Merge pull request #42352 from AkihiroSuda/cherrypick-41724
[20.10 backport] Use v2 capabilities in layer archives
diff --git a/builder/builder-next/adapters/containerimage/pull.go b/builder/builder-next/adapters/containerimage/pull.go
index 8bd9b92..6b791f1 100644
--- a/builder/builder-next/adapters/containerimage/pull.go
+++ b/builder/builder-next/adapters/containerimage/pull.go
@@ -333,12 +333,12 @@
return dgst.String(), nil, false, nil
}
- if len(p.config) == 0 {
+ if len(p.config) == 0 && p.desc.MediaType != images.MediaTypeDockerSchema1Manifest {
return "", nil, false, errors.Errorf("invalid empty config file resolved for %s", p.src.Reference.String())
}
k := cacheKeyFromConfig(p.config).String()
- if k == "" {
+ if k == "" || p.desc.MediaType == images.MediaTypeDockerSchema1Manifest {
dgst, err := p.mainManifestKey(p.platform)
if err != nil {
return "", nil, false, err
diff --git a/container/container.go b/container/container.go
index df90a4e..e96f087 100644
--- a/container/container.go
+++ b/container/container.go
@@ -716,6 +716,17 @@
return filepath.Join(containerSecretMountPath, r.File.Name)
}
+// getConfigTargetPath makes sure that config paths inside the container are
+// absolute, as required by the runtime spec, and enforced by runc >= 1.0.0-rc94.
+// see https://github.com/opencontainers/runc/issues/2928
+func getConfigTargetPath(r *swarmtypes.ConfigReference) string {
+ if filepath.IsAbs(r.File.Name) {
+ return r.File.Name
+ }
+
+ return filepath.Join(containerConfigMountPath, r.File.Name)
+}
+
// CreateDaemonEnvironment creates a new environment variable slice for this container.
func (container *Container) CreateDaemonEnvironment(tty bool, linkedEnv []string) []string {
// Setup environment
diff --git a/container/container_unix.go b/container/container_unix.go
index d5c9837..7a49ff5 100644
--- a/container/container_unix.go
+++ b/container/container_unix.go
@@ -27,6 +27,7 @@
// for the graceful container stop before forcefully terminating it.
DefaultStopTimeout = 10
+ containerConfigMountPath = "/"
containerSecretMountPath = "/run/secrets"
)
@@ -242,7 +243,7 @@
}
mounts = append(mounts, Mount{
Source: fPath,
- Destination: r.File.Name,
+ Destination: getConfigTargetPath(r),
Writable: false,
})
}
diff --git a/container/container_windows.go b/container/container_windows.go
index 11e255d..22e77b1 100644
--- a/container/container_windows.go
+++ b/container/container_windows.go
@@ -12,6 +12,7 @@
)
const (
+ containerConfigMountPath = `C:\`
containerSecretMountPath = `C:\ProgramData\Docker\secrets`
containerInternalSecretMountPath = `C:\ProgramData\Docker\internal\secrets`
containerInternalConfigsDirPath = `C:\ProgramData\Docker\internal\configs`
@@ -87,7 +88,7 @@
if configRef.File == nil {
continue
}
- resolvedPath, _, err := container.ResolvePath(configRef.File.Name)
+ resolvedPath, _, err := container.ResolvePath(getConfigTargetPath(configRef))
if err != nil {
return err
}
diff --git a/daemon/errors.go b/daemon/errors.go
index aae0954..6f9eb54 100644
--- a/daemon/errors.go
+++ b/daemon/errors.go
@@ -141,11 +141,10 @@
// if we receive an internal error from the initial start of a container then lets
// return it instead of entering the restart loop
// set to 127 for container cmd not found/does not exist)
- if contains(errDesc, cmd) &&
- (contains(errDesc, "executable file not found") ||
- contains(errDesc, "no such file or directory") ||
- contains(errDesc, "system cannot find the file specified") ||
- contains(errDesc, "failed to run runc create/exec call")) {
+ if contains(errDesc, "executable file not found") ||
+ contains(errDesc, "no such file or directory") ||
+ contains(errDesc, "system cannot find the file specified") ||
+ contains(errDesc, "failed to run runc create/exec call") {
setExitCode(127)
retErr = startInvalidConfigError(errDesc)
}
diff --git a/hack/dockerfile/install/containerd.installer b/hack/dockerfile/install/containerd.installer
index e7c6488..d68e9bd 100755
--- a/hack/dockerfile/install/containerd.installer
+++ b/hack/dockerfile/install/containerd.installer
@@ -4,7 +4,7 @@
# containerd is also pinned in vendor.conf. When updating the binary
# version you may also need to update the vendor version to pick up bug
# fixes or new APIs.
-: "${CONTAINERD_COMMIT:=05f951a3781f4f2c1911b05e61c160e9c30eaa8e}" # v1.4.4
+: "${CONTAINERD_COMMIT:=d71fcd7d8303cbf684402823e425e9dd2e99285d}" # v1.4.6
install_containerd() (
echo "Install containerd version $CONTAINERD_COMMIT"
diff --git a/hack/dockerfile/install/proxy.installer b/hack/dockerfile/install/proxy.installer
index b7ce672..3b0bb4b 100755
--- a/hack/dockerfile/install/proxy.installer
+++ b/hack/dockerfile/install/proxy.installer
@@ -3,7 +3,7 @@
# LIBNETWORK_COMMIT is used to build the docker-userland-proxy binary. When
# updating the binary version, consider updating github.com/docker/libnetwork
# in vendor.conf accordingly
-: "${LIBNETWORK_COMMIT:=b3507428be5b458cb0e2b4086b13531fb0706e46}"
+: "${LIBNETWORK_COMMIT:=64b7a4574d1426139437d20e81c0b6d391130ec8}"
install_proxy() {
case "$1" in
diff --git a/hack/dockerfile/install/runc.installer b/hack/dockerfile/install/runc.installer
