From 952e53bf58a9e040edf8123357b0d31b39aad3c5 Mon Sep 17 00:00:00 2001 From: Lantao Liu Date: Mon, 9 Jul 2018 00:58:00 -0700 Subject: [PATCH 1/3] Add registry auth config, and use docker resolver in containerd. Signed-off-by: Lantao Liu --- docs/installation.md | 1 - docs/registry.md | 25 ++++++- hack/verify-lint.sh | 2 +- pkg/config/config.go | 24 +++++-- pkg/server/helpers.go | 10 +++ pkg/server/image_pull.go | 71 +++++++++++++++---- pkg/server/image_pull_test.go | 57 +++++++++++++++ .../containerd/remotes/docker/resolver.go | 36 +++++++--- 8 files changed, 198 insertions(+), 28 deletions(-) diff --git a/docs/installation.md b/docs/installation.md index f0e9d5a80615..c3cc1bfee71e 100644 --- a/docs/installation.md +++ b/docs/installation.md @@ -1,4 +1,3 @@ - # Install Containerd with Release Tarball This document provides the steps to install `containerd` and its dependencies with the release tarball, and bring up a Kubernetes cluster using kubeadm. diff --git a/docs/registry.md b/docs/registry.md index d3dba4917a1a..5b084128a694 100644 --- a/docs/registry.md +++ b/docs/registry.md @@ -1,6 +1,7 @@ # Configure Image Registry This document describes the method to configure the image registry for `containerd` for use with the `cri` plugin. +## Configure Registry Endpoint With containerd, `docker.io` is the default image registry. You can also set up other image registries similar to docker. To configure image registries create/modify the `/etc/containerd/config.toml` as follows: @@ -19,4 +20,26 @@ The default configuration can be generated by `containerd config default > /etc/ The endpoint is a list that can contain multiple image registry URLs split by commas. When pulling an image from a registry, containerd will try these endpoint URLs one by one, and use the first working one. -After modify the config file, you need restart the `containerd` service. +After modify this config, you need restart the `containerd` service. + +## Configure Registry Credentials + +`cri` plugin also supports docker like registry credential config. + +To configure a credential for a specific registry endpoint, create/modify the +`/etc/containerd/config.toml` as follows: +```toml +[plugins.cri.registry.auths] + [plugins.cri.registry.auths."https://gcr.io"] + username = "" + password = "" + auth = "" + identitytoken = "" +``` +The meaning of each field is the same with the corresponding field in `.docker/config.json`. + +Please note that auth config passed by CRI takes precedence over this config. +The registry credential in this config will only be used when auth config is +not specified by Kubernetes via CRI. + +After modify this config, you need restart the `containerd` service. diff --git a/hack/verify-lint.sh b/hack/verify-lint.sh index 32731d55c5ad..36ccec1c4614 100755 --- a/hack/verify-lint.sh +++ b/hack/verify-lint.sh @@ -20,7 +20,7 @@ set -o pipefail for d in $(find . -type d -a \( -iwholename './pkg*' -o -iwholename './cmd*' \) -not -iwholename './pkg/api*'); do echo for directory ${d} ... gometalinter \ - --exclude='error return value not checked.*(Close|Log|Print).*\(errcheck\)$' \ + --exclude='error return value not checked.*(Close|Log|Print|Fprint).*\(errcheck\)$' \ --exclude='.*_test\.go:.*error return value not checked.*\(errcheck\)$' \ --exclude='duplicate of.*_test.go.*\(dupl\)$' \ --exclude='.*/mock_.*\.go:.*\(golint\)$' \ diff --git a/pkg/config/config.go b/pkg/config/config.go index 8ec2be834401..e6cefbd4bc43 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -61,16 +61,32 @@ type CniConfig struct { // Mirror contains the config related to the registry mirror type Mirror struct { // Endpoints are endpoints for a namespace. CRI plugin will try the endpoints - // one by one until a working one is found. + // one by one until a working one is found. The endpoint must be a valid url + // with host specified. Endpoints []string `toml:"endpoint" json:"endpoint"` - // TODO (Abhi) We might need to add auth per namespace. Looks like - // image auth information is passed by kube itself. +} + +// AuthConfig contains the config related to authentication to a specific registry +type AuthConfig struct { + // Username is the username to login the registry. + Username string `toml:"username" json:"username"` + // Password is the password to login the registry. + Password string `toml:"password" json:"password"` + // Auth is a base64 encoded string from the concatenation of the username, + // a colon, and the password. + Auth string `toml:"auth" json:"auth"` + // IdentityToken is used to authenticate the user and get + // an access token for the registry. + IdentityToken string `toml:"identitytoken" json:"identitytoken"` } // Registry is registry settings configured type Registry struct { // Mirrors are namespace to mirror mapping for all namespaces. Mirrors map[string]Mirror `toml:"mirrors" json:"mirrors"` + // Auths are registry endpoint to auth config mapping. The registry endpoint must + // be a valid url with host specified. + Auths map[string]AuthConfig `toml:"auths" json:"auths"` } // PluginConfig contains toml config related to CRI plugin, @@ -81,7 +97,7 @@ type PluginConfig struct { // CniConfig contains config related to cni CniConfig `toml:"cni" json:"cni"` // Registry contains config related to the registry - Registry `toml:"registry" json:"registry"` + Registry Registry `toml:"registry" json:"registry"` // StreamServerAddress is the ip address streaming server is listening on. StreamServerAddress string `toml:"stream_server_address" json:"streamServerAddress"` // StreamServerPort is the port streaming server is listening on. diff --git a/pkg/server/helpers.go b/pkg/server/helpers.go index 5bfdb8205554..29f2f9ba48ff 100644 --- a/pkg/server/helpers.go +++ b/pkg/server/helpers.go @@ -444,3 +444,13 @@ func getRuntimeConfigFromContainerInfo(c containers.Container) (criconfig.Runtim r.Root = runtimeOpts.RuntimeRoot return r, nil } + +// toRuntimeAuthConfig converts cri plugin auth config to runtime auth config. +func toRuntimeAuthConfig(a criconfig.AuthConfig) *runtime.AuthConfig { + return &runtime.AuthConfig{ + Username: a.Username, + Password: a.Password, + Auth: a.Auth, + IdentityToken: a.IdentityToken, + } +} diff --git a/pkg/server/image_pull.go b/pkg/server/image_pull.go index 67acddf0f77a..a25d8285e113 100644 --- a/pkg/server/image_pull.go +++ b/pkg/server/image_pull.go @@ -19,18 +19,21 @@ package server import ( "encoding/base64" "net/http" + "net/url" "strings" "github.com/containerd/containerd" "github.com/containerd/containerd/errdefs" containerdimages "github.com/containerd/containerd/images" + "github.com/containerd/containerd/reference" + "github.com/containerd/containerd/remotes" + "github.com/containerd/containerd/remotes/docker" imagespec "github.com/opencontainers/image-spec/specs-go/v1" "github.com/pkg/errors" "github.com/sirupsen/logrus" "golang.org/x/net/context" runtime "k8s.io/kubernetes/pkg/kubelet/apis/cri/runtime/v1alpha2" - containerdresolver "github.com/containerd/cri/pkg/containerd/resolver" imagestore "github.com/containerd/cri/pkg/store/image" "github.com/containerd/cri/pkg/util" ) @@ -87,12 +90,7 @@ func (c *criService) PullImage(ctx context.Context, r *runtime.PullImageRequest) if ref != imageRef { logrus.Debugf("PullImage using normalized image ref: %q", ref) } - resolver := containerdresolver.NewResolver(containerdresolver.Options{ - Credentials: func(string) (string, string, error) { return ParseAuth(r.GetAuth()) }, - Client: http.DefaultClient, - Registry: c.getResolverOptions(), - }) - _, desc, err := resolver.Resolve(ctx, ref) + resolver, desc, err := c.getResolver(ctx, ref, c.credentials(r.GetAuth())) if err != nil { return nil, errors.Wrapf(err, "failed to resolve image %q", ref) } @@ -206,10 +204,59 @@ func (c *criService) createImageReference(ctx context.Context, name string, desc return err } -func (c *criService) getResolverOptions() map[string][]string { - options := make(map[string][]string) - for ns, mirror := range c.config.Mirrors { - options[ns] = append(options[ns], mirror.Endpoints...) +// credentials returns a credential function for docker resolver to use. +func (c *criService) credentials(auth *runtime.AuthConfig) func(string) (string, string, error) { + return func(host string) (string, string, error) { + if auth == nil { + // Get default auth from config. + for h, ac := range c.config.Registry.Auths { + u, err := url.Parse(h) + if err != nil { + return "", "", errors.Wrapf(err, "parse auth host %q", h) + } + if u.Host == host { + auth = toRuntimeAuthConfig(ac) + break + } + } + } + return ParseAuth(auth) + } +} + +// getResolver tries registry mirrors and the default registry, and returns the resolver and descriptor +// from the first working registry. +func (c *criService) getResolver(ctx context.Context, ref string, cred func(string) (string, string, error)) (remotes.Resolver, imagespec.Descriptor, error) { + refspec, err := reference.Parse(ref) + if err != nil { + return nil, imagespec.Descriptor{}, errors.Wrap(err, "parse image reference") + } + // Try mirrors in order first, and then try default host name. + for _, e := range c.config.Registry.Mirrors[refspec.Hostname()].Endpoints { + u, err := url.Parse(e) + if err != nil { + return nil, imagespec.Descriptor{}, errors.Wrapf(err, "parse registry endpoint %q", e) + } + resolver := docker.NewResolver(docker.ResolverOptions{ + Credentials: cred, + Client: http.DefaultClient, + Host: func(string) (string, error) { return u.Host, nil }, + // By default use "https". + PlainHTTP: u.Scheme == "http", + }) + _, desc, err := resolver.Resolve(ctx, ref) + if err == nil { + return resolver, desc, nil + } + // Continue to try next endpoint + } + resolver := docker.NewResolver(docker.ResolverOptions{ + Credentials: cred, + Client: http.DefaultClient, + }) + _, desc, err := resolver.Resolve(ctx, ref) + if err != nil { + return nil, imagespec.Descriptor{}, errors.Wrap(err, "no available registry endpoint") } - return options + return resolver, desc, nil } diff --git a/pkg/server/image_pull_test.go b/pkg/server/image_pull_test.go index 1fa9d77032b4..83b591cf377e 100644 --- a/pkg/server/image_pull_test.go +++ b/pkg/server/image_pull_test.go @@ -22,6 +22,8 @@ import ( "github.com/stretchr/testify/assert" runtime "k8s.io/kubernetes/pkg/kubelet/apis/cri/runtime/v1alpha2" + + criconfig "github.com/containerd/cri/pkg/config" ) func TestParseAuth(t *testing.T) { @@ -72,3 +74,58 @@ func TestParseAuth(t *testing.T) { assert.Equal(t, test.expectedSecret, s) } } + +func TestCredentials(t *testing.T) { + c := newTestCRIService() + c.config.Registry.Auths = map[string]criconfig.AuthConfig{ + "https://test1.io": { + Username: "username1", + Password: "password1", + }, + "http://test2.io": { + Username: "username2", + Password: "password2", + }, + "//test3.io": { + Username: "username3", + Password: "password3", + }, + } + for desc, test := range map[string]struct { + auth *runtime.AuthConfig + host string + expectedUsername string + expectedPassword string + }{ + "auth config from CRI should take precedence": { + auth: &runtime.AuthConfig{ + Username: "username", + Password: "password", + }, + host: "test1.io", + expectedUsername: "username", + expectedPassword: "password", + }, + "should support https host": { + host: "test1.io", + expectedUsername: "username1", + expectedPassword: "password1", + }, + "should support http host": { + host: "test2.io", + expectedUsername: "username2", + expectedPassword: "password2", + }, + "should support hostname only": { + host: "test3.io", + expectedUsername: "username3", + expectedPassword: "password3", + }, + } { + t.Logf("TestCase %q", desc) + username, password, err := c.credentials(test.auth)(test.host) + assert.NoError(t, err) + assert.Equal(t, test.expectedUsername, username) + assert.Equal(t, test.expectedPassword, password) + } +} diff --git a/vendor/github.com/containerd/containerd/remotes/docker/resolver.go b/vendor/github.com/containerd/containerd/remotes/docker/resolver.go index eca02d532cf3..f0a677c83900 100644 --- a/vendor/github.com/containerd/containerd/remotes/docker/resolver.go +++ b/vendor/github.com/containerd/containerd/remotes/docker/resolver.go @@ -53,6 +53,7 @@ var ( type dockerResolver struct { credentials func(string) (string, string, error) + host func(string) (string, error) plainHTTP bool client *http.Client tracker StatusTracker @@ -65,6 +66,9 @@ type ResolverOptions struct { // is interpretted as a long lived token. Credentials func(string) (string, string, error) + // Host provides the hostname given a namespace. + Host func(string) (string, error) + // PlainHTTP specifies to use plain http and not https PlainHTTP bool @@ -77,14 +81,27 @@ type ResolverOptions struct { Tracker StatusTracker } +// DefaultHost is the default host function. +func DefaultHost(ns string) (string, error) { + if ns == "docker.io" { + return "registry-1.docker.io", nil + } + return ns, nil +} + // NewResolver returns a new resolver to a Docker registry func NewResolver(options ResolverOptions) remotes.Resolver { tracker := options.Tracker if tracker == nil { tracker = NewInMemoryTracker() } + host := options.Host + if host == nil { + host = DefaultHost + } return &dockerResolver{ credentials: options.Credentials, + host: host, plainHTTP: options.PlainHTTP, client: options.Client, tracker: tracker, @@ -270,18 +287,19 @@ func (r *dockerResolver) base(refspec reference.Spec) (*dockerBase, error) { ) host := refspec.Hostname() - base.Scheme = "https" - - if host == "docker.io" { - base.Host = "registry-1.docker.io" - } else { - base.Host = host - - if r.plainHTTP || strings.HasPrefix(host, "localhost:") { - base.Scheme = "http" + base.Host = host + if r.host != nil { + base.Host, err = r.host(host) + if err != nil { + return nil, err } } + base.Scheme = "https" + if r.plainHTTP || strings.HasPrefix(base.Host, "localhost:") { + base.Scheme = "http" + } + if r.credentials != nil { username, secret, err = r.credentials(base.Host) if err != nil { From e4ad68098e51838ed05aaaa6728b284d65fba899 Mon Sep 17 00:00:00 2001 From: Lantao Liu Date: Mon, 9 Jul 2018 12:22:23 -0700 Subject: [PATCH 2/3] Remove `pkg/containerd/resolver` package. Signed-off-by: Lantao Liu --- pkg/containerd/resolver/auth.go | 202 ------- pkg/containerd/resolver/fetcher.go | 172 ------ pkg/containerd/resolver/fetcher_test.go | 94 ---- pkg/containerd/resolver/httpreadseeker.go | 148 ----- pkg/containerd/resolver/resolver.go | 622 ---------------------- pkg/containerd/resolver/scope.go | 80 --- pkg/containerd/resolver/scope_test.go | 58 -- pkg/containerd/resolver/status.go | 71 --- 8 files changed, 1447 deletions(-) delete mode 100644 pkg/containerd/resolver/auth.go delete mode 100644 pkg/containerd/resolver/fetcher.go delete mode 100644 pkg/containerd/resolver/fetcher_test.go delete mode 100644 pkg/containerd/resolver/httpreadseeker.go delete mode 100644 pkg/containerd/resolver/resolver.go delete mode 100644 pkg/containerd/resolver/scope.go delete mode 100644 pkg/containerd/resolver/scope_test.go delete mode 100644 pkg/containerd/resolver/status.go diff --git a/pkg/containerd/resolver/auth.go b/pkg/containerd/resolver/auth.go deleted file mode 100644 index 15d406a9300b..000000000000 --- a/pkg/containerd/resolver/auth.go +++ /dev/null @@ -1,202 +0,0 @@ -/* -Copyright 2018 The Containerd Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// The corresponding file is in containerd/remote/docker/ -// This package can be removed once a more feasible and hollistic resolver -// is finalized in containerd. - -package resolver - -import ( - "net/http" - "sort" - "strings" -) - -type authenticationScheme byte - -const ( - basicAuth authenticationScheme = 1 << iota // Defined in RFC 7617 - digestAuth // Defined in RFC 7616 - bearerAuth // Defined in RFC 6750 -) - -// challenge carries information from a WWW-Authenticate response header. -// See RFC 2617. -type challenge struct { - // scheme is the auth-scheme according to RFC 2617 - scheme authenticationScheme - - // parameters are the auth-params according to RFC 2617 - parameters map[string]string -} - -type byScheme []challenge - -func (bs byScheme) Len() int { return len(bs) } -func (bs byScheme) Swap(i, j int) { bs[i], bs[j] = bs[j], bs[i] } - -// Sort in priority order: token > digest > basic -func (bs byScheme) Less(i, j int) bool { return bs[i].scheme > bs[j].scheme } - -// Octet types from RFC 2616. -type octetType byte - -var octetTypes [256]octetType - -const ( - isToken octetType = 1 << iota - isSpace -) - -func init() { - // OCTET = - // CHAR = - // CTL = - // CR = - // LF = - // SP = - // HT = - // <"> = - // CRLF = CR LF - // LWS = [CRLF] 1*( SP | HT ) - // TEXT = - // separators = "(" | ")" | "<" | ">" | "@" | "," | ";" | ":" | "\" | <"> - // | "/" | "[" | "]" | "?" | "=" | "{" | "}" | SP | HT - // token = 1* - // qdtext = > - - for c := 0; c < 256; c++ { - var t octetType - isCtl := c <= 31 || c == 127 - isChar := 0 <= c && c <= 127 - isSeparator := strings.ContainsRune(" \t\"(),/:;<=>?@[]\\{}", rune(c)) - if strings.ContainsRune(" \t\r\n", rune(c)) { - t |= isSpace - } - if isChar && !isCtl && !isSeparator { - t |= isToken - } - octetTypes[c] = t - } -} - -func parseAuthHeader(header http.Header) []challenge { - challenges := []challenge{} - for _, h := range header[http.CanonicalHeaderKey("WWW-Authenticate")] { - v, p := parseValueAndParams(h) - var s authenticationScheme - switch v { - case "basic": - s = basicAuth - case "digest": - s = digestAuth - case "bearer": - s = bearerAuth - default: - continue - } - challenges = append(challenges, challenge{scheme: s, parameters: p}) - } - sort.Stable(byScheme(challenges)) - return challenges -} - -func parseValueAndParams(header string) (value string, params map[string]string) { - params = make(map[string]string) - value, s := expectToken(header) - if value == "" { - return - } - value = strings.ToLower(value) - for { - var pkey string - pkey, s = expectToken(skipSpace(s)) - if pkey == "" { - return - } - if !strings.HasPrefix(s, "=") { - return - } - var pvalue string - pvalue, s = expectTokenOrQuoted(s[1:]) - if pvalue == "" { - return - } - pkey = strings.ToLower(pkey) - params[pkey] = pvalue - s = skipSpace(s) - if !strings.HasPrefix(s, ",") { - return - } - s = s[1:] - } -} - -func skipSpace(s string) (rest string) { - i := 0 - for ; i < len(s); i++ { - if octetTypes[s[i]]&isSpace == 0 { - break - } - } - return s[i:] -} - -func expectToken(s string) (token, rest string) { - i := 0 - for ; i < len(s); i++ { - if octetTypes[s[i]]&isToken == 0 { - break - } - } - return s[:i], s[i:] -} - -func expectTokenOrQuoted(s string) (value string, rest string) { - if !strings.HasPrefix(s, "\"") { - return expectToken(s) - } - s = s[1:] - for i := 0; i < len(s); i++ { - switch s[i] { - case '"': - return s[:i], s[i+1:] - case '\\': - p := make([]byte, len(s)-1) - j := copy(p, s[:i]) - escape := true - for i = i + 1; i < len(s); i++ { - b := s[i] - switch { - case escape: - escape = false - p[j] = b - j++ - case b == '\\': - escape = true - case b == '"': - return string(p[:j]), s[i+1:] - default: - p[j] = b - j++ - } - } - return "", "" - } - } - return "", "" -} diff --git a/pkg/containerd/resolver/fetcher.go b/pkg/containerd/resolver/fetcher.go deleted file mode 100644 index 4e01c3c4b464..000000000000 --- a/pkg/containerd/resolver/fetcher.go +++ /dev/null @@ -1,172 +0,0 @@ -/* -Copyright 2018 The Containerd Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// The corresponding file is in containerd/remote/docker/ -// This package can be removed once a more feasible and hollistic resolver -// is finalized in containerd. - -package resolver - -import ( - "context" - "fmt" - "io" - "io/ioutil" - "net/http" - "path" - "strings" - - "github.com/containerd/containerd/errdefs" - "github.com/containerd/containerd/images" - "github.com/containerd/containerd/log" - ocispec "github.com/opencontainers/image-spec/specs-go/v1" - "github.com/pkg/errors" - "github.com/sirupsen/logrus" -) - -type dockerFetcher struct { - *dockerBase -} - -func (r dockerFetcher) Fetch(ctx context.Context, desc ocispec.Descriptor) (io.ReadCloser, error) { - var bases []string - for _, b := range r.base { - bases = append(bases, b.String()) - } - ctx = log.WithLogger(ctx, log.G(ctx).WithFields( - logrus.Fields{ - "base": bases, - "digest": desc.Digest, - }, - )) - - urls, err := r.getV2URLPaths(ctx, desc) - if err != nil { - return nil, err - } - - ctx, err = contextWithRepositoryScope(ctx, r.refspec, false) - if err != nil { - return nil, err - } - - return newHTTPReadSeeker(desc.Size, func(offset int64) (io.ReadCloser, error) { - for _, u := range urls { - rc, err := r.open(ctx, u, desc.MediaType, offset) - if err != nil { - if errdefs.IsNotFound(err) { - continue // try one of the other urls. - } - - return nil, err - } - - return rc, nil - } - - return nil, errors.Wrapf(errdefs.ErrNotFound, - "could not fetch content descriptor %v (%v) from remote", - desc.Digest, desc.MediaType) - - }) -} - -func (r dockerFetcher) open(ctx context.Context, u, mediatype string, offset int64) (io.ReadCloser, error) { - req, err := http.NewRequest(http.MethodGet, u, nil) - if err != nil { - return nil, err - } - - req.Header.Set("Accept", strings.Join([]string{mediatype, `*`}, ", ")) - - if offset > 0 { - // Note: "Accept-Ranges: bytes" cannot be trusted as some endpoints - // will return the header without supporting the range. The content - // range must always be checked. - req.Header.Set("Range", fmt.Sprintf("bytes=%d-", offset)) - } - - resp, err := r.doRequestWithRetries(ctx, req, nil) - if err != nil { - return nil, err - } - - if resp.StatusCode > 299 { - // TODO(stevvooe): When doing a offset specific request, we should - // really distinguish between a 206 and a 200. In the case of 200, we - // can discard the bytes, hiding the seek behavior from the - // implementation. - - resp.Body.Close() - if resp.StatusCode == http.StatusNotFound { - return nil, errors.Wrapf(errdefs.ErrNotFound, "content at %v not found", u) - } - return nil, errors.Errorf("unexpected status code %v: %v", u, resp.Status) - } - if offset > 0 { - cr := resp.Header.Get("content-range") - if cr != "" { - if !strings.HasPrefix(cr, fmt.Sprintf("bytes %d-", offset)) { - return nil, errors.Errorf("unhandled content range in response: %v", cr) - - } - } else { - // TODO: Should any cases where use of content range - // without the proper header be considerd? - // 206 responses? - - // Discard up to offset - // Could use buffer pool here but this case should be rare - n, err := io.Copy(ioutil.Discard, io.LimitReader(resp.Body, offset)) - if err != nil { - return nil, errors.Wrap(err, "failed to discard to offset") - } - if n != offset { - return nil, errors.Errorf("unable to discard to offset") - } - - } - } - - return resp.Body, nil -} - -// getV2URLPaths generates the candidate urls paths for the object based on the -// set of hints and the provided object id. URLs are returned in the order of -// most to least likely succeed. -func (r *dockerFetcher) getV2URLPaths(ctx context.Context, desc ocispec.Descriptor) ([]string, error) { - var urls []string - - if len(desc.URLs) > 0 { - // handle fetch via external urls. - for _, u := range desc.URLs { - log.G(ctx).WithField("url", u).Debug("adding alternative url") - urls = append(urls, u) - } - } - - switch desc.MediaType { - case images.MediaTypeDockerSchema2Manifest, images.MediaTypeDockerSchema2ManifestList, - images.MediaTypeDockerSchema1Manifest, - ocispec.MediaTypeImageManifest, ocispec.MediaTypeImageIndex: - urls = append(urls, r.urls(path.Join("manifests", desc.Digest.String()))...) - } - - // always fallback to attempting to get the object out of the blobs store. - urls = append(urls, r.urls(path.Join("blobs", desc.Digest.String()))...) - - return urls, nil -} diff --git a/pkg/containerd/resolver/fetcher_test.go b/pkg/containerd/resolver/fetcher_test.go deleted file mode 100644 index 8c71522a8c23..000000000000 --- a/pkg/containerd/resolver/fetcher_test.go +++ /dev/null @@ -1,94 +0,0 @@ -/* -Copyright 2018 The Containerd Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package resolver - -import ( - "context" - "fmt" - "io/ioutil" - "math/rand" - "net/http" - "net/http/httptest" - "testing" -) - -func TestFetcherOpen(t *testing.T) { - content := make([]byte, 128) - rand.New(rand.NewSource(1)).Read(content) - start := 0 - - s := httptest.NewServer(http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) { - if start > 0 { - rw.Header().Set("content-range", fmt.Sprintf("bytes %d-127/128", start)) - } - rw.Header().Set("content-length", fmt.Sprintf("%d", len(content[start:]))) - rw.Write(content[start:]) - })) - defer s.Close() - - f := dockerFetcher{&dockerBase{ - client: s.Client(), - }} - ctx := context.Background() - - checkReader := func(o int64) { - t.Helper() - rc, err := f.open(ctx, s.URL, "", o) - if err != nil { - t.Fatalf("failed to open: %+v", err) - } - b, err := ioutil.ReadAll(rc) - if err != nil { - t.Fatal(err) - } - expected := content[o:] - if len(b) != len(expected) { - t.Errorf("unexpected length %d, expected %d", len(b), len(expected)) - return - } - for i, c := range expected { - if b[i] != c { - t.Errorf("unexpected byte %x at %d, expected %x", b[i], i, c) - return - } - } - - } - - checkReader(0) - - // Test server ignores content range - checkReader(25) - - // Use content range on server - start = 20 - checkReader(20) - - // Check returning just last byte and no bytes - start = 127 - checkReader(127) - start = 128 - checkReader(128) - - // Check that server returning a different content range - // then requested errors - start = 30 - _, err := f.open(ctx, s.URL, "", 20) - if err == nil { - t.Fatal("expected error opening with invalid server response") - } -} diff --git a/pkg/containerd/resolver/httpreadseeker.go b/pkg/containerd/resolver/httpreadseeker.go deleted file mode 100644 index 16af3d7e40ef..000000000000 --- a/pkg/containerd/resolver/httpreadseeker.go +++ /dev/null @@ -1,148 +0,0 @@ -/* -Copyright 2018 The Containerd Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// The corresponding file is in containerd/remote/docker/. -// This package can be removed once a more feasible and hollistic resolver -// is finalized in containerd. - -package resolver - -import ( - "bytes" - "io" - "io/ioutil" - - "github.com/containerd/containerd/errdefs" - "github.com/containerd/containerd/log" - "github.com/pkg/errors" -) - -type httpReadSeeker struct { - size int64 - offset int64 - rc io.ReadCloser - open func(offset int64) (io.ReadCloser, error) - closed bool -} - -func newHTTPReadSeeker(size int64, open func(offset int64) (io.ReadCloser, error)) (io.ReadCloser, error) { - return &httpReadSeeker{ - size: size, - open: open, - }, nil -} - -func (hrs *httpReadSeeker) Read(p []byte) (n int, err error) { - if hrs.closed { - return 0, io.EOF - } - - rd, err := hrs.reader() - if err != nil { - return 0, err - } - - n, err = rd.Read(p) - hrs.offset += int64(n) - return -} - -func (hrs *httpReadSeeker) Close() error { - if hrs.closed { - return nil - } - hrs.closed = true - if hrs.rc != nil { - return hrs.rc.Close() - } - - return nil -} - -func (hrs *httpReadSeeker) Seek(offset int64, whence int) (int64, error) { - if hrs.closed { - return 0, errors.Wrap(errdefs.ErrUnavailable, "Fetcher.Seek: closed") - } - - abs := hrs.offset - switch whence { - case io.SeekStart: - abs = offset - case io.SeekCurrent: - abs += offset - case io.SeekEnd: - if hrs.size == -1 { - return 0, errors.Wrap(errdefs.ErrUnavailable, "Fetcher.Seek: unknown size, cannot seek from end") - } - abs = hrs.size + offset - default: - return 0, errors.Wrap(errdefs.ErrInvalidArgument, "Fetcher.Seek: invalid whence") - } - - if abs < 0 { - return 0, errors.Wrapf(errdefs.ErrInvalidArgument, "Fetcher.Seek: negative offset") - } - - if abs != hrs.offset { - if hrs.rc != nil { - if err := hrs.rc.Close(); err != nil { - log.L.WithError(err).Errorf("Fetcher.Seek: failed to close ReadCloser") - } - - hrs.rc = nil - } - - hrs.offset = abs - } - - return hrs.offset, nil -} - -func (hrs *httpReadSeeker) reader() (io.Reader, error) { - if hrs.rc != nil { - return hrs.rc, nil - } - - if hrs.size == -1 || hrs.offset < hrs.size { - // only try to reopen the body request if we are seeking to a value - // less than the actual size. - if hrs.open == nil { - return nil, errors.Wrapf(errdefs.ErrNotImplemented, "cannot open") - } - - rc, err := hrs.open(hrs.offset) - if err != nil { - return nil, errors.Wrapf(err, "httpReaderSeeker: failed open") - } - - if hrs.rc != nil { - if err := hrs.rc.Close(); err != nil { - log.L.WithError(err).Errorf("httpReadSeeker: failed to close ReadCloser") - } - } - hrs.rc = rc - } else { - // There is an edge case here where offset == size of the content. If - // we seek, we will probably get an error for content that cannot be - // sought (?). In that case, we should err on committing the content, - // as the length is already satisified but we just return the empty - // reader instead. - - hrs.rc = ioutil.NopCloser(bytes.NewReader([]byte{})) - } - - return hrs.rc, nil -} diff --git a/pkg/containerd/resolver/resolver.go b/pkg/containerd/resolver/resolver.go deleted file mode 100644 index 3130b7876f8a..000000000000 --- a/pkg/containerd/resolver/resolver.go +++ /dev/null @@ -1,622 +0,0 @@ -/* -Copyright 2018 The Containerd Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package resolver - -import ( - "context" - "encoding/json" - "fmt" - "io" - "io/ioutil" - "net/http" - "net/url" - "path" - "strconv" - "strings" - "sync" - "time" - - "github.com/containerd/containerd/images" - "github.com/containerd/containerd/log" - "github.com/containerd/containerd/reference" - "github.com/containerd/containerd/remotes" - digest "github.com/opencontainers/go-digest" - ocispec "github.com/opencontainers/image-spec/specs-go/v1" - "github.com/pkg/errors" - "github.com/sirupsen/logrus" - "golang.org/x/net/context/ctxhttp" -) - -// This file is a modified copy of containerd/remote/docker/resolver.go. -// The changes carried over by this file includes support for image ref -// resolution and fetching image using multiple registry mirror urls. A new -// ResolverOption called Registry is added. Registry will contain a map -// of namespace relevant mirror urls. The client will use the ResolverOptions -// to set the urls associated with the namespace of the image reference. -// This package can be removed once a more feasible and hollistic resolver -// is finalized in containerd. The specific changes are made to the base -// function to calculate the base urls for the image location. urls() is -// added to fetch the mirror urls associated with the namespace of the image -// ResolverOptions are changed for client to set the namespace and mirror urls -// for to pull the image. - -var ( - // ErrNoToken is returned if a request is successful but the body does not - // contain an authorization token. - ErrNoToken = errors.New("authorization server did not include a token in the response") - - // ErrInvalidAuthorization is used when credentials are passed to a server but - // those credentials are rejected. - ErrInvalidAuthorization = errors.New("authorization failed") -) - -type containerdResolver struct { - credentials func(string) (string, string, error) - plainHTTP bool - client *http.Client - tracker StatusTracker - registry map[string][]string -} - -// Options are used to configured a new Docker register resolver -type Options struct { - // Credentials provides username and secret given a host. - // If username is empty but a secret is given, that secret - // is interpretted as a long lived token. - Credentials func(string) (string, string, error) - - // PlainHTTP specifies to use plain http and not https - PlainHTTP bool - - // Client is the http client to used when making registry requests - Client *http.Client - - // Tracker is used to track uploads to the registry. This is used - // since the registry does not have upload tracking and the existing - // mechanism for getting blob upload status is expensive. - Tracker StatusTracker - - Registry map[string][]string -} - -// NewResolver returns a new resolver to a Docker registry -func NewResolver(options Options) remotes.Resolver { - tracker := options.Tracker - if tracker == nil { - tracker = NewInMemoryTracker() - } - - return &containerdResolver{ - credentials: options.Credentials, - plainHTTP: options.PlainHTTP, - client: options.Client, - tracker: tracker, - registry: options.Registry, - } -} - -var _ remotes.Resolver = &containerdResolver{} - -func (r *containerdResolver) Resolve(ctx context.Context, ref string) (string, ocispec.Descriptor, error) { - refspec, err := reference.Parse(ref) - if err != nil { - return "", ocispec.Descriptor{}, err - } - - if refspec.Object == "" { - return "", ocispec.Descriptor{}, reference.ErrObjectRequired - } - - base, err := r.base(refspec) - if err != nil { - return "", ocispec.Descriptor{}, err - } - - fetcher := dockerFetcher{ - dockerBase: base, - } - - var ( - urls []string - dgst = refspec.Digest() - ) - - if dgst != "" { - if err := dgst.Validate(); err != nil { - // need to fail here, since we can't actually resolve the invalid - // digest. - return "", ocispec.Descriptor{}, err - } - - // turns out, we have a valid digest, make a url. - urls = append(urls, fetcher.urls("manifests", dgst.String())...) - - // fallback to blobs on not found. - urls = append(urls, fetcher.urls("blobs", dgst.String())...) - } else { - urls = append(urls, fetcher.urls("manifests", refspec.Object)...) - } - - ctx, err = contextWithRepositoryScope(ctx, refspec, false) - if err != nil { - return "", ocispec.Descriptor{}, err - } - for _, u := range urls { - log.G(ctx).WithFields(logrus.Fields{ - "url": u, - }).Debug("Trying to fetch from url") - req, err := http.NewRequest(http.MethodHead, u, nil) - if err != nil { - return "", ocispec.Descriptor{}, err - } - - // set headers for all the types we support for resolution. - req.Header.Set("Accept", strings.Join([]string{ - images.MediaTypeDockerSchema2Manifest, - images.MediaTypeDockerSchema2ManifestList, - ocispec.MediaTypeImageManifest, - ocispec.MediaTypeImageIndex, "*"}, ", ")) - - log.G(ctx).Info("resolving") - resp, err := fetcher.doRequestWithRetries(ctx, req, nil) - if err != nil { - return "", ocispec.Descriptor{}, err - } - resp.Body.Close() // don't care about body contents. - - if resp.StatusCode > 299 { - if resp.StatusCode == http.StatusNotFound { - continue - } - return "", ocispec.Descriptor{}, errors.Errorf("unexpected status code %v: %v", u, resp.Status) - } - - // this is the only point at which we trust the registry. we use the - // content headers to assemble a descriptor for the name. when this becomes - // more robust, we mostly get this information from a secure trust store. - dgstHeader := digest.Digest(resp.Header.Get("Docker-Content-Digest")) - - if dgstHeader != "" { - if err := dgstHeader.Validate(); err != nil { - return "", ocispec.Descriptor{}, errors.Wrapf(err, "%q in header not a valid digest", dgstHeader) - } - dgst = dgstHeader - } - - if dgst == "" { - return "", ocispec.Descriptor{}, errors.Errorf("could not resolve digest for %v", ref) - } - - var ( - size int64 - sizeHeader = resp.Header.Get("Content-Length") - ) - - size, err = strconv.ParseInt(sizeHeader, 10, 64) - if err != nil { - - return "", ocispec.Descriptor{}, errors.Wrapf(err, "invalid size header: %q", sizeHeader) - } - if size < 0 { - return "", ocispec.Descriptor{}, errors.Errorf("%q in header not a valid size", sizeHeader) - } - - desc := ocispec.Descriptor{ - Digest: dgst, - MediaType: resp.Header.Get("Content-Type"), // need to strip disposition? - Size: size, - } - - log.G(ctx).WithField("desc.digest", desc.Digest).Debug("resolved") - return ref, desc, nil - } - - return "", ocispec.Descriptor{}, errors.Errorf("%v not found", ref) -} - -func (r *containerdResolver) Fetcher(ctx context.Context, ref string) (remotes.Fetcher, error) { - refspec, err := reference.Parse(ref) - if err != nil { - return nil, err - } - - base, err := r.base(refspec) - if err != nil { - return nil, err - } - - return dockerFetcher{ - dockerBase: base, - }, nil -} - -func (r *containerdResolver) Pusher(ctx context.Context, ref string) (remotes.Pusher, error) { - return nil, nil -} - -type dockerBase struct { - refspec reference.Spec - base []url.URL - - client *http.Client - useBasic bool - username, secret string - token string - mu sync.Mutex -} - -func (r *containerdResolver) base(refspec reference.Spec) (*dockerBase, error) { - var ( - err error - base []url.URL - username, secret string - ) - - host := refspec.Hostname() - prefix := strings.TrimPrefix(refspec.Locator, host+"/") - - if urls, ok := r.registry[host]; ok { - urls, err := r.getV2Urls(urls, prefix) - if err != nil { - return nil, errors.Wrap(err, "failed to fetch v2 urls") - } - base = append(base, urls...) - } else if host == "docker.io" { - base = append(base, []url.URL{{Host: "registry-1.docker.io", Scheme: "https", Path: path.Join("/v2", prefix)}}...) - } else { - scheme := "https" - if r.plainHTTP || strings.HasPrefix(host, "localhost:") { - scheme = "http" - } - base = append(base, []url.URL{{Host: host, Scheme: scheme, Path: path.Join("/v2", prefix)}}...) - } - - if r.credentials != nil { - username, secret, err = r.credentials(base[0].Host) - if err != nil { - return nil, err - } - } - - return &dockerBase{ - refspec: refspec, - base: base, - client: r.client, - username: username, - secret: secret, - }, nil -} - -func (r *dockerBase) getToken() string { - r.mu.Lock() - defer r.mu.Unlock() - - return r.token -} - -func (r *dockerBase) setToken(token string) bool { - r.mu.Lock() - defer r.mu.Unlock() - - changed := r.token != token - r.token = token - - return changed -} - -func (r *dockerBase) urls(ps ...string) []string { - urls := []string{} - for _, url := range r.base { - url.Path = path.Join(url.Path, path.Join(ps...)) - urls = append(urls, url.String()) - } - return urls -} - -func (r *dockerBase) authorize(req *http.Request) { - token := r.getToken() - if r.useBasic { - req.SetBasicAuth(r.username, r.secret) - } else if token != "" { - req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", token)) - } -} - -func (r *dockerBase) doRequest(ctx context.Context, req *http.Request) (*http.Response, error) { - ctx = log.WithLogger(ctx, log.G(ctx).WithField("url", req.URL.String())) - log.G(ctx).WithField("request.headers", req.Header).WithField("request.method", req.Method).Debug("do request") - r.authorize(req) - resp, err := ctxhttp.Do(ctx, r.client, req) - if err != nil { - return nil, errors.Wrap(err, "failed to do request") - } - log.G(ctx).WithFields(logrus.Fields{ - "status": resp.Status, - "response.headers": resp.Header, - }).Debug("fetch response received") - return resp, nil -} - -func (r *dockerBase) doRequestWithRetries(ctx context.Context, req *http.Request, responses []*http.Response) (*http.Response, error) { - resp, err := r.doRequest(ctx, req) - if err != nil { - return nil, err - } - - responses = append(responses, resp) - req, err = r.retryRequest(ctx, req, responses) - if err != nil { - resp.Body.Close() - return nil, err - } - if req != nil { - resp.Body.Close() - return r.doRequestWithRetries(ctx, req, responses) - } - return resp, err -} - -func (r *dockerBase) retryRequest(ctx context.Context, req *http.Request, responses []*http.Response) (*http.Request, error) { - if len(responses) > 5 { - return nil, nil - } - last := responses[len(responses)-1] - if last.StatusCode == http.StatusUnauthorized { - log.G(ctx).WithField("header", last.Header.Get("WWW-Authenticate")).Debug("Unauthorized") - for _, c := range parseAuthHeader(last.Header) { - if c.scheme == bearerAuth { - if err := invalidAuthorization(c, responses); err != nil { - r.setToken("") - return nil, err - } - if err := r.setTokenAuth(ctx, c.parameters); err != nil { - return nil, err - } - return copyRequest(req) - } else if c.scheme == basicAuth { - if r.username != "" && r.secret != "" { - r.useBasic = true - } - return copyRequest(req) - } - } - return nil, nil - } else if last.StatusCode == http.StatusMethodNotAllowed && req.Method == http.MethodHead { - // Support registries which have not properly implemented the HEAD method for - // manifests endpoint - if strings.Contains(req.URL.Path, "/manifests/") { - // TODO: copy request? - req.Method = http.MethodGet - return copyRequest(req) - } - } - - // TODO: Handle 50x errors accounting for attempt history - return nil, nil -} - -func invalidAuthorization(c challenge, responses []*http.Response) error { - errStr := c.parameters["error"] - if errStr == "" { - return nil - } - - n := len(responses) - if n == 1 || (n > 1 && !sameRequest(responses[n-2].Request, responses[n-1].Request)) { - return nil - } - - return errors.Wrapf(ErrInvalidAuthorization, "server message: %s", errStr) -} - -func sameRequest(r1, r2 *http.Request) bool { - if r1.Method != r2.Method { - return false - } - if *r1.URL != *r2.URL { - return false - } - return true -} - -func copyRequest(req *http.Request) (*http.Request, error) { - ireq := *req - if ireq.GetBody != nil { - var err error - ireq.Body, err = ireq.GetBody() - if err != nil { - return nil, err - } - } - return &ireq, nil -} - -func (r *dockerBase) setTokenAuth(ctx context.Context, params map[string]string) error { - realm, ok := params["realm"] - if !ok { - return errors.New("no realm specified for token auth challenge") - } - - realmURL, err := url.Parse(realm) - if err != nil { - return errors.Wrap(err, "invalid token auth challenge realm") - } - - to := tokenOptions{ - realm: realmURL.String(), - service: params["service"], - } - - to.scopes = getTokenScopes(ctx, params) - if len(to.scopes) == 0 { - return errors.New("no scope specified for token auth challenge") - } - - var token string - if r.secret != "" { - // Credential information is provided, use oauth POST endpoint - token, err = r.fetchTokenWithOAuth(ctx, to) - if err != nil { - return errors.Wrap(err, "failed to fetch oauth token") - } - } else { - // Do request anonymously - token, err = r.fetchToken(ctx, to) - if err != nil { - return errors.Wrap(err, "failed to fetch anonymous token") - } - } - r.setToken(token) - - return nil -} - -type tokenOptions struct { - realm string - service string - scopes []string -} - -type postTokenResponse struct { - AccessToken string `json:"access_token"` - RefreshToken string `json:"refresh_token"` - ExpiresIn int `json:"expires_in"` - IssuedAt time.Time `json:"issued_at"` - Scope string `json:"scope"` -} - -func (r *dockerBase) fetchTokenWithOAuth(ctx context.Context, to tokenOptions) (string, error) { - form := url.Values{} - form.Set("scope", strings.Join(to.scopes, " ")) - form.Set("service", to.service) - // TODO: Allow setting client_id - form.Set("client_id", "containerd-dist-tool") - - if r.username == "" { - form.Set("grant_type", "refresh_token") - form.Set("refresh_token", r.secret) - } else { - form.Set("grant_type", "password") - form.Set("username", r.username) - form.Set("password", r.secret) - } - - resp, err := ctxhttp.PostForm(ctx, r.client, to.realm, form) - if err != nil { - return "", err - } - defer resp.Body.Close() - - // Registries without support for POST may return 404 for POST /v2/token. - // As of September 2017, GCR is known to return 404. - if (resp.StatusCode == 405 && r.username != "") || resp.StatusCode == 404 || resp.StatusCode == 401 { - return r.fetchToken(ctx, to) - } else if resp.StatusCode < 200 || resp.StatusCode >= 400 { - b, _ := ioutil.ReadAll(io.LimitReader(resp.Body, 64000)) // 64KB - log.G(ctx).WithFields(logrus.Fields{ - "status": resp.Status, - "body": string(b), - }).Debugf("token request failed") - // TODO: handle error body and write debug output - return "", errors.Errorf("unexpected status: %s", resp.Status) - } - - decoder := json.NewDecoder(resp.Body) - - var tr postTokenResponse - if err = decoder.Decode(&tr); err != nil { - return "", errors.Wrap(err, "unable to decode token response") - } - - return tr.AccessToken, nil -} - -type getTokenResponse struct { - Token string `json:"token"` - AccessToken string `json:"access_token"` - ExpiresIn int `json:"expires_in"` - IssuedAt time.Time `json:"issued_at"` - RefreshToken string `json:"refresh_token"` -} - -// fetchToken fetches a token using a GET request -func (r *dockerBase) fetchToken(ctx context.Context, to tokenOptions) (string, error) { - req, err := http.NewRequest("GET", to.realm, nil) - if err != nil { - return "", err - } - - reqParams := req.URL.Query() - - if to.service != "" { - reqParams.Add("service", to.service) - } - - for _, scope := range to.scopes { - reqParams.Add("scope", scope) - } - - if r.secret != "" { - req.SetBasicAuth(r.username, r.secret) - } - - req.URL.RawQuery = reqParams.Encode() - - resp, err := ctxhttp.Do(ctx, r.client, req) - if err != nil { - return "", err - } - defer resp.Body.Close() - - if resp.StatusCode < 200 || resp.StatusCode >= 400 { - // TODO: handle error body and write debug output - return "", errors.Errorf("unexpected status: %s", resp.Status) - } - - decoder := json.NewDecoder(resp.Body) - - var tr getTokenResponse - if err = decoder.Decode(&tr); err != nil { - return "", errors.Wrap(err, "unable to decode token response") - } - - // `access_token` is equivalent to `token` and if both are specified - // the choice is undefined. Canonicalize `access_token` by sticking - // things in `token`. - if tr.AccessToken != "" { - tr.Token = tr.AccessToken - } - - if tr.Token == "" { - return "", ErrNoToken - } - - return tr.Token, nil -} - -func (r *containerdResolver) getV2Urls(urls []string, imagePath string) ([]url.URL, error) { - v2Urls := []url.URL{} - for _, u := range urls { - v2Url, err := url.Parse(u) - if err != nil { - return nil, errors.Wrapf(err, "failed to parse url during getv2 urls: %+v", u) - } - v2Url.Path = path.Join("/v2", imagePath) - v2Urls = append(v2Urls, *v2Url) - } - return v2Urls, nil -} diff --git a/pkg/containerd/resolver/scope.go b/pkg/containerd/resolver/scope.go deleted file mode 100644 index c8ced9179e0e..000000000000 --- a/pkg/containerd/resolver/scope.go +++ /dev/null @@ -1,80 +0,0 @@ -/* -Copyright 2018 The Containerd Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// The corresponding file is in containerd/remote/docker/. -// This package can be removed once a more feasible and hollistic resolver -// is finalized in containerd. - -package resolver - -import ( - "context" - "net/url" - "sort" - "strings" - - "github.com/containerd/containerd/reference" -) - -// repositoryScope returns a repository scope string such as "repository:foo/bar:pull" -// for "host/foo/bar:baz". -// When push is true, both pull and push are added to the scope. -func repositoryScope(refspec reference.Spec, push bool) (string, error) { - u, err := url.Parse("dummy://" + refspec.Locator) - if err != nil { - return "", err - } - s := "repository:" + strings.TrimPrefix(u.Path, "/") + ":pull" - if push { - s += ",push" - } - return s, nil -} - -// tokenScopesKey is used for the key for context.WithValue(). -// value: []string (e.g. {"registry:foo/bar:pull"}) -type tokenScopesKey struct{} - -// contextWithRepositoryScope returns a context with tokenScopesKey{} and the repository scope value. -func contextWithRepositoryScope(ctx context.Context, refspec reference.Spec, push bool) (context.Context, error) { - s, err := repositoryScope(refspec, push) - if err != nil { - return nil, err - } - return context.WithValue(ctx, tokenScopesKey{}, []string{s}), nil -} - -// getTokenScopes returns deduplicated and sorted scopes from ctx.Value(tokenScopesKey{}) and params["scope"]. -func getTokenScopes(ctx context.Context, params map[string]string) []string { - var scopes []string - if x := ctx.Value(tokenScopesKey{}); x != nil { - scopes = append(scopes, x.([]string)...) - } - if scope, ok := params["scope"]; ok { - for _, s := range scopes { - // Note: this comparison is unaware of the scope grammar (https://docs.docker.com/registry/spec/auth/scope/) - // So, "repository:foo/bar:pull,push" != "repository:foo/bar:push,pull", although semantically they are equal. - if s == scope { - // already appended - goto Sort - } - } - scopes = append(scopes, scope) - } -Sort: - sort.Strings(scopes) - return scopes -} diff --git a/pkg/containerd/resolver/scope_test.go b/pkg/containerd/resolver/scope_test.go deleted file mode 100644 index f620dd4e6519..000000000000 --- a/pkg/containerd/resolver/scope_test.go +++ /dev/null @@ -1,58 +0,0 @@ -/* -Copyright 2018 The Containerd Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// The corresponding file is in containerd/remote/docker/. -// This package can be removed once a more feasible and hollistic resolver -// is finalized in containerd. - -package resolver - -import ( - "testing" - - "github.com/containerd/containerd/reference" - "github.com/stretchr/testify/assert" -) - -func TestRepositoryScope(t *testing.T) { - testCases := []struct { - refspec reference.Spec - push bool - expected string - }{ - { - refspec: reference.Spec{ - Locator: "host/foo/bar", - Object: "ignored", - }, - push: false, - expected: "repository:foo/bar:pull", - }, - { - refspec: reference.Spec{ - Locator: "host:4242/foo/bar", - Object: "ignored", - }, - push: true, - expected: "repository:foo/bar:pull,push", - }, - } - for _, x := range testCases { - actual, err := repositoryScope(x.refspec, x.push) - assert.NoError(t, err) - assert.Equal(t, x.expected, actual) - } -} diff --git a/pkg/containerd/resolver/status.go b/pkg/containerd/resolver/status.go deleted file mode 100644 index 5ffcdaec03ea..000000000000 --- a/pkg/containerd/resolver/status.go +++ /dev/null @@ -1,71 +0,0 @@ -/* -Copyright 2018 The Containerd Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// The corresponding file is in containerd/remote/docker/. -// This package can be removed once a more feasible and hollistic resolver -// is finalized in containerd. - -package resolver - -import ( - "sync" - - "github.com/containerd/containerd/content" - "github.com/containerd/containerd/errdefs" - "github.com/pkg/errors" -) - -// Status of a content operation -type Status struct { - content.Status - - // UploadUUID is used by the Docker registry to reference blob uploads - UploadUUID string -} - -// StatusTracker to track status of operations -type StatusTracker interface { - GetStatus(string) (Status, error) - SetStatus(string, Status) -} - -type memoryStatusTracker struct { - statuses map[string]Status - m sync.Mutex -} - -// NewInMemoryTracker returns a StatusTracker that tracks content status in-memory -func NewInMemoryTracker() StatusTracker { - return &memoryStatusTracker{ - statuses: map[string]Status{}, - } -} - -func (t *memoryStatusTracker) GetStatus(ref string) (Status, error) { - t.m.Lock() - defer t.m.Unlock() - status, ok := t.statuses[ref] - if !ok { - return Status{}, errors.Wrapf(errdefs.ErrNotFound, "status for ref %v", ref) - } - return status, nil -} - -func (t *memoryStatusTracker) SetStatus(ref string, status Status) { - t.m.Lock() - t.statuses[ref] = status - t.m.Unlock() -} From 1d9a754f6acd19d09403d4f4bb82578df9c57e33 Mon Sep 17 00:00:00 2001 From: Lantao Liu Date: Tue, 10 Jul 2018 19:02:52 -0700 Subject: [PATCH 3/3] Update containerd to b382b6fe0bdbf7604c0a4f5c2089c0b159ad58b2. Signed-off-by: Lantao Liu --- vendor.conf | 12 +- .../containerd/console/console_linux.go | 4 + .../containerd/containerd/cio/io.go | 11 + .../containerd/cmd/containerd/command/main.go | 1 + .../cmd/containerd/command/oci-hook.go | 136 ++ .../containerd/cmd/ctr/commands/commands.go | 62 + .../cmd/ctr/commands/commands_unix.go | 33 + .../cmd/ctr/commands/containers/containers.go | 6 +- .../cmd/ctr/commands/plugins/plugins.go | 9 + .../containerd/cmd/ctr/commands/run/run.go | 60 +- .../cmd/ctr/commands/run/run_unix.go | 14 +- .../containerd/cmd/ctr/commands/shim/shim.go | 4 +- .../cmd/ctr/commands/tasks/delete.go | 4 +- .../containerd/containerd/container.go | 9 +- .../containerd/contrib/nvidia/nvidia.go | 185 +++ .../containerd/containerd/images/image.go | 17 +- .../containerd/containerd/oci/spec_unix.go | 2 + .../containerd/platforms/database.go | 11 +- .../containerd/platforms/platforms.go | 11 +- .../containerd/remotes/docker/pusher.go | 15 +- .../remotes/docker/schema1/converter.go | 10 +- .../containerd/runtime/linux/bundle.go | 4 +- .../runtime/linux/proc/deleted_state.go | 3 +- .../containerd/runtime/linux/proc/exec.go | 7 +- .../containerd/runtime/linux/proc/init.go | 15 +- .../runtime/linux/proc/init_state.go | 15 +- .../containerd/runtime/linux/proc/process.go | 63 - .../containerd/runtime/linux/process.go | 4 +- .../containerd/runtime/linux/runtime.go | 2 +- .../containerd/runtime/linux/task.go | 6 +- .../containerd/runtime/proc/proc.go | 83 + .../runtime/{linux => }/shim/client/client.go | 7 +- .../{linux => }/shim/client/client_linux.go | 0 .../{linux => }/shim/client/client_unix.go | 0 .../runtime/{linux => }/shim/local.go | 2 +- .../runtime/{linux => }/shim/reaper.go | 0 .../runtime/{linux => }/shim/service.go | 9 +- .../runtime/{linux => }/shim/service_linux.go | 0 .../runtime/{linux => }/shim/service_unix.go | 0 .../runtime/{linux => }/shim/v1/doc.go | 0 .../runtime/{linux => }/shim/v1/shim.pb.go | 150 +- .../runtime/{linux => }/shim/v1/shim.proto | 2 +- .../containerd/containerd/vendor.conf | 37 +- .../{stevvooe => containerd}/ttrpc/LICENSE | 0 .../{stevvooe => containerd}/ttrpc/README.md | 4 +- .../{stevvooe => containerd}/ttrpc/channel.go | 16 + .../{stevvooe => containerd}/ttrpc/client.go | 20 +- vendor/github.com/containerd/ttrpc/codec.go | 42 + vendor/github.com/containerd/ttrpc/config.go | 39 + .../ttrpc/handshake.go | 16 + .../{stevvooe => containerd}/ttrpc/server.go | 31 +- .../ttrpc/services.go | 16 + .../{stevvooe => containerd}/ttrpc/types.go | 16 + .../ttrpc/unixcreds_linux.go | 16 + vendor/github.com/containerd/typeurl/types.go | 16 + .../docker/docker/contrib/README.md | 4 - .../docker/docker/contrib/nnp-test/nnp-test.c | 10 - .../docker/docker/contrib/syscall-test/acct.c | 16 - .../docker/contrib/syscall-test/exit32.s | 7 - .../docker/docker/contrib/syscall-test/ns.c | 63 - .../docker/docker/contrib/syscall-test/raw.c | 14 - .../docker/contrib/syscall-test/setgid.c | 11 - .../docker/contrib/syscall-test/setuid.c | 11 - .../docker/contrib/syscall-test/socket.c | 30 - .../docker/contrib/syscall-test/userns.c | 63 - vendor/github.com/stevvooe/ttrpc/codec.go | 26 - vendor/github.com/stevvooe/ttrpc/config.go | 23 - .../x/crypto/otr/libotr_test_helper.c | 197 --- vendor/golang.org/x/crypto/otr/otr.go | 1415 ----------------- vendor/golang.org/x/crypto/otr/smp.go | 572 ------- vendor/golang.org/x/crypto/ssh/test/doc.go | 7 - .../x/crypto/ssh/test/sshd_test_pw.c | 173 -- vendor/golang.org/x/sys/windows/svc/event.go | 48 - vendor/golang.org/x/sys/windows/svc/go12.c | 24 - vendor/golang.org/x/sys/windows/svc/go12.go | 11 - vendor/golang.org/x/sys/windows/svc/go13.go | 31 - .../golang.org/x/sys/windows/svc/security.go | 62 - .../golang.org/x/sys/windows/svc/service.go | 363 ----- vendor/golang.org/x/sys/windows/svc/sys_386.s | 68 - .../golang.org/x/sys/windows/svc/sys_amd64.s | 42 - vendor/k8s.io/kubernetes/build/README.md | 129 -- vendor/k8s.io/kubernetes/build/pause/orphan.c | 36 - vendor/k8s.io/kubernetes/build/pause/pause.c | 68 - 83 files changed, 954 insertions(+), 3827 deletions(-) create mode 100644 vendor/github.com/containerd/containerd/cmd/containerd/command/oci-hook.go create mode 100644 vendor/github.com/containerd/containerd/cmd/ctr/commands/commands_unix.go create mode 100644 vendor/github.com/containerd/containerd/contrib/nvidia/nvidia.go create mode 100644 vendor/github.com/containerd/containerd/runtime/proc/proc.go rename vendor/github.com/containerd/containerd/runtime/{linux => }/shim/client/client.go (97%) rename vendor/github.com/containerd/containerd/runtime/{linux => }/shim/client/client_linux.go (100%) rename vendor/github.com/containerd/containerd/runtime/{linux => }/shim/client/client_unix.go (100%) rename vendor/github.com/containerd/containerd/runtime/{linux => }/shim/local.go (98%) rename vendor/github.com/containerd/containerd/runtime/{linux => }/shim/reaper.go (100%) rename vendor/github.com/containerd/containerd/runtime/{linux => }/shim/service.go (98%) rename vendor/github.com/containerd/containerd/runtime/{linux => }/shim/service_linux.go (100%) rename vendor/github.com/containerd/containerd/runtime/{linux => }/shim/service_unix.go (100%) rename vendor/github.com/containerd/containerd/runtime/{linux => }/shim/v1/doc.go (100%) rename vendor/github.com/containerd/containerd/runtime/{linux => }/shim/v1/shim.pb.go (93%) rename vendor/github.com/containerd/containerd/runtime/{linux => }/shim/v1/shim.proto (97%) rename vendor/github.com/{stevvooe => containerd}/ttrpc/LICENSE (100%) rename vendor/github.com/{stevvooe => containerd}/ttrpc/README.md (90%) rename vendor/github.com/{stevvooe => containerd}/ttrpc/channel.go (85%) rename vendor/github.com/{stevvooe => containerd}/ttrpc/client.go (87%) create mode 100644 vendor/github.com/containerd/ttrpc/codec.go create mode 100644 vendor/github.com/containerd/ttrpc/config.go rename vendor/github.com/{stevvooe => containerd}/ttrpc/handshake.go (65%) rename vendor/github.com/{stevvooe => containerd}/ttrpc/server.go (88%) rename vendor/github.com/{stevvooe => containerd}/ttrpc/services.go (84%) rename vendor/github.com/{stevvooe => containerd}/ttrpc/types.go (56%) rename vendor/github.com/{stevvooe => containerd}/ttrpc/unixcreds_linux.go (82%) delete mode 100644 vendor/github.com/docker/docker/contrib/README.md delete mode 100644 vendor/github.com/docker/docker/contrib/nnp-test/nnp-test.c delete mode 100644 vendor/github.com/docker/docker/contrib/syscall-test/acct.c delete mode 100644 vendor/github.com/docker/docker/contrib/syscall-test/exit32.s delete mode 100644 vendor/github.com/docker/docker/contrib/syscall-test/ns.c delete mode 100644 vendor/github.com/docker/docker/contrib/syscall-test/raw.c delete mode 100644 vendor/github.com/docker/docker/contrib/syscall-test/setgid.c delete mode 100644 vendor/github.com/docker/docker/contrib/syscall-test/setuid.c delete mode 100644 vendor/github.com/docker/docker/contrib/syscall-test/socket.c delete mode 100644 vendor/github.com/docker/docker/contrib/syscall-test/userns.c delete mode 100644 vendor/github.com/stevvooe/ttrpc/codec.go delete mode 100644 vendor/github.com/stevvooe/ttrpc/config.go delete mode 100644 vendor/golang.org/x/crypto/otr/libotr_test_helper.c delete mode 100644 vendor/golang.org/x/crypto/otr/otr.go delete mode 100644 vendor/golang.org/x/crypto/otr/smp.go delete mode 100644 vendor/golang.org/x/crypto/ssh/test/doc.go delete mode 100644 vendor/golang.org/x/crypto/ssh/test/sshd_test_pw.c delete mode 100644 vendor/golang.org/x/sys/windows/svc/event.go delete mode 100644 vendor/golang.org/x/sys/windows/svc/go12.c delete mode 100644 vendor/golang.org/x/sys/windows/svc/go12.go delete mode 100644 vendor/golang.org/x/sys/windows/svc/go13.go delete mode 100644 vendor/golang.org/x/sys/windows/svc/security.go delete mode 100644 vendor/golang.org/x/sys/windows/svc/service.go delete mode 100644 vendor/golang.org/x/sys/windows/svc/sys_386.s delete mode 100644 vendor/golang.org/x/sys/windows/svc/sys_amd64.s