This is just to align to a tagged version, but given that the containerd
go-api is not considered "stable", we may switch back to a commit from
"master" at some point if needed.
No local changes.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
github.com/prometheus/client_golang to v1.6.0
github.com/prometheus/client_model to v0.2.0
github.com/prometheus/common to v0.9.1
github.com/prometheus/procfs to v0.0.11
Signed-off-by: Jintao Zhang <zhangjintao9020@gmail.com>
full diff: 0a2b9b5464...db3c7e526a
- Use golang.org/x/sys/unix instead of syscall
- Set O_CLOEXEC when opening a network namespace
- Fixes "the container‘s netns fds leak, causing the container netns to not
clean up successfully after the container stops"
- Allows to create and delete named network namespaces
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
full diff: 26c1120b8d...efbc4488d8
Relevant changes:
- sysx/xattr: fix and improve
- fix getxattrAll: change initial buffer size to 128 to prevent unneeded
iterations and change the logic to get the real size in case we get ERANGE
rather than doubling the buffer)
- improve listxattrAll; refactor for readability, prevent calling `listxattr()`
twice. Handle condition when attributes size is changed in between the two
calls to listxattr().
- Remove Windows' Readlink fork
- Drops support for Go 1.12 and under
- Fix sameFile() to recognize empty files as the same
- fixes "Empty files can diff as "modified" even when they're not"
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
full diff: 2e24aed516...9e99af28df
- docker/libnetwork#2548 Add docker interfaces to firewalld docker zone
- fixesdocker/for-linux#957 DNS Not Resolving under Network [CentOS8]
- fixesdocker/libnetwork#2496 Port Forwarding does not work on RHEL 8 with Firewalld running with FirewallBackend=nftables
- store.getNetworksFromStore() remove unused error return
- docker/libnetwork#2554 Fix 'failed to get network during CreateEndpoint'
- fixes/addresses docker/for-linux#888 failed to get network during CreateEndpoint
- docker/libnetwork#2558 [master] bridge: disable IPv6 router advertisements
- docker/libnetwork#2563 log error instead if disabling IPv6 router advertisement failed
- fixesdocker/for-linux#1033 Shouldn't be fatal: Unable to disable IPv6 router advertisement: open /proc/sys/net/ipv6/conf/docker0/accept_ra: read-only file system
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This change brings in a single new commit from Microsoft/hcsshim. The
commit fixes an issue when unpacking a Windows container layer which
could result in incorrect directory timestamps.
This manifested most significantly in an impact to startup times of
some Windows container images (such as anything based on servercore).
Signed-off-by: Kevin Parsons <kevpar@microsoft.com>
full diff: https://github.com/opencontainers/selinux/compare/v1.5.1...v1.5.2
- Implement FormatMountLabel unconditionally
Implementing FormatMountLabel on situations built without selinux
should be possible; the context will be ignored if no SELinux is available.
- Remote potential race condition, where mcs label is freed
Theorectially if you do not change the MCS Label then we free it and two
commands later reserve it. If some other process was grabbing MCS Labels
at the same time, the other process could get the same label.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
full diff: https://github.com/gorilla/mux/compare/v1.7.3...v1.7.4
v1.7.4 addresses a number of performance improvements, bugs, and documentation
improvements.
