sys)
-	h.ChangeTime = statCtime(sys)
-
-	// Best effort at populating Devmajor and Devminor.
-	if h.Typeflag == TypeChar || h.Typeflag == TypeBlock {
-		dev := uint64(sys.Rdev) // May be int32 or uint32
-		switch runtime.GOOS {
-		case "linux":
-			// Copied from golang.org/x/sys/unix/dev_linux.go.
-			major := uint32((dev & 0x00000000000fff00) >> 8)
-			major |= uint32((dev & 0xfffff00000000000) >> 32)
-			minor := uint32((dev & 0x00000000000000ff) >> 0)
-			minor |= uint32((dev & 0x00000ffffff00000) >> 12)
-			h.Devmajor, h.Devminor = int64(major), int64(minor)
-		case "darwin":
-			// Copied from golang.org/x/sys/unix/dev_darwin.go.
-			major := uint32((dev >> 24) & 0xff)
-			minor := uint32(dev & 0xffffff)
-			h.Devmajor, h.Devminor = int64(major), int64(minor)
-		case "dragonfly":
-			// Copied from golang.org/x/sys/unix/dev_dragonfly.go.
-			major := uint32((dev >> 8) & 0xff)
-			minor := uint32(dev & 0xffff00ff)
-			h.Devmajor, h.Devminor = int64(major), int64(minor)
-		case "freebsd":
-			// Copied from golang.org/x/sys/unix/dev_freebsd.go.
-			major := uint32((dev >> 8) & 0xff)
-			minor := uint32(dev & 0xffff00ff)
-			h.Devmajor, h.Devminor = int64(major), int64(minor)
-		case "netbsd":
-			// Copied from golang.org/x/sys/unix/dev_netbsd.go.
-			major := uint32((dev & 0x000fff00) >> 8)
-			minor := uint32((dev & 0x000000ff) >> 0)
-			minor |= uint32((dev & 0xfff00000) >> 12)
-			h.Devmajor, h.Devminor = int64(major), int64(minor)
-		case "openbsd":
-			// Copied from golang.org/x/sys/unix/dev_openbsd.go.
-			major := uint32((dev & 0x0000ff00) >> 8)
-			minor := uint32((dev & 0x000000ff) >> 0)
-			minor |= uint32((dev & 0xffff0000) >> 8)
-			h.Devmajor, h.Devminor = int64(major), int64(minor)
-		default:
-			// TODO: Implement solaris (see https://golang.org/issue/8106)
-		}
-	}
-	return nil
-}

vendor/archive/tar/strconv.go

@@ -1,326 +0,0 @@
-// Copyright 2016 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package tar
-
-import (
-	"bytes"
-	"fmt"
-	"strconv"
-	"strings"
-	"time"
-)
-
-// hasNUL reports whether the NUL character exists within s.
-func hasNUL(s string) bool {
-	return strings.IndexByte(s, 0) >= 0
-}
-
-// isASCII reports whether the input is an ASCII C-style string.
-func isASCII(s string) bool {
-	for _, c := range s {
-		if c >= 0x80 || c == 0x00 {
-			return false
-		}
-	}
-	return true
-}
-
-// toASCII converts the input to an ASCII C-style string.
-// This a best effort conversion, so invalid characters are dropped.
-func toASCII(s string) string {
-	if isASCII(s) {
-		return s
-	}
-	b := make([]byte, 0, len(s))
-	for _, c := range s {
-		if c < 0x80 && c != 0x00 {
-			b = append(b, byte(c))
-		}
-	}
-	return string(b)
-}
-
-type parser struct {
-	err error // Last error seen
-}
-
-type formatter struct {
-	err error // Last error seen
-}
-
-// parseString parses bytes as a NUL-terminated C-style string.
-// If a NUL byte is not found then the whole slice is returned as a string.
-func (*parser) parseString(b []byte) string {
-	if i := bytes.IndexByte(b, 0); i >= 0 {
-		return string(b[:i])
-	}
-	return string(b)
-}
-
-// formatString copies s into b, NUL-terminating if possible.
-func (f *formatter) formatString(b []byte, s string) {
-	if len(s) > len(b) {
-		f.err = ErrFieldTooLong
-	}
-	copy(b, s)
-	if len(s) < len(b) {
-		b[len(s)] = 0
-	}
-
-	// Some buggy readers treat regular files with a trailing slash
-	// in the V7 path field as a directory even though the full path
-	// recorded elsewhere (e.g., via PAX record) contains no trailing slash.
-	if len(s) > len(b) && b[len(b)-1] == '/' {
-		n := len(strings.TrimRight(s[:len(b)], "/"))
-		b[n] = 0 // Replace trailing slash with NUL terminator
-	}
-}
-
-// fitsInBase256 reports whether x can be encoded into n bytes using base-256
-// encoding. Unlike octal encoding, base-256 encoding does not require that the
-// string ends with a NUL character. Thus, all n bytes are available for output.
-//
-// If operating in binary mode, this assumes strict GNU binary mode; which means
-// that the first byte can only be either 0x80 or 0xff. Thus, the first byte is
-// equivalent to the sign bit in two's complement form.
-func fitsInBase256(n int, x int64) bool {
-	binBits := uint(n-1) * 8
-	return n >= 9 || (x >= -1<<binBits && x < 1<<binBits)
-}
-
-// parseNumeric parses the input as being encoded in either base-256 or octal.
-// This function may return negative numbers.
-// If parsing fails or an integer overflow occurs, err will be set.
-func (p *parser) parseNumeric(b []byte) int64 {
-	// Check for base-256 (binary) format first.
-	// If the first bit is set, then all following bits constitute a two's
-	// complement encoded number in big-endian byte order.
-	if len(b) > 0 && b[0]&0x80 != 0 {
-		// Handling negative numbers relies on the following identity:
-		//	-a-1 == ^a
-		//
-		// If the number is negative, we use an inversion mask to invert the
-		// data bytes and treat the value as an unsigned number.
-		var inv byte // 0x00 if positive or zero, 0xff if negative
-		if b[0]&0x40 != 0 {
-			inv = 0xff
-		}
-
-		var x uint64
-		for i, c := range b {
-			c ^= inv // Inverts c only if inv is 0xff, otherwise does nothing
-			if i == 0 {
-				c &= 0x7f // Ignore signal bit in first byte
-			}
-			if (x >> 56) > 0 {
-				p.err = ErrHeader // Integer overflow
-				return 0
-			}
-			x = x<<8 | uint64(c)
-		}
-		if (x >> 63) > 0 {
-			p.err = ErrHeader // Integer overflow
-			return 0
-		}
-		if inv == 0xff {
-			return ^int64(x)
-		}
-		return int64(x)
-	}
-
-	// Normal case is base-8 (octal) format.
-	return p.parseOctal(b)
-}
-
-// formatNumeric encodes x into b using base-8 (octal) encoding if possible.
-// Otherwise it will attempt to use base-256 (binary) encoding.
-func (f *formatter) formatNumeric(b []byte, x int64) {
-	if fitsInOctal(len(b), x) {
-		f.formatOctal(b, x)
-		return
-	}
-
-	if fitsInBase256(len(b), x) {
-		for i := len(b) - 1; i >= 0; i-- {
-			b[i] = byte(x)
-			x >>= 8
-		}
-		b[0] |= 0x80 // Highest bit indicates binary format
-		return
-	}
-
-	f.formatOctal(b, 0) // Last resort, just write zero
-	f.err = ErrFieldTooLong
-}
-
-func (p *parser) parseOctal(b []byte) int64 {
-	// Because unused fields are filled with NULs, we need
-	// to skip leading NULs. Fields may also be padded with
-	// spaces or NULs.
-	// So we remove leading and trailing NULs and spaces to
-	// be sure.
-	b = bytes.Trim(b, " \x00")
-
-	if len(b) == 0 {
-		return 0
-	}
-	x, perr := strconv.ParseUint(p.parseString(b), 8, 64)
-	if perr != nil {
-		p.err = ErrHeader
-	}
-	return int64(x)
-}
-
-func (f *formatter) formatOctal(b []byte, x int64) {
-	if !fitsInOctal(len(b), x) {
-		x = 0 // Last resort, just write zero
-		f.err = ErrFieldTooLong
-	}
-
-	s := strconv.FormatInt(x, 8)
-	// Add leading zeros, but leave room for a NUL.
-	if n := len(b) - len(s) - 1; n > 0 {
-		s = strings.Repeat("0", n) + s
-	}
-	f.formatString(b, s)
-}
-
-// fitsInOctal reports whether the integer x fits in a field n-bytes long
-// using octal encoding with the appropriate NUL terminator.
-func fitsInOctal(n int, x int64) bool {
-	octBits := uint(n-1) * 3
-	return x >= 0 && (n >= 22 || x < 1<<octBits)
-}
-
-// parsePAXTime takes a string of the form %d.%d as described in the PAX
-// specification. Note that this implementation allows for negative timestamps,
-// which is allowed for by the PAX specification, but not always portable.
-func parsePAXTime(s string) (time.Time, error) {
-	const maxNanoSecondDigits = 9
-
-	// Split string into seconds and sub-seconds parts.
-	ss, sn := s, ""
-	if pos := strings.IndexByte(s, '.'); pos >= 0 {
-		ss, sn = s[:pos], s[pos+1:]
-	}
-
-	// Parse the seconds.
-	secs, err := strconv.ParseInt(ss, 10, 64)
-	if err != nil {
-		return time.Time{}, ErrHeader
-	}
-	if len(sn) == 0 {
-		return time.Unix(secs, 0), nil // No sub-second values
-	}
-
-	// Parse the nanoseconds.
-	if strings.Trim(sn, "0123456789") != "" {
-		return time.Time{}, ErrHeader
-	}
-	if len(sn) < maxNanoSecondDigits {
-		sn += strings.Repeat("0", maxNanoSecondDigits-len(sn)) // Right pad
-	} else {
-		sn = sn[:maxNanoSecondDigits] // Right truncate
-	}
-	nsecs, _ := strconv.ParseInt(sn, 10, 64) // Must succeed
-	if len(ss) > 0 && ss[0] == '-' {
-		return time.Unix(secs, -1*nsecs), nil // Negative correction
-	}
-	return time.Unix(secs, nsecs), nil
-}
-
-// formatPAXTime converts ts into a time of the form %d.%d as described in the
-// PAX specification. This function is capable of negative timestamps.
-func formatPAXTime(ts time.Time) (s string) {
-	secs, nsecs := ts.Unix(), ts.Nanosecond()
-	if nsecs == 0 {
-		return strconv.FormatInt(secs, 10)
-	}
-
-	// If seconds is negative, then perform correction.
-	sign := ""
-	if secs < 0 {
-		sign = "-"             // Remember sign
-		secs = -(secs + 1)     // Add a second to secs
-		nsecs = -(nsecs - 1E9) // Take that second away from nsecs
-	}
-	return strings.TrimRight(fmt.Sprintf("%s%d.%09d", sign, secs, nsecs), "0")
-}
-
-// parsePAXRecord parses the input PAX record string into a key-value pair.
-// If parsing is successful, it will slice off the currently read record and
-// return the remainder as r.
-func parsePAXRecord(s string) (k, v, r string, err error) {
-	// The size field ends at the first space.
-	sp := strings.IndexByte(s, ' ')
-	if sp == -1 {
-		return "", "", s, ErrHeader
-	}
-
-	// Parse the first token as a decimal integer.
-	n, perr := strconv.ParseInt(s[:sp], 10, 0) // Intentionally parse as native int
-	if perr != nil || n < 5 || int64(len(s)) < n {
-		return "", "", s, ErrHeader
-	}
-
-	// Extract everything between the space and the final newline.
-	rec, nl, rem := s[sp+1:n-1], s[n-1:n], s[n:]
-	if nl != "\n" {
-		return "", "", s, ErrHeader
-	}
-
-	// The first equals separates the key from the value.
-	eq := strings.IndexByte(rec, '=')
-	if eq == -1 {
-		return "", "", s, ErrHeader
-	}
-	k, v = rec[:eq], rec[eq+1:]
-
-	if !validPAXRecord(k, v) {
-		return "", "", s, ErrHeader
-	}
-	return k, v, rem, nil
-}
-
-// formatPAXRecord formats a single PAX record, prefixing it with the
-// appropriate length.
-func formatPAXRecord(k, v string) (string, error) {
-	if !validPAXRecord(k, v) {
-		return "", ErrHeader
-	}
-
-	const padding = 3 // Extra padding for ' ', '=', and '\n'
-	size := len(k) + len(v) + padding
-	size += len(strconv.Itoa(size))
-	record := strconv.Itoa(size) + " " + k + "=" + v + "\n"
-
-	// Final adjustment if adding size field increased the record size.
-	if len(record) != size {
-		size = len(record)
-		record = strconv.Itoa(size) + " " + k + "=" + v + "\n"
-	}
-	return record, nil
-}
-
-// validPAXRecord reports whether the key-value pair is valid where each
-// record is formatted as:
-//	"%d %s=%s\n" % (size, key, value)
-//
-// Keys and values should be UTF-8, but the number of bad writers out there
-// forces us to be a more liberal.
-// Thus, we only reject all keys with NUL, and only reject NULs in values
-// for the PAX version of the USTAR string fields.
-// The key must not contain an '=' character.
-func validPAXRecord(k, v string) bool {
-	if k == "" || strings.IndexByte(k, '=') >= 0 {
-		return false
-	}
-	switch k {
-	case paxPath, paxLinkpath, paxUname, paxGname:
-		return !hasNUL(v)
-	default:
-		return !hasNUL(k)
-	}
-}

