From 534d9fc276f50fd7f2f6af88d2689c5cc4c33fa4 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Tue, 25 Mar 2025 13:36:00 +0100 Subject: [PATCH 1/3] vendor: github.com/docker/docker v28.0.4 full diff: https://github.com/docker/docker/compare/v28.0.2...v28.0.4 Signed-off-by: Sebastiaan van Stijn --- go.mod | 2 +- go.sum | 4 +- .../docker/pkg/atomicwriter/atomicwriter.go | 69 +++++++++++++++++-- vendor/modules.txt | 2 +- 4 files changed, 69 insertions(+), 8 deletions(-) diff --git a/go.mod b/go.mod index 3e6f1064..345df38d 100644 --- a/go.mod +++ b/go.mod @@ -19,7 +19,7 @@ require ( github.com/distribution/reference v0.6.0 github.com/docker/cli v28.0.2+incompatible github.com/docker/cli-docs-tool v0.9.0 - github.com/docker/docker v28.0.2+incompatible + github.com/docker/docker v28.0.4+incompatible github.com/docker/go-units v0.5.0 github.com/gofrs/flock v0.12.1 github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 diff --git a/go.sum b/go.sum index 3a627b14..478727fb 100644 --- a/go.sum +++ b/go.sum @@ -128,8 +128,8 @@ github.com/docker/cli-docs-tool v0.9.0/go.mod h1:ClrwlNW+UioiRyH9GiAOe1o3J/TsY3T github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBirtxJnzDrHLEKxTAYk= github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= -github.com/docker/docker v28.0.2+incompatible h1:9BILleFwug5FSSqWBgVevgL3ewDJfWWWyZVqlDMttE8= -github.com/docker/docker v28.0.2+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/docker v28.0.4+incompatible h1:JNNkBctYKurkw6FrHfKqY0nKIDf5nrbxjVBtS+cdcok= +github.com/docker/docker v28.0.4+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker-credential-helpers v0.8.2 h1:bX3YxiGzFP5sOXWc3bTPEXdEaZSeVMrFgOr3T+zrFAo= github.com/docker/docker-credential-helpers v0.8.2/go.mod h1:P3ci7E3lwkZg6XiHdRKft1KckHiO9a2rNtyFbZ/ry9M= github.com/docker/go v1.5.1-1.0.20160303222718-d30aec9fd63c h1:lzqkGL9b3znc+ZUgi7FlLnqjQhcXxkNM/quxIjBVMD0= diff --git a/vendor/github.com/docker/docker/pkg/atomicwriter/atomicwriter.go b/vendor/github.com/docker/docker/pkg/atomicwriter/atomicwriter.go index abf46275..e8aa7807 100644 --- a/vendor/github.com/docker/docker/pkg/atomicwriter/atomicwriter.go +++ b/vendor/github.com/docker/docker/pkg/atomicwriter/atomicwriter.go @@ -1,16 +1,75 @@ package atomicwriter import ( + "errors" + "fmt" "io" "os" "path/filepath" ) +func validateDestination(fileName string) error { + if fileName == "" { + return errors.New("file name is empty") + } + + // Deliberately using Lstat here to match the behavior of [os.Rename], + // which is used when completing the write and does not resolve symlinks. + // + // TODO(thaJeztah): decide whether we want to disallow symlinks or to follow them. + if fi, err := os.Lstat(fileName); err != nil { + if !os.IsNotExist(err) { + return fmt.Errorf("failed to stat output path: %w", err) + } + } else if err := validateFileMode(fi.Mode()); err != nil { + return err + } + if dir := filepath.Dir(fileName); dir != "" && dir != "." { + if _, err := os.Stat(dir); errors.Is(err, os.ErrNotExist) { + return fmt.Errorf("invalid file path: %w", err) + } + } + return nil +} + +func validateFileMode(mode os.FileMode) error { + switch { + case mode.IsRegular(): + return nil // Regular file + case mode&os.ModeDir != 0: + return errors.New("cannot write to a directory") + // TODO(thaJeztah): decide whether we want to disallow symlinks or to follow them. + // case mode&os.ModeSymlink != 0: + // return errors.New("cannot write to a symbolic link directly") + case mode&os.ModeNamedPipe != 0: + return errors.New("cannot write to a named pipe (FIFO)") + case mode&os.ModeSocket != 0: + return errors.New("cannot write to a socket") + case mode&os.ModeDevice != 0: + if mode&os.ModeCharDevice != 0 { + return errors.New("cannot write to a character device file") + } + return errors.New("cannot write to a block device file") + case mode&os.ModeSetuid != 0: + return errors.New("cannot write to a setuid file") + case mode&os.ModeSetgid != 0: + return errors.New("cannot write to a setgid file") + case mode&os.ModeSticky != 0: + return errors.New("cannot write to a sticky bit file") + default: + // Unknown file mode; let's assume it works + return nil + } +} + // New returns a WriteCloser so that writing to it writes to a // temporary file and closing it atomically changes the temporary file to // destination path. Writing and closing concurrently is not allowed. // NOTE: umask is not considered for the file's permissions. func New(filename string, perm os.FileMode) (io.WriteCloser, error) { + if err := validateDestination(filename); err != nil { + return nil, err + } abspath, err := filepath.Abs(filename) if err != nil { return nil, err @@ -49,10 +108,12 @@ type atomicFileWriter struct { f *os.File fn string writeErr error + written bool perm os.FileMode } func (w *atomicFileWriter) Write(dt []byte) (int, error) { + w.written = true n, err := w.f.Write(dt) if err != nil { w.writeErr = err @@ -62,12 +123,12 @@ func (w *atomicFileWriter) Write(dt []byte) (int, error) { func (w *atomicFileWriter) Close() (retErr error) { defer func() { - if retErr != nil || w.writeErr != nil { - os.Remove(w.f.Name()) + if err := os.Remove(w.f.Name()); !errors.Is(err, os.ErrNotExist) && retErr == nil { + retErr = err } }() if err := w.f.Sync(); err != nil { - w.f.Close() + _ = w.f.Close() return err } if err := w.f.Close(); err != nil { @@ -76,7 +137,7 @@ func (w *atomicFileWriter) Close() (retErr error) { if err := os.Chmod(w.f.Name(), w.perm); err != nil { return err } - if w.writeErr == nil { + if w.writeErr == nil && w.written { return os.Rename(w.f.Name(), w.fn) } return nil diff --git a/vendor/modules.txt b/vendor/modules.txt index 31507158..74279b08 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -284,7 +284,7 @@ github.com/docker/distribution/registry/client/transport github.com/docker/distribution/registry/storage/cache github.com/docker/distribution/registry/storage/cache/memory github.com/docker/distribution/uuid -# github.com/docker/docker v28.0.2+incompatible +# github.com/docker/docker v28.0.4+incompatible ## explicit github.com/docker/docker/api github.com/docker/docker/api/types From 86e4e77ac19f9a7a952721f541882cd4842b1b6d Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Tue, 25 Mar 2025 18:44:27 +0100 Subject: [PATCH 2/3] vendor: github.com/docker/docker-credential-helpers v0.9.3 Signed-off-by: Sebastiaan van Stijn --- go.mod | 2 +- go.sum | 4 +-- .../client/command.go | 29 ++++++++++--------- vendor/modules.txt | 4 +-- 4 files changed, 21 insertions(+), 18 deletions(-) diff --git a/go.mod b/go.mod index 345df38d..ac94fe42 100644 --- a/go.mod +++ b/go.mod @@ -95,7 +95,7 @@ require ( github.com/containerd/ttrpc v1.2.7 // indirect github.com/cpuguy83/go-md2man/v2 v2.0.6 // indirect github.com/docker/distribution v2.8.3+incompatible // indirect - github.com/docker/docker-credential-helpers v0.8.2 // indirect + github.com/docker/docker-credential-helpers v0.9.3 // indirect github.com/docker/go v1.5.1-1.0.20160303222718-d30aec9fd63c // indirect github.com/docker/go-connections v0.5.0 // indirect github.com/docker/go-metrics v0.0.1 // indirect diff --git a/go.sum b/go.sum index 478727fb..b955b43c 100644 --- a/go.sum +++ b/go.sum @@ -130,8 +130,8 @@ github.com/docker/distribution v2.8.3+incompatible h1:AtKxIZ36LoNK51+Z6RpzLpddBi github.com/docker/distribution v2.8.3+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= github.com/docker/docker v28.0.4+incompatible h1:JNNkBctYKurkw6FrHfKqY0nKIDf5nrbxjVBtS+cdcok= github.com/docker/docker v28.0.4+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= -github.com/docker/docker-credential-helpers v0.8.2 h1:bX3YxiGzFP5sOXWc3bTPEXdEaZSeVMrFgOr3T+zrFAo= -github.com/docker/docker-credential-helpers v0.8.2/go.mod h1:P3ci7E3lwkZg6XiHdRKft1KckHiO9a2rNtyFbZ/ry9M= +github.com/docker/docker-credential-helpers v0.9.3 h1:gAm/VtF9wgqJMoxzT3Gj5p4AqIjCBS4wrsOh9yRqcz8= +github.com/docker/docker-credential-helpers v0.9.3/go.mod h1:x+4Gbw9aGmChi3qTLZj8Dfn0TD20M/fuWy0E5+WDeCo= github.com/docker/go v1.5.1-1.0.20160303222718-d30aec9fd63c h1:lzqkGL9b3znc+ZUgi7FlLnqjQhcXxkNM/quxIjBVMD0= github.com/docker/go v1.5.1-1.0.20160303222718-d30aec9fd63c/go.mod h1:CADgU4DSXK5QUlFslkQu2yW2TKzFZcXq/leZfM0UH5Q= github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec= diff --git a/vendor/github.com/docker/docker-credential-helpers/client/command.go b/vendor/github.com/docker/docker-credential-helpers/client/command.go index 1936234b..93863480 100644 --- a/vendor/github.com/docker/docker-credential-helpers/client/command.go +++ b/vendor/github.com/docker/docker-credential-helpers/client/command.go @@ -15,27 +15,30 @@ type Program interface { // ProgramFunc is a type of function that initializes programs based on arguments. type ProgramFunc func(args ...string) Program -// NewShellProgramFunc creates programs that are executed in a Shell. -func NewShellProgramFunc(name string) ProgramFunc { - return NewShellProgramFuncWithEnv(name, nil) -} - -// NewShellProgramFuncWithEnv creates programs that are executed in a Shell with environment variables -func NewShellProgramFuncWithEnv(name string, env *map[string]string) ProgramFunc { +// NewShellProgramFunc creates a [ProgramFunc] to run command in a [Shell]. +func NewShellProgramFunc(command string) ProgramFunc { return func(args ...string) Program { - return &Shell{cmd: createProgramCmdRedirectErr(name, args, env)} + return createProgramCmdRedirectErr(command, args, nil) } } -func createProgramCmdRedirectErr(commandName string, args []string, env *map[string]string) *exec.Cmd { - programCmd := exec.Command(commandName, args...) +// NewShellProgramFuncWithEnv creates a [ProgramFunc] tu run command +// in a [Shell] with the given environment variables. +func NewShellProgramFuncWithEnv(command string, env *map[string]string) ProgramFunc { + return func(args ...string) Program { + return createProgramCmdRedirectErr(command, args, env) + } +} + +func createProgramCmdRedirectErr(command string, args []string, env *map[string]string) *Shell { + ec := exec.Command(command, args...) if env != nil { for k, v := range *env { - programCmd.Env = append(programCmd.Environ(), k+"="+v) + ec.Env = append(ec.Environ(), k+"="+v) } } - programCmd.Stderr = os.Stderr - return programCmd + ec.Stderr = os.Stderr + return &Shell{cmd: ec} } // Shell invokes shell commands to talk with a remote credentials-helper. diff --git a/vendor/modules.txt b/vendor/modules.txt index 74279b08..4c7be481 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -319,8 +319,8 @@ github.com/docker/docker/pkg/namesgenerator github.com/docker/docker/pkg/stdcopy github.com/docker/docker/pkg/stringid github.com/docker/docker/registry -# github.com/docker/docker-credential-helpers v0.8.2 -## explicit; go 1.19 +# github.com/docker/docker-credential-helpers v0.9.3 +## explicit; go 1.21 github.com/docker/docker-credential-helpers/client github.com/docker/docker-credential-helpers/credentials # github.com/docker/go v1.5.1-1.0.20160303222718-d30aec9fd63c From d25e260d2e3b794c2f0e71aea35a44ca6bdea031 Mon Sep 17 00:00:00 2001 From: Sebastiaan van Stijn Date: Sat, 1 Mar 2025 02:05:39 +0100 Subject: [PATCH 3/3] vendor: github.com/docker/cli v28.0.4 This removes Notary / Docker Content Trust related (indirect) dependencies; Before: ls -l bin/build/ total 131200 -rwxr-xr-x 1 thajeztah staff 67039266 Mar 21 09:20 buildx* ls -lh bin/build/ total 131200 -rwxr-xr-x 1 thajeztah staff 64M Mar 21 09:20 buildx* After: ls -l bin/build/ total 127288 -rwxr-xr-x 1 thajeztah staff 65168450 Mar 21 09:22 buildx* ls -lh bin/build/ total 127288 -rwxr-xr-x 1 thajeztah staff 62M Mar 21 09:22 buildx* Difference: `67039266 - 65168450 = 1870816` (1.87 MB) full diff: https://github.com/docker/cli/compare/v28.0.2...v28.0.4 Signed-off-by: Sebastiaan van Stijn --- go.mod | 7 +- go.sum | 25 +- .../github.com/docker/cli/cli/command/cli.go | 2 - .../docker/cli/cli/command/cli_deprecated.go | 56 - .../docker/cli/cli/config/config.go | 2 +- .../cli/cli/internal/jsonstream/display.go | 68 - .../docker/cli/cli/manifest/store/store.go | 178 -- .../docker/cli/cli/manifest/types/types.go | 154 -- .../docker/cli/cli/registry/client/client.go | 197 -- .../cli/cli/registry/client/endpoint.go | 121 - .../docker/cli/cli/registry/client/fetcher.go | 301 --- .../github.com/docker/cli/cli/trust/trust.go | 387 ---- .../docker/cli/cli/trust/trust_push.go | 143 -- .../docker/cli/cli/trust/trust_tag.go | 22 - .../docker/distribution/manifest/doc.go | 1 - .../manifest/manifestlist/manifestlist.go | 239 -- .../manifest/ocischema/builder.go | 107 - .../manifest/ocischema/manifest.go | 146 -- .../distribution/manifest/schema2/builder.go | 85 - .../distribution/manifest/schema2/manifest.go | 144 -- .../docker/distribution/manifest/versioned.go | 12 - .../docker/distribution/uuid/uuid.go | 126 - vendor/github.com/docker/go/LICENSE | 27 - .../docker/go/canonical/json/decode.go | 1168 ---------- .../docker/go/canonical/json/encode.go | 1250 ---------- .../docker/go/canonical/json/fold.go | 143 -- .../docker/go/canonical/json/indent.go | 141 -- .../docker/go/canonical/json/scanner.go | 623 ----- .../docker/go/canonical/json/stream.go | 487 ---- .../docker/go/canonical/json/tags.go | 44 - vendor/github.com/miekg/pkcs11/.gitignore | 3 - vendor/github.com/miekg/pkcs11/LICENSE | 27 - .../github.com/miekg/pkcs11/Makefile.release | 57 - vendor/github.com/miekg/pkcs11/README.md | 68 - vendor/github.com/miekg/pkcs11/error.go | 98 - vendor/github.com/miekg/pkcs11/hsm.db | Bin 10240 -> 0 bytes vendor/github.com/miekg/pkcs11/params.go | 190 -- vendor/github.com/miekg/pkcs11/pkcs11.go | 1609 ------------- vendor/github.com/miekg/pkcs11/pkcs11.h | 265 --- vendor/github.com/miekg/pkcs11/pkcs11f.h | 939 -------- vendor/github.com/miekg/pkcs11/pkcs11go.h | 33 - vendor/github.com/miekg/pkcs11/pkcs11t.h | 2047 ----------------- vendor/github.com/miekg/pkcs11/release.go | 18 - vendor/github.com/miekg/pkcs11/softhsm.conf | 1 - vendor/github.com/miekg/pkcs11/softhsm2.conf | 4 - vendor/github.com/miekg/pkcs11/types.go | 315 --- vendor/github.com/miekg/pkcs11/vendor.go | 127 - vendor/github.com/miekg/pkcs11/zconst.go | 766 ------ .../theupdateframework/notary/.gitignore | 17 - .../theupdateframework/notary/CHANGELOG.md | 156 -- .../notary/CODE_OF_CONDUCT.md | 43 - .../theupdateframework/notary/CONTRIBUTING.md | 95 - .../theupdateframework/notary/CONTRIBUTORS | 4 - .../theupdateframework/notary/Dockerfile | 27 - .../theupdateframework/notary/Jenkinsfile | 7 - .../theupdateframework/notary/LICENSE | 201 -- .../theupdateframework/notary/MAINTAINERS | 70 - .../notary/MAINTAINERS.ALUMNI | 22 - .../notary/MAINTAINERS_RULES.md | 39 - .../theupdateframework/notary/Makefile | 205 -- .../theupdateframework/notary/NOTARY_VERSION | 1 - .../theupdateframework/notary/README.md | 135 -- .../notary/client/changelist/change.go | 100 - .../notary/client/changelist/changelist.go | 82 - .../client/changelist/file_changelist.go | 208 -- .../notary/client/changelist/interface.go | 78 - .../notary/client/client.go | 998 -------- .../notary/client/delegations.go | 226 -- .../notary/client/errors.go | 48 - .../notary/client/helpers.go | 306 --- .../notary/client/interface.go | 150 -- .../notary/client/reader.go | 257 --- .../theupdateframework/notary/client/repo.go | 18 - .../notary/client/repo_pkcs11.go | 25 - .../notary/client/tufclient.go | 463 ---- .../notary/client/witness.go | 62 - .../theupdateframework/notary/codecov.yml | 25 - .../theupdateframework/notary/const.go | 95 - .../notary/const_nowindows.go | 16 - .../notary/const_windows.go | 8 - .../notary/cross.Dockerfile | 29 - .../notary/cryptoservice/certificate.go | 41 - .../notary/cryptoservice/crypto_service.go | 162 -- .../notary/development.mysql.yml | 60 - .../notary/development.postgresql.yml | 63 - .../notary/development.rethink.yml | 110 - .../notary/docker-compose.postgresql.yml | 54 - .../notary/docker-compose.rethink.yml | 96 - .../notary/docker-compose.yml | 49 - .../notary/escrow.Dockerfile | 17 - .../theupdateframework/notary/fips.go | 14 - .../theupdateframework/notary/notary.go | 12 - .../notary/passphrase/passphrase.go | 210 -- .../notary/server.Dockerfile | 30 - .../notary/server.minimal.Dockerfile | 42 - .../notary/signer.Dockerfile | 31 - .../notary/signer.minimal.Dockerfile | 44 - .../notary/storage/errors.go | 22 - .../notary/storage/filestore.go | 278 --- .../notary/storage/httpstore.go | 379 --- .../notary/storage/interfaces.go | 39 - .../notary/storage/memorystore.go | 137 -- .../notary/storage/offlinestore.go | 58 - .../notary/trustmanager/errors.go | 31 - .../notary/trustmanager/importLogic.md | 8 - .../notary/trustmanager/interfaces.go | 54 - .../notary/trustmanager/keys.go | 246 -- .../notary/trustmanager/keystore.go | 262 --- .../notary/trustmanager/yubikey/import.go | 59 - .../notary/trustmanager/yubikey/non_pkcs11.go | 9 - .../trustmanager/yubikey/pkcs11_darwin.go | 9 - .../trustmanager/yubikey/pkcs11_interface.go | 40 - .../trustmanager/yubikey/pkcs11_linux.go | 12 - .../trustmanager/yubikey/yubikeystore.go | 924 -------- .../notary/trustpinning/ca.crt | 37 - .../notary/trustpinning/certs.go | 304 --- .../notary/trustpinning/test.crt | 31 - .../notary/trustpinning/trustpin.go | 163 -- .../theupdateframework/notary/tuf/LICENSE | 30 - .../theupdateframework/notary/tuf/README.md | 6 - .../theupdateframework/notary/tuf/builder.go | 732 ------ .../notary/tuf/data/errors.go | 53 - .../notary/tuf/data/keys.go | 529 ----- .../notary/tuf/data/roles.go | 339 --- .../notary/tuf/data/root.go | 171 -- .../notary/tuf/data/serializer.go | 36 - .../notary/tuf/data/snapshot.go | 169 -- .../notary/tuf/data/targets.go | 201 -- .../notary/tuf/data/timestamp.go | 136 -- .../notary/tuf/data/types.go | 390 ---- .../notary/tuf/signed/ed25519.go | 111 - .../notary/tuf/signed/errors.go | 98 - .../notary/tuf/signed/interface.go | 47 - .../notary/tuf/signed/sign.go | 114 - .../notary/tuf/signed/verifiers.go | 264 --- .../notary/tuf/signed/verify.go | 123 - .../theupdateframework/notary/tuf/tuf.go | 1072 --------- .../notary/tuf/utils/pkcs8.go | 341 --- .../notary/tuf/utils/role_sort.go | 31 - .../notary/tuf/utils/stack.go | 85 - .../notary/tuf/utils/utils.go | 119 - .../notary/tuf/utils/x509.go | 564 ----- .../notary/tuf/validation/errors.go | 126 - vendor/golang.org/x/crypto/ed25519/ed25519.go | 69 - vendor/golang.org/x/crypto/pbkdf2/pbkdf2.go | 77 - vendor/modules.txt | 40 +- 146 files changed, 8 insertions(+), 27391 deletions(-) delete mode 100644 vendor/github.com/docker/cli/cli/command/cli_deprecated.go delete mode 100644 vendor/github.com/docker/cli/cli/internal/jsonstream/display.go delete mode 100644 vendor/github.com/docker/cli/cli/manifest/store/store.go delete mode 100644 vendor/github.com/docker/cli/cli/manifest/types/types.go delete mode 100644 vendor/github.com/docker/cli/cli/registry/client/client.go delete mode 100644 vendor/github.com/docker/cli/cli/registry/client/endpoint.go delete mode 100644 vendor/github.com/docker/cli/cli/registry/client/fetcher.go delete mode 100644 vendor/github.com/docker/cli/cli/trust/trust.go delete mode 100644 vendor/github.com/docker/cli/cli/trust/trust_push.go delete mode 100644 vendor/github.com/docker/cli/cli/trust/trust_tag.go delete mode 100644 vendor/github.com/docker/distribution/manifest/doc.go delete mode 100644 vendor/github.com/docker/distribution/manifest/manifestlist/manifestlist.go delete mode 100644 vendor/github.com/docker/distribution/manifest/ocischema/builder.go delete mode 100644 vendor/github.com/docker/distribution/manifest/ocischema/manifest.go delete mode 100644 vendor/github.com/docker/distribution/manifest/schema2/builder.go delete mode 100644 vendor/github.com/docker/distribution/manifest/schema2/manifest.go delete mode 100644 vendor/github.com/docker/distribution/manifest/versioned.go delete mode 100644 vendor/github.com/docker/distribution/uuid/uuid.go delete mode 100644 vendor/github.com/docker/go/LICENSE delete mode 100644 vendor/github.com/docker/go/canonical/json/decode.go delete mode 100644 vendor/github.com/docker/go/canonical/json/encode.go delete mode 100644 vendor/github.com/docker/go/canonical/json/fold.go delete mode 100644 vendor/github.com/docker/go/canonical/json/indent.go delete mode 100644 vendor/github.com/docker/go/canonical/json/scanner.go delete mode 100644 vendor/github.com/docker/go/canonical/json/stream.go delete mode 100644 vendor/github.com/docker/go/canonical/json/tags.go delete mode 100644 vendor/github.com/miekg/pkcs11/.gitignore delete mode 100644 vendor/github.com/miekg/pkcs11/LICENSE delete mode 100644 vendor/github.com/miekg/pkcs11/Makefile.release delete mode 100644 vendor/github.com/miekg/pkcs11/README.md