- Reduce allocations in (*routeRegexp).getURLQuery
- Fixed golint warnings
- fix headers regexp test case
- Fix the CORSMethodMiddleware bug with subrouters
- Remove/cleanup request context helpers
- Guess the scheme if r.URL.Scheme is unset
- Added capacity to slice creation, when capacity is known
- Modified http status codes, using constants provided by the http package
- bugfix/subrouter custom methodNotAllowed handler returning 404
- Update README (self-host logo)
- Remove TravisCI badge
- Add documentation for using mux to serve a SPA
- Simplify code
- Avoid unnecessary conversion
- Update config.yml (#495) @elithrar
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
full diff: https://github.com/spf13/cobra/compare/v0.0.3...v1.0.0
Notable Changes
- Fish completion (including support for Go custom completion)
- API (urgent): Rename BashCompDirectives to ShellCompDirectives
- Remove/replace SetOutput on Command - deprecated
- Custom completions coded in Go (instead of Bash)
- Partial Revert of 922
- Correct documentation for InOrStdin
- Apply formatting to templates
- Revert change so help is printed on stdout again
- Update md2man to v2.0.0
- update viper to v1.4.0
- Update cmd/root.go example in README.md
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
full diff: https://github.com/sirupsen/logrus/compare/v1.4.2...v1.6.0
- Ability to DisableHTMLEscape when using the JSON formatter
- Support/fixes for go 1.14
- Many many bugfixes
- Add flag to disable quotes in TextFormatter
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
full diff: https://github.com/moby/ipvs/compare/v1.0.0...v1.0.1
- Fix compatibility issue on older kernels (< 3.18) where the address
family attribute for destination servers do not exist
- Fix the stats attribute check when parsing destination addresses
- NetlinkSocketsTimeout should be a constant
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This version avoids doing name lookups on creating tarball that
should be avoided in to not hit loading glibc shared libraries.
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
(cherry picked from commit aa6a9891b0)
Signed-off-by: Tibor Vass <tibor@docker.com>
- relates to moby/buildkit 1111
- relates to moby/buildkit 1079
- relates to docker/buildx 129
full diff: 9461782956...e31b211e4f
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This update is just adding some typo-fixes and adding a go.mod, but
pins it to a tagged release;
c2b33e8439...v0.3.0
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The following fields are unsupported:
* BlkioStats: all fields other than IoServiceBytesRecursive
* CPUStats: CPUUsage.PercpuUsage
* MemoryStats: MaxUsage and Failcnt
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
Bumps swarmkit vendoring. Includes docker/swarmkit#2938, which fixes
tasks.db growing out of control on worker nodes.
Signed-off-by: Drew Erny <derny@mirantis.com>
full diff: https://github.com/opencontainers/selinux/compare/v1.3.1...v1.3.3
- go-selinux/SetKeyLabel: fix for RHEL7 kernels
- getSELinuxfs: optimize/simplify using sync.Once
- xattr: use x/sys/unix, simplify
- Use /proc/thread-self if available
- Fix EnforceMode, SetEnforceMode, and SecurityCheckContext
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
full diff: https://github.com/gotestyourself/gotest.tools/compare/v3.0.1...v3.0.2
- assert: Fix NilError, error non-nil type
- fixes: Typed nil errors should not pass "NilError"
- fixes: "reflect: call of reflect.Value.IsNil on struct Value" for struct error type
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
full diff: 88737f569e...69ecbb4d6d
Includes 69ecbb4d6d
(forward-port of 8b5121be2f),
which fixes CVE-2020-7919:
- Panic in crypto/x509 certificate parsing and golang.org/x/crypto/cryptobyte
On 32-bit architectures, a malformed input to crypto/x509 or the ASN.1 parsing
functions of golang.org/x/crypto/cryptobyte can lead to a panic.
The malformed certificate can be delivered via a crypto/tls connection to a
client, or to a server that accepts client certificates. net/http clients can
be made to crash by an HTTPS server, while net/http servers that accept client
certificates will recover the panic and are unaffected.
Thanks to Project Wycheproof for providing the test cases that led to the
discovery of this issue. The issue is CVE-2020-7919 and Go issue golang.org/issue/36837.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
See the commit message for the new swarmkit commit. That change fixes a
leaking goroutine related to service logs.
