0ct0pu5/moby
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Compare commits

base: 0ct0pu5:master
Branches Tags
0ct0pu5:master
0ct0pu5:26.0
0ct0pu5:24.0
0ct0pu5:23.0
0ct0pu5:25.0
0ct0pu5:20.10
0ct0pu5:22.06
0ct0pu5:19.03
0ct0pu5:17.03.x
0ct0pu5:17.04.x
0ct0pu5:17.05.x
0ct0pu5:1.13.x
0ct0pu5:docs
0ct0pu5:1.12.x
0ct0pu5:v26.0.2
0ct0pu5:v26.0.1
0ct0pu5:v23.0.10
0ct0pu5:v26.0.0
0ct0pu5:v26.0.0-rc3
0ct0pu5:v25.0.5
0ct0pu5:v26.0.0-rc2
0ct0pu5:v25.0.4
0ct0pu5:v26.0.0-rc1
0ct0pu5:v25.0.3
0ct0pu5:v24.0.9
0ct0pu5:v25.0.2
0ct0pu5:v23.0.9
0ct0pu5:v24.0.8
0ct0pu5:v25.0.1
0ct0pu5:v25.0.0
0ct0pu5:v25.0.0-rc.3
0ct0pu5:v25.0.0-rc.2
0ct0pu5:v25.0.0-rc.1
0ct0pu5:v25.0.0-beta.3
0ct0pu5:v25.0.0-beta.2
0ct0pu5:v20.10.27
0ct0pu5:v23.0.8
0ct0pu5:v25.0.0-beta.1
0ct0pu5:v24.0.7
0ct0pu5:v23.0.7
0ct0pu5:v20.10.26
0ct0pu5:v24.0.6
0ct0pu5:v24.0.5
0ct0pu5:v24.0.4
0ct0pu5:v24.0.3
0ct0pu5:v24.0.2
0ct0pu5:v24.0.1
0ct0pu5:v24.0.0
0ct0pu5:v20.10.25
0ct0pu5:v24.0.0-rc.4
0ct0pu5:v24.0.0-rc.3
0ct0pu5:v23.0.6
0ct0pu5:v24.0.0-rc.2
0ct0pu5:v24.0.0-rc.1
0ct0pu5:v23.0.5
0ct0pu5:v23.0.4
0ct0pu5:v24.0.0-beta.2
0ct0pu5:v23.0.3
0ct0pu5:v20.10.24
0ct0pu5:v24.0.0-beta.1
0ct0pu5:v23.0.2
0ct0pu5:v23.0.1
0ct0pu5:v23.0.0
0ct0pu5:v23.0.0-rc.4
0ct0pu5:v23.0.0-rc.3
0ct0pu5:v20.10.23
0ct0pu5:v23.0.0-rc.2
0ct0pu5:v23.0.0-rc.1
0ct0pu5:v20.10.22
0ct0pu5:v23.0.0-beta.1
0ct0pu5:v20.10.21
0ct0pu5:v20.10.20
0ct0pu5:v20.10.19
0ct0pu5:v20.10.18
0ct0pu5:v20.10.17
0ct0pu5:v22.06.0-beta.0
0ct0pu5:v20.10.16
0ct0pu5:v20.10.15
0ct0pu5:v20.10.14
0ct0pu5:v20.10.13
0ct0pu5:v20.10.12
0ct0pu5:v20.10.11
0ct0pu5:v20.10.10
0ct0pu5:v20.10.10-rc1
0ct0pu5:v20.10.9
0ct0pu5:v20.10.8
0ct0pu5:v20.10.7
0ct0pu5:v20.10.6
0ct0pu5:v20.10.5
0ct0pu5:v20.10.4
0ct0pu5:v19.03.15
0ct0pu5:v20.10.3
0ct0pu5:v20.10.2
0ct0pu5:v20.10.1
0ct0pu5:v20.10.0
0ct0pu5:v20.10.0-rc2
0ct0pu5:v19.03.14
0ct0pu5:v20.10.0-rc1
0ct0pu5:v20.10.0-beta1
0ct0pu5:v19.03.13
0ct0pu5:v19.03.13-beta2
0ct0pu5:v19.03.13-beta1
0ct0pu5:v19.03.12
0ct0pu5:v19.03.11
0ct0pu5:v19.03.10
0ct0pu5:v19.03.9
0ct0pu5:v19.03.8
0ct0pu5:v19.03.7
0ct0pu5:v19.03.6
0ct0pu5:v19.03.6-rc2
0ct0pu5:v19.03.6-rc1
0ct0pu5:v19.03.5
0ct0pu5:v19.03.5-rc1
0ct0pu5:v19.03.5-beta2
0ct0pu5:v19.03.5-beta1
0ct0pu5:v19.03.4
0ct0pu5:v19.03.4-rc1
0ct0pu5:v19.03.3
0ct0pu5:v19.03.3-rc1
0ct0pu5:v19.03.3-beta2
0ct0pu5:v19.03.3-beta1
0ct0pu5:v18.09.9
0ct0pu5:v19.03.2
0ct0pu5:v19.03.2-rc1
0ct0pu5:v18.09.9-rc1
0ct0pu5:v19.03.2-beta1
0ct0pu5:v19.03.1
0ct0pu5:v19.03.0
0ct0pu5:v18.09.8
0ct0pu5:v18.09.7
0ct0pu5:v18.09.7-rc1
0ct0pu5:v19.03.0-rc3
0ct0pu5:v19.03.0-rc2
0ct0pu5:v19.03.0-beta5
0ct0pu5:v19.03.0-beta4
0ct0pu5:v18.09.6
0ct0pu5:v18.09.6-rc1
0ct0pu5:v19.03.0-beta3
0ct0pu5:v19.03.0-beta2
0ct0pu5:v19.03.0-beta1
0ct0pu5:v18.09.5
0ct0pu5:v18.09.5-rc1
0ct0pu5:v18.09.4
0ct0pu5:v18.09.4-rc1
0ct0pu5:v18.09.3
0ct0pu5:v18.09.3-rc1
0ct0pu5:v18.06.3-ce
0ct0pu5:v18.06.2-ce
0ct0pu5:v18.09.2
0ct0pu5:v18.09.1
0ct0pu5:v18.09.1-rc1
0ct0pu5:v18.09.1-beta2
0ct0pu5:v18.09.1-beta1
0ct0pu5:v18.09.0
0ct0pu5:v18.09.0-rc1
0ct0pu5:v18.09.0-beta5
0ct0pu5:v18.09.0-beta3
0ct0pu5:v18.09.0-ce-beta1
0ct0pu5:v18.09.0-ce-tp6
0ct0pu5:v18.09.0-ce-tp5
0ct0pu5:v18.09.0-ce-tp4
0ct0pu5:v18.09.0-ce-tp3
0ct0pu5:v18.09.0-ce-tp0
0ct0pu5:v18.06.1-ce
0ct0pu5:v18.06.1-ce-rc2
0ct0pu5:v18.06.1-ce-rc1
0ct0pu5:v18.06.0-ce
0ct0pu5:v18.06.0-ce-rc3
0ct0pu5:v18.06.0-ce-rc2
0ct0pu5:v18.06.0-ce-rc1
0ct0pu5:v18.03.1-ce
0ct0pu5:v18.05.0-ce-rc1
0ct0pu5:v18.05.0-ce
0ct0pu5:v18.03.1-ce-rc1
0ct0pu5:v18.04.0-ce-rc2
0ct0pu5:v18.04.0-ce
0ct0pu5:v18.03.1-ce-rc2
0ct0pu5:v18.04.0-ce-rc1
0ct0pu5:v18.03.0-ce-rc4
0ct0pu5:v18.03.0-ce
0ct0pu5:v18.03.0-ce-rc3
0ct0pu5:v18.03.0-ce-rc2
0ct0pu5:v17.12.1-ce-rc2
0ct0pu5:v17.12.1-ce
0ct0pu5:v18.02.0-ce-rc2
0ct0pu5:v18.02.0-ce
0ct0pu5:v17.12.1-ce-rc1
0ct0pu5:v17.12.0-ce-rc4
0ct0pu5:v17.12.0-ce
0ct0pu5:v17.12.0-ce-rc3
0ct0pu5:v18.01.0-ce-rc1
0ct0pu5:v18.01.0-ce
0ct0pu5:v17.09.1-ce
0ct0pu5:v17.12.0-ce-rc2
0ct0pu5:v17.12.0-ce-rc1
0ct0pu5:v17.11.0-ce
0ct0pu5:v17.11.0-ce-rc4
0ct0pu5:v17.09.1-ce-rc1
0ct0pu5:v17.11.0-ce-rc3
0ct0pu5:v17.11.0-ce-rc2
0ct0pu5:v17.11.0-ce-rc1
0ct0pu5:v18.03.0-ce-rc1
0ct0pu5:v18.02.0-ce-rc1
0ct0pu5:v17.10.0-ce
0ct0pu5:v17.10.0-ce-rc2
0ct0pu5:v17.10.0-ce-rc1
0ct0pu5:v17.09.0-ce
0ct0pu5:v17.09.0-ce-rc3
0ct0pu5:v17.09.0-ce-rc2
0ct0pu5:v17.09.0-ce-rc1
0ct0pu5:v17.06.2-ce
0ct0pu5:v17.07.0-ce
0ct0pu5:v17.06.2-ce-rc1
0ct0pu5:v17.07.0-ce-rc4
0ct0pu5:v17.06.1-ce
0ct0pu5:v17.07.0-ce-rc3
0ct0pu5:v17.06.1-ce-rc4
0ct0pu5:v17.07.0-ce-rc2
0ct0pu5:v17.06.1-ce-rc3
0ct0pu5:v17.06.1-ce-rc2
0ct0pu5:v17.07.0-ce-rc1
0ct0pu5:v17.06.1-ce-rc1
0ct0pu5:v17.03.2-ce
0ct0pu5:v17.06.0-ce
0ct0pu5:v17.06.0-ce-rc5
0ct0pu5:v17.06.0-ce-rc4
0ct0pu5:v17.06.0-ce-rc3
0ct0pu5:v17.06.0-ce-rc2
0ct0pu5:v17.03.2-ce-rc1
0ct0pu5:v17.06.0-ce-rc1
0ct0pu5:v17.05.0-ce
0ct0pu5:v17.05.0-ce-rc3
0ct0pu5:v17.05.0-ce-rc2
0ct0pu5:v17.05.0-ce-rc1
0ct0pu5:v17.04.0-ce
0ct0pu5:v17.04.0-ce-rc2
0ct0pu5:v17.03.1-ce
0ct0pu5:v17.04.0-ce-rc1
0ct0pu5:v17.03.1-ce-rc1
0ct0pu5:v17.03.0-ce
0ct0pu5:v17.03.0-ce-rc1
0ct0pu5:v1.13.1
0ct0pu5:v1.13.1-rc2
0ct0pu5:v1.13.1-rc1
0ct0pu5:v1.13.0
0ct0pu5:v1.13.0-rc7
0ct0pu5:v1.13.0-rc6
0ct0pu5:v1.12.6
0ct0pu5:v1.13.0-rc5
0ct0pu5:v1.13.0-rc4
0ct0pu5:v1.12.5
0ct0pu5:v1.12.5-rc1
0ct0pu5:v1.12.4
0ct0pu5:v1.12.4-rc1
0ct0pu5:v1.13.0-rc3
0ct0pu5:v1.13.0-rc2
0ct0pu5:v1.13.0-rc1
0ct0pu5:v1.12.3
0ct0pu5:v1.12.3-rc1
0ct0pu5:v1.12.2
0ct0pu5:v1.12.2-rc3
0ct0pu5:v1.12.2-rc2
0ct0pu5:v1.12.2-rc1
0ct0pu5:v1.12.1
0ct0pu5:v1.12.1-rc2
0ct0pu5:v1.12.1-rc1
0ct0pu5:docs-v1.12.1-2016-08-12
0ct0pu5:docs-v1.12.0-2016-08-09
0ct0pu5:docs-v1.12.0-2016-08-03.1
0ct0pu5:docs-v1.12.0-2016-08-03
0ct0pu5:docs-v1.12.0-2016-07-29
0ct0pu5:docs-v1.12.0-2016-07-28
0ct0pu5:v1.12.0
0ct0pu5:v1.12.0-rc5
0ct0pu5:docs-v1.12.0-rc4-2016-07-15
0ct0pu5:v1.12.0-rc4
0ct0pu5:v1.12.0-rc3
0ct0pu5:v1.12.0-rc2
0ct0pu5:v1.12.0-rc1
0ct0pu5:docs-v1.11.2-2016-06-10
0ct0pu5:v1.11.2
0ct0pu5:v1.11.2-rc1
0ct0pu5:xdocs-v1.10-09-05-2016
0ct0pu5:v1.11.1
0ct0pu5:v1.11.1-rc1
0ct0pu5:v1.11.0
0ct0pu5:v1.11.0-rc5
0ct0pu5:v1.11.0-rc4
0ct0pu5:v1.11.0-rc3
0ct0pu5:xdocs-v1.10-28-mar-2016
0ct0pu5:v1.11.0-rc2
0ct0pu5:v1.11.0-rc1
0ct0pu5:v1.10.3
0ct0pu5:v1.10.3-rc2
0ct0pu5:v1.10.3-rc1
0ct0pu5:v1.10.2
0ct0pu5:v1.10.2-rc1
0ct0pu5:v1.10.1
0ct0pu5:v1.10.1-rc1
0ct0pu5:v1.10.0
0ct0pu5:v1.10.0-rc4
0ct0pu5:v1.10.0-rc3
0ct0pu5:v1.10.0-rc2
0ct0pu5:v1.10.0-rc1
0ct0pu5:v1.9.1
0ct0pu5:v1.9.1-rc1
0ct0pu5:v1.9.0
0ct0pu5:v1.9.0-rc5
0ct0pu5:v1.9.0-rc4
0ct0pu5:v1.9.0-rc3
0ct0pu5:v1.9.0-rc2
0ct0pu5:v1.9.0-rc1
0ct0pu5:v1.8.3
0ct0pu5:v1.8.2
0ct0pu5:v1.8.2-rc1
0ct0pu5:v1.8.1
0ct0pu5:v1.8.0
0ct0pu5:v1.8.0-rc3
0ct0pu5:v1.8.0-rc2
0ct0pu5:v1.8.0-rc1
0ct0pu5:v1.7.1
0ct0pu5:v1.7.1-rc3
0ct0pu5:v1.7.1-rc2
0ct0pu5:v1.7.1-rc1
0ct0pu5:v1.7.0
0ct0pu5:v1.7.0-rc5
0ct0pu5:v1.7.0-rc4
0ct0pu5:v1.7.0-rc3
0ct0pu5:v1.7.0-rc2
0ct0pu5:v1.7.0-rc1
0ct0pu5:v1.6.2
0ct0pu5:v1.6.1
0ct0pu5:v1.6.0
0ct0pu5:v1.6.0-rc7
0ct0pu5:v1.6.0-rc6
0ct0pu5:v1.6.0-rc5
0ct0pu5:v1.6.0-rc4
0ct0pu5:v1.6.0-rc3
0ct0pu5:v1.6.0-rc2
0ct0pu5:v1.6.0-rc1
0ct0pu5:v1.5.0
0ct0pu5:v1.5.0-rc4
0ct0pu5:v1.5.0-rc3
0ct0pu5:v1.5.0-rc2
0ct0pu5:v1.5.0-rc1
0ct0pu5:v1.4.1
0ct0pu5:v1.4.0
0ct0pu5:v1.3.3
0ct0pu5:v1.3.2
0ct0pu5:v1.3.1
0ct0pu5:v1.3.0
0ct0pu5:v1.2.0
0ct0pu5:v1.1.2
0ct0pu5:v1.1.1
0ct0pu5:v1.1.0
0ct0pu5:v1.0.1
0ct0pu5:v1.0.0
0ct0pu5:v0.12.0
0ct0pu5:v0.11.1
0ct0pu5:v0.11.0
0ct0pu5:v0.10.0
0ct0pu5:v0.9.1
0ct0pu5:v0.9.0
0ct0pu5:v0.8.1
0ct0pu5:v0.8.0
0ct0pu5:v0.7.6
0ct0pu5:v0.7.5
0ct0pu5:v0.7.4
0ct0pu5:v0.7.3
0ct0pu5:v0.7.2
0ct0pu5:v0.7.1
0ct0pu5:v0.7.0
0ct0pu5:v0.7.0-rc1
0ct0pu5:v0.7.0-rc2
0ct0pu5:v0.7.0-rc3
0ct0pu5:v0.7.0-rc4
0ct0pu5:v0.7.0-rc5
0ct0pu5:v0.7.0-rc6
0ct0pu5:v0.7.0-rc7
0ct0pu5:v0.6.7
0ct0pu5:v0.6.6
0ct0pu5:v0.6.5
0ct0pu5:v0.6.4
0ct0pu5:v0.6.3
0ct0pu5:v0.6.2
0ct0pu5:v0.6.1
0ct0pu5:v0.6.0
0ct0pu5:v0.5.3
0ct0pu5:v0.5.2
0ct0pu5:v0.5.1
0ct0pu5:v0.5.0
0ct0pu5:v0.4.8
0ct0pu5:v0.4.7
0ct0pu5:v0.4.6
0ct0pu5:v0.4.5
0ct0pu5:v0.4.4
0ct0pu5:v0.4.3
0ct0pu5:v0.4.2
0ct0pu5:v0.4.1
0ct0pu5:v0.4.0
0ct0pu5:v0.3.4
0ct0pu5:v0.3.3
0ct0pu5:v0.3.2
0ct0pu5:v0.3.1
0ct0pu5:v0.3.0
0ct0pu5:v0.2.2
0ct0pu5:v0.2.1
0ct0pu5:builder/2
0ct0pu5:autorun/1
0ct0pu5:builder/1
0ct0pu5:v0.2.0
0ct0pu5:v0.1.8
0ct0pu5:v0.1.7
0ct0pu5:v0.1.6
0ct0pu5:v0.1.5
0ct0pu5:v0.1.4
0ct0pu5:v0.1.3
0ct0pu5:v0.1.2
0ct0pu5:v0.1.1
0ct0pu5:v0.1.0
0ct0pu5:upstream/0.1.4
0ct0pu5:upstream/0.1.3
0ct0pu5:0.0.3
0ct0pu5:upstream/0.1.2
0ct0pu5:debian/0.1.1-1
0ct0pu5:upstream/0.1.1
..
compare: 0ct0pu5:v26.0.0
Branches Tags
0ct0pu5:master
0ct0pu5:26.0
0ct0pu5:24.0
0ct0pu5:23.0
0ct0pu5:25.0
0ct0pu5:20.10
0ct0pu5:22.06
0ct0pu5:19.03
0ct0pu5:17.03.x
0ct0pu5:17.04.x
0ct0pu5:17.05.x
0ct0pu5:1.13.x
0ct0pu5:docs
0ct0pu5:1.12.x
0ct0pu5:v26.0.2
0ct0pu5:v26.0.1
0ct0pu5:v23.0.10
0ct0pu5:v26.0.0
0ct0pu5:v26.0.0-rc3
0ct0pu5:v25.0.5
0ct0pu5:v26.0.0-rc2
0ct0pu5:v25.0.4
0ct0pu5:v26.0.0-rc1
0ct0pu5:v25.0.3
0ct0pu5:v24.0.9
0ct0pu5:v25.0.2
0ct0pu5:v23.0.9
0ct0pu5:v24.0.8
0ct0pu5:v25.0.1
0ct0pu5:v25.0.0
0ct0pu5:v25.0.0-rc.3
0ct0pu5:v25.0.0-rc.2
0ct0pu5:v25.0.0-rc.1
0ct0pu5:v25.0.0-beta.3
0ct0pu5:v25.0.0-beta.2
0ct0pu5:v20.10.27
0ct0pu5:v23.0.8
0ct0pu5:v25.0.0-beta.1
0ct0pu5:v24.0.7
0ct0pu5:v23.0.7
0ct0pu5:v20.10.26
0ct0pu5:v24.0.6
0ct0pu5:v24.0.5
0ct0pu5:v24.0.4
0ct0pu5:v24.0.3
0ct0pu5:v24.0.2
0ct0pu5:v24.0.1
0ct0pu5:v24.0.0
0ct0pu5:v20.10.25
0ct0pu5:v24.0.0-rc.4
0ct0pu5:v24.0.0-rc.3
0ct0pu5:v23.0.6
0ct0pu5:v24.0.0-rc.2
0ct0pu5:v24.0.0-rc.1
0ct0pu5:v23.0.5
0ct0pu5:v23.0.4
0ct0pu5:v24.0.0-beta.2
0ct0pu5:v23.0.3
0ct0pu5:v20.10.24
0ct0pu5:v24.0.0-beta.1
0ct0pu5:v23.0.2
0ct0pu5:v23.0.1
0ct0pu5:v23.0.0
0ct0pu5:v23.0.0-rc.4
0ct0pu5:v23.0.0-rc.3
0ct0pu5:v20.10.23
0ct0pu5:v23.0.0-rc.2
0ct0pu5:v23.0.0-rc.1
0ct0pu5:v20.10.22
0ct0pu5:v23.0.0-beta.1
0ct0pu5:v20.10.21
0ct0pu5:v20.10.20
0ct0pu5:v20.10.19
0ct0pu5:v20.10.18
0ct0pu5:v20.10.17
0ct0pu5:v22.06.0-beta.0
0ct0pu5:v20.10.16
0ct0pu5:v20.10.15
0ct0pu5:v20.10.14
0ct0pu5:v20.10.13
0ct0pu5:v20.10.12
0ct0pu5:v20.10.11
0ct0pu5:v20.10.10
0ct0pu5:v20.10.10-rc1
0ct0pu5:v20.10.9
0ct0pu5:v20.10.8
0ct0pu5:v20.10.7
0ct0pu5:v20.10.6
0ct0pu5:v20.10.5
0ct0pu5:v20.10.4
0ct0pu5:v19.03.15
0ct0pu5:v20.10.3
0ct0pu5:v20.10.2
0ct0pu5:v20.10.1
0ct0pu5:v20.10.0
0ct0pu5:v20.10.0-rc2
0ct0pu5:v19.03.14
0ct0pu5:v20.10.0-rc1
0ct0pu5:v20.10.0-beta1
0ct0pu5:v19.03.13
0ct0pu5:v19.03.13-beta2
0ct0pu5:v19.03.13-beta1
0ct0pu5:v19.03.12
0ct0pu5:v19.03.11
0ct0pu5:v19.03.10
0ct0pu5:v19.03.9
0ct0pu5:v19.03.8
0ct0pu5:v19.03.7
0ct0pu5:v19.03.6
0ct0pu5:v19.03.6-rc2
0ct0pu5:v19.03.6-rc1
0ct0pu5:v19.03.5
0ct0pu5:v19.03.5-rc1
0ct0pu5:v19.03.5-beta2
0ct0pu5:v19.03.5-beta1
0ct0pu5:v19.03.4
0ct0pu5:v19.03.4-rc1
0ct0pu5:v19.03.3
0ct0pu5:v19.03.3-rc1
0ct0pu5:v19.03.3-beta2
0ct0pu5:v19.03.3-beta1
0ct0pu5:v18.09.9
0ct0pu5:v19.03.2
0ct0pu5:v19.03.2-rc1
0ct0pu5:v18.09.9-rc1
0ct0pu5:v19.03.2-beta1
0ct0pu5:v19.03.1
0ct0pu5:v19.03.0
0ct0pu5:v18.09.8
0ct0pu5:v18.09.7
0ct0pu5:v18.09.7-rc1
0ct0pu5:v19.03.0-rc3
0ct0pu5:v19.03.0-rc2
0ct0pu5:v19.03.0-beta5
0ct0pu5:v19.03.0-beta4
0ct0pu5:v18.09.6
0ct0pu5:v18.09.6-rc1
0ct0pu5:v19.03.0-beta3
0ct0pu5:v19.03.0-beta2
0ct0pu5:v19.03.0-beta1
0ct0pu5:v18.09.5
0ct0pu5:v18.09.5-rc1
0ct0pu5:v18.09.4
0ct0pu5:v18.09.4-rc1
0ct0pu5:v18.09.3
0ct0pu5:v18.09.3-rc1
0ct0pu5:v18.06.3-ce
0ct0pu5:v18.06.2-ce
0ct0pu5:v18.09.2
0ct0pu5:v18.09.1
0ct0pu5:v18.09.1-rc1
0ct0pu5:v18.09.1-beta2
0ct0pu5:v18.09.1-beta1
0ct0pu5:v18.09.0
0ct0pu5:v18.09.0-rc1
0ct0pu5:v18.09.0-beta5
0ct0pu5:v18.09.0-beta3
0ct0pu5:v18.09.0-ce-beta1
0ct0pu5:v18.09.0-ce-tp6
0ct0pu5:v18.09.0-ce-tp5
0ct0pu5:v18.09.0-ce-tp4
0ct0pu5:v18.09.0-ce-tp3
0ct0pu5:v18.09.0-ce-tp0
0ct0pu5:v18.06.1-ce
0ct0pu5:v18.06.1-ce-rc2
0ct0pu5:v18.06.1-ce-rc1
0ct0pu5:v18.06.0-ce
0ct0pu5:v18.06.0-ce-rc3
0ct0pu5:v18.06.0-ce-rc2
0ct0pu5:v18.06.0-ce-rc1
0ct0pu5:v18.03.1-ce
0ct0pu5:v18.05.0-ce-rc1
0ct0pu5:v18.05.0-ce
0ct0pu5:v18.03.1-ce-rc1
0ct0pu5:v18.04.0-ce-rc2
0ct0pu5:v18.04.0-ce
0ct0pu5:v18.03.1-ce-rc2
0ct0pu5:v18.04.0-ce-rc1
0ct0pu5:v18.03.0-ce-rc4
0ct0pu5:v18.03.0-ce
0ct0pu5:v18.03.0-ce-rc3
0ct0pu5:v18.03.0-ce-rc2
0ct0pu5:v17.12.1-ce-rc2
0ct0pu5:v17.12.1-ce
0ct0pu5:v18.02.0-ce-rc2
0ct0pu5:v18.02.0-ce
0ct0pu5:v17.12.1-ce-rc1
0ct0pu5:v17.12.0-ce-rc4
0ct0pu5:v17.12.0-ce
0ct0pu5:v17.12.0-ce-rc3
0ct0pu5:v18.01.0-ce-rc1
0ct0pu5:v18.01.0-ce
0ct0pu5:v17.09.1-ce
0ct0pu5:v17.12.0-ce-rc2
0ct0pu5:v17.12.0-ce-rc1
0ct0pu5:v17.11.0-ce
0ct0pu5:v17.11.0-ce-rc4
0ct0pu5:v17.09.1-ce-rc1
0ct0pu5:v17.11.0-ce-rc3
0ct0pu5:v17.11.0-ce-rc2
0ct0pu5:v17.11.0-ce-rc1
0ct0pu5:v18.03.0-ce-rc1
0ct0pu5:v18.02.0-ce-rc1
0ct0pu5:v17.10.0-ce
0ct0pu5:v17.10.0-ce-rc2
0ct0pu5:v17.10.0-ce-rc1
0ct0pu5:v17.09.0-ce
0ct0pu5:v17.09.0-ce-rc3
0ct0pu5:v17.09.0-ce-rc2
0ct0pu5:v17.09.0-ce-rc1
0ct0pu5:v17.06.2-ce
0ct0pu5:v17.07.0-ce
0ct0pu5:v17.06.2-ce-rc1
0ct0pu5:v17.07.0-ce-rc4
0ct0pu5:v17.06.1-ce
0ct0pu5:v17.07.0-ce-rc3
0ct0pu5:v17.06.1-ce-rc4
0ct0pu5:v17.07.0-ce-rc2
0ct0pu5:v17.06.1-ce-rc3
0ct0pu5:v17.06.1-ce-rc2
0ct0pu5:v17.07.0-ce-rc1
0ct0pu5:v17.06.1-ce-rc1
0ct0pu5:v17.03.2-ce
0ct0pu5:v17.06.0-ce
0ct0pu5:v17.06.0-ce-rc5
0ct0pu5:v17.06.0-ce-rc4
0ct0pu5:v17.06.0-ce-rc3
0ct0pu5:v17.06.0-ce-rc2
0ct0pu5:v17.03.2-ce-rc1
0ct0pu5:v17.06.0-ce-rc1
0ct0pu5:v17.05.0-ce
0ct0pu5:v17.05.0-ce-rc3
0ct0pu5:v17.05.0-ce-rc2
0ct0pu5:v17.05.0-ce-rc1
0ct0pu5:v17.04.0-ce
0ct0pu5:v17.04.0-ce-rc2
0ct0pu5:v17.03.1-ce
0ct0pu5:v17.04.0-ce-rc1
0ct0pu5:v17.03.1-ce-rc1
0ct0pu5:v17.03.0-ce
0ct0pu5:v17.03.0-ce-rc1
0ct0pu5:v1.13.1
0ct0pu5:v1.13.1-rc2
0ct0pu5:v1.13.1-rc1
0ct0pu5:v1.13.0
0ct0pu5:v1.13.0-rc7
0ct0pu5:v1.13.0-rc6
0ct0pu5:v1.12.6
0ct0pu5:v1.13.0-rc5
0ct0pu5:v1.13.0-rc4
0ct0pu5:v1.12.5
0ct0pu5:v1.12.5-rc1
0ct0pu5:v1.12.4
0ct0pu5:v1.12.4-rc1
0ct0pu5:v1.13.0-rc3
0ct0pu5:v1.13.0-rc2
0ct0pu5:v1.13.0-rc1
0ct0pu5:v1.12.3
0ct0pu5:v1.12.3-rc1
0ct0pu5:v1.12.2
0ct0pu5:v1.12.2-rc3
0ct0pu5:v1.12.2-rc2
0ct0pu5:v1.12.2-rc1
0ct0pu5:v1.12.1
0ct0pu5:v1.12.1-rc2
0ct0pu5:v1.12.1-rc1
0ct0pu5:docs-v1.12.1-2016-08-12
0ct0pu5:docs-v1.12.0-2016-08-09
0ct0pu5:docs-v1.12.0-2016-08-03.1
0ct0pu5:docs-v1.12.0-2016-08-03
0ct0pu5:docs-v1.12.0-2016-07-29
0ct0pu5:docs-v1.12.0-2016-07-28
0ct0pu5:v1.12.0
0ct0pu5:v1.12.0-rc5
0ct0pu5:docs-v1.12.0-rc4-2016-07-15
0ct0pu5:v1.12.0-rc4
0ct0pu5:v1.12.0-rc3
0ct0pu5:v1.12.0-rc2
0ct0pu5:v1.12.0-rc1
0ct0pu5:docs-v1.11.2-2016-06-10
0ct0pu5:v1.11.2
0ct0pu5:v1.11.2-rc1
0ct0pu5:xdocs-v1.10-09-05-2016
0ct0pu5:v1.11.1
0ct0pu5:v1.11.1-rc1
0ct0pu5:v1.11.0
0ct0pu5:v1.11.0-rc5
0ct0pu5:v1.11.0-rc4
0ct0pu5:v1.11.0-rc3
0ct0pu5:xdocs-v1.10-28-mar-2016
0ct0pu5:v1.11.0-rc2
0ct0pu5:v1.11.0-rc1
0ct0pu5:v1.10.3
0ct0pu5:v1.10.3-rc2
0ct0pu5:v1.10.3-rc1
0ct0pu5:v1.10.2
0ct0pu5:v1.10.2-rc1
0ct0pu5:v1.10.1
0ct0pu5:v1.10.1-rc1
0ct0pu5:v1.10.0
0ct0pu5:v1.10.0-rc4
0ct0pu5:v1.10.0-rc3
0ct0pu5:v1.10.0-rc2
0ct0pu5:v1.10.0-rc1
0ct0pu5:v1.9.1
0ct0pu5:v1.9.1-rc1
0ct0pu5:v1.9.0
0ct0pu5:v1.9.0-rc5
0ct0pu5:v1.9.0-rc4
0ct0pu5:v1.9.0-rc3
0ct0pu5:v1.9.0-rc2
0ct0pu5:v1.9.0-rc1
0ct0pu5:v1.8.3
0ct0pu5:v1.8.2
0ct0pu5:v1.8.2-rc1
0ct0pu5:v1.8.1
0ct0pu5:v1.8.0
0ct0pu5:v1.8.0-rc3
0ct0pu5:v1.8.0-rc2
0ct0pu5:v1.8.0-rc1
0ct0pu5:v1.7.1
0ct0pu5:v1.7.1-rc3
0ct0pu5:v1.7.1-rc2
0ct0pu5:v1.7.1-rc1
0ct0pu5:v1.7.0
0ct0pu5:v1.7.0-rc5
0ct0pu5:v1.7.0-rc4
0ct0pu5:v1.7.0-rc3
0ct0pu5:v1.7.0-rc2
0ct0pu5:v1.7.0-rc1
0ct0pu5:v1.6.2
0ct0pu5:v1.6.1
0ct0pu5:v1.6.0
0ct0pu5:v1.6.0-rc7
0ct0pu5:v1.6.0-rc6
0ct0pu5:v1.6.0-rc5
0ct0pu5:v1.6.0-rc4
0ct0pu5:v1.6.0-rc3
0ct0pu5:v1.6.0-rc2
0ct0pu5:v1.6.0-rc1
0ct0pu5:v1.5.0
0ct0pu5:v1.5.0-rc4
0ct0pu5:v1.5.0-rc3
0ct0pu5:v1.5.0-rc2
0ct0pu5:v1.5.0-rc1
0ct0pu5:v1.4.1
0ct0pu5:v1.4.0
0ct0pu5:v1.3.3
0ct0pu5:v1.3.2
0ct0pu5:v1.3.1
0ct0pu5:v1.3.0
0ct0pu5:v1.2.0
0ct0pu5:v1.1.2
0ct0pu5:v1.1.1
0ct0pu5:v1.1.0
0ct0pu5:v1.0.1
0ct0pu5:v1.0.0
0ct0pu5:v0.12.0
0ct0pu5:v0.11.1
0ct0pu5:v0.11.0
0ct0pu5:v0.10.0
0ct0pu5:v0.9.1
0ct0pu5:v0.9.0
0ct0pu5:v0.8.1
0ct0pu5:v0.8.0
0ct0pu5:v0.7.6
0ct0pu5:v0.7.5
0ct0pu5:v0.7.4
0ct0pu5:v0.7.3
0ct0pu5:v0.7.2
0ct0pu5:v0.7.1
0ct0pu5:v0.7.0
0ct0pu5:v0.7.0-rc1
0ct0pu5:v0.7.0-rc2
0ct0pu5:v0.7.0-rc3
0ct0pu5:v0.7.0-rc4
0ct0pu5:v0.7.0-rc5
0ct0pu5:v0.7.0-rc6
0ct0pu5:v0.7.0-rc7
0ct0pu5:v0.6.7
0ct0pu5:v0.6.6
0ct0pu5:v0.6.5
0ct0pu5:v0.6.4
0ct0pu5:v0.6.3
0ct0pu5:v0.6.2
0ct0pu5:v0.6.1
0ct0pu5:v0.6.0
0ct0pu5:v0.5.3
0ct0pu5:v0.5.2
0ct0pu5:v0.5.1
0ct0pu5:v0.5.0
0ct0pu5:v0.4.8
0ct0pu5:v0.4.7
0ct0pu5:v0.4.6
0ct0pu5:v0.4.5
0ct0pu5:v0.4.4
0ct0pu5:v0.4.3
0ct0pu5:v0.4.2
0ct0pu5:v0.4.1
0ct0pu5:v0.4.0
0ct0pu5:v0.3.4
0ct0pu5:v0.3.3
0ct0pu5:v0.3.2
0ct0pu5:v0.3.1
0ct0pu5:v0.3.0
0ct0pu5:v0.2.2
0ct0pu5:v0.2.1
0ct0pu5:builder/2
0ct0pu5:autorun/1
0ct0pu5:builder/1
0ct0pu5:v0.2.0
0ct0pu5:v0.1.8
0ct0pu5:v0.1.7
0ct0pu5:v0.1.6
0ct0pu5:v0.1.5
0ct0pu5:v0.1.4
0ct0pu5:v0.1.3
0ct0pu5:v0.1.2
0ct0pu5:v0.1.1
0ct0pu5:v0.1.0
0ct0pu5:upstream/0.1.4
0ct0pu5:upstream/0.1.3
0ct0pu5:0.0.3
0ct0pu5:upstream/0.1.2
0ct0pu5:debian/0.1.1-1
0ct0pu5:upstream/0.1.1

