diff --git a/driver/docker-container/driver.go b/driver/docker-container/driver.go index 45f77b31..cfcdf67c 100644 --- a/driver/docker-container/driver.go +++ b/driver/docker-container/driver.go @@ -24,11 +24,10 @@ import ( "github.com/docker/docker/api/types/network" "github.com/docker/docker/api/types/system" "github.com/docker/docker/errdefs" - dockerarchive "github.com/docker/docker/pkg/archive" - "github.com/docker/docker/pkg/idtools" "github.com/docker/docker/pkg/jsonmessage" "github.com/docker/docker/pkg/stdcopy" "github.com/moby/buildkit/client" + mobyarchive "github.com/moby/go-archive" "github.com/pkg/errors" ) @@ -250,8 +249,8 @@ func (d *Driver) copyToContainer(ctx context.Context, files map[string][]byte) e if srcPath != "" { defer os.RemoveAll(srcPath) } - srcArchive, err := dockerarchive.TarWithOptions(srcPath, &dockerarchive.TarOptions{ - ChownOpts: &idtools.Identity{UID: 0, GID: 0}, + srcArchive, err := mobyarchive.TarWithOptions(srcPath, &mobyarchive.TarOptions{ + ChownOpts: &mobyarchive.ChownOpts{UID: 0, GID: 0}, }) if err != nil { return err diff --git a/go.mod b/go.mod index ef1c4e0f..75f250c9 100644 --- a/go.mod +++ b/go.mod @@ -30,6 +30,7 @@ require ( github.com/in-toto/in-toto-golang v0.5.0 github.com/mitchellh/hashstructure/v2 v2.0.2 github.com/moby/buildkit v0.21.0-rc1 + github.com/moby/go-archive v0.0.0-20250404171912-21f3f3385ab7 github.com/moby/sys/mountinfo v0.7.2 github.com/moby/sys/signal v0.7.1 github.com/morikuni/aec v1.0.0 diff --git a/go.sum b/go.sum index 7b3dd22e..6f5f30f2 100644 --- a/go.sum +++ b/go.sum @@ -283,6 +283,8 @@ github.com/moby/buildkit v0.21.0-rc1 h1:QWTyHpHUtsyUMH0CH7QStisI/FmS9njRC1FK4vVY github.com/moby/buildkit v0.21.0-rc1/go.mod h1:coiVDxJmP1PD+79HAnTJvBMetLTdCws8gpWiYX2vcH8= github.com/moby/docker-image-spec v1.3.1 h1:jMKff3w6PgbfSa69GfNg+zN/XLhfXJGnEx3Nl2EsFP0= github.com/moby/docker-image-spec v1.3.1/go.mod h1:eKmb5VW8vQEh/BAr2yvVNvuiJuY6UIocYsFu/DxxRpo= +github.com/moby/go-archive v0.0.0-20250404171912-21f3f3385ab7 h1:CWAY9uG9JhmLmnM7T64+bV0C9IraDrvxEwXq1HJ7hhk= +github.com/moby/go-archive v0.0.0-20250404171912-21f3f3385ab7/go.mod h1:G9B+YoujNohJmrIYFBpSd54GTUB4lt9S+xVQvsJyFuo= github.com/moby/locker v1.0.1 h1:fOXqR41zeveg4fFODix+1Ch4mj/gT0NE1XJbp/epuBg= github.com/moby/locker v1.0.1/go.mod h1:S7SDdo5zpBK84bzzVlKr2V0hz+7x9hWbYC/kq7oQppc= github.com/moby/patternmatcher v0.6.0 h1:GmP9lR19aU5GqSSFko+5pRqHi+Ohk1O69aFiKkVGiPk= @@ -586,8 +588,8 @@ gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gotest.tools/v3 v3.4.0 h1:ZazjZUfuVeZGLAmlKKuyv3IKP5orXcwtOwDQH6YVr6o= -gotest.tools/v3 v3.4.0/go.mod h1:CtbdzLSsqVhDgMtKsx03ird5YTGB3ar27v0u/yKBW5g= +gotest.tools/v3 v3.5.2 h1:7koQfIKdy+I8UTetycgUqXWSDwpgv193Ka+qRsmBY8Q= +gotest.tools/v3 v3.5.2/go.mod h1:LtdLGcnqToBH83WByAAi/wiwSFCArdFIUV/xxN4pcjA= k8s.io/api v0.31.2 h1:3wLBbL5Uom/8Zy98GRPXpJ254nEFpl+hwndmk9RwmL0= k8s.io/api v0.31.2/go.mod h1:bWmGvrGPssSK1ljmLzd3pwCQ9MgoTsRCuK35u6SygUk= k8s.io/apimachinery v0.31.2 h1:i4vUt2hPK56W6mlT7Ry+AO8eEsyxMD1U44NR22CLTYw= diff --git a/vendor/github.com/docker/docker/pkg/idtools/idtools.go b/vendor/github.com/docker/docker/pkg/idtools/idtools.go deleted file mode 100644 index d2fbd943..00000000 --- a/vendor/github.com/docker/docker/pkg/idtools/idtools.go +++ /dev/null @@ -1,149 +0,0 @@ -package idtools - -import ( - "fmt" - "os" -) - -// IDMap contains a single entry for user namespace range remapping. An array -// of IDMap entries represents the structure that will be provided to the Linux -// kernel for creating a user namespace. -type IDMap struct { - ContainerID int `json:"container_id"` - HostID int `json:"host_id"` - Size int `json:"size"` -} - -// MkdirAllAndChown creates a directory (include any along the path) and then modifies -// ownership to the requested uid/gid. If the directory already exists, this -// function will still change ownership and permissions. -func MkdirAllAndChown(path string, mode