delete mode 100644 vendor/github.com/miekg/pkcs11/error.go delete mode 100644 vendor/github.com/miekg/pkcs11/hsm.db delete mode 100644 vendor/github.com/miekg/pkcs11/params.go delete mode 100644 vendor/github.com/miekg/pkcs11/pkcs11.go delete mode 100644 vendor/github.com/miekg/pkcs11/pkcs11.h delete mode 100644 vendor/github.com/miekg/pkcs11/pkcs11f.h delete mode 100644 vendor/github.com/miekg/pkcs11/pkcs11go.h delete mode 100644 vendor/github.com/miekg/pkcs11/pkcs11t.h delete mode 100644 vendor/github.com/miekg/pkcs11/release.go delete mode 100644 vendor/github.com/miekg/pkcs11/softhsm.conf delete mode 100644 vendor/github.com/miekg/pkcs11/softhsm2.conf delete mode 100644 vendor/github.com/miekg/pkcs11/types.go delete mode 100644 vendor/github.com/miekg/pkcs11/vendor.go delete mode 100644 vendor/github.com/miekg/pkcs11/zconst.go delete mode 100644 vendor/github.com/theupdateframework/notary/.gitignore delete mode 100644 vendor/github.com/theupdateframework/notary/CHANGELOG.md delete mode 100644 vendor/github.com/theupdateframework/notary/CODE_OF_CONDUCT.md delete mode 100644 vendor/github.com/theupdateframework/notary/CONTRIBUTING.md delete mode 100644 vendor/github.com/theupdateframework/notary/CONTRIBUTORS delete mode 100644 vendor/github.com/theupdateframework/notary/Dockerfile delete mode 100644 vendor/github.com/theupdateframework/notary/Jenkinsfile delete mode 100644 vendor/github.com/theupdateframework/notary/LICENSE delete mode 100644 vendor/github.com/theupdateframework/notary/MAINTAINERS delete mode 100644 vendor/github.com/theupdateframework/notary/MAINTAINERS.ALUMNI delete mode 100644 vendor/github.com/theupdateframework/notary/MAINTAINERS_RULES.md delete mode 100644 vendor/github.com/theupdateframework/notary/Makefile delete mode 100644 vendor/github.com/theupdateframework/notary/NOTARY_VERSION delete mode 100644 vendor/github.com/theupdateframework/notary/README.md delete mode 100644 vendor/github.com/theupdateframework/notary/client/changelist/change.go delete mode 100644 vendor/github.com/theupdateframework/notary/client/changelist/changelist.go delete mode 100644 vendor/github.com/theupdateframework/notary/client/changelist/file_changelist.go delete mode 100644 vendor/github.com/theupdateframework/notary/client/changelist/interface.go delete mode 100644 vendor/github.com/theupdateframework/notary/client/client.go delete mode 100644 vendor/github.com/theupdateframework/notary/client/delegations.go delete mode 100644 vendor/github.com/theupdateframework/notary/client/errors.go delete mode 100644 vendor/github.com/theupdateframework/notary/client/helpers.go delete mode 100644 vendor/github.com/theupdateframework/notary/client/interface.go delete mode 100644 vendor/github.com/theupdateframework/notary/client/reader.go delete mode 100644 vendor/github.com/theupdateframework/notary/client/repo.go delete mode 100644 vendor/github.com/theupdateframework/notary/client/repo_pkcs11.go delete mode 100644 vendor/github.com/theupdateframework/notary/client/tufclient.go delete mode 100644 vendor/github.com/theupdateframework/notary/client/witness.go delete mode 100644 vendor/github.com/theupdateframework/notary/codecov.yml delete mode 100644 vendor/github.com/theupdateframework/notary/const.go delete mode 100644 vendor/github.com/theupdateframework/notary/const_nowindows.go delete mode 100644 vendor/github.com/theupdateframework/notary/const_windows.go delete mode 100644 vendor/github.com/theupdateframework/notary/cross.Dockerfile delete mode 100644 vendor/github.com/theupdateframework/notary/cryptoservice/certificate.go delete mode 100644 vendor/github.com/theupdateframework/notary/cryptoservice/crypto_service.go delete mode 100644 vendor/github.com/theupdateframework/notary/development.mysql.yml delete mode 100644 vendor/github.com/theupdateframework/notary/development.postgresql.yml delete mode 100644 vendor/github.com/theupdateframework/notary/development.rethink.yml delete mode 100644 vendor/github.com/theupdateframework/notary/docker-compose.postgresql.yml delete mode 100644 vendor/github.com/theupdateframework/notary/docker-compose.rethink.yml delete mode 100644 vendor/github.com/theupdateframework/notary/docker-compose.yml delete mode 100644 vendor/github.com/theupdateframework/notary/escrow.Dockerfile delete mode 100644 vendor/github.com/theupdateframework/notary/fips.go delete mode 100644 vendor/github.com/theupdateframework/notary/notary.go delete mode 100644 vendor/github.com/theupdateframework/notary/passphrase/passphrase.go delete mode 100644 vendor/github.com/theupdateframework/notary/server.Dockerfile delete mode 100644 vendor/github.com/theupdateframework/notary/server.minimal.Dockerfile delete mode 100644 vendor/github.com/theupdateframework/notary/signer.Dockerfile delete mode 100644 vendor/github.com/theupdateframework/notary/signer.minimal.Dockerfile delete mode 100644 vendor/github.com/theupdateframework/notary/storage/errors.go delete mode 100644 vendor/github.com/theupdateframework/notary/storage/filestore.go delete mode 100644 vendor/github.com/theupdateframework/notary/storage/httpstore.go delete mode 100644 vendor/github.com/theupdateframework/notary/storage/interfaces.go delete mode 100644 vendor/github.com/theupdateframework/notary/storage/memorystore.go delete mode 100644 vendor/github.com/theupdateframework/notary/storage/offlinestore.go delete mode 100644 vendor/github.com/theupdateframework/notary/trustmanager/errors.go delete mode 100644 vendor/github.com/theupdateframework/notary/trustmanager/importLogic.md delete mode 100644 vendor/github.com/theupdateframework/notary/trustmanager/interfaces.go delete mode 100644 vendor/github.com/theupdateframework/notary/trustmanager/keys.go delete mode 100644 vendor/github.com/theupdateframework/notary/trustmanager/keystore.go delete mode 100644 vendor/github.com/theupdateframework/notary/trustmanager/yubikey/import.go delete mode 100644 vendor/github.com/theupdateframework/notary/trustmanager/yubikey/non_pkcs11.go delete mode 100644 vendor/github.com/theupdateframework/notary/trustmanager/yubikey/pkcs11_darwin.go delete mode 100644 vendor/github.com/theupdateframework/notary/trustmanager/yubikey/pkcs11_interface.go delete mode 100644 vendor/github.com/theupdateframework/notary/trustmanager/yubikey/pkcs11_linux.go delete mode 100644 vendor/github.com/theupdateframework/notary/trustmanager/yubikey/yubikeystore.go delete mode 100644 vendor/github.com/theupdateframework/notary/trustpinning/ca.crt delete mode 100644 vendor/github.com/theupdateframework/notary/trustpinning/certs.go delete mode 100644 vendor/github.com/theupdateframework/notary/trustpinning/test.crt delete mode 100644 vendor/github.com/theupdateframework/notary/trustpinning/trustpin.go delete mode 100644 vendor/github.com/theupdateframework/notary/tuf/LICENSE delete mode 100644 vendor/github.com/theupdateframework/notary/tuf/README.md delete mode 100644 vendor/github.com/theupdateframework/notary/tuf/builder.go delete mode 100644 vendor/github.com/theupdateframework/notary/tuf/data/errors.go delete mode 100644 vendor/github.com/theupdateframework/notary/tuf/data/keys.go delete mode 100644 vendor/github.com/theupdateframework/notary/tuf/data/roles.go delete mode 100644 vendor/github.com/theupdateframework/notary/tuf/data/root.go delete mode 100644 vendor/github.com/theupdateframework/notary/tuf/data/serializer.go delete mode 100644 vendor/github.com/theupdateframework/notary/tuf/data/snapshot.go delete mode 100644 vendor/github.com/theupdateframework/notary/tuf/data/targets.go delete mode 100644 vendor/github.com/theupdateframework/notary/tuf/data/timestamp.go delete mode 100644 vendor/github.com/theupdateframework/notary/tuf/data/types.go delete mode 100644 vendor/github.com/theupdateframework/notary/tuf/signed/ed25519.go delete mode 100644 vendor/github.com/theupdateframework/notary/tuf/signed/errors.go delete mode 100644 vendor/github.com/theupdateframework/notary/tuf/signed/interface.go delete mode 100644 vendor/github.com/theupdateframework/notary/tuf/signed/sign.go delete mode 100644 vendor/github.com/theupdateframework/notary/tuf/signed/verifiers.go delete mode 100644 vendor/github.com/theupdateframework/notary/tuf/signed/verify.go delete mode 100644 vendor/github.com/theupdateframework/notary/tuf/tuf.go delete mode 100644 vendor/github.com/theupdateframework/notary/tuf/utils/pkcs8.go delete mode 100644 vendor/github.com/theupdateframework/notary/tuf/utils/role_sort.go delete mode 100644 vendor/github.com/theupdateframework/notary/tuf/utils/stack.go delete mode 100644 vendor/github.com/theupdateframework/notary/tuf/utils/utils.go delete mode 100644 vendor/github.com/theupdateframework/notary/tuf/utils/x509.go delete mode 100644 vendor/github.com/theupdateframework/notary/tuf/validation/errors.go delete mode 100644 vendor/golang.org/x/crypto/ed25519/ed25519.go delete mode 100644 vendor/golang.org/x/crypto/pbkdf2/pbkdf2.go diff --git a/go.mod b/go.mod index ac94fe42..80cba190 100644 --- a/go.mod +++ b/go.mod @@ -17,7 +17,7 @@ require ( github.com/creack/pty v1.1.24 github.com/davecgh/go-spew v1.1.1 github.com/distribution/reference v0.6.0 - github.com/docker/cli v28.0.2+incompatible + github.com/docker/cli v28.0.4+incompatible github.com/docker/cli-docs-tool v0.9.0 github.com/docker/docker v28.0.4+incompatible github.com/docker/go-units v0.5.0 @@ -71,7 +71,6 @@ require ( require ( github.com/AdaLogics/go-fuzz-headers v0.0.0-20240806141605-e8a1dd7889d6 // indirect github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c // indirect - github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d // indirect github.com/agext/levenshtein v1.2.3 // indirect github.com/apparentlymart/go-cidr v1.0.1 // indirect github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect @@ -96,9 +95,9 @@ require ( github.com/cpuguy83/go-md2man/v2 v2.0.6 // indirect github.com/docker/distribution v2.8.3+incompatible // indirect github.com/docker/docker-credential-helpers v0.9.3 // indirect - github.com/docker/go v1.5.1-1.0.20160303222718-d30aec9fd63c // indirect github.com/docker/go-connections v0.5.0 // indirect github.com/docker/go-metrics v0.0.1 // indirect + github.com/docker/libtrust v0.0.0-20160708172513-aabc10ec26b7 // indirect github.com/emicklei/go-restful/v3 v3.11.0 // indirect github.com/felixge/httpsnoop v1.0.4 // indirect github.com/fvbommel/sortorder v1.0.1 // indirect @@ -127,9 +126,7 @@ require ( github.com/mailru/easyjson v0.7.7 // indirect github.com/mattn/go-runewidth v0.0.15 // indirect github.com/mattn/go-shellwords v1.0.12 // indirect - github.com/miekg/pkcs11 v1.1.1 // indirect github.com/mitchellh/go-wordwrap v0.0.0-20150314170334-ad45545899c7 // indirect - github.com/mitchellh/mapstructure v1.5.0 // indirect github.com/moby/docker-image-spec v1.3.1 // indirect github.com/moby/locker v1.0.1 // indirect github.com/moby/patternmatcher v0.6.0 // indirect diff --git a/go.sum b/go.sum index b955b43c..1e797c89 100644 --- a/go.sum +++ b/go.sum @@ -4,7 +4,6 @@ github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20231105174938-2b5cbb29f3e2 h1:dIS github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20231105174938-2b5cbb29f3e2/go.mod h1:gCLVsLfv1egrcZu+GoJATN5ts75F2s62ih/457eWzOw= github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c h1:udKWzYgxTojEKWjV8V+WSxDXJ4NFATAsZjh8iIbsQIg= github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= -github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/Masterminds/semver/v3 v3.2.1 h1:RN9w6+7QoMeJVGyfmbcgs28Br8cvmnucEXnY0rYXWg0= github.com/Masterminds/semver/v3 v3.2.1/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ= @@ -13,8 +12,6 @@ github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA github.com/Microsoft/hcsshim v0.12.9 h1:2zJy5KA+l0loz1HzEGqyNnjd3fyZA31ZBCGKacp6lLg= github.com/Microsoft/hcsshim v0.12.9/go.mod h1:fJ0gkFAna6ukt0bLdKB8djt4XIJhF/vEPuoIWYVvZ8Y= github.com/Shopify/logrus-bugsnag v0.0.0-20170309145241-6dbc35f2c30d/go.mod h1:HI8ITrYtUY+O+ZhtlqUnD8+KwNPOyugEhfP9fdUIaEQ= -github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d h1:UrqY+r/OJnIp5u0s1SbQ8dVfLCZJsnvazdBP5hS4iRs= -github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d/go.mod h1:HI8ITrYtUY+O+ZhtlqUnD8+KwNPOyugEhfP9fdUIaEQ= github.com/agext/levenshtein v1.2.3 h1:YB2fHEn0UJagG8T1rrWknE3ZQzWM06O8AMAatNn7lmo= github.com/agext/levenshtein v1.2.3/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558= github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= @@ -63,17 +60,13 @@ github.com/bitly/go-hostpool v0.1.0/go.mod h1:4gOCgp6+NZnVqlKyZ/iBZFTAJKembaVENU github.com/bitly/go-simplejson v0.5.0/go.mod h1:cXHtHw4XUPsvGaxgjIAn8PhEWG9NfngEKAMDJEczWVA= github.com/bmatcuk/doublestar v1.1.5/go.mod h1:wiQtGV+rzVYxB7WIlirSN++5HPtPlXEo9MEoZQC/PmE= github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869/go.mod h1:Ekp36dRnpXw/yCqJaO+ZrUyxD+3VXMFFr56k5XYrpB4= -github.com/bugsnag/bugsnag-go v1.0.5-0.20150529004307-13fd6b8acda0 h1:s7+5BfS4WFJoVF9pnB8kBk03S7pZXRdKamnV0FOl5Sc= github.com/bugsnag/bugsnag-go v1.0.5-0.20150529004307-13fd6b8acda0/go.mod h1:2oa8nejYd4cQ/b0hMIopN0lCRxU0bueqREvZLWFrtK8= -github.com/bugsnag/osext v0.0.0-20130617224835-0dd3f918b21b h1:otBG+dV+YK+Soembjv71DPz3uX/V/6MMlSyD9JBQ6kQ= github.com/bugsnag/osext v0.0.0-20130617224835-0dd3f918b21b/go.mod h1:obH5gd0BsqsP2LwDJ9aOkm/6J86V6lyAXCoQWGw3K50= -github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0 h1:nvj0OLI3YqYXer/kZD8Ri1aaunCxIEsOst1BVJswV0o= github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0/go.mod h1:D/8v3kj0zr8ZAKg1AQ6crr+5VwKN5eIywRkfhyM/+dE= github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8= github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= -github.com/cloudflare/cfssl v0.0.0-20180223231731-4e2dcbde5004 h1:lkAMpLVBDaj17e85keuznYcH5rqI438v41pKcBl4ZxQ= github.com/cloudflare/cfssl v0.0.0-20180223231731-4e2dcbde5004/go.mod h1:yMWuSON2oQp+43nFtAV/uvKQIFpSPerB57DCt9t8sSA= github.com/codahale/rfc6979 v0.0.0-20141003034818-6a90f24967eb h1:EDmT6Q9Zs+SbUoc7Ik9EfrFqcylYqgPZ9ANSbTAntnE= github.com/codahale/rfc6979 v0.0.0-20141003034818-6a90f24967eb/go.mod h1:ZjrT6AXHbDs86ZSdt/osfBi5qfexBrKUdONk989Wnk4= @@ -121,8 +114,8 @@ github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs github.com/denisenkom/go-mssqldb v0.0.0-20191128021309-1d7a30a10f73/go.mod h1:xbL0rPBG9cCiLr28tMa8zpbdarY27NDyej4t/EjAShU= github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk= github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E= -github.com/docker/cli v28.0.2+incompatible h1:cRPZ77FK3/IXTAIQQj1vmhlxiLS5m+MIUDwS6f57lrE= -github.com/docker/cli v28.0.2+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= +github.com/docker/cli v28.0.4+incompatible h1:pBJSJeNd9QeIWPjRcV91RVJihd/TXB77q1ef64XEu4A= +github.com/docker/cli v28.0.4+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/cli-docs-tool v0.9.0 h1:CVwQbE+ZziwlPqrJ7LRyUF6GvCA+6gj7MTCsayaK9t0= github.com/docker/cli-docs-tool v0.9.0/go.mod h1:ClrwlNW+UioiRyH9GiAOe1o3J/TsY3Tr1ipoypjAUtc= github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= @@ -170,7 +163,6 @@ github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= github.com/go-openapi/swag v0.22.4 h1:QLMzNJnMGPRNDCbySlcj1x01tzU8/9LTTL9hZZZogBU= github.com/go-openapi/swag v0.22.4/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= -github.com/go-sql-driver/mysql v1.3.0 h1:pgwjLi/dvffoP9aabwkT3AKpXQM93QARkjFhDDqC1UE= github.com/go-sql-driver/mysql v1.3.0/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI= @@ -195,7 +187,6 @@ github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5y github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= -github.com/google/certificate-transparency-go v1.0.10-0.20180222191210-5ab67e519c93 h1:jc2UWq7CbdszqeH6qu1ougXMIUBfSy8Pbh/anURYbGI= github.com/google/certificate-transparency-go v1.0.10-0.20180222191210-5ab67e519c93/go.mod h1:QeJfpSbVSfYc7RgB3gJFj9cbuQMMchQxrWXz8Ruopmg= github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I= github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U= @@ -221,7 +212,6 @@ github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWm github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= github.com/grpc-ecosystem/grpc-gateway/v2 v2.22.0 h1:asbCHRVmodnJTuQ3qamDwqVOIjwqUPTYmYuemVOx+Ys= github.com/grpc-ecosystem/grpc-gateway/v2 v2.22.0/go.mod h1:ggCgvZ2r7uOoQjOyu2Y1NhHmEPPzzuhWgcza5M1Ji1I= -github.com/hailocab/go-hostpool v0.0.0-20160125115350-e80d13ce29ed h1:5upAirOpQc1Q53c0bnx2ufif5kANL7bfZWcc6VJWJd8= github.com/hailocab/go-hostpool v0.0.0-20160125115350-e80d13ce29ed/go.mod h1:tMWxXQ9wFIaZeTI9F+hmhFiGpFmhOHzyShyFUhRm0H4= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I= @@ -242,9 +232,7 @@ github.com/in-toto/in-toto-golang v0.5.0/go.mod h1:/Rq0IZHLV7Ku5gielPT4wPHJfH1Gd github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= -github.com/jinzhu/gorm v0.0.0-20170222002820-5409931a1bb8 h1:CZkYfurY6KGhVtlalI4QwQ6T0Cu6iuY3e0x5RLu96WE= github.com/jinzhu/gorm v0.0.0-20170222002820-5409931a1bb8/go.mod h1:Vla75njaFJ8clLU1W44h34PjIkijhjHIYnZxMqCdxqo= -github.com/jinzhu/inflection v0.0.0-20170102125226-1c35d901db3d h1:jRQLvyVGL+iVtDElaEIDdKwpPqUIZJfzkNLV34htpEc= github.com/jinzhu/inflection v0.0.0-20170102125226-1c35d901db3d/go.mod h1:h+uFLlag+Qp1Va5pdKtLDYj+kHp5pxUVkryuEj+Srlc= github.com/jinzhu/now v1.1.1/go.mod h1:d3SSVoowX0Lcu0IBviAWJpolVfI5UJVZZ7cO71lE/z8= github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= @@ -273,7 +261,6 @@ github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc= github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= github.com/lib/pq v0.0.0-20150723085316-0dad96c0b94f/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= -github.com/magiconair/properties v1.5.3 h1:C8fxWnhYyME3n0klPOhVM7PtYUB3eV1W3DeFmN3j53Y= github.com/magiconair/properties v1.5.3/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= @@ -292,8 +279,6 @@ github.com/mitchellh/go-wordwrap v0.0.0-20150314170334-ad45545899c7/go.mod h1:ZX github.com/mitchellh/hashstructure/v2 v2.0.2 h1:vGKWl0YJqUNxE8d+h8f6NJLcCJrgbhC4NcD46KavDd4= github.com/mitchellh/hashstructure/v2 v2.0.2/go.mod h1:MG3aRVU/N29oo/V/IhBX8GR/zz4kQkprJgF2EVszyDE= github.com/mitchellh/mapstructure v0.0.0-20150613213606-2caf8efc9366/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= -github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY= -github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/moby/buildkit v0.20.2 h1:qIeR47eQ1tzI1rwz0on3Xx2enRw/1CKjFhoONVcTlMA= github.com/moby/buildkit v0.20.2/go.mod h1:DhaF82FjwOElTftl0JUAJpH/SUIUx4UvcFncLeOtlDI= github.com/moby/docker-image-spec v1.3.1 h1:jMKff3w6PgbfSa69GfNg+zN/XLhfXJGnEx3Nl2EsFP0= @@ -350,7 +335,6 @@ github.com/opencontainers/runtime-spec v1.2.0 h1:z97+pHb3uELt/yiAWD691HNHQIF07bE github.com/opencontainers/runtime-spec v1.2.0/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/selinux v1.11.1 h1:nHFvthhM0qY8/m+vfhJylliSshm8G1jJ2jDMcgULaH8= github.com/opencontainers/selinux v1.11.1/go.mod h1:E5dMC3VPuVvVHDYmi78qvhJp8+M586T4DlDRYpFkyec= -github.com/opentracing/opentracing-go v1.1.0 h1:pWlfV3Bxv7k65HYwkikxat0+s3pV4bsqf19k25Ur8rU= github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= github.com/pelletier/go-toml v1.9.5 h1:4yBQzkHv+7BHq2PQUZF3Mx0IYxG7LsP222s7Agd3ve8= github.com/pelletier/go-toml v1.9.5/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c= @@ -405,17 +389,14 @@ github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= github.com/spdx/tools-golang v0.5.3 h1:ialnHeEYUC4+hkm5vJm4qz2x+oEJbS0mAMFrNXdQraY= github.com/spdx/tools-golang v0.5.3/go.mod h1:/ETOahiAo96Ob0/RAIBmFZw6XN0yTnyr/uFZm2NTMhI= -github.com/spf13/cast v0.0.0-20150508191742-4d07383ffe94 h1:JmfC365KywYwHB946TTiQWEb8kqPY+pybPLoGE9GgVk= github.com/spf13/cast v0.0.0-20150508191742-4d07383ffe94/go.mod h1:r2rcYCSwa1IExKTDiTfzaxqT2FNHs8hODu4LnUfgKEg= github.com/spf13/cobra v0.0.1/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= github.com/spf13/cobra v1.9.1 h1:CXSaggrXdbHK9CF+8ywj8Amf7PBRmPCOJugH954Nnlo= github.com/spf13/cobra v1.9.1/go.mod h1:nDyEzZ8ogv936Cinf6g1RU9MRY64Ir93oCnqb9wxYW0= -github.com/spf13/jwalterweatherman v0.0.0-20141219030609-3d60171a6431 h1:XTHrT015sxHyJ5FnQ0AeemSspZWaDq7DoTRW0EVsDCE= github.com/spf13/jwalterweatherman v0.0.0-20141219030609-3d60171a6431/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo= github.com/spf13/pflag v1.0.0/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= github.com/spf13/pflag v1.0.6 h1:jFzHGLGAlb3ruxLB8MhbI6A8+AQX/2eW4qeyNZXNp2o= github.com/spf13/pflag v1.0.6/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= -github.com/spf13/viper v0.0.0-20150530192845-be5ff3e4840c