No commits in common. "master" and "v26.0.0" have entirely different histories.
master ... v26.0.0

215 changed files with 1377 additions and 32844 deletions
Show stats Expand all files Collapse all files

6
.github/workflows/.test.yml vendored
View file

@ -12,7 +12,7 @@ on:
default: "graphdriver"
env:
GO_VERSION: "1.21.9"
GO_VERSION: "1.21.8"
GOTESTLIST_VERSION: v0.3.1
TESTSTAT_VERSION: v0.1.25
ITG_CLI_MATRIX_SIZE: 6
@ -70,7 +70,6 @@ jobs:
with:
name: test-reports-unit-${{ inputs.storage }}
path: /tmp/reports/*
retention-days: 1
unit-report:
runs-on: ubuntu-20.04
@ -151,7 +150,6 @@ jobs:
with:
name: test-reports-docker-py-${{ inputs.storage }}
path: /tmp/reports/*
retention-days: 1
integration-flaky:
runs-on: ubuntu-20.04
@ -273,7 +271,6 @@ jobs:
with:
name: test-reports-integration-${{ inputs.storage }}-${{ env.TESTREPORTS_NAME }}
path: /tmp/reports/*
retention-days: 1
integration-report:
runs-on: ubuntu-20.04
@ -413,7 +410,6 @@ jobs:
with:
name: test-reports-integration-cli-${{ inputs.storage }}-${{ env.TESTREPORTS_NAME }}
path: /tmp/reports/*
retention-days: 1
integration-cli-report:
runs-on: ubuntu-20.04

4
.github/workflows/.windows.yml vendored
View file

@ -19,7 +19,7 @@ on:
default: false
env:
GO_VERSION: "1.21.9"
GO_VERSION: "1.21.8"
GOTESTLIST_VERSION: v0.3.1
TESTSTAT_VERSION: v0.1.25
WINDOWS_BASE_IMAGE: mcr.microsoft.com/windows/servercore
@ -190,7 +190,6 @@ jobs:
with:
name: ${{ inputs.os }}-${{ inputs.storage }}-unit-reports
path: ${{ env.GOPATH }}\src\github.com\docker\docker\bundles\*
retention-days: 1
unit-test-report:
runs-on: ubuntu-latest
@ -509,7 +508,6 @@ jobs:
with:
name: ${{ inputs.os }}-${{ inputs.storage }}-integration-reports-${{ matrix.runtime }}-${{ env.TESTREPORTS_NAME }}
path: ${{ env.GOPATH }}\src\github.com\docker\docker\bundles\*
retention-days: 1
integration-test-report:
runs-on: ubuntu-latest

2
.github/workflows/buildkit.yml vendored
View file

@ -13,7 +13,7 @@ on:
pull_request:
env:
GO_VERSION: "1.21.9"
GO_VERSION: "1.21.8"
DESTDIR: ./build
jobs:

16
.github/workflows/ci.yml vendored
View file

@ -51,6 +51,14 @@ jobs:
name: Check artifacts
run: |
find ${{ env.DESTDIR }} -type f -exec file -e ascii -- {} +
-
name: Upload artifacts
uses: actions/upload-artifact@v4
with:
name: ${{ matrix.target }}
path: ${{ env.DESTDIR }}
if-no-files-found: error
retention-days: 7
prepare-cross:
runs-on: ubuntu-latest
@ -111,3 +119,11 @@ jobs:
name: Check artifacts
run: |
find ${{ env.DESTDIR }} -type f -exec file -e ascii -- {} +
-
name: Upload artifacts
uses: actions/upload-artifact@v4
with:
name: cross-${{ env.PLATFORM_PAIR }}
path: ${{ env.DESTDIR }}
if-no-files-found: error
retention-days: 7

2
.github/workflows/test.yml vendored
View file

@ -13,7 +13,7 @@ on:
pull_request:
env:
GO_VERSION: "1.21.9"
GO_VERSION: "1.21.8"
GIT_PAGER: "cat"
PAGER: "cat"

22
.github/workflows/validate-pr.yml vendored
View file

@ -11,7 +11,7 @@ jobs:
- name: Missing `area/` label
if: contains(join(github.event.pull_request.labels.*.name, ','), 'impact/') && !contains(join(github.event.pull_request.labels.*.name, ','), 'area/')
run: |
echo "::error::Every PR with an 'impact/*' label should also have an 'area/*' label"
echo "Every PR with an \`impact/*\` label should also have an \`area/*\` label"
exit 1
- name: OK
run: exit 0
@ -32,31 +32,15 @@ jobs:
desc=$(echo "$block" | awk NF)
if [ -z "$desc" ]; then
echo "::error::Changelog section is empty. Please provide a description for the changelog."
echo "Changelog section is empty. Please provide a description for the changelog."
exit 1
fi
len=$(echo -n "$desc" | wc -c)
if [[ $len -le 6 ]]; then
echo "::error::Description looks too short: $desc"
echo "Description looks too short: $desc"
exit 1
fi
echo "This PR will be included in the release notes with the following note:"
echo "$desc"
check-pr-branch:
runs-on: ubuntu-20.04
env:
PR_TITLE: ${{ github.event.pull_request.title }}
steps:
# Backports or PR that target a release branch directly should mention the target branch in the title, for example:
# [X.Y backport] Some change that needs backporting to X.Y
# [X.Y] Change directly targeting the X.Y branch
- name: Get branch from PR title
id: title_branch
run: echo "$PR_TITLE" | sed -n 's/^\[\([0-9]*\.[0-9]*\)[^]]*\].*/branch=\1/p' >> $GITHUB_OUTPUT
- name: Check release branch
if: github.event.pull_request.base.ref != steps.title_branch.outputs.branch && !(github.event.pull_request.base.ref == 'master' && steps.title_branch.outputs.branch == '')
run: echo "::error::PR title suggests targetting the ${{ steps.title_branch.outputs.branch }} branch, but is opened against ${{ github.event.pull_request.base.ref }}" && exit 1

6
.golangci.yml
View file

@ -51,12 +51,6 @@ linters-settings:
deny:
- pkg: io/ioutil
desc: The io/ioutil package has been deprecated, see https://go.dev/doc/go1.16#ioutil
- pkg: "github.com/stretchr/testify/assert"
desc: Use "gotest.tools/v3/assert" instead
- pkg: "github.com/stretchr/testify/require"
desc: Use "gotest.tools/v3/assert" instead
- pkg: "github.com/stretchr/testify/suite"
desc: Do not use
revive:
rules:
# FIXME make sure all packages have a description. Currently, there's many packages without.

6
.mailmap
View file

@ -173,8 +173,6 @@ Dattatraya Kumbhar <dattatraya.kumbhar@gslab.com>
Dave Goodchild <buddhamagnet@gmail.com>
Dave Henderson <dhenderson@gmail.com> <Dave.Henderson@ca.ibm.com>
Dave Tucker <dt@docker.com> <dave@dtucker.co.uk>
David Dooling <dooling@gmail.com>
David Dooling <dooling@gmail.com> <david.dooling@docker.com>
David M. Karr <davidmichaelkarr@gmail.com>
David Sheets <dsheets@docker.com> <sheets@alum.mit.edu>
David Sissitka <me@dsissitka.com>
@ -221,8 +219,6 @@ Felix Hupfeld <felix@quobyte.com> <quofelix@users.noreply.github.com>
Felix Ruess <felix.ruess@gmail.com> <felix.ruess@roboception.de>
Feng Yan <fy2462@gmail.com>
Fengtu Wang <wangfengtu@huawei.com> <wangfengtu@huawei.com>
Filipe Pina <hzlu1ot0@duck.com>
Filipe Pina <hzlu1ot0@duck.com> <636320+fopina@users.noreply.github.com>
Francisco Carriedo <fcarriedo@gmail.com>
Frank Rosquin <frank.rosquin+github@gmail.com> <frank.rosquin@gmail.com>
Frank Yang <yyb196@gmail.com>
@ -274,7 +270,6 @@ Hollie Teal <hollie@docker.com> <hollie.teal@docker.com>
Hollie Teal <hollie@docker.com> <hollietealok@users.noreply.github.com>
hsinko <21551195@zju.edu.cn> <hsinko@users.noreply.github.com>
Hu Keping <hukeping@huawei.com>
Huajin Tong <fliterdashen@gmail.com>
Hui Kang <hkang.sunysb@gmail.com>
Hui Kang <hkang.sunysb@gmail.com> <kangh@us.ibm.com>
Huu Nguyen <huu@prismskylabs.com> <whoshuu@gmail.com>
@ -568,7 +563,6 @@ Sebastiaan van Stijn <github@gone.nl> <sebastiaan@ws-key-sebas3.dpi1.dpi>
Sebastiaan van Stijn <github@gone.nl> <thaJeztah@users.noreply.github.com>
Sebastian Thomschke <sebthom@users.noreply.github.com>
Seongyeol Lim <seongyeol37@gmail.com>
Serhii Nakon <serhii.n@thescimus.com>
Shaun Kaasten <shaunk@gmail.com>
Shawn Landden <shawn@churchofgit.com> <shawnlandden@gmail.com>
Shengbo Song <thomassong@tencent.com>

9
AUTHORS
View file

@ -669,7 +669,6 @@ Erik Hollensbe <github@hollensbe.org>
Erik Inge Bolsø <knan@redpill-linpro.com>
Erik Kristensen <erik@erikkristensen.com>
Erik Sipsma <erik@sipsma.dev>
Erik Sjölund <erik.sjolund@gmail.com>
Erik St. Martin <alakriti@gmail.com>
Erik Weathers <erikdw@gmail.com>
Erno Hopearuoho <erno.hopearuoho@gmail.com>
@ -732,7 +731,6 @@ Feroz Salam <feroz.salam@sourcegraph.com>
Ferran Rodenas <frodenas@gmail.com>
Filipe Brandenburger <filbranden@google.com>
Filipe Oliveira <contato@fmoliveira.com.br>
Filipe Pina <hzlu1ot0@duck.com>
Flavio Castelli <fcastelli@suse.com>
Flavio Crisciani <flavio.crisciani@docker.com>
Florian <FWirtz@users.noreply.github.com>
@ -877,8 +875,6 @@ Hsing-Yu (David) Chen <davidhsingyuchen@gmail.com>
hsinko <21551195@zju.edu.cn>
Hu Keping <hukeping@huawei.com>
Hu Tao <hutao@cn.fujitsu.com>
Huajin Tong <fliterdashen@gmail.com>
huang-jl <1046678590@qq.com>
HuanHuan Ye <logindaveye@gmail.com>
Huanzhong Zhang <zhanghuanzhong90@gmail.com>
Huayi Zhang <irachex@gmail.com>
@ -973,7 +969,6 @@ Jannick Fahlbusch <git@jf-projects.de>
Januar Wayong <januar@gmail.com>
Jared Biel <jared.biel@bolderthinking.com>
Jared Hocutt <jaredh@netapp.com>
Jaroslav Jindrak <dzejrou@gmail.com>
Jaroslaw Zabiello <hipertracker@gmail.com>
Jasmine Hegman <jasmine@jhegman.com>
Jason A. Donenfeld <Jason@zx2c4.com>
@ -1017,7 +1012,6 @@ Jeffrey Bolle <jeffreybolle@gmail.com>
Jeffrey Morgan <jmorganca@gmail.com>
Jeffrey van Gogh <jvg@google.com>
Jenny Gebske <jennifer@gebske.de>
Jeongseok Kang <piono623@naver.com>
Jeremy Chambers <jeremy@thehipbot.com>
Jeremy Grosser <jeremy@synack.me>
Jeremy Huntwork <jhuntwork@lightcubesolutions.com>
@ -1035,7 +1029,6 @@ Jezeniel Zapanta <jpzapanta22@gmail.com>
Jhon Honce <jhonce@redhat.com>
Ji.Zhilong <zhilongji@gmail.com>
Jian Liao <jliao@alauda.io>
Jian Zeng <anonymousknight96@gmail.com>
Jian Zhang <zhangjian.fnst@cn.fujitsu.com>
Jiang Jinyang <jjyruby@gmail.com>
Jianyong Wu <jianyong.wu@arm.com>
@ -1974,7 +1967,6 @@ Sergey Evstifeev <sergey.evstifeev@gmail.com>
Sergii Kabashniuk <skabashnyuk@codenvy.com>
Sergio Lopez <slp@redhat.com>
Serhat Gülçiçek <serhat25@gmail.com>
Serhii Nakon <serhii.n@thescimus.com>
SeungUkLee <lsy931106@gmail.com>
Sevki Hasirci <s@sevki.org>
Shane Canon <scanon@lbl.gov>
@ -2261,7 +2253,6 @@ VladimirAus <v_roudakov@yahoo.com>
Vladislav Kolesnikov <vkolesnikov@beget.ru>
Vlastimil Zeman <vlastimil.zeman@diffblue.com>
Vojtech Vitek (V-Teq) <vvitek@redhat.com>
voloder <110066198+voloder@users.noreply.github.com>
Walter Leibbrandt <github@wrl.co.za>
Walter Stanish <walter@pratyeka.org>
Wang Chao <chao.wang@ucloud.cn>

2
CONTRIBUTING.md
View file

@ -101,7 +101,7 @@ the contributors guide.
<td>
<p>
Register for the Docker Community Slack at
<a href="https://dockr.ly/comm-slack" target="_blank">https://dockr.ly/comm-slack</a>.
<a href="https://dockr.ly/slack" target="_blank">https://dockr.ly/slack</a>.
We use the #moby-project channel for general discussion, and there are separate channels for other Moby projects such as #containerd.
</p>
</td>

28
Dockerfile
View file

@ -1,6 +1,6 @@
# syntax=docker/dockerfile:1.7
# syntax=docker/dockerfile:1
ARG GO_VERSION=1.21.9
ARG GO_VERSION=1.21.8
ARG BASE_DEBIAN_DISTRO="bookworm"
ARG GOLANG_IMAGE="golang:${GO_VERSION}-${BASE_DEBIAN_DISTRO}"
ARG XX_VERSION=1.4.0
@ -8,7 +8,7 @@ ARG XX_VERSION=1.4.0
ARG VPNKIT_VERSION=0.5.0
ARG DOCKERCLI_REPOSITORY="https://github.com/docker/cli.git"
ARG DOCKERCLI_VERSION=v26.0.0
ARG DOCKERCLI_VERSION=v26.0.0-rc2
# cli version used for integration-cli tests
ARG DOCKERCLI_INTEGRATION_REPOSITORY="https://github.com/docker/cli.git"
ARG DOCKERCLI_INTEGRATION_VERSION=v17.06.2-ce
@ -24,12 +24,6 @@ ARG DOCKER_STATIC=1
# specified here should match a current release.
ARG REGISTRY_VERSION=2.8.3
# delve is currently only supported on linux/amd64 and linux/arm64;
# https://github.com/go-delve/delve/blob/v1.8.1/pkg/proc/native/support_sentinel.go#L1-L6
ARG DELVE_SUPPORTED=${TARGETPLATFORM#linux/amd64} DELVE_SUPPORTED=${DELVE_SUPPORTED#linux/arm64}
ARG DELVE_SUPPORTED=${DELVE_SUPPORTED:+"unsupported"}
ARG DELVE_SUPPORTED=${DELVE_SUPPORTED:-"supported"}
# cross compilation helper
FROM --platform=$BUILDPLATFORM tonistiigi/xx:${XX_VERSION} AS xx
@ -150,7 +144,7 @@ RUN git init . && git remote add origin "https://github.com/go-delve/delve.git"
ARG DELVE_VERSION=v1.21.1
RUN git fetch -q --depth 1 origin "${DELVE_VERSION}" +refs/tags/*:refs/tags/* && git checkout -q FETCH_HEAD
FROM base AS delve-supported
FROM base AS delve-build
WORKDIR /usr/src/delve
ARG TARGETPLATFORM
RUN --mount=from=delve-src,src=/usr/src/delve,rw \
@ -161,8 +155,16 @@ RUN --mount=from=delve-src,src=/usr/src/delve,rw \
xx-verify /build/dlv
EOT
FROM binary-dummy AS delve-unsupported
FROM delve-${DELVE_SUPPORTED} AS delve
# delve is currently only supported on linux/amd64 and linux/arm64;
# https://github.com/go-delve/delve/blob/v1.8.1/pkg/proc/native/support_sentinel.go#L1-L6
FROM binary-dummy AS delve-windows
FROM binary-dummy AS delve-linux-arm
FROM binary-dummy AS delve-linux-ppc64le
FROM binary-dummy AS delve-linux-s390x
FROM delve-build AS delve-linux-amd64
FROM delve-build AS delve-linux-arm64
FROM delve-linux-${TARGETARCH} AS delve-linux
FROM delve-${TARGETOS} AS delve
FROM base AS tomll
# GOTOML_VERSION specifies the version of the tomll binary to build and install
@ -196,7 +198,7 @@ RUN git init . && git remote add origin "https://github.com/containerd/container
# When updating the binary version you may also need to update the vendor
# version to pick up bug fixes or new APIs, however, usually the Go packages
# are built from a commit from the master branch.
ARG CONTAINERD_VERSION=v1.7.15
ARG CONTAINERD_VERSION=v1.7.13
RUN git fetch -q --depth 1 origin "${CONTAINERD_VERSION}" +refs/tags/*:refs/tags/* && git checkout -q FETCH_HEAD
FROM base AS containerd-build

2
Dockerfile.simple
View file

@ -5,7 +5,7 @@
# This represents the bare minimum required to build and test Docker.
ARG GO_VERSION=1.21.9
ARG GO_VERSION=1.21.8
ARG BASE_DEBIAN_DISTRO="bookworm"
ARG GOLANG_IMAGE="golang:${GO_VERSION}-${BASE_DEBIAN_DISTRO}"

4
Dockerfile.windows
View file

@ -161,10 +161,10 @@ FROM ${WINDOWS_BASE_IMAGE}:${WINDOWS_BASE_IMAGE_TAG}
# Use PowerShell as the default shell
SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"]
ARG GO_VERSION=1.21.9
ARG GO_VERSION=1.21.8
ARG GOTESTSUM_VERSION=v1.8.2
ARG GOWINRES_VERSION=v0.3.1
ARG CONTAINERD_VERSION=v1.7.15
ARG CONTAINERD_VERSION=v1.7.13
# Environment variable notes:
# - GO_VERSION must be consistent with 'Dockerfile' used by Linux.

22
api/server/router/container/container_routes.go
View file

@ -456,27 +456,15 @@ func (s *containerRouter) postContainersCreate(ctx context.Context, w http.Respo
if hostConfig == nil {
hostConfig = &container.HostConfig{}
}
if hostConfig.NetworkMode == "" {
hostConfig.NetworkMode = "default"
}
if networkingConfig == nil {
networkingConfig = &network.NetworkingConfig{}
}
if networkingConfig.EndpointsConfig == nil {
networkingConfig.EndpointsConfig = make(map[string]*network.EndpointSettings)
}
// The NetworkMode "default" is used as a way to express a container should
// be attached to the OS-dependant default network, in an OS-independent
// way. Doing this conversion as soon as possible ensures we have less
// NetworkMode to handle down the path (including in the
// backward-compatibility layer we have just below).
//
// Note that this is not the only place where this conversion has to be
// done (as there are various other places where containers get created).
if hostConfig.NetworkMode == "" || hostConfig.NetworkMode.IsDefault() {
hostConfig.NetworkMode = runconfig.DefaultDaemonNetworkMode()
if nw, ok := networkingConfig.EndpointsConfig[network.NetworkDefault]; ok {
networkingConfig.EndpointsConfig[hostConfig.NetworkMode.NetworkName()] = nw
delete(networkingConfig.EndpointsConfig, network.NetworkDefault)
}
}
version := httputils.VersionFromContext(ctx)
@ -658,7 +646,7 @@ func handleMACAddressBC(config *container.Config, hostConfig *container.HostConf
}
return "", nil
}
if !hostConfig.NetworkMode.IsBridge() && !hostConfig.NetworkMode.IsUserDefined() {
if !hostConfig.NetworkMode.IsDefault() && !hostConfig.NetworkMode.IsBridge() && !hostConfig.NetworkMode.IsUserDefined() {
return "", runconfig.ErrConflictContainerNetworkAndMac
}
@ -687,7 +675,7 @@ func handleMACAddressBC(config *container.Config, hostConfig *container.HostConf
return "", nil
}
var warning string
if hostConfig.NetworkMode.IsBridge() || hostConfig.NetworkMode.IsUserDefined() {
if hostConfig.NetworkMode.IsDefault() || hostConfig.NetworkMode.IsBridge() || hostConfig.NetworkMode.IsUserDefined() {
nwName := hostConfig.NetworkMode.NetworkName()
// If there's no endpoint config, create a place to store the configured address.
if len(networkingConfig.EndpointsConfig) == 0 {

2
builder/dockerfile/dispatchers_unix.go
View file

@ -22,7 +22,7 @@ func normalizeWorkdir(_ string, current string, requested string) (string, error
if !filepath.IsAbs(requested) {
return filepath.Join(string(os.PathSeparator), current, requested), nil
}
return filepath.Clean(requested), nil
return requested, nil
}
// resolveCmdLine takes a command line arg set and optionally prepends a platform-specific

13
builder/dockerfile/internals.go
View file

@ -15,13 +15,11 @@ import (
"github.com/docker/docker/api/types"
"github.com/docker/docker/api/types/backend"
"github.com/docker/docker/api/types/container"
"github.com/docker/docker/api/types/network"
"github.com/docker/docker/builder"
"github.com/docker/docker/image"
"github.com/docker/docker/pkg/archive"
"github.com/docker/docker/pkg/chrootarchive"
"github.com/docker/docker/pkg/stringid"
"github.com/docker/docker/runconfig"
"github.com/docker/go-connections/nat"
ocispec "github.com/opencontainers/image-spec/specs-go/v1"
"github.com/pkg/errors"
@ -379,21 +377,12 @@ func hostConfigFromOptions(options *types.ImageBuildOptions) *container.HostConf
Ulimits: options.Ulimits,
}
// We need to make sure no empty string or "default" NetworkMode is
// provided to the daemon as it doesn't support them.
//
// This is in line with what the ContainerCreate API endpoint does.
networkMode := options.NetworkMode
if networkMode == "" || networkMode == network.NetworkDefault {
networkMode = runconfig.DefaultDaemonNetworkMode().NetworkName()
}
hc := &container.HostConfig{
SecurityOpt: options.SecurityOpt,
Isolation: options.Isolation,
ShmSize: options.ShmSize,
Resources: resources,
NetworkMode: container.NetworkMode(networkMode),
NetworkMode: container.NetworkMode(options.NetworkMode),
// Set a log config to override any default value set on the daemon
LogConfig: defaultLogConfig,
ExtraHosts: options.ExtraHosts,

4
container/container.go
View file

@ -299,8 +299,8 @@ func (container *Container) SetupWorkingDirectory(rootIdentity idtools.Identity)
return nil
}
workdir := filepath.Clean(container.Config.WorkingDir)
pth, err := container.GetResourcePath(workdir)
container.Config.WorkingDir = filepath.Clean(container.Config.WorkingDir)
pth, err := container.GetResourcePath(container.Config.WorkingDir)
if err != nil {
return err
}