index 779eb9b..a9b27cf 100755
--- a/hack/dockerfile/install/runc.installer
+++ b/hack/dockerfile/install/runc.installer
@@ -4,7 +4,7 @@
# The version of runc should match the version that is used by the containerd
# version that is used. If you need to update runc, open a pull request in
# the containerd project first, and update both after that is merged.
-: ${RUNC_COMMIT:=12644e614e25b05da6fd08a38ffa0cfe1903fdec} # v1.0.0-rc93
+: ${RUNC_COMMIT:=b9ee9c6314599f1b4a7f497e1f1f856fe433d3b7} # v1.0.0-rc95
install_runc() {
# If using RHEL7 kernels (3.10.0 el7), disable kmem accounting/limiting
diff --git a/integration-cli/docker_cli_run_unix_test.go b/integration-cli/docker_cli_run_unix_test.go
index e6a6406..e000339 100644
--- a/integration-cli/docker_cli_run_unix_test.go
+++ b/integration-cli/docker_cli_run_unix_test.go
@@ -495,33 +495,6 @@
assert.Assert(c, strings.Contains(out, expected))
}
-func (s *DockerSuite) TestRunWithKernelMemory(c *testing.T) {
- testRequires(c, DaemonIsLinux, kernelMemorySupport)
-
- file := "/sys/fs/cgroup/memory/memory.kmem.limit_in_bytes"
- cli.DockerCmd(c, "run", "--kernel-memory", "50M", "--name", "test1", "busybox", "cat", file).Assert(c, icmd.Expected{
- Out: "52428800",
- })
-
- cli.InspectCmd(c, "test1", cli.Format(".HostConfig.KernelMemory")).Assert(c, icmd.Expected{
- Out: "52428800",
- })
-}
-
-func (s *DockerSuite) TestRunWithInvalidKernelMemory(c *testing.T) {
- testRequires(c, DaemonIsLinux, kernelMemorySupport)
-
- out, _, err := dockerCmdWithError("run", "--kernel-memory", "2M", "busybox", "true")
- assert.ErrorContains(c, err, "")
- expected := "Minimum kernel memory limit allowed is 4MB"
- assert.Assert(c, strings.Contains(out, expected))
-
- out, _, err = dockerCmdWithError("run", "--kernel-memory", "-16m", "--name", "test2", "busybox", "echo", "test")
- assert.ErrorContains(c, err, "")
- expected = "invalid size"
- assert.Assert(c, strings.Contains(out, expected))
-}
-
func (s *DockerSuite) TestRunWithCPUShares(c *testing.T) {
testRequires(c, cpuShare)
diff --git a/integration-cli/docker_cli_update_unix_test.go b/integration-cli/docker_cli_update_unix_test.go
index 1b3e508..53621b6 100644
--- a/integration-cli/docker_cli_update_unix_test.go
+++ b/integration-cli/docker_cli_update_unix_test.go
@@ -14,7 +14,6 @@
"github.com/creack/pty"
"github.com/docker/docker/api/types"
"github.com/docker/docker/client"
- "github.com/docker/docker/pkg/parsers/kernel"
"github.com/docker/docker/testutil/request"
"gotest.tools/v3/assert"
)
@@ -122,67 +121,6 @@
assert.ErrorContains(c, err, "")
}
-func (s *DockerSuite) TestUpdateKernelMemory(c *testing.T) {
- testRequires(c, DaemonIsLinux, kernelMemorySupport)
-
- name := "test-update-container"
- dockerCmd(c, "run", "-d", "--name", name, "--kernel-memory", "50M", "busybox", "top")
- dockerCmd(c, "update", "--kernel-memory", "100M", name)
-
- assert.Equal(c, inspectField(c, name, "HostConfig.KernelMemory"), "104857600")
-
- file := "/sys/fs/cgroup/memory/memory.kmem.limit_in_bytes"
- out, _ := dockerCmd(c, "exec", name, "cat", file)
- assert.Equal(c, strings.TrimSpace(out), "104857600")
-}
-
-func (s *DockerSuite) TestUpdateKernelMemoryUninitialized(c *testing.T) {
- testRequires(c, DaemonIsLinux, kernelMemorySupport)
-
- isNewKernel := CheckKernelVersion(4, 6, 0)
- name := "test-update-container"
- dockerCmd(c, "run", "-d", "--name", name, "busybox", "top")
- _, _, err := dockerCmdWithError("update", "--kernel-memory", "100M", name)
- // Update kernel memory to a running container without kernel memory initialized
- // is not allowed before kernel version 4.6.
- if !isNewKernel {
- assert.ErrorContains(c, err, "")
- } else {
- assert.NilError(c, err)
- }
-
- dockerCmd(c, "pause", name)
- _, _, err = dockerCmdWithError("update", "--kernel-memory", "200M", name)
- if !isNewKernel {
- assert.ErrorContains(c, err, "")
- } else {
- assert.NilError(c, err)
- }
- dockerCmd(c, "unpause", name)
-
- dockerCmd(c, "stop", name)
- dockerCmd(c, "update", "--kernel-memory", "300M", name)
- dockerCmd(c, "start", name)
-
- assert.Equal(c, inspectField(c, name, "HostConfig.KernelMemory"), "314572800")
-
- file := "/sys/fs/cgroup/memory/memory.kmem.limit_in_bytes"
- out, _ := dockerCmd(c, "exec", name, "cat", file)
- assert.Equal(c, strings.TrimSpace(out), "314572800")
-}
-
-// GetKernelVersion gets the current kernel version.
-func GetKernelVersion() *kernel.VersionInfo {
- v, _ := kernel.ParseRelease(testEnv.DaemonInfo.KernelVersion)
- return v
-}
-
-// CheckKernelVersion checks if current kernel is newer than (or equal to)
-// the given version.
-func CheckKernelVersion(k, major, minor int) bool {
- return kernel.CompareKernelVersion(*GetKernelVersion(), kernel.VersionInfo{Kernel: k, Major: major, Minor: minor}) >= 0
-}
-
func (s *DockerSuite) TestUpdateSwapMemoryOnly(c *testing.T) {
testRequires(c, DaemonIsLinux)
testRequires(c, memoryLimitSupport)
diff --git a/integration-cli/requirements_unix_test.go b/integration-cli/requirements_unix_test.go
index c309824..8c75b26 100644
--- a/integration-cli/requirements_unix_test.go
+++ b/integration-cli/requirements_unix_test.go
@@ -8,7 +8,6 @@
"os/exec"
"strings"
- "github.com/docker/docker/pkg/parsers/kernel"
"github.com/docker/docker/pkg/sysinfo"
)
@@ -37,21 +36,6 @@
return SysInfo.PidsLimit
}
-func kernelMemorySupport() bool {
- // TODO remove this once kmem support in RHEL kernels is fixed. See https://github.com/opencontainers/runc/pull/1921
- daemonV, err := kernel.ParseRelease(testEnv.DaemonInfo.KernelVersion)
- if err != nil {
- return false
- }
- requiredV := kernel.VersionInfo{Kernel: 3, Major: 10}
- if kernel.CompareKernelVersion(*daemonV, requiredV) < 1 {
- // On Kernel 3.10 and under, don't consider kernel memory to be supported,
- // even if the kernel (and thus the daemon) reports it as being supported
- return false
- }
- return testEnv.DaemonInfo.KernelMemory
-}
-
func memoryLimitSupport() bool {
return testEnv.DaemonInfo.MemoryLimit
}
diff --git a/integration/container/run_linux_test.go b/integration/container/run_linux_test.go
index 9e1f6c0..9bff9b5 100644
--- a/integration/container/run_linux_test.go
+++ b/integration/container/run_linux_test.go
@@ -2,7 +2,6 @@
import (
"context"
- "strconv"
"strings"
"testing"
"time"
@@ -17,40 +16,6 @@
"gotest.tools/v3/skip"
)
-func TestKernelTCPMemory(t *testing.T) {
- skip.If(t, testEnv.DaemonInfo.OSType != "linux")
- skip.If(t, versions.LessThan(testEnv.DaemonAPIVersion(), "1.40"), "skip test from new feature")
- skip.If(t, testEnv.DaemonInfo.CgroupDriver == "none")
- skip.If(t, !testEnv.DaemonInfo.KernelMemoryTCP)
-
- defer setupTest(t)()
- client := testEnv.APIClient()
- ctx := context.Background()
-
- const (
- kernelMemoryTCP int64 = 200 * 1024 * 1024
- )
-
- cID := container.Run(ctx, t, client, func(c *container.TestContainerConfig) {
- c.HostConfig.Resources = containertypes.Resources{
- KernelMemoryTCP: kernelMemoryTCP,
- }
- })
-
- poll.WaitOn(t, container.IsInState(ctx, client, cID, "running"), poll.WithDelay(100*time.Millisecond))
-
- inspect, err := client.ContainerInspect(ctx, cID)
- assert.NilError(t, err)
- assert.Check(t, is.Equal(kernelMemoryTCP, inspect.HostConfig.KernelMemoryTCP))
-
- res, err := container.Exec(ctx, client, cID,
- []string{"cat", "/sys/fs/cgroup/memory/memory.kmem.tcp.limit_in_bytes"})
- assert.NilError(t, err)
- assert.Assert(t, is.Len(res.Stderr(), 0))
- assert.Equal(t, 0, res.ExitCode)
- assert.Check(t, is.Equal(strconv.FormatInt(kernelMemoryTCP, 10), strings.TrimSpace(res.Stdout())))
-}
-
func TestNISDomainname(t *testing.T) {
// Older versions of the daemon would concatenate hostname and domainname,
// so hostname "foobar" and domainname "baz.cyphar.com" would produce
diff --git a/pkg/signal/signal.go b/pkg/signal/signal.go
index 88ef7b5..b274033 100644
--- a/pkg/signal/signal.go
+++ b/pkg/signal/signal.go
@@ -12,9 +12,16 @@
)
// CatchAll catches all signals and relays them to the specified channel.
