opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-09-25 07:44:24 +08:00
Code Issues Packages Projects Releases Wiki Activity

[NO TESTS NEEDED] Vendor in containers/buildah v1.20.0

Browse Source 
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
This commit is contained in:
Daniel J Walsh
2021-03-26 11:23:46 -04:00
parent fa6ba9b00f
commit fc197fb4f5
158 changed files with 3931 additions and 1954 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
vendor/github.com/docker/docker/api/swagger.yaml generated vendored
View File

@ -560,7 +560,7 @@ definitions:
format: "int64"
minimum: 0
maximum: 100
NanoCPUs:
NanoCpus:
description: "CPU quota in units of 10<sup>-9</sup> CPUs."
type: "integer"
format: "int64"
@ -1274,7 +1274,7 @@ definitions:
type: "object"
properties:
Bridge:
description: Name of the network'a bridge (for example, `docker0`).
description: Name of the network's bridge (for example, `docker0`).
type: "string"
example: "docker0"
SandboxID:
@ -5466,7 +5466,7 @@ paths:
MemorySwap: 0
MemoryReservation: 0
KernelMemory: 0
NanoCPUs: 500000
NanoCpus: 500000
CpuPercent: 80
CpuShares: 512
CpuPeriod: 100000
@ -7310,7 +7310,7 @@ paths:
For example, the build arg `FOO=bar` would become `{"FOO":"bar"}` in JSON. This would result in the
the query parameter `buildargs={"FOO":"bar"}`. Note that `{"FOO":"bar"}` should be URI component encoded.
query parameter `buildargs={"FOO":"bar"}`. Note that `{"FOO":"bar"}` should be URI component encoded.
[Read more about the buildargs instruction.](https://docs.docker.com/engine/reference/builder/#arg)
@ -10050,7 +10050,7 @@ paths:
description: |
Address or interface to use for data path traffic (format:
`<ip|interface>`), for example, `192.168.1.1`, or an interface,
like `eth0`. If `DataPathAddr` is unspecified, the same addres
like `eth0`. If `DataPathAddr` is unspecified, the same address
as `AdvertiseAddr` is used.
The `DataPathAddr` specifies the address that global scope

2
vendor/github.com/docker/docker/client/build_cancel.go generated vendored
View File

@ -5,7 +5,7 @@ import (
"net/url"
)
// BuildCancel requests the daemon to cancel ongoing build request
// BuildCancel requests the daemon to cancel the ongoing build request.
func (cli *Client) BuildCancel(ctx context.Context, id string) error {
query := url.Values{}
query.Set("id", id)

2
vendor/github.com/docker/docker/client/config_create.go generated vendored
View File

@ -8,7 +8,7 @@ import (
"github.com/docker/docker/api/types/swarm"
)
// ConfigCreate creates a new Config.
// ConfigCreate creates a new config.
func (cli *Client) ConfigCreate(ctx context.Context, config swarm.ConfigSpec) (types.ConfigCreateResponse, error) {
var response types.ConfigCreateResponse
if err := cli.NewVersionError("1.30", "config create"); err != nil {

2
vendor/github.com/docker/docker/client/config_remove.go generated vendored
View File

@ -2,7 +2,7 @@ package client // import "github.com/docker/docker/client"
import "context"
// ConfigRemove removes a Config.
// ConfigRemove removes a config.
func (cli *Client) ConfigRemove(ctx context.Context, id string) error {
if err := cli.NewVersionError("1.30", "config remove"); err != nil {
return err

2
vendor/github.com/docker/docker/client/config_update.go generated vendored
View File

@ -8,7 +8,7 @@ import (
"github.com/docker/docker/api/types/swarm"
)
// ConfigUpdate attempts to update a Config
// ConfigUpdate attempts to update a config
func (cli *Client) ConfigUpdate(ctx context.Context, id string, version swarm.Version, config swarm.ConfigSpec) error {
if err := cli.NewVersionError("1.30", "config update"); err != nil {
return err

2
vendor/github.com/docker/docker/client/container_commit.go generated vendored
View File