h1:2EejZtjFjKJGk71ANb+wtFK5EjUzUkEM3R0xnp559xg= github.com/spf13/viper v0.0.0-20150530192845-be5ff3e4840c/go.mod h1:A8kyI5cUJhb8N+3pkfONlcEcZbueH6nhAm0Fq7SrnBM= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= @@ -584,7 +565,6 @@ google.golang.org/protobuf v1.35.2 h1:8Ar7bF+apOIoThw1EdZl0p1oWvMqTHmpA2fRTyZO8i google.golang.org/protobuf v1.35.2/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= gopkg.in/airbrake/gobrake.v2 v2.0.9/go.mod h1:/h5ZAUhDkGaJfjzjKLSjv6zCL6O0LLBxU4K+aSYdM/U= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= -gopkg.in/cenkalti/backoff.v2 v2.2.1 h1:eJ9UAg01/HIHG987TwxvnzK2MgxXq97YY6rYDpY9aII= gopkg.in/cenkalti/backoff.v2 v2.2.1/go.mod h1:S0QdOvT2AlerfSBkp0O+dk+bbIMaNbEmVk876gPCthU= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= @@ -595,7 +575,6 @@ gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMy gopkg.in/gemnasium/logrus-airbrake-hook.v2 v2.1.2/go.mod h1:Xk6kEKp8OKb+X14hQBKWaSkCsqBpgog8nAV2xsGOxlo= gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= -gopkg.in/rethinkdb/rethinkdb-go.v6 v6.2.1 h1:d4KQkxAaAiRY2h5Zqis161Pv91A37uZyJOx73duwUwM= gopkg.in/rethinkdb/rethinkdb-go.v6 v6.2.1/go.mod h1:WbjuEoo1oadwzQ4apSDU+JTvmllEHtsNHS6y7vFc7iw= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= diff --git a/vendor/github.com/docker/cli/cli/command/cli.go b/vendor/github.com/docker/cli/cli/command/cli.go index 8b5780d6..2a78c507 100644 --- a/vendor/github.com/docker/cli/cli/command/cli.go +++ b/vendor/github.com/docker/cli/cli/command/cli.go @@ -56,8 +56,6 @@ type Cli interface { CurrentContext() string DockerEndpoint() docker.Endpoint TelemetryClient - DeprecatedNotaryClient - DeprecatedManifestClient } // DockerCli is an instance the docker command line client. diff --git a/vendor/github.com/docker/cli/cli/command/cli_deprecated.go b/vendor/github.com/docker/cli/cli/command/cli_deprecated.go deleted file mode 100644 index 15fac1a6..00000000 --- a/vendor/github.com/docker/cli/cli/command/cli_deprecated.go +++ /dev/null @@ -1,56 +0,0 @@ -package command - -import ( - "context" - "path/filepath" - - "github.com/docker/cli/cli/config" - manifeststore "github.com/docker/cli/cli/manifest/store" - registryclient "github.com/docker/cli/cli/registry/client" - "github.com/docker/cli/cli/trust" - "github.com/docker/docker/api/types/registry" - notaryclient "github.com/theupdateframework/notary/client" -) - -type DeprecatedNotaryClient interface { - // NotaryClient provides a Notary Repository to interact with signed metadata for an image - // - // Deprecated: use [trust.GetNotaryRepository] instead. This method is no longer used and will be removed in the next release. - NotaryClient(imgRefAndAuth trust.ImageRefAndAuth, actions []string) (notaryclient.Repository, error) -} - -type DeprecatedManifestClient interface { - // ManifestStore returns a store for local manifests - // - // Deprecated: use [manifeststore.NewStore] instead. This method is no longer used and will be removed in the next release. - ManifestStore() manifeststore.Store - - // RegistryClient returns a client for communicating with a Docker distribution - // registry. - // - // Deprecated: use [registryclient.NewRegistryClient]. This method is no longer used and will be removed in the next release. - RegistryClient(bool) registryclient.RegistryClient -} - -// NotaryClient provides a Notary Repository to interact with signed metadata for an image -func (cli *DockerCli) NotaryClient(imgRefAndAuth trust.ImageRefAndAuth, actions []string) (notaryclient.Repository, error) { - return trust.GetNotaryRepository(cli.In(), cli.Out(), UserAgent(), imgRefAndAuth.RepoInfo(), imgRefAndAuth.AuthConfig(), actions...) -} - -// ManifestStore returns a store for local manifests -// -// Deprecated: use [manifeststore.NewStore] instead. This method is no longer used and will be removed in the next release. -func (*DockerCli) ManifestStore() manifeststore.Store { - return manifeststore.NewStore(filepath.Join(config.Dir(), "manifests")) -} - -// RegistryClient returns a client for communicating with a Docker distribution -// registry -// -// Deprecated: use [registryclient.NewRegistryClient]. This method is no longer used and will be removed in the next release. -func (cli *DockerCli) RegistryClient(allowInsecure bool) registryclient.RegistryClient { - resolver := func(ctx context.Context, index *registry.IndexInfo) registry.AuthConfig { - return ResolveAuthConfig(cli.ConfigFile(), index) - } - return registryclient.NewRegistryClient(resolver, UserAgent(), allowInsecure) -} diff --git a/vendor/github.com/docker/cli/cli/config/config.go b/vendor/github.com/docker/cli/cli/config/config.go index daf50433..cbb34486 100644 --- a/vendor/github.com/docker/cli/cli/config/config.go +++ b/vendor/github.com/docker/cli/cli/config/config.go @@ -58,7 +58,7 @@ func resetConfigDir() { // getHomeDir is a copy of [pkg/homedir.Get] to prevent adding docker/docker // as dependency for consumers that only need to read the config-file. // -// [pkg/homedir.Get]: https://pkg.go.dev/github.com/docker/docker@v26.1.4+incompatible/pkg/homedir#Get +// [pkg/homedir.Get]: https://pkg.go.dev/github.com/docker/docker@v28.0.3+incompatible/pkg/homedir#Get func getHomeDir() string { home, _ := os.UserHomeDir() if home == "" && runtime.GOOS != "windows" { diff --git a/vendor/github.com/docker/cli/cli/internal/jsonstream/display.go b/vendor/github.com/docker/cli/cli/internal/jsonstream/display.go deleted file mode 100644 index 8981eca3..00000000 --- a/vendor/github.com/docker/cli/cli/internal/jsonstream/display.go +++ /dev/null @@ -1,68 +0,0 @@ -package jsonstream - -import ( - "context" - "io" - - "github.com/docker/docker/pkg/jsonmessage" -) - -type ( - Stream = jsonmessage.Stream - JSONMessage = jsonmessage.JSONMessage - JSONError = jsonmessage.JSONError - JSONProgress = jsonmessage.JSONProgress -) - -type ctxReader struct { - err chan error - r io.Reader -} - -func (r *ctxReader) Read(p []byte) (n int, err error) { - select { - case err = <-r.err: - return 0, err - default: - return r.r.Read(p) - } -} - -type Options func(*options) - -type options struct { - AuxCallback func(JSONMessage) -} - -func WithAuxCallback(cb func(JSONMessage)) Options { - return func(o *options) { - o.AuxCallback = cb - } -} - -// Display prints the JSON messages from the given reader to the given stream. -// -// It wraps the [jsonmessage.DisplayJSONMessagesStream] function to make it -// "context aware" and appropriately returns why the function was canceled. -// -// It returns an error if the context is canceled, but not if the input reader / stream is closed. -func Display(ctx context.Context, in io.Reader, stream Stream, opts ...Options) error { - if ctx.Err() != nil { - return ctx.Err() - } - - reader := &ctxReader{err: make(chan error, 1), r: in} - stopFunc := context.AfterFunc(ctx, func() { reader.err <- ctx.Err() }) - defer stopFunc() - - o := options{} - for _, opt := range opts { - opt(&o) - } - - if err := jsonmessage.DisplayJSONMessagesStream(reader, stream, stream.FD(), stream.IsTerminal(), o.AuxCallback); err != nil { - return err - } - - return ctx.Err() -} diff --git a/vendor/github.com/docker/cli/cli/manifest/store/store.go b/vendor/github.com/docker/cli/cli/manifest/store/store.go deleted file mode 100644 index e97e8628..00000000 --- a/vendor/github.com/docker/cli/cli/manifest/store/store.go +++ /dev/null @@ -1,178 +0,0 @@ -package store - -import ( - "encoding/json" - "os" - "path/filepath" - "strings" - - "github.com/distribution/reference" - "github.com/docker/cli/cli/manifest/types" - "github.com/docker/distribution/manifest/manifestlist" - "github.com/opencontainers/go-digest" - ocispec "github.com/opencontainers/image-spec/specs-go/v1" - "github.com/pkg/errors" -) - -// Store manages local storage of image distribution manifests -type Store interface { - Remove(listRef reference.Reference) error - Get(listRef reference.Reference, manifest reference.Reference) (types.ImageManifest, error) - GetList(listRef reference.Reference) ([]types.ImageManifest, error) - Save(listRef reference.Reference, manifest reference.Reference, image types.ImageManifest) error -} - -// fsStore manages manifest files stored on the local filesystem -type fsStore struct { - root string -} - -// NewStore returns a new store for a local file path -func NewStore(root string) Store { - return &fsStore{root: root} -} - -// Remove a manifest list from local storage -func (s *fsStore) Remove(listRef reference.Reference) error { - path := filepath.Join(s.root, makeFilesafeName(listRef.String())) - return os.RemoveAll(path) -} - -// Get returns the local manifest -func (s *fsStore) Get(listRef reference.Reference, manifest reference.Reference) (types.ImageManifest, error) { - filename := manifestToFilename(s.root, listRef.String(), manifest.String()) - return s.getFromFilename(manifest, filename) -} - -func (*fsStore) getFromFilename(ref reference.Reference, filename string) (types.ImageManifest, error) { - bytes, err := os.ReadFile(filename) - switch { - case os.IsNotExist(err): - return types.ImageManifest{}, newNotFoundError(ref.String()) - case err != nil: - return types.ImageManifest{}, err - } - var manifestInfo struct { - types.ImageManifest - - // Deprecated Fields, replaced by Descriptor - Digest digest.Digest - Platform *manifestlist.PlatformSpec - } - - if err := json.Unmarshal(bytes, &manifestInfo); err != nil { - return types.ImageManifest{}, err - } - - // Compatibility with image manifests created before - // descriptor, newer versions omit Digest and Platform - if manifestInfo.Digest != "" { - mediaType, raw, err := manifestInfo.Payload() - if err != nil { - return types.ImageManifest{}, err - } - if dgst := digest.FromBytes(raw); dgst != manifestInfo.Digest { - return types.ImageManifest{}, errors.Errorf("invalid manifest file %v: image manifest digest mismatch (%v != %v)", filename, manifestInfo.Digest, dgst) - } - manifestInfo.ImageManifest.Descriptor = ocispec.Descriptor{ - Digest: manifestInfo.Digest, - Size: int64(len(raw)), - MediaType: mediaType, - Platform: types.OCIPlatform(manifestInfo.Platform), - } - } - - return manifestInfo.ImageManifest, nil -} - -// GetList returns all the local manifests for a transaction -func (s *fsStore) GetList(listRef reference.Reference) ([]types.ImageManifest, error) { - filenames, err := s.listManifests(listRef.String()) - switch { - case err != nil: - return nil, err - case filenames == nil: - return nil, newNotFoundError(listRef.String()) - } - - manifests := []types.ImageManifest{} - for _, filename := range filenames { - filename = filepath.Join(s.root, makeFilesafeName(listRef.String()), filename) - manifest, err := s.getFromFilename(listRef, filename) - if err != nil { - return nil, err - } - manifests = append(manifests, manifest) - } - return manifests, nil -} - -// listManifests stored in a transaction -func (s *fsStore) listManifests(transaction string) ([]string, error) { - transactionDir := filepath.Join(s.root, makeFilesafeName(transaction)) - fileInfos, err := os.ReadDir(transactionDir) - switch { - case os.IsNotExist(err): - return nil, nil - case err != nil: - return nil, err - } - - filenames := make([]string, 0, len(fileInfos)) - for _, info := range fileInfos { - filenames = append(filenames, info.Name()) - } - return filenames, nil -} - -// Save a manifest as part of a local manifest list -func (s *fsStore) Save(listRef reference.Reference, manifest reference.Reference, image types.ImageManifest) error { - if err := s.createManifestListDirectory(listRef.String()); err != nil { - return err - } - filename := manifestToFilename(s.root, listRef.String(), manifest.String()) - bytes, err := json.Marshal(image) - if err != nil { - return err - } - return os.WriteFile(filename, bytes, 0o644) -} - -func (s *fsStore) createManifestListDirectory(transaction string) error { - path := filepath.Join(s.root, makeFilesafeName(transaction)) - return os.MkdirAll(path, 0o755) -} - -func manifestToFilename(root, manifestList, manifest string) string { - return filepath.Join(root, makeFilesafeName(manifestList), makeFilesafeName(manifest)) -} - -func makeFilesafeName(ref string) string { - fileName := strings.ReplaceAll(ref, ":", "-") - return strings.ReplaceAll(fileName, "/", "_") -} - -type notFoundError struct { - object string -} - -func newNotFoundError(ref string) *notFoundError { - return ¬FoundError{object: ref} -} - -func (n *notFoundError) Error() string { - return "No such manifest: " + n.object -} - -// NotFound interface -func (*notFoundError) NotFound() {} - -// IsNotFound returns true if the error is a not found error -func IsNotFound(err error) bool { - _, ok := err.(notFound) - return ok -} - -type notFound interface { - NotFound() -} diff --git a/vendor/github.com/docker/cli/cli/manifest/types/types.go b/vendor/github.com/docker/cli/cli/manifest/types/types.go deleted file mode 100644 index e098928d..00000000 --- a/vendor/github.com/docker/cli/cli/manifest/types/types.go +++ /dev/null @@ -1,154 +0,0 @@ -package types - -import ( - "encoding/json" - - "github.com/distribution/reference" - "github.com/docker/distribution" - "github.com/docker/distribution/manifest/manifestlist" - "github.com/docker/distribution/manifest/ocischema" - "github.com/docker/distribution/manifest/schema2" - "github.com/opencontainers/go-digest" - ocispec "github.com/opencontainers/image-spec/specs-go/v1" - "github.com/pkg/errors" -) - -// ImageManifest contains info to output for a manifest object. -type ImageManifest struct { - Ref *SerializableNamed - Descriptor ocispec.Descriptor - Raw []byte `json:",omitempty"` - - // SchemaV2Manifest is used for inspection - SchemaV2Manifest *schema2.DeserializedManifest `json:",omitempty"` - // OCIManifest is used for inspection - OCIManifest *ocischema.DeserializedManifest `json:",omitempty"` -} - -// OCIPlatform creates an OCI platform from a manifest list platform spec -func OCIPlatform(ps *manifestlist.PlatformSpec) *ocispec.Platform { - if ps == nil { - return nil - } - return &ocispec.Platform{ - Architecture: ps.Architecture, - OS: ps.OS, - OSVersion: ps.OSVersion, - OSFeatures: ps.OSFeatures, - Variant: ps.Variant, - } -} - -// PlatformSpecFromOCI creates a platform spec from OCI platform -func PlatformSpecFromOCI(p *ocispec.Platform) *manifestlist.PlatformSpec { - if p == nil { - return nil - } - return &manifestlist.PlatformSpec{ - Architecture: p.Architecture, - OS: p.OS, - OSVersion: p.OSVersion, - OSFeatures: p.OSFeatures, - Variant: p.Variant, - } -} - -// Blobs returns the digests for all the blobs referenced by this manifest -func (i ImageManifest) Blobs() []digest.Digest { - var digests []digest.Digest - switch { - case i.SchemaV2Manifest != nil: - refs := i.SchemaV2Manifest.References() - digests = make([]digest.Digest, 0, len(refs)) - for _, descriptor := range refs { - digests = append(digests, descriptor.Digest) - } - case i.OCIManifest != nil: - refs := i.OCIManifest.References() - digests = make([]digest.Digest, 0, len(refs)) - for _, descriptor := range refs { - digests = append(digests, descriptor.Digest) - } - } - return digests -} - -// Payload returns the media type and bytes for the manifest -func (i ImageManifest) Payload() (string, []byte, error) { - // TODO: If available, read content from a content store by digest - switch { - case i.SchemaV2Manifest != nil: - return i.SchemaV2Manifest.Payload() - case i.OCIManifest != nil: - return i.OCIManifest.Payload() - default: - return "", nil, errors.Errorf("%s has no payload", i.Ref) - } -} - -// References implements the distribution.Manifest interface. It delegates to -// the underlying manifest. -func (i ImageManifest) References() []distribution.Descriptor { - switch { - case i.SchemaV2Manifest != nil: - return i.SchemaV2Manifest.References() - case i.OCIManifest != nil: - return i.OCIManifest.References() - default: - return nil - } -} - -// NewImageManifest returns a new ImageManifest object. The values for Platform -// are initialized from those in the image -func NewImageManifest(ref reference.Named, desc ocispec.Descriptor, manifest *schema2.DeserializedManifest) ImageManifest { - raw, err := manifest.MarshalJSON() - if err != nil { - raw = nil - } - - return ImageManifest{ - Ref: &SerializableNamed{Named: ref}, - Descriptor: desc, - Raw: raw, - SchemaV2Manifest: manifest, - } -} - -// NewOCIImageManifest returns a new ImageManifest object. The values for -// Platform are initialized from those in the image -func NewOCIImageManifest(ref reference.Named, desc ocispec.Descriptor, manifest *ocischema.DeserializedManifest) ImageManifest { - raw, err := manifest.MarshalJSON() - if err != nil { - raw = nil - } - - return ImageManifest{ - Ref: &SerializableNamed{Named: ref}, - Descriptor: desc, - Raw: raw, - OCIManifest: manifest, - } -} - -// SerializableNamed is a reference.Named that can be serialized and deserialized -// from JSON -type SerializableNamed struct { - reference.Named -} - -// UnmarshalJSON loads the Named reference from JSON bytes -func (s *SerializableNamed) UnmarshalJSON(b []byte) error { - var raw string - if err := json.Unmarshal(b, &raw); err != nil { - return errors.Wrapf(err, "invalid named reference bytes: %s", b) - } - var err error - s.Named, err = reference.ParseNamed(raw) - return err -} - -// MarshalJSON returns the JSON bytes representation -func (s *SerializableNamed) MarshalJSON() ([]byte, error) { - return json.Marshal(s.String()) -} diff --git a/vendor/github.com/docker/cli/cli/registry/client/client.go b/vendor/github.com/docker/cli/cli/registry/client/client.go deleted file mode 100644 index 31975d48..00000000 --- a/vendor/github.com/docker/cli/cli/registry/client/client.go +++ /dev/null @@ -1,197 +0,0 @@ -package client - -import ( - "context" - "fmt" - "net/http" - "strings" - - "github.com/distribution/reference" - manifesttypes "github.com/docker/cli/cli/manifest/types" - "github.com/docker/distribution" - distributionclient "github.com/docker/distribution/registry/client" - registrytypes "github.com/docker/docker/api/types/registry" - "github.com/opencontainers/go-digest" - "github.com/pkg/errors" - "github.com/sirupsen/logrus" -) - -// RegistryClient is a client used to communicate with a Docker distribution -// registry -type RegistryClient interface { - GetManifest(ctx context.Context, ref reference.Named) (manifesttypes.ImageManifest, error) - GetManifestList(ctx context.Context, ref reference.Named) ([]manifesttypes.ImageManifest, error) - MountBlob(ctx context.Context, source reference.Canonical, target reference.Named) error - PutManifest(ctx context.Context, ref reference.Named, manifest distribution.Manifest) (digest.Digest, error) -} - -// NewRegistryClient returns a new RegistryClient with a resolver -func NewRegistryClient(resolver AuthConfigResolver, userAgent string, insecure bool) RegistryClient { - return &client{ - authConfigResolver: resolver, - insecureRegistry: insecure, - userAgent: userAgent, - } -} - -// AuthConfigResolver returns Auth Configuration for an index -type AuthConfigResolver func(ctx context.Context, index *registrytypes.IndexInfo) registrytypes.AuthConfig - -type client struct { - authConfigResolver AuthConfigResolver - insecureRegistry bool - userAgent string -} - -// ErrBlobCreated returned when a blob mount request was created -type ErrBlobCreated struct { - From reference.Named - Target reference.Named -} - -func (err ErrBlobCreated) Error() string { - return fmt.Sprintf("blob mounted from: %v to: %v", - err.From, err.Target) -} - -// httpProtoError returned if attempting to use TLS with a non-TLS registry -type httpProtoError struct { - cause error -} - -func (e httpProtoError) Error() string { - return e.cause.Error() -} - -var _ RegistryClient = &client{} - -// MountBlob into the registry, so it can be referenced by a manifest -func (c *client) MountBlob(ctx context.Context, sourceRef reference.Canonical, targetRef reference.Named) error { - repoEndpoint, err := newDefaultRepositoryEndpoint(targetRef, c.insecureRegistry) - if err != nil { - return err - } - repoEndpoint.actions = []string{"pull", "push"} - repo, err := c.getRepositoryForReference(ctx, targetRef, repoEndpoint) - if err != nil { - return err - } - lu, err := repo.Blobs(ctx).Create(ctx, distributionclient.WithMountFrom(sourceRef)) - switch err.