+// SIGURG is not handled, as it's used by the Go runtime to support
+// preemptable system calls.
func CatchAll(sigc chan os.Signal) {
var handledSigs []os.Signal
- for _, s := range SignalMap {
+ for n, s := range SignalMap {
+ if n == "URG" {
+ // Do not handle SIGURG, as in go1.14+, the go runtime issues
+ // SIGURG as an interrupt to support preemptable system calls on Linux.
+ continue
+ }
handledSigs = append(handledSigs, s)
}
signal.Notify(sigc, handledSigs...)
diff --git a/pkg/signal/signal_linux_test.go b/pkg/signal/signal_linux_test.go
index 8e2fb98..decd454 100644
--- a/pkg/signal/signal_linux_test.go
+++ b/pkg/signal/signal_linux_test.go
@@ -6,6 +6,7 @@
"os"
"syscall"
"testing"
+ "time"
"gotest.tools/v3/assert"
is "gotest.tools/v3/assert/cmp"
@@ -34,6 +35,22 @@
}
}
+func TestCatchAllIgnoreSigUrg(t *testing.T) {
+ sigs := make(chan os.Signal, 1)
+ CatchAll(sigs)
+ defer StopCatch(sigs)
+
+ err := syscall.Kill(syscall.Getpid(), syscall.SIGURG)
+ assert.NilError(t, err)
+ timer := time.NewTimer(1 * time.Second)
+ defer timer.Stop()
+ select {
+ case <-timer.C:
+ case s := <-sigs:
+ t.Fatalf("expected no signals to be handled, but received %q", s.String())
+ }
+}
+
func TestStopCatch(t *testing.T) {
signal := SignalMap["HUP"]
channel := make(chan os.Signal, 1)
diff --git a/vendor.conf b/vendor.conf
index 8a72ad5..b8cb3ae 100644
--- a/vendor.conf
+++ b/vendor.conf
@@ -1,5 +1,5 @@
github.com/Azure/go-ansiterm d6e3b3328b783f23731bc4d058875b0371ff8109
-github.com/Microsoft/hcsshim 9dcb42f100215f8d375b4a9265e5bba009217a85 # moby branch
+github.com/Microsoft/hcsshim 89a9a3b524264d34985f1d48793ab2b2d2e430f6 # moby branch
github.com/Microsoft/go-winio 5b44b70ab3ab4d291a7c1d28afe7b4afeced0ed4 # v0.4.15
github.com/docker/libtrust 9cbd2a1374f46905c68a4eb3694a130610adc62a
github.com/golang/gddo 72a348e765d293ed6d1ded7b699591f14d6cd921
@@ -33,7 +33,7 @@
golang.org/x/sync cd5d95a43a6e21273425c7ae415d3df9ea832eeb
# buildkit
-github.com/moby/buildkit 9065b18ba4633c75862befca8188de4338d9f94a # v0.8.2
+github.com/moby/buildkit 244e8cde639f71a05a1a2e0670bd88e0206ce55c # v0.8.3-3-g244e8cde
github.com/tonistiigi/fsutil 0834f99b7b85462efb69b4f571a4fa3ca7da5ac9
github.com/tonistiigi/units 6950e57a87eaf136bbe44ef2ec8e75b9e3569de2
github.com/grpc-ecosystem/grpc-opentracing 8e809c8a86450a29b90dcc9efbf062d0fe6d9746
@@ -47,7 +47,7 @@
# libnetwork
# When updating, also update LIBNETWORK_COMMIT in hack/dockerfile/install/proxy.installer accordingly
-github.com/docker/libnetwork b3507428be5b458cb0e2b4086b13531fb0706e46
+github.com/docker/libnetwork 64b7a4574d1426139437d20e81c0b6d391130ec8
github.com/docker/go-events e31b211e4f1cd09aa76fe4ac244571fab96ae47f
github.com/armon/go-radix e39d623f12e8e41c7b5529e9a9dd67a1e2261f80
github.com/armon/go-metrics eb0af217e5e9747e41dd5303755356b62d28e3ec
@@ -72,7 +72,7 @@
github.com/ugorji/go b4c50a2b199d93b13dc15e78929cfb23bfdf21ab # v1.1.1
github.com/hashicorp/consul 9a9cc9341bb487651a0399e3fc5e1e8a42e62dd9 # v0.5.2
github.com/miekg/dns 6c0c4e6581f8e173cc562c8b3363ab984e4ae071 # v1.1.27
-github.com/ishidawataru/sctp 6e2cb1366111dcf547c13531e3a263a067715847
+github.com/ishidawataru/sctp f2269e66cdee387bd321445d5d300893449805be
go.etcd.io/bbolt 232d8fc87f50244f9c808f4745759e08a304c029 # v1.3.5
# get graph and distribution packages
diff --git a/vendor/github.com/Microsoft/hcsshim/errors.go b/vendor/github.com/Microsoft/hcsshim/errors.go
index 63efa23..9c88c70 100644
--- a/vendor/github.com/Microsoft/hcsshim/errors.go
+++ b/vendor/github.com/Microsoft/hcsshim/errors.go
@@ -83,7 +83,6 @@
type ProcessError struct {
Process *process
Operation string
- ExtraInfo string
Err error
Events []hcs.ErrorEvent
}
@@ -92,7 +91,6 @@
type ContainerError struct {
Container *container
Operation string
- ExtraInfo string
Err error
Events []hcs.ErrorEvent
}
@@ -125,10 +123,6 @@
s += "\n" + ev.String()
}
- if e.ExtraInfo != "" {
- s += " extra info: " + e.ExtraInfo
- }
-
return s
}
@@ -137,7 +131,7 @@
if _, ok := err.(*ContainerError); ok {
return err
}
- containerError := &ContainerError{Container: container, Operation: operation, ExtraInfo: extraInfo, Err: err}
+ containerError := &ContainerError{Container: container, Operation: operation, Err: err}
return containerError
}
@@ -176,7 +170,7 @@
if _, ok := err.(*ProcessError); ok {
return err
}
- processError := &ProcessError{Process: process, Operation: operation, ExtraInfo: extraInfo, Err: err}
+ processError := &ProcessError{Process: process, Operation: operation, Err: err}
return processError
}
@@ -244,7 +238,7 @@
func convertSystemError(err error, c *container) error {
if serr, ok := err.(*hcs.SystemError); ok {
- return &ContainerError{Container: c, Operation: serr.Op, ExtraInfo: serr.Extra, Err: serr.Err, Events: serr.Events}
+ return &ContainerError{Container: c, Operation: serr.Op, Err: serr.Err, Events: serr.Events}
}
return err
}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/errors.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/errors.go
index 9a4705a..d083880 100644
--- a/vendor/github.com/Microsoft/hcsshim/internal/hcs/errors.go
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/errors.go
@@ -171,7 +171,6 @@
ID string
Op string
Err error
- Extra string
Events []ErrorEvent
}
@@ -182,9 +181,6 @@
for _, ev := range e.Events {
s += "\n" + ev.String()
}
- if e.Extra != "" {
- s += "\n(extra info: " + e.Extra + ")"
- }
return s
}
@@ -198,7 +194,7 @@
return ok && err.Timeout()
}
-func makeSystemError(system *System, op string, extra string, err error, events []ErrorEvent) error {
+func makeSystemError(system *System, op string, err error, events []ErrorEvent) error {
// Don't double wrap errors
if _, ok := err.(*SystemError); ok {
return err
@@ -206,7 +202,6 @@
return &SystemError{
ID: system.ID(),
Op: op,
- Extra: extra,
Err: err,
Events: events,
}
diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/system.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/system.go
index 67a5f71..f21dc32 100644
--- a/vendor/github.com/Microsoft/hcsshim/internal/hcs/system.go
+++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/system.go
@@ -75,7 +75,7 @@
// Terminate the compute system if it still exists. We're okay to
// ignore a failure here.