os.FileMode, owner Identity) error { - return mkdirAs(path, mode, owner, true, true) -} - -// MkdirAndChown creates a directory and then modifies ownership to the requested uid/gid. -// If the directory already exists, this function still changes ownership and permissions. -// Note that unlike os.Mkdir(), this function does not return IsExist error -// in case path already exists. -func MkdirAndChown(path string, mode os.FileMode, owner Identity) error { - return mkdirAs(path, mode, owner, false, true) -} - -// MkdirAllAndChownNew creates a directory (include any along the path) and then modifies -// ownership ONLY of newly created directories to the requested uid/gid. If the -// directories along the path exist, no change of ownership or permissions will be performed -func MkdirAllAndChownNew(path string, mode os.FileMode, owner Identity) error { - return mkdirAs(path, mode, owner, true, false) -} - -// GetRootUIDGID retrieves the remapped root uid/gid pair from the set of maps. -// If the maps are empty, then the root uid/gid will default to "real" 0/0 -func GetRootUIDGID(uidMap, gidMap []IDMap) (int, int, error) { - uid, err := toHost(0, uidMap) - if err != nil { - return -1, -1, err - } - gid, err := toHost(0, gidMap) - if err != nil { - return -1, -1, err - } - return uid, gid, nil -} - -// toContainer takes an id mapping, and uses it to translate a -// host ID to the remapped ID. If no map is provided, then the translation -// assumes a 1-to-1 mapping and returns the passed in id -func toContainer(hostID int, idMap []IDMap) (int, error) { - if idMap == nil { - return hostID, nil - } - for _, m := range idMap { - if (hostID >= m.HostID) && (hostID <= (m.HostID + m.Size - 1)) { - contID := m.ContainerID + (hostID - m.HostID) - return contID, nil - } - } - return -1, fmt.Errorf("Host ID %d cannot be mapped to a container ID", hostID) -} - -// toHost takes an id mapping and a remapped ID, and translates the -// ID to the mapped host ID. If no map is provided, then the translation -// assumes a 1-to-1 mapping and returns the passed in id # -func toHost(contID int, idMap []IDMap) (int, error) { - if idMap == nil { - return contID, nil - } - for _, m := range idMap { - if (contID >= m.ContainerID) && (contID <= (m.ContainerID + m.Size - 1)) { - hostID := m.HostID + (contID - m.ContainerID) - return hostID, nil - } - } - return -1, fmt.Errorf("Container ID %d cannot be mapped to a host ID", contID) -} - -// Identity is either a UID and GID pair or a SID (but not both) -type Identity struct { - UID int - GID int - SID string -} - -// Chown changes the numeric uid and gid of the named file to id.UID and id.GID. -func (id Identity) Chown(name string) error { - return os.Chown(name, id.UID, id.GID) -} - -// IdentityMapping contains a mappings of UIDs and GIDs. -// The zero value represents an empty mapping. -type IdentityMapping struct { - UIDMaps []IDMap `json:"UIDMaps"` - GIDMaps []IDMap `json:"GIDMaps"` -} - -// RootPair returns a uid and gid pair for the root user. The error is ignored -// because a root user always exists, and the defaults are correct when the uid -// and gid maps are empty. -func (i IdentityMapping) RootPair() Identity { - uid, gid, _ := GetRootUIDGID(i.UIDMaps, i.GIDMaps) - return Identity{UID: uid, GID: gid} -} - -// ToHost returns the host UID and GID for the container uid, gid. -// Remapping is only performed if the ids aren't already the remapped root ids -func (i IdentityMapping) ToHost(pair Identity) (Identity, error) { - var err error - target := i.RootPair() - - if pair.UID != target.UID { - target.UID, err = toHost(pair.UID, i.UIDMaps) - if err != nil { - return target, err - } - } - - if pair.GID != target.GID { - target.GID, err = toHost(pair.GID, i.GIDMaps) - } - return target, err -} - -// ToContainer returns the container UID and GID for the host uid and gid -func (i IdentityMapping) ToContainer(pair Identity) (int, int, error) { - uid, err := toContainer(pair.UID, i.UIDMaps) - if err != nil { - return -1, -1, err - } - gid, err := toContainer(pair.GID, i.GIDMaps) - return uid, gid, err -} - -// Empty returns true if there are no id mappings -func (i IdentityMapping) Empty() bool { - return len(i.UIDMaps) == 0 && len(i.GIDMaps) == 0 -} - -// CurrentIdentity returns the identity of the current process -func CurrentIdentity() Identity { - return Identity{UID: os.Getuid(), GID: os.Getegid()} -} diff --git a/vendor/github.com/docker/docker/pkg/idtools/idtools_unix.go b/vendor/github.com/docker/docker/pkg/idtools/idtools_unix.go deleted file mode 100644 index 1f11fe47..00000000 --- a/vendor/github.com/docker/docker/pkg/idtools/idtools_unix.go +++ /dev/null @@ -1,166 +0,0 @@ -//go:build !windows - -package idtools - -import ( - "fmt" - "os" - "path/filepath" - "strconv" - "syscall" - - "github.com/moby/sys/user" -) - -func mkdirAs(path string, mode os.FileMode, owner Identity, mkAll, chownExisting bool) error { - path, err := filepath.Abs(path) - if err != nil { - return err - } - - stat, err := os.Stat(path) - if err == nil { - if !stat.IsDir() { - return &os.PathError{Op: "mkdir", Path: path, Err: syscall.ENOTDIR} - } - if !chownExisting { - return nil - } - - // short-circuit -- we were called with an existing directory and chown was requested - return setPermissions(path, mode, owner, stat) - } - - // make an array containing the original path asked for, plus (for mkAll == true) - // all path components leading up to the complete path that don't exist before we MkdirAll - // so that we can chown all of them properly at the end. If chownExisting is false, we won't - // chown the full directory path if it exists - var paths []string - if os.IsNotExist(err) { - paths = []string{path} - } - - if mkAll { - // walk back to "/" looking for directories which do not exist - // and add them to the paths array for chown after creation - dirPath := path - for { - dirPath = filepath.Dir(dirPath) - if dirPath == "/" { - break - } - if _, err = os.Stat(dirPath); err != nil && os.IsNotExist(err) { - paths = append(paths, dirPath) - } - } - if err = os.MkdirAll(path, mode); err != nil { - return err - } - } else if err = os.Mkdir(path, mode); err != nil { - return err - } - // even if it existed, we will chown the requested path + any subpaths that - // didn't exist when we called MkdirAll - for _, pathComponent := range paths { - if err = setPermissions(pathComponent, mode, owner, nil); err != nil { - return err - } - } - return nil -} - -// LookupUser uses traditional local system files lookup (from libcontainer/user) on a username -// -// Deprecated: use [user.LookupUser] instead -func LookupUser(name string) (user.User, error) { - return user.LookupUser(name) -} - -// LookupUID uses traditional local system files lookup (from libcontainer/user) on a uid -// -// Deprecated: use [user.LookupUid] instead -func LookupUID(uid int) (user.User, error) { - return user.LookupUid(uid) -} - -// LookupGroup uses traditional local system files lookup (from libcontainer/user) on a group name, -// -// Deprecated: use [user.LookupGroup] instead -func LookupGroup(name string) (user.Group, error) { - return user.LookupGroup(name) -} - -// setPermissions performs a chown/chmod only if the uid/gid don't match what's requested -// Normally a Chown is a no-op if uid/gid match, but in some cases this can still cause an error, e.g. if the -// dir is on an NFS share, so don't call chown unless we absolutely must. -// Likewise for setting permissions. -func setPermissions(p string, mode os.FileMode, owner Identity, stat os.FileInfo) error { - if stat == nil { - var err error - stat, err = os.Stat(p) - if err != nil { - return err - } - } - if stat.Mode().Perm() != mode.Perm() { - if err := os.Chmod(p, mode.Perm()); err != nil { - return err - } - } - ssi := stat.Sys().