Merge tag 'v0.34.2+ds1' into debian/sid
Reinhard Tartler
3 years ago
68 | 68 | .PHONY: validate |
69 | 69 | validate: build/golangci-lint |
70 | 70 | ./build/golangci-lint run |
71 | ./tools/validate_seccomp.sh ./pkg/seccomp | |
71 | 72 | |
72 | 73 | vendor-in-container: |
73 | 74 | podman run --privileged --rm --env HOME=/root -v `pwd`:/src -w /src golang make vendor |
277 | 277 | ## ENGINE TABLE |
278 | 278 | The `engine` table contains configuration options used to set up container engines such as Podman and Buildah. |
279 | 279 | |
280 | **image_build_format**="oci" | |
281 | The default image format to building container images. Valid values are "oci" (default) or "docker". | |
280 | **image_default_format**="oci"|"v2s2"|"v2s1" | |
281 | ||
282 | Manifest Type (oci, v2s2, or v2s1) to use when pulling, pushing, building | |
283 | container images. By default images pulled and pushed match the format of the | |
284 | source image. Building/committing defaults to OCI. | |
285 | Note: **image_build_format** is deprecated. | |
282 | 286 | |
283 | 287 | **cgroup_check**=false |
284 | 288 | |
360 | 364 | associated with the pod. This container does nothing other then sleep, |
361 | 365 | reserving the pods resources for the lifetime of the pod. |
362 | 366 | |
367 | **image_parallel_copies**=0 | |
368 | ||
369 | Maximum number of image layers to be copied (pulled/pushed) simultaneously. | |
370 | Not setting this field will fall back to containers/image defaults. (6) | |
371 | ||
363 | 372 | **lock_type**="shm" |
364 | 373 | |
365 | 374 | Specify the locking mechanism to use; valid values are "shm" and "file". |
4 | 4 | require ( |
5 | 5 | github.com/BurntSushi/toml v0.3.1 |
6 | 6 | github.com/blang/semver v3.5.1+incompatible // indirect |
7 | github.com/containers/image/v5 v5.9.0 | |
8 | github.com/containers/storage v1.24.5 | |
7 | github.com/containers/image/v5 v5.10.1 | |
8 | github.com/containers/storage v1.25.0 | |
9 | 9 | github.com/docker/distribution v2.7.1+incompatible |
10 | 10 | github.com/docker/docker v17.12.0-ce-rc1.0.20201020191947-73dc6a680cdd+incompatible |
11 | 11 | github.com/docker/go-units v0.4.0 |
12 | 12 | github.com/ghodss/yaml v1.0.0 |
13 | github.com/google/go-cmp v0.5.2 // indirect | |
14 | 13 | github.com/gorilla/mux v1.8.0 // indirect |
15 | 14 | github.com/hashicorp/go-multierror v1.1.0 |
16 | github.com/onsi/ginkgo v1.14.2 | |
17 | github.com/onsi/gomega v1.10.4 | |
18 | github.com/opencontainers/runc v1.0.0-rc91 | |
19 | github.com/opencontainers/runtime-spec v1.0.3-0.20200710190001-3e4195d92445 | |
15 | github.com/onsi/ginkgo v1.15.0 | |
16 | github.com/onsi/gomega v1.10.5 | |
17 | github.com/opencontainers/runc v1.0.0-rc93 | |
18 | github.com/opencontainers/runtime-spec v1.0.3-0.20200929063507-e6143ca7d51d | |
20 | 19 | github.com/opencontainers/runtime-tools v0.9.0 |
21 | 20 | github.com/opencontainers/selinux v1.8.0 |
22 | 21 | github.com/pkg/errors v0.9.1 |
25 | 24 | github.com/sirupsen/logrus v1.7.0 |
26 | 25 | github.com/spf13/cobra v1.1.1 |
27 | 26 | github.com/spf13/pflag v1.0.5 |
28 | github.com/stretchr/testify v1.6.1 | |
29 | github.com/syndtr/gocapability v0.0.0-20180916011248-d98352740cb2 | |
27 | github.com/stretchr/testify v1.7.0 | |
28 | github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 | |
30 | 29 | golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9 |
31 | golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3 | |
30 | golang.org/x/sys v0.0.0-20210112080510-489259a85091 | |
32 | 31 | ) |
15 | 15 | github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ= |
16 | 16 | github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= |
17 | 17 | github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= |
18 | github.com/Microsoft/go-winio v0.4.15-0.20190919025122-fc70bd9a86b5/go.mod h1:tTuCMEN+UleMWgg9dVx4Hu52b1bJo+59jBh3ajtinzw= | |
19 | 18 | github.com/Microsoft/go-winio v0.4.16-0.20201130162521-d1ffc52c7331 h1:3YnB7Hpmh1lPecPE8doMOtYCrMdrpedZOvxfuNES/Vk= |
20 | 19 | github.com/Microsoft/go-winio v0.4.16-0.20201130162521-d1ffc52c7331/go.mod h1:XB6nPKklQyQ7GC9LdcBEcBl8PF76WugXOPRXwdLnMv0= |
21 | github.com/Microsoft/hcsshim v0.8.9 h1:VrfodqvztU8YSOvygU+DN1BGaSGxmrNfqOv5oOuX2Bk= | |
22 | github.com/Microsoft/hcsshim v0.8.9/go.mod h1:5692vkUqntj1idxauYlpoINNKeqCiG6Sg38RRsjT5y8= | |
23 | 20 | github.com/Microsoft/hcsshim v0.8.14 h1:lbPVK25c1cu5xTLITwpUcxoA9vKrKErASPYygvouJns= |
24 | 21 | github.com/Microsoft/hcsshim v0.8.14/go.mod h1:NtVKoYxQuTLx6gEq0L96c9Ju4JbRJ4nY2ow3VK6a9Lg= |
25 | 22 | github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= |
40 | 37 | github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= |
41 | 38 | github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= |
42 | 39 | github.com/checkpoint-restore/go-criu/v4 v4.0.2/go.mod h1:xUQBLp4RLc5zJtWY++yjOoMoB5lihDt7fai+75m+rGw= |
40 | github.com/checkpoint-restore/go-criu/v4 v4.1.0/go.mod h1:xUQBLp4RLc5zJtWY++yjOoMoB5lihDt7fai+75m+rGw= | |
43 | 41 | github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= |
44 | 42 | github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= |
45 | 43 | github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= |
46 | 44 | github.com/cilium/ebpf v0.0.0-20200110133405-4032b1d8aae3/go.mod h1:MA5e5Lr8slmEg9bt0VpxxWqJlO4iwu3FBdHUzV7wQVg= |
47 | 45 | github.com/cilium/ebpf v0.0.0-20200507155900-a9f01edf17e3/go.mod h1:XT+cAw5wfvsodedcijoh1l9cf7v1x9FlFB/3VmF/O8s= |
46 | github.com/cilium/ebpf v0.2.0/go.mod h1:To2CFviqOWL/M0gIMsvSMlqe7em/l1ALkX1PyjrX2Qs= | |
48 | 47 | github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= |
49 | github.com/containerd/cgroups v0.0.0-20190919134610-bf292b21730f h1:tSNMc+rJDfmYntojat8lljbt1mgKNpTxUZJsSzJ9Y1s= | |
50 | github.com/containerd/cgroups v0.0.0-20190919134610-bf292b21730f/go.mod h1:OApqhQ4XNSNC13gXIwDjhOQxjWa/NxkwZXJ1EvqT0ko= | |
51 | 48 | github.com/containerd/cgroups v0.0.0-20200531161412-0dbf7f05ba59 h1:qWj4qVYZ95vLWwqyNJCQg7rDsG5wPdze0UaPolH7DUk= |
52 | 49 | github.com/containerd/cgroups v0.0.0-20200531161412-0dbf7f05ba59/go.mod h1:pA0z1pT8KYB3TCXK/ocprsh7MAkoW8bZVzPdih9snmM= |
53 | 50 | github.com/containerd/console v0.0.0-20180822173158-c12b1e7919c1/go.mod h1:Tj/on1eG8kiEhd0+fhSDzsPAFESxzBBvdyEgyryXffw= |
54 | 51 | github.com/containerd/console v1.0.0/go.mod h1:8Pf4gM6VEbTNRIT26AyyU7hxdQU3MvAvxVI0sc00XBE= |
52 | github.com/containerd/console v1.0.1/go.mod h1:XUsP6YE/mKtz6bxc+I8UiKKTP04qjQL4qcS3XoQ5xkw= | |
55 | 53 | github.com/containerd/containerd v1.3.2/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= |
56 | 54 | github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y= |
57 | 55 | github.com/containerd/fifo v0.0.0-20190226154929-a9fb20d87448/go.mod h1:ODA38xgv3Kuk8dQz2ZQXpnv/UZZUHUCL7pnLehbXgQI= |
58 | 56 | github.com/containerd/go-runc v0.0.0-20180907222934-5a6d9f37cfa3/go.mod h1:IV7qH3hrUgRmyYrtgEeGWJfWbgcHL9CSRruz2Vqcph0= |
59 | 57 | github.com/containerd/ttrpc v0.0.0-20190828154514-0e0f228740de/go.mod h1:PvCDdDGpgqzQIzDW1TphrGLssLDZp2GuS+X5DkEJB8o= |
60 | 58 | github.com/containerd/typeurl v0.0.0-20180627222232-a93fcdb778cd/go.mod h1:Cm3kwCdlkCfMSHURc+r6fwoGH6/F1hH3S4sg0rLFWPc= |
61 | github.com/containers/image/v5 v5.9.0 h1:dRmUtcluQcmasNo3DpnRoZjfU0rOu1qZeL6wlDJr10Q= | |
62 | github.com/containers/image/v5 v5.9.0/go.mod h1:blOEFd/iFdeyh891ByhCVUc+xAcaI3gBegXECwz9UbQ= | |
59 | github.com/containers/image/v5 v5.10.1 h1:tHhGQ8RCMxJfJLD/PEW1qrOKX8nndledW9qz6UiAxns= | |
60 | github.com/containers/image/v5 v5.10.1/go.mod h1:JlRLJZv7elVbtHaaaR6Kz8i6G3k2ttj4t7fubwxD9Hs= | |
63 | 61 | github.com/containers/libtrust v0.0.0-20190913040956-14b96171aa3b h1:Q8ePgVfHDplZ7U33NwHZkrVELsZP5fYj9pM5WBZB2GE= |
64 | 62 | github.com/containers/libtrust v0.0.0-20190913040956-14b96171aa3b/go.mod h1:9rfv8iPl1ZP7aqh9YA68wnZv2NUDbXdcdPHVz0pFbPY= |
65 | 63 | github.com/containers/ocicrypt v1.0.3 h1:vYgl+RZ9Q3DPMuTfxmN+qp0X2Bj52uuY2vnt6GzVe1c= |
66 | 64 | github.com/containers/ocicrypt v1.0.3/go.mod h1:CUBa+8MRNL/VkpxYIpaMtgn1WgXGyvPQj8jcy0EVG6g= |
67 | github.com/containers/storage v1.23.7/go.mod h1:cUT2zHjtx+WlVri30obWmM2gpqpi8jfPsmIzP1TVpEI= | |
68 | 65 | github.com/containers/storage v1.24.5 h1:BusfdU0rCS2/Daa/DPw+0iLfGRlYA7UVF7D0el3N7Vk= |
69 | 66 | github.com/containers/storage v1.24.5/go.mod h1:YC+2pY8SkfEAcZkwycxYbpK8EiRbx5soPPwz9dxe4IQ= |
