Commit graph

240 commits

Author SHA1 Message Date
Sebastiaan van Stijn
b98c05dc50
vendor: github.com/klauspost/compress v1.16.3
full diff: https://github.com/klauspost/compress/compare/v1.15.12...v1.16.3

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-03-16 00:06:12 +01:00
Sebastiaan van Stijn
664c0d3201
vendor: github.com/godbus/dbus/v5 v5.1.0
full diff: https://github.com/godbus/dbus/compare/v5.0.6...v5.1.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-03-16 00:05:55 +01:00
Sebastiaan van Stijn
3e4ce10342
vendor: github.com/coreos/go-systemd/v22 v22.5.0
full diff: https://github.com/coreos/go-systemd/compare/v22.4.0...v22.5.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-03-16 00:05:55 +01:00
Sebastiaan van Stijn
0a2e3f14e7
vendor: github.com/opencontainers/selinux v1.11.0
full diff: https://github.com/opencontainers/selinux/compare/v1.10.2...v1.11.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-03-16 00:05:55 +01:00
Sebastiaan van Stijn
bc1dec71c5
vendor: github.com/imdario/mergo v0.3.13
full diff: https://github.com/imdario/mergo/compare/v0.3.12...v0.3.13

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-03-16 00:05:55 +01:00
Sebastiaan van Stijn
9752e43644
vendor: golang.org/x/sys v0.6.0
full diff: https://github.com/golang/sys/compare/v0.5.0...v0.6.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-03-16 00:05:52 +01:00
Sebastiaan van Stijn
3bbffe96e1
vendor: github.com/moby/swarmkit/v2 v2.0.0-20230309194213-a745a8755ce3
no changes in vendored code; only aligning dependencies

full diff: 80a528a868...a745a8755c

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-03-09 22:20:59 +01:00
Sebastiaan van Stijn
ad9d70b0e6
Merge pull request #45106 from thaJeztah/bump_swarmkit
vendor: github.com/moby/swarmkit/v2 v2.0.0-20230302163403-80a528a86877
2023-03-08 15:08:43 +01:00
Akihiro Suda
e807ae4f2e
vendor: github.com/containerd/cgroups/v3 v3.0.1
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2023-03-08 20:15:17 +09:00
Paweł Gronowski
a8f5c524a0
libcontainerd: Upgrade to typeurl/v2
In preparation for containerd v1.7 which migrates off gogo/protobuf
and changes the protobuf Any type to one that's not supported by our
vendored version of typeurl.

This fixes a compile error on usages of `typeurl.UnmarshalAny` when
upgrading to containerd v1.7.

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2023-03-08 11:26:32 +01:00
Sebastiaan van Stijn
088aff1620
vendor: github.com/moby/swarmkit/v2 v2.0.0-20230302163403-80a528a86877
- fix docker service create doesn't work when network and generic-resource are both attached
- Fix removing tasks when a jobs service is removed
- CSI: Allow NodePublishVolume even when plugin does not support staging

full diff: 904c221ac2...80a528a868

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-03-07 12:08:27 +01:00
Tonis Tiigi
f8b468fda2
builder-next: enable more cache backends
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Co-authored-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2023-03-07 10:32:40 +01:00
Djordje Lukic
bba77163ff
c8d: Make build and buildx work
- Only use the image exporter in build if we don't use containerd
  Without this "docker build" fails with:

    Error response from daemon: exporter "image" could not be found

- let buildx know we support containerd snapshotter
- Pass the current snapshotter to the buildkit worker

  If buildkit uses a different snapshotter we can't list the images any
  more because we can't find the snapshot.

builder/builder-next: make ContainerdWorker a minimal wrapper

Note that this makes "Worker" a public field, so technically one could
overwrite it.

builder-next: reenable runc executor

Currently, without special CNI config the builder would
only create host network containers that is a security issue.

Using runc directly instead of shim is faster as well
as builder doesn’t need anything from shim. The overhead
of setting up network sandbox is much slower of course.

builder/builder-next: simplify options handling

Trying to simplify the logic;

- Use an early return if multiple outputs are provided
- Only construct the list of tags if we're using an image (or moby) exporter
- Combine some logic for snapshotter and non-snapshotter handling

Create a constant for the moby exporter

Pass a context when creating a router

The context has a 10 seconds timeout which should be more than enough to
get the answer from containerd.