vendor/archive/tar/writer.go

@@ -1,644 +0,0 @@
-// Copyright 2009 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package tar
-
-import (
-	"bytes"
-	"fmt"
-	"io"
-	"path"
-	"sort"
-	"strings"
-	"time"
-)
-
-// Writer provides sequential writing of a tar archive.
-// Write.WriteHeader begins a new file with the provided Header,
-// and then Writer can be treated as an io.Writer to supply that file's data.
-type Writer struct {
-	w    io.Writer
-	pad  int64      // Amount of padding to write after current file entry
-	curr fileWriter // Writer for current file entry
-	hdr  Header     // Shallow copy of Header that is safe for mutations
-	blk  block      // Buffer to use as temporary local storage
-
-	// err is a persistent error.
-	// It is only the responsibility of every exported method of Writer to
-	// ensure that this error is sticky.
-	err error
-}
-
-// NewWriter creates a new Writer writing to w.
-func NewWriter(w io.Writer) *Writer {
-	return &Writer{w: w, curr: &regFileWriter{w, 0}}
-}
-
-type fileWriter interface {
-	io.Writer
-	fileState
-
-	ReadFrom(io.Reader) (int64, error)
-}
-
-// Flush finishes writing the current file's block padding.
-// The current file must be fully written before Flush can be called.
-//
-// This is unnecessary as the next call to WriteHeader or Close
-// will implicitly flush out the file's padding.
-func (tw *Writer) Flush() error {
-	if tw.err != nil {
-		return tw.err
-	}
-	if nb := tw.curr.LogicalRemaining(); nb > 0 {
-		return fmt.Errorf("archive/tar: missed writing %d bytes", nb)
-	}
-	if _, tw.err = tw.w.Write(zeroBlock[:tw.pad]); tw.err != nil {
-		return tw.err
-	}
-	tw.pad = 0
-	return nil
-}
-
-// WriteHeader writes hdr and prepares to accept the file's contents.
-// The Header.Size determines how many bytes can be written for the next file.
-// If the current file is not fully written, then this returns an error.
-// This implicitly flushes any padding necessary before writing the header.
-func (tw *Writer) WriteHeader(hdr *Header) error {
-	if err := tw.Flush(); err != nil {
-		return err
-	}
-	tw.hdr = *hdr // Shallow copy of Header
-
-	// Round ModTime and ignore AccessTime and ChangeTime unless
-	// the format is explicitly chosen.
-	// This ensures nominal usage of WriteHeader (without specifying the format)
-	// does not always result in the PAX format being chosen, which
-	// causes a 1KiB increase to every header.
-	if tw.hdr.Format == FormatUnknown {
-		tw.hdr.ModTime = tw.hdr.ModTime.Round(time.Second)
-		tw.hdr.AccessTime = time.Time{}
-		tw.hdr.ChangeTime = time.Time{}
-	}
-
-	allowedFormats, paxHdrs, err := tw.hdr.allowedFormats()
-	switch {
-	case allowedFormats.has(FormatUSTAR):
-		tw.err = tw.writeUSTARHeader(&tw.hdr)
-		return tw.err
-	case allowedFormats.has(FormatPAX):
-		tw.err = tw.writePAXHeader(&tw.hdr, paxHdrs)
-		return tw.err
-	case allowedFormats.has(FormatGNU):
-		tw.err = tw.writeGNUHeader(&tw.hdr)
-		return tw.err
-	default:
-		return err // Non-fatal error
-	}
-}
-
-func (tw *Writer) writeUSTARHeader(hdr *Header) error {
-	// Check if we can use USTAR prefix/suffix splitting.
-	var namePrefix string
-	if prefix, suffix, ok := splitUSTARPath(hdr.Name); ok {
-		namePrefix, hdr.Name = prefix, suffix
-	}
-
-	// Pack the main header.
-	var f formatter
-	blk := tw.templateV7Plus(hdr, f.formatString, f.formatOctal)
-	f.formatString(blk.USTAR().Prefix(), namePrefix)
-	blk.SetFormat(FormatUSTAR)
-	if f.err != nil {
-		return f.err // Should never happen since header is validated
-	}
-	return tw.writeRawHeader(blk, hdr.Size, hdr.Typeflag)
-}
-
-func (tw *Writer) writePAXHeader(hdr *Header, paxHdrs map[string]string) error {
-	realName, realSize := hdr.Name, hdr.Size
-
-	// TODO(dsnet): Re-enable this when adding sparse support.
-	// See https://golang.org/issue/22735
-	/*
-		// Handle sparse files.
-		var spd sparseDatas
-		var spb []byte
-		if len(hdr.SparseHoles) > 0 {
-			sph := append([]sparseEntry{}, hdr.SparseHoles...) // Copy sparse map
-			sph = alignSparseEntries(sph, hdr.Size)
-			spd = invertSparseEntries(sph, hdr.Size)
-
-			// Format the sparse map.
-			hdr.Size = 0 // Replace with encoded size
-			spb = append(strconv.AppendInt(spb, int64(len(spd)), 10), '\n')
-			for _, s := range spd {
-				hdr.Size += s.Length
-				spb = append(strconv.AppendInt(spb, s.Offset, 10), '\n')
-				spb = append(strconv.AppendInt(spb, s.Length, 10), '\n')
-			}
-			pad := blockPadding(int64(len(spb)))
-			spb = append(spb, zeroBlock[:pad]...)
-			hdr.Size += int64(len(spb)) // Accounts for encoded sparse map
-
-			// Add and modify appropriate PAX records.
-			dir, file := path.Split(realName)
-			hdr.Name = path.Join(dir, "GNUSparseFile.0", file)
-			paxHdrs[paxGNUSparseMajor] = "1"
-			paxHdrs[paxGNUSparseMinor] = "0"
-			paxHdrs[paxGNUSparseName] = realName
-			paxHdrs[paxGNUSparseRealSize] = strconv.FormatInt(realSize, 10)
-			paxHdrs[paxSize] = strconv.FormatInt(hdr.Size, 10)
-			delete(paxHdrs, paxPath) // Recorded by paxGNUSparseName
-		}
-	*/
-	_ = realSize
-
-	// Write PAX records to the output.
-	isGlobal := hdr.Typeflag == TypeXGlobalHeader
-	if len(paxHdrs) > 0 || isGlobal {
-		// Sort keys for deterministic ordering.
-		var keys []string
-		for k := range paxHdrs {
-			keys = append(keys, k)
-		}
-		sort.Strings(keys)
-
-		// Write each record to a buffer.
-		var buf bytes.Buffer
-		for _, k := range keys {
-			rec, err := formatPAXRecord(k, paxHdrs[k])
-			if err != nil {
-				return err
-			}
-			buf.WriteString(rec)
-		}
-
-		// Write the extended header file.
-		var name string
-		var flag byte
-		if isGlobal {
-			name = realName
-			if name == "" {
-				name = "GlobalHead.0.0"
-			}
-			flag = TypeXGlobalHeader
-		} else {
-			dir, file := path.Split(realName)
-			name = path.Join(dir, "PaxHeaders.0", file)
-			flag = TypeXHeader
-		}
-		data := buf.String()
-		if err := tw.writeRawFile(name, data, flag, FormatPAX); err != nil || isGlobal {
-			return err // Global headers return here
-		}
-	}
-
-	// Pack the main header.
-	var f formatter // Ignore errors since they are expected
-	fmtStr := func(b []byte, s string) { f.formatString(b, toASCII(s)) }
-	blk := tw.templateV7Plus(hdr, fmtStr, f.formatOctal)
-	blk.SetFormat(FormatPAX)
-	if err := tw.writeRawHeader(blk, hdr.Size, hdr.Typeflag); err != nil {
-		return err
-	}
-
-	// TODO(dsnet): Re-enable this when adding sparse support.
-	// See https://golang.org/issue/22735
-	/*
-		// Write the sparse map and setup the sparse writer if necessary.
-		if len(spd) > 0 {
-			// Use tw.curr since the sparse map is accounted for in hdr.Size.
-			if _, err := tw.curr.Write(spb); err != nil {
-				return err
-			}
-			tw.curr = &sparseFileWriter{tw.curr, spd, 0}
-		}
-	*/
-	return nil
-}
-
-func (tw *Writer) writeGNUHeader(hdr *Header) error {
-	// Use long-link files if Name or Linkname exceeds the field size.
-	const longName = "././@LongLink"
-	if len(hdr.Name) > nameSize {
-		data := hdr.Name + "\x00"
-		if err := tw.writeRawFile(longName, data, TypeGNULongName, FormatGNU); err != nil {
-			return err
-		}
-	}
-	if len(hdr.Linkname) > nameSize {
-		data := hdr.Linkname + "\x00"
-		if err := tw.writeRawFile(longName, data, TypeGNULongLink, FormatGNU); err != nil {
-			return err
-		}
-	}
-
-	// Pack the main header.
-	var f formatter // Ignore errors since they are expected
-	var spd sparseDatas
-	var spb []byte
-	blk := tw.templateV7Plus(hdr, f.formatString, f.formatNumeric)
-	if !hdr.AccessTime.IsZero() {
-		f.formatNumeric(blk.GNU().AccessTime(), hdr.AccessTime.Unix())
-	}
-	if !hdr.ChangeTime.IsZero() {
-		f.formatNumeric(blk.GNU().ChangeTime(), hdr.ChangeTime.Unix())
-	}
-	// TODO(dsnet): Re-enable this when adding sparse support.
-	// See https://golang.org/issue/22735
-	/*
-		if hdr.Typeflag == TypeGNUSparse {
-			sph := append([]sparseEntry{}, hdr.SparseHoles...) // Copy sparse map
-			sph = alignSparseEntries(sph, hdr.Size)
-			spd = invertSparseEntries(sph, hdr.Size)
-
-			// Format the sparse map.
-			formatSPD := func(sp sparseDatas, sa sparseArray) sparseDatas {
-				for i := 0; len(sp) > 0 && i < sa.MaxEntries(); i++ {
-					f.formatNumeric(sa.Entry(i).Offset(), sp[0].Offset)
-					f.formatNumeric(sa.Entry(i).Length(), sp[0].Length)
-					sp = sp[1:]
-				}
-				if len(sp) > 0 {
-					sa.IsExtended()[0] = 1
-				}
-				return sp
-			}
-			sp2 := formatSPD(spd, blk.GNU().Sparse())
-			for len(sp2) > 0 {
-				var spHdr block
-				sp2 = formatSPD(sp2, spHdr.Sparse())
-				spb = append(spb, spHdr[:]...)
-			}
-
-			// Update size fields in the header block.
-			realSize := hdr.Size
-			hdr.Size = 0 // Encoded size; does not account for encoded sparse map
-			for _, s := range spd {
-				hdr.Size += s.Length
-			}
-			copy(blk.V7().Size(), zeroBlock[:]) // Reset field
-			f.formatNumeric(blk.V7().Size(), hdr.Size)
-			f.formatNumeric(blk.GNU().RealSize(), realSize)
-		}
-	*/
-	blk.SetFormat(FormatGNU)
-	if err := tw.writeRawHeader(blk, hdr.Size, hdr.Typeflag); err != nil {
-		return err
-	}
-
-	// Write the extended sparse map and setup the sparse writer if necessary.
-	if len(spd) > 0 {
-		// Use tw.w since the sparse map is not accounted for in hdr.Size.
-		if _, err := tw.w.Write(spb); err != nil {
-			return err
-		}
-		tw.curr = &sparseFileWriter{tw.curr, spd, 0}
-	}
-	return nil
-}
-
-type (
-	stringFormatter func([]byte, string)
-	numberFormatter func([]byte, int64)
-)
-
-// templateV7Plus fills out the V7 fields of a block using values from hdr.
-// It also fills out fields (uname, gname, devmajor, devminor) that are
-// shared in the USTAR, PAX, and GNU formats using the provided formatters.
-//
-// The block returned is only valid until the next call to
-// templateV7Plus or writeRawFile.
-func (tw *Writer) templateV7Plus(hdr *Header, fmtStr stringFormatter, fmtNum numberFormatter) *block {
-	tw.blk.Reset()
-
-	modTime := hdr.ModTime
-	if modTime.IsZero() {
-		modTime = time.Unix(0, 0)
-	}
-
-	v7 := tw.blk.V7()
-	v7.TypeFlag()[0] = hdr.Typeflag
-	fmtStr(v7.Name(), hdr.Name)
-	fmtStr(v7.LinkName(), hdr.Linkname)
-	fmtNum(v7.Mode(), hdr.Mode)
-	fmtNum(v7.UID(), int64(hdr.Uid))
-	fmtNum(v7.GID(), int64(hdr.Gid))
-	fmtNum(v7.Size(), hdr.Size)
-	fmtNum(v7.ModTime(), modTime.Unix())
-
-	ustar := tw.blk.USTAR()
-	fmtStr(ustar.UserName(), hdr.Uname)
-	fmtStr(ustar.GroupName(), hdr.Gname)
-	fmtNum(ustar.DevMajor(), hdr.Devmajor)
-	fmtNum(ustar.DevMinor(), hdr.Devminor)
-
-	return &tw.blk
-}
-
-// writeRawFile writes a minimal file with the given name and flag type.
-// It uses format to encode the header format and will write data as the body.
-// It uses default values for all of the other fields (as BSD and GNU tar does).
-func (tw *Writer) writeRawFile(name, data string, flag byte, format Format) error {
-	tw.blk.Reset()
-
-	// Best effort for the filename.
-	name = toASCII(name)
-	if len(name) > nameSize {
-		name = name[:nameSize]
-	}
-	name = strings.TrimRight(name, "/")
-
-	var f formatter
-	v7 := tw.blk.V7()
-	v7.TypeFlag()[0] = flag
-	f.formatString(v7.Name(), name)
-	f.formatOctal(v7.Mode(), 0)
-	f.formatOctal(v7.UID(), 0)
-	f.formatOctal(v7.GID(), 0)
-	f.formatOctal(v7.Size(), int64(len(data))) // Must be < 8GiB
-	f.formatOctal(v7.ModTime(), 0)
-	tw.blk.SetFormat(format)
-	if f.err != nil {
-		return f.err // Only occurs if size condition is violated
-	}
-
-	// Write the header and data.
-	if err := tw.writeRawHeader(&tw.blk, int64(len(data)), flag); err != nil {
-		return err
-	}
-	_, err := io.WriteString(tw, data)
-	return err
-}
-
-// writeRawHeader writes the value of blk, regardless of its value.
-// It sets up the Writer such that it can accept a file of the given size.
-// If the flag is a special header-only flag, then the size is treated as zero.
-func (tw *Writer) writeRawHeader(blk *block, size int64, flag byte) error {
-	if err := tw.Flush(); err != nil {
-		return err
-	}
-	if _, err := tw.w.Write(blk[:]); err != nil {
-		return err
-	}
-	if isHeaderOnlyType(flag) {
-		size = 0
-	}
-	tw.curr = &regFileWriter{tw.w, size}
-	tw.pad = blockPadding(size)
-	return nil
-}
-
-// splitUSTARPath splits a path according to USTAR prefix and suffix rules.
-// If the path is not splittable, then it will return ("", "", false).
-func splitUSTARPath(name string) (prefix, suffix string, ok bool) {
-	length := len(name)
-	if length <= nameSize || !isASCII(name) {
-		return "", "", false
-	} else if length > prefixSize+1 {
-		length = prefixSize + 1
-	} else if name[length-1] == '/' {
-		length--
-	}
-
-	i := strings.LastIndex(name[:length], "/")
-	nlen := len(name) - i - 1 // nlen is length of suffix
-	plen := i                 // plen is length of prefix
-	if i <= 0 || nlen > nameSize || nlen == 0 || plen > prefixSize {
-		return "", "", false
-	}
-	return name[:i], name[i+1:], true
-}
-
-// Write writes to the current file in the tar archive.
-// Write returns the error ErrWriteTooLong if more than
-// Header.Size bytes are written after WriteHeader.
-//
-// Calling Write on special types like TypeLink, TypeSymlink, TypeChar,
-// TypeBlock, TypeDir, and TypeFifo returns (0, ErrWriteTooLong) regardless
-// of what the Header.Size claims.
-func (tw *Writer) Write(b []byte) (int, error) {
-	if tw.err != nil {
-		return 0, tw.err
-	}
-	n, err := tw.curr.Write(b)
-	if err != nil && err != ErrWriteTooLong {
-		tw.err = err
-	}
-	return n, err
-}
-
-// readFrom populates the content of the current file by reading from r.
-// The bytes read must match the number of remaining bytes in the current file.
-//
-// If the current file is sparse and r is an io.ReadSeeker,
-// then readFrom uses Seek to skip past holes defined in Header.SparseHoles,
-// assuming that skipped regions are all NULs.
-// This always reads the last byte to ensure r is the right size.
-//
-// TODO(dsnet): Re-export this when adding sparse file support.
-// See https://golang.org/issue/22735
-func (tw *Writer) readFrom(r io.Reader) (int64, error) {
-	if tw.err != nil {
-		return 0, tw.err
-	}
-	n, err := tw.curr.ReadFrom(r)
-	if err != nil && err != ErrWriteTooLong {
-		tw.err = err
-	}
-	return n, err
-}
-
-// Close closes the tar archive by flushing the padding, and writing the footer.
-// If the current file (from a prior call to WriteHeader) is not fully written,
-// then this returns an error.
-func (tw *Writer) Close() error {
-	if tw.err == ErrWriteAfterClose {
-		return nil
-	}
-	if tw.err != nil {
-		return tw.err
-	}
-
-	// Trailer: two zero blocks.
-	err := tw.Flush()
-	for i := 0; i < 2 && err == nil; i++ {
-		_, err = tw.w.Write(zeroBlock[:])
-	}
-
-	// Ensure all future actions are invalid.
-	tw.err = ErrWriteAfterClose
-	return err // Report IO errors
-}
-
-// regFileWriter is a fileWriter for writing data to a regular file entry.
-type regFileWriter struct {
-	w  io.Writer // Underlying Writer
-	nb int64     // Number of remaining bytes to write
-}
-
-func (fw *regFileWriter) Write(b []byte) (n int, err error) {
-	overwrite := int64(len(b)) > fw.nb
-	if overwrite {
-		b = b[:fw.nb]
-	}
-	if len(b) > 0 {
-		n, err = fw.w.Write(b)
-		fw.nb -= int64(n)
-	}
-	switch {
-	case err != nil:
-		return n, err
-	case overwrite:
-		return n, ErrWriteTooLong
-	default:
-		return n, nil
-	}
-}
-
-func (fw *regFileWriter) ReadFrom(r io.Reader) (int64, error) {
-	return io.Copy(struct{ io.Writer }{fw}, r)
-}
-
-func (fw regFileWriter) LogicalRemaining() int64 {
-	return fw.nb
-}
-func (fw regFileWriter) PhysicalRemaining() int64 {
-	return fw.nb
-}
-
-// sparseFileWriter is a fileWriter for writing data to a sparse file entry.
-type sparseFileWriter struct {
-	fw  fileWriter  // Underlying fileWriter
-	sp  sparseDatas // Normalized list of data fragments
-	pos int64       // Current position in sparse file
-}
-
-func (sw *sparseFileWriter) Write(b []byte) (n int, err error) {
-	overwrite := int64(len(b)) > sw.LogicalRemaining()
-	if overwrite {
-		b = b[:sw.LogicalRemaining()]
-	}
-
-	b0 := b
-	endPos := sw.pos + int64(len(b))
-	for endPos > sw.pos && err == nil {
-		var nf int // Bytes written in fragment
-		dataStart, dataEnd := sw.sp[0].Offset, sw.sp[0].endOffset()
-		if sw.pos < dataStart { // In a hole fragment
-			bf := b[:min(int64(len(b)), dataStart-sw.pos)]
-			nf, err = zeroWriter{}.Write(bf)
-		} else { // In a data fragment
-			bf := b[:min(int64(len(b)), dataEnd-sw.pos)]
-			nf, err = sw.fw.Write(bf)
-		}
-		b = b[nf:]
-		sw.pos += int64(nf)
-		if sw.pos >= dataEnd && len(sw.sp) > 1 {
-			sw.sp = sw.sp[1:] // Ensure last fragment always remains
-		}
-	}
-
-	n = len(b0) - len(b)
-	switch {
-	case err == ErrWriteTooLong:
-		return n, errMissData // Not possible; implies bug in validation logic
-	case err != nil:
-		return n, err
-	case sw.LogicalRemaining() == 0 && sw.PhysicalRemaining() > 0:
-		return n, errUnrefData // Not possible; implies bug in validation logic
-	case overwrite:
-		return n, ErrWriteTooLong
-	default:
-		return n, nil
-	}
-}
-
-func (sw *sparseFileWriter) ReadFrom(r io.Reader) (n int64, err error) {
-	rs, ok := r.(io.ReadSeeker)
-	if ok {
-		if _, err := rs.Seek(0, io.SeekCurrent); err != nil {
-			ok = false // Not all io.Seeker can really seek
-		}
-	}
-	if !ok {
-		return io.Copy(struct{ io.Writer }{sw}, r)
-	}
-
-	var readLastByte bool
-	pos0 := sw.pos
-	for sw.LogicalRemaining() > 0 && !readLastByte && err == nil {
-		var nf int64 // Size of fragment
-		dataStart, dataEnd := sw.sp[0].Offset, sw.sp[0].endOffset()
-		if sw.pos < dataStart { // In a hole fragment
-			nf = dataStart - sw.pos
-			if sw.PhysicalRemaining() == 0 {
-				readLastByte = true
-				nf--
-			}
-			_, err = rs.Seek(nf, io.SeekCurrent)
-		} else { // In a data fragment
-			nf = dataEnd - sw.pos
-			nf, err = io.CopyN(sw.fw, rs, nf)
-		}
-		sw.pos += nf
-		if sw.pos >= dataEnd && len(sw.sp) > 1 {
-			sw.sp = sw.sp[1:] // Ensure last fragment always remains
-		}
-	}
-
-	// If the last fragment is a hole, then seek to 1-byte before EOF, and
-	// read a single byte to ensure the file is the right size.
-	if readLastByte && err == nil {
-		_, err = mustReadFull(rs, []byte{0})
-		sw.pos++
-	}
-
-	n = sw.pos - pos0
-	switch {
-	case err == io.EOF:
-		return n, io.ErrUnexpectedEOF
-	case err == ErrWriteTooLong:
-		return n, errMissData // Not possible; implies bug in validation logic
-	case err != nil:
-		return n, err
-	case sw.LogicalRemaining() == 0 && sw.PhysicalRemaining() > 0:
-		return n, errUnrefData // Not possible; implies bug in validation logic
-	default:
-		return n, ensureEOF(rs)
-	}
-}
-
-func (sw sparseFileWriter) LogicalRemaining() int64 {
-	return sw.sp[len(sw.sp)-1].endOffset() - sw.pos
-}
-func (sw sparseFileWriter) PhysicalRemaining() int64 {
-	return sw.fw.PhysicalRemaining()
-}
-
-// zeroWriter may only be written with NULs, otherwise it returns errWriteHole.
-type zeroWriter struct{}
-
-func (zeroWriter) Write(b []byte) (int, error) {
-	for i, c := range b {
-		if c != 0 {
-			return i, errWriteHole
-		}
-	}
-	return len(b), nil
-}
-
-// ensureEOF checks whether r is at EOF, reporting ErrWriteTooLong if not so.
-func ensureEOF(r io.Reader) error {
-	n, err := tryReadFull(r, []byte{0})
-	switch {
-	case n > 0:
-		return ErrWriteTooLong
-	case err == io.EOF:
-		return nil
-	default:
-		return err
-	}
-}

vendor/github.com/containerd/continuity/driver/driver_unix.go

@@ -6,7 +6,6 @@ import (
 	"errors"
 	"fmt"
 	"os"
-	"path/filepath"
 	"sort"
 
 	"github.com/containerd/continuity/devices"
@@ -26,18 +25,6 @@ func (d *driver) Mkfifo(path string, mode os.FileMode) error {
 	return devices.Mknod(path, mode, 0, 0)
 }
 