10
daemon/cluster/convert/container.go
View file

@ -120,9 +120,8 @@ func containerSpecFromGRPC(c *swarmapi.ContainerSpec) *types.ContainerSpec {
if m.VolumeOptions != nil {
mount.VolumeOptions = &mounttypes.VolumeOptions{
NoCopy: m.VolumeOptions.NoCopy,
Labels: m.VolumeOptions.Labels,
Subpath: m.VolumeOptions.Subpath,
NoCopy: m.VolumeOptions.NoCopy,
Labels: m.VolumeOptions.Labels,
}
if m.VolumeOptions.DriverConfig != nil {
mount.VolumeOptions.DriverConfig = &mounttypes.Driver{
@ -407,9 +406,8 @@ func containerToGRPC(c *types.ContainerSpec) (*swarmapi.ContainerSpec, error) {
if m.VolumeOptions != nil {
mount.VolumeOptions = &swarmapi.Mount_VolumeOptions{
NoCopy: m.VolumeOptions.NoCopy,
Labels: m.VolumeOptions.Labels,
Subpath: m.VolumeOptions.Subpath,
NoCopy: m.VolumeOptions.NoCopy,
Labels: m.VolumeOptions.Labels,
}
if m.VolumeOptions.DriverConfig != nil {
mount.VolumeOptions.DriverConfig = &swarmapi.Driver{

42
daemon/cluster/convert/pluginadapter.go
View file

@ -1,42 +0,0 @@
package convert
import (
"github.com/docker/docker/pkg/plugingetter"
"github.com/moby/swarmkit/v2/node/plugin"
)
// SwarmPluginGetter adapts a plugingetter.PluginGetter to a Swarmkit plugin.Getter.
func SwarmPluginGetter(pg plugingetter.PluginGetter) plugin.Getter {
return pluginGetter{pg}
}
type pluginGetter struct {
pg plugingetter.PluginGetter
}
var _ plugin.Getter = (*pluginGetter)(nil)
type swarmPlugin struct {
plugingetter.CompatPlugin
}
func (p swarmPlugin) Client() plugin.Client {
return p.CompatPlugin.Client()
}
func (g pluginGetter) Get(name string, capability string) (plugin.Plugin, error) {
p, err := g.pg.Get(name, capability, plugingetter.Lookup)
if err != nil {
return nil, err
}
return swarmPlugin{p}, nil
}
func (g pluginGetter) GetAllManagedPluginsByCap(capability string) []plugin.Plugin {
pp := g.pg.GetAllManagedPluginsByCap(capability)
ret := make([]plugin.Plugin, len(pp))
for i, p := range pp {
ret[i] = swarmPlugin{p}
}
return ret
}

31
daemon/cluster/convert/service_test.go
View file

@ -4,13 +4,11 @@ import (
"testing"
containertypes "github.com/docker/docker/api/types/container"
"github.com/docker/docker/api/types/mount"
swarmtypes "github.com/docker/docker/api/types/swarm"
"github.com/docker/docker/api/types/swarm/runtime"
google_protobuf3 "github.com/gogo/protobuf/types"
swarmapi "github.com/moby/swarmkit/v2/api"
"gotest.tools/v3/assert"
is "gotest.tools/v3/assert/cmp"
)
func TestServiceConvertFromGRPCRuntimeContainer(t *testing.T) {
@ -613,32 +611,3 @@ func TestServiceConvertToGRPCConfigs(t *testing.T) {
})
}
}
func TestServiceConvertToGRPCVolumeSubpath(t *testing.T) {
s := swarmtypes.ServiceSpec{
TaskTemplate: swarmtypes.TaskSpec{
ContainerSpec: &swarmtypes.ContainerSpec{
Mounts: []mount.Mount{
{
Source: "/foo/bar",
Target: "/baz",
Type: mount.TypeVolume,
ReadOnly: false,
VolumeOptions: &mount.VolumeOptions{
Subpath: "sub",
},
},
},
},
},
}
g, err := ServiceSpecToGRPC(s)
assert.NilError(t, err)
v, ok := g.Task.Runtime.(*swarmapi.TaskSpec_Container)
assert.Assert(t, ok)
assert.Check(t, is.Len(v.Container.Mounts, 1))
assert.Check(t, is.Equal(v.Container.Mounts[0].VolumeOptions.Subpath, "sub"))
}

26
daemon/cluster/executor/container/adapter.go
View file

@ -17,14 +17,12 @@ import (
"github.com/docker/docker/api/types/backend"
containertypes "github.com/docker/docker/api/types/container"
"github.com/docker/docker/api/types/events"
"github.com/docker/docker/api/types/network"
"github.com/docker/docker/api/types/registry"
containerpkg "github.com/docker/docker/container"
"github.com/docker/docker/daemon"
"github.com/docker/docker/daemon/cluster/convert"
executorpkg "github.com/docker/docker/daemon/cluster/executor"
"github.com/docker/docker/libnetwork"
"github.com/docker/docker/runconfig"
volumeopts "github.com/docker/docker/volume/service/opts"
gogotypes "github.com/gogo/protobuf/types"
"github.com/moby/swarmkit/v2/agent/exec"
@ -292,34 +290,14 @@ func (c *containerAdapter) waitForDetach(ctx context.Context) error {
}
func (c *containerAdapter) create(ctx context.Context) error {
hostConfig := c.container.hostConfig(c.dependencies.Volumes())
netConfig := c.container.createNetworkingConfig(c.backend)
// We need to make sure no empty string or "default" NetworkMode is
// provided to the daemon as it doesn't support them.
//
// This is in line with what the ContainerCreate API endpoint does, but
// unlike that endpoint we can't do that in the ServiceCreate endpoint as
// the cluster leader and the current node might not be running on the same
// OS. Since the normalized value isn't the same on Windows and Linux, we
// need to make this normalization happen once we're sure we won't make a
// cross-OS API call.
if hostConfig.NetworkMode == "" || hostConfig.NetworkMode.IsDefault() {
hostConfig.NetworkMode = runconfig.DefaultDaemonNetworkMode()
if v, ok := netConfig.EndpointsConfig[network.NetworkDefault]; ok {
delete(netConfig.EndpointsConfig, network.NetworkDefault)
netConfig.EndpointsConfig[runconfig.DefaultDaemonNetworkMode().NetworkName()] = v
}
}
var cr containertypes.CreateResponse
var err error
if cr, err = c.backend.CreateManagedContainer(ctx, backend.ContainerCreateConfig{
Name: c.container.name(),
Config: c.container.config(),
HostConfig: hostConfig,
HostConfig: c.container.hostConfig(c.dependencies.Volumes()),
// Use the first network in container create
NetworkingConfig: netConfig,
NetworkingConfig: c.container.createNetworkingConfig(c.backend),
}); err != nil {
return err
}

3
daemon/cluster/executor/container/container.go
View file

@ -338,8 +338,7 @@ func convertMount(m api.Mount) enginemount.Mount {
if m.VolumeOptions != nil {
mount.VolumeOptions = &enginemount.VolumeOptions{
NoCopy: m.VolumeOptions.NoCopy,
Subpath: m.VolumeOptions.Subpath,
NoCopy: m.VolumeOptions.NoCopy,
}
if m.VolumeOptions.Labels != nil {
mount.VolumeOptions.Labels = make(map[string]string, len(m.VolumeOptions.Labels))

2
daemon/cluster/executor/container/executor.go
View file

@ -52,7 +52,7 @@ func NewExecutor(b executorpkg.Backend, p plugin.Backend, i executorpkg.ImageBac
pluginBackend: p,
imageBackend: i,
volumeBackend: v,
dependencies: agent.NewDependencyManager(convert.SwarmPluginGetter(b.PluginGetter())),
dependencies: agent.NewDependencyManager(b.PluginGetter()),
}
}

9
daemon/cluster/noderunner.go
View file

@ -10,12 +10,10 @@ import (
"github.com/containerd/log"
types "github.com/docker/docker/api/types/swarm"
"github.com/docker/docker/daemon/cluster/convert"
"github.com/docker/docker/daemon/cluster/executor/container"
lncluster "github.com/docker/docker/libnetwork/cluster"
"github.com/docker/docker/libnetwork/cnmallocator"
swarmapi "github.com/moby/swarmkit/v2/api"
"github.com/moby/swarmkit/v2/manager/allocator/networkallocator"
swarmallocator "github.com/moby/swarmkit/v2/manager/allocator/cnmallocator"
swarmnode "github.com/moby/swarmkit/v2/node"
"github.com/pkg/errors"
"google.golang.org/grpc"
@ -125,7 +123,7 @@ func (n *nodeRunner) start(conf nodeStartConfig) error {
ListenControlAPI: control,
ListenRemoteAPI: conf.ListenAddr,
AdvertiseRemoteAPI: conf.AdvertiseAddr,
NetworkConfig: &networkallocator.Config{
NetworkConfig: &swarmallocator.NetworkConfig{
DefaultAddrPool: conf.DefaultAddressPool,
SubnetSize: conf.SubnetSize,
VXLANUDPPort: conf.DataPathPort,
@ -146,8 +144,7 @@ func (n *nodeRunner) start(conf nodeStartConfig) error {
ElectionTick: n.cluster.config.RaftElectionTick,
UnlockKey: conf.lockKey,
AutoLockManagers: conf.autolock,
PluginGetter: convert.SwarmPluginGetter(n.cluster.config.Backend.PluginGetter()),
NetworkProvider: cnmallocator.NewProvider(n.cluster.config.Backend.PluginGetter()),
PluginGetter: n.cluster.config.Backend.PluginGetter(),
}
if conf.availability != "" {
avail, ok := swarmapi.NodeSpec_Availability_value[strings.ToUpper(string(conf.availability))]

4
daemon/config/config_linux.go
View file

@ -196,10 +196,6 @@ func (conf *Config) ValidatePlatformConfig() error {
return errors.Wrap(err, "invalid fixed-cidr-v6")
}
if _, ok := conf.Features["windows-dns-proxy"]; ok {
return errors.New("feature option 'windows-dns-proxy' is only available on Windows")
}
return verifyDefaultCgroupNsMode(conf.CgroupNamespaceMode)
}

2
daemon/container.go
View file

@ -364,6 +364,6 @@ func translateWorkingDir(config *containertypes.Config) error {
if !system.IsAbs(wd) {
return fmt.Errorf("the working directory '%s' is invalid, it needs to be an absolute path", config.WorkingDir)
}
config.WorkingDir = filepath.Clean(wd)
config.WorkingDir = wd
return nil
}

15
daemon/container_operations.go
View file

@ -54,8 +54,7 @@ func (daemon *Daemon) buildSandboxOptions(cfg *config.Config, container *contain
sboxOptions = append(sboxOptions, libnetwork.OptionUseExternalKey())
}
// Add platform-specific Sandbox options.
if err := buildSandboxPlatformOptions(container, cfg, &sboxOptions); err != nil {
if err := setupPathsAndSandboxOptions(container, cfg, &sboxOptions); err != nil {
return nil, err
}
@ -421,6 +420,9 @@ func (daemon *Daemon) updateContainerNetworkSettings(container *container.Contai
}
networkName := mode.NetworkName()
if mode.IsDefault() {
networkName = daemon.netController.Config().DefaultNetwork
}
if mode.IsUserDefined() {
var err error
@ -459,6 +461,15 @@ func (daemon *Daemon) updateContainerNetworkSettings(container *container.Contai
}
}
// Convert any settings added by client in default name to
// engine's default network name key
if mode.IsDefault() {
if nConf, ok := container.NetworkSettings.Networks[mode.NetworkName()]; ok {
container.NetworkSettings.Networks[networkName] = nConf
delete(container.NetworkSettings.Networks, mode.NetworkName())
}
}
if !mode.IsUserDefined() {
return
}

3
daemon/container_operations_unix.go
View file

@ -417,7 +417,7 @@ func serviceDiscoveryOnDefaultNetwork() bool {
return false
}
func buildSandboxPlatformOptions(container *container.Container, cfg *config.Config, sboxOptions *[]libnetwork.SandboxOption) error {
func setupPathsAndSandboxOptions(container *container.Container, cfg *config.Config, sboxOptions *[]libnetwork.SandboxOption) error {
var err error
var originResolvConfPath string
@ -481,7 +481,6 @@ func buildSandboxPlatformOptions(container *container.Container, cfg *config.Con
return err
}
*sboxOptions = append(*sboxOptions, libnetwork.OptionResolvConfPath(container.ResolvConfPath))
return nil
}

8
daemon/container_operations_windows.go
View file

@ -163,13 +163,7 @@ func serviceDiscoveryOnDefaultNetwork() bool {
return true
}
func buildSandboxPlatformOptions(container *container.Container, cfg *config.Config, sboxOptions *[]libnetwork.SandboxOption) error {
// By default, the Windows internal resolver does not forward requests to
// external resolvers - but forwarding can be enabled using feature flag
// "windows-dns-proxy":true.
if doproxy, exists := cfg.Features["windows-dns-proxy"]; !exists || !doproxy {
*sboxOptions = append(*sboxOptions, libnetwork.OptionDNSNoProxy())
}
func setupPathsAndSandboxOptions(container *container.Container, cfg *config.Config, sboxOptions *[]libnetwork.SandboxOption) error {
return nil
}

2
daemon/containerd/image_manifest.go
View file

@ -45,7 +45,7 @@ func (i *ImageService) walkImageManifests(ctx context.Context, img containerdima
return i.walkPresentChildren(ctx, desc, handleManifest)
}
return errors.Wrapf(errNotManifestOrIndex, "error walking manifest for %s", img.Name)
return errNotManifestOrIndex
}
type ImageManifest struct {

16
daemon/daemon.go
View file

@ -32,7 +32,6 @@ import (
"github.com/docker/docker/api/types/backend"
containertypes "github.com/docker/docker/api/types/container"
imagetypes "github.com/docker/docker/api/types/image"
networktypes "github.com/docker/docker/api/types/network"
registrytypes "github.com/docker/docker/api/types/registry"
"github.com/docker/docker/api/types/swarm"
"github.com/docker/docker/api/types/volume"
@ -374,21 +373,6 @@ func (daemon *Daemon) restore(cfg *configStore) error {
Type: local.Name,
}
}
// Normalize the "default" network mode into the network mode
// it aliases ("bridge on Linux and "nat" on Windows). This is
// also done by the container router, for new containers. But
// we need to do it here too to handle containers that were
// created prior to v26.0.
//
// TODO(aker): remove this migration code once the next LTM version of MCR is released.
if c.HostConfig.NetworkMode.IsDefault() {
c.HostConfig.NetworkMode = runconfig.DefaultDaemonNetworkMode()
if nw, ok := c.NetworkSettings.Networks[networktypes.NetworkDefault]; ok {
c.NetworkSettings.Networks[c.HostConfig.NetworkMode.NetworkName()] = nw
delete(c.NetworkSettings.Networks, networktypes.NetworkDefault)
}
}
}
if err := daemon.checkpointAndSave(c); err != nil {

4
daemon/daemon_unix.go
View file

@ -104,8 +104,8 @@ func getMemoryResources(config containertypes.Resources) *specs.LinuxMemory {
memory.DisableOOMKiller = config.OomKillDisable
}
if config.KernelMemory != 0 { //nolint:staticcheck // ignore SA1019: memory.Kernel is deprecated: kernel-memory limits are not supported in cgroups v2, and were obsoleted in [kernel v5.4]. This field should no longer be used, as it may be ignored by runtimes.
memory.Kernel = &config.KernelMemory //nolint:staticcheck // ignore SA1019: memory.Kernel is deprecated: kernel-memory limits are not supported in cgroups v2, and were obsoleted in [kernel v5.4]. This field should no longer be used, as it may be ignored by runtimes.
if config.KernelMemory != 0 {
memory.Kernel = &config.KernelMemory
}
if config.KernelMemoryTCP != 0 {

7
daemon/images/image_history.go
View file

@ -43,14 +43,9 @@ func (i *ImageService) ImageHistory(ctx context.Context, name string) ([]*image.
layerCounter++
}
var created int64
if h.Created != nil {
created = h.Created.Unix()
}
history = append([]*image.HistoryResponseItem{{
ID: "<missing>",
Created: created,
Created: h.Created.Unix(),
CreatedBy: h.CreatedBy,
Comment: h.Comment,
Size: layerSize,

8
daemon/inspect.go
View file

@ -130,8 +130,12 @@ func (daemon *Daemon) getInspectData(daemonCfg *config.Config, container *contai
// unconditionally, to keep backward compatibility with clients that use
// unversioned API endpoints.
if container.Config != nil && container.Config.MacAddress == "" { //nolint:staticcheck // ignore SA1019: field is deprecated, but still used on API < v1.44.
if nwm := hostConfig.NetworkMode; nwm.IsBridge() || nwm.IsUserDefined() {
if epConf, ok := container.NetworkSettings.Networks[nwm.NetworkName()]; ok {
if nwm := hostConfig.NetworkMode; nwm.IsDefault() || nwm.IsBridge() || nwm.IsUserDefined() {
name := nwm.NetworkName()
if nwm.IsDefault() {
name = daemon.netController.Config().DefaultNetwork
}
if epConf, ok := container.NetworkSettings.Networks[name]; ok {
container.Config.MacAddress = epConf.DesiredMacAddress //nolint:staticcheck // ignore SA1019: field is deprecated, but still used on API < v1.44.
}
}

2
daemon/logger/local/read.go
View file

@ -66,7 +66,7 @@ func getTailReader(ctx context.Context, r loggerutils.SizeReaderAt, req int) (io
}
if msgLen != binary.BigEndian.Uint32(buf) {
return nil, 0, errdefs.DataLoss(errors.New("log message header and footer indicate different message sizes"))
return nil, 0, errdefs.DataLoss(errors.Wrap(err, "log message header and footer indicate different message sizes"))
}
found++

8
daemon/nvidia_linux.go
View file

@ -83,13 +83,7 @@ func setNvidiaGPUs(s *specs.Spec, dev *deviceInstance) error {
if s.Hooks == nil {
s.Hooks = &specs.Hooks{}
}
// This implementation uses prestart hooks, which are deprecated.
// CreateRuntime is the closest equivalent, and executed in the same
// locations as prestart-hooks, but depending on what these hooks do,
// possibly one of the other hooks could be used instead (such as
// CreateContainer or StartContainer).
s.Hooks.Prestart = append(s.Hooks.Prestart, specs.Hook{ //nolint:staticcheck // FIXME(thaJeztah); replace prestart hook with a non-deprecated one.
s.Hooks.Prestart = append(s.Hooks.Prestart, specs.Hook{
Path: path,
Args: []string{
nvidiaHook,

24
daemon/oci_linux.go
View file

@ -24,7 +24,6 @@ import (
"github.com/docker/docker/oci/caps"
"github.com/docker/docker/pkg/idtools"
"github.com/docker/docker/pkg/rootless/specconv"
"github.com/docker/docker/pkg/stringid"
volumemounts "github.com/docker/docker/volume/mounts"
"github.com/moby/sys/mount"
"github.com/moby/sys/mountinfo"
@ -61,28 +60,6 @@ func withRlimits(daemon *Daemon, daemonCfg *dconfig.Config, c *container.Contain
}
}
// withLibnetwork sets the libnetwork hook
func withLibnetwork(daemon *Daemon, daemonCfg *dconfig.Config, c *container.Container) coci.SpecOpts {
return func(ctx context.Context, _ coci.Client, _ *containers.Container, s *coci.Spec) error {
if c.Config.NetworkDisabled {
return nil
}
for _, ns := range s.Linux.Namespaces {
if ns.Type == specs.NetworkNamespace && ns.Path == "" {
if s.Hooks == nil {
s.Hooks = &specs.Hooks{}
}
shortNetCtlrID := stringid.TruncateID(daemon.netController.ID())
s.Hooks.Prestart = append(s.Hooks.Prestart, specs.Hook{ //nolint:staticcheck // FIXME(thaJeztah); replace prestart hook with a non-deprecated one.
Path: filepath.Join("/proc", strconv.Itoa(os.Getpid()), "exe"),
Args: []string{"libnetwork-setkey", "-exec-root=" + daemonCfg.GetExecRoot(), c.ID, shortNetCtlrID},
})
}
}
return nil
}
}
// withRootless sets the spec to the rootless configuration
func withRootless(daemon *Daemon, daemonCfg *dconfig.Config) coci.SpecOpts {
return func(_ context.Context, _ coci.Client, _ *containers.Container, s *coci.Spec) error {
@ -1038,7 +1015,6 @@ func (daemon *Daemon) createSpec(ctx context.Context, daemonCfg *configStore, c
WithCapabilities(c),
WithSeccomp(daemon, c),
withMounts(daemon, daemonCfg, c, mounts),
withLibnetwork(daemon, &daemonCfg.Config, c),
WithApparmor(c),
WithSelinux(c),
WithOOMScore(&c.HostConfig.OomScoreAdj),

8
daemon/start_linux.go
View file

@ -2,12 +2,14 @@ package daemon // import "github.com/docker/docker/daemon"
import (
"context"
"fmt"
specs "github.com/opencontainers/runtime-spec/specs-go"
"github.com/docker/docker/container"
"github.com/docker/docker/errdefs"
"github.com/docker/docker/libcontainerd/types"
"github.com/docker/docker/oci"
specs "github.com/opencontainers/runtime-spec/specs-go"
)
// initializeCreatedTask performs any initialization that needs to be done to
@ -20,7 +22,9 @@ func (daemon *Daemon) initializeCreatedTask(ctx context.Context, tsk types.Task,
if err != nil {
return errdefs.System(err)
}
return sb.FinishConfig()
if err := sb.SetKey(fmt.Sprintf("/proc/%d/ns/net", tsk.Pid())); err != nil {
return errdefs.System(err)
}
}
}
return nil

4
daemon/update_linux.go
View file

@ -59,8 +59,8 @@ func toContainerdResources(resources container.Resources) *libcontainerdtypes.Re
if resources.MemoryReservation != 0 {
memory.Reservation = &resources.MemoryReservation
}
if resources.KernelMemory != 0 { //nolint:staticcheck // ignore SA1019: memory.Kernel is deprecated: kernel-memory limits are not supported in cgroups v2, and were obsoleted in [kernel v5.4]. This field should no longer be used, as it may be ignored by runtimes.
memory.Kernel = &resources.KernelMemory //nolint:staticcheck // ignore SA1019: memory.Kernel is deprecated: kernel-memory limits are not supported in cgroups v2, and were obsoleted in [kernel v5.4]. This field should no longer be used, as it may be ignored by runtimes.
if resources.KernelMemory != 0 {
memory.Kernel = &resources.KernelMemory
}
if resources.MemorySwap > 0 {
memory.Swap = &resources.MemorySwap

2
hack/dockerfile/install/containerd.installer
View file

@ -15,7 +15,7 @@ set -e
# the binary version you may also need to update the vendor version to pick up
# bug fixes or new APIs, however, usually the Go packages are built from a
# commit from the master branch.
: "${CONTAINERD_VERSION:=v1.7.15}"
: "${CONTAINERD_VERSION:=v1.7.13}"
install_containerd() (
echo "Install containerd version $CONTAINERD_VERSION"

2
hack/dockerfiles/generate-files.Dockerfile
View file

@ -1,6 +1,6 @@
# syntax=docker/dockerfile:1
ARG GO_VERSION=1.21.9
ARG GO_VERSION=1.21.8
ARG BASE_DEBIAN_DISTRO="bookworm"
ARG PROTOC_VERSION=3.11.4

3
image/tarexport/save.go
View file

@ -223,6 +223,8 @@ func (s *saveSession) save(outStream io.Writer) error {
})
}
imgPlat := imageDescr.image.Platform()
m := ocispec.Manifest{
Versioned: specs.Versioned{
SchemaVersion: 2,
@ -232,6 +234,7 @@ func (s *saveSession) save(outStream io.Writer) error {
MediaType: ocispec.MediaTypeImageConfig,
Digest: digest.Digest(imageDescr.image.ID()),
Size: int64(len(imageDescr.image.RawJSON())),
Platform: &imgPlat,
},
Layers: foreign,
}

2
integration-cli/docker_cli_build_test.go
View file

@ -4296,7 +4296,7 @@ func (s *DockerCLIBuildSuite) TestBuildBuildTimeArgExpansion(c *testing.T) {
imgName := "bldvarstest"
wdVar := "WDIR"
wdVal := "/tmp"
wdVal := "/tmp/"
addVar := "AFILE"
addVal := "addFile"
copyVar := "CFILE"

66
integration/build/build_test.go
View file

@ -689,72 +689,6 @@ func TestBuildPlatformInvalid(t *testing.T) {
assert.Check(t, is.ErrorType(err, errdefs.IsInvalidParameter))
}
// TestBuildWorkdirNoCacheMiss is a regression test for https://github.com/moby/moby/issues/47627
func TestBuildWorkdirNoCacheMiss(t *testing.T) {
ctx := setupTest(t)
for _, tc := range []struct {
name string
dockerfile string
}{
{name: "trailing slash", dockerfile: "FROM busybox\nWORKDIR /foo/"},
{name: "no trailing slash", dockerfile: "FROM busybox\nWORKDIR /foo"},
} {
dockerfile := tc.dockerfile
t.Run(tc.name, func(t *testing.T) {
source := fakecontext.New(t, "", fakecontext.WithDockerfile(dockerfile))
defer source.Close()
apiClient := testEnv.APIClient()
buildAndGetID := func() string {
resp, err := apiClient.ImageBuild(ctx, source.AsTarReader(t), types.ImageBuildOptions{
Version: types.BuilderV1,
})
assert.NilError(t, err)
defer resp.Body.Close()
id := readBuildImageIDs(t, resp.Body)
assert.Check(t, id != "")
return id
}
firstId := buildAndGetID()
secondId := buildAndGetID()
assert.Check(t, is.Equal(firstId, secondId), "expected cache to be used")
})
}
}
func readBuildImageIDs(t *testing.T, rd io.Reader) string {
t.Helper()
decoder := json.NewDecoder(rd)
for {
var jm jsonmessage.JSONMessage
if err := decoder.Decode(&jm); err != nil {
if err == io.EOF {
break
}
assert.NilError(t, err)
}
if jm.Aux == nil {
continue
}
var auxId struct {
ID string `json:"ID"`
}
if json.Unmarshal(*jm.Aux, &auxId); auxId.ID != "" {
return auxId.ID
}
}
return ""
}
func writeTarRecord(t *testing.T, w *tar.Writer, fn, contents string) {
err := w.WriteHeader(&tar.Header{
Name: fn,

30
integration/container/run_linux_test.go
View file

@ -326,33 +326,3 @@ func TestStaticIPOutsideSubpool(t *testing.T) {
assert.Check(t, is.Contains(b.String(), "inet 10.42.1.3/16"))
}
func TestWorkingDirNormalization(t *testing.T) {
ctx := setupTest(t)
apiClient := testEnv.APIClient()
for _, tc := range []struct {
name string
workdir string
}{
{name: "trailing slash", workdir: "/tmp/"},
{name: "no trailing slash", workdir: "/tmp"},
} {
tc := tc
t.Run(tc.name, func(t *testing.T) {
t.Parallel()
cID := container.Run(ctx, t, apiClient,
container.WithImage("busybox"),
container.WithWorkingDir(tc.workdir),
)
defer container.Remove(ctx, t, apiClient, cID, containertypes.RemoveOptions{Force: true})
inspect := container.Inspect(ctx, t, apiClient, cID)
assert.Check(t, is.Equal(inspect.Config.WorkingDir, "/tmp"))
})
}
}

66
integration/internal/network/dns.go
View file

@ -1,66 +0,0 @@
package network
import (
"net"
"os"
"testing"
"github.com/miekg/dns"
"gotest.tools/v3/assert"
)
const DNSRespAddr = "10.11.12.13"
// WriteTempResolvConf writes a resolv.conf that only contains a single
// nameserver line, with address addr.
// It returns the name of the temp file. The temp file will be deleted
// automatically by a t.Cleanup().
func WriteTempResolvConf(t *testing.T, addr string) string {
t.Helper()
// Not using t.TempDir() here because in rootless mode, while the temporary
// directory gets mode 0777, it's a subdir of an 0700 directory owned by root.
// So, it's not accessible by the daemon.
f, err := os.CreateTemp("", "resolv.conf")
assert.NilError(t, err)
t.Cleanup(func() { os.Remove(f.Name()) })
err = f.Chmod(0644)
assert.NilError(t, err)
f.Write([]byte("nameserver " + addr + "\n"))
return f.Name()
}
// StartDaftDNS starts and returns a really, really daft DNS server that only
// responds to type-A requests, and always with address dnsRespAddr.
// The DNS server will be stopped automatically by a t.Cleanup().
func StartDaftDNS(t *testing.T, addr string) {
serveDNS := func(w dns.ResponseWriter, query *dns.Msg) {
if query.Question[0].Qtype == dns.TypeA {
resp := &dns.Msg{}
resp.SetReply(query)
answer := &dns.A{
Hdr: dns.RR_Header{
Name: query.Question[0].Name,
Rrtype: dns.TypeA,
Class: dns.ClassINET,
Ttl: 600,
},
}
answer.A = net.ParseIP(DNSRespAddr)
resp.Answer = append(resp.Answer, answer)
_ = w.WriteMsg(resp)
}
}
conn, err := net.ListenUDP("udp", &net.UDPAddr{
IP: net.ParseIP(addr),
Port: 53,
})
assert.NilError(t, err)
server := &dns.Server{Handler: dns.HandlerFunc(serveDNS), PacketConn: conn}
go func() {
_ = server.ActivateAndServe()
}()
t.Cleanup(func() { server.Shutdown() })
}

