Commit graph

1821 commits

Author SHA1 Message Date
Akihiro Suda
19a7875c3c
vendor: golang.org/x/sys v0.0.0-20220319134239-a9b59b0215f8
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2022-03-26 02:10:12 +09:00
Sebastiaan van Stijn
ec221d6881
vendor: github.com/containerd/containerd v1.6.2
includes a fix for CVE-2022-24769.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-24 17:33:54 +01:00
CrazyMax
ff35785cfc
vendor buildkit 8d45bd6 that fixes dockerd worker integration tests
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2022-03-23 16:07:04 +01:00
CrazyMax
a2aaf4cc83
vendor buildkit v0.10.0
Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2022-03-22 18:51:27 +01:00
Brian Goff
6b9b445af6
Merge pull request #42330 from AkihiroSuda/rootlesskit-info
version: add RootlessKit, slirp4netns, and VPNKit version
2022-03-22 10:27:07 -07:00
Sebastiaan van Stijn
917b44799d
vendor: golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd
full diff: 5770296d90...3147a52a75

This version contains a fix for CVE-2022-27191 (not sure if it affects us).

From the golang mailing list:

    Hello gophers,

    Version v0.0.0-20220315160706-3147a52a75dd of golang.org/x/crypto/ssh implements
    client authentication support for signature algorithms based on SHA-2 for use with
    existing RSA keys.

    Previously, a client would fail to authenticate with RSA keys to servers that
    reject signature algorithms based on SHA-1. This includes OpenSSH 8.8 by default
    and—starting today March 15, 2022 for recently uploaded keys.

    We are providing this announcement as the error (“ssh: unable to authenticate”)
    might otherwise be difficult to troubleshoot.

    Version v0.0.0-20220314234659-1baeb1ce4c0b (included in the version above) also
    fixes a potential security issue where an attacker could cause a crash in a
    golang.org/x/crypto/ssh server under these conditions:

    - The server has been configured by passing a Signer to ServerConfig.AddHostKey.
    - The Signer passed to AddHostKey does not also implement AlgorithmSigner.
    - The Signer passed to AddHostKey does return a key of type “ssh-rsa” from its PublicKey method.

    Servers that only use Signer implementations provided by the ssh package are
    unaffected. This is CVE-2022-27191.

    Alla prossima,

    Filippo for the Go Security team

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-17 13:59:03 +01:00
Akihiro Suda
de6732a403
version: add RootlessKit, slirp4netns, and VPNKit version
```console
$ docker --context=rootless version
...
Server:
...
 rootlesskit:
  Version:          0.14.2
  ApiVersion:       1.1.1
  NetworkDriver:    slirp4netns
  PortDriver:       builtin
  StateDir:         /tmp/rootlesskit245426514
 slirp4netns:
  Version:          1.1.9
  GitCommit:        4e37ea557562e0d7a64dc636eff156f64927335e
```

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2022-03-15 15:44:42 +09:00
Sebastiaan van Stijn
7df7357e08
vendor: cloud.google.com/go v0.92.0, google.golang.org/api v0.54.0
this removes a `tools.go` from the dependency, which caused various test
dependencies to be ending up in the dependency-tree, and are now gone.

- cloud.google.com/go v0.92.0: https://github.com/googleapis/google-cloud-go/compare/v0.81.0...v0.92.0
- google.golang.org/api v0.54.0: https://github.com/googleapis/google-api-go-client/compare/v0.46.0...v0.54.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-11 20:01:57 +01:00
Cory Snider
b36fb04e03 vendor: github.com/containerd/containerd v1.6.1
Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-03-10 17:48:10 -05:00
Cory Snider
00ba5bdb98 Unpin grpc, protobuf dependencies
...in preparation for upgrading containerd.

Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-03-10 17:48:10 -05:00
Cory Snider
06c797f517 vendor: github.com/docker/swarmkit 616e8db4c3b0
Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-03-10 17:48:09 -05:00
Sebastiaan van Stijn
b92af14a1c
vendor: github.com/docker/distribution v2.8.1
no changes to code we use, but the v2.8.0 module was borked

full diff: https://github.com/docker/distribution/compare/v2.8.0...v2.8.1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-09 20:27:02 +01:00
Sebastiaan van Stijn
2c97295ad8
daemon: remove v1 shim configuration for containerd
This removes the plugin section from the containerd configuration file
(`/var/run/docker/containerd/containerd.toml`) that is generated when
starting containerd as child process;

```toml
[plugins]
  [plugins.linux]
    shim = "containerd-shim"
    runtime = "runc"
    runtime_root = "/var/lib/docker/runc"
    no_shim = false
    shim_debug = true
```

This configuration doesn't appear to be used since commit:
0b14c2b67a, which switched the default runtime
to to io.containerd.runc.v2.