-// Lchmod changes the mode of an file not following symlinks.
-func (d *driver) Lchmod(path string, mode os.FileMode) (err error) {
-	if !filepath.IsAbs(path) {
-		path, err = filepath.Abs(path)
-		if err != nil {
-			return
-		}
-	}
-
-	return sysx.Fchmodat(0, path, uint32(mode), sysx.AtSymlinkNofollow)
-}
-
 // Getxattr returns all of the extended attributes for the file at path p.
 func (d *driver) Getxattr(p string) (map[string][]byte, error) {
 	xattrs, err := sysx.Listxattr(p)

vendor/github.com/containerd/continuity/driver/lchmod_linux.go

@@ -0,0 +1,19 @@
+package driver
+
+import (
+	"os"
+
+	"golang.org/x/sys/unix"
+)
+
+// Lchmod changes the mode of a file not following symlinks.
+func (d *driver) Lchmod(path string, mode os.FileMode) error {
+	// On Linux, file mode is not supported for symlinks,
+	// and fchmodat() does not support AT_SYMLINK_NOFOLLOW,
+	// so symlinks need to be skipped entirely.
+	if st, err := os.Stat(path); err == nil && st.Mode()&os.ModeSymlink != 0 {
+		return nil
+	}
+
+	return unix.Fchmodat(unix.AT_FDCWD, path, uint32(mode), 0)
+}

vendor/github.com/containerd/continuity/driver/lchmod_unix.go

@@ -0,0 +1,14 @@
+// +build darwin freebsd solaris
+
+package driver
+
+import (
+	"os"
+
+	"golang.org/x/sys/unix"
+)
+
+// Lchmod changes the mode of a file not following symlinks.
+func (d *driver) Lchmod(path string, mode os.FileMode) error {
+	return unix.Fchmodat(unix.AT_FDCWD, path, uint32(mode), unix.AT_SYMLINK_NOFOLLOW)
+}

vendor/github.com/containerd/continuity/fs/du.go

@@ -10,8 +10,8 @@ type Usage struct {
 
 // DiskUsage counts the number of inodes and disk usage for the resources under
 // path.
-func DiskUsage(roots ...string) (Usage, error) {
-	return diskUsage(roots...)
+func DiskUsage(ctx context.Context, roots ...string) (Usage, error) {
+	return diskUsage(ctx, roots...)
 }
 
 // DiffUsage counts the numbers of inodes and disk usage in the

vendor/github.com/containerd/continuity/fs/du_unix.go

@@ -24,7 +24,7 @@ func newInode(stat *syscall.Stat_t) inode {
 	}
 }
 
-func diskUsage(roots ...string) (Usage, error) {
+func diskUsage(ctx context.Context, roots ...string) (Usage, error) {
 
 	var (
 		size   int64
@@ -37,6 +37,12 @@ func diskUsage(roots ...string) (Usage, error) {
 				return err
 			}
 
+			select {
+			case <-ctx.Done():
+				return ctx.Err()
+			default:
+			}
+
 			inoKey := newInode(fi.Sys().(*syscall.Stat_t))
 			if _, ok := inodes[inoKey]; !ok {
 				inodes[inoKey] = struct{}{}

vendor/github.com/containerd/continuity/fs/du_windows.go

@@ -8,7 +8,7 @@ import (
 	"path/filepath"
 )
 
-func diskUsage(roots ...string) (Usage, error) {
+func diskUsage(ctx context.Context, roots ...string) (Usage, error) {
 	var (
 		size int64
 	)
@@ -21,6 +21,12 @@ func diskUsage(roots ...string) (Usage, error) {
 				return err
 			}
 
+			select {
+			case <-ctx.Done():
+				return ctx.Err()
+			default:
+			}
+
 			size += fi.Size()
 			return nil
 		}); err != nil {

vendor/github.com/containerd/continuity/sysx/README.md

@@ -0,0 +1,3 @@
+This package is for internal use only. It is intended to only have
+temporary changes before they are upstreamed to golang.org/x/sys/
+(a.k.a. https://github.com/golang/sys).

vendor/github.com/containerd/continuity/sysx/asm.s

@@ -1,10 +0,0 @@
-// Copyright 2014 The Go Authors.  All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build !gccgo
-
-#include "textflag.h"
-
-TEXT ·use(SB),NOSPLIT,$0
-	RET

vendor/github.com/containerd/continuity/sysx/chmod_darwin.go

@@ -1,18 +0,0 @@
-package sysx
-
-const (
-	// AtSymlinkNoFollow defined from AT_SYMLINK_NOFOLLOW in <sys/fcntl.h>
-	AtSymlinkNofollow = 0x20
-)
-
-const (
-
-	// SYS_FCHMODAT defined from golang.org/sys/unix
-	SYS_FCHMODAT = 467
-)
-
-// These functions will be generated by generate.sh
-//    $ GOOS=darwin GOARCH=386 ./generate.sh chmod
-//    $ GOOS=darwin GOARCH=amd64 ./generate.sh chmod
-
-//sys  Fchmodat(dirfd int, path string, mode uint32, flags int) (err error)

vendor/github.com/containerd/continuity/sysx/chmod_darwin_386.go

@@ -1,25 +0,0 @@
-// mksyscall.pl -l32 chmod_darwin.go
-// MACHINE GENERATED BY THE COMMAND ABOVE; DO NOT EDIT
-
-package sysx
-
-import (
-	"syscall"
-	"unsafe"
-)
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Fchmodat(dirfd int, path string, mode uint32, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = syscall.BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := syscall.Syscall6(SYS_FCHMODAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0)
-	use(unsafe.Pointer(_p0))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}

vendor/github.com/containerd/continuity/sysx/chmod_darwin_amd64.go

@@ -1,25 +0,0 @@
-// mksyscall.pl chmod_darwin.go
-// MACHINE GENERATED BY THE COMMAND ABOVE; DO NOT EDIT
-
-package sysx
-
-import (
-	"syscall"
-	"unsafe"
-)
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Fchmodat(dirfd int, path string, mode uint32, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = syscall.BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := syscall.Syscall6(SYS_FCHMODAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0)
-	use(unsafe.Pointer(_p0))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}

vendor/github.com/containerd/continuity/sysx/chmod_freebsd.go

@@ -1,17 +0,0 @@
-package sysx
-
-const (
-	// AtSymlinkNoFollow defined from AT_SYMLINK_NOFOLLOW in <sys/fcntl.h>
-	AtSymlinkNofollow = 0x200
-)
-
-const (
-
-	// SYS_FCHMODAT defined from golang.org/sys/unix
-	SYS_FCHMODAT = 490
-)
-
-// These functions will be generated by generate.sh
-//    $ GOOS=freebsd GOARCH=amd64 ./generate.sh chmod
-
-//sys  Fchmodat(dirfd int, path string, mode uint32, flags int) (err error)

vendor/github.com/containerd/continuity/sysx/chmod_freebsd_amd64.go

@@ -1,25 +0,0 @@
-// mksyscall.pl chmod_freebsd.go
-// MACHINE GENERATED BY THE COMMAND ABOVE; DO NOT EDIT
-
-package sysx
-
-import (
-	"syscall"
-	"unsafe"
-)
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func Fchmodat(dirfd int, path string, mode uint32, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = syscall.BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	_, _, e1 := syscall.Syscall6(SYS_FCHMODAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0)
-	use(unsafe.Pointer(_p0))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}

vendor/github.com/containerd/continuity/sysx/chmod_linux.go

@@ -1,12 +0,0 @@
-package sysx
-
-import "syscall"
-
-const (
-	// AtSymlinkNoFollow defined from AT_SYMLINK_NOFOLLOW in /usr/include/linux/fcntl.h
-	AtSymlinkNofollow = 0x100
-)
-
-func Fchmodat(dirfd int, path string, mode uint32, flags int) error {
-	return syscall.Fchmodat(dirfd, path, mode, flags)
-}

vendor/github.com/containerd/continuity/sysx/chmod_solaris.go

@@ -1,11 +0,0 @@
-package sysx
-
-import "golang.org/x/sys/unix"
-
-const (
-	AtSymlinkNofollow = unix.AT_SYMLINK_NOFOLLOW
-)
-
-func Fchmodat(dirfd int, path string, mode uint32, flags int) error {
-	return unix.Fchmodat(dirfd, path, mode, flags)
-}

vendor/github.com/containerd/continuity/sysx/sys.go

@@ -1,37 +0,0 @@
-package sysx
-
-import (
-	"syscall"
-	"unsafe"
-)
-
-var _zero uintptr
-
-// use is a no-op, but the compiler cannot see that it is.
-// Calling use(p) ensures that p is kept live until that point.
-//go:noescape
-func use(p unsafe.Pointer)
-
-// Do the interface allocations only once for common
-// Errno values.
-var (
-	errEAGAIN error = syscall.EAGAIN
-	errEINVAL error = syscall.EINVAL
-	errENOENT error = syscall.ENOENT
-)
-
-// errnoErr returns common boxed Errno values, to prevent
-// allocations at runtime.
-func errnoErr(e syscall.Errno) error {
-	switch e {
-	case 0:
-		return nil
-	case syscall.EAGAIN:
-		return errEAGAIN
-	case syscall.EINVAL:
-		return errEINVAL
-	case syscall.ENOENT:
-		return errENOENT
-	}
-	return e
-}

vendor/github.com/containerd/continuity/sysx/xattr.go

@@ -1,14 +1,56 @@
+// +build linux darwin
+
 package sysx
 
 import (
 	"bytes"
-	"fmt"
 	"syscall"
+
+	"golang.org/x/sys/unix"
 )
 
-const defaultXattrBufferSize = 5
+// Listxattr calls syscall listxattr and reads all content
+// and returns a string array
+func Listxattr(path string) ([]string, error) {
+	return listxattrAll(path, unix.Listxattr)
+}
+
+// Removexattr calls syscall removexattr
+func Removexattr(path string, attr string) (err error) {
+	return unix.Removexattr(path, attr)
+}
+
+// Setxattr calls syscall setxattr
+func Setxattr(path string, attr string, data []byte, flags int) (err error) {
+	return unix.Setxattr(path, attr, data, flags)
+}
+
+// Getxattr calls syscall getxattr
+func Getxattr(path, attr string) ([]byte, error) {
+	return getxattrAll(path, attr, unix.Getxattr)
+}
 
-var ErrNotSupported = fmt.Errorf("not supported")
+// LListxattr lists xattrs, not following symlinks
+func LListxattr(path string) ([]string, error) {
+	return listxattrAll(path, unix.Llistxattr)
+}
+
+// LRemovexattr removes an xattr, not following symlinks
+func LRemovexattr(path string, attr string) (err error) {
+	return unix.Lremovexattr(path, attr)
+}
+
+// LSetxattr sets an xattr, not following symlinks
+func LSetxattr(path string, attr string, data []byte, flags int) (err error) {
+	return unix.Lsetxattr(path, attr, data, flags)
+}
+
+// LGetxattr gets an xattr, not following symlinks
+func LGetxattr(path, attr string) ([]byte, error) {
+	return getxattrAll(path, attr, unix.Lgetxattr)
+}
+
+const defaultXattrBufferSize = 5
 
 type listxattrFunc func(path string, dest []byte) (int, error)
 

vendor/github.com/containerd/continuity/sysx/xattr_darwin.go

@@ -1,71 +0,0 @@
-package sysx
-
-// These functions will be generated by generate.sh
-//    $ GOOS=darwin GOARCH=386 ./generate.sh xattr
-//    $ GOOS=darwin GOARCH=amd64 ./generate.sh xattr
-
-//sys  getxattr(path string, attr string, dest []byte, pos int, options int) (sz int, err error)
-//sys  setxattr(path string, attr string, data []byte, flags int) (err error)
-//sys  removexattr(path string, attr string, options int) (err error)
-//sys  listxattr(path string, dest []byte, options int) (sz int, err error)
-//sys  Fchmodat(dirfd int, path string, mode uint32, flags int) (err error)
-
-const (
-	xattrNoFollow = 0x01
-)
-
-func listxattrFollow(path string, dest []byte) (sz int, err error) {
-	return listxattr(path, dest, 0)
-}
-
-// Listxattr calls syscall getxattr
-func Listxattr(path string) ([]string, error) {
-	return listxattrAll(path, listxattrFollow)
-}
-
-// Removexattr calls syscall getxattr
-func Removexattr(path string, attr string) (err error) {
-	return removexattr(path, attr, 0)
-}
-
-// Setxattr calls syscall setxattr
-func Setxattr(path string, attr string, data []byte, flags int) (err error) {
-	return setxattr(path, attr, data, flags)
-}
-
-func getxattrFollow(path, attr string, dest []byte) (sz int, err error) {
-	return getxattr(path, attr, dest, 0, 0)
-}
-
-// Getxattr calls syscall getxattr
-func Getxattr(path, attr string) ([]byte, error) {
-	return getxattrAll(path, attr, getxattrFollow)
-}
-
-func listxattrNoFollow(path string, dest []byte) (sz int, err error) {
-	return listxattr(path, dest, xattrNoFollow)
-}
-
-// LListxattr calls syscall listxattr with XATTR_NOFOLLOW
-func LListxattr(path string) ([]string, error) {
-	return listxattrAll(path, listxattrNoFollow)
-}
-
-// LRemovexattr calls syscall removexattr with XATTR_NOFOLLOW
-func LRemovexattr(path string, attr string) (err error) {
-	return removexattr(path, attr, xattrNoFollow)
-}
-
-// Setxattr calls syscall setxattr with XATTR_NOFOLLOW
-func LSetxattr(path string, attr string, data []byte, flags int) (err error) {
-	return setxattr(path, attr, data, flags|xattrNoFollow)
-}
-
-func getxattrNoFollow(path, attr string, dest []byte) (sz int, err error) {
-	return getxattr(path, attr, dest, 0, xattrNoFollow)
-}
-
-// LGetxattr calls syscall getxattr with XATTR_NOFOLLOW
-func LGetxattr(path, attr string) ([]byte, error) {
-	return getxattrAll(path, attr, getxattrNoFollow)
-}

vendor/github.com/containerd/continuity/sysx/xattr_darwin_386.go

@@ -1,111 +0,0 @@
-// mksyscall.pl -l32 xattr_darwin.go
-// MACHINE GENERATED BY THE COMMAND ABOVE; DO NOT EDIT
-
-package sysx
-
-import (
-	"syscall"
-	"unsafe"
-)
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func getxattr(path string, attr string, dest []byte, pos int, options int) (sz int, err error) {
-	var _p0 *byte
-	_p0, err = syscall.BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = syscall.BytePtrFromString(attr)
-	if err != nil {
-		return
-	}
-	var _p2 unsafe.Pointer
-	if len(dest) > 0 {
-		_p2 = unsafe.Pointer(&dest[0])
-	} else {
-		_p2 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := syscall.Syscall6(syscall.SYS_GETXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(_p2), uintptr(len(dest)), uintptr(pos), uintptr(options))
-	use(unsafe.Pointer(_p0))
-	use(unsafe.Pointer(_p1))
-	sz = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func setxattr(path string, attr string, data []byte, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = syscall.BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = syscall.BytePtrFromString(attr)
-	if err != nil {
-		return
-	}
-	var _p2 unsafe.Pointer
-	if len(data) > 0 {
-		_p2 = unsafe.Pointer(&data[0])
-	} else {
-		_p2 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := syscall.Syscall6(syscall.SYS_SETXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(_p2), uintptr(len(data)), uintptr(flags), 0)
-	use(unsafe.Pointer(_p0))
-	use(unsafe.Pointer(_p1))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func removexattr(path string, attr string, options int) (err error) {
-	var _p0 *byte
-	_p0, err = syscall.BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = syscall.BytePtrFromString(attr)
-	if err != nil {
-		return
-	}
-	_, _, e1 := syscall.Syscall(syscall.SYS_REMOVEXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(options))
-	use(unsafe.Pointer(_p0))
-	use(unsafe.Pointer(_p1))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func listxattr(path string, dest []byte, options int) (sz int, err error) {
-	var _p0 *byte
-	_p0, err = syscall.BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 unsafe.Pointer
-	if len(dest) > 0 {
-		_p1 = unsafe.Pointer(&dest[0])
-	} else {
-		_p1 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := syscall.Syscall6(syscall.SYS_LISTXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(dest)), uintptr(options), 0, 0)
-	use(unsafe.Pointer(_p0))
-	sz = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}

vendor/github.com/containerd/continuity/sysx/xattr_darwin_amd64.go

@@ -1,111 +0,0 @@
-// mksyscall.pl xattr_darwin.go
-// MACHINE GENERATED BY THE COMMAND ABOVE; DO NOT EDIT
-
-package sysx
-
-import (
-	"syscall"
-	"unsafe"
-)
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func getxattr(path string, attr string, dest []byte, pos int, options int) (sz int, err error) {
-	var _p0 *byte
-	_p0, err = syscall.BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = syscall.BytePtrFromString(attr)
-	if err != nil {
-		return
-	}
-	var _p2 unsafe.Pointer
-	if len(dest) > 0 {
-		_p2 = unsafe.Pointer(&dest[0])
-	} else {
-		_p2 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := syscall.Syscall6(syscall.SYS_GETXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(_p2), uintptr(len(dest)), uintptr(pos), uintptr(options))
-	use(unsafe.Pointer(_p0))
-	use(unsafe.Pointer(_p1))
-	sz = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func setxattr(path string, attr string, data []byte, flags int) (err error) {
-	var _p0 *byte
-	_p0, err = syscall.BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = syscall.BytePtrFromString(attr)
-	if err != nil {
-		return
-	}
-	var _p2 unsafe.Pointer
-	if len(data) > 0 {
-		_p2 = unsafe.Pointer(&data[0])
-	} else {
-		_p2 = unsafe.Pointer(&_zero)
-	}
-	_, _, e1 := syscall.Syscall6(syscall.SYS_SETXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(_p2), uintptr(len(data)), uintptr(flags), 0)
-	use(unsafe.Pointer(_p0))
-	use(unsafe.Pointer(_p1))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func removexattr(path string, attr string, options int) (err error) {
-	var _p0 *byte
-	_p0, err = syscall.BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 *byte
-	_p1, err = syscall.BytePtrFromString(attr)
-	if err != nil {
-		return
-	}
-	_, _, e1 := syscall.Syscall(syscall.SYS_REMOVEXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(unsafe.Pointer(_p1)), uintptr(options))
-	use(unsafe.Pointer(_p0))
-	use(unsafe.Pointer(_p1))
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}
-
-// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
-
-func listxattr(path string, dest []byte, options int) (sz int, err error) {
-	var _p0 *byte
-	_p0, err = syscall.BytePtrFromString(path)
-	if err != nil {
-		return
-	}
-	var _p1 unsafe.Pointer
-	if len(dest) > 0 {
-		_p1 = unsafe.Pointer(&dest[0])
-	} else {
-		_p1 = unsafe.Pointer(&_zero)
-	}
-	r0, _, e1 := syscall.Syscall6(syscall.SYS_LISTXATTR, uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(dest)), uintptr(options), 0, 0)
-	use(unsafe.Pointer(_p0))
-	sz = int(r0)
-	if e1 != 0 {
-		err = errnoErr(e1)
-	}
-	return
-}