67 | github.com/containers/storage v1.25.0 h1:p0PLlQcWmtE+7XLfOCR0WuYyMTby1yozpI4DaKOtWTA= | |
68 | github.com/containers/storage v1.25.0/go.mod h1:UxTYd5F4mPVqmDRcRL0PBS8+HP74aBn96eahnhEvPtk= | |
70 | 69 | github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= |
71 | 70 | github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= |
72 | 71 | github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= |
74 | 73 | github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= |
75 | 74 | github.com/coreos/go-systemd/v22 v22.0.0 h1:XJIw/+VlJ+87J+doOxznsAWIdmWuViOVhkQamW5YV28= |
76 | 75 | github.com/coreos/go-systemd/v22 v22.0.0/go.mod h1:xO0FLkIi5MaZafQlIrOotqXZ90ih+1atmu1JpKERPPk= |
76 | github.com/coreos/go-systemd/v22 v22.1.0 h1:kq/SbG2BCKLkDKkjQf5OWwKWUKj1lgs3lFI4PxnR5lg= | |
77 | github.com/coreos/go-systemd/v22 v22.1.0/go.mod h1:xO0FLkIi5MaZafQlIrOotqXZ90ih+1atmu1JpKERPPk= | |
77 | 78 | github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= |
78 | 79 | github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= |
79 | 80 | github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= |
81 | github.com/cyphar/filepath-securejoin v0.2.2 h1:jCwT2GTP+PY5nBz3c/YL5PAIbusElVrPujOBSCj8xRg= | |
80 | 82 | github.com/cyphar/filepath-securejoin v0.2.2/go.mod h1:FpkQEhXnPnOthhzymB7CGsFk2G9VLXONKD9G7QGMM+4= |
81 | 83 | github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= |
82 | 84 | github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= |
110 | 112 | github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= |
111 | 113 | github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= |
112 | 114 | github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= |
113 | github.com/godbus/dbus v0.0.0-20190422162347-ade71ed3457e h1:BWhy2j3IXJhjCbC68FptL43tDKIq8FladmaTs3Xs7Z8= | |
114 | github.com/godbus/dbus v0.0.0-20190422162347-ade71ed3457e/go.mod h1:bBOAhwG1umN6/6ZUMtDFBMQR8jRg9O75tm9K00oMsK4= | |
115 | 115 | github.com/godbus/dbus/v5 v5.0.3 h1:ZqHaoEF7TBzh4jzPmqVhE/5A1z9of6orkAe5uHoAeME= |
116 | 116 | github.com/godbus/dbus/v5 v5.0.3/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= |
117 | 117 | github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= |
134 | 134 | github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= |
135 | 135 | github.com/golang/protobuf v1.4.2 h1:+Z5KGCizgyZCbGh1KZqA0fcLLkwbsjIzS4aV2v7wJX0= |
136 | 136 | github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= |
137 | github.com/golang/protobuf v1.4.3 h1:JjCZWpVbqXDqFVmTfYWEVTMIYrL/NPdPSCHPJ0T/raM= | |
138 | github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= | |
137 | 139 | github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= |
138 | 140 | github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= |
139 | 141 | github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= |
197 | 199 | github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q= |
198 | 200 | github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00= |
199 | 201 | github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= |
200 | github.com/klauspost/compress v1.11.1/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= | |
201 | github.com/klauspost/compress v1.11.3 h1:dB4Bn0tN3wdCzQxnS8r06kV74qN/TAfaIS0bVE8h3jc= | |
202 | github.com/klauspost/compress v1.11.3/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= | |
203 | 202 | github.com/klauspost/compress v1.11.5 h1:xNCE0uE6yvTPRS+0wGNMHPo3NIpwnk6aluQZ6R6kRcc= |
204 | 203 | github.com/klauspost/compress v1.11.5/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= |
204 | github.com/klauspost/compress v1.11.7 h1:0hzRabrMN4tSTvMfnL3SCv1ZGeAP23ynzodBgaHeMeg= | |
205 | github.com/klauspost/compress v1.11.7/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= | |
205 | 206 | github.com/klauspost/pgzip v1.2.5 h1:qnWYvvKqedOF2ulHpMG72XQol4ILEJ8k2wwRl/Km8oE= |
206 | 207 | github.com/klauspost/pgzip v1.2.5/go.mod h1:Ch1tH69qFZu15pkjo5kYi6mth2Zzwzt50oCQKQE9RUs= |
207 | 208 | github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= |
222 | 223 | github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= |
223 | 224 | github.com/mattn/go-shellwords v1.0.10 h1:Y7Xqm8piKOO3v10Thp7Z36h4FYFjt5xB//6XvOrs2Gw= |
224 | 225 | github.com/mattn/go-shellwords v1.0.10/go.mod h1:EZzvwXDESEeg03EKmM+RmDnNOPKG4lLtQsUlTZDWQ8Y= |
226 | github.com/mattn/go-shellwords v1.0.11 h1:vCoR9VPpsk/TZFW2JwK5I9S0xdrtUq2bph6/YjEPnaw= | |
227 | github.com/mattn/go-shellwords v1.0.11/go.mod h1:EZzvwXDESEeg03EKmM+RmDnNOPKG4lLtQsUlTZDWQ8Y= | |
225 | 228 | github.com/matttproud/golang_protobuf_extensions v1.0.1 h1:4hp9jkHxhMHkqkrB3Ix0jegS5sx/RkqARlsWZ6pIwiU= |
226 | 229 | github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= |
227 | 230 | github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= |
244 | 247 | github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= |
245 | 248 | github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc= |
246 | 249 | github.com/mrunalp/fileutils v0.0.0-20171103030105-7d4729fb3618/go.mod h1:x8F1gnqOkIEiO4rqoeEEEqQbo7HjGMTvyoq3gej4iT0= |
250 | github.com/mrunalp/fileutils v0.5.0/go.mod h1:M1WthSahJixYnrXQl/DFQuteStB1weuxD2QJNHXfbSQ= | |
247 | 251 | github.com/mtrmac/gpgme v0.1.2/go.mod h1:GYYHnGSuS7HK3zVS2n3y73y0okK/BeKzwnn5jgiVFNI= |
248 | 252 | github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= |
249 | 253 | github.com/nxadm/tail v1.4.4 h1:DQuhQpB1tVlglWS2hLQ5OV6B5r8aGxSrPc5Qo6uTN78= |
251 | 255 | github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= |
252 | 256 | github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= |
253 | 257 | github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= |
254 | github.com/onsi/ginkgo v1.14.2 h1:8mVmC9kjFFmA8H4pKMUhcblgifdkOIXPvbhN1T36q1M= | |
255 | github.com/onsi/ginkgo v1.14.2/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY= | |
258 | github.com/onsi/ginkgo v1.15.0 h1:1V1NfVQR87RtWAgp1lv9JZJ5Jap+XFGKPi00andXGi4= | |
259 | github.com/onsi/ginkgo v1.15.0/go.mod h1:hF8qUzuuC8DJGygJH3726JnCZX4MYbRB8yFfISqnKUg= | |
256 | 260 | github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= |
257 | 261 | github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= |
258 | github.com/onsi/gomega v1.10.4 h1:NiTx7EEvBzu9sFOD1zORteLSt3o8gnlvZZwSE9TnY9U= | |
259 | github.com/onsi/gomega v1.10.4/go.mod h1:g/HbgYopi++010VEqkFgJHKC09uJiW9UkXvMUuKHUCQ= | |
262 | github.com/onsi/gomega v1.10.5 h1:7n6FEkpFmfCoo2t+YYqXH0evK+a9ICQz0xcAy9dYcaQ= | |
263 | github.com/onsi/gomega v1.10.5/go.mod h1:gza4q3jKQJijlu05nKWRCW/GavJumGt8aNRxWg7mt48= | |
260 | 264 | github.com/opencontainers/go-digest v0.0.0-20180430190053-c9281466c8b2/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= |
261 | 265 | github.com/opencontainers/go-digest v1.0.0-rc1/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= |
262 | 266 | github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= |
267 | 271 | github.com/opencontainers/runc v0.0.0-20190115041553-12f6a991201f/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U= |
268 | 272 | github.com/opencontainers/runc v1.0.0-rc91 h1:Tp8LWs5G8rFpzTsbRjAtQkPVexhCu0bnANE5IfIhJ6g= |
269 | 273 | github.com/opencontainers/runc v1.0.0-rc91/go.mod h1:3Sm6Dt7OT8z88EbdQqqcRN2oCT54jbi72tT/HqgflT8= |
270 | github.com/opencontainers/runtime-spec v0.1.2-0.20190507144316-5b71a03e2700/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= | |
274 | github.com/opencontainers/runc v1.0.0-rc93 h1:x2UMpOOVf3kQ8arv/EsDGwim8PTNqzL1/EYDr/+scOM= | |
275 | github.com/opencontainers/runc v1.0.0-rc93/go.mod h1:3NOsor4w32B2tC0Zbl8Knk4Wg84SM2ImC1fxBuqJ/H0= | |
271 | 276 | github.com/opencontainers/runtime-spec v1.0.2/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= |
272 | 277 | github.com/opencontainers/runtime-spec v1.0.3-0.20200520003142-237cc4f519e2 h1:9mv9SC7GWmRWE0J/+oD8w3GsN2KYGKtg6uwLN7hfP5E= |
273 | 278 | github.com/opencontainers/runtime-spec v1.0.3-0.20200520003142-237cc4f519e2/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= |
274 | github.com/opencontainers/runtime-spec v1.0.3-0.20200710190001-3e4195d92445 h1:y8cfsJRmn8g3VkM4IDpusKSgMUZEXhudm/BuYANLozE= | |
275 | github.com/opencontainers/runtime-spec v1.0.3-0.20200710190001-3e4195d92445/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= | |