(type) { - case distribution.ErrBlobMounted: - logrus.Debugf("mount of blob %s succeeded", sourceRef) - return nil - case nil: - default: - return errors.Wrapf(err, "failed to mount blob %s to %s", sourceRef, targetRef) - } - lu.Cancel(ctx) - logrus.Debugf("mount of blob %s created", sourceRef) - return ErrBlobCreated{From: sourceRef, Target: targetRef} -} - -// PutManifest sends the manifest to a registry and returns the new digest -func (c *client) PutManifest(ctx context.Context, ref reference.Named, manifest distribution.Manifest) (digest.Digest, error) { - repoEndpoint, err := newDefaultRepositoryEndpoint(ref, c.insecureRegistry) - if err != nil { - return "", err - } - - repoEndpoint.actions = []string{"pull", "push"} - repo, err := c.getRepositoryForReference(ctx, ref, repoEndpoint) - if err != nil { - return "", err - } - - manifestService, err := repo.Manifests(ctx) - if err != nil { - return "", err - } - - _, opts, err := getManifestOptionsFromReference(ref) - if err != nil { - return "", err - } - - dgst, err := manifestService.Put(ctx, manifest, opts...) - if err != nil { - return dgst, errors.Wrapf(err, "failed to put manifest %s", ref) - } - return dgst, nil -} - -func (c *client) getRepositoryForReference(ctx context.Context, ref reference.Named, repoEndpoint repositoryEndpoint) (distribution.Repository, error) { - repoName, err := reference.WithName(repoEndpoint.Name()) - if err != nil { - return nil, errors.Wrapf(err, "failed to parse repo name from %s", ref) - } - httpTransport, err := c.getHTTPTransportForRepoEndpoint(ctx, repoEndpoint) - if err != nil { - if !strings.Contains(err.Error(), "server gave HTTP response to HTTPS client") { - return nil, err - } - if !repoEndpoint.endpoint.TLSConfig.InsecureSkipVerify { - return nil, httpProtoError{cause: err} - } - // --insecure was set; fall back to plain HTTP - if url := repoEndpoint.endpoint.URL; url != nil && url.Scheme == "https" { - url.Scheme = "http" - httpTransport, err = c.getHTTPTransportForRepoEndpoint(ctx, repoEndpoint) - if err != nil { - return nil, err - } - } - } - return distributionclient.NewRepository(repoName, repoEndpoint.BaseURL(), httpTransport) -} - -func (c *client) getHTTPTransportForRepoEndpoint(ctx context.Context, repoEndpoint repositoryEndpoint) (http.RoundTripper, error) { - httpTransport, err := getHTTPTransport( - c.authConfigResolver(ctx, repoEndpoint.info.Index), - repoEndpoint.endpoint, - repoEndpoint.Name(), - c.userAgent, - repoEndpoint.actions, - ) - if err != nil { - return nil, errors.Wrap(err, "failed to configure transport") - } - return httpTransport, nil -} - -// GetManifest returns an ImageManifest for the reference -func (c *client) GetManifest(ctx context.Context, ref reference.Named) (manifesttypes.ImageManifest, error) { - var result manifesttypes.ImageManifest - fetch := func(ctx context.Context, repo distribution.Repository, ref reference.Named) (bool, error) { - var err error - result, err = fetchManifest(ctx, repo, ref) - return result.Ref != nil, err - } - - err := c.iterateEndpoints(ctx, ref, fetch) - return result, err -} - -// GetManifestList returns a list of ImageManifest for the reference -func (c *client) GetManifestList(ctx context.Context, ref reference.Named) ([]manifesttypes.ImageManifest, error) { - result := []manifesttypes.ImageManifest{} - fetch := func(ctx context.Context, repo distribution.Repository, ref reference.Named) (bool, error) { - var err error - result, err = fetchList(ctx, repo, ref) - return len(result) > 0, err - } - - err := c.iterateEndpoints(ctx, ref, fetch) - return result, err -} - -func getManifestOptionsFromReference(ref reference.Named) (digest.Digest, []distribution.ManifestServiceOption, error) { - if tagged, isTagged := ref.(reference.NamedTagged); isTagged { - tag := tagged.Tag() - return "", []distribution.ManifestServiceOption{distribution.WithTag(tag)}, nil - } - if digested, isDigested := ref.(reference.Canonical); isDigested { - return digested.Digest(), []distribution.ManifestServiceOption{}, nil - } - return "", nil, errors.Errorf("%s no tag or digest", ref) -} diff --git a/vendor/github.com/docker/cli/cli/registry/client/endpoint.go b/vendor/github.com/docker/cli/cli/registry/client/endpoint.go deleted file mode 100644 index ab35e73c..00000000 --- a/vendor/github.com/docker/cli/cli/registry/client/endpoint.go +++ /dev/null @@ -1,121 +0,0 @@ -package client - -import ( - "net" - "net/http" - "time" - - "github.com/distribution/reference" - "github.com/docker/distribution/registry/client/auth" - "github.com/docker/distribution/registry/client/transport" - registrytypes "github.com/docker/docker/api/types/registry" - "github.com/docker/docker/registry" - "github.com/pkg/errors" -) - -type repositoryEndpoint struct { - info *registry.RepositoryInfo - endpoint registry.APIEndpoint - actions []string -} - -// Name returns the repository name -func (r repositoryEndpoint) Name() string { - return reference.Path(r.info.Name) -} - -// BaseURL returns the endpoint url -func (r repositoryEndpoint) BaseURL() string { - return r.endpoint.URL.String() -} - -func newDefaultRepositoryEndpoint(ref reference.Named, insecure bool) (repositoryEndpoint, error) { - repoInfo, _ := registry.ParseRepositoryInfo(ref) - endpoint, err := getDefaultEndpointFromRepoInfo(repoInfo) - if err != nil { - return repositoryEndpoint{}, err - } - if insecure { - endpoint.TLSConfig.InsecureSkipVerify = true - } - return repositoryEndpoint{info: repoInfo, endpoint: endpoint}, nil -} - -func getDefaultEndpointFromRepoInfo(repoInfo *registry.RepositoryInfo) (registry.APIEndpoint, error) { - var err error - - options := registry.ServiceOptions{} - registryService, err := registry.NewService(options) - if err != nil { - return registry.APIEndpoint{}, err - } - endpoints, err := registryService.LookupPushEndpoints(reference.Domain(repoInfo.Name)) - if err != nil { - return registry.APIEndpoint{}, err - } - // Default to the highest priority endpoint to return - endpoint := endpoints[0] - if !repoInfo.Index.Secure { - for _, ep := range endpoints { - if ep.URL.Scheme == "http" { - endpoint = ep - } - } - } - return endpoint, nil -} - -// getHTTPTransport builds a transport for use in communicating with a registry -func getHTTPTransport(authConfig registrytypes.AuthConfig, endpoint registry.APIEndpoint, repoName, userAgent string, actions []string) (http.RoundTripper, error) { - // get the http transport, this will be used in a client to upload manifest - base := &http.Transport{ - Proxy: http.ProxyFromEnvironment, - Dial: (&net.Dialer{ - Timeout: 30 * time.Second, - KeepAlive: 30 * time.Second, - }).Dial, - TLSHandshakeTimeout: 10 * time.Second, - TLSClientConfig: endpoint.TLSConfig, - DisableKeepAlives: true, - } - - modifiers := registry.Headers(userAgent, http.Header{}) - authTransport := transport.NewTransport(base, modifiers...) - challengeManager, err := registry.PingV2Registry(endpoint.URL, authTransport) - if err != nil { - return nil, errors.Wrap(err, "error pinging v2 registry") - } - if authConfig.RegistryToken != "" { - passThruTokenHandler := &existingTokenHandler{token: authConfig.RegistryToken} - modifiers = append(modifiers, auth.NewAuthorizer(challengeManager, passThruTokenHandler)) - } else { - if len(actions) == 0 { - actions = []string{"pull"} - } - creds := registry.NewStaticCredentialStore(&authConfig) - tokenHandler := auth.NewTokenHandler(authTransport, creds, repoName, actions...) - basicHandler := auth.NewBasicHandler(creds) - modifiers = append(modifiers, auth.NewAuthorizer(challengeManager, tokenHandler, basicHandler)) - } - return transport.NewTransport(base, modifiers...), nil -} - -// RepoNameForReference returns the repository name from a reference. -// -// Deprecated: this function is no longer used and will be removed in the next release. -func RepoNameForReference(ref reference.Named) (string, error) { - return reference.Path(reference.TrimNamed(ref)), nil -} - -type existingTokenHandler struct { - token string -} - -func (th *existingTokenHandler) AuthorizeRequest(req *http.Request, _ map[string]string) error { - req.Header.Set("Authorization", "Bearer "+th.token) - return nil -} - -func (*existingTokenHandler) Scheme() string { - return "bearer" -} diff --git a/vendor/github.com/docker/cli/cli/registry/client/fetcher.go b/vendor/github.com/docker/cli/cli/registry/client/fetcher.go deleted file mode 100644 index f0a2f986..00000000 --- a/vendor/github.com/docker/cli/cli/registry/client/fetcher.go +++ /dev/null @@ -1,301 +0,0 @@ -package client - -import ( - "context" - "encoding/json" - - "github.com/distribution/reference" - "github.com/docker/cli/cli/manifest/types" - "github.com/docker/distribution" - "github.com/docker/distribution/manifest/manifestlist" - "github.com/docker/distribution/manifest/ocischema" - "github.com/docker/distribution/manifest/schema2" - "github.com/docker/distribution/registry/api/errcode" - v2 "github.com/docker/distribution/registry/api/v2" - distclient "github.com/docker/distribution/registry/client" - "github.com/docker/docker/registry" - "github.com/opencontainers/go-digest" - ocispec "github.com/opencontainers/image-spec/specs-go/v1" - "github.com/pkg/errors" - "github.com/sirupsen/logrus" -) - -// fetchManifest pulls a manifest from a registry and returns it. An error -// is returned if no manifest is found matching namedRef. -func fetchManifest(ctx context.Context, repo distribution.Repository, ref reference.Named) (types.ImageManifest, error) { - manifest, err := getManifest(ctx, repo, ref) - if err != nil { - return types.ImageManifest{}, err - } - - switch v := manifest.(type) { - // Removed Schema 1 support - case *schema2.DeserializedManifest: - return pullManifestSchemaV2(ctx, ref, repo, *v) - case *ocischema.DeserializedManifest: - return pullManifestOCISchema(ctx, ref, repo, *v) - case *manifestlist.DeserializedManifestList: - return types.ImageManifest{}, errors.Errorf("%s is a manifest list", ref) - } - return types.ImageManifest{}, errors.Errorf("%s is not a manifest", ref) -} - -func fetchList(ctx context.Context, repo distribution.Repository, ref reference.Named) ([]types.ImageManifest, error) { - manifest, err := getManifest(ctx, repo, ref) - if err != nil { - return nil, err - } - - switch v := manifest.(type) { - case *manifestlist.DeserializedManifestList: - return pullManifestList(ctx, ref, repo, *v) - default: - return nil, errors.Errorf("unsupported manifest format: %v", v) - } -} - -func getManifest(ctx context.Context, repo distribution.Repository, ref reference.Named) (distribution.Manifest, error) { - manSvc, err := repo.Manifests(ctx) - if err != nil { - return nil, err - } - - dgst, opts, err := getManifestOptionsFromReference(ref) - if err != nil { - return nil, errors.Errorf("image manifest for %q does not exist", ref) - } - return manSvc.Get(ctx, dgst, opts...) -} - -func pullManifestSchemaV2(ctx context.Context, ref reference.Named, repo distribution.Repository, mfst schema2.DeserializedManifest) (types.ImageManifest, error) { - manifestDesc, err := validateManifestDigest(ref, mfst) - if err != nil { - return types.ImageManifest{}, err - } - configJSON, err := pullManifestSchemaV2ImageConfig(ctx, mfst.Target().Digest, repo) - if err != nil { - return types.ImageManifest{}, err - } - - if manifestDesc.Platform == nil { - manifestDesc.Platform = &ocispec.Platform{} - } - - // Fill in os and architecture fields from config JSON - if err := json.Unmarshal(configJSON, manifestDesc.Platform); err != nil { - return types.ImageManifest{}, err - } - - return types.NewImageManifest(ref, manifestDesc, &mfst), nil -} - -func pullManifestOCISchema(ctx context.Context, ref reference.Named, repo distribution.Repository, mfst ocischema.DeserializedManifest) (types.ImageManifest, error) { - manifestDesc, err := validateManifestDigest(ref, mfst) - if err != nil { - return types.ImageManifest{}, err - } - configJSON, err := pullManifestSchemaV2ImageConfig(ctx, mfst.Target().Digest, repo) - if err != nil { - return types.ImageManifest{}, err - } - - if manifestDesc.Platform == nil { - manifestDesc.Platform = &ocispec.Platform{} - } - - // Fill in os and architecture fields from config JSON - if err := json.Unmarshal(configJSON, manifestDesc.Platform); err != nil { - return types.ImageManifest{}, err - } - - return types.NewOCIImageManifest(ref, manifestDesc, &mfst), nil -} - -func pullManifestSchemaV2ImageConfig(ctx context.Context, dgst digest.Digest, repo distribution.Repository) ([]byte, error) { - blobs := repo.Blobs(ctx) - configJSON, err := blobs.Get(ctx, dgst) - if err != nil { - return nil, err - } - - verifier := dgst.Verifier() - if _, err := verifier.Write(configJSON); err != nil { - return nil, err - } - if !verifier.Verified() { - return nil, errors.Errorf("image config verification failed for digest %s", dgst) - } - return configJSON, nil -} - -// validateManifestDigest computes the manifest digest, and, if pulling by -// digest, ensures that it matches the requested digest. -func validateManifestDigest(ref reference.Named, mfst distribution.Manifest) (ocispec.Descriptor, error) { - mediaType, canonical, err := mfst.Payload() - if err != nil { - return ocispec.Descriptor{}, err - } - desc := ocispec.Descriptor{ - Digest: digest.FromBytes(canonical), - Size: int64(len(canonical)), - MediaType: mediaType, - } - - // If pull by digest, then verify the manifest digest. - if digested, isDigested := ref.(reference.Canonical); isDigested && digested.Digest() != desc.Digest { - return ocispec.Descriptor{}, errors.Errorf("manifest verification failed for digest %s", digested.Digest()) - } - - return desc, nil -} - -// pullManifestList handles "manifest lists" which point to various -// platform-specific manifests. -func pullManifestList(ctx context.Context, ref reference.Named, repo distribution.Repository, mfstList manifestlist.DeserializedManifestList) ([]types.ImageManifest, error) { - if _, err := validateManifestDigest(ref, mfstList); err != nil { - return nil, err - } - - infos := make([]types.ImageManifest, 0, len(mfstList.Manifests)) - for _, manifestDescriptor := range mfstList.Manifests { - manSvc, err := repo.Manifests(ctx) - if err != nil { - return nil, err - } - manifest, err := manSvc.Get(ctx, manifestDescriptor.Digest) - if err != nil { - return nil, err - } - - manifestRef, err := reference.WithDigest(ref, manifestDescriptor.Digest) - if err != nil { - return nil, err - } - - var imageManifest types.ImageManifest - switch v := manifest.(type) { - case *schema2.DeserializedManifest: - imageManifest, err = pullManifestSchemaV2(ctx, manifestRef, repo, *v) - case *ocischema.DeserializedManifest: - imageManifest, err = pullManifestOCISchema(ctx, manifestRef, repo, *v) - default: - err = errors.Errorf("unsupported manifest type: %T", manifest) - } - if err != nil { - return nil, err - } - - // Replace platform from config - p := manifestDescriptor.Platform - imageManifest.Descriptor.Platform = types.OCIPlatform(&p) - - infos = append(infos, imageManifest) - } - return infos, nil -} - -func continueOnError(err error) bool { - switch v := err.(type) { - case errcode.Errors: - if len(v) == 0 { - return true - } - return continueOnError(v[0]) - case errcode.Error: - switch e := err.(errcode.Error); e.Code { - case errcode.ErrorCodeUnauthorized, v2.ErrorCodeManifestUnknown, v2.ErrorCodeNameUnknown: - return true - default: - return false - } - case *distclient.UnexpectedHTTPResponseError: - return true - } - return false -} - -func (c *client) iterateEndpoints(ctx context.Context, namedRef reference.Named, each func(context.Context, distribution.Repository, reference.Named) (bool, error)) error { - endpoints, err := allEndpoints(namedRef, c.insecureRegistry) - if err != nil { - return err - } - - repoInfo, _ := registry.ParseRepositoryInfo(namedRef) - - confirmedTLSRegistries := make(map[string]bool) - for _, endpoint := range endpoints { - if endpoint.URL.Scheme != "https" { - if _, confirmedTLS := confirmedTLSRegistries[endpoint.URL.Host]; confirmedTLS { - logrus.Debugf("skipping non-TLS endpoint %s for host/port that appears to use TLS", endpoint.URL) - continue - } - } - - if c.insecureRegistry { - endpoint.TLSConfig.InsecureSkipVerify = true - } - repoEndpoint := repositoryEndpoint{endpoint: endpoint, info: repoInfo} - repo, err := c.getRepositoryForReference(ctx, namedRef, repoEndpoint) - if err != nil { - logrus.Debugf("error %s with repo endpoint %+v", err, repoEndpoint) - var protoErr httpProtoError - if errors.As(err, &protoErr) { - continue - } - return err - } - - if endpoint.URL.Scheme == "http" && !c.insecureRegistry { - logrus.Debugf("skipping non-tls registry endpoint: %s", endpoint.URL) - continue - } - done, err := each(ctx, repo, namedRef) - if err != nil { - if continueOnError(err) { - if endpoint.URL.Scheme == "https" { - confirmedTLSRegistries[endpoint.URL.Host] = true - } - logrus.Debugf("continuing on error (%T) %s", err, err) - continue - } - logrus.Debugf("not continuing on error (%T) %s", err, err) - return err - } - if done { - return nil - } - } - return newNotFoundError(namedRef.String()) -} - -// allEndpoints returns a list of endpoints ordered by priority (v2, http). -func allEndpoints(namedRef reference.Named, insecure bool) ([]registry.APIEndpoint, error) { - var serviceOpts registry.ServiceOptions - if insecure { - logrus.Debugf("allowing insecure registry for: %s", reference.Domain(namedRef)) - serviceOpts.InsecureRegistries = []string{reference.Domain(namedRef)} - } - registryService, err := registry.NewService(serviceOpts) - if err != nil { - return []registry.APIEndpoint{}, err - } - repoInfo, _ := registry.ParseRepositoryInfo(namedRef) - endpoints, err := registryService.LookupPullEndpoints(reference.Domain(repoInfo.Name)) - logrus.Debugf("endpoints for %s: %v", namedRef, endpoints) - return endpoints, err -} - -func newNotFoundError(ref string) *notFoundError { - return ¬FoundError{err: errors.New("no such manifest: " + ref)} -} - -type notFoundError struct { - err error -} - -func (n *notFoundError) Error() string { - return n.err.Error() -} - -// NotFound satisfies interface github.com/docker/docker/errdefs.ErrNotFound -func (notFoundError) NotFound() {} diff --git a/vendor/github.com/docker/cli/cli/trust/trust.go b/vendor/github.com/docker/cli/cli/trust/trust.go deleted file mode 100644 index 5e7aff3d..00000000 --- a/vendor/github.com/docker/cli/cli/trust/trust.go +++ /dev/null @@ -1,387 +0,0 @@ -package trust - -import ( - "context" - "encoding/json" - "io" - "net" - "net/http" - "net/url" - "os" - "path" - "path/filepath" - "time" - - "github.com/distribution/reference" - "github.com/docker/cli/cli/config" - "github.com/docker/distribution/registry/client/auth" - "github.com/docker/distribution/registry/client/auth/challenge" - "github.com/docker/distribution/registry/client/transport" - registrytypes "github.com/docker/docker/api/types/registry" - "github.com/docker/docker/registry" - "github.com/docker/go-connections/tlsconfig" - "github.com/opencontainers/go-digest" - "github.com/pkg/errors" - "github.com/sirupsen/logrus" - "github.com/theupdateframework/notary" - "github.com/theupdateframework/notary/client" - "github.com/theupdateframework/notary/passphrase" - "github.com/theupdateframework/notary/storage" - "github.com/theupdateframework/notary/trustmanager" - "github.com/theupdateframework/notary/trustpinning" - "github.com/theupdateframework/notary/tuf/data" - "github.com/theupdateframework/notary/tuf/signed" -) - -var ( - // ReleasesRole is the role named "releases" - ReleasesRole = data.RoleName(path.Join(data.CanonicalTargetsRole.String(), "releases")) - // ActionsPullOnly defines the actions for read-only interactions with a Notary Repository - ActionsPullOnly = []string{"pull"} - // ActionsPushAndPull defines the actions for read-write interactions with a Notary Repository - ActionsPushAndPull = []string{"pull", "push"} -) - -// NotaryServer is the endpoint serving the Notary trust server -const NotaryServer = "https://notary.docker.io" - -// GetTrustDirectory returns the base trust directory name -func GetTrustDirectory() string { - return filepath.Join(config.Dir(), "trust") -} - -// certificateDirectory returns the directory containing -// TLS certificates for the given server. An error is -// returned if there was an error parsing the server string. -func certificateDirectory(server string) (string, error) { - u, err := url.Parse(server) - if err != nil { - return "", err - } - - return filepath.Join(config.Dir(), "tls", u.Host), nil -} - -// Server returns the base URL for the trust server. -func Server(index *registrytypes.IndexInfo) (string, error) { - if s := os.Getenv("DOCKER_CONTENT_TRUST_SERVER"); s != "" { - urlObj, err := url.Parse(s) - if err != nil || urlObj.Scheme != "https" { - return "", errors.Errorf("valid https URL required for trust server, got %s", s) - } - - return s, nil - } - if index.Official { - return NotaryServer, nil - } - return "https://" + index.Name, nil -} - -type simpleCredentialStore struct { - auth registrytypes.AuthConfig -} - -func (scs simpleCredentialStore) Basic(*url.URL) (string, string) { - return scs.auth.Username, scs.auth.Password -} - -func (scs simpleCredentialStore) RefreshToken(*url.URL, string) string { - return scs.auth.IdentityToken -} - -func (simpleCredentialStore) SetRefreshToken(*url.URL, string, string) {} - -// GetNotaryRepository returns a NotaryRepository which stores all the -// information needed to operate on a notary repository. -// It creates an HTTP transport providing authentication support. -func GetNotaryRepository(in io.Reader, out io.Writer, userAgent string, repoInfo *registry.RepositoryInfo, authConfig *registrytypes.AuthConfig, actions ...string) (client.Repository, error) { - server, err := Server(repoInfo.Index) - if err != nil { - return nil, err - } - - cfg := tlsconfig.ClientDefault() - cfg.InsecureSkipVerify = !repoInfo.Index.Secure - - // Get certificate base directory - certDir, err := certificateDirectory(server) - if err != nil { - return nil, err - } - logrus.Debugf("reading certificate directory: %s", certDir) - - if err := registry.ReadCertsDirectory(cfg, certDir); err != nil { - return nil, err - } - - base := &http.Transport{ - Proxy: http.ProxyFromEnvironment, - Dial: (&net.Dialer{ - Timeout: 30 * time.Second, - KeepAlive: 30 * time.Second, - }).Dial, - TLSHandshakeTimeout: 10 * time.Second, - TLSClientConfig: cfg, - DisableKeepAlives: true, - } - - // Skip configuration headers since request is not going to Docker daemon - modifiers := registry.Headers(userAgent, http.Header{}) - authTransport := transport.NewTransport(base, modifiers...) - pingClient := &http.Client{ - Transport: authTransport, - Timeout: 5 * time.Second, - } - endpointStr := server + "/v2/" - req, err := http.NewRequest(http.MethodGet, endpointStr, nil) - if err != nil { - return nil, err - } - - challengeManager := challenge.NewSimpleManager() - - resp, err := pingClient.Do(req) - if err != nil { - // Ignore error on ping to operate in offline mode - logrus.Debugf("Error pinging notary server %q: %s", endpointStr, err) - } else { - defer resp.Body.Close() - - // Add response to the challenge manager to parse out - // authentication header and register authentication method - if err := challengeManager.AddResponse(resp); err != nil { - return nil, err - } - } - - scope := auth.RepositoryScope{ - Repository: repoInfo.Name.Name(), - Actions: actions, - } - creds := simpleCredentialStore{auth: *authConfig} - tokenHandlerOptions := auth.TokenHandlerOptions{ - Transport: authTransport, - Credentials: creds, - Scopes: []auth.Scope{scope}, - ClientID: registry.AuthClientID, - } - tokenHandler := auth.NewTokenHandlerWithOptions(tokenHandlerOptions) - basicHandler := auth.NewBasicHandler(creds) - modifiers = append(modifiers, auth.NewAuthorizer(challengeManager, tokenHandler, basicHandler)) - tr := transport.NewTransport(base, modifiers...) - - return client.NewFileCachedRepository( - GetTrustDirectory(), - data.GUN(repoInfo.Name.Name()), - server, - tr, - GetPassphraseRetriever(in, out), - trustpinning.TrustPinConfig{}) -} - -// GetPassphraseRetriever returns a passphrase retriever that utilizes Content Trust env vars -func GetPassphraseRetriever(in io.Reader, out io.Writer) notary.PassRetriever { - aliasMap := map[string]string{ - "root": "root", - "snapshot": "repository", - "targets": "repository", - "default": "repository", - } - baseRetriever := passphrase.PromptRetrieverWithInOut(in, out, aliasMap) - env := map[string]string{ - "root": os.Getenv("DOCKER_CONTENT_TRUST_ROOT_PASSPHRASE"), - "snapshot": os.Getenv("DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE"), - "targets": os.Getenv("DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE"), - "default": os.Getenv("DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE"), - } - - return func(keyName string, alias string, createNew bool, numAttempts int) (string, bool, error) { - if v := env[alias]; v != "" { - return v, numAttempts > 1, nil - } - // For non-root roles, we can also try the "default" alias if it is specified - if v := env["default"]; v != "" && alias != data.CanonicalRootRole.String() { - return v, numAttempts > 1, nil - } - return baseRetriever(keyName, alias, createNew, numAttempts) - } -} - -// NotaryError formats an error message received from the notary service -func NotaryError(repoName string, err error) error { - switch err.(type) { - case *json.SyntaxError: - logrus.Debugf("Notary syntax error: %s", err) - return errors.Errorf("Error: no trust data available for remote repository %s. Try running notary server and setting DOCKER_CONTENT_TRUST_SERVER to its HTTPS address?", repoName) - case signed.ErrExpired: - return errors.Errorf("Error: remote repository %s out-of-date: %v", repoName, err) - case trustmanager.ErrKeyNotFound: - return errors.Errorf("Error: signing keys for remote repository %s not found: %v", repoName, err) - case storage.NetworkError: - return errors.Errorf("Error: error contacting notary server: %v", err) - case storage.ErrMetaNotFound: - return errors.Errorf("Error: trust data missing for remote repository %s or remote repository not found: %v", repoName, err) - case trustpinning.ErrRootRotationFail, trustpinning.ErrValidationFail, signed.ErrInvalidKeyType: - return errors.Errorf("Warning: potential malicious behavior - trust data mismatch for remote repository %s: %v", repoName, err) - case signed.ErrNoKeys: - return errors.Errorf("Error: could not find signing keys for remote repository %s, or could not decrypt signing key: %v", repoName, err) - case signed.ErrLowVersion: - return errors.Errorf("Warning: potential malicious behavior - trust data version is lower than expected for remote repository %s: %v", repoName, err) - case signed.ErrRoleThreshold: - return errors.Errorf("Warning: potential malicious behavior - trust data has insufficient signatures for remote repository %s: %v", repoName, err) - case client.ErrRepositoryNotExist: - return errors.Errorf("Error: remote trust data does not exist for %s: %v", repoName, err) - case signed.ErrInsufficientSignatures: - return errors.Errorf("Error: could not produce valid signature for %s. If Yubikey was used, was touch input provided?: %v", repoName, err) - } - - return err -} - -// AddToAllSignableRoles attempts to add the image target to all the top level -// delegation roles we can (based on whether we have the signing key and whether -// the role's path allows us to). -// -// If there are no delegation roles, we add to the targets role. -func AddToAllSignableRoles(repo client.Repository, target *client.Target) error { - signableRoles, err := GetSignableRoles(repo, target) - if err != nil { - return err - } - - return repo.AddTarget(target, signableRoles...) -} - -// GetSignableRoles returns a list of roles for which we have valid signing -// keys, given a notary repository and a target -func GetSignableRoles(repo client.Repository, target *client.Target) ([]data.RoleName, error) { - var signableRoles []data.RoleName - - // translate the full key names, which includes the GUN, into just the key IDs - allCanonicalKeyIDs := make(map[string]struct{}) - for fullKeyID := range repo.GetCryptoService().ListAllKeys() { - allCanonicalKeyIDs[path.Base(fullKeyID)] = struct{}{} - } - - allDelegationRoles, err := repo.GetDelegationRoles() - if err != nil { - return signableRoles, err - } - - // if there are no delegation roles, then just try to sign it into the targets role - if len(allDelegationRoles) == 0 { - signableRoles = append(signableRoles, data.CanonicalTargetsRole) - return signableRoles, nil - } - - // there are delegation roles, find every delegation role we have a key for, - // and attempt to sign in to all those roles. - for _, delegationRole := range allDelegationRoles { - // We do not support signing any delegation role that isn't a direct child of the targets role. - // Also don't bother checking the keys if we can't add the target - // to this role due to path restrictions - if path.Dir(delegationRole.Name.String()) != data.CanonicalTargetsRole.String() || !delegationRole.CheckPaths(target.Name) { - continue - } - - for _, canonicalKeyID := range delegationRole.KeyIDs { - if _, ok := allCanonicalKeyIDs[canonicalKeyID]; ok { - signableRoles = append(signableRoles, delegationRole.Name) - break - } - } - } - - if len(signableRoles) == 0 { - return signableRoles, errors.Errorf("no valid signing keys for delegation roles") - } - - return signableRoles, nil -} - -// ImageRefAndAuth contains all reference information and the auth config for an image request -type ImageRefAndAuth struct { - original string - authConfig *registrytypes.AuthConfig - reference reference.Named - repoInfo *registry.RepositoryInfo - tag string - digest digest.Digest -} - -// GetImageReferencesAndAuth retrieves the necessary reference and auth information for an image name -// as an ImageRefAndAuth struct -func GetImageReferencesAndAuth(ctx context.Context, - authResolver func(ctx context.Context, index *registrytypes.IndexInfo) registrytypes.AuthConfig, - imgName string, -) (ImageRefAndAuth, error) { - ref, err := reference.ParseNormalizedNamed(imgName) - if err != nil { - return ImageRefAndAuth{}, err - } - - // Resolve the Repository name from fqn to RepositoryInfo - repoInfo, _ := registry.ParseRepositoryInfo(ref) - authConfig := authResolver(ctx, repoInfo.Index) - return ImageRefAndAuth{ - original: imgName, - authConfig: &authConfig, - reference: ref, - repoInfo: repoInfo, - tag: getTag(ref), - digest: getDigest(ref), - }, nil -} - -func getTag(ref reference.Named) string { - switch x := ref.(type) { - case reference.Canonical, reference.Digested: - return "" - case reference.NamedTagged: - return x.Tag() - default: - return "" - } -} - -func getDigest(ref reference.Named) digest.Digest { - switch x := ref.(type) { - case reference.Canonical: - return x.Digest() - case reference.Digested: - return x.Digest() - default: - return digest.Digest("") - } -} - -// AuthConfig returns the auth information (username, etc) for a given ImageRefAndAuth -func (imgRefAuth *ImageRefAndAuth) AuthConfig() *registrytypes.AuthConfig { - return imgRefAuth.authConfig -} - -// Reference returns the Image reference for a given ImageRefAndAuth -func (imgRefAuth *ImageRefAndAuth) Reference() reference.Named { - return imgRefAuth.reference -} - -// RepoInfo returns the repository information for a given ImageRefAndAuth -func (imgRefAuth *ImageRefAndAuth) RepoInfo() *registry.RepositoryInfo { - return imgRefAuth.repoInfo -} - -// Tag returns the Image tag for a given ImageRefAndAuth -func (imgRefAuth *ImageRefAndAuth) Tag() string { - return imgRefAuth.tag -} - -// Digest returns the Image digest for a given ImageRefAndAuth -func (imgRefAuth *ImageRefAndAuth) Digest() digest.Digest { - return imgRefAuth.digest -} - -// Name returns the image name used to initialize the ImageRefAndAuth -func (imgRefAuth *ImageRefAndAuth) Name() string { - return imgRefAuth.original -} diff --git a/vendor/github.com/docker/cli/cli/trust/trust_push.go b/vendor/github.com/docker/cli/cli/trust/trust_push.go deleted file mode 100644 index 63fbdf93..00000000 --- a/vendor/github.com/docker/cli/cli/trust/trust_push.go +++ /dev/null @@ -1,143 +0,0 @@ -package trust - -import ( - "context" - "encoding/hex" - "encoding/json" - "fmt" - "io" - "sort" - - "github.com/distribution/reference" - "github.com/docker/cli/cli/internal/jsonstream" - "github.com/docker/cli/cli/streams" - "github.com/docker/docker/api/types" - registrytypes "github.com/docker/docker/api/types/registry" - "github.com/docker/docker/registry" - "github.com/opencontainers/go-digest" - "github.com/pkg/errors" - "github.com/theupdateframework/notary/client" - "github.com/theupdateframework/notary/tuf/data" -) - -// Streams is an interface which exposes the standard input and output streams. -// -// Same interface as [github.com/docker/cli/cli/command.Streams] but defined here to prevent a circular import. -type Streams interface { - In() *streams.In - Out() *streams.Out - Err() *streams.Out -} - -// PushTrustedReference pushes a canonical reference to the trust server. -// -//nolint:gocyclo -func PushTrustedReference(ctx context.Context, ioStreams Streams, repoInfo *registry.RepositoryInfo, ref reference.Named, authConfig registrytypes.AuthConfig, in io.Reader, userAgent string) error { - // If it is a trusted push we would like to find the target entry which match the - // tag provided in the function and then do an AddTarget later. - notaryTarget := &client.Target{} - // Count the times of calling for handleTarget, - // if it is called more that once, that should be considered an error in a trusted push. - cnt := 0 - handleTarget := func(msg jsonstream.JSONMessage) { - cnt++ - if cnt > 1 { - // handleTarget should only be called once. This will be treated as an error. - return - } - - var pushResult types.PushResult - err := json.Unmarshal(*msg.Aux, &pushResult) - if err == nil && pushResult.Tag != "" { - if dgst, err := digest.Parse(pushResult.Digest); err == nil { - h, err := hex.DecodeString(dgst.Hex()) - if err != nil { - notaryTarget = nil - return - } - notaryTarget.Name = pushResult.Tag - notaryTarget.Hashes = data.Hashes{string(dgst.Algorithm()): h} - notaryTarget.Length = int64(pushResult.Size) - } - } - } - - var tag string - switch x := ref.(type) { - case reference.Canonical: - return errors.New("cannot push a digest reference") - case reference.NamedTagged: - tag = x.Tag() - default: - // We want trust signatures to always take an explicit tag, - // otherwise it will act as an untrusted push. - if err := jsonstream.Display(ctx, in, ioStreams.Out()); err != nil { - return err - } - _, _ = fmt.Fprintln(ioStreams.Err(), "No tag specified, skipping trust metadata push") - return nil - } - - if err := jsonstream.Display(ctx, in, ioStreams.Out(), jsonstream.WithAuxCallback(handleTarget)); err != nil { - return err - } - - if cnt > 1 { - return errors.Errorf("internal error: only one call to handleTarget expected") - } - - if notaryTarget == nil { - return errors.Errorf("no targets found, provide a specific tag in order to sign it") - } - - _, _ = fmt.Fprintln(ioStreams.Out(), "Signing and pushing trust metadata") - - repo, err := GetNotaryRepository(ioStreams.In(), ioStreams.Out(), userAgent, repoInfo, &authConfig, "push", "pull") - if err != nil { - return errors.Wrap(err, "error establishing connection to trust repository") - } - - // get the latest repository metadata so we can figure out which roles to sign - _, err = repo.ListTargets() - - switch err.(type) { - case client.ErrRepoNotInitialized, client.ErrRepositoryNotExist: - keys := repo.GetCryptoService().ListKeys(data.CanonicalRootRole) - var rootKeyID string - // always select the first root key - if len(keys) > 0 { - sort.Strings(keys) - rootKeyID = keys[0] - } else { - rootPublicKey, err := repo.GetCryptoService().Create(data.CanonicalRootRole, "", data.ECDSAKey) - if err != nil { - return err - } - rootKeyID = rootPublicKey.ID() - } - - // Initialize the notary repository with a remotely managed snapshot key - if err := repo.Initialize([]string{rootKeyID}, data.CanonicalSnapshotRole); err != nil { - return NotaryError(repoInfo.Name.Name(), err) - } - _, _ = fmt.Fprintf(ioStreams.Out(), "Finished initializing %q\n", repoInfo.Name.Name()) - err = repo.AddTarget(notaryTarget, data.CanonicalTargetsRole) - case nil: - // already initialized and we have successfully downloaded the latest metadata - err = AddToAllSignableRoles(repo, notaryTarget) - default: - return NotaryError(repoInfo.Name.Name(), err) - } - - if err == nil { - err = repo.Publish() - } - - if err != nil { - err = errors.Wrapf(err, "failed to sign %s:%s", repoInfo.Name.Name(), tag) - return NotaryError(repoInfo.Name.Name(), err) - } - - _, _ = fmt.Fprintf(ioStreams.Out(), "Successfully signed %s:%s\n", repoInfo.Name.Name(), tag) - return nil -} diff --git a/vendor/github.com/docker/cli/cli/trust/trust_tag.go b/vendor/github.com/docker/cli/cli/trust/trust_tag.go deleted file mode 100644 index 053f9317..00000000 --- a/vendor/github.com/docker/cli/cli/trust/trust_tag.go +++ /dev/null @@ -1,22 +0,0 @@ -package trust - -import ( - "context" - "fmt" - "io" - - "github.com/distribution/reference" - "github.com/docker/docker/client" -) - -// TagTrusted tags a trusted ref. It is a shallow wrapper around [client.Client.ImageTag] -// that updates the given image references to their familiar format for tagging -// and printing. -func TagTrusted(ctx context.Context, apiClient client.ImageAPIClient, out io.Writer, trustedRef reference.Canonical, ref reference.NamedTagged) error { - // Use familiar references when interacting with client and output - familiarRef := reference.FamiliarString(ref) - trustedFamiliarRef := reference.FamiliarString(trustedRef) - - _, _ = fmt.Fprintf(out, "Tagging %s as %s\n", trustedFamiliarRef, familiarRef) - return apiClient.ImageTag(ctx, trustedFamiliarRef, familiarRef) -} diff --git a/vendor/github.com/docker/distribution/manifest/doc.go b/vendor/github.com/docker/distribution/manifest/doc.go deleted file mode 100644 index 88367b0a..00000000 --- a/vendor/github.com/docker/distribution/manifest/doc.go +++ /dev/null @@ -1 +0,0 @@ -package manifest diff --git a/vendor/github.com/docker/distribution/manifest/manifestlist/manifestlist.go b/vendor/github.com/docker/distribution/manifest/manifestlist/manifestlist.go deleted file mode 100644 index bea2341c..00000000 --- a/vendor/github.com/docker/distribution/manifest/manifestlist/manifestlist.go +++ /dev/null @@ -1,239 +0,0 @@ -package manifestlist - -import ( - "encoding/json" - "errors" - "fmt" - - "github.com/docker/distribution" - "github.com/docker/distribution/manifest" - "github.com/opencontainers/go-digest" - v1 "github.com/opencontainers/image-spec/specs-go/v1" -) - -const ( - // MediaTypeManifestList specifies the mediaType for manifest lists. - MediaTypeManifestList = "application/vnd.docker.distribution.manifest.list.v2+json" -) - -// SchemaVersion provides a pre-initialized version structure for this -// packages version of the manifest. -var SchemaVersion = manifest.Versioned{ - SchemaVersion: 2, - MediaType: MediaTypeManifestList, -} - -// OCISchemaVersion provides a pre-initialized version structure for this -// packages OCIschema version of the manifest. -var OCISchemaVersion = manifest.Versioned{ - SchemaVersion: 2, - MediaType: v1.MediaTypeImageIndex, -} - -func init() { - manifestListFunc := func(b []byte) (distribution.Manifest, distribution.Descriptor, error) { - m := new(DeserializedManifestList) - err := m.UnmarshalJSON(b) - if err != nil { - return nil, distribution.Descriptor{}, err - } - - if m.MediaType != MediaTypeManifestList { - err = fmt.Errorf("mediaType in manifest list should be '%s' not '%s'", - MediaTypeManifestList, m.MediaType) - - return nil, distribution.Descriptor{}, err - } - - dgst := digest.FromBytes(b) - return m, distribution.Descriptor{Digest: dgst, Size: int64(len(b)), MediaType: MediaTypeManifestList}, err - } - err := distribution.RegisterManifestSchema(MediaTypeManifestList, manifestListFunc) - if err != nil { - panic(fmt.Sprintf("Unable to register manifest: %s", err)) - } - - imageIndexFunc := func(b []byte) (distribution.Manifest, distribution.Descriptor, error) { - if err := validateIndex(b); err != nil { - return nil, distribution.Descriptor{}, err - } - m := new(DeserializedManifestList) - err := m.UnmarshalJSON(b) - if err != nil { - return nil, distribution.Descriptor{}, err - } - - if m.MediaType != "" && m.MediaType != v1.MediaTypeImageIndex { - err = fmt.Errorf("if present, mediaType in image index should be '%s' not '%s'", - v1.MediaTypeImageIndex, m.MediaType) - - return nil, distribution.Descriptor{}, err - } - - dgst := digest.FromBytes(b) - return m, distribution.Descriptor{Digest: dgst, Size: int64(len(b)), MediaType: v1.MediaTypeImageIndex}, err - } - err = distribution.RegisterManifestSchema(v1.MediaTypeImageIndex, imageIndexFunc) - if err != nil { - panic(fmt.Sprintf("Unable to register OCI Image Index: %s", err)) - } -} - -// PlatformSpec specifies a platform where a particular image manifest is -// applicable. -type PlatformSpec struct { - // Architecture field specifies the CPU architecture, for example - // `amd64` or `ppc64`. - Architecture string `json:"architecture"` - - // OS specifies the operating system, for example `linux` or `windows`. - OS string `json:"os"` - - // OSVersion is an optional field specifying the operating system - // version, for example `10.0.10586`. - OSVersion string `json:"os.version,omitempty"` - - // OSFeatures is an optional field specifying an array of strings, - // each listing a required OS feature (for example on Windows `win32k`). - OSFeatures []string `json:"os.features,omitempty"` - - // Variant is an optional field specifying a variant of the CPU, for - // example `ppc64le` to specify a little-endian version of a PowerPC CPU. - Variant string `json:"variant,omitempty"` - - // Features is an optional field specifying an array of strings, each - // listing a required CPU feature (for example `sse4` or `aes`). - Features []string `json:"features,omitempty"` -} - -// A ManifestDescriptor references a platform-specific manifest. -type ManifestDescriptor struct { - distribution.Descriptor - - // Platform specifies which platform the manifest pointed to by the - // descriptor runs on. - Platform PlatformSpec `json:"platform"` -} - -// ManifestList references manifests for various platforms. -type ManifestList struct { - manifest.Versioned - - // Config references the image configuration as a blob. - Manifests []ManifestDescriptor `json:"manifests"` -} - -// References returns the distribution descriptors for the referenced image -// manifests. -func (m ManifestList) References() []distribution.Descriptor { - dependencies := make([]distribution.Descriptor, len(m.Manifests)) - for i := range m.Manifests { - dependencies[i] = m.Manifests[i].Descriptor - } - - return dependencies -} - -// DeserializedManifestList wraps ManifestList with a copy of the original -// JSON. -type DeserializedManifestList struct { - ManifestList - - // canonical is the canonical byte representation of the Manifest. - canonical []byte -} - -// FromDescriptors takes a slice of descriptors, and returns a -// DeserializedManifestList which contains the resulting manifest list -// and its JSON representation. -func FromDescriptors(descriptors []ManifestDescriptor) (*DeserializedManifestList, error) { - var mediaType string - if len(descriptors) > 0 && descriptors[0].Descriptor.MediaType == v1.MediaTypeImageManifest { - mediaType = v1.MediaTypeImageIndex - } else { - mediaType = MediaTypeManifestList - } - - return FromDescriptorsWithMediaType(descriptors, mediaType) -} - -// FromDescriptorsWithMediaType is for testing purposes, it's useful to be able to specify the media type explicitly -func FromDescriptorsWithMediaType(descriptors []ManifestDescriptor, mediaType string) (*DeserializedManifestList, error) { - m := ManifestList{ - Versioned: manifest.Versioned{ - SchemaVersion: 2, - MediaType: mediaType, - }, - } - - m.Manifests = make([]ManifestDescriptor, len(descriptors)) - copy(m.Manifests, descriptors) - - deserialized := DeserializedManifestList{ - ManifestList: m, - } - - var err error - deserialized.canonical, err = json.MarshalIndent(&m, "", " ") - return &deserialized, err -} - -// UnmarshalJSON populates a new ManifestList struct from JSON data. -func (m *DeserializedManifestList) UnmarshalJSON(b []byte) error { - m.canonical = make([]byte, len(b)) - // store manifest list in canonical - copy(m.canonical, b) - - // Unmarshal canonical JSON into ManifestList object - var manifestList ManifestList - if err := json.Unmarshal(m.canonical, &manifestList); err != nil { - return err - } - - m.ManifestList = manifestList - - return nil -} - -// MarshalJSON returns the contents of canonical. If canonical is empty, -// marshals the inner contents. -func (m *DeserializedManifestList) MarshalJSON() ([]byte, error) { - if len(m.canonical) > 0 { - return m.canonical, nil - } - - return nil, errors.New("JSON representation not initialized in DeserializedManifestList") -} - -// Payload returns the raw content of the manifest list. The contents can be -// used to calculate the content identifier. -func (m DeserializedManifestList) Payload() (string, []byte, error) { - var mediaType string - if m.MediaType == "" { - mediaType = v1.MediaTypeImageIndex - } else { - mediaType = m.MediaType - } - - return mediaType, m.canonical, nil -} - -// unknownDocument represents a manifest, manifest list, or index that has not -// yet been validated -type unknownDocument struct { - Config interface{} `json:"config,omitempty"` - Layers interface{} `json:"layers,omitempty"` -} - -// validateIndex returns an error if the byte slice is invalid JSON or if it -// contains fields that belong to a manifest -func validateIndex(b []byte) error { - var doc unknownDocument - if err := json.Unmarshal(b, &doc); err != nil { - return err - } - if doc.Config != nil || doc.Layers != nil { - return errors.New("index: expected index but found manifest") - } - return nil -} diff --git a/vendor/github.com/docker/distribution/manifest/ocischema/builder.go b/vendor/github.com/docker/distribution/manifest/ocischema/builder.go deleted file mode 100644 index b89bf5b7..00000000 --- a/vendor/github.com/docker/distribution/manifest/ocischema/builder.go +++ /dev/null @@ -1,107 +0,0 @@ -package ocischema - -import ( - "context" - "errors" - - "github.com/docker/distribution" - "github.com/docker/distribution/manifest" - "github.com/opencontainers/go-digest" - v1 "github.com/opencontainers/image-spec/specs-go/v1" -) - -// Builder is a type for constructing manifests. -type Builder struct { - // bs is a BlobService used to publish the configuration blob. - bs distribution.BlobService - - // configJSON references - configJSON []byte - - // layers is a list of layer descriptors that gets built by successive - // calls to AppendReference. - layers []distribution.Descriptor - - // Annotations contains arbitrary metadata relating to the targeted content. - annotations map[string]string - - // For testing purposes - mediaType string -} - -// NewManifestBuilder is used to build new manifests for the current schema -// version. It takes a BlobService so it can publish the configuration blob -// as part of the Build process, and annotations. -func NewManifestBuilder(bs distribution.BlobService, configJSON []byte, annotations map[string]string) distribution.ManifestBuilder { - mb := &Builder{ - bs: bs, - configJSON: make([]byte, len(configJSON)), - annotations: annotations, - mediaType: v1.MediaTypeImageManifest, - } - copy(mb.configJSON, configJSON) - - return mb -} - -// SetMediaType assigns the passed mediatype or error if the mediatype is not a -// valid media type for oci image manifests currently: "" or "application/vnd.oci.image.manifest.v1+json" -func (mb *Builder) SetMediaType(mediaType string) error { - if mediaType != "" && mediaType != v1.MediaTypeImageManifest { - return errors.New("invalid media type for OCI image manifest") - } - - mb.mediaType = mediaType - return nil -} - -// Build produces a final manifest from the given references. -func (mb *Builder) Build(ctx context.Context) (distribution.Manifest, error) { - m := Manifest{ - Versioned: manifest.Versioned{ - SchemaVersion: 2, - MediaType: mb.mediaType, - }, - Layers: make([]distribution.Descriptor, len(mb.layers)), - Annotations: mb.annotations, - } - copy(m.Layers, mb.layers) - - configDigest := digest.FromBytes(mb.configJSON) - - var err error - m.Config, err = mb.bs.Stat(ctx, configDigest) - switch err { - case nil: - // Override MediaType, since Put always replaces the specified media - // type with application/octet-stream in the descriptor it returns. - m.Config.MediaType = v1.MediaTypeImageConfig - return FromStruct(m) - case distribution.ErrBlobUnknown: - // nop - default: - return nil, err - } - - // Add config to the blob store - m.Config, err = mb.bs.Put(ctx, v1.MediaTypeImageConfig, mb.configJSON) - // Override MediaType, since Put always replaces the specified media - // type with application/octet-stream in the descriptor it returns. - m.Config.MediaType = v1.MediaTypeImageConfig - if err != nil { - return nil, err - } - - return FromStruct(m) -} - -// AppendReference adds a reference to the current ManifestBuilder. -func (mb *Builder) AppendReference(d distribution.Describable) error { - mb.layers = append(mb.layers, d.Descriptor()) - return nil -} - -// References returns the current references added to this builder. -func (mb *Builder) References() []distribution.Descriptor { - return mb.layers -} diff --git a/vendor/github.com/docker/distribution/manifest/ocischema/manifest.go b/vendor/github.com/docker/distribution/manifest/ocischema/manifest.go deleted file mode 100644 index d51f8deb..00000000 --- a/vendor/github.com/docker/distribution/manifest/ocischema/manifest.go +++ /dev/null @@ -1,146 +0,0 @@ -package ocischema - -import ( - "encoding/json" - "errors" - "fmt" - - "github.com/docker/distribution" - "github.com/docker/distribution/manifest" - "github.com/opencontainers/go-digest" - v1 "github.com/opencontainers/image-spec/specs-go/v1" -) - -var ( - // SchemaVersion provides a pre-initialized version structure for this - // packages version of the manifest. - SchemaVersion = manifest.Versioned{ - SchemaVersion: 2, // historical value here.. does not pertain to OCI or docker version - MediaType: v1.MediaTypeImageManifest, - } -) - -func init() { - ocischemaFunc := func(b []byte) (distribution.Manifest, distribution.Descriptor, error) { - if err := validateManifest(b); err != nil { - return nil, distribution.Descriptor{}, err - } - m := new(DeserializedManifest) - err := m.UnmarshalJSON(b) - if err != nil { - return nil, distribution.Descriptor{}, err - } - - dgst := digest.FromBytes(b) - return m, distribution.Descriptor{Digest: dgst, Size: int64(len(b)), MediaType: v1.MediaTypeImageManifest}, err - } - err := distribution.RegisterManifestSchema(v1.MediaTypeImageManifest, ocischemaFunc) - if err != nil { - panic(fmt.Sprintf("Unable to register manifest: %s", err)) - } -} - -// Manifest defines a ocischema manifest. -type Manifest struct { - manifest.Versioned - - // Config references the image configuration as a blob. - Config distribution.Descriptor `json:"config"` - - // Layers lists descriptors for the layers referenced by the - // configuration. - Layers []distribution.Descriptor `json:"layers"` - - // Annotations contains arbitrary metadata for the image manifest. - Annotations map[string]string `json:"annotations,omitempty"` -} - -// References returns the descriptors of this manifests references. -func (m Manifest) References() []distribution.Descriptor { - references := make([]distribution.Descriptor, 0, 1+len(m.Layers)) - references = append(references, m.Config) - references = append(references, m.Layers...) - return references -} - -// Target returns the target of this manifest. -func (m Manifest) Target() distribution.Descriptor { - return m.Config -} - -// DeserializedManifest wraps Manifest with a copy of the original JSON. -// It satisfies the distribution.Manifest interface. -type DeserializedManifest struct { - Manifest - - // canonical is the canonical byte representation of the Manifest. - canonical []byte -} - -// FromStruct takes a Manifest structure, marshals it to JSON, and returns a -// DeserializedManifest which contains the manifest and its JSON representation. -func FromStruct(m Manifest) (*DeserializedManifest, error) { - var deserialized DeserializedManifest - deserialized.Manifest = m - - var err error - deserialized.canonical, err = json.MarshalIndent(&m, "", " ") - return &deserialized, err -} - -// UnmarshalJSON populates a new Manifest struct from JSON data. -func (m *DeserializedManifest) UnmarshalJSON(b []byte) error { - m.canonical = make([]byte, len(b)) - // store manifest in canonical - copy(m.canonical, b) - - // Unmarshal canonical JSON into Manifest object - var manifest Manifest - if err := json.Unmarshal(m.canonical, &manifest); err != nil { - return err - } - - if manifest.MediaType != "" && manifest.MediaType != v1.MediaTypeImageManifest { - return fmt.Errorf("if present, mediaType in manifest should be '%s' not '%s'", - v1.MediaTypeImageManifest, manifest.MediaType) - } - - m.Manifest = manifest - - return nil -} - -// MarshalJSON returns the contents of canonical. If canonical is empty, -// marshals the inner contents. -func (m *DeserializedManifest) MarshalJSON() ([]byte, error) { - if len(m.canonical) > 0 { - return m.canonical, nil - } - - return nil, errors.New("JSON representation not initialized in DeserializedManifest") -} - -// Payload returns the raw content of the manifest. The contents can be used to -// calculate the content identifier. -func (m DeserializedManifest) Payload() (string, []byte, error) { - return v1.MediaTypeImageManifest, m.canonical, nil -} - -// unknownDocument represents a manifest, manifest list, or index that has not -// yet been validated -type unknownDocument struct { - Manifests interface{} `json:"manifests,omitempty"` -} - -// validateManifest returns an error if the byte slice is invalid JSON or if it -// contains fields that belong to a index -func validateManifest(b []byte) error { - var doc unknownDocument - if err := json.Unmarshal(b, &doc); err != nil { - return err - } - if doc.Manifests != nil { - return errors.New("ocimanifest: expected manifest but found index") - } - return nil -} diff --git a/vendor/github.com/docker/distribution/manifest/schema2/builder.go b/vendor/github.com/docker/distribution/manifest/schema2/builder.go deleted file mode 100644 index 3facaae6..00000000 --- a/vendor/github.com/docker/distribution/manifest/schema2/builder.go +++ /dev/null @@ -1,85 +0,0 @@ -package schema2 - -import ( - "context" - - "github.com/docker/distribution" - "github.com/opencontainers/go-digest" -) - -// builder is a type for constructing manifests. -type builder struct { - // bs is a BlobService used to publish the configuration blob. - bs distribution.BlobService - - // configMediaType is media type used to describe configuration - configMediaType string - - // configJSON references - configJSON []byte - - // dependencies is a list of descriptors that gets built by successive - // calls to AppendReference. In case of image configuration these are layers. - dependencies []distribution.Descriptor -} - -// NewManifestBuilder is used to build new manifests for the current schema -// version. It takes a BlobService so it can publish the configuration blob -// as part of the Build process. -func NewManifestBuilder(bs distribution.BlobService, configMediaType string, configJSON []byte) distribution.ManifestBuilder { - mb := &builder{ - bs: bs, - configMediaType: configMediaType, - configJSON: make([]byte, len(configJSON)), - } - copy(mb.configJSON, configJSON) - - return mb -} - -// Build produces a final manifest from the given references. -func (mb *builder) Build(ctx context.Context) (distribution.Manifest, error) { - m := Manifest{ - Versioned: SchemaVersion, - Layers: make([]distribution.Descriptor, len(mb.dependencies)), - } - copy(m.Layers, mb.dependencies) - - configDigest := digest.FromBytes(mb.configJSON) - - var err error - m.Config, err = mb.bs.Stat(ctx, configDigest) - switch err { - case nil: - // Override MediaType, since Put always replaces the specified media - // type with application/octet-stream in the descriptor it returns. - m.Config.MediaType = mb.configMediaType - return FromStruct(m) - case distribution.ErrBlobUnknown: - // nop - default: - return nil, err - } - - // Add config to the blob store - m.Config, err = mb.bs.Put(ctx, mb.configMediaType, mb.configJSON) - // Override MediaType, since Put always replaces the specified media - // type with application/octet-stream in the descriptor it returns. - m.Config.MediaType = mb.configMediaType - if err != nil { - return nil, err - } - - return FromStruct(m) -} - -// AppendReference adds a reference to the current ManifestBuilder. -func (mb *builder) AppendReference(d distribution.Describable) error { - mb.dependencies = append(mb.dependencies, d.Descriptor()) - return nil -} - -// References returns the current references added to this builder. -func (mb *builder) References() []distribution.Descriptor { - return mb.dependencies -} diff --git a/vendor/github.com/docker/distribution/manifest/schema2/manifest.go b/vendor/github.com/docker/distribution/manifest/schema2/manifest.go deleted file mode 100644 index 41f48029..00000000 --- a/vendor/github.com/docker/distribution/manifest/schema2/manifest.go +++ /dev/null @@ -1,144 +0,0 @@ -package schema2 - -import ( - "encoding/json" - "errors" - "fmt" - - "github.com/docker/distribution" - "github.com/docker/distribution/manifest" - "github.com/opencontainers/go-digest" -) - -const ( - // MediaTypeManifest specifies the mediaType for the current version. - MediaTypeManifest = "application/vnd.docker.distribution.manifest.v2+json" - - // MediaTypeImageConfig specifies the mediaType for the image configuration. - MediaTypeImageConfig = "application/vnd.docker.container.image.v1+json" - - // MediaTypePluginConfig specifies the mediaType for plugin configuration. - MediaTypePluginConfig = "application/vnd.docker.plugin.v1+json" - - // MediaTypeLayer is the mediaType used for layers referenced by the - // manifest. - MediaTypeLayer = "application/vnd.docker.image.rootfs.diff.tar.gzip" - - // MediaTypeForeignLayer is the mediaType used for layers that must be - // downloaded from foreign URLs. - MediaTypeForeignLayer = "application/vnd.docker.image.rootfs.foreign.diff.tar.gzip" - - // MediaTypeUncompressedLayer is the mediaType used for layers which - // are not compressed. - MediaTypeUncompressedLayer = "application/vnd.docker.image.rootfs.diff.tar" -) - -var ( - // SchemaVersion provides a pre-initialized version structure for this - // packages version of the manifest. - SchemaVersion = manifest.Versioned{ - SchemaVersion: 2, - MediaType: MediaTypeManifest, - } -) - -func init() { - schema2Func := func(b []byte) (distribution.Manifest, distribution.Descriptor, error) { - m := new(DeserializedManifest) - err := m.UnmarshalJSON(b) - if err != nil { - return nil, distribution.Descriptor{}, err - } - - dgst := digest.FromBytes(b) - return m, distribution.Descriptor{Digest: dgst, Size: int64(len(b)), MediaType: MediaTypeManifest}, err - } - err := distribution.RegisterManifestSchema(MediaTypeManifest, schema2Func) - if err != nil { - panic(fmt.Sprintf("Unable to register manifest: %s", err)) - } -} - -// Manifest defines a schema2 manifest. -type Manifest struct { - manifest.Versioned - - // Config references the image configuration as a blob. - Config distribution.Descriptor `json:"config"` - - // Layers lists descriptors for the layers referenced by the - // configuration. - Layers []distribution.Descriptor `json:"layers"` -} - -// References returns the descriptors of this manifests references. -func (m Manifest) References() []distribution.Descriptor { - references := make([]distribution.Descriptor, 0, 1+len(m.Layers)) - references = append(references, m.Config) - references = append(references, m.Layers...) - return references -} - -// Target returns the target of this manifest. -func (m Manifest) Target() distribution.Descriptor { - return m.Config -} - -// DeserializedManifest wraps Manifest with a copy of the original JSON. -// It satisfies the distribution.Manifest interface. -type DeserializedManifest struct { - Manifest - - // canonical is the canonical byte representation of the Manifest. - canonical []byte -} - -// FromStruct takes a Manifest structure, marshals it to JSON, and returns a -// DeserializedManifest which contains the manifest and its JSON representation. -func FromStruct(m Manifest) (*DeserializedManifest, error) { - var deserialized DeserializedManifest - deserialized.Manifest = m - - var err error - deserialized.canonical, err = json.MarshalIndent(&m, "", " ") - return &deserialized, err -} - -// UnmarshalJSON populates a new Manifest struct from JSON data. -func (m *DeserializedManifest) UnmarshalJSON(b []byte) error { - m.canonical = make([]byte, len(b)) - // store manifest in canonical - copy(m.canonical, b) - - // Unmarshal canonical JSON into Manifest object - var manifest Manifest - if err := json.Unmarshal(m.canonical, &manifest); err != nil { - return err - } - - if manifest.MediaType != MediaTypeManifest { - return fmt.Errorf("mediaType in manifest should be '%s' not '%s'", - MediaTypeManifest, manifest.MediaType) - - } - - m.Manifest = manifest - - return nil -} - -// MarshalJSON returns the contents of canonical. If canonical is empty, -// marshals the inner contents. -func (m *DeserializedManifest) MarshalJSON() ([]byte, error) { - if len(m.canonical) > 0 { - return m.canonical, nil - } - - return nil, errors.New("JSON representation not initialized in DeserializedManifest") -} - -// Payload returns the raw content of the manifest. The contents can be used to -// calculate the content identifier. -func (m