vendor/github.com/containerd/continuity/sysx/xattr_freebsd.go

@@ -1,12 +0,0 @@
-package sysx
-
-import (
-	"errors"
-)
-
-// Initial stub version for FreeBSD. FreeBSD has a different
-// syscall API from Darwin and Linux for extended attributes;
-// it is also not widely used. It is not exposed at all by the
-// Go syscall package, so we need to implement directly eventually.
-
-var unsupported = errors.New("extended attributes unsupported on FreeBSD")

vendor/github.com/containerd/continuity/sysx/xattr_linux.go

@@ -1,44 +0,0 @@
-package sysx
-
-import "golang.org/x/sys/unix"
-
-// Listxattr calls syscall listxattr and reads all content
-// and returns a string array
-func Listxattr(path string) ([]string, error) {
-	return listxattrAll(path, unix.Listxattr)
-}
-
-// Removexattr calls syscall removexattr
-func Removexattr(path string, attr string) (err error) {
-	return unix.Removexattr(path, attr)
-}
-
-// Setxattr calls syscall setxattr
-func Setxattr(path string, attr string, data []byte, flags int) (err error) {
-	return unix.Setxattr(path, attr, data, flags)
-}
-
-// Getxattr calls syscall getxattr
-func Getxattr(path, attr string) ([]byte, error) {
-	return getxattrAll(path, attr, unix.Getxattr)
-}
-
-// LListxattr lists xattrs, not following symlinks
-func LListxattr(path string) ([]string, error) {
-	return listxattrAll(path, unix.Llistxattr)
-}
-
-// LRemovexattr removes an xattr, not following symlinks
-func LRemovexattr(path string, attr string) (err error) {
-	return unix.Lremovexattr(path, attr)
-}
-
-// LSetxattr sets an xattr, not following symlinks
-func LSetxattr(path string, attr string, data []byte, flags int) (err error) {
-	return unix.Lsetxattr(path, attr, data, flags)
-}
-
-// LGetxattr gets an xattr, not following symlinks
-func LGetxattr(path, attr string) ([]byte, error) {
-	return getxattrAll(path, attr, unix.Lgetxattr)
-}

vendor/github.com/containerd/continuity/sysx/xattr_openbsd.go

@@ -1,7 +0,0 @@
-package sysx
-
-import (
-	"errors"
-)
-
-var unsupported = errors.New("extended attributes unsupported on OpenBSD")

vendor/github.com/containerd/continuity/sysx/xattr_solaris.go

@@ -1,12 +0,0 @@
-package sysx
-
-import (
-	"errors"
-)
-
-// Initial stub version for Solaris. Solaris has a different
-// syscall API from Darwin and Linux for extended attributes;
-// it is also not widely used. It is not exposed at all by the
-// Go syscall package, so we need to implement directly eventually.
-
-var unsupported = errors.New("extended attributes unsupported on Solaris")

vendor/github.com/containerd/continuity/sysx/xattr_unsupported.go

@@ -1,7 +1,14 @@
-// +build freebsd openbsd solaris
+// +build !linux,!darwin
 
 package sysx
 
+import (
+	"errors"
+	"runtime"
+)
+
+var unsupported = errors.New("extended attributes unsupported on " + runtime.GOOS)
+
 // Listxattr calls syscall listxattr and reads all content
 // and returns a string array
 func Listxattr(path string) ([]string, error) {

vendor/github.com/containerd/continuity/vendor.conf

@@ -10,4 +10,4 @@ github.com/spf13/pflag 4c012f6dcd9546820e378d0bdda4d8fc772cdfea
 golang.org/x/crypto 9f005a07e0d31d45e6656d241bb5c0f2efd4bc94
 golang.org/x/net a337091b0525af65de94df2eb7e98bd9962dcbe2
 golang.org/x/sync 450f422ab23cf9881c94e2db30cac0eb1b7cf80c
-golang.org/x/sys 665f6529cca930e27b831a0d1dafffbe1c172924
+golang.org/x/sys 77b0e4315053a57ed2962443614bdb28db152054

vendor/github.com/ugorji/go/codec/gen-helper.generated.go

@@ -1,4 +1,4 @@
-// //+build ignore
+/* //+build ignore */
 
 // Copyright (c) 2012-2015 Ugorji Nwoke. All rights reserved.
 // Use of this source code is governed by a MIT license found in the LICENSE file.

vendor/golang.org/x/crypto/otr/libotr_test_helper.c

@@ -0,0 +1,197 @@
+// Copyright 2012 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// This code can be compiled and used to test the otr package against libotr.
+// See otr_test.go.
+
+// +build ignore
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+#include <proto.h>
+#include <message.h>
+#include <privkey.h>
+
+static int g_session_established = 0;
+
+OtrlPolicy policy(void *opdata, ConnContext *context) {
+  return OTRL_POLICY_ALWAYS;
+}
+
+int is_logged_in(void *opdata, const char *accountname, const char *protocol,
+                 const char *recipient) {
+  return 1;
+}
+
+void inject_message(void *opdata, const char *accountname, const char *protocol,
+                    const char *recipient, const char *message) {
+  printf("%s\n", message);
+  fflush(stdout);
+  fprintf(stderr, "libotr helper sent: %s\n", message);
+}
+
+void update_context_list(void *opdata) {}
+
+void new_fingerprint(void *opdata, OtrlUserState us, const char *accountname,
+                     const char *protocol, const char *username,
+                     unsigned char fingerprint[20]) {
+  fprintf(stderr, "NEW FINGERPRINT\n");
+  g_session_established = 1;
+}
+
+void write_fingerprints(void *opdata) {}
+
+void gone_secure(void *opdata, ConnContext *context) {}
+
+void gone_insecure(void *opdata, ConnContext *context) {}
+
+void still_secure(void *opdata, ConnContext *context, int is_reply) {}
+
+int max_message_size(void *opdata, ConnContext *context) { return 99999; }
+
+const char *account_name(void *opdata, const char *account,
+                         const char *protocol) {
+  return "ACCOUNT";
+}
+
+void account_name_free(void *opdata, const char *account_name) {}
+
+const char *error_message(void *opdata, ConnContext *context,
+                          OtrlErrorCode err_code) {
+  return "ERR";
+}
+
+void error_message_free(void *opdata, const char *msg) {}
+
+void resent_msg_prefix_free(void *opdata, const char *prefix) {}
+
+void handle_smp_event(void *opdata, OtrlSMPEvent smp_event,
+                      ConnContext *context, unsigned short progress_event,
+                      char *question) {}
+
+void handle_msg_event(void *opdata, OtrlMessageEvent msg_event,
+                      ConnContext *context, const char *message,
+                      gcry_error_t err) {
+  fprintf(stderr, "msg event: %d %s\n", msg_event, message);
+}
+
+OtrlMessageAppOps uiops = {
+    policy,
+    NULL,
+    is_logged_in,
+    inject_message,
+    update_context_list,
+    new_fingerprint,
+    write_fingerprints,
+    gone_secure,
+    gone_insecure,
+    still_secure,
+    max_message_size,
+    account_name,
+    account_name_free,
+    NULL, /* received_symkey */
+    error_message,
+    error_message_free,
+    NULL, /* resent_msg_prefix */
+    resent_msg_prefix_free,
+    handle_smp_event,
+    handle_msg_event,
+    NULL /* create_instag */,
+    NULL /* convert_msg */,
+    NULL /* convert_free */,
+    NULL /* timer_control */,
+};
+
+static const char kPrivateKeyData[] =
+    "(privkeys (account (name \"account\") (protocol proto) (private-key (dsa "
+    "(p "
+    "#00FC07ABCF0DC916AFF6E9AE47BEF60C7AB9B4D6B2469E436630E36F8A489BE812486A09F"
+    "30B71224508654940A835301ACC525A4FF133FC152CC53DCC59D65C30A54F1993FE13FE63E"
+    "5823D4C746DB21B90F9B9C00B49EC7404AB1D929BA7FBA12F2E45C6E0A651689750E8528AB"
+    "8C031D3561FECEE72EBB4A090D450A9B7A857#) (q "
+    "#00997BD266EF7B1F60A5C23F3A741F2AEFD07A2081#) (g "
+    "#535E360E8A95EBA46A4F7DE50AD6E9B2A6DB785A66B64EB9F20338D2A3E8FB0E94725848F"
+    "1AA6CC567CB83A1CC517EC806F2E92EAE71457E80B2210A189B91250779434B41FC8A8873F"
+    "6DB94BEA7D177F5D59E7E114EE10A49CFD9CEF88AE43387023B672927BA74B04EB6BBB5E57"
+    "597766A2F9CE3857D7ACE3E1E3BC1FC6F26#) (y "
+    "#0AC8670AD767D7A8D9D14CC1AC6744CD7D76F993B77FFD9E39DF01E5A6536EF65E775FCEF"
+    "2A983E2A19BD6415500F6979715D9FD1257E1FE2B6F5E1E74B333079E7C880D39868462A93"
+    "454B41877BE62E5EF0A041C2EE9C9E76BD1E12AE25D9628DECB097025DD625EF49C3258A1A"
+    "3C0FF501E3DC673B76D7BABF349009B6ECF#) (x "
+    "#14D0345A3562C480A039E3C72764F72D79043216#)))))\n";
+
+int main() {
+  OTRL_INIT;
+
+  // We have to write the private key information to a file because the libotr
+  // API demands a filename to read from.
+  const char *tmpdir = "/tmp";
+  if (getenv("TMP")) {
+    tmpdir = getenv("TMP");
+  }
+
+  char private_key_file[256];
+  snprintf(private_key_file, sizeof(private_key_file),
+           "%s/libotr_test_helper_privatekeys-XXXXXX", tmpdir);
+  int fd = mkstemp(private_key_file);
+  if (fd == -1) {
+    perror("creating temp file");
+  }
+  write(fd, kPrivateKeyData, sizeof(kPrivateKeyData) - 1);
+  close(fd);
+
+  OtrlUserState userstate = otrl_userstate_create();
+  otrl_privkey_read(userstate, private_key_file);
+  unlink(private_key_file);
+
+  fprintf(stderr, "libotr helper started\n");
+
+  char buf[4096];
+
+  for (;;) {
+    char *message = fgets(buf, sizeof(buf), stdin);
+    if (strlen(message) == 0) {
+      break;
+    }
+    message[strlen(message) - 1] = 0;
+    fprintf(stderr, "libotr helper got: %s\n", message);
+
+    char *newmessage = NULL;
+    OtrlTLV *tlvs;
+    int ignore_message = otrl_message_receiving(
+        userstate, &uiops, NULL, "account", "proto", "peer", message,
+        &newmessage, &tlvs, NULL, NULL, NULL);
+    if (tlvs) {
+      otrl_tlv_free(tlvs);
+    }
+
+    if (newmessage != NULL) {
+      fprintf(stderr, "libotr got: %s\n", newmessage);
+      otrl_message_free(newmessage);
+
+      gcry_error_t err;
+      char *newmessage = NULL;
+
+      err = otrl_message_sending(userstate, &uiops, NULL, "account", "proto",
+                                 "peer", 0, "test message", NULL, &newmessage,
+                                 OTRL_FRAGMENT_SEND_SKIP, NULL, NULL, NULL);
+      if (newmessage == NULL) {
+        fprintf(stderr, "libotr didn't encrypt message\n");
+        return 1;
+      }
+      write(1, newmessage, strlen(newmessage));
+      write(1, "\n", 1);
+      fprintf(stderr, "libotr sent: %s\n", newmessage);
+      otrl_message_free(newmessage);
+
+      g_session_established = 0;
+      write(1, "?OTRv2?\n", 8);
+      fprintf(stderr, "libotr sent: ?OTRv2\n");
+    }
+  }
+
+  return 0;
+}