computeSystem.Terminate(ctx)
- return nil, makeSystemError(computeSystem, operation, "", err, nil)
+ return nil, makeSystemError(computeSystem, operation, err, nil)
}
}
@@ -86,7 +86,7 @@
// ignore a failure here.
computeSystem.Terminate(ctx)
}
- return nil, makeSystemError(computeSystem, operation, hcsDocument, err, events)
+ return nil, makeSystemError(computeSystem, operation, err, events)
}
go computeSystem.waitBackground()
if err = computeSystem.getCachedProperties(ctx); err != nil {
@@ -103,7 +103,7 @@
handle, resultJSON, err := vmcompute.HcsOpenComputeSystem(ctx, id)
events := processHcsResult(ctx, resultJSON)
if err != nil {
- return nil, makeSystemError(computeSystem, operation, "", err, events)
+ return nil, makeSystemError(computeSystem, operation, err, events)
}
computeSystem.handle = handle
defer func() {
@@ -112,7 +112,7 @@
}
}()
if err = computeSystem.registerCallback(ctx); err != nil {
- return nil, makeSystemError(computeSystem, operation, "", err, nil)
+ return nil, makeSystemError(computeSystem, operation, err, nil)
}
go computeSystem.waitBackground()
if err = computeSystem.getCachedProperties(ctx); err != nil {
@@ -188,13 +188,13 @@
defer computeSystem.handleLock.RUnlock()
if computeSystem.handle == 0 {
- return makeSystemError(computeSystem, operation, "", ErrAlreadyClosed, nil)
+ return makeSystemError(computeSystem, operation, ErrAlreadyClosed, nil)
}
resultJSON, err := vmcompute.HcsStartComputeSystem(ctx, computeSystem.handle, "")
events, err := processAsyncHcsResult(ctx, err, resultJSON, computeSystem.callbackNumber, hcsNotificationSystemStartCompleted, &timeout.SystemStart)
if err != nil {
- return makeSystemError(computeSystem, operation, "", err, events)
+ return makeSystemError(computeSystem, operation, err, events)
}
return nil
@@ -221,7 +221,7 @@
switch err {
case nil, ErrVmcomputeAlreadyStopped, ErrComputeSystemDoesNotExist, ErrVmcomputeOperationPending:
default:
- return makeSystemError(computeSystem, operation, "", err, events)
+ return makeSystemError(computeSystem, operation, err, events)
}
return nil
}
@@ -242,7 +242,7 @@
switch err {
case nil, ErrVmcomputeAlreadyStopped, ErrComputeSystemDoesNotExist, ErrVmcomputeOperationPending:
default:
- return makeSystemError(computeSystem, operation, "", err, events)
+ return makeSystemError(computeSystem, operation, err, events)
}
return nil
}
@@ -264,10 +264,10 @@
log.G(ctx).Debug("system exited")
case ErrVmcomputeUnexpectedExit:
log.G(ctx).Debug("unexpected system exit")
- computeSystem.exitError = makeSystemError(computeSystem, operation, "", err, nil)
+ computeSystem.exitError = makeSystemError(computeSystem, operation, err, nil)
err = nil
default:
- err = makeSystemError(computeSystem, operation, "", err, nil)
+ err = makeSystemError(computeSystem, operation, err, nil)
}
computeSystem.closedWaitOnce.Do(func() {
computeSystem.waitError = err
@@ -305,13 +305,13 @@
queryBytes, err := json.Marshal(schema1.PropertyQuery{PropertyTypes: types})
if err != nil {
- return nil, makeSystemError(computeSystem, operation, "", err, nil)
+ return nil, makeSystemError(computeSystem, operation, err, nil)
}
propertiesJSON, resultJSON, err := vmcompute.HcsGetComputeSystemProperties(ctx, computeSystem.handle, string(queryBytes))
events := processHcsResult(ctx, resultJSON)
if err != nil {
- return nil, makeSystemError(computeSystem, operation, "", err, events)
+ return nil, makeSystemError(computeSystem, operation, err, events)
}
if propertiesJSON == "" {
@@ -319,7 +319,7 @@
}
properties := &schema1.ContainerProperties{}
if err := json.Unmarshal([]byte(propertiesJSON), properties); err != nil {
- return nil, makeSystemError(computeSystem, operation, "", err, nil)
+ return nil, makeSystemError(computeSystem, operation, err, nil)
}
return properties, nil
@@ -334,13 +334,13 @@
queryBytes, err := json.Marshal(hcsschema.PropertyQuery{PropertyTypes: types})
if err != nil {
- return nil, makeSystemError(computeSystem, operation, "", err, nil)
+ return nil, makeSystemError(computeSystem, operation, err, nil)
}
propertiesJSON, resultJSON, err := vmcompute.HcsGetComputeSystemProperties(ctx, computeSystem.handle, string(queryBytes))
events := processHcsResult(ctx, resultJSON)
if err != nil {
- return nil, makeSystemError(computeSystem, operation, "", err, events)
+ return nil, makeSystemError(computeSystem, operation, err, events)
}
if propertiesJSON == "" {
@@ -348,7 +348,7 @@
}
properties := &hcsschema.Properties{}
if err := json.Unmarshal([]byte(propertiesJSON), properties); err != nil {
- return nil, makeSystemError(computeSystem, operation, "", err, nil)
+ return nil, makeSystemError(computeSystem, operation, err, nil)
}
return properties, nil
@@ -369,13 +369,13 @@
defer computeSystem.handleLock.RUnlock()
if computeSystem.handle == 0 {
- return makeSystemError(computeSystem, operation, "", ErrAlreadyClosed, nil)
+ return makeSystemError(computeSystem, operation, ErrAlreadyClosed, nil)
}
resultJSON, err := vmcompute.HcsPauseComputeSystem(ctx, computeSystem.handle, "")
events, err := processAsyncHcsResult(ctx, err, resultJSON, computeSystem.callbackNumber, hcsNotificationSystemPauseCompleted, &timeout.SystemPause)
if err != nil {
- return makeSystemError(computeSystem, operation, "", err, events)
+ return makeSystemError(computeSystem, operation, err, events)
}
return nil
@@ -396,13 +396,13 @@
defer computeSystem.handleLock.RUnlock()
if computeSystem.handle == 0 {
- return makeSystemError(computeSystem, operation, "", ErrAlreadyClosed, nil)
+ return makeSystemError(computeSystem, operation, ErrAlreadyClosed, nil)
}
resultJSON, err := vmcompute.HcsResumeComputeSystem(ctx, computeSystem.handle, "")
events, err := processAsyncHcsResult(ctx, err, resultJSON, computeSystem.callbackNumber, hcsNotificationSystemResumeCompleted, &timeout.SystemResume)
if err != nil {
- return makeSystemError(computeSystem, operation, "", err, events)
+ return makeSystemError(computeSystem, operation, err, events)
}
return nil
@@ -413,19 +413,19 @@
defer computeSystem.handleLock.RUnlock()
if computeSystem.handle == 0 {
- return nil, nil, makeSystemError(computeSystem, operation, "", ErrAlreadyClosed, nil)
+ return nil, nil, makeSystemError(computeSystem, operation, ErrAlreadyClosed, nil)
}
configurationb, err := json.Marshal(c)
if err != nil {
- return nil, nil, makeSystemError(computeSystem, operation, "", err, nil)
+ return nil, nil, makeSystemError(computeSystem, operation, err, nil)
}
configuration := string(configurationb)
processInfo, processHandle, resultJSON, err := vmcompute.HcsCreateProcess(ctx, computeSystem.handle, configuration)
events := processHcsResult(ctx, resultJSON)