Note that containerd itself uses `containerd-shim` and `runc` as default
for `shim` and `runtime` v1, so omitting that configuration doesn't seem
to make a difference.

I'm slightly confused if any of the other options in this configuration were
actually used: for example, even though `runtime_root` was configured to be
`/var/lib/docker/runc`, when starting a container with that coniguration set
on docker 19.03, `/var/lib/docker/runc` doesn't appear to exist:

```console
$ docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS               NAMES
098baa4cb0e7        nginx:alpine        "/docker-entrypoint.…"   59 minutes ago      Up 59 minutes       80/tcp              foo

$ ls /var/lib/docker/runc
ls: /var/lib/docker/runc: No such file or directory

$ ps auxf
PID   USER     TIME  COMMAND
    1 root      0:00 sh
   16 root      0:11 dockerd --debug
   26 root      0:09 containerd --config /var/run/docker/containerd/containerd.toml --log-level debug
  234 root      0:00 containerd-shim -namespace moby -workdir /var/lib/docker/containerd/daemon/io.containerd.runtime.v1.linux/moby/09
  251 root      0:00 nginx: master process nginx -g daemon off;
  304 101       0:00 nginx: worker process
...

```

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-07 19:31:24 +01:00
Sebastiaan van Stijn
b4a943afab
vendor: github.com/containerd/containerd v1.5.10
full diff: https://github.com/containerd/containerd/compare/v1.5.9...v1.5.10

relevant changes in vendored code:

- Use readonly mount to read user/group info

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-04 18:07:09 +01:00
Sebastiaan van Stijn
de0eabbd66
vendor: github.com/vishvananda/netns v0.0.0-20210104183010-2eb08e3e575f
full diff: db3c7e526a...2eb08e3e57

- Add support for detecting netns for all possible QoS in Kubernetes
- Add go1.10 build constraint

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-01 22:58:47 +01:00
Sebastiaan van Stijn
d8e1746466
vendor: github.com/tonistiigi/fsutil v0.0.0-20220115021204-b19f7f9cb274
full diff: d72af97c0e...b19f7f9cb2

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-01 22:41:22 +01:00
Sebastiaan van Stijn
931b455f27
vendor: github.com/hashicorp/errwrap v1.1.0
deprecates `errwrap.Wrapf()`

That function appears to be still used by `go-multierror.Prefix()`);
https://github.com/hashicorp/go-multierror/blob/v1.1.1/prefix.go#L30-L35
which itself is only used in a single place in `containerd/pkg/process`:
https://github.com/containerd/containerd/blob/v1.5.9/pkg/process/io.go#L438

full diff: https://github.com/hashicorp/errwrap/compare/v1.0.0...v1.1.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-01 18:06:12 +01:00
Sebastiaan van Stijn
4d1c323796
vendor: golang.org/x/text v0.3.7
full diff: https://github.com/golang/text/compare/v0.3.6...v0.3.7

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-01 18:04:19 +01:00
Sebastiaan van Stijn
7f9c77b2fe
vendor: golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f
full diff: 6f1e639406...2bc19b1117

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-01 18:03:34 +01:00
Sebastiaan van Stijn
a69cda092b
vendor: golang.org/x/lint v0.0.0-20210508222113-6edffad5e616
no changes in vendored code

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-01 18:02:03 +01:00
Sebastiaan van Stijn
c03ae0b726
vendor: github.com/cespare/xxhash/v2 v2.1.2
full diff: https://github.com/cespare/xxhash/compare/v2.1.1...v2.1.2

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-01 18:00:17 +01:00
Sebastiaan van Stijn
2634edec6e
vendor: github.com/klauspost/compress v1.14.3
full diff: https://github.com/klauspost/compress/compare/v1.14.2...v1.14.3

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-01 17:57:38 +01:00
Sebastiaan van Stijn
8bf694b427
vendor: github.com/google/go-cmp v0.5.7
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-01 17:04:32 +01:00
Sebastiaan van Stijn
89d39e5e77
vendor: gotest.tools/v3 v3.1.0
full diff: https://github.com/gotestyourself/gotest.tools/compare/v3.0.3...v3.1.0

noteworthy changes:

- ci: add go1.16
- ci: add go1.17, remove go1.13
- golden: only create dir if update flag is set
- icmd: replace all usages of os/exec with golang.org/x/sys/execabs
- assert: ErrorIs
- fs: add DirFromPath
- Stop creating directory outside of testdata
- fs: Fix comparing symlink permissions

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-01 17:02:53 +01:00
Sebastiaan van Stijn
c35143f92e
vendor: github.com/moby/sys/mount v0.3.1
full diff: https://github.com/moby/sys/compare/mount/v0.3.0...mount/v0.3.1

- mount: fix unused/deadcode warnings on Mac
- mount: bump mountinfo to v0.6.0
- Makefile: rm .SHELLFLAGS, add set -e

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-03-01 17:02:07 +01:00
Sebastiaan van Stijn
9d6382f2b3
vendor: github.com/Microsoft/hcsshim v0.9.2
full diff: https://github.com/Microsoft/hcsshim/compare/v0.8.23...v0.9.2

diff is hard to compare on github, because Microsoft/opengcs was merged into
hcsshim; https://github.com/microsoft/hcsshim/pull/973

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-02-24 21:28:18 +01:00
Brian Goff
5c36bb7206
Merge pull request #43287 from thaJeztah/bump_dependencies_for_buildkit
vendor: update various dependencies in preparation of BuildKit update
2022-02-24 11:05:48 -08:00
Sebastiaan van Stijn
c72c1ca62c
Merge pull request #43185 from corhere/42402-safer-fileinfo
Remove local fork of archive/tar package
2022-02-24 10:36:14 +01:00
Sebastiaan van Stijn
ace606fd75
vendor: github.com/aws/aws-sdk-go v1.31.6
full diff: https://github.com/aws/aws-sdk-go/compare/v1.28.11...v1.31.6

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-02-23 19:49:51 +01:00
Sebastiaan van Stijn
0809bd6859
vendor: github.com/klauspost/compress v1.14.2
full diff: https://github.com/klauspost/compress/compare/v1.12.3...v1.14.2

Relevant changes affecting vendor:

- docs: Add combined LICENSE file
- Add snappy replacement package
- tests: Remove snappy dependency for tests
- huff0: Add size estimation function
- huff0: Improve 4X decompression speed
- huff0: Improve 4X decompression speed 5-10%
- huff0: Faster 1X Decompression
- zstd: Spawn decoder goroutine only if needed
- zstd: Detect short invalid signatures
- zstd: Add configurable Decoder window size
- zstd: Add stream content size
- zstd: Simplify hashing functions
- zstd: use SpeedBestCompression for level >= 10
- zstd: Fix WriteTo error forwarding
- zstd: Improve Best compression
- zstd: Fix incorrect encoding in best mode
- zstd: pooledZipWriter should return Writers to the same pool
- zstd: Upgrade xxhash
- zstd: Improve block encoding speed
- zstd: add arm64 xxhash assembly
- zstd: Minor decoder improvements
- zstd: Minor performance tweaks
- zstd: Add bigger default blocks
- zstd: Remove unused decompression buffer
- zstd: fix logically dead code
- zstd: Add noasm tag for xxhash
- zstd: improve header decoder

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-02-23 19:41:14 +01:00
Sebastiaan van Stijn
20e5d6b3e3
vendor: github.com/pelletier/go-toml v1.9.4
full diff: https://github.com/pelletier/go-toml/compare/v1.9.1...v1.9.4

- Add Encoder.CompactComments to omit extra new line
- Clarify license and comply with Apache 2.0
- feat(tomll): add multiLineArray flag to linter

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-02-23 19:25:30 +01:00
Sebastiaan van Stijn
812dacb676
vendor: github.com/containerd/continuity v0.2.2
full diff: https://github.com/containerd/continuity/compare/v0.1.0...v0.2.2

- fs/stat: add FreeBSD, and cleanup some nolint-comments
- go.mod: bazil.org/fuse v0.0.0-20200407214033-5883e5a4b5125
- Fix darwin issues
- Remove direct dependency on github.com/pkg/errors
- Do not log errors before returning them
- Build containerd/continuity on multiple Unix OSes
- Update CI Go version to 1.17
- fs: use syscall.Timespec.Unix

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-02-23 19:22:36 +01:00
Sebastiaan van Stijn
461845bfbc
vendor: github.com/containerd/cgroups v1.0.3
full diff: https://github.com/containerd/cgroups/compare/v1.0.1...v1.0.3