vendor/golang.org/x/crypto/otr/otr.go

@@ -0,0 +1,1415 @@
+// Copyright 2012 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package otr implements the Off The Record protocol as specified in
+// http://www.cypherpunks.ca/otr/Protocol-v2-3.1.0.html
+package otr // import "golang.org/x/crypto/otr"
+
+import (
+	"bytes"
+	"crypto/aes"
+	"crypto/cipher"
+	"crypto/dsa"
+	"crypto/hmac"
+	"crypto/rand"
+	"crypto/sha1"
+	"crypto/sha256"
+	"crypto/subtle"
+	"encoding/base64"
+	"encoding/hex"
+	"errors"
+	"hash"
+	"io"
+	"math/big"
+	"strconv"
+)
+
+// SecurityChange describes a change in the security state of a Conversation.
+type SecurityChange int
+
+const (
+	NoChange SecurityChange = iota
+	// NewKeys indicates that a key exchange has completed. This occurs
+	// when a conversation first becomes encrypted, and when the keys are
+	// renegotiated within an encrypted conversation.
+	NewKeys
+	// SMPSecretNeeded indicates that the peer has started an
+	// authentication and that we need to supply a secret. Call SMPQuestion
+	// to get the optional, human readable challenge and then Authenticate
+	// to supply the matching secret.
+	SMPSecretNeeded
+	// SMPComplete indicates that an authentication completed. The identity
+	// of the peer has now been confirmed.
+	SMPComplete
+	// SMPFailed indicates that an authentication failed.
+	SMPFailed
+	// ConversationEnded indicates that the peer ended the secure
+	// conversation.
+	ConversationEnded
+)
+
+// QueryMessage can be sent to a peer to start an OTR conversation.
+var QueryMessage = "?OTRv2?"
+
+// ErrorPrefix can be used to make an OTR error by appending an error message
+// to it.
+var ErrorPrefix = "?OTR Error:"
+
+var (
+	fragmentPartSeparator = []byte(",")
+	fragmentPrefix        = []byte("?OTR,")
+	msgPrefix             = []byte("?OTR:")
+	queryMarker           = []byte("?OTR")
+)
+
+// isQuery attempts to parse an OTR query from msg and returns the greatest
+// common version, or 0 if msg is not an OTR query.
+func isQuery(msg []byte) (greatestCommonVersion int) {
+	pos := bytes.Index(msg, queryMarker)
+	if pos == -1 {
+		return 0
+	}
+	for i, c := range msg[pos+len(queryMarker):] {
+		if i == 0 {
+			if c == '?' {
+				// Indicates support for version 1, but we don't
+				// implement that.
+				continue
+			}
+
+			if c != 'v' {
+				// Invalid message
+				return 0
+			}
+
+			continue
+		}
+
+		if c == '?' {
+			// End of message
+			return
+		}
+
+		if c == ' ' || c == '\t' {
+			// Probably an invalid message
+			return 0
+		}
+
+		if c == '2' {
+			greatestCommonVersion = 2
+		}
+	}
+
+	return 0
+}
+
+const (
+	statePlaintext = iota
+	stateEncrypted
+	stateFinished
+)
+
+const (
+	authStateNone = iota
+	authStateAwaitingDHKey
+	authStateAwaitingRevealSig
+	authStateAwaitingSig
+)
+
+const (
+	msgTypeDHCommit  = 2
+	msgTypeData      = 3
+	msgTypeDHKey     = 10
+	msgTypeRevealSig = 17
+	msgTypeSig       = 18
+)
+
+const (
+	// If the requested fragment size is less than this, it will be ignored.
+	minFragmentSize = 18
+	// Messages are padded to a multiple of this number of bytes.
+	paddingGranularity = 256
+	// The number of bytes in a Diffie-Hellman private value (320-bits).
+	dhPrivateBytes = 40
+	// The number of bytes needed to represent an element of the DSA
+	// subgroup (160-bits).
+	dsaSubgroupBytes = 20
+	// The number of bytes of the MAC that are sent on the wire (160-bits).
+	macPrefixBytes = 20
+)
+
+// These are the global, common group parameters for OTR.
+var (
+	p       *big.Int // group prime
+	g       *big.Int // group generator
+	q       *big.Int // group order
+	pMinus2 *big.Int
+)
+
+func init() {
+	p, _ = new(big.Int).SetString("FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA237327FFFFFFFFFFFFFFFF", 16)
+	q, _ = new(big.Int).SetString("7FFFFFFFFFFFFFFFE487ED5110B4611A62633145C06E0E68948127044533E63A0105DF531D89CD9128A5043CC71A026EF7CA8CD9E69D218D98158536F92F8A1BA7F09AB6B6A8E122F242DABB312F3F637A262174D31BF6B585FFAE5B7A035BF6F71C35FDAD44CFD2D74F9208BE258FF324943328F6722D9EE1003E5C50B1DF82CC6D241B0E2AE9CD348B1FD47E9267AFC1B2AE91EE51D6CB0E3179AB1042A95DCF6A9483B84B4B36B3861AA7255E4C0278BA36046511B993FFFFFFFFFFFFFFFF", 16)
+	g = new(big.Int).SetInt64(2)
+	pMinus2 = new(big.Int).Sub(p, g)
+}
+
+// Conversation represents a relation with a peer. The zero value is a valid
+// Conversation, although PrivateKey must be set.
+//
+// When communicating with a peer, all inbound messages should be passed to
+// Conversation.Receive and all outbound messages to Conversation.Send. The
+// Conversation will take care of maintaining the encryption state and
+// negotiating encryption as needed.
+type Conversation struct {
+	// PrivateKey contains the private key to use to sign key exchanges.
+	PrivateKey *PrivateKey
+
+	// Rand can be set to override the entropy source. Otherwise,
+	// crypto/rand will be used.
+	Rand io.Reader
+	// If FragmentSize is set, all messages produced by Receive and Send
+	// will be fragmented into messages of, at most, this number of bytes.
+	FragmentSize int
+
+	// Once Receive has returned NewKeys once, the following fields are
+	// valid.
+	SSID           [8]byte
+	TheirPublicKey PublicKey
+
+	state, authState int
+
+	r       [16]byte
+	x, y    *big.Int
+	gx, gy  *big.Int
+	gxBytes []byte
+	digest  [sha256.Size]byte
+
+	revealKeys, sigKeys akeKeys
+
+	myKeyId         uint32
+	myCurrentDHPub  *big.Int
+	myCurrentDHPriv *big.Int
+	myLastDHPub     *big.Int
+	myLastDHPriv    *big.Int
+
+	theirKeyId        uint32
+	theirCurrentDHPub *big.Int
+	theirLastDHPub    *big.Int
+
+	keySlots [4]keySlot
+
+	myCounter    [8]byte
+	theirLastCtr [8]byte
+	oldMACs      []byte
+
+	k, n int // fragment state
+	frag []byte
+
+	smp smpState
+}
+
+// A keySlot contains key material for a specific (their keyid, my keyid) pair.
+type keySlot struct {
+	// used is true if this slot is valid. If false, it's free for reuse.
+	used                   bool
+	theirKeyId             uint32
+	myKeyId                uint32
+	sendAESKey, recvAESKey []byte
+	sendMACKey, recvMACKey []byte
+	theirLastCtr           [8]byte
+}
+
+// akeKeys are generated during key exchange. There's one set for the reveal
+// signature message and another for the signature message. In the protocol
+// spec the latter are indicated with a prime mark.
+type akeKeys struct {
+	c      [16]byte
+	m1, m2 [32]byte
+}
+
+func (c *Conversation) rand() io.Reader {
+	if c.Rand != nil {
+		return c.Rand
+	}
+	return rand.Reader
+}
+
+func (c *Conversation) randMPI(buf []byte) *big.Int {
+	_, err := io.ReadFull(c.rand(), buf)
+	if err != nil {
+		panic("otr: short read from random source")
+	}
+
+	return new(big.Int).SetBytes(buf)
+}
+
+// tlv represents the type-length value from the protocol.
+type tlv struct {
+	typ, length uint16
+	data        []byte
+}
+
+const (
+	tlvTypePadding          = 0
+	tlvTypeDisconnected     = 1
+	tlvTypeSMP1             = 2
+	tlvTypeSMP2             = 3
+	tlvTypeSMP3             = 4
+	tlvTypeSMP4             = 5
+	tlvTypeSMPAbort         = 6
+	tlvTypeSMP1WithQuestion = 7
+)
+
+// Receive handles a message from a peer. It returns a human readable message,
+// an indicator of whether that message was encrypted, a hint about the
+// encryption state and zero or more messages to send back to the peer.
+// These messages do not need to be passed to Send before transmission.
+func (c *Conversation) Receive(in []byte) (out []byte, encrypted bool, change SecurityChange, toSend [][]byte, err error) {
+	if bytes.HasPrefix(in, fragmentPrefix) {
+		in, err = c.processFragment(in)
+		if in == nil || err != nil {
+			return
+		}
+	}
+
+	if bytes.HasPrefix(in, msgPrefix) && in[len(in)-1] == '.' {
+		in = in[len(msgPrefix) : len(in)-1]
+	} else if version := isQuery(in); version > 0 {
+		c.authState = authStateAwaitingDHKey
+		c.reset()
+		toSend = c.encode(c.generateDHCommit())
+		return
+	} else {
+		// plaintext message
+		out = in
+		return
+	}
+
+	msg := make([]byte, base64.StdEncoding.DecodedLen(len(in)))
+	msgLen, err := base64.StdEncoding.Decode(msg, in)
+	if err != nil {
+		err = errors.New("otr: invalid base64 encoding in message")
+		return
+	}
+	msg = msg[:msgLen]
+
+	// The first two bytes are the protocol version (2)
+	if len(msg) < 3 || msg[0] != 0 || msg[1] != 2 {
+		err = errors.New("otr: invalid OTR message")
+		return
+	}
+
+	msgType := int(msg[2])
+	msg = msg[3:]
+
+	switch msgType {
+	case msgTypeDHCommit:
+		switch c.authState {
+		case authStateNone:
+			c.authState = authStateAwaitingRevealSig
+			if err = c.processDHCommit(msg); err != nil {
+				return
+			}
+			c.reset()
+			toSend = c.encode(c.generateDHKey())
+			return
+		case authStateAwaitingDHKey:
+			// This is a 'SYN-crossing'. The greater digest wins.
+			var cmp int
+			if cmp, err = c.compareToDHCommit(msg); err != nil {
+				return
+			}
+			if cmp > 0 {
+				// We win. Retransmit DH commit.
+				toSend = c.encode(c.serializeDHCommit())
+				return
+			} else {
+				// They win. We forget about our DH commit.
+				c.authState = authStateAwaitingRevealSig
+				if err = c.processDHCommit(msg); err != nil {
+					return
+				}
+				c.reset()
+				toSend = c.encode(c.generateDHKey())
+				return
+			}
+		case authStateAwaitingRevealSig:
+			if err = c.processDHCommit(msg); err != nil {
+				return
+			}
+			toSend = c.encode(c.serializeDHKey())
+		case authStateAwaitingSig:
+			if err = c.processDHCommit(msg); err != nil {
+				return
+			}
+			c.reset()
+			toSend = c.encode(c.generateDHKey())
+			c.authState = authStateAwaitingRevealSig
+		default:
+			panic("bad state")
+		}
+	case msgTypeDHKey:
+		switch c.authState {
+		case authStateAwaitingDHKey:
+			var isSame bool
+			if isSame, err = c.processDHKey(msg); err != nil {
+				return
+			}
+			if isSame {
+				err = errors.New("otr: unexpected duplicate DH key")
+				return
+			}
+			toSend = c.encode(c.generateRevealSig())
+			c.authState = authStateAwaitingSig
+		case authStateAwaitingSig:
+			var isSame bool
+			if isSame, err = c.processDHKey(msg); err != nil {
+				return
+			}
+			if isSame {
+				toSend = c.encode(c.serializeDHKey())
+			}
+		}
+	case msgTypeRevealSig:
+		if c.authState != authStateAwaitingRevealSig {
+			return
+		}
+		if err = c.processRevealSig(msg); err != nil {
+			return
+		}
+		toSend = c.encode(c.generateSig())
+		c.authState = authStateNone
+		c.state = stateEncrypted
+		change = NewKeys
+	case msgTypeSig:
+		if c.authState != authStateAwaitingSig {
+			return
+		}
+		if err = c.processSig(msg); err != nil {
+			return
+		}
+		c.authState = authStateNone
+		c.state = stateEncrypted
+		change = NewKeys
+	case msgTypeData:
+		if c.state != stateEncrypted {
+			err = errors.New("otr: encrypted message received without encrypted session established")
+			return
+		}
+		var tlvs []tlv
+		out, tlvs, err = c.processData(msg)
+		encrypted = true
+
+	EachTLV:
+		for _, inTLV := range tlvs {
+			switch inTLV.typ {
+			case tlvTypeDisconnected:
+				change = ConversationEnded
+				c.state = stateFinished
+				break EachTLV
+			case tlvTypeSMP1, tlvTypeSMP2, tlvTypeSMP3, tlvTypeSMP4, tlvTypeSMPAbort, tlvTypeSMP1WithQuestion:
+				var reply tlv
+				var complete bool
+				reply, complete, err = c.processSMP(inTLV)
+				if err == smpSecretMissingError {
+					err = nil
+					change = SMPSecretNeeded
+					c.smp.saved = &inTLV
+					return
+				}
+				if err == smpFailureError {
+					err = nil
+					change = SMPFailed
+				} else if complete {
+					change = SMPComplete
+				}
+				if reply.typ != 0 {
+					toSend = c.encode(c.generateData(nil, &reply))
+				}
+				break EachTLV
+			default:
+				// skip unknown TLVs
+			}
+		}
+	default:
+		err = errors.New("otr: unknown message type " + strconv.Itoa(msgType))
+	}
+
+	return
+}
+
+// Send takes a human readable message from the local user, possibly encrypts
+// it and returns zero one or more messages to send to the peer.
+func (c *Conversation) Send(msg []byte) ([][]byte, error) {
+	switch c.state {
+	case statePlaintext:
+		return [][]byte{msg}, nil
+	case stateEncrypted:
+		return c.encode(c.generateData(msg, nil)), nil
+	case stateFinished:
+		return nil, errors.New("otr: cannot send message because secure conversation has finished")
+	}
+
+	return nil, errors.New("otr: cannot send message in current state")
+}
+
+// SMPQuestion returns the human readable challenge question from the peer.
+// It's only valid after Receive has returned SMPSecretNeeded.
+func (c *Conversation) SMPQuestion() string {
+	return c.smp.question
+}
+
+// Authenticate begins an authentication with the peer. Authentication involves
+// an optional challenge message and a shared secret. The authentication
+// proceeds until either Receive returns SMPComplete, SMPSecretNeeded (which
+// indicates that a new authentication is happening and thus this one was
+// aborted) or SMPFailed.
+func (c *Conversation) Authenticate(question string, mutualSecret []byte) (toSend [][]byte, err error) {
+	if c.state != stateEncrypted {
+		err = errors.New("otr: can't authenticate a peer without a secure conversation established")
+		return
+	}
+
+	if c.smp.saved != nil {
+		c.calcSMPSecret(mutualSecret, false /* they started it */)
+
+		var out tlv
+		var complete bool
+		out, complete, err = c.processSMP(*c.smp.saved)
+		if complete {
+			panic("SMP completed on the first message")
+		}
+		c.smp.saved = nil
+		if out.typ != 0 {
+			toSend = c.encode(c.generateData(nil, &out))
+		}
+		return
+	}
+
+	c.calcSMPSecret(mutualSecret, true /* we started it */)
+	outs := c.startSMP(question)
+	for _, out := range outs {
+		toSend = append(toSend, c.encode(c.generateData(nil, &out))...)
+	}
+	return
+}
+
+// End ends a secure conversation by generating a termination message for
+// the peer and switches to unencrypted communication.
+func (c *Conversation) End() (toSend [][]byte) {
+	switch c.state {
+	case statePlaintext:
+		return nil
+	case stateEncrypted:
+		c.state = statePlaintext
+		return c.encode(c.generateData(nil, &tlv{typ: tlvTypeDisconnected}))
+	case stateFinished:
+		c.state = statePlaintext
+		return nil
+	}
+	panic("unreachable")
+}
+
+// IsEncrypted returns true if a message passed to Send would be encrypted
+// before transmission. This result remains valid until the next call to
+// Receive or End, which may change the state of the Conversation.
+func (c *Conversation) IsEncrypted() bool {
+	return c.state == stateEncrypted
+}
+
+var fragmentError = errors.New("otr: invalid OTR fragment")
+
+// processFragment processes a fragmented OTR message and possibly returns a
+// complete message. Fragmented messages look like "?OTR,k,n,msg," where k is
+// the fragment number (starting from 1), n is the number of fragments in this
+// message and msg is a substring of the base64 encoded message.
+func (c *Conversation) processFragment(in []byte) (out []byte, err error) {
+	in = in[len(fragmentPrefix):] // remove "?OTR,"
+	parts := bytes.Split(in, fragmentPartSeparator)
+	if len(parts) != 4 || len(parts[3]) != 0 {
+		return nil, fragmentError
+	}
+
+	k, err := strconv.Atoi(string(parts[0]))
+	if err != nil {
+		return nil, fragmentError
+	}
+
+	n, err := strconv.Atoi(string(parts[1]))
+	if err != nil {
+		return nil, fragmentError
+	}
+
+	if k < 1 || n < 1 || k > n {
+		return nil, fragmentError
+	}
+
+	if k == 1 {
+		c.frag = append(c.frag[:0], parts[2]...)
+		c.k, c.n = k, n
+	} else if n == c.n && k == c.k+1 {
+		c.frag = append(c.frag, parts[2]...)
+		c.k++
+	} else {
+		c.frag = c.frag[:0]
+		c.n, c.k = 0, 0
+	}
+
+	if c.n > 0 && c.k == c.n {
+		c.n, c.k = 0, 0
+		return c.frag, nil
+	}
+
+	return nil, nil
+}
+
+func (c *Conversation) generateDHCommit() []byte {
+	_, err := io.ReadFull(c.rand(), c.r[:])
+	if err != nil {
+		panic("otr: short read from random source")
+	}
+
+	var xBytes [dhPrivateBytes]byte
+	c.x = c.randMPI(xBytes[:])
+	c.gx = new(big.Int).Exp(g, c.x, p)
+	c.gy = nil
+	c.gxBytes = appendMPI(nil, c.gx)
+
+	h := sha256.New()
+	h.Write(c.gxBytes)
+	h.Sum(c.digest[:0])
+
+	aesCipher, err := aes.NewCipher(c.r[:])
+	if err != nil {
+		panic(err.Error())
+	}
+
+	var iv [aes.BlockSize]byte
+	ctr := cipher.NewCTR(aesCipher, iv[:])
+	ctr.XORKeyStream(c.gxBytes, c.gxBytes)
+
+	return c.serializeDHCommit()
+}
+
+func (c *Conversation) serializeDHCommit() []byte {
+	var ret []byte
+	ret = appendU16(ret, 2) // protocol version
+	ret = append(ret, msgTypeDHCommit)
+	ret = appendData(ret, c.gxBytes)
+	ret = appendData(ret, c.digest[:])
+	return ret
+}
+
+func (c *Conversation) processDHCommit(in []byte) error {
+	var ok1, ok2 bool
+	c.gxBytes, in, ok1 = getData(in)
+	digest, in, ok2 := getData(in)
+	if !ok1 || !ok2 || len(in) > 0 {
+		return errors.New("otr: corrupt DH commit message")
+	}
+	copy(c.digest[:], digest)
+	return nil
+}
+
+func (c *Conversation) compareToDHCommit(in []byte) (int, error) {
+	_, in, ok1 := getData(in)
+	digest, in, ok2 := getData(in)
+	if !ok1 || !ok2 || len(in) > 0 {
+		return 0, errors.New("otr: corrupt DH commit message")
+	}
+	return bytes.Compare(c.digest[:], digest), nil
+}
+
+func (c *Conversation) generateDHKey() []byte {
+	var yBytes [dhPrivateBytes]byte
+	c.y = c.randMPI(yBytes[:])
+	c.gy = new(big.Int).Exp(g, c.y, p)
+	return c.serializeDHKey()
+}
+
+func (c *Conversation) serializeDHKey() []byte {
+	var ret []byte
+	ret = appendU16(ret, 2) // protocol version
+	ret = append(ret, msgTypeDHKey)
+	ret = appendMPI(ret, c.gy)
+	return ret
+}
+
+func (c *Conversation) processDHKey(in []byte) (isSame bool, err error) {
+	gy, in, ok := getMPI(in)
+	if !ok {
+		err = errors.New("otr: corrupt DH key message")
+		return
+	}
+	if gy.Cmp(g) < 0 || gy.Cmp(pMinus2) > 0 {
+		err = errors.New("otr: DH value out of range")
+		return
+	}
+	if c.gy != nil {
+		isSame = c.gy.Cmp(gy) == 0
+		return
+	}
+	c.gy = gy
+	return
+}
+
+func (c *Conversation) generateEncryptedSignature(keys *akeKeys, xFirst bool) ([]byte, []byte) {
+	var xb []byte
+	xb = c.PrivateKey.PublicKey.Serialize(xb)
+
+	var verifyData []byte
+	if xFirst {
+		verifyData = appendMPI(verifyData, c.gx)
+		verifyData = appendMPI(verifyData, c.gy)
+	} else {
+		verifyData = appendMPI(verifyData, c.gy)
+		verifyData = appendMPI(verifyData, c.gx)
+	}
+	verifyData = append(verifyData, xb...)
+	verifyData = appendU32(verifyData, c.myKeyId)
+
+	mac := hmac.New(sha256.New, keys.m1[:])
+	mac.Write(verifyData)
+	mb := mac.Sum(nil)
+
+	xb = appendU32(xb, c.myKeyId)
+	xb = append(xb, c.PrivateKey.Sign(c.rand(), mb)...)
+
+	aesCipher, err := aes.NewCipher(keys.c[:])
+	if err != nil {