delete mode 100644 vendor/k8s.io/kubernetes/build/README.md delete mode 100644 vendor/k8s.io/kubernetes/build/pause/orphan.c delete mode 100644 vendor/k8s.io/kubernetes/build/pause/pause.c diff --git a/vendor.conf b/vendor.conf index 521dc47f3a88..4fca291a6a03 100644 --- a/vendor.conf +++ b/vendor.conf @@ -3,13 +3,14 @@ github.com/blang/semver v3.1.0 github.com/boltdb/bolt e9cf4fae01b5a8ff89d0ec6b32f0d9c9f79aefdd github.com/BurntSushi/toml a368813c5e648fee92e5f6c30e3944ff9d5e8895 github.com/containerd/cgroups fe281dd265766145e943a034aa41086474ea6130 -github.com/containerd/console 9290d21dc56074581f619579c43d970b4514bc08 -github.com/containerd/containerd 84bebdd91d347c99069d1705b7d4e6d6f746160c +github.com/containerd/console 5d1b48d6114b8c9666f0c8b916f871af97b0a761 +github.com/containerd/containerd b382b6fe0bdbf7604c0a4f5c2089c0b159ad58b2 github.com/containerd/continuity d3c23511c1bf5851696cba83143d9cbcd666869b github.com/containerd/fifo 3d5202aec260678c48179c56f40e6f38a095738c -github.com/containerd/go-cni 5882530828ecf62032409b298a3e8b19e08b6534 +github.com/containerd/go-cni 5882530828ecf62032409b298a3e8b19e08b6534 github.com/containerd/go-runc f271fa2021de855d4d918dbef83c5fe19db1bdd5 -github.com/containerd/typeurl f6943554a7e7e88b3c14aad190bf05932da84788 +github.com/containerd/ttrpc 94dde388801693c54f88a6596f713b51a8b30b2d +github.com/containerd/typeurl a93fcdb778cd272c6e9b3028b2f42d813e785d40 github.com/containernetworking/cni v0.6.0 github.com/containernetworking/plugins v0.7.0 github.com/coreos/go-systemd 48702e0da86bd25e76cfef347e2adeb434a0d0a6 @@ -35,8 +36,8 @@ github.com/json-iterator/go f2b4162afba35581b6d4a50d3b8f34e33c144682 github.com/matttproud/golang_protobuf_extensions v1.0.0 github.com/Microsoft/go-winio v0.4.7 github.com/Microsoft/hcsshim v0.6.11 -github.com/modern-go/reflect2 05fbef0ca5da472bbf96c9322b84a53edc03c9fd github.com/modern-go/concurrent 1.0.3 +github.com/modern-go/reflect2 05fbef0ca5da472bbf96c9322b84a53edc03c9fd github.com/opencontainers/go-digest c9281466c8b2f606084ac71339773efd177436e7 github.com/opencontainers/image-spec v1.0.1 github.com/opencontainers/runc 69663f0bd4b60df09991c08812a60108003fa340 @@ -51,7 +52,6 @@ github.com/prometheus/common 89604d197083d4781071d3c65855d24ecfb0a563 github.com/prometheus/procfs cb4147076ac75738c9a7d279075a253c0cc5acbd github.com/seccomp/libseccomp-golang 32f571b70023028bd57d9288c20efbcb237f3ce0 github.com/sirupsen/logrus v1.0.0 -github.com/stevvooe/ttrpc d4528379866b0ce7e9d71f3eb96f0582fc374577 github.com/stretchr/testify v1.1.4 github.com/syndtr/gocapability db04d3cc01c8b54962a58ec7e491717d06cfcc16 github.com/tchap/go-patricia 5ad6cdb7538b0097d5598c7e57f0a24072adf7dc diff --git a/vendor/github.com/containerd/console/console_linux.go b/vendor/github.com/containerd/console/console_linux.go index efefcb1e6dae..42274e100e68 100644 --- a/vendor/github.com/containerd/console/console_linux.go +++ b/vendor/github.com/containerd/console/console_linux.go @@ -262,10 +262,14 @@ func (ec *EpollConsole) Shutdown(close func(int) error) error { // signalRead signals that the console is readable. func (ec *EpollConsole) signalRead() { + ec.readc.L.Lock() ec.readc.Signal() + ec.readc.L.Unlock() } // signalWrite signals that the console is writable. func (ec *EpollConsole) signalWrite() { + ec.writec.L.Lock() ec.writec.Signal() + ec.writec.L.Unlock() } diff --git a/vendor/github.com/containerd/containerd/cio/io.go b/vendor/github.com/containerd/containerd/cio/io.go index 2f9b5f10379f..10ad36ba87d8 100644 --- a/vendor/github.com/containerd/containerd/cio/io.go +++ b/vendor/github.com/containerd/containerd/cio/io.go @@ -255,3 +255,14 @@ func (l *logIO) Wait() { func (l *logIO) Close() error { return nil } + +// Load the io for a container but do not attach +// +// Allows io to be loaded on the task for deletion without +// starting copy routines +func Load(set *FIFOSet) (IO, error) { + return &cio{ + config: set.Config, + closers: []io.Closer{set}, + }, nil +} diff --git a/vendor/github.com/containerd/containerd/cmd/containerd/command/main.go b/vendor/github.com/containerd/containerd/cmd/containerd/command/main.go index 0c5d4adaebec..31a21f6c6d10 100644 --- a/vendor/github.com/containerd/containerd/cmd/containerd/command/main.go +++ b/vendor/github.com/containerd/containerd/cmd/containerd/command/main.go @@ -88,6 +88,7 @@ func App() *cli.App { app.Commands = []cli.Command{ configCommand, publishCommand, + ociHook, } app.Action = func(context *cli.Context) error { var ( diff --git a/vendor/github.com/containerd/containerd/cmd/containerd/command/oci-hook.go b/vendor/github.com/containerd/containerd/cmd/containerd/command/oci-hook.go new file mode 100644 index 000000000000..1ddc2c7c0acf --- /dev/null +++ b/vendor/github.com/containerd/containerd/cmd/containerd/command/oci-hook.go @@ -0,0 +1,136 @@ +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package command + +import ( + "bytes" + "encoding/json" + "io" + "os" + "path/filepath" + "syscall" + "text/template" + + specs "github.com/opencontainers/runtime-spec/specs-go" + "github.com/urfave/cli" +) + +var ociHook = cli.Command{ + Name: "oci-hook", + Usage: "provides a base for OCI runtime hooks to allow arguments to be injected.", + Action: func(context *cli.Context) error { + state, err := loadHookState(os.Stdin) + if err != nil { + return err + } + var ( + ctx = newTemplateContext(state) + args = []string(context.Args()) + env = os.Environ() + ) + if err := newList(&args).render(ctx); err != nil { + return err + } + if err := newList(&env).render(ctx); err != nil { + return err + } + return syscall.Exec(args[0], args, env) + }, +} + +func loadHookState(r io.Reader) (*specs.State, error) { + var s specs.State + if err := json.NewDecoder(r).Decode(&s); err != nil { + return nil, err + } + return &s, nil +} + +func newTemplateContext(state *specs.State) *templateContext { + t := &templateContext{ + state: state, + } + t.funcs = template.FuncMap{ + "id": t.id, + "bundle": t.bundle, + "rootfs": t.rootfs, + "pid": t.pid, + "annotation": t.annotation, + "status": t.status, + } + return t +} + +type templateContext struct { + state *specs.State + funcs template.FuncMap +} + +func (t *templateContext) id() string { + return t.state.ID +} + +func (t *templateContext) bundle() string { + return t.state.Bundle +} + +func (t *templateContext) rootfs() string { + return filepath.Join(t.state.Bundle, "rootfs") +} + +func (t *templateContext) pid() int { + return t.state.Pid +} + +func (t *templateContext) annotation(k string) string { + return t.state.Annotations[k] +} + +func (t *templateContext) status() string { + return t.state.Status +} + +func render(ctx *templateContext, source string, out io.Writer) error { + t, err := template.New("oci-hook").Funcs(ctx.funcs).Parse(source) + if err != nil { + return err + } + return t.Execute(out, ctx) +} + +func newList(l *[]string) *templateList { + return &templateList{ + l: l, + } +} + +type templateList struct { + l *[]string +} + +func (l *templateList) render(ctx *templateContext) error { + buf := bytes.NewBuffer(nil) + for i, s := range *l.l { + buf.Reset() + if err := render(ctx, s, buf); err != nil { + return err + } + (*l.l)[i] = buf.String() + } + buf.Reset() + return nil +} diff --git a/vendor/github.com/containerd/containerd/cmd/ctr/commands/commands.go b/vendor/github.com/containerd/containerd/cmd/ctr/commands/commands.go index 1a0c3b6b3282..1784e6a04c98 100644 --- a/vendor/github.com/containerd/containerd/cmd/ctr/commands/commands.go +++ b/vendor/github.com/containerd/containerd/cmd/ctr/commands/commands.go @@ -21,6 +21,7 @@ import ( "fmt" "os" "path/filepath" + "runtime" "strings" "github.com/containerd/containerd" @@ -63,6 +64,67 @@ var ( Usage: "refresh token for authorization server", }, } + + // ContainerFlags are cli flags specifying container options + ContainerFlags = []cli.Flag{ + cli.StringFlag{ + Name: "config,c", + Usage: "path to the runtime-specific spec config file", + }, + cli.StringFlag{ + Name: "checkpoint", + Usage: "provide the checkpoint digest to restore the container", + }, + cli.StringFlag{ + Name: "cwd", + Usage: "specify the working directory of the process", + }, + cli.StringSliceFlag{ + Name: "env", + Usage: "specify additional container environment variables (i.e. FOO=bar)", + }, + cli.StringSliceFlag{ + Name: "label", + Usage: "specify additional labels (i.e. foo=bar)", + }, + cli.StringSliceFlag{ + Name: "mount", + Usage: "specify additional container mount (ex: type=bind,src=/tmp,dst=/host,options=rbind:ro)", + }, + cli.BoolFlag{ + Name: "net-host", + Usage: "enable host networking for the container", + }, + cli.BoolFlag{ + Name: "privileged", + Usage: "run privileged container", + }, + cli.BoolFlag{ + Name: "read-only", + Usage: "set the containers filesystem as readonly", + }, + cli.StringFlag{ + Name: "runtime", + Usage: "runtime name (io.containerd.runtime.v1.linux, io.containerd.runtime.v1.windows, io.containerd.runtime.v1.com.vmware.linux)", + Value: fmt.Sprintf("io.containerd.runtime.v1.%s", runtime.GOOS), + }, + cli.BoolFlag{ + Name: "tty,t", + Usage: "allocate a TTY for the container", + }, + cli.StringSliceFlag{ + Name: "with-ns", + Usage: "specify existing Linux namespaces to join at container runtime (format ':')", + }, + cli.StringFlag{ + Name: "pid-file", + Usage: "file path to write the task's pid", + }, + cli.IntFlag{ + Name: "gpus", + Usage: "add gpus to the container", + }, + } ) // ObjectWithLabelArgs returns the first arg and a LabelArgs object diff --git a/vendor/github.com/containerd/containerd/cmd/ctr/commands/commands_unix.go b/vendor/github.com/containerd/containerd/cmd/ctr/commands/commands_unix.go new file mode 100644 index 000000000000..a67fa8f6a1e3 --- /dev/null +++ b/vendor/github.com/containerd/containerd/cmd/ctr/commands/commands_unix.go @@ -0,0 +1,33 @@ +// +build !windows + +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package commands + +import ( + "github.com/urfave/cli" +) + +func init() { + ContainerFlags = append(ContainerFlags, cli.BoolFlag{ + Name: "rootfs", + Usage: "use custom rootfs that is not managed by containerd snapshotter", + }, cli.BoolFlag{ + Name: "no-pivot", + Usage: "disable use of pivot-root (linux only)", + }) +} diff --git a/vendor/github.com/containerd/containerd/cmd/ctr/commands/containers/containers.go b/vendor/github.com/containerd/containerd/cmd/ctr/commands/containers/containers.go index 05d0d7e2fcc1..ec49ff99613e 100644 --- a/vendor/github.com/containerd/containerd/cmd/ctr/commands/containers/containers.go +++ b/vendor/github.com/containerd/containerd/cmd/ctr/commands/containers/containers.go @@ -25,6 +25,7 @@ import ( "text/tabwriter" "github.com/containerd/containerd" + "github.com/containerd/containerd/cio" "github.com/containerd/containerd/cmd/ctr/commands" "github.com/containerd/containerd/cmd/ctr/commands/run" "github.com/containerd/containerd/log" @@ -49,7 +50,7 @@ var createCommand = cli.Command{ Name: "create", Usage: "create container", ArgsUsage: "[flags] Image|RootFS CONTAINER", - Flags: append(commands.SnapshotterFlags, run.ContainerFlags...), + Flags: append(commands.SnapshotterFlags, commands.ContainerFlags...), Action: func(context *cli.Context) error { var ( id = context.Args().Get(1) @@ -162,7 +163,6 @@ var deleteCommand = cli.Command{ log.G(ctx).WithError(err).Errorf("failed to delete container %q", arg) } } - return exitErr }, } @@ -172,7 +172,7 @@ func deleteContainer(ctx context.Context, client *containerd.Client, id string, if err != nil { return err } - task, err := container.Task(ctx, nil) + task, err := container.Task(ctx, cio.Load) if err != nil { return container.Delete(ctx, opts...) } diff --git a/vendor/github.com/containerd/containerd/cmd/ctr/commands/plugins/plugins.go b/vendor/github.com/containerd/containerd/cmd/ctr/commands/plugins/plugins.go index 93f3ffe7b0a7..df29441c44f4 100644 --- a/vendor/github.com/containerd/containerd/cmd/ctr/commands/plugins/plugins.go +++ b/vendor/github.com/containerd/containerd/cmd/ctr/commands/plugins/plugins.go @@ -37,6 +37,15 @@ var Command = cli.Command{ Name: "plugins", Aliases: []string{"plugin"}, Usage: "provides information about containerd plugins", + Subcommands: []cli.Command{ + listCommand, + }, +} + +var listCommand = cli.Command{ + Name: "list", + Aliases: []string{"ls"}, + Usage: "lists containerd plugins", Flags: []cli.Flag{ cli.BoolFlag{ Name: "quiet,q", diff --git a/vendor/github.com/containerd/containerd/cmd/ctr/commands/run/run.go b/vendor/github.com/containerd/containerd/cmd/ctr/commands/run/run.go index 1daffd3a7e5f..b63bb489096e 100644 --- a/vendor/github.com/containerd/containerd/cmd/ctr/commands/run/run.go +++ b/vendor/github.com/containerd/containerd/cmd/ctr/commands/run/run.go @@ -22,7 +22,6 @@ import ( "encoding/json" "fmt" "io/ioutil" - "runtime" "strings" "github.com/containerd/console" @@ -38,63 +37,6 @@ import ( "github.com/urfave/cli" ) -// ContainerFlags are cli flags specifying container options -var ContainerFlags = []cli.Flag{ - cli.StringFlag{ - Name: "config,c", - Usage: "path to the runtime-specific spec config file", - }, - cli.StringFlag{ - Name: "checkpoint", - Usage: "provide the checkpoint digest to restore the container", - }, - cli.StringFlag{ - Name: "cwd", - Usage: "specify the working directory of the process", - }, - cli.StringSliceFlag{ - Name: "env", - Usage: "specify additional container environment variables (i.e. FOO=bar)", - }, - cli.StringSliceFlag{ - Name: "label", - Usage: "specify additional labels (i.e. foo=bar)", - }, - cli.StringSliceFlag{ - Name: "mount", - Usage: "specify additional container mount (ex: type=bind,src=/tmp,dst=/host,options=rbind:ro)", - }, - cli.BoolFlag{ - Name: "net-host", - Usage: "enable host networking for the container", - }, - cli.BoolFlag{ - Name: "privileged", - Usage: "run privileged container", - }, - cli.BoolFlag{ - Name: "read-only", - Usage: "set the containers filesystem as readonly", - }, - cli.StringFlag{ - Name: "runtime", - Usage: "runtime name (io.containerd.runtime.v1.linux, io.containerd.runtime.v1.windows, io.containerd.runtime.v1.com.vmware.linux)", - Value: fmt.Sprintf("io.containerd.runtime.v1.%s", runtime.GOOS), - }, - cli.BoolFlag{ - Name: "tty,t", - Usage: "allocate a TTY for the container", - }, - cli.StringSliceFlag{ - Name: "with-ns", - Usage: "specify existing Linux namespaces to join at container runtime (format ':')", - }, - cli.StringFlag{ - Name: "pid-file", - Usage: "file path to write the task's pid", - }, -} - func loadSpec(path string, s *specs.Spec) error { raw, err := ioutil.ReadFile(path) if err != nil { @@ -177,7 +119,7 @@ var Command = cli.Command{ Name: "fifo-dir", Usage: "directory used for storing IO FIFOs", }, - }, append(commands.SnapshotterFlags, ContainerFlags...)...), + }, append(commands.SnapshotterFlags, commands.ContainerFlags...)...), Action: func(context *cli.Context) error { var ( err error diff --git a/vendor/github.com/containerd/containerd/cmd/ctr/commands/run/run_unix.go b/vendor/github.com/containerd/containerd/cmd/ctr/commands/run/run_unix.go index 0a3a5db68ad5..e2f73072242d 100644 --- a/vendor/github.com/containerd/containerd/cmd/ctr/commands/run/run_unix.go +++ b/vendor/github.com/containerd/containerd/cmd/ctr/commands/run/run_unix.go @@ -24,22 +24,13 @@ import ( "github.com/containerd/containerd" "github.com/containerd/containerd/cmd/ctr/commands" + "github.com/containerd/containerd/contrib/nvidia" "github.com/containerd/containerd/oci" specs "github.com/opencontainers/runtime-spec/specs-go" "github.com/pkg/errors" "github.com/urfave/cli" ) -func init() { - ContainerFlags = append(ContainerFlags, cli.BoolFlag{ - Name: "rootfs", - Usage: "use custom rootfs that is not managed by containerd snapshotter", - }, cli.BoolFlag{ - Name: "no-pivot", - Usage: "disable use of pivot-root (linux only)", - }) -} - // NewContainer creates a new container func NewContainer(ctx gocontext.Context, client *containerd.Client, context *cli.Context) (containerd.Container, error) { var ( @@ -123,6 +114,9 @@ func NewContainer(ctx gocontext.Context, client *containerd.Client, context *cli Path: parts[1], })) } + if context.IsSet("gpus") { + opts = append(opts, nvidia.WithGPUs(nvidia.WithDevices(context.Int("gpus")), nvidia.WithAllCapabilities)) + } if context.IsSet("config") { var s specs.Spec if err := loadSpec(context.String("config"), &s); err != nil { diff --git a/vendor/github.com/containerd/containerd/cmd/ctr/commands/shim/shim.go b/vendor/github.com/containerd/containerd/cmd/ctr/commands/shim/shim.go index e9e261bc3991..793dc3c9e7ac 100644 --- a/vendor/github.com/containerd/containerd/cmd/ctr/commands/shim/shim.go +++ b/vendor/github.com/containerd/containerd/cmd/ctr/commands/shim/shim.go @@ -26,13 +26,13 @@ import ( "github.com/containerd/console" "github.com/containerd/containerd/cmd/ctr/commands" - shim "github.com/containerd/containerd/runtime/linux/shim/v1" + shim "github.com/containerd/containerd/runtime/shim/v1" + "github.com/containerd/ttrpc" "github.com/containerd/typeurl" ptypes "github.com/gogo/protobuf/types" "github.com/opencontainers/runtime-spec/specs-go" "github.com/pkg/errors" "github.com/sirupsen/logrus" - "github.com/stevvooe/ttrpc" "github.com/urfave/cli" ) diff --git a/vendor/github.com/containerd/containerd/cmd/ctr/commands/tasks/delete.go b/vendor/github.com/containerd/containerd/cmd/ctr/commands/tasks/delete.go index 5543d5541151..735369c15099 100644 --- a/vendor/github.com/containerd/containerd/cmd/ctr/commands/tasks/delete.go +++ b/vendor/github.com/containerd/containerd/cmd/ctr/commands/tasks/delete.go @@ -18,6 +18,7 @@ package tasks import ( "github.com/containerd/containerd" + "github.com/containerd/containerd/cio" "github.com/containerd/containerd/cmd/ctr/commands" "github.com/urfave/cli" ) @@ -42,8 +43,7 @@ var deleteCommand = cli.Command{ if err != nil { return err } - - task, err := container.Task(ctx, nil) + task, err := container.Task(ctx, cio.Load) if err != nil { return err } diff --git a/vendor/github.com/containerd/containerd/container.go b/vendor/github.com/containerd/containerd/container.go index 001b16c740b2..23f6d4db611c 100644 --- a/vendor/github.com/containerd/containerd/container.go +++ b/vendor/github.com/containerd/containerd/container.go @@ -307,6 +307,12 @@ func (c *container) get(ctx context.Context) (containers.Container, error) { // get the existing fifo paths from the task information stored by the daemon func attachExistingIO(response *tasks.GetResponse, ioAttach cio.Attach) (cio.IO, error) { + fifoSet := loadFifos(response) + return ioAttach(fifoSet) +} + +// loadFifos loads the containers fifos +func loadFifos(response *tasks.GetResponse) *cio.FIFOSet { path := getFifoDir([]string{ response.Process.Stdin, response.Process.Stdout, @@ -315,13 +321,12 @@ func attachExistingIO(response *tasks.GetResponse, ioAttach cio.Attach) (cio.IO, closer := func() error { return os.RemoveAll(path) } - fifoSet := cio.NewFIFOSet(cio.Config{ + return cio.NewFIFOSet(cio.Config{ Stdin: response.Process.Stdin, Stdout: response.Process.Stdout, Stderr: response.Process.Stderr, Terminal: response.Process.Terminal, }, closer) - return ioAttach(fifoSet) } // getFifoDir looks for any non-empty path for a stdio fifo diff --git a/vendor/github.com/containerd/containerd/contrib/nvidia/nvidia.go b/vendor/github.com/containerd/containerd/contrib/nvidia/nvidia.go new file mode 100644 index 000000000000..296d85b6461c --- /dev/null +++ b/vendor/github.com/containerd/containerd/contrib/nvidia/nvidia.go @@ -0,0 +1,185 @@ +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package nvidia + +import ( + "context" + "fmt" + "os" + "os/exec" + "strconv" + "strings" + + "github.com/containerd/containerd/containers" + "github.com/containerd/containerd/oci" + specs "github.com/opencontainers/runtime-spec/specs-go" +) + +const nvidiaCLI = "nvidia-container-cli" + +// Capability specifies capabilities for the gpu inside the container +// Detailed explaination of options can be found: +// https://github.com/nvidia/nvidia-container-runtime#supported-driver-capabilities +type Capability int + +const ( + // Compute capability + Compute Capability = iota + 1 + // Compat32 capability + Compat32 + // Graphics capability + Graphics + // Utility capability + Utility + // Video capability + Video + // Display capability + Display +) + +// WithGPUs adds NVIDIA gpu support to a container +func WithGPUs(opts ...Opts) oci.SpecOpts { + return func(_ context.Context, _ oci.Client, _ *containers.Container, s *specs.Spec) error { + c := &config{} + for _, o := range opts { + if err := o(c); err != nil { + return err + } + } + path, err := exec.LookPath("containerd") + if err != nil { + return err + } + nvidiaPath, err := exec.LookPath(nvidiaCLI) + if err != nil { + return err + } + if s.Hooks == nil { + s.Hooks = &specs.Hooks{} + } + s.Hooks.Prestart = append(s.Hooks.Prestart, specs.Hook{ + Path: path, + Args: append([]string{ + "containerd", + "oci-hook", + "--", + nvidiaPath, + }, c.args()...), + Env: os.Environ(), + }) + return nil + } +} + +type config struct { + Devices []int + DeviceUUID string + Capabilities []Capability + LoadKmods bool + LDCache string + LDConfig string + Requirements []string +} + +func (c *config) args() []string { + var args []string + + if c.LoadKmods { + args = append(args, "--load-kmods") + } + if c.LDCache != "" { + args = append(args, fmt.Sprintf("--ldcache=%s", c.LDCache)) + } + args = append(args, + "configure", + ) + if len(c.Devices) > 0 { + args = append(args, fmt.Sprintf("--device=%s", strings.Join(toStrings(c.Devices), ","))) + } + if c.DeviceUUID != "" { + args = append(args, fmt.Sprintf("--device=%s", c.DeviceUUID)) + } + for _, c := range c.Capabilities { + args = append(args, fmt.Sprintf("--%s", capFlags[c])) + } + if c.LDConfig != "" { + args = append(args, fmt.Sprintf("--ldconfig=%s", c.LDConfig)) + } + for _, r := range c.Requirements { + args = append(args, fmt.Sprintf("--require=%s", r)) + } + args = append(args, "--pid={{pid}}", "{{rootfs}}") + return args +} + +var capFlags = map[Capability]string{ + Compute: "compute", + Compat32: "compat32", + Graphics: "graphics", + Utility: "utility", + Video: "video", + Display: "display", +} + +func toStrings(ints []int) []string { + var s []string + for _, i := range ints { + s = append(s, strconv.Itoa(i)) + } + return s +} + +// Opts are options for configuring gpu support +type Opts func(*config) error + +// WithDevices adds the provided device indexes to the container +func WithDevices(ids ...int) Opts { + return func(c *config) error { + c.Devices = ids + return nil + } +} + +// WithDeviceUUID adds the specific device UUID to the container +func WithDeviceUUID(guid string) Opts { + return func(c *config) error { + c.DeviceUUID = guid + return nil + } +} + +// WithAllDevices adds all gpus to the container +func WithAllDevices(c *config) error { + c.DeviceUUID = "all" + return nil +} + +// WithAllCapabilities adds all capabilities to the container for the gpus +func WithAllCapabilities(c *config) error { + for k := range capFlags { + c.Capabilities = append(c.Capabilities, k) + } + return nil +} + +// WithRequiredCUDAVersion sets the required cuda version +func WithRequiredCUDAVersion(major, minor int) Opts { + return func(c *config) error { + c.Requirements = append(c.Requirements, fmt.Sprintf("cuda>=%d.%d", major, minor)) + return nil + } +} diff --git a/vendor/github.com/containerd/containerd/images/image.go b/vendor/github.com/containerd/containerd/images/image.go index 35eda26bd7a2..a96597c2690a 100644 --- a/vendor/github.com/containerd/containerd/images/image.go +++ b/vendor/github.com/containerd/containerd/images/image.go @@ -129,11 +129,14 @@ func (image *Image) Size(ctx context.Context, provider content.Provider, platfor // this direction because this abstraction is not needed.` func Manifest(ctx context.Context, provider content.Provider, image ocispec.Descriptor, platform string) (ocispec.Manifest, error) { var ( - matcher platforms.Matcher - m *ocispec.Manifest + matcher platforms.Matcher + m *ocispec.Manifest + p ocispec.Platform + wasIndex bool ) if platform != "" { - p, err := platforms.Parse(platform) + var err error + p, err = platforms.Parse(platform) if err != nil { return ocispec.Manifest{}, err } @@ -201,6 +204,8 @@ func Manifest(ctx context.Context, provider content.Provider, image ocispec.Desc } } + wasIndex = true + return descs, nil } @@ -210,7 +215,11 @@ func Manifest(ctx context.Context, provider content.Provider, image ocispec.Desc } if m == nil { - return ocispec.Manifest{}, errors.Wrapf(errdefs.ErrNotFound, "manifest %v", image.Digest) + err := errors.Wrapf(errdefs.ErrNotFound, "manifest %v", image.Digest) + if wasIndex { + err = errors.Wrapf(errdefs.ErrNotFound, "no match for current platform %s in manifest %v", platforms.Format(p), image.Digest) + } + return ocispec.Manifest{}, err } return *m, nil diff --git a/vendor/github.com/containerd/containerd/oci/spec_unix.go b/vendor/github.com/containerd/containerd/oci/spec_unix.go index f791c357fa77..f8d8524ddbcd 100644 --- a/vendor/github.com/containerd/containerd/oci/spec_unix.go +++ b/vendor/github.com/containerd/containerd/oci/spec_unix.go @@ -153,7 +153,9 @@ func createDefaultSpec(ctx context.Context, id string) (*Spec, error) { }, Linux: &specs.Linux{ MaskedPaths: []string{ + "/proc/acpi", "/proc/kcore", + "/proc/keys", "/proc/latency_stats", "/proc/timer_list", "/proc/timer_stats", diff --git a/vendor/github.com/containerd/containerd/platforms/database.go b/vendor/github.com/containerd/containerd/platforms/database.go index df9cc2392ae6..8e85448ed028 100644 --- a/vendor/github.com/containerd/containerd/platforms/database.go +++ b/vendor/github.com/containerd/containerd/platforms/database.go @@ -89,18 +89,21 @@ func normalizeArch(arch, variant string) (string, string) { case "x86_64", "x86-64": arch = "amd64" variant = "" - case "aarch64": + case "aarch64", "arm64": arch = "arm64" - variant = "" // v8 is implied + switch variant { + case "8", "v8": + variant = "" + } case "armhf": arch = "arm" - variant = "" + variant = "v7" case "armel": arch = "arm" variant = "v6" case "arm": switch variant { - case "v7", "7": + case "", "7": variant = "v7" case "5", "6", "8": variant = "v" + variant diff --git a/vendor/github.com/containerd/containerd/platforms/platforms.go b/vendor/github.com/containerd/containerd/platforms/platforms.go index 1f91ed288fe2..29b7ad6b5e0b 100644 --- a/vendor/github.com/containerd/containerd/platforms/platforms.go +++ b/vendor/github.com/containerd/containerd/platforms/platforms.go @@ -135,7 +135,7 @@ type Matcher interface { // Applications should opt to use `Match` over directly parsing specifiers. func NewMatcher(platform specs.Platform) Matcher { return &matcher{ - Platform: platform, + Platform: Normalize(platform), } } @@ -197,6 +197,9 @@ func Parse(specifier string) (specs.Platform, error) { } p.Architecture, p.Variant = normalizeArch(parts[0], "") + if p.Architecture == "arm" && p.Variant == "v7" { + p.Variant = "" + } if isKnownArch(p.Architecture) { p.OS = runtime.GOOS return p, nil @@ -208,12 +211,18 @@ func Parse(specifier string) (specs.Platform, error) { // about whether or not we know of the platform. p.OS = normalizeOS(parts[0]) p.Architecture, p.Variant = normalizeArch(parts[1], "") + if p.Architecture == "arm" && p.Variant == "v7" { + p.Variant = "" + } return p, nil case 3: // we have a fully specified variant, this is rare p.OS = normalizeOS(parts[0]) p.Architecture, p.Variant = normalizeArch(parts[1], parts[2]) + if p.Architecture == "arm64" && p.Variant == "" { + p.Variant = "v8" + } return p, nil } diff --git a/vendor/github.com/containerd/containerd/remotes/docker/pusher.go b/vendor/github.com/containerd/containerd/remotes/docker/pusher.go index e2caf7028637..c3c0923f08ac 100644 --- a/vendor/github.com/containerd/containerd/remotes/docker/pusher.go +++ b/vendor/github.com/containerd/containerd/remotes/docker/pusher.go @@ -155,9 +155,18 @@ func (p dockerPusher) Push(ctx context.Context, desc ocispec.Descriptor) (conten location := resp.Header.Get("Location") // Support paths without host in location if strings.HasPrefix(location, "/") { - u := p.base - u.Path = location - location = u.String() + // Support location string containing path and query + qmIndex := strings.Index(location, "?") + if qmIndex > 0 { + u := p.base + u.Path = location[:qmIndex] + u.RawQuery = location[qmIndex+1:] + location = u.String() + } else { + u := p.base + u.Path = location + location = u.String() + } } req, err = http.NewRequest(http.MethodPut, location, nil) diff --git a/vendor/github.com/containerd/containerd/remotes/docker/schema1/converter.go b/vendor/github.com/containerd/containerd/remotes/docker/schema1/converter.go index c6261c5dfc5c..cf1137fc3075 100644 --- a/vendor/github.com/containerd/containerd/remotes/docker/schema1/converter.go +++ b/vendor/github.com/containerd/containerd/remotes/docker/schema1/converter.go @@ -257,15 +257,15 @@ func (c *Converter) fetchBlob(ctx context.Context, desc ocispec.Descriptor) erro var ( ref = remotes.MakeRefKey(ctx, desc) calc = newBlobStateCalculator() - size = desc.Size ) // size may be unknown, set to zero for content ingest - if size == -1 { - size = 0 + ingestDesc := desc + if ingestDesc.Size == -1 { + ingestDesc.Size = 0 } - cw, err := content.OpenWriter(ctx, c.contentStore, content.WithRef(ref), content.WithDescriptor(desc)) + cw, err := content.OpenWriter(ctx, c.contentStore, content.WithRef(ref), content.WithDescriptor(ingestDesc)) if err != nil { if !errdefs.IsAlreadyExists(err) { return err @@ -317,7 +317,7 @@ func (c *Converter) fetchBlob(ctx context.Context, desc ocispec.Descriptor) erro