@ -10,7 +10,7 @@ import (
"github.com/docker/docker/api/types"
)
// ContainerCommit applies changes into a container and creates a new tagged image.
// ContainerCommit applies changes to a container and creates a new tagged image.
func (cli *Client) ContainerCommit(ctx context.Context, container string, options types.ContainerCommitOptions) (types.IDResponse, error) {
var repository, tag string
if options.Reference != "" {

2
vendor/github.com/docker/docker/client/container_copy.go generated vendored
View File

@ -14,7 +14,7 @@ import (
"github.com/docker/docker/api/types"
)
// ContainerStatPath returns Stat information about a path inside the container filesystem.
// ContainerStatPath returns stat information about a path inside the container filesystem.
func (cli *Client) ContainerStatPath(ctx context.Context, containerID, path string) (types.ContainerPathStat, error) {
query := url.Values{}
query.Set("path", filepath.ToSlash(path)) // Normalize the paths used in the API.

2
vendor/github.com/docker/docker/client/container_create.go generated vendored
View File

@ -19,7 +19,7 @@ type configWrapper struct {
Platform *specs.Platform
}
// ContainerCreate creates a new container based in the given configuration.
// ContainerCreate creates a new container based on the given configuration.
// It can be associated with a name, but it's not mandatory.
func (cli *Client) ContainerCreate(ctx context.Context, config *container.Config, hostConfig *container.HostConfig, networkingConfig *network.NetworkingConfig, platform *specs.Platform, containerName string) (container.ContainerCreateCreatedBody, error) {
var response container.ContainerCreateCreatedBody

2
vendor/github.com/docker/docker/client/container_restart.go generated vendored
View File

@ -9,7 +9,7 @@ import (
)
// ContainerRestart stops and starts a container again.
// It makes the daemon to wait for the container to be up again for
// It makes the daemon wait for the container to be up again for
// a specific amount of time, given the timeout.
func (cli *Client) ContainerRestart(ctx context.Context, containerID string, timeout *time.Duration) error {
query := url.Values{}

2
vendor/github.com/docker/docker/client/container_update.go generated vendored
View File

@ -7,7 +7,7 @@ import (
"github.com/docker/docker/api/types/container"
)
// ContainerUpdate updates resources of a container
// ContainerUpdate updates the resources of a container.
func (cli *Client) ContainerUpdate(ctx context.Context, containerID string, updateConfig container.UpdateConfig) (container.ContainerUpdateOKBody, error) {
var response container.ContainerUpdateOKBody
serverResp, err := cli.post(ctx, "/containers/"+containerID+"/update", nil, updateConfig, nil)

2
vendor/github.com/docker/docker/client/distribution_inspect.go generated vendored
View File

@ -8,7 +8,7 @@ import (
registrytypes "github.com/docker/docker/api/types/registry"
)
// DistributionInspect returns the image digest with full Manifest
// DistributionInspect returns the image digest with the full manifest.
func (cli *Client) DistributionInspect(ctx context.Context, image, encodedRegistryAuth string) (registrytypes.DistributionInspect, error) {
// Contact the registry to retrieve digest and platform information
var distributionInspect registrytypes.DistributionInspect

4
vendor/github.com/docker/docker/client/image_build.go generated vendored
View File

@ -14,8 +14,8 @@ import (
"github.com/docker/docker/api/types/container"
)
// ImageBuild sends request to the daemon to build images.
// The Body in the response implement an io.ReadCloser and it's up to the caller to
// ImageBuild sends a request to the daemon to build images.
// The Body in the response implements an io.ReadCloser and it's up to the caller to
// close it.
func (cli *Client) ImageBuild(ctx context.Context, buildContext io.Reader, options types.ImageBuildOptions) (types.ImageBuildResponse, error) {
query, err := cli.imageBuildOptionsToQuery(options)

2
vendor/github.com/docker/docker/client/image_create.go generated vendored
View File

@ -10,7 +10,7 @@ import (
"github.com/docker/docker/api/types"
)
// ImageCreate creates a new image based in the parent options.
// ImageCreate creates a new image based on the parent options.
// It returns the JSON content in the response body.
func (cli *Client) ImageCreate(ctx context.Context, parentReference string, options types.ImageCreateOptions) (io.ReadCloser, error) {
ref, err := reference.ParseNormalizedNamed(parentReference)