+		panic(err.Error())
+	}
+	var iv [aes.BlockSize]byte
+	ctr := cipher.NewCTR(aesCipher, iv[:])
+	ctr.XORKeyStream(xb, xb)
+
+	mac = hmac.New(sha256.New, keys.m2[:])
+	encryptedSig := appendData(nil, xb)
+	mac.Write(encryptedSig)
+
+	return encryptedSig, mac.Sum(nil)
+}
+
+func (c *Conversation) generateRevealSig() []byte {
+	s := new(big.Int).Exp(c.gy, c.x, p)
+	c.calcAKEKeys(s)
+	c.myKeyId++
+
+	encryptedSig, mac := c.generateEncryptedSignature(&c.revealKeys, true /* gx comes first */)
+
+	c.myCurrentDHPub = c.gx
+	c.myCurrentDHPriv = c.x
+	c.rotateDHKeys()
+	incCounter(&c.myCounter)
+
+	var ret []byte
+	ret = appendU16(ret, 2)
+	ret = append(ret, msgTypeRevealSig)
+	ret = appendData(ret, c.r[:])
+	ret = append(ret, encryptedSig...)
+	ret = append(ret, mac[:20]...)
+	return ret
+}
+
+func (c *Conversation) processEncryptedSig(encryptedSig, theirMAC []byte, keys *akeKeys, xFirst bool) error {
+	mac := hmac.New(sha256.New, keys.m2[:])
+	mac.Write(appendData(nil, encryptedSig))
+	myMAC := mac.Sum(nil)[:20]
+
+	if len(myMAC) != len(theirMAC) || subtle.ConstantTimeCompare(myMAC, theirMAC) == 0 {
+		return errors.New("bad signature MAC in encrypted signature")
+	}
+
+	aesCipher, err := aes.NewCipher(keys.c[:])
+	if err != nil {
+		panic(err.Error())
+	}
+	var iv [aes.BlockSize]byte
+	ctr := cipher.NewCTR(aesCipher, iv[:])
+	ctr.XORKeyStream(encryptedSig, encryptedSig)
+
+	sig := encryptedSig
+	sig, ok1 := c.TheirPublicKey.Parse(sig)
+	keyId, sig, ok2 := getU32(sig)
+	if !ok1 || !ok2 {
+		return errors.New("otr: corrupt encrypted signature")
+	}
+
+	var verifyData []byte
+	if xFirst {
+		verifyData = appendMPI(verifyData, c.gx)
+		verifyData = appendMPI(verifyData, c.gy)
+	} else {
+		verifyData = appendMPI(verifyData, c.gy)
+		verifyData = appendMPI(verifyData, c.gx)
+	}
+	verifyData = c.TheirPublicKey.Serialize(verifyData)
+	verifyData = appendU32(verifyData, keyId)
+
+	mac = hmac.New(sha256.New, keys.m1[:])
+	mac.Write(verifyData)
+	mb := mac.Sum(nil)
+
+	sig, ok1 = c.TheirPublicKey.Verify(mb, sig)
+	if !ok1 {
+		return errors.New("bad signature in encrypted signature")
+	}
+	if len(sig) > 0 {
+		return errors.New("corrupt encrypted signature")
+	}
+
+	c.theirKeyId = keyId
+	zero(c.theirLastCtr[:])
+	return nil
+}
+
+func (c *Conversation) processRevealSig(in []byte) error {
+	r, in, ok1 := getData(in)
+	encryptedSig, in, ok2 := getData(in)
+	theirMAC := in
+	if !ok1 || !ok2 || len(theirMAC) != 20 {
+		return errors.New("otr: corrupt reveal signature message")
+	}
+
+	aesCipher, err := aes.NewCipher(r)
+	if err != nil {
+		return errors.New("otr: cannot create AES cipher from reveal signature message: " + err.Error())
+	}
+	var iv [aes.BlockSize]byte
+	ctr := cipher.NewCTR(aesCipher, iv[:])
+	ctr.XORKeyStream(c.gxBytes, c.gxBytes)
+	h := sha256.New()
+	h.Write(c.gxBytes)
+	digest := h.Sum(nil)
+	if len(digest) != len(c.digest) || subtle.ConstantTimeCompare(digest, c.digest[:]) == 0 {
+		return errors.New("otr: bad commit MAC in reveal signature message")
+	}
+	var rest []byte
+	c.gx, rest, ok1 = getMPI(c.gxBytes)
+	if !ok1 || len(rest) > 0 {
+		return errors.New("otr: gx corrupt after decryption")
+	}
+	if c.gx.Cmp(g) < 0 || c.gx.Cmp(pMinus2) > 0 {
+		return errors.New("otr: DH value out of range")
+	}
+	s := new(big.Int).Exp(c.gx, c.y, p)
+	c.calcAKEKeys(s)
+
+	if err := c.processEncryptedSig(encryptedSig, theirMAC, &c.revealKeys, true /* gx comes first */); err != nil {
+		return errors.New("otr: in reveal signature message: " + err.Error())
+	}
+
+	c.theirCurrentDHPub = c.gx
+	c.theirLastDHPub = nil
+
+	return nil
+}
+
+func (c *Conversation) generateSig() []byte {
+	c.myKeyId++
+
+	encryptedSig, mac := c.generateEncryptedSignature(&c.sigKeys, false /* gy comes first */)
+
+	c.myCurrentDHPub = c.gy
+	c.myCurrentDHPriv = c.y
+	c.rotateDHKeys()
+	incCounter(&c.myCounter)
+
+	var ret []byte
+	ret = appendU16(ret, 2)
+	ret = append(ret, msgTypeSig)
+	ret = append(ret, encryptedSig...)
+	ret = append(ret, mac[:macPrefixBytes]...)
+	return ret
+}
+
+func (c *Conversation) processSig(in []byte) error {
+	encryptedSig, in, ok1 := getData(in)
+	theirMAC := in
+	if !ok1 || len(theirMAC) != macPrefixBytes {
+		return errors.New("otr: corrupt signature message")
+	}
+
+	if err := c.processEncryptedSig(encryptedSig, theirMAC, &c.sigKeys, false /* gy comes first */); err != nil {
+		return errors.New("otr: in signature message: " + err.Error())
+	}
+
+	c.theirCurrentDHPub = c.gy
+	c.theirLastDHPub = nil
+
+	return nil
+}
+
+func (c *Conversation) rotateDHKeys() {
+	// evict slots using our retired key id
+	for i := range c.keySlots {
+		slot := &c.keySlots[i]
+		if slot.used && slot.myKeyId == c.myKeyId-1 {
+			slot.used = false
+			c.oldMACs = append(c.oldMACs, slot.recvMACKey...)
+		}
+	}
+
+	c.myLastDHPriv = c.myCurrentDHPriv
+	c.myLastDHPub = c.myCurrentDHPub
+
+	var xBytes [dhPrivateBytes]byte
+	c.myCurrentDHPriv = c.randMPI(xBytes[:])
+	c.myCurrentDHPub = new(big.Int).Exp(g, c.myCurrentDHPriv, p)
+	c.myKeyId++
+}
+
+func (c *Conversation) processData(in []byte) (out []byte, tlvs []tlv, err error) {
+	origIn := in
+	flags, in, ok1 := getU8(in)
+	theirKeyId, in, ok2 := getU32(in)
+	myKeyId, in, ok3 := getU32(in)
+	y, in, ok4 := getMPI(in)
+	counter, in, ok5 := getNBytes(in, 8)
+	encrypted, in, ok6 := getData(in)
+	macedData := origIn[:len(origIn)-len(in)]
+	theirMAC, in, ok7 := getNBytes(in, macPrefixBytes)
+	_, in, ok8 := getData(in)
+	if !ok1 || !ok2 || !ok3 || !ok4 || !ok5 || !ok6 || !ok7 || !ok8 || len(in) > 0 {
+		err = errors.New("otr: corrupt data message")
+		return
+	}
+
+	ignoreErrors := flags&1 != 0
+
+	slot, err := c.calcDataKeys(myKeyId, theirKeyId)
+	if err != nil {
+		if ignoreErrors {
+			err = nil
+		}
+		return
+	}
+
+	mac := hmac.New(sha1.New, slot.recvMACKey)
+	mac.Write([]byte{0, 2, 3})
+	mac.Write(macedData)
+	myMAC := mac.Sum(nil)
+	if len(myMAC) != len(theirMAC) || subtle.ConstantTimeCompare(myMAC, theirMAC) == 0 {
+		if !ignoreErrors {
+			err = errors.New("otr: bad MAC on data message")
+		}
+		return
+	}
+
+	if bytes.Compare(counter, slot.theirLastCtr[:]) <= 0 {
+		err = errors.New("otr: counter regressed")
+		return
+	}
+	copy(slot.theirLastCtr[:], counter)
+
+	var iv [aes.BlockSize]byte
+	copy(iv[:], counter)
+	aesCipher, err := aes.NewCipher(slot.recvAESKey)
+	if err != nil {
+		panic(err.Error())
+	}
+	ctr := cipher.NewCTR(aesCipher, iv[:])
+	ctr.XORKeyStream(encrypted, encrypted)
+	decrypted := encrypted
+
+	if myKeyId == c.myKeyId {
+		c.rotateDHKeys()
+	}
+	if theirKeyId == c.theirKeyId {
+		// evict slots using their retired key id
+		for i := range c.keySlots {
+			slot := &c.keySlots[i]
+			if slot.used && slot.theirKeyId == theirKeyId-1 {
+				slot.used = false
+				c.oldMACs = append(c.oldMACs, slot.recvMACKey...)
+			}
+		}
+
+		c.theirLastDHPub = c.theirCurrentDHPub
+		c.theirKeyId++
+		c.theirCurrentDHPub = y
+	}
+
+	if nulPos := bytes.IndexByte(decrypted, 0); nulPos >= 0 {
+		out = decrypted[:nulPos]
+		tlvData := decrypted[nulPos+1:]
+		for len(tlvData) > 0 {
+			var t tlv
+			var ok1, ok2, ok3 bool
+
+			t.typ, tlvData, ok1 = getU16(tlvData)
+			t.length, tlvData, ok2 = getU16(tlvData)
+			t.data, tlvData, ok3 = getNBytes(tlvData, int(t.length))
+			if !ok1 || !ok2 || !ok3 {
+				err = errors.New("otr: corrupt tlv data")
+				return
+			}
+			tlvs = append(tlvs, t)
+		}
+	} else {
+		out = decrypted
+	}
+
+	return
+}
+
+func (c *Conversation) generateData(msg []byte, extra *tlv) []byte {
+	slot, err := c.calcDataKeys(c.myKeyId-1, c.theirKeyId)
+	if err != nil {
+		panic("otr: failed to generate sending keys: " + err.Error())
+	}
+
+	var plaintext []byte
+	plaintext = append(plaintext, msg...)
+	plaintext = append(plaintext, 0)
+
+	padding := paddingGranularity - ((len(plaintext) + 4) % paddingGranularity)
+	plaintext = appendU16(plaintext, tlvTypePadding)
+	plaintext = appendU16(plaintext, uint16(padding))
+	for i := 0; i < padding; i++ {
+		plaintext = append(plaintext, 0)
+	}
+
+	if extra != nil {
+		plaintext = appendU16(plaintext, extra.typ)
+		plaintext = appendU16(plaintext, uint16(len(extra.data)))
+		plaintext = append(plaintext, extra.data...)
+	}
+
+	encrypted := make([]byte, len(plaintext))
+
+	var iv [aes.BlockSize]byte
+	copy(iv[:], c.myCounter[:])
+	aesCipher, err := aes.NewCipher(slot.sendAESKey)
+	if err != nil {
+		panic(err.Error())
+	}
+	ctr := cipher.NewCTR(aesCipher, iv[:])
+	ctr.XORKeyStream(encrypted, plaintext)
+
+	var ret []byte
+	ret = appendU16(ret, 2)
+	ret = append(ret, msgTypeData)
+	ret = append(ret, 0 /* flags */)
+	ret = appendU32(ret, c.myKeyId-1)
+	ret = appendU32(ret, c.theirKeyId)
+	ret = appendMPI(ret, c.myCurrentDHPub)
+	ret = append(ret, c.myCounter[:]...)
+	ret = appendData(ret, encrypted)
+
+	mac := hmac.New(sha1.New, slot.sendMACKey)
+	mac.Write(ret)
+	ret = append(ret, mac.Sum(nil)[:macPrefixBytes]...)
+	ret = appendData(ret, c.oldMACs)
+	c.oldMACs = nil
+	incCounter(&c.myCounter)
+
+	return ret
+}
+
+func incCounter(counter *[8]byte) {
+	for i := 7; i >= 0; i-- {
+		counter[i]++
+		if counter[i] > 0 {
+			break
+		}
+	}
+}
+
+// calcDataKeys computes the keys used to encrypt a data message given the key
+// IDs.
+func (c *Conversation) calcDataKeys(myKeyId, theirKeyId uint32) (slot *keySlot, err error) {
+	// Check for a cache hit.
+	for i := range c.keySlots {
+		slot = &c.keySlots[i]
+		if slot.used && slot.theirKeyId == theirKeyId && slot.myKeyId == myKeyId {
+			return
+		}
+	}
+
+	// Find an empty slot to write into.
+	slot = nil
+	for i := range c.keySlots {
+		if !c.keySlots[i].used {
+			slot = &c.keySlots[i]
+			break
+		}
+	}
+	if slot == nil {
+		return nil, errors.New("otr: internal error: no more key slots")
+	}
+
+	var myPriv, myPub, theirPub *big.Int
+
+	if myKeyId == c.myKeyId {
+		myPriv = c.myCurrentDHPriv
+		myPub = c.myCurrentDHPub
+	} else if myKeyId == c.myKeyId-1 {
+		myPriv = c.myLastDHPriv
+		myPub = c.myLastDHPub
+	} else {
+		err = errors.New("otr: peer requested keyid " + strconv.FormatUint(uint64(myKeyId), 10) + " when I'm on " + strconv.FormatUint(uint64(c.myKeyId), 10))
+		return
+	}
+
+	if theirKeyId == c.theirKeyId {
+		theirPub = c.theirCurrentDHPub
+	} else if theirKeyId == c.theirKeyId-1 && c.theirLastDHPub != nil {
+		theirPub = c.theirLastDHPub
+	} else {
+		err = errors.New("otr: peer requested keyid " + strconv.FormatUint(uint64(myKeyId), 10) + " when they're on " + strconv.FormatUint(uint64(c.myKeyId), 10))
+		return
+	}
+
+	var sendPrefixByte, recvPrefixByte [1]byte
+
+	if myPub.Cmp(theirPub) > 0 {
+		// we're the high end
+		sendPrefixByte[0], recvPrefixByte[0] = 1, 2
+	} else {
+		// we're the low end
+		sendPrefixByte[0], recvPrefixByte[0] = 2, 1
+	}
+
+	s := new(big.Int).Exp(theirPub, myPriv, p)
+	sBytes := appendMPI(nil, s)
+
+	h := sha1.New()
+	h.Write(sendPrefixByte[:])
+	h.Write(sBytes)
+	slot.sendAESKey = h.Sum(slot.sendAESKey[:0])[:16]
+
+	h.Reset()
+	h.Write(slot.sendAESKey)
+	slot.sendMACKey = h.Sum(slot.sendMACKey[:0])
+
+	h.Reset()
+	h.Write(recvPrefixByte[:])
+	h.Write(sBytes)
+	slot.recvAESKey = h.Sum(slot.recvAESKey[:0])[:16]
+
+	h.Reset()
+	h.Write(slot.recvAESKey)
+	slot.recvMACKey = h.Sum(slot.recvMACKey[:0])
+
+	slot.theirKeyId = theirKeyId
+	slot.myKeyId = myKeyId
+	slot.used = true
+
+	zero(slot.theirLastCtr[:])
+	return
+}
+
+func (c *Conversation) calcAKEKeys(s *big.Int) {
+	mpi := appendMPI(nil, s)
+	h := sha256.New()
+
+	var cBytes [32]byte
+	hashWithPrefix(c.SSID[:], 0, mpi, h)
+
+	hashWithPrefix(cBytes[:], 1, mpi, h)
+	copy(c.revealKeys.c[:], cBytes[:16])
+	copy(c.sigKeys.c[:], cBytes[16:])
+
+	hashWithPrefix(c.revealKeys.m1[:], 2, mpi, h)
+	hashWithPrefix(c.revealKeys.m2[:], 3, mpi, h)
+	hashWithPrefix(c.sigKeys.m1[:], 4, mpi, h)
+	hashWithPrefix(c.sigKeys.m2[:], 5, mpi, h)
+}
+
+func hashWithPrefix(out []byte, prefix byte, in []byte, h hash.Hash) {
+	h.Reset()
+	var p [1]byte
+	p[0] = prefix
+	h.Write(p[:])
+	h.Write(in)
+	if len(out) == h.Size() {
+		h.Sum(out[:0])
+	} else {
+		digest := h.Sum(nil)
+		copy(out, digest)
+	}
+}
+
+func (c *Conversation) encode(msg []byte) [][]byte {
+	b64 := make([]byte, base64.StdEncoding.EncodedLen(len(msg))+len(msgPrefix)+1)
+	base64.StdEncoding.Encode(b64[len(msgPrefix):], msg)
+	copy(b64, msgPrefix)
+	b64[len(b64)-1] = '.'
+
+	if c.FragmentSize < minFragmentSize || len(b64) <= c.FragmentSize {
+		// We can encode this in a single fragment.
+		return [][]byte{b64}
+	}
+
+	// We have to fragment this message.
+	var ret [][]byte
+	bytesPerFragment := c.FragmentSize - minFragmentSize
+	numFragments := (len(b64) + bytesPerFragment) / bytesPerFragment
+
+	for i := 0; i < numFragments; i++ {
+		frag := []byte("?OTR," + strconv.Itoa(i+1) + "," + strconv.Itoa(numFragments) + ",")
+		todo := bytesPerFragment
+		if todo > len(b64) {
+			todo = len(b64)
+		}
+		frag = append(frag, b64[:todo]...)
+		b64 = b64[todo:]
+		frag = append(frag, ',')
+		ret = append(ret, frag)
+	}
+
+	return ret
+}
+
+func (c *Conversation) reset() {
+	c.myKeyId = 0
+
+	for i := range c.keySlots {
+		c.keySlots[i].used = false
+	}
+}
+
+type PublicKey struct {
+	dsa.PublicKey
+}
+
+func (pk *PublicKey) Parse(in []byte) ([]byte, bool) {
+	var ok bool
+	var pubKeyType uint16
+
+	if pubKeyType, in, ok = getU16(in); !ok || pubKeyType != 0 {
+		return nil, false
+	}
+	if pk.P, in, ok = getMPI(in); !ok {
+		return nil, false
+	}
+	if pk.Q, in, ok = getMPI(in); !ok {
+		return nil, false
+	}
+	if pk.G, in, ok = getMPI(in); !ok {
+		return nil, false
+	}
+	if pk.Y, in, ok = getMPI(in); !ok {
+		return nil, false
+	}
+
+	return in, true
+}
+
+func (pk *PublicKey) Serialize(in []byte) []byte {
+	in = appendU16(in, 0)
+	in = appendMPI(in, pk.P)
+	in = appendMPI(in, pk.Q)
+	in = appendMPI(in, pk.G)
+	in = appendMPI(in, pk.Y)
+	return in
+}
+
+// Fingerprint returns the 20-byte, binary fingerprint of the PublicKey.
+func (pk *PublicKey) Fingerprint() []byte {
+	b := pk.Serialize(nil)
+	h := sha1.New()
+	h.Write(b[2:])
+	return h.Sum(nil)
+}
+
+func (pk *PublicKey) Verify(hashed, sig []byte) ([]byte, bool) {
+	if len(sig) != 2*dsaSubgroupBytes {
+		return nil, false
+	}
+	r := new(big.Int).SetBytes(sig[:dsaSubgroupBytes])
+	s := new(big.Int).SetBytes(sig[dsaSubgroupBytes:])
+	ok := dsa.Verify(&pk.PublicKey, hashed, r, s)
+	return sig[dsaSubgroupBytes*2:], ok
+}
+
+type PrivateKey struct {
+	PublicKey
+	dsa.PrivateKey
+}
+
+func (priv *PrivateKey) Sign(rand io.Reader, hashed []byte) []byte {
+	r, s, err := dsa.Sign(rand, &priv.PrivateKey, hashed)
+	if err != nil {
+		panic(err.Error())
+	}
+	rBytes := r.Bytes()
+	sBytes := s.Bytes()
+	if len(rBytes) > dsaSubgroupBytes || len(sBytes) > dsaSubgroupBytes {
+		panic("DSA signature too large")
+	}
+
+	out := make([]byte, 2*dsaSubgroupBytes)
+	copy(out[dsaSubgroupBytes-len(rBytes):], rBytes)
+	copy(out[len(out)-len(sBytes):], sBytes)
+	return out
+}
+
+func (priv *PrivateKey) Serialize(in []byte) []byte {
+	in = priv.PublicKey.Serialize(in)
+	in = appendMPI(in, priv.PrivateKey.X)
+	return in
+}
+
+func (priv *PrivateKey) Parse(in []byte) ([]byte, bool) {
+	in, ok := priv.PublicKey.Parse(in)
+	if !ok {
+		return in, ok
+	}
+	priv.PrivateKey.PublicKey = priv.PublicKey.PublicKey
+	priv.PrivateKey.X, in, ok = getMPI(in)
+	return in, ok
+}
+
+func (priv *PrivateKey) Generate(rand io.Reader) {
+	if err := dsa.GenerateParameters(&priv.PrivateKey.PublicKey.Parameters, rand, dsa.L1024N160); err != nil {
+		panic(err.Error())
+	}
+	if err := dsa.GenerateKey(&priv.PrivateKey, rand); err != nil {
+		panic(err.Error())
+	}
+	priv.PublicKey.PublicKey = priv.PrivateKey.PublicKey
+}
+
+func notHex(r rune) bool {
+	if r >= '0' && r <= '9' ||
+		r >= 'a' && r <= 'f' ||
+		r >= 'A' && r <= 'F' {
+		return false
+	}
+
+	return true
+}
+
+// Import parses the contents of a libotr private key file.
+func (priv *PrivateKey) Import(in []byte) bool {
+	mpiStart := []byte(" #")
+
+	mpis := make([]*big.Int, 5)
+
+	for i := 0; i < len(mpis); i++ {
+		start := bytes.Index(in, mpiStart)
+		if start == -1 {
+			return false
+		}
+		in = in[start+len(mpiStart):]
+		end := bytes.IndexFunc(in, notHex)
+		if end == -1 {
+			return false
+		}
+		hexBytes := in[:end]
+		in = in[end:]
+
+		if len(hexBytes)&1 != 0 {
+			return false
+		}
+
+		mpiBytes := make([]byte, len(hexBytes)/2)
+		if _, err := hex.Decode(mpiBytes, hexBytes); err != nil {
+			return false
+		}
+
+		mpis[i] = new(big.Int).SetBytes(mpiBytes)
+	}
+
+	for _, mpi := range mpis {
+		if mpi.Sign() <= 0 {
+			return false
+		}
+	}
+
+	priv.PrivateKey.P = mpis[0]
+	priv.PrivateKey.Q = mpis[1]
+	priv.PrivateKey.G = mpis[2]
+	priv.PrivateKey.Y = mpis[3]
+	priv.PrivateKey.X = mpis[4]
+	priv.PublicKey.PublicKey = priv.PrivateKey.PublicKey
+
+	a := new(big.Int).Exp(priv.PrivateKey.G, priv.PrivateKey.X, priv.PrivateKey.P)
+	return a.Cmp(priv.PrivateKey.Y) == 0
+}
+
+func getU8(in []byte) (uint8, []byte, bool) {
+	if len(in) < 1 {
+		return 0, in, false
+	}
+	return in[0], in[1:], true
+}
+
+func getU16(in []byte) (uint16, []byte, bool) {
+	if len(in) < 2 {
+		return 0, in, false
+	}
+	r := uint16(in[0])<<8 | uint16(in[1])
+	return r, in[2:], true
+}
+
+func getU32(in []byte) (uint32, []byte, bool) {
+	if len(in) < 4 {
+		return 0, in, false
+	}
+	r := uint32(in[0])<<24 | uint32(in[1])<<16 | uint32(in[2])<<8 | uint32(in[3])
+	return r, in[4:], true
+}
+
+func getMPI(in []byte) (*big.Int, []byte, bool) {
+	l, in, ok := getU32(in)
+	if !ok || uint32(len(in)) < l {
+		return nil, in, false
+	}
+	r := new(big.Int).SetBytes(in[:l])
+	return r, in[l:], true
+}
+
+func getData(in []byte) ([]byte, []byte, bool) {
+	l, in, ok := getU32(in)
+	if !ok || uint32(len(in)) < l {
+		return nil, in, false
+	}
+	return in[:l], in[l:], true
+}
+
+func getNBytes(in []byte, n int) ([]byte, []byte, bool) {
+	if len(in) < n {
+		return nil, in, false
+	}
+	return in[:n], in[n:], true
+}
+
+func appendU16(out []byte, v uint16) []byte {
+	out = append(out, byte(v>>8), byte(v))
+	return out
+}
+
+func appendU32(out []byte, v uint32) []byte {
+	out = append(out, byte(v>>24), byte(v>>16), byte(v>>8), byte(v))
+	return out
+}
+
+func appendData(out, v []byte) []byte {
+	out = appendU32(out, uint32(len(v)))
+	out = append(out, v...)
+	return out
+}
+
+func appendMPI(out []byte, v *big.Int) []byte {
+	vBytes := v.Bytes()
+	out = appendU32(out, uint32(len(vBytes)))
+	out = append(out, vBytes...)
+	return out
+}
+
+func appendMPIs(out []byte, mpis ...*big.Int) []byte {
+	for _, mpi := range mpis {
+		out = appendMPI(out, mpi)
+	}
+	return out
+}
+
+func zero(b []byte) {
+	for i := range b {
+		b[i] = 0
+	}
+}