(*syscall.Stat_t) - if ssi.Uid == uint32(owner.UID) && ssi.Gid == uint32(owner.GID) { - return nil - } - return os.Chown(p, owner.UID, owner.GID) -} - -// LoadIdentityMapping takes a requested username and -// using the data from /etc/sub{uid,gid} ranges, creates the -// proper uid and gid remapping ranges for that user/group pair -func LoadIdentityMapping(name string) (IdentityMapping, error) { - // TODO: Consider adding support for calling out to "getent" - usr, err := user.LookupUser(name) - if err != nil { - return IdentityMapping{}, fmt.Errorf("could not get user for username %s: %v", name, err) - } - - subuidRanges, err := lookupSubRangesFile("/etc/subuid", usr) - if err != nil { - return IdentityMapping{}, err - } - subgidRanges, err := lookupSubRangesFile("/etc/subgid", usr) - if err != nil { - return IdentityMapping{}, err - } - - return IdentityMapping{ - UIDMaps: subuidRanges, - GIDMaps: subgidRanges, - }, nil -} - -func lookupSubRangesFile(path string, usr user.User) ([]IDMap, error) { - uidstr := strconv.Itoa(usr.Uid) - rangeList, err := user.ParseSubIDFileFilter(path, func(sid user.SubID) bool { - return sid.Name == usr.Name || sid.Name == uidstr - }) - if err != nil { - return nil, err - } - if len(rangeList) == 0 { - return nil, fmt.Errorf("no subuid ranges found for user %q", usr.Name) - } - - idMap := []IDMap{} - - containerID := 0 - for _, idrange := range rangeList { - idMap = append(idMap, IDMap{ - ContainerID: containerID, - HostID: int(idrange.SubID), - Size: int(idrange.Count), - }) - containerID = containerID + int(idrange.Count) - } - return idMap, nil -} diff --git a/vendor/github.com/docker/docker/pkg/idtools/idtools_windows.go b/vendor/github.com/docker/docker/pkg/idtools/idtools_windows.go deleted file mode 100644 index a12b1404..00000000 --- a/vendor/github.com/docker/docker/pkg/idtools/idtools_windows.go +++ /dev/null @@ -1,24 +0,0 @@ -package idtools - -import ( - "os" -) - -const ( - SeTakeOwnershipPrivilege = "SeTakeOwnershipPrivilege" -) - -// TODO(thaJeztah): these magic consts need a source of reference, and should be defined in a canonical location -const ( - ContainerAdministratorSidString = "S-1-5-93-2-1" - - ContainerUserSidString = "S-1-5-93-2-2" -) - -// This is currently a wrapper around [os.MkdirAll] since currently -// permissions aren't set through this path, the identity isn't utilized. -// Ownership is handled elsewhere, but in the future could be support here -// too. -func mkdirAs(path string, _ os.FileMode, _ Identity, _, _ bool) error { - return os.MkdirAll(path, 0) -} diff --git a/vendor/github.com/moby/go-archive/LICENSE b/vendor/github.com/moby/go-archive/LICENSE new file mode 100644 index 00000000..d6456956 --- /dev/null +++ b/vendor/github.com/moby/go-archive/LICENSE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/vendor/github.com/docker/docker/pkg/archive/archive.go b/vendor/github.com/moby/go-archive/archive.go similarity index 97% rename from vendor/github.com/docker/docker/pkg/archive/archive.go rename to vendor/github.com/moby/go-archive/archive.go index 9bbb11c1..c207e8e7 100644 --- a/vendor/github.com/docker/docker/pkg/archive/archive.go +++ b/vendor/github.com/moby/go-archive/archive.go @@ -25,10 +25,10 @@ import ( "time" "github.com/containerd/log" - "github.com/docker/docker/pkg/idtools" "github.com/klauspost/compress/zstd" "github.com/moby/patternmatcher" "github.com/moby/sys/sequential" + "github.com/moby/sys/user" ) // ImpliedDirectoryMode represents the mode (Unix permissions) applied to directories that are implied by files in a @@ -49,14 +49,19 @@ type ( // WhiteoutFormat is the format of whiteouts unpacked WhiteoutFormat int + ChownOpts struct { + UID int + GID int + } + // TarOptions wraps the tar options. TarOptions struct { IncludeFiles []string ExcludePatterns []string Compression Compression NoLchown bool - IDMap idtools.IdentityMapping - ChownOpts *idtools.Identity + IDMap user.IdentityMapping + ChownOpts *ChownOpts IncludeSourceDir bool // WhiteoutFormat is the expected on disk format for whiteout files. // This format will be converted to the standard format on pack @@ -83,7 +88,7 @@ type ( // mappings for untar, an Archiver can be created with maps which will then be passed to Untar operations. type Archiver struct { Untar func(io.Reader, string, *TarOptions) error - IDMapping idtools.IdentityMapping + IDMapping user.IdentityMapping } // NewDefaultArchiver returns a new Archiver without any IdentityMapping @@ -598,8 +603,8 @@ type tarAppender struct { // for hardlink mapping SeenFiles map[uint64]string - IdentityMapping idtools.IdentityMapping - ChownOpts *idtools.Identity + IdentityMapping user.IdentityMapping + ChownOpts *ChownOpts // For packing and unpacking whiteout files in the // non standard format. The whiteout files defined @@ -608,7 +613,7 @@ type tarAppender struct { WhiteoutConverter tarWhiteoutConverter } -func newTarAppender(idMapping idtools.IdentityMapping, writer io.Writer, chownOpts *idtools.Identity) *tarAppender { +func newTarAppender(idMapping user.IdentityMapping, writer io.Writer, chownOpts *ChownOpts) *tarAppender { return &tarAppender{ SeenFiles: make(map[uint64]string), TarWriter: tar.NewWriter(writer), @@ -679,11 +684,11 @@ func (ta *tarAppender) addTarFile(path, name string) error { // writing tar headers/files. We skip whiteout files because they were written // by the kernel and already have proper ownership relative to the host if !isOverlayWhiteout && !strings.HasPrefix(filepath.Base(hdr.Name), WhiteoutPrefix) && !ta.IdentityMapping.Empty() { - fileIDPair, err := getFileUIDGID(fi.Sys()) + uid, gid, err := getFileUIDGID(fi.Sys()) if err != nil { return err } - hdr.Uid, hdr.Gid, err = ta.IdentityMapping.ToContainer(fileIDPair) + hdr.Uid, hdr.Gid, err = ta.IdentityMapping.ToContainer(uid, gid) if err != nil { return err } @@ -743,7 +748,7 @@ func createTarFile(path, extractDir string, hdr *tar.Header, reader io.Reader, o var ( Lchown = true inUserns, bestEffortXattrs bool - chownOpts *idtools.Identity + chownOpts *ChownOpts ) // TODO(thaJeztah): make opts a required argument. @@ -839,7 +844,7 @@ func createTarFile(path, extractDir string, hdr *tar.Header, reader io.Reader, o // Lchown is not supported on Windows. if Lchown && runtime.GOOS != "windows" { if chownOpts == nil { - chownOpts = &idtools.Identity{UID: hdr.Uid, GID: hdr.Gid} + chownOpts = &ChownOpts{UID: hdr.Uid, GID: hdr.Gid} } if err := os.Lchown(path, chownOpts.UID, chownOpts.GID); err != nil { var msg string @@ -1272,9 +1277,9 @@ func createImpliedDirectories(dest string, hdr *tar.Header, options *TarOptions) // RootPair() is confined inside this loop as most cases will not require a call, so we can spend some // unneeded function calls in the uncommon case to encapsulate logic -- implied directories are a niche // usage that reduces the portability of an image. - rootIDs := options.IDMap.RootPair() + uid, gid := options.IDMap.RootPair() - err = idtools.MkdirAllAndChownNew(parentPath, ImpliedDirectoryMode, rootIDs) + err = user.MkdirAllAndChown(parentPath, ImpliedDirectoryMode, uid, gid, user.WithOnlyNew) if err != nil { return err } @@ -1370,9 +1375,9 @@ func (archiver *Archiver) CopyWithTar(src, dst string) error { // if this Archiver is set up with ID mapping we need to create // the new destination directory with the remapped root UID/GID pair // as owner - rootIDs := archiver.IDMapping.RootPair() + uid, gid := archiver.IDMapping.RootPair() // Create dst, copy src's content into it - if err := idtools.MkdirAllAndChownNew(dst, 0o755, rootIDs); err != nil { + if err := user.MkdirAllAndChown(dst, 0o755, uid, gid, user.WithOnlyNew); err != nil { return err } return archiver.TarUntar(src, dst) @@ -1456,13 +1461,13 @@ func (archiver *Archiver) CopyFileWithTar(src, dst string) (err error) { } // IdentityMapping returns the IdentityMapping of the archiver. -func (archiver *Archiver) IdentityMapping() idtools.IdentityMapping { +func (archiver *Archiver) IdentityMapping() user.IdentityMapping { return archiver.IDMapping } -func remapIDs(idMapping idtools.IdentityMapping, hdr *tar.Header) error { - ids, err := idMapping.ToHost(idtools.Identity{UID: hdr.Uid, GID: hdr.Gid}) - hdr.Uid, hdr.Gid = ids.UID, ids.GID +func remapIDs(idMapping user.IdentityMapping, hdr *tar.Header) error { + uid, gid, err := idMapping.ToHost(hdr.Uid, hdr.Gid) + hdr.Uid, hdr.Gid = uid, gid return err } diff --git a/vendor/github.com/docker/docker/pkg/archive/archive_linux.go b/vendor/github.com/moby/go-archive/archive_linux.go similarity index 100% rename from vendor/github.com/docker/docker/pkg/archive/archive_linux.go rename to vendor/github.com/moby/go-archive/archive_linux.go diff --git a/vendor/github.com/docker/docker/pkg/archive/archive_other.go b/vendor/github.com/moby/go-archive/archive_other.go similarity index 100% rename from vendor/github.com/docker/docker/pkg/archive/archive_other.go rename to vendor/github.com/moby/go-archive/archive_other.go diff --git a/vendor/github.com/docker/docker/pkg/archive/archive_unix.go b/vendor/github.com/moby/go-archive/archive_unix.go similarity index 93% rename from vendor/github.com/docker/docker/pkg/archive/archive_unix.go rename to vendor/github.com/moby/go-archive/archive_unix.go index bc6b25ae..715ac4c6 100644 --- a/vendor/github.com/docker/docker/pkg/archive/archive_unix.go +++ b/vendor/github.com/moby/go-archive/archive_unix.go @@ -11,7 +11,6 @@ import ( "strings" "syscall" - "github.com/docker/docker/pkg/idtools" "golang.org/x/sys/unix" ) @@ -82,13 +81,13 @@ func getInodeFromStat(stat interface{}) (uint64, error) { return s.Ino, nil } -func getFileUIDGID(stat interface{}) (idtools.Identity, error) { +func getFileUIDGID(stat interface{}) (int, int, error) { s, ok := stat.(*syscall.Stat_t) if !ok { - return idtools.Identity{}, errors.New("cannot convert stat value to syscall.Stat_t") + return 0, 0, errors.New("cannot convert stat value to syscall.Stat_t") } - return idtools.Identity{UID: int(s.Uid), GID: int(s.Gid)}, nil + return int(s.Uid), int(s.Gid), nil } // handleTarTypeBlockCharFifo is an OS-specific helper function used by diff --git a/vendor/github.com/docker/docker/pkg/archive/archive_windows.go b/vendor/github.com/moby/go-archive/archive_windows.go similarity index 92% rename from vendor/github.com/docker/docker/pkg/archive/archive_windows.go rename to vendor/github.com/moby/go-archive/archive_windows.go index fd2546ea..108ee5d1 100644 --- a/vendor/github.com/docker/docker/pkg/archive/archive_windows.go +++ b/vendor/github.com/moby/go-archive/archive_windows.go @@ -5,8 +5,6 @@ import ( "os" "path/filepath" "strings" - - "github.com/docker/docker/pkg/idtools" ) // longPathPrefix is the longpath prefix for Windows file paths. @@ -63,7 +61,7 @@ func handleLChmod(hdr *tar.Header, path string, hdrInfo os.FileInfo) error { return nil } -func getFileUIDGID(stat interface{}) (idtools.Identity, error) { +func getFileUIDGID(stat interface{}) (int, int, error) { // no notion of file ownership mapping yet on Windows - return idtools.Identity{UID: 0, GID: 0}, nil + return 0, 0, nil } diff --git a/vendor/github.com/docker/docker/pkg/archive/changes.go b/vendor/github.com/moby/go-archive/changes.go similarity index 98% rename from vendor/github.com/docker/docker/pkg/archive/changes.go rename to vendor/github.com/moby/go-archive/changes.go index 1c0509d0..036a1b09 100644 --- a/vendor/github.com/docker/docker/pkg/archive/changes.go +++ b/vendor/github.com/moby/go-archive/changes.go @@ -14,7 +14,7 @@ import ( "time" "github.com/containerd/log" - "github.com/docker/docker/pkg/idtools" + "github.com/moby/sys/user" ) // ChangeType represents the change type. @@ -383,7 +383,7 @@ func ChangesSize(newDir string, changes []Change) int64 { } // ExportChanges produces an Archive from the provided