240
integration/network/ipvlan/ipvlan_test.go
View file

@ -4,12 +4,12 @@ package ipvlan // import "github.com/docker/docker/integration/network/ipvlan"
import (
"context"
"fmt"
"os"
"os/exec"
"strings"
"sync"
"testing"
"github.com/docker/docker/api/types"
containertypes "github.com/docker/docker/api/types/container"
dclient "github.com/docker/docker/client"
"github.com/docker/docker/integration/internal/container"
net "github.com/docker/docker/integration/internal/network"
@ -17,14 +17,13 @@ import (
"github.com/docker/docker/testutil"
"github.com/docker/docker/testutil/daemon"
"gotest.tools/v3/assert"
is "gotest.tools/v3/assert/cmp"
"gotest.tools/v3/skip"
)
func TestDockerNetworkIpvlanPersistance(t *testing.T) {
// verify the driver automatically provisions the 802.1q link (di-dummy0.70)
skip.If(t, testEnv.IsRemoteDaemon)
skip.If(t, testEnv.IsRootless, "rootless mode has different view of network")
skip.If(t, !ipvlanKernelSupport(t), "Kernel doesn't support ipvlan")
ctx := testutil.StartSpan(baseContext, t)
@ -53,7 +52,7 @@ func TestDockerNetworkIpvlanPersistance(t *testing.T) {
func TestDockerNetworkIpvlan(t *testing.T) {
skip.If(t, testEnv.IsRemoteDaemon)
skip.If(t, testEnv.IsRootless, "rootless mode has different view of network")
skip.If(t, !ipvlanKernelSupport(t), "Kernel doesn't support ipvlan")
ctx := testutil.StartSpan(baseContext, t)
@ -80,23 +79,14 @@ func TestDockerNetworkIpvlan(t *testing.T) {
name: "L3InternalMode",
test: testIpvlanL3InternalMode,
}, {
name: "L2MultiSubnetWithParent",
test: testIpvlanL2MultiSubnetWithParent,
}, {
name: "L2MultiSubnetNoParent",
test: testIpvlanL2MultiSubnetNoParent,
name: "L2MultiSubnet",
test: testIpvlanL2MultiSubnet,
}, {
name: "L3MultiSubnet",
test: testIpvlanL3MultiSubnet,
}, {
name: "L2Addressing",
test: testIpvlanL2Addressing,
}, {
name: "L3Addressing",
test: testIpvlanL3Addressing,
}, {
name: "NoIPv6",
test: testIpvlanNoIPv6,
name: "Addressing",
test: testIpvlanAddressing,
},
} {
@ -235,21 +225,10 @@ func testIpvlanL3InternalMode(t *testing.T, ctx context.Context, client dclient.
assert.NilError(t, err)
}
func testIpvlanL2MultiSubnetWithParent(t *testing.T, ctx context.Context, client dclient.APIClient) {
const parentIfName = "di-dummy0"
n.CreateMasterDummy(ctx, t, parentIfName)
defer n.DeleteInterface(ctx, t, parentIfName)
testIpvlanL2MultiSubnet(t, ctx, client, parentIfName)
}
func testIpvlanL2MultiSubnetNoParent(t *testing.T, ctx context.Context, client dclient.APIClient) {
testIpvlanL2MultiSubnet(t, ctx, client, "")
}
func testIpvlanL2MultiSubnet(t *testing.T, ctx context.Context, client dclient.APIClient, parent string) {
func testIpvlanL2MultiSubnet(t *testing.T, ctx context.Context, client dclient.APIClient) {
netName := "dualstackl2"
net.CreateNoError(ctx, t, client, netName,
net.WithIPvlan(parent, ""),
net.WithIPvlan("", ""),
net.WithIPv6(),
net.WithIPAM("172.28.200.0/24", ""),
net.WithIPAM("172.28.202.0/24", "172.28.202.254"),
@ -271,22 +250,11 @@ func testIpvlanL2MultiSubnet(t *testing.T, ctx context.Context, client dclient.A
)
c1, err := client.ContainerInspect(ctx, id1)
assert.NilError(t, err)
if parent == "" {
// Inspect the v4 gateway to ensure no default GW was assigned
assert.Check(t, is.Equal(c1.NetworkSettings.Networks[netName].Gateway, ""))
// Inspect the v6 gateway to ensure no default GW was assigned
assert.Check(t, is.Equal(c1.NetworkSettings.Networks[netName].IPv6Gateway, ""))
} else {
// Inspect the v4 gateway to ensure the proper default GW was assigned
assert.Check(t, is.Equal(c1.NetworkSettings.Networks[netName].Gateway, "172.28.200.1"))
// Inspect the v6 gateway to ensure the proper default GW was assigned
assert.Check(t, is.Equal(c1.NetworkSettings.Networks[netName].IPv6Gateway, "2001:db8:abc8::1"))
}
// verify ipv4 connectivity to the explicit --ip address second to first
// verify ipv4 connectivity to the explicit --ipv address second to first
_, err = container.Exec(ctx, client, id2, []string{"ping", "-c", "1", c1.NetworkSettings.Networks[netName].IPAddress})
assert.NilError(t, err)
// verify ipv6 connectivity to the explicit --ip6 address second to first
// verify ipv6 connectivity to the explicit --ipv6 address second to first
_, err = container.Exec(ctx, client, id2, []string{"ping6", "-c", "1", c1.NetworkSettings.Networks[netName].GlobalIPv6Address})
assert.NilError(t, err)
@ -303,24 +271,22 @@ func testIpvlanL2MultiSubnet(t *testing.T, ctx context.Context, client dclient.A
)
c3, err := client.ContainerInspect(ctx, id3)
assert.NilError(t, err)
if parent == "" {
// Inspect the v4 gateway to ensure no default GW was assigned
assert.Check(t, is.Equal(c3.NetworkSettings.Networks[netName].Gateway, ""))
// Inspect the v6 gateway to ensure no default GW was assigned
assert.Check(t, is.Equal(c3.NetworkSettings.Networks[netName].IPv6Gateway, ""))
} else {
// Inspect the v4 gateway to ensure the proper explicitly assigned default GW was assigned
assert.Check(t, is.Equal(c3.NetworkSettings.Networks[netName].Gateway, "172.28.202.254"))
// Inspect the v6 gateway to ensure the proper explicitly assigned default GW was assigned
assert.Check(t, is.Equal(c3.NetworkSettings.Networks[netName].IPv6Gateway, "2001:db8:abc6::254"))
}
// verify ipv4 connectivity to the explicit --ip address from third to fourth
// verify ipv4 connectivity to the explicit --ipv address from third to fourth
_, err = container.Exec(ctx, client, id4, []string{"ping", "-c", "1", c3.NetworkSettings.Networks[netName].IPAddress})
assert.NilError(t, err)
// verify ipv6 connectivity to the explicit --ip6 address from third to fourth
// verify ipv6 connectivity to the explicit --ipv6 address from third to fourth
_, err = container.Exec(ctx, client, id4, []string{"ping6", "-c", "1", c3.NetworkSettings.Networks[netName].GlobalIPv6Address})
assert.NilError(t, err)
// Inspect the v4 gateway to ensure the proper default GW was assigned
assert.Equal(t, c1.NetworkSettings.Networks[netName].Gateway, "172.28.200.1")
// Inspect the v6 gateway to ensure the proper default GW was assigned
assert.Equal(t, c1.NetworkSettings.Networks[netName].IPv6Gateway, "2001:db8:abc8::1")
// Inspect the v4 gateway to ensure the proper explicitly assigned default GW was assigned
assert.Equal(t, c3.NetworkSettings.Networks[netName].Gateway, "172.28.202.254")
// Inspect the v6 gateway to ensure the proper explicitly assigned default GW was assigned
assert.Equal(t, c3.NetworkSettings.Networks[netName].IPv6Gateway, "2001:db8:abc6::254")
}
func testIpvlanL3MultiSubnet(t *testing.T, ctx context.Context, client dclient.APIClient) {
@ -387,162 +353,70 @@ func testIpvlanL3MultiSubnet(t *testing.T, ctx context.Context, client dclient.A
assert.Equal(t, c3.NetworkSettings.Networks[netName].IPv6Gateway, "")
}
// Verify ipvlan l2 mode sets the proper default gateway routes via netlink
// for either an explicitly set route by the user or inferred via default IPAM
func testIpvlanL2Addressing(t *testing.T, ctx context.Context, client dclient.APIClient) {
const parentIfName = "di-dummy0"
n.CreateMasterDummy(ctx, t, parentIfName)
defer n.DeleteInterface(ctx, t, parentIfName)
func testIpvlanAddressing(t *testing.T, ctx context.Context, client dclient.APIClient) {
// Verify ipvlan l2 mode sets the proper default gateway routes via netlink
// for either an explicitly set route by the user or inferred via default IPAM
netNameL2 := "dualstackl2"
net.CreateNoError(ctx, t, client, netNameL2,
net.WithIPvlan(parentIfName, "l2"),
net.WithIPvlan("", "l2"),
net.WithIPv6(),
net.WithIPAM("172.28.140.0/24", "172.28.140.254"),
net.WithIPAM("2001:db8:abcb::/64", ""),
)
assert.Check(t, n.IsNetworkAvailable(ctx, client, netNameL2))
id := container.Run(ctx, t, client,
id1 := container.Run(ctx, t, client,
container.WithNetworkMode(netNameL2),
)
// Validate ipvlan l2 mode defaults gateway sets the default IPAM next-hop inferred from the subnet
result, err := container.Exec(ctx, client, id, []string{"ip", "route"})
result, err := container.Exec(ctx, client, id1, []string{"ip", "route"})
assert.NilError(t, err)
assert.Check(t, is.Contains(result.Combined(), "default via 172.28.140.254 dev eth0"))
assert.Check(t, strings.Contains(result.Combined(), "default via 172.28.140.254 dev eth0"))
// Validate ipvlan l2 mode sets the v6 gateway to the user specified default gateway/next-hop
result, err = container.Exec(ctx, client, id, []string{"ip", "-6", "route"})
result, err = container.Exec(ctx, client, id1, []string{"ip", "-6", "route"})
assert.NilError(t, err)
assert.Check(t, is.Contains(result.Combined(), "default via 2001:db8:abcb::1 dev eth0"))
}
// Validate ipvlan l3 mode sets the v4 gateway to dev eth0 and disregards any explicit or inferred next-hops
func testIpvlanL3Addressing(t *testing.T, ctx context.Context, client dclient.APIClient) {
const parentIfName = "di-dummy0"
n.CreateMasterDummy(ctx, t, parentIfName)
defer n.DeleteInterface(ctx, t, parentIfName)
assert.Check(t, strings.Contains(result.Combined(), "default via 2001:db8:abcb::1 dev eth0"))
// Validate ipvlan l3 mode sets the v4 gateway to dev eth0 and disregards any explicit or inferred next-hops
netNameL3 := "dualstackl3"
net.CreateNoError(ctx, t, client, netNameL3,
net.WithIPvlan(parentIfName, "l3"),
net.WithIPvlan("", "l3"),
net.WithIPv6(),
net.WithIPAM("172.28.160.0/24", "172.28.160.254"),
net.WithIPAM("2001:db8:abcd::/64", "2001:db8:abcd::254"),
)
assert.Check(t, n.IsNetworkAvailable(ctx, client, netNameL3))
id := container.Run(ctx, t, client,
id2 := container.Run(ctx, t, client,
container.WithNetworkMode(netNameL3),
)
// Validate ipvlan l3 mode sets the v4 gateway to dev eth0 and disregards any explicit or inferred next-hops
result, err := container.Exec(ctx, client, id, []string{"ip", "route"})
result, err = container.Exec(ctx, client, id2, []string{"ip", "route"})
assert.NilError(t, err)
assert.Check(t, is.Contains(result.Combined(), "default dev eth0"))
assert.Check(t, strings.Contains(result.Combined(), "default dev eth0"))
// Validate ipvlan l3 mode sets the v6 gateway to dev eth0 and disregards any explicit or inferred next-hops
result, err = container.Exec(ctx, client, id, []string{"ip", "-6", "route"})
result, err = container.Exec(ctx, client, id2, []string{"ip", "-6", "route"})
assert.NilError(t, err)
assert.Check(t, is.Contains(result.Combined(), "default dev eth0"))
assert.Check(t, strings.Contains(result.Combined(), "default dev eth0"))
}
// Check that an ipvlan interface with '--ipv6=false' doesn't get kernel-assigned
// IPv6 addresses, but the loopback interface does still have an IPv6 address ('::1').
func testIpvlanNoIPv6(t *testing.T, ctx context.Context, client dclient.APIClient) {
const netName = "ipvlannet"
net.CreateNoError(ctx, t, client, netName, net.WithIPvlan("", "l3"))
assert.Check(t, n.IsNetworkAvailable(ctx, client, netName))
var (
once sync.Once
ipvlanSupported bool
)
id := container.Run(ctx, t, client, container.WithNetworkMode(netName))
loRes := container.ExecT(ctx, t, client, id, []string{"ip", "a", "show", "dev", "lo"})
assert.Check(t, is.Contains(loRes.Combined(), " inet "))
assert.Check(t, is.Contains(loRes.Combined(), " inet6 "))
eth0Res := container.ExecT(ctx, t, client, id, []string{"ip", "a", "show", "dev", "eth0"})
assert.Check(t, is.Contains(eth0Res.Combined(), " inet "))
assert.Check(t, !strings.Contains(eth0Res.Combined(), " inet6 "),
"result.Combined(): %s", eth0Res.Combined())
sysctlRes := container.ExecT(ctx, t, client, id, []string{"sysctl", "-n", "net.ipv6.conf.eth0.disable_ipv6"})
assert.Check(t, is.Equal(strings.TrimSpace(sysctlRes.Combined()), "1"))
}
// TestIPVlanDNS checks whether DNS is forwarded, for combinations of l2/l3 mode,
// with/without a parent interface, and with '--internal'. Note that, there's no
// attempt here to give the ipvlan network external connectivity - when this test
// supplies a parent interface, it's a dummy. External DNS lookups only work
// because the daemon is configured to see a host resolver on a loopback
// interface, so the external DNS lookup happens in the host's namespace. The
// test is checking that an automatically configured dummy interface causes the
// network to behave as if it was '--internal'. Regression test for
// https://github.com/moby/moby/issues/47662
func TestIPVlanDNS(t *testing.T) {
skip.If(t, testEnv.IsRootless, "rootless mode has different view of network")
ctx := testutil.StartSpan(baseContext, t)
net.StartDaftDNS(t, "127.0.0.1")
tmpFileName := net.WriteTempResolvConf(t, "127.0.0.1")
d := daemon.New(t, daemon.WithEnvVars("DOCKER_TEST_RESOLV_CONF_PATH="+tmpFileName))
d.StartWithBusybox(ctx, t)
t.Cleanup(func() { d.Stop(t) })
c := d.NewClientT(t)
const parentIfName = "di-dummy0"
n.CreateMasterDummy(ctx, t, parentIfName)
defer n.DeleteInterface(ctx, t, parentIfName)
const netName = "ipvlan-dns-net"
testcases := []struct {
name string
parent string
internal bool
expDNS bool
}{
{
name: "with parent",
parent: parentIfName,
// External DNS should be used (even though the network has no external connectivity).
expDNS: true,
},
{
name: "no parent",
// External DNS should not be used, equivalent to '--internal'.
},
{
name: "with parent, internal",
parent: parentIfName,
internal: true,
// External DNS should not be used.
},
}
for _, mode := range []string{"l2", "l3"} {
for _, tc := range testcases {
name := fmt.Sprintf("Mode=%v/HasParent=%v/Internal=%v", mode, tc.parent != "", tc.internal)
t.Run(name, func(t *testing.T) {
ctx := testutil.StartSpan(ctx, t)
createOpts := []func(*types.NetworkCreate){
net.WithIPvlan(tc.parent, mode),
}
if tc.internal {
createOpts = append(createOpts, net.WithInternal())
}
net.CreateNoError(ctx, t, c, netName, createOpts...)
defer c.NetworkRemove(ctx, netName)
ctrId := container.Run(ctx, t, c, container.WithNetworkMode(netName))
defer c.ContainerRemove(ctx, ctrId, containertypes.RemoveOptions{Force: true})
res, err := container.Exec(ctx, c, ctrId, []string{"nslookup", "test.example"})
assert.NilError(t, err)
if tc.expDNS {
assert.Check(t, is.Equal(res.ExitCode, 0))
assert.Check(t, is.Contains(res.Stdout(), net.DNSRespAddr))
} else {
assert.Check(t, is.Equal(res.ExitCode, 1))
assert.Check(t, is.Contains(res.Stdout(), "SERVFAIL"))
}
})
// figure out if ipvlan is supported by the kernel
func ipvlanKernelSupport(t *testing.T) bool {
once.Do(func() {
// this may have the side effect of enabling the ipvlan module
exec.Command("modprobe", "ipvlan").Run()
_, err := os.Stat("/sys/module/ipvlan")
if err == nil {
ipvlanSupported = true
} else if !os.IsNotExist(err) {
t.Logf("WARNING: ipvlanKernelSupport: stat failed: %v\n", err)
}
}
})
return ipvlanSupported
}

177
integration/network/macvlan/macvlan_test.go
View file

@ -7,8 +7,6 @@ import (
"strings"
"testing"
"github.com/docker/docker/api/types"
containertypes "github.com/docker/docker/api/types/container"
"github.com/docker/docker/client"
"github.com/docker/docker/integration/internal/container"
net "github.com/docker/docker/integration/internal/network"
@ -16,7 +14,6 @@ import (
"github.com/docker/docker/testutil"
"github.com/docker/docker/testutil/daemon"
"gotest.tools/v3/assert"
is "gotest.tools/v3/assert/cmp"
"gotest.tools/v3/skip"
)
@ -69,17 +66,11 @@ func TestDockerNetworkMacvlan(t *testing.T) {
name: "InternalMode",
test: testMacvlanInternalMode,
}, {
name: "MultiSubnetWithParent",
test: testMacvlanMultiSubnetWithParent,
}, {
name: "MultiSubnetNoParent",
test: testMacvlanMultiSubnetNoParent,
name: "MultiSubnet",
test: testMacvlanMultiSubnet,
}, {
name: "Addressing",
test: testMacvlanAddressing,
}, {
name: "NoIPv6",
test: testMacvlanNoIPv6,
},
} {
tc := tc
@ -182,21 +173,10 @@ func testMacvlanInternalMode(t *testing.T, ctx context.Context, client client.AP
assert.Check(t, err == nil)
}
func testMacvlanMultiSubnetWithParent(t *testing.T, ctx context.Context, client client.APIClient) {
const parentIfName = "dm-dummy0"
n.CreateMasterDummy(ctx, t, parentIfName)
defer n.DeleteInterface(ctx, t, parentIfName)
testMacvlanMultiSubnet(t, ctx, client, parentIfName)
}
func testMacvlanMultiSubnetNoParent(t *testing.T, ctx context.Context, client client.APIClient) {
testMacvlanMultiSubnet(t, ctx, client, "")
}
func testMacvlanMultiSubnet(t *testing.T, ctx context.Context, client client.APIClient, parent string) {
func testMacvlanMultiSubnet(t *testing.T, ctx context.Context, client client.APIClient) {
netName := "dualstackbridge"
net.CreateNoError(ctx, t, client, netName,
net.WithMacvlan(parent),
net.WithMacvlan(""),
net.WithIPv6(),
net.WithIPAM("172.28.100.0/24", ""),
net.WithIPAM("172.28.102.0/24", "172.28.102.254"),
@ -219,22 +199,11 @@ func testMacvlanMultiSubnet(t *testing.T, ctx context.Context, client client.API
)
c1, err := client.ContainerInspect(ctx, id1)
assert.NilError(t, err)
if parent == "" {
// Inspect the v4 gateway to ensure no default GW was assigned
assert.Check(t, is.Equal(c1.NetworkSettings.Networks["dualstackbridge"].Gateway, ""))
// Inspect the v6 gateway to ensure no default GW was assigned
assert.Check(t, is.Equal(c1.NetworkSettings.Networks["dualstackbridge"].IPv6Gateway, ""))
} else {
// Inspect the v4 gateway to ensure the proper default GW was assigned
assert.Check(t, is.Equal(c1.NetworkSettings.Networks["dualstackbridge"].Gateway, "172.28.100.1"))
// Inspect the v6 gateway to ensure the proper default GW was assigned
assert.Check(t, is.Equal(c1.NetworkSettings.Networks["dualstackbridge"].IPv6Gateway, "2001:db8:abc2::1"))
}
// verify ipv4 connectivity to the explicit --ip address second to first
// verify ipv4 connectivity to the explicit --ipv address second to first
_, err = container.Exec(ctx, client, id2, []string{"ping", "-c", "1", c1.NetworkSettings.Networks["dualstackbridge"].IPAddress})
assert.NilError(t, err)
// verify ipv6 connectivity to the explicit --ip6 address second to first
// verify ipv6 connectivity to the explicit --ipv6 address second to first
_, err = container.Exec(ctx, client, id2, []string{"ping6", "-c", "1", c1.NetworkSettings.Networks["dualstackbridge"].GlobalIPv6Address})
assert.NilError(t, err)
@ -251,35 +220,29 @@ func testMacvlanMultiSubnet(t *testing.T, ctx context.Context, client client.API
)
c3, err := client.ContainerInspect(ctx, id3)
assert.NilError(t, err)
if parent == "" {
// Inspect the v4 gateway to ensure no default GW was assigned
assert.Check(t, is.Equal(c3.NetworkSettings.Networks["dualstackbridge"].Gateway, ""))
// Inspect the v6 gateway to ensure no default GW was assigned
assert.Check(t, is.Equal(c3.NetworkSettings.Networks["dualstackbridge"].IPv6Gateway, ""))
} else {
// Inspect the v4 gateway to ensure the proper explicitly assigned default GW was assigned
assert.Check(t, is.Equal(c3.NetworkSettings.Networks["dualstackbridge"].Gateway, "172.28.102.254"))
// Inspect the v6 gateway to ensure the proper explicitly assigned default GW was assigned
assert.Check(t, is.Equal(c3.NetworkSettings.Networks["dualstackbridge"].IPv6Gateway, "2001:db8:abc4::254"))
}
// verify ipv4 connectivity to the explicit --ip address from third to fourth
// verify ipv4 connectivity to the explicit --ipv address from third to fourth
_, err = container.Exec(ctx, client, id4, []string{"ping", "-c", "1", c3.NetworkSettings.Networks["dualstackbridge"].IPAddress})
assert.NilError(t, err)
// verify ipv6 connectivity to the explicit --ip6 address from third to fourth
// verify ipv6 connectivity to the explicit --ipv6 address from third to fourth
_, err = container.Exec(ctx, client, id4, []string{"ping6", "-c", "1", c3.NetworkSettings.Networks["dualstackbridge"].GlobalIPv6Address})
assert.NilError(t, err)
// Inspect the v4 gateway to ensure the proper default GW was assigned
assert.Equal(t, c1.NetworkSettings.Networks["dualstackbridge"].Gateway, "172.28.100.1")
// Inspect the v6 gateway to ensure the proper default GW was assigned
assert.Equal(t, c1.NetworkSettings.Networks["dualstackbridge"].IPv6Gateway, "2001:db8:abc2::1")
// Inspect the v4 gateway to ensure the proper explicitly assigned default GW was assigned
assert.Equal(t, c3.NetworkSettings.Networks["dualstackbridge"].Gateway, "172.28.102.254")
// Inspect the v6 gateway to ensure the proper explicitly assigned default GW was assigned
assert.Equal(t, c3.NetworkSettings.Networks["dualstackbridge"].IPv6Gateway, "2001:db8:abc4::254")
}
func testMacvlanAddressing(t *testing.T, ctx context.Context, client client.APIClient) {
const parentIfName = "dm-dummy0"
n.CreateMasterDummy(ctx, t, parentIfName)
defer n.DeleteInterface(ctx, t, parentIfName)
// Ensure the default gateways, next-hops and default dev devices are properly set
netName := "dualstackbridge"
net.CreateNoError(ctx, t, client, netName,
net.WithMacvlan(parentIfName),
net.WithMacvlan(""),
net.WithIPv6(),
net.WithOption("macvlan_mode", "bridge"),
net.WithIPAM("172.28.130.0/24", ""),
@ -300,107 +263,3 @@ func testMacvlanAddressing(t *testing.T, ctx context.Context, client client.APIC
assert.NilError(t, err)
assert.Check(t, strings.Contains(result.Combined(), "default via 2001:db8:abca::254 dev eth0"))
}
// Check that a macvlan interface with '--ipv6=false' doesn't get kernel-assigned
// IPv6 addresses, but the loopback interface does still have an IPv6 address ('::1').
func testMacvlanNoIPv6(t *testing.T, ctx context.Context, client client.APIClient) {
const netName = "macvlannet"
net.CreateNoError(ctx, t, client, netName,
net.WithMacvlan(""),
net.WithOption("macvlan_mode", "bridge"),
)
assert.Check(t, n.IsNetworkAvailable(ctx, client, netName))
id := container.Run(ctx, t, client, container.WithNetworkMode(netName))
loRes := container.ExecT(ctx, t, client, id, []string{"ip", "a", "show", "dev", "lo"})
assert.Check(t, is.Contains(loRes.Combined(), " inet "))
assert.Check(t, is.Contains(loRes.Combined(), " inet6 "))
eth0Res := container.ExecT(ctx, t, client, id, []string{"ip", "a", "show", "dev", "eth0"})
assert.Check(t, is.Contains(eth0Res.Combined(), " inet "))
assert.Check(t, !strings.Contains(eth0Res.Combined(), " inet6 "),
"result.Combined(): %s", eth0Res.Combined())
sysctlRes := container.ExecT(ctx, t, client, id, []string{"sysctl", "-n", "net.ipv6.conf.eth0.disable_ipv6"})
assert.Check(t, is.Equal(strings.TrimSpace(sysctlRes.Combined()), "1"))
}
// TestMACVlanDNS checks whether DNS is forwarded, with/without a parent
// interface, and with '--internal'. Note that there's no attempt here to give
// the macvlan network external connectivity - when this test supplies a parent
// interface, it's a dummy. External DNS lookups only work because the daemon is
// configured to see a host resolver on a loopback interface, so the external DNS
// lookup happens in the host's namespace. The test is checking that an
// automatically configured dummy interface causes the network to behave as if it
// was '--internal'.
func TestMACVlanDNS(t *testing.T) {
skip.If(t, testEnv.IsRootless, "rootless mode has different view of network")
ctx := testutil.StartSpan(baseContext, t)
net.StartDaftDNS(t, "127.0.0.1")
tmpFileName := net.WriteTempResolvConf(t, "127.0.0.1")
d := daemon.New(t, daemon.WithEnvVars("DOCKER_TEST_RESOLV_CONF_PATH="+tmpFileName))
d.StartWithBusybox(ctx, t)
t.Cleanup(func() { d.Stop(t) })
c := d.NewClientT(t)
const parentIfName = "dm-dummy0"
n.CreateMasterDummy(ctx, t, parentIfName)
defer n.DeleteInterface(ctx, t, parentIfName)
const netName = "macvlan-dns-net"
testcases := []struct {
name string
parent string
internal bool
expDNS bool
}{
{
name: "with parent",
parent: parentIfName,
// External DNS should be used (even though the network has no external connectivity).
expDNS: true,
},
{
name: "no parent",
// External DNS should not be used, equivalent to '--internal'.
},
{
name: "with parent, internal",
parent: parentIfName,
internal: true,
expDNS: false,
},
}
for _, tc := range testcases {
t.Run(tc.name, func(t *testing.T) {
ctx := testutil.StartSpan(ctx, t)
createOpts := []func(*types.NetworkCreate){
net.WithMacvlan(tc.parent),
}
if tc.internal {
createOpts = append(createOpts, net.WithInternal())
}
net.CreateNoError(ctx, t, c, netName, createOpts...)
defer c.NetworkRemove(ctx, netName)
ctrId := container.Run(ctx, t, c, container.WithNetworkMode(netName))
defer c.ContainerRemove(ctx, ctrId, containertypes.RemoveOptions{Force: true})
res, err := container.Exec(ctx, c, ctrId, []string{"nslookup", "test.example"})
assert.NilError(t, err)
if tc.expDNS {
assert.Check(t, is.Equal(res.ExitCode, 0))
assert.Check(t, is.Contains(res.Stdout(), net.DNSRespAddr))
} else {
assert.Check(t, is.Equal(res.ExitCode, 1))
assert.Check(t, is.Contains(res.Stdout(), "SERVFAIL"))
}
})
}
}

67
integration/networking/bridge_test.go
View file

@ -4,7 +4,6 @@ import (
"context"
"fmt"
"regexp"
"strings"
"testing"
"time"
@ -612,8 +611,8 @@ func TestInternalNwConnectivity(t *testing.T) {
assert.Check(t, is.Contains(res.Stderr(), "Network is unreachable"))
}
// Check that the container's interfaces have no IPv6 address when IPv6 is
// disabled in a container via sysctl (including 'lo').
// Check that the container's interface has no IPv6 address when IPv6 is
// disabled in a container via sysctl.
func TestDisableIPv6Addrs(t *testing.T) {
skip.If(t, testEnv.DaemonInfo.OSType == "windows")
@ -676,65 +675,3 @@ func TestDisableIPv6Addrs(t *testing.T) {
})
}
}
// Check that an interface to an '--ipv6=false' network has no IPv6
// address - either IPAM assigned, or kernel-assigned LL, but the loopback
// interface does still have an IPv6 address ('::1').
func TestNonIPv6Network(t *testing.T) {
skip.If(t, testEnv.DaemonInfo.OSType == "windows")
ctx := setupTest(t)
d := daemon.New(t)
d.StartWithBusybox(ctx, t)
defer d.Stop(t)
c := d.NewClientT(t)
defer c.Close()
const netName = "testnet"
network.CreateNoError(ctx, t, c, netName)
defer network.RemoveNoError(ctx, t, c, netName)
id := container.Run(ctx, t, c, container.WithNetworkMode(netName))
defer c.ContainerRemove(ctx, id, containertypes.RemoveOptions{Force: true})
loRes := container.ExecT(ctx, t, c, id, []string{"ip", "a", "show", "dev", "lo"})
assert.Check(t, is.Contains(loRes.Combined(), " inet "))
assert.Check(t, is.Contains(loRes.Combined(), " inet6 "))
eth0Res := container.ExecT(ctx, t, c, id, []string{"ip", "a", "show", "dev", "eth0"})
assert.Check(t, is.Contains(eth0Res.Combined(), " inet "))
assert.Check(t, !strings.Contains(eth0Res.Combined(), " inet6 "),
"result.Combined(): %s", eth0Res.Combined())
sysctlRes := container.ExecT(ctx, t, c, id, []string{"sysctl", "-n", "net.ipv6.conf.eth0.disable_ipv6"})
assert.Check(t, is.Equal(strings.TrimSpace(sysctlRes.Combined()), "1"))
}
// Test that it's possible to set a sysctl on an interface in the container.
// Regression test for https://github.com/moby/moby/issues/47619
func TestSetInterfaceSysctl(t *testing.T) {
skip.If(t, testEnv.DaemonInfo.OSType == "windows", "no sysctl on Windows")
ctx := setupTest(t)
d := daemon.New(t)
d.StartWithBusybox(ctx, t)
defer d.Stop(t)
c := d.NewClientT(t)
defer c.Close()
const scName = "net.ipv4.conf.eth0.forwarding"
opts := []func(config *container.TestContainerConfig){
container.WithCmd("sysctl", scName),
container.WithSysctls(map[string]string{scName: "1"}),
}
runRes := container.RunAttach(ctx, t, c, opts...)
defer c.ContainerRemove(ctx, runRes.ContainerID,
containertypes.RemoveOptions{Force: true},
)
stdout := runRes.Stdout.String()
assert.Check(t, is.Contains(stdout, scName))
}