vendor/golang.org/x/crypto/otr/smp.go

@@ -0,0 +1,572 @@
+// Copyright 2012 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// This file implements the Socialist Millionaires Protocol as described in
+// http://www.cypherpunks.ca/otr/Protocol-v2-3.1.0.html. The protocol
+// specification is required in order to understand this code and, where
+// possible, the variable names in the code match up with the spec.
+
+package otr
+
+import (
+	"bytes"
+	"crypto/sha256"
+	"errors"
+	"hash"
+	"math/big"
+)
+
+type smpFailure string
+
+func (s smpFailure) Error() string {
+	return string(s)
+}
+
+var smpFailureError = smpFailure("otr: SMP protocol failed")
+var smpSecretMissingError = smpFailure("otr: mutual secret needed")
+
+const smpVersion = 1
+
+const (
+	smpState1 = iota
+	smpState2
+	smpState3
+	smpState4
+)
+
+type smpState struct {
+	state                  int
+	a2, a3, b2, b3, pb, qb *big.Int
+	g2a, g3a               *big.Int
+	g2, g3                 *big.Int
+	g3b, papb, qaqb, ra    *big.Int
+	saved                  *tlv
+	secret                 *big.Int
+	question               string
+}
+
+func (c *Conversation) startSMP(question string) (tlvs []tlv) {
+	if c.smp.state != smpState1 {
+		tlvs = append(tlvs, c.generateSMPAbort())
+	}
+	tlvs = append(tlvs, c.generateSMP1(question))
+	c.smp.question = ""
+	c.smp.state = smpState2
+	return
+}
+
+func (c *Conversation) resetSMP() {
+	c.smp.state = smpState1
+	c.smp.secret = nil
+	c.smp.question = ""
+}
+
+func (c *Conversation) processSMP(in tlv) (out tlv, complete bool, err error) {
+	data := in.data
+
+	switch in.typ {
+	case tlvTypeSMPAbort:
+		if c.smp.state != smpState1 {
+			err = smpFailureError
+		}
+		c.resetSMP()
+		return
+	case tlvTypeSMP1WithQuestion:
+		// We preprocess this into a SMP1 message.
+		nulPos := bytes.IndexByte(data, 0)
+		if nulPos == -1 {
+			err = errors.New("otr: SMP message with question didn't contain a NUL byte")
+			return
+		}
+		c.smp.question = string(data[:nulPos])
+		data = data[nulPos+1:]
+	}
+
+	numMPIs, data, ok := getU32(data)
+	if !ok || numMPIs > 20 {
+		err = errors.New("otr: corrupt SMP message")
+		return
+	}
+
+	mpis := make([]*big.Int, numMPIs)
+	for i := range mpis {
+		var ok bool
+		mpis[i], data, ok = getMPI(data)
+		if !ok {
+			err = errors.New("otr: corrupt SMP message")
+			return
+		}
+	}
+
+	switch in.typ {
+	case tlvTypeSMP1, tlvTypeSMP1WithQuestion:
+		if c.smp.state != smpState1 {
+			c.resetSMP()
+			out = c.generateSMPAbort()
+			return
+		}
+		if c.smp.secret == nil {
+			err = smpSecretMissingError
+			return
+		}
+		if err = c.processSMP1(mpis); err != nil {
+			return
+		}
+		c.smp.state = smpState3
+		out = c.generateSMP2()
+	case tlvTypeSMP2:
+		if c.smp.state != smpState2 {
+			c.resetSMP()
+			out = c.generateSMPAbort()
+			return
+		}
+		if out, err = c.processSMP2(mpis); err != nil {
+			out = c.generateSMPAbort()
+			return
+		}
+		c.smp.state = smpState4
+	case tlvTypeSMP3:
+		if c.smp.state != smpState3 {
+			c.resetSMP()
+			out = c.generateSMPAbort()
+			return
+		}
+		if out, err = c.processSMP3(mpis); err != nil {
+			return
+		}
+		c.smp.state = smpState1
+		c.smp.secret = nil
+		complete = true
+	case tlvTypeSMP4:
+		if c.smp.state != smpState4 {
+			c.resetSMP()
+			out = c.generateSMPAbort()
+			return
+		}
+		if err = c.processSMP4(mpis); err != nil {
+			out = c.generateSMPAbort()
+			return
+		}
+		c.smp.state = smpState1
+		c.smp.secret = nil
+		complete = true
+	default:
+		panic("unknown SMP message")
+	}
+
+	return
+}
+
+func (c *Conversation) calcSMPSecret(mutualSecret []byte, weStarted bool) {
+	h := sha256.New()
+	h.Write([]byte{smpVersion})
+	if weStarted {
+		h.Write(c.PrivateKey.PublicKey.Fingerprint())
+		h.Write(c.TheirPublicKey.Fingerprint())
+	} else {
+		h.Write(c.TheirPublicKey.Fingerprint())
+		h.Write(c.PrivateKey.PublicKey.Fingerprint())
+	}
+	h.Write(c.SSID[:])
+	h.Write(mutualSecret)
+	c.smp.secret = new(big.Int).SetBytes(h.Sum(nil))
+}
+
+func (c *Conversation) generateSMP1(question string) tlv {
+	var randBuf [16]byte
+	c.smp.a2 = c.randMPI(randBuf[:])
+	c.smp.a3 = c.randMPI(randBuf[:])
+	g2a := new(big.Int).Exp(g, c.smp.a2, p)
+	g3a := new(big.Int).Exp(g, c.smp.a3, p)
+	h := sha256.New()
+
+	r2 := c.randMPI(randBuf[:])
+	r := new(big.Int).Exp(g, r2, p)
+	c2 := new(big.Int).SetBytes(hashMPIs(h, 1, r))
+	d2 := new(big.Int).Mul(c.smp.a2, c2)
+	d2.Sub(r2, d2)
+	d2.Mod(d2, q)
+	if d2.Sign() < 0 {
+		d2.Add(d2, q)
+	}
+
+	r3 := c.randMPI(randBuf[:])
+	r.Exp(g, r3, p)
+	c3 := new(big.Int).SetBytes(hashMPIs(h, 2, r))
+	d3 := new(big.Int).Mul(c.smp.a3, c3)
+	d3.Sub(r3, d3)
+	d3.Mod(d3, q)
+	if d3.Sign() < 0 {
+		d3.Add(d3, q)
+	}
+
+	var ret tlv
+	if len(question) > 0 {
+		ret.typ = tlvTypeSMP1WithQuestion
+		ret.data = append(ret.data, question...)
+		ret.data = append(ret.data, 0)
+	} else {
+		ret.typ = tlvTypeSMP1
+	}
+	ret.data = appendU32(ret.data, 6)
+	ret.data = appendMPIs(ret.data, g2a, c2, d2, g3a, c3, d3)
+	return ret
+}
+
+func (c *Conversation) processSMP1(mpis []*big.Int) error {
+	if len(mpis) != 6 {
+		return errors.New("otr: incorrect number of arguments in SMP1 message")
+	}
+	g2a := mpis[0]
+	c2 := mpis[1]
+	d2 := mpis[2]
+	g3a := mpis[3]
+	c3 := mpis[4]
+	d3 := mpis[5]
+	h := sha256.New()
+
+	r := new(big.Int).Exp(g, d2, p)
+	s := new(big.Int).Exp(g2a, c2, p)
+	r.Mul(r, s)
+	r.Mod(r, p)
+	t := new(big.Int).SetBytes(hashMPIs(h, 1, r))
+	if c2.Cmp(t) != 0 {
+		return errors.New("otr: ZKP c2 incorrect in SMP1 message")
+	}
+	r.Exp(g, d3, p)
+	s.Exp(g3a, c3, p)
+	r.Mul(r, s)
+	r.Mod(r, p)
+	t.SetBytes(hashMPIs(h, 2, r))
+	if c3.Cmp(t) != 0 {
+		return errors.New("otr: ZKP c3 incorrect in SMP1 message")
+	}
+
+	c.smp.g2a = g2a
+	c.smp.g3a = g3a
+	return nil
+}
+
+func (c *Conversation) generateSMP2() tlv {
+	var randBuf [16]byte
+	b2 := c.randMPI(randBuf[:])
+	c.smp.b3 = c.randMPI(randBuf[:])
+	r2 := c.randMPI(randBuf[:])
+	r3 := c.randMPI(randBuf[:])
+	r4 := c.randMPI(randBuf[:])
+	r5 := c.randMPI(randBuf[:])
+	r6 := c.randMPI(randBuf[:])
+
+	g2b := new(big.Int).Exp(g, b2, p)
+	g3b := new(big.Int).Exp(g, c.smp.b3, p)
+
+	r := new(big.Int).Exp(g, r2, p)
+	h := sha256.New()
+	c2 := new(big.Int).SetBytes(hashMPIs(h, 3, r))
+	d2 := new(big.Int).Mul(b2, c2)
+	d2.Sub(r2, d2)
+	d2.Mod(d2, q)
+	if d2.Sign() < 0 {
+		d2.Add(d2, q)
+	}
+
+	r.Exp(g, r3, p)
+	c3 := new(big.Int).SetBytes(hashMPIs(h, 4, r))
+	d3 := new(big.Int).Mul(c.smp.b3, c3)
+	d3.Sub(r3, d3)
+	d3.Mod(d3, q)
+	if d3.Sign() < 0 {
+		d3.Add(d3, q)
+	}
+
+	c.smp.g2 = new(big.Int).Exp(c.smp.g2a, b2, p)
+	c.smp.g3 = new(big.Int).Exp(c.smp.g3a, c.smp.b3, p)
+	c.smp.pb = new(big.Int).Exp(c.smp.g3, r4, p)
+	c.smp.qb = new(big.Int).Exp(g, r4, p)
+	r.Exp(c.smp.g2, c.smp.secret, p)
+	c.smp.qb.Mul(c.smp.qb, r)
+	c.smp.qb.Mod(c.smp.qb, p)
+
+	s := new(big.Int)
+	s.Exp(c.smp.g2, r6, p)
+	r.Exp(g, r5, p)
+	s.Mul(r, s)
+	s.Mod(s, p)
+	r.Exp(c.smp.g3, r5, p)
+	cp := new(big.Int).SetBytes(hashMPIs(h, 5, r, s))
+
+	// D5 = r5 - r4 cP mod q and D6 = r6 - y cP mod q
+
+	s.Mul(r4, cp)
+	r.Sub(r5, s)
+	d5 := new(big.Int).Mod(r, q)
+	if d5.Sign() < 0 {
+		d5.Add(d5, q)
+	}
+
+	s.Mul(c.smp.secret, cp)
+	r.Sub(r6, s)
+	d6 := new(big.Int).Mod(r, q)
+	if d6.Sign() < 0 {
+		d6.Add(d6, q)
+	}
+
+	var ret tlv
+	ret.typ = tlvTypeSMP2
+	ret.data = appendU32(ret.data, 11)
+	ret.data = appendMPIs(ret.data, g2b, c2, d2, g3b, c3, d3, c.smp.pb, c.smp.qb, cp, d5, d6)
+	return ret
+}
+
+func (c *Conversation) processSMP2(mpis []*big.Int) (out tlv, err error) {
+	if len(mpis) != 11 {
+		err = errors.New("otr: incorrect number of arguments in SMP2 message")
+		return
+	}
+	g2b := mpis[0]
+	c2 := mpis[1]
+	d2 := mpis[2]
+	g3b := mpis[3]
+	c3 := mpis[4]
+	d3 := mpis[5]
+	pb := mpis[6]
+	qb := mpis[7]
+	cp := mpis[8]
+	d5 := mpis[9]
+	d6 := mpis[10]
+	h := sha256.New()
+
+	r := new(big.Int).Exp(g, d2, p)
+	s := new(big.Int).Exp(g2b, c2, p)
+	r.Mul(r, s)
+	r.Mod(r, p)
+	s.SetBytes(hashMPIs(h, 3, r))
+	if c2.Cmp(s) != 0 {
+		err = errors.New("otr: ZKP c2 failed in SMP2 message")
+		return
+	}
+
+	r.Exp(g, d3, p)
+	s.Exp(g3b, c3, p)
+	r.Mul(r, s)
+	r.Mod(r, p)
+	s.SetBytes(hashMPIs(h, 4, r))
+	if c3.Cmp(s) != 0 {
+		err = errors.New("otr: ZKP c3 failed in SMP2 message")
+		return
+	}
+
+	c.smp.g2 = new(big.Int).Exp(g2b, c.smp.a2, p)
+	c.smp.g3 = new(big.Int).Exp(g3b, c.smp.a3, p)
+
+	r.Exp(g, d5, p)
+	s.Exp(c.smp.g2, d6, p)
+	r.Mul(r, s)
+	s.Exp(qb, cp, p)
+	r.Mul(r, s)
+	r.Mod(r, p)
+
+	s.Exp(c.smp.g3, d5, p)
+	t := new(big.Int).Exp(pb, cp, p)
+	s.Mul(s, t)
+	s.Mod(s, p)
+	t.SetBytes(hashMPIs(h, 5, s, r))
+	if cp.Cmp(t) != 0 {
+		err = errors.New("otr: ZKP cP failed in SMP2 message")
+		return
+	}
+
+	var randBuf [16]byte
+	r4 := c.randMPI(randBuf[:])
+	r5 := c.randMPI(randBuf[:])
+	r6 := c.randMPI(randBuf[:])
+	r7 := c.randMPI(randBuf[:])
+
+	pa := new(big.Int).Exp(c.smp.g3, r4, p)
+	r.Exp(c.smp.g2, c.smp.secret, p)
+	qa := new(big.Int).Exp(g, r4, p)
+	qa.Mul(qa, r)
+	qa.Mod(qa, p)
+
+	r.Exp(g, r5, p)
+	s.Exp(c.smp.g2, r6, p)
+	r.Mul(r, s)
+	r.Mod(r, p)
+
+	s.Exp(c.smp.g3, r5, p)
+	cp.SetBytes(hashMPIs(h, 6, s, r))
+
+	r.Mul(r4, cp)
+	d5 = new(big.Int).Sub(r5, r)
+	d5.Mod(d5, q)
+	if d5.Sign() < 0 {
+		d5.Add(d5, q)
+	}
+
+	r.Mul(c.smp.secret, cp)
+	d6 = new(big.Int).Sub(r6, r)
+	d6.Mod(d6, q)
+	if d6.Sign() < 0 {
+		d6.Add(d6, q)
+	}
+
+	r.ModInverse(qb, p)
+	qaqb := new(big.Int).Mul(qa, r)
+	qaqb.Mod(qaqb, p)
+
+	ra := new(big.Int).Exp(qaqb, c.smp.a3, p)
+	r.Exp(qaqb, r7, p)
+	s.Exp(g, r7, p)
+	cr := new(big.Int).SetBytes(hashMPIs(h, 7, s, r))
+
+	r.Mul(c.smp.a3, cr)
+	d7 := new(big.Int).Sub(r7, r)
+	d7.Mod(d7, q)
+	if d7.Sign() < 0 {
+		d7.Add(d7, q)
+	}
+
+	c.smp.g3b = g3b
+	c.smp.qaqb = qaqb
+
+	r.ModInverse(pb, p)
+	c.smp.papb = new(big.Int).Mul(pa, r)
+	c.smp.papb.Mod(c.smp.papb, p)
+	c.smp.ra = ra
+
+	out.typ = tlvTypeSMP3
+	out.data = appendU32(out.data, 8)
+	out.data = appendMPIs(out.data, pa, qa, cp, d5, d6, ra, cr, d7)
+	return
+}
+
+func (c *Conversation) processSMP3(mpis []*big.Int) (out tlv, err error) {
+	if len(mpis) != 8 {
+		err = errors.New("otr: incorrect number of arguments in SMP3 message")
+		return
+	}
+	pa := mpis[0]
+	qa := mpis[1]
+	cp := mpis[2]
+	d5 := mpis[3]
+	d6 := mpis[4]
+	ra := mpis[5]
+	cr := mpis[6]
+	d7 := mpis[7]
+	h := sha256.New()
+
+	r := new(big.Int).Exp(g, d5, p)
+	s := new(big.Int).Exp(c.smp.g2, d6, p)
+	r.Mul(r, s)
+	s.Exp(qa, cp, p)
+	r.Mul(r, s)
+	r.Mod(r, p)
+
+	s.Exp(c.smp.g3, d5, p)
+	t := new(big.Int).Exp(pa, cp, p)
+	s.Mul(s, t)
+	s.Mod(s, p)
+	t.SetBytes(hashMPIs(h, 6, s, r))
+	if t.Cmp(cp) != 0 {
+		err = errors.New("otr: ZKP cP failed in SMP3 message")
+		return
+	}
+
+	r.ModInverse(c.smp.qb, p)
+	qaqb := new(big.Int).Mul(qa, r)
+	qaqb.Mod(qaqb, p)
+
+	r.Exp(qaqb, d7, p)
+	s.Exp(ra, cr, p)
+	r.Mul(r, s)
+	r.Mod(r, p)
+
+	s.Exp(g, d7, p)
+	t.Exp(c.smp.g3a, cr, p)
+	s.Mul(s, t)
+	s.Mod(s, p)
+	t.SetBytes(hashMPIs(h, 7, s, r))
+	if t.Cmp(cr) != 0 {
+		err = errors.New("otr: ZKP cR failed in SMP3 message")
+		return
+	}
+
+	var randBuf [16]byte
+	r7 := c.randMPI(randBuf[:])
+	rb := new(big.Int).Exp(qaqb, c.smp.b3, p)
+
+	r.Exp(qaqb, r7, p)
+	s.Exp(g, r7, p)
+	cr = new(big.Int).SetBytes(hashMPIs(h, 8, s, r))
+
+	r.Mul(c.smp.b3, cr)
+	d7 = new(big.Int).Sub(r7, r)
+	d7.Mod(d7, q)
+	if d7.Sign() < 0 {
+		d7.Add(d7, q)
+	}
+
+	out.typ = tlvTypeSMP4
+	out.data = appendU32(out.data, 3)
+	out.data = appendMPIs(out.data, rb, cr, d7)
+
+	r.ModInverse(c.smp.pb, p)
+	r.Mul(pa, r)
+	r.Mod(r, p)
+	s.Exp(ra, c.smp.b3, p)
+	if r.Cmp(s) != 0 {
+		err = smpFailureError
+	}
+
+	return
+}
+
+func (c *Conversation) processSMP4(mpis []*big.Int) error {
+	if len(mpis) != 3 {
+		return errors.New("otr: incorrect number of arguments in SMP4 message")
+	}
+	rb := mpis[0]
+	cr := mpis[1]
+	d7 := mpis[2]
+	h := sha256.New()
+
+	r := new(big.Int).Exp(c.smp.qaqb, d7, p)
+	s := new(big.Int).Exp(rb, cr, p)
+	r.Mul(r, s)
+	r.Mod(r, p)
+
+	s.Exp(g, d7, p)
+	t := new(big.Int).Exp(c.smp.g3b, cr, p)
+	s.Mul(s, t)
+	s.Mod(s, p)
+	t.SetBytes(hashMPIs(h, 8, s, r))
+	if t.Cmp(cr) != 0 {
+		return errors.New("otr: ZKP cR failed in SMP4 message")
+	}
+
+	r.Exp(rb, c.smp.a3, p)
+	if r.Cmp(c.smp.papb) != 0 {
+		return smpFailureError
+	}
+
+	return nil
+}
+
+func (c *Conversation) generateSMPAbort() tlv {
+	return tlv{typ: tlvTypeSMPAbort}
+}
+
+func hashMPIs(h hash.Hash, magic byte, mpis ...*big.Int) []byte {
+	if h != nil {
+		h.Reset()
+	} else {
+		h = sha256.New()
+	}
+
+	h.Write([]byte{magic})
+	for _, mpi := range mpis {
+		h.Write(appendMPI(nil, mpi))
+	}
+	return h.Sum(nil)
+}