2
vendor/github.com/docker/docker/client/image_import.go generated vendored
View File

@ -10,7 +10,7 @@ import (
"github.com/docker/docker/api/types"
)
// ImageImport creates a new image based in the source options.
// ImageImport creates a new image based on the source options.
// It returns the JSON content in the response body.
func (cli *Client) ImageImport(ctx context.Context, source types.ImageImportSource, ref string, options types.ImageImportOptions) (io.ReadCloser, error) {
if ref != "" {

2
vendor/github.com/docker/docker/client/image_search.go generated vendored
View File

@ -12,7 +12,7 @@ import (
"github.com/docker/docker/errdefs"
)
// ImageSearch makes the docker host to search by a term in a remote registry.
// ImageSearch makes the docker host search by a term in a remote registry.
// The list of results is not sorted in any fashion.
func (cli *Client) ImageSearch(ctx context.Context, term string, options types.ImageSearchOptions) ([]registry.SearchResult, error) {
var results []registry.SearchResult

2
vendor/github.com/docker/docker/client/secret_create.go generated vendored
View File

@ -8,7 +8,7 @@ import (
"github.com/docker/docker/api/types/swarm"
)
// SecretCreate creates a new Secret.
// SecretCreate creates a new secret.
func (cli *Client) SecretCreate(ctx context.Context, secret swarm.SecretSpec) (types.SecretCreateResponse, error) {
var response types.SecretCreateResponse
if err := cli.NewVersionError("1.25", "secret create"); err != nil {

2
vendor/github.com/docker/docker/client/secret_remove.go generated vendored
View File

@ -2,7 +2,7 @@ package client // import "github.com/docker/docker/client"
import "context"
// SecretRemove removes a Secret.
// SecretRemove removes a secret.
func (cli *Client) SecretRemove(ctx context.Context, id string) error {
if err := cli.NewVersionError("1.25", "secret remove"); err != nil {
return err

2
vendor/github.com/docker/docker/client/secret_update.go generated vendored
View File

@ -8,7 +8,7 @@ import (
"github.com/docker/docker/api/types/swarm"
)
// SecretUpdate attempts to update a Secret
// SecretUpdate attempts to update a secret.
func (cli *Client) SecretUpdate(ctx context.Context, id string, version swarm.Version, secret swarm.SecretSpec) error {
if err := cli.NewVersionError("1.25", "secret update"); err != nil {
return err

2
vendor/github.com/docker/docker/client/service_create.go generated vendored
View File

@ -13,7 +13,7 @@ import (
"github.com/pkg/errors"
)
// ServiceCreate creates a new Service.
// ServiceCreate creates a new service.
func (cli *Client) ServiceCreate(ctx context.Context, service swarm.ServiceSpec, options types.ServiceCreateOptions) (types.ServiceCreateResponse, error) {
var response types.ServiceCreateResponse
headers := map[string][]string{

2
vendor/github.com/docker/docker/client/task_inspect.go generated vendored
View File

@ -9,7 +9,7 @@ import (
"github.com/docker/docker/api/types/swarm"
)
// TaskInspectWithRaw returns the task information and its raw representation..
// TaskInspectWithRaw returns the task information and its raw representation.
func (cli *Client) TaskInspectWithRaw(ctx context.Context, taskID string) (swarm.Task, []byte, error) {
if taskID == "" {
return swarm.Task{}, nil, objectNotFoundError{object: "task", id: taskID}

52
vendor/github.com/docker/docker/errdefs/helpers.go generated vendored
View File