96
integration/networking/resolvconf_test.go
View file

@ -1,20 +1,38 @@
package networking
import (
"context"
"net"
"os"
"strings"
"testing"
"time"
containertypes "github.com/docker/docker/api/types/container"
"github.com/docker/docker/integration/internal/container"
"github.com/docker/docker/integration/internal/network"
"github.com/docker/docker/testutil/daemon"
"github.com/miekg/dns"
"gotest.tools/v3/assert"
is "gotest.tools/v3/assert/cmp"
"gotest.tools/v3/skip"
)
// writeTempResolvConf writes a resolv.conf that only contains a single
// nameserver line, with address addr.
// It returns the name of the temp file.
func writeTempResolvConf(t *testing.T, addr string) string {
t.Helper()
// Not using t.TempDir() here because in rootless mode, while the temporary
// directory gets mode 0777, it's a subdir of an 0700 directory owned by root.
// So, it's not accessible by the daemon.
f, err := os.CreateTemp("", "resolv.conf")
assert.NilError(t, err)
t.Cleanup(func() { os.Remove(f.Name()) })
err = f.Chmod(0644)
assert.NilError(t, err)
f.Write([]byte("nameserver " + addr + "\n"))
return f.Name()
}
// Regression test for https://github.com/moby/moby/issues/46968
func TestResolvConfLocalhostIPv6(t *testing.T) {
// No "/etc/resolv.conf" on Windows.
@ -22,7 +40,7 @@ func TestResolvConfLocalhostIPv6(t *testing.T) {
ctx := setupTest(t)
tmpFileName := network.WriteTempResolvConf(t, "127.0.0.53")
tmpFileName := writeTempResolvConf(t, "127.0.0.53")
d := daemon.New(t, daemon.WithEnvVars("DOCKER_TEST_RESOLV_CONF_PATH="+tmpFileName))
d.StartWithBusybox(ctx, t, "--experimental", "--ip6tables")
@ -63,6 +81,43 @@ options ndots:0
`))
}
const dnsRespAddr = "10.11.12.13"
// startDaftDNS starts and returns a really, really daft DNS server that only
// responds to type-A requests, and always with address dnsRespAddr.
func startDaftDNS(t *testing.T, addr string) *dns.Server {
serveDNS := func(w dns.ResponseWriter, query *dns.Msg) {
if query.Question[0].Qtype == dns.TypeA {
resp := &dns.Msg{}
resp.SetReply(query)
answer := &dns.A{
Hdr: dns.RR_Header{
Name: query.Question[0].Name,
Rrtype: dns.TypeA,
Class: dns.ClassINET,
Ttl: 600,
},
}
answer.A = net.ParseIP(dnsRespAddr)
resp.Answer = append(resp.Answer, answer)
_ = w.WriteMsg(resp)
}
}
conn, err := net.ListenUDP("udp", &net.UDPAddr{
IP: net.ParseIP(addr),
Port: 53,
})
assert.NilError(t, err)
server := &dns.Server{Handler: dns.HandlerFunc(serveDNS), PacketConn: conn}
go func() {
_ = server.ActivateAndServe()
}()
return server
}
// Check that when a container is connected to an internal network, DNS
// requests sent to daemon's internal DNS resolver are not forwarded to
// an upstream resolver listening on a localhost address.
@ -73,10 +128,11 @@ func TestInternalNetworkDNS(t *testing.T) {
ctx := setupTest(t)
// Start a DNS server on the loopback interface.
network.StartDaftDNS(t, "127.0.0.1")
server := startDaftDNS(t, "127.0.0.1")
defer server.Shutdown()
// Set up a temp resolv.conf pointing at that DNS server, and a daemon using it.
tmpFileName := network.WriteTempResolvConf(t, "127.0.0.1")
tmpFileName := writeTempResolvConf(t, "127.0.0.1")
d := daemon.New(t, daemon.WithEnvVars("DOCKER_TEST_RESOLV_CONF_PATH="+tmpFileName))
d.StartWithBusybox(ctx, t, "--experimental", "--ip6tables")
defer d.Stop(t)
@ -104,7 +160,7 @@ func TestInternalNetworkDNS(t *testing.T) {
res, err := container.Exec(ctx, c, ctrId, []string{"nslookup", "test.example"})
assert.NilError(t, err)
assert.Check(t, is.Equal(res.ExitCode, 0))
assert.Check(t, is.Contains(res.Stdout(), network.DNSRespAddr))
assert.Check(t, is.Contains(res.Stdout(), dnsRespAddr))
// Connect the container to the internal network as well.
// External DNS should still be used.
@ -113,7 +169,7 @@ func TestInternalNetworkDNS(t *testing.T) {
res, err = container.Exec(ctx, c, ctrId, []string{"nslookup", "test.example"})
assert.NilError(t, err)
assert.Check(t, is.Equal(res.ExitCode, 0))
assert.Check(t, is.Contains(res.Stdout(), network.DNSRespAddr))
assert.Check(t, is.Contains(res.Stdout(), dnsRespAddr))
// Disconnect from the external network.
// Expect no access to the external DNS.
@ -131,29 +187,5 @@ func TestInternalNetworkDNS(t *testing.T) {
res, err = container.Exec(ctx, c, ctrId, []string{"nslookup", "test.example"})
assert.NilError(t, err)
assert.Check(t, is.Equal(res.ExitCode, 0))
assert.Check(t, is.Contains(res.Stdout(), network.DNSRespAddr))
}
// TestNslookupWindows checks that nslookup gets results from external DNS.
// Regression test for https://github.com/moby/moby/issues/46792
func TestNslookupWindows(t *testing.T) {
skip.If(t, testEnv.DaemonInfo.OSType != "windows")
ctx := setupTest(t)
c := testEnv.APIClient()
attachCtx, cancel := context.WithTimeout(ctx, 5*time.Second)
defer cancel()
res := container.RunAttach(attachCtx, t, c,
container.WithCmd("nslookup", "docker.com"),
)
defer c.ContainerRemove(ctx, res.ContainerID, containertypes.RemoveOptions{Force: true})
assert.Check(t, is.Equal(res.ExitCode, 0))
// Current default is to not-forward requests to external servers, which
// can only be changed in daemon.json using feature flag "windows-dns-proxy".
// So, expect the lookup to fail...
assert.Check(t, is.Contains(res.Stderr.String(), "Server failed"))
// When the default behaviour is changed, nslookup should succeed...
//assert.Check(t, is.Contains(res.Stdout.String(), "Addresses:"))
assert.Check(t, is.Contains(res.Stdout(), dnsRespAddr))
}

14
libnetwork/cnmallocator/allocator_test.go
View file

@ -1,14 +0,0 @@
package cnmallocator
import (
"runtime"
"testing"
"github.com/moby/swarmkit/v2/manager/allocator"
"gotest.tools/v3/skip"
)
func TestAllocator(t *testing.T) {
skip.If(t, runtime.GOOS == "windows", "Allocator tests are hardcoded to use Linux network driver names")
allocator.RunAllocatorTests(t, NewProvider(nil))
}

789
libnetwork/cnmallocator/networkallocator_test.go
View file

@ -1,789 +0,0 @@
package cnmallocator
import (
"fmt"
"net"
"testing"
"github.com/docker/docker/libnetwork/types"
"github.com/moby/swarmkit/v2/api"
"github.com/moby/swarmkit/v2/manager/allocator/networkallocator"
"gotest.tools/v3/assert"
is "gotest.tools/v3/assert/cmp"
)
func newNetworkAllocator(t *testing.T) networkallocator.NetworkAllocator {
na, err := (&Provider{}).NewAllocator(nil)
assert.Check(t, err)
assert.Check(t, na != nil)
return na
}
func TestNew(t *testing.T) {
newNetworkAllocator(t)
}
func TestAllocateInvalidIPAM(t *testing.T) {
na := newNetworkAllocator(t)
n := &api.Network{
ID: "testID",
Spec: api.NetworkSpec{
Annotations: api.Annotations{
Name: "test",
},
DriverConfig: &api.Driver{},
IPAM: &api.IPAMOptions{
Driver: &api.Driver{
Name: "invalidipam,",
},
},
},
}
err := na.Allocate(n)
assert.Check(t, is.ErrorContains(err, ""))
}
func TestAllocateInvalidDriver(t *testing.T) {
na := newNetworkAllocator(t)
n := &api.Network{
ID: "testID",
Spec: api.NetworkSpec{
Annotations: api.Annotations{
Name: "test",
},
DriverConfig: &api.Driver{
Name: "invaliddriver",
},
},
}
err := na.Allocate(n)
assert.Check(t, is.ErrorContains(err, ""))
}
func TestNetworkDoubleAllocate(t *testing.T) {
na := newNetworkAllocator(t)
n := &api.Network{
ID: "testID",
Spec: api.NetworkSpec{
Annotations: api.Annotations{
Name: "test",
},
},
}
err := na.Allocate(n)
assert.Check(t, err)
err = na.Allocate(n)
assert.Check(t, is.ErrorContains(err, ""))
}
func TestAllocateEmptyConfig(t *testing.T) {
na1 := newNetworkAllocator(t)
na2 := newNetworkAllocator(t)
n1 := &api.Network{
ID: "testID1",
Spec: api.NetworkSpec{
Annotations: api.Annotations{
Name: "test1",
},
},
}
n2 := &api.Network{
ID: "testID2",
Spec: api.NetworkSpec{
Annotations: api.Annotations{
Name: "test2",
},
},
}
err := na1.Allocate(n1)
assert.Check(t, err)
assert.Check(t, n1.IPAM.Configs != nil)
assert.Check(t, is.Equal(len(n1.IPAM.Configs), 1))
assert.Check(t, is.Equal(n1.IPAM.Configs[0].Range, ""))
assert.Check(t, is.Equal(len(n1.IPAM.Configs[0].Reserved), 0))
_, subnet11, err := net.ParseCIDR(n1.IPAM.Configs[0].Subnet)
assert.Check(t, err)
gwip11 := net.ParseIP(n1.IPAM.Configs[0].Gateway)
assert.Check(t, gwip11 != nil)
err = na1.Allocate(n2)
assert.Check(t, err)
assert.Check(t, n2.IPAM.Configs != nil)
assert.Check(t, is.Equal(len(n2.IPAM.Configs), 1))
assert.Check(t, is.Equal(n2.IPAM.Configs[0].Range, ""))
assert.Check(t, is.Equal(len(n2.IPAM.Configs[0].Reserved), 0))
_, subnet21, err := net.ParseCIDR(n2.IPAM.Configs[0].Subnet)
assert.Check(t, err)
gwip21 := net.ParseIP(n2.IPAM.Configs[0].Gateway)
assert.Check(t, gwip21 != nil)
// Allocate n1 ans n2 with another allocator instance but in
// intentionally reverse order.
err = na2.Allocate(n2)
assert.Check(t, err)
assert.Check(t, n2.IPAM.Configs != nil)
assert.Check(t, is.Equal(len(n2.IPAM.Configs), 1))
assert.Check(t, is.Equal(n2.IPAM.Configs[0].Range, ""))
assert.Check(t, is.Equal(len(n2.IPAM.Configs[0].Reserved), 0))
_, subnet22, err := net.ParseCIDR(n2.IPAM.Configs[0].Subnet)
assert.Check(t, err)
assert.Check(t, is.DeepEqual(subnet21, subnet22))
gwip22 := net.ParseIP(n2.IPAM.Configs[0].Gateway)
assert.Check(t, is.DeepEqual(gwip21, gwip22))
err = na2.Allocate(n1)
assert.Check(t, err)
assert.Check(t, n1.IPAM.Configs != nil)
assert.Check(t, is.Equal(len(n1.IPAM.Configs), 1))
assert.Check(t, is.Equal(n1.IPAM.Configs[0].Range, ""))
assert.Check(t, is.Equal(len(n1.IPAM.Configs[0].Reserved), 0))
_, subnet12, err := net.ParseCIDR(n1.IPAM.Configs[0].Subnet)
assert.Check(t, err)
assert.Check(t, is.DeepEqual(subnet11, subnet12))
gwip12 := net.ParseIP(n1.IPAM.Configs[0].Gateway)
assert.Check(t, is.DeepEqual(gwip11, gwip12))
}
func TestAllocateWithOneSubnet(t *testing.T) {
na := newNetworkAllocator(t)
n := &api.Network{
ID: "testID",
Spec: api.NetworkSpec{
Annotations: api.Annotations{
Name: "test",
},
DriverConfig: &api.Driver{},
IPAM: &api.IPAMOptions{
Driver: &api.Driver{},
Configs: []*api.IPAMConfig{
{
Subnet: "192.168.1.0/24",
},
},
},
},
}
err := na.Allocate(n)
assert.Check(t, err)
assert.Check(t, is.Equal(len(n.IPAM.Configs), 1))
assert.Check(t, is.Equal(n.IPAM.Configs[0].Range, ""))
assert.Check(t, is.Equal(len(n.IPAM.Configs[0].Reserved), 0))
assert.Check(t, is.Equal(n.IPAM.Configs[0].Subnet, "192.168.1.0/24"))
ip := net.ParseIP(n.IPAM.Configs[0].Gateway)
assert.Check(t, ip != nil)
}
func TestAllocateWithOneSubnetGateway(t *testing.T) {
na := newNetworkAllocator(t)
n := &api.Network{
ID: "testID",
Spec: api.NetworkSpec{
Annotations: api.Annotations{
Name: "test",
},
DriverConfig: &api.Driver{},
IPAM: &api.IPAMOptions{
Driver: &api.Driver{},
Configs: []*api.IPAMConfig{
{
Subnet: "192.168.1.0/24",
Gateway: "192.168.1.1",
},
},
},
},
}
err := na.Allocate(n)
assert.Check(t, err)
assert.Check(t, is.Equal(len(n.IPAM.Configs), 1))
assert.Check(t, is.Equal(n.IPAM.Configs[0].Range, ""))
assert.Check(t, is.Equal(len(n.IPAM.Configs[0].Reserved), 0))
assert.Check(t, is.Equal(n.IPAM.Configs[0].Subnet, "192.168.1.0/24"))
assert.Check(t, is.Equal(n.IPAM.Configs[0].Gateway, "192.168.1.1"))
}
func TestAllocateWithOneSubnetInvalidGateway(t *testing.T) {
na := newNetworkAllocator(t)
n := &api.Network{
ID: "testID",
Spec: api.NetworkSpec{
Annotations: api.Annotations{
Name: "test",
},
DriverConfig: &api.Driver{},
IPAM: &api.IPAMOptions{
Driver: &api.Driver{},
Configs: []*api.IPAMConfig{
{
Subnet: "192.168.1.0/24",
Gateway: "192.168.2.1",
},
},
},
},
}
err := na.Allocate(n)
assert.Check(t, is.ErrorContains(err, ""))
}
// TestAllocateWithSmallSubnet validates that /32 subnets don't produce an error,
// as /31 and /32 subnets are supported by docker daemon, starting with
// https://github.com/moby/moby/commit/3a938df4b570aad3bfb4d5342379582e872fc1a3,
func TestAllocateWithSmallSubnet(t *testing.T) {
na := newNetworkAllocator(t)
n := &api.Network{
ID: "testID",
Spec: api.NetworkSpec{
Annotations: api.Annotations{
Name: "test",
},
DriverConfig: &api.Driver{},
IPAM: &api.IPAMOptions{
Driver: &api.Driver{},
Configs: []*api.IPAMConfig{
{
Subnet: "1.1.1.1/32",
},
},
},
},
}
err := na.Allocate(n)
assert.Check(t, err)
}
func TestAllocateWithTwoSubnetsNoGateway(t *testing.T) {
na := newNetworkAllocator(t)
n := &api.Network{
ID: "testID",
Spec: api.NetworkSpec{
Annotations: api.Annotations{
Name: "test",
},
DriverConfig: &api.Driver{},
IPAM: &api.IPAMOptions{
Driver: &api.Driver{},
Configs: []*api.IPAMConfig{
{
Subnet: "192.168.1.0/24",
},
{
Subnet: "192.168.2.0/24",
},
},
},
},
}
err := na.Allocate(n)
assert.Check(t, err)
assert.Check(t, is.Equal(len(n.IPAM.Configs), 2))
assert.Check(t, is.Equal(n.IPAM.Configs[0].Range, ""))
assert.Check(t, is.Equal(len(n.IPAM.Configs[0].Reserved), 0))
assert.Check(t, is.Equal(n.IPAM.Configs[0].Subnet, "192.168.1.0/24"))
assert.Check(t, is.Equal(n.IPAM.Configs[1].Range, ""))
assert.Check(t, is.Equal(len(n.IPAM.Configs[1].Reserved), 0))
assert.Check(t, is.Equal(n.IPAM.Configs[1].Subnet, "192.168.2.0/24"))
ip := net.ParseIP(n.IPAM.Configs[0].Gateway)
assert.Check(t, ip != nil)
ip = net.ParseIP(n.IPAM.Configs[1].Gateway)
assert.Check(t, ip != nil)
}
func TestFree(t *testing.T) {
na := newNetworkAllocator(t)
n := &api.Network{
ID: "testID",
Spec: api.NetworkSpec{
Annotations: api.Annotations{
Name: "test",
},
DriverConfig: &api.Driver{},
IPAM: &api.IPAMOptions{
Driver: &api.Driver{},
Configs: []*api.IPAMConfig{
{
Subnet: "192.168.1.0/24",
Gateway: "192.168.1.1",
},
},
},
},
}
err := na.Allocate(n)
assert.Check(t, err)
err = na.Deallocate(n)
assert.Check(t, err)
// Reallocate again to make sure it succeeds.
err = na.Allocate(n)
assert.Check(t, err)
}
func TestAllocateTaskFree(t *testing.T) {
na1 := newNetworkAllocator(t)
na2 := newNetworkAllocator(t)
n1 := &api.Network{
ID: "testID1",
Spec: api.NetworkSpec{
Annotations: api.Annotations{
Name: "test1",
},
DriverConfig: &api.Driver{},
IPAM: &api.IPAMOptions{
Driver: &api.Driver{},
Configs: []*api.IPAMConfig{
{
Subnet: "192.168.1.0/24",
Gateway: "192.168.1.1",
},
},
},
},
}
n2 := &api.Network{
ID: "testID2",
Spec: api.NetworkSpec{
Annotations: api.Annotations{
Name: "test2",
},
DriverConfig: &api.Driver{},
IPAM: &api.IPAMOptions{
Driver: &api.Driver{},
Configs: []*api.IPAMConfig{
{
Subnet: "192.168.2.0/24",
Gateway: "192.168.2.1",
},
},
},
},
}
task1 := &api.Task{
Networks: []*api.NetworkAttachment{
{
Network: n1,
},
{
Network: n2,
},
},
}
task2 := &api.Task{
Networks: []*api.NetworkAttachment{
{
Network: n1,
},
{
Network: n2,
},
},
}
err := na1.Allocate(n1)
assert.Check(t, err)
err = na1.Allocate(n2)
assert.Check(t, err)
err = na1.AllocateTask(task1)
assert.Check(t, err)
assert.Check(t, is.Equal(len(task1.Networks[0].Addresses), 1))
assert.Check(t, is.Equal(len(task1.Networks[1].Addresses), 1))
_, subnet1, _ := net.ParseCIDR("192.168.1.0/24")
_, subnet2, _ := net.ParseCIDR("192.168.2.0/24")
// variable coding: network/task/allocator
ip111, _, err := net.ParseCIDR(task1.Networks[0].Addresses[0])
assert.Check(t, err)
ip211, _, err := net.ParseCIDR(task1.Networks[1].Addresses[0])
assert.Check(t, err)
assert.Check(t, is.Equal(subnet1.Contains(ip111), true))
assert.Check(t, is.Equal(subnet2.Contains(ip211), true))
err = na1.AllocateTask(task2)
assert.Check(t, err)
assert.Check(t, is.Equal(len(task2.Networks[0].Addresses), 1))
assert.Check(t, is.Equal(len(task2.Networks[1].Addresses), 1))
ip121, _, err := net.ParseCIDR(task2.Networks[0].Addresses[0])
assert.Check(t, err)
ip221, _, err := net.ParseCIDR(task2.Networks[1].Addresses[0])
assert.Check(t, err)
assert.Check(t, is.Equal(subnet1.Contains(ip121), true))
assert.Check(t, is.Equal(subnet2.Contains(ip221), true))
// Now allocate the same the same tasks in a second allocator
// but intentionally in reverse order.
err = na2.Allocate(n1)
assert.Check(t, err)
err = na2.Allocate(n2)
assert.Check(t, err)
err = na2.AllocateTask(task2)
assert.Check(t, err)
assert.Check(t, is.Equal(len(task2.Networks[0].Addresses), 1))
assert.Check(t, is.Equal(len(task2.Networks[1].Addresses), 1))
ip122, _, err := net.ParseCIDR(task2.Networks[0].Addresses[0])
assert.Check(t, err)
ip222, _, err := net.ParseCIDR(task2.Networks[1].Addresses[0])
assert.Check(t, err)
assert.Check(t, is.Equal(subnet1.Contains(ip122), true))
assert.Check(t, is.Equal(subnet2.Contains(ip222), true))
assert.Check(t, is.DeepEqual(ip121, ip122))
assert.Check(t, is.DeepEqual(ip221, ip222))
err = na2.AllocateTask(task1)
assert.Check(t, err)
assert.Check(t, is.Equal(len(task1.Networks[0].Addresses), 1))
assert.Check(t, is.Equal(len(task1.Networks[1].Addresses), 1))
ip112, _, err := net.ParseCIDR(task1.Networks[0].Addresses[0])
assert.Check(t, err)
ip212, _, err := net.ParseCIDR(task1.Networks[1].Addresses[0])
assert.Check(t, err)
assert.Check(t, is.Equal(subnet1.Contains(ip112), true))
assert.Check(t, is.Equal(subnet2.Contains(ip212), true))
assert.Check(t, is.DeepEqual(ip111, ip112))
assert.Check(t, is.DeepEqual(ip211, ip212))
// Deallocate task
err = na1.DeallocateTask(task1)
assert.Check(t, err)
assert.Check(t, is.Equal(len(task1.Networks[0].Addresses), 0))
assert.Check(t, is.Equal(len(task1.Networks[1].Addresses), 0))
// Try allocation after free
err = na1.AllocateTask(task1)
assert.Check(t, err)
assert.Check(t, is.Equal(len(task1.Networks[0].Addresses), 1))
assert.Check(t, is.Equal(len(task1.Networks[1].Addresses), 1))
ip111, _, err = net.ParseCIDR(task1.Networks[0].Addresses[0])
assert.Check(t, err)
ip211, _, err = net.ParseCIDR(task1.Networks[1].Addresses[0])
assert.Check(t, err)
assert.Check(t, is.Equal(subnet1.Contains(ip111), true))
assert.Check(t, is.Equal(subnet2.Contains(ip211), true))
err = na1.DeallocateTask(task1)
assert.Check(t, err)
assert.Check(t, is.Equal(len(task1.Networks[0].Addresses), 0))
assert.Check(t, is.Equal(len(task1.Networks[1].Addresses), 0))
// Try to free endpoints on an already freed task
err = na1.DeallocateTask(task1)
assert.Check(t, err)
}
func TestAllocateService(t *testing.T) {
na := newNetworkAllocator(t)
n := &api.Network{
ID: "testID",
Spec: api.NetworkSpec{
Annotations: api.Annotations{
Name: "test",
},
},
}
s := &api.Service{
ID: "testID1",
Spec: api.ServiceSpec{
Task: api.TaskSpec{
Networks: []*api.NetworkAttachmentConfig{
{
Target: "testID",
},
},
},
Endpoint: &api.EndpointSpec{
Ports: []*api.PortConfig{
{
Name: "http",
TargetPort: 80,
},
{
Name: "https",
TargetPort: 443,
},
},
},
},
}
err := na.Allocate(n)
assert.Check(t, err)
assert.Check(t, n.IPAM.Configs != nil)
assert.Check(t, is.Equal(len(n.IPAM.Configs), 1))
assert.Check(t, is.Equal(n.IPAM.Configs[0].Range, ""))
assert.Check(t, is.Equal(len(n.IPAM.Configs[0].Reserved), 0))
_, subnet, err := net.ParseCIDR(n.IPAM.Configs[0].Subnet)
assert.Check(t, err)
gwip := net.ParseIP(n.IPAM.Configs[0].Gateway)
assert.Check(t, gwip != nil)
err = na.AllocateService(s)
assert.Check(t, err)
assert.Check(t, is.Len(s.Endpoint.Ports, 0)) // Network allocator is not responsible for allocating ports.
assert.Check(t, is.Equal(1, len(s.Endpoint.VirtualIPs)))
assert.Check(t, is.DeepEqual(s.Endpoint.Spec, s.Spec.Endpoint))
ip, _, err := net.ParseCIDR(s.Endpoint.VirtualIPs[0].Addr)
assert.Check(t, err)
assert.Check(t, is.Equal(true, subnet.Contains(ip)))
}
func TestDeallocateServiceAllocateIngressMode(t *testing.T) {
na := newNetworkAllocator(t)
n := &api.Network{
ID: "testNetID1",
Spec: api.NetworkSpec{
Annotations: api.Annotations{
Name: "test",
},
Ingress: true,
},
}
err := na.Allocate(n)
assert.Check(t, err)
s := &api.Service{
ID: "testID1",
Spec: api.ServiceSpec{
Endpoint: &api.EndpointSpec{
Ports: []*api.PortConfig{
{
Name: "some_tcp",
TargetPort: 1234,
PublishedPort: 1234,
PublishMode: api.PublishModeIngress,
},
},
},
},
Endpoint: &api.Endpoint{},
}
s.Endpoint.VirtualIPs = append(s.Endpoint.VirtualIPs,
&api.Endpoint_VirtualIP{NetworkID: n.ID})
err = na.AllocateService(s)
assert.Check(t, err)
assert.Check(t, is.Len(s.Endpoint.VirtualIPs, 1))
err = na.DeallocateService(s)
assert.Check(t, err)
assert.Check(t, is.Len(s.Endpoint.Ports, 0))
assert.Check(t, is.Len(s.Endpoint.VirtualIPs, 0))
// Allocate again.
s.Endpoint.VirtualIPs = append(s.Endpoint.VirtualIPs,
&api.Endpoint_VirtualIP{NetworkID: n.ID})
err = na.AllocateService(s)
assert.Check(t, err)
assert.Check(t, is.Len(s.Endpoint.VirtualIPs, 1))
}
func TestServiceNetworkUpdate(t *testing.T) {
na := newNetworkAllocator(t)
n1 := &api.Network{
ID: "testID1",
Spec: api.NetworkSpec{
Annotations: api.Annotations{
Name: "test",
},
},
}
n2 := &api.Network{
ID: "testID2",
Spec: api.NetworkSpec{
Annotations: api.Annotations{
Name: "test2",
},
},
}
// Allocate both networks
err := na.Allocate(n1)
assert.Check(t, err)
err = na.Allocate(n2)
assert.Check(t, err)
// Attach a network to a service spec nd allocate a service
s := &api.Service{
ID: "testID1",
Spec: api.ServiceSpec{
Task: api.TaskSpec{
Networks: []*api.NetworkAttachmentConfig{
{
Target: "testID1",
},
},
},
Endpoint: &api.EndpointSpec{
Mode: api.ResolutionModeVirtualIP,
},
},
}
err = na.AllocateService(s)
assert.Check(t, err)
assert.Check(t, na.IsServiceAllocated(s))
assert.Check(t, is.Len(s.Endpoint.VirtualIPs, 1))
// Now update the same service with another network
s.Spec.Task.Networks = append(s.Spec.Task.Networks, &api.NetworkAttachmentConfig{Target: "testID2"})
assert.Check(t, !na.IsServiceAllocated(s))
err = na.AllocateService(s)
assert.Check(t, err)
assert.Check(t, na.IsServiceAllocated(s))
assert.Check(t, is.Len(s.Endpoint.VirtualIPs, 2))
s.Spec.Task.Networks = s.Spec.Task.Networks[:1]
// Check if service needs update and allocate with updated service spec
assert.Check(t, !na.IsServiceAllocated(s))
err = na.AllocateService(s)
assert.Check(t, err)
assert.Check(t, na.IsServiceAllocated(s))
assert.Check(t, is.Len(s.Endpoint.VirtualIPs, 1))
s.Spec.Task.Networks = s.Spec.Task.Networks[:0]
// Check if service needs update with all the networks removed and allocate with updated service spec
assert.Check(t, !na.IsServiceAllocated(s))
err = na.AllocateService(s)
assert.Check(t, err)
assert.Check(t, na.IsServiceAllocated(s))
assert.Check(t, is.Len(s.Endpoint.VirtualIPs, 0))
// Attach a network and allocate service
s.Spec.Task.Networks = append(s.Spec.Task.Networks, &api.NetworkAttachmentConfig{Target: "testID2"})
assert.Check(t, !na.IsServiceAllocated(s))
err = na.AllocateService(s)
assert.Check(t, err)
assert.Check(t, na.IsServiceAllocated(s))
assert.Check(t, is.Len(s.Endpoint.VirtualIPs, 1))
}
type mockIpam struct {
actualIpamOptions map[string]string
}
func (a *mockIpam) GetDefaultAddressSpaces() (string, string, error) {
return "defaultAS", "defaultAS", nil
}
func (a *mockIpam) RequestPool(addressSpace, pool, subPool string, options map[string]string, v6 bool) (string, *net.IPNet, map[string]string, error) {
a.actualIpamOptions = options
poolCidr, _ := types.ParseCIDR(pool)
return fmt.Sprintf("%s/%s", "defaultAS", pool), poolCidr, nil, nil
}
func (a *mockIpam) ReleasePool(poolID string) error {
return nil
}
func (a *mockIpam) RequestAddress(poolID string, ip net.IP, opts map[string]string) (*net.IPNet, map[string]string, error) {
return nil, nil, nil
}
func (a *mockIpam) ReleaseAddress(poolID string, ip net.IP) error {
return nil
}
func (a *mockIpam) IsBuiltIn() bool {
return true
}
func TestCorrectlyPassIPAMOptions(t *testing.T) {
var err error
expectedIpamOptions := map[string]string{"network-name": "freddie"}
na := newNetworkAllocator(t)
ipamDriver := &mockIpam{}
err = na.(*cnmNetworkAllocator).ipamRegistry.RegisterIpamDriver("mockipam", ipamDriver)
assert.Check(t, err)
n := &api.Network{
ID: "testID",
Spec: api.NetworkSpec{
Annotations: api.Annotations{
Name: "test",
},
DriverConfig: &api.Driver{},
IPAM: &api.IPAMOptions{
Driver: &api.Driver{
Name: "mockipam",
Options: expectedIpamOptions,
},
Configs: []*api.IPAMConfig{
{
Subnet: "192.168.1.0/24",
Gateway: "192.168.1.1",
},
},
},
},
}
err = na.Allocate(n)
assert.Check(t, is.DeepEqual(expectedIpamOptions, ipamDriver.actualIpamOptions))
assert.Check(t, err)
}