Signed-off-by: Djordje Lukic <djordje.lukic@docker.com>
Co-authored-by: Sebastiaan van Stijn <github@gone.nl>
Co-authored-by: Tonis Tiigi <tonistiigi@gmail.com>
Co-authored-by: Nicolas De Loof <nicolas.deloof@gmail.com>
Co-authored-by: Paweł Gronowski <pawel.gronowski@docker.com>
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2023-03-07 10:01:47 +01:00
Sebastiaan van Stijn
b0b3c62a84
vendor: github.com/moby/buildkit v0.11.4
- provenance: ensure URLs are redacted before written (fixes CVE-2023-26054)

full diff: https://github.com/moby/buildkit/compare/218e934edfba...v0.11.4

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-03-06 17:21:15 +01:00
Paweł Gronowski
324290a5eb
vendor: buildkit v0.11.4-0.20230228113103-218e934edfba
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
2023-03-03 11:05:05 +01:00
Sebastiaan van Stijn
ef6f5367dc
vendor: github.com/containerd/containerd v1.6.19
Update hcsshim to v0.9.7 to include fix for graceful termination and pause containers

full diff: https://github.com/containerd/containerd/compare/v1.6.18...v1.6.19

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-02-28 23:27:11 +01:00
Sebastiaan van Stijn
5997ad8512
vendor: github.com/Microsoft/hcsshim v0.9.7
- Retain pause.exe as entrypoint for default pause images
- wcow: support graceful termination of servercore containers

full diff: https://github.com/Microsoft/hcsshim/compare/v0.9.6...v0.9.7

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-02-28 23:25:58 +01:00
Bjorn Neergaard
855c684708
Merge pull request #44664 from corhere/embedded-resolver-fixes
libnetwork: improve embedded DNS resolver
2023-02-23 12:25:58 -07:00
Bjorn Neergaard
bc0392af66
Merge pull request #45047 from thaJeztah/update_buildkit_0.11.3
vendor: github.com/moby/buildkit v0.11.3
2023-02-21 15:01:27 -07:00
Cory Snider
d6c4e17411 Upgrade containerd/fifo to v1.1.0
Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-02-21 12:29:46 -05:00
Bjorn Neergaard
a4a3efb75b
Merge pull request #44982 from neersighted/containerd_1.6.18
daemon: fully resolve `apparmor_parser` regression
2023-02-21 08:19:02 -07:00
Sebastiaan van Stijn
9104cd5441
vendor: github.com/moby/buildkit v0.11.3
full diff: https://github.com/moby/buildkit/compare/49992f513921...v0.11.3

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-02-21 12:17:33 +01:00
Benjamin Wang
4a886a3e8f dependency: bump go.etcd.io/bbolt to v1.3.7
Please refer to link below to get more detailed info on bbolt@v1.3.7,
- https://github.com/etcd-io/bbolt/blob/master/CHANGELOG/CHANGELOG-1.3.md#v1372023-01-31

Signed-off-by: Benjamin Wang <wachao@vmware.com>
2023-02-17 16:51:15 +08:00
Cory Snider
25b51cad3d libnetwork: replace ad-hoc semaphore implementation
...for limiting concurrent external DNS requests with
"golang.org/x/sync/semaphore".Weighted. Replace the ad-hoc rate limiter
for when the concurrency limit is hit (which contains a data-race bug)
with "golang.org/x/time/rate".Sometimes.

Immediately retrying with the next server if the concurrency limit has
been hit just further compounds the problem. Wait on the semaphore and
refuse the query if it could not be acquired in a reasonable amount of
time.