eg.Go(func() error { defer pw.Close() - return content.Copy(ctx, cw, io.TeeReader(rc, pw), size, desc.Digest) + return content.Copy(ctx, cw, io.TeeReader(rc, pw), ingestDesc.Size, ingestDesc.Digest) }) if err := eg.Wait(); err != nil { diff --git a/vendor/github.com/containerd/containerd/runtime/linux/bundle.go b/vendor/github.com/containerd/containerd/runtime/linux/bundle.go index 8aef5a97a77f..990309280b6e 100644 --- a/vendor/github.com/containerd/containerd/runtime/linux/bundle.go +++ b/vendor/github.com/containerd/containerd/runtime/linux/bundle.go @@ -26,8 +26,8 @@ import ( "github.com/containerd/containerd/events/exchange" "github.com/containerd/containerd/runtime/linux/runctypes" - "github.com/containerd/containerd/runtime/linux/shim" - "github.com/containerd/containerd/runtime/linux/shim/client" + "github.com/containerd/containerd/runtime/shim" + "github.com/containerd/containerd/runtime/shim/client" "github.com/pkg/errors" ) diff --git a/vendor/github.com/containerd/containerd/runtime/linux/proc/deleted_state.go b/vendor/github.com/containerd/containerd/runtime/linux/proc/deleted_state.go index 87a3fd0c062d..ab89c3ecbaf6 100644 --- a/vendor/github.com/containerd/containerd/runtime/linux/proc/deleted_state.go +++ b/vendor/github.com/containerd/containerd/runtime/linux/proc/deleted_state.go @@ -22,6 +22,7 @@ import ( "context" "github.com/containerd/console" + "github.com/containerd/containerd/runtime/proc" google_protobuf "github.com/gogo/protobuf/types" "github.com/pkg/errors" ) @@ -65,6 +66,6 @@ func (s *deletedState) SetExited(status int) { // no op } -func (s *deletedState) Exec(ctx context.Context, path string, r *ExecConfig) (Process, error) { +func (s *deletedState) Exec(ctx context.Context, path string, r *ExecConfig) (proc.Process, error) { return nil, errors.Errorf("cannot exec in a deleted state") } diff --git a/vendor/github.com/containerd/containerd/runtime/linux/proc/exec.go b/vendor/github.com/containerd/containerd/runtime/linux/proc/exec.go index 5fa667ae6a29..337db1b74cbd 100644 --- a/vendor/github.com/containerd/containerd/runtime/linux/proc/exec.go +++ b/vendor/github.com/containerd/containerd/runtime/linux/proc/exec.go @@ -31,6 +31,7 @@ import ( "golang.org/x/sys/unix" "github.com/containerd/console" + "github.com/containerd/containerd/runtime/proc" "github.com/containerd/fifo" runc "github.com/containerd/go-runc" specs "github.com/opencontainers/runtime-spec/specs-go" @@ -40,7 +41,7 @@ import ( type execProcess struct { wg sync.WaitGroup - State + proc.State mu sync.Mutex id string @@ -51,7 +52,7 @@ type execProcess struct { pid int closers []io.Closer stdin io.Closer - stdio Stdio + stdio proc.Stdio path string spec specs.Process @@ -127,7 +128,7 @@ func (e *execProcess) Stdin() io.Closer { return e.stdin } -func (e *execProcess) Stdio() Stdio { +func (e *execProcess) Stdio() proc.Stdio { return e.stdio } diff --git a/vendor/github.com/containerd/containerd/runtime/linux/proc/init.go b/vendor/github.com/containerd/containerd/runtime/linux/proc/init.go index ed7f9066d456..c538b7937944 100644 --- a/vendor/github.com/containerd/containerd/runtime/linux/proc/init.go +++ b/vendor/github.com/containerd/containerd/runtime/linux/proc/init.go @@ -34,6 +34,7 @@ import ( "github.com/containerd/containerd/log" "github.com/containerd/containerd/mount" "github.com/containerd/containerd/runtime/linux/runctypes" + "github.com/containerd/containerd/runtime/proc" "github.com/containerd/fifo" runc "github.com/containerd/go-runc" "github.com/containerd/typeurl" @@ -63,7 +64,7 @@ type Init struct { id string bundle string console console.Console - platform Platform + platform proc.Platform io runc.IO runtime *runc.Runc status int @@ -71,7 +72,7 @@ type Init struct { pid int closers []io.Closer stdin io.Closer - stdio Stdio + stdio proc.Stdio rootfs string IoUID int IoGID int @@ -94,7 +95,7 @@ func NewRunc(root, path, namespace, runtime, criu string, systemd bool) *runc.Ru } // New returns a new init process -func New(context context.Context, path, workDir, runtimeRoot, namespace, criu string, systemdCgroup bool, platform Platform, r *CreateConfig) (*Init, error) { +func New(context context.Context, path, workDir, runtimeRoot, namespace, criu string, systemdCgroup bool, platform proc.Platform, r *CreateConfig) (*Init, error) { var success bool var options runctypes.CreateOptions @@ -134,7 +135,7 @@ func New(context context.Context, path, workDir, runtimeRoot, namespace, criu st bundle: r.Bundle, runtime: runtime, platform: platform, - stdio: Stdio{ + stdio: proc.Stdio{ Stdin: r.Stdin, Stdout: r.Stdout, Stderr: r.Stderr, @@ -363,7 +364,7 @@ func (p *Init) Runtime() *runc.Runc { } // exec returns a new exec'd process -func (p *Init) exec(context context.Context, path string, r *ExecConfig) (Process, error) { +func (p *Init) exec(context context.Context, path string, r *ExecConfig) (proc.Process, error) { // process exec request var spec specs.Process if err := json.Unmarshal(r.Spec.Value, &spec); err != nil { @@ -376,7 +377,7 @@ func (p *Init) exec(context context.Context, path string, r *ExecConfig) (Proces path: path, parent: p, spec: spec, - stdio: Stdio{ + stdio: proc.Stdio{ Stdin: r.Stdin, Stdout: r.Stdout, Stderr: r.Stderr, @@ -430,7 +431,7 @@ func (p *Init) update(context context.Context, r *google_protobuf.Any) error { } // Stdio of the process -func (p *Init) Stdio() Stdio { +func (p *Init) Stdio() proc.Stdio { return p.stdio } diff --git a/vendor/github.com/containerd/containerd/runtime/linux/proc/init_state.go b/vendor/github.com/containerd/containerd/runtime/linux/proc/init_state.go index 0cbdc7ac157e..55c0f05591ae 100644 --- a/vendor/github.com/containerd/containerd/runtime/linux/proc/init_state.go +++ b/vendor/github.com/containerd/containerd/runtime/linux/proc/init_state.go @@ -25,6 +25,7 @@ import ( "github.com/containerd/console" "github.com/containerd/containerd/errdefs" + "github.com/containerd/containerd/runtime/proc" "github.com/containerd/fifo" runc "github.com/containerd/go-runc" google_protobuf "github.com/gogo/protobuf/types" @@ -32,13 +33,13 @@ import ( ) type initState interface { - State + proc.State Pause(context.Context) error Resume(context.Context) error Update(context.Context, *google_protobuf.Any) error Checkpoint(context.Context, *CheckpointConfig) error - Exec(context.Context, string, *ExecConfig) (Process, error) + Exec(context.Context, string, *ExecConfig) (proc.Process, error) } type createdState struct { @@ -130,7 +131,7 @@ func (s *createdState) SetExited(status int) { } } -func (s *createdState) Exec(ctx context.Context, path string, r *ExecConfig) (Process, error) { +func (s *createdState) Exec(ctx context.Context, path string, r *ExecConfig) (proc.Process, error) { s.p.mu.Lock() defer s.p.mu.Unlock() return s.p.exec(ctx, path, r) @@ -272,7 +273,7 @@ func (s *createdCheckpointState) SetExited(status int) { } } -func (s *createdCheckpointState) Exec(ctx context.Context, path string, r *ExecConfig) (Process, error) { +func (s *createdCheckpointState) Exec(ctx context.Context, path string, r *ExecConfig) (proc.Process, error) { s.p.mu.Lock() defer s.p.mu.Unlock() @@ -364,7 +365,7 @@ func (s *runningState) SetExited(status int) { } } -func (s *runningState) Exec(ctx context.Context, path string, r *ExecConfig) (Process, error) { +func (s *runningState) Exec(ctx context.Context, path string, r *ExecConfig) (proc.Process, error) { s.p.mu.Lock() defer s.p.mu.Unlock() return s.p.exec(ctx, path, r) @@ -456,7 +457,7 @@ func (s *pausedState) SetExited(status int) { } } -func (s *pausedState) Exec(ctx context.Context, path string, r *ExecConfig) (Process, error) { +func (s *pausedState) Exec(ctx context.Context, path string, r *ExecConfig) (proc.Process, error) { s.p.mu.Lock() defer s.p.mu.Unlock() @@ -536,7 +537,7 @@ func (s *stoppedState) SetExited(status int) { // no op } -func (s *stoppedState) Exec(ctx context.Context, path string, r *ExecConfig) (Process, error) { +func (s *stoppedState) Exec(ctx context.Context, path string, r *ExecConfig) (proc.Process, error) { s.p.mu.Lock() defer s.p.mu.Unlock() diff --git a/vendor/github.com/containerd/containerd/runtime/linux/proc/process.go b/vendor/github.com/containerd/containerd/runtime/linux/proc/process.go index 135f9962b14d..53252ec604f5 100644 --- a/vendor/github.com/containerd/containerd/runtime/linux/proc/process.go +++ b/vendor/github.com/containerd/containerd/runtime/linux/proc/process.go @@ -19,66 +19,12 @@ package proc import ( - "context" - "io" - "sync" - "time" - - "github.com/containerd/console" "github.com/pkg/errors" ) // RuncRoot is the path to the root runc state directory const RuncRoot = "/run/containerd/runc" -// Stdio of a process -type Stdio struct { - Stdin string - Stdout string - Stderr string - Terminal bool -} - -// IsNull returns true if the stdio is not defined -func (s Stdio) IsNull() bool { - return s.Stdin == "" && s.Stdout == "" && s.Stderr == "" -} - -// Process on a linux system -type Process interface { - State - // ID returns the id for the process - ID() string - // Pid returns the pid for the process - Pid() int - // ExitStatus returns the exit status - ExitStatus() int - // ExitedAt is the time the process exited - ExitedAt() time.Time - // Stdin returns the process STDIN - Stdin() io.Closer - // Stdio returns io information for the container - Stdio() Stdio - // Status returns the process status - Status(context.Context) (string, error) - // Wait blocks until the process has exited - Wait() -} - -// State of a process -type State interface { - // Resize resizes the process console - Resize(ws console.WinSize) error - // Start execution of the process - Start(context.Context) error - // Delete deletes the process and its resourcess - Delete(context.Context) error - // Kill kills the process - Kill(context.Context, uint32, bool) error - // SetExited sets the exit status for the process - SetExited(status int) -} - func stateName(v interface{}) string { switch v.(type) { case *runningState, *execRunningState: @@ -94,12 +40,3 @@ func stateName(v interface{}) string { } panic(errors.Errorf("invalid state %v", v)) } - -// Platform handles platform-specific behavior that may differs across -// platform implementations -type Platform interface { - CopyConsole(ctx context.Context, console console.Console, stdin, stdout, stderr string, - wg, cwg *sync.WaitGroup) (console.Console, error) - ShutdownConsole(ctx context.Context, console console.Console) error - Close() error -} diff --git a/vendor/github.com/containerd/containerd/runtime/linux/process.go b/vendor/github.com/containerd/containerd/runtime/linux/process.go index bb81dbccf785..02cccd206bb9 100644 --- a/vendor/github.com/containerd/containerd/runtime/linux/process.go +++ b/vendor/github.com/containerd/containerd/runtime/linux/process.go @@ -25,9 +25,9 @@ import ( "github.com/containerd/containerd/api/types/task" "github.com/containerd/containerd/errdefs" "github.com/containerd/containerd/runtime" - shim "github.com/containerd/containerd/runtime/linux/shim/v1" + shim "github.com/containerd/containerd/runtime/shim/v1" + "github.com/containerd/ttrpc" "github.com/pkg/errors" - "github.com/stevvooe/ttrpc" ) // Process implements a linux process diff --git a/vendor/github.com/containerd/containerd/runtime/linux/runtime.go b/vendor/github.com/containerd/containerd/runtime/linux/runtime.go index 5bbd173c6bf3..5dcbca56e72e 100644 --- a/vendor/github.com/containerd/containerd/runtime/linux/runtime.go +++ b/vendor/github.com/containerd/containerd/runtime/linux/runtime.go @@ -42,7 +42,7 @@ import ( "github.com/containerd/containerd/runtime" "github.com/containerd/containerd/runtime/linux/proc" "github.com/containerd/containerd/runtime/linux/runctypes" - shim "github.com/containerd/containerd/runtime/linux/shim/v1" + shim "github.com/containerd/containerd/runtime/shim/v1" runc "github.com/containerd/go-runc" "github.com/containerd/typeurl" ptypes "github.com/gogo/protobuf/types" diff --git a/vendor/github.com/containerd/containerd/runtime/linux/task.go b/vendor/github.com/containerd/containerd/runtime/linux/task.go index bb5d8c0de8a4..43c93eaba87e 100644 --- a/vendor/github.com/containerd/containerd/runtime/linux/task.go +++ b/vendor/github.com/containerd/containerd/runtime/linux/task.go @@ -29,12 +29,12 @@ import ( "github.com/containerd/containerd/events/exchange" "github.com/containerd/containerd/identifiers" "github.com/containerd/containerd/runtime" - "github.com/containerd/containerd/runtime/linux/shim/client" - shim "github.com/containerd/containerd/runtime/linux/shim/v1" + "github.com/containerd/containerd/runtime/shim/client" + shim "github.com/containerd/containerd/runtime/shim/v1" runc "github.com/containerd/go-runc" + "github.com/containerd/ttrpc" "github.com/gogo/protobuf/types" "github.com/pkg/errors" - "github.com/stevvooe/ttrpc" ) // Task on a linux based system diff --git a/vendor/github.com/containerd/containerd/runtime/proc/proc.go b/vendor/github.com/containerd/containerd/runtime/proc/proc.go new file mode 100644 index 000000000000..02bc9bda816f --- /dev/null +++ b/vendor/github.com/containerd/containerd/runtime/proc/proc.go @@ -0,0 +1,83 @@ +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package proc + +import ( + "context" + "io" + "sync" + "time" + + "github.com/containerd/console" +) + +// Stdio of a process +type Stdio struct { + Stdin string + Stdout string + Stderr string + Terminal bool +} + +// IsNull returns true if the stdio is not defined +func (s Stdio) IsNull() bool { + return s.Stdin == "" && s.Stdout == "" && s.Stderr == "" +} + +// Process on a system +type Process interface { + State + // ID returns the id for the process + ID() string + // Pid returns the pid for the process + Pid() int + // ExitStatus returns the exit status + ExitStatus() int + // ExitedAt is the time the process exited + ExitedAt() time.Time + // Stdin returns the process STDIN + Stdin() io.Closer + // Stdio returns io information for the container + Stdio() Stdio + // Status returns the process status + Status(context.Context) (string, error) + // Wait blocks until the process has exited + Wait() +} + +// State of a process +type State interface { + // Resize resizes the process console + Resize(ws console.WinSize) error + // Start execution of the process + Start(context.Context) error + // Delete deletes the process and its resourcess + Delete(context.Context) error + // Kill kills the process + Kill(context.Context, uint32, bool) error + // SetExited sets the exit status for the process + SetExited(status int) +} + +// Platform handles platform-specific behavior that may differs across +// platform implementations +type Platform interface { + CopyConsole(ctx context.Context, console console.Console, stdin, stdout, stderr string, + wg, cwg *sync.WaitGroup) (console.Console, error) + ShutdownConsole(ctx context.Context, console console.Console) error + Close() error +} diff --git a/vendor/github.com/containerd/containerd/runtime/linux/shim/client/client.go b/vendor/github.com/containerd/containerd/runtime/shim/client/client.go similarity index 97% rename from vendor/github.com/containerd/containerd/runtime/linux/shim/client/client.go rename to vendor/github.com/containerd/containerd/runtime/shim/client/client.go index c69cca362cac..009ccc93982c 100644 --- a/vendor/github.com/containerd/containerd/runtime/linux/shim/client/client.go +++ b/vendor/github.com/containerd/containerd/runtime/shim/client/client.go @@ -31,14 +31,14 @@ import ( "golang.org/x/sys/unix" + "github.com/containerd/ttrpc" "github.com/pkg/errors" "github.com/sirupsen/logrus" - "github.com/stevvooe/ttrpc" "github.com/containerd/containerd/events" "github.com/containerd/containerd/log" - "github.com/containerd/containerd/runtime/linux/shim" - shimapi "github.com/containerd/containerd/runtime/linux/shim/v1" + "github.com/containerd/containerd/runtime/shim" + shimapi "github.com/containerd/containerd/runtime/shim/v1" "github.com/containerd/containerd/sys" ptypes "github.com/gogo/protobuf/types" ) @@ -136,6 +136,7 @@ func newCommand(binary, daemonAddress string, debug bool, config shim.Config, so // will be mounted by the shim cmd.SysProcAttr = getSysProcAttr() cmd.ExtraFiles = append(cmd.ExtraFiles, socket) + cmd.Env = append(os.Environ(), "GOMAXPROCS=2") if debug { cmd.Stdout = os.Stdout cmd.Stderr = os.Stderr diff --git a/vendor/github.com/containerd/containerd/runtime/linux/shim/client/client_linux.go b/vendor/github.com/containerd/containerd/runtime/shim/client/client_linux.go similarity index 100% rename from vendor/github.com/containerd/containerd/runtime/linux/shim/client/client_linux.go rename to vendor/github.com/containerd/containerd/runtime/shim/client/client_linux.go diff --git a/vendor/github.com/containerd/containerd/runtime/linux/shim/client/client_unix.go b/vendor/github.com/containerd/containerd/runtime/shim/client/client_unix.go similarity index 100% rename from vendor/github.com/containerd/containerd/runtime/linux/shim/client/client_unix.go rename to vendor/github.com/containerd/containerd/runtime/shim/client/client_unix.go diff --git a/vendor/github.com/containerd/containerd/runtime/linux/shim/local.go b/vendor/github.com/containerd/containerd/runtime/shim/local.go similarity index 98% rename from vendor/github.com/containerd/containerd/runtime/linux/shim/local.go rename to vendor/github.com/containerd/containerd/runtime/shim/local.go index 7f2a6d0ef2d2..8206b869c329 100644 --- a/vendor/github.com/containerd/containerd/runtime/linux/shim/local.go +++ b/vendor/github.com/containerd/containerd/runtime/shim/local.go @@ -23,7 +23,7 @@ import ( "path/filepath" "github.com/containerd/containerd/mount" - shimapi "github.com/containerd/containerd/runtime/linux/shim/v1" + shimapi "github.com/containerd/containerd/runtime/shim/v1" ptypes "github.com/gogo/protobuf/types" ) diff --git a/vendor/github.com/containerd/containerd/runtime/linux/shim/reaper.go b/vendor/github.com/containerd/containerd/runtime/shim/reaper.go similarity index 100% rename from vendor/github.com/containerd/containerd/runtime/linux/shim/reaper.go rename to vendor/github.com/containerd/containerd/runtime/shim/reaper.go diff --git a/vendor/github.com/containerd/containerd/runtime/linux/shim/service.go b/vendor/github.com/containerd/containerd/runtime/shim/service.go similarity index 98% rename from vendor/github.com/containerd/containerd/runtime/linux/shim/service.go rename to vendor/github.com/containerd/containerd/runtime/shim/service.go index 7e2e5365c15b..379e5cf5bc12 100644 --- a/vendor/github.com/containerd/containerd/runtime/linux/shim/service.go +++ b/vendor/github.com/containerd/containerd/runtime/shim/service.go @@ -34,7 +34,8 @@ import ( "github.com/containerd/containerd/runtime" "github.com/containerd/containerd/runtime/linux/proc" "github.com/containerd/containerd/runtime/linux/runctypes" - shimapi "github.com/containerd/containerd/runtime/linux/shim/v1" + rproc "github.com/containerd/containerd/runtime/proc" + shimapi "github.com/containerd/containerd/runtime/shim/v1" runc "github.com/containerd/go-runc" "github.com/containerd/typeurl" ptypes "github.com/gogo/protobuf/types" @@ -78,7 +79,7 @@ func NewService(config Config, publisher events.Publisher) (*Service, error) { s := &Service{ config: config, context: ctx, - processes: make(map[string]proc.Process), + processes: make(map[string]rproc.Process), events: make(chan interface{}, 128), ec: Default.Subscribe(), } @@ -96,9 +97,9 @@ type Service struct { config Config context context.Context - processes map[string]proc.Process + processes map[string]rproc.Process events chan interface{} - platform proc.Platform + platform rproc.Platform ec chan runc.Exit // Filled by Create() diff --git a/vendor/github.com/containerd/containerd/runtime/linux/shim/service_linux.go b/vendor/github.com/containerd/containerd/runtime/shim/service_linux.go similarity index 100% rename from vendor/github.com/containerd/containerd/runtime/linux/shim/service_linux.go rename to vendor/github.com/containerd/containerd/runtime/shim/service_linux.go diff --git a/vendor/github.com/containerd/containerd/runtime/linux/shim/service_unix.go b/vendor/github.com/containerd/containerd/runtime/shim/service_unix.go similarity index 100% rename from vendor/github.com/containerd/containerd/runtime/linux/shim/service_unix.go rename to vendor/github.com/containerd/containerd/runtime/shim/service_unix.go diff --git a/vendor/github.com/containerd/containerd/runtime/linux/shim/v1/doc.go b/vendor/github.com/containerd/containerd/runtime/shim/v1/doc.go similarity index 100% rename from vendor/github.com/containerd/containerd/runtime/linux/shim/v1/doc.go rename to vendor/github.com/containerd/containerd/runtime/shim/v1/doc.go diff --git a/vendor/github.com/containerd/containerd/runtime/linux/shim/v1/shim.pb.go b/vendor/github.com/containerd/containerd/runtime/shim/v1/shim.pb.go similarity index 93% rename from vendor/github.com/containerd/containerd/runtime/linux/shim/v1/shim.pb.go rename to vendor/github.com/containerd/containerd/runtime/shim/v1/shim.pb.go index fb492e257834..e4dae343d53f 100644 --- a/vendor/github.com/containerd/containerd/runtime/linux/shim/v1/shim.pb.go +++ b/vendor/github.com/containerd/containerd/runtime/shim/v1/shim.pb.go @@ -1,11 +1,11 @@ // Code generated by protoc-gen-gogo. DO NOT EDIT. -// source: github.com/containerd/containerd/runtime/linux/shim/v1/shim.proto +// source: github.com/containerd/containerd/runtime/shim/v1/shim.proto /* Package shim is a generated protocol buffer package. It is generated from these files: - github.com/containerd/containerd/runtime/linux/shim/v1/shim.proto + github.com/containerd/containerd/runtime/shim/v1/shim.proto It has these top-level messages: CreateTaskRequest @@ -50,7 +50,7 @@ import strings "strings" import reflect "reflect" import context "context" -import ttrpc "github.com/stevvooe/ttrpc" +import ttrpc "github.com/containerd/ttrpc" import io "io" @@ -4352,80 +4352,80 @@ var ( ) func init() { - proto.RegisterFile("github.com/containerd/containerd/runtime/linux/shim/v1/shim.proto", fileDescriptorShim) + proto.RegisterFile("github.com/containerd/containerd/runtime/shim/v1/shim.proto", fileDescriptorShim) } var fileDescriptorShim = []byte{ // 1135 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x9c, 0x57, 0x4f, 0x4f, 0xdc, 0x46, - 0x14, 0xc7, 0x66, 0xff, 0xbe, 0xcd, 0x52, 0x98, 0x12, 0xea, 0x6c, 0xa4, 0x65, 0x65, 0xa9, 0x11, - 0x55, 0x15, 0xbb, 0x2c, 0x55, 0xd2, 0x36, 0x52, 0x24, 0x20, 0x51, 0x85, 0xda, 0x28, 0xc8, 0x40, - 0x13, 0xb5, 0xaa, 0x90, 0x59, 0x0f, 0xbb, 0x23, 0x76, 0x6d, 0xc7, 0x33, 0xa6, 0xd0, 0x53, 0x4f, - 0x3d, 0xf7, 0xe3, 0xf4, 0x23, 0x70, 0xc8, 0xa1, 0xc7, 0x9e, 0xd2, 0x86, 0x7b, 0xbf, 0x43, 0x35, - 0x7f, 0x16, 0x7b, 0x77, 0x71, 0x6c, 0xb8, 0xb0, 0x7e, 0x33, 0xbf, 0x37, 0xf3, 0xe6, 0xfd, 0x7e, - 0xf3, 0xde, 0x00, 0x9b, 0x7d, 0xc2, 0x06, 0xf1, 0x91, 0xd5, 0x0b, 0x46, 0x76, 0x2f, 0xf0, 0x99, - 0x4b, 0x7c, 0x1c, 0x79, 0xe9, 0xcf, 0x28, 0xf6, 0x19, 0x19, 0x61, 0x7b, 0x48, 0xfc, 0xf8, 0xcc, - 0xa6, 0x03, 0x32, 0xb2, 0x4f, 0xd7, 0xc5, 0xaf, 0x15, 0x46, 0x01, 0x0b, 0x50, 0x27, 0x01, 0x5b, - 0x0a, 0x6c, 0x09, 0xb0, 0x25, 0x40, 0xa7, 0xeb, 0xad, 0x7b, 0xfd, 0x20, 0xe8, 0x0f, 0xb1, 0x2d, - 0xf0, 0x47, 0xf1, 0xb1, 0xed, 0xfa, 0xe7, 0xd2, 0xb9, 0x75, 0x7f, 0x7a, 0x0a, 0x8f, 0x42, 0x36, - 0x9e, 0x5c, 0xee, 0x07, 0xfd, 0x40, 0x7c, 0xda, 0xfc, 0x4b, 0x8d, 0xae, 0x4e, 0xbb, 0xf0, 0x1d, - 0x29, 0x73, 0x47, 0xa1, 0x02, 0x3c, 0xca, 0x3d, 0x93, 0x1b, 0x12, 0x9b, 0x9d, 0x87, 0x98, 0xda, - 0xa3, 0x20, 0xf6, 0x99, 0xf2, 0xfb, 0xe6, 0x06, 0x7e, 0xcc, 0xa5, 0x27, 0xe2, 0x8f, 0xf4, 0x35, - 0xff, 0xd3, 0x61, 0x69, 0x3b, 0xc2, 0x2e, 0xc3, 0xfb, 0x2e, 0x3d, 0x71, 0xf0, 0x9b, 0x18, 0x53, - 0x86, 0x56, 0x40, 0x27, 0x9e, 0xa1, 0x75, 0xb4, 0xb5, 0xfa, 0x56, 0xe5, 0xf2, 0xdd, 0xaa, 0xbe, - 0xf3, 0xcc, 0xd1, 0x89, 0x87, 0x56, 0xa0, 0x72, 0x14, 0xfb, 0xde, 0x10, 0x1b, 0x3a, 0x9f, 0x73, - 0x94, 0x85, 0x0c, 0xa8, 0xaa, 0x0c, 0x1a, 0xf3, 0x62, 0x62, 0x6c, 0x22, 0x1b, 0x2a, 0x51, 0x10, - 0xb0, 0x63, 0x6a, 0x94, 0x3a, 0xf3, 0x6b, 0x8d, 0xee, 0x27, 0x56, 0x2a, 0xeb, 0x22, 0x24, 0xeb, - 0x05, 0x3f, 0x8a, 0xa3, 0x60, 0xa8, 0x05, 0x35, 0x86, 0xa3, 0x11, 0xf1, 0xdd, 0xa1, 0x51, 0xee, - 0x68, 0x6b, 0x35, 0xe7, 0xca, 0x46, 0xcb, 0x50, 0xa6, 0xcc, 0x23, 0xbe, 0x51, 0x11, 0x9b, 0x48, - 0x83, 0x07, 0x45, 0x99, 0x17, 0xc4, 0xcc, 0xa8, 0xca, 0xa0, 0xa4, 0xa5, 0xc6, 0x71, 0x14, 0x19, - 0xb5, 0xab, 0x71, 0x1c, 0x45, 0xa8, 0x0d, 0xd0, 0x1b, 0xe0, 0xde, 0x49, 0x18, 0x10, 0x9f, 0x19, - 0x75, 0x31, 0x97, 0x1a, 0x41, 0x9f, 0xc3, 0x52, 0xe8, 0x46, 0xd8, 0x67, 0x87, 0x29, 0x18, 0x08, - 0xd8, 0xa2, 0x9c, 0xd8, 0x4e, 0xc0, 0x16, 0x54, 0x83, 0x90, 0x91, 0xc0, 0xa7, 0x46, 0xa3, 0xa3, - 0xad, 0x35, 0xba, 0xcb, 0x96, 0xa4, 0xd9, 0x1a, 0xd3, 0x6c, 0x6d, 0xfa, 0xe7, 0xce, 0x18, 0x64, - 0x3e, 0x00, 0x94, 0x4e, 0x37, 0x0d, 0x03, 0x9f, 0x62, 0xb4, 0x08, 0xf3, 0xa1, 0x4a, 0x78, 0xd3, - 0xe1, 0x9f, 0xe6, 0xef, 0x1a, 0x2c, 0x3c, 0xc3, 0x43, 0xcc, 0x70, 0x36, 0x08, 0xad, 0x42, 0x03, - 0x9f, 0x11, 0x76, 0x48, 0x99, 0xcb, 0x62, 0x2a, 0x38, 0x69, 0x3a, 0xc0, 0x87, 0xf6, 0xc4, 0x08, - 0xda, 0x84, 0x3a, 0xb7, 0xb0, 0x77, 0xe8, 0x32, 0xc1, 0x4c, 0xa3, 0xdb, 0x9a, 0x89, 0x6f, 0x7f, - 0x2c, 0xc3, 0xad, 0xda, 0xc5, 0xbb, 0xd5, 0xb9, 0x3f, 0xfe, 0x59, 0xd5, 0x9c, 0x9a, 0x74, 0xdb, - 0x64, 0xa6, 0x05, 0xcb, 0x32, 0x8e, 0xdd, 0x28, 0xe8, 0x61, 0x4a, 0x73, 0x24, 0x62, 0xfe, 0xa9, - 0x01, 0x7a, 0x7e, 0x86, 0x7b, 0xc5, 0xe0, 0x13, 0x74, 0xeb, 0x59, 0x74, 0xcf, 0x5f, 0x4f, 0x77, - 0x29, 0x83, 0xee, 0xf2, 0x04, 0xdd, 0x6b, 0x50, 0xa2, 0x21, 0xee, 0x09, 0xcd, 0x64, 0xd1, 0x23, - 0x10, 0xe6, 0x5d, 0xf8, 0x78, 0x22, 0x72, 0x99, 0x77, 0xf3, 0x35, 0x2c, 0x3a, 0x98, 0x92, 0x5f, - 0xf1, 0x2e, 0x3b, 0xcf, 0x3b, 0xce, 0x32, 0x94, 0x7f, 0x21, 0x1e, 0x1b, 0x28, 0x2e, 0xa4, 0xc1, - 0x43, 0x1b, 0x60, 0xd2, 0x1f, 0x48, 0x0e, 0x9a, 0x8e, 0xb2, 0xcc, 0x07, 0x70, 0x87, 0x13, 0x85, - 0xf3, 0x72, 0xfa, 0x56, 0x87, 0xa6, 0x02, 0x2a, 0x2d, 0xdc, 0xf4, 0x82, 0x2a, 0xed, 0xcc, 0x27, - 0xda, 0xd9, 0xe0, 0xe9, 0x12, 0xb2, 0xe1, 0x69, 0x5c, 0xe8, 0xde, 0x4f, 0x5f, 0xcc, 0xd3, 0x75, - 0x75, 0x37, 0xa5, 0x8e, 0x1c, 0x05, 0x4d, 0x18, 0x29, 0x5f, 0xcf, 0x48, 0x25, 0x83, 0x91, 0xea, - 0x04, 0x23, 0x69, 0xce, 0x6b, 0x53, 0x9c, 0x4f, 0x49, 0xba, 0xfe, 0x61, 0x49, 0xc3, 0xad, 0x24, - 0xfd, 0x12, 0x1a, 0xdf, 0x91, 0xe1, 0xb0, 0x40, 0xb1, 0xa3, 0xa4, 0x3f, 0x16, 0x66, 0xd3, 0x51, - 0x16, 0xcf, 0xa5, 0x3b, 0x1c, 0x8a, 0x5c, 0xd6, 0x1c, 0xfe, 0x69, 0x3e, 0x85, 0x85, 0xed, 0x61, - 0x40, 0xf1, 0xce, 0xcb, 0x02, 0xfa, 0x90, 0x09, 0x94, 0x5a, 0x97, 0x86, 0xf9, 0x19, 0x7c, 0xf4, - 0x3d, 0xa1, 0x6c, 0x97, 0x78, 0xb9, 0xd7, 0xcb, 0x81, 0xc5, 0x04, 0xaa, 0xc4, 0xf0, 0x14, 0xea, - 0xa1, 0xd4, 0x2c, 0xa6, 0x86, 0x26, 0xca, 0x6c, 0xe7, 0x5a, 0x36, 0x95, 0xb2, 0x77, 0xfc, 0xe3, - 0xc0, 0x49, 0x5c, 0xcc, 0x9f, 0xe0, 0x6e, 0x52, 0xd1, 0xd2, 0x6d, 0x00, 0x41, 0x29, 0x74, 0xd9, - 0x40, 0x86, 0xe1, 0x88, 0xef, 0x74, 0xc1, 0xd3, 0x8b, 0x14, 0xbc, 0x87, 0xb0, 0xb8, 0x37, 0x20, - 0x23, 0xb1, 0xe7, 0x38, 0xe0, 0x7b, 0x50, 0xe3, 0x2d, 0xf6, 0x30, 0x29, 0x67, 0x55, 0x6e, 0xef, - 0x12, 0xcf, 0xfc, 0x16, 0x96, 0x0e, 0x42, 0x6f, 0xaa, 0x1d, 0x75, 0xa1, 0x1e, 0x61, 0x1a, 0xc4, - 0x51, 0x4f, 0x1c, 0x30, 0x7b, 0xd7, 0x04, 0xa6, 0xee, 0x56, 0xc4, 0xf2, 0x12, 0xfa, 0xb5, 0xb8, - 0x5a, 0x1c, 0x97, 0x73, 0xb5, 0xd4, 0x15, 0xd2, 0x93, 0x1a, 0xfd, 0x29, 0x34, 0x5e, 0xb9, 0x24, - 0x77, 0x87, 0x08, 0xee, 0x48, 0x98, 0xda, 0x60, 0x4a, 0xe2, 0xda, 0x87, 0x25, 0xae, 0xdf, 0x46, - 0xe2, 0xdd, 0xb7, 0x0d, 0x28, 0xf1, 0xb4, 0xa3, 0x01, 0x94, 0x45, 0xe5, 0x40, 0x96, 0x95, 0xf7, - 0xdc, 0xb1, 0xd2, 0xb5, 0xa8, 0x65, 0x17, 0xc6, 0xab, 0x63, 0x51, 0xa8, 0xc8, 0xce, 0x86, 0x36, - 0xf2, 0x5d, 0x67, 0x9e, 0x1c, 0xad, 0x2f, 0x6f, 0xe6, 0xa4, 0x36, 0x95, 0xc7, 0x8b, 0x58, 0xc1, - 0xe3, 0x5d, 0xc9, 0xa1, 0xe0, 0xf1, 0x52, 0xb2, 0x70, 0xa0, 0x22, 0xfb, 0x20, 0x5a, 0x99, 0xe1, - 0xe2, 0x39, 0x7f, 0xfb, 0xb5, 0xbe, 0xc8, 0x5f, 0x72, 0xaa, 0xa3, 0x9f, 0x43, 0x73, 0xa2, 0xb7, - 0xa2, 0x47, 0x45, 0x97, 0x98, 0xec, 0xae, 0xb7, 0xd8, 0xfa, 0x0d, 0xd4, 0xc6, 0x75, 0x04, 0xad, - 0xe7, 0x7b, 0x4f, 0x95, 0xa7, 0x56, 0xf7, 0x26, 0x2e, 0x6a, 0xcb, 0xc7, 0x50, 0xde, 0x75, 0x63, - 0x9a, 0x9d, 0xc0, 0x8c, 0x71, 0xf4, 0x15, 0x54, 0x1c, 0x4c, 0xe3, 0xd1, 0xcd, 0x3d, 0x7f, 0x06, - 0x48, 0xbd, 0xd5, 0x1e, 0x17, 0x90, 0xd8, 0x75, 0x75, 0x30, 0x73, 0xf9, 0x17, 0x50, 0xe2, 0x8d, - 0x04, 0x3d, 0xcc, 0x5f, 0x38, 0xd5, 0x70, 0x32, 0x97, 0xdb, 0x87, 0x12, 0x7f, 0x7f, 0xa0, 0x02, - 0x57, 0x61, 0xf6, 0x85, 0x95, 0xb9, 0xea, 0x2b, 0xa8, 0x5f, 0x3d, 0x5f, 0x50, 0x01, 0xde, 0xa6, - 0xdf, 0x3a, 0x99, 0x0b, 0xef, 0x41, 0x55, 0x75, 0x3d, 0x54, 0x40, 0x7f, 0x93, 0x0d, 0x32, 0x73, - 0xd1, 0x1f, 0xa0, 0x36, 0x6e, 0x17, 0x99, 0x6c, 0x17, 0x38, 0xc4, 0x4c, 0xcb, 0x39, 0x80, 0x8a, - 0xec, 0x2b, 0x45, 0xaa, 0xd3, 0x4c, 0x07, 0xca, 0x0c, 0x17, 0x43, 0x89, 0xd7, 0xf6, 0x22, 0x0a, - 0x48, 0xb5, 0x8a, 0x96, 0x55, 0x14, 0x2e, 0xa3, 0xdf, 0x3a, 0xb8, 0x78, 0xdf, 0x9e, 0xfb, 0xfb, - 0x7d, 0x7b, 0xee, 0xb7, 0xcb, 0xb6, 0x76, 0x71, 0xd9, 0xd6, 0xfe, 0xba, 0x6c, 0x6b, 0xff, 0x5e, - 0xb6, 0xb5, 0x1f, 0x9f, 0xdc, 0xee, 0xff, 0xe0, 0x27, 0xfc, 0xf7, 0xb5, 0x7e, 0x54, 0x11, 0xe7, - 0xd9, 0xf8, 0x3f, 0x00, 0x00, 0xff, 0xff, 0xfb, 0xc9, 0x30, 0x0d, 0x4f, 0x0f, 0x00, 0x00, + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x9c, 0x57, 0x4d, 0x6f, 0xdb, 0x46, + 0x13, 0x36, 0x69, 0x7d, 0x8e, 0x22, 0xbf, 0xf6, 0xbe, 0x8e, 0xcb, 0x28, 0x80, 0x2c, 0x10, 0x68, + 0xe0, 0xa2, 0x08, 0x55, 0xcb, 0x6d, 0xd2, 0x36, 0x40, 0x00, 0xdb, 0x09, 0x0a, 0xa3, 0x0d, 0x6c, + 0xd0, 0x4e, 0x13, 0xb4, 0x28, 0x0c, 0x5a, 0x5c, 0x4b, 0x0b, 0x4b, 0x24, 0xc3, 0x5d, 0xba, 0x76, + 0x4f, 0x3d, 0xf5, 0xdc, 0x9f, 0xd3, 0x9f, 0xe0, 0x43, 0x0e, 0x3d, 0xf6, 0x94, 0x36, 0xba, 0xf7, + 0x3f, 0x14, 0xfb, 0x21, 