vendor/golang.org/x/crypto/ssh/test/doc.go

@@ -0,0 +1,7 @@
+// Copyright 2012 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package test contains integration tests for the
+// golang.org/x/crypto/ssh package.
+package test // import "golang.org/x/crypto/ssh/test"

vendor/golang.org/x/crypto/ssh/test/sshd_test_pw.c

@@ -0,0 +1,173 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// sshd_test_pw.c
+// Wrapper to inject test password data for sshd PAM authentication
+//
+// This wrapper implements custom versions of getpwnam, getpwnam_r,
+// getspnam and getspnam_r. These functions first call their real
+// libc versions, then check if the requested user matches test user
+// specified in env variable TEST_USER and if so replace the password
+// with crypted() value of TEST_PASSWD env variable.
+//
+// Compile:
+// gcc -Wall -shared -o sshd_test_pw.so -fPIC sshd_test_pw.c
+//
+// Compile with debug:
+// gcc -DVERBOSE -Wall -shared -o sshd_test_pw.so -fPIC sshd_test_pw.c
+//
+// Run sshd:
+// LD_PRELOAD="sshd_test_pw.so" TEST_USER="..." TEST_PASSWD="..." sshd ...
+
+// +build ignore
+
+#define _GNU_SOURCE
+#include <string.h>
+#include <pwd.h>
+#include <shadow.h>
+#include <dlfcn.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <stdio.h>
+
+#ifdef VERBOSE
+#define DEBUG(X...) fprintf(stderr, X)
+#else
+#define DEBUG(X...) while (0) { }
+#endif
+
+/* crypt() password */
+static char *
+pwhash(char *passwd) {
+  return strdup(crypt(passwd, "$6$"));
+}
+
+/* Pointers to real functions in libc */
+static struct passwd * (*real_getpwnam)(const char *) = NULL;
+static int (*real_getpwnam_r)(const char *, struct passwd *, char *, size_t, struct passwd **) = NULL;
+static struct spwd * (*real_getspnam)(const char *) = NULL;
+static int (*real_getspnam_r)(const char *, struct spwd *, char *, size_t, struct spwd **) = NULL;
+
+/* Cached test user and test password */
+static char *test_user = NULL;
+static char *test_passwd_hash = NULL;
+
+static void
+init(void) {
+  /* Fetch real libc function pointers */
+  real_getpwnam = dlsym(RTLD_NEXT, "getpwnam");
+  real_getpwnam_r = dlsym(RTLD_NEXT, "getpwnam_r");
+  real_getspnam = dlsym(RTLD_NEXT, "getspnam");
+  real_getspnam_r = dlsym(RTLD_NEXT, "getspnam_r");
+  
+  /* abort if env variables are not defined */
+  if (getenv("TEST_USER") == NULL || getenv("TEST_PASSWD") == NULL) {
+    fprintf(stderr, "env variables TEST_USER and TEST_PASSWD are missing\n");
+    abort();
+  }
+
+  /* Fetch test user and test password from env */
+  test_user = strdup(getenv("TEST_USER"));
+  test_passwd_hash = pwhash(getenv("TEST_PASSWD"));
+
+  DEBUG("sshd_test_pw init():\n");
+  DEBUG("\treal_getpwnam: %p\n", real_getpwnam);
+  DEBUG("\treal_getpwnam_r: %p\n", real_getpwnam_r);
+  DEBUG("\treal_getspnam: %p\n", real_getspnam);
+  DEBUG("\treal_getspnam_r: %p\n", real_getspnam_r);
+  DEBUG("\tTEST_USER: '%s'\n", test_user);
+  DEBUG("\tTEST_PASSWD: '%s'\n", getenv("TEST_PASSWD"));
+  DEBUG("\tTEST_PASSWD_HASH: '%s'\n", test_passwd_hash);
+}
+
+static int
+is_test_user(const char *name) {
+  if (test_user != NULL && strcmp(test_user, name) == 0)
+    return 1;
+  return 0;
+}
+
+/* getpwnam */
+
+struct passwd *
+getpwnam(const char *name) {
+  struct passwd *pw;
+
+  DEBUG("sshd_test_pw getpwnam(%s)\n", name);
+  
+  if (real_getpwnam == NULL)
+    init();
+  if ((pw = real_getpwnam(name)) == NULL)
+    return NULL;
+
+  if (is_test_user(name))
+    pw->pw_passwd = strdup(test_passwd_hash);
+      
+  return pw;
+}
+
+/* getpwnam_r */
+
+int
+getpwnam_r(const char *name,
+	   struct passwd *pwd,
+	   char *buf,
+	   size_t buflen,
+	   struct passwd **result) {
+  int r;
+
+  DEBUG("sshd_test_pw getpwnam_r(%s)\n", name);
+  
+  if (real_getpwnam_r == NULL)
+    init();
+  if ((r = real_getpwnam_r(name, pwd, buf, buflen, result)) != 0 || *result == NULL)
+    return r;
+
+  if (is_test_user(name))
+    pwd->pw_passwd = strdup(test_passwd_hash);
+  
+  return 0;
+}
+
+/* getspnam */
+
+struct spwd *
+getspnam(const char *name) {
+  struct spwd *sp;
+
+  DEBUG("sshd_test_pw getspnam(%s)\n", name);
+  
+  if (real_getspnam == NULL)
+    init();
+  if ((sp = real_getspnam(name)) == NULL)
+    return NULL;
+
+  if (is_test_user(name))
+    sp->sp_pwdp = strdup(test_passwd_hash);
+  
+  return sp;
+}
+
+/* getspnam_r */
+
+int
+getspnam_r(const char *name,
+	   struct spwd *spbuf,
+	   char *buf,
+	   size_t buflen,
+	   struct spwd **spbufp) {
+  int r;
+
+  DEBUG("sshd_test_pw getspnam_r(%s)\n", name);
+  
+  if (real_getspnam_r == NULL)
+    init();
+  if ((r = real_getspnam_r(name, spbuf, buf, buflen, spbufp)) != 0)
+    return r;
+
+  if (is_test_user(name))
+    spbuf->sp_pwdp = strdup(test_passwd_hash);
+  
+  return r;
+}

vendor/golang.org/x/sys/cpu/cpu.go

@@ -0,0 +1,38 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package cpu implements processor feature detection for
+// various CPU architectures.
+package cpu
+
+// CacheLinePad is used to pad structs to avoid false sharing.
+type CacheLinePad struct{ _ [cacheLineSize]byte }
+
+// X86 contains the supported CPU features of the
+// current X86/AMD64 platform. If the current platform
+// is not X86/AMD64 then all feature flags are false.
+//
+// X86 is padded to avoid false sharing. Further the HasAVX
+// and HasAVX2 are only set if the OS supports XMM and YMM
+// registers in addition to the CPUID feature bit being set.
+var X86 struct {
+	_            CacheLinePad
+	HasAES       bool // AES hardware implementation (AES NI)
+	HasADX       bool // Multi-precision add-carry instruction extensions
+	HasAVX       bool // Advanced vector extension
+	HasAVX2      bool // Advanced vector extension 2
+	HasBMI1      bool // Bit manipulation instruction set 1
+	HasBMI2      bool // Bit manipulation instruction set 2
+	HasERMS      bool // Enhanced REP for MOVSB and STOSB
+	HasFMA       bool // Fused-multiply-add instructions
+	HasOSXSAVE   bool // OS supports XSAVE/XRESTOR for saving/restoring XMM registers.
+	HasPCLMULQDQ bool // PCLMULQDQ instruction - most often used for AES-GCM
+	HasPOPCNT    bool // Hamming weight instruction POPCNT.
+	HasSSE2      bool // Streaming SIMD extension 2 (always available on amd64)
+	HasSSE3      bool // Streaming SIMD extension 3
+	HasSSSE3     bool // Supplemental streaming SIMD extension 3
+	HasSSE41     bool // Streaming SIMD extension 4 and 4.1
+	HasSSE42     bool // Streaming SIMD extension 4 and 4.2
+	_            CacheLinePad
+}

vendor/golang.org/x/sys/cpu/cpu_arm.go

@@ -0,0 +1,7 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cpu
+
+const cacheLineSize = 32

vendor/golang.org/x/sys/cpu/cpu_arm64.go

@@ -0,0 +1,7 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cpu
+
+const cacheLineSize = 64

vendor/golang.org/x/sys/cpu/cpu_gc_x86.go

@@ -0,0 +1,16 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build 386 amd64 amd64p32
+// +build !gccgo
+
+package cpu
+
+// cpuid is implemented in cpu_x86.s for gc compiler
+// and in cpu_gccgo.c for gccgo.
+func cpuid(eaxArg, ecxArg uint32) (eax, ebx, ecx, edx uint32)
+
+// xgetbv with ecx = 0 is implemented in cpu_x86.s for gc compiler
+// and in cpu_gccgo.c for gccgo.
+func xgetbv() (eax, edx uint32)

vendor/golang.org/x/sys/cpu/cpu_gccgo.c

@@ -0,0 +1,43 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build 386 amd64 amd64p32
+// +build gccgo
+
+#include <cpuid.h>
+#include <stdint.h>
+
+// Need to wrap __get_cpuid_count because it's declared as static.
+int
+gccgoGetCpuidCount(uint32_t leaf, uint32_t subleaf,
+                   uint32_t *eax, uint32_t *ebx,
+                   uint32_t *ecx, uint32_t *edx)
+{
+	return __get_cpuid_count(leaf, subleaf, eax, ebx, ecx, edx);
+}
+
+// xgetbv reads the contents of an XCR (Extended Control Register)
+// specified in the ECX register into registers EDX:EAX.
+// Currently, the only supported value for XCR is 0.
+//
+// TODO: Replace with a better alternative:
+//
+//     #include <xsaveintrin.h>
+//
+//     #pragma GCC target("xsave")
+//
+//     void gccgoXgetbv(uint32_t *eax, uint32_t *edx) {
+//       unsigned long long x = _xgetbv(0);
+//       *eax = x & 0xffffffff;
+//       *edx = (x >> 32) & 0xffffffff;
+//     }
+//
+// Note that _xgetbv is defined starting with GCC 8.
+void
+gccgoXgetbv(uint32_t *eax, uint32_t *edx)
+{
+	__asm("  xorl %%ecx, %%ecx\n"
+	      "  xgetbv"
+	    : "=a"(*eax), "=d"(*edx));
+}

vendor/golang.org/x/sys/cpu/cpu_gccgo.go

@@ -0,0 +1,26 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build 386 amd64 amd64p32
+// +build gccgo
+
+package cpu
+
+//extern gccgoGetCpuidCount
+func gccgoGetCpuidCount(eaxArg, ecxArg uint32, eax, ebx, ecx, edx *uint32)
+
+func cpuid(eaxArg, ecxArg uint32) (eax, ebx, ecx, edx uint32) {
+	var a, b, c, d uint32
+	gccgoGetCpuidCount(eaxArg, ecxArg, &a, &b, &c, &d)
+	return a, b, c, d
+}
+
+//extern gccgoXgetbv
+func gccgoXgetbv(eax, edx *uint32)
+
+func xgetbv() (eax, edx uint32) {
+	var a, d uint32
+	gccgoXgetbv(&a, &d)
+	return a, d
+}

vendor/golang.org/x/sys/cpu/cpu_mips64x.go

@@ -0,0 +1,9 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build mips64 mips64le
+
+package cpu
+
+const cacheLineSize = 32

vendor/golang.org/x/sys/cpu/cpu_mipsx.go

@@ -0,0 +1,9 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build mips mipsle
+
+package cpu
+
+const cacheLineSize = 32

vendor/golang.org/x/sys/cpu/cpu_ppc64x.go

@@ -0,0 +1,9 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build ppc64 ppc64le
+
+package cpu
+
+const cacheLineSize = 128

vendor/golang.org/x/sys/cpu/cpu_s390x.go

@@ -0,0 +1,7 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cpu
+
+const cacheLineSize = 256

vendor/golang.org/x/sys/cpu/cpu_x86.go

@@ -0,0 +1,55 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build 386 amd64 amd64p32
+
+package cpu
+
+const cacheLineSize = 64
+
+func init() {
+	maxID, _, _, _ := cpuid(0, 0)
+
+	if maxID < 1 {
+		return
+	}
+
+	_, _, ecx1, edx1 := cpuid(1, 0)
+	X86.HasSSE2 = isSet(26, edx1)
+
+	X86.HasSSE3 = isSet(0, ecx1)
+	X86.HasPCLMULQDQ = isSet(1, ecx1)
+	X86.HasSSSE3 = isSet(9, ecx1)
+	X86.HasFMA = isSet(12, ecx1)
+	X86.HasSSE41 = isSet(19, ecx1)
+	X86.HasSSE42 = isSet(20, ecx1)
+	X86.HasPOPCNT = isSet(23, ecx1)
+	X86.HasAES = isSet(25, ecx1)
+	X86.HasOSXSAVE = isSet(27, ecx1)
+
+	osSupportsAVX := false
+	// For XGETBV, OSXSAVE bit is required and sufficient.
+	if X86.HasOSXSAVE {
+		eax, _ := xgetbv()
+		// Check if XMM and YMM registers have OS support.
+		osSupportsAVX = isSet(1, eax) && isSet(2, eax)
+	}
+
+	X86.HasAVX = isSet(28, ecx1) && osSupportsAVX
+
+	if maxID < 7 {
+		return
+	}
+
+	_, ebx7, _, _ := cpuid(7, 0)
+	X86.HasBMI1 = isSet(3, ebx7)
+	X86.HasAVX2 = isSet(5, ebx7) && osSupportsAVX
+	X86.HasBMI2 = isSet(8, ebx7)
+	X86.HasERMS = isSet(9, ebx7)
+	X86.HasADX = isSet(19, ebx7)
+}
+
+func isSet(bitpos uint, value uint32) bool {
+	return value&(1<<bitpos) != 0
+}

vendor/golang.org/x/sys/cpu/cpu_x86.s

@@ -0,0 +1,27 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build 386 amd64 amd64p32
+// +build !gccgo
+
+#include "textflag.h"
+
+// func cpuid(eaxArg, ecxArg uint32) (eax, ebx, ecx, edx uint32)
+TEXT ·cpuid(SB), NOSPLIT, $0-24
+	MOVL eaxArg+0(FP), AX
+	MOVL ecxArg+4(FP), CX
+	CPUID
+	MOVL AX, eax+8(FP)
+	MOVL BX, ebx+12(FP)
+	MOVL CX, ecx+16(FP)
+	MOVL DX, edx+20(FP)
+	RET
+
+// func xgetbv() (eax, edx uint32)
+TEXT ·xgetbv(SB),NOSPLIT,$0-8
+	MOVL $0, CX
+	XGETBV
+	MOVL AX, eax+0(FP)
+	MOVL DX, edx+4(FP)
+	RET