279 | github.com/opencontainers/runtime-spec v1.0.3-0.20200929063507-e6143ca7d51d h1:pNa8metDkwZjb9g4T8s+krQ+HRgZAkqnXml+wNir/+s= | |
280 | github.com/opencontainers/runtime-spec v1.0.3-0.20200929063507-e6143ca7d51d/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= | |
276 | 281 | github.com/opencontainers/runtime-tools v0.9.0 h1:FYgwVsKRI/H9hU32MJ/4MLOzXWodKK5zsQavY8NPMkU= |
277 | 282 | github.com/opencontainers/runtime-tools v0.9.0/go.mod h1:r3f7wjNzSs2extwzU3Y+6pKfobzPh+kKFJ3ofN+3nfs= |
278 | 283 | github.com/opencontainers/selinux v1.5.1/go.mod h1:yTcKuYAh6R95iDpefGLQaPaRwJFwyzAJufJyiTt7s0g= |
279 | github.com/opencontainers/selinux v1.6.0 h1:+bIAS/Za3q5FTwWym4fTB0vObnfCf3G/NC7K6Jx62mY= | |
280 | github.com/opencontainers/selinux v1.6.0/go.mod h1:VVGKuOLlE7v4PJyT6h7mNWvq1rzqiriPsEqVhc+svHE= | |
281 | 284 | github.com/opencontainers/selinux v1.8.0 h1:+77ba4ar4jsCbL1GLbFL8fFM57w6suPfSS9PDLDY7KM= |
282 | 285 | github.com/opencontainers/selinux v1.8.0/go.mod h1:RScLhm78qiWa2gbVCcGkC7tCGdgk3ogry1nUQF8Evvo= |
283 | 286 | github.com/ostreedev/ostree-go v0.0.0-20190702140239-759a8c1ac913/go.mod h1:J6OG6YJVEWopen4avK3VNQSnALmmjvniMmni/YFYAwc= |
350 | 353 | github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= |
351 | 354 | github.com/stretchr/testify v1.6.1 h1:hDPOHmpOpP40lSULcqw7IrRb/u7w6RpDC9399XyoNd0= |
352 | 355 | github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= |
356 | github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY= | |
357 | github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= | |
353 | 358 | github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw= |
354 | 359 | github.com/syndtr/gocapability v0.0.0-20180916011248-d98352740cb2 h1:b6uOv7YOFK0TYG7HtkIgExQo+2RdLuwRft63jn2HWj8= |
355 | 360 | github.com/syndtr/gocapability v0.0.0-20180916011248-d98352740cb2/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= |
361 | github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 h1:kdXcSzyDtseVEc4yCz2qF8ZrQvIDBJLl4S1c3GCXmoI= | |
362 | github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= | |
356 | 363 | github.com/tchap/go-patricia v2.3.0+incompatible h1:GkY4dP3cEfEASBPPkWd+AmjYxhmDkqO9/zg7R0lSQRs= |
357 | 364 | github.com/tchap/go-patricia v2.3.0+incompatible/go.mod h1:bmLyhP68RS6kStMGxByiQ23RP/odRBOTVjwp2cDyi6I= |
358 | 365 | github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= |
359 | github.com/ulikunitz/xz v0.5.8 h1:ERv8V6GKqVi23rgu5cj9pVfVzJbOqAY2Ntl88O6c2nQ= | |
360 | github.com/ulikunitz/xz v0.5.8/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= | |
361 | github.com/urfave/cli v0.0.0-20171014202726-7bc6a0acffa5/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA= | |
366 | github.com/ulikunitz/xz v0.5.9 h1:RsKRIA2MO8x56wkkcd3LbtcE/uMszhb6DpRf+3uwa3I= | |
367 | github.com/ulikunitz/xz v0.5.9/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= | |
362 | 368 | github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= |
363 | 369 | github.com/urfave/cli v1.22.2/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= |
364 | 370 | github.com/vbatts/tar-split v0.11.1 h1:0Odu65rhcZ3JZaPHxl7tCI3V/C/Q9Zf82UFravl02dE= |
365 | 371 | github.com/vbatts/tar-split v0.11.1/go.mod h1:LEuURwDEiWjRjwu46yU3KVGuUdVv/dcnpcEPSzR8z6g= |
366 | github.com/vbauerster/mpb/v5 v5.3.0/go.mod h1:4yTkvAb8Cm4eylAp6t0JRq6pXDkFJ4krUlDqWYkakAs= | |
372 | github.com/vbauerster/mpb/v5 v5.4.0/go.mod h1:fi4wVo7BVQ22QcvFObm+VwliQXlV1eBT8JDaKXR4JGI= | |
367 | 373 | github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYppBueQtXaqoE= |
368 | 374 | github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU= |
369 | github.com/willf/bitset v1.1.11-0.20200630133818-d5bec3311243 h1:R43TdZy32XXSXjJn7M/HhALJ9imq6ztLnChfYJpVDnM= | |
370 | github.com/willf/bitset v1.1.11-0.20200630133818-d5bec3311243/go.mod h1:RjeCKbqT1RxIR/KWY6phxZiaY1IyutSBfGjNPySAYV4= | |
371 | 375 | github.com/willf/bitset v1.1.11 h1:N7Z7E9UvjW+sGsEl7k/SJrvY2reP1A07MrGuCjIOjRE= |
372 | 376 | github.com/willf/bitset v1.1.11/go.mod h1:83CECat5yLh5zVOf4P1ErAgKA5UDvKtgyUABdr3+MjI= |
373 | 377 | github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= |
378 | 382 | github.com/xeipuuv/gojsonschema v1.2.0 h1:LhYJRs+L4fBtjZUfuSZIKGeVu0QRy8e5Xi7D17UxZ74= |
379 | 383 | github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y= |
380 | 384 | github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= |
385 | github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= | |
381 | 386 | go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= |
382 | 387 | go.etcd.io/bbolt v1.3.5/go.mod h1:G5EMThwa9y8QZGBClrRx5EY+Yw9kAhnjy3bSjsnlVTQ= |
383 | 388 | go.mozilla.org/pkcs7 v0.0.0-20200128120323-432b2356ecb1/go.mod h1:SNgMg+EgDFwmvSmLRTNKC5fegJjB7v23qTQ0XLGUNHk= |
393 | 398 | golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= |
394 | 399 | golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= |
395 | 400 | golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= |
401 | golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= | |
396 | 402 | golang.org/x/crypto v0.0.0-20200423211502-4bdfaf469ed5/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= |
397 | 403 | golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9 h1:psW17arqaxU48Z5kZ0CQnkZWQJsqcURM6tKiBApRjXI= |
398 | 404 | golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= |
414 | 420 | golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o= |
415 | 421 | golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc= |
416 | 422 | golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY= |
423 | golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= | |
417 | 424 | golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= |
418 | 425 | golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= |
419 | 426 | golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= |
433 | 440 | golang.org/x/net v0.0.0-20191004110552-13f9640d40b9/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= |
434 | 441 | golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= |
435 | 442 | golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= |
443 | golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= | |
436 | 444 | golang.org/x/net v0.0.0-20201202161906-c7110b5ffcbb h1:eBmm0M9fYhWpKZLjQUUKka/LtIxf46G4fxeEz5KJr9U= |
437 | 445 | golang.org/x/net v0.0.0-20201202161906-c7110b5ffcbb/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= |
446 | golang.org/x/net v0.0.0-20201224014010-6772e930b67b h1:iFwSg7t5GZmB/Q5TjiEAsdoLDrdJRC1RiF2WhuV29Qw= | |
447 | golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= | |
438 | 448 | golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= |
439 | 449 | golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= |
440 | 450 | golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= |
444 | 454 | golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= |
445 | 455 | golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= |
446 | 456 | golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= |
457 | golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= | |
447 | 458 | golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= |
448 | 459 | golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= |
449 | 460 | golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= |
458 | 469 | golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= |
459 | 470 | golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= |
460 | 471 | golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= |
461 | golang.org/x/sys v0.0.0-20190514135907-3a4b5fb9f71f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= | |
462 | 472 | golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= |
463 | 473 | golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= |
464 | 474 | golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= |
475 | 485 | golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= |
476 | 486 | golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= |
477 | 487 | golang.org/x/sys v0.0.0-20200327173247-9dae0f8f5775/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= |
478 | golang.org/x/sys v0.0.0-20200519105757-fe76b779f299/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= | |
479 | golang.org/x/sys v0.0.0-20200810151505-1b9f1253b3ed/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= | |