Signed-off-by: Drew Erny <derny@mirantis.com>
bump docker/go-metrics v0.0.1:
full diff: d466d4f6fd...v0.0.1
- docker/go-metrics#16 fix the compilation error against prometheus/client-golang master
- fixesdocker/go-metrics#12 No longer builds against Prom master
- docker/go-metrics#18 metrics: address compile error correctly
- fixesdocker/go-metrics#12 No longer builds against Prom master
- docker/go-metrics#15 Add functions that instruments http handler using promhttp
- docker/go-metrics#20 Rename LICENSE.code → LICENSE
- docker/go-metrics#22 Support Go Modules
bump prometheus/client_golang v0.9.4:
full diff: c5b7fccd20...v0.9.4
version v0.9.0 is the minimum required version to work with go-metrics v0.0.1,
as it depends on `prometheus.Observer`:
vendor/github.com/docker/go-metrics/timer.go:39:4: undefined: prometheus.Observer
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Adds support for ReplicatedJob and GlobalJob service modes. These modes
allow running service which execute tasks that exit upon success,
instead of daemon-type tasks.
Signed-off-by: Drew Erny <drew.erny@docker.com>
full diff: 3bbb99cdbd...0f039a052c
- tonistiigi/fsutil#66 copy: add fast copy path for darwin
- tonistiigi/fsutil#67 Treat Unix sockets as regular files
- relates to moby/buildkit#1144 Fix socket handling
- tonistiigi/fsutil#68 fix gocrypto commit
- tonistiigi/fsutil#69 receive: use filter on receive diff
- prevents incremental transfers with userns because the metadata
on disk is always different than the one being transferred.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Bumps the vendoring of github.com/docker/swarmkit to the above commit,
which is the current master at commit time.
Most notably, this includes a change making the ingress network respect
the default address pool. Because of this change, a change to network
integration tests was needed.
Signed-off-by: Drew Erny <drew.erny@docker.com>
full diff: c990c680b6...6d18c012ae
execute "docker run -it {image name} /bin/sh" no response on mip64el platform;
EpollEvent struct define lack a field named PadFd;
add the field "PadFd";
execute docker run -it {image} /bin/sh for test after rebuilded.
Signed-off-by: liuxiaodong <liuxiaodong@loongson.cn>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Among other things, this is required to pull in
microsoft/hcsshim#718
Also fixesmicrosoft/hcsshim#737
which was caught by checks while attempting to bump
up hcsshim version.
Signed-off-by: Vikram bir Singh <vikrambir.singh@docker.com>
full diff: 0025177e3d...90afbb01e1
includes:
- docker/libnetwork#/2459 Fix Error Check in NewNetwork
- docker/libnetwork#/2466 Revert "Merge pull request #2339 from phyber/iptables-check"
- reverts docker/libnetwork#/2339 controller: Check if IPTables is enabled for arrangeUserFilterRule
- re-opens docker/libnetwork#2158 dockerd when run with --iptables=false modifies iptables by adding DOCKER-USER
- re-opens moby/moby#35777 With iptables=false dockerd still creates DOCKER-USER chain and rules
- re-opens docker/for-linux#136 dockerd --iptables=false adds DOCKER-USER chain and modify FORWARD chain anyway
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
full diff: https://github.com/grpc/grpc-go/compare/v1.23.0...v1.23.1
- grpc/grpc-go#3018 server: set and advertise max frame size of 16KB
- grpc/grpc-go#3017 grpclb: fix deadlock in grpclb connection cache
- Before the fix, if the timer to remove a SubConn fires at the
same time NewSubConn cancels the timer, it caused a mutex leak
and deadlock.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Previously we were re-using schema2.DeserializedManifest to handle oci
manifests. The issue lies in the fact that distribution started
validating the media type string during json deserialization. This
change broke our usage of that type.
Instead distribution now provides direct support for oci schemas, so use
that instead of our custom handlers.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
full diff: ed099d4238...00bdffe0f3
changes included:
- gorilla/mux#477 Improve CORS Method Middleware
- implements gorilla/mux#477 Make CORSMethodMiddleware actually make sense
- gorilla/mux#489 Fix nil panic in authentication middleware example
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Pull requests started failing because vendoring didn't match;
```
The result of vndr differs
D vendor/golang.org/x/sync/singleflight/singleflight.go
Please vendor your package with github.com/LK4D4/vndr.
```
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