- cgroup v1: implement AddProc()
- cgroup v1: reduce duplicated code
- cgroup v2: Fix potential dirfd leak
- cgroup v2: remove unimplemented errors and ErrorHandler, IgnoreNotExist
- cgroup v2: v2: Fix inotify fd leak when cgroup is deleted
- cgroup.go: avoid panic on nil interface
- cgroup: Optionally add process and task to a subsystems subset
- fix Implicit memory aliasing in for loop
- go.mod: coreos/go-systemd/v22 v22.3.2 to prepare for deprecations
- Improvements on cgroup v2 support
- replace pkg/errors from vendor
- Use /proc/partitions to get device names
- utils: export ParseCgroupFile()

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-02-23 19:04:43 +01:00
Sebastiaan van Stijn
7876c53424
vendor: golang.org/x/tools v0.1.5
full diff: https://github.com/golang/tools/compare/v0.1.0...v0.1.5

It's not used, but one of our dependencies has a `tools.go` file that forces
it to be vendored; vendor/cloud.google.com/go/tools.go

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-02-23 18:42:17 +01:00
Sebastiaan van Stijn
1b829c2a6a
vendor: golang.org/x/mod v0.4.2
full diff: https://github.com/golang/mod/compare/v0.4.1...v0.4.2

It's not used, but one of our dependencies has a `tools.go` file that forces
it to be vendored; vendor/cloud.google.com/go/tools.go

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-02-23 18:37:58 +01:00
Sebastiaan van Stijn
6be521ccb8
vendor: golang.org/x/oauth2 v0.0.0-20210805134026-6f1e6394065a
full diff: f6687ab280...6f1e639406

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-02-23 18:30:08 +01:00
Sebastiaan van Stijn
8f106d4576
vendor: github.com/google/go-cmp v0.5.6
full diff: http://github.com/google/go-cmp/compare/v0.5.5...v0.5.6

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-02-23 18:29:02 +01:00
Cory Snider
e9bbc41dd1 Remove local fork of archive/tar package
A copy of Go's archive/tar packge was vendored with a patch applied to
mitigate CVE-2019-14271. Vendoring standard library packages is not
supported by Go in module-aware mode, which is getting in the way of
maintenance. A different approach to mitigate the vulnerability is
needed which does not involve vendoring parts of the standard library.

glibc implements name service lookups such as users, groups and DNS
using a scheme known as Name Service Switch. The services are
implemented as modules, shared libraries which glibc dynamically links
into the process the first time a function requiring the module is
called. This is the crux of the vulnerability: if a process linked
against glibc chroots, then calls one of the functions implemented with
NSS for the first time, glibc may load NSS modules out of the chrooted
filesystem.

The API underlying the `docker cp` command is implemented by forking a
new process which chroots into the container's rootfs and writes a tar
stream of files from the container over standard output. It utilizes the
Go standard library's archive/tar package to write the tar stream. It
makes use of the tar.FileInfoHeader function to construct a tar.Header
value from an fs.FileInfo value. In modern versions of Go on *nix
platforms, FileInfoHeader will attempt to resolve the file's UID and GID
to their respective user and group names by calling the os/user
functions LookupId and LookupGroupId. The cgo implementation of os/user
on *nix performs lookups by calling the corresponding libc functions. So
when linked against glibc, calls to tar.FileInfoHeader after the
process has chrooted into the container's rootfs can have the side
effect of loading NSS modules from the container! Without any
mitigations, a malicious container image author can trivially get
arbitrary code execution by leveraging this vulnerability and escape the
chroot (which is not a sandbox) into the host.

Mitigate the vulnerability without patching or forking archive/tar by
hiding the OS-dependent file info from tar.FileInfoHeader which it needs
to perform the lookups. Without that information available it falls back
to populating the tar.Header with only the information obtainable
directly from the FileInfo value without making any calls into os/user.