480 | 488 | golang.org/x/sys v0.0.0-20200909081042-eff7692f9009/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= |
489 | golang.org/x/sys v0.0.0-20200916030750-2334cc1a136f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= | |
481 | 490 | golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f h1:+Nyd8tzPX9R7BWHguqsrbFdRx3WQ/1ib8I44HXV5yTA= |
482 | 491 | golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= |
492 | golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= | |
483 | 493 | golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3 h1:kzM6+9dur93BcC2kVlYl34cHU+TYZLanmpSJHVMmL64= |
484 | 494 | golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= |
495 | golang.org/x/sys v0.0.0-20201218084310-7d0127a74742 h1:+CBz4km/0KPU3RGTwARGh/noP3bEwtHcq+0YcBQM2JQ= | |
496 | golang.org/x/sys v0.0.0-20201218084310-7d0127a74742/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= | |
497 | golang.org/x/sys v0.0.0-20210112080510-489259a85091 h1:DMyOG0U+gKfu8JZzg2UQe9MeaC1X+xQWlAKcRnjxjCw= | |
498 | golang.org/x/sys v0.0.0-20210112080510-489259a85091/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= | |
499 | golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= | |
485 | 500 | golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= |
486 | 501 | golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= |
487 | 502 | golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= |
509 | 524 | golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= |
510 | 525 | golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= |
511 | 526 | golang.org/x/tools v0.0.0-20191112195655-aa38f8e97acc/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= |
527 | golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= | |
528 | golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= | |
512 | 529 | golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= |
530 | golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= | |
513 | 531 | golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4= |
514 | 532 | golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= |
533 | golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE= | |
534 | golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= | |
515 | 535 | google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= |
516 | 536 | google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M= |
517 | 537 | google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= |
12 | 12 | isCgroupV2Err error |
13 | 13 | ) |
14 | 14 | |
15 | // Enabled returns whether we are running in cgroup 2 cgroup2 mode. | |
15 | // Enabled returns whether we are running on cgroup v2 | |
16 | 16 | func Enabled() (bool, error) { |
17 | 17 | isCgroupV2Once.Do(func() { |
18 | 18 | var st syscall.Statfs_t |
1 | 1 | |
2 | 2 | package cgroupv2 |
3 | 3 | |
4 | // Enabled returns whether we are running in cgroup 2 cgroup2 mode. | |
4 | // Enabled returns whether we are running on cgroup v2 | |
5 | 5 | func Enabled() (bool, error) { |
6 | 6 | return false, nil |
7 | 7 | } |
0 | // +build !windows | |
1 | ||
2 | package chown | |
3 | ||
4 | import ( | |
5 | "os" | |
6 | "os/user" | |
7 | "path/filepath" | |
8 | "syscall" | |
9 | ||
10 | "github.com/containers/storage/pkg/homedir" | |
11 | "github.com/pkg/errors" | |
12 | ) | |
13 | ||
14 | // DangerousHostPath validates if a host path is dangerous and should not be modified | |
15 | func DangerousHostPath(path string) (bool, error) { | |
16 | excludePaths := map[string]bool{ | |
17 | "/": true, | |
18 | "/bin": true, | |
19 | "/boot": true, | |
20 | "/dev": true, | |
21 | "/etc": true, | |
22 | "/etc/passwd": true, | |
23 | "/etc/pki": true, | |
24 | "/etc/shadow": true, | |
25 | "/home": true, | |
26 | "/lib": true, | |
27 | "/lib64": true, | |
28 | "/media": true, | |
29 | "/opt": true, | |
30 | "/proc": true, | |
31 | "/root": true, | |
32 | "/run": true, | |
33 | "/sbin": true, | |
34 | "/srv": true, | |
35 | "/sys": true, | |
36 | "/tmp": true, | |
37 | "/usr": true, | |
38 | "/var": true, | |
39 | "/var/lib": true, | |
40 | "/var/log": true, | |
41 | } | |
42 | ||
43 | if home := homedir.Get(); home != "" { | |
44 | excludePaths[home] = true | |
45 | } | |
46 | ||
47 | if sudoUser := os.Getenv("SUDO_USER"); sudoUser != "" { | |
48 | if usr, err := user.Lookup(sudoUser); err == nil { | |
49 | excludePaths[usr.HomeDir] = true | |
50 | } | |
51 | } | |
52 | ||
53 | absPath, err := filepath.Abs(path) | |
54 | if err != nil { | |
55 | return true, err | |
56 | } | |
57 | ||
58 | realPath, err := filepath.EvalSymlinks(absPath) | |
59 | if err != nil { | |
60 | return true, err | |
61 | } | |
62 | ||
63 | if excludePaths[realPath] { | |
64 | return true, nil | |
65 | } | |
66 | ||
67 | return false, nil | |
68 | } | |
69 | ||
70 | // ChangeHostPathOwnership changes the uid and gid ownership of a directory or file within the host. | |
71 | // This is used by the volume U flag to change source volumes ownership | |
72 | func ChangeHostPathOwnership(path string, recursive bool, uid, gid int) error { | |
73 | // Validate if host path can be chowned | |
74 | isDangerous, err := DangerousHostPath(path) | |
75 | if err != nil { | |
76 | return errors.Wrapf(err, "failed to validate if host path is dangerous") | |
77 | } | |
78 | ||
79 | if isDangerous { | |
80 | return errors.Errorf("chowning host path %q is not allowed. You can manually `chown -R %d:%d %s`", path, uid, gid, path) | |
81 | } | |
82 | ||
83 | // Chown host path | |
84 | if recursive { | |
85 | err := filepath.Walk(path, func(filePath string, f os.FileInfo, err error) error { | |
86 | if err != nil { | |
87 | return err | |
88 | } | |
89 | ||
90 | // Get current ownership | |
91 | currentUID := int(f.Sys().(*syscall.Stat_t).Uid) | |
92 | currentGID := int(f.Sys().(*syscall.Stat_t).Gid) | |
93 | ||
94 | if uid != currentUID || gid != currentGID { | |
95 | return os.Lchown(filePath, uid, gid) | |
96 | } | |
97 | ||
98 | return nil | |
99 | }) | |
100 | ||
101 | if err != nil { | |
102 | return errors.Wrapf(err, "failed to chown recursively host path") | |
103 | } | |
104 | } else { | |
105 | // Get host path info | |
106 | f, err := os.Lstat(path) | |
107 | if err != nil { | |
108 | return errors.Wrapf(err, "failed to get host path information") | |
109 | } | |
110 | ||
111 | // Get current ownership | |
112 | currentUID := int(f.Sys().(*syscall.Stat_t).Uid) | |
113 | currentGID := int(f.Sys().(*syscall.Stat_t).Gid) | |
114 | ||
115 | if uid != currentUID || gid != currentGID { | |
116 | if err := os.Lchown(path, uid, gid); err != nil { | |
117 | return errors.Wrapf(err, "failed to chown host path") | |
118 | } | |
119 | } | |
120 | } | |
121 | ||
122 | return nil | |
123 | } |
0 | // +build !windows | |
1 | ||
2 | package chown | |
3 | ||
4 | import ( | |
5 | "io/ioutil" | |
6 | "os" | |
7 | "runtime" | |
8 | "syscall" | |
9 | "testing" | |
10 | ||
11 | "github.com/stretchr/testify/assert" | |
12 | ) | |
13 | ||
14 | func TestDangerousHostPath(t *testing.T) { | |
15 | if runtime.GOOS != "linux" { | |
16 | t.Skip("Current paths are supported only by Linux") | |
17 | } | |
18 | ||
19 | // Create a temp dir that is not dangerous | |
20 | td, err := ioutil.TempDir("/tmp", "validDir") | |
21 | if err != nil { | |
22 | t.Fatal(err) | |
23 | } | |
24 | defer os.RemoveAll(td) | |
25 | ||
26 | tests := []struct { | |
27 | Path string | |
28 | Expected bool | |
29 | ExpectError bool | |
30 | ExpectedErrorMsg string | |
31 | }{ | |
32 | { | |
33 | "/tmp", | |
34 | true, | |
35 | false, | |
36 | "", | |
37 | }, | |
38 | { | |
39 | td, | |
40 | false, | |
41 | false, | |
42 | "", | |
43 | }, | |
44 | { | |
45 | "/doesnotexist", | |
46 | false, | |
47 | true, | |
48 | "no such file or directory", | |
49 | }, | |
50 | } | |
51 | ||
52 | for _, test := range tests { | |
53 | result, err := DangerousHostPath(test.Path) | |
54 | if test.ExpectError { | |
55 | assert.Error(t, err) | |
56 | assert.Contains(t, err.Error(), test.ExpectedErrorMsg) | |
57 | } else { | |
58 | assert.NoError(t, err) | |
59 | assert.Equal(t, test.Expected, result) | |
60 | } | |
61 | } | |
62 | } | |
63 | ||
64 | func TestChangeHostPathOwnership(t *testing.T) { | |
65 | if runtime.GOOS != "linux" { | |
66 | t.Skip("Current paths are supported only by Linux") | |