if err != nil {
- return nil, nil, makeSystemError(computeSystem, operation, configuration, err, events)
+ return nil, nil, makeSystemError(computeSystem, operation, err, events)
}
log.G(ctx).WithField("pid", processInfo.ProcessId).Debug("created process pid")
@@ -447,7 +447,7 @@
pipes, err := makeOpenFiles([]syscall.Handle{processInfo.StdInput, processInfo.StdOutput, processInfo.StdError})
if err != nil {
- return nil, makeSystemError(computeSystem, operation, "", err, nil)
+ return nil, makeSystemError(computeSystem, operation, err, nil)
}
process.stdin = pipes[0]
process.stdout = pipes[1]
@@ -455,7 +455,7 @@
process.hasCachedStdio = true
if err = process.registerCallback(ctx); err != nil {
- return nil, makeSystemError(computeSystem, operation, "", err, nil)
+ return nil, makeSystemError(computeSystem, operation, err, nil)
}
go process.waitBackground()
@@ -470,18 +470,18 @@
operation := "hcsshim::System::OpenProcess"
if computeSystem.handle == 0 {
- return nil, makeSystemError(computeSystem, operation, "", ErrAlreadyClosed, nil)
+ return nil, makeSystemError(computeSystem, operation, ErrAlreadyClosed, nil)
}
processHandle, resultJSON, err := vmcompute.HcsOpenProcess(ctx, computeSystem.handle, uint32(pid))
events := processHcsResult(ctx, resultJSON)
if err != nil {
- return nil, makeSystemError(computeSystem, operation, "", err, events)
+ return nil, makeSystemError(computeSystem, operation, err, events)
}
process := newProcess(processHandle, pid, computeSystem)
if err = process.registerCallback(ctx); err != nil {
- return nil, makeSystemError(computeSystem, operation, "", err, nil)
+ return nil, makeSystemError(computeSystem, operation, err, nil)
}
go process.waitBackground()
@@ -505,12 +505,12 @@
}
if err = computeSystem.unregisterCallback(ctx); err != nil {
- return makeSystemError(computeSystem, operation, "", err, nil)
+ return makeSystemError(computeSystem, operation, err, nil)
}
err = vmcompute.HcsCloseComputeSystem(ctx, computeSystem.handle)
if err != nil {
- return makeSystemError(computeSystem, operation, "", err, nil)
+ return makeSystemError(computeSystem, operation, err, nil)
}
computeSystem.handle = 0
@@ -587,7 +587,7 @@
operation := "hcsshim::System::Modify"
if computeSystem.handle == 0 {
- return makeSystemError(computeSystem, operation, "", ErrAlreadyClosed, nil)
+ return makeSystemError(computeSystem, operation, ErrAlreadyClosed, nil)
}
requestBytes, err := json.Marshal(config)
@@ -599,7 +599,7 @@
resultJSON, err := vmcompute.HcsModifyComputeSystem(ctx, computeSystem.handle, requestJSON)
events := processHcsResult(ctx, resultJSON)
if err != nil {
- return makeSystemError(computeSystem, operation, requestJSON, err, events)
+ return makeSystemError(computeSystem, operation, err, events)
}
return nil
diff --git a/vendor/github.com/docker/libnetwork/drivers/bridge/port_mapping.go b/vendor/github.com/docker/libnetwork/drivers/bridge/port_mapping.go
index 946130e..17bf36f 100644
--- a/vendor/github.com/docker/libnetwork/drivers/bridge/port_mapping.go
+++ b/vendor/github.com/docker/libnetwork/drivers/bridge/port_mapping.go
@@ -5,6 +5,7 @@
"errors"
"fmt"
"net"
+ "sync"
"github.com/docker/libnetwork/types"
"github.com/ishidawataru/sctp"
@@ -50,6 +51,13 @@
bs = append(bs, bIPv4)
}
+ // skip adding implicit v6 addr, when the kernel was booted with `ipv6.disable=1`
+ // https://github.com/moby/moby/issues/42288
+ isV6Binding := c.HostIP != nil && c.HostIP.To4() == nil
+ if !isV6Binding && !IsV6Listenable() {
+ continue
+ }
+
// Allocate IPv6 Port mappings
// If the container has no IPv6 address, allow proxying host IPv6 traffic to it
// by setting up the binding with the IPv4 interface if the userland proxy is enabled
@@ -211,3 +219,26 @@
return portmapper.Unmap(host)
}
+
+var (
+ v6ListenableCached bool
+ v6ListenableOnce sync.Once
+)
+
+// IsV6Listenable returns true when `[::1]:0` is listenable.
+// IsV6Listenable returns false mostly when the kernel was booted with `ipv6.disable=1` option.
+func IsV6Listenable() bool {
+ v6ListenableOnce.Do(func() {
+ ln, err := net.Listen("tcp6", "[::1]:0")
+ if err != nil {
+ // When the kernel was booted with `ipv6.disable=1`,
+ // we get err "listen tcp6 [::1]:0: socket: address family not supported by protocol"
+ // https://github.com/moby/moby/issues/42288
+ logrus.Debugf("port_mapping: v6Listenable=false (%v)", err)
+ } else {
+ v6ListenableCached = true
+ ln.Close()
+ }
+ })
+ return v6ListenableCached
+}
diff --git a/vendor/github.com/docker/libnetwork/network.go b/vendor/github.com/docker/libnetwork/network.go
index a7a6d07..2514d6c 100644
--- a/vendor/github.com/docker/libnetwork/network.go
+++ b/vendor/github.com/docker/libnetwork/network.go
@@ -1409,21 +1409,21 @@
if n.ingress {
return
}
-
- logrus.Debugf("%s (%.7s).addSvcRecords(%s, %s, %s, %t) %s sid:%s", eID, n.ID(), name, epIP, epIPv6, ipMapUpdate, method, serviceID)
+ networkID := n.ID()
+ logrus.Debugf("%s (%.7s).addSvcRecords(%s, %s, %s, %t) %s sid:%s", eID, networkID, name, epIP, epIPv6, ipMapUpdate, method, serviceID)
c := n.getController()
c.Lock()
defer c.Unlock()
- sr, ok := c.svcRecords[n.ID()]
+ sr, ok := c.svcRecords[networkID]
if !ok {
sr = svcInfo{
svcMap: setmatrix.NewSetMatrix(),
svcIPv6Map: setmatrix.NewSetMatrix(),
ipMap: setmatrix.NewSetMatrix(),
}
- c.svcRecords[n.ID()] = sr
+ c.svcRecords[networkID] = sr
}
if ipMapUpdate {
@@ -1445,14 +1445,14 @@
if n.ingress {
return
}
-
- logrus.Debugf("%s (%.7s).deleteSvcRecords(%s, %s, %s, %t) %s sid:%s ", eID, n.ID(), name, epIP, epIPv6, ipMapUpdate, method, serviceID)
+ networkID := n.ID()
+ logrus.Debugf("%s (%.7s).deleteSvcRecords(%s, %s, %s, %t) %s sid:%s ", eID, networkID, name, epIP, epIPv6, ipMapUpdate, method, serviceID)
c := n.getController()
c.Lock()
defer c.Unlock()
- sr, ok := c.svcRecords[n.ID()]
+ sr, ok := c.svcRecords[networkID]
if !ok {
return
}
@@ -1972,9 +1972,10 @@
var ipv6Miss bool
c := n.getController()
+ networkID := n.ID()
c.Lock()
defer c.Unlock()
- sr, ok := c.svcRecords[n.ID()]
+ sr, ok := c.svcRecords[networkID]
if !ok {
return nil, false
@@ -2012,10 +2013,11 @@
}
func (n *network) HandleQueryResp(name string, ip net.IP) {
+ networkID := n.ID()
c := n.getController()
c.Lock()
defer c.Unlock()
- sr, ok := c.svcRecords[n.ID()]
+ sr, ok := c.svcRecords[networkID]
if !ok {
return
@@ -2031,10 +2033,11 @@
}
func (n *network) ResolveIP(ip string) string {
+ networkID := n.ID()
c := n.getController()
c.Lock()
defer c.Unlock()
- sr, ok := c.svcRecords[n.ID()]
+ sr, ok := c.svcRecords[networkID]
if !ok {
return ""
@@ -2085,9 +2088,10 @@
proto := parts[1]
svcName := strings.Join(parts[2:], ".")