Fixes #42402

Signed-off-by: Cory Snider <csnider@mirantis.com>
2022-02-18 13:40:19 -05:00
Akihiro Suda
dca8689cd1
Merge pull request #43240 from thaJeztah/remove_more_replaces
vendor.mod: google/go-cmp v0.5.5, golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c, containerd v1.5.9
2022-02-16 13:17:58 +09:00
Sebastiaan van Stijn
2ac898c232
vendor: github.com/moby/sys/signal v0.7.0
full diff: https://github.com/moby/sys/compare/signal/v0.6.0...signal/v0.7.0

- add LCOW supported signals to windows signal map

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-02-15 15:58:05 +01:00
Sebastiaan van Stijn
9c2646e486
vendor: github.com/moby/sys/mountinfo v0.6.0
full diff: https://github.com/moby/sys/compare/mountinfo/v0.5.0...mountinfo/v0.6.0

- Add MountedFast (Note: most users should keep using Mounted, which already
  incorporates all optimizations from MountedFast)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-02-15 15:57:30 +01:00
Sebastiaan van Stijn
c2b33f8684
vendor: github.com/fsnotify/fsnotify v1.5.1
full diff: https://github.com/fsnotify/fsnotify/compare/v1.4.9...v1.5.1

Relevant changes:

- Fix unsafe pointer conversion
- Drop support/testing for Go 1.11 and earlier
- Update x/sys to latest
- add //go:build lines
- add go 1.17 to test matrix

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-02-15 15:56:35 +01:00
Sebastiaan van Stijn
3776fe6256
vendor: github.com/containerd/containerd v1.5.9
no significant changes in vendored code (we already updated image-spec to v1.0.2)

full diff: https://github.com/containerd/containerd/compare/v1.5.8...v1.5.9

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-02-15 15:53:30 +01:00
Sebastiaan van Stijn
3ddf696a2d
vendor: golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c
Remove the replace rule, and use the version as specified by (indirect) dependencies:

full diff: bf48bf16ab...f6687ab280

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-02-15 15:43:04 +01:00
Sebastiaan van Stijn
42d2f0bbc7
vendor: github.com/google/go-cmp v0.5.5
Remove the replace rule, and use the version as specified by (indirect) dependencies:

full diff: https://github.com/google/go-cmp/compare/v0.2.0...v0.5.5

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-02-15 15:39:33 +01:00
Sebastiaan van Stijn
fada92c393
vendor: github.com/prometheus/common v0.10.0
Only a single change affecting the vendored code:

- Support 0 for model.Duration

full diff: https://github.com/prometheus/common/compare/v0.9.1...v0.10.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-02-14 21:32:12 +01:00
Sebastiaan van Stijn
147752ee05
vendor: github.com/grpc-ecosystem/go-grpc-middleware v1.3.0
removing the replace rule; no actual code changes in the vendored files (only
some changes in docs).

full diff: https://github.com/grpc-ecosystem/go-grpc-middleware/compare/v1.2.0...v1.3.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-02-14 21:22:28 +01:00
Sebastiaan van Stijn
f9f11050cc
vendor.mod: don't replace github.com/stretchr/testify
It's not vendored, so no changes in vendored code

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-02-14 19:33:04 +01:00
Sebastiaan van Stijn
738bd5a90e
vendor.mod: don't replace github.com/containerd/containerd
Looks like the `replace` rule was also matching what we're already vendoring,
so we can remove it:

    github.com/containerd/containerd v1.5.8 => github.com/containerd/containerd v1.5.8

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-02-14 18:51:39 +01:00
Sebastiaan van Stijn
be4144c153
vendor.mod: don't replace gopkg.in/fsnotify.v1
It's not vendored, so no changes in vendored code

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-02-14 16:33:17 +01:00
Sebastiaan van Stijn
9f7280f2d2
vendor: github.com/google/uuid v1.3.0
Remove the replace rule, and use the version as specified by (indirect) dependencies:

full diff: https://github.com/google/uuid/compare/v1.1.1...v1.3.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-02-14 16:27:47 +01:00
Sebastiaan van Stijn
24a7b61800
vendor.mod: don't replace github.com/hpcloud/tail
It's not vendored, so no changes in vendored code

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-02-14 16:08:37 +01:00
Sebastiaan van Stijn
c1fa01deb8
vendor.mod: don't replace github.com/onsi/ginkgo, github.com/onsi/gomega
They're not vendored, so no changes in the vendored code.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-02-14 16:06:41 +01:00
Sebastiaan van Stijn
40bf5d414e
vendor: github.com/pelletier/go-toml v1.9.1
Remove the replace rule, and use the version as specified by (indirect) dependencies:

full diff: https://github.com/pelletier/go-toml/compare/v1.8.1...v1.9.1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-02-14 16:02:05 +01:00
Sebastiaan van Stijn
8f6d58915d
vendor: github.com/klauspost/compress v1.12.3
Remove the replace rule, and use the version as specified by (indirect) dependencies:

full diff: https://github.com/klauspost/compress/compare/v1.11.13...v1.12.3

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-02-14 15:58:01 +01:00
Sebastiaan van Stijn
40b8495735
vendor: go.etcd.io/bbolt v1.3.6
Remove the replace rule, and use the version as specified by (indirect) dependencies:

full diff: https://github.com/etcd-io/bbolt/compare/v1.3.5...v1.3.6

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-02-14 15:54:20 +01:00
Sebastiaan van Stijn
03f45fafc5
vendor: golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2
Remove the replace rule, and use the version as specified by (indirect) dependencies:

full diff: e18ecbb051...69e39bad7d

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-02-14 15:42:37 +01:00
Sebastiaan van Stijn
368d680dfe
vendor: golang.org/x/time v0.0.0-20211116232009-f0f3c7e86c11
Remove the replace rule, and use the version as specified by (indirect) dependencies:

full diff: 3af7569d3a...f0f3c7e86c

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-02-14 15:39:04 +01:00
Sebastiaan van Stijn
ce4ca67d52
vendor: golang.org/x/text v0.3.6:
to match the version used by golang.org/x/crypto

full diff: https://github.com/golang/text/compare/v0.3.3...v0.3.6

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-02-14 15:35:01 +01:00
Sebastiaan van Stijn
be63b7d7f6
vendor: github.com/docker/distribution v2.8.0
full diff: http://github.com/docker/distribution/compare/0d3efadf0154...v2.8.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-02-07 18:34:47 +01:00
Akihiro Suda
b79dec8138
vendor: github.com/opencontainers/runc v1.1.0
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2022-02-06 17:16:23 +09:00
Akihiro Suda
0d04359ec2
vendor: golang.org/x/sys v0.0.0-20220114195835-da31bd327af9
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2022-02-06 16:28:59 +09:00
Sebastiaan van Stijn
ace8c7896c
vendor: cloud.google.com/go v0.59.0 to remove some test-deps
commit ad4f9324cd
removes some of the test-dependencies from cloud.google.com.

only other relevant changes in vendored code are from this commit:
dccc6b4b71

Full diff: https://github.com/googleapis/google-cloud-go/compare/v0.44.3...v0.59.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-01-18 15:46:08 +01:00
Sebastiaan van Stijn
e5d28115ee
vendor: regenerate
- all changes here are attributed to difference in behaviour between,
  namely:
  - resolution of secondary test dependencies
  - prunning of non-Go files

Signed-off-by: Ilya Dmitrichenko <errordeveloper@gmail.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-01-18 15:46:04 +01:00
Sebastiaan van Stijn
745ba3ecbc
libnetwork: remove etcd-related code and tests
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-01-06 18:45:43 +01:00
Sebastiaan van Stijn
147173b099
libnetwork: remove consul-related code and tests
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-01-06 18:45:41 +01:00
Sebastiaan van Stijn
a7d0f3060a
libnetwork: remove zookeeper-related code and tests
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-01-06 18:28:30 +01:00
Brian Goff
520dfc36f9
Merge pull request #43100 from conorevans/conorevans/update-fluent
vendor: github.com/fluent/fluent-logger-golang v1.9.0
2022-01-05 11:46:11 -08:00
Kir Kolyshkin
ffd5a20ab8
vendor: bump etcd v3.3.27
Bump etcd to v3.3.27, which includes https://github.com/etcd-io/etcd/pull/12552,
to fix https://github.com/moby/moby/issues/31182

Full diff: https://github.com/coreos/etcd/compare/v3.3.25...v3.3.27

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-01-03 18:56:22 +01:00
Conor Evans
3500d7e472
vendor: github.com/fluent/fluent-logger-golang v1.9.0
Updates the fluent logger library to v1.9.0. The update includes the following commit:

* [Add periodic reconnection functionality](fluent/fluent-logger-golang@1c05506)

See https://github.com/fluent/fluent-logger-golang/compare/v1.8.0..v1.9.0

Signed-off-by: Conor Evans <coevans@tcd.ie>
2021-12-23 16:54:12 +01:00
Sebastiaan van Stijn
dd9782fe94
go.mod: golang.org/x/crypto 5770296d904e90f15f38f77dfc2e43fdf5efc083
full diff: 0c34fe9e7d...5770296d90