changes, relative to dir. -func ExportChanges(dir string, changes []Change, idMap idtools.IdentityMapping) (io.ReadCloser, error) { +func ExportChanges(dir string, changes []Change, idMap user.IdentityMapping) (io.ReadCloser, error) { reader, writer := io.Pipe() go func() { ta := newTarAppender(idMap, writer, nil) diff --git a/vendor/github.com/docker/docker/pkg/archive/changes_linux.go b/vendor/github.com/moby/go-archive/changes_linux.go similarity index 100% rename from vendor/github.com/docker/docker/pkg/archive/changes_linux.go rename to vendor/github.com/moby/go-archive/changes_linux.go diff --git a/vendor/github.com/docker/docker/pkg/archive/changes_other.go b/vendor/github.com/moby/go-archive/changes_other.go similarity index 100% rename from vendor/github.com/docker/docker/pkg/archive/changes_other.go rename to vendor/github.com/moby/go-archive/changes_other.go diff --git a/vendor/github.com/docker/docker/pkg/archive/changes_unix.go b/vendor/github.com/moby/go-archive/changes_unix.go similarity index 100% rename from vendor/github.com/docker/docker/pkg/archive/changes_unix.go rename to vendor/github.com/moby/go-archive/changes_unix.go diff --git a/vendor/github.com/docker/docker/pkg/archive/changes_windows.go b/vendor/github.com/moby/go-archive/changes_windows.go similarity index 100% rename from vendor/github.com/docker/docker/pkg/archive/changes_windows.go rename to vendor/github.com/moby/go-archive/changes_windows.go diff --git a/vendor/github.com/docker/docker/pkg/archive/copy.go b/vendor/github.com/moby/go-archive/copy.go similarity index 100% rename from vendor/github.com/docker/docker/pkg/archive/copy.go rename to vendor/github.com/moby/go-archive/copy.go diff --git a/vendor/github.com/docker/docker/pkg/archive/copy_unix.go b/vendor/github.com/moby/go-archive/copy_unix.go similarity index 100% rename from vendor/github.com/docker/docker/pkg/archive/copy_unix.go rename to vendor/github.com/moby/go-archive/copy_unix.go diff --git a/vendor/github.com/docker/docker/pkg/archive/copy_windows.go b/vendor/github.com/moby/go-archive/copy_windows.go similarity index 100% rename from vendor/github.com/docker/docker/pkg/archive/copy_windows.go rename to vendor/github.com/moby/go-archive/copy_windows.go diff --git a/vendor/github.com/docker/docker/pkg/archive/dev_freebsd.go b/vendor/github.com/moby/go-archive/dev_freebsd.go similarity index 100% rename from vendor/github.com/docker/docker/pkg/archive/dev_freebsd.go rename to vendor/github.com/moby/go-archive/dev_freebsd.go diff --git a/vendor/github.com/docker/docker/pkg/archive/dev_unix.go b/vendor/github.com/moby/go-archive/dev_unix.go similarity index 100% rename from vendor/github.com/docker/docker/pkg/archive/dev_unix.go rename to vendor/github.com/moby/go-archive/dev_unix.go diff --git a/vendor/github.com/docker/docker/pkg/archive/diff.go b/vendor/github.com/moby/go-archive/diff.go similarity index 100% rename from vendor/github.com/docker/docker/pkg/archive/diff.go rename to vendor/github.com/moby/go-archive/diff.go diff --git a/vendor/github.com/docker/docker/pkg/archive/diff_unix.go b/vendor/github.com/moby/go-archive/diff_unix.go similarity index 100% rename from vendor/github.com/docker/docker/pkg/archive/diff_unix.go rename to vendor/github.com/moby/go-archive/diff_unix.go diff --git a/vendor/github.com/docker/docker/pkg/archive/diff_windows.go b/vendor/github.com/moby/go-archive/diff_windows.go similarity index 100% rename from vendor/github.com/docker/docker/pkg/archive/diff_windows.go rename to vendor/github.com/moby/go-archive/diff_windows.go diff --git a/vendor/github.com/docker/docker/pkg/archive/path.go b/vendor/github.com/moby/go-archive/path.go similarity index 100% rename from vendor/github.com/docker/docker/pkg/archive/path.go rename to vendor/github.com/moby/go-archive/path.go diff --git a/vendor/github.com/docker/docker/pkg/archive/path_unix.go b/vendor/github.com/moby/go-archive/path_unix.go