67 | } | |
68 | ||
69 | // Create a temp dir that is not dangerous | |
70 | td, err := ioutil.TempDir("/tmp", "validDir") | |
71 | if err != nil { | |
72 | t.Fatal(err) | |
73 | } | |
74 | defer os.RemoveAll(td) | |
75 | ||
76 | // Get host path info | |
77 | f, err := os.Lstat(td) | |
78 | if err != nil { | |
79 | t.Fatal(err) | |
80 | } | |
81 | ||
82 | // Get current ownership | |
83 | currentUID := int(f.Sys().(*syscall.Stat_t).Uid) | |
84 | currentGID := int(f.Sys().(*syscall.Stat_t).Gid) | |
85 | ||
86 | tests := []struct { | |
87 | Path string | |
88 | Recursive bool | |
89 | UID int | |
90 | GID int | |
91 | ExpectError bool | |
92 | ExpectedErrorMsg string | |
93 | }{ | |
94 | { | |
95 | "/doesnotexist", | |
96 | false, | |
97 | 0, | |
98 | 0, | |
99 | true, | |
100 | "no such file or directory", | |
101 | }, | |
102 | { | |
103 | "/tmp", | |
104 | false, | |
105 | 0, | |
106 | 0, | |
107 | true, | |
108 | "is not allowed", | |
109 | }, | |
110 | { | |
111 | td, | |
112 | false, | |
113 | currentUID, | |
114 | currentGID, | |
115 | false, | |
116 | "", | |
117 | }, | |
118 | { | |
119 | td, | |
120 | true, | |
121 | currentUID, | |
122 | currentGID, | |
123 | false, | |
124 | "", | |
125 | }, | |
126 | } | |
127 | ||
128 | for _, test := range tests { | |
129 | err := ChangeHostPathOwnership(test.Path, test.Recursive, test.UID, test.GID) | |
130 | if test.ExpectError { | |
131 | assert.Error(t, err) | |
132 | assert.Contains(t, err.Error(), test.ExpectedErrorMsg) | |
133 | } else { | |
134 | assert.NoError(t, err) | |
135 | } | |
136 | } | |
137 | } |
0 | package chown | |
1 | ||
2 | // DangerousHostPath validates if a host path is dangerous and should not be modified | |
3 | func DangerousHostPath(path string) (bool, error) { | |
4 | return false, nil | |
5 | } | |
6 | ||
7 | // ChangeHostPathOwnership changes the uid and gid ownership of a directory or file within the host. | |
8 | // This is used by the volume U flag to change source volumes ownership | |
9 | func ChangeHostPathOwnership(path string, recursive bool, uid, gid int) error { | |
10 | return nil | |
11 | } |
186 | 186 | |
187 | 187 | // EngineConfig contains configuration options used to set up a engine runtime |
188 | 188 | type EngineConfig struct { |
189 | // ImageBuildFormat indicates the default image format to building | |
190 | // container images. Valid values are "oci" (default) or "docker". | |
191 | ImageBuildFormat string `toml:"image_build_format,omitempty"` | |
192 | ||
193 | 189 | // CgroupCheck indicates the configuration has been rewritten after an |
194 | 190 | // upgrade to Fedora 31 to change the default OCI runtime for cgroupv2v2. |
195 | 191 | CgroupCheck bool `toml:"cgroup_check,omitempty"` |
234 | 230 | // this slice takes precedence. |
235 | 231 | HooksDir []string `toml:"hooks_dir,omitempty"` |
236 | 232 | |
233 | // ImageBuildFormat (DEPRECATED) indicates the default image format to | |
234 | // building container images. Should use ImageDefaultFormat | |
235 | ImageBuildFormat string `toml:"image_build_format,omitempty"` | |
236 | ||
237 | 237 | // ImageDefaultTransport is the default transport method used to fetch |
238 | 238 | // images. |
239 | 239 | ImageDefaultTransport string `toml:"image_default_transport,omitempty"` |
240 | ||
241 | // ImageParallelCopies indicates the maximum number of image layers | |
242 | // to be copied simultaneously. If this is zero, container engines | |
243 | // will fall back to containers/image defaults. | |
244 | ImageParallelCopies uint `toml:"image_parallel_copies,omitempty"` | |
245 | ||
246 | // ImageDefaultFormat sepecified the manifest Type (oci, v2s2, or v2s1) | |
247 | // to use when pulling, pushing, building container images. By default | |
248 | // image pulled and pushed match the format of the source image. | |
249 | // Building/committing defaults to OCI. | |
250 | ImageDefaultFormat string `toml:"image_default_format,omitempty"` | |
240 | 251 | |
241 | 252 | // InfraCommand is the command run to start up a pod infra container. |
242 | 253 | InfraCommand string `toml:"infra_command,omitempty"` |
301 | 301 | gomega.Expect(err).To(gomega.BeNil()) |
302 | 302 | gomega.Expect(config).ToNot(gomega.BeNil()) |
303 | 303 | gomega.Expect(config.Containers.ApparmorProfile).To(gomega.Equal("overridden-default")) |
304 | gomega.Expect(config.Engine.ImageParallelCopies).To(gomega.Equal(uint(10))) | |
305 | gomega.Expect(config.Engine.ImageDefaultFormat).To(gomega.Equal("v2s2")) | |
304 | 306 | }) |
305 | 307 | |
306 | 308 | It("should fail with invalid value", func() { |
245 | 245 | # network_config_dir = "/etc/cni/net.d/" |
246 | 246 | |
247 | 247 | [engine] |
248 | # ImageBuildFormat indicates the default image format to building | |
249 | # container images. Valid values are "oci" (default) or "docker". | |
250 | # image_build_format = "oci" | |
248 | # Maximum number of image layers to be copied (pulled/pushed) simultaneously. | |
249 | # Not setting this field, or setting it to zero, will fall back to containers/image defaults. | |
250 | # image_parallel_copies=0 | |
251 | ||
252 | # Manifest Type (oci, v2s2, or v2s1) to use when pulling, pushing, building | |
253 | # container images. By default image pulled and pushed match the format of the | |
254 | # source image. Building/commiting defaults to OCI. | |
255 | # image_default_format = "" | |
251 | 256 | |
252 | 257 | # Cgroup management implementation used for the runtime. |
253 | 258 | # Valid options "systemd" or "cgroupfs" |
517 | 517 | func (c *Config) Umask() string { |
518 | 518 | return c.Containers.Umask |
519 | 519 | } |
520 | ||
521 | // LogDriver returns the logging driver to be used | |
522 | // currently k8s-file or journald | |
523 | func (c *Config) LogDriver() string { | |
524 | return c.Containers.LogDriver | |
525 | } |
0 | 0 | [containers] |
1 | 1 | |
2 | 2 | apparmor_profile = "overridden-default" |
3 | ||
4 | [engine] | |
5 | image_parallel_copies=10 | |
6 | image_default_format="v2s2" |
24 | 24 | |
25 | 25 | rootlessRuntimeDirOnce.Do(func() { |
26 | 26 | runtimeDir := os.Getenv("XDG_RUNTIME_DIR") |
27 | if runtimeDir != "" { | |
28 | st, err := os.Stat(runtimeDir) | |
29 | if err != nil { | |
30 | rootlessRuntimeDirError = err | |
31 | return | |
32 | } | |
33 | if int(st.Sys().(*syscall.Stat_t).Uid) != os.Geteuid() { | |
34 | rootlessRuntimeDirError = fmt.Errorf("XDG_RUNTIME_DIR directory %q is not owned by the current user", runtimeDir) | |
35 | return | |
36 | } | |
37 | } | |
27 | 38 | uid := fmt.Sprintf("%d", unshare.GetRootlessUID()) |
28 | 39 | if runtimeDir == "" { |
29 | 40 | tmpDir := filepath.Join("/run", "user", uid) |
12 | 12 | |
13 | 13 | // ValidateVolumeOpts validates a volume's options |
14 | 14 | func ValidateVolumeOpts(options []string) ([]string, error) { |
15 | var foundRootPropagation, foundRWRO, foundLabelChange, bindType, foundExec, foundDev, foundSuid int | |
15 | var foundRootPropagation, foundRWRO, foundLabelChange, bindType, foundExec, foundDev, foundSuid, foundChown int | |
16 | 16 | finalOpts := make([]string, 0, len(options)) |
17 | 17 | for _, opt := range options { |
18 | 18 | switch opt { |
40 | 40 | foundLabelChange++ |
41 | 41 | if foundLabelChange > 1 { |
42 | 42 | return nil, errors.Errorf("invalid options %q, can only specify 1 'z', 'Z', or 'O' option", strings.Join(options, ", ")) |
43 | } | |
44 | case "U": | |
45 | foundChown++ | |
46 | if foundChown > 1 { | |
47 | return nil, errors.Errorf("invalid options %q, can only specify 1 'U' option", strings.Join(options, ", ")) | |
43 | 48 | } |
44 | 49 | case "private", "rprivate", "shared", "rshared", "slave", "rslave", "unbindable", "runbindable": |
45 | 50 | foundRootPropagation++ |
6 | 6 | "path/filepath" |
7 | 7 | |
8 | 8 | "github.com/containers/storage/pkg/unshare" |
9 | "github.com/opencontainers/runc/libcontainer/configs" | |
10 | 9 | "github.com/opencontainers/runc/libcontainer/devices" |
11 | 10 | "github.com/pkg/errors" |
12 | 11 | ) |
13 | 12 | |
14 | func DeviceFromPath(device string) ([]configs.Device, error) { | |
15 | var devs []configs.Device | |
13 | func DeviceFromPath(device string) ([]devices.Device, error) { | |
14 | var devs []devices.Device | |
16 | 15 | src, dst, permissions, err := Device(device) |