@ -10,6 +10,10 @@ func (e errNotFound) Cause() error {
return e.error
}
func (e errNotFound) Unwrap() error {
return e.error
}
// NotFound is a helper to create an error of the class with the same name from any error type
func NotFound(err error) error {
if err == nil || IsNotFound(err) {
@ -26,6 +30,10 @@ func (e errInvalidParameter) Cause() error {
return e.error
}
func (e errInvalidParameter) Unwrap() error {
return e.error
}
// InvalidParameter is a helper to create an error of the class with the same name from any error type
func InvalidParameter(err error) error {
if err == nil || IsInvalidParameter(err) {
@ -42,6 +50,10 @@ func (e errConflict) Cause() error {
return e.error
}
func (e errConflict) Unwrap() error {
return e.error
}
// Conflict is a helper to create an error of the class with the same name from any error type
func Conflict(err error) error {
if err == nil || IsConflict(err) {
@ -58,6 +70,10 @@ func (e errUnauthorized) Cause() error {
return e.error
}
func (e errUnauthorized) Unwrap() error {
return e.error
}
// Unauthorized is a helper to create an error of the class with the same name from any error type
func Unauthorized(err error) error {
if err == nil || IsUnauthorized(err) {
@ -74,6 +90,10 @@ func (e errUnavailable) Cause() error {
return e.error
}
func (e errUnavailable) Unwrap() error {
return e.error
}
// Unavailable is a helper to create an error of the class with the same name from any error type
func Unavailable(err error) error {
if err == nil || IsUnavailable(err) {
@ -90,6 +110,10 @@ func (e errForbidden) Cause() error {
return e.error
}
func (e errForbidden) Unwrap() error {
return e.error
}
// Forbidden is a helper to create an error of the class with the same name from any error type
func Forbidden(err error) error {
if err == nil || IsForbidden(err) {
@ -106,6 +130,10 @@ func (e errSystem) Cause() error {
return e.error
}
func (e errSystem) Unwrap() error {
return e.error
}
// System is a helper to create an error of the class with the same name from any error type
func System(err error) error {
if err == nil || IsSystem(err) {
@ -122,6 +150,10 @@ func (e errNotModified) Cause() error {
return e.error
}
func (e errNotModified) Unwrap() error {
return e.error
}
// NotModified is a helper to create an error of the class with the same name from any error type
func NotModified(err error) error {
if err == nil || IsNotModified(err) {
@ -138,6 +170,10 @@ func (e errNotImplemented) Cause() error {
return e.error
}
func (e errNotImplemented) Unwrap() error {
return e.error
}
// NotImplemented is a helper to create an error of the class with the same name from any error type
func NotImplemented(err error) error {
if err == nil || IsNotImplemented(err) {
@ -154,6 +190,10 @@ func (e errUnknown) Cause() error {
return e.error
}
func (e errUnknown) Unwrap() error {
return e.error
}
// Unknown is a helper to create an error of the class with the same name from any error type
func Unknown(err error) error {
if err == nil || IsUnknown(err) {
@ -170,6 +210,10 @@ func (e errCancelled) Cause() error {
return e.error
}
func (e errCancelled) Unwrap() error {
return e.error
}
// Cancelled is a helper to create an error of the class with the same name from any error type
func Cancelled(err error) error {
if err == nil || IsCancelled(err) {
@ -186,6 +230,10 @@ func (e errDeadline) Cause() error {
return e.error
}
func (e errDeadline) Unwrap() error {
return e.error
}
// Deadline is a helper to create an error of the class with the same name from any error type
func Deadline(err error) error {
if err == nil || IsDeadline(err) {
@ -202,6 +250,10 @@ func (e errDataLoss) Cause() error {
return e.error
}
func (e errDataLoss) Unwrap() error {
return e.error
}
// DataLoss is a helper to create an error of the class with the same name from any error type
func DataLoss(err error) error {
if err == nil || IsDataLoss(err) {

24
vendor/github.com/docker/docker/pkg/archive/archive.go generated vendored
View File