Signed-off-by: Cory Snider <csnider@mirantis.com>
2023-02-16 19:05:59 -05:00
Bjorn Neergaard
174802e15f
vendor: github.com/containerd/containerd v1.6.18
Signed-off-by: Bjorn Neergaard <bneergaard@mirantis.com>
2023-02-16 08:26:13 -07:00
Sebastiaan van Stijn
a36286cf89
vendor: golang.org/x/net v0.7.0
This addresses the same CVE as is patched in go1.19.6. From that announcement:

> net/http: avoid quadratic complexity in HPACK decoding
>
> A maliciously crafted HTTP/2 stream could cause excessive CPU consumption
> in the HPACK decoder, sufficient to cause a denial of service from a small
> number of small requests.
>
> This issue is also fixed in golang.org/x/net/http2 v0.7.0, for users manually
> configuring HTTP/2.
>
> This is CVE-2022-41723 and Go issue https://go.dev/issue/57855.

full diff: https://github.com/golang/net/compare/v0.5.0...v0.7.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-02-14 21:00:09 +01:00
Sebastiaan van Stijn
c7de76569e
vendor: golang.org/x/text v0.7.0
full diff: https://github.com/golang/text/compare/v0.6.0...v0.7.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-02-14 20:59:33 +01:00
Sebastiaan van Stijn
a53b44a266
vendor: golang.org/x/sys v0.5.0
full diff: https://github.com/golang/sys/compare/v0.4.0...v0.5.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-02-14 20:58:24 +01:00
Tonis Tiigi
eaeaa7b7fd
vendor: update buildkit to latest v0.11
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2023-02-07 10:24:43 -08:00
Sebastiaan van Stijn
e564932792
gha: switch buildkit back to upstream for testing
commit 043dbc05df temporarily switched to a
fork of BuildKit to workaround a failure in CI. These fixes have been
backported to the v0.11 branch in BuildKit, so we can switch back to upstream.

We can remove this override once we update vendor.mod to BuildKit v0.11.3.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-02-06 18:08:45 +01:00
Tonis Tiigi
666334bd48
vendor: update buildkit to v0.11.2
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2023-02-01 23:29:10 -08:00
Sebastiaan van Stijn
85169a04cf
vendor: github.com/tonistiigi/fsutil v0.0.0-20221114235510-0127568185cf
full diff: 9ed612626d...0127568185

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
2023-02-01 23:10:39 -08:00
Sebastiaan van Stijn
c41c8c2f86
vendor: github.com/containerd/containerd v1.6.16
Notable Updates

- Fix push error propagation
- Fix slice append error with HugepageLimits for Linux
- Update default seccomp profile for PKU and CAP_SYS_NICE
- Fix overlayfs error when upperdirlabel option is set

full diff: https://github.com/containerd/containerd/compare/v1.6.15...v1.6.16

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-01-30 09:07:59 +01:00
Sebastiaan van Stijn
22098745e7
vendor: github.com/pelletier/go-toml v1.9.5
Contains a fix that prevents a panic on an invalid toml file.

full diff: https://github.com/pelletier/go-toml/compare/v1.9.4...v1.9.5

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-01-30 09:05:04 +01:00
Sebastiaan van Stijn
25f95b0000
vendor: github.com/moby/swarmkit/v2 v2.0.0-20230119195359-904c221ac281
full diff: 0da442b278...904c221ac2

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-01-19 23:36:45 +01:00
Sebastiaan van Stijn
65c6ba1fc4
vendor: golang.org/x/net v0.5.0
contains a fix for CVE-2022-41721, although it probably does not affect us.

full diff: https://github.com/golang/net/compare/v0.4.0...v0.5.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-01-17 14:34:05 +01:00
Sebastiaan van Stijn
824dc51341
vendor: golang.org/x/text v0.6.0
full diff: https://github.com/golang/text/compare/v0.5.0...v0.6.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-01-17 14:16:10 +01:00
Sebastiaan van Stijn
e66e6bb28a
vendor: golang.org/x/sys v0.4.0
full diff: https://github.com/golang/sys/compare/v0.3.0...v0.4.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-01-17 14:09:18 +01:00
Sebastiaan van Stijn
af6b5d55db
vendor: github.com/moby/ipvs v1.1.0
full diff: https://github.com/moby/ipvs/compare/v1.0.2...v1.1.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-01-14 17:25:22 +01:00
Sebastiaan van Stijn
f53feeea8b
vendor: github.com/vishvananda/netns v0.0.2
full diff: https://github.com/vishvananda/netns/compare/v0.0.1...v0.0.2