0x93, 0x92, 0xcc, 0x90, 0xf2, 0xc5, 0xe2, 0xec, 0x3e, 0xb3, 0x3b, 0x3b, + 0xcf, 0xb3, 0x33, 0x6b, 0x78, 0xd2, 0x23, 0xac, 0x1f, 0x9d, 0x58, 0x5d, 0x7f, 0xd8, 0xee, 0xfa, + 0x1e, 0x73, 0x88, 0x87, 0x43, 0x37, 0xf9, 0x19, 0x46, 0x1e, 0x23, 0x43, 0xdc, 0xa6, 0x7d, 0x32, + 0x6c, 0x9f, 0x6f, 0x8a, 0x5f, 0x2b, 0x08, 0x7d, 0xe6, 0xa3, 0x56, 0x0c, 0xb3, 0x14, 0xcc, 0x1a, + 0x10, 0x2f, 0xba, 0xb0, 0x04, 0xe8, 0x7c, 0xb3, 0x71, 0xaf, 0xe7, 0xfb, 0xbd, 0x01, 0x6e, 0x0b, + 0xfc, 0x49, 0x74, 0xda, 0x76, 0xbc, 0x4b, 0xe9, 0xdc, 0xb8, 0x3f, 0x3d, 0x85, 0x87, 0x01, 0x1b, + 0x4f, 0xae, 0xf6, 0xfc, 0x9e, 0x2f, 0x3e, 0xdb, 0xfc, 0x4b, 0x8d, 0xae, 0x4f, 0xbb, 0xf0, 0x1d, + 0x29, 0x73, 0x86, 0x81, 0x02, 0x3c, 0xca, 0x3c, 0x8d, 0x13, 0x90, 0x36, 0xbb, 0x0c, 0x30, 0x6d, + 0x0f, 0xfd, 0xc8, 0x63, 0xca, 0xef, 0xeb, 0x39, 0xfc, 0x98, 0x43, 0xcf, 0xc4, 0x1f, 0xe9, 0x6b, + 0xfe, 0xab, 0xc3, 0xca, 0x6e, 0x88, 0x1d, 0x86, 0x8f, 0x1c, 0x7a, 0x66, 0xe3, 0x37, 0x11, 0xa6, + 0x0c, 0xad, 0x81, 0x4e, 0x5c, 0x43, 0x6b, 0x69, 0x1b, 0xd5, 0x9d, 0xd2, 0xe8, 0xdd, 0xba, 0xbe, + 0xf7, 0xcc, 0xd6, 0x89, 0x8b, 0xd6, 0xa0, 0x74, 0x12, 0x79, 0xee, 0x00, 0x1b, 0x3a, 0x9f, 0xb3, + 0x95, 0x85, 0x0c, 0x28, 0xab, 0x0c, 0x1a, 0x8b, 0x62, 0x62, 0x6c, 0xa2, 0x36, 0x94, 0x42, 0xdf, + 0x67, 0xa7, 0xd4, 0x28, 0xb4, 0x16, 0x37, 0x6a, 0x9d, 0x8f, 0xac, 0x44, 0xd6, 0x45, 0x48, 0xd6, + 0x0b, 0x7e, 0x14, 0x5b, 0xc1, 0x50, 0x03, 0x2a, 0x0c, 0x87, 0x43, 0xe2, 0x39, 0x03, 0xa3, 0xd8, + 0xd2, 0x36, 0x2a, 0xf6, 0xb5, 0x8d, 0x56, 0xa1, 0x48, 0x99, 0x4b, 0x3c, 0xa3, 0x24, 0x36, 0x91, + 0x06, 0x0f, 0x8a, 0x32, 0xd7, 0x8f, 0x98, 0x51, 0x96, 0x41, 0x49, 0x4b, 0x8d, 0xe3, 0x30, 0x34, + 0x2a, 0xd7, 0xe3, 0x38, 0x0c, 0x51, 0x13, 0xa0, 0xdb, 0xc7, 0xdd, 0xb3, 0xc0, 0x27, 0x1e, 0x33, + 0xaa, 0x62, 0x2e, 0x31, 0x82, 0x3e, 0x85, 0x95, 0xc0, 0x09, 0xb1, 0xc7, 0x8e, 0x13, 0x30, 0x10, + 0xb0, 0x65, 0x39, 0xb1, 0x1b, 0x83, 0x2d, 0x28, 0xfb, 0x01, 0x23, 0xbe, 0x47, 0x8d, 0x5a, 0x4b, + 0xdb, 0xa8, 0x75, 0x56, 0x2d, 0x49, 0xb3, 0x35, 0xa6, 0xd9, 0xda, 0xf6, 0x2e, 0xed, 0x31, 0xc8, + 0x7c, 0x00, 0x28, 0x99, 0x6e, 0x1a, 0xf8, 0x1e, 0xc5, 0x68, 0x19, 0x16, 0x03, 0x95, 0xf0, 0xba, + 0xcd, 0x3f, 0xcd, 0xdf, 0x34, 0x58, 0x7a, 0x86, 0x07, 0x98, 0xe1, 0x74, 0x10, 0x5a, 0x87, 0x1a, + 0xbe, 0x20, 0xec, 0x98, 0x32, 0x87, 0x45, 0x54, 0x70, 0x52, 0xb7, 0x81, 0x0f, 0x1d, 0x8a, 0x11, + 0xb4, 0x0d, 0x55, 0x6e, 0x61, 0xf7, 0xd8, 0x61, 0x82, 0x99, 0x5a, 0xa7, 0x31, 0x13, 0xdf, 0xd1, + 0x58, 0x86, 0x3b, 0x95, 0xab, 0x77, 0xeb, 0x0b, 0xbf, 0xff, 0xbd, 0xae, 0xd9, 0x15, 0xe9, 0xb6, + 0xcd, 0x4c, 0x0b, 0x56, 0x65, 0x1c, 0x07, 0xa1, 0xdf, 0xc5, 0x94, 0x66, 0x48, 0xc4, 0xfc, 0x43, + 0x03, 0xf4, 0xfc, 0x02, 0x77, 0xf3, 0xc1, 0x27, 0xe8, 0xd6, 0xd3, 0xe8, 0x5e, 0xbc, 0x99, 0xee, + 0x42, 0x0a, 0xdd, 0xc5, 0x09, 0xba, 0x37, 0xa0, 0x40, 0x03, 0xdc, 0x15, 0x9a, 0x49, 0xa3, 0x47, + 0x20, 0xcc, 0xbb, 0xf0, 0xff, 0x89, 0xc8, 0x65, 0xde, 0xcd, 0xd7, 0xb0, 0x6c, 0x63, 0x4a, 0x7e, + 0xc1, 0x07, 0xec, 0x32, 0xeb, 0x38, 0xab, 0x50, 0xfc, 0x99, 0xb8, 0xac, 0xaf, 0xb8, 0x90, 0x06, + 0x0f, 0xad, 0x8f, 0x49, 0xaf, 0x2f, 0x39, 0xa8, 0xdb, 0xca, 0x32, 0x1f, 0xc0, 0x1d, 0x4e, 0x14, + 0xce, 0xca, 0xe9, 0x5b, 0x1d, 0xea, 0x0a, 0xa8, 0xb4, 0x30, 0xef, 0x05, 0x55, 0xda, 0x59, 0x8c, + 0xb5, 0xb3, 0xc5, 0xd3, 0x25, 0x64, 0xc3, 0xd3, 0xb8, 0xd4, 0xb9, 0x9f, 0xbc, 0x98, 0xe7, 0x9b, + 0xea, 0x6e, 0x4a, 0x1d, 0xd9, 0x0a, 0x1a, 0x33, 0x52, 0xbc, 0x99, 0x91, 0x52, 0x0a, 0x23, 0xe5, + 0x09, 0x46, 0x92, 0x9c, 0x57, 0xa6, 0x38, 0x9f, 0x92, 0x74, 0xf5, 0xc3, 0x92, 0x86, 0x5b, 0x49, + 0x7a, 0x1f, 0x6a, 0xdf, 0x92, 0xc1, 0x20, 0x47, 0xb1, 0xa3, 0xa4, 0x37, 0x16, 0x66, 0xdd, 0x56, + 0x16, 0xcf, 0xa5, 0x33, 0x18, 0x88, 0x5c, 0x56, 0x6c, 0xfe, 0x69, 0x3e, 0x85, 0xa5, 0xdd, 0x81, + 0x4f, 0xf1, 0xde, 0x7e, 0x0e, 0x7d, 0xc8, 0x04, 0x4a, 0xad, 0x4b, 0xc3, 0xfc, 0x04, 0xfe, 0xf7, + 0x1d, 0xa1, 0xec, 0x80, 0xb8, 0x99, 0xd7, 0xcb, 0x86, 0xe5, 0x18, 0xaa, 0xc4, 0xf0, 0x14, 0xaa, + 0x81, 0xd4, 0x2c, 0xa6, 0x86, 0x26, 0xca, 0x6c, 0xeb, 0x46, 0x36, 0x95, 0xb2, 0xf7, 0xbc, 0x53, + 0xdf, 0x8e, 0x5d, 0xcc, 0x1f, 0xe1, 0x6e, 0x5c, 0xd1, 0x92, 0x6d, 0x00, 0x41, 0x21, 0x70, 0x58, + 0x5f, 0x86, 0x61, 0x8b, 0xef, 0x64, 0xc1, 0xd3, 0xf3, 0x14, 0xbc, 0x87, 0xb0, 0x7c, 0xd8, 0x27, + 0x43, 0xb1, 0xe7, 0x38, 0xe0, 0x7b, 0x50, 0xe1, 0x2d, 0xf6, 0x38, 0x2e, 0x67, 0x65, 0x6e, 0x1f, + 0x10, 0xd7, 0xfc, 0x06, 0x56, 0x5e, 0x06, 0xee, 0x54, 0x3b, 0xea, 0x40, 0x35, 0xc4, 0xd4, 0x8f, + 0xc2, 0xae, 0x38, 0x60, 0xfa, 0xae, 0x31, 0x4c, 0xdd, 0xad, 0x90, 0x65, 0x25, 0xf4, 0x2b, 0x71, + 0xb5, 0x38, 0x2e, 0xe3, 0x6a, 0xa9, 0x2b, 0xa4, 0xc7, 0x35, 0xfa, 0x63, 0xa8, 0xbd, 0x72, 0x48, + 0xe6, 0x0e, 0x21, 0xdc, 0x91, 0x30, 0xb5, 0xc1, 0x94, 0xc4, 0xb5, 0x0f, 0x4b, 0x5c, 0xbf, 0x8d, + 0xc4, 0x3b, 0x6f, 0x6b, 0x50, 0xe0, 0x69, 0x47, 0x7d, 0x28, 0x8a, 0xca, 0x81, 0x2c, 0x2b, 0xeb, + 0xb9, 0x63, 0x25, 0x6b, 0x51, 0xa3, 0x9d, 0x1b, 0xaf, 0x8e, 0x45, 0xa1, 0x24, 0x3b, 0x1b, 0xda, + 0xca, 0x76, 0x9d, 0x79, 0x72, 0x34, 0x3e, 0x9f, 0xcf, 0x49, 0x6d, 0x2a, 0x8f, 0x17, 0xb2, 0x9c, + 0xc7, 0xbb, 0x96, 0x43, 0xce, 0xe3, 0x25, 0x64, 0x61, 0x43, 0x49, 0xf6, 0x41, 0xb4, 0x36, 0xc3, + 0xc5, 0x73, 0xfe, 0xf6, 0x6b, 0x7c, 0x96, 0xbd, 0xe4, 0x54, 0x47, 0xbf, 0x84, 0xfa, 0x44, 0x6f, + 0x45, 0x8f, 0xf2, 0x2e, 0x31, 0xd9, 0x5d, 0x6f, 0xb1, 0xf5, 0x1b, 0xa8, 0x8c, 0xeb, 0x08, 0xda, + 0xcc, 0xf6, 0x9e, 0x2a, 0x4f, 0x8d, 0xce, 0x3c, 0x2e, 0x6a, 0xcb, 0xc7, 0x50, 0x3c, 0x70, 0x22, + 0x9a, 0x9e, 0xc0, 0x94, 0x71, 0xf4, 0x25, 0x94, 0x6c, 0x4c, 0xa3, 0xe1, 0xfc, 0x9e, 0x3f, 0x01, + 0x24, 0xde, 0x6a, 0x8f, 0x73, 0x48, 0xec, 0xa6, 0x3a, 0x98, 0xba, 0xfc, 0x0b, 0x28, 0xf0, 0x46, + 0x82, 0x1e, 0x66, 0x2f, 0x9c, 0x68, 0x38, 0xa9, 0xcb, 0x1d, 0x41, 0x81, 0xbf, 0x3f, 0x50, 0x8e, + 0xab, 0x30, 0xfb, 0xc2, 0x4a, 0x5d, 0xf5, 0x15, 0x54, 0xaf, 0x9f, 0x2f, 0x28, 0x07, 0x6f, 0xd3, + 0x6f, 0x9d, 0xd4, 0x85, 0x0f, 0xa1, 0xac, 0xba, 0x1e, 0xca, 0xa1, 0xbf, 0xc9, 0x06, 0x99, 0xba, + 0xe8, 0xf7, 0x50, 0x19, 0xb7, 0x8b, 0x54, 0xb6, 0x73, 0x1c, 0x62, 0xa6, 0xe5, 0xbc, 0x84, 0x92, + 0xec, 0x2b, 0x79, 0xaa, 0xd3, 0x4c, 0x07, 0x4a, 0x0d, 0x17, 0x43, 0x81, 0xd7, 0xf6, 0x3c, 0x0a, + 0x48, 0xb4, 0x8a, 0x86, 0x95, 0x17, 0x2e, 0xa3, 0xdf, 0xd9, 0xbf, 0x7a, 0xdf, 0x5c, 0xf8, 0xeb, + 0x7d, 0x73, 0xe1, 0xd7, 0x51, 0x53, 0xbb, 0x1a, 0x35, 0xb5, 0x3f, 0x47, 0x4d, 0xed, 0x9f, 0x51, + 0x53, 0xfb, 0xe1, 0x8b, 0x79, 0xff, 0x03, 0x7e, 0xc2, 0x7f, 0x5f, 0xeb, 0x27, 0x25, 0x71, 0x92, + 0xad, 0xff, 0x02, 0x00, 0x00, 0xff, 0xff, 0x5b, 0x88, 0x3a, 0x56, 0x43, 0x0f, 0x00, 0x00, } diff --git a/vendor/github.com/containerd/containerd/runtime/linux/shim/v1/shim.proto b/vendor/github.com/containerd/containerd/runtime/shim/v1/shim.proto similarity index 97% rename from vendor/github.com/containerd/containerd/runtime/linux/shim/v1/shim.proto rename to vendor/github.com/containerd/containerd/runtime/shim/v1/shim.proto index fb748f71e0f2..8248b2aa026f 100644 --- a/vendor/github.com/containerd/containerd/runtime/linux/shim/v1/shim.proto +++ b/vendor/github.com/containerd/containerd/runtime/shim/v1/shim.proto @@ -9,7 +9,7 @@ import "google/protobuf/timestamp.proto"; import "github.com/containerd/containerd/api/types/mount.proto"; import "github.com/containerd/containerd/api/types/task/task.proto"; -option go_package = "github.com/containerd/containerd/runtime/linux/shim/v1;shim"; +option go_package = "github.com/containerd/containerd/runtime/shim/v1;shim"; // Shim service is launched for each container and is responsible for owning the IO // for the container and its additional processes. The shim is also the parent of diff --git a/vendor/github.com/containerd/containerd/vendor.conf b/vendor/github.com/containerd/containerd/vendor.conf index fcb6532bcc98..b9e98a85e214 100644 --- a/vendor/github.com/containerd/containerd/vendor.conf +++ b/vendor/github.com/containerd/containerd/vendor.conf @@ -1,7 +1,7 @@ github.com/containerd/go-runc f271fa2021de855d4d918dbef83c5fe19db1bdd5 -github.com/containerd/console cb7008ab3d8359b78c5f464cb7cf160107ad5925 +github.com/containerd/console 5d1b48d6114b8c9666f0c8b916f871af97b0a761 github.com/containerd/cgroups fe281dd265766145e943a034aa41086474ea6130 -github.com/containerd/typeurl f6943554a7e7e88b3c14aad190bf05932da84788 +github.com/containerd/typeurl a93fcdb778cd272c6e9b3028b2f42d813e785d40 github.com/containerd/fifo 3d5202aec260678c48179c56f40e6f38a095738c github.com/containerd/btrfs 2e1aa0ddf94f91fa282b6ed87c23bf0d64911244 github.com/containerd/continuity d3c23511c1bf5851696cba83143d9cbcd666869b @@ -22,7 +22,6 @@ github.com/golang/protobuf v1.1.0 github.com/opencontainers/runtime-spec v1.0.1 github.com/opencontainers/runc 69663f0bd4b60df09991c08812a60108003fa340 github.com/sirupsen/logrus v1.0.0 -github.com/pmezard/go-difflib v1.0.0 github.com/urfave/cli 7bc6a0acffa589f415f88aca16cc1de5ffd66f9c golang.org/x/net b3756b4b77d7b13260a0a2ec658753cf48922eac google.golang.org/grpc v1.12.0 @@ -38,14 +37,14 @@ github.com/Microsoft/hcsshim v0.6.11 github.com/boltdb/bolt e9cf4fae01b5a8ff89d0ec6b32f0d9c9f79aefdd google.golang.org/genproto d80a6e20e776b0b17a324d0ba1ab50a39c8e8944 golang.org/x/text 19e51611da83d6be54ddafce4a4af510cb3e9ea4 -github.com/stevvooe/ttrpc d4528379866b0ce7e9d71f3eb96f0582fc374577 +github.com/containerd/ttrpc 94dde388801693c54f88a6596f713b51a8b30b2d github.com/syndtr/gocapability db04d3cc01c8b54962a58ec7e491717d06cfcc16 -github.com/gotestyourself/gotestyourself 44dbf532bbf5767611f6f2a61bded572e337010a +gotest.tools v2.1.0 github.com/google/go-cmp v0.1.0 -# #2135: cri is temporarily forked because of circular dependency. will be fixed immediately in a follow-up PR. -github.com/containerd/cri 6e975823be192ad19f2ce7afcf6c57b88a991c30 https://github.com/AkihiroSuda/cri-containerd.git -github.com/containerd/go-cni f2d7272f12d045b16ed924f50e91f9f9cecc55a7 +# cri dependencies +github.com/containerd/cri v1.11.0 +github.com/containerd/go-cni 5882530828ecf62032409b298a3e8b19e08b6534 github.com/blang/semver v3.1.0 github.com/containernetworking/cni v0.6.0 github.com/containernetworking/plugins v0.7.0 @@ -59,22 +58,26 @@ github.com/golang/glog 44145f04b68cf362d9c4df2182967c2275eaefed github.com/google/gofuzz 44d81051d367757e1c7c6a5a86423ece9afcf63c github.com/hashicorp/errwrap 7554cd9344cec97297fa6649b055a8c98c2a1e55 github.com/hashicorp/go-multierror ed905158d87462226a13fe39ddf685ea65f1c11f -github.com/json-iterator/go 1.0.4 -github.com/opencontainers/runtime-tools 6073aff4ac61897f75895123f7e24135204a404d +github.com/json-iterator/go f2b4162afba35581b6d4a50d3b8f34e33c144682 +github.com/modern-go/reflect2 05fbef0ca5da472bbf96c9322b84a53edc03c9fd +github.com/modern-go/concurrent 1.0.3 +github.com/opencontainers/runtime-tools v0.6.0 github.com/opencontainers/selinux 4a2974bf1ee960774ffd517717f1f45325af0206 github.com/seccomp/libseccomp-golang 32f571b70023028bd57d9288c20efbcb237f3ce0 -github.com/spf13/pflag v1.0.0 github.com/tchap/go-patricia 5ad6cdb7538b0097d5598c7e57f0a24072adf7dc +github.com/xeipuuv/gojsonpointer 4e3ac2762d5f479393488629ee9370b50873b3a6 +github.com/xeipuuv/gojsonreference bd5ef7bd5415a7ac448318e64f11a24cd21e594b +github.com/xeipuuv/gojsonschema 1d523034197ff1f222f6429836dd36a2457a1874 golang.org/x/crypto 49796115aa4b964c318aad4f3084fdb41e9aa067 golang.org/x/time f51c12702a4d776e4c1fa9b0fabab841babae631 gopkg.in/inf.v0 3887ee99ecf07df5b447e9b00d9c0b2adaa9f3e4 gopkg.in/yaml.v2 53feefa2559fb8dfa8d81baad31be332c97d6c77 -k8s.io/api 7e796de92438aede7cb5d6bcf6c10f4fa65db560 -k8s.io/apimachinery fcb9a12f7875d01f8390b28faedc37dcf2e713b9 -k8s.io/apiserver 4a8377c547bbff4576a35b5b5bf4026d9b5aa763 -k8s.io/client-go b9a0cf870f239c4a4ecfd3feb075a50e7cbe1473 -k8s.io/kubernetes v1.10.0 -k8s.io/utils 258e2a2fa64568210fbd6267cf1d8fd87c3cb86e +k8s.io/api 9e5ffd1f1320950b238cfce291b926411f0af722 +k8s.io/apimachinery ed135c5b96450fd24e5e981c708114fbbd950697 +k8s.io/apiserver a90e3a95c2e91b944bfca8225c4e0d12e42a9eb5 +k8s.io/client-go 03bfb9bdcfe5482795b999f39ca3ed9ad42ce5bb +k8s.io/kubernetes v1.11.0 +k8s.io/utils 733eca437aa39379e4bcc25e726439dfca40fcff # zfs dependencies github.com/containerd/zfs 9a0b8b8b5982014b729cd34eb7cd7a11062aa6ec diff --git a/vendor/github.com/stevvooe/ttrpc/LICENSE b/vendor/github.com/containerd/ttrpc/LICENSE similarity index 100% rename from vendor/github.com/stevvooe/ttrpc/LICENSE rename to vendor/github.com/containerd/ttrpc/LICENSE diff --git a/vendor/github.com/stevvooe/ttrpc/README.md b/vendor/github.com/containerd/ttrpc/README.md similarity index 90% rename from vendor/github.com/stevvooe/ttrpc/README.md rename to vendor/github.com/containerd/ttrpc/README.md index b246e578b2ab..d1eed6b120c6 100644 --- a/vendor/github.com/stevvooe/ttrpc/README.md +++ b/vendor/github.com/containerd/ttrpc/README.md @@ -1,6 +1,6 @@ # ttrpc -[![Build Status](https://travis-ci.org/stevvooe/ttrpc.svg?branch=master)](https://travis-ci.org/stevvooe/ttrpc) +[![Build Status](https://travis-ci.org/containerd/ttrpc.svg?branch=master)](https://travis-ci.org/containerd/ttrpc) GRPC for low-memory environments. @@ -25,7 +25,7 @@ Create a gogo vanity binary (see [`cmd/protoc-gen-gogottrpc/main.go`](cmd/protoc-gen-gogottrpc/main.go) for an example with the ttrpc plugin enabled. -It's recommended to use [`protobuild`](https://github.com/stevvooe/protobuild) +It's recommended to use [`protobuild`](https://github.com//stevvooe/protobuild) to build the protobufs for this project, but this will work with protoc directly, if required. diff --git a/vendor/github.com/stevvooe/ttrpc/channel.go b/vendor/github.com/containerd/ttrpc/channel.go similarity index 85% rename from vendor/github.com/stevvooe/ttrpc/channel.go rename to vendor/github.com/containerd/ttrpc/channel.go index 9493d6862450..22f5496b4b95 100644 --- a/vendor/github.com/stevvooe/ttrpc/channel.go +++ b/vendor/github.com/containerd/ttrpc/channel.go @@ -1,3 +1,19 @@ +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + package ttrpc import ( diff --git a/vendor/github.com/stevvooe/ttrpc/client.go b/vendor/github.com/containerd/ttrpc/client.go similarity index 87% rename from vendor/github.com/stevvooe/ttrpc/client.go rename to vendor/github.com/containerd/ttrpc/client.go index f04718167855..ede2e6b7413b 100644 --- a/vendor/github.com/stevvooe/ttrpc/client.go +++ b/vendor/github.com/containerd/ttrpc/client.go @@ -1,3 +1,19 @@ +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + package ttrpc import ( @@ -9,9 +25,9 @@ import ( "sync" "syscall" - "github.com/containerd/containerd/log" "github.com/gogo/protobuf/proto" "github.com/pkg/errors" + "github.com/sirupsen/logrus" "google.golang.org/grpc/status" ) @@ -180,7 +196,7 @@ func (c *Client) run() { case msg := <-incoming: call, ok := waiters[msg.StreamID] if !ok { - log.L.Errorf("ttrpc: received message for unknown channel %v", msg.StreamID) + logrus.Errorf("ttrpc: received message for unknown channel %v", msg.StreamID) continue } diff --git a/vendor/github.com/containerd/ttrpc/codec.go b/vendor/github.com/containerd/ttrpc/codec.go new file mode 100644 index 000000000000..b4aac2fac038 --- /dev/null +++ b/vendor/github.com/containerd/ttrpc/codec.go @@ -0,0 +1,42 @@ +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package ttrpc + +import ( + "github.com/gogo/protobuf/proto" + "github.com/pkg/errors" +) + +type codec struct{} + +func (c codec) Marshal(msg interface{}) ([]byte, error) { + switch v := msg.(type) { + case proto.Message: + return proto.Marshal(v) + default: + return nil, errors.Errorf("ttrpc: cannot marshal unknown type: %T", msg) + } +} + +func (c codec) Unmarshal(p []byte, msg interface{}) error { + switch v := msg.(type) { + case proto.Message: + return proto.Unmarshal(p, v) + default: + return errors.Errorf("ttrpc: cannot unmarshal into unknown type: %T", msg) + } +} diff --git a/vendor/github.com/containerd/ttrpc/config.go b/vendor/github.com/containerd/ttrpc/config.go new file mode 100644 index 000000000000..019b7a09dd85 --- /dev/null +++ b/vendor/github.com/containerd/ttrpc/config.go @@ -0,0 +1,39 @@ +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package ttrpc + +import "github.com/pkg/errors" + +type serverConfig struct { + handshaker Handshaker +} + +type ServerOpt func(*serverConfig) error + +// WithServerHandshaker can be passed to NewServer to ensure that the +// handshaker is called before every connection attempt. +// +// Only one handshaker is allowed per server. +func WithServerHandshaker(handshaker Handshaker) ServerOpt { + return func(c *serverConfig) error { + if c.handshaker != nil { + return errors.New("only one handshaker allowed per server") + } + c.handshaker = handshaker + return nil + } +} diff --git a/vendor/github.com/stevvooe/ttrpc/handshake.go b/vendor/github.com/containerd/ttrpc/handshake.go similarity index 65% rename from vendor/github.com/stevvooe/ttrpc/handshake.go rename to vendor/github.com/containerd/ttrpc/handshake.go index a08ae8ee4b76..a424b67a4976 100644 --- a/vendor/github.com/stevvooe/ttrpc/handshake.go +++ b/vendor/github.com/containerd/ttrpc/handshake.go @@ -1,3 +1,19 @@ +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + package ttrpc import ( diff --git a/vendor/github.com/stevvooe/ttrpc/server.go b/vendor/github.com/containerd/ttrpc/server.go similarity index 88% rename from vendor/github.com/stevvooe/ttrpc/server.go rename to vendor/github.com/containerd/ttrpc/server.go index fd29b719e420..1a518b1b4f77 100644 --- a/vendor/github.com/stevvooe/ttrpc/server.go +++ b/vendor/github.com/containerd/ttrpc/server.go @@ -1,3 +1,19 @@ +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + package ttrpc import ( @@ -9,8 +25,8 @@ import ( "sync/atomic" "time" - "github.com/containerd/containerd/log" "github.com/pkg/errors" + "github.com/sirupsen/logrus" "google.golang.org/grpc/codes" "google.golang.org/grpc/status" ) @@ -51,12 +67,11 @@ func (s *Server) Register(name string, methods map[string]Method) { s.services.register(name, methods) } -func (s *Server) Serve(l net.Listener) error { +func (s *Server) Serve(ctx context.Context, l net.Listener) error { s.addListener(l) defer s.closeListener(l) var ( - ctx = context.Background() backoff time.Duration handshaker = s.config.handshaker ) @@ -88,7 +103,7 @@ func (s *Server) Serve(l net.Listener) error { } sleep := time.Duration(rand.Int63n(int64(backoff))) - log.L.WithError(err).Errorf("ttrpc: failed accept; backoff %v", sleep) + logrus.WithError(err).Errorf("ttrpc: failed accept; backoff %v", sleep) time.Sleep(sleep) continue } @@ -100,7 +115,7 @@ func (s *Server) Serve(l net.Listener) error { approved, handshake, err := handshaker.Handshake(ctx, conn) if err != nil { - log.L.WithError(err).Errorf("ttrpc: refusing connection after handshake") + logrus.WithError(err).Errorf("ttrpc: refusing connection after handshake") conn.Close() continue } @@ -416,12 +431,12 @@ func (c *serverConn) run(sctx context.Context) { case response := <-responses: p, err := c.server.codec.Marshal(response.resp) if err != nil { - log.L.WithError(err).Error("failed marshaling response") + logrus.WithError(err).Error("failed marshaling response") return } if err := ch.send(ctx, response.id, messageTypeResponse, p); err != nil { - log.L.WithError(err).Error("failed sending message on channel") + logrus.WithError(err).Error("failed sending message on channel") return } @@ -432,7 +447,7 @@ func (c *serverConn) run(sctx context.Context) { // requests due to a terminal error. recvErr = nil // connection is now "closing" if err != nil && err != io.EOF { - log.L.WithError(err).Error("error receiving message") + logrus.WithError(err).Error("error receiving message") } case <-shutdown: return diff --git a/vendor/github.com/stevvooe/ttrpc/services.go b/vendor/github.com/containerd/ttrpc/services.go similarity index 84% rename from vendor/github.com/stevvooe/ttrpc/services.go rename to vendor/github.com/containerd/ttrpc/services.go index b9a749e3de1f..e90963825912 100644 --- a/vendor/github.com/stevvooe/ttrpc/services.go +++ b/vendor/github.com/containerd/ttrpc/services.go @@ -1,3 +1,19 @@ +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + package ttrpc import ( diff --git a/vendor/github.com/stevvooe/ttrpc/types.go b/vendor/github.com/containerd/ttrpc/types.go similarity index 56% rename from vendor/github.com/stevvooe/ttrpc/types.go rename to vendor/github.com/containerd/ttrpc/types.go index a522b0cf261f..1f7969e5cf46 100644 --- a/vendor/github.com/stevvooe/ttrpc/types.go +++ b/vendor/github.com/containerd/ttrpc/types.go @@ -1,3 +1,19 @@ +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + package ttrpc import ( diff --git a/vendor/github.com/stevvooe/ttrpc/unixcreds_linux.go b/vendor/github.com/containerd/ttrpc/unixcreds_linux.go similarity index 82% rename from vendor/github.com/stevvooe/ttrpc/unixcreds_linux.go rename to vendor/github.com/containerd/ttrpc/unixcreds_linux.go index 812d927dc598..a471bd365ca9 100644 --- a/vendor/github.com/stevvooe/ttrpc/unixcreds_linux.go +++ b/vendor/github.com/containerd/ttrpc/unixcreds_linux.go @@ -1,3 +1,19 @@ +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + package ttrpc import ( diff --git a/vendor/github.com/containerd/typeurl/types.go b/vendor/github.com/containerd/typeurl/types.go index 10a78228ba35..153c488d0aa6 100644 --- a/vendor/github.com/containerd/typeurl/types.go +++ b/vendor/github.com/containerd/typeurl/types.go @@ -1,3 +1,19 @@ +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + package typeurl import ( diff --git a/vendor/github.com/docker/docker/contrib/README.md b/vendor/github.com/docker/docker/contrib/README.md deleted file mode 100644 index 92b1d94433a5..000000000000 --- a/vendor/github.com/docker/docker/contrib/README.md +++ /dev/null @@ -1,4 +0,0 @@ -The `contrib` directory contains scripts, images, and other helpful things -which are not part of the core docker distribution. Please note that they -could be out of date, since they do not receive the same attention as the -rest of the repository. diff --git a/vendor/github.com/docker/docker/contrib/nnp-test/nnp-test.c b/vendor/github.com/docker/docker/contrib/nnp-test/nnp-test.c deleted file mode 100644 index b767da7e1a57..000000000000 --- a/vendor/github.com/docker/docker/contrib/nnp-test/nnp-test.c +++ /dev/null @@ -1,10 +0,0 @@ -#include -#include -#include - -int main(int argc, char *argv[]) -{ - printf("EUID=%d\n", geteuid()); - return 0; -} - diff --git a/vendor/github.com/docker/docker/contrib/syscall-test/acct.c b/vendor/github.com/docker/docker/contrib/syscall-test/acct.c deleted file mode 100644 index 88ac287966d9..000000000000 --- a/vendor/github.com/docker/docker/contrib/syscall-test/acct.c +++ /dev/null @@ -1,16 +0,0 @@ -#define _GNU_SOURCE -#include -#include -#include -#include -#include - -int main(int argc, char **argv) -{ - int err = acct("/tmp/t"); - if (err == -1) { - fprintf(stderr, "acct failed: %s\n", strerror(errno)); - exit(EXIT_FAILURE); - } - exit(EXIT_SUCCESS); -} diff --git a/vendor/github.com/docker/docker/contrib/syscall-test/exit32.s b/vendor/github.com/docker/docker/contrib/syscall-test/exit32.s deleted file mode 100644 index 8bbb5c58b34f..000000000000 --- a/vendor/github.com/docker/docker/contrib/syscall-test/exit32.s +++ /dev/null @@ -1,7 +0,0 @@ -.globl _start -.text -_start: - xorl %eax, %eax - incl %eax - movb $0, %bl - int $0x80 diff --git a/vendor/github.com/docker/docker/contrib/syscall-test/ns.c b/vendor/github.com/docker/docker/contrib/syscall-test/ns.c deleted file mode 100644 index 624388630af1..000000000000 --- a/vendor/github.com/docker/docker/contrib/syscall-test/ns.c +++ /dev/null @@ -1,63 +0,0 @@ -#define _GNU_SOURCE -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#define STACK_SIZE (1024 * 1024) /* Stack size for cloned child */ - -struct clone_args { - char **argv; -}; - -// child_exec is the func that will be executed as the result of clone -static int child_exec(void *stuff) -{ - struct clone_args *args = (struct clone_args *)stuff; - if (execvp(args->argv[0], args->argv) != 0) { - fprintf(stderr, "failed to execvp arguments %s\n", - strerror(errno)); - exit(-1); - } - // we should never reach here! - exit(EXIT_FAILURE); -} - -int main(int argc, char **argv) -{ - struct clone_args args; - args.argv = &argv[1]; - - int clone_flags = CLONE_NEWNS | CLONE_NEWPID | SIGCHLD; - - // allocate stack for child - char *stack; /* Start of stack buffer */ - char *child_stack; /* End of stack buffer */ - stack = - mmap(NULL, STACK_SIZE, PROT_READ | PROT_WRITE, - MAP_SHARED | MAP_ANON | MAP_STACK, -1, 0); - if (stack == MAP_FAILED) { - fprintf(stderr, "mmap failed: %s\n", strerror(errno)); - exit(EXIT_FAILURE); - } - child_stack = stack + STACK_SIZE; /* Assume stack grows downward */ - - // the result of this call is that our child_exec will be run in another - // process returning its pid - pid_t pid = clone(child_exec, child_stack, clone_flags, &args); - if (pid < 0) { - fprintf(stderr, "clone failed: %s\n", strerror(errno)); - exit(EXIT_FAILURE); - } - // lets wait on our child process here before we, the parent, exits - if (waitpid(pid, NULL, 0) == -1) { - fprintf(stderr, "failed to wait pid %d\n", pid); - exit(EXIT_FAILURE); - } - exit(EXIT_SUCCESS); -} diff --git a/vendor/github.com/docker/docker/contrib/syscall-test/raw.c b/vendor/github.com/docker/docker/contrib/syscall-test/raw.c deleted file mode 100644 index 7995a0d3a5cc..000000000000 --- a/vendor/github.com/docker/docker/contrib/syscall-test/raw.c +++ /dev/null @@ -1,14 +0,0 @@ -#include -#include -#include -#include -#include - -int main() { - if (socket(PF_INET, SOCK_RAW, IPPROTO_UDP) == -1) { - perror("socket"); - return 1; - } - - return 0; -} diff --git a/vendor/github.com/docker/docker/contrib/syscall-test/setgid.c b/vendor/github.com/docker/docker/contrib/syscall-test/setgid.c deleted file mode 100644 index df9680c86937..000000000000 --- a/vendor/github.com/docker/docker/contrib/syscall-test/setgid.c +++ /dev/null @@ -1,11 +0,0 @@ -#include -#include -#include - -int main() { - if (setgid(1) == -1) { - perror("setgid"); - return 1; - } - return 0; -} diff --git a/vendor/github.com/docker/docker/contrib/syscall-test/setuid.c b/vendor/github.com/docker/docker/contrib/syscall-test/setuid.c deleted file mode 100644 index 5b939677e9ae..000000000000 --- a/vendor/github.com/docker/docker/contrib/syscall-test/setuid.c +++ /dev/null @@ -1,11 +0,0 @@ -#include -#include -#include - -int main() { - if (setuid(1) == -1) { - perror("setuid"); - return 1; - } - return 0; -} diff --git a/vendor/github.com/docker/docker/contrib/syscall-test/socket.c b/vendor/github.com/docker/docker/contrib/syscall-test/socket.c deleted file mode 100644 index d26c82f00f79..000000000000 --- a/vendor/github.com/docker/docker/contrib/syscall-test/socket.c +++ /dev/null @@ -1,30 +0,0 @@ -#include -#include -#include -#include -#include -#include - -int main() { - int s; - struct sockaddr_in sin; - - s = socket(AF_INET, SOCK_STREAM, 0); - if (s == -1) { - perror("socket"); - return 1; - } - - sin.sin_family = AF_INET; - sin.sin_addr.s_addr = INADDR_ANY; - sin.sin_port = htons(80); - - if (bind(s, (struct sockaddr *)&sin, sizeof(sin)) == -1) { - perror("bind"); - return 1; - } - - close(s); - - return 0; -} diff --git a/vendor/github.com/docker/docker/contrib/syscall-test/userns.c b/vendor/github.com/docker/docker/contrib/syscall-test/userns.c deleted file mode 100644 index 4c5c8d304eac..000000000000 --- a/vendor/github.com/docker/docker/contrib/syscall-test/userns.c +++ /dev/null @@ -1,63 +0,0 @@ -#define _GNU_SOURCE -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#define STACK_SIZE (1024 * 1024) /* Stack size for cloned child */ - -struct clone_args { - char **argv; -}; - -// child_exec is the func that will be executed as the result of clone -static int child_exec(void *stuff) -{ - struct clone_args *args = (struct clone_args *)stuff; - if (execvp(args->argv[0], args->argv) != 0) { - fprintf(stderr, "failed to execvp arguments %s\n", - strerror(errno)); - exit(-1); - } - // we should never reach here! - exit(EXIT_FAILURE); -} - -int main(int argc, char **argv) -{ - struct clone_args args; - args.argv = &argv[1]; - - int clone_flags = CLONE_NEWUSER | SIGCHLD; - - // allocate stack for child - char *stack; /* Start of stack buffer */ - char *child_stack; /* End of stack buffer */ - stack = - mmap(NULL, STACK_SIZE, PROT_READ | PROT_WRITE, - MAP_SHARED | MAP_ANON | MAP_STACK, -1, 0); - if (stack == MAP_FAILED) { - fprintf(stderr, "mmap failed: %s\n", strerror(errno)); - exit(EXIT_FAILURE); - } - child_stack = stack + STACK_SIZE; /* Assume stack grows downward */ - - // the result of this call is that our child_exec will be run in another - // process returning its pid - pid_t pid = clone(child_exec, child_stack, clone_flags, &args); - if (pid < 0) { - fprintf(stderr, "clone failed: %s\n", strerror(errno)); - exit(EXIT_FAILURE); - } - // lets wait on our child process here before we, the parent, exits - if (waitpid(pid, NULL, 0) == -1) { - fprintf(stderr, "failed to wait pid %d\n", pid); - exit(EXIT_FAILURE); - } - exit(EXIT_SUCCESS); -} diff --git a/vendor/github.com/stevvooe/ttrpc/codec.go b/vendor/github.com/stevvooe/ttrpc/codec.go deleted file mode 100644 index 7956a72220c5..000000000000 --- a/vendor/github.com/stevvooe/ttrpc/codec.go +++ /dev/null @@ -1,26 +0,0 @@ -package ttrpc - -import ( - "github.com/gogo/protobuf/proto" - "github.com/pkg/errors" -) - -type codec struct{} - -func (c codec) Marshal(msg interface{}) ([]byte, error) { - switch v := msg.(type) { - case proto.Message: - return proto.Marshal(v) - default: - return nil, errors.Errorf("ttrpc: cannot marshal unknown type: %T", msg) - } -} - -func (c codec) Unmarshal(p []byte, msg interface{}) error { - switch v := msg.