moby/pkg
Sebastiaan van Stijn 547ea18fbb
pkg/plugins: use a dummy hostname for local connections
For local communications (npipe://, unix://), the hostname is not used,
but we need valid and meaningful hostname.

The current code used the socket path as hostname, which gets rejected by
go1.20.6 and go1.19.11 because of a security fix for [CVE-2023-29406 ][1],
which was implemented in  https://go.dev/issue/60374.

Prior versions go Go would clean the host header, and strip slashes in the
process, but go1.20.6 and go1.19.11 no longer do, and reject the host
header.

Before this patch, tests would fail on go1.20.6:

    === FAIL: pkg/authorization TestAuthZRequestPlugin (15.01s)
    time="2023-07-12T12:53:45Z" level=warning msg="Unable to connect to plugin: //tmp/authz2422457390/authz-test-plugin.sock/AuthZPlugin.AuthZReq: Post \"http://%2F%2Ftmp%2Fauthz2422457390%2Fauthz-test-plugin.sock/AuthZPlugin.AuthZReq\": http: invalid Host header, retrying in 1s"
    time="2023-07-12T12:53:46Z" level=warning msg="Unable to connect to plugin: //tmp/authz2422457390/authz-test-plugin.sock/AuthZPlugin.AuthZReq: Post \"http://%2F%2Ftmp%2Fauthz2422457390%2Fauthz-test-plugin.sock/AuthZPlugin.AuthZReq\": http: invalid Host header, retrying in 2s"
    time="2023-07-12T12:53:48Z" level=warning msg="Unable to connect to plugin: //tmp/authz2422457390/authz-test-plugin.sock/AuthZPlugin.AuthZReq: Post \"http://%2F%2Ftmp%2Fauthz2422457390%2Fauthz-test-plugin.sock/AuthZPlugin.AuthZReq\": http: invalid Host header, retrying in 4s"
    time="2023-07-12T12:53:52Z" level=warning msg="Unable to connect to plugin: //tmp/authz2422457390/authz-test-plugin.sock/AuthZPlugin.AuthZReq: Post \"http://%2F%2Ftmp%2Fauthz2422457390%2Fauthz-test-plugin.sock/AuthZPlugin.AuthZReq\": http: invalid Host header, retrying in 8s"
        authz_unix_test.go:82: Failed to authorize request Post "http://%2F%2Ftmp%2Fauthz2422457390%2Fauthz-test-plugin.sock/AuthZPlugin.AuthZReq": http: invalid Host header

[1]: https://github.com/advisories/GHSA-f8f7-69v5-w4vx

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 6b7705d5b2)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-14 20:36:44 +02:00
..
aaparser pkg/aaparser: deprecate GetVersion, as it's no longer used 2023-05-09 16:49:45 +02:00
archive Migrate away from things deprecated in Go 1.20 2023-02-15 12:30:32 -05:00
authorization pkg/*: fix "empty-lines" (revive) 2022-09-28 01:58:49 +02:00
broadcaster Various code-cleanup 2018-05-23 17:50:54 +02:00
capabilities Add more import comments 2019-04-10 16:59:33 +02:00
chrootarchive [chore] clean up reexec.Init() calls 2023-05-11 16:31:41 +02:00
containerfs pkg/containerfs: drop ContainerFS type alias 2022-09-23 16:56:53 -04:00
devicemapper pkg/*: fix "empty-lines" (revive) 2022-09-28 01:58:49 +02:00
directory Merge pull request #44251 from thaJeztah/pkg_dir_cleanup 2022-10-15 22:48:19 +02:00
dmesg Use Klogctl from x/sys/unix to read Linux kernel log 2019-08-22 08:25:13 +02:00
fileutils pkg/fileutils: GetTotalUsedFds(): use fast-path for Kernel 6.2 and up 2023-06-30 18:30:34 +02:00
homedir Add GetLibHome stub for non-linux OS 2023-01-17 15:28:08 +02:00
idtools run getent with a noop stdin 2023-06-14 13:12:00 +02:00
ioutils fix blockThreshold full bug 2023-01-17 12:56:43 +08:00
jsonmessage pkg/jsonmessage: touch-up GoDoc 2023-05-04 13:46:11 +02:00
longpath pkg/ioutils: TempDir: move to pkg/longpath 2022-12-20 23:24:12 +01:00
loopback pkg/loopback: use ioctl helpers from x/sys/unix 2022-10-08 21:20:29 +02:00
meminfo pkg/sysinfo: move MemInfo and ReadMemInfo to a separate package 2023-03-15 17:52:45 +01:00
namesgenerator Sort entries in pkg/namesgenerator 2022-11-01 23:13:34 +00:00
parsers pkg/parsers: use strings.Cut(), and cleanup error-messages 2022-12-21 11:09:03 +01:00
pidfile pkg/pidfile: implement Read() 2022-11-04 01:50:26 +01:00
platform pkg/platform: deprecate OSType in favor or runtime.GOOS 2023-04-08 14:57:33 +02:00
platforms add support for image inspect with containerd-integration 2023-01-05 16:20:41 +01:00
plugingetter Move plugin client to separate interface 2018-05-30 15:22:10 -04:00
plugins pkg/plugins: use a dummy hostname for local connections 2023-07-14 20:36:44 +02:00
pools bump gotest.tools v3.0.1 for compatibility with Go 1.14 2020-02-11 00:06:42 +01:00
process pkg/process: Alive(): fix PID 0, -1, negative values 2022-11-04 01:50:26 +01:00
progress refactor: move from io/ioutil to io and os package 2021-08-27 14:56:57 +08:00
reexec Merge pull request #44222 from thaJeztah/godoc_instead_of_readme 2022-10-10 00:06:17 -07:00
rootless daemon: ensure OCI options play nicely together 2023-06-21 22:16:28 +02:00
stack all: replace strings.Replace with strings.ReplaceAll 2022-05-09 19:45:40 +08:00
stdcopy refactor: move from io/ioutil to io and os package 2021-08-27 14:56:57 +08:00
streamformatter bump gotest.tools v3.0.1 for compatibility with Go 1.14 2020-02-11 00:06:42 +01:00
stringid pkg/stringid: optimize performance 2022-12-16 14:44:52 +01:00
sysinfo pkg/sysinfo: omit Getpid call in numCPU 2023-04-25 10:05:20 +02:00
system pkg/sysinfo: move MemInfo and ReadMemInfo to a separate package 2023-03-15 17:52:45 +01:00
tailfile testing: move fuzzers over from OSS-Fuzz 2022-11-30 17:31:03 +01:00
tarsum pkg/tarsum: use strings.Cut() and minor refactor 2022-12-21 11:09:00 +01:00
useragent Add canonical import comment 2018-02-05 16:51:57 -05:00
README.md Rename a few docker to moby 2017-10-25 13:56:12 +02:00

pkg/ is a collection of utility packages used by the Moby project without being specific to its internals.

Utility packages are kept separate from the moby core codebase to keep it as small and concise as possible. If some utilities grow larger and their APIs stabilize, they may be moved to their own repository under the Moby organization, to facilitate re-use by other projects. However that is not the priority.

The directory pkg is named after the same directory in the camlistore project. Since Brad is a core Go maintainer, we thought it made sense to copy his methods for organizing Go code :) Thanks Brad!

Because utility packages are small and neatly separated from the rest of the codebase, they are a good place to start for aspiring maintainers and contributors. Get in touch if you want to help maintain them!