DeserializedManifest) Payload() (string, []byte, error) { - return m.MediaType, m.canonical, nil -} diff --git a/vendor/github.com/docker/distribution/manifest/versioned.go b/vendor/github.com/docker/distribution/manifest/versioned.go deleted file mode 100644 index caa6b14e..00000000 --- a/vendor/github.com/docker/distribution/manifest/versioned.go +++ /dev/null @@ -1,12 +0,0 @@ -package manifest - -// Versioned provides a struct with the manifest schemaVersion and mediaType. -// Incoming content with unknown schema version can be decoded against this -// struct to check the version. -type Versioned struct { - // SchemaVersion is the image manifest schema that this image follows - SchemaVersion int `json:"schemaVersion"` - - // MediaType is the media type of this schema. - MediaType string `json:"mediaType,omitempty"` -} diff --git a/vendor/github.com/docker/distribution/uuid/uuid.go b/vendor/github.com/docker/distribution/uuid/uuid.go deleted file mode 100644 index d433ccaf..00000000 --- a/vendor/github.com/docker/distribution/uuid/uuid.go +++ /dev/null @@ -1,126 +0,0 @@ -// Package uuid provides simple UUID generation. Only version 4 style UUIDs -// can be generated. -// -// Please see http://tools.ietf.org/html/rfc4122 for details on UUIDs. -package uuid - -import ( - "crypto/rand" - "fmt" - "io" - "os" - "syscall" - "time" -) - -const ( - // Bits is the number of bits in a UUID - Bits = 128 - - // Size is the number of bytes in a UUID - Size = Bits / 8 - - format = "%08x-%04x-%04x-%04x-%012x" -) - -var ( - // ErrUUIDInvalid indicates a parsed string is not a valid uuid. - ErrUUIDInvalid = fmt.Errorf("invalid uuid") - - // Loggerf can be used to override the default logging destination. Such - // log messages in this library should be logged at warning or higher. - Loggerf = func(format string, args ...interface{}) {} -) - -// UUID represents a UUID value. UUIDs can be compared and set to other values -// and accessed by byte. -type UUID [Size]byte - -// Generate creates a new, version 4 uuid. -func Generate() (u UUID) { - const ( - // ensures we backoff for less than 450ms total. Use the following to - // select new value, in units of 10ms: - // n*(n+1)/2 = d -> n^2 + n - 2d -> n = (sqrt(8d + 1) - 1)/2 - maxretries = 9 - backoff = time.Millisecond * 10 - ) - - var ( - totalBackoff time.Duration - count int - retries int - ) - - for { - // This should never block but the read may fail. Because of this, - // we just try to read the random number generator until we get - // something. This is a very rare condition but may happen. - b := time.Duration(retries) * backoff - time.Sleep(b) - totalBackoff += b - - n, err := io.ReadFull(rand.Reader, u[count:]) - if err != nil { - if retryOnError(err) && retries < maxretries { - count += n - retries++ - Loggerf("error generating version 4 uuid, retrying: %v", err) - continue - } - - // Any other errors represent a system problem. What did someone - // do to /dev/urandom? - panic(fmt.Errorf("error reading random number generator, retried for %v: %v", totalBackoff.String(), err)) - } - - break - } - - u[6] = (u[6] & 0x0f) | 0x40 // set version byte - u[8] = (u[8] & 0x3f) | 0x80 // set high order byte 0b10{8,9,a,b} - - return u -} - -// Parse attempts to extract a uuid from the string or returns an error. -func Parse(s string) (u UUID, err error) { - if len(s) != 36 { - return UUID{}, ErrUUIDInvalid - } - - // create stack addresses for each section of the uuid. - p := make([][]byte, 5) - - if _, err := fmt.Sscanf(s, format, &p[0], &p[1], &p[2], &p[3], &p[4]); err != nil { - return u, err - } - - copy(u[0:4], p[0]) - copy(u[4:6], p[1]) - copy(u[6:8], p[2]) - copy(u[8:10], p[3]) - copy(u[10:16], p[4]) - - return -} - -func (u UUID) String() string { - return fmt.Sprintf(format, u[:4], u[4:6], u[6:8], u[8:10], u[10:]) -} - -// retryOnError tries to detect whether or not retrying would be fruitful. -func retryOnError(err error) bool { - switch err := err.(type) { - case *os.PathError: - return retryOnError(err.Err) // unpack the target error - case syscall.Errno: - if err == syscall.EPERM { - // EPERM represents an entropy pool exhaustion, a condition under - // which we backoff and retry. - return true - } - } - - return false -} diff --git a/vendor/github.com/docker/go/LICENSE b/vendor/github.com/docker/go/LICENSE deleted file mode 100644 index 74487567..00000000 --- a/vendor/github.com/docker/go/LICENSE +++ /dev/null @@ -1,27 +0,0 @@ -Copyright (c) 2012 The Go Authors. All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are -met: - - * Redistributions of source code must retain the above copyright -notice, this list of conditions and the following disclaimer. - * Redistributions in binary form must reproduce the above -copyright notice, this list of conditions and the following disclaimer -in the documentation and/or other materials provided with the -distribution. - * Neither the name of Google Inc. nor the names of its -contributors may be used to endorse or promote products derived from -this software without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR -A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT -OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT -LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/vendor/github.com/docker/go/canonical/json/decode.go b/vendor/github.com/docker/go/canonical/json/decode.go deleted file mode 100644 index 72b981c5..00000000 --- a/vendor/github.com/docker/go/canonical/json/decode.go +++ /dev/null @@ -1,1168 +0,0 @@ -// Copyright 2010 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// Represents JSON data structure using native Go types: booleans, floats, -// strings, arrays, and maps. - -package json - -import ( - "bytes" - "encoding" - "encoding/base64" - "errors" - "fmt" - "reflect" - "runtime" - "strconv" - "unicode" - "unicode/utf16" - "unicode/utf8" -) - -// Unmarshal parses the JSON-encoded data and stores the result -// in the value pointed to by v. -// -// Unmarshal uses the inverse of the encodings that -// Marshal uses, allocating maps, slices, and pointers as necessary, -// with the following additional rules: -// -// To unmarshal JSON into a pointer, Unmarshal first handles the case of -// the JSON being the JSON literal null. In that case, Unmarshal sets -// the pointer to nil. Otherwise, Unmarshal unmarshals the JSON into -// the value pointed at by the pointer. If the pointer is nil, Unmarshal -// allocates a new value for it to point to. -// -// To unmarshal JSON into a struct, Unmarshal matches incoming object -// keys to the keys used by Marshal (either the struct field name or its tag), -// preferring an exact match but also accepting a case-insensitive match. -// Unmarshal will only set exported fields of the struct. -// -// To unmarshal JSON into an interface value, -// Unmarshal stores one of these in the interface value: -// -// bool, for JSON booleans -// float64, for JSON numbers -// string, for JSON strings -// []interface{}, for JSON arrays -// map[string]interface{}, for JSON objects -// nil for JSON null -// -// To unmarshal a JSON array into a slice, Unmarshal resets the slice length -// to zero and then appends each element to the slice. -// As a special case, to unmarshal an empty JSON array into a slice, -// Unmarshal replaces the slice with a new empty slice. -// -// To unmarshal a JSON array into a Go array, Unmarshal decodes -// JSON array elements into corresponding Go array elements. -// If the Go array is smaller than the JSON array, -// the additional JSON array elements are discarded. -// If the JSON array is smaller than the Go array, -// the additional Go array elements are set to zero values. -// -// To unmarshal a JSON object into a string-keyed map, Unmarshal first -// establishes a map to use, If the map is nil, Unmarshal allocates a new map. -// Otherwise Unmarshal reuses the existing map, keeping existing entries. -// Unmarshal then stores key-value pairs from the JSON object into the map. -// -// If a JSON value is not appropriate for a given target type, -// or if a JSON number overflows the target type, Unmarshal -// skips that field and completes the unmarshaling as best it can. -// If no more serious errors are encountered, Unmarshal returns -// an UnmarshalTypeError describing the earliest such error. -// -// The JSON null value unmarshals into an interface, map, pointer, or slice -// by setting that Go value to nil. Because null is often used in JSON to mean -// ``not present,'' unmarshaling a JSON null into any other Go type has no effect -// on the value and produces no error. -// -// When unmarshaling quoted strings, invalid UTF-8 or -// invalid UTF-16 surrogate pairs are not treated as an error. -// Instead, they are replaced by the Unicode replacement -// character U+FFFD. -// -func Unmarshal(data []byte, v interface{}) error { - // Check for well-formedness. - // Avoids filling out half a data structure - // before discovering a JSON syntax error. - var d decodeState - err := checkValid(data, &d.scan) - if err != nil { - return err - } - - d.init(data) - return d.unmarshal(v) -} - -// Unmarshaler is the interface implemented by objects -// that can unmarshal a JSON description of themselves. -// The input can be assumed to be a valid encoding of -// a JSON value. UnmarshalJSON must copy the JSON data -// if it wishes to retain the data after returning. -type Unmarshaler interface { - UnmarshalJSON([]byte) error -} - -// An UnmarshalTypeError describes a JSON value that was -// not appropriate for a value of a specific Go type. -type UnmarshalTypeError struct { - Value string // description of JSON value - "bool", "array", "number -5" - Type reflect.Type // type of Go value it could not be assigned to - Offset int64 // error occurred after reading Offset bytes -} - -func (e *UnmarshalTypeError) Error() string { - return "json: cannot unmarshal " + e.Value + " into Go value of type " + e.Type.String() -} - -// An UnmarshalFieldError describes a JSON object key that -// led to an unexported (and therefore unwritable) struct field. -// (No longer used; kept for compatibility.) -type UnmarshalFieldError struct { - Key string - Type reflect.Type - Field reflect.StructField -} - -func (e *UnmarshalFieldError) Error() string { - return "json: cannot unmarshal object key " + strconv.Quote(e.Key) + " into unexported field " + e.Field.Name + " of type " + e.Type.String() -} - -// An InvalidUnmarshalError describes an invalid argument passed to Unmarshal. -// (The argument to Unmarshal must be a non-nil pointer.) -type InvalidUnmarshalError struct { - Type reflect.Type -} - -func (e *InvalidUnmarshalError) Error() string { - if e.Type == nil { - return "json: Unmarshal(nil)" - } - - if e.Type.Kind() != reflect.Ptr { - return "json: Unmarshal(non-pointer " + e.Type.String() + ")" - } - return "json: Unmarshal(nil " + e.Type.String() + ")" -} - -func (d *decodeState) unmarshal(v interface{}) (err error) { - defer func() { - if r := recover(); r != nil { - if _, ok := r.(runtime.Error); ok { - panic(r) - } - err = r.(error) - } - }() - - rv := reflect.ValueOf(v) - if rv.Kind() != reflect.Ptr || rv.IsNil() { - return &InvalidUnmarshalError{reflect.TypeOf(v)} - } - - d.scan.reset() - // We decode rv not rv.Elem because the Unmarshaler interface - // test must be applied at the top level of the value. - d.value(rv) - return d.savedError -} - -// A Number represents a JSON number literal. -type Number string - -// String returns the literal text of the number. -func (n Number) String() string { return string(n) } - -// Float64 returns the number as a float64. -func (n Number) Float64() (float64, error) { - return strconv.ParseFloat(string(n), 64) -} - -// Int64 returns the number as an int64. -func (n Number) Int64() (int64, error) { - return strconv.ParseInt(string(n), 10, 64) -} - -// isValidNumber reports whether s is a valid JSON number literal. -func isValidNumber(s string) bool { - // This function implements the JSON numbers grammar. - // See https://tools.ietf.org/html/rfc7159#section-6 - // and http://json.org/number.gif - - if s == "" { - return false - } - - // Optional - - if s[0] == '-' { - s = s[1:] - if s == "" { - return false - } - } - - // Digits - switch { - default: - return false - - case s[0] == '0': - s = s[1:] - - case '1' <= s[0] && s[0] <= '9': - s = s[1:] - for len(s) > 0 && '0' <= s[0] && s[0] <= '9' { - s = s[1:] - } - } - - // . followed by 1 or more digits. - if len(s) >= 2 && s[0] == '.' && '0' <= s[1] && s[1] <= '9' { - s = s[2:] - for len(s) > 0 && '0' <= s[0] && s[0] <= '9' { - s = s[1:] - } - } - - // e or E followed by an optional - or + and - // 1 or more digits. - if len(s) >= 2 && (s[0] == 'e' || s[0] == 'E') { - s = s[1:] - if s[0] == '+' || s[0] == '-' { - s = s[1:] - if s == "" { - return false - } - } - for len(s) > 0 && '0' <= s[0] && s[0] <= '9' { - s = s[1:] - } - } - - // Make sure we are at the end. - return s == "" -} - -// decodeState represents the state while decoding a JSON value. -type decodeState struct { - data []byte - off int // read offset in data - scan scanner - nextscan scanner // for calls to nextValue - savedError error - useNumber bool - canonical bool -} - -// errPhase is used for errors that should not happen unless -// there is a bug in the JSON decoder or something is editing -// the data slice while the decoder executes. -var errPhase = errors.New("JSON decoder out of sync - data changing underfoot?") - -func (d *decodeState) init(data []byte) *decodeState { - d.data = data - d.off = 0 - d.savedError = nil - return d -} - -// error aborts the decoding by panicking with err. -func (d *decodeState) error(err error) { - panic(err) -} - -// saveError saves the first err it is called with, -// for reporting at the end of the unmarshal. -func (d *decodeState) saveError(err error) { - if d.savedError == nil { - d.savedError = err - } -} - -// next cuts off and returns the next full JSON value in d.data[d.off:]. -// The next value is known to be an object or array, not a literal. -func (d *decodeState) next() []byte { - c := d.data[d.off] - item, rest, err := nextValue(d.data[d.off:], &d.nextscan) - if err != nil { - d.error(err) - } - d.off = len(d.data) - len(rest) - - // Our scanner has seen the opening brace/bracket - // and thinks we're still in the middle of the object. - // invent a closing brace/bracket to get it out. - if c == '{' { - d.scan.step(&d.scan, '}') - } else { - d.scan.step(&d.scan, ']') - } - - return item -} - -// scanWhile processes bytes in d.data[d.off:] until it -// receives a scan code not equal to op. -// It updates d.off and returns the new scan code. -func (d *decodeState) scanWhile(op int) int { - var newOp int - for { - if d.off >= len(d.data) { - newOp = d.scan.eof() - d.off = len(d.data) + 1 // mark processed EOF with len+1 - } else { - c := d.data[d.off] - d.off++ - newOp = d.scan.step(&d.scan, c) - } - if newOp != op { - break - } - } - return newOp -} - -// value decodes a JSON value from d.data[d.off:] into the value. -// it updates d.off to point past the decoded value. -func (d *decodeState) value(v reflect.Value) { - if !v.IsValid() { - _, rest, err := nextValue(d.data[d.off:], &d.nextscan) - if err != nil { - d.error(err) - } - d.off = len(d.data) - len(rest) - - // d.scan thinks we're still at the beginning of the item. - // Feed in an empty string - the shortest, simplest value - - // so that it knows we got to the end of the value. - if d.scan.redo { - // rewind. - d.scan.redo = false - d.scan.step = stateBeginValue - } - d.scan.step(&d.scan, '"') - d.scan.step(&d.scan, '"') - - n := len(d.scan.parseState) - if n > 0 && d.scan.parseState[n-1] == parseObjectKey { - // d.scan thinks we just read an object key; finish the object - d.scan.step(&d.scan, ':') - d.scan.step(&d.scan, '"') - d.scan.step(&d.scan, '"') - d.scan.step(&d.scan, '}') - } - - return - } - - switch op := d.scanWhile(scanSkipSpace); op { - default: - d.error(errPhase) - - case scanBeginArray: - d.array(v) - - case scanBeginObject: - d.object(v) - - case scanBeginLiteral: - d.literal(v) - } -} - -type unquotedValue struct{} - -// valueQuoted is like value but decodes a -// quoted string literal or literal null into an interface value. -// If it finds anything other than a quoted string literal or null, -// valueQuoted returns unquotedValue{}. -func (d *decodeState) valueQuoted() interface{} { - switch op := d.scanWhile(scanSkipSpace); op { - default: - d.error(errPhase) - - case scanBeginArray: - d.array(reflect.Value{}) - - case scanBeginObject: - d.object(reflect.Value{}) - - case scanBeginLiteral: - switch v := d.literalInterface().(type) { - case nil, string: - return v - } - } - return unquotedValue{} -} - -// indirect walks down v allocating pointers as needed, -// until it gets to a non-pointer. -// if it encounters an Unmarshaler, indirect stops and returns that. -// if decodingNull is true, indirect stops at the last pointer so it can be set to nil. -func (d *decodeState) indirect(v reflect.Value, decodingNull bool) (Unmarshaler, encoding.TextUnmarshaler, reflect.Value) { - // If v is a named type and is addressable, - // start with its address, so that if the type has pointer methods, - // we find them. - if v.Kind() != reflect.Ptr && v.Type().Name() != "" && v.CanAddr() { - v = v.Addr() - } - for { - // Load value from interface, but only if the result will be - // usefully addressable. - if v.Kind() == reflect.Interface && !v.IsNil() { - e := v.Elem() - if e.Kind() == reflect.Ptr && !e.IsNil() && (!decodingNull || e.Elem().Kind() == reflect.Ptr) { - v = e - continue - } - } - - if v.Kind() != reflect.Ptr { - break - } - - if v.Elem().Kind() != reflect.Ptr && decodingNull && v.CanSet() { - break - } - if v.IsNil() { - v.Set(reflect.New(v.Type().Elem())) - } - if v.Type().NumMethod() > 0 { - if u, ok := v.Interface().(Unmarshaler); ok { - return u, nil, reflect.Value{} - } - if u, ok := v.Interface().(encoding.TextUnmarshaler); ok { - return nil, u, reflect.Value{} - } - } - v = v.Elem() - } - return nil, nil, v -} - -// array consumes an array from d.data[d.off-1:], decoding into the value v. -// the first byte of the array ('[') has been read already. -func (d *decodeState) array(v reflect.Value) { - // Check for unmarshaler. - u, ut, pv := d.indirect(v, false) - if u != nil { - d.off-- - err := u.UnmarshalJSON(d.next()) - if err != nil { - d.error(err) - } - return - } - if ut != nil { - d.saveError(&UnmarshalTypeError{"array", v.Type(), int64(d.off)}) - d.off-- - d.next() - return - } - - v = pv - - // Check type of target. - switch v.Kind() { - case reflect.Interface: - if v.NumMethod() == 0 { - // Decoding into nil interface? Switch to non-reflect code. - v.Set(reflect.ValueOf(d.arrayInterface())) - return - } - // Otherwise it's invalid. - fallthrough - default: - d.saveError(&UnmarshalTypeError{"array", v.Type(), int64(d.off)}) - d.off-- - d.next() - return - case reflect.Array: - case reflect.Slice: - break - } - - i := 0 - for { - // Look ahead for ] - can only happen on first iteration. - op := d.scanWhile(scanSkipSpace) - if op == scanEndArray { - break - } - - // Back up so d.value can have the byte we just read. - d.off-- - d.scan.undo(op) - - // Get element of array, growing if necessary. - if v.Kind() == reflect.Slice { - // Grow slice if necessary - if i >= v.Cap() { - newcap := v.Cap() + v.Cap()/2 - if newcap < 4 { - newcap = 4 - } - newv := reflect.MakeSlice(v.Type(), v.Len(), newcap) - reflect.Copy(newv, v) - v.Set(newv) - } - if i >= v.Len() { - v.SetLen(i + 1) - } - } - - if i < v.Len() { - // Decode into element. - d.value(v.Index(i)) - } else { - // Ran out of fixed array: skip. - d.value(reflect.Value{}) - } - i++ - - // Next token must be , or ]. - op = d.scanWhile(scanSkipSpace) - if op == scanEndArray { - break - } - if op != scanArrayValue { - d.error(errPhase) - } - } - - if i < v.Len() { - if v.Kind() == reflect.Array { - // Array. Zero the rest. - z := reflect.Zero(v.Type().Elem()) - for ; i < v.Len(); i++ { - v.Index(i).Set(z) - } - } else { - v.SetLen(i) - } - } - if i == 0 && v.Kind() == reflect.Slice { - v.Set(reflect.MakeSlice(v.Type(), 0, 0)) - } -} - -var nullLiteral = []byte("null") - -// object consumes an object from d.data[d.off-1:], decoding into the value v. -// the first byte ('{') of the object has been read already. -func (d *decodeState) object(v reflect.Value) { - // Check for unmarshaler. - u, ut, pv := d.indirect(v, false) - if u != nil { - d.off-- - err := u.UnmarshalJSON(d.next()) - if err != nil { - d.error(err) - } - return - } - if ut != nil { - d.saveError(&UnmarshalTypeError{"object", v.Type(), int64(d.off)}) - d.off-- - d.next() // skip over { } in input - return - } - v = pv - - // Decoding into nil interface? Switch to non-reflect code. - if v.Kind() == reflect.Interface && v.NumMethod() == 0 { - v.Set(reflect.ValueOf(d.objectInterface())) - return - } - - // Check type of target: struct or map[string]T - switch v.Kind() { - case reflect.Map: - // map must have string kind - t := v.Type() - if t.Key().Kind() != reflect.String { - d.saveError(&UnmarshalTypeError{"object", v.Type(), int64(d.off)}) - d.off-- - d.next() // skip over { } in input - return - } - if v.IsNil() { - v.Set(reflect.MakeMap(t)) - } - case reflect.Struct: - - default: - d.saveError(&UnmarshalTypeError{"object", v.Type(), int64(d.off)}) - d.off-- - d.next() // skip over { } in input - return - } - - var mapElem reflect.Value - - for { - // Read opening " of string key or closing }. - op := d.scanWhile(scanSkipSpace) - if op == scanEndObject { - // closing } - can only happen on first iteration. - break - } - if op != scanBeginLiteral { - d.error(errPhase) - } - - // Read key. - start := d.off - 1 - op = d.scanWhile(scanContinue) - item := d.data[start : d.off-1] - key, ok := unquoteBytes(item) - if !ok { - d.error(errPhase) - } - - // Figure out field corresponding to key. - var subv reflect.Value - destring := false // whether the value is wrapped in a string to be decoded first - - if v.Kind() == reflect.Map { - elemType := v.Type().Elem() - if !mapElem.IsValid() { - mapElem = reflect.New(elemType).Elem() - } else { - mapElem.Set(reflect.Zero(elemType)) - } - subv = mapElem - } else { - var f *field - fields := cachedTypeFields(v.Type(), false) - for i := range fields { - ff := &fields[i] - if bytes.Equal(ff.nameBytes, key) { - f = ff - break - } - if f == nil && ff.equalFold(ff.nameBytes, key) { - f = ff - } - } - if f != nil { - subv = v - destring = f.quoted - for _, i := range f.index { - if subv.Kind() == reflect.Ptr { - if subv.IsNil() { - subv.Set(reflect.New(subv.Type().Elem())) - } - subv = subv.Elem() - } - subv = subv.Field(i) - } - } - } - - // Read : before value. - if op == scanSkipSpace { - op = d.scanWhile(scanSkipSpace) - } - if op != scanObjectKey { - d.error(errPhase) - } - - // Read value. - if destring { - switch qv := d.valueQuoted().