17 | 16 | if err != nil { |
18 | 17 | return nil, err |
43 | 42 | } |
44 | 43 | for _, d := range srcDevices { |
45 | 44 | d.Path = filepath.Join(dst, filepath.Base(d.Path)) |
46 | d.Permissions = configs.DevicePermissions(permissions) | |
45 | d.Permissions = devices.Permissions(permissions) | |
47 | 46 | devs = append(devs, *d) |
48 | 47 | } |
49 | 48 | return devs, nil |
37 | 37 | ... process JSON and output |
38 | 38 | } |
39 | 39 | |
40 | and | |
40 | Template Functions: | |
41 | ||
42 | The following template functions are added to the template when parsed: | |
43 | - join strings.Join, {{join .Field separator}} | |
44 | - lower strings.ToLower {{ .Field | lower }} | |
45 | - split strings.Split {{ .Field | split }} | |
46 | - title strings.Title {{ .Field | title }} | |
47 | - upper strings.ToUpper {{ .Field | upper }} | |
48 | ||
49 | report.Funcs() may be used to add additional template functions. | |
50 | Adding an existing function will replace that function for the life of that template. | |
41 | 51 | |
42 | 52 | |
43 | 53 | Note: Your code should not ignore errors |
0 | 0 | package report |
1 | 1 | |
2 | 2 | import ( |
3 | "bytes" | |
4 | "encoding/json" | |
3 | 5 | "reflect" |
4 | 6 | "strings" |
5 | 7 | "text/template" |
20 | 22 | var tableReplacer = strings.NewReplacer( |
21 | 23 | "table ", "", |
22 | 24 | `\t`, "\t", |
23 | `\n`, "\n", | |
24 | 25 | " ", "\t", |
25 | 26 | ) |
26 | 27 | |
27 | 28 | // escapedReplacer will clean up escaped characters from CLI |
28 | 29 | var escapedReplacer = strings.NewReplacer( |
29 | 30 | `\t`, "\t", |
30 | `\n`, "\n", | |
31 | 31 | ) |
32 | ||
33 | var DefaultFuncs = FuncMap{ | |
34 | "join": strings.Join, | |
35 | "json": func(v interface{}) string { | |
36 | buf := &bytes.Buffer{} | |
37 | enc := json.NewEncoder(buf) | |
38 | enc.SetEscapeHTML(false) | |
39 | enc.Encode(v) | |
40 | // Remove the trailing new line added by the encoder | |
41 | return strings.TrimSpace(buf.String()) | |
42 | }, | |
43 | "lower": strings.ToLower, | |
44 | "pad": padWithSpace, | |
45 | "split": strings.Split, | |
46 | "title": strings.Title, | |
47 | "truncate": truncateWithLength, | |
48 | "upper": strings.ToUpper, | |
49 | } | |
32 | 50 | |
33 | 51 | // NormalizeFormat reads given go template format provided by CLI and munges it into what we need |
34 | 52 | func NormalizeFormat(format string) string { |
44 | 62 | f += "\n" |
45 | 63 | } |
46 | 64 | return f |
65 | } | |
66 | ||
67 | // padWithSpace adds spaces*prefix and spaces*suffix to the input when it is non-empty | |
68 | func padWithSpace(source string, prefix, suffix int) string { | |
69 | if source == "" { | |
70 | return source | |
71 | } | |
72 | return strings.Repeat(" ", prefix) + source + strings.Repeat(" ", suffix) | |
73 | } | |
74 | ||
75 | // truncateWithLength truncates the source string up to the length provided by the input | |
76 | func truncateWithLength(source string, length int) string { | |
77 | if len(source) < length { | |
78 | return source | |
79 | } | |
80 | return source[:length] | |
47 | 81 | } |
48 | 82 | |
49 | 83 | // Headers queries the interface for field names. |
87 | 121 | |
88 | 122 | // NewTemplate creates a new template object |
89 | 123 | func NewTemplate(name string) *Template { |
90 | return &Template{template.New(name), false} | |
124 | return &Template{Template: template.New(name).Funcs(template.FuncMap(DefaultFuncs))} | |
91 | 125 | } |
92 | 126 | |
93 | 127 | // Parse parses text as a template body for t |
99 | 133 | text = NormalizeFormat(text) |
100 | 134 | } |
101 | 135 | |
102 | tt, err := t.Template.Parse(text) | |
136 | tt, err := t.Template.Funcs(template.FuncMap(DefaultFuncs)).Parse(text) | |
103 | 137 | return &Template{tt, t.isTable}, err |
104 | 138 | } |
105 | 139 | |
106 | // Funcs adds the elements of the argument map to the template's function map | |
140 | // Funcs adds the elements of the argument map to the template's function map. | |
141 | // A default template function will be replace if there is a key collision. | |
107 | 142 | func (t *Template) Funcs(funcMap FuncMap) *Template { |
108 | return &Template{t.Template.Funcs(template.FuncMap(funcMap)), t.isTable} | |
143 | m := make(FuncMap) | |
144 | for k, v := range DefaultFuncs { | |
145 | m[k] = v | |
146 | } | |
147 | for k, v := range funcMap { | |
148 | m[k] = v | |
149 | } | |
150 | return &Template{Template: t.Template.Funcs(template.FuncMap(m)), isTable: t.isTable} | |
109 | 151 | } |
110 | 152 | |
111 | 153 | // IsTable returns true if format string defines a "table" |
47 | 47 | input string |
48 | 48 | expected string |
49 | 49 | }{ |
50 | {"{{.ID}}\t{{.ID}}\n", "{{.ID}}\t{{.ID}}\n"}, | |
51 | {`{{.ID}}\t{{.ID}}\n`, "{{.ID}}\t{{.ID}}\n"}, | |
52 | {`{{.ID}} {{.ID}}\n`, "{{.ID}} {{.ID}}\n"}, | |
50 | {"{{.ID}}\t{{.ID}}", "{{.ID}}\t{{.ID}}\n"}, | |
51 | {`{{.ID}}\t{{.ID}}`, "{{.ID}}\t{{.ID}}\n"}, | |
52 | {`{{.ID}} {{.ID}}`, "{{.ID}} {{.ID}}\n"}, | |
53 | 53 | {`table {{.ID}}\t{{.ID}}`, "{{.ID}}\t{{.ID}}\n"}, |
54 | 54 | {`table {{.ID}} {{.ID}}`, "{{.ID}}\t{{.ID}}\n"}, |
55 | 55 | } |
67 | 67 | testCase := []string{ |
68 | 68 | "table {{.ID}}", |
69 | 69 | "table {{ .ID}}", |
70 | `table {{ .ID}}\n`, | |
71 | 70 | "table {{ .ID}}\n", |
72 | 71 | "{{range .}}{{.ID}}{{end}}", |
73 | 72 | `{{range .}}{{.ID}}{{end}}`, |
97 | 96 | assert.True(t, tmpl.isTable) |
98 | 97 | } |
99 | 98 | |
100 | func TestTemplate_Funcs(t *testing.T) { | |
99 | func TestTemplate_trim(t *testing.T) { | |
101 | 100 | tmpl := NewTemplate("TestTemplate") |
102 | tmpl = tmpl.Funcs(map[string]interface{}{"ToLower": strings.ToLower}) | |
103 | tmpl, e := tmpl.Parse("{{.ID |ToLower}}") | |
101 | tmpl, e := tmpl.Funcs(FuncMap{"trim": strings.TrimSpace}).Parse("{{.ID |trim}}") | |
104 | 102 | assert.NoError(t, e) |
105 | 103 | |
106 | 104 | var buf bytes.Buffer |
107 | 105 | err := tmpl.Execute(&buf, map[string]string{ |
108 | "ID": "ident", | |
106 | "ID": "ident ", | |
109 | 107 | }) |
110 | 108 | assert.NoError(t, err) |
111 | 109 | assert.Equal(t, "ident\n", buf.String()) |
112 | 110 | } |
111 | ||
112 | func TestTemplate_DefaultFuncs(t *testing.T) { | |
113 | tmpl := NewTemplate("TestTemplate") | |
114 | // Throw in trim function to ensure default 'join' is still available | |
115 | tmpl, e := tmpl.Funcs(FuncMap{"trim": strings.TrimSpace}).Parse(`{{join .ID "\n"}}`) | |
116 | assert.NoError(t, e) | |
117 | ||
118 | var buf bytes.Buffer | |
119 | err := tmpl.Execute(&buf, map[string][]string{ | |
120 | "ID": {"ident1", "ident2", "ident3"}, | |
121 | }) | |
122 | assert.NoError(t, err) | |
123 | assert.Equal(t, "ident1\nident2\nident3\n", buf.String()) | |
124 | } | |
125 | ||
126 | func TestTemplate_ReplaceFuncs(t *testing.T) { | |
127 | tmpl := NewTemplate("TestTemplate") | |
128 | // yes, we're overriding upper with lower :-) | |
129 | tmpl, e := tmpl.Funcs(FuncMap{"upper": strings.ToLower}).Parse(`{{.ID | lower}}`) | |
130 | assert.NoError(t, e) | |
131 | ||
132 | var buf bytes.Buffer | |
133 | err := tmpl.Execute(&buf, map[string]string{ | |
134 | "ID": "IDENT", | |
135 | }) | |
136 | assert.NoError(t, err) | |
137 | assert.Equal(t, "ident\n", buf.String()) | |
138 | } | |
139 | ||
140 | func TestTemplate_json(t *testing.T) { | |
141 | tmpl := NewTemplate("TestTemplate") | |
142 | // yes, we're overriding upper with lower :-) | |
143 | tmpl, e := tmpl.Parse(`{{json .ID}}`) | |
144 | assert.NoError(t, e) | |
145 | ||
146 | var buf bytes.Buffer | |
147 | err := tmpl.Execute(&buf, map[string][]string{ | |
148 | "ID": {"ident1", "ident2", "ident3"}, | |
149 | }) | |
150 | assert.NoError(t, err) | |
151 | assert.Equal(t, `["ident1","ident2","ident3"]`+"\n", buf.String()) | |
152 | } |
4 | 4 | package seccomp |
5 | 5 | |
6 | 6 | import ( |
7 | "syscall" | |
8 | ||
9 | 7 | "golang.org/x/sys/unix" |
10 | 8 | ) |
11 | 9 | |
44 | 42 | |
45 | 43 | // DefaultProfile defines the allowlist for the default seccomp profile. |
46 | 44 | func DefaultProfile() *Seccomp { |
47 | einval := uint(syscall.EINVAL) | |
45 | einval := uint(unix.EINVAL) | |
48 | 46 | |
49 | 47 | syscalls := []*Syscall{ |
50 | 48 | { |
86 | 84 | "epoll_ctl", |
87 | 85 | "epoll_ctl_old", |
88 | 86 | "epoll_pwait", |
87 | "epoll_pwait2", | |
89 | 88 | "epoll_wait", |
90 | 89 | "epoll_wait_old", |
91 | 90 | "eventfd", |