+ networkID := n.ID()
c.Lock()
defer c.Unlock()
- sr, ok := c.svcRecords[n.ID()]
+ sr, ok := c.svcRecords[networkID]
if !ok {
return nil, nil
diff --git a/vendor/github.com/docker/libnetwork/vendor.conf b/vendor/github.com/docker/libnetwork/vendor.conf
index 52aaac2..36e1019 100644
--- a/vendor/github.com/docker/libnetwork/vendor.conf
+++ b/vendor/github.com/docker/libnetwork/vendor.conf
@@ -43,7 +43,7 @@
golang.org/x/sys ed371f2e16b4b305ee99df548828de367527b76b
golang.org/x/sync cd5d95a43a6e21273425c7ae415d3df9ea832eeb
github.com/pkg/errors 614d223910a179a466c1767a985424175c39b465 # v0.9.1
-github.com/ishidawataru/sctp 6e2cb1366111dcf547c13531e3a263a067715847
+github.com/ishidawataru/sctp f2269e66cdee387bd321445d5d300893449805be
go.opencensus.io 9c377598961b706d1542bd2d84d538b5094d596e # v0.22.0
gotest.tools/v3 bb0d8a963040ea5048dcef1a14d8f8b58a33d4b3 # v3.0.2
diff --git a/vendor/github.com/ishidawataru/sctp/NOTICE b/vendor/github.com/ishidawataru/sctp/NOTICE
new file mode 100644
index 0000000..cfb675f
--- /dev/null
+++ b/vendor/github.com/ishidawataru/sctp/NOTICE
@@ -0,0 +1,3 @@
+This source code includes following third party code
+
+- ipsock_linux.go : licensed by the Go authors, see GO_LICENSE file for the license which applies to the code
diff --git a/vendor/github.com/ishidawataru/sctp/go.mod b/vendor/github.com/ishidawataru/sctp/go.mod
new file mode 100644
index 0000000..5adf982
--- /dev/null
+++ b/vendor/github.com/ishidawataru/sctp/go.mod
@@ -0,0 +1,3 @@
+module github.com/ishidawataru/sctp
+
+go 1.12
diff --git a/vendor/github.com/ishidawataru/sctp/ipsock_linux.go b/vendor/github.com/ishidawataru/sctp/ipsock_linux.go
index f5632b7..3df30fa 100644
--- a/vendor/github.com/ishidawataru/sctp/ipsock_linux.go
+++ b/vendor/github.com/ishidawataru/sctp/ipsock_linux.go
@@ -1,3 +1,7 @@
+// Copyright 2009 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the GO_LICENSE file.
+
package sctp
import (
diff --git a/vendor/github.com/ishidawataru/sctp/sctp.go b/vendor/github.com/ishidawataru/sctp/sctp.go
index 30d6196..94842f4 100644
--- a/vendor/github.com/ishidawataru/sctp/sctp.go
+++ b/vendor/github.com/ishidawataru/sctp/sctp.go
@@ -1,3 +1,18 @@
+// Copyright 2019 Wataru Ishida. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+// implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
package sctp
import (
@@ -678,3 +693,37 @@
func (c *SCTPSndRcvInfoWrappedConn) SetWriteDeadline(t time.Time) error {
return c.conn.SetWriteDeadline(t)
}
+
+func (c *SCTPSndRcvInfoWrappedConn) SetWriteBuffer(bytes int) error {
+ return c.conn.SetWriteBuffer(bytes)
+}
+
+func (c *SCTPSndRcvInfoWrappedConn) GetWriteBuffer() (int, error) {
+ return c.conn.GetWriteBuffer()
+}
+
+func (c *SCTPSndRcvInfoWrappedConn) SetReadBuffer(bytes int) error {
+ return c.conn.SetReadBuffer(bytes)
+}
+
+func (c *SCTPSndRcvInfoWrappedConn) GetReadBuffer() (int, error) {
+ return c.conn.GetReadBuffer()
+}
+
+// SocketConfig contains options for the SCTP socket.
+type SocketConfig struct {
+ // If Control is not nil it is called after the socket is created but before
+ // it is bound or connected.
+ Control func(network, address string, c syscall.RawConn) error
+
+ // InitMsg is the options to send in the initial SCTP message
+ InitMsg InitMsg
+}
+
+func (cfg *SocketConfig) Listen(net string, laddr *SCTPAddr) (*SCTPListener, error) {
+ return listenSCTPExtConfig(net, laddr, cfg.InitMsg, cfg.Control)
+}
+
+func (cfg *SocketConfig) Dial(net string, laddr, raddr *SCTPAddr) (*SCTPConn, error) {
+ return dialSCTPExtConfig(net, laddr, raddr, cfg.InitMsg, cfg.Control)
+}
diff --git a/vendor/github.com/ishidawataru/sctp/sctp_linux.go b/vendor/github.com/ishidawataru/sctp/sctp_linux.go
index 5a6ad93..d96d09e 100644
--- a/vendor/github.com/ishidawataru/sctp/sctp_linux.go
+++ b/vendor/github.com/ishidawataru/sctp/sctp_linux.go
@@ -1,4 +1,18 @@
// +build linux,!386
+// Copyright 2019 Wataru Ishida. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+// implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
package sctp
@@ -40,6 +54,23 @@
return r0, r1, nil
}
+type rawConn struct {
+ sockfd int
+}
+
+func (r rawConn) Control(f func(fd uintptr)) error {
+ f(uintptr(r.sockfd))
+ return nil
+}
+
+func (r rawConn) Read(f func(fd uintptr) (done bool)) error {
+ panic("not implemented")
+}
+
+func (r rawConn) Write(f func(fd uintptr) (done bool)) error {
+ panic("not implemented")
+}
+
func (c *SCTPConn) SCTPWrite(b []byte, info *SndRcvInfo) (int, error) {
var cbuf []byte
if info != nil {
@@ -114,6 +145,22 @@
return syscall.EBADF
}
+func (c *SCTPConn) SetWriteBuffer(bytes int) error {
+ return syscall.SetsockoptInt(c.fd(), syscall.SOL_SOCKET, syscall.SO_SNDBUF, bytes)
+}
+
+func (c *SCTPConn) GetWriteBuffer() (int, error) {
+ return syscall.GetsockoptInt(c.fd(), syscall.SOL_SOCKET, syscall.SO_SNDBUF)
+}
+
+func (c *SCTPConn) SetReadBuffer(bytes int) error {
+ return syscall.SetsockoptInt(c.fd(), syscall.SOL_SOCKET, syscall.SO_RCVBUF, bytes)
+}
+
+func (c *SCTPConn) GetReadBuffer() (int, error) {
+ return syscall.GetsockoptInt(c.fd(), syscall.SOL_SOCKET, syscall.SO_RCVBUF)
+}
+
// ListenSCTP - start listener on specified address/port
func ListenSCTP(net string, laddr *SCTPAddr) (*SCTPListener, error) {
return ListenSCTPExt(net, laddr, InitMsg{NumOstreams: SCTP_MAX_STREAM})
@@ -121,6 +168,11 @@
// ListenSCTPExt - start listener on specified address/port with given SCTP options
func ListenSCTPExt(network string, laddr *SCTPAddr, options InitMsg) (*SCTPListener, error) {
+ return listenSCTPExtConfig(network, laddr, options, nil)
+}
+
+// listenSCTPExtConfig - start listener on specified address/port with given SCTP options and socket configuration
+func listenSCTPExtConfig(network string, laddr *SCTPAddr, options InitMsg, control func(network, address string, c syscall.RawConn) error) (*SCTPListener, error) {
af, ipv6only := favoriteAddrFamily(network, laddr, nil, "listen")
sock, err := syscall.Socket(
af,