(type) { - case nil: - d.literalStore(nullLiteral, subv, false) - case string: - d.literalStore([]byte(qv), subv, true) - default: - d.saveError(fmt.Errorf("json: invalid use of ,string struct tag, trying to unmarshal unquoted value into %v", subv.Type())) - } - } else { - d.value(subv) - } - - // Write value back to map; - // if using struct, subv points into struct already. - if v.Kind() == reflect.Map { - kv := reflect.ValueOf(key).Convert(v.Type().Key()) - v.SetMapIndex(kv, subv) - } - - // Next token must be , or }. - op = d.scanWhile(scanSkipSpace) - if op == scanEndObject { - break - } - if op != scanObjectValue { - d.error(errPhase) - } - } -} - -// literal consumes a literal from d.data[d.off-1:], decoding into the value v. -// The first byte of the literal has been read already -// (that's how the caller knows it's a literal). -func (d *decodeState) literal(v reflect.Value) { - // All bytes inside literal return scanContinue op code. - start := d.off - 1 - op := d.scanWhile(scanContinue) - - // Scan read one byte too far; back up. - d.off-- - d.scan.undo(op) - - d.literalStore(d.data[start:d.off], v, false) -} - -// convertNumber converts the number literal s to a float64 or a Number -// depending on the setting of d.useNumber. -func (d *decodeState) convertNumber(s string) (interface{}, error) { - if d.useNumber { - return Number(s), nil - } - f, err := strconv.ParseFloat(s, 64) - if err != nil { - return nil, &UnmarshalTypeError{"number " + s, reflect.TypeOf(0.0), int64(d.off)} - } - return f, nil -} - -var numberType = reflect.TypeOf(Number("")) - -// literalStore decodes a literal stored in item into v. -// -// fromQuoted indicates whether this literal came from unwrapping a -// string from the ",string" struct tag option. this is used only to -// produce more helpful error messages. -func (d *decodeState) literalStore(item []byte, v reflect.Value, fromQuoted bool) { - // Check for unmarshaler. - if len(item) == 0 { - //Empty string given - d.saveError(fmt.Errorf("json: invalid use of ,string struct tag, trying to unmarshal %q into %v", item, v.Type())) - return - } - wantptr := item[0] == 'n' // null - u, ut, pv := d.indirect(v, wantptr) - if u != nil { - err := u.UnmarshalJSON(item) - if err != nil { - d.error(err) - } - return - } - if ut != nil { - if item[0] != '"' { - if fromQuoted { - d.saveError(fmt.Errorf("json: invalid use of ,string struct tag, trying to unmarshal %q into %v", item, v.Type())) - } else { - d.saveError(&UnmarshalTypeError{"string", v.Type(), int64(d.off)}) - } - return - } - s, ok := unquoteBytes(item) - if !ok { - if fromQuoted { - d.error(fmt.Errorf("json: invalid use of ,string struct tag, trying to unmarshal %q into %v", item, v.Type())) - } else { - d.error(errPhase) - } - } - err := ut.UnmarshalText(s) - if err != nil { - d.error(err) - } - return - } - - v = pv - - switch c := item[0]; c { - case 'n': // null - switch v.Kind() { - case reflect.Interface, reflect.Ptr, reflect.Map, reflect.Slice: - v.Set(reflect.Zero(v.Type())) - // otherwise, ignore null for primitives/string - } - case 't', 'f': // true, false - value := c == 't' - switch v.Kind() { - default: - if fromQuoted { - d.saveError(fmt.Errorf("json: invalid use of ,string struct tag, trying to unmarshal %q into %v", item, v.Type())) - } else { - d.saveError(&UnmarshalTypeError{"bool", v.Type(), int64(d.off)}) - } - case reflect.Bool: - v.SetBool(value) - case reflect.Interface: - if v.NumMethod() == 0 { - v.Set(reflect.ValueOf(value)) - } else { - d.saveError(&UnmarshalTypeError{"bool", v.Type(), int64(d.off)}) - } - } - - case '"': // string - s, ok := unquoteBytes(item) - if !ok { - if fromQuoted { - d.error(fmt.Errorf("json: invalid use of ,string struct tag, trying to unmarshal %q into %v", item, v.Type())) - } else { - d.error(errPhase) - } - } - switch v.Kind() { - default: - d.saveError(&UnmarshalTypeError{"string", v.Type(), int64(d.off)}) - case reflect.Slice: - if v.Type().Elem().Kind() != reflect.Uint8 { - d.saveError(&UnmarshalTypeError{"string", v.Type(), int64(d.off)}) - break - } - b := make([]byte, base64.StdEncoding.DecodedLen(len(s))) - n, err := base64.StdEncoding.Decode(b, s) - if err != nil { - d.saveError(err) - break - } - v.SetBytes(b[:n]) - case reflect.String: - v.SetString(string(s)) - case reflect.Interface: - if v.NumMethod() == 0 { - v.Set(reflect.ValueOf(string(s))) - } else { - d.saveError(&UnmarshalTypeError{"string", v.Type(), int64(d.off)}) - } - } - - default: // number - if c != '-' && (c < '0' || c > '9') { - if fromQuoted { - d.error(fmt.Errorf("json: invalid use of ,string struct tag, trying to unmarshal %q into %v", item, v.Type())) - } else { - d.error(errPhase) - } - } - s := string(item) - switch v.Kind() { - default: - if v.Kind() == reflect.String && v.Type() == numberType { - v.SetString(s) - if !isValidNumber(s) { - d.error(fmt.Errorf("json: invalid number literal, trying to unmarshal %q into Number", item)) - } - break - } - if fromQuoted { - d.error(fmt.Errorf("json: invalid use of ,string struct tag, trying to unmarshal %q into %v", item, v.Type())) - } else { - d.error(&UnmarshalTypeError{"number", v.Type(), int64(d.off)}) - } - case reflect.Interface: - n, err := d.convertNumber(s) - if err != nil { - d.saveError(err) - break - } - if v.NumMethod() != 0 { - d.saveError(&UnmarshalTypeError{"number", v.Type(), int64(d.off)}) - break - } - v.Set(reflect.ValueOf(n)) - - case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64: - n, err := strconv.ParseInt(s, 10, 64) - if err != nil || v.OverflowInt(n) { - d.saveError(&UnmarshalTypeError{"number " + s, v.Type(), int64(d.off)}) - break - } - v.SetInt(n) - - case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uintptr: - n, err := strconv.ParseUint(s, 10, 64) - if err != nil || v.OverflowUint(n) { - d.saveError(&UnmarshalTypeError{"number " + s, v.Type(), int64(d.off)}) - break - } - v.SetUint(n) - - case reflect.Float32, reflect.Float64: - n, err := strconv.ParseFloat(s, v.Type().Bits()) - if err != nil || v.OverflowFloat(n) { - d.saveError(&UnmarshalTypeError{"number " + s, v.Type(), int64(d.off)}) - break - } - v.SetFloat(n) - } - } -} - -// The xxxInterface routines build up a value to be stored -// in an empty interface. They are not strictly necessary, -// but they avoid the weight of reflection in this common case. - -// valueInterface is like value but returns interface{} -func (d *decodeState) valueInterface() interface{} { - switch d.scanWhile(scanSkipSpace) { - default: - d.error(errPhase) - panic("unreachable") - case scanBeginArray: - return d.arrayInterface() - case scanBeginObject: - return d.objectInterface() - case scanBeginLiteral: - return d.literalInterface() - } -} - -// arrayInterface is like array but returns []interface{}. -func (d *decodeState) arrayInterface() []interface{} { - var v = make([]interface{}, 0) - for { - // Look ahead for ] - can only happen on first iteration. - op := d.scanWhile(scanSkipSpace) - if op == scanEndArray { - break - } - - // Back up so d.value can have the byte we just read. - d.off-- - d.scan.undo(op) - - v = append(v, d.valueInterface()) - - // Next token must be , or ]. - op = d.scanWhile(scanSkipSpace) - if op == scanEndArray { - break - } - if op != scanArrayValue { - d.error(errPhase) - } - } - return v -} - -// objectInterface is like object but returns map[string]interface{}. -func (d *decodeState) objectInterface() map[string]interface{} { - m := make(map[string]interface{}) - for { - // Read opening " of string key or closing }. - op := d.scanWhile(scanSkipSpace) - if op == scanEndObject { - // closing } - can only happen on first iteration. - break - } - if op != scanBeginLiteral { - d.error(errPhase) - } - - // Read string key. - start := d.off - 1 - op = d.scanWhile(scanContinue) - item := d.data[start : d.off-1] - key, ok := unquote(item) - if !ok { - d.error(errPhase) - } - - // Read : before value. - if op == scanSkipSpace { - op = d.scanWhile(scanSkipSpace) - } - if op != scanObjectKey { - d.error(errPhase) - } - - // Read value. - m[key] = d.valueInterface() - - // Next token must be , or }. - op = d.scanWhile(scanSkipSpace) - if op == scanEndObject { - break - } - if op != scanObjectValue { - d.error(errPhase) - } - } - return m -} - -// literalInterface is like literal but returns an interface value. -func (d *decodeState) literalInterface() interface{} { - // All bytes inside literal return scanContinue op code. - start := d.off - 1 - op := d.scanWhile(scanContinue) - - // Scan read one byte too far; back up. - d.off-- - d.scan.undo(op) - item := d.data[start:d.off] - - switch c := item[0]; c { - case 'n': // null - return nil - - case 't', 'f': // true, false - return c == 't' - - case '"': // string - s, ok := unquote(item) - if !ok { - d.error(errPhase) - } - return s - - default: // number - if c != '-' && (c < '0' || c > '9') { - d.error(errPhase) - } - n, err := d.convertNumber(string(item)) - if err != nil { - d.saveError(err) - } - return n - } -} - -// getu4 decodes \uXXXX from the beginning of s, returning the hex value, -// or it returns -1. -func getu4(s []byte) rune { - if len(s) < 6 || s[0] != '\\' || s[1] != 'u' { - return -1 - } - r, err := strconv.ParseUint(string(s[2:6]), 16, 64) - if err != nil { - return -1 - } - return rune(r) -} - -// unquote converts a quoted JSON string literal s into an actual string t. -// The rules are different than for Go, so cannot use strconv.Unquote. -func unquote(s []byte) (t string, ok bool) { - s, ok = unquoteBytes(s) - t = string(s) - return -} - -func unquoteBytes(s []byte) (t []byte, ok bool) { - if len(s) < 2 || s[0] != '"' || s[len(s)-1] != '"' { - return - } - s = s[1 : len(s)-1] - - // Check for unusual characters. If there are none, - // then no unquoting is needed, so return a slice of the - // original bytes. - r := 0 - for r < len(s) { - c := s[r] - if c == '\\' || c == '"' || c < ' ' { - break - } - if c < utf8.RuneSelf { - r++ - continue - } - rr, size := utf8.DecodeRune(s[r:]) - if rr == utf8.RuneError && size == 1 { - break - } - r += size - } - if r == len(s) { - return s, true - } - - b := make([]byte, len(s)+2*utf8.UTFMax) - w := copy(b, s[0:r]) - for r < len(s) { - // Out of room? Can only happen if s is full of - // malformed UTF-8 and we're replacing each - // byte with RuneError. - if w >= len(b)-2*utf8.UTFMax { - nb := make([]byte, (len(b)+utf8.UTFMax)*2) - copy(nb, b[0:w]) - b = nb - } - switch c := s[r]; { - case c == '\\': - r++ - if r >= len(s) { - return - } - switch s[r] { - default: - return - case '"', '\\', '/', '\'': - b[w] = s[r] - r++ - w++ - case 'b': - b[w] = '\b' - r++ - w++ - case 'f': - b[w] = '\f' - r++ - w++ - case 'n': - b[w] = '\n' - r++ - w++ - case 'r': - b[w] = '\r' - r++ - w++ - case 't': - b[w] = '\t' - r++ - w++ - case 'u': - r-- - rr := getu4(s[r:]) - if rr < 0 { - return - } - r += 6 - if utf16.IsSurrogate(rr) { - rr1 := getu4(s[r:]) - if dec := utf16.DecodeRune(rr, rr1); dec != unicode.ReplacementChar { - // A valid pair; consume. - r += 6 - w += utf8.EncodeRune(b[w:], dec) - break - } - // Invalid surrogate; fall back to replacement rune. - rr = unicode.ReplacementChar - } - w += utf8.EncodeRune(b[w:], rr) - } - - // Quote, control characters are invalid. - case c == '"', c < ' ': - return - - // ASCII - case c < utf8.RuneSelf: - b[w] = c - r++ - w++ - - // Coerce to well-formed UTF-8. - default: - rr, size := utf8.DecodeRune(s[r:]) - r += size - w += utf8.EncodeRune(b[w:], rr) - } - } - return b[0:w], true -} diff --git a/vendor/github.com/docker/go/canonical/json/encode.go b/vendor/github.com/docker/go/canonical/json/encode.go deleted file mode 100644 index f3491b16..00000000 --- a/vendor/github.com/docker/go/canonical/json/encode.go +++ /dev/null @@ -1,1250 +0,0 @@ -// Copyright 2010 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// Package json implements encoding and decoding of JSON objects as defined in -// RFC 4627. The mapping between JSON objects and Go values is described -// in the documentation for the Marshal and Unmarshal functions. -// -// See "JSON and Go" for an introduction to this package: -// https://golang.org/doc/articles/json_and_go.html -package json - -import ( - "bytes" - "encoding" - "encoding/base64" - "fmt" - "math" - "reflect" - "runtime" - "sort" - "strconv" - "strings" - "sync" - "unicode" - "unicode/utf8" -) - -// Marshal returns the JSON encoding of v. -// -// Marshal traverses the value v recursively. -// If an encountered value implements the Marshaler interface -// and is not a nil pointer, Marshal calls its MarshalJSON method -// to produce JSON. If no MarshalJSON method is present but the -// value implements encoding.TextMarshaler instead, Marshal calls -// its MarshalText method. -// The nil pointer exception is not strictly necessary -// but mimics a similar, necessary exception in the behavior of -// UnmarshalJSON. -// -// Otherwise, Marshal uses the following type-dependent default encodings: -// -// Boolean values encode as JSON booleans. -// -// Floating point, integer, and Number values encode as JSON numbers. -// -// String values encode as JSON strings coerced to valid UTF-8, -// replacing invalid bytes with the Unicode replacement rune. -// The angle brackets "<" and ">" are escaped to "\u003c" and "\u003e" -// to keep some browsers from misinterpreting JSON output as HTML. -// Ampersand "&" is also escaped to "\u0026" for the same reason. -// -// Array and slice values encode as JSON arrays, except that -// []byte encodes as a base64-encoded string, and a nil slice -// encodes as the null JSON object. -// -// Struct values encode as JSON objects. Each exported struct field -// becomes a member of the object unless -// - the field's tag is "-", or -// - the field is empty and its tag specifies the "omitempty" option. -// The empty values are false, 0, any -// nil pointer or interface value, and any array, slice, map, or string of -// length zero. The object's default key string is the struct field name -// but can be specified in the struct field's tag value. The "json" key in -// the struct field's tag value is the key name, followed by an optional comma -// and options. Examples: -// -// // Field is ignored by this package. -// Field int `json:"-"` -// -// // Field appears in JSON as key "myName". -// Field int `json:"myName"` -// -// // Field appears in JSON as key "myName" and -// // the field is omitted from the object if its value is empty, -// // as defined above. -// Field int `json:"myName,omitempty"` -// -// // Field appears in JSON as key "Field" (the default), but -// // the field is skipped if empty. -// // Note the leading comma. -// Field int `json:",omitempty"` -// -// The "string" option signals that a field is stored as JSON inside a -// JSON-encoded string. It applies only to fields of string, floating point, -// integer, or boolean types. This extra level of encoding is sometimes used -// when communicating with JavaScript programs: -// -// Int64String int64 `json:",string"` -// -// The key name will be used if it's a non-empty string consisting of -// only Unicode letters, digits, dollar signs, percent signs, hyphens, -// underscores and slashes. -// -// Anonymous struct fields are usually marshaled as if their inner exported fields -// were fields in the outer struct, subject to the usual Go visibility rules amended -// as described in the next paragraph. -// An anonymous struct field with a name given in its JSON tag is treated as -// having that name, rather than being anonymous. -// An anonymous struct field of interface type is treated the same as having -// that type as its name, rather than being anonymous. -// -// The Go visibility rules for struct fields are amended for JSON when -// deciding which field to marshal or unmarshal. If there are -// multiple fields at the same level, and that level is the least -// nested (and would therefore be the nesting level selected by the -// usual Go rules), the following extra rules apply: -// -// 1) Of those fields, if any are JSON-tagged, only tagged fields are considered, -// even if there are multiple untagged fields that would otherwise conflict. -// 2) If there is exactly one field (tagged or not according to the first rule), that is selected. -// 3) Otherwise there are multiple fields, and all are ignored; no error occurs. -// -// Handling of anonymous struct fields is new in Go 1.1. -// Prior to Go 1.1, anonymous struct fields were ignored. To force ignoring of -// an anonymous struct field in both current and earlier versions, give the field -// a JSON tag of "-". -// -// Map values encode as JSON objects. -// The map's key type must be string; the map keys are used as JSON object -// keys, subject to the UTF-8 coercion described for string values above. -// -// Pointer values encode as the value pointed to. -// A nil pointer encodes as the null JSON object. -// -// Interface values encode as the value contained in the interface. -// A nil interface value encodes as the null JSON object. -// -// Channel, complex, and function values cannot be encoded in JSON. -// Attempting to encode such a value causes Marshal to return -// an UnsupportedTypeError. -// -// JSON cannot represent cyclic data structures and Marshal does not -// handle them. Passing cyclic structures to Marshal will result in -// an infinite recursion. -// -func Marshal(v interface{}) ([]byte, error) { - return marshal(v, false) -} - -// MarshalIndent is like Marshal but applies Indent to format the output. -func MarshalIndent(v interface{}, prefix, indent string) ([]byte, error) { - b, err := Marshal(v) - if err != nil { - return nil, err - } - var buf bytes.Buffer - err = Indent(&buf, b, prefix, indent) - if err != nil { - return nil, err - } - return buf.Bytes(), nil -} - -// MarshalCanonical is like Marshal but encodes into Canonical JSON. -// Read more at: http://wiki.laptop.org/go/Canonical_JSON -func MarshalCanonical(v interface{}) ([]byte, error) { - return marshal(v, true) -} - -func marshal(v interface{}, canonical bool) ([]byte, error) { - e := &encodeState{canonical: canonical} - err := e.marshal(v) - if err != nil { - return nil, err - } - return e.Bytes(), nil -} - -// HTMLEscape appends to dst the JSON-encoded src with <, >, &, U+2028 and U+2029 -// characters inside string literals changed to \u003c, \u003e, \u0026, \u2028, \u2029 -// so that the JSON will be safe to embed inside HTML