114 | 113 | "flock", |
115 | 114 | "fork", |
116 | 115 | "fremovexattr", |
116 | "fsconfig", | |
117 | 117 | "fsetxattr", |
118 | "fsmount", | |
119 | "fsopen", | |
120 | "fspick", | |
118 | 121 | "fstat", |
119 | 122 | "fstat64", |
120 | 123 | "fstatat64", |
202 | 205 | "mmap", |
203 | 206 | "mmap2", |
204 | 207 | "mount", |
208 | "move_mount", | |
205 | 209 | "mprotect", |
206 | 210 | "mq_getsetattr", |
207 | 211 | "mq_notify", |
224 | 228 | "open", |
225 | 229 | "openat", |
226 | 230 | "openat2", |
231 | "open_tree", | |
227 | 232 | "pause", |
228 | 233 | "pidfd_getfd", |
229 | 234 | "pidfd_open", |
330 | 335 | "signalfd", |
331 | 336 | "signalfd4", |
332 | 337 | "sigreturn", |
333 | "socket", | |
334 | 338 | "socketcall", |
335 | 339 | "socketpair", |
336 | 340 | "splice", |
511 | 515 | { |
512 | 516 | Names: []string{ |
513 | 517 | "bpf", |
514 | "clone", | |
515 | 518 | "fanotify_init", |
516 | 519 | "lookup_dcookie", |
517 | "mount", | |
518 | "name_to_handle_at", | |
519 | 520 | "perf_event_open", |
520 | 521 | "quotactl", |
521 | 522 | "setdomainname", |
522 | 523 | "sethostname", |
523 | 524 | "setns", |
524 | "umount", | |
525 | "umount2", | |
526 | "unshare", | |
527 | 525 | }, |
528 | 526 | Action: ActAllow, |
529 | 527 | Args: []*Arg{}, |
530 | 528 | Includes: Filter{ |
531 | 529 | Caps: []string{"CAP_SYS_ADMIN"}, |
532 | }, | |
533 | }, | |
534 | { | |
535 | Names: []string{ | |
536 | "clone", | |
537 | }, | |
538 | Action: ActAllow, | |
539 | Args: []*Arg{ | |
540 | { | |
541 | Index: 0, | |
542 | Value: unix.CLONE_NEWNS | unix.CLONE_NEWUTS | unix.CLONE_NEWIPC | unix.CLONE_NEWUSER | unix.CLONE_NEWPID | unix.CLONE_NEWNET, | |
543 | ValueTwo: 0, | |
544 | Op: OpMaskedEqual, | |
545 | }, | |
546 | }, | |
547 | Excludes: Filter{ | |
548 | Caps: []string{"CAP_SYS_ADMIN"}, | |
549 | Arches: []string{"s390", "s390x"}, | |
550 | }, | |
551 | }, | |
552 | { | |
553 | Names: []string{ | |
554 | "clone", | |
555 | }, | |
556 | Action: ActAllow, | |
557 | Args: []*Arg{ | |
558 | { | |
559 | Index: 1, | |
560 | Value: unix.CLONE_NEWNS | unix.CLONE_NEWUTS | unix.CLONE_NEWIPC | unix.CLONE_NEWUSER | unix.CLONE_NEWPID | unix.CLONE_NEWNET, | |
561 | ValueTwo: 0, | |
562 | Op: OpMaskedEqual, | |
563 | }, | |
564 | }, | |
565 | Comment: "s390 parameter ordering for clone is different", | |
566 | Includes: Filter{ | |
567 | Arches: []string{"s390", "s390x"}, | |
568 | }, | |
569 | Excludes: Filter{ | |
570 | Caps: []string{"CAP_SYS_ADMIN"}, | |
571 | }, | |
572 | }, | |
573 | { | |
574 | Names: []string{ | |
575 | "reboot", | |
576 | }, | |
577 | Action: ActAllow, | |
578 | Args: []*Arg{}, | |
579 | Includes: Filter{ | |
580 | Caps: []string{"CAP_SYS_BOOT"}, | |
581 | 530 | }, |
582 | 531 | }, |
583 | 532 | { |
607 | 556 | Names: []string{ |
608 | 557 | "get_mempolicy", |
609 | 558 | "mbind", |
610 | "name_to_handle_at", | |
611 | 559 | "set_mempolicy", |
612 | 560 | }, |
613 | 561 | Action: ActAllow, |
629 | 577 | { |
630 | 578 | Names: []string{ |
631 | 579 | "kcmp", |
580 | "process_madvise", | |
632 | 581 | "process_vm_readv", |
633 | 582 | "process_vm_writev", |
634 | 583 | "ptrace", |
682 | 631 | Args: []*Arg{ |
683 | 632 | { |
684 | 633 | Index: 0, |
685 | Value: syscall.AF_NETLINK, | |
634 | Value: unix.AF_NETLINK, | |
686 | 635 | Op: OpEqualTo, |
687 | 636 | }, |
688 | 637 | { |
689 | 638 | Index: 2, |
690 | Value: syscall.NETLINK_AUDIT, | |
639 | Value: unix.NETLINK_AUDIT, | |
691 | 640 | Op: OpEqualTo, |
692 | 641 | }, |
693 | 642 | }, |
703 | 652 | Args: []*Arg{ |
704 | 653 | { |
705 | 654 | Index: 2, |
706 | Value: syscall.NETLINK_AUDIT, | |
655 | Value: unix.NETLINK_AUDIT, | |
707 | 656 | Op: OpNotEqual, |
708 | 657 | }, |
709 | 658 | }, |
719 | 668 | Args: []*Arg{ |
720 | 669 | { |
721 | 670 | Index: 0, |
722 | Value: syscall.AF_NETLINK, | |
671 | Value: unix.AF_NETLINK, | |
723 | 672 | Op: OpNotEqual, |
724 | 673 | }, |
725 | 674 | }, |
735 | 684 | Args: []*Arg{ |
736 | 685 | { |
737 | 686 | Index: 2, |
738 | Value: syscall.NETLINK_AUDIT, | |
687 | Value: unix.NETLINK_AUDIT, | |
739 | 688 | Op: OpNotEqual, |
740 | 689 | }, |
741 | 690 | }, |
0 | // +build ignore | |
1 | ||
2 | // Copyright 2013-2021 Docker, Inc. | |
3 | ||
4 | package main | |
5 | ||
6 | import ( | |
7 | "encoding/json" | |
8 | "io/ioutil" | |
9 | "os" | |
10 | "path/filepath" | |
11 | ||
12 | "github.com/containers/common/pkg/seccomp" | |
13 | ) | |
14 | ||
15 | // saves the default seccomp profile as a json file so people can use it as a | |
16 | // base for their own custom profiles | |
17 | func main() { | |
18 | wd, err := os.Getwd() | |
19 | if err != nil { | |
20 | panic(err) | |
21 | } | |
22 | f := filepath.Join(wd, "seccomp.json") | |
23 | ||
24 | // write the default profile to the file | |
25 | b, err := json.MarshalIndent(seccomp.DefaultProfile(), "", "\t") | |
26 | if err != nil { | |
27 | panic(err) | |
28 | } | |
29 | ||
30 | if err := ioutil.WriteFile(f, b, 0644); err != nil { | |
31 | panic(err) | |
32 | } | |
33 | } |
88 | 88 | "epoll_ctl", |
89 | 89 | "epoll_ctl_old", |
90 | 90 | "epoll_pwait", |
91 | "epoll_pwait2", | |
91 | 92 | "epoll_wait", |
92 | 93 | "epoll_wait_old", |
93 | 94 | "eventfd", |
116 | 117 | "flock", |
117 | 118 | "fork", |
118 | 119 | "fremovexattr", |
120 | "fsconfig", | |
119 | 121 | "fsetxattr", |
122 | "fsmount", | |
123 | "fsopen", | |
124 | "fspick", | |
120 | 125 | "fstat", |
121 | 126 | "fstat64", |
122 | 127 | "fstatat64", |
176 | 181 | "ioprio_get", |
177 | 182 | "ioprio_set", |
178 | 183 | "ipc", |
184 | "keyctl", | |
179 | 185 | "kill", |
180 | 186 | "lchown", |
181 | 187 | "lchown32", |
203 | 209 | "mmap", |
204 | 210 | "mmap2", |
205 | 211 | "mount", |
212 | "move_mount", | |
206 | 213 | "mprotect", |
207 | 214 | "mq_getsetattr", |
208 | 215 | "mq_notify", |
225 | 232 | "open", |
226 | 233 | "openat", |
227 | 234 | "openat2", |
235 | "open_tree", | |
228 | 236 | "pause", |
229 | 237 | "pidfd_getfd", |
230 | 238 | "pidfd_open", |
573 | 581 | { |
574 | 582 | "names": [ |
575 | 583 | "bpf", |
576 | "clone", | |
577 | 584 | "fanotify_init", |
578 | 585 | "lookup_dcookie", |
579 | "mount", | |
580 | "name_to_handle_at", | |
581 | 586 | "perf_event_open", |
582 | 587 | "quotactl", |
583 | 588 | "setdomainname", |
584 | 589 | "sethostname", |
585 | "setns", | |
586 | "umount", | |
587 | "umount2", | |
588 | "unshare" | |
590 | "setns" | |
589 | 591 | ], |
590 | 592 | "action": "SCMP_ACT_ALLOW", |
591 | 593 | "args": [], |
593 | 595 | "includes": { |
594 | 596 | "caps": [ |
595 | 597 | "CAP_SYS_ADMIN" |
596 | ] | |
597 | }, | |
598 | "excludes": {} | |
599 | }, | |
600 | { | |
601 | "names": [ | |
602 | "clone" | |
603 | ], | |
604 | "action": "SCMP_ACT_ALLOW", | |
605 | "args": [ | |
606 | { | |
607 | "index": 0, | |
608 | "value": 2080505856, | |
609 | "valueTwo": 0, | |
610 | "op": "SCMP_CMP_MASKED_EQ" | |
611 | } | |
612 | ], | |
613 | "comment": "", | |
614 | "includes": {}, | |
615 | "excludes": { | |
616 | "caps": [ | |
617 | "CAP_SYS_ADMIN" | |
618 | ], | |
619 | "arches": [ | |
620 | "s390", | |
621 | "s390x" | |
622 | ] | |
623 | } | |
624 | }, | |
625 | { | |
626 | "names": [ | |
627 | "clone" | |
628 | ], | |
629 | "action": "SCMP_ACT_ALLOW", | |
630 | "args": [ | |
631 | { | |
632 | "index": 1, | |
633 | "value": 2080505856, | |
634 | "valueTwo": 0, | |
635 | "op": "SCMP_CMP_MASKED_EQ" | |
636 | } | |
637 | ], | |
638 | "comment": "s390 parameter ordering for clone is different", | |
639 | "includes": { | |
640 | "arches": [ | |
641 | "s390", | |
642 | "s390x" | |
643 | ] | |
644 | }, | |
645 | "excludes": { | |
646 | "caps": [ | |
647 | "CAP_SYS_ADMIN" | |
648 | ] | |
649 | } | |
650 | }, | |
651 | { | |
652 | "names": [ | |
653 | "reboot" | |
654 | ], | |
655 | "action": "SCMP_ACT_ALLOW", | |
656 | "args": [], | |
657 | "comment": "", | |
658 | "includes": { | |
659 | "caps": [ | |
660 | "CAP_SYS_BOOT" | |
661 | 598 | ] |
662 | 599 | }, |
663 | 600 | "excludes": {} |
697 | 634 | "names": [ |
698 | 635 | "get_mempolicy", |
699 | 636 | "mbind", |
700 | "name_to_handle_at", | |
701 | 637 | "set_mempolicy" |
702 | 638 | ], |
703 | 639 | "action": "SCMP_ACT_ALLOW", |
727 | 663 | { |
728 | 664 | "names": [ |
729 | 665 | "kcmp", |
666 | "process_madvise", | |
730 | 667 | "process_vm_readv", |
731 | 668 | "process_vm_writev", |