@@ -140,6 +192,12 @@
if err = setDefaultSockopts(sock, af, ipv6only); err != nil {
return nil, err
}
+ if control != nil {
+ rc := rawConn{sockfd: sock}
+ if err = control(network, laddr.String(), rc); err != nil {
+ return nil, err
+ }
+ }
err = setInitOpts(sock, options)
if err != nil {
return nil, err
@@ -154,7 +212,7 @@
laddr.IPAddrs = append(laddr.IPAddrs, net.IPAddr{IP: net.IPv6zero})
}
}
- err := SCTPBind(sock, laddr, SCTP_BINDX_ADD_ADDR)
+ err = SCTPBind(sock, laddr, SCTP_BINDX_ADD_ADDR)
if err != nil {
return nil, err
}
@@ -191,6 +249,11 @@
// DialSCTPExt - same as DialSCTP but with given SCTP options
func DialSCTPExt(network string, laddr, raddr *SCTPAddr, options InitMsg) (*SCTPConn, error) {
+ return dialSCTPExtConfig(network, laddr, raddr, options, nil)
+}
+
+// dialSCTPExtConfig - same as DialSCTP but with given SCTP options and socket configuration
+func dialSCTPExtConfig(network string, laddr, raddr *SCTPAddr, options InitMsg, control func(network, address string, c syscall.RawConn) error) (*SCTPConn, error) {
af, ipv6only := favoriteAddrFamily(network, laddr, raddr, "dial")
sock, err := syscall.Socket(
af,
@@ -210,6 +273,12 @@
if err = setDefaultSockopts(sock, af, ipv6only); err != nil {
return nil, err
}
+ if control != nil {
+ rc := rawConn{sockfd: sock}
+ if err = control(network, laddr.String(), rc); err != nil {
+ return nil, err
+ }
+ }
err = setInitOpts(sock, options)
if err != nil {
return nil, err
diff --git a/vendor/github.com/ishidawataru/sctp/sctp_unsupported.go b/vendor/github.com/ishidawataru/sctp/sctp_unsupported.go
index e541584..118fe15 100644
--- a/vendor/github.com/ishidawataru/sctp/sctp_unsupported.go
+++ b/vendor/github.com/ishidawataru/sctp/sctp_unsupported.go
@@ -1,4 +1,18 @@
// +build !linux linux,386
+// Copyright 2019 Wataru Ishida. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+// implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
package sctp
@@ -6,6 +20,7 @@
"errors"
"net"
"runtime"
+ "syscall"
)
var ErrUnsupported = errors.New("SCTP is unsupported on " + runtime.GOOS + "/" + runtime.GOARCH)
@@ -30,6 +45,22 @@
return ErrUnsupported
}
+func (c *SCTPConn) SetWriteBuffer(bytes int) error {
+ return ErrUnsupported
+}
+
+func (c *SCTPConn) GetWriteBuffer() (int, error) {
+ return 0, ErrUnsupported
+}
+
+func (c *SCTPConn) SetReadBuffer(bytes int) error {
+ return ErrUnsupported
+}
+
+func (c *SCTPConn) GetReadBuffer() (int, error) {
+ return 0, ErrUnsupported
+}
+
func ListenSCTP(net string, laddr *SCTPAddr) (*SCTPListener, error) {
return nil, ErrUnsupported
}
@@ -38,6 +69,10 @@
return nil, ErrUnsupported
}
+func listenSCTPExtConfig(network string, laddr *SCTPAddr, options InitMsg, control func(network, address string, c syscall.RawConn) error) (*SCTPListener, error) {
+ return nil, ErrUnsupported
+}
+
func (ln *SCTPListener) Accept() (net.Conn, error) {
return nil, ErrUnsupported
}
@@ -57,3 +92,7 @@
func DialSCTPExt(network string, laddr, raddr *SCTPAddr, options InitMsg) (*SCTPConn, error) {
return nil, ErrUnsupported
}
+
+func dialSCTPExtConfig(network string, laddr, raddr *SCTPAddr, options InitMsg, control func(network, address string, c syscall.RawConn) error) (*SCTPConn, error) {
+ return nil, ErrUnsupported
+}
diff --git a/vendor/github.com/moby/buildkit/cache/contenthash/checksum.go b/vendor/github.com/moby/buildkit/cache/contenthash/checksum.go
index a8335ea..ac9d3ec 100644
--- a/vendor/github.com/moby/buildkit/cache/contenthash/checksum.go
+++ b/vendor/github.com/moby/buildkit/cache/contenthash/checksum.go
@@ -406,17 +406,19 @@
return digest.FromBytes([]byte{}), nil
}
- if len(wildcards) > 1 {
- digester := digest.Canonical.Digester()
- for i, w := range wildcards {
- if i != 0 {
- digester.Hash().Write([]byte{0})
- }
- digester.Hash().Write([]byte(w.Record.Digest))
- }
- return digester.Digest(), nil
+ if len(wildcards) == 1 && path.Base(p) == path.Base(wildcards[0].Path) {
+ return wildcards[0].Record.Digest, nil
}
- return wildcards[0].Record.Digest, nil
+
+ digester := digest.Canonical.Digester()
+ for i, w := range wildcards {
+ if i != 0 {
+ digester.Hash().Write([]byte{0})
+ }
+ digester.Hash().Write([]byte(path.Base(w.Path)))
+ digester.Hash().Write([]byte(w.Record.Digest))
+ }
+ return digester.Digest(), nil
}
func (cc *cacheContext) Checksum(ctx context.Context, mountable cache.Mountable, p string, followLinks bool, s session.Group) (digest.Digest, error) {
diff --git a/vendor/github.com/moby/buildkit/frontend/gateway/container.go b/vendor/github.com/moby/buildkit/frontend/gateway/container.go
index e124566..f234401 100644
--- a/vendor/github.com/moby/buildkit/frontend/gateway/container.go
+++ b/vendor/github.com/moby/buildkit/frontend/gateway/container.go
@@ -3,6 +3,7 @@
import (
"context"
"fmt"
+ "path/filepath"
"runtime"
"sort"
"strings"
@@ -75,7 +76,7 @@
name := fmt.Sprintf("container %s", req.ContainerID)
mm := mounts.NewMountManager(name, w.CacheManager(), sm, w.MetadataStore())
- p, err := PrepareMounts(ctx, mm, w.CacheManager(), g, mnts, refs, func(m *opspb.Mount, ref cache.ImmutableRef) (cache.MutableRef, error) {
+ p, err := PrepareMounts(ctx, mm, w.CacheManager(), g, "", mnts, refs, func(m *opspb.Mount, ref cache.ImmutableRef) (cache.MutableRef, error) {
cm := w.CacheManager()
if m.Input != opspb.Empty {
cm = refs[m.Input].Worker.CacheManager()
@@ -132,7 +133,7 @@
type MakeMutable func(m *opspb.Mount, ref cache.ImmutableRef) (cache.MutableRef, error)
-func PrepareMounts(ctx context.Context, mm *mounts.MountManager, cm cache.Manager, g session.Group, mnts []*opspb.Mount, refs []*worker.WorkerRef, makeMutable MakeMutable) (p PreparedMounts, err error) {
+func PrepareMounts(ctx context.Context, mm *mounts.MountManager, cm cache.Manager, g session.Group, cwd string, mnts []*opspb.Mount, refs []*worker.WorkerRef, makeMutable MakeMutable) (p PreparedMounts, err error) {
// loop over all mounts, fill in mounts, root and outputs
for i, m := range mnts {
var (
@@ -254,7 +255,11 @@