91
libnetwork/cnmallocator/provider.go
View file

@ -1,91 +0,0 @@
package cnmallocator
import (
"strings"
"github.com/docker/docker/libnetwork/driverapi"
"github.com/docker/docker/libnetwork/drivers/overlay/overlayutils"
"github.com/docker/docker/libnetwork/ipamapi"
"github.com/docker/docker/pkg/plugingetter"
"github.com/moby/swarmkit/v2/api"
"github.com/moby/swarmkit/v2/manager/allocator/networkallocator"
"google.golang.org/grpc/codes"
"google.golang.org/grpc/status"
)
type Provider struct {
pg plugingetter.PluginGetter
}
var _ networkallocator.Provider = &Provider{}
// NewProvider returns a new cnmallocator provider.
func NewProvider(pg plugingetter.PluginGetter) *Provider {
return &Provider{pg: pg}
}
// ValidateIPAMDriver implements networkallocator.NetworkProvider.
func (p *Provider) ValidateIPAMDriver(driver *api.Driver) error {
if driver == nil {
// It is ok to not specify the driver. We will choose
// a default driver.
return nil
}
if driver.Name == "" {
return status.Errorf(codes.InvalidArgument, "driver name: if driver is specified name is required")
}
if strings.ToLower(driver.Name) == ipamapi.DefaultIPAM {
return nil
}
return p.validatePluginDriver(driver, ipamapi.PluginEndpointType)
}
// ValidateIngressNetworkDriver implements networkallocator.NetworkProvider.
func (p *Provider) ValidateIngressNetworkDriver(driver *api.Driver) error {
if driver != nil && driver.Name != "overlay" {
return status.Errorf(codes.Unimplemented, "only overlay driver is currently supported for ingress network")
}
return p.ValidateNetworkDriver(driver)
}
// ValidateNetworkDriver implements networkallocator.NetworkProvider.
func (p *Provider) ValidateNetworkDriver(driver *api.Driver) error {
if driver == nil {
// It is ok to not specify the driver. We will choose
// a default driver.
return nil
}
if driver.Name == "" {
return status.Errorf(codes.InvalidArgument, "driver name: if driver is specified name is required")
}
// First check against the known drivers
if IsBuiltInDriver(driver.Name) {
return nil
}
return p.validatePluginDriver(driver, driverapi.NetworkPluginEndpointType)
}
func (p *Provider) validatePluginDriver(driver *api.Driver, pluginType string) error {
if p.pg == nil {
return status.Errorf(codes.InvalidArgument, "plugin %s not supported", driver.Name)
}
plug, err := p.pg.Get(driver.Name, pluginType, plugingetter.Lookup)
if err != nil {
return status.Errorf(codes.InvalidArgument, "error during lookup of plugin %s", driver.Name)
}
if plug.IsV1() {
return status.Errorf(codes.InvalidArgument, "legacy plugin %s of type %s is not supported in swarm mode", driver.Name, pluginType)
}
return nil
}
func (p *Provider) SetDefaultVXLANUDPPort(port uint32) error {
return overlayutils.ConfigVXLANUDPPort(port)
}

31
libnetwork/cnmallocator/provider_test.go
View file

@ -1,31 +0,0 @@
package cnmallocator
import (
"testing"
"github.com/moby/swarmkit/v2/api"
"github.com/moby/swarmkit/v2/testutils"
"google.golang.org/grpc/codes"
"gotest.tools/v3/assert"
is "gotest.tools/v3/assert/cmp"
)
func TestValidateDriver(t *testing.T) {
p := NewProvider(nil)
for _, tt := range []struct {
name string
validator func(*api.Driver) error
}{
{"IPAM", p.ValidateIPAMDriver},
{"Network", p.ValidateNetworkDriver},
} {
t.Run(tt.name, func(t *testing.T) {
assert.Check(t, tt.validator(nil))
err := tt.validator(&api.Driver{Name: ""})
assert.Check(t, is.ErrorContains(err, ""))
assert.Check(t, is.Equal(codes.InvalidArgument, testutils.ErrorCode(err)))
})
}
}

4
libnetwork/drivers/ipvlan/ipvlan_joinleave.go
View file

@ -122,10 +122,6 @@ func (d *driver) Join(nid, eid string, sboxKey string, jinfo driverapi.JoinInfo,
log.G(context.TODO()).Debugf("Ipvlan Endpoint Joined with IPv6_Addr: %s IpVlan_Mode: %s, Parent: %s",
ep.addrv6.IP.String(), n.config.IpvlanMode, n.config.Parent)
}
// If n.config.Internal was set locally by the driver because there's no parent
// interface, libnetwork doesn't know the network is internal. So, stop it from
// adding a gateway endpoint.
jinfo.DisableGatewayService()
}
iNames := jinfo.InterfaceName()
err = iNames.SetNames(vethName, containerVethPrefix)

1
libnetwork/drivers/ipvlan/ipvlan_network.go
View file

@ -41,7 +41,6 @@ func (d *driver) CreateNetwork(nid string, option map[string]interface{}, nInfo
// if parent interface not specified, create a dummy type link to use named dummy+net_id
if config.Parent == "" {
config.Parent = getDummyName(stringid.TruncateID(config.ID))
config.Internal = true
}
foundExisting, err := d.createNetwork(config)
if err != nil {

4
libnetwork/drivers/macvlan/macvlan_joinleave.go
View file

@ -83,10 +83,6 @@ func (d *driver) Join(nid, eid string, sboxKey string, jinfo driverapi.JoinInfo,
log.G(context.TODO()).Debugf("Macvlan Endpoint Joined with IPv6_Addr: %s MacVlan_Mode: %s, Parent: %s",
ep.addrv6.IP.String(), n.config.MacvlanMode, n.config.Parent)
}
// If n.config.Internal was set locally by the driver because there's no parent
// interface, libnetwork doesn't know the network is internal. So, stop it from
// adding a gateway endpoint.
jinfo.DisableGatewayService()
}
iNames := jinfo.InterfaceName()
err = iNames.SetNames(vethName, containerVethPrefix)

1
libnetwork/drivers/macvlan/macvlan_network.go
View file

@ -31,7 +31,6 @@ func (d *driver) CreateNetwork(nid string, option map[string]interface{}, nInfo
// if parent interface not specified, create a dummy type link to use named dummy+net_id
if config.Parent == "" {
config.Parent = getDummyName(stringid.TruncateID(config.ID))
config.Internal = true
}
foundExisting, err := d.createNetwork(config)
if err != nil {

2
libnetwork/drivers/overlay/joinleave.go
View file

@ -67,7 +67,7 @@ func (d *driver) Join(nid, eid string, sboxKey string, jinfo driverapi.JoinInfo,
veth, err := nlh.LinkByName(overlayIfName)
if err != nil {
return fmt.Errorf("could not find link by name %s: %v", overlayIfName, err)
return fmt.Errorf("cound not find link by name %s: %v", overlayIfName, err)
}
err = nlh.LinkSetMTU(veth, mtu)
if err != nil {

2
libnetwork/drivers/remote/driver.go
View file

@ -406,7 +406,7 @@ func parseStaticRoutes(r api.JoinResponse) ([]*types.StaticRoute, error) {
return routes, nil
}
// parseInterface validates all the parameters of an Interface and returns them.
// parseInterfaces validates all the parameters of an Interface and returns them.
func parseInterface(r api.CreateEndpointResponse) (*api.Interface, error) {
var outIf *api.Interface

23
libnetwork/endpoint.go
View file

@ -11,7 +11,6 @@ import (
"sync"
"github.com/containerd/log"
"github.com/docker/docker/errdefs"
"github.com/docker/docker/internal/sliceutil"
"github.com/docker/docker/libnetwork/datastore"
"github.com/docker/docker/libnetwork/ipamapi"
@ -544,10 +543,6 @@ func (ep *Endpoint) sbJoin(sb *Sandbox, options ...EndpointOption) (err error) {
return err
}
if err = addEpToResolver(context.TODO(), n.Name(), ep.Name(), &sb.config, ep.iface, n.Resolvers()); err != nil {
return errdefs.System(err)
}
if err = n.getController().updateToStore(ep); err != nil {
return err
}
@ -574,12 +569,12 @@ func (ep *Endpoint) sbJoin(sb *Sandbox, options ...EndpointOption) (err error) {
return sb.setupDefaultGW()
}
currentExtEp := sb.getGatewayEndpoint()
// Enable upstream forwarding if the sandbox gained external connectivity.
if sb.resolver != nil {
sb.resolver.SetForwardingPolicy(sb.hasExternalAccess())
sb.resolver.SetForwardingPolicy(currentExtEp != nil)
}
currentExtEp := sb.getGatewayEndpoint()
moveExtConn := currentExtEp != extEp
if moveExtConn {
if extEp != nil {
@ -750,10 +745,6 @@ func (ep *Endpoint) sbLeave(sb *Sandbox, force bool) error {
log.G(context.TODO()).Warnf("Failed to clean up service info on container %s disconnect: %v", ep.name, err)
}
if err := deleteEpFromResolver(ep.Name(), ep.iface, n.Resolvers()); err != nil {
log.G(context.TODO()).Warnf("Failed to clean up resolver info on container %s disconnect: %v", ep.name, err)
}
if err := sb.clearNetworkResources(ep); err != nil {
log.G(context.TODO()).Warnf("Failed to clean up network resources on container %s disconnect: %v", ep.name, err)
}
@ -776,13 +767,13 @@ func (ep *Endpoint) sbLeave(sb *Sandbox, force bool) error {
return sb.setupDefaultGW()
}
// Disable upstream forwarding if the sandbox lost external connectivity.
if sb.resolver != nil {
sb.resolver.SetForwardingPolicy(sb.hasExternalAccess())
}
// New endpoint providing external connectivity for the sandbox
extEp = sb.getGatewayEndpoint()
// Disable upstream forwarding if the sandbox lost external connectivity.
if sb.resolver != nil {
sb.resolver.SetForwardingPolicy(extEp != nil)
}
if moveExtConn && extEp != nil {
log.G(context.TODO()).Debugf("Programming external connectivity on endpoint %s (%s)", extEp.Name(), extEp.ID())
extN, err := extEp.getNetworkFromStore()

25
libnetwork/endpoint_info.go
View file

@ -382,31 +382,6 @@ func (ep *Endpoint) SetGatewayIPv6(gw6 net.IP) error {
return nil
}
// hasGatewayOrDefaultRoute returns true if ep has a gateway, or a route to '0.0.0.0'/'::'.
func (ep *Endpoint) hasGatewayOrDefaultRoute() bool {
ep.mu.Lock()
defer ep.mu.Unlock()
if ep.joinInfo != nil {
if len(ep.joinInfo.gw) > 0 {
return true
}
for _, route := range ep.joinInfo.StaticRoutes {
if route.Destination.IP.IsUnspecified() && net.IP(route.Destination.Mask).IsUnspecified() {
return true
}
}
}
if ep.iface != nil {
for _, route := range ep.iface.routes {
if route.IP.IsUnspecified() && net.IP(route.Mask).IsUnspecified() {
return true
}
}
}
return false
}
func (ep *Endpoint) retrieveFromStore() (*Endpoint, error) {
n, err := ep.getNetworkFromStore()
if err != nil {

8
libnetwork/internal/netiputil/netiputil.go
View file

@ -51,11 +51,3 @@ func SubnetRange(network, subnet netip.Prefix) (start, end uint64) {
end = start + (1 << uint64(subnet.Addr().BitLen()-subnet.Bits())) - 1
return start, end
}
// AddrPortFromNet converts a net.Addr into a netip.AddrPort.
func AddrPortFromNet(addr net.Addr) netip.AddrPort {
if a, ok := addr.(interface{ AddrPort() netip.AddrPort }); ok {
return a.AddrPort()
}
return netip.AddrPort{}
}

13
libnetwork/network.go
View file

@ -192,6 +192,7 @@ type Network struct {
dbExists bool
persist bool
drvOnce *sync.Once
resolverOnce sync.Once //nolint:nolintlint,unused // only used on windows
resolver []*Resolver
internal bool
attachable bool
@ -203,7 +204,6 @@ type Network struct {
configFrom string
loadBalancerIP net.IP
loadBalancerMode string
platformNetwork //nolint:nolintlint,unused // only populated on windows
mu sync.Mutex
}
@ -244,13 +244,6 @@ func (n *Network) Type() string {
return n.networkType
}
func (n *Network) Resolvers() []*Resolver {
n.mu.Lock()
defer n.mu.Unlock()
return n.resolver
}
func (n *Network) Key() []string {
n.mu.Lock()
defer n.mu.Unlock()
@ -2104,6 +2097,10 @@ func (n *Network) ResolveService(ctx context.Context, name string) ([]*net.SRV,
return srv, ip
}
func (n *Network) ExecFunc(f func()) error {
return types.NotImplementedErrorf("ExecFunc not supported by network")
}
func (n *Network) NdotsSet() bool {
return false
}

22
libnetwork/network_unix.go
View file

@ -2,33 +2,13 @@
package libnetwork
import (
"context"
"github.com/docker/docker/libnetwork/ipamapi"
)
type platformNetwork struct{} //nolint:nolintlint,unused // only populated on windows
import "github.com/docker/docker/libnetwork/ipamapi"
// Stub implementations for DNS related functions
func (n *Network) startResolver() {
}
func addEpToResolver(
ctx context.Context,
netName, epName string,
config *containerConfig,
epIface *EndpointInterface,
resolvers []*Resolver,
) error {
return nil
}
func deleteEpFromResolver(epName string, epIface *EndpointInterface, resolvers []*Resolver) error {
return nil
}
func defaultIpamForNetworkType(networkType string) string {
return ipamapi.DefaultIPAM
}

181
libnetwork/network_windows.go
View file

@ -4,12 +4,7 @@ package libnetwork
import (
"context"
"fmt"
"net"
"net/netip"
"runtime"
"strings"
"sync"
"time"
"github.com/Microsoft/hcsshim"
@ -17,14 +12,8 @@ import (
"github.com/docker/docker/libnetwork/drivers/windows"
"github.com/docker/docker/libnetwork/ipamapi"
"github.com/docker/docker/libnetwork/ipams/windowsipam"
"github.com/pkg/errors"
)
type platformNetwork struct {
resolverOnce sync.Once
dnsCompartment uint32
}
func executeInCompartment(compartmentID uint32, x func()) {
runtime.LockOSThread()
@ -39,11 +28,6 @@ func executeInCompartment(compartmentID uint32, x func()) {
x()
}
func (n *Network) ExecFunc(f func()) error {
executeInCompartment(n.dnsCompartment, f)
return nil
}
func (n *Network) startResolver() {
if n.networkType == "ics" {
return
@ -64,10 +48,9 @@ func (n *Network) startResolver() {
for _, subnet := range hnsresponse.Subnets {
if subnet.GatewayAddress != "" {
for i := 0; i < 3; i++ {
resolver := NewResolver(subnet.GatewayAddress, true, n)
resolver := NewResolver(subnet.GatewayAddress, false, n)
log.G(context.TODO()).Debugf("Binding a resolver on network %s gateway %s", n.Name(), subnet.GatewayAddress)
n.dnsCompartment = hnsresponse.DNSServerCompartment
n.ExecFunc(resolver.SetupFunc(53))
executeInCompartment(hnsresponse.DNSServerCompartment, resolver.SetupFunc(53))
if err = resolver.Start(); err != nil {
log.G(context.TODO()).Errorf("Resolver Setup/Start failed for container %s, %q", n.Name(), err)
@ -83,166 +66,6 @@ func (n *Network) startResolver() {
})
}
// addEpToResolver configures the internal DNS resolver for an endpoint.
//
// Windows resolvers don't consistently fall back to a secondary server if they
// get a SERVFAIL from our resolver. So, our resolver needs to forward the query
// upstream.
//
// To retrieve the list of DNS Servers to use for requests originating from an
// endpoint, this method finds the HNSEndpoint represented by the endpoint. If
// HNSEndpoint's list of DNS servers includes the HNSEndpoint's gateway address,
// it's the Resolver running at that address. Other DNS servers in the
// list have either come from config ('--dns') or have been set up by HNS as
// external resolvers, these are the external servers the Resolver should
// use for DNS requests from that endpoint.
func addEpToResolver(
ctx context.Context,
netName, epName string,
config *containerConfig,
epIface *EndpointInterface,
resolvers []*Resolver,
) error {
if config.dnsNoProxy {
return nil
}
hnsEndpoints, err := hcsshim.HNSListEndpointRequest()
if err != nil {
return nil
}
return addEpToResolverImpl(ctx, netName, epName, epIface, resolvers, hnsEndpoints)
}
func addEpToResolverImpl(
ctx context.Context,
netName, epName string,
epIface *EndpointInterface,
resolvers []*Resolver,
hnsEndpoints []hcsshim.HNSEndpoint,
) error {
// Find the HNSEndpoint represented by ep, matching on endpoint address.
hnsEp := findHNSEp(epIface.addr, epIface.addrv6, hnsEndpoints)
if hnsEp == nil || !hnsEp.EnableInternalDNS {
return nil
}
// Find the resolver for that HNSEndpoint, matching on gateway address.
resolver := findResolver(resolvers, hnsEp.GatewayAddress, hnsEp.GatewayAddressV6)
if resolver == nil {
log.G(ctx).WithFields(log.Fields{
"network": netName,
"endpoint": epName,
}).Debug("No internal DNS resolver to configure")
return nil
}
// Get the list of DNS servers HNS has set up for this Endpoint.
var dnsList []extDNSEntry
dnsServers := strings.Split(hnsEp.DNSServerList, ",")
// Create an extDNSEntry for each DNS server, apart from 'resolver' itself.
var foundSelf bool
hnsGw4, _ := netip.ParseAddr(hnsEp.GatewayAddress)
hnsGw6, _ := netip.ParseAddr(hnsEp.GatewayAddressV6)
for _, dnsServer := range dnsServers {
dnsAddr, _ := netip.ParseAddr(dnsServer)
if dnsAddr.IsValid() && (dnsAddr == hnsGw4 || dnsAddr == hnsGw6) {
foundSelf = true
} else {
dnsList = append(dnsList, extDNSEntry{IPStr: dnsServer})
}
}
if !foundSelf {
log.G(ctx).WithFields(log.Fields{
"network": netName,
"endpoint": epName,
}).Debug("Endpoint is not configured to use internal DNS resolver")
return nil
}
// If the internal resolver is configured as one of this endpoint's DNS servers,
// tell it which ext servers to use for requests from this endpoint's addresses.
log.G(ctx).Infof("External DNS servers for '%s': %v", epName, dnsList)
if srcAddr, ok := netip.AddrFromSlice(hnsEp.IPAddress); ok {
if err := resolver.SetExtServersForSrc(srcAddr.Unmap(), dnsList); err != nil {
return errors.Wrapf(err, "failed to set external DNS servers for %s address %s",
epName, hnsEp.IPAddress)
}
}
if srcAddr, ok := netip.AddrFromSlice(hnsEp.IPv6Address); ok {
if err := resolver.SetExtServersForSrc(srcAddr, dnsList); err != nil {
return errors.Wrapf(err, "failed to set external DNS servers for %s address %s",
epName, hnsEp.IPv6Address)
}
}
return nil
}
func deleteEpFromResolver(epName string, epIface *EndpointInterface, resolvers []*Resolver) error {
hnsEndpoints, err := hcsshim.HNSListEndpointRequest()
if err != nil {
return nil
}
return deleteEpFromResolverImpl(epName, epIface, resolvers, hnsEndpoints)
}
func deleteEpFromResolverImpl(
epName string,
epIface *EndpointInterface,
resolvers []*Resolver,
hnsEndpoints []hcsshim.HNSEndpoint,
) error {
// Find the HNSEndpoint represented by ep, matching on endpoint address.
hnsEp := findHNSEp(epIface.addr, epIface.addrv6, hnsEndpoints)
if hnsEp == nil {
return fmt.Errorf("no HNS endpoint for %s", epName)
}
// Find the resolver for that HNSEndpoint, matching on gateway address.
resolver := findResolver(resolvers, hnsEp.GatewayAddress, hnsEp.GatewayAddressV6)
if resolver == nil {
return nil
}
// Delete external DNS servers for the endpoint's IP addresses.
if srcAddr, ok := netip.AddrFromSlice(hnsEp.IPAddress); ok {
if err := resolver.SetExtServersForSrc(srcAddr.Unmap(), nil); err != nil {
return errors.Wrapf(err, "failed to delete external DNS servers for %s address %s",
epName, hnsEp.IPv6Address)
}
}
if srcAddr, ok := netip.AddrFromSlice(hnsEp.IPv6Address); ok {
if err := resolver.SetExtServersForSrc(srcAddr, nil); err != nil {
return errors.Wrapf(err, "failed to delete external DNS servers for %s address %s",
epName, hnsEp.IPv6Address)
}
}
return nil
}
func findHNSEp(ip4, ip6 *net.IPNet, hnsEndpoints []hcsshim.HNSEndpoint) *hcsshim.HNSEndpoint {
for _, hnsEp := range hnsEndpoints {
if (hnsEp.IPAddress != nil && hnsEp.IPAddress.Equal(ip4.IP)) ||
(hnsEp.IPv6Address != nil && hnsEp.IPv6Address.Equal(ip6.IP)) {
return &hnsEp
}
}
return nil
}
func findResolver(resolvers []*Resolver, gw4, gw6 string) *Resolver {
gw4addr, _ := netip.ParseAddr(gw4)
gw6addr, _ := netip.ParseAddr(gw6)
for _, resolver := range resolvers {
ns := resolver.NameServer()
if ns.IsValid() && (ns == gw4addr || ns == gw6addr) {
return resolver
}
}
return nil
}
func defaultIpamForNetworkType(networkType string) string {
if windows.IsBuiltinLocalDriver(networkType) {
return windowsipam.DefaultIPAM

201
libnetwork/network_windows_test.go
View file

@ -1,201 +0,0 @@
package libnetwork
import (
"context"
"fmt"
"net"
"net/netip"
"testing"
"github.com/Microsoft/hcsshim"
"github.com/google/go-cmp/cmp"
"github.com/google/go-cmp/cmp/cmpopts"
"gotest.tools/v3/assert"
is "gotest.tools/v3/assert/cmp"
)
func TestAddEpToResolver(t *testing.T) {
const (
ep1v4 = "192.0.2.11"
ep2v4 = "192.0.2.12"
epFiveDNS = "192.0.2.13"
epNoIntDNS = "192.0.2.14"
ep1v6 = "2001:db8:aaaa::2"
gw1v4 = "192.0.2.1"
gw2v4 = "192.0.2.2"
gw1v6 = "2001:db8:aaaa::1"
dns1v4 = "198.51.100.1"
dns2v4 = "198.51.100.2"
dns3v4 = "198.51.100.3"
)
hnsEndpoints := map[string]hcsshim.HNSEndpoint{
ep1v4: {
IPAddress: net.ParseIP(ep1v4),
GatewayAddress: gw1v4,
DNSServerList: gw1v4 + "," + dns1v4,
EnableInternalDNS: true,
},
ep2v4: {
IPAddress: net.ParseIP(ep2v4),
GatewayAddress: gw1v4,
DNSServerList: gw1v4 + "," + dns2v4,
EnableInternalDNS: true,
},
epFiveDNS: {
IPAddress: net.ParseIP(epFiveDNS),
GatewayAddress: gw1v4,
DNSServerList: gw1v4 + "," + dns1v4 + "," + dns2v4 + "," + dns3v4 + ",198.51.100.4",
EnableInternalDNS: true,
},
epNoIntDNS: {
IPAddress: net.ParseIP(epNoIntDNS),
GatewayAddress: gw1v4,
DNSServerList: gw1v4 + "," + dns1v4,
//EnableInternalDNS: false,
},
ep1v6: {
IPv6Address: net.ParseIP(ep1v6),
GatewayAddressV6: gw1v6,
DNSServerList: gw1v6 + "," + dns1v4,
EnableInternalDNS: true,
},
}
makeIPNet := func(addr, netmask string) *net.IPNet {
t.Helper()
ip, ipnet, err := net.ParseCIDR(addr + "/" + netmask)
assert.NilError(t, err)
return &net.IPNet{IP: ip, Mask: ipnet.Mask}
}
testcases := []struct {
name string
epToAdd *EndpointInterface
hnsEndpoints []hcsshim.HNSEndpoint
resolverLAs []string
expIPToExtDNS map[netip.Addr][maxExtDNS]extDNSEntry
expResolverIdx int
}{
{
name: "ipv4",
epToAdd: &EndpointInterface{
addr: makeIPNet(ep1v4, "32"),
},
hnsEndpoints: []hcsshim.HNSEndpoint{
hnsEndpoints[ep1v4],
},
resolverLAs: []string{gw1v4},
expIPToExtDNS: map[netip.Addr][maxExtDNS]extDNSEntry{
netip.MustParseAddr(ep1v4): {{IPStr: dns1v4}},
},
},
{
name: "limit of three dns servers",
epToAdd: &EndpointInterface{
addr: makeIPNet(epFiveDNS, "32"),
},
hnsEndpoints: []hcsshim.HNSEndpoint{
hnsEndpoints[epFiveDNS],
},
resolverLAs: []string{gw1v4},
// Expect the internal resolver to keep the first three ext-servers.
expIPToExtDNS: map[netip.Addr][maxExtDNS]extDNSEntry{
netip.MustParseAddr(epFiveDNS): {
{IPStr: dns1v4},
{IPStr: dns2v4},
{IPStr: dns3v4},
},
},
},
{
name: "disabled internal resolver",
epToAdd: &EndpointInterface{
addr: makeIPNet(epNoIntDNS, "32"),
},
hnsEndpoints: []hcsshim.HNSEndpoint{
hnsEndpoints[epNoIntDNS],
hnsEndpoints[ep2v4],
},
resolverLAs: []string{gw1v4},
},
{
name: "missing internal resolver",
epToAdd: &EndpointInterface{
addr: makeIPNet(ep1v4, "32"),
},
hnsEndpoints: []hcsshim.HNSEndpoint{
hnsEndpoints[ep1v4],
},
// The only resolver is for the gateway on a different network.
resolverLAs: []string{gw2v4},
},
{
name: "multiple resolvers and endpoints",
epToAdd: &EndpointInterface{
addr: makeIPNet(ep2v4, "32"),
},
hnsEndpoints: []hcsshim.HNSEndpoint{
hnsEndpoints[ep1v4],
hnsEndpoints[ep2v4],
},
// Put the internal resolver for this network second in the list.
expResolverIdx: 1,
resolverLAs: []string{gw2v4, gw1v4},
expIPToExtDNS: map[netip.Addr][maxExtDNS]extDNSEntry{
netip.MustParseAddr(ep2v4): {{IPStr: dns2v4}},
},
},
{
name: "ipv6",
epToAdd: &EndpointInterface{
addrv6: makeIPNet(ep1v6, "80"),
},
hnsEndpoints: []hcsshim.HNSEndpoint{
hnsEndpoints[ep1v6],
},
resolverLAs: []string{gw1v6},
expIPToExtDNS: map[netip.Addr][maxExtDNS]extDNSEntry{
netip.MustParseAddr(ep1v6): {{IPStr: dns1v4}},
},
},
}
eMapCmpOpts := []cmp.Option{
cmpopts.EquateEmpty(),
cmpopts.EquateComparable(netip.Addr{}),
cmpopts.IgnoreUnexported(extDNSEntry{}),
}
emptyEMap := map[netip.Addr][maxExtDNS]extDNSEntry{}
for _, tc := range testcases {
t.Run(tc.name, func(t *testing.T) {
// Set up resolvers with the required listen-addresses.
var resolvers []*Resolver
for _, la := range tc.resolverLAs {
resolvers = append(resolvers, NewResolver(la, true, nil))
}
// Add the endpoint and check expected results.
err := addEpToResolverImpl(context.TODO(),
"netname", "epname", tc.epToAdd, resolvers, tc.hnsEndpoints)
assert.Check(t, err)
for i, resolver := range resolvers {
if i == tc.expResolverIdx {
assert.Check(t, is.DeepEqual(resolver.ipToExtDNS.eMap, tc.expIPToExtDNS,
eMapCmpOpts...), fmt.Sprintf("resolveridx=%d", i))
} else {
assert.Check(t, is.DeepEqual(resolver.ipToExtDNS.eMap, emptyEMap,
eMapCmpOpts...), fmt.Sprintf("resolveridx=%d", i))
}
}
// Delete the endpoint, check nothing got left behind.
err = deleteEpFromResolverImpl("epname", tc.epToAdd, resolvers, tc.hnsEndpoints)
assert.Check(t, err)
for i, resolver := range resolvers {
assert.Check(t, is.DeepEqual(resolver.ipToExtDNS.eMap, emptyEMap,
eMapCmpOpts...), fmt.Sprintf("resolveridx=%d", i))
}
})
}
}