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-01-14 17:23:50 +01:00
Sebastiaan van Stijn
bb5cae2c94
vendor: github.com/vishvananda/netns v0.0.1
The project started tagging releases for go modules.

full diff: https://github.com/vishvananda/netns/compare/2eb08e3e575f...v0.0.1

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-01-13 14:55:18 +01:00
Bjorn Neergaard
d42495033e
daemon/config: support alternate (common) unicode encodings using a BOM
This is a pragmatic but impure choice, in order to better support the
default tools available on Windows Server, and reduce user confusion due
to otherwise inscrutable-to-the-uninitiated errors like the following:

> invalid character 'þ' looking for beginning of value
> invalid character 'ÿ' looking for beginning of value

While meaningful to those who are familiar with and are equipped to
diagnose encoding issues, these characters will be hidden when the file
is edited with a BOM-aware text editor, and further confuse the user.

Signed-off-by: Bjorn Neergaard <bneergaard@mirantis.com>
2023-01-10 15:49:15 -07:00
Cory Snider
62296f9281
Merge pull request #44087 from jchorl/josh/sdkupgrade
Upgrade to aws go sdk v2 for cloudwatch logging driver
2023-01-10 14:51:30 -05:00
Sebastiaan van Stijn
bffe6d5670
vendor: github.com/containerd/containerd v1.6.15
no changes to vendored files

full diff: https://github.com/containerd/containerd/compare/v1.6.14...v1.6.15

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-01-09 13:26:32 +01:00
Josh Chorlton
c12d7b6d21 upgrade to aws sdk go v2
Co-Authored-by: Sebastiaan van Stijn <github@gone.nl>
Signed-off-by: Josh Chorlton <jchorlton@gmail.com>
Signed-off-by: Cory Snider <csnider@mirantis.com>
Signed-off-by: Josh Chorlton <jchorlton@gmail.com>
2023-01-07 17:27:31 +00:00
Sebastiaan van Stijn
83d7ae76e8
vendor: github.com/containerd/containerd v1.6.14
No changes in vendored code, other than the version bump

full diff: https://github.com/containerd/containerd/compare/v1.6.13...v1.6.14

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-19 22:44:40 +01:00
Sebastiaan van Stijn
35cbdc9661
vendor: github.com/containerd/containerd v1.6.13
full diff: https://github.com/containerd/containerd/compare/v1.6.12...v1.6.13

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-15 19:34:46 +01:00
Sebastiaan van Stijn
9300aca2a6
vendor: github.com/Microsoft/hcsshim v0.9.6
full diff: https://github.com/Microsoft/hcsshim/compare/v0.9.5...v0.9.6

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-15 19:33:18 +01:00
Sebastiaan van Stijn
0007490b21
vendor: github.com/moby/swarmkit/v2 v2.0.0-20221215132206-0da442b2780f
No changes in vendored code, but removes some indirect dependencies.

full diff: b17f02f0a0...0da442b278

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-15 14:27:07 +01:00
Sebastiaan van Stijn
389dacd6e2
vendor: github.com/tinylib/msgp v1.1.6
This is a dependency of github.com/fluent/fluent-logger-golang, which
currently does not provide a go.mod, but tests against the latest
versions of its dependencies.

Updating this dependency to the latest version.

Notable changes:

- all: implement omitempty
- fix: JSON encoder may produce invalid utf-8 when provided invalid utf-8 message pack string.
- added Unwrap method to errWrapped plus tests; switched travis to go 1.14
- CopyToJSON: fix bitSize for floats
- Add Reader/Writer constructors with custom buffer
- Add missing bin header functions
- msgp/unsafe: bring code in line with unsafe guidelines
- msgp/msgp: fix ReadMapKeyZC (fix "Fail to decode string encoded as bin type")

full diff: https://github.com/tinylib/msgp/compare/v1.1.0...v1.1.6

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2022-12-12 11:35:03 +01:00