similarity index 100% rename from vendor/github.com/docker/docker/pkg/archive/path_unix.go rename to vendor/github.com/moby/go-archive/path_unix.go diff --git a/vendor/github.com/docker/docker/pkg/archive/path_windows.go b/vendor/github.com/moby/go-archive/path_windows.go similarity index 100% rename from vendor/github.com/docker/docker/pkg/archive/path_windows.go rename to vendor/github.com/moby/go-archive/path_windows.go diff --git a/vendor/github.com/docker/docker/pkg/archive/time.go b/vendor/github.com/moby/go-archive/time.go similarity index 100% rename from vendor/github.com/docker/docker/pkg/archive/time.go rename to vendor/github.com/moby/go-archive/time.go diff --git a/vendor/github.com/docker/docker/pkg/archive/time_nonwindows.go b/vendor/github.com/moby/go-archive/time_nonwindows.go similarity index 100% rename from vendor/github.com/docker/docker/pkg/archive/time_nonwindows.go rename to vendor/github.com/moby/go-archive/time_nonwindows.go diff --git a/vendor/github.com/docker/docker/pkg/archive/time_windows.go b/vendor/github.com/moby/go-archive/time_windows.go similarity index 100% rename from vendor/github.com/docker/docker/pkg/archive/time_windows.go rename to vendor/github.com/moby/go-archive/time_windows.go diff --git a/vendor/github.com/docker/docker/pkg/archive/whiteouts.go b/vendor/github.com/moby/go-archive/whiteouts.go similarity index 100% rename from vendor/github.com/docker/docker/pkg/archive/whiteouts.go rename to vendor/github.com/moby/go-archive/whiteouts.go diff --git a/vendor/github.com/docker/docker/pkg/archive/wrap.go b/vendor/github.com/moby/go-archive/wrap.go similarity index 100% rename from vendor/github.com/docker/docker/pkg/archive/wrap.go rename to vendor/github.com/moby/go-archive/wrap.go diff --git a/vendor/github.com/docker/docker/pkg/archive/xattr_supported.go b/vendor/github.com/moby/go-archive/xattr_supported.go similarity index 100% rename from vendor/github.com/docker/docker/pkg/archive/xattr_supported.go rename to vendor/github.com/moby/go-archive/xattr_supported.go diff --git a/vendor/github.com/docker/docker/pkg/archive/xattr_supported_linux.go b/vendor/github.com/moby/go-archive/xattr_supported_linux.go similarity index 100% rename from vendor/github.com/docker/docker/pkg/archive/xattr_supported_linux.go rename to vendor/github.com/moby/go-archive/xattr_supported_linux.go diff --git a/vendor/github.com/docker/docker/pkg/archive/xattr_supported_unix.go b/vendor/github.com/moby/go-archive/xattr_supported_unix.go similarity index 100% rename from vendor/github.com/docker/docker/pkg/archive/xattr_supported_unix.go rename to vendor/github.com/moby/go-archive/xattr_supported_unix.go diff --git a/vendor/github.com/docker/docker/pkg/archive/xattr_unsupported.go b/vendor/github.com/moby/go-archive/xattr_unsupported.go similarity index 100% rename from vendor/github.com/docker/docker/pkg/archive/xattr_unsupported.go rename to vendor/github.com/moby/go-archive/xattr_unsupported.go diff --git a/vendor/modules.txt b/vendor/modules.txt index e604349b..e71e670c 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -298,10 +298,8 @@ github.com/docker/docker/client github.com/docker/docker/errdefs github.com/docker/docker/internal/lazyregexp github.com/docker/docker/internal/multierror -github.com/docker/docker/pkg/archive github.com/docker/docker/pkg/atomicwriter github.com/docker/docker/pkg/homedir -github.com/docker/docker/pkg/idtools github.com/docker/docker/pkg/jsonmessage github.com/docker/docker/pkg/namesgenerator github.com/docker/docker/pkg/stdcopy @@ -568,6 +566,9 @@ github.com/moby/buildkit/version # github.com/moby/docker-image-spec v1.3.1 ## explicit; go 1.18 github.com/moby/docker-image-spec/specs-go/v1 +# github.com/moby/go-archive v0.0.0-20250404171912-21f3f3385ab7 +## explicit; go 1.23.0 +github.com/moby/go-archive # github.com/moby/locker v1.0.1 ## explicit; go 1.13 github.com/moby/locker