732 | 669 | "ptrace" |
893 | 830 | "excludes": {} |
894 | 831 | } |
895 | 832 | ] |
896 | } | |
833 | }⏎ |
32 | 32 | func NewDriver(rootPath string) (*Driver, error) { |
33 | 33 | fileDriver := new(Driver) |
34 | 34 | fileDriver.secretsDataFilePath = filepath.Join(rootPath, secretsDataFile) |
35 | // the lockfile functions requre that the rootPath dir is executable | |
36 | if err := os.MkdirAll(rootPath, 0700); err != nil { | |
37 | return nil, err | |
38 | } | |
39 | ||
35 | 40 | lock, err := lockfile.GetLockfile(filepath.Join(rootPath, "secretsdata.lock")) |
36 | 41 | if err != nil { |
37 | 42 | return nil, err |
3 | 3 | "os" |
4 | 4 | "path/filepath" |
5 | 5 | "regexp" |
6 | "strings" | |
6 | 7 | "time" |
7 | 8 | |
8 | 9 | "github.com/containers/common/pkg/secrets/filedriver" |
46 | 47 | |
47 | 48 | // secretNameRegexp matches valid secret names |
48 | 49 | // Allowed: 64 [a-zA-Z0-9-_.] characters, and the start and end character must be [a-zA-Z0-9] |
49 | var secretNameRegexp = regexp.MustCompile(`^[a-zA-Z0-9][a-zA-Z0-9_.-]*[a-zA-Z0-9]?$`) | |
50 | var secretNameRegexp = regexp.MustCompile(`^[a-zA-Z0-9][a-zA-Z0-9_.-]*$`) | |
50 | 51 | |
51 | 52 | // SecretsManager holds information on handling secrets |
52 | 53 | type SecretsManager struct { |
97 | 98 | if !filepath.IsAbs(rootPath) { |
98 | 99 | return nil, errors.Wrapf(errInvalidPath, "path must be absolute: %s", rootPath) |
99 | 100 | } |
100 | if _, err := os.Stat(rootPath); os.IsNotExist(err) { | |
101 | // the lockfile functions requre that the rootPath dir is executable | |
102 | os.MkdirAll(rootPath, 0700) | |
101 | // the lockfile functions requre that the rootPath dir is executable | |
102 | if err := os.MkdirAll(rootPath, 0700); err != nil { | |
103 | return nil, err | |
103 | 104 | } |
104 | 105 | |
105 | 106 | lock, err := lockfile.GetLockfile(filepath.Join(rootPath, "secrets.lock")) |
131 | 132 | s.lockfile.Lock() |
132 | 133 | defer s.lockfile.Unlock() |
133 | 134 | |
134 | exist, err := s.secretExists(name) | |
135 | exist, err := s.exactSecretExists(name) | |
135 | 136 | if err != nil { |
136 | 137 | return "", err |
137 | 138 | } |
261 | 262 | |
262 | 263 | // validateSecretName checks if the secret name is valid. |
263 | 264 | func validateSecretName(name string) error { |
264 | if !secretNameRegexp.MatchString(name) || len(name) > 64 { | |
265 | if !secretNameRegexp.MatchString(name) || len(name) > 64 || strings.HasSuffix(name, "-") || strings.HasSuffix(name, ".") { | |
265 | 266 | return errors.Wrapf(errInvalidSecretName, "only 64 [a-zA-Z0-9-_.] characters allowed, and the start and end character must be [a-zA-Z0-9]: %s", name) |
266 | 267 | } |
267 | 268 | return nil |
64 | 64 | // invalid chars |
65 | 65 | _, err = manager.Store("??", []byte("mydata"), drivertype, opts) |
66 | 66 | require.Error(t, err) |
67 | _, err = manager.Store("-a", []byte("mydata"), drivertype, opts) | |
68 | require.Error(t, err) | |
69 | _, err = manager.Store("a-", []byte("mydata"), drivertype, opts) | |
70 | require.Error(t, err) | |
71 | _, err = manager.Store(".a", []byte("mydata"), drivertype, opts) | |
72 | require.Error(t, err) | |
73 | _, err = manager.Store("a.", []byte("mydata"), drivertype, opts) | |
74 | require.Error(t, err) | |
67 | 75 | } |
68 | 76 | |
69 | 77 | func TestAddMultipleSecrets(t *testing.T) { |
110 | 118 | |
111 | 119 | _, err = manager.Store("mysecret", []byte("mydata"), drivertype, opts) |
112 | 120 | require.Error(t, err) |
121 | } | |
122 | ||
123 | func TestAddSecretPrefix(t *testing.T) { | |
124 | manager, testpath, err := setup() | |
125 | require.NoError(t, err) | |
126 | defer cleanup(testpath) | |
127 | ||
128 | // If the randomly generated secret id is something like "abcdeiuoergnadufigh" | |
129 | // we should still allow someone to store a secret with the name "abcd" or "a" | |
130 | secretID, err := manager.Store("mysecret", []byte("mydata"), drivertype, opts) | |
131 | require.NoError(t, err) | |
132 | ||
133 | _, err = manager.Store(secretID[0:5], []byte("mydata"), drivertype, opts) | |
134 | require.NoError(t, err) | |
113 | 135 | } |
114 | 136 | |
115 | 137 | func TestRemoveSecret(t *testing.T) { |
67 | 67 | |
68 | 68 | // getNameAndID takes a secret's name, ID, or partial ID, and returns both its name and full ID. |
69 | 69 | func (s *SecretsManager) getNameAndID(nameOrID string) (name, id string, err error) { |
70 | err = s.loadDB() | |
71 | if err != nil { | |
70 | name, id, err = s.getExactNameAndID(nameOrID) | |
71 | if err == nil { | |
72 | return name, id, nil | |
73 | } else if errors.Cause(err) != errNoSuchSecret { | |
72 | 74 | return "", "", err |
73 | 75 | } |
74 | if id, ok := s.db.NameToID[nameOrID]; ok { | |
75 | name := nameOrID | |
76 | return name, id, nil | |
77 | } | |
78 | ||
79 | // Name not found, we know we're working with ID or partial ID. | |
76 | ||
77 | // ID prefix may have been given, iterate through all IDs. | |
80 | 78 | // ID and partial ID has a max lenth of 25, so we return if its greater than that. |
81 | 79 | if len(nameOrID) > secretIDLength { |
82 | 80 | return "", "", errors.Wrapf(errNoSuchSecret, "no secret with name or id %q", nameOrID) |
83 | 81 | } |
84 | ||
85 | if name, ok := s.db.IDToName[nameOrID]; ok { | |
86 | id := nameOrID | |
87 | return name, id, nil | |
88 | } | |
89 | ||
90 | // ID prefix may have been given, iterate through all IDs. | |
91 | 82 | exists := false |
92 | 83 | var foundID, foundName string |
93 | 84 | for id, name := range s.db.IDToName { |
104 | 95 | if exists { |
105 | 96 | return foundName, foundID, nil |
106 | 97 | } |
107 | ||
108 | 98 | return "", "", errors.Wrapf(errNoSuchSecret, "no secret with name or id %q", nameOrID) |
109 | 99 | } |
110 | 100 | |
111 | // secretExists checks if the secret exists, given a name, ID, or partial ID. | |
112 | func (s *SecretsManager) secretExists(nameOrID string) (bool, error) { | |
113 | _, _, err := s.getNameAndID(nameOrID) | |
101 | // getExactNameAndID takes a secret's name or ID and returns both its name and full ID. | |
102 | func (s *SecretsManager) getExactNameAndID(nameOrID string) (name, id string, err error) { | |
103 | err = s.loadDB() | |
104 | if err != nil { | |
105 | return "", "", err | |
106 | } | |
107 | if name, ok := s.db.IDToName[nameOrID]; ok { | |
108 | id := nameOrID | |
109 | return name, id, nil | |
110 | } | |
111 | ||
112 | if id, ok := s.db.NameToID[nameOrID]; ok { | |
113 | name := nameOrID | |
114 | return name, id, nil | |
115 | } | |
116 | ||
117 | return "", "", errors.Wrapf(errNoSuchSecret, "no secret with name or id %q", nameOrID) | |
118 | } | |
119 | ||
120 | // exactSecretExists checks if the secret exists, given a name or ID | |
121 | // Does not match partial name or IDs | |
122 | func (s *SecretsManager) exactSecretExists(nameOrID string) (bool, error) { | |
123 | _, _, err := s.getExactNameAndID(nameOrID) | |
114 | 124 | if err != nil { |
115 | 125 | if errors.Cause(err) == errNoSuchSecret { |
116 | 126 | return false, nil |
0 | #!/bin/bash | |
1 | # | |
2 | # validate_seccomp.sh <gopath/to/pkg/seccomp> | |
3 | # | |
4 | # Validates that the seccomp.json file has been generated and matches the | |
5 | # profile defined in the pkg/seccomp package. | |
6 | ||
7 | set -Eeuo pipefail | |
8 | ||
9 | PACKAGE_PATH="${1:-./pkg/seccomp}" | |
10 | TARGET_FILE="$PACKAGE_PATH/seccomp.json" | |
11 | ||
12 | # Stash a copy. | |
13 | tmp_copy="$(mktemp --tmpdir podman-seccomp.json.XXXXXX)" | |
14 | cp "$TARGET_FILE" "$tmp_copy" | |
15 | ||
16 | # Generate it again and figure out if there was a difference. | |
17 | go generate -tags seccomp "$PACKAGE_PATH" >/dev/null | |
18 | diffs="$(diff -u "$tmp_copy" "$TARGET_FILE" ||:)" | |
19 | ||
20 | if [ "$diffs" ]; then | |
21 | # Can we make a prettier diff? | |
22 | have_diffstat=1 | |
23 | which diffstat || have_diffstat= | |
24 | if [ "$have_diffstat" ]; then | |
25 | diffs="$(echo "$diffs" | diffstat)" | |
26 | fi | |
27 | ||
28 | # Output an error message and fail the CI. | |
29 | cat >&2 <<-EOF | |
30 | The result of 'go generate -tags seccomp $PACKAGE_PATH' differs. | |
31 | ||
32 | $diffs | |
33 | ||
34 | Please re-run 'go generate -tags seccomp $PACKAGE_PATH' and then amend your | |
35 | commits to include the updated seccomp.json file. | |
36 | EOF | |
37 | exit 1 | |
38 | fi |