21
libnetwork/osl/interface_linux.go
View file

@ -363,24 +363,17 @@ func setInterfaceIP(nlh *netlink.Handle, iface netlink.Link, i *Interface) error
}
func setInterfaceIPv6(nlh *netlink.Handle, iface netlink.Link, i *Interface) error {
addr := i.AddressIPv6()
// IPv6 must be enabled on the interface if and only if the network is
// IPv6-enabled. For an interface on an IPv4-only network, if IPv6 isn't
// disabled, the interface will be put into IPv6 multicast groups making
// it unexpectedly susceptible to NDP cache poisoning, route injection, etc.
// (At present, there will always be a pre-configured IPv6 address if the
// network is IPv6-enabled.)
if err := setIPv6(i.ns.path, i.DstName(), addr != nil); err != nil {
return fmt.Errorf("failed to configure ipv6: %v", err)
}
if addr == nil {
if i.AddressIPv6() == nil {
return nil
}
if err := checkRouteConflict(nlh, addr, netlink.FAMILY_V6); err != nil {
if err := checkRouteConflict(nlh, i.AddressIPv6(), netlink.FAMILY_V6); err != nil {
return err
}
nlAddr := &netlink.Addr{IPNet: addr, Label: "", Flags: syscall.IFA_F_NODAD}
return nlh.AddrAdd(iface, nlAddr)
if err := setIPv6(i.ns.path, i.DstName(), true); err != nil {
return fmt.Errorf("failed to enable ipv6: %v", err)
}
ipAddr := &netlink.Addr{IPNet: i.AddressIPv6(), Label: "", Flags: syscall.IFA_F_NODAD}
return nlh.AddrAdd(iface, ipAddr)
}
func setInterfaceLinkLocalIPs(nlh *netlink.Handle, iface netlink.Link, i *Interface) error {

40
libnetwork/osl/namespace_linux.go
View file

@ -545,38 +545,26 @@ func (n *Namespace) Restore(interfaces map[Iface][]IfaceOption, routes []*types.
return nil
}
// IPv6LoEnabled returns true if the loopback interface had an IPv6 address when
// last checked. It's always checked on the first call, and by RefreshIPv6LoEnabled.
// ('::1' is assigned by the kernel if IPv6 is enabled.)
// IPv6LoEnabled checks whether the loopback interface has an IPv6 address ('::1'
// is assigned by the kernel if IPv6 is enabled).
func (n *Namespace) IPv6LoEnabled() bool {
n.ipv6LoEnabledOnce.Do(func() {
n.RefreshIPv6LoEnabled()
// If anything goes wrong, assume no-IPv6.
iface, err := n.nlHandle.LinkByName("lo")
if err != nil {
log.G(context.TODO()).WithError(err).Warn("Unable to find 'lo' to determine IPv6 support")
return
}
addrs, err := n.nlHandle.AddrList(iface, nl.FAMILY_V6)
if err != nil {
log.G(context.TODO()).WithError(err).Warn("Unable to get 'lo' addresses to determine IPv6 support")
return
}
n.ipv6LoEnabledCached = len(addrs) > 0
})
n.mu.Lock()
defer n.mu.Unlock()
return n.ipv6LoEnabledCached
}
// RefreshIPv6LoEnabled refreshes the cached result returned by IPv6LoEnabled.
func (n *Namespace) RefreshIPv6LoEnabled() {
n.mu.Lock()
defer n.mu.Unlock()
// If anything goes wrong, assume no-IPv6.
n.ipv6LoEnabledCached = false
iface, err := n.nlHandle.LinkByName("lo")
if err != nil {
log.G(context.TODO()).WithError(err).Warn("Unable to find 'lo' to determine IPv6 support")
return
}
addrs, err := n.nlHandle.AddrList(iface, nl.FAMILY_V6)
if err != nil {
log.G(context.TODO()).WithError(err).Warn("Unable to get 'lo' addresses to determine IPv6 support")
return
}
n.ipv6LoEnabledCached = len(addrs) > 0
}
// ApplyOSTweaks applies operating system specific knobs on the sandbox.
func (n *Namespace) ApplyOSTweaks(types []SandboxType) {
for _, t := range types {

96
libnetwork/resolver.go
View file

@ -6,7 +6,6 @@ import (
"fmt"
"math/rand"
"net"
"net/netip"
"strconv"
"strings"
"sync"
@ -14,7 +13,6 @@ import (
"time"
"github.com/containerd/log"
"github.com/docker/docker/libnetwork/internal/netiputil"
"github.com/docker/docker/libnetwork/types"
"github.com/miekg/dns"
"go.opentelemetry.io/otel"
@ -67,25 +65,17 @@ type extDNSEntry struct {
HostLoopback bool
}
func (e extDNSEntry) String() string {
if e.HostLoopback {
return "host(" + e.IPStr + ")"
}
return e.IPStr
}
// Resolver is the embedded DNS server in Docker. It operates by listening on
// the container's loopback interface for DNS queries.
type Resolver struct {
backend DNSBackend
extDNSList [maxExtDNS]extDNSEntry // Ext servers to use when there's no entry in ipToExtDNS.
ipToExtDNS addrToExtDNSMap // DNS query source IP -> ext servers.
extDNSList [maxExtDNS]extDNSEntry
server *dns.Server
conn *net.UDPConn
tcpServer *dns.Server
tcpListen *net.TCPListener
err error
listenAddress netip.Addr
listenAddress string
proxyDNS atomic.Bool
startCh chan struct{}
logger *log.Entry
@ -97,45 +87,18 @@ type Resolver struct {
// NewResolver creates a new instance of the Resolver
func NewResolver(address string, proxyDNS bool, backend DNSBackend) *Resolver {
r := &Resolver{
backend: backend,
err: fmt.Errorf("setup not done yet"),
startCh: make(chan struct{}, 1),
fwdSem: semaphore.NewWeighted(maxConcurrent),
logInverval: rate.Sometimes{Interval: logInterval},
backend: backend,
listenAddress: address,
err: fmt.Errorf("setup not done yet"),
startCh: make(chan struct{}, 1),
fwdSem: semaphore.NewWeighted(maxConcurrent),
logInverval: rate.Sometimes{Interval: logInterval},
}
r.listenAddress, _ = netip.ParseAddr(address)
r.proxyDNS.Store(proxyDNS)
return r
}
type addrToExtDNSMap struct {
mu sync.Mutex
eMap map[netip.Addr][maxExtDNS]extDNSEntry
}
func (am *addrToExtDNSMap) get(addr netip.Addr) ([maxExtDNS]extDNSEntry, bool) {
am.mu.Lock()
defer am.mu.Unlock()
entries, ok := am.eMap[addr]
return entries, ok
}
func (am *addrToExtDNSMap) set(addr netip.Addr, entries []extDNSEntry) {
var e [maxExtDNS]extDNSEntry
copy(e[:], entries)
am.mu.Lock()
defer am.mu.Unlock()
if len(entries) > 0 {
if am.eMap == nil {
am.eMap = map[netip.Addr][maxExtDNS]extDNSEntry{}
}
am.eMap[addr] = e
} else {
delete(am.eMap, addr)
}
}
func (r *Resolver) log(ctx context.Context) *log.Entry {
if r.logger == nil {
return log.G(ctx)
@ -145,23 +108,25 @@ func (r *Resolver) log(ctx context.Context) *log.Entry {
// SetupFunc returns the setup function that should be run in the container's
// network namespace.
func (r *Resolver) SetupFunc(port uint16) func() {
func (r *Resolver) SetupFunc(port int) func() {
return func() {
var err error
// DNS operates primarily on UDP
r.conn, err = net.ListenUDP("udp", net.UDPAddrFromAddrPort(
netip.AddrPortFrom(r.listenAddress, port)),
)
r.conn, err = net.ListenUDP("udp", &net.UDPAddr{
IP: net.ParseIP(r.listenAddress),
Port: port,
})
if err != nil {
r.err = fmt.Errorf("error in opening name server socket %v", err)
return
}
// Listen on a TCP as well
r.tcpListen, err = net.ListenTCP("tcp", net.TCPAddrFromAddrPort(
netip.AddrPortFrom(r.listenAddress, port)),
)
r.tcpListen, err = net.ListenTCP("tcp", &net.TCPAddr{
IP: net.ParseIP(r.listenAddress),
Port: port,
})
if err != nil {
r.err = fmt.Errorf("error in opening name TCP server socket %v", err)
return
@ -221,8 +186,7 @@ func (r *Resolver) Stop() {
}
// SetExtServers configures the external nameservers the resolver should use
// when forwarding queries, unless SetExtServersForSrc has configured servers
// for the DNS client making the request.
// when forwarding queries.
func (r *Resolver) SetExtServers(extDNS []extDNSEntry) {
l := len(extDNS)
if l > maxExtDNS {
@ -239,17 +203,8 @@ func (r *Resolver) SetForwardingPolicy(policy bool) {
r.proxyDNS.Store(policy)
}
// SetExtServersForSrc configures the external nameservers the resolver should
// use when forwarding queries from srcAddr. If set, these servers will be used
// in preference to servers set by SetExtServers. Supplying a nil or empty extDNS
// deletes nameservers for srcAddr.
func (r *Resolver) SetExtServersForSrc(srcAddr netip.Addr, extDNS []extDNSEntry) error {
r.ipToExtDNS.set(srcAddr, extDNS)
return nil
}
// NameServer returns the IP of the DNS resolver for the containers.
func (r *Resolver) NameServer() netip.Addr {
func (r *Resolver) NameServer() string {
return r.listenAddress
}
@ -484,7 +439,7 @@ func (r *Resolver) serveDNS(w dns.ResponseWriter, query *dns.Msg) {
!strings.Contains(strings.TrimSuffix(queryName, "."), ".") {
resp = createRespMsg(query)
} else {
resp = r.forwardExtDNS(ctx, w.LocalAddr().Network(), w.RemoteAddr(), query)
resp = r.forwardExtDNS(ctx, w.LocalAddr().Network(), query)
}
}
@ -526,11 +481,11 @@ func (r *Resolver) dialExtDNS(proto string, server extDNSEntry) (net.Conn, error
return extConn, nil
}
func (r *Resolver) forwardExtDNS(ctx context.Context, proto string, remoteAddr net.Addr, query *dns.Msg) *dns.Msg {
func (r *Resolver) forwardExtDNS(ctx context.Context, proto string, query *dns.Msg) *dns.Msg {
ctx, span := otel.Tracer("").Start(ctx, "resolver.forwardExtDNS")
defer span.End()
for _, extDNS := range r.extDNS(netiputil.AddrPortFromNet(remoteAddr)) {
for _, extDNS := range r.extDNSList {
if extDNS.IPStr == "" {
break
}
@ -593,13 +548,6 @@ func (r *Resolver) forwardExtDNS(ctx context.Context, proto string, remoteAddr n
return nil
}
func (r *Resolver) extDNS(remoteAddr netip.AddrPort) []extDNSEntry {
if res, ok := r.ipToExtDNS.get(remoteAddr.Addr()); ok {
return res[:]
}
return r.extDNSList[:]
}
func (r *Resolver) exchange(ctx context.Context, proto string, extDNS extDNSEntry, query *dns.Msg) *dns.Msg {
ctx, span := otel.Tracer("").Start(ctx, "resolver.exchange", trace.WithAttributes(
attribute.String("libnet.resolver.upstream.proto", proto),

16
libnetwork/sandbox.go
View file

@ -92,7 +92,6 @@ type resolvConfPathConfig struct {
}
type containerConfig struct {
containerConfigOS //nolint:nolintlint,unused // only populated on windows
hostsPathConfig
resolvConfPathConfig
generic map[string]interface{}
@ -508,21 +507,6 @@ func (sb *Sandbox) resolveName(ctx context.Context, nameOrAlias string, networkN
return nil, ipv6Miss
}
// hasExternalAccess returns true if any of sb's Endpoints appear to have external
// network access.
func (sb *Sandbox) hasExternalAccess() bool {
for _, ep := range sb.Endpoints() {
nw := ep.getNetwork()
if nw.Internal() || nw.Type() == "null" || nw.Type() == "host" {
continue
}
if ep.hasGatewayOrDefaultRoute() {
return true
}
}
return false
}
// EnableService makes a managed container's service available by adding the
// endpoint to the service load balancer and service discovery.
func (sb *Sandbox) EnableService() (err error) {

9
libnetwork/sandbox_dns_unix.go
View file

@ -4,7 +4,6 @@ package libnetwork
import (
"context"
"fmt"
"io/fs"
"net/netip"
"os"
@ -49,7 +48,7 @@ func (sb *Sandbox) startResolver(restore bool) {
// have a gateway. So, if the Sandbox is only connected to an 'internal' network,
// it will not forward DNS requests to external resolvers. The resolver's
// proxyDNS setting is then updated as network Endpoints are added/removed.
sb.resolver = NewResolver(resolverIPSandbox, sb.hasExternalAccess(), sb)
sb.resolver = NewResolver(resolverIPSandbox, sb.getGatewayEndpoint() != nil, sb)
defer func() {
if err != nil {
sb.resolver = nil
@ -344,9 +343,9 @@ func (sb *Sandbox) rebuildDNS() error {
}
}
intNS := sb.resolver.NameServer()
if !intNS.IsValid() {
return fmt.Errorf("no listen-address for internal resolver")
intNS, err := netip.ParseAddr(sb.resolver.NameServer())
if err != nil {
return err
}
// Work out whether ndots has been set from host config or overrides.

43
libnetwork/sandbox_linux.go
View file

@ -12,9 +12,6 @@ import (
"github.com/docker/docker/libnetwork/types"
)
// Linux-specific container configuration flags.
type containerConfigOS struct{} //nolint:nolintlint,unused // only populated on windows
func releaseOSSboxResources(ns *osl.Namespace, ep *Endpoint) {
for _, i := range ns.Interfaces() {
// Only remove the interfaces owned by this endpoint from the sandbox.
@ -93,8 +90,12 @@ func (sb *Sandbox) updateGateway(ep *Endpoint) error {
return fmt.Errorf("failed to set gateway while updating gateway: %v", err)
}
if err := osSbox.SetGatewayIPv6(joinInfo.gw6); err != nil {
return fmt.Errorf("failed to set IPv6 gateway while updating gateway: %v", err)
// If IPv6 has been disabled in the sandbox a gateway may still have been
// configured, don't attempt to apply it.
if ipv6, ok := sb.ipv6Enabled(); !ok || ipv6 {
if err := osSbox.SetGatewayIPv6(joinInfo.gw6); err != nil {
return fmt.Errorf("failed to set IPv6 gateway while updating gateway: %v", err)
}
}
return nil
@ -161,10 +162,6 @@ func (sb *Sandbox) SetKey(basePath string) error {
}
}
// Set up hosts and resolv.conf files. IPv6 support in the container can't be
// determined yet, as sysctls haven't been applied by the runtime. Calling
// FinishInit after the container task has been created, when sysctls have been
// applied will regenerate these files.
if err := sb.finishInitDNS(); err != nil {
return err
}
@ -178,27 +175,6 @@ func (sb *Sandbox) SetKey(basePath string) error {
return nil
}
// FinishConfig completes Sandbox configuration. If called after the container task has been
// created, and sysctl settings applied, the configuration will be based on the container's
// IPv6 support.
func (sb *Sandbox) FinishConfig() error {
if sb.config.useDefaultSandBox {
return nil
}
sb.mu.Lock()
osSbox := sb.osSbox
sb.mu.Unlock()
if osSbox == nil {
return nil
}
// If sysctl changes have been made, IPv6 may have been enabled/disabled since last checked.
osSbox.RefreshIPv6LoEnabled()
return sb.finishInitDNS()
}
// IPv6 support can always be determined for host networking. For other network
// types it can only be determined once there's a container namespace to probe,
// return ok=false in that case.
@ -307,7 +283,12 @@ func (sb *Sandbox) populateNetworkResources(ep *Endpoint) error {
ifaceOptions = append(ifaceOptions, osl.WithIPv4Address(i.addr), osl.WithRoutes(i.routes))
if i.addrv6 != nil && i.addrv6.IP.To16() != nil {
ifaceOptions = append(ifaceOptions, osl.WithIPv6Address(i.addrv6))
// If IPv6 has been disabled in the Sandbox, an IPv6 address will still have
// been allocated. Don't apply it, because doing so would enable IPv6 on the
// interface.
if ipv6, ok := sb.ipv6Enabled(); !ok || ipv6 {
ifaceOptions = append(ifaceOptions, osl.WithIPv6Address(i.addrv6))
}
}
if len(i.llAddrs) != 0 {
ifaceOptions = append(ifaceOptions, osl.WithLinkLocalAddresses(i.llAddrs))

7
libnetwork/sandbox_options_windows.go
View file

@ -1,7 +0,0 @@
package libnetwork
func OptionDNSNoProxy() SandboxOption {
return func(sb *Sandbox) {
sb.config.dnsNoProxy = true
}
}

7
libnetwork/sandbox_windows.go → libnetwork/sandbox_unsupported.go
View file

@ -1,12 +1,9 @@
//go:build !linux
package libnetwork
import "github.com/docker/docker/libnetwork/osl"
// Windows-specific container configuration flags.
type containerConfigOS struct {
dnsNoProxy bool
}
func releaseOSSboxResources(*osl.Namespace, *Endpoint) {}
func (sb *Sandbox) updateGateway(*Endpoint) error {

15
pkg/system/stat_illumos.go
View file

@ -1,15 +0,0 @@
package system // import "github.com/docker/docker/pkg/system"
import "syscall"
// fromStatT converts a syscall.Stat_t type to a system.Stat_t type
func fromStatT(s *syscall.Stat_t) (*StatT, error) {
return &StatT{
size: s.Size,
mode: uint32(s.Mode),
uid: s.Uid,
gid: s.Gid,
rdev: uint64(s.Rdev),
mtim: s.Mtim,
}, nil
}

2
profiles/apparmor/apparmor.go
View file

@ -48,7 +48,7 @@ func (p *profileData) generateDefault(out io.Writer) error {
return compiled.Execute(out, p)
}
// macroExists checks if the passed macro exists.
// macrosExists checks if the passed macro exists.
func macroExists(m string) bool {
_, err := os.Stat(path.Join(profileDirectory, m))
return err == nil

19
vendor.mod
View file

@ -25,7 +25,7 @@ require (
github.com/aws/smithy-go v1.19.0
github.com/cloudflare/cfssl v1.6.4
github.com/containerd/cgroups/v3 v3.0.3
github.com/containerd/containerd v1.7.15
github.com/containerd/containerd v1.7.14
github.com/containerd/continuity v0.4.3
github.com/containerd/fifo v1.1.0
github.com/containerd/log v0.1.0
@ -66,7 +66,7 @@ require (
github.com/moby/locker v1.0.1
github.com/moby/patternmatcher v0.6.0
github.com/moby/pubsub v1.0.0
github.com/moby/swarmkit/v2 v2.0.0-20240412154004-f3ffc0881d0e
github.com/moby/swarmkit/v2 v2.0.0-20240125134710-dcda100a8261
github.com/moby/sys/mount v0.3.3
github.com/moby/sys/mountinfo v0.7.1
github.com/moby/sys/sequential v0.5.0
@ -78,7 +78,7 @@ require (
github.com/opencontainers/go-digest v1.0.0
github.com/opencontainers/image-spec v1.1.0-rc5
github.com/opencontainers/runc v1.1.12
github.com/opencontainers/runtime-spec v1.2.0
github.com/opencontainers/runtime-spec v1.1.0
github.com/opencontainers/selinux v1.11.0
github.com/pelletier/go-toml v1.9.5
github.com/pkg/errors v0.9.1
@ -100,7 +100,7 @@ require (
go.opentelemetry.io/otel/sdk v1.21.0
go.opentelemetry.io/otel/trace v1.21.0
golang.org/x/mod v0.13.0
golang.org/x/net v0.23.0
golang.org/x/net v0.18.0
golang.org/x/sync v0.5.0
golang.org/x/sys v0.18.0
golang.org/x/text v0.14.0
@ -110,7 +110,7 @@ require (
google.golang.org/protobuf v1.33.0
gotest.tools/v3 v3.5.1
resenje.org/singleflight v0.4.1
tags.cncf.io/container-device-interface v0.7.1
tags.cncf.io/container-device-interface v0.6.2
)
require (
@ -132,7 +132,6 @@ require (
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.7 // indirect
github.com/aws/aws-sdk-go-v2/service/sts v1.26.7 // indirect
github.com/beorn7/perks v1.0.1 // indirect
github.com/bits-and-blooms/bitset v1.13.0 // indirect
github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869 // indirect
github.com/cenkalti/backoff/v4 v4.2.1 // indirect
github.com/cespare/xxhash/v2 v2.2.0 // indirect
@ -148,7 +147,6 @@ require (
github.com/containernetworking/cni v1.1.2 // indirect
github.com/containernetworking/plugins v1.4.0 // indirect
github.com/cyphar/filepath-securejoin v0.2.4 // indirect
github.com/davecgh/go-spew v1.1.1 // indirect
github.com/dimchansky/utfbom v1.1.1 // indirect
github.com/dustin/go-humanize v1.0.0 // indirect
github.com/felixge/httpsnoop v1.0.4 // indirect
@ -181,7 +179,6 @@ require (
github.com/opencontainers/runtime-tools v0.9.1-0.20221107090550-2e043c6bd626 // indirect
github.com/package-url/packageurl-go v0.1.1-0.20220428063043-89078438f170 // indirect
github.com/philhofer/fwd v1.1.2 // indirect
github.com/pmezard/go-difflib v1.0.0 // indirect
github.com/prometheus/client_model v0.5.0 // indirect
github.com/prometheus/common v0.44.0 // indirect
github.com/prometheus/procfs v0.12.0 // indirect
@ -189,7 +186,6 @@ require (
github.com/secure-systems-lab/go-securesystemslib v0.4.0 // indirect
github.com/shibumi/go-pathspec v1.3.0 // indirect
github.com/spdx/tools-golang v0.5.3 // indirect
github.com/stretchr/testify v1.8.4 // indirect
github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 // indirect
github.com/tinylib/msgp v1.1.8 // indirect
github.com/tonistiigi/go-actions-cache v0.0.0-20240227172821-a0b64f338598 // indirect
@ -216,7 +212,7 @@ require (
go.uber.org/atomic v1.9.0 // indirect
go.uber.org/multierr v1.8.0 // indirect
go.uber.org/zap v1.21.0 // indirect
golang.org/x/crypto v0.21.0 // indirect
golang.org/x/crypto v0.17.0 // indirect
golang.org/x/exp v0.0.0-20231006140011-7918f672742d // indirect
golang.org/x/oauth2 v0.11.0 // indirect
golang.org/x/tools v0.14.0 // indirect
@ -225,8 +221,7 @@ require (
google.golang.org/genproto v0.0.0-20231016165738-49dd2c1f3d0b // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20231016165738-49dd2c1f3d0b // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
k8s.io/klog/v2 v2.90.1 // indirect
sigs.k8s.io/yaml v1.3.0 // indirect
tags.cncf.io/container-device-interface/specs-go v0.7.0 // indirect
tags.cncf.io/container-device-interface/specs-go v0.6.0 // indirect
)

36
vendor.sum
View file

@ -103,8 +103,6 @@ github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+Ce
github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
github.com/bits-and-blooms/bitset v1.13.0 h1:bAQ9OPNFYbGHV6Nez0tmNI0RiEu7/hxlYJRUA0wFAVE=
github.com/bits-and-blooms/bitset v1.13.0/go.mod h1:7hO7Gc7Pp1vODcmWvKMRA9BNmbv6a/7QIWpPxHddWR8=
github.com/bketelsen/crypt v0.0.3-0.20200106085610-5cbc8cc4026c/go.mod h1:MKsuJmJgSg28kpZDP6UIiPt0e0Oz0kqKNGyRaWEPv84=
github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM=
github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ=
@ -156,8 +154,8 @@ github.com/containerd/cgroups/v3 v3.0.3 h1:S5ByHZ/h9PMe5IOQoN7E+nMc2UcLEM/V48DGD
github.com/containerd/cgroups/v3 v3.0.3/go.mod h1:8HBe7V3aWGLFPd/k03swSIsGjZhHI2WzJmticMgVuz0=
github.com/containerd/console v1.0.4 h1:F2g4+oChYvBTsASRTz8NP6iIAi97J3TtSAsLbIFn4ro=
github.com/containerd/console v1.0.4/go.mod h1:YynlIjWYF8myEu6sdkwKIvGQq+cOckRm6So2avqoYAk=
github.com/containerd/containerd v1.7.15 h1:afEHXdil9iAm03BmhjzKyXnnEBtjaLJefdU7DV0IFes=
github.com/containerd/containerd v1.7.15/go.mod h1:ISzRRTMF8EXNpJlTzyr2XMhN+j9K302C21/+cr3kUnY=
github.com/containerd/containerd v1.7.14 h1:H/XLzbnGuenZEGK+v0RkwTdv2u1QFAruMe5N0GNPJwA=
github.com/containerd/containerd v1.7.14/go.mod h1:YMC9Qt5yzNqXx/fO4j/5yYVIHXSRrlB3H7sxkUTvspg=
github.com/containerd/continuity v0.4.3 h1:6HVkalIp+2u1ZLH1J/pYX2oBVXlJZvh1X1A7bEZ9Su8=
github.com/containerd/continuity v0.4.3/go.mod h1:F6PTNCKepoxEaXLQp3wDAjygEnImnZ/7o4JzpodfroQ=
github.com/containerd/fifo v1.1.0 h1:4I2mbh5stb1u6ycIABlBw9zgtlK8viPI9QkQNRQEEmY=
@ -490,8 +488,8 @@ github.com/moby/patternmatcher v0.6.0 h1:GmP9lR19aU5GqSSFko+5pRqHi+Ohk1O69aFiKkV
github.com/moby/patternmatcher v0.6.0/go.mod h1:hDPoyOpDY7OrrMDLaYoY3hf52gNCR/YOUYxkhApJIxc=
github.com/moby/pubsub v1.0.0 h1:jkp/imWsmJz2f6LyFsk7EkVeN2HxR/HTTOY8kHrsxfA=
github.com/moby/pubsub v1.0.0/go.mod h1:bXSO+3h5MNXXCaEG+6/NlAIk7MMZbySZlnB+cUQhKKc=
github.com/moby/swarmkit/v2 v2.0.0-20240412154004-f3ffc0881d0e h1:ZCx3cYIxF6OdZkiSbesvyJyJetMmICNvMGVHFop+Mec=
github.com/moby/swarmkit/v2 v2.0.0-20240412154004-f3ffc0881d0e/go.mod h1:kNy225f/gWAnF8wPftteMc5nbAHhrH+HUfvyjmhFjeQ=
github.com/moby/swarmkit/v2 v2.0.0-20240125134710-dcda100a8261 h1:mjLf2jYrqtIS4LvLzg0gNyJR4rMXS4X5Bg1A4hOhVMs=
github.com/moby/swarmkit/v2 v2.0.0-20240125134710-dcda100a8261/go.mod h1:oRJU1d0hrkkwCtouwfQGcIAKcVEkclMYoLWocqrg6gI=
github.com/moby/sys/mount v0.3.3 h1:fX1SVkXFJ47XWDoeFW4Sq7PdQJnV2QIDZAqjNqgEjUs=
github.com/moby/sys/mount v0.3.3/go.mod h1:PBaEorSNTLG5t/+4EgukEQVlAvVEc6ZjTySwKdqp5K0=
github.com/moby/sys/mountinfo v0.6.2/go.mod h1:IJb6JQeOklcdMU9F5xQ8ZALD+CUr5VlGpwtX+VE0rpI=
@ -542,8 +540,8 @@ github.com/opencontainers/image-spec v1.1.0-rc5/go.mod h1:X4pATf0uXsnn3g5aiGIsVn
github.com/opencontainers/runc v1.1.12 h1:BOIssBaW1La0/qbNZHXOOa71dZfZEQOzW7dqQf3phss=
github.com/opencontainers/runc v1.1.12/go.mod h1:S+lQwSfncpBha7XTy/5lBwWgm5+y5Ma/O44Ekby9FK8=
github.com/opencontainers/runtime-spec v1.0.3-0.20220825212826-86290f6a00fb/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
github.com/opencontainers/runtime-spec v1.2.0 h1:z97+pHb3uELt/yiAWD691HNHQIF07bE7dzrbT927iTk=
github.com/opencontainers/runtime-spec v1.2.0/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
github.com/opencontainers/runtime-spec v1.1.0 h1:HHUyrt9mwHUjtasSbXSMvs4cyFxh+Bll4AjJ9odEGpg=
github.com/opencontainers/runtime-spec v1.1.0/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
github.com/opencontainers/runtime-tools v0.9.1-0.20221107090550-2e043c6bd626 h1:DmNGcqH3WDbV5k8OJ+esPWbqUOX5rMLR2PMvziDMJi0=
github.com/opencontainers/runtime-tools v0.9.1-0.20221107090550-2e043c6bd626/go.mod h1:BRHJJd0E+cx42OybVYSgUvZmU0B8P9gZuRXlZUP7TKI=
github.com/opencontainers/selinux v1.9.1/go.mod h1:2i0OySw99QjzBBQByd1Gr9gSjvuho1lHsJxIJ3gGbJI=
@ -667,8 +665,6 @@ github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXl
github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 h1:kdXcSzyDtseVEc4yCz2qF8ZrQvIDBJLl4S1c3GCXmoI=
github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww=
github.com/tedsuo/ifrit v0.0.0-20230330192023-5cba443a66c4 h1:MGZzzxBuPuK4J0XQo+0uy0NnXQGKzHXhYp5oG1Wy860=
github.com/tedsuo/ifrit v0.0.0-20230330192023-5cba443a66c4/go.mod h1:eyZnKCc955uh98WQvzOm0dgAeLnf2O0Rz0LPoC5ze+0=
github.com/tinylib/msgp v1.1.8 h1:FCXC1xanKO4I8plpHGH2P7koL/RzZs12l/+r7vakfm0=
github.com/tinylib/msgp v1.1.8/go.mod h1:qkpG+2ldGg4xRFmx+jfTvZPxfGFhi64BcnL9vkCm/Tw=
github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
@ -800,8 +796,8 @@ golang.org/x/crypto v0.0.0-20201124201722-c8d3bf9c5392/go.mod h1:jdWPYTVW3xRLrWP
golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
golang.org/x/crypto v0.0.0-20220314234659-1baeb1ce4c0b/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA=
golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs=
golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k=
golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@ -862,8 +858,8 @@ golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT
golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
golang.org/x/net v0.3.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE=
golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs=
golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg=
golang.org/x/net v0.18.0 h1:mIYleuAkSbHh0tCv7RvjL3F6ZVbLjq4+R7zbOn3Kokg=
golang.org/x/net v0.18.0/go.mod h1:/czyP5RqHAH4odGYxBJ1qz0+CE5WZ+2j1YgoEo8F2jQ=
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@ -942,8 +938,8 @@ golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXR
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA=
golang.org/x/term v0.18.0 h1:FcHjZXDMxI8mM3nwhX9HlKop4C0YQvCVCdwYl2wOtE8=
golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58=
golang.org/x/term v0.15.0 h1:y/Oo/a/q3IXu26lQgl04j/gjuBDOBlx7X6Om1j2CPW4=
golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
@ -1106,7 +1102,7 @@ rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8
sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc=
sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo=
sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8=
tags.cncf.io/container-device-interface v0.7.1 h1:MATNCbAD1su9U6zwQe5BrQ2vGGp1GBayD70bYaxYCNE=
tags.cncf.io/container-device-interface v0.7.1/go.mod h1:h1JVuOqTQVORp8DziaWKUCDNzAmN+zeCbqbqD30D0ZQ=
tags.cncf.io/container-device-interface/specs-go v0.7.0 h1:w/maMGVeLP6TIQJVYT5pbqTi8SCw/iHZ+n4ignuGHqg=
tags.cncf.io/container-device-interface/specs-go v0.7.0/go.mod h1:hMAwAbMZyBLdmYqWgYcKH0F/yctNpV3P35f+/088A80=
tags.cncf.io/container-device-interface v0.6.2 h1:dThE6dtp/93ZDGhqaED2Pu374SOeUkBfuvkLuiTdwzg=
tags.cncf.io/container-device-interface v0.6.2/go.mod h1:Shusyhjs1A5Na/kqPVLL0KqnHQHuunol9LFeUNkuGVE=
tags.cncf.io/container-device-interface/specs-go v0.6.0 h1:V+tJJN6dqu8Vym6p+Ru+K5mJ49WL6Aoc5SJFSY0RLsQ=
tags.cncf.io/container-device-interface/specs-go v0.6.0/go.mod h1:hMAwAbMZyBLdmYqWgYcKH0F/yctNpV3P35f+/088A80=