@ -11,7 +11,6 @@ import (
"io"
"io/ioutil"
"os"
"os/exec"
"path/filepath"
"runtime"
"strconv"
@ -25,6 +24,7 @@ import (
"github.com/docker/docker/pkg/pools"
"github.com/docker/docker/pkg/system"
"github.com/sirupsen/logrus"
exec "golang.org/x/sys/execabs"
)
type (
@ -402,10 +402,24 @@ func fillGo18FileTypeBits(mode int64, fi os.FileInfo) int64 {
// ReadSecurityXattrToTarHeader reads security.capability xattr from filesystem
// to a tar header
func ReadSecurityXattrToTarHeader(path string, hdr *tar.Header) error {
const (
// Values based on linux/include/uapi/linux/capability.h
xattrCapsSz2 = 20
versionOffset = 3
vfsCapRevision2 = 2
vfsCapRevision3 = 3
)
capability, _ := system.Lgetxattr(path, "security.capability")
if capability != nil {
length := len(capability)
if capability[versionOffset] == vfsCapRevision3 {
// Convert VFS_CAP_REVISION_3 to VFS_CAP_REVISION_2 as root UID makes no
// sense outside the user namespace the archive is built in.
capability[versionOffset] = vfsCapRevision2
length = xattrCapsSz2
}
hdr.Xattrs = make(map[string]string)
hdr.Xattrs["security.capability"] = string(capability)
hdr.Xattrs["security.capability"] = string(capability[:length])
}
return nil
}
@ -917,6 +931,12 @@ loop:
return err
}
// ignore XGlobalHeader early to avoid creating parent directories for them
if hdr.Typeflag == tar.TypeXGlobalHeader {
logrus.Debugf("PAX Global Extended Headers found for %s and ignored", hdr.Name)
continue
}
// Normalize name, for safety and for a simple is-root check
// This keeps "../" as-is, but normalizes "/../" to "/". Or Windows:
// This keeps "..\" as-is, but normalizes "\..\" to "\".

12
vendor/github.com/docker/docker/pkg/archive/archive_unix.go generated vendored
View File

@ -81,11 +81,6 @@ func getFileUIDGID(stat interface{}) (idtools.Identity, error) {
// handleTarTypeBlockCharFifo is an OS-specific helper function used by
// createTarFile to handle the following types of header: Block; Char; Fifo
func handleTarTypeBlockCharFifo(hdr *tar.Header, path string) error {
if sys.RunningInUserNS() {
// cannot create a device if running in user namespace
return nil
}
mode := uint32(hdr.Mode & 07777)
switch hdr.Typeflag {
case tar.TypeBlock:
@ -96,7 +91,12 @@ func handleTarTypeBlockCharFifo(hdr *tar.Header, path string) error {
mode |= unix.S_IFIFO
}
return system.Mknod(path, mode, int(system.Mkdev(hdr.Devmajor, hdr.Devminor)))
err := system.Mknod(path, mode, int(system.Mkdev(hdr.Devmajor, hdr.Devminor)))
if errors.Is(err, syscall.EPERM) && sys.RunningInUserNS() {
// In most cases, cannot create a device if running in user namespace
err = nil
}
return err
}
func handleLChmod(hdr *tar.Header, path string, hdrInfo os.FileInfo) error {

11
vendor/github.com/docker/docker/pkg/idtools/idtools.go generated vendored
View File

@ -35,13 +35,13 @@ const (
// MkdirAllAndChown creates a directory (include any along the path) and then modifies
// ownership to the requested uid/gid. If the directory already exists, this
// function will still change ownership to the requested uid/gid pair.
// function will still change ownership and permissions.
func MkdirAllAndChown(path string, mode os.FileMode, owner Identity) error {
return mkdirAs(path, mode, owner, true, true)
}
// MkdirAndChown creates a directory and then modifies ownership to the requested uid/gid.
// If the directory already exists, this function still changes ownership.
// If the directory already exists, this function still changes ownership and permissions.
// Note that unlike os.Mkdir(), this function does not return IsExist error
// in case path already exists.
func MkdirAndChown(path string, mode os.FileMode, owner Identity) error {
@ -50,7 +50,7 @@ func MkdirAndChown(path string, mode os.FileMode, owner Identity) error {
// MkdirAllAndChownNew creates a directory (include any along the path) and then modifies
// ownership ONLY of newly created directories to the requested uid/gid. If the
// directories along the path exist, no change of ownership will be performed
// directories along the path exist, no change of ownership or permissions will be performed
func MkdirAllAndChownNew(path string, mode os.FileMode, owner Identity) error {
return mkdirAs(path, mode, owner, true, false)
}
@ -234,3 +234,8 @@ func parseSubidFile(path, username string) (ranges, error) {
return rangeList, s.Err()
}
// CurrentIdentity returns the identity of the current process
func CurrentIdentity() Identity {
return Identity{UID: os.Getuid(), GID: os.Getegid()}
}

77
vendor/github.com/docker/docker/pkg/idtools/idtools_unix.go generated vendored
View File