includes a fix in golang.org/x/crypto/ssh for CVE-2021-43565

- golang/go#49932
- 5770296d90

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-12-03 09:19:28 +01:00
Sebastiaan van Stijn
f6848ae321
Merge pull request #42979 from akerouanton/bump-fluent-logger
vendor: github.com/fluent/fluent-logger-golang v1.8.0
2021-12-02 20:51:04 +01:00
Tianon Gravi
0f92cf2044
Merge pull request #43036 from thaJeztah/bump_hcsshim
vendor: github.com/Microsoft/hcsshim v0.8.23
2021-12-02 11:49:03 -08:00
Brian Goff
b46ab1f579
Merge pull request #43035 from thaJeztah/bump_ttrpc
vendor: github.com/containerd/ttrpc v1.1.0
2021-12-02 11:34:11 -08:00
Albin Kerouanton
e24d61b7ef
vendor: github.com/fluent/fluent-logger-golang v1.8.0
Updates the fluent logger library to v1.8.0. Following PRs/commits were
merged since last bump:

* [Add callback for error handling when using
  async](https://github.com/fluent/fluent-logger-golang/pull/97)
* [Fix panic when accessing unexported struct
  field](https://github.com/fluent/fluent-logger-golang/pull/99)
* [Properly stop logger during (re)connect
  failure](https://github.com/fluent/fluent-logger-golang/pull/82)
* [Support a TLS-enabled connection](e5d6aa13b7)

See https://github.com/fluent/fluent-logger-golang/compare/v1.6.1..v1.8.0

Signed-off-by: Albin Kerouanton <albinker@gmail.com>
2021-12-02 01:11:33 +01:00
Sebastiaan van Stijn
a715bfb857
vendor: github.com/Microsoft/hcsshim v0.8.23
full diff: https://github.com/Microsoft/hcsshim/compare/v0.8.22...v0.8.23

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-11-19 13:50:13 +01:00
Sebastiaan van Stijn
cbb4aed0b4
vendor: github.com/containerd/ttrpc v1.1.0
full diff: https://github.com/containerd/ttrpc/compare/v1.0.2...v1.1.0

- client: Handle sending/receiving in separate goroutines
- Return Unimplemented when services or methods are not implemented
- go.mod: sirupsen/logrus v1.7.0
- go.mod: update dependencies
  - go.mod: github.com/gogo/protobuf v1.3.2
  - go.mod: google.golang.org/grpc v1.27.1
  - go.mod: google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63
  - go.mod: github.com/prometheus/procfs v0.6.0
- replace pkg/errors
- Rename branch from master to main
- Use GitHub Actions for CI
- Make "go test" and "go build" work on macOS
- Add protoc-gen-go-ttrpc

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-11-19 13:48:43 +01:00
Sebastiaan van Stijn
ce25968008
vendor: github.com/moby/sys/mount v0.3.0, mountinfo v0.5.0, signal v0.6.0, symlink v0.2.0
full diff: https://github.com/moby/sys/compare/signal/v0.5.0...signal/v0.6.0

Modules:

- github.com/moby/sys/mount v0.3.0
- github.com/moby/sys/mountinfo v0.5.0
- github.com/moby/sys/signal v0.6.0
- github.com/moby/sys/symlink v0.2.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-11-19 09:56:37 +01:00
Sebastiaan van Stijn
875969251b
vendor: golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359
full diff: 63515b42dc...69cdffdb93

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-11-19 09:53:57 +01:00
Brian Goff
78fd4d3f2f
Merge pull request #42993 from thaJeztah/bump_hcsshim
vendor: github.com/Microsoft/hcsshim v0.8.22
2021-11-18 11:31:25 -08:00
Sebastiaan van Stijn
a17f288e65
Merge pull request #43026 from thaJeztah/update_image_spec
vendor: github.com/opencontainers/image-spec v1.0.2
2021-11-18 01:09:55 +01:00
Sebastiaan van Stijn
cef0a7c14e
vendor: github.com/opencontainers/image-spec v1.0.2
- Bring mediaType out of reserved status
- specs-go: adding mediaType to the index and manifest structures

full diff: https://github.com/opencontainers/image-spec/compare/v1.0.1...v1.0.2

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-11-18 00:00:05 +01:00
Sebastiaan van Stijn
458b4aae19
vendor: github.com/containerd/containerd v1.5.8
contains a mitigation for CVE-2021-41190 as well as several fixes and updates.