p.Root = mountWithSession(root, g)
} else {
mws := mountWithSession(mountable, g)
- mws.Dest = m.Dest
+ dest := m.Dest
+ if !filepath.IsAbs(filepath.Clean(dest)) {
+ dest = filepath.Join("/", cwd, dest)
+ }
+ mws.Dest = dest
mws.Readonly = m.Readonly
mws.Selector = m.Selector
p.Mounts = append(p.Mounts, mws)
diff --git a/vendor/github.com/moby/buildkit/go.mod b/vendor/github.com/moby/buildkit/go.mod
index 06f5339..3e8a6d8 100644
--- a/vendor/github.com/moby/buildkit/go.mod
+++ b/vendor/github.com/moby/buildkit/go.mod
@@ -9,6 +9,7 @@
github.com/Microsoft/hcsshim v0.8.10
github.com/codahale/hdrhistogram v0.0.0-20160425231609-f8ad88b59a58 // indirect
github.com/containerd/console v1.0.1
+ // containerd: the actual version is replaced in replace()
github.com/containerd/containerd v1.4.1-0.20201117152358-0edc412565dc
github.com/containerd/continuity v0.0.0-20200710164510-efbc4488d8fe
github.com/containerd/go-cni v1.0.1
@@ -71,6 +72,11 @@
)
replace (
+ // containerd: Forked from 0edc412565dcc6e3d6125ff9e4b009ad4b89c638 (20201117) with:
+ // - `Adjust overlay tests to expect "index=off"` (#4719, for ease of cherry-picking #5076)
+ // - `overlay: support "userxattr" option (kernel 5.11)` (#5076)
+ // - `docker: avoid concurrent map access panic` (#4855)
+ github.com/containerd/containerd => github.com/AkihiroSuda/containerd v1.1.1-0.20210312044057-48f85a131bb8
// protobuf: corresponds to containerd
github.com/golang/protobuf => github.com/golang/protobuf v1.3.5
github.com/hashicorp/go-immutable-radix => github.com/tonistiigi/go-immutable-radix v0.0.0-20170803185627-826af9ccf0fe
diff --git a/vendor/github.com/moby/buildkit/solver/llbsolver/ops/exec.go b/vendor/github.com/moby/buildkit/solver/llbsolver/ops/exec.go
index 24aa46a..bbf3d17 100644
--- a/vendor/github.com/moby/buildkit/solver/llbsolver/ops/exec.go
+++ b/vendor/github.com/moby/buildkit/solver/llbsolver/ops/exec.go
@@ -69,8 +69,8 @@
}
n.Meta = &meta
n.Mounts = nil
- for i := range n.Mounts {
- m := *n.Mounts[i]
+ for i := range old.Mounts {
+ m := *old.Mounts[i]
n.Mounts = append(n.Mounts, &m)
}
return n
@@ -97,6 +97,22 @@
}
}
+ // Special case for cache compatibility with buggy versions that wrongly
+ // excluded Exec.Mounts: for the default case of one root mount (i.e. RUN
+ // inside a Dockerfile), do not include the mount when generating the cache
+ // map.
+ if len(op.Mounts) == 1 &&
+ op.Mounts[0].Dest == "/" &&
+ op.Mounts[0].Selector == "" &&
+ !op.Mounts[0].Readonly &&
+ op.Mounts[0].MountType == pb.MountType_BIND &&
+ op.Mounts[0].CacheOpt == nil &&
+ op.Mounts[0].SSHOpt == nil &&
+ op.Mounts[0].SecretOpt == nil &&
+ op.Mounts[0].ResultID == "" {
+ op.Mounts = nil
+ }
+
dt, err := json.Marshal(struct {
Type string
Exec *pb.ExecOp
@@ -224,7 +240,7 @@
}
}
- p, err := gateway.PrepareMounts(ctx, e.mm, e.cm, g, e.op.Mounts, refs, func(m *pb.Mount, ref cache.ImmutableRef) (cache.MutableRef, error) {
+ p, err := gateway.PrepareMounts(ctx, e.mm, e.cm, g, e.op.Meta.Cwd, e.op.Mounts, refs, func(m *pb.Mount, ref cache.ImmutableRef) (cache.MutableRef, error) {
desc := fmt.Sprintf("mount %s from exec %s", m.Dest, strings.Join(e.op.Meta.Args, " "))
return e.cm.New(ctx, ref, g, cache.WithDescription(desc))
})
diff --git a/vendor/github.com/moby/buildkit/util/contentutil/copy.go b/vendor/github.com/moby/buildkit/util/contentutil/copy.go
index 08c6047..b471d8b 100644
--- a/vendor/github.com/moby/buildkit/util/contentutil/copy.go
+++ b/vendor/github.com/moby/buildkit/util/contentutil/copy.go
@@ -65,7 +65,7 @@
handlers := []images.Handler{
images.ChildrenHandler(provider),
filterHandler,
- retryhandler.New(remotes.FetchHandler(ingester, &localFetcher{provider}), nil),
+ retryhandler.New(remotes.FetchHandler(ingester, &localFetcher{provider}), func(_ []byte) {}),
}
if err := images.Dispatch(ctx, images.Handlers(handlers...), nil, desc); err != nil {
diff --git a/vendor/github.com/moby/buildkit/util/imageutil/config.go b/vendor/github.com/moby/buildkit/util/imageutil/config.go
index c1ea021..0be5870 100644
--- a/vendor/github.com/moby/buildkit/util/imageutil/config.go
+++ b/vendor/github.com/moby/buildkit/util/imageutil/config.go
@@ -101,7 +101,7 @@
children := childrenConfigHandler(cache, platform)
handlers := []images.Handler{
- retryhandler.New(remotes.FetchHandler(cache, fetcher), nil),
+ retryhandler.New(remotes.FetchHandler(cache, fetcher), func(_ []byte) {}),
children,
}
if err := images.Dispatch(ctx, images.Handlers(handlers...), nil, desc); err != nil {
diff --git a/vendor/github.com/moby/buildkit/util/progress/logs/logs.go b/vendor/github.com/moby/buildkit/util/progress/logs/logs.go
index da82c69..43408b8 100644
--- a/vendor/github.com/moby/buildkit/util/progress/logs/logs.go
+++ b/vendor/github.com/moby/buildkit/util/progress/logs/logs.go
@@ -132,6 +132,7 @@
func LoggerFromContext(ctx context.Context) func([]byte) {
return func(dt []byte) {
pw, _, _ := progress.FromContext(ctx)
+ defer pw.Close()
pw.Write(identity.NewID(), client.VertexLog{
Stream: stderr,
Data: []byte(dt),
diff --git a/vendor/github.com/moby/buildkit/util/resolver/retryhandler/retry.go b/vendor/github.com/moby/buildkit/util/resolver/retryhandler/retry.go
index bddcfb8..3d2b797 100644
--- a/vendor/github.com/moby/buildkit/util/resolver/retryhandler/retry.go
+++ b/vendor/github.com/moby/buildkit/util/resolver/retryhandler/retry.go
@@ -9,6 +9,7 @@
"time"
"github.com/containerd/containerd/images"
+ remoteserrors "github.com/containerd/containerd/remotes/errors"
ocispec "github.com/opencontainers/image-spec/specs-go/v1"
"github.com/pkg/errors"
)
@@ -47,6 +48,14 @@
}
func retryError(err error) bool {
+ // Retry on 5xx errors
+ var errUnexpectedStatus remoteserrors.ErrUnexpectedStatus
+ if errors.As(err, &errUnexpectedStatus) &&
+ errUnexpectedStatus.StatusCode >= 500 &&
+ errUnexpectedStatus.StatusCode <= 599 {
+ return true
+ }
+
if errors.Is(err, io.EOF) || errors.Is(err, syscall.ECONNRESET) || errors.Is(err, syscall.EPIPE) {
return true
}