@ -40,7 +40,7 @@ func mkdirAs(path string, mode os.FileMode, owner Identity, mkAll, chownExisting
}
// short-circuit--we were called with an existing directory and chown was requested
return lazyChown(path, owner.UID, owner.GID, stat)
return setPermissions(path, mode, owner.UID, owner.GID, stat)
}
if os.IsNotExist(err) {
@ -71,7 +71,7 @@ func mkdirAs(path string, mode os.FileMode, owner Identity, mkAll, chownExisting
// even if it existed, we will chown the requested path + any subpaths that
// didn't exist when we called MkdirAll
for _, pathComponent := range paths {
if err := lazyChown(pathComponent, owner.UID, owner.GID, nil); err != nil {
if err := setPermissions(pathComponent, mode, owner.UID, owner.GID, nil); err != nil {
return err
}
}
@ -213,10 +213,11 @@ func callGetent(database, key string) (io.Reader, error) {
return bytes.NewReader(out), nil
}
// lazyChown performs a chown only if the uid/gid don't match what's requested
// setPermissions performs a chown/chmod only if the uid/gid don't match what's requested
// Normally a Chown is a no-op if uid/gid match, but in some cases this can still cause an error, e.g. if the
// dir is on an NFS share, so don't call chown unless we absolutely must.
func lazyChown(p string, uid, gid int, stat *system.StatT) error {
// Likewise for setting permissions.
func setPermissions(p string, mode os.FileMode, uid, gid int, stat *system.StatT) error {
if stat == nil {
var err error
stat, err = system.Stat(p)
@ -224,6 +225,11 @@ func lazyChown(p string, uid, gid int, stat *system.StatT) error {
return err
}
}
if os.FileMode(stat.Mode()).Perm() != mode.Perm() {
if err := os.Chmod(p, mode.Perm()); err != nil {
return err
}
}
if stat.UID() == uint32(uid) && stat.GID() == uint32(gid) {
return nil
}
@ -239,38 +245,51 @@ func NewIdentityMapping(name string) (*IdentityMapping, error) {
return nil, fmt.Errorf("Could not get user for username %s: %v", name, err)
}
uid := strconv.Itoa(usr.Uid)
subuidRangesWithUserName, err := parseSubuid(name)
subuidRanges, err := lookupSubUIDRanges(usr)
if err != nil {
return nil, err
}
subgidRangesWithUserName, err := parseSubgid(name)
subgidRanges, err := lookupSubGIDRanges(usr)
if err != nil {
return nil, err
}
subuidRangesWithUID, err := parseSubuid(uid)
if err != nil {
return nil, err
}
subgidRangesWithUID, err := parseSubgid(uid)
if err != nil {
return nil, err
}
subuidRanges := append(subuidRangesWithUserName, subuidRangesWithUID...)
subgidRanges := append(subgidRangesWithUserName, subgidRangesWithUID...)
if len(subuidRanges) == 0 {
return nil, errors.Errorf("no subuid ranges found for user %q", name)
}
if len(subgidRanges) == 0 {
return nil, errors.Errorf("no subgid ranges found for user %q", name)
}
return &IdentityMapping{
uids: createIDMap(subuidRanges),
gids: createIDMap(subgidRanges),
uids: subuidRanges,
gids: subgidRanges,
}, nil
}
func lookupSubUIDRanges(usr user.User) ([]IDMap, error) {
rangeList, err := parseSubuid(strconv.Itoa(usr.Uid))
if err != nil {
return nil, err
}
if len(rangeList) == 0 {
rangeList, err = parseSubuid(usr.Name)
if err != nil {
return nil, err
}
}
if len(rangeList) == 0 {
return nil, errors.Errorf("no subuid ranges found for user %q", usr.Name)
}
return createIDMap(rangeList), nil
}
func lookupSubGIDRanges(usr user.User) ([]IDMap, error) {
rangeList, err := parseSubgid(strconv.Itoa(usr.Uid))
if err != nil {
return nil, err
}
if len(rangeList) == 0 {
rangeList, err = parseSubgid(usr.Name)
if err != nil {
return nil, err
}
}
if len(rangeList) == 0 {
return nil, errors.Errorf("no subgid ranges found for user %q", usr.Name)
}
return createIDMap(rangeList), nil
}