full diff: https://github.com/containerd/containerd/compare/v1.5.7...v1.5.8

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-11-17 21:40:04 +01:00
Sebastiaan van Stijn
615ff22437
vendor: github.com/opencontainers/selinux v1.9.1
full diff: https://github.com/opencontainers/selinux/compare/v1.8.2...v1.9.1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-11-16 10:33:00 +01:00
Sebastiaan van Stijn
df7bba7dbc
Merge pull request #42992 from thaJeztah/bump_mergo_v0.3.12
vendor: github.com/imdario/mergo v0.3.12
2021-11-11 17:59:17 +01:00
Sebastiaan van Stijn
582ef29426
vendor: github.com/containerd/containerd v1.5.7
full diff: https://github.com/containerd/containerd/compoare/v1.5.5...v1.5.7

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-11-05 15:16:56 +01:00
Sebastiaan van Stijn
c97d09b1e1
vendor: github.com/Microsoft/hcsshim v0.8.22
No significant changes for our vendored code, but reverts back containerd minimal
dependency to v1.4.9.

full diff: https://github.com/Microsoft/hcsshim/compare/v0.8.20...v0.8.22

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-11-05 14:55:40 +01:00
Sebastiaan van Stijn
5f79e03624
vendor: github.com/imdario/mergo v0.3.12
full diff: https://github.com/imdario/mergo/compoare/v0.3.8...v0.3.12

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-11-05 14:43:24 +01:00
Sebastiaan van Stijn
c87b9416df
Merge pull request #42933 from thaJeztah/limit_caps_to_environment
oci/caps: limit available capabilities to current environment
2021-10-20 09:55:08 +02:00
Kevin Parsons
59511e1234 vendor: Update go-winio to v0.5.1
Updates go-winio to the latest version. The main important fix here is
to go-winio's backuptar package. This is needed to fix a bug in sparse
file handling in container layers, which was exposed by a recent change
in Windows.

go-winio v0.5.1: https://github.com/microsoft/go-winio/releases/tag/v0.5.1

Signed-off-by: Kevin Parsons <kevpar@microsoft.com>
2021-10-15 14:33:34 -07:00
Sebastiaan van Stijn
485cf38d48
oci/caps: limit available capabilities to current environment
In situations where docker runs in an environment where capabilities are limited,
sucn as docker-in-docker in a container created by older versions of docker, or
in a container where some capabilities have been disabled, starting a privileged
container may fail, because even though the _kernel_ supports a capability, the
capability is not available.

This patch attempts to address this problem by limiting the list of "known" capa-
bilities on the set of effective capabilties for the current process. This code
is based on the code in containerd's "caps" package.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-10-15 16:12:26 +02:00
Akihiro Suda
fecf45b09a
Merge pull request #42796 from thaJeztah/containerd_seccomp_check
pkg/sysinfo: use containerd/pkg/seccomp.IsEnabled()
2021-08-29 03:05:59 +09:00
Sebastiaan van Stijn
accec292c1
pkg/sysinfo: use containerd/pkg/seccomp.IsEnabled()
This replaces the local SeccompSupported() utility for the implementation in containerd,
which performs the same check.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-08-27 15:21:52 +02:00
Sebastiaan van Stijn
aa606307b7
vendor: update archive/tar to match Go 1.17.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-08-24 23:33:32 +02:00
Sebastiaan van Stijn
768a1de1d0
Merge pull request #42780 from tonistiigi/update-tar-split
vendor: update tar-split to v0.11.2
2021-08-24 01:04:39 +02:00
Tonis Tiigi
21faae85ee vendor: update tar-split to v0.11.2
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2021-08-23 14:37:53 -07:00
Akihiro Suda
8c8e4e3271
Merge pull request #42778 from thaJeztah/bump_x_sys
vendor: golang.org/x/sys  63515b42dcdf9544f4e6a02fd7632793fde2f72d (for Go 1.17)
2021-08-24 01:51:55 +09:00
Sebastiaan van Stijn
d48c8b70a1
vendor: golang.org/x/sys 63515b42dcdf9544f4e6a02fd7632793fde2f72d (for Go 1.17)
Go 1.17 requires golang.org/x/sys a76c4d0a0096537dc565908b53073460d96c8539 (May 8,
2021) or later, see https://github.com/golang/go/issues/45702. While this seems
to affect macOS only, let's update to the latest version.

full diff: d19ff857e8...63515b42dc

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2021-08-23 16:34:33 +02:00
Akihiro Suda
82c978ad95
vendor: github.com/opencontainers/runc v1.0.2
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2021-08-23 23:28:47 +09:00
Roman Volosatovs
135cec5d4d
daemon,volume: share disk usage computations
Signed-off-by: Roman Volosatovs <roman.volosatovs@docker.com>
2021-08-09 19:59:39 +02:00