139
vendor/code.cloudfoundry.org/clock/fakeclock/fake_clock.go generated vendored
View file

@ -1,139 +0,0 @@
package fakeclock
import (
"errors"
"sync"
"time"
"code.cloudfoundry.org/clock"
)
type timeWatcher interface {
timeUpdated(time.Time)
shouldFire(time.Time) bool
repeatable() bool
}
type FakeClock struct {
now time.Time
watchers map[timeWatcher]struct{}
cond *sync.Cond
}
func NewFakeClock(now time.Time) *FakeClock {
return &FakeClock{
now: now,
watchers: make(map[timeWatcher]struct{}),
cond: &sync.Cond{L: &sync.Mutex{}},
}
}
func (clock *FakeClock) Since(t time.Time) time.Duration {
return clock.Now().Sub(t)
}
func (clock *FakeClock) Now() time.Time {
clock.cond.L.Lock()
defer clock.cond.L.Unlock()
return clock.now
}
func (clock *FakeClock) Increment(duration time.Duration) {
clock.increment(duration, false, 0)
}
func (clock *FakeClock) IncrementBySeconds(seconds uint64) {
clock.Increment(time.Duration(seconds) * time.Second)
}
func (clock *FakeClock) WaitForWatcherAndIncrement(duration time.Duration) {
clock.WaitForNWatchersAndIncrement(duration, 1)
}
func (clock *FakeClock) WaitForNWatchersAndIncrement(duration time.Duration, numWatchers int) {
clock.increment(duration, true, numWatchers)
}
func (clock *FakeClock) NewTimer(d time.Duration) clock.Timer {
timer := newFakeTimer(clock, d, false)
clock.addTimeWatcher(timer)
return timer
}
func (clock *FakeClock) Sleep(d time.Duration) {
<-clock.NewTimer(d).C()
}
func (clock *FakeClock) After(d time.Duration) <-chan time.Time {
return clock.NewTimer(d).C()
}
func (clock *FakeClock) NewTicker(d time.Duration) clock.Ticker {
if d <= 0 {
panic(errors.New("duration must be greater than zero"))
}
timer := newFakeTimer(clock, d, true)
clock.addTimeWatcher(timer)
return newFakeTicker(timer)
}
func (clock *FakeClock) WatcherCount() int {
clock.cond.L.Lock()
defer clock.cond.L.Unlock()
return len(clock.watchers)
}
func (clock *FakeClock) increment(duration time.Duration, waitForWatchers bool, numWatchers int) {
clock.cond.L.Lock()
for waitForWatchers && len(clock.watchers) < numWatchers {
clock.cond.Wait()
}
now := clock.now.Add(duration)
clock.now = now
watchers := make([]timeWatcher, 0)
newWatchers := map[timeWatcher]struct{}{}
for w, _ := range clock.watchers {
fire := w.shouldFire(now)
if fire {
watchers = append(watchers, w)
}
if !fire || w.repeatable() {
newWatchers[w] = struct{}{}
}
}
clock.watchers = newWatchers
clock.cond.L.Unlock()
for _, w := range watchers {
w.timeUpdated(now)
}
}
func (clock *FakeClock) addTimeWatcher(tw timeWatcher) {
clock.cond.L.Lock()
clock.watchers[tw] = struct{}{}
clock.cond.L.Unlock()
// force the timer to fire
clock.Increment(0)
clock.cond.Broadcast()
}
func (clock *FakeClock) removeTimeWatcher(tw timeWatcher) {
clock.cond.L.Lock()
delete(clock.watchers, tw)
clock.cond.L.Unlock()
}

25
vendor/code.cloudfoundry.org/clock/fakeclock/fake_ticker.go generated vendored
View file

@ -1,25 +0,0 @@
package fakeclock
import (
"time"
"code.cloudfoundry.org/clock"
)
type fakeTicker struct {
timer clock.Timer
}
func newFakeTicker(timer *fakeTimer) *fakeTicker {
return &fakeTicker{
timer: timer,
}
}
func (ft *fakeTicker) C() <-chan time.Time {
return ft.timer.C()
}
func (ft *fakeTicker) Stop() {
ft.timer.Stop()
}

87
vendor/code.cloudfoundry.org/clock/fakeclock/fake_timer.go generated vendored
View file

@ -1,87 +0,0 @@
package fakeclock
import (
"sync"
"time"
)
type fakeTimer struct {
clock *FakeClock
mutex sync.Mutex
completionTime time.Time
channel chan time.Time
duration time.Duration
repeat bool
}
func newFakeTimer(clock *FakeClock, d time.Duration, repeat bool) *fakeTimer {
return &fakeTimer{
clock: clock,
completionTime: clock.Now().Add(d),
channel: make(chan time.Time, 1),
duration: d,
repeat: repeat,
}
}
func (ft *fakeTimer) C() <-chan time.Time {
ft.mutex.Lock()
defer ft.mutex.Unlock()
return ft.channel
}
func (ft *fakeTimer) reset(d time.Duration) bool {
currentTime := ft.clock.Now()
ft.mutex.Lock()
active := !ft.completionTime.IsZero()
ft.completionTime = currentTime.Add(d)
ft.mutex.Unlock()
return active
}
func (ft *fakeTimer) Reset(d time.Duration) bool {
active := ft.reset(d)
ft.clock.addTimeWatcher(ft)
return active
}
func (ft *fakeTimer) Stop() bool {
ft.mutex.Lock()
active := !ft.completionTime.IsZero()
ft.mutex.Unlock()
ft.clock.removeTimeWatcher(ft)
return active
}
func (ft *fakeTimer) shouldFire(now time.Time) bool {
ft.mutex.Lock()
defer ft.mutex.Unlock()
if ft.completionTime.IsZero() {
return false
}
return now.After(ft.completionTime) || now.Equal(ft.completionTime)
}
func (ft *fakeTimer) repeatable() bool {
return ft.repeat
}
func (ft *fakeTimer) timeUpdated(now time.Time) {
select {
case ft.channel <- now:
default:
// drop on the floor. timers have a buffered channel anyway. according to
// godoc of the `time' package a ticker can loose ticks in case of a slow
// receiver
}
if ft.repeatable() {
ft.reset(ft.duration)
}
}

1
vendor/code.cloudfoundry.org/clock/fakeclock/package.go generated vendored
View file

@ -1 +0,0 @@
package fakeclock // import "code.cloudfoundry.org/clock/fakeclock"

26
vendor/github.com/bits-and-blooms/bitset/.gitignore generated vendored
View file

@ -1,26 +0,0 @@
# Compiled Object files, Static and Dynamic libs (Shared Objects)
*.o
*.a
*.so
# Folders
_obj
_test
# Architecture specific extensions/prefixes
*.[568vq]
[568vq].out
*.cgo1.go
*.cgo2.c
_cgo_defun.c
_cgo_gotypes.go
_cgo_export.*
_testmain.go
*.exe
*.test
*.prof
target

37
vendor/github.com/bits-and-blooms/bitset/.travis.yml generated vendored
View file

@ -1,37 +0,0 @@
language: go
sudo: false
branches:
except:
- release
branches:
only:
- master
- travis
go:
- "1.11.x"
- tip
matrix:
allow_failures:
- go: tip
before_install:
- if [ -n "$GH_USER" ]; then git config --global github.user ${GH_USER}; fi;
- if [ -n "$GH_TOKEN" ]; then git config --global github.token ${GH_TOKEN}; fi;
- go get github.com/mattn/goveralls
before_script:
- make deps
script:
- make qa
after_failure:
- cat ./target/test/report.xml
after_success:
- if [ "$TRAVIS_GO_VERSION" = "1.11.1" ]; then $HOME/gopath/bin/goveralls -covermode=count -coverprofile=target/report/coverage.out -service=travis-ci; fi;

27
vendor/github.com/bits-and-blooms/bitset/LICENSE generated vendored
View file

@ -1,27 +0,0 @@
Copyright (c) 2014 Will Fitzgerald. All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are
met:
* Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above
copyright notice, this list of conditions and the following disclaimer
in the documentation and/or other materials provided with the
distribution.
* Neither the name of Google Inc. nor the names of its
contributors may be used to endorse or promote products derived from
this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

159
vendor/github.com/bits-and-blooms/bitset/README.md generated vendored
View file

@ -1,159 +0,0 @@
# bitset
*Go language library to map between non-negative integers and boolean values*
[![Test](https://github.com/bits-and-blooms/bitset/workflows/Test/badge.svg)](https://github.com/willf/bitset/actions?query=workflow%3ATest)
[![Go Report Card](https://goreportcard.com/badge/github.com/willf/bitset)](https://goreportcard.com/report/github.com/willf/bitset)
[![PkgGoDev](https://pkg.go.dev/badge/github.com/bits-and-blooms/bitset?tab=doc)](https://pkg.go.dev/github.com/bits-and-blooms/bitset?tab=doc)
This library is part of the [awesome go collection](https://github.com/avelino/awesome-go). It is used in production by several important systems:
* [beego](https://github.com/beego/beego)
* [CubeFS](https://github.com/cubefs/cubefs)
* [Amazon EKS Distro](https://github.com/aws/eks-distro)
* [sourcegraph](https://github.com/sourcegraph/sourcegraph)
* [torrent](https://github.com/anacrolix/torrent)
## Description
Package bitset implements bitsets, a mapping between non-negative integers and boolean values.
It should be more efficient than map[uint] bool.
It provides methods for setting, clearing, flipping, and testing individual integers.
But it also provides set intersection, union, difference, complement, and symmetric operations, as well as tests to check whether any, all, or no bits are set, and querying a bitset's current length and number of positive bits.
BitSets are expanded to the size of the largest set bit; the memory allocation is approximately Max bits, where Max is the largest set bit. BitSets are never shrunk. On creation, a hint can be given for the number of bits that will be used.
Many of the methods, including Set, Clear, and Flip, return a BitSet pointer, which allows for chaining.
### Example use:
```go
package main
import (
"fmt"
"math/rand"
"github.com/bits-and-blooms/bitset"
)
func main() {
fmt.Printf("Hello from BitSet!\n")
var b bitset.BitSet
// play some Go Fish
for i := 0; i < 100; i++ {
card1 := uint(rand.Intn(52))
card2 := uint(rand.Intn(52))
b.Set(card1)
if b.Test(card2) {
fmt.Println("Go Fish!")
}
b.Clear(card1)
}
// Chaining
b.Set(10).Set(11)
for i, e := b.NextSet(0); e; i, e = b.NextSet(i + 1) {
fmt.Println("The following bit is set:", i)
}
if b.Intersection(bitset.New(100).Set(10)).Count() == 1 {
fmt.Println("Intersection works.")
} else {
fmt.Println("Intersection doesn't work???")
}
}
```
Package documentation is at: https://pkg.go.dev/github.com/bits-and-blooms/bitset?tab=doc
## Serialization
You may serialize a bitset safely and portably to a stream
of bytes as follows:
```Go
const length = 9585
const oneEvery = 97
bs := bitset.New(length)
// Add some bits
for i := uint(0); i < length; i += oneEvery {
bs = bs.Set(i)
}
var buf bytes.Buffer
n, err := bs.WriteTo(&buf)
if err != nil {
// failure
}
// Here n == buf.Len()
```
You can later deserialize the result as follows:
```Go
// Read back from buf
bs = bitset.New()
n, err = bs.ReadFrom(&buf)
if err != nil {
// error
}
// n is the number of bytes read
```
The `ReadFrom` function attempts to read the data into the existing
BitSet instance, to minimize memory allocations.
*Performance tip*:
When reading and writing to a file or a network connection, you may get better performance by
wrapping your streams with `bufio` instances.
E.g.,
```Go
f, err := os.Create("myfile")
w := bufio.NewWriter(f)
```
```Go
f, err := os.Open("myfile")
r := bufio.NewReader(f)
```
## Memory Usage
The memory usage of a bitset using `N` bits is at least `N/8` bytes. The number of bits in a bitset is at least as large as one plus the greatest bit index you have accessed. Thus it is possible to run out of memory while using a bitset. If you have lots of bits, you might prefer compressed bitsets, like the [Roaring bitmaps](http://roaringbitmap.org) and its [Go implementation](https://github.com/RoaringBitmap/roaring).
The `roaring` library allows you to go back and forth between compressed Roaring bitmaps and the conventional bitset instances:
```Go
mybitset := roaringbitmap.ToBitSet()
newroaringbitmap := roaring.FromBitSet(mybitset)
```
## Implementation Note
Go 1.9 introduced a native `math/bits` library. We provide backward compatibility to Go 1.7, which might be removed.
It is possible that a later version will match the `math/bits` return signature for counts (which is `int`, rather than our library's `uint64`). If so, the version will be bumped.
## Installation
```bash
go get github.com/bits-and-blooms/bitset
```
## Contributing
If you wish to contribute to this project, please branch and issue a pull request against master ("[GitHub Flow](https://guides.github.com/introduction/flow/)")
## Running all tests
Before committing the code, please check if it passes tests, has adequate coverage, etc.
```bash
go test
go test -cover
```

5
vendor/github.com/bits-and-blooms/bitset/SECURITY.md generated vendored
View file

@ -1,5 +0,0 @@
# Security Policy
## Reporting a Vulnerability
You can report privately a vulnerability by email at daniel@lemire.me (current maintainer).

39
vendor/github.com/bits-and-blooms/bitset/azure-pipelines.yml generated vendored
View file

@ -1,39 +0,0 @@
# Go
# Build your Go project.
# Add steps that test, save build artifacts, deploy, and more:
# https://docs.microsoft.com/azure/devops/pipelines/languages/go
trigger:
- master
pool:
vmImage: 'Ubuntu-16.04'
variables:
GOBIN: '$(GOPATH)/bin' # Go binaries path
GOROOT: '/usr/local/go1.11' # Go installation path
GOPATH: '$(system.defaultWorkingDirectory)/gopath' # Go workspace path
modulePath: '$(GOPATH)/src/github.com/$(build.repository.name)' # Path to the module's code
steps:
- script: |
mkdir -p '$(GOBIN)'
mkdir -p '$(GOPATH)/pkg'
mkdir -p '$(modulePath)'
shopt -s extglob
shopt -s dotglob
mv !(gopath) '$(modulePath)'
echo '##vso[task.prependpath]$(GOBIN)'
echo '##vso[task.prependpath]$(GOROOT)/bin'
displayName: 'Set up the Go workspace'
- script: |
go version
go get -v -t -d ./...
if [ -f Gopkg.toml ]; then
curl https://raw.githubusercontent.com/golang/dep/master/install.sh | sh
dep ensure
fi
go build -v .
workingDirectory: '$(modulePath)'
displayName: 'Get dependencies, then build'

1184
vendor/github.com/bits-and-blooms/bitset/bitset.go generated vendored
View file

File diff suppressed because it is too large Load diff

53
vendor/github.com/bits-and-blooms/bitset/popcnt.go generated vendored
View file

@ -1,53 +0,0 @@
package bitset
// bit population count, take from
// https://code.google.com/p/go/issues/detail?id=4988#c11
// credit: https://code.google.com/u/arnehormann/
func popcount(x uint64) (n uint64) {
x -= (x >> 1) & 0x5555555555555555
x = (x>>2)&0x3333333333333333 + x&0x3333333333333333
x += x >> 4
x &= 0x0f0f0f0f0f0f0f0f
x *= 0x0101010101010101
return x >> 56
}
func popcntSliceGo(s []uint64) uint64 {
cnt := uint64(0)
for _, x := range s {
cnt += popcount(x)
}
return cnt
}
func popcntMaskSliceGo(s, m []uint64) uint64 {
cnt := uint64(0)
for i := range s {
cnt += popcount(s[i] &^ m[i])
}
return cnt
}
func popcntAndSliceGo(s, m []uint64) uint64 {
cnt := uint64(0)
for i := range s {
cnt += popcount(s[i] & m[i])
}
return cnt
}
func popcntOrSliceGo(s, m []uint64) uint64 {
cnt := uint64(0)
for i := range s {
cnt += popcount(s[i] | m[i])
}
return cnt
}
func popcntXorSliceGo(s, m []uint64) uint64 {
cnt := uint64(0)
for i := range s {
cnt += popcount(s[i] ^ m[i])
}
return cnt
}

62
vendor/github.com/bits-and-blooms/bitset/popcnt_19.go generated vendored
View file

@ -1,62 +0,0 @@
//go:build go1.9
// +build go1.9
package bitset
import "math/bits"
func popcntSlice(s []uint64) uint64 {
var cnt int
for _, x := range s {
cnt += bits.OnesCount64(x)
}
return uint64(cnt)
}
func popcntMaskSlice(s, m []uint64) uint64 {
var cnt int
// this explicit check eliminates a bounds check in the loop
if len(m) < len(s) {
panic("mask slice is too short")
}
for i := range s {
cnt += bits.OnesCount64(s[i] &^ m[i])
}
return uint64(cnt)
}
func popcntAndSlice(s, m []uint64) uint64 {
var cnt int
// this explicit check eliminates a bounds check in the loop
if len(m) < len(s) {
panic("mask slice is too short")
}
for i := range s {
cnt += bits.OnesCount64(s[i] & m[i])
}
return uint64(cnt)
}
func popcntOrSlice(s, m []uint64) uint64 {
var cnt int
// this explicit check eliminates a bounds check in the loop
if len(m) < len(s) {
panic("mask slice is too short")
}
for i := range s {
cnt += bits.OnesCount64(s[i] | m[i])
}
return uint64(cnt)
}
func popcntXorSlice(s, m []uint64) uint64 {
var cnt int
// this explicit check eliminates a bounds check in the loop
if len(m) < len(s) {
panic("mask slice is too short")
}
for i := range s {
cnt += bits.OnesCount64(s[i] ^ m[i])
}
return uint64(cnt)
}

68
vendor/github.com/bits-and-blooms/bitset/popcnt_amd64.go generated vendored
View file

@ -1,68 +0,0 @@
//go:build !go1.9 && amd64 && !appengine
// +build !go1.9,amd64,!appengine
package bitset
// *** the following functions are defined in popcnt_amd64.s
//go:noescape
func hasAsm() bool
// useAsm is a flag used to select the GO or ASM implementation of the popcnt function
var useAsm = hasAsm()
//go:noescape
func popcntSliceAsm(s []uint64) uint64
//go:noescape
func popcntMaskSliceAsm(s, m []uint64) uint64
//go:noescape
func popcntAndSliceAsm(s, m []uint64) uint64
//go:noescape
func popcntOrSliceAsm(s, m []uint64) uint64
//go:noescape
func popcntXorSliceAsm(s, m []uint64) uint64
func popcntSlice(s []uint64) uint64 {
if useAsm {
return popcntSliceAsm(s)
}
return popcntSliceGo(s)
}
func popcntMaskSlice(s, m []uint64) uint64 {
if useAsm {
return popcntMaskSliceAsm(s, m)
}
return popcntMaskSliceGo(s, m)
}
func popcntAndSlice(s, m []uint64) uint64 {
if useAsm {
return popcntAndSliceAsm(s, m)
}
return popcntAndSliceGo(s, m)
}
func popcntOrSlice(s, m []uint64) uint64 {
if useAsm {
return popcntOrSliceAsm(s, m)
}
return popcntOrSliceGo(s, m)
}
func popcntXorSlice(s, m []uint64) uint64 {
if useAsm {
return popcntXorSliceAsm(s, m)
}
return popcntXorSliceGo(s, m)
}

104
vendor/github.com/bits-and-blooms/bitset/popcnt_amd64.s generated vendored
View file

@ -1,104 +0,0 @@
// +build !go1.9
// +build amd64,!appengine
TEXT ·hasAsm(SB),4,$0-1
MOVQ $1, AX
CPUID
SHRQ $23, CX
ANDQ $1, CX
MOVB CX, ret+0(FP)
RET
#define POPCNTQ_DX_DX BYTE $0xf3; BYTE $0x48; BYTE $0x0f; BYTE $0xb8; BYTE $0xd2
TEXT ·popcntSliceAsm(SB),4,$0-32
XORQ AX, AX
MOVQ s+0(FP), SI
MOVQ s_len+8(FP), CX
TESTQ CX, CX
JZ popcntSliceEnd
popcntSliceLoop:
BYTE $0xf3; BYTE $0x48; BYTE $0x0f; BYTE $0xb8; BYTE $0x16 // POPCNTQ (SI), DX
ADDQ DX, AX
ADDQ $8, SI
LOOP popcntSliceLoop
popcntSliceEnd:
MOVQ AX, ret+24(FP)
RET
TEXT ·popcntMaskSliceAsm(SB),4,$0-56
XORQ AX, AX
MOVQ s+0(FP), SI
MOVQ s_len+8(FP), CX
TESTQ CX, CX
JZ popcntMaskSliceEnd
MOVQ m+24(FP), DI
popcntMaskSliceLoop:
MOVQ (DI), DX
NOTQ DX
ANDQ (SI), DX
POPCNTQ_DX_DX
ADDQ DX, AX
ADDQ $8, SI
ADDQ $8, DI
LOOP popcntMaskSliceLoop
popcntMaskSliceEnd:
MOVQ AX, ret+48(FP)
RET
TEXT ·popcntAndSliceAsm(SB),4,$0-56
XORQ AX, AX
MOVQ s+0(FP), SI
MOVQ s_len+8(FP), CX
TESTQ CX, CX
JZ popcntAndSliceEnd
MOVQ m+24(FP), DI
popcntAndSliceLoop:
MOVQ (DI), DX
ANDQ (SI), DX
POPCNTQ_DX_DX
ADDQ DX, AX
ADDQ $8, SI
ADDQ $8, DI
LOOP popcntAndSliceLoop
popcntAndSliceEnd:
MOVQ AX, ret+48(FP)
RET
TEXT ·popcntOrSliceAsm(SB),4,$0-56
XORQ AX, AX
MOVQ s+0(FP), SI
MOVQ s_len+8(FP), CX
TESTQ CX, CX
JZ popcntOrSliceEnd
MOVQ m+24(FP), DI
popcntOrSliceLoop:
MOVQ (DI), DX
ORQ (SI), DX
POPCNTQ_DX_DX
ADDQ DX, AX
ADDQ $8, SI
ADDQ $8, DI
LOOP popcntOrSliceLoop
popcntOrSliceEnd:
MOVQ AX, ret+48(FP)
RET
TEXT ·popcntXorSliceAsm(SB),4,$0-56
XORQ AX, AX
MOVQ s+0(FP), SI
MOVQ s_len+8(FP), CX
TESTQ CX, CX
JZ popcntXorSliceEnd
MOVQ m+24(FP), DI
popcntXorSliceLoop:
MOVQ (DI), DX
XORQ (SI), DX
POPCNTQ_DX_DX
ADDQ DX, AX
ADDQ $8, SI
ADDQ $8, DI
LOOP popcntXorSliceLoop
popcntXorSliceEnd:
MOVQ AX, ret+48(FP)
RET

25
vendor/github.com/bits-and-blooms/bitset/popcnt_generic.go generated vendored
View file

@ -1,25 +0,0 @@
//go:build !go1.9 && (!amd64 || appengine)
// +build !go1.9
// +build !amd64 appengine
package bitset
func popcntSlice(s []uint64) uint64 {
return popcntSliceGo(s)
}
func popcntMaskSlice(s, m []uint64) uint64 {
return popcntMaskSliceGo(s, m)
}
func popcntAndSlice(s, m []uint64) uint64 {
return popcntAndSliceGo(s, m)
}
func popcntOrSlice(s, m []uint64) uint64 {
return popcntOrSliceGo(s, m)
}
func popcntXorSlice(s, m []uint64) uint64 {
return popcntXorSliceGo(s, m)
}

45
vendor/github.com/bits-and-blooms/bitset/select.go generated vendored
View file

@ -1,45 +0,0 @@
package bitset
func select64(w uint64, j uint) uint {
seen := 0
// Divide 64bit
part := w & 0xFFFFFFFF
n := uint(popcount(part))
if n <= j {
part = w >> 32
seen += 32
j -= n
}
ww := part
// Divide 32bit
part = ww & 0xFFFF
n = uint(popcount(part))
if n <= j {
part = ww >> 16
seen += 16
j -= n
}
ww = part
// Divide 16bit
part = ww & 0xFF
n = uint(popcount(part))
if n <= j {
part = ww >> 8
seen += 8
j -= n
}
ww = part
// Lookup in final byte
counter := 0
for ; counter < 8; counter++ {
j -= uint((ww >> counter) & 1)
if j+1 == 0 {
break
}
}
return uint(seen + counter)
}

15
vendor/github.com/bits-and-blooms/bitset/trailing_zeros_18.go generated vendored
View file

@ -1,15 +0,0 @@
//go:build !go1.9
// +build !go1.9
package bitset
var deBruijn = [...]byte{
0, 1, 56, 2, 57, 49, 28, 3, 61, 58, 42, 50, 38, 29, 17, 4,
62, 47, 59, 36, 45, 43, 51, 22, 53, 39, 33, 30, 24, 18, 12, 5,
63, 55, 48, 27, 60, 41, 37, 16, 46, 35, 44, 21, 52, 32, 23, 11,
54, 26, 40, 15, 34, 20, 31, 10, 25, 14, 19, 9, 13, 8, 7, 6,
}
func trailingZeroes64(v uint64) uint {
return uint(deBruijn[((v&-v)*0x03f79d71b4ca8b09)>>58])
}

10
vendor/github.com/bits-and-blooms/bitset/trailing_zeros_19.go generated vendored
View file

@ -1,10 +0,0 @@
//go:build go1.9
// +build go1.9
package bitset
import "math/bits"
func trailingZeroes64(v uint64) uint {
return uint(bits.TrailingZeros64(v))
}

1
vendor/github.com/containerd/containerd/images/archive/exporter.go generated vendored
View file

@ -471,7 +471,6 @@ func ociIndexRecord(manifests []ocispec.Descriptor) tarRecord {
Versioned: ocispecs.Versioned{
SchemaVersion: 2,
},
MediaType: ocispec.MediaTypeImageIndex,
Manifests: manifests,
}

2
vendor/github.com/containerd/containerd/version/version.go generated vendored
View file

@ -23,7 +23,7 @@ var (
Package = "github.com/containerd/containerd"
// Version holds the complete version number. Filled in at linking time.
Version = "1.7.15+unknown"
Version = "1.7.14+unknown"
// Revision is filled with the VCS (e.g. git) revision being used to build
// the program at linking time.

Some files were not shown because too many files have changed in this diff Show more