(type) { - case proto.Message: - return proto.Unmarshal(p, v) - default: - return errors.Errorf("ttrpc: cannot unmarshal into unknown type: %T", msg) - } -} diff --git a/vendor/github.com/stevvooe/ttrpc/config.go b/vendor/github.com/stevvooe/ttrpc/config.go deleted file mode 100644 index 23bc603a38dd..000000000000 --- a/vendor/github.com/stevvooe/ttrpc/config.go +++ /dev/null @@ -1,23 +0,0 @@ -package ttrpc - -import "github.com/pkg/errors" - -type serverConfig struct { - handshaker Handshaker -} - -type ServerOpt func(*serverConfig) error - -// WithServerHandshaker can be passed to NewServer to ensure that the -// handshaker is called before every connection attempt. -// -// Only one handshaker is allowed per server. -func WithServerHandshaker(handshaker Handshaker) ServerOpt { - return func(c *serverConfig) error { - if c.handshaker != nil { - return errors.New("only one handshaker allowed per server") - } - c.handshaker = handshaker - return nil - } -} diff --git a/vendor/golang.org/x/crypto/otr/libotr_test_helper.c b/vendor/golang.org/x/crypto/otr/libotr_test_helper.c deleted file mode 100644 index b3ca072d4809..000000000000 --- a/vendor/golang.org/x/crypto/otr/libotr_test_helper.c +++ /dev/null @@ -1,197 +0,0 @@ -// Copyright 2012 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// This code can be compiled and used to test the otr package against libotr. -// See otr_test.go. - -// +build ignore - -#include -#include -#include - -#include -#include -#include - -static int g_session_established = 0; - -OtrlPolicy policy(void *opdata, ConnContext *context) { - return OTRL_POLICY_ALWAYS; -} - -int is_logged_in(void *opdata, const char *accountname, const char *protocol, - const char *recipient) { - return 1; -} - -void inject_message(void *opdata, const char *accountname, const char *protocol, - const char *recipient, const char *message) { - printf("%s\n", message); - fflush(stdout); - fprintf(stderr, "libotr helper sent: %s\n", message); -} - -void update_context_list(void *opdata) {} - -void new_fingerprint(void *opdata, OtrlUserState us, const char *accountname, - const char *protocol, const char *username, - unsigned char fingerprint[20]) { - fprintf(stderr, "NEW FINGERPRINT\n"); - g_session_established = 1; -} - -void write_fingerprints(void *opdata) {} - -void gone_secure(void *opdata, ConnContext *context) {} - -void gone_insecure(void *opdata, ConnContext *context) {} - -void still_secure(void *opdata, ConnContext *context, int is_reply) {} - -int max_message_size(void *opdata, ConnContext *context) { return 99999; } - -const char *account_name(void *opdata, const char *account, - const char *protocol) { - return "ACCOUNT"; -} - -void account_name_free(void *opdata, const char *account_name) {} - -const char *error_message(void *opdata, ConnContext *context, - OtrlErrorCode err_code) { - return "ERR"; -} - -void error_message_free(void *opdata, const char *msg) {} - -void resent_msg_prefix_free(void *opdata, const char *prefix) {} - -void handle_smp_event(void *opdata, OtrlSMPEvent smp_event, - ConnContext *context, unsigned short progress_event, - char *question) {} - -void handle_msg_event(void *opdata, OtrlMessageEvent msg_event, - ConnContext *context, const char *message, - gcry_error_t err) { - fprintf(stderr, "msg event: %d %s\n", msg_event, message); -} - -OtrlMessageAppOps uiops = { - policy, - NULL, - is_logged_in, - inject_message, - update_context_list, - new_fingerprint, - write_fingerprints, - gone_secure, - gone_insecure, - still_secure, - max_message_size, - account_name, - account_name_free, - NULL, /* received_symkey */ - error_message, - error_message_free, - NULL, /* resent_msg_prefix */ - resent_msg_prefix_free, - handle_smp_event, - handle_msg_event, - NULL /* create_instag */, - NULL /* convert_msg */, - NULL /* convert_free */, - NULL /* timer_control */, -}; - -static const char kPrivateKeyData[] = - "(privkeys (account (name \"account\") (protocol proto) (private-key (dsa " - "(p " - "#00FC07ABCF0DC916AFF6E9AE47BEF60C7AB9B4D6B2469E436630E36F8A489BE812486A09F" - "30B71224508654940A835301ACC525A4FF133FC152CC53DCC59D65C30A54F1993FE13FE63E" - "5823D4C746DB21B90F9B9C00B49EC7404AB1D929BA7FBA12F2E45C6E0A651689750E8528AB" - "8C031D3561FECEE72EBB4A090D450A9B7A857#) (q " - "#00997BD266EF7B1F60A5C23F3A741F2AEFD07A2081#) (g " - "#535E360E8A95EBA46A4F7DE50AD6E9B2A6DB785A66B64EB9F20338D2A3E8FB0E94725848F" - "1AA6CC567CB83A1CC517EC806F2E92EAE71457E80B2210A189B91250779434B41FC8A8873F" - "6DB94BEA7D177F5D59E7E114EE10A49CFD9CEF88AE43387023B672927BA74B04EB6BBB5E57" - "597766A2F9CE3857D7ACE3E1E3BC1FC6F26#) (y " - "#0AC8670AD767D7A8D9D14CC1AC6744CD7D76F993B77FFD9E39DF01E5A6536EF65E775FCEF" - "2A983E2A19BD6415500F6979715D9FD1257E1FE2B6F5E1E74B333079E7C880D39868462A93" - "454B41877BE62E5EF0A041C2EE9C9E76BD1E12AE25D9628DECB097025DD625EF49C3258A1A" - "3C0FF501E3DC673B76D7BABF349009B6ECF#) (x " - "#14D0345A3562C480A039E3C72764F72D79043216#)))))\n"; - -int main() { - OTRL_INIT; - - // We have to write the private key information to a file because the libotr - // API demands a filename to read from. - const char *tmpdir = "/tmp"; - if (getenv("TMP")) { - tmpdir = getenv("TMP"); - } - - char private_key_file[256]; - snprintf(private_key_file, sizeof(private_key_file), - "%s/libotr_test_helper_privatekeys-XXXXXX", tmpdir); - int fd = mkstemp(private_key_file); - if (fd == -1) { - perror("creating temp file"); - } - write(fd, kPrivateKeyData, sizeof(kPrivateKeyData) - 1); - close(fd); - - OtrlUserState userstate = otrl_userstate_create(); - otrl_privkey_read(userstate, private_key_file); - unlink(private_key_file); - - fprintf(stderr, "libotr helper started\n"); - - char buf[4096]; - - for (;;) { - char *message = fgets(buf, sizeof(buf), stdin); - if (strlen(message) == 0) { - break; - } - message[strlen(message) - 1] = 0; - fprintf(stderr, "libotr helper got: %s\n", message); - - char *newmessage = NULL; - OtrlTLV *tlvs; - int ignore_message = otrl_message_receiving( - userstate, &uiops, NULL, "account", "proto", "peer", message, - &newmessage, &tlvs, NULL, NULL, NULL); - if (tlvs) { - otrl_tlv_free(tlvs); - } - - if (newmessage != NULL) { - fprintf(stderr, "libotr got: %s\n", newmessage); - otrl_message_free(newmessage); - - gcry_error_t err; - char *newmessage = NULL; - - err = otrl_message_sending(userstate, &uiops, NULL, "account", "proto", - "peer", 0, "test message", NULL, &newmessage, - OTRL_FRAGMENT_SEND_SKIP, NULL, NULL, NULL); - if (newmessage == NULL) { - fprintf(stderr, "libotr didn't encrypt message\n"); - return 1; - } - write(1, newmessage, strlen(newmessage)); - write(1, "\n", 1); - fprintf(stderr, "libotr sent: %s\n", newmessage); - otrl_message_free(newmessage); - - g_session_established = 0; - write(1, "?OTRv2?\n", 8); - fprintf(stderr, "libotr sent: ?OTRv2\n"); - } - } - - return 0; -} diff --git a/vendor/golang.org/x/crypto/otr/otr.go b/vendor/golang.org/x/crypto/otr/otr.go deleted file mode 100644 index 173b753dbd34..000000000000 --- a/vendor/golang.org/x/crypto/otr/otr.go +++ /dev/null @@ -1,1415 +0,0 @@ -// Copyright 2012 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// Package otr implements the Off The Record protocol as specified in -// http://www.cypherpunks.ca/otr/Protocol-v2-3.1.0.html -package otr // import "golang.org/x/crypto/otr" - -import ( - "bytes" - "crypto/aes" - "crypto/cipher" - "crypto/dsa" - "crypto/hmac" - "crypto/rand" - "crypto/sha1" - "crypto/sha256" - "crypto/subtle" - "encoding/base64" - "encoding/hex" - "errors" - "hash" - "io" - "math/big" - "strconv" -) - -// SecurityChange describes a change in the security state of a Conversation. -type SecurityChange int - -const ( - NoChange SecurityChange = iota - // NewKeys indicates that a key exchange has completed. This occurs - // when a conversation first becomes encrypted, and when the keys are - // renegotiated within an encrypted conversation. - NewKeys - // SMPSecretNeeded indicates that the peer has started an - // authentication and that we need to supply a secret. Call SMPQuestion - // to get the optional, human readable challenge and then Authenticate - // to supply the matching secret. - SMPSecretNeeded - // SMPComplete indicates that an authentication completed. The identity - // of the peer has now been confirmed. - SMPComplete - // SMPFailed indicates that an authentication failed. - SMPFailed - // ConversationEnded indicates that the peer ended the secure - // conversation. - ConversationEnded -) - -// QueryMessage can be sent to a peer to start an OTR conversation. -var QueryMessage = "?OTRv2?" - -// ErrorPrefix can be used to make an OTR error by appending an error message -// to it. -var ErrorPrefix = "?OTR Error:" - -var ( - fragmentPartSeparator = []byte(",") - fragmentPrefix = []byte("?OTR,") - msgPrefix = []byte("?OTR:") - queryMarker = []byte("?OTR") -) - -// isQuery attempts to parse an OTR query from msg and returns the greatest -// common version, or 0 if msg is not an OTR query. -func isQuery(msg []byte) (greatestCommonVersion int) { - pos := bytes.Index(msg, queryMarker) - if pos == -1 { - return 0 - } - for i, c := range msg[pos+len(queryMarker):] { - if i == 0 { - if c == '?' { - // Indicates support for version 1, but we don't - // implement that. - continue - } - - if c != 'v' { - // Invalid message - return 0 - } - - continue - } - - if c == '?' { - // End of message - return - } - - if c == ' ' || c == '\t' { - // Probably an invalid message - return 0 - } - - if c == '2' { - greatestCommonVersion = 2 - } - } - - return 0 -} - -const ( - statePlaintext = iota - stateEncrypted - stateFinished -) - -const ( - authStateNone = iota - authStateAwaitingDHKey - authStateAwaitingRevealSig - authStateAwaitingSig -) - -const ( - msgTypeDHCommit = 2 - msgTypeData = 3 - msgTypeDHKey = 10 - msgTypeRevealSig = 17 - msgTypeSig = 18 -) - -const ( - // If the requested fragment size is less than this, it will be ignored. - minFragmentSize = 18 - // Messages are padded to a multiple of this number of bytes. - paddingGranularity = 256 - // The number of bytes in a Diffie-Hellman private value (320-bits). - dhPrivateBytes = 40 - // The number of bytes needed to represent an element of the DSA - // subgroup (160-bits). - dsaSubgroupBytes = 20 - // The number of bytes of the MAC that are sent on the wire (160-bits). - macPrefixBytes = 20 -) - -// These are the global, common group parameters for OTR. -var ( - p *big.Int // group prime - g *big.Int // group generator - q *big.Int // group order - pMinus2 *big.Int -) - -func init() { - p, _ = new(big.Int).SetString("FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA237327FFFFFFFFFFFFFFFF", 16) - q, _ = new(big.Int).SetString("7FFFFFFFFFFFFFFFE487ED5110B4611A62633145C06E0E68948127044533E63A0105DF531D89CD9128A5043CC71A026EF7CA8CD9E69D218D98158536F92F8A1BA7F09AB6B6A8E122F242DABB312F3F637A262174D31BF6B585FFAE5B7A035BF6F71C35FDAD44CFD2D74F9208BE258FF324943328F6722D9EE1003E5C50B1DF82CC6D241B0E2AE9CD348B1FD47E9267AFC1B2AE91EE51D6CB0E3179AB1042A95DCF6A9483B84B4B36B3861AA7255E4C0278BA36046511B993FFFFFFFFFFFFFFFF", 16) - g = new(big.Int).SetInt64(2) - pMinus2 = new(big.Int).Sub(p, g) -} - -// Conversation represents a relation with a peer. The zero value is a valid -// Conversation, although PrivateKey must be set. -// -// When communicating with a peer, all inbound messages should be passed to -// Conversation.Receive and all outbound messages to Conversation.Send. The -// Conversation will take care of maintaining the encryption state and -// negotiating encryption as needed. -type Conversation struct { - // PrivateKey contains the private key to use to sign key exchanges. - PrivateKey *PrivateKey - - // Rand can be set to override the entropy source. Otherwise, - // crypto/rand will be used. - Rand io.Reader - // If FragmentSize is set, all messages produced by Receive and Send - // will be fragmented into messages of, at most, this number of bytes. - FragmentSize int - - // Once Receive has returned NewKeys once, the following fields are - // valid. - SSID [8]byte - TheirPublicKey PublicKey - - state, authState int - - r [16]byte - x, y *big.Int - gx, gy *big.Int - gxBytes []byte - digest [sha256.Size]byte - - revealKeys, sigKeys akeKeys - - myKeyId uint32 - myCurrentDHPub *big.Int - myCurrentDHPriv *big.Int - myLastDHPub *big.Int - myLastDHPriv *big.Int - - theirKeyId uint32 - theirCurrentDHPub *big.Int - theirLastDHPub *big.Int - - keySlots [4]keySlot - - myCounter [8]byte - theirLastCtr [8]byte - oldMACs []byte - - k, n int // fragment state - frag []byte - - smp smpState -} - -// A keySlot contains key material for a specific (their keyid, my keyid) pair. -type keySlot struct { - // used is true if this slot is valid. If false, it's free for reuse. - used bool - theirKeyId uint32 - myKeyId uint32 - sendAESKey, recvAESKey []byte - sendMACKey, recvMACKey []byte - theirLastCtr [8]byte -} - -// akeKeys are generated during key exchange. There's one set for the reveal -// signature message and another for the signature message. In the protocol -// spec the latter are indicated with a prime mark. -type akeKeys struct { - c [16]byte - m1, m2 [32]byte -} - -func (c *Conversation) rand() io.Reader { - if c.Rand != nil { - return c.Rand - } - return rand.Reader -} - -func (c *Conversation) randMPI(buf []byte) *big.Int { - _, err := io.ReadFull(c.rand(), buf) - if err != nil { - panic("otr: short read from random source") - } - - return new(big.Int).SetBytes(buf) -} - -// tlv represents the type-length value from the protocol. -type tlv struct { - typ, length uint16 - data []byte -} - -const ( - tlvTypePadding = 0 - tlvTypeDisconnected = 1 - tlvTypeSMP1 = 2 - tlvTypeSMP2 = 3 - tlvTypeSMP3 = 4 - tlvTypeSMP4 = 5 - tlvTypeSMPAbort = 6 - tlvTypeSMP1WithQuestion = 7 -) - -// Receive handles a message from a peer. It returns a human readable message, -// an indicator of whether that message was encrypted, a hint about the -// encryption state and zero or more messages to send back to the peer. -// These messages do not need to be passed to Send before transmission. -func (c *Conversation) Receive(in []byte) (out []byte, encrypted bool, change SecurityChange, toSend [][]byte, err error) { - if bytes.HasPrefix(in, fragmentPrefix) { - in, err = c.processFragment(in) - if in == nil || err != nil { - return - } - } - - if bytes.HasPrefix(in, msgPrefix) && in[len(in)-1] == '.' { - in = in[len(msgPrefix) : len(in)-1] - } else if version := isQuery(in); version > 0 { - c.authState = authStateAwaitingDHKey - c.reset() - toSend = c.encode(c.generateDHCommit()) - return - } else { - // plaintext message - out = in - return - } - - msg := make([]byte, base64.StdEncoding.DecodedLen(len(in))) - msgLen, err := base64.StdEncoding.Decode(msg, in) - if err != nil { - err = errors.New("otr: invalid base64 encoding in message") - return - } - msg = msg[:msgLen] - - // The first two bytes are the protocol version (2) - if len(msg) < 3 || msg[0] != 0 || msg[1] != 2 { - err = errors.New("otr: invalid OTR message") - return - } - - msgType := int(msg[2]) - msg = msg[3:] - - switch msgType { - case msgTypeDHCommit: - switch c.authState { - case authStateNone: - c.authState = authStateAwaitingRevealSig - if err = c.processDHCommit(msg); err != nil { - return - } - c.reset() - toSend = c.encode(c.generateDHKey()) - return - case authStateAwaitingDHKey: - // This is a 'SYN-crossing'. The greater digest wins. - var cmp int - if cmp, err = c.compareToDHCommit(msg); err != nil { - return - } - if cmp > 0 { - // We win. Retransmit DH commit. - toSend = c.encode(c.serializeDHCommit()) - return - } else { - // They win. We forget about our DH commit. - c.authState = authStateAwaitingRevealSig - if err = c.processDHCommit(msg); err != nil { - return - } - c.reset() - toSend = c.encode(c.generateDHKey()) - return - } - case authStateAwaitingRevealSig: - if err = c.processDHCommit(msg); err != nil { - return - } - toSend = c.encode(c.serializeDHKey()) - case authStateAwaitingSig: - if err = c.processDHCommit(msg); err != nil { - return - } - c.reset() - toSend = c.encode(c.generateDHKey()) - c.authState = authStateAwaitingRevealSig - default: - panic("bad state") - } - case msgTypeDHKey: - switch c.authState { - case authStateAwaitingDHKey: - var isSame bool - if isSame, err = c.processDHKey(msg); err != nil { - return - } - if isSame { - err = errors.New("otr: unexpected duplicate DH key") - return - } - toSend = c.encode(c.generateRevealSig()) - c.authState = authStateAwaitingSig - case authStateAwaitingSig: - var isSame bool - if isSame, err = c.processDHKey(msg); err != nil { - return - } - if isSame { - toSend = c.encode(c.serializeDHKey()) - } - } - case msgTypeRevealSig: - if c.authState != authStateAwaitingRevealSig { - return - } - if err = c.processRevealSig(msg); err != nil { - return - } - toSend = c.encode(c.generateSig()) - c.authState = authStateNone - c.state = stateEncrypted - change = NewKeys - case msgTypeSig: - if c.authState != authStateAwaitingSig { - return - } - if err = c.processSig(msg); err != nil { - return - } - c.authState = authStateNone - c.state = stateEncrypted - change = NewKeys - case msgTypeData: - if c.state != stateEncrypted { - err = errors.New("otr: encrypted message received without encrypted session established") - return - } - var tlvs []tlv - out, tlvs, err = c.processData(msg) - encrypted = true - - EachTLV: - for _, inTLV := range tlvs { - switch inTLV.typ { - case tlvTypeDisconnected: - change = ConversationEnded - c.state = stateFinished - break EachTLV - case tlvTypeSMP1, tlvTypeSMP2, tlvTypeSMP3, tlvTypeSMP4, tlvTypeSMPAbort, tlvTypeSMP1WithQuestion: - var reply tlv - var complete bool - reply, complete, err = c.processSMP(inTLV) - if err == smpSecretMissingError { - err = nil - change = SMPSecretNeeded - c.smp.saved = &inTLV - return - } - if err == smpFailureError { - err = nil - change = SMPFailed - } else if complete { - change = SMPComplete - } - if reply.typ != 0 { - toSend = c.encode(c.generateData(nil, &reply)) - } - break EachTLV - default: - // skip unknown TLVs - } - } - default: - err = errors.New("otr: unknown message type " + strconv.Itoa(msgType)) - } - - return -} - -// Send takes a human readable message from the local user, possibly encrypts -// it and returns zero one or more messages to send to the peer. -func (c *Conversation) Send(msg []byte) ([][]byte, error) { - switch c.state { - case statePlaintext: - return [][]byte{msg}, nil - case stateEncrypted: - return c.encode(c.generateData(msg, nil)), nil - case stateFinished: - return nil, errors.New("otr: cannot send message because secure conversation has finished") - } - - return nil, errors.New("otr: cannot send message in current state") -} - -// SMPQuestion returns the human readable challenge question from the peer. -// It's only valid after Receive has returned SMPSecretNeeded. -func (c *Conversation) SMPQuestion() string { - return c.smp.question -} - -// Authenticate begins an authentication with the peer. Authentication involves -// an optional challenge message and a shared secret. The authentication -// proceeds until either Receive returns SMPComplete, SMPSecretNeeded (which -// indicates that a new authentication is happening and thus this one was -// aborted) or SMPFailed. -func (c *Conversation) Authenticate(question string, mutualSecret []byte) (toSend [][]byte, err error) { - if c.state != stateEncrypted { - err = errors.New("otr: can't authenticate a peer without a secure conversation established") - return - } - - if c.smp.saved != nil { - c.calcSMPSecret(mutualSecret, false /* they started it */) - - var out tlv - var complete bool - out, complete, err = c.processSMP(*c.smp.saved) - if complete { - panic("SMP completed on the first message") - } - c.smp.saved = nil - if out.typ != 0 { - toSend = c.encode(c.generateData(nil, &out)) - } - return - } - - c.calcSMPSecret(mutualSecret, true /* we started it */) - outs := c.startSMP(question) - for _, out := range outs { - toSend = append(toSend, c.encode(c.generateData(nil, &out))...) - } - return -} - -// End ends a secure conversation by generating a termination message for -// the peer and switches to unencrypted communication. -func (c *Conversation) End() (toSend [][]byte) { - switch c.state { - case statePlaintext: - return nil - case stateEncrypted: - c.state = statePlaintext - return c.encode(c.generateData(nil, &tlv{typ: tlvTypeDisconnected})) - case stateFinished: - c.state = statePlaintext - return nil - } - panic("unreachable") -} - -// IsEncrypted returns true if a message passed to Send would be encrypted -// before transmission. This result remains valid until the next call to -// Receive or End, which may change the state of the Conversation. -func (c *Conversation) IsEncrypted() bool { - return c.state == stateEncrypted -} - -var fragmentError = errors.New("otr: invalid OTR fragment") - -// processFragment processes a fragmented OTR message and possibly returns a -// complete message. Fragmented messages look like "?OTR,k,n,msg," where k is -// the fragment number (starting from 1), n is the number of fragments in this -// message and msg is a substring of the base64 encoded message. -func (c *Conversation) processFragment(in []byte) (out []byte, err error) { - in = in[len(fragmentPrefix):] // remove "?OTR," - parts := bytes.Split(in, fragmentPartSeparator) - if len(parts) != 4 || len(parts[3]) != 0 { - return nil, fragmentError - } - - k, err := strconv.Atoi(string(parts[0])) - if err != nil { - return nil, fragmentError - } - - n, err := strconv.Atoi(string(parts[1])) - if err != nil { - return nil, fragmentError - } - - if k < 1 || n < 1 || k > n { - return nil, fragmentError - } - - if k == 1 { - c.frag = append(c.frag[:0], parts[2]...) - c.k, c.n = k, n - } else if n == c.n && k == c.k+1 { - c.frag = append(c.frag, parts[2]...) - c.k++ - } else { - c.frag = c.frag[:0] - c.n, c.k = 0, 0 - } - - if c.n > 0 && c.k == c.n { - c.n, c.k = 0, 0 - return c.frag, nil - } - - return nil, nil -} - -func (c *Conversation) generateDHCommit() []byte { - _, err := io.ReadFull(c.rand(), c.r[:]) - if err != nil { - panic("otr: short read from random source") - } - - var xBytes [dhPrivateBytes]byte - c.x = c.randMPI(xBytes[:]) - c.gx = new(big.Int).Exp(g, c.x, p) - c.gy = nil - c.gxBytes = appendMPI(nil, c.gx) - - h := sha256.New() - h.Write(c.gxBytes) - h.Sum(c.digest[:0]) - - aesCipher, err := aes.NewCipher(c.r[:]) - if err != nil { - panic(err.Error()) - } - - var iv [aes.BlockSize]byte - ctr := cipher.NewCTR(aesCipher, iv[:]) - ctr.XORKeyStream(c.gxBytes, c.gxBytes) - - return c.serializeDHCommit() -} - -func (c *Conversation) serializeDHCommit() []byte { - var ret []byte - ret = appendU16(ret, 2) // protocol version - ret = append(ret, msgTypeDHCommit) - ret = appendData(ret, c.gxBytes) - ret = appendData(ret, c.digest[:]) - return ret -} - -func (c *Conversation) processDHCommit(in []byte) error { - var ok1, ok2 bool - c.gxBytes, in, ok1 = getData(in) - digest, in, ok2 := getData(in) - if !ok1 || !ok2 || len(in) > 0 { - return errors.New("otr: corrupt DH commit message") - } - copy(c.digest[:], digest) - return nil -} - -func (c *Conversation) compareToDHCommit(in []byte) (int, error) { - _, in, ok1 := getData(in) - digest, in, ok2 := getData(in) - if !ok1 || !ok2 || len(in) > 0 { - return 0, errors.New("otr: corrupt DH commit message") - } - return bytes.Compare(c.digest[:], digest), nil -} - -func (c *Conversation) generateDHKey() []byte { - var yBytes [dhPrivateBytes]byte - c.y = c.randMPI(yBytes[:]) - c.gy = new(big.Int).Exp(g, c.y, p) - return c.serializeDHKey() -} - -func (c *Conversation) serializeDHKey() []byte { - var ret []byte - ret = appendU16(ret, 2) // protocol version - ret = append(ret, msgTypeDHKey) - ret = appendMPI(ret, c.gy) - return ret -} - -func (c *Conversation) processDHKey(in []byte) (isSame bool, err error) { - gy, in, ok := getMPI(in) - if !ok { - err = errors.New("otr: corrupt DH key message") - return - } - if gy.Cmp(g) < 0 || gy.Cmp(pMinus2) > 0 { - err = errors.New("otr: DH value out of range") - return - } - if c.gy != nil { - isSame = c.gy.Cmp(gy) == 0 - return - } - c.gy = gy - return -} - -func (c *Conversation) generateEncryptedSignature(keys *akeKeys, xFirst bool) ([]byte, []byte) { - var xb []byte - xb = c.PrivateKey.PublicKey.Serialize(xb) - - var verifyData []byte - if xFirst { - verifyData = appendMPI(verifyData, c.gx) - verifyData = appendMPI(verifyData, c.gy) - } else { - verifyData = appendMPI(verifyData, c.gy) - verifyData = appendMPI(verifyData, c.gx) - } - verifyData = append(verifyData, xb...) - verifyData = appendU32(verifyData, c.myKeyId) - - mac := hmac.New(sha256.New, keys.m1[:]) - mac.Write(verifyData) - mb := mac.Sum(nil) - - xb = appendU32(xb, c.myKeyId) - xb = append(xb, c.PrivateKey.Sign(c.rand(), mb)...) - - aesCipher, err := aes.NewCipher(keys.c[:]) - if err != nil { - panic(err.Error()) - } - var iv [aes.BlockSize]byte - ctr := cipher.NewCTR(aesCipher, iv[:]) - ctr.XORKeyStream(xb, xb) - - mac = hmac.New(sha256.New, keys.m2[:]) - encryptedSig := appendData(nil, xb) - mac.Write(encryptedSig) - - return encryptedSig, mac.Sum(nil) -} - -func (c *Conversation) generateRevealSig() []byte { - s := new(big.Int).Exp(c.gy, c.x, p) - c.calcAKEKeys(s) - c.myKeyId++ - - encryptedSig, mac := c.generateEncryptedSignature(&c.revealKeys, true /* gx comes first */) - - c.myCurrentDHPub = c.gx - c.myCurrentDHPriv = c.x - c.rotateDHKeys() - incCounter(&c.myCounter) - - var ret []byte - ret = appendU16(ret, 2) - ret = append(ret, msgTypeRevealSig) - ret = appendData(ret, c.r[:]) - ret = append(ret, encryptedSig...) - ret = append(ret, mac[:20]...) - return ret -} - -func (c *Conversation) processEncryptedSig(encryptedSig, theirMAC []byte, keys *akeKeys, xFirst bool) error { - mac := hmac.New(sha256.New, keys.m2[:]) - mac.Write(appendData(nil, encryptedSig)) - myMAC := mac.Sum(nil)[:20] - - if len(myMAC) != len(theirMAC) || subtle.ConstantTimeCompare(myMAC, theirMAC) == 0 { - return errors.New("bad signature MAC in encrypted signature") - } - - aesCipher, err := aes.NewCipher(keys.c[:]) - if err != nil { - panic(err.Error()) - } - var iv [aes.BlockSize]byte - ctr := cipher.NewCTR(aesCipher, iv[:]) - ctr.XORKeyStream(encryptedSig, encryptedSig) - - sig := encryptedSig - sig, ok1 := c.TheirPublicKey.Parse(sig) - keyId, sig, ok2 := getU32(sig) - if !ok1 || !ok2 { - return errors.New("otr: corrupt encrypted signature") - } - - var verifyData []byte - if xFirst { - verifyData = appendMPI(verifyData, c.gx) - verifyData = appendMPI(verifyData, c.gy) - } else { - verifyData = appendMPI(verifyData, c.gy) - verifyData = appendMPI(verifyData, c.gx) - } - verifyData = c.TheirPublicKey.Serialize(verifyData) - verifyData = appendU32(verifyData, keyId) - - mac = hmac.New(sha256.New, keys.m1[:]) - mac.Write(verifyData) - mb := mac.Sum(nil) - - sig, ok1 = c.TheirPublicKey.Verify(mb, sig) - if !ok1 { - return errors.New("bad signature in encrypted signature") - } - if len(sig) > 0 { - return errors.New("corrupt encrypted signature") - } - - c.theirKeyId = keyId - zero(c.theirLastCtr[:]) - return nil -} - -func (c *Conversation) processRevealSig(in []byte) error { - r, in, ok1 := getData(in) - encryptedSig, in, ok2 := getData(in) - theirMAC := in - if !ok1 || !ok2 || len(theirMAC) != 20 { - return errors.New("otr: corrupt reveal signature message") - } - - aesCipher, err := aes.NewCipher(r) - if err != nil { - return errors.New("otr: cannot create AES cipher from reveal signature message: " + err.Error()) - } - var iv [aes.BlockSize]byte - ctr := cipher.NewCTR(aesCipher, iv[:]) - ctr.XORKeyStream(c.gxBytes, c.gxBytes) - h := sha256.New() - h.Write(c.gxBytes) - digest := h.Sum(nil) - if len(digest) != len(c.digest) || subtle.ConstantTimeCompare(digest, c.digest[:]) == 0 { - return errors.New("otr: bad commit MAC in reveal signature message") - } - var rest []byte - c.gx, rest, ok1 = getMPI(c.gxBytes) - if !ok1 || len(rest) > 0 { - return errors.New("otr: gx corrupt after decryption") - } - if c.gx.Cmp(g) < 0 || c.gx.Cmp(pMinus2) > 0 { - return errors.New("otr: DH value out of range") - } - s := new(big.Int).Exp(c.gx, c.y, p) - c.calcAKEKeys(s) - - if err := c.processEncryptedSig(encryptedSig, theirMAC, &c.revealKeys, true /* gx comes first */); err != nil { - return errors.New("otr: in reveal signature message: " + err.Error()) - } - - c.theirCurrentDHPub = c.gx - c.theirLastDHPub = nil - - return nil -} - -func (c *Conversation) generateSig() []byte { - c.myKeyId++ - - encryptedSig, mac := c.generateEncryptedSignature(&c.sigKeys, false /* gy comes first */) - - c.myCurrentDHPub = c.gy - c.myCurrentDHPriv = c.y - c.rotateDHKeys() - incCounter(&c.myCounter) - - var ret []byte - ret = appendU16(ret, 2) - ret = append(ret, msgTypeSig) - ret = append(ret, encryptedSig...) - ret = append(ret, mac[:macPrefixBytes]...) - return ret -} - -func (c *Conversation) processSig(in []byte) error { - encryptedSig, in, ok1 := getData(in) - theirMAC := in - if !ok1 || len(theirMAC) != macPrefixBytes { - return errors.New("otr: corrupt signature message") - } - - if err := c.processEncryptedSig(encryptedSig, theirMAC, &c.sigKeys, false /* gy comes first */); err != nil { - return errors.New("otr: in signature message: " + err.Error()) - } - - c.theirCurrentDHPub = c.gy - c.theirLastDHPub = nil - - return nil -} - -func (c *Conversation) rotateDHKeys() { - // evict slots using our retired key id - for i := range c.keySlots { - slot := &c.keySlots[i] - if slot.used && slot.myKeyId == c.myKeyId-1 { - slot.used = false - c.oldMACs = append(c.oldMACs, slot.recvMACKey...) - } - } - - c.myLastDHPriv = c.myCurrentDHPriv - c.myLastDHPub = c.myCurrentDHPub - - var xBytes [dhPrivateBytes]byte - c.myCurrentDHPriv = c.randMPI(xBytes[:]) - c.myCurrentDHPub = new(big.Int).Exp(g, c.myCurrentDHPriv, p) - c.myKeyId++ -} - -func (c *Conversation) processData(in []byte) (out []byte, tlvs []tlv, err error) { - origIn := in - flags, in, ok1 := getU8(in) - theirKeyId, in, ok2 := getU32(in) - myKeyId, in, ok3 := getU32(in) - y, in, ok4 := getMPI(in) - counter, in, ok5 := getNBytes(in, 8) - encrypted, in, ok6 := getData(in) - macedData := origIn[:len(origIn)-len(in)] - theirMAC, in, ok7 := getNBytes(in, macPrefixBytes) - _, in, ok8 := getData(in) - if !ok1 || !ok2 || !ok3 || !ok4 || !ok5 || !ok6 || !ok7 || !ok8 || len(in) > 0 { - err = errors.New("otr: corrupt data message") - return - } - - ignoreErrors := flags&1 != 0 - - slot, err := c.calcDataKeys(myKeyId, theirKeyId) - if err != nil { - if ignoreErrors { - err = nil - } - return - } - - mac := hmac.New(sha1.New, slot.recvMACKey) - mac.Write([]byte{0, 2, 3}) - mac.Write(macedData) - myMAC := mac.Sum(nil) - if len(myMAC) != len(theirMAC) || subtle.ConstantTimeCompare(myMAC, theirMAC) == 0 { - if !ignoreErrors { - err = errors.New("otr: bad MAC on data message") - } - return - } - - if bytes.Compare(counter, slot.theirLastCtr[:]) <= 0 { - err = errors.New("otr: counter regressed") - return - } - copy(slot.theirLastCtr[:], counter) - - var iv [aes.BlockSize]byte - copy(iv[:], counter) - aesCipher, err := aes.NewCipher(slot.recvAESKey) - if err != nil { - panic(err.Error()) - } - ctr := cipher.NewCTR(aesCipher, iv[:]) - ctr.XORKeyStream(encrypted, encrypted) - decrypted := encrypted - - if myKeyId == c.myKeyId { - c.rotateDHKeys() - } - if theirKeyId == c.theirKeyId { - // evict slots using their retired key id - for i := range c.keySlots { - slot := &c.keySlots[i] - if slot.used && slot.theirKeyId == theirKeyId-1 { - slot.used = false - c.oldMACs = append(c.oldMACs, slot.recvMACKey...) - } - } - - c.theirLastDHPub = c.theirCurrentDHPub - c.theirKeyId++ - c.theirCurrentDHPub = y - } - - if nulPos := bytes.IndexByte(decrypted, 0); nulPos >= 0 { - out = decrypted[:nulPos] - tlvData := decrypted[nulPos+1:] - for len(tlvData) > 0 { - var t tlv - var ok1, ok2, ok3 bool - - t.typ, tlvData, ok1 = getU16(tlvData) - t.length, tlvData, ok2 = getU16(tlvData) - t.data, tlvData, ok3 = getNBytes(tlvData, int(t.length)) - if !ok1 || !ok2 || !ok3 { - err = errors.New("otr: corrupt tlv data") - return - } - tlvs = append(tlvs, t) - } - } else { - out = decrypted - } - - return -} - -func (c *Conversation) generateData(msg []byte, extra *tlv) []byte { - slot, err := c.calcDataKeys(c.myKeyId-1, c.theirKeyId) - if err != nil { - panic("otr: failed to generate sending keys: " + err.Error()) - } - - var plaintext []byte - plaintext = append(plaintext, msg...) - plaintext = append(plaintext, 0) - - padding := paddingGranularity - ((len(plaintext) + 4) % paddingGranularity) - plaintext = appendU16(plaintext, tlvTypePadding) - plaintext = appendU16(plaintext, uint16(padding)) - for i := 0; i < padding; i++ { - plaintext = append(plaintext, 0) - } - - if extra != nil { - plaintext = appendU16(plaintext, extra.typ) - plaintext = appendU16(plaintext, uint16(len(extra.data))) - plaintext = append(plaintext, extra.data...) - } - - encrypted := make([]byte, len(plaintext)) - - var iv [aes.BlockSize]byte - copy(iv[:], c.myCounter[:]) - aesCipher, err := aes.NewCipher(slot.sendAESKey) - if err != nil { - panic(err.Error()) - } - ctr := cipher.NewCTR(aesCipher, iv[:]) - ctr.XORKeyStream(encrypted, plaintext) - - var ret []byte - ret = appendU16(ret, 2) - ret = append(ret, msgTypeData) - ret = append(ret, 0 /* flags */) - ret = appendU32(ret, c.myKeyId-1) - ret = appendU32(ret, c.theirKeyId) - ret = appendMPI(ret, c.myCurrentDHPub) - ret = append(ret, c.myCounter[:]...) - ret = appendData(ret, encrypted) - - mac := hmac.New(sha1.New, slot.sendMACKey) - mac.Write(ret) - ret = append(ret, mac.Sum(nil)[:macPrefixBytes]...) - ret = appendData(ret, c.oldMACs) - c.oldMACs = nil - incCounter(&c.myCounter) - - return ret -} - -func incCounter(counter *[8]byte) { - for i := 7; i >= 0; i-- { - counter[i]++ - if counter[i] > 0 { - break - } - } -} - -// calcDataKeys computes the keys used to encrypt a data message given the key -// IDs. -func (c *Conversation) calcDataKeys(myKeyId, theirKeyId uint32) (slot *keySlot, err error) { - // Check for a cache hit. - for i := range c.keySlots { - slot = &c.keySlots[i] - if slot.used && slot.theirKeyId == theirKeyId && slot.myKeyId == myKeyId { - return - } - } - - // Find an empty slot to write into. - slot = nil - for i := range c.keySlots { - if !c.keySlots[i].used { - slot = &c.keySlots[i] - break - } - } - if slot == nil { - return nil, errors.New("otr: internal error: no more key slots") - } - - var myPriv, myPub, theirPub *big.Int - - if myKeyId == c.myKeyId { - myPriv = c.myCurrentDHPriv - myPub = c.myCurrentDHPub - } else if myKeyId == c.myKeyId-1 { - myPriv = c.myLastDHPriv - myPub = c.myLastDHPub - } else { - err = errors.New("otr: peer requested keyid " + strconv.FormatUint(uint64(myKeyId), 10) + " when I'm on " + strconv.FormatUint(uint64(c.myKeyId), 10)) - return - } - - if theirKeyId == c.theirKeyId { - theirPub = c.theirCurrentDHPub - } else if theirKeyId == c.theirKeyId-1 && c.theirLastDHPub != nil { - theirPub = c.theirLastDHPub - } else { - err = errors.New("otr: peer requested keyid " + strconv.FormatUint(uint64(myKeyId), 10) + " when they're on " + strconv.FormatUint(uint64(c.myKeyId), 10)) - return - } - - var sendPrefixByte, recvPrefixByte [1]byte - - if myPub.Cmp(theirPub) > 0 { - // we're the high end - sendPrefixByte[0], recvPrefixByte[0] = 1, 2 - } else { - // we're the low end - sendPrefixByte[0], recvPrefixByte[0] = 2, 1 - } - - s := new(big.Int).Exp(theirPub, myPriv, p) - sBytes := appendMPI(nil, s) - - h := sha1.New() - h.Write(sendPrefixByte[:]) - h.Write(sBytes) - slot.sendAESKey = h.Sum(slot.sendAESKey[:0])[:16] - - h.Reset() - h.Write(slot.sendAESKey) - slot.sendMACKey = h.Sum(slot.sendMACKey[:0]) - - h.Reset() - h.Write(recvPrefixByte[:]) - h.Write(sBytes) - slot.recvAESKey = h.Sum(slot.recvAESKey[:0])[:16] - - h.Reset() - h.Write(slot.recvAESKey) - slot.recvMACKey = h.Sum(slot.recvMACKey[:0]) - - slot.theirKeyId = theirKeyId - slot.myKeyId = myKeyId - slot.used = true - - zero(slot.theirLastCtr[:]) - return -} - -func (c *Conversation) calcAKEKeys(s *big.Int) { - mpi := appendMPI(nil, s) - h := sha256.New() - - var cBytes [32]byte - hashWithPrefix(c.SSID[:], 0, mpi, h) - - hashWithPrefix(cBytes[:], 1, mpi, h) - copy(c.revealKeys.c[:], cBytes[:16]) - copy(c.sigKeys.c[:], cBytes[16:]) - - hashWithPrefix(c.revealKeys.m1[:], 2, mpi, h) - hashWithPrefix(c.revealKeys.m2[:], 3, mpi, h) - hashWithPrefix(c.sigKeys.m1[:], 4, mpi, h) - hashWithPrefix(c.sigKeys.m2[:], 5, mpi, h) -} - -func hashWithPrefix(out []byte, prefix byte, in []byte, h hash.Hash) { - h.Reset() - var p [1]byte - p[0] = prefix - h.Write(p[:]) - h.Write(in) - if len(out) == h.Size() { - h.Sum(out[:0]) - } else { - digest := h.Sum(nil) - copy(out, digest) - } -} - -func (c *Conversation) encode(msg []byte) [][]byte { - b64 := make([]byte, base64.StdEncoding.EncodedLen(len(msg))+len(msgPrefix)+1) - base64.StdEncoding.Encode(b64[len(msgPrefix):], msg) - copy(b64, msgPrefix) - b64[len(b64)-1] = '.' - - if c.FragmentSize < minFragmentSize || len(b64) <= c.FragmentSize { - // We can encode this in a single fragment. - return [][]byte{b64} - } - - // We have to fragment this message. - var ret [][]byte - bytesPerFragment := c.FragmentSize - minFragmentSize - numFragments := (len(b64) + bytesPerFragment) / bytesPerFragment - - for i := 0; i < numFragments; i++ { - frag := []byte("?OTR," + strconv.Itoa(i+1) + "," + strconv.Itoa(numFragments) + ",") - todo := bytesPerFragment - if todo > len(b64) { - todo = len(b64) - } - frag = append(frag, b64[:todo]...) - b64 = b64[todo:] - frag = append(frag, ',') - ret = append(ret, frag) - } - - return ret -} - -func (c *Conversation) reset() { - c.myKeyId = 0 - - for i := range c.keySlots { - c.keySlots[i].used = false - } -} - -type PublicKey struct { - dsa.PublicKey -} - -func (pk *PublicKey) Parse(in []byte) ([]byte, bool) { - var ok bool - var pubKeyType uint16 - - if pubKeyType, in, ok = getU16(in); !ok || pubKeyType != 0 { - return nil, false - } - if pk.P, in, ok = getMPI(in); !ok { - return nil, false - } - if pk.Q, in, ok = getMPI(in); !ok { - return nil, false - } - if pk.G, in, ok = getMPI(in); !ok { - return nil, false - } - if pk.Y, in, ok = getMPI(in); !ok { - return nil, false - } - - return in, true -} - -func (pk *PublicKey) Serialize(in []byte) []byte { - in = appendU16(in, 0) - in = appendMPI(in, pk.P) - in = appendMPI(in, pk.Q) - in = appendMPI(in, pk.G) - in = appendMPI(in, pk.Y) - return in -} - -// Fingerprint returns the 20-byte, binary fingerprint of the PublicKey. -func (pk *PublicKey) Fingerprint() []byte { - b := pk.Serialize(nil) - h := sha1.New() - h.Write(b[2:]) - return h.Sum(nil) -} - -func (pk *PublicKey) Verify(hashed, sig []byte) ([]byte, bool) { - if len(sig) != 2*dsaSubgroupBytes { - return nil, false - } - r := new(big.Int).SetBytes(sig[:dsaSubgroupBytes]) - s := new(big.Int).SetBytes(sig[dsaSubgroupBytes:]) - ok := dsa.Verify(&pk.PublicKey, hashed, r, s) - return sig[dsaSubgroupBytes*2:], ok -} - -type PrivateKey struct { - PublicKey - dsa.PrivateKey -} - -func (priv *PrivateKey) Sign(rand io.Reader, hashed []byte) []byte { - r, s, err := dsa.Sign(rand, &priv.PrivateKey, hashed) - if err != nil { - panic(err.Error()) - } - rBytes := r.Bytes() - sBytes := s.Bytes() - if len(rBytes) > dsaSubgroupBytes || len(sBytes) > dsaSubgroupBytes { - panic("DSA signature too large") - } - - out := make([]byte, 2*dsaSubgroupBytes) - copy(out[dsaSubgroupBytes-len(rBytes):], rBytes) - copy(out[len(out)-len(sBytes):], sBytes) - return out -} - -func (priv *PrivateKey) Serialize(in []byte) []byte { - in = priv.PublicKey.Serialize(in) - in = appendMPI(in, priv.PrivateKey.X) - return in -} - -func (priv *PrivateKey) Parse(in []byte) ([]byte, bool) { - in, ok := priv.PublicKey.Parse(in) - if !ok { - return in, ok - } - priv.PrivateKey.PublicKey = priv.PublicKey.PublicKey - priv.PrivateKey.X, in, ok = getMPI(in) - return in, ok -} - -func (priv *PrivateKey) Generate(rand io.Reader) { - if err := dsa.GenerateParameters(&priv.PrivateKey.PublicKey.Parameters, rand, dsa.L1024N160); err != nil { - panic(err.Error()) - } - if err := dsa.GenerateKey(&priv.PrivateKey, rand); err != nil { - panic(err.Error()) - } - priv.PublicKey.PublicKey = priv.PrivateKey.PublicKey -} - -func notHex(r rune) bool { - if r >= '0' && r <= '9' || - r >= 'a' && r <= 'f' || - r >= 'A' && r <= 'F' { - return false - } - - return true -} - -// Import parses the contents of a libotr private key file. -func (priv *PrivateKey) Import(in []byte) bool { - mpiStart := []byte(" #") - - mpis := make([]*big.Int, 5) - - for i := 0; i < len(mpis); i++ { - start := bytes.Index(in, mpiStart) - if start == -1 { - return false - } - in = in[start+len(mpiStart):] - end := bytes.IndexFunc(in, notHex) - if end == -1 { - return false - } - hexBytes := in[:end] - in = in[end:] - - if len(hexBytes)&1 != 0 { - return false - } - - mpiBytes := make([]byte, len(hexBytes)/2) - if _, err := hex.Decode(mpiBytes, hexBytes); err != nil { - return false - } - - mpis[i] = new(big.Int).SetBytes(mpiBytes) - } - - for _, mpi := range mpis { - if mpi.Sign() <= 0 { - return false - } - } - - priv.PrivateKey.P = mpis[0] - priv.PrivateKey.Q = mpis[1] - priv.PrivateKey.G = mpis[2] - priv.PrivateKey.Y = mpis[3] - priv.PrivateKey.X = mpis[4] - priv.PublicKey.PublicKey = priv.PrivateKey.PublicKey - - a := new(big.Int).Exp(priv.PrivateKey.G, priv.PrivateKey.X, priv.PrivateKey.P) - return a.Cmp(priv.PrivateKey.Y) == 0 -} - -func getU8(in []byte) (uint8, []byte, bool) { - if len(in) < 1 { - return 0, in, false - } - return in[0], in[1:], true -} - -func getU16(in []byte) (uint16, []byte, bool) { - if len(in) < 2 { - return 0, in, false - } - r := uint16(in[0])<<8 | uint16(in[1]) - return r, in[2:], true -} - -func getU32(in []byte) (uint32, []byte, bool) { - if len(in) < 4 { - return 0, in, false - } - r := uint32(in[0])<<24 | uint32(in[1])<<16 | uint32(in[2])<<8 | uint32(in[3]) - return r, in[4:], true -} - -func getMPI(in []byte) (*big.Int, []byte, bool) { - l, in, ok := getU32(in) - if !ok || uint32(len(in)) < l { - return nil, in, false - } - r := new(big.Int).SetBytes(in[:l]) - return r, in[l:], true -} - -func getData(in []byte) ([]byte, []byte, bool) { - l, in, ok := getU32(in) - if !ok || uint32(len(in)) < l { - return nil, in, false - } - return in[:l], in[l:], true -} - -func getNBytes(in []byte, n int) ([]byte, []byte, bool) { - if len(in) < n { - return nil, in, false - } - return in[:n], in[n:], true -} - -func appendU16(out []byte, v uint16) []byte { - out = append(out, byte(v>>8), byte(v)) - return out -} - -func appendU32(out []byte, v uint32) []byte { - out = append(out, byte(v>>24), byte(v>>16), byte(v>>8), byte(v)) - return out -} - -func appendData(out, v []byte) []byte { - out = appendU32(out, uint32(len(v))) - out = append(out, v...) - return out -} - -func appendMPI(out []byte, v *big.Int) []byte { - vBytes := v.Bytes() - out = appendU32(out, uint32(len(vBytes))) - out = append(out, vBytes...) - return out -} - -func appendMPIs(out []byte, mpis ...*big.Int) []byte { - for _, mpi := range mpis { - out = appendMPI(out, mpi) - } - return out -} - -func zero(b []byte) { - for i := range b { - b[i] = 0 - } -} diff --git a/vendor/golang.org/x/crypto/otr/smp.go b/vendor/golang.org/x/crypto/otr/smp.go deleted file mode 100644 index dc6de4ee0eb7..000000000000 --- a/vendor/golang.org/x/crypto/otr/smp.go +++ /dev/null @@ -1,572 +0,0 @@ -// Copyright 2012 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// This file implements the Socialist Millionaires Protocol as described in -// http://www.cypherpunks.ca/otr/Protocol-v2-3.1.0.html. The protocol -// specification is required in order to understand this code and, where -// possible, the variable names in the code match up with the spec. - -package otr - -import ( - "bytes" - "crypto/sha256" - "errors" - "hash" - "math/big" -) - -type smpFailure string - -func (s smpFailure) Error() string { - return string(s) -} - -var smpFailureError = smpFailure("otr: SMP protocol failed") -var smpSecretMissingError = smpFailure("otr: mutual secret needed") - -const smpVersion = 1 - -const ( - smpState1 = iota - smpState2 - smpState3 - smpState4 -) - -type smpState struct { - state int - a2, a3, b2, b3, pb, qb *big.Int - g2a, g3a *big.Int - g2, g3 *big.Int - g3b, papb, qaqb, ra *big.Int - saved *tlv - secret *big.Int - question string -} - -func (c *Conversation) startSMP(question string) (tlvs []tlv) { - if c.smp.state != smpState1 { - tlvs = append(tlvs, c.generateSMPAbort()) - } - tlvs = append(tlvs, c.generateSMP1(question)) - c.smp.question = "" - c.smp.state = smpState2 - return -} - -func (c *Conversation) resetSMP() { - c.smp.state = smpState1 - c.smp.secret = nil - c.smp.question = "" -} - -func (c *Conversation) processSMP(in tlv) (out tlv, complete bool, err error) { - data := in.data - - switch in.typ { - case tlvTypeSMPAbort: - if c.smp.state != smpState1 { - err = smpFailureError - } - c.resetSMP() - return - case tlvTypeSMP1WithQuestion: - // We preprocess this into a SMP1 message. - nulPos := bytes.IndexByte(data, 0) - if nulPos == -1 { - err = errors.New("otr: SMP message with question didn't contain a NUL byte") - return - } - c.smp.question = string(data[:nulPos]) - data = data[nulPos+1:] - } - - numMPIs, data, ok := getU32(data) - if !ok || numMPIs > 20 { - err = errors.New("otr: corrupt SMP message") - return - } - - mpis := make([]*big.Int, numMPIs) - for i := range mpis { - var ok bool - mpis[i], data, ok = getMPI(data) - if !ok { - err = errors.New("otr: corrupt SMP message") - return - } - } - - switch in.typ { - case tlvTypeSMP1, tlvTypeSMP1WithQuestion: - if c.smp.state != smpState1 { - c.resetSMP() - out = c.generateSMPAbort() - return - } - if c.smp.secret == nil { - err = smpSecretMissingError - return - } - if err = c.processSMP1(mpis); err != nil { - return - } - c.smp.state = smpState3 - out = c.generateSMP2() - case tlvTypeSMP2: - if c.smp.state != smpState2 { - c.resetSMP() - out = c.generateSMPAbort() - return - } - if out, err = c.processSMP2(mpis); err != nil { - out = c.generateSMPAbort() - return - } - c.smp.state = smpState4 - case tlvTypeSMP3: - if c.smp.state != smpState3 { - c.resetSMP() - out = c.generateSMPAbort() - return - } - if out, err = c.processSMP3(mpis); err != nil { - return - } - c.smp.state = smpState1 - c.smp.secret = nil - complete = true - case tlvTypeSMP4: - if c.smp.state != smpState4 { - c.resetSMP() - out = c.generateSMPAbort() - return - } - if err = c.processSMP4(mpis); err != nil { - out = c.generateSMPAbort() - return - } - c.smp.state = smpState1 - c.smp.secret = nil - complete = true - default: - panic("unknown SMP message") - } - - return -} - -func (c *Conversation) calcSMPSecret(mutualSecret []byte, weStarted bool) { - h := sha256.New() - h.Write([]byte{smpVersion}) - if weStarted { - h.Write(c.PrivateKey.PublicKey.Fingerprint()) - h.Write(c.TheirPublicKey.Fingerprint()) - } else { - h.Write(c.TheirPublicKey.Fingerprint()) - h.Write(c.PrivateKey.PublicKey.Fingerprint()) - } - h.Write(c.SSID[:]) - h.Write(mutualSecret) - c.smp.secret = new(big.Int).SetBytes(h.Sum(nil)) -} - -func (c *Conversation) generateSMP1(question string) tlv { - var randBuf [16]byte - c.smp.a2 = c.randMPI(randBuf[:]) - c.smp.a3 = c.randMPI(randBuf[:]) - g2a := new(big.Int).Exp(g, c.smp.a2, p) - g3a := new(big.Int).Exp(g, c.smp.a3, p) - h := sha256.New() - - r2 := c.randMPI(randBuf[:]) - r := new(big.Int).Exp(g, r2, p) - c2 := new(big.Int).SetBytes(hashMPIs(h, 1, r)) - d2 := new(big.Int).Mul(c.smp.a2, c2) - d2.Sub(r2, d2) - d2.Mod(d2, q) - if d2.Sign() < 0 { - d2.Add(d2, q) - } - - r3 := c.randMPI(randBuf[:]) - r.Exp(g, r3, p) - c3 := new(big.Int).SetBytes(hashMPIs(h, 2, r)) - d3 := new(big.Int).Mul(c.smp.a3, c3) - d3.Sub(r3, d3) - d3.Mod(d3, q) - if d3.Sign() < 0 { - d3.Add(d3, q) - } - - var ret tlv - if len(question) > 0 { - ret.typ = tlvTypeSMP1WithQuestion - ret.data = append(ret.data, question...) - ret.data = append(ret.data, 0) - } else { - ret.typ = tlvTypeSMP1 - } - ret.data = appendU32(ret.data, 6) - ret.data = appendMPIs(ret.data, g2a, c2, d2, g3a, c3, d3) - return ret -} - -func (c *Conversation) processSMP1(mpis []*big.Int) error { - if len(mpis) != 6 { - return errors.New("otr: incorrect number of arguments in SMP1 message") - } - g2a := mpis[0] - c2 := mpis[1] - d2 := mpis[2] - g3a := mpis[3] - c3 := mpis[4] - d3 := mpis[5] - h := sha256.New() - - r := new(big.Int).Exp(g, d2, p) - s := new(big.Int).Exp(g2a, c2, p) - r.Mul(r, s) - r.Mod(r, p) - t := new(big.Int).SetBytes(hashMPIs(h, 1, r)) - if c2.Cmp(t) != 0 { - return errors.New("otr: ZKP c2 incorrect in SMP1 message") - } - r.Exp(g, d3, p) - s.Exp(g3a, c3, p) - r.Mul(r, s) - r.Mod(r, p) - t.SetBytes(hashMPIs(h, 2, r)) - if c3.Cmp(t) != 0 { - return errors.New("otr: ZKP c3 incorrect in SMP1 message") - } - - c.smp.g2a = g2a - c.smp.g3a = g3a - return nil -} - -func (c *Conversation) generateSMP2() tlv { - var randBuf [16]byte - b2 := c.randMPI(randBuf[:]) - c.smp.b3 = c.randMPI(randBuf[:]) - r2 := c.randMPI(randBuf[:]) - r3 := c.randMPI(randBuf[:]) - r4 := c.randMPI(randBuf[:]) - r5 := c.randMPI(randBuf[:]) - r6 := c.randMPI(randBuf[:]) - - g2b := new(big.Int).Exp(g, b2, p) - g3b := new(big.Int).Exp(g, c.smp.b3, p) - - r := new(big.Int).Exp(g, r2, p) - h := sha256.New() - c2 := new(big.Int).SetBytes(hashMPIs(h, 3, r)) - d2 := new(big.Int).Mul(b2, c2) - d2.Sub(r2, d2) - d2.Mod(d2, q) - if d2.Sign() < 0 { - d2.Add(d2, q) - } - - r.Exp(g, r3, p) - c3 := new(big.Int).SetBytes(hashMPIs(h, 4, r)) - d3 := new(big.Int).Mul(c.smp.b3, c3) - d3.Sub(r3, d3) - d3.Mod(d3, q) - if d3.Sign() < 0 { - d3.Add(d3, q) - } - - c.smp.g2 = new(big.Int).Exp(c.smp.g2a, b2, p) - c.smp.g3 = new(big.Int).Exp(c.smp.g3a, c.smp.b3, p) - c.smp.pb = new(big.Int).Exp(c.smp.g3, r4, p) - c.smp.qb = new(big.Int).Exp(g, r4, p) - r.Exp(c.smp.g2, c.smp.secret, p) - c.smp.qb.Mul(c.smp.qb, r) - c.smp.qb.Mod(c.smp.qb, p) - - s := new(big.Int) - s.Exp(c.smp.g2, r6, p) - r.Exp(g, r5, p) - s.Mul(r, s) - s.Mod(s, p) - r.Exp(c.smp.g3, r5, p) - cp := new(big.Int).SetBytes(hashMPIs(h, 5, r, s)) - - // D5 = r5 - r4 cP mod q and D6 = r6 - y cP mod q - - s.Mul(r4, cp) - r.Sub(r5, s) - d5 := new(big.Int).Mod(r, q) - if d5.Sign() < 0 { - d5.Add(d5, q) - } - - s.Mul(c.smp.secret, cp) - r.Sub(r6, s) - d6 := new(big.Int).Mod(r, q) - if d6.Sign() < 0 { - d6.Add(d6, q) - } - - var ret tlv - ret.typ = tlvTypeSMP2 - ret.data = appendU32(ret.data, 11) - ret.data = appendMPIs(ret.data, g2b, c2, d2, g3b, c3, d3, c.smp.pb, c.smp.qb, cp, d5, d6) - return ret -} - -func (c *Conversation) processSMP2(mpis []*big.Int) (out tlv, err error) { - if len(mpis) != 11 { - err = errors.New("otr: incorrect number of arguments in SMP2 message") - return - } - g2b := mpis[0] - c2 := mpis[1] - d2 := mpis[2] - g3b := mpis[3] - c3 := mpis[4] - d3 := mpis[5] - pb := mpis[6] - qb := mpis[7] - cp := mpis[8] - d5 := mpis[9] - d6 := mpis[10] - h := sha256.New() - - r := new(big.Int).Exp(g, d2, p) - s := new(big.Int).Exp(g2b, c2, p) - r.Mul(r, s) - r.Mod(r, p) - s.SetBytes(hashMPIs(h, 3, r)) - if c2.Cmp(s) != 0 { - err = errors.New("otr: ZKP c2 failed in SMP2 message") - return - } - - r.Exp(g, d3, p) - s.Exp(g3b, c3, p) - r.Mul(r, s) - r.Mod(r, p) - s.SetBytes(hashMPIs(h, 4, r)) - if c3.Cmp(s) != 0 { - err = errors.New("otr: ZKP c3 failed in SMP2 message") - return - } - - c.smp.g2 = new(big.Int).Exp(g2b, c.smp.a2, p) - c.smp.g3 = new(big.Int).Exp(g3b, c.smp.a3, p) - - r.Exp(g, d5, p) - s.Exp(c.smp.g2, d6, p) - r.Mul(r, s) - s.Exp(qb, cp, p) - r.Mul(r, s) - r.Mod(r, p) - - s.Exp(c.smp.g3, d5, p) - t := new(big.Int).Exp(pb, cp, p) - s.Mul(s, t) - s.Mod(s, p) - t.SetBytes(hashMPIs(h, 5, s, r)) - if cp.Cmp(t) != 0 { - err = errors.New("otr: ZKP cP failed in SMP2 message") - return - } - - var randBuf [16]byte - r4 := c.randMPI(randBuf[:]) - r5 := c.randMPI(randBuf[:]) - r6 := c.randMPI(randBuf[:]) - r7 := c.randMPI(randBuf[:]) - - pa := new(big.Int).Exp(c.smp.g3, r4, p) - r.Exp(c.smp.g2, c.smp.secret, p) - qa := new(big.Int).Exp(g, r4, p) - qa.Mul(qa, r) - qa.Mod(qa, p) - - r.Exp(g, r5, p) - s.Exp(c.smp.g2, r6, p) - r.Mul(r, s) - r.Mod(r, p) - - s.Exp(c.smp.g3, r5, p) - cp.SetBytes(hashMPIs(h, 6, s, r)) - - r.Mul(r4, cp) - d5 = new(big.Int).Sub(r5, r) - d5.Mod(d5, q) - if d5.Sign() < 0 { - d5.Add(d5, q) - } - - r.Mul(c.smp.secret, cp) - d6 = new(big.Int).Sub(r6, r) - d6.Mod(d6, q) - if d6.Sign() < 0 { - d6.Add(d6, q) - } - - r.ModInverse(qb, p) - qaqb := new(big.Int).Mul(qa, r) - qaqb.Mod(qaqb, p) - - ra := new(big.Int).Exp(qaqb, c.smp.a3, p) - r.Exp(qaqb, r7, p) - s.Exp(g, r7, p) - cr := new(big.Int).SetBytes(hashMPIs(h, 7, s, r)) - - r.Mul(c.smp.a3, cr) - d7 := new(big.Int).Sub(r7, r) - d7.Mod(d7, q) - if d7.Sign() < 0 { - d7.Add(d7, q) - } - - c.smp.g3b = g3b - c.smp.qaqb = qaqb - - r.ModInverse(pb, p) - c.smp.papb = new(big.Int).Mul(pa, r) - c.smp.papb.Mod(c.smp.papb, p) - c.smp.ra = ra - - out.typ = tlvTypeSMP3 - out.data = appendU32(out.data, 8) - out.data = appendMPIs(out.data, pa, qa, cp, d5, d6, ra, cr, d7) - return -} - -func (c *Conversation) processSMP3(mpis []*big.Int) (out tlv, err error) { - if len(mpis) != 8 { - err = errors.New("otr: incorrect number of arguments in SMP3 message") - return - } - pa := mpis[0] - qa := mpis[1] - cp := mpis[2] - d5 := mpis[3] - d6 := mpis[4] - ra := mpis[5] - cr := mpis[6] - d7 := mpis[7] - h := sha256.New() - - r := new(big.Int).Exp(g, d5, p) - s := new(big.Int).Exp(c.smp.g2, d6, p) - r.Mul(r, s) - s.Exp(qa, cp, p) - r.Mul(r, s) - r.Mod(r, p) - - s.Exp(c.smp.g3, d5, p) - t := new(big.Int).Exp(pa, cp, p) - s.Mul(s, t) - s.Mod(s, p) - t.SetBytes(hashMPIs(h, 6, s, r)) - if t.Cmp(cp) != 0 { - err = errors.New("otr: ZKP cP failed in SMP3 message") - return - } - - r.ModInverse(c.smp.qb, p) - qaqb := new(big.Int).Mul(qa, r) - qaqb.Mod(qaqb, p) - - r.Exp(qaqb, d7, p) - s.Exp(ra, cr, p) - r.Mul(r, s) - r.Mod(r, p) - - s.Exp(g, d7, p) - t.Exp(c.smp.g3a, cr, p) - s.Mul(s, t) - s.Mod(s, p) - t.SetBytes(hashMPIs(h, 7, s, r)) - if t.Cmp(cr) != 0 { - err = errors.New("otr: ZKP cR failed in SMP3 message") - return - } - - var randBuf [16]byte - r7 := c.randMPI(randBuf[:]) - rb := new(big.Int).Exp(qaqb, c.smp.b3, p) - - r.Exp(qaqb, r7, p) - s.Exp(g, r7, p) - cr = new(big.Int).SetBytes(hashMPIs(h, 8, s, r)) - - r.Mul(c.smp.b3, cr) - d7 = new(big.Int).Sub(r7, r) - d7.Mod(d7, q) - if d7.Sign() < 0 { - d7.Add(d7, q) - } - - out.typ = tlvTypeSMP4 - out.data = appendU32(out.data, 3) - out.data = appendMPIs(out.data, rb, cr, d7) - - r.ModInverse(c.smp.pb, p) - r.Mul(pa, r) - r.Mod(r, p) - s.Exp(ra, c.smp.b3, p) - if r.Cmp(s) != 0 { - err = smpFailureError - } - - return -} - -func (c *Conversation) processSMP4(mpis []*big.Int) error { - if len(mpis) != 3 { - return errors.New("otr: incorrect number of arguments in SMP4 message") - } - rb := mpis[0] - cr := mpis[1] - d7 := mpis[2] - h := sha256.New() - - r := new(big.Int).Exp(c.smp.qaqb, d7, p) - s := new(big.Int).Exp(rb, cr, p) - r.Mul(r, s) - r.Mod(r, p) - - s.Exp(g, d7, p) - t := new(big.Int).Exp(c.smp.g3b, cr, p) - s.Mul(s, t) - s.Mod(s, p) - t.SetBytes(hashMPIs(h, 8, s, r)) - if t.Cmp(cr) != 0 { - return errors.New("otr: ZKP cR failed in SMP4 message") - } - - r.Exp(rb, c.smp.a3, p) - if r.Cmp(c.smp.papb) != 0 { - return smpFailureError - } - - return nil -} - -func (c *Conversation) generateSMPAbort() tlv { - return tlv{typ: tlvTypeSMPAbort} -} - -func hashMPIs(h hash.Hash, magic byte, mpis ...*big.Int) []byte { - if h != nil { - h.Reset() - } else { - h = sha256.New() - } - - h.Write([]byte{magic}) - for _, mpi := range mpis { - h.Write(appendMPI(nil, mpi)) - } - return h.Sum(nil) -} diff --git a/vendor/golang.org/x/crypto/ssh/test/doc.go b/vendor/golang.org/x/crypto/ssh/test/doc.go deleted file mode 100644 index 198f0ca1e205..000000000000 --- a/vendor/golang.org/x/crypto/ssh/test/doc.go +++ /dev/null @@ -1,7 +0,0 @@ -// Copyright 2012 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// Package test contains integration tests for the -// golang.org/x/crypto/ssh package. -package test // import "golang.org/x/crypto/ssh/test" diff --git a/vendor/golang.org/x/crypto/ssh/test/sshd_test_pw.c b/vendor/golang.org/x/crypto/ssh/test/sshd_test_pw.c deleted file mode 100644 index 2794a563a417..000000000000 --- a/vendor/golang.org/x/crypto/ssh/test/sshd_test_pw.c +++ /dev/null @@ -1,173 +0,0 @@ -// Copyright 2017 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// sshd_test_pw.c -// Wrapper to inject test password data for sshd PAM authentication -// -// This wrapper implements custom versions of getpwnam, getpwnam_r, -// getspnam and getspnam_r. These functions first call their real -// libc versions, then check if the requested user matches test user -// specified in env variable TEST_USER and if so replace the password -// with crypted() value of TEST_PASSWD env variable. -// -// Compile: -// gcc -Wall -shared -o sshd_test_pw.so -fPIC sshd_test_pw.c -// -// Compile with debug: -// gcc -DVERBOSE -Wall -shared -o sshd_test_pw.so -fPIC sshd_test_pw.c -// -// Run sshd: -// LD_PRELOAD="sshd_test_pw.so" TEST_USER="..." TEST_PASSWD="..." sshd ... - -// +build ignore - -#define _GNU_SOURCE -#include -#include -#include -#include -#include -#include -#include - -#ifdef VERBOSE -#define DEBUG(X...) fprintf(stderr, X) -#else -#define DEBUG(X...) while (0) { } -#endif - -/* crypt() password */ -static char * -pwhash(char *passwd) { - return strdup(crypt(passwd, "$6$")); -} - -/* Pointers to real functions in libc */ -static struct passwd * (*real_getpwnam)(const char *) = NULL; -static int (*real_getpwnam_r)(const char *, struct passwd *, char *, size_t, struct passwd **) = NULL; -static struct spwd * (*real_getspnam)(const char *) = NULL; -static int (*real_getspnam_r)(const char *, struct spwd *, char *, size_t, struct spwd **) = NULL; - -/* Cached test user and test password */ -static char *test_user = NULL; -static char *test_passwd_hash = NULL; - -static void -init(void) { - /* Fetch real libc function pointers */ - real_getpwnam = dlsym(RTLD_NEXT, "getpwnam"); - real_getpwnam_r = dlsym(RTLD_NEXT, "getpwnam_r"); - real_getspnam = dlsym(RTLD_NEXT, "getspnam"); - real_getspnam_r = dlsym(RTLD_NEXT, "getspnam_r"); - - /* abort if env variables are not defined */ - if (getenv("TEST_USER") == NULL || getenv("TEST_PASSWD") == NULL) { - fprintf(stderr, "env variables TEST_USER and TEST_PASSWD are missing\n"); - abort(); - } - - /* Fetch test user and test password from env */ - test_user = strdup(getenv("TEST_USER")); - test_passwd_hash = pwhash(getenv("TEST_PASSWD")); - - DEBUG("sshd_test_pw init():\n"); - DEBUG("\treal_getpwnam: %p\n", real_getpwnam); - DEBUG("\treal_getpwnam_r: %p\n", real_getpwnam_r); - DEBUG("\treal_getspnam: %p\n", real_getspnam); - DEBUG("\treal_getspnam_r: %p\n", real_getspnam_r); - DEBUG("\tTEST_USER: '%s'\n", test_user); - DEBUG("\tTEST_PASSWD: '%s'\n", getenv("TEST_PASSWD")); - DEBUG("\tTEST_PASSWD_HASH: '%s'\n", test_passwd_hash); -} - -static int -is_test_user(const char *name) { - if (test_user != NULL && strcmp(test_user, name) == 0) - return 1; - return 0; -} - -/* getpwnam */ - -struct passwd * -getpwnam(const char *name) { - struct passwd *pw; - - DEBUG("sshd_test_pw getpwnam(%s)\n", name); - - if (real_getpwnam == NULL) - init(); - if ((pw = real_getpwnam(name)) == NULL) - return NULL; - - if (is_test_user(name)) - pw->pw_passwd = strdup(test_passwd_hash); - - return pw; -} - -/* getpwnam_r */ - -int -getpwnam_r(const char *name, - struct passwd *pwd, - char *buf, - size_t buflen, - struct passwd **result) { - int r; - - DEBUG("sshd_test_pw getpwnam_r(%s)\n", name); - - if (real_getpwnam_r == NULL) - init(); - if ((r = real_getpwnam_r(name, pwd, buf, buflen, result)) != 0 || *result == NULL) - return r; - - if (is_test_user(name)) - pwd->pw_passwd = strdup(test_passwd_hash); - - return 0; -} - -/* getspnam */ - -struct spwd * -getspnam(const char *name) { - struct spwd *sp; - - DEBUG("sshd_test_pw getspnam(%s)\n", name); - - if (real_getspnam == NULL) - init(); - if ((sp = real_getspnam(name)) == NULL) - return NULL; - - if (is_test_user(name)) - sp->sp_pwdp = strdup(test_passwd_hash); - - return sp; -} - -/* getspnam_r */ - -int -getspnam_r(const char *name, - struct spwd *spbuf, - char *buf, - size_t buflen, - struct spwd **spbufp) { - int r; - - DEBUG("sshd_test_pw getspnam_r(%s)\n", name); - - if (real_getspnam_r == NULL) - init(); - if ((r = real_getspnam_r(name, spbuf, buf, buflen, spbufp)) != 0) - return r; - - if (is_test_user(name)) - spbuf->sp_pwdp = strdup(test_passwd_hash); - - return r; -} diff --git a/vendor/golang.org/x/sys/windows/svc/event.go b/vendor/golang.org/x/sys/windows/svc/event.go deleted file mode 100644 index 0508e2288184..000000000000 --- a/vendor/golang.org/x/sys/windows/svc/event.go +++ /dev/null @@ -1,48 +0,0 @@ -// Copyright 2012 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// +build windows - -package svc - -import ( - "errors" - - "golang.org/x/sys/windows" -) - -// event represents auto-reset, initially non-signaled Windows event. -// It is used to communicate between go and asm parts of this package. -type event struct { - h windows.Handle -} - -func newEvent() (*event, error) { - h, err := windows.CreateEvent(nil, 0, 0, nil) - if err != nil { - return nil, err - } - return &event{h: h}, nil -} - -func (e *event) Close() error { - return windows.CloseHandle(e.h) -} - -func (e *event) Set() error { - return windows.SetEvent(e.h) -} - -func (e *event) Wait() error { - s, err := windows.WaitForSingleObject(e.h, windows.INFINITE) - switch s { - case windows.WAIT_OBJECT_0: - break - case windows.WAIT_FAILED: - return err - default: - return errors.New("unexpected result from WaitForSingleObject") - } - return nil -} diff --git a/vendor/golang.org/x/sys/windows/svc/go12.c b/vendor/golang.org/x/sys/windows/svc/go12.c deleted file mode 100644 index 6f1be1fa3bcb..000000000000 --- a/vendor/golang.org/x/sys/windows/svc/go12.c +++ /dev/null @@ -1,24 +0,0 @@ -// Copyright 2012 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// +build windows -// +build !go1.3 - -// copied from pkg/runtime -typedef unsigned int uint32; -typedef unsigned long long int uint64; -#ifdef _64BIT -typedef uint64 uintptr; -#else -typedef uint32 uintptr; -#endif - -// from sys_386.s or sys_amd64.s -void ·servicemain(void); - -void -·getServiceMain(uintptr *r) -{ - *r = (uintptr)·servicemain; -} diff --git a/vendor/golang.org/x/sys/windows/svc/go12.go b/vendor/golang.org/x/sys/windows/svc/go12.go deleted file mode 100644 index 6f0a924eafd0..000000000000 --- a/vendor/golang.org/x/sys/windows/svc/go12.go +++ /dev/null @@ -1,11 +0,0 @@ -// Copyright 2014 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// +build windows -// +build !go1.3 - -package svc - -// from go12.c -func getServiceMain(r *uintptr) diff --git a/vendor/golang.org/x/sys/windows/svc/go13.go b/vendor/golang.org/x/sys/windows/svc/go13.go deleted file mode 100644 index 432a9e796a73..000000000000 --- a/vendor/golang.org/x/sys/windows/svc/go13.go +++ /dev/null @@ -1,31 +0,0 @@ -// Copyright 2014 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// +build windows -// +build go1.3 - -package svc - -import "unsafe" - -const ptrSize = 4 << (^uintptr(0) >> 63) // unsafe.Sizeof(uintptr(0)) but an ideal const - -// Should be a built-in for unsafe.Pointer? -func add(p unsafe.Pointer, x uintptr) unsafe.Pointer { - return unsafe.Pointer(uintptr(p) + x) -} - -// funcPC returns the entry PC of the function f. -// It assumes that f is a func value. Otherwise the behavior is undefined. -func funcPC(f interface{}) uintptr { - return **(**uintptr)(add(unsafe.Pointer(&f), ptrSize)) -} - -// from sys_386.s and sys_amd64.s -func servicectlhandler(ctl uint32) uintptr -func servicemain(argc uint32, argv **uint16) - -func getServiceMain(r *uintptr) { - *r = funcPC(servicemain) -} diff --git a/vendor/golang.org/x/sys/windows/svc/security.go b/vendor/golang.org/x/sys/windows/svc/security.go deleted file mode 100644 index 6fbc9236ed53..000000000000 --- a/vendor/golang.org/x/sys/windows/svc/security.go +++ /dev/null @@ -1,62 +0,0 @@ -// Copyright 2012 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// +build windows - -package svc - -import ( - "unsafe" - - "golang.org/x/sys/windows" -) - -func allocSid(subAuth0 uint32) (*windows.SID, error) { - var sid *windows.SID - err := windows.AllocateAndInitializeSid(&windows.SECURITY_NT_AUTHORITY, - 1, subAuth0, 0, 0, 0, 0, 0, 0, 0, &sid) - if err != nil { - return nil, err - } - return sid, nil -} - -// IsAnInteractiveSession determines if calling process is running interactively. -// It queries the process token for membership in the Interactive group. -// http://stackoverflow.com/questions/2668851/how-do-i-detect-that-my-application-is-running-as-service-or-in-an-interactive-s -func IsAnInteractiveSession() (bool, error) { - interSid, err := allocSid(windows.SECURITY_INTERACTIVE_RID) - if err != nil { - return false, err - } - defer windows.FreeSid(interSid) - - serviceSid, err := allocSid(windows.SECURITY_SERVICE_RID) - if err != nil { - return false, err - } - defer windows.FreeSid(serviceSid) - - t, err := windows.OpenCurrentProcessToken() - if err != nil { - return false, err - } - defer t.Close() - - gs, err := t.GetTokenGroups() - if err != nil { - return false, err - } - p := unsafe.Pointer(&gs.Groups[0]) - groups := (*[2 << 20]windows.SIDAndAttributes)(p)[:gs.GroupCount] - for _, g := range groups { - if windows.EqualSid(g.Sid, interSid) { - return true, nil - } - if windows.EqualSid(g.Sid, serviceSid) { - return false, nil - } - } - return false, nil -} diff --git a/vendor/golang.org/x/sys/windows/svc/service.go b/vendor/golang.org/x/sys/windows/svc/service.go deleted file mode 100644 index 903cba3f1213..000000000000 --- a/vendor/golang.org/x/sys/windows/svc/service.go +++ /dev/null @@ -1,363 +0,0 @@ -// Copyright 2012 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// +build windows - -// Package svc provides everything required to build Windows service. -// -package svc - -import ( - "errors" - "runtime" - "syscall" - "unsafe" - - "golang.org/x/sys/windows" -) - -// State describes service execution state (Stopped, Running and so on). -type State uint32 - -const ( - Stopped = State(windows.SERVICE_STOPPED) - StartPending = State(windows.SERVICE_START_PENDING) - StopPending = State(windows.SERVICE_STOP_PENDING) - Running = State(windows.SERVICE_RUNNING) - ContinuePending = State(windows.SERVICE_CONTINUE_PENDING) - PausePending = State(windows.SERVICE_PAUSE_PENDING) - Paused = State(windows.SERVICE_PAUSED) -) - -// Cmd represents service state change request. It is sent to a service -// by the service manager, and should be actioned upon by the service. -type Cmd uint32 - -const ( - Stop = Cmd(windows.SERVICE_CONTROL_STOP) - Pause = Cmd(windows.SERVICE_CONTROL_PAUSE) - Continue = Cmd(windows.SERVICE_CONTROL_CONTINUE) - Interrogate = Cmd(windows.SERVICE_CONTROL_INTERROGATE) - Shutdown = Cmd(windows.SERVICE_CONTROL_SHUTDOWN) - ParamChange = Cmd(windows.SERVICE_CONTROL_PARAMCHANGE) - NetBindAdd = Cmd(windows.SERVICE_CONTROL_NETBINDADD) - NetBindRemove = Cmd(windows.SERVICE_CONTROL_NETBINDREMOVE) - NetBindEnable = Cmd(windows.SERVICE_CONTROL_NETBINDENABLE) - NetBindDisable = Cmd(windows.SERVICE_CONTROL_NETBINDDISABLE) - DeviceEvent = Cmd(windows.SERVICE_CONTROL_DEVICEEVENT) - HardwareProfileChange = Cmd(windows.SERVICE_CONTROL_HARDWAREPROFILECHANGE) - PowerEvent = Cmd(windows.SERVICE_CONTROL_POWEREVENT) - SessionChange = Cmd(windows.SERVICE_CONTROL_SESSIONCHANGE) -) - -// Accepted is used to describe commands accepted by the service. -// Note that Interrogate is always accepted. -type Accepted uint32 - -const ( - AcceptStop = Accepted(windows.SERVICE_ACCEPT_STOP) - AcceptShutdown = Accepted(windows.SERVICE_ACCEPT_SHUTDOWN) - AcceptPauseAndContinue = Accepted(windows.SERVICE_ACCEPT_PAUSE_CONTINUE) - AcceptParamChange = Accepted(windows.SERVICE_ACCEPT_PARAMCHANGE) - AcceptNetBindChange = Accepted(windows.SERVICE_ACCEPT_NETBINDCHANGE) - AcceptHardwareProfileChange = Accepted(windows.SERVICE_ACCEPT_HARDWAREPROFILECHANGE) - AcceptPowerEvent = Accepted(windows.SERVICE_ACCEPT_POWEREVENT) - AcceptSessionChange = Accepted(windows.SERVICE_ACCEPT_SESSIONCHANGE) -) - -// Status combines State and Accepted commands to fully describe running service. -type Status struct { - State State - Accepts Accepted - CheckPoint uint32 // used to report progress during a lengthy operation - WaitHint uint32 // estimated time required for a pending operation, in milliseconds -} - -// ChangeRequest is sent to the service Handler to request service status change. -type ChangeRequest struct { - Cmd Cmd - EventType uint32 - EventData uintptr - CurrentStatus Status -} - -// Handler is the interface that must be implemented to build Windows service. -type Handler interface { - - // Execute will be called by the package code at the start of - // the service, and the service will exit once Execute completes. - // Inside Execute you must read service change requests from r and - // act accordingly. You must keep service control manager up to date - // about state of your service by writing into s as required. - // args contains service name followed by argument strings passed - // to the service. - // You can provide service exit code in exitCode return parameter, - // with 0 being "no error". You can also indicate if exit code, - // if any, is service specific or not by using svcSpecificEC - // parameter. - Execute(args []string, r <-chan ChangeRequest, s chan<- Status) (svcSpecificEC bool, exitCode uint32) -} - -var ( - // These are used by asm code. - goWaitsH uintptr - cWaitsH uintptr - ssHandle uintptr - sName *uint16 - sArgc uintptr - sArgv **uint16 - ctlHandlerExProc uintptr - cSetEvent uintptr - cWaitForSingleObject uintptr - cRegisterServiceCtrlHandlerExW uintptr -) - -func init() { - k := syscall.MustLoadDLL("kernel32.dll") - cSetEvent = k.MustFindProc("SetEvent").Addr() - cWaitForSingleObject = k.MustFindProc("WaitForSingleObject").Addr() - a := syscall.MustLoadDLL("advapi32.dll") - cRegisterServiceCtrlHandlerExW = a.MustFindProc("RegisterServiceCtrlHandlerExW").Addr() -} - -// The HandlerEx prototype also has a context pointer but since we don't use -// it at start-up time we don't have to pass it over either. -type ctlEvent struct { - cmd Cmd - eventType uint32 - eventData uintptr - errno uint32 -} - -// service provides access to windows service api. -type service struct { - name string - h windows.Handle - cWaits *event - goWaits *event - c chan ctlEvent - handler Handler -} - -func newService(name string, handler Handler) (*service, error) { - var s service - var err error - s.name = name - s.c = make(chan ctlEvent) - s.handler = handler - s.cWaits, err = newEvent() - if err != nil { - return nil, err - } - s.goWaits, err = newEvent() - if err != nil { - s.cWaits.Close() - return nil, err - } - return &s, nil -} - -func (s *service) close() error { - s.cWaits.Close() - s.goWaits.Close() - return nil -} - -type exitCode struct { - isSvcSpecific bool - errno uint32 -} - -func (s *service) updateStatus(status *Status, ec *exitCode) error { - if s.h == 0 { - return errors.New("updateStatus with no service status handle") - } - var t windows.SERVICE_STATUS - t.ServiceType = windows.SERVICE_WIN32_OWN_PROCESS - t.CurrentState = uint32(status.State) - if status.Accepts&AcceptStop != 0 { - t.ControlsAccepted |= windows.SERVICE_ACCEPT_STOP - } - if status.Accepts&AcceptShutdown != 0 { - t.ControlsAccepted |= windows.SERVICE_ACCEPT_SHUTDOWN - } - if status.Accepts&AcceptPauseAndContinue != 0 { - t.ControlsAccepted |= windows.SERVICE_ACCEPT_PAUSE_CONTINUE - } - if status.Accepts&AcceptParamChange != 0 { - t.ControlsAccepted |= windows.SERVICE_ACCEPT_PARAMCHANGE - } - if status.Accepts&AcceptNetBindChange != 0 { - t.ControlsAccepted |= windows.SERVICE_ACCEPT_NETBINDCHANGE - } - if status.Accepts&AcceptHardwareProfileChange != 0 { - t.ControlsAccepted |= windows.SERVICE_ACCEPT_HARDWAREPROFILECHANGE - } - if status.Accepts&AcceptPowerEvent != 0 { - t.ControlsAccepted |= windows.SERVICE_ACCEPT_POWEREVENT - } - if status.Accepts&AcceptSessionChange != 0 { - t.ControlsAccepted |= windows.SERVICE_ACCEPT_SESSIONCHANGE - } - if ec.errno == 0 { - t.Win32ExitCode = windows.NO_ERROR - t.ServiceSpecificExitCode = windows.NO_ERROR - } else if ec.isSvcSpecific { - t.Win32ExitCode = uint32(windows.ERROR_SERVICE_SPECIFIC_ERROR) - t.ServiceSpecificExitCode = ec.errno - } else { - t.Win32ExitCode = ec.errno - t.ServiceSpecificExitCode = windows.NO_ERROR - } - t.CheckPoint = status.CheckPoint - t.WaitHint = status.WaitHint - return windows.SetServiceStatus(s.h, &t) -} - -const ( - sysErrSetServiceStatusFailed = uint32(syscall.APPLICATION_ERROR) + iota - sysErrNewThreadInCallback -) - -func (s *service) run() { - s.goWaits.Wait() - s.h = windows.Handle(ssHandle) - argv := (*[100]*int16)(unsafe.Pointer(sArgv))[:sArgc] - args := make([]string, len(argv)) - for i, a := range argv { - args[i] = syscall.UTF16ToString((*[1 << 20]uint16)(unsafe.Pointer(a))[:]) - } - - cmdsToHandler := make(chan ChangeRequest) - changesFromHandler := make(chan Status) - exitFromHandler := make(chan exitCode) - - go func() { - ss, errno := s.handler.Execute(args, cmdsToHandler, changesFromHandler) - exitFromHandler <- exitCode{ss, errno} - }() - - status := Status{State: Stopped} - ec := exitCode{isSvcSpecific: true, errno: 0} - var outch chan ChangeRequest - inch := s.c - var cmd Cmd - var evtype uint32 - var evdata uintptr -loop: - for { - select { - case r := <-inch: - if r.errno != 0 { - ec.errno = r.errno - break loop - } - inch = nil - outch = cmdsToHandler - cmd = r.cmd - evtype = r.eventType - evdata = r.eventData - case outch <- ChangeRequest{cmd, evtype, evdata, status}: - inch = s.c - outch = nil - case c := <-changesFromHandler: - err := s.updateStatus(&c, &ec) - if err != nil { - // best suitable error number - ec.errno = sysErrSetServiceStatusFailed - if err2, ok := err.(syscall.Errno); ok { - ec.errno = uint32(err2) - } - break loop - } - status = c - case ec = <-exitFromHandler: - break loop - } - } - - s.updateStatus(&Status{State: Stopped}, &ec) - s.cWaits.Set() -} - -func newCallback(fn interface{}) (cb uintptr, err error) { - defer func() { - r := recover() - if r == nil { - return - } - cb = 0 - switch v := r.(type) { - case string: - err = errors.New(v) - case error: - err = v - default: - err = errors.New("unexpected panic in syscall.NewCallback") - } - }() - return syscall.NewCallback(fn), nil -} - -// BUG(brainman): There is no mechanism to run multiple services -// inside one single executable. Perhaps, it can be overcome by -// using RegisterServiceCtrlHandlerEx Windows api. - -// Run executes service name by calling appropriate handler function. -func Run(name string, handler Handler) error { - runtime.LockOSThread() - - tid := windows.GetCurrentThreadId() - - s, err := newService(name, handler) - if err != nil { - return err - } - - ctlHandler := func(ctl uint32, evtype uint32, evdata uintptr, context uintptr) uintptr { - e := ctlEvent{cmd: Cmd(ctl), eventType: evtype, eventData: evdata} - // We assume that this callback function is running on - // the same thread as Run. Nowhere in MS documentation - // I could find statement to guarantee that. So putting - // check here to verify, otherwise things will go bad - // quickly, if ignored. - i := windows.GetCurrentThreadId() - if i != tid { - e.errno = sysErrNewThreadInCallback - } - s.c <- e - // Always return NO_ERROR (0) for now. - return 0 - } - - var svcmain uintptr - getServiceMain(&svcmain) - t := []windows.SERVICE_TABLE_ENTRY{ - {syscall.StringToUTF16Ptr(s.name), svcmain}, - {nil, 0}, - } - - goWaitsH = uintptr(s.goWaits.h) - cWaitsH = uintptr(s.cWaits.h) - sName = t[0].ServiceName - ctlHandlerExProc, err = newCallback(ctlHandler) - if err != nil { - return err - } - - go s.run() - - err = windows.StartServiceCtrlDispatcher(&t[0]) - if err != nil { - return err - } - return nil -} - -// StatusHandle returns service status handle. It is safe to call this function -// from inside the Handler.Execute because then it is guaranteed to be set. -// This code will have to change once multiple services are possible per process. -func StatusHandle() windows.Handle { - return windows.Handle(ssHandle) -} diff --git a/vendor/golang.org/x/sys/windows/svc/sys_386.s b/vendor/golang.org/x/sys/windows/svc/sys_386.s deleted file mode 100644 index 2c82a9d91d7f..000000000000 --- a/vendor/golang.org/x/sys/windows/svc/sys_386.s +++ /dev/null @@ -1,68 +0,0 @@ -// Copyright 2012 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// +build windows - -// func servicemain(argc uint32, argv **uint16) -TEXT ·servicemain(SB),7,$0 - MOVL argc+0(FP), AX - MOVL AX, ·sArgc(SB) - MOVL argv+4(FP), AX - MOVL AX, ·sArgv(SB) - - PUSHL BP - PUSHL BX - PUSHL SI - PUSHL DI - - SUBL $12, SP - - MOVL ·sName(SB), AX - MOVL AX, (SP) - MOVL $·servicectlhandler(SB), AX - MOVL AX, 4(SP) - MOVL $0, 8(SP) - MOVL ·cRegisterServiceCtrlHandlerExW(SB), AX - MOVL SP, BP - CALL AX - MOVL BP, SP - CMPL AX, $0 - JE exit - MOVL AX, ·ssHandle(SB) - - MOVL ·goWaitsH(SB), AX - MOVL AX, (SP) - MOVL ·cSetEvent(SB), AX - MOVL SP, BP - CALL AX - MOVL BP, SP - - MOVL ·cWaitsH(SB), AX - MOVL AX, (SP) - MOVL $-1, AX - MOVL AX, 4(SP) - MOVL ·cWaitForSingleObject(SB), AX - MOVL SP, BP - CALL AX - MOVL BP, SP - -exit: - ADDL $12, SP - - POPL DI - POPL SI - POPL BX - POPL BP - - MOVL 0(SP), CX - ADDL $12, SP - JMP CX - -// I do not know why, but this seems to be the only way to call -// ctlHandlerProc on Windows 7. - -// func servicectlhandler(ctl uint32, evtype uint32, evdata uintptr, context uintptr) uintptr { -TEXT ·servicectlhandler(SB),7,$0 - MOVL ·ctlHandlerExProc(SB), CX - JMP CX diff --git a/vendor/golang.org/x/sys/windows/svc/sys_amd64.s b/vendor/golang.org/x/sys/windows/svc/sys_amd64.s deleted file mode 100644 index 06b425900df4..000000000000 --- a/vendor/golang.org/x/sys/windows/svc/sys_amd64.s +++ /dev/null @@ -1,42 +0,0 @@ -// Copyright 2012 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// +build windows - -// func servicemain(argc uint32, argv **uint16) -TEXT ·servicemain(SB),7,$0 - MOVL CX, ·sArgc(SB) - MOVL DX, ·sArgv(SB) - - SUBQ $32, SP // stack for the first 4 syscall params - - MOVQ ·sName(SB), CX - MOVQ $·servicectlhandler(SB), DX - // BUG(pastarmovj): Figure out a way to pass in context in R8. - MOVQ ·cRegisterServiceCtrlHandlerExW(SB), AX - CALL AX - CMPQ AX, $0 - JE exit - MOVQ AX, ·ssHandle(SB) - - MOVQ ·goWaitsH(SB), CX - MOVQ ·cSetEvent(SB), AX - CALL AX - - MOVQ ·cWaitsH(SB), CX - MOVQ $4294967295, DX - MOVQ ·cWaitForSingleObject(SB), AX - CALL AX - -exit: - ADDQ $32, SP - RET - -// I do not know why, but this seems to be the only way to call -// ctlHandlerProc on Windows 7. - -// func ·servicectlhandler(ctl uint32, evtype uint32, evdata uintptr, context uintptr) uintptr { -TEXT ·servicectlhandler(SB),7,$0 - MOVQ ·ctlHandlerExProc(SB), AX - JMP AX diff --git a/vendor/k8s.io/kubernetes/build/README.md b/vendor/k8s.io/kubernetes/build/README.md deleted file mode 100644 index 7983f19fcbf7..000000000000 --- a/vendor/k8s.io/kubernetes/build/README.md +++ /dev/null @@ -1,129 +0,0 @@ -# Building Kubernetes - -Building Kubernetes is easy if you take advantage of the containerized build environment. This document will help guide you through understanding this build process. - -## Requirements - -1. Docker, using one of the following configurations: - * **macOS** You can either use Docker for Mac or docker-machine. See installation instructions [here](https://docs.docker.com/docker-for-mac/). - **Note**: You will want to set the Docker VM to have at least 4.5GB of initial memory or building will likely fail. (See: [#11852]( http://issue.k8s.io/11852)). - * **Linux with local Docker** Install Docker according to the [instructions](https://docs.docker.com/installation/#installation) for your OS. - * **Remote Docker engine** Use a big machine in the cloud to build faster. This is a little trickier so look at the section later on. -2. **Optional** [Google Cloud SDK](https://developers.google.com/cloud/sdk/) - -You must install and configure Google Cloud SDK if you want to upload your release to Google Cloud Storage and may safely omit this otherwise. - -## Overview - -While it is possible to build Kubernetes using a local golang installation, we have a build process that runs in a Docker container. This simplifies initial set up and provides for a very consistent build and test environment. - -## Key scripts - -The following scripts are found in the `build/` directory. Note that all scripts must be run from the Kubernetes root directory. - -* `build/run.sh`: Run a command in a build docker container. Common invocations: - * `build/run.sh make`: Build just linux binaries in the container. Pass options and packages as necessary. - * `build/run.sh make cross`: Build all binaries for all platforms - * `build/run.sh make test`: Run all unit tests - * `build/run.sh make test-integration`: Run integration test - * `build/run.sh make test-cmd`: Run CLI tests -* `build/copy-output.sh`: This will copy the contents of `_output/dockerized/bin` from the Docker container to the local `_output/dockerized/bin`. It will also copy out specific file patterns that are generated as part of the build process. This is run automatically as part of `build/run.sh`. -* `build/make-clean.sh`: Clean out the contents of `_output`, remove any locally built container images and remove the data container. -* `/build/shell.sh`: Drop into a `bash` shell in a build container with a snapshot of the current repo code. - -## Basic Flow - -The scripts directly under `build/` are used to build and test. They will ensure that the `kube-build` Docker image is built (based on `build/build-image/Dockerfile`) and then execute the appropriate command in that container. These scripts will both ensure that the right data is cached from run to run for incremental builds and will copy the results back out of the container. - -The `kube-build` container image is built by first creating a "context" directory in `_output/images/build-image`. It is done there instead of at the root of the Kubernetes repo to minimize the amount of data we need to package up when building the image. - -There are 3 different containers instances that are run from this image. The first is a "data" container to store all data that needs to persist across to support incremental builds. Next there is an "rsync" container that is used to transfer data in and out to the data container. Lastly there is a "build" container that is used for actually doing build actions. The data container persists across runs while the rsync and build containers are deleted after each use. - -`rsync` is used transparently behind the scenes to efficiently move data in and out of the container. This will use an ephemeral port picked by Docker. You can modify this by setting the `KUBE_RSYNC_PORT` env variable. - -All Docker names are suffixed with a hash derived from the file path (to allow concurrent usage on things like CI machines) and a version number. When the version number changes all state is cleared and clean build is started. This allows the build infrastructure to be changed and signal to CI systems that old artifacts need to be deleted. - -## Proxy Settings - -If you are behind a proxy and you are letting these scripts use `docker-machine` to set up your local VM for you on macOS, you need to export proxy settings for Kubernetes build, the following environment variables should be defined. - -``` -export KUBERNETES_HTTP_PROXY=http://username:password@proxyaddr:proxyport -export KUBERNETES_HTTPS_PROXY=https://username:password@proxyaddr:proxyport -``` - -Optionally, you can specify addresses of no proxy for Kubernetes build, for example - -``` -export KUBERNETES_NO_PROXY=127.0.0.1 -``` - -If you are using sudo to make Kubernetes build for example make quick-release, you need run `sudo -E make quick-release` to pass the environment variables. - -## Really Remote Docker Engine - -It is possible to use a Docker Engine that is running remotely (under your desk or in the cloud). Docker must be configured to connect to that machine and the local rsync port must be forwarded (via SSH or nc) from localhost to the remote machine. - -To do this easily with GCE and `docker-machine`, do something like this: -``` -# Create the remote docker machine on GCE. This is a pretty beefy machine with SSD disk. -KUBE_BUILD_VM=k8s-build -KUBE_BUILD_GCE_PROJECT= -docker-machine create \ - --driver=google \ - --google-project=${KUBE_BUILD_GCE_PROJECT} \ - --google-zone=us-west1-a \ - --google-machine-type=n1-standard-8 \ - --google-disk-size=50 \ - --google-disk-type=pd-ssd \ - ${KUBE_BUILD_VM} - -# Set up local docker to talk to that machine -eval $(docker-machine env ${KUBE_BUILD_VM}) - -# Pin down the port that rsync will be exposed on on the remote machine -export KUBE_RSYNC_PORT=8730 - -# forward local 8730 to that machine so that rsync works -docker-machine ssh ${KUBE_BUILD_VM} -L ${KUBE_RSYNC_PORT}:localhost:${KUBE_RSYNC_PORT} -N & -``` - -Look at `docker-machine stop`, `docker-machine start` and `docker-machine rm` to manage this VM. - -## Releasing - -The `build/release.sh` script will build a release. It will build binaries, run tests, (optionally) build runtime Docker images. - -The main output is a tar file: `kubernetes.tar.gz`. This includes: -* Cross compiled client utilities. -* Script (`kubectl`) for picking and running the right client binary based on platform. -* Examples -* Cluster deployment scripts for various clouds -* Tar file containing all server binaries - -In addition, there are some other tar files that are created: -* `kubernetes-client-*.tar.gz` Client binaries for a specific platform. -* `kubernetes-server-*.tar.gz` Server binaries for a specific platform. - -When building final release tars, they are first staged into `_output/release-stage` before being tar'd up and put into `_output/release-tars`. - -## Reproducibility -`make release`, its variant `make quick-release`, and Bazel all provide a -hermetic build environment which should provide some level of reproducibility -for builds. `make` itself is **not** hermetic. - -The Kubernetes build environment supports the [`SOURCE_DATE_EPOCH` environment -variable](https://reproducible-builds.org/specs/source-date-epoch/) specified by -the Reproducible Builds project, which can be set to a UNIX epoch timestamp. -This will be used for the build timestamps embedded in compiled Go binaries, -and maybe someday also Docker images. - -One reasonable setting for this variable is to use the commit timestamp from the -tip of the tree being built; this is what the Kubernetes CI system uses. For -example, you could use the following one-liner: - -```bash -SOURCE_DATE_EPOCH=$(git show -s --format=format:%ct HEAD) -``` - -[![Analytics](https://kubernetes-site.appspot.com/UA-36037335-10/GitHub/build/README.md?pixel)]() diff --git a/vendor/k8s.io/kubernetes/build/pause/orphan.c b/vendor/k8s.io/kubernetes/build/pause/orphan.c deleted file mode 100644 index 07f490de91d8..000000000000 --- a/vendor/k8s.io/kubernetes/build/pause/orphan.c +++ /dev/null @@ -1,36 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -/* Creates a zombie to be reaped by init. Useful for testing. */ - -#include -#include - -int main() { - pid_t pid; - pid = fork(); - if (pid == 0) { - while (getppid() > 1) - ; - printf("Child exiting: pid=%d ppid=%d\n", getpid(), getppid()); - return 0; - } else if (pid > 0) { - printf("Parent exiting: pid=%d ppid=%d\n", getpid(), getppid()); - return 0; - } - perror("Could not create child"); - return 1; -} diff --git a/vendor/k8s.io/kubernetes/build/pause/pause.c b/vendor/k8s.io/kubernetes/build/pause/pause.c deleted file mode 100644 index 95966f4384d1..000000000000 --- a/vendor/k8s.io/kubernetes/build/pause/pause.c +++ /dev/null @@ -1,68 +0,0 @@ -/* -Copyright 2016 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -#include -#include -#include -#include -#include -#include -#include - -#define STRINGIFY(x) #x -#define VERSION_STRING(x) STRINGIFY(x) - -#ifndef VERSION -#define VERSION HEAD -#endif - -static void sigdown(int signo) { - psignal(signo, "Shutting down, got signal"); - exit(0); -} - -static void sigreap(int signo) { - while (waitpid(-1, NULL, WNOHANG) > 0) - ; -} - -int main(int argc, char **argv) { - int i; - for (i = 1; i < argc; ++i) { - if (!strcasecmp(argv[i], "-v")) { - printf("pause.c %s\n", VERSION_STRING(VERSION)); - return 0; - } - } - - if (getpid() != 1) - /* Not an error because pause sees use outside of infra containers. */ - fprintf(stderr, "Warning: pause should be the first process\n"); - - if (sigaction(SIGINT, &(struct sigaction){.sa_handler = sigdown}, NULL) < 0) - return 1; - if (sigaction(SIGTERM, &(struct sigaction){.sa_handler = sigdown}, NULL) < 0) - return 2; - if (sigaction(SIGCHLD, &(struct sigaction){.sa_handler = sigreap, - .sa_flags = SA_NOCLDSTOP}, - NULL) < 0) - return 3; - - for (;;) - pause(); - fprintf(stderr, "Error